+102

nixos/modules/services/networking/mosquitto.md

··· 1 1 + # Mosquitto {#module-services-mosquitto} 2 2 + 3 3 + Mosquitto is a MQTT broker often used for IoT or home automation data transport. 4 4 + 5 5 + ## Quickstart {#module-services-mosquitto-quickstart} 6 6 + 7 7 + A minimal configuration for Mosquitto is 8 8 + 9 9 + ```nix 10 10 + services.mosquitto = { 11 11 + enable = true; 12 12 + listeners = [ { 13 13 + acl = [ "pattern readwrite #" ]; 14 14 + omitPasswordAuth = true; 15 15 + settings.allow_anonymous = true; 16 16 + } ]; 17 17 + }; 18 18 + ``` 19 19 + 20 20 + This will start a broker on port 1883, listening on all interfaces of the machine, allowing 21 21 + read/write access to all topics to any user without password requirements. 22 22 + 23 23 + User authentication can be configured with the `users` key of listeners. A config that gives 24 24 + full read access to a user `monitor` and restricted write access to a user `service` could look 25 25 + like 26 26 + 27 27 + ```nix 28 28 + services.mosquitto = { 29 29 + enable = true; 30 30 + listeners = [ { 31 31 + users = { 32 32 + monitor = { 33 33 + acl = [ "read #" ]; 34 34 + password = "monitor"; 35 35 + }; 36 36 + service = { 37 37 + acl = [ "write service/#" ]; 38 38 + password = "service"; 39 39 + }; 40 40 + }; 41 41 + } ]; 42 42 + }; 43 43 + ``` 44 44 + 45 45 + TLS authentication is configured by setting TLS-related options of the listener: 46 46 + 47 47 + ```nix 48 48 + services.mosquitto = { 49 49 + enable = true; 50 50 + listeners = [ { 51 51 + port = 8883; # port change is not required, but helpful to avoid mistakes 52 52 + # ... 53 53 + settings = { 54 54 + cafile = "/path/to/mqtt.ca.pem"; 55 55 + certfile = "/path/to/mqtt.pem"; 56 56 + keyfile = "/path/to/mqtt.key"; 57 57 + }; 58 58 + } ]; 59 59 + ``` 60 60 + 61 61 + ## Configuration {#module-services-mosquitto-config} 62 62 + 63 63 + The Mosquitto configuration has four distinct types of settings: 64 64 + the global settings of the daemon, listeners, plugins, and bridges. 65 65 + Bridges and listeners are part of the global configuration, plugins are part of listeners. 66 66 + Users of the broker are configured as parts of listeners rather than globally, allowing 67 67 + configurations in which a given user is only allowed to log in to the broker using specific 68 68 + listeners (eg to configure an admin user with full access to all topics, but restricted to 69 69 + localhost). 70 70 + 71 71 + Almost all options of Mosquitto are available for configuration at their appropriate levels, some 72 72 + as NixOS options written in camel case, the remainders under `settings` with their exact names in 73 73 + the Mosquitto config file. The exceptions are `acl_file` (which is always set according to the 74 74 + `acl` attributes of a listener and its users) and `per_listener_settings` (which is always set to 75 75 + `true`). 76 76 + 77 77 + ### Password authentication {#module-services-mosquitto-config-passwords} 78 78 + 79 79 + Mosquitto can be run in two modes, with a password file or without. Each listener has its own 80 80 + password file, and different listeners may use different password files. Password file generation 81 81 + can be disabled by setting `omitPasswordAuth = true` for a listener; in this case it is necessary 82 82 + to either set `settings.allow_anonymous = true` to allow all logins, or to configure other 83 83 + authentication methods like TLS client certificates with `settings.use_identity_as_username = true`. 84 84 + 85 85 + The default is to generate a password file for each listener from the users configured to that 86 86 + listener. Users with no configured password will not be added to the password file and thus 87 87 + will not be able to use the broker. 88 88 + 89 89 + ### ACL format {#module-services-mosquitto-config-acl} 90 90 + 91 91 + Every listener has a Mosquitto `acl_file` attached to it. This ACL is configured via two 92 92 + attributes of the config: 93 93 + 94 94 + * the `acl` attribute of the listener configures pattern ACL entries and topic ACL entries 95 95 + for anonymous users. Each entry must be prefixed with `pattern` or `topic` to distinguish 96 96 + between these two cases. 97 97 + * the `acl` attribute of every user configures in the listener configured the ACL for that 98 98 + given user. Only topic ACLs are supported by Mosquitto in this setting, so no prefix is 99 99 + required or allowed. 100 100 + 101 101 + The default ACL for a listener is empty, disallowing all accesses from all clients. To configure 102 102 + a completely open ACL, set `acl = [ "pattern readwrite #" ]` in the listener.

+18 -3

nixos/modules/services/networking/mosquitto.nix

··· 257 257 258 258 users = mkOption { 259 259 type = attrsOf userOptions; 260 260 - example = { john = { password = "123456"; acl = [ "topic readwrite john/#" ]; }; }; 260 260 + example = { john = { password = "123456"; acl = [ "readwrite john/#" ]; }; }; 261 261 description = '' 262 262 A set of users and their passwords and ACLs. 263 263 ''; 264 264 default = {}; 265 265 }; 266 266 267 267 + omitPasswordAuth = mkOption { 268 268 + type = bool; 269 269 + description = '' 270 270 + Omits password checking, allowing anyone to log in with any user name unless 271 271 + other mandatory authentication methods (eg TLS client certificates) are configured. 272 272 + ''; 273 273 + default = false; 274 274 + }; 275 275 + 267 276 acl = mkOption { 268 277 type = listOf str; 269 278 description = '' 270 279 Additional ACL items to prepend to the generated ACL file. 271 280 ''; 281 281 + example = [ "pattern read #" "topic readwrite anon/report/#" ]; 272 282 default = []; 273 283 }; 274 284 ··· 294 304 formatListener = idx: listener: 295 305 [ 296 306 "listener ${toString listener.port} ${toString listener.address}" 297 297 - "password_file ${cfg.dataDir}/passwd-${toString idx}" 298 307 "acl_file ${makeACLFile idx listener.users listener.acl}" 299 308 ] 309 309 + ++ optional (! listener.omitPasswordAuth) "password_file ${cfg.dataDir}/passwd-${toString idx}" 300 310 ++ formatFreeform {} listener.settings 301 311 ++ concatMap formatAuthPlugin listener.authPlugins; 302 312 ··· 645 655 646 656 }; 647 657 648 648 - meta.maintainers = with lib.maintainers; [ pennae ]; 658 658 + meta = { 659 659 + maintainers = with lib.maintainers; [ pennae ]; 660 660 + # Don't edit the docbook xml directly, edit the md and generate it: 661 661 + # `pandoc mosquitto.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > mosquitto.xml` 662 662 + doc = ./mosquitto.xml; 663 663 + }; 649 664 }

+147

nixos/modules/services/networking/mosquitto.xml

··· 1 1 + <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-mosquitto"> 2 2 + <title>Mosquitto</title> 3 3 + <para> 4 4 + Mosquitto is a MQTT broker often used for IoT or home automation 5 5 + data transport. 6 6 + </para> 7 7 + <section xml:id="module-services-mosquitto-quickstart"> 8 8 + <title>Quickstart</title> 9 9 + <para> 10 10 + A minimal configuration for Mosquitto is 11 11 + </para> 12 12 + <programlisting language="bash"> 13 13 + services.mosquitto = { 14 14 + enable = true; 15 15 + listeners = [ { 16 16 + acl = [ &quot;pattern readwrite #&quot; ]; 17 17 + omitPasswordAuth = true; 18 18 + settings.allow_anonymous = true; 19 19 + } ]; 20 20 + }; 21 21 + </programlisting> 22 22 + <para> 23 23 + This will start a broker on port 1883, listening on all interfaces 24 24 + of the machine, allowing read/write access to all topics to any 25 25 + user without password requirements. 26 26 + </para> 27 27 + <para> 28 28 + User authentication can be configured with the 29 29 + <literal>users</literal> key of listeners. A config that gives 30 30 + full read access to a user <literal>monitor</literal> and 31 31 + restricted write access to a user <literal>service</literal> could 32 32 + look like 33 33 + </para> 34 34 + <programlisting language="bash"> 35 35 + services.mosquitto = { 36 36 + enable = true; 37 37 + listeners = [ { 38 38 + users = { 39 39 + monitor = { 40 40 + acl = [ &quot;read #&quot; ]; 41 41 + password = &quot;monitor&quot;; 42 42 + }; 43 43 + service = { 44 44 + acl = [ &quot;write service/#&quot; ]; 45 45 + password = &quot;service&quot;; 46 46 + }; 47 47 + }; 48 48 + } ]; 49 49 + }; 50 50 + </programlisting> 51 51 + <para> 52 52 + TLS authentication is configured by setting TLS-related options of 53 53 + the listener: 54 54 + </para> 55 55 + <programlisting language="bash"> 56 56 + services.mosquitto = { 57 57 + enable = true; 58 58 + listeners = [ { 59 59 + port = 8883; # port change is not required, but helpful to avoid mistakes 60 60 + # ... 61 61 + settings = { 62 62 + cafile = &quot;/path/to/mqtt.ca.pem&quot;; 63 63 + certfile = &quot;/path/to/mqtt.pem&quot;; 64 64 + keyfile = &quot;/path/to/mqtt.key&quot;; 65 65 + }; 66 66 + } ]; 67 67 + </programlisting> 68 68 + </section> 69 69 + <section xml:id="module-services-mosquitto-config"> 70 70 + <title>Configuration</title> 71 71 + <para> 72 72 + The Mosquitto configuration has four distinct types of settings: 73 73 + the global settings of the daemon, listeners, plugins, and 74 74 + bridges. Bridges and listeners are part of the global 75 75 + configuration, plugins are part of listeners. Users of the broker 76 76 + are configured as parts of listeners rather than globally, 77 77 + allowing configurations in which a given user is only allowed to 78 78 + log in to the broker using specific listeners (eg to configure an 79 79 + admin user with full access to all topics, but restricted to 80 80 + localhost). 81 81 + </para> 82 82 + <para> 83 83 + Almost all options of Mosquitto are available for configuration at 84 84 + their appropriate levels, some as NixOS options written in camel 85 85 + case, the remainders under <literal>settings</literal> with their 86 86 + exact names in the Mosquitto config file. The exceptions are 87 87 + <literal>acl_file</literal> (which is always set according to the 88 88 + <literal>acl</literal> attributes of a listener and its users) and 89 89 + <literal>per_listener_settings</literal> (which is always set to 90 90 + <literal>true</literal>). 91 91 + </para> 92 92 + <section xml:id="module-services-mosquitto-config-passwords"> 93 93 + <title>Password authentication</title> 94 94 + <para> 95 95 + Mosquitto can be run in two modes, with a password file or 96 96 + without. Each listener has its own password file, and different 97 97 + listeners may use different password files. Password file 98 98 + generation can be disabled by setting 99 99 + <literal>omitPasswordAuth = true</literal> for a listener; in 100 100 + this case it is necessary to either set 101 101 + <literal>settings.allow_anonymous = true</literal> to allow all 102 102 + logins, or to configure other authentication methods like TLS 103 103 + client certificates with 104 104 + <literal>settings.use_identity_as_username = true</literal>. 105 105 + </para> 106 106 + <para> 107 107 + The default is to generate a password file for each listener 108 108 + from the users configured to that listener. Users with no 109 109 + configured password will not be added to the password file and 110 110 + thus will not be able to use the broker. 111 111 + </para> 112 112 + </section> 113 113 + <section xml:id="module-services-mosquitto-config-acl"> 114 114 + <title>ACL format</title> 115 115 + <para> 116 116 + Every listener has a Mosquitto <literal>acl_file</literal> 117 117 + attached to it. This ACL is configured via two attributes of the 118 118 + config: 119 119 + </para> 120 120 + <itemizedlist spacing="compact"> 121 121 + <listitem> 122 122 + <para> 123 123 + the <literal>acl</literal> attribute of the listener 124 124 + configures pattern ACL entries and topic ACL entries for 125 125 + anonymous users. Each entry must be prefixed with 126 126 + <literal>pattern</literal> or <literal>topic</literal> to 127 127 + distinguish between these two cases. 128 128 + </para> 129 129 + </listitem> 130 130 + <listitem> 131 131 + <para> 132 132 + the <literal>acl</literal> attribute of every user 133 133 + configures in the listener configured the ACL for that given 134 134 + user. Only topic ACLs are supported by Mosquitto in this 135 135 + setting, so no prefix is required or allowed. 136 136 + </para> 137 137 + </listitem> 138 138 + </itemizedlist> 139 139 + <para> 140 140 + The default ACL for a listener is empty, disallowing all 141 141 + accesses from all clients. To configure a completely open ACL, 142 142 + set <literal>acl = [ &quot;pattern readwrite #&quot; ]</literal> 143 143 + in the listener. 144 144 + </para> 145 145 + </section> 146 146 + </section> 147 147 + </chapter>

+1 -1

nixos/modules/virtualisation/libvirtd.nix

··· 254 254 "allow ${e}") 255 255 cfg.allowedBridges; 256 256 systemPackages = with pkgs; [ libressl.nc iptables cfg.package cfg.qemu.package ]; 257 257 - etc.ethertypes.source = "${pkgs.ebtables}/etc/ethertypes"; 257 257 + etc.ethertypes.source = "${pkgs.iptables}/etc/ethertypes"; 258 258 }; 259 259 260 260 boot.kernelModules = [ "tun" ];

+28 -13

nixos/tests/mosquitto.nix

··· 3 3 let 4 4 port = 1888; 5 5 tlsPort = 1889; 6 6 + anonPort = 1890; 6 7 password = "VERY_secret"; 7 8 hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw=="; 8 9 topic = "test/foo"; ··· 63 64 }; 64 65 in { 65 66 server = { pkgs, ... }: { 66 66 - networking.firewall.allowedTCPPorts = [ port tlsPort ]; 67 67 + networking.firewall.allowedTCPPorts = [ port tlsPort anonPort ]; 67 68 services.mosquitto = { 68 69 enable = true; 69 70 settings = { ··· 112 113 use_identity_as_username = true; 113 114 }; 114 115 } 116 116 + { 117 117 + port = anonPort; 118 118 + omitPasswordAuth = true; 119 119 + settings.allow_anonymous = true; 120 120 + acl = [ "pattern read #" ]; 121 121 + users = { 122 122 + anonWriter = { 123 123 + password = "<ignored>" + password; 124 124 + acl = [ "write ${topic}" ]; 125 125 + }; 126 126 + }; 127 127 + } 115 128 ]; 116 129 }; 117 130 }; ··· 136 149 def publish(args, user, topic="${topic}", port=${toString port}): 137 150 return "{} {}".format(mosquitto_cmd("pub", user, topic, port), args) 138 151 139 139 - 140 152 def subscribe(args, user, topic="${topic}", port=${toString port}): 141 141 - return "{} -C 1 {}".format(mosquitto_cmd("sub", user, topic, port), args) 153 153 + return "{} -W 5 -C 1 {}".format(mosquitto_cmd("sub", user, topic, port), args) 142 154 143 155 def parallel(*fns): 144 156 from threading import Thread ··· 150 162 start_all() 151 163 server.wait_for_unit("mosquitto.service") 152 164 153 153 - def check_passwords(): 165 165 + with subtest("check passwords"): 154 166 client1.succeed(publish("-m test", "password_store")) 155 167 client1.succeed(publish("-m test", "password_file")) 156 168 client1.succeed(publish("-m test", "hashed_store")) 157 169 client1.succeed(publish("-m test", "hashed_file")) 158 170 159 159 - check_passwords() 160 160 - 161 161 - def check_acl(): 171 171 + with subtest("check acl"): 162 172 client1.succeed(subscribe("", "reader", topic="$SYS/#")) 163 163 - client1.fail(subscribe("-W 5", "writer", topic="$SYS/#")) 173 173 + client1.fail(subscribe("", "writer", topic="$SYS/#")) 164 174 165 175 parallel( 166 176 lambda: client1.succeed(subscribe("-i 3688cdd7-aa07-42a4-be22-cb9352917e40", "reader")), ··· 170 180 ]) 171 181 172 182 parallel( 173 173 - lambda: client1.fail(subscribe("-W 5 -i 24ff16a2-ae33-4a51-9098-1b417153c712", "reader")), 183 183 + lambda: client1.fail(subscribe("-i 24ff16a2-ae33-4a51-9098-1b417153c712", "reader")), 174 184 lambda: [ 175 185 server.wait_for_console_text("24ff16a2-ae33-4a51-9098-1b417153c712"), 176 186 client2.succeed(publish("-m test", "reader")) 177 187 ]) 178 188 179 179 - check_acl() 180 180 - 181 181 - def check_tls(): 189 189 + with subtest("check tls"): 182 190 client1.succeed( 183 191 subscribe( 184 192 "--cafile ${snakeOil}/ca.crt " ··· 188 196 port=${toString tlsPort}, 189 197 user="no_such_user")) 190 198 191 191 - check_tls() 199 199 + with subtest("check omitPasswordAuth"): 200 200 + parallel( 201 201 + lambda: client1.succeed(subscribe("-i fd56032c-d9cb-4813-a3b4-6be0e04c8fc3", 202 202 + "anonReader", port=${toString anonPort})), 203 203 + lambda: [ 204 204 + server.wait_for_console_text("fd56032c-d9cb-4813-a3b4-6be0e04c8fc3"), 205 205 + client2.succeed(publish("-m test", "anonWriter", port=${toString anonPort})) 206 206 + ]) 192 207 ''; 193 208 })

+11

pkgs/applications/audio/ecasound/default.nix

··· 1 1 { lib, stdenv 2 2 , fetchurl 3 3 + , fetchpatch 3 4 , pkg-config 4 5 , alsa-lib 5 6 , audiofile ··· 27 28 url = "https://ecasound.seul.org/download/ecasound-${version}.tar.gz"; 28 29 sha256 = "1m7njfjdb7sqf0lhgc4swihgdr4snkg8v02wcly08wb5ar2fr2s6"; 29 30 }; 31 31 + 32 32 + patches = [ 33 33 + # Pull patch pending upstream inclusion for ncurses-6.3: 34 34 + # https://sourceforge.net/p/ecasound/bugs/54/ 35 35 + (fetchpatch { 36 36 + name = "ncursdes-6.3.patch"; 37 37 + url = "https://sourceforge.net/p/ecasound/bugs/54/attachment/0001-ecasignalview.cpp-always-use-s-style-format-for-prin.patch"; 38 38 + sha256 = "1x1gsjzd43lh19mhpmwrbq269h56s8bxgyv0yfi5yf0sqjf9vaq0"; 39 39 + }) 40 40 + ]; 30 41 31 42 nativeBuildInputs = [ 32 43 pkg-config

+12 -1

pkgs/applications/editors/aewan/default.nix

··· 1 1 - { lib, stdenv, fetchurl, zlib, ncurses }: 1 1 + { lib, stdenv, fetchurl, fetchpatch, zlib, ncurses }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "aewan"; ··· 8 8 url = "mirror://sourceforge/aewan/${pname}-${version}.tar.gz"; 9 9 sha256 = "5266dec5e185e530b792522821c97dfa5f9e3892d0dca5e881d0c30ceac21817"; 10 10 }; 11 11 + 12 12 + patches = [ 13 13 + # Pull patch pending upstream inclusion: 14 14 + # https://sourceforge.net/p/aewan/bugs/13/ 15 15 + (fetchpatch { 16 16 + url = "https://sourceforge.net/p/aewan/bugs/13/attachment/aewan-cvs-ncurses-6.3.patch"; 17 17 + sha256 = "0pgpk1l3d6d5y37lvvavipwnmv9gmpfdy21jkz6baxhlkgf43r4p"; 18 18 + # patch is in CVS diff format, add 'a/' prefix 19 19 + extraPrefix = ""; 20 20 + }) 21 21 + ]; 11 22 12 23 buildInputs = [ zlib ncurses ]; 13 24

+7 -2

pkgs/applications/graphics/imgbrd-grabber/default.nix

··· 6 6 , qttools 7 7 , qtscript 8 8 , qtdeclarative 9 9 + , qtnetworkauth 9 10 , qtbase 10 11 , autogen 11 12 , automake ··· 17 18 , rsync 18 19 , typescript 19 20 }: 21 21 + 20 22 stdenv.mkDerivation rec { 21 23 pname = "imgbrd-grabber"; 24 24 + version = "7.5.1"; 22 25 23 23 - version = "7.3.2"; 24 26 src = fetchFromGitHub { 25 27 owner = "Bionus"; 26 28 repo = "imgbrd-grabber"; 27 29 rev = "v${version}"; 28 28 - sha256 = "053rwvcr88fcba0447a6r115cgnqsm9rl066z8d5jacqnhdij58k"; 30 30 + sha256 = "sha256-40JCdtRhAQpz2lBGmYh2MgA9rRzHmOZx7lWW0IbfjP4="; 29 31 fetchSubmodules = true; 30 32 }; 31 33 ··· 41 43 qtbase 42 44 qtdeclarative 43 45 qttools 46 46 + qtnetworkauth 44 47 nodejs 45 48 cmake 46 49 wrapQtAppsHook ··· 67 70 68 71 # link the catch2 sources from nixpkgs 69 72 ln -sf ${catch2.src} tests/src/vendor/catch 73 73 + 74 74 + sed "s|strict\": true|strict\": false|g" -i ./sites/tsconfig.json 70 75 ''; 71 76 72 77 postInstall = ''

+10 -1

pkgs/applications/misc/bemenu/default.nix

··· 1 1 - { stdenv, lib, fetchFromGitHub, cairo, libxkbcommon 1 1 + { stdenv, lib, fetchFromGitHub, fetchpatch, cairo, libxkbcommon 2 2 , pango, fribidi, harfbuzz, pcre, pkg-config 3 3 , ncursesSupport ? true, ncurses ? null 4 4 , waylandSupport ? true, wayland ? null, wayland-protocols ? null ··· 19 19 rev = version; 20 20 sha256 = "sha256-U4IMfDvQ0rfEJhE3Uext2c/Cs0mjy1tw+k8uk441Ag8="; 21 21 }; 22 22 + 23 23 + patches = [ 24 24 + # Pull upstream fix for build against ncurses-6.3 25 25 + (fetchpatch { 26 26 + name = "ncurses-6.3.patch"; 27 27 + url = "https://github.com/Cloudef/bemenu/commit/d31164db756989579468946aba62969e42c7ed28.patch"; 28 28 + sha256 = "sha256-oyndQI7SaR8cK0IO5wIIxMpmakhfUzwUqLIKRbPkEdw="; 29 29 + }) 30 30 + ]; 22 31 23 32 nativeBuildInputs = [ pkg-config pcre ]; 24 33

+4 -5

pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix

··· 43 43 44 44 # Hardening 45 45 , graphene-hardened-malloc 46 46 - # crashes with intel driver 47 47 - , useHardenedMalloc ? false 46 46 + # Whether to use graphene-hardened-malloc 47 47 + , useHardenedMalloc ? true 48 48 49 49 - # Whether to disable multiprocess support to work around crashing tabs 50 50 - # TODO: fix the underlying problem instead of this terrible work-around 51 51 - , disableContentSandbox ? true 49 49 + # Whether to disable multiprocess support 50 50 + , disableContentSandbox ? false 52 51 53 52 # Extra preferences 54 53 , extraPrefs ? ""

+11 -1

pkgs/applications/networking/instant-messengers/mcabber/default.nix

··· 1 1 - { lib, stdenv, fetchurl, openssl, ncurses, pkg-config, glib, loudmouth, libotr 1 1 + { lib, stdenv, fetchurl, fetchpatch, openssl, ncurses, pkg-config, glib, loudmouth, libotr 2 2 , gpgme 3 3 }: 4 4 ··· 10 10 url = "https://mcabber.com/files/mcabber-${version}.tar.bz2"; 11 11 sha256 = "0q1i5acyghsmzas88qswvki8kkk2nfpr8zapgnxbcd3lwcxl38f4"; 12 12 }; 13 13 + 14 14 + patches = [ 15 15 + # Pull upstream patch for ncurses-6.3. 16 16 + (fetchpatch { 17 17 + name = "ncurses-6.3.patch"; 18 18 + url = "https://github.com/McKael/mcabber/commit/5a0893d69023b77b7671731defbdca5d47731130.patch"; 19 19 + sha256 = "01bc23z0mva9l9jv587sq2r9w3diachgkmb9ad99hlzgj02fmq4v"; 20 20 + stripLen = 1; 21 21 + }) 22 22 + ]; 13 23 14 24 nativeBuildInputs = [ pkg-config ]; 15 25 buildInputs = [ openssl ncurses glib loudmouth libotr gpgme ];

+10 -1

pkgs/applications/networking/instant-messengers/toxic/default.nix

··· 1 1 - { lib, stdenv, fetchFromGitHub, libsodium, ncurses, curl 1 1 + { lib, stdenv, fetchFromGitHub, fetchpatch, libsodium, ncurses, curl 2 2 , libtoxcore, openal, libvpx, freealut, libconfig, pkg-config, libopus 3 3 , qrencode, gdk-pixbuf, libnotify }: 4 4 ··· 12 12 rev = "v${version}"; 13 13 sha256 = "sha256-5jLXXI+IMrYa7ZtdMjJrah1zB5TJ3GdHfvcMd1TYE4E="; 14 14 }; 15 15 + 16 16 + patches = [ 17 17 + # Pending for upstream inclusion fix for ncurses-6.3 compatibility. 18 18 + (fetchpatch { 19 19 + name = "ncurses-6.3.patch"; 20 20 + url = "https://github.com/JFreegman/toxic/commit/41e93adbdbd56db065166af5a6676a7996e9e451.patch"; 21 21 + sha256 = "sha256-LYEseB5FmXFNifa1RZUxhkXeWlkEEMm3ASD55IoUPa0="; 22 22 + }) 23 23 + ]; 15 24 16 25 makeFlags = [ "PREFIX=$(out)"]; 17 26 installFlags = [ "PREFIX=$(out)"];

+136

pkgs/applications/science/electronics/picoscope/default.nix

··· 1 1 + { stdenv, lib, fetchurl, dpkg, makeWrapper , mono, gtk-sharp-3_0 2 2 + , glib, libusb1 , zlib, gtk3-x11, callPackage 3 3 + , scopes ? [ 4 4 + "picocv" 5 5 + "ps2000" 6 6 + "ps2000a" 7 7 + "ps3000" 8 8 + "ps3000a" 9 9 + "ps4000" 10 10 + "ps4000a" 11 11 + "ps5000" 12 12 + "ps5000a" 13 13 + "ps6000" 14 14 + "ps6000a" 15 15 + ] }: 16 16 + 17 17 + let 18 18 + shared_meta = lib: 19 19 + with lib; { 20 20 + homepage = "https://www.picotech.com/downloads/linux"; 21 21 + maintainers = with maintainers; [ expipiplus1 yorickvp wirew0rm ]; 22 22 + platforms = [ "x86_64-linux" ]; 23 23 + license = licenses.unfree; 24 24 + }; 25 25 + 26 26 + libpicoipp = callPackage ({ stdenv, lib, fetchurl, autoPatchelfHook, dpkg }: 27 27 + stdenv.mkDerivation rec { 28 28 + pname = "libpicoipp"; 29 29 + inherit (sources.libpicoipp) version; 30 30 + src = fetchurl { inherit (sources.libpicoipp) url sha256; }; 31 31 + nativeBuildInputs = [ dpkg autoPatchelfHook ]; 32 32 + buildInputs = [ stdenv.cc.cc.lib ]; 33 33 + sourceRoot = "."; 34 34 + unpackCmd = "dpkg-deb -x $src ."; 35 35 + installPhase = '' 36 36 + runHook preInstall 37 37 + mkdir -p $out/lib 38 38 + cp -d opt/picoscope/lib/* $out/lib 39 39 + install -Dt $out/usr/share/doc/libpicoipp usr/share/doc/libpicoipp/copyright 40 40 + runHook postInstall 41 41 + ''; 42 42 + meta = with lib; 43 43 + shared_meta lib // { 44 44 + description = "library for picotech oscilloscope software"; 45 45 + }; 46 46 + }) { }; 47 47 + 48 48 + # If we don't have a platform available, put a dummy version here, so at 49 49 + # least evaluation succeeds. 50 50 + sources = 51 51 + (lib.importJSON ./sources.json).${stdenv.system} or { picoscope.version = "unknown"; }; 52 52 + 53 53 + scopePkg = name: 54 54 + { url, version, sha256 }: 55 55 + stdenv.mkDerivation rec { 56 56 + pname = "lib${name}"; 57 57 + inherit version; 58 58 + src = fetchurl { inherit url sha256; }; 59 59 + # picoscope does a signature check, so we can't patchelf these 60 60 + nativeBuildInputs = [ dpkg ]; 61 61 + sourceRoot = "."; 62 62 + unpackCmd = "dpkg-deb -x $src ."; 63 63 + installPhase = '' 64 64 + runHook preInstall 65 65 + mkdir -p $out/lib 66 66 + cp -d opt/picoscope/lib/* $out/lib 67 67 + runHook postInstall 68 68 + ''; 69 69 + meta = with lib; 70 70 + shared_meta lib // { 71 71 + description = "library for picotech oscilloscope ${name} series"; 72 72 + }; 73 73 + }; 74 74 + 75 75 + scopePkgs = lib.mapAttrs scopePkg sources; 76 76 + 77 77 + in stdenv.mkDerivation rec { 78 78 + pname = "picoscope"; 79 79 + inherit (sources.picoscope) version; 80 80 + 81 81 + src = fetchurl { inherit (sources.picoscope) url sha256; }; 82 82 + 83 83 + nativeBuildInputs = [ dpkg makeWrapper ]; 84 84 + buildInputs = [ gtk-sharp-3_0 mono glib libusb1 zlib ]; 85 85 + 86 86 + unpackCmd = "dpkg-deb -x $src ."; 87 87 + sourceRoot = "."; 88 88 + scopeLibs = lib.attrVals (map (x: "lib${x}") scopes) scopePkgs; 89 89 + MONO_PATH = "${gtk-sharp-3_0}/lib/mono/gtk-sharp-3.0:" + (lib.makeLibraryPath 90 90 + ([ 91 91 + glib 92 92 + gtk3-x11 93 93 + gtk-sharp-3_0 94 94 + libusb1 95 95 + zlib 96 96 + libpicoipp 97 97 + ] ++ scopeLibs)); 98 98 + 99 99 + installPhase = '' 100 100 + runHook preInstall 101 101 + mkdir -p $out/ 102 102 + cp -dr usr/share $out/share 103 103 + cp -dr opt/picoscope/* $out/ 104 104 + makeWrapper "$(command -v mono)" $out/bin/picoscope \ 105 105 + --add-flags $out/lib/PicoScope.GTK.exe \ 106 106 + --prefix MONO_PATH : "$MONO_PATH" \ 107 107 + --prefix LD_LIBRARY_PATH : "$MONO_PATH" 108 108 + runHook postInstall 109 109 + ''; 110 110 + 111 111 + # usage: 112 112 + # services.udev.packages = [ pkgs.picoscope.rules ]; 113 113 + # users.groups.pico = {}; 114 114 + # users.users.you.extraGroups = [ "pico" ]; 115 115 + passthru.rules = lib.writeTextDir "lib/udev/rules.d/95-pico.rules" '' 116 116 + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0ce9", MODE="664",GROUP="pico" 117 117 + ''; 118 118 + 119 119 + meta = with lib; 120 120 + shared_meta lib // { 121 121 + description = 122 122 + "Oscilloscope application that works with all PicoScope models"; 123 123 + longDescription = '' 124 124 + PicoScope for Linux is a powerful oscilloscope application that works 125 125 + with all PicoScope models. The most important features from PicoScope 126 126 + for Windows are included—scope, spectrum analyzer, advanced triggers, 127 127 + automated measurements, interactive zoom, persistence modes and signal 128 128 + generator control. More features are being added all the time. 129 129 + 130 130 + Waveform captures can be saved for off-line analysis, and shared with 131 131 + PicoScope for Linux, PicoScope for macOS and PicoScope for Windows 132 132 + users, or exported in text, CSV and MathWorks MATLAB 4 formats. 133 133 + ''; 134 134 + }; 135 135 + } 136 136 +

+69

pkgs/applications/science/electronics/picoscope/sources.json

··· 1 1 + { 2 2 + "x86_64-linux": { 3 3 + "libpicocv": { 4 4 + "sha256": "c2e74c2b0679df0226993d063b38d0eda5b05ff59f29bbfa12ded5226df37024", 5 5 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libpicocv/libpicocv_1.1.27-1r153_amd64.deb", 6 6 + "version": "1.1.27-1r153" 7 7 + }, 8 8 + "libpicoipp": { 9 9 + "sha256": "87ae49cd5e8dda4a73a835b95ea13e4c3fc4d1c4c9d6495c9affdf6fa6b1b4aa", 10 10 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libpicoipp/libpicoipp_1.3.0-4r121_amd64.deb", 11 11 + "version": "1.3.0-4r121" 12 12 + }, 13 13 + "libps2000": { 14 14 + "sha256": "792e506c08cebbd617e833e1547d3e5a13a186f93cea3f84608b7ed9451fb077", 15 15 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps2000/libps2000_3.0.75-3r2957_amd64.deb", 16 16 + "version": "3.0.75-3r2957" 17 17 + }, 18 18 + "libps2000a": { 19 19 + "sha256": "f31b3a8e9c6af14a59e348e4b302f12f582cdb08a47a3c04d8a6a612b4630305", 20 20 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps2000a/libps2000a_2.1.75-5r2957_amd64.deb", 21 21 + "version": "2.1.75-5r2957" 22 22 + }, 23 23 + "libps3000": { 24 24 + "sha256": "27dce3c924bb0169768a4964ce567b4a18ce74079537ca1fcba61e9234691580", 25 25 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps3000/libps3000_4.0.75-3r2957_amd64.deb", 26 26 + "version": "4.0.75-3r2957" 27 27 + }, 28 28 + "libps3000a": { 29 29 + "sha256": "31cf00ce136526af6e8b211a44a56b221d137de6eaec4d6fd7f31593b4245d62", 30 30 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps3000a/libps3000a_2.1.75-6r2957_amd64.deb", 31 31 + "version": "2.1.75-6r2957" 32 32 + }, 33 33 + "libps4000": { 34 34 + "sha256": "c976f09647f1fd2c980aafd1efe7f557bfc7c283fb9c135725c38dd59cc297e9", 35 35 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps4000/libps4000_2.1.75-2r2957_amd64.deb", 36 36 + "version": "2.1.75-2r2957" 37 37 + }, 38 38 + "libps4000a": { 39 39 + "sha256": "727f24fa74759385902d41d52a26a4636b3e3f08a8743901d15cc49622207b97", 40 40 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps4000a/libps4000a_2.1.75-2r2957_amd64.deb", 41 41 + "version": "2.1.75-2r2957" 42 42 + }, 43 43 + "libps5000": { 44 44 + "sha256": "3237c1dfdb384079b7039d2b4a8e0b0126e804830b29d60e89ae018182667edb", 45 45 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps5000/libps5000_2.1.75-3r2957_amd64.deb", 46 46 + "version": "2.1.75-3r2957" 47 47 + }, 48 48 + "libps5000a": { 49 49 + "sha256": "27947f8461a16cf59d64cd23d7a78ddd27826e38dfe9fca3902e3b553591fb19", 50 50 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps5000a/libps5000a_2.1.75-5r2957_amd64.deb", 51 51 + "version": "2.1.75-5r2957" 52 52 + }, 53 53 + "libps6000": { 54 54 + "sha256": "d65e923db969e306fb9f3f3892229a297d6187574d901dde44375270cc1e1404", 55 55 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps6000/libps6000_2.1.75-6r2957_amd64.deb", 56 56 + "version": "2.1.75-6r2957" 57 57 + }, 58 58 + "libps6000a": { 59 59 + "sha256": "eff8644ad44f9cc1cf9052e27786a1480a4ab599766c1c01e370fef40a76b224", 60 60 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/libp/libps6000a/libps6000a_1.0.75-0r2957_amd64.deb", 61 61 + "version": "1.0.75-0r2957" 62 62 + }, 63 63 + "picoscope": { 64 64 + "sha256": "3d2a0e360c8143fc03c29b394c16bfc2387164e33099a46b6905af992cfab440", 65 65 + "url": "https://labs.picotech.com/rc/picoscope7/debian/pool/main/p/picoscope/picoscope_7.0.83-1r9320_amd64.deb", 66 66 + "version": "7.0.83-1r9320" 67 67 + } 68 68 + } 69 69 + }

+44

pkgs/applications/science/electronics/picoscope/update.py

··· 1 1 + #!/usr/bin/env nix-shell 2 2 + #!nix-shell --pure -i python3 -p "python3.withPackages (ps: with ps; [ requests ])" 3 3 + import json 4 4 + import os 5 5 + import requests 6 6 + import sys 7 7 + 8 8 + def parse_packages(text): 9 9 + res = [] 10 10 + for package in resp.text.split("\n\n"): 11 11 + if not package: continue 12 12 + pkg = {} 13 13 + for field in package.split("\n"): 14 14 + if field.startswith(" "): # multiline string 15 15 + pkg[k] += "\n" + field[1:] 16 16 + else: 17 17 + [k, v] = field.split(": ", 1) 18 18 + pkg[k] = v 19 19 + res.append(pkg) 20 20 + return res 21 21 + 22 22 + def generate_sources(packages): 23 23 + sources_spec = {} 24 24 + for pkg in pkgs: 25 25 + sources_spec[pkg['Package']] = { 26 26 + "url": "https://labs.picotech.com/rc/picoscope7/debian/" + pkg["Filename"], 27 27 + "sha256": pkg["SHA256"], 28 28 + "version": pkg["Version"] 29 29 + } 30 30 + return sources_spec 31 31 + 32 32 + out = {} 33 33 + for nix_system, release in {"x86_64-linux": "amd64"}.items(): 34 34 + resp = requests.get("https://labs.picotech.com/rc/picoscope7/debian//dists/picoscope/main/binary-"+release+"/Packages") 35 35 + if resp.status_code != 200: 36 36 + print("error: could not fetch data for release {} (code {})".format(release, resp.code), file=sys.stderr) 37 37 + sys.exit(1) 38 38 + pkgs = parse_packages(resp.text) 39 39 + out[nix_system] = generate_sources(pkgs) 40 40 + 41 41 + with open(os.path.dirname(__file__) + "/sources.json", "w") as f: 42 42 + json.dump(out, f, indent=2, sort_keys=True) 43 43 + f.write('\n') 44 44 +

+29 -5

pkgs/development/python-modules/mailman-hyperkitty/default.nix

··· 1 1 - { lib, buildPythonPackage, fetchPypi, mailman, mock }: 1 1 + { lib 2 2 + , buildPythonPackage 3 3 + , fetchPypi 4 4 + , mailman 5 5 + , mock 6 6 + , nose2 7 7 + , python 8 8 + , requests 9 9 + , zope_interface 10 10 + }: 2 11 3 12 buildPythonPackage rec { 4 13 pname = "mailman-hyperkitty"; 5 14 version = "1.1.0"; 15 15 + format = "setuptools"; 6 16 7 17 src = fetchPypi { 8 18 inherit pname version; 9 19 sha256 = "1lfqa9admhvdv71f528jmz2wl0i5cv77v6l64px2pm4zqr9ckkjx"; 10 20 }; 11 21 12 12 - propagatedBuildInputs = [ mailman ]; 13 13 - checkInputs = [ mock ]; 22 22 + propagatedBuildInputs = [ 23 23 + mailman 24 24 + requests 25 25 + zope_interface 26 26 + ]; 27 27 + 28 28 + checkInputs = [ 29 29 + mock 30 30 + nose2 31 31 + ]; 14 32 15 33 checkPhase = '' 16 16 - python -m nose2 -v 34 34 + ${python.interpreter} -m nose2 -v 17 35 ''; 36 36 + 37 37 + # There is an AssertionError 18 38 doCheck = false; 19 39 40 40 + pythonImportsCheck = [ 41 41 + "mailman_hyperkitty" 42 42 + ]; 43 43 + 20 44 meta = with lib; { 21 45 description = "Mailman archiver plugin for HyperKitty"; 22 46 homepage = "https://gitlab.com/mailman/mailman-hyperkitty"; 23 23 - license = licenses.gpl3; 47 47 + license = licenses.gpl3Plus; 24 48 maintainers = with maintainers; [ globin qyliss ]; 25 49 }; 26 50 }

+2 -2

pkgs/development/python-modules/mypy-boto3-s3/default.nix

··· 8 8 9 9 buildPythonPackage rec { 10 10 pname = "mypy-boto3-s3"; 11 11 - version = "1.19.8"; 11 11 + version = "1.19.12"; 12 12 13 13 disabled = pythonOlder "3.6"; 14 14 15 15 src = fetchPypi { 16 16 inherit pname version; 17 17 - sha256 = "60481cae38e01273d09a6159e4ff8c36d5d7e335319117a16cdb3d887928a7b4"; 17 17 + sha256 = "sha256-xgcGbWcrdFwFPQLJHmgRdY2XbwAiInZxmw6RiFVJ5F4="; 18 18 }; 19 19 20 20 propagatedBuildInputs = [

+8 -1

pkgs/development/python-modules/prov/default.nix

··· 28 28 pydot 29 29 ]; 30 30 31 31 + # Multiple tests are out-dated and failing 32 32 + doCheck = false; 33 33 + 34 34 + pythonImportsCheck = [ 35 35 + "prov" 36 36 + ]; 37 37 + 31 38 meta = with lib; { 32 32 - description = "A Python library for W3C Provenance Data Model (PROV)"; 39 39 + description = "Python library for W3C Provenance Data Model (PROV)"; 33 40 homepage = "https://github.com/trungdong/prov"; 34 41 license = licenses.mit; 35 42 maintainers = with maintainers; [ ashgillman ];

+43 -17

pkgs/development/python-modules/rdflib/default.nix

··· 1 1 - { buildPythonPackage 1 1 + { lib 2 2 + , buildPythonPackage 2 3 , fetchPypi 3 3 - , isodate 4 4 , html5lib 5 5 - , SPARQLWrapper 5 5 + , isodate 6 6 , networkx 7 7 , nose 8 8 - , python 8 8 + , pyparsing 9 9 + , tabulate 10 10 + , pandas 11 11 + , pytestCheckHook 12 12 + , pythonOlder 13 13 + , SPARQLWrapper 9 14 }: 10 15 11 16 buildPythonPackage rec { 12 17 pname = "rdflib"; 13 13 - version = "6.0.1"; 18 18 + version = "6.0.2"; 19 19 + format = "setuptools"; 20 20 + 21 21 + disabled = pythonOlder "3.7"; 14 22 15 23 src = fetchPypi { 16 24 inherit pname version; 17 17 - sha256 = "f071caff0b68634e4a7bd1d66ea3416ac98f1cc3b915938147ea899c32608728"; 25 25 + sha256 = "sha256-YTauBWABR07ir/X8W5VuYqEcOpxmuw89nAqqX7tWhU4="; 18 26 }; 19 27 20 20 - propagatedBuildInputs = [isodate html5lib SPARQLWrapper ]; 28 28 + propagatedBuildInputs = [ 29 29 + isodate 30 30 + html5lib 31 31 + pyparsing 32 32 + SPARQLWrapper 33 33 + ]; 21 34 22 22 - checkInputs = [ networkx nose ]; 35 35 + checkInputs = [ 36 36 + networkx 37 37 + pandas 38 38 + nose 39 39 + tabulate 40 40 + pytestCheckHook 41 41 + ]; 23 42 24 24 - # Python 2 syntax 25 25 - # Failing doctest 26 26 - doCheck = false; 43 43 + disabledTests = [ 44 44 + # Requires network access 45 45 + "api_key" 46 46 + "BerkeleyDBTestCase" 47 47 + "test_bad_password" 48 48 + "test_service" 49 49 + "testGuessFormatForParse" 50 50 + ]; 27 51 28 28 - checkPhase = '' 29 29 - ${python.interpreter} run_tests.py 30 30 - ''; 52 52 + pythonImportsCheck = [ 53 53 + "rdflib" 54 54 + ]; 31 55 32 32 - meta = { 33 33 - description = "A Python library for working with RDF, a simple yet powerful language for representing information"; 34 34 - homepage = "http://www.rdflib.net/"; 56 56 + meta = with lib; { 57 57 + description = "Python library for working with RDF"; 58 58 + homepage = "https://rdflib.readthedocs.io"; 59 59 + license = licenses.bsd3; 60 60 + maintainers = with maintainers; [ ]; 35 61 }; 36 62 }

+2 -2

pkgs/development/python-modules/smbprotocol/default.nix

··· 12 12 13 13 buildPythonPackage rec { 14 14 pname = "smbprotocol"; 15 15 - version = "1.8.1"; 15 15 + version = "1.8.2"; 16 16 disabled = pythonOlder "3.6"; 17 17 18 18 src = fetchFromGitHub { 19 19 owner = "jborean93"; 20 20 repo = pname; 21 21 rev = "v${version}"; 22 22 - sha256 = "sha256-HhyOGRwDnLwrXPjvF04MlgSxGZc0w3nDek9Mnv49cG4="; 22 22 + sha256 = "sha256-NBwfWW02lzR4Xk+7qodQX+eIXMTtdy9WOtLzsf30d4c="; 23 23 }; 24 24 25 25 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/starkbank-ecdsa/default.nix

··· 6 6 7 7 buildPythonPackage rec { 8 8 pname = "starkbank-ecdsa"; 9 9 - version = "2.0.0"; 9 9 + version = "2.0.1"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "starkbank"; 13 13 repo = "ecdsa-python"; 14 14 rev = "v${version}"; 15 15 - sha256 = "sha256-MTd9aeX6UavRua0hnuy5qY5kltzSoyvv+LcL5EvU5Sc="; 15 15 + sha256 = "sha256-TYp8eIzO8Bn1hgye7PpIywVEV0tQtJ3HaYjCnn4/57w="; 16 16 }; 17 17 18 18 checkInputs = [

+2 -2

pkgs/development/tools/analysis/checkov/default.nix

··· 56 56 57 57 buildPythonApplication rec { 58 58 pname = "checkov"; 59 59 - version = "2.0.528"; 59 59 + version = "2.0.549"; 60 60 61 61 disabled = python3.pythonOlder "3.7"; 62 62 ··· 64 64 owner = "bridgecrewio"; 65 65 repo = pname; 66 66 rev = version; 67 67 - sha256 = "sha256-RcQVm3ppe3c4G/32Dgf6UhwtxJyQWgS4vD5wMYIfwKY="; 67 67 + sha256 = "sha256-nxvUxjqzBUPbOkMhdQhkdlMRGFj6vhMU3BjXpSwBb8s="; 68 68 }; 69 69 70 70 nativeBuildInputs = with py.pkgs; [

+8 -11

pkgs/development/tools/build-managers/gradle/default.nix

··· 65 65 66 66 gradle_latest = gradle_7; 67 67 68 68 - gradle_7 = gradleGen (gradleSpec { 69 69 - version = "7.2"; 70 70 - nativeVersion = "0.22-milestone-21"; 71 71 - sha256 = "1pg6w5czysywsgdvmll5bwd2p6y99cn5sn3gw69cps9mkjd710gm"; 72 72 - }); 68 68 + # NOTE: 7.3 is a candidate. 69 69 + gradle_7 = gradle_7_2; 73 70 74 74 - gradle_6_8 = gradleGen (gradleSpec { 75 75 - version = "6.8.3"; 76 76 - nativeVersion = "0.22-milestone-9"; 77 77 - sha256 = "01fjrk5nfdp6mldyblfmnkq2gv1rz1818kzgr0k2i1wzfsc73akz"; 78 78 - }); 71 71 + gradle_7_3 = gradleGen (gradleSpec (import ./gradle-7.3-rc-3-spec.nix)); 72 72 + gradle_7_2 = gradleGen (gradleSpec (import ./gradle-7.2-spec.nix)); 73 73 + gradle_6_9 = gradleGen (gradleSpec (import ./gradle-6.9.1-spec.nix)); 79 74 75 75 + # NOTE: No GitHub Release for this release, so update.sh does not work. 80 76 gradle_5_6 = gradleGen (gradleSpec { 81 77 version = "5.6.4"; 82 78 nativeVersion = "0.18"; 83 83 - sha256 = "1f3067073041bc44554d0efe5d402a33bc3d3c93cc39ab684f308586d732a80d"; 79 79 + sha256 = "03d86bbqd19h9xlanffcjcy3vg1k5905vzhf9mal9g21603nfc0z"; 84 80 }); 85 81 82 82 + # NOTE: No GitHub Release for this release, so update.sh does not work. 86 83 gradle_4_10 = gradleGen (gradleSpec { 87 84 version = "4.10.3"; 88 85 nativeVersion = "0.14";

+5

pkgs/development/tools/build-managers/gradle/gradle-6.9.1-spec.nix

··· 1 1 + { 2 2 + version = "6.9.1"; 3 3 + nativeVersion = "0.22-milestone-20"; 4 4 + sha256 = "1zmjfwlh34b65rdx9izgavw3qwqqwm39h5siyj2bf0m55111a4lc"; 5 5 + }

+5

pkgs/development/tools/build-managers/gradle/gradle-7.2-spec.nix

··· 1 1 + { 2 2 + version = "7.2"; 3 3 + nativeVersion = "0.22-milestone-21"; 4 4 + sha256 = "1pg6w5czysywsgdvmll5bwd2p6y99cn5sn3gw69cps9mkjd710gm"; 5 5 + }

+5

pkgs/development/tools/build-managers/gradle/gradle-7.3-rc-3-spec.nix

··· 1 1 + { 2 2 + version = "7.3-rc-3"; 3 3 + nativeVersion = "0.22-milestone-21"; 4 4 + sha256 = "0401q4qpl36a2vnlrlsblflfiiy3b95gyj2wj62hzc1x00hbfznm"; 5 5 + }

+57

pkgs/development/tools/build-managers/gradle/update.sh

··· 1 1 + #!/usr/bin/env nix-shell 2 2 + #!nix-shell -i bash -p nix-prefetch curl jq 3 3 + 4 4 + # Generates Gradle release specs from GitHub Releases. 5 5 + # 6 6 + # As of 2021-11, this script has very poor error handling, 7 7 + # it is expected to be run by maintainers as one-off job 8 8 + # only. 9 9 + # 10 10 + # NOTE: The earliest Gradle release that has a 11 11 + # corresponding entry as GitHub Release is 6.8-rc-1. 12 12 + 13 13 + for v in $(curl -s "https://api.github.com/repos/gradle/gradle/releases" | jq -r '.[].tag_name' | sort -n -r) 14 14 + do 15 15 + # Tag names and download filenames are not the same, 16 16 + # we modify the tag name slightly to translate it 17 17 + # to the naming scheme of download filenames. 18 18 + # This translation assumes a tag naming scheme. 19 19 + # As of 2021-11 it works from 6.8-rc-1 to 7.3-rc-3. 20 20 + 21 21 + # Remove first letter (assumed to be "v"). 22 22 + v=${v:1} 23 23 + 24 24 + # To lower case. 25 25 + v=${v,,} 26 26 + 27 27 + # Add dash after "rc". 28 28 + v=${v/-rc/-rc-} 29 29 + 30 30 + # Remove trailing ".0" 31 31 + v=${v%.0} 32 32 + 33 33 + # Remove trailing ".0" for release candidates. 34 34 + v=${v/.0-rc/-rc} 35 35 + 36 36 + f="gradle-${v}-spec.nix" 37 37 + 38 38 + if [ -f "$f" ] 39 39 + then 40 40 + echo "$v SKIP" 41 41 + continue 42 42 + fi 43 43 + 44 44 + url="https://services.gradle.org/distributions/gradle-${v}-bin.zip" 45 45 + read -d "\n" gradle_hash gradle_path < <(nix-prefetch-url --print-path $url) 46 46 + 47 47 + # Prefix and suffix for "native-platform" dependency. 48 48 + gradle_native_prefix="gradle-$v/lib/native-native-" 49 49 + gradle_native_suffix=".jar" 50 50 + gradle_native=$(zipinfo -1 "$gradle_path" "$gradle_native_prefix*$gradle_native_suffix" | head -n1) 51 51 + gradle_native=${gradle_native#"$gradle_native_prefix"} 52 52 + gradle_native=${gradle_native%"$gradle_native_suffix"} 53 53 + 54 54 + echo -e "{\\n version = \"$v\";\\n nativeVersion = \"$gradle_native\";\\n sha256 = \"$gradle_hash\";\\n}" > $f 55 55 + 56 56 + echo "$v DONE" 57 57 + done

+1 -1

pkgs/development/tools/scenebuilder/default.nix

··· 1 1 { lib, stdenv, fetchFromGitHub, jdk11, gradleGen, makeDesktopItem, copyDesktopItems, perl, writeText, runtimeShell, makeWrapper, glib, wrapGAppsHook }: 2 2 let 3 3 - gradle = (gradleGen.override (old: { java = jdk11; })).gradle_6_8; 3 3 + gradle = (gradleGen.override (old: { java = jdk11; })).gradle_6_9; 4 4 5 5 pname = "scenebuilder"; 6 6 version = "15.0.1";

+8

pkgs/games/bastet/default.nix

··· 18 18 url = "https://github.com/fph/bastet/commit/0e03f8d4d6bc6949cf1c447e632ce0d1b98c4be1.patch"; 19 19 sha256 = "1475hisbm44jirsrhdlnddppsyn83xmvcx09gfkm9drcix05alzj"; 20 20 }) 21 21 + 22 22 + # Fix pending upstream inclusion for ncurses-6.3: 23 23 + # https://github.com/fph/bastet/pull/21 24 24 + (fetchpatch { 25 25 + name = "ncurses-6.3.patch"; 26 26 + url = "https://github.com/fph/bastet/commit/54a6d127351ea2c62f50efafe97c5b02e23e86a7.patch"; 27 27 + sha256 = "14v95b0m16m6ycd82i3wpp81kbmj6qz029b1m5483dkk6mwz98iy"; 28 28 + }) 21 29 ]; 22 30 23 31 installPhase = ''

+1 -1

pkgs/games/mindustry/default.nix

··· 88 88 ''; 89 89 90 90 # The default one still uses jdk8 (#89731) 91 91 - gradle_6 = (gradleGen.override (old: { java = jdk; })).gradle_6_8; 91 91 + gradle_6 = (gradleGen.override (old: { java = jdk; })).gradle_6_9; 92 92 93 93 # fake build to pre-download deps into fixed-output derivation 94 94 deps = stdenv.mkDerivation {

+23 -10

pkgs/misc/pylode/default.nix

··· 1 1 { lib 2 2 - , python3Packages 2 2 + , python3 3 3 , fetchFromGitHub 4 4 }: 5 5 6 6 - python3Packages.buildPythonApplication rec { 7 7 - pname = "pyLODE"; 6 6 + python3.pkgs.buildPythonApplication rec { 7 7 + pname = "pylode"; 8 8 version = "2.12.0"; 9 9 + format = "setuptools"; 10 10 + 11 11 + disabled = python3.pythonOlder "3.6"; 9 12 10 13 src = fetchFromGitHub { 11 14 owner = "RDFLib"; ··· 14 17 sha256 = "sha256-X/YiJduAJNiceIrlCFwD2PFiMn3HVlzr9NzyDvYcql8="; 15 18 }; 16 19 17 17 - propagatedBuildInputs = with python3Packages; [ 18 18 - python-dateutil 20 20 + propagatedBuildInputs = with python3.pkgs; [ 21 21 + beautifulsoup4 19 22 falcon 20 20 - gunicorn 21 21 - isodate 22 23 jinja2 23 24 markdown 25 25 + python-dateutil 24 26 rdflib 25 27 requests 26 26 - six 27 27 - beautifulsoup4 28 28 + ]; 29 29 + 30 30 + postPatch = '' 31 31 + substituteInPlace requirements.txt \ 32 32 + --replace "rdflib==6.0.0" "rdflib" 33 33 + ''; 34 34 + 35 35 + # Path issues with the tests 36 36 + doCheck = false; 37 37 + 38 38 + pythonImportsCheck = [ 39 39 + "pylode" 28 40 ]; 29 41 30 42 meta = with lib; { 31 31 - description = "An OWL ontology documentation tool using Python and templating, based on LODE"; 43 43 + description = "OWL ontology documentation tool using Python and templating, based on LODE"; 32 44 homepage = "https://github.com/RDFLib/pyLODE"; 45 45 + # Next release will move to BSD3 33 46 license = licenses.gpl3Only; 34 47 maintainers = with maintainers; [ koslambrou ]; 35 48 };

+1

pkgs/servers/home-assistant/default.nix

··· 320 320 "ecobee" 321 321 "econet" 322 322 "ee_brightbox" 323 323 + "efergy" 323 324 "elgato" 324 325 "elkm1" 325 326 "emonitor"

+2 -2

pkgs/tools/misc/riemann-c-client/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "riemann-c-client"; 5 5 - version = "1.10.4"; 5 5 + version = "1.10.5"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "algernon"; 9 9 repo = "riemann-c-client"; 10 10 rev = "riemann-c-client-${version}"; 11 11 - sha256 = "01gzqxqm1xvki2vd78c7my2kgp4fyhkcf5j5fmy8z0l93lgj82rr"; 11 11 + sha256 = "sha256-LuI9XFDPx0qw/+kkpXd0FOMESERAp31R1+ttkGuJnPA="; 12 12 }; 13 13 14 14 nativeBuildInputs = [ autoreconfHook pkg-config ];

+12

pkgs/tools/networking/bwm-ng/default.nix

··· 2 2 , stdenv 3 3 , autoreconfHook 4 4 , fetchurl 5 5 + , fetchpatch 5 6 , ncurses 6 7 }: 7 8 ··· 13 14 url = "https://www.gropp.org/bwm-ng/${pname}-${version}.tar.gz"; 14 15 sha256 = "0ikzyvnb73msm9n7ripg1dsw9av1i0c7q2hi2173xsj8zyv559f1"; 15 16 }; 17 17 + 18 18 + patches = [ 19 19 + # Pull upstream fix for ncurses-6.3 support. 20 20 + (fetchpatch { 21 21 + name = "ncurses-6.3.patch"; 22 22 + url = "https://github.com/vgropp/bwm-ng/commit/6a2087db6cc7ac5b5f667fcd17c262c079e8dcf2.patch"; 23 23 + sha256 = "1l5dii9d52v0x0sq458ybw7m9p8aan2vl94gwx5s8mgxsnbcmzzx"; 24 24 + # accidentally committed changes 25 25 + excludes = [ "config.h.in~" "configure.in" "configure~" ]; 26 26 + }) 27 27 + ]; 16 28 17 29 nativeBuildInputs = [ 18 30 autoreconfHook

+1 -1

pkgs/tools/security/metasploit/Gemfile

··· 1 1 # frozen_string_literal: true 2 2 source "https://rubygems.org" 3 3 4 4 - gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.12" 4 4 + gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.13"

+17 -17

pkgs/tools/security/metasploit/Gemfile.lock

··· 1 1 GIT 2 2 remote: https://github.com/rapid7/metasploit-framework 3 3 - revision: bde342fd8293e49a45ba837ca9a1fdea505bc919 4 4 - ref: refs/tags/6.1.12 3 3 + revision: 643afb56f7f86a858e3da144fd367575a2f0b2c6 4 4 + ref: refs/tags/6.1.13 5 5 specs: 6 6 - metasploit-framework (6.1.12) 6 6 + metasploit-framework (6.1.13) 7 7 actionpack (~> 6.0) 8 8 activerecord (~> 6.0) 9 9 activesupport (~> 6.0) ··· 31 31 metasploit-concern 32 32 metasploit-credential 33 33 metasploit-model 34 34 - metasploit-payloads (= 2.0.58) 34 34 + metasploit-payloads (= 2.0.60) 35 35 metasploit_data_models 36 36 metasploit_payloads-mettle (= 1.0.15) 37 37 mqtt ··· 128 128 arel-helpers (2.12.1) 129 129 activerecord (>= 3.1.0, < 7) 130 130 aws-eventstream (1.2.0) 131 131 - aws-partitions (1.521.0) 132 132 - aws-sdk-core (3.121.5) 131 131 + aws-partitions (1.525.0) 132 132 + aws-sdk-core (3.122.0) 133 133 aws-eventstream (~> 1, >= 1.0.2) 134 134 - aws-partitions (~> 1, >= 1.520.1) 134 134 + aws-partitions (~> 1, >= 1.525.0) 135 135 aws-sigv4 (~> 1.1) 136 136 jmespath (~> 1.0) 137 137 - aws-sdk-ec2 (1.275.0) 138 138 - aws-sdk-core (~> 3, >= 3.121.2) 137 137 + aws-sdk-ec2 (1.277.0) 138 138 + aws-sdk-core (~> 3, >= 3.122.0) 139 139 aws-sigv4 (~> 1.1) 140 140 - aws-sdk-iam (1.62.0) 141 141 - aws-sdk-core (~> 3, >= 3.121.2) 140 140 + aws-sdk-iam (1.63.0) 141 141 + aws-sdk-core (~> 3, >= 3.122.0) 142 142 aws-sigv4 (~> 1.1) 143 143 - aws-sdk-kms (1.50.0) 144 144 - aws-sdk-core (~> 3, >= 3.121.2) 143 143 + aws-sdk-kms (1.51.0) 144 144 + aws-sdk-core (~> 3, >= 3.122.0) 145 145 aws-sigv4 (~> 1.1) 146 146 - aws-sdk-s3 (1.104.0) 147 147 - aws-sdk-core (~> 3, >= 3.121.2) 146 146 + aws-sdk-s3 (1.105.1) 147 147 + aws-sdk-core (~> 3, >= 3.122.0) 148 148 aws-sdk-kms (~> 1) 149 149 aws-sigv4 (~> 1.4) 150 150 aws-sigv4 (1.4.0) ··· 212 212 domain_name (~> 0.5) 213 213 http_parser.rb (0.8.0) 214 214 httpclient (2.8.3) 215 215 - i18n (1.8.10) 215 215 + i18n (1.8.11) 216 216 concurrent-ruby (~> 1.0) 217 217 io-console (0.5.9) 218 218 irb (1.3.6) ··· 247 247 activemodel (~> 6.0) 248 248 activesupport (~> 6.0) 249 249 railties (~> 6.0) 250 250 - metasploit-payloads (2.0.58) 250 250 + metasploit-payloads (2.0.60) 251 251 metasploit_data_models (5.0.4) 252 252 activerecord (~> 6.0) 253 253 activesupport (~> 6.0)

+2 -2

pkgs/tools/security/metasploit/default.nix

··· 14 14 }; 15 15 in stdenv.mkDerivation rec { 16 16 pname = "metasploit-framework"; 17 17 - version = "6.1.12"; 17 17 + version = "6.1.13"; 18 18 19 19 src = fetchFromGitHub { 20 20 owner = "rapid7"; 21 21 repo = "metasploit-framework"; 22 22 rev = version; 23 23 - sha256 = "sha256-I7wk8DBN7i4zE4bEIMVGcZi4OMIsbh0Ay2RsAh0VRrw="; 23 23 + sha256 = "sha256-ncmLizpX1yEtr8biUoWVVK4Ziv3QMiKWsj694yubA1M="; 24 24 }; 25 25 26 26 nativeBuildInputs = [ makeWrapper ];

+19 -19

pkgs/tools/security/metasploit/gemset.nix

··· 104 104 platforms = []; 105 105 source = { 106 106 remotes = ["https://rubygems.org"]; 107 107 - sha256 = "0zfwynw6d4lbq63lwk94insrjmgxwfp1lic4913a9ik00wnf90wd"; 107 107 + sha256 = "181a2xf9zs0hz77jkpmxidvkjzs65vsyqv1a31fcali7f0kvh4h9"; 108 108 type = "gem"; 109 109 }; 110 110 - version = "1.521.0"; 110 110 + version = "1.525.0"; 111 111 }; 112 112 aws-sdk-core = { 113 113 groups = ["default"]; 114 114 platforms = []; 115 115 source = { 116 116 remotes = ["https://rubygems.org"]; 117 117 - sha256 = "0akv0jyr4crs4r5vdzc18j5drqgpcckm0gnpgi0bzpqyyk6m16hq"; 117 117 + sha256 = "0krx8cfajc72gv6mpyb67vnhd2m2iya19846jgipgfris194gjm2"; 118 118 type = "gem"; 119 119 }; 120 120 - version = "3.121.5"; 120 120 + version = "3.122.0"; 121 121 }; 122 122 aws-sdk-ec2 = { 123 123 groups = ["default"]; 124 124 platforms = []; 125 125 source = { 126 126 remotes = ["https://rubygems.org"]; 127 127 - sha256 = "13kbrl8r9cm7i9cb6w5ayji1vqaca6h0inxpyx8bhbrwkscrbh2s"; 127 127 + sha256 = "0qy318swkl3393gl5031n634z8msb7rghhp7zdnawvs39c0fbmxd"; 128 128 type = "gem"; 129 129 }; 130 130 - version = "1.275.0"; 130 130 + version = "1.277.0"; 131 131 }; 132 132 aws-sdk-iam = { 133 133 groups = ["default"]; 134 134 platforms = []; 135 135 source = { 136 136 remotes = ["https://rubygems.org"]; 137 137 - sha256 = "0vnhcgr5pjkkplh4z2lbwp4w13kbwp236p0y1b1qiia28ra2isxv"; 137 137 + sha256 = "0ms76yn9iprmvjw1ijrgasss70398i8wmkwmgpghn5wc37z59x2s"; 138 138 type = "gem"; 139 139 }; 140 140 - version = "1.62.0"; 140 140 + version = "1.63.0"; 141 141 }; 142 142 aws-sdk-kms = { 143 143 groups = ["default"]; 144 144 platforms = []; 145 145 source = { 146 146 remotes = ["https://rubygems.org"]; 147 147 - sha256 = "0prj048lcbkmxc6k2p7vibn3vw7cy1104dljqjvmwz12h9ds1qlf"; 147 147 + sha256 = "0qac9dd6qriz6ldghkr8ga74zz28jl109kmvhvag74a3qf7k9dwj"; 148 148 type = "gem"; 149 149 }; 150 150 - version = "1.50.0"; 150 150 + version = "1.51.0"; 151 151 }; 152 152 aws-sdk-s3 = { 153 153 groups = ["default"]; 154 154 platforms = []; 155 155 source = { 156 156 remotes = ["https://rubygems.org"]; 157 157 - sha256 = "1h8yzrzinckrfs8ahzqg7fs356vs1ksi5bva1bpfp0i65fjh9mw0"; 157 157 + sha256 = "12j7i6l52b6hsnj59grn0m1s9pn6l38zmra6ad8i12vdsvd185w7"; 158 158 type = "gem"; 159 159 }; 160 160 - version = "1.104.0"; 160 160 + version = "1.105.1"; 161 161 }; 162 162 aws-sigv4 = { 163 163 groups = ["default"]; ··· 544 544 platforms = []; 545 545 source = { 546 546 remotes = ["https://rubygems.org"]; 547 547 - sha256 = "0g2fnag935zn2ggm5cn6k4s4xvv53v2givj1j90szmvavlpya96a"; 547 547 + sha256 = "0vdd1kii40qhbr9n8qx71k2gskq6rkl8ygy8hw5hfj8bb5a364xf"; 548 548 type = "gem"; 549 549 }; 550 550 - version = "1.8.10"; 550 550 + version = "1.8.11"; 551 551 }; 552 552 io-console = { 553 553 groups = ["default"]; ··· 664 664 platforms = []; 665 665 source = { 666 666 fetchSubmodules = false; 667 667 - rev = "bde342fd8293e49a45ba837ca9a1fdea505bc919"; 668 668 - sha256 = "1g262lfh4v34rc01svicq8wbi63i8v2j1i462crjxvjd63q29g13"; 667 667 + rev = "643afb56f7f86a858e3da144fd367575a2f0b2c6"; 668 668 + sha256 = "0lq3kcmy7g9ynab24cnhzn51kbjljn2m5qn6mwnj3msp7a5qpjcx"; 669 669 type = "git"; 670 670 url = "https://github.com/rapid7/metasploit-framework"; 671 671 }; 672 672 - version = "6.1.12"; 672 672 + version = "6.1.13"; 673 673 }; 674 674 metasploit-model = { 675 675 groups = ["default"]; ··· 686 686 platforms = []; 687 687 source = { 688 688 remotes = ["https://rubygems.org"]; 689 689 - sha256 = "05z0lqa2w6n1nqw3k2s0cxfbqa7bf1p199gccfahjyxjn9xzhcf7"; 689 689 + sha256 = "1rg11gjy590cixfy6lmwgd76ai0s2gs4w8m379bkkx2f12lkibhn"; 690 690 type = "gem"; 691 691 }; 692 692 - version = "2.0.58"; 692 692 + version = "2.0.60"; 693 693 }; 694 694 metasploit_data_models = { 695 695 groups = ["default"];

+4 -2

pkgs/top-level/all-packages.nix

··· 4512 4512 tk = tk-8_5; 4513 4513 }; 4514 4514 4515 4515 + picoscope = callPackage ../applications/science/electronics/picoscope { }; 4516 4516 + 4515 4517 picotts = callPackage ../tools/audio/picotts { }; 4516 4518 4517 4519 wgetpaste = callPackage ../tools/text/wgetpaste { }; ··· 14550 14552 gradle_4_10 = res.gradleGen.gradle_4_10; 14551 14553 gradle_4 = gradle_4_10; 14552 14554 gradle_5 = res.gradleGen.gradle_5_6; 14553 14553 - gradle_6 = res.gradleGen.gradle_6_8; 14555 14555 + gradle_6 = res.gradleGen.gradle_6_9; 14554 14556 gradle_7 = res.gradleGen.gradle_7; 14555 14557 14556 14558 gperf = callPackage ../development/tools/misc/gperf { }; ··· 33028 33030 inherit wineBuild; 33029 33031 33030 33032 inherit (callPackage ./wine-packages.nix {}) 33031 33031 - minimal base full stable unstable staging fonts; 33033 33033 + minimal base full stable stableFull unstable unstableFull staging stagingFull fonts; 33032 33034 }); 33033 33035 33034 33036 winePackages = recurseIntoAttrs (winePackagesFor (config.wine.build or "wine32"));

+5

pkgs/top-level/wine-packages.nix

··· 51 51 }; 52 52 53 53 stable = base.override { wineRelease = "stable"; }; 54 54 + stableFull = full.override { wineRelease = "stable"; }; 55 55 + 54 56 unstable = base.override { wineRelease = "unstable"; }; 57 57 + unstableFull = full.override { wineRelease = "unstable"; }; 58 58 + 55 59 staging = base.override { wineRelease = "staging"; }; 60 60 + stagingFull = full.override { wineRelease = "staging"; }; 56 61 }