commit d5776afdf53092b3e3e7ac41a53f36d5a4e86b1a · pyrox.dev/nixpkgs

+5 -1

doc/packages/darwin-builder.section.md

··· 94 94 system = linuxSystem; 95 95 modules = [ 96 96 "${nixpkgs}/nixos/modules/profiles/macos-builder.nix" 97 - { virtualisation.host.pkgs = pkgs; } 97 + { virtualisation = { 98 + host.pkgs = pkgs; 99 + darwin-builder.workingDirectory = "/var/lib/darwin-builder"; 100 + }; 101 + }; 98 102 ]; 99 103 }; 100 104 in {

+22 -10

lib/meta.nix

··· 3 3 4 4 { lib }: 5 5 6 + let 7 + inherit (lib) matchAttrs any all; 8 + inherit (builtins) isString; 9 + 10 + in 6 11 rec { 7 12 8 13 ··· 83 88 We can inject these into a pattern for the whole of a structured platform, 84 89 and then match that. 85 90 */ 86 - platformMatch = platform: elem: let 87 - pattern = 88 - if builtins.isString elem 89 - then { system = elem; } 90 - else if elem?parsed 91 - then elem 92 - else { parsed = elem; }; 93 - in lib.matchAttrs pattern platform; 91 + platformMatch = platform: elem: ( 92 + # Check with simple string comparison if elem was a string. 93 + # 94 + # The majority of comparisons done with this function will be against meta.platforms 95 + # which contains a simple platform string. 96 + # 97 + # Avoiding an attrset allocation results in significant performance gains (~2-30) across the board in OfBorg 98 + # because this is a hot path for nixpkgs. 99 + if isString elem then platform ? system && elem == platform.system 100 + else matchAttrs ( 101 + # Normalize platform attrset. 102 + if elem ? parsed then elem 103 + else { parsed = elem; } 104 + ) platform 105 + ); 94 106 95 107 /* Check if a package is available on a given platform. 96 108 ··· 102 114 2. None of `meta.badPlatforms` pattern matches the given platform. 103 115 */ 104 116 availableOn = platform: pkg: 105 - ((!pkg?meta.platforms) || lib.any (platformMatch platform) pkg.meta.platforms) && 106 - lib.all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []); 117 + ((!pkg?meta.platforms) || any (platformMatch platform) pkg.meta.platforms) && 118 + all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []); 107 119 108 120 /* Get the corresponding attribute in lib.licenses 109 121 from the SPDX ID.

+20

lib/tests/misc.nix

··· 1948 1948 testGetExe'FailureSecondArg = testingThrow ( 1949 1949 getExe' { type = "derivation"; } "dir/executable" 1950 1950 ); 1951 + 1952 + testPlatformMatch = { 1953 + expr = meta.platformMatch { system = "x86_64-linux"; } "x86_64-linux"; 1954 + expected = true; 1955 + }; 1956 + 1957 + testPlatformMatchAttrs = { 1958 + expr = meta.platformMatch (systems.elaborate "x86_64-linux") (systems.elaborate "x86_64-linux").parsed; 1959 + expected = true; 1960 + }; 1961 + 1962 + testPlatformMatchNoMatch = { 1963 + expr = meta.platformMatch { system = "x86_64-darwin"; } "x86_64-linux"; 1964 + expected = false; 1965 + }; 1966 + 1967 + testPlatformMatchMissingSystem = { 1968 + expr = meta.platformMatch { } "x86_64-linux"; 1969 + expected = false; 1970 + }; 1951 1971 }

+6 -2

nixos/doc/manual/release-notes/rl-2311.section.md

··· 22 22 23 23 - [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported. 24 24 An experimental new module `security.sudo-rs` was added. 25 - Switching to it (via `security.sudo.enable = false; security.sudo-rs.enable = true;`) introduces 25 + Switching to it (via ` security.sudo-rs.enable = true;`) introduces 26 26 slight changes in sudo behaviour, due to `sudo-rs`' current limitations: 27 27 - terminfo-related environment variables aren't preserved for `root` and `wheel`; 28 28 - `root` and `wheel` are not given the ability to set (or preserve) 29 29 arbitrary environment variables. 30 30 31 - - [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.37 to 2.38, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.38) for what was changed. 31 + **Note:** The `sudo-rs` module only takes configuration through `security.sudo-rs`, 32 + and in particular does not automatically use previously-set rules; this could be 33 + achieved with `security.sudo-rs.extraRules = security.sudo.extraRules;` for instance. 32 34 33 35 [`sudo-rs`]: https://github.com/memorysafety/sudo-rs/ 36 + 37 + - [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.37 to 2.38, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.38) for what was changed. 34 38 35 39 - `linuxPackages_testing_bcachefs` is now soft-deprecated by `linuxPackages_testing`. 36 40 - Please consider changing your NixOS configuration's `boot.kernelPackages` to `linuxPackages_testing` until a stable kernel with bcachefs support is released.

+8 -5

nixos/modules/security/pam.nix

··· 943 943 value.source = pkgs.writeText "${name}.pam" service.text; 944 944 }; 945 945 946 + optionalSudoConfigForSSHAgentAuth = optionalString config.security.pam.enableSSHAgentAuth '' 947 + # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. 948 + Defaults env_keep+=SSH_AUTH_SOCK 949 + ''; 950 + 946 951 in 947 952 948 953 { ··· 1532 1537 concatLines 1533 1538 ]); 1534 1539 1535 - security.sudo.extraConfig = optionalString config.security.pam.enableSSHAgentAuth '' 1536 - # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. 1537 - Defaults env_keep+=SSH_AUTH_SOCK 1538 - ''; 1539 - }; 1540 + security.sudo.extraConfig = optionalSudoConfigForSSHAgentAuth; 1541 + security.sudo-rs.extraConfig = optionalSudoConfigForSSHAgentAuth; 1542 + }; 1540 1543 }

+26 -51

nixos/modules/security/sudo-rs.nix

··· 4 4 5 5 let 6 6 7 - inherit (pkgs) sudo sudo-rs; 8 - 9 7 cfg = config.security.sudo-rs; 10 8 11 - enableSSHAgentAuth = 12 - with config.security; 13 - pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth; 14 - 15 - usingMillersSudo = cfg.package.pname == sudo.pname; 16 - usingSudoRs = cfg.package.pname == sudo-rs.pname; 9 + inherit (config.security.pam) enableSSHAgentAuth; 17 10 18 11 toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; 19 12 toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}"; ··· 41 34 42 35 defaultOptions = mkOption { 43 36 type = with types; listOf str; 44 - default = optional usingMillersSudo "SETENV"; 45 - defaultText = literalMD '' 46 - `[ "SETENV" ]` if using the default `sudo` implementation 47 - ''; 37 + default = []; 48 38 description = mdDoc '' 49 39 Options used for the default rules, granting `root` and the 50 40 `wheel` group permission to run any command as any user. 51 41 ''; 52 42 }; 53 43 54 - enable = mkOption { 55 - type = types.bool; 56 - default = false; 57 - description = mdDoc '' 58 - Whether to enable the {command}`sudo` command, which 59 - allows non-root users to execute commands as root. 60 - ''; 61 - }; 44 + enable = mkEnableOption (mdDoc '' 45 + a memory-safe implementation of the {command}`sudo` command, 46 + which allows non-root users to execute commands as root. 47 + ''); 62 48 63 - package = mkOption { 64 - type = types.package; 65 - default = pkgs.sudo-rs; 66 - defaultText = literalExpression "pkgs.sudo-rs"; 67 - description = mdDoc '' 68 - Which package to use for `sudo`. 69 - ''; 70 - }; 49 + package = mkPackageOption pkgs "sudo-rs" { }; 71 50 72 51 wheelNeedsPassword = mkOption { 73 52 type = types.bool; ··· 208 187 ###### implementation 209 188 210 189 config = mkIf cfg.enable { 190 + assertions = [ { 191 + assertion = ! config.security.sudo.enable; 192 + message = "`security.sudo` and `security.sudo-rs` cannot both be enabled"; 193 + }]; 194 + security.sudo.enable = mkDefault false; 195 + 211 196 security.sudo-rs.extraRules = 212 197 let 213 198 defaultRule = { users ? [], groups ? [], opts ? [] }: [ { ··· 235 220 # Don't edit this file. Set the NixOS options ‘security.sudo-rs.configFile’ 236 221 # or ‘security.sudo-rs.extraRules’ instead. 237 222 '' 238 - (optionalString enableSSHAgentAuth '' 239 - # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. 240 - Defaults env_keep+=SSH_AUTH_SOCK 241 - '') 242 - (concatStringsSep "\n" ( 243 - lists.flatten ( 244 - map ( 245 - rule: optionals (length rule.commands != 0) [ 246 - (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) 247 - (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) 248 - ] 249 - ) cfg.extraRules 250 - ) 251 - ) + "\n") 223 + (pipe cfg.extraRules [ 224 + (filter (rule: length rule.commands != 0)) 225 + (map (rule: [ 226 + (map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users) 227 + (map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups) 228 + ])) 229 + flatten 230 + (concatStringsSep "\n") 231 + ]) 232 + "\n" 252 233 (optionalString (cfg.extraConfig != "") '' 253 234 # extraConfig 254 235 ${cfg.extraConfig} ··· 265 246 source = "${cfg.package.out}/bin/sudo"; 266 247 inherit owner group setuid permissions; 267 248 }; 268 - # sudo-rs does not yet ship a sudoedit (as of v0.2.0) 269 - sudoedit = mkIf usingMillersSudo { 270 - source = "${cfg.package.out}/bin/sudoedit"; 271 - inherit owner group setuid permissions; 272 - }; 273 249 }; 274 250 275 - environment.systemPackages = [ sudo ]; 251 + environment.systemPackages = [ cfg.package ]; 276 252 277 253 security.pam.services.sudo = { sshAgentAuth = true; usshAuth = true; }; 278 - security.pam.services.sudo-i = mkIf usingSudoRs 279 - { sshAgentAuth = true; usshAuth = true; }; 254 + security.pam.services.sudo-i = { sshAgentAuth = true; usshAuth = true; }; 280 255 281 256 environment.etc.sudoers = 282 257 { source = ··· 285 260 src = pkgs.writeText "sudoers-in" cfg.configFile; 286 261 preferLocalBuild = true; 287 262 } 288 - "${pkgs.buildPackages."${cfg.package.pname}"}/bin/visudo -f $src -c && cp $src $out"; 263 + "${pkgs.buildPackages.sudo-rs}/bin/visudo -f $src -c && cp $src $out"; 289 264 mode = "0440"; 290 265 }; 291 266

+18 -17

nixos/modules/services/backup/btrbk.nix

··· 47 47 then [ "${name} ${value}" ] 48 48 else concatLists (mapAttrsToList (genSection name) value); 49 49 50 + sudoRule = { 51 + users = [ "btrbk" ]; 52 + commands = [ 53 + { command = "${pkgs.btrfs-progs}/bin/btrfs"; options = [ "NOPASSWD" ]; } 54 + { command = "${pkgs.coreutils}/bin/mkdir"; options = [ "NOPASSWD" ]; } 55 + { command = "${pkgs.coreutils}/bin/readlink"; options = [ "NOPASSWD" ]; } 56 + # for ssh, they are not the same than the one hard coded in ${pkgs.btrbk} 57 + { command = "/run/current-system/sw/bin/btrfs"; options = [ "NOPASSWD" ]; } 58 + { command = "/run/current-system/sw/bin/mkdir"; options = [ "NOPASSWD" ]; } 59 + { command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; } 60 + ]; 61 + }; 62 + 50 63 sudo_doas = 51 - if config.security.sudo.enable then "sudo" 64 + if config.security.sudo.enable || config.security.sudo-rs.enable then "sudo" 52 65 else if config.security.doas.enable then "doas" 53 66 else throw "The btrbk nixos module needs either sudo or doas enabled in the configuration"; 54 67 ··· 157 170 }; 158 171 config = mkIf (sshEnabled || serviceEnabled) { 159 172 environment.systemPackages = [ pkgs.btrbk ] ++ cfg.extraPackages; 160 - security.sudo = mkIf (sudo_doas == "sudo") { 161 - extraRules = [ 162 - { 163 - users = [ "btrbk" ]; 164 - commands = [ 165 - { command = "${pkgs.btrfs-progs}/bin/btrfs"; options = [ "NOPASSWD" ]; } 166 - { command = "${pkgs.coreutils}/bin/mkdir"; options = [ "NOPASSWD" ]; } 167 - { command = "${pkgs.coreutils}/bin/readlink"; options = [ "NOPASSWD" ]; } 168 - # for ssh, they are not the same than the one hard coded in ${pkgs.btrbk} 169 - { command = "/run/current-system/sw/bin/btrfs"; options = [ "NOPASSWD" ]; } 170 - { command = "/run/current-system/sw/bin/mkdir"; options = [ "NOPASSWD" ]; } 171 - { command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; } 172 - ]; 173 - } 174 - ]; 175 - }; 173 + 174 + security.sudo.extraRules = mkIf (sudo_doas == "sudo") [ sudoRule ]; 175 + security.sudo-rs.extraRules = mkIf (sudo_doas == "sudo") [ sudoRule ]; 176 + 176 177 security.doas = mkIf (sudo_doas == "doas") { 177 178 extraRules = let 178 179 doasCmdNoPass = cmd: { users = [ "btrbk" ]; cmd = cmd; noPass = true; };

+8 -11

nixos/modules/services/misc/amazon-ssm-agent.nix

··· 15 15 -r) echo "${config.system.nixos.version}";; 16 16 esac 17 17 ''; 18 + 19 + sudoRule = { 20 + users = [ "ssm-user" ]; 21 + commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; 22 + }; 18 23 in { 19 24 imports = [ 20 25 (mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ]) ··· 54 59 55 60 # Add user that Session Manager needs, and give it sudo. 56 61 # This is consistent with Amazon Linux 2 images. 57 - security.sudo.extraRules = [ 58 - { 59 - users = [ "ssm-user" ]; 60 - commands = [ 61 - { 62 - command = "ALL"; 63 - options = [ "NOPASSWD" ]; 64 - } 65 - ]; 66 - } 67 - ]; 62 + security.sudo.extraRules = [ sudoRule ]; 63 + security.sudo-rs.extraRules = [ sudoRule ]; 64 + 68 65 # On Amazon Linux 2 images, the ssm-user user is pretty much a 69 66 # normal user with its own group. We do the same. 70 67 users.groups.ssm-user = {};

+5

nixos/modules/services/monitoring/telegraf.nix

··· 53 53 54 54 ###### implementation 55 55 config = mkIf config.services.telegraf.enable { 56 + services.telegraf.extraConfig = { 57 + inputs = {}; 58 + outputs = {}; 59 + }; 56 60 systemd.services.telegraf = let 57 61 finalConfigFile = if config.services.telegraf.environmentFiles == [] 58 62 then configFile ··· 61 65 description = "Telegraf Agent"; 62 66 wantedBy = [ "multi-user.target" ]; 63 67 after = [ "network-online.target" ]; 68 + path = lib.optional (config.services.telegraf.extraConfig.inputs ? procstat) pkgs.procps; 64 69 serviceConfig = { 65 70 EnvironmentFile = config.services.telegraf.environmentFiles; 66 71 ExecStartPre = lib.optional (config.services.telegraf.environmentFiles != [])

+7 -8

nixos/modules/services/web-apps/mediawiki.nix

··· 20 20 21 21 pkg = pkgs.stdenv.mkDerivation rec { 22 22 pname = "mediawiki-full"; 23 - version = src.version; 23 + inherit (src) version; 24 24 src = cfg.package; 25 25 26 26 installPhase = '' 27 27 mkdir -p $out 28 28 cp -r * $out/ 29 29 30 - rm -rf $out/share/mediawiki/skins/* 31 - rm -rf $out/share/mediawiki/extensions/* 32 - 30 + # try removing directories before symlinking to allow overwriting any builtin extension or skin 33 31 ${concatStringsSep "\n" (mapAttrsToList (k: v: '' 32 + rm -rf $out/share/mediawiki/skins/${k} 34 33 ln -s ${v} $out/share/mediawiki/skins/${k} 35 34 '') cfg.skins)} 36 35 37 36 ${concatStringsSep "\n" (mapAttrsToList (k: v: '' 37 + rm -rf $out/share/mediawiki/extensions/${k} 38 38 ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k} 39 39 '') cfg.extensions)} 40 40 ''; ··· 540 540 locations = { 541 541 "~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\\.php$".extraConfig = '' 542 542 rewrite ^/w/(.*) /$1 break; 543 - include ${config.services.nginx.package}/conf/fastcgi_params; 543 + include ${config.services.nginx.package}/conf/fastcgi.conf; 544 544 fastcgi_index index.php; 545 - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 546 545 fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket}; 547 546 ''; 548 547 "/w/images/".alias = withTrailingSlash cfg.uploadsDir; ··· 573 572 574 573 # Explicit access to the root website, redirect to main page (adapt as needed) 575 574 "= /".extraConfig = '' 576 - return 301 /wiki/Main_Page; 575 + return 301 /wiki/; 577 576 ''; 578 577 579 578 # Every other entry point will be disallowed. ··· 634 633 ++ optional (cfg.webserver == "apache" && cfg.database.createLocally && cfg.database.type == "postgres") "postgresql.service"; 635 634 636 635 users.users.${user} = { 637 - group = group; 636 + inherit group; 638 637 isSystemUser = true; 639 638 }; 640 639 users.groups.${group} = {};

+122 -116

nixos/modules/virtualisation/nixos-containers.nix

··· 771 771 }; 772 772 773 773 774 - config = mkIf (config.boot.enableContainers) (let 774 + config = mkMerge [ 775 + { 776 + warnings = optional (!config.boot.enableContainers && config.containers != {}) 777 + "containers.<name> is used, but boot.enableContainers is false. To use containers.<name>, set boot.enableContainers to true."; 778 + } 775 779 776 - unit = { 777 - description = "Container '%i'"; 780 + (mkIf (config.boot.enableContainers) (let 781 + unit = { 782 + description = "Container '%i'"; 778 783 779 - unitConfig.RequiresMountsFor = "${stateDirectory}/%i"; 784 + unitConfig.RequiresMountsFor = "${stateDirectory}/%i"; 780 785 781 - path = [ pkgs.iproute2 ]; 786 + path = [ pkgs.iproute2 ]; 782 787 783 - environment = { 784 - root = "${stateDirectory}/%i"; 785 - INSTANCE = "%i"; 786 - }; 788 + environment = { 789 + root = "${stateDirectory}/%i"; 790 + INSTANCE = "%i"; 791 + }; 787 792 788 - preStart = preStartScript dummyConfig; 793 + preStart = preStartScript dummyConfig; 789 794 790 - script = startScript dummyConfig; 795 + script = startScript dummyConfig; 791 796 792 - postStart = postStartScript dummyConfig; 797 + postStart = postStartScript dummyConfig; 793 798 794 - restartIfChanged = false; 799 + restartIfChanged = false; 795 800 796 - serviceConfig = serviceDirectives dummyConfig; 797 - }; 798 - in { 799 - warnings = 800 - (optional (config.virtualisation.containers.enable && versionOlder config.system.stateVersion "22.05") '' 801 - Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported. 802 - ''); 801 + serviceConfig = serviceDirectives dummyConfig; 802 + }; 803 + in { 804 + warnings = 805 + (optional (config.virtualisation.containers.enable && versionOlder config.system.stateVersion "22.05") '' 806 + Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported. 807 + ''); 803 808 804 - systemd.targets.multi-user.wants = [ "machines.target" ]; 809 + systemd.targets.multi-user.wants = [ "machines.target" ]; 805 810 806 - systemd.services = listToAttrs (filter (x: x.value != null) ( 807 - # The generic container template used by imperative containers 808 - [{ name = "container@"; value = unit; }] 809 - # declarative containers 810 - ++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (let 811 - containerConfig = cfg // ( 812 - optionalAttrs cfg.enableTun 813 - { 814 - allowedDevices = cfg.allowedDevices 815 - ++ [ { node = "/dev/net/tun"; modifier = "rw"; } ]; 816 - additionalCapabilities = cfg.additionalCapabilities 817 - ++ [ "CAP_NET_ADMIN" ]; 818 - } 819 - ); 820 - in 821 - recursiveUpdate unit { 822 - preStart = preStartScript containerConfig; 823 - script = startScript containerConfig; 824 - postStart = postStartScript containerConfig; 825 - serviceConfig = serviceDirectives containerConfig; 826 - unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i"; 827 - environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i"; 828 - } // ( 829 - optionalAttrs containerConfig.autoStart 830 - { 831 - wantedBy = [ "machines.target" ]; 832 - wants = [ "network.target" ]; 833 - after = [ "network.target" ]; 834 - restartTriggers = [ 835 - containerConfig.path 836 - config.environment.etc."${configurationDirectoryName}/${name}.conf".source 837 - ]; 838 - restartIfChanged = containerConfig.restartIfChanged; 839 - } 840 - ) 841 - )) config.containers) 842 - )); 811 + systemd.services = listToAttrs (filter (x: x.value != null) ( 812 + # The generic container template used by imperative containers 813 + [{ name = "container@"; value = unit; }] 814 + # declarative containers 815 + ++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (let 816 + containerConfig = cfg // ( 817 + optionalAttrs cfg.enableTun 818 + { 819 + allowedDevices = cfg.allowedDevices 820 + ++ [ { node = "/dev/net/tun"; modifier = "rw"; } ]; 821 + additionalCapabilities = cfg.additionalCapabilities 822 + ++ [ "CAP_NET_ADMIN" ]; 823 + } 824 + ); 825 + in 826 + recursiveUpdate unit { 827 + preStart = preStartScript containerConfig; 828 + script = startScript containerConfig; 829 + postStart = postStartScript containerConfig; 830 + serviceConfig = serviceDirectives containerConfig; 831 + unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i"; 832 + environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i"; 833 + } // ( 834 + optionalAttrs containerConfig.autoStart 835 + { 836 + wantedBy = [ "machines.target" ]; 837 + wants = [ "network.target" ]; 838 + after = [ "network.target" ]; 839 + restartTriggers = [ 840 + containerConfig.path 841 + config.environment.etc."${configurationDirectoryName}/${name}.conf".source 842 + ]; 843 + restartIfChanged = containerConfig.restartIfChanged; 844 + } 845 + ) 846 + )) config.containers) 847 + )); 843 848 844 - # Generate a configuration file in /etc/nixos-containers for each 845 - # container so that container@.target can get the container 846 - # configuration. 847 - environment.etc = 848 - let mkPortStr = p: p.protocol + ":" + (toString p.hostPort) + ":" + (if p.containerPort == null then toString p.hostPort else toString p.containerPort); 849 - in mapAttrs' (name: cfg: nameValuePair "${configurationDirectoryName}/${name}.conf" 850 - { text = 851 - '' 852 - SYSTEM_PATH=${cfg.path} 853 - ${optionalString cfg.privateNetwork '' 854 - PRIVATE_NETWORK=1 855 - ${optionalString (cfg.hostBridge != null) '' 856 - HOST_BRIDGE=${cfg.hostBridge} 857 - ''} 858 - ${optionalString (length cfg.forwardPorts > 0) '' 859 - HOST_PORT=${concatStringsSep "," (map mkPortStr cfg.forwardPorts)} 849 + # Generate a configuration file in /etc/nixos-containers for each 850 + # container so that container@.target can get the container 851 + # configuration. 852 + environment.etc = 853 + let mkPortStr = p: p.protocol + ":" + (toString p.hostPort) + ":" + (if p.containerPort == null then toString p.hostPort else toString p.containerPort); 854 + in mapAttrs' (name: cfg: nameValuePair "${configurationDirectoryName}/${name}.conf" 855 + { text = 856 + '' 857 + SYSTEM_PATH=${cfg.path} 858 + ${optionalString cfg.privateNetwork '' 859 + PRIVATE_NETWORK=1 860 + ${optionalString (cfg.hostBridge != null) '' 861 + HOST_BRIDGE=${cfg.hostBridge} 862 + ''} 863 + ${optionalString (length cfg.forwardPorts > 0) '' 864 + HOST_PORT=${concatStringsSep "," (map mkPortStr cfg.forwardPorts)} 865 + ''} 866 + ${optionalString (cfg.hostAddress != null) '' 867 + HOST_ADDRESS=${cfg.hostAddress} 868 + ''} 869 + ${optionalString (cfg.hostAddress6 != null) '' 870 + HOST_ADDRESS6=${cfg.hostAddress6} 871 + ''} 872 + ${optionalString (cfg.localAddress != null) '' 873 + LOCAL_ADDRESS=${cfg.localAddress} 874 + ''} 875 + ${optionalString (cfg.localAddress6 != null) '' 876 + LOCAL_ADDRESS6=${cfg.localAddress6} 877 + ''} 860 878 ''} 861 - ${optionalString (cfg.hostAddress != null) '' 862 - HOST_ADDRESS=${cfg.hostAddress} 879 + INTERFACES="${toString cfg.interfaces}" 880 + MACVLANS="${toString cfg.macvlans}" 881 + ${optionalString cfg.autoStart '' 882 + AUTO_START=1 863 883 ''} 864 - ${optionalString (cfg.hostAddress6 != null) '' 865 - HOST_ADDRESS6=${cfg.hostAddress6} 866 - ''} 867 - ${optionalString (cfg.localAddress != null) '' 868 - LOCAL_ADDRESS=${cfg.localAddress} 869 - ''} 870 - ${optionalString (cfg.localAddress6 != null) '' 871 - LOCAL_ADDRESS6=${cfg.localAddress6} 872 - ''} 873 - ''} 874 - INTERFACES="${toString cfg.interfaces}" 875 - MACVLANS="${toString cfg.macvlans}" 876 - ${optionalString cfg.autoStart '' 877 - AUTO_START=1 878 - ''} 879 - EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts + 880 - optionalString (cfg.extraFlags != []) 881 - (" " + concatStringsSep " " cfg.extraFlags)}" 882 - ''; 883 - }) config.containers; 884 + EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts + 885 + optionalString (cfg.extraFlags != []) 886 + (" " + concatStringsSep " " cfg.extraFlags)}" 887 + ''; 888 + }) config.containers; 884 889 885 - # Generate /etc/hosts entries for the containers. 886 - networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null) 887 - '' 888 - ${head (splitString "/" cfg.localAddress)} ${name}.containers 889 - '') config.containers); 890 + # Generate /etc/hosts entries for the containers. 891 + networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null) 892 + '' 893 + ${head (splitString "/" cfg.localAddress)} ${name}.containers 894 + '') config.containers); 890 895 891 - networking.dhcpcd.denyInterfaces = [ "ve-*" "vb-*" ]; 896 + networking.dhcpcd.denyInterfaces = [ "ve-*" "vb-*" ]; 892 897 893 - services.udev.extraRules = optionalString config.networking.networkmanager.enable '' 894 - # Don't manage interfaces created by nixos-container. 895 - ENV{INTERFACE}=="v[eb]-*", ENV{NM_UNMANAGED}="1" 896 - ''; 898 + services.udev.extraRules = optionalString config.networking.networkmanager.enable '' 899 + # Don't manage interfaces created by nixos-container. 900 + ENV{INTERFACE}=="v[eb]-*", ENV{NM_UNMANAGED}="1" 901 + ''; 897 902 898 - environment.systemPackages = [ 899 - nixos-container 900 - ]; 903 + environment.systemPackages = [ 904 + nixos-container 905 + ]; 901 906 902 - boot.kernelModules = [ 903 - "bridge" 904 - "macvlan" 905 - "tap" 906 - "tun" 907 - ]; 908 - }); 907 + boot.kernelModules = [ 908 + "bridge" 909 + "macvlan" 910 + "tap" 911 + "tun" 912 + ]; 913 + })) 914 + ]; 909 915 910 916 meta.buildDocsInSandbox = false; 911 917 }

-6

nixos/tests/sudo-rs.nix

··· 22 22 test5 = { isNormalUser = true; }; 23 23 }; 24 24 25 - security.sudo.enable = false; 26 - 27 25 security.sudo-rs = { 28 26 enable = true; 29 - package = pkgs.sudo-rs; 30 27 wheelNeedsPassword = false; 31 28 32 29 extraRules = [ ··· 56 53 noadmin = { isNormalUser = true; }; 57 54 }; 58 55 59 - security.sudo.enable = false; 60 - 61 56 security.sudo-rs = { 62 - package = pkgs.sudo-rs; 63 57 enable = true; 64 58 wheelNeedsPassword = false; 65 59 execWheelOnly = true;

+1

nixos/tests/telegraf.nix

··· 12 12 services.telegraf.extraConfig = { 13 13 agent.interval = "1s"; 14 14 agent.flush_interval = "1s"; 15 + inputs.procstat = {}; 15 16 inputs.exec = { 16 17 commands = [ 17 18 "${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'"

+1 -1

nixos/tests/web-servers/stargazer.nix

··· 24 24 geminiserver.wait_for_open_port(1965) 25 25 26 26 with subtest("check is serving over gemini"): 27 - response = geminiserver.succeed("${pkgs.gmni}/bin/gmni -j once -i -N gemini://localhost:1965") 27 + response = geminiserver.succeed("${pkgs.gemget}/bin/gemget --header -o - gemini://localhost:1965") 28 28 print(response) 29 29 assert "Hello NixOS!" in response 30 30 '';

+2 -2

pkgs/applications/editors/openvi/default.nix

··· 7 7 8 8 stdenv.mkDerivation rec { 9 9 pname = "openvi"; 10 - version = "7.4.26"; 10 + version = "7.4.27"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "johnsonjh"; 14 14 repo = "OpenVi"; 15 15 rev = version; 16 - hash = "sha256-Fgsw4ovq7PXqPF5ECVFJulrcHdsbRQsvy62DAr4RRr4="; 16 + hash = "sha256-3cqe6woJvJt0ckI3aOhF0gARKy8VMCfWxIiiglkHBTo="; 17 17 }; 18 18 19 19 buildInputs = [ ncurses perl ];

+6 -6

pkgs/applications/editors/sublime/4/packages.nix

··· 5 5 in 6 6 { 7 7 sublime4 = common { 8 - buildVersion = "4152"; 9 - x64sha256 = "bt48g1GZWYlwQcZQboUHU8GZYmA7cb2fc6Ylrh5NNVQ="; 10 - aarch64sha256 = "nSH5a5KRYzqLMnLo2mFk3WpjL9p6Qh3zNy8oFPEHHoA="; 8 + buildVersion = "4169"; 9 + x64sha256 = "jk9wKC0QgfhiHDYUcnDhsmgJsBPOUmCkyvQeI54IJJ4="; 10 + aarch64sha256 = "/W/xGbE+8gGu1zNh6lERZrfG9Dh9QUGkYiqTzp216JI="; 11 11 } {}; 12 12 13 13 sublime4-dev = common { 14 - buildVersion = "4155"; 14 + buildVersion = "4168"; 15 15 dev = true; 16 - x64sha256 = "owcux1/CjXQsJ8/6ex3CWV1/Wvh/ofZFH7yNQtxl9d4="; 17 - aarch64sha256 = "YAcdpBDmaajQPvyp8ypJNom+XOKx2YKA2uylfxlKuZY="; 16 + x64sha256 = "KfW1Mh78CUBTmthHQd1s15a7GrmssSnWZ1RgaarJeag="; 17 + aarch64sha256 = "qJ9oix1kwWN+TUb5/WSKyHcHzB+Q87XolMOhmqx1OFc="; 18 18 } {}; 19 19 }

+5 -5

pkgs/applications/emulators/citra/default.nix

··· 9 9 # Please make sure to update this when updating citra! 10 10 compat-list = fetchurl { 11 11 name = "citra-compat-list"; 12 - url = "https://web.archive.org/web/20230807103651/https://api.citra-emu.org/gamedb/"; 12 + url = "https://web.archive.org/web/20231111133415/https://api.citra-emu.org/gamedb"; 13 13 hash = "sha256-J+zqtWde5NgK2QROvGewtXGRAWUTNSKHNMG6iu9m1fU="; 14 14 }; 15 15 in { 16 16 nightly = qt6Packages.callPackage ./generic.nix rec { 17 17 pname = "citra-nightly"; 18 - version = "1963"; 18 + version = "2043"; 19 19 20 20 src = fetchFromGitHub { 21 21 owner = "citra-emu"; 22 22 repo = "citra-nightly"; 23 23 rev = "nightly-${version}"; 24 - sha256 = "0ggi1l8327s43xaxs616g0s9vmal6q7vsv69bn07gp71gchhcmyi"; 24 + sha256 = "sha256-26M3uzqp4rUMOhr619UooupZT11B03IJfamUPNkceQk="; 25 25 fetchSubmodules = true; 26 26 }; 27 27 ··· 30 30 31 31 canary = qt6Packages.callPackage ./generic.nix rec { 32 32 pname = "citra-canary"; 33 - version = "2573"; 33 + version = "2695"; 34 34 35 35 src = fetchFromGitHub { 36 36 owner = "citra-emu"; 37 37 repo = "citra-canary"; 38 38 rev = "canary-${version}"; 39 - sha256 = "sha256-tQJ3WcqGcnW9dOiwDrBgL0n3UNp1DGQ/FjCR28Xjdpc="; 39 + sha256 = "sha256-090er4aUGze8bk3DIFZoa+/6EcJhr4bim3nWgZHs1mo="; 40 40 fetchSubmodules = true; 41 41 }; 42 42

+64 -43

pkgs/applications/emulators/citra/generic.nix

··· 6 6 7 7 , lib 8 8 , stdenv 9 - , fetchFromGitHub 10 9 , cmake 11 10 , boost 12 11 , pkg-config 12 + , catch2_3 13 + , cpp-jwt 14 + , cryptopp 15 + , enet 16 + , ffmpeg 17 + , fmt 18 + , glslang 19 + , httplib 20 + , inih 13 21 , libusb1 14 - , glslang 22 + , nlohmann_json 23 + , openal 24 + , openssl 25 + , SDL2 26 + , soundtouch 27 + , spirv-tools 15 28 , zstd 16 - , libressl 17 - , enableSdl2 ? true, SDL2 18 - , enableQt ? true, qtbase, qtmultimedia, wrapQtAppsHook 29 + , vulkan-headers 30 + , vulkan-loader 31 + , enableSdl2Frontend ? true 32 + , enableQt ? true, qtbase, qtmultimedia, qtwayland, wrapQtAppsHook 19 33 , enableQtTranslation ? enableQt, qttools 20 34 , enableWebService ? true 21 35 , enableCubeb ? true, cubeb 22 - , enableFfmpegAudioDecoder ? true 23 - , enableFfmpegVideoDumper ? true 24 - , ffmpeg_4 25 36 , useDiscordRichPresence ? true, rapidjson 26 - , enableFdk ? false, fdk_aac 27 37 }: 28 - assert lib.assertMsg (!enableFfmpegAudioDecoder || !enableFdk) "Can't enable both enableFfmpegAudioDecoder and enableFdk"; 29 - 30 - stdenv.mkDerivation rec { 38 + stdenv.mkDerivation { 31 39 inherit pname version src; 32 40 33 41 nativeBuildInputs = [ 34 42 cmake 35 - glslang 36 43 pkg-config 44 + ffmpeg 45 + glslang 37 46 ] ++ lib.optionals enableQt [ wrapQtAppsHook ]; 38 47 39 48 buildInputs = [ 40 49 boost 50 + catch2_3 51 + cpp-jwt 52 + cryptopp 53 + # intentionally omitted: dynarmic - prefer vendored version for compatibility 54 + enet 55 + fmt 56 + httplib 57 + inih 41 58 libusb1 42 - ] ++ lib.optionals enableQt [ qtbase qtmultimedia ] 43 - ++ lib.optional enableSdl2 SDL2 59 + nlohmann_json 60 + openal 61 + openssl 62 + SDL2 63 + soundtouch 64 + spirv-tools 65 + vulkan-headers 66 + # intentionally omitted: xbyak - prefer vendored version for compatibility 67 + zstd 68 + ] ++ lib.optionals enableQt [ qtbase qtmultimedia qtwayland ] 44 69 ++ lib.optional enableQtTranslation qttools 45 - ++ lib.optionals enableCubeb cubeb.passthru.backendLibs 46 - ++ lib.optional (enableFfmpegAudioDecoder || enableFfmpegVideoDumper) ffmpeg_4 47 - ++ lib.optional useDiscordRichPresence rapidjson 48 - ++ lib.optional enableFdk fdk_aac; 70 + ++ lib.optional enableCubeb cubeb 71 + ++ lib.optional useDiscordRichPresence rapidjson; 49 72 50 73 cmakeFlags = [ 51 - "-DUSE_SYSTEM_BOOST=ON" 52 - "-DCITRA_WARNINGS_AS_ERRORS=OFF" 53 - "-DCITRA_USE_BUNDLED_FFMPEG=OFF" 54 - "-DCITRA_USE_BUNDLED_QT=OFF" 55 - "-DUSE_SYSTEM_SDL2=ON" 56 - "-DCMAKE_INSTALL_INCLUDEDIR=include" 57 - "-DCMAKE_INSTALL_LIBDIR=lib" 74 + "-DUSE_SYSTEM_LIBS=ON" 75 + 76 + "-DDISABLE_SYSTEM_DYNARMIC=ON" 77 + "-DDISABLE_SYSTEM_GLSLANG=ON" # The following imported targets are referenced, but are missing: SPIRV-Tools-opt 78 + "-DDISABLE_SYSTEM_LODEPNG=ON" # Not packaged in nixpkgs 79 + "-DDISABLE_SYSTEM_VMA=ON" 80 + "-DDISABLE_SYSTEM_XBYAK=ON" 58 81 59 - # We dont want to bother upstream with potentially outdated compat reports 82 + # We don't want to bother upstream with potentially outdated compat reports 60 83 "-DCITRA_ENABLE_COMPATIBILITY_REPORTING=ON" 61 84 "-DENABLE_COMPATIBILITY_LIST_DOWNLOAD=OFF" # We provide this deterministically 62 - ] ++ lib.optional (!enableSdl2) "-DENABLE_SDL2=OFF" 85 + ] ++ lib.optional (!enableSdl2Frontend) "-DENABLE_SDL2_FRONTEND=OFF" 63 86 ++ lib.optional (!enableQt) "-DENABLE_QT=OFF" 64 87 ++ lib.optional enableQtTranslation "-DENABLE_QT_TRANSLATION=ON" 65 88 ++ lib.optional (!enableWebService) "-DENABLE_WEB_SERVICE=OFF" 66 89 ++ lib.optional (!enableCubeb) "-DENABLE_CUBEB=OFF" 67 - ++ lib.optional enableFfmpegAudioDecoder "-DENABLE_FFMPEG_AUDIO_DECODER=ON" 68 - ++ lib.optional enableFfmpegVideoDumper "-DENABLE_FFMPEG_VIDEO_DUMPER=ON" 69 - ++ lib.optional useDiscordRichPresence "-DUSE_DISCORD_PRESENCE=ON" 70 - ++ lib.optional enableFdk "-DENABLE_FDK=ON"; 90 + ++ lib.optional useDiscordRichPresence "-DUSE_DISCORD_PRESENCE=ON"; 91 + 92 + # causes redefinition of _FORTIFY_SOURCE 93 + hardeningDisable = [ "fortify3" ]; 71 94 72 - postPatch = with lib; let 95 + postPatch = let 73 96 branchCaptialized = (lib.toUpper (lib.substring 0 1 branch) + lib.substring 1 (-1) branch); 74 97 in '' 75 98 # Fix file not found when looking in var/empty instead of opt ··· 85 108 86 109 # Add versions 87 110 echo 'set(BUILD_FULLNAME "${branchCaptialized} ${version}")' >> CMakeModules/GenerateBuildInfo.cmake 88 - 89 - # Devendoring 90 - rm -rf externals/zstd externals/libressl 91 - cp -r ${zstd.src} externals/zstd 92 - tar xf ${libressl.src} -C externals/ 93 - mv externals/${libressl.name} externals/libressl 94 - chmod -R a+w externals/zstd 95 111 ''; 96 112 97 - # Fixes https://github.com/NixOS/nixpkgs/issues/171173 98 - postInstall = lib.optionalString (enableCubeb && enableSdl2) '' 113 + postInstall = let 114 + libs = lib.makeLibraryPath [ vulkan-loader ]; 115 + in lib.optionalString enableSdl2Frontend '' 99 116 wrapProgram "$out/bin/citra" \ 100 - --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath cubeb.passthru.backendLibs} 117 + --prefix LD_LIBRARY_PATH : ${libs} 118 + '' + lib.optionalString enableQt '' 119 + qtWrapperArgs+=( 120 + --prefix LD_LIBRARY_PATH : ${libs} 121 + ) 101 122 ''; 102 123 103 124 meta = with lib; {

+2 -2

pkgs/applications/gis/qgis/unwrapped-ltr.nix

··· 76 76 urllib3 77 77 ]; 78 78 in mkDerivation rec { 79 - version = "3.28.12"; 79 + version = "3.28.13"; 80 80 pname = "qgis-ltr-unwrapped"; 81 81 82 82 src = fetchFromGitHub { 83 83 owner = "qgis"; 84 84 repo = "QGIS"; 85 85 rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}"; 86 - hash = "sha256-C80ZrQW7WFXz8UMXSt3FJcK2gDd292H24Ic3pJD/yqI="; 86 + hash = "sha256-5UHyRxWFqhTq97VNb8AU8QYGaY0lmGB8bo8yXp1vnFQ="; 87 87 }; 88 88 89 89 passthru = {

+2 -2

pkgs/applications/gis/qgis/unwrapped.nix

··· 77 77 urllib3 78 78 ]; 79 79 in mkDerivation rec { 80 - version = "3.34.0"; 80 + version = "3.34.1"; 81 81 pname = "qgis-unwrapped"; 82 82 83 83 src = fetchFromGitHub { 84 84 owner = "qgis"; 85 85 repo = "QGIS"; 86 86 rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}"; 87 - hash = "sha256-+Yzp8kfd7cfxTwsrxRo+6uS+2Aj4HfKA2E8hSf7htsU="; 87 + hash = "sha256-y+MATjhGUh0Qu4mNRALmP04Zd2/ozvaJnJDdM38Cy+w="; 88 88 }; 89 89 90 90 passthru = {

+4 -4

pkgs/applications/misc/clipcat/default.nix

··· 8 8 9 9 rustPlatform.buildRustPackage rec { 10 10 pname = "clipcat"; 11 - version = "0.6.2"; 11 + version = "0.7.0"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "xrelkd"; 15 15 repo = pname; 16 16 rev = "v${version}"; 17 - sha256 = "sha256-sofP+zyyakB4w1R3wS/FNDTOWwNeDJyB5CBtR3yZsmE="; 17 + hash = "sha256-MEyKUSEGVELk00TtKdfEgfzc3zwBllYrIjtC4NVbmRo="; 18 18 }; 19 19 20 - cargoHash = "sha256-aOXAjxmk5uqBOw/l1CW/LbeBucr7p4iudbVY6d7yEjg="; 20 + cargoHash = "sha256-LiTZfkp0uuKgfl4uaxNEJAn7UlrHHaWh/ivaJxYhULY="; 21 21 22 22 nativeBuildInputs = [ 23 23 protobuf ··· 33 33 # cargo-nextest help us retry the failed test cases 34 34 NEXTEST_RETRIES = 5; 35 35 36 - # Some test cases need to interactive with X11, we use xvfb-run here 36 + # Some test cases interact with X11, we use xvfb-run here 37 37 checkPhase = '' 38 38 xvfb-run --auto-servernum cargo nextest run --release --workspace --no-fail-fast --no-capture 39 39 '';

+2 -2

pkgs/applications/misc/khard/default.nix

··· 1 1 { lib, python3, fetchPypi, khard, testers }: 2 2 3 3 python3.pkgs.buildPythonApplication rec { 4 - version = "0.18.0"; 4 + version = "0.19.0"; 5 5 pname = "khard"; 6 6 7 7 src = fetchPypi { 8 8 inherit pname version; 9 - sha256 = "05860fdayqap128l7i6bcmi9kdyi2gx02g2pmh88d56xgysd927y"; 9 + sha256 = "sha256-5ki+adfz7m0+FbxC9+IXHLn8oeLKLkASuU15lyDATKQ="; 10 10 }; 11 11 12 12 SETUPTOOLS_SCM_PRETEND_VERSION = version;

-92

pkgs/applications/networking/instant-messengers/mirage/default.nix

··· 1 - { lib 2 - , stdenv 3 - , mkDerivation 4 - , fetchFromGitHub 5 - , libXScrnSaver 6 - , olm 7 - , pkg-config 8 - , pyotherside 9 - , python3Packages 10 - , qmake 11 - , qtbase 12 - , qtgraphicaleffects 13 - , qtkeychain 14 - , qtmultimedia 15 - , qtquickcontrols2 16 - , wrapQtAppsHook 17 - }: 18 - 19 - mkDerivation rec { 20 - pname = "mirage"; 21 - version = "0.7.2"; 22 - 23 - src = fetchFromGitHub { 24 - owner = "mirukana"; 25 - repo = pname; 26 - rev = "v${version}"; 27 - sha256 = "sha256-dJS4lAXHHNUEAG75gQaS9+aQTTTj8KHqHjISioynFdY="; 28 - fetchSubmodules = true; 29 - }; 30 - 31 - nativeBuildInputs = [ 32 - pkg-config 33 - python3Packages.wrapPython 34 - qmake 35 - wrapQtAppsHook 36 - ]; 37 - 38 - buildInputs = [ 39 - libXScrnSaver 40 - olm 41 - pyotherside 42 - qtbase 43 - qtgraphicaleffects 44 - qtkeychain 45 - qtmultimedia 46 - qtquickcontrols2 47 - ] ++ pythonPath; 48 - 49 - pythonPath = with python3Packages; [ 50 - pillow 51 - aiofiles 52 - appdirs 53 - cairosvg 54 - filetype 55 - html-sanitizer 56 - lxml 57 - mistune 58 - pymediainfo 59 - plyer 60 - sortedcontainers 61 - watchgod 62 - redbaron 63 - hsluv 64 - simpleaudio 65 - setuptools 66 - watchgod 67 - dbus-python 68 - matrix-nio 69 - ] ++ matrix-nio.optional-dependencies.e2e; 70 - 71 - qmakeFlags = [ 72 - "PREFIX=${placeholder "out"}" 73 - "CONFIG+=qtquickcompiler" 74 - ]; 75 - 76 - dontWrapQtApps = true; 77 - postInstall = '' 78 - buildPythonPath "$out $pythonPath" 79 - wrapProgram $out/bin/mirage \ 80 - --prefix PYTHONPATH : "$PYTHONPATH" \ 81 - "''${qtWrapperArgs[@]}" 82 - ''; 83 - 84 - meta = with lib; { 85 - homepage = "https://github.com/mirukana/mirage"; 86 - description = "A fancy, customizable, keyboard-operable Qt/QML+Python Matrix chat client for encrypted and decentralized communication"; 87 - license = licenses.lgpl3Plus; 88 - maintainers = with maintainers; [ colemickens AndersonTorres ]; 89 - inherit (qtbase.meta) platforms; 90 - broken = stdenv.isDarwin || python3Packages.isPy37 || python3Packages.isPy38; 91 - }; 92 - }

+4 -3

pkgs/applications/networking/instant-messengers/twinkle/default.nix

··· 21 21 22 22 mkDerivation rec { 23 23 pname = "twinkle"; 24 - version = "unstable-2021-02-06"; 24 + version = "unstable-2023-03-25"; 25 25 26 26 src = fetchFromGitHub { 27 27 owner = "LubosD"; 28 28 repo = "twinkle"; 29 - rev = "2301b66a3f54b266675415d261985488d86e9e4c"; 30 - sha256 = "xSwcaj1Hm62iL7C/AxqjVR07VEae8gDgYdr2EWmCoOM="; 29 + rev = "355813d5640ad58c84dc063826069384470ce310"; 30 + hash = "sha256-u+RewFwW17Oz2+lJLlmwebaGn4ebTBquox9Av7Jh1as="; 31 31 }; 32 32 33 33 buildInputs = [ ··· 56 56 "-DWITH_G729=On" 57 57 "-DWITH_SPEEX=On" 58 58 "-DWITH_ILBC=On" 59 + "-DHAVE_LIBATOMIC=atomic" 59 60 /* "-DWITH_DIAMONDCARD=On" seems ancient and broken */ 60 61 ]; 61 62

+2 -2

pkgs/applications/radio/cloudlog/default.nix

··· 8 8 9 9 stdenvNoCC.mkDerivation rec { 10 10 pname = "cloudlog"; 11 - version = "2.5.0"; 11 + version = "2.5.1"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "magicbug"; 15 15 repo = "Cloudlog"; 16 16 rev = version; 17 - hash = "sha256-4+aP+y7TNCq7zGOK3HCrl1NQOmpOHezfbL9B1vW2AUo="; 17 + hash = "sha256-wFtMMphHz8JBX4hpgD85wn4G7Qs4/nwRcrW12A1tQm4="; 18 18 }; 19 19 20 20 postPatch = ''

+2 -1

pkgs/applications/science/biology/igv/default.nix

··· 1 - { lib, stdenv, fetchzip, jdk11 }: 1 + { lib, stdenv, fetchzip, jdk11, wrapGAppsHook }: 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "igv"; ··· 24 24 chmod +x $out/bin/igv 25 25 chmod +x $out/bin/igvtools 26 26 ''; 27 + nativeBuildInputs = [ wrapGAppsHook ]; 27 28 28 29 meta = with lib; { 29 30 homepage = "https://www.broadinstitute.org/igv/";

+4 -4

pkgs/applications/version-management/forgejo/default.nix

··· 24 24 pname = "forgejo-frontend"; 25 25 inherit (forgejo) src version; 26 26 27 - npmDepsHash = "sha256-YZzVw+WWqTmJafqnZ5vrzb7P6V4DTMNQwW1/+wvZEM8="; 27 + npmDepsHash = "sha256-7ruJczJ2cE51UmoER8C3JsGm0p3RTwfqKx0eErB7LZs="; 28 28 29 29 patches = [ 30 30 ./package-json-npm-build-frontend.patch ··· 39 39 in 40 40 buildGoModule rec { 41 41 pname = "forgejo"; 42 - version = "1.20.5-1"; 42 + version = "1.21.1-0"; 43 43 44 44 src = fetchFromGitea { 45 45 domain = "codeberg.org"; 46 46 owner = "forgejo"; 47 47 repo = "forgejo"; 48 48 rev = "v${version}"; 49 - hash = "sha256-4arWZge+RC2lwa6CQIEsDHo229cElspm0TJo3JHz2WQ="; 49 + hash = "sha256-e7Y1YBJq3PwYl7hf5KUa/CSI4ihbpN/TjWwltjNwXRM="; 50 50 }; 51 51 52 - vendorHash = "sha256-dgtZjsLBwblhdge3BvdbK/mN/TeZKps9K5dJbqomtjo="; 52 + vendorHash = "sha256-+/wOEF44dSqy7ZThZyd66xyI3wVnFwZbsAd4ujyVku8="; 53 53 54 54 subPackages = [ "." ]; 55 55

+1 -2

pkgs/applications/window-managers/sway/wrapper.nix

··· 1 1 { lib 2 + , sway-unwrapped 2 3 , makeWrapper, symlinkJoin, writeShellScriptBin 3 4 , withBaseWrapper ? true, extraSessionCommands ? "", dbus 4 5 , withGtkWrapper ? false, wrapGAppsHook, gdk-pixbuf, glib, gtk3 ··· 9 10 , enableXWayland ? true 10 11 , dbusSupport ? true 11 12 }: 12 - 13 - sway-unwrapped: 14 13 15 14 assert extraSessionCommands != "" -> withBaseWrapper; 16 15

+8 -1

pkgs/build-support/build-graalvm-native-image/default.nix

··· 3 3 , glibcLocales 4 4 # The GraalVM derivation to use 5 5 , graalvmDrv 6 + , removeReferencesTo 6 7 , executable ? args.pname 7 8 # JAR used as input for GraalVM derivation, defaults to src 8 9 , jar ? args.src ··· 38 39 "buildPhase" 39 40 "nativeBuildInputs" 40 41 "installPhase" 42 + "postInstall" 41 43 ]; 42 44 in 43 45 stdenv.mkDerivation ({ 44 46 inherit dontUnpack jar; 45 47 46 - nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ graalvmDrv glibcLocales ]; 48 + nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ graalvmDrv glibcLocales removeReferencesTo ]; 47 49 48 50 nativeImageBuildArgs = nativeImageBuildArgs ++ extraNativeImageBuildArgs ++ [ graalvmXmx ]; 49 51 ··· 61 63 install -Dm755 ${executable} -t $out/bin 62 64 63 65 runHook postInstall 66 + ''; 67 + 68 + postInstall = '' 69 + remove-references-to -t ${graalvmDrv} $out/bin/${executable} 70 + ${args.postInstall or ""} 64 71 ''; 65 72 66 73 disallowedReferences = [ graalvmDrv ];

+12 -14

pkgs/build-support/node/fetch-yarn-deps/index.js

··· 88 88 } 89 89 90 90 const downloadPkg = (pkg, verbose) => { 91 - const [ name, spec ] = pkg.key.split('@', 2); 92 - if (spec.startsWith('file:')) { 93 - console.info(`ignoring relative file:path dependency "${spec}"`) 91 + const fileMarker = '@file:' 92 + const split = pkg.key.split(fileMarker) 93 + if (split.length == 2) { 94 + console.info(`ignoring lockfile entry "${split[0]}" which points at path "${split[1]}"`) 94 95 return 96 + } else if (split.length > 2) { 97 + throw new Error(`The lockfile entry key "${pkg.key}" contains "${fileMarker}" more than once. Processing is not implemented.`) 98 + } 99 + 100 + if (pkg.resolved === undefined) { 101 + throw new Error(`The lockfile entry with key "${pkg.key}" cannot be downloaded because it is missing the "resolved" attribute, which should contain the URL to download from. The lockfile might be invalid.`) 95 102 } 96 103 97 104 const [ url, hash ] = pkg.resolved.split('#') ··· 133 140 134 141 const prefetchYarnDeps = async (lockContents, verbose) => { 135 142 const lockData = lockfile.parse(lockContents) 136 - const tasks = Object.values( 143 + await performParallel( 137 144 Object.entries(lockData.object) 138 - .map(([key, value]) => { 139 - return { key, ...value } 140 - }) 141 - .reduce((out, pkg) => { 142 - out[pkg.resolved] = pkg 143 - return out 144 - }, {}) 145 + .map(([key, value]) => () => downloadPkg({ key, ...value }, verbose)) 145 146 ) 146 - .map(pkg => () => downloadPkg(pkg, verbose)) 147 - 148 - await performParallel(tasks) 149 147 await fs.promises.writeFile('yarn.lock', lockContents) 150 148 if (verbose) console.log('Done') 151 149 }

+4

pkgs/build-support/node/fetch-yarn-deps/tests/default.nix

··· 1 1 { testers, fetchYarnDeps, ... }: 2 2 3 3 { 4 + file = testers.invalidateFetcherByDrvHash fetchYarnDeps { 5 + yarnLock = ./file.lock; 6 + sha256 = "sha256-BPuyQVCbdpFL/iRhmarwWAmWO2NodlVCOY9JU+4pfa4="; 7 + }; 4 8 simple = testers.invalidateFetcherByDrvHash fetchYarnDeps { 5 9 yarnLock = ./simple.lock; 6 10 sha256 = "sha256-FRrt8BixleILmFB2ZV8RgPNLqgS+dlH5nWoPgeaaNQ8=";

+9

pkgs/build-support/node/fetch-yarn-deps/tests/file.lock

··· 1 + # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 + # yarn lockfile v1 3 + 4 + 5 + "@org/somepack@file:vendor/orgpacks/somepack/assets": 6 + version "1.0.0" 7 + 8 + "otherpack@file:vendor/otherpack": 9 + version "1.0.0"

+32 -10

pkgs/build-support/vm/default.nix

··· 1034 1034 }; 1035 1035 1036 1036 debian11i386 = { 1037 - name = "debian-11.6-bullseye-i386"; 1038 - fullName = "Debian 11.6 Bullseye (i386)"; 1037 + name = "debian-11.8-bullseye-i386"; 1038 + fullName = "Debian 11.8 Bullseye (i386)"; 1039 1039 packagesList = fetchurl { 1040 - url = "https://snapshot.debian.org/archive/debian/20230131T034648Z/dists/bullseye/main/binary-i386/Packages.xz"; 1041 - hash = "sha256-z9eG7RlvelEnZAaeCfIO+XxTZVL3d+zTA7ShU43l/pw="; 1040 + url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bullseye/main/binary-i386/Packages.xz"; 1041 + hash = "sha256-0bKSLLPhEC7FB5D1NA2jaQP0wTe/Qp1ddiA/NDVjRaI="; 1042 1042 }; 1043 - urlPrefix = "https://snapshot.debian.org/archive/debian/20230131T034648Z"; 1043 + urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z"; 1044 1044 packages = commonDebianPackages; 1045 1045 }; 1046 1046 1047 1047 debian11x86_64 = { 1048 - name = "debian-11.6-bullseye-amd64"; 1049 - fullName = "Debian 11.6 Bullseye (amd64)"; 1048 + name = "debian-11.8-bullseye-amd64"; 1049 + fullName = "Debian 11.8 Bullseye (amd64)"; 1050 1050 packagesList = fetchurl { 1051 - url = "https://snapshot.debian.org/archive/debian/20230131T034648Z/dists/bullseye/main/binary-amd64/Packages.xz"; 1052 - hash = "sha256-mz0eCWdn6uWt40OxsSPheHzEnMeLE52yR/vpb48/VF0="; 1051 + url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bullseye/main/binary-amd64/Packages.xz"; 1052 + hash = "sha256-CYPsGgQgJZkh3JmbcAQkYDWP193qrkOADOgrMETZIeo="; 1053 1053 }; 1054 - urlPrefix = "https://snapshot.debian.org/archive/debian/20230131T034648Z"; 1054 + urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z"; 1055 + packages = commonDebianPackages; 1056 + }; 1057 + 1058 + debian12i386 = { 1059 + name = "debian-12.2-bookworm-i386"; 1060 + fullName = "Debian 12.2 Bookworm (i386)"; 1061 + packagesList = fetchurl { 1062 + url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bookworm/main/binary-i386/Packages.xz"; 1063 + hash = "sha256-OeN9Q2HFM3GsPNhOa4VhM7qpwT66yUNwC+6Z8SbGEeQ="; 1064 + }; 1065 + urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z"; 1066 + packages = commonDebianPackages; 1067 + }; 1068 + 1069 + debian12x86_64 = { 1070 + name = "debian-12.2-bookworm-amd64"; 1071 + fullName = "Debian 12.2 Bookworm (amd64)"; 1072 + packagesList = fetchurl { 1073 + url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bookworm/main/binary-amd64/Packages.xz"; 1074 + hash = "sha256-SZDElRfe9BlBwDlajQB79Qdn08rv8whYoQDeVCveKVs="; 1075 + }; 1076 + urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z"; 1055 1077 packages = commonDebianPackages; 1056 1078 }; 1057 1079 };

+3 -3

pkgs/by-name/fo/fortune-kind/package.nix

··· 11 11 12 12 rustPlatform.buildRustPackage rec { 13 13 pname = "fortune-kind"; 14 - version = "0.1.9"; 14 + version = "0.1.10"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "cafkafk"; 18 18 repo = "fortune-kind"; 19 19 rev = "v${version}"; 20 - hash = "sha256-93BEy9FX3bZTYNewotBv1ejmMSnSdu9XnC4TgIvcYG0="; 20 + hash = "sha256-KOrJIGLNZxFJ/KeRq1hcIQHDYPQQdQCzr6QA/pVIs5A="; 21 21 }; 22 22 23 - cargoHash = "sha256-xm6BOYnxUoCRuMAAFyWRcKEcqrs5FmnOgIO/Gj1bCoI="; 23 + cargoHash = "sha256-iiGCCbTc0b+93XRMpkhFs0hj9Nuse1HaqahQz7NaheU="; 24 24 25 25 nativeBuildInputs = [ makeBinaryWrapper installShellFiles ]; 26 26 buildInputs = lib.optionals stdenv.isDarwin [ libiconv darwin.apple_sdk.frameworks.Security ];

+1 -6

pkgs/development/interpreters/babashka/default.nix

··· 1 1 { lib 2 2 , buildGraalvmNativeImage 3 3 , graalvmCEPackages 4 - , removeReferencesTo 5 4 , fetchurl 6 5 , writeScript 7 6 , installShellFiles ··· 21 20 22 21 executable = "bb"; 23 22 24 - nativeBuildInputs = [ removeReferencesTo installShellFiles ]; 23 + nativeBuildInputs = [ installShellFiles ]; 25 24 26 25 extraNativeImageBuildArgs = [ 27 26 "-H:+ReportExceptionStackTraces" ··· 39 38 $out/bin/bb '(prn "bépo àê")' | fgrep 'bépo àê' 40 39 ''; 41 40 42 - # As of v1.2.174, this will remove references to ${graalvmDrv}/conf/chronology, 43 - # not sure the implications of this but this file is not available in 44 - # graalvm-ce anyway. 45 41 postInstall = '' 46 - remove-references-to -t ${graalvmDrv} $out/bin/${executable} 47 42 installShellCompletion --cmd bb --bash ${./completions/bb.bash} 48 43 installShellCompletion --cmd bb --zsh ${./completions/bb.zsh} 49 44 installShellCompletion --cmd bb --fish ${./completions/bb.fish}

+5

pkgs/development/libraries/libxmlxx/default.nix

··· 9 9 sha256 = "1sb3akryklvh2v6m6dihdnbpf1lkx441v972q9hlz1sq6bfspm2a"; 10 10 }; 11 11 12 + configureFlags = [ 13 + # remove if library is updated 14 + "CXXFLAGS=-std=c++11" 15 + ]; 16 + 12 17 outputs = [ "out" "devdoc" ]; 13 18 14 19 nativeBuildInputs = [ pkg-config perl ];

+3 -8

pkgs/development/python-modules/aiolifx-themes/default.nix

··· 12 12 13 13 buildPythonPackage rec { 14 14 pname = "aiolifx-themes"; 15 - version = "0.4.9"; 16 - format = "pyproject"; 15 + version = "0.4.10"; 16 + pyproject = true; 17 17 18 18 disabled = pythonOlder "3.9"; 19 19 ··· 21 21 owner = "Djelibeybi"; 22 22 repo = "aiolifx-themes"; 23 23 rev = "refs/tags/v${version}"; 24 - hash = "sha256-8t0yRia/grSSEqySV57QoB3lgU9iwqiVOvVLE5Jd2pM="; 24 + hash = "sha256-zpUvbG/89MeZ50565MVjehSTnLmOKScBA07yBjZ521I="; 25 25 }; 26 26 27 27 prePatch = '' ··· 29 29 substituteInPlace pyproject.toml \ 30 30 --replace " --cov=aiolifx_themes --cov-report=term-missing:skip-covered" "" \ 31 31 --replace "typer = " "# unused: typer = " 32 - ''; 33 - 34 - postPatch = '' 35 - substituteInPlace pyproject.toml \ 36 - --replace 'aiolifx = "^0.8.6"' 'aiolifx = "*"' 37 32 ''; 38 33 39 34 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/nextdns/default.nix

··· 12 12 13 13 buildPythonPackage rec { 14 14 pname = "nextdns"; 15 - version = "2.0.1"; 15 + version = "2.1.0"; 16 16 format = "setuptools"; 17 17 18 18 disabled = pythonOlder "3.10"; ··· 21 21 owner = "bieniu"; 22 22 repo = "nextdns"; 23 23 rev = "refs/tags/${version}"; 24 - hash = "sha256-NJjnk/FadD4QUqPYxbbS7gsIKVxwR5tpnBth1HFLkr0="; 24 + hash = "sha256-haw6t7pepMN77LFVgDFBbV4StRqcRMvnCaup8K38kEg="; 25 25 }; 26 26 27 27 propagatedBuildInputs = [

+43 -13

pkgs/development/python-modules/python-hosts/default.nix

··· 1 - { lib, buildPythonPackage, fetchPypi, pyyaml, pytest, pytest-cov }: 1 + { lib 2 + , buildPythonPackage 3 + , fetchPypi 4 + , pytestCheckHook 5 + , pythonOlder 6 + , pyyaml 7 + , setuptools 8 + }: 2 9 3 10 buildPythonPackage rec { 4 11 pname = "python-hosts"; 5 - version = "1.0.4"; 12 + version = "1.0.5"; 13 + pyproject = true; 14 + 15 + disabled = pythonOlder "3.7"; 6 16 7 17 src = fetchPypi { 8 18 inherit pname version; 9 - hash = "sha256-y7d7CuGuKYEUCjFHvWb+iDI6oDeVsTzBNPSySzxu1Zk="; 19 + hash = "sha256-xabbGnvzXNiE0koQVq9dmEib5Cv7kg1JjpZAyb7IZM0="; 10 20 }; 11 21 12 - # win_inet_pton is required for windows support 22 + # win_inet_pton is required for Windows support 13 23 prePatch = '' 14 - substituteInPlace setup.py --replace "install_requires=['win_inet_pton']," "" 15 - substituteInPlace python_hosts/utils.py --replace "import win_inet_pton" "" 24 + substituteInPlace setup.py \ 25 + --replace "install_requires=['win_inet_pton']," "" 26 + substituteInPlace python_hosts/utils.py \ 27 + --replace "import win_inet_pton" "" 16 28 ''; 17 29 18 - nativeCheckInputs = [ pyyaml pytest pytest-cov ]; 30 + nativeBuildInputs = [ 31 + setuptools 32 + ]; 19 33 20 - # Removing 1 test file (it requires internet connection) and keeping the other two 21 - checkPhase = '' 22 - pytest tests/test_hosts_entry.py 23 - pytest tests/test_utils.py 24 - ''; 34 + nativeCheckInputs = [ 35 + pyyaml 36 + pytestCheckHook 37 + ]; 38 + 39 + pythonImportsCheck = [ 40 + "python_hosts" 41 + ]; 42 + 43 + disabledTests = [ 44 + # Tests require network access 45 + "test_import_from_url_counters_for_part_success" 46 + "test_import_from_url_with_force" 47 + "test_import_from_url_without_force" 48 + "test_import_from_url" 49 + ]; 25 50 26 51 meta = with lib; { 27 - description = "A library for managing a hosts file. It enables adding and removing entries, or importing them from a file or URL"; 52 + description = "Library for managing a hosts file"; 53 + longDescription = '' 54 + python-hosts is a Python library for managing a hosts file. It enables you to add 55 + and remove entries, or import them from a file or URL. 56 + ''; 28 57 homepage = "https://github.com/jonhadfield/python-hosts"; 58 + changelog = "https://github.com/jonhadfield/python-hosts/blob/${version}/CHANGELOG.md"; 29 59 license = licenses.mit; 30 60 maintainers = with maintainers; [ psyanticy ]; 31 61 };

+10 -5

pkgs/development/python-modules/tcxreader/default.nix

··· 1 1 { lib 2 2 , buildPythonPackage 3 3 , fetchFromGitHub 4 + , poetry-core 4 5 , pytestCheckHook 5 6 , pythonOlder 6 7 }: 7 8 8 9 buildPythonPackage rec { 9 10 pname = "tcxreader"; 10 - version = "0.4.4"; 11 - format = "setuptools"; 11 + version = "0.4.5"; 12 + pyproject = true; 12 13 13 - disabled = pythonOlder "3.7"; 14 + disabled = pythonOlder "3.6"; 14 15 15 16 src = fetchFromGitHub { 16 17 owner = "alenrajsp"; 17 18 repo = "tcxreader"; 18 - rev = "v${version}"; 19 - hash = "sha256-UJ6F+GcdF0b2gALQWepLyCnWm+6RKBRnBt1eJNoRRzo="; 19 + rev = "refs/tags/v${version}"; 20 + hash = "sha256-CiOLcev9fo2BPgnPZZ2borU25f/gKISqRAapAHgLN3w="; 20 21 }; 22 + 23 + nativeBuildInputs = [ 24 + poetry-core 25 + ]; 21 26 22 27 nativeCheckInputs = [ 23 28 pytestCheckHook

+2 -2

pkgs/development/python-modules/tldextract/default.nix

··· 15 15 16 16 buildPythonPackage rec { 17 17 pname = "tldextract"; 18 - version = "5.1.0"; 18 + version = "5.1.1"; 19 19 pyproject = true; 20 20 21 21 disabled = pythonOlder "3.8"; ··· 24 24 owner = "john-kurkowski"; 25 25 repo = "tldextract"; 26 26 rev = "refs/tags/${version}"; 27 - hash = "sha256-x5SJcbTUrqG7mMUPXIhR1rEu3PZ+VA00dFYeoGnX5l0="; 27 + hash = "sha256-/VBbU8FuB8MEuX6MgGO44+gfqVjl1aHHDHncHY2Jo38="; 28 28 }; 29 29 30 30 SETUPTOOLS_SCM_PRETEND_VERSION = version;

+23 -8

pkgs/development/python-modules/warcio/default.nix

··· 2 2 , buildPythonPackage 3 3 , fetchFromGitHub 4 4 , fetchpatch 5 - , six 6 - , setuptools 7 - , pytestCheckHook 8 5 , httpbin 6 + , multidict 7 + , pytestCheckHook 8 + , pythonOlder 9 9 , requests 10 + , setuptools 11 + , six 10 12 , wsgiprox 11 - , multidict 12 13 }: 13 14 14 15 buildPythonPackage rec { 15 16 pname = "warcio"; 16 17 version = "1.7.4"; 18 + format = "setuptools"; 19 + 20 + disabled = pythonOlder "3.7"; 17 21 18 22 src = fetchFromGitHub { 19 23 owner = "webrecorder"; ··· 24 28 25 29 patches = [ 26 30 (fetchpatch { 31 + # Add offline mode to skip tests that require an internet connection, https://github.com/webrecorder/warcio/pull/135 27 32 name = "add-offline-option.patch"; 28 33 url = "https://github.com/webrecorder/warcio/pull/135/commits/2546fe457c57ab0b391764a4ce419656458d9d07.patch"; 29 34 hash = "sha256-3izm9LvAeOFixiIUUqmd5flZIxH92+NxL7jeu35aObQ="; ··· 36 41 ]; 37 42 38 43 nativeCheckInputs = [ 44 + httpbin 45 + multidict # Optional. Without this, one test in test/test_utils.py is skipped. 39 46 pytestCheckHook 40 - httpbin 41 47 requests 42 48 wsgiprox 43 - multidict # Optional. Without this, one test in test/test_utils.py is skipped. 44 49 ]; 45 50 46 - pytestFlagsArray = [ "--offline" ]; 51 + pytestFlagsArray = [ 52 + "--offline" 53 + ]; 54 + 55 + disabledTests = [ 56 + # Tests require network access, see above 57 + "test_get_cache_to_file" 58 + ]; 47 59 48 - pythonImportsCheck = [ "warcio" ]; 60 + pythonImportsCheck = [ 61 + "warcio" 62 + ]; 49 63 50 64 meta = with lib; { 51 65 description = "Streaming WARC/ARC library for fast web archive IO"; 52 66 homepage = "https://github.com/webrecorder/warcio"; 67 + changelog = "https://github.com/webrecorder/warcio/blob/master/CHANGELIST.rst"; 53 68 license = licenses.asl20; 54 69 maintainers = with maintainers; [ Luflosi ]; 55 70 };

+3 -3

pkgs/development/tools/fq/default.nix

··· 7 7 8 8 buildGoModule rec { 9 9 pname = "fq"; 10 - version = "0.8.0"; 10 + version = "0.9.0"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "wader"; 14 14 repo = "fq"; 15 15 rev = "v${version}"; 16 - hash = "sha256-7q08fQUFy4qX3VqUHuvOZuVQdFeoeo5+7HUQ4WWMWYw="; 16 + hash = "sha256-ohSjQxVbywOcZHwDditqDyQ+EAgzWtLXRc130dpIzzE="; 17 17 }; 18 18 19 - vendorHash = "sha256-7TGdbGVx7YTuYBmHYK0dqccxSTkLzUlBk21EREv9XBA="; 19 + vendorHash = "sha256-yfunwj+0fVrWV1RgZtCsdmV4ESKF7VLr12P2nULyqOg="; 20 20 21 21 ldflags = [ 22 22 "-s"

+12 -1

pkgs/development/tools/jet/default.nix

··· 1 - { lib, buildGraalvmNativeImage, fetchurl }: 1 + { lib 2 + , buildGraalvmNativeImage 3 + , fetchurl 4 + , testers 5 + , jet 6 + }: 2 7 3 8 buildGraalvmNativeImage rec { 4 9 pname = "jet"; ··· 15 20 "--no-fallback" 16 21 "--no-server" 17 22 ]; 23 + 24 + passthru.tests.version = testers.testVersion { 25 + inherit version; 26 + package = jet; 27 + command = "jet --version"; 28 + }; 18 29 19 30 meta = with lib; { 20 31 description = "CLI to transform between JSON, EDN, YAML and Transit, powered with a minimal query language";

+19 -3

pkgs/development/tools/misc/clojure-lsp/default.nix

··· 1 - { lib, stdenv, buildGraalvmNativeImage, babashka, fetchurl, fetchFromGitHub, clojure, writeScript }: 1 + { lib 2 + , stdenv 3 + , buildGraalvmNativeImage 4 + , babashka 5 + , fetchurl 6 + , fetchFromGitHub 7 + , clojure 8 + , writeScript 9 + , testers 10 + , clojure-lsp 11 + }: 2 12 3 13 buildGraalvmNativeImage rec { 4 14 pname = "clojure-lsp"; ··· 28 38 export HOME="$(mktemp -d)" 29 39 ./${pname} --version | fgrep -q '${version}' 30 40 '' 31 - # TODO: fix classpath issue per https://github.com/NixOS/nixpkgs/pull/153770 32 - #${babashka}/bin/bb integration-test ./${pname} 41 + # TODO: fix classpath issue per https://github.com/NixOS/nixpkgs/pull/153770 42 + #${babashka}/bin/bb integration-test ./${pname} 33 43 + '' 34 44 runHook postCheck 35 45 ''; 46 + 47 + passthru.tests.version = testers.testVersion { 48 + inherit version; 49 + package = clojure-lsp; 50 + command = "clojure-lsp --version"; 51 + }; 36 52 37 53 passthru.updateScript = writeScript "update-clojure-lsp" '' 38 54 #!/usr/bin/env nix-shell

+4

pkgs/development/tools/yamlpath/default.nix

··· 46 46 ''; 47 47 license = licenses.isc; 48 48 maintainers = with maintainers; [ Flakebi ]; 49 + 50 + # No support for ruamel.yaml > 0.17.21 51 + # https://github.com/wwkimball/yamlpath/issues/217 52 + broken = true; 49 53 }; 50 54 }

+12 -1

pkgs/development/tools/zprint/default.nix

··· 1 - { lib, buildGraalvmNativeImage, fetchurl }: 1 + { lib 2 + , buildGraalvmNativeImage 3 + , fetchurl 4 + , testers 5 + , zprint 6 + }: 2 7 3 8 buildGraalvmNativeImage rec { 4 9 pname = "zprint"; ··· 17 22 "--initialize-at-build-time" 18 23 "--no-fallback" 19 24 ]; 25 + 26 + passthru.tests.version = testers.testVersion { 27 + inherit version; 28 + package = zprint; 29 + command = "zprint --version"; 30 + }; 20 31 21 32 meta = with lib; { 22 33 description = "Clojure/EDN source code formatter and pretty printer";

+5

pkgs/os-specific/darwin/yabai/default.nix

··· 108 108 dontConfigure = true; 109 109 enableParallelBuilding = true; 110 110 111 + env = { 112 + # silence service.h error 113 + NIX_CFLAGS_COMPILE = "-Wno-implicit-function-declaration"; 114 + }; 115 + 111 116 postPatch = '' 112 117 # aarch64 code is compiled on all targets, which causes our Apple SDK headers to error out. 113 118 # Since multilib doesnt work on darwin i dont know of a better way of handling this.

+4 -4

pkgs/os-specific/linux/zfs/stable.nix

··· 18 18 # check the release notes for compatible kernels 19 19 kernelCompatible = 20 20 if stdenv'.isx86_64 || removeLinuxDRM 21 - then kernel.kernelOlder "6.6" 21 + then kernel.kernelOlder "6.7" 22 22 else kernel.kernelOlder "6.2"; 23 23 24 24 latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM 25 - then linuxKernel.packages.linux_6_5 25 + then linuxKernel.packages.linux_6_6 26 26 else linuxKernel.packages.linux_6_1; 27 27 28 28 # this package should point to the latest release. 29 - version = "2.2.0"; 29 + version = "2.2.1"; 30 30 31 31 tests = [ 32 32 nixosTests.zfs.installer 33 33 nixosTests.zfs.stable 34 34 ]; 35 35 36 - hash = "sha256-s1sdXSrLu6uSOmjprbUa4cFsE2Vj7JX5i75e4vRnlvg="; 36 + hash = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4="; 37 37 }

+4 -5

pkgs/os-specific/linux/zfs/unstable.nix

··· 16 16 kernelModuleAttribute = "zfsUnstable"; 17 17 # check the release notes for compatible kernels 18 18 kernelCompatible = if stdenv'.isx86_64 || removeLinuxDRM 19 - then kernel.kernelOlder "6.6" 19 + then kernel.kernelOlder "6.7" 20 20 else kernel.kernelOlder "6.2"; 21 21 22 22 latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM 23 - then linuxKernel.packages.linux_6_5 23 + then linuxKernel.packages.linux_6_6 24 24 else linuxKernel.packages.linux_6_1; 25 25 26 26 # this package should point to a version / git revision compatible with the latest kernel release 27 27 # IMPORTANT: Always use a tagged release candidate or commits from the 28 28 # zfs-<version>-staging branch, because this is tested by the OpenZFS 29 29 # maintainers. 30 - version = "2.2.1-unstable-2023-10-21"; 31 - rev = "95785196f26e92d82cf4445654ba84e4a9671c57"; 30 + version = "2.2.1"; 32 31 33 - hash = "sha256-s1sdXSrLu6uSOmjprbUa4cFsE2Vj7JX5i75e4vRnlvg="; 32 + hash = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4="; 34 33 35 34 isUnstable = true; 36 35 tests = [

+9 -4

pkgs/servers/gemini/stargazer/default.nix

··· 5 5 , installShellFiles 6 6 , scdoc 7 7 , Security 8 + , nixosTests 8 9 }: 9 10 10 11 rustPlatform.buildRustPackage rec { 11 12 pname = "stargazer"; 12 - version = "1.0.5"; 13 + version = "1.1.0"; 13 14 14 15 src = fetchFromSourcehut { 15 16 owner = "~zethra"; 16 17 repo = "stargazer"; 17 18 rev = version; 18 - hash = "sha256-n88X3RJD7PqOcVRK/bp/gMNLVrbwnJ2iwi2rCpsfp+o="; 19 + hash = "sha256-c0gKvVaMiUOGHlPmtaW6it8J9MusQY7BA/5F9I3ysMc="; 19 20 }; 20 21 21 - cargoHash = "sha256-Yqh3AQIOahKz2mLeVNm58Yr6vhjU4aQwN62y3Z5/EJc="; 22 + cargoHash = "sha256-8VrEZZNSFLAjUagsiRApvjiXusBHLLn1O/+QKtQY4wg="; 23 + 24 + doCheck = false; # Uses external testing framework that requires network 22 25 23 - doCheck = false; # Uses extenal testing framework that requires network 26 + passthru.tests = { 27 + basic-functionality = nixosTests.stargazer; 28 + }; 24 29 25 30 nativeBuildInputs = [ installShellFiles scdoc ]; 26 31

+2 -2

pkgs/servers/metabase/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "metabase"; 5 - version = "0.47.6"; 5 + version = "0.47.8"; 6 6 7 7 src = fetchurl { 8 8 url = "https://downloads.metabase.com/v${version}/metabase.jar"; 9 - hash = "sha256-LWF8O6v1x1iX5eJCugQ1noLeUJsVthZ7cGuyW3w6XGg="; 9 + hash = "sha256-ugGDyoMSAvoKZti3xnxGQseoDVroRGBkawt/F7ma4K4="; 10 10 }; 11 11 12 12 nativeBuildInputs = [ makeWrapper ];

+79 -44

pkgs/servers/sip/kamailio/default.nix

··· 1 1 { callPackage 2 2 , fetchurl 3 3 , lib 4 - , pkgs 5 4 , stdenv 5 + , pkg-config 6 + , which 7 + , bison 8 + , flex 9 + , json_c 10 + , libevent 11 + , libxml2 12 + , mariadb-connector-c 13 + , pcre 14 + , gnugrep 15 + , gawk 16 + , coreutils 17 + , gdb 18 + , gnused 19 + , openssl 6 20 }: 7 21 8 22 stdenv.mkDerivation (finalAttrs: { 9 23 pname = "kamailio"; 10 - version = "5.7.2"; 11 - 12 - meta = { 13 - description = "Fast and flexible SIP server, proxy, SBC, and load balancer"; 14 - homepage = "https://www.kamailio.org/"; 15 - license = lib.licenses.gpl2Only; 16 - maintainers = with lib.maintainers; [ mawis ]; 17 - platforms = lib.platforms.linux; 18 - }; 24 + version = "5.7.3"; 19 25 20 26 src = fetchurl { 21 - url = "https://www.kamailio.org/pub/kamailio/5.7.2/src/kamailio-${finalAttrs.version}_src.tar.gz"; 22 - hash = "sha256-csmgZ9qNb6kg03N9mM1/ZsMh+Ay+EHbi1aOStCJQMSI="; 27 + url = "https://www.kamailio.org/pub/kamailio/${finalAttrs.version}/src/kamailio-${finalAttrs.version}_src.tar.gz"; 28 + hash = "sha256-x6YgsDl05OBNQZ4Iancf0Leo4mnz1pwZocZghaSY/Yw="; 23 29 }; 24 30 25 - buildInputs = with pkgs; [ 31 + buildInputs = [ 32 + json_c 33 + libevent 34 + libxml2 35 + mariadb-connector-c 36 + pcre 37 + openssl 38 + ]; 39 + 40 + nativeBuildInputs = [ 41 + pkg-config 42 + which 26 43 bison 27 44 flex 28 - gnugrep 29 - json_c.dev 30 - libevent.dev 31 - libxml2.dev 32 - mariadb-connector-c.dev 33 - pcre.dev 34 45 ]; 35 46 36 - nativeBuildInputs = with pkgs; [ 37 - pkg-config 38 - which 47 + modules = [ 48 + "db_mysql" 49 + "dialplan" 50 + "jsonrpcc" 51 + "json" 52 + "lcr" 53 + "presence" 54 + "presence_conference" 55 + "presence_dialoginfo" 56 + "presence_mwi" 57 + "presence_profile" 58 + "presence_reginfo" 59 + "presence_xml" 60 + "pua" 61 + "pua_bla" 62 + "pua_dialoginfo" 63 + "pua_json" 64 + "pua_reginfo" 65 + "pua_rpc" 66 + "pua_usrloc" 67 + "pua_xmpp" 68 + "regex" 69 + "rls" 70 + "tls" 71 + "xcap_client" 72 + "xcap_server" 39 73 ]; 40 74 41 75 configurePhase = '' 42 76 runHook preConfigure 43 77 44 - make PREFIX="$out" include_modules="db_mysql dialplan jsonrpcc json lcr presence presence_conference presence_dialoginfo presence_mwi presence_profile presence_reginfo presence_xml pua pua_bla pua_dialoginfo pua_json pua_reginfo pua_rpc pua_usrloc pua_xmpp regex rls xcap_client xcap_server" cfg 78 + make PREFIX="$out" include_modules="${lib.concatStringsSep " " finalAttrs.modules}" cfg 45 79 46 80 runHook postConfigure 47 81 ''; 48 82 49 - buildPhase = '' 50 - runHook preBuild 83 + preInstall = '' 84 + makeFlagsArray+=(PREFIX="$out" "MYSQLCFG=${lib.getDev mariadb-connector-c}/bin/mariadb_config") 85 + ''; 51 86 52 - make MYSQLCFG=${pkgs.mariadb-connector-c.dev}/bin/mariadb_config all 53 - 54 - runHook postBuild 87 + postInstall = '' 88 + echo 'MD5="${coreutils}/bin/md5sum"' >> $out/etc/kamailio/kamctlrc 89 + echo 'AWK="${gawk}/bin/awk"' >> $out/etc/kamailio/kamctlrc 90 + echo 'GDB="${gdb}/bin/gdb"' >> $out/etc/kamailio/kamctlrc 91 + echo 'GREP="${gnugrep}/bin/grep "' >> $out/etc/kamailio/kamctlrc 92 + echo 'EGREP="${gnugrep}/bin/grep -E"' >> $out/etc/kamailio/kamctlrc 93 + echo 'SED="${gnused}/bin/sed"' >> $out/etc/kamailio/kamctlrc 94 + echo 'LAST_LINE="${coreutils}/bin/tail -n 1"' >> $out/etc/kamailio/kamctlrc 95 + echo 'EXPR="${gnugrep}/bin/expr"' >> $out/etc/kamailio/kamctlrc 55 96 ''; 56 97 57 - installPhase = '' 58 - runHook preInstall 59 - 60 - make MYSQLCFG=${pkgs.mariadb-connector-c.dev}/bin/mariadb_config install 61 - echo 'MD5="${pkgs.coreutils}/bin/md5sum"' >> $out/etc/kamailio/kamctlrc 62 - echo 'AWK="${pkgs.gawk}/bin/awk"' >> $out/etc/kamailio/kamctlrc 63 - echo 'GDB="${pkgs.gdb}/bin/gdb"' >> $out/etc/kamailio/kamctlrc 64 - echo 'GREP="${pkgs.gnugrep}/bin/grep "' >> $out/etc/kamailio/kamctlrc 65 - echo 'EGREP="${pkgs.gnugrep}/bin/grep -E"' >> $out/etc/kamailio/kamctlrc 66 - echo 'SED="${pkgs.gnused}/bin/sed"' >> $out/etc/kamailio/kamctlrc 67 - echo 'LAST_LINE="${pkgs.coreutils}/bin/tail -n 1"' >> $out/etc/kamailio/kamctlrc 68 - echo 'EXPR="${pkgs.gnugrep}/bin/expr"' >> $out/etc/kamailio/kamctlrc 98 + enableParallelBuilding = true; 69 99 70 - runHook postInstall 71 - ''; 100 + passthru.tests = { 101 + kamailio-bin = callPackage ./test-kamailio-bin { }; 102 + }; 72 103 73 - passthru.tests = { 74 - kamailio-bin = callPackage ./test-kamailio-bin {}; 104 + meta = { 105 + description = "Fast and flexible SIP server, proxy, SBC, and load balancer"; 106 + homepage = "https://www.kamailio.org/"; 107 + license = lib.licenses.gpl2Only; 108 + maintainers = with lib.maintainers; [ mawis ]; 109 + platforms = lib.platforms.linux; 75 110 }; 76 111 })

+3 -3

pkgs/shells/nushell/nu_scripts/default.nix

··· 6 6 7 7 stdenvNoCC.mkDerivation rec { 8 8 pname = "nu_scripts"; 9 - version = "unstable-2023-10-31"; 9 + version = "unstable-2023-11-22"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "nushell"; 13 13 repo = pname; 14 - rev = "c2bb125a6790bef1e448680e077345c4d10dcb12"; 15 - hash = "sha256-Sug07QTL7fxxQAf9YOprMNEQSDqeXEk7qt1g2dP0Eqk="; 14 + rev = "91b6a2b2280123ed5789f5c0870b9de22c722fb3"; 15 + hash = "sha256-nRplK0w55I1rk15tfkCMxFBqTR9ihhnE/tHRs9mKLdY="; 16 16 }; 17 17 18 18 installPhase = ''

+4 -4

pkgs/tools/misc/mods/default.nix

··· 8 8 9 9 buildGoModule rec { 10 10 pname = "mods"; 11 - version = "0.2.0"; 11 + version = "1.1.0"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "charmbracelet"; 15 15 repo = "mods"; 16 16 rev = "v${version}"; 17 - hash = "sha256-jOvXT/KAfSN9E4ZgntCbTu05VJu1jhGtv6gEgLStd98="; 17 + hash = "sha256-ZWH3YuN1cmdw96/HVzsp1u70ziUfupUeBjJiNI5a538="; 18 18 }; 19 19 20 - vendorHash = "sha256-GNGX8dyTtzRSUznEV/do1H7GEf6nYf0w+CLCZfkktfg="; 20 + vendorHash = "sha256-PgaxqfgtwBYnzyL2F/OPJP1rdmLOtBCTKEPhMgvC6XA="; 21 21 22 - ldflags = [ "-s" "-w" "-X=main.version=${version}" ]; 22 + ldflags = [ "-s" "-w" "-X=main.Version=${version}" ]; 23 23 24 24 passthru = { 25 25 updateScript = gitUpdater {

+3 -3

pkgs/tools/networking/ooniprobe-cli/default.nix

··· 5 5 6 6 buildGoModule rec { 7 7 pname = "ooniprobe-cli"; 8 - version = "3.19.0"; 8 + version = "3.19.1"; 9 9 10 10 src = fetchFromGitHub { 11 11 owner = "ooni"; 12 12 repo = "probe-cli"; 13 13 rev = "v${version}"; 14 - hash = "sha256-W3C4KbZnOdljofnlYZk/F6E77/AXjdNTRoWrtoEVfqg="; 14 + hash = "sha256-sYIp5zl49waERfTYPfNjbyzep7p4sRlweDVcuTtWB28="; 15 15 }; 16 16 17 - vendorHash = "sha256-wEhh0nMdFH9wLfNSxYvbkbtu69cNEmVpQDk57/gdnw8="; 17 + vendorHash = "sha256-6RyK0oy9Lcuh2TXpQqAqmrA+bS9hug6+il7L1z+kYvs="; 18 18 19 19 subPackages = [ "cmd/ooniprobe" ]; 20 20

+61 -28

pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs/options.py

··· 8 8 from abc import abstractmethod 9 9 from collections.abc import Mapping, Sequence 10 10 from markdown_it.token import Token 11 + from pathlib import Path 11 12 from typing import Any, Generic, Optional 12 13 from urllib.parse import quote 13 14 ··· 287 288 _links_in_last_description: Optional[list[str]] = None 288 289 289 290 def __init__(self, revision: str, 291 + header: list[str] | None, 292 + footer: list[str] | None, 290 293 *, 291 294 # only for parallel rendering 292 295 _options_by_id: Optional[dict[str, str]] = None): 293 296 super().__init__(revision) 294 297 self._options_by_id = _options_by_id or {} 295 298 self._renderer = OptionsManpageRenderer({}, self._options_by_id) 299 + self._header = header 300 + self._footer = footer 296 301 297 302 def _parallel_render_prepare(self) -> Any: 298 - return (self._revision, { '_options_by_id': self._options_by_id }) 303 + return ( 304 + self._revision, 305 + self._header, 306 + self._footer, 307 + { '_options_by_id': self._options_by_id }, 308 + ) 299 309 @classmethod 300 310 def _parallel_render_init_worker(cls, a: Any) -> ManpageConverter: 301 - return cls(a[0], **a[1]) 311 + return cls(a[0], a[1], a[2], **a[3]) 302 312 303 313 def _render_option(self, name: str, option: dict[str, Any]) -> RenderedOption: 304 314 links = self._renderer.link_footnotes = [] ··· 342 352 def finalize(self) -> str: 343 353 result = [] 344 354 345 - result += [ 346 - r'''.TH "CONFIGURATION\&.NIX" "5" "01/01/1980" "NixOS" "NixOS Reference Pages"''', 347 - r'''.\" disable hyphenation''', 348 - r'''.nh''', 349 - r'''.\" disable justification (adjust text to left margin only)''', 350 - r'''.ad l''', 351 - r'''.\" enable line breaks after slashes''', 352 - r'''.cflags 4 /''', 353 - r'''.SH "NAME"''', 354 - self._render('{file}`configuration.nix` - NixOS system configuration specification'), 355 - r'''.SH "DESCRIPTION"''', 356 - r'''.PP''', 357 - self._render('The file {file}`/etc/nixos/configuration.nix` contains the ' 358 - 'declarative specification of your NixOS system configuration. ' 359 - 'The command {command}`nixos-rebuild` takes this file and ' 360 - 'realises the system configuration specified therein.'), 361 - r'''.SH "OPTIONS"''', 362 - r'''.PP''', 363 - self._render('You can use the following options in {file}`configuration.nix`.'), 364 - ] 355 + if self._header is not None: 356 + result += self._header 357 + else: 358 + result += [ 359 + r'''.TH "CONFIGURATION\&.NIX" "5" "01/01/1980" "NixOS" "NixOS Reference Pages"''', 360 + r'''.\" disable hyphenation''', 361 + r'''.nh''', 362 + r'''.\" disable justification (adjust text to left margin only)''', 363 + r'''.ad l''', 364 + r'''.\" enable line breaks after slashes''', 365 + r'''.cflags 4 /''', 366 + r'''.SH "NAME"''', 367 + self._render('{file}`configuration.nix` - NixOS system configuration specification'), 368 + r'''.SH "DESCRIPTION"''', 369 + r'''.PP''', 370 + self._render('The file {file}`/etc/nixos/configuration.nix` contains the ' 371 + 'declarative specification of your NixOS system configuration. ' 372 + 'The command {command}`nixos-rebuild` takes this file and ' 373 + 'realises the system configuration specified therein.'), 374 + r'''.SH "OPTIONS"''', 375 + r'''.PP''', 376 + self._render('You can use the following options in {file}`configuration.nix`.'), 377 + ] 365 378 366 379 for (name, opt) in self._sorted_options(): 367 380 result += [ ··· 383 396 384 397 result.append(".RE") 385 398 386 - result += [ 387 - r'''.SH "AUTHORS"''', 388 - r'''.PP''', 389 - r'''Eelco Dolstra and the Nixpkgs/NixOS contributors''', 390 - ] 399 + if self._footer is not None: 400 + result += self._footer 401 + else: 402 + result += [ 403 + r'''.SH "AUTHORS"''', 404 + r'''.PP''', 405 + r'''Eelco Dolstra and the Nixpkgs/NixOS contributors''', 406 + ] 391 407 392 408 return "\n".join(result) 393 409 ··· 573 589 574 590 def _build_cli_manpage(p: argparse.ArgumentParser) -> None: 575 591 p.add_argument('--revision', required=True) 592 + p.add_argument("--header", type=Path) 593 + p.add_argument("--footer", type=Path) 576 594 p.add_argument("infile") 577 595 p.add_argument("outfile") 578 596 ··· 603 621 f.write(md.finalize()) 604 622 605 623 def _run_cli_manpage(args: argparse.Namespace) -> None: 606 - md = ManpageConverter(revision = args.revision) 624 + header = None 625 + footer = None 626 + 627 + if args.header is not None: 628 + with args.header.open() as f: 629 + header = f.read().splitlines() 630 + 631 + if args.footer is not None: 632 + with args.footer.open() as f: 633 + footer = f.read().splitlines() 634 + 635 + md = ManpageConverter( 636 + revision = args.revision, 637 + header = header, 638 + footer = footer, 639 + ) 607 640 608 641 with open(args.infile, 'r') as f: 609 642 md.add_options(json.load(f))

+9

pkgs/tools/security/govulncheck/default.nix

··· 1 1 { lib 2 2 , buildGoModule 3 3 , fetchFromGitHub 4 + , substituteAll 4 5 }: 5 6 6 7 buildGoModule rec { ··· 13 14 rev = "refs/tags/v${version}"; 14 15 hash = "sha256-cewQ03dK/k3mXevE09M01Yox/3ZWP6IrG0H4QsZMzy8="; 15 16 }; 17 + 18 + patches = [ 19 + # patch in version information 20 + (substituteAll { 21 + src = ./version.patch; 22 + inherit version; 23 + }) 24 + ]; 16 25 17 26 vendorHash = "sha256-r9XshbgVA5rppJF46SFYPad344ZHMLWTHTnL6vbIFH8="; 18 27

+15

pkgs/tools/security/govulncheck/version.patch

··· 1 + diff --git a/internal/scan/run.go b/internal/scan/run.go 2 + index fa7fe37..216ca43 100644 3 + --- a/internal/scan/run.go 4 + +++ b/internal/scan/run.go 5 + @@ -99,8 +99,8 @@ func scannerVersion(cfg *config, bi *debug.BuildInfo) { 6 + if bi.Path != "" { 7 + cfg.ScannerName = path.Base(bi.Path) 8 + } 9 + - if bi.Main.Version != "" && bi.Main.Version != "(devel)" { 10 + - cfg.ScannerVersion = bi.Main.Version 11 + + if true { 12 + + cfg.ScannerVersion = "@version@" 13 + return 14 + } 15 +

+6

pkgs/tools/security/hashcat/default.nix

··· 21 21 }; 22 22 23 23 postPatch = '' 24 + # Select libstdc++ or libc++ based on stdenv 25 + # MACOSX_DEPLOYMENT_TARGET is defined by the enviroment 24 26 # Remove hardcoded paths on darwin 25 27 substituteInPlace src/Makefile \ 28 + '' + lib.optionalString (stdenv.cc.libcxx != null) '' 29 + --replace "-lstdc++" "-lc++ -l${stdenv.cc.libcxx.cxxabi.libName}" \ 30 + '' + '' 31 + --replace "export MACOSX_DEPLOYMENT_TARGET" "#export MACOSX_DEPLOYMENT_TARGET" \ 26 32 --replace "/usr/bin/ar" "ar" \ 27 33 --replace "/usr/bin/sed" "sed" \ 28 34 --replace '-i ""' '-i'

+14 -8

pkgs/tools/security/zsteg/Gemfile.lock

··· 1 1 GEM 2 2 remote: https://rubygems.org/ 3 3 specs: 4 - iostruct (0.0.4) 5 - rainbow (3.0.0) 6 - zpng (0.3.1) 7 - rainbow 8 - zsteg (0.2.2) 9 - iostruct 10 - zpng (>= 0.3.1) 4 + forwardable (1.3.3) 5 + iostruct (0.0.5) 6 + prime (0.1.2) 7 + forwardable 8 + singleton 9 + rainbow (3.1.1) 10 + singleton (0.2.0) 11 + zpng (0.4.5) 12 + rainbow (~> 3.1.1) 13 + zsteg (0.2.13) 14 + iostruct (>= 0.0.5) 15 + prime 16 + zpng (>= 0.4.5) 11 17 12 18 PLATFORMS 13 19 ruby ··· 16 22 zsteg 17 23 18 24 BUNDLED WITH 19 - 2.1.4 25 + 2.4.13

+2 -1

pkgs/tools/security/zsteg/default.nix

··· 11 11 description = "Detect stegano-hidden data in PNG & BMP."; 12 12 homepage = "http://zed.0xff.me/"; 13 13 license = licenses.mit; 14 - maintainers = with maintainers; [ applePrincess ]; 14 + maintainers = with maintainers; [ applePrincess h7x4 ]; 15 + mainProgram = "zsteg"; 15 16 }; 16 17 }

+40 -9

pkgs/tools/security/zsteg/gemset.nix

··· 1 1 { 2 + forwardable = { 3 + groups = ["default"]; 4 + platforms = []; 5 + source = { 6 + remotes = ["https://rubygems.org"]; 7 + sha256 = "1b5g1i3xdvmxxpq4qp0z4v78ivqnazz26w110fh4cvzsdayz8zgi"; 8 + type = "gem"; 9 + }; 10 + version = "1.3.3"; 11 + }; 2 12 iostruct = { 3 13 groups = ["default"]; 4 14 platforms = []; 5 15 source = { 6 16 remotes = ["https://rubygems.org"]; 7 - sha256 = "0kwp6ryis32j3z7myw8g7v1yszwrwyl04g2c7flr42pwxga1afxc"; 17 + sha256 = "1z3vnb8mhzns3ybf78vlj5cy6lq4pyfm8n40kqba2s33xccs3kl0"; 18 + type = "gem"; 19 + }; 20 + version = "0.0.5"; 21 + }; 22 + prime = { 23 + dependencies = ["forwardable" "singleton"]; 24 + groups = ["default"]; 25 + platforms = []; 26 + source = { 27 + remotes = ["https://rubygems.org"]; 28 + sha256 = "1973kz8lbck6ga5v42f55jk8b8pnbgwp9p67dl1xw15gvz55dsfl"; 8 29 type = "gem"; 9 30 }; 10 - version = "0.0.4"; 31 + version = "0.1.2"; 11 32 }; 12 33 rainbow = { 13 34 groups = ["default"]; 14 35 platforms = []; 15 36 source = { 16 37 remotes = ["https://rubygems.org"]; 17 - sha256 = "0bb2fpjspydr6x0s8pn1pqkzmxszvkfapv0p4627mywl7ky4zkhk"; 38 + sha256 = "0smwg4mii0fm38pyb5fddbmrdpifwv22zv3d3px2xx497am93503"; 18 39 type = "gem"; 19 40 }; 20 - version = "3.0.0"; 41 + version = "3.1.1"; 42 + }; 43 + singleton = { 44 + groups = ["default"]; 45 + platforms = []; 46 + source = { 47 + remotes = ["https://rubygems.org"]; 48 + sha256 = "0qq54imvbksnckzf9hrq9bjzcdb0n8wfv6l5jc0di10n88277jx6"; 49 + type = "gem"; 50 + }; 51 + version = "0.2.0"; 21 52 }; 22 53 zpng = { 23 54 dependencies = ["rainbow"]; ··· 25 56 platforms = []; 26 57 source = { 27 58 remotes = ["https://rubygems.org"]; 28 - sha256 = "0ciyab7qxqsxjhfvr6rbpdzg655fi1zygqg9sd9m6wmgc037dj74"; 59 + sha256 = "0xyr7ipgls7wci1gnsz340idm69jls0gind0q4f63ccjwgzsfkqw"; 29 60 type = "gem"; 30 61 }; 31 - version = "0.3.1"; 62 + version = "0.4.5"; 32 63 }; 33 64 zsteg = { 34 - dependencies = ["iostruct" "zpng"]; 65 + dependencies = ["iostruct" "prime" "zpng"]; 35 66 groups = ["default"]; 36 67 platforms = []; 37 68 source = { 38 69 remotes = ["https://rubygems.org"]; 39 - sha256 = "1mwajlsgs27449n2yf2f9hz8g46qv9bz9f58i9cz1jg58spvpxpk"; 70 + sha256 = "128kbv9vsi288mj17zwvc45ijpzf3p116vk9kcvkz978hz0n6spm"; 40 71 type = "gem"; 41 72 }; 42 - version = "0.2.2"; 73 + version = "0.2.13"; 43 74 }; 44 75 }

+1

pkgs/top-level/aliases.nix

··· 585 585 miopen-opencl = throw "'miopen-opencl' has been replaced with 'rocmPackages.miopen-opencl'"; # Added 2023-10-08 586 586 mime-types = mailcap; # Added 2022-01-21 587 587 minizip2 = pkgs.minizip-ng; # Added 2022-12-28 588 + mirage-im = throw "'mirage-im' has been removed, as it was broken and unmaintained"; # Added 2023-11-26 588 589 monero = monero-cli; # Added 2021-11-28 589 590 mongodb-4_0 = throw "mongodb-4_0 has been removed, it's end of life since April 2022"; # Added 2023-01-05 590 591 mongodb-4_2 = throw "mongodb-4_2 has been removed, it's end of life since April 2023"; # Added 2023-06-06

+4 -6

pkgs/top-level/all-packages.nix

··· 4391 4391 4392 4392 quaternion = libsForQt5.callPackage ../applications/networking/instant-messengers/quaternion { }; 4393 4393 4394 - mirage-im = libsForQt5.callPackage ../applications/networking/instant-messengers/mirage { }; 4395 - 4396 4394 tensor = libsForQt5.callPackage ../applications/networking/instant-messengers/tensor { }; 4397 4395 4398 4396 libtensorflow = python3.pkgs.tensorflow.libtensorflow; ··· 11539 11537 ogdf = callPackage ../development/libraries/ogdf { }; 11540 11538 11541 11539 oh-my-posh = callPackage ../development/tools/oh-my-posh { }; 11540 + 11541 + oh-my-zsh = callPackage ../shells/zsh/oh-my-zsh { }; 11542 11542 11543 11543 ola = callPackage ../applications/misc/ola { 11544 11544 protobuf = protobuf_21; ··· 32641 32641 wlroots_0_16 32642 32642 wlroots; 32643 32643 32644 - wrapSway = callPackage ../applications/window-managers/sway/wrapper.nix { }; 32645 32644 sway-unwrapped = callPackage ../applications/window-managers/sway { 32646 32645 wlroots = wlroots_0_16; 32647 32646 }; 32648 - sway = wrapSway sway-unwrapped; 32647 + sway = callPackage ../applications/window-managers/sway/wrapper.nix { }; 32649 32648 swaybg = callPackage ../applications/window-managers/sway/bg.nix { }; 32650 32649 swayidle = callPackage ../applications/window-managers/sway/idle.nix { }; 32651 32650 swaylock = callPackage ../applications/window-managers/sway/lock.nix { }; ··· 32656 32655 32657 32656 swaycons = callPackage ../applications/window-managers/sway/swaycons.nix { }; 32658 32657 32659 - swayfx-unwrapped = callPackage ../applications/window-managers/sway/fx.nix { }; 32660 - swayfx = wrapSway swayfx-unwrapped; 32658 + swayfx = callPackage ../applications/window-managers/sway/fx.nix { }; 32661 32659 32662 32660 swaylock-fancy = callPackage ../applications/window-managers/sway/lock-fancy.nix { }; 32663 32661