+1

.github/CODEOWNERS

··· 28 28 /lib/cli.nix @edolstra @nbp @Profpatsch 29 29 /lib/debug.nix @edolstra @nbp @Profpatsch 30 30 /lib/asserts.nix @edolstra @nbp @Profpatsch 31 31 + /lib/path.* @infinisil @fricklerhandwerk 31 32 32 33 # Nixpkgs Internals 33 34 /default.nix @nbp

+1

doc/doc-support/default.nix

··· 12 12 { name = "lists"; description = "list manipulation functions"; } 13 13 { name = "debug"; description = "debugging functions"; } 14 14 { name = "options"; description = "NixOS / nixpkgs option handling"; } 15 15 + { name = "path"; description = "path functions"; } 15 16 { name = "filesystem"; description = "filesystem functions"; } 16 17 { name = "sources"; description = "source filtering functions"; } 17 18 { name = "cli"; description = "command-line serialization functions"; }

+5 -1

doc/doc-support/lib-function-docs.nix

··· 10 10 installPhase = '' 11 11 function docgen { 12 12 # TODO: wrap lib.$1 in <literal>, make nixdoc not escape it 13 13 - nixdoc -c "$1" -d "lib.$1: $2" -f "$1.nix" > "$out/$1.xml" 13 13 + if [[ -e "../lib/$1.nix" ]]; then 14 14 + nixdoc -c "$1" -d "lib.$1: $2" -f "$1.nix" > "$out/$1.xml" 15 15 + else 16 16 + nixdoc -c "$1" -d "lib.$1: $2" -f "$1/default.nix" > "$out/$1.xml" 17 17 + fi 14 18 echo "<xi:include href='$1.xml' />" >> "$out/index.xml" 15 19 } 16 20

+9 -7

doc/doc-support/lib-function-locations.nix

··· 2 2 let 3 3 revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.revision or "master"); 4 4 5 5 - libDefPos = set: 6 6 - builtins.map 7 7 - (name: { 8 8 - name = name; 5 5 + libDefPos = prefix: set: 6 6 + builtins.concatMap 7 7 + (name: [{ 8 8 + name = builtins.concatStringsSep "." (prefix ++ [name]); 9 9 location = builtins.unsafeGetAttrPos name set; 10 10 - }) 11 11 - (builtins.attrNames set); 10 10 + }] ++ nixpkgsLib.optionals 11 11 + (builtins.length prefix == 0 && builtins.isAttrs set.${name}) 12 12 + (libDefPos (prefix ++ [name]) set.${name}) 13 13 + ) (builtins.attrNames set); 12 14 13 15 libset = toplib: 14 16 builtins.map 15 17 (subsetname: { 16 18 subsetname = subsetname; 17 17 - functions = libDefPos toplib.${subsetname}; 19 19 + functions = libDefPos [] toplib.${subsetname}; 18 20 }) 19 21 (builtins.map (x: x.name) libsets); 20 22

+15 -1

doc/languages-frameworks/python.section.md

··· 570 570 571 571 ``` 572 572 checkInputs = [ pytest ]; 573 573 - checkPhase = "pytest"; 573 573 + checkPhase = '' 574 574 + runHook preCheck 575 575 + 576 576 + pytest 577 577 + 578 578 + runHook postCheck 579 579 + ''; 574 580 ``` 575 581 576 582 However, many repositories' test suites do not translate well to nix's build ··· 582 588 checkInputs = [ pytest ]; 583 589 # avoid tests which need additional data or touch network 584 590 checkPhase = '' 591 591 + runHook preCheck 592 592 + 585 593 pytest tests/ --ignore=tests/integration -k 'not download and not update' 594 594 + 595 595 + runHook postCheck 586 596 ''; 587 597 ``` 588 598 ··· 1408 1418 # assumes the tests are located in tests 1409 1419 checkInputs = [ pytest ]; 1410 1420 checkPhase = '' 1421 1421 + runHook preCheck 1422 1422 + 1411 1423 py.test -k 'not function_name and not other_function' tests 1424 1424 + 1425 1425 + runHook postCheck 1412 1426 ''; 1413 1427 } 1414 1428 ```

+2 -1

lib/default.nix

··· 27 27 maintainers = import ../maintainers/maintainer-list.nix; 28 28 teams = callLibs ../maintainers/team-list.nix; 29 29 meta = callLibs ./meta.nix; 30 30 - sources = callLibs ./sources.nix; 31 30 versions = callLibs ./versions.nix; 32 31 33 32 # module system ··· 53 52 fetchers = callLibs ./fetchers.nix; 54 53 55 54 # Eval-time filesystem handling 55 55 + path = callLibs ./path; 56 56 filesystem = callLibs ./filesystem.nix; 57 57 + sources = callLibs ./sources.nix; 57 58 58 59 # back-compat aliases 59 60 platforms = self.systems.doubles;

+196

lib/path/README.md

··· 1 1 + # Path library 2 2 + 3 3 + This document explains why the `lib.path` library is designed the way it is. 4 4 + 5 5 + The purpose of this library is to process [filesystem paths]. It does not read files from the filesystem. 6 6 + It exists to support the native Nix [path value type] with extra functionality. 7 7 + 8 8 + [filesystem paths]: https://en.m.wikipedia.org/wiki/Path_(computing) 9 9 + [path value type]: https://nixos.org/manual/nix/stable/language/values.html#type-path 10 10 + 11 11 + As an extension of the path value type, it inherits the same intended use cases and limitations: 12 12 + - Only use paths to access files at evaluation time, such as the local project source. 13 13 + - Paths cannot point to derivations, so they are unfit to represent dependencies. 14 14 + - A path implicitly imports the referenced files into the Nix store when interpolated to a string. Therefore paths are not suitable to access files at build- or run-time, as you risk importing the path from the evaluation system instead. 15 15 + 16 16 + Overall, this library works with two types of paths: 17 17 + - Absolute paths are represented with the Nix [path value type]. Nix automatically normalises these paths. 18 18 + - Subpaths are represented with the [string value type] since path value types don't support relative paths. This library normalises these paths as safely as possible. Absolute paths in strings are not supported. 19 19 + 20 20 + A subpath refers to a specific file or directory within an absolute base directory. 21 21 + It is a stricter form of a relative path, notably [without support for `..` components][parents] since those could escape the base directory. 22 22 + 23 23 + [string value type]: https://nixos.org/manual/nix/stable/language/values.html#type-string 24 24 + 25 25 + This library is designed to be as safe and intuitive as possible, throwing errors when operations are attempted that would produce surprising results, and giving the expected result otherwise. 26 26 + 27 27 + This library is designed to work well as a dependency for the `lib.filesystem` and `lib.sources` library components. Contrary to these library components, `lib.path` does not read any paths from the filesystem. 28 28 + 29 29 + This library makes only these assumptions about paths and no others: 30 30 + - `dirOf path` returns the path to the parent directory of `path`, unless `path` is the filesystem root, in which case `path` is returned. 31 31 + - There can be multiple filesystem roots: `p == dirOf p` and `q == dirOf q` does not imply `p == q`. 32 32 + - While there's only a single filesystem root in stable Nix, the [lazy trees feature](https://github.com/NixOS/nix/pull/6530) introduces [additional filesystem roots](https://github.com/NixOS/nix/pull/6530#discussion_r1041442173). 33 33 + - `path + ("/" + string)` returns the path to the `string` subdirectory in `path`. 34 34 + - If `string` contains no `/` characters, then `dirOf (path + ("/" + string)) == path`. 35 35 + - If `string` contains no `/` characters, then `baseNameOf (path + ("/" + string)) == string`. 36 36 + - `path1 == path2` returns `true` only if `path1` points to the same filesystem path as `path2`. 37 37 + 38 38 + Notably we do not make the assumption that we can turn paths into strings using `toString path`. 39 39 + 40 40 + ## Design decisions 41 41 + 42 42 + Each subsection here contains a decision along with arguments and counter-arguments for (+) and against (-) that decision. 43 43 + 44 44 + ### Leading dots for relative paths 45 45 + [leading-dots]: #leading-dots-for-relative-paths 46 46 + 47 47 + Observing: Since subpaths are a form of relative paths, they can have a leading `./` to indicate it being a relative path, this is generally not necessary for tools though. 48 48 + 49 49 + Considering: Paths should be as explicit, consistent and unambiguous as possible. 50 50 + 51 51 + Decision: Returned subpaths should always have a leading `./`. 52 52 + 53 53 + <details> 54 54 + <summary>Arguments</summary> 55 55 + 56 56 + - (+) In shells, just running `foo` as a command wouldn't execute the file `foo`, whereas `./foo` would execute the file. In contrast, `foo/bar` does execute that file without the need for `./`. This can lead to confusion about when a `./` needs to be prefixed. If a `./` is always included, this becomes a non-issue. This effectively then means that paths don't overlap with command names. 57 57 + - (+) Prepending with `./` makes the subpaths always valid as relative Nix path expressions. 58 58 + - (+) Using paths in command line arguments could give problems if not escaped properly, e.g. if a path was `--version`. This is not a problem with `./--version`. This effectively then means that paths don't overlap with GNU-style command line options. 59 59 + - (-) `./` is not required to resolve relative paths, resolution always has an implicit `./` as prefix. 60 60 + - (-) It's less noisy without the `./`, e.g. in error messages. 61 61 + - (+) But similarly, it could be confusing whether something was even a path. 62 62 + e.g. `foo` could be anything, but `./foo` is more clearly a path. 63 63 + - (+) Makes it more uniform with absolute paths (those always start with `/`). 64 64 + - (-) That is not relevant for practical purposes. 65 65 + - (+) `find` also outputs results with `./`. 66 66 + - (-) But only if you give it an argument of `.`. If you give it the argument `some-directory`, it won't prefix that. 67 67 + - (-) `realpath --relative-to` doesn't prefix relative paths with `./`. 68 68 + - (+) There is no need to return the same result as `realpath`. 69 69 + 70 70 + </details> 71 71 + 72 72 + ### Representation of the current directory 73 73 + [curdir]: #representation-of-the-current-directory 74 74 + 75 75 + Observing: The subpath that produces the base directory can be represented with `.` or `./` or `./.`. 76 76 + 77 77 + Considering: Paths should be as consistent and unambiguous as possible. 78 78 + 79 79 + Decision: It should be `./.`. 80 80 + 81 81 + <details> 82 82 + <summary>Arguments</summary> 83 83 + 84 84 + - (+) `./` would be inconsistent with [the decision to not persist trailing slashes][trailing-slashes]. 85 85 + - (-) `.` is how `realpath` normalises paths. 86 86 + - (+) `.` can be interpreted as a shell command (it's a builtin for sourcing files in `bash` and `zsh`). 87 87 + - (+) `.` would be the only path without a `/`. It could not be used as a Nix path expression, since those require at least one `/` to be parsed as such. 88 88 + - (-) `./.` is rather long. 89 89 + - (-) We don't require users to type this though, as it's only output by the library. 90 90 + As inputs all three variants are supported for subpaths (and we can't do anything about absolute paths) 91 91 + - (-) `builtins.dirOf "foo" == "."`, so `.` would be consistent with that. 92 92 + - (+) `./.` is consistent with the [decision to have leading `./`][leading-dots]. 93 93 + - (+) `./.` is a valid Nix path expression, although this property does not hold for every relative path or subpath. 94 94 + 95 95 + </details> 96 96 + 97 97 + ### Subpath representation 98 98 + [relrepr]: #subpath-representation 99 99 + 100 100 + Observing: Subpaths such as `foo/bar` can be represented in various ways: 101 101 + - string: `"foo/bar"` 102 102 + - list with all the components: `[ "foo" "bar" ]` 103 103 + - attribute set: `{ type = "relative-path"; components = [ "foo" "bar" ]; }` 104 104 + 105 105 + Considering: Paths should be as safe to use as possible. We should generate string outputs in the library and not encourage users to do that themselves. 106 106 + 107 107 + Decision: Paths are represented as strings. 108 108 + 109 109 + <details> 110 110 + <summary>Arguments</summary> 111 111 + 112 112 + - (+) It's simpler for the users of the library. One doesn't have to convert a path a string before it can be used. 113 113 + - (+) Naively converting the list representation to a string with `concatStringsSep "/"` would break for `[]`, requiring library users to be more careful. 114 114 + - (+) It doesn't encourage people to do their own path processing and instead use the library. 115 115 + With a list representation it would seem easy to just use `lib.lists.init` to get the parent directory, but then it breaks for `.`, which would be represented as `[ ]`. 116 116 + - (+) `+` is convenient and doesn't work on lists and attribute sets. 117 117 + - (-) Shouldn't use `+` anyways, we export safer functions for path manipulation. 118 118 + 119 119 + </details> 120 120 + 121 121 + ### Parent directory 122 122 + [parents]: #parent-directory 123 123 + 124 124 + Observing: Relative paths can have `..` components, which refer to the parent directory. 125 125 + 126 126 + Considering: Paths should be as safe and unambiguous as possible. 127 127 + 128 128 + Decision: `..` path components in string paths are not supported, neither as inputs nor as outputs. Hence, string paths are called subpaths, rather than relative paths. 129 129 + 130 130 + <details> 131 131 + <summary>Arguments</summary> 132 132 + 133 133 + - (+) If we wanted relative paths to behave according to the "physical" interpretation (as a directory tree with relations between nodes), it would require resolving symlinks, since e.g. `foo/..` would not be the same as `.` if `foo` is a symlink. 134 134 + - (-) The "logical" interpretation is also valid (treating paths as a sequence of names), and is used by some software. It is simpler, and not using symlinks at all is safer. 135 135 + - (+) Mixing both models can lead to surprises. 136 136 + - (+) We can't resolve symlinks without filesystem access. 137 137 + - (+) Nix also doesn't support reading symlinks at evaluation time. 138 138 + - (-) We could just not handle such cases, e.g. `equals "foo" "foo/bar/.. == false`. The paths are different, we don't need to check whether the paths point to the same thing. 139 139 + - (+) Assume we said `relativeTo /foo /bar == "../bar"`. If this is used like `/bar/../foo` in the end, and `bar` turns out to be a symlink to somewhere else, this won't be accurate. 140 140 + - (-) We could decide to not support such ambiguous operations, or mark them as such, e.g. the normal `relativeTo` will error on such a case, but there could be `extendedRelativeTo` supporting that. 141 141 + - (-) `..` are a part of paths, a path library should therefore support it. 142 142 + - (+) If we can convincingly argue that all such use cases are better done e.g. with runtime tools, the library not supporting it can nudge people towards using those. 143 143 + - (-) We could allow "..", but only in the prefix. 144 144 + - (+) Then we'd have to throw an error for doing `append /some/path "../foo"`, making it non-composable. 145 145 + - (+) The same is for returning paths with `..`: `relativeTo /foo /bar => "../bar"` would produce a non-composable path. 146 146 + - (+) We argue that `..` is not needed at the Nix evaluation level, since we'd always start evaluation from the project root and don't go up from there. 147 147 + - (+) `..` is supported in Nix paths, turning them into absolute paths. 148 148 + - (-) This is ambiguous in the presence of symlinks. 149 149 + - (+) If you need `..` for building or runtime, you can use build-/run-time tooling to create those (e.g. `realpath` with `--relative-to`), or use absolute paths instead. 150 150 + This also gives you the ability to correctly handle symlinks. 151 151 + 152 152 + </details> 153 153 + 154 154 + ### Trailing slashes 155 155 + [trailing-slashes]: #trailing-slashes 156 156 + 157 157 + Observing: Subpaths can contain trailing slashes, like `foo/`, indicating that the path points to a directory and not a file. 158 158 + 159 159 + Considering: Paths should be as consistent as possible, there should only be a single normalisation for the same path. 160 160 + 161 161 + Decision: All functions remove trailing slashes in their results. 162 162 + 163 163 + <details> 164 164 + <summary>Arguments</summary> 165 165 + 166 166 + - (+) It allows normalisations to be unique, in that there's only a single normalisation for the same path. If trailing slashes were preserved, both `foo/bar` and `foo/bar/` would be valid but different normalisations for the same path. 167 167 + - Comparison to other frameworks to figure out the least surprising behavior: 168 168 + - (+) Nix itself doesn't support trailing slashes when parsing and doesn't preserve them when appending paths. 169 169 + - (-) [Rust's std::path](https://doc.rust-lang.org/std/path/index.html) does preserve them during [construction](https://doc.rust-lang.org/std/path/struct.Path.html#method.new). 170 170 + - (+) Doesn't preserve them when returning individual [components](https://doc.rust-lang.org/std/path/struct.Path.html#method.components). 171 171 + - (+) Doesn't preserve them when [canonicalizing](https://doc.rust-lang.org/std/path/struct.Path.html#method.canonicalize). 172 172 + - (+) [Python 3's pathlib](https://docs.python.org/3/library/pathlib.html#module-pathlib) doesn't preserve them during [construction](https://docs.python.org/3/library/pathlib.html#pathlib.PurePath). 173 173 + - Notably it represents the individual components as a list internally. 174 174 + - (-) [Haskell's filepath](https://hackage.haskell.org/package/filepath-1.4.100.0) has [explicit support](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html#g:6) for handling trailing slashes. 175 175 + - (-) Does preserve them for [normalisation](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html#v:normalise). 176 176 + - (-) [NodeJS's Path library](https://nodejs.org/api/path.html) preserves trailing slashes for [normalisation](https://nodejs.org/api/path.html#pathnormalizepath). 177 177 + - (+) For [parsing a path](https://nodejs.org/api/path.html#pathparsepath) into its significant elements, trailing slashes are not preserved. 178 178 + - (+) Nix's builtin function `dirOf` gives an unexpected result for paths with trailing slashes: `dirOf "foo/bar/" == "foo/bar"`. 179 179 + Inconsistently, `baseNameOf` works correctly though: `baseNameOf "foo/bar/" == "bar"`. 180 180 + - (-) We are writing a path library to improve handling of paths though, so we shouldn't use these functions and discourage their use. 181 181 + - (-) Unexpected result when normalising intermediate paths, like `relative.normalise ("foo" + "/") + "bar" == "foobar"`. 182 182 + - (+) This is not a practical use case though. 183 183 + - (+) Don't use `+` to append paths, this library has a `join` function for that. 184 184 + - (-) Users might use `+` out of habit though. 185 185 + - (+) The `realpath` command also removes trailing slashes. 186 186 + - (+) Even with a trailing slash, the path is the same, it's only an indication that it's a directory. 187 187 + 188 188 + </details> 189 189 + 190 190 + ## Other implementations and references 191 191 + 192 192 + - [Rust](https://doc.rust-lang.org/std/path/struct.Path.html) 193 193 + - [Python](https://docs.python.org/3/library/pathlib.html) 194 194 + - [Haskell](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html) 195 195 + - [Nodejs](https://nodejs.org/api/path.html) 196 196 + - [POSIX.1-2017](https://pubs.opengroup.org/onlinepubs/9699919799/nframe.html)

+218

lib/path/default.nix

··· 1 1 + # Functions for working with paths, see ./path.md 2 2 + { lib }: 3 3 + let 4 4 + 5 5 + inherit (builtins) 6 6 + isString 7 7 + split 8 8 + match 9 9 + ; 10 10 + 11 11 + inherit (lib.lists) 12 12 + length 13 13 + head 14 14 + last 15 15 + genList 16 16 + elemAt 17 17 + ; 18 18 + 19 19 + inherit (lib.strings) 20 20 + concatStringsSep 21 21 + substring 22 22 + ; 23 23 + 24 24 + inherit (lib.asserts) 25 25 + assertMsg 26 26 + ; 27 27 + 28 28 + # Return the reason why a subpath is invalid, or `null` if it's valid 29 29 + subpathInvalidReason = value: 30 30 + if ! isString value then 31 31 + "The given value is of type ${builtins.typeOf value}, but a string was expected" 32 32 + else if value == "" then 33 33 + "The given string is empty" 34 34 + else if substring 0 1 value == "/" then 35 35 + "The given string \"${value}\" starts with a `/`, representing an absolute path" 36 36 + # We don't support ".." components, see ./path.md#parent-directory 37 37 + else if match "(.*/)?\\.\\.(/.*)?" value != null then 38 38 + "The given string \"${value}\" contains a `..` component, which is not allowed in subpaths" 39 39 + else null; 40 40 + 41 41 + # Split and normalise a relative path string into its components. 42 42 + # Error for ".." components and doesn't include "." components 43 43 + splitRelPath = path: 44 44 + let 45 45 + # Split the string into its parts using regex for efficiency. This regex 46 46 + # matches patterns like "/", "/./", "/././", with arbitrarily many "/"s 47 47 + # together. These are the main special cases: 48 48 + # - Leading "./" gets split into a leading "." part 49 49 + # - Trailing "/." or "/" get split into a trailing "." or "" 50 50 + # part respectively 51 51 + # 52 52 + # These are the only cases where "." and "" parts can occur 53 53 + parts = split "/+(\\./+)*" path; 54 54 + 55 55 + # `split` creates a list of 2 * k + 1 elements, containing the k + 56 56 + # 1 parts, interleaved with k matches where k is the number of 57 57 + # (non-overlapping) matches. This calculation here gets the number of parts 58 58 + # back from the list length 59 59 + # floor( (2 * k + 1) / 2 ) + 1 == floor( k + 1/2 ) + 1 == k + 1 60 60 + partCount = length parts / 2 + 1; 61 61 + 62 62 + # To assemble the final list of components we want to: 63 63 + # - Skip a potential leading ".", normalising "./foo" to "foo" 64 64 + # - Skip a potential trailing "." or "", normalising "foo/" and "foo/." to 65 65 + # "foo". See ./path.md#trailing-slashes 66 66 + skipStart = if head parts == "." then 1 else 0; 67 67 + skipEnd = if last parts == "." || last parts == "" then 1 else 0; 68 68 + 69 69 + # We can now know the length of the result by removing the number of 70 70 + # skipped parts from the total number 71 71 + componentCount = partCount - skipEnd - skipStart; 72 72 + 73 73 + in 74 74 + # Special case of a single "." path component. Such a case leaves a 75 75 + # componentCount of -1 due to the skipStart/skipEnd not verifying that 76 76 + # they don't refer to the same character 77 77 + if path == "." then [] 78 78 + 79 79 + # Generate the result list directly. This is more efficient than a 80 80 + # combination of `filter`, `init` and `tail`, because here we don't 81 81 + # allocate any intermediate lists 82 82 + else genList (index: 83 83 + # To get to the element we need to add the number of parts we skip and 84 84 + # multiply by two due to the interleaved layout of `parts` 85 85 + elemAt parts ((skipStart + index) * 2) 86 86 + ) componentCount; 87 87 + 88 88 + # Join relative path components together 89 89 + joinRelPath = components: 90 90 + # Always return relative paths with `./` as a prefix (./path.md#leading-dots-for-relative-paths) 91 91 + "./" + 92 92 + # An empty string is not a valid relative path, so we need to return a `.` when we have no components 93 93 + (if components == [] then "." else concatStringsSep "/" components); 94 94 + 95 95 + in /* No rec! Add dependencies on this file at the top. */ { 96 96 + 97 97 + 98 98 + /* Whether a value is a valid subpath string. 99 99 + 100 100 + - The value is a string 101 101 + 102 102 + - The string is not empty 103 103 + 104 104 + - The string doesn't start with a `/` 105 105 + 106 106 + - The string doesn't contain any `..` path components 107 107 + 108 108 + Type: 109 109 + subpath.isValid :: String -> Bool 110 110 + 111 111 + Example: 112 112 + # Not a string 113 113 + subpath.isValid null 114 114 + => false 115 115 + 116 116 + # Empty string 117 117 + subpath.isValid "" 118 118 + => false 119 119 + 120 120 + # Absolute path 121 121 + subpath.isValid "/foo" 122 122 + => false 123 123 + 124 124 + # Contains a `..` path component 125 125 + subpath.isValid "../foo" 126 126 + => false 127 127 + 128 128 + # Valid subpath 129 129 + subpath.isValid "foo/bar" 130 130 + => true 131 131 + 132 132 + # Doesn't need to be normalised 133 133 + subpath.isValid "./foo//bar/" 134 134 + => true 135 135 + */ 136 136 + subpath.isValid = value: 137 137 + subpathInvalidReason value == null; 138 138 + 139 139 + 140 140 + /* Normalise a subpath. Throw an error if the subpath isn't valid, see 141 141 + `lib.path.subpath.isValid` 142 142 + 143 143 + - Limit repeating `/` to a single one 144 144 + 145 145 + - Remove redundant `.` components 146 146 + 147 147 + - Remove trailing `/` and `/.` 148 148 + 149 149 + - Add leading `./` 150 150 + 151 151 + Laws: 152 152 + 153 153 + - (Idempotency) Normalising multiple times gives the same result: 154 154 + 155 155 + subpath.normalise (subpath.normalise p) == subpath.normalise p 156 156 + 157 157 + - (Uniqueness) There's only a single normalisation for the paths that lead to the same file system node: 158 158 + 159 159 + subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q}) 160 160 + 161 161 + - Don't change the result when appended to a Nix path value: 162 162 + 163 163 + base + ("/" + p) == base + ("/" + subpath.normalise p) 164 164 + 165 165 + - Don't change the path according to `realpath`: 166 166 + 167 167 + $(realpath ${p}) == $(realpath ${subpath.normalise p}) 168 168 + 169 169 + - Only error on invalid subpaths: 170 170 + 171 171 + builtins.tryEval (subpath.normalise p)).success == subpath.isValid p 172 172 + 173 173 + Type: 174 174 + subpath.normalise :: String -> String 175 175 + 176 176 + Example: 177 177 + # limit repeating `/` to a single one 178 178 + subpath.normalise "foo//bar" 179 179 + => "./foo/bar" 180 180 + 181 181 + # remove redundant `.` components 182 182 + subpath.normalise "foo/./bar" 183 183 + => "./foo/bar" 184 184 + 185 185 + # add leading `./` 186 186 + subpath.normalise "foo/bar" 187 187 + => "./foo/bar" 188 188 + 189 189 + # remove trailing `/` 190 190 + subpath.normalise "foo/bar/" 191 191 + => "./foo/bar" 192 192 + 193 193 + # remove trailing `/.` 194 194 + subpath.normalise "foo/bar/." 195 195 + => "./foo/bar" 196 196 + 197 197 + # Return the current directory as `./.` 198 198 + subpath.normalise "." 199 199 + => "./." 200 200 + 201 201 + # error on `..` path components 202 202 + subpath.normalise "foo/../bar" 203 203 + => <error> 204 204 + 205 205 + # error on empty string 206 206 + subpath.normalise "" 207 207 + => <error> 208 208 + 209 209 + # error on absolute path 210 210 + subpath.normalise "/foo" 211 211 + => <error> 212 212 + */ 213 213 + subpath.normalise = path: 214 214 + assert assertMsg (subpathInvalidReason path == null) 215 215 + "lib.path.subpath.normalise: Argument is not a valid subpath string: ${subpathInvalidReason path}"; 216 216 + joinRelPath (splitRelPath path); 217 217 + 218 218 + }

+34

lib/path/tests/default.nix

··· 1 1 + { 2 2 + nixpkgs ? ../../.., 3 3 + system ? builtins.currentSystem, 4 4 + pkgs ? import nixpkgs { 5 5 + config = {}; 6 6 + overlays = []; 7 7 + inherit system; 8 8 + }, 9 9 + libpath ? ../.., 10 10 + # Random seed 11 11 + seed ? null, 12 12 + }: 13 13 + pkgs.runCommand "lib-path-tests" { 14 14 + nativeBuildInputs = with pkgs; [ 15 15 + nix 16 16 + jq 17 17 + bc 18 18 + ]; 19 19 + } '' 20 20 + # Needed to make Nix evaluation work 21 21 + export NIX_STATE_DIR=$(mktemp -d) 22 22 + 23 23 + cp -r ${libpath} lib 24 24 + export TEST_LIB=$PWD/lib 25 25 + 26 26 + echo "Running unit tests lib/path/tests/unit.nix" 27 27 + nix-instantiate --eval lib/path/tests/unit.nix \ 28 28 + --argstr libpath "$TEST_LIB" 29 29 + 30 30 + echo "Running property tests lib/path/tests/prop.sh" 31 31 + bash lib/path/tests/prop.sh ${toString seed} 32 32 + 33 33 + touch $out 34 34 + ''

+64

lib/path/tests/generate.awk

··· 1 1 + # Generate random path-like strings, separated by null characters. 2 2 + # 3 3 + # Invocation: 4 4 + # 5 5 + # awk -f ./generate.awk -v <variable>=<value> | tr '\0' '\n' 6 6 + # 7 7 + # Customizable variables (all default to 0): 8 8 + # - seed: Deterministic random seed to use for generation 9 9 + # - count: Number of paths to generate 10 10 + # - extradotweight: Give extra weight to dots being generated 11 11 + # - extraslashweight: Give extra weight to slashes being generated 12 12 + # - extranullweight: Give extra weight to null being generated, making paths shorter 13 13 + BEGIN { 14 14 + # Random seed, passed explicitly for reproducibility 15 15 + srand(seed) 16 16 + 17 17 + # Don't include special characters below 32 18 18 + minascii = 32 19 19 + # Don't include DEL at 128 20 20 + maxascii = 127 21 21 + upperascii = maxascii - minascii 22 22 + 23 23 + # add extra weight for ., in addition to the one weight from the ascii range 24 24 + upperdot = upperascii + extradotweight 25 25 + 26 26 + # add extra weight for /, in addition to the one weight from the ascii range 27 27 + upperslash = upperdot + extraslashweight 28 28 + 29 29 + # add extra weight for null, indicating the end of the string 30 30 + # Must be at least 1 to have strings end at all 31 31 + total = upperslash + 1 + extranullweight 32 32 + 33 33 + # new=1 indicates that it's a new string 34 34 + new=1 35 35 + while (count > 0) { 36 36 + 37 37 + # Random integer between [0, total) 38 38 + value = int(rand() * total) 39 39 + 40 40 + if (value < upperascii) { 41 41 + # Ascii range 42 42 + printf("%c", value + minascii) 43 43 + new=0 44 44 + 45 45 + } else if (value < upperdot) { 46 46 + # Dot range 47 47 + printf "." 48 48 + new=0 49 49 + 50 50 + } else if (value < upperslash) { 51 51 + # If it's the start of a new path, only generate a / in 10% of cases 52 52 + # This is always an invalid subpath, which is not a very interesting case 53 53 + if (new && rand() > 0.1) continue 54 54 + printf "/" 55 55 + 56 56 + } else { 57 57 + # Do not generate empty strings 58 58 + if (new) continue 59 59 + printf "\x00" 60 60 + count-- 61 61 + new=1 62 62 + } 63 63 + } 64 64 + }

+60

lib/path/tests/prop.nix

··· 1 1 + # Given a list of path-like strings, check some properties of the path library 2 2 + # using those paths and return a list of attribute sets of the following form: 3 3 + # 4 4 + # { <string> = <lib.path.subpath.normalise string>; } 5 5 + # 6 6 + # If `normalise` fails to evaluate, the attribute value is set to `""`. 7 7 + # If not, the resulting value is normalised again and an appropriate attribute set added to the output list. 8 8 + { 9 9 + # The path to the nixpkgs lib to use 10 10 + libpath, 11 11 + # A flat directory containing files with randomly-generated 12 12 + # path-like values 13 13 + dir, 14 14 + }: 15 15 + let 16 16 + lib = import libpath; 17 17 + 18 18 + # read each file into a string 19 19 + strings = map (name: 20 20 + builtins.readFile (dir + "/${name}") 21 21 + ) (builtins.attrNames (builtins.readDir dir)); 22 22 + 23 23 + inherit (lib.path.subpath) normalise isValid; 24 24 + inherit (lib.asserts) assertMsg; 25 25 + 26 26 + normaliseAndCheck = str: 27 27 + let 28 28 + originalValid = isValid str; 29 29 + 30 30 + tryOnce = builtins.tryEval (normalise str); 31 31 + tryTwice = builtins.tryEval (normalise tryOnce.value); 32 32 + 33 33 + absConcatOrig = /. + ("/" + str); 34 34 + absConcatNormalised = /. + ("/" + tryOnce.value); 35 35 + in 36 36 + # Check the lib.path.subpath.normalise property to only error on invalid subpaths 37 37 + assert assertMsg 38 38 + (originalValid -> tryOnce.success) 39 39 + "Even though string \"${str}\" is valid as a subpath, the normalisation for it failed"; 40 40 + assert assertMsg 41 41 + (! originalValid -> ! tryOnce.success) 42 42 + "Even though string \"${str}\" is invalid as a subpath, the normalisation for it succeeded"; 43 43 + 44 44 + # Check normalisation idempotency 45 45 + assert assertMsg 46 46 + (originalValid -> tryTwice.success) 47 47 + "For valid subpath \"${str}\", the normalisation \"${tryOnce.value}\" was not a valid subpath"; 48 48 + assert assertMsg 49 49 + (originalValid -> tryOnce.value == tryTwice.value) 50 50 + "For valid subpath \"${str}\", normalising it once gives \"${tryOnce.value}\" but normalising it twice gives a different result: \"${tryTwice.value}\""; 51 51 + 52 52 + # Check that normalisation doesn't change a string when appended to an absolute Nix path value 53 53 + assert assertMsg 54 54 + (originalValid -> absConcatOrig == absConcatNormalised) 55 55 + "For valid subpath \"${str}\", appending to an absolute Nix path value gives \"${absConcatOrig}\", but appending the normalised result \"${tryOnce.value}\" gives a different value \"${absConcatNormalised}\""; 56 56 + 57 57 + # Return an empty string when failed 58 58 + if tryOnce.success then tryOnce.value else ""; 59 59 + 60 60 + in lib.genAttrs strings normaliseAndCheck

+179

lib/path/tests/prop.sh

··· 1 1 + #!/usr/bin/env bash 2 2 + 3 3 + # Property tests for the `lib.path` library 4 4 + # 5 5 + # It generates random path-like strings and runs the functions on 6 6 + # them, checking that the expected laws of the functions hold 7 7 + 8 8 + set -euo pipefail 9 9 + shopt -s inherit_errexit 10 10 + 11 11 + # https://stackoverflow.com/a/246128 12 12 + SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 13 13 + 14 14 + if test -z "${TEST_LIB:-}"; then 15 15 + TEST_LIB=$SCRIPT_DIR/../.. 16 16 + fi 17 17 + 18 18 + tmp="$(mktemp -d)" 19 19 + clean_up() { 20 20 + rm -rf "$tmp" 21 21 + } 22 22 + trap clean_up EXIT 23 23 + mkdir -p "$tmp/work" 24 24 + cd "$tmp/work" 25 25 + 26 26 + # Defaulting to a random seed but the first argument can override this 27 27 + seed=${1:-$RANDOM} 28 28 + echo >&2 "Using seed $seed, use \`lib/path/tests/prop.sh $seed\` to reproduce this result" 29 29 + 30 30 + # The number of random paths to generate. This specific number was chosen to 31 31 + # be fast enough while still generating enough variety to detect bugs. 32 32 + count=500 33 33 + 34 34 + debug=0 35 35 + # debug=1 # print some extra info 36 36 + # debug=2 # print generated values 37 37 + 38 38 + # Fine tuning parameters to balance the number of generated invalid paths 39 39 + # to the variance in generated paths. 40 40 + extradotweight=64 # Larger value: more dots 41 41 + extraslashweight=64 # Larger value: more slashes 42 42 + extranullweight=16 # Larger value: shorter strings 43 43 + 44 44 + die() { 45 45 + echo >&2 "test case failed: " "$@" 46 46 + exit 1 47 47 + } 48 48 + 49 49 + if [[ "$debug" -ge 1 ]]; then 50 50 + echo >&2 "Generating $count random path-like strings" 51 51 + fi 52 52 + 53 53 + # Read stream of null-terminated strings entry-by-entry into bash, 54 54 + # write it to a file and the `strings` array. 55 55 + declare -a strings=() 56 56 + mkdir -p "$tmp/strings" 57 57 + while IFS= read -r -d $'\0' str; do 58 58 + echo -n "$str" > "$tmp/strings/${#strings[@]}" 59 59 + strings+=("$str") 60 60 + done < <(awk \ 61 61 + -f "$SCRIPT_DIR"/generate.awk \ 62 62 + -v seed="$seed" \ 63 63 + -v count="$count" \ 64 64 + -v extradotweight="$extradotweight" \ 65 65 + -v extraslashweight="$extraslashweight" \ 66 66 + -v extranullweight="$extranullweight") 67 67 + 68 68 + if [[ "$debug" -ge 1 ]]; then 69 69 + echo >&2 "Trying to normalise the generated path-like strings with Nix" 70 70 + fi 71 71 + 72 72 + # Precalculate all normalisations with a single Nix call. Calling Nix for each 73 73 + # string individually would take way too long 74 74 + nix-instantiate --eval --strict --json \ 75 75 + --argstr libpath "$TEST_LIB" \ 76 76 + --argstr dir "$tmp/strings" \ 77 77 + "$SCRIPT_DIR"/prop.nix \ 78 78 + >"$tmp/result.json" 79 79 + 80 80 + # Uses some jq magic to turn the resulting attribute set into an associative 81 81 + # bash array assignment 82 82 + declare -A normalised_result="($(jq ' 83 83 + to_entries 84 84 + | map("[\(.key | @sh)]=\(.value | @sh)") 85 85 + | join(" \n")' -r < "$tmp/result.json"))" 86 86 + 87 87 + # Looks up a normalisation result for a string 88 88 + # Checks that the normalisation is only failing iff it's an invalid subpath 89 89 + # For valid subpaths, returns 0 and prints the normalisation result 90 90 + # For invalid subpaths, returns 1 91 91 + normalise() { 92 92 + local str=$1 93 93 + # Uses the same check for validity as in the library implementation 94 94 + if [[ "$str" == "" || "$str" == /* || "$str" =~ ^(.*/)?\.\.(/.*)?$ ]]; then 95 95 + valid= 96 96 + else 97 97 + valid=1 98 98 + fi 99 99 + 100 100 + normalised=${normalised_result[$str]} 101 101 + # An empty string indicates failure, this is encoded in ./prop.nix 102 102 + if [[ -n "$normalised" ]]; then 103 103 + if [[ -n "$valid" ]]; then 104 104 + echo "$normalised" 105 105 + else 106 106 + die "For invalid subpath \"$str\", lib.path.subpath.normalise returned this result: \"$normalised\"" 107 107 + fi 108 108 + else 109 109 + if [[ -n "$valid" ]]; then 110 110 + die "For valid subpath \"$str\", lib.path.subpath.normalise failed" 111 111 + else 112 112 + if [[ "$debug" -ge 2 ]]; then 113 113 + echo >&2 "String \"$str\" is not a valid subpath" 114 114 + fi 115 115 + # Invalid and it correctly failed, we let the caller continue if they catch the exit code 116 116 + return 1 117 117 + fi 118 118 + fi 119 119 + } 120 120 + 121 121 + # Intermediate result populated by test_idempotency_realpath 122 122 + # and used in test_normalise_uniqueness 123 123 + # 124 124 + # Contains a mapping from a normalised subpath to the realpath result it represents 125 125 + declare -A norm_to_real 126 126 + 127 127 + test_idempotency_realpath() { 128 128 + if [[ "$debug" -ge 1 ]]; then 129 129 + echo >&2 "Checking idempotency of each result and making sure the realpath result isn't changed" 130 130 + fi 131 131 + 132 132 + # Count invalid subpaths to display stats 133 133 + invalid=0 134 134 + for str in "${strings[@]}"; do 135 135 + if ! result=$(normalise "$str"); then 136 136 + ((invalid++)) || true 137 137 + continue 138 138 + fi 139 139 + 140 140 + # Check the law that it doesn't change the result of a realpath 141 141 + mkdir -p -- "$str" "$result" 142 142 + real_orig=$(realpath -- "$str") 143 143 + real_norm=$(realpath -- "$result") 144 144 + 145 145 + if [[ "$real_orig" != "$real_norm" ]]; then 146 146 + die "realpath of the original string \"$str\" (\"$real_orig\") is not the same as realpath of the normalisation \"$result\" (\"$real_norm\")" 147 147 + fi 148 148 + 149 149 + if [[ "$debug" -ge 2 ]]; then 150 150 + echo >&2 "String \"$str\" gets normalised to \"$result\" and file path \"$real_orig\"" 151 151 + fi 152 152 + norm_to_real["$result"]="$real_orig" 153 153 + done 154 154 + if [[ "$debug" -ge 1 ]]; then 155 155 + echo >&2 "$(bc <<< "scale=1; 100 / $count * $invalid")% of the total $count generated strings were invalid subpath strings, and were therefore ignored" 156 156 + fi 157 157 + } 158 158 + 159 159 + test_normalise_uniqueness() { 160 160 + if [[ "$debug" -ge 1 ]]; then 161 161 + echo >&2 "Checking for the uniqueness law" 162 162 + fi 163 163 + 164 164 + for norm_p in "${!norm_to_real[@]}"; do 165 165 + real_p=${norm_to_real["$norm_p"]} 166 166 + for norm_q in "${!norm_to_real[@]}"; do 167 167 + real_q=${norm_to_real["$norm_q"]} 168 168 + # Checks normalisation uniqueness law for each pair of values 169 169 + if [[ "$norm_p" != "$norm_q" && "$real_p" == "$real_q" ]]; then 170 170 + die "Normalisations \"$norm_p\" and \"$norm_q\" are different, but the realpath of them is the same: \"$real_p\"" 171 171 + fi 172 172 + done 173 173 + done 174 174 + } 175 175 + 176 176 + test_idempotency_realpath 177 177 + test_normalise_uniqueness 178 178 + 179 179 + echo >&2 tests ok

+125

lib/path/tests/unit.nix

··· 1 1 + # Unit tests for lib.path functions. Use `nix-build` in this directory to 2 2 + # run these 3 3 + { libpath }: 4 4 + let 5 5 + lib = import libpath; 6 6 + inherit (lib.path) subpath; 7 7 + 8 8 + cases = lib.runTests { 9 9 + testSubpathIsValidExample1 = { 10 10 + expr = subpath.isValid null; 11 11 + expected = false; 12 12 + }; 13 13 + testSubpathIsValidExample2 = { 14 14 + expr = subpath.isValid ""; 15 15 + expected = false; 16 16 + }; 17 17 + testSubpathIsValidExample3 = { 18 18 + expr = subpath.isValid "/foo"; 19 19 + expected = false; 20 20 + }; 21 21 + testSubpathIsValidExample4 = { 22 22 + expr = subpath.isValid "../foo"; 23 23 + expected = false; 24 24 + }; 25 25 + testSubpathIsValidExample5 = { 26 26 + expr = subpath.isValid "foo/bar"; 27 27 + expected = true; 28 28 + }; 29 29 + testSubpathIsValidExample6 = { 30 30 + expr = subpath.isValid "./foo//bar/"; 31 31 + expected = true; 32 32 + }; 33 33 + testSubpathIsValidTwoDotsEnd = { 34 34 + expr = subpath.isValid "foo/.."; 35 35 + expected = false; 36 36 + }; 37 37 + testSubpathIsValidTwoDotsMiddle = { 38 38 + expr = subpath.isValid "foo/../bar"; 39 39 + expected = false; 40 40 + }; 41 41 + testSubpathIsValidTwoDotsPrefix = { 42 42 + expr = subpath.isValid "..foo"; 43 43 + expected = true; 44 44 + }; 45 45 + testSubpathIsValidTwoDotsSuffix = { 46 46 + expr = subpath.isValid "foo.."; 47 47 + expected = true; 48 48 + }; 49 49 + testSubpathIsValidTwoDotsPrefixComponent = { 50 50 + expr = subpath.isValid "foo/..bar/baz"; 51 51 + expected = true; 52 52 + }; 53 53 + testSubpathIsValidTwoDotsSuffixComponent = { 54 54 + expr = subpath.isValid "foo/bar../baz"; 55 55 + expected = true; 56 56 + }; 57 57 + testSubpathIsValidThreeDots = { 58 58 + expr = subpath.isValid "..."; 59 59 + expected = true; 60 60 + }; 61 61 + testSubpathIsValidFourDots = { 62 62 + expr = subpath.isValid "...."; 63 63 + expected = true; 64 64 + }; 65 65 + testSubpathIsValidThreeDotsComponent = { 66 66 + expr = subpath.isValid "foo/.../bar"; 67 67 + expected = true; 68 68 + }; 69 69 + testSubpathIsValidFourDotsComponent = { 70 70 + expr = subpath.isValid "foo/..../bar"; 71 71 + expected = true; 72 72 + }; 73 73 + 74 74 + testSubpathNormaliseExample1 = { 75 75 + expr = subpath.normalise "foo//bar"; 76 76 + expected = "./foo/bar"; 77 77 + }; 78 78 + testSubpathNormaliseExample2 = { 79 79 + expr = subpath.normalise "foo/./bar"; 80 80 + expected = "./foo/bar"; 81 81 + }; 82 82 + testSubpathNormaliseExample3 = { 83 83 + expr = subpath.normalise "foo/bar"; 84 84 + expected = "./foo/bar"; 85 85 + }; 86 86 + testSubpathNormaliseExample4 = { 87 87 + expr = subpath.normalise "foo/bar/"; 88 88 + expected = "./foo/bar"; 89 89 + }; 90 90 + testSubpathNormaliseExample5 = { 91 91 + expr = subpath.normalise "foo/bar/."; 92 92 + expected = "./foo/bar"; 93 93 + }; 94 94 + testSubpathNormaliseExample6 = { 95 95 + expr = subpath.normalise "."; 96 96 + expected = "./."; 97 97 + }; 98 98 + testSubpathNormaliseExample7 = { 99 99 + expr = (builtins.tryEval (subpath.normalise "foo/../bar")).success; 100 100 + expected = false; 101 101 + }; 102 102 + testSubpathNormaliseExample8 = { 103 103 + expr = (builtins.tryEval (subpath.normalise "")).success; 104 104 + expected = false; 105 105 + }; 106 106 + testSubpathNormaliseExample9 = { 107 107 + expr = (builtins.tryEval (subpath.normalise "/foo")).success; 108 108 + expected = false; 109 109 + }; 110 110 + testSubpathNormaliseIsValidDots = { 111 111 + expr = subpath.normalise "./foo/.bar/.../baz...qux"; 112 112 + expected = "./foo/.bar/.../baz...qux"; 113 113 + }; 114 114 + testSubpathNormaliseWrongType = { 115 115 + expr = (builtins.tryEval (subpath.normalise null)).success; 116 116 + expected = false; 117 117 + }; 118 118 + testSubpathNormaliseTwoDots = { 119 119 + expr = (builtins.tryEval (subpath.normalise "..")).success; 120 120 + expected = false; 121 121 + }; 122 122 + }; 123 123 + in 124 124 + if cases == [] then "Unit tests successful" 125 125 + else throw "Path unit tests failed: ${lib.generators.toPretty {} cases}"

+3

lib/tests/release.nix

··· 15 15 inherit pkgs; 16 16 lib = import ../.; 17 17 }) 18 18 + (import ../path/tests { 19 19 + inherit pkgs; 20 20 + }) 18 21 ]; 19 22 } '' 20 23 datadir="${pkgs.nix}/share"

+7

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

··· 360 360 </listitem> 361 361 <listitem> 362 362 <para> 363 363 + <literal>services.chronyd</literal> is now started with 364 364 + additional systemd sandbox/hardening options for better 365 365 + security. 366 366 + </para> 367 367 + </listitem> 368 368 + <listitem> 369 369 + <para> 363 370 The module <literal>services.headscale</literal> was 364 371 refactored to be compliant with 365 372 <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC

+2

nixos/doc/manual/release-notes/rl-2305.section.md

··· 98 98 99 99 And backup your data. 100 100 101 101 + - `services.chronyd` is now started with additional systemd sandbox/hardening options for better security. 102 102 + 101 103 - The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: 102 104 103 105 - Most settings has been migrated under [services.headscale.settings](#opt-services.headscale.settings) which is an attribute-set that

+1 -1

nixos/modules/programs/gnupg.nix

··· 135 135 # The SSH agent protocol doesn't have support for changing TTYs; however we 136 136 # can simulate this with the `exec` feature of openssh (see ssh_config(5)) 137 137 # that hooks a command to the shell currently running the ssh program. 138 138 - Match host * exec "${cfg.package}/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1" 138 138 + Match host * exec "${pkgs.runtimeShell} -c '${cfg.package}/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1'" 139 139 ''; 140 140 141 141 environment.extraInit = mkIf cfg.agent.enableSSHSupport ''

+25

nixos/modules/services/desktops/pipewire/daemon/jack.conf.json

··· 33 33 "actions": { 34 34 "update-props": {} 35 35 } 36 36 + }, 37 37 + { 38 38 + "matches": [ 39 39 + { 40 40 + "application.process.binary": "jack_bufsize" 41 41 + } 42 42 + ], 43 43 + "actions": { 44 44 + "update-props": { 45 45 + "jack.global-buffer-size": true 46 46 + } 47 47 + } 48 48 + }, 49 49 + { 50 50 + "matches": [ 51 51 + { 52 52 + "application.process.binary": "qsynth" 53 53 + } 54 54 + ], 55 55 + "actions": { 56 56 + "update-props": { 57 57 + "node.pause-on-idle": false, 58 58 + "node.passive": true 59 59 + } 60 60 + } 36 61 } 37 62 ] 38 63 }

+9 -6

nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json

··· 32 32 "args": {} 33 33 } 34 34 ], 35 35 - "context.exec": [ 35 35 + "context.exec": [], 36 36 + "pulse.cmd": [ 36 37 { 37 37 - "path": "pactl", 38 38 - "args": "load-module module-always-sink" 38 38 + "cmd": "load-module", 39 39 + "args": "module-always-sink", 40 40 + "flags": [] 39 41 } 40 42 ], 41 43 "stream.properties": {}, ··· 89 91 { 90 92 "matches": [ 91 93 { 92 92 - "application.name": "~speech-dispatcher*" 94 94 + "application.name": "~speech-dispatcher.*" 93 95 } 94 96 ], 95 97 "actions": { 96 98 "update-props": { 97 97 - "pulse.min.req": "1024/48000", 98 98 - "pulse.min.quantum": "1024/48000" 99 99 + "pulse.min.req": "512/48000", 100 100 + "pulse.min.quantum": "512/48000", 101 101 + "pulse.idle.timeout": 5 99 102 } 100 103 } 101 104 }

+8

nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json

··· 70 70 }, 71 71 { 72 72 "name": "libpipewire-module-session-manager" 73 73 + }, 74 74 + { 75 75 + "name": "libpipewire-module-x11-bell", 76 76 + "args": {}, 77 77 + "flags": [ 78 78 + "ifexists", 79 79 + "nofail" 80 80 + ] 73 81 } 74 82 ], 75 83 "context.objects": [

+43 -11

nixos/modules/services/networking/ntp/chrony.nix

··· 147 147 systemd.services.systemd-timedated.environment = { SYSTEMD_TIMEDATED_NTP_SERVICES = "chronyd.service"; }; 148 148 149 149 systemd.tmpfiles.rules = [ 150 150 - "d ${stateDir} 0755 chrony chrony - -" 151 151 - "f ${driftFile} 0640 chrony chrony -" 152 152 - "f ${keyFile} 0640 chrony chrony -" 150 150 + "d ${stateDir} 0750 chrony chrony - -" 151 151 + "f ${driftFile} 0640 chrony chrony - -" 152 152 + "f ${keyFile} 0640 chrony chrony - -" 153 153 ]; 154 154 155 155 systemd.services.chronyd = ··· 164 164 path = [ chronyPkg ]; 165 165 166 166 unitConfig.ConditionCapability = "CAP_SYS_TIME"; 167 167 - serviceConfig = 168 168 - { Type = "simple"; 169 169 - ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}"; 167 167 + serviceConfig = { 168 168 + Type = "simple"; 169 169 + ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}"; 170 170 171 171 - ProtectHome = "yes"; 172 172 - ProtectSystem = "full"; 173 173 - PrivateTmp = "yes"; 174 174 - }; 175 175 - 171 171 + # Proc filesystem 172 172 + ProcSubset = "pid"; 173 173 + ProtectProc = "invisible"; 174 174 + # Access write directories 175 175 + ReadWritePaths = [ "${stateDir}" ]; 176 176 + UMask = "0027"; 177 177 + # Capabilities 178 178 + CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_DAC_OVERRIDE" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" "CAP_SYS_RESOURCE" "CAP_SYS_TIME" ]; 179 179 + # Device Access 180 180 + DeviceAllow = [ "char-pps rw" "char-ptp rw" "char-rtc rw" ]; 181 181 + DevicePolicy = "closed"; 182 182 + # Security 183 183 + NoNewPrivileges = true; 184 184 + # Sandboxing 185 185 + ProtectSystem = "full"; 186 186 + ProtectHome = true; 187 187 + PrivateTmp = true; 188 188 + PrivateDevices = true; 189 189 + PrivateUsers = false; 190 190 + ProtectHostname = true; 191 191 + ProtectClock = false; 192 192 + ProtectKernelTunables = true; 193 193 + ProtectKernelModules = true; 194 194 + ProtectKernelLogs = true; 195 195 + ProtectControlGroups = true; 196 196 + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; 197 197 + RestrictNamespaces = true; 198 198 + LockPersonality = true; 199 199 + MemoryDenyWriteExecute = true; 200 200 + RestrictRealtime = true; 201 201 + RestrictSUIDSGID = true; 202 202 + RemoveIPC = true; 203 203 + PrivateMounts = true; 204 204 + # System Call Filtering 205 205 + SystemCallArchitectures = "native"; 206 206 + SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ]; 207 207 + }; 176 208 }; 177 209 }; 178 210 }

+3 -2

nixos/modules/services/web-apps/snipe-it.nix

··· 454 454 455 455 # A placeholder file for invalid barcodes 456 456 invalid_barcode_location="${cfg.dataDir}/public/uploads/barcodes/invalid_barcode.gif" 457 457 - [ ! -e "$invalid_barcode_location" ] \ 458 458 - && cp ${snipe-it}/share/snipe-it/invalid_barcode.gif "$invalid_barcode_location" 457 457 + if [ ! -e "$invalid_barcode_location" ]; then 458 458 + cp ${snipe-it}/share/snipe-it/invalid_barcode.gif "$invalid_barcode_location" 459 459 + fi 459 460 ''; 460 461 }; 461 462

+8 -3

nixos/modules/services/x11/desktop-managers/plasma5.nix

··· 32 32 inherit (lib) 33 33 getBin optionalString literalExpression 34 34 mkRemovedOptionModule mkRenamedOptionModule 35 35 - mkDefault mkIf mkMerge mkOption types; 35 35 + mkDefault mkIf mkMerge mkOption mkPackageOption types; 36 36 37 37 ini = pkgs.formats.ini { }; 38 38 ··· 198 198 example = literalExpression "[ pkgs.plasma5Packages.oxygen ]"; 199 199 }; 200 200 201 201 + notoPackage = mkPackageOption pkgs "Noto fonts" { 202 202 + default = [ "noto-fonts" ]; 203 203 + example = "noto-fonts-lgc-plus"; 204 204 + }; 205 205 + 201 206 # Internally allows configuring kdeglobals globally 202 207 kdeglobals = mkOption { 203 208 internal = true; ··· 401 406 # Enable GTK applications to load SVG icons 402 407 services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ]; 403 408 404 404 - fonts.fonts = with pkgs; [ noto-fonts hack-font ]; 409 409 + fonts.fonts = with pkgs; [ cfg.notoPackage hack-font ]; 405 410 fonts.fontconfig.defaultFonts = { 406 411 monospace = [ "Hack" "Noto Sans Mono" ]; 407 412 sansSerif = [ "Noto Sans" ]; ··· 545 550 } 546 551 { 547 552 # The user interface breaks without pulse 548 548 - assertion = config.hardware.pulseaudio.enable; 553 553 + assertion = config.hardware.pulseaudio.enable || (config.services.pipewire.enable && config.services.pipewire.pulse.enable); 549 554 message = "Plasma Mobile requires pulseaudio."; 550 555 } 551 556 ];

+1 -2

nixos/modules/services/x11/window-managers/i3.nix

··· 31 31 type = types.package; 32 32 default = pkgs.i3; 33 33 defaultText = literalExpression "pkgs.i3"; 34 34 - example = literalExpression "pkgs.i3-gaps"; 35 34 description = lib.mdDoc '' 36 35 i3 package to use. 37 36 ''; ··· 73 72 74 73 imports = [ 75 74 (mkRemovedOptionModule [ "services" "xserver" "windowManager" "i3-gaps" "enable" ] 76 76 - "Use services.xserver.windowManager.i3.enable and set services.xserver.windowManager.i3.package to pkgs.i3-gaps to use i3-gaps.") 75 75 + "i3-gaps was merged into i3. Use services.xserver.windowManager.i3.enable instead.") 77 76 ]; 78 77 }

+1 -5

nixos/modules/virtualisation/waydroid.nix

··· 56 56 57 57 wantedBy = [ "multi-user.target" ]; 58 58 59 59 - unitConfig = { 60 60 - ConditionPathExists = "/var/lib/waydroid/lxc/waydroid"; 61 61 - }; 62 62 - 63 59 serviceConfig = { 64 64 - ExecStart = "${pkgs.waydroid}/bin/waydroid container start"; 60 60 + ExecStart = "${pkgs.waydroid}/bin/waydroid -w container start"; 65 61 ExecStop = "${pkgs.waydroid}/bin/waydroid container stop"; 66 62 ExecStopPost = "${pkgs.waydroid}/bin/waydroid session stop"; 67 63 };

+3 -3

pkgs/applications/audio/spotifyd/default.nix

··· 9 9 10 10 rustPackages.rustPlatform.buildRustPackage rec { 11 11 pname = "spotifyd"; 12 12 - version = "0.3.3"; 12 12 + version = "0.3.4"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "Spotifyd"; 16 16 repo = "spotifyd"; 17 17 rev = "v${version}"; 18 18 - sha256 = "1liql2wp7cx0x4ha1578wx3m4byd295m4ph268s05yw2wrnr3v6c"; 18 18 + sha256 = "sha256-9zwHBDrdvE2R/cdrWgjsfHlm3wEZ9SB2VNcqezB/Op0="; 19 19 }; 20 20 21 21 - cargoSha256 = "1plvqd55d1gj0ydimv3154pwgj2sh1fqx2182nw8akzdfmzg1150"; 21 21 + cargoSha256 = "sha256-fQm7imXpm5AcKdg0cU/Rf2mAeg2ebZKRisJZSnG0REI="; 22 22 23 23 nativeBuildInputs = [ pkg-config ]; 24 24

+2 -2

pkgs/applications/gis/saga/default.nix

··· 31 31 32 32 mkDerivation rec { 33 33 pname = "saga"; 34 34 - version = "8.4.0"; 34 34 + version = "8.5.0"; 35 35 36 36 src = fetchurl { 37 37 url = "mirror://sourceforge/saga-gis/SAGA%20-%20${lib.versions.major version}/SAGA%20-%20${version}/saga-${version}.tar.gz"; 38 38 - sha256 = "sha256-v6DPwV20fcsznrEaFJk0/ewU4z3cTjzYYuLkyMwSLV0="; 38 38 + sha256 = "sha256-JzSuu1wGfCkxIDcTbP5jpHtJNvl8eAP3jznXvwSPeY0="; 39 39 }; 40 40 41 41 sourceRoot = "saga-${version}/saga-gis";

+4 -4

pkgs/applications/graphics/eyedropper/default.nix

··· 15 15 16 16 stdenv.mkDerivation rec { 17 17 pname = "eyedropper"; 18 18 - version = "0.4.0"; 18 18 + version = "0.5.0"; 19 19 20 20 src = fetchFromGitHub { 21 21 owner = "FineFindus"; 22 22 repo = pname; 23 23 - rev = version; 24 24 - hash = "sha256-bOpwHaFOoUlh+yyC1go6BeFxfJhUmwZPi6kYAqCagEI="; 23 23 + rev = "v${version}"; 24 24 + hash = "sha256-sDrMIryVFkjMGHbYvNDmKb1HyJNGb3Hd+muxUJKhogE="; 25 25 }; 26 26 27 27 cargoDeps = rustPlatform.fetchCargoTarball { 28 28 inherit src; 29 29 name = "${pname}-${version}"; 30 30 - hash = "sha256-TkdOq+icU2zNbXzN6nbkXjL1o/Lfumqr/5S0pQaxY5Q="; 30 30 + hash = "sha256-mztc44hHdqzR3WbG6tkCL38EfgBajRLlpMC8ElpXnlo="; 31 31 }; 32 32 33 33 nativeBuildInputs = [

+2 -2

pkgs/applications/networking/flexget/default.nix

··· 5 5 6 6 python3Packages.buildPythonApplication rec { 7 7 pname = "flexget"; 8 8 - version = "3.5.13"; 8 8 + version = "3.5.16"; 9 9 format = "pyproject"; 10 10 11 11 # Fetch from GitHub in order to use `requirements.in` ··· 13 13 owner = "flexget"; 14 14 repo = "flexget"; 15 15 rev = "refs/tags/v${version}"; 16 16 - hash = "sha256-0yO4prnYJkD7eiyrEOPHlDTsgGgRhQujsp8k2FsLYKI="; 16 16 + hash = "sha256-9hcl7OZLi86hZHLotsN1QlPzQ1Ep5vJumAyZxSxxIE8="; 17 17 }; 18 18 19 19 postPatch = ''

+3 -3

pkgs/applications/networking/syncthing/default.nix

··· 4 4 common = { stname, target, postInstall ? "" }: 5 5 buildGoModule rec { 6 6 pname = stname; 7 7 - version = "1.22.2"; 7 7 + version = "1.23.0"; 8 8 9 9 src = fetchFromGitHub { 10 10 owner = "syncthing"; 11 11 repo = "syncthing"; 12 12 rev = "v${version}"; 13 13 - hash = "sha256-t1JIkUjSEshSm3Zi5Ck8IOmTv2tC0dUYyJvlKua/BcI="; 13 13 + hash = "sha256-Z4YVU45na4BgIbN/IlORpTCuf2EuSuOyppDRzswn3EI="; 14 14 }; 15 15 16 16 - vendorSha256 = "sha256-UdzWD8I8ulPBXdF5wZQ7hQoVO9Bnj18Gw5t4wqolSPA="; 16 16 + vendorHash = "sha256-q63iaRxJRvPY0Np20O6JmdMEjSg/kxRneBfs8fRTwXk="; 17 17 18 18 doCheck = false; 19 19

+7

pkgs/applications/office/ledger/default.nix

··· 41 41 sha256 = "sha256-vwVQnY9EUCXPzhDJ4PSOmQStb9eF6H0yAOiEmL6sAlk="; 42 42 excludes = [ "doc/NEWS.md" ]; 43 43 }) 44 44 + 45 45 + # Fix included bug with boost >= 1.76. Remove with the next release 46 46 + (fetchpatch { 47 47 + url = "https://github.com/ledger/ledger/commit/1cb9b84fdecc5604bd1172cdd781859ff3871a52.patch"; 48 48 + sha256 = "sha256-ipVkRcTmnEvpfyPgMzLVJ9Sz8QxHeCURQI5dX8xh758="; 49 49 + excludes = [ "test/regress/*" ]; 50 50 + }) 44 51 ]; 45 52 46 53 installTargets = [ "doc" "install" ];

+2 -2

pkgs/applications/science/electronics/dataexplorer/default.nix

··· 8 8 9 9 stdenv.mkDerivation rec { 10 10 pname = "dataexplorer"; 11 11 - version = "3.7.3"; 11 11 + version = "3.7.4"; 12 12 13 13 src = fetchurl { 14 14 url = "mirror://savannah/dataexplorer/dataexplorer-${version}-src.tar.gz"; 15 15 - sha256 = "sha256-cqvlPV4i9m0x3hbruC5y2APsyjfI5y9RT8XVzsDaT/Q="; 15 15 + sha256 = "sha256-bghI7Hun7ZKUVEj7T58K0oaclnhUGd4z+eIqZF3eXHQ="; 16 16 }; 17 17 18 18 nativeBuildInputs = [ ant makeWrapper ];

+86

pkgs/applications/version-management/deepgit/default.nix

··· 1 1 + { copyDesktopItems 2 2 + , fetchurl 3 3 + , glib 4 4 + , gnome 5 5 + , gtk3 6 6 + , jre 7 7 + , lib 8 8 + , makeDesktopItem 9 9 + , stdenv 10 10 + , wrapGAppsHook 11 11 + }: 12 12 + 13 13 + stdenv.mkDerivation rec { 14 14 + pname = "deepgit"; 15 15 + version = "4.3"; 16 16 + 17 17 + src = fetchurl { 18 18 + url = "https://www.syntevo.com/downloads/deepgit/deepgit-linux-${lib.replaceStrings [ "." ] [ "_" ] version}.tar.gz"; 19 19 + hash = "sha256-bA/EySZjuSDYaZplwHcpeP1VakcnG5K1hYTk7cSVbz0="; 20 20 + }; 21 21 + 22 22 + nativeBuildInputs = [ 23 23 + copyDesktopItems 24 24 + wrapGAppsHook 25 25 + ]; 26 26 + 27 27 + buildInputs = [ 28 28 + gnome.adwaita-icon-theme 29 29 + gtk3 30 30 + jre 31 31 + ]; 32 32 + 33 33 + preFixup = '' 34 34 + gappsWrapperArgs+=( 35 35 + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ glib gtk3 ]} 36 36 + --set DEEPGIT_JAVA_HOME ${jre} 37 37 + ) 38 38 + patchShebangs bin/deepgit.sh 39 39 + ''; 40 40 + 41 41 + desktopItems = [(makeDesktopItem rec { 42 42 + name = pname; 43 43 + desktopName = "DeepGit"; 44 44 + keywords = [ "git" ]; 45 45 + comment = "Git-Client"; 46 46 + categories = [ 47 47 + "Development" 48 48 + "RevisionControl" 49 49 + ]; 50 50 + terminal = false; 51 51 + startupNotify = true; 52 52 + startupWMClass = desktopName; 53 53 + exec = pname; 54 54 + mimeTypes = [ 55 55 + "x-scheme-handler/${pname}" 56 56 + "x-scheme-handler/sourcetree" 57 57 + ]; 58 58 + icon = pname; 59 59 + })]; 60 60 + 61 61 + installPhase = '' 62 62 + runHook preInstall 63 63 + 64 64 + mkdir -pv $out/{bin,share/icons/hicolor/scalable/apps/} 65 65 + cp -a lib license.html $out 66 66 + mv bin/deepgit.sh $out/bin/deepgit 67 67 + 68 68 + for icon_size in 32 48 64 128 256; do 69 69 + path=$icon_size'x'$icon_size 70 70 + icon=bin/deepgit-$icon_size.png 71 71 + mkdir -p $out/share/icons/hicolor/$path/apps 72 72 + cp $icon $out/share/icons/hicolor/$path/apps/deepgit.png 73 73 + done 74 74 + 75 75 + runHook postInstall 76 76 + ''; 77 77 + 78 78 + meta = with lib; { 79 79 + description = "A tool to investigate the history of source code"; 80 80 + homepage = "https://www.syntevo.com/deepgit"; 81 81 + changelog = "https://www.syntevo.com/deepgit/changelog.txt"; 82 82 + license = licenses.unfree; 83 83 + maintainers = with maintainers; [ urandom ]; 84 84 + platforms = platforms.linux; 85 85 + }; 86 86 + }

+2 -2

pkgs/applications/window-managers/i3/default.nix

··· 7 7 8 8 stdenv.mkDerivation rec { 9 9 pname = "i3"; 10 10 - version = "4.21.1"; 10 10 + version = "4.22"; 11 11 12 12 src = fetchurl { 13 13 url = "https://i3wm.org/downloads/${pname}-${version}.tar.xz"; 14 14 - sha256 = "sha256-7f14EoXGVKBdxtsnLOAwDEQo5vvYddmZZOV94ltBvB4="; 14 14 + sha256 = "sha256-KGOZEeWdlWOfCSZCqYL14d6lkiUMK1zpjtoQCDNRPks="; 15 15 }; 16 16 17 17 nativeBuildInputs = [

-29

pkgs/applications/window-managers/i3/gaps.nix

··· 1 1 - { fetchFromGitHub, lib, i3 }: 2 2 - 3 3 - i3.overrideAttrs (oldAttrs : rec { 4 4 - pname = "i3-gaps"; 5 5 - version = "4.21.1"; 6 6 - 7 7 - src = fetchFromGitHub { 8 8 - owner = "Airblader"; 9 9 - repo = "i3"; 10 10 - rev = version; 11 11 - sha256 = "sha256-+JxJjvzEuAA4CH+gufzAzIqd5BSvHtPvLm2zTfXc/xk="; 12 12 - }; 13 13 - 14 14 - meta = with lib; { 15 15 - description = "A fork of the i3 tiling window manager with some additional features"; 16 16 - homepage = "https://github.com/Airblader/i3"; 17 17 - maintainers = with maintainers; [ fmthoma ]; 18 18 - license = licenses.bsd3; 19 19 - platforms = platforms.linux ++ platforms.netbsd ++ platforms.openbsd; 20 20 - 21 21 - longDescription = '' 22 22 - Fork of i3wm, a tiling window manager primarily targeted at advanced users 23 23 - and developers. Based on a tree as data structure, supports tiling, 24 24 - stacking, and tabbing layouts, handled dynamically, as well as floating 25 25 - windows. This fork adds a few features such as gaps between windows. 26 26 - Configured via plain text file. Multi-monitor. UTF-8 clean. 27 27 - ''; 28 28 - }; 29 29 - })

+115 -76

pkgs/data/fonts/noto-fonts/default.nix

··· 11 11 , imagemagick 12 12 , zopfli 13 13 , buildPackages 14 14 + , variants ? [ ] 14 15 }: 15 15 - 16 16 let 17 17 - mkNoto = { pname, weights }: 18 18 - stdenvNoCC.mkDerivation { 17 17 + notoLongDescription = '' 18 18 + When text is rendered by a computer, sometimes characters are 19 19 + displayed as “tofu”. They are little boxes to indicate your device 20 20 + doesn’t have a font to display the text. 21 21 + 22 22 + Google has been developing a font family called Noto, which aims to 23 23 + support all languages with a harmonious look and feel. Noto is 24 24 + Google’s answer to tofu. The name noto is to convey the idea that 25 25 + Google’s goal is to see “no more tofu”. Noto has multiple styles and 26 26 + weights, and freely available to all. 27 27 + 28 28 + This package also includes the Arimo, Cousine, and Tinos fonts. 29 29 + ''; 30 30 + in 31 31 + rec { 32 32 + mkNoto = 33 33 + { pname 34 34 + , weights 35 35 + , variants ? [ ] 36 36 + , longDescription ? notoLongDescription 37 37 + }: 38 38 + stdenvNoCC.mkDerivation rec { 19 39 inherit pname; 20 20 - version = "2020-01-23"; 40 40 + version = "20201206-phase3"; 21 41 22 42 src = fetchFromGitHub { 23 43 owner = "googlefonts"; 24 44 repo = "noto-fonts"; 25 25 - rev = "f4726a2ec36169abd02a6d8abe67c8ff0236f6d8"; 26 26 - sha256 = "0zc1r7zph62qmvzxqfflsprazjf6x1qnwc2ma27kyzh6v36gaykw"; 45 45 + rev = "v${version}"; 46 46 + hash = "sha256-x60RvCRFLoGe0CNvswROnDkIsUFbWH+/laN8q2qkUPk="; 27 47 }; 48 48 + 49 49 + _variants = map (variant: builtins.replaceStrings [ " " ] [ "" ] variant) variants; 28 50 29 51 installPhase = '' 30 52 # We copy in reverse preference order -- unhinted first, then ··· 33 55 # 34 56 # TODO: install OpenType, variable versions? 35 57 local out_ttf=$out/share/fonts/truetype/noto 36 36 - install -m444 -Dt $out_ttf phaseIII_only/unhinted/ttf/*/*-${weights}.ttf 37 37 - install -m444 -Dt $out_ttf phaseIII_only/hinted/ttf/*/*-${weights}.ttf 38 38 - install -m444 -Dt $out_ttf unhinted/*/*-${weights}.ttf 39 39 - install -m444 -Dt $out_ttf hinted/*/*-${weights}.ttf 40 40 - ''; 58 58 + '' + (if _variants == [ ] then '' 59 59 + install -m444 -Dt $out_ttf archive/unhinted/*/*-${weights}.ttf 60 60 + install -m444 -Dt $out_ttf archive/hinted/*/*-${weights}.ttf 61 61 + install -m444 -Dt $out_ttf unhinted/*/*/*-${weights}.ttf 62 62 + install -m444 -Dt $out_ttf hinted/*/*/*-${weights}.ttf 63 63 + '' else '' 64 64 + for variant in $_variants; do 65 65 + install -m444 -Dt $out_ttf archive/unhinted/$variant/*-${weights}.ttf 66 66 + install -m444 -Dt $out_ttf archive/hinted/$variant/*-${weights}.ttf 67 67 + install -m444 -Dt $out_ttf unhinted/*/$variant/*-${weights}.ttf 68 68 + install -m444 -Dt $out_ttf hinted/*/$variant/*-${weights}.ttf 69 69 + done 70 70 + ''); 41 71 42 72 meta = with lib; { 43 73 description = "Beautiful and free fonts for many languages"; 44 74 homepage = "https://www.google.com/get/noto/"; 45 45 - longDescription = 46 46 - '' 47 47 - When text is rendered by a computer, sometimes characters are 48 48 - displayed as “tofu”. They are little boxes to indicate your device 49 49 - doesn’t have a font to display the text. 50 50 - 51 51 - Google has been developing a font family called Noto, which aims to 52 52 - support all languages with a harmonious look and feel. Noto is 53 53 - Google’s answer to tofu. The name noto is to convey the idea that 54 54 - Google’s goal is to see “no more tofu”. Noto has multiple styles and 55 55 - weights, and freely available to all. 56 56 - 57 57 - This package also includes the Arimo, Cousine, and Tinos fonts. 58 58 - ''; 75 75 + inherit longDescription; 59 76 license = licenses.ofl; 60 77 platforms = platforms.all; 61 78 maintainers = with maintainers; [ mathnerd314 emily ]; ··· 100 117 maintainers = with maintainers; [ mathnerd314 emily ]; 101 118 }; 102 119 }; 103 103 - in 104 120 105 105 - { 106 121 noto-fonts = mkNoto { 107 122 pname = "noto-fonts"; 108 123 weights = "{Regular,Bold,Light,Italic,BoldItalic,LightItalic}"; 109 124 }; 110 125 126 126 + noto-fonts-lgc-plus = mkNoto { 127 127 + pname = "noto-fonts-lgc-plus"; 128 128 + weights = "{Regular,Bold,Light,Italic,BoldItalic,LightItalic}"; 129 129 + variants = [ 130 130 + "Noto Sans" 131 131 + "Noto Serif" 132 132 + "Noto Sans Display" 133 133 + "Noto Serif Display" 134 134 + "Noto Sans Mono" 135 135 + "Noto Music" 136 136 + "Noto Sans Symbols" 137 137 + "Noto Sans Symbols 2" 138 138 + "Noto Sans Math" 139 139 + ]; 140 140 + longDescription = '' 141 141 + This package provides the Noto Fonts, but only for latin, greek 142 142 + and cyrillic scripts, as well as some extra fonts. To create a 143 143 + custom Noto package with custom variants, see the `mkNoto` 144 144 + helper function. 145 145 + ''; 146 146 + }; 147 147 + 111 148 noto-fonts-extra = mkNoto { 112 149 pname = "noto-fonts-extra"; 113 150 weights = "{Black,Condensed,Extra,Medium,Semi,Thin}*"; ··· 127 164 sha256 = "sha256-1w66Ge7DZjbONGhxSz69uFhfsjMsDiDkrGl6NsoB7dY="; 128 165 }; 129 166 130 130 - noto-fonts-emoji = let 131 131 - version = "2.038"; 132 132 - emojiPythonEnv = 133 133 - buildPackages.python3.withPackages (p: with p; [ fonttools nototools ]); 134 134 - in stdenvNoCC.mkDerivation { 135 135 - pname = "noto-fonts-emoji"; 136 136 - inherit version; 167 167 + noto-fonts-emoji = 168 168 + let 169 169 + version = "2.038"; 170 170 + emojiPythonEnv = 171 171 + buildPackages.python3.withPackages (p: with p; [ fonttools nototools ]); 172 172 + in 173 173 + stdenvNoCC.mkDerivation { 174 174 + pname = "noto-fonts-emoji"; 175 175 + inherit version; 137 176 138 138 - src = fetchFromGitHub { 139 139 - owner = "googlefonts"; 140 140 - repo = "noto-emoji"; 141 141 - rev = "v${version}"; 142 142 - sha256 = "1rgmcc6nqq805iqr8kvxxlk5cf50q714xaxk3ld6rjrd69kb8ix9"; 143 143 - }; 177 177 + src = fetchFromGitHub { 178 178 + owner = "googlefonts"; 179 179 + repo = "noto-emoji"; 180 180 + rev = "v${version}"; 181 181 + sha256 = "1rgmcc6nqq805iqr8kvxxlk5cf50q714xaxk3ld6rjrd69kb8ix9"; 182 182 + }; 144 183 145 145 - depsBuildBuild = [ 146 146 - buildPackages.stdenv.cc 147 147 - pkg-config 148 148 - cairo 149 149 - ]; 184 184 + depsBuildBuild = [ 185 185 + buildPackages.stdenv.cc 186 186 + pkg-config 187 187 + cairo 188 188 + ]; 150 189 151 151 - nativeBuildInputs = [ 152 152 - imagemagick 153 153 - zopfli 154 154 - pngquant 155 155 - which 156 156 - emojiPythonEnv 157 157 - ]; 190 190 + nativeBuildInputs = [ 191 191 + imagemagick 192 192 + zopfli 193 193 + pngquant 194 194 + which 195 195 + emojiPythonEnv 196 196 + ]; 158 197 159 159 - postPatch = '' 160 160 - patchShebangs *.py 161 161 - patchShebangs third_party/color_emoji/*.py 162 162 - # remove check for virtualenv, since we handle 163 163 - # python requirements using python.withPackages 164 164 - sed -i '/ifndef VIRTUAL_ENV/,+2d' Makefile 198 198 + postPatch = '' 199 199 + patchShebangs *.py 200 200 + patchShebangs third_party/color_emoji/*.py 201 201 + # remove check for virtualenv, since we handle 202 202 + # python requirements using python.withPackages 203 203 + sed -i '/ifndef VIRTUAL_ENV/,+2d' Makefile 165 204 166 166 - # Make the build verbose so it won't get culled by Hydra thinking that 167 167 - # it somehow got stuck doing nothing. 168 168 - sed -i 's;\t@;\t;' Makefile 169 169 - ''; 205 205 + # Make the build verbose so it won't get culled by Hydra thinking that 206 206 + # it somehow got stuck doing nothing. 207 207 + sed -i 's;\t@;\t;' Makefile 208 208 + ''; 170 209 171 171 - enableParallelBuilding = true; 210 210 + enableParallelBuilding = true; 172 211 173 173 - installPhase = '' 174 174 - runHook preInstall 175 175 - mkdir -p $out/share/fonts/noto 176 176 - cp NotoColorEmoji.ttf $out/share/fonts/noto 177 177 - runHook postInstall 178 178 - ''; 212 212 + installPhase = '' 213 213 + runHook preInstall 214 214 + mkdir -p $out/share/fonts/noto 215 215 + cp NotoColorEmoji.ttf $out/share/fonts/noto 216 216 + runHook postInstall 217 217 + ''; 179 218 180 180 - meta = with lib; { 181 181 - description = "Color and Black-and-White emoji fonts"; 182 182 - homepage = "https://github.com/googlefonts/noto-emoji"; 183 183 - license = with licenses; [ ofl asl20 ]; 184 184 - platforms = platforms.all; 185 185 - maintainers = with maintainers; [ mathnerd314 sternenseemann ]; 219 219 + meta = with lib; { 220 220 + description = "Color and Black-and-White emoji fonts"; 221 221 + homepage = "https://github.com/googlefonts/noto-emoji"; 222 222 + license = with licenses; [ ofl asl20 ]; 223 223 + platforms = platforms.all; 224 224 + maintainers = with maintainers; [ mathnerd314 sternenseemann ]; 225 225 + }; 186 226 }; 187 187 - }; 188 227 189 228 noto-fonts-emoji-blob-bin = 190 229 let

+52

pkgs/development/compilers/gcc-arm-embedded/12/default.nix

··· 1 1 + { lib 2 2 + , stdenv 3 3 + , fetchurl 4 4 + , ncurses5 5 5 + , python38 6 6 + }: 7 7 + 8 8 + stdenv.mkDerivation rec { 9 9 + pname = "gcc-arm-embedded"; 10 10 + version = "12.2.rel1"; 11 11 + 12 12 + platform = { 13 13 + aarch64-linux = "aarch64"; 14 14 + x86_64-darwin = "darwin-x86_64"; 15 15 + x86_64-linux = "x86_64"; 16 16 + }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); 17 17 + 18 18 + src = fetchurl { 19 19 + url = "https://developer.arm.com/-/media/Files/downloads/gnu/${version}/binrel/arm-gnu-toolchain-${version}-${platform}-arm-none-eabi.tar.xz"; 20 20 + sha256 = { 21 21 + aarch64-linux = "131ydgndff7dyhkivfchbk43lv3cv2p172knkqilx64aapvk5qvy"; 22 22 + x86_64-darwin = "00i9gd1ny00681pwinh6ng9x45xsyrnwc6hm2vr348z9gasyxh00"; 23 23 + x86_64-linux = "0rv8r5zh0a5621v0xygxi8f6932qgwinw2s9vnniasp9z7897gl4"; 24 24 + }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); 25 25 + }; 26 26 + 27 27 + dontConfigure = true; 28 28 + dontBuild = true; 29 29 + dontPatchELF = true; 30 30 + dontStrip = true; 31 31 + 32 32 + installPhase = '' 33 33 + mkdir -p $out 34 34 + cp -r * $out 35 35 + ''; 36 36 + 37 37 + preFixup = '' 38 38 + find $out -type f | while read f; do 39 39 + patchelf "$f" > /dev/null 2>&1 || continue 40 40 + patchelf --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) "$f" || true 41 41 + patchelf --set-rpath ${lib.makeLibraryPath [ "$out" stdenv.cc.cc ncurses5 python38 ]} "$f" || true 42 42 + done 43 43 + ''; 44 44 + 45 45 + meta = with lib; { 46 46 + description = "Pre-built GNU toolchain from ARM Cortex-M & Cortex-R processors"; 47 47 + homepage = "https://developer.arm.com/open-source/gnu-toolchain/gnu-rm"; 48 48 + license = with licenses; [ bsd2 gpl2 gpl3 lgpl21 lgpl3 mit ]; 49 49 + maintainers = with maintainers; [ prusnak ]; 50 50 + platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ]; 51 51 + }; 52 52 + }

+4 -3

pkgs/development/compilers/ispc/default.nix

··· 2 2 , cmake, which, m4, python3, bison, flex, llvmPackages, ncurses 3 3 4 4 # the default test target is sse4, but that is not supported by all Hydra agents 5 5 - , testedTargets ? [ "sse2-i32x4" ] 5 5 + , testedTargets ? if stdenv.isAarch64 || stdenv.isAarch32 then [ "neon-i32x4" ] else [ "sse2-i32x4" ] 6 6 }: 7 7 8 8 stdenv.mkDerivation rec { ··· 58 58 "-DCLANGPP_EXECUTABLE=${llvmPackages.clang}/bin/clang++" 59 59 "-DISPC_INCLUDE_EXAMPLES=OFF" 60 60 "-DISPC_INCLUDE_UTILS=OFF" 61 61 - "-DARM_ENABLED=FALSE" 61 61 + ("-DARM_ENABLED=" + (if stdenv.isAarch64 || stdenv.isAarch32 then "TRUE" else "FALSE")) 62 62 + ("-DX86_ENABLED=" + (if stdenv.isx86_64 || stdenv.isx86_32 then "TRUE" else "FALSE")) 62 63 ]; 63 64 64 65 meta = with lib; { 65 66 homepage = "https://ispc.github.io/"; 66 67 description = "Intel 'Single Program, Multiple Data' Compiler, a vectorised language"; 67 68 license = licenses.bsd3; 68 68 - platforms = [ "x86_64-linux" "x86_64-darwin" ]; # TODO: buildable on more platforms? 69 69 + platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; # TODO: buildable on more platforms? 69 70 maintainers = with maintainers; [ aristid thoughtpolice athas ]; 70 71 }; 71 72 }

+1 -1

pkgs/development/compilers/julia/1.8.nix

··· 54 54 # https://github.com/JuliaCI/julia-buildbot/blob/master/master/inventory.py 55 55 "JULIA_CPU_TARGET=generic;sandybridge,-xsaveopt,clone_all;haswell,-rdrnd,base(1)" 56 56 ] ++ lib.optionals stdenv.isAarch64 [ 57 57 - "JULIA_CPU_TERGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" 57 57 + "JULIA_CPU_TARGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" 58 58 ]; 59 59 60 60 # remove forbidden reference to $TMPDIR

+1 -1

pkgs/development/interpreters/ruby/default.nix

··· 260 260 inherit lib stdenv makeWrapper buildRubyGem buildEnv; 261 261 gemConfig = defaultGemConfig; 262 262 ruby = self; 263 263 - }) withPackages gems; 263 263 + }) withPackages buildGems gems; 264 264 265 265 } // lib.optionalAttrs useBaseRuby { 266 266 inherit baseRuby;

+2 -5

pkgs/development/libraries/ada/spark2014/default.nix

··· 5 5 , gnatcoll-core 6 6 , gprbuild 7 7 , python3 8 8 - , why3 9 8 , ocaml 10 9 , ocamlPackages 11 10 , makeWrapper ··· 53 52 make setup 54 53 ''; 55 54 56 56 - postInstall = '' 55 55 + installPhase = '' 56 56 + make install-all 57 57 cp -a ./install/. $out 58 58 - # help gnatprove to locate why3server 59 59 - wrapProgram "$out/bin/gnatprove" \ 60 60 - --prefix PATH : "${why3}/lib/why3" 61 58 ''; 62 59 63 60 meta = with lib; {

+12 -12

pkgs/development/libraries/libmilter/darwin.patch

··· 13 13 define(`confLDOPTS', `${Extra_LD_Flags}') 14 14 --- a/sendmail/sendmail.h 2020-05-18 14:51:17.000000000 +0200 15 15 +++ b/sendmail/sendmail.h 2020-05-18 14:51:00.000000000 +0200 16 16 - @@ -104,7 +104,11 @@ 17 17 - # endif /* NETX25 */ 16 16 + @@ -122,7 +122,11 @@ 17 17 + # endif 18 18 19 19 - # if NAMED_BIND 20 20 - -# include <arpa/nameser.h> 21 21 - +# ifdef __APPLE__ 22 22 - +# include <arpa/nameser_compat.h> 23 23 - +# else 24 24 - +# include <arpa/nameser.h> 25 25 - +# endif 26 26 - # ifdef NOERROR 27 27 - # undef NOERROR /* avoid <sys/streams.h> conflict */ 28 28 - # endif /* NOERROR */ 19 19 + #if NAMED_BIND 20 20 + -# include <arpa/nameser.h> 21 21 + +# ifdef __APPLE__ 22 22 + +# include <arpa/nameser_compat.h> 23 23 + +# else 24 24 + +# include <arpa/nameser.h> 25 25 + +# endif 26 26 + # ifdef NOERROR 27 27 + # undef NOERROR /* avoid <sys/streams.h> conflict */ 28 28 + # endif

+3 -3

pkgs/development/libraries/libmilter/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "libmilter"; 5 5 - version = "8.15.2"; 5 5 + version = "8.17.1"; 6 6 7 7 src = fetchurl { 8 8 url = "ftp://ftp.sendmail.org/pub/sendmail/sendmail.${version}.tar.gz"; 9 9 - sha256 = "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"; 9 9 + sha256 = "sha256-BLx2tsiG5tERvn/Y2qMrjOABKKKItrUuBnvCnzhUpuY="; 10 10 }; 11 11 12 12 buildPhase = '' ··· 32 32 sh Build -f ./a.m4 33 33 ''; 34 34 35 35 - patches = [ ./install.patch ./sharedlib.patch ./glibc-2.30.patch ./darwin.patch ]; 35 35 + patches = [ ./install.patch ./sharedlib.patch ./darwin.patch ]; 36 36 37 37 nativeBuildInputs = [ m4 ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames; 38 38

-44

pkgs/development/libraries/libmilter/glibc-2.30.patch

··· 1 1 - diff --git a/libmilter/sm_gethost.c b/libmilter/sm_gethost.c 2 2 - index 2423c34..f00468c 100644 3 3 - --- a/libmilter/sm_gethost.c 4 4 - +++ b/libmilter/sm_gethost.c 5 5 - @@ -52,16 +52,8 @@ sm_getipnodebyname(name, family, flags, err) 6 6 - bool resv6 = true; 7 7 - struct hostent *h; 8 8 - 9 9 - - if (family == AF_INET6) 10 10 - - { 11 11 - - /* From RFC2133, section 6.1 */ 12 12 - - resv6 = bitset(RES_USE_INET6, _res.options); 13 13 - - _res.options |= RES_USE_INET6; 14 14 - - } 15 15 - SM_SET_H_ERRNO(0); 16 16 - - h = gethostbyname(name); 17 17 - - if (family == AF_INET6 && !resv6) 18 18 - - _res.options &= ~RES_USE_INET6; 19 19 - + h = gethostbyname2(name, family); 20 20 - 21 21 - /* the function is supposed to return only the requested family */ 22 22 - if (h != NULL && h->h_addrtype != family) 23 23 - diff --git a/sendmail/conf.c b/sendmail/conf.c 24 24 - index c73334e..500dafb 100644 25 25 - --- a/sendmail/conf.c 26 26 - +++ b/sendmail/conf.c 27 27 - @@ -4243,16 +4243,8 @@ sm_getipnodebyname(name, family, flags, err) 28 28 - # else /* HAS_GETHOSTBYNAME2 */ 29 29 - bool resv6 = true; 30 30 - 31 31 - - if (family == AF_INET6) 32 32 - - { 33 33 - - /* From RFC2133, section 6.1 */ 34 34 - - resv6 = bitset(RES_USE_INET6, _res.options); 35 35 - - _res.options |= RES_USE_INET6; 36 36 - - } 37 37 - SM_SET_H_ERRNO(0); 38 38 - - h = gethostbyname(name); 39 39 - - if (!resv6) 40 40 - - _res.options &= ~RES_USE_INET6; 41 41 - + h = gethostbyname2(name, family); 42 42 - 43 43 - /* the function is supposed to return only the requested family */ 44 44 - if (h != NULL && h->h_addrtype != family)

+2 -2

pkgs/development/libraries/libpg_query/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "libpg_query"; 5 5 - version = "14-3.0.0"; 5 5 + version = "15-4.0.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "pganalyze"; 9 9 repo = "libpg_query"; 10 10 rev = version; 11 11 - sha256 = "sha256-rICN8fkPcYw32N6TdpbrszGUoRzwQdfRSW6A0AC8toM="; 11 11 + sha256 = "sha256-2BZT/jGfGwia+Map5OkeTcWVFJssykhrdRT2IDAzrfs="; 12 12 }; 13 13 14 14 nativeBuildInputs = [ which ];

+10 -6

pkgs/development/python-modules/python-arango/default.nix

··· 22 22 23 23 buildPythonPackage rec { 24 24 pname = "python-arango"; 25 25 - version = "7.5.3"; 25 25 + version = "7.5.4"; 26 26 + format = "setuptools"; 27 27 + 26 28 disabled = pythonOlder "3.7"; 27 27 - format = "setuptools"; 28 29 29 30 src = fetchFromGitHub { 30 31 owner = "ArangoDB-Community"; 31 32 repo = "python-arango"; 32 32 - rev = version; 33 33 - sha256 = "0qb2yp05z8dmgsyyxqrl3q0a60jaiih96zhxmqrn2yf7as45n07j"; 33 33 + rev = "refs/tags/${version}"; 34 34 + hash = "sha256-b3UZuH2hpulRSThReBkDwh0MLJmc95HeWInmmMAl4g0="; 34 35 }; 35 36 36 37 propagatedBuildInputs = [ ··· 127 128 "test_replication_applier" 128 129 ]; 129 130 130 130 - pythonImportsCheck = [ "arango" ]; 131 131 + pythonImportsCheck = [ 132 132 + "arango" 133 133 + ]; 131 134 132 135 meta = with lib; { 133 136 description = "Python Driver for ArangoDB"; 134 137 homepage = "https://github.com/ArangoDB-Community/python-arango"; 138 138 + changelog = "https://github.com/ArangoDB-Community/python-arango/releases/tag/${version}"; 135 139 license = licenses.mit; 136 136 - maintainers = [ maintainers.jsoo1 ]; 140 140 + maintainers = with maintainers; [ jsoo1 ]; 137 141 }; 138 142 }

+2 -2

pkgs/development/ruby-modules/bundler/default.nix

··· 4 4 inherit ruby; 5 5 name = "${gemName}-${version}"; 6 6 gemName = "bundler"; 7 7 - version = "2.3.26"; 8 8 - source.sha256 = "sha256-HuU832HnKK2Cxtv/Bs/NhVHVQi6I6GID8OLb6a6Zngk="; 7 7 + version = "2.4.2"; 8 8 + source.sha256 = "sha256-mYUOxAWH7hv7Kn521OVI8PyzoO3T6LGPJjAxA07buR8="; 9 9 dontPatchShebangs = true; 10 10 11 11 passthru.updateScript = writeScript "gem-update-script" ''

+3 -3

pkgs/development/tools/esbuild/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "esbuild"; 5 5 - version = "0.16.7"; 5 5 + version = "0.16.13"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "evanw"; 9 9 repo = "esbuild"; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-zo7YQ4Is3VWsXGvPNrg95tZ76qTSQRyntFjDeqhoyVw="; 11 11 + hash = "sha256-X4UB2RDfupUP+u+4g2jLxbpx4n4uarhcjs5VtP9Zi20="; 12 12 }; 13 13 14 14 - vendorSha256 = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; 14 14 + vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; 15 15 16 16 subPackages = [ "cmd/esbuild" ]; 17 17

+3 -3

pkgs/development/tools/misc/ptags/default.nix

··· 8 8 9 9 rustPlatform.buildRustPackage rec { 10 10 pname = "ptags"; 11 11 - version = "0.3.2"; 11 11 + version = "0.3.4"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "dalance"; 15 15 repo = "ptags"; 16 16 rev = "v${version}"; 17 17 - sha256 = "1xr1szh4dfrcmi6s6dj791k1ix2zbv75rqkqbyb1lmh5548kywkg"; 17 17 + sha256 = "sha256-hFHzNdTX3nw2OwRxk9lKrt/YpaBXwi5aE/Qn3W9PRf4="; 18 18 }; 19 19 20 20 - cargoSha256 = "1pz5hvn1iq26i8c2cmqavhnri8h0sn40khrxvcdkj9q47nsj5wcx"; 20 20 + cargoSha256 = "sha256-cFezB7uwUznC/8NXJNrBqP0lf0sXAQBoGksXFOGrUIg="; 21 21 22 22 nativeBuildInputs = [ makeWrapper ]; 23 23

+2 -2

pkgs/development/tools/ocaml/dune/3.nix

··· 6 6 7 7 stdenv.mkDerivation rec { 8 8 pname = "dune"; 9 9 - version = "3.6.1"; 9 9 + version = "3.6.2"; 10 10 11 11 src = fetchurl { 12 12 url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz"; 13 13 - sha256 = "sha256-8dWsBLegJ/PVSeJc+IXr96zBNeApHBjmtDEjp5nBQ84="; 13 13 + sha256 = "sha256-ttSrhI77BKoqMl0AFdMu1EFO1xMOx6oS+YFY7/RFzzw="; 14 14 }; 15 15 16 16 nativeBuildInputs = [ ocaml findlib ];

+3 -3

pkgs/games/rare/default.nix

··· 3 3 4 4 buildPythonApplication rec { 5 5 pname = "rare"; 6 6 - version = "1.9.3"; 6 6 + version = "1.9.4"; 7 7 8 8 src = fetchFromGitHub { 9 9 owner = "Dummerle"; 10 10 repo = "Rare"; 11 11 - rev = version; 12 12 - sha256 = "sha256-M+OMsyamh4WHIx7Pv2sLylOrnSmYrv1aEm3atqXrDaw="; 11 11 + rev = "refs/tags/${version}"; 12 12 + sha256 = "sha256-+STwVsDdvjP7HaqmaQVug+6h0n0rw/j4LGQQSNdLVQQ="; 13 13 }; 14 14 15 15 nativeBuildInputs = [

+3 -2

pkgs/os-specific/linux/waydroid/default.nix

··· 2 2 , lib 3 3 , fetchFromGitHub 4 4 , python3Packages 5 5 + , bash 5 6 , dnsmasq 6 7 , gawk 7 8 , getent ··· 17 18 18 19 python3Packages.buildPythonApplication rec { 19 20 pname = "waydroid"; 20 20 - version = "1.3.3"; 21 21 + version = "1.3.4"; 21 22 format = "other"; 22 23 23 24 src = fetchFromGitHub { 24 25 owner = pname; 25 26 repo = pname; 26 27 rev = version; 27 27 - sha256 = "sha256-av1kcOSViUV2jsFiTE21N6sAJIL6K+zKkpPHjx6iYVk="; 28 28 + sha256 = "sha256-0GBob9BUwiE5cFGdK8AdwsTjTOdc+AIWqUGN/gFfOqI="; 28 29 }; 29 30 30 31 propagatedBuildInputs = with python3Packages; [

+2 -2

pkgs/servers/sql/postgresql/ext/pg_ivm.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "pg_ivm"; 5 5 - version = "1.3"; 5 5 + version = "1.4"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "sraoss"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 11 - hash = "sha256-HdIqAB/A6+EvioKhS2OKmlABjpeTAgkbU5ihbt/OzdI="; 11 11 + hash = "sha256-pz9eHmd7GC30r0uUObOlrcdkAX4c+szjYAXS1U999CE="; 12 12 }; 13 13 14 14 buildInputs = [ postgresql ];

+2 -2

pkgs/servers/sql/postgresql/ext/pgroonga.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "pgroonga"; 5 5 - version = "2.4.0"; 5 5 + version = "2.4.2"; 6 6 7 7 src = fetchurl { 8 8 url = "https://packages.groonga.org/source/${pname}/${pname}-${version}.tar.gz"; 9 9 - sha256 = "sha256-W6quDn2B+BZ+J46aNMbtVq7OizT1q5jyKMZECAk0F7M="; 9 9 + sha256 = "sha256-5klltU+9dz30tjE0lQfNinrVEZyT8UpK120kQ1j/yig="; 10 10 }; 11 11 12 12 nativeBuildInputs = [ pkg-config ];

+2 -2

pkgs/servers/sql/postgresql/ext/pgrouting.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "pgrouting"; 5 5 - version = "3.3.2"; 5 5 + version = "3.4.2"; 6 6 7 7 nativeBuildInputs = [ cmake perl ]; 8 8 buildInputs = [ postgresql boost ]; ··· 11 11 owner = "pgRouting"; 12 12 repo = pname; 13 13 rev = "v${version}"; 14 14 - sha256 = "sha256-H7h+eiH02qLscpiZ8yV5ofL7upeqRBXNQDGYS86f3og="; 14 14 + sha256 = "sha256-By3XX4ow5+OdvpLlpozZe3674VSehO9T96pQtJy5y6g="; 15 15 }; 16 16 17 17 installPhase = ''

+2 -2

pkgs/servers/sql/postgresql/ext/plpgsql_check.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "plpgsql_check"; 5 5 - version = "2.2.4"; 5 5 + version = "2.2.6"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "okbob"; 9 9 repo = pname; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-YUJLh1IgOOnNxPrH8NaY3jGEV+4mTjRffooIANkbbFo="; 11 11 + hash = "sha256-8HFyIzJ1iF3K2vTlibFallvkMKjFTJ2DO64fORToD8E="; 12 12 }; 13 13 14 14 buildInputs = [ postgresql ];

+3 -3

pkgs/tools/audio/vgmtools/default.nix

··· 8 8 9 9 stdenv.mkDerivation rec { 10 10 pname = "vgmtools"; 11 11 - version = "unstable-2022-12-03"; 11 11 + version = "unstable-2022-12-30"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "vgmrips"; 15 15 repo = "vgmtools"; 16 16 - rev = "b9216623ffb9219c46a7a10669175c7a4c8cd946"; 17 17 - sha256 = "fPt/z4D4C8TWoz7FivxmXGDcYGc7sXWvxE0+CoyFgDQ="; 16 16 + rev = "6c2c21dfc871f8cb9c33a77fe7db01419b6ad97d"; 17 17 + sha256 = "qe8cHGf8X7JjjoiRQ/S3q/WhyvgrMEwsCo7QoQkmg5w="; 18 18 }; 19 19 20 20 nativeBuildInputs = [

+23 -10

pkgs/tools/networking/chrony/default.nix

··· 1 1 - { lib, stdenv, fetchurl, pkg-config, libcap, readline, texinfo, nss, nspr 2 2 - , libseccomp, pps-tools, gnutls }: 1 1 + { lib, stdenv, fetchurl, pkg-config 2 2 + , gnutls, libedit, nspr, nss, readline, texinfo 3 3 + , libcap, libseccomp, pps-tools 4 4 + }: 3 5 4 6 stdenv.mkDerivation rec { 5 7 pname = "chrony"; ··· 7 9 8 10 src = fetchurl { 9 11 url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz"; 10 10 - sha256 = "sha256-nQ2oiahl8ImlohYQ/7ZxPjyUOM4wOmO0nC+26v9biAQ="; 12 12 + hash = "sha256-nQ2oiahl8ImlohYQ/7ZxPjyUOM4wOmO0nC+26v9biAQ="; 11 13 }; 12 14 15 15 + outputs = [ "out" "man" ]; 16 16 + 17 17 + nativeBuildInputs = [ pkg-config ]; 18 18 + 19 19 + buildInputs = [ gnutls libedit nspr nss readline texinfo ] 20 20 + ++ lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ]; 21 21 + 22 22 + configureFlags = [ 23 23 + "--enable-ntp-signd" 24 24 + "--sbindir=$(out)/bin" 25 25 + "--chronyrundir=/run/chrony" 26 26 + ] ++ lib.optional stdenv.isLinux "--enable-scfilter"; 27 27 + 28 28 + patches = [ 29 29 + # Cleanup the installation script 30 30 + ./makefile.patch 31 31 + ]; 32 32 + 13 33 postPatch = '' 14 34 patchShebangs test 15 35 ''; 16 36 17 17 - buildInputs = [ readline texinfo nss nspr gnutls ] 18 18 - ++ lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ]; 19 19 - nativeBuildInputs = [ pkg-config ]; 20 20 - 21 37 hardeningEnable = [ "pie" ]; 22 22 - 23 23 - configureFlags = [ "--chronyvardir=$(out)/var/lib/chrony" "--enable-ntp-signd" ] 24 24 - ++ lib.optional stdenv.isLinux "--enable-scfilter"; 25 38 26 39 meta = with lib; { 27 40 description = "Sets your computer's clock from time servers on the Net";

+23

pkgs/tools/networking/chrony/makefile.patch

··· 1 1 + diff --git a/Makefile.in b/Makefile.in 2 2 + index ef100a4..47f54f4 100644 3 3 + --- a/Makefile.in 4 4 + +++ b/Makefile.in 5 5 + @@ -23,7 +23,7 @@ 6 6 + 7 7 + SYSCONFDIR = @SYSCONFDIR@ 8 8 + BINDIR = @BINDIR@ 9 9 + -SBINDIR = @SBINDIR@ 10 10 + +SBINDIR = @BINDIR@ 11 11 + LOCALSTATEDIR = @LOCALSTATEDIR@ 12 12 + CHRONYVARDIR = @CHRONYVARDIR@ 13 13 + DESTDIR = 14 14 + @@ -86,9 +86,7 @@ getdate : 15 15 + 16 16 + install: chronyd chronyc 17 17 + [ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR) 18 18 + - [ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR) 19 19 + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) 20 20 + - [ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR) 21 21 + if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi 22 22 + if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi 23 23 + cp chronyd $(DESTDIR)$(SBINDIR)/chronyd

+9 -10

pkgs/tools/networking/shadowsocks-rust/default.nix

··· 1 1 - { lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, CoreServices, libiconv }: 1 1 + { lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, Security, CoreServices }: 2 2 3 3 rustPlatform.buildRustPackage rec { 4 4 pname = "shadowsocks-rust"; 5 5 - version = "1.14.3"; 5 5 + version = "1.15.2"; 6 6 7 7 src = fetchFromGitHub { 8 8 rev = "v${version}"; 9 9 owner = "shadowsocks"; 10 10 repo = pname; 11 11 - sha256 = "sha256-tRiziyCw1Qpm22RtZHeKt4VFReJidFHsPxPSjxIA3hA="; 11 11 + hash = "sha256-CvAOvtC5U2njQuUjFxjnGeqhuxrCw4XI6goo1TxIhIU="; 12 12 }; 13 13 14 14 - cargoSha256 = "sha256-snnzNb1yJ8L5pMvNNEIf5hZOpFV6DKOWGtGP1T3YTWg="; 14 14 + cargoHash = "sha256-ctZlYo82M7GKVvrEkw/7+aH9R0MeEsyv3IKl9k4SbiA="; 15 15 16 16 - RUSTC_BOOTSTRAP = 1; 16 16 + nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; 17 17 18 18 - nativeBuildInputs = [ pkg-config ]; 19 19 - 20 20 - buildInputs = [ openssl ] 21 21 - ++ lib.optionals stdenv.isDarwin [ CoreServices libiconv ]; 18 18 + buildInputs = lib.optionals stdenv.isLinux [ openssl ] 19 19 + ++ lib.optionals stdenv.isDarwin [ Security CoreServices ]; 22 20 23 21 cargoBuildFlags = [ 24 22 "--features=aead-cipher-extra,local-dns,local-http-native-tls,local-redir,local-tun" ··· 36 34 ]; 37 35 38 36 meta = with lib; { 37 37 + description = "A Rust port of Shadowsocks"; 39 38 homepage = "https://github.com/shadowsocks/shadowsocks-rust"; 40 40 - description = "A Rust port of shadowsocks"; 39 39 + changelog = "https://github.com/shadowsocks/shadowsocks-rust/raw/v${version}/debian/changelog"; 41 40 license = licenses.mit; 42 41 maintainers = [ maintainers.marsam ]; 43 42 };

+9 -1

pkgs/tools/nix/nixdoc/default.nix

··· 1 1 - { lib, stdenv, fetchFromGitHub, rustPlatform, darwin }: 1 1 + { lib, stdenv, fetchFromGitHub, fetchpatch, rustPlatform, darwin }: 2 2 3 3 rustPlatform.buildRustPackage rec { 4 4 pname = "nixdoc"; ··· 10 10 rev = "v${version}"; 11 11 sha256 = "14d4dq06jdqazxvv7fq5872zy0capxyb0fdkp8qg06gxl1iw201s"; 12 12 }; 13 13 + 14 14 + patches = [ 15 15 + # Support nested identifiers https://github.com/nix-community/nixdoc/pull/27 16 16 + (fetchpatch { 17 17 + url = "https://github.com/nix-community/nixdoc/pull/27/commits/ea542735bf675fe2ccd37edaffb9138d1a8c1b7e.patch"; 18 18 + sha256 = "1fmz44jv2r9qsnjxvkkjfb0safy69l4x4vx1g5gisrp8nwdn94rj"; 19 19 + }) 20 20 + ]; 13 21 14 22 buildInputs = lib.optionals stdenv.isDarwin [ darwin.Security ]; 15 23

+2 -1

pkgs/tools/security/gnupg/23.nix

··· 57 57 "--with-ksba-prefix=${libksba.dev}" 58 58 "--with-npth-prefix=${npth}" 59 59 ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" 60 60 - ++ lib.optional withTpm2Tss "--with-tss=intel"; 60 60 + ++ lib.optional withTpm2Tss "--with-tss=intel" 61 61 + ++ lib.optional stdenv.isDarwin "--disable-ccid-driver"; 61 62 postInstall = if enableMinimal 62 63 then '' 63 64 rm -r $out/{libexec,sbin,share}

+1

pkgs/top-level/aliases.nix

··· 633 633 634 634 ### I ### 635 635 636 636 + i3-gaps = i3; # Added 2023-01-03 636 637 i3cat = throw "i3cat has been dropped due to the lack of maintanence from upstream since 2016"; # Added 2022-06-02 637 638 iana_etc = throw "'iana_etc' has been renamed to/replaced by 'iana-etc'"; # Converted to throw 2022-02-22 638 639 iasl = throw "iasl has been removed, use acpica-tools instead"; # Added 2021-08-08

+7 -4

pkgs/top-level/all-packages.nix

··· 1543 1543 1544 1544 ### APPLICATIONS/VERSION-MANAGEMENT 1545 1545 1546 1546 + deepgit = callPackage ../applications/version-management/deepgit {}; 1547 1547 + 1546 1548 git = callPackage ../applications/version-management/git { 1547 1549 inherit (darwin.apple_sdk.frameworks) CoreServices Security; 1548 1550 perlLibs = [perlPackages.LWP perlPackages.URI perlPackages.TermReadKey]; ··· 11594 11596 shabnam-fonts = callPackage ../data/fonts/shabnam-fonts { }; 11595 11597 11596 11598 shadowsocks-rust = callPackage ../tools/networking/shadowsocks-rust { 11597 11597 - inherit (darwin.apple_sdk.frameworks) CoreServices; 11599 11599 + inherit (darwin.apple_sdk.frameworks) Security CoreServices; 11598 11600 }; 11599 11601 11600 11602 shadowsocks-v2ray-plugin = callPackage ../tools/networking/shadowsocks-v2ray-plugin { }; ··· 14521 14523 gcc-arm-embedded-9 = callPackage ../development/compilers/gcc-arm-embedded/9 {}; 14522 14524 gcc-arm-embedded-10 = callPackage ../development/compilers/gcc-arm-embedded/10 {}; 14523 14525 gcc-arm-embedded-11 = callPackage ../development/compilers/gcc-arm-embedded/11 {}; 14524 14524 - gcc-arm-embedded = gcc-arm-embedded-11; 14526 14526 + gcc-arm-embedded-12 = callPackage ../development/compilers/gcc-arm-embedded/12 {}; 14527 14527 + gcc-arm-embedded = gcc-arm-embedded-12; 14525 14528 14526 14529 # Has to match the default gcc so that there are no linking errors when 14527 14530 # using C/C++ libraries in D packages ··· 27108 27111 nordzy-icon-theme = callPackage ../data/icons/nordzy-icon-theme { }; 27109 27112 27110 27113 inherit (callPackages ../data/fonts/noto-fonts {}) 27114 27114 + mkNoto 27111 27115 noto-fonts 27116 27116 + noto-fonts-lgc-plus 27112 27117 noto-fonts-cjk-sans 27113 27118 noto-fonts-cjk-serif 27114 27119 noto-fonts-emoji ··· 29845 29850 }; 29846 29851 29847 29852 i3-auto-layout = callPackage ../applications/window-managers/i3/auto-layout.nix { }; 29848 29848 - 29849 29849 - i3-gaps = callPackage ../applications/window-managers/i3/gaps.nix { }; 29850 29853 29851 29854 i3-rounded = callPackage ../applications/window-managers/i3/rounded.nix { }; 29852 29855