+6

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

reviewed

··· 472 472 </listitem> 473 473 <listitem> 474 474 <para> 475 475 + The <literal>services.matrix-synapse</literal> systemd unit 476 476 + has been hardened. 477 477 + </para> 478 478 + </listitem> 479 479 + <listitem> 480 480 + <para> 475 481 Matrix Synapse now requires entries in the 476 482 <literal>state_group_edges</literal> table to be unique, in 477 483 order to prevent accidentally introducing duplicate

+2

nixos/doc/manual/release-notes/rl-2211.section.md

reviewed

··· 164 164 165 165 - Neo4j was updated from version 3 to version 4. See this [migration guide](https://neo4j.com/docs/upgrade-migration-guide/current/) on how to migrate your Neo4j instance. 166 166 167 167 + - The `services.matrix-synapse` systemd unit has been hardened. 168 168 + 167 169 - Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. 168 170 169 171 - The `diamond` package has been update from 0.8.36 to 2.0.15. See the [upstream release notes](https://github.com/bbuchfink/diamond/releases) for more details.

+27

nixos/modules/services/matrix/synapse.nix

reviewed

··· 759 759 ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; 760 760 Restart = "on-failure"; 761 761 UMask = "0077"; 762 762 + 763 763 + # Security Hardening 764 764 + # Refer to systemd.exec(5) for option descriptions. 765 765 + CapabilityBoundingSet = [ "" ]; 766 766 + LockPersonality = true; 767 767 + NoNewPrivileges = true; 768 768 + PrivateDevices = true; 769 769 + PrivateTmp = true; 770 770 + PrivateUsers = true; 771 771 + ProcSubset = "pid"; 772 772 + ProtectClock = true; 773 773 + ProtectControlGroups = true; 774 774 + ProtectHome = true; 775 775 + ProtectHostname = true; 776 776 + ProtectKernelLogs = true; 777 777 + ProtectKernelModules = true; 778 778 + ProtectKernelTunables = true; 779 779 + ProtectProc = "invisible"; 780 780 + ProtectSystem = "strict"; 781 781 + ReadWritePaths = [ cfg.dataDir ]; 782 782 + RemoveIPC = true; 783 783 + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; 784 784 + RestrictNamespaces = true; 785 785 + RestrictRealtime = true; 786 786 + RestrictSUIDSGID = true; 787 787 + SystemCallArchitectures = "native"; 788 788 + SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ]; 762 789 }; 763 790 }; 764 791

+8

nixos/modules/services/web-apps/hedgedoc.nix

reviewed

··· 933 933 Required group names. 934 934 ''; 935 935 }; 936 936 + providerName = mkOption { 937 937 + type = types.str; 938 938 + default = ""; 939 939 + example = "My institution"; 940 940 + description = lib.mdDoc '' 941 941 + Optional name to be displayed at login form indicating the SAML provider. 942 942 + ''; 943 943 + }; 936 944 attribute = { 937 945 id = mkOption { 938 946 type = types.str;

+12

nixos/modules/system/boot/networkd.nix

reviewed

··· 451 451 "Multicast" 452 452 "AllMulticast" 453 453 "Unmanaged" 454 454 + "Group" 454 455 "RequiredForOnline" 455 456 "RequiredFamilyForOnline" 456 457 "ActivationPolicy" ··· 463 464 (assertValueOneOf "AllMulticast" boolValues) 464 465 (assertValueOneOf "Promiscuous" boolValues) 465 466 (assertValueOneOf "Unmanaged" boolValues) 467 467 + (assertInt "Group") 468 468 + (assertRange "Group" 0 2147483647) 466 469 (assertValueOneOf "RequiredForOnline" (boolValues ++ [ 467 470 "missing" 468 471 "off" ··· 800 803 801 804 sectionDHCPServer = checkUnitConfig "DHCPServer" [ 802 805 (assertOnlyFields [ 806 806 + "ServerAddress" 803 807 "PoolOffset" 804 808 "PoolSize" 805 809 "DefaultLeaseTimeSec" 806 810 "MaxLeaseTimeSec" 811 811 + "UplinkInterface" 807 812 "EmitDNS" 808 813 "DNS" 809 814 "EmitNTP" ··· 817 822 "EmitLPR" 818 823 "LPR" 819 824 "EmitRouter" 825 825 + "Router" 820 826 "EmitTimezone" 821 827 "Timezone" 822 828 "SendOption" 823 829 "SendVendorOption" 830 830 + "BindToInterface" 831 831 + "RelayTarget" 832 832 + "RelayAgentCircuitId" 833 833 + "RelayAgentRemoteId" 824 834 ]) 825 835 (assertInt "PoolOffset") 826 836 (assertMinimum "PoolOffset" 0) ··· 834 844 (assertValueOneOf "EmitLPR" boolValues) 835 845 (assertValueOneOf "EmitRouter" boolValues) 836 846 (assertValueOneOf "EmitTimezone" boolValues) 847 847 + (assertValueOneOf "BindToInterface" boolValues) 837 848 ]; 838 849 839 850 sectionIPv6SendRA = checkUnitConfig "IPv6SendRA" [ ··· 842 853 "OtherInformation" 843 854 "RouterLifetimeSec" 844 855 "RouterPreference" 856 856 + "UplinkInterface" 845 857 "EmitDNS" 846 858 "DNS" 847 859 "EmitDomains"

+2 -2

pkgs/applications/blockchains/aeon/default.nix

reviewed

··· 4 4 }: 5 5 6 6 let 7 7 - version = "0.14.1.0"; 7 7 + version = "0.14.2.2"; 8 8 in 9 9 stdenv.mkDerivation { 10 10 pname = "aeon"; ··· 15 15 repo = "aeon"; 16 16 rev = "v${version}-aeon"; 17 17 fetchSubmodules = true; 18 18 - sha256 = "sha256-yej4w/2m9YXsMobqHwzA5GBbduhaeTVvmnHUJNWX87E="; 18 18 + sha256 = "sha256-2MptLS12CUm9eUKm+V+yYpbLVwNyZeZ5HvAFyjEc4R4="; 19 19 }; 20 20 21 21 nativeBuildInputs = [ cmake pkg-config git doxygen graphviz ];

+4 -4

pkgs/applications/networking/cluster/k3s/default.nix

reviewed

··· 46 46 # Those pieces of software we entirely ignore upstream's handling of, and just 47 47 # make sure they're in the path if desired. 48 48 let 49 49 - k3sVersion = "1.24.3+k3s1"; # k3s git tag 50 50 - k3sCommit = "990ba0e88c90f8ed8b50e0ccd375937b841b176e"; # k3s git commit at the above version 51 51 - k3sRepoSha256 = "0slw2j7d7ccj7k9z06l5ch3nxi07jbm6xijs774hisyv25jx94rd"; 52 52 - k3sVendorSha256 = "sha256-8jWpTUE/tJf2qpFjdsV+0i8hRf6JqATwr/YbXrZa/iA="; 49 49 + k3sVersion = "1.24.4+k3s1"; # k3s git tag 50 50 + k3sCommit = "c3f830e9b9ed8a4d9d0e2aa663b4591b923a296e"; # k3s git commit at the above version 51 51 + k3sRepoSha256 = "00ns6n7jxnacah8ahndhgdb160prgsqhswbb5809kkgvig7k8b27"; 52 52 + k3sVendorSha256 = "sha256-ReZvJCgxqffG2H39JlynGPUBSV5ngPkRtAoZ++OQZZI="; 53 53 54 54 # taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9 55 55 # The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.

+3 -3

pkgs/applications/networking/cluster/nomad-driver-podman/default.nix

reviewed

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "nomad-driver-podman"; 5 5 - version = "0.3.0"; 5 5 + version = "0.4.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "hashicorp"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-aVmXtYIquG0acVlbwNmgXUpuOgpsfMmfbnb5md9CN5w="; 11 11 + sha256 = "sha256-33hyMKwU04ywXKv4JEhRvEbe2DWQEAQ0moy6zypXdpU="; 12 12 }; 13 13 14 14 - vendorSha256 = "sha256-QXAXDoYN5egl5y0YV4/7yh5K0tjzjN5vRJRHyI8eU2E="; 14 14 + vendorSha256 = "sha256-5PQIWSGSR5vizWEsResBLd//yWs99o/bj5DVpRMBwhA="; 15 15 16 16 subPackages = [ "." ]; 17 17

+2 -2

pkgs/applications/version-management/git-and-tools/tig/default.nix

reviewed

··· 4 4 5 5 stdenv.mkDerivation rec { 6 6 pname = "tig"; 7 7 - version = "2.5.6"; 7 7 + version = "2.5.7"; 8 8 9 9 src = fetchFromGitHub { 10 10 owner = "jonas"; 11 11 repo = pname; 12 12 rev = "${pname}-${version}"; 13 13 - sha256 = "sha256-WJtva3LbzVqtcAt0kmnti3RZTPg/CBjk6JQYa2VzpSQ="; 13 13 + sha256 = "sha256-D5NQaxkGhwyBoScI7fZxnSHC0ABmsUeRf8pZCKooV3w="; 14 14 }; 15 15 16 16 nativeBuildInputs = [ makeWrapper autoreconfHook asciidoc xmlto docbook_xsl docbook_xml_dtd_45 findXMLCatalogs pkg-config ];

+5 -5

pkgs/build-support/writers/default.nix

reviewed

··· 237 237 # makePythonWriter takes python and compatible pythonPackages and produces python script writer, 238 238 # which validates the script with flake8 at build time. If any libraries are specified, 239 239 # python.withPackages is used as interpreter, otherwise the "bare" python is used. 240 240 - makePythonWriter = python: pythonPackages: name: { libraries ? [], flakeIgnore ? [] }: 240 240 + makePythonWriter = python: pythonPackages: buildPythonPackages: name: { libraries ? [], flakeIgnore ? [] }: 241 241 let 242 242 ignoreAttribute = optionalString (flakeIgnore != []) "--ignore ${concatMapStringsSep "," escapeShellArg flakeIgnore}"; 243 243 in ··· 248 248 else "${python.withPackages (ps: libraries)}/bin/python" 249 249 ; 250 250 check = optionalString python.isPy3k (writeDash "pythoncheck.sh" '' 251 251 - exec ${pythonPackages.flake8}/bin/flake8 --show-source ${ignoreAttribute} "$1" 251 251 + exec ${buildPythonPackages.flake8}/bin/flake8 --show-source ${ignoreAttribute} "$1" 252 252 ''); 253 253 } name; 254 254 ··· 264 264 # 265 265 # print Test.a 266 266 # '' 267 267 - writePyPy2 = makePythonWriter pkgs.pypy2 pkgs.pypy2Packages; 267 267 + writePyPy2 = makePythonWriter pkgs.pypy2 pkgs.pypy2Packages buildPackages.pypy2Packages; 268 268 269 269 # writePyPy2Bin takes the same arguments as writePyPy2 but outputs a directory (like writeScriptBin) 270 270 writePyPy2Bin = name: ··· 282 282 # """) 283 283 # print(y[0]['test']) 284 284 # '' 285 285 - writePython3 = makePythonWriter pkgs.python3 pkgs.python3Packages; 285 285 + writePython3 = makePythonWriter pkgs.python3 pkgs.python3Packages buildPackages.python3Packages; 286 286 287 287 # writePython3Bin takes the same arguments as writePython3 but outputs a directory (like writeScriptBin) 288 288 writePython3Bin = name: ··· 300 300 # """) 301 301 # print(y[0]['test']) 302 302 # '' 303 303 - writePyPy3 = makePythonWriter pkgs.pypy3 pkgs.pypy3Packages; 303 303 + writePyPy3 = makePythonWriter pkgs.pypy3 pkgs.pypy3Packages buildPackages.pypy3Packages; 304 304 305 305 # writePyPy3Bin takes the same arguments as writePyPy3 but outputs a directory (like writeScriptBin) 306 306 writePyPy3Bin = name:

+2 -2

pkgs/development/compilers/aspectj/default.nix

reviewed

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "aspectj"; 5 5 - version = "1.9.7"; 5 5 + version = "1.9.9.1"; 6 6 builder = ./builder.sh; 7 7 8 8 src = let 9 9 versionSnakeCase = builtins.replaceStrings ["."] ["_"] version; 10 10 in fetchurl { 11 11 url = "https://github.com/eclipse/org.aspectj/releases/download/V${versionSnakeCase}/aspectj-${version}.jar"; 12 12 - sha256 = "sha256-xrg88nLOcagaAsFSnnYChhlv6EKhdBqkJJTDzhUBvTo="; 12 12 + sha256 = "sha256-kiMQuEPXoSpHUiInkfYsrfCAcSc6mX42TRIBbeIQhWs="; 13 13 }; 14 14 15 15 inherit jre;

+2 -2

pkgs/development/libraries/alkimia/default.nix

reviewed

··· 5 5 6 6 mkDerivation rec { 7 7 pname = "alkimia"; 8 8 - version = "8.1.0"; 8 8 + version = "8.1.1"; 9 9 10 10 src = fetchurl { 11 11 url = "mirror://kde/stable/alkimia/${version}/${pname}-${version}.tar.xz"; 12 12 - sha256 = "sha256-kWgHNScHsEkM3ZymVoLv9zsAylIwKb2m/nonSaG8knw="; 12 12 + sha256 = "sha256-lXrcY8C+VN1DPjJoo3MjvlRW5auE7OJ/c6FhapLbhtU="; 13 13 }; 14 14 15 15 nativeBuildInputs = [ extra-cmake-modules doxygen graphviz ];

+5 -4

pkgs/development/libraries/flatcc/default.nix

reviewed

··· 5 5 6 6 stdenv.mkDerivation rec { 7 7 pname = "flatcc"; 8 8 - version = "0.6.0"; 8 8 + version = "0.6.1"; 9 9 10 10 src = fetchFromGitHub { 11 11 owner = "dvidelabs"; 12 12 repo = "flatcc"; 13 13 rev = "v${version}"; 14 14 - sha256 = "0cy79swgdbaf3zmsaqa6gz3b0fad2yqawwcnsipnpl9d8hn1linm"; 14 14 + sha256 = "sha256-0/IZ7eX6b4PTnlSSdoOH0FsORGK9hrLr1zlr/IHsJFQ="; 15 15 }; 16 16 17 17 nativeBuildInputs = [ cmake ]; ··· 26 26 "-Wno-error=stringop-overflow" 27 27 ]; 28 28 29 29 - meta = { 29 29 + meta = with lib; { 30 30 description = "FlatBuffers Compiler and Library in C for C "; 31 31 homepage = "https://github.com/dvidelabs/flatcc"; 32 32 - license = [ lib.licenses.asl20 ]; 32 32 + license = [ licenses.asl20 ]; 33 33 + maintainers = with maintainers; [ onny ]; 33 34 }; 34 35 }

+2 -2

pkgs/development/python-modules/aliyun-python-sdk-iot/default.nix

reviewed

··· 7 7 8 8 buildPythonPackage rec { 9 9 pname = "aliyun-python-sdk-iot"; 10 10 - version = "8.41.0"; 10 10 + version = "8.42.0"; 11 11 format = "setuptools"; 12 12 13 13 disabled = pythonOlder "3.7"; 14 14 15 15 src = fetchPypi { 16 16 inherit pname version; 17 17 - hash = "sha256-t/SIEW1JMTyeOhhxx6IhLsbQa0D3aqD2hqGk8+Ka0ns="; 17 17 + hash = "sha256-pp1objaT0Galxz91V1OoMfogYQyZ1lZC6XGFd4wSTq8="; 18 18 }; 19 19 20 20 propagatedBuildInputs = [

+4 -2

pkgs/development/python-modules/bthome-ble/default.nix

reviewed

··· 1 1 { lib 2 2 + , bluetooth-data-tools 2 3 , bluetooth-sensor-state-data 3 4 , buildPythonPackage 4 5 , fetchFromGitHub ··· 11 12 12 13 buildPythonPackage rec { 13 14 pname = "bthome-ble"; 14 14 - version = "0.3.6"; 15 15 + version = "0.3.8"; 15 16 format = "pyproject"; 16 17 17 18 disabled = pythonOlder "3.9"; ··· 20 21 owner = "Bluetooth-Devices"; 21 22 repo = pname; 22 23 rev = "v${version}"; 23 23 - hash = "sha256-Y8BKBi5DZYpUtcJS6lLD+dVPhtL2xavQcPymVhdl7Zw="; 24 24 + hash = "sha256-J5i9r2bZtiEOqkQJ6yhTWboqvgo2gsi8z6XeyxtHwSw="; 24 25 }; 25 26 26 27 nativeBuildInputs = [ ··· 28 29 ]; 29 30 30 31 propagatedBuildInputs = [ 32 32 + bluetooth-data-tools 31 33 bluetooth-sensor-state-data 32 34 sensor-state-data 33 35 pycryptodomex

+2 -2

pkgs/development/python-modules/peaqevcore/default.nix

reviewed

··· 6 6 7 7 buildPythonPackage rec { 8 8 pname = "peaqevcore"; 9 9 - version = "5.12.0"; 9 9 + version = "5.14.0"; 10 10 format = "setuptools"; 11 11 12 12 disabled = pythonOlder "3.7"; 13 13 14 14 src = fetchPypi { 15 15 inherit pname version; 16 16 - hash = "sha256-iriCCsmdHEZ/tZtCn+G2VDBFCv/DvBjPEO6aW7YmL3M="; 16 16 + hash = "sha256-YDdQ/q/QyR9vgY0jteAfQg6A4oCPKjFLySt/g74+eyw="; 17 17 }; 18 18 19 19 postPatch = ''

+2 -2

pkgs/development/python-modules/pymicrobot/default.nix

reviewed

··· 8 8 9 9 buildPythonPackage rec { 10 10 pname = "pymicrobot"; 11 11 - version = "0.0.4"; 11 11 + version = "0.0.5"; 12 12 format = "setuptools"; 13 13 14 14 disabled = pythonOlder "3.9"; ··· 16 16 src = fetchPypi { 17 17 pname = "PyMicroBot"; 18 18 inherit version; 19 19 - hash = "sha256-lNrohVQruFAtrzTxJ6qEZ8tVM5fgrCRAG7WXJSKMRFs="; 19 19 + hash = "sha256-k+xefVwswTL6ww0k4D6nScjUKUOxOQloXUOZ75S+sbY="; 20 20 }; 21 21 22 22 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/pyunifiprotect/default.nix

reviewed

··· 26 26 27 27 buildPythonPackage rec { 28 28 pname = "pyunifiprotect"; 29 29 - version = "4.1.3"; 29 29 + version = "4.1.7"; 30 30 format = "pyproject"; 31 31 32 32 disabled = pythonOlder "3.9"; ··· 35 35 owner = "briis"; 36 36 repo = pname; 37 37 rev = "refs/tags/v${version}"; 38 38 - hash = "sha256-tZo8+McpnJ1gekghtgH6m5w7nmVWB8CTxz5RGHv3xtE="; 38 38 + hash = "sha256-FaH1fNNWQAe9hLrbLf0TCfcjY6MDmHrsmo3LaEsN3W4="; 39 39 }; 40 40 41 41 propagatedBuildInputs = [

+4 -2

pkgs/development/python-modules/qingping-ble/default.nix

reviewed

··· 1 1 { lib 2 2 + , bluetooth-data-tools 2 3 , bluetooth-sensor-state-data 3 4 , buildPythonPackage 4 5 , fetchFromGitHub ··· 10 11 11 12 buildPythonPackage rec { 12 13 pname = "qingping-ble"; 13 13 - version = "0.3.0"; 14 14 + version = "0.6.1"; 14 15 format = "pyproject"; 15 16 16 17 disabled = pythonOlder "3.9"; ··· 19 20 owner = "bluetooth-devices"; 20 21 repo = pname; 21 22 rev = "v${version}"; 22 22 - hash = "sha256-EZH6G/dvXU1sVH3pYoJeQQkJD1xMKuqb3omCVhHTS0A="; 23 23 + hash = "sha256-0fa5KocDyy3JL7gohbbBghXwbCzbcjK4pVM+zckboHc="; 23 24 }; 24 25 25 26 nativeBuildInputs = [ ··· 27 28 ]; 28 29 29 30 propagatedBuildInputs = [ 31 31 + bluetooth-data-tools 30 32 bluetooth-sensor-state-data 31 33 sensor-state-data 32 34 ];

+55

pkgs/development/python-modules/thermobeacon-ble/default.nix

reviewed

··· 1 1 + { lib 2 2 + , bluetooth-data-tools 3 3 + , bluetooth-sensor-state-data 4 4 + , buildPythonPackage 5 5 + , fetchFromGitHub 6 6 + , poetry-core 7 7 + , pytestCheckHook 8 8 + , pythonOlder 9 9 + , sensor-state-data 10 10 + }: 11 11 + 12 12 + buildPythonPackage rec { 13 13 + pname = "thermobeacon-ble"; 14 14 + version = "0.3.1"; 15 15 + format = "pyproject"; 16 16 + 17 17 + disabled = pythonOlder "3.9"; 18 18 + 19 19 + src = fetchFromGitHub { 20 20 + owner = "bluetooth-devices"; 21 21 + repo = pname; 22 22 + rev = "v${version}"; 23 23 + hash = "sha256-OvSvhOcJSThKyLXHhiwEZtCrYt6+KB5iArUKjfoi2OI="; 24 24 + }; 25 25 + 26 26 + nativeBuildInputs = [ 27 27 + poetry-core 28 28 + ]; 29 29 + 30 30 + propagatedBuildInputs = [ 31 31 + bluetooth-data-tools 32 32 + bluetooth-sensor-state-data 33 33 + sensor-state-data 34 34 + ]; 35 35 + 36 36 + checkInputs = [ 37 37 + pytestCheckHook 38 38 + ]; 39 39 + 40 40 + postPatch = '' 41 41 + substituteInPlace pyproject.toml \ 42 42 + --replace " --cov=thermobeacon_ble --cov-report=term-missing:skip-covered" "" 43 43 + ''; 44 44 + 45 45 + pythonImportsCheck = [ 46 46 + "thermobeacon_ble" 47 47 + ]; 48 48 + 49 49 + meta = with lib; { 50 50 + description = "Library for Thermobeacon BLE devices"; 51 51 + homepage = "https://github.com/bluetooth-devices/thermobeacon-ble"; 52 52 + license = with licenses; [ mit ]; 53 53 + maintainers = with maintainers; [ fab ]; 54 54 + }; 55 55 + }

+55

pkgs/development/python-modules/thermopro-ble/default.nix

reviewed

··· 1 1 + { lib 2 2 + , bluetooth-data-tools 3 3 + , bluetooth-sensor-state-data 4 4 + , buildPythonPackage 5 5 + , fetchFromGitHub 6 6 + , poetry-core 7 7 + , pytestCheckHook 8 8 + , pythonOlder 9 9 + , sensor-state-data 10 10 + }: 11 11 + 12 12 + buildPythonPackage rec { 13 13 + pname = "thermopro-ble"; 14 14 + version = "0.4.1"; 15 15 + format = "pyproject"; 16 16 + 17 17 + disabled = pythonOlder "3.9"; 18 18 + 19 19 + src = fetchFromGitHub { 20 20 + owner = "bluetooth-devices"; 21 21 + repo = pname; 22 22 + rev = "v${version}"; 23 23 + hash = "sha256-5KfR01qsSGF2ZNklhm7he9Hskk8pqC2GEmIcsB4HpRY="; 24 24 + }; 25 25 + 26 26 + nativeBuildInputs = [ 27 27 + poetry-core 28 28 + ]; 29 29 + 30 30 + propagatedBuildInputs = [ 31 31 + bluetooth-data-tools 32 32 + bluetooth-sensor-state-data 33 33 + sensor-state-data 34 34 + ]; 35 35 + 36 36 + checkInputs = [ 37 37 + pytestCheckHook 38 38 + ]; 39 39 + 40 40 + postPatch = '' 41 41 + substituteInPlace pyproject.toml \ 42 42 + --replace " --cov=thermopro_ble --cov-report=term-missing:skip-covered" "" 43 43 + ''; 44 44 + 45 45 + pythonImportsCheck = [ 46 46 + "thermopro_ble" 47 47 + ]; 48 48 + 49 49 + meta = with lib; { 50 50 + description = "Library for Thermopro BLE devices"; 51 51 + homepage = "https://github.com/bluetooth-devices/thermopro-ble"; 52 52 + license = with licenses; [ mit ]; 53 53 + maintainers = with maintainers; [ fab ]; 54 54 + }; 55 55 + }

+2 -2

pkgs/development/python-modules/time-machine/default.nix

reviewed

··· 10 10 11 11 buildPythonPackage rec { 12 12 pname = "time-machine"; 13 13 - version = "2.8.0"; 13 13 + version = "2.8.1"; 14 14 format = "setuptools"; 15 15 16 16 disabled = pythonOlder "3.7"; ··· 19 19 owner = "adamchainz"; 20 20 repo = pname; 21 21 rev = version; 22 22 - sha256 = "sha256-L/03H91iZTyaB8vY0FGVu9iaesISAFHLIZliHI1NixI="; 22 22 + sha256 = "sha256-65jX6R3tZ5guouEug/mClvNqg0LE4v9OGzCL0eFyqsA="; 23 23 }; 24 24 25 25 propagatedBuildInputs = [

+26

pkgs/development/tools/eclint/default.nix

reviewed

··· 1 1 + { lib 2 2 + , buildGoModule 3 3 + , fetchFromGitLab 4 4 + }: 5 5 + 6 6 + buildGoModule 7 7 + rec { 8 8 + pname = "eclint"; 9 9 + version = "0.3.4"; 10 10 + 11 11 + src = fetchFromGitLab { 12 12 + owner = "greut"; 13 13 + repo = pname; 14 14 + rev = "v${version}"; 15 15 + sha256 = "sha256-inO41C/Ompyfy4CHPK4ksNU19KIcGyPgF/ptZC0GWXg="; 16 16 + }; 17 17 + 18 18 + vendorSha256 = "sha256-imVQnPoKOjed9XlikLWvudmlJklRrLFHKtNZoAmznZg="; 19 19 + 20 20 + meta = with lib; { 21 21 + homepage = "https://gitlab.com/greut/eclint"; 22 22 + description = "EditorConfig linter written in Go"; 23 23 + license = licenses.mit; 24 24 + maintainers = with maintainers; [ lucperkins ]; 25 25 + }; 26 26 + }

+2 -2

pkgs/os-specific/linux/kernel/linux-4.14.nix

reviewed

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 6 - version = "4.14.290"; 6 6 + version = "4.14.291"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; 16 16 - sha256 = "0zyxb99a7fa2l85vnzmvg2nry99clj20d4j38piqm921iqxak2j4"; 16 16 + sha256 = "15h76l81zn733g8dc6gsymf52nz325plhminv3m4x3klwhav34zc"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-4.19.nix

reviewed

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 6 - version = "4.19.255"; 6 6 + version = "4.19.256"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; 16 16 - sha256 = "0hwa3g09cmllc2z01s2jqbczpznzdp3ldngx18k5c2ac7w394fbp"; 16 16 + sha256 = "0jgm7ydha9achbcq3a6q85wq1nz4qg7phx122jzk0mqb1339bpk7"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-4.9.nix

reviewed

··· 1 1 { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: 2 2 3 3 buildLinux (args // rec { 4 4 - version = "4.9.325"; 4 4 + version = "4.9.326"; 5 5 extraMeta.branch = "4.9"; 6 6 extraMeta.broken = stdenv.isAarch64; 7 7 8 8 src = fetchurl { 9 9 url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; 10 10 - sha256 = "04msx0x0d8v93zjr3jj0qqkgg7m4hb7rj6hk5vzrzasmgbjmb3dl"; 10 10 + sha256 = "0yw83a8nk5abjsvqrz8m2sj699c228j2f2wr5q8m95vgqzfw5wrb"; 11 11 }; 12 12 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.10.nix

reviewed

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 6 - version = "5.10.137"; 6 6 + version = "5.10.138"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 16 - sha256 = "1j0n2r793pkvymjc70fzqwqi6h2j1wkja2kx012ydmsk2i6wssy1"; 16 16 + sha256 = "1a2vmcqzi71w88j79lxsrgyycq1l1gxp0cvh5ya4afhfisxh7819"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.15.nix

reviewed

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 6 - version = "5.15.62"; 6 6 + version = "5.15.63"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 16 - sha256 = "0hgiag3mvdlcr6ckfy4bdr7h4471zqi53ahfybdvdkapivg7r086"; 16 16 + sha256 = "0hbkxgadz0vcslni4r46yc202wcnxblcfvkcph1017b2b8gcvlvd"; 17 17 }; 18 18 } // (args.argsOverride or { }))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.19.nix

reviewed

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 6 - version = "5.19.3"; 6 6 + version = "5.19.4"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 16 - sha256 = "08978hjl4khc0v8nb8wvrjnc8x8csvpf7airawpb4pvg0rrdcfsi"; 16 16 + sha256 = "11xzz5glbc7p3j9mhv6dvi9iv345ykpyihm8mby8vyas12bln8d9"; 17 17 }; 18 18 } // (args.argsOverride or { }))

+2 -2

pkgs/os-specific/linux/kernel/linux-5.4.nix

reviewed

··· 3 3 with lib; 4 4 5 5 buildLinux (args // rec { 6 6 - version = "5.4.210"; 6 6 + version = "5.4.211"; 7 7 8 8 # modDirVersion needs to be x.y.z, will automatically add .0 if needed 9 9 modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; ··· 13 13 14 14 src = fetchurl { 15 15 url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; 16 16 - sha256 = "13l8zh5balciqhi4k4328sznza30v8g871wxcqqka61cij3rc0wl"; 16 16 + sha256 = "1v1dgsk66fi6x6v9k6hg9ik3f3b3pv7a3gk8mybmgm9cnx0k5d5z"; 17 17 }; 18 18 } // (args.argsOverride or {}))

+2 -2

pkgs/os-specific/linux/kernel/linux-libre.nix

reviewed

··· 1 1 { stdenv, lib, fetchsvn, linux 2 2 , scripts ? fetchsvn { 3 3 url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; 4 4 - rev = "18880"; 5 5 - sha256 = "1h5r57iv71hhx5w85m04c17dslib1rlymanbn23ll9qslv5ag4gn"; 4 4 + rev = "18885"; 5 5 + sha256 = "1ywd4bhjh6pqxvv20jgadmyvrcrdwf8333z8rzbjy6r0b4fggpra"; 6 6 } 7 7 , ... 8 8 }:

+3 -3

pkgs/tools/misc/cloud-sql-proxy/default.nix

reviewed

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "cloud-sql-proxy"; 5 5 - version = "1.30.0"; 5 5 + version = "1.31.2"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "GoogleCloudPlatform"; 9 9 repo = "cloudsql-proxy"; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-EbUIzAKMqCLsz8rBMWCvw00j6VX2ZYEMtNsMEx30kBU="; 11 11 + sha256 = "sha256-wlMwl1S9WKtCoruKhMVK1197/3/OWhvvXTT1tH/yPlI="; 12 12 }; 13 13 14 14 subPackages = [ "cmd/cloud_sql_proxy" ]; 15 15 16 16 - vendorSha256 = "sha256-yxqLGDqdu9vX3ykHq7Kzf8oBH1ydltZkiWNWWM2l0Aw="; 16 16 + vendorSha256 = "sha256-OMvu0LCYv0Z03ZM2o8UZx/Su2rdvTJp5DUZa8/MtQSc="; 17 17 18 18 preCheck = '' 19 19 buildFlagsArray+="-short"

+3 -3

pkgs/tools/security/cosign/default.nix

reviewed

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "cosign"; 5 5 - version = "1.11.0"; 5 5 + version = "1.11.1"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "sigstore"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-fEgcxxDbSr8rVZ35MwLjT7tinQ1JuqddWRtftTjDdpY="; 11 11 + sha256 = "sha256-LKnv/+6R/RaVdRYYdp+EqVQZtUn8SnYLCr5rqgGrq68="; 12 12 }; 13 13 14 14 buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite) ··· 16 16 17 17 nativeBuildInputs = [ pkg-config installShellFiles ]; 18 18 19 19 - vendorSha256 = "sha256-AdsXijxqpsx2Mh0xAvUoie6Oy3ywnGJ1WMg9ZBLWHgc="; 19 19 + vendorSha256 = "sha256-ao1WI8M3T/oSxYM0OrW1L3/JQf9S2C7AzE4HA6VIx5w="; 20 20 21 21 subPackages = [ 22 22 "cmd/cosign"

+49

pkgs/tools/security/tessen/default.nix

reviewed

··· 1 1 + { lib 2 2 + , stdenvNoCC 3 3 + , fetchFromSourcehut 4 4 + , makeWrapper 5 5 + , installShellFiles 6 6 + , wtype 7 7 + , wl-clipboard 8 8 + , pass 9 9 + , bemenu 10 10 + }: 11 11 + 12 12 + stdenvNoCC.mkDerivation rec { 13 13 + pname = "tessen"; 14 14 + version = "unstable-2022-08-04"; 15 15 + 16 16 + src = fetchFromSourcehut { 17 17 + owner = "~ayushnix"; 18 18 + repo = pname; 19 19 + rev = "8758a09345f6eef24764de4a0efad737f12562c8"; 20 20 + sha256 = "sha256-U6obXpYzIprOJ+b3QiE+eDOq1s0DYiwM55qTga9/8TE="; 21 21 + }; 22 22 + 23 23 + nativeBuildInputs = [ makeWrapper installShellFiles ]; 24 24 + 25 25 + dontBuild = true; 26 26 + 27 27 + installPhase = '' 28 28 + runHook preInstall 29 29 + install -D tessen $out/bin/tessen 30 30 + wrapProgram $out/bin/tessen --prefix PATH : ${ lib.makeBinPath [ bemenu pass wtype wl-clipboard ] } 31 31 + runHook postInstall 32 32 + ''; 33 33 + 34 34 + postInstall = '' 35 35 + installManPage man/* 36 36 + installShellCompletion --cmd tessen \ 37 37 + --bash completion/tessen.bash-completion \ 38 38 + --fish completion/tessen.fish-completion 39 39 + install -Dm644 config $out/share/tessen/config 40 40 + ''; 41 41 + 42 42 + meta = with lib; { 43 43 + homepage = "https://sr.ht/~ayushnix/tessen"; 44 44 + description = "An interactive menu to autotype and copy Pass and GoPass data"; 45 45 + license = licenses.gpl2Plus; 46 46 + platforms = platforms.linux; 47 47 + maintainers = with maintainers; [ monaaraj ]; 48 48 + }; 49 49 + }

+2 -2

pkgs/tools/virtualization/cri-tools/default.nix

reviewed

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "cri-tools"; 9 9 - version = "1.24.2"; 9 9 + version = "1.25.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "kubernetes-sigs"; 13 13 repo = pname; 14 14 rev = "v${version}"; 15 15 - sha256 = "sha256-uhLaBX5vgQO/RkZUrP2uAubavq5MBvr3TRsGYchfR5s="; 15 15 + sha256 = "sha256-soZLLDf83jmyFtiBpZR8iQMPgrnKCRJ1j8hOgty0sTQ="; 16 16 }; 17 17 18 18 vendorSha256 = null;

+4

pkgs/top-level/all-packages.nix

reviewed

··· 16163 16163 16164 16164 easypdkprog = callPackage ../development/embedded/easypdkprog { }; 16165 16165 16166 16166 + eclint = callPackage ../development/tools/eclint { }; 16167 16167 + 16166 16168 editorconfig-checker = callPackage ../development/tools/misc/editorconfig-checker { }; 16167 16169 16168 16170 editorconfig-core-c = callPackage ../development/tools/misc/editorconfig-core-c { }; ··· 31160 31162 tty-solitaire = callPackage ../applications/misc/tty-solitaire { }; 31161 31163 31162 31164 termtosvg = callPackage ../tools/misc/termtosvg { }; 31165 31165 + 31166 31166 + tessen = callPackage ../tools/security/tessen { }; 31163 31167 31164 31168 inherit (callPackage ../applications/graphics/tesseract { 31165 31169 inherit (darwin.apple_sdk.frameworks) Accelerate CoreGraphics CoreVideo;

+4

pkgs/top-level/python-packages.nix

reviewed

··· 10809 10809 cudnnSupport = false; 10810 10810 }; 10811 10811 10812 10812 + thermobeacon-ble = callPackage ../development/python-modules/thermobeacon-ble { }; 10813 10813 + 10814 10814 + thermopro-ble = callPackage ../development/python-modules/thermopro-ble { }; 10815 10815 + 10812 10816 thespian = callPackage ../development/python-modules/thespian { }; 10813 10817 10814 10818 thinc = callPackage ../development/python-modules/thinc {