Merge staging-next into staging

maintainers/maintainer-list.nix

@@ -11330,6 +11330,13 @@
     githubId = 35086;
     name = "Jonathan Wright";
   };
+  quantenzitrone = {
+    email = "quantenzitrone@protonmail.com";
+    github = "Quantenzitrone";
+    githubId = 74491719;
+    matrix = "@quantenzitrone:matrix.org";
+    name = "quantenzitrone";
+  };
   queezle = {
     email = "git@queezle.net";
     github = "queezle42";

nixos/doc/manual/configuration/user-mgmt.chapter.md

@@ -32,8 +32,7 @@ account will cease to exist. Also, imperative commands for managing users and
 groups, such as useradd, are no longer available. Passwords may still be
 assigned by setting the user\'s
 [hashedPassword](#opt-users.users._name_.hashedPassword) option. A
-hashed password can be generated using `mkpasswd -m
+hashed password can be generated using `mkpasswd`.
-  sha-512`.
 
 A user ID (uid) is assigned automatically. You can also specify a uid
 manually by adding

nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml

@@ -39,7 +39,7 @@ users.users.alice = {
     Passwords may still be assigned by setting the user's
     <link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
     option. A hashed password can be generated using
-    <literal>mkpasswd -m sha-512</literal>.
+    <literal>mkpasswd</literal>.
   </para>
   <para>
     A user ID (uid) is assigned automatically. You can also specify a

nixos/modules/config/users-groups.nix

@@ -35,7 +35,7 @@ let
   '';
 
   hashedPasswordDescription = ''
-    To generate a hashed password run `mkpasswd -m sha-512`.
+    To generate a hashed password run `mkpasswd`.
 
     If set to an empty string (`""`), this user will
     be able to log in without being asked for a password (but not via remote
@@ -592,6 +592,26 @@ in {
       '';
     };
 
+    # Warn about user accounts with deprecated password hashing schemes
+    system.activationScripts.hashes = {
+      deps = [ "users" ];
+      text = ''
+        users=()
+        while IFS=: read -r user hash tail; do
+          if [[ "$hash" = "$"* && ! "$hash" =~ ^\$(y|gy|7|2b|2y|2a|6)\$ ]]; then
+            users+=("$user")
+          fi
+        done </etc/shadow
+
+        if (( "''${#users[@]}" )); then
+          echo "
+        WARNING: The following user accounts rely on password hashes that will
+        be removed in NixOS 23.05. They should be renewed as soon as possible."
+          printf ' - %s\n' "''${users[@]}"
+        fi
+      '';
+    };
+
     # for backwards compatibility
     system.activationScripts.groups = stringAfter [ "users" ] "";
 

nixos/modules/module-list.nix

@@ -718,6 +718,7 @@
   ./services/monitoring/teamviewer.nix
   ./services/monitoring/telegraf.nix
   ./services/monitoring/thanos.nix
+  ./services/monitoring/tremor-rs.nix
   ./services/monitoring/tuptime.nix
   ./services/monitoring/unifi-poller.nix
   ./services/monitoring/ups.nix

nixos/modules/services/monitoring/tremor-rs.nix

@@ -0,0 +1,129 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+
+  cfg = config.services.tremor-rs;
+
+  loggerSettingsFormat = pkgs.formats.yaml { };
+  loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings;
+in {
+
+  options = {
+    services.tremor-rs = {
+      enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system");
+
+      troyFileList = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = lib.mdDoc "List of troy files to load.";
+      };
+
+      tremorLibDir = mkOption {
+        type = types.path;
+        default = "";
+        description = lib.mdDoc "Directory where to find /lib containing tremor script files";
+      };
+
+      host = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = lib.mdDoc "The host tremor should be listening on";
+      };
+
+      port = mkOption {
+        type = types.port;
+        default = 9898;
+        description = lib.mdDoc "the port tremor should be listening on";
+      };
+
+      loggerSettings = mkOption {
+        description = lib.mdDoc "Tremor logger configuration";
+        default = {};
+        type = loggerSettingsFormat.type;
+
+        example = {
+          refresh_rate = "30 seconds";
+          appenders.stdout.kind = "console";
+          root = {
+            level = "warn";
+            appenders = [ "stdout" ];
+          };
+          loggers = {
+            tremor_runtime = {
+              level = "debug";
+              appenders = [ "stdout" ];
+              additive = false;
+            };
+            tremor = {
+              level = "debug";
+              appenders = [ "stdout" ];
+              additive = false;
+            };
+          };
+        };
+
+        defaultText = literalExpression ''
+          {
+            refresh_rate = "30 seconds";
+            appenders.stdout.kind = "console";
+            root = {
+              level = "warn";
+              appenders = [ "stdout" ];
+            };
+            loggers = {
+              tremor_runtime = {
+                level = "debug";
+                appenders = [ "stdout" ];
+                additive = false;
+              };
+              tremor = {
+                level = "debug";
+                appenders = [ "stdout" ];
+                additive = false;
+              };
+            };
+          }
+        '';
+
+      };
+    };
+  };
+
+  config = mkIf (cfg.enable) {
+
+    environment.systemPackages = [ pkgs.tremor-rs ] ;
+
+    systemd.services.tremor-rs = {
+      description = "Tremor event- or stream-processing system";
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+
+      environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}";
+
+      serviceConfig = {
+        ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}";
+        DynamicUser = true;
+        Restart = "always";
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectClock = true;
+        ProtectProc = "noaccess";
+        ProcSubset = "pid";
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectHostname = true;
+        RestrictSUIDSGID = true;
+        RestrictRealtime = true;
+        RestrictNamespaces = true;
+        LockPersonality = true;
+        RemoveIPC = true;
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
+      };
+    };
+  };
+}

nixos/modules/services/web-apps/keycloak.nix

@@ -482,6 +482,10 @@ in
             assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
             message = "A CA certificate must be specified (in 'services.keycloak.database.caCert') when PostgreSQL is used with SSL";
           }
+          {
+            assertion = createLocalPostgreSQL -> config.services.postgresql.settings.standard_conforming_strings or true;
+            message = "Setting up a local PostgreSQL db for Keycloak requires `standard_conforming_strings` turned on to work reliably";
+          }
         ];
 
         environment.systemPackages = [ keycloakBuild ];
@@ -544,7 +548,13 @@ in
             create_role="$(mktemp)"
             trap 'rm -f "$create_role"' EXIT
 
+            # Read the password from the credentials directory and
+            # escape any single quotes by adding additional single
+            # quotes after them, following the rules laid out here:
+            # https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
             db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
+            db_password="''${db_password//\'/\'\'}"
+
             echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role"
             psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
             psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
@@ -566,8 +576,16 @@ in
           script = ''
             set -o errexit -o pipefail -o nounset -o errtrace
             shopt -s inherit_errexit
+
+            # Read the password from the credentials directory and
+            # escape any single quotes by adding additional single
+            # quotes after them, following the rules laid out here:
+            # https://dev.mysql.com/doc/refman/8.0/en/string-literals.html
             db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
-            ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
+            db_password="''${db_password//\'/\'\'}"
+
+            ( echo "SET sql_mode = 'NO_BACKSLASH_ESCAPES';"
+              echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
               echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
               echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
             ) | mysql -N
@@ -632,12 +650,17 @@ in
 
               ${secretReplacements}
 
+              # Escape any backslashes in the db parameters, since
+              # they're otherwise unexpectedly read as escape
+              # sequences.
+              sed -i '/db-/ s|\\|\\\\|g' /run/keycloak/conf/keycloak.conf
+
             '' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
               mkdir -p /run/keycloak/ssl
               cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/
             '' + ''
               export KEYCLOAK_ADMIN=admin
-              export KEYCLOAK_ADMIN_PASSWORD=${cfg.initialAdminPassword}
+              export KEYCLOAK_ADMIN_PASSWORD=${escapeShellArg cfg.initialAdminPassword}
               kc.sh start --optimized
             '';
           };

nixos/modules/system/boot/stage-1-init.sh

@@ -342,6 +342,14 @@ checkFS() {
     return 0
 }
 
+escapeFstab() {
+    local original="$1"
+
+    # Replace space
+    local escaped="${original// /\\040}"
+    # Replace tab
+    echo "${escaped//$'\t'/\\011}"
+}
 
 # Function for mounting a file system.
 mountFS() {
@@ -569,7 +577,7 @@ while read -u 3 mountPoint; do
         continue
     fi
 
-    mountFS "$device" "$mountPoint" "$options" "$fsType"
+    mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
 done
 
 exec 3>&-

nixos/modules/tasks/filesystems.nix

@@ -167,7 +167,7 @@ let
          else throw "No device specified for mount point ‘${fs.mountPoint}’.")
       + " " + escape (rootPrefix + fs.mountPoint)
       + " " + fs.fsType
-      + " " + builtins.concatStringsSep "," (fs.options ++ (extraOpts fs))
+      + " " + escape (builtins.concatStringsSep "," (fs.options ++ (extraOpts fs)))
       + " " + (optionalString (!excludeChecks)
         ("0 " + (if skipCheck fs then "0" else if fs.mountPoint == "/" then "1" else "2")))
       + "\n"

nixos/release-combined.nix

@@ -77,6 +77,7 @@ in rec {
         (onFullSupported "nixos.tests.i3wm")
         (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple")
         (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolDefault")
+        (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolEscape")
         (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvols")
         (onSystems ["x86_64-linux"] "nixos.tests.installer.luksroot")
         (onSystems ["x86_64-linux"] "nixos.tests.installer.lvm")

nixos/tests/all-tests.nix

@@ -252,8 +252,8 @@ in {
   haproxy = handleTest ./haproxy.nix {};
   hardened = handleTest ./hardened.nix {};
   healthchecks = handleTest ./web-apps/healthchecks.nix {};
-  hbase1 = handleTest ./hbase.nix { package=pkgs.hbase1; };
   hbase2 = handleTest ./hbase.nix { package=pkgs.hbase2; };
+  hbase_2_4 = handleTest ./hbase.nix { package=pkgs.hbase_2_4; };
   hbase3 = handleTest ./hbase.nix { package=pkgs.hbase3; };
   hedgedoc = handleTest ./hedgedoc.nix {};
   herbstluftwm = handleTest ./herbstluftwm.nix {};

nixos/tests/installer-systemd-stage-1.nix

@@ -8,9 +8,10 @@
   # them when fixed.
   inherit (import ./installer.nix { inherit system config pkgs; systemdStage1 = true; })
     # bcache
-    # btrfsSimple
+    btrfsSimple
-    # btrfsSubvolDefault
+    btrfsSubvolDefault
-    # btrfsSubvols
+    btrfsSubvolEscape
+    btrfsSubvols
     # encryptedFSWithKeyfile
     # grub1
     # luksroot

nixos/tests/installer.nix

@@ -911,4 +911,25 @@ in {
       )
     '';
   };
+
+  # Test to see if we can deal with subvols that need to be escaped in fstab
+  btrfsSubvolEscape = makeInstallerTest "btrfsSubvolEscape" {
+    createPartitions = ''
+      machine.succeed(
+          "sgdisk -Z /dev/vda",
+          "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda",
+          "mkswap /dev/vda2 -L swap",
+          "swapon -L swap",
+          "mkfs.btrfs -L root /dev/vda3",
+          "btrfs device scan",
+          "mount LABEL=root /mnt",
+          "btrfs subvol create '/mnt/nixos in space'",
+          "btrfs subvol create /mnt/boot",
+          "umount /mnt",
+          "mount -o 'defaults,subvol=nixos in space' LABEL=root /mnt",
+          "mkdir /mnt/boot",
+          "mount -o defaults,subvol=boot LABEL=root /mnt/boot",
+      )
+    '';
+  };
 }

nixos/tests/keycloak.nix

@@ -5,10 +5,13 @@
 let
   certs = import ./common/acme/server/snakeoil-certs.nix;
   frontendUrl = "https://${certs.domain}";
-  initialAdminPassword = "h4IhoJFnt2iQIR9";
 
   keycloakTest = import ./make-test-python.nix (
     { pkgs, databaseType, ... }:
+    let
+      initialAdminPassword = "h4Iho\"JFn't2>iQIR9";
+      adminPasswordFile = pkgs.writeText "admin-password" "${initialAdminPassword}";
+    in
     {
       name = "keycloak";
       meta = with pkgs.lib.maintainers; {
@@ -37,7 +40,7 @@ let
               type = databaseType;
               username = "bogus";
               name = "also bogus";
-              passwordFile = "${pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"}";
+              passwordFile = "${pkgs.writeText "dbPassword" ''wzf6\"vO"Cb\nP>p#6;c&o?eu=q'THE'''H''''E''}";
             };
             plugins = with config.services.keycloak.package.plugins; [
               keycloak-discord
@@ -111,7 +114,7 @@ let
           keycloak.succeed("""
               curl -sSf -d 'client_id=admin-cli' \
                    -d 'username=admin' \
-                   -d 'password=${initialAdminPassword}' \
+                   -d "password=$(<${adminPasswordFile})" \
                    -d 'grant_type=password' \
                    '${frontendUrl}/realms/master/protocol/openid-connect/token' \
                    | jq -r '"Authorization: bearer " + .access_token' >admin_auth_header
@@ -119,10 +122,10 @@ let
 
           # Register the metrics SPI
           keycloak.succeed(
-              "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt",
+              """${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt""",
-              "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'",
+              """KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password "$(<${adminPasswordFile})" """,
-              "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'",
+              """KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'""",
-              "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'"
+              """curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'"""
           )
 
           # Publish the realm, including a test OIDC client and user

pkgs/applications/audio/lollypop/default.nix

@@ -25,7 +25,7 @@
 
 python3.pkgs.buildPythonApplication rec  {
   pname = "lollypop";
-  version = "1.4.36";
+  version = "1.4.35";
 
   format = "other";
   doCheck = false;
@@ -34,7 +34,7 @@ python3.pkgs.buildPythonApplication rec  {
     url = "https://gitlab.gnome.org/World/lollypop";
     rev = "refs/tags/${version}";
     fetchSubmodules = true;
-    sha256 = "sha256-Ka/rYgWGuCQTzguJiyQpY5SPC1iB5XOVy/Gezj+DYpk=";
+    sha256 = "sha256-Rdp0gZjdj2tXOWarsTpqgvSZVXAQsCLfk5oUyalE/ZA=";
   };
 
   nativeBuildInputs = [

pkgs/applications/blockchains/nearcore/default.nix

@@ -4,7 +4,7 @@
 }:
 rustPlatform.buildRustPackage rec {
   pname = "nearcore";
-  version = "1.29.0";
+  version = "1.29.1";
 
   # https://github.com/near/nearcore/tags
   src = fetchFromGitHub {
@@ -13,10 +13,10 @@ rustPlatform.buildRustPackage rec {
     # there is also a branch for this version number, so we need to be explicit
     rev = "refs/tags/${version}";
 
-    sha256 = "sha256-TOZ6j4CaiOXmNn8kgVGP27SjvLDlGvabAA+PAEyFXIk=";
+    sha256 = "sha256-TmmGLrDpNOfadOIwmG7XRgI89XQjaqIavxCEE2plumc=";
   };
 
-  cargoSha256 = "sha256-LjBgsQynHIfrQP4Z7j1J8+PLqRZWGAOQ5dJaGOqabVk=";
+  cargoSha256 = "sha256-4suoHP6AXhXlt7+sHMX5RW/LGZrbMhNNmzYvFBcnMTs=";
   cargoPatches = [ ./0001-make-near-test-contracts-optional.patch ];
 
   postPatch = ''

pkgs/applications/emulators/basiliskii/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2 }:
+{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2, mpfr }:
 stdenv.mkDerivation {
   pname = "basiliskii";
   version = "unstable-2022-09-30";
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
   sourceRoot = "source/BasiliskII/src/Unix";
   patches = [ ./remove-redhat-6-workaround-for-scsi-sg.h.patch ];
   nativeBuildInputs = [ autoconf automake pkg-config ];
-  buildInputs = [ SDL2 gtk2 ];
+  buildInputs = [ SDL2 gtk2 mpfr ];
   preConfigure = ''
     NO_CONFIGURE=1 ./autogen.sh
   '';

pkgs/applications/emulators/sameboy/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "sameboy";
-  version = "0.15.6";
+  version = "0.15.8";
 
   src = fetchFromGitHub {
     owner = "LIJI32";
     repo = "SameBoy";
     rev = "v${version}";
-    sha256 = "sha256-WsZuOKq/Dfk2zgYFXSwZPUuPrJQJ3y3mJHL6s61mTig=";
+    sha256 = "sha256-SBK+aYekEJreD0XBvYaU12eIKmm9JNYIpPt1XhUtH4c=";
   };
 
   enableParallelBuilding = true;

pkgs/applications/networking/instant-messengers/go-neb/default.nix

@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub, nixosTests, olm }:
+{ lib, stdenv, buildGoModule, fetchFromGitHub, nixosTests, olm }:
 
 buildGoModule {
   pname = "go-neb";
@@ -21,6 +21,7 @@ buildGoModule {
   passthru.tests.go-neb = nixosTests.go-neb;
 
   meta = with lib; {
+    broken = stdenv.isDarwin;
     description = "Extensible matrix bot written in Go";
     homepage = "https://github.com/matrix-org/go-neb";
     license = licenses.asl20;

pkgs/applications/networking/twtxt/default.nix

@@ -2,13 +2,13 @@
 
 buildPythonApplication rec {
   pname = "twtxt";
-  version = "1.2.3";
+  version = "1.3.1";
 
   src = fetchFromGitHub {
     owner = "buckket";
     repo = pname;
-    rev = "v${version}";
+    rev = "refs/tags/v${version}";
-    sha256 = "sha256-AdM95G2Vz3UbVPI7fs8/D78BMxscbTGrCpIyyHzSmho=";
+    sha256 = "sha256-CbFh1o2Ijinfb8X+h1GP3Tp+8D0D3/Czt/Uatd1B4cw=";
   };
 
   # Relax some dependencies

pkgs/applications/version-management/fossil/default.nix

@@ -16,11 +16,11 @@
 
 stdenv.mkDerivation rec {
   pname = "fossil";
-  version = "2.19";
+  version = "2.20";
 
   src = fetchurl {
     url = "https://www.fossil-scm.org/home/tarball/version-${version}/fossil-${version}.tar.gz";
-    sha256 = "sha256-RZ9/7b4lRJqFVyfXwzutO8C/Pa6XPyxtvpp7gmEGoj4=";
+    sha256 = "1knff50rr8f39myxj50fprb9ya87cslmwz7zzfya56l33r7i7jh3";
   };
 
   nativeBuildInputs = [ installShellFiles tcl tcllib ];

pkgs/applications/video/kooha/default.nix

@@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
   buildInputs = [
     glib
     gst_all_1.gstreamer
+    gst_all_1.gst-plugins-good
     gst_all_1.gst-plugins-base
     gst_all_1.gst-plugins-ugly
     gtk4

pkgs/applications/window-managers/gamescope/default.nix

@@ -26,7 +26,7 @@
 }:
 let
   pname = "gamescope";
-  version = "3.11.48";
+  version = "3.11.49";
 in
 stdenv.mkDerivation {
   inherit pname version;
@@ -35,7 +35,7 @@ stdenv.mkDerivation {
     owner = "Plagman";
     repo = "gamescope";
     rev = "refs/tags/${version}";
-    hash = "sha256-/a0fW0NVIrg9tuK+mg+D+IOcq3rJJxKdFwspM1ZRR9M=";
+    hash = "sha256-GRq/b013wFRHzFz2YCulJRtcwzX/dhJKd8dkATSLug0=";
   };
 
   patches = [ ./use-pkgconfig.patch ];
@@ -85,7 +85,7 @@ stdenv.mkDerivation {
     description = "SteamOS session compositing window manager";
     homepage = "https://github.com/Plagman/gamescope";
     license = licenses.bsd2;
-    maintainers = with maintainers; [ nrdxp ];
+    maintainers = with maintainers; [ nrdxp zhaofengli ];
     platforms = platforms.linux;
   };
 }

pkgs/development/libraries/wxwidgets/wxGTK30.nix

@@ -41,13 +41,13 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "wxwidgets";
-  version = "3.0.5";
+  version = "3.0.5.1";
 
   src = fetchFromGitHub {
     owner = "wxWidgets";
     repo = "wxWidgets";
     rev = "v${version}";
-    hash = "sha256-p69nNCg552j+nldGY0oL65uFRVu4xXCkoE10F5MwY9A=";
+    hash = "sha256-I91douzXDAfDgm4Pplf17iepv4vIRhXZDRFl9keJJq0=";
   };
 
   nativeBuildInputs = [ pkg-config ];

pkgs/development/python-modules/aws-lambda-builders/default.nix

@@ -12,7 +12,7 @@
 
 buildPythonPackage rec {
   pname = "aws-lambda-builders";
-  version = "1.20.0";
+  version = "1.23.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -21,7 +21,7 @@ buildPythonPackage rec {
     owner = "awslabs";
     repo = "aws-lambda-builders";
     rev = "refs/tags/v${version}";
-    hash = "sha256-+XOxz3xWIYacfUizztd4mH5kvBw/dkN9WiS38dONs7Y=";
+    hash = "sha256-3jzUowSeO6j7DzIlOkeU3KUFFIUi7cEyvjbIL8uRGcU=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/cftime/default.nix

@@ -2,6 +2,7 @@
 , buildPythonPackage
 , cython
 , fetchPypi
+, fetchpatch
 , numpy
 , pytestCheckHook
 , pythonOlder
@@ -16,9 +17,22 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-hhTAD7ilBG3jBP3Ybb0iT5lAgYXXskWsZijQJ2WW5tI=";
+    hash = "sha256-hhTAD7ilBG3jBP3Ybb0iT5lAgYXXskWsZijQJ2WW5tI=";
   };
 
+  patches = [
+    (fetchpatch {
+      # Fix test_num2date_precision by checking per platform precision
+      url = "https://github.com/Unidata/cftime/commit/221ff2195d588a43a7984597033b678f330fbc41.patch";
+      hash = "sha256-3XTJuET20g9QElM/8WGnNzJBFZ0oUN4ikhWKppwcyNM=";
+    })
+  ];
+
+  postPatch = ''
+    sed -i "/--cov/d" setup.cfg
+  '';
+
+
   nativeBuildInputs = [
     cython
     numpy
@@ -32,10 +46,6 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
-  postPatch = ''
-    sed -i "/--cov/d" setup.cfg
-  '';
-
   pythonImportsCheck = [
     "cftime"
   ];

pkgs/development/python-modules/filemagic/default.nix

@@ -1,30 +0,0 @@
-{ stdenv, lib, buildPythonPackage, fetchFromGitHub, file
-, isPy3k, mock, unittest2 }:
-
-buildPythonPackage {
-  pname = "filemagic";
-  version = "1.6";
-  disabled = !isPy3k; # asserts on ResourceWarning
-
-  # Don't use the PyPI source because it's missing files required for testing
-  src = fetchFromGitHub {
-    owner = "aliles";
-    repo = "filemagic";
-    rev = "138649062f769fb10c256e454a3e94ecfbf3017b";
-    sha256 = "1jxf928jjl2v6zv8kdnfqvywdwql1zqkm1v5xn1d5w0qjcg38d4n";
-  };
-
-  postPatch = ''
-    substituteInPlace magic/api.py --replace "ctypes.util.find_library('magic')" \
-      "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
-  '';
-
-  checkInputs = [ mock ] ++ lib.optionals (!isPy3k) [ unittest2 ];
-
-  meta = with lib; {
-    description = "File type identification using libmagic";
-    homepage = "https://github.com/aliles/filemagic";
-    license = licenses.asl20;
-    maintainers = with maintainers; [ erikarvstedt ];
-  };
-}

pkgs/development/python-modules/geopy/default.nix

@@ -11,21 +11,17 @@
 
 buildPythonPackage rec {
   pname = "geopy";
-  version = "2.2.0";
+  version = "2.3.0";
-  disabled = pythonOlder "3.5";
+  format = "setuptools";
+  disabled = pythonOlder "3.7";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
-    rev = version;
+    rev = "refs/tags/${version}";
-    sha256 = "sha256-zFz0T/M/CABKkChuiKsFkWj2pphZuFeE5gz0HxZYaz8=";
+    sha256 = "sha256-bHfjUfuiEH3AxRDTLmbm67bKOw6fBuMQDUQA2NLg800=";
   };
 
-  postPatch = ''
-    substituteInPlace setup.py \
-      --replace "geographiclib<2,>=1.49" "geographiclib"
-  '';
-
   propagatedBuildInputs = [
     geographiclib
   ];

pkgs/development/python-modules/name-that-hash/default.nix

@@ -8,14 +8,14 @@
 
 buildPythonPackage rec {
   pname = "name-that-hash";
-  version = "1.10";
+  version = "1.11.0";
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "HashPals";
     repo = pname;
     rev = version;
-    hash = "sha256-3sddUPoC3NfKQzmNgqPf/uHaYN9VZBqsmV712uz1Phg=";
+    hash = "sha256-zOb4BS3zG1x8GLXAooqqvMOw0fNbw35JuRWOdGP26/8=";
   };
 
   # TODO remove on next update which bumps rich

pkgs/development/python-modules/prodict/default.nix

@@ -0,0 +1,35 @@
+{ buildPythonPackage
+, fetchFromGitHub
+, pythonOlder
+, pytestCheckHook
+, lib
+}:
+
+buildPythonPackage rec {
+  pname   = "prodict";
+  version = "0.8.6";
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "ramazanpolat";
+    repo = pname;
+    rev = version;
+    hash = "sha256-c46JEQFg4KRwerqpMSgh6+tYRpKTOX02Lzsq4/meS3o=";
+  };
+
+  # make setuptools happy on case-sensitive filesystems
+  postPatch = ''if [[ ! -f README.md ]]; then mv README.MD README.md; fi'';
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [ "prodict" ];
+
+  meta = {
+    description = "Access Python dictionary as a class with type hinting and autocompletion";
+    homepage = "https://github.com/ramazanpolat/prodict";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ bcdarwin ];
+  };
+}

pkgs/development/python-modules/pyrogram/default.nix

@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "pyrogram";
-  version = "2.0.59";
+  version = "2.0.62";
 
   disabled = pythonOlder "3.7";
 
@@ -20,7 +20,7 @@ buildPythonPackage rec {
     owner = "pyrogram";
     repo = "pyrogram";
     rev = "v${version}";
-    hash = "sha256-vGgtVXvi/zvbU8f+LBQJN8GSxyVqdv/fBYfsBR4BKf4=";
+    hash = "sha256-Kex9xIjcAYCzHeqWoDAIgTMuih0s42/O2zfTYxWEqbM=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pysma/default.nix

@@ -9,14 +9,14 @@
 
 buildPythonPackage rec {
   pname = "pysma";
-  version = "0.7.2";
+  version = "0.7.3";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-hIrdT0b9XKw1UoPZtQQ7IaW+HV8wuA9Rwoo8XYdGyw8=";
+    sha256 = "sha256-8LwxRiYUhKYZkrjDNcnOkssvfw/tZ6dj1GKZQ6UkqsQ=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/qiskit-terra/default.nix

@@ -193,7 +193,7 @@ buildPythonPackage rec {
 
 
   meta = with lib; {
-    broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin;
+    broken = true; # tests segfault python
     description = "Provides the foundations for Qiskit.";
     longDescription = ''
       Allows the user to write quantum circuits easily, and takes care of the constraints of real hardware.

pkgs/development/python-modules/scikit-learn/default.nix

@@ -65,6 +65,8 @@ buildPythonPackage rec {
     "check_regressors_train"
     "check_classifiers_train"
     "xfail_ignored_in_check_estimator"
+  ] ++ lib.optionals (stdenv.isDarwin) [
+    "test_graphical_lasso"
   ];
 
   pytestFlagsArray = [

pkgs/development/python-modules/token-bucket/default.nix

@@ -1,4 +1,5 @@
 { lib
+, stdenv
 , buildPythonPackage
 , fetchFromGitHub
 , pytest-runner
@@ -25,6 +26,8 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
+  doCheck = !stdenv.isDarwin;
+
   meta = with lib; {
     description = "Token Bucket Implementation for Python Web Apps";
     homepage = "https://github.com/falconry/token-bucket";

pkgs/development/python-modules/watchdog/default.nix

@@ -55,6 +55,7 @@ buildPythonPackage rec {
     "test_create_wrong_encoding"
   ] ++ lib.optionals (stdenv.isDarwin && !stdenv.isAarch64) [
     "test_delete"
+    "test_separate_consecutive_moves"
   ];
 
   disabledTestPaths = [

pkgs/development/tools/build-managers/bob/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "bob";
-  version = "0.6.3";
+  version = "0.7.0";
 
   src = fetchFromGitHub {
     owner = "benchkram";
     repo = pname;
     rev = version;
-    hash = "sha256-jZDyZVjo4Purt2tabJew5N4MZmLXli6gqBTejv5FGJM=";
+    hash = "sha256-37VhzYxVrt+w1XTDXzKAkJT43TQSyCmX9SAoNnk+o3w=";
   };
 
   ldflags = [ "-s" "-w" "-X main.Version=${version}" ];

pkgs/development/tools/millet/default.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "millet";
-  version = "0.5.16";
+  version = "0.6.0";
 
   src = fetchFromGitHub {
     owner = "azdavis";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-YdCdB72f7IQsi8WKVmGlqAybcewisK1J7jfR5Irp6VE=";
+    hash = "sha256-tP1ccUtHfj+JPUYGo+QFYjbz56uNl3p53QNeE/xaCt4=";
   };
 
-  cargoHash = "sha256-2WEptDHo2t6p8nzd00fPu/XQqq0gUlLAyuSraMfbHL0=";
+  cargoHash = "sha256-umOlvHDA8AtoAeB1i8nNgbjvzTmzwZfdjF+TCTKzqAU=";
 
   postPatch = ''
     rm .cargo/config.toml

pkgs/development/tools/oh-my-posh/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "oh-my-posh";
-  version = "12.13.3";
+  version = "12.16.0";
 
   src = fetchFromGitHub {
     owner = "jandedobbeleer";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-1H3BlKxTthyVXEaLISruZDFIeXEAaeZjGp597clPeLs=";
+    sha256 = "sha256-YrrOwTLVgxoriVgVDmn99ORSh04os0q/QnfBXtTtl5g=";
   };
 
   vendorSha256 = "sha256-OrtKFkWXqVoXKmN6BT8YbCNjR1gRTT4gPNwmirn7fjU=";

pkgs/development/tools/poetry2nix/poetry2nix/overrides/build-systems.json

@@ -4816,9 +4816,6 @@
     "setuptools",
     "setuptools-scm"
   ],
-  "filemagic": [
-    "setuptools"
-  ],
   "filetype": [
     "setuptools"
   ],

pkgs/servers/hbase/default.nix

@@ -38,20 +38,19 @@ let common = { version, hash, jdk ? jdk11_headless, tests }:
   };
 in
 {
-  hbase_1_7 = common {
-    version = "1.7.1";
-    hash = "sha256-DrH2G79QLT8L0YTTmAGC9pUWU8semSaTOsrsQRCI2rY=";
-    jdk = jdk8_headless;
-    tests.standalone = nixosTests.hbase1;
-  };
   hbase_2_4 = common {
-    version = "2.4.11";
+    version = "2.4.15";
-    hash = "sha256-m0vjUtPaj8czHHh+rQNJJgrFAM744cHd06KE0ut7QeU=";
+    hash = "sha256-KJXpfQ91POVd7ZnKQyIX5qzX4JIZqh3Zn2Pz0chW48g=";
+    tests.standalone = nixosTests.hbase_2_4;
+  };
+  hbase_2_5 = common {
+    version = "2.5.1";
+    hash = "sha256-ddSa4q43PSJv1W4lzzaXfv4LIThs4n8g8wYufHgsZVE=";
     tests.standalone = nixosTests.hbase2;
   };
   hbase_3_0 = common {
-    version = "3.0.0-alpha-2";
+    version = "3.0.0-alpha-3";
-    hash = "sha256-QPvgO1BeFWvMT5PdUm/SL92ZgvSvYIuJbzolbBTenz4=";
+    hash = "sha256-TxuiUHc2pTb9nBth1H2XrDRLla2vqM+e1uBU+yY2/EM=";
     tests.standalone = nixosTests.hbase3;
   };
 }

pkgs/servers/home-assistant/default.nix

@@ -31,6 +31,16 @@ let
     # Override the version of some packages pinned in Home Assistant's setup.py and requirements_all.txt
 
     (self: super: {
+      # https://github.com/postlund/pyatv/issues/1879
+      aiohttp = super.aiohttp.overridePythonAttrs (oldAttrs: rec {
+        pname = "aiohttp";
+        version = "3.8.1";
+        src = self.fetchPypi {
+          inherit pname version;
+          hash = "sha256-/FRx4aVN4V73HBvG6+gNTcaB6mAOaL/Ry85AQn8LdXg=";
+        };
+      });
+
       backoff = super.backoff.overridePythonAttrs (oldAttrs: rec {
         version = "1.11.1";
         src = fetchFromGitHub {

pkgs/servers/kubemq-community/default.nix

@@ -2,12 +2,12 @@
 
 buildGoModule rec {
   pname = "kubemq-community";
-  version = "2.3.4";
+  version = "2.3.5";
   src = fetchFromGitHub {
     owner = "kubemq-io";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-+HJpjKMSndcV+xQJM+FesdtoUSGHnpILQFuf3sbxBY0=";
+    sha256 = "sha256-kR2/Is1fQqpRyQ8yKSEvXV5xzXcHldCqgnCRNRZ+Ekg=";
   };
 
   CGO_ENABLED=0;

pkgs/servers/matrix-synapse/tools/rust-synapse-compress-state.nix

@@ -1,4 +1,4 @@
-{ lib, rustPlatform, python3, fetchFromGitHub, pkg-config, openssl }:
+{ lib, stdenv, rustPlatform, python3, fetchFromGitHub, pkg-config, openssl }:
 
 rustPlatform.buildRustPackage rec {
   pname = "rust-synapse-compress-state";
@@ -22,6 +22,7 @@ rustPlatform.buildRustPackage rec {
   buildInputs = [ openssl ];
 
   meta = with lib; {
+    broken = stdenv.isDarwin;
     description = "A tool to compress some state in a Synapse instance's database";
     homepage = "https://github.com/matrix-org/rust-synapse-compress-state";
     license = licenses.asl20;

pkgs/servers/photoprism/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg, libheif, exiftool, nixosTests, makeWrapper }:
+{ pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg, libheif, exiftool, makeWrapper, testers }:
 
 let
   version = "221102-905925b4d";
@@ -74,7 +74,7 @@ stdenv.mkDerivation {
     runHook postInstall
   '';
 
-  passthru.tests.photoprism = nixosTests.photoprism;
+  passthru.tests.version = testers.testVersion { package = pkgs.photoprism; };
 
   meta = with lib; {
     homepage = "https://photoprism.app";

pkgs/servers/photoprism/libtensorflow.nix

@@ -15,12 +15,14 @@ stdenv.mkDerivation rec {
         aarch64-linux = "sha256-qnj4vhSWgrk8SIjzIH1/4waMxMsxMUvqdYZPaSaUJRk=";
       }.${system};
 
-      url = let
+      url =
-        systemName = {
+        let
-          x86_64-linux = "amd64";
+          systemName = {
-          aarch64-linux = "arm64";
+            x86_64-linux = "amd64";
-        }.${system};
+            aarch64-linux = "arm64";
-      in "https://dl.photoprism.app/tensorflow/${systemName}/libtensorflow-${systemName}-${version}.tar.gz";
+          }.${system};
+        in
+        "https://dl.photoprism.app/tensorflow/${systemName}/libtensorflow-${systemName}-${version}.tar.gz";
     })
     # Upstream tensorflow tarball (with .h's photoprism's tarball is missing)
     (fetchurl {
@@ -49,13 +51,15 @@ stdenv.mkDerivation rec {
   '';
 
   # Patch library to use our libc, libstdc++ and others
-  patchPhase = let
+  patchPhase =
-    rpath = lib.makeLibraryPath [ stdenv.cc.libc stdenv.cc.cc.lib ];
+    let
-  in ''
+      rpath = lib.makeLibraryPath [ stdenv.cc.libc stdenv.cc.cc.lib ];
-    chmod -R +w lib
+    in
-    patchelf --set-rpath "${rpath}:$out/lib" lib/libtensorflow.so
+    ''
-    patchelf --set-rpath "${rpath}" lib/libtensorflow_framework.so
+      chmod -R +w lib
-  '';
+      patchelf --set-rpath "${rpath}:$out/lib" lib/libtensorflow.so
+      patchelf --set-rpath "${rpath}" lib/libtensorflow_framework.so
+    '';
 
   buildPhase = ''
     # Write pkg-config file.

pkgs/shells/fish/plugins/default.nix

@@ -31,4 +31,6 @@ lib.makeScope newScope (self: with self; {
 
   pure = callPackage ./pure.nix { };
 
+  sponge = callPackage ./sponge.nix { };
+
 })

pkgs/shells/fish/plugins/sponge.nix

@@ -0,0 +1,20 @@
+{ lib, buildFishPlugin, fetchFromGitHub }:
+
+buildFishPlugin rec {
+  pname = "sponge";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = "meaningful-ooo";
+    repo = pname;
+    rev = "${version}";
+    sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w=";
+  };
+
+  meta = with lib; {
+    description = "keeps your fish shell history clean from typos, incorrectly used commands and everything you don't want to store due to privacy reasons";
+    homepage = "https://github.com/meaningful-ooo/sponge";
+    license = licenses.mit;
+    maintainers = with maintainers; [ quantenzitrone ];
+  };
+}

pkgs/tools/admin/lxd/default.nix

@@ -32,14 +32,14 @@
 
 buildGoModule rec {
   pname = "lxd";
-  version = "5.7";
+  version = "5.8";
 
   src = fetchurl {
     urls = [
       "https://linuxcontainers.org/downloads/lxd/lxd-${version}.tar.gz"
       "https://github.com/lxc/lxd/releases/download/lxd-${version}/lxd-${version}.tar.gz"
     ];
-    sha256 = "sha256-TZeF/VPrP4qRAVezJwQWtfypsxBJpnTrST0uDdw3WVI=";
+    sha256 = "sha256-mYyDYO8k4MVoNa8xfp1vH2nyuhNsDJ93s9F5hjaMftk=";
   };
 
   vendorSha256 = null;

pkgs/tools/admin/pulumi/default.nix

@@ -14,16 +14,16 @@
 
 buildGoModule rec {
   pname = "pulumi";
-  version = "3.46.1";
+  version = "3.47.0";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-bEAggHGMhSSwEiYj+DdJRajR4DLunpidbd4DflkBrQ8=";
+    hash = "sha256-r0VPWVyyWGZ2v2yKKiJGJV+ah77zxFm7Zwm9yag3fxc=";
   };
 
-  vendorSha256 = "sha256-+JKCCNkByqWuvAv8qUL3L9DlDhvIbMsDbsfn3KYolUo=";
+  vendorSha256 = "sha256-eipxqX2m425FnPkf+ao/k1dYwDHDmJf+eS3S0sEiXkk=";
 
   sourceRoot = "source/pkg";
 

pkgs/tools/package-management/nfpm/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "nfpm";
-  version = "2.22.0";
+  version = "2.22.1";
 
   src = fetchFromGitHub {
     owner = "goreleaser";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-Qb4jzn1UM/0B4ryk3cPVuhqVtJML+Vv5KtebBjirSuI=";
+    sha256 = "sha256-BdPY1DzF2zunhEp7Z13X3jOxhTPHHUejAe7HZSoexYk=";
   };
 
   vendorSha256 = "sha256-fvSA0BQQKhXxyNu0/ilNcMmTBtLm/piA4rJu6p5+8GU=";

pkgs/tools/security/ghidra/build.nix

@@ -19,13 +19,13 @@
 let
   pkg_path = "$out/lib/ghidra";
   pname = "ghidra";
-  version = "10.2.1";
+  version = "10.2.2";
 
   src = fetchFromGitHub {
     owner = "NationalSecurityAgency";
     repo = "Ghidra";
     rev = "Ghidra_${version}_build";
-    sha256 = "sha256-xK6rSvI3L5wVcTBxJJndAVQMxjpsA5jMq0GeWNmCodI=";
+    sha256 = "sha256-AiyY6mGM+jHu9n39t/cYj+I5CE+a3vA4P0THNEFoZrk=";
   };
 
   desktopItem = makeDesktopItem {

pkgs/tools/typesetting/sile/default.nix

@@ -43,11 +43,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "sile";
-  version = "0.14.4";
+  version = "0.14.5";
 
   src = fetchurl {
     url = "https://github.com/sile-typesetter/sile/releases/download/v${version}/${pname}-${version}.tar.xz";
-    sha256 = "091sy3k29q15ksqr650qmf9lz8j9lqbabfph4cf63plg4dnf9m98";
+    sha256 = "01wf0rihksk2ldxgci5vzl3j575vnp6wgk12yd28mwzxkss6n39g";
   };
 
   configureFlags = [

pkgs/top-level/all-packages.nix

@@ -15256,6 +15256,7 @@ with pkgs;
   };
   rustup-toolchain-install-master = callPackage ../development/tools/rust/rustup-toolchain-install-master {
     inherit (darwin.apple_sdk.frameworks) Security;
+    openssl = openssl_1_1;
   };
   rusty-man = callPackage ../development/tools/rust/rusty-man { };
 
@@ -23704,9 +23705,8 @@ with pkgs;
 
   hasura-cli = callPackage ../servers/hasura/cli.nix { };
 
-  inherit (callPackage ../servers/hbase {}) hbase_1_7 hbase_2_4 hbase_3_0;
+  inherit (callPackage ../servers/hbase {}) hbase_2_4 hbase_2_5 hbase_3_0;
-  hbase1 = hbase_1_7;
+  hbase2 = hbase_2_5;
-  hbase2 = hbase_2_4;
   hbase3 = hbase_3_0;
   hbase = hbase2; # when updating, point to the latest stable release
 

pkgs/top-level/python-aliases.nix

@@ -77,6 +77,7 @@ mapAliases ({
   face_recognition_models = face-recognition-models; # added 2022-10-15
   fake_factory = throw "fake_factory has been removed because it is unused and deprecated by upstream since 2016."; # added 2022-05-30
   faulthandler = throw "faulthandler is built into ${python.executable}"; # added 2021-07-12
+  filemagic = throw "inactive since 2014, so use python-magic instead"; # added 2022-11-19
   flask_login = flask-login; # added 2022-10-17
   flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20
   flask_testing = flask-testing; # added 2022-04-25

pkgs/top-level/python-packages.nix

@@ -3228,8 +3228,6 @@ self: super: with self; {
 
   filelock = callPackage ../development/python-modules/filelock { };
 
-  filemagic = callPackage ../development/python-modules/filemagic { };
-
   filetype = callPackage ../development/python-modules/filetype { };
 
   filterpy = callPackage ../development/python-modules/filterpy { };
@@ -6971,6 +6969,8 @@ self: super: with self; {
 
   ppdeep = callPackage ../development/python-modules/ppdeep { };
 
+  prodict = callPackage ../development/python-modules/prodict { };
+
   proxy_tools = callPackage ../development/python-modules/proxy_tools { };
 
   py-nextbusnext = callPackage ../development/python-modules/py-nextbusnext { };