commit 08e5997ea99ced285b7023313f734d16b96d3318 · pyrox.dev/nixpkgs

+1 -1

.github/workflows/backport.yml

··· 18 18 steps: 19 19 # Use a GitHub App to create the PR so that CI gets triggered 20 20 # The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs 21 - - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 21 + - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 22 22 id: app-token 23 23 with: 24 24 app-id: ${{ vars.BACKPORT_APP_ID }}

+2 -2

.github/workflows/codeowners-v2.yml

··· 62 62 - name: Build codeowners validator 63 63 run: nix-build base/ci -A codeownersValidator 64 64 65 - - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 65 + - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 66 66 id: app-token 67 67 with: 68 68 app-id: ${{ vars.OWNER_RO_APP_ID }} ··· 94 94 # This is intentional, because we need to request the review of owners as declared in the base branch. 95 95 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 96 96 97 - - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 97 + - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 98 98 id: app-token 99 99 with: 100 100 app-id: ${{ vars.OWNER_APP_ID }}

+16 -6

lib/generators.nix

··· 70 70 split 71 71 toJSON 72 72 typeOf 73 + escapeXML 73 74 ; 74 75 75 76 ## -- HELPER FUNCTIONS & DEFAULTS -- ··· 548 549 549 550 # Inputs 550 551 551 - Options 552 - : Empty set, there may be configuration options in the future 552 + Structured function argument 553 + 554 + : escape (optional, default: `false`) 555 + : If this option is true, XML special characters are escaped in string values and keys 553 556 554 557 Value 555 558 : The value to be converted to Plist 556 559 */ 557 - toPlist = {}: v: let 560 + toPlist = { 561 + escape ? false 562 + }: v: let 558 563 expr = ind: x: 559 564 if x == null then "" else 560 565 if isBool x then bool ind x else ··· 568 573 569 574 literal = ind: x: ind + x; 570 575 576 + maybeEscapeXML = if escape then escapeXML else x: x; 577 + 571 578 bool = ind: x: literal ind (if x then "<true/>" else "<false/>"); 572 579 int = ind: x: literal ind "<integer>${toString x}</integer>"; 573 - str = ind: x: literal ind "<string>${x}</string>"; 574 - key = ind: x: literal ind "<key>${x}</key>"; 580 + str = ind: x: literal ind "<string>${maybeEscapeXML x}</string>"; 581 + key = ind: x: literal ind "<key>${maybeEscapeXML x}</key>"; 575 582 float = ind: x: literal ind "<real>${toString x}</real>"; 576 583 577 584 indent = ind: expr "\t${ind}"; ··· 597 604 (expr "\t${ind}" value) 598 605 ]) x)); 599 606 600 - in ''<?xml version="1.0" encoding="UTF-8"?> 607 + in 608 + # TODO: As discussed in #356502, deprecated functionality should be removed sometime after 25.11. 609 + lib.warnIf (!escape && lib.oldestSupportedReleaseIsAtLeast 2505) "Using `lib.generators.toPlist` without `escape = true` is deprecated" 610 + ''<?xml version="1.0" encoding="UTF-8"?> 601 611 <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 602 612 <plist version="1.0"> 603 613 ${expr "" v}

+26 -2

lib/tests/misc.nix

··· 1641 1641 expected = "«foo»"; 1642 1642 }; 1643 1643 1644 - testToPlist = { 1644 + testToPlistUnescaped = { 1645 1645 expr = mapAttrs (const (generators.toPlist { })) { 1646 1646 value = { 1647 1647 nested.values = { ··· 1657 1657 emptylist = []; 1658 1658 attrs = { foo = null; "foo b/ar" = "baz"; }; 1659 1659 emptyattrs = {}; 1660 + "keys are not <escaped>" = "and < neither are string values"; 1660 1661 }; 1661 1662 }; 1662 1663 }; 1663 - expected = { value = builtins.readFile ./test-to-plist-expected.plist; }; 1664 + expected = { value = builtins.readFile ./test-to-plist-unescaped-expected.plist; }; 1665 + }; 1666 + 1667 + testToPlistEscaped = { 1668 + expr = mapAttrs (const (generators.toPlist { escape = true; })) { 1669 + value = { 1670 + nested.values = { 1671 + int = 42; 1672 + float = 0.1337; 1673 + bool = true; 1674 + emptystring = ""; 1675 + string = "fn\${o}\"r\\d"; 1676 + newlinestring = "\n"; 1677 + path = /. + "/foo"; 1678 + null_ = null; 1679 + list = [ 3 4 "test" ]; 1680 + emptylist = []; 1681 + attrs = { foo = null; "foo b/ar" = "baz"; }; 1682 + emptyattrs = {}; 1683 + "keys are <escaped>" = "and < so are string values"; 1684 + }; 1685 + }; 1686 + }; 1687 + expected = { value = builtins.readFile ./test-to-plist-escaped-expected.plist; }; 1664 1688 }; 1665 1689 1666 1690 testToLuaEmptyAttrSet = {

+48

lib/tests/test-to-plist-escaped-expected.plist

··· 1 + <?xml version="1.0" encoding="UTF-8"?> 2 + <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 3 + <plist version="1.0"> 4 + <dict> 5 + <key>nested</key> 6 + <dict> 7 + <key>values</key> 8 + <dict> 9 + <key>attrs</key> 10 + <dict> 11 + <key>foo b/ar</key> 12 + <string>baz</string> 13 + </dict> 14 + <key>bool</key> 15 + <true/> 16 + <key>emptyattrs</key> 17 + <dict> 18 + 19 + </dict> 20 + <key>emptylist</key> 21 + <array> 22 + 23 + </array> 24 + <key>emptystring</key> 25 + <string></string> 26 + <key>float</key> 27 + <real>0.133700</real> 28 + <key>int</key> 29 + <integer>42</integer> 30 + <key>keys are <escaped></key> 31 + <string>and < so are string values</string> 32 + <key>list</key> 33 + <array> 34 + <integer>3</integer> 35 + <integer>4</integer> 36 + <string>test</string> 37 + </array> 38 + <key>newlinestring</key> 39 + <string> 40 + </string> 41 + <key>path</key> 42 + <string>/foo</string> 43 + <key>string</key> 44 + <string>fn${o}"r\d</string> 45 + </dict> 46 + </dict> 47 + </dict> 48 + </plist>

+2

lib/tests/test-to-plist-expected.plist lib/tests/test-to-plist-unescaped-expected.plist

··· 27 27 <real>0.133700</real> 28 28 <key>int</key> 29 29 <integer>42</integer> 30 + <key>keys are not <escaped></key> 31 + <string>and < neither are string values</string> 30 32 <key>list</key> 31 33 <array> 32 34 <integer>3</integer>

+1

nixos/doc/manual/release-notes/rl-2505.section.md

··· 241 241 242 242 - Cinnamon has been updated to 6.4, please check the [upstream announcement](https://www.linuxmint.com/rel_xia_whatsnew.php) for more details. 243 243 - Following [changes in Mint 22](https://github.com/linuxmint/mintupgrade/commit/f239cde908288b8c250f938e7311c7ffbc16bd59) we are no longer overriding Qt application styles. You can still restore the previous default with `qt.style = "gtk2"` and `qt.platformTheme = "gtk2"`. 244 + - Following [changes in Mint 20](https://github.com/linuxmint/mintupgrade-legacy/commit/ce15d946ed9a8cb8444abd25088edd824bfb18f6) we are replacing xplayer with celluloid since xplayer is no longer maintained. 244 245 245 246 - Xfce has been updated to 4.20, please check the [upstream feature tour](https://www.xfce.org/about/tour420) for more details. 246 247 - Wayland session is still [experimental](https://wiki.xfce.org/releng/wayland_roadmap) and requires opt-in using `enableWaylandSession` option.

+179 -122

nixos/modules/services/network-filesystems/moosefs.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 let 3 8 cfg = config.services.moosefs; 4 9 5 10 mfsUser = if cfg.runAsUser then "moosefs" else "root"; 6 11 7 - settingsFormat = let 8 - listSep = " "; 9 - allowedTypes = with lib.types; [ bool int float str ]; 10 - valueToString = val: 11 - if lib.isList val then lib.concatStringsSep listSep (map (x: valueToString x) val) 12 - else if lib.isBool val then (if val then "1" else "0") 13 - else toString val; 12 + settingsFormat = 13 + let 14 + listSep = " "; 15 + allowedTypes = with lib.types; [ 16 + bool 17 + int 18 + float 19 + str 20 + ]; 21 + valueToString = 22 + val: 23 + if lib.isList val then 24 + lib.concatStringsSep listSep (map (x: valueToString x) val) 25 + else if lib.isBool val then 26 + (if val then "1" else "0") 27 + else 28 + toString val; 14 29 15 - in { 16 - type = with lib.types; let 17 - valueType = oneOf ([ 18 - (listOf valueType) 19 - ] ++ allowedTypes) // { 20 - description = "Flat key-value file"; 21 - }; 22 - in attrsOf valueType; 30 + in 31 + { 32 + type = 33 + with lib.types; 34 + let 35 + valueType = 36 + oneOf ( 37 + [ 38 + (listOf valueType) 39 + ] 40 + ++ allowedTypes 41 + ) 42 + // { 43 + description = "Flat key-value file"; 44 + }; 45 + in 46 + attrsOf valueType; 23 47 24 - generate = name: value: 25 - pkgs.writeText name ( lib.concatStringsSep "\n" ( 26 - lib.mapAttrsToList (key: val: "${key} = ${valueToString val}") value )); 48 + generate = 49 + name: value: 50 + pkgs.writeText name ( 51 + lib.concatStringsSep "\n" (lib.mapAttrsToList (key: val: "${key} = ${valueToString val}") value) 52 + ); 27 53 }; 28 54 29 55 # Manual initialization tool ··· 44 70 systemdService = name: extraConfig: configFile: { 45 71 wantedBy = [ "multi-user.target" ]; 46 72 wants = [ "network-online.target" ]; 47 - after = [ "network.target" "network-online.target" ]; 73 + after = [ 74 + "network.target" 75 + "network-online.target" 76 + ]; 48 77 49 78 serviceConfig = { 50 79 Type = "forking"; 51 - ExecStart = "${pkgs.moosefs}/bin/mfs${name} -c ${configFile} start"; 52 - ExecStop = "${pkgs.moosefs}/bin/mfs${name} -c ${configFile} stop"; 80 + ExecStart = "${pkgs.moosefs}/bin/mfs${name} -c ${configFile} start"; 81 + ExecStop = "${pkgs.moosefs}/bin/mfs${name} -c ${configFile} stop"; 53 82 ExecReload = "${pkgs.moosefs}/bin/mfs${name} -c ${configFile} reload"; 54 83 PIDFile = "${cfg."${name}".settings.DATA_PATH}/.mfs${name}.lock"; 55 84 } // extraConfig; 56 85 }; 57 86 58 - in { 87 + in 88 + { 59 89 ###### interface 60 90 options = { 61 91 services.moosefs = { ··· 150 180 type = with lib.types; listOf str; 151 181 default = null; 152 182 description = "Mount points used by chunkserver for data storage (see mfshdd.cfg)."; 153 - example = [ "/mnt/hdd1" "/mnt/hdd2" ]; 183 + example = [ 184 + "/mnt/hdd1" 185 + "/mnt/hdd2" 186 + ]; 154 187 }; 155 188 156 189 settings = lib.mkOption { ··· 197 230 }; 198 231 }; 199 232 }; 200 - default = {}; 233 + default = { }; 201 234 description = "CGI server configuration options."; 202 235 }; 203 236 }; ··· 205 238 }; 206 239 207 240 ###### implementation 208 - config = lib.mkIf (cfg.client.enable || cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable || cfg.cgiserver.enable) { 209 - warnings = [ ( lib.mkIf (!cfg.runAsUser) "Running MooseFS services as root is not recommended.") ]; 241 + config = 242 + lib.mkIf 243 + ( 244 + cfg.client.enable 245 + || cfg.master.enable 246 + || cfg.metalogger.enable 247 + || cfg.chunkserver.enable 248 + || cfg.cgiserver.enable 249 + ) 250 + { 251 + warnings = [ (lib.mkIf (!cfg.runAsUser) "Running MooseFS services as root is not recommended.") ]; 210 252 211 - services.moosefs = { 212 - master.settings = lib.mkIf cfg.master.enable (lib.mkMerge [ 213 - { 214 - WORKING_USER = mfsUser; 215 - EXPORTS_FILENAME = toString ( pkgs.writeText "mfsexports.cfg" 216 - (lib.concatStringsSep "\n" cfg.master.exports)); 217 - } 218 - (lib.mkIf cfg.cgiserver.enable { 219 - MFSCGISERV = toString cfg.cgiserver.settings.PORT; 220 - }) 221 - ]); 253 + services.moosefs = { 254 + master.settings = lib.mkIf cfg.master.enable ( 255 + lib.mkMerge [ 256 + { 257 + WORKING_USER = mfsUser; 258 + EXPORTS_FILENAME = toString ( 259 + pkgs.writeText "mfsexports.cfg" (lib.concatStringsSep "\n" cfg.master.exports) 260 + ); 261 + } 262 + (lib.mkIf cfg.cgiserver.enable { 263 + MFSCGISERV = toString cfg.cgiserver.settings.PORT; 264 + }) 265 + ] 266 + ); 222 267 223 - metalogger.settings = lib.mkIf cfg.metalogger.enable { 224 - WORKING_USER = mfsUser; 225 - MASTER_HOST = cfg.masterHost; 226 - }; 268 + metalogger.settings = lib.mkIf cfg.metalogger.enable { 269 + WORKING_USER = mfsUser; 270 + MASTER_HOST = cfg.masterHost; 271 + }; 227 272 228 - chunkserver.settings = lib.mkIf cfg.chunkserver.enable { 229 - WORKING_USER = mfsUser; 230 - MASTER_HOST = cfg.masterHost; 231 - HDD_CONF_FILENAME = toString ( pkgs.writeText "mfshdd.cfg" 232 - (lib.concatStringsSep "\n" cfg.chunkserver.hdds)); 233 - }; 234 - }; 273 + chunkserver.settings = lib.mkIf cfg.chunkserver.enable { 274 + WORKING_USER = mfsUser; 275 + MASTER_HOST = cfg.masterHost; 276 + HDD_CONF_FILENAME = toString ( 277 + pkgs.writeText "mfshdd.cfg" (lib.concatStringsSep "\n" cfg.chunkserver.hdds) 278 + ); 279 + }; 280 + }; 235 281 236 - users = lib.mkIf ( cfg.runAsUser && ( cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable || cfg.cgiserver.enable ) ) { 237 - users.moosefs = { 238 - isSystemUser = true; 239 - description = "MooseFS daemon user"; 240 - group = "moosefs"; 241 - }; 242 - groups.moosefs = {}; 243 - }; 282 + users = 283 + lib.mkIf 284 + ( 285 + cfg.runAsUser 286 + && (cfg.master.enable || cfg.metalogger.enable || cfg.chunkserver.enable || cfg.cgiserver.enable) 287 + ) 288 + { 289 + users.moosefs = { 290 + isSystemUser = true; 291 + description = "MooseFS daemon user"; 292 + group = "moosefs"; 293 + }; 294 + groups.moosefs = { }; 295 + }; 244 296 245 - environment.systemPackages = 246 - (lib.optional cfg.client.enable pkgs.moosefs) ++ 247 - (lib.optional cfg.master.enable initTool); 297 + environment.systemPackages = 298 + (lib.optional cfg.client.enable pkgs.moosefs) ++ (lib.optional cfg.master.enable initTool); 248 299 249 - networking.firewall.allowedTCPPorts = lib.mkMerge [ 250 - (lib.optionals cfg.master.openFirewall [ 9419 9420 9421 ]) 251 - (lib.optional cfg.chunkserver.openFirewall 9422) 252 - (lib.optional (cfg.cgiserver.enable && cfg.cgiserver.openFirewall) cfg.cgiserver.settings.PORT) 253 - ]; 300 + networking.firewall.allowedTCPPorts = lib.mkMerge [ 301 + (lib.optionals cfg.master.openFirewall [ 302 + 9419 303 + 9420 304 + 9421 305 + ]) 306 + (lib.optional cfg.chunkserver.openFirewall 9422) 307 + (lib.optional (cfg.cgiserver.enable && cfg.cgiserver.openFirewall) cfg.cgiserver.settings.PORT) 308 + ]; 254 309 255 - systemd.tmpfiles.rules = [ 256 - # Master directories 257 - (lib.optionalString cfg.master.enable 258 - "d ${cfg.master.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser} -") 310 + systemd.tmpfiles.rules = 311 + [ 312 + # Master directories 313 + (lib.optionalString cfg.master.enable "d ${cfg.master.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser} -") 259 314 260 - # Metalogger directories 261 - (lib.optionalString cfg.metalogger.enable 262 - "d ${cfg.metalogger.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser} -") 315 + # Metalogger directories 316 + (lib.optionalString cfg.metalogger.enable "d ${cfg.metalogger.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser} -") 263 317 264 - # Chunkserver directories 265 - (lib.optionalString cfg.chunkserver.enable 266 - "d ${cfg.chunkserver.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser} -") 267 - ] ++ lib.optionals (cfg.chunkserver.enable && cfg.chunkserver.hdds != null) 268 - (map (dir: "d ${dir} 0755 ${mfsUser} ${mfsUser} -") cfg.chunkserver.hdds); 318 + # Chunkserver directories 319 + (lib.optionalString cfg.chunkserver.enable "d ${cfg.chunkserver.settings.DATA_PATH} 0700 ${mfsUser} ${mfsUser} -") 320 + ] 321 + ++ lib.optionals (cfg.chunkserver.enable && cfg.chunkserver.hdds != null) ( 322 + map (dir: "d ${dir} 0755 ${mfsUser} ${mfsUser} -") cfg.chunkserver.hdds 323 + ); 269 324 270 - systemd.services = lib.mkMerge [ 271 - (lib.mkIf cfg.master.enable { 272 - mfs-master = (lib.mkMerge [ 273 - (systemdService "master" { 274 - TimeoutStartSec = 1800; 275 - TimeoutStopSec = 1800; 276 - Restart = "on-failure"; 277 - User = mfsUser; 278 - } masterCfg) 279 - { 280 - preStart = lib.mkIf cfg.master.autoInit "${initTool}/bin/mfsmaster-init"; 281 - } 282 - ]); 283 - }) 325 + systemd.services = lib.mkMerge [ 326 + (lib.mkIf cfg.master.enable { 327 + mfs-master = ( 328 + lib.mkMerge [ 329 + (systemdService "master" { 330 + TimeoutStartSec = 1800; 331 + TimeoutStopSec = 1800; 332 + Restart = "on-failure"; 333 + User = mfsUser; 334 + } masterCfg) 335 + { 336 + preStart = lib.mkIf cfg.master.autoInit "${initTool}/bin/mfsmaster-init"; 337 + } 338 + ] 339 + ); 340 + }) 284 341 285 - (lib.mkIf cfg.metalogger.enable { 286 - mfs-metalogger = systemdService "metalogger" { 287 - Restart = "on-abnormal"; 288 - User = mfsUser; 289 - } metaloggerCfg; 290 - }) 342 + (lib.mkIf cfg.metalogger.enable { 343 + mfs-metalogger = systemdService "metalogger" { 344 + Restart = "on-abnormal"; 345 + User = mfsUser; 346 + } metaloggerCfg; 347 + }) 291 348 292 - (lib.mkIf cfg.chunkserver.enable { 293 - mfs-chunkserver = systemdService "chunkserver" { 294 - Restart = "on-abnormal"; 295 - User = mfsUser; 296 - } chunkserverCfg; 297 - }) 349 + (lib.mkIf cfg.chunkserver.enable { 350 + mfs-chunkserver = systemdService "chunkserver" { 351 + Restart = "on-abnormal"; 352 + User = mfsUser; 353 + } chunkserverCfg; 354 + }) 298 355 299 - (lib.mkIf cfg.cgiserver.enable { 300 - mfs-cgiserv = { 301 - description = "MooseFS CGI Server"; 302 - wantedBy = [ "multi-user.target" ]; 303 - after = [ "mfs-master.service" ]; 356 + (lib.mkIf cfg.cgiserver.enable { 357 + mfs-cgiserv = { 358 + description = "MooseFS CGI Server"; 359 + wantedBy = [ "multi-user.target" ]; 360 + after = [ "mfs-master.service" ]; 304 361 305 - serviceConfig = { 306 - Type = "simple"; 307 - ExecStart = "${pkgs.moosefs}/bin/mfscgiserv -D /var/lib/mfs -f start"; 308 - ExecStop = "${pkgs.moosefs}/bin/mfscgiserv -D /var/lib/mfs stop"; 309 - Restart = "on-failure"; 310 - RestartSec = "30s"; 311 - User = mfsUser; 312 - Group = mfsUser; 313 - WorkingDirectory = "/var/lib/mfs"; 314 - }; 315 - }; 316 - }) 317 - ]; 318 - }; 362 + serviceConfig = { 363 + Type = "simple"; 364 + ExecStart = "${pkgs.moosefs}/bin/mfscgiserv -D /var/lib/mfs -f start"; 365 + ExecStop = "${pkgs.moosefs}/bin/mfscgiserv -D /var/lib/mfs stop"; 366 + Restart = "on-failure"; 367 + RestartSec = "30s"; 368 + User = mfsUser; 369 + Group = mfsUser; 370 + WorkingDirectory = "/var/lib/mfs"; 371 + }; 372 + }; 373 + }) 374 + ]; 375 + }; 319 376 }

+1 -1

nixos/modules/services/x11/desktop-managers/cinnamon.nix

··· 241 241 xviewer 242 242 xreader 243 243 xed-editor 244 - xplayer 245 244 pix 246 245 247 246 # external apps shipped with linux-mint 247 + celluloid 248 248 gnome-calculator 249 249 gnome-calendar 250 250 gnome-screenshot

-2

nixos/tests/xfce-wayland.nix

··· 23 23 24 24 services.xserver.desktopManager.xfce.enable = true; 25 25 services.xserver.desktopManager.xfce.enableWaylandSession = true; 26 - # https://gitlab.xfce.org/apps/xfce4-screensaver/-/merge_requests/28 27 - services.xserver.desktopManager.xfce.enableScreensaver = false; 28 26 environment.systemPackages = [ pkgs.wlrctl ]; 29 27 }; 30 28

+4

pkgs/applications/backup/timeshift/unwrapped.nix

··· 57 57 xapp 58 58 ]; 59 59 60 + env = lib.optionalAttrs stdenv.cc.isGNU { 61 + NIX_CFLAGS_COMPILE = "-Wno-error=implicit-function-declaration"; 62 + }; 63 + 60 64 meta = with lib; { 61 65 description = "System restore tool for Linux"; 62 66 longDescription = ''

+20 -2

pkgs/applications/editors/vim/plugins/overrides.nix

··· 246 246 247 247 blink-cmp = callPackage ./non-generated/blink-cmp { }; 248 248 249 + blink-cmp-copilot = super.blink-cmp-copilot.overrideAttrs { 250 + dependencies = [ self.copilot-lua ]; 251 + }; 252 + 249 253 bluloco-nvim = super.bluloco-nvim.overrideAttrs { 250 254 dependencies = [ self.lush-nvim ]; 251 255 }; ··· 1299 1303 "lazyvim.plugins.extras.lang.svelte" 1300 1304 "lazyvim.plugins.extras.lang.typescript" 1301 1305 "lazyvim.plugins.init" 1306 + "lazyvim.plugins.ui" 1302 1307 "lazyvim.plugins.xtras" 1303 1308 ]; 1304 1309 }; ··· 2203 2208 vimCommandCheck = "TealBuild"; 2204 2209 }; 2205 2210 2211 + nvim-tree-lua = super.nvim-tree-lua.overrideAttrs { 2212 + nvimSkipModule = [ 2213 + # Meta can't be required 2214 + "nvim-tree._meta.api" 2215 + "nvim-tree._meta.api_decorator" 2216 + ]; 2217 + }; 2218 + 2206 2219 nvim-treesitter = super.nvim-treesitter.overrideAttrs ( 2207 2220 callPackage ./nvim-treesitter/overrides.nix { } self super 2208 2221 ); ··· 2597 2610 nvimSkipModule = [ 2598 2611 # Requires setup call first 2599 2612 "snacks.dashboard" 2613 + "snacks.debug" 2614 + "snacks.dim" 2600 2615 "snacks.git" 2616 + "snacks.indent" 2617 + "snacks.input" 2601 2618 "snacks.lazygit" 2602 2619 "snacks.notifier" 2620 + "snacks.scratch" 2621 + "snacks.scroll" 2603 2622 "snacks.terminal" 2604 2623 "snacks.win" 2605 2624 "snacks.words" 2606 - "snacks.debug" 2607 - "snacks.scratch" 2625 + "snacks.zen" 2608 2626 # Optional trouble integration 2609 2627 "trouble.sources.profiler" 2610 2628 ];

+8 -8

pkgs/applications/networking/cluster/k3s/1_29/images-versions.json

··· 1 1 { 2 2 "airgap-images-amd64": { 3 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.11%2Bk3s1/k3s-airgap-images-amd64.tar.zst", 4 - "sha256": "0i62dg60090wmiqi2wzqa4jx45dag71y0936hhy00402wdcylmj7" 3 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.12%2Bk3s1/k3s-airgap-images-amd64.tar.zst", 4 + "sha256": "0p3d0k4ckzrbd3xd4v9vb8rhw9jcl4ilx9ch94yhf8kxnnblgzyb" 5 5 }, 6 6 "airgap-images-arm": { 7 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.11%2Bk3s1/k3s-airgap-images-arm.tar.zst", 8 - "sha256": "0v9wazqiypzpxpc31vi0x3w1jwsny8xcnv67bcjwj5xlwpjlsjz9" 7 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.12%2Bk3s1/k3s-airgap-images-arm.tar.zst", 8 + "sha256": "0j9ajjz201w319gfryx2q7jnmyi8gg805v7jsdmy4xkyl8ki80jw" 9 9 }, 10 10 "airgap-images-arm64": { 11 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.11%2Bk3s1/k3s-airgap-images-arm64.tar.zst", 12 - "sha256": "07145gdpgqy49pvinnx0pal9mzsljysgd5zfq565fx5smfxzvbyn" 11 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.12%2Bk3s1/k3s-airgap-images-arm64.tar.zst", 12 + "sha256": "1yc1yafr16mli1jk9xc4vgp6q36zk9z5p4rjmdng42dp0j6kvj0w" 13 13 }, 14 14 "images-list": { 15 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.11%2Bk3s1/k3s-images.txt", 16 - "sha256": "05229bfg174pvy525dcy7rvmgv9i9v1nnz5ngq80n7zkxj9cp8m8" 15 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.29.12%2Bk3s1/k3s-images.txt", 16 + "sha256": "1gqiaszfw49hsbn7xkkadykaf028vys13ykqvpkqar0f7hwwbja6" 17 17 } 18 18 }

+4 -4

pkgs/applications/networking/cluster/k3s/1_29/versions.nix

··· 1 1 { 2 - k3sVersion = "1.29.11+k3s1"; 3 - k3sCommit = "666b590a7512c0baab01c93bf81222fa22565c45"; 4 - k3sRepoSha256 = "0w9lldvzkd3rrq0gypqnyjmjr73bxay44q2vfcj4my0ryc3bajf4"; 5 - k3sVendorHash = "sha256-FaOBeUONkeG2CfGUN4VRUzpQl0C6b06kKCnb6ICYHzo="; 2 + k3sVersion = "1.29.12+k3s1"; 3 + k3sCommit = "ab3818c6169fb022c1fb74b8646d8d724a0f6030"; 4 + k3sRepoSha256 = "10lmva3wwpzymm5lf65gg7ixbz5vdbpagb1ghbc4r8v50ack0cvf"; 5 + k3sVendorHash = "sha256-s49GPwMPkF38NTj/aZ1aMliT/Msa1BMS9fmfqcp0//s="; 6 6 chartVersions = import ./chart-versions.nix; 7 7 imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json); 8 8 k3sRootVersion = "0.14.1";

+8 -8

pkgs/applications/networking/cluster/k3s/1_30/images-versions.json

··· 1 1 { 2 2 "airgap-images-amd64": { 3 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.7%2Bk3s1/k3s-airgap-images-amd64.tar.zst", 4 - "sha256": "09czfci3c37phn89zzqnsxgxwclmzf03mxlh88v0d7fk4qjlqa4i" 3 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.8%2Bk3s1/k3s-airgap-images-amd64.tar.zst", 4 + "sha256": "12vvc79jy1nyvcpsr2bi6w1zf28rqx99vh7anjm13snzsk7kzqc2" 5 5 }, 6 6 "airgap-images-arm": { 7 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.7%2Bk3s1/k3s-airgap-images-arm.tar.zst", 8 - "sha256": "1wdnfc0f17rjz5gd1gfngax9ghjxv4gpzq73gyd745j53f64wv7n" 7 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.8%2Bk3s1/k3s-airgap-images-arm.tar.zst", 8 + "sha256": "0mhn1ilh830m403yg1y3nqzjcakhs3i6hgdq2s8w2spyz2kdrgv1" 9 9 }, 10 10 "airgap-images-arm64": { 11 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.7%2Bk3s1/k3s-airgap-images-arm64.tar.zst", 12 - "sha256": "04i8j4x26bia3sqc5ra23p0nyy1ncd57mifwakm8nrk8dayigm8d" 11 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.8%2Bk3s1/k3s-airgap-images-arm64.tar.zst", 12 + "sha256": "0jdxf36dksypjvgil23wn8ins5rp0achmlavmv12vhijfllkqnn5" 13 13 }, 14 14 "images-list": { 15 - "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.7%2Bk3s1/k3s-images.txt", 16 - "sha256": "05229bfg174pvy525dcy7rvmgv9i9v1nnz5ngq80n7zkxj9cp8m8" 15 + "url": "https://github.com/k3s-io/k3s/releases/download/v1.30.8%2Bk3s1/k3s-images.txt", 16 + "sha256": "1gqiaszfw49hsbn7xkkadykaf028vys13ykqvpkqar0f7hwwbja6" 17 17 } 18 18 }

+4 -4

pkgs/applications/networking/cluster/k3s/1_30/versions.nix

··· 1 1 { 2 - k3sVersion = "1.30.7+k3s1"; 3 - k3sCommit = "00f901803ada2af4adb0439804f98b6fb6379992"; 4 - k3sRepoSha256 = "0jvbd4g1kisyjs2hrz4aqwrg08b13pvdf10dyyavvw1bmzki26ih"; 5 - k3sVendorHash = "sha256-3kLD2oyeo1cC0qRD48sFbsARuD034wilcNQpGRa65aQ="; 2 + k3sVersion = "1.30.8+k3s1"; 3 + k3sCommit = "b43a365f27d8372336fea7b0984a571109d742ca"; 4 + k3sRepoSha256 = "1fkpvx25aw59vvyfq9pbnph3kgyr4ykxg2dkkjdmqjdgwza04c47"; 5 + k3sVendorHash = "sha256-q/cRKuqXuzPcLEYD+BH82ZAc+ZgGIqKWLsM1E4uQsok="; 6 6 chartVersions = import ./chart-versions.nix; 7 7 imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json); 8 8 k3sRootVersion = "0.14.1";

+84 -75

pkgs/applications/networking/cluster/k3s/builder.nix

··· 56 56 libseccomp, 57 57 makeWrapper, 58 58 nixosTests, 59 + overrideBundleAttrs ? { }, # An attrSet/function to override the `k3sBundle` derivation. 60 + overrideCniPluginsAttrs ? { }, # An attrSet/function to override the `k3sCNIPlugins` derivation. 61 + overrideContainerdAttrs ? { }, # An attrSet/function to override the `k3sContainerd` derivation. 59 62 pkg-config, 60 63 pkgsBuildBuild, 61 64 procps, 62 65 rsync, 63 - runc, 64 66 runCommand, 67 + runc, 65 68 socat, 66 69 sqlite, 67 70 stdenv, ··· 174 177 sha256 = k3sRootSha256; 175 178 stripRoot = false; 176 179 }; 177 - k3sCNIPlugins = buildGoModule rec { 178 - pname = "k3s-cni-plugins"; 179 - version = k3sCNIVersion; 180 - vendorHash = null; 180 + k3sCNIPlugins = 181 + (buildGoModule rec { 182 + pname = "k3s-cni-plugins"; 183 + version = k3sCNIVersion; 184 + vendorHash = null; 181 185 182 - subPackages = [ "." ]; 186 + subPackages = [ "." ]; 183 187 184 - src = fetchFromGitHub { 185 - owner = "rancher"; 186 - repo = "plugins"; 187 - rev = "v${version}"; 188 - sha256 = k3sCNISha256; 189 - }; 188 + src = fetchFromGitHub { 189 + owner = "rancher"; 190 + repo = "plugins"; 191 + rev = "v${version}"; 192 + sha256 = k3sCNISha256; 193 + }; 190 194 191 - postInstall = '' 192 - mv $out/bin/plugins $out/bin/cni 193 - ''; 195 + postInstall = '' 196 + mv $out/bin/plugins $out/bin/cni 197 + ''; 194 198 195 - meta = baseMeta // { 196 - description = "CNI plugins, as patched by rancher for k3s"; 197 - }; 198 - }; 199 + meta = baseMeta // { 200 + description = "CNI plugins, as patched by rancher for k3s"; 201 + }; 202 + }).overrideAttrs 203 + overrideCniPluginsAttrs; 199 204 # Grab this separately from a build because it's used by both stages of the 200 205 # k3s build. 201 206 k3sRepo = fetchgit { ··· 261 266 # derivation when we've built all the binaries, but haven't bundled them in 262 267 # with generated bindata yet. 263 268 264 - k3sServer = buildGoModule { 265 - pname = "k3s-server"; 266 - version = k3sVersion; 269 + k3sBundle = 270 + (buildGoModule { 271 + pname = "k3s-bin"; 272 + version = k3sVersion; 267 273 268 - src = k3sRepo; 269 - vendorHash = k3sVendorHash; 274 + src = k3sRepo; 275 + vendorHash = k3sVendorHash; 270 276 271 - nativeBuildInputs = [ pkg-config ]; 272 - buildInputs = [ 273 - libseccomp 274 - sqlite.dev 275 - ]; 277 + nativeBuildInputs = [ pkg-config ]; 278 + buildInputs = [ 279 + libseccomp 280 + sqlite.dev 281 + ]; 276 282 277 - subPackages = [ "cmd/server" ]; 278 - ldflags = versionldflags; 283 + subPackages = [ "cmd/server" ]; 284 + ldflags = versionldflags; 279 285 280 - tags = [ 281 - "ctrd" 282 - "libsqlite3" 283 - "linux" 284 - ]; 286 + tags = [ 287 + "ctrd" 288 + "libsqlite3" 289 + "linux" 290 + ]; 285 291 286 - # create the multicall symlinks for k3s 287 - postInstall = '' 288 - mv $out/bin/server $out/bin/k3s 289 - pushd $out 290 - # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113 291 - ln -s k3s ./bin/containerd 292 - ln -s k3s ./bin/crictl 293 - ln -s k3s ./bin/ctr 294 - ln -s k3s ./bin/k3s-agent 295 - ln -s k3s ./bin/k3s-certificate 296 - ln -s k3s ./bin/k3s-completion 297 - ln -s k3s ./bin/k3s-etcd-snapshot 298 - ln -s k3s ./bin/k3s-secrets-encrypt 299 - ln -s k3s ./bin/k3s-server 300 - ln -s k3s ./bin/k3s-token 301 - ln -s k3s ./bin/kubectl 302 - popd 303 - ''; 292 + # create the multicall symlinks for k3s 293 + postInstall = '' 294 + mv $out/bin/server $out/bin/k3s 295 + pushd $out 296 + # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113 297 + ln -s k3s ./bin/containerd 298 + ln -s k3s ./bin/crictl 299 + ln -s k3s ./bin/ctr 300 + ln -s k3s ./bin/k3s-agent 301 + ln -s k3s ./bin/k3s-certificate 302 + ln -s k3s ./bin/k3s-completion 303 + ln -s k3s ./bin/k3s-etcd-snapshot 304 + ln -s k3s ./bin/k3s-secrets-encrypt 305 + ln -s k3s ./bin/k3s-server 306 + ln -s k3s ./bin/k3s-token 307 + ln -s k3s ./bin/kubectl 308 + popd 309 + ''; 304 310 305 - meta = baseMeta // { 306 - description = "Various binaries that get packaged into the final k3s binary"; 307 - }; 308 - }; 311 + meta = baseMeta // { 312 + description = "Various binaries that get packaged into the final k3s binary"; 313 + }; 314 + }).overrideAttrs 315 + overrideBundleAttrs; 309 316 # Only used for the shim since 310 317 # https://github.com/k3s-io/k3s/blob/v1.27.2%2Bk3s1/scripts/build#L153 311 - k3sContainerd = buildGoModule { 312 - pname = "k3s-containerd"; 313 - version = containerdVersion; 314 - src = fetchFromGitHub { 315 - owner = "k3s-io"; 316 - repo = "containerd"; 317 - rev = "v${containerdVersion}"; 318 - sha256 = containerdSha256; 319 - }; 320 - vendorHash = null; 321 - buildInputs = [ btrfs-progs ]; 322 - subPackages = [ "cmd/containerd-shim-runc-v2" ]; 323 - ldflags = versionldflags; 324 - }; 318 + k3sContainerd = 319 + (buildGoModule { 320 + pname = "k3s-containerd"; 321 + version = containerdVersion; 322 + src = fetchFromGitHub { 323 + owner = "k3s-io"; 324 + repo = "containerd"; 325 + rev = "v${containerdVersion}"; 326 + sha256 = containerdSha256; 327 + }; 328 + vendorHash = null; 329 + buildInputs = [ btrfs-progs ]; 330 + subPackages = [ "cmd/containerd-shim-runc-v2" ]; 331 + ldflags = versionldflags; 332 + }).overrideAttrs 333 + overrideContainerdAttrs; 325 334 in 326 335 buildGoModule rec { 327 336 pname = "k3s"; ··· 397 406 propagatedBuildInputs = [ 398 407 k3sCNIPlugins 399 408 k3sContainerd 400 - k3sServer 409 + k3sBundle 401 410 ]; 402 411 403 412 # We override most of buildPhase due to peculiarities in k3s's build. ··· 411 420 412 421 # copy needed 'go generate' inputs into place 413 422 mkdir -p ./bin/aux 414 - rsync -a --no-perms ${k3sServer}/bin/ ./bin/ 423 + rsync -a --no-perms ${k3sBundle}/bin/ ./bin/ 415 424 ln -vsf ${k3sCNIPlugins}/bin/cni ./bin/cni 416 425 ln -vsf ${k3sContainerd}/bin/containerd-shim-runc-v2 ./bin 417 426 rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/ ··· 463 472 k3sContainerd = k3sContainerd; 464 473 k3sRepo = k3sRepo; 465 474 k3sRoot = k3sRoot; 466 - k3sServer = k3sServer; 475 + k3sBundle = k3sBundle; 467 476 mkTests = 468 477 version: 469 478 let

+7

pkgs/by-name/ca/caribou/package.nix

··· 91 91 substituteInPlace libcaribou/Makefile.am --replace "--shared-library=libcaribou.so.0" "--shared-library=$out/lib/libcaribou.so.0" 92 92 ''; 93 93 94 + env = lib.optionalAttrs stdenv.cc.isGNU { 95 + # This really should be done by latest Vala, but we are using 96 + # release tarball here, which dists generated C code. 97 + # https://gitlab.gnome.org/GNOME/vala/-/merge_requests/369 98 + NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types"; 99 + }; 100 + 94 101 passthru = { 95 102 updateScript = gnome.updateScript { packageName = "caribou"; }; 96 103 };

+2 -2

pkgs/by-name/ci/cinnamon-common/package.nix

··· 76 76 # TODO (after 25.05 branch-off): Rename to pkgs.cinnamon 77 77 stdenv.mkDerivation rec { 78 78 pname = "cinnamon-common"; 79 - version = "6.4.2"; 79 + version = "6.4.3"; 80 80 81 81 src = fetchFromGitHub { 82 82 owner = "linuxmint"; 83 83 repo = "cinnamon"; 84 84 rev = version; 85 - hash = "sha256-r5cSm/a+xtHwwAHQmdgviDAN3nnMAnXGY/p+ER1/gbk="; 85 + hash = "sha256-Nq4CFLmvgyPFg+mALE1UYauWAR7ZjtJGJOSChbIjm4g="; 86 86 }; 87 87 88 88 patches = [

+9

pkgs/by-name/dp/dpdk/package.nix

··· 3 3 , pkg-config, meson, ninja, makeWrapper 4 4 , libbsd, numactl, libbpf, zlib, elfutils, jansson, openssl, libpcap, rdma-core 5 5 , doxygen, python3, pciutils 6 + , fetchpatch 6 7 , withExamples ? [] 7 8 , shared ? false 8 9 , machine ? ( ··· 48 49 rdma-core 49 50 # Requested by pkg-config. 50 51 libbsd 52 + ]; 53 + 54 + patches = [ 55 + (fetchpatch { 56 + name = "CVE-2024-11614.patch"; 57 + url = "https://git.dpdk.org/dpdk-stable/patch/?id=fdf13ea6fede07538fbe5e2a46fa6d4b2368fa81"; 58 + hash = "sha256-lD2mhPm5r1tWZb4IpzHa2SeK1DyQ3rwjzArRTpAgZAY="; 59 + }) 51 60 ]; 52 61 53 62 postPatch = ''

+3 -3

pkgs/by-name/ei/eigenmath/package.nix

··· 8 8 9 9 stdenv.mkDerivation rec { 10 10 pname = "eigenmath"; 11 - version = "3.35-unstable-2024-12-11"; 11 + version = "337-unstable-2024-12-20"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "georgeweigt"; 15 15 repo = pname; 16 - rev = "8aeb901425aae6dc27b00040dee38cf51fd81a5e"; 17 - hash = "sha256-fhQHxdbecDAcMylMU50FHPGWf6XgwBgPBaP4v3ntOmc="; 16 + rev = "571412786696680e1e04909e90e77d9d39b10b2a"; 17 + hash = "sha256-7/5UsU5TSW++MROWuUTsAptkv7gcqhvcqaRHYzXswB8="; 18 18 }; 19 19 20 20 checkPhase =

+2 -2

pkgs/by-name/fa/fanbox-dl/package.nix

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "fanbox-dl"; 9 - version = "0.27.1"; 9 + version = "0.27.2"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "hareku"; 13 13 repo = "fanbox-dl"; 14 14 rev = "v${version}"; 15 - hash = "sha256-2fxptsETjWyQxQv/VDx2A5UMZ3oLgC298YY/To3qaqk="; 15 + hash = "sha256-qsuYsAXlMuNvGxtrisqqr2E9OgiXsYneBx+CnVOyU2g="; 16 16 }; 17 17 18 18 vendorHash = "sha256-l/mgjCqRzidJ1QxH8bKGa7ZnRZVOqkuNifgEyFVU7fA=";

+2 -2

pkgs/by-name/gl/glaze/package.nix

··· 8 8 9 9 stdenv.mkDerivation (final: { 10 10 pname = "glaze"; 11 - version = "4.0.2"; 11 + version = "4.2.2"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "stephenberry"; 15 15 repo = "glaze"; 16 16 rev = "v${final.version}"; 17 - hash = "sha256-fNarN2VFgfZDmY62EoLsiMdW60XPbi71wbiSe/ftaFc="; 17 + hash = "sha256-P6hrwSpeQXHhag7HV28EVXsEwd2ZJEad3GRclCiOz8w="; 18 18 }; 19 19 20 20 nativeBuildInputs = [ cmake ];

+2 -1

pkgs/by-name/ka/kanidm/1_3.nix

··· 1 1 import ./generic.nix { 2 2 version = "1.3.3"; 3 3 hash = "sha256-W5G7osV4du6w/BfyY9YrDzorcLNizRsoz70RMfO2AbY="; 4 - cargoHash = "sha256-gJrzOK6vPPBgsQFkKrbMql00XSfKGjgpZhYJLTURxoI="; 4 + cargoHash = "sha256-iziTHr0gvv319Rzgkze9J1H4UzPR7WxMmCkiGVsb33k="; 5 + patchDir = ./patches/1_3; 5 6 extraMeta = { 6 7 knownVulnerabilities = [ 7 8 ''

+2 -1

pkgs/by-name/ka/kanidm/1_4.nix

··· 1 1 import ./generic.nix { 2 2 version = "1.4.5"; 3 3 hash = "sha256-0nn/ZyjkLXWXBZasNhbeEynEN52cmZQAcgg3hLmRpdo="; 4 - cargoHash = "sha256-sLz1EdczSj0/ACLUpWex3i8ZUhNeyU/RVwuAqccLIz8="; 4 + cargoHash = "sha256-9ZB9PwVnqoCRMFXOY7ejh76hmOg7cjVpnjgJfh8aXGI="; 5 + patchDir = ./patches/1_4; 5 6 }

+5 -3

pkgs/by-name/ka/kanidm/generic.nix

··· 2 2 version, 3 3 hash, 4 4 cargoHash, 5 + patchDir, 5 6 extraMeta ? { }, 6 7 }: 7 8 ··· 35 36 arch = if stdenv.hostPlatform.isx86_64 then "x86_64" else "generic"; 36 37 in 37 38 rustPlatform.buildRustPackage rec { 38 - pname = "kanidm"; 39 + pname = "kanidm" + (lib.optionalString enableSecretProvisioning "-with-secret-provisioning"); 39 40 inherit version cargoHash; 41 + cargoDepsName = "kanidm"; 40 42 41 43 src = fetchFromGitHub { 42 44 owner = pname; ··· 48 50 KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; 49 51 50 52 patches = lib.optionals enableSecretProvisioning [ 51 - ./patches/oauth2-basic-secret-modify.patch 52 - ./patches/recover-account.patch 53 + "${patchDir}/oauth2-basic-secret-modify.patch" 54 + "${patchDir}/recover-account.patch" 53 55 ]; 54 56 55 57 postPatch =

+303

pkgs/by-name/ka/kanidm/patches/1_3/oauth2-basic-secret-modify.patch

··· 1 + From 44dfbc2b9dccce86c7d7e7b54db4c989344b8c56 Mon Sep 17 00:00:00 2001 2 + From: oddlama <oddlama@oddlama.org> 3 + Date: Mon, 12 Aug 2024 23:17:25 +0200 4 + Subject: [PATCH 1/2] oauth2 basic secret modify 5 + 6 + --- 7 + server/core/src/actors/v1_write.rs | 42 ++++++++++++++++++++++++++++++ 8 + server/core/src/https/v1.rs | 6 ++++- 9 + server/core/src/https/v1_oauth2.rs | 29 +++++++++++++++++++++ 10 + server/lib/src/constants/acp.rs | 6 +++++ 11 + 4 files changed, 82 insertions(+), 1 deletion(-) 12 + 13 + diff --git a/server/core/src/actors/v1_write.rs b/server/core/src/actors/v1_write.rs 14 + index e00a969fb..1cacc67b8 100644 15 + --- a/server/core/src/actors/v1_write.rs 16 + +++ b/server/core/src/actors/v1_write.rs 17 + @@ -315,20 +315,62 @@ impl QueryServerWriteV1 { 18 + }; 19 + 20 + trace!(?del, "Begin delete event"); 21 + 22 + idms_prox_write 23 + .qs_write 24 + .delete(&del) 25 + .and_then(|_| idms_prox_write.commit().map(|_| ())) 26 + } 27 + 28 + + #[instrument( 29 + + level = "info", 30 + + skip_all, 31 + + fields(uuid = ?eventid) 32 + + )] 33 + + pub async fn handle_oauth2_basic_secret_write( 34 + + &self, 35 + + client_auth_info: ClientAuthInfo, 36 + + filter: Filter<FilterInvalid>, 37 + + new_secret: String, 38 + + eventid: Uuid, 39 + + ) -> Result<(), OperationError> { 40 + + // Given a protoEntry, turn this into a modification set. 41 + + let ct = duration_from_epoch_now(); 42 + + let mut idms_prox_write = self.idms.proxy_write(ct).await; 43 + + let ident = idms_prox_write 44 + + .validate_client_auth_info_to_ident(client_auth_info, ct) 45 + + .map_err(|e| { 46 + + admin_error!(err = ?e, "Invalid identity"); 47 + + e 48 + + })?; 49 + + 50 + + let modlist = ModifyList::new_purge_and_set( 51 + + Attribute::OAuth2RsBasicSecret, 52 + + Value::SecretValue(new_secret), 53 + + ); 54 + + 55 + + let mdf = 56 + + ModifyEvent::from_internal_parts(ident, &modlist, &filter, &idms_prox_write.qs_write) 57 + + .map_err(|e| { 58 + + admin_error!(err = ?e, "Failed to begin modify during handle_oauth2_basic_secret_write"); 59 + + e 60 + + })?; 61 + + 62 + + trace!(?mdf, "Begin modify event"); 63 + + 64 + + idms_prox_write 65 + + .qs_write 66 + + .modify(&mdf) 67 + + .and_then(|_| idms_prox_write.commit()) 68 + + } 69 + + 70 + #[instrument( 71 + level = "info", 72 + skip_all, 73 + fields(uuid = ?eventid) 74 + )] 75 + pub async fn handle_reviverecycled( 76 + &self, 77 + client_auth_info: ClientAuthInfo, 78 + filter: Filter<FilterInvalid>, 79 + eventid: Uuid, 80 + diff --git a/server/core/src/https/v1.rs b/server/core/src/https/v1.rs 81 + index 8aba83bb2..f1f815026 100644 82 + --- a/server/core/src/https/v1.rs 83 + +++ b/server/core/src/https/v1.rs 84 + @@ -1,17 +1,17 @@ 85 + //! The V1 API things! 86 + 87 + use axum::extract::{Path, State}; 88 + use axum::http::{HeaderMap, HeaderValue}; 89 + use axum::middleware::from_fn; 90 + use axum::response::{IntoResponse, Response}; 91 + -use axum::routing::{delete, get, post, put}; 92 + +use axum::routing::{delete, get, post, put, patch}; 93 + use axum::{Extension, Json, Router}; 94 + use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite}; 95 + use compact_jwt::{Jwk, Jws, JwsSigner}; 96 + use kanidm_proto::constants::uri::V1_AUTH_VALID; 97 + use std::net::IpAddr; 98 + use uuid::Uuid; 99 + 100 + use kanidm_proto::internal::{ 101 + ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest, 102 + CredentialStatus, DeleteRequest, IdentifyUserRequest, IdentifyUserResponse, ModifyRequest, 103 + @@ -3119,20 +3119,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> { 104 + ) 105 + .route( 106 + "/v1/oauth2/:rs_name/_image", 107 + post(super::v1_oauth2::oauth2_id_image_post) 108 + .delete(super::v1_oauth2::oauth2_id_image_delete), 109 + ) 110 + .route( 111 + "/v1/oauth2/:rs_name/_basic_secret", 112 + get(super::v1_oauth2::oauth2_id_get_basic_secret), 113 + ) 114 + + .route( 115 + + "/v1/oauth2/:rs_name/_basic_secret", 116 + + patch(super::v1_oauth2::oauth2_id_patch_basic_secret), 117 + + ) 118 + .route( 119 + "/v1/oauth2/:rs_name/_scopemap/:group", 120 + post(super::v1_oauth2::oauth2_id_scopemap_post) 121 + .delete(super::v1_oauth2::oauth2_id_scopemap_delete), 122 + ) 123 + .route( 124 + "/v1/oauth2/:rs_name/_sup_scopemap/:group", 125 + post(super::v1_oauth2::oauth2_id_sup_scopemap_post) 126 + .delete(super::v1_oauth2::oauth2_id_sup_scopemap_delete), 127 + ) 128 + diff --git a/server/core/src/https/v1_oauth2.rs b/server/core/src/https/v1_oauth2.rs 129 + index 5e481afab..a771aed04 100644 130 + --- a/server/core/src/https/v1_oauth2.rs 131 + +++ b/server/core/src/https/v1_oauth2.rs 132 + @@ -144,20 +144,49 @@ pub(crate) async fn oauth2_id_get_basic_secret( 133 + ) -> Result<Json<Option<String>>, WebError> { 134 + let filter = oauth2_id(&rs_name); 135 + state 136 + .qe_r_ref 137 + .handle_oauth2_basic_secret_read(client_auth_info, filter, kopid.eventid) 138 + .await 139 + .map(Json::from) 140 + .map_err(WebError::from) 141 + } 142 + 143 + +#[utoipa::path( 144 + + patch, 145 + + path = "/v1/oauth2/{rs_name}/_basic_secret", 146 + + request_body=ProtoEntry, 147 + + responses( 148 + + DefaultApiResponse, 149 + + ), 150 + + security(("token_jwt" = [])), 151 + + tag = "v1/oauth2", 152 + + operation_id = "oauth2_id_patch_basic_secret" 153 + +)] 154 + +/// Overwrite the basic secret for a given OAuth2 Resource Server. 155 + +#[instrument(level = "info", skip(state, new_secret))] 156 + +pub(crate) async fn oauth2_id_patch_basic_secret( 157 + + State(state): State<ServerState>, 158 + + Extension(kopid): Extension<KOpId>, 159 + + VerifiedClientInformation(client_auth_info): VerifiedClientInformation, 160 + + Path(rs_name): Path<String>, 161 + + Json(new_secret): Json<String>, 162 + +) -> Result<Json<()>, WebError> { 163 + + let filter = oauth2_id(&rs_name); 164 + + state 165 + + .qe_w_ref 166 + + .handle_oauth2_basic_secret_write(client_auth_info, filter, new_secret, kopid.eventid) 167 + + .await 168 + + .map(Json::from) 169 + + .map_err(WebError::from) 170 + +} 171 + + 172 + #[utoipa::path( 173 + patch, 174 + path = "/v1/oauth2/{rs_name}", 175 + request_body=ProtoEntry, 176 + responses( 177 + DefaultApiResponse, 178 + ), 179 + security(("token_jwt" = [])), 180 + tag = "v1/oauth2", 181 + operation_id = "oauth2_id_patch" 182 + diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs 183 + index f3409649d..42e407b7d 100644 184 + --- a/server/lib/src/constants/acp.rs 185 + +++ b/server/lib/src/constants/acp.rs 186 + @@ -645,34 +645,36 @@ lazy_static! { 187 + Attribute::Image, 188 + ], 189 + modify_present_attrs: vec![ 190 + Attribute::Description, 191 + Attribute::DisplayName, 192 + Attribute::OAuth2RsName, 193 + Attribute::OAuth2RsOrigin, 194 + Attribute::OAuth2RsOriginLanding, 195 + Attribute::OAuth2RsSupScopeMap, 196 + Attribute::OAuth2RsScopeMap, 197 + + Attribute::OAuth2RsBasicSecret, 198 + Attribute::OAuth2AllowInsecureClientDisablePkce, 199 + Attribute::OAuth2JwtLegacyCryptoEnable, 200 + Attribute::OAuth2PreferShortUsername, 201 + Attribute::Image, 202 + ], 203 + create_attrs: vec![ 204 + Attribute::Class, 205 + Attribute::Description, 206 + Attribute::DisplayName, 207 + Attribute::OAuth2RsName, 208 + Attribute::OAuth2RsOrigin, 209 + Attribute::OAuth2RsOriginLanding, 210 + Attribute::OAuth2RsSupScopeMap, 211 + Attribute::OAuth2RsScopeMap, 212 + + Attribute::OAuth2RsBasicSecret, 213 + Attribute::OAuth2AllowInsecureClientDisablePkce, 214 + Attribute::OAuth2JwtLegacyCryptoEnable, 215 + Attribute::OAuth2PreferShortUsername, 216 + Attribute::Image, 217 + ], 218 + create_classes: vec![ 219 + EntryClass::Object, 220 + EntryClass::OAuth2ResourceServer, 221 + EntryClass::OAuth2ResourceServerBasic, 222 + EntryClass::OAuth2ResourceServerPublic, 223 + @@ -739,36 +741,38 @@ lazy_static! { 224 + Attribute::Image, 225 + ], 226 + modify_present_attrs: vec![ 227 + Attribute::Description, 228 + Attribute::DisplayName, 229 + Attribute::OAuth2RsName, 230 + Attribute::OAuth2RsOrigin, 231 + Attribute::OAuth2RsOriginLanding, 232 + Attribute::OAuth2RsSupScopeMap, 233 + Attribute::OAuth2RsScopeMap, 234 + + Attribute::OAuth2RsBasicSecret, 235 + Attribute::OAuth2AllowInsecureClientDisablePkce, 236 + Attribute::OAuth2JwtLegacyCryptoEnable, 237 + Attribute::OAuth2PreferShortUsername, 238 + Attribute::OAuth2AllowLocalhostRedirect, 239 + Attribute::OAuth2RsClaimMap, 240 + Attribute::Image, 241 + ], 242 + create_attrs: vec![ 243 + Attribute::Class, 244 + Attribute::Description, 245 + Attribute::DisplayName, 246 + Attribute::OAuth2RsName, 247 + Attribute::OAuth2RsOrigin, 248 + Attribute::OAuth2RsOriginLanding, 249 + Attribute::OAuth2RsSupScopeMap, 250 + Attribute::OAuth2RsScopeMap, 251 + + Attribute::OAuth2RsBasicSecret, 252 + Attribute::OAuth2AllowInsecureClientDisablePkce, 253 + Attribute::OAuth2JwtLegacyCryptoEnable, 254 + Attribute::OAuth2PreferShortUsername, 255 + Attribute::OAuth2AllowLocalhostRedirect, 256 + Attribute::OAuth2RsClaimMap, 257 + Attribute::Image, 258 + ], 259 + create_classes: vec![ 260 + EntryClass::Object, 261 + EntryClass::OAuth2ResourceServer, 262 + @@ -840,36 +844,38 @@ lazy_static! { 263 + Attribute::Image, 264 + ], 265 + modify_present_attrs: vec![ 266 + Attribute::Description, 267 + Attribute::DisplayName, 268 + Attribute::Name, 269 + Attribute::OAuth2RsOrigin, 270 + Attribute::OAuth2RsOriginLanding, 271 + Attribute::OAuth2RsSupScopeMap, 272 + Attribute::OAuth2RsScopeMap, 273 + + Attribute::OAuth2RsBasicSecret, 274 + Attribute::OAuth2AllowInsecureClientDisablePkce, 275 + Attribute::OAuth2JwtLegacyCryptoEnable, 276 + Attribute::OAuth2PreferShortUsername, 277 + Attribute::OAuth2AllowLocalhostRedirect, 278 + Attribute::OAuth2RsClaimMap, 279 + Attribute::Image, 280 + ], 281 + create_attrs: vec![ 282 + Attribute::Class, 283 + Attribute::Description, 284 + Attribute::Name, 285 + Attribute::OAuth2RsName, 286 + Attribute::OAuth2RsOrigin, 287 + Attribute::OAuth2RsOriginLanding, 288 + Attribute::OAuth2RsSupScopeMap, 289 + Attribute::OAuth2RsScopeMap, 290 + + Attribute::OAuth2RsBasicSecret, 291 + Attribute::OAuth2AllowInsecureClientDisablePkce, 292 + Attribute::OAuth2JwtLegacyCryptoEnable, 293 + Attribute::OAuth2PreferShortUsername, 294 + Attribute::OAuth2AllowLocalhostRedirect, 295 + Attribute::OAuth2RsClaimMap, 296 + Attribute::Image, 297 + ], 298 + create_classes: vec![ 299 + EntryClass::Object, 300 + EntryClass::Account, 301 + -- 302 + 2.45.2 303 +

+173

pkgs/by-name/ka/kanidm/patches/1_3/recover-account.patch

··· 1 + From cc8269489b56755714f07eee4671f8aa2659c014 Mon Sep 17 00:00:00 2001 2 + From: oddlama <oddlama@oddlama.org> 3 + Date: Mon, 12 Aug 2024 23:17:42 +0200 4 + Subject: [PATCH 2/2] recover account 5 + 6 + --- 7 + server/core/src/actors/internal.rs | 3 ++- 8 + server/core/src/admin.rs | 6 +++--- 9 + server/daemon/src/main.rs | 14 +++++++++++++- 10 + server/daemon/src/opt.rs | 4 ++++ 11 + 4 files changed, 22 insertions(+), 5 deletions(-) 12 + 13 + diff --git a/server/core/src/actors/internal.rs b/server/core/src/actors/internal.rs 14 + index 40c18777f..40d553b40 100644 15 + --- a/server/core/src/actors/internal.rs 16 + +++ b/server/core/src/actors/internal.rs 17 + @@ -153,25 +153,26 @@ impl QueryServerWriteV1 { 18 + } 19 + 20 + #[instrument( 21 + level = "info", 22 + skip(self, eventid), 23 + fields(uuid = ?eventid) 24 + )] 25 + pub(crate) async fn handle_admin_recover_account( 26 + &self, 27 + name: String, 28 + + password: Option<String>, 29 + eventid: Uuid, 30 + ) -> Result<String, OperationError> { 31 + let ct = duration_from_epoch_now(); 32 + let mut idms_prox_write = self.idms.proxy_write(ct).await; 33 + - let pw = idms_prox_write.recover_account(name.as_str(), None)?; 34 + + let pw = idms_prox_write.recover_account(name.as_str(), password.as_deref())?; 35 + 36 + idms_prox_write.commit().map(|()| pw) 37 + } 38 + 39 + #[instrument( 40 + level = "info", 41 + skip_all, 42 + fields(uuid = ?eventid) 43 + )] 44 + pub(crate) async fn handle_domain_raise(&self, eventid: Uuid) -> Result<u32, OperationError> { 45 + diff --git a/server/core/src/admin.rs b/server/core/src/admin.rs 46 + index 90ccb1927..85e31ddef 100644 47 + --- a/server/core/src/admin.rs 48 + +++ b/server/core/src/admin.rs 49 + @@ -17,21 +17,21 @@ use tokio_util::codec::{Decoder, Encoder, Framed}; 50 + use tracing::{span, Instrument, Level}; 51 + use uuid::Uuid; 52 + 53 + pub use kanidm_proto::internal::{ 54 + DomainInfo as ProtoDomainInfo, DomainUpgradeCheckReport as ProtoDomainUpgradeCheckReport, 55 + DomainUpgradeCheckStatus as ProtoDomainUpgradeCheckStatus, 56 + }; 57 + 58 + #[derive(Serialize, Deserialize, Debug)] 59 + pub enum AdminTaskRequest { 60 + - RecoverAccount { name: String }, 61 + + RecoverAccount { name: String, password: Option<String> }, 62 + ShowReplicationCertificate, 63 + RenewReplicationCertificate, 64 + RefreshReplicationConsumer, 65 + DomainShow, 66 + DomainUpgradeCheck, 67 + DomainRaise, 68 + DomainRemigrate { level: Option<u32> }, 69 + } 70 + 71 + #[derive(Serialize, Deserialize, Debug)] 72 + @@ -302,22 +302,22 @@ async fn handle_client( 73 + let mut reqs = Framed::new(sock, ServerCodec); 74 + 75 + trace!("Waiting for requests ..."); 76 + while let Some(Ok(req)) = reqs.next().await { 77 + // Setup the logging span 78 + let eventid = Uuid::new_v4(); 79 + let nspan = span!(Level::INFO, "handle_admin_client_request", uuid = ?eventid); 80 + 81 + let resp = async { 82 + match req { 83 + - AdminTaskRequest::RecoverAccount { name } => { 84 + - match server_rw.handle_admin_recover_account(name, eventid).await { 85 + + AdminTaskRequest::RecoverAccount { name, password } => { 86 + + match server_rw.handle_admin_recover_account(name, password, eventid).await { 87 + Ok(password) => AdminTaskResponse::RecoverAccount { password }, 88 + Err(e) => { 89 + error!(err = ?e, "error during recover-account"); 90 + AdminTaskResponse::Error 91 + } 92 + } 93 + } 94 + AdminTaskRequest::ShowReplicationCertificate => match repl_ctrl_tx.as_mut() { 95 + Some(ctrl_tx) => show_replication_certificate(ctrl_tx).await, 96 + None => { 97 + diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs 98 + index 577995615..a967928c9 100644 99 + --- a/server/daemon/src/main.rs 100 + +++ b/server/daemon/src/main.rs 101 + @@ -894,27 +894,39 @@ async fn kanidm_main( 102 + } else { 103 + let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into(); 104 + submit_admin_req( 105 + config.adminbindpath.as_str(), 106 + AdminTaskRequest::RefreshReplicationConsumer, 107 + output_mode, 108 + ) 109 + .await; 110 + } 111 + } 112 + - KanidmdOpt::RecoverAccount { name, commonopts } => { 113 + + KanidmdOpt::RecoverAccount { name, from_environment, commonopts } => { 114 + info!("Running account recovery ..."); 115 + let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into(); 116 + + let password = if *from_environment { 117 + + match std::env::var("KANIDM_RECOVER_ACCOUNT_PASSWORD") { 118 + + Ok(val) => Some(val), 119 + + _ => { 120 + + error!("Environment variable KANIDM_RECOVER_ACCOUNT_PASSWORD not set"); 121 + + return ExitCode::FAILURE; 122 + + } 123 + + } 124 + + } else { 125 + + None 126 + + }; 127 + submit_admin_req( 128 + config.adminbindpath.as_str(), 129 + AdminTaskRequest::RecoverAccount { 130 + name: name.to_owned(), 131 + + password, 132 + }, 133 + output_mode, 134 + ) 135 + .await; 136 + } 137 + KanidmdOpt::Database { 138 + commands: DbCommands::Reindex(_copt), 139 + } => { 140 + info!("Running in reindex mode ..."); 141 + reindex_server_core(&config).await; 142 + diff --git a/server/daemon/src/opt.rs b/server/daemon/src/opt.rs 143 + index f1b45a5b3..9c013e32e 100644 144 + --- a/server/daemon/src/opt.rs 145 + +++ b/server/daemon/src/opt.rs 146 + @@ -229,20 +229,24 @@ enum KanidmdOpt { 147 + /// Create a self-signed ca and tls certificate in the locations listed from the 148 + /// configuration. These certificates should *not* be used in production, they 149 + /// are for testing and evaluation only! 150 + CertGenerate(CommonOpt), 151 + #[clap(name = "recover-account")] 152 + /// Recover an account's password 153 + RecoverAccount { 154 + #[clap(value_parser)] 155 + /// The account name to recover credentials for. 156 + name: String, 157 + + /// Use the password given in the environment variable 158 + + /// `KANIDM_RECOVER_ACCOUNT_PASSWORD` instead of generating one. 159 + + #[clap(long = "from-environment")] 160 + + from_environment: bool, 161 + #[clap(flatten)] 162 + commonopts: CommonOpt, 163 + }, 164 + /// Display this server's replication certificate 165 + ShowReplicationCertificate { 166 + #[clap(flatten)] 167 + commonopts: CommonOpt, 168 + }, 169 + /// Renew this server's replication certificate 170 + RenewReplicationCertificate { 171 + -- 172 + 2.45.2 173 +

pkgs/by-name/ka/kanidm/patches/oauth2-basic-secret-modify.patch pkgs/by-name/ka/kanidm/patches/1_4/oauth2-basic-secret-modify.patch

pkgs/by-name/ka/kanidm/patches/recover-account.patch pkgs/by-name/ka/kanidm/patches/1_4/recover-account.patch

+4

pkgs/by-name/li/libmpd/package.nix

··· 35 35 cp -r doc/html $devdoc/share/devhelp/libmpd/doxygen 36 36 ''; 37 37 38 + # Fix GCC 14 build 39 + # https://hydra.nixos.org/build/281958201/nixlog/3 40 + env.NIX_CFLAGS_COMPILE = "-Wno-error=int-conversion"; 41 + 38 42 meta = with lib; { 39 43 description = "Higher level access to MPD functions"; 40 44 homepage = "https://www.musicpd.org/download/libmpd/";

+18 -6

pkgs/by-name/lv/lv/package.nix

··· 1 1 { 2 2 lib, 3 3 stdenv, 4 - fetchurl, 4 + fetchFromGitHub, 5 5 ncurses, 6 + unstableGitUpdater, 7 + autoreconfHook, 6 8 }: 7 9 8 10 stdenv.mkDerivation rec { 9 11 pname = "lv"; 10 - version = "4.51"; 12 + version = "4.51-unstable-2020-08-03"; 11 13 12 - src = fetchurl { 13 - url = "mirror://debian/pool/main/l/${pname}/${pname}_${version}.orig.tar.gz"; 14 - sha256 = "0yf3idz1qspyff1if41xjpqqcaqa8q8icslqlnz0p9dj36gmm5l3"; 14 + src = fetchFromGitHub { 15 + owner = "ttdoda"; 16 + repo = "lv"; 17 + rev = "1fb214d4136334a1f6cd932b99f85c74609e1f23"; 18 + hash = "sha256-mUFiWzTTM6nAKQgXA0sYIUm1MwN7HBHD8LWBgzu3ZUk="; 15 19 }; 16 20 17 21 makeFlags = [ "prefix=${placeholder "out"}" ]; 18 22 23 + nativeBuildInputs = [ autoreconfHook ]; 19 24 buildInputs = [ ncurses ]; 25 + 26 + preAutoreconf = "cd src"; 27 + postAutoreconf = "cd .."; 20 28 21 29 configurePhase = '' 22 30 mkdir -p build ··· 28 36 mkdir -p $out/bin 29 37 ''; 30 38 39 + passthru.updateScript = unstableGitUpdater { 40 + tagPrefix = "v"; 41 + }; 42 + 31 43 meta = with lib; { 32 44 description = "Powerful multi-lingual file viewer / grep"; 33 - homepage = "https://web.archive.org/web/20160310122517/www.ff.iij4u.or.jp/~nrt/lv/"; 45 + homepage = "https://github.com/ttdoda/lv"; 34 46 license = licenses.gpl2Plus; 35 47 platforms = with platforms; linux ++ darwin; 36 48 maintainers = with maintainers; [ kayhide ];

+2 -1

pkgs/by-name/me/mesa-demos/package.nix

··· 7 7 libGLU, 8 8 libX11, 9 9 libXext, 10 + libgbm, 10 11 mesa, 11 12 meson, 12 13 ninja, ··· 47 48 libXext 48 49 libGL 49 50 libGLU 50 - mesa 51 + libgbm 51 52 wayland 52 53 wayland-protocols 53 54 vulkan-loader

+2 -2

pkgs/by-name/mi/microsoft-gsl/package.nix

··· 25 25 ]; 26 26 buildInputs = [ gtest ]; 27 27 28 - # error: unsafe buffer access 29 - env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-unsafe-buffer-usage"; 28 + # negate the `-Werror` flag as Microsoft doesn't build with clang 29 + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-error"; 30 30 31 31 patches = [ 32 32 # nvcc doesn't recognize the "gsl" attribute namespace (microsoft/onnxruntime#13573)

+3 -3

pkgs/by-name/mi/mint-l-icons/package.nix

··· 10 10 11 11 stdenvNoCC.mkDerivation rec { 12 12 pname = "mint-l-icons"; 13 - version = "1.7.3"; 13 + version = "1.7.4"; 14 14 15 15 src = fetchFromGitHub { 16 16 owner = "linuxmint"; 17 17 repo = pname; 18 18 # They don't really do tags, this is just a named commit. 19 - rev = "f1900facf915715623ef0ca2874ae4dd04039e81"; 20 - hash = "sha256-UpVuhzZdw0Ri6X20N/yGFMmwEymMvLr78DwYaHD+CNY="; 19 + rev = "b442277c822c92f7bb68282cb82c7d1a98e3fd37"; 20 + hash = "sha256-vPDEribE/CZwoAK1C9fjbWQEO/NWMWCKCUO/Xw/SxZ0="; 21 21 }; 22 22 23 23 propagatedBuildInputs = [

+2 -2

pkgs/by-name/mi/mint-themes/package.nix

··· 8 8 9 9 stdenvNoCC.mkDerivation rec { 10 10 pname = "mint-themes"; 11 - version = "2.2.1"; 11 + version = "2.2.2"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "linuxmint"; 15 15 repo = pname; 16 16 rev = version; 17 - hash = "sha256-vKIAIaMW1iY85/IeoYeXT1Po+3o+Q6D6RcoA0kpjJoI="; 17 + hash = "sha256-97H2gVSZh0azl2ui4iWsNqgKzkBXRo6Daza2XtRdqII="; 18 18 }; 19 19 20 20 nativeBuildInputs = [

+2 -2

pkgs/by-name/mu/muffin/package.nix

··· 24 24 libXdamage, 25 25 libxkbcommon, 26 26 libXtst, 27 - libgbm, 27 + mesa, 28 28 meson, 29 29 ninja, 30 30 pipewire, ··· 66 66 67 67 nativeBuildInputs = [ 68 68 desktop-file-utils 69 - libgbm 70 69 meson 71 70 ninja 72 71 pkg-config ··· 106 105 json-glib 107 106 libXtst 108 107 graphene 108 + mesa # actually uses eglmesaext 109 109 ]; 110 110 111 111 mesonFlags = [

+2 -2

pkgs/by-name/op/openmpi/package.nix

··· 85 85 zlib 86 86 libevent 87 87 hwloc 88 + prrte 88 89 ] 89 90 ++ lib.optionals stdenv.hostPlatform.isLinux [ 90 91 libnl ··· 92 93 pmix 93 94 ucx 94 95 ucc 95 - prrte 96 96 ] 97 97 ++ lib.optionals cudaSupport [ cudaPackages.cuda_cudart ] 98 98 ++ lib.optionals (stdenv.hostPlatform.isLinux || stdenv.hostPlatform.isFreeBSD) [ rdma-core ] ··· 119 119 "--with-pmix=${lib.getDev pmix}" 120 120 "--with-pmix-libdir=${lib.getLib pmix}/lib" 121 121 # Puts a "default OMPI_PRTERUN" value to mpirun / mpiexec executables 122 - (lib.withFeatureAs stdenv.hostPlatform.isLinux "prrte" (lib.getBin prrte)) 122 + (lib.withFeatureAs true "prrte" (lib.getBin prrte)) 123 123 (lib.withFeature enableSGE "sge") 124 124 (lib.enableFeature enablePrefix "mpirun-prefix-by-default") 125 125 # TODO: add UCX support, which is recommended to use with cuda for the most robust OpenMPI build

+1 -1

pkgs/by-name/pr/prrte/package.nix

··· 75 75 homepage = "https://docs.prrte.org/"; 76 76 license = lib.licenses.bsd3; 77 77 maintainers = with lib.maintainers; [ markuskowa ]; 78 - platforms = lib.platforms.linux; 78 + platforms = lib.platforms.unix; 79 79 }; 80 80 }

+2 -2

pkgs/by-name/ro/rocksdb/package.nix

··· 20 20 21 21 stdenv.mkDerivation (finalAttrs: { 22 22 pname = "rocksdb"; 23 - version = "9.7.4"; 23 + version = "9.8.4"; 24 24 25 25 src = fetchFromGitHub { 26 26 owner = "facebook"; 27 27 repo = "rocksdb"; 28 28 rev = "v${finalAttrs.version}"; 29 - hash = "sha256-u5uuShM2SxHc9/zL4UU56IhCcR/ZQbzde0LgOYS44bM="; 29 + hash = "sha256-A6Gx4FqoGlxITUUz9k6tkDjUcLtMUBK9JS8vuAS96H0="; 30 30 }; 31 31 32 32 patches = lib.optional (

+2 -2

pkgs/by-name/si/signal-desktop/signal-desktop-aarch64.nix

··· 2 2 callPackage ./generic.nix { } rec { 3 3 pname = "signal-desktop"; 4 4 dir = "Signal"; 5 - version = "7.34.0"; 5 + version = "7.36.0"; 6 6 url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/${version}/builds/release/signal-desktop_${version}_arm64.deb"; 7 - hash = "sha256-feNjNhKGIJsV6LH2mKAXd7TEnmvcKXheXmqJZEBqXvE="; 7 + hash = "sha256-nmAqFDw35pdZg5tiq9MUlqXnbRLRkSOX9SWhccnE2Xw="; 8 8 }

+2 -2

pkgs/by-name/si/signal-desktop/signal-desktop-darwin.nix

··· 6 6 }: 7 7 stdenv.mkDerivation (finalAttrs: { 8 8 pname = "signal-desktop"; 9 - version = "7.35.0"; 9 + version = "7.36.0"; 10 10 11 11 src = fetchurl { 12 12 url = "https://updates.signal.org/desktop/signal-desktop-mac-universal-${finalAttrs.version}.dmg"; 13 - hash = "sha256-+ZzZp3/koitwtHyUmcgltcYo91KfDfQzOjnOzTJJu6c="; 13 + hash = "sha256-hHgobx4q+nWtsq6uplVWY5ie0qu5ZoeFxYZNflza/CM="; 14 14 }; 15 15 sourceRoot = "."; 16 16

+2 -2

pkgs/by-name/si/signal-desktop/signal-desktop.nix

··· 2 2 callPackage ./generic.nix { } rec { 3 3 pname = "signal-desktop"; 4 4 dir = "Signal"; 5 - version = "7.35.0"; 5 + version = "7.36.0"; 6 6 url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_${version}_amd64.deb"; 7 - hash = "sha256-cQ7bwgRjlI2idnHtl7EZyBfjcPz52s8+E7UpLxn4FEg="; 7 + hash = "sha256-5p9Vnxj53jOZbEirWamwv4Fkm/fMLeLfV93GDrV8XuA="; 8 8 }

+2 -2

pkgs/by-name/si/simple-live-app/package.nix

··· 26 26 libpulseaudio, 27 27 libcaca, 28 28 libdrm, 29 - mesa, 29 + libgbm, 30 30 libXScrnSaver, 31 31 nv-codec-headers-11, 32 32 libXpresent, ··· 96 96 libpulseaudio 97 97 libcaca 98 98 libdrm 99 - mesa 99 + libgbm 100 100 libXScrnSaver 101 101 libXpresent 102 102 nv-codec-headers-11

+3 -3

pkgs/by-name/sy/syft/package.nix

··· 7 7 8 8 buildGoModule rec { 9 9 pname = "syft"; 10 - version = "1.18.0"; 10 + version = "1.18.1"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "anchore"; 14 14 repo = "syft"; 15 15 rev = "refs/tags/v${version}"; 16 - hash = "sha256-cxBZs4H557Sc1k3jftbxjv1DcPM9GZb/2QGtuuA/D2I="; 16 + hash = "sha256-ot4qdCxF9Kg657IFzUIxGsmRCDag1a4Ipq1qj2RPW0E="; 17 17 # populate values that require us to use git. By doing this in postFetch we 18 18 # can delete .git afterwards and maintain better reproducibility of the src. 19 19 leaveDotGit = true; ··· 28 28 # hash mismatch with darwin 29 29 proxyVendor = true; 30 30 31 - vendorHash = "sha256-hilxZidIIwrqd6motWDlicCPepU4gyZvqk/Fzry98UE="; 31 + vendorHash = "sha256-3GvOWu+h1d5qUxUd7yxE/YReeuXteVV/4ZrnMgGRZi0="; 32 32 33 33 nativeBuildInputs = [ installShellFiles ]; 34 34

+17 -9

pkgs/by-name/ti/tiledb/package.nix

··· 48 48 ./FindMagic_EP.cmake.patch 49 49 ]; 50 50 51 - postPatch = '' 52 - # copy pre-fetched external project to directory where it is expected to be 53 - mkdir -p build/externals/src 54 - cp -a ${ep-file-windows} build/externals/src/ep_magic 55 - chmod -R u+w build/externals/src/ep_magic 51 + postPatch = 52 + '' 53 + # copy pre-fetched external project to directory where it is expected to be 54 + mkdir -p build/externals/src 55 + cp -a ${ep-file-windows} build/externals/src/ep_magic 56 + chmod -R u+w build/externals/src/ep_magic 56 57 57 - # add openssl on path 58 - sed -i '49i list(APPEND OPENSSL_PATHS "${openssl.dev}" "${openssl.out}")' \ 59 - cmake/Modules/FindOpenSSL_EP.cmake 60 - ''; 58 + # add openssl on path 59 + sed -i '49i list(APPEND OPENSSL_PATHS "${openssl.dev}" "${openssl.out}")' \ 60 + cmake/Modules/FindOpenSSL_EP.cmake 61 + '' 62 + # libcxx (as of llvm-19) does not yet support `stop_token` and `jthread` 63 + # without the -fexperimental-library flag. Tiledb adds its own 64 + # implementations in the std namespace which conflict with libcxx. This 65 + # test can be re-enabled once libcxx supports stop_token and jthread. 66 + + lib.optionalString (stdenv.cc.libcxx != null) '' 67 + truncate -s0 tiledb/stdx/test/CMakeLists.txt 68 + ''; 61 69 62 70 # upstream will hopefully fix this in some newer release 63 71 env.CXXFLAGS = "-include random";

+7

pkgs/by-name/xp/xplayer/package.nix

··· 86 86 patchPythonScript $out/lib/xplayer/plugins/dbus/dbusservice.py 87 87 ''; 88 88 89 + env = lib.optionalAttrs stdenv.cc.isGNU { 90 + NIX_CFLAGS_COMPILE = toString [ 91 + "-Wno-error=incompatible-pointer-types" 92 + "-Wno-error=return-mismatch" 93 + ]; 94 + }; 95 + 89 96 meta = with lib; { 90 97 description = "Generic media player from Linux Mint"; 91 98 license = with licenses; [

+1 -51

pkgs/by-name/ze/zenoh/package.nix

··· 31 31 "zenoh-ext-examples" 32 32 ]; 33 33 34 - checkFlags = [ 35 - # thread 'test_liveliness_query_clique' panicked at zenoh/tests/liveliness.rs:103:43: 36 - # called `Result::unwrap()` on an `Err` value: Can not create a new TCP listener bound to tcp/localhost:47448... 37 - "--skip test_liveliness_query_clique" 38 - # thread 'test_liveliness_subscriber_double_client_history_middle' panicked at zenoh/tests/liveliness.rs:845:43: 39 - # called `Result::unwrap()` on an `Err` value: Can not create a new TCP listener bound to tcp/localhost:47456... 40 - "--skip test_liveliness_subscriber_double_client_history_middle" 41 - # thread 'zenoh_matching_status_remote' panicked at zenoh/tests/matching.rs:155:5: 42 - # assertion failed: received_status.ok().flatten().map(|s| 43 - # s.matching_subscribers()).eq(&Some(true)) 44 - "--skip zenoh_matching_status_remote" 45 - # thread 'qos_pubsub' panicked at zenoh/tests/qos.rs:50:18: 46 - # called `Result::unwrap()` on an `Err` value: Elapsed(()) 47 - "--skip qos_pubsub" 48 - # never ending tests 49 - "--skip router_linkstate" 50 - "--skip three_node_combination" 51 - "--skip three_node_combination_multicast" 52 - # Error: Timeout at zenoh/tests/routing.rs:453. 53 - "--skip gossip" 54 - # thread 'zenoh_session_multicast' panicked at zenoh/tests/session.rs:85:49: 55 - # called `Result::unwrap()` on an `Err` value: Can not create a new UDP link bound to udp/224.0.0.1:17448... 56 - "--skip zenoh_session_multicast" 57 - # thread 'tests::transport_multicast_compression_udp_only' panicked at io/zenoh-transport/tests/multicast_compression.rs:170:86: 58 - # called `Result::unwrap()` on an `Err` value: Can not create a new UDP link bound to udp/224.24.220.245:21000... 59 - "--skip tests::transport_multicast_compression_udp_only" 60 - # thread 'tests::transport_multicast_udp_only' panicked at io/zenoh-transport/tests/multicast_transport.rs:167:86: 61 - # called `Result::unwrap()` on an `Err` value: Can not create a new UDP link bound to udp/224.52.216.110:20000... 62 - "--skip tests::transport_multicast_udp_only" 63 - # thread 'openclose_tcp_only_connect_with_interface_restriction' panicked at io/zenoh-transport/tests/unicast_openclose.rs:764:63: 64 - # index out of bounds: the len is 0 but the index is 0 65 - "--skip openclose_tcp_only_connect_with_interface_restriction" 66 - # thread 'openclose_udp_only_listen_with_interface_restriction' panicked at io/zenoh-transport/tests/unicast_openclose.rs:820:72: 67 - # index out of bounds: the len is 0 but the index is 0 68 - "--skip openclose_tcp_only_listen_with_interface_restriction" 69 - # thread 'openclose_tcp_only_listen_with_interface_restriction' panicked at io/zenoh-transport/tests/unicast_openclose.rs:783:72: 70 - # index out of bounds: the len is 0 but the index is 0 71 - "--skip openclose_udp_only_connect_with_interface_restriction" 72 - # thread 'openclose_udp_only_connect_with_interface_restriction' panicked at io/zenoh-transport/tests/unicast_openclose.rs:802:63: 73 - # index out of bounds: the len is 0 but the index is 0 74 - "--skip openclose_udp_only_listen_with_interface_restriction" 75 - 76 - # These tests require a network interface and fail in the sandbox 77 - "--skip openclose_quic_only_listen_with_interface_restriction" 78 - "--skip openclose_quic_only_connect_with_interface_restriction" 79 - "--skip openclose_tls_only_connect_with_interface_restriction" 80 - "--skip openclose_tls_only_listen_with_interface_restriction" 81 - 82 - # This test fails on Hydra 83 - "--skip authenticator_quic" 84 - ]; 34 + doCheck = false; 85 35 86 36 passthru.tests.version = testers.testVersion { 87 37 package = zenoh;

+8 -2

pkgs/desktops/xfce/applications/xfce4-screensaver/default.nix

··· 16 16 python3, 17 17 systemd, 18 18 xfconf, 19 + xfdesktop, 19 20 lib, 20 21 }: 21 22 ··· 26 27 mkXfceDerivation { 27 28 category = "apps"; 28 29 pname = "xfce4-screensaver"; 29 - version = "4.18.3"; 30 + version = "4.18.4"; 30 31 31 - sha256 = "sha256-hOhWJoiKoeRgkhXaR8rnDpcJpStMD4BBdll4nwSA+EQ="; 32 + sha256 = "sha256-vkxkryi7JQg1L/JdWnO9qmW6Zx6xP5Urq4kXMe7Iiyc="; 32 33 33 34 nativeBuildInputs = [ 34 35 gobject-introspection ··· 55 56 configureFlags = [ "--without-console-kit" ]; 56 57 57 58 makeFlags = [ "DBUS_SESSION_SERVICE_DIR=$(out)/etc" ]; 59 + 60 + preFixup = '' 61 + # For default wallpaper. 62 + gappsWrapperArgs+=(--prefix XDG_DATA_DIRS : "${xfdesktop}/share") 63 + ''; 58 64 59 65 meta = with lib; { 60 66 description = "Screensaver for Xfce";

+3

pkgs/development/libraries/clutter-gst/default.nix

··· 11 11 gnome, 12 12 gdk-pixbuf, 13 13 gobject-introspection, 14 + gst_all_1, 14 15 }: 15 16 16 17 stdenv.mkDerivation rec { ··· 49 50 glib 50 51 cogl 51 52 gdk-pixbuf 53 + gst_all_1.gstreamer 54 + gst_all_1.gst-plugins-base 52 55 ]; 53 56 54 57 postBuild = "rm -rf $out/share/gtk-doc";

+2 -2

pkgs/development/python-modules/hahomematic/default.nix

··· 16 16 17 17 buildPythonPackage rec { 18 18 pname = "hahomematic"; 19 - version = "2024.12.0"; 19 + version = "2024.12.5"; 20 20 pyproject = true; 21 21 22 22 disabled = pythonOlder "3.12"; ··· 25 25 owner = "danielperna84"; 26 26 repo = "hahomematic"; 27 27 rev = "refs/tags/${version}"; 28 - hash = "sha256-RLgJiapsRM8dMA4+T2S6DkSFjo+YBmVVpo1mOVKJ7EI="; 28 + hash = "sha256-jC9IXkl80pspqc9m0U6mspp5QSGG6u9Y6ANMK8WAG5s="; 29 29 }; 30 30 31 31 __darwinAllowLocalNetworking = true;

+6 -3

pkgs/development/python-modules/mlx/default.nix

··· 28 28 in 29 29 buildPythonPackage rec { 30 30 pname = "mlx"; 31 - version = "0.18.0"; 31 + version = "0.21.1"; 32 32 33 33 src = fetchFromGitHub { 34 34 owner = "ml-explore"; 35 35 repo = "mlx"; 36 36 rev = "refs/tags/v${version}"; 37 - hash = "sha256-eFKjCrutqrmhZKzRrLq5nYl0ieqLvoXpbnTxA1NEhWo="; 37 + hash = "sha256-wxv9bA9e8VyFv/FMh63sUTTNgkXHGQJNQhLuVynczZA="; 38 38 }; 39 39 40 40 pyproject = true; ··· 83 83 changelog = "https://github.com/ml-explore/mlx/releases/tag/v${version}"; 84 84 license = licenses.mit; 85 85 platforms = [ "aarch64-darwin" ]; 86 - maintainers = with maintainers; [ viraptor ]; 86 + maintainers = with maintainers; [ 87 + viraptor 88 + Gabriella439 89 + ]; 87 90 }; 88 91 }

+4 -4

pkgs/development/python-modules/nanobind/default.nix

··· 27 27 }: 28 28 buildPythonPackage rec { 29 29 pname = "nanobind"; 30 - version = "2.2.0"; 30 + version = "2.4.0"; 31 31 pyproject = true; 32 32 33 33 src = fetchFromGitHub { 34 34 owner = "wjakob"; 35 35 repo = "nanobind"; 36 - rev = "refs/tags/v${version}"; 37 - hash = "sha256-HtZfpMVz/7VMVrFg48IkitK6P3tA+swOeaLLiKguXXk="; 36 + tag = "v${version}"; 37 + hash = "sha256-9OpDsjFEeJGtbti4Q9HHl78XaGf8M3lG4ukvHCMzyMU="; 38 38 fetchSubmodules = true; 39 39 }; 40 40 ··· 85 85 86 86 meta = { 87 87 homepage = "https://github.com/wjakob/nanobind"; 88 - changelog = "https://github.com/wjakob/nanobind/blob/${src.rev}/docs/changelog.rst"; 88 + changelog = "https://github.com/wjakob/nanobind/blob/${src.tag}/docs/changelog.rst"; 89 89 description = "Tiny and efficient C++/Python bindings"; 90 90 longDescription = '' 91 91 nanobind is a small binding library that exposes C++ types in Python and

+2 -2

pkgs/servers/home-assistant/custom-components/homematicip_local/package.nix

··· 9 9 buildHomeAssistantComponent rec { 10 10 owner = "danielperna84"; 11 11 domain = "homematicip_local"; 12 - version = "1.73.0"; 12 + version = "1.75.0"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "danielperna84"; 16 16 repo = "custom_homematic"; 17 17 rev = "refs/tags/${version}"; 18 - hash = "sha256-1ssmaX6G03i9KYgjCRMZqOG2apEZ0069fQnmVy2BVhA="; 18 + hash = "sha256-H5Gf09C9/s2JYVTjgiYNe28mV18mqTiJ0ZDR6rnuojo="; 19 19 }; 20 20 21 21 postPatch = ''

+2 -2

pkgs/servers/web-apps/freshrss/default.nix

··· 8 8 9 9 stdenvNoCC.mkDerivation rec { 10 10 pname = "FreshRSS"; 11 - version = "1.24.3"; 11 + version = "1.25.0"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "FreshRSS"; 15 15 repo = "FreshRSS"; 16 16 rev = version; 17 - hash = "sha256-JgniYjw+Fk5EaXrXVjelBYBP1JOZarAF07iToiwnkdY="; 17 + hash = "sha256-jBIU8xxXsl/67sebo8MS59Q0dWBTe0tO+xpVf1/uo0c="; 18 18 }; 19 19 20 20 postPatch = ''

+1 -1

pkgs/servers/x11/xorg/generate-expr-from-tarballs.pl

··· 34 34 $pcMap{"libudev"} = "udev"; 35 35 $pcMap{"gl"} = "libGL"; 36 36 $pcMap{"GL"} = "libGL"; 37 - $pcMap{"gbm"} = "mesa"; 37 + $pcMap{"gbm"} = "libgbm"; 38 38 $pcMap{"hwdata"} = "hwdata"; 39 39 $pcMap{"\$PIXMAN"} = "pixman"; 40 40 $pcMap{"\$RENDERPROTO"} = "xorgproto";