commit aede20265b0973592ca9e8fe8305317eb58b67cb · pyrox.dev/nixpkgs

+6

maintainers/maintainer-list.nix

··· 12091 12091 githubId = 7512804; 12092 12092 name = "Martin Langlotz"; 12093 12093 }; 12094 + stargate01 = { 12095 + email = "christoph.honal@web.de"; 12096 + github = "StarGate01"; 12097 + githubId = 6362238; 12098 + name = "Christoph Honal"; 12099 + }; 12094 12100 steamwalker = { 12095 12101 email = "steamwalker@xs4all.nl"; 12096 12102 github = "steamwalker";

+4 -3

nixos/modules/installer/tools/get-version-suffix

··· 1 1 getVersion() { 2 2 local dir="$1" 3 3 rev= 4 - if [ -e "$dir/.git" ]; then 4 + gitDir="$dir/.git" 5 + if [ -e "$gitDir" ]; then 5 6 if [ -z "$(type -P git)" ]; then 6 7 echo "warning: Git not found; cannot figure out revision of $dir" >&2 7 8 return 8 9 fi 9 10 cd "$dir" 10 - rev=$(git rev-parse --short HEAD) 11 - if git describe --always --dirty | grep -q dirty; then 11 + rev=$(git --git-dir="$gitDir" rev-parse --short HEAD) 12 + if git --git-dir="$gitDir" describe --always --dirty | grep -q dirty; then 12 13 rev+=M 13 14 fi 14 15 fi

+46 -7

nixos/modules/services/misc/geoipupdate.nix

··· 2 2 3 3 let 4 4 cfg = config.services.geoipupdate; 5 + inherit (builtins) isAttrs isString isInt isList typeOf hashString; 5 6 in 6 7 { 7 8 imports = [ ··· 27 28 }; 28 29 29 30 settings = lib.mkOption { 31 + example = lib.literalExpression '' 32 + { 33 + AccountID = 200001; 34 + DatabaseDirectory = "/var/lib/GeoIP"; 35 + LicenseKey = { _secret = "/run/keys/maxmind_license_key"; }; 36 + Proxy = "10.0.0.10:8888"; 37 + ProxyUserPassword = { _secret = "/run/keys/proxy_pass"; }; 38 + } 39 + ''; 30 40 description = '' 31 41 <productname>geoipupdate</productname> configuration 32 42 options. See 33 43 <link xlink:href="https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md" /> 34 44 for a full list of available options. 45 + 46 + Settings containing secret data should be set to an 47 + attribute set containing the attribute 48 + <literal>_secret</literal> - a string pointing to a file 49 + containing the value the option should be set to. See the 50 + example to get a better picture of this: in the resulting 51 + <filename>GeoIP.conf</filename> file, the 52 + <literal>ProxyUserPassword</literal> key will be set to the 53 + contents of the 54 + <filename>/run/keys/proxy_pass</filename> file. 35 55 ''; 36 56 type = lib.types.submodule { 37 57 freeformType = ··· 65 85 }; 66 86 67 87 LicenseKey = lib.mkOption { 68 - type = lib.types.path; 88 + type = with lib.types; either path (attrsOf path); 69 89 description = '' 70 - A file containing the <productname>MaxMind</productname> 71 - license key. 90 + A file containing the 91 + <productname>MaxMind</productname> license key. 92 + 93 + Always handled as a secret whether the value is 94 + wrapped in a <literal>{ _secret = ...; }</literal> 95 + attrset or not (refer to <xref 96 + linkend="opt-services.geoipupdate.settings" /> for 97 + details). 72 98 ''; 99 + apply = x: if isAttrs x then x else { _secret = x; }; 73 100 }; 74 101 75 102 DatabaseDirectory = lib.mkOption { ··· 102 129 systemd.services.geoipupdate-create-db-dir = { 103 130 serviceConfig.Type = "oneshot"; 104 131 script = '' 132 + set -o errexit -o pipefail -o nounset -o errtrace 133 + shopt -s inherit_errexit 134 + 105 135 mkdir -p ${cfg.settings.DatabaseDirectory} 106 136 chmod 0755 ${cfg.settings.DatabaseDirectory} 107 137 ''; ··· 115 145 "network-online.target" 116 146 "nss-lookup.target" 117 147 ]; 148 + path = [ pkgs.replace-secret ]; 118 149 wants = [ "network-online.target" ]; 119 150 startAt = cfg.interval; 120 151 serviceConfig = { 121 152 ExecStartPre = 122 153 let 154 + isSecret = v: isAttrs v && v ? _secret && isString v._secret; 123 155 geoipupdateKeyValue = lib.generators.toKeyValue { 124 156 mkKeyValue = lib.flip lib.generators.mkKeyValueDefault " " rec { 125 - mkValueString = v: with builtins; 157 + mkValueString = v: 126 158 if isInt v then toString v 127 159 else if isString v then v 128 160 else if true == v then "1" 129 161 else if false == v then "0" 130 162 else if isList v then lib.concatMapStringsSep " " mkValueString v 163 + else if isSecret v then hashString "sha256" v._secret 131 164 else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; 132 165 }; 133 166 }; 167 + secretPaths = lib.catAttrs "_secret" (lib.collect isSecret cfg.settings); 168 + mkSecretReplacement = file: '' 169 + replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/geoipupdate/GeoIP.conf" ]} 170 + ''; 171 + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; 134 172 135 173 geoipupdateConf = pkgs.writeText "geoipupdate.conf" (geoipupdateKeyValue cfg.settings); 136 174 137 175 script = '' 176 + set -o errexit -o pipefail -o nounset -o errtrace 177 + shopt -s inherit_errexit 178 + 138 179 chown geoip "${cfg.settings.DatabaseDirectory}" 139 180 140 181 cp ${geoipupdateConf} /run/geoipupdate/GeoIP.conf 141 - ${pkgs.replace-secret}/bin/replace-secret '${cfg.settings.LicenseKey}' \ 142 - '${cfg.settings.LicenseKey}' \ 143 - /run/geoipupdate/GeoIP.conf 182 + ${secretReplacements} 144 183 ''; 145 184 in 146 185 "+${pkgs.writeShellScript "start-pre-full-privileges" script}";

+79 -84

nixos/modules/services/monitoring/parsedmarc.nix

··· 3 3 let 4 4 cfg = config.services.parsedmarc; 5 5 opt = options.services.parsedmarc; 6 - ini = pkgs.formats.ini {}; 6 + isSecret = v: isAttrs v && v ? _secret && isString v._secret; 7 + ini = pkgs.formats.ini { 8 + mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" rec { 9 + mkValueString = v: 10 + if isInt v then toString v 11 + else if isString v then v 12 + else if true == v then "True" 13 + else if false == v then "False" 14 + else if isSecret v then hashString "sha256" v._secret 15 + else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; 16 + }; 17 + }; 18 + inherit (builtins) elem isAttrs isString isInt isList typeOf hashString; 7 19 in 8 20 { 9 21 options.services.parsedmarc = { ··· 107 119 }; 108 120 109 121 settings = lib.mkOption { 122 + example = lib.literalExpression '' 123 + { 124 + imap = { 125 + host = "imap.example.com"; 126 + user = "alice@example.com"; 127 + password = { _secret = "/run/keys/imap_password" }; 128 + watch = true; 129 + }; 130 + splunk_hec = { 131 + url = "https://splunkhec.example.com"; 132 + token = { _secret = "/run/keys/splunk_token" }; 133 + index = "email"; 134 + }; 135 + } 136 + ''; 110 137 description = '' 111 138 Configuration parameters to set in 112 139 <filename>parsedmarc.ini</filename>. For a full list of 113 140 available parameters, see 114 141 <link xlink:href="https://domainaware.github.io/parsedmarc/#configuration-file" />. 142 + 143 + Settings containing secret data should be set to an attribute 144 + set containing the attribute <literal>_secret</literal> - a 145 + string pointing to a file containing the value the option 146 + should be set to. See the example to get a better picture of 147 + this: in the resulting <filename>parsedmarc.ini</filename> 148 + file, the <literal>splunk_hec.token</literal> key will be set 149 + to the contents of the 150 + <filename>/run/keys/splunk_token</filename> file. 115 151 ''; 116 152 117 153 type = lib.types.submodule { ··· 170 206 }; 171 207 172 208 password = lib.mkOption { 173 - type = with lib.types; nullOr path; 209 + type = with lib.types; nullOr (either path (attrsOf path)); 174 210 default = null; 175 211 description = '' 176 - The path to a file containing the IMAP server password. 212 + The IMAP server password. 213 + 214 + Always handled as a secret whether the value is 215 + wrapped in a <literal>{ _secret = ...; }</literal> 216 + attrset or not (refer to <xref 217 + linkend="opt-services.parsedmarc.settings" /> for 218 + details). 177 219 ''; 220 + apply = x: if isAttrs x || x == null then x else { _secret = x; }; 178 221 }; 179 222 180 223 watch = lib.mkOption { ··· 228 271 }; 229 272 230 273 password = lib.mkOption { 231 - type = with lib.types; nullOr path; 274 + type = with lib.types; nullOr (either path (attrsOf path)); 232 275 default = null; 233 276 description = '' 234 - The path to a file containing the SMTP server password. 277 + The SMTP server password. 278 + 279 + Always handled as a secret whether the value is 280 + wrapped in a <literal>{ _secret = ...; }</literal> 281 + attrset or not (refer to <xref 282 + linkend="opt-services.parsedmarc.settings" /> for 283 + details). 235 284 ''; 285 + apply = x: if isAttrs x || x == null then x else { _secret = x; }; 236 286 }; 237 287 238 288 from = lib.mkOption { ··· 274 324 }; 275 325 276 326 password = lib.mkOption { 277 - type = with lib.types; nullOr path; 327 + type = with lib.types; nullOr (either path (attrsOf path)); 278 328 default = null; 279 329 description = '' 280 - The path to a file containing the password to use when 281 - connecting to Elasticsearch, if required. 330 + The password to use when connecting to Elasticsearch, 331 + if required. 332 + 333 + Always handled as a secret whether the value is 334 + wrapped in a <literal>{ _secret = ...; }</literal> 335 + attrset or not (refer to <xref 336 + linkend="opt-services.parsedmarc.settings" /> for 337 + details). 282 338 ''; 339 + apply = x: if isAttrs x || x == null then x else { _secret = x; }; 283 340 }; 284 341 285 342 ssl = lib.mkOption { ··· 299 356 ''; 300 357 }; 301 358 }; 302 - 303 - kafka = { 304 - hosts = lib.mkOption { 305 - default = []; 306 - type = with lib.types; listOf str; 307 - apply = x: if x == [] then null else lib.concatStringsSep "," x; 308 - description = '' 309 - A list of Apache Kafka hosts to publish parsed reports 310 - to. 311 - ''; 312 - }; 313 - 314 - user = lib.mkOption { 315 - type = with lib.types; nullOr str; 316 - default = null; 317 - description = '' 318 - Username to use when connecting to Kafka, if 319 - required. 320 - ''; 321 - }; 322 - 323 - password = lib.mkOption { 324 - type = with lib.types; nullOr path; 325 - default = null; 326 - description = '' 327 - The path to a file containing the password to use when 328 - connecting to Kafka, if required. 329 - ''; 330 - }; 331 - 332 - ssl = lib.mkOption { 333 - type = with lib.types; nullOr bool; 334 - default = null; 335 - description = '' 336 - Whether to use an encrypted SSL/TLS connection. 337 - ''; 338 - }; 339 - 340 - aggregate_topic = lib.mkOption { 341 - type = with lib.types; nullOr str; 342 - default = null; 343 - example = "aggregate"; 344 - description = '' 345 - The Kafka topic to publish aggregate reports on. 346 - ''; 347 - }; 348 - 349 - forensic_topic = lib.mkOption { 350 - type = with lib.types; nullOr str; 351 - default = null; 352 - example = "forensic"; 353 - description = '' 354 - The Kafka topic to publish forensic reports on. 355 - ''; 356 - }; 357 - }; 358 - 359 359 }; 360 360 361 361 }; ··· 404 404 enable = cfg.provision.grafana.datasource || cfg.provision.grafana.dashboard; 405 405 datasources = 406 406 let 407 - pkgVer = lib.getVersion config.services.elasticsearch.package; 408 - esVersion = 409 - if lib.versionOlder pkgVer "7" then 410 - "60" 411 - else if lib.versionOlder pkgVer "8" then 412 - "70" 413 - else 414 - throw "When provisioning parsedmarc grafana datasources: unknown Elasticsearch version."; 407 + esVersion = lib.getVersion config.services.elasticsearch.package; 415 408 in 416 409 lib.mkIf cfg.provision.grafana.datasource [ 417 410 { 418 411 name = "dmarc-ag"; 419 412 type = "elasticsearch"; 420 413 access = "proxy"; 421 - url = "localhost:9200"; 414 + url = "http://localhost:9200"; 422 415 jsonData = { 423 416 timeField = "date_range"; 424 417 inherit esVersion; ··· 428 421 name = "dmarc-fo"; 429 422 type = "elasticsearch"; 430 423 access = "proxy"; 431 - url = "localhost:9200"; 424 + url = "http://localhost:9200"; 432 425 jsonData = { 433 426 timeField = "date_range"; 434 427 inherit esVersion; ··· 467 460 # lists, empty attrsets and null. This makes it possible to 468 461 # list interesting options in `settings` without them always 469 462 # ending up in the resulting config. 470 - filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! builtins.elem v [ null [] {} ])) cfg.settings; 463 + filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null [] {} ])) cfg.settings; 464 + 465 + # Extract secrets (attributes set to an attrset with a 466 + # "_secret" key) from the settings and generate the commands 467 + # to run to perform the secret replacements. 468 + secretPaths = lib.catAttrs "_secret" (lib.collect isSecret filteredConfig); 471 469 parsedmarcConfig = ini.generate "parsedmarc.ini" filteredConfig; 472 - mkSecretReplacement = file: 473 - lib.optionalString (file != null) '' 474 - replace-secret '${file}' '${file}' /run/parsedmarc/parsedmarc.ini 475 - ''; 470 + mkSecretReplacement = file: '' 471 + replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/parsedmarc/parsedmarc.ini" ]} 472 + ''; 473 + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; 476 474 in 477 475 { 478 476 wantedBy = [ "multi-user.target" ]; ··· 487 485 umask u=rwx,g=,o= 488 486 cp ${parsedmarcConfig} /run/parsedmarc/parsedmarc.ini 489 487 chown parsedmarc:parsedmarc /run/parsedmarc/parsedmarc.ini 490 - ${mkSecretReplacement cfg.settings.smtp.password} 491 - ${mkSecretReplacement cfg.settings.imap.password} 492 - ${mkSecretReplacement cfg.settings.elasticsearch.password} 493 - ${mkSecretReplacement cfg.settings.kafka.password} 488 + ${secretReplacements} 494 489 '' + lib.optionalString cfg.provision.localMail.enable '' 495 490 openssl rand -hex 64 >/run/parsedmarc/dmarc_user_passwd 496 491 replace-secret '@imap-password@' '/run/parsedmarc/dmarc_user_passwd' /run/parsedmarc/parsedmarc.ini

+1 -1

pkgs/applications/audio/noisetorch/default.nix

··· 16 16 17 17 doCheck = false; 18 18 19 - ldflags = [ "-X main.version=${version}" "-X main.distribution=nix" ]; 19 + ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.distribution=nix" ]; 20 20 21 21 subPackages = [ "." ]; 22 22

+3 -3

pkgs/applications/audio/reaper/default.nix

··· 17 17 18 18 stdenv.mkDerivation rec { 19 19 pname = "reaper"; 20 - version = "6.47"; 20 + version = "6.61"; 21 21 22 22 src = fetchurl { 23 23 url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_${stdenv.hostPlatform.qemuArch}.tar.xz"; 24 24 hash = { 25 - x86_64-linux = "sha256-31HmIx/ohbrzu5uj8KOOZiHNCmXwng9h+fIGaJfYyqA="; 26 - aarch64-linux = "sha256-CMmcBpaZ6BEZJ1144aQhOJ/o2NrGD7/8aq+ObLVMXYE="; 25 + x86_64-linux = "sha256-Lp2EVky1+ruc86LdMmvhZIisoYl0OxdkVnN3h/u09IQ="; 26 + aarch64-linux = "sha256-sPLCMA//xAdWXjY7++R6eLWS56Zi0u+9ju7JlICGvVc="; 27 27 }.${stdenv.hostPlatform.system}; 28 28 }; 29 29

+3 -9

pkgs/applications/backup/pika-backup/default.nix

··· 1 1 { lib 2 2 , stdenv 3 3 , fetchFromGitLab 4 - , fetchpatch 5 4 , rustPlatform 6 5 , substituteAll 7 6 , desktop-file-utils ··· 19 18 20 19 stdenv.mkDerivation rec { 21 20 pname = "pika-backup"; 22 - version = "0.4.0"; 21 + version = "0.4.1"; 23 22 24 23 src = fetchFromGitLab { 25 24 domain = "gitlab.gnome.org"; 26 25 owner = "World"; 27 26 repo = "pika-backup"; 28 27 rev = "v${version}"; 29 - hash = "sha256-vQ0hlwsrY0WOUc/ppleE+kKRGHPt/ScEChXrkukln3U="; 28 + hash = "sha256-D5QkNgscvNaPEykbcR451Wx8Mvn7HTuQE/22lp95Kbo="; 30 29 }; 31 30 32 31 cargoDeps = rustPlatform.fetchCargoTarball { 33 32 inherit src; 34 33 name = "${pname}-${version}"; 35 - hash = "sha256-IKUh5gkXTpmMToDaec+CpCIQqJjwJM2ZrmGQhZeTDsg="; 34 + hash = "sha256-c4nYlPyc7D1AMOfHjhoDJox+i83+H1YKfWzR3i6bmng="; 36 35 }; 37 36 38 37 patches = [ 39 38 (substituteAll { 40 39 src = ./borg-path.patch; 41 40 borg = "${borgbackup}/bin/borg"; 42 - }) 43 - (fetchpatch { 44 - name = "use-gtk4-update-icon-cache.patch"; 45 - url = "https://gitlab.gnome.org/World/pika-backup/-/merge_requests/64.patch"; 46 - hash = "sha256-AttGQGWealvTIvPwBl5M6FiC4Al/UD4/XckUAxM38SE="; 47 41 }) 48 42 ]; 49 43

+2 -2

pkgs/applications/editors/vscode/extensions/default.nix

··· 739 739 mktplcRef = { 740 740 name = "theme-dracula"; 741 741 publisher = "dracula-theme"; 742 - version = "2.22.3"; 743 - sha256 = "0wni9sriin54ci8rly2s68lkfx8rj1cys6mgcizvps9sam6377w6"; 742 + version = "2.24.2"; 743 + sha256 = "sha256-YNqWEIvlEI29mfPxOQVdd4db9G2qNodhz8B0MCAAWK8="; 744 744 }; 745 745 meta = with lib; { 746 746 changelog = "https://marketplace.visualstudio.com/items/dracula-theme.theme-dracula/changelog";

+2 -2

pkgs/applications/networking/appgate-sdp/default.nix

··· 87 87 in 88 88 stdenv.mkDerivation rec { 89 89 pname = "appgate-sdp"; 90 - version = "5.5.4"; 90 + version = "5.5.5"; 91 91 92 92 src = fetchurl { 93 93 url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb"; 94 - sha256 = "sha256-7qfgUYD7uPb+ZEierREVfnHoGz0/b/J+hcsX/duDFWU="; 94 + sha256 = "sha256-eXcGHd3TGNFqjFQ+wSg4+1hF/6DJTPOs0ldjegFktGo="; 95 95 }; 96 96 97 97 # just patch interpreter

+6 -6

pkgs/applications/networking/browsers/chromium/upstream-info.json

··· 19 19 } 20 20 }, 21 21 "beta": { 22 - "version": "103.0.5060.53", 23 - "sha256": "00di0nw6h3kb0qp2wp3ny3zsar1ayn1lyx5zr28dl1h5cwaaxjqf", 24 - "sha256bin64": "01vzhhnngr6a7mm1y25ax8vhph6dl948fvkyhdhb9m4j5l4lcqj4", 22 + "version": "104.0.5112.20", 23 + "sha256": "0adzdk3m2l4pjlk82sqavwgxf6a5darbiwchmlrsxc58p9xxag4s", 24 + "sha256bin64": "1cm5k4gpxc0dn0vdqf3qwwf36pc77va9pnci84zcpaxx0jih7l9b", 25 25 "deps": { 26 26 "gn": { 27 - "version": "2022-05-11", 27 + "version": "2022-06-08", 28 28 "url": "https://gn.googlesource.com/gn", 29 - "rev": "578a7fe4c3c6b0bc2ae1fd2e37f14857d09895bf", 30 - "sha256": "03dqfrdpf5xxl64dby3qmbwpzdq2gsa8g7xl438py3a629rgxg63" 29 + "rev": "2ecd43a10266bd091c98e6dcde507c64f6a0dad3", 30 + "sha256": "1q06vsz9b4bb764wy1wy8n177z2pgpm97kq3rl1hmq185mz5fhra" 31 31 } 32 32 } 33 33 },

+58

pkgs/applications/networking/instant-messengers/briar-desktop/default.nix

··· 1 + { lib 2 + , stdenv 3 + , fetchzip 4 + , openjdk 5 + , makeWrapper 6 + , tor 7 + , p7zip 8 + , bash 9 + , writeScript 10 + }: 11 + let 12 + 13 + briar-tor = writeScript "briar-tor" '' 14 + #! ${bash}/bin/bash 15 + exec ${tor}/bin/tor "$@" 16 + ''; 17 + 18 + in 19 + stdenv.mkDerivation rec { 20 + pname = "briar-desktop"; 21 + version = "0.2.1-beta"; 22 + 23 + src = fetchzip { 24 + url = "https://code.briarproject.org/briar/briar-desktop/-/jobs/18424/artifacts/download?file_type=archive"; 25 + sha256 = "sha256-ivMbgo0+iZE4/Iffq9HUBErGIQMVLrRZUQ6R3V3X8II="; 26 + extension = "zip"; 27 + }; 28 + 29 + nativeBuildInputs = [ 30 + makeWrapper 31 + p7zip 32 + ]; 33 + 34 + installPhase = '' 35 + mkdir -p $out/{bin,lib} 36 + cp ${src}/briar-desktop.jar $out/lib/ 37 + makeWrapper ${openjdk}/bin/java $out/bin/briar-desktop \ 38 + --add-flags "-jar $out/lib/briar-desktop.jar" 39 + ''; 40 + 41 + fixupPhase = '' 42 + # Replace the embedded Tor binary (which is in a Tar archive) 43 + # with one from Nixpkgs. 44 + cp ${briar-tor} ./tor 45 + for arch in {aarch64,armhf,x86_64}; do 46 + 7z a tor_linux-$arch.zip tor 47 + 7z a $out/lib/briar-desktop.jar tor_linux-$arch.zip 48 + done 49 + ''; 50 + 51 + meta = with lib; { 52 + description = "Decentalized and secure messnger"; 53 + homepage = "https://code.briarproject.org/briar/briar-desktop"; 54 + license = licenses.gpl3; 55 + maintainers = with maintainers; [ onny ]; 56 + platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" ]; 57 + }; 58 + }

+2 -2

pkgs/applications/networking/instant-messengers/chatty/default.nix

··· 29 29 30 30 stdenv.mkDerivation rec { 31 31 pname = "chatty"; 32 - version = "0.6.6"; 32 + version = "0.6.7"; 33 33 34 34 src = fetchFromGitLab { 35 35 domain = "source.puri.sm"; ··· 37 37 repo = "chatty"; 38 38 rev = "v${version}"; 39 39 fetchSubmodules = true; 40 - hash = "sha256-vwgXfoyZOCSMnRAB6bFSrtYlSrpMa9OOcmxYTqhU+lA="; 40 + hash = "sha256-W4w/00mRgjfyQmLQ81/EAN+80qk7kDkBmMPJnOU+AIc="; 41 41 }; 42 42 43 43 postPatch = ''

+2

pkgs/applications/networking/instant-messengers/element/element-web.nix

··· 8 8 , yarn 9 9 , fixup_yarn_lock 10 10 , nodejs 11 + , jitsi-meet 11 12 , conf ? { } 12 13 }: 13 14 ··· 65 66 runHook preInstall 66 67 67 68 cp -R webapp $out 69 + cp ${jitsi-meet}/libs/external_api.min.js $out/jitsi_external_api.min.js 68 70 echo "${version}" > "$out/version" 69 71 jq -s '.[0] * .[1]' "config.sample.json" "${configOverrides}" > "$out/config.json" 70 72

+6

pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix

··· 2 2 , lib 3 3 , python 4 4 , fetchFromGitHub 5 + , fetchpatch 5 6 , pyopenssl 6 7 , webcolors 7 8 , future ··· 31 32 repo = "weechat-matrix"; 32 33 rev = version; 33 34 hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; 35 + }; 36 + 37 + patches = fetchpatch { 38 + url = "https://patch-diff.githubusercontent.com/raw/poljar/weechat-matrix/pull/309.patch"; 39 + sha256 = "sha256-Grdht+TOFvCYRpL7uhPivqL7YzLoNVF3iQNHgbv1Te0="; 34 40 }; 35 41 36 42 propagatedBuildInputs = [

-65

pkgs/development/interpreters/erlang/R16B02-basho.nix

··· 1 - { pkgs, mkDerivation }: 2 - 3 - mkDerivation { 4 - baseName = "erlang"; 5 - version = "16B02.basho10"; 6 - 7 - src = pkgs.fetchFromGitHub { 8 - owner = "basho"; 9 - repo = "otp"; 10 - rev = "OTP_R16B02_basho10"; 11 - sha256 = "1s2c3ag9dnp6xmcr27kh95n1w50xly97n1mp8ivc2a3gpv4blqmj"; 12 - }; 13 - 14 - preConfigure = '' 15 - export HOME=$PWD/../ 16 - export LANG=C 17 - export ERL_TOP=$(pwd) 18 - sed -e s@/bin/pwd@pwd@g -i otp_build 19 - sed -e s@"/usr/bin/env escript"@$(pwd)/bootstrap/bin/escript@g -i lib/diameter/bin/diameterc 20 - 21 - ./otp_build autoconf 22 - ''; 23 - 24 - enableHipe = false; 25 - 26 - # Do not install docs, instead use prebuilt versions. 27 - installTargets = "install"; 28 - postInstall = let 29 - manpages = pkgs.fetchurl { 30 - url = "https://www.erlang.org/download/otp_doc_man_R16B02.tar.gz"; 31 - sha256 = "12apxjmmd591y9g9bhr97z5jbd1jarqg7wj0y2sqhl21hc1yp75p"; 32 - }; 33 - in '' 34 - sed -e s@$(pwd)/bootstrap/bin/escript@$out/bin/escript@g -i $out/lib/erlang/lib/diameter-1.4.3/bin/diameterc 35 - 36 - tar xf "${manpages}" -C "$out/lib/erlang" 37 - for i in "$out"/lib/erlang/man/man[0-9]/*.[0-9]; do 38 - prefix="''${i%/*}" 39 - mkdir -p "$out/share/man/''${prefix##*/}" 40 - ln -s "$i" "$out/share/man/''${prefix##*/}/''${i##*/}erl" 41 - done 42 - ''; 43 - 44 - meta = { 45 - homepage = "https://github.com/basho/otp/"; 46 - description = "Programming language used for massively scalable soft real-time systems, Basho fork"; 47 - 48 - longDescription = '' 49 - Erlang is a programming language used to build massively scalable 50 - soft real-time systems with requirements on high availability. 51 - Some of its uses are in telecoms, banking, e-commerce, computer 52 - telephony and instant messaging. Erlang's runtime system has 53 - built-in support for concurrency, distribution and fault 54 - tolerance. 55 - This version of Erlang is Basho's version, forked from Ericsson's 56 - repository. 57 - ''; 58 - 59 - knownVulnerabilities = [ "CVE-2017-1000385" ]; 60 - 61 - platforms = ["x86_64-linux" "x86_64-darwin"]; 62 - license = pkgs.lib.licenses.asl20; 63 - maintainers = with pkgs.lib.maintainers; [ mdaiter ]; 64 - }; 65 - }

+2 -2

pkgs/development/libraries/armadillo/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "armadillo"; 5 - version = "11.1.1"; 5 + version = "11.2.0"; 6 6 7 7 src = fetchurl { 8 8 url = "mirror://sourceforge/arma/armadillo-${version}.tar.xz"; 9 - sha256 = "sha256-v6YVSl/v2DLSjVMKWCIf5KLP8qO729guEJveU/sp3Ns="; 9 + sha256 = "sha256-31yiFZAcaMY0Z8C/7hTwjjTYdaR6sPCVCCqzLd/08kM="; 10 10 }; 11 11 12 12 nativeBuildInputs = [ cmake ];

+37

pkgs/development/libraries/nrf5-sdk/default.nix

··· 1 + { lib 2 + , stdenv 3 + , fetchzip 4 + }: 5 + 6 + stdenv.mkDerivation rec { 7 + pname = "nrf5-sdk"; 8 + version = "17.1.0"; 9 + 10 + urlHash = "ddde560"; 11 + 12 + src = fetchzip { 13 + url = "https://nsscprodmedia.blob.core.windows.net/prod/software-and-other-downloads/sdks/nrf5/binaries/nrf5_sdk_${version}_${urlHash}.zip"; 14 + sha256 = "sha256-q4WQ7X7/z/42/qcii+mOLnobqcbUy0tInkOfRH/Gwus="; 15 + }; 16 + 17 + dontConfigure = true; 18 + dontBuild = true; 19 + 20 + installPhase = '' 21 + runHook preInstall 22 + 23 + mkdir -p $out/share/nRF5_SDK 24 + mv * $out/share/nRF5_SDK 25 + rm $out/share/nRF5_SDK/*.msi 26 + 27 + runHook postInstall 28 + ''; 29 + 30 + meta = with lib; { 31 + description = "Nordic Semiconductor nRF5 Software Development Kit"; 32 + homepage = "https://www.nordicsemi.com/Products/Development-software/nRF5-SDK"; 33 + license = licenses.unfree; 34 + platforms = platforms.all; 35 + maintainers = with maintainers; [ stargate01 ]; 36 + }; 37 + }

+2 -2

pkgs/development/python-modules/geoip2/default.nix

··· 9 9 }: 10 10 11 11 buildPythonPackage rec { 12 - version = "4.5.0"; 12 + version = "4.6.0"; 13 13 pname = "geoip2"; 14 14 disabled = pythonOlder "3.6"; 15 15 16 16 src = fetchPypi { 17 17 inherit pname version; 18 - sha256 = "b542252e87eb40adc3a2fc0f4e84b514c4c5e04ed46923a3a74d509f25f3103a"; 18 + sha256 = "sha256-8OgLzoCwa7OL0Iv0h31ahONU6TIJXmzPtNJ7tZj6T4M="; 19 19 }; 20 20 21 21 patchPhase = ''

+32 -8

pkgs/development/python-modules/nodeenv/default.nix

··· 1 - { lib, buildPythonPackage, fetchPypi, setuptools, python, which }: 1 + { lib 2 + , buildPythonPackage 3 + , fetchFromGitHub 4 + , mock 5 + , pytestCheckHook 6 + , python 7 + , pythonOlder 8 + , setuptools 9 + , which 10 + }: 2 11 3 12 buildPythonPackage rec { 4 13 pname = "nodeenv"; 5 - version = "1.6.0"; 14 + version = "1.7.0"; 15 + format = "setuptools"; 6 16 7 - src = fetchPypi { 8 - inherit pname version; 9 - sha256 = "3ef13ff90291ba2a4a7a4ff9a979b63ffdd00a464dbe04acf0ea6471517a4c2b"; 17 + disabled = pythonOlder "3.7"; 18 + 19 + src = fetchFromGitHub { 20 + owner = "ekalinin"; 21 + repo = pname; 22 + rev = version; 23 + hash = "sha256-X30PUiOMT/vXqmdSJKHTNNA8aLWavCUaKa7LzqkdLrk="; 10 24 }; 11 25 12 26 propagatedBuildInputs = [ 13 27 setuptools 14 28 ]; 15 29 16 - # Tests not included in PyPI tarball 17 - doCheck = false; 30 + checkInputs = [ 31 + mock 32 + pytestCheckHook 33 + ]; 18 34 19 35 preFixup = '' 20 36 substituteInPlace $out/${python.sitePackages}/nodeenv.py \ 21 37 --replace '["which", candidate]' '["${lib.getBin which}/bin/which", candidate]' 22 38 ''; 23 39 24 - pythonImportsCheck = [ "nodeenv" ]; 40 + pythonImportsCheck = [ 41 + "nodeenv" 42 + ]; 43 + 44 + disabledTests = [ 45 + # Test requires coverage 46 + "test_smoke" 47 + ]; 25 48 26 49 meta = with lib; { 27 50 description = "Node.js virtual environment builder"; 28 51 homepage = "https://github.com/ekalinin/nodeenv"; 29 52 license = licenses.bsd3; 53 + maintainers = with maintainers; [ ]; 30 54 }; 31 55 }

+4 -3

pkgs/os-specific/linux/intel-ocl/default.nix

··· 9 9 urls = [ 10 10 "https://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" 11 11 "http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" 12 + "https://web.archive.org/web/20190526190814/http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" 12 13 ]; 13 14 sha256 = "0qbp63l74s0i80ysh9ya8x7r79xkddbbz4378nms9i7a0kprg9p2"; 14 15 stripRoot = false; ··· 69 70 70 71 meta = { 71 72 description = "Official OpenCL runtime for Intel CPUs"; 72 - homepage = "https://software.intel.com/en-us/articles/opencl-drivers"; 73 - license = lib.licenses.unfree; 74 - platforms = [ "x86_64-linux" ]; 73 + homepage = "https://software.intel.com/en-us/articles/opencl-drivers"; 74 + license = lib.licenses.unfree; 75 + platforms = [ "x86_64-linux" ]; 75 76 maintainers = [ lib.maintainers.kierdavis ]; 76 77 }; 77 78 }

+24 -1

pkgs/top-level/all-packages.nix

··· 4599 4599 4600 4600 boofuzz= callPackage ../tools/security/boofuzz { }; 4601 4601 4602 + briar-desktop = callPackage ../applications/networking/instant-messengers/briar-desktop { }; 4603 + 4602 4604 bsdbuild = callPackage ../development/tools/misc/bsdbuild { }; 4603 4605 4604 4606 bsdiff = callPackage ../tools/compression/bsdiff { }; ··· 14440 14442 14441 14443 inherit (beam.interpreters) 14442 14444 erlang erlangR25 erlangR24 erlangR23 erlangR22 erlangR21 14443 - erlang_odbc erlang_javac erlang_odbc_javac erlang_basho_R16B02 14445 + erlang_odbc erlang_javac erlang_odbc_javac 14444 14446 elixir elixir_1_13 elixir_1_12 elixir_1_11 elixir_1_10 elixir_1_9 14445 14447 elixir_ls; 14446 14448 ··· 16136 16138 nwjs-sdk = callPackage ../development/tools/nwjs { 16137 16139 sdk = true; 16138 16140 }; 16141 + 16142 + nrf5-sdk = callPackage ../development/libraries/nrf5-sdk { }; 16139 16143 16140 16144 nrfutil = callPackage ../development/tools/misc/nrfutil { }; 16141 16145 ··· 20927 20931 20928 20932 sphinx = with python3Packages; toPythonApplication sphinx; 20929 20933 20934 + # A variation of sphinx that is only suitable for offline use as it excludes 20935 + # pyopenssl, which is broken on aarch64-darwin. 20936 + # https://github.com/NixOS/nixpkgs/issues/175875 20937 + sphinx_offline = 20938 + if !(stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isAarch64) 20939 + then sphinx 20940 + else 20941 + sphinx.override (o: { 20942 + requests = pkgsBuildTarget.python3Packages.requests.override (o: { 20943 + urllib3 = pkgsBuildTarget.python3Packages.urllib3.overrideAttrs (o: { 20944 + # urllib3 adds the optional pyopenssl to propagatedBuildInputs 20945 + # pkgs/development/python-modules/urllib3/default.nix 20946 + propagatedBuildInputs = []; 20947 + }); 20948 + }); 20949 + }); 20950 + 20930 20951 sphinx-autobuild = with python3Packages; toPythonApplication sphinx-autobuild; 20931 20952 20932 20953 sphinx-serve = with python3Packages; toPythonApplication sphinx-serve; ··· 26987 27008 26988 27009 # Git with SVN support, but without GUI. 26989 27010 gitSVN = lowPrio (git.override { svnSupport = true; }); 27011 + 27012 + git-autofixup = perlPackages.GitAutofixup; 26990 27013 26991 27014 git-doc = lib.addMetaAttrs { 26992 27015 description = "Additional documentation for Git";

-9

pkgs/top-level/beam-packages.nix

··· 92 92 odbcSupport = true; 93 93 }; 94 94 95 - # Basho fork, using custom builder. 96 - erlang_basho_R16B02 = 97 - lib.callErlang ../development/interpreters/erlang/R16B02-basho.nix { 98 - autoconf = buildPackages.autoconf269; 99 - inherit wxSupport; 100 - }; 101 - erlang_basho_R16B02_odbc = 102 - erlang_basho_R16B02.override { odbcSupport = true; }; 103 - 104 95 # Other Beam languages. These are built with `beam.interpreters.erlang`. To 105 96 # access for example elixir built with different version of Erlang, use 106 97 # `beam.packages.erlangR24.elixir`.

+7 -5

pkgs/top-level/haskell-packages.nix

··· 49 49 # Use this rather than `rec { ... }` below for sake of overlays. 50 50 inherit (pkgs.haskell) compiler packages; 51 51 52 + sphinx = buildPackages.sphinx_offline; 53 + 52 54 in { 53 55 lib = haskellLibUncomposable; 54 56 ··· 97 99 packages.ghc8102Binary 98 100 else 99 101 packages.ghc865Binary; 100 - inherit (buildPackages.python3Packages) sphinx; 102 + inherit sphinx; 101 103 buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_7; 102 104 llvmPackages = pkgs.llvmPackages_7; 103 105 }; ··· 110 112 packages.ghc8107BinaryMinimal 111 113 else 112 114 packages.ghc8107Binary; 113 - inherit (buildPackages.python3Packages) sphinx; 115 + inherit sphinx; 114 116 # Need to use apple's patched xattr until 115 117 # https://github.com/xattr/xattr/issues/44 and 116 118 # https://github.com/xattr/xattr/issues/55 are solved. ··· 126 128 packages.ghc8107BinaryMinimal 127 129 else 128 130 packages.ghc8107Binary; 129 - inherit (buildPackages.python3Packages) sphinx; 131 + inherit sphinx; 130 132 inherit (buildPackages.darwin) autoSignDarwinBinariesHook xattr; 131 133 buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_12; 132 134 llvmPackages = pkgs.llvmPackages_12; ··· 138 140 packages.ghc8107BinaryMinimal 139 141 else 140 142 packages.ghc8107Binary; 141 - inherit (buildPackages.python3Packages) sphinx; 143 + inherit sphinx; 142 144 # Need to use apple's patched xattr until 143 145 # https://github.com/xattr/xattr/issues/44 and 144 146 # https://github.com/xattr/xattr/issues/55 are solved. ··· 148 150 }; 149 151 ghcHEAD = callPackage ../development/compilers/ghc/head.nix { 150 152 bootPkgs = packages.ghc8107Binary; 151 - inherit (buildPackages.python3Packages) sphinx; 153 + inherit sphinx; 152 154 # Need to use apple's patched xattr until 153 155 # https://github.com/xattr/xattr/issues/44 and 154 156 # https://github.com/xattr/xattr/issues/55 are solved.