pyrox.dev / nixpkgs
lol
fork atom

Merge staging-next into staging

authored by github-actions[bot] and committed by GitHub 392cc9b8 4804305f

+842 -527
unified split
+2
.github/CODEOWNERS
··· 78 /nixos/doc/manual/man-nixos-option.xml @nbp 79 /nixos/modules/installer/tools/nixos-option.sh @nbp 80 /nixos/modules/system @dasJ 81 82 # NixOS integration test driver 83 /nixos/lib/test-driver @tfc
··· 78 /nixos/doc/manual/man-nixos-option.xml @nbp 79 /nixos/modules/installer/tools/nixos-option.sh @nbp 80 /nixos/modules/system @dasJ 81 + /nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius 82 + /nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius 83 84 # NixOS integration test driver 85 /nixos/lib/test-driver @tfc
+34
nixos/doc/manual/configuration/gpu-accel.chapter.md
··· 159 "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; 160 ``` 161 162 ## Common issues {#sec-gpu-accel-common-issues} 163 164 ### User permissions {#sec-gpu-accel-common-issues-permissions}
··· 159 "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; 160 ``` 161 162 + ## VA-API {#sec-gpu-accel-va-api} 163 + 164 + [VA-API (Video Acceleration API)](https://www.intel.com/content/www/us/en/developer/articles/technical/linuxmedia-vaapi.html) 165 + is an open-source library and API specification, which provides access to 166 + graphics hardware acceleration capabilities for video processing. 167 + 168 + VA-API drivers are loaded by `libva`. The version in nixpkgs is built to search 169 + the opengl driver path, so drivers can be installed in 170 + [](#opt-hardware.opengl.extraPackages). 171 + 172 + VA-API can be tested using: 173 + 174 + ```ShellSession 175 + $ nix-shell -p libva-utils --run vainfo 176 + ``` 177 + 178 + ### Intel {#sec-gpu-accel-va-api-intel} 179 + 180 + Modern Intel GPUs use the iHD driver, which can be installed with: 181 + 182 + ```nix 183 + hardware.opengl.extraPackages = [ 184 + intel-media-driver 185 + ]; 186 + ``` 187 + 188 + Older Intel GPUs use the i965 driver, which can be installed with: 189 + 190 + ```nix 191 + hardware.opengl.extraPackages = [ 192 + vaapiIntel 193 + ]; 194 + ``` 195 + 196 ## Common issues {#sec-gpu-accel-common-issues} 197 198 ### User permissions {#sec-gpu-accel-common-issues-permissions}
+36
nixos/doc/manual/development/bootspec.chapter.md
···
··· 1 + # Experimental feature: Bootspec {#sec-experimental-bootspec} 2 + 3 + Bootspec is a experimental feature, introduced in the [RFC-0125 proposal](https://github.com/NixOS/rfcs/pull/125), the reference implementation can be found [there](https://github.com/NixOS/nixpkgs/pull/172237) in order to standardize bootloader support 4 + and advanced boot workflows such as SecureBoot and potentially more. 5 + 6 + You can enable the creation of bootspec documents through [`boot.bootspec.enable = true`](options.html#opt-boot.bootspec.enable), which will prompt a warning until [RFC-0125](https://github.com/NixOS/rfcs/pull/125) is officially merged. 7 + 8 + ## Schema {#sec-experimental-bootspec-schema} 9 + 10 + The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications. 11 + 12 + You will find the current version [here](../../../modules/system/activation/bootspec.cue). 13 + 14 + ## Extensions mechanism {#sec-experimental-bootspec-extensions} 15 + 16 + Bootspec cannot account for all usecases. 17 + 18 + For this purpose, Bootspec offers a generic extension facility [`boot.bootspec.extensions`](options.html#opt-boot.bootspec.extensions) which can be used to inject any data needed for your usecases. 19 + 20 + An example for SecureBoot is to get the Nix store path to `/etc/os-release` in order to bake it into a unified kernel image: 21 + 22 + ```nix 23 + { config, lib, ... }: { 24 + boot.bootspec.extensions = { 25 + "org.secureboot.osRelease" = config.environment.etc."os-release".source; 26 + }; 27 + } 28 + ``` 29 + 30 + To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions. 31 + 32 + ## External bootloaders {#sec-experimental-bootspec-external-bootloaders} 33 + 34 + It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader. 35 + 36 + Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts.
+1
nixos/doc/manual/development/development.xml
··· 12 <xi:include href="../from_md/development/sources.chapter.xml" /> 13 <xi:include href="../from_md/development/writing-modules.chapter.xml" /> 14 <xi:include href="../from_md/development/building-parts.chapter.xml" /> 15 <xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" /> 16 <xi:include href="../from_md/development/writing-documentation.chapter.xml" /> 17 <xi:include href="../from_md/development/nixos-tests.chapter.xml" />
··· 12 <xi:include href="../from_md/development/sources.chapter.xml" /> 13 <xi:include href="../from_md/development/writing-modules.chapter.xml" /> 14 <xi:include href="../from_md/development/building-parts.chapter.xml" /> 15 + <xi:include href="../from_md/development/bootspec.chapter.xml" /> 16 <xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" /> 17 <xi:include href="../from_md/development/writing-documentation.chapter.xml" /> 18 <xi:include href="../from_md/development/nixos-tests.chapter.xml" />
+42
nixos/doc/manual/from_md/configuration/gpu-accel.chapter.xml
··· 180 </programlisting> 181 </section> 182 </section> 183 <section xml:id="sec-gpu-accel-common-issues"> 184 <title>Common issues</title> 185 <section xml:id="sec-gpu-accel-common-issues-permissions">
··· 180 </programlisting> 181 </section> 182 </section> 183 + <section xml:id="sec-gpu-accel-va-api"> 184 + <title>VA-API</title> 185 + <para> 186 + <link xlink:href="https://www.intel.com/content/www/us/en/developer/articles/technical/linuxmedia-vaapi.html">VA-API 187 + (Video Acceleration API)</link> is an open-source library and API 188 + specification, which provides access to graphics hardware 189 + acceleration capabilities for video processing. 190 + </para> 191 + <para> 192 + VA-API drivers are loaded by <literal>libva</literal>. The version 193 + in nixpkgs is built to search the opengl driver path, so drivers 194 + can be installed in 195 + <xref linkend="opt-hardware.opengl.extraPackages" />. 196 + </para> 197 + <para> 198 + VA-API can be tested using: 199 + </para> 200 + <programlisting> 201 + $ nix-shell -p libva-utils --run vainfo 202 + </programlisting> 203 + <section xml:id="sec-gpu-accel-va-api-intel"> 204 + <title>Intel</title> 205 + <para> 206 + Modern Intel GPUs use the iHD driver, which can be installed 207 + with: 208 + </para> 209 + <programlisting language="bash"> 210 + hardware.opengl.extraPackages = [ 211 + intel-media-driver 212 + ]; 213 + </programlisting> 214 + <para> 215 + Older Intel GPUs use the i965 driver, which can be installed 216 + with: 217 + </para> 218 + <programlisting language="bash"> 219 + hardware.opengl.extraPackages = [ 220 + vaapiIntel 221 + ]; 222 + </programlisting> 223 + </section> 224 + </section> 225 <section xml:id="sec-gpu-accel-common-issues"> 226 <title>Common issues</title> 227 <section xml:id="sec-gpu-accel-common-issues-permissions">
+73
nixos/doc/manual/from_md/development/bootspec.chapter.xml
···
··· 1 + <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-experimental-bootspec"> 2 + <title>Experimental feature: Bootspec</title> 3 + <para> 4 + Bootspec is a experimental feature, introduced in the 5 + <link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125 6 + proposal</link>, the reference implementation can be found 7 + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/172237">there</link> 8 + in order to standardize bootloader support and advanced boot 9 + workflows such as SecureBoot and potentially more. 10 + </para> 11 + <para> 12 + You can enable the creation of bootspec documents through 13 + <link xlink:href="options.html#opt-boot.bootspec.enable"><literal>boot.bootspec.enable = true</literal></link>, 14 + which will prompt a warning until 15 + <link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125</link> 16 + is officially merged. 17 + </para> 18 + <section xml:id="sec-experimental-bootspec-schema"> 19 + <title>Schema</title> 20 + <para> 21 + The bootspec schema is versioned and validated against 22 + <link xlink:href="https://cuelang.org/">a CUE schema file</link> 23 + which should considered as the source of truth for your 24 + applications. 25 + </para> 26 + <para> 27 + You will find the current version 28 + <link xlink:href="../../../modules/system/activation/bootspec.cue">here</link>. 29 + </para> 30 + </section> 31 + <section xml:id="sec-experimental-bootspec-extensions"> 32 + <title>Extensions mechanism</title> 33 + <para> 34 + Bootspec cannot account for all usecases. 35 + </para> 36 + <para> 37 + For this purpose, Bootspec offers a generic extension facility 38 + <link xlink:href="options.html#opt-boot.bootspec.extensions"><literal>boot.bootspec.extensions</literal></link> 39 + which can be used to inject any data needed for your usecases. 40 + </para> 41 + <para> 42 + An example for SecureBoot is to get the Nix store path to 43 + <literal>/etc/os-release</literal> in order to bake it into a 44 + unified kernel image: 45 + </para> 46 + <programlisting language="bash"> 47 + { config, lib, ... }: { 48 + boot.bootspec.extensions = { 49 + &quot;org.secureboot.osRelease&quot; = config.environment.etc.&quot;os-release&quot;.source; 50 + }; 51 + } 52 + </programlisting> 53 + <para> 54 + To reduce incompatibility and prevent names from clashing between 55 + applications, it is <emphasis role="strong">highly 56 + recommended</emphasis> to use a unique namespace for your 57 + extensions. 58 + </para> 59 + </section> 60 + <section xml:id="sec-experimental-bootspec-external-bootloaders"> 61 + <title>External bootloaders</title> 62 + <para> 63 + It is possible to enable your own bootloader through 64 + <link xlink:href="options.html#opt-boot.loader.external.installHook"><literal>boot.loader.external.installHook</literal></link> 65 + which can wrap an existing bootloader. 66 + </para> 67 + <para> 68 + Currently, there is no good story to compose existing bootloaders 69 + to enrich their features, e.g. SecureBoot, etc. It will be 70 + necessary to reimplement or reuse existing parts. 71 + </para> 72 + </section> 73 + </chapter>
+2
nixos/modules/module-list.nix
··· 1246 ./services/x11/xserver.nix 1247 ./system/activation/activation-script.nix 1248 ./system/activation/specialisation.nix 1249 ./system/activation/top-level.nix 1250 ./system/boot/binfmt.nix 1251 ./system/boot/emergency-mode.nix ··· 1261 ./system/boot/loader/grub/grub.nix 1262 ./system/boot/loader/grub/ipxe.nix 1263 ./system/boot/loader/grub/memtest.nix 1264 ./system/boot/loader/init-script/init-script.nix 1265 ./system/boot/loader/loader.nix 1266 ./system/boot/loader/raspberrypi/raspberrypi.nix
··· 1246 ./services/x11/xserver.nix 1247 ./system/activation/activation-script.nix 1248 ./system/activation/specialisation.nix 1249 + ./system/activation/bootspec.nix 1250 ./system/activation/top-level.nix 1251 ./system/boot/binfmt.nix 1252 ./system/boot/emergency-mode.nix ··· 1262 ./system/boot/loader/grub/grub.nix 1263 ./system/boot/loader/grub/ipxe.nix 1264 ./system/boot/loader/grub/memtest.nix 1265 + ./system/boot/loader/external/external.nix 1266 ./system/boot/loader/init-script/init-script.nix 1267 ./system/boot/loader/loader.nix 1268 ./system/boot/loader/raspberrypi/raspberrypi.nix
+17
nixos/modules/system/activation/bootspec.cue
···
··· 1 + #V1: { 2 + init: string 3 + initrd?: string 4 + initrdSecrets?: string 5 + kernel: string 6 + kernelParams: [...string] 7 + label: string 8 + toplevel: string 9 + specialisation?: { 10 + [=~"^"]: #V1 11 + } 12 + extensions?: {...} 13 + } 14 + 15 + Document: { 16 + v1: #V1 17 + }
+124
nixos/modules/system/activation/bootspec.nix
···
··· 1 + # Note that these schemas are defined by RFC-0125. 2 + # This document is considered a stable API, and is depended upon by external tooling. 3 + # Changes to the structure of the document, or the semantics of the values should go through an RFC. 4 + # 5 + # See: https://github.com/NixOS/rfcs/pull/125 6 + { config 7 + , pkgs 8 + , lib 9 + , ... 10 + }: 11 + let 12 + cfg = config.boot.bootspec; 13 + children = lib.mapAttrs (childName: childConfig: childConfig.configuration.system.build.toplevel) config.specialisation; 14 + schemas = { 15 + v1 = rec { 16 + filename = "boot.json"; 17 + json = 18 + pkgs.writeText filename 19 + (builtins.toJSON 20 + { 21 + v1 = { 22 + kernel = "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}"; 23 + kernelParams = config.boot.kernelParams; 24 + initrd = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; 25 + initrdSecrets = "${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets"; 26 + label = "NixOS ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"; 27 + 28 + inherit (cfg) extensions; 29 + }; 30 + }); 31 + 32 + generator = 33 + let 34 + # NOTE: Be careful to not introduce excess newlines at the end of the 35 + # injectors, as that may affect the pipes and redirects. 36 + 37 + # Inject toplevel and init into the bootspec. 38 + # This can only be done here because we *cannot* depend on $out 39 + # referring to the toplevel, except by living in the toplevel itself. 40 + toplevelInjector = lib.escapeShellArgs [ 41 + "${pkgs.jq}/bin/jq" 42 + '' 43 + .v1.toplevel = $toplevel | 44 + .v1.init = $init 45 + '' 46 + "--sort-keys" 47 + "--arg" "toplevel" "${placeholder "out"}" 48 + "--arg" "init" "${placeholder "out"}/init" 49 + ] + " < ${json}"; 50 + 51 + # We slurp all specialisations and inject them as values, such that 52 + # `.specialisations.${name}` embeds the specialisation's bootspec 53 + # document. 54 + specialisationInjector = 55 + let 56 + specialisationLoader = (lib.mapAttrsToList 57 + (childName: childToplevel: lib.escapeShellArgs [ "--slurpfile" childName "${childToplevel}/bootspec/${filename}" ]) 58 + children); 59 + in 60 + lib.escapeShellArgs [ 61 + "${pkgs.jq}/bin/jq" 62 + "--sort-keys" 63 + ".v1.specialisation = ($ARGS.named | map_values(. | first | .v1))" 64 + ] + " ${lib.concatStringsSep " " specialisationLoader}"; 65 + in 66 + '' 67 + mkdir -p $out/bootspec 68 + 69 + ${toplevelInjector} | ${specialisationInjector} > $out/bootspec/${filename} 70 + ''; 71 + 72 + validator = pkgs.writeCueValidator ./bootspec.cue { 73 + document = "Document"; # Universal validator for any version as long the schema is correctly set. 74 + }; 75 + }; 76 + }; 77 + in 78 + { 79 + options.boot.bootspec = { 80 + enable = lib.mkEnableOption (lib.mdDoc "Enable generation of RFC-0125 bootspec in $system/bootspec, e.g. /run/current-system/bootspec"); 81 + 82 + extensions = lib.mkOption { 83 + type = lib.types.attrs; 84 + default = { }; 85 + description = lib.mdDoc '' 86 + User-defined data that extends the bootspec document. 87 + 88 + To reduce incompatibility and prevent names from clashing 89 + between applications, it is **highly recommended** to use a 90 + unique namespace for your extensions. 91 + ''; 92 + }; 93 + 94 + # This will be run as a part of the `systemBuilder` in ./top-level.nix. This 95 + # means `$out` points to the output of `config.system.build.toplevel` and can 96 + # be used for a variety of things (though, for now, it's only used to report 97 + # the path of the `toplevel` itself and the `init` executable). 98 + writer = lib.mkOption { 99 + internal = true; 100 + default = schemas.v1.generator; 101 + }; 102 + 103 + validator = lib.mkOption { 104 + internal = true; 105 + default = schemas.v1.validator; 106 + }; 107 + 108 + filename = lib.mkOption { 109 + internal = true; 110 + default = schemas.v1.filename; 111 + }; 112 + }; 113 + 114 + config = lib.mkIf (cfg.enable) { 115 + warnings = [ 116 + ''RFC-0125 is not merged yet, this is a feature preview of bootspec. 117 + The schema is not definitive and features are not guaranteed to be stable until RFC-0125 is merged. 118 + See: 119 + - https://github.com/NixOS/nixpkgs/pull/172237 to track merge status in nixpkgs. 120 + - https://github.com/NixOS/rfcs/pull/125 to track RFC status. 121 + '' 122 + ]; 123 + }; 124 + }
+5
nixos/modules/system/activation/top-level.nix
··· 79 80 echo -n "$extraDependencies" > $out/extra-dependencies 81 82 ${config.system.extraSystemBuilderCmds} 83 ''; 84
··· 79 80 echo -n "$extraDependencies" > $out/extra-dependencies 81 82 + ${optionalString (!config.boot.isContainer && config.boot.bootspec.enable) '' 83 + ${config.boot.bootspec.writer} 84 + ${config.boot.bootspec.validator} "$out/bootspec/${config.boot.bootspec.filename}" 85 + ''} 86 + 87 ${config.system.extraSystemBuilderCmds} 88 ''; 89
+26
nixos/modules/system/boot/loader/external/external.md
···
··· 1 + # External Bootloader Backends {#sec-bootloader-external} 2 + 3 + NixOS has support for several bootloader backends by default: systemd-boot, grub, uboot, etc. 4 + The built-in bootloader backend support is generic and supports most use cases. 5 + Some users may prefer to create advanced workflows around managing the bootloader and bootable entries. 6 + 7 + You can replace the built-in bootloader support with your own tooling using the "external" bootloader option. 8 + 9 + Imagine you have created a new package called FooBoot. 10 + FooBoot provides a program at `${pkgs.fooboot}/bin/fooboot-install` which takes the system closure's path as its only argument and configures the system's bootloader. 11 + 12 + You can enable FooBoot like this: 13 + 14 + ```nix 15 + { pkgs, ... }: { 16 + boot.loader.external = { 17 + enable = true; 18 + installHook = "${pkgs.fooboot}/bin/fooboot-install"; 19 + }; 20 + } 21 + ``` 22 + 23 + ## Developing Custom Bootloader Backends 24 + 25 + Bootloaders should use [RFC-0125](https://github.com/NixOS/rfcs/pull/125)'s Bootspec format and synthesis tools to identify the key properties for bootable system generations. 26 +
+38
nixos/modules/system/boot/loader/external/external.nix
···
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.boot.loader.external; 7 + in 8 + { 9 + meta = { 10 + maintainers = with maintainers; [ cole-h grahamc raitobezarius ]; 11 + # Don't edit the docbook xml directly, edit the md and generate it: 12 + # `pandoc external.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > external.xml` 13 + doc = ./external.xml; 14 + }; 15 + 16 + options.boot.loader.external = { 17 + enable = mkEnableOption (lib.mdDoc "use an external tool to install your bootloader"); 18 + 19 + installHook = mkOption { 20 + type = with types; path; 21 + description = lib.mdDoc '' 22 + The full path to a program of your choosing which performs the bootloader installation process. 23 + 24 + The program will be called with an argument pointing to the output of the system's toplevel. 25 + ''; 26 + }; 27 + }; 28 + 29 + config = mkIf cfg.enable { 30 + boot.loader = { 31 + grub.enable = mkDefault false; 32 + systemd-boot.enable = mkDefault false; 33 + supportsInitrdSecrets = mkDefault false; 34 + }; 35 + 36 + system.build.installBootLoader = cfg.installHook; 37 + }; 38 + }
+41
nixos/modules/system/boot/loader/external/external.xml
···
··· 1 + <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-bootloader-external"> 2 + <title>External Bootloader Backends</title> 3 + <para> 4 + NixOS has support for several bootloader backends by default: 5 + systemd-boot, grub, uboot, etc. The built-in bootloader backend 6 + support is generic and supports most use cases. Some users may 7 + prefer to create advanced workflows around managing the bootloader 8 + and bootable entries. 9 + </para> 10 + <para> 11 + You can replace the built-in bootloader support with your own 12 + tooling using the <quote>external</quote> bootloader option. 13 + </para> 14 + <para> 15 + Imagine you have created a new package called FooBoot. FooBoot 16 + provides a program at 17 + <literal>${pkgs.fooboot}/bin/fooboot-install</literal> which takes 18 + the system closure’s path as its only argument and configures the 19 + system’s bootloader. 20 + </para> 21 + <para> 22 + You can enable FooBoot like this: 23 + </para> 24 + <programlisting language="nix"> 25 + { pkgs, ... }: { 26 + boot.loader.external = { 27 + enable = true; 28 + installHook = &quot;${pkgs.fooboot}/bin/fooboot-install&quot;; 29 + }; 30 + } 31 + </programlisting> 32 + <section xml:id="developing-custom-bootloader-backends"> 33 + <title>Developing Custom Bootloader Backends</title> 34 + <para> 35 + Bootloaders should use 36 + <link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125</link>’s 37 + Bootspec format and synthesis tools to identify the key properties 38 + for bootable system generations. 39 + </para> 40 + </section> 41 + </chapter>
+144
nixos/tests/bootspec.nix
···
··· 1 + { system ? builtins.currentSystem, 2 + config ? {}, 3 + pkgs ? import ../.. { inherit system config; } 4 + }: 5 + 6 + with import ../lib/testing-python.nix { inherit system pkgs; }; 7 + with pkgs.lib; 8 + 9 + let 10 + baseline = { 11 + virtualisation.useBootLoader = true; 12 + }; 13 + grub = { 14 + boot.loader.grub.enable = true; 15 + }; 16 + systemd-boot = { 17 + boot.loader.systemd-boot.enable = true; 18 + }; 19 + uefi = { 20 + virtualisation.useEFIBoot = true; 21 + boot.loader.efi.canTouchEfiVariables = true; 22 + boot.loader.grub.efiSupport = true; 23 + environment.systemPackages = [ pkgs.efibootmgr ]; 24 + }; 25 + standard = { 26 + boot.bootspec.enable = true; 27 + 28 + imports = [ 29 + baseline 30 + systemd-boot 31 + uefi 32 + ]; 33 + }; 34 + in 35 + { 36 + basic = makeTest { 37 + name = "systemd-boot-with-bootspec"; 38 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 39 + 40 + nodes.machine = standard; 41 + 42 + testScript = '' 43 + machine.start() 44 + machine.wait_for_unit("multi-user.target") 45 + 46 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 47 + ''; 48 + }; 49 + 50 + grub = makeTest { 51 + name = "grub-with-bootspec"; 52 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 53 + 54 + nodes.machine = { 55 + boot.bootspec.enable = true; 56 + 57 + imports = [ 58 + baseline 59 + grub 60 + uefi 61 + ]; 62 + }; 63 + 64 + testScript = '' 65 + machine.start() 66 + machine.wait_for_unit("multi-user.target") 67 + 68 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 69 + ''; 70 + }; 71 + 72 + legacy-boot = makeTest { 73 + name = "legacy-boot-with-bootspec"; 74 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 75 + 76 + nodes.machine = { 77 + boot.bootspec.enable = true; 78 + 79 + imports = [ 80 + baseline 81 + grub 82 + ]; 83 + }; 84 + 85 + testScript = '' 86 + machine.start() 87 + machine.wait_for_unit("multi-user.target") 88 + 89 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 90 + ''; 91 + }; 92 + 93 + # Check that specialisations create corresponding entries in bootspec. 94 + specialisation = makeTest { 95 + name = "bootspec-with-specialisation"; 96 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 97 + 98 + nodes.machine = { 99 + imports = [ standard ]; 100 + environment.systemPackages = [ pkgs.jq ]; 101 + specialisation.something.configuration = {}; 102 + }; 103 + 104 + testScript = '' 105 + import json 106 + 107 + machine.start() 108 + machine.wait_for_unit("multi-user.target") 109 + 110 + machine.succeed("test -e /run/current-system/bootspec/boot.json") 111 + machine.succeed("test -e /run/current-system/specialisation/something/bootspec/boot.json") 112 + 113 + sp_in_parent = json.loads(machine.succeed("jq -r '.v1.specialisation.something' /run/current-system/bootspec/boot.json")) 114 + sp_in_fs = json.loads(machine.succeed("cat /run/current-system/specialisation/something/bootspec/boot.json")) 115 + 116 + assert sp_in_parent == sp_in_fs['v1'], "Bootspecs of the same specialisation are different!" 117 + ''; 118 + }; 119 + 120 + # Check that extensions are propagated. 121 + extensions = makeTest { 122 + name = "bootspec-with-extensions"; 123 + meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; 124 + 125 + nodes.machine = { config, ... }: { 126 + imports = [ standard ]; 127 + environment.systemPackages = [ pkgs.jq ]; 128 + boot.bootspec.extensions = { 129 + osRelease = config.environment.etc."os-release".source; 130 + }; 131 + }; 132 + 133 + testScript = '' 134 + machine.start() 135 + machine.wait_for_unit("multi-user.target") 136 + 137 + current_os_release = machine.succeed("cat /etc/os-release") 138 + bootspec_os_release = machine.succeed("cat $(jq -r '.v1.extensions.osRelease' /run/current-system/bootspec/boot.json)") 139 + 140 + assert current_os_release == bootspec_os_release, "Filename referenced by extension has unexpected contents" 141 + ''; 142 + }; 143 + 144 + }
+2 -2
pkgs/applications/editors/kakoune/default.nix
··· 4 5 stdenv.mkDerivation rec { 6 pname = "kakoune-unwrapped"; 7 - version = "2021.11.08"; 8 src = fetchFromGitHub { 9 repo = "kakoune"; 10 owner = "mawww"; 11 rev = "v${version}"; 12 - sha256 = "sha256-lMGMt0H1G8EN/7zSVSvU1yU4BYPnSF1vWmozLdrRTQk="; 13 }; 14 makeFlags = [ "debug=no" "PREFIX=${placeholder "out"}" ]; 15
··· 4 5 stdenv.mkDerivation rec { 6 pname = "kakoune-unwrapped"; 7 + version = "2022.10.31"; 8 src = fetchFromGitHub { 9 repo = "kakoune"; 10 owner = "mawww"; 11 rev = "v${version}"; 12 + sha256 = "sha256-vmzGaGl0KSjseSD/s6DXxvMUTmAle+Iv/ZP9llaFnXk="; 13 }; 14 makeFlags = [ "debug=no" "PREFIX=${placeholder "out"}" ]; 15
+2 -2
pkgs/applications/networking/browsers/firefox/packages.nix
··· 3 rec { 4 firefox = buildMozillaMach rec { 5 pname = "firefox"; 6 - version = "108.0"; 7 src = fetchurl { 8 url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; 9 - sha512 = "fa800f62cca395a51b9a04373a27be48fc3860208e34ecf74d908127638d1eb8c41cf9898be6896777d408127d5c4b7104d9ee89c97da923b2dc6ea32186187e"; 10 }; 11 12 meta = {
··· 3 rec { 4 firefox = buildMozillaMach rec { 5 pname = "firefox"; 6 + version = "108.0.1"; 7 src = fetchurl { 8 url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; 9 + sha512 = "e6219ed6324422ec293ed96868738e056582bb9f7fb82e59362541f3465c6ebca806d26ecd801156b074c3675bd5a22507b1f1fa53eebf82b7dd35f2b1ff0625"; 10 }; 11 12 meta = {
-371
pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch
··· 1 - From 8ab70b8958a8f9cb9bd316eecd3ccbcf05c06614 Mon Sep 17 00:00:00 2001 2 - From: Linus Heckemann <git@sphalerite.org> 3 - Date: Tue, 4 Oct 2022 12:41:21 +0200 4 - Subject: [PATCH] 9pfs: use GHashTable for fid table 5 - MIME-Version: 1.0 6 - Content-Type: text/plain; charset=UTF-8 7 - Content-Transfer-Encoding: 8bit 8 - 9 - The previous implementation would iterate over the fid table for 10 - lookup operations, resulting in an operation with O(n) complexity on 11 - the number of open files and poor cache locality -- for every open, 12 - stat, read, write, etc operation. 13 - 14 - This change uses a hashtable for this instead, significantly improving 15 - the performance of the 9p filesystem. The runtime of NixOS's simple 16 - installer test, which copies ~122k files totalling ~1.8GiB from 9p, 17 - decreased by a factor of about 10. 18 - 19 - Signed-off-by: Linus Heckemann <git@sphalerite.org> 20 - Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> 21 - Reviewed-by: Greg Kurz <groug@kaod.org> 22 - [CS: - Retain BUG_ON(f->clunked) in get_fid(). 23 - - Add TODO comment in clunk_fid(). ] 24 - Message-Id: <20221004104121.713689-1-git@sphalerite.org> 25 - [CS: - Drop unnecessary goto and out: label. ] 26 - Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> 27 - --- 28 - hw/9pfs/9p.c | 194 +++++++++++++++++++++++++++++---------------------- 29 - hw/9pfs/9p.h | 2 +- 30 - 2 files changed, 112 insertions(+), 84 deletions(-) 31 - 32 - diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c 33 - index aebadeaa03..9bf13133e5 100644 34 - --- a/hw/9pfs/9p.c 35 - +++ b/hw/9pfs/9p.c 36 - @@ -256,7 +256,8 @@ static size_t v9fs_string_size(V9fsString *str) 37 - } 38 - 39 - /* 40 - - * returns 0 if fid got re-opened, 1 if not, < 0 on error */ 41 - + * returns 0 if fid got re-opened, 1 if not, < 0 on error 42 - + */ 43 - static int coroutine_fn v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) 44 - { 45 - int err = 1; 46 - @@ -282,33 +283,32 @@ static V9fsFidState *coroutine_fn get_fid(V9fsPDU *pdu, int32_t fid) 47 - V9fsFidState *f; 48 - V9fsState *s = pdu->s; 49 - 50 - - QSIMPLEQ_FOREACH(f, &s->fid_list, next) { 51 - + f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); 52 - + if (f) { 53 - BUG_ON(f->clunked); 54 - - if (f->fid == fid) { 55 - - /* 56 - - * Update the fid ref upfront so that 57 - - * we don't get reclaimed when we yield 58 - - * in open later. 59 - - */ 60 - - f->ref++; 61 - - /* 62 - - * check whether we need to reopen the 63 - - * file. We might have closed the fd 64 - - * while trying to free up some file 65 - - * descriptors. 66 - - */ 67 - - err = v9fs_reopen_fid(pdu, f); 68 - - if (err < 0) { 69 - - f->ref--; 70 - - return NULL; 71 - - } 72 - - /* 73 - - * Mark the fid as referenced so that the LRU 74 - - * reclaim won't close the file descriptor 75 - - */ 76 - - f->flags |= FID_REFERENCED; 77 - - return f; 78 - + /* 79 - + * Update the fid ref upfront so that 80 - + * we don't get reclaimed when we yield 81 - + * in open later. 82 - + */ 83 - + f->ref++; 84 - + /* 85 - + * check whether we need to reopen the 86 - + * file. We might have closed the fd 87 - + * while trying to free up some file 88 - + * descriptors. 89 - + */ 90 - + err = v9fs_reopen_fid(pdu, f); 91 - + if (err < 0) { 92 - + f->ref--; 93 - + return NULL; 94 - } 95 - + /* 96 - + * Mark the fid as referenced so that the LRU 97 - + * reclaim won't close the file descriptor 98 - + */ 99 - + f->flags |= FID_REFERENCED; 100 - + return f; 101 - } 102 - return NULL; 103 - } 104 - @@ -317,12 +317,11 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid) 105 - { 106 - V9fsFidState *f; 107 - 108 - - QSIMPLEQ_FOREACH(f, &s->fid_list, next) { 109 - + f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); 110 - + if (f) { 111 - /* If fid is already there return NULL */ 112 - BUG_ON(f->clunked); 113 - - if (f->fid == fid) { 114 - - return NULL; 115 - - } 116 - + return NULL; 117 - } 118 - f = g_new0(V9fsFidState, 1); 119 - f->fid = fid; 120 - @@ -333,7 +332,7 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid) 121 - * reclaim won't close the file descriptor 122 - */ 123 - f->flags |= FID_REFERENCED; 124 - - QSIMPLEQ_INSERT_TAIL(&s->fid_list, f, next); 125 - + g_hash_table_insert(s->fids, GINT_TO_POINTER(fid), f); 126 - 127 - v9fs_readdir_init(s->proto_version, &f->fs.dir); 128 - v9fs_readdir_init(s->proto_version, &f->fs_reclaim.dir); 129 - @@ -424,12 +423,12 @@ static V9fsFidState *clunk_fid(V9fsState *s, int32_t fid) 130 - { 131 - V9fsFidState *fidp; 132 - 133 - - QSIMPLEQ_FOREACH(fidp, &s->fid_list, next) { 134 - - if (fidp->fid == fid) { 135 - - QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next); 136 - - fidp->clunked = true; 137 - - return fidp; 138 - - } 139 - + /* TODO: Use g_hash_table_steal_extended() instead? */ 140 - + fidp = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid)); 141 - + if (fidp) { 142 - + g_hash_table_remove(s->fids, GINT_TO_POINTER(fid)); 143 - + fidp->clunked = true; 144 - + return fidp; 145 - } 146 - return NULL; 147 - } 148 - @@ -439,10 +438,15 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu) 149 - int reclaim_count = 0; 150 - V9fsState *s = pdu->s; 151 - V9fsFidState *f; 152 - + GHashTableIter iter; 153 - + gpointer fid; 154 - + 155 - + g_hash_table_iter_init(&iter, s->fids); 156 - + 157 - QSLIST_HEAD(, V9fsFidState) reclaim_list = 158 - QSLIST_HEAD_INITIALIZER(reclaim_list); 159 - 160 - - QSIMPLEQ_FOREACH(f, &s->fid_list, next) { 161 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &f)) { 162 - /* 163 - * Unlink fids cannot be reclaimed. Check 164 - * for them and skip them. Also skip fids 165 - @@ -514,72 +518,85 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu) 166 - } 167 - } 168 - 169 - +/* 170 - + * This is used when a path is removed from the directory tree. Any 171 - + * fids that still reference it must not be closed from then on, since 172 - + * they cannot be reopened. 173 - + */ 174 - static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) 175 - { 176 - - int err; 177 - + int err = 0; 178 - V9fsState *s = pdu->s; 179 - - V9fsFidState *fidp, *fidp_next; 180 - + V9fsFidState *fidp; 181 - + gpointer fid; 182 - + GHashTableIter iter; 183 - + /* 184 - + * The most common case is probably that we have exactly one 185 - + * fid for the given path, so preallocate exactly one. 186 - + */ 187 - + g_autoptr(GArray) to_reopen = g_array_sized_new(FALSE, FALSE, 188 - + sizeof(V9fsFidState *), 1); 189 - + gint i; 190 - 191 - - fidp = QSIMPLEQ_FIRST(&s->fid_list); 192 - - if (!fidp) { 193 - - return 0; 194 - - } 195 - + g_hash_table_iter_init(&iter, s->fids); 196 - 197 - /* 198 - - * v9fs_reopen_fid() can yield : a reference on the fid must be held 199 - - * to ensure its pointer remains valid and we can safely pass it to 200 - - * QSIMPLEQ_NEXT(). The corresponding put_fid() can also yield so 201 - - * we must keep a reference on the next fid as well. So the logic here 202 - - * is to get a reference on a fid and only put it back during the next 203 - - * iteration after we could get a reference on the next fid. Start with 204 - - * the first one. 205 - + * We iterate over the fid table looking for the entries we need 206 - + * to reopen, and store them in to_reopen. This is because 207 - + * v9fs_reopen_fid() and put_fid() yield. This allows the fid table 208 - + * to be modified in the meantime, invalidating our iterator. 209 - */ 210 - - for (fidp->ref++; fidp; fidp = fidp_next) { 211 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &fidp)) { 212 - if (fidp->path.size == path->size && 213 - !memcmp(fidp->path.data, path->data, path->size)) { 214 - - /* Mark the fid non reclaimable. */ 215 - - fidp->flags |= FID_NON_RECLAIMABLE; 216 - - 217 - - /* reopen the file/dir if already closed */ 218 - - err = v9fs_reopen_fid(pdu, fidp); 219 - - if (err < 0) { 220 - - put_fid(pdu, fidp); 221 - - return err; 222 - - } 223 - - } 224 - - 225 - - fidp_next = QSIMPLEQ_NEXT(fidp, next); 226 - - 227 - - if (fidp_next) { 228 - /* 229 - - * Ensure the next fid survives a potential clunk request during 230 - - * put_fid() below and v9fs_reopen_fid() in the next iteration. 231 - + * Ensure the fid survives a potential clunk request during 232 - + * v9fs_reopen_fid or put_fid. 233 - */ 234 - - fidp_next->ref++; 235 - + fidp->ref++; 236 - + fidp->flags |= FID_NON_RECLAIMABLE; 237 - + g_array_append_val(to_reopen, fidp); 238 - } 239 - + } 240 - 241 - - /* We're done with this fid */ 242 - - put_fid(pdu, fidp); 243 - + for (i = 0; i < to_reopen->len; i++) { 244 - + fidp = g_array_index(to_reopen, V9fsFidState*, i); 245 - + /* reopen the file/dir if already closed */ 246 - + err = v9fs_reopen_fid(pdu, fidp); 247 - + if (err < 0) { 248 - + break; 249 - + } 250 - } 251 - 252 - - return 0; 253 - + for (i = 0; i < to_reopen->len; i++) { 254 - + put_fid(pdu, g_array_index(to_reopen, V9fsFidState*, i)); 255 - + } 256 - + return err; 257 - } 258 - 259 - static void coroutine_fn virtfs_reset(V9fsPDU *pdu) 260 - { 261 - V9fsState *s = pdu->s; 262 - V9fsFidState *fidp; 263 - + GList *freeing; 264 - + /* 265 - + * Get a list of all the values (fid states) in the table, which 266 - + * we then... 267 - + */ 268 - + g_autoptr(GList) fids = g_hash_table_get_values(s->fids); 269 - 270 - - /* Free all fids */ 271 - - while (!QSIMPLEQ_EMPTY(&s->fid_list)) { 272 - - /* Get fid */ 273 - - fidp = QSIMPLEQ_FIRST(&s->fid_list); 274 - - fidp->ref++; 275 - + /* ... remove from the table, taking over ownership. */ 276 - + g_hash_table_steal_all(s->fids); 277 - 278 - - /* Clunk fid */ 279 - - QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next); 280 - + /* 281 - + * This allows us to release our references to them asynchronously without 282 - + * iterating over the hash table and risking iterator invalidation 283 - + * through concurrent modifications. 284 - + */ 285 - + for (freeing = fids; freeing; freeing = freeing->next) { 286 - + fidp = freeing->data; 287 - + fidp->ref++; 288 - fidp->clunked = true; 289 - - 290 - put_fid(pdu, fidp); 291 - } 292 - } 293 - @@ -3205,6 +3222,8 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, 294 - V9fsFidState *tfidp; 295 - V9fsState *s = pdu->s; 296 - V9fsFidState *dirfidp = NULL; 297 - + GHashTableIter iter; 298 - + gpointer fid; 299 - 300 - v9fs_path_init(&new_path); 301 - if (newdirfid != -1) { 302 - @@ -3238,11 +3257,13 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, 303 - if (err < 0) { 304 - goto out; 305 - } 306 - + 307 - /* 308 - * Fixup fid's pointing to the old name to 309 - * start pointing to the new name 310 - */ 311 - - QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) { 312 - + g_hash_table_iter_init(&iter, s->fids); 313 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) { 314 - if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { 315 - /* replace the name */ 316 - v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); 317 - @@ -3320,6 +3341,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir, 318 - V9fsPath oldpath, newpath; 319 - V9fsState *s = pdu->s; 320 - int err; 321 - + GHashTableIter iter; 322 - + gpointer fid; 323 - 324 - v9fs_path_init(&oldpath); 325 - v9fs_path_init(&newpath); 326 - @@ -3336,7 +3359,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir, 327 - * Fixup fid's pointing to the old name to 328 - * start pointing to the new name 329 - */ 330 - - QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) { 331 - + g_hash_table_iter_init(&iter, s->fids); 332 - + while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) { 333 - if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { 334 - /* replace the name */ 335 - v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); 336 - @@ -4226,7 +4250,7 @@ int v9fs_device_realize_common(V9fsState *s, const V9fsTransport *t, 337 - s->ctx.fmode = fse->fmode; 338 - s->ctx.dmode = fse->dmode; 339 - 340 - - QSIMPLEQ_INIT(&s->fid_list); 341 - + s->fids = g_hash_table_new(NULL, NULL); 342 - qemu_co_rwlock_init(&s->rename_lock); 343 - 344 - if (s->ops->init(&s->ctx, errp) < 0) { 345 - @@ -4286,6 +4310,10 @@ void v9fs_device_unrealize_common(V9fsState *s) 346 - if (s->ctx.fst) { 347 - fsdev_throttle_cleanup(s->ctx.fst); 348 - } 349 - + if (s->fids) { 350 - + g_hash_table_destroy(s->fids); 351 - + s->fids = NULL; 352 - + } 353 - g_free(s->tag); 354 - qp_table_destroy(&s->qpd_table); 355 - qp_table_destroy(&s->qpp_table); 356 - diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h 357 - index 994f952600..10fd2076c2 100644 358 - --- a/hw/9pfs/9p.h 359 - +++ b/hw/9pfs/9p.h 360 - @@ -339,7 +339,7 @@ typedef struct { 361 - struct V9fsState { 362 - QLIST_HEAD(, V9fsPDU) free_list; 363 - QLIST_HEAD(, V9fsPDU) active_list; 364 - - QSIMPLEQ_HEAD(, V9fsFidState) fid_list; 365 - + GHashTable *fids; 366 - FileOperations *ops; 367 - FsContext ctx; 368 - char *tag; 369 - -- 370 - 2.36.2 371 -
···
+5 -11
pkgs/applications/virtualization/qemu/default.nix
··· 2 , perl, pixman, vde2, alsa-lib, texinfo, flex 3 , bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool 4 , makeWrapper, runtimeShell, removeReferencesTo 5 - , attr, libcap, libcap_ng, socat 6 , CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet 7 , guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows 8 , numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl ··· 42 + lib.optionalString xenSupport "-xen" 43 + lib.optionalString hostCpuOnly "-host-cpu-only" 44 + lib.optionalString nixosTestRunner "-for-vm-tests"; 45 - version = "7.1.0"; 46 47 src = fetchurl { 48 url = "https://download.qemu.org/qemu-${version}.tar.xz"; 49 - sha256 = "1rmvrgqjhrvcmchnz170dxvrrf14n6nm39y8ivrprmfydd9lwqx0"; 50 }; 51 52 depsBuildBuild = [ buildPackages.stdenv.cc ]; ··· 57 58 buildInputs = [ zlib glib perl pixman 59 vde2 texinfo lzo snappy libtasn1 60 - gnutls nettle curl 61 ] 62 ++ lib.optionals ncursesSupport [ ncurses ] 63 ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ] ··· 111 sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E="; 112 revert = true; 113 }) 114 - ./9pfs-use-GHashTable-for-fid-table.patch 115 - (fetchpatch { 116 - name = "CVE-2022-3165.patch"; 117 - url = "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7.patch"; 118 - sha256 = "sha256-YPhm580lBNuAv7G1snYccKZ2V5ycdV8Ri8mTw5jjFBc="; 119 - }) 120 ] 121 ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch; 122 123 postPatch = '' 124 # Otherwise tries to ensure /var/run exists. 125 - sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \ 126 qga/meson.build 127 ''; 128
··· 2 , perl, pixman, vde2, alsa-lib, texinfo, flex 3 , bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool 4 , makeWrapper, runtimeShell, removeReferencesTo 5 + , attr, libcap, libcap_ng, socat, libslirp 6 , CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet 7 , guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows 8 , numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl ··· 42 + lib.optionalString xenSupport "-xen" 43 + lib.optionalString hostCpuOnly "-host-cpu-only" 44 + lib.optionalString nixosTestRunner "-for-vm-tests"; 45 + version = "7.2.0"; 46 47 src = fetchurl { 48 url = "https://download.qemu.org/qemu-${version}.tar.xz"; 49 + sha256 = "sha256-W0nOJod0Ta1JSukKiYxSIEo0BuhNBySCoeG+hU7rIVc="; 50 }; 51 52 depsBuildBuild = [ buildPackages.stdenv.cc ]; ··· 57 58 buildInputs = [ zlib glib perl pixman 59 vde2 texinfo lzo snappy libtasn1 60 + gnutls nettle curl libslirp 61 ] 62 ++ lib.optionals ncursesSupport [ ncurses ] 63 ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ] ··· 111 sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E="; 112 revert = true; 113 }) 114 ] 115 ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch; 116 117 postPatch = '' 118 # Otherwise tries to ensure /var/run exists. 119 + sed -i "/install_emptydir(get_option('localstatedir') \/ 'run')/d" \ 120 qga/meson.build 121 ''; 122
+16 -26
pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch
··· 1 - From 756021d1e433925cf9a732d7ea67b01b0beb061c Mon Sep 17 00:00:00 2001 2 - From: Will Cohen <willcohen@users.noreply.github.com> 3 - Date: Tue, 29 Mar 2022 14:00:56 -0400 4 - Subject: [PATCH] Revert "ui/cocoa: Add clipboard support" 5 - 6 - This reverts commit 7e3e20d89129614f4a7b2451fe321cc6ccca3b76. 7 - --- 8 - include/ui/clipboard.h | 2 +- 9 - ui/clipboard.c | 2 +- 10 - ui/cocoa.m | 123 ----------------------------------------- 11 - 3 files changed, 2 insertions(+), 125 deletions(-) 12 13 diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h 14 index ce76aa451f..c4e1dc4ff4 100644 ··· 24 25 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuClipboardInfo, qemu_clipboard_info_unref) 26 diff --git a/ui/clipboard.c b/ui/clipboard.c 27 - index 9079ef829b..6b9ed59e1b 100644 28 --- a/ui/clipboard.c 29 +++ b/ui/clipboard.c 30 - @@ -140,7 +140,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, 31 QemuClipboardInfo *info, 32 QemuClipboardType type, 33 uint32_t size, ··· 37 { 38 if (!info || 39 diff --git a/ui/cocoa.m b/ui/cocoa.m 40 - index 5a8bd5dd84..79ed6d043f 100644 41 --- a/ui/cocoa.m 42 +++ b/ui/cocoa.m 43 @@ -29,7 +29,6 @@ ··· 48 #include "ui/console.h" 49 #include "ui/input.h" 50 #include "ui/kbd-state.h" 51 - @@ -109,10 +108,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, 52 - static QemuSemaphore app_started_sem; 53 static bool allow_events; 54 55 -static NSInteger cbchangecount = -1; ··· 59 // Utility functions to run specified code block with iothread lock held 60 typedef void (^CodeBlock)(void); 61 typedef bool (^BoolCodeBlock)(void); 62 - @@ -1815,107 +1810,6 @@ static void addRemovableDevicesMenuItems(void) 63 qapi_free_BlockInfoList(pointerToFree); 64 } 65 ··· 167 /* 168 * The startup process for the OSX/Cocoa UI is complicated, because 169 * OSX insists that the UI runs on the initial main thread, and so we 170 - @@ -1950,7 +1844,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info, 171 - COCOA_DEBUG("Second thread: calling qemu_main()\n"); 172 - status = qemu_main(gArgc, gArgv, *_NSGetEnviron()); 173 - COCOA_DEBUG("Second thread: qemu_main() returned, exiting\n"); 174 - [cbowner release]; 175 exit(status); 176 } 177 178 - @@ -2066,18 +1959,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl) 179 [cocoaView setAbsoluteEnabled:YES]; 180 }); 181 } ··· 194 [pool release]; 195 } 196 197 - @@ -2117,10 +1998,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) 198 199 // register vga output callbacks 200 register_displaychangelistener(&dcl); ··· 202 - qemu_event_init(&cbevent, false); 203 - cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init]; 204 - qemu_clipboard_peer_register(&cbpeer); 205 } 206 207 static QemuDisplay qemu_display_cocoa = { 208 - -- 209 - 2.35.1 210 -
··· 1 + Based on a reversion of upstream 7e3e20d89129614f4a7b2451fe321cc6ccca3b76, 2 + adapted for 7.2.0 3 4 diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h 5 index ce76aa451f..c4e1dc4ff4 100644 ··· 15 16 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuClipboardInfo, qemu_clipboard_info_unref) 17 diff --git a/ui/clipboard.c b/ui/clipboard.c 18 + index 3d14bffaf8..2c3f4c3ba0 100644 19 --- a/ui/clipboard.c 20 +++ b/ui/clipboard.c 21 + @@ -154,7 +154,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, 22 QemuClipboardInfo *info, 23 QemuClipboardType type, 24 uint32_t size, ··· 28 { 29 if (!info || 30 diff --git a/ui/cocoa.m b/ui/cocoa.m 31 + index 660d3e0935..0e6760c360 100644 32 --- a/ui/cocoa.m 33 +++ b/ui/cocoa.m 34 @@ -29,7 +29,6 @@ ··· 39 #include "ui/console.h" 40 #include "ui/input.h" 41 #include "ui/kbd-state.h" 42 + @@ -105,10 +104,6 @@ static void cocoa_switch(DisplayChangeListener *dcl, 43 + 44 static bool allow_events; 45 46 -static NSInteger cbchangecount = -1; ··· 50 // Utility functions to run specified code block with iothread lock held 51 typedef void (^CodeBlock)(void); 52 typedef bool (^BoolCodeBlock)(void); 53 + @@ -1799,107 +1794,6 @@ static void addRemovableDevicesMenuItems(void) 54 qapi_free_BlockInfoList(pointerToFree); 55 } 56 ··· 158 /* 159 * The startup process for the OSX/Cocoa UI is complicated, because 160 * OSX insists that the UI runs on the initial main thread, and so we 161 + @@ -1922,7 +1816,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info, 162 + status = qemu_default_main(); 163 + qemu_mutex_unlock_iothread(); 164 + COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n"); 165 - [cbowner release]; 166 exit(status); 167 } 168 169 + @@ -2003,18 +1896,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl) 170 [cocoaView setAbsoluteEnabled:YES]; 171 }); 172 } ··· 185 [pool release]; 186 } 187 188 + @@ -2071,12 +1952,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) 189 190 // register vga output callbacks 191 register_displaychangelistener(&dcl); ··· 193 - qemu_event_init(&cbevent, false); 194 - cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init]; 195 - qemu_clipboard_peer_register(&cbpeer); 196 + - 197 + - [pool release]; 198 } 199 200 static QemuDisplay qemu_display_cocoa = {
+3 -3
pkgs/development/compilers/gleam/default.nix
··· 2 3 rustPlatform.buildRustPackage rec { 4 pname = "gleam"; 5 - version = "0.25.1"; 6 7 src = fetchFromGitHub { 8 owner = "gleam-lang"; 9 repo = pname; 10 rev = "v${version}"; 11 - sha256 = "sha256-PzvFX1ssBPXhHBNGK38y427HYJ9Q40c4w2mqGZ/2rtI="; 12 }; 13 14 nativeBuildInputs = [ pkg-config ]; ··· 16 buildInputs = [ openssl ] ++ 17 lib.optionals stdenv.isDarwin [ Security libiconv ]; 18 19 - cargoSha256 = "sha256-NeNpT/yOXE70ElawrOGBc4G5bN2ohzYVVUtF4yVCJOo="; 20 21 meta = with lib; { 22 description = "A statically typed language for the Erlang VM";
··· 2 3 rustPlatform.buildRustPackage rec { 4 pname = "gleam"; 5 + version = "0.25.3"; 6 7 src = fetchFromGitHub { 8 owner = "gleam-lang"; 9 repo = pname; 10 rev = "v${version}"; 11 + sha256 = "sha256-JT9NUca+DaqxT36heaNKijIuqdnSvrYCfY2uM7wTOGo="; 12 }; 13 14 nativeBuildInputs = [ pkg-config ]; ··· 16 buildInputs = [ openssl ] ++ 17 lib.optionals stdenv.isDarwin [ Security libiconv ]; 18 19 + cargoSha256 = "sha256-YPyGCd4//yta3jy5tWB4C5yRgxNbfG+hGF5/QSch/6M="; 20 21 meta = with lib; { 22 description = "A statically typed language for the Erlang VM";
+13 -31
pkgs/development/compilers/julia/1.8.nix
··· 12 , libwhich 13 , libxml2 14 , libunwind 15 - , libgit2 16 , curl 17 - , nghttp2 18 - , mbedtls_2 19 - , libssh2 20 , gmp 21 - , mpfr 22 , suitesparse 23 , utf8proc 24 , zlib 25 , p7zip 26 , ncurses 27 - , pcre2 28 }: 29 30 stdenv.mkDerivation rec { ··· 41 path = name: "https://raw.githubusercontent.com/archlinux/svntogit-community/6fd126d089d44fdc875c363488a7c7435a223cec/trunk/${name}"; 42 in 43 [ 44 - # Pull upstream fix to fix tests mpfr-4.1.1 45 - # https://github.com/JuliaLang/julia/pull/47659 46 - (fetchpatch { 47 - name = "mfr-4.1.1.patch"; 48 - url = "https://github.com/JuliaLang/julia/commit/59965205ccbdffb4e25e1b60f651ca9df79230a4.patch"; 49 - hash = "sha256-QJ5wxZMhz+or8BqcYv/5fNSTxDAvdSizTYqt7630kcw="; 50 - includes = [ "stdlib/MPFR_jll/test/runtests.jl" ]; 51 - }) 52 - 53 (fetchurl { 54 url = path "julia-hardcoded-libs.patch"; 55 sha256 = "sha256-kppSpVA7bRohd0wXDs4Jgct9ocHnpbeiiSz7ElFom1U="; ··· 77 buildInputs = [ 78 libxml2 79 libunwind 80 - libgit2 81 curl 82 - nghttp2 83 - mbedtls_2 84 - libssh2 85 gmp 86 - mpfr 87 utf8proc 88 zlib 89 p7zip 90 - pcre2 91 ]; 92 93 JULIA_RPATH = lib.makeLibraryPath (buildInputs ++ [ stdenv.cc.cc gfortran.cc ncurses ]); ··· 106 "USE_SYSTEM_CSL=1" 107 "USE_SYSTEM_LLVM=0" # a patched version is required 108 "USE_SYSTEM_LIBUNWIND=1" 109 - "USE_SYSTEM_PCRE=1" 110 "USE_SYSTEM_LIBM=0" 111 "USE_SYSTEM_OPENLIBM=0" 112 "USE_SYSTEM_DSFMT=0" # not available in nixpkgs 113 "USE_SYSTEM_LIBBLASTRAMPOLINE=0" # not available in nixpkgs 114 "USE_SYSTEM_BLAS=0" # test failure 115 "USE_SYSTEM_LAPACK=0" # test failure 116 - "USE_SYSTEM_GMP=1" 117 - "USE_SYSTEM_MPFR=1" 118 "USE_SYSTEM_LIBSUITESPARSE=0" # test failure 119 "USE_SYSTEM_LIBUV=0" # a patched version is required 120 "USE_SYSTEM_UTF8PROC=1" 121 - "USE_SYSTEM_MBEDTLS=1" 122 - "USE_SYSTEM_LIBSSH2=1" 123 - "USE_SYSTEM_NGHTTP2=1" 124 "USE_SYSTEM_CURL=1" 125 - "USE_SYSTEM_LIBGIT2=1" 126 "USE_SYSTEM_PATCHELF=1" 127 "USE_SYSTEM_LIBWHICH=1" 128 - "USE_SYSTEM_ZLIB=1" 129 "USE_SYSTEM_P7ZIP=1" 130 - 131 - "PCRE_INCL_PATH=${pcre2.dev}/include/pcre2.h" 132 ]; 133 134 doInstallCheck = true;
··· 12 , libwhich 13 , libxml2 14 , libunwind 15 , curl 16 , gmp 17 , suitesparse 18 , utf8proc 19 , zlib 20 , p7zip 21 , ncurses 22 }: 23 24 stdenv.mkDerivation rec { ··· 35 path = name: "https://raw.githubusercontent.com/archlinux/svntogit-community/6fd126d089d44fdc875c363488a7c7435a223cec/trunk/${name}"; 36 in 37 [ 38 (fetchurl { 39 url = path "julia-hardcoded-libs.patch"; 40 sha256 = "sha256-kppSpVA7bRohd0wXDs4Jgct9ocHnpbeiiSz7ElFom1U="; ··· 62 buildInputs = [ 63 libxml2 64 libunwind 65 curl 66 gmp 67 utf8proc 68 zlib 69 p7zip 70 ]; 71 72 JULIA_RPATH = lib.makeLibraryPath (buildInputs ++ [ stdenv.cc.cc gfortran.cc ncurses ]); ··· 85 "USE_SYSTEM_CSL=1" 86 "USE_SYSTEM_LLVM=0" # a patched version is required 87 "USE_SYSTEM_LIBUNWIND=1" 88 + "USE_SYSTEM_PCRE=0" # version checks 89 "USE_SYSTEM_LIBM=0" 90 "USE_SYSTEM_OPENLIBM=0" 91 "USE_SYSTEM_DSFMT=0" # not available in nixpkgs 92 "USE_SYSTEM_LIBBLASTRAMPOLINE=0" # not available in nixpkgs 93 "USE_SYSTEM_BLAS=0" # test failure 94 "USE_SYSTEM_LAPACK=0" # test failure 95 + "USE_SYSTEM_GMP=1" # version checks, but bundled version fails build 96 + "USE_SYSTEM_MPFR=0" # version checks 97 "USE_SYSTEM_LIBSUITESPARSE=0" # test failure 98 "USE_SYSTEM_LIBUV=0" # a patched version is required 99 "USE_SYSTEM_UTF8PROC=1" 100 + "USE_SYSTEM_MBEDTLS=0" # version checks 101 + "USE_SYSTEM_LIBSSH2=0" # version checks 102 + "USE_SYSTEM_NGHTTP2=0" # version checks 103 "USE_SYSTEM_CURL=1" 104 + "USE_SYSTEM_LIBGIT2=0" # version checks 105 "USE_SYSTEM_PATCHELF=1" 106 "USE_SYSTEM_LIBWHICH=1" 107 + "USE_SYSTEM_ZLIB=1" # version checks, but the system zlib is used anyway 108 "USE_SYSTEM_P7ZIP=1" 109 + ] ++ lib.optionals stdenv.isx86_64 [ 110 + # https://github.com/JuliaCI/julia-buildbot/blob/master/master/inventory.py 111 + "JULIA_CPU_TARGET=generic;sandybridge,-xsaveopt,clone_all;haswell,-rdrnd,base(1)" 112 + ] ++ lib.optionals stdenv.isAarch64 [ 113 + "JULIA_CPU_TERGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" 114 ]; 115 116 doInstallCheck = true;
+3 -3
pkgs/development/compilers/julia/patches/1.8/0002-skip-building-doc.patch
··· 1 - From 05c008dcabaf94f5623f2f7e267005eef0a8c5fc Mon Sep 17 00:00:00 2001 2 From: Nick Cao <nickcao@nichi.co> 3 Date: Tue, 20 Sep 2022 18:42:31 +0800 4 Subject: [PATCH 2/4] skip building doc ··· 8 1 file changed, 1 insertion(+), 1 deletion(-) 9 10 diff --git a/Makefile b/Makefile 11 - index d38311dce..a775d36e1 100644 12 --- a/Makefile 13 +++ b/Makefile 14 - @@ -227,7 +227,7 @@ define stringreplace 15 endef 16 17
··· 1 + From ddf422a97973a1f4d2d4d32272396c7165580702 Mon Sep 17 00:00:00 2001 2 From: Nick Cao <nickcao@nichi.co> 3 Date: Tue, 20 Sep 2022 18:42:31 +0800 4 Subject: [PATCH 2/4] skip building doc ··· 8 1 file changed, 1 insertion(+), 1 deletion(-) 9 10 diff --git a/Makefile b/Makefile 11 + index 57b595310..563be74c9 100644 12 --- a/Makefile 13 +++ b/Makefile 14 + @@ -229,7 +229,7 @@ define stringreplace 15 endef 16 17
+25
pkgs/development/compilers/julia/patches/1.8/0003-skip-failing-and-flaky-tests.patch
···
··· 1 + From ed596b33005a438109f0078ed0ba30ebe464b4b5 Mon Sep 17 00:00:00 2001 2 + From: Nick Cao <nickcao@nichi.co> 3 + Date: Tue, 20 Sep 2022 18:42:59 +0800 4 + Subject: [PATCH 3/4] skip failing and flaky tests 5 + 6 + --- 7 + test/Makefile | 2 +- 8 + 1 file changed, 1 insertion(+), 1 deletion(-) 9 + 10 + diff --git a/test/Makefile b/test/Makefile 11 + index 24e137a5b..553d9d095 100644 12 + --- a/test/Makefile 13 + +++ b/test/Makefile 14 + @@ -23,7 +23,7 @@ default: 15 + 16 + $(TESTS): 17 + @cd $(SRCDIR) && \ 18 + - $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@) 19 + + $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip MozillaCACerts_jll --skip NetworkOptions --skip Zlib_jll --skip GMP_jll --skip channels $@) 20 + 21 + $(addprefix revise-, $(TESTS)): revise-% : 22 + @cd $(SRCDIR) && \ 23 + -- 24 + 2.38.1 25 +
+3 -3
pkgs/development/compilers/julia/patches/1.8/0003-skip-failing-tests.patch
··· 1 - From 756d4e977f8f224e20effa82c612e5a9cc14d82e Mon Sep 17 00:00:00 2001 2 From: Nick Cao <nickcao@nichi.co> 3 Date: Tue, 20 Sep 2022 18:42:59 +0800 4 Subject: [PATCH 3/4] skip failing tests ··· 8 1 file changed, 1 insertion(+), 1 deletion(-) 9 10 diff --git a/test/Makefile b/test/Makefile 11 - index 24e137a5b..c17ccea8a 100644 12 --- a/test/Makefile 13 +++ b/test/Makefile 14 @@ -23,7 +23,7 @@ default: ··· 16 $(TESTS): 17 @cd $(SRCDIR) && \ 18 - $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@) 19 - + $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip LibGit2_jll --skip MozillaCACerts_jll --skip NetworkOptions --skip nghttp2_jll --skip Zlib_jll --skip MbedTLS_jll $@) 20 21 $(addprefix revise-, $(TESTS)): revise-% : 22 @cd $(SRCDIR) && \
··· 1 + From f91c8c6364eb321dd5e66fa443472fca6bcda7d6 Mon Sep 17 00:00:00 2001 2 From: Nick Cao <nickcao@nichi.co> 3 Date: Tue, 20 Sep 2022 18:42:59 +0800 4 Subject: [PATCH 3/4] skip failing tests ··· 8 1 file changed, 1 insertion(+), 1 deletion(-) 9 10 diff --git a/test/Makefile b/test/Makefile 11 + index 24e137a5b..2b30ab392 100644 12 --- a/test/Makefile 13 +++ b/test/Makefile 14 @@ -23,7 +23,7 @@ default: ··· 16 $(TESTS): 17 @cd $(SRCDIR) && \ 18 - $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@) 19 + + $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip MozillaCACerts_jll --skip NetworkOptions --skip Zlib_jll --skip GMP_jll $@) 20 21 $(addprefix revise-, $(TESTS)): revise-% : 22 @cd $(SRCDIR) && \
+1 -1
pkgs/development/compilers/julia/patches/1.8/0004-ignore-absolute-path-when-loading-library.patch
··· 1 - From c0e587f4c50bd7bedfe6e5102e9b47c9704fac9b Mon Sep 17 00:00:00 2001 2 From: Nick Cao <nickcao@nichi.co> 3 Date: Tue, 20 Sep 2022 18:43:15 +0800 4 Subject: [PATCH 4/4] ignore absolute path when loading library
··· 1 + From 4bd87f2f3151ad07d311f7d33c2b890977aca93d Mon Sep 17 00:00:00 2001 2 From: Nick Cao <nickcao@nichi.co> 3 Date: Tue, 20 Sep 2022 18:43:15 +0800 4 Subject: [PATCH 4/4] ignore absolute path when loading library
+1 -1
pkgs/development/compilers/rust/make-rust-platform.nix
··· 18 fetchCargoTarball importCargoLock rustc; 19 }; 20 21 - importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix {}; 22 23 rustcSrc = callPackage ./rust-src.nix { 24 inherit runCommand rustc;
··· 18 fetchCargoTarball importCargoLock rustc; 19 }; 20 21 + importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix { inherit cargo; }; 22 23 rustcSrc = callPackage ./rust-src.nix { 24 inherit runCommand rustc;
+3 -1
pkgs/development/libraries/grpc/default.nix
··· 60 # only an issue with the useLLVM stdenv, not the darwin stdenv… 61 # https://github.com/grpc/grpc/issues/26473#issuecomment-860885484 62 useLLVMAndOldCC = (stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "11.0"; 63 - cxxStandard = if useLLVMAndOldCC then "11" else "17"; 64 in 65 [ 66 "-DgRPC_ZLIB_PROVIDER=package"
··· 60 # only an issue with the useLLVM stdenv, not the darwin stdenv… 61 # https://github.com/grpc/grpc/issues/26473#issuecomment-860885484 62 useLLVMAndOldCC = (stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "11.0"; 63 + # With GCC 9 (current aarch64-linux) it fails with c++17 but OK with c++14. 64 + useOldGCC = !(stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "10"; 65 + cxxStandard = if useLLVMAndOldCC then "11" else if useOldGCC then "14" else "17"; 66 in 67 [ 68 "-DgRPC_ZLIB_PROVIDER=package"
+2 -2
pkgs/development/libraries/mbedtls/2.nix
··· 1 { callPackage }: 2 3 callPackage ./generic.nix { 4 - version = "2.28.1"; 5 - hash = "sha256-brbZB3fINDeVWXf50ct4bxYkoBVyD6bBBijZyFQSnyw="; 6 }
··· 1 { callPackage }: 2 3 callPackage ./generic.nix { 4 + version = "2.28.2"; 5 + hash = "sha256-rbWvPrFoY31QyW/TbMndPXTzAJS6qT/bo6J0IL6jRvQ="; 6 }
+2 -2
pkgs/development/libraries/mbedtls/3.nix
··· 1 { callPackage }: 2 3 callPackage ./generic.nix { 4 - version = "3.2.1"; 5 - hash = "sha256-+M36NvFe4gw2PRbld/2JV3yBGrqK6soWcmrSEkUNcrc="; 6 }
··· 1 { callPackage }: 2 3 callPackage ./generic.nix { 4 + version = "3.3.0"; 5 + hash = "sha256-yb5migP5Tcw99XHFzJkCct4f5R6ztxPR43VQcfTGRtE="; 6 }
+8 -4
pkgs/development/libraries/mbedtls/generic.nix
··· 32 perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD # POSIX thread wrapper layer for the threading layer. 33 ''; 34 35 - cmakeFlags = [ "-DUSE_SHARED_MBEDTLS_LIBRARY=on" ]; 36 - NIX_CFLAGS_COMPILE = lib.optionals stdenv.cc.isGNU [ 37 - "-Wno-error=format" 38 - "-Wno-error=format-truncation" 39 ]; 40 41 meta = with lib; {
··· 32 perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD # POSIX thread wrapper layer for the threading layer. 33 ''; 34 35 + cmakeFlags = [ 36 + "-DUSE_SHARED_MBEDTLS_LIBRARY=on" 37 + 38 + # Avoid a dependency on jsonschema and jinja2 by not generating source code 39 + # using python. In releases, these generated files are already present in 40 + # the repository and do not need to be regenerated. See: 41 + # https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 below "Requirement changes". 42 + "-DGEN_FILES=off" 43 ]; 44 45 meta = with lib; {
+1 -1
pkgs/development/mobile/androidenv/compose-android-packages.nix
··· 123 124 build-tools = map (version: 125 callPackage ./build-tools.nix { 126 - inherit deployAndroidPackage; 127 package = packages.build-tools.${version}; 128 } 129 ) buildToolsVersions;
··· 123 124 build-tools = map (version: 125 callPackage ./build-tools.nix { 126 + inherit deployAndroidPackage os; 127 package = packages.build-tools.${version}; 128 } 129 ) buildToolsVersions;
+5 -2
pkgs/development/ocaml-modules/apron/default.nix
··· 1 - { stdenv, lib, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl }: 2 3 stdenv.mkDerivation rec { 4 pname = "ocaml${ocaml.version}-apron"; ··· 10 sha256 = "14ymjahqdxj26da8wik9d5dzlxn81b3z1iggdl7rn2nn06jy7lvy"; 11 }; 12 13 - nativeBuildInputs = [ ocaml findlib perl ]; 14 buildInputs = [ gmp mpfr ppl camlidl ]; 15 propagatedBuildInputs = [ mlgmpidl ]; 16
··· 1 + { stdenv, lib, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl 2 + , gnumake42 3 + }: 4 5 stdenv.mkDerivation rec { 6 pname = "ocaml${ocaml.version}-apron"; ··· 12 sha256 = "14ymjahqdxj26da8wik9d5dzlxn81b3z1iggdl7rn2nn06jy7lvy"; 13 }; 14 15 + # fails with make 4.4 16 + nativeBuildInputs = [ ocaml findlib perl gnumake42 ]; 17 buildInputs = [ gmp mpfr ppl camlidl ]; 18 propagatedBuildInputs = [ mlgmpidl ]; 19
+3 -5
pkgs/development/ocaml-modules/lru/default.nix
··· 2 3 buildDunePackage rec { 4 pname = "lru"; 5 - version = "0.3.0"; 6 - 7 - useDune2 = true; 8 9 src = fetchurl { 10 - url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-v${version}.tbz"; 11 - sha256 = "1ab9rd7cq15ml8x0wjl44wy99h5z7x4g9vkkz4i2d7n84ghy7vw4"; 12 }; 13 14 propagatedBuildInputs = [ psq ];
··· 2 3 buildDunePackage rec { 4 pname = "lru"; 5 + version = "0.3.1"; 6 7 src = fetchurl { 8 + url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-${version}.tbz"; 9 + hash = "sha256-bL4j0np9WyRPhpwLiBQNR/cPQTpkYu81wACTJdSyNv0="; 10 }; 11 12 propagatedBuildInputs = [ psq ];
+2 -2
pkgs/development/python-modules/adafruit-platformdetect/default.nix
··· 7 8 buildPythonPackage rec { 9 pname = "adafruit-platformdetect"; 10 - version = "3.37.0"; 11 format = "setuptools"; 12 13 disabled = pythonOlder "3.7"; ··· 15 src = fetchPypi { 16 pname = "Adafruit-PlatformDetect"; 17 inherit version; 18 - hash = "sha256-vhBx/NABOD2patBzI15XZqbTTtbf3rTUIDx1sYg+yYg="; 19 }; 20 21 nativeBuildInputs = [
··· 7 8 buildPythonPackage rec { 9 pname = "adafruit-platformdetect"; 10 + version = "3.38.0"; 11 format = "setuptools"; 12 13 disabled = pythonOlder "3.7"; ··· 15 src = fetchPypi { 16 pname = "Adafruit-PlatformDetect"; 17 inherit version; 18 + hash = "sha256-USnOf/nwuAyZpvy/cXpQtkWKXPKu0hj1HFwolrpecQM="; 19 }; 20 21 nativeBuildInputs = [
+2 -2
pkgs/development/python-modules/azure-mgmt-resource/default.nix
··· 9 10 buildPythonPackage rec { 11 pname = "azure-mgmt-resource"; 12 - version = "21.2.1"; 13 format = "setuptools"; 14 15 disabled = pythonOlder "3.7"; ··· 17 src = fetchPypi { 18 inherit pname version; 19 extension = "zip"; 20 - hash = "sha256-vSBg1WOT/+Ykao8spn51Tt0D7Ae5dWMLMK4DqIYFl6c="; 21 }; 22 23 propagatedBuildInputs = [
··· 9 10 buildPythonPackage rec { 11 pname = "azure-mgmt-resource"; 12 + version = "22.0.0"; 13 format = "setuptools"; 14 15 disabled = pythonOlder "3.7"; ··· 17 src = fetchPypi { 18 inherit pname version; 19 extension = "zip"; 20 + hash = "sha256-/rXZeeGLUvLP0CO0oKM+VKb3bMaiUtyM117OLGMpjpQ="; 21 }; 22 23 propagatedBuildInputs = [
+2 -2
pkgs/development/python-modules/brother/default.nix
··· 11 12 buildPythonPackage rec { 13 pname = "brother"; 14 - version = "2.0.0"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.8"; ··· 20 owner = "bieniu"; 21 repo = pname; 22 rev = "refs/tags/${version}"; 23 - hash = "sha256-pk9VBFha2NfQWI+fbWwGKcGFa93eKr5Cqh85r1CAXpI="; 24 }; 25 26 propagatedBuildInputs = [
··· 11 12 buildPythonPackage rec { 13 pname = "brother"; 14 + version = "2.1.1"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.8"; ··· 20 owner = "bieniu"; 21 repo = pname; 22 rev = "refs/tags/${version}"; 23 + hash = "sha256-jMvbZ4/NOA3dnJUdDWk2KTRz1gBOC+oDE0ChGNdFl1o="; 24 }; 25 26 propagatedBuildInputs = [
+3 -2
pkgs/development/python-modules/discogs-client/default.nix
··· 10 11 buildPythonPackage rec { 12 pname = "discogs-client"; 13 - version = "2.5"; 14 format = "setuptools"; 15 16 disabled = pythonOlder "3.7"; ··· 19 owner = "joalla"; 20 repo = "discogs_client"; 21 rev = "refs/tags/v${version}"; 22 - sha256 = "sha256-whLneq8RE1bok8jPlOteqIb5U07TvEa0O2mrzORp5HU="; 23 }; 24 25 propagatedBuildInputs = [ ··· 39 meta = with lib; { 40 description = "Unofficial Python API client for Discogs"; 41 homepage = "https://github.com/joalla/discogs_client"; 42 license = licenses.bsd2; 43 maintainers = with maintainers; [ fab ]; 44 };
··· 10 11 buildPythonPackage rec { 12 pname = "discogs-client"; 13 + version = "2.6"; 14 format = "setuptools"; 15 16 disabled = pythonOlder "3.7"; ··· 19 owner = "joalla"; 20 repo = "discogs_client"; 21 rev = "refs/tags/v${version}"; 22 + hash = "sha256-Si1EH5TalNC3BY7L/GqbGSCjDBWzbodB4NZlNayhZYs="; 23 }; 24 25 propagatedBuildInputs = [ ··· 39 meta = with lib; { 40 description = "Unofficial Python API client for Discogs"; 41 homepage = "https://github.com/joalla/discogs_client"; 42 + changelog = "https://github.com/joalla/discogs_client/releases/tag/v${version}"; 43 license = licenses.bsd2; 44 maintainers = with maintainers; [ fab ]; 45 };
+2 -2
pkgs/development/python-modules/peaqevcore/default.nix
··· 6 7 buildPythonPackage rec { 8 pname = "peaqevcore"; 9 - version = "9.1.0"; 10 format = "setuptools"; 11 12 disabled = pythonOlder "3.7"; 13 14 src = fetchPypi { 15 inherit pname version; 16 - hash = "sha256-6SA+JdZwF2Q0RrlPlJvsTXDofrluVcQ+hVMlSFYTjxw="; 17 }; 18 19 postPatch = ''
··· 6 7 buildPythonPackage rec { 8 pname = "peaqevcore"; 9 + version = "9.2.2"; 10 format = "setuptools"; 11 12 disabled = pythonOlder "3.7"; 13 14 src = fetchPypi { 15 inherit pname version; 16 + hash = "sha256-Azco/ZFWDqb+gTskW3V44YJ9Zi3Fg2nYLY4PXvqOrRo="; 17 }; 18 19 postPatch = ''
+2 -2
pkgs/development/python-modules/pyairvisual/default.nix
··· 15 16 buildPythonPackage rec { 17 pname = "pyairvisual"; 18 - version = "2022.12.0"; 19 format = "pyproject"; 20 21 disabled = pythonOlder "3.9"; ··· 24 owner = "bachya"; 25 repo = pname; 26 rev = version; 27 - hash = "sha256-vuniAmjbC3EmFliLFhZ1LQvh533XeLGaIn8ll/Etb/4="; 28 }; 29 30 nativeBuildInputs = [
··· 15 16 buildPythonPackage rec { 17 pname = "pyairvisual"; 18 + version = "2022.12.1"; 19 format = "pyproject"; 20 21 disabled = pythonOlder "3.9"; ··· 24 owner = "bachya"; 25 repo = pname; 26 rev = version; 27 + hash = "sha256-xzTho4HsIU2YLURz9DfFfaRL3tsrtVi8n5IA2bRkyzw="; 28 }; 29 30 nativeBuildInputs = [
+6 -3
pkgs/development/python-modules/pymyq/default.nix
··· 9 10 buildPythonPackage rec { 11 pname = "pymyq"; 12 - version = "3.1.5"; 13 disabled = pythonOlder "3.8"; 14 15 src = fetchFromGitHub { 16 owner = "arraylabs"; 17 repo = pname; 18 rev = "refs/tags/v${version}"; 19 - sha256 = "sha256-/2eWB4rtHPptfc8Tm0CGk0UB+Hq1EmNhWmdrpPiUJcw="; 20 }; 21 22 propagatedBuildInputs = [ ··· 28 # Project has no tests 29 doCheck = false; 30 31 - pythonImportsCheck = [ "pymyq" ]; 32 33 meta = with lib; { 34 description = "Python wrapper for MyQ API"; 35 homepage = "https://github.com/arraylabs/pymyq"; 36 license = with licenses; [ mit ]; 37 maintainers = with maintainers; [ fab ]; 38 };
··· 9 10 buildPythonPackage rec { 11 pname = "pymyq"; 12 + version = "3.1.6"; 13 disabled = pythonOlder "3.8"; 14 15 src = fetchFromGitHub { 16 owner = "arraylabs"; 17 repo = pname; 18 rev = "refs/tags/v${version}"; 19 + hash = "sha256-zhGCoZ7mkHlfDjEbQihtM23u+N6nfYsQhKmrloevzp8="; 20 }; 21 22 propagatedBuildInputs = [ ··· 28 # Project has no tests 29 doCheck = false; 30 31 + pythonImportsCheck = [ 32 + "pymyq" 33 + ]; 34 35 meta = with lib; { 36 description = "Python wrapper for MyQ API"; 37 homepage = "https://github.com/arraylabs/pymyq"; 38 + changelog = "https://github.com/arraylabs/pymyq/releases/tag/v${version}"; 39 license = with licenses; [ mit ]; 40 maintainers = with maintainers; [ fab ]; 41 };
+2 -2
pkgs/development/python-modules/pyswitchbot/default.nix
··· 9 10 buildPythonPackage rec { 11 pname = "pyswitchbot"; 12 - version = "0.23.1"; 13 format = "setuptools"; 14 15 disabled = pythonOlder "3.7"; ··· 18 owner = "Danielhiversen"; 19 repo = "pySwitchbot"; 20 rev = "refs/tags/${version}"; 21 - hash = "sha256-vBXOZ+AhhqWUD6XukmkHF4wjjJxXbK7r0V+qCuZGc6s="; 22 }; 23 24 propagatedBuildInputs = [
··· 9 10 buildPythonPackage rec { 11 pname = "pyswitchbot"; 12 + version = "0.23.2"; 13 format = "setuptools"; 14 15 disabled = pythonOlder "3.7"; ··· 18 owner = "Danielhiversen"; 19 repo = "pySwitchbot"; 20 rev = "refs/tags/${version}"; 21 + hash = "sha256-bpa83uT3Gebwryb7Fc7kBv0m9aYgoL84Q625AavLw40="; 22 }; 23 24 propagatedBuildInputs = [
+2 -2
pkgs/development/python-modules/twilio/default.nix
··· 14 15 buildPythonPackage rec { 16 pname = "twilio"; 17 - version = "7.15.4"; 18 format = "setuptools"; 19 20 disabled = pythonOlder "3.6"; ··· 23 owner = "twilio"; 24 repo = "twilio-python"; 25 rev = "refs/tags/${version}"; 26 - hash = "sha256-V7JLFesMj0W6k9+svgIBAfemDWiyi7DGdFLBk4/wd+8="; 27 }; 28 29 propagatedBuildInputs = [
··· 14 15 buildPythonPackage rec { 16 pname = "twilio"; 17 + version = "7.16.0"; 18 format = "setuptools"; 19 20 disabled = pythonOlder "3.6"; ··· 23 owner = "twilio"; 24 repo = "twilio-python"; 25 rev = "refs/tags/${version}"; 26 + hash = "sha256-+cbcINDnPmgNtZeQUOuTwU24Fe0i3xisxTYurV4GW7Y="; 27 }; 28 29 propagatedBuildInputs = [
+2 -1
pkgs/development/tools/build-managers/redo-apenwarr/default.nix
··· 1 { stdenv, lib, python3, fetchFromGitHub, which, coreutils 2 - , perl, installShellFiles 3 , doCheck ? true 4 }: stdenv.mkDerivation rec { 5 ··· 53 (with python3.pkgs; [ beautifulsoup4 markdown ]) 54 which 55 installShellFiles 56 ]; 57 58 postInstall = ''
··· 1 { stdenv, lib, python3, fetchFromGitHub, which, coreutils 2 + , perl, installShellFiles, gnumake42 3 , doCheck ? true 4 }: stdenv.mkDerivation rec { 5 ··· 53 (with python3.pkgs; [ beautifulsoup4 markdown ]) 54 which 55 installShellFiles 56 + gnumake42 # fails with make 4.4 57 ]; 58 59 postInstall = ''
+2 -2
pkgs/development/tools/pip-audit/default.nix
··· 25 26 buildPythonApplication rec { 27 pname = "pip-audit"; 28 - version = "2.4.8"; 29 format = "pyproject"; 30 31 src = fetchFromGitHub { 32 owner = "trailofbits"; 33 repo = pname; 34 rev = "refs/tags/v${version}"; 35 - hash = "sha256-j5B/aDDVV/Wb71nVwc4CUxS8AY05AI+n042Q/yNAl0c="; 36 }; 37 38 nativeBuildInputs = [
··· 25 26 buildPythonApplication rec { 27 pname = "pip-audit"; 28 + version = "2.4.10"; 29 format = "pyproject"; 30 31 src = fetchFromGitHub { 32 owner = "trailofbits"; 33 repo = pname; 34 rev = "refs/tags/v${version}"; 35 + hash = "sha256-/NkV5KNjJfzLhAJEjePHOXqaGIwRJrD0ewe/vpFEYts="; 36 }; 37 38 nativeBuildInputs = [
+10 -10
pkgs/servers/adguardhome/bins.nix
··· 1 { fetchurl, fetchzip }: 2 { 3 x86_64-darwin = fetchzip { 4 - sha256 = "sha256-pCyMhfDl371zzc3oXo+n09qNcxMtDQEqaqVW+YIrx28="; 5 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_darwin_amd64.zip"; 6 }; 7 aarch64-darwin = fetchzip { 8 - sha256 = "sha256-O2UTzaWaYTkeR3z/O8U/Btigjp/8gns4Y/D9yoX2Hns="; 9 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_darwin_arm64.zip"; 10 }; 11 i686-linux = fetchurl { 12 - sha256 = "sha256-ao/uebGho3CafFEcCfcS+awsC9lO/6z1UL57Yvr/q14="; 13 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_386.tar.gz"; 14 }; 15 x86_64-linux = fetchurl { 16 - sha256 = "sha256-KJIogRRlZFPy3jBb9JeEA7xgZkl9/97cA13rBK6/1fI="; 17 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_amd64.tar.gz"; 18 }; 19 aarch64-linux = fetchurl { 20 - sha256 = "sha256-r8gqUa9dULAYPUB64X4aqyaNf0CpckUNIsWl+VylhaM="; 21 - url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_arm64.tar.gz"; 22 }; 23 }
··· 1 { fetchurl, fetchzip }: 2 { 3 x86_64-darwin = fetchzip { 4 + sha256 = "sha256-ViWbvpGU6mk9N8Nstn0urZrcd8JIPs9Ok9806+vUvy0="; 5 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_darwin_amd64.zip"; 6 }; 7 aarch64-darwin = fetchzip { 8 + sha256 = "sha256-ixfeTi2Y44Om7RCKZOw3oJX+FiwTT+s7MSSqowyNKUU="; 9 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_darwin_arm64.zip"; 10 }; 11 i686-linux = fetchurl { 12 + sha256 = "sha256-EZzZ8Z6N+wctI/ncLjIAvFgQN1YWOnywhihxF+C6MOs="; 13 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_386.tar.gz"; 14 }; 15 x86_64-linux = fetchurl { 16 + sha256 = "sha256-xU5PxscqBEGNCgA241UbhJcxlNXpCxbFeU7bfmSqf7I="; 17 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_amd64.tar.gz"; 18 }; 19 aarch64-linux = fetchurl { 20 + sha256 = "sha256-ajhvvxYwttEaCQXL4WaDcjzk8g0krhIXJv5VHEEdfqg="; 21 + url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_arm64.tar.gz"; 22 }; 23 }
+1 -1
pkgs/servers/adguardhome/default.nix
··· 7 8 stdenv.mkDerivation rec { 9 pname = "adguardhome"; 10 - version = "0.107.20"; 11 src = sources.${system} or (throw "Source for ${pname} is not available for ${system}"); 12 13 installPhase = ''
··· 7 8 stdenv.mkDerivation rec { 9 pname = "adguardhome"; 10 + version = "0.107.21"; 11 src = sources.${system} or (throw "Source for ${pname} is not available for ${system}"); 12 13 installPhase = ''
+10 -5
pkgs/servers/snappymail/default.nix
··· 1 - { lib, stdenv, fetchurl, writeText 2 - , dataPath ? "/var/lib/snappymail" }: 3 stdenv.mkDerivation rec { 4 pname = "snappymail"; 5 - version = "2.22.6"; 6 7 src = fetchurl { 8 url = "https://github.com/the-djmaze/snappymail/releases/download/v${version}/snappymail-${version}.tar.gz"; 9 - sha256 = "sha256-B3ojd6Xd5qk6KL5JAnrp52XeW0xJ7z9VJQRPjVmPgv0="; 10 }; 11 12 sourceRoot = "snappymail"; ··· 27 28 meta = with lib; { 29 description = "Simple, modern & fast web-based email client"; 30 - 31 homepage = "https://snappymail.eu"; 32 downloadPage = "https://github.com/the-djmaze/snappymail/releases"; 33 license = licenses.agpl3; 34 platforms = platforms.all;
··· 1 + { lib 2 + , stdenv 3 + , fetchurl 4 + , writeText 5 + , dataPath ? "/var/lib/snappymail" 6 + }: 7 + 8 stdenv.mkDerivation rec { 9 pname = "snappymail"; 10 + version = "2.23.0"; 11 12 src = fetchurl { 13 url = "https://github.com/the-djmaze/snappymail/releases/download/v${version}/snappymail-${version}.tar.gz"; 14 + sha256 = "sha256-wOHp0hNxpDa6JPDaGNHG2+TL+YTP3GaKLab/PdxtU20="; 15 }; 16 17 sourceRoot = "snappymail"; ··· 32 33 meta = with lib; { 34 description = "Simple, modern & fast web-based email client"; 35 homepage = "https://snappymail.eu"; 36 + changelog = "https://github.com/the-djmaze/snappymail/blob/v${version}/CHANGELOG.md"; 37 downloadPage = "https://github.com/the-djmaze/snappymail/releases"; 38 license = licenses.agpl3; 39 platforms = platforms.all;
+37
pkgs/servers/x11/xorg/overrides.nix
··· 814 url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.diff"; 815 sha256 = "rBiiXQRreMvexW9vOKblcfCYzul+9La01EAhir4FND8="; 816 }) 817 ]; 818 buildInputs = commonBuildInputs ++ [ libdrm mesa ]; 819 propagatedBuildInputs = attrs.propagatedBuildInputs or [] ++ [ libpciaccess libepoxy ] ++ commonPropagatedBuildInputs ++ lib.optionals stdenv.isLinux [
··· 814 url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.diff"; 815 sha256 = "rBiiXQRreMvexW9vOKblcfCYzul+9La01EAhir4FND8="; 816 }) 817 + ] 818 + # TODO: remove with xorgserver >= 21.1.5; https://www.mail-archive.com/xorg-announce@lists.x.org/msg01511.html 819 + ++ [ 820 + (fetchpatch { 821 + name = "CVE-2022-46340.diff"; 822 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63.diff"; 823 + sha256 = "sha256-XPjLwZcJPLVv1ufgqnUxl73HKcJWWTDy2J/oxFiFnAU="; 824 + }) 825 + (fetchpatch { 826 + name = "CVE-2022-46341.diff"; 827 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b.diff"; 828 + sha256 = "sha256-w+tzzoI1TfjjiFw5GNxVBgPc7M2lRY60zl+ySsyV59o="; 829 + }) 830 + (fetchpatch { 831 + name = "CVE-2022-46342.diff"; 832 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b.diff"; 833 + sha256 = "sha256-NytCsqRlqhs8xpOL8PGgluU0nKd7VIY26BXgpzN6WqE="; 834 + }) 835 + (fetchpatch { 836 + name = "CVE-2022-46343.diff"; 837 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900.diff"; 838 + sha256 = "sha256-oUwKwfN6lAvZ60dylm53+/yDeFnYTVdCINpBAfM6LoY="; 839 + }) 840 + (fetchpatch { 841 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b8a84cb0f2807b07ab70ca9915fcdee21301b8ca.diff"; 842 + sha256 = "sha256-Y2x9/P0SgwUAJRjIXivA32NnMso7gQAid+VjcwNUsa8="; 843 + }) 844 + (fetchpatch { 845 + name = "CVE-2022-46344.diff"; 846 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8.diff"; 847 + sha256 = "sha256-Cr760UPwmm8Qr0o/R8/IlgggXQ6ENTHRz3bP/nsIwbU="; 848 + }) 849 + (fetchpatch { 850 + name = "CVE-2022-4283.diff"; 851 + url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c.diff"; 852 + sha256 = "sha256-IGPsjS7KgRPLrs1ImBXvIFCa8Iu5ZiAHRZvHlBYP8KQ="; 853 + }) 854 ]; 855 buildInputs = commonBuildInputs ++ [ libdrm mesa ]; 856 propagatedBuildInputs = attrs.propagatedBuildInputs or [] ++ [ libpciaccess libepoxy ] ++ commonPropagatedBuildInputs ++ lib.optionals stdenv.isLinux [
+4 -4
pkgs/tools/admin/awscli2/default.nix
··· 73 ]; 74 75 postPatch = '' 76 - substituteInPlace pyproject.toml \ 77 - --replace "colorama>=0.2.5,<0.4.4" "colorama" \ 78 - --replace "distro>=1.5.0,<1.6.0" "distro" \ 79 - --replace "cryptography>=3.3.2,<=38.0.1" "cryptography>=3.3.2,<=38.0.3" 80 ''; 81 82 postInstall = ''
··· 73 ]; 74 75 postPatch = '' 76 + sed -i pyproject.toml \ 77 + -e 's/colorama.*/colorama",/' \ 78 + -e 's/cryptography.*/cryptography",/' \ 79 + -e 's/distro.*/distro",/' 80 ''; 81 82 postInstall = ''
+2 -1
pkgs/tools/games/weidu/default.nix
··· 5 , ocaml-ng 6 , perl 7 , which 8 }: 9 10 let ··· 38 mkdir -p obj/{.depend,x86_LINUX} 39 ''; 40 41 - nativeBuildInputs = [ elkhound ocaml' perl which ]; 42 43 buildFlags = [ "weidu" "weinstall" "tolower" ]; 44
··· 5 , ocaml-ng 6 , perl 7 , which 8 + , gnumake42 9 }: 10 11 let ··· 39 mkdir -p obj/{.depend,x86_LINUX} 40 ''; 41 42 + nativeBuildInputs = [ elkhound ocaml' perl which gnumake42 ]; 43 44 buildFlags = [ "weidu" "weinstall" "tolower" ]; 45
+25
pkgs/tools/misc/bootspec/default.nix
···
··· 1 + { lib 2 + , rustPlatform 3 + , fetchFromGitHub 4 + }: 5 + rustPlatform.buildRustPackage rec { 6 + pname = "bootspec"; 7 + version = "unstable-2022-12-05"; 8 + 9 + src = fetchFromGitHub { 10 + owner = "DeterminateSystems"; 11 + repo = pname; 12 + rev = "67a617ab6b99211daa92e748d27ead3f78127cf8"; 13 + hash = "sha256-GX6Tzs/ClTUV9OXLvPFw6uBhrpCWSMI+PfrViyFEIxs="; 14 + }; 15 + 16 + cargoHash = "sha256-N/hbfjsuvwCc0mxOpeVVcTxb5cA024lyLSEpVcrS7kA="; 17 + 18 + meta = with lib; { 19 + description = "Implementation of RFC-0125's datatype and synthesis tooling"; 20 + homepage = "https://github.com/DeterminateSystems/bootspec"; 21 + license = licenses.mit; 22 + maintainers = teams.determinatesystems.members; 23 + platforms = platforms.unix; 24 + }; 25 + }
+4 -2
pkgs/tools/networking/dnstwist/default.nix
··· 5 6 python3.pkgs.buildPythonApplication rec { 7 pname = "dnstwist"; 8 - version = "20221022"; 9 10 src = fetchFromGitHub { 11 owner = "elceef"; 12 repo = pname; 13 rev = "refs/tags/${version}"; 14 - sha256 = "sha256-qdKMEE97PWkWgstJZxnFWDjc2heIbJjjCwBbl5K2zy4="; 15 }; 16 17 propagatedBuildInputs = with python3.pkgs; [ ··· 33 meta = with lib; { 34 description = "Domain name permutation engine for detecting homograph phishing attacks"; 35 homepage = "https://github.com/elceef/dnstwist"; 36 license = with licenses; [ gpl3Only ]; 37 maintainers = with maintainers; [ fab ]; 38 };
··· 5 6 python3.pkgs.buildPythonApplication rec { 7 pname = "dnstwist"; 8 + version = "20221213"; 9 + format = "setuptools"; 10 11 src = fetchFromGitHub { 12 owner = "elceef"; 13 repo = pname; 14 rev = "refs/tags/${version}"; 15 + hash = "sha256-xYZGrlrEdot2l1SkXcT2IbeRWouaN6C+WwbBSHXhAtw="; 16 }; 17 18 propagatedBuildInputs = with python3.pkgs; [ ··· 34 meta = with lib; { 35 description = "Domain name permutation engine for detecting homograph phishing attacks"; 36 homepage = "https://github.com/elceef/dnstwist"; 37 + changelog = "https://github.com/elceef/dnstwist/releases/tag/${version}"; 38 license = with licenses; [ gpl3Only ]; 39 maintainers = with maintainers; [ fab ]; 40 };
+29 -9
pkgs/tools/networking/mozillavpn/default.nix
··· 1 { buildGoModule 2 , cmake 3 , fetchFromGitHub 4 , go 5 , lib 6 , pkg-config ··· 21 22 let 23 pname = "mozillavpn"; 24 - version = "2.11.0"; 25 src = fetchFromGitHub { 26 owner = "mozilla-mobile"; 27 repo = "mozilla-vpn-client"; 28 rev = "v${version}"; 29 fetchSubmodules = true; 30 - hash = "sha256-QXxZ6RQwXrVsaZRkW13r7aoz8iHxuT0nW/2aFDpLLzU="; 31 }; 32 33 netfilter-go-modules = (buildGoModule { 34 inherit pname version src; ··· 40 inherit src; 41 name = "${pname}-${version}-extension-bridge"; 42 preBuild = "cd extension/bridge"; 43 - hash = "sha256-BRUUEDIVQoF+FuKnoBzFbMyeGOgGb6/boYSaftZPF2U="; 44 }; 45 - 46 signatureDeps = rustPlatform.fetchCargoTarball { 47 inherit src; 48 name = "${pname}-${version}-signature"; 49 preBuild = "cd signature"; 50 - hash = "sha256-oSO7KS4aBwSVYIyxmWTXKn0CL9t6CDR/hx+0+nbf/dM="; 51 }; 52 53 in 54 stdenv.mkDerivation { 55 - inherit pname version src; 56 57 buildInputs = [ 58 polkit ··· 73 python3.pkgs.setuptools 74 rustPlatform.cargoSetupHook 75 rustPlatform.rust.cargo 76 which 77 wrapQtAppsHook 78 ]; ··· 87 cargoDeps='${signatureDeps}' cargoSetupPostUnpackHook 88 signatureDepsCopy="$cargoDepsCopy" 89 popd 90 ''; 91 dontCargoSetupPostUnpack = true; 92 ··· 108 substituteInPlace extension/CMakeLists.txt \ 109 --replace '/etc' "$out/etc" 110 111 - substituteInPlace src/connectionbenchmark/benchmarktasktransfer.cpp \ 112 - --replace 'QT_VERSION >= 0x060400' 'false' 113 - 114 ln -s '${netfilter-go-modules}' linux/netfilter/vendor 115 116 pushd extension/bridge ··· 119 120 pushd signature 121 cargoDepsCopy="$signatureDepsCopy" cargoSetupPostPatchHook 122 popd 123 124 cargoSetupPostPatchHook() { true; }
··· 1 { buildGoModule 2 , cmake 3 , fetchFromGitHub 4 + , fetchpatch 5 , go 6 , lib 7 , pkg-config ··· 22 23 let 24 pname = "mozillavpn"; 25 + version = "2.12.0"; 26 src = fetchFromGitHub { 27 owner = "mozilla-mobile"; 28 repo = "mozilla-vpn-client"; 29 rev = "v${version}"; 30 fetchSubmodules = true; 31 + hash = "sha256-T8dPM90X4soVG/plKsf7DM9XgdX5Vcp0i6zTE60gbq0="; 32 }; 33 + patches = [ 34 + # vpnglean: Add Cargo.lock file 35 + (fetchpatch { 36 + url = "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/5236/commits/6fdc689001619a06b752fa629647642ea66f4e26.patch"; 37 + hash = "sha256-j666Z31D29WIL3EXbek2aLzA4Fui/9VZvupubMDG24Q="; 38 + }) 39 + ]; 40 41 netfilter-go-modules = (buildGoModule { 42 inherit pname version src; ··· 48 inherit src; 49 name = "${pname}-${version}-extension-bridge"; 50 preBuild = "cd extension/bridge"; 51 + hash = "sha256-/DmKSV0IKxZV0Drh6dTsiqgZhuxt6CoegXpYdqN4UzQ="; 52 }; 53 signatureDeps = rustPlatform.fetchCargoTarball { 54 inherit src; 55 name = "${pname}-${version}-signature"; 56 preBuild = "cd signature"; 57 + hash = "sha256-6qyMARhPPgTryEtaBNrIPN9ja/fe7Fyx38iGuTd+Dk8="; 58 + }; 59 + vpngleanDeps = rustPlatform.fetchCargoTarball { 60 + inherit src patches; 61 + name = "${pname}-${version}-vpnglean"; 62 + preBuild = "cd vpnglean"; 63 + hash = "sha256-8OLTQmRvy6pATEBX2za6f9vMEqwkf9L5VyERtAN2BDQ="; 64 }; 65 66 in 67 stdenv.mkDerivation { 68 + inherit pname version src patches; 69 70 buildInputs = [ 71 polkit ··· 86 python3.pkgs.setuptools 87 rustPlatform.cargoSetupHook 88 rustPlatform.rust.cargo 89 + rustPlatform.rust.rustc 90 which 91 wrapQtAppsHook 92 ]; ··· 101 cargoDeps='${signatureDeps}' cargoSetupPostUnpackHook 102 signatureDepsCopy="$cargoDepsCopy" 103 popd 104 + 105 + pushd source/vpnglean 106 + cargoDeps='${vpngleanDeps}' cargoSetupPostUnpackHook 107 + vpngleanDepsCopy="$cargoDepsCopy" 108 + popd 109 ''; 110 dontCargoSetupPostUnpack = true; 111 ··· 127 substituteInPlace extension/CMakeLists.txt \ 128 --replace '/etc' "$out/etc" 129 130 ln -s '${netfilter-go-modules}' linux/netfilter/vendor 131 132 pushd extension/bridge ··· 135 136 pushd signature 137 cargoDepsCopy="$signatureDepsCopy" cargoSetupPostPatchHook 138 + popd 139 + 140 + pushd vpnglean 141 + cargoDepsCopy="$vpngleanDepsCopy" cargoSetupPostPatchHook 142 popd 143 144 cargoSetupPostPatchHook() { true; }
+2
pkgs/tools/typesetting/sile/default.nix
··· 1 { lib, stdenv 2 , darwin 3 , fetchurl 4 , makeWrapper ··· 59 gitMinimal 60 pkg-config 61 makeWrapper 62 ]; 63 buildInputs = [ 64 luaEnv
··· 1 { lib, stdenv 2 + , gnumake42 3 , darwin 4 , fetchurl 5 , makeWrapper ··· 60 gitMinimal 61 pkg-config 62 makeWrapper 63 + gnumake42 64 ]; 65 buildInputs = [ 66 luaEnv
+7 -1
pkgs/top-level/all-packages.nix
··· 2705 2706 brewtarget = libsForQt5.callPackage ../applications/misc/brewtarget { } ; 2707 2708 # Derivation's result is not used by nixpkgs. Useful for validation for 2709 # regressions of bootstrapTools on hydra and on ofborg. Example: 2710 # pkgsCross.aarch64-multiplatform.freshBootstrapTools.build ··· 8489 wrapKakoune = kakoune: attrs: callPackage ../applications/editors/kakoune/wrapper.nix (attrs // { inherit kakoune; }); 8490 kakounePlugins = recurseIntoAttrs (callPackage ../applications/editors/kakoune/plugins { }); 8491 8492 - kakoune-unwrapped = callPackage ../applications/editors/kakoune { }; 8493 kakoune = wrapKakoune kakoune-unwrapped { 8494 plugins = [ ]; # override with the list of desired plugins 8495 };
··· 2705 2706 brewtarget = libsForQt5.callPackage ../applications/misc/brewtarget { } ; 2707 2708 + bootspec = callPackage ../tools/misc/bootspec { }; 2709 + 2710 # Derivation's result is not used by nixpkgs. Useful for validation for 2711 # regressions of bootstrapTools on hydra and on ofborg. Example: 2712 # pkgsCross.aarch64-multiplatform.freshBootstrapTools.build ··· 8491 wrapKakoune = kakoune: attrs: callPackage ../applications/editors/kakoune/wrapper.nix (attrs // { inherit kakoune; }); 8492 kakounePlugins = recurseIntoAttrs (callPackage ../applications/editors/kakoune/plugins { }); 8493 8494 + kakoune-unwrapped = callPackage ../applications/editors/kakoune { 8495 + # See comments on https://github.com/NixOS/nixpkgs/pull/198836 8496 + # Remove below when stdenv for linux-aarch64 become recent enough. 8497 + stdenv = if stdenv.isLinux && stdenv.isAarch64 && stdenv.cc.isGNU then gcc11Stdenv else stdenv; 8498 + }; 8499 kakoune = wrapKakoune kakoune-unwrapped { 8500 plugins = [ ]; # override with the list of desired plugins 8501 };