pyrox.dev
Merge staging-next into staging
authored by
github-actions[bot]
and committed by
GitHub
ebeb6fb7
98df8ad1
+22
-1
nixos/modules/security/wrappers/default.nix
+22
-1
nixos/modules/security/wrappers/default.nix
···
5
6
parentWrapperDir = dirOf wrapperDir;
7
8
+
# This is security-sensitive code, and glibc vulns happen from time to time.
9
+
# musl is security-focused and generally more minimal, so it's a better choice here.
10
+
# The dynamic linker is still a fairly complex piece of code, and the wrappers are
11
+
# quite small, so linking it statically is more appropriate.
12
+
securityWrapper = sourceProg : pkgs.pkgsStatic.callPackage ./wrapper.nix {
13
inherit sourceProg;
14
+
15
+
# glibc definitions of insecure environment variables
16
+
#
17
+
# We extract the single header file we need into its own derivation,
18
+
# so that we don't have to pull full glibc sources to build wrappers.
19
+
#
20
+
# They're taken from pkgs.glibc so that we don't have to keep as close
21
+
# an eye on glibc changes. Not every relevant variable is in this header,
22
+
# so we maintain a slightly stricter list in wrapper.c itself as well.
23
+
unsecvars = lib.overrideDerivation (pkgs.srcOnly pkgs.glibc)
24
+
({ name, ... }: {
25
+
name = "${name}-unsecvars";
26
+
installPhase = ''
27
+
mkdir $out
28
+
cp sysdeps/generic/unsecvars.h $out
29
+
'';
30
+
});
31
};
32
33
fileModeType =
+49
nixos/modules/security/wrappers/wrapper.c
+49
nixos/modules/security/wrappers/wrapper.c
···
17
#include <syscall.h>
18
#include <byteswap.h>
19
20
#ifndef SOURCE_PROG
21
#error SOURCE_PROG should be defined via preprocessor commandline
22
#endif
···
151
return 0;
152
}
153
154
int main(int argc, char **argv) {
155
ASSERT(argc >= 1);
156
157
// Read the capabilities set on the wrapper and raise them in to
158
// the ambient set so the program we're wrapping receives the
···
17
#include <syscall.h>
18
#include <byteswap.h>
19
20
+
// imported from glibc
21
+
#include "unsecvars.h"
22
+
23
#ifndef SOURCE_PROG
24
#error SOURCE_PROG should be defined via preprocessor commandline
25
#endif
···
154
return 0;
155
}
156
157
+
// These are environment variable aliases for glibc tunables.
158
+
// This list shouldn't grow further, since this is a legacy mechanism.
159
+
// Any future tunables are expected to only be accessible through GLIBC_TUNABLES.
160
+
//
161
+
// They are not included in the glibc-provided UNSECURE_ENVVARS list,
162
+
// since any SUID executable ignores them. This wrapper also serves
163
+
// executables that are merely granted ambient capabilities, rather than
164
+
// being SUID, and hence don't run in secure mode. We'd like them to
165
+
// defend those in depth as well, so we clear these explicitly.
166
+
//
167
+
// Except for MALLOC_CHECK_ (which is marked SXID_ERASE), these are all
168
+
// marked SXID_IGNORE (ignored in secure mode), so even the glibc version
169
+
// of this wrapper would leave them intact.
170
+
#define UNSECURE_ENVVARS_TUNABLES \
171
+
"MALLOC_CHECK_\0" \
172
+
"MALLOC_TOP_PAD_\0" \
173
+
"MALLOC_PERTURB_\0" \
174
+
"MALLOC_MMAP_THRESHOLD_\0" \
175
+
"MALLOC_TRIM_THRESHOLD_\0" \
176
+
"MALLOC_MMAP_MAX_\0" \
177
+
"MALLOC_ARENA_MAX\0" \
178
+
"MALLOC_ARENA_TEST\0"
179
+
180
int main(int argc, char **argv) {
181
ASSERT(argc >= 1);
182
+
183
+
int debug = getenv(wrapper_debug) != NULL;
184
+
185
+
// Drop insecure environment variables explicitly
186
+
//
187
+
// glibc does this automatically in SUID binaries, but we'd like to cover this:
188
+
//
189
+
// a) before it gets to glibc
190
+
// b) in binaries that are only granted ambient capabilities by the wrapper,
191
+
// but don't run with an altered effective UID/GID, nor directly gain
192
+
// capabilities themselves, and thus don't run in secure mode.
193
+
//
194
+
// We're using musl, which doesn't drop environment variables in secure mode,
195
+
// and we'd also like glibc-specific variables to be covered.
196
+
//
197
+
// If we don't explicitly unset them, it's quite easy to just set LD_PRELOAD,
198
+
// have it passed through to the wrapped program, and gain privileges.
199
+
for (char *unsec = UNSECURE_ENVVARS_TUNABLES UNSECURE_ENVVARS; *unsec; unsec = strchr(unsec, 0) + 1) {
200
+
if (debug) {
201
+
fprintf(stderr, "unsetting %s\n", unsec);
202
+
}
203
+
unsetenv(unsec);
204
+
}
205
206
// Read the capabilities set on the wrapper and raise them in to
207
// the ambient set so the program we're wrapping receives the
+2
-2
nixos/modules/security/wrappers/wrapper.nix
+2
-2
nixos/modules/security/wrappers/wrapper.nix
···
1
-
{ stdenv, linuxHeaders, sourceProg, debug ? false }:
2
# For testing:
3
# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { parentWrapperDir = "/run/wrappers"; debug = true; }'
4
stdenv.mkDerivation {
···
16
dontStrip = debug;
17
installPhase = ''
18
mkdir -p $out/bin
19
-
$CC $CFLAGS ${./wrapper.c} -o $out/bin/security-wrapper
20
'';
21
}
···
1
+
{ stdenv, unsecvars, linuxHeaders, sourceProg, debug ? false }:
2
# For testing:
3
# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { parentWrapperDir = "/run/wrappers"; debug = true; }'
4
stdenv.mkDerivation {
···
16
dontStrip = debug;
17
installPhase = ''
18
mkdir -p $out/bin
19
+
$CC $CFLAGS ${./wrapper.c} -I${unsecvars} -o $out/bin/security-wrapper
20
'';
21
}
+3
-1
nixos/modules/services/web-apps/grocy.nix
+3
-1
nixos/modules/services/web-apps/grocy.nix
···
8
options.services.grocy = {
9
enable = mkEnableOption (lib.mdDoc "grocy");
10
11
hostName = mkOption {
12
type = types.str;
13
description = lib.mdDoc ''
···
143
services.nginx = {
144
enable = true;
145
virtualHosts."${cfg.hostName}" = mkMerge [
146
-
{ root = "${pkgs.grocy}/public";
147
locations."/".extraConfig = ''
148
rewrite ^ /index.php;
149
'';
···
8
options.services.grocy = {
9
enable = mkEnableOption (lib.mdDoc "grocy");
10
11
+
package = mkPackageOptionMD pkgs "grocy" { };
12
+
13
hostName = mkOption {
14
type = types.str;
15
description = lib.mdDoc ''
···
145
services.nginx = {
146
enable = true;
147
virtualHosts."${cfg.hostName}" = mkMerge [
148
+
{ root = "${cfg.package}/public";
149
locations."/".extraConfig = ''
150
rewrite ^ /index.php;
151
'';
+3
-4
nixos/modules/services/x11/desktop-managers/gnome.nix
+3
-4
nixos/modules/services/x11/desktop-managers/gnome.nix
···
307
gnome-flashback
308
] ++ map gnome-flashback.mkSystemdTargetForWm flashbackWms;
309
310
-
# gnome-panel needs these for menu applet
311
-
environment.sessionVariables.XDG_DATA_DIRS = [ "${pkgs.gnome.gnome-flashback}/share" ];
312
-
# TODO: switch to sessionVariables (resolve conflict)
313
-
environment.variables.XDG_CONFIG_DIRS = [ "${pkgs.gnome.gnome-flashback}/etc/xdg" ];
314
})
315
316
(mkIf serviceCfg.core-os-services.enable {
+1
-1
nixos/tests/all-tests.nix
+1
-1
nixos/tests/all-tests.nix
···
714
service-runner = handleTest ./service-runner.nix {};
715
sftpgo = runTest ./sftpgo.nix;
716
sfxr-qt = handleTest ./sfxr-qt.nix {};
717
-
sgtpuzzles = handleTest ./sgtpuzzles.nix {};
718
shadow = handleTest ./shadow.nix {};
719
shadowsocks = handleTest ./shadowsocks {};
720
shattered-pixel-dungeon = handleTest ./shattered-pixel-dungeon.nix {};
···
714
service-runner = handleTest ./service-runner.nix {};
715
sftpgo = runTest ./sftpgo.nix;
716
sfxr-qt = handleTest ./sfxr-qt.nix {};
717
+
sgt-puzzles = handleTest ./sgt-puzzles.nix {};
718
shadow = handleTest ./shadow.nix {};
719
shadowsocks = handleTest ./shadowsocks {};
720
shattered-pixel-dungeon = handleTest ./shattered-pixel-dungeon.nix {};
+4
-3
nixos/tests/gnome-flashback.nix
+4
-3
nixos/tests/gnome-flashback.nix
···
49
assert "alice" in machine.succeed("getfacl -p /dev/snd/timer")
50
51
with subtest("Wait for Metacity"):
52
+
machine.wait_until_succeeds("pgrep metacity")
53
+
54
+
with subtest("Regression test for #233920"):
55
+
machine.wait_until_succeeds("pgrep -fa gnome-flashback-media-keys")
56
machine.sleep(20)
57
machine.screenshot("screen")
58
'';
+2
-2
nixos/tests/sgtpuzzles.nix
nixos/tests/sgt-puzzles.nix
+2
-2
nixos/tests/sgtpuzzles.nix
nixos/tests/sgt-puzzles.nix
+4
-4
pkgs/applications/networking/cluster/terraform/default.nix
+4
-4
pkgs/applications/networking/cluster/terraform/default.nix
···
53
"Tool for building, changing, and versioning infrastructure";
54
homepage = "https://www.terraform.io/";
55
changelog = "https://github.com/hashicorp/terraform/blob/v${version}/CHANGELOG.md";
56
-
license = licenses.mpl20;
57
maintainers = with maintainers; [
58
Chili-Man
59
babariviere
···
167
mkTerraform = attrs: pluggable (generic attrs);
168
169
terraform_1 = mkTerraform {
170
-
version = "1.5.7";
171
-
hash = "sha256-pIhwJfa71/gW7lw/KRFBO4Q5Z5YMcTt3r9kD25k8cqM=";
172
-
vendorHash = "sha256-lQgWNMBf+ioNxzAV7tnTQSIS840XdI9fg9duuwoK+U4=";
173
patches = [ ./provider-path-0_15.patch ];
174
passthru = {
175
inherit plugins;
···
53
"Tool for building, changing, and versioning infrastructure";
54
homepage = "https://www.terraform.io/";
55
changelog = "https://github.com/hashicorp/terraform/blob/v${version}/CHANGELOG.md";
56
+
license = licenses.bsl11;
57
maintainers = with maintainers; [
58
Chili-Man
59
babariviere
···
167
mkTerraform = attrs: pluggable (generic attrs);
168
169
terraform_1 = mkTerraform {
170
+
version = "1.6.0";
171
+
hash = "sha256-R1phgtGn9hyNqa0wR1zY9uThTJSIj7TuK5ekXx48QP0=";
172
+
vendorHash = "sha256-V7S+IzHfBhIHo0xCvHJ75gOmvVbJd2k8XBdvLG1dcsc=";
173
patches = [ ./provider-path-0_15.patch ];
174
passthru = {
175
inherit plugins;
+3
-3
pkgs/applications/terminal-emulators/kitty/default.nix
+3
-3
pkgs/applications/terminal-emulators/kitty/default.nix
···
29
with python3Packages;
30
buildPythonApplication rec {
31
pname = "kitty";
32
-
version = "0.30.0";
33
format = "other";
34
35
src = fetchFromGitHub {
36
owner = "kovidgoyal";
37
repo = "kitty";
38
rev = "refs/tags/v${version}";
39
-
hash = "sha256-M6qFkeUp2rBudO2PiLN2VSrmut68c9mjjUr07WEX9VY=";
40
};
41
42
goModules = (buildGoModule {
43
pname = "kitty-go-modules";
44
inherit src version;
45
-
vendorHash = "sha256-53Y2S/P2fWT9STZFTdlkESxHNpoAggifZJ0+WXCzbkU=";
46
}).goModules;
47
48
buildInputs = [
···
29
with python3Packages;
30
buildPythonApplication rec {
31
pname = "kitty";
32
+
version = "0.30.1";
33
format = "other";
34
35
src = fetchFromGitHub {
36
owner = "kovidgoyal";
37
repo = "kitty";
38
rev = "refs/tags/v${version}";
39
+
hash = "sha256-zjXwiRo6Jw3K0iDf05f04MCtg1qKABah7x07CwvW0/0=";
40
};
41
42
goModules = (buildGoModule {
43
pname = "kitty-go-modules";
44
inherit src version;
45
+
vendorHash = "sha256-KDqzcJbI2f91wlrjVWgUmut4nhXA/rO9q5q3FaDWnfc=";
46
}).goModules;
47
48
buildInputs = [
+3
-3
pkgs/applications/version-management/gitoxide/default.nix
+3
-3
pkgs/applications/version-management/gitoxide/default.nix
···
13
14
rustPlatform.buildRustPackage rec {
15
pname = "gitoxide";
16
-
version = "0.29.0";
17
18
src = fetchFromGitHub {
19
owner = "Byron";
20
repo = "gitoxide";
21
rev = "v${version}";
22
-
hash = "sha256-Ry5QvOoj4iSQZr1O+Y6qSHzhmm77nbkLjCcdPOhxR18=";
23
};
24
25
-
cargoHash = "sha256-WZctsAxGojrGufF8CwUiw1xWzn9qVZUphDE3KmGTGy4=";
26
27
nativeBuildInputs = [ cmake pkg-config ];
28
···
13
14
rustPlatform.buildRustPackage rec {
15
pname = "gitoxide";
16
+
version = "0.30.0";
17
18
src = fetchFromGitHub {
19
owner = "Byron";
20
repo = "gitoxide";
21
rev = "v${version}";
22
+
hash = "sha256-VJZwNLFePUNIRHEyiEr1tiLaB2tuL6Ah81LNuM/1H14=";
23
};
24
25
+
cargoHash = "sha256-vEp0wLxmmmv33oRO7eOxOoOsV87/7DQ8db5RUfqUb88=";
26
27
nativeBuildInputs = [ cmake pkg-config ];
28
+2
-2
pkgs/development/embedded/wch-isp/default.nix
+2
-2
pkgs/development/embedded/wch-isp/default.nix
+2
pkgs/development/libraries/libsmi/default.nix
+2
pkgs/development/libraries/libsmi/default.nix
+4
-4
pkgs/development/python-modules/alexapy/default.nix
+4
-4
pkgs/development/python-modules/alexapy/default.nix
···
19
20
buildPythonPackage rec {
21
pname = "alexapy";
22
-
version = "1.27.1";
23
-
format = "pyproject";
24
25
disabled = pythonOlder "3.10";
26
···
28
owner = "keatontaylor";
29
repo = "alexapy";
30
rev = "refs/tags/v${version}";
31
-
hash = "sha256-pMTVZ2iE/a1yNsWhmxkIQFkl18x06ZLjslj8hjKVBEA=";
32
};
33
34
pythonRelaxDeps = [
···
64
meta = with lib; {
65
description = "Python Package for controlling Alexa devices (echo dot, etc) programmatically";
66
homepage = "https://gitlab.com/keatontaylor/alexapy";
67
-
changelog = "https://gitlab.com/keatontaylor/alexapy/-/blob/${src.rev}/CHANGELOG.md";
68
license = licenses.asl20;
69
maintainers = with maintainers; [ fab ];
70
};
···
19
20
buildPythonPackage rec {
21
pname = "alexapy";
22
+
version = "1.27.4";
23
+
pyproject = true;
24
25
disabled = pythonOlder "3.10";
26
···
28
owner = "keatontaylor";
29
repo = "alexapy";
30
rev = "refs/tags/v${version}";
31
+
hash = "sha256-Z7h6VX4cwcepo0Kxq9GdHv+XFNg/0s/OhJ/iHubhovs=";
32
};
33
34
pythonRelaxDeps = [
···
64
meta = with lib; {
65
description = "Python Package for controlling Alexa devices (echo dot, etc) programmatically";
66
homepage = "https://gitlab.com/keatontaylor/alexapy";
67
+
changelog = "https://gitlab.com/keatontaylor/alexapy/-/blob/v${version}/CHANGELOG.md";
68
license = licenses.asl20;
69
maintainers = with maintainers; [ fab ];
70
};
+7
-12
pkgs/development/python-modules/astropy/default.nix
+7
-12
pkgs/development/python-modules/astropy/default.nix
···
26
27
buildPythonPackage rec {
28
pname = "astropy";
29
-
version = "5.3.3";
30
format = "pyproject";
31
32
disabled = pythonOlder "3.8"; # according to setup.cfg
33
34
src = fetchPypi {
35
inherit pname version;
36
-
hash = "sha256-AzDfn116IlQ2fpuM9EJVuhBwsGEjGIxqcu3BgEk/k7s=";
37
};
38
-
patches = [
39
-
# Fixes running tests in parallel issue
40
-
# https://github.com/astropy/astropy/issues/15316. Fix from
41
-
# https://github.com/astropy/astropy/pull/15327
42
-
(fetchpatch {
43
-
url = "https://github.com/astropy/astropy/commit/1042c0fb06a992f683bdc1eea2beda0b846ed356.patch";
44
-
hash = "sha256-bApAcGBRrJ94thhByoYvdqw2e6v77+FmTfgmGcE6MMk=";
45
-
})
46
-
];
47
-
48
# Relax cython dependency to allow this to build, upstream only doesn't
49
# support cython 3 as of writing. See:
50
# https://github.com/astropy/astropy/issues/15315
···
84
'';
85
pythonImportsCheck = [
86
"astropy"
87
];
88
89
meta = {
···
26
27
buildPythonPackage rec {
28
pname = "astropy";
29
+
version = "5.3.4";
30
format = "pyproject";
31
32
disabled = pythonOlder "3.8"; # according to setup.cfg
33
34
src = fetchPypi {
35
inherit pname version;
36
+
hash = "sha256-1JD34vqsLMwBySRCAtYpFUJZr4qXkQTO2J3ErOTm8dg=";
37
};
38
# Relax cython dependency to allow this to build, upstream only doesn't
39
# support cython 3 as of writing. See:
40
# https://github.com/astropy/astropy/issues/15315
···
74
'';
75
pythonImportsCheck = [
76
"astropy"
77
+
];
78
+
disabledTests = [
79
+
# May fail due to parallelism, see:
80
+
# https://github.com/astropy/astropy/issues/15441
81
+
"TestUnifiedOutputRegistry"
82
];
83
84
meta = {
+2
-2
pkgs/development/python-modules/camel-converter/default.nix
+2
-2
pkgs/development/python-modules/camel-converter/default.nix
···
9
10
buildPythonPackage rec {
11
pname = "camel-converter";
12
-
version = "3.0.2";
13
format = "pyproject";
14
15
disabled = pythonOlder "3.8";
···
18
owner = "sanders41";
19
repo = pname;
20
rev = "refs/tags/v${version}";
21
-
hash = "sha256-XKtWR9dmSMfqkJYUHDQtWBLG3CHrbrI5lNtPUTShmBE=";
22
};
23
24
postPatch = ''
···
9
10
buildPythonPackage rec {
11
pname = "camel-converter";
12
+
version = "3.0.3";
13
format = "pyproject";
14
15
disabled = pythonOlder "3.8";
···
18
owner = "sanders41";
19
repo = pname;
20
rev = "refs/tags/v${version}";
21
+
hash = "sha256-0sNb1zg8cnDjQQnStfe1k8uB1GpmNtd/VwqSqTcLmj0=";
22
};
23
24
postPatch = ''
+3
-2
pkgs/development/python-modules/django-reversion/default.nix
+3
-2
pkgs/development/python-modules/django-reversion/default.nix
···
7
8
buildPythonPackage rec {
9
pname = "django-reversion";
10
-
version = "5.0.5";
11
format = "setuptools";
12
13
disabled = pythonOlder "3.7";
14
15
src = fetchPypi {
16
inherit pname version;
17
-
hash = "sha256-JTxpGwpOC+He7Atiw4yfu3W25aj9gdO1iib0YTWXAQY=";
18
};
19
20
propagatedBuildInputs = [
···
31
meta = with lib; {
32
description = "An extension to the Django web framework that provides comprehensive version control facilities";
33
homepage = "https://github.com/etianen/django-reversion";
34
license = licenses.bsd3;
35
maintainers = with maintainers; [ ];
36
};
···
7
8
buildPythonPackage rec {
9
pname = "django-reversion";
10
+
version = "5.0.6";
11
format = "setuptools";
12
13
disabled = pythonOlder "3.7";
14
15
src = fetchPypi {
16
inherit pname version;
17
+
hash = "sha256-buJalwcN2hTz4IK4uZm/vstKnwgv8fhR40TQVqGMk0w=";
18
};
19
20
propagatedBuildInputs = [
···
31
meta = with lib; {
32
description = "An extension to the Django web framework that provides comprehensive version control facilities";
33
homepage = "https://github.com/etianen/django-reversion";
34
+
changelog = "https://github.com/etianen/django-reversion/blob/v${version}/CHANGELOG.rst";
35
license = licenses.bsd3;
36
maintainers = with maintainers; [ ];
37
};
+60
pkgs/development/python-modules/esig/default.nix
+60
pkgs/development/python-modules/esig/default.nix
···
···
1
+
{ lib
2
+
, buildPythonPackage
3
+
, fetchPypi
4
+
, cmake
5
+
, ninja
6
+
, oldest-supported-numpy
7
+
, scikit-build
8
+
, setuptools
9
+
, numpy
10
+
, iisignature
11
+
, boost
12
+
}:
13
+
14
+
buildPythonPackage rec {
15
+
pname = "esig";
16
+
version = "0.9.8.3";
17
+
pyproject = true;
18
+
19
+
src = fetchPypi {
20
+
inherit pname version;
21
+
hash = "sha256-BGZaJSrpNSwZMHBYFDmDVPZOtgam/EVyh5Y5FAB8e1o=";
22
+
};
23
+
24
+
buildInputs = [
25
+
boost
26
+
];
27
+
28
+
dontUseCmakeConfigure = true;
29
+
30
+
nativeBuildInputs = [
31
+
cmake
32
+
ninja
33
+
oldest-supported-numpy
34
+
scikit-build
35
+
setuptools
36
+
];
37
+
38
+
propagatedBuildInputs = [
39
+
numpy
40
+
];
41
+
42
+
passthru.optional-dependencies = {
43
+
iisignature = [
44
+
iisignature
45
+
];
46
+
};
47
+
48
+
# PyPI tarball has no tests
49
+
doCheck = false;
50
+
51
+
pythonImportsCheck = [ "esig" ];
52
+
53
+
meta = with lib; {
54
+
description = "This package provides \"rough path\" tools for analysing vector time series";
55
+
homepage = "https://github.com/datasig-ac-uk/esig";
56
+
changelog = "https://github.com/datasig-ac-uk/esig/blob/release/CHANGELOG";
57
+
license = licenses.gpl3Only;
58
+
maintainers = with maintainers; [ mbalatsko ];
59
+
};
60
+
}
+2
-2
pkgs/development/python-modules/garth/default.nix
+2
-2
pkgs/development/python-modules/garth/default.nix
+2
-2
pkgs/development/python-modules/google-cloud-container/default.nix
+2
-2
pkgs/development/python-modules/google-cloud-container/default.nix
···
13
14
buildPythonPackage rec {
15
pname = "google-cloud-container";
16
-
version = "2.31.0";
17
format = "setuptools";
18
19
disabled = pythonOlder "3.7";
20
21
src = fetchPypi {
22
inherit pname version;
23
-
hash = "sha256-PGrG29a5tq41hn8zzJWdAy4Dju1O5ZPYhZ+CcsBraAY=";
24
};
25
26
propagatedBuildInputs = [
···
13
14
buildPythonPackage rec {
15
pname = "google-cloud-container";
16
+
version = "2.32.0";
17
format = "setuptools";
18
19
disabled = pythonOlder "3.7";
20
21
src = fetchPypi {
22
inherit pname version;
23
+
hash = "sha256-aU+42neWNlPhxw+mCSi0oR+vjh8VgKOQJQU6PhvM5t4=";
24
};
25
26
propagatedBuildInputs = [
+39
pkgs/development/python-modules/iisignature/default.nix
+39
pkgs/development/python-modules/iisignature/default.nix
···
···
1
+
{ lib
2
+
, buildPythonPackage
3
+
, fetchPypi
4
+
, setuptools
5
+
, wheel
6
+
, numpy
7
+
}:
8
+
9
+
buildPythonPackage rec {
10
+
pname = "iisignature";
11
+
version = "0.24";
12
+
pyproject = true;
13
+
14
+
src = fetchPypi {
15
+
inherit pname version;
16
+
hash = "sha256-C5MUxui4BIf68yMZH7NZhq1CJuhrDGfPCjspObaVucY=";
17
+
};
18
+
19
+
nativeBuildInputs = [
20
+
setuptools
21
+
wheel
22
+
];
23
+
24
+
propagatedBuildInputs = [
25
+
numpy
26
+
];
27
+
28
+
# PyPI tarball has no tests
29
+
doCheck = false;
30
+
31
+
pythonImportsCheck = [ "iisignature" ];
32
+
33
+
meta = with lib; {
34
+
description = "Iterated integral signature calculations";
35
+
homepage = "https://pypi.org/project/iisignature";
36
+
license = licenses.mit;
37
+
maintainers = with maintainers; [ mbalatsko ];
38
+
};
39
+
}
+2
-2
pkgs/development/python-modules/junos-eznc/default.nix
+2
-2
pkgs/development/python-modules/junos-eznc/default.nix
···
22
23
buildPythonPackage rec {
24
pname = "junos-eznc";
25
-
version = "2.6.7";
26
format = "setuptools";
27
28
disabled = pythonOlder "3.7";
···
31
owner = "Juniper";
32
repo = "py-junos-eznc";
33
rev = "refs/tags/${version}";
34
-
hash = "sha256-+hGybznip5RpJm89MLg9JO4B/y50OIdgtmV2FIpZShU=";
35
};
36
37
postPatch = ''
···
22
23
buildPythonPackage rec {
24
pname = "junos-eznc";
25
+
version = "2.6.8";
26
format = "setuptools";
27
28
disabled = pythonOlder "3.7";
···
31
owner = "Juniper";
32
repo = "py-junos-eznc";
33
rev = "refs/tags/${version}";
34
+
hash = "sha256-5xZjuU2U3BodAMQiWZIJ27AZiAwoMm4yJ4qr3DjMd9o=";
35
};
36
37
postPatch = ''
+2
-2
pkgs/development/python-modules/magic-filter/default.nix
+2
-2
pkgs/development/python-modules/magic-filter/default.nix
···
8
9
buildPythonPackage rec {
10
pname = "magic-filter";
11
-
version = "1.0.11";
12
format = "pyproject";
13
14
disabled = pythonOlder "3.7";
···
17
owner = "aiogram";
18
repo = "magic-filter";
19
rev = "refs/tags/v${version}";
20
-
hash = "sha256-mfSq47UWOLyEDkAsdHsJuVl/rJ4KgiGPpDL7qSKEfws=";
21
};
22
23
nativeBuildInputs = [
···
8
9
buildPythonPackage rec {
10
pname = "magic-filter";
11
+
version = "1.0.12";
12
format = "pyproject";
13
14
disabled = pythonOlder "3.7";
···
17
owner = "aiogram";
18
repo = "magic-filter";
19
rev = "refs/tags/v${version}";
20
+
hash = "sha256-MSYIZ/bzngRu6mG3EGblUotSCA+6bi+l3EymFA8NRZA=";
21
};
22
23
nativeBuildInputs = [
+11
-4
pkgs/development/python-modules/numpyro/default.nix
+11
-4
pkgs/development/python-modules/numpyro/default.nix
···
9
, tqdm
10
, funsor
11
, pytestCheckHook
12
-
, tensorflow-probability
13
}:
14
15
buildPythonPackage rec {
16
pname = "numpyro";
17
-
version = "0.13.0";
18
format = "setuptools";
19
20
disabled = pythonOlder "3.9";
21
22
src = fetchPypi {
23
inherit version pname;
24
-
hash = "sha256-n+5K6fZlatKkXGVxzKcVhmP5XNuJeeM+GcCJ1Kh/WMk=";
25
};
26
27
propagatedBuildInputs = [
···
35
nativeCheckInputs = [
36
funsor
37
pytestCheckHook
38
-
tensorflow-probability
39
];
40
41
pythonImportsCheck = [
···
60
"test_zero_inflated_logits_probs_agree"
61
# NameError: unbound axis name: _provenance
62
"test_model_transformation"
63
];
64
65
meta = with lib; {
···
9
, tqdm
10
, funsor
11
, pytestCheckHook
12
+
# TODO: uncomment when tensorflow-probability gets fixed.
13
+
# , tensorflow-probability
14
}:
15
16
buildPythonPackage rec {
17
pname = "numpyro";
18
+
version = "0.13.2";
19
format = "setuptools";
20
21
disabled = pythonOlder "3.9";
22
23
src = fetchPypi {
24
inherit version pname;
25
+
hash = "sha256-Um8LFVGAlMeOaN9uMwycHJzqEnTaxp8FYXIk+m2VTug=";
26
};
27
28
propagatedBuildInputs = [
···
36
nativeCheckInputs = [
37
funsor
38
pytestCheckHook
39
+
# TODO: uncomment when tensorflow-probability gets fixed.
40
+
# tensorflow-probability
41
];
42
43
pythonImportsCheck = [
···
62
"test_zero_inflated_logits_probs_agree"
63
# NameError: unbound axis name: _provenance
64
"test_model_transformation"
65
+
];
66
+
67
+
# TODO: remove when tensorflow-probability gets fixed.
68
+
disabledTestPaths = [
69
+
"test/test_distributions.py"
70
];
71
72
meta = with lib; {
+2
-2
pkgs/development/python-modules/parver/default.nix
+2
-2
pkgs/development/python-modules/parver/default.nix
+2
-2
pkgs/development/python-modules/pyfibaro/default.nix
+2
-2
pkgs/development/python-modules/pyfibaro/default.nix
···
11
12
buildPythonPackage rec {
13
pname = "pyfibaro";
14
-
version = "0.7.4";
15
format = "pyproject";
16
17
disabled = pythonOlder "3.9";
···
20
owner = "rappenze";
21
repo = pname;
22
rev = "refs/tags/${version}";
23
-
hash = "sha256-Z+JWwu40ober/9RNG9DLqlOlQyPwlAO3LhLnpr+4dL8=";
24
};
25
26
nativeBuildInputs = [
···
11
12
buildPythonPackage rec {
13
pname = "pyfibaro";
14
+
version = "0.7.5";
15
format = "pyproject";
16
17
disabled = pythonOlder "3.9";
···
20
owner = "rappenze";
21
repo = pname;
22
rev = "refs/tags/${version}";
23
+
hash = "sha256-hllYxPPbLu3dpjHwXfIvTMW0LWtcglTVfN7youZaXTw=";
24
};
25
26
nativeBuildInputs = [
+2
-1
pkgs/development/python-modules/qcelemental/default.nix
+2
-1
pkgs/development/python-modules/qcelemental/default.nix
+14
-4
pkgs/development/python-modules/textdistance/default.nix
+14
-4
pkgs/development/python-modules/textdistance/default.nix
···
1
-
{ lib, buildPythonPackage, fetchPypi }:
2
3
buildPythonPackage rec {
4
pname = "textdistance";
5
-
version = "4.5.0";
6
7
src = fetchPypi {
8
inherit pname version;
9
-
hash = "sha256-Nk1D9PZjV0JmLj5s9TcqhoWUFshKPJsu+dZtRPWkOFw=";
10
};
11
12
# There aren't tests
13
doCheck = false;
14
15
-
pythonImportsCheck = [ "textdistance" ];
16
17
meta = with lib; {
18
description = "Python library for comparing distance between two or more sequences";
19
homepage = "https://github.com/life4/textdistance";
20
license = licenses.mit;
21
maintainers = with maintainers; [ ];
22
};
···
1
+
{ lib
2
+
, buildPythonPackage
3
+
, fetchPypi
4
+
, pythonOlder
5
+
}:
6
7
buildPythonPackage rec {
8
pname = "textdistance";
9
+
version = "4.6.0";
10
+
format = "setuptools";
11
+
12
+
disabled = pythonOlder "3.7";
13
14
src = fetchPypi {
15
inherit pname version;
16
+
hash = "sha256-cyxQMVzU7pRjg4ZDzxnWkiEwLDYDHqpgcMMMwKpdqMo=";
17
};
18
19
# There aren't tests
20
doCheck = false;
21
22
+
pythonImportsCheck = [
23
+
"textdistance"
24
+
];
25
26
meta = with lib; {
27
description = "Python library for comparing distance between two or more sequences";
28
homepage = "https://github.com/life4/textdistance";
29
+
changelog = "https://github.com/life4/textdistance/releases/tag/${version}";
30
license = licenses.mit;
31
maintainers = with maintainers; [ ];
32
};
+2
-2
pkgs/development/python-modules/whodap/default.nix
+2
-2
pkgs/development/python-modules/whodap/default.nix
···
9
10
buildPythonPackage rec {
11
pname = "whodap";
12
-
version = "0.1.9";
13
format = "setuptools";
14
15
disabled = pythonOlder "3.8";
···
18
owner = "pogzyb";
19
repo = pname;
20
rev = "refs/tags/v${version}";
21
-
hash = "sha256-0Wxx33AO9g4ACAUwkFkLo2AemK7PxXvZXWgHpu+E96c=";
22
};
23
24
propagatedBuildInputs = [
···
9
10
buildPythonPackage rec {
11
pname = "whodap";
12
+
version = "0.1.10";
13
format = "setuptools";
14
15
disabled = pythonOlder "3.8";
···
18
owner = "pogzyb";
19
repo = pname;
20
rev = "refs/tags/v${version}";
21
+
hash = "sha256-5XDTl8NPrYWs7gPTJRDVCiZN3cWQ53/ojhJivBPHUL0=";
22
};
23
24
propagatedBuildInputs = [
+2
-2
pkgs/development/tools/analysis/checkov/default.nix
+2
-2
pkgs/development/tools/analysis/checkov/default.nix
···
22
23
buildPythonApplication rec {
24
pname = "checkov";
25
-
version = "2.5.4";
26
format = "setuptools";
27
28
src = fetchFromGitHub {
29
owner = "bridgecrewio";
30
repo = pname;
31
rev = "refs/tags/${version}";
32
-
hash = "sha256-Rp1Q486vbgZmWcxQNy1esRYl0HRWQonicNP0bYdqPtc=";
33
};
34
35
patches = [
···
22
23
buildPythonApplication rec {
24
pname = "checkov";
25
+
version = "2.5.6";
26
format = "setuptools";
27
28
src = fetchFromGitHub {
29
owner = "bridgecrewio";
30
repo = pname;
31
rev = "refs/tags/${version}";
32
+
hash = "sha256-X+JEhoFKT+nxgxABojC8jZiGp8bubJWi0qWNfU9kwDc=";
33
};
34
35
patches = [
+3
-3
pkgs/development/tools/memray/default.nix
+3
-3
pkgs/development/tools/memray/default.nix
···
8
9
python3.pkgs.buildPythonApplication rec {
10
pname = "memray";
11
-
version = "1.9.1";
12
format = "setuptools";
13
14
src = fetchFromGitHub {
15
owner = "bloomberg";
16
repo = pname;
17
-
rev = "refs/tags/v${version}";
18
hash = "sha256-DaJ1Hhg7q4ckA5feUx0twOsmy28v5aBBCTUAkn43xAo=";
19
};
20
···
66
license = licenses.asl20;
67
maintainers = with maintainers; [ fab ];
68
platforms = platforms.linux;
69
-
changelog = "https://github.com/bloomberg/memray/releases/tag/v${version}";
70
};
71
}
···
8
9
python3.pkgs.buildPythonApplication rec {
10
pname = "memray";
11
+
version = "1.10.0";
12
format = "setuptools";
13
14
src = fetchFromGitHub {
15
owner = "bloomberg";
16
repo = pname;
17
+
rev = "refs/tags/${version}";
18
hash = "sha256-DaJ1Hhg7q4ckA5feUx0twOsmy28v5aBBCTUAkn43xAo=";
19
};
20
···
66
license = licenses.asl20;
67
maintainers = with maintainers; [ fab ];
68
platforms = platforms.linux;
69
+
changelog = "https://github.com/bloomberg/memray/releases/tag/${version}";
70
};
71
}
+3
-3
pkgs/games/sgt-puzzles/default.nix
+3
-3
pkgs/games/sgt-puzzles/default.nix
···
60
'';
61
62
passthru = {
63
-
tests.sgtpuzzles = nixosTests.sgtpuzzles;
64
-
updateScript = writeScript "update-sgtpuzzles" ''
65
#!/usr/bin/env nix-shell
66
#!nix-shell -i bash -p curl pcre common-updater-scripts
67
68
set -eu -o pipefail
69
70
version="$(curl -sI 'https://www.chiark.greenend.org.uk/~sgtatham/puzzles/puzzles.tar.gz' | grep -Fi Location: | pcregrep -o1 'puzzles-([0-9a-f.]*).tar.gz')"
71
-
update-source-version sgtpuzzles "$version"
72
'';
73
};
74
···
60
'';
61
62
passthru = {
63
+
tests.sgt-puzzles = nixosTests.sgt-puzzles;
64
+
updateScript = writeScript "update-sgt-puzzles" ''
65
#!/usr/bin/env nix-shell
66
#!nix-shell -i bash -p curl pcre common-updater-scripts
67
68
set -eu -o pipefail
69
70
version="$(curl -sI 'https://www.chiark.greenend.org.uk/~sgtatham/puzzles/puzzles.tar.gz' | grep -Fi Location: | pcregrep -o1 'puzzles-([0-9a-f.]*).tar.gz')"
71
+
update-source-version sgt-puzzles "$version"
72
'';
73
};
74
+1
-1
pkgs/os-specific/linux/dpdk/default.nix
+1
-1
pkgs/os-specific/linux/dpdk/default.nix
···
68
]
69
# kni kernel driver is currently not compatble with 5.11
70
++ lib.optional (mod && kernel.kernelOlder "5.11") "-Ddisable_drivers=kni"
71
-
++ lib.optional (!shared) "-Ddefault_library=static"
72
++ lib.optional (machine != null) "-Dmachine=${machine}"
73
++ lib.optional mod "-Dkernel_dir=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
74
++ lib.optional (withExamples != []) "-Dexamples=${builtins.concatStringsSep "," withExamples}";
···
68
]
69
# kni kernel driver is currently not compatble with 5.11
70
++ lib.optional (mod && kernel.kernelOlder "5.11") "-Ddisable_drivers=kni"
71
+
++ [(if shared then "-Ddefault_library=shared" else "-Ddefault_library=static")]
72
++ lib.optional (machine != null) "-Dmachine=${machine}"
73
++ lib.optional mod "-Dkernel_dir=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
74
++ lib.optional (withExamples != []) "-Dexamples=${builtins.concatStringsSep "," withExamples}";
+2
-2
pkgs/os-specific/linux/libpsm2/default.nix
+2
-2
pkgs/os-specific/linux/libpsm2/default.nix
···
2
3
stdenv.mkDerivation rec {
4
pname = "libpsm2";
5
-
version = "11.2.230";
6
7
preConfigure= ''
8
export UDEVDIR=$out/etc/udev
···
30
owner = "intel";
31
repo = "opa-psm2";
32
rev = "PSM2_${version}";
33
-
sha256 = "sha256-dMfGq067TqstGAWNSZZaZCwvChTyPUsvaPVjFGGzp64=";
34
};
35
36
postInstall = ''
···
2
3
stdenv.mkDerivation rec {
4
pname = "libpsm2";
5
+
version = "12.0.1";
6
7
preConfigure= ''
8
export UDEVDIR=$out/etc/udev
···
30
owner = "intel";
31
repo = "opa-psm2";
32
rev = "PSM2_${version}";
33
+
sha256 = "sha256-MzocxY+X2a5rJvTo+gFU0U10YzzazR1IxzgEporJyhI=";
34
};
35
36
postInstall = ''
+2
-2
pkgs/servers/http/nginx/modules.nix
+2
-2
pkgs/servers/http/nginx/modules.nix
+6
-3
pkgs/top-level/all-packages.nix
+6
-3
pkgs/top-level/all-packages.nix
···
38478
38479
sfrotz = callPackage ../games/sfrotz { };
38480
38481
-
sgtpuzzles = callPackage ../games/sgt-puzzles { };
38482
38483
-
sgtpuzzles-mobile = callPackage ../games/sgt-puzzles {
38484
isMobile = true;
38485
};
38486
38487
shattered-pixel-dungeon = callPackage ../games/shattered-pixel-dungeon { };
38488
···
41330
41331
termpdfpy = python3Packages.callPackage ../applications/misc/termpdf.py { };
41332
41333
-
inherit (callPackage ../applications/networking/cluster/terraform { })
41334
mkTerraform
41335
terraform_1
41336
terraform_plugins_test
···
38478
38479
sfrotz = callPackage ../games/sfrotz { };
38480
38481
+
sgt-puzzles = callPackage ../games/sgt-puzzles { };
38482
38483
+
sgt-puzzles-mobile = callPackage ../games/sgt-puzzles {
38484
isMobile = true;
38485
};
38486
+
38487
+
sgtpuzzles = throw "sgtpuzzles has been renamed to sgt-puzzles."; # 2023-10-06
38488
+
sgtpuzzles-mobile = throw "sgtpuzzles-mobile has been renamed to sgt-puzzles-mobile."; # 2023-10-06
38489
38490
shattered-pixel-dungeon = callPackage ../games/shattered-pixel-dungeon { };
38491
···
41333
41334
termpdfpy = python3Packages.callPackage ../applications/misc/termpdf.py { };
41335
41336
+
inherit (callPackage ../applications/networking/cluster/terraform { buildGoModule = buildGo121Module; })
41337
mkTerraform
41338
terraform_1
41339
terraform_plugins_test
+4
pkgs/top-level/python-packages.nix
+4
pkgs/top-level/python-packages.nix
···
3555
3556
es-client = callPackage ../development/python-modules/es-client { };
3557
3558
espeak-phonemizer = callPackage ../development/python-modules/espeak-phonemizer { };
3559
3560
esphome-dashboard-api = callPackage ../development/python-modules/esphome-dashboard-api { };
···
5209
igraph = callPackage ../development/python-modules/igraph {
5210
inherit (pkgs) igraph;
5211
};
5212
5213
ijson = callPackage ../development/python-modules/ijson { };
5214
···
3555
3556
es-client = callPackage ../development/python-modules/es-client { };
3557
3558
+
esig = callPackage ../development/python-modules/esig { };
3559
+
3560
espeak-phonemizer = callPackage ../development/python-modules/espeak-phonemizer { };
3561
3562
esphome-dashboard-api = callPackage ../development/python-modules/esphome-dashboard-api { };
···
5211
igraph = callPackage ../development/python-modules/igraph {
5212
inherit (pkgs) igraph;
5213
};
5214
+
5215
+
iisignature = callPackage ../development/python-modules/iisignature { };
5216
5217
ijson = callPackage ../development/python-modules/ijson { };
5218