Merge master into staging-next · pyrox.dev/nixpkgs@182d247

pyrox.dev / nixpkgs

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

lol

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

Merge master into staging-next

authored by

github-actions[bot] and committed by

GitHub 2 years ago 182d2470 11e181f0

+454 -190

40 changed files

expand all collapse all

maintainers

maintainer-list.nix

nixos

doc

manual

development

option-declarations.section.md

modules

programs

yazi.nix

tests

kernel-generic.nix

pkgs

applications

networking

cluster

nixops

plugins

nixops-aws.nix

nixops-digitalocean.nix

nixops-encrypted-links.nix

nixops-gce.nix

nixops-hercules-ci.nix

nixops-hetzner.nix

nixops-hetznercloud.nix

nixops-libvirtd.nix

nixops-vbox.nix

nixos-modules-contrib.nix

unwrapped.nix

mullvad-vpn

default.nix

window-managers

hyprwm

hyprland

default.nix

by-name

cargo-features-manager

package.nix

consul

package.nix

eksctl

package.nix

hyprwayland-scanner

package.nix

picom-pijulius

package.nix

pynitrokey

package.nix

yazi

package.nix

yazi-unwrapped

package.nix

development

compilers

circt

circt-llvm.nix

default.nix

python-modules

spsdk

default.nix

torch

default.nix

torchaudio

default.nix

tools

continuous-integration

buildbot

master.nix

pkg.nix

plugins.nix

worker.nix

os-specific

linux

kernel

hardened

patches.json

update.py

servers

telegram-bot-api

default.nix

tools

security

nitrokey-app2

default.nix

top-level

all-packages.nix

linux-kernels.nix

maintainers/maintainer-list.nix

reviewed

··· 6839 6839 fingerprint = "B722 6464 838F 8BDB 2BEA C8C8 5B0E FDDF BA81 6105"; 6840 6840 }]; 6841 6841 }; 6842 6842 + Forden = { 6843 6843 + email = "forden@zuku.tech"; 6844 6844 + github = "Forden"; 6845 6845 + githubId = 24463229; 6846 6846 + name = "Forden"; 6847 6847 + }; 6842 6848 forkk = { 6843 6849 email = "forkk@forkk.net"; 6844 6850 github = "Forkk";

+1 -1

nixos/doc/manual/development/option-declarations.section.md

reviewed

··· 173 173 174 174 ## Extensible Option Types {#sec-option-declarations-eot} 175 175 176 176 - Extensible option types is a feature that allow to extend certain types 176 176 + Extensible option types is a feature that allows to extend certain types 177 177 declaration through multiple module files. This feature only work with a 178 178 restricted set of types, namely `enum` and `submodules` and any composed 179 179 forms of them.

+51 -12

nixos/modules/programs/yazi.nix

reviewed

··· 5 5 6 6 settingsFormat = pkgs.formats.toml { }; 7 7 8 8 - names = [ "yazi" "theme" "keymap" ]; 8 8 + files = [ "yazi" "theme" "keymap" ]; 9 9 in 10 10 { 11 11 options.programs.yazi = { ··· 15 15 16 16 settings = lib.mkOption { 17 17 type = with lib.types; submodule { 18 18 - options = lib.listToAttrs (map 18 18 + options = (lib.listToAttrs (map 19 19 (name: lib.nameValuePair name (lib.mkOption { 20 20 inherit (settingsFormat) type; 21 21 default = { }; ··· 25 25 See https://yazi-rs.github.io/docs/configuration/${name}/ for documentation. 26 26 ''; 27 27 })) 28 28 - names); 28 28 + files)); 29 29 }; 30 30 default = { }; 31 31 description = '' 32 32 Configuration included in `$YAZI_CONFIG_HOME`. 33 33 ''; 34 34 }; 35 35 + 36 36 + initLua = lib.mkOption { 37 37 + type = with lib.types; nullOr path; 38 38 + default = null; 39 39 + description = '' 40 40 + The init.lua for Yazi itself. 41 41 + ''; 42 42 + example = lib.literalExpression "./init.lua"; 43 43 + }; 44 44 + 45 45 + plugins = lib.mkOption { 46 46 + type = with lib.types; attrsOf (oneOf [ path package ]); 47 47 + default = { }; 48 48 + description = '' 49 49 + Lua plugins. 50 50 + 51 51 + See https://yazi-rs.github.io/docs/plugins/overview/ for documentation. 52 52 + ''; 53 53 + example = lib.literalExpression '' 54 54 + { 55 55 + foo = ./foo; 56 56 + bar = pkgs.bar; 57 57 + } 58 58 + ''; 59 59 + }; 60 60 + 61 61 + flavors = lib.mkOption { 62 62 + type = with lib.types; attrsOf (oneOf [ path package ]); 63 63 + default = { }; 64 64 + description = '' 65 65 + Pre-made themes. 66 66 + 67 67 + See https://yazi-rs.github.io/docs/flavors/overview/ for documentation. 68 68 + ''; 69 69 + example = lib.literalExpression '' 70 70 + { 71 71 + foo = ./foo; 72 72 + bar = pkgs.bar; 73 73 + } 74 74 + ''; 75 75 + }; 76 76 + 35 77 }; 36 78 37 79 config = lib.mkIf cfg.enable { 38 38 - environment = { 39 39 - systemPackages = [ cfg.package ]; 40 40 - variables.YAZI_CONFIG_HOME = "/etc/yazi/"; 41 41 - etc = lib.attrsets.mergeAttrsList (map 42 42 - (name: lib.optionalAttrs (cfg.settings.${name} != { }) { 43 43 - "yazi/${name}.toml".source = settingsFormat.generate "${name}.toml" cfg.settings.${name}; 44 44 - }) 45 45 - names); 46 46 - }; 80 80 + environment.systemPackages = [ 81 81 + (cfg.package.override { 82 82 + inherit (cfg) settings initLua plugins flavors; 83 83 + }) 84 84 + ]; 47 85 }; 86 86 + 48 87 meta = { 49 88 maintainers = with lib.maintainers; [ linsui ]; 50 89 };

nixos/tests/kernel-generic.nix

reviewed

··· 31 31 linux_5_15_hardened 32 32 linux_6_1_hardened 33 33 linux_6_6_hardened 34 34 + linux_6_8_hardened 34 35 linux_rt_5_4 35 36 linux_rt_5_10 36 37 linux_rt_5_15

+4 -2

pkgs/applications/networking/cluster/nixops/plugins/nixops-aws.nix

reviewed

··· 12 12 13 13 buildPythonPackage { 14 14 pname = "nixops-aws"; 15 15 - version = "unstable-2024-02-29"; 15 15 + version = "1.0.0-unstable-2024-02-29"; 16 16 pyproject = true; 17 17 18 18 src = fetchFromGitHub { ··· 45 45 46 46 pythonImportsCheck = [ "nixops_aws" ]; 47 47 48 48 - passthru.updateScript = unstableGitUpdater {}; 48 48 + passthru.updateScript = unstableGitUpdater { 49 49 + tagPrefix = "v"; 50 50 + }; 49 51 50 52 meta = with lib; { 51 53 description = "AWS plugin for NixOps";

+1 -1

pkgs/applications/networking/cluster/nixops/plugins/nixops-digitalocean.nix

reviewed

··· 10 10 11 11 buildPythonPackage { 12 12 pname = "nixops-digitalocean"; 13 13 - version = "unstable-2022-08-14"; 13 13 + version = "0.1.0-unstable-2022-08-14"; 14 14 pyproject = true; 15 15 16 16 disabled = pythonOlder "3.7";

+1 -1

pkgs/applications/networking/cluster/nixops/plugins/nixops-encrypted-links.nix

reviewed

··· 8 8 9 9 buildPythonPackage { 10 10 pname = "nixops-encrypted-links"; 11 11 - version = "unstable-2021-02-16"; 11 11 + version = "0-unstable-2021-02-16"; 12 12 pyproject = true; 13 13 14 14 src = fetchFromGitHub {

+1 -1

pkgs/applications/networking/cluster/nixops/plugins/nixops-gce.nix

reviewed

··· 11 11 12 12 buildPythonPackage { 13 13 pname = "nixops-gce"; 14 14 - version = "unstable-2023-05-26"; 14 14 + version = "0-unstable-2023-05-26"; 15 15 pyproject = true; 16 16 17 17 src = fetchFromGitHub {

+1 -1

pkgs/applications/networking/cluster/nixops/plugins/nixops-hercules-ci.nix

reviewed

··· 8 8 9 9 buildPythonPackage { 10 10 pname = "nixops-hercules-ci"; 11 11 - version = "unstable-2021-10-06"; 11 11 + version = "0-unstable-2021-10-06"; 12 12 pyproject = true; 13 13 14 14 src = fetchFromGitHub {

+4 -2

pkgs/applications/networking/cluster/nixops/plugins/nixops-hetzner.nix

reviewed

··· 11 11 12 12 buildPythonPackage { 13 13 pname = "nixops-hetzner"; 14 14 - version = "unstable-2022-04-23"; 14 14 + version = "1.0.1-unstable-2022-04-24"; 15 15 pyproject = true; 16 16 17 17 src = fetchFromGitHub { ··· 43 43 44 44 pythonImportsCheck = [ "nixops_hetzner" ]; 45 45 46 46 - passthru.updateScript = unstableGitUpdater {}; 46 46 + passthru.updateScript = unstableGitUpdater { 47 47 + tagPrefix = "v"; 48 48 + }; 47 49 48 50 meta = with lib; { 49 51 description = "Hetzner bare metal NixOps plugin";

+1 -1

pkgs/applications/networking/cluster/nixops/plugins/nixops-hetznercloud.nix

reviewed

··· 10 10 11 11 buildPythonPackage { 12 12 pname = "nixops-hetznercloud"; 13 13 - version = "unstable-2023-02-19"; 13 13 + version = "0-unstable-2023-02-19"; 14 14 pyproject = true; 15 15 16 16 src = fetchFromGitHub {

+4 -2

pkgs/applications/networking/cluster/nixops/plugins/nixops-libvirtd.nix

reviewed

··· 9 9 10 10 buildPythonPackage { 11 11 pname = "nixops-libvirtd"; 12 12 - version = "unstable-2023-09-01"; 12 12 + version = "1.0.0-unstable-2023-09-01"; 13 13 pyproject = true; 14 14 15 15 src = fetchFromGitHub { ··· 39 39 40 40 pythonImportsCheck = [ "nixops_virtd" ]; 41 41 42 42 - passthru.updateScript = unstableGitUpdater {}; 42 42 + passthru.updateScript = unstableGitUpdater { 43 43 + tagPrefix = "v"; 44 44 + }; 43 45 44 46 meta = with lib; { 45 47 description = "NixOps libvirtd backend plugin";

+4 -2

pkgs/applications/networking/cluster/nixops/plugins/nixops-vbox.nix

reviewed

··· 8 8 9 9 buildPythonPackage { 10 10 pname = "nixops-vbox"; 11 11 - version = "unstable-2023-08-10"; 11 11 + version = "1.0.0-unstable-2023-08-10"; 12 12 pyproject = true; 13 13 14 14 src = fetchFromGitHub { ··· 34 34 35 35 pythonImportsCheck = [ "nixopsvbox" ]; 36 36 37 37 - passthru.updateScript = unstableGitUpdater {}; 37 37 + passthru.updateScript = unstableGitUpdater { 38 38 + tagPrefix = "v"; 39 39 + }; 38 40 39 41 meta = with lib; { 40 42 description = "NixOps plugin for VirtualBox VMs";

+1 -1

pkgs/applications/networking/cluster/nixops/plugins/nixos-modules-contrib.nix

reviewed

··· 8 8 9 9 buildPythonPackage { 10 10 pname = "nixos-modules-contrib"; 11 11 - version = "unstable-2021-01-20"; 11 11 + version = "0-unstable-2021-01-20"; 12 12 pyproject = true; 13 13 14 14 src = fetchFromGitHub {

+4 -2

pkgs/applications/networking/cluster/nixops/unwrapped.nix

reviewed

··· 13 13 14 14 buildPythonApplication rec { 15 15 pname = "nixops"; 16 16 - version = "unstable-2024-02-28"; 16 16 + version = "1.7-unstable-2024-02-28"; 17 17 pyproject = true; 18 18 19 19 src = fetchFromGitHub { ··· 51 51 52 52 passthru = { 53 53 tests.nixos = nixosTests.nixops.unstable; 54 54 - updateScript = unstableGitUpdater {}; 54 54 + updateScript = unstableGitUpdater { 55 55 + tagPrefix = "v"; 56 56 + }; 55 57 }; 56 58 57 59 meta = with lib; {

pkgs/applications/networking/mullvad-vpn/default.nix

reviewed

··· 122 122 wrapProgram $out/bin/mullvad-daemon \ 123 123 --set-default MULLVAD_RESOURCE_DIR "$out/share/mullvad/resources" 124 124 125 125 + wrapProgram $out/bin/mullvad-gui \ 126 126 + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" 127 127 + 125 128 sed -i "s|Exec.*$|Exec=$out/bin/mullvad-vpn $U|" $out/share/applications/mullvad-vpn.desktop 126 129 127 130 runHook postInstall

+35 -27

pkgs/applications/window-managers/hyprwm/hyprland/default.nix

reviewed

··· 8 8 , ninja 9 9 , binutils 10 10 , cairo 11 11 + , epoll-shim 11 12 , git 12 13 , hyprcursor 13 14 , hyprland-protocols 14 15 , hyprlang 16 16 + , hyprwayland-scanner 15 17 , jq 16 18 , libGL 17 19 , libdrm 18 20 , libexecinfo 19 21 , libinput 20 20 - , libxcb 22 22 + , libuuid 21 23 , libxkbcommon 22 24 , mesa 23 25 , pango 24 26 , pciutils 27 27 + , pkgconf 25 28 , python3 26 29 , systemd 27 30 , tomlplusplus 28 31 , wayland 29 32 , wayland-protocols 30 33 , wayland-scanner 31 31 - , xcbutilwm 32 34 , xwayland 33 35 , hwdata 34 36 , seatd ··· 51 53 52 54 stdenv.mkDerivation (finalAttrs: { 53 55 pname = "hyprland" + lib.optionalString debug "-debug"; 54 54 - version = "0.39.1"; 56 56 + version = "0.40.0-unstable-2024-05-12"; 57 57 + 55 58 src = fetchFromGitHub { 56 59 owner = "hyprwm"; 57 60 repo = finalAttrs.pname; 58 61 fetchSubmodules = true; 59 59 - rev = "v${finalAttrs.version}"; 60 60 - hash = "sha256-7L5rqQRYH2iyyP5g3IdXJSlATfgnKhuYMf65E48MVKw="; 62 62 + rev = "2ccd45a84475fab46c6fecd2fe226d3173104743"; 63 63 + hash = "sha256-nBCQuRl4sS/G/OUS+txeelFShBEgSk2OrN6kBYMHuOg="; 61 64 }; 62 65 63 66 postPatch = '' 64 67 # Fix hardcoded paths to /usr installation 65 68 sed -i "s#/usr#$out#" src/render/OpenGL.cpp 66 69 67 67 - # Generate version.h 68 68 - cp src/version.h.in src/version.h 69 69 - substituteInPlace src/version.h \ 70 70 - --replace-fail "@HASH@" '${finalAttrs.src.rev}' \ 71 71 - --replace-fail "@BRANCH@" "" \ 72 72 - --replace-fail "@MESSAGE@" "" \ 73 73 - --replace-fail "@DATE@" "2024-04-16" \ 74 74 - --replace-fail "@TAG@" "" \ 75 75 - --replace-fail "@DIRTY@" "" 70 70 + # Remove extra @PREFIX@ to fix pkg-config paths 71 71 + sed -i "s#@PREFIX@/##g" hyprland.pc.in 76 72 ''; 77 73 74 74 + # used by version.sh 75 75 + DATE = "2024-05-12"; 76 76 + HASH = finalAttrs.src.rev; 77 77 + 78 78 depsBuildBuild = [ 79 79 # to find wayland-scanner when cross-compiling 80 80 pkg-config ··· 82 82 83 83 nativeBuildInputs = [ 84 84 hwdata 85 85 + hyprwayland-scanner 85 86 jq 86 87 makeWrapper 87 87 - meson 88 88 + cmake 89 89 + meson # for wlroots 88 90 ninja 89 91 pkg-config 90 92 wayland-scanner 91 91 - cmake # for subproject udis86 92 92 - python3 93 93 + python3 # for udis86 93 94 ]; 94 95 95 96 outputs = [ ··· 107 108 libGL 108 109 libdrm 109 110 libinput 111 111 + libuuid 110 112 libxkbcommon 111 113 mesa 112 114 wayland ··· 121 123 xorg.xcbutilerrors 122 124 xorg.xcbutilrenderutil 123 125 ] 126 126 + ++ lib.optionals stdenv.hostPlatform.isBSD [ epoll-shim ] 124 127 ++ lib.optionals stdenv.hostPlatform.isMusl [ libexecinfo ] 125 125 - ++ lib.optionals enableXWayland [ libxcb xcbutilwm xwayland ] 128 128 + ++ lib.optionals enableXWayland [ 129 129 + xorg.libxcb 130 130 + xorg.libXdmcp 131 131 + xorg.xcbutil 132 132 + xorg.xcbutilwm 133 133 + xwayland 134 134 + ] 126 135 ++ lib.optionals withSystemd [ systemd ]; 127 136 128 128 - mesonBuildType = 137 137 + cmakeBuildType = 129 138 if debug 130 130 - then "debug" 131 131 - else "release"; 139 139 + then "Debug" 140 140 + else "RelWithDebInfo"; 132 141 133 133 - mesonAutoFeatures = "enabled"; 134 142 135 135 - mesonFlags = [ 136 136 - (lib.mesonEnable "xwayland" enableXWayland) 137 137 - (lib.mesonEnable "legacy_renderer" legacyRenderer) 138 138 - (lib.mesonEnable "systemd" withSystemd) 143 143 + cmakeFlags = [ 144 144 + (lib.cmakeBool "NO_XWAYLAND" (!enableXWayland)) 145 145 + (lib.cmakeBool "LEGACY_RENDERER" legacyRenderer) 146 146 + (lib.cmakeBool "NO_SYSTEMD" (!withSystemd)) 139 147 ]; 140 148 141 149 postInstall = '' 142 150 ${lib.optionalString wrapRuntimeDeps '' 143 151 wrapProgram $out/bin/Hyprland \ 144 144 - --suffix PATH : ${lib.makeBinPath [binutils pciutils stdenv.cc]} 152 152 + --suffix PATH : ${lib.makeBinPath [binutils pciutils pkgconf]} 145 153 ''} 146 154 ''; 147 155

+27

pkgs/by-name/ca/cargo-features-manager/package.nix

reviewed

··· 1 1 + { 2 2 + lib, 3 3 + rustPlatform, 4 4 + fetchFromGitHub, 5 5 + }: 6 6 + rustPlatform.buildRustPackage rec { 7 7 + pname = "cargo-features-manager"; 8 8 + version = "0.8.0"; 9 9 + 10 10 + src = fetchFromGitHub { 11 11 + owner = "ToBinio"; 12 12 + repo = "cargo-features-manager"; 13 13 + rev = "v${version}"; 14 14 + hash = "sha256-ez8WIDHV6/f0Kk6cvzB25LoYBPT+JTzmOWrSxXXzpBc="; 15 15 + }; 16 16 + 17 17 + cargoHash = "sha256-G1MBH4c9b/h87QgCleTMnndjWc70KZI+6W4KWaxk28o="; 18 18 + 19 19 + meta = { 20 20 + description = "A command-line tool for managing Architectural Decision Records"; 21 21 + homepage = "https://github.com/ToBinio/cargo-features-manager"; 22 22 + changelog = "https://github.com/ToBinio/cargo-features-manager/blob/v${version}/CHANGELOG.md"; 23 23 + license = lib.licenses.mit; 24 24 + maintainers = with lib.maintainers; [ luftmensch-luftmensch ]; 25 25 + mainProgram = "cargo-features-manager"; 26 26 + }; 27 27 + }

+3 -3

pkgs/by-name/co/consul/package.nix

reviewed

··· 8 8 9 9 buildGoModule rec { 10 10 pname = "consul"; 11 11 - version = "1.18.1"; 11 11 + version = "1.18.2"; 12 12 13 13 # Note: Currently only release tags are supported, because they have the Consul UI 14 14 # vendored. See ··· 22 22 owner = "hashicorp"; 23 23 repo = pname; 24 24 rev = "refs/tags/v${version}"; 25 25 - hash = "sha256-r1xdz1rjvbvB93hRpvTNQwSqQLOJwqMhqCiXdIttY10="; 25 25 + hash = "sha256-9feeWsCAZKip+AYUJTCcqFOTfxsUFMzTRqHjo/Pptho="; 26 26 }; 27 27 28 28 # This corresponds to paths with package main - normally unneeded but consul ··· 32 32 "connect/certgen" 33 33 ]; 34 34 35 35 - vendorHash = "sha256-DcpEHJ88Ehz5m+ddMd44mYTz0agwYhoels5jWJzu1EM="; 35 35 + vendorHash = "sha256-bBc3qgPUOmR8c/sFyiskePKLKjHTQcWVTLY6esFIRTc="; 36 36 37 37 doCheck = false; 38 38

+3 -3

pkgs/by-name/ek/eksctl/package.nix

reviewed

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "eksctl"; 9 9 - version = "0.176.0"; 9 9 + version = "0.177.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "weaveworks"; 13 13 repo = pname; 14 14 rev = version; 15 15 - hash = "sha256-snxpAHxej/RySdC0k1r/4UZx+yUNVOTVb37xDrxpJKY="; 15 15 + hash = "sha256-rNs7Ko+NNO2/zqPRu4j+y7KJ62lvfTEndZEnBSi8K5I="; 16 16 }; 17 17 18 18 - vendorHash = "sha256-aDv9ZV3v94pIpUYQaREPellHBo9sxrAKUIYqJzBSWXA="; 18 18 + vendorHash = "sha256-0ZEVOsfb4FBGhNk7CoP7KDhApPTLBz4l5kwcRRBIq5g="; 19 19 20 20 doCheck = false; 21 21

+39

pkgs/by-name/hy/hyprwayland-scanner/package.nix

reviewed

··· 1 1 + { lib 2 2 + , stdenv 3 3 + , fetchFromGitHub 4 4 + , cmake 5 5 + , pkg-config 6 6 + , pugixml 7 7 + , 8 8 + }: 9 9 + stdenv.mkDerivation (finalAttrs: { 10 10 + pname = "hyprwayland-scanner"; 11 11 + version = "0.3.7"; 12 12 + 13 13 + src = fetchFromGitHub { 14 14 + owner = "hyprwm"; 15 15 + repo = "hyprwayland-scanner"; 16 16 + rev = "v${finalAttrs.version}"; 17 17 + hash = "sha256-BPc9FdIzQAmP1JnYGfr+3O30Yp1BywUvKUz57ZOZ39A="; 18 18 + }; 19 19 + 20 20 + nativeBuildInputs = [ 21 21 + cmake 22 22 + pkg-config 23 23 + ]; 24 24 + 25 25 + buildInputs = [ 26 26 + pugixml 27 27 + ]; 28 28 + 29 29 + doCheck = true; 30 30 + 31 31 + meta = with lib; { 32 32 + homepage = "https://github.com/hyprwm/hyprwayland-scanner"; 33 33 + description = "A Hyprland version of wayland-scanner in and for C++"; 34 34 + license = licenses.bsd3; 35 35 + maintainers = with maintainers; [ fufexan ]; 36 36 + mainProgram = "hyprwayland-scanner"; 37 37 + platforms = platforms.linux; 38 38 + }; 39 39 + })

+32

pkgs/by-name/pi/picom-pijulius/package.nix

reviewed

··· 1 1 + { 2 2 + picom, 3 3 + lib, 4 4 + fetchFromGitHub, 5 5 + pcre 6 6 + }: 7 7 + picom.overrideAttrs (previousAttrs: { 8 8 + pname = "picom-pijulius"; 9 9 + version = "8.2-unstable-2024-04-30"; 10 10 + 11 11 + src = fetchFromGitHub { 12 12 + owner = "pijulius"; 13 13 + repo = "picom"; 14 14 + rev = "e7b14886ae644aaa657383f7c4f44be7797fd5f6"; 15 15 + hash = "sha256-YQVp5HicO+jbvCYSY+hjDTnXCU6aS3aCvbux6NFcJ/Y="; 16 16 + }; 17 17 + 18 18 + buildInputs = (previousAttrs.buildInputs or [ ]) ++ [ pcre ]; 19 19 + 20 20 + meta = { 21 21 + inherit (previousAttrs.meta) 22 22 + license 23 23 + platforms 24 24 + mainProgram 25 25 + longDescription 26 26 + ; 27 27 + 28 28 + description = "Pijulius's picom fork with extensive animation support"; 29 29 + homepage = "https://github.com/pijulius/picom"; 30 30 + maintainers = with lib.maintainers; [ YvesStraten ]; 31 31 + }; 32 32 + })

+2 -27

pkgs/by-name/py/pynitrokey/package.nix

reviewed

··· 1 1 - { python3 2 2 - , fetchPypi 3 3 - , rustPlatform 4 4 - }: 1 1 + { python3 }: 5 2 6 6 - let 7 7 - python = python3.override { 8 8 - packageOverrides = self: super: { 9 9 - # https://github.com/nxp-mcuxpresso/spsdk/issues/64 10 10 - cryptography = super.cryptography.overridePythonAttrs (old: rec { 11 11 - version = "41.0.7"; 12 12 - src = fetchPypi { 13 13 - inherit (old) pname; 14 14 - inherit version; 15 15 - hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw="; 16 16 - }; 17 17 - cargoDeps = rustPlatform.fetchCargoTarball { 18 18 - inherit src; 19 19 - sourceRoot = "${old.pname}-${version}/${old.cargoRoot}"; 20 20 - name = "${old.pname}-${version}"; 21 21 - hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw="; 22 22 - }; 23 23 - patches = [ ]; 24 24 - doCheck = false; # would require overriding cryptography-vectors 25 25 - }); 26 26 - }; 27 27 - }; 28 28 - in with python.pkgs; toPythonApplication pynitrokey 3 3 + with python3.pkgs; toPythonApplication pynitrokey

+1 -1

pkgs/by-name/ya/yazi-unwrapped/package.nix

reviewed

··· 44 44 description = "Blazing fast terminal file manager written in Rust, based on async I/O"; 45 45 homepage = "https://github.com/sxyazi/yazi"; 46 46 license = lib.licenses.mit; 47 47 - maintainers = with lib.maintainers; [ xyenon matthiasbeyer ]; 47 47 + maintainers = with lib.maintainers; [ xyenon matthiasbeyer linsui ]; 48 48 mainProgram = "yazi"; 49 49 }; 50 50 }

+43 -2

pkgs/by-name/ya/yazi/package.nix

reviewed

··· 3 3 , makeWrapper 4 4 , yazi-unwrapped 5 5 6 6 + , withRuntimeDeps ? true 6 7 , withFile ? true 7 8 , file 8 9 , withJq ? true ··· 21 22 , fzf 22 23 , withZoxide ? true 23 24 , zoxide 25 25 + , settings ? { } 26 26 + , formats 27 27 + , plugins ? { } 28 28 + , flavors ? { } 29 29 + , initLua ? null 24 30 }: 25 31 26 32 let 27 27 - runtimePaths = with lib; [ ] 33 33 + runtimePaths = with lib; 34 34 + [ ] 28 35 ++ optional withFile file 29 36 ++ optional withJq jq 30 37 ++ optional withPoppler poppler_utils ··· 34 41 ++ optional withRipgrep ripgrep 35 42 ++ optional withFzf fzf 36 43 ++ optional withZoxide zoxide; 44 44 + 45 45 + settingsFormat = formats.toml { }; 46 46 + 47 47 + files = [ "yazi" "theme" "keymap" ]; 48 48 + 49 49 + configHome = if (settings == { } && initLua == null && plugins == { } && flavors == { }) then null else 50 50 + runCommand "YAZI_CONFIG_HOME" { } '' 51 51 + mkdir -p $out 52 52 + ${lib.concatMapStringsSep 53 53 + "\n" 54 54 + (name: lib.optionalString (settings ? ${name} && settings.${name} != { }) '' 55 55 + ln -s ${settingsFormat.generate "${name}.toml" settings.${name}} $out/${name}.toml 56 56 + '') 57 57 + files} 58 58 + 59 59 + mkdir $out/plugins 60 60 + ${lib.optionalString (plugins != { }) '' 61 61 + ${lib.concatMapStringsSep 62 62 + "\n" 63 63 + (lib.mapAttrsToList (name: value: "ln -s ${value} $out/plugins/${name}") plugins)} 64 64 + ''} 65 65 + 66 66 + mkdir $out/flavors 67 67 + ${lib.optionalString (flavors != { }) '' 68 68 + ${lib.concatMapStringsSep 69 69 + "\n" 70 70 + (lib.mapAttrsToList (name: value: "ln -s ${value} $out/flavors/${name}") flavors)} 71 71 + ''} 72 72 + 73 73 + 74 74 + ${lib.optionalString (initLua != null) "ln -s ${initLua} $out/init.lua"} 75 75 + ''; 37 76 in 77 77 + if (!withRuntimeDeps && configHome == null) then yazi-unwrapped else 38 78 runCommand yazi-unwrapped.name 39 79 { 40 80 inherit (yazi-unwrapped) pname version meta; ··· 44 84 mkdir -p $out/bin 45 85 ln -s ${yazi-unwrapped}/share $out/share 46 86 makeWrapper ${yazi-unwrapped}/bin/yazi $out/bin/yazi \ 47 47 - --prefix PATH : "${lib.makeBinPath runtimePaths}" 87 87 + ${lib.optionalString withRuntimeDeps "--prefix PATH : \"${lib.makeBinPath runtimePaths}\""} \ 88 88 + ${lib.optionalString (configHome != null) "--set YAZI_CONFIG_HOME ${configHome}"} 48 89 ''

+34 -1

pkgs/development/compilers/circt/circt-llvm.nix

reviewed

··· 1 1 - { stdenv 1 1 + { lib 2 2 + , stdenv 2 3 , cmake 3 4 , ninja 4 5 , circt ··· 31 32 32 33 outputs = [ "out" "lib" "dev" ]; 33 34 35 35 + # Get rid of ${extra_libdir} (which ends up containing a path to circt-llvm.dev 36 36 + # in circt) so that we only have to remove the one fixed rpath. 37 37 + postPatch = lib.optionalString stdenv.isDarwin '' 38 38 + substituteInPlace llvm/llvm/cmake/modules/AddLLVM.cmake \ 39 39 + --replace-fail 'set(_install_rpath "@loader_path/../lib''${LLVM_LIBDIR_SUFFIX}" ''${extra_libdir})' \ 40 40 + 'set(_install_rpath "@loader_path/../lib''${LLVM_LIBDIR_SUFFIX}")' 41 41 + ''; 42 42 + 34 43 postInstall = '' 35 44 # move llvm-config to $dev to resolve a circular dependency 36 45 moveToOutput "bin/llvm-config*" "$dev" ··· 48 57 --replace "\''${_IMPORT_PREFIX}/lib/lib" "$lib/lib/lib" \ 49 58 --replace "\''${_IMPORT_PREFIX}/lib/objects-Release" "$lib/lib/objects-Release" \ 50 59 --replace "$out/bin/llvm-config" "$dev/bin/llvm-config" # patch path for llvm-config 60 60 + ''; 61 61 + 62 62 + # Replace all references to @rpath with absolute paths and remove the rpaths. 63 63 + # 64 64 + # This is different from what the regular LLVM package does, which is to make 65 65 + # everything absolute from the start: however, that doesn't work for us because 66 66 + # we have `-DBUILD_SHARED_LIBS=ON`, meaning that many more things are 67 67 + # dynamically rather than statically linked. This includes TableGen, which then 68 68 + # fails to run halfway through the build because it tries to reference $lib when 69 69 + # it hasn't been populated yet. 70 70 + # 71 71 + # Inspired by fixDarwinDylibNames. 72 72 + postFixup = lib.optionalString stdenv.isDarwin '' 73 73 + local flags=(-delete_rpath @loader_path/../lib) 74 74 + for file in "$lib"/lib/*.dylib; do 75 75 + flags+=(-change @rpath/"$(basename "$file")" "$file") 76 76 + done 77 77 + 78 78 + for file in "$out"/bin/* "$lib"/lib/*.dylib; do 79 79 + if [ -L "$file" ]; then continue; fi 80 80 + echo "$file: fixing dylib references" 81 81 + # note that -id does nothing on binaries 82 82 + install_name_tool -id "$file" "''${flags[@]}" "$file" 83 83 + done 51 84 ''; 52 85 53 86 # circt only use the mlir part of llvm, occasionally there are some unrelated failure from llvm,

pkgs/development/compilers/circt/default.nix

reviewed

··· 67 67 68 68 outputs = [ "out" "lib" "dev" ]; 69 69 70 70 + # Copy circt-llvm's postFixup stage so that it can make all our dylib references 71 71 + # absolute as well. 72 72 + # 73 73 + # We don't need `postPatch` because circt seems to be automatically inheriting 74 74 + # the config somehow, presumably via. `-DMLIR_DIR`. 75 75 + postFixup = circt-llvm.postFixup; 76 76 + 70 77 postInstall = '' 71 78 moveToOutput lib "$lib" 72 79 '';

-1

pkgs/development/python-modules/spsdk/default.nix

reviewed

··· 107 107 passthru.tests.version = testers.testVersion { package = spsdk; }; 108 108 109 109 meta = with lib; { 110 110 - broken = versionAtLeast cryptography.version "41.1"; 111 110 changelog = "https://github.com/nxp-mcuxpresso/spsdk/blob/${src.rev}/docs/release_notes.rst"; 112 111 description = "NXP Secure Provisioning SDK"; 113 112 homepage = "https://github.com/nxp-mcuxpresso/spsdk";

+1 -1

pkgs/development/python-modules/torch/default.nix

reviewed

··· 495 495 requiredSystemFeatures = [ "big-parallel" ]; 496 496 497 497 passthru = { 498 498 - inherit cudaSupport cudaPackages; 498 498 + inherit cudaSupport cudaPackages rocmSupport rocmPackages; 499 499 # At least for 1.10.2 `torch.fft` is unavailable unless BLAS provider is MKL. This attribute allows for easy detection of its availability. 500 500 blasProvider = blas.provider; 501 501 # To help debug when a package is broken due to CUDA support

+51 -1

pkgs/development/python-modules/torchaudio/default.nix

reviewed

··· 9 9 , pybind11 10 10 , sox 11 11 , torch 12 12 + 12 13 , cudaSupport ? torch.cudaSupport 13 14 , cudaPackages 15 15 + , rocmSupport ? torch.rocmSupport 16 16 + , rocmPackages 17 17 + 18 18 + , gpuTargets ? [] 14 19 }: 15 20 21 21 + let 22 22 + # TODO: Reuse one defined in torch? 23 23 + # Some of those dependencies are probbly not required, 24 24 + # but it breaks when the store path is different between torch and torchaudio 25 25 + rocmtoolkit_joined = symlinkJoin { 26 26 + name = "rocm-merged"; 27 27 + 28 28 + paths = with rocmPackages; [ 29 29 + rocm-core clr rccl miopen miopengemm rocrand rocblas 30 30 + rocsparse hipsparse rocthrust rocprim hipcub roctracer 31 31 + rocfft rocsolver hipfft hipsolver hipblas 32 32 + rocminfo rocm-thunk rocm-comgr rocm-device-libs 33 33 + rocm-runtime clr.icd hipify 34 34 + ]; 35 35 + 36 36 + # Fix `setuptools` not being found 37 37 + postBuild = '' 38 38 + rm -rf $out/nix-support 39 39 + ''; 40 40 + }; 41 41 + # Only used for ROCm 42 42 + gpuTargetString = lib.strings.concatStringsSep ";" ( 43 43 + if gpuTargets != [ ] then 44 44 + # If gpuTargets is specified, it always takes priority. 45 45 + gpuTargets 46 46 + else if rocmSupport then 47 47 + rocmPackages.clr.gpuTargets 48 48 + else 49 49 + throw "No GPU targets specified" 50 50 + ); 51 51 + in 16 52 buildPythonPackage rec { 17 53 pname = "torchaudio"; 18 54 version = "2.3.0"; ··· 33 69 substituteInPlace setup.py \ 34 70 --replace 'print(" --- Initializing submodules")' "return" \ 35 71 --replace "_fetch_archives(_parse_sources())" "pass" 72 72 + '' 73 73 + + lib.optionalString rocmSupport '' 74 74 + # There is no .info/version-dev, only .info/version 75 75 + substituteInPlace cmake/LoadHIP.cmake \ 76 76 + --replace "/.info/version-dev" "/.info/version" 36 77 ''; 37 78 38 79 env = { ··· 55 96 ninja 56 97 ] ++ lib.optionals cudaSupport [ 57 98 cudaPackages.cuda_nvcc 58 58 - ]; 99 99 + ] ++ lib.optionals rocmSupport (with rocmPackages; [ 100 100 + clr 101 101 + rocblas 102 102 + hipblas 103 103 + ]); 59 104 60 105 buildInputs = [ 61 106 ffmpeg-full ··· 72 117 BUILD_KALDI=0; 73 118 BUILD_RNNT=0; 74 119 BUILD_CTC_DECODER=0; 120 120 + 121 121 + preConfigure = lib.optionalString rocmSupport '' 122 122 + export ROCM_PATH=${rocmtoolkit_joined} 123 123 + export PYTORCH_ROCM_ARCH="${gpuTargetString}" 124 124 + ''; 75 125 76 126 dontUseCmakeConfigure = true; 77 127

+2 -2

pkgs/development/tools/continuous-integration/buildbot/master.nix

reviewed

··· 72 72 in 73 73 buildPythonApplication rec { 74 74 pname = "buildbot"; 75 75 - version = "3.11.1"; 75 75 + version = "3.11.2"; 76 76 format = "pyproject"; 77 77 78 78 disabled = pythonOlder "3.8"; 79 79 80 80 src = fetchPypi { 81 81 inherit pname version; 82 82 - hash = "sha256-ruYW1sVoGvFMi+NS+xiNsn0Iq2RmKlax4bxHgYrj6ZY="; 82 82 + hash = "sha256-x7RaApfIe1x7Py1KLQCcotxU6dJRXTOk67W+QOhNJf0="; 83 83 }; 84 84 85 85 build-system = [

+2 -2

pkgs/development/tools/continuous-integration/buildbot/pkg.nix

reviewed

··· 1 1 { lib, buildPythonPackage, fetchPypi, isPy3k, buildbot }: 2 2 3 3 buildPythonPackage rec { 4 4 - pname = "buildbot-pkg"; 4 4 + pname = "buildbot_pkg"; 5 5 inherit (buildbot) version; 6 6 7 7 src = fetchPypi { 8 8 inherit pname version; 9 9 - hash = "sha256-cfPsNnR0gEgz1y/GNR6faixk2HyuHaRh1E9nGHjCb58="; 9 9 + hash = "sha256-ZgDHPC2j3vV3m7wBZhUUh/Th/oGKq+8RxnfQ71Cr6oY="; 10 10 }; 11 11 12 12 postPatch = ''

+22 -22

pkgs/development/tools/continuous-integration/buildbot/plugins.nix

reviewed

··· 3 3 # this is exposed for potential plugins to use and for nix-update 4 4 inherit buildbot-pkg; 5 5 www = buildPythonPackage rec { 6 6 - pname = "buildbot-www"; 6 6 + pname = "buildbot_www"; 7 7 inherit (buildbot-pkg) version; 8 8 9 9 src = fetchPypi { 10 10 inherit pname version; 11 11 - hash = "sha256-5q4N76XHUhvc2lIqup0dYwrEdI5bR/96N7m2rhvPJh4="; 11 11 + hash = "sha256-xOsz71kprzKKqvvwpsZTACWf4z+Svx9BQ72xGEZXKdw="; 12 12 }; 13 13 14 14 # Remove unnecessary circular dependency on buildbot ··· 30 30 }; 31 31 32 32 www-react = buildPythonPackage rec { 33 33 - pname = "buildbot-www-react"; 33 33 + pname = "buildbot_www_react"; 34 34 inherit (buildbot-pkg) version; 35 35 36 36 src = fetchPypi { 37 37 inherit pname version; 38 38 - hash = "sha256-kjow5WksdBzeo8nwXk5Djm/4tym8XvMo+VgiqSSAyKk="; 38 38 + hash = "sha256-wUiMEAFmqjHXPjnPhsaLWqxvOXyEQIeRBL4W3LB3vkw="; 39 39 }; 40 40 41 41 # Remove unnecessary circular dependency on buildbot ··· 57 57 }; 58 58 59 59 console-view = buildPythonPackage rec { 60 60 - pname = "buildbot-console-view"; 60 60 + pname = "buildbot_console_view"; 61 61 inherit (buildbot-pkg) version; 62 62 63 63 src = fetchPypi { 64 64 inherit pname version; 65 65 - hash = "sha256-IrXDwO0YSpiZfw6B/lorEQdbAIZ5qCja75L/PFRmJms="; 65 65 + hash = "sha256-KerHS5F4b30TvlGeSf6QLUt49S6Iki7O5nex6KPypJY="; 66 66 }; 67 67 68 68 buildInputs = [ buildbot-pkg ]; ··· 79 79 }; 80 80 81 81 react-console-view = buildPythonPackage rec { 82 82 - pname = "buildbot-react-console-view"; 82 82 + pname = "buildbot_react_console_view"; 83 83 inherit (buildbot-pkg) version; 84 84 85 85 src = fetchPypi { 86 86 inherit pname version; 87 87 - hash = "sha256-ZkUsAN56OEI/SphQydv4HkVV6Eobd0pd+UbXa23mBfQ="; 87 87 + hash = "sha256-XrywoVM2ErJ4i7WrRKPRaCOwt5JVDJT6xP7L/Dfv+gk="; 88 88 }; 89 89 90 90 buildInputs = [ buildbot-pkg ]; ··· 101 101 }; 102 102 103 103 waterfall-view = buildPythonPackage rec { 104 104 - pname = "buildbot-waterfall-view"; 104 104 + pname = "buildbot_waterfall_view"; 105 105 inherit (buildbot-pkg) version; 106 106 107 107 src = fetchPypi { 108 108 inherit pname version; 109 109 - hash = "sha256-qL1+bpgxflcRTFPOvDHKdHilio28bbHClqy1Um4Se+o="; 109 109 + hash = "sha256-mhVbuOhe0BrXHbn8bd41Q7I8Xak7fO8ahIK0r113vGY="; 110 110 }; 111 111 112 112 buildInputs = [ buildbot-pkg ]; ··· 123 123 }; 124 124 125 125 react-waterfall-view = buildPythonPackage rec { 126 126 - pname = "buildbot-react-waterfall-view"; 126 126 + pname = "buildbot_react_waterfall_view"; 127 127 inherit (buildbot-pkg) version; 128 128 129 129 src = fetchPypi { 130 130 inherit pname version; 131 131 - hash = "sha256-5D0N/5Sf8YNQBKt8GzAk1htdEY/xOmE5Abt5y7P9h34="; 131 131 + hash = "sha256-X89XrjdD0GL7MabLWtkQcdCa4Ain1AGre6mXF/inmck="; 132 132 }; 133 133 134 134 buildInputs = [ buildbot-pkg ]; ··· 145 145 }; 146 146 147 147 grid-view = buildPythonPackage rec { 148 148 - pname = "buildbot-grid-view"; 148 148 + pname = "buildbot_grid_view"; 149 149 inherit (buildbot-pkg) version; 150 150 151 151 src = fetchPypi { 152 152 inherit pname version; 153 153 - hash = "sha256-snyJbQZqSIqOk6dTJidSv1VmE/Gn+pblcZs8BpZ+fdA="; 153 153 + hash = "sha256-YH5SfYuW07Pp00LoBvcDB8MiHB1HzYWg5kQVICrkS5s="; 154 154 }; 155 155 156 156 buildInputs = [ buildbot-pkg ]; ··· 167 167 }; 168 168 169 169 react-grid-view = buildPythonPackage rec { 170 170 - pname = "buildbot-react-grid-view"; 170 170 + pname = "buildbot_react_grid_view"; 171 171 inherit (buildbot-pkg) version; 172 172 173 173 src = fetchPypi { 174 174 inherit pname version; 175 175 - hash = "sha256-0Ggm3NQn1ZZfMsMqf1qdCD1+HkJZmM1p+TqOPF0Q9CE="; 175 175 + hash = "sha256-rmyAsFCTeIYPdrlWDCxlbjw+BCKwcIaTHlK8KJP0T88="; 176 176 }; 177 177 178 178 buildInputs = [ buildbot-pkg ]; ··· 189 189 }; 190 190 191 191 wsgi-dashboards = buildPythonPackage rec { 192 192 - pname = "buildbot-wsgi-dashboards"; 192 192 + pname = "buildbot_wsgi_dashboards"; 193 193 inherit (buildbot-pkg) version; 194 194 195 195 src = fetchPypi { 196 196 inherit pname version; 197 197 - hash = "sha256-rBUrYSeAWrxn5mlXaAAtE58jIZVLs/q69ARY2u6rTsI="; 197 197 + hash = "sha256-Ls3NJka5vVTx1GW9bnr3jlulj7/pNkX9omXrTIWrwtU="; 198 198 }; 199 199 200 200 buildInputs = [ buildbot-pkg ]; ··· 211 211 }; 212 212 213 213 react-wsgi-dashboards = buildPythonPackage rec { 214 214 - pname = "buildbot-react-wsgi-dashboards"; 214 214 + pname = "buildbot_react_wsgi_dashboards"; 215 215 inherit (buildbot-pkg) version; 216 216 217 217 src = fetchPypi { 218 218 inherit pname version; 219 219 - hash = "sha256-U0DHWFMmvTKFBW1C5bnoemjMOKpw1H3GXnBn/AU52vY="; 219 219 + hash = "sha256-t3LLZJ+kPcowqSyeRcuH3kEjBEiju1MI0z1qhU6KPBs="; 220 220 }; 221 221 222 222 buildInputs = [ buildbot-pkg ]; ··· 233 233 }; 234 234 235 235 badges = buildPythonPackage rec { 236 236 - pname = "buildbot-badges"; 236 236 + pname = "buildbot_badges"; 237 237 inherit (buildbot-pkg) version; 238 238 239 239 src = fetchPypi { 240 240 inherit pname version; 241 241 - hash = "sha256-7t4E7twn4TeJJCE5Vn83UzIRE2Okvcox2us1d8j50Os="; 241 241 + hash = "sha256-//MftUqUWE2+RpxRPzDEH7tOCN2D1HD8dETZw1OQe5s="; 242 242 }; 243 243 244 244 buildInputs = [ buildbot-pkg ];

+2 -2

pkgs/development/tools/continuous-integration/buildbot/worker.nix

reviewed

··· 23 23 }: 24 24 25 25 buildPythonPackage (rec { 26 26 - pname = "buildbot-worker"; 26 26 + pname = "buildbot_worker"; 27 27 inherit (buildbot) version; 28 28 29 29 src = fetchPypi { 30 30 inherit pname version; 31 31 - hash = "sha256-hRsmgP8IiWg5+YCqMVYgZc4ljWwz7YWfAFrmMHx8wBY="; 31 31 + hash = "sha256-7DAo1Yy20FeWXawV4wHzXDGtgyIGDJQuD2joJma96rM="; 32 32 }; 33 33 34 34 postPatch = ''

+36 -46

pkgs/os-specific/linux/kernel/hardened/patches.json

reviewed

··· 2 2 "4.19": { 3 3 "patch": { 4 4 "extra": "-hardened1", 5 5 - "name": "linux-hardened-4.19.309-hardened1.patch", 6 6 - "sha256": "1hww72w5anmfr9czqbl31glzl70s34492k9qz9zax141zg1sf6sp", 7 7 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.309-hardened1/linux-hardened-4.19.309-hardened1.patch" 5 5 + "name": "linux-hardened-4.19.313-hardened1.patch", 6 6 + "sha256": "1fa30s98cbk64315y7vwz7pc2ba0rcs2msaiiib8p85kid5c80v8", 7 7 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.313-hardened1/linux-hardened-4.19.313-hardened1.patch" 8 8 }, 9 9 - "sha256": "1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm", 10 10 - "version": "4.19.309" 9 9 + "sha256": "1j1r4mrdh1ray468jr5i8d2afiswb653bhq0ck8bcdw4rwp5w558", 10 10 + "version": "4.19.313" 11 11 }, 12 12 "5.10": { 13 13 "patch": { 14 14 "extra": "-hardened1", 15 15 - "name": "linux-hardened-5.10.212-hardened1.patch", 16 16 - "sha256": "0h04i94vshhcli5m4qpnqg4vsi5v1ifvdhhklk7c0bvkfk35cbml", 17 17 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.212-hardened1/linux-hardened-5.10.212-hardened1.patch" 15 15 + "name": "linux-hardened-5.10.216-hardened1.patch", 16 16 + "sha256": "1hj59x5wrh8bkgxp1f5sh8h5rirh4878gywanjmf7qjq6w2wj5rh", 17 17 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.216-hardened1/linux-hardened-5.10.216-hardened1.patch" 18 18 }, 19 19 - "sha256": "14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc", 20 20 - "version": "5.10.212" 19 19 + "sha256": "0lg1zfb9y4ps86q85mlnyalb3s90zix003z62jb9bw139f65h473", 20 20 + "version": "5.10.216" 21 21 }, 22 22 "5.15": { 23 23 "patch": { 24 24 "extra": "-hardened1", 25 25 - "name": "linux-hardened-5.15.151-hardened1.patch", 26 26 - "sha256": "040jc5n9qsdz2wv5ksfvc28vd72nmya2i2f0ps0jiras6l2wlhjz", 27 27 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.151-hardened1/linux-hardened-5.15.151-hardened1.patch" 25 25 + "name": "linux-hardened-5.15.158-hardened1.patch", 26 26 + "sha256": "1q37hdac1mk91rrl2p3j4d69wiphzm1mfbvl6cxlsrc42pjbapz3", 27 27 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.158-hardened1/linux-hardened-5.15.158-hardened1.patch" 28 28 }, 29 29 - "sha256": "0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la", 30 30 - "version": "5.15.151" 29 29 + "sha256": "1inmdpif3qf1blmvjj4i7y42bylvhv0wyj3b0apq12zxlj1iq1zr", 30 30 + "version": "5.15.158" 31 31 }, 32 32 "5.4": { 33 33 "patch": { 34 34 "extra": "-hardened1", 35 35 - "name": "linux-hardened-5.4.271-hardened1.patch", 36 36 - "sha256": "0rw5il7885d0d3k2hmh46541svib6rp32g00fcl5bw37ydmq3z8b", 37 37 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.271-hardened1/linux-hardened-5.4.271-hardened1.patch" 35 35 + "name": "linux-hardened-5.4.275-hardened1.patch", 36 36 + "sha256": "10fw4hkavnj6nhjqz186sqxbvjz6g62mhyjmlnlxik322nbh6jk6", 37 37 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.275-hardened1/linux-hardened-5.4.275-hardened1.patch" 38 38 }, 39 39 - "sha256": "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d", 40 40 - "version": "5.4.271" 39 39 + "sha256": "0k1hyknx854k8z27j4rq1gcp8l0xc0bspmrhc41a033gjilb1lns", 40 40 + "version": "5.4.275" 41 41 }, 42 42 "6.1": { 43 43 "patch": { 44 44 "extra": "-hardened1", 45 45 - "name": "linux-hardened-6.1.81-hardened1.patch", 46 46 - "sha256": "0af9dxdsa858zyqc0vsrzg098afhg5vpb2wpr6gj2ykwc13iaf07", 47 47 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.81-hardened1/linux-hardened-6.1.81-hardened1.patch" 45 45 + "name": "linux-hardened-6.1.90-hardened1.patch", 46 46 + "sha256": "1wjckrv0p7phai6ian39kl0rpmzvrzz10bi92xgdq8hhsbp2p3fk", 47 47 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.90-hardened1/linux-hardened-6.1.90-hardened1.patch" 48 48 }, 49 49 - "sha256": "0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f", 50 50 - "version": "6.1.81" 51 51 - }, 52 52 - "6.5": { 53 53 - "patch": { 54 54 - "extra": "-hardened1", 55 55 - "name": "linux-hardened-6.5.13-hardened1.patch", 56 56 - "sha256": "1fj6yaq2gdjlj2h19vkm13jrx0yiczj6pvric1kq1r6cprqrkkki", 57 57 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.13-hardened1/linux-hardened-6.5.13-hardened1.patch" 58 58 - }, 59 59 - "sha256": "1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq", 60 60 - "version": "6.5.13" 49 49 + "sha256": "07cfg0chssvpc4mqls3aln6s4lqjp6k4x2n63wndmkjgfqpdg8w3", 50 50 + "version": "6.1.90" 61 51 }, 62 52 "6.6": { 63 53 "patch": { 64 54 "extra": "-hardened1", 65 65 - "name": "linux-hardened-6.6.21-hardened1.patch", 66 66 - "sha256": "0k35s5pj92lvfp6kw3isg78zc3gijsg0xbzcyvxdkmhzaq8j6i1i", 67 67 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.21-hardened1/linux-hardened-6.6.21-hardened1.patch" 55 55 + "name": "linux-hardened-6.6.30-hardened1.patch", 56 56 + "sha256": "0q6x7prx1ncf3ni5zvpjav9jcq1n50fq0wcarw022bis1rmrhczy", 57 57 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.30-hardened1/linux-hardened-6.6.30-hardened1.patch" 68 58 }, 69 69 - "sha256": "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf", 70 70 - "version": "6.6.21" 59 59 + "sha256": "1ilwmgpgvddwkd9nx5999cb6z18scjyq7jklid26k1hg7f35nsmn", 60 60 + "version": "6.6.30" 71 61 }, 72 72 - "6.7": { 62 62 + "6.8": { 73 63 "patch": { 74 64 "extra": "-hardened1", 75 75 - "name": "linux-hardened-6.7.6-hardened1.patch", 76 76 - "sha256": "063yrs3g0knlz37aq979jhng9k6l19873nbi1jy167xfqmpqqajr", 77 77 - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.6-hardened1/linux-hardened-6.7.6-hardened1.patch" 65 65 + "name": "linux-hardened-6.8.9-hardened1.patch", 66 66 + "sha256": "115d1fgddfcffmfg5f31w50lf2cskkwakngb343didrwfa28nrxf", 67 67 + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.8.9-hardened1/linux-hardened-6.8.9-hardened1.patch" 78 68 }, 79 79 - "sha256": "1lrp7pwnxnqyy8c2l4n4nz997039gbnssrfm8ss8kl3h2c7fr2g4", 80 80 - "version": "6.7.6" 69 69 + "sha256": "1dn9bgmf03bdfbmgq98d043702g808rjikxs2i9yia57iqiz21gr", 70 70 + "version": "6.8.9" 81 71 } 82 72 }

pkgs/os-specific/linux/kernel/hardened/update.py

reviewed

··· 211 211 212 212 # Remove patches for unpackaged kernel versions. 213 213 for kernel_key in sorted(patches.keys() - kernel_versions.keys()): 214 214 + del patches[kernel_key] 214 215 commit_patches(kernel_key=kernel_key, message="remove") 215 216 216 217 g = Github(os.environ.get("GITHUB_TOKEN"))

+4 -4

pkgs/servers/telegram-bot-api/default.nix

reviewed

··· 2 2 3 3 stdenv.mkDerivation { 4 4 pname = "telegram-bot-api"; 5 5 - version = "5.7"; 5 5 + version = "7.3"; 6 6 7 7 src = fetchFromGitHub { 8 8 repo = "telegram-bot-api"; 9 9 owner = "tdlib"; 10 10 - rev = "c57b04c4c8c4e8d8bb6fdd0bd3bfb5b93b9d8f05"; 11 11 - sha256 = "sha256-WetzX8GBdwQAnnZjek+W4v+QN1aUFdlvs+Jv6n1B+eY="; 10 10 + rev = "5951bfbab8b1274437c613c1c48d91be2a050371"; 11 11 + hash = "sha256-5aNZqP4K+zP7q1+yllr6fysEcewhh/V9Vl6GXQolanI="; 12 12 fetchSubmodules = true; 13 13 }; 14 14 ··· 19 19 description = "Telegram Bot API server"; 20 20 homepage = "https://github.com/tdlib/telegram-bot-api"; 21 21 license = licenses.boost; 22 22 - maintainers = with maintainers; [ Anillc ]; 22 22 + maintainers = with maintainers; [ Anillc Forden ]; 23 23 platforms = platforms.all; 24 24 mainProgram = "telegram-bot-api"; 25 25 };

+14 -15

pkgs/tools/security/nitrokey-app2/default.nix

reviewed

··· 1 1 { lib 2 2 + , stdenv 2 3 , python3 3 4 , fetchPypi 4 4 - , rustPlatform 5 5 , fetchFromGitHub 6 6 + , wrapQtAppsHook 7 7 + , qtbase 8 8 + , qtwayland 6 9 }: 7 10 8 11 let 9 12 python = python3.override { 10 13 packageOverrides = self: super: { 11 11 - # https://github.com/nxp-mcuxpresso/spsdk/issues/64 12 12 - cryptography = super.cryptography.overridePythonAttrs (old: rec { 13 13 - version = "41.0.7"; 14 14 + pynitrokey = super.pynitrokey.overridePythonAttrs (old: rec { 15 15 + version = "0.4.45"; 14 16 src = fetchPypi { 15 17 inherit (old) pname; 16 18 inherit version; 17 17 - hash = "sha256-E/k86b6oAWwlOzSvxr1qdZk+XEBnLtVAWpyDLw1KALw="; 19 19 + hash = "sha256-iY4ThrmXP7pEjTYYU4lePVAbuJGTdHX3iKswXzuf7W8="; 18 20 }; 19 19 - cargoDeps = rustPlatform.fetchCargoTarball { 20 20 - inherit src; 21 21 - sourceRoot = "${old.pname}-${version}/${old.cargoRoot}"; 22 22 - name = "${old.pname}-${version}"; 23 23 - hash = "sha256-VeZhKisCPDRvmSjGNwCgJJeVj65BZ0Ge+yvXbZw86Rw="; 24 24 - }; 25 25 - patches = [ ]; 26 26 - doCheck = false; # would require overriding cryptography-vectors 27 21 }); 28 22 }; 29 23 }; 30 24 in python.pkgs.buildPythonApplication rec { 31 25 pname = "nitrokey-app2"; 32 32 - version = "2.1.5"; 26 26 + version = "2.2.2"; 33 27 pyproject = true; 34 28 35 29 disabled = python.pythonOlder "3.9"; ··· 38 32 owner = "Nitrokey"; 39 33 repo = "nitrokey-app2"; 40 34 rev = "v${version}"; 41 41 - hash = "sha256-mR13zUgCdNS09EnpGLrnOnoIn3p6ZM/0fHKg0OUMWj4="; 35 35 + hash = "sha256-MiyfmsrKZRoe7YMEjR1LHPesfJh6+dcSydoEAgrALJ8="; 42 36 }; 43 37 44 38 # https://github.com/Nitrokey/nitrokey-app2/issues/152 ··· 51 45 52 46 nativeBuildInputs = with python.pkgs; [ 53 47 poetry-core 48 48 + wrapQtAppsHook 49 49 + ]; 50 50 + 51 51 + buildInputs = [ qtbase ] ++ lib.optionals stdenv.isLinux [ 52 52 + qtwayland 54 53 ]; 55 54 56 55 propagatedBuildInputs = with python.pkgs; [

+3 -1

pkgs/top-level/all-packages.nix

reviewed

··· 27309 27309 linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened; 27310 27310 linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened; 27311 27311 linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened; 27312 27312 + linuxPackages_6_8_hardened = linuxKernel.packages.linux_6_8_hardened; 27313 27313 + linux_6_8_hardened = linuxKernel.kernels.linux_6_8_hardened; 27312 27314 27313 27315 # GNU Linux-libre kernels 27314 27316 linuxPackages-libre = linuxKernel.packages.linux_libre; ··· 40640 40642 40641 40643 nitrokey-app = libsForQt5.callPackage ../tools/security/nitrokey-app { }; 40642 40644 40643 40643 - nitrokey-app2 = callPackage ../tools/security/nitrokey-app2 { }; 40645 40645 + nitrokey-app2 = qt6Packages.callPackage ../tools/security/nitrokey-app2 { }; 40644 40646 40645 40647 fpm2 = callPackage ../tools/security/fpm2 { }; 40646 40648

pkgs/top-level/linux-kernels.nix

reviewed

··· 269 269 linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; 270 270 linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; 271 271 linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { }; 272 272 + linux_6_8_hardened = hardenedKernelFor kernels.linux_6_8 { }; 272 273 273 274 } // lib.optionalAttrs config.allowAliases { 274 275 linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11"; ··· 657 658 linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened); 658 659 linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened); 659 660 linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened); 661 661 + linux_6_8_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_8_hardened); 660 662 661 663 linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); 662 664 linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);