+2

.github/CODEOWNERS

··· 78 78 /nixos/doc/manual/man-nixos-option.xml @nbp 79 79 /nixos/modules/installer/tools/nixos-option.sh @nbp 80 80 /nixos/modules/system @dasJ 81 81 + /nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius 82 82 + /nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius 81 83 82 84 # NixOS integration test driver 83 85 /nixos/lib/test-driver @tfc

+34

nixos/doc/manual/configuration/gpu-accel.chapter.md

··· 159 159 "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; 160 160 ``` 161 161 162 162 + ## VA-API {#sec-gpu-accel-va-api} 163 163 + 164 164 + [VA-API (Video Acceleration API)](https://www.intel.com/content/www/us/en/developer/articles/technical/linuxmedia-vaapi.html) 165 165 + is an open-source library and API specification, which provides access to 166 166 + graphics hardware acceleration capabilities for video processing. 167 167 + 168 168 + VA-API drivers are loaded by `libva`. The version in nixpkgs is built to search 169 169 + the opengl driver path, so drivers can be installed in 170 170 + [](#opt-hardware.opengl.extraPackages). 171 171 + 172 172 + VA-API can be tested using: 173 173 + 174 174 + ```ShellSession 175 175 + $ nix-shell -p libva-utils --run vainfo 176 176 + ``` 177 177 + 178 178 + ### Intel {#sec-gpu-accel-va-api-intel} 179 179 + 180 180 + Modern Intel GPUs use the iHD driver, which can be installed with: 181 181 + 182 182 + ```nix 183 183 + hardware.opengl.extraPackages = [ 184 184 + intel-media-driver 185 185 + ]; 186 186 + ``` 187 187 + 188 188 + Older Intel GPUs use the i965 driver, which can be installed with: 189 189 + 190 190 + ```nix 191 191 + hardware.opengl.extraPackages = [ 192 192 + vaapiIntel 193 193 + ]; 194 194 + ``` 195 195 + 162 196 ## Common issues {#sec-gpu-accel-common-issues} 163 197 164 198 ### User permissions {#sec-gpu-accel-common-issues-permissions}

+36

nixos/doc/manual/development/bootspec.chapter.md

··· 1 1 + # Experimental feature: Bootspec {#sec-experimental-bootspec} 2 2 + 3 3 + Bootspec is a experimental feature, introduced in the [RFC-0125 proposal](https://github.com/NixOS/rfcs/pull/125), the reference implementation can be found [there](https://github.com/NixOS/nixpkgs/pull/172237) in order to standardize bootloader support 4 4 + and advanced boot workflows such as SecureBoot and potentially more. 5 5 + 6 6 + You can enable the creation of bootspec documents through [`boot.bootspec.enable = true`](options.html#opt-boot.bootspec.enable), which will prompt a warning until [RFC-0125](https://github.com/NixOS/rfcs/pull/125) is officially merged. 7 7 + 8 8 + ## Schema {#sec-experimental-bootspec-schema} 9 9 + 10 10 + The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications. 11 11 + 12 12 + You will find the current version [here](../../../modules/system/activation/bootspec.cue). 13 13 + 14 14 + ## Extensions mechanism {#sec-experimental-bootspec-extensions} 15 15 + 16 16 + Bootspec cannot account for all usecases. 17 17 + 18 18 + For this purpose, Bootspec offers a generic extension facility [`boot.bootspec.extensions`](options.html#opt-boot.bootspec.extensions) which can be used to inject any data needed for your usecases. 19 19 + 20 20 + An example for SecureBoot is to get the Nix store path to `/etc/os-release` in order to bake it into a unified kernel image: 21 21 + 22 22 + ```nix 23 23 + { config, lib, ... }: { 24 24 + boot.bootspec.extensions = { 25 25 + "org.secureboot.osRelease" = config.environment.etc."os-release".source; 26 26 + }; 27 27 + } 28 28 + ``` 29 29 + 30 30 + To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions. 31 31 + 32 32 + ## External bootloaders {#sec-experimental-bootspec-external-bootloaders} 33 33 + 34 34 + It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader. 35 35 + 36 36 + Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts.

+1

nixos/doc/manual/development/development.xml

··· 12 12 <xi:include href="../from_md/development/sources.chapter.xml" /> 13 13 <xi:include href="../from_md/development/writing-modules.chapter.xml" /> 14 14 <xi:include href="../from_md/development/building-parts.chapter.xml" /> 15 15 + <xi:include href="../from_md/development/bootspec.chapter.xml" /> 15 16 <xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" /> 16 17 <xi:include href="../from_md/development/writing-documentation.chapter.xml" /> 17 18 <xi:include href="../from_md/development/nixos-tests.chapter.xml" />

+42

nixos/doc/manual/from_md/configuration/gpu-accel.chapter.xml

··· 180 180 </programlisting> 181 181 </section> 182 182 </section> 183 183 + <section xml:id="sec-gpu-accel-va-api"> 184 184 + <title>VA-API</title> 185 185 + <para> 186 186 + <link xlink:href="https://www.intel.com/content/www/us/en/developer/articles/technical/linuxmedia-vaapi.html">VA-API 187 187 + (Video Acceleration API)</link> is an open-source library and API 188 188 + specification, which provides access to graphics hardware 189 189 + acceleration capabilities for video processing. 190 190 + </para> 191 191 + <para> 192 192 + VA-API drivers are loaded by <literal>libva</literal>. The version 193 193 + in nixpkgs is built to search the opengl driver path, so drivers 194 194 + can be installed in 195 195 + <xref linkend="opt-hardware.opengl.extraPackages" />. 196 196 + </para> 197 197 + <para> 198 198 + VA-API can be tested using: 199 199 + </para> 200 200 + <programlisting> 201 201 + $ nix-shell -p libva-utils --run vainfo 202 202 + </programlisting> 203 203 + <section xml:id="sec-gpu-accel-va-api-intel"> 204 204 + <title>Intel</title> 205 205 + <para> 206 206 + Modern Intel GPUs use the iHD driver, which can be installed 207 207 + with: 208 208 + </para> 209 209 + <programlisting language="bash"> 210 210 + hardware.opengl.extraPackages = [ 211 211 + intel-media-driver 212 212 + ]; 213 213 + </programlisting> 214 214 + <para> 215 215 + Older Intel GPUs use the i965 driver, which can be installed 216 216 + with: 217 217 + </para> 218 218 + <programlisting language="bash"> 219 219 + hardware.opengl.extraPackages = [ 220 220 + vaapiIntel 221 221 + ]; 222 222 + </programlisting> 223 223 + </section> 224 224 + </section> 183 225 <section xml:id="sec-gpu-accel-common-issues"> 184 226 <title>Common issues</title> 185 227 <section xml:id="sec-gpu-accel-common-issues-permissions">

+73

nixos/doc/manual/from_md/development/bootspec.chapter.xml

··· 1 1 + <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-experimental-bootspec"> 2 2 + <title>Experimental feature: Bootspec</title> 3 3 + <para> 4 4 + Bootspec is a experimental feature, introduced in the 5 5 + <link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125 6 6 + proposal</link>, the reference implementation can be found 7 7 + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/172237">there</link> 8 8 + in order to standardize bootloader support and advanced boot 9 9 + workflows such as SecureBoot and potentially more. 10 10 + </para> 11 11 + <para> 12 12 + You can enable the creation of bootspec documents through 13 13 + <link xlink:href="options.html#opt-boot.bootspec.enable"><literal>boot.bootspec.enable = true</literal></link>, 14 14 + which will prompt a warning until 15 15 + <link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125</link> 16 16 + is officially merged. 17 17 + </para> 18 18 + <section xml:id="sec-experimental-bootspec-schema"> 19 19 + <title>Schema</title> 20 20 + <para> 21 21 + The bootspec schema is versioned and validated against 22 22 + <link xlink:href="https://cuelang.org/">a CUE schema file</link> 23 23 + which should considered as the source of truth for your 24 24 + applications. 25 25 + </para> 26 26 + <para> 27 27 + You will find the current version 28 28 + <link xlink:href="../../../modules/system/activation/bootspec.cue">here</link>. 29 29 + </para> 30 30 + </section> 31 31 + <section xml:id="sec-experimental-bootspec-extensions"> 32 32 + <title>Extensions mechanism</title> 33 33 + <para> 34 34 + Bootspec cannot account for all usecases. 35 35 + </para> 36 36 + <para> 37 37 + For this purpose, Bootspec offers a generic extension facility 38 38 + <link xlink:href="options.html#opt-boot.bootspec.extensions"><literal>boot.bootspec.extensions</literal></link> 39 39 + which can be used to inject any data needed for your usecases. 40 40 + </para> 41 41 + <para> 42 42 + An example for SecureBoot is to get the Nix store path to 43 43 + <literal>/etc/os-release</literal> in order to bake it into a 44 44 + unified kernel image: 45 45 + </para> 46 46 + <programlisting language="bash"> 47 47 + { config, lib, ... }: { 48 48 + boot.bootspec.extensions = { 49 49 + &quot;org.secureboot.osRelease&quot; = config.environment.etc.&quot;os-release&quot;.source; 50 50 + }; 51 51 + } 52 52 + </programlisting> 53 53 + <para> 54 54 + To reduce incompatibility and prevent names from clashing between 55 55 + applications, it is <emphasis role="strong">highly 56 56 + recommended</emphasis> to use a unique namespace for your 57 57 + extensions. 58 58 + </para> 59 59 + </section> 60 60 + <section xml:id="sec-experimental-bootspec-external-bootloaders"> 61 61 + <title>External bootloaders</title> 62 62 + <para> 63 63 + It is possible to enable your own bootloader through 64 64 + <link xlink:href="options.html#opt-boot.loader.external.installHook"><literal>boot.loader.external.installHook</literal></link> 65 65 + which can wrap an existing bootloader. 66 66 + </para> 67 67 + <para> 68 68 + Currently, there is no good story to compose existing bootloaders 69 69 + to enrich their features, e.g. SecureBoot, etc. It will be 70 70 + necessary to reimplement or reuse existing parts. 71 71 + </para> 72 72 + </section> 73 73 + </chapter>

+2

nixos/modules/module-list.nix

··· 1246 1246 ./services/x11/xserver.nix 1247 1247 ./system/activation/activation-script.nix 1248 1248 ./system/activation/specialisation.nix 1249 1249 + ./system/activation/bootspec.nix 1249 1250 ./system/activation/top-level.nix 1250 1251 ./system/boot/binfmt.nix 1251 1252 ./system/boot/emergency-mode.nix ··· 1261 1262 ./system/boot/loader/grub/grub.nix 1262 1263 ./system/boot/loader/grub/ipxe.nix 1263 1264 ./system/boot/loader/grub/memtest.nix 1265 1265 + ./system/boot/loader/external/external.nix 1264 1266 ./system/boot/loader/init-script/init-script.nix 1265 1267 ./system/boot/loader/loader.nix 1266 1268 ./system/boot/loader/raspberrypi/raspberrypi.nix

+17

nixos/modules/system/activation/bootspec.cue

··· 1 1 + #V1: { 2 2 + init: string 3 3 + initrd?: string 4 4 + initrdSecrets?: string 5 5 + kernel: string 6 6 + kernelParams: [...string] 7 7 + label: string 8 8 + toplevel: string 9 9 + specialisation?: { 10 10 + [=~"^"]: #V1 11 11 + } 12 12 + extensions?: {...} 13 13 + } 14 14 + 15 15 + Document: { 16 16 + v1: #V1 17 17 + }

+124

nixos/modules/system/activation/bootspec.nix

··· 1 1 + # Note that these schemas are defined by RFC-0125. 2 2 + # This document is considered a stable API, and is depended upon by external tooling. 3 3 + # Changes to the structure of the document, or the semantics of the values should go through an RFC. 4 4 + # 5 5 + # See: https://github.com/NixOS/rfcs/pull/125 6 6 + { config 7 7 + , pkgs 8 8 + , lib 9 9 + , ... 10 10 + }: 11 11 + let 12 12 + cfg = config.boot.bootspec; 13 13 + children = lib.mapAttrs (childName: childConfig: childConfig.configuration.system.build.toplevel) config.specialisation; 14 14 + schemas = { 15 15 + v1 = rec { 16 16 + filename = "boot.json"; 17 17 + json = 18 18 + pkgs.writeText filename 19 19 + (builtins.toJSON 20 20 + { 21 21 + v1 = { 22 22 + kernel = "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}"; 23 23 + kernelParams = config.boot.kernelParams; 24 24 + initrd = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; 25 25 + initrdSecrets = "${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets"; 26 26 + label = "NixOS ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"; 27 27 + 28 28 + inherit (cfg) extensions; 29 29 + }; 30 30 + }); 31 31 + 32 32 + generator = 33 33 + let 34 34 + # NOTE: Be careful to not introduce excess newlines at the end of the 35 35 + # injectors, as that may affect the pipes and redirects. 36 36 + 37 37 + # Inject toplevel and init into the bootspec. 38 38 + # This can only be done here because we *cannot* depend on $out 39 39 + # referring to the toplevel, except by living in the toplevel itself. 40 40 + toplevelInjector = lib.escapeShellArgs [ 41 41 + "${pkgs.jq}/bin/jq" 42 42 + '' 43 43 + .v1.toplevel = $toplevel | 44 44 + .v1.init = $init 45 45 + '' 46 46 + "--sort-keys" 47 47 + "--arg" "toplevel" "${placeholder "out"}" 48 48 + "--arg" "init" "${placeholder "out"}/init" 49 49 + ] + " < ${json}"; 50 50 + 51 51 + # We slurp all specialisations and inject them as values, such that 52 52 + # `.specialisations.${name}` embeds the specialisation's bootspec 53 53 + # document. 54 54 + specialisationInjector = 55 55 + let 56 56 + specialisationLoader = (lib.mapAttrsToList 57 57 + (childName: childToplevel: lib.escapeShellArgs [ "--slurpfile" childName "${childToplevel}/bootspec/${filename}" ]) 58 58 + children); 59 59 + in 60 60 + lib.escapeShellArgs [ 61 61 + "${pkgs.jq}/bin/jq" 62 62 + "--sort-keys" 63 63 + ".v1.specialisation = ($ARGS.named | map_values(. | first | .v1))" 64 64 + ] + " ${lib.concatStringsSep " " specialisationLoader}"; 65 65 + in 66 66 + '' 67 67 + mkdir -p $out/bootspec 68 68 + 69 69 + ${toplevelInjector} | ${specialisationInjector} > $out/bootspec/${filename} 70 70 + ''; 71 71 + 72 72 + validator = pkgs.writeCueValidator ./bootspec.cue { 73 73 + document = "Document"; # Universal validator for any version as long the schema is correctly set. 74 74 + }; 75 75 + }; 76 76 + }; 77 77 + in 78 78 + { 79 79 + options.boot.bootspec = { 80 80 + enable = lib.mkEnableOption (lib.mdDoc "Enable generation of RFC-0125 bootspec in $system/bootspec, e.g. /run/current-system/bootspec"); 81 81 + 82 82 + extensions = lib.mkOption { 83 83 + type = lib.types.attrs; 84 84 + default = { }; 85 85 + description = lib.mdDoc '' 86 86 + User-defined data that extends the bootspec document. 87 87 + 88 88 + To reduce incompatibility and prevent names from clashing 89 89 + between applications, it is **highly recommended** to use a 90 90 + unique namespace for your extensions. 91 91 + ''; 92 92 + }; 93 93 + 94 94 + # This will be run as a part of the `systemBuilder` in ./top-level.nix. This 95 95 + # means `$out` points to the output of `config.system.build.toplevel` and can 96 96 + # be used for a variety of things (though, for now, it's only used to report 97 97 + # the path of the `toplevel` itself and the `init` executable). 98 98 + writer = lib.mkOption { 99 99 + internal = true; 100 100 + default = schemas.v1.generator; 101 101 + }; 102 102 + 103 103 + validator = lib.mkOption { 104 104 + internal = true; 105 105 + default = schemas.v1.validator; 106 106 + }; 107 107 + 108 108 + filename = lib.mkOption { 109 109 + internal = true; 110 110 + default = schemas.v1.filename; 111 111 + }; 112 112 + }; 113 113 + 114 114 + config = lib.mkIf (cfg.enable) { 115 115 + warnings = [ 116 116 + ''RFC-0125 is not merged yet, this is a feature preview of bootspec. 117 117 + The schema is not definitive and features are not guaranteed to be stable until RFC-0125 is merged. 118 118 + See: 119 119 + - https://github.com/NixOS/nixpkgs/pull/172237 to track merge status in nixpkgs. 120 120 + - https://github.com/NixOS/rfcs/pull/125 to track RFC status. 121 121 + '' 122 122 + ]; 123 123 + }; 124 124 + }

+5

nixos/modules/system/activation/top-level.nix

··· 79 79 80 80 echo -n "$extraDependencies" > $out/extra-dependencies 81 81 82 82 + ${optionalString (!config.boot.isContainer && config.boot.bootspec.enable) '' 83 83 + ${config.boot.bootspec.writer} 84 84 + ${config.boot.bootspec.validator} "$out/bootspec/${config.boot.bootspec.filename}" 85 85 + ''} 86 86 + 82 87 ${config.system.extraSystemBuilderCmds} 83 88 ''; 84 89

+26

nixos/modules/system/boot/loader/external/external.md

··· 1 1 + # External Bootloader Backends {#sec-bootloader-external} 2 2 + 3 3 + NixOS has support for several bootloader backends by default: systemd-boot, grub, uboot, etc. 4 4 + The built-in bootloader backend support is generic and supports most use cases. 5 5 + Some users may prefer to create advanced workflows around managing the bootloader and bootable entries. 6 6 + 7 7 + You can replace the built-in bootloader support with your own tooling using the "external" bootloader option. 8 8 + 9 9 + Imagine you have created a new package called FooBoot. 10 10 + FooBoot provides a program at `${pkgs.fooboot}/bin/fooboot-install` which takes the system closure's path as its only argument and configures the system's bootloader. 11 11 + 12 12 + You can enable FooBoot like this: 13 13 + 14 14 + ```nix 15 15 + { pkgs, ... }: { 16 16 + boot.loader.external = { 17 17 + enable = true; 18 18 + installHook = "${pkgs.fooboot}/bin/fooboot-install"; 19 19 + }; 20 20 + } 21 21 + ``` 22 22 + 23 23 + ## Developing Custom Bootloader Backends 24 24 + 25 25 + Bootloaders should use [RFC-0125](https://github.com/NixOS/rfcs/pull/125)'s Bootspec format and synthesis tools to identify the key properties for bootable system generations. 26 26 +

+38

nixos/modules/system/boot/loader/external/external.nix

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + 3 3 + with lib; 4 4 + 5 5 + let 6 6 + cfg = config.boot.loader.external; 7 7 + in 8 8 + { 9 9 + meta = { 10 10 + maintainers = with maintainers; [ cole-h grahamc raitobezarius ]; 11 11 + # Don't edit the docbook xml directly, edit the md and generate it: 12 12 + # `pandoc external.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > external.xml` 13 13 + doc = ./external.xml; 14 14 + }; 15 15 + 16 16 + options.boot.loader.external = { 17 17 + enable = mkEnableOption (lib.mdDoc "use an external tool to install your bootloader"); 18 18 + 19 19 + installHook = mkOption { 20 20 + type = with types; path; 21 21 + description = lib.mdDoc '' 22 22 + The full path to a program of your choosing which performs the bootloader installation process. 23 23 + 24 24 + The program will be called with an argument pointing to the output of the system's toplevel. 25 25 + ''; 26 26 + }; 27 27 + }; 28 28 + 29 29 + config = mkIf cfg.enable { 30 30 + boot.loader = { 31 31 + grub.enable = mkDefault false; 32 32 + systemd-boot.enable = mkDefault false; 33 33 + supportsInitrdSecrets = mkDefault false; 34 34 + }; 35 35 + 36 36 + system.build.installBootLoader = cfg.installHook; 37 37 + }; 38 38 + }

+41

nixos/modules/system/boot/loader/external/external.xml

··· 1 1 + <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-bootloader-external"> 2 2 + <title>External Bootloader Backends</title> 3 3 + <para> 4 4 + NixOS has support for several bootloader backends by default: 5 5 + systemd-boot, grub, uboot, etc. The built-in bootloader backend 6 6 + support is generic and supports most use cases. Some users may 7 7 + prefer to create advanced workflows around managing the bootloader 8 8 + and bootable entries. 9 9 + </para> 10 10 + <para> 11 11 + You can replace the built-in bootloader support with your own 12 12 + tooling using the <quote>external</quote> bootloader option. 13 13 + </para> 14 14 + <para> 15 15 + Imagine you have created a new package called FooBoot. FooBoot 16 16 + provides a program at 17 17 + <literal>${pkgs.fooboot}/bin/fooboot-install</literal> which takes 18 18 + the system closure’s path as its only argument and configures the 19 19 + system’s bootloader. 20 20 + </para> 21 21 + <para> 22 22 + You can enable FooBoot like this: 23 23 + </para> 24 24 + <programlisting language="nix"> 25 25 + { pkgs, ... }: { 26 26 + boot.loader.external = { 27 27 + enable = true; 28 28 + installHook = &quot;${pkgs.fooboot}/bin/fooboot-install&quot;; 29 29 + }; 30 30 + } 31 31 + </programlisting> 32 32 + <section xml:id="developing-custom-bootloader-backends"> 33 33 + <title>Developing Custom Bootloader Backends</title> 34 34 + <para> 35 35 + Bootloaders should use 36 36 + <link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125</link>’s 37 37 + Bootspec format and synthesis tools to identify the key properties 38 38 + for bootable system generations. 39 39 + </para> 40 40 + </section> 41 41 + </chapter>

+144

nixos/tests/bootspec.nix

··· 1 1 + { system ? builtins.currentSystem, 2 2 + config ? {}, 3 3 + pkgs ? import ../.. { inherit system config; } 4 4 + }: 5 5 + 6 6 + with import ../lib/testing-python.nix { inherit system pkgs; }; 7 7 + with pkgs.lib; 8 8 + 9 9 + let 10 10 + baseline = { 11 11 + virtualisation.useBootLoader = true; 12 12 + }; 13 13 + grub = { 14 14 + boot.loader.grub.enable = true; 15 15 + }; 16 16 + systemd-boot = { 17 17 + boot.loader.systemd-boot.enable = true; 18 18 + }; 19 19 + uefi = { 20 20 + virtualisation.useEFIBoot = true; 21 21 + boot.loader.efi.canTouchEfiVariables = true; 22 22 + boot.loader.grub.efiSupport = true; 23 23 + environment.systemPackages = [ pkgs.efibootmgr ]; 24 24 + }; 25 25 + standard = { 26 26 + boot.bootspec.enable = true; 27 27 + 28 28 + imports = [ 29 29 + baseline 30 30 + systemd-boot 31 31 + uefi 32 32 + ]; 33 33 + }; 34 34 + in 35 35 + { 36 36 + basic = makeTest { 37 37 + name = "systemd-boot-with-bootspec"; 38 38 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 39 39 + 40 40 + nodes.machine = standard; 41 41 + 42 42 + testScript = '' 43 43 + machine.start() 44 44 + machine.wait_for_unit("multi-user.target") 45 45 + 46 46 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 47 47 + ''; 48 48 + }; 49 49 + 50 50 + grub = makeTest { 51 51 + name = "grub-with-bootspec"; 52 52 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 53 53 + 54 54 + nodes.machine = { 55 55 + boot.bootspec.enable = true; 56 56 + 57 57 + imports = [ 58 58 + baseline 59 59 + grub 60 60 + uefi 61 61 + ]; 62 62 + }; 63 63 + 64 64 + testScript = '' 65 65 + machine.start() 66 66 + machine.wait_for_unit("multi-user.target") 67 67 + 68 68 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 69 69 + ''; 70 70 + }; 71 71 + 72 72 + legacy-boot = makeTest { 73 73 + name = "legacy-boot-with-bootspec"; 74 74 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 75 75 + 76 76 + nodes.machine = { 77 77 + boot.bootspec.enable = true; 78 78 + 79 79 + imports = [ 80 80 + baseline 81 81 + grub 82 82 + ]; 83 83 + }; 84 84 + 85 85 + testScript = '' 86 86 + machine.start() 87 87 + machine.wait_for_unit("multi-user.target") 88 88 + 89 89 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 90 90 + ''; 91 91 + }; 92 92 + 93 93 + # Check that specialisations create corresponding entries in bootspec. 94 94 + specialisation = makeTest { 95 95 + name = "bootspec-with-specialisation"; 96 96 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 97 97 + 98 98 + nodes.machine = { 99 99 + imports = [ standard ]; 100 100 + environment.systemPackages = [ pkgs.jq ]; 101 101 + specialisation.something.configuration = {}; 102 102 + }; 103 103 + 104 104 + testScript = '' 105 105 + import json 106 106 + 107 107 + machine.start() 108 108 + machine.wait_for_unit("multi-user.target") 109 109 + 110 110 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 111 111 + machine.succeed("test -e /run/current-system/specialisation/something/bootspec/boot.json") 112 112 + 113 113 + sp_in_parent = json.loads(machine.succeed("jq -r '.v1.specialisation.something' /run/current-system/bootspec/boot.json")) 114 114 + sp_in_fs = json.loads(machine.succeed("cat /run/current-system/specialisation/something/bootspec/boot.json")) 115 115 + 116 116 + assert sp_in_parent == sp_in_fs['v1'], "Bootspecs of the same specialisation are different!" 117 117 + ''; 118 118 + }; 119 119 + 120 120 + # Check that extensions are propagated. 121 121 + extensions = makeTest { 122 122 + name = "bootspec-with-extensions"; 123 123 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 124 124 + 125 125 + nodes.machine = { config, ... }: { 126 126 + imports = [ standard ]; 127 127 + environment.systemPackages = [ pkgs.jq ]; 128 128 + boot.bootspec.extensions = { 129 129 + osRelease = config.environment.etc."os-release".source; 130 130 + }; 131 131 + }; 132 132 + 133 133 + testScript = '' 134 134 + machine.start() 135 135 + machine.wait_for_unit("multi-user.target") 136 136 + 137 137 + current_os_release = machine.succeed("cat /etc/os-release") 138 138 + bootspec_os_release = machine.succeed("cat $(jq -r '.v1.extensions.osRelease' /run/current-system/bootspec/boot.json)") 139 139 + 140 140 + assert current_os_release == bootspec_os_release, "Filename referenced by extension has unexpected contents" 141 141 + ''; 142 142 + }; 143 143 + 144 144 + }

+2 -2

pkgs/applications/editors/kakoune/default.nix

··· 4 4 5 5 stdenv.mkDerivation rec { 6 6 pname = "kakoune-unwrapped"; 7 7 - version = "2021.11.08"; 7 7 + version = "2022.10.31"; 8 8 src = fetchFromGitHub { 9 9 repo = "kakoune"; 10 10 owner = "mawww"; 11 11 rev = "v${version}"; 12 12 - sha256 = "sha256-lMGMt0H1G8EN/7zSVSvU1yU4BYPnSF1vWmozLdrRTQk="; 12 12 + sha256 = "sha256-vmzGaGl0KSjseSD/s6DXxvMUTmAle+Iv/ZP9llaFnXk="; 13 13 }; 14 14 makeFlags = [ "debug=no" "PREFIX=${placeholder "out"}" ]; 15 15

+2 -2

pkgs/applications/networking/browsers/firefox/packages.nix

··· 3 3 rec { 4 4 firefox = buildMozillaMach rec { 5 5 pname = "firefox"; 6 6 - version = "108.0"; 6 6 + version = "108.0.1"; 7 7 src = fetchurl { 8 8 url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; 9 9 - sha512 = "fa800f62cca395a51b9a04373a27be48fc3860208e34ecf74d908127638d1eb8c41cf9898be6896777d408127d5c4b7104d9ee89c97da923b2dc6ea32186187e"; 9 9 + sha512 = "e6219ed6324422ec293ed96868738e056582bb9f7fb82e59362541f3465c6ebca806d26ecd801156b074c3675bd5a22507b1f1fa53eebf82b7dd35f2b1ff0625"; 10 10 }; 11 11 12 12 meta = {

-371

pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch

··· 1 1 - From 8ab70b8958a8f9cb9bd316eecd3ccbcf05c06614 Mon Sep 17 00:00:00 2001 2 2 - From: Linus Heckemann <git@sphalerite.org> 3 3 - Date: Tue, 4 Oct 2022 12:41:21 +0200 4 4 - Subject: [PATCH] 9pfs: use GHashTable for fid table 5 5 - MIME-Version: 1.0 6 6 - Content-Type: text/plain; charset=UTF-8 7 7 - Content-Transfer-Encoding: 8bit 8 8 - 9 9 - The previous implementation would iterate over the fid table for 10 10 - lookup operations, resulting in an operation with O(n) complexity on 11 11 - the number of open files and poor cache locality -- for every open, 12 12 - stat, read, write, etc operation. 13 13 - 14 14 - This change uses a hashtable for this instead, significantly improving 15 15 - the performance of the 9p filesystem. The runtime of NixOS's simple 16 16 - installer test, which copies ~122k files totalling ~1.8GiB from 9p, 17 17 - decreased by a factor of about 10. 18 18 - 19 19 - Signed-off-by: Linus Heckemann <git@sphalerite.org> 20 20 - Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> 21 21 - Reviewed-by: Greg Kurz <groug@kaod.org> 22 22 - [CS: - Retain BUG_ON(f->clunked) in get_fid(). 23 23 - - Add TODO comment in clunk_fid(). ] 24 24 - Message-Id: <20221004104121.713689-1-git@sphalerite.org> 25 25 - [CS: - Drop unnecessary goto and out: label. ] 26 26 - Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> 27 27 - --- 28 28 - hw/9pfs/9p.c | 194 +++++++++++++++++++++++++++++---------------------- 29 29 - hw/9pfs/9p.h | 2 +- 30 30 - 2 files changed, 112 insertions(+), 84 deletions(-) 31 31 - 32 32 - diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c 33 33 - index aebadeaa03..9bf13133e5 100644 34 34 - --- a/hw/9pfs/9p.c 35 35 - +++ b/hw/9pfs/9p.c 36 36 - @@ -256,7 +256,8 @@ static size_t v9fs_string_size(V9fsString *str) 37 37 - } 38 38 - 39 39 - /* 40 40 - - * returns 0 if fid got re-opened, 1 if not, < 0 on error */ 41 41 - + * returns 0 if fid got re-opened, 1 if not, < 0 on error 42 42 - + */ 43 43 - static int coroutine_fn v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) 44 44 - { 45 45 - int err = 1; 46 46 - @@ -282,33 +283,32 @@ static V9fsFidState *coroutine_fn get_fid(V9fsPDU *pdu, int32_t fid) 47 47 - V9fsFidState *f; 48 48 - V9fsState *s = pdu->s; 49 49 - 50 50 - - QSIMPLEQ_FOREACH(f, &s->fid_list, next) { 51 51 - + f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); 52 52 - + if (f) { 53 53 - BUG_ON(f->clunked); 54 54 - - if (f->fid == fid) { 55 55 - - /* 56 56 - - * Update the fid ref upfront so that 57 57 - - * we don't get reclaimed when we yield 58 58 - - * in open later. 59 59 - - */ 60 60 - - f->ref++; 61 61 - - /* 62 62 - - * check whether we need to reopen the 63 63 - - * file. We might have closed the fd 64 64 - - * while trying to free up some file 65 65 - - * descriptors. 66 66 - - */ 67 67 - - err = v9fs_reopen_fid(pdu, f); 68 68 - - if (err < 0) { 69 69 - - f->ref--; 70 70 - - return NULL; 71 71 - - } 72 72 - - /* 73 73 - - * Mark the fid as referenced so that the LRU 74 74 - - * reclaim won't close the file descriptor 75 75 - - */ 76 76 - - f->flags |= FID_REFERENCED; 77 77 - - return f; 78 78 - + /* 79 79 - + * Update the fid ref upfront so that 80 80 - + * we don't get reclaimed when we yield 81 81 - + * in open later. 82 82 - + */ 83 83 - + f->ref++; 84 84 - + /* 85 85 - + * check whether we need to reopen the 86 86 - + * file. We might have closed the fd 87 87 - + * while trying to free up some file 88 88 - + * descriptors. 89 89 - + */ 90 90 - + err = v9fs_reopen_fid(pdu, f); 91 91 - + if (err < 0) { 92 92 - + f->ref--; 93 93 - + return NULL; 94 94 - } 95 95 - + /* 96 96 - + * Mark the fid as referenced so that the LRU 97 97 - + * reclaim won't close the file descriptor 98 98 - + */ 99 99 - + f->flags |= FID_REFERENCED; 100 100 - + return f; 101 101 - } 102 102 - return NULL; 103 103 - } 104 104 - @@ -317,12 +317,11 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid) 105 105 - { 106 106 - V9fsFidState *f; 107 107 - 108 108 - - QSIMPLEQ_FOREACH(f, &s->fid_list, next) { 109 109 - + f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); 110 110 - + if (f) { 111 111 - /* If fid is already there return NULL */ 112 112 - BUG_ON(f->clunked); 113 113 - - if (f->fid == fid) { 114 114 - - return NULL; 115 115 - - } 116 116 - + return NULL; 117 117 - } 118 118 - f = g_new0(V9fsFidState, 1); 119 119 - f->fid = fid; 120 120 - @@ -333,7 +332,7 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid) 121 121 - * reclaim won't close the file descriptor 122 122 - */ 123 123 - f->flags |= FID_REFERENCED; 124 124 - - QSIMPLEQ_INSERT_TAIL(&s->fid_list, f, next); 125 125 - + g_hash_table_insert(s->fids, GINT_TO_POINTER(fid), f); 126 126 - 127 127 - v9fs_readdir_init(s->proto_version, &f->fs.dir); 128 128 - v9fs_readdir_init(s->proto_version, &f->fs_reclaim.dir); 129 129 - @@ -424,12 +423,12 @@ static V9fsFidState *clunk_fid(V9fsState *s, int32_t fid) 130 130 - { 131 131 - V9fsFidState *fidp; 132 132 - 133 133 - - QSIMPLEQ_FOREACH(fidp, &s->fid_list, next) { 134 134 - - if (fidp->fid == fid) { 135 135 - - QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next); 136 136 - - fidp->clunked = true; 137 137 - - return fidp; 138 138 - - } 139 139 - + /* TODO: Use g_hash_table_steal_extended() instead? */ 140 140 - + fidp = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); 141 141 - + if (fidp) { 142 142 - + g_hash_table_remove(s->fids, GINT_TO_POINTER(fid)); 143 143 - + fidp->clunked = true; 144 144 - + return fidp; 145 145 - } 146 146 - return NULL; 147 147 - } 148 148 - @@ -439,10 +438,15 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu) 149 149 - int reclaim_count = 0; 150 150 - V9fsState *s = pdu->s; 151 151 - V9fsFidState *f; 152 152 - + GHashTableIter iter; 153 153 - + gpointer fid; 154 154 - + 155 155 - + g_hash_table_iter_init(&iter, s->fids); 156 156 - + 157 157 - QSLIST_HEAD(, V9fsFidState) reclaim_list = 158 158 - QSLIST_HEAD_INITIALIZER(reclaim_list); 159 159 - 160 160 - - QSIMPLEQ_FOREACH(f, &s->fid_list, next) { 161 161 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &f)) { 162 162 - /* 163 163 - * Unlink fids cannot be reclaimed. Check 164 164 - * for them and skip them. Also skip fids 165 165 - @@ -514,72 +518,85 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu) 166 166 - } 167 167 - } 168 168 - 169 169 - +/* 170 170 - + * This is used when a path is removed from the directory tree. Any 171 171 - + * fids that still reference it must not be closed from then on, since 172 172 - + * they cannot be reopened. 173 173 - + */ 174 174 - static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) 175 175 - { 176 176 - - int err; 177 177 - + int err = 0; 178 178 - V9fsState *s = pdu->s; 179 179 - - V9fsFidState *fidp, *fidp_next; 180 180 - + V9fsFidState *fidp; 181 181 - + gpointer fid; 182 182 - + GHashTableIter iter; 183 183 - + /* 184 184 - + * The most common case is probably that we have exactly one 185 185 - + * fid for the given path, so preallocate exactly one. 186 186 - + */ 187 187 - + g_autoptr(GArray) to_reopen = g_array_sized_new(FALSE, FALSE, 188 188 - + sizeof(V9fsFidState *), 1); 189 189 - + gint i; 190 190 - 191 191 - - fidp = QSIMPLEQ_FIRST(&s->fid_list); 192 192 - - if (!fidp) { 193 193 - - return 0; 194 194 - - } 195 195 - + g_hash_table_iter_init(&iter, s->fids); 196 196 - 197 197 - /* 198 198 - - * v9fs_reopen_fid() can yield : a reference on the fid must be held 199 199 - - * to ensure its pointer remains valid and we can safely pass it to 200 200 - - * QSIMPLEQ_NEXT(). The corresponding put_fid() can also yield so 201 201 - - * we must keep a reference on the next fid as well. So the logic here 202 202 - - * is to get a reference on a fid and only put it back during the next 203 203 - - * iteration after we could get a reference on the next fid. Start with 204 204 - - * the first one. 205 205 - + * We iterate over the fid table looking for the entries we need 206 206 - + * to reopen, and store them in to_reopen. This is because 207 207 - + * v9fs_reopen_fid() and put_fid() yield. This allows the fid table 208 208 - + * to be modified in the meantime, invalidating our iterator. 209 209 - */ 210 210 - - for (fidp->ref++; fidp; fidp = fidp_next) { 211 211 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &fidp)) { 212 212 - if (fidp->path.size == path->size && 213 213 - !memcmp(fidp->path.data, path->data, path->size)) { 214 214 - - /* Mark the fid non reclaimable. */ 215 215 - - fidp->flags |= FID_NON_RECLAIMABLE; 216 216 - - 217 217 - - /* reopen the file/dir if already closed */ 218 218 - - err = v9fs_reopen_fid(pdu, fidp); 219 219 - - if (err < 0) { 220 220 - - put_fid(pdu, fidp); 221 221 - - return err; 222 222 - - } 223 223 - - } 224 224 - - 225 225 - - fidp_next = QSIMPLEQ_NEXT(fidp, next); 226 226 - - 227 227 - - if (fidp_next) { 228 228 - /* 229 229 - - * Ensure the next fid survives a potential clunk request during 230 230 - - * put_fid() below and v9fs_reopen_fid() in the next iteration. 231 231 - + * Ensure the fid survives a potential clunk request during 232 232 - + * v9fs_reopen_fid or put_fid. 233 233 - */ 234 234 - - fidp_next->ref++; 235 235 - + fidp->ref++; 236 236 - + fidp->flags |= FID_NON_RECLAIMABLE; 237 237 - + g_array_append_val(to_reopen, fidp); 238 238 - } 239 239 - + } 240 240 - 241 241 - - /* We're done with this fid */ 242 242 - - put_fid(pdu, fidp); 243 243 - + for (i = 0; i < to_reopen->len; i++) { 244 244 - + fidp = g_array_index(to_reopen, V9fsFidState*, i); 245 245 - + /* reopen the file/dir if already closed */ 246 246 - + err = v9fs_reopen_fid(pdu, fidp); 247 247 - + if (err < 0) { 248 248 - + break; 249 249 - + } 250 250 - } 251 251 - 252 252 - - return 0; 253 253 - + for (i = 0; i < to_reopen->len; i++) { 254 254 - + put_fid(pdu, g_array_index(to_reopen, V9fsFidState*, i)); 255 255 - + } 256 256 - + return err; 257 257 - } 258 258 - 259 259 - static void coroutine_fn virtfs_reset(V9fsPDU *pdu) 260 260 - { 261 261 - V9fsState *s = pdu->s; 262 262 - V9fsFidState *fidp; 263 263 - + GList *freeing; 264 264 - + /* 265 265 - + * Get a list of all the values (fid states) in the table, which 266 266 - + * we then... 267 267 - + */ 268 268 - + g_autoptr(GList) fids = g_hash_table_get_values(s->fids); 269 269 - 270 270 - - /* Free all fids */ 271 271 - - while (!QSIMPLEQ_EMPTY(&s->fid_list)) { 272 272 - - /* Get fid */ 273 273 - - fidp = QSIMPLEQ_FIRST(&s->fid_list); 274 274 - - fidp->ref++; 275 275 - + /* ... remove from the table, taking over ownership. */ 276 276 - + g_hash_table_steal_all(s->fids); 277 277 - 278 278 - - /* Clunk fid */ 279 279 - - QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next); 280 280 - + /* 281 281 - + * This allows us to release our references to them asynchronously without 282 282 - + * iterating over the hash table and risking iterator invalidation 283 283 - + * through concurrent modifications. 284 284 - + */ 285 285 - + for (freeing = fids; freeing; freeing = freeing->next) { 286 286 - + fidp = freeing->data; 287 287 - + fidp->ref++; 288 288 - fidp->clunked = true; 289 289 - - 290 290 - put_fid(pdu, fidp); 291 291 - } 292 292 - } 293 293 - @@ -3205,6 +3222,8 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, 294 294 - V9fsFidState *tfidp; 295 295 - V9fsState *s = pdu->s; 296 296 - V9fsFidState *dirfidp = NULL; 297 297 - + GHashTableIter iter; 298 298 - + gpointer fid; 299 299 - 300 300 - v9fs_path_init(&new_path); 301 301 - if (newdirfid != -1) { 302 302 - @@ -3238,11 +3257,13 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, 303 303 - if (err < 0) { 304 304 - goto out; 305 305 - } 306 306 - + 307 307 - /* 308 308 - * Fixup fid's pointing to the old name to 309 309 - * start pointing to the new name 310 310 - */ 311 311 - - QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) { 312 312 - + g_hash_table_iter_init(&iter, s->fids); 313 313 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) { 314 314 - if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { 315 315 - /* replace the name */ 316 316 - v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); 317 317 - @@ -3320,6 +3341,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir, 318 318 - V9fsPath oldpath, newpath; 319 319 - V9fsState *s = pdu->s; 320 320 - int err; 321 321 - + GHashTableIter iter; 322 322 - + gpointer fid; 323 323 - 324 324 - v9fs_path_init(&oldpath); 325 325 - v9fs_path_init(&newpath); 326 326 - @@ -3336,7 +3359,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir, 327 327 - * Fixup fid's pointing to the old name to 328 328 - * start pointing to the new name 329 329 - */ 330 330 - - QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) { 331 331 - + g_hash_table_iter_init(&iter, s->fids); 332 332 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) { 333 333 - if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { 334 334 - /* replace the name */ 335 335 - v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); 336 336 - @@ -4226,7 +4250,7 @@ int v9fs_device_realize_common(V9fsState *s, const V9fsTransport *t, 337 337 - s->ctx.fmode = fse->fmode; 338 338 - s->ctx.dmode = fse->dmode; 339 339 - 340 340 - - QSIMPLEQ_INIT(&s->fid_list); 341 341 - + s->fids = g_hash_table_new(NULL, NULL); 342 342 - qemu_co_rwlock_init(&s->rename_lock); 343 343 - 344 344 - if (s->ops->init(&s->ctx, errp) < 0) { 345 345 - @@ -4286,6 +4310,10 @@ void v9fs_device_unrealize_common(V9fsState *s) 346 346 - if (s->ctx.fst) { 347 347 - fsdev_throttle_cleanup(s->ctx.fst); 348 348 - } 349 349 - + if (s->fids) { 350 350 - + g_hash_table_destroy(s->fids); 351 351 - + s->fids = NULL; 352 352 - + } 353 353 - g_free(s->tag); 354 354 - qp_table_destroy(&s->qpd_table); 355 355 - qp_table_destroy(&s->qpp_table); 356 356 - diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h 357 357 - index 994f952600..10fd2076c2 100644 358 358 - --- a/hw/9pfs/9p.h 359 359 - +++ b/hw/9pfs/9p.h 360 360 - @@ -339,7 +339,7 @@ typedef struct { 361 361 - struct V9fsState { 362 362 - QLIST_HEAD(, V9fsPDU) free_list; 363 363 - QLIST_HEAD(, V9fsPDU) active_list; 364 364 - - QSIMPLEQ_HEAD(, V9fsFidState) fid_list; 365 365 - + GHashTable *fids; 366 366 - FileOperations *ops; 367 367 - FsContext ctx; 368 368 - char *tag; 369 369 - -- 370 370 - 2.36.2 371 371 -

+5 -11

pkgs/applications/virtualization/qemu/default.nix

··· 2 2 , perl, pixman, vde2, alsa-lib, texinfo, flex 3 3 , bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool 4 4 , makeWrapper, runtimeShell, removeReferencesTo 5 5 - , attr, libcap, libcap_ng, socat 5 5 + , attr, libcap, libcap_ng, socat, libslirp 6 6 , CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet 7 7 , guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows 8 8 , numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl ··· 42 42 + lib.optionalString xenSupport "-xen" 43 43 + lib.optionalString hostCpuOnly "-host-cpu-only" 44 44 + lib.optionalString nixosTestRunner "-for-vm-tests"; 45 45 - version = "7.1.0"; 45 45 + version = "7.2.0"; 46 46 47 47 src = fetchurl { 48 48 url = "https://download.qemu.org/qemu-${version}.tar.xz"; 49 49 - sha256 = "1rmvrgqjhrvcmchnz170dxvrrf14n6nm39y8ivrprmfydd9lwqx0"; 49 49 + sha256 = "sha256-W0nOJod0Ta1JSukKiYxSIEo0BuhNBySCoeG+hU7rIVc="; 50 50 }; 51 51 52 52 depsBuildBuild = [ buildPackages.stdenv.cc ]; ··· 57 57 58 58 buildInputs = [ zlib glib perl pixman 59 59 vde2 texinfo lzo snappy libtasn1 60 60 - gnutls nettle curl 60 60 + gnutls nettle curl libslirp 61 61 ] 62 62 ++ lib.optionals ncursesSupport [ ncurses ] 63 63 ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ] ··· 111 111 sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E="; 112 112 revert = true; 113 113 }) 114 114 - ./9pfs-use-GHashTable-for-fid-table.patch 115 115 - (fetchpatch { 116 116 - name = "CVE-2022-3165.patch"; 117 117 - url = "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7.patch"; 118 118 - sha256 = "sha256-YPhm580lBNuAv7G1snYccKZ2V5ycdV8Ri8mTw5jjFBc="; 119 119 - }) 120 114 ] 121 115 ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch; 122 116 123 117 postPatch = '' 124 118 # Otherwise tries to ensure /var/run exists. 125 125 - sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \ 119 119 + sed -i "/install_emptydir(get_option('localstatedir') \/ 'run')/d" \ 126 120 qga/meson.build 127 121 ''; 128 122

+16 -26

pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch

··· 1 1 - From 756021d1e433925cf9a732d7ea67b01b0beb061c Mon Sep 17 00:00:00 2001 2 2 - From: Will Cohen <willcohen@users.noreply.github.com> 3 3 - Date: Tue, 29 Mar 2022 14:00:56 -0400 4 4 - Subject: [PATCH] Revert "ui/cocoa: Add clipboard support" 5 5 - 6 6 - This reverts commit 7e3e20d89129614f4a7b2451fe321cc6ccca3b76. 7 7 - --- 8 8 - include/ui/clipboard.h | 2 +- 9 9 - ui/clipboard.c | 2 +- 10 10 - ui/cocoa.m | 123 ----------------------------------------- 11 11 - 3 files changed, 2 insertions(+), 125 deletions(-) 1 1 + Based on a reversion of upstream 7e3e20d89129614f4a7b2451fe321cc6ccca3b76, 2 2 + adapted for 7.2.0 12 3 13 4 diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h 14 5 index ce76aa451f..c4e1dc4ff4 100644 ··· 24 15 25 16 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuClipboardInfo, qemu_clipboard_info_unref) 26 17 diff --git a/ui/clipboard.c b/ui/clipboard.c 27 27 - index 9079ef829b..6b9ed59e1b 100644 18 18 + index 3d14bffaf8..2c3f4c3ba0 100644 28 19 --- a/ui/clipboard.c 29 20 +++ b/ui/clipboard.c 30 30 - @@ -140,7 +140,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, 21 21 + @@ -154,7 +154,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, 31 22 QemuClipboardInfo *info, 32 23 QemuClipboardType type, 33 24 uint32_t size, ··· 37 28 { 38 29 if (!info || 39 30 diff --git a/ui/cocoa.m b/ui/cocoa.m 40 40 - index 5a8bd5dd84..79ed6d043f 100644 31 31 + index 660d3e0935..0e6760c360 100644 41 32 --- a/ui/cocoa.m 42 33 +++ b/ui/cocoa.m 43 34 @@ -29,7 +29,6 @@ ··· 48 39 #include "ui/console.h" 49 40 #include "ui/input.h" 50 41 #include "ui/kbd-state.h" 51 51 - @@ -109,10 +108,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, 52 52 - static QemuSemaphore app_started_sem; 42 42 + @@ -105,10 +104,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, 43 43 + 53 44 static bool allow_events; 54 45 55 46 -static NSInteger cbchangecount = -1; ··· 59 50 // Utility functions to run specified code block with iothread lock held 60 51 typedef void (^CodeBlock)(void); 61 52 typedef bool (^BoolCodeBlock)(void); 62 62 - @@ -1815,107 +1810,6 @@ static void addRemovableDevicesMenuItems(void) 53 53 + @@ -1799,107 +1794,6 @@ static void addRemovableDevicesMenuItems(void) 63 54 qapi_free_BlockInfoList(pointerToFree); 64 55 } 65 56 ··· 167 158 /* 168 159 * The startup process for the OSX/Cocoa UI is complicated, because 169 160 * OSX insists that the UI runs on the initial main thread, and so we 170 170 - @@ -1950,7 +1844,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info, 171 171 - COCOA_DEBUG("Second thread: calling qemu_main()\n"); 172 172 - status = qemu_main(gArgc, gArgv, *_NSGetEnviron()); 173 173 - COCOA_DEBUG("Second thread: qemu_main() returned, exiting\n"); 161 161 + @@ -1922,7 +1816,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info, 162 162 + status = qemu_default_main(); 163 163 + qemu_mutex_unlock_iothread(); 164 164 + COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n"); 174 165 - [cbowner release]; 175 166 exit(status); 176 167 } 177 168 178 178 - @@ -2066,18 +1959,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl) 169 169 + @@ -2003,18 +1896,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl) 179 170 [cocoaView setAbsoluteEnabled:YES]; 180 171 }); 181 172 } ··· 194 185 [pool release]; 195 186 } 196 187 197 197 - @@ -2117,10 +1998,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) 188 188 + @@ -2071,12 +1952,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) 198 189 199 190 // register vga output callbacks 200 191 register_displaychangelistener(&dcl); ··· 202 193 - qemu_event_init(&cbevent, false); 203 194 - cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init]; 204 195 - qemu_clipboard_peer_register(&cbpeer); 196 196 + - 197 197 + - [pool release]; 205 198 } 206 199 207 200 static QemuDisplay qemu_display_cocoa = { 208 208 - -- 209 209 - 2.35.1 210 210 -

+3 -3

pkgs/development/compilers/gleam/default.nix

··· 2 2 3 3 rustPlatform.buildRustPackage rec { 4 4 pname = "gleam"; 5 5 - version = "0.25.1"; 5 5 + version = "0.25.3"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "gleam-lang"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-PzvFX1ssBPXhHBNGK38y427HYJ9Q40c4w2mqGZ/2rtI="; 11 11 + sha256 = "sha256-JT9NUca+DaqxT36heaNKijIuqdnSvrYCfY2uM7wTOGo="; 12 12 }; 13 13 14 14 nativeBuildInputs = [ pkg-config ]; ··· 16 16 buildInputs = [ openssl ] ++ 17 17 lib.optionals stdenv.isDarwin [ Security libiconv ]; 18 18 19 19 - cargoSha256 = "sha256-NeNpT/yOXE70ElawrOGBc4G5bN2ohzYVVUtF4yVCJOo="; 19 19 + cargoSha256 = "sha256-YPyGCd4//yta3jy5tWB4C5yRgxNbfG+hGF5/QSch/6M="; 20 20 21 21 meta = with lib; { 22 22 description = "A statically typed language for the Erlang VM";

+13 -31

pkgs/development/compilers/julia/1.8.nix

··· 12 12 , libwhich 13 13 , libxml2 14 14 , libunwind 15 15 - , libgit2 16 15 , curl 17 17 - , nghttp2 18 18 - , mbedtls_2 19 19 - , libssh2 20 16 , gmp 21 21 - , mpfr 22 17 , suitesparse 23 18 , utf8proc 24 19 , zlib 25 20 , p7zip 26 21 , ncurses 27 27 - , pcre2 28 22 }: 29 23 30 24 stdenv.mkDerivation rec { ··· 41 35 path = name: "https://raw.githubusercontent.com/archlinux/svntogit-community/6fd126d089d44fdc875c363488a7c7435a223cec/trunk/${name}"; 42 36 in 43 37 [ 44 44 - # Pull upstream fix to fix tests mpfr-4.1.1 45 45 - # https://github.com/JuliaLang/julia/pull/47659 46 46 - (fetchpatch { 47 47 - name = "mfr-4.1.1.patch"; 48 48 - url = "https://github.com/JuliaLang/julia/commit/59965205ccbdffb4e25e1b60f651ca9df79230a4.patch"; 49 49 - hash = "sha256-QJ5wxZMhz+or8BqcYv/5fNSTxDAvdSizTYqt7630kcw="; 50 50 - includes = [ "stdlib/MPFR_jll/test/runtests.jl" ]; 51 51 - }) 52 52 - 53 38 (fetchurl { 54 39 url = path "julia-hardcoded-libs.patch"; 55 40 sha256 = "sha256-kppSpVA7bRohd0wXDs4Jgct9ocHnpbeiiSz7ElFom1U="; ··· 77 62 buildInputs = [ 78 63 libxml2 79 64 libunwind 80 80 - libgit2 81 65 curl 82 82 - nghttp2 83 83 - mbedtls_2 84 84 - libssh2 85 66 gmp 86 86 - mpfr 87 67 utf8proc 88 68 zlib 89 69 p7zip 90 90 - pcre2 91 70 ]; 92 71 93 72 JULIA_RPATH = lib.makeLibraryPath (buildInputs ++ [ stdenv.cc.cc gfortran.cc ncurses ]); ··· 106 85 "USE_SYSTEM_CSL=1" 107 86 "USE_SYSTEM_LLVM=0" # a patched version is required 108 87 "USE_SYSTEM_LIBUNWIND=1" 109 109 - "USE_SYSTEM_PCRE=1" 88 88 + "USE_SYSTEM_PCRE=0" # version checks 110 89 "USE_SYSTEM_LIBM=0" 111 90 "USE_SYSTEM_OPENLIBM=0" 112 91 "USE_SYSTEM_DSFMT=0" # not available in nixpkgs 113 92 "USE_SYSTEM_LIBBLASTRAMPOLINE=0" # not available in nixpkgs 114 93 "USE_SYSTEM_BLAS=0" # test failure 115 94 "USE_SYSTEM_LAPACK=0" # test failure 116 116 - "USE_SYSTEM_GMP=1" 117 117 - "USE_SYSTEM_MPFR=1" 95 95 + "USE_SYSTEM_GMP=1" # version checks, but bundled version fails build 96 96 + "USE_SYSTEM_MPFR=0" # version checks 118 97 "USE_SYSTEM_LIBSUITESPARSE=0" # test failure 119 98 "USE_SYSTEM_LIBUV=0" # a patched version is required 120 99 "USE_SYSTEM_UTF8PROC=1" 121 121 - "USE_SYSTEM_MBEDTLS=1" 122 122 - "USE_SYSTEM_LIBSSH2=1" 123 123 - "USE_SYSTEM_NGHTTP2=1" 100 100 + "USE_SYSTEM_MBEDTLS=0" # version checks 101 101 + "USE_SYSTEM_LIBSSH2=0" # version checks 102 102 + "USE_SYSTEM_NGHTTP2=0" # version checks 124 103 "USE_SYSTEM_CURL=1" 125 125 - "USE_SYSTEM_LIBGIT2=1" 104 104 + "USE_SYSTEM_LIBGIT2=0" # version checks 126 105 "USE_SYSTEM_PATCHELF=1" 127 106 "USE_SYSTEM_LIBWHICH=1" 128 128 - "USE_SYSTEM_ZLIB=1" 107 107 + "USE_SYSTEM_ZLIB=1" # version checks, but the system zlib is used anyway 129 108 "USE_SYSTEM_P7ZIP=1" 130 130 - 131 131 - "PCRE_INCL_PATH=${pcre2.dev}/include/pcre2.h" 109 109 + ] ++ lib.optionals stdenv.isx86_64 [ 110 110 + # https://github.com/JuliaCI/julia-buildbot/blob/master/master/inventory.py 111 111 + "JULIA_CPU_TARGET=generic;sandybridge,-xsaveopt,clone_all;haswell,-rdrnd,base(1)" 112 112 + ] ++ lib.optionals stdenv.isAarch64 [ 113 113 + "JULIA_CPU_TERGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" 132 114 ]; 133 115 134 116 doInstallCheck = true;

+1 -1

pkgs/development/compilers/julia/patches/1.8/0001-skip-symlink-system-libraries.patch

··· 1 1 - From 1faa30525c9671ffd3a08901896b521a040d7e5c Mon Sep 17 00:00:00 2001 1 1 + From b2a58160fd194858267c433ae551f24840a0b3f4 Mon Sep 17 00:00:00 2001 2 2 From: Nick Cao <nickcao@nichi.co> 3 3 Date: Tue, 20 Sep 2022 18:42:08 +0800 4 4 Subject: [PATCH 1/4] skip symlink system libraries

+3 -3

pkgs/development/compilers/julia/patches/1.8/0002-skip-building-doc.patch

··· 1 1 - From 05c008dcabaf94f5623f2f7e267005eef0a8c5fc Mon Sep 17 00:00:00 2001 1 1 + From ddf422a97973a1f4d2d4d32272396c7165580702 Mon Sep 17 00:00:00 2001 2 2 From: Nick Cao <nickcao@nichi.co> 3 3 Date: Tue, 20 Sep 2022 18:42:31 +0800 4 4 Subject: [PATCH 2/4] skip building doc ··· 8 8 1 file changed, 1 insertion(+), 1 deletion(-) 9 9 10 10 diff --git a/Makefile b/Makefile 11 11 - index d38311dce..a775d36e1 100644 11 11 + index 57b595310..563be74c9 100644 12 12 --- a/Makefile 13 13 +++ b/Makefile 14 14 - @@ -227,7 +227,7 @@ define stringreplace 14 14 + @@ -229,7 +229,7 @@ define stringreplace 15 15 endef 16 16 17 17

+25

pkgs/development/compilers/julia/patches/1.8/0003-skip-failing-and-flaky-tests.patch

··· 1 1 + From ed596b33005a438109f0078ed0ba30ebe464b4b5 Mon Sep 17 00:00:00 2001 2 2 + From: Nick Cao <nickcao@nichi.co> 3 3 + Date: Tue, 20 Sep 2022 18:42:59 +0800 4 4 + Subject: [PATCH 3/4] skip failing and flaky tests 5 5 + 6 6 + --- 7 7 + test/Makefile | 2 +- 8 8 + 1 file changed, 1 insertion(+), 1 deletion(-) 9 9 + 10 10 + diff --git a/test/Makefile b/test/Makefile 11 11 + index 24e137a5b..553d9d095 100644 12 12 + --- a/test/Makefile 13 13 + +++ b/test/Makefile 14 14 + @@ -23,7 +23,7 @@ default: 15 15 + 16 16 + $(TESTS): 17 17 + @cd $(SRCDIR) && \ 18 18 + - $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@) 19 19 + + $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip MozillaCACerts_jll --skip NetworkOptions --skip Zlib_jll --skip GMP_jll --skip channels $@) 20 20 + 21 21 + $(addprefix revise-, $(TESTS)): revise-% : 22 22 + @cd $(SRCDIR) && \ 23 23 + -- 24 24 + 2.38.1 25 25 +

+3 -3

pkgs/development/compilers/julia/patches/1.8/0003-skip-failing-tests.patch

··· 1 1 - From 756d4e977f8f224e20effa82c612e5a9cc14d82e Mon Sep 17 00:00:00 2001 1 1 + From f91c8c6364eb321dd5e66fa443472fca6bcda7d6 Mon Sep 17 00:00:00 2001 2 2 From: Nick Cao <nickcao@nichi.co> 3 3 Date: Tue, 20 Sep 2022 18:42:59 +0800 4 4 Subject: [PATCH 3/4] skip failing tests ··· 8 8 1 file changed, 1 insertion(+), 1 deletion(-) 9 9 10 10 diff --git a/test/Makefile b/test/Makefile 11 11 - index 24e137a5b..c17ccea8a 100644 11 11 + index 24e137a5b..2b30ab392 100644 12 12 --- a/test/Makefile 13 13 +++ b/test/Makefile 14 14 @@ -23,7 +23,7 @@ default: ··· 16 16 $(TESTS): 17 17 @cd $(SRCDIR) && \ 18 18 - $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@) 19 19 - + $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip LibGit2_jll --skip MozillaCACerts_jll --skip NetworkOptions --skip nghttp2_jll --skip Zlib_jll --skip MbedTLS_jll $@) 19 19 + + $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip MozillaCACerts_jll --skip NetworkOptions --skip Zlib_jll --skip GMP_jll $@) 20 20 21 21 $(addprefix revise-, $(TESTS)): revise-% : 22 22 @cd $(SRCDIR) && \

+1 -1

pkgs/development/compilers/julia/patches/1.8/0004-ignore-absolute-path-when-loading-library.patch

··· 1 1 - From c0e587f4c50bd7bedfe6e5102e9b47c9704fac9b Mon Sep 17 00:00:00 2001 1 1 + From 4bd87f2f3151ad07d311f7d33c2b890977aca93d Mon Sep 17 00:00:00 2001 2 2 From: Nick Cao <nickcao@nichi.co> 3 3 Date: Tue, 20 Sep 2022 18:43:15 +0800 4 4 Subject: [PATCH 4/4] ignore absolute path when loading library

+1 -1

pkgs/development/compilers/rust/make-rust-platform.nix

··· 18 18 fetchCargoTarball importCargoLock rustc; 19 19 }; 20 20 21 21 - importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix {}; 21 21 + importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix { inherit cargo; }; 22 22 23 23 rustcSrc = callPackage ./rust-src.nix { 24 24 inherit runCommand rustc;

+3 -1

pkgs/development/libraries/grpc/default.nix

··· 60 60 # only an issue with the useLLVM stdenv, not the darwin stdenv… 61 61 # https://github.com/grpc/grpc/issues/26473#issuecomment-860885484 62 62 useLLVMAndOldCC = (stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "11.0"; 63 63 - cxxStandard = if useLLVMAndOldCC then "11" else "17"; 63 63 + # With GCC 9 (current aarch64-linux) it fails with c++17 but OK with c++14. 64 64 + useOldGCC = !(stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "10"; 65 65 + cxxStandard = if useLLVMAndOldCC then "11" else if useOldGCC then "14" else "17"; 64 66 in 65 67 [ 66 68 "-DgRPC_ZLIB_PROVIDER=package"

+2 -2

pkgs/development/libraries/mbedtls/2.nix

··· 1 1 { callPackage }: 2 2 3 3 callPackage ./generic.nix { 4 4 - version = "2.28.1"; 5 5 - hash = "sha256-brbZB3fINDeVWXf50ct4bxYkoBVyD6bBBijZyFQSnyw="; 4 4 + version = "2.28.2"; 5 5 + hash = "sha256-rbWvPrFoY31QyW/TbMndPXTzAJS6qT/bo6J0IL6jRvQ="; 6 6 }

+2 -2

pkgs/development/libraries/mbedtls/3.nix

··· 1 1 { callPackage }: 2 2 3 3 callPackage ./generic.nix { 4 4 - version = "3.2.1"; 5 5 - hash = "sha256-+M36NvFe4gw2PRbld/2JV3yBGrqK6soWcmrSEkUNcrc="; 4 4 + version = "3.3.0"; 5 5 + hash = "sha256-yb5migP5Tcw99XHFzJkCct4f5R6ztxPR43VQcfTGRtE="; 6 6 }

+8 -4

pkgs/development/libraries/mbedtls/generic.nix

··· 32 32 perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD # POSIX thread wrapper layer for the threading layer. 33 33 ''; 34 34 35 35 - cmakeFlags = [ "-DUSE_SHARED_MBEDTLS_LIBRARY=on" ]; 36 36 - NIX_CFLAGS_COMPILE = lib.optionals stdenv.cc.isGNU [ 37 37 - "-Wno-error=format" 38 38 - "-Wno-error=format-truncation" 35 35 + cmakeFlags = [ 36 36 + "-DUSE_SHARED_MBEDTLS_LIBRARY=on" 37 37 + 38 38 + # Avoid a dependency on jsonschema and jinja2 by not generating source code 39 39 + # using python. In releases, these generated files are already present in 40 40 + # the repository and do not need to be regenerated. See: 41 41 + # https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 below "Requirement changes". 42 42 + "-DGEN_FILES=off" 39 43 ]; 40 44 41 45 meta = with lib; {

+1 -1

pkgs/development/mobile/androidenv/compose-android-packages.nix

··· 123 123 124 124 build-tools = map (version: 125 125 callPackage ./build-tools.nix { 126 126 - inherit deployAndroidPackage; 126 126 + inherit deployAndroidPackage os; 127 127 package = packages.build-tools.${version}; 128 128 } 129 129 ) buildToolsVersions;

+5 -2

pkgs/development/ocaml-modules/apron/default.nix

··· 1 1 - { stdenv, lib, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl }: 1 1 + { stdenv, lib, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl 2 2 + , gnumake42 3 3 + }: 2 4 3 5 stdenv.mkDerivation rec { 4 6 pname = "ocaml${ocaml.version}-apron"; ··· 10 12 sha256 = "14ymjahqdxj26da8wik9d5dzlxn81b3z1iggdl7rn2nn06jy7lvy"; 11 13 }; 12 14 13 13 - nativeBuildInputs = [ ocaml findlib perl ]; 15 15 + # fails with make 4.4 16 16 + nativeBuildInputs = [ ocaml findlib perl gnumake42 ]; 14 17 buildInputs = [ gmp mpfr ppl camlidl ]; 15 18 propagatedBuildInputs = [ mlgmpidl ]; 16 19

+3 -5

pkgs/development/ocaml-modules/lru/default.nix

··· 2 2 3 3 buildDunePackage rec { 4 4 pname = "lru"; 5 5 - version = "0.3.0"; 6 6 - 7 7 - useDune2 = true; 5 5 + version = "0.3.1"; 8 6 9 7 src = fetchurl { 10 10 - url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-v${version}.tbz"; 11 11 - sha256 = "1ab9rd7cq15ml8x0wjl44wy99h5z7x4g9vkkz4i2d7n84ghy7vw4"; 8 8 + url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-${version}.tbz"; 9 9 + hash = "sha256-bL4j0np9WyRPhpwLiBQNR/cPQTpkYu81wACTJdSyNv0="; 12 10 }; 13 11 14 12 propagatedBuildInputs = [ psq ];

+2 -2

pkgs/development/python-modules/adafruit-platformdetect/default.nix

··· 7 7 8 8 buildPythonPackage rec { 9 9 pname = "adafruit-platformdetect"; 10 10 - version = "3.37.0"; 10 10 + version = "3.38.0"; 11 11 format = "setuptools"; 12 12 13 13 disabled = pythonOlder "3.7"; ··· 15 15 src = fetchPypi { 16 16 pname = "Adafruit-PlatformDetect"; 17 17 inherit version; 18 18 - hash = "sha256-vhBx/NABOD2patBzI15XZqbTTtbf3rTUIDx1sYg+yYg="; 18 18 + hash = "sha256-USnOf/nwuAyZpvy/cXpQtkWKXPKu0hj1HFwolrpecQM="; 19 19 }; 20 20 21 21 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/azure-mgmt-resource/default.nix

··· 9 9 10 10 buildPythonPackage rec { 11 11 pname = "azure-mgmt-resource"; 12 12 - version = "21.2.1"; 12 12 + version = "22.0.0"; 13 13 format = "setuptools"; 14 14 15 15 disabled = pythonOlder "3.7"; ··· 17 17 src = fetchPypi { 18 18 inherit pname version; 19 19 extension = "zip"; 20 20 - hash = "sha256-vSBg1WOT/+Ykao8spn51Tt0D7Ae5dWMLMK4DqIYFl6c="; 20 20 + hash = "sha256-/rXZeeGLUvLP0CO0oKM+VKb3bMaiUtyM117OLGMpjpQ="; 21 21 }; 22 22 23 23 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/brother/default.nix

··· 11 11 12 12 buildPythonPackage rec { 13 13 pname = "brother"; 14 14 - version = "2.0.0"; 14 14 + version = "2.1.1"; 15 15 format = "setuptools"; 16 16 17 17 disabled = pythonOlder "3.8"; ··· 20 20 owner = "bieniu"; 21 21 repo = pname; 22 22 rev = "refs/tags/${version}"; 23 23 - hash = "sha256-pk9VBFha2NfQWI+fbWwGKcGFa93eKr5Cqh85r1CAXpI="; 23 23 + hash = "sha256-jMvbZ4/NOA3dnJUdDWk2KTRz1gBOC+oDE0ChGNdFl1o="; 24 24 }; 25 25 26 26 propagatedBuildInputs = [

+3 -2

pkgs/development/python-modules/discogs-client/default.nix

··· 10 10 11 11 buildPythonPackage rec { 12 12 pname = "discogs-client"; 13 13 - version = "2.5"; 13 13 + version = "2.6"; 14 14 format = "setuptools"; 15 15 16 16 disabled = pythonOlder "3.7"; ··· 19 19 owner = "joalla"; 20 20 repo = "discogs_client"; 21 21 rev = "refs/tags/v${version}"; 22 22 - sha256 = "sha256-whLneq8RE1bok8jPlOteqIb5U07TvEa0O2mrzORp5HU="; 22 22 + hash = "sha256-Si1EH5TalNC3BY7L/GqbGSCjDBWzbodB4NZlNayhZYs="; 23 23 }; 24 24 25 25 propagatedBuildInputs = [ ··· 39 39 meta = with lib; { 40 40 description = "Unofficial Python API client for Discogs"; 41 41 homepage = "https://github.com/joalla/discogs_client"; 42 42 + changelog = "https://github.com/joalla/discogs_client/releases/tag/v${version}"; 42 43 license = licenses.bsd2; 43 44 maintainers = with maintainers; [ fab ]; 44 45 };

+2 -2

pkgs/development/python-modules/peaqevcore/default.nix

··· 6 6 7 7 buildPythonPackage rec { 8 8 pname = "peaqevcore"; 9 9 - version = "9.1.0"; 9 9 + version = "9.2.2"; 10 10 format = "setuptools"; 11 11 12 12 disabled = pythonOlder "3.7"; 13 13 14 14 src = fetchPypi { 15 15 inherit pname version; 16 16 - hash = "sha256-6SA+JdZwF2Q0RrlPlJvsTXDofrluVcQ+hVMlSFYTjxw="; 16 16 + hash = "sha256-Azco/ZFWDqb+gTskW3V44YJ9Zi3Fg2nYLY4PXvqOrRo="; 17 17 }; 18 18 19 19 postPatch = ''

+2 -2

pkgs/development/python-modules/pyairvisual/default.nix

··· 15 15 16 16 buildPythonPackage rec { 17 17 pname = "pyairvisual"; 18 18 - version = "2022.12.0"; 18 18 + version = "2022.12.1"; 19 19 format = "pyproject"; 20 20 21 21 disabled = pythonOlder "3.9"; ··· 24 24 owner = "bachya"; 25 25 repo = pname; 26 26 rev = version; 27 27 - hash = "sha256-vuniAmjbC3EmFliLFhZ1LQvh533XeLGaIn8ll/Etb/4="; 27 27 + hash = "sha256-xzTho4HsIU2YLURz9DfFfaRL3tsrtVi8n5IA2bRkyzw="; 28 28 }; 29 29 30 30 nativeBuildInputs = [

+6 -3

pkgs/development/python-modules/pymyq/default.nix

··· 9 9 10 10 buildPythonPackage rec { 11 11 pname = "pymyq"; 12 12 - version = "3.1.5"; 12 12 + version = "3.1.6"; 13 13 disabled = pythonOlder "3.8"; 14 14 15 15 src = fetchFromGitHub { 16 16 owner = "arraylabs"; 17 17 repo = pname; 18 18 rev = "refs/tags/v${version}"; 19 19 - sha256 = "sha256-/2eWB4rtHPptfc8Tm0CGk0UB+Hq1EmNhWmdrpPiUJcw="; 19 19 + hash = "sha256-zhGCoZ7mkHlfDjEbQihtM23u+N6nfYsQhKmrloevzp8="; 20 20 }; 21 21 22 22 propagatedBuildInputs = [ ··· 28 28 # Project has no tests 29 29 doCheck = false; 30 30 31 31 - pythonImportsCheck = [ "pymyq" ]; 31 31 + pythonImportsCheck = [ 32 32 + "pymyq" 33 33 + ]; 32 34 33 35 meta = with lib; { 34 36 description = "Python wrapper for MyQ API"; 35 37 homepage = "https://github.com/arraylabs/pymyq"; 38 38 + changelog = "https://github.com/arraylabs/pymyq/releases/tag/v${version}"; 36 39 license = with licenses; [ mit ]; 37 40 maintainers = with maintainers; [ fab ]; 38 41 };

+2 -2

pkgs/development/python-modules/pyswitchbot/default.nix

··· 9 9 10 10 buildPythonPackage rec { 11 11 pname = "pyswitchbot"; 12 12 - version = "0.23.1"; 12 12 + version = "0.23.2"; 13 13 format = "setuptools"; 14 14 15 15 disabled = pythonOlder "3.7"; ··· 18 18 owner = "Danielhiversen"; 19 19 repo = "pySwitchbot"; 20 20 rev = "refs/tags/${version}"; 21 21 - hash = "sha256-vBXOZ+AhhqWUD6XukmkHF4wjjJxXbK7r0V+qCuZGc6s="; 21 21 + hash = "sha256-bpa83uT3Gebwryb7Fc7kBv0m9aYgoL84Q625AavLw40="; 22 22 }; 23 23 24 24 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/twilio/default.nix

··· 14 14 15 15 buildPythonPackage rec { 16 16 pname = "twilio"; 17 17 - version = "7.15.4"; 17 17 + version = "7.16.0"; 18 18 format = "setuptools"; 19 19 20 20 disabled = pythonOlder "3.6"; ··· 23 23 owner = "twilio"; 24 24 repo = "twilio-python"; 25 25 rev = "refs/tags/${version}"; 26 26 - hash = "sha256-V7JLFesMj0W6k9+svgIBAfemDWiyi7DGdFLBk4/wd+8="; 26 26 + hash = "sha256-+cbcINDnPmgNtZeQUOuTwU24Fe0i3xisxTYurV4GW7Y="; 27 27 }; 28 28 29 29 propagatedBuildInputs = [

+2 -1

pkgs/development/tools/build-managers/redo-apenwarr/default.nix

··· 1 1 { stdenv, lib, python3, fetchFromGitHub, which, coreutils 2 2 - , perl, installShellFiles 2 2 + , perl, installShellFiles, gnumake42 3 3 , doCheck ? true 4 4 }: stdenv.mkDerivation rec { 5 5 ··· 53 53 (with python3.pkgs; [ beautifulsoup4 markdown ]) 54 54 which 55 55 installShellFiles 56 56 + gnumake42 # fails with make 4.4 56 57 ]; 57 58 58 59 postInstall = ''

+2 -2

pkgs/development/tools/pip-audit/default.nix

··· 25 25 26 26 buildPythonApplication rec { 27 27 pname = "pip-audit"; 28 28 - version = "2.4.8"; 28 28 + version = "2.4.10"; 29 29 format = "pyproject"; 30 30 31 31 src = fetchFromGitHub { 32 32 owner = "trailofbits"; 33 33 repo = pname; 34 34 rev = "refs/tags/v${version}"; 35 35 - hash = "sha256-j5B/aDDVV/Wb71nVwc4CUxS8AY05AI+n042Q/yNAl0c="; 35 35 + hash = "sha256-/NkV5KNjJfzLhAJEjePHOXqaGIwRJrD0ewe/vpFEYts="; 36 36 }; 37 37 38 38 nativeBuildInputs = [

+10 -10

pkgs/servers/adguardhome/bins.nix

··· 1 1 { fetchurl, fetchzip }: 2 2 { 3 3 x86_64-darwin = fetchzip { 4 4 - sha256 = "sha256-pCyMhfDl371zzc3oXo+n09qNcxMtDQEqaqVW+YIrx28="; 5 5 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_darwin_amd64.zip"; 4 4 + sha256 = "sha256-ViWbvpGU6mk9N8Nstn0urZrcd8JIPs9Ok9806+vUvy0="; 5 5 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_darwin_amd64.zip"; 6 6 }; 7 7 aarch64-darwin = fetchzip { 8 8 - sha256 = "sha256-O2UTzaWaYTkeR3z/O8U/Btigjp/8gns4Y/D9yoX2Hns="; 9 9 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_darwin_arm64.zip"; 8 8 + sha256 = "sha256-ixfeTi2Y44Om7RCKZOw3oJX+FiwTT+s7MSSqowyNKUU="; 9 9 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_darwin_arm64.zip"; 10 10 }; 11 11 i686-linux = fetchurl { 12 12 - sha256 = "sha256-ao/uebGho3CafFEcCfcS+awsC9lO/6z1UL57Yvr/q14="; 13 13 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_386.tar.gz"; 12 12 + sha256 = "sha256-EZzZ8Z6N+wctI/ncLjIAvFgQN1YWOnywhihxF+C6MOs="; 13 13 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_386.tar.gz"; 14 14 }; 15 15 x86_64-linux = fetchurl { 16 16 - sha256 = "sha256-KJIogRRlZFPy3jBb9JeEA7xgZkl9/97cA13rBK6/1fI="; 17 17 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_amd64.tar.gz"; 16 16 + sha256 = "sha256-xU5PxscqBEGNCgA241UbhJcxlNXpCxbFeU7bfmSqf7I="; 17 17 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_amd64.tar.gz"; 18 18 }; 19 19 aarch64-linux = fetchurl { 20 20 - sha256 = "sha256-r8gqUa9dULAYPUB64X4aqyaNf0CpckUNIsWl+VylhaM="; 21 21 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_arm64.tar.gz"; 20 20 + sha256 = "sha256-ajhvvxYwttEaCQXL4WaDcjzk8g0krhIXJv5VHEEdfqg="; 21 21 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_arm64.tar.gz"; 22 22 }; 23 23 }

+1 -1

pkgs/servers/adguardhome/default.nix

··· 7 7 8 8 stdenv.mkDerivation rec { 9 9 pname = "adguardhome"; 10 10 - version = "0.107.20"; 10 10 + version = "0.107.21"; 11 11 src = sources.${system} or (throw "Source for ${pname} is not available for ${system}"); 12 12 13 13 installPhase = ''

+10 -5

pkgs/servers/snappymail/default.nix

··· 1 1 - { lib, stdenv, fetchurl, writeText 2 2 - , dataPath ? "/var/lib/snappymail" }: 1 1 + { lib 2 2 + , stdenv 3 3 + , fetchurl 4 4 + , writeText 5 5 + , dataPath ? "/var/lib/snappymail" 6 6 + }: 7 7 + 3 8 stdenv.mkDerivation rec { 4 9 pname = "snappymail"; 5 5 - version = "2.22.6"; 10 10 + version = "2.23.0"; 6 11 7 12 src = fetchurl { 8 13 url = "https://github.com/the-djmaze/snappymail/releases/download/v${version}/snappymail-${version}.tar.gz"; 9 9 - sha256 = "sha256-B3ojd6Xd5qk6KL5JAnrp52XeW0xJ7z9VJQRPjVmPgv0="; 14 14 + sha256 = "sha256-wOHp0hNxpDa6JPDaGNHG2+TL+YTP3GaKLab/PdxtU20="; 10 15 }; 11 16 12 17 sourceRoot = "snappymail"; ··· 27 32 28 33 meta = with lib; { 29 34 description = "Simple, modern & fast web-based email client"; 30 30 - 31 35 homepage = "https://snappymail.eu"; 36 36 + changelog = "https://github.com/the-djmaze/snappymail/blob/v${version}/CHANGELOG.md"; 32 37 downloadPage = "https://github.com/the-djmaze/snappymail/releases"; 33 38 license = licenses.agpl3; 34 39 platforms = platforms.all;

+37

pkgs/servers/x11/xorg/overrides.nix

··· 814 814 url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.diff"; 815 815 sha256 = "rBiiXQRreMvexW9vOKblcfCYzul+9La01EAhir4FND8="; 816 816 }) 817 817 + ] 818 818 + # TODO: remove with xorgserver >= 21.1.5; https://www.mail-archive.com/xorg-announce@lists.x.org/msg01511.html 819 819 + ++ [ 820 820 + (fetchpatch { 821 821 + name = "CVE-2022-46340.diff"; 822 822 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63.diff"; 823 823 + sha256 = "sha256-XPjLwZcJPLVv1ufgqnUxl73HKcJWWTDy2J/oxFiFnAU="; 824 824 + }) 825 825 + (fetchpatch { 826 826 + name = "CVE-2022-46341.diff"; 827 827 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b.diff"; 828 828 + sha256 = "sha256-w+tzzoI1TfjjiFw5GNxVBgPc7M2lRY60zl+ySsyV59o="; 829 829 + }) 830 830 + (fetchpatch { 831 831 + name = "CVE-2022-46342.diff"; 832 832 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b.diff"; 833 833 + sha256 = "sha256-NytCsqRlqhs8xpOL8PGgluU0nKd7VIY26BXgpzN6WqE="; 834 834 + }) 835 835 + (fetchpatch { 836 836 + name = "CVE-2022-46343.diff"; 837 837 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900.diff"; 838 838 + sha256 = "sha256-oUwKwfN6lAvZ60dylm53+/yDeFnYTVdCINpBAfM6LoY="; 839 839 + }) 840 840 + (fetchpatch { 841 841 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b8a84cb0f2807b07ab70ca9915fcdee21301b8ca.diff"; 842 842 + sha256 = "sha256-Y2x9/P0SgwUAJRjIXivA32NnMso7gQAid+VjcwNUsa8="; 843 843 + }) 844 844 + (fetchpatch { 845 845 + name = "CVE-2022-46344.diff"; 846 846 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8.diff"; 847 847 + sha256 = "sha256-Cr760UPwmm8Qr0o/R8/IlgggXQ6ENTHRz3bP/nsIwbU="; 848 848 + }) 849 849 + (fetchpatch { 850 850 + name = "CVE-2022-4283.diff"; 851 851 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c.diff"; 852 852 + sha256 = "sha256-IGPsjS7KgRPLrs1ImBXvIFCa8Iu5ZiAHRZvHlBYP8KQ="; 853 853 + }) 817 854 ]; 818 855 buildInputs = commonBuildInputs ++ [ libdrm mesa ]; 819 856 propagatedBuildInputs = attrs.propagatedBuildInputs or [] ++ [ libpciaccess libepoxy ] ++ commonPropagatedBuildInputs ++ lib.optionals stdenv.isLinux [

+4 -4

pkgs/tools/admin/awscli2/default.nix

··· 73 73 ]; 74 74 75 75 postPatch = '' 76 76 - substituteInPlace pyproject.toml \ 77 77 - --replace "colorama>=0.2.5,<0.4.4" "colorama" \ 78 78 - --replace "distro>=1.5.0,<1.6.0" "distro" \ 79 79 - --replace "cryptography>=3.3.2,<=38.0.1" "cryptography>=3.3.2,<=38.0.3" 76 76 + sed -i pyproject.toml \ 77 77 + -e 's/colorama.*/colorama",/' \ 78 78 + -e 's/cryptography.*/cryptography",/' \ 79 79 + -e 's/distro.*/distro",/' 80 80 ''; 81 81 82 82 postInstall = ''

+2 -1

pkgs/tools/games/weidu/default.nix

··· 5 5 , ocaml-ng 6 6 , perl 7 7 , which 8 8 + , gnumake42 8 9 }: 9 10 10 11 let ··· 38 39 mkdir -p obj/{.depend,x86_LINUX} 39 40 ''; 40 41 41 41 - nativeBuildInputs = [ elkhound ocaml' perl which ]; 42 42 + nativeBuildInputs = [ elkhound ocaml' perl which gnumake42 ]; 42 43 43 44 buildFlags = [ "weidu" "weinstall" "tolower" ]; 44 45

+25

pkgs/tools/misc/bootspec/default.nix

··· 1 1 + { lib 2 2 + , rustPlatform 3 3 + , fetchFromGitHub 4 4 + }: 5 5 + rustPlatform.buildRustPackage rec { 6 6 + pname = "bootspec"; 7 7 + version = "unstable-2022-12-05"; 8 8 + 9 9 + src = fetchFromGitHub { 10 10 + owner = "DeterminateSystems"; 11 11 + repo = pname; 12 12 + rev = "67a617ab6b99211daa92e748d27ead3f78127cf8"; 13 13 + hash = "sha256-GX6Tzs/ClTUV9OXLvPFw6uBhrpCWSMI+PfrViyFEIxs="; 14 14 + }; 15 15 + 16 16 + cargoHash = "sha256-N/hbfjsuvwCc0mxOpeVVcTxb5cA024lyLSEpVcrS7kA="; 17 17 + 18 18 + meta = with lib; { 19 19 + description = "Implementation of RFC-0125's datatype and synthesis tooling"; 20 20 + homepage = "https://github.com/DeterminateSystems/bootspec"; 21 21 + license = licenses.mit; 22 22 + maintainers = teams.determinatesystems.members; 23 23 + platforms = platforms.unix; 24 24 + }; 25 25 + }

+4 -2

pkgs/tools/networking/dnstwist/default.nix

··· 5 5 6 6 python3.pkgs.buildPythonApplication rec { 7 7 pname = "dnstwist"; 8 8 - version = "20221022"; 8 8 + version = "20221213"; 9 9 + format = "setuptools"; 9 10 10 11 src = fetchFromGitHub { 11 12 owner = "elceef"; 12 13 repo = pname; 13 14 rev = "refs/tags/${version}"; 14 14 - sha256 = "sha256-qdKMEE97PWkWgstJZxnFWDjc2heIbJjjCwBbl5K2zy4="; 15 15 + hash = "sha256-xYZGrlrEdot2l1SkXcT2IbeRWouaN6C+WwbBSHXhAtw="; 15 16 }; 16 17 17 18 propagatedBuildInputs = with python3.pkgs; [ ··· 33 34 meta = with lib; { 34 35 description = "Domain name permutation engine for detecting homograph phishing attacks"; 35 36 homepage = "https://github.com/elceef/dnstwist"; 37 37 + changelog = "https://github.com/elceef/dnstwist/releases/tag/${version}"; 36 38 license = with licenses; [ gpl3Only ]; 37 39 maintainers = with maintainers; [ fab ]; 38 40 };

+29 -9

pkgs/tools/networking/mozillavpn/default.nix

··· 1 1 { buildGoModule 2 2 , cmake 3 3 , fetchFromGitHub 4 4 + , fetchpatch 4 5 , go 5 6 , lib 6 7 , pkg-config ··· 21 22 22 23 let 23 24 pname = "mozillavpn"; 24 24 - version = "2.11.0"; 25 25 + version = "2.12.0"; 25 26 src = fetchFromGitHub { 26 27 owner = "mozilla-mobile"; 27 28 repo = "mozilla-vpn-client"; 28 29 rev = "v${version}"; 29 30 fetchSubmodules = true; 30 30 - hash = "sha256-QXxZ6RQwXrVsaZRkW13r7aoz8iHxuT0nW/2aFDpLLzU="; 31 31 + hash = "sha256-T8dPM90X4soVG/plKsf7DM9XgdX5Vcp0i6zTE60gbq0="; 31 32 }; 33 33 + patches = [ 34 34 + # vpnglean: Add Cargo.lock file 35 35 + (fetchpatch { 36 36 + url = "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/5236/commits/6fdc689001619a06b752fa629647642ea66f4e26.patch"; 37 37 + hash = "sha256-j666Z31D29WIL3EXbek2aLzA4Fui/9VZvupubMDG24Q="; 38 38 + }) 39 39 + ]; 32 40 33 41 netfilter-go-modules = (buildGoModule { 34 42 inherit pname version src; ··· 40 48 inherit src; 41 49 name = "${pname}-${version}-extension-bridge"; 42 50 preBuild = "cd extension/bridge"; 43 43 - hash = "sha256-BRUUEDIVQoF+FuKnoBzFbMyeGOgGb6/boYSaftZPF2U="; 51 51 + hash = "sha256-/DmKSV0IKxZV0Drh6dTsiqgZhuxt6CoegXpYdqN4UzQ="; 44 52 }; 45 45 - 46 53 signatureDeps = rustPlatform.fetchCargoTarball { 47 54 inherit src; 48 55 name = "${pname}-${version}-signature"; 49 56 preBuild = "cd signature"; 50 50 - hash = "sha256-oSO7KS4aBwSVYIyxmWTXKn0CL9t6CDR/hx+0+nbf/dM="; 57 57 + hash = "sha256-6qyMARhPPgTryEtaBNrIPN9ja/fe7Fyx38iGuTd+Dk8="; 58 58 + }; 59 59 + vpngleanDeps = rustPlatform.fetchCargoTarball { 60 60 + inherit src patches; 61 61 + name = "${pname}-${version}-vpnglean"; 62 62 + preBuild = "cd vpnglean"; 63 63 + hash = "sha256-8OLTQmRvy6pATEBX2za6f9vMEqwkf9L5VyERtAN2BDQ="; 51 64 }; 52 65 53 66 in 54 67 stdenv.mkDerivation { 55 55 - inherit pname version src; 68 68 + inherit pname version src patches; 56 69 57 70 buildInputs = [ 58 71 polkit ··· 73 86 python3.pkgs.setuptools 74 87 rustPlatform.cargoSetupHook 75 88 rustPlatform.rust.cargo 89 89 + rustPlatform.rust.rustc 76 90 which 77 91 wrapQtAppsHook 78 92 ]; ··· 87 101 cargoDeps='${signatureDeps}' cargoSetupPostUnpackHook 88 102 signatureDepsCopy="$cargoDepsCopy" 89 103 popd 104 104 + 105 105 + pushd source/vpnglean 106 106 + cargoDeps='${vpngleanDeps}' cargoSetupPostUnpackHook 107 107 + vpngleanDepsCopy="$cargoDepsCopy" 108 108 + popd 90 109 ''; 91 110 dontCargoSetupPostUnpack = true; 92 111 ··· 108 127 substituteInPlace extension/CMakeLists.txt \ 109 128 --replace '/etc' "$out/etc" 110 129 111 111 - substituteInPlace src/connectionbenchmark/benchmarktasktransfer.cpp \ 112 112 - --replace 'QT_VERSION >= 0x060400' 'false' 113 113 - 114 130 ln -s '${netfilter-go-modules}' linux/netfilter/vendor 115 131 116 132 pushd extension/bridge ··· 119 135 120 136 pushd signature 121 137 cargoDepsCopy="$signatureDepsCopy" cargoSetupPostPatchHook 138 138 + popd 139 139 + 140 140 + pushd vpnglean 141 141 + cargoDepsCopy="$vpngleanDepsCopy" cargoSetupPostPatchHook 122 142 popd 123 143 124 144 cargoSetupPostPatchHook() { true; }

+2

pkgs/tools/typesetting/sile/default.nix

··· 1 1 { lib, stdenv 2 2 + , gnumake42 2 3 , darwin 3 4 , fetchurl 4 5 , makeWrapper ··· 59 60 gitMinimal 60 61 pkg-config 61 62 makeWrapper 63 63 + gnumake42 62 64 ]; 63 65 buildInputs = [ 64 66 luaEnv

+7 -1

pkgs/top-level/all-packages.nix

··· 2705 2705 2706 2706 brewtarget = libsForQt5.callPackage ../applications/misc/brewtarget { } ; 2707 2707 2708 2708 + bootspec = callPackage ../tools/misc/bootspec { }; 2709 2709 + 2708 2710 # Derivation's result is not used by nixpkgs. Useful for validation for 2709 2711 # regressions of bootstrapTools on hydra and on ofborg. Example: 2710 2712 # pkgsCross.aarch64-multiplatform.freshBootstrapTools.build ··· 8489 8491 wrapKakoune = kakoune: attrs: callPackage ../applications/editors/kakoune/wrapper.nix (attrs // { inherit kakoune; }); 8490 8492 kakounePlugins = recurseIntoAttrs (callPackage ../applications/editors/kakoune/plugins { }); 8491 8493 8492 8492 - kakoune-unwrapped = callPackage ../applications/editors/kakoune { }; 8494 8494 + kakoune-unwrapped = callPackage ../applications/editors/kakoune { 8495 8495 + # See comments on https://github.com/NixOS/nixpkgs/pull/198836 8496 8496 + # Remove below when stdenv for linux-aarch64 become recent enough. 8497 8497 + stdenv = if stdenv.isLinux && stdenv.isAarch64 && stdenv.cc.isGNU then gcc11Stdenv else stdenv; 8498 8498 + }; 8493 8499 kakoune = wrapKakoune kakoune-unwrapped { 8494 8500 plugins = [ ]; # override with the list of desired plugins 8495 8501 };