+2 -2

doc/stdenv/cross-compilation.chapter.md

··· 158 158 159 159 ### Implementation of dependencies {#ssec-cross-dependency-implementation} 160 160 161 161 - The categories of dependencies developed in [](#ssec-cross-dependency-categorization) are specified as lists of derivations given to `mkDerivation`, as documented in [](#ssec-stdenv-dependencies). In short, each list of dependencies for "host → target" of "foo → bar" is called `depsFooBar`, with exceptions for backwards compatibility that `depsBuildHost` is instead called `nativeBuildInputs` and `depsHostTarget` is instead called `buildInputs`. Nixpkgs is now structured so that each `depsFooBar` is automatically taken from `pkgsFooBar`. (These `pkgsFooBar`s are quite new, so there is no special case for `nativeBuildInputs` and `buildInputs`.) For example, `pkgsBuildHost.gcc` should be used at build-time, while `pkgsHostTarget.gcc` should be used at run-time. 161 161 + The categories of dependencies developed in [](#ssec-cross-dependency-categorization) are specified as lists of derivations given to `mkDerivation`, as documented in [](#ssec-stdenv-dependencies). In short, each list of dependencies for "host → target" is called `deps<host><target>` (where `host`, and `target` values are either `build`, `host`, or `target`), with exceptions for backwards compatibility that `depsBuildHost` is instead called `nativeBuildInputs` and `depsHostTarget` is instead called `buildInputs`. Nixpkgs is now structured so that each `deps<host><target>` is automatically taken from `pkgs<host><target>`. (These `pkgs<host><target>`s are quite new, so there is no special case for `nativeBuildInputs` and `buildInputs`.) For example, `pkgsBuildHost.gcc` should be used at build-time, while `pkgsHostTarget.gcc` should be used at run-time. 162 162 163 163 - Now, for most of Nixpkgs's history, there were no `pkgsFooBar` attributes, and most packages have not been refactored to use it explicitly. Prior to those, there were just `buildPackages`, `pkgs`, and `targetPackages`. Those are now redefined as aliases to `pkgsBuildHost`, `pkgsHostTarget`, and `pkgsTargetTarget`. It is acceptable, even recommended, to use them for libraries to show that the host platform is irrelevant. 163 163 + Now, for most of Nixpkgs's history, there were no `pkgs<host><target>` attributes, and most packages have not been refactored to use it explicitly. Prior to those, there were just `buildPackages`, `pkgs`, and `targetPackages`. Those are now redefined as aliases to `pkgsBuildHost`, `pkgsHostTarget`, and `pkgsTargetTarget`. It is acceptable, even recommended, to use them for libraries to show that the host platform is irrelevant. 164 164 165 165 But before that, there was just `pkgs`, even though both `buildInputs` and `nativeBuildInputs` existed. \[Cross barely worked, and those were implemented with some hacks on `mkDerivation` to override dependencies.\] What this means is the vast majority of packages do not use any explicit package set to populate their dependencies, just using whatever `callPackage` gives them even if they do correctly sort their dependencies into the multiple lists described above. And indeed, asking that users both sort their dependencies, _and_ take them from the right attribute set, is both too onerous and redundant, so the recommended approach (for now) is to continue just categorizing by list and not using an explicit package set. 166 166

+23 -10

doc/stdenv/stdenv.chapter.md

··· 116 116 117 117 ## Specifying dependencies {#ssec-stdenv-dependencies} 118 118 119 119 - As described in the Nix manual, almost any `*.drv` store path in a derivation’s attribute set will induce a dependency on that derivation. `mkDerivation`, however, takes a few attributes intended to, between them, include all the dependencies of a package. This is done both for structure and consistency, but also so that certain other setup can take place. For example, certain dependencies need their bin directories added to the `PATH`. That is built-in, but other setup is done via a pluggable mechanism that works in conjunction with these dependency attributes. See [](#ssec-setup-hooks) for details. 119 119 + As described in the Nix manual, almost any `*.drv` store path in a derivation’s attribute set will induce a dependency on that derivation. `mkDerivation`, however, takes a few attributes intended to include all the dependencies of a package. This is done both for structure and consistency, but also so that certain other setup can take place. For example, certain dependencies need their bin directories added to the `PATH`. That is built-in, but other setup is done via a pluggable mechanism that works in conjunction with these dependency attributes. See [](#ssec-setup-hooks) for details. 120 120 121 121 Dependencies can be broken down along three axes: their host and target platforms relative to the new derivation’s, and whether they are propagated. The platform distinctions are motivated by cross compilation; see [](#chap-cross) for exactly what each platform means. [^footnote-stdenv-ignored-build-platform] But even if one is not cross compiling, the platforms imply whether or not the dependency is needed at run-time or build-time, a concept that makes perfect sense outside of cross compilation. By default, the run-time/build-time distinction is just a hint for mental clarity, but with `strictDeps` set it is mostly enforced even in the native case. 122 122 123 123 The extension of `PATH` with dependencies, alluded to above, proceeds according to the relative platforms alone. The process is carried out only for dependencies whose host platform matches the new derivation’s build platform i.e. dependencies which run on the platform where the new derivation will be built. [^footnote-stdenv-native-dependencies-in-path] For each dependency \<dep\> of those dependencies, `dep/bin`, if present, is added to the `PATH` environment variable. 124 124 125 125 - The dependency is propagated when it forces some of its other-transitive (non-immediate) downstream dependencies to also take it on as an immediate dependency. Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency. 125 125 + A dependency is said to be **propagated** when some of its other-transitive (non-immediate) downstream dependencies also need it as an immediate dependency. 126 126 + [^footnote-stdenv-propagated-dependencies] 127 127 + 128 128 + It is important to note that dependencies are not necessarily propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up. To determine the exact rules for dependency propagation, we start by assigning to each dependency a couple of ternary numbers (`-1` for `build`, `0` for `host`, and `1` for `target`), representing how respectively its host and target platforms are "offset" from the depending derivation’s platforms. The following table summarize the different combinations that can be obtained: 126 129 127 127 - It is important to note that dependencies are not necessarily propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up. The exact rules for dependency propagation can be given by assigning to each dependency two integers based one how its host and target platforms are offset from the depending derivation’s platforms. Those offsets are given below in the descriptions of each dependency list attribute. Algorithmically, we traverse propagated inputs, accumulating every propagated dependency’s propagated dependencies and adjusting them to account for the “shift in perspective” described by the current dependency’s platform offsets. This results in sort a transitive closure of the dependency relation, with the offsets being approximately summed when two dependency links are combined. We also prune transitive dependencies whose combined offsets go out-of-bounds, which can be viewed as a filter over that transitive closure removing dependencies that are blatantly absurd. 130 130 + | `host → target` | attribute name | offset | 131 131 + | ------------------- | ------------------- | -------- | 132 132 + | `build --> build` | `depsBuildBuild` | `-1, -1` | 133 133 + | `build --> host` | `nativeBuildInputs` | `-1, 0` | 134 134 + | `build --> target` | `depsBuildTarget` | `-1, 1` | 135 135 + | `host --> host` | `depsHostHost` | `0, 0` | 136 136 + | `host --> target` | `buildInputs` | `0, 1` | 137 137 + | `target --> target` | `depsTargetTarget` | `1, 1` | 138 138 + 139 139 + Algorithmically, we traverse propagated inputs, accumulating every propagated dependency’s propagated dependencies and adjusting them to account for the “shift in perspective” described by the current dependency’s platform offsets. This results is sort of a transitive closure of the dependency relation, with the offsets being approximately summed when two dependency links are combined. We also prune transitive dependencies whose combined offsets go out-of-bounds, which can be viewed as a filter over that transitive closure removing dependencies that are blatantly absurd. 128 140 129 141 We can define the process precisely with [Natural Deduction](https://en.wikipedia.org/wiki/Natural_deduction) using the inference rules. This probably seems a bit obtuse, but so is the bash code that actually implements it! [^footnote-stdenv-find-inputs-location] They’re confusing in very different ways so… hopefully if something doesn’t make sense in one presentation, it will in the other! 130 142 ··· 179 191 180 192 #### `depsBuildBuild` {#var-stdenv-depsBuildBuild} 181 193 182 182 - A list of dependencies whose host and target platforms are the new derivation’s build platform. This means a `-1` host and `-1` target offset from the new derivation’s platforms. These are programs and libraries used at build time that produce programs and libraries also used at build time. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it in `nativeBuildInputs` instead. The most common use of this `buildPackages.stdenv.cc`, the default C compiler for this role. That example crops up more than one might think in old commonly used C libraries. 194 194 + A list of dependencies whose host and target platforms are the new derivation’s build platform. These are programs and libraries used at build time that produce programs and libraries also used at build time. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it in `nativeBuildInputs` instead. The most common use of this `buildPackages.stdenv.cc`, the default C compiler for this role. That example crops up more than one might think in old commonly used C libraries. 183 195 184 196 Since these packages are able to be run at build-time, they are always added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. 185 197 186 198 #### `nativeBuildInputs` {#var-stdenv-nativeBuildInputs} 187 199 188 188 - A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s host platform. This means a `-1` host offset and `0` target offset from the new derivation’s platforms. These are programs and libraries used at build-time that, if they are a compiler or similar tool, produce code to run at run-time—i.e. tools used to build the new derivation. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild` or `depsBuildTarget`. This could be called `depsBuildHost` but `nativeBuildInputs` is used for historical continuity. 200 200 + A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s host platform. These are programs and libraries used at build-time that, if they are a compiler or similar tool, produce code to run at run-time—i.e. tools used to build the new derivation. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild` or `depsBuildTarget`. This could be called `depsBuildHost` but `nativeBuildInputs` is used for historical continuity. 189 201 190 202 Since these packages are able to be run at build-time, they are added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. 191 203 192 204 #### `depsBuildTarget` {#var-stdenv-depsBuildTarget} 193 205 194 194 - A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s target platform. This means a `-1` host offset and `1` target offset from the new derivation’s platforms. These are programs used at build time that produce code to run with code produced by the depending package. Most commonly, these are tools used to build the runtime or standard library that the currently-being-built compiler will inject into any code it compiles. In many cases, the currently-being-built-compiler is itself employed for that task, but when that compiler won’t run (i.e. its build and host platform differ) this is not possible. Other times, the compiler relies on some other tool, like binutils, that is always built separately so that the dependency is unconditional. 206 206 + A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s target platform. These are programs used at build time that produce code to run with code produced by the depending package. Most commonly, these are tools used to build the runtime or standard library that the currently-being-built compiler will inject into any code it compiles. In many cases, the currently-being-built-compiler is itself employed for that task, but when that compiler won’t run (i.e. its build and host platform differ) this is not possible. Other times, the compiler relies on some other tool, like binutils, that is always built separately so that the dependency is unconditional. 195 207 196 196 - This is a somewhat confusing concept to wrap one’s head around, and for good reason. As the only dependency type where the platform offsets are not adjacent integers, it requires thinking of a bootstrapping stage *two* away from the current one. It and its use-case go hand in hand and are both considered poor form: try to not need this sort of dependency, and try to avoid building standard libraries and runtimes in the same derivation as the compiler produces code using them. Instead strive to build those like a normal library, using the newly-built compiler just as a normal library would. In short, do not use this attribute unless you are packaging a compiler and are sure it is needed. 208 208 + This is a somewhat confusing concept to wrap one’s head around, and for good reason. As the only dependency type where the platform offsets, `-1` and `1`, are not adjacent integers, it requires thinking of a bootstrapping stage *two* away from the current one. It and its use-case go hand in hand and are both considered poor form: try to not need this sort of dependency, and try to avoid building standard libraries and runtimes in the same derivation as the compiler produces code using them. Instead strive to build those like a normal library, using the newly-built compiler just as a normal library would. In short, do not use this attribute unless you are packaging a compiler and are sure it is needed. 197 209 198 210 Since these packages are able to run at build time, they are added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. 199 211 200 212 #### `depsHostHost` {#var-stdenv-depsHostHost} 201 213 202 202 - A list of dependencies whose host and target platforms match the new derivation’s host platform. This means a `0` host offset and `0` target offset from the new derivation’s host platform. These are packages used at run-time to generate code also used at run-time. In practice, this would usually be tools used by compilers for macros or a metaprogramming system, or libraries used by the macros or metaprogramming code itself. It’s always preferable to use a `depsBuildBuild` dependency in the derivation being built over a `depsHostHost` on the tool doing the building for this purpose. 214 214 + A list of dependencies whose host and target platforms match the new derivation’s host platform. In practice, this would usually be tools used by compilers for macros or a metaprogramming system, or libraries used by the macros or metaprogramming code itself. It’s always preferable to use a `depsBuildBuild` dependency in the derivation being built over a `depsHostHost` on the tool doing the building for this purpose. 203 215 204 216 #### `buildInputs` {#var-stdenv-buildInputs} 205 217 206 206 - A list of dependencies whose host platform and target platform match the new derivation’s. This means a `0` host offset and a `1` target offset from the new derivation’s host platform. This would be called `depsHostTarget` but for historical continuity. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild`. 218 218 + A list of dependencies whose host platform and target platform match the new derivation’s. This would be called `depsHostTarget` but for historical continuity. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild`. 207 219 208 220 These are often programs and libraries used by the new derivation at *run*-time, but that isn’t always the case. For example, the machine code in a statically-linked library is only used at run-time, but the derivation containing the library is only needed at build-time. Even in the dynamic case, the library may also be needed at build-time to appease the linker. 209 221 210 222 #### `depsTargetTarget` {#var-stdenv-depsTargetTarget} 211 223 212 212 - A list of dependencies whose host platform matches the new derivation’s target platform. This means a `1` offset from the new derivation’s platforms. These are packages that run on the target platform, e.g. the standard library or run-time deps of standard library that a compiler insists on knowing about. It’s poor form in almost all cases for a package to depend on another from a future stage \[future stage corresponding to positive offset\]. Do not use this attribute unless you are packaging a compiler and are sure it is needed. 224 224 + A list of dependencies whose host platform matches the new derivation’s target platform. These are packages that run on the target platform, e.g. the standard library or run-time deps of standard library that a compiler insists on knowing about. It’s poor form in almost all cases for a package to depend on another from a future stage \[future stage corresponding to positive offset\]. Do not use this attribute unless you are packaging a compiler and are sure it is needed. 213 225 214 226 #### `depsBuildBuildPropagated` {#var-stdenv-depsBuildBuildPropagated} 215 227 ··· 1228 1240 1229 1241 [^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation. 1230 1242 [^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`. 1243 1243 + [^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency. 1231 1244 [^footnote-stdenv-find-inputs-location]: The `findInputs` function, currently residing in `pkgs/stdenv/generic/setup.sh`, implements the propagation logic. 1232 1245 [^footnote-stdenv-sys-lib-search-path]: It clears the `sys_lib_*search_path` variables in the Libtool script to prevent Libtool from using libraries in `/usr/lib` and such. 1233 1246 [^footnote-stdenv-build-time-guessing-impurity]: Eventually these will be passed building natively as well, to improve determinism: build-time guessing, as is done today, is a risk of impurity.

+1 -1

nixos/modules/services/x11/desktop-managers/gnome.nix

··· 453 453 cantarell-fonts 454 454 dejavu_fonts 455 455 source-code-pro # Default monospace font in 3.32 456 456 - source-sans-pro 456 456 + source-sans 457 457 ]; 458 458 459 459 # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-38/elements/core/meta-gnome-core-shell.bst

+2 -2

pkgs/applications/blockchains/chia/default.nix

··· 6 6 7 7 let chia = python3Packages.buildPythonApplication rec { 8 8 pname = "chia"; 9 9 - version = "1.2.9"; 9 9 + version = "1.2.10"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "Chia-Network"; 13 13 repo = "chia-blockchain"; 14 14 rev = version; 15 15 fetchSubmodules = true; 16 16 - sha256 = "sha256-ZDWkVCga/NsKOnj5HP0lnmnX6vqw+I0b3a1Wr1t1VN0="; 16 16 + sha256 = "sha256-TzSBGjgaE0IWaqJcCIoO/u+gDh17NtAqhE8ldbbjNIE="; 17 17 }; 18 18 19 19 postPatch = ''

+2 -2

pkgs/applications/editors/texstudio/default.nix

··· 3 3 4 4 mkDerivation rec { 5 5 pname = "texstudio"; 6 6 - version = "4.0.0"; 6 6 + version = "4.0.2"; 7 7 8 8 src = fetchFromGitHub { 9 9 owner = "${pname}-org"; 10 10 repo = pname; 11 11 rev = version; 12 12 - sha256 = "0fapgc6dvzn47gmhxkqymwi3818rdiag33ml57j2mfmsi5pjxi0f"; 12 12 + sha256 = "sha256-SCrWoIZan8mFwQoXaXvM0Ujdhcic3FbmfgKZSFXFBGE="; 13 13 }; 14 14 15 15 nativeBuildInputs = [ qmake wrapQtAppsHook pkg-config ];

+2 -2

pkgs/applications/graphics/ImageMagick/6.x.nix

··· 16 16 17 17 stdenv.mkDerivation rec { 18 18 pname = "imagemagick"; 19 19 - version = "6.9.12-19"; 19 19 + version = "6.9.12-26"; 20 20 21 21 src = fetchFromGitHub { 22 22 owner = "ImageMagick"; 23 23 repo = "ImageMagick6"; 24 24 rev = version; 25 25 - sha256 = "sha256-8KofT9aNd8SXL0YBQ0RUOTccVxQNacvJL1uYPZiSPkY="; 25 25 + sha256 = "sha256-oNorY/93jk1v5BS1T3wqctXuzV4o8JlyZtHnsNYmO4U="; 26 26 }; 27 27 28 28 outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big

+2 -2

pkgs/applications/graphics/ImageMagick/7.0.nix

··· 18 18 19 19 stdenv.mkDerivation rec { 20 20 pname = "imagemagick"; 21 21 - version = "7.1.0-9"; 21 21 + version = "7.1.0-11"; 22 22 23 23 src = fetchFromGitHub { 24 24 owner = "ImageMagick"; 25 25 repo = "ImageMagick"; 26 26 rev = version; 27 27 - sha256 = "sha256-9eeOY6TvNykWA3yyQH1UR3ahdhOja87I9rsie9fMbso="; 27 27 + sha256 = "sha256-z7ZpoB8NlcS5NVyoW0ngSlakCcb5qC3bh3xDVYuWS6w="; 28 28 }; 29 29 30 30 outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big

+8 -8

pkgs/applications/networking/cluster/k3s/default.nix

··· 42 42 # Those pieces of software we entirely ignore upstream's handling of, and just 43 43 # make sure they're in the path if desired. 44 44 let 45 45 - k3sVersion = "1.21.4+k3s1"; # k3s git tag 46 46 - k3sCommit = "3e250fdbab72d88f7e6aae57446023a0567ffc97"; # k3s git commit at the above version 47 47 - k3sRepoSha256 = "1w7drvk0bmlmqrxh1y6dxjy7dk6bdrl72pkd25lc1ir6wbzb05h9"; 45 45 + k3sVersion = "1.22.2+k3s2"; # k3s git tag 46 46 + k3sCommit = "3f5774b41eb475eb10c93bb0ce58459a6f777c5f"; # k3s git commit at the above version 47 47 + k3sRepoSha256 = "1kjf2zkm5d3s1aj4w9gzsc3ms3a0cm900fyi9899ijczw1cbrc61"; 48 48 49 49 - traefikChartVersion = "9.18.2"; # taken from ./manifests/traefik.yaml at spec.version 50 50 - traefikChartSha256 = "sha256-9d7p0ngyMN27u4OPgz7yI14Zj9y36t9o/HMX5wyDpUI="; 49 49 + traefikChartVersion = "10.3.0"; # taken from ./manifests/traefik.yaml at spec.version 50 50 + traefikChartSha256 = "0y6wr64xp7bgx24kqil0x6myr3pnfrg8rw0d1h5zd2n5a8nfd73f"; 51 51 52 52 k3sRootVersion = "0.9.1"; # taken from ./scripts/download at ROOT_VERSION 53 53 - k3sRootSha256 = "sha256-qI84KYJKY/T6pqWZW9lOTq5NzZiu//v1zrMzUCiRTGQ="; 53 53 + k3sRootSha256 = "0r2cj4l50cxkrvszpzxfk36lvbjf9vcmp6d5lvxg8qsah8lki3x8"; 54 54 55 55 - k3sCNIVersion = "0.8.6-k3s1"; # taken from ./scripts/version.sh at VERSION_CNIPLUGINS 56 56 - k3sCNISha256 = "sha256-uAy17eRRAXPCcnh481KxFMvFQecnnBs24jn5YnVNfY4="; 55 55 + k3sCNIVersion = "0.9.1-k3s1"; # taken from ./scripts/version.sh at VERSION_CNIPLUGINS 56 56 + k3sCNISha256 = "1327vmfph7b8i14q05c2xdfzk60caflg1zhycx0mrf3d59f4zsz5"; 57 57 58 58 baseMeta = { 59 59 description = "A lightweight Kubernetes distribution";

+3 -1

pkgs/applications/networking/cluster/k3s/update.sh

··· 12 12 curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ 13 13 https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE} 14 14 15 15 - LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | grep -v -e rc -e engine | sed 's/["|,| ]//g' | sort -V -r | head -n1) 15 15 + LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | \ 16 16 + grep -v -e rc -e engine | tail -n +2 | head -n -1 | sed 's|[", ]||g' | sort -rV | head -n1) 17 17 + 16 18 K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') 17 19 18 20 K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \

+3 -3

pkgs/applications/networking/cluster/linkerd/default.nix

··· 2 2 3 3 (callPackage ./generic.nix { }) { 4 4 channel = "stable"; 5 5 - version = "2.10.2"; 6 6 - sha256 = "sha256-dOD0S4FJ2lXE+1VZooi8tKvC8ndGEHAxmAvSqoWI/m0="; 7 7 - vendorSha256 = "sha256-Qb0FZOvKL9GgncfUl538PynkYbm3V8Q6lUpApUoIp5s="; 5 5 + version = "2.11.0"; 6 6 + sha256 = "172in8vmr7c5sff111rrd5127lz2pv7bbh7p399xafnk8ri0fx2i"; 7 7 + vendorSha256 = "sha256-c3EyVrblqtFuoP7+YdbyPN0DdN6TcQ5DTtFQ/frKM0Q="; 8 8 }

+3 -3

pkgs/applications/networking/cluster/linkerd/edge.nix

··· 2 2 3 3 (callPackage ./generic.nix { }) { 4 4 channel = "edge"; 5 5 - version = "21.9.3"; 6 6 - sha256 = "0swqx4myvr24visj39icg8g90kj325pvf22bq447rnm0whq3cnyz"; 7 7 - vendorSha256 = "sha256-fMtAR66TwMNR/HCVQ9Jg3sJ0XBx2jUKDG7/ts0lEZM4="; 5 5 + version = "21.10.3"; 6 6 + sha256 = "09k4c0dgn9vvgp6xb20x0vylk6bbd03srk3sra8vnpywwi591mcv"; 7 7 + vendorSha256 = "sha256-uGj1sMEa791ZKA7hpJ1A9vtwsmrZDGAYp6HQo6QNAYY="; 8 8 }

+7 -2

pkgs/data/fonts/source-han/default.nix

··· 48 48 serif = makePackage { 49 49 family = "serif"; 50 50 description = "serif"; 51 51 - rev = "1.001R"; 52 52 - sha256 = "0nnsb2w140ih0cnp1fh7s4csvzp9y0cavz9df2ryhv215mh9z4m0"; 51 51 + rev = "2.000R"; 52 52 + sha256 = "0x3n6s4khdd6l0crwd7g9sjaqp8lkvksglhc7kj3cv80hldab9wp"; 53 53 + postFetch = '' 54 54 + mkdir -p $out/share/fonts/opentype/source-han-serif 55 55 + unzip $downloadedFile -d $out/share/fonts/opentype/source-han-serif 56 56 + ''; 57 57 + zip = ".zip"; 53 58 }; 54 59 55 60 mono = makePackage {

+2

pkgs/development/libraries/libnfc/default.nix

··· 11 11 12 12 buildInputs = [ libusb-compat-0_1 readline ]; 13 13 14 14 + configureFlags = [ "sysconfdir=/etc" ]; 15 15 + 14 16 meta = with lib; { 15 17 description = "Open source library libnfc for Near Field Communication"; 16 18 license = licenses.gpl3;

+2 -2

pkgs/development/libraries/physics/fastjet-contrib/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "fastjet-contrib"; 5 5 - version = "1.045"; 5 5 + version = "1.046"; 6 6 7 7 src = fetchurl { 8 8 url = "http://fastjet.hepforge.org/contrib/downloads/fjcontrib-${version}.tar.gz"; 9 9 - sha256 = "1y45jx7i30ik2pjv33y16fi5i5jpmi0zp1jh32pwywd3diaiazv6"; 9 9 + sha256 = "sha256-cgavrH/rIHXZn7sDa7NRPTKy2sOvMDQQJjmGNUeT7s8="; 10 10 }; 11 11 12 12 buildInputs = [ fastjet ];

+2 -2

pkgs/development/libraries/vte/default.nix

··· 25 25 26 26 stdenv.mkDerivation rec { 27 27 pname = "vte"; 28 28 - version = "0.66.0"; 28 28 + version = "0.64.2"; 29 29 30 30 outputs = [ "out" "dev" ]; 31 31 32 32 src = fetchurl { 33 33 url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; 34 34 - sha256 = "sha256-0IE6wA+x102IhR52X3VdSWyD4JcJc1jqG6rbOLN7ezM="; 34 34 + sha256 = "sha256-KzyCC2WmZ8HYhZuiBHi+Ym0VGcwxWdrCX3AzMMbQfhg="; 35 35 }; 36 36 37 37 patches = [

+2 -2

pkgs/development/python-modules/casbin/default.nix

··· 9 9 10 10 buildPythonPackage rec { 11 11 pname = "casbin"; 12 12 - version = "1.9.2"; 12 12 + version = "1.9.3"; 13 13 14 14 disabled = isPy27; 15 15 ··· 17 17 owner = pname; 18 18 repo = "pycasbin"; 19 19 rev = "v${version}"; 20 20 - sha256 = "0awqdh4jsarf0lr2bl2qiaff1yk9vndq15jcl4abiig9wr2yghpc"; 20 20 + sha256 = "sha256-PN31/1BpXcNqsqBZ8sS/MM3UL47/Bi24bUh+jGOJevk="; 21 21 }; 22 22 23 23 propagatedBuildInputs = [

+27

pkgs/development/python-modules/insegel/default.nix

··· 1 1 + { lib, buildPythonPackage, fetchPypi, pygments }: 2 2 + 3 3 + buildPythonPackage rec { 4 4 + pname = "insegel"; 5 5 + version = "1.3.1"; 6 6 + 7 7 + src = fetchPypi { 8 8 + inherit pname version; 9 9 + sha256 = "1d055dd64f6eb335580a485271511ba2f4e3b5e315f48f827f58da3cace4b4ae"; 10 10 + }; 11 11 + 12 12 + propagatedBuildInputs = [ pygments ]; 13 13 + 14 14 + # No tests included 15 15 + doCheck = false; 16 16 + 17 17 + pythonImportsCheck = [ 18 18 + "insegel" 19 19 + ]; 20 20 + 21 21 + meta = with lib; { 22 22 + homepage = "https://github.com/autophagy/insegel"; 23 23 + description = "A monochrome 2 column Sphinx theme"; 24 24 + license = licenses.mit; 25 25 + maintainers = with maintainers; [ autophagy ]; 26 26 + }; 27 27 + }

+2 -2

pkgs/development/python-modules/minio/default.nix

··· 16 16 17 17 buildPythonPackage rec { 18 18 pname = "minio"; 19 19 - version = "7.1.0"; 19 19 + version = "7.1.1"; 20 20 disabled = pythonOlder "3.6"; 21 21 22 22 src = fetchFromGitHub { 23 23 owner = "minio"; 24 24 repo = "minio-py"; 25 25 rev = version; 26 26 - sha256 = "sha256-0N9hPjGGYHFyGzEWWDnW7KsPQtv0y/j/lCBLNC9IlpA="; 26 26 + sha256 = "sha256-dUNx6r7KppfeHefa1IeJPXSEMyElPk+RAGdn447ax1g="; 27 27 }; 28 28 29 29 propagatedBuildInputs = [

+20 -8

pkgs/development/python-modules/py-synologydsm-api/default.nix

··· 1 1 { lib 2 2 , buildPythonPackage 3 3 , fetchFromGitHub 4 4 - , pytestCheckHook 5 4 , poetry-core 6 6 - , urllib3 5 5 + , pytestCheckHook 7 6 , requests 7 7 + , urllib3 8 8 }: 9 9 10 10 buildPythonPackage rec { 11 11 pname = "py-synologydsm-api"; 12 12 - version = "1.0.4"; 12 12 + version = "1.0.5"; 13 13 format = "pyproject"; 14 14 15 15 src = fetchFromGitHub { 16 16 owner = "mib1185"; 17 17 repo = "synologydsm-api"; 18 18 rev = "v${version}"; 19 19 - sha256 = "1f9fbcp6dbh1c7q1cpppwggnw4m89w14cjdgl64f1bzv72rggpn1"; 19 19 + sha256 = "sha256-mm5N2RKn2KP2dV7+dw0sNWlCDT5X/fRmH8POQqJIoZY="; 20 20 }; 21 21 22 22 - nativeBuildInputs = [ poetry-core ]; 23 23 - propagatedBuildInputs = [ urllib3 requests ]; 24 24 - pythonImportsCheck = [ "synology_dsm" ]; 25 25 - checkInputs = [ pytestCheckHook ]; 22 22 + nativeBuildInputs = [ 23 23 + poetry-core 24 24 + ]; 25 25 + 26 26 + propagatedBuildInputs = [ 27 27 + requests 28 28 + urllib3 29 29 + ]; 30 30 + 31 31 + checkInputs = [ 32 32 + pytestCheckHook 33 33 + ]; 34 34 + 35 35 + pythonImportsCheck = [ 36 36 + "synology_dsm" 37 37 + ]; 26 38 27 39 meta = with lib; { 28 40 description = "Python API for Synology DSM";

+39

pkgs/development/python-modules/pylgnetcast/default.nix

··· 1 1 + { lib 2 2 + , buildPythonPackage 3 3 + , fetchFromGitHub 4 4 + , requests 5 5 + , pythonOlder 6 6 + }: 7 7 + 8 8 + buildPythonPackage rec { 9 9 + pname = "pylgnetcast"; 10 10 + version = "0.3.4"; 11 11 + format = "setuptools"; 12 12 + 13 13 + disabled = pythonOlder "3.6"; 14 14 + 15 15 + src = fetchFromGitHub { 16 16 + owner = "Drafteed"; 17 17 + repo = "python-lgnetcast"; 18 18 + rev = "v${version}-1"; 19 19 + sha256 = "04bh5i4zchdg0lgwpic8wfbk77n225g71z55iin9r0083xbhd7bh"; 20 20 + }; 21 21 + 22 22 + propagatedBuildInputs = [ 23 23 + requests 24 24 + ]; 25 25 + 26 26 + # Project has no tests 27 27 + doCheck = false; 28 28 + 29 29 + pythonImportsCheck = [ 30 30 + "pylgnetcast" 31 31 + ]; 32 32 + 33 33 + meta = with lib; { 34 34 + description = "Python API client for the LG Smart TV running NetCast 3 or 4"; 35 35 + homepage = "https://github.com/Drafteed/python-lgnetcast"; 36 36 + license = with licenses; [ mit ]; 37 37 + maintainers = with maintainers; [ fab ]; 38 38 + }; 39 39 + }

+2 -2

pkgs/development/python-modules/pytradfri/default.nix

··· 9 9 10 10 buildPythonPackage rec { 11 11 pname = "pytradfri"; 12 12 - version = "7.1.0"; 12 12 + version = "7.1.1"; 13 13 14 14 disabled = pythonOlder "3.7"; 15 15 ··· 17 17 owner = "home-assistant-libs"; 18 18 repo = "pytradfri"; 19 19 rev = version; 20 20 - sha256 = "sha256-r/qt06YPia8PYhwOeDXk0oK3YvEZ/1kN//+LXj34fmE="; 20 20 + sha256 = "sha256-rLpqCpvHTXv6SyT3SOv6oUrWnSDhMG5r+BmznlnNKwg="; 21 21 }; 22 22 23 23 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/pyvicare/default.nix

··· 10 10 11 11 buildPythonPackage rec { 12 12 pname = "pyvicare"; 13 13 - version = "2.13.0"; 13 13 + version = "2.13.1"; 14 14 disabled = pythonOlder "3.7"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "somm15"; 18 18 repo = "PyViCare"; 19 19 rev = version; 20 20 - sha256 = "sha256-v1twWyxd0nhXxvbRCbnH5TP736eeDYE5Nz62sf6HIcA="; 20 20 + sha256 = "sha256-L43aickagJolw+VTRX4ZwRcfOm9fMBZOimPx8jLPHhE="; 21 21 }; 22 22 23 23 SETUPTOOLS_SCM_PRETEND_VERSION = version;

+30 -9

pkgs/development/python-modules/simpleeval/default.nix

··· 1 1 - { lib, fetchPypi, buildPythonPackage }: 1 1 + { lib 2 2 + , buildPythonPackage 3 3 + , fetchFromGitHub 4 4 + , pytestCheckHook 5 5 + }: 2 6 3 7 buildPythonPackage rec { 4 8 pname = "simpleeval"; 5 5 - version = "0.9.10"; 6 6 - src = fetchPypi { 7 7 - inherit pname version; 8 8 - sha256 = "1skvl467kj83rzkhk01i0wm8m5vmh6j5znrfdizn6r18ii45a839"; 9 9 + version = "0.9.11"; 10 10 + format = "pyproject"; 11 11 + 12 12 + src = fetchFromGitHub { 13 13 + owner = "danthedeckie"; 14 14 + repo = pname; 15 15 + rev = version; 16 16 + sha256 = "111w76mahbf3lm2p72dkqp5fhwg7nvnwm4l078dgsgkixssjazi7"; 9 17 }; 10 10 - meta = { 18 18 + 19 19 + checkInputs = [ 20 20 + pytestCheckHook 21 21 + ]; 22 22 + 23 23 + pytestFlagsArray = [ 24 24 + "test_simpleeval.py" 25 25 + ]; 26 26 + 27 27 + pythonImportsCheck = [ 28 28 + "simpleeval" 29 29 + ]; 30 30 + 31 31 + meta = with lib; { 32 32 + description = "Simple, safe single expression evaluator library"; 11 33 homepage = "https://github.com/danthedeckie/simpleeval"; 12 12 - description = "A simple, safe single expression evaluator library"; 13 13 - maintainers = with lib.maintainers; [ johbo ]; 14 14 - license = lib.licenses.mit; 34 34 + license = licenses.mit; 35 35 + maintainers = with maintainers; [ johbo ]; 15 36 }; 16 37 }

+9 -5

pkgs/development/python-modules/wakeonlan/default.nix

··· 8 8 9 9 buildPythonPackage rec { 10 10 pname = "wakeonlan"; 11 11 - version = "2.0.1"; 11 11 + version = "2.1.0"; 12 12 disabled = pythonOlder "3.6"; 13 13 format = "pyproject"; 14 14 ··· 16 16 owner = "remcohaszing"; 17 17 repo = "pywakeonlan"; 18 18 rev = version; 19 19 - sha256 = "sha256-WgoL8ntfEaHcvVbJjdewe0wE31Lq7WBj8Bppeq1uJx8="; 19 19 + sha256 = "sha256-5ri4bXc0EMNntzmcUZYpRIfaXoex4s5M6psf/9ta17Y="; 20 20 }; 21 21 22 22 nativeBuildInputs = [ ··· 27 27 pytestCheckHook 28 28 ]; 29 29 30 30 - pytestFlagsArray = [ "test_wakeonlan.py" ]; 30 30 + pytestFlagsArray = [ 31 31 + "test_wakeonlan.py" 32 32 + ]; 31 33 32 32 - pythonImportsCheck = [ "wakeonlan" ]; 34 34 + pythonImportsCheck = [ 35 35 + "wakeonlan" 36 36 + ]; 33 37 34 38 meta = with lib; { 35 35 - description = "A small python module for wake on lan"; 39 39 + description = "Python module for wake on lan"; 36 40 homepage = "https://github.com/remcohaszing/pywakeonlan"; 37 41 license = licenses.mit; 38 42 maintainers = with maintainers; [ peterhoeg ];

+4 -4

pkgs/development/tools/continuous-integration/gitlab-runner/default.nix

··· 1 1 { lib, buildGoPackage, fetchFromGitLab, fetchurl }: 2 2 3 3 let 4 4 - version = "14.3.2"; 4 4 + version = "14.4.0"; 5 5 # Gitlab runner embeds some docker images these are prebuilt for arm and x86_64 6 6 docker_x86_64 = fetchurl { 7 7 url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/binaries/gitlab-runner-helper/gitlab-runner-helper.x86_64"; 8 8 - sha256 = "0np2ijgrq6yg3r0744qlj9a9va7y996f7csfs4ajyfqq3vm7jz2g"; 8 8 + sha256 = "0cd0bcqfy2cwkhgj1d4mmn0xv4n5mmhyf2yv42ynvv0yr5xk75n0"; 9 9 }; 10 10 11 11 docker_arm = fetchurl { 12 12 url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/binaries/gitlab-runner-helper/gitlab-runner-helper.arm"; 13 13 - sha256 = "0adjczad3y2f55i76pcp1q2kzdwqr04y59bslb9523s4dlav9jcd"; 13 13 + sha256 = "06dnxj1w1nnqkkxrbhz8p85g1afr49j8jizkf2g8j01dsk5b2gvi"; 14 14 }; 15 15 in 16 16 buildGoPackage rec { ··· 29 29 owner = "gitlab-org"; 30 30 repo = "gitlab-runner"; 31 31 rev = "v${version}"; 32 32 - sha256 = "15mwyhr7a4b9vl7c0qz299qv91h3kcmf6d6p5vjjrm1phiy3bpgf"; 32 32 + sha256 = "07dvbair8fiska7ay4k4hbdwlkgyrq8hmxxwdzkhcpyc0faxqlly"; 33 33 }; 34 34 35 35 patches = [ ./fix-shell-path.patch ];

+28

pkgs/development/tools/metal-cli/default.nix

··· 1 1 + { lib, buildGoModule, fetchFromGitHub }: 2 2 + 3 3 + buildGoModule rec { 4 4 + pname = "metal-cli"; 5 5 + version = "0.6.0"; 6 6 + 7 7 + src = fetchFromGitHub { 8 8 + owner = "equinix"; 9 9 + repo = pname; 10 10 + rev = "v${version}"; 11 11 + sha256 = "sha256-dGeOFrsqhW0+aQyB4f6pvv4ZBawqKX2+WRskDWoLS7E="; 12 12 + }; 13 13 + 14 14 + vendorSha256 = "sha256-ifSfeJjrZI1Hrsq64zAGBiLVc8GKvq+Ddg26gQooyTs="; 15 15 + 16 16 + postInstall = '' 17 17 + ln -s $out/bin/metal-cli $out/bin/metal 18 18 + ''; 19 19 + 20 20 + doCheck = false; 21 21 + 22 22 + meta = with lib; { 23 23 + description = "Official Equinix Metal CLI"; 24 24 + homepage = "https://github.com/equinix/metal-cli/"; 25 25 + license = licenses.mit; 26 26 + maintainers = with maintainers; [ Br1ght0ne nshalman ]; 27 27 + }; 28 28 + }

-28

pkgs/development/tools/packet-cli/default.nix

··· 1 1 - { lib, buildGoModule, fetchFromGitHub }: 2 2 - 3 3 - buildGoModule rec { 4 4 - pname = "packet-cli"; 5 5 - version = "0.5.0"; 6 6 - 7 7 - src = fetchFromGitHub { 8 8 - owner = "packethost"; 9 9 - repo = pname; 10 10 - rev = version; 11 11 - sha256 = "0dlcx186l8kh6w3i4dvj7v90lhjkgvq1xkjb2vijy6399z41grw2"; 12 12 - }; 13 13 - 14 14 - vendorSha256 = "1y1c369gsaf5crkdvv5g8d9p2g5602x2gcj8zy1q3wjx9lwhl0i6"; 15 15 - 16 16 - postInstall = '' 17 17 - ln -s $out/bin/packet-cli $out/bin/packet 18 18 - ''; 19 19 - 20 20 - doCheck = false; 21 21 - 22 22 - meta = with lib; { 23 23 - description = "Official Packet CLI"; 24 24 - homepage = "https://github.com/packethost/packet-cli"; 25 25 - license = licenses.mit; 26 26 - maintainers = with maintainers; [ Br1ght0ne nshalman ]; 27 27 - }; 28 28 - }

+2 -2

pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix

··· 38 38 mktplcRef = { 39 39 name = "vsliveshare"; 40 40 publisher = "ms-vsliveshare"; 41 41 - version = "1.0.4836"; 42 42 - sha256 = "7hK2ptNU2mQt3iTZgkrKU9ZTVN+m7VFmAlXHxkiPL+o="; 41 41 + version = "1.0.5043"; 42 42 + sha256 = "OdFOFvidUV/trySHvF8iELPNVP2kq8+vZQ4q4Nf7SiQ="; 43 43 }; 44 44 }).overrideAttrs({ nativeBuildInputs ? [], buildInputs ? [], ... }: { 45 45 nativeBuildInputs = nativeBuildInputs ++ [

+1 -1

pkgs/servers/home-assistant/component-packages.nix

··· 452 452 "lastfm" = ps: with ps; [ pylast ]; 453 453 "launch_library" = ps: with ps; [ ]; # missing inputs: pylaunches 454 454 "lcn" = ps: with ps; [ pypck ]; 455 455 - "lg_netcast" = ps: with ps; [ ]; # missing inputs: pylgnetcast 455 455 + "lg_netcast" = ps: with ps; [ pylgnetcast ]; 456 456 "lg_soundbar" = ps: with ps; [ ]; # missing inputs: temescal 457 457 "life360" = ps: with ps; [ ]; # missing inputs: life360 458 458 "lifx" = ps: with ps; [ aiolifx aiolifx-effects ];

+3 -3

pkgs/tools/admin/trivy/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "trivy"; 5 5 - version = "0.19.2"; 5 5 + version = "0.20.2"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "aquasecurity"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-aYPG0xvuijASKXBGgB+6UyF9bmeU8l5snOoPWI8Ewh8="; 11 11 + sha256 = "sha256-ittOVWsM+1IaILCLCJNOeLxRbRHiiMN4qgLTS9gxV0w="; 12 12 }; 13 13 14 14 - vendorSha256 = "sha256-4FO6/1eNyxy/CH7XMUkLfRqEg2+XUXL1gKleL6o4EoM="; 14 14 + vendorSha256 = "sha256-HrDj09gUJtkZhQ3nYfoj0K8+T62ib0CWAhhcuvg8cyc="; 15 15 16 16 excludedPackages = "misc"; 17 17

+2 -1

pkgs/tools/misc/debootstrap/default.nix

··· 1 1 { lib, stdenv, fetchurl, dpkg, gawk, perl, wget, coreutils, util-linux 2 2 - , gnugrep, gnutar, gnused, gzip, makeWrapper }: 2 2 + , gnugrep, gnupg1, gnutar, gnused, gzip, makeWrapper }: 3 3 # USAGE like this: debootstrap sid /tmp/target-chroot-directory 4 4 # There is also cdebootstrap now. Is that easier to maintain? 5 5 let binPath = lib.makeBinPath [ ··· 7 7 dpkg 8 8 gawk 9 9 gnugrep 10 10 + gnupg1 10 11 gnused 11 12 gnutar 12 13 gzip

+2 -2

pkgs/tools/misc/snapper/default.nix

··· 6 6 7 7 stdenv.mkDerivation rec { 8 8 pname = "snapper"; 9 9 - version = "0.9.0"; 9 9 + version = "0.9.1"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "openSUSE"; 13 13 repo = "snapper"; 14 14 rev = "v${version}"; 15 15 - sha256 = "1gx3ichbkdqlzl7w187vc3xpmr9prmnp7as0h6ympgigradj5c7g"; 15 15 + sha256 = "1ci5mdsph2n5cqad51zf4sank35yj741adsqy2gg7vqwxrhpm8mj"; 16 16 }; 17 17 18 18 nativeBuildInputs = [

+2 -2

pkgs/tools/networking/mu/default.nix

··· 7 7 8 8 stdenv.mkDerivation rec { 9 9 pname = "mu"; 10 10 - version = "1.6.7"; 10 10 + version = "1.6.9"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "djcb"; 14 14 repo = "mu"; 15 15 rev = version; 16 16 - sha256 = "bhZrottFT5NX43Iz1wFGYzaUSAgvgkhOwNHX6fjUs7M="; 16 16 + sha256 = "RoSj283fcllEbirZOScKRU4BKLoxgatDdL1qYZu+LEI="; 17 17 }; 18 18 19 19 postPatch = lib.optionalString (batchSize != null) ''

+3 -3

pkgs/tools/security/sn0int/default.nix

··· 9 9 10 10 rustPlatform.buildRustPackage rec { 11 11 pname = "sn0int"; 12 12 - version = "0.22.0"; 12 12 + version = "0.23.0"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "kpcyrd"; 16 16 repo = pname; 17 17 rev = "v${version}"; 18 18 - sha256 = "sha256-0BadgWZhP73WOVO18jtcdhsM0L7AM0TQ3PF7MNJM7M0="; 18 18 + sha256 = "sha256-DsDSGF43yEyYYduRHu4+VRrPZ89Ce1fwtDxit0x8Apo="; 19 19 }; 20 20 21 21 - cargoSha256 = "sha256-KYrJIOaFX2wTDj4KeHn3d8wBHfVevCKQK/bDglfLWAU="; 21 21 + cargoSha256 = "sha256-dXNIbngfwMVvLx4uSO6MWpSrZfUGhlggGvXHysYAJIE="; 22 22 23 23 nativeBuildInputs = [ 24 24 pkg-config

+33

pkgs/tools/security/snowcat/default.nix

··· 1 1 + { lib, buildGoModule, fetchFromGitHub }: 2 2 + 3 3 + buildGoModule rec { 4 4 + pname = "snowcat"; 5 5 + version = "0.1.3"; 6 6 + 7 7 + src = fetchFromGitHub { 8 8 + owner = "praetorian-inc"; 9 9 + repo = pname; 10 10 + rev = "v${version}"; 11 11 + sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY="; 12 12 + }; 13 13 + vendorSha256 = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0="; 14 14 + 15 15 + ldflags = [ "-s" "-w" ]; 16 16 + 17 17 + meta = with lib; { 18 18 + homepage = "https://github.com/praetorian-inc/snowcat"; 19 19 + changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}"; 20 20 + description = "A tool to audit the istio service mesh"; 21 21 + longDescription = '' 22 22 + Snowcat gathers and analyzes the configuration of an Istio cluster and 23 23 + audits it for potential violations of security best practices. 24 24 + 25 25 + There are two main modes of operation for Snowcat. With no positional 26 26 + argument, Snowcat will assume it is running inside of a cluster enabled 27 27 + with Istio, and begin to enumerate the required data. Optionally, you can 28 28 + point snowcat at a directory containing Kubernets YAML files. 29 29 + ''; 30 30 + license = licenses.asl20; 31 31 + maintainers = with maintainers; [ jk ]; 32 32 + }; 33 33 + }

+2

pkgs/top-level/aliases.nix

··· 620 620 owncloudclient = owncloud-client; # added 2016-08 621 621 ocz-ssd-guru = throw "ocz-ssd-guru has been removed due to there being no source available"; # added 2021-07-12 622 622 p11_kit = p11-kit; # added 2018-02-25 623 623 + packet-cli = metal-cli; # added 2021-10-25 623 624 paperless = paperless-ng; # added 2021-06-06 624 625 parity = openethereum; # added 2020-08-01 625 626 parquet-cpp = arrow-cpp; # added 2018-09-08 ··· 775 776 qt-3 = throw "qt-3 has been removed from nixpkgs, as it's unmaintained and insecure"; # added 2021-02-15 776 777 rfkill = throw "rfkill has been removed, as it's included in util-linux"; # added 2020-08-23 777 778 riak-cs = throw "riak-cs is not maintained anymore"; # added 2020-10-14 779 779 + ring-daemon = jami-daemon; #added 2021-10-26 778 780 radare2-cutter = cutter; # added 2021-03-30 779 781 redkite = throw "redkite was archived by upstream"; # added 2021-04-12 780 782 rkt = throw "rkt was archived by upstream"; # added 2020-05-16

+3 -1

pkgs/top-level/all-packages.nix

··· 3483 3483 3484 3484 snippetpixie = callPackage ../tools/text/snippetpixie { }; 3485 3485 3486 3486 + snowcat = callPackage ../tools/security/snowcat { }; 3487 3487 + 3486 3488 socklog = callPackage ../tools/system/socklog { }; 3487 3489 3488 3490 soju = callPackage ../applications/networking/soju { }; ··· 27154 27156 27155 27157 packet-sd = callPackage ../development/tools/packet-sd { }; 27156 27158 27157 27157 - packet-cli = callPackage ../development/tools/packet-cli { }; 27159 27159 + metal-cli = callPackage ../development/tools/metal-cli { }; 27158 27160 27159 27161 pb_cli = callPackage ../tools/misc/pb_cli {}; 27160 27162

+4

pkgs/top-level/python-packages.nix

··· 3730 3730 3731 3731 inquirer = callPackage ../development/python-modules/inquirer { }; 3732 3732 3733 3733 + insegel = callPackage ../development/python-modules/insegel { }; 3734 3734 + 3733 3735 intake = callPackage ../development/python-modules/intake { }; 3734 3736 3735 3737 intake-parquet = callPackage ../development/python-modules/intake-parquet { }; ··· 6506 6508 PyLD = callPackage ../development/python-modules/PyLD { }; 6507 6509 6508 6510 pylev = callPackage ../development/python-modules/pylev { }; 6511 6511 + 6512 6512 + pylgnetcast = callPackage ../development/python-modules/pylgnetcast { }; 6509 6513 6510 6514 pylibacl = callPackage ../development/python-modules/pylibacl { }; 6511 6515