Merge master into staging-next · pyrox.dev/nixpkgs@f514993

+3 -3

nixos/modules/config/update-users-groups.pl

··· 223 223 } 224 224 225 225 # Ensure home directory incl. ownership and permissions. 226 - if ($u->{createHome}) { 227 - make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry; 226 + if ($u->{createHome} and !$is_dry) { 227 + make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home}; 228 228 chown $u->{uid}, $u->{gid}, $u->{home}; 229 - chmod 0700, $u->{home}; 229 + chmod oct($u->{homeMode}), $u->{home}; 230 230 } 231 231 232 232 if (defined $u->{passwordFile}) {

+9 -2

nixos/modules/config/users-groups.nix

··· 48 48 services such as SSH, or indirectly via <command>su</command> or 49 49 <command>sudo</command>). This should only be used for e.g. bootable 50 50 live systems. Note: this is different from setting an empty password, 51 - which ca be achieved using <option>users.users.<name?>.password</option>. 51 + which can be achieved using <option>users.users.<name?>.password</option>. 52 52 53 53 If set to <literal>null</literal> (default) this user will not 54 54 be able to log in using a password (i.e. via <command>login</command> ··· 139 139 description = "The user's home directory."; 140 140 }; 141 141 142 + homeMode = mkOption { 143 + type = types.strMatching "[0-7]{1,5}"; 144 + default = "700"; 145 + description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if <option>users.users.<name>.createHome</option> is true."; 146 + }; 147 + 142 148 cryptHomeLuks = mkOption { 143 149 type = with types; nullOr str; 144 150 default = null; ··· 319 325 group = mkDefault "users"; 320 326 createHome = mkDefault true; 321 327 home = mkDefault "/home/${config.name}"; 328 + homeMode = mkDefault "700"; 322 329 useDefaultShell = mkDefault true; 323 330 isSystemUser = mkDefault false; 324 331 }) ··· 430 437 inherit (cfg) mutableUsers; 431 438 users = mapAttrsToList (_: u: 432 439 { inherit (u) 433 - name uid group description home createHome isSystemUser 440 + name uid group description home homeMode createHome isSystemUser 434 441 password passwordFile hashedPassword 435 442 autoSubUidGidRange subUidRanges subGidRanges 436 443 initialPassword initialHashedPassword;

+6 -4

nixos/modules/services/networking/mosquitto.nix

··· 199 199 allow_anonymous = 1; 200 200 allow_zero_length_clientid = 1; 201 201 auto_id_prefix = 1; 202 + bind_interface = 1; 202 203 cafile = 1; 203 204 capath = 1; 204 205 certfile = 1; ··· 295 296 }; 296 297 297 298 listenerAsserts = prefix: listener: 298 - assertKeysValid prefix freeformListenerKeys listener.settings 299 + assertKeysValid "${prefix}.settings" freeformListenerKeys listener.settings 299 300 ++ userAsserts prefix listener.users 300 301 ++ imap0 301 302 (i: v: authAsserts "${prefix}.authPlugins.${toString i}" v) ··· 397 398 }; 398 399 399 400 bridgeAsserts = prefix: bridge: 400 - assertKeysValid prefix freeformBridgeKeys bridge.settings 401 + assertKeysValid "${prefix}.settings" freeformBridgeKeys bridge.settings 401 402 ++ [ { 402 403 assertion = length bridge.addresses > 0; 403 404 message = "Bridge ${prefix} needs remote broker addresses"; ··· 526 527 527 528 globalAsserts = prefix: cfg: 528 529 flatten [ 529 - (assertKeysValid prefix freeformGlobalKeys cfg.settings) 530 + (assertKeysValid "${prefix}.settings" freeformGlobalKeys cfg.settings) 530 531 (imap0 (n: l: listenerAsserts "${prefix}.listener.${toString n}" l) cfg.listeners) 531 532 (mapAttrsToList (n: b: bridgeAsserts "${prefix}.bridge.${n}" b) cfg.bridges) 532 533 ]; ··· 629 630 ])); 630 631 RemoveIPC = true; 631 632 RestrictAddressFamilies = [ 632 - "AF_UNIX" # for sd_notify() call 633 + "AF_UNIX" 633 634 "AF_INET" 634 635 "AF_INET6" 636 + "AF_NETLINK" 635 637 ]; 636 638 RestrictNamespaces = true; 637 639 RestrictRealtime = true;

+12 -5

nixos/modules/system/boot/systemd.nix

··· 35 35 "nss-lookup.target" 36 36 "nss-user-lookup.target" 37 37 "time-sync.target" 38 - ] ++ (optionals cfg.package.withCryptsetup [ 38 + ] ++ optionals cfg.package.withCryptsetup [ 39 39 "cryptsetup.target" 40 40 "cryptsetup-pre.target" 41 41 "remote-cryptsetup.target" 42 - ]) ++ [ 42 + ] ++ [ 43 43 "sigpwr.target" 44 44 "timers.target" 45 45 "paths.target" ··· 133 133 134 134 # Slices / containers. 135 135 "slices.target" 136 + ] ++ optionals cfg.package.withImportd [ 137 + "systemd-importd.service" 138 + ] ++ optionals cfg.package.withMachined [ 136 139 "machine.slice" 137 140 "machines.target" 138 - "systemd-importd.service" 139 141 "systemd-machined.service" 142 + ] ++ [ 140 143 "systemd-nspawn@.service" 141 144 142 145 # Misc. 143 146 "systemd-sysctl.service" 147 + ] ++ optionals cfg.package.withTimedated [ 144 148 "dbus-org.freedesktop.timedate1.service" 149 + "systemd-timedated.service" 150 + ] ++ optionals cfg.package.withLocaled [ 145 151 "dbus-org.freedesktop.locale1.service" 146 - "dbus-org.freedesktop.hostname1.service" 147 - "systemd-timedated.service" 148 152 "systemd-localed.service" 153 + ] ++ optionals cfg.package.withHostnamed [ 154 + "dbus-org.freedesktop.hostname1.service" 149 155 "systemd-hostnamed.service" 156 + ] ++ [ 150 157 "systemd-exit.service" 151 158 "systemd-update-done.service" 152 159 ] ++ cfg.additionalUpstreamSystemUnits;

+3

nixos/modules/system/boot/systemd/logind.nix

··· 81 81 "systemd-logind.service" 82 82 "autovt@.service" 83 83 "systemd-user-sessions.service" 84 + ] ++ optionals config.systemd.package.withImportd [ 84 85 "dbus-org.freedesktop.import1.service" 86 + ] ++ optionals config.systemd.package.withMachined [ 85 87 "dbus-org.freedesktop.machine1.service" 88 + ] ++ [ 86 89 "dbus-org.freedesktop.login1.service" 87 90 "user@.service" 88 91 "user-runtime-dir@.service"

+1

nixos/tests/all-tests.nix

··· 580 580 uptermd = handleTest ./uptermd.nix {}; 581 581 usbguard = handleTest ./usbguard.nix {}; 582 582 user-activation-scripts = handleTest ./user-activation-scripts.nix {}; 583 + user-home-mode = handleTest ./user-home-mode.nix {}; 583 584 uwsgi = handleTest ./uwsgi.nix {}; 584 585 v2ray = handleTest ./v2ray.nix {}; 585 586 vault = handleTest ./vault.nix {};

+28

nixos/tests/mosquitto.nix

··· 4 4 port = 1888; 5 5 tlsPort = 1889; 6 6 anonPort = 1890; 7 + bindTestPort = 1891; 7 8 password = "VERY_secret"; 8 9 hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw=="; 9 10 topic = "test/foo"; ··· 125 126 }; 126 127 }; 127 128 } 129 + { 130 + settings.bind_interface = "eth0"; 131 + port = bindTestPort; 132 + } 128 133 ]; 129 134 }; 130 135 }; ··· 134 139 }; 135 140 136 141 testScript = '' 142 + import json 143 + 137 144 def mosquitto_cmd(binary, user, topic, port): 138 145 return ( 139 146 "mosquitto_{} " ··· 161 168 162 169 start_all() 163 170 server.wait_for_unit("mosquitto.service") 171 + 172 + with subtest("bind_interface"): 173 + addrs = dict() 174 + for iface in json.loads(server.succeed("ip -json address show")): 175 + for addr in iface['addr_info']: 176 + # don't want to deal with multihoming here 177 + assert addr['local'] not in addrs 178 + addrs[addr['local']] = (iface['ifname'], addr['family']) 179 + 180 + # mosquitto grabs *one* random address per type for bind_interface 181 + (has4, has6) = (False, False) 182 + for line in server.succeed("ss -HlptnO sport = ${toString bindTestPort}").splitlines(): 183 + items = line.split() 184 + if "mosquitto" not in items[5]: continue 185 + listener = items[3].rsplit(':', maxsplit=1)[0].strip('[]') 186 + assert listener in addrs 187 + assert addrs[listener][0] == "eth0" 188 + has4 |= addrs[listener][1] == 'inet' 189 + has6 |= addrs[listener][1] == 'inet6' 190 + assert has4 191 + assert has6 164 192 165 193 with subtest("check passwords"): 166 194 client1.succeed(publish("-m test", "password_store"))

+27

nixos/tests/user-home-mode.nix

··· 1 + import ./make-test-python.nix ({ lib, ... }: { 2 + name = "user-home-mode"; 3 + meta = with lib.maintainers; { maintainers = [ fbeffa ]; }; 4 + 5 + nodes.machine = { 6 + users.users.alice = { 7 + initialPassword = "pass1"; 8 + isNormalUser = true; 9 + }; 10 + users.users.bob = { 11 + initialPassword = "pass2"; 12 + isNormalUser = true; 13 + homeMode = "750"; 14 + }; 15 + }; 16 + 17 + testScript = '' 18 + machine.wait_for_unit("multi-user.target") 19 + machine.wait_for_unit("getty@tty1.service") 20 + machine.wait_until_tty_matches(1, "login: ") 21 + machine.send_chars("alice\n") 22 + machine.wait_until_tty_matches(1, "Password: ") 23 + machine.send_chars("pass1\n") 24 + machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]') 25 + machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]') 26 + ''; 27 + })

+232

pkgs/applications/blockchains/sparrow/default.nix

··· 1 + { stdenv 2 + , lib 3 + , makeWrapper 4 + , fetchurl 5 + , makeDesktopItem 6 + , copyDesktopItems 7 + , autoPatchelfHook 8 + , openjdk17 9 + , gtk3 10 + , gsettings-desktop-schemas 11 + , writeScript 12 + , bash 13 + , gnugrep 14 + , tor 15 + , zlib 16 + , openimajgrabber 17 + , hwi 18 + , imagemagick 19 + }: 20 + 21 + let 22 + pname = "sparrow"; 23 + version = "1.6.4"; 24 + 25 + src = fetchurl { 26 + url = "https://github.com/sparrowwallet/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; 27 + sha256 = "1wdibpbhv3g6qk42ddfc5vyqkkwprczy45w5wi115qg3g1rf1in7"; 28 + }; 29 + 30 + launcher = writeScript "sparrow" '' 31 + #! ${bash}/bin/bash 32 + params=( 33 + --module-path @out@/lib:@jdkModules@/modules 34 + --add-opens javafx.graphics/com.sun.javafx.css=org.controlsfx.controls 35 + --add-opens javafx.graphics/javafx.scene=org.controlsfx.controls 36 + --add-opens javafx.controls/com.sun.javafx.scene.control.behavior=org.controlsfx.controls 37 + --add-opens javafx.controls/com.sun.javafx.scene.control.inputmap=org.controlsfx.controls 38 + --add-opens javafx.graphics/com.sun.javafx.scene.traversal=org.controlsfx.controls 39 + --add-opens javafx.base/com.sun.javafx.event=org.controlsfx.controls 40 + --add-opens javafx.controls/javafx.scene.control.cell=com.sparrowwallet.sparrow 41 + --add-opens org.controlsfx.controls/impl.org.controlsfx.skin=com.sparrowwallet.sparrow 42 + --add-opens org.controlsfx.controls/impl.org.controlsfx.skin=javafx.fxml 43 + --add-opens javafx.graphics/com.sun.javafx.tk=centerdevice.nsmenufx 44 + --add-opens javafx.graphics/com.sun.javafx.tk.quantum=centerdevice.nsmenufx 45 + --add-opens javafx.graphics/com.sun.glass.ui=centerdevice.nsmenufx 46 + --add-opens javafx.controls/com.sun.javafx.scene.control=centerdevice.nsmenufx 47 + --add-opens javafx.graphics/com.sun.javafx.menu=centerdevice.nsmenufx 48 + --add-opens javafx.graphics/com.sun.glass.ui=com.sparrowwallet.sparrow 49 + --add-opens javafx.graphics/com.sun.javafx.application=com.sparrowwallet.sparrow 50 + --add-opens java.base/java.net=com.sparrowwallet.sparrow 51 + --add-opens java.base/java.io=com.google.gson 52 + --add-reads com.sparrowwallet.merged.module=java.desktop 53 + --add-reads com.sparrowwallet.merged.module=java.sql 54 + --add-reads com.sparrowwallet.merged.module=com.sparrowwallet.sparrow 55 + --add-reads com.sparrowwallet.merged.module=logback.classic 56 + --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.databind 57 + --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.annotation 58 + --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.core 59 + --add-reads com.sparrowwallet.merged.module=co.nstant.in.cbor 60 + -m com.sparrowwallet.sparrow 61 + ) 62 + 63 + XDG_DATA_DIRS=${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}:${gtk3}/share/gsettings-schemas/${gtk3.name}:$XDG_DATA_DIRS ${openjdk17}/bin/java ''${params[@]} $@ 64 + ''; 65 + 66 + torWrapper = writeScript "tor-wrapper" '' 67 + #! ${bash}/bin/bash 68 + 69 + exec ${tor}/bin/tor "$@" 70 + ''; 71 + 72 + jdk-modules = stdenv.mkDerivation { 73 + name = "jdk-modules"; 74 + nativeBuildInputs = [ openjdk17 ]; 75 + dontUnpack = true; 76 + 77 + buildPhase = '' 78 + # Extract the JDK's JIMAGE and generate a list of modules. 79 + mkdir modules 80 + pushd modules 81 + jimage extract ${openjdk17}/lib/openjdk/lib/modules 82 + ls | xargs -d " " -- echo > ../manifest.txt 83 + popd 84 + ''; 85 + 86 + installPhase = '' 87 + mkdir -p $out 88 + cp manifest.txt $out/ 89 + cp -r modules/ $out/ 90 + ''; 91 + }; 92 + 93 + sparrow-modules = stdenv.mkDerivation { 94 + pname = "sparrow-modules"; 95 + inherit version src; 96 + nativeBuildInputs = [ makeWrapper gnugrep openjdk17 autoPatchelfHook stdenv.cc.cc.lib zlib ]; 97 + 98 + buildPhase = '' 99 + # Extract Sparrow's JIMAGE and generate a list of them. 100 + mkdir modules 101 + pushd modules 102 + jimage extract ../lib/runtime/lib/modules 103 + 104 + # Delete JDK modules 105 + cat ${jdk-modules}/manifest.txt | xargs -I {} -- rm -fR {} 106 + 107 + # Delete unneeded native libs. 108 + 109 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/freebsd-x86-64 110 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/freebsd-x86 111 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-aarch64 112 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-arm 113 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-armel 114 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-mips64el 115 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-ppc 116 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-ppc64le 117 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-s390x 118 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-x86 119 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/openbsd-x86-64 120 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/openbsd-x86 121 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-sparc 122 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-sparcv9 123 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-x86-64 124 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-x86 125 + rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_armel 126 + rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_armhf 127 + rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x86 128 + rm com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x64/OpenIMAJGrabber.so 129 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_arm32_armel 130 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_armel 131 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_armhf 132 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_x86 133 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/sunos_x64 134 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/sunos_x86 135 + rm -fR com.sparrowwallet.merged.module/linux-aarch64 136 + rm -fR com.sparrowwallet.merged.module/linux-arm 137 + rm -fR com.sparrowwallet.merged.module/linux-x86 138 + rm com.sparrowwallet.sparrow/native/linux/x64/hwi 139 + 140 + ls | xargs -d " " -- echo > ../manifest.txt 141 + find . | grep "\.so$" | xargs -- chmod ugo+x 142 + popd 143 + 144 + # Replace the embedded Tor binary (which is in a Tar archive) 145 + # with one from Nixpkgs. 146 + cp ${torWrapper} ./tor 147 + tar -cJf tor.tar.xz tor 148 + cp tor.tar.xz modules/netlayer.jpms/native/linux/x64/tor.tar.xz 149 + ''; 150 + 151 + installPhase = '' 152 + mkdir -p $out 153 + cp manifest.txt $out/ 154 + cp -r modules/ $out/ 155 + ln -s ${openimajgrabber}/lib/OpenIMAJGrabber.so $out/modules/com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x64/OpenIMAJGrabber.so 156 + ln -s ${hwi}/bin/hwi $out/modules/com.sparrowwallet.sparrow/native/linux/x64/hwi 157 + ''; 158 + }; 159 + 160 + # To use the udev rules for connected hardware wallets, 161 + # add "pkgs.sparrow" to "services.udev.packages" and add user accounts to the user group "plugdev". 162 + udev-rules = stdenv.mkDerivation { 163 + name = "sparrow-udev"; 164 + 165 + src = let version = "2.0.2"; in 166 + fetchurl { 167 + url = "https://github.com/bitcoin-core/HWI/releases/download/${version}/hwi-${version}.tar.gz"; 168 + sha256 = "sha256-di1fRsMbwpHcBFNTCVivfxpwhUoUKLA3YTnJxKq/jHM="; 169 + }; 170 + 171 + installPhase = '' 172 + mkdir -p $out/etc/udev/rules.d 173 + cp -a hwilib/udev/* $out/etc/udev/rules.d 174 + rm $out/etc/udev/rules.d/README.md 175 + ''; 176 + }; 177 + in 178 + stdenv.mkDerivation rec { 179 + inherit pname version src; 180 + nativeBuildInputs = [ makeWrapper copyDesktopItems ]; 181 + 182 + desktopItems = [ 183 + (makeDesktopItem { 184 + name = "Sparrow"; 185 + exec = pname; 186 + icon = pname; 187 + desktopName = "Sparrow Bitcoin Wallet"; 188 + genericName = "Bitcoin Wallet"; 189 + categories = [ "Finance" ]; 190 + }) 191 + ]; 192 + 193 + sparrow-icons = stdenv.mkDerivation { 194 + inherit version src; 195 + pname = "sparrow-icons"; 196 + nativeBuildInputs = [ imagemagick ]; 197 + 198 + installPhase = '' 199 + for n in 16 24 32 48 64 96 128 256; do 200 + size=$n"x"$n 201 + mkdir -p $out/hicolor/$size/apps 202 + convert lib/Sparrow.png -resize $size $out/hicolor/$size/apps/sparrow.png 203 + done; 204 + ''; 205 + }; 206 + 207 + installPhase = '' 208 + runHook preInstall 209 + 210 + mkdir -p $out/bin $out 211 + ln -s ${sparrow-modules}/modules $out/lib 212 + install -D -m 777 ${launcher} $out/bin/sparrow 213 + substituteAllInPlace $out/bin/sparrow 214 + substituteInPlace $out/bin/sparrow --subst-var-by jdkModules ${jdk-modules} 215 + 216 + mkdir -p $out/share/icons 217 + ln -s ${sparrow-icons}/hicolor $out/share/icons 218 + 219 + mkdir -p $out/etc/udev 220 + ln -s ${udev-rules}/etc/udev/rules.d $out/etc/udev/rules.d 221 + 222 + runHook postInstall 223 + ''; 224 + 225 + meta = with lib; { 226 + description = "A modern desktop Bitcoin wallet application supporting most hardware wallets and built on common standards such as PSBT, with an emphasis on transparency and usability."; 227 + homepage = "https://sparrowwallet.com"; 228 + license = licenses.asl20; 229 + maintainers = with maintainers; [ emmanuelrosa _1000101 ]; 230 + platforms = [ "x86_64-linux" ]; 231 + }; 232 + }

+40

pkgs/applications/blockchains/sparrow/openimajgrabber.nix

··· 1 + { stdenv 2 + , lib 3 + , fetchFromGitHub 4 + , libv4l 5 + }: 6 + stdenv.mkDerivation rec { 7 + pname = "openimajgrabber"; 8 + version = "1.3.10"; 9 + 10 + src = fetchFromGitHub { 11 + owner = "openimaj"; 12 + repo = "openimaj"; 13 + rev = "openimaj-${version}"; 14 + sha256 = "sha256-Y8707ovE7f6Fk3cJ+PtwvzNpopgH5vlF55m2Xm4hjYM="; 15 + }; 16 + 17 + buildInputs = [ libv4l ]; 18 + 19 + # These build instructions come from build.sh 20 + buildPhase = '' 21 + pushd hardware/core-video-capture/src-native/linux 22 + g++ -fPIC -g -c OpenIMAJGrabber.cpp 23 + g++ -fPIC -g -c capture.cpp 24 + g++ -shared -Wl,-soname,OpenIMAJGrabber.so -o OpenIMAJGrabber.so OpenIMAJGrabber.o capture.o -lv4l2 -lrt -lv4lconvert 25 + popd 26 + ''; 27 + 28 + installPhase = '' 29 + mkdir -p $out/lib 30 + cp hardware/core-video-capture/src-native/linux/OpenIMAJGrabber.so $out/lib 31 + ''; 32 + 33 + meta = with lib; { 34 + description = "A collection of libraries and tools for multimedia (images, text, video, audio, etc.) content analysis and content generation. This package only builds the OpenIMAJGrabber for Linux."; 35 + homepage = "http://www.openimaj.org"; 36 + license = licenses.bsd0; 37 + maintainers = with maintainers; [ emmanuelrosa _1000101 ]; 38 + platforms = platforms.linux; 39 + }; 40 + }

+5 -5

pkgs/applications/graphics/scantailor/advanced.nix

··· 4 4 5 5 mkDerivation rec { 6 6 pname = "scantailor-advanced"; 7 - version = "1.0.16"; 7 + version = "1.0.18"; 8 8 9 9 src = fetchFromGitHub { 10 - owner = "4lex4"; 10 + owner = "vigri"; 11 11 repo = "scantailor-advanced"; 12 12 rev = "v${version}"; 13 - sha256 = "0lc9lzbpiy5hgimyhl4s4q67pb9gacpy985gl6iy8pl79zxhmcyp"; 13 + sha256 = "sha256-4/QSjgHvRgIduS/AXbT7osRTdOdgR7On3CbjRnGbwHU="; 14 14 }; 15 15 16 16 nativeBuildInputs = [ cmake qttools ]; 17 17 buildInputs = [ libjpeg libpng libtiff boost qtbase ]; 18 18 19 19 meta = with lib; { 20 - homepage = "https://github.com/4lex4/scantailor-advanced"; 21 - description = "Interactive post-processing tool for scanned pages"; 20 + homepage = "https://github.com/vigri/scantailor-advanced"; 21 + description = "Interactive post-processing tool for scanned pages (vigri's fork)"; 22 22 license = licenses.gpl3Plus; 23 23 maintainers = with maintainers; [ jfrankenau ]; 24 24 platforms = with platforms; gnu ++ linux ++ darwin;

+21 -1

pkgs/development/libraries/gecode/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, bison, flex, perl, gmp, mpfr, enableGist ? true, qtbase }: 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , fetchpatch 5 + , bison 6 + , flex 7 + , perl 8 + , gmp 9 + , mpfr 10 + , qtbase 11 + , enableGist ? true 12 + }: 2 13 3 14 stdenv.mkDerivation rec { 4 15 pname = "gecode"; ··· 10 21 rev = "release-${version}"; 11 22 sha256 = "0b1cq0c810j1xr2x9y9996p894571sdxng5h74py17c6nr8c6dmk"; 12 23 }; 24 + 25 + patches = [ 26 + # https://github.com/Gecode/gecode/pull/74 27 + (fetchpatch { 28 + name = "fix-const-weights-clang.patch"; 29 + url = "https://github.com/Gecode/gecode/commit/c810c96b1ce5d3692e93439f76c4fa7d3daf9fbb.patch"; 30 + sha256 = "0270msm22q5g5sqbdh8kmrihlxnnxqrxszk9a49hdxd72736p4fc"; 31 + }) 32 + ]; 13 33 14 34 enableParallelBuilding = true; 15 35 dontWrapQtApps = true;

-1

pkgs/development/python-modules/lektor/default.nix

··· 62 62 checkInputs = [ 63 63 pytest-click 64 64 pytest-mock 65 - pytest-pylint 66 65 pytestCheckHook 67 66 ]; 68 67

+30 -12

pkgs/development/python-modules/pamqp/default.nix

··· 1 1 { lib 2 2 , buildPythonPackage 3 - , fetchPypi 4 - , mock 5 - , nose 6 - , pep8 7 - , pylint 8 - , mccabe 3 + , pythonOlder 4 + , fetchFromGitHub 5 + , pytestCheckHook 9 6 }: 10 7 11 8 buildPythonPackage rec { 12 9 version = "3.1.0"; 13 10 pname = "pamqp"; 14 11 15 - src = fetchPypi { 16 - inherit pname version; 17 - sha256 = "e4f0886d72c6166637a5513626148bf5a7e818073a558980e9aaed8b4ccf30da"; 12 + disabled = pythonOlder "3.7"; 13 + 14 + format = "setuptools"; 15 + 16 + src = fetchFromGitHub { 17 + owner = "gmr"; 18 + repo = "pamqp"; 19 + rev = version; 20 + hash = "sha256-qiYfQsyYvG6pyRFDt3pyYKNNWNP88maj+VAeGD68OmY="; 18 21 }; 19 22 20 - buildInputs = [ mock nose pep8 pylint mccabe ]; 23 + checkInputs = [ 24 + pytestCheckHook 25 + ]; 26 + 27 + pythonImportsCheck = [ 28 + "pamqp.base" 29 + "pamqp.body" 30 + "pamqp.commands" 31 + "pamqp.common" 32 + "pamqp.decode" 33 + "pamqp.encode" 34 + "pamqp.exceptions" 35 + "pamqp.frame" 36 + "pamqp.header" 37 + "pamqp.heartbeat" 38 + ]; 21 39 22 40 meta = with lib; { 23 41 description = "RabbitMQ Focused AMQP low-level library"; 24 - homepage = "https://pypi.python.org/pypi/pamqp"; 42 + homepage = "https://github.com/gmr/pamqp"; 25 43 license = licenses.bsd3; 44 + maintainers = with maintainers; [ dotlambda ]; 26 45 }; 27 - 28 46 }

+44

pkgs/development/python-modules/pulumi-aws/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchFromGitHub 4 + , fetchpatch 5 + , pulumi 6 + , parver 7 + , semver 8 + , isPy27 9 + }: 10 + 11 + buildPythonPackage rec { 12 + pname = "pulumi-aws"; 13 + # version is independant of pulumi's. 14 + version = "5.3.0"; 15 + disabled = isPy27; 16 + 17 + src = fetchFromGitHub { 18 + owner = "pulumi"; 19 + repo = "pulumi-aws"; 20 + rev = "v${version}"; 21 + sha256 = "sha256-LrWiNYJeQQvXJDOxklRO86VSiaadvkOepQVPhh2BBkk="; 22 + }; 23 + 24 + propagatedBuildInputs = [ 25 + pulumi 26 + parver 27 + semver 28 + ]; 29 + 30 + postPatch = '' 31 + cd sdk/python 32 + ''; 33 + 34 + # checks require cloud resources 35 + doCheck = false; 36 + pythonImportsCheck = ["pulumi_aws"]; 37 + 38 + meta = with lib; { 39 + description = "Pulumi python amazon web services provider"; 40 + homepage = "https://github.com/pulumi/pulumi-aws"; 41 + license = licenses.asl20; 42 + maintainers = with maintainers; [ costrouc ]; 43 + }; 44 + }

+89

pkgs/development/python-modules/pulumi/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchpatch 4 + , fetchFromGitHub 5 + , protobuf 6 + , dill 7 + , grpcio 8 + , pulumi-bin 9 + , isPy27 10 + , semver 11 + , pyyaml 12 + , six 13 + 14 + 15 + # for tests 16 + , tox 17 + , go 18 + , pulumictl 19 + , bash 20 + , pylint 21 + , pytest 22 + , pytest-timeout 23 + , coverage 24 + , black 25 + , wheel 26 + , pytest-asyncio 27 + 28 + , mypy 29 + }: 30 + let 31 + data = import ./data.nix {}; 32 + in 33 + buildPythonPackage rec { 34 + pname = "pulumi"; 35 + version = pulumi-bin.version; 36 + disabled = isPy27; 37 + 38 + src = fetchFromGitHub { 39 + owner = "pulumi"; 40 + repo = "pulumi"; 41 + rev = "v${pulumi-bin.version}"; 42 + sha256 = "sha256-vqEZEHTpJV65a3leWwYhyi3dzAsN67BXOvk5hnTPeuI="; 43 + }; 44 + 45 + propagatedBuildInputs = [ 46 + semver 47 + protobuf 48 + dill 49 + grpcio 50 + pyyaml 51 + six 52 + ]; 53 + 54 + checkInputs = [ 55 + pulumi-bin 56 + pulumictl 57 + mypy 58 + bash 59 + go 60 + tox 61 + pytest 62 + pytest-timeout 63 + coverage 64 + pytest-asyncio 65 + wheel 66 + black 67 + ]; 68 + 69 + pythonImportsCheck = ["pulumi"]; 70 + 71 + postPatch = '' 72 + cp README.md sdk/python/lib 73 + patchShebangs . 74 + cd sdk/python/lib 75 + 76 + substituteInPlace setup.py \ 77 + --replace "{VERSION}" "${version}" 78 + ''; 79 + 80 + # disabled because tests try to fetch go packages from the net 81 + doCheck = false; 82 + 83 + meta = with lib; { 84 + description = "Modern Infrastructure as Code. Any cloud, any language"; 85 + homepage = "https://github.com/pulumi/pulumi"; 86 + license = licenses.asl20; 87 + maintainers = with maintainers; [ teto ]; 88 + }; 89 + }

-2

pkgs/development/python-modules/pytile/default.nix

··· 4 4 , buildPythonPackage 5 5 , fetchFromGitHub 6 6 , poetry-core 7 - , pylint 8 7 , pytest-aiohttp 9 8 , pytest-asyncio 10 9 , pytestCheckHook ··· 31 30 32 31 propagatedBuildInputs = [ 33 32 aiohttp 34 - pylint 35 33 ]; 36 34 37 35 checkInputs = [

+1 -1

pkgs/os-specific/linux/systemd/default.nix

··· 688 688 # runtime; otherwise we can't and we need to reboot. 689 689 interfaceVersion = 2; 690 690 691 - inherit withCryptsetup util-linux kmod kbd; 691 + inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withTimedated util-linux kmod kbd; 692 692 693 693 tests = { 694 694 inherit (nixosTests) switchTest;

+2 -3

pkgs/servers/home-assistant/default.nix

··· 282 282 respx 283 283 stdlib-list 284 284 tqdm 285 - # required by tests/pylint 286 - astroid 287 - pylint 288 285 # required by tests/auth/mfa_modules 289 286 pyotp 290 287 ] ++ lib.concatMap (component: getPackages component python.pkgs) [ ··· 308 305 ]; 309 306 310 307 disabledTestPaths = [ 308 + # we don't care about code quality 309 + "tests/pylint" 311 310 # don't bulk test all components 312 311 "tests/components" 313 312 # pyotp since v2.4.0 complains about the short mock keys, hass pins v2.3.0

+8

pkgs/tools/admin/pulumi/update-pulumi-shell.nix

··· 1 + { nixpkgs ? import ../../../.. { } }: 2 + with nixpkgs; 3 + mkShell { 4 + packages = [ 5 + pkgs.gh 6 + ]; 7 + } 8 +

+1 -1

pkgs/tools/admin/pulumi/update.sh

··· 1 1 #!/usr/bin/env nix-shell 2 - #!nix-shell -i bash -p gh 2 + #!nix-shell update-pulumi-shell.nix -i bash 3 3 # shellcheck shell=bash 4 4 # Bash 3 compatible for Darwin 5 5

+9 -4

pkgs/tools/filesystems/yandex-disk/default.nix

··· 4 4 p = if stdenv.is64bit then { 5 5 arch = "x86_64"; 6 6 gcclib = "${stdenv.cc.cc.lib}/lib64"; 7 - sha256 = "e4f579963199f05476657f0066beaa32d1261aef2203382f3919e1ed4bc4594e"; 7 + sha256 = "sha256-HH/pLZmDr6m/B3e6MHafDGnNWR83oR2y1ijVMR/LOF0="; 8 + webarchive = "20220519080155"; 8 9 } 9 10 else { 10 11 arch = "i386"; 11 12 gcclib = "${stdenv.cc.cc.lib}/lib"; 12 - sha256 = "69113bf33ba0c57a363305b76361f2866c3b8394b173eed0f49db1f50bfe0373"; 13 + sha256 = "sha256-28dmdnJf+qh9r3F0quwlYXB/UqcOzcHzuzFq8vt2bf0="; 14 + webarchive = "20220519080430"; 13 15 }; 14 16 in 15 17 stdenv.mkDerivation rec { 16 18 17 19 pname = "yandex-disk"; 18 - version = "0.1.6.1074"; 20 + version = "0.1.6.1080"; 19 21 20 22 src = fetchurl { 21 - url = "https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm"; 23 + urls = [ 24 + "https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm" 25 + "https://web.archive.org/web/${p.webarchive}/https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm" 26 + ]; 22 27 sha256 = p.sha256; 23 28 }; 24 29

+1

pkgs/tools/networking/isync/default.nix

··· 29 29 license = licenses.gpl2Plus; 30 30 platforms = platforms.unix; 31 31 maintainers = with maintainers; [ primeos lheckemann ]; 32 + mainProgram = "mbsync"; 32 33 }; 33 34 }

+5 -1

pkgs/top-level/all-packages.nix

··· 10424 10424 10425 10425 sozu = callPackage ../servers/sozu { }; 10426 10426 10427 + sparrow = callPackage ../applications/blockchains/sparrow { 10428 + openimajgrabber = callPackage ../applications/blockchains/sparrow/openimajgrabber.nix {}; 10429 + }; 10430 + 10427 10431 sparsehash = callPackage ../development/libraries/sparsehash { }; 10428 10432 10429 10433 spectre-meltdown-checker = callPackage ../tools/security/spectre-meltdown-checker { }; ··· 29363 29367 29364 29368 scantailor = callPackage ../applications/graphics/scantailor { }; 29365 29369 29366 - scantailor-advanced = libsForQt514.callPackage ../applications/graphics/scantailor/advanced.nix { }; 29370 + scantailor-advanced = libsForQt515.callPackage ../applications/graphics/scantailor/advanced.nix { }; 29367 29371 29368 29372 sc-im = callPackage ../applications/misc/sc-im { }; 29369 29373

+4

pkgs/top-level/python-packages.nix

··· 1105 1105 1106 1106 babelgladeextractor = callPackage ../development/python-modules/babelgladeextractor { }; 1107 1107 1108 + pulumi = callPackage ../development/python-modules/pulumi { }; 1109 + 1110 + pulumi-aws = callPackage ../development/python-modules/pulumi-aws { }; 1111 + 1108 1112 backcall = callPackage ../development/python-modules/backcall { }; 1109 1113 1110 1114 backoff = callPackage ../development/python-modules/backoff { };