Merge master into staging-next

authored by

github-actions[bot] and committed by
GitHub
7f0b38bc a912b830

+174 -36
+5
.github/CODEOWNERS
··· 310 310 /pkgs/build-support/node/build-npm-package @winterqt 311 311 /pkgs/build-support/node/fetch-npm-deps @winterqt 312 312 /doc/languages-frameworks/javascript.section.md @winterqt 313 + 314 + # OCaml 315 + /pkgs/build-support/ocaml @romildo @superherointj @ulrikstrid 316 + /pkgs/development/compilers/ocaml @romildo @superherointj @ulrikstrid 317 + /pkgs/development/ocaml-modules @romildo @superherointj @ulrikstrid
+9 -1
pkgs/applications/graphics/jpegoptim/default.nix
··· 1 - { lib, stdenv, fetchFromGitHub, libjpeg }: 1 + { lib, stdenv, fetchFromGitHub, fetchpatch, libjpeg }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 version = "1.5.2"; ··· 10 10 rev = "v${version}"; 11 11 sha256 = "sha256-PROQvOqsis8we58OOZ/kuY+L/CoV7XfnY9wvrpsTJu8="; 12 12 }; 13 + 14 + patches = [ 15 + (fetchpatch { 16 + name = "CVE-2023-27781.patch"; 17 + url = "https://github.com/tjko/jpegoptim/commit/29a073ad297a0954f5e865264e24755d0ffe53ed.patch"; 18 + hash = "sha256-YUjVg0cvElhzMG3b4t5bqcqnHAuzDoNvSqe0yvlgX4E="; 19 + }) 20 + ]; 13 21 14 22 # There are no checks, it seems. 15 23 doCheck = false;
+3 -3
pkgs/applications/networking/cluster/nomad/default.nix
··· 62 62 63 63 nomad_1_4 = generic { 64 64 buildGoModule = buildGo120Module; 65 - version = "1.4.4"; 66 - sha256 = "sha256-mAimuWolTJ3lMY/ArnLZFu+GZv9ADdGsriXsTcEgdYc="; 67 - vendorSha256 = "sha256-QtP7pzsIBd2S79AUcbOeVG71Mb5qK706rq5DkT41VqM="; 65 + version = "1.4.6"; 66 + sha256 = "sha256-l4GvQIS5JSSgjBjPivAKAb7gKlVLw4WoZpPR8LxnLNc="; 67 + vendorSha256 = "sha256-05BhKF6kx0wbu74cidpTFhUN668R/AxV6qWmchCm/WE="; 68 68 passthru.tests.nomad = nixosTests.nomad; 69 69 }; 70 70 }
+1 -2
pkgs/applications/networking/instant-messengers/slack/default.nix
··· 172 172 makeWrapper $out/lib/slack/slack $out/bin/slack \ 173 173 --prefix XDG_DATA_DIRS : $GSETTINGS_SCHEMAS_PATH \ 174 174 --suffix PATH : ${lib.makeBinPath [xdg-utils]} \ 175 - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ 176 - --add-flags "\''${WAYLAND_DISPLAY:+--enable-features=WebRTCPipeWireCapturer}" 175 + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations,WebRTCPipeWireCapturer}}" 177 176 178 177 # Fix the desktop link 179 178 substituteInPlace $out/share/applications/slack.desktop \
+20 -9
pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix
··· 26 26 "unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc" 27 27 ]); 28 28 29 - etcBindFlags = let 29 + etcBindEntries = let 30 30 files = [ 31 31 # NixOS Compatibility 32 32 "static" ··· 69 69 "ca-certificates" 70 70 "pki" 71 71 ]; 72 - in concatStringsSep "\n " 73 - (map (file: "--ro-bind-try $(${coreutils}/bin/readlink -m /etc/${file}) /etc/${file}") files); 72 + in map (path: "/etc/${path}") files; 74 73 75 74 # Create this on the fly instead of linking from /nix 76 75 # The container might have to modify it and re-run ldconfig if there are ··· 99 98 ''; 100 99 101 100 bwrapCmd = { initArgs ? "" }: '' 102 - blacklist=(/nix /dev /proc /etc) 101 + ignored=(/nix /dev /proc /etc) 103 102 ro_mounts=() 104 103 symlinks=() 104 + etc_ignored=() 105 105 for i in ${env}/*; do 106 106 path="/''${i##*/}" 107 107 if [[ $path == '/etc' ]]; then 108 108 : 109 109 elif [[ -L $i ]]; then 110 110 symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$path") 111 - blacklist+=("$path") 111 + ignored+=("$path") 112 112 else 113 113 ro_mounts+=(--ro-bind "$i" "$path") 114 - blacklist+=("$path") 114 + ignored+=("$path") 115 115 fi 116 116 done 117 117 ··· 124 124 continue 125 125 fi 126 126 ro_mounts+=(--ro-bind "$i" "/etc$path") 127 + etc_ignored+=("/etc$path") 127 128 done 128 129 fi 129 130 131 + for i in ${lib.escapeShellArgs etcBindEntries}; do 132 + if [[ "''${etc_ignored[@]}" =~ "$i" ]]; then 133 + continue 134 + fi 135 + if [[ -L $i ]]; then 136 + symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$i") 137 + else 138 + ro_mounts+=(--ro-bind-try "$i" "$i") 139 + fi 140 + done 141 + 130 142 declare -a auto_mounts 131 143 # loop through all directories in the root 132 144 for dir in /*; do 133 - # if it is a directory and it is not in the blacklist 134 - if [[ -d "$dir" ]] && [[ ! "''${blacklist[@]}" =~ "$dir" ]]; then 145 + # if it is a directory and it is not ignored 146 + if [[ -d "$dir" ]] && [[ ! "''${ignored[@]}" =~ "$dir" ]]; then 135 147 # add it to the mount list 136 148 auto_mounts+=(--bind "$dir" "$dir") 137 149 fi ··· 179 191 --symlink /etc/ld.so.cache ${pkgsi686Linux.glibc}/etc/ld.so.cache \ 180 192 --ro-bind ${pkgsi686Linux.glibc}/etc/rpc ${pkgsi686Linux.glibc}/etc/rpc \ 181 193 --remount-ro ${pkgsi686Linux.glibc}/etc \ 182 - ${etcBindFlags} 183 194 "''${ro_mounts[@]}" 184 195 "''${symlinks[@]}" 185 196 "''${auto_mounts[@]}"
+8 -2
pkgs/development/python-modules/lightning-utilities/default.nix
··· 16 16 17 17 buildPythonPackage rec { 18 18 pname = "lightning-utilities"; 19 - version = "0.7.1"; 19 + version = "0.8.0"; 20 20 format = "pyproject"; 21 21 22 22 src = fetchFromGitHub { 23 23 owner = "Lightning-AI"; 24 24 repo = "utilities"; 25 25 rev = "refs/tags/v${version}"; 26 - hash = "sha256-xjE5FsU1d/YcVHlfjtZE0T2LjGvsIOzbGJFU7PMDqdc="; 26 + hash = "sha256-uwmX+/SK2zBkZQbN/t/DZ3i+XbdAJ/RM+Q649QwMUz0="; 27 27 }; 28 28 29 29 nativeBuildInputs = [ ··· 57 57 58 58 disabledTestPaths = [ 59 59 "docs" 60 + # doctests that expect docs.txt in the wrong location 61 + "src/lightning_utilities/install/requirements.py" 62 + ]; 60 63 64 + pytestFlagsArray = [ 65 + # warns about distutils removal in python 3.12 66 + "-W" "ignore::DeprecationWarning" 61 67 ]; 62 68 63 69 meta = with lib; {
+2 -2
pkgs/development/python-modules/pdm-backend/default.nix
··· 15 15 16 16 buildPythonPackage rec { 17 17 pname = "pdm-backend"; 18 - version = "2.0.2"; 18 + version = "2.0.5"; 19 19 format = "pyproject"; 20 20 21 21 src = fetchFromGitHub { 22 22 owner = "pdm-project"; 23 23 repo = "pdm-backend"; 24 24 rev = "refs/tags/${version}"; 25 - hash = "sha256-3Wgc4kKQcE2FzfcqTs9jtfJ1Oj+qtHiDM4q8KuMNAak="; 25 + hash = "sha256-d5kr5pr9tBc6So0wTy3/ASgk8KTOf2AV8Vfsmml5Qh0="; 26 26 }; 27 27 28 28 propagatedBuildInputs = lib.optionals (pythonOlder "3.10") [
+2 -2
pkgs/development/python-modules/pypdf/default.nix
··· 24 24 25 25 buildPythonPackage rec { 26 26 pname = "pypdf"; 27 - version = "3.5.1"; 27 + version = "3.5.2"; 28 28 format = "pyproject"; 29 29 30 30 src = fetchFromGitHub { ··· 33 33 rev = "refs/tags/${version}"; 34 34 # fetch sample files used in tests 35 35 fetchSubmodules = true; 36 - hash = "sha256-2Ewa6mTLSNiUFIplfmZDRXmoiX1IQMwg4wq5dAU0O+4="; 36 + hash = "sha256-f+M4sfUzDy8hxHUiWG9hyu0EYvnjNA46OtHzBSJdID0="; 37 37 }; 38 38 39 39 outputs = [
+44
pkgs/os-specific/linux/usbguard-notifier/default.nix
··· 1 + { 2 + lib, 3 + stdenv, 4 + fetchFromGitHub, 5 + autoreconfHook, 6 + pkg-config, 7 + libqb, 8 + usbguard, 9 + librsvg, 10 + libnotify, 11 + catch2, 12 + asciidoc, 13 + }: 14 + 15 + stdenv.mkDerivation rec { 16 + pname = "usbguard-notifier"; 17 + version = "0.1.0"; 18 + 19 + src = fetchFromGitHub { 20 + owner = "Cropi"; 21 + repo = pname; 22 + rev = "${pname}-${version}"; 23 + hash = "sha256-gWvCGSbOuey2ELAPD2WCG4q77IClL0S7rE2RaUJDc1I="; 24 + }; 25 + 26 + nativeBuildInputs = [ autoreconfHook pkg-config asciidoc ]; 27 + buildInputs = [ libqb usbguard librsvg libnotify ]; 28 + 29 + configureFlags = [ "CPPFLAGS=-I${catch2}/include/catch2" ]; 30 + 31 + prePatch = '' 32 + substituteInPlace configure.ac \ 33 + --replace 'AC_MSG_FAILURE([Cannot detect the systemd system unit dir])' \ 34 + 'systemd_unit_dir="$out/lib/systemd/user"' 35 + ''; 36 + 37 + meta = { 38 + description = "Notifications for detecting usbguard policy and device presence changes"; 39 + homepage = "https://github.com/Cropi/usbguard-notifier"; 40 + maintainers = with lib.maintainers; [ fpletz ]; 41 + platforms = lib.platforms.linux; 42 + license = lib.licenses.gpl2Plus; 43 + }; 44 + }
+3 -3
pkgs/servers/x11/xorg/default.nix
··· 178 178 # THIS IS A GENERATED FILE. DO NOT EDIT! 179 179 fontalias = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation { 180 180 pname = "font-alias"; 181 - version = "1.0.4"; 181 + version = "1.0.5"; 182 182 builder = ./builder.sh; 183 183 src = fetchurl { 184 - url = "mirror://xorg/individual/font/font-alias-1.0.4.tar.bz2"; 185 - sha256 = "0xjjjindczv3g7m1597l0x19zz75xy70wh5garghz61fpzl1l4gk"; 184 + url = "mirror://xorg/individual/font/font-alias-1.0.5.tar.xz"; 185 + sha256 = "0vkb5mybc0fjfq29lgf5w1b536bwifzkyj8ad9iy7q3kpcby52cz"; 186 186 }; 187 187 hardeningDisable = [ "bindnow" "relro" ]; 188 188 strictDeps = true;
+1 -1
pkgs/servers/x11/xorg/tarballs.list
··· 135 135 mirror://xorg/individual/font/font-adobe-utopia-100dpi-1.0.4.tar.bz2 136 136 mirror://xorg/individual/font/font-adobe-utopia-75dpi-1.0.4.tar.bz2 137 137 mirror://xorg/individual/font/font-adobe-utopia-type1-1.0.4.tar.bz2 138 - mirror://xorg/individual/font/font-alias-1.0.4.tar.bz2 138 + mirror://xorg/individual/font/font-alias-1.0.5.tar.xz 139 139 mirror://xorg/individual/font/font-arabic-misc-1.0.3.tar.bz2 140 140 mirror://xorg/individual/font/font-bh-100dpi-1.0.3.tar.bz2 141 141 mirror://xorg/individual/font/font-bh-75dpi-1.0.3.tar.bz2
+3 -3
pkgs/tools/admin/aws-vault/default.nix
··· 7 7 }: 8 8 buildGoModule rec { 9 9 pname = "aws-vault"; 10 - version = "7.0.2"; 10 + version = "7.1.1"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "99designs"; 14 14 repo = pname; 15 15 rev = "v${version}"; 16 - sha256 = "sha256-uNe2dltwLoUBUH/p4CN6HCOvBsq2yASxxwkSEtkJRbQ="; 16 + sha256 = "sha256-ydg//2t+B02eXwnwsmECx+I8oluPf6dKntz7L6gWV88="; 17 17 }; 18 18 19 - vendorHash = "sha256-CPn4JLIZz23ZNcl3LPJumx20WOXTI13s69MVo/Pof+s="; 19 + vendorHash = "sha256-4bJKDEZlO0DzEzTQ7m+SQuzhe+wKmL6wLueqgSz/46s="; 20 20 21 21 nativeBuildInputs = [ installShellFiles makeWrapper ]; 22 22
+61
pkgs/tools/admin/balena-cli/default.nix
··· 1 + { lib 2 + , stdenv 3 + , fetchzip 4 + }: 5 + 6 + let 7 + inherit (stdenv.hostPlatform) system; 8 + throwSystem = throw "Unsupported system: ${system}"; 9 + 10 + plat = { 11 + x86_64-linux = "linux-x64"; 12 + x86_64-darwin = "macOS-x64"; 13 + # Balena only packages for x86 so we rely on Rosetta for Apple Silicon 14 + aarch64-darwin = "macOS-x64"; 15 + x86_64-windows = "windows-x64"; 16 + }.${system} or throwSystem; 17 + 18 + sha256 = { 19 + x86_64-linux = "0gxki6w8p7ihv0zy02978hg8i242algiw0wpcajrvbx1ncbcb7yn"; 20 + x86_64-darwin = "1ihxyf35px3s6q2yk4p3dy03rcj93hy96bj3pxqlv0rp05gnsf02"; 21 + aarch64-darwin = "1ihxyf35px3s6q2yk4p3dy03rcj93hy96bj3pxqlv0rp05gnsf02"; 22 + x86_64-windows = "104hc3qvs04l2hmjmp0bcjr5g5scp4frhprk1fpszziqhdmhwa40"; 23 + }.${system} or throwSystem; 24 + in 25 + stdenv.mkDerivation rec { 26 + pname = "balena-cli"; 27 + version = "15.1.1"; 28 + 29 + src = fetchzip { 30 + url = "https://github.com/balena-io/balena-cli/releases/download/v${version}/balena-cli-v${version}-${plat}-standalone.zip"; 31 + inherit sha256; 32 + }; 33 + 34 + installPhase = '' 35 + runHook preInstall 36 + 37 + mkdir -p $out/bin 38 + cp -r ./* $out/ 39 + 40 + ln -s $out/balena $out/bin/balena 41 + 42 + runHook postInstall 43 + ''; 44 + 45 + meta = with lib; { 46 + description = "A command line interface for balenaCloud or openBalena"; 47 + longDescription = '' 48 + The balena CLI is a Command Line Interface for balenaCloud or openBalena. It is a software 49 + tool available for Windows, macOS and Linux, used through a command prompt / terminal window. 50 + It can be used interactively or invoked in scripts. The balena CLI builds on the balena API 51 + and the balena SDK, and can also be directly imported in Node.js applications. 52 + ''; 53 + homepage = "https://github.com/balena-io/balena-cli"; 54 + changelog = "https://github.com/balena-io/balena-cli/blob/v${version}/CHANGELOG.md"; 55 + license = licenses.asl20; 56 + maintainers = [ maintainers.kalebpace ]; 57 + platforms = platforms.linux ++ platforms.darwin ++ platforms.cygwin ++ platforms.windows; 58 + sourceProvenance = [ sourceTypes.binaryNativeCode ]; 59 + mainProgram = "balena"; 60 + }; 61 + }
+2 -2
pkgs/tools/misc/tbls/default.nix
··· 7 7 8 8 buildGoModule rec { 9 9 pname = "tbls"; 10 - version = "1.62.1"; 10 + version = "1.63.0"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "k1LoW"; 14 14 repo = "tbls"; 15 15 rev = "v${version}"; 16 - hash = "sha256-x3Bh/xB/x71xNjVL5zqp1ag8TPQoxOpuOyDE1f54sGQ="; 16 + hash = "sha256-r0jCuSTNx5BVkJshPSAO5Wwz1C2Lw2AYXYA46cMB+qY="; 17 17 }; 18 18 19 19 vendorHash = "sha256-YrDQSySBplYgakgvb6BwK1AK6h0Usy8MvCndHSSYrlQ=";
pkgs/tools/security/vault/update-bin.sh
+6 -6
pkgs/tools/security/vault/vault-bin.nix
··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "vault-bin"; 5 - version = "1.12.2"; 5 + version = "1.13.0"; 6 6 7 7 src = 8 8 let ··· 16 16 aarch64-darwin = "darwin_arm64"; 17 17 }; 18 18 sha256 = selectSystem { 19 - x86_64-linux = "sha256-viBGcd6MmevCOKBmizzTKzcAQ93kcvg4dZE70dhy4O4="; 20 - aarch64-linux = "sha256-2Zy96bTP3N6CFCOJgPI0DTnsAvraBlFax3TeB+j/7Yw="; 21 - i686-linux = "sha256-PZLDSeg9d01iL6e+EoRjpXwnoA8DUwTFcKL7X3S26mw="; 22 - x86_64-darwin = "sha256-xV6bZVpTtEIZMeMVff+hmDKK7qVkItQ0ZRC0yycxad0="; 23 - aarch64-darwin = "sha256-K0b8O04ZSrKbuM8tu3nt2tI7FktOpqwHEpoNTWYJpm4="; 19 + x86_64-linux = "sha256-UIgFgfpqsWsjmyuU3Z/dA282S8gZ2RR2vUuvZngvQQk="; 20 + aarch64-linux = "sha256-IEuFgfWmRl5ewrA0GX0Rv/88EbWnuWLag2InZ1oHaiU="; 21 + i686-linux = "sha256-hm9SAZOanMckINTVUBQs+bn3X8p3m7gtw9F0gdMKJXA="; 22 + x86_64-darwin = "sha256-/tjJFCBgsBvGa6icNIXz8DCmiKjjcoIC9/3dcSK4400="; 23 + aarch64-darwin = "sha256-xdwSjDZdrUunhyBqZJMjuaFBI961JgU5mWw6UQr3oj0="; 24 24 }; 25 25 in 26 26 fetchzip {
+4
pkgs/top-level/all-packages.nix
··· 1429 1429 1430 1430 asleap = callPackage ../tools/networking/asleap { }; 1431 1431 1432 + balena-cli = callPackage ../tools/admin/balena-cli { }; 1433 + 1432 1434 butler = callPackage ../games/itch/butler.nix { 1433 1435 inherit (darwin.apple_sdk.frameworks) Cocoa; 1434 1436 }; ··· 27183 27185 upower = callPackage ../os-specific/linux/upower { }; 27184 27186 27185 27187 usbguard = callPackage ../os-specific/linux/usbguard { }; 27188 + 27189 + usbguard-notifier = callPackage ../os-specific/linux/usbguard-notifier { }; 27186 27190 27187 27191 usbrelay = callPackage ../os-specific/linux/usbrelay { }; 27188 27192 usbrelayd = callPackage ../os-specific/linux/usbrelay/daemon.nix { };