commit a6dbfe6906ebbb4bf0df29ba5813959656e5f87d

+35 -1

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

··· 30 30 </section> 31 31 <section xml:id="sec-release-23.05-incompatibilities"> 32 32 <title>Backward Incompatibilities</title> 33 - <itemizedlist spacing="compact"> 33 + <itemizedlist> 34 34 <listitem> 35 35 <para> 36 36 <literal>carnix</literal> and <literal>cratesIO</literal> has ··· 40 40 and 41 41 <link xlink:href="https://github.com/kolloch/crate2nix">crate2nix</link> 42 42 instead. 43 + </para> 44 + </listitem> 45 + <listitem> 46 + <para> 47 + The EC2 image module no longer fetches instance metadata in 48 + stage-1. This results in a significantly smaller initramfs, 49 + since network drivers no longer need to be included, and 50 + faster boots, since metadata fetching can happen in parallel 51 + with startup of other services. This breaks services which 52 + rely on metadata being present by the time stage-2 is entered. 53 + Anything which reads EC2 metadata from 54 + <literal>/etc/ec2-metadata</literal> should now have an 55 + <literal>after</literal> dependency on 56 + <literal>fetch-ec2-metadata.service</literal> 57 + </para> 58 + </listitem> 59 + <listitem> 60 + <para> 61 + The EC2 image module previously detected and automatically 62 + mounted ext3-formatted instance store devices and partitions 63 + in stage-1 (initramfs), storing <literal>/tmp</literal> on the 64 + first discovered device. This behaviour, which only catered to 65 + very specific use cases and could not be disabled, has been 66 + removed. Users relying on this should provide their own 67 + implementation, and probably use ext4 and perform the mount in 68 + stage-2. 69 + </para> 70 + </listitem> 71 + <listitem> 72 + <para> 73 + The EC2 image module previously detected and activated 74 + swap-formatted instance store devices and partitions in 75 + stage-1 (initramfs). This behaviour has been removed. Users 76 + relying on this should provide their own implementation. 43 77 </para> 44 78 </listitem> 45 79 </itemizedlist>

+7

nixos/doc/manual/release-notes/rl-2305.section.md

··· 22 22 23 23 - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. 24 24 25 + - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. 26 + This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` 27 + 28 + - The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2. 29 + 30 + - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 31 + 25 32 ## Other Notable Changes {#sec-release-23.05-notable-changes} 26 33 27 34

+2 -7

nixos/maintainers/scripts/ec2/amazon-image.nix

··· 43 43 44 44 sizeMB = mkOption { 45 45 type = with types; either (enum [ "auto" ]) int; 46 - default = if config.ec2.hvm then 2048 else 8192; 46 + default = 2048; 47 47 example = 8192; 48 48 description = lib.mdDoc "The size in MB of the image"; 49 49 }; ··· 60 60 '' 61 61 { modulesPath, ... }: { 62 62 imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ]; 63 - ${optionalString config.ec2.hvm '' 64 - ec2.hvm = true; 65 - ''} 66 63 ${optionalString config.ec2.efi '' 67 64 ec2.efi = true; 68 65 ''} ··· 129 126 pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package 130 127 131 128 fsType = "ext4"; 132 - partitionTableType = if config.ec2.efi then "efi" 133 - else if config.ec2.hvm then "legacy+gpt" 134 - else "none"; 129 + partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt"; 135 130 136 131 diskSize = cfg.sizeMB; 137 132

+13 -82

nixos/modules/virtualisation/amazon-image.nix

··· 10 10 11 11 let 12 12 cfg = config.ec2; 13 - metadataFetcher = import ./ec2-metadata-fetcher.nix { 14 - inherit (pkgs) curl; 15 - targetRoot = "$targetRoot/"; 16 - wgetExtraOptions = "-q"; 17 - }; 18 13 in 19 14 20 15 { ··· 31 26 config = { 32 27 33 28 assertions = [ 34 - { assertion = cfg.hvm; 35 - message = "Paravirtualized EC2 instances are no longer supported."; 36 - } 37 - { assertion = cfg.efi -> cfg.hvm; 38 - message = "EC2 instances using EFI must be HVM instances."; 39 - } 40 29 { assertion = versionOlder config.boot.kernelPackages.kernel.version "5.17"; 41 30 message = "ENA driver fails to build with kernel >= 5.17"; 42 31 } 43 32 ]; 44 33 45 - boot.growPartition = cfg.hvm; 34 + boot.growPartition = true; 46 35 47 36 fileSystems."/" = mkIf (!cfg.zfs.enable) { 48 37 device = "/dev/disk/by-label/nixos"; ··· 64 53 boot.extraModulePackages = [ 65 54 config.boot.kernelPackages.ena 66 55 ]; 67 - boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ]; 68 - boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ]; 69 - boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; 56 + boot.initrd.kernelModules = [ "xen-blkfront" ]; 57 + boot.initrd.availableKernelModules = [ "nvme" ]; 58 + boot.kernelParams = [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; 70 59 71 60 # Prevent the nouveau kernel module from being loaded, as it 72 61 # interferes with the nvidia/nvidia-uvm modules needed for CUDA. ··· 74 63 # boot. 75 64 boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ]; 76 65 77 - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. 78 - boot.loader.grub.version = if cfg.hvm then 2 else 1; 79 - boot.loader.grub.device = if (cfg.hvm && !cfg.efi) then "/dev/xvda" else "nodev"; 80 - boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)"; 66 + boot.loader.grub.device = if cfg.efi then "nodev" else "/dev/xvda"; 81 67 boot.loader.grub.efiSupport = cfg.efi; 82 68 boot.loader.grub.efiInstallAsRemovable = cfg.efi; 83 69 boot.loader.timeout = 1; ··· 87 73 terminal_input console serial 88 74 ''; 89 75 90 - boot.initrd.network.enable = true; 91 - 92 - # Mount all formatted ephemeral disks and activate all swap devices. 93 - # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options 94 - # because the set of devices is dependent on the instance type 95 - # (e.g. "m1.small" has one ephemeral filesystem and one swap device, 96 - # while "m1.large" has two ephemeral filesystems and no swap 97 - # devices). Also, put /tmp and /var on /disk0, since it has a lot 98 - # more space than the root device. Similarly, "move" /nix to /disk0 99 - # by layering a unionfs-fuse mount on top of it so we have a lot more space for 100 - # Nix operations. 101 - boot.initrd.postMountCommands = 102 - '' 103 - ${metadataFetcher} 104 - 105 - diskNr=0 106 - diskForUnionfs= 107 - for device in /dev/xvd[abcde]*; do 108 - if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi 109 - fsType=$(blkid -o value -s TYPE "$device" || true) 110 - if [ "$fsType" = swap ]; then 111 - echo "activating swap device $device..." 112 - swapon "$device" || true 113 - elif [ "$fsType" = ext3 ]; then 114 - mp="/disk$diskNr" 115 - diskNr=$((diskNr + 1)) 116 - if mountFS "$device" "$mp" "" ext3; then 117 - if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi 118 - fi 119 - else 120 - echo "skipping unknown device type $device" 121 - fi 122 - done 123 - 124 - if [ -n "$diskForUnionfs" ]; then 125 - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root 126 - 127 - mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp 128 - mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp 129 - 130 - if [ "$(cat "$metaDir/ami-manifest-path")" != "(unknown)" ]; then 131 - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var 132 - mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var 133 - 134 - mkdir -p /unionfs-chroot/ro-nix 135 - mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix 136 - 137 - mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix 138 - mkdir -p /unionfs-chroot/rw-nix 139 - mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix 140 - 141 - unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix 142 - fi 143 - fi 144 - ''; 145 - 146 - boot.initrd.extraUtilsCommands = 147 - '' 148 - # We need swapon in the initrd. 149 - copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon 150 - ''; 76 + systemd.services.fetch-ec2-metadata = { 77 + wantedBy = [ "multi-user.target" ]; 78 + after = ["network-online.target"]; 79 + path = [ pkgs.curl ]; 80 + script = builtins.readFile ./ec2-metadata-fetcher.sh; 81 + serviceConfig.Type = "oneshot"; 82 + serviceConfig.StandardOutput = "journal+console"; 83 + }; 151 84 152 85 # Allow root logins only using the SSH key that the user specified 153 86 # at instance creation time. ··· 165 98 166 99 # Always include cryptsetup so that Charon can use it. 167 100 environment.systemPackages = [ pkgs.cryptsetup ]; 168 - 169 - boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; 170 101 171 102 # EC2 has its own NTP server provided by the hypervisor 172 103 networking.timeServers = [ "169.254.169.123" ];

+3 -7

nixos/modules/virtualisation/amazon-options.nix

··· 2 2 let 3 3 inherit (lib) literalExpression types; 4 4 in { 5 + imports = [ 6 + (lib.mkRemovedOptionModule [ "ec2" "hvm" ] "Only HVM instances are supported, so specifying it is no longer necessary.") 7 + ]; 5 8 options = { 6 9 ec2 = { 7 10 zfs = { ··· 40 43 }; 41 44 }); 42 45 }; 43 - }; 44 - hvm = lib.mkOption { 45 - default = lib.versionAtLeast config.system.stateVersion "17.03"; 46 - internal = true; 47 - description = lib.mdDoc '' 48 - Whether the EC2 instance is a HVM instance. 49 - ''; 50 46 }; 51 47 efi = lib.mkOption { 52 48 default = pkgs.stdenv.hostPlatform.isAarch64;

+1

nixos/modules/virtualisation/ec2-data.nix

··· 18 18 19 19 wantedBy = [ "multi-user.target" "sshd.service" ]; 20 20 before = [ "sshd.service" ]; 21 + after = ["fetch-ec2-metadata.service"]; 21 22 22 23 path = [ pkgs.iproute2 ]; 23 24

-77

nixos/modules/virtualisation/ec2-metadata-fetcher.nix

··· 1 - { curl, targetRoot, wgetExtraOptions }: 2 - # Note: be very cautious about dependencies, each dependency grows 3 - # the closure of the initrd. Ideally we would not even require curl, 4 - # but there is no reasonable way to send an HTTP PUT request without 5 - # it. Note: do not be fooled: the wget referenced in this script 6 - # is busybox's wget, not the fully featured one with --method support. 7 - # 8 - # Make sure that every package you depend on here is already listed as 9 - # a channel blocker for both the full-sized and small channels. 10 - # Otherwise, we risk breaking user deploys in released channels. 11 - # 12 - # Also note: OpenStack's metadata service for its instances aims to be 13 - # compatible with the EC2 IMDS. Where possible, try to keep the set of 14 - # fetched metadata in sync with ./openstack-metadata-fetcher.nix . 15 - '' 16 - metaDir=${targetRoot}etc/ec2-metadata 17 - mkdir -m 0755 -p "$metaDir" 18 - rm -f "$metaDir/*" 19 - 20 - get_imds_token() { 21 - # retry-delay of 1 selected to give the system a second to get going, 22 - # but not add a lot to the bootup time 23 - ${curl}/bin/curl \ 24 - -v \ 25 - --retry 3 \ 26 - --retry-delay 1 \ 27 - --fail \ 28 - -X PUT \ 29 - --connect-timeout 1 \ 30 - -H "X-aws-ec2-metadata-token-ttl-seconds: 600" \ 31 - http://169.254.169.254/latest/api/token 32 - } 33 - 34 - preflight_imds_token() { 35 - # retry-delay of 1 selected to give the system a second to get going, 36 - # but not add a lot to the bootup time 37 - ${curl}/bin/curl \ 38 - -v \ 39 - --retry 3 \ 40 - --retry-delay 1 \ 41 - --fail \ 42 - --connect-timeout 1 \ 43 - -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \ 44 - http://169.254.169.254/1.0/meta-data/instance-id 45 - } 46 - 47 - try=1 48 - while [ $try -le 3 ]; do 49 - echo "(attempt $try/3) getting an EC2 instance metadata service v2 token..." 50 - IMDS_TOKEN=$(get_imds_token) && break 51 - try=$((try + 1)) 52 - sleep 1 53 - done 54 - 55 - if [ "x$IMDS_TOKEN" == "x" ]; then 56 - echo "failed to fetch an IMDS2v token." 57 - fi 58 - 59 - try=1 60 - while [ $try -le 10 ]; do 61 - echo "(attempt $try/10) validating the EC2 instance metadata service v2 token..." 62 - preflight_imds_token && break 63 - try=$((try + 1)) 64 - sleep 1 65 - done 66 - 67 - echo "getting EC2 instance metadata..." 68 - 69 - wget_imds() { 70 - wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@"; 71 - } 72 - 73 - wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path 74 - (umask 077 && wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data) 75 - wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname 76 - wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key 77 - ''

+67

nixos/modules/virtualisation/ec2-metadata-fetcher.sh

··· 1 + metaDir=/etc/ec2-metadata 2 + mkdir -m 0755 -p "$metaDir" 3 + rm -f "$metaDir/*" 4 + 5 + get_imds_token() { 6 + # retry-delay of 1 selected to give the system a second to get going, 7 + # but not add a lot to the bootup time 8 + curl \ 9 + --silent \ 10 + --show-error \ 11 + --retry 3 \ 12 + --retry-delay 1 \ 13 + --fail \ 14 + -X PUT \ 15 + --connect-timeout 1 \ 16 + -H "X-aws-ec2-metadata-token-ttl-seconds: 600" \ 17 + http://169.254.169.254/latest/api/token 18 + } 19 + 20 + preflight_imds_token() { 21 + # retry-delay of 1 selected to give the system a second to get going, 22 + # but not add a lot to the bootup time 23 + curl \ 24 + --silent \ 25 + --show-error \ 26 + --retry 3 \ 27 + --retry-delay 1 \ 28 + --fail \ 29 + --connect-timeout 1 \ 30 + -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \ 31 + -o /dev/null \ 32 + http://169.254.169.254/1.0/meta-data/instance-id 33 + } 34 + 35 + try=1 36 + while [ $try -le 3 ]; do 37 + echo "(attempt $try/3) getting an EC2 instance metadata service v2 token..." 38 + IMDS_TOKEN=$(get_imds_token) && break 39 + try=$((try + 1)) 40 + sleep 1 41 + done 42 + 43 + if [ "x$IMDS_TOKEN" == "x" ]; then 44 + echo "failed to fetch an IMDS2v token." 45 + fi 46 + 47 + try=1 48 + while [ $try -le 10 ]; do 49 + echo "(attempt $try/10) validating the EC2 instance metadata service v2 token..." 50 + preflight_imds_token && break 51 + try=$((try + 1)) 52 + sleep 1 53 + done 54 + 55 + echo "getting EC2 instance metadata..." 56 + 57 + get_imds() { 58 + # Intentionally no --fail here, so that we proceed even if e.g. a 59 + # 404 was returned (but we still fail if we can't reach the IMDS 60 + # server). 61 + curl --silent --show-error --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@" 62 + } 63 + 64 + get_imds -o "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path 65 + (umask 077 && get_imds -o "$metaDir/user-data" http://169.254.169.254/1.0/user-data) 66 + get_imds -o "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname 67 + get_imds -o "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key

+1 -1

nixos/tests/all-tests.nix

··· 480 480 pam-u2f = handleTest ./pam/pam-u2f.nix {}; 481 481 pam-ussh = handleTest ./pam/pam-ussh.nix {}; 482 482 pass-secret-service = handleTest ./pass-secret-service.nix {}; 483 - patroni = handleTest ./patroni.nix {}; 483 + patroni = handleTestOn ["x86_64-linux"] ./patroni.nix {}; 484 484 pantalaimon = handleTest ./matrix/pantalaimon.nix {}; 485 485 pantheon = handleTest ./pantheon.nix {}; 486 486 paperless = handleTest ./paperless.nix {};

-2

nixos/tests/ec2.nix

··· 16 16 ../modules/testing/test-instrumentation.nix 17 17 ../modules/profiles/qemu-guest.nix 18 18 { 19 - ec2.hvm = true; 20 - 21 19 # Hack to make the partition resizing work in QEMU. 22 20 boot.initrd.postDeviceCommands = mkBefore '' 23 21 ln -s vda /dev/xvda

+2

nixos/tests/patroni.nix

··· 166 166 167 167 start_all() 168 168 169 + etcd.wait_for_unit("etcd.service") 170 + 169 171 with subtest("should bootstrap a new patroni cluster"): 170 172 wait_for_all_nodes_ready() 171 173

+8 -6

pkgs/applications/editors/emacs/generic.nix

··· 144 144 ++ lib.optionals stdenv.isLinux [ dbus libselinux alsa-lib acl gpm ] 145 145 ++ lib.optionals withSystemd [ systemd ] 146 146 ++ lib.optionals withX 147 - [ xlibsWrapper libXaw Xaw3d libXpm libpng libjpeg giflib libtiff libXft 148 - gconf cairo ] 149 - ++ lib.optionals (withX || withNS) [ librsvg ] 147 + [ xlibsWrapper libXaw Xaw3d gconf cairo ] 148 + ++ lib.optionals (withX || withPgtk) 149 + [ libXpm libpng libjpeg giflib libtiff ] 150 + ++ lib.optionals (withX || withNS || withPgtk ) [ librsvg ] 150 151 ++ lib.optionals withImageMagick [ imagemagick ] 151 152 ++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ] 152 153 ++ lib.optional (withX && withGTK2) gtk2-x11 ··· 178 179 then [ "--disable-ns-self-contained" ] 179 180 else if withX 180 181 then [ "--with-x-toolkit=${toolkit}" "--with-xft" "--with-cairo" ] 181 - else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no" 182 - "--with-gif=no" "--with-tiff=no" ]) 182 + else if withPgtk 183 + then [ "--with-pgtk" ] 184 + else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no" 185 + "--with-gif=no" "--with-tiff=no" ]) 183 186 ++ lib.optionals withMacport [ 184 187 "--with-mac" 185 188 "--enable-mac-app=$$out/Applications" ··· 189 192 ++ lib.optional withXwidgets "--with-xwidgets" 190 193 ++ lib.optional nativeComp "--with-native-compilation" 191 194 ++ lib.optional withImageMagick "--with-imagemagick" 192 - ++ lib.optional withPgtk "--with-pgtk" 193 195 ++ lib.optional withXinput2 "--with-xinput2" 194 196 ++ lib.optional (!withToolkitScrollBars) "--without-toolkit-scroll-bars" 195 197 ;

+6 -6

pkgs/applications/networking/browsers/chromium/upstream-info.json

··· 32 32 } 33 33 }, 34 34 "dev": { 35 - "version": "109.0.5410.0", 36 - "sha256": "00g8q0qzl8kyc9j60nsvvjkr2x9js2xvbkmwp77p8b6gg0pyymjn", 37 - "sha256bin64": "0ljhc5lqdy01apzyj96xzl931d904i37x62257s1h35w0j78mps0", 35 + "version": "109.0.5414.10", 36 + "sha256": "05yhfb5gznllh9rm6jhzaakj5kvdlxa8c4zqml10h297dbyr44bf", 37 + "sha256bin64": "01fzjxrgzhccj75gvqj5w2xhqrphwzycdfqbsd6nc5p08jizpvy0", 38 38 "deps": { 39 39 "gn": { 40 - "version": "2022-10-28", 40 + "version": "2022-11-10", 41 41 "url": "https://gn.googlesource.com/gn", 42 - "rev": "a4d67be044b42963de801001e7146f9657c7fad4", 43 - "sha256": "0wikkkx503ip5xr72bz6d6sh2k50h5wlz9y8vmasvnrz9kjmlv5b" 42 + "rev": "1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41", 43 + "sha256": "02621c9nqpr4pwcapy31x36l5kbyd0vdgd0wdaxj5p8hrxk67d6b" 44 44 } 45 45 } 46 46 },

+3 -1

pkgs/applications/radio/csdr/default.nix

··· 23 23 libsamplerate 24 24 ]; 25 25 26 + hardeningDisable = lib.optional stdenv.isAarch64 "format"; 27 + 26 28 postFixup = '' 27 29 substituteInPlace "$out"/lib/pkgconfig/csdr.pc \ 28 30 --replace '=''${prefix}//' '=/' \ ··· 30 32 ''; 31 33 32 34 meta = with lib; { 33 - broken = stdenv.isDarwin; 34 35 homepage = "https://github.com/jketterl/csdr"; 35 36 description = "A simple DSP library and command-line tool for Software Defined Radio"; 36 37 license = licenses.gpl3Only; 37 38 platforms = platforms.unix; 39 + broken = stdenv.isDarwin; 38 40 maintainers = teams.c3d2.members; 39 41 }; 40 42 }

+15 -4

pkgs/development/compilers/mit-scheme/default.nix

··· 1 - { fetchurl, lib, stdenv, makeWrapper, gnum4, texinfo, texLive, automake, 2 - autoconf, libtool, ghostscript, ncurses, 3 - enableX11 ? false, xlibsWrapper }: 1 + { fetchurl 2 + , lib 3 + , stdenv 4 + , makeWrapper 5 + , gnum4 6 + , texinfo 7 + , texLive 8 + , automake 9 + , autoconf 10 + , libtool 11 + , ghostscript 12 + , ncurses 13 + , enableX11 ? false, libX11 14 + }: 4 15 5 16 let 6 17 version = "11.2"; ··· 29 40 sha256 = "17822hs9y07vcviv2af17p3va7qh79dird49nj50bwi9rz64ia3w"; 30 41 }; 31 42 32 - buildInputs = [ ncurses ] ++ lib.optional enableX11 xlibsWrapper; 43 + buildInputs = [ ncurses ] ++ lib.optionals enableX11 [ libX11 ]; 33 44 34 45 configurePhase = '' 35 46 runHook preConfigure

+2 -2

pkgs/development/libraries/science/astronomy/cfitsio/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "cfitsio"; 5 - version = "4.1.0"; 5 + version = "4.2.0"; 6 6 7 7 src = fetchurl { 8 8 url = "https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio-${version}.tar.gz"; 9 - sha256 = "sha256-s2fGldKDGVjnFmkhw7NW1d+lGx7O5QW5dBa6OdG2wXo="; 9 + sha256 = "sha256-66U9Gz9uNFYyuwmnt1LsfO09Y+xRU6hIOA84gMXWGIk="; 10 10 }; 11 11 12 12 buildInputs = [ bzip2 zlib ];

+4 -3

pkgs/development/python-modules/aiocoap/default.nix

··· 8 8 9 9 buildPythonPackage rec { 10 10 pname = "aiocoap"; 11 - version = "0.4.4"; 11 + version = "0.4.5"; 12 12 format = "setuptools"; 13 13 14 14 disabled = pythonOlder "3.7"; ··· 16 16 src = fetchFromGitHub { 17 17 owner = "chrysn"; 18 18 repo = pname; 19 - rev = version; 20 - sha256 = "sha256-m/tU1qf+CB9/2eoXktpBSgwjj8lMuMQ/WGYL6HhMNxA="; 19 + rev = "refs/tags/${version}"; 20 + hash = "sha256-t2yfWWfkJmOr14XdLsIV48HMgVRaEnUO4IG2jQHbKWA="; 21 21 }; 22 22 23 23 propagatedBuildInputs = [ ··· 47 47 meta = with lib; { 48 48 description = "Python CoAP library"; 49 49 homepage = "https://aiocoap.readthedocs.io/"; 50 + changelog = "https://github.com/chrysn/aiocoap/blob/${version}/NEWS"; 50 51 license = with licenses; [ mit ]; 51 52 maintainers = with maintainers; [ fab ]; 52 53 };

+3 -2

pkgs/development/python-modules/aiohomekit/default.nix

··· 18 18 19 19 buildPythonPackage rec { 20 20 pname = "aiohomekit"; 21 - version = "2.3.0"; 21 + version = "2.3.1"; 22 22 format = "pyproject"; 23 23 24 24 disabled = pythonOlder "3.9"; ··· 27 27 owner = "Jc2k"; 28 28 repo = pname; 29 29 rev = "refs/tags/${version}"; 30 - hash = "sha256-dX3yz7b3fejLFtlk5CKBQzk+o9FpLtxyZYt5SaybBJM="; 30 + hash = "sha256-jkLbCx9F7bDg2wIiEVGkaFPOYg5CROp5lfR8ZGvkKhY="; 31 31 }; 32 32 33 33 nativeBuildInputs = [ ··· 69 69 Homekit accessories. 70 70 ''; 71 71 homepage = "https://github.com/Jc2k/aiohomekit"; 72 + changelog = "https://github.com/Jc2k/aiohomekit/releases/tag/${version}"; 72 73 license = with licenses; [ asl20 ]; 73 74 maintainers = with maintainers; [ fab ]; 74 75 };

+4 -3

pkgs/development/python-modules/griffe/default.nix

··· 12 12 13 13 buildPythonPackage rec { 14 14 pname = "griffe"; 15 - version = "0.24.0"; 15 + version = "0.24.1"; 16 16 format = "pyproject"; 17 17 18 18 disabled = pythonOlder "3.7"; ··· 20 20 src = fetchFromGitHub { 21 21 owner = "mkdocstrings"; 22 22 repo = pname; 23 - rev = version; 24 - hash = "sha256-Gcht9pmh15dvSHRsG9y82l4HoJ7l/gxbmrRh7Jow2Bs="; 23 + rev = "refs/tags/${version}"; 24 + hash = "sha256-HOjwm/IktllmD7Gg9bu8NZqe2RazFC5MNMgH3cld6/8="; 25 25 }; 26 26 27 27 postPatch = '' ··· 59 59 meta = with lib; { 60 60 description = "Signatures for entire Python programs"; 61 61 homepage = "https://github.com/mkdocstrings/griffe"; 62 + changelog = "https://github.com/mkdocstrings/griffe/blob/${version}/CHANGELOG.md"; 62 63 license = licenses.isc; 63 64 maintainers = with maintainers; [ fab ]; 64 65 };

+48

pkgs/development/python-modules/masky/default.nix

··· 1 + { lib 2 + , asn1crypto 3 + , buildPythonPackage 4 + , colorama 5 + , cryptography 6 + , fetchFromGitHub 7 + , impacket 8 + , pyasn1 9 + , pythonOlder 10 + }: 11 + 12 + buildPythonPackage rec { 13 + pname = "masky"; 14 + version = "0.1.1"; 15 + format = "setuptools"; 16 + 17 + disabled = pythonOlder "3.7"; 18 + 19 + src = fetchFromGitHub { 20 + owner = "Z4kSec"; 21 + repo = "Masky"; 22 + rev = "refs/tags/v${version}"; 23 + hash = "sha256-uxq4SBudxFbBiV3Cu+oBRKezIWf5p+8VJlIIqQjtSXA="; 24 + }; 25 + 26 + propagatedBuildInputs = [ 27 + asn1crypto 28 + colorama 29 + cryptography 30 + impacket 31 + pyasn1 32 + ]; 33 + 34 + # Module has no tests 35 + doCheck = false; 36 + 37 + pythonImportsCheck = [ 38 + "masky" 39 + ]; 40 + 41 + meta = with lib; { 42 + description = "Library to remotely dump domain credentials"; 43 + homepage = "https://github.com/Z4kSec/Masky"; 44 + changelog = "https://github.com/Z4kSec/Masky/releases/tag/v${version}"; 45 + license = licenses.mit; 46 + maintainers = with maintainers; [ elasticdog ]; 47 + }; 48 + }

+5 -2

pkgs/development/python-modules/meshtastic/default.nix

··· 18 18 19 19 buildPythonPackage rec { 20 20 pname = "meshtastic"; 21 - version = "2.0.3"; 21 + version = "2.0.4"; 22 22 format = "setuptools"; 23 23 24 24 disabled = pythonOlder "3.7"; ··· 27 27 owner = "meshtastic"; 28 28 repo = "Meshtastic-python"; 29 29 rev = "refs/tags/${version}"; 30 - hash = "sha256-h8OuDmm9I8lElhAGSpPx8sPUTY+EnFp2VXOYrYjiYNk="; 30 + hash = "sha256-WPmoK/5pTVv9ueRnR6Gxtj86LM8ChB0dMfEvo+lLmy0="; 31 31 }; 32 32 33 33 propagatedBuildInputs = [ ··· 98 98 "test_watchGPIOs" 99 99 "test_writeConfig_with_no_radioConfig" 100 100 "test_writeGPIOs" 101 + "test_reboot" 102 + "test_shutdown" 101 103 ]; 102 104 103 105 meta = with lib; { 104 106 description = "Python API for talking to Meshtastic devices"; 105 107 homepage = "https://github.com/meshtastic/Meshtastic-python"; 108 + changelog = "https://github.com/meshtastic/python/releases/tag/${version}"; 106 109 license = with licenses; [ asl20 ]; 107 110 maintainers = with maintainers; [ fab ]; 108 111 };

+21 -5

pkgs/development/python-modules/ntlm-auth/default.nix

··· 4 4 , fetchFromGitHub 5 5 , mock 6 6 , pytestCheckHook 7 + , pythonOlder 7 8 , requests 8 - , six 9 9 }: 10 10 11 11 buildPythonPackage rec { 12 12 pname = "ntlm-auth"; 13 13 version = "1.5.0"; 14 + format = "setuptools"; 15 + 16 + disabled = pythonOlder "3.7"; 14 17 15 18 src = fetchFromGitHub { 16 19 owner = "jborean93"; 17 20 repo = "ntlm-auth"; 18 21 rev = "v${version}"; 19 - sha256 = "00dpf5bfsy07frsjihv1k10zmwcyq4bvkilbxha7h6nlwpcm2409"; 22 + hash = "sha256-CRBR2eXUGngU7IvGuRfBnvH6QZhhwyh1dgd47VZxtwE="; 20 23 }; 21 24 22 25 propagatedBuildInputs = [ 23 26 cryptography 24 - six 25 27 ]; 26 28 27 29 checkInputs = [ ··· 30 32 requests 31 33 ]; 32 34 33 - pythonImportsCheck = [ "ntlm_auth" ]; 35 + pythonImportsCheck = [ 36 + "ntlm_auth" 37 + ]; 38 + 39 + disabledTests = [ 40 + # Tests are outdated as module will be replaced by pyspnego 41 + "test_authenticate_message" 42 + "test_authenticate_without_domain_workstation" 43 + "test_create_authenticate_message" 44 + "test_get_" 45 + "test_lm_v" 46 + "test_nt_" 47 + "test_ntlm_context" 48 + "test_ntowfv" 49 + ]; 34 50 35 51 meta = with lib; { 36 52 description = "Calculates NTLM Authentication codes"; 37 53 homepage = "https://github.com/jborean93/ntlm-auth"; 54 + changelog = "https://github.com/jborean93/ntlm-auth/releases/tag/v${version}"; 38 55 license = licenses.mit; 39 56 maintainers = with maintainers; [ elasticdog ]; 40 - platforms = platforms.all; 41 57 }; 42 58 }

+3 -2

pkgs/development/python-modules/pytenable/default.nix

··· 20 20 21 21 buildPythonPackage rec { 22 22 pname = "pytenable"; 23 - version = "1.4.9"; 23 + version = "1.4.10"; 24 24 format = "setuptools"; 25 25 26 26 disabled = pythonOlder "3.7"; ··· 29 29 owner = "tenable"; 30 30 repo = "pyTenable"; 31 31 rev = "refs/tags/${version}"; 32 - hash = "sha256-Cj1/f/e+j5CJMl+afF+HStd419Uh053jKk/vmObaBl8="; 32 + hash = "sha256-BNPfoKXDLUckj/yg1Gz806CS5CyjWvc/Hy/NwnuWfo0="; 33 33 }; 34 34 35 35 propagatedBuildInputs = [ ··· 70 70 meta = with lib; { 71 71 description = "Python library for the Tenable.io and TenableSC API"; 72 72 homepage = "https://github.com/tenable/pyTenable"; 73 + changelog = "https://github.com/tenable/pyTenable/releases/tag/${version}"; 73 74 license = with licenses; [ mit ]; 74 75 maintainers = with maintainers; [ fab ]; 75 76 };

+3 -2

pkgs/development/python-modules/sensor-state-data/default.nix

··· 10 10 11 11 buildPythonPackage rec { 12 12 pname = "sensor-state-data"; 13 - version = "2.12.0"; 13 + version = "2.12.1"; 14 14 format = "pyproject"; 15 15 16 16 disabled = pythonOlder "3.9"; ··· 19 19 owner = "Bluetooth-Devices"; 20 20 repo = pname; 21 21 rev = "refs/tags/v${version}"; 22 - hash = "sha256-u17vtw3yu8ibi/omTriy6s33/243WjxM03Nss3pFAYk="; 22 + hash = "sha256-Ycn62qQ+IMqtuuE/wJPUDlyTiklu2WYrGD+wVXssRFg="; 23 23 }; 24 24 25 25 nativeBuildInputs = [ ··· 42 42 meta = with lib; { 43 43 description = "Models for storing and converting Sensor Data state"; 44 44 homepage = "https://github.com/bluetooth-devices/sensor-state-data"; 45 + changelog = "https://github.com/Bluetooth-Devices/sensor-state-data/releases/tag/v${version}"; 45 46 license = with licenses; [ asl20 ]; 46 47 maintainers = with maintainers; [ fab ]; 47 48 };

+5 -5

pkgs/servers/etcd/3.5.nix

··· 1 1 { lib, buildGoModule, fetchFromGitHub, symlinkJoin }: 2 2 3 3 let 4 - version = "3.5.5"; 4 + version = "3.5.6"; 5 5 6 6 src = fetchFromGitHub { 7 7 owner = "etcd-io"; 8 8 repo = "etcd"; 9 9 rev = "v${version}"; 10 - sha256 = "sha256-V10aeYwr1ZS990lYZELJjq8NX7cBs0bzlYYzoYWS3zQ="; 10 + sha256 = "sha256-KQ3N6HBgdLnS/8UprT99gH9ttsy2cgfaWSL/ILX6t1A="; 11 11 }; 12 12 13 13 CGO_ENABLED = 0; ··· 25 25 26 26 inherit CGO_ENABLED meta src version; 27 27 28 - vendorSha256 = "sha256-BTIrLgUXnV+0d0DTKE3TvvW2JH4oSE+SnJs+yfH26Ms="; 28 + vendorSha256 = "sha256-u4N8YXmnVk5flPimdE4olr/1hVZoEDEgUwXRRTlX51o="; 29 29 30 30 modRoot = "./server"; 31 31 ··· 45 45 46 46 inherit CGO_ENABLED meta src version; 47 47 48 - vendorSha256 = "sha256-yUgrKIjCtYTLmdZe1p9Rx9MUZzqOAmNF4tUckJgF8Ks="; 48 + vendorSha256 = "sha256-J4qW2Dzpwk85XW3oWvT1F5ec/jzkcLbTC+1CMBztWRw="; 49 49 50 50 modRoot = "./etcdutl"; 51 51 }; ··· 55 55 56 56 inherit CGO_ENABLED meta src version; 57 57 58 - vendorSha256 = "sha256-qT8OJg4aTzz0p0s6yhmDYcfJ0p9KNbnlRbOCfOao0vk="; 58 + vendorSha256 = "sha256-+5zWXVErkFAvtkpNQtKn/jLOGUdHkXgeZWI7/RIMgMQ="; 59 59 60 60 modRoot = "./etcdctl"; 61 61 };

+5 -4

pkgs/tools/networking/chaos/default.nix

··· 5 5 6 6 buildGoModule rec { 7 7 pname = "chaos"; 8 - version = "0.3.0"; 8 + version = "0.4.0"; 9 9 10 10 src = fetchFromGitHub { 11 11 owner = "projectdiscovery"; 12 12 repo = "chaos-client"; 13 - rev = "v${version}"; 14 - sha256 = "sha256-1bmKIBbsZHNzwFZ0iPshXclCTcQMzU7zRs5MjMhTFYU="; 13 + rev = "refs/tags/v${version}"; 14 + hash = "sha256-NA78zMge9AsfqO1px1FWCDKmWy1a0h8dtTotpgLazh4="; 15 15 }; 16 16 17 - vendorSha256 = "sha256-2QOdqX4JX9A/i1+qqemVq47PQfqDnxkj0EQMzK8k8/E="; 17 + vendorHash = "sha256-KkT/mgU1BOwJcjxOBMCMq0hyxZAyoh25bi+s3ka6TOg="; 18 18 19 19 subPackages = [ 20 20 "cmd/chaos/" ··· 23 23 meta = with lib; { 24 24 description = "Tool to communicate with Chaos DNS API"; 25 25 homepage = "https://github.com/projectdiscovery/chaos-client"; 26 + changelog = "https://github.com/projectdiscovery/chaos-client/releases/tag/v${version}"; 26 27 license = licenses.mit; 27 28 maintainers = with maintainers; [ fab ]; 28 29 };

+3 -3

pkgs/tools/networking/minio-client/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "minio-client"; 5 - version = "2022-11-07T23-47-39Z"; 5 + version = "2022-11-17T21-20-39Z"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "minio"; 9 9 repo = "mc"; 10 10 rev = "RELEASE.${version}"; 11 - sha256 = "sha256-g7q2VONGySMlw+aWZfWnZ2TVvV4lOGMNXl/4IRQrEOs="; 11 + sha256 = "sha256-z9XP2oTnyTJMAgyjC21uHL8vipyyuKKSGkXU8ASdXuI="; 12 12 }; 13 13 14 - vendorSha256 = "sha256-KD3mhl5d3LhqH37AeNmfuk5+KktWdUTNGi5YNuhyMDk="; 14 + vendorSha256 = "sha256-Nm3bKOGtMtvSI9XQU684emIupJ+y/AUbTUnqndOUPSo="; 15 15 16 16 subPackages = [ "." ]; 17 17

+7 -5

pkgs/tools/security/crackmapexec/default.nix

··· 5 5 6 6 python3.pkgs.buildPythonApplication rec { 7 7 pname = "crackmapexec"; 8 - version = "5.3.0"; 8 + version = "5.4.0"; 9 9 format = "pyproject"; 10 10 11 11 src = fetchFromGitHub { 12 - owner = "byt3bl33d3r"; 12 + owner = "Porchetta-Industries"; 13 13 repo = "CrackMapExec"; 14 - rev = "v${version}"; 15 - hash = "sha256-wPS1PCvR9Ffp0r9lZZkFATt+i+eR5ap16HzLWDZbJKI="; 14 + rev = "refs/tags/v${version}"; 15 + hash = "sha256-V2n840QyLofTfQE4vtFYGfQwl65sklp+KfNS9RCLvI8="; 16 16 }; 17 17 18 18 nativeBuildInputs = with python3.pkgs; [ ··· 27 27 dsinternals 28 28 impacket 29 29 lsassy 30 + masky 30 31 msgpack 31 32 neo4j 32 33 paramiko ··· 56 57 57 58 meta = with lib; { 58 59 description = "Tool for pentesting networks"; 59 - homepage = "https://github.com/byt3bl33d3r/CrackMapExec"; 60 + homepage = "https://github.com/Porchetta-Industries/CrackMapExec"; 61 + changelog = "https://github.com/Porchetta-Industries/CrackMapExec/releases/tag/v${version}"; 60 62 license = with licenses; [ bsd2 ]; 61 63 maintainers = with maintainers; [ fab ]; 62 64 mainProgram = "cme";

+13 -20

pkgs/tools/security/echidna/default.nix

··· 1 1 { lib 2 2 , fetchFromGitHub 3 3 # Haskell deps 4 - , mkDerivation, aeson, ansi-terminal, base, base16-bytestring, binary, brick 5 - , bytestring, cborg, containers, data-dword, data-has, deepseq, directory 6 - , exceptions, filepath, hashable, hevm, hpack, lens, lens-aeson, megaparsec 7 - , MonadRandom, mtl, optparse-applicative, process, random, stm, tasty 8 - , tasty-hunit, tasty-quickcheck, temporary, text, transformers , unix, unliftio 9 - , unliftio-core, unordered-containers, vector, vector-instances, vty 10 - , wl-pprint-annotated, word8, yaml, extra, ListLike, semver 4 + , mkDerivation, aeson, base, base16-bytestring, binary, brick, bytestring 5 + , containers, data-dword, data-has, directory, exceptions, extra, filepath 6 + , hashable, hevm, hpack, html-entities, lens, ListLike, MonadRandom, mtl 7 + , optparse-applicative, process, random, semver, tasty, tasty-hunit 8 + , tasty-quickcheck, text, transformers, unix, unliftio, unordered-containers 9 + , vector, vector-instances, vty, yaml 11 10 }: 12 11 mkDerivation rec { 13 12 pname = "echidna"; 14 - version = "2.0.3"; 13 + version = "2.0.4"; 15 14 16 15 src = fetchFromGitHub { 17 16 owner = "crytic"; 18 17 repo = "echidna"; 19 18 rev = "v${version}"; 20 - sha256 = "sha256-ZLk3K00O6aERf+G5SagDVUk1/ba9U+9n9dqCImkczJs="; 19 + sha256 = "sha256-DiEZGbd08QLP8zgrIssGYL6h18AprcWZSYp1mMu9TRw="; 21 20 }; 22 21 23 - # NOTE: echidna is behind with aeson because of hevm, this patch updates 24 - # the code to work with the major aeson update that broke the build 25 - # it's temporary until hevm version 0.50.0 is released - https://github.com/ethereum/hevm/milestone/1 26 - patches = [ ./echidna-update-aeson.patch ]; 27 - 28 22 isLibrary = true; 29 23 isExecutable = true; 30 24 libraryHaskellDepends = [ 31 - aeson ansi-terminal base base16-bytestring binary brick bytestring cborg 32 - containers data-dword data-has deepseq directory exceptions filepath 33 - hashable hevm lens lens-aeson megaparsec MonadRandom mtl 34 - optparse-applicative process random stm temporary text transformers unix 35 - unliftio unliftio-core unordered-containers vector vector-instances vty 36 - wl-pprint-annotated word8 yaml extra ListLike semver 25 + aeson base base16-bytestring binary brick bytestring containers data-dword 26 + data-has directory exceptions extra filepath hashable hevm html-entities 27 + lens ListLike MonadRandom mtl optparse-applicative process random semver 28 + text transformers unix unliftio unordered-containers vector vector-instances 29 + vty yaml 37 30 ]; 38 31 libraryToolDepends = [ hpack ]; 39 32 executableHaskellDepends = libraryHaskellDepends;

-38

pkgs/tools/security/echidna/echidna-update-aeson.patch

··· 1 - diff --git a/lib/Echidna/Config.hs b/lib/Echidna/Config.hs 2 - index f8d5777..3d761fe 100644 3 - --- a/lib/Echidna/Config.hs 4 - +++ b/lib/Echidna/Config.hs 5 - @@ -13,8 +13,8 @@ import Control.Monad.State (StateT(..), runStateT) 6 - import Control.Monad.Trans (lift) 7 - import Data.Bool (bool) 8 - import Data.Aeson 9 - +import Data.Aeson.KeyMap (keys) 10 - import Data.Has (Has(..)) 11 - -import Data.HashMap.Strict (keys) 12 - import Data.HashSet (fromList, insert, difference) 13 - import Data.Maybe (fromMaybe) 14 - import Data.Text (isPrefixOf) 15 - @@ -23,11 +23,13 @@ import EVM.Types (w256) 16 - 17 - import qualified Control.Monad.Fail as M (MonadFail(..)) 18 - import qualified Data.ByteString as BS 19 - +import qualified Data.Aeson.Key as Key 20 - +import qualified Data.HashSet as HS 21 - import qualified Data.List.NonEmpty as NE 22 - import qualified Data.Yaml as Y 23 - 24 - import Echidna.Test 25 - -import Echidna.Types.Campaign 26 - +import Echidna.Types.Campaign 27 - import Echidna.Mutator.Corpus (defaultMutationConsts) 28 - import Echidna.Types.Config (EConfigWithUsage(..), EConfig(..)) 29 - import Echidna.Types.Solidity 30 - @@ -52,7 +54,7 @@ instance FromJSON EConfigWithUsage where 31 - _ -> mempty 32 - (c, ks) <- runStateT (parser v') $ fromList [] 33 - let found = fromList (keys v') 34 - - return $ EConfigWithUsage c (found `difference` ks) (ks `difference` found) 35 - + return $ EConfigWithUsage c (HS.map Key.toText $ found `difference` ks) (HS.map Key.toText $ ks `difference` found) 36 - -- this parser runs in StateT and comes equipped with the following 37 - -- equivalent unary operators: 38 - -- x .:? k (Parser) <==> x ..:? k (StateT)

+59

pkgs/tools/security/zlint/default.nix

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + , testers 5 + , zlint 6 + }: 7 + 8 + buildGoModule rec { 9 + pname = "zlint"; 10 + version = "3.4.0"; 11 + 12 + src = fetchFromGitHub { 13 + owner = "zmap"; 14 + repo = "zlint"; 15 + rev = "v${version}"; 16 + hash = "sha256-l39GdfEKUAw5DQNjx6ZBgfGtengRlUUasm0G07kAA2A="; 17 + }; 18 + 19 + modRoot = "v3"; 20 + 21 + vendorHash = "sha256-OiHEyMHuSiWDB/1YRvAhErb1h/rFfXXVcagcP386doc="; 22 + 23 + postPatch = '' 24 + # Remove a package which is not declared in go.mod. 25 + rm -rf v3/cmd/genTestCerts 26 + ''; 27 + 28 + subPackages = [ 29 + "cmd/zlint" 30 + "cmd/zlint-gtld-update" 31 + ]; 32 + 33 + ldflags = [ 34 + "-s" 35 + "-w" 36 + "-X main.version=${version}" 37 + ]; 38 + 39 + # Checks rely on .git directory, leaveDotGit makes the source derivation flaky. 40 + doCheck = false; 41 + 42 + passthru.tests.version = testers.testVersion { 43 + package = zlint; 44 + command = "zlint -version"; 45 + }; 46 + 47 + meta = with lib; { 48 + description = "X.509 Certificate Linter focused on Web PKI standards and requirements"; 49 + longDescription = '' 50 + ZLint is a X.509 certificate linter written in Go that checks for 51 + consistency with standards (e.g. RFC 5280) and other relevant PKI 52 + requirements (e.g. CA/Browser Forum Baseline Requirements). 53 + ''; 54 + homepage = "https://github.com/zmap/zlint"; 55 + changelog = "https://github.com/zmap/zlint/releases/tag/${src.rev}"; 56 + license = licenses.asl20; 57 + maintainers = with maintainers; [ baloo ]; 58 + }; 59 + }

+2

pkgs/top-level/all-packages.nix

··· 13297 13297 13298 13298 zkar = callPackage ../tools/security/zkar { }; 13299 13299 13300 + zlint = callPackage ../tools/security/zlint { }; 13301 + 13300 13302 zmap = callPackage ../tools/security/zmap { }; 13301 13303 13302 13304 zpool-iostat-viz = callPackage ../tools/filesystems/zpool-iostat-viz { };

+2

pkgs/top-level/python-packages.nix

··· 5561 5561 5562 5562 mask-rcnn = callPackage ../development/python-modules/mask-rcnn { }; 5563 5563 5564 + masky = callPackage ../development/python-modules/masky { }; 5565 + 5564 5566 mastodon-py = callPackage ../development/python-modules/mastodon-py { }; 5565 5567 5566 5568 mat2 = callPackage ../development/python-modules/mat2 { };