Merge staging-next into staging · tjh.dev/nixpkgs@d05ee1c

+148 -89

lib/systems/architectures.nix

··· 339 339 }; 340 340 341 341 # a superior CPU has all the features of an inferior and is able to build and test code for it 342 - inferiors = { 343 - # x86_64 Generic 344 - default = [ ]; 345 - x86-64 = [ ]; 346 - x86-64-v2 = [ "x86-64" ]; 347 - x86-64-v3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 348 - x86-64-v4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; 342 + inferiors = 343 + let 344 + withInferiors = archs: lib.unique (archs ++ lib.flatten (lib.attrVals archs inferiors)); 345 + in 346 + { 347 + # x86_64 Generic 348 + default = [ ]; 349 + x86-64 = [ ]; 350 + x86-64-v2 = [ "x86-64" ]; 351 + x86-64-v3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 352 + x86-64-v4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; 349 353 350 - # x86_64 Intel 351 - # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 352 - nehalem = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 353 - westmere = [ "nehalem" ] ++ inferiors.nehalem; 354 - sandybridge = [ "westmere" ] ++ inferiors.westmere; 355 - ivybridge = [ "sandybridge" ] ++ inferiors.sandybridge; 354 + # x86_64 Intel 355 + # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 356 + nehalem = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 357 + westmere = [ "nehalem" ] ++ inferiors.nehalem; 358 + sandybridge = [ "westmere" ] ++ inferiors.westmere; 359 + ivybridge = [ "sandybridge" ] ++ inferiors.sandybridge; 360 + 361 + haswell = lib.unique ( 362 + [ 363 + "ivybridge" 364 + "x86-64-v3" 365 + ] 366 + ++ inferiors.ivybridge 367 + ++ inferiors.x86-64-v3 368 + ); 369 + broadwell = [ "haswell" ] ++ inferiors.haswell; 370 + skylake = [ "broadwell" ] ++ inferiors.broadwell; 371 + 372 + skylake-avx512 = lib.unique ( 373 + [ 374 + "skylake" 375 + "x86-64-v4" 376 + ] 377 + ++ inferiors.skylake 378 + ++ inferiors.x86-64-v4 379 + ); 380 + cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512; 381 + icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake; 382 + icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client; 383 + cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake; 384 + cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake; 385 + tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server; 386 + sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; 387 + emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; 388 + 389 + alderlake = [ "skylake" ] ++ inferiors.skylake; 390 + sierraforest = [ "alderlake" ] ++ inferiors.alderlake; 356 391 357 - haswell = lib.unique ( 358 - [ 359 - "ivybridge" 360 - "x86-64-v3" 361 - ] 362 - ++ inferiors.ivybridge 363 - ++ inferiors.x86-64-v3 364 - ); 365 - broadwell = [ "haswell" ] ++ inferiors.haswell; 366 - skylake = [ "broadwell" ] ++ inferiors.broadwell; 392 + # x86_64 AMD 393 + # TODO: fill in specific CPU architecture inferiors 394 + btver1 = [ "x86-64" ]; 395 + btver2 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 396 + bdver1 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 397 + bdver2 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 398 + bdver3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 399 + bdver4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; 400 + # Regarding `skylake` as inferior of `znver1`, there are reports of 401 + # successful usage by Gentoo users and Phoronix benchmarking of different 402 + # `-march` targets. 403 + # 404 + # The GCC documentation on extensions used and wikichip documentation 405 + # regarding supperted extensions on znver1 and skylake was used to create 406 + # this partial order. 407 + # 408 + # Note: 409 + # 410 + # - The successors of `skylake` (`cannonlake`, `icelake`, etc) use `avx512` 411 + # which no current AMD Zen michroarch support. 412 + # - `znver1` uses `ABM`, `CLZERO`, `CX16`, `MWAITX`, and `SSE4A` which no 413 + # current Intel microarch support. 414 + # 415 + # https://www.phoronix.com/scan.php?page=article&item=amd-znver3-gcc11&num=1 416 + # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 417 + # https://en.wikichip.org/wiki/amd/microarchitectures/zen 418 + # https://en.wikichip.org/wiki/intel/microarchitectures/skylake 419 + znver1 = [ "skylake" ] ++ inferiors.skylake; # Includes haswell and x86-64-v3 420 + znver2 = [ "znver1" ] ++ inferiors.znver1; 421 + znver3 = [ "znver2" ] ++ inferiors.znver2; 422 + znver4 = lib.unique ( 423 + [ 424 + "znver3" 425 + "x86-64-v4" 426 + ] 427 + ++ inferiors.znver3 428 + ++ inferiors.x86-64-v4 429 + ); 430 + znver5 = [ "znver4" ] ++ inferiors.znver4; 367 431 368 - skylake-avx512 = lib.unique ( 369 - [ 370 - "skylake" 371 - "x86-64-v4" 372 - ] 373 - ++ inferiors.skylake 374 - ++ inferiors.x86-64-v4 375 - ); 376 - cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512; 377 - icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake; 378 - icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client; 379 - cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake; 380 - cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake; 381 - tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server; 382 - sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; 383 - emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; 432 + # ARM64 (AArch64) 433 + armv8-a = [ ]; 434 + "armv8.1-a" = [ "armv8-a" ]; 435 + "armv8.2-a" = [ "armv8.1-a" ] ++ inferiors."armv8.1-a"; 436 + "armv8.3-a" = [ "armv8.2-a" ] ++ inferiors."armv8.2-a"; 437 + "armv8.4-a" = [ "armv8.3-a" ] ++ inferiors."armv8.3-a"; 438 + "armv8.5-a" = [ "armv8.4-a" ] ++ inferiors."armv8.4-a"; 439 + "armv8.6-a" = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; 440 + "armv8.7-a" = [ "armv8.6-a" ] ++ inferiors."armv8.6-a"; 441 + "armv8.8-a" = [ "armv8.7-a" ] ++ inferiors."armv8.7-a"; 442 + "armv8.9-a" = [ "armv8.8-a" ] ++ inferiors."armv8.8-a"; 443 + armv9-a = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; 444 + "armv9.1-a" = [ 445 + "armv9-a" 446 + "armv8.6-a" 447 + ] ++ inferiors."armv8.6-a"; 448 + "armv9.2-a" = lib.unique ( 449 + [ 450 + "armv9.1-a" 451 + "armv8.7-a" 452 + ] 453 + ++ inferiors."armv9.1-a" 454 + ++ inferiors."armv8.7-a" 455 + ); 456 + "armv9.3-a" = lib.unique ( 457 + [ 458 + "armv9.2-a" 459 + "armv8.8-a" 460 + ] 461 + ++ inferiors."armv9.2-a" 462 + ++ inferiors."armv8.8-a" 463 + ); 464 + "armv9.4-a" = [ "armv9.3-a" ] ++ inferiors."armv9.3-a"; 384 465 385 - # CX16 does not exist on alderlake, while it does on nearly all other intel CPUs 386 - alderlake = [ ]; 387 - sierraforest = [ "alderlake" ] ++ inferiors.alderlake; 466 + # ARM 467 + cortex-a53 = [ "armv8-a" ]; 468 + cortex-a72 = [ "armv8-a" ]; 469 + cortex-a55 = [ 470 + "armv8.2-a" 471 + "cortex-a53" 472 + "cortex-a72" 473 + ] ++ inferiors."armv8.2-a"; 474 + cortex-a76 = [ 475 + "armv8.2-a" 476 + "cortex-a53" 477 + "cortex-a72" 478 + ] ++ inferiors."armv8.2-a"; 388 479 389 - # x86_64 AMD 390 - # TODO: fill this (need testing) 391 - btver1 = [ ]; 392 - btver2 = [ ]; 393 - bdver1 = [ ]; 394 - bdver2 = [ ]; 395 - bdver3 = [ ]; 396 - bdver4 = [ ]; 397 - # Regarding `skylake` as inferior of `znver1`, there are reports of 398 - # successful usage by Gentoo users and Phoronix benchmarking of different 399 - # `-march` targets. 400 - # 401 - # The GCC documentation on extensions used and wikichip documentation 402 - # regarding supperted extensions on znver1 and skylake was used to create 403 - # this partial order. 404 - # 405 - # Note: 406 - # 407 - # - The successors of `skylake` (`cannonlake`, `icelake`, etc) use `avx512` 408 - # which no current AMD Zen michroarch support. 409 - # - `znver1` uses `ABM`, `CLZERO`, `CX16`, `MWAITX`, and `SSE4A` which no 410 - # current Intel microarch support. 411 - # 412 - # https://www.phoronix.com/scan.php?page=article&item=amd-znver3-gcc11&num=1 413 - # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 414 - # https://en.wikichip.org/wiki/amd/microarchitectures/zen 415 - # https://en.wikichip.org/wiki/intel/microarchitectures/skylake 416 - znver1 = [ "skylake" ] ++ inferiors.skylake; # Includes haswell and x86-64-v3 417 - znver2 = [ "znver1" ] ++ inferiors.znver1; 418 - znver3 = [ "znver2" ] ++ inferiors.znver2; 419 - znver4 = lib.unique ( 420 - [ 421 - "znver3" 422 - "x86-64-v4" 423 - ] 424 - ++ inferiors.znver3 425 - ++ inferiors.x86-64-v4 426 - ); 427 - znver5 = [ "znver4" ] ++ inferiors.znver4; 480 + # Ampere 481 + ampere1 = withInferiors [ 482 + "armv8.6-a" 483 + "cortex-a55" 484 + "cortex-a76" 485 + ]; 486 + ampere1a = [ "ampere1" ] ++ inferiors.ampere1; 487 + ampere1b = [ "ampere1a" ] ++ inferiors.ampere1a; 428 488 429 - # other 430 - armv5te = [ ]; 431 - armv6 = [ ]; 432 - armv7-a = [ ]; 433 - armv8-a = [ ]; 434 - mips32 = [ ]; 435 - loongson2f = [ ]; 436 - }; 489 + # other 490 + armv5te = [ ]; 491 + armv6 = [ ]; 492 + armv7-a = [ ]; 493 + mips32 = [ ]; 494 + loongson2f = [ ]; 495 + }; 437 496 438 497 predicates = 439 498 let

+2

nixos/doc/manual/release-notes/rl-2505.section.md

··· 140 140 141 141 - [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable). 142 142 143 + - [haven](https://github.com/bitvora/haven), is a high availability vault for events on nostr. Available as [services.haven](options.html#opt-services.haven.enable). 144 + 143 145 - [strfry](https://github.com/hoytech/strfry), a relay for the nostr protocol. Available as [services.strfry](options.html#opt-services.strfry.enable). 144 146 145 147 - [Prometheus Node Cert Exporter](https://github.com/amimof/node-cert-exporter), a prometheus exporter to check for SSL cert expiry. Available under [services.prometheus.exporters.node-cert](#opt-services.prometheus.exporters.node-cert.enable).

+1

nixos/modules/module-list.nix

··· 1537 1537 ./services/web-apps/guacamole-client.nix 1538 1538 ./services/web-apps/guacamole-server.nix 1539 1539 ./services/web-apps/hatsu.nix 1540 + ./services/web-apps/haven.nix 1540 1541 ./services/web-apps/healthchecks.nix 1541 1542 ./services/web-apps/hedgedoc.nix 1542 1543 ./services/web-apps/hledger-web.nix

+17 -28

nixos/modules/services/security/paretosecurity.nix

··· 14 14 15 15 config = lib.mkIf config.services.paretosecurity.enable { 16 16 environment.systemPackages = [ config.services.paretosecurity.package ]; 17 + systemd.packages = [ config.services.paretosecurity.package ]; 17 18 18 - systemd.sockets."paretosecurity" = { 19 - wantedBy = [ "sockets.target" ]; 20 - socketConfig = { 21 - ListenStream = "/var/run/paretosecurity.sock"; 22 - SocketMode = "0666"; 19 + # In traditional Linux distributions, systemd would read the [Install] section from 20 + # unit files and automatically create the appropriate symlinks to enable services. 21 + # However, in NixOS, due to its immutable nature and the way the Nix store works, 22 + # the [Install] sections are not processed during system activation. Instead, we 23 + # must explicitly tell NixOS which units to enable by specifying their target 24 + # dependencies here. This creates the necessary symlinks in the proper locations. 25 + systemd.sockets.paretosecurity.wantedBy = [ "sockets.target" ]; 26 + 27 + # Enable the tray icon and timer services if the trayIcon option is enabled 28 + systemd.user = lib.mkIf config.services.paretosecurity.trayIcon { 29 + services.paretosecurity-trayicon = { 30 + wantedBy = [ "graphical-session.target" ]; 23 31 }; 24 - }; 25 - 26 - systemd.services."paretosecurity" = { 27 - serviceConfig = { 28 - ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity helper"; 29 - User = "root"; 30 - Group = "root"; 31 - StandardInput = "socket"; 32 - Type = "oneshot"; 33 - RemainAfterExit = "no"; 34 - StartLimitInterval = "1s"; 35 - StartLimitBurst = 100; 36 - ProtectSystem = "full"; 37 - ProtectHome = true; 38 - StandardOutput = "journal"; 39 - StandardError = "journal"; 32 + services.paretosecurity-user = { 33 + wantedBy = [ "graphical-session.target" ]; 40 34 }; 41 - }; 42 - 43 - systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { 44 - wantedBy = [ "graphical-session.target" ]; 45 - serviceConfig = { 46 - ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; 35 + timers.paretosecurity-user = { 36 + wantedBy = [ "timers.target" ]; 47 37 }; 48 38 }; 49 - 50 39 }; 51 40 }

+137

nixos/modules/services/web-apps/haven.nix

··· 1 + { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: 7 + let 8 + # Load default values from package. See https://github.com/bitvora/haven/blob/master/.env.example 9 + defaultSettings = builtins.fromTOML (builtins.readFile "${cfg.package}/share/haven/.env.example"); 10 + 11 + import_relays_file = "${pkgs.writeText "import_relays.json" (builtins.toJSON cfg.importRelays)}"; 12 + blastr_relays_file = "${pkgs.writeText "blastr_relays.json" (builtins.toJSON cfg.blastrRelays)}"; 13 + 14 + mergedSettings = cfg.settings // { 15 + IMPORT_SEED_RELAYS_FILE = import_relays_file; 16 + BLASTR_RELAYS_FILE = blastr_relays_file; 17 + }; 18 + 19 + cfg = config.services.haven; 20 + in 21 + { 22 + options.services.haven = { 23 + enable = lib.mkEnableOption "haven"; 24 + 25 + package = lib.mkPackageOption pkgs "haven" { }; 26 + 27 + blastrRelays = lib.mkOption { 28 + type = lib.types.listOf lib.types.str; 29 + default = [ ]; 30 + description = "List of relay configurations for blastr"; 31 + example = lib.literalExpression '' 32 + [ 33 + "relay.example.com" 34 + ] 35 + ''; 36 + }; 37 + 38 + importRelays = lib.mkOption { 39 + type = lib.types.listOf lib.types.str; 40 + default = [ ]; 41 + description = "List of relay configurations for importing historical events"; 42 + example = lib.literalExpression '' 43 + [ 44 + "relay.example.com" 45 + ] 46 + ''; 47 + }; 48 + 49 + settings = lib.mkOption { 50 + default = defaultSettings; 51 + defaultText = "See https://github.com/bitvora/haven/blob/master/.env.example"; 52 + apply = lib.recursiveUpdate defaultSettings; 53 + description = "See https://github.com/bitvora/haven for documentation."; 54 + example = lib.literalExpression '' 55 + { 56 + RELAY_URL = "relay.example.com"; 57 + OWNER_NPUB = "npub1..."; 58 + } 59 + ''; 60 + }; 61 + 62 + environmentFile = lib.mkOption { 63 + type = lib.types.nullOr lib.types.path; 64 + default = null; 65 + description = '' 66 + Path to a file containing sensitive environment variables. See https://github.com/bitvora/haven for documentation. 67 + The file should contain environment-variable assignments like: 68 + S3_SECRET_KEY=mysecretkey 69 + S3_ACCESS_KEY_ID=myaccesskey 70 + ''; 71 + example = "/var/lib/haven/secrets.env"; 72 + }; 73 + }; 74 + 75 + config = lib.mkIf cfg.enable { 76 + users.users.haven = { 77 + description = "Haven daemon user"; 78 + group = "haven"; 79 + isSystemUser = true; 80 + }; 81 + 82 + users.groups.haven = { }; 83 + 84 + systemd.services.haven = { 85 + description = "haven"; 86 + wants = [ "network.target" ]; 87 + wantedBy = [ "multi-user.target" ]; 88 + environment = lib.attrsets.mapAttrs ( 89 + name: value: if builtins.isBool value then if value then "true" else "false" else toString value 90 + ) mergedSettings; 91 + 92 + serviceConfig = { 93 + ExecStart = "${cfg.package}/bin/haven"; 94 + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; 95 + User = "haven"; 96 + Group = "haven"; 97 + Restart = "on-failure"; 98 + 99 + RuntimeDirectory = "haven"; 100 + StateDirectory = "haven"; 101 + WorkingDirectory = "/var/lib/haven"; 102 + 103 + # Create symlink to templates in the working directory 104 + ExecStartPre = "+${pkgs.coreutils}/bin/ln -sfT ${cfg.package}/share/haven/templates /var/lib/haven/templates"; 105 + 106 + PrivateTmp = true; 107 + PrivateUsers = true; 108 + PrivateDevices = true; 109 + ProtectSystem = "strict"; 110 + ProtectHome = true; 111 + NoNewPrivileges = true; 112 + MemoryDenyWriteExecute = true; 113 + ProtectKernelTunables = true; 114 + ProtectKernelModules = true; 115 + ProtectKernelLogs = true; 116 + ProtectClock = true; 117 + ProtectProc = "invisible"; 118 + ProcSubset = "pid"; 119 + ProtectControlGroups = true; 120 + LockPersonality = true; 121 + RestrictSUIDSGID = true; 122 + RemoveIPC = true; 123 + RestrictRealtime = true; 124 + ProtectHostname = true; 125 + CapabilityBoundingSet = ""; 126 + SystemCallFilter = [ 127 + "@system-service" 128 + ]; 129 + SystemCallArchitectures = "native"; 130 + }; 131 + }; 132 + }; 133 + 134 + meta.maintainers = with lib.maintainers; [ 135 + felixzieger 136 + ]; 137 + }

+28 -2

nixos/modules/system/boot/systemd/tmpfiles.nix

··· 18 18 inherit elemType placeholder; 19 19 }; 20 20 21 + escapeArgument = lib.strings.escapeC [ 22 + "\t" 23 + "\n" 24 + "\r" 25 + " " 26 + "\\" 27 + ]; 28 + 21 29 settingsOption = { 22 30 description = '' 23 31 Declare systemd-tmpfiles rules to create, delete, and clean up volatile ··· 126 134 127 135 # generates a single entry for a tmpfiles.d rule 128 136 settingsEntryToRule = path: entry: '' 129 - '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${entry.argument} 137 + '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${escapeArgument entry.argument} 130 138 ''; 131 139 132 140 # generates a list of tmpfiles.d rules from the attrs (paths) under tmpfiles.settings.<name> ··· 199 207 "boot.initrd.systemd.storePaths will lead to errors in the future." 200 208 "Found these problematic files: ${lib.concatStringsSep ", " paths}" 201 209 ] 202 - ); 210 + ) 211 + ++ (lib.flatten ( 212 + lib.mapAttrsToList ( 213 + name: paths: 214 + lib.mapAttrsToList ( 215 + path: entries: 216 + lib.mapAttrsToList ( 217 + type': entry: 218 + lib.optional (lib.match ''.*\\([nrt]|x[0-9A-Fa-f]{2}).*'' entry.argument != null) ( 219 + lib.concatStringsSep " " [ 220 + "The argument option of ${name}.${type'}.${path} appears to" 221 + "contain escape sequences, which will be escaped again." 222 + "Unescape them if this is not intended: \"${entry.argument}\"" 223 + ] 224 + ) 225 + ) entries 226 + ) paths 227 + ) cfg.settings 228 + )); 203 229 204 230 systemd.additionalUpstreamSystemUnits = [ 205 231 "systemd-tmpfiles-clean.service"

+9 -2

nixos/tests/all-tests.nix

··· 270 270 buildbot = runTest ./buildbot.nix; 271 271 buildkite-agents = handleTest ./buildkite-agents.nix { }; 272 272 c2fmzq = handleTest ./c2fmzq.nix { }; 273 - caddy = handleTest ./caddy.nix { }; 273 + caddy = runTest ./caddy.nix; 274 274 cadvisor = handleTestOn [ "x86_64-linux" ] ./cadvisor.nix { }; 275 275 cage = handleTest ./cage.nix { }; 276 276 cagebreak = handleTest ./cagebreak.nix { }; ··· 407 407 enlightenment = handleTest ./enlightenment.nix { }; 408 408 env = handleTest ./env.nix { }; 409 409 envfs = handleTest ./envfs.nix { }; 410 - envoy = handleTest ./envoy.nix { }; 410 + envoy = runTest { 411 + imports = [ ./envoy.nix ]; 412 + _module.args.envoyPackage = pkgs.envoy; 413 + }; 414 + envoy-bin = runTest { 415 + imports = [ ./envoy.nix ]; 416 + _module.args.envoyPackage = pkgs.envoy-bin; 417 + }; 411 418 ergo = handleTest ./ergo.nix { }; 412 419 ergochat = handleTest ./ergochat.nix { }; 413 420 eris-server = handleTest ./eris-server.nix { };

+132 -134

nixos/tests/caddy.nix

··· 1 - import ./make-test-python.nix ( 2 - { pkgs, ... }: 3 - { 4 - name = "caddy"; 5 - meta = with pkgs.lib.maintainers; { 6 - maintainers = [ 7 - Br1ght0ne 8 - stepbrobd 9 - ]; 10 - }; 1 + { pkgs, ... }: 2 + { 3 + name = "caddy"; 4 + meta = with pkgs.lib.maintainers; { 5 + maintainers = [ 6 + Br1ght0ne 7 + stepbrobd 8 + ]; 9 + }; 10 + 11 + nodes = { 12 + webserver = 13 + { pkgs, ... }: 14 + { 15 + services.caddy.enable = true; 16 + services.caddy.extraConfig = '' 17 + http://localhost { 18 + encode gzip 19 + 20 + file_server 21 + root * ${ 22 + pkgs.runCommand "testdir" { } '' 23 + mkdir "$out" 24 + echo hello world > "$out/example.html" 25 + '' 26 + } 27 + } 28 + ''; 29 + services.caddy.enableReload = true; 11 30 12 - nodes = { 13 - webserver = 14 - { pkgs, ... }: 15 - { 16 - services.caddy.enable = true; 31 + specialisation.config-reload.configuration = { 17 32 services.caddy.extraConfig = '' 18 - http://localhost { 19 - encode gzip 20 - 21 - file_server 22 - root * ${ 23 - pkgs.runCommand "testdir" { } '' 24 - mkdir "$out" 25 - echo hello world > "$out/example.html" 26 - '' 27 - } 33 + http://localhost:8080 { 28 34 } 29 35 ''; 30 - services.caddy.enableReload = true; 31 - 32 - specialisation.config-reload.configuration = { 33 - services.caddy.extraConfig = '' 34 - http://localhost:8080 { 35 - } 36 - ''; 36 + }; 37 + specialisation.multiple-configs.configuration = { 38 + services.caddy.virtualHosts = { 39 + "http://localhost:8080" = { }; 40 + "http://localhost:8081" = { }; 37 41 }; 38 - specialisation.multiple-configs.configuration = { 39 - services.caddy.virtualHosts = { 40 - "http://localhost:8080" = { }; 41 - "http://localhost:8081" = { }; 42 - }; 42 + }; 43 + specialisation.multiple-hostnames.configuration = { 44 + services.caddy.virtualHosts = { 45 + "http://localhost:8080 http://localhost:8081" = { }; 43 46 }; 44 - specialisation.multiple-hostnames.configuration = { 45 - services.caddy.virtualHosts = { 46 - "http://localhost:8080 http://localhost:8081" = { }; 47 + }; 48 + specialisation.rfc42.configuration = { 49 + services.caddy.settings = { 50 + apps.http.servers.default = { 51 + listen = [ ":80" ]; 52 + routes = [ 53 + { 54 + handle = [ 55 + { 56 + body = "hello world"; 57 + handler = "static_response"; 58 + status_code = 200; 59 + } 60 + ]; 61 + } 62 + ]; 47 63 }; 48 64 }; 49 - specialisation.rfc42.configuration = { 50 - services.caddy.settings = { 51 - apps.http.servers.default = { 52 - listen = [ ":80" ]; 53 - routes = [ 54 - { 55 - handle = [ 56 - { 57 - body = "hello world"; 58 - handler = "static_response"; 59 - status_code = 200; 60 - } 61 - ]; 62 - } 63 - ]; 64 - }; 65 + }; 66 + specialisation.explicit-config-file.configuration = { 67 + services.caddy.configFile = pkgs.writeText "Caddyfile" '' 68 + localhost:80 69 + 70 + respond "hello world" 71 + ''; 72 + }; 73 + specialisation.with-plugins.configuration = { 74 + services.caddy = { 75 + package = pkgs.caddy.withPlugins { 76 + plugins = [ "github.com/caddyserver/replace-response@v0.0.0-20241211194404-3865845790a7" ]; 77 + hash = "sha256-WPmJPnyOrAnuJxvn3ywswqvLGV8SZzzn3gU1Tbtpao4="; 65 78 }; 66 - }; 67 - specialisation.explicit-config-file.configuration = { 68 - services.caddy.configFile = pkgs.writeText "Caddyfile" '' 69 - localhost:80 79 + configFile = pkgs.writeText "Caddyfile" '' 80 + { 81 + order replace after encode 82 + } 70 83 71 - respond "hello world" 84 + localhost:80 { 85 + respond "hello world" 86 + replace world caddy 87 + } 72 88 ''; 73 89 }; 74 - specialisation.with-plugins.configuration = { 75 - services.caddy = { 76 - package = pkgs.caddy.withPlugins { 77 - plugins = [ "github.com/caddyserver/replace-response@v0.0.0-20241211194404-3865845790a7" ]; 78 - hash = "sha256-WPmJPnyOrAnuJxvn3ywswqvLGV8SZzzn3gU1Tbtpao4="; 79 - }; 80 - configFile = pkgs.writeText "Caddyfile" '' 81 - { 82 - order replace after encode 83 - } 84 - 85 - localhost:80 { 86 - respond "hello world" 87 - replace world caddy 88 - } 89 - ''; 90 - }; 91 - }; 92 90 }; 93 - }; 91 + }; 92 + }; 94 93 95 - testScript = 96 - { nodes, ... }: 97 - let 98 - explicitConfigFile = "${nodes.webserver.system.build.toplevel}/specialisation/explicit-config-file"; 99 - justReloadSystem = "${nodes.webserver.system.build.toplevel}/specialisation/config-reload"; 100 - multipleConfigs = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-configs"; 101 - multipleHostnames = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-hostnames"; 102 - rfc42Config = "${nodes.webserver.system.build.toplevel}/specialisation/rfc42"; 103 - withPluginsConfig = "${nodes.webserver.system.build.toplevel}/specialisation/with-plugins"; 104 - in 105 - '' 106 - url = "http://localhost/example.html" 107 - webserver.wait_for_unit("caddy") 108 - webserver.wait_for_open_port(80) 94 + testScript = 95 + { nodes, ... }: 96 + let 97 + explicitConfigFile = "${nodes.webserver.system.build.toplevel}/specialisation/explicit-config-file"; 98 + justReloadSystem = "${nodes.webserver.system.build.toplevel}/specialisation/config-reload"; 99 + multipleConfigs = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-configs"; 100 + multipleHostnames = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-hostnames"; 101 + rfc42Config = "${nodes.webserver.system.build.toplevel}/specialisation/rfc42"; 102 + withPluginsConfig = "${nodes.webserver.system.build.toplevel}/specialisation/with-plugins"; 103 + in 104 + '' 105 + url = "http://localhost/example.html" 106 + webserver.wait_for_unit("caddy") 107 + webserver.wait_for_open_port(80) 109 108 110 109 111 - with subtest("config is reloaded on nixos-rebuild switch"): 112 - webserver.succeed( 113 - "${justReloadSystem}/bin/switch-to-configuration test >&2" 114 - ) 115 - webserver.wait_for_open_port(8080) 116 - webserver.fail("journalctl -u caddy | grep -q -i stopped") 117 - webserver.succeed("journalctl -u caddy | grep -q -i reloaded") 110 + with subtest("config is reloaded on nixos-rebuild switch"): 111 + webserver.succeed( 112 + "${justReloadSystem}/bin/switch-to-configuration test >&2" 113 + ) 114 + webserver.wait_for_open_port(8080) 115 + webserver.fail("journalctl -u caddy | grep -q -i stopped") 116 + webserver.succeed("journalctl -u caddy | grep -q -i reloaded") 118 117 119 - with subtest("multiple configs are correctly merged"): 120 - webserver.succeed( 121 - "${multipleConfigs}/bin/switch-to-configuration test >&2" 122 - ) 123 - webserver.wait_for_open_port(8080) 124 - webserver.wait_for_open_port(8081) 118 + with subtest("multiple configs are correctly merged"): 119 + webserver.succeed( 120 + "${multipleConfigs}/bin/switch-to-configuration test >&2" 121 + ) 122 + webserver.wait_for_open_port(8080) 123 + webserver.wait_for_open_port(8081) 125 124 126 - with subtest("a virtual host with multiple hostnames works"): 127 - webserver.succeed( 128 - "${multipleHostnames}/bin/switch-to-configuration test >&2" 129 - ) 130 - webserver.wait_for_open_port(8080) 131 - webserver.wait_for_open_port(8081) 125 + with subtest("a virtual host with multiple hostnames works"): 126 + webserver.succeed( 127 + "${multipleHostnames}/bin/switch-to-configuration test >&2" 128 + ) 129 + webserver.wait_for_open_port(8080) 130 + webserver.wait_for_open_port(8081) 132 131 133 - with subtest("rfc42 settings config"): 134 - webserver.succeed( 135 - "${rfc42Config}/bin/switch-to-configuration test >&2" 136 - ) 137 - webserver.wait_for_open_port(80) 138 - webserver.succeed("curl http://localhost | grep hello") 132 + with subtest("rfc42 settings config"): 133 + webserver.succeed( 134 + "${rfc42Config}/bin/switch-to-configuration test >&2" 135 + ) 136 + webserver.wait_for_open_port(80) 137 + webserver.succeed("curl http://localhost | grep hello") 139 138 140 - with subtest("explicit configFile"): 141 - webserver.succeed( 142 - "${explicitConfigFile}/bin/switch-to-configuration test >&2" 143 - ) 144 - webserver.wait_for_open_port(80) 145 - webserver.succeed("curl http://localhost | grep hello") 139 + with subtest("explicit configFile"): 140 + webserver.succeed( 141 + "${explicitConfigFile}/bin/switch-to-configuration test >&2" 142 + ) 143 + webserver.wait_for_open_port(80) 144 + webserver.succeed("curl http://localhost | grep hello") 146 145 147 - with subtest("plugins are correctled installed and configurable"): 148 - webserver.succeed( 149 - "${withPluginsConfig}/bin/switch-to-configuration test >&2" 150 - ) 151 - webserver.wait_for_open_port(80) 152 - webserver.succeed("curl http://localhost | grep caddy") 153 - ''; 154 - } 155 - ) 146 + with subtest("plugins are correctled installed and configurable"): 147 + webserver.succeed( 148 + "${withPluginsConfig}/bin/switch-to-configuration test >&2" 149 + ) 150 + webserver.wait_for_open_port(80) 151 + webserver.succeed("curl http://localhost | grep caddy") 152 + ''; 153 + }

+53 -55

nixos/tests/envoy.nix

··· 1 - import ./make-test-python.nix ( 2 - { pkgs, lib, ... }: 3 - { 4 - name = "envoy"; 5 - meta = with pkgs.lib.maintainers; { 6 - maintainers = [ cameronnemo ]; 7 - }; 1 + { envoyPackage, lib, ... }: 2 + { 3 + name = envoyPackage.pname; 8 4 9 - nodes.machine = 10 - { pkgs, ... }: 11 - { 12 - services.envoy.enable = true; 13 - services.envoy.settings = { 14 - admin = { 15 - access_log_path = "/dev/null"; 16 - address = { 17 - socket_address = { 18 - protocol = "TCP"; 19 - address = "127.0.0.1"; 20 - port_value = 80; 21 - }; 22 - }; 23 - }; 24 - static_resources = { 25 - listeners = [ ]; 26 - clusters = [ ]; 5 + meta = with lib.maintainers; { 6 + maintainers = [ cameronnemo ]; 7 + }; 8 + 9 + nodes.machine = { 10 + services.envoy.enable = true; 11 + services.envoy.package = envoyPackage; 12 + services.envoy.settings = { 13 + admin = { 14 + access_log_path = "/dev/null"; 15 + address = { 16 + socket_address = { 17 + protocol = "TCP"; 18 + address = "127.0.0.1"; 19 + port_value = 80; 27 20 }; 28 21 }; 29 - specialisation = { 30 - withoutConfigValidation.configuration = 31 - { ... }: 32 - { 33 - services.envoy = { 34 - requireValidConfig = false; 35 - settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; 36 - }; 37 - }; 38 - }; 39 22 }; 23 + static_resources = { 24 + listeners = [ ]; 25 + clusters = [ ]; 26 + }; 27 + }; 28 + specialisation = { 29 + withoutConfigValidation.configuration = 30 + { ... }: 31 + { 32 + services.envoy = { 33 + requireValidConfig = false; 34 + settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; 35 + }; 36 + }; 37 + }; 38 + }; 40 39 41 - testScript = 42 - { nodes, ... }: 43 - let 44 - specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 45 - in 46 - '' 47 - machine.start() 40 + testScript = 41 + { nodes, ... }: 42 + let 43 + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 44 + in 45 + '' 46 + machine.start() 48 47 49 - with subtest("envoy.service starts and responds with ready"): 50 - machine.wait_for_unit("envoy.service") 51 - machine.wait_for_open_port(80) 52 - machine.wait_until_succeeds("curl -fsS localhost:80/ready") 48 + with subtest("envoy.service starts and responds with ready"): 49 + machine.wait_for_unit("envoy.service") 50 + machine.wait_for_open_port(80) 51 + machine.wait_until_succeeds("curl -fsS localhost:80/ready") 53 52 54 - with subtest("envoy.service works with config path not available at eval time"): 55 - machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') 56 - machine.wait_for_unit("envoy.service") 57 - machine.wait_for_open_port(80) 58 - machine.wait_until_succeeds("curl -fsS localhost:80/ready") 59 - machine.succeed('test -f /var/log/envoy/access.log') 60 - ''; 61 - } 62 - ) 53 + with subtest("envoy.service works with config path not available at eval time"): 54 + machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') 55 + machine.wait_for_unit("envoy.service") 56 + machine.wait_for_open_port(80) 57 + machine.wait_until_succeeds("curl -fsS localhost:80/ready") 58 + machine.succeed('test -f /var/log/envoy/access.log') 59 + ''; 60 + }

+68 -3

nixos/tests/paretosecurity.nix

··· 4 4 meta.maintainers = [ lib.maintainers.zupo ]; 5 5 6 6 nodes.terminal = 7 - { config, pkgs, ... }: 7 + { 8 + config, 9 + pkgs, 10 + lib, 11 + ... 12 + }: 13 + let 14 + # Create a patched version of the package that points to the local dashboard 15 + # for easier testing 16 + patchedPareto = pkgs.paretosecurity.overrideAttrs (oldAttrs: { 17 + postPatch = '' 18 + substituteInPlace team/report.go \ 19 + --replace-warn 'const reportURL = "https://dash.paretosecurity.com"' \ 20 + 'const reportURL = "http://dashboard"' 21 + ''; 22 + }); 23 + in 8 24 { 9 25 imports = [ ./common/user-account.nix ]; 10 26 11 - services.paretosecurity.enable = true; 27 + services.paretosecurity = { 28 + enable = true; 29 + package = patchedPareto; 30 + }; 31 + 32 + }; 33 + 34 + nodes.dashboard = 35 + { config, pkgs, ... }: 36 + { 37 + networking.firewall.allowedTCPPorts = [ 80 ]; 38 + 39 + services.nginx = { 40 + enable = true; 41 + virtualHosts."dashboard" = { 42 + locations."/api/v1/team/".extraConfig = '' 43 + add_header Content-Type application/json; 44 + return 200 '{"message": "Linked device."}'; 45 + ''; 46 + }; 47 + }; 12 48 }; 13 49 14 50 nodes.xfce = ··· 38 74 enableOCR = true; 39 75 40 76 testScript = '' 77 + # Test setup 78 + terminal.succeed("su - alice -c 'mkdir -p /home/alice/.config'") 79 + for m in [terminal, dashboard]: 80 + m.systemctl("start network-online.target") 81 + m.wait_for_unit("network-online.target") 82 + 83 + # Test 1: Test the systemd socket is installed & enabled 84 + terminal.succeed('systemctl is-enabled paretosecurity.socket') 85 + 86 + # Test 2: Test running checks 41 87 terminal.succeed( 42 - "su -- alice -c 'paretosecurity check" 88 + "su - alice -c 'paretosecurity check" 43 89 # Disable some checks that need intricate test setup so that this test 44 90 # remains simple and fast. Tests for all checks and edge cases available 45 91 # at https://github.com/ParetoSecurity/agent/tree/main/test/integration ··· 48 94 + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption 49 95 + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date 50 96 + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed 97 + + " --skip 2e46c89a-5461-4865-a92e-3b799c12034a" # Firewall is enabled 51 98 + "'" 52 99 ) 53 100 101 + # Test 3: Test linking 102 + terminal.succeed("su - alice -c 'paretosecurity link" 103 + + " paretosecurity://enrollTeam/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." 104 + + "eyJ0b2tlbiI6ImR1bW15LXRva2VuIiwidGVhbUlEIjoiZHVtbXktdGVhbS1pZCIsImlhdCI6" 105 + + "MTcwMDAwMDAwMCwiZXhwIjoxOTAwMDAwMDAwfQ.WgnL6_S0EBJHwF1wEVUG8GtIcoVvK5IjWbZpUeZr4Qw'") 106 + 107 + config = terminal.succeed("cat /home/alice/.config/pareto.toml") 108 + assert 'AuthToken = "dummy-token"' in config 109 + assert 'TeamID = "dummy-team-id"' in config 110 + 111 + # Test 4: Test the tray icon 54 112 xfce.wait_for_x() 113 + for unit in [ 114 + 'paretosecurity-trayicon', 115 + 'paretosecurity-user', 116 + 'paretosecurity-user.timer' 117 + ]: 118 + status, out = xfce.systemctl("is-enabled " + unit, "alice") 119 + assert status == 0, f"Unit {unit} is not enabled (status: {status}): {out}" 55 120 xfce.succeed("xdotool mousemove 850 10") 56 121 xfce.wait_for_text("Pareto Security") 57 122 xfce.succeed("xdotool click 1")

+13

pkgs/applications/editors/vim/plugins/generated.nix

··· 6444 6444 meta.hydraPlatforms = [ ]; 6445 6445 }; 6446 6446 6447 + jule-nvim = buildVimPlugin { 6448 + pname = "jule.nvim"; 6449 + version = "2025-02-22"; 6450 + src = fetchFromGitHub { 6451 + owner = "julelang"; 6452 + repo = "jule.nvim"; 6453 + rev = "11c983f900dc84dca4ae6bcb54a937a1ceba4038"; 6454 + sha256 = "0gajpcg7g3885696aljq7zky8cd0bfsjr7n2fad3d2yf0i999fif"; 6455 + }; 6456 + meta.homepage = "https://github.com/julelang/jule.nvim/"; 6457 + meta.hydraPlatforms = [ ]; 6458 + }; 6459 + 6447 6460 julia-vim = buildVimPlugin { 6448 6461 pname = "julia-vim"; 6449 6462 version = "2024-05-25";

+2

pkgs/applications/editors/vim/plugins/vim-plugin-names

··· 493 493 https://github.com/vito-c/jq.vim/,, 494 494 https://github.com/neoclide/jsonc.vim/,, 495 495 https://github.com/Myzel394/jsonfly.nvim/,HEAD, 496 + https://github.com/julelang/jule.nvim/,HEAD, 497 + https://github.com/julelang/jule.nvim/,HEAD, 496 498 https://github.com/JuliaEditorSupport/julia-vim/,, 497 499 https://github.com/GCBallesteros/jupytext.nvim/,HEAD, 498 500 https://github.com/rebelot/kanagawa.nvim/,,

+5 -5

pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix

··· 11 11 sources = { 12 12 "x86_64-linux" = { 13 13 arch = "linux-x64"; 14 - hash = "sha256-eeLALUmJoIJfLKbX7MWQFIexfid7eOPTK0UE1sgd5jA="; 14 + hash = "sha256-s3peDZApzSfemXRqRjf5fYQGHVf1DAP7XG4NuOqiGcY="; 15 15 }; 16 16 "x86_64-darwin" = { 17 17 arch = "darwin-x64"; 18 - hash = "sha256-DftuIxJpP3zcfsoCam4FoqO2PSS/xPTmdefjhWAJqc0="; 18 + hash = "sha256-WutwGOcXoREk6oUdFjhsKcrf64CG4GSn9JgGWiQe9l8="; 19 19 }; 20 20 "aarch64-linux" = { 21 21 arch = "linux-arm64"; 22 - hash = "sha256-TiZTp19fcDYPvJnx7F/i96JD8gcE+t1irZstnuagchQ="; 22 + hash = "sha256-377T8cfY4jHX+iJjdDScMP+wX6UZCYLasl16ngwfq6U="; 23 23 }; 24 24 "aarch64-darwin" = { 25 25 arch = "darwin-arm64"; 26 - hash = "sha256-oXKAxgZ1IH+qiw9E/96J7rmvSHgLPwLZItLpFRjh7c0="; 26 + hash = "sha256-fufJ9NV73skhwBFe2vCLjh5ykQagXfO0VAdHGPhfOQ4="; 27 27 }; 28 28 }; 29 29 in 30 30 { 31 31 name = "visualjj"; 32 32 publisher = "visualjj"; 33 - version = "0.14.1"; 33 + version = "0.14.2"; 34 34 } 35 35 // sources.${stdenvNoCC.hostPlatform.system} 36 36 or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}");

+5 -5

pkgs/applications/networking/browsers/librewolf/src.json

··· 1 1 { 2 - "packageVersion": "136.0.4-1", 2 + "packageVersion": "137.0-1", 3 3 "source": { 4 - "rev": "136.0.4-1", 5 - "hash": "sha256-ymW9vj4CariMaswrMQRKYEvTofFRjc50gF9EmTuhsRA=" 4 + "rev": "137.0-1", 5 + "hash": "sha256-xynkPKn4JDLVdDEYjmBvEKIHoW83Xackpx/+rnXci5g=" 6 6 }, 7 7 "firefox": { 8 - "version": "136.0.4", 9 - "hash": "sha512-wiUqpi0BXO1lNMsqwHH2gImZe0ZpAIPMHv9LrTBq5shlQ3Ge0tNfb5c790Rn1qBKukYNMJwG3qQl52xyDjROKA==" 8 + "version": "137.0", 9 + "hash": "sha512-gaLAzBT/wuSeSTeebCq1bPtuE7ZmZqZPOr/0SkO7Ln3BcnTTJdHCCvBi1Av/gGPXiNSy+TGnpkbbiwcgTKa0gQ==" 10 10 } 11 11 }

+16 -11

pkgs/applications/version-management/gitlint/default.nix pkgs/by-name/gi/gitlint/package.nix

··· 1 1 { 2 2 lib, 3 - buildPythonApplication, 3 + python3Packages, 4 4 fetchFromGitHub, 5 5 gitMinimal, 6 - python3, 6 + versionCheckHook, 7 + nix-update-script, 7 8 }: 8 9 9 - python3.pkgs.buildPythonApplication rec { 10 + python3Packages.buildPythonApplication rec { 10 11 pname = "gitlint"; 11 12 version = "0.19.1"; 12 - format = "pyproject"; 13 + pyproject = true; 13 14 14 15 src = fetchFromGitHub { 15 16 owner = "jorisroovers"; ··· 22 23 # simplify the dependency handling 23 24 sourceRoot = "${src.name}/gitlint-core"; 24 25 25 - nativeBuildInputs = with python3.pkgs; [ 26 + build-system = with python3Packages; [ 26 27 hatch-vcs 27 28 hatchling 28 29 ]; 29 30 30 - propagatedBuildInputs = with python3.pkgs; [ 31 + dependencies = with python3Packages; [ 31 32 arrow 32 33 click 33 34 sh 34 35 ]; 35 36 36 - nativeCheckInputs = with python3.pkgs; [ 37 + nativeCheckInputs = [ 37 38 gitMinimal 38 - pytestCheckHook 39 + python3Packages.pytestCheckHook 40 + versionCheckHook 39 41 ]; 42 + versionCheckProgramArg = "--version"; 40 43 41 44 pythonImportsCheck = [ 42 45 "gitlint" 43 46 ]; 44 47 45 - meta = with lib; { 48 + passthru.updateScript = nix-update-script { }; 49 + 50 + meta = { 46 51 description = "Linting for your git commit messages"; 47 52 homepage = "https://jorisroovers.com/gitlint/"; 48 53 changelog = "https://github.com/jorisroovers/gitlint/releases/tag/v${version}"; 49 - license = licenses.mit; 50 - maintainers = with maintainers; [ 54 + license = lib.licenses.mit; 55 + maintainers = with lib.maintainers; [ 51 56 ethancedwards8 52 57 fab 53 58 matthiasbeyer

+15

pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch

··· 1 + --- setup.py 2025-04-01 11:24:54.530984662 +0000 2 + +++ setup.py 2025-04-01 13:54:46.961341548 +0000 3 + 4 + @@ -111,9 +111,11 @@ 5 + info('compressing man page to %s', gzfile) 6 + 7 + if not self.dry_run: 8 + - compressed = gzip.open(gzfile, 'w', 9) 9 + - compressed.write(manpage) 10 + - compressed.close() 11 + + with open(gzfile, 'wb') as file: 12 + + with gzip.GzipFile(fileobj=file, mode='wb', filename='', mtime=0, compresslevel=9) as compressed: 13 + + compressed.write(manpage) 14 + + compressed.close() 15 + + file.close()

+10 -3

pkgs/by-name/ar/arandr/package.nix

··· 1 1 { 2 2 lib, 3 3 fetchurl, 4 + fetchFromGitLab, 4 5 python3Packages, 5 6 gobject-introspection, 6 7 gsettings-desktop-schemas, ··· 16 17 pname = "arandr"; 17 18 version = "0.1.11"; 18 19 19 - src = fetchurl { 20 - url = "https://christian.amsuess.com/tools/arandr/files/${pname}-${version}.tar.gz"; 21 - hash = "sha256-5Mu+Npi7gSs5V3CHAXS+AJS7rrOREFqBH5X0LrGCrgI="; 20 + src = fetchFromGitLab { 21 + owner = "arandr"; 22 + repo = "arandr"; 23 + tag = version; 24 + hash = "sha256-nQtfOKAnWKsy2DmvtRGJa4+Y9uGgX41BeHpd9m4d9YA="; 22 25 }; 26 + 27 + # patch to set mtime=0 on setup.py 28 + patches = [ ./gzip-timestamp-fix.patch ]; 29 + patchFlags = [ "-p0" ]; 23 30 24 31 preBuild = '' 25 32 rm -rf data/po/*

+2 -2

pkgs/by-name/az/azure-cli/extensions-manual.nix

··· 83 83 84 84 containerapp = mkAzExtension rec { 85 85 pname = "containerapp"; 86 - version = "1.1.0b3"; 86 + version = "1.1.0b4"; 87 87 url = "https://azcliprod.blob.core.windows.net/cli-extensions/containerapp-${version}-py2.py3-none-any.whl"; 88 - hash = "sha256-BPChKCEU89/+KWIlt4ocU37gLwyDUfGBO3QCqkFQhjI="; 88 + hash = "sha256-d2pqanDERA54NGQwzO1S2D+WM1q5w1dmKjYbEdbknik="; 89 89 description = "Microsoft Azure Command-Line Tools Containerapp Extension"; 90 90 propagatedBuildInputs = with python3Packages; [ 91 91 docker

+3 -3

pkgs/by-name/ba/balena-cli/package.nix

··· 22 22 in 23 23 buildNpmPackage' rec { 24 24 pname = "balena-cli"; 25 - version = "21.1.0"; 25 + version = "21.1.3"; 26 26 27 27 src = fetchFromGitHub { 28 28 owner = "balena-io"; 29 29 repo = "balena-cli"; 30 30 rev = "v${version}"; 31 - hash = "sha256-STixd/xJikV9qt2aG3smyLPEwG7fLYrN3jfVTwBxJrI="; 31 + hash = "sha256-44r0dbcX/KRmfucNy4p/OMrKFC2J8P9eQpwTOTOmwS4="; 32 32 }; 33 33 34 - npmDepsHash = "sha256-dyUWQoR0EweHdNc5NN+qW2OdbCIspTQ1C/QsesnlvRU="; 34 + npmDepsHash = "sha256-wEshPXXpFVOYzaqh6c5z47OccBEWMP5aarZP42PYgzk="; 35 35 36 36 postPatch = '' 37 37 ln -s npm-shrinkwrap.json package-lock.json

+4 -4

pkgs/by-name/cl/claude-code/package-lock.json

··· 5 5 "packages": { 6 6 "": { 7 7 "dependencies": { 8 - "@anthropic-ai/claude-code": "^0.2.57" 8 + "@anthropic-ai/claude-code": "^0.2.59" 9 9 } 10 10 }, 11 11 "node_modules/@anthropic-ai/claude-code": { 12 - "version": "0.2.57", 13 - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-0.2.57.tgz", 14 - "integrity": "sha512-/NS22ojBphLj0zhEWV26WIcLS1JcMT809tmkiwHrb1D9fGJccbbfkLyMI7eg7TAmgnXUINWxlwmMIExdOsRXfQ==", 12 + "version": "0.2.59", 13 + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-0.2.59.tgz", 14 + "integrity": "sha512-hcUHEiPUmkgU00J4/1dlLgWvf5ZkWOjMpUrXhMq2o143LOElKuTGxPGt2RtmFHKk6DesFZcV/gabZYkcTqraBw==", 15 15 "hasInstallScript": true, 16 16 "license": "SEE LICENSE IN README.md", 17 17 "bin": {

+3 -3

pkgs/by-name/cl/claude-code/package.nix

··· 6 6 7 7 buildNpmPackage rec { 8 8 pname = "claude-code"; 9 - version = "0.2.57"; 9 + version = "0.2.59"; 10 10 11 11 src = fetchzip { 12 12 url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; 13 - hash = "sha256-GCsw/QNcziytx15zwSQMY9JkKHnJb2KN2nwvkc7scy8="; 13 + hash = "sha256-XHHWmDw9qBM4fQ975wSk12hJnr4+1H4AhlNc+IBV3qs="; 14 14 }; 15 15 16 - npmDepsHash = "sha256-GcYiQLcqWCAHL7FkD7M0YQV9ksgn8fo2Sb68x5/dA8k="; 16 + npmDepsHash = "sha256-KorQlEB90EDE+NIxyUh1apqCDzgrCpwcaOy2mt2mz1s="; 17 17 18 18 postPatch = '' 19 19 cp ${./package-lock.json} package-lock.json

+8 -7

pkgs/by-name/cp/cpplint/package.nix

··· 7 7 8 8 python3Packages.buildPythonApplication rec { 9 9 pname = "cpplint"; 10 - version = "2.0.0"; 10 + version = "2.0.1"; 11 11 pyproject = true; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "cpplint"; 15 15 repo = "cpplint"; 16 16 tag = version; 17 - hash = "sha256-076363ZwcriPb+Fn9S5jay8oL+LlBTNh+IqQRCAndRo="; 17 + hash = "sha256-IM1XznnpdL1Piei9kKR1nCwfs7TVgLcTgMI4r+cQXLg="; 18 18 }; 19 19 20 + # We use pytest-cov-stub instead 20 21 postPatch = '' 21 - substituteInPlace setup.cfg \ 22 - --replace-fail "pytest-cov" "" \ 23 - --replace-fail "--cov-fail-under=90 --cov=cpplint" "" 22 + substituteInPlace pyproject.toml \ 23 + --replace-fail '"pytest-cov",' "" 24 24 ''; 25 25 26 26 build-system = with python3Packages; [ ··· 29 29 30 30 nativeCheckInputs = with python3Packages; [ 31 31 parameterized 32 + pytest-cov-stub 33 + pytest-timeout 32 34 pytestCheckHook 33 - pytest-timeout 34 35 testfixtures 35 36 versionCheckHook 36 37 ]; 37 - versionCheckProgramArg = [ "--version" ]; 38 + versionCheckProgramArg = "--version"; 38 39 39 40 meta = { 40 41 homepage = "https://github.com/cpplint/cpplint";

+2 -2

pkgs/by-name/de/der-ascii/package.nix

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "der-ascii"; 9 - version = "0.5.0"; 9 + version = "0.6.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "google"; 13 13 repo = pname; 14 14 rev = "v${version}"; 15 - sha256 = "sha256-yUHVPBUW1Csn3W5K9S2TWOq4aovzpaBK8BC0t8zkj3g="; 15 + sha256 = "sha256-xGzxq5AHvzLUOp9VUcI9JMwrCpVIrpDvenWUOEBP6pA="; 16 16 }; 17 17 vendorHash = null; 18 18

+5 -18

pkgs/by-name/el/element-call/package.nix

··· 5 5 fetchYarnDeps, 6 6 yarnConfigHook, 7 7 yarnBuildHook, 8 - yarnInstallHook, 9 8 nodejs, 10 9 }: 11 10 12 - let 13 - inherit (stdenv.hostPlatform) system; 14 - throwSystem = throw "Unsupported system: ${system}"; 15 - offlineCacheHash = 16 - { 17 - x86_64-linux = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 18 - aarch64-linux = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 19 - x86_64-darwin = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 20 - aarch64-darwin = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 21 - } 22 - .${system} or throwSystem; 23 - in 24 11 stdenv.mkDerivation (finalAttrs: { 25 12 pname = "element-call"; 26 - version = "0.7.1"; 13 + version = "0.9.0"; 27 14 28 15 src = fetchFromGitHub { 29 16 owner = "element-hq"; 30 17 repo = "element-call"; 31 - rev = "v${finalAttrs.version}"; 32 - hash = "sha256-HmkFr2DroN1uNNH2pnRwE7vsJsEPLYU6yhroiuR/E6Q="; 18 + tag = "v${finalAttrs.version}"; 19 + hash = "sha256-BugR5aXDxIQ9WOhaqXEoo0FdZHnYSvoqDoRJLDd4PUk="; 33 20 }; 34 21 35 22 offlineCache = fetchYarnDeps { 36 23 yarnLock = "${finalAttrs.src}/yarn.lock"; 37 - hash = offlineCacheHash; 24 + hash = "sha256-7dUSt1k/5N6BaYrT272J6xxDGgloAsDw1dCFh327Itc="; 38 25 }; 39 26 40 27 nativeBuildInputs = [ ··· 53 40 ''; 54 41 55 42 meta = with lib; { 43 + changelog = "https://github.com/element-hq/element-call/releases/tag/${finalAttrs.src.tag}"; 56 44 homepage = "https://github.com/element-hq/element-call"; 57 45 description = "Group calls powered by Matrix"; 58 46 license = licenses.asl20; 59 47 maintainers = with maintainers; [ kilimnik ]; 60 - mainProgram = "element-call"; 61 48 }; 62 49 })

+6 -6

pkgs/by-name/en/ente-desktop/package.nix

··· 4 4 fetchFromGitHub, 5 5 fetchYarnDeps, 6 6 nodejs, 7 - electron_34, 7 + electron_35, 8 8 yarnConfigHook, 9 9 copyDesktopItems, 10 10 vips, ··· 15 15 imagemagick, 16 16 }: 17 17 let 18 - electron = electron_34; 18 + electron = electron_35; 19 19 in 20 20 21 21 stdenv.mkDerivation (finalAttrs: { 22 22 pname = "ente-desktop"; 23 - version = "1.7.10"; 23 + version = "1.7.11"; 24 24 25 25 src = fetchFromGitHub { 26 26 owner = "ente-io"; ··· 31 31 "web" 32 32 ]; 33 33 tag = "photosd-v${finalAttrs.version}"; 34 - hash = "sha256-iH9fbeUOd/8oVVQbMCSlWyruQZKgSjexNrOuS7szJ9w="; 34 + hash = "sha256-yEfJEe+/PnRr9in7+9l54LQqCFkGqDRhqzcsNaEZmhI="; 35 35 }; 36 36 37 37 sourceRoot = "${finalAttrs.src.name}/desktop"; ··· 39 39 offlineCache = fetchYarnDeps { 40 40 name = "ente-desktop-${finalAttrs.version}-offline-cache"; 41 41 inherit (finalAttrs) src sourceRoot; 42 - hash = "sha256-kiL2XQPPN9VkDa3rzO1rLwUZVTbwEz0zeqpgpWOSy7Y="; 42 + hash = "sha256-Cq/4OOgGp6qg2ge5NK5jcYCvS/uF5l9nLLWIslpGRDc="; 43 43 }; 44 44 webOfflineCache = fetchYarnDeps { 45 45 name = "ente-desktop-${finalAttrs.version}-web-offline-cache"; 46 46 inherit (finalAttrs) src; 47 47 sourceRoot = "${finalAttrs.src.name}/web"; 48 - hash = "sha256-7epwOEWi5lZNo6Z7Rf+QZtGvVCZxk5bXU2aN+9KDYCc="; 48 + hash = "sha256-yoCOU4cxxHiWu1+/vGwM9VWRroymr6JTbRHomKRJhU4="; 49 49 }; 50 50 51 51 nativeBuildInputs = [

+3 -3

pkgs/by-name/en/ente-web/package.nix

··· 12 12 13 13 stdenv.mkDerivation (finalAttrs: { 14 14 pname = "ente-web"; 15 - version = "0.9.99"; 15 + version = "1.0.0"; 16 16 17 17 src = fetchFromGitHub { 18 18 owner = "ente-io"; ··· 20 20 sparseCheckout = [ "web" ]; 21 21 tag = "photos-v${finalAttrs.version}"; 22 22 fetchSubmodules = true; 23 - hash = "sha256-/dWnaVll/kaKHTJ5gH18BR6JG5E6pF7/j+SgvE66b7M="; 23 + hash = "sha256-hK5CO4FTjh2MNT8pztV/GO7ifOGv1hw32flXrmcUAfk="; 24 24 }; 25 25 sourceRoot = "${finalAttrs.src.name}/web"; 26 26 27 27 offlineCache = fetchYarnDeps { 28 28 yarnLock = "${finalAttrs.src}/web/yarn.lock"; 29 - hash = "sha256-Wu0/YHqkqzrmA5hpVk0CX/W1wJUh8uZSjABuc+DPxMA="; 29 + hash = "sha256-n/+HETnwtnpFlfDLA0znCzro5YhNsISweR820QXJFUQ="; 30 30 }; 31 31 32 32 nativeBuildInputs = [

+77

pkgs/by-name/en/envoy-bin/package.nix

··· 1 + { 2 + lib, 3 + stdenv, 4 + autoPatchelfHook, 5 + fetchurl, 6 + makeWrapper, 7 + nixosTests, 8 + versionCheckHook, 9 + }: 10 + let 11 + version = "1.33.2"; 12 + inherit (stdenv.hostPlatform) system; 13 + throwSystem = throw "envoy-bin is not available for ${system}."; 14 + 15 + plat = 16 + { 17 + aarch64-linux = "aarch_64"; 18 + x86_64-linux = "x86_64"; 19 + } 20 + .${system} or throwSystem; 21 + 22 + hash = 23 + { 24 + aarch64-linux = "sha256-gew2iaghIu/wymgMSBdvTTUbb5iBp5zJ2QeKb7Swtqg="; 25 + x86_64-linux = "sha256-vS/4fF78lf14gNcQkV9XPBqrTZxV2NqIbc2R30P610E="; 26 + } 27 + .${system} or throwSystem; 28 + in 29 + stdenv.mkDerivation { 30 + pname = "envoy-bin"; 31 + inherit version; 32 + 33 + src = fetchurl { 34 + url = "https://github.com/envoyproxy/envoy/releases/download/v${version}/envoy-${version}-linux-${plat}"; 35 + inherit hash; 36 + }; 37 + 38 + nativeBuildInputs = [ autoPatchelfHook ]; 39 + buildInputs = [ makeWrapper ]; 40 + 41 + dontUnpack = true; 42 + dontBuild = true; 43 + 44 + installPhase = '' 45 + runHook preInstall 46 + mkdir -p $out/bin 47 + install -m755 $src $out/bin/envoy 48 + runHook postInstall 49 + ''; 50 + 51 + nativeInstallCheckInputs = [ versionCheckHook ]; 52 + doInstallCheck = true; 53 + versionCheckProgram = "${placeholder "out"}/bin/envoy"; 54 + versionCheckProgramArg = "--version"; 55 + 56 + passthru = { 57 + tests.envoy-bin = nixosTests.envoy-bin; 58 + 59 + updateScript = ./update.sh; 60 + }; 61 + 62 + meta = { 63 + homepage = "https://envoyproxy.io"; 64 + changelog = "https://github.com/envoyproxy/envoy/releases/tag/v${version}"; 65 + description = "Cloud-native edge and service proxy"; 66 + license = lib.licenses.asl20; 67 + sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; 68 + maintainers = with lib.maintainers; [ 69 + adamcstephens 70 + ]; 71 + mainProgram = "envoy"; 72 + platforms = [ 73 + "x86_64-linux" 74 + "aarch64-linux" 75 + ]; 76 + }; 77 + }

+32

pkgs/by-name/en/envoy-bin/update.sh

··· 1 + #!/usr/bin/env nix-shell 2 + #!nix-shell -i bash -p curl gnused gawk nix-prefetch common-updater-scripts jq 3 + 4 + set -euo pipefail 5 + 6 + ROOT="$(dirname "$(readlink -f "$0")")" 7 + NIX_DRV="$ROOT/package.nix" 8 + if [ ! -f "$NIX_DRV" ]; then 9 + echo "ERROR: cannot find package.nix in $ROOT" 10 + exit 1 11 + fi 12 + 13 + fetch_arch() { 14 + VER="$1" 15 + ARCH="$2" 16 + URL="https://github.com/envoyproxy/envoy/releases/download/v${VER}/envoy-${VER}-linux-${ARCH}" 17 + nix hash convert --to sri --hash-algo sha256 "$(nix-prefetch-url --type sha256 "$URL")" 18 + } 19 + 20 + replace_hash() { 21 + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" 22 + } 23 + 24 + VER=$(list-git-tags --url=https://github.com/envoyproxy/envoy | rg 'v[0-9\.]*$' | sed -e 's/^v//' | sort -V | tail -n 1) 25 + 26 + LINUX_X64_HASH=$(fetch_arch "$VER" "x86_64") 27 + LINUX_AARCH64_HASH=$(fetch_arch "$VER" "aarch_64") 28 + 29 + sed -i "s/version = \".*\"/version = \"$VER\"/" "$NIX_DRV" 30 + 31 + replace_hash "x86_64-linux" "$LINUX_X64_HASH" 32 + replace_hash "aarch64-linux" "$LINUX_AARCH64_HASH"

+2 -2

pkgs/by-name/fe/feedbackd/package.nix

··· 34 34 in 35 35 stdenv.mkDerivation (finalAttrs: { 36 36 pname = "feedbackd"; 37 - version = "0.8.0"; 37 + version = "0.8.1"; 38 38 39 39 outputs = [ 40 40 "out" ··· 47 47 owner = "Librem5"; 48 48 repo = "feedbackd"; 49 49 rev = "v${finalAttrs.version}"; 50 - hash = "sha256-Hn850+bRSNDe8ZgDRu52N7AR/yLNbV6zGROBYtetOZg="; 50 + hash = "sha256-J2BNDF9TyW+srW0pGbGt4/Uw4KPVf/Ke+HJVBldmfCA="; 51 51 }; 52 52 53 53 depsBuildBuild = [

+3 -2

pkgs/by-name/fl/fluent-bit/package.nix

··· 28 28 29 29 stdenv.mkDerivation (finalAttrs: { 30 30 pname = "fluent-bit"; 31 - version = "3.2.9"; 31 + # FIXME: We are deliberately on 3.2.6 as 3.2.7 and above are causing segfaults (https://github.com/fluent/fluent-bit/issues/10139) 32 + version = "3.2.6"; 32 33 33 34 src = fetchFromGitHub { 34 35 owner = "fluent"; 35 36 repo = "fluent-bit"; 36 37 tag = "v${finalAttrs.version}"; 37 - hash = "sha256-10L+w9SLfblE9Ok9lvZdU1i63NRtw/pT5ePk+zJwvHQ="; 38 + hash = "sha256-S0sb954n17z+zrVNkYd6yiV01aNbOLJLOV+34PRkSXQ="; 38 39 }; 39 40 40 41 # The source build documentation covers some dependencies and CMake options.

+2 -2

pkgs/by-name/ge/gerrit/package.nix

··· 7 7 8 8 stdenv.mkDerivation rec { 9 9 pname = "gerrit"; 10 - version = "3.11.1"; 10 + version = "3.11.2"; 11 11 12 12 src = fetchurl { 13 13 url = "https://gerrit-releases.storage.googleapis.com/gerrit-${version}.war"; 14 - hash = "sha256-7gJyvFOisukzd2Vmqci7CiJqegYQSYQZvnSvR+Y9HM4="; 14 + hash = "sha256-F3kWGIA7RvbPMAs9U9tAmraHpxbkW/TQ6R9XXVBaLXs="; 15 15 }; 16 16 17 17 buildCommand = ''

+34

pkgs/by-name/ha/haven/package.nix

··· 1 + { 2 + lib, 3 + buildGoModule, 4 + fetchFromGitHub, 5 + }: 6 + 7 + buildGoModule rec { 8 + pname = "haven"; 9 + version = "1.0.5"; 10 + 11 + src = fetchFromGitHub { 12 + owner = "bitvora"; 13 + repo = "haven"; 14 + tag = "v${version}"; 15 + hash = "sha256-rSycrHW53TgqbsfgaRn3492EWtpu440GtbegozqnzMQ="; 16 + }; 17 + 18 + vendorHash = "sha256-5d6C2sNG8aCaC+z+hyLgOiEPWP/NmAcRRbRVC4KuCEw="; 19 + 20 + postInstall = '' 21 + mkdir -p $out/share/haven 22 + cp -r $src/templates $out/share/haven/ 23 + cp $src/.env.example $out/share/haven/.env.example 24 + ''; 25 + 26 + meta = { 27 + description = "High Availability Vault for Events on Nostr"; 28 + homepage = "https://github.com/bitvora/haven"; 29 + changelog = "https://github.com/bitvora/haven/releases/tag/v${version}"; 30 + license = lib.licenses.mit; 31 + maintainers = with lib.maintainers; [ felixzieger ]; 32 + mainProgram = "haven"; 33 + }; 34 + }

+3 -3

pkgs/by-name/kt/ktor-cli/package.nix

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "ktor-cli"; 9 - version = "0.4.0"; 9 + version = "0.5.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "ktorio"; 13 13 repo = "ktor-cli"; 14 14 tag = version; 15 - hash = "sha256-TGwkGm1Rsg82f6FJeTnhyvfS2MRMe5+DTdxTsOwwb1Q="; 15 + hash = "sha256-DZEEaTz55vIBU8Byl51cEWgXu2Wjmctz/9XBAKX8VKY="; 16 16 }; 17 17 18 18 subPackages = "cmd/ktor"; 19 19 20 - vendorHash = "sha256-ITYNSq2hs0QcOZZShkwtjZVcSyGY1uCmhgoZ0l9nPP0="; 20 + vendorHash = "sha256-Cv/Jq4dWVzotfCCclrwufmC0I2pgPe/YHKWqcLzjt2E="; 21 21 22 22 ldflags = [ 23 23 "-s"

+4 -11

pkgs/by-name/la/ladybird/package.nix

··· 6 6 cacert, 7 7 unicode-emoji, 8 8 unicode-character-database, 9 + unicode-idna, 10 + publicsuffix-list, 9 11 cmake, 10 12 ninja, 11 13 pkg-config, ··· 30 32 }: 31 33 32 34 let 33 - unicode-idna = fetchurl { 34 - url = "https://www.unicode.org/Public/idna/${unicode-character-database.version}/IdnaMappingTable.txt"; 35 - hash = "sha256-QCy9KF8flS/NCDS2NUHVT2nT2PG4+Fmb9xoaFJNfgsQ="; 36 - }; 37 35 adobe-icc-profiles = fetchurl { 38 36 url = "https://download.adobe.com/pub/adobe/iccprofiles/win/AdobeICCProfilesCS4Win_end-user.zip"; 39 37 hash = "sha256-kgQ7fDyloloPaXXQzcV9tgpn3Lnr37FbFiZzEb61j5Q="; 40 38 name = "adobe-icc-profiles.zip"; 41 39 }; 42 - public_suffix_commit = "9094af5c6cb260e69137c043c01be18fee01a540"; 43 - public-suffix-list = fetchurl { 44 - url = "https://raw.githubusercontent.com/publicsuffix/list/${public_suffix_commit}/public_suffix_list.dat"; 45 - hash = "sha256-0szHUz1T0MXOQ9tcXoKY2F/bI3s7hsYCjURqywZsf1w="; 46 - }; 47 40 # Note: The cacert version is synthetic and must match the version in the package's CMake 48 41 cacert_version = "2023-12-12"; 49 42 in ··· 80 73 cp -r ${unicode-character-database}/share/unicode build/Caches/UCD 81 74 chmod +w build/Caches/UCD 82 75 cp ${unicode-emoji}/share/unicode/emoji/emoji-test.txt build/Caches/UCD 83 - cp ${unicode-idna} build/Caches/UCD/IdnaMappingTable.txt 76 + cp ${unicode-idna}/share/unicode/idna/IdnaMappingTable.txt build/Caches/UCD 84 77 echo -n ${unicode-character-database.version} > build/Caches/UCD/version.txt 85 78 chmod -w build/Caches/UCD 86 79 ··· 89 82 echo -n ${cacert_version} > build/Caches/CACERT/version.txt 90 83 91 84 mkdir build/Caches/PublicSuffix 92 - cp ${public-suffix-list} build/Caches/PublicSuffix/public_suffix_list.dat 85 + cp ${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat build/Caches/PublicSuffix 93 86 94 87 mkdir build/Caches/AdobeICCProfiles 95 88 cp ${adobe-icc-profiles} build/Caches/AdobeICCProfiles/adobe-icc-profiles.zip

+7 -6

pkgs/by-name/lk/lk-jwt-service/package.nix

··· 4 4 fetchFromGitHub, 5 5 }: 6 6 7 - buildGoModule rec { 7 + buildGoModule (finalAttrs: { 8 8 pname = "lk-jwt-service"; 9 - version = "0.2.1"; 9 + version = "0.2.2"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "element-hq"; 13 13 repo = "lk-jwt-service"; 14 - tag = "v${version}"; 15 - hash = "sha256-R4YqmHp0i+RpJJkENJPZJDNCVg+O+70JMoCR8ZlesyM="; 14 + tag = "v${finalAttrs.version}"; 15 + hash = "sha256-ONL2qKBXL2FtTv5Eao61qPKWP2h9t3KyoHlS5nAHMGA="; 16 16 }; 17 17 18 - vendorHash = "sha256-evzltyQZCBQ4/k641sQrmUvw6yIBWFEic/WUa/WX5xE="; 18 + vendorHash = "sha256-47eJO1Ai78RuhlEPn/J1cd+YSqvmfUD8cuPZIqsdxvI="; 19 19 20 20 meta = with lib; { 21 + changelog = "https://github.com/element-hq/lk-jwt-service/releases/tag/${finalAttrs.src.tag}"; 21 22 description = "Minimal service to issue LiveKit JWTs for MatrixRTC"; 22 23 homepage = "https://github.com/element-hq/lk-jwt-service"; 23 24 license = licenses.agpl3Plus; 24 25 maintainers = with maintainers; [ kilimnik ]; 25 26 mainProgram = "lk-jwt-service"; 26 27 }; 27 - } 28 + })

+3 -35

pkgs/by-name/m4/m4ri/package.nix

··· 6 6 }: 7 7 8 8 stdenv.mkDerivation rec { 9 - version = "20240729"; 9 + version = "20250128"; 10 10 pname = "m4ri"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "malb"; 14 14 repo = "m4ri"; 15 - # 20240729 has a broken m4ri.pc file, fixed in the next commit. 16 - # TODO: remove if on update 17 - rev = 18 - if version == "20240729" then "775189bfea96ffaeab460513413fcf4fbcd64392" else "release-${version}"; 19 - hash = "sha256-untwo0go8O8zNO0EyZ4n/n7mngSXLr3Z/FSkXA8ptnU="; 15 + rev = version; 16 + hash = "sha256-YoCTI4dLy95xuRJyNugIzGxE40B9pCWxRQtsyS/1Pds="; 20 17 }; 21 - 22 - # based on the list in m4/m4_ax_ext.m4 23 - configureFlags = builtins.map (s: "ax_cv_have_${s}_cpu_ext=no") ( 24 - [ 25 - "sha" 26 - "xop" 27 - ] 28 - ++ lib.optional (!stdenv.hostPlatform.sse3Support) "sse3" 29 - ++ lib.optional (!stdenv.hostPlatform.ssse3Support) "ssse3" 30 - ++ lib.optional (!stdenv.hostPlatform.sse4_1Support) "sse41" 31 - ++ lib.optional (!stdenv.hostPlatform.sse4_2Support) "sse42" 32 - ++ lib.optional (!stdenv.hostPlatform.sse4_aSupport) "sse4a" 33 - ++ lib.optional (!stdenv.hostPlatform.aesSupport) "aes" 34 - ++ lib.optional (!stdenv.hostPlatform.avxSupport) "avx" 35 - ++ lib.optional (!stdenv.hostPlatform.fmaSupport) "fma3" 36 - ++ lib.optional (!stdenv.hostPlatform.fma4Support) "fma4" 37 - ++ lib.optional (!stdenv.hostPlatform.avx2Support) "avx2" 38 - ++ lib.optionals (!stdenv.hostPlatform.avx512Support) [ 39 - "avx512f" 40 - "avx512cd" 41 - "avx512pf" 42 - "avx512er" 43 - "avx512vl" 44 - "avx512bw" 45 - "avx512dq" 46 - "avx512ifma" 47 - "avx512vbmi" 48 - ] 49 - ); 50 18 51 19 doCheck = true; 52 20

+7 -5

pkgs/by-name/m4/m4rie/package.nix

··· 1 1 { 2 2 lib, 3 3 stdenv, 4 - fetchFromBitbucket, 4 + fetchFromGitHub, 5 5 autoreconfHook, 6 + pkg-config, 6 7 m4ri, 7 8 }: 8 9 9 10 stdenv.mkDerivation rec { 10 - version = "20250103"; 11 + version = "20250128"; 11 12 pname = "m4rie"; 12 13 13 - src = fetchFromBitbucket { 14 + src = fetchFromGitHub { 14 15 owner = "malb"; 15 16 repo = "m4rie"; 16 - rev = "release-${version}"; 17 - hash = "sha256-CbzDLSqdtQ+CLKoKycznKzD3VCa+gfuh8TLvRC1fVz0="; 17 + rev = version; 18 + hash = "sha256-tw6ZX8hKfr9wQLF2nuO1dSkkTYZX6pzNWMlWfzLqQNE="; 18 19 }; 19 20 20 21 doCheck = true; ··· 28 29 makeFlags = [ ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ "CFLAGS=-O0" ]; 29 30 nativeBuildInputs = [ 30 31 autoreconfHook 32 + pkg-config 31 33 ]; 32 34 33 35 meta = with lib; {

+3 -3

pkgs/by-name/mi/miniflux/package.nix

··· 9 9 10 10 buildGoModule rec { 11 11 pname = "miniflux"; 12 - version = "2.2.6"; 12 + version = "2.2.7"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "miniflux"; 16 16 repo = "v2"; 17 17 tag = version; 18 - hash = "sha256-N0WAdfxToVF93ICGpDstQig3aGz2lAzJz1nf4tSvxAY="; 18 + hash = "sha256-1W+sFXvM5qOYxpbRBkZIvombchv2oYkcFuq7/ETGjfs="; 19 19 }; 20 20 21 - vendorHash = "sha256-AG3NNqwpaTctvgOEZ2SarsMK4SRgzWxf+j9N4wwKKB4="; 21 + vendorHash = "sha256-bulQrLtA61RMZVhTtupTJUUTWJGWXcmpGaNUAoXEfYE="; 22 22 23 23 nativeBuildInputs = [ installShellFiles ]; 24 24

+2 -2

pkgs/by-name/mu/museum/package.nix

··· 9 9 10 10 buildGoModule rec { 11 11 pname = "museum"; 12 - version = "0.9.99"; 12 + version = "1.0.0"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "ente-io"; 16 16 repo = "ente"; 17 17 sparseCheckout = [ "server" ]; 18 18 rev = "photos-v${version}"; 19 - hash = "sha256-+EL81zSOjoBfew8LRl0awWXgc2r8KDBBCYBBtDU1s5g="; 19 + hash = "sha256-niEySdGebd9SRRha2dYLsAary3to/9tgV5KePg2LdyE="; 20 20 }; 21 21 22 22 vendorHash = "sha256-px4pMqeH73Fe06va4+n6hklIUDMbPmAQNKKRIhwv6ec=";

+23 -9

pkgs/by-name/pa/paretosecurity/package.nix

··· 9 9 10 10 buildGoModule rec { 11 11 pname = "paretosecurity"; 12 - version = "0.0.91"; 12 + version = "0.0.96"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "ParetoSecurity"; 16 16 repo = "agent"; 17 17 rev = version; 18 - hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; 18 + hash = "sha256-SyeIGSDvrnOvyOJ0zC8CulpaMa+iZeRaMTJUSydz2tw="; 19 19 }; 20 20 21 - vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; 21 + vendorHash = "sha256-O/OF3Y6HiiikMxf657k9eIM7UfkicIImAUxVVf/TgR8="; 22 22 proxyVendor = true; 23 23 24 - subPackages = [ 25 - "cmd/paretosecurity" 26 - ]; 27 - 28 24 ldflags = [ 29 25 "-s" 30 26 "-X=github.com/ParetoSecurity/agent/shared.Version=${version}" ··· 32 28 "-X=github.com/ParetoSecurity/agent/shared.Date=1970-01-01T00:00:00Z" 33 29 ]; 34 30 31 + postInstall = '' 32 + # Install global systemd files 33 + install -Dm400 ${src}/apt/paretosecurity.socket $out/lib/systemd/system/paretosecurity.socket 34 + install -Dm400 ${src}/apt/paretosecurity.service $out/lib/systemd/system/paretosecurity.service 35 + substituteInPlace $out/lib/systemd/system/paretosecurity.service \ 36 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 37 + 38 + # Install user systemd files 39 + install -Dm444 ${src}/apt/paretosecurity-user.timer $out/lib/systemd/user/paretosecurity-user.timer 40 + install -Dm444 ${src}/apt/paretosecurity-user.service $out/lib/systemd/user/paretosecurity-user.service 41 + substituteInPlace $out/lib/systemd/user/paretosecurity-user.service \ 42 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 43 + install -Dm444 ${src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service 44 + substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \ 45 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 46 + ''; 47 + 35 48 passthru.tests = { 36 49 version = testers.testVersion { 37 50 version = "${version}"; ··· 50 63 settings such as if you have disk encryption and firewall enabled. 51 64 52 65 If you use the `services.paretosecurity` NixOS module, you also get a 53 - root helper, so that you can run the checker in userspace. Some checks 66 + root helper that allows you to run the checker in userspace. Some checks 54 67 require root permissions, and the checker asks the helper to run those. 55 68 56 69 Additionally, if you enable `services.paretosecurity.trayIcon`, you get a 57 70 little Vilfredo Pareto living in your systray showing your the current 58 - status of checks. 71 + status of checks. This will also enable a systemd timer to update the 72 + status of checks once per hour. 59 73 60 74 Finally, you can run `paretosecurity link` to configure the agent 61 75 to send the status of checks to https://dash.paretosecurity.com to make

+2 -2

pkgs/by-name/ro/routino/package.nix

··· 10 10 11 11 stdenv.mkDerivation rec { 12 12 pname = "routino"; 13 - version = "3.4.1"; 13 + version = "3.4.2"; 14 14 15 15 src = fetchurl { 16 16 url = "https://routino.org/download/routino-${version}.tgz"; 17 - hash = "sha256-C6qNKljRdV0ProbgSxfrZLgZH+Pl8kcpKmTb83GLhSs="; 17 + hash = "sha256-Dms1u/KuS6qFYcslKfsvIFPx0ApdyWtKK/XlgW+kToI="; 18 18 }; 19 19 20 20 patchFlags = [ "-p0" ];

+81 -86

pkgs/by-name/ru/ruffle/package.nix

··· 1 1 { 2 + lib, 3 + stdenvNoCC, 4 + rustPlatform, 5 + withRuffleTools ? false, 6 + fetchFromGitHub, 7 + jre_minimal, 8 + pkg-config, 9 + wrapGAppsHook3, 10 + darwin, 2 11 alsa-lib, 3 - fetchFromGitHub, 4 - makeWrapper, 12 + gtk3, 5 13 openssl, 6 - pkg-config, 7 - python3, 8 - rustPlatform, 9 - stdenvNoCC, 10 - lib, 11 14 wayland, 12 - xorg, 13 15 vulkan-loader, 14 16 udev, 15 - jre_minimal, 16 - cairo, 17 - gtk3, 18 - wrapGAppsHook3, 19 - gsettings-desktop-schemas, 20 - glib, 21 17 libxkbcommon, 22 18 openh264, 23 - darwin, 19 + writeShellApplication, 20 + curl, 21 + jq, 22 + nix-update, 24 23 }: 25 - let 24 + rustPlatform.buildRustPackage (finalAttrs: { 26 25 pname = "ruffle"; 27 - version = "nightly-2025-01-25"; 28 - # TODO: Remove overridden derivation once ruffle accepts upstream openh264-2.5.0 29 - openh264-241 = 30 - if stdenvNoCC.hostPlatform.isLinux then 31 - openh264.overrideAttrs (_: rec { 32 - version = "2.4.1"; 33 - src = fetchFromGitHub { 34 - owner = "cisco"; 35 - repo = "openh264"; 36 - tag = "v${version}"; 37 - hash = "sha256-ai7lcGcQQqpsLGSwHkSs7YAoEfGCIbxdClO6JpGA+MI="; 38 - }; 39 - postPatch = null; 40 - }) 41 - else 42 - null; 43 - in 44 - rustPlatform.buildRustPackage { 45 - inherit pname version; 26 + version = "0-nightly-2025-03-28"; 46 27 47 28 src = fetchFromGitHub { 48 29 owner = "ruffle-rs"; 49 - repo = pname; 50 - tag = version; 51 - hash = "sha256-JLh0tatP70rYo2QXLKu6M9jJ1gFpY76sYaUJqW9U4E0="; 30 + repo = "ruffle"; 31 + tag = lib.strings.removePrefix "0-" finalAttrs.version; 32 + hash = "sha256-p2EEoHXseIXms4Xjyi3aNWCU0W9slXkeqrCrPvq1BjI="; 52 33 }; 53 34 54 - patches = [ ./remove-deterministic-feature.patch ]; 55 - 56 35 useFetchCargoVendor = true; 57 - cargoHash = "sha256-PbNp/V+xmU6Lo24a6pd9XoT/LQmINztjOHKoikG9N4Y="; 36 + cargoHash = "sha256-RcCIt6xVZaQA7eSgKngHtsGafHFwv1bISK0XKWoNWtI="; 37 + cargoBuildFlags = lib.optional withRuffleTools "--workspace"; 38 + 39 + env = 40 + let 41 + tag = lib.strings.removePrefix "0-" finalAttrs.version; 42 + versionDate = lib.strings.removePrefix "0-nightly-" finalAttrs.version; 43 + in 44 + { 45 + VERGEN_IDEMPOTENT = "1"; 46 + VERGEN_GIT_SHA = tag; 47 + VERGEN_GIT_COMMIT_DATE = versionDate; 48 + VERGEN_GIT_COMMIT_TIMESTAMP = "${versionDate}T00:00:00Z"; 49 + }; 58 50 59 51 nativeBuildInputs = 60 52 [ jre_minimal ] 61 53 ++ lib.optionals stdenvNoCC.hostPlatform.isLinux [ 62 - glib 63 - gsettings-desktop-schemas 64 - makeWrapper 65 54 pkg-config 66 - python3 67 55 wrapGAppsHook3 68 56 ] 69 57 ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ rustPlatform.bindgenHook ]; ··· 71 59 buildInputs = 72 60 lib.optionals stdenvNoCC.hostPlatform.isLinux [ 73 61 alsa-lib 74 - cairo 75 62 gtk3 76 63 openssl 77 64 wayland 78 - xorg.libX11 79 - xorg.libXcursor 80 - xorg.libXi 81 - xorg.libxcb 82 - xorg.libXrender 83 65 vulkan-loader 84 66 udev 85 67 ] 86 68 ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.AppKit ]; 87 69 88 - cargoBuildFlags = [ "--workspace" ]; 89 - 90 70 postInstall = 91 71 '' 92 - # Namespace binaries with "ruffle_" 93 - mv $out/bin/exporter $out/bin/ruffle_exporter 94 - mv $out/bin/mocket $out/bin/ruffle_mocket 95 - mv $out/bin/stub-report $out/bin/ruffle_stub-report 96 - mv $out/bin/build_playerglobal $out/bin/ruffle_build_playerglobal 97 - 98 - # This name is too specific 99 72 mv $out/bin/ruffle_desktop $out/bin/ruffle 73 + install -Dm644 LICENSE.md -t $out/share/doc/ruffle 74 + install -Dm644 README.md -t $out/share/doc/ruffle 100 75 '' 101 76 + lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 102 77 install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.desktop \ ··· 107 82 108 83 install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.metainfo.xml \ 109 84 -t $out/share/metainfo/ 110 - 111 - rm $out/bin/ruffle_web_safari 112 85 ''; 113 86 87 + # Prevents ruffle from downloading openh264 at runtime for Linux 88 + openh264-241 = 89 + if stdenvNoCC.hostPlatform.isLinux then 90 + openh264.overrideAttrs (_: rec { 91 + version = "2.4.1"; 92 + src = fetchFromGitHub { 93 + owner = "cisco"; 94 + repo = "openh264"; 95 + tag = "v${version}"; 96 + hash = "sha256-ai7lcGcQQqpsLGSwHkSs7YAoEfGCIbxdClO6JpGA+MI="; 97 + }; 98 + postPatch = null; 99 + }) 100 + else 101 + null; 102 + 114 103 preFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 115 - patchelf $out/bin/ruffle \ 116 - --add-needed libxkbcommon-x11.so \ 117 - --add-needed libwayland-client.so \ 118 - --add-needed libopenh264.so \ 119 - --add-rpath ${libxkbcommon}/lib:${wayland}/lib:${openh264-241}/lib 104 + gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : ${ 105 + lib.makeLibraryPath [ 106 + libxkbcommon 107 + finalAttrs.openh264-241 108 + vulkan-loader 109 + wayland 110 + ] 111 + }) 120 112 ''; 121 113 122 - dontWrapGApps = true; 123 - 124 - postFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 125 - vulkanWrapperArgs+=( 126 - --prefix LD_LIBRARY_PATH ':' ${vulkan-loader}/lib 127 - ) 128 - 129 - wrapProgram $out/bin/ruffle_exporter \ 130 - "''${vulkanWrapperArgs[@]}" 131 - 132 - wrapProgram $out/bin/ruffle \ 133 - "''${vulkanWrapperArgs[@]}" \ 134 - "''${gappsWrapperArgs[@]}" 135 - ''; 114 + passthru = { 115 + updateScript = lib.getExe (writeShellApplication { 116 + name = "ruffle-update"; 117 + runtimeInputs = [ 118 + curl 119 + jq 120 + nix-update 121 + ]; 122 + text = '' 123 + version="$( \ 124 + curl https://api.github.com/repos/ruffle-rs/ruffle/releases?per_page=1 | \ 125 + jq -r ".[0].tag_name" \ 126 + )" 127 + exec nix-update --version "0-$version" ruffle 128 + ''; 129 + }); 130 + }; 136 131 137 132 meta = { 138 133 description = "Cross platform Adobe Flash Player emulator"; ··· 142 137 and 3 programs with machine-native performance thanks to being 143 138 written in the Rust programming language. 144 139 145 - This package for ruffle also includes the `exporter` and 146 - `scanner` utilities which allow for generating screenshots as 147 - PNGs and parsing `.swf` files in bulk respectively. 140 + Additionally, overriding the `withRuffleTools` input to 141 + `true` will build all the available packages in the ruffle 142 + project, including the `exporter` and `scanner` utilities. 148 143 ''; 149 144 homepage = "https://ruffle.rs/"; 150 145 downloadPage = "https://ruffle.rs/downloads"; 151 - changelog = "https://github.com/ruffle-rs/ruffle/releases/tag/${version}"; 146 + changelog = "https://github.com/ruffle-rs/ruffle/releases/tag/${lib.strings.removePrefix "0-" finalAttrs.version}"; 152 147 license = [ 153 148 lib.licenses.mit 154 149 lib.licenses.asl20 ··· 160 155 mainProgram = "ruffle"; 161 156 platforms = lib.platforms.linux ++ lib.platforms.darwin; 162 157 }; 163 - } 158 + })

-52

pkgs/by-name/ru/ruffle/remove-deterministic-feature.patch

··· 1 - diff --git a/exporter/Cargo.toml b/exporter/Cargo.toml 2 - index 93066a30d..0f8b71ae4 100644 3 - --- a/exporter/Cargo.toml 4 - +++ b/exporter/Cargo.toml 5 - @@ -13,7 +13,7 @@ workspace = true 6 - [dependencies] 7 - clap = { workspace = true } 8 - futures = { workspace = true } 9 - -ruffle_core = { path = "../core", features = ["deterministic", "default_font"] } 10 - +ruffle_core = { path = "../core", features = ["default_font"] } 11 - ruffle_render_wgpu = { path = "../render/wgpu", features = ["clap"] } 12 - image = { workspace = true, features = ["png"] } 13 - walkdir = { workspace = true } 14 - diff --git a/scanner/Cargo.toml b/scanner/Cargo.toml 15 - index 59781ba79..40cf54c24 100644 16 - --- a/scanner/Cargo.toml 17 - +++ b/scanner/Cargo.toml 18 - @@ -12,7 +12,7 @@ workspace = true 19 - 20 - [dependencies] 21 - clap = { workspace = true } 22 - -ruffle_core = { path = "../core", features = ["deterministic"] } 23 - +ruffle_core = { path = "../core" } 24 - log = { workspace = true } 25 - walkdir = { workspace = true } 26 - serde = { workspace = true, features = ["derive"] } 27 - diff --git a/tests/Cargo.toml b/tests/Cargo.toml 28 - index 26bfc9a89..b7342b662 100644 29 - --- a/tests/Cargo.toml 30 - +++ b/tests/Cargo.toml 31 - @@ -27,7 +27,7 @@ ruffle_render_wgpu = { path = "../render/wgpu", optional = true } 32 - regex = "1.11.1" 33 - 34 - [dev-dependencies] 35 - -ruffle_core = { path = "../core", features = ["deterministic", "timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "test_only_as3"] } 36 - +ruffle_core = { path = "../core", features = ["timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "test_only_as3"] } 37 - ruffle_test_framework = { path = "framework" } 38 - libtest-mimic = "0.8.1" 39 - walkdir = { workspace = true } 40 - diff --git a/tests/framework/Cargo.toml b/tests/framework/Cargo.toml 41 - index ffc59e25b..639028578 100644 42 - --- a/tests/framework/Cargo.toml 43 - +++ b/tests/framework/Cargo.toml 44 - @@ -11,7 +11,7 @@ version.workspace = true 45 - workspace = true 46 - 47 - [dependencies] 48 - -ruffle_core = { path = "../../core", features = ["deterministic", "timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "serde"] } 49 - +ruffle_core = { path = "../../core", features = ["timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "serde"] } 50 - ruffle_render = { path = "../../render", features = ["serde"] } 51 - ruffle_input_format = { path = "../input-format" } 52 - ruffle_socket_format = { path = "../socket-format" }

+4 -4

pkgs/by-name/sa/sage/sage-src.nix

··· 12 12 # all get the same sources with the same patches applied. 13 13 14 14 stdenv.mkDerivation rec { 15 - version = "10.6.rc1"; 15 + version = "10.6"; 16 16 pname = "sage-src"; 17 17 18 18 src = fetchFromGitHub { 19 19 owner = "sagemath"; 20 20 repo = "sage"; 21 21 rev = version; 22 - hash = "sha256-fhCKe0mz3Rwz+HQJWkMj6/0gbvpVW1/ENCMNWkK5ngQ="; 22 + hash = "sha256-ZDYFq2lJXjnADFdX6y7sskaF0rkT5EIcdN8/bs00TlQ="; 23 23 }; 24 24 25 25 # contains essential files (e.g., setup.cfg) generated by the bootstrap script. ··· 27 27 configure-src = fetchurl { 28 28 # the hash below is the tagged commit's _parent_. it can also be found by looking for 29 29 # the "configure" asset at https://github.com/sagemath/sage/releases/tag/${version} 30 - url = "mirror://sageupstream/configure/configure-8dab37468c9feb4a5a1fcc22bbccc12321aaa475.tar.gz"; 31 - hash = "sha256-WqaUbmqZ7qwrgp8hRjOO7vhTejE0tCiQeMhBcJLsqvI="; 30 + url = "mirror://sageupstream/configure/configure-10741006a4794b7db82942db55b97033d5905431.tar.gz"; 31 + hash = "sha256-7LqY+vwBlyukDfcRtuR99vpC3hcBo8WRUuJjiFFq9xk="; 32 32 }; 33 33 34 34 # Patches needed because of particularities of nix or the way this is packaged.

+5 -5

pkgs/by-name/ta/tailwindcss_4/package.nix

··· 7 7 makeWrapper, 8 8 }: 9 9 let 10 - version = "4.1.0"; 10 + version = "4.1.1"; 11 11 inherit (stdenv.hostPlatform) system; 12 12 throwSystem = throw "tailwindcss has not been packaged for ${system} yet."; 13 13 ··· 22 22 23 23 hash = 24 24 { 25 - aarch64-darwin = "sha256-g9Gj/LN4tEJRrNjAjtfhX+5l35PoL0O/aydCP1vSuTs="; 26 - aarch64-linux = "sha256-85HVxqx9GPqfa6CgSBi42sW9LbmqKrKqjHyENjrb4HM="; 27 - x86_64-darwin = "sha256-i4jtB/5K3jp7ujcj2Yk2JntEDnC1hHWohgvWxuV29OA="; 28 - x86_64-linux = "sha256-hTek5N0YFtYAzMF/XrGolxxuDwvOanABe/8p5385RNk="; 25 + aarch64-darwin = "sha256-moydWSkhoHmxd+4zeWwgneUNHOlJ9yqPXlGHhCQmYXA="; 26 + aarch64-linux = "sha256-zTW+fGIkpwWRYMRJjZRJmO4YI5J6gOXOKUfq9KtGxKI="; 27 + x86_64-darwin = "sha256-JPnnUj30uQVvj+dnq7+fG4Trt7ArLVPsP4G1RVUeZAA="; 28 + x86_64-linux = "sha256-jIW4NmIW7dk3iTS0JY5V7PF9LfnWIVEDcYOUP0nWp1Y="; 29 29 } 30 30 .${system} or throwSystem; 31 31 in

+3 -3

pkgs/by-name/tt/ttfb/package.nix

··· 8 8 9 9 rustPlatform.buildRustPackage rec { 10 10 pname = "ttfb"; 11 - version = "1.14.0"; 11 + version = "1.15.0"; 12 12 13 13 src = fetchCrate { 14 14 inherit pname version; 15 - hash = "sha256-TElRWWPTwigyLikda7FdDh0tSC67XdPDg/Gu5aVQlAw="; 15 + hash = "sha256-OOVqCWeF5cHMweEGWYIiWWWsw1QlNDFgnia05Qxo7uo="; 16 16 }; 17 17 18 18 buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ ··· 20 20 ]; 21 21 22 22 useFetchCargoVendor = true; 23 - cargoHash = "sha256-NXwSqTshaC5hnyruSQFgFQRqRTmINMnMZsaisuudqvY="; 23 + cargoHash = "sha256-4Nsg5/66enMgAfPrUQHuhOTTwG2OWyyvKMHIhPnlHko="; 24 24 25 25 # The bin feature activates all dependencies of the binary. Otherwise, 26 26 # only the library is build.

+34

pkgs/by-name/un/unicode-idna/package.nix

··· 1 + { 2 + lib, 3 + stdenvNoCC, 4 + fetchurl, 5 + }: 6 + 7 + stdenvNoCC.mkDerivation (finalAttrs: { 8 + pname = "unicode-idna"; 9 + version = "16.0.0"; 10 + 11 + src = fetchurl { 12 + url = "https://www.unicode.org/Public/idna/${finalAttrs.version}/IdnaMappingTable.txt"; 13 + hash = "sha256-bbLvTtNfOz3nTrwuAEBKlgf3bUmfV2uNQEPPFPHtF1w="; 14 + }; 15 + 16 + dontUnpack = true; 17 + 18 + installPhase = '' 19 + runHook preInstall 20 + 21 + mkdir -p $out/share/unicode/idna 22 + cp -r $src $out/share/unicode/idna/IdnaMappingTable.txt 23 + 24 + runHook postInstall 25 + ''; 26 + 27 + meta = { 28 + description = "unicode IDNA compatible processing data"; 29 + homepage = "http://www.unicode.org/reports/tr46/"; 30 + license = lib.licenses.unicode-dfs-2016; 31 + maintainers = with lib.maintainers; [ jopejoe1 ]; 32 + platforms = lib.platforms.all; 33 + }; 34 + })

+19 -14

pkgs/by-name/ve/vectorcode/package.nix

··· 3 3 python3Packages, 4 4 fetchFromGitHub, 5 5 versionCheckHook, 6 + 7 + lspSupport ? true, 6 8 }: 7 9 8 10 python3Packages.buildPythonApplication rec { ··· 21 23 pdm-backend 22 24 ]; 23 25 24 - dependencies = with python3Packages; [ 25 - chromadb 26 - httpx 27 - numpy 28 - pathspec 29 - psutil 30 - pygments 31 - sentence-transformers 32 - shtab 33 - tabulate 34 - transformers 35 - tree-sitter 36 - tree-sitter-language-pack 37 - ]; 26 + dependencies = 27 + with python3Packages; 28 + [ 29 + chromadb 30 + httpx 31 + numpy 32 + pathspec 33 + psutil 34 + pygments 35 + sentence-transformers 36 + shtab 37 + tabulate 38 + transformers 39 + tree-sitter 40 + tree-sitter-language-pack 41 + ] 42 + ++ lib.optionals lspSupport optional-dependencies.lsp; 38 43 39 44 optional-dependencies = with python3Packages; { 40 45 intel = [

+7 -7

pkgs/by-name/vs/vsce/package.nix

··· 10 10 nix-update-script, 11 11 }: 12 12 13 - buildNpmPackage rec { 13 + buildNpmPackage (finalAttrs: { 14 14 pname = "vsce"; 15 - version = "3.3.0"; 15 + version = "3.3.2"; 16 16 17 17 src = fetchFromGitHub { 18 18 owner = "microsoft"; 19 19 repo = "vscode-vsce"; 20 - rev = "v${version}"; 21 - hash = "sha256-z2OxVK/zbKr1AvWO74aoZHU/e3GPCF0QMINdNhbzNXc="; 20 + rev = "v${finalAttrs.version}"; 21 + hash = "sha256-6Rls+t1NkU1bZuT8ZWpKYeGmAdMpNFuYGfdZhtszZQ8="; 22 22 }; 23 23 24 - npmDepsHash = "sha256-RIurea4cdH47q9axGtNTIZMeDOAqqdjovaE34A7M2uI="; 24 + npmDepsHash = "sha256-HZkzH5flOPiTUvFW/DOi5n034RAvMoU9lRvB6Omdb2M="; 25 25 26 26 postPatch = '' 27 - substituteInPlace package.json --replace-fail '"version": "0.0.0"' '"version": "${version}"' 27 + substituteInPlace package.json --replace-fail '"version": "0.0.0"' '"version": "${finalAttrs.version}"' 28 28 ''; 29 29 30 30 nativeBuildInputs = [ ··· 56 56 license = lib.licenses.mit; 57 57 mainProgram = "vsce"; 58 58 }; 59 - } 59 + })

+3

pkgs/by-name/xe/xercesc/package.nix

··· 3 3 lib, 4 4 fetchurl, 5 5 curl, 6 + icu, 6 7 }: 7 8 8 9 stdenv.mkDerivation rec { ··· 16 17 17 18 buildInputs = [ 18 19 curl 20 + icu 19 21 ]; 20 22 21 23 configureFlags = [ 22 24 # Disable SSE2 extensions on platforms for which they are not enabled by default 23 25 "--disable-sse2" 24 26 "--enable-netaccessor-curl" 27 + "--enable-transcoder-icu" 25 28 ]; 26 29 27 30 enableParallelBuilding = true;

+1 -1

pkgs/development/compilers/llvm/common/default.nix

··· 465 465 } 466 466 // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "16") { 467 467 mlir = callPackage ./mlir { }; 468 - libclc = callPackage ./libclc.nix { }; 468 + libclc = callPackage ./libclc { }; 469 469 } 470 470 // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "19") { 471 471 bolt = callPackage ./bolt {

+6 -6

pkgs/development/compilers/llvm/common/libclc.nix pkgs/development/compilers/llvm/common/libclc/default.nix

··· 26 26 ln -s "${lib.getExe' buildLlvmTools.clang.cc "clang"}" "$out"/bin 27 27 ''; 28 28 in 29 - stdenv.mkDerivation rec { 29 + stdenv.mkDerivation (finalAttrs: { 30 30 pname = "libclc"; 31 31 inherit version; 32 32 33 - src = runCommand "${pname}-src-${version}" { inherit (monorepoSrc) passthru; } ( 33 + src = runCommand "libclc-src-${version}" { inherit (monorepoSrc) passthru; } ( 34 34 '' 35 35 mkdir -p "$out" 36 36 '' ··· 38 38 cp -r ${monorepoSrc}/cmake "$out" 39 39 '' 40 40 + '' 41 - cp -r ${monorepoSrc}/${pname} "$out" 41 + cp -r ${monorepoSrc}/libclc "$out" 42 42 '' 43 43 ); 44 44 45 - sourceRoot = "${src.name}/${pname}"; 45 + sourceRoot = "${finalAttrs.src.name}/libclc"; 46 46 47 47 outputs = [ 48 48 "out" ··· 50 50 ]; 51 51 52 52 patches = 53 - [ ./libclc/libclc-gnu-install-dirs.patch ] 53 + [ ./libclc-gnu-install-dirs.patch ] 54 54 # LLVM 19 changes how host tools are looked up. 55 55 # Need to remove NO_DEFAULT_PATH and the PATHS arguments for find_program 56 56 # so CMake can actually find the tools in nativeBuildInputs. ··· 114 114 license = licenses.mit; 115 115 platforms = platforms.all; 116 116 }; 117 - } 117 + })

+4 -4

pkgs/development/compilers/llvm/default.nix

··· 31 31 "17.0.6".officialRelease.sha256 = "sha256-8MEDLLhocshmxoEBRSKlJ/GzJ8nfuzQ8qn0X/vLA+ag="; 32 32 "18.1.8".officialRelease.sha256 = "sha256-iiZKMRo/WxJaBXct9GdAcAT3cz9d9pnAcO1mmR6oPNE="; 33 33 "19.1.7".officialRelease.sha256 = "sha256-cZAB5vZjeTsXt9QHbP5xluWNQnAHByHtHnAhVDV0E6I="; 34 - "20.1.1".officialRelease.sha256 = "sha256-hDFYi5wAUDQ8xfjvbGFi05KdawrN9lwrrSC8AcTpCEE="; 34 + "20.1.2".officialRelease.sha256 = "sha256-t30Jh8ckp5qD6XDxtvnSaYiAWbEi6L6hAWh6tN8JjtY="; 35 35 "21.0.0-git".gitRelease = { 36 - rev = "b32cf756994cbab83e50b9d84df03d5ee03f31f8"; 37 - rev-version = "21.0.0-unstable-2025-03-23"; 38 - sha256 = "sha256-6PuKOT8TozoOcN1muWt08jHGLMQTogtMOQIFa8TTQoY="; 36 + rev = "65734de9b93bef5b3211298b4fcc5dc79d18d31e"; 37 + rev-version = "21.0.0-unstable-2025-03-30"; 38 + sha256 = "sha256-v7/Goj8lc+8AUX/nJeqRcaudZAQoAwBZ9FtrDYX87ns="; 39 39 }; 40 40 } // llvmVersions; 41 41

+7 -9

pkgs/development/python-modules/certbot-dns-google/default.nix

··· 3 3 acme, 4 4 certbot, 5 5 google-api-python-client, 6 - oauth2client, 6 + google-auth, 7 7 pytestCheckHook, 8 - pythonOlder, 8 + setuptools, 9 9 }: 10 10 11 11 buildPythonPackage rec { 12 12 pname = "certbot-dns-google"; 13 - format = "setuptools"; 14 - 15 13 inherit (certbot) src version; 16 - disabled = pythonOlder "3.6"; 14 + pyproject = true; 17 15 18 16 sourceRoot = "${src.name}/certbot-dns-google"; 19 17 20 - propagatedBuildInputs = [ 18 + build-system = [ setuptools ]; 19 + 20 + dependencies = [ 21 21 acme 22 22 certbot 23 23 google-api-python-client 24 - oauth2client 24 + google-auth 25 25 ]; 26 26 27 27 nativeCheckInputs = [ pytestCheckHook ]; 28 28 29 29 pytestFlagsArray = [ 30 30 "-p no:cacheprovider" 31 - # https://github.com/certbot/certbot/issues/9988 32 - "-Wignore::DeprecationWarning" 33 31 ]; 34 32 35 33 meta = certbot.meta // {

-2

pkgs/development/python-modules/google-api-python-client/default.nix

··· 7 7 google-api-core, 8 8 httplib2, 9 9 uritemplate, 10 - oauth2client, 11 10 setuptools, 12 11 pythonOlder, 13 12 }: ··· 33 32 google-api-core 34 33 httplib2 35 34 uritemplate 36 - oauth2client 37 35 ]; 38 36 39 37 # No tests included in archive

+11 -19

pkgs/development/python-modules/google-auth/default.nix

··· 11 11 freezegun, 12 12 grpcio, 13 13 mock, 14 - oauth2client, 15 14 pyasn1-modules, 16 15 pyjwt, 17 16 pyopenssl, ··· 68 67 requests = [ requests ]; 69 68 }; 70 69 71 - nativeCheckInputs = 72 - [ 73 - aioresponses 74 - flask 75 - freezegun 76 - grpcio 77 - mock 78 - ] 79 - ++ lib.optionals (pythonOlder "3.13") [ 80 - oauth2client 81 - ] 82 - ++ [ 83 - pytest-asyncio 84 - pytest-localserver 85 - pytestCheckHook 86 - responses 87 - ] 88 - ++ lib.flatten (lib.attrValues optional-dependencies); 70 + nativeCheckInputs = [ 71 + aioresponses 72 + flask 73 + freezegun 74 + grpcio 75 + mock 76 + pytest-asyncio 77 + pytest-localserver 78 + pytestCheckHook 79 + responses 80 + ] ++ lib.flatten (lib.attrValues optional-dependencies); 89 81 90 82 pythonImportsCheck = [ 91 83 "google.auth"

+2

pkgs/development/python-modules/pathy/default.nix

··· 48 48 pythonImportsCheck = [ "pathy" ]; 49 49 50 50 meta = with lib; { 51 + # https://github.com/justindujardin/pathy/issues/113 52 + broken = pathlib-abc.version != "0.1.1"; 51 53 description = "Path interface for local and cloud bucket storage"; 52 54 mainProgram = "pathy"; 53 55 homepage = "https://github.com/justindujardin/pathy";

+2 -2

pkgs/development/python-modules/types-pytz/default.nix

··· 7 7 8 8 buildPythonPackage rec { 9 9 pname = "types-pytz"; 10 - version = "2025.1.0.20250318"; 10 + version = "2025.2.0.20250326"; 11 11 pyproject = true; 12 12 13 13 src = fetchPypi { 14 14 pname = "types_pytz"; 15 15 inherit version; 16 - hash = "sha256-l+DjUYTG/hTjpQFFEgV/LFe7DGWC1jwc/MSAn4IYBEk="; 16 + hash = "sha256-3toC3iT1JwZvyNahnihKs/OucWpCtK22tA515AjAjTY="; 17 17 }; 18 18 19 19 build-system = [ setuptools ];

+1

pkgs/development/tools/parsing/tree-sitter/grammars/default.nix

··· 26 26 tree-sitter-elm = lib.importJSON ./tree-sitter-elm.json; 27 27 tree-sitter-embedded-template = lib.importJSON ./tree-sitter-embedded-template.json; 28 28 tree-sitter-erlang = lib.importJSON ./tree-sitter-erlang.json; 29 + tree-sitter-factor = lib.importJSON ./tree-sitter-factor.json; 29 30 tree-sitter-fennel = lib.importJSON ./tree-sitter-fennel.json; 30 31 tree-sitter-fish = lib.importJSON ./tree-sitter-fish.json; 31 32 tree-sitter-fortran = lib.importJSON ./tree-sitter-fortran.json;

+12

pkgs/development/tools/parsing/tree-sitter/grammars/tree-sitter-factor.json

··· 1 + { 2 + "url": "https://github.com/erochest/tree-sitter-factor", 3 + "rev": "554d8b705df61864eb41a0ecf3741e94eb9f0c54", 4 + "date": "2025-01-11T21:45:26-05:00", 5 + "path": "/nix/store/yvyrq221kqwjq19hw6lf8xzxj6z080d8-tree-sitter-factor", 6 + "sha256": "14yciinyczi7h8dny0cgk5ghlfwjlgz1zqndwrk260n1994k5bb7", 7 + "hash": "sha256-Z60ySUrBAiNm5s3iH/6jkjsKX5mPAW8bgid+5m2MzJM=", 8 + "fetchLFS": false, 9 + "fetchSubmodules": false, 10 + "deepClone": false, 11 + "leaveDotGit": false 12 + }

+4

pkgs/development/tools/parsing/tree-sitter/update.nix

··· 155 155 orga = "MunifTanjim"; 156 156 repo = "tree-sitter-lua"; 157 157 }; 158 + "tree-sitter-factor" = { 159 + orga = "erochest"; 160 + repo = "tree-sitter-factor"; 161 + }; 158 162 "tree-sitter-fennel" = { 159 163 orga = "travonted"; 160 164 repo = "tree-sitter-fennel";

+2 -2

pkgs/os-specific/linux/kernel/zen-kernels.nix

··· 23 23 }; 24 24 # ./update-zen.py lqx 25 25 lqx = { 26 - version = "6.13.8"; # lqx 26 + version = "6.14.0"; # lqx 27 27 suffix = "lqx1"; # lqx 28 - sha256 = "0r61imcqlqndmjxgzjjb2p4g2kfxdndm32qzai2jcg21910c2j2m"; # lqx 28 + sha256 = "1py2zg8wr5azr88ixm04v3nvlfihk7iimzc7sdjgz2mb0ji5kxjc"; # lqx 29 29 isLqx = true; 30 30 }; 31 31 };

-2

pkgs/top-level/all-packages.nix

··· 1385 1385 pythonPackages = python3Packages; 1386 1386 }; 1387 1387 1388 - gitlint = python3Packages.callPackage ../applications/version-management/gitlint { }; 1389 - 1390 1388 gitmux = callPackage ../applications/version-management/gitmux { }; 1391 1389 1392 1390 gittyup = libsForQt5.callPackage ../applications/version-management/gittyup { };