commit 0e5b6eaeea58f7bcf129845f377b449bbd05538b · pyrox.dev/nixpkgs

+13

flake.nix

··· 57 57 58 58 nixosModules = { 59 59 notDetected = ./nixos/modules/installer/scan/not-detected.nix; 60 + 61 + /* 62 + Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs` 63 + is the way you initialize it. 64 + 65 + Example: 66 + 67 + { 68 + imports = [ nixpkgs.nixosModules.readOnlyPkgs ]; 69 + nixpkgs.pkgs = nixpkgs.legacyPackages.x86_64-linux; 70 + } 71 + */ 72 + readOnlyPkgs = ./nixos/modules/misc/nixpkgs/read-only.nix; 60 73 }; 61 74 }; 62 75 }

+8

lib/types.nix

··· 476 476 check = x: isDerivation x && hasAttr "shellPath" x; 477 477 }; 478 478 479 + pkgs = addCheck 480 + (unique { message = "A Nixpkgs pkgs set can not be merged with another pkgs set."; } attrs // { 481 + name = "pkgs"; 482 + descriptionClass = "noun"; 483 + description = "Nixpkgs package set"; 484 + }) 485 + (x: (x._type or null) == "pkgs"); 486 + 479 487 path = mkOptionType { 480 488 name = "path"; 481 489 descriptionClass = "noun";

+6

maintainers/maintainer-list.nix

··· 15950 15950 githubId = 8577941; 15951 15951 name = "Kevin Rauscher"; 15952 15952 }; 15953 + tomaskala = { 15954 + email = "public+nixpkgs@tomaskala.com"; 15955 + github = "tomaskala"; 15956 + githubId = 7727887; 15957 + name = "Tomas Kala"; 15958 + }; 15953 15959 tomberek = { 15954 15960 email = "tomberek@gmail.com"; 15955 15961 matrix = "@tomberek:matrix.org";

+51 -48

maintainers/scripts/copy-tarballs.pl

··· 162 162 # Check every fetchurl call discovered by find-tarballs.nix. 163 163 my $mirrored = 0; 164 164 my $have = 0; 165 - foreach my $fetch (sort { $a->{url} cmp $b->{url} } @{$fetches}) { 166 - my $url = $fetch->{url}; 165 + foreach my $fetch (sort { $a->{urls}->[0] cmp $b->{urls}->[0] } @{$fetches}) { 166 + my $urls = $fetch->{urls}; 167 167 my $algo = $fetch->{type}; 168 168 my $hash = $fetch->{hash}; 169 169 my $name = $fetch->{name}; 170 170 my $isPatch = $fetch->{isPatch}; 171 + 172 + if ($isPatch) { 173 + print STDERR "skipping $urls->[0] (support for patches is missing)\n"; 174 + next; 175 + } 171 176 172 177 if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) { 173 178 $algo = $1; ··· 183 188 chomp $hash; 184 189 } 185 190 186 - if (defined $ENV{DEBUG}) { 187 - print "$url $algo $hash\n"; 188 - next; 189 - } 191 + my $storePath = makeFixedOutputPath(0, $algo, $hash, $name); 190 192 191 - if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) { 192 - print STDERR "skipping $url (unsupported scheme)\n"; 193 - next; 194 - } 193 + for my $url (@$urls) { 194 + if (defined $ENV{DEBUG}) { 195 + print "$url $algo $hash\n"; 196 + next; 197 + } 195 198 196 - if ($isPatch) { 197 - print STDERR "skipping $url (support for patches is missing)\n"; 198 - next; 199 - } 199 + if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) { 200 + print STDERR "skipping $url (unsupported scheme)\n"; 201 + next; 202 + } 200 203 201 - next if defined $exclude && $url =~ /$exclude/; 204 + next if defined $exclude && $url =~ /$exclude/; 202 205 203 - if (alreadyMirrored($algo, $hash)) { 204 - $have++; 205 - next; 206 - } 206 + if (alreadyMirrored($algo, $hash)) { 207 + $have++; 208 + last; 209 + } 207 210 208 - my $storePath = makeFixedOutputPath(0, $algo, $hash, $name); 211 + print STDERR "mirroring $url ($storePath, $algo, $hash)...\n"; 209 212 210 - print STDERR "mirroring $url ($storePath, $algo, $hash)...\n"; 213 + if ($dryRun) { 214 + $mirrored++; 215 + last; 216 + } 211 217 212 - if ($dryRun) { 213 - $mirrored++; 214 - next; 215 - } 218 + # Substitute the output. 219 + if (!isValidPath($storePath)) { 220 + system("nix-store", "-r", $storePath); 221 + } 216 222 217 - # Substitute the output. 218 - if (!isValidPath($storePath)) { 219 - system("nix-store", "-r", $storePath); 220 - } 223 + # Otherwise download the file using nix-prefetch-url. 224 + if (!isValidPath($storePath)) { 225 + $ENV{QUIET} = 1; 226 + $ENV{PRINT_PATH} = 1; 227 + my $fh; 228 + my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die; 229 + waitpid($pid, 0) or die; 230 + if ($? != 0) { 231 + print STDERR "failed to fetch $url: $?\n"; 232 + next; 233 + } 234 + <$fh>; my $storePath2 = <$fh>; chomp $storePath2; 235 + if ($storePath ne $storePath2) { 236 + warn "strange: $storePath != $storePath2\n"; 237 + next; 238 + } 239 + } 221 240 222 - # Otherwise download the file using nix-prefetch-url. 223 - if (!isValidPath($storePath)) { 224 - $ENV{QUIET} = 1; 225 - $ENV{PRINT_PATH} = 1; 226 - my $fh; 227 - my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die; 228 - waitpid($pid, 0) or die; 229 - if ($? != 0) { 230 - print STDERR "failed to fetch $url: $?\n"; 231 - next; 232 - } 233 - <$fh>; my $storePath2 = <$fh>; chomp $storePath2; 234 - if ($storePath ne $storePath2) { 235 - warn "strange: $storePath != $storePath2\n"; 236 - next; 237 - } 241 + uploadFile($storePath, $url); 242 + $mirrored++; 243 + last; 238 244 } 239 - 240 - uploadFile($storePath, $url); 241 - $mirrored++; 242 245 } 243 246 244 247 print STDERR "mirrored $mirrored files, already have $have files\n";

+4 -4

maintainers/scripts/find-tarballs.nix

··· 9 9 10 10 root = expr; 11 11 12 - uniqueUrls = map (x: x.file) (genericClosure { 13 - startSet = map (file: { key = file.url; inherit file; }) urls; 12 + uniqueFiles = map (x: x.file) (genericClosure { 13 + startSet = map (file: { key = with file; (if type == null then "" else type + "+") + hash; inherit file; }) files; 14 14 operator = const [ ]; 15 15 }); 16 16 17 - urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies; 17 + files = map (drv: { urls = drv.urls or [ drv.url ]; hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies; 18 18 19 19 fetchurlDependencies = 20 20 filter ··· 47 47 48 48 canEval = val: (builtins.tryEval val).success; 49 49 50 - in uniqueUrls 50 + in uniqueFiles

+4

nixos/doc/manual/development/option-types.section.md

··· 99 99 problems. 100 100 ::: 101 101 102 + `types.pkgs` 103 + 104 + : A type for the top level Nixpkgs package set. 105 + 102 106 ### Numeric types {#sec-option-types-numeric} 103 107 104 108 `types.int`

+15 -9

nixos/lib/eval-config.nix

··· 38 38 in 39 39 40 40 let 41 + inherit (lib) optional; 42 + 41 43 evalModulesMinimal = (import ./default.nix { 42 44 inherit lib; 43 45 # Implicit use of feature is noted in implementation. ··· 47 49 pkgsModule = rec { 48 50 _file = ./eval-config.nix; 49 51 key = _file; 50 - config = { 51 - # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override 52 - # this. Since the latter defaults to the former, the former should 53 - # default to the argument. That way this new default could propagate all 54 - # they way through, but has the last priority behind everything else. 55 - nixpkgs.system = lib.mkIf (system != null) (lib.mkDefault system); 56 - 57 - _module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_); 58 - }; 52 + config = lib.mkMerge ( 53 + (optional (system != null) { 54 + # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override 55 + # this. Since the latter defaults to the former, the former should 56 + # default to the argument. That way this new default could propagate all 57 + # they way through, but has the last priority behind everything else. 58 + nixpkgs.system = lib.mkDefault system; 59 + }) 60 + ++ 61 + (optional (pkgs_ != null) { 62 + _module.args.pkgs = lib.mkForce pkgs_; 63 + }) 64 + ); 59 65 }; 60 66 61 67 withWarnings = x:

+51 -6

nixos/lib/testing/nodes.nix

··· 1 1 testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: 2 2 3 3 let 4 - inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc; 5 - 6 - system = hostPkgs.stdenv.hostPlatform.system; 4 + inherit (lib) 5 + literalExpression 6 + literalMD 7 + mapAttrs 8 + mdDoc 9 + mkDefault 10 + mkIf 11 + mkOption mkForce 12 + optional 13 + optionalAttrs 14 + types 15 + ; 7 16 8 17 baseOS = 9 18 import ../eval-config.nix { 10 - inherit system; 19 + system = null; # use modularly defined system 11 20 inherit (config.node) specialArgs; 12 21 modules = [ config.defaults ]; 13 22 baseModules = (import ../../modules/module-list.nix) ++ ··· 17 26 ({ config, ... }: 18 27 { 19 28 virtualisation.qemu.package = testModuleArgs.config.qemu.package; 20 - 29 + }) 30 + (optionalAttrs (!config.node.pkgsReadOnly) { 31 + key = "nodes.nix-pkgs"; 32 + config = { 21 33 # Ensure we do not use aliases. Ideally this is only set 22 34 # when the test framework is used by Nixpkgs NixOS tests. 23 35 nixpkgs.config.allowAliases = false; 24 - }) 36 + # TODO: switch to nixpkgs.hostPlatform and make sure containers-imperative test still evaluates. 37 + nixpkgs.system = hostPkgs.stdenv.hostPlatform.system; 38 + }; 39 + }) 25 40 testModuleArgs.config.extraBaseModules 26 41 ]; 27 42 }; ··· 68 83 default = { }; 69 84 }; 70 85 86 + node.pkgs = mkOption { 87 + description = mdDoc '' 88 + The Nixpkgs to use for the nodes. 89 + 90 + Setting this will make the `nixpkgs.*` options read-only, to avoid mistakenly testing with a Nixpkgs configuration that diverges from regular use. 91 + ''; 92 + type = types.nullOr types.pkgs; 93 + default = null; 94 + defaultText = literalMD '' 95 + `null`, so construct `pkgs` according to the `nixpkgs.*` options as usual. 96 + ''; 97 + }; 98 + 99 + node.pkgsReadOnly = mkOption { 100 + description = mdDoc '' 101 + Whether to make the `nixpkgs.*` options read-only. This is only relevant when [`node.pkgs`](#test-opt-node.pkgs) is set. 102 + 103 + Set this to `false` when any of the [`nodes`](#test-opt-nodes) needs to configure any of the `nixpkgs.*` options. This will slow down evaluation of your test a bit. 104 + ''; 105 + type = types.bool; 106 + default = config.node.pkgs != null; 107 + defaultText = literalExpression ''node.pkgs != null''; 108 + }; 109 + 71 110 node.specialArgs = mkOption { 72 111 type = types.lazyAttrsOf types.raw; 73 112 default = { }; ··· 100 139 config.nodes; 101 140 102 141 passthru.nodes = config.nodesCompat; 142 + 143 + defaults = mkIf config.node.pkgsReadOnly { 144 + nixpkgs.pkgs = config.node.pkgs; 145 + imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; 146 + }; 147 + 103 148 }; 104 149 }

+3 -3

nixos/modules/misc/nixpkgs.nix

··· 49 49 merge = lib.mergeOneOption; 50 50 }; 51 51 52 - pkgsType = mkOptionType { 53 - name = "nixpkgs"; 52 + pkgsType = types.pkgs // { 53 + # This type is only used by itself, so let's elaborate the description a bit 54 + # for the purpose of documentation. 54 55 description = "An evaluation of Nixpkgs; the top level attribute set of packages"; 55 - check = builtins.isAttrs; 56 56 }; 57 57 58 58 # Whether `pkgs` was constructed by this module - not if nixpkgs.pkgs or

+74

nixos/modules/misc/nixpkgs/read-only.nix

··· 1 + # A replacement for the traditional nixpkgs module, such that none of the modules 2 + # can add their own configuration. This ensures that the Nixpkgs configuration is 3 + # exactly as the user intends. 4 + # This may also be used as a performance optimization when evaluating multiple 5 + # configurations at once, with a shared `pkgs`. 6 + 7 + # This is a separate module, because merging this logic into the nixpkgs module 8 + # is too burdensome, considering that it is already burdened with legacy. 9 + # Moving this logic into a module does not lose any composition benefits, because 10 + # its purpose is not something that composes anyway. 11 + 12 + { lib, config, ... }: 13 + 14 + let 15 + cfg = config.nixpkgs; 16 + inherit (lib) mkOption types; 17 + 18 + in 19 + { 20 + disabledModules = [ 21 + ../nixpkgs.nix 22 + ]; 23 + options = { 24 + nixpkgs = { 25 + pkgs = mkOption { 26 + type = lib.types.pkgs; 27 + description = lib.mdDoc ''The pkgs module argument.''; 28 + }; 29 + config = mkOption { 30 + internal = true; 31 + type = types.unique { message = "nixpkgs.config is set to read-only"; } types.anything; 32 + description = lib.mdDoc '' 33 + The Nixpkgs `config` that `pkgs` was initialized with. 34 + ''; 35 + }; 36 + overlays = mkOption { 37 + internal = true; 38 + type = types.unique { message = "nixpkgs.overlays is set to read-only"; } types.anything; 39 + description = lib.mdDoc '' 40 + The Nixpkgs overlays that `pkgs` was initialized with. 41 + ''; 42 + }; 43 + hostPlatform = mkOption { 44 + internal = true; 45 + readOnly = true; 46 + description = lib.mdDoc '' 47 + The platform of the machine that is running the NixOS configuration. 48 + ''; 49 + }; 50 + buildPlatform = mkOption { 51 + internal = true; 52 + readOnly = true; 53 + description = lib.mdDoc '' 54 + The platform of the machine that built the NixOS configuration. 55 + ''; 56 + }; 57 + # NOTE: do not add the legacy options such as localSystem here. Let's keep 58 + # this module simple and let module authors upgrade their code instead. 59 + }; 60 + }; 61 + config = { 62 + _module.args.pkgs = 63 + # find mistaken definitions 64 + builtins.seq cfg.config 65 + builtins.seq cfg.overlays 66 + builtins.seq cfg.hostPlatform 67 + builtins.seq cfg.buildPlatform 68 + cfg.pkgs; 69 + nixpkgs.config = cfg.pkgs.config; 70 + nixpkgs.overlays = cfg.pkgs.overlays; 71 + nixpkgs.hostPlatform = cfg.pkgs.stdenv.hostPlatform; 72 + nixpkgs.buildPlatform = cfg.pkgs.stdenv.buildPlatform; 73 + }; 74 + }

+59

nixos/modules/misc/nixpkgs/test.nix

··· 1 + # [nixpkgs]$ nix-build -A nixosTests.nixpkgs --show-trace 2 + 1 3 { evalMinimalConfig, pkgs, lib, stdenv }: 2 4 let 3 5 eval = mod: evalMinimalConfig { ··· 27 29 let 28 30 uncheckedEval = lib.evalModules { modules = [ ../nixpkgs.nix module ]; }; 29 31 in map (ass: ass.message) (lib.filter (ass: !ass.assertion) uncheckedEval.config.assertions); 32 + 33 + readOnlyUndefined = evalMinimalConfig { 34 + imports = [ ./read-only.nix ]; 35 + }; 36 + 37 + readOnlyBad = evalMinimalConfig { 38 + imports = [ ./read-only.nix ]; 39 + nixpkgs.pkgs = { }; 40 + }; 41 + 42 + readOnly = evalMinimalConfig { 43 + imports = [ ./read-only.nix ]; 44 + nixpkgs.pkgs = pkgs; 45 + }; 46 + 47 + readOnlyBadConfig = evalMinimalConfig { 48 + imports = [ ./read-only.nix ]; 49 + nixpkgs.pkgs = pkgs; 50 + nixpkgs.config.allowUnfree = true; # do in pkgs instead! 51 + }; 52 + 53 + readOnlyBadOverlays = evalMinimalConfig { 54 + imports = [ ./read-only.nix ]; 55 + nixpkgs.pkgs = pkgs; 56 + nixpkgs.overlays = [ (_: _: {}) ]; # do in pkgs instead! 57 + }; 58 + 59 + readOnlyBadHostPlatform = evalMinimalConfig { 60 + imports = [ ./read-only.nix ]; 61 + nixpkgs.pkgs = pkgs; 62 + nixpkgs.hostPlatform = "foo-linux"; # do in pkgs instead! 63 + }; 64 + 65 + readOnlyBadBuildPlatform = evalMinimalConfig { 66 + imports = [ ./read-only.nix ]; 67 + nixpkgs.pkgs = pkgs; 68 + nixpkgs.buildPlatform = "foo-linux"; # do in pkgs instead! 69 + }; 70 + 71 + throws = x: ! (builtins.tryEval x).success; 72 + 30 73 in 31 74 lib.recurseIntoAttrs { 32 75 invokeNixpkgsSimple = ··· 64 107 nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform; 65 108 nixpkgs.pkgs = pkgs; 66 109 } == []; 110 + 111 + 112 + # Tests for the read-only.nix module 113 + assert readOnly._module.args.pkgs.stdenv.hostPlatform.system == pkgs.stdenv.hostPlatform.system; 114 + assert throws readOnlyBad._module.args.pkgs.stdenv; 115 + assert throws readOnlyUndefined._module.args.pkgs.stdenv; 116 + assert throws readOnlyBadConfig._module.args.pkgs.stdenv; 117 + assert throws readOnlyBadOverlays._module.args.pkgs.stdenv; 118 + assert throws readOnlyBadHostPlatform._module.args.pkgs.stdenv; 119 + assert throws readOnlyBadBuildPlatform._module.args.pkgs.stdenv; 120 + # read-only.nix does not provide legacy options, for the sake of simplicity 121 + # If you're bothered by this, upgrade your configs to use the new *Platform 122 + # options. 123 + assert !readOnly.options.nixpkgs?system; 124 + assert !readOnly.options.nixpkgs?localSystem; 125 + assert !readOnly.options.nixpkgs?crossSystem; 67 126 68 127 pkgs.emptyFile; 69 128 }

+19 -2

nixos/tests/all-tests.nix

··· 46 46 inherit 47 47 (rec { 48 48 doRunTest = arg: ((import ../lib/testing-python.nix { inherit system pkgs; }).evalTest { 49 - imports = [ arg ]; 49 + imports = [ arg readOnlyPkgs ]; 50 50 }).config.result; 51 51 findTests = tree: 52 52 if tree?recurseForDerivations && tree.recurseForDerivations ··· 64 64 runTest 65 65 runTestOn 66 66 ; 67 + 68 + # Using a single instance of nixpkgs makes test evaluation faster. 69 + # To make sure we don't accidentally depend on a modified pkgs, we make the 70 + # related options read-only. We need to test the right configuration. 71 + # 72 + # If your service depends on a nixpkgs setting, first try to avoid that, but 73 + # otherwise, you can remove the readOnlyPkgs import and test your service as 74 + # usual. 75 + readOnlyPkgs = 76 + # TODO: We currently accept this for nixosTests, so that the `pkgs` argument 77 + # is consistent with `pkgs` in `pkgs.nixosTests`. Can we reinitialize 78 + # it with `allowAliases = false`? 79 + # warnIf pkgs.config.allowAliases "nixosTests: pkgs includes aliases." 80 + { 81 + _class = "nixosTest"; 82 + node.pkgs = pkgs; 83 + }; 67 84 68 85 in { 69 86 ··· 267 284 gitdaemon = handleTest ./gitdaemon.nix {}; 268 285 gitea = handleTest ./gitea.nix { giteaPackage = pkgs.gitea; }; 269 286 github-runner = handleTest ./github-runner.nix {}; 270 - gitlab = handleTest ./gitlab.nix {}; 287 + gitlab = runTest ./gitlab.nix; 271 288 gitolite = handleTest ./gitolite.nix {}; 272 289 gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {}; 273 290 glusterfs = handleTest ./glusterfs.nix {};

+10 -7

nixos/tests/gitlab.nix

··· 6 6 # - Creating Merge Requests and merging them 7 7 # - Opening and closing issues. 8 8 # - Downloading repository archives as tar.gz and tar.bz2 9 - import ./make-test-python.nix ({ pkgs, lib, ... }: 9 + # Run with 10 + # [nixpkgs]$ nix-build -A nixosTests.gitlab 11 + 12 + { pkgs, lib, ... }: 10 13 11 14 with lib; 12 15 ··· 174 177 gitlab.wait_for_unit("gitlab.service") 175 178 gitlab.wait_for_unit("gitlab-pages.service") 176 179 gitlab.wait_for_unit("gitlab-sidekiq.service") 177 - gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitlab.socket") 180 + gitlab.wait_for_file("${nodes.gitlab.services.gitlab.statePath}/tmp/sockets/gitlab.socket") 178 181 gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in") 179 182 ''; 180 183 ··· 419 422 + '' 420 423 gitlab.systemctl("start gitlab-backup.service") 421 424 gitlab.wait_for_unit("gitlab-backup.service") 422 - gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/backup/dump_gitlab_backup.tar") 425 + gitlab.wait_for_file("${nodes.gitlab.services.gitlab.statePath}/backup/dump_gitlab_backup.tar") 423 426 gitlab.systemctl("stop postgresql.service gitlab.target") 424 427 gitlab.succeed( 425 - "find ${nodes.gitlab.config.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +" 428 + "find ${nodes.gitlab.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +" 426 429 ) 427 430 gitlab.succeed("systemd-tmpfiles --create") 428 - gitlab.succeed("rm -rf ${nodes.gitlab.config.services.postgresql.dataDir}") 431 + gitlab.succeed("rm -rf ${nodes.gitlab.services.postgresql.dataDir}") 429 432 gitlab.systemctl("start gitlab-config.service gitaly.service gitlab-postgresql.service") 430 - gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitaly.socket") 433 + gitlab.wait_for_file("${nodes.gitlab.services.gitlab.statePath}/tmp/sockets/gitaly.socket") 431 434 gitlab.succeed( 432 435 "sudo -u gitlab -H gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=dump force=yes" 433 436 ) ··· 435 438 '' 436 439 + waitForServices 437 440 + test false; 438 - }) 441 + }

+3 -1

nixos/tests/harmonia.nix

··· 8 8 services.harmonia = { 9 9 enable = true; 10 10 signKeyPath = pkgs.writeText "cache-key" "cache.example.com-1:9FhO0w+7HjZrhvmzT1VlAZw4OSAlFGTgC24Seg3tmPl4gZBdwZClzTTHr9cVzJpwsRSYLTu7hEAQe3ljy92CWg=="; 11 + settings.priority = 35; 11 12 }; 12 13 13 14 networking.firewall.allowedTCPPorts = [ 5000 ]; ··· 26 27 start_all() 27 28 28 29 harmonia.wait_for_unit("harmonia.service") 29 - client01.wait_until_succeeds("curl -f http://harmonia:5000/nix-cache-info") 30 + 31 + client01.wait_until_succeeds("curl -f http://harmonia:5000/nix-cache-info | grep '${toString nodes.harmonia.services.harmonia.settings.priority}' >&2") 30 32 client01.succeed("curl -f http://harmonia:5000/version | grep '${nodes.harmonia.services.harmonia.package.version}' >&2") 31 33 32 34 client01.succeed("cat /etc/nix/nix.conf >&2")

+2 -2

pkgs/applications/audio/cyanrip/default.nix

··· 12 12 }: 13 13 stdenv.mkDerivation rec { 14 14 pname = "cyanrip"; 15 - version = "0.8.1"; 15 + version = "0.9.0"; 16 16 17 17 src = fetchFromGitHub { 18 18 owner = "cyanreg"; 19 19 repo = pname; 20 20 rev = "v${version}"; 21 - sha256 = "17bi2xhjv3f3i870whkyqckvjlg32wqkspash87zi0jw7m7jm229"; 21 + sha256 = "sha256-gH/rWTRYX10Q2Y9oSaMu0bOy3SMbcSNmH3dkXHFAw90"; 22 22 }; 23 23 24 24 nativeBuildInputs = [ meson ninja pkg-config ];

+2 -2

pkgs/applications/misc/megacmd/default.nix

··· 23 23 24 24 stdenv.mkDerivation rec { 25 25 pname = "megacmd"; 26 - version = "1.6.1"; 26 + version = "1.6.3"; 27 27 28 28 src = fetchFromGitHub { 29 29 owner = "meganz"; 30 30 repo = "MEGAcmd"; 31 31 rev = "${version}_Linux"; 32 - sha256 = "sha256-X8ysTVr4oZS3VHuCyq96J6TL9nvtAT/HVnMyz5iXSXo="; 32 + sha256 = "sha256-JnxfFbM+NyeUrEMok62zlsQIxjrUvLLg4tUTiKPDZFc="; 33 33 fetchSubmodules = true; 34 34 }; 35 35

+1

pkgs/applications/misc/swaynotificationcenter/default.nix

··· 83 83 changelog = "https://github.com/ErikReider/SwayNotificationCenter/releases/tag/v${version}"; 84 84 license = licenses.gpl3; 85 85 platforms = platforms.linux; 86 + mainProgram = "swaync"; 86 87 maintainers = with maintainers; [ berbiche pedrohlc ]; 87 88 }; 88 89 })

+4 -4

pkgs/applications/networking/cluster/cmctl/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "cmctl"; 5 - version = "1.11.1"; 5 + version = "1.11.2"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "cert-manager"; 9 9 repo = "cert-manager"; 10 - rev = "e3a2a803e8ed7f8a88d5f535d6e9a061c1571194"; 11 - sha256 = "0484dh520plgmrv39lbih44z1dz0r3sf115kqvcpfmg13b0328d0"; 10 + rev = "4767427a40e0e193c976fd6bc228f50de8950572"; 11 + sha256 = "128s5vd4hp5mr0rnb21grzmijzx0ibpv71as36dcgw7z4v3gq7lx"; 12 12 }; 13 13 14 - vendorSha256 = "sha256-tKvvqYGwLEoSfGzBRLx8xC/0Kz1uLmHYQ+gcHOW+550="; 14 + vendorSha256 = "sha256-+r0QpD97r6dokUr07Qjb9kvoK+oz2rvml0cIebtYuHg="; 15 15 16 16 subPackages = [ "cmd/ctl" ]; 17 17

+26

pkgs/applications/networking/cluster/kubefirst/default.nix

··· 1 + { lib, buildGoModule, fetchFromGitHub }: 2 + 3 + buildGoModule rec { 4 + pname = "kubefirst"; 5 + version = "2.0.8"; 6 + 7 + src = fetchFromGitHub { 8 + owner = "kubefirst"; 9 + repo = pname; 10 + rev = "v${version}"; 11 + hash = "sha256-JGseXRUehRuH1kuTfmkAJcfRN3vM0zN7K8pnOfJ0LAs="; 12 + }; 13 + 14 + vendorHash = "sha256-Sc6HXJXkZ9vW6sxEKCTo6LDHeOGLTz0oN9JH11iUA/k="; 15 + 16 + ldflags = [ "-s" "-w" "-X github.com/kubefirst/runtime/configs.K1Version=v${version}"]; 17 + 18 + doCheck = false; 19 + 20 + meta = with lib; { 21 + description = "The Kubefirst CLI creates instant GitOps platforms that integrate some of the best tools in cloud native from scratch."; 22 + homepage = "https://github.com/kubefirst/kubefirst/"; 23 + license = licenses.mit; 24 + maintainers = with maintainers; [ qjoly ]; 25 + }; 26 + }

+27

pkgs/applications/networking/cluster/tfautomv/default.nix

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + }: 5 + 6 + buildGoModule rec { 7 + pname = "tfautomv"; 8 + version = "0.5.1"; 9 + 10 + src = fetchFromGitHub { 11 + owner = "padok-team"; 12 + repo = pname; 13 + rev = "v${version}"; 14 + hash = "sha256-shpoi/N/gfzisjj1tvZGSEuorqaoOJMhYOjx+Y8F/Ds="; 15 + }; 16 + 17 + vendorHash = "sha256-BjmtUamecTSwT7gHM/6uz1r/P8O0TWzp9Dk43rdmxXU="; 18 + 19 + ldflags = [ "-s" "-w" ]; 20 + 21 + meta = with lib; { 22 + homepage = "https://github.com/padok-team/tfautomv"; 23 + description = "When refactoring a Terraform codebase, you often need to write moved blocks. This can be tedious. Let tfautomv do it for you"; 24 + license = licenses.asl20; 25 + maintainers = with maintainers; [ qjoly ]; 26 + }; 27 + }

+42 -42

pkgs/applications/virtualization/pods/Cargo.lock

··· 120 120 121 121 [[package]] 122 122 name = "bumpalo" 123 - version = "3.12.1" 123 + version = "3.12.2" 124 124 source = "registry+https://github.com/rust-lang/crates.io-index" 125 - checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8" 125 + checksum = "3c6ed94e98ecff0c12dd1b04c15ec0d7d9458ca8fe806cea6f12954efe74c63b" 126 126 127 127 [[package]] 128 128 name = "byteorder" ··· 1092 1092 1093 1093 [[package]] 1094 1094 name = "js-sys" 1095 - version = "0.3.61" 1095 + version = "0.3.62" 1096 1096 source = "registry+https://github.com/rust-lang/crates.io-index" 1097 - checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" 1097 + checksum = "68c16e1bfd491478ab155fd8b4896b86f9ede344949b641e61501e07c2b8b4d5" 1098 1098 dependencies = [ 1099 1099 "wasm-bindgen", 1100 1100 ] ··· 1142 1142 1143 1143 [[package]] 1144 1144 name = "libc" 1145 - version = "0.2.142" 1145 + version = "0.2.144" 1146 1146 source = "registry+https://github.com/rust-lang/crates.io-index" 1147 - checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317" 1147 + checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1" 1148 1148 1149 1149 [[package]] 1150 1150 name = "libpanel" ··· 1188 1188 1189 1189 [[package]] 1190 1190 name = "linux-raw-sys" 1191 - version = "0.3.6" 1191 + version = "0.3.7" 1192 1192 source = "registry+https://github.com/rust-lang/crates.io-index" 1193 - checksum = "b64f40e5e03e0d54f03845c8197d0291253cdbedfb1cb46b13c2c117554a9f4c" 1193 + checksum = "ece97ea872ece730aed82664c424eb4c8291e1ff2480247ccf7409044bc6479f" 1194 1194 1195 1195 [[package]] 1196 1196 name = "locale_config" ··· 1477 1477 1478 1478 [[package]] 1479 1479 name = "pkg-config" 1480 - version = "0.3.26" 1480 + version = "0.3.27" 1481 1481 source = "registry+https://github.com/rust-lang/crates.io-index" 1482 - checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" 1482 + checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" 1483 1483 1484 1484 [[package]] 1485 1485 name = "podman-api" ··· 1518 1518 1519 1519 [[package]] 1520 1520 name = "pods" 1521 - version = "1.1.1" 1521 + version = "1.1.2" 1522 1522 dependencies = [ 1523 1523 "anyhow", 1524 1524 "ashpd", ··· 1594 1594 1595 1595 [[package]] 1596 1596 name = "quote" 1597 - version = "1.0.26" 1597 + version = "1.0.27" 1598 1598 source = "registry+https://github.com/rust-lang/crates.io-index" 1599 - checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" 1599 + checksum = "8f4f29d145265ec1c483c7c654450edde0bfe043d3938d6972630663356d9500" 1600 1600 dependencies = [ 1601 1601 "proc-macro2", 1602 1602 ] ··· 1677 1677 1678 1678 [[package]] 1679 1679 name = "rustix" 1680 - version = "0.37.18" 1680 + version = "0.37.19" 1681 1681 source = "registry+https://github.com/rust-lang/crates.io-index" 1682 - checksum = "8bbfc1d1c7c40c01715f47d71444744a81669ca84e8b63e25a55e169b1f86433" 1682 + checksum = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d" 1683 1683 dependencies = [ 1684 1684 "bitflags", 1685 1685 "errno", ··· 1709 1709 1710 1710 [[package]] 1711 1711 name = "serde" 1712 - version = "1.0.160" 1712 + version = "1.0.162" 1713 1713 source = "registry+https://github.com/rust-lang/crates.io-index" 1714 - checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c" 1714 + checksum = "71b2f6e1ab5c2b98c05f0f35b236b22e8df7ead6ffbf51d7808da7f8817e7ab6" 1715 1715 dependencies = [ 1716 1716 "serde_derive", 1717 1717 ] 1718 1718 1719 1719 [[package]] 1720 1720 name = "serde_derive" 1721 - version = "1.0.160" 1721 + version = "1.0.162" 1722 1722 source = "registry+https://github.com/rust-lang/crates.io-index" 1723 - checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df" 1723 + checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6" 1724 1724 dependencies = [ 1725 1725 "proc-macro2", 1726 1726 "quote", ··· 1868 1868 "hostname", 1869 1869 "libc", 1870 1870 "log", 1871 - "time 0.3.20", 1871 + "time 0.3.21", 1872 1872 ] 1873 1873 1874 1874 [[package]] 1875 1875 name = "system-deps" 1876 - version = "6.0.5" 1876 + version = "6.1.0" 1877 1877 source = "registry+https://github.com/rust-lang/crates.io-index" 1878 - checksum = "d0fe581ad25d11420b873cf9aedaca0419c2b411487b134d4d21065f3d092055" 1878 + checksum = "e5fa6fb9ee296c0dc2df41a656ca7948546d061958115ddb0bcaae43ad0d17d2" 1879 1879 dependencies = [ 1880 1880 "cfg-expr", 1881 1881 "heck", ··· 1962 1962 1963 1963 [[package]] 1964 1964 name = "time" 1965 - version = "0.3.20" 1965 + version = "0.3.21" 1966 1966 source = "registry+https://github.com/rust-lang/crates.io-index" 1967 - checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890" 1967 + checksum = "8f3403384eaacbca9923fa06940178ac13e4edb725486d70e8e15881d0c836cc" 1968 1968 dependencies = [ 1969 1969 "itoa", 1970 1970 "libc", ··· 1976 1976 1977 1977 [[package]] 1978 1978 name = "time-core" 1979 - version = "0.1.0" 1979 + version = "0.1.1" 1980 1980 source = "registry+https://github.com/rust-lang/crates.io-index" 1981 - checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd" 1981 + checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" 1982 1982 1983 1983 [[package]] 1984 1984 name = "time-macros" 1985 - version = "0.2.8" 1985 + version = "0.2.9" 1986 1986 source = "registry+https://github.com/rust-lang/crates.io-index" 1987 - checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36" 1987 + checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b" 1988 1988 dependencies = [ 1989 1989 "time-core", 1990 1990 ] ··· 2006 2006 2007 2007 [[package]] 2008 2008 name = "tokio" 2009 - version = "1.28.0" 2009 + version = "1.28.1" 2010 2010 source = "registry+https://github.com/rust-lang/crates.io-index" 2011 - checksum = "c3c786bf8134e5a3a166db9b29ab8f48134739014a3eca7bc6bfa95d673b136f" 2011 + checksum = "0aa32867d44e6f2ce3385e89dceb990188b8bb0fb25b0cf576647a6f98ac5105" 2012 2012 dependencies = [ 2013 2013 "autocfg", 2014 2014 "bytes 1.4.0", ··· 2274 2274 2275 2275 [[package]] 2276 2276 name = "wasm-bindgen" 2277 - version = "0.2.84" 2277 + version = "0.2.85" 2278 2278 source = "registry+https://github.com/rust-lang/crates.io-index" 2279 - checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" 2279 + checksum = "5b6cb788c4e39112fbe1822277ef6fb3c55cd86b95cb3d3c4c1c9597e4ac74b4" 2280 2280 dependencies = [ 2281 2281 "cfg-if", 2282 2282 "wasm-bindgen-macro", ··· 2284 2284 2285 2285 [[package]] 2286 2286 name = "wasm-bindgen-backend" 2287 - version = "0.2.84" 2287 + version = "0.2.85" 2288 2288 source = "registry+https://github.com/rust-lang/crates.io-index" 2289 - checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" 2289 + checksum = "35e522ed4105a9d626d885b35d62501b30d9666283a5c8be12c14a8bdafe7822" 2290 2290 dependencies = [ 2291 2291 "bumpalo", 2292 2292 "log", 2293 2293 "once_cell", 2294 2294 "proc-macro2", 2295 2295 "quote", 2296 - "syn 1.0.109", 2296 + "syn 2.0.15", 2297 2297 "wasm-bindgen-shared", 2298 2298 ] 2299 2299 2300 2300 [[package]] 2301 2301 name = "wasm-bindgen-macro" 2302 - version = "0.2.84" 2302 + version = "0.2.85" 2303 2303 source = "registry+https://github.com/rust-lang/crates.io-index" 2304 - checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" 2304 + checksum = "358a79a0cb89d21db8120cbfb91392335913e4890665b1a7981d9e956903b434" 2305 2305 dependencies = [ 2306 2306 "quote", 2307 2307 "wasm-bindgen-macro-support", ··· 2309 2309 2310 2310 [[package]] 2311 2311 name = "wasm-bindgen-macro-support" 2312 - version = "0.2.84" 2312 + version = "0.2.85" 2313 2313 source = "registry+https://github.com/rust-lang/crates.io-index" 2314 - checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" 2314 + checksum = "4783ce29f09b9d93134d41297aded3a712b7b979e9c6f28c32cb88c973a94869" 2315 2315 dependencies = [ 2316 2316 "proc-macro2", 2317 2317 "quote", 2318 - "syn 1.0.109", 2318 + "syn 2.0.15", 2319 2319 "wasm-bindgen-backend", 2320 2320 "wasm-bindgen-shared", 2321 2321 ] 2322 2322 2323 2323 [[package]] 2324 2324 name = "wasm-bindgen-shared" 2325 - version = "0.2.84" 2325 + version = "0.2.85" 2326 2326 source = "registry+https://github.com/rust-lang/crates.io-index" 2327 - checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" 2327 + checksum = "a901d592cafaa4d711bc324edfaff879ac700b19c3dfd60058d2b445be2691eb" 2328 2328 2329 2329 [[package]] 2330 2330 name = "winapi"

+2 -2

pkgs/applications/virtualization/pods/default.nix

··· 17 17 18 18 stdenv.mkDerivation rec { 19 19 pname = "pods"; 20 - version = "1.1.1"; 20 + version = "1.1.2"; 21 21 22 22 src = fetchFromGitHub { 23 23 owner = "marhkb"; 24 24 repo = pname; 25 25 rev = "v${version}"; 26 - sha256 = "sha256-GTRHysG1zPr6MorGoSKYq8TgAdTH/bU/AxVrP2Ghqec="; 26 + sha256 = "sha256-5euSMmyumZbUFsZuP7fa3wCm4n0Hx+F8bPlv4Xw/Hvw="; 27 27 }; 28 28 29 29 cargoDeps = rustPlatform.importCargoLock {

+2 -2

pkgs/development/interpreters/ruby/default.nix

··· 84 84 ++ (op fiddleSupport libffi) 85 85 ++ (ops cursesSupport [ ncurses readline ]) 86 86 ++ (op zlibSupport zlib) 87 - ++ (op (!atLeast30 && opensslSupport) openssl_1_1) 88 - ++ (op (atLeast30 && opensslSupport) openssl) 87 + ++ (op (!atLeast31 && opensslSupport) openssl_1_1) 88 + ++ (op (atLeast31 && opensslSupport) openssl) 89 89 ++ (op gdbmSupport gdbm) 90 90 ++ (op yamlSupport libyaml) 91 91 # Looks like ruby fails to build on darwin without readline even if curses

+2 -2

pkgs/development/libraries/opencl-headers/default.nix

··· 3 3 4 4 stdenv.mkDerivation rec { 5 5 pname = "opencl-headers"; 6 - version = "2023.04.17"; 6 + version = "2023.02.06"; 7 7 8 8 src = fetchFromGitHub { 9 9 owner = "KhronosGroup"; 10 10 repo = "OpenCL-Headers"; 11 11 rev = "v${version}"; 12 - sha256 = "sha256-FK6pbIqNVVW9p6ozUVzuRxfxvibCA4cNFfhT22WjSzE="; 12 + sha256 = "sha256-BJDaDokyHgmyl+bGqCwG1J7iOvu0E3P3iYZ1/krot8s="; 13 13 }; 14 14 15 15 installPhase = ''

+63

pkgs/development/python-modules/aws-secretsmanager-caching/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , pythonOlder 4 + , fetchPypi 5 + , setuptools-scm 6 + , botocore 7 + , pytestCheckHook 8 + }: 9 + 10 + buildPythonPackage rec { 11 + pname = "aws_secretsmanager_caching"; 12 + version = "1.1.1.5"; 13 + format = "setuptools"; 14 + 15 + disabled = pythonOlder "3.7"; 16 + 17 + src = fetchPypi { 18 + inherit pname version; 19 + sha256 = "5cee2762bb89b72f3e5123feee8e45fbe44ffe163bfca08b28f27b2e2b7772e1"; 20 + }; 21 + 22 + nativeBuildInputs = [ 23 + setuptools-scm 24 + ]; 25 + 26 + propagatedBuildInputs = [ 27 + botocore 28 + ]; 29 + 30 + patches = [ 31 + # Remove coverage tests from the pytest invocation in setup.cfg. 32 + ./remove-coverage-tests.patch 33 + ]; 34 + 35 + postPatch = '' 36 + substituteInPlace setup.py \ 37 + --replace "'pytest-runner'," "" 38 + ''; 39 + 40 + nativeCheckInputs = [ 41 + pytestCheckHook 42 + ]; 43 + 44 + disabledTestPaths = [ 45 + # Integration tests require networking. 46 + "test/integ" 47 + ]; 48 + 49 + pythonImportsCheck = [ 50 + "aws_secretsmanager_caching" 51 + ]; 52 + 53 + meta = with lib; { 54 + description = "Client-side AWS secrets manager caching library"; 55 + homepage = "https://github.com/aws/aws-secretsmanager-caching-python"; 56 + changelog = "https://github.com/aws/aws-secretsmanager-caching-python/releases/tag/v${version}"; 57 + longDescription = '' 58 + The AWS Secrets Manager Python caching client enables in-process caching of secrets for Python applications. 59 + ''; 60 + license = licenses.asl20; 61 + maintainers = with maintainers; [ tomaskala ]; 62 + }; 63 + }

+14

pkgs/development/python-modules/aws-secretsmanager-caching/remove-coverage-tests.patch

··· 1 + diff --git a/setup.cfg b/setup.cfg 2 + index 5aa81b2..0c02ded 100644 3 + --- a/setup.cfg 4 + +++ b/setup.cfg 5 + @@ -3,9 +3,6 @@ xfail_strict = true 6 + addopts = 7 + --verbose 8 + --doctest-modules 9 + - --cov aws_secretsmanager_caching 10 + - --cov-fail-under 90 11 + - --cov-report term-missing 12 + --ignore doc/ 13 + 14 + [aliases]

+2 -2

pkgs/development/python-modules/azure-mgmt-datafactory/default.nix

··· 10 10 11 11 buildPythonPackage rec { 12 12 pname = "azure-mgmt-datafactory"; 13 - version = "3.0.0"; 13 + version = "3.1.0"; 14 14 format = "setuptools"; 15 15 16 16 disabled = pythonOlder "3.7"; ··· 18 18 src = fetchPypi { 19 19 inherit pname version; 20 20 extension = "zip"; 21 - hash = "sha256-aVfH65fJnsTSr0MR0Fr5yamxIOv2+aST953uCr7QXOk="; 21 + hash = "sha256-lsOUxDoXocf1fUIcY4q74/vd86LO7yumJg7rJ6i3zcg="; 22 22 }; 23 23 24 24 propagatedBuildInputs = [

+28 -10

pkgs/development/python-modules/riscv-isac/default.nix

··· 1 - { buildPythonPackage 1 + { lib 2 + , buildPythonPackage 2 3 , fetchFromGitHub 3 - , lib 4 4 , click 5 5 , colorlog 6 6 , gitpython 7 + , pluggy 7 8 , pyelftools 8 9 , pytablewriter 9 - , pytest 10 + , pytestCheckHook 10 11 , pyyaml 11 12 , ruamel-yaml 13 + , pythonOlder 12 14 }: 13 15 14 16 buildPythonPackage rec { 15 17 pname = "riscv-isac"; 16 - version = "0.16.1"; 18 + version = "0.17.0"; 19 + format = "setuptools"; 20 + 21 + disabled = pythonOlder "3.7"; 17 22 18 23 src = fetchFromGitHub { 19 24 owner = "riscv-software-src"; 20 25 repo = pname; 21 - rev = version; 22 - hash = "sha256-Krjr9bvpoOeNfMbYj/QbJ+Y+AVLjwrzj8KKMUXCfnMA="; 26 + rev = "refs/tags/${version}"; 27 + hash = "sha256-I0RsvSCrSlNGVj8z+WUQx6vbdNkKCRyMFvNx+0mTBAE="; 23 28 }; 24 29 25 - postPatch = "substituteInPlace riscv_isac/requirements.txt --replace 'pyelftools==0.26' pyelftools"; 30 + postPatch = '' 31 + substituteInPlace riscv_isac/requirements.txt \ 32 + --replace "pyelftools==0.26" "pyelftools" \ 33 + --replace "pytest" "" 34 + ''; 26 35 27 36 propagatedBuildInputs = [ 28 37 click 29 38 colorlog 30 39 gitpython 40 + pluggy 31 41 pyelftools 32 42 pytablewriter 33 - pytest 34 43 pyyaml 35 44 ruamel-yaml 36 45 ]; 37 46 47 + nativeCheckInputs = [ 48 + pytestCheckHook 49 + ]; 50 + 51 + pythonImportsCheck = [ 52 + "riscv_isac" 53 + ]; 54 + 38 55 meta = with lib; { 56 + description = "An ISA coverage extraction tool"; 39 57 homepage = "https://github.com/riscv/riscv-isac"; 40 - description = "An ISA coverage extraction tool"; 41 - maintainers = with maintainers; [ genericnerdyusername ]; 58 + changelog = "https://github.com/riscv-software-src/riscv-isac/blob/${version}/CHANGELOG.md"; 42 59 license = licenses.bsd3; 60 + maintainers = with maintainers; [ genericnerdyusername ]; 43 61 }; 44 62 }

+10

pkgs/development/python-modules/twisted/default.nix

··· 69 69 url = "https://github.com/mweinelt/twisted/commit/e69e652de671aac0abf5c7e6c662fc5172758c5a.patch"; 70 70 hash = "sha256-LmvKUTViZoY/TPBmSlx4S9FbJNZfB5cxzn/YcciDmoI="; 71 71 }) 72 + # remove half broken pyasn1 integration that blow up with pyasn 0.5.0 73 + # https://github.com/twisted/twisted/pull/11843 74 + (fetchpatch { 75 + url = "https://github.com/twisted/twisted/commit/bdee0eb835a76b2982beaf10c85269ff25ea09fa.patch"; 76 + excludes = [ "pyproject.toml" "tox.ini" ]; 77 + hash = "sha256-oGAHmZMpMWfK+2zEDjHD115sW7exCYqfORVOLw+Wa6M="; 78 + }) 72 79 ] ++ lib.optionals (pythonAtLeast "3.11") [ 73 80 (fetchpatch { 74 81 url = "https://github.com/twisted/twisted/pull/11734.diff"; ··· 95 102 ]; 96 103 97 104 postPatch = '' 105 + substituteInPlace pyproject.toml \ 106 + --replace '"pyasn1 >= 0.4",' "" 107 + 98 108 echo 'ListingTests.test_localeIndependent.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py 99 109 echo 'ListingTests.test_newFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py 100 110 echo 'ListingTests.test_newSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py

+4 -5

pkgs/development/python-modules/xhtml2pdf/default.nix

··· 15 15 16 16 buildPythonPackage rec { 17 17 pname = "xhtml2pdf"; 18 - version = "0.2.9"; 18 + version = "0.2.11"; 19 19 format = "setuptools"; 20 20 21 21 disabled = pythonOlder "3.7"; 22 22 23 - # Tests are only available on GitHub 24 23 src = fetchFromGitHub { 25 24 owner = pname; 26 25 repo = pname; 27 - # Currently it is not possible to fetch from version as there is a branch with the same name 28 - rev = "refs/tags/${version}"; 29 - hash = "sha256-MrzAsa0AZX3+0LN/Can3QBoPBRxb0a/F2jLBd8rD5H4="; 26 + rev = "refs/tags/v${version}"; 27 + hash = "sha256-L/HCw+O8bidtE5nDdO+cLS54m64dlJL+9Gjcye5gM+w="; 30 28 }; 31 29 32 30 propagatedBuildInputs = [ ··· 51 49 meta = with lib; { 52 50 description = "A PDF generator using HTML and CSS"; 53 51 homepage = "https://github.com/xhtml2pdf/xhtml2pdf"; 52 + changelog = "https://github.com/xhtml2pdf/xhtml2pdf/releases/tag/v${version}"; 54 53 license = licenses.asl20; 55 54 maintainers = with maintainers; [ ]; 56 55 };

+3 -3

pkgs/development/tools/rust/cargo-audit/default.nix

··· 9 9 10 10 rustPlatform.buildRustPackage rec { 11 11 pname = "cargo-audit"; 12 - version = "0.17.5"; 12 + version = "0.17.6"; 13 13 14 14 src = fetchCrate { 15 15 inherit pname version; 16 - sha256 = "sha256-qsHy4MKQHBzChcOJ9TrlUbEnEtVxlzxDgZlahhDsoxM="; 16 + sha256 = "sha256-ICNcBqlkX1k3J5vc/bfoXw/+l2LdHOchv4PfY0G7Y94="; 17 17 }; 18 18 19 - cargoSha256 = "sha256-7uBRybAkexBl3SldV4qudwPZ8JcKCUaAlwbAcT9JXy8="; 19 + cargoSha256 = "sha256-ViqaiSLVfDJhMuHjHGi+NVRLPcRhe2a+oKXl4UNM+K8="; 20 20 21 21 nativeBuildInputs = [ 22 22 pkg-config

+1 -1

pkgs/os-specific/darwin/apple-sdk-11.0/default.nix

··· 70 70 stdenv = mkStdenv stdenv; 71 71 } // builtins.listToAttrs (map 72 72 (v: { name = "clang${v}Stdenv"; value = mkStdenv pkgs."llvmPackages_${v}".stdenv; }) 73 - [ "12" "13" "14" "15" ] 73 + [ "12" "13" "14" "15" "16" ] 74 74 ); 75 75 76 76 callPackage = newScope (packages // pkgs.darwin // { inherit MacOSX-SDK; });

+9 -3

pkgs/os-specific/linux/minimal-bootstrap/default.nix

··· 10 10 # declared here. 11 11 (extra: lib.callPackageWith ({ inherit lib config buildPlatform hostPlatform; } // extra)) 12 12 (self: with self; { 13 - inherit (callPackage ./utils.nix { }) fetchurl derivationWithMeta writeTextFile writeText runCommand; 14 13 15 - inherit (callPackage ./stage0-posix { }) kaem m2libc mescc-tools mescc-tools-extra; 14 + gnupatch = callPackage ./gnupatch { tinycc = tinycc-mes; }; 15 + 16 + gnumake = callPackage ./gnumake { tinycc = tinycc-mes; }; 17 + 18 + ln-boot = callPackage ./ln-boot { }; 16 19 17 20 mes = callPackage ./mes { }; 18 21 mes-libc = callPackage ./mes/libc.nix { }; 19 22 20 - ln-boot = callPackage ./ln-boot { }; 23 + inherit (callPackage ./stage0-posix { }) kaem m2libc mescc-tools mescc-tools-extra; 21 24 22 25 tinycc-bootstrappable = callPackage ./tinycc/bootstrappable.nix { }; 23 26 tinycc-mes = callPackage ./tinycc/mes.nix { }; 27 + 28 + inherit (callPackage ./utils.nix { }) fetchurl derivationWithMeta writeTextFile writeText runCommand; 29 + 24 30 })

+35

pkgs/os-specific/linux/minimal-bootstrap/gnumake/0001-No-impure-bin-sh.patch

··· 1 + From e00a5257a6ca5fedbf68b09eee7df3502971a057 Mon Sep 17 00:00:00 2001 2 + From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> 3 + Date: Sat, 24 Apr 2021 10:11:40 +0200 4 + Subject: [PATCH 1/2] No impure bin sh 5 + 6 + default_shell is used to populuate default shell used to execute jobs. 7 + Unless SHELL is set to a different value this would be /bin/sh. 8 + Our stdenv provides sh in form of bash anyway. Having this value not 9 + hard-coded has some advantages: 10 + 11 + - It would ensure that on all systems it uses sh from its PATH rather 12 + than /bin/sh, which helps as different systems might have different 13 + shells there (bash vs. dash) 14 + - In the past I had issues with LD_PRELOAD with BEAR, where /bin/sh 15 + used a different glibc than BEAR which came from my development shell. 16 + --- 17 + src/job.c | 2 +- 18 + 1 file changed, 1 insertion(+), 1 deletion(-) 19 + 20 + diff --git a/src/job.c b/src/job.c 21 + index ae1f18b..6b4ddb3 100644 22 + --- a/src/job.c 23 + +++ b/src/job.c 24 + @@ -77,7 +77,7 @@ char * vms_strsignal (int status); 25 + 26 + #else 27 + 28 + -const char *default_shell = "/bin/sh"; 29 + +const char *default_shell = "sh"; 30 + int batch_mode_shell = 0; 31 + 32 + #endif 33 + -- 34 + 2.31.1 35 +

+40

pkgs/os-specific/linux/minimal-bootstrap/gnumake/0002-remove-impure-dirs.patch

··· 1 + From 795d63d3c8b5c0dbb7e544954f75507b371b7228 Mon Sep 17 00:00:00 2001 2 + From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> 3 + Date: Sat, 24 Apr 2021 10:20:16 +0200 4 + Subject: [PATCH 2/2] remove impure dirs 5 + 6 + --- 7 + src/read.c | 3 --- 8 + src/remake.c | 2 -- 9 + 2 files changed, 5 deletions(-) 10 + 11 + diff --git a/src/read.c b/src/read.c 12 + index fa197fb..defacfb 100644 13 + --- a/src/read.c 14 + +++ b/src/read.c 15 + @@ -109,9 +109,6 @@ static const char *default_include_directories[] = 16 + #endif 17 + INCLUDEDIR, 18 + #ifndef _AMIGA 19 + - "/usr/gnu/include", 20 + - "/usr/local/include", 21 + - "/usr/include", 22 + #endif 23 + 0 24 + }; 25 + diff --git a/src/remake.c b/src/remake.c 26 + index fb237c5..94bff7d 100644 27 + --- a/src/remake.c 28 + +++ b/src/remake.c 29 + @@ -1601,8 +1601,6 @@ library_search (const char *lib, FILE_TIMESTAMP *mtime_ptr) 30 + static const char *dirs[] = 31 + { 32 + #ifndef _AMIGA 33 + - "/lib", 34 + - "/usr/lib", 35 + #endif 36 + #if defined(WINDOWS32) && !defined(LIBDIR) 37 + /* 38 + -- 39 + 2.31.1 40 +

+58

pkgs/os-specific/linux/minimal-bootstrap/gnumake/0003-tinycc-support.patch

··· 1 + diff --git a/src/dir.c b/src/dir.c 2 + index 3e94b98..cfaa6a2 100644 3 + --- a/src/dir.c 4 + +++ b/src/dir.c 5 + @@ -1331,10 +1331,9 @@ local_stat (const char *path, struct stat *buf) 6 + 7 + /* Similarly for lstat. */ 8 + #if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) 9 + -# ifndef VMS 10 + -# ifndef HAVE_SYS_STAT_H 11 + +// mes-libc implements but does not declare lstat 12 + +# if (!defined(VMS) && !defined(HAVE_SYS_STAT_H)) || defined(__TINYC__) 13 + int lstat (const char *path, struct stat *sbuf); 14 + -# endif 15 + # else 16 + /* We are done with the fake lstat. Go back to the real lstat */ 17 + # ifdef lstat 18 + diff --git a/src/job.c b/src/job.c 19 + index ea88561..8388a82 100644 20 + --- a/src/job.c 21 + +++ b/src/job.c 22 + @@ -2052,7 +2052,8 @@ job_next_command (struct child *child) 23 + static int 24 + load_too_high (void) 25 + { 26 + -#if defined(__MSDOS__) || defined(VMS) || defined(_AMIGA) || defined(__riscos__) 27 + +// mes-libc does not support getloadavg 28 + +#if defined(__MSDOS__) || defined(VMS) || defined(_AMIGA) || defined(__riscos__) || defined (__TINYC__) 29 + return 1; 30 + #else 31 + static double last_sec; 32 + diff --git a/src/main.c b/src/main.c 33 + index a9d3a64..664d40f 100644 34 + --- a/src/main.c 35 + +++ b/src/main.c 36 + @@ -2770,7 +2770,7 @@ main (int argc, char **argv, char **envp) 37 + char *b = alloca (40); 38 + sprintf (b, "MAKE_RESTARTS=%s%u", 39 + OUTPUT_IS_TRACED () ? "-" : "", restarts); 40 + - putenv (b); 41 + + // mes-libc does not support putenv 42 + } 43 + 44 + fflush (stdout); 45 + diff --git a/src/misc.c b/src/misc.c 46 + index eb14f40..bffca82 100644 47 + --- a/src/misc.c 48 + +++ b/src/misc.c 49 + @@ -653,7 +653,8 @@ get_tmppath () 50 + 51 + # ifdef HAVE_MKTEMP 52 + path = get_tmptemplate (); 53 + - if (*mktemp (path) == '\0') 54 + + // tinycc: "src/misc.c:656: error: pointer expected" 55 + + if (!strcmp(mktemp (path), "")) 56 + { 57 + OSS (error, NILF, 58 + _("cannot generate temp path from %s: %s"), path, strerror (errno));

+190

pkgs/os-specific/linux/minimal-bootstrap/gnumake/default.nix

··· 1 + { lib 2 + , runCommand 3 + , fetchurl 4 + , tinycc 5 + , gnupatch 6 + }: 7 + let 8 + pname = "gnumake"; 9 + version = "4.4.1"; 10 + 11 + src = fetchurl { 12 + url = "mirror://gnu/make/make-${version}.tar.gz"; 13 + sha256 = "1cwgcmwdn7gqn5da2ia91gkyiqs9birr10sy5ykpkaxzcwfzn5nx"; 14 + }; 15 + 16 + patches = [ 17 + # Replaces /bin/sh with sh, see patch file for reasoning 18 + ./0001-No-impure-bin-sh.patch 19 + # Purity: don't look for library dependencies (of the form `-lfoo') in /lib 20 + # and /usr/lib. It's a stupid feature anyway. Likewise, when searching for 21 + # included Makefiles, don't look in /usr/include and friends. 22 + ./0002-remove-impure-dirs.patch 23 + # Fixes for tinycc. See comments in patch file for reasoning 24 + ./0003-tinycc-support.patch 25 + ]; 26 + 27 + CFLAGS = [ 28 + "-I./src" 29 + "-I./lib" 30 + "-DHAVE_CONFIG_H" 31 + "-DMAKE_MAINTAINER_MODE" 32 + "-DLIBDIR=\\\"${placeholder "out"}/lib\\\"" 33 + "-DLOCALEDIR=\\\"/fake-locale\\\"" 34 + "-DPOSIX=1" 35 + # mes-libc doesn't implement osync_* methods 36 + "-DNO_OUTPUT_SYNC=1" 37 + # mes-libc doesn't define O_TMPFILE 38 + "-DO_TMPFILE=020000000" 39 + ] ++ config; 40 + 41 + /* 42 + Maintenance notes: 43 + 44 + Generated by 45 + ./configure \ 46 + --build i686-pc-linux-gnu \ 47 + --host i686-pc-linux-gnu \ 48 + CC="${tinycc-mes}/bin/tcc -static" \ 49 + ac_cv_func_dup=no 50 + - `ac_cv_func_dup` disabled as mes-libc doesn't implement tmpfile() 51 + 52 + The output src/config.h was then manually filtered, removing definitions that 53 + didn't have uses in the source code 54 + */ 55 + config = [ 56 + "-DFILE_TIMESTAMP_HI_RES=0" 57 + "-DHAVE_ALLOCA" 58 + "-DHAVE_ALLOCA_H" 59 + "-DHAVE_ATEXIT" 60 + "-DHAVE_DECL_BSD_SIGNAL=0" 61 + "-DHAVE_DECL_GETLOADAVG=0" 62 + "-DHAVE_DECL_SYS_SIGLIST=0" 63 + "-DHAVE_DECL__SYS_SIGLIST=0" 64 + "-DHAVE_DECL___SYS_SIGLIST=0" 65 + "-DHAVE_DIRENT_H" 66 + "-DHAVE_DUP2" 67 + "-DHAVE_FCNTL_H" 68 + "-DHAVE_FDOPEN" 69 + "-DHAVE_GETCWD" 70 + "-DHAVE_GETTIMEOFDAY" 71 + "-DHAVE_INTTYPES_H" 72 + "-DHAVE_ISATTY" 73 + "-DHAVE_LIMITS_H" 74 + "-DHAVE_LOCALE_H" 75 + "-DHAVE_MEMORY_H" 76 + "-DHAVE_MKTEMP" 77 + "-DHAVE_SA_RESTART" 78 + "-DHAVE_SETVBUF" 79 + "-DHAVE_SIGACTION" 80 + "-DHAVE_SIGSETMASK" 81 + "-DHAVE_STDINT_H" 82 + "-DHAVE_STDLIB_H" 83 + "-DHAVE_STRDUP" 84 + "-DHAVE_STRERROR" 85 + "-DHAVE_STRINGS_H" 86 + "-DHAVE_STRING_H" 87 + "-DHAVE_STRTOLL" 88 + "-DHAVE_SYS_FILE_H" 89 + "-DHAVE_SYS_PARAM_H" 90 + "-DHAVE_SYS_RESOURCE_H" 91 + "-DHAVE_SYS_SELECT_H" 92 + "-DHAVE_SYS_STAT_H" 93 + "-DHAVE_SYS_TIMEB_H" 94 + "-DHAVE_SYS_TIME_H" 95 + "-DHAVE_SYS_WAIT_H" 96 + "-DHAVE_TTYNAME" 97 + "-DHAVE_UMASK" 98 + "-DHAVE_UNISTD_H" 99 + "-DHAVE_WAITPID" 100 + "-DMAKE_JOBSERVER" 101 + "-DMAKE_SYMLINKS" 102 + "-DPATH_SEPARATOR_CHAR=':'" 103 + "-DSCCS_GET=\\\"get\\\"" 104 + "-DSTDC_HEADERS" 105 + "-Dsig_atomic_t=int" 106 + "-Dvfork=fork" 107 + ]; 108 + 109 + # Maintenance note: list of source files derived from Basic.mk 110 + make_SOURCES = [ 111 + "src/ar.c" 112 + "src/arscan.c" 113 + "src/commands.c" 114 + "src/default.c" 115 + "src/dir.c" 116 + "src/expand.c" 117 + "src/file.c" 118 + "src/function.c" 119 + "src/getopt.c" 120 + "src/getopt1.c" 121 + "src/guile.c" 122 + "src/hash.c" 123 + "src/implicit.c" 124 + "src/job.c" 125 + "src/load.c" 126 + "src/loadapi.c" 127 + "src/main.c" 128 + "src/misc.c" 129 + "src/output.c" 130 + "src/read.c" 131 + "src/remake.c" 132 + "src/rule.c" 133 + "src/shuffle.c" 134 + "src/signame.c" 135 + "src/strcache.c" 136 + "src/variable.c" 137 + "src/version.c" 138 + "src/vpath.c" 139 + ]; 140 + glob_SOURCES = [ "lib/fnmatch.c" "lib/glob.c" ]; 141 + remote_SOURCES = [ "src/remote-stub.c" ]; 142 + sources = make_SOURCES ++ glob_SOURCES ++ remote_SOURCES ++ [ 143 + "src/posixos.c" 144 + ]; 145 + 146 + objects = map (x: lib.replaceStrings [".c"] [".o"] (builtins.baseNameOf x)) sources; 147 + in 148 + runCommand "${pname}-${version}" { 149 + inherit pname version; 150 + 151 + nativeBuildInputs = [ tinycc gnupatch ]; 152 + 153 + meta = with lib; { 154 + description = "A tool to control the generation of non-source files from sources"; 155 + homepage = "https://www.gnu.org/software/make"; 156 + license = licenses.gpl3Plus; 157 + maintainers = with maintainers; [ emilytrau ]; 158 + mainProgram = "make"; 159 + platforms = platforms.unix; 160 + }; 161 + } '' 162 + # Unpack 163 + ungz --file ${src} --output make.tar 164 + untar --file make.tar 165 + rm make.tar 166 + cd make-${version} 167 + 168 + # Patch 169 + ${lib.concatMapStringsSep "\n" (f: "patch -Np1 -i ${f}") patches} 170 + 171 + # Configure 172 + catm src/config.h src/mkconfig.h src/mkcustom.h 173 + cp lib/glob.in.h lib/glob.h 174 + cp lib/fnmatch.in.h lib/fnmatch.h 175 + 176 + # Compile 177 + alias CC="tcc ${lib.concatStringsSep " " CFLAGS}" 178 + ${lib.concatMapStringsSep "\n" (f: "CC -c ${f}") sources} 179 + 180 + # Link 181 + CC -static -o make ${lib.concatStringsSep " " objects} 182 + 183 + # Check 184 + ./make --version 185 + 186 + # Install 187 + mkdir -p ''${out}/bin 188 + cp ./make ''${out}/bin 189 + chmod 555 ''${out}/bin/make 190 + ''

+107

pkgs/os-specific/linux/minimal-bootstrap/gnupatch/default.nix

··· 1 + { lib 2 + , runCommand 3 + , fetchurl 4 + , tinycc 5 + }: 6 + let 7 + pname = "gnupatch"; 8 + # 2.6.x and later use features not implemented in mes-libc (eg. quotearg.h) 9 + version = "2.5.9"; 10 + 11 + src = fetchurl { 12 + url = "mirror://gnu/patch/patch-${version}.tar.gz"; 13 + sha256 = "12nv7jx3gxfp50y11nxzlnmqqrpicjggw6pcsq0wyavkkm3cddgc"; 14 + }; 15 + 16 + # Thanks to the live-bootstrap project! 17 + # https://github.com/fosslinux/live-bootstrap/blob/1bc4296091c51f53a5598050c8956d16e945b0f5/sysa/patch-2.5.9/mk/main.mk 18 + CFLAGS = [ 19 + "-I." 20 + "-DHAVE_DECL_GETENV" 21 + "-DHAVE_DECL_MALLOC" 22 + "-DHAVE_DIRENT_H" 23 + "-DHAVE_LIMITS_H" 24 + "-DHAVE_GETEUID" 25 + "-DHAVE_MKTEMP" 26 + "-DPACKAGE_BUGREPORT=" 27 + "-Ded_PROGRAM=\\\"/nullop\\\"" 28 + "-Dmbstate_t=int" # When HAVE_MBRTOWC is not enabled uses of mbstate_t are always a no-op 29 + "-DRETSIGTYPE=int" 30 + "-DHAVE_MKDIR" 31 + "-DHAVE_RMDIR" 32 + "-DHAVE_FCNTL_H" 33 + "-DPACKAGE_NAME=\\\"patch\\\"" 34 + "-DPACKAGE_VERSION=\\\"${version}\\\"" 35 + "-DHAVE_MALLOC" 36 + "-DHAVE_REALLOC" 37 + "-DSTDC_HEADERS" 38 + "-DHAVE_STRING_H" 39 + "-DHAVE_STDLIB_H" 40 + ]; 41 + 42 + # Maintenance note: List of sources from Makefile.in 43 + SRCS = [ 44 + "addext.c" 45 + "argmatch.c" 46 + "backupfile.c" 47 + "basename.c" 48 + "dirname.c" 49 + "getopt.c" 50 + "getopt1.c" 51 + "inp.c" 52 + "maketime.c" 53 + "partime.c" 54 + "patch.c" 55 + "pch.c" 56 + "quote.c" 57 + "quotearg.c" 58 + "quotesys.c" 59 + "util.c" 60 + "version.c" 61 + "xmalloc.c" 62 + ]; 63 + sources = SRCS ++ [ 64 + # mes-libc doesn't implement `error()` 65 + "error.c" 66 + ]; 67 + 68 + objects = map (x: lib.replaceStrings [".c"] [".o"] (builtins.baseNameOf x)) sources; 69 + in 70 + runCommand "${pname}-${version}" { 71 + inherit pname version; 72 + 73 + nativeBuildInputs = [ tinycc ]; 74 + 75 + meta = with lib; { 76 + description = "GNU Patch, a program to apply differences to files"; 77 + homepage = "https://www.gnu.org/software/patch"; 78 + license = licenses.gpl3Plus; 79 + maintainers = with maintainers; [ emilytrau ]; 80 + mainProgram = "patch"; 81 + platforms = platforms.unix; 82 + }; 83 + } '' 84 + # Unpack 85 + ungz --file ${src} --output patch.tar 86 + untar --file patch.tar 87 + rm patch.tar 88 + cd patch-${version} 89 + 90 + # Configure 91 + catm config.h 92 + 93 + # Build 94 + alias CC="tcc ${lib.concatStringsSep " " CFLAGS}" 95 + ${lib.concatMapStringsSep "\n" (f: "CC -c ${f}") sources} 96 + 97 + # Link 98 + CC -static -o patch ${lib.concatStringsSep " " objects} 99 + 100 + # Check 101 + ./patch --version 102 + 103 + # Install 104 + mkdir -p ''${out}/bin 105 + cp ./patch ''${out}/bin 106 + chmod 555 ''${out}/bin/patch 107 + ''

+34 -10

pkgs/servers/http/couchdb/3.nix

··· 1 - { lib, stdenv, fetchurl, erlang, icu, openssl, spidermonkey_91 2 - , coreutils, bash, python3, nixosTests }: 1 + { lib 2 + , stdenv 3 + , fetchurl 4 + , erlang 5 + , icu 6 + , openssl 7 + , spidermonkey_91 8 + , python3 9 + , nixosTests 10 + }: 3 11 4 12 stdenv.mkDerivation rec { 5 13 pname = "couchdb"; 6 - version = "3.3.1"; 14 + version = "3.3.2"; 7 15 8 16 src = fetchurl { 9 17 url = "mirror://apache/couchdb/source/${version}/apache-${pname}-${version}.tar.gz"; 10 - sha256 = "sha256-m4nXtU9+9StCvVGmoKLTsbBszjld8smdjx9H+TVeK+4="; 18 + hash = "sha256-PWgj1C0Qzw1PhsnE/lnJkyyJ1oV4/LbEtCeNx2kwjao="; 11 19 }; 12 20 13 - nativeBuildInputs = [ 14 - erlang 15 - ]; 16 - buildInputs = [ icu openssl spidermonkey_91 (python3.withPackages(ps: with ps; [ requests ]))]; 17 21 postPatch = '' 18 22 substituteInPlace src/couch/rebar.config.script --replace '/usr/include/mozjs-91' "${spidermonkey_91.dev}/include/mozjs-91" 23 + substituteInPlace configure --replace '/usr/include/''${SM_HEADERS}' "${spidermonkey_91.dev}/include/mozjs-91" 19 24 patchShebangs bin/rebar 20 25 ''; 21 26 27 + nativeBuildInputs = [ 28 + erlang 29 + ]; 30 + 31 + buildInputs = [ 32 + icu 33 + openssl 34 + spidermonkey_91 35 + (python3.withPackages(ps: with ps; [ requests ])) 36 + ]; 37 + 22 38 dontAddPrefix= "True"; 23 - configureFlags = ["--spidermonkey-version=91"]; 24 - buildFlags = ["release"]; 39 + 40 + configureFlags = [ 41 + "--spidermonkey-version=91" 42 + ]; 43 + 44 + buildFlags = [ 45 + "release" 46 + ]; 25 47 26 48 installPhase = '' 49 + runHook preInstall 27 50 mkdir -p $out 28 51 cp -r rel/couchdb/* $out 52 + runHook postInstall 29 53 ''; 30 54 31 55 passthru.tests = {

+87 -40

pkgs/servers/ldap/lldap/default.nix

··· 1 - { fetchFromGitHub 1 + { binaryen 2 + , fetchFromGitHub 3 + , fetchpatch 2 4 , fetchzip 3 5 , lib 4 6 , lldap 5 7 , nixosTests 6 8 , rustPlatform 9 + , stdenv 10 + , wasm-bindgen-cli 11 + , wasm-pack 12 + , which 7 13 }: 8 14 9 15 let 10 - # We cannot build the wasm frontend from source, as the 11 - # wasm32-unknown-unknown rustc target isn't available in nixpkgs yet. 12 - # Tracking issue: https://github.com/NixOS/nixpkgs/issues/89426 13 - frontend = fetchzip { 14 - url = "https://github.com/lldap/lldap/releases/download/v${lldap.version}/amd64-lldap.tar.gz"; 15 - hash = "sha256-/Ml4L5Gxpnmt1pLSiLNuxtzQYjTCatsVe/hE+Btl8BI="; 16 - name = "lldap-frontend-${lldap.version}"; 17 - postFetch = '' 18 - mv $out $TMPDIR/extracted 19 - mv $TMPDIR/extracted/app $out 16 + 17 + # version of wasm-opt, with https://github.com/rustwasm/wasm-pack/pull/1257 backported 18 + wasm-pack-git = wasm-pack.overrideAttrs (oldAttrs: { 19 + version = oldAttrs.version + "-git"; 20 + patches = [(fetchpatch { 21 + url = "https://patch-diff.githubusercontent.com/raw/rustwasm/wasm-pack/pull/1257.patch"; 22 + sha256 = "sha256-npi9ewh0NaD67crTcje9AYxaLLOJOMzqjqEJXZF2LbQ="; 23 + })]; 24 + }); 25 + 26 + # replace with upstream wasm rustc, after resolution of 27 + # https://github.com/NixOS/nixpkgs/issues/89426 28 + rustc-wasm = (rustPlatform.rust.rustc.override { 29 + stdenv = stdenv.override { 30 + targetPlatform = stdenv.targetPlatform // { 31 + parsed = { 32 + cpu.name = "wasm32"; 33 + vendor.name = "unknown"; 34 + kernel.name = "unknown"; 35 + abi.name = "unknown"; 36 + }; 37 + }; 38 + }; 39 + }).overrideAttrs (attrs: { 40 + configureFlags = attrs.configureFlags ++ ["--set=build.docs=false"]; 41 + }); 42 + 43 + commonDerivationAttrs = rec { 44 + pname = "lldap"; 45 + version = "0.4.3"; 46 + 47 + src = fetchFromGitHub { 48 + owner = "lldap"; 49 + repo = "lldap"; 50 + rev = "v${version}"; 51 + hash = "sha256-FAUTykFh2eGVpx6LrCjV9xWbBPH8pCgAJv3vOXFMFZ4="; 52 + }; 53 + 54 + postPatch = '' 55 + ln -s --force ${./Cargo.lock} Cargo.lock 20 56 ''; 57 + 58 + # `Cargo.lock` has git dependencies, meaning can't use `cargoHash` 59 + cargoLock = { 60 + # 0.4.3 has been tagged before the actual Cargo.lock bump, resulting in an inconsitent lock file. 61 + # To work around this, the Cargo.lock below is from the commit right after the tag: 62 + # https://github.com/lldap/lldap/commit/7b4188a376baabda48d88fdca3a10756da48adda 63 + lockFile = ./Cargo.lock; 64 + outputHashes = { 65 + "lber-0.4.1" = "sha256-2rGTpg8puIAXggX9rEbXPdirfetNOHWfFc80xqzPMT4="; 66 + "opaque-ke-0.6.1" = "sha256-99gaDv7eIcYChmvOKQ4yXuaGVzo2Q6BcgSQOzsLF+fM="; 67 + "yew_form-0.1.8" = "sha256-1n9C7NiFfTjbmc9B5bDEnz7ZpYJo9ZT8/dioRXJ65hc="; 68 + }; 69 + }; 21 70 }; 22 - in 23 - rustPlatform.buildRustPackage rec { 24 - pname = "lldap"; 25 - version = "0.4.3"; 26 71 27 - src = fetchFromGitHub { 28 - owner = "lldap"; 29 - repo = "lldap"; 30 - rev = "v${version}"; 31 - hash = "sha256-FAUTykFh2eGVpx6LrCjV9xWbBPH8pCgAJv3vOXFMFZ4="; 32 - }; 72 + frontend = rustPlatform.buildRustPackage (commonDerivationAttrs // { 73 + pname = commonDerivationAttrs.pname + "-frontend"; 74 + 75 + nativeBuildInputs = [ 76 + wasm-pack-git wasm-bindgen-cli binaryen which rustc-wasm rustc-wasm.llvmPackages.lld 77 + ]; 78 + 79 + buildPhase = '' 80 + HOME=`pwd` RUSTFLAGS="-C linker=lld" ./app/build.sh 81 + ''; 82 + 83 + installPhase = '' 84 + mkdir -p $out 85 + cp -R app/{index.html,pkg,static} $out/ 86 + ''; 33 87 34 - # `Cargo.lock` has git dependencies, meaning can't use `cargoHash` 35 - cargoLock = { 36 - # 0.4.3 has been tagged before the actual Cargo.lock bump, resulting in an inconsitent lock file. 37 - # To work around this, the Cargo.lock below is from the commit right after the tag: 38 - # https://github.com/lldap/lldap/commit/7b4188a376baabda48d88fdca3a10756da48adda 39 - lockFile = ./Cargo.lock; 40 - outputHashes = { 41 - "lber-0.4.1" = "sha256-2rGTpg8puIAXggX9rEbXPdirfetNOHWfFc80xqzPMT4="; 42 - "opaque-ke-0.6.1" = "sha256-99gaDv7eIcYChmvOKQ4yXuaGVzo2Q6BcgSQOzsLF+fM="; 43 - "yew_form-0.1.8" = "sha256-1n9C7NiFfTjbmc9B5bDEnz7ZpYJo9ZT8/dioRXJ65hc="; 44 - }; 45 - }; 88 + doCheck = false; 89 + }); 46 90 91 + in rustPlatform.buildRustPackage (commonDerivationAttrs // { 47 92 patches = [ 48 93 ./static-frontend-path.patch 49 94 ]; 50 95 51 - postPatch = '' 52 - ln -s --force ${./Cargo.lock} Cargo.lock 96 + postPatch = commonDerivationAttrs.postPatch + '' 53 97 substituteInPlace server/src/infra/tcp_server.rs --subst-var-by frontend '${frontend}' 54 98 ''; 55 99 56 - passthru.tests = { 57 - inherit (nixosTests) lldap; 100 + passthru = { 101 + inherit frontend; 102 + tests = { 103 + inherit (nixosTests) lldap; 104 + }; 58 105 }; 59 106 60 107 meta = with lib; { 61 108 description = "A lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication"; 62 109 homepage = "https://github.com/lldap/lldap"; 63 - changelog = "https://github.com/lldap/lldap/blob/v${version}/CHANGELOG.md"; 110 + changelog = "https://github.com/lldap/lldap/blob/v${lldap.version}/CHANGELOG.md"; 64 111 license = licenses.gpl3Only; 65 112 platforms = platforms.linux; 66 - maintainers = with maintainers; [ indeednotjames ]; 113 + maintainers = with maintainers; [ indeednotjames bendlas ]; 67 114 }; 68 - } 115 + })

+2 -2

pkgs/servers/tailscale/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "tailscale"; 5 - version = "1.40.0"; 5 + version = "1.40.1"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "tailscale"; 9 9 repo = "tailscale"; 10 10 rev = "v${version}"; 11 - hash = "sha256-iPf3ams613VHPesbxoBaaw9eav5p781+wEmbJ+15yfY="; 11 + hash = "sha256-OCKWr62peDrh6zQVAS2iPPzgB1uZb1Fev23szvNNPkE="; 12 12 }; 13 13 vendorHash = "sha256-lirn07XE3JOS6oiwZBMwxzywkbXHowOJUMWWLrZtccY="; 14 14

+1

pkgs/top-level/aliases.nix

··· 236 236 clang13Stdenv = lowPrio llvmPackages_13.stdenv; 237 237 clang14Stdenv = lowPrio llvmPackages_14.stdenv; 238 238 clang15Stdenv = lowPrio llvmPackages_15.stdenv; 239 + clang16Stdenv = lowPrio llvmPackages_16.stdenv; 239 240 240 241 clangAnalyzer = throw "'clangAnalyzer' has been renamed to/replaced by 'clang-analyzer'"; # Converted to throw 2022-02-22 241 242 clasp = clingo; # added 2022-12-22

+4

pkgs/top-level/all-packages.nix

··· 31688 31688 31689 31689 kubecfg = callPackage ../applications/networking/cluster/kubecfg { }; 31690 31690 31691 + kubefirst = callPackage ../applications/networking/cluster/kubefirst { }; 31692 + 31691 31693 kube-score = callPackage ../applications/networking/cluster/kube-score { }; 31692 31694 31693 31695 kubectl-evict-pod = callPackage ../applications/networking/cluster/kubectl-evict-pod { ··· 39507 39509 terraform-landscape = callPackage ../applications/networking/cluster/terraform-landscape { }; 39508 39510 39509 39511 terragrunt = callPackage ../applications/networking/cluster/terragrunt { }; 39512 + 39513 + tfautomv = callPackage ../applications/networking/cluster/tfautomv { }; 39510 39514 39511 39515 terranix = callPackage ../applications/networking/cluster/terranix { }; 39512 39516

+2

pkgs/top-level/python-packages.nix

··· 873 873 874 874 aws-sam-translator = callPackage ../development/python-modules/aws-sam-translator { }; 875 875 876 + aws-secretsmanager-caching = callPackage ../development/python-modules/aws-secretsmanager-caching { }; 877 + 876 878 aws-xray-sdk = callPackage ../development/python-modules/aws-xray-sdk { }; 877 879 878 880 awscrt = callPackage ../development/python-modules/awscrt {