commit e9ba460b8beb50e071b29ec042b672eb30483b84 · pyrox.dev/nixpkgs

+1 -1

nixos/modules/services/monitoring/grafana.nix

··· 792 792 SystemCallArchitectures = "native"; 793 793 # Upstream grafana is not setting SystemCallFilter for compatibility 794 794 # reasons, see https://github.com/grafana/grafana/pull/40176 795 - SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; 795 + SystemCallFilter = [ "@system-service" "~@privileged" ]; 796 796 UMask = "0027"; 797 797 }; 798 798 preStart = ''

+11 -3

pkgs/applications/misc/gpxsee/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, qmake, qttools, qttranslations, qtlocation, qtpbfimageplugin, wrapQtAppsHook, substituteAll }: 1 + { lib, stdenv, fetchFromGitHub, nix-update-script, substituteAll 2 + , qmake, qttools, qttranslations, qtlocation, qtpbfimageplugin, wrapQtAppsHook 3 + }: 2 4 3 5 stdenv.mkDerivation rec { 4 6 pname = "gpxsee"; 5 - version = "11.3"; 7 + version = "11.4"; 6 8 7 9 src = fetchFromGitHub { 8 10 owner = "tumic0"; 9 11 repo = "GPXSee"; 10 12 rev = version; 11 - sha256 = "sha256-n8busir6IYyWyGOv9AzYjm8erR0fjMAduIzITH+EvVI="; 13 + hash = "sha256-aePX82B810I45n2t0OVCt1FlmkVKWgNgzCD71lYyngU="; 12 14 }; 13 15 14 16 patches = (substituteAll { ··· 29 31 mkdir -p $out/Applications 30 32 mv GPXSee.app $out/Applications 31 33 ''; 34 + 35 + passthru = { 36 + updateScript = nix-update-script { 37 + attrPath = pname; 38 + }; 39 + }; 32 40 33 41 meta = with lib; { 34 42 description = "GPS log file viewer and analyzer";

+3 -3

pkgs/applications/networking/syncthing/default.nix

··· 4 4 common = { stname, target, postInstall ? "" }: 5 5 buildGoModule rec { 6 6 pname = stname; 7 - version = "1.20.4"; 7 + version = "1.21.0"; 8 8 9 9 src = fetchFromGitHub { 10 10 owner = "syncthing"; 11 11 repo = "syncthing"; 12 12 rev = "v${version}"; 13 - hash = "sha256-umnlYvCtT+76Yer17T7ZvWJ5sUdXu+7kiRikrmWrIM8="; 13 + hash = "sha256-Qgp9fo3yZabxsCFhn7U9B2AcVSUb9GCzm7B81HrI1jY="; 14 14 }; 15 15 16 - vendorSha256 = "sha256-CJFKY69Iz8GrVpvUdDveMQQFj6RXApfgYjP7B1wfgfo="; 16 + vendorSha256 = "sha256-rde7oyEZA8uGmkvz078Cu+aFrn9TuLTv0i7SW0ytyxU="; 17 17 18 18 doCheck = false; 19 19

+3 -3

pkgs/applications/terminal-emulators/wezterm/default.nix

··· 29 29 30 30 rustPlatform.buildRustPackage rec { 31 31 pname = "wezterm"; 32 - version = "20220903-194523-3bb1ed61"; 32 + version = "20220905-102802-7d4b8249"; 33 33 34 34 src = fetchFromGitHub { 35 35 owner = "wez"; 36 36 repo = pname; 37 37 rev = version; 38 38 fetchSubmodules = true; 39 - sha256 = "sha256-R5DFBO6U1hVDCjvvNF2nDoldl+mzkrjaXR5rIPCosmM="; 39 + sha256 = "sha256-Xvi0bluLM4F3BFefIPhkhTF3dmRvP8u+qV70Rz4CGKI="; 40 40 }; 41 41 42 42 postPatch = '' ··· 46 46 rm -r wezterm-ssh/tests 47 47 ''; 48 48 49 - cargoSha256 = "sha256-x2n8ti9zk+h2MrwDg/FgRWTQJmCAckxE2fOHgrWdayA="; 49 + cargoSha256 = "sha256-XJAeMDwtLtBzHMU/cb3lZgmcw5F3ifjKzKVmuP85/RY="; 50 50 51 51 nativeBuildInputs = [ 52 52 pkg-config

+22

pkgs/development/python-modules/assay/default.nix

··· 1 + { lib, buildPythonPackage, fetchFromGitHub }: 2 + 3 + buildPythonPackage rec { 4 + pname = "assay"; 5 + version = "unstable-2022-01-19"; 6 + 7 + src = fetchFromGitHub { 8 + owner = "brandon-rhodes"; 9 + repo = pname; 10 + rev = "bb62d1f7d51d798b05a88045fff3a2ff92c299c3"; 11 + sha256 = "sha256-FuAD74mFJ9F9AMgB3vPmODAlZKgPR7FQ4yn7HEBS5Rw="; 12 + }; 13 + 14 + pythonImportsCheck = [ "assay" ]; 15 + 16 + meta = with lib; { 17 + homepage = "https://github.com/brandon-rhodes/assay"; 18 + description = "Attempt to write a Python testing framework I can actually stand"; 19 + license = licenses.mit; 20 + maintainers = with maintainers; [ zane ]; 21 + }; 22 + }

+2 -2

pkgs/development/python-modules/cairo-lang/default.nix

··· 29 29 30 30 buildPythonPackage rec { 31 31 pname = "cairo-lang"; 32 - version = "0.9.1"; 32 + version = "0.10.0"; 33 33 34 34 src = fetchzip { 35 35 url = "https://github.com/starkware-libs/cairo-lang/releases/download/v${version}/cairo-lang-${version}.zip"; 36 - sha256 = "sha256-i4030QLG6PssfKD5FO4VrZxap19obMZ3Aa77p5MXlNY="; 36 + sha256 = "sha256-+PE7RSKEGADbue63FoT6UBOwURJs7lBNkL7aNlpSxP8="; 37 37 }; 38 38 39 39 # TODO: remove a substantial part when https://github.com/starkware-libs/cairo-lang/pull/88/files is merged.

+28

pkgs/development/python-modules/jplephem/default.nix

··· 1 + { lib, buildPythonPackage, fetchPypi, numpy, pytestCheckHook }: 2 + 3 + buildPythonPackage rec { 4 + pname = "jplephem"; 5 + version = "2.17"; 6 + 7 + src = fetchPypi { 8 + inherit pname version; 9 + sha256 = "sha256-4cblVlxNAEhfEGMkG00e/wRFhcIrjpf60P8vbvuKqic="; 10 + }; 11 + 12 + propagatedBuildInputs = [ numpy ]; 13 + 14 + # Weird import error, only happens in testing: 15 + # File "/build/jplephem-2.17/jplephem/daf.py", line 10, in <module> 16 + # from numpy import array as numpy_array, ndarray 17 + # ImportError: cannot import name 'array' from 'sys' (unknown location) 18 + doCheck = false; 19 + 20 + pythonImportsCheck = [ "jplephem" ]; 21 + 22 + meta = with lib; { 23 + homepage = "https://github.com/brandon-rhodes/python-jplephem/"; 24 + description = "Python version of NASA DE4xx ephemerides, the basis for the Astronomical Alamanac"; 25 + license = licenses.mit; 26 + maintainers = with maintainers; [ zane ]; 27 + }; 28 + }

+3 -3

pkgs/development/python-modules/niapy/default.nix

··· 11 11 12 12 buildPythonPackage rec { 13 13 pname = "niapy"; 14 - version = "2.0.2"; 14 + version = "2.0.3"; 15 15 format = "setuptools"; 16 16 17 17 disabled = pythonOlder "3.7"; ··· 19 19 src = fetchFromGitHub { 20 20 owner = "NiaOrg"; 21 21 repo = "NiaPy"; 22 - rev = version; 23 - hash = "sha256-b/0TEO27fPuoPzkNBCwgUqBG+8htOR2ipFikpqjYdnM="; 22 + rev = "refs/tags/${version}"; 23 + hash = "sha256-h3bCitNFjw2WQtsQFR25VJlNVMojdfik+lrPMKwp8Mw="; 24 24 }; 25 25 26 26 propagatedBuildInputs = [

+22

pkgs/development/python-modules/sgp4/default.nix

··· 1 + { lib, buildPythonPackage, fetchPypi, tox, numpy }: 2 + 3 + buildPythonPackage rec { 4 + pname = "sgp4"; 5 + version = "2.21"; 6 + 7 + src = fetchPypi { 8 + inherit pname version; 9 + sha256 = "sha256-YXm4dQRId+lBYzwgr3ci/SMaiNiomvAb8wvWTzPN7O8="; 10 + }; 11 + 12 + checkInputs = [ tox numpy ]; 13 + 14 + pythonImportsCheck = [ "sgp4" ]; 15 + 16 + meta = with lib; { 17 + homepage = "https://github.com/brandon-rhodes/python-sgp4"; 18 + description = "Python version of the SGP4 satellite position library"; 19 + license = licenses.mit; 20 + maintainers = with maintainers; [ zane ]; 21 + }; 22 + }

+37

pkgs/development/python-modules/skyfield/default.nix

··· 1 + { lib, buildPythonPackage, fetchFromGitHub, certifi, numpy, sgp4, jplephem 2 + , pandas, ipython, matplotlib, assay 3 + }: 4 + 5 + buildPythonPackage rec { 6 + pname = "skyfield"; 7 + version = "1.42"; 8 + 9 + src = fetchFromGitHub { 10 + owner = "skyfielders"; 11 + repo = "python-skyfield"; 12 + rev = version; 13 + sha256 = "sha256-aoSkuLhZcEy+13EJQOBHV2/rgmN6aZQHqfj4OOirOG0="; 14 + }; 15 + 16 + propagatedBuildInputs = [ certifi numpy sgp4 jplephem ]; 17 + 18 + checkInputs = [ pandas ipython matplotlib assay ]; 19 + 20 + checkPhase = '' 21 + runHook preCheck 22 + 23 + cd ci 24 + assay --batch skyfield.tests 25 + 26 + runHook postCheck 27 + ''; 28 + 29 + pythonImportsCheck = [ "skyfield" ]; 30 + 31 + meta = with lib; { 32 + homepage = "https://github.com/skyfielders/python-skyfield"; 33 + description = "Elegant astronomy for Python"; 34 + license = licenses.mit; 35 + maintainers = with maintainers; [ zane ]; 36 + }; 37 + }

+40

pkgs/os-specific/linux/ksmbd-tools/default.nix

··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , autoconf 5 + , automake 6 + , glib 7 + , libkrb5 8 + , libnl 9 + , libtool 10 + , pkg-config 11 + , withKerberos ? false 12 + }: 13 + 14 + stdenv.mkDerivation rec { 15 + pname = "ksmbd-tools"; 16 + version = "3.4.5"; 17 + 18 + src = fetchFromGitHub { 19 + owner = "cifsd-team"; 20 + repo = pname; 21 + rev = version; 22 + sha256 = "sha256-sSCLXNdVUAdk+GnFlVx/BsAzyfz0KDdugJ1isrOztgs="; 23 + }; 24 + 25 + buildInputs = [ glib libnl ] ++ lib.optional withKerberos libkrb5; 26 + 27 + nativeBuildInputs = [ autoconf automake libtool pkg-config ]; 28 + 29 + preConfigure = "./autogen.sh"; 30 + 31 + configureFlags = lib.optional withKerberos "--enable-krb5"; 32 + 33 + meta = with lib; { 34 + description = "Userspace utilities for the ksmbd kernel SMB server"; 35 + homepage = "https://www.kernel.org/doc/html/latest/filesystems/cifs/ksmbd.html"; 36 + license = licenses.gpl2; 37 + platforms = platforms.linux; 38 + maintainers = with maintainers; [ elohmeier ]; 39 + }; 40 + }

+27 -19

pkgs/servers/http/envoy/default.nix

··· 1 1 { lib 2 - , bazel_4 2 + , bazel_5 3 3 , buildBazelPackage 4 4 , fetchFromGitHub 5 - , fetchpatch 6 5 , stdenv 7 6 , cmake 8 7 , gn 9 8 , go 10 9 , jdk 11 10 , ninja 11 + , patchelf 12 12 , python3 13 13 , linuxHeaders 14 14 , nixosTests ··· 23 23 # However, the version string is more useful for end-users. 24 24 # These are contained in a attrset of their own to make it obvious that 25 25 # people should update both. 26 - version = "1.21.4"; 27 - rev = "782ba5e5ab9476770378ec9f1901803e0d38ac41"; 26 + version = "1.23.1"; 27 + rev = "edd69583372955fdfa0b8ca3820dd7312c094e46"; 28 28 }; 29 29 in 30 30 buildBazelPackage rec { 31 31 pname = "envoy"; 32 32 inherit (srcVer) version; 33 - bazel = bazel_4; 33 + bazel = bazel_5; 34 34 src = fetchFromGitHub { 35 35 owner = "envoyproxy"; 36 36 repo = "envoy"; 37 37 inherit (srcVer) rev; 38 - hash = "sha256-SthKDMQs5yNU0iouAPVsDeCPKcsBXmO9ebDwu58UQRs="; 38 + sha256 = "sha256:157dbmp479xv5507n48yibvlgi2ac0l3sl9rzm28cm9lhzwva3k0"; 39 39 40 40 postFetch = '' 41 41 chmod -R +w $out ··· 48 48 postPatch = '' 49 49 sed -i 's,#!/usr/bin/env python3,#!${python3}/bin/python,' bazel/foreign_cc/luajit.patch 50 50 sed -i '/javabase=/d' .bazelrc 51 - # Patch paths to build tools, and disable gold because it just segfaults. 52 - substituteInPlace bazel/external/wee8.genrule_cmd \ 53 - --replace '"''$$gn"' '"''$$(command -v gn)"' \ 54 - --replace '"''$$ninja"' '"''$$(command -v ninja)"' \ 55 - --replace '"''$$WEE8_BUILD_ARGS"' '"''$$WEE8_BUILD_ARGS use_gold=false"' 51 + 52 + # Use system Python. 53 + sed -i -e '/python_interpreter_target =/d' -e '/@python3_10/d' bazel/python_dependencies.bzl 56 54 ''; 57 55 58 56 patches = [ 59 - # make linux/tcp.h relative. drop when upgrading to >1.21 60 - (fetchpatch { 61 - url = "https://github.com/envoyproxy/envoy/commit/68448aae7a78a3123097b6ea96016b270457e7b8.patch"; 62 - sha256 = "123kv3x37p8fgfp29jhw5xg5js5q5ipibs8hsm7gzfd5bcllnpfh"; 63 - }) 64 - 65 57 # fix issues with brotli and GCC 11.2.0+ (-Werror=vla-parameter) 66 58 ./bump-brotli.patch 67 59 68 60 # fix linux-aarch64 WAMR builds 69 61 # (upstream WAMR only detects aarch64 on Darwin, not Linux) 70 62 ./fix-aarch64-wamr.patch 63 + 64 + # use system Python, not bazel-fetched binary Python 65 + ./use-system-python.patch 71 66 ]; 72 67 73 68 nativeBuildInputs = [ ··· 77 72 go 78 73 jdk 79 74 ninja 75 + patchelf 80 76 ]; 81 77 82 78 buildInputs = [ ··· 85 81 86 82 fetchAttrs = { 87 83 sha256 = { 88 - x86_64-linux = "sha256-/SA+WFHcMjk6iLwuEmuBIzy3pMhw7TThIEx292dv6IE="; 89 - aarch64-linux = "sha256-0XdeirdIP7+nKy8zZbr2uHN2RZ4ZFOJt9i/+Ow1s/W4="; 84 + x86_64-linux = "0y3gpvx148bnn6kljdvkg99m681vw39l0avrhvncbf62hvpifqkw"; 85 + aarch64-linux = "0lln5mdlskahz5hb4w268ys2ksy3051drrwlhracmk4i7rpm7fq3"; 90 86 }.${stdenv.system} or (throw "unsupported system ${stdenv.system}"); 91 87 dontUseCmakeConfigure = true; 92 88 dontUseGnConfigure = true; ··· 95 91 find $bazelOut/external -name requirements.bzl | while read requirements; do 96 92 sed -i '/# Generated from /d' "$requirements" 97 93 done 94 + find $bazelOut/external -type f -executable | while read execbin; do 95 + file "$execbin" | grep -q ': ELF .*, dynamically linked,' || continue 96 + patchelf \ 97 + --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ 98 + "$execbin" 99 + done 98 100 99 101 # Remove references to paths in the Nix store. 100 102 sed -i \ ··· 138 140 "--cxxopt=-Wno-maybe-uninitialized" 139 141 "--cxxopt=-Wno-uninitialized" 140 142 "--cxxopt=-Wno-error=type-limits" 143 + "--cxxopt=-Wno-error=range-loop-construct" 144 + 145 + # Force use of system Java. 146 + "--extra_toolchains=@local_jdk//:all" 147 + "--java_runtime_version=local_jdk" 148 + "--tool_java_runtime_version=local_jdk" 141 149 142 150 "--define=wasm=${wasmRuntime}" 143 151 ];

+58

pkgs/servers/http/envoy/use-system-python.patch

··· 1 + diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl 2 + index d9dfb14a9b..b8e92452a7 100644 3 + --- a/bazel/python_dependencies.bzl 4 + +++ b/bazel/python_dependencies.bzl 5 + @@ -1,10 +1,8 @@ 6 + load("@rules_python//python:pip.bzl", "pip_install", "pip_parse") 7 + -load("@python3_10//:defs.bzl", "interpreter") 8 + 9 + def envoy_python_dependencies(): 10 + pip_parse( 11 + name = "base_pip3", 12 + - python_interpreter_target = interpreter, 13 + requirements_lock = "@envoy//tools/base:requirements.txt", 14 + extra_pip_args = ["--require-hashes"], 15 + ) 16 + @@ -12,14 +10,12 @@ def envoy_python_dependencies(): 17 + # These need to use `pip_install` 18 + pip_install( 19 + # Note: dev requirements do *not* check hashes 20 + - python_interpreter_target = interpreter, 21 + name = "dev_pip3", 22 + requirements = "@envoy//tools/dev:requirements.txt", 23 + ) 24 + 25 + pip_install( 26 + name = "fuzzing_pip3", 27 + - python_interpreter_target = interpreter, 28 + requirements = "@rules_fuzzing//fuzzing:requirements.txt", 29 + extra_pip_args = ["--require-hashes"], 30 + ) 31 + diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl 32 + index 885b41dec6..ac5605eb30 100644 33 + --- a/bazel/repositories_extra.bzl 34 + +++ b/bazel/repositories_extra.bzl 35 + @@ -1,22 +1,12 @@ 36 + load("@emsdk//:deps.bzl", emsdk_deps = "deps") 37 + -load("@rules_python//python:repositories.bzl", "python_register_toolchains") 38 + load("@proxy_wasm_cpp_host//bazel/cargo/wasmtime:crates.bzl", "wasmtime_fetch_remote_crates") 39 + load("//bazel/external/cargo:crates.bzl", "raze_fetch_remote_crates") 40 + load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies") 41 + 42 + -# Python version for `rules_python` 43 + -PYTHON_VERSION = "3.10.2" 44 + - 45 + # Envoy deps that rely on a first stage of dependency loading in envoy_dependencies(). 46 + -def envoy_dependencies_extra(python_version = PYTHON_VERSION): 47 + +def envoy_dependencies_extra(): 48 + emsdk_deps() 49 + raze_fetch_remote_crates() 50 + wasmtime_fetch_remote_crates() 51 + 52 + - # Registers underscored Python minor version - eg `python3_10` 53 + - python_register_toolchains( 54 + - name = "python%s" % ("_".join(python_version.split(".")[:-1])), 55 + - python_version = python_version, 56 + - ) 57 + - 58 + aspect_bazel_lib_dependencies()

+44 -9

pkgs/servers/http/pomerium/default.nix

··· 1 1 { buildGoModule 2 2 , fetchFromGitHub 3 + , callPackage 3 4 , lib 4 5 , envoy 5 - , zip 6 + , mkYarnPackage 7 + , fetchYarnDeps 6 8 , nixosTests 7 9 , pomerium-cli 8 10 }: ··· 12 14 in 13 15 buildGoModule rec { 14 16 pname = "pomerium"; 15 - version = "0.17.1"; 17 + version = "0.19.0"; 16 18 src = fetchFromGitHub { 17 19 owner = "pomerium"; 18 20 repo = "pomerium"; 19 21 rev = "v${version}"; 20 - hash = "sha256:0b9mdzyfn7c6gwgslqk787yyrrcmdjf3282vx2zvhcr3psz0xqwx"; 22 + sha256 = "sha256:0s5ji1iywymzxlv89y3ivl5vngkifhbpidpwxdrh969l3c5r4klf"; 23 + }; 24 + 25 + vendorSha256 = "sha256:1p78nb7bryvs7p5iq6ihylflyjia60x4hd9c62ffwz37dwqlbi33"; 26 + 27 + ui = mkYarnPackage { 28 + inherit version; 29 + src = "${src}/ui"; 30 + 31 + # update pomerium-ui-package.json when updating package, sourced from ui/package.json 32 + packageJSON = ./pomerium-ui-package.json; 33 + offlineCache = fetchYarnDeps { 34 + yarnLock = "${src}/ui/yarn.lock"; 35 + sha256 = "sha256:1n6swanrds9hbd4yyfjzpnfhsb8fzj1pwvvcg3w7b1cgnihclrmv"; 36 + }; 37 + 38 + buildPhase = '' 39 + runHook preBuild 40 + yarn --offline build 41 + runHook postbuild 42 + ''; 43 + 44 + installPhase = '' 45 + runHook preInstall 46 + cp -R deps/pomerium/dist $out 47 + runHook postInstall 48 + ''; 49 + 50 + doDist = false; 21 51 }; 22 52 23 - vendorSha256 = "sha256:1cq4m5a7z64yg3v1c68d15ilw78il6p53vaqzxgn338zjggr3kig"; 24 53 subPackages = [ 25 54 "cmd/pomerium" 26 55 ]; 56 + 57 + # patch pomerium to allow use of external envoy 58 + patches = [ ./external-envoy.diff ]; 27 59 28 60 ldflags = let 29 61 # Set a variety of useful meta variables for stamping the build with. ··· 34 66 ProjectName = "pomerium"; 35 67 ProjectURL = "github.com/pomerium/pomerium"; 36 68 }; 37 - "github.com/pomerium/pomerium/internal/envoy" = { 69 + "github.com/pomerium/pomerium/pkg/envoy" = { 38 70 OverrideEnvoyPath = "${envoy}/bin/envoy"; 39 71 }; 40 72 }; ··· 54 86 # Replace embedded envoy with nothing. 55 87 # We set OverrideEnvoyPath above, so rawBinary should never get looked at 56 88 # but we still need to set a checksum/version. 57 - rm internal/envoy/files/files_{darwin,linux}*.go 58 - cat <<EOF >internal/envoy/files/files_generic.go 89 + rm pkg/envoy/files/files_{darwin,linux}*.go 90 + cat <<EOF >pkg/envoy/files/files_external.go 59 91 package files 60 92 61 93 import _ "embed" // embed ··· 68 100 //go:embed envoy.version 69 101 var rawVersion string 70 102 EOF 71 - sha256sum '${envoy}/bin/envoy' > internal/envoy/files/envoy.sha256 72 - echo '${envoy.version}' > internal/envoy/files/envoy.version 103 + sha256sum '${envoy}/bin/envoy' > pkg/envoy/files/envoy.sha256 104 + echo '${envoy.version}' > pkg/envoy/files/envoy.version 105 + 106 + # put the built UI files where they will be picked up as part of binary build 107 + cp -r ${ui}/* ui/dist 73 108 ''; 74 109 75 110 installPhase = ''

+48

pkgs/servers/http/pomerium/external-envoy.diff

··· 1 + diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go 2 + index e32cfc29..9d32c057 100644 3 + --- a/pkg/envoy/envoy.go 4 + +++ b/pkg/envoy/envoy.go 5 + @@ -8,9 +8,9 @@ import ( 6 + "errors" 7 + "fmt" 8 + "io" 9 + + "io/fs" 10 + "os" 11 + "os/exec" 12 + - "path" 13 + "path/filepath" 14 + "regexp" 15 + "strconv" 16 + @@ -36,8 +36,12 @@ import ( 17 + 18 + const ( 19 + configFileName = "envoy-config.yaml" 20 + + workingDirectoryName = ".pomerium-envoy" 21 + + embeddedEnvoyPermissions fs.FileMode = 0o700 22 + ) 23 + 24 + +var OverrideEnvoyPath = "" 25 + + 26 + type serverOptions struct { 27 + services string 28 + logLevel string 29 + @@ -60,13 +64,16 @@ type Server struct { 30 + 31 + // NewServer creates a new server with traffic routed by envoy. 32 + func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) { 33 + - envoyPath, err := Extract() 34 + + envoyPath := OverrideEnvoyPath 35 + + wd := filepath.Join(os.TempDir(), workingDirectoryName) 36 + + 37 + + err := os.MkdirAll(wd, embeddedEnvoyPermissions) 38 + if err != nil { 39 + - return nil, fmt.Errorf("extracting envoy: %w", err) 40 + + return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err) 41 + } 42 + 43 + srv := &Server{ 44 + - wd: path.Dir(envoyPath), 45 + + wd: wd, 46 + builder: builder, 47 + grpcPort: src.GetConfig().GRPCPort, 48 + httpPort: src.GetConfig().HTTPPort,

+61

pkgs/servers/http/pomerium/pomerium-ui-package.json

··· 1 + { 2 + "name": "pomerium", 3 + "version": "1.0.0", 4 + "main": "src/index.tsx", 5 + "license": "Apache-2.0", 6 + "scripts": { 7 + "build": "ts-node ./scripts/esbuild.ts", 8 + "format": "prettier --write .", 9 + "lint": "eslint .", 10 + "watch": "ts-node ./scripts/esbuild.ts --watch" 11 + }, 12 + "browserslist": { 13 + "production": [ 14 + ">0.2%", 15 + "not dead", 16 + "not op_mini all" 17 + ], 18 + "development": [ 19 + "last 1 chrome version", 20 + "last 1 firefox version", 21 + "last 1 safari version" 22 + ] 23 + }, 24 + "dependencies": { 25 + "@babel/core": "^7.0.0", 26 + "@emotion/react": "^11.7.1", 27 + "@emotion/styled": "^11.6.0", 28 + "@fontsource/dm-mono": "^4.5.2", 29 + "@fontsource/dm-sans": "^4.5.1", 30 + "@mui/icons-material": "^5.3.1", 31 + "@mui/material": "^5.4.0", 32 + "luxon": "^2.3.0", 33 + "markdown-to-jsx": "^7.1.7", 34 + "react": "^17.0.2", 35 + "react-dom": "^17.0.2", 36 + "react-feather": "^2.0.9" 37 + }, 38 + "devDependencies": { 39 + "@trivago/prettier-plugin-sort-imports": "2.0.4", 40 + "@types/luxon": "^2.0.9", 41 + "@types/node": "^17.0.14", 42 + "@types/react": "^17.0.34", 43 + "@types/react-dom": "^17.0.11", 44 + "@typescript-eslint/eslint-plugin": "^5.10.2", 45 + "@typescript-eslint/parser": "^5.10.2", 46 + "esbuild": "^0.13.12", 47 + "eslint": "7.32.0", 48 + "eslint-config-prettier": "^8.3.0", 49 + "eslint-plugin-react": "^7.28.0", 50 + "prettier": "^2.4.1", 51 + "ts-node": "^10.4.0", 52 + "typescript": "^4.4.4" 53 + }, 54 + "prettier": { 55 + "importOrder": [ 56 + "^[./]" 57 + ], 58 + "importOrderSeparation": true, 59 + "importOrderSortSpecifiers": true 60 + } 61 + }

+2 -2

pkgs/servers/tautulli/default.nix

··· 2 2 3 3 buildPythonApplication rec { 4 4 pname = "Tautulli"; 5 - version = "2.10.2"; 5 + version = "2.10.4"; 6 6 format = "other"; 7 7 8 8 pythonPath = [ setuptools ]; ··· 12 12 owner = "Tautulli"; 13 13 repo = pname; 14 14 rev = "v${version}"; 15 - sha256 = "sha256-nEiyYpj5J95tQAFcyRlaF5VEfosCkk4cmdYKLjfeA98="; 15 + sha256 = "sha256-G7rKPDozo5IyYOqfhoZcn1obASzJx8PpQt53CCmDZek="; 16 16 }; 17 17 18 18 installPhase = ''

+2 -2

pkgs/tools/security/hashcat/default.nix

··· 8 8 9 9 stdenv.mkDerivation rec { 10 10 pname = "hashcat"; 11 - version = "6.2.5"; 11 + version = "6.2.6"; 12 12 13 13 src = fetchurl { 14 14 url = "https://hashcat.net/files/hashcat-${version}.tar.gz"; 15 - sha256 = "sha256-b2iZ162Jlln3tDpNaAmFQ6tUbSFx+OUdaR0Iplk3iWk="; 15 + sha256 = "sha256-sl4Qd7zzSQjMjxjBppouyYsEeyy88PURRNzzuh4Leyo="; 16 16 }; 17 17 18 18 nativeBuildInputs = [ makeWrapper ];

+3 -4

pkgs/tools/security/pomerium-cli/default.nix

··· 1 1 { buildGoModule 2 2 , fetchFromGitHub 3 3 , lib 4 - , pomerium 5 4 }: 6 5 7 6 let ··· 9 8 in 10 9 buildGoModule rec { 11 10 pname = "pomerium-cli"; 12 - inherit (pomerium) version; 11 + version = "0.18.0"; 13 12 14 13 src = fetchFromGitHub { 15 14 owner = "pomerium"; 16 15 repo = "cli"; 17 16 rev = "v${version}"; 18 - hash = "sha256-AZeBtHy2MEPE8uZVJv4wLdOt6f9QNbaQnP5a2YVYYAg="; 17 + sha256 = "sha256-P1aEAr+Q2wnKLq3JHQbss6SPdrYnzE8J2yp/Lu5Cg/0="; 19 18 }; 20 19 21 - vendorSha256 = "sha256-K0Vdsl6wD0eJeJRsUjiNPuGx1KPkZrlCCzdyAysVonc="; 20 + vendorSha256 = "sha256-AAdhFpFCbUU3kjVQ84sYWYrGBWD5u6f219MvVS0j9Oo="; 22 21 23 22 subPackages = [ 24 23 "cmd/pomerium-cli"

+2

pkgs/top-level/all-packages.nix

··· 1301 1301 1302 1302 kanata-with-cmd = callPackage ../tools/system/kanata { withCmd = true; }; 1303 1303 1304 + ksmbd-tools = callPackage ../os-specific/linux/ksmbd-tools { }; 1305 + 1304 1306 ksnip = libsForQt5.callPackage ../tools/misc/ksnip { }; 1305 1307 1306 1308 kubevirt = callPackage ../tools/virtualization/kubevirt { };

+8

pkgs/top-level/python-packages.nix

··· 754 754 755 755 aspy-yaml = callPackage ../development/python-modules/aspy.yaml { }; 756 756 757 + assay = callPackage ../development/python-modules/assay { }; 758 + 757 759 assertpy = callPackage ../development/python-modules/assertpy { }; 758 760 759 761 asterisk-mbox = callPackage ../development/python-modules/asterisk-mbox { }; ··· 4722 4724 journalwatch = callPackage ../tools/system/journalwatch { 4723 4725 inherit (self) systemd pytest; 4724 4726 }; 4727 + 4728 + jplephem = callPackage ../development/python-modules/jplephem { }; 4725 4729 4726 4730 jproperties = callPackage ../development/python-modules/jproperties { }; 4727 4731 ··· 9962 9966 9963 9967 sgmllib3k = callPackage ../development/python-modules/sgmllib3k { }; 9964 9968 9969 + sgp4 = callPackage ../development/python-modules/sgp4 { }; 9970 + 9965 9971 shamir-mnemonic = callPackage ../development/python-modules/shamir-mnemonic { }; 9966 9972 9967 9973 shap = callPackage ../development/python-modules/shap { }; ··· 10071 10077 skorch = callPackage ../development/python-modules/skorch { }; 10072 10078 10073 10079 skybellpy = callPackage ../development/python-modules/skybellpy { }; 10080 + 10081 + skyfield = callPackage ../development/python-modules/skyfield { }; 10074 10082 10075 10083 skytemple-dtef = callPackage ../development/python-modules/skytemple-dtef { }; 10076 10084