pyrox.dev / nixpkgs
lol
fork atom

Merge master into staging-next

authored by github-actions[bot] and committed by GitHub 115f2f78 4c0c8ac7

+113 -93
unified split
+1 -1
lib/tests/modules.sh
··· 313 313 314 314 ## Option collision 315 315 checkConfigError \ 316 - 'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integers. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \ 316 + 'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integer. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \ 317 317 config.set \ 318 318 ./declare-set.nix ./declare-enable-nested.nix 319 319
+3 -3
lib/types.nix
··· 397 397 398 398 listOf = elemType: mkOptionType rec { 399 399 name = "listOf"; 400 - description = "list of ${elemType.description}s"; 400 + description = "list of ${elemType.description}"; 401 401 check = isList; 402 402 merge = loc: defs: 403 403 map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def: ··· 426 426 427 427 attrsOf = elemType: mkOptionType rec { 428 428 name = "attrsOf"; 429 - description = "attribute set of ${elemType.description}s"; 429 + description = "attribute set of ${elemType.description}"; 430 430 check = isAttrs; 431 431 merge = loc: defs: 432 432 mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs: ··· 449 449 # error that it's not defined. Use only if conditional definitions don't make sense. 450 450 lazyAttrsOf = elemType: mkOptionType rec { 451 451 name = "lazyAttrsOf"; 452 - description = "lazy attribute set of ${elemType.description}s"; 452 + description = "lazy attribute set of ${elemType.description}"; 453 453 check = isAttrs; 454 454 merge = loc: defs: 455 455 zipAttrsWith (name: defs:
+21 -17
nixos/modules/security/wrappers/wrapper.c
··· 2 2 #include <stdio.h> 3 3 #include <string.h> 4 4 #include <unistd.h> 5 + #include <stdnoreturn.h> 5 6 #include <sys/types.h> 6 7 #include <sys/stat.h> 7 8 #include <sys/xattr.h> 8 9 #include <fcntl.h> 9 10 #include <dirent.h> 10 - #include <assert.h> 11 11 #include <errno.h> 12 12 #include <linux/capability.h> 13 13 #include <sys/prctl.h> ··· 16 16 #include <syscall.h> 17 17 #include <byteswap.h> 18 18 19 - // Make sure assertions are not compiled out, we use them to codify 20 - // invariants about this program and we want it to fail fast and 21 - // loudly if they are violated. 22 - #undef NDEBUG 19 + #define ASSERT(expr) ((expr) ? (void) 0 : assert_failure(#expr)) 23 20 24 21 extern char **environ; 25 22 ··· 37 34 #else 38 35 #define LE32_TO_H(x) (x) 39 36 #endif 37 + 38 + static noreturn void assert_failure(const char *assertion) { 39 + fprintf(stderr, "Assertion `%s` in NixOS's wrapper.c failed.\n", assertion); 40 + fflush(stderr); 41 + abort(); 42 + } 40 43 41 44 int get_last_cap(unsigned *last_cap) { 42 45 FILE* file = fopen("/proc/sys/kernel/cap_last_cap", "r"); ··· 167 170 } 168 171 169 172 int main(int argc, char **argv) { 173 + ASSERT(argc >= 1); 170 174 char *self_path = NULL; 171 175 int self_path_size = readlink_malloc("/proc/self/exe", &self_path); 172 176 if (self_path_size < 0) { ··· 181 185 int len = strlen(wrapper_dir); 182 186 if (len > 0 && '/' == wrapper_dir[len - 1]) 183 187 --len; 184 - assert(!strncmp(self_path, wrapper_dir, len)); 185 - assert('/' == wrapper_dir[0]); 186 - assert('/' == self_path[len]); 188 + ASSERT(!strncmp(self_path, wrapper_dir, len)); 189 + ASSERT('/' == wrapper_dir[0]); 190 + ASSERT('/' == self_path[len]); 187 191 188 192 // Make *really* *really* sure that we were executed as 189 193 // `self_path', and not, say, as some other setuid program. That 190 194 // is, our effective uid/gid should match the uid/gid of 191 195 // `self_path'. 192 196 struct stat st; 193 - assert(lstat(self_path, &st) != -1); 197 + ASSERT(lstat(self_path, &st) != -1); 194 198 195 - assert(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid())); 196 - assert(!(st.st_mode & S_ISGID) || (st.st_gid == getegid())); 199 + ASSERT(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid())); 200 + ASSERT(!(st.st_mode & S_ISGID) || (st.st_gid == getegid())); 197 201 198 202 // And, of course, we shouldn't be writable. 199 - assert(!(st.st_mode & (S_IWGRP | S_IWOTH))); 203 + ASSERT(!(st.st_mode & (S_IWGRP | S_IWOTH))); 200 204 201 205 // Read the path of the real (wrapped) program from <self>.real. 202 206 char real_fn[PATH_MAX + 10]; 203 207 int real_fn_size = snprintf(real_fn, sizeof(real_fn), "%s.real", self_path); 204 - assert(real_fn_size < sizeof(real_fn)); 208 + ASSERT(real_fn_size < sizeof(real_fn)); 205 209 206 210 int fd_self = open(real_fn, O_RDONLY); 207 - assert(fd_self != -1); 211 + ASSERT(fd_self != -1); 208 212 209 213 char source_prog[PATH_MAX]; 210 214 len = read(fd_self, source_prog, PATH_MAX); 211 - assert(len != -1); 212 - assert(len < sizeof(source_prog)); 213 - assert(len > 0); 215 + ASSERT(len != -1); 216 + ASSERT(len < sizeof(source_prog)); 217 + ASSERT(len > 0); 214 218 source_prog[len] = 0; 215 219 216 220 close(fd_self);
+1 -1
nixos/modules/services/misc/nitter.nix
··· 277 277 Add settings here to override NixOS module generated settings. 278 278 279 279 Check the official repository for the available settings: 280 - https://github.com/zedeus/nitter/blob/master/nitter.conf 280 + https://github.com/zedeus/nitter/blob/master/nitter.example.conf 281 281 ''; 282 282 }; 283 283
+21 -3
pkgs/applications/networking/cluster/k0sctl/default.nix
··· 1 1 { lib 2 2 , buildGoModule 3 3 , fetchFromGitHub 4 + , fetchpatch 5 + , installShellFiles 4 6 }: 5 7 6 8 buildGoModule rec { 7 9 pname = "k0sctl"; 8 - version = "0.11.4"; 10 + version = "0.12.6"; 9 11 10 12 src = fetchFromGitHub { 11 13 owner = "k0sproject"; 12 14 repo = pname; 13 15 rev = "v${version}"; 14 - sha256 = "sha256-Fk1aYSa3LqzxiHtlzH5pcNtodOprjfnCFh4UMqCa6Rc="; 16 + sha256 = "sha256-TkkMO6xBHY5t5Rpd0ieSDXMrnQ+Xdq+65Rk93ZkYcUs="; 15 17 }; 16 18 17 - vendorSha256 = "sha256-21C6wZ8lKQnbUg3aD0ZFVOgopblXyWk4WP/ubZVk3Yk="; 19 + vendorSha256 = "sha256-nTAuvHcsJiW0XYX5GM1SL8cnOhwdrj6iw8tuAkEWNzQ="; 20 + 21 + patches = [ 22 + (fetchpatch { 23 + url = "https://github.com/k0sproject/${pname}/commit/22c694ab0335a1e6146d0d3f939ef79d2c005a3d.patch"; 24 + sha256 = "sha256-Ftq/vbQd5ArdHboDt6NdyuqpFalHVnsQBdpmyDG/t5Q="; 25 + }) 26 + ]; 18 27 19 28 ldflags = [ 20 29 "-s" ··· 22 31 "-X github.com/k0sproject/k0sctl/version.Environment=production" 23 32 "-X github.com/k0sproject/k0sctl/version.Version=${version}" 24 33 ]; 34 + 35 + nativeBuildInputs = [ installShellFiles ]; 36 + 37 + postInstall = '' 38 + for shell in bash zsh fish; do 39 + installShellCompletion --cmd ${pname} \ 40 + --$shell <($out/bin/${pname} completion --shell $shell) 41 + done 42 + ''; 25 43 26 44 meta = with lib; { 27 45 description = "A bootstrapping and management tool for k0s clusters.";
+2 -2
pkgs/applications/networking/cluster/tilt/default.nix
··· 5 5 /* Do not use "dev" as a version. If you do, Tilt will consider itself 6 6 running in development environment and try to serve assets from the 7 7 source tree, which is not there once build completes. */ 8 - version = "0.26.3"; 8 + version = "0.30.0"; 9 9 10 10 src = fetchFromGitHub { 11 11 owner = "tilt-dev"; 12 12 repo = pname; 13 13 rev = "v${version}"; 14 - sha256 = "sha256-jrVf6vNlEkTgALS93o3kIiticvsyFHm5oA2Fh1edAGY="; 14 + sha256 = "sha256-bZYm9T3NRNNtT8RDGwnXcXC7Rb/GuIxI/U06By4gR/w="; 15 15 }; 16 16 vendorSha256 = null; 17 17
+6 -13
pkgs/applications/video/mpc-qt/default.nix
··· 1 - { lib, stdenv, mkDerivation, fetchFromGitLab, fetchpatch, pkg-config, qmake, qtx11extras, qttools, mpv }: 1 + { lib, stdenv, mkDerivation, fetchFromGitHub, pkg-config, qmake, qtx11extras, qttools, mpv }: 2 2 3 3 mkDerivation rec { 4 4 pname = "mpc-qt"; 5 - version = "2019-06-09"; 5 + version = "22.02"; 6 6 7 - src = fetchFromGitLab { 7 + src = fetchFromGitHub { 8 8 owner = "mpc-qt"; 9 9 repo = "mpc-qt"; 10 - rev = "2abe6e7fc643068d50522468fe75d614861555ad"; 11 - sha256 = "1cis8dl9pm91mpnp696zvwsfp96gkwr8jgs45anbwd7ldw78w4x5"; 10 + rev = "v${version}"; 11 + sha256 = "sha256-DRbNDrWnaTT4A0dRFAv9MX/MDwV/rXIw+R8fQJmVN+g="; 12 12 }; 13 13 14 - patches = [ 15 - (fetchpatch { 16 - url = "https://gitlab.com/mpc-qt/mpc-qt/-/commit/02f2bc7a22e863a89ba322b9acb61cf1aef23ba0.diff"; 17 - sha256 = "0khld55i194zgi18d0wch5459lfzzkbfdbl1im8akvq8ks5xijis"; 18 - }) 19 - ]; 20 - 21 14 nativeBuildInputs = [ pkg-config qmake qttools ]; 22 15 23 16 buildInputs = [ mpv qtx11extras ]; ··· 26 19 27 20 meta = with lib; { 28 21 description = "Media Player Classic Qute Theater"; 29 - homepage = "https://gitlab.com/mpc-qt/mpc-qt"; 22 + homepage = "https://mpc-qt.github.io"; 30 23 license = licenses.gpl2; 31 24 platforms = platforms.unix; 32 25 broken = stdenv.isDarwin;
+2 -2
pkgs/development/libraries/bullet/default.nix
··· 11 11 12 12 stdenv.mkDerivation rec { 13 13 pname = "bullet"; 14 - version = "3.22b"; 14 + version = "3.23"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "bulletphysics"; 18 18 repo = "bullet3"; 19 19 rev = version; 20 - sha256 = "sha256-hf2b7enh9mziPKFcdU8NwLdhcxhV7Ididf9Bwwa+5/M="; 20 + sha256 = "sha256-XZpwCVfSJD3W93BJrGefy3dGrevNzChU+TrKalMpY4Q="; 21 21 }; 22 22 23 23 nativeBuildInputs = [ cmake ];
+2 -2
pkgs/development/libraries/libdigidocpp/default.nix
··· 2 2 , xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }: 3 3 4 4 stdenv.mkDerivation rec { 5 - version = "3.14.7"; 5 + version = "3.14.8"; 6 6 pname = "libdigidocpp"; 7 7 8 8 src = fetchurl { 9 9 url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz"; 10 - sha256 = "sha256-QdctW2+T8kPNUJv30pXZ/qfnw1Uhq6gScSjUI+bZMfY="; 10 + sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg="; 11 11 }; 12 12 13 13 nativeBuildInputs = [ cmake pkg-config xxd ];
+2 -2
pkgs/development/nim-packages/jsony/default.nix
··· 2 2 3 3 buildNimPackage rec { 4 4 pname = "jsony"; 5 - version = "1.1.3"; 5 + version = "d0e69bddf83874e15b5c2f52f8b1386ac080b443"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "treeform"; 9 9 repo = pname; 10 10 rev = version; 11 - hash = "sha256-jtUCoqwCmE536Kpv/vZxGgqiHyReZf1WOiBdUzmMhM4="; 11 + sha256 = "1p250wb97nzz2g0vvq6mn521fx7sn1jpk1ralbzqh5q8clh4g7wr"; 12 12 }; 13 13 14 14 doCheck = true;
+2 -2
pkgs/development/nim-packages/supersnappy/default.nix
··· 3 3 fetchFromGitHub { 4 4 owner = "guzba"; 5 5 repo = "supersnappy"; 6 - rev = "1.1.5"; 7 - sha256 = "1y26sgnszvdf5sn7j0jx2dpd4i03mvbk9i9ni9kbyrs798bjwi6z"; 6 + rev = "2.1.1"; 7 + sha256 = "03df1qgrbp84swhqy12ansyn951lkaw0kf1arbnki4fkgdnqdamf"; 8 8 }
+3 -3
pkgs/development/python-modules/pycep-parser/default.nix
··· 12 12 13 13 buildPythonPackage rec { 14 14 pname = "pycep-parser"; 15 - version = "0.3.4"; 15 + version = "0.3.5"; 16 16 format = "pyproject"; 17 17 18 18 disabled = pythonOlder "3.7"; ··· 20 20 src = fetchFromGitHub { 21 21 owner = "gruebel"; 22 22 repo = "pycep"; 23 - rev = version; 24 - hash = "sha256-o2sYPvZVevDqZV8EtKWTL2zHHzX2kmTZ4iVHsUhFv7M="; 23 + rev = "refs/tags/${version}"; 24 + hash = "sha256-Nj/drNRSIBh8DaE+vzQRijQg8NVUK5qBClwU3aWiA48="; 25 25 }; 26 26 27 27 nativeBuildInputs = [
+2 -2
pkgs/development/python-modules/pyskyqhub/default.nix
··· 7 7 8 8 buildPythonPackage rec { 9 9 pname = "pyskyqhub"; 10 - version = "0.1.8"; 10 + version = "0.1.9"; 11 11 format = "setuptools"; 12 12 13 13 disabled = pythonOlder "3.8"; ··· 16 16 owner = "RogerSelwyn"; 17 17 repo = "skyq_hub"; 18 18 rev = version; 19 - sha256 = "sha256-1KNgF3d5w+aNKNkOZVkdD3VVLz/F8NyQ5MxO1UaWrFk="; 19 + sha256 = "sha256-yXqtABbsCh1yb96lsEA0gquikVenGLCo6J93AeXAC8k="; 20 20 }; 21 21 22 22 propagatedBuildInputs = [
+3
pkgs/development/python-modules/sanic/default.nix
··· 82 82 83 83 # needed for relative paths for some packages 84 84 cd tests 85 + '' + lib.optionalString stdenv.isDarwin '' 86 + # OSError: [Errno 24] Too many open files 87 + ulimit -n 1024 85 88 ''; 86 89 87 90 # uvloop usage is buggy
+5 -6
pkgs/development/tools/ocaml/merlin/4.x.nix
··· 15 15 }: 16 16 17 17 let 18 - merlinVersion = "4.4"; 18 + merlinVersion = "4.5"; 19 19 20 20 hashes = { 21 - "4.4-411" = "sha256:0chx28098mmnjbnaz5wgzsn82rh1w9dhzqmsykb412cq13msl1q4"; 22 - "4.4-412" = "sha256:18xjpsiz7xbgjdnsxfc52l7yfh22harj0birlph4xm42d14pkn0n"; 23 - "4.4-413" = "sha256:1ilmh2gqpwgr51w2ba8r0s5zkj75h00wkw4az61ssvivn9jxr7k0"; 21 + "4.5-411" = "sha256:05nz6y7r91rh0lj8b6xdv3s3yknmvjc7y60v17kszgqnr887bvpn"; 22 + "4.5-412" = "sha256:0i5c3rfzinmwdjya7gv94zyknsm32qx9dlg472xpfqivwvnnhf1z"; 23 + "4.5-413" = "sha256:1sphq9anfg1qzrvj7hdcqflj6cmc1qiyfkljhng9fxnnr0i7550s"; 24 + "4.5-414" = "sha256:13h588kwih05zd9p3p7q528q4zc0d1l983kkvbmkxgay5d17nn1i"; 24 25 }; 25 26 26 27 ocamlVersionShorthand = lib.concatStrings ··· 54 55 # Fixed in 4.4 for OCaml ≥ 4.12 55 56 ./test.patch 56 57 ; 57 - 58 - useDune2 = true; 59 58 60 59 strictDeps = true; 61 60
+4 -3
pkgs/servers/nitter/default.nix
··· 2 2 3 3 nimPackages.buildNimPackage rec { 4 4 pname = "nitter"; 5 - version = "unstable-2022-03-21"; 5 + version = "unstable-2022-05-13"; 6 6 nimBinOnly = true; 7 7 8 8 src = fetchFromGitHub { 9 9 owner = "zedeus"; 10 10 repo = "nitter"; 11 - rev = "6884f05041a9b8619ec709afacdfdd6482a120a0"; 12 - sha256 = "1mnc6jqljpqp9lgcrxxvf3aiswssr34v139cxfbwlmj45swmsazh"; 11 + rev = "683c052036b268028f0ecae020a1519bc586516d"; 12 + sha256 = "179z66jlwbdarrgvpdh8aqy2ihkiakd22wqydrfgpsgr59ma8fgl"; 13 13 }; 14 14 15 15 buildInputs = with nimPackages; [ ··· 29 29 30 30 postBuild = '' 31 31 nim c --hint[Processing]:off -r tools/gencss 32 + nim c --hint[Processing]:off -r tools/rendermd 32 33 ''; 33 34 34 35 postInstall = ''
+10 -30
pkgs/tools/security/clamav/default.nix
··· 1 - { lib, stdenv, fetchurl, pkg-config 1 + { lib, stdenv, fetchurl, pkg-config, cmake 2 2 , zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 3 3 , libmspack, systemd, Foundation, json_c, check 4 + , rustc, rust-bindgen, rustfmt, cargo, python3 4 5 }: 5 6 6 7 stdenv.mkDerivation rec { 7 8 pname = "clamav"; 8 - version = "0.103.6"; 9 + version = "0.105.0"; 9 10 10 11 src = fetchurl { 11 12 url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; 12 - sha256 = "sha256-qqEuPcGfHTI7HFDXoQ+or1V+Q5AUnoZNWb3jm2rZujM="; 13 + sha256 = "sha256-JwIDpUxFgEnbVPzZNoP/Wy2xkVHzY8SOgs7O/d4rNdQ="; 13 14 }; 14 15 15 - # don't install sample config files into the absolute sysconfdir folder 16 - postPatch = '' 17 - substituteInPlace Makefile.in --replace ' etc ' ' ' 18 - ''; 16 + # Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed 17 + patches = [ ./remove-freshclam-test.patch ]; 19 18 20 19 enableParallelBuilding = true; 21 - nativeBuildInputs = [ pkg-config ]; 20 + nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ]; 22 21 buildInputs = [ 23 22 zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check 24 23 ] ++ lib.optional stdenv.isLinux systemd 25 24 ++ lib.optional stdenv.isDarwin Foundation; 26 25 27 - configureFlags = [ 28 - "--libdir=$(out)/lib" 29 - "--sysconfdir=/etc/clamav" 30 - "--disable-llvm" # enabling breaks the build at the moment 31 - "--with-zlib=${zlib.dev}" 32 - "--with-xml=${libxml2.dev}" 33 - "--with-openssl=${openssl.dev}" 34 - "--with-libcurl=${curl.dev}" 35 - "--with-libjson=${json_c.dev}" 36 - "--with-system-libmspack" 37 - "--enable-milter" 38 - "--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly 39 - "--enable-check" 40 - ] ++ lib.optional stdenv.isLinux 41 - "--with-systemdsystemunitdir=$(out)/lib/systemd"; 42 - 43 - postInstall = '' 44 - mkdir $out/etc 45 - cp etc/*.sample $out/etc 46 - ''; 26 + cmakeFlags = [ 27 + "-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd" 28 + ]; 47 29 48 - # Only required for the unit tests 49 - hardeningDisable = [ "format" ]; 50 30 doCheck = true; 51 31 52 32 meta = with lib; {
+20
pkgs/tools/security/clamav/remove-freshclam-test.patch
··· 1 + diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt 2 + index 1460357ba..1194abc9d 100644 3 + --- a/unit_tests/CMakeLists.txt 4 + +++ b/unit_tests/CMakeLists.txt 5 + @@ -371,15 +371,6 @@ if(ENABLE_APP) 6 + set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE}) 7 + endif() 8 + 9 + - add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py 10 + - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) 11 + - set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT}) 12 + - if(Valgrind_FOUND) 13 + - add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py 14 + - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) 15 + - set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE}) 16 + - endif() 17 + - 18 + add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py 19 + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) 20 + set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT})
+3 -1
pkgs/top-level/all-packages.nix
··· 34706 34706 34707 34707 tgswitch = callPackage ../applications/networking/cluster/tgswitch {}; 34708 34708 34709 - tilt = callPackage ../applications/networking/cluster/tilt { }; 34709 + tilt = callPackage ../applications/networking/cluster/tilt { 34710 + buildGoModule = buildGo118Module; 34711 + }; 34710 34712 34711 34713 timeular = callPackage ../applications/office/timeular {}; 34712 34714