pyrox.dev
Merge master into staging-next
authored by github-actions[bot] and committed by GitHub df742c9c 18f86713
+6
nixos/doc/manual/release-notes/rl-2405.section.md
+6
nixos/doc/manual/release-notes/rl-2405.section.md
···
18
19
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
20
21
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
22
23
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
···
39
non-child processes. This means you will not be able to attach gdb to an
40
existing process, but will need to start that process from gdb (so it is a
41
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
42
43
- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
···
18
19
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
20
21
+
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
22
+
23
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
24
25
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
···
41
non-child processes. This means you will not be able to attach gdb to an
42
existing process, but will need to start that process from gdb (so it is a
43
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
44
+
45
+
- Gitea 1.21 upgrade has several breaking changes, including:
46
+
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
47
+
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
48
49
- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
+2
nixos/modules/module-list.nix
+2
nixos/modules/module-list.nix
···
442
./services/databases/surrealdb.nix
443
./services/databases/victoriametrics.nix
444
./services/desktops/accountsservice.nix
445
./services/desktops/bamf.nix
446
./services/desktops/blueman.nix
447
./services/desktops/cpupower-gui.nix
···
1423
./system/activation/bootspec.nix
1424
./system/activation/top-level.nix
1425
./system/boot/binfmt.nix
1426
./system/boot/emergency-mode.nix
1427
./system/boot/grow-partition.nix
1428
./system/boot/initrd-network.nix
···
442
./services/databases/surrealdb.nix
443
./services/databases/victoriametrics.nix
444
./services/desktops/accountsservice.nix
445
+
./services/desktops/ayatana-indicators.nix
446
./services/desktops/bamf.nix
447
./services/desktops/blueman.nix
448
./services/desktops/cpupower-gui.nix
···
1424
./system/activation/bootspec.nix
1425
./system/activation/top-level.nix
1426
./system/boot/binfmt.nix
1427
+
./system/boot/clevis.nix
1428
./system/boot/emergency-mode.nix
1429
./system/boot/grow-partition.nix
1430
./system/boot/initrd-network.nix
+58
nixos/modules/services/desktops/ayatana-indicators.nix
+58
nixos/modules/services/desktops/ayatana-indicators.nix
···
···
1
+
{ config
2
+
, pkgs
3
+
, lib
4
+
, ...
5
+
}:
6
+
7
+
let
8
+
cfg = config.services.ayatana-indicators;
9
+
in
10
+
{
11
+
options.services.ayatana-indicators = {
12
+
enable = lib.mkEnableOption (lib.mdDoc ''
13
+
Ayatana Indicators, a continuation of Canonical's Application Indicators
14
+
'');
15
+
16
+
packages = lib.mkOption {
17
+
type = lib.types.listOf lib.types.package;
18
+
default = [ ];
19
+
example = lib.literalExpression "with pkgs; [ ayatana-indicator-messages ]";
20
+
description = lib.mdDoc ''
21
+
List of packages containing Ayatana Indicator services
22
+
that should be brought up by the SystemD "ayatana-indicators" user target.
23
+
24
+
Packages specified here must have passthru.ayatana-indicators set correctly.
25
+
26
+
If, how, and where these indicators are displayed will depend on your DE.
27
+
'';
28
+
};
29
+
};
30
+
31
+
config = lib.mkIf cfg.enable {
32
+
environment = {
33
+
systemPackages = cfg.packages;
34
+
35
+
pathsToLink = [
36
+
"/share/ayatana"
37
+
];
38
+
};
39
+
40
+
# libayatana-common's ayatana-indicators.target with explicit Wants & Before to bring up requested indicator services
41
+
systemd.user.targets."ayatana-indicators" =
42
+
let
43
+
indicatorServices = lib.lists.flatten
44
+
(map
45
+
(pkg:
46
+
(map (ind: "${ind}.service") pkg.passthru.ayatana-indicators))
47
+
cfg.packages);
48
+
in
49
+
{
50
+
description = "Target representing the lifecycle of the Ayatana Indicators. Each indicator should be bound to it in its individual service file";
51
+
partOf = [ "graphical-session.target" ];
52
+
wants = indicatorServices;
53
+
before = indicatorServices;
54
+
};
55
+
};
56
+
57
+
meta.maintainers = with lib.maintainers; [ OPNA2608 ];
58
+
}
+51
nixos/modules/system/boot/clevis.md
+51
nixos/modules/system/boot/clevis.md
···
···
1
+
# Clevis {#module-boot-clevis}
2
+
3
+
[Clevis](https://github.com/latchset/clevis)
4
+
is a framework for automated decryption of resources.
5
+
Clevis allows for secure unattended disk decryption during boot, using decryption policies that must be satisfied for the data to decrypt.
6
+
7
+
8
+
## Create a JWE file containing your secret {#module-boot-clevis-create-secret}
9
+
10
+
The first step is to embed your secret in a [JWE](https://en.wikipedia.org/wiki/JSON_Web_Encryption) file.
11
+
JWE files have to be created through the clevis command line. 3 types of policies are supported:
12
+
13
+
1) TPM policies
14
+
15
+
Secrets are pinned against the presence of a TPM2 device, for example:
16
+
```
17
+
echo hi | clevis encrypt tpm2 '{}' > hi.jwe
18
+
```
19
+
2) Tang policies
20
+
21
+
Secrets are pinned against the presence of a Tang server, for example:
22
+
```
23
+
echo hi | clevis encrypt tang '{"url": "http://tang.local"}' > hi.jwe
24
+
```
25
+
26
+
3) Shamir Secret Sharing
27
+
28
+
Using Shamir's Secret Sharing ([sss](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing)), secrets are pinned using a combination of the two preceding policies. For example:
29
+
```
30
+
echo hi | clevis encrypt sss \
31
+
'{"t": 2, "pins": {"tpm2": {"pcr_ids": "0"}, "tang": {"url": "http://tang.local"}}}' \
32
+
> hi.jwe
33
+
```
34
+
35
+
For more complete documentation on how to generate a secret with clevis, see the [clevis documentation](https://github.com/latchset/clevis).
36
+
37
+
38
+
## Activate unattended decryption of a resource at boot {#module-boot-clevis-activate}
39
+
40
+
In order to activate unattended decryption of a resource at boot, enable the `clevis` module:
41
+
42
+
```
43
+
boot.initrd.clevis.enable = true;
44
+
```
45
+
46
+
Then, specify the device you want to decrypt using a given clevis secret. Clevis will automatically try to decrypt the device at boot and will fallback to interactive unlocking if the decryption policy is not fulfilled.
47
+
```
48
+
boot.initrd.clevis.devices."/dev/nvme0n1p1".secretFile = ./nvme0n1p1.jwe;
49
+
```
50
+
51
+
Only `bcachefs`, `zfs` and `luks` encrypted devices are supported at this time.
+107
nixos/modules/system/boot/clevis.nix
+107
nixos/modules/system/boot/clevis.nix
···
···
1
+
{ config, lib, pkgs, ... }:
2
+
3
+
with lib;
4
+
5
+
let
6
+
cfg = config.boot.initrd.clevis;
7
+
systemd = config.boot.initrd.systemd;
8
+
supportedFs = [ "zfs" "bcachefs" ];
9
+
in
10
+
{
11
+
meta.maintainers = with maintainers; [ julienmalka camillemndn ];
12
+
meta.doc = ./clevis.md;
13
+
14
+
options = {
15
+
boot.initrd.clevis.enable = mkEnableOption (lib.mdDoc "Clevis in initrd");
16
+
17
+
18
+
boot.initrd.clevis.package = mkOption {
19
+
type = types.package;
20
+
default = pkgs.clevis;
21
+
defaultText = "pkgs.clevis";
22
+
description = lib.mdDoc "Clevis package";
23
+
};
24
+
25
+
boot.initrd.clevis.devices = mkOption {
26
+
description = "Encrypted devices that need to be unlocked at boot using Clevis";
27
+
default = { };
28
+
type = types.attrsOf (types.submodule ({
29
+
options.secretFile = mkOption {
30
+
description = lib.mdDoc "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).";
31
+
type = types.path;
32
+
};
33
+
}));
34
+
};
35
+
36
+
boot.initrd.clevis.useTang = mkOption {
37
+
description = "Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin.";
38
+
default = false;
39
+
type = types.bool;
40
+
};
41
+
42
+
};
43
+
44
+
config = mkIf cfg.enable {
45
+
46
+
# Implementation of clevis unlocking for the supported filesystems are located directly in the respective modules.
47
+
48
+
49
+
assertions = (attrValues (mapAttrs
50
+
(device: _: {
51
+
assertion = (any (fs: fs.device == device && (elem fs.fsType supportedFs)) config.system.build.fileSystems) || (hasAttr device config.boot.initrd.luks.devices);
52
+
message = ''
53
+
No filesystem or LUKS device with the name ${device} is declared in your configuration.'';
54
+
})
55
+
cfg.devices));
56
+
57
+
58
+
warnings =
59
+
if cfg.useTang && !config.boot.initrd.network.enable && !config.boot.initrd.systemd.network.enable
60
+
then [ "In order to use a Tang pinned secret you must configure networking in initrd" ]
61
+
else [ ];
62
+
63
+
boot.initrd = {
64
+
extraUtilsCommands = mkIf (!systemd.enable) ''
65
+
copy_bin_and_libs ${pkgs.jose}/bin/jose
66
+
copy_bin_and_libs ${pkgs.curl}/bin/curl
67
+
copy_bin_and_libs ${pkgs.bash}/bin/bash
68
+
69
+
copy_bin_and_libs ${pkgs.tpm2-tools}/bin/.tpm2-wrapped
70
+
mv $out/bin/{.tpm2-wrapped,tpm2}
71
+
cp {${pkgs.tpm2-tss},$out}/lib/libtss2-tcti-device.so.0
72
+
73
+
copy_bin_and_libs ${cfg.package}/bin/.clevis-wrapped
74
+
mv $out/bin/{.clevis-wrapped,clevis}
75
+
76
+
for BIN in ${cfg.package}/bin/clevis-decrypt*; do
77
+
copy_bin_and_libs $BIN
78
+
done
79
+
80
+
for BIN in $out/bin/clevis{,-decrypt{,-null,-tang,-tpm2}}; do
81
+
sed -i $BIN -e 's,${pkgs.bash},,' -e 's,${pkgs.coreutils},,'
82
+
done
83
+
84
+
sed -i $out/bin/clevis-decrypt-tpm2 -e 's,tpm2_,tpm2 ,'
85
+
'';
86
+
87
+
secrets = lib.mapAttrs' (name: value: nameValuePair "/etc/clevis/${name}.jwe" value.secretFile) cfg.devices;
88
+
89
+
systemd = {
90
+
extraBin = mkIf systemd.enable {
91
+
clevis = "${cfg.package}/bin/clevis";
92
+
curl = "${pkgs.curl}/bin/curl";
93
+
};
94
+
95
+
storePaths = mkIf systemd.enable [
96
+
cfg.package
97
+
"${pkgs.jose}/bin/jose"
98
+
"${pkgs.curl}/bin/curl"
99
+
"${pkgs.tpm2-tools}/bin/tpm2_createprimary"
100
+
"${pkgs.tpm2-tools}/bin/tpm2_flushcontext"
101
+
"${pkgs.tpm2-tools}/bin/tpm2_load"
102
+
"${pkgs.tpm2-tools}/bin/tpm2_unseal"
103
+
];
104
+
};
105
+
};
106
+
};
107
+
}
+46
-2
nixos/modules/system/boot/luksroot.nix
+46
-2
nixos/modules/system/boot/luksroot.nix
···
1
-
{ config, options, lib, pkgs, ... }:
2
3
with lib;
4
5
let
6
luks = config.boot.initrd.luks;
7
kernelPackages = config.boot.kernelPackages;
8
defaultPrio = (mkOptionDefault {}).priority;
9
···
594
'';
595
596
type = with types; attrsOf (submodule (
597
-
{ name, ... }: { options = {
598
599
name = mkOption {
600
visible = false;
···
894
'';
895
};
896
};
897
}));
898
};
899
···
1080
boot.initrd.preFailCommands = mkIf (!config.boot.initrd.systemd.enable) postCommands;
1081
boot.initrd.preLVMCommands = mkIf (!config.boot.initrd.systemd.enable) (commonFunctions + preCommands + concatStrings (mapAttrsToList openCommand preLVM) + postCommands);
1082
boot.initrd.postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) (commonFunctions + preCommands + concatStrings (mapAttrsToList openCommand postLVM) + postCommands);
1083
1084
environment.systemPackages = [ pkgs.cryptsetup ];
1085
};
···
1
+
{ config, options, lib, utils, pkgs, ... }:
2
3
with lib;
4
5
let
6
luks = config.boot.initrd.luks;
7
+
clevis = config.boot.initrd.clevis;
8
+
systemd = config.boot.initrd.systemd;
9
kernelPackages = config.boot.kernelPackages;
10
defaultPrio = (mkOptionDefault {}).priority;
11
···
596
'';
597
598
type = with types; attrsOf (submodule (
599
+
{ config, name, ... }: { options = {
600
601
name = mkOption {
602
visible = false;
···
896
'';
897
};
898
};
899
+
900
+
config = mkIf (clevis.enable && (hasAttr name clevis.devices)) {
901
+
preOpenCommands = mkIf (!systemd.enable) ''
902
+
mkdir -p /clevis-${name}
903
+
mount -t ramfs none /clevis-${name}
904
+
clevis decrypt < /etc/clevis/${name}.jwe > /clevis-${name}/decrypted
905
+
'';
906
+
keyFile = "/clevis-${name}/decrypted";
907
+
fallbackToPassword = !systemd.enable;
908
+
postOpenCommands = mkIf (!systemd.enable) ''
909
+
umount /clevis-${name}
910
+
'';
911
+
};
912
}));
913
};
914
···
1095
boot.initrd.preFailCommands = mkIf (!config.boot.initrd.systemd.enable) postCommands;
1096
boot.initrd.preLVMCommands = mkIf (!config.boot.initrd.systemd.enable) (commonFunctions + preCommands + concatStrings (mapAttrsToList openCommand preLVM) + postCommands);
1097
boot.initrd.postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) (commonFunctions + preCommands + concatStrings (mapAttrsToList openCommand postLVM) + postCommands);
1098
+
1099
+
boot.initrd.systemd.services = let devicesWithClevis = filterAttrs (device: _: (hasAttr device clevis.devices)) luks.devices; in
1100
+
mkIf (clevis.enable && systemd.enable) (
1101
+
(mapAttrs'
1102
+
(name: _: nameValuePair "cryptsetup-clevis-${name}" {
1103
+
wantedBy = [ "systemd-cryptsetup@${utils.escapeSystemdPath name}.service" ];
1104
+
before = [
1105
+
"systemd-cryptsetup@${utils.escapeSystemdPath name}.service"
1106
+
"initrd-switch-root.target"
1107
+
"shutdown.target"
1108
+
];
1109
+
wants = [ "systemd-udev-settle.service" ] ++ optional clevis.useTang "network-online.target";
1110
+
after = [ "systemd-modules-load.service" "systemd-udev-settle.service" ] ++ optional clevis.useTang "network-online.target";
1111
+
script = ''
1112
+
mkdir -p /clevis-${name}
1113
+
mount -t ramfs none /clevis-${name}
1114
+
umask 277
1115
+
clevis decrypt < /etc/clevis/${name}.jwe > /clevis-${name}/decrypted
1116
+
'';
1117
+
conflicts = [ "initrd-switch-root.target" "shutdown.target" ];
1118
+
unitConfig.DefaultDependencies = "no";
1119
+
serviceConfig = {
1120
+
Type = "oneshot";
1121
+
RemainAfterExit = true;
1122
+
ExecStop = "${config.boot.initrd.systemd.package.util-linux}/bin/umount /clevis-${name}";
1123
+
};
1124
+
})
1125
+
devicesWithClevis)
1126
+
);
1127
1128
environment.systemPackages = [ pkgs.cryptsetup ];
1129
};
+9
-1
nixos/modules/tasks/filesystems/bcachefs.nix
+9
-1
nixos/modules/tasks/filesystems/bcachefs.nix
···
57
# bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
58
firstDevice = fs: lib.head (lib.splitString ":" fs.device);
59
60
+
openCommand = name: fs: if config.boot.initrd.clevis.enable && (lib.hasAttr (firstDevice fs) config.boot.initrd.clevis.devices) then ''
61
+
if clevis decrypt < /etc/clevis/${firstDevice fs}.jwe | bcachefs unlock ${firstDevice fs}
62
+
then
63
+
printf "unlocked ${name} using clevis\n"
64
+
else
65
+
printf "falling back to interactive unlocking...\n"
66
+
tryUnlock ${name} ${firstDevice fs}
67
+
fi
68
+
'' else ''
69
tryUnlock ${name} ${firstDevice fs}
70
'';
71
+11
-2
nixos/modules/tasks/filesystems/zfs.nix
+11
-2
nixos/modules/tasks/filesystems/zfs.nix
···
17
cfgZED = config.services.zfs.zed;
18
19
selectModulePackage = package: config.boot.kernelPackages.${package.kernelModuleAttribute};
20
inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
21
inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems;
22
···
120
# but don't *require* it, because mounts shouldn't be killed if it's stopped.
121
# In the future, hopefully someone will complete this:
122
# https://github.com/zfsonlinux/zfs/pull/4943
123
-
wants = [ "systemd-udev-settle.service" ];
124
after = [
125
"systemd-udev-settle.service"
126
"systemd-modules-load.service"
127
"systemd-ask-password-console.service"
128
-
];
129
requiredBy = getPoolMounts prefix pool ++ [ "zfs-import.target" ];
130
before = getPoolMounts prefix pool ++ [ "zfs-import.target" ];
131
unitConfig = {
···
154
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
155
fi
156
if poolImported "${pool}"; then
157
${optionalString keyLocations.hasKeys ''
158
${keyLocations.command} | while IFS=$'\t' read ds kl ks; do
159
{
···
623
fi
624
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
625
fi
626
${if isBool cfgZfs.requestEncryptionCredentials
627
then optionalString cfgZfs.requestEncryptionCredentials ''
628
zfs load-key -a
···
17
cfgZED = config.services.zfs.zed;
18
19
selectModulePackage = package: config.boot.kernelPackages.${package.kernelModuleAttribute};
20
+
clevisDatasets = map (e: e.device) (filter (e: (hasAttr e.device config.boot.initrd.clevis.devices) && e.fsType == "zfs" && (fsNeededForBoot e)) config.system.build.fileSystems);
21
+
22
+
23
inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
24
inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems;
25
···
123
# but don't *require* it, because mounts shouldn't be killed if it's stopped.
124
# In the future, hopefully someone will complete this:
125
# https://github.com/zfsonlinux/zfs/pull/4943
126
+
wants = [ "systemd-udev-settle.service" ] ++ optional (config.boot.initrd.clevis.useTang) "network-online.target";
127
after = [
128
"systemd-udev-settle.service"
129
"systemd-modules-load.service"
130
"systemd-ask-password-console.service"
131
+
] ++ optional (config.boot.initrd.clevis.useTang) "network-online.target";
132
requiredBy = getPoolMounts prefix pool ++ [ "zfs-import.target" ];
133
before = getPoolMounts prefix pool ++ [ "zfs-import.target" ];
134
unitConfig = {
···
157
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
158
fi
159
if poolImported "${pool}"; then
160
+
${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem} || true ") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)}
161
+
162
+
163
${optionalString keyLocations.hasKeys ''
164
${keyLocations.command} | while IFS=$'\t' read ds kl ks; do
165
{
···
629
fi
630
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
631
fi
632
+
633
+
${concatMapStringsSep "\n" (elem: "clevis decrypt < /etc/clevis/${elem}.jwe | zfs load-key ${elem}") (filter (p: (elemAt (splitString "/" p) 0) == pool) clevisDatasets)}
634
+
635
${if isBool cfgZfs.requestEncryptionCredentials
636
then optionalString cfgZfs.requestEncryptionCredentials ''
637
zfs load-key -a
+1
nixos/tests/all-tests.nix
+1
nixos/tests/all-tests.nix
···
135
authelia = handleTest ./authelia.nix {};
136
avahi = handleTest ./avahi.nix {};
137
avahi-with-resolved = handleTest ./avahi.nix { networkd = true; };
138
babeld = handleTest ./babeld.nix {};
139
bazarr = handleTest ./bazarr.nix {};
140
bcachefs = handleTestOn ["x86_64-linux" "aarch64-linux"] ./bcachefs.nix {};
···
135
authelia = handleTest ./authelia.nix {};
136
avahi = handleTest ./avahi.nix {};
137
avahi-with-resolved = handleTest ./avahi.nix { networkd = true; };
138
+
ayatana-indicators = handleTest ./ayatana-indicators.nix {};
139
babeld = handleTest ./babeld.nix {};
140
bazarr = handleTest ./bazarr.nix {};
141
bcachefs = handleTestOn ["x86_64-linux" "aarch64-linux"] ./bcachefs.nix {};
+71
nixos/tests/ayatana-indicators.nix
+71
nixos/tests/ayatana-indicators.nix
···
···
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: let
2
+
user = "alice";
3
+
in {
4
+
name = "ayatana-indicators";
5
+
6
+
meta = {
7
+
maintainers = with lib.maintainers; [ OPNA2608 ];
8
+
};
9
+
10
+
nodes.machine = { config, ... }: {
11
+
imports = [
12
+
./common/auto.nix
13
+
./common/user-account.nix
14
+
];
15
+
16
+
test-support.displayManager.auto = {
17
+
enable = true;
18
+
inherit user;
19
+
};
20
+
21
+
services.xserver = {
22
+
enable = true;
23
+
desktopManager.mate.enable = true;
24
+
displayManager.defaultSession = lib.mkForce "mate";
25
+
};
26
+
27
+
services.ayatana-indicators = {
28
+
enable = true;
29
+
packages = with pkgs; [
30
+
ayatana-indicator-messages
31
+
];
32
+
};
33
+
34
+
# Services needed by some indicators
35
+
services.accounts-daemon.enable = true; # messages
36
+
};
37
+
38
+
# TODO session indicator starts up in a semi-broken state, but works fine after a restart. maybe being started before graphical session is truly up & ready?
39
+
testScript = { nodes, ... }: let
40
+
runCommandPerIndicatorService = command: lib.strings.concatMapStringsSep "\n" command nodes.machine.systemd.user.targets."ayatana-indicators".wants;
41
+
in ''
42
+
start_all()
43
+
machine.wait_for_x()
44
+
45
+
# Desktop environment should reach graphical-session.target
46
+
machine.wait_for_unit("graphical-session.target", "${user}")
47
+
48
+
# MATE relies on XDG autostart to bring up the indicators.
49
+
# Not sure *when* XDG autostart fires them up, and awaiting pgrep success seems to misbehave?
50
+
machine.sleep(10)
51
+
52
+
# Now check if all indicators were brought up successfully, and kill them for later
53
+
'' + (runCommandPerIndicatorService (service: let serviceExec = builtins.replaceStrings [ "." ] [ "-" ] service; in ''
54
+
machine.succeed("pgrep -f ${serviceExec}")
55
+
machine.succeed("pkill -f ${serviceExec}")
56
+
'')) + ''
57
+
58
+
# Ayatana target is the preferred way of starting up indicators on SystemD session, the graphical session is responsible for starting this if it supports them.
59
+
# Mate currently doesn't do this, so start it manually for checking (https://github.com/mate-desktop/mate-indicator-applet/issues/63)
60
+
machine.systemctl("start ayatana-indicators.target", "${user}")
61
+
machine.wait_for_unit("ayatana-indicators.target", "${user}")
62
+
63
+
# Let all indicator services do their startups, potential post-launch crash & restart cycles so we can properly check for failures
64
+
# Not sure if there's a better way of awaiting this without false-positive potential
65
+
machine.sleep(10)
66
+
67
+
# Now check if all indicator services were brought up successfully
68
+
'' + runCommandPerIndicatorService (service: ''
69
+
machine.wait_for_unit("${service}", "${user}")
70
+
'');
71
+
})
+4
nixos/tests/installer-systemd-stage-1.nix
+4
nixos/tests/installer-systemd-stage-1.nix
+233
-15
nixos/tests/installer.nix
+233
-15
nixos/tests/installer.nix
···
12
# The configuration to install.
13
makeConfig = { bootLoader, grubDevice, grubIdentifier, grubUseEfi
14
, extraConfig, forceGrubReinstallCount ? 0, flake ? false
15
}:
16
pkgs.writeText "configuration.nix" ''
17
{ config, lib, pkgs, modulesPath, ... }:
···
52
53
boot.initrd.secrets."/etc/secret" = ./secret;
54
55
users.users.alice = {
56
isNormalUser = true;
57
home = "/home/alice";
···
71
# partitions and filesystems.
72
testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier
73
, postInstallCommands, preBootCommands, postBootCommands, extraConfig
74
-
, testSpecialisationConfig, testFlakeSwitch
75
}:
76
let iface = "virtio";
77
isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi);
···
79
in if !isEfi && !pkgs.stdenv.hostPlatform.isx86 then ''
80
machine.succeed("true")
81
'' else ''
82
def assemble_qemu_flags():
83
flags = "-cpu max"
84
${if (system == "x86_64-linux" || system == "i686-linux")
85
then ''flags += " -m 1024"''
86
else ''flags += " -m 768 -enable-kvm -machine virt,gic-version=host"''
87
}
88
return flags
89
90
···
110
def create_machine_named(name):
111
return create_machine({**default_flags, "name": name})
112
113
114
-
machine.start()
115
116
with subtest("Assert readiness of login prompt"):
117
machine.succeed("echo hello")
···
127
machine.copy_from_host(
128
"${ makeConfig {
129
inherit bootLoader grubDevice grubIdentifier
130
-
grubUseEfi extraConfig;
131
}
132
}",
133
"/mnt/etc/nixos/configuration.nix",
134
)
135
machine.copy_from_host("${pkgs.writeText "secret" "secret"}", "/mnt/etc/nixos/secret")
136
137
with subtest("Perform the installation"):
138
machine.succeed("nixos-install < /dev/null >&2")
139
···
200
machine.copy_from_host_via_shell(
201
"${ makeConfig {
202
inherit bootLoader grubDevice grubIdentifier
203
-
grubUseEfi extraConfig;
204
forceGrubReinstallCount = 1;
205
}
206
}",
···
229
machine.copy_from_host_via_shell(
230
"${ makeConfig {
231
inherit bootLoader grubDevice grubIdentifier
232
-
grubUseEfi extraConfig;
233
forceGrubReinstallCount = 2;
234
}
235
}",
···
303
""")
304
machine.copy_from_host_via_shell(
305
"${makeConfig {
306
-
inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig;
307
forceGrubReinstallCount = 1;
308
flake = true;
309
}}",
···
379
, enableOCR ? false, meta ? {}
380
, testSpecialisationConfig ? false
381
, testFlakeSwitch ? false
382
}:
383
makeTest {
384
inherit enableOCR;
···
416
virtualisation.rootDevice = "/dev/vdb";
417
virtualisation.bootLoaderDevice = "/dev/vda";
418
virtualisation.qemu.diskInterface = "virtio";
419
-
420
-
# We don't want to have any networking in the guest whatsoever.
421
-
# Also, if any vlans are enabled, the guest will reboot
422
-
# (with a different configuration for legacy reasons),
423
-
# and spend 5 minutes waiting for the vlan interface to show up
424
-
# (which will never happen).
425
-
virtualisation.vlans = [];
426
427
boot.loader.systemd-boot.enable = mkIf (bootLoader == "systemd-boot") true;
428
···
471
in [
472
(pkgs.grub2.override { inherit zfsSupport; })
473
(pkgs.grub2_efi.override { inherit zfsSupport; })
474
-
]);
475
476
nix.settings = {
477
substituters = mkForce [];
···
480
};
481
};
482
483
};
484
485
testScript = testScriptFun {
486
inherit bootLoader createPartitions postInstallCommands preBootCommands postBootCommands
487
grubDevice grubIdentifier grubUseEfi extraConfig
488
-
testSpecialisationConfig testFlakeSwitch;
489
};
490
};
491
···
586
zfs = super.zfs.overrideAttrs(_: {meta.platforms = [];});}
587
)];
588
};
589
in {
590
591
# !!! `parted mkpart' seems to silently create overlapping partitions.
···
1175
)
1176
'';
1177
};
1178
} // optionalAttrs systemdStage1 {
1179
stratisRoot = makeInstallerTest "stratisRoot" {
1180
createPartitions = ''
···
12
# The configuration to install.
13
makeConfig = { bootLoader, grubDevice, grubIdentifier, grubUseEfi
14
, extraConfig, forceGrubReinstallCount ? 0, flake ? false
15
+
, clevisTest
16
}:
17
pkgs.writeText "configuration.nix" ''
18
{ config, lib, pkgs, modulesPath, ... }:
···
53
54
boot.initrd.secrets."/etc/secret" = ./secret;
55
56
+
${optionalString clevisTest ''
57
+
boot.kernelParams = [ "console=tty0" "ip=192.168.1.1:::255.255.255.0::eth1:none" ];
58
+
boot.initrd = {
59
+
availableKernelModules = [ "tpm_tis" ];
60
+
clevis = { enable = true; useTang = true; };
61
+
network.enable = true;
62
+
};
63
+
''}
64
+
65
users.users.alice = {
66
isNormalUser = true;
67
home = "/home/alice";
···
81
# partitions and filesystems.
82
testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier
83
, postInstallCommands, preBootCommands, postBootCommands, extraConfig
84
+
, testSpecialisationConfig, testFlakeSwitch, clevisTest, clevisFallbackTest
85
}:
86
let iface = "virtio";
87
isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi);
···
89
in if !isEfi && !pkgs.stdenv.hostPlatform.isx86 then ''
90
machine.succeed("true")
91
'' else ''
92
+
import subprocess
93
+
tpm_folder = os.environ['NIX_BUILD_TOP']
94
def assemble_qemu_flags():
95
flags = "-cpu max"
96
${if (system == "x86_64-linux" || system == "i686-linux")
97
then ''flags += " -m 1024"''
98
else ''flags += " -m 768 -enable-kvm -machine virt,gic-version=host"''
99
}
100
+
${optionalString clevisTest ''flags += f" -chardev socket,id=chrtpm,path={tpm_folder}/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"''}
101
+
${optionalString clevisTest ''flags += " -device virtio-net-pci,netdev=vlan1,mac=52:54:00:12:11:02 -netdev vde,id=vlan1,sock=\"$QEMU_VDE_SOCKET_1\""''}
102
return flags
103
104
···
124
def create_machine_named(name):
125
return create_machine({**default_flags, "name": name})
126
127
+
class Tpm:
128
+
def __init__(self):
129
+
self.start()
130
131
+
def start(self):
132
+
self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm",
133
+
"socket",
134
+
"--tpmstate", f"dir={tpm_folder}/swtpm",
135
+
"--ctrl", f"type=unixio,path={tpm_folder}/swtpm-sock",
136
+
"--tpm2"
137
+
])
138
+
139
+
# Check whether starting swtpm failed
140
+
try:
141
+
exit_code = self.proc.wait(timeout=0.2)
142
+
if exit_code is not None and exit_code != 0:
143
+
raise Exception("failed to start swtpm")
144
+
except subprocess.TimeoutExpired:
145
+
pass
146
+
147
+
"""Check whether the swtpm process exited due to an error"""
148
+
def check(self):
149
+
exit_code = self.proc.poll()
150
+
if exit_code is not None and exit_code != 0:
151
+
raise Exception("swtpm process died")
152
+
153
+
154
+
os.mkdir(f"{tpm_folder}/swtpm")
155
+
tpm = Tpm()
156
+
tpm.check()
157
+
158
+
start_all()
159
+
${optionalString clevisTest ''
160
+
tang.wait_for_unit("sockets.target")
161
+
tang.wait_for_unit("network-online.target")
162
+
machine.wait_for_unit("network-online.target")
163
+
''}
164
+
machine.wait_for_unit("multi-user.target")
165
+
166
167
with subtest("Assert readiness of login prompt"):
168
machine.succeed("echo hello")
···
178
machine.copy_from_host(
179
"${ makeConfig {
180
inherit bootLoader grubDevice grubIdentifier
181
+
grubUseEfi extraConfig clevisTest;
182
}
183
}",
184
"/mnt/etc/nixos/configuration.nix",
185
)
186
machine.copy_from_host("${pkgs.writeText "secret" "secret"}", "/mnt/etc/nixos/secret")
187
188
+
${optionalString clevisTest ''
189
+
with subtest("Create the Clevis secret with Tang"):
190
+
machine.wait_for_unit("network-online.target")
191
+
machine.succeed('echo -n password | clevis encrypt sss \'{"t": 2, "pins": {"tpm2": {}, "tang": {"url": "http://192.168.1.2"}}}\' -y > /mnt/etc/nixos/clevis-secret.jwe')''}
192
+
193
+
${optionalString clevisFallbackTest ''
194
+
with subtest("Shutdown Tang to check fallback to interactive prompt"):
195
+
tang.shutdown()
196
+
''}
197
+
198
with subtest("Perform the installation"):
199
machine.succeed("nixos-install < /dev/null >&2")
200
···
261
machine.copy_from_host_via_shell(
262
"${ makeConfig {
263
inherit bootLoader grubDevice grubIdentifier
264
+
grubUseEfi extraConfig clevisTest;
265
forceGrubReinstallCount = 1;
266
}
267
}",
···
290
machine.copy_from_host_via_shell(
291
"${ makeConfig {
292
inherit bootLoader grubDevice grubIdentifier
293
+
grubUseEfi extraConfig clevisTest;
294
forceGrubReinstallCount = 2;
295
}
296
}",
···
364
""")
365
machine.copy_from_host_via_shell(
366
"${makeConfig {
367
+
inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest;
368
forceGrubReinstallCount = 1;
369
flake = true;
370
}}",
···
440
, enableOCR ? false, meta ? {}
441
, testSpecialisationConfig ? false
442
, testFlakeSwitch ? false
443
+
, clevisTest ? false
444
+
, clevisFallbackTest ? false
445
}:
446
makeTest {
447
inherit enableOCR;
···
479
virtualisation.rootDevice = "/dev/vdb";
480
virtualisation.bootLoaderDevice = "/dev/vda";
481
virtualisation.qemu.diskInterface = "virtio";
482
+
virtualisation.qemu.options = mkIf (clevisTest) [
483
+
"-chardev socket,id=chrtpm,path=$NIX_BUILD_TOP/swtpm-sock"
484
+
"-tpmdev emulator,id=tpm0,chardev=chrtpm"
485
+
"-device tpm-tis,tpmdev=tpm0"
486
+
];
487
+
# We don't want to have any networking in the guest apart from the clevis tests.
488
+
virtualisation.vlans = mkIf (!clevisTest) [];
489
490
boot.loader.systemd-boot.enable = mkIf (bootLoader == "systemd-boot") true;
491
···
534
in [
535
(pkgs.grub2.override { inherit zfsSupport; })
536
(pkgs.grub2_efi.override { inherit zfsSupport; })
537
+
]) ++ optionals clevisTest [ pkgs.klibc ];
538
539
nix.settings = {
540
substituters = mkForce [];
···
543
};
544
};
545
546
+
} // optionalAttrs clevisTest {
547
+
tang = {
548
+
services.tang = {
549
+
enable = true;
550
+
listenStream = [ "80" ];
551
+
ipAddressAllow = [ "192.168.1.0/24" ];
552
+
};
553
+
networking.firewall.allowedTCPPorts = [ 80 ];
554
+
};
555
};
556
557
testScript = testScriptFun {
558
inherit bootLoader createPartitions postInstallCommands preBootCommands postBootCommands
559
grubDevice grubIdentifier grubUseEfi extraConfig
560
+
testSpecialisationConfig testFlakeSwitch clevisTest clevisFallbackTest;
561
};
562
};
563
···
658
zfs = super.zfs.overrideAttrs(_: {meta.platforms = [];});}
659
)];
660
};
661
+
662
+
mkClevisBcachefsTest = { fallback ? false }: makeInstallerTest "clevis-bcachefs${optionalString fallback "-fallback"}" {
663
+
clevisTest = true;
664
+
clevisFallbackTest = fallback;
665
+
enableOCR = fallback;
666
+
extraInstallerConfig = {
667
+
imports = [ no-zfs-module ];
668
+
boot.supportedFilesystems = [ "bcachefs" ];
669
+
environment.systemPackages = with pkgs; [ keyutils clevis ];
670
+
};
671
+
createPartitions = ''
672
+
machine.succeed(
673
+
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
674
+
+ " mkpart primary ext2 1M 100MB"
675
+
+ " mkpart primary linux-swap 100M 1024M"
676
+
+ " mkpart primary 1024M -1s",
677
+
"udevadm settle",
678
+
"mkswap /dev/vda2 -L swap",
679
+
"swapon -L swap",
680
+
"keyctl link @u @s",
681
+
"echo -n password | mkfs.bcachefs -L root --encrypted /dev/vda3",
682
+
"echo -n password | bcachefs unlock /dev/vda3",
683
+
"echo -n password | mount -t bcachefs /dev/vda3 /mnt",
684
+
"mkfs.ext3 -L boot /dev/vda1",
685
+
"mkdir -p /mnt/boot",
686
+
"mount LABEL=boot /mnt/boot",
687
+
"udevadm settle")
688
+
'';
689
+
extraConfig = ''
690
+
boot.initrd.clevis.devices."/dev/vda3".secretFile = "/etc/nixos/clevis-secret.jwe";
691
+
692
+
# We override what nixos-generate-config has generated because we do
693
+
# not know the UUID in advance.
694
+
fileSystems."/" = lib.mkForce { device = "/dev/vda3"; fsType = "bcachefs"; };
695
+
'';
696
+
preBootCommands = ''
697
+
tpm = Tpm()
698
+
tpm.check()
699
+
'' + optionalString fallback ''
700
+
machine.start()
701
+
machine.wait_for_text("enter passphrase for")
702
+
machine.send_chars("password\n")
703
+
'';
704
+
};
705
+
706
+
mkClevisLuksTest = { fallback ? false }: makeInstallerTest "clevis-luks${optionalString fallback "-fallback"}" {
707
+
clevisTest = true;
708
+
clevisFallbackTest = fallback;
709
+
enableOCR = fallback;
710
+
extraInstallerConfig = {
711
+
environment.systemPackages = with pkgs; [ clevis ];
712
+
};
713
+
createPartitions = ''
714
+
machine.succeed(
715
+
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
716
+
+ " mkpart primary ext2 1M 100MB"
717
+
+ " mkpart primary linux-swap 100M 1024M"
718
+
+ " mkpart primary 1024M -1s",
719
+
"udevadm settle",
720
+
"mkswap /dev/vda2 -L swap",
721
+
"swapon -L swap",
722
+
"modprobe dm_mod dm_crypt",
723
+
"echo -n password | cryptsetup luksFormat -q /dev/vda3 -",
724
+
"echo -n password | cryptsetup luksOpen --key-file - /dev/vda3 crypt-root",
725
+
"mkfs.ext3 -L nixos /dev/mapper/crypt-root",
726
+
"mount LABEL=nixos /mnt",
727
+
"mkfs.ext3 -L boot /dev/vda1",
728
+
"mkdir -p /mnt/boot",
729
+
"mount LABEL=boot /mnt/boot",
730
+
"udevadm settle")
731
+
'';
732
+
extraConfig = ''
733
+
boot.initrd.clevis.devices."crypt-root".secretFile = "/etc/nixos/clevis-secret.jwe";
734
+
'';
735
+
preBootCommands = ''
736
+
tpm = Tpm()
737
+
tpm.check()
738
+
'' + optionalString fallback ''
739
+
machine.start()
740
+
${if systemdStage1 then ''
741
+
machine.wait_for_text("Please enter")
742
+
'' else ''
743
+
machine.wait_for_text("Passphrase for")
744
+
''}
745
+
machine.send_chars("password\n")
746
+
'';
747
+
};
748
+
749
+
mkClevisZfsTest = { fallback ? false }: makeInstallerTest "clevis-zfs${optionalString fallback "-fallback"}" {
750
+
clevisTest = true;
751
+
clevisFallbackTest = fallback;
752
+
enableOCR = fallback;
753
+
extraInstallerConfig = {
754
+
boot.supportedFilesystems = [ "zfs" ];
755
+
environment.systemPackages = with pkgs; [ clevis ];
756
+
};
757
+
createPartitions = ''
758
+
machine.succeed(
759
+
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
760
+
+ " mkpart primary ext2 1M 100MB"
761
+
+ " mkpart primary linux-swap 100M 1024M"
762
+
+ " mkpart primary 1024M -1s",
763
+
"udevadm settle",
764
+
"mkswap /dev/vda2 -L swap",
765
+
"swapon -L swap",
766
+
"zpool create -O mountpoint=legacy rpool /dev/vda3",
767
+
"echo -n password | zfs create"
768
+
+ " -o encryption=aes-256-gcm -o keyformat=passphrase rpool/root",
769
+
"mount -t zfs rpool/root /mnt",
770
+
"mkfs.ext3 -L boot /dev/vda1",
771
+
"mkdir -p /mnt/boot",
772
+
"mount LABEL=boot /mnt/boot",
773
+
"udevadm settle")
774
+
'';
775
+
extraConfig = ''
776
+
boot.initrd.clevis.devices."rpool/root".secretFile = "/etc/nixos/clevis-secret.jwe";
777
+
boot.zfs.requestEncryptionCredentials = true;
778
+
779
+
780
+
# Using by-uuid overrides the default of by-id, and is unique
781
+
# to the qemu disks, as they don't produce by-id paths for
782
+
# some reason.
783
+
boot.zfs.devNodes = "/dev/disk/by-uuid/";
784
+
networking.hostId = "00000000";
785
+
'';
786
+
preBootCommands = ''
787
+
tpm = Tpm()
788
+
tpm.check()
789
+
'' + optionalString fallback ''
790
+
machine.start()
791
+
${if systemdStage1 then ''
792
+
machine.wait_for_text("Enter key for rpool/root")
793
+
'' else ''
794
+
machine.wait_for_text("Key load error")
795
+
''}
796
+
machine.send_chars("password\n")
797
+
'';
798
+
};
799
+
800
in {
801
802
# !!! `parted mkpart' seems to silently create overlapping partitions.
···
1386
)
1387
'';
1388
};
1389
+
} // {
1390
+
clevisBcachefs = mkClevisBcachefsTest { };
1391
+
clevisBcachefsFallback = mkClevisBcachefsTest { fallback = true; };
1392
+
clevisLuks = mkClevisLuksTest { };
1393
+
clevisLuksFallback = mkClevisLuksTest { fallback = true; };
1394
+
clevisZfs = mkClevisZfsTest { };
1395
+
clevisZfsFallback = mkClevisZfsTest { fallback = true; };
1396
} // optionalAttrs systemdStage1 {
1397
stratisRoot = makeInstallerTest "stratisRoot" {
1398
createPartitions = ''
+4
-4
pkgs/applications/audio/raysession/default.nix
+4
-4
pkgs/applications/audio/raysession/default.nix
···
1
-
{ lib, fetchurl, buildPythonApplication, libjack2, pydbus, pyliblo, pyqt5, which, bash, qt5 }:
2
3
buildPythonApplication rec {
4
pname = "raysession";
5
-
version = "0.13.1";
6
7
src = fetchurl {
8
url = "https://github.com/Houston4444/RaySession/releases/download/v${version}/RaySession-${version}-source.tar.gz";
9
-
sha256 = "sha256-iiFRtX43u9BHe7a4ojza7kav+dMW9e05dPi7Gf9d1GM=";
10
};
11
12
postPatch = ''
···
25
qt5.wrapQtAppsHook
26
];
27
buildInputs = [ libjack2 bash ];
28
-
propagatedBuildInputs = [ pydbus pyliblo pyqt5 ];
29
30
dontWrapQtApps = true; # The program is a python script.
31
···
1
+
{ lib, fetchurl, buildPythonApplication, libjack2, pyliblo, pyqt5, which, bash, qt5 }:
2
3
buildPythonApplication rec {
4
pname = "raysession";
5
+
version = "0.14.2";
6
7
src = fetchurl {
8
url = "https://github.com/Houston4444/RaySession/releases/download/v${version}/RaySession-${version}-source.tar.gz";
9
+
sha256 = "sha256-qEN3zBK/goRLIZaU06XXm8H5yj4Qjj/NH+bkHkjhLaw=";
10
};
11
12
postPatch = ''
···
25
qt5.wrapQtAppsHook
26
];
27
buildInputs = [ libjack2 bash ];
28
+
propagatedBuildInputs = [ pyliblo pyqt5 ];
29
30
dontWrapQtApps = true; # The program is a python script.
31
-52
pkgs/applications/graphics/normcap/default.nix
-52
pkgs/applications/graphics/normcap/default.nix
···
1
-
# From NUR https://github.com/nix-community/nur-combined/blob/6bddae47680482383b5769dd3aa7d82b88e6cbc8/repos/renesat/pkgs/normcap/default.nix
2
-
3
-
{
4
-
lib,
5
-
stdenv,
6
-
python3,
7
-
fetchFromGitHub,
8
-
tesseract4,
9
-
leptonica,
10
-
wl-clipboard
11
-
}:
12
-
python3.pkgs.buildPythonApplication rec {
13
-
pname = "normcap";
14
-
version = "0.4.4";
15
-
format = "pyproject";
16
-
17
-
src = fetchFromGitHub {
18
-
owner = "dynobo";
19
-
repo = "normcap";
20
-
rev = "v${version}";
21
-
hash = "sha256-dShtmoqS9TC3PHuwq24OEOhYfBHGhDCma8Du8QCkFuI=";
22
-
};
23
-
24
-
buildInputs = [
25
-
wl-clipboard
26
-
];
27
-
28
-
nativeBuildInputs = with python3.pkgs; [
29
-
poetry-core
30
-
];
31
-
32
-
propagatedBuildInputs = with python3.pkgs; [
33
-
tesseract4
34
-
leptonica
35
-
pyside6
36
-
37
-
# Test
38
-
toml
39
-
pytest-qt
40
-
];
41
-
42
-
postPatch = ''
43
-
substituteInPlace pyproject.toml --replace 'PySide6-Essentials = "6.5.1"' ""
44
-
'';
45
-
46
-
meta = with lib; {
47
-
description = "OCR powered screen-capture tool to capture information instead of images";
48
-
homepage = "https://dynobo.github.io/normcap/";
49
-
license = licenses.gpl3Plus;
50
-
maintainers = with maintainers; [ cafkafk ];
51
-
};
52
-
}
···
+2
-2
pkgs/applications/misc/chrysalis/default.nix
+2
-2
pkgs/applications/misc/chrysalis/default.nix
···
35
$out/share/applications/Chrysalis.desktop \
36
--replace 'Exec=Chrysalis' 'Exec=${pname}'
37
38
-
cp -r ${appimageContents}/usr/share/icons $out/share
39
'';
40
41
meta = with lib; {
42
description = "A graphical configurator for Kaleidoscope-powered keyboards";
43
homepage = "https://github.com/keyboardio/Chrysalis";
44
-
license = licenses.gpl3;
45
maintainers = with maintainers; [ aw ];
46
platforms = [ "x86_64-linux" ];
47
mainProgram = pname;
···
35
$out/share/applications/Chrysalis.desktop \
36
--replace 'Exec=Chrysalis' 'Exec=${pname}'
37
38
+
install -Dm444 ${appimageContents}/usr/share/icons/hicolor/256x256/chrysalis.png -t $out/share/pixmaps
39
'';
40
41
meta = with lib; {
42
description = "A graphical configurator for Kaleidoscope-powered keyboards";
43
homepage = "https://github.com/keyboardio/Chrysalis";
44
+
license = licenses.gpl3Only;
45
maintainers = with maintainers; [ aw ];
46
platforms = [ "x86_64-linux" ];
47
mainProgram = pname;
+4
-4
pkgs/applications/misc/itd/default.nix
+4
-4
pkgs/applications/misc/itd/default.nix
···
8
pname = "itd";
9
version = "1.1.0";
10
11
-
# https://gitea.arsenm.dev/Arsen6331/itd/tags
12
src = fetchFromGitea {
13
-
domain = "gitea.arsenm.dev";
14
-
owner = "Arsen6331";
15
repo = "itd";
16
rev = "v${version}";
17
hash = "sha256-95/9Qy0HhrX+ORuv6g1T4/Eq1hf539lYG5fTkLeY6B0=";
···
34
35
meta = with lib; {
36
description = "itd is a daemon to interact with the PineTime running InfiniTime";
37
-
homepage = "https://gitea.arsenm.dev/Arsen6331/itd";
38
license = licenses.gpl3Plus;
39
platforms = platforms.linux;
40
maintainers = with maintainers; [ mindavi raphaelr ];
···
8
pname = "itd";
9
version = "1.1.0";
10
11
+
# https://gitea.elara.ws/Elara6331/itd/tags
12
src = fetchFromGitea {
13
+
domain = "gitea.elara.ws";
14
+
owner = "Elara6331";
15
repo = "itd";
16
rev = "v${version}";
17
hash = "sha256-95/9Qy0HhrX+ORuv6g1T4/Eq1hf539lYG5fTkLeY6B0=";
···
34
35
meta = with lib; {
36
description = "itd is a daemon to interact with the PineTime running InfiniTime";
37
+
homepage = "https://gitea.elara.ws/Elara6331/itd";
38
license = licenses.gpl3Plus;
39
platforms = platforms.linux;
40
maintainers = with maintainers; [ mindavi raphaelr ];
+5
-3
pkgs/applications/networking/browsers/palemoon/bin.nix
+5
-3
pkgs/applications/networking/browsers/palemoon/bin.nix
···
9
, gtk2-x11
10
, withGTK3 ? true
11
, gtk3
12
, libXt
13
, libpulseaudio
14
, makeDesktopItem
···
18
19
stdenv.mkDerivation (finalAttrs: {
20
pname = "palemoon-bin";
21
-
version = "32.5.0";
22
23
src = fetchzip {
24
urls = [
···
26
"https://rm-us.palemoon.org/release/palemoon-${finalAttrs.version}.linux-x86_64-gtk${if withGTK3 then "3" else "2"}.tar.xz"
27
];
28
hash = if withGTK3 then
29
-
"sha256-1MJ5K9Zc/BHeQwwlq3XyUV8XTFEpPytNyTnsDpE1tBI="
30
else
31
-
"sha256-xXunZTqoc2A+ilosRUUluxDwewD3xwITF5nb5Lbyv7Y=";
32
};
33
34
preferLocalBuild = true;
···
147
gappsWrapperArgs+=(
148
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [
149
ffmpeg
150
libpulseaudio
151
]}"
152
)
···
9
, gtk2-x11
10
, withGTK3 ? true
11
, gtk3
12
+
, libglvnd
13
, libXt
14
, libpulseaudio
15
, makeDesktopItem
···
19
20
stdenv.mkDerivation (finalAttrs: {
21
pname = "palemoon-bin";
22
+
version = "32.5.1";
23
24
src = fetchzip {
25
urls = [
···
27
"https://rm-us.palemoon.org/release/palemoon-${finalAttrs.version}.linux-x86_64-gtk${if withGTK3 then "3" else "2"}.tar.xz"
28
];
29
hash = if withGTK3 then
30
+
"sha256-hWqL/WoRRigw8cNeJImOQLM8hewyS3PYNGr2WYP+cMk="
31
else
32
+
"sha256-dlBnXP3WUgQ0spkLRowfzMcPArhGfpowsvwgCA+kvUA=";
33
};
34
35
preferLocalBuild = true;
···
148
gappsWrapperArgs+=(
149
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [
150
ffmpeg
151
+
libglvnd
152
libpulseaudio
153
]}"
154
)
+3
-3
pkgs/applications/networking/p2p/libutp/3.4.nix
+3
-3
pkgs/applications/networking/p2p/libutp/3.4.nix
···
2
3
stdenv.mkDerivation rec {
4
pname = "libutp";
5
-
version = "unstable-2023-10-16";
6
7
src = fetchFromGitHub {
8
# Use transmission fork from post-3.4-transmission branch
9
owner = "transmission";
10
repo = pname;
11
-
rev = "2589200eac82fc91b65979680e4b3c026dff0278";
12
-
hash = "sha256-wsDqdbMWVm3ubTbg5XClEWutJz1irSIazVLFeCyAAL4=";
13
};
14
15
nativeBuildInputs = [ cmake ];
···
2
3
stdenv.mkDerivation rec {
4
pname = "libutp";
5
+
version = "unstable-2023-11-14";
6
7
src = fetchFromGitHub {
8
# Use transmission fork from post-3.4-transmission branch
9
owner = "transmission";
10
repo = pname;
11
+
rev = "52645d6d0fb16009e11d2f84469d2e43b7b6b48a";
12
+
hash = "sha256-pcPVkDEEtriN9zlEcVFKwKhhh51wpJGxYlcu7bH1RkI=";
13
};
14
15
nativeBuildInputs = [ cmake ];
+8
-3
pkgs/applications/science/logic/why3/default.nix
+8
-3
pkgs/applications/science/logic/why3/default.nix
···
1
{ callPackage, fetchurl, lib, stdenv
2
-
, ocamlPackages, coqPackages, rubber, hevea, emacs }:
3
4
stdenv.mkDerivation rec {
5
pname = "why3";
6
-
version = "1.6.0";
7
8
src = fetchurl {
9
url = "https://why3.gitlabpages.inria.fr/releases/${pname}-${version}.tar.gz";
10
-
hash = "sha256-hFvM6kHScaCtcHCc6Vezl9CR7BFbiKPoTEh7kj0ZJxw=";
11
};
12
13
strictDeps = true;
···
1
{ callPackage, fetchurl, lib, stdenv
2
+
, ocamlPackages, coqPackages, rubber, hevea, emacs
3
+
, version ? "1.7.0"
4
+
}:
5
6
stdenv.mkDerivation rec {
7
pname = "why3";
8
+
inherit version;
9
10
src = fetchurl {
11
url = "https://why3.gitlabpages.inria.fr/releases/${pname}-${version}.tar.gz";
12
+
hash = {
13
+
"1.7.0" = "sha256-rygrjzuJVukOvpuXTG/yeoEP98ZFkLQHObgc3My1PVY=";
14
+
"1.6.0" = "sha256-hFvM6kHScaCtcHCc6Vezl9CR7BFbiKPoTEh7kj0ZJxw=";
15
+
}."${version}";
16
};
17
18
strictDeps = true;
+3
-3
pkgs/applications/search/recoll/default.nix
+3
-3
pkgs/applications/search/recoll/default.nix
···
70
71
mkDerivation rec {
72
pname = "recoll";
73
-
version = "1.36.0";
74
75
src = fetchurl {
76
url = "https://www.lesbonscomptes.com/${pname}/${pname}-${version}.tar.gz";
77
-
hash = "sha256-vf0o0wBcG3878YD4mTUhni2aTUU9AJkG4an1oaRc4yw=";
78
};
79
80
configureFlags = [
···
169
members, email attachments.
170
'';
171
homepage = "https://www.lesbonscomptes.com/recoll/";
172
-
changelog = "https://www.lesbonscomptes.com/recoll/pages/release-${version}.html";
173
license = licenses.gpl2Plus;
174
platforms = platforms.unix;
175
maintainers = with maintainers; [ jcumming ehmry ];
···
70
71
mkDerivation rec {
72
pname = "recoll";
73
+
version = "1.36.2";
74
75
src = fetchurl {
76
url = "https://www.lesbonscomptes.com/${pname}/${pname}-${version}.tar.gz";
77
+
hash = "sha256-GyQqI3ciRO0TRaAeM4rGu+j/eB4bJlQ7VBTTxUGMNt4=";
78
};
79
80
configureFlags = [
···
169
members, email attachments.
170
'';
171
homepage = "https://www.lesbonscomptes.com/recoll/";
172
+
changelog = "https://www.lesbonscomptes.com/recoll/pages/release-${versions.majorMinor version}.html";
173
license = licenses.gpl2Plus;
174
platforms = platforms.unix;
175
maintainers = with maintainers; [ jcumming ehmry ];
+2
-2
pkgs/applications/version-management/gitea/default.nix
+2
-2
pkgs/applications/version-management/gitea/default.nix
···
20
21
buildGoModule rec {
22
pname = "gitea";
23
-
version = "1.20.5";
24
25
# not fetching directly from the git repo, because that lacks several vendor files for the web UI
26
src = fetchurl {
27
url = "https://dl.gitea.com/gitea/${version}/gitea-src-${version}.tar.gz";
28
-
hash = "sha256-cH/AHsFXOdvfSfj9AZUd3l/RlYE06o1ByZu0vvGQuXw=";
29
};
30
31
vendorHash = null;
···
20
21
buildGoModule rec {
22
pname = "gitea";
23
+
version = "1.21.1";
24
25
# not fetching directly from the git repo, because that lacks several vendor files for the web UI
26
src = fetchurl {
27
url = "https://dl.gitea.com/gitea/${version}/gitea-src-${version}.tar.gz";
28
+
hash = "sha256-5WEHUMQsQNgrglS+xJ4IWHUl0a6RLLPyx0l+ECJ4R9g=";
29
};
30
31
vendorHash = null;
+2
pkgs/build-support/fetchtorrent/default.nix
+2
pkgs/build-support/fetchtorrent/default.nix
···
14
, recursiveHash ? true
15
, postFetch ? ""
16
, postUnpack ? ""
17
}:
18
let
19
afterSuccess = writeShellScript "fetch-bittorrent-done.sh" ''
···
30
jsonConfig = (formats.json {}).generate "jsonConfig" config;
31
in
32
runCommand name {
33
nativeBuildInputs = [ cacert ] ++ (if (backend == "transmission" ) then [ transmission_noSystemd ] else if (backend == "rqbit") then [ rqbit ] else throw "rqbit or transmission are the only available backends for fetchtorrent");
34
outputHashAlgo = if hash != "" then null else "sha256";
35
outputHash = hash;
···
14
, recursiveHash ? true
15
, postFetch ? ""
16
, postUnpack ? ""
17
+
, meta ? {}
18
}:
19
let
20
afterSuccess = writeShellScript "fetch-bittorrent-done.sh" ''
···
31
jsonConfig = (formats.json {}).generate "jsonConfig" config;
32
in
33
runCommand name {
34
+
inherit meta;
35
nativeBuildInputs = [ cacert ] ++ (if (backend == "transmission" ) then [ transmission_noSystemd ] else if (backend == "rqbit") then [ rqbit ] else throw "rqbit or transmission are the only available backends for fetchtorrent");
36
outputHashAlgo = if hash != "" then null else "sha256";
37
outputHash = hash;
+24
-2
pkgs/build-support/fetchtorrent/tests.nix
+24
-2
pkgs/build-support/fetchtorrent/tests.nix
···
1
-
{ testers, fetchtorrent, ... }:
2
3
{
4
http-link = testers.invalidateFetcherByDrvHash fetchtorrent {
5
url = "https://webtorrent.io/torrents/wired-cd.torrent";
6
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
7
backend = "transmission";
8
};
9
magnet-link = testers.invalidateFetcherByDrvHash fetchtorrent {
10
url = "magnet:?xt=urn:btih:a88fda5954e89178c372716a6a78b8180ed4dad3&dn=The+WIRED+CD+-+Rip.+Sample.+Mash.+Share&tr=udp%3A%2F%2Fexplodie.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.empire-js.us%3A1337&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com&ws=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2F&xs=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2Fwired-cd.torrent";
11
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
12
backend = "transmission";
13
};
14
http-link-rqbit = testers.invalidateFetcherByDrvHash fetchtorrent {
15
url = "https://webtorrent.io/torrents/wired-cd.torrent";
16
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
17
backend = "rqbit";
18
};
19
magnet-link-rqbit = testers.invalidateFetcherByDrvHash fetchtorrent {
20
url = "magnet:?xt=urn:btih:a88fda5954e89178c372716a6a78b8180ed4dad3&dn=The+WIRED+CD+-+Rip.+Sample.+Mash.+Share&tr=udp%3A%2F%2Fexplodie.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.empire-js.us%3A1337&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com&ws=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2F&xs=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2Fwired-cd.torrent";
21
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
22
backend = "rqbit";
23
};
24
}
25
-
···
1
+
{ testers, fetchtorrent, lib, ... }:
2
+
3
+
let
4
+
wired-cd.meta.license = [
5
+
# track 1, 4 and 11
6
+
{
7
+
spdxID = "CC NC-SAMPLING+ 1.0 Deed";
8
+
fullName = "NonCommercial Sampling Plus 1.0 Generic";
9
+
url = "https://creativecommons.org/licenses/nc-sampling+/1.0/";
10
+
free = false; # for noncommercial purposes only
11
+
}
12
+
# the rest
13
+
{
14
+
spdxID = "CC SAMPLING+ 1.0 Deed";
15
+
fullName = "Sampling Plus 1.0 Generic";
16
+
url = "https://creativecommons.org/licenses/sampling+/1.0/";
17
+
free = true; # no use in advertisement
18
+
}
19
+
];
20
+
in
21
22
{
23
http-link = testers.invalidateFetcherByDrvHash fetchtorrent {
24
url = "https://webtorrent.io/torrents/wired-cd.torrent";
25
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
26
backend = "transmission";
27
+
inherit (wired-cd) meta;
28
};
29
magnet-link = testers.invalidateFetcherByDrvHash fetchtorrent {
30
url = "magnet:?xt=urn:btih:a88fda5954e89178c372716a6a78b8180ed4dad3&dn=The+WIRED+CD+-+Rip.+Sample.+Mash.+Share&tr=udp%3A%2F%2Fexplodie.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.empire-js.us%3A1337&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com&ws=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2F&xs=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2Fwired-cd.torrent";
31
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
32
backend = "transmission";
33
+
inherit (wired-cd) meta;
34
};
35
http-link-rqbit = testers.invalidateFetcherByDrvHash fetchtorrent {
36
url = "https://webtorrent.io/torrents/wired-cd.torrent";
37
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
38
backend = "rqbit";
39
+
inherit (wired-cd) meta;
40
};
41
magnet-link-rqbit = testers.invalidateFetcherByDrvHash fetchtorrent {
42
url = "magnet:?xt=urn:btih:a88fda5954e89178c372716a6a78b8180ed4dad3&dn=The+WIRED+CD+-+Rip.+Sample.+Mash.+Share&tr=udp%3A%2F%2Fexplodie.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.empire-js.us%3A1337&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com&ws=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2F&xs=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2Fwired-cd.torrent";
43
hash = "sha256-OCsC22WuanqoN6lPv5wDT5ZxPcEHDpZ1EgXGvz1SDYo=";
44
backend = "rqbit";
45
+
inherit (wired-cd) meta;
46
};
47
}
+147
pkgs/by-name/ay/ayatana-indicator-messages/package.nix
+147
pkgs/by-name/ay/ayatana-indicator-messages/package.nix
···
···
1
+
{ stdenv
2
+
, lib
3
+
, fetchFromGitHub
4
+
, gitUpdater
5
+
, nixosTests
6
+
, testers
7
+
, accountsservice
8
+
, cmake
9
+
, dbus-test-runner
10
+
, withDocumentation ? true
11
+
, docbook_xsl
12
+
, docbook_xml_dtd_45
13
+
, glib
14
+
, gobject-introspection
15
+
, gtest
16
+
, gtk-doc
17
+
, intltool
18
+
, lomiri
19
+
, pkg-config
20
+
, python3
21
+
, systemd
22
+
, vala
23
+
, wrapGAppsHook
24
+
}:
25
+
26
+
stdenv.mkDerivation (finalAttrs: {
27
+
pname = "ayatana-indicator-messages";
28
+
version = "23.10.0";
29
+
30
+
src = fetchFromGitHub {
31
+
owner = "AyatanaIndicators";
32
+
repo = "ayatana-indicator-messages";
33
+
rev = finalAttrs.version;
34
+
hash = "sha256-FBJeP5hOXJcOk04cRJpw+oN7L3w3meDX3ivLmFWkhVI=";
35
+
};
36
+
37
+
outputs = [
38
+
"out"
39
+
"dev"
40
+
] ++ lib.optionals withDocumentation [
41
+
"devdoc"
42
+
];
43
+
44
+
postPatch = ''
45
+
# Uses pkg_get_variable, cannot substitute prefix with that
46
+
substituteInPlace data/CMakeLists.txt \
47
+
--replace "\''${SYSTEMD_USER_DIR}" "$out/lib/systemd/user"
48
+
49
+
# Bad concatenation
50
+
substituteInPlace libmessaging-menu/messaging-menu.pc.in \
51
+
--replace "\''${exec_prefix}/@CMAKE_INSTALL_LIBDIR@" '@CMAKE_INSTALL_FULL_LIBDIR@' \
52
+
--replace "\''${prefix}/@CMAKE_INSTALL_INCLUDEDIR@" '@CMAKE_INSTALL_FULL_INCLUDEDIR@'
53
+
'' + lib.optionalString (!withDocumentation) ''
54
+
sed -i CMakeLists.txt \
55
+
'/add_subdirectory(doc)/d'
56
+
'';
57
+
58
+
strictDeps = true;
59
+
60
+
nativeBuildInputs = [
61
+
cmake
62
+
glib # For glib-compile-schemas
63
+
intltool
64
+
pkg-config
65
+
vala
66
+
wrapGAppsHook
67
+
] ++ lib.optionals withDocumentation [
68
+
docbook_xsl
69
+
docbook_xml_dtd_45
70
+
gtk-doc
71
+
];
72
+
73
+
buildInputs = [
74
+
accountsservice
75
+
lomiri.cmake-extras
76
+
glib
77
+
gobject-introspection
78
+
systemd
79
+
];
80
+
81
+
nativeCheckInputs = [
82
+
(python3.withPackages (ps: with ps; [
83
+
pygobject3
84
+
python-dbusmock
85
+
]))
86
+
];
87
+
88
+
checkInputs = [
89
+
dbus-test-runner
90
+
gtest
91
+
];
92
+
93
+
cmakeFlags = [
94
+
"-DENABLE_TESTS=${lib.boolToString finalAttrs.doCheck}"
95
+
"-DGSETTINGS_LOCALINSTALL=ON"
96
+
"-DGSETTINGS_COMPILE=ON"
97
+
];
98
+
99
+
makeFlags = lib.optionals withDocumentation [
100
+
# gtk-doc doesn't call ld with the correct arguments
101
+
# ld: ...: undefined reference to symbol 'strncpy@@GLIBC_2.2.5', 'qsort@@GLIBC_2.2.5'
102
+
"LD=${stdenv.cc.targetPrefix}cc"
103
+
];
104
+
105
+
doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
106
+
107
+
preCheck = ''
108
+
# test-client imports gir, whose solib entry points to final store location
109
+
install -Dm644 libmessaging-menu/libmessaging-menu.so.0.0.0 $out/lib/libmessaging-menu.so.0
110
+
'';
111
+
112
+
postCheck = ''
113
+
# remove the above solib-installation, let it be done properly
114
+
rm -r $out
115
+
'';
116
+
117
+
preInstall = lib.optionalString withDocumentation ''
118
+
# installing regenerates docs, generated files are created without write permissions, errors out while trying to overwrite them
119
+
chmod +w doc/reference/html/*
120
+
'';
121
+
122
+
passthru = {
123
+
ayatana-indicators = [
124
+
"ayatana-indicator-messages"
125
+
];
126
+
tests = {
127
+
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
128
+
vm = nixosTests.ayatana-indicators;
129
+
};
130
+
updateScript = gitUpdater { };
131
+
};
132
+
133
+
meta = with lib; {
134
+
description = "Ayatana Indicator Messages Applet";
135
+
longDescription = ''
136
+
The -messages Ayatana System Indicator is the messages menu indicator for Unity7, MATE and Lomiri (optionally for
137
+
others, e.g. XFCE, LXDE).
138
+
'';
139
+
homepage = "https://github.com/AyatanaIndicators/ayatana-indicator-messages";
140
+
license = licenses.gpl3Only;
141
+
platforms = platforms.linux;
142
+
maintainers = with maintainers; [ OPNA2608 ];
143
+
pkgConfigModules = [
144
+
"messaging-menu"
145
+
];
146
+
};
147
+
})
+2
-2
pkgs/by-name/fr/frankenphp/package.nix
+2
-2
pkgs/by-name/fr/frankenphp/package.nix
···
19
pieBuild = stdenv.hostPlatform.isMusl;
20
in buildGoModule rec {
21
pname = "frankenphp";
22
-
version = "1.0.0-rc.3";
23
24
src = fetchFromGitHub {
25
owner = "dunglas";
26
repo = "frankenphp";
27
rev = "v${version}";
28
-
hash = "sha256-Al0gCxTb6s41ugX9J8N8lshop9kP3RPGCzlq5etk1RY=";
29
};
30
31
sourceRoot = "source/caddy";
···
19
pieBuild = stdenv.hostPlatform.isMusl;
20
in buildGoModule rec {
21
pname = "frankenphp";
22
+
version = "1.0.0-rc.4";
23
24
src = fetchFromGitHub {
25
owner = "dunglas";
26
repo = "frankenphp";
27
rev = "v${version}";
28
+
hash = "sha256-4jNCKHt4eYI1BNaonIdS1Eq2OnJwgrU6qWZoiSpeIYk=";
29
};
30
31
sourceRoot = "source/caddy";
+117
pkgs/by-name/no/normcap/package.nix
+117
pkgs/by-name/no/normcap/package.nix
···
···
1
+
{ lib
2
+
, stdenv
3
+
, python3
4
+
, fetchFromGitHub
5
+
, tesseract4
6
+
, leptonica
7
+
, wl-clipboard
8
+
, libnotify
9
+
, xorg
10
+
}:
11
+
12
+
let
13
+
14
+
ps = python3.pkgs;
15
+
16
+
wrapperDeps = [
17
+
leptonica
18
+
tesseract4
19
+
libnotify
20
+
] ++ lib.optionals stdenv.isLinux [
21
+
wl-clipboard
22
+
];
23
+
24
+
in
25
+
26
+
ps.buildPythonApplication rec {
27
+
pname = "normcap";
28
+
version = "0.4.4";
29
+
format = "pyproject";
30
+
31
+
disabled = ps.pythonOlder "3.9";
32
+
33
+
src = fetchFromGitHub {
34
+
owner = "dynobo";
35
+
repo = "normcap";
36
+
rev = "refs/tags/v${version}";
37
+
hash = "sha256-dShtmoqS9TC3PHuwq24OEOhYfBHGhDCma8Du8QCkFuI=";
38
+
};
39
+
40
+
pythonRemoveDeps = [
41
+
"PySide6-Essentials"
42
+
];
43
+
44
+
nativeBuildInputs = [
45
+
ps.pythonRelaxDepsHook
46
+
ps.poetry-core
47
+
];
48
+
49
+
propagatedBuildInputs = [
50
+
ps.pyside6
51
+
];
52
+
53
+
preFixup = ''
54
+
makeWrapperArgs+=(
55
+
"''${qtWrapperArgs[@]}"
56
+
--set QT_QPA_PLATFORM xcb
57
+
--prefix PATH : ${lib.makeBinPath wrapperDeps}
58
+
)
59
+
'';
60
+
61
+
nativeCheckInputs = wrapperDeps ++ [
62
+
ps.pytestCheckHook
63
+
ps.pytest-qt
64
+
ps.toml
65
+
] ++ lib.optionals stdenv.isLinux [
66
+
ps.pytest-xvfb
67
+
xorg.xorgserver
68
+
];
69
+
70
+
preCheck = ''
71
+
export HOME=$(mktemp -d)
72
+
'' + lib.optionalString stdenv.isLinux ''
73
+
# setup a virtual x11 display
74
+
export DISPLAY=:$((2000 + $RANDOM % 1000))
75
+
Xvfb $DISPLAY -screen 5 1024x768x8 &
76
+
xvfb_pid=$!
77
+
'';
78
+
79
+
postCheck = lib.optionalString stdenv.isLinux ''
80
+
# cleanup the virtual x11 display
81
+
kill $xvfb_pid
82
+
'';
83
+
84
+
disabledTests = [
85
+
# requires a wayland session (no xclip support)
86
+
"test_wl_copy"
87
+
# times out, unknown why
88
+
"test_update_checker_triggers_checked_signal"
89
+
# touches network
90
+
"test_urls_reachable"
91
+
# requires xdg
92
+
"test_synchronized_capture"
93
+
] ++ lib.optionals stdenv.isDarwin [
94
+
# requires impure pbcopy
95
+
"test_get_copy_func_with_pbcopy"
96
+
"test_get_copy_func_without_pbcopy"
97
+
"test_perform_pbcopy"
98
+
];
99
+
100
+
disabledTestPaths = [
101
+
# touches network
102
+
"tests/tests_gui/test_downloader.py"
103
+
# fails to import, causes pytest to freeze
104
+
"tests/tests_gui/test_language_manager.py"
105
+
] ++ lib.optionals stdenv.isDarwin [
106
+
# requires a display
107
+
"tests/integration/test_normcap.py"
108
+
];
109
+
110
+
meta = with lib; {
111
+
description = "OCR powered screen-capture tool to capture information instead of images";
112
+
homepage = "https://dynobo.github.io/normcap/";
113
+
license = licenses.gpl3Plus;
114
+
maintainers = with maintainers; [ cafkafk pbsds ];
115
+
mainProgram = "normcap";
116
+
};
117
+
}
+3
pkgs/desktops/lomiri/default.nix
+3
pkgs/desktops/lomiri/default.nix
···
17
gmenuharness = callPackage ./development/gmenuharness { };
18
libusermetrics = callPackage ./development/libusermetrics { };
19
lomiri-api = callPackage ./development/lomiri-api { };
20
+
21
+
#### Services
22
+
biometryd = callPackage ./services/biometryd { };
23
};
24
in
25
lib.makeScope libsForQt5.newScope packages
+137
pkgs/desktops/lomiri/services/biometryd/default.nix
+137
pkgs/desktops/lomiri/services/biometryd/default.nix
···
···
1
+
{ stdenv
2
+
, lib
3
+
, fetchFromGitLab
4
+
, fetchpatch
5
+
, gitUpdater
6
+
, testers
7
+
, boost
8
+
, cmake
9
+
, cmake-extras
10
+
, dbus
11
+
, dbus-cpp
12
+
, gtest
13
+
, libapparmor
14
+
, libelf
15
+
, pkg-config
16
+
, process-cpp
17
+
, properties-cpp
18
+
, qtbase
19
+
, qtdeclarative
20
+
, sqlite
21
+
}:
22
+
23
+
stdenv.mkDerivation (finalAttrs: {
24
+
pname = "biometryd";
25
+
version = "0.3.0";
26
+
27
+
src = fetchFromGitLab {
28
+
owner = "ubports";
29
+
repo = "development/core/biometryd";
30
+
rev = finalAttrs.version;
31
+
hash = "sha256-b095rsQnd63Ziqe+rn3ROo4LGXZxZ3Sa6h3apzCuyCs=";
32
+
};
33
+
34
+
outputs = [
35
+
"out"
36
+
"dev"
37
+
];
38
+
39
+
patches = [
40
+
# https://gitlab.com/ubports/development/core/biometryd/-/merge_requests/31
41
+
(fetchpatch {
42
+
url = "https://gitlab.com/OPNA2608/biometryd/-/commit/d01d979e4f98c6473761d1ace308aa182017804e.patch";
43
+
hash = "sha256-JxL3BLuh33ptfneU1y2qNGFKpeMlZlTMwCK97Rk3aTA=";
44
+
})
45
+
(fetchpatch {
46
+
url = "https://gitlab.com/OPNA2608/biometryd/-/commit/3cec6a3d42ea6aba8892da2c771b317f44daf9e2.patch";
47
+
hash = "sha256-Ij/aio38WmZ+NsUSbM195Gwb83goWIcCnJvGwAOJi50=";
48
+
})
49
+
(fetchpatch {
50
+
url = "https://gitlab.com/OPNA2608/biometryd/-/commit/e89bd9444bc1cfe84a9aa93faa23057c80f39564.patch";
51
+
hash = "sha256-1vEG349X9+SvY/f3no/l5cMVGpdzC8h/8XOZwL/70Dc=";
52
+
})
53
+
54
+
# https://gitlab.com/ubports/development/core/biometryd/-/merge_requests/32
55
+
(fetchpatch {
56
+
url = "https://gitlab.com/OPNA2608/biometryd/-/commit/9e52fad0139c5a45f69e6a6256b2b5ff54f77740.patch";
57
+
hash = "sha256-DZSdzKq6EYgAllKSDgkGk2g57zHN+gI5fOoj7U5AcKY=";
58
+
})
59
+
];
60
+
61
+
postPatch = ''
62
+
# Remove with !31 patches, fetchpatch can't apply renames
63
+
pushd data
64
+
for type in conf service; do
65
+
mv biometryd.$type biometryd.$type.in
66
+
substituteInPlace biometryd.$type.in \
67
+
--replace '/usr/bin' "\''${CMAKE_INSTALL_FULL_BINDIR}"
68
+
done
69
+
popd
70
+
71
+
# Uses pkg_get_variable, cannot substitute prefix with that
72
+
substituteInPlace CMakeLists.txt \
73
+
--replace 'pkg_get_variable(SYSTEMD_SYSTEM_UNIT_DIR systemd systemdsystemunitdir)' 'set(SYSTEMD_SYSTEM_UNIT_DIR "${placeholder "out"}/lib/systemd/system")'
74
+
75
+
substituteInPlace src/biometry/qml/Biometryd/CMakeLists.txt \
76
+
--replace "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" "\''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}"
77
+
'' + lib.optionalString (!finalAttrs.doCheck) ''
78
+
sed -i -e '/add_subdirectory(tests)/d' CMakeLists.txt
79
+
'';
80
+
81
+
strictDeps = true;
82
+
83
+
nativeBuildInputs = [
84
+
cmake
85
+
pkg-config
86
+
qtdeclarative # qmlplugindump
87
+
];
88
+
89
+
buildInputs = [
90
+
boost
91
+
cmake-extras
92
+
dbus
93
+
dbus-cpp
94
+
libapparmor
95
+
libelf
96
+
process-cpp
97
+
properties-cpp
98
+
qtbase
99
+
qtdeclarative
100
+
sqlite
101
+
];
102
+
103
+
checkInputs = [
104
+
gtest
105
+
];
106
+
107
+
dontWrapQtApps = true;
108
+
109
+
cmakeFlags = [
110
+
"-DENABLE_WERROR=OFF"
111
+
"-DWITH_HYBRIS=OFF"
112
+
];
113
+
114
+
preBuild = ''
115
+
# Generating plugins.qmltypes (also used in checkPhase?)
116
+
export QT_PLUGIN_PATH=${lib.getBin qtbase}/${qtbase.qtPluginPrefix}
117
+
'';
118
+
119
+
doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
120
+
121
+
meta = with lib; {
122
+
description = "Mediates/multiplexes access to biometric devices";
123
+
longDescription = ''
124
+
biometryd mediates and multiplexes access to biometric devices present
125
+
on the system, enabling applications and system components to leverage
126
+
them for identification and verification of users.
127
+
'';
128
+
homepage = "https://gitlab.com/ubports/development/core/biometryd";
129
+
license = licenses.lgpl3Only;
130
+
maintainers = teams.lomiri.members;
131
+
mainProgram = "biometryd";
132
+
platforms = platforms.linux;
133
+
pkgConfigModules = [
134
+
"biometryd"
135
+
];
136
+
};
137
+
})
+2
-2
pkgs/development/compilers/flix/default.nix
+2
-2
pkgs/development/compilers/flix/default.nix
+2
-2
pkgs/development/libraries/ctranslate2/default.nix
+2
-2
pkgs/development/libraries/ctranslate2/default.nix
+2
-2
pkgs/development/libraries/libadwaita/default.nix
+2
-2
pkgs/development/libraries/libadwaita/default.nix
···
21
22
stdenv.mkDerivation rec {
23
pname = "libadwaita";
24
-
version = "1.4.0";
25
26
outputs = [ "out" "dev" "devdoc" ];
27
outputBin = "devdoc"; # demo app
···
31
owner = "GNOME";
32
repo = "libadwaita";
33
rev = version;
34
-
hash = "sha256-LXrlTca50ALo+Nm55fwXNb4k3haLqHNnzLPc08VhA5s=";
35
};
36
37
depsBuildBuild = [
···
21
22
stdenv.mkDerivation rec {
23
pname = "libadwaita";
24
+
version = "1.4.1";
25
26
outputs = [ "out" "dev" "devdoc" ];
27
outputBin = "devdoc"; # demo app
···
31
owner = "GNOME";
32
repo = "libadwaita";
33
rev = version;
34
+
hash = "sha256-ztbvVRkNbkeAomRIxToUEQrYB5XnG1WPcfSB/iXHKoA=";
35
};
36
37
depsBuildBuild = [
+59
pkgs/development/libraries/qzxing/default.nix
+59
pkgs/development/libraries/qzxing/default.nix
···
···
1
+
{ stdenv
2
+
, lib
3
+
, fetchFromGitHub
4
+
, nix-update-script
5
+
, testers
6
+
, qmake
7
+
, qtmultimedia
8
+
}:
9
+
10
+
stdenv.mkDerivation (finalAttrs: {
11
+
pname = "qzxing";
12
+
version = "3.3.0";
13
+
14
+
src = fetchFromGitHub {
15
+
owner = "ftylitak";
16
+
repo = "qzxing";
17
+
rev = "v${finalAttrs.version}";
18
+
hash = "sha256-ASgsF5ocNWAiIy2jm6ygpDkggBcEpno6iVNWYkuWcVI=";
19
+
};
20
+
21
+
# QMake can't find qtmultimedia in buildInputs
22
+
strictDeps = false;
23
+
24
+
nativeBuildInputs = [
25
+
qmake
26
+
];
27
+
28
+
buildInputs = [
29
+
qtmultimedia
30
+
];
31
+
32
+
dontWrapQtApps = true;
33
+
34
+
preConfigure = ''
35
+
cd src
36
+
'';
37
+
38
+
qmakeFlags = [
39
+
"CONFIG+=qzxing_qml"
40
+
"CONFIG+=qzxing_multimedia"
41
+
"QMAKE_PKGCONFIG_PREFIX=${placeholder "out"}"
42
+
];
43
+
44
+
passthru = {
45
+
tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
46
+
updateScript = nix-update-script { };
47
+
};
48
+
49
+
meta = with lib; {
50
+
description = "Qt/QML wrapper library for the ZXing library";
51
+
homepage = "https://github.com/ftylitak/qzxing";
52
+
license = licenses.asl20;
53
+
maintainers = with maintainers; [ OPNA2608 ];
54
+
platforms = platforms.unix;
55
+
pkgConfigModules = [
56
+
"QZXing"
57
+
];
58
+
};
59
+
})
+22
-7
pkgs/development/python-modules/amazon-ion/default.nix
+22
-7
pkgs/development/python-modules/amazon-ion/default.nix
···
1
{ lib
2
, buildPythonPackage
3
, fetchFromGitHub
4
, jsonconversion
5
-
, six
6
, pytestCheckHook
7
, pythonOlder
8
}:
9
10
buildPythonPackage rec {
11
pname = "amazon-ion";
12
-
version = "0.10.0";
13
-
format = "setuptools";
14
15
disabled = pythonOlder "3.7";
16
17
-
# test vectors require git submodule
18
src = fetchFromGitHub {
19
-
owner = "amzn";
20
repo = "ion-python";
21
rev = "refs/tags/v${version}";
22
fetchSubmodules = true;
23
-
hash = "sha256-pCm3jd/dVqO/uIvT5N/w5yoUWU6ni62Pl2A862e+qSk=";
24
};
25
26
postPatch = ''
···
28
--replace "'pytest-runner'," ""
29
'';
30
31
propagatedBuildInputs = [
32
jsonconversion
33
six
34
];
35
36
nativeCheckInputs = [
37
pytestCheckHook
38
];
39
40
disabledTests = [
···
42
"test_roundtrips"
43
];
44
45
pythonImportsCheck = [
46
"amazon.ion"
47
];
48
49
meta = with lib; {
50
description = "Python implementation of Amazon Ion";
51
-
homepage = "https://github.com/amzn/ion-python";
52
sourceProvenance = with sourceTypes; [
53
fromSource
54
binaryNativeCode
···
1
{ lib
2
, buildPythonPackage
3
+
, docopt
4
, fetchFromGitHub
5
, jsonconversion
6
, pytestCheckHook
7
, pythonOlder
8
+
, setuptools
9
+
, six
10
+
, tabulate
11
}:
12
13
buildPythonPackage rec {
14
pname = "amazon-ion";
15
+
version = "0.11.2";
16
+
pyproject = true;
17
18
disabled = pythonOlder "3.7";
19
20
src = fetchFromGitHub {
21
+
owner = "amazon-ion";
22
repo = "ion-python";
23
rev = "refs/tags/v${version}";
24
+
# Test vectors require git submodule
25
fetchSubmodules = true;
26
+
hash = "sha256-0/+bX02qTbOydWDxex4OWL7woP7dW1yJZBmDZAivE7U=";
27
};
28
29
postPatch = ''
···
31
--replace "'pytest-runner'," ""
32
'';
33
34
+
nativeBuildInputs = [
35
+
setuptools
36
+
];
37
+
38
propagatedBuildInputs = [
39
jsonconversion
40
six
41
];
42
43
nativeCheckInputs = [
44
+
docopt
45
pytestCheckHook
46
+
tabulate
47
];
48
49
disabledTests = [
···
51
"test_roundtrips"
52
];
53
54
+
disabledTestPaths = [
55
+
# Exclude benchmarks
56
+
"tests/test_benchmark_cli.py"
57
+
];
58
+
59
pythonImportsCheck = [
60
"amazon.ion"
61
];
62
63
meta = with lib; {
64
description = "Python implementation of Amazon Ion";
65
+
homepage = "https://github.com/amazon-ion/ion-python";
66
+
changelog = "https://github.com/amazon-ion/ion-python/releases/tag/v${version}";
67
sourceProvenance = with sourceTypes; [
68
fromSource
69
binaryNativeCode
+42
pkgs/development/python-modules/vprof/default.nix
+42
pkgs/development/python-modules/vprof/default.nix
···
···
1
+
{ lib
2
+
, buildPythonPackage
3
+
, fetchPypi
4
+
, setuptools
5
+
, wheel
6
+
, psutil
7
+
}:
8
+
9
+
buildPythonPackage rec {
10
+
pname = "vprof";
11
+
version = "0.38";
12
+
pyproject = true;
13
+
14
+
# We use the Pypi source rather than the GitHub ones because the former include the javascript
15
+
# dependency for the UI.
16
+
src = fetchPypi {
17
+
inherit pname version;
18
+
hash = "sha256-fxAAkS7rekUMfJTTzJZzmvRa0P8B1avMCwmhddQP+ts=";
19
+
};
20
+
21
+
nativeBuildInputs = [
22
+
setuptools
23
+
wheel
24
+
];
25
+
26
+
propagatedBuildInputs = [
27
+
psutil
28
+
];
29
+
30
+
pythonImportsCheck = [ "vprof" ];
31
+
32
+
# The tests are not included in the Pypi sources
33
+
doCheck = false;
34
+
35
+
meta = with lib; {
36
+
description = "Visual profiler for Python";
37
+
homepage = "https://github.com/nvdv/vprof";
38
+
license = licenses.bsd2;
39
+
maintainers = with maintainers; [ GaetanLepage ];
40
+
mainProgram = "vprof";
41
+
};
42
+
}
+3
-3
pkgs/development/tools/misc/hydra/unstable.nix
+3
-3
pkgs/development/tools/misc/hydra/unstable.nix
···
123
in
124
stdenv.mkDerivation rec {
125
pname = "hydra";
126
-
version = "2023-11-17";
127
128
src = fetchFromGitHub {
129
owner = "NixOS";
130
repo = "hydra";
131
-
rev = "8f48e4ddecbf403be35f8243b97d73cb39dd61bb";
132
-
hash = "sha256-5q/7yz6jJedD8YU3SuYyXtN3qEAlOBRKGZxOcYt/0X8=";
133
};
134
135
buildInputs = [
···
123
in
124
stdenv.mkDerivation rec {
125
pname = "hydra";
126
+
version = "2023-12-01";
127
128
src = fetchFromGitHub {
129
owner = "NixOS";
130
repo = "hydra";
131
+
rev = "4d1c8505120961f10897b8fe9a070d4e193c9a13";
132
+
hash = "sha256-vXTuE83GL15mgZHegbllVAsVdDFcWWSayPfZxTJN5ys=";
133
};
134
135
buildInputs = [
+2
-2
pkgs/development/tools/misc/phpunit/default.nix
pkgs/by-name/ph/phpunit/package.nix
+2
-2
pkgs/development/tools/misc/phpunit/default.nix
pkgs/by-name/ph/phpunit/package.nix
···
2
3
php.buildComposerProject (finalAttrs: {
4
pname = "phpunit";
5
-
version = "10.5.0";
6
7
src = fetchFromGitHub {
8
owner = "sebastianbergmann";
9
repo = "phpunit";
10
rev = finalAttrs.version;
11
-
hash = "sha256-CpgYMUJE7c2eRBYkK/vMRdGgzY7Y7K/wMmyUH+Bssjs=";
12
};
13
14
vendorHash = "sha256-uUdgz3ZZ+3nU07pUC1sdkNgU1b1beo3sS/yySUzdZwU=";
···
2
3
php.buildComposerProject (finalAttrs: {
4
pname = "phpunit";
5
+
version = "10.5.1";
6
7
src = fetchFromGitHub {
8
owner = "sebastianbergmann";
9
repo = "phpunit";
10
rev = finalAttrs.version;
11
+
hash = "sha256-uYSVzKLefcBMqfrHaF6pg4gohAeb6LVg8QGaTS8jwfE=";
12
};
13
14
vendorHash = "sha256-uUdgz3ZZ+3nU07pUC1sdkNgU1b1beo3sS/yySUzdZwU=";
+15
-3
pkgs/development/tools/rust/ravedude/default.nix
+15
-3
pkgs/development/tools/rust/ravedude/default.nix
···
3
, fetchCrate
4
, pkg-config
5
, udev
6
}:
7
8
rustPlatform.buildRustPackage rec {
9
pname = "ravedude";
10
-
version = "0.1.5";
11
12
src = fetchCrate {
13
inherit pname version;
14
-
hash = "sha256-wcY9fvfIn1pWMAh5FI/QFl18CV2xjmRGSwwoRfGvujo=";
15
};
16
17
-
cargoHash = "sha256-AOIrB0FRagbA2+JEURF41d+th0AbR++U5WKCcZmh4Os=";
18
19
nativeBuildInputs = [ pkg-config ];
20
21
buildInputs = [ udev ];
22
23
meta = with lib; {
24
description = "Tool to easily flash code onto an AVR microcontroller with avrdude";
25
homepage = "https://crates.io/crates/ravedude";
26
license = with licenses; [ mit /* or */ asl20 ];
27
platforms = platforms.linux;
28
maintainers = with maintainers; [ rvarago ];
29
};
30
}
···
3
, fetchCrate
4
, pkg-config
5
, udev
6
+
, nix-update-script
7
+
, testers
8
+
, ravedude
9
}:
10
11
rustPlatform.buildRustPackage rec {
12
pname = "ravedude";
13
+
version = "0.1.6";
14
15
src = fetchCrate {
16
inherit pname version;
17
+
hash = "sha256-LhPRz3DUMDoe50Hq3yO+2BHpyh5fQ4sMNGLttjkdSZw=";
18
};
19
20
+
cargoHash = "sha256-Uo8wlTAHBkn/WeGPhPP+BU80wjSyNHsWQj8QvA7mHrk=";
21
22
nativeBuildInputs = [ pkg-config ];
23
24
buildInputs = [ udev ];
25
26
+
passthru = {
27
+
updateScript = nix-update-script { };
28
+
tests.version = testers.testVersion {
29
+
package = ravedude;
30
+
version = "v${version}";
31
+
};
32
+
};
33
+
34
meta = with lib; {
35
description = "Tool to easily flash code onto an AVR microcontroller with avrdude";
36
homepage = "https://crates.io/crates/ravedude";
37
license = with licenses; [ mit /* or */ asl20 ];
38
platforms = platforms.linux;
39
maintainers = with maintainers; [ rvarago ];
40
+
mainProgram = "ravedude";
41
};
42
}
+3
-3
pkgs/tools/admin/berglas/default.nix
+3
-3
pkgs/tools/admin/berglas/default.nix
···
27
28
buildGoModule rec {
29
pname = "berglas";
30
-
version = "1.0.3";
31
32
src = fetchFromGitHub {
33
owner = "GoogleCloudPlatform";
34
repo = pname;
35
rev = "v${version}";
36
-
sha256 = "sha256-4hbRX0kKMWixcu5SWjrM5lVvhLMOaeBdG4GH5NVAh70=";
37
};
38
39
-
vendorHash = "sha256-qcFS07gma7GVxhdrYca0E6rcczNcZmU8JcjjcpEaxp0=";
40
41
ldflags = [
42
"-s"
···
27
28
buildGoModule rec {
29
pname = "berglas";
30
+
version = "2.0.1";
31
32
src = fetchFromGitHub {
33
owner = "GoogleCloudPlatform";
34
repo = pname;
35
rev = "v${version}";
36
+
sha256 = "sha256-Jf6yPVydM7UnG1yiLEFe+7FMkWANIQebZ3QAwg6/OQs=";
37
};
38
39
+
vendorHash = "sha256-3WDBl/GqCgRFMmh6TQvtHhACCRzf9sdIO8fel8CAMP0=";
40
41
ldflags = [
42
"-s"
+15
pkgs/tools/security/clevis/default.nix
+15
pkgs/tools/security/clevis/default.nix
···
16
, ninja
17
, pkg-config
18
, tpm2-tools
19
}:
20
21
stdenv.mkDerivation rec {
···
28
rev = "refs/tags/v${version}";
29
hash = "sha256-3J3ti/jRiv+p3eVvJD7u0ko28rPd8Gte0mCJaVaqyOs=";
30
};
31
32
postPatch = ''
33
for f in $(find src/ -type f); do
···
64
"out"
65
"man"
66
];
67
68
meta = with lib; {
69
description = "Automated Encryption Framework";
···
16
, ninja
17
, pkg-config
18
, tpm2-tools
19
+
, nixosTests
20
}:
21
22
stdenv.mkDerivation rec {
···
29
rev = "refs/tags/v${version}";
30
hash = "sha256-3J3ti/jRiv+p3eVvJD7u0ko28rPd8Gte0mCJaVaqyOs=";
31
};
32
+
33
+
patches = [
34
+
# Replaces the clevis-decrypt 300s timeout to a 10s timeout
35
+
# https://github.com/latchset/clevis/issues/289
36
+
./tang-timeout.patch
37
+
];
38
39
postPatch = ''
40
for f in $(find src/ -type f); do
···
71
"out"
72
"man"
73
];
74
+
75
+
passthru.tests = {
76
+
inherit (nixosTests.installer) clevisBcachefs clevisBcachefsFallback clevisLuks clevisLuksFallback clevisZfs clevisZfsFallback;
77
+
clevisLuksSystemdStage1 = nixosTests.installer-systemd-stage-1.clevisLuks;
78
+
clevisLuksFallbackSystemdStage1 = nixosTests.installer-systemd-stage-1.clevisLuksFallback;
79
+
clevisZfsSystemdStage1 = nixosTests.installer-systemd-stage-1.clevisZfs;
80
+
clevisZfsFallbackSystemdStage1 = nixosTests.installer-systemd-stage-1.clevisZfsFallback;
81
+
};
82
83
meta = with lib; {
84
description = "Automated Encryption Framework";
+13
pkgs/tools/security/clevis/tang-timeout.patch
+13
pkgs/tools/security/clevis/tang-timeout.patch
···
···
1
+
diff --git a/src/pins/tang/clevis-decrypt-tang b/src/pins/tang/clevis-decrypt-tang
2
+
index 72393b4..40b660f 100755
3
+
--- a/src/pins/tang/clevis-decrypt-tang
4
+
+++ b/src/pins/tang/clevis-decrypt-tang
5
+
@@ -101,7 +101,7 @@ xfr="$(jose jwk exc -i '{"alg":"ECMR"}' -l- -r- <<< "$clt$eph")"
6
+
7
+
rec_url="$url/rec/$kid"
8
+
ct="Content-Type: application/jwk+json"
9
+
-if ! rep="$(curl -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then
10
+
+if ! rep="$(curl --connect-timeout 10 -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then
11
+
echo "Error communicating with server $url" >&2
12
+
exit 1
13
+
fi
+4
-2
pkgs/tools/security/qdigidoc/default.nix
+4
-2
pkgs/tools/security/qdigidoc/default.nix
···
2
, mkDerivation
3
, fetchurl
4
, cmake
5
, gettext
6
, pkg-config
7
, libdigidocpp
···
16
17
mkDerivation rec {
18
pname = "qdigidoc";
19
-
version = "4.2.12";
20
21
src = fetchurl {
22
url =
23
"https://github.com/open-eid/DigiDoc4-Client/releases/download/v${version}/qdigidoc4-${version}.tar.gz";
24
-
hash = "sha256-6bso1qvhVhbBfrcTq4S+aHtHli7X2A926N4r45ztq4E=";
25
};
26
27
tsl = fetchurl {
···
37
'';
38
39
buildInputs = [
40
libdigidocpp
41
opensc
42
openldap
···
2
, mkDerivation
3
, fetchurl
4
, cmake
5
+
, flatbuffers
6
, gettext
7
, pkg-config
8
, libdigidocpp
···
17
18
mkDerivation rec {
19
pname = "qdigidoc";
20
+
version = "4.4.0";
21
22
src = fetchurl {
23
url =
24
"https://github.com/open-eid/DigiDoc4-Client/releases/download/v${version}/qdigidoc4-${version}.tar.gz";
25
+
hash = "sha256-5zo0yoY0wufm9DWRIccxJ5g4DXn75nT4fd2h+5QP4oQ=";
26
};
27
28
tsl = fetchurl {
···
38
'';
39
40
buildInputs = [
41
+
flatbuffers
42
libdigidocpp
43
opensc
44
openldap
+5
-2
pkgs/tools/wayland/sov/default.nix
pkgs/by-name/so/sov/package.nix
+5
-2
pkgs/tools/wayland/sov/default.nix
pkgs/by-name/so/sov/package.nix
···
11
, libxkbcommon
12
, wayland
13
, wayland-protocols
14
}:
15
16
stdenv.mkDerivation (finalAttrs: {
17
pname = "sov";
18
-
version = "0.92b";
19
20
src = fetchFromGitHub {
21
owner = "milgra";
22
repo = "sov";
23
rev = finalAttrs.version;
24
-
hash = "sha256-1L5D0pzcXbkz3VS7VB6ID8BJEbGeNxjo3xCr71CGcIo=";
25
};
26
27
patches = [
···
53
wayland
54
wayland-protocols
55
];
56
57
meta = {
58
description = "Workspace overview app for sway";
···
11
, libxkbcommon
12
, wayland
13
, wayland-protocols
14
+
, gitUpdater
15
}:
16
17
stdenv.mkDerivation (finalAttrs: {
18
pname = "sov";
19
+
version = "0.93";
20
21
src = fetchFromGitHub {
22
owner = "milgra";
23
repo = "sov";
24
rev = finalAttrs.version;
25
+
hash = "sha256-Oc25ixrl0QX0jBBMV34BPAixyBikvevXJ1JNGZymPhg=";
26
};
27
28
patches = [
···
54
wayland
55
wayland-protocols
56
];
57
+
58
+
passthru.updateScript = gitUpdater { };
59
60
meta = {
61
description = "Workspace overview app for sway";
+6
-8
pkgs/top-level/all-packages.nix
+6
-8
pkgs/top-level/all-packages.nix
···
2114
2115
vopono = callPackage ../tools/networking/vopono { };
2116
2117
vrc-get = callPackage ../tools/misc/vrc-get {
2118
inherit (darwin.apple_sdk.frameworks) Security;
2119
};
···
4777
shotman = callPackage ../tools/wayland/shotman { };
4778
4779
slurp = callPackage ../tools/wayland/slurp { };
4780
-
4781
-
sov = callPackage ../tools/wayland/sov { };
4782
4783
swaykbdd = callPackage ../tools/wayland/swaykbdd { };
4784
···
18291
18292
karma-runner = callPackage ../development/tools/karma-runner { };
18293
18294
-
phpunit = callPackage ../development/tools/misc/phpunit { };
18295
-
18296
teller = callPackage ../development/tools/teller { };
18297
18298
yakut = python3Packages.callPackage ../development/tools/misc/yakut { };
···
19160
19161
fprettify = callPackage ../development/tools/fprettify { };
19162
19163
-
framac = callPackage ../development/tools/analysis/frama-c { };
19164
19165
frame = callPackage ../development/libraries/frame { };
19166
···
22062
22063
hwloc = callPackage ../development/libraries/hwloc { };
22064
22065
-
hydra_unstable = callPackage ../development/tools/misc/hydra/unstable.nix { nix = nixVersions.nix_2_17; };
22066
22067
hydra-cli = callPackage ../development/tools/misc/hydra-cli { };
22068
···
34378
nheko = libsForQt5.callPackage ../applications/networking/instant-messengers/nheko { };
34379
34380
nomacs = libsForQt5.callPackage ../applications/graphics/nomacs { };
34381
-
34382
-
normcap = callPackage ../applications/graphics/normcap { };
34383
34384
notepad-next = libsForQt5.callPackage ../applications/editors/notepad-next { };
34385
···
2114
2115
vopono = callPackage ../tools/networking/vopono { };
2116
2117
+
vprof = with python3Packages; toPythonApplication vprof;
2118
+
2119
vrc-get = callPackage ../tools/misc/vrc-get {
2120
inherit (darwin.apple_sdk.frameworks) Security;
2121
};
···
4779
shotman = callPackage ../tools/wayland/shotman { };
4780
4781
slurp = callPackage ../tools/wayland/slurp { };
4782
4783
swaykbdd = callPackage ../tools/wayland/swaykbdd { };
4784
···
18291
18292
karma-runner = callPackage ../development/tools/karma-runner { };
18293
18294
teller = callPackage ../development/tools/teller { };
18295
18296
yakut = python3Packages.callPackage ../development/tools/misc/yakut { };
···
19158
19159
fprettify = callPackage ../development/tools/fprettify { };
19160
19161
+
framac = callPackage ../development/tools/analysis/frama-c {
19162
+
why3 = pkgs.why3.override { version = "1.6.0"; };
19163
+
};
19164
19165
frame = callPackage ../development/libraries/frame { };
19166
···
22062
22063
hwloc = callPackage ../development/libraries/hwloc { };
22064
22065
+
hydra_unstable = callPackage ../development/tools/misc/hydra/unstable.nix { nix = nixVersions.nix_2_18; };
22066
22067
hydra-cli = callPackage ../development/tools/misc/hydra-cli { };
22068
···
34378
nheko = libsForQt5.callPackage ../applications/networking/instant-messengers/nheko { };
34379
34380
nomacs = libsForQt5.callPackage ../applications/graphics/nomacs { };
34381
34382
notepad-next = libsForQt5.callPackage ../applications/editors/notepad-next { };
34383
+2
pkgs/top-level/python-packages.nix
+2
pkgs/top-level/python-packages.nix
···
15585
15586
vpk = callPackage ../development/python-modules/vpk { };
15587
15588
+
vprof = callPackage ../development/python-modules/vprof { };
15589
+
15590
vqgan-jax = callPackage ../development/python-modules/vqgan-jax { };
15591
15592
vsts = callPackage ../development/python-modules/vsts { };
+2
pkgs/top-level/qt5-packages.nix
+2
pkgs/top-level/qt5-packages.nix
+2
pkgs/top-level/qt6-packages.nix
+2
pkgs/top-level/qt6-packages.nix