diff --git a/.github/workflows/check-by-name.yml b/.github/workflows/check-by-name.yml index 294775fa1c8e..5e3e65641f82 100644 --- a/.github/workflows/check-by-name.yml +++ b/.github/workflows/check-by-name.yml @@ -8,8 +8,9 @@ on: # Using pull_request_target instead of pull_request avoids having to approve first time contributors pull_request_target -# The tool doesn't need any permissions, it only outputs success or not based on the checkout -permissions: {} +permissions: + # We need this permission to cancel the workflow run if there's a merge conflict + actions: write jobs: check: @@ -62,7 +63,14 @@ jobs: if [[ "$mergeable" == "true" ]]; then echo "The PR can be merged, checking the merge commit $mergedSha" else - echo "The PR cannot be merged, it has a merge conflict" + echo "The PR cannot be merged, it has a merge conflict, cancelling the workflow.." + gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/cancel + sleep 60 + # If it's still not canceled after a minute, something probably went wrong, just exit exit 1 fi echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2173e7c338f6..3ede9b1304c0 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -278,6 +278,7 @@ ./programs/wayland/waybar.nix ./programs/wayland/wayfire.nix ./programs/weylus.nix + ./programs/winbox.nix ./programs/wireshark.nix ./programs/xastir.nix ./programs/wshowkeys.nix diff --git a/nixos/modules/programs/winbox.nix b/nixos/modules/programs/winbox.nix new file mode 100644 index 000000000000..6af299d52009 --- /dev/null +++ b/nixos/modules/programs/winbox.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.winbox; +in +{ + options.programs.winbox = { + enable = lib.mkEnableOption ("MikroTik Winbox"); + package = lib.mkPackageOption pkgs "winbox" { }; + + openFirewall = lib.mkOption { + description = '' + Whether to open ports for the MikroTik Neighbor Discovery protocol. Required for Winbox neighbor discovery. + ''; + default = false; + type = lib.types.bool; + }; + }; + + config = lib.mkIf cfg.enable { + networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 5678 ]; + }; +} diff --git a/nixos/modules/services/network-filesystems/kubo.nix b/nixos/modules/services/network-filesystems/kubo.nix index fbf9b32a2b25..e0b3fb0f36a7 100644 --- a/nixos/modules/services/network-filesystems/kubo.nix +++ b/nixos/modules/services/network-filesystems/kubo.nix @@ -361,6 +361,8 @@ in Group = cfg.group; StateDirectory = ""; ReadWritePaths = optionals (!cfg.autoMount) [ "" cfg.dataDir ]; + # Make sure the socket units are started before ipfs.service + Sockets = [ "ipfs-gateway.socket" "ipfs-api.socket" ]; } // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; }; } // optionalAttrs (!cfg.startWhenNeeded) { wantedBy = [ "default.target" ]; diff --git a/nixos/modules/services/networking/quicktun.nix b/nixos/modules/services/networking/quicktun.nix index 7aed972adc88..2d44659f2080 100644 --- a/nixos/modules/services/networking/quicktun.nix +++ b/nixos/modules/services/networking/quicktun.nix @@ -1,94 +1,153 @@ -{ config, pkgs, lib, ... }: +{ options, config, pkgs, lib, ... }: let + inherit (lib) mkOption mdDoc types mkIf; + opt = options.services.quicktun; cfg = config.services.quicktun; - in - -with lib; - { options = { - services.quicktun = mkOption { default = { }; - description = lib.mdDoc "QuickTun tunnels"; - type = types.attrsOf (types.submodule { + description = mdDoc '' + QuickTun tunnels. + + See for more information about available options. + ''; + type = types.attrsOf (types.submodule ({ name, ... }: let + qtcfg = cfg.${name}; + in { options = { tunMode = mkOption { - type = types.int; - default = 0; - example = 1; - description = lib.mdDoc ""; + type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1); + default = false; + example = true; + description = mdDoc "Whether to operate in tun (IP) or tap (Ethernet) mode."; }; remoteAddress = mkOption { type = types.str; + default = "0.0.0.0"; example = "tunnel.example.com"; - description = lib.mdDoc ""; + description = mdDoc '' + IP address or hostname of the remote end (use `0.0.0.0` for a floating/dynamic remote endpoint). + ''; }; localAddress = mkOption { - type = types.str; + type = with types; nullOr str; + default = null; example = "0.0.0.0"; - description = lib.mdDoc ""; + description = mdDoc "IP address or hostname of the local end."; }; localPort = mkOption { - type = types.int; + type = types.port; default = 2998; - description = lib.mdDoc ""; + description = mdDoc "Local UDP port."; }; remotePort = mkOption { - type = types.int; - default = 2998; - description = lib.mdDoc ""; + type = types.port; + default = qtcfg.localPort; + defaultText = lib.literalExpression "config.services.quicktun..localPort"; + description = mdDoc " remote UDP port"; }; remoteFloat = mkOption { - type = types.int; - default = 0; - description = lib.mdDoc ""; + type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1); + default = false; + example = true; + description = mdDoc '' + Whether to allow the remote address and port to change when properly encrypted packets are received. + ''; }; protocol = mkOption { - type = types.str; + type = types.enum [ "raw" "nacl0" "nacltai" "salty" ]; default = "nacltai"; - description = lib.mdDoc ""; + description = mdDoc "Which protocol to use."; }; privateKey = mkOption { - type = types.str; - description = lib.mdDoc ""; + type = with types; nullOr str; + default = null; + description = mdDoc '' + Local secret key in hexadecimal form. + + ::: {.warning} + This option is deprecated. Please use {var}`services.quicktun..privateKeyFile` instead. + ::: + + ::: {.note} + Not needed when {var}`services.quicktun..protocol` is set to `raw`. + ::: + ''; + }; + + privateKeyFile = mkOption { + type = with types; nullOr path; + # This is a hack to deprecate `privateKey` without using `mkChangedModuleOption` + default = if qtcfg.privateKey == null then null else pkgs.writeText "quickttun-key-${name}" qtcfg.privateKey; + defaultText = "null"; + description = mdDoc '' + Path to file containing local secret key in binary or hexadecimal form. + + ::: {.note} + Not needed when {var}`services.quicktun..protocol` is set to `raw`. + ::: + ''; }; publicKey = mkOption { - type = types.str; - description = lib.mdDoc ""; + type = with types; nullOr str; + default = null; + description = mdDoc '' + Remote public key in hexadecimal form. + + ::: {.note} + Not needed when {var}`services.quicktun..protocol` is set to `raw`. + ::: + ''; }; timeWindow = mkOption { - type = types.int; + type = types.ints.unsigned; default = 5; - description = lib.mdDoc ""; + description = mdDoc '' + Allowed time window for first received packet in seconds (positive number allows packets from history) + ''; }; upScript = mkOption { - type = types.lines; - default = ""; - description = lib.mdDoc ""; + type = with types; nullOr lines; + default = null; + description = mdDoc '' + Run specified command or script after the tunnel device has been opened. + ''; }; }; - }); + })); }; - }; - config = mkIf (cfg != []) { - systemd.services = foldr (a: b: a // b) {} ( - mapAttrsToList (name: qtcfg: { + config = { + warnings = lib.pipe cfg [ + (lib.mapAttrsToList (name: value: if value.privateKey != null then name else null)) + (builtins.filter (n: n != null)) + (map (n: " - services.quicktun.${n}.privateKey")) + (services: lib.optional (services != [ ]) '' + `services.quicktun..privateKey` is deprecated. + Please use `services.quicktun..privateKeyFile` instead. + + Offending options: + ${lib.concatStringsSep "\n" services} + '') + ]; + + systemd.services = lib.mkMerge ( + lib.mapAttrsToList (name: qtcfg: { "quicktun-${name}" = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -96,14 +155,14 @@ with lib; INTERFACE = name; TUN_MODE = toString qtcfg.tunMode; REMOTE_ADDRESS = qtcfg.remoteAddress; - LOCAL_ADDRESS = qtcfg.localAddress; + LOCAL_ADDRESS = mkIf (qtcfg.localAddress != null) (qtcfg.localAddress); LOCAL_PORT = toString qtcfg.localPort; REMOTE_PORT = toString qtcfg.remotePort; REMOTE_FLOAT = toString qtcfg.remoteFloat; - PRIVATE_KEY = qtcfg.privateKey; - PUBLIC_KEY = qtcfg.publicKey; + PRIVATE_KEY_FILE = mkIf (qtcfg.privateKeyFile != null) qtcfg.privateKeyFile; + PUBLIC_KEY = mkIf (qtcfg.publicKey != null) qtcfg.publicKey; TIME_WINDOW = toString qtcfg.timeWindow; - TUN_UP_SCRIPT = pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript; + TUN_UP_SCRIPT = mkIf (qtcfg.upScript != null) (pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript); SUID = "nobody"; }; serviceConfig = { @@ -114,5 +173,4 @@ with lib; }) cfg ); }; - } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2b2a7ce71ecc..0905f405457e 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -717,6 +717,7 @@ in { qgis-ltr = handleTest ./qgis.nix { qgisPackage = pkgs.qgis-ltr; }; qownnotes = handleTest ./qownnotes.nix {}; quake3 = handleTest ./quake3.nix {}; + quicktun = handleTest ./quicktun.nix {}; quorum = handleTest ./quorum.nix {}; rabbitmq = handleTest ./rabbitmq.nix {}; radarr = handleTest ./radarr.nix {}; diff --git a/nixos/tests/kubo/default.nix b/nixos/tests/kubo/default.nix index 629922fc366d..d8c0c69dc1fb 100644 --- a/nixos/tests/kubo/default.nix +++ b/nixos/tests/kubo/default.nix @@ -1,5 +1,7 @@ { recurseIntoAttrs, runTest }: recurseIntoAttrs { kubo = runTest ./kubo.nix; - kubo-fuse = runTest ./kubo-fuse.nix; + # The FUSE functionality is completely broken since Kubo v0.24.0 + # See https://github.com/ipfs/kubo/issues/10242 + # kubo-fuse = runTest ./kubo-fuse.nix; } diff --git a/nixos/tests/kubo/kubo.nix b/nixos/tests/kubo/kubo.nix index 7965ad277385..b8222c652b33 100644 --- a/nixos/tests/kubo/kubo.nix +++ b/nixos/tests/kubo/kubo.nix @@ -46,6 +46,13 @@ f"ipfs --api /unix/run/ipfs.sock cat /ipfs/{ipfs_hash.strip()} | grep fnord2" ) + machine.stop_job("ipfs") + + with subtest("Socket activation for the Gateway"): + machine.succeed( + f"curl 'http://127.0.0.1:8080/ipfs/{ipfs_hash.strip()}' | grep fnord2" + ) + with subtest("Setting dataDir works properly with the hardened systemd unit"): machine.succeed("test -e /mnt/ipfs/config") machine.succeed("test ! -e /var/lib/ipfs/") diff --git a/nixos/tests/quicktun.nix b/nixos/tests/quicktun.nix new file mode 100644 index 000000000000..a5a632457117 --- /dev/null +++ b/nixos/tests/quicktun.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +{ + name = "quicktun"; + meta.maintainers = with lib.maintainers; [ h7x4 ]; + + nodes = { + machine = { ... }: { + services.quicktun."test-tunnel" = { + protocol = "raw"; + }; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("quicktun-test-tunnel.service") + ''; +}) diff --git a/pkgs/applications/audio/lsp-plugins/default.nix b/pkgs/applications/audio/lsp-plugins/default.nix index 43e5338cb9bb..e6db737c4016 100644 --- a/pkgs/applications/audio/lsp-plugins/default.nix +++ b/pkgs/applications/audio/lsp-plugins/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pkg-config, makeWrapper +{ lib, stdenv, fetchurl, fetchpatch, pkg-config, makeWrapper , libsndfile, jack2 , libGLU, libGL, lv2, cairo , ladspaH, php, libXrandr }: @@ -11,6 +11,14 @@ stdenv.mkDerivation rec { url = "https://github.com/sadko4u/${pname}/releases/download/${version}/${pname}-src-${version}.tar.gz"; sha256 = "sha256-eJO+1fCNzqjTdGrPlhIrHc3UimkJOydRqTq49IN+Iwo="; }; + patches = [ + (fetchpatch { + url = "https://github.com/lsp-plugins/lsp-dsp-lib/commit/58c3f985f009c84347fa91236f164a9e47aafa93.patch"; + stripLen = 1; + extraPrefix = "modules/lsp-dsp-lib/"; + hash = "sha256-pCLucLijXOgp69xNjSRCRxgVoQziT0YiHLnQGbkefqE="; + }) + ]; outputs = [ "out" "dev" "doc" ]; diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/generic.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/generic.nix index 68c5552b251c..15db7d09ac42 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/generic.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/generic.nix @@ -159,8 +159,7 @@ in stdenv.mkDerivation rec { preFixup = '' gappsWrapperArgs+=( --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc pipewire ] }" - # Currently crashes see https://github.com/NixOS/nixpkgs/issues/222043 - #--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} ) diff --git a/pkgs/applications/radio/gridtracker/default.nix b/pkgs/applications/radio/gridtracker/default.nix index d3a6d104dc26..c961e1bd2d49 100644 --- a/pkgs/applications/radio/gridtracker/default.nix +++ b/pkgs/applications/radio/gridtracker/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "gridtracker"; - version = "1.23.1202"; + version = "1.23.1207"; src = fetchFromGitLab { owner = "gridtracker.org"; repo = "gridtracker"; rev = "v${version}"; - sha256 = "sha256-XrHA+h6qAYyZjp/C7+oS3eAvX0ptD+T4UKFzM2ROBCw="; + sha256 = "sha256-r7H+fds8FbSLDxPQqn0XUPC6loLgsaNX+DBqJJ96/d4="; }; nativeBuildInputs = [ wrapGAppsHook ]; diff --git a/pkgs/applications/version-management/git-machete/default.nix b/pkgs/applications/version-management/git-machete/default.nix index a1f45d65db35..776ec66d3a77 100644 --- a/pkgs/applications/version-management/git-machete/default.nix +++ b/pkgs/applications/version-management/git-machete/default.nix @@ -12,13 +12,13 @@ buildPythonApplication rec { pname = "git-machete"; - version = "3.20.0"; + version = "3.22.0"; src = fetchFromGitHub { owner = "virtuslab"; repo = pname; rev = "v${version}"; - hash = "sha256-6TntyAkDIcCVcAsNdAlgvKYO7Db0oMDWKW92rMRIDI4="; + hash = "sha256-2oEpBNMHj4qpkPp8rXEMsRRiRQeC30hQCQh7d8bOLUU="; }; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/applications/video/ani-cli/default.nix b/pkgs/applications/video/ani-cli/default.nix index 389d00dc1a41..375a930b0294 100644 --- a/pkgs/applications/video/ani-cli/default.nix +++ b/pkgs/applications/video/ani-cli/default.nix @@ -21,13 +21,13 @@ assert withMpv || withVlc || withIina; stdenvNoCC.mkDerivation rec { pname = "ani-cli"; - version = "4.6"; + version = "4.7"; src = fetchFromGitHub { owner = "pystardust"; repo = "ani-cli"; rev = "v${version}"; - hash = "sha256-ahyCD4QsYyb3xtNK03HITeF0+hJFIHZ+PAjisuS/Kdo="; + hash = "sha256-Ll4bHKrDZukoQX35iiMI6rMSgiTC6wp7fHUnOMPagOA="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/video/davinci-resolve/default.nix b/pkgs/applications/video/davinci-resolve/default.nix index 5b44ddc042a3..951d46d783b0 100644 --- a/pkgs/applications/video/davinci-resolve/default.nix +++ b/pkgs/applications/video/davinci-resolve/default.nix @@ -31,7 +31,7 @@ let davinci = ( stdenv.mkDerivation rec { pname = "davinci-resolve${lib.optionalString studioVariant "-studio"}"; - version = "18.6.3"; + version = "18.6.4"; nativeBuildInputs = [ (appimage-run.override { buildFHSEnv = buildFHSEnvChroot; } ) @@ -52,8 +52,8 @@ let outputHashAlgo = "sha256"; outputHash = if studioVariant - then "sha256-OX8PyMhfl0jRdXBNsjlwkCAh8XUNJv8HEbmyAdjIv18=" - else "sha256-PNzdVxGgXIHM2vi3ChHx67TQBFlCYBOZCiFkDi/RSu4="; + then "sha256-Us8DsxdGwBxUL+yUHT9DNJFIV7EO+J9CSN2Juyf8VQ4=" + else "sha256-yPdfmS42ID7MOTB3XlGXfOqp46kRLR8martJ9gWqDjA="; impureEnvVars = lib.fetchers.proxyImpureEnvVars; diff --git a/pkgs/applications/virtualization/ddev/default.nix b/pkgs/applications/virtualization/ddev/default.nix index 5ea3aa54b2ef..3709b8dbd901 100644 --- a/pkgs/applications/virtualization/ddev/default.nix +++ b/pkgs/applications/virtualization/ddev/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "ddev"; - version = "1.22.5"; + version = "1.22.6"; src = fetchFromGitHub { owner = "ddev"; repo = "ddev"; rev = "v${version}"; - hash = "sha256-s4uRS/BIRjVVN3u+ocy2RcwSnvJLtWpkvxtvgumuWtk="; + hash = "sha256-i+uubmCQwJALt7YRuANpEN2AAn9i6880MaXkayIZ82g="; }; vendorHash = null; diff --git a/pkgs/by-name/ca/cargo-xwin/package.nix b/pkgs/by-name/ca/cargo-xwin/package.nix index 0b759f520975..6052d780ced3 100644 --- a/pkgs/by-name/ca/cargo-xwin/package.nix +++ b/pkgs/by-name/ca/cargo-xwin/package.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-xwin"; - version = "0.14.9"; + version = "0.16.2"; src = fetchFromGitHub { owner = "rust-cross"; repo = "cargo-xwin"; rev = "v${version}"; - hash = "sha256-y2hlzewDWYxkKhr77JB3lkYo5hexcdmPiCRbXLtnolM="; + hash = "sha256-EZM1TeWUnoRcsF6m6mDNCoUR2WWe7ohqT3wNWnq0kQY="; }; - cargoHash = "sha256-uIFjWgoNCU5kUX4i1Law/YE0TmFLOi6V3Y4b9BpQlI4="; + cargoHash = "sha256-MEBMXP7a/w2aN6RuWrm16PsnIPw6+8k5jI2yRnwBy0s="; buildInputs = lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security diff --git a/pkgs/development/tools/hjson-go/default.nix b/pkgs/by-name/hj/hjson-go/package.nix similarity index 86% rename from pkgs/development/tools/hjson-go/default.nix rename to pkgs/by-name/hj/hjson-go/package.nix index 00af9d409f81..0e625e2985b6 100644 --- a/pkgs/development/tools/hjson-go/default.nix +++ b/pkgs/by-name/hj/hjson-go/package.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "hjson-go"; - version = "4.3.1"; + version = "4.4.0"; src = fetchFromGitHub { owner = "hjson"; repo = pname; rev = "v${version}"; - hash = "sha256-ox6/PY7Nx282bUekLoXezWfKDiDzCBUZMa5/nu2qG40="; + hash = "sha256-fonPxk/9ue8LzHTdKpuHJcucQoMl4P6gq+tbjS8Ui7Q="; }; vendorHash = null; diff --git a/pkgs/applications/networking/kubo/default.nix b/pkgs/by-name/ku/kubo/package.nix similarity index 94% rename from pkgs/applications/networking/kubo/default.nix rename to pkgs/by-name/ku/kubo/package.nix index 117fbc850d06..ae20f84e8170 100644 --- a/pkgs/applications/networking/kubo/default.nix +++ b/pkgs/by-name/ku/kubo/package.nix @@ -7,7 +7,7 @@ buildGoModule rec { pname = "kubo"; - version = "0.24.0"; # When updating, also check if the repo version changed and adjust repoVersion below + version = "0.25.0"; # When updating, also check if the repo version changed and adjust repoVersion below rev = "v${version}"; passthru.repoVersion = "15"; # Also update kubo-migrator when changing the repo version @@ -15,7 +15,7 @@ buildGoModule rec { # Kubo makes changes to its source tarball that don't match the git source. src = fetchurl { url = "https://github.com/ipfs/kubo/releases/download/${rev}/kubo-source.tar.gz"; - hash = "sha256-stSjLvg8G1EiXon3Qby4wLgbhX7Aaj9pnxcvE32/42k="; + hash = "sha256-+Mk3rDdtjhETmdaOOSXEFdLTJ0nX9G3qUxctsu5vrSc="; }; # tarball contains multiple files/directories diff --git a/pkgs/applications/networking/kubo/test-repoVersion.nix b/pkgs/by-name/ku/kubo/test-repoVersion.nix similarity index 100% rename from pkgs/applications/networking/kubo/test-repoVersion.nix rename to pkgs/by-name/ku/kubo/test-repoVersion.nix diff --git a/pkgs/development/libraries/crocoddyl/default.nix b/pkgs/development/libraries/crocoddyl/default.nix index a25ca5b97dff..efba13612298 100644 --- a/pkgs/development/libraries/crocoddyl/default.nix +++ b/pkgs/development/libraries/crocoddyl/default.nix @@ -11,14 +11,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "crocoddyl"; - version = "2.0.1"; + version = "2.0.2"; src = fetchFromGitHub { owner = "loco-3d"; repo = finalAttrs.pname; rev = "v${finalAttrs.version}"; fetchSubmodules = true; - hash = "sha256-h7rzLSvmWOZCP8rvmUEhFeMEiPhojfbvkt+fNKpgoXo="; + hash = "sha256-MsAXHfxLNlIK/PbtVTjvBN1Jk3dyGEkfpj3/98nExj4="; }; strictDeps = true; diff --git a/pkgs/development/libraries/httplib/default.nix b/pkgs/development/libraries/httplib/default.nix index a887ea55330f..22c81d57e9df 100644 --- a/pkgs/development/libraries/httplib/default.nix +++ b/pkgs/development/libraries/httplib/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "httplib"; - version = "0.14.1"; + version = "0.14.2"; src = fetchFromGitHub { owner = "yhirose"; repo = "cpp-httplib"; rev = "v${version}"; - hash = "sha256-JBs2FvcdAvxysYhzakP0wU/mUCWfKZ8dk5ROWL5sej0="; + hash = "sha256-JfxeXHo34MKtAkMO3pNWiPorh3f8s4SVrdAaydVYdrY="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index 22b0f8af2043..8e735369e076 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -85,7 +85,6 @@ stdenv.mkDerivation rec { description = "Library and utilities for working with the TIFF image file format"; homepage = "https://libtiff.gitlab.io/libtiff"; changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html"; - maintainers = with maintainers; [ qyliss ]; license = licenses.libtiff; platforms = platforms.unix; }; diff --git a/pkgs/development/misc/juce/default.nix b/pkgs/development/misc/juce/default.nix index 6c409a18e7aa..ced9acc27c4f 100644 --- a/pkgs/development/misc/juce/default.nix +++ b/pkgs/development/misc/juce/default.nix @@ -20,13 +20,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "juce"; - version = "7.0.7"; + version = "7.0.9"; src = fetchFromGitHub { owner = "juce-framework"; repo = "juce"; rev = finalAttrs.version; - hash = "sha256-r+Wf/skPDexm3rsrVBoWrygKvV9HGlCQd7r0iHr9avM="; + hash = "sha256-k8cNTPH9OgOav4dsSLqrd5PlJ1rqO0PLt6Lwmumc2Gg="; }; patches = [ diff --git a/pkgs/development/tools/grpc-gateway/default.nix b/pkgs/development/tools/grpc-gateway/default.nix index 08452c98c286..52a4b4295a6a 100644 --- a/pkgs/development/tools/grpc-gateway/default.nix +++ b/pkgs/development/tools/grpc-gateway/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "grpc-gateway"; - version = "2.18.0"; + version = "2.18.1"; src = fetchFromGitHub { owner = "grpc-ecosystem"; repo = "grpc-gateway"; rev = "v${version}"; - sha256 = "sha256-FVb3x/wZ0jLI17lXAT/lcUpJiq3ZcvWjFnORynOvfmY="; + sha256 = "sha256-mbRceXqc7UmrhM2Y6JJIUvMf9YxMFMjRW7VvEa8/xHs="; }; - vendorHash = "sha256-SV2ZO8Y9yt6iyw9VvNY0xpqZIzLrTyHYYpIpzcEVsLY="; + vendorHash = "sha256-zVojs4q8TytJY3myKvLdACnMFJ0iK9Cfn+aZ4d/j34s="; meta = with lib; { description = diff --git a/pkgs/development/tools/rust/cargo-run-bin/default.nix b/pkgs/development/tools/rust/cargo-run-bin/default.nix index 91d914422277..facc1566a990 100644 --- a/pkgs/development/tools/rust/cargo-run-bin/default.nix +++ b/pkgs/development/tools/rust/cargo-run-bin/default.nix @@ -5,14 +5,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-run-bin"; - version = "1.5.0"; + version = "1.6.0"; src = fetchCrate { inherit pname version; - hash = "sha256-FPkZk5qKHrRR3V8s04yLgOVOKj+Rln3Cu/VW2bnr2fE="; + hash = "sha256-PB44m39TDH1z8N3DrxAlZ/FKOdZmpe+U84tbmBBP9VQ="; }; - cargoHash = "sha256-aFHuIEDpGCel1FC7D0hTUmzHbEj7wVarsE0wNZ/3Khw="; + cargoHash = "sha256-FMlirUr3c8QhnTmTHvfNPff7PYlWSl83vCGLOLbyaR4="; # multiple impurities in tests doCheck = false; diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix index 84813723fb05..bea03fc1e8a2 100644 --- a/pkgs/os-specific/linux/iwd/default.nix +++ b/pkgs/os-specific/linux/iwd/default.nix @@ -14,12 +14,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "2.10"; + version = "2.11"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - hash = "sha256-zePFmcQRFjcH6KToTpBFMQzGY+Eq7jijfn0R/MMKGrw="; + hash = "sha256-kE9GBVTKNpgEuE9jQ7k85OhEAN3VWgjmAgifvZfq46I="; }; # Revert test that's broken on aarch64 diff --git a/pkgs/servers/consul/default.nix b/pkgs/servers/consul/default.nix index 2d449c531cc8..dee27e5877dc 100644 --- a/pkgs/servers/consul/default.nix +++ b/pkgs/servers/consul/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "consul"; - version = "1.16.3"; + version = "1.17.0"; rev = "v${version}"; # Note: Currently only release tags are supported, because they have the Consul UI @@ -17,7 +17,7 @@ buildGoModule rec { owner = "hashicorp"; repo = pname; inherit rev; - hash = "sha256-XxT+66CNuDeVBoaNhlgET5bJYB/KDCjcO0RDmyI6S9o="; + hash = "sha256-fAcgO7r0GrL2GrsX7flezhbQMcg+YBH6Lrn7BW2XMwM="; }; passthru.tests.consul = nixosTests.consul; @@ -26,7 +26,7 @@ buildGoModule rec { # has a split module structure in one repo subPackages = ["." "connect/certgen"]; - vendorHash = "sha256-WNvdHT915GSTFhZZfoi/MCHAjzBVYkhUiPNPw5GDT4s="; + vendorHash = "sha256-xxREyw7xgx9Zp7nua1yq39TioWvRQXOhWqYaK6eJaOc="; doCheck = false; diff --git a/pkgs/servers/http/bozohttpd/default.nix b/pkgs/servers/http/bozohttpd/default.nix index 5fd9f350b117..038548bb16fa 100644 --- a/pkgs/servers/http/bozohttpd/default.nix +++ b/pkgs/servers/http/bozohttpd/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { # bozohttpd is developed in-tree in pkgsrc, canonical hashes can be found at: # http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/bozohttpd/distinfo src = fetchurl { - url = "http://www.eterna.com.au/${pname}/${pname}-${version}.tar.bz2"; + url = "http://eterna23.net/${pname}/${pname}-${version}.tar.bz2"; hash = "sha512-J1uPqzzy5sWXIWgsrpUtuV2lvTsfIGgCQMbPEClGNpP2/soEf77146PnUotAt7LoeypW/YALYS5nmhbySJDltg=="; }; diff --git a/pkgs/servers/janus-gateway/default.nix b/pkgs/servers/janus-gateway/default.nix index d62be801a4ca..a8af63754277 100644 --- a/pkgs/servers/janus-gateway/default.nix +++ b/pkgs/servers/janus-gateway/default.nix @@ -15,13 +15,13 @@ in stdenv.mkDerivation rec { pname = "janus-gateway"; - version = "1.2.0"; + version = "1.2.1"; src = fetchFromGitHub { owner = "meetecho"; repo = pname; rev = "v${version}"; - sha256 = "sha256-YbY7wcd8YHcPo5w4n54gjOtepYLbboLsrLij7oYzhco="; + sha256 = "sha256-Bqb4UO4R5CnV8+2OthGrEVORzH+k+zgzI4UsvwRHgk8="; }; nativeBuildInputs = [ autoreconfHook pkg-config gengetopt ]; diff --git a/pkgs/test/nixpkgs-check-by-name/README.md b/pkgs/test/nixpkgs-check-by-name/README.md index 146cea0a64ba..19865ca0952b 100644 --- a/pkgs/test/nixpkgs-check-by-name/README.md +++ b/pkgs/test/nixpkgs-check-by-name/README.md @@ -4,27 +4,14 @@ This directory implements a program to check the [validity](#validity-checks) of It is being used by [this GitHub Actions workflow](../../../.github/workflows/check-by-name.yml). This is part of the implementation of [RFC 140](https://github.com/NixOS/rfcs/pull/140). -## API +## Interface -This API may be changed over time if the CI workflow making use of it is adjusted to deal with the change appropriately. +The interface of the tool is shown with `--help`: +``` +cargo run -- --help +``` -- Command line: `nixpkgs-check-by-name ` -- Arguments: - - ``: The path to the Nixpkgs to check - - `--version `: The version of the checks to perform. - - Possible values: - - `v0` (default) - - `v1` - - See [validation](#validity-checks) for the differences. -- Exit code: - - `0`: If the [validation](#validity-checks) is successful - - `1`: If the [validation](#validity-checks) is not successful - - `2`: If an unexpected I/O error occurs -- Standard error: - - Informative messages - - Detected problems if validation is not successful +The interface may be changed over time only if the CI workflow making use of it is adjusted to deal with the change appropriately. ## Validity checks @@ -32,7 +19,7 @@ These checks are performed by this tool: ### File structure checks - `pkgs/by-name` must only contain subdirectories of the form `${shard}/${name}`, called _package directories_. -- The `name`'s of package directories must be unique when lowercased +- The `name`'s of package directories must be unique when lowercased. - `name` is a string only consisting of the ASCII characters `a-z`, `A-Z`, `0-9`, `-` or `_`. - `shard` is the lowercased first two letters of `name`, expressed in Nix: `shard = toLower (substring 0 2 name)`. - Each package directory must contain a `package.nix` file and may contain arbitrary other files. @@ -41,9 +28,21 @@ These checks are performed by this tool: - Each package directory must not refer to files outside itself using symlinks or Nix path expressions. ### Nix evaluation checks -- `pkgs.${name}` is defined as `callPackage pkgs/by-name/${shard}/${name}/package.nix args` for some `args`. - - **Only after --version v1**: If `pkgs.${name}` is not auto-called from `pkgs/by-name`, `args` must not be empty -- `pkgs.lib.isDerivation pkgs.${name}` is `true`. +- For each package directory, the `pkgs.${name}` attribute must be defined as `callPackage pkgs/by-name/${shard}/${name}/package.nix args` for some `args`. +- For each package directory, `pkgs.lib.isDerivation pkgs.${name}` must be `true`. + +### Ratchet checks + +Furthermore, this tool implements certain [ratchet](https://qntm.org/ratchet) checks. +This allows gradually phasing out deprecated patterns without breaking the base branch or having to migrate it all at once. +It works by not allowing new instances of the pattern to be introduced, but allowing already existing instances. +The existing instances are coming from ``, which is then checked against `` for new instances. +Ratchets should be removed eventually once the pattern is not used anymore. + +The current ratchets are: + +- New manual definitions of `pkgs.${name}` (e.g. in `pkgs/top-level/all-packages.nix`) with `args = { }` + (see [nix evaluation checks](#nix-evaluation-checks)) must not be introduced. ## Development @@ -86,6 +85,10 @@ Tests are declared in [`./tests`](./tests) as subdirectories imitating Nixpkgs w allowing the simulation of package overrides to the real [`pkgs/top-level/all-packages.nix`](../../top-level/all-packages.nix`). The default is an empty overlay. +- `base` (optional): + Contains another subdirectory imitating Nixpkgs with potentially any of the above structures. + This is used for [ratchet checks](#ratchet-checks). + - `expected` (optional): A file containing the expected standard output. The default is expecting an empty standard output. diff --git a/pkgs/test/nixpkgs-check-by-name/src/eval.rs b/pkgs/test/nixpkgs-check-by-name/src/eval.rs index 161d013374e7..cd8c70472cf2 100644 --- a/pkgs/test/nixpkgs-check-by-name/src/eval.rs +++ b/pkgs/test/nixpkgs-check-by-name/src/eval.rs @@ -1,7 +1,7 @@ use crate::nixpkgs_problem::NixpkgsProblem; +use crate::ratchet; use crate::structure; use crate::validation::{self, Validation::Success}; -use crate::Version; use std::path::Path; use anyhow::Context; @@ -39,11 +39,10 @@ enum AttributeVariant { /// of the form `callPackage { ... }`. /// See the `eval.nix` file for how this is achieved on the Nix side pub fn check_values( - version: Version, nixpkgs_path: &Path, package_names: Vec, - eval_accessible_paths: Vec<&Path>, -) -> validation::Result<()> { + eval_accessible_paths: &[&Path], +) -> validation::Result { // Write the list of packages we need to check into a temporary JSON file. // This can then get read by the Nix evaluation. let attrs_file = NamedTempFile::new().context("Failed to create a temporary file")?; @@ -110,39 +109,13 @@ pub fn check_values( String::from_utf8_lossy(&result.stdout) ))?; - Ok(validation::sequence_(package_names.iter().map( - |package_name| { - let relative_package_file = structure::relative_file_for_package(package_name); + Ok( + validation::sequence(package_names.into_iter().map(|package_name| { + let relative_package_file = structure::relative_file_for_package(&package_name); let absolute_package_file = nixpkgs_path.join(&relative_package_file); - if let Some(attribute_info) = actual_files.get(package_name) { - let valid = match &attribute_info.variant { - AttributeVariant::AutoCalled => true, - AttributeVariant::CallPackage { path, empty_arg } => { - let correct_file = if let Some(call_package_path) = path { - absolute_package_file == *call_package_path - } else { - false - }; - // Only check for the argument to be non-empty if the version is V1 or - // higher - let non_empty = if version >= Version::V1 { - !empty_arg - } else { - true - }; - correct_file && non_empty - } - AttributeVariant::Other => false, - }; - - if !valid { - NixpkgsProblem::WrongCallPackage { - relative_package_file: relative_package_file.clone(), - package_name: package_name.clone(), - } - .into() - } else if !attribute_info.is_derivation { + if let Some(attribute_info) = actual_files.get(&package_name) { + let check_result = if !attribute_info.is_derivation { NixpkgsProblem::NonDerivation { relative_package_file: relative_package_file.clone(), package_name: package_name.clone(), @@ -150,7 +123,44 @@ pub fn check_values( .into() } else { Success(()) - } + }; + + let check_result = check_result.and(match &attribute_info.variant { + AttributeVariant::AutoCalled => Success(ratchet::Package { + empty_non_auto_called: ratchet::EmptyNonAutoCalled::Valid, + }), + AttributeVariant::CallPackage { path, empty_arg } => { + let correct_file = if let Some(call_package_path) = path { + absolute_package_file == *call_package_path + } else { + false + }; + + if correct_file { + Success(ratchet::Package { + // Empty arguments for non-auto-called packages are not allowed anymore. + empty_non_auto_called: if *empty_arg { + ratchet::EmptyNonAutoCalled::Invalid + } else { + ratchet::EmptyNonAutoCalled::Valid + }, + }) + } else { + NixpkgsProblem::WrongCallPackage { + relative_package_file: relative_package_file.clone(), + package_name: package_name.clone(), + } + .into() + } + } + AttributeVariant::Other => NixpkgsProblem::WrongCallPackage { + relative_package_file: relative_package_file.clone(), + package_name: package_name.clone(), + } + .into(), + }); + + check_result.map(|value| (package_name.clone(), value)) } else { NixpkgsProblem::UndefinedAttr { relative_package_file: relative_package_file.clone(), @@ -158,6 +168,9 @@ pub fn check_values( } .into() } - }, - ))) + })) + .map(|elems| ratchet::Nixpkgs { + packages: elems.into_iter().collect(), + }), + ) } diff --git a/pkgs/test/nixpkgs-check-by-name/src/main.rs b/pkgs/test/nixpkgs-check-by-name/src/main.rs index 4cabf8f446f5..18c950d0a6eb 100644 --- a/pkgs/test/nixpkgs-check-by-name/src/main.rs +++ b/pkgs/test/nixpkgs-check-by-name/src/main.rs @@ -1,5 +1,6 @@ mod eval; mod nixpkgs_problem; +mod ratchet; mod references; mod structure; mod utils; @@ -9,37 +10,43 @@ use crate::structure::check_structure; use crate::validation::Validation::Failure; use crate::validation::Validation::Success; use anyhow::Context; -use clap::{Parser, ValueEnum}; +use clap::Parser; use colored::Colorize; use std::io; use std::path::{Path, PathBuf}; use std::process::ExitCode; /// Program to check the validity of pkgs/by-name +/// +/// This CLI interface may be changed over time if the CI workflow making use of +/// it is adjusted to deal with the change appropriately. +/// +/// Exit code: +/// - `0`: If the validation is successful +/// - `1`: If the validation is not successful +/// - `2`: If an unexpected I/O error occurs +/// +/// Standard error: +/// - Informative messages +/// - Detected problems if validation is not successful #[derive(Parser, Debug)] -#[command(about)] +#[command(about, verbatim_doc_comment)] pub struct Args { - /// Path to nixpkgs + /// Path to the main Nixpkgs to check. + /// For PRs, this should be set to a checkout of the PR branch. nixpkgs: PathBuf, - /// The version of the checks - /// Increasing this may cause failures for a Nixpkgs that succeeded before - /// TODO: Remove default once Nixpkgs CI passes this argument - #[arg(long, value_enum, default_value_t = Version::V0)] - version: Version, -} -/// The version of the checks -#[derive(Debug, Clone, PartialEq, PartialOrd, ValueEnum)] -pub enum Version { - /// Initial version - V0, - /// Empty argument check - V1, + /// Path to the base Nixpkgs to run ratchet checks against. + /// For PRs, this should be set to a checkout of the PRs base branch. + /// If not specified, no ratchet checks will be performed. + /// However, this flag will become required once CI uses it. + #[arg(long)] + base: Option, } fn main() -> ExitCode { let args = Args::parse(); - match check_nixpkgs(&args.nixpkgs, args.version, vec![], &mut io::stderr()) { + match process(args.base.as_deref(), &args.nixpkgs, &[], &mut io::stderr()) { Ok(true) => { eprintln!("{}", "Validated successfully".green()); ExitCode::SUCCESS @@ -55,10 +62,11 @@ fn main() -> ExitCode { } } -/// Checks whether the pkgs/by-name structure in Nixpkgs is valid. +/// Does the actual work. This is the abstraction used both by `main` and the tests. /// /// # Arguments -/// - `nixpkgs_path`: The path to the Nixpkgs to check +/// - `base_nixpkgs`: Path to the base Nixpkgs to run ratchet checks against. +/// - `main_nixpkgs`: Path to the main Nixpkgs to check. /// - `eval_accessible_paths`: /// Extra paths that need to be accessible to evaluate Nixpkgs using `restrict-eval`. /// This is used to allow the tests to access the mock-nixpkgs.nix file @@ -68,33 +76,30 @@ fn main() -> ExitCode { /// - `Err(e)` if an I/O-related error `e` occurred. /// - `Ok(false)` if there are problems, all of which will be written to `error_writer`. /// - `Ok(true)` if there are no problems -pub fn check_nixpkgs( - nixpkgs_path: &Path, - version: Version, - eval_accessible_paths: Vec<&Path>, +pub fn process( + base_nixpkgs: Option<&Path>, + main_nixpkgs: &Path, + eval_accessible_paths: &[&Path], error_writer: &mut W, ) -> anyhow::Result { - let nixpkgs_path = nixpkgs_path.canonicalize().context(format!( - "Nixpkgs path {} could not be resolved", - nixpkgs_path.display() - ))?; - - let check_result = if !nixpkgs_path.join(utils::BASE_SUBPATH).exists() { - eprintln!( - "Given Nixpkgs path does not contain a {} subdirectory, no check necessary.", - utils::BASE_SUBPATH - ); - Success(()) - } else { - match check_structure(&nixpkgs_path)? { - Failure(errors) => Failure(errors), - Success(package_names) => - // Only if we could successfully parse the structure, we do the evaluation checks - { - eval::check_values(version, &nixpkgs_path, package_names, eval_accessible_paths)? - } + // Check the main Nixpkgs first + let main_result = check_nixpkgs(main_nixpkgs, eval_accessible_paths, error_writer)?; + let check_result = main_result.result_map(|nixpkgs_version| { + // If the main Nixpkgs doesn't have any problems, run the ratchet checks against the base + // Nixpkgs + if let Some(base) = base_nixpkgs { + check_nixpkgs(base, eval_accessible_paths, error_writer)?.result_map( + |base_nixpkgs_version| { + Ok(ratchet::Nixpkgs::compare( + Some(base_nixpkgs_version), + nixpkgs_version, + )) + }, + ) + } else { + Ok(ratchet::Nixpkgs::compare(None, nixpkgs_version)) } - }; + })?; match check_result { Failure(errors) => { @@ -103,15 +108,45 @@ pub fn check_nixpkgs( } Ok(false) } - Success(_) => Ok(true), + Success(()) => Ok(true), } } +/// Checks whether the pkgs/by-name structure in Nixpkgs is valid. +/// +/// This does not include ratchet checks, see ../README.md#ratchet-checks +/// Instead a `ratchet::Nixpkgs` value is returned, whose `compare` method allows performing the +/// ratchet check against another result. +pub fn check_nixpkgs( + nixpkgs_path: &Path, + eval_accessible_paths: &[&Path], + error_writer: &mut W, +) -> validation::Result { + Ok({ + let nixpkgs_path = nixpkgs_path.canonicalize().context(format!( + "Nixpkgs path {} could not be resolved", + nixpkgs_path.display() + ))?; + + if !nixpkgs_path.join(utils::BASE_SUBPATH).exists() { + writeln!( + error_writer, + "Given Nixpkgs path does not contain a {} subdirectory, no check necessary.", + utils::BASE_SUBPATH + )?; + Success(ratchet::Nixpkgs::default()) + } else { + check_structure(&nixpkgs_path)?.result_map(|package_names| + // Only if we could successfully parse the structure, we do the evaluation checks + eval::check_values(&nixpkgs_path, package_names, eval_accessible_paths))? + } + }) +} + #[cfg(test)] mod tests { - use crate::check_nixpkgs; + use crate::process; use crate::utils; - use crate::Version; use anyhow::Context; use std::fs; use std::path::Path; @@ -197,10 +232,17 @@ mod tests { fn test_nixpkgs(name: &str, path: &Path, expected_errors: &str) -> anyhow::Result<()> { let extra_nix_path = Path::new("tests/mock-nixpkgs.nix"); + let base_path = path.join("base"); + let base_nixpkgs = if base_path.exists() { + Some(base_path.as_path()) + } else { + None + }; + // We don't want coloring to mess up the tests let writer = temp_env::with_var("NO_COLOR", Some("1"), || -> anyhow::Result<_> { let mut writer = vec![]; - check_nixpkgs(&path, Version::V1, vec![&extra_nix_path], &mut writer) + process(base_nixpkgs, &path, &[&extra_nix_path], &mut writer) .context(format!("Failed test case {name}"))?; Ok(writer) })?; diff --git a/pkgs/test/nixpkgs-check-by-name/src/ratchet.rs b/pkgs/test/nixpkgs-check-by-name/src/ratchet.rs new file mode 100644 index 000000000000..c12f1ead2540 --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/src/ratchet.rs @@ -0,0 +1,85 @@ +//! This module implements the ratchet checks, see ../README.md#ratchet-checks +//! +//! Each type has a `compare` method that validates the ratchet checks for that item. + +use crate::nixpkgs_problem::NixpkgsProblem; +use crate::structure; +use crate::validation::{self, Validation, Validation::Success}; +use std::collections::HashMap; + +/// The ratchet value for the entirety of Nixpkgs. +#[derive(Default)] +pub struct Nixpkgs { + /// The ratchet values for each package in `pkgs/by-name` + pub packages: HashMap, +} + +impl Nixpkgs { + /// Validates the ratchet checks for Nixpkgs + pub fn compare(optional_from: Option, to: Self) -> Validation<()> { + validation::sequence_( + // We only loop over the current attributes, + // we don't need to check ones that were removed + to.packages.into_iter().map(|(name, attr_to)| { + let attr_from = if let Some(from) = &optional_from { + from.packages.get(&name) + } else { + // This pretends that if there's no base version to compare against, all + // attributes existed without conforming to the new strictness check for + // backwards compatibility. + // TODO: Remove this case. This is only needed because the `--base` + // argument is still optional, which doesn't need to be once CI is updated + // to pass it. + Some(&Package { + empty_non_auto_called: EmptyNonAutoCalled::Invalid, + }) + }; + Package::compare(&name, attr_from, &attr_to) + }), + ) + } +} + +/// The ratchet value for a single package in `pkgs/by-name` +pub struct Package { + /// The ratchet value for the check for non-auto-called empty arguments + pub empty_non_auto_called: EmptyNonAutoCalled, +} + +impl Package { + /// Validates the ratchet checks for a single package defined in `pkgs/by-name` + pub fn compare(name: &str, optional_from: Option<&Self>, to: &Self) -> Validation<()> { + EmptyNonAutoCalled::compare( + name, + optional_from.map(|x| &x.empty_non_auto_called), + &to.empty_non_auto_called, + ) + } +} + +/// The ratchet value of a single package in `pkgs/by-name` +/// for the non-auto-called empty argument check of a single. +/// +/// This checks that packages defined in `pkgs/by-name` cannot be overridden +/// with an empty second argument like `callPackage ... { }`. +#[derive(PartialEq, PartialOrd)] +pub enum EmptyNonAutoCalled { + Invalid, + Valid, +} + +impl EmptyNonAutoCalled { + /// Validates the non-auto-called empty argument ratchet check for a single package defined in `pkgs/by-name` + fn compare(name: &str, optional_from: Option<&Self>, to: &Self) -> Validation<()> { + let from = optional_from.unwrap_or(&Self::Valid); + if to >= from { + Success(()) + } else { + NixpkgsProblem::WrongCallPackage { + relative_package_file: structure::relative_file_for_package(name), + package_name: name.to_owned(), + } + .into() + } + } +} diff --git a/pkgs/test/nixpkgs-check-by-name/src/validation.rs b/pkgs/test/nixpkgs-check-by-name/src/validation.rs index e72793851521..b14bfb92eb2e 100644 --- a/pkgs/test/nixpkgs-check-by-name/src/validation.rs +++ b/pkgs/test/nixpkgs-check-by-name/src/validation.rs @@ -58,6 +58,15 @@ impl Validation { Success(value) => Success(f(value)), } } + + /// Map a `Validation` to a `Result` by applying a function `A -> Result` + /// only if there is a `Success` value + pub fn result_map(self, f: impl FnOnce(A) -> Result) -> Result { + match self { + Failure(err) => Ok(Failure(err)), + Success(value) => f(value), + } + } } impl Validation<()> { diff --git a/pkgs/test/nixpkgs-check-by-name/tests/no-by-name/expected b/pkgs/test/nixpkgs-check-by-name/tests/no-by-name/expected new file mode 100644 index 000000000000..ddcb2df46e5f --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/no-by-name/expected @@ -0,0 +1 @@ +Given Nixpkgs path does not contain a pkgs/by-name subdirectory, no check necessary. diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/all-packages.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/all-packages.nix new file mode 100644 index 000000000000..d369dd7228dc --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/all-packages.nix @@ -0,0 +1,3 @@ +self: super: { + nonDerivation = self.callPackage ./pkgs/by-name/no/nonDerivation/package.nix { }; +} diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/all-packages.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/all-packages.nix new file mode 100644 index 000000000000..d369dd7228dc --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/all-packages.nix @@ -0,0 +1,3 @@ +self: super: { + nonDerivation = self.callPackage ./pkgs/by-name/no/nonDerivation/package.nix { }; +} diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/default.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/default.nix new file mode 100644 index 000000000000..2875ea6327ef --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/default.nix @@ -0,0 +1 @@ +import ../../mock-nixpkgs.nix { root = ./.; } diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/pkgs/by-name/no/nonDerivation/package.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/pkgs/by-name/no/nonDerivation/package.nix new file mode 100644 index 000000000000..a1b92efbbadb --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/base/pkgs/by-name/no/nonDerivation/package.nix @@ -0,0 +1 @@ +{ someDrv }: someDrv diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/default.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/default.nix new file mode 100644 index 000000000000..af25d1450122 --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/default.nix @@ -0,0 +1 @@ +import ../mock-nixpkgs.nix { root = ./.; } diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/expected b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/pkgs/by-name/no/nonDerivation/package.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/pkgs/by-name/no/nonDerivation/package.nix new file mode 100644 index 000000000000..a1b92efbbadb --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg-gradual/pkgs/by-name/no/nonDerivation/package.nix @@ -0,0 +1 @@ +{ someDrv }: someDrv diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg/base/default.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg/base/default.nix new file mode 100644 index 000000000000..2875ea6327ef --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg/base/default.nix @@ -0,0 +1 @@ +import ../../mock-nixpkgs.nix { root = ./.; } diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg/base/pkgs/by-name/README.md b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg/base/pkgs/by-name/README.md new file mode 100644 index 000000000000..b0d2b34e338a --- /dev/null +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-empty-arg/base/pkgs/by-name/README.md @@ -0,0 +1 @@ +(this is just here so the directory can get tracked by git) diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-no-call-package/all-packages.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-no-call-package/all-packages.nix index 4fad280ae1c7..853c3a87db56 100644 --- a/pkgs/test/nixpkgs-check-by-name/tests/override-no-call-package/all-packages.nix +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-no-call-package/all-packages.nix @@ -1,3 +1,3 @@ self: super: { - nonDerivation = null; + nonDerivation = self.someDrv; } diff --git a/pkgs/test/nixpkgs-check-by-name/tests/override-no-file/all-packages.nix b/pkgs/test/nixpkgs-check-by-name/tests/override-no-file/all-packages.nix index 4c521d2d4468..dc07f69b40ee 100644 --- a/pkgs/test/nixpkgs-check-by-name/tests/override-no-file/all-packages.nix +++ b/pkgs/test/nixpkgs-check-by-name/tests/override-no-file/all-packages.nix @@ -1,3 +1,3 @@ self: super: { - nonDerivation = self.callPackage ({ }: { }) { }; + nonDerivation = self.callPackage ({ someDrv }: someDrv) { }; } diff --git a/pkgs/tools/misc/cf-terraforming/default.nix b/pkgs/tools/misc/cf-terraforming/default.nix index e6858863fc4e..d3c1490d528e 100644 --- a/pkgs/tools/misc/cf-terraforming/default.nix +++ b/pkgs/tools/misc/cf-terraforming/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "cf-terraforming"; - version = "0.16.1"; + version = "0.17.0"; src = fetchFromGitHub { owner = "cloudflare"; repo = "cf-terraforming"; rev = "v${version}"; - sha256 = "sha256-C046oNN+tGvVIakCGJKKQBNHX+L1naaMDIk7tNGNjeQ="; + sha256 = "sha256-XFL9BfTpZaIsNeJLT3wEPFBvyO/VxvFjpApjjxvaGKw="; }; - vendorHash = "sha256-bfxF0qlEbZDczEuFhckqsG00/IzuM18ut/AQ9EMwdh0="; + vendorHash = "sha256-j4J6VAXT+CdU4WkISBunJn6B25CDdaarhFnnLaC4cBE="; ldflags = [ "-X github.com/cloudflare/cf-terraforming/internal/app/cf-terraforming/cmd.versionString=${version}" ]; # The test suite insists on downloading a binary release of Terraform from diff --git a/pkgs/tools/misc/lesspipe/default.nix b/pkgs/tools/misc/lesspipe/default.nix index fcd46e0e85fd..f478aaea0519 100644 --- a/pkgs/tools/misc/lesspipe/default.nix +++ b/pkgs/tools/misc/lesspipe/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "lesspipe"; - version = "2.10"; + version = "2.11"; src = fetchFromGitHub { owner = "wofr06"; repo = "lesspipe"; rev = "v${version}"; - sha256 = "sha256-fLDB0rUo1kfPs0Xy2s1gG5ZsRjk1h1yYqjXkQC4qPf0="; + hash = "sha256-jJrKiRdrargk0JzcPWxBZGyOpMfTIONHG8HNRecazVo="; }; nativeBuildInputs = [ perl makeWrapper ]; diff --git a/pkgs/tools/networking/quicktun/default.nix b/pkgs/tools/networking/quicktun/default.nix index b997aad0c2d6..2c1799387df8 100644 --- a/pkgs/tools/networking/quicktun/default.nix +++ b/pkgs/tools/networking/quicktun/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, libsodium }: +{ lib, stdenv, fetchFromGitHub, libsodium, nixosTests }: stdenv.mkDerivation { pname = "quicktun"; @@ -22,11 +22,13 @@ stdenv.mkDerivation { install -vD out/quicktun* -t $out/bin ''; + passthru.tests.quicktun = nixosTests.quicktun; + meta = with lib; { broken = stdenv.isDarwin; description = "Very simple, yet secure VPN software"; homepage = "http://wiki.ucis.nl/QuickTun"; - maintainers = [ ]; + maintainers = with maintainers; [ h7x4 ]; platforms = platforms.unix; license = licenses.bsd2; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 47650ac516d3..085fb8b51415 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2161,7 +2161,7 @@ with pkgs; vrrtest = callPackage ../tools/video/vrrtest { }; winbox = callPackage ../tools/admin/winbox { - wine = wineWowPackages.staging; + wine = wineWowPackages.stable; }; wtwitch = callPackage ../tools/video/wtwitch { }; @@ -9904,8 +9904,6 @@ with pkgs; kubergrunt = callPackage ../applications/networking/cluster/kubergrunt { }; - kubo = callPackage ../applications/networking/kubo { }; - kubo-migrator-all-fs-repo-migrations = callPackage ../applications/networking/kubo-migrator/all-migrations.nix { }; kubo-migrator-unwrapped = callPackage ../applications/networking/kubo-migrator/unwrapped.nix { }; kubo-migrator = callPackage ../applications/networking/kubo-migrator { }; @@ -40467,8 +40465,6 @@ with pkgs; hjson = with python3Packages; toPythonApplication hjson; - hjson-go = callPackage ../development/tools/hjson-go { }; - epkowa = callPackage ../misc/drivers/epkowa { }; utsushi = callPackage ../misc/drivers/utsushi { };