+2

nixos/doc/manual/release-notes/rl-2305.section.md

··· 28 29 - `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code). 30 0 0 31 ## New Services {#sec-release-23.05-new-services} 32 33 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

··· 28 29 - `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code). 30 31 + - `boot.bootspec.enable` (internal option) is now enabled by default because [RFC-0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot usecases in NixOS such as SecureBoot. 32 + 33 ## New Services {#sec-release-23.05-new-services} 34 35 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

+1 -1

nixos/modules/services/hardware/auto-cpufreq.nix

··· 37 38 serviceConfig.ExecStart = [ 39 "" 40 - "${lib.getExe pkgs.auto-cpufreq} --config ${cfgFile}" 41 ]; 42 }; 43 };

··· 37 38 serviceConfig.ExecStart = [ 39 "" 40 + "${lib.getExe pkgs.auto-cpufreq} --daemon --config ${cfgFile}" 41 ]; 42 }; 43 };

+20 -7

nixos/modules/system/activation/bootspec.cue

··· 1 - #V1: { 0 0 2 system: string 3 init: string 4 initrd?: string ··· 7 kernelParams: [...string] 8 label: string 9 toplevel: string 10 - specialisation?: { 11 - [=~"^"]: #V1 12 - } 13 - extensions?: {...} 0 0 0 14 } 15 16 - Document: { 17 - v1: #V1 0 0 0 0 0 0 0 0 18 }

··· 1 + import "struct" 2 + 3 + #BootspecV1: { 4 system: string 5 init: string 6 initrd?: string ··· 9 kernelParams: [...string] 10 label: string 11 toplevel: string 12 + } 13 + 14 + // A restricted document does not allow any official specialisation 15 + // information in it to avoid "recursive specialisations". 16 + #RestrictedDocument: struct.MinFields(1) & { 17 + "org.nixos.bootspec.v1": #BootspecV1 18 + [=~"^"]: #BootspecExtension 19 } 20 21 + // Specialisations are a hashmap of strings 22 + #BootspecSpecialisationV1: [string]: #RestrictedDocument 23 + 24 + // Bootspec extensions are defined by the extension author. 25 + #BootspecExtension: {...} 26 + 27 + // A "full" document allows official specialisation information 28 + // in the top-level with a reserved namespaced key. 29 + Document: #RestrictedDocument & { 30 + "org.nixos.specialisation.v1"?: #BootspecSpecialisationV1 31 }

+18 -26

nixos/modules/system/activation/bootspec.nix

··· 16 filename = "boot.json"; 17 json = 18 pkgs.writeText filename 19 - (builtins.toJSON 0 0 20 { 21 - v1 = { 22 system = config.boot.kernelPackages.stdenv.hostPlatform.system; 23 kernel = "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}"; 24 kernelParams = config.boot.kernelParams; 25 label = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"; 26 - 27 - inherit (cfg) extensions; 28 } // lib.optionalAttrs config.boot.initrd.enable { 29 initrd = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; 30 initrdSecrets = "${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets"; 31 }; 32 - }); 33 34 generator = 35 let ··· 42 toplevelInjector = lib.escapeShellArgs [ 43 "${pkgs.jq}/bin/jq" 44 '' 45 - .v1.toplevel = $toplevel | 46 - .v1.init = $init 47 '' 48 "--sort-keys" 49 "--arg" "toplevel" "${placeholder "out"}" ··· 62 lib.escapeShellArgs [ 63 "${pkgs.jq}/bin/jq" 64 "--sort-keys" 65 - ".v1.specialisation = ($ARGS.named | map_values(. | first | .v1))" 66 ] + " ${lib.concatStringsSep " " specialisationLoader}"; 67 in 68 - '' 69 - mkdir -p $out/bootspec 70 - 71 - ${toplevelInjector} | ${specialisationInjector} > $out/${filename} 72 - ''; 73 74 validator = pkgs.writeCueValidator ./bootspec.cue { 75 document = "Document"; # Universal validator for any version as long the schema is correctly set. ··· 79 in 80 { 81 options.boot.bootspec = { 82 - enable = lib.mkEnableOption (lib.mdDoc "Enable generation of RFC-0125 bootspec in $system/bootspec, e.g. /run/current-system/bootspec"); 0 0 0 0 0 0 83 84 extensions = lib.mkOption { 85 - type = lib.types.attrsOf lib.types.attrs; # <namespace>: { ...namespace-specific fields } 0 86 default = { }; 87 description = lib.mdDoc '' 88 User-defined data that extends the bootspec document. ··· 111 internal = true; 112 default = schemas.v1.filename; 113 }; 114 - }; 115 - 116 - config = lib.mkIf (cfg.enable) { 117 - warnings = [ 118 - ''RFC-0125 is not merged yet, this is a feature preview of bootspec. 119 - The schema is not definitive and features are not guaranteed to be stable until RFC-0125 is merged. 120 - See: 121 - - https://github.com/NixOS/nixpkgs/pull/172237 to track merge status in nixpkgs. 122 - - https://github.com/NixOS/rfcs/pull/125 to track RFC status. 123 - '' 124 - ]; 125 }; 126 }

··· 16 filename = "boot.json"; 17 json = 18 pkgs.writeText filename 19 + (builtins.toJSON 20 + # Merge extensions first to not let them shadow NixOS bootspec data. 21 + (cfg.extensions // 22 { 23 + "org.nixos.bootspec.v1" = { 24 system = config.boot.kernelPackages.stdenv.hostPlatform.system; 25 kernel = "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}"; 26 kernelParams = config.boot.kernelParams; 27 label = "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"; 0 0 28 } // lib.optionalAttrs config.boot.initrd.enable { 29 initrd = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; 30 initrdSecrets = "${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets"; 31 }; 32 + })); 33 34 generator = 35 let ··· 42 toplevelInjector = lib.escapeShellArgs [ 43 "${pkgs.jq}/bin/jq" 44 '' 45 + ."org.nixos.bootspec.v1".toplevel = $toplevel | 46 + ."org.nixos.bootspec.v1".init = $init 47 '' 48 "--sort-keys" 49 "--arg" "toplevel" "${placeholder "out"}" ··· 62 lib.escapeShellArgs [ 63 "${pkgs.jq}/bin/jq" 64 "--sort-keys" 65 + ''."org.nixos.specialisation.v1" = ($ARGS.named | map_values(. | first))'' 66 ] + " ${lib.concatStringsSep " " specialisationLoader}"; 67 in 68 + "${toplevelInjector} | ${specialisationInjector} > $out/${filename}"; 0 0 0 0 69 70 validator = pkgs.writeCueValidator ./bootspec.cue { 71 document = "Document"; # Universal validator for any version as long the schema is correctly set. ··· 75 in 76 { 77 options.boot.bootspec = { 78 + enable = lib.mkEnableOption (lib.mdDoc "the generation of RFC-0125 bootspec in $system/boot.json, e.g. /run/current-system/boot.json") 79 + // { default = true; internal = true; }; 80 + enableValidation = lib.mkEnableOption (lib.mdDoc ''the validation of bootspec documents for each build. 81 + This will introduce Go in the build-time closure as we are relying on [Cuelang](https://cuelang.org/) for schema validation. 82 + Enable this option if you want to ascertain that your documents are correct. 83 + '' 84 + ); 85 86 extensions = lib.mkOption { 87 + # NOTE(RaitoBezarius): this is not enough to validate: extensions."osRelease" = drv; those are picked up by cue validation. 88 + type = lib.types.attrsOf lib.types.anything; # <namespace>: { ...namespace-specific fields } 89 default = { }; 90 description = lib.mdDoc '' 91 User-defined data that extends the bootspec document. ··· 114 internal = true; 115 default = schemas.v1.filename; 116 }; 0 0 0 0 0 0 0 0 0 0 0 117 }; 118 }

+2 -1

nixos/modules/system/activation/top-level.nix

··· 82 83 ${optionalString (!config.boot.isContainer && config.boot.bootspec.enable) '' 84 ${config.boot.bootspec.writer} 85 - ${config.boot.bootspec.validator} "$out/${config.boot.bootspec.filename}" 0 86 ''} 87 88 ${config.system.extraSystemBuilderCmds}

··· 82 83 ${optionalString (!config.boot.isContainer && config.boot.bootspec.enable) '' 84 ${config.boot.bootspec.writer} 85 + ${optionalString config.boot.bootspec.enableValidation 86 + ''${config.boot.bootspec.validator} "$out/${config.boot.bootspec.filename}"''} 87 ''} 88 89 ${config.system.extraSystemBuilderCmds}

+7 -5

nixos/tests/bootspec.nix

··· 110 111 machine.succeed("test -e /run/current-system/boot.json") 112 113 - bootspec = json.loads(machine.succeed("jq -r '.v1' /run/current-system/boot.json")) 114 115 assert all(key in bootspec for key in ('initrd', 'initrdSecrets')), "Bootspec should contain initrd or initrdSecrets field when initrd is enabled" 116 ''; ··· 136 machine.succeed("test -e /run/current-system/boot.json") 137 machine.succeed("test -e /run/current-system/specialisation/something/boot.json") 138 139 - sp_in_parent = json.loads(machine.succeed("jq -r '.v1.specialisation.something' /run/current-system/boot.json")) 140 sp_in_fs = json.loads(machine.succeed("cat /run/current-system/specialisation/something/boot.json")) 141 142 - assert sp_in_parent == sp_in_fs['v1'], "Bootspecs of the same specialisation are different!" 143 ''; 144 }; 145 ··· 152 imports = [ standard ]; 153 environment.systemPackages = [ pkgs.jq ]; 154 boot.bootspec.extensions = { 155 - osRelease = config.environment.etc."os-release".source; 0 0 156 }; 157 }; 158 ··· 161 machine.wait_for_unit("multi-user.target") 162 163 current_os_release = machine.succeed("cat /etc/os-release") 164 - bootspec_os_release = machine.succeed("cat $(jq -r '.v1.extensions.osRelease' /run/current-system/boot.json)") 165 166 assert current_os_release == bootspec_os_release, "Filename referenced by extension has unexpected contents" 167 '';

··· 110 111 machine.succeed("test -e /run/current-system/boot.json") 112 113 + bootspec = json.loads(machine.succeed("jq -r '.\"org.nixos.bootspec.v1\"' /run/current-system/boot.json")) 114 115 assert all(key in bootspec for key in ('initrd', 'initrdSecrets')), "Bootspec should contain initrd or initrdSecrets field when initrd is enabled" 116 ''; ··· 136 machine.succeed("test -e /run/current-system/boot.json") 137 machine.succeed("test -e /run/current-system/specialisation/something/boot.json") 138 139 + sp_in_parent = json.loads(machine.succeed("jq -r '.\"org.nixos.specialisation.v1\".something' /run/current-system/boot.json")) 140 sp_in_fs = json.loads(machine.succeed("cat /run/current-system/specialisation/something/boot.json")) 141 142 + assert sp_in_parent['org.nixos.bootspec.v1'] == sp_in_fs['org.nixos.bootspec.v1'], "Bootspecs of the same specialisation are different!" 143 ''; 144 }; 145 ··· 152 imports = [ standard ]; 153 environment.systemPackages = [ pkgs.jq ]; 154 boot.bootspec.extensions = { 155 + "org.nix-tests.product" = { 156 + osRelease = config.environment.etc."os-release".source; 157 + }; 158 }; 159 }; 160 ··· 163 machine.wait_for_unit("multi-user.target") 164 165 current_os_release = machine.succeed("cat /etc/os-release") 166 + bootspec_os_release = machine.succeed("cat $(jq -r '.\"org.nix-tests.product\".osRelease' /run/current-system/boot.json)") 167 168 assert current_os_release == bootspec_os_release, "Filename referenced by extension has unexpected contents" 169 '';

+3 -5

pkgs/applications/audio/go-musicfox/default.nix

··· 1 { lib 2 - , fetchFromGitHub 3 , buildGoModule 4 - , clangStdenv 5 , pkg-config 6 , alsa-lib 7 , flac 8 }: 9 10 - # gcc only supports objc on darwin 11 - buildGoModule.override { stdenv = clangStdenv; } rec { 12 pname = "go-musicfox"; 13 version = "4.0.5"; 14 ··· 45 homepage = "https://github.com/anhoder/go-musicfox"; 46 license = licenses.mit; 47 mainProgram = "musicfox"; 48 - maintainers = with maintainers; [ zendo Ruixi-rebirth ]; 49 }; 50 }

··· 1 { lib 0 2 , buildGoModule 3 + , fetchFromGitHub 4 , pkg-config 5 , alsa-lib 6 , flac 7 }: 8 9 + buildGoModule rec { 0 10 pname = "go-musicfox"; 11 version = "4.0.5"; 12 ··· 43 homepage = "https://github.com/anhoder/go-musicfox"; 44 license = licenses.mit; 45 mainProgram = "musicfox"; 46 + maintainers = with maintainers; [ zendo Ruixi-rebirth aleksana ]; 47 }; 48 }

+12

pkgs/applications/editors/vim/plugins/generated.nix

··· 14315 meta.homepage = "https://github.com/mattn/webapi-vim/"; 14316 }; 14317 0 0 0 0 0 0 0 0 0 0 0 0 14318 which-key-nvim = buildVimPluginFrom2Nix { 14319 pname = "which-key.nvim"; 14320 version = "2023-04-18";

··· 14315 meta.homepage = "https://github.com/mattn/webapi-vim/"; 14316 }; 14317 14318 + wgsl-vim = buildVimPluginFrom2Nix { 14319 + pname = "wgsl.vim"; 14320 + version = "2023-04-12"; 14321 + src = fetchFromGitHub { 14322 + owner = "DingDean"; 14323 + repo = "wgsl.vim"; 14324 + rev = "b72cb2c28ec9554be240113bceb34198f88484e6"; 14325 + sha256 = "1l1y9dwp33g5gp5mvyq4vkw8q8369r493i0qfn81nmwnmc09rsbn"; 14326 + }; 14327 + meta.homepage = "https://github.com/DingDean/wgsl.vim/"; 14328 + }; 14329 + 14330 which-key-nvim = buildVimPluginFrom2Nix { 14331 pname = "which-key.nvim"; 14332 version = "2023-04-18";

+1

pkgs/applications/editors/vim/plugins/vim-plugin-names

··· 1202 https://github.com/liuchengxu/vista.vim/,, 1203 https://github.com/dylanaraps/wal.vim/,, 1204 https://github.com/mattn/webapi-vim/,, 0 1205 https://github.com/folke/which-key.nvim/,, 1206 https://github.com/johnfrankmorgan/whitespace.nvim/,HEAD, 1207 https://github.com/gelguy/wilder.nvim/,,

··· 1202 https://github.com/liuchengxu/vista.vim/,, 1203 https://github.com/dylanaraps/wal.vim/,, 1204 https://github.com/mattn/webapi-vim/,, 1205 + https://github.com/DingDean/wgsl.vim/,HEAD, 1206 https://github.com/folke/which-key.nvim/,, 1207 https://github.com/johnfrankmorgan/whitespace.nvim/,HEAD, 1208 https://github.com/gelguy/wilder.nvim/,,

+4

pkgs/applications/graphics/rnote/default.nix

··· 59 60 dontUseCmakeConfigure = true; 61 0 0 0 0 62 buildInputs = [ 63 glib 64 gstreamer

··· 59 60 dontUseCmakeConfigure = true; 61 62 + mesonFlags = [ 63 + (lib.mesonBool "cli" true) 64 + ]; 65 + 66 buildInputs = [ 67 glib 68 gstreamer

+9 -9

pkgs/applications/networking/browsers/chromium/upstream-info.json

··· 19 } 20 }, 21 "beta": { 22 - "version": "113.0.5672.53", 23 - "sha256": "0k91xx3fm0kywjn00s9b7p776882b1mfajf2ig0iz3jac6rprh56", 24 - "sha256bin64": "1pzpigz8l6hsddb7v2g9m5d32hlq979l1cpj2yfnc6dixjs8x053", 25 "deps": { 26 "gn": { 27 "version": "2023-03-18", ··· 32 } 33 }, 34 "dev": { 35 - "version": "114.0.5720.4", 36 - "sha256": "1q9r4m1gda1mq0nwi00yfpxsqdghd0qb3k7a0xa9py8l6jcv8ifa", 37 - "sha256bin64": "15ss5xix773yn4g24ww9bw38g7wxgwhdqbgmwy44yvp0yl824czb", 38 "deps": { 39 "gn": { 40 - "version": "2023-04-07", 41 "url": "https://gn.googlesource.com/gn", 42 - "rev": "ffeea1b1fd070cb6a8d47154a03f8523486b50a7", 43 - "sha256": "0xpwh06a82nb4j9ifr878rij97dikfcjfbc08cnkmxrx7hs1sjdw" 44 } 45 } 46 },

··· 19 } 20 }, 21 "beta": { 22 + "version": "113.0.5672.63", 23 + "sha256": "07pf28yy5c4xw1xkycgzq53zbj14zvhh00sv601nggisq4fw3kkn", 24 + "sha256bin64": "1n1bcim5wfafa3bl9grp3ckmnbi1mzhdxz8pim408wz892da34zl", 25 "deps": { 26 "gn": { 27 "version": "2023-03-18", ··· 32 } 33 }, 34 "dev": { 35 + "version": "114.0.5735.6", 36 + "sha256": "0wxlfqxrawk77yzm00hb1fbssrycl4mha53wm4y5mlb8warqs5jk", 37 + "sha256bin64": "0vlb6zr50kn7i0rfvy3yvwzcffpg5ki7is8i3ck43b1gr1bsmgmb", 38 "deps": { 39 "gn": { 40 + "version": "2023-04-19", 41 "url": "https://gn.googlesource.com/gn", 42 + "rev": "5a004f9427a050c6c393c07ddb85cba8ff3849fa", 43 + "sha256": "01xrh9m9m6x8lz0vxwdw2mrhrvnw93zpg09hwdhqakj06agf4jjk" 44 } 45 } 46 },

+19 -19

pkgs/applications/networking/cluster/terraform-providers/providers.json

··· 46 "vendorHash": "sha256-nwl8GvS/hc07xSzM+wEwOAkT9oQcAuguHaEcM1nWjwg=" 47 }, 48 "alicloud": { 49 - "hash": "sha256-6PStzU5YBhFDGtQOWUZ8Iyo9miRCTMgDsuJX0rNCYMQ=", 50 "homepage": "https://registry.terraform.io/providers/aliyun/alicloud", 51 "owner": "aliyun", 52 "repo": "terraform-provider-alicloud", 53 - "rev": "v1.203.0", 54 "spdx": "MPL-2.0", 55 "vendorHash": null 56 }, ··· 128 "vendorHash": null 129 }, 130 "azurerm": { 131 - "hash": "sha256-tStlnMSlkkL+X/DP0SBmnm7xL6dH8HfyiaKY/McuMQE=", 132 "homepage": "https://registry.terraform.io/providers/hashicorp/azurerm", 133 "owner": "hashicorp", 134 "repo": "terraform-provider-azurerm", 135 - "rev": "v3.53.0", 136 "spdx": "MPL-2.0", 137 "vendorHash": null 138 }, ··· 164 "vendorHash": null 165 }, 166 "bitbucket": { 167 - "hash": "sha256-2JTJF+zYuf9ZKaEMSOxxjODbmIBXnhpwE8LJUdRIkYY=", 168 "homepage": "https://registry.terraform.io/providers/DrFaust92/bitbucket", 169 "owner": "DrFaust92", 170 "repo": "terraform-provider-bitbucket", 171 - "rev": "v2.31.0", 172 "spdx": "MPL-2.0", 173 "vendorHash": "sha256-mnG2CZ/ko4p4CTs0YskJP41sQD9lmEz4dRQLiklim34=" 174 }, 175 "brightbox": { 176 - "hash": "sha256-e4WvQKtf6zVEZ74c+lE3ZkbX24rPazp8MrJCNQDTz2c=", 177 "homepage": "https://registry.terraform.io/providers/brightbox/brightbox", 178 "owner": "brightbox", 179 "repo": "terraform-provider-brightbox", 180 - "rev": "v3.3.0", 181 "spdx": "MPL-2.0", 182 - "vendorHash": "sha256-dm+2SseBeS49/QoepRwJ1VFwPCtU+6VymvyEH/sLkvI=" 183 }, 184 "buildkite": { 185 "hash": "sha256-/LTUDnE5XB8Gwbs+CroJW+3pM7opNSVQFWvRQWQjFqc=", ··· 539 "vendorHash": "sha256-73Hpp4OLJyFmbiczVmFzCi++W0te6G9LSb8LhNwSDUg=" 540 }, 541 "huaweicloud": { 542 - "hash": "sha256-VK/b74pGB8vjaWmUi8Zz4K5utIUYlfeYk18YZF8J1jI=", 543 "homepage": "https://registry.terraform.io/providers/huaweicloud/huaweicloud", 544 "owner": "huaweicloud", 545 "repo": "terraform-provider-huaweicloud", 546 - "rev": "v1.47.1", 547 "spdx": "MPL-2.0", 548 "vendorHash": null 549 }, ··· 737 "vendorHash": "sha256-Mdy9uXYb7MH9XHqSNkG0QqTVzjvTy4+/Mr6VHXJBEZE=" 738 }, 739 "mongodbatlas": { 740 - "hash": "sha256-Ek7dIKWlyyAoEoMMTHx3DOBNuCoOtXP0CJHAsC04xy0=", 741 "homepage": "https://registry.terraform.io/providers/mongodb/mongodbatlas", 742 "owner": "mongodb", 743 "repo": "terraform-provider-mongodbatlas", 744 - "rev": "v1.8.2", 745 "spdx": "MPL-2.0", 746 - "vendorHash": "sha256-Eq5qsGKJnP+NOJKinDjHUeTLoeQc/BnK+e9d/O7ie7U=" 747 }, 748 "namecheap": { 749 "hash": "sha256-cms8YUL+SjTeYyIOQibksi8ZHEBYq2JlgTEpOO1uMZE=", ··· 764 "vendorHash": null 765 }, 766 "newrelic": { 767 - "hash": "sha256-/q1kKXdeVjxliE1HeGiusscLM4pYylgik88nxk5gPcs=", 768 "homepage": "https://registry.terraform.io/providers/newrelic/newrelic", 769 "owner": "newrelic", 770 "repo": "terraform-provider-newrelic", 771 - "rev": "v3.20.2", 772 "spdx": "MPL-2.0", 773 - "vendorHash": "sha256-WF4AdTu6lxoNSCsFKLMeQbHgH6j+hM0VNBRsue+azJA=" 774 }, 775 "nomad": { 776 "hash": "sha256-1TmcFS+ul7xpSGqQohcCdeQ2zuDD429xGI0X2Add5HQ=", ··· 1235 "vendorHash": "sha256-guUjkk7oW+Gvu015LUAxGqUwZF4H+4xmmOaMqKixZaI=" 1236 }, 1237 "vultr": { 1238 - "hash": "sha256-cHMD4/jlXTIQ9ppTFJsUTHVQ3R9Qoe0I3me7zz2bxus=", 1239 "homepage": "https://registry.terraform.io/providers/vultr/vultr", 1240 "owner": "vultr", 1241 "repo": "terraform-provider-vultr", 1242 - "rev": "v2.14.0", 1243 "spdx": "MPL-2.0", 1244 "vendorHash": null 1245 },

··· 46 "vendorHash": "sha256-nwl8GvS/hc07xSzM+wEwOAkT9oQcAuguHaEcM1nWjwg=" 47 }, 48 "alicloud": { 49 + "hash": "sha256-8jtZ+uhCpktt1e99j2I1C/sE69uOv911qbuaKTjv2DM=", 50 "homepage": "https://registry.terraform.io/providers/aliyun/alicloud", 51 "owner": "aliyun", 52 "repo": "terraform-provider-alicloud", 53 + "rev": "v1.204.0", 54 "spdx": "MPL-2.0", 55 "vendorHash": null 56 }, ··· 128 "vendorHash": null 129 }, 130 "azurerm": { 131 + "hash": "sha256-1K+uM8uRpFigr9scvBL/FDoqc7TKh4ZnppEHnl8i8EA=", 132 "homepage": "https://registry.terraform.io/providers/hashicorp/azurerm", 133 "owner": "hashicorp", 134 "repo": "terraform-provider-azurerm", 135 + "rev": "v3.54.0", 136 "spdx": "MPL-2.0", 137 "vendorHash": null 138 }, ··· 164 "vendorHash": null 165 }, 166 "bitbucket": { 167 + "hash": "sha256-lm/BNxfB5ZosyFYihJ6kh8oro+tCP6pRFNnWrvzeKgk=", 168 "homepage": "https://registry.terraform.io/providers/DrFaust92/bitbucket", 169 "owner": "DrFaust92", 170 "repo": "terraform-provider-bitbucket", 171 + "rev": "v2.32.0", 172 "spdx": "MPL-2.0", 173 "vendorHash": "sha256-mnG2CZ/ko4p4CTs0YskJP41sQD9lmEz4dRQLiklim34=" 174 }, 175 "brightbox": { 176 + "hash": "sha256-yKoYjrZs6EOX1pdDuF+LOu/jZ3fidZJBU7yhSp6qSFU=", 177 "homepage": "https://registry.terraform.io/providers/brightbox/brightbox", 178 "owner": "brightbox", 179 "repo": "terraform-provider-brightbox", 180 + "rev": "v3.4.1", 181 "spdx": "MPL-2.0", 182 + "vendorHash": "sha256-jOscYbwZ8m4smGiAy2vNhPMTAUnINkpuVRQ8E6LpWVw=" 183 }, 184 "buildkite": { 185 "hash": "sha256-/LTUDnE5XB8Gwbs+CroJW+3pM7opNSVQFWvRQWQjFqc=", ··· 539 "vendorHash": "sha256-73Hpp4OLJyFmbiczVmFzCi++W0te6G9LSb8LhNwSDUg=" 540 }, 541 "huaweicloud": { 542 + "hash": "sha256-8ilj+9aCZAlNhQ3OMF6uWFfAAVtISfS6eahywmPAb98=", 543 "homepage": "https://registry.terraform.io/providers/huaweicloud/huaweicloud", 544 "owner": "huaweicloud", 545 "repo": "terraform-provider-huaweicloud", 546 + "rev": "v1.48.0", 547 "spdx": "MPL-2.0", 548 "vendorHash": null 549 }, ··· 737 "vendorHash": "sha256-Mdy9uXYb7MH9XHqSNkG0QqTVzjvTy4+/Mr6VHXJBEZE=" 738 }, 739 "mongodbatlas": { 740 + "hash": "sha256-NvKthj+rVT23v/V1C8w8CMTfOy3yNsMjg2knXECzay4=", 741 "homepage": "https://registry.terraform.io/providers/mongodb/mongodbatlas", 742 "owner": "mongodb", 743 "repo": "terraform-provider-mongodbatlas", 744 + "rev": "v1.9.0", 745 "spdx": "MPL-2.0", 746 + "vendorHash": "sha256-E/1w1FVLHV5X3We3NxKG7INwQtME9FCgFW1uM/6eE38=" 747 }, 748 "namecheap": { 749 "hash": "sha256-cms8YUL+SjTeYyIOQibksi8ZHEBYq2JlgTEpOO1uMZE=", ··· 764 "vendorHash": null 765 }, 766 "newrelic": { 767 + "hash": "sha256-+awQtvyJBLSm+WYH2gp+VM2uNbWeEfIbwqw7VsikQEA=", 768 "homepage": "https://registry.terraform.io/providers/newrelic/newrelic", 769 "owner": "newrelic", 770 "repo": "terraform-provider-newrelic", 771 + "rev": "v3.21.3", 772 "spdx": "MPL-2.0", 773 + "vendorHash": "sha256-fqO3hlDUPY8/9SSMpNVD81pyaQE12zwNKDLSI54UF3M=" 774 }, 775 "nomad": { 776 "hash": "sha256-1TmcFS+ul7xpSGqQohcCdeQ2zuDD429xGI0X2Add5HQ=", ··· 1235 "vendorHash": "sha256-guUjkk7oW+Gvu015LUAxGqUwZF4H+4xmmOaMqKixZaI=" 1236 }, 1237 "vultr": { 1238 + "hash": "sha256-QZYuxtY89ldGUPNz/DJlFU6HWUJgeJC2TM6cSDoeaYc=", 1239 "homepage": "https://registry.terraform.io/providers/vultr/vultr", 1240 "owner": "vultr", 1241 "repo": "terraform-provider-vultr", 1242 + "rev": "v2.14.1", 1243 "spdx": "MPL-2.0", 1244 "vendorHash": null 1245 },

+3 -3

pkgs/applications/networking/cluster/terragrunt/default.nix

··· 5 6 buildGoModule rec { 7 pname = "terragrunt"; 8 - version = "0.45.4"; 9 10 src = fetchFromGitHub { 11 owner = "gruntwork-io"; 12 repo = pname; 13 rev = "refs/tags/v${version}"; 14 - hash = "sha256-rqMi+rBWOWoJeoOBpBPKp1lFKzZlWQJfShN5Uyxb5eM="; 15 }; 16 17 - vendorHash = "sha256-eY9YwXSIOrXbVWUIfVrUIRso1F5weBGKbPFv43k8t2Y="; 18 19 doCheck = false; 20

··· 5 6 buildGoModule rec { 7 pname = "terragrunt"; 8 + version = "0.45.5"; 9 10 src = fetchFromGitHub { 11 owner = "gruntwork-io"; 12 repo = pname; 13 rev = "refs/tags/v${version}"; 14 + hash = "sha256-Azf9A/ZHb8wFRsd7iv9Y4jr9xs8R7vNUffz9ky07SVk="; 15 }; 16 17 + vendorHash = "sha256-V7+N+vEOS4DXHglErD5YoUzu6EN4YRljV581kFnjK2M="; 18 19 doCheck = false; 20

+5 -5

pkgs/applications/networking/instant-messengers/element/pin.nix

··· 1 { 2 - "version" = "1.11.29"; 3 "hashes" = { 4 - "desktopSrcHash" = "/q2tMYz2Qu/njoFPzI965Vn69kliLXJqIAhWSB6CnBE="; 5 - "desktopYarnHash" = "1v910qx9ij4szs1fyxc1d2lh71zzyga5ry8d9i0pdw9nlwbkqjdh"; 6 - "webSrcHash" = "tnCaq3k0DFBYnJfS1BY4/OOR9oe+zHMnwATPsOoNAHc="; 7 - "webYarnHash" = "0rd7f6ypp64znwdlaxqfahpf6lrr0mn28y3h635bn7ipzfjcqmqk"; 8 }; 9 }

··· 1 { 2 + "version" = "1.11.30"; 3 "hashes" = { 4 + "desktopSrcHash" = "WICzS+KARX+Z4vfBqBd13wtNB7m18rsXJsFey/MnST0="; 5 + "desktopYarnHash" = "0rm0rghd2piaxhf7jvxs6rd6yykgdm8d2a7rxqc9m9xjklxdf6nj"; 6 + "webSrcHash" = "5o1DEVtkx4PYYRXYdyjVOlkvbQSc9/an5DshARTJTR4="; 7 + "webYarnHash" = "0bg5vc7q8afqfpsaqqkczf9whbzici5d2bxj5cadhrlmlb27f8nx"; 8 }; 9 }

+3 -3

pkgs/desktops/deepin/apps/deepin-screen-recorder/default.nix

··· 26 }: 27 stdenv.mkDerivation rec { 28 pname = "deepin-screen-recorder"; 29 - version = "5.11.23"; 30 31 src = fetchFromGitHub { 32 owner = "linuxdeepin"; 33 repo = pname; 34 rev = version; 35 - sha256 = "sha256-yKBF/MmhlgwO5GLwfGgs13ERuzOg8EYjc3bXZ8TvcBU="; 36 }; 37 38 patches = [ ./dont_use_libPath.diff ]; ··· 80 # qt5integration must be placed before qtsvg in QT_PLUGIN_PATH 81 qtWrapperArgs = [ 82 "--prefix QT_PLUGIN_PATH : ${qt5integration}/${qtbase.qtPluginPrefix}" 83 - "--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ udev gst_all_1.gstreamer ]}" 84 ]; 85 86 preFixup = ''

··· 26 }: 27 stdenv.mkDerivation rec { 28 pname = "deepin-screen-recorder"; 29 + version = "5.12.1"; 30 31 src = fetchFromGitHub { 32 owner = "linuxdeepin"; 33 repo = pname; 34 rev = version; 35 + sha256 = "sha256-43jqgiBa77UAes0ekMES6IqVOPVXfzfQQjePdxFkNDM="; 36 }; 37 38 patches = [ ./dont_use_libPath.diff ]; ··· 80 # qt5integration must be placed before qtsvg in QT_PLUGIN_PATH 81 qtWrapperArgs = [ 82 "--prefix QT_PLUGIN_PATH : ${qt5integration}/${qtbase.qtPluginPrefix}" 83 + "--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ udev gst_all_1.gstreamer libv4l ]}" 84 ]; 85 86 preFixup = ''

+2 -2

pkgs/development/python-modules/bthome-ble/default.nix

··· 12 13 buildPythonPackage rec { 14 pname = "bthome-ble"; 15 - version = "2.9.0"; 16 format = "pyproject"; 17 18 disabled = pythonOlder "3.9"; ··· 21 owner = "Bluetooth-Devices"; 22 repo = pname; 23 rev = "refs/tags/v${version}"; 24 - hash = "sha256-qVPlrj6EVTPJ/HiwynIg6iuJzUGb6Lan/QKC29C2YNk="; 25 }; 26 27 nativeBuildInputs = [

··· 12 13 buildPythonPackage rec { 14 pname = "bthome-ble"; 15 + version = "2.10.1"; 16 format = "pyproject"; 17 18 disabled = pythonOlder "3.9"; ··· 21 owner = "Bluetooth-Devices"; 22 repo = pname; 23 rev = "refs/tags/v${version}"; 24 + hash = "sha256-pwhq8MAy2FueddEZgAYgsDs7eCrK/bStUhNDhfa+zqk="; 25 }; 26 27 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/hahomematic/default.nix

··· 16 17 buildPythonPackage rec { 18 pname = "hahomematic"; 19 - version = "2023.4.4"; 20 format = "pyproject"; 21 22 disabled = pythonOlder "3.9"; ··· 25 owner = "danielperna84"; 26 repo = pname; 27 rev = "refs/tags/${version}"; 28 - hash = "sha256-5wUx0S3Wg30Kn6RAkybAOMQqRvVDt9HeIJyTPCVHqRc="; 29 }; 30 31 nativeBuildInputs = [

··· 16 17 buildPythonPackage rec { 18 pname = "hahomematic"; 19 + version = "2023.4.5"; 20 format = "pyproject"; 21 22 disabled = pythonOlder "3.9"; ··· 25 owner = "danielperna84"; 26 repo = pname; 27 rev = "refs/tags/${version}"; 28 + hash = "sha256-svXjBWiybJk3RzQtWGzFsvWJX0imhqQmPk9UmdeoIuY="; 29 }; 30 31 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/py-synologydsm-api/default.nix

··· 11 12 buildPythonPackage rec { 13 pname = "py-synologydsm-api"; 14 - version = "2.2.0"; 15 format = "pyproject"; 16 17 disabled = pythonOlder "3.8"; ··· 20 owner = "mib1185"; 21 repo = "py-synologydsm-api"; 22 rev = "refs/tags/v${version}"; 23 - hash = "sha256-L+i6PpN+3CgPp1X/EUQTXz1IUW3S0BJuuPPT4LKBtWs="; 24 }; 25 26 nativeBuildInputs = [

··· 11 12 buildPythonPackage rec { 13 pname = "py-synologydsm-api"; 14 + version = "2.3.0"; 15 format = "pyproject"; 16 17 disabled = pythonOlder "3.8"; ··· 20 owner = "mib1185"; 21 repo = "py-synologydsm-api"; 22 rev = "refs/tags/v${version}"; 23 + hash = "sha256-lSNdwM+b91XWILKjGsi73Tu29spOdnFznuE7ELg+mhw="; 24 }; 25 26 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/sphinx-inline-tabs/default.nix

··· 6 7 buildPythonPackage rec { 8 pname = "sphinx-inline-tabs"; 9 - version = "2022.01.02.beta11"; 10 format = "flit"; 11 12 src = fetchFromGitHub { 13 owner = "pradyunsg"; 14 repo = "sphinx-inline-tabs"; 15 rev = version; 16 - hash = "sha256-k2nOidUk87EZbFsqQ7zr/4eHk+T7wUOYimjbllfneUM="; 17 }; 18 19 propagatedBuildInputs = [

··· 6 7 buildPythonPackage rec { 8 pname = "sphinx-inline-tabs"; 9 + version = "2023.04.21"; 10 format = "flit"; 11 12 src = fetchFromGitHub { 13 owner = "pradyunsg"; 14 repo = "sphinx-inline-tabs"; 15 rev = version; 16 + hash = "sha256-1oZheHDNOQU0vWL3YClQrJe94WyUJ72bCAF1UKtjJ0w="; 17 }; 18 19 propagatedBuildInputs = [

+3 -3

pkgs/development/tools/analysis/checkov/default.nix

··· 22 23 buildPythonApplication rec { 24 pname = "checkov"; 25 - version = "2.3.202"; 26 format = "setuptools"; 27 28 src = fetchFromGitHub { 29 owner = "bridgecrewio"; 30 repo = pname; 31 rev = "refs/tags/${version}"; 32 - hash = "sha256-cJGHby6g4ndz031vxLFmQ9yUAB6lsyGff3eM8vjxUbc="; 33 }; 34 35 patches = [ ··· 116 # Tests are comparing console output 117 "cli" 118 "console" 119 - # Starting to fail after 2.3.202 120 "test_non_multiline_pair" 121 ]; 122

··· 22 23 buildPythonApplication rec { 24 pname = "checkov"; 25 + version = "2.3.205"; 26 format = "setuptools"; 27 28 src = fetchFromGitHub { 29 owner = "bridgecrewio"; 30 repo = pname; 31 rev = "refs/tags/${version}"; 32 + hash = "sha256-vs7gUYIw7n6PO5hjHFFtfM3gxjUxlmSOEJr8uJmeI6g="; 33 }; 34 35 patches = [ ··· 116 # Tests are comparing console output 117 "cli" 118 "console" 119 + # Starting to fail after 2.3.205 120 "test_non_multiline_pair" 121 ]; 122

-7

pkgs/misc/uboot/default.nix

··· 421 422 ubootQemuRiscv64Smode = buildUBoot { 423 defconfig = "qemu-riscv64_smode_defconfig"; 424 - extraPatches = [ 425 - # https://patchwork.ozlabs.org/project/uboot/patch/20220128134713.2322800-1-alexandre.ghiti@canonical.com/ 426 - (fetchpatch { 427 - url = "https://patchwork.ozlabs.org/series/283391/mbox/"; 428 - sha256 = "sha256-V0jDpx6O4bFzuaOQejdrRnLiWb5LBTx47T0TZqNtMXk="; 429 - }) 430 - ]; 431 extraMeta.platforms = ["riscv64-linux"]; 432 filesToInstall = ["u-boot.bin"]; 433 };

··· 421 422 ubootQemuRiscv64Smode = buildUBoot { 423 defconfig = "qemu-riscv64_smode_defconfig"; 0 0 0 0 0 0 0 424 extraMeta.platforms = ["riscv64-linux"]; 425 filesToInstall = ["u-boot.bin"]; 426 };

+6 -14

pkgs/os-specific/linux/can-utils/default.nix

··· 1 { lib, stdenv, fetchFromGitHub }: 2 3 - stdenv.mkDerivation { 4 pname = "can-utils"; 5 - # There are no releases (source archives or git tags), so use the date of the 6 - # latest commit in git master as version number. 7 - version = "20170830"; 8 9 src = fetchFromGitHub { 10 owner = "linux-can"; 11 repo = "can-utils"; 12 - rev = "5b518a0a5fa56856f804372a6b99b518dedb5386"; 13 - sha256 = "1ygzp8rjr8f1gs48mb1pz7psdgbfhlvr6kjdnmzbsqcml06zvrpr"; 14 }; 15 16 - # Fixup build with newer Linux headers. 17 - postPatch = '' 18 - sed '1i#include <linux/sockios.h>' -i \ 19 - slcanpty.c cansniffer.c canlogserver.c isotpdump.c isotpsniffer.c isotpperf.c 20 - ''; 21 - 22 - preConfigure = ''makeFlagsArray+=(PREFIX="$out")''; 23 24 meta = with lib; { 25 description = "CAN userspace utilities and tools (for use with Linux SocketCAN)"; 26 homepage = "https://github.com/linux-can/can-utils"; 27 license = licenses.gpl2Plus; 28 platforms = platforms.linux; 29 - maintainers = [ maintainers.bjornfor ]; 30 }; 31 }

··· 1 { lib, stdenv, fetchFromGitHub }: 2 3 + stdenv.mkDerivation rec { 4 pname = "can-utils"; 5 + version = "2023.03"; 0 0 6 7 src = fetchFromGitHub { 8 owner = "linux-can"; 9 repo = "can-utils"; 10 + rev = "v${version}"; 11 + hash = "sha256-FaopviBJOmO0lXoJcdKNdtsoaJ8JrFEJGyO1aNBv+Pg="; 12 }; 13 14 + makeFlags = [ "PREFIX=$(out)" ]; 0 0 0 0 0 0 15 16 meta = with lib; { 17 description = "CAN userspace utilities and tools (for use with Linux SocketCAN)"; 18 homepage = "https://github.com/linux-can/can-utils"; 19 license = licenses.gpl2Plus; 20 platforms = platforms.linux; 21 + maintainers = with maintainers; [ bjornfor Luflosi ]; 22 }; 23 }

+2 -2

pkgs/os-specific/linux/pscircle/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 pname = "pscircle"; 5 - version = "1.3.1"; 6 7 src = fetchFromGitLab { 8 owner = "mildlyparallel"; 9 repo = "pscircle"; 10 rev = "v${version}"; 11 - sha256 = "1sm99423hh90kr4wdjqi9sdrrpk65j2vz2hzj65zcxfxyr6khjci"; 12 }; 13 14 nativeBuildInputs = [

··· 2 3 stdenv.mkDerivation rec { 4 pname = "pscircle"; 5 + version = "1.4.0"; 6 7 src = fetchFromGitLab { 8 owner = "mildlyparallel"; 9 repo = "pscircle"; 10 rev = "v${version}"; 11 + sha256 = "sha256-bqbQBNscNfoqXprhoFUnUQO88YQs9xDhD4d3KHamtG0="; 12 }; 13 14 nativeBuildInputs = [

+1

pkgs/os-specific/linux/systemd/default.nix

··· 140 assert withCoredump -> withCompression; 141 assert withHomed -> withCryptsetup; 142 assert withHomed -> withPam; 0 143 144 let 145 wantCurl = withRemote || withImportd;

··· 140 assert withCoredump -> withCompression; 141 assert withHomed -> withCryptsetup; 142 assert withHomed -> withPam; 143 + assert withUkify -> withEfi; 144 145 let 146 wantCurl = withRemote || withImportd;

+4 -4

pkgs/tools/misc/bootspec/default.nix

··· 4 }: 5 rustPlatform.buildRustPackage rec { 6 pname = "bootspec"; 7 - version = "unstable-2022-12-05"; 8 9 src = fetchFromGitHub { 10 owner = "DeterminateSystems"; 11 repo = pname; 12 - rev = "67a617ab6b99211daa92e748d27ead3f78127cf8"; 13 - hash = "sha256-GX6Tzs/ClTUV9OXLvPFw6uBhrpCWSMI+PfrViyFEIxs="; 14 }; 15 16 - cargoHash = "sha256-N/hbfjsuvwCc0mxOpeVVcTxb5cA024lyLSEpVcrS7kA="; 17 18 meta = with lib; { 19 description = "Implementation of RFC-0125's datatype and synthesis tooling";

··· 4 }: 5 rustPlatform.buildRustPackage rec { 6 pname = "bootspec"; 7 + version = "0.1.0"; 8 9 src = fetchFromGitHub { 10 owner = "DeterminateSystems"; 11 repo = pname; 12 + rev = "v${version}"; 13 + hash = "sha256-Gf6cIFympRIZo6vzQIX3sQ3ycLlmkDRXtEd2IYH7LQo="; 14 }; 15 16 + cargoHash = "sha256-8qm9aUvH1EbZ5Jmtw+86KdNyLbYJ7BVExTyyexirTyw="; 17 18 meta = with lib; { 19 description = "Implementation of RFC-0125's datatype and synthesis tooling";

+3 -3

pkgs/tools/misc/powerline-go/default.nix

··· 5 6 buildGoModule rec { 7 pname = "powerline-go"; 8 - version = "1.22.1"; 9 10 src = fetchFromGitHub { 11 owner = "justjanne"; 12 repo = pname; 13 rev = "v${version}"; 14 - sha256 = "sha256-7QhW0Vn1u63N0fzSiX/vu0HNhFkoSFHXteJCrcFX+4Q="; 15 }; 16 17 - vendorSha256 = "sha256-+R+UwoYJ+KsV+jQj8+wfEsCAvezolsoPDNzCnGLzOEc="; 18 19 meta = with lib; { 20 description = "A Powerline like prompt for Bash, ZSH and Fish";

··· 5 6 buildGoModule rec { 7 pname = "powerline-go"; 8 + version = "1.23"; 9 10 src = fetchFromGitHub { 11 owner = "justjanne"; 12 repo = pname; 13 rev = "v${version}"; 14 + hash = "sha256-qEVsJsDvqcMVxLz81kNybEO/TwCvhi8E/laci8ry/dw="; 15 }; 16 17 + vendorHash = "sha256-W7Lf9s689oJy4U5sQlkLt3INJwtvzU2pot3EFimp7Jw="; 18 19 meta = with lib; { 20 description = "A Powerline like prompt for Bash, ZSH and Fish";

+1 -1

pkgs/tools/security/ghauri/default.nix

··· 11 src = fetchFromGitHub { 12 owner = "r0oth3x49"; 13 repo = "ghauri"; 14 - rev = "refs7tags/${version}"; 15 hash = "sha256-WEWiWu8U7DmRjj42BEBXA3CHTyJh2Apz59ImFrmQXEk="; 16 }; 17

··· 11 src = fetchFromGitHub { 12 owner = "r0oth3x49"; 13 repo = "ghauri"; 14 + rev = "refs/tags/${version}"; 15 hash = "sha256-WEWiWu8U7DmRjj42BEBXA3CHTyJh2Apz59ImFrmQXEk="; 16 }; 17