movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2024-09-06 00:13:20 +00:00 committed by GitHub
commit 25ef10109d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
111 changed files with 1422 additions and 1244 deletions
Download patch file Download diff file Expand all files Collapse all files

7
maintainers/maintainer-list.nix
View file

@ -21514,6 +21514,13 @@
githubId = 12422133;
name = "Chromo-residuum-opec";
};
uku3lig = {
name = "uku";
email = "hi@uku.moe";
matrix = "@uku:m.uku.moe";
github = "uku3lig";
githubId = 61147779;
};
ulrikstrid = {
email = "ulrik.strid@outlook.com";
github = "ulrikstrid";

5
nixos/doc/manual/release-notes/rl-2411.section.md
View file

@ -34,9 +34,6 @@
Users that want to keep PulseAudio will want to set `services.pipewire.enable = false;` and `hardware.pulseaudio.enable = true;`.
There is currently no plan to fully deprecate and remove PulseAudio, however, PipeWire should generally be preferred for new installs.
- Support for mounting filesystems from block devices protected with [dm-verity](https://docs.kernel.org/admin-guide/device-mapper/verity.html)
was added through the `boot.initrd.systemd.dmVerity` option.
## New Modules {#sec-release-24.11-new-modules}
- [TaskChampion Sync-Server](https://github.com/GothenburgBitFactory/taskchampion-sync-server), a [Taskwariror 3](https://taskwarrior.org/docs/upgrade-3/) sync server, replacing Taskwarrior 2's sync server named [`taskserver`](https://github.com/GothenburgBitFactory/taskserver).
@ -412,6 +409,8 @@
- The `openlens` package got removed, suggested replacment `lens-desktop`
- The NixOS installation media no longer support the ReiserFS or JFS file systems by default.
## Other Notable Changes {#sec-release-24.11-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

1
nixos/modules/module-list.nix
View file

@ -1622,7 +1622,6 @@
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/systemd/coredump.nix
./system/boot/systemd/dm-verity.nix
./system/boot/systemd/initrd-secrets.nix
./system/boot/systemd/initrd.nix
./system/boot/systemd/journald.nix

2
nixos/modules/profiles/base.nix
View file

@ -50,7 +50,7 @@
# Include support for various filesystems and tools to create / manipulate them.
boot.supportedFilesystems =
[ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ] ++
[ "btrfs" "cifs" "f2fs" "ntfs" "vfat" "xfs" ] ++
lib.optional (lib.meta.availableOn pkgs.stdenv.hostPlatform config.boot.zfs.package) "zfs";
# Configure host id for ZFS to work

275
nixos/modules/security/acme/default.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
@ -8,11 +7,11 @@ let
user = if cfg.useRoot then "root" else "acme";
# Used to calculate timer accuracy for coalescing
numCerts = length (builtins.attrNames cfg.certs);
numCerts = lib.length (builtins.attrNames cfg.certs);
_24hSecs = 60 * 60 * 24;
# Used to make unique paths for each cert/account config set
mkHash = with builtins; val: substring 0 20 (hashString "sha256" val);
mkHash = with builtins; val: lib.substring 0 20 (hashString "sha256" val);
mkAccountHash = acmeServer: data: mkHash "${toString acmeServer} ${data.keyType} ${data.email}";
accountDirRoot = "/var/lib/acme/.lego/accounts/";
@ -29,7 +28,7 @@ let
else
[{ fst = head workingBaseList; snd = head needAssignmentList;}] ++
_rrCycler origBaseList (if (tail workingBaseList == []) then origBaseList else tail workingBaseList) (tail needAssignmentList);
attrsToList = mapAttrsToList (attrname: attrval: {name = attrname; value = attrval;});
attrsToList = lib.mapAttrsToList (attrname: attrval: {name = attrname; value = attrval;});
# for an AttrSet `funcsAttrs` having functions as values, apply single arguments from
# `argsList` to them in a round-robin manner.
# Returns an attribute set with the applied functions as values.
@ -57,7 +56,7 @@ let
commonServiceConfig = {
Type = "oneshot";
User = user;
Group = mkDefault "acme";
Group = lib.mkDefault "acme";
UMask = "0022";
StateDirectoryMode = "750";
ProtectSystem = "strict";
@ -136,8 +135,8 @@ let
userMigrationService = let
script = with builtins; ''
chown -R ${user} .lego/accounts
'' + (concatStringsSep "\n" (mapAttrsToList (cert: data: ''
for fixpath in ${escapeShellArg cert} .lego/${escapeShellArg cert}; do
'' + (lib.concatStringsSep "\n" (lib.mapAttrsToList (cert: data: ''
for fixpath in ${lib.escapeShellArg cert} .lego/${lib.escapeShellArg cert}; do
if [ -d "$fixpath" ]; then
chmod -R u=rwX,g=rX,o= "$fixpath"
chown -R ${user}:${data.group} "$fixpath"
@ -166,7 +165,7 @@ let
# ensure all required lock files exist, but none more
script = ''
GLOBIGNORE="${concatStringsSep ":" concurrencyLockfiles}"
GLOBIGNORE="${lib.concatStringsSep ":" concurrencyLockfiles}"
rm -f *
unset GLOBIGNORE
@ -186,7 +185,7 @@ let
useDns = data.dnsProvider != null;
useDnsOrS3 = useDns || data.s3Bucket != null;
destPath = "/var/lib/acme/${cert}";
selfsignedDeps = optionals (cfg.preliminarySelfsigned) [ "acme-selfsigned-${cert}.service" ];
selfsignedDeps = lib.optionals (cfg.preliminarySelfsigned) [ "acme-selfsigned-${cert}.service" ];
# Minica and lego have a "feature" which replaces * with _. We need
# to make this substitution to reference the output files from both programs.
@ -196,7 +195,7 @@ let
# FIXME when mkChangedOptionModule supports submodules, change to that.
# This is a workaround
extraDomains = data.extraDomainNames ++ (
optionals
lib.optionals
(data.extraDomains != "_mkMergedOptionModule")
(builtins.attrNames data.extraDomains)
);
@ -204,22 +203,22 @@ let
# Create hashes for cert data directories based on configuration
# Flags are separated to avoid collisions
hashData = with builtins; ''
${concatStringsSep " " data.extraLegoFlags} -
${concatStringsSep " " data.extraLegoRunFlags} -
${concatStringsSep " " data.extraLegoRenewFlags} -
${lib.concatStringsSep " " data.extraLegoFlags} -
${lib.concatStringsSep " " data.extraLegoRunFlags} -
${lib.concatStringsSep " " data.extraLegoRenewFlags} -
${toString acmeServer} ${toString data.dnsProvider}
${toString data.ocspMustStaple} ${data.keyType}
'';
certDir = mkHash hashData;
# TODO remove domainHash usage entirely. Waiting on go-acme/lego#1532
domainHash = mkHash "${concatStringsSep " " extraDomains} ${data.domain}";
domainHash = mkHash "${lib.concatStringsSep " " extraDomains} ${data.domain}";
accountHash = (mkAccountHash acmeServer data);
accountDir = accountDirRoot + accountHash;
protocolOpts = if useDns then (
[ "--dns" data.dnsProvider ]
++ optionals (!data.dnsPropagationCheck) [ "--dns.disable-cp" ]
++ optionals (data.dnsResolver != null) [ "--dns.resolvers" data.dnsResolver ]
++ lib.optionals (!data.dnsPropagationCheck) [ "--dns.disable-cp" ]
++ lib.optionals (data.dnsResolver != null) [ "--dns.resolvers" data.dnsResolver ]
) else if data.s3Bucket != null then [ "--http" "--http.s3-bucket" data.s3Bucket ]
else if data.listenHTTP != null then [ "--http" "--http.port" data.listenHTTP ]
else [ "--http" "--http.webroot" data.webroot ];
@ -231,22 +230,22 @@ let
"--email" data.email
"--key-type" data.keyType
] ++ protocolOpts
++ optionals (acmeServer != null) [ "--server" acmeServer ]
++ concatMap (name: [ "-d" name ]) extraDomains
++ lib.optionals (acmeServer != null) [ "--server" acmeServer ]
++ lib.concatMap (name: [ "-d" name ]) extraDomains
++ data.extraLegoFlags;
# Although --must-staple is common to both modes, it is not declared as a
# mode-agnostic argument in lego and thus must come after the mode.
runOpts = escapeShellArgs (
runOpts = lib.escapeShellArgs (
commonOpts
++ [ "run" ]
++ optionals data.ocspMustStaple [ "--must-staple" ]
++ lib.optionals data.ocspMustStaple [ "--must-staple" ]
++ data.extraLegoRunFlags
);
renewOpts = escapeShellArgs (
renewOpts = lib.escapeShellArgs (
commonOpts
++ [ "renew" "--no-random-sleep" ]
++ optionals data.ocspMustStaple [ "--must-staple" ]
++ lib.optionals data.ocspMustStaple [ "--must-staple" ]
++ data.extraLegoRenewFlags
);
@ -286,8 +285,8 @@ let
selfsignService = lockfileName: {
description = "Generate self-signed certificate for ${cert}";
after = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ] ++ optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
requires = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ] ++ optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
after = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ] ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
requires = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ] ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
path = with pkgs; [ minica ];
@ -315,7 +314,7 @@ let
minica \
--ca-key ca/key.pem \
--ca-cert ca/cert.pem \
--domains ${escapeShellArg (builtins.concatStringsSep "," ([ data.domain ] ++ extraDomains))}
--domains ${lib.escapeShellArg (builtins.concatStringsSep "," ([ data.domain ] ++ extraDomains))}
# Create files to match directory layout for real certificates
cd '${keyName}'
@ -334,11 +333,11 @@ let
renewService = lockfileName: {
description = "Renew ACME certificate for ${cert}";
after = [ "network.target" "network-online.target" "acme-fixperms.service" "nss-lookup.target" ] ++ selfsignedDeps ++ optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
wants = [ "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps ++ optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
after = [ "network.target" "network-online.target" "acme-fixperms.service" "nss-lookup.target" ] ++ selfsignedDeps ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
wants = [ "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps ++ lib.optional (cfg.maxConcurrentRenewals > 0) "acme-lockfiles.service";
# https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099
wantedBy = optionals (!config.boot.isContainer) [ "multi-user.target" ];
wantedBy = lib.optionals (!config.boot.isContainer) [ "multi-user.target" ];
path = with pkgs; [ lego coreutils diffutils openssl ];
@ -368,33 +367,33 @@ let
"/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates"
];
EnvironmentFile = mkIf useDnsOrS3 data.environmentFile;
EnvironmentFile = lib.mkIf useDnsOrS3 data.environmentFile;
Environment = mkIf useDnsOrS3
(mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);
Environment = lib.mkIf useDnsOrS3
(lib.mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);
LoadCredential = mkIf useDnsOrS3
(mapAttrsToList (k: v: "${k}:${v}") data.credentialFiles);
LoadCredential = lib.mkIf useDnsOrS3
(lib.mapAttrsToList (k: v: "${k}:${v}") data.credentialFiles);
# Run as root (Prefixed with +)
ExecStartPost = "+" + (pkgs.writeShellScript "acme-postrun" ''
cd /var/lib/acme/${escapeShellArg cert}
cd /var/lib/acme/${lib.escapeShellArg cert}
if [ -e renewed ]; then
rm renewed
${data.postRun}
${optionalString (data.reloadServices != [])
"systemctl --no-block try-reload-or-restart ${escapeShellArgs data.reloadServices}"
${lib.optionalString (data.reloadServices != [])
"systemctl --no-block try-reload-or-restart ${lib.escapeShellArgs data.reloadServices}"
}
fi
'');
} // optionalAttrs (data.listenHTTP != null && toInt (last (splitString ":" data.listenHTTP)) < 1024) {
} // lib.optionalAttrs (data.listenHTTP != null && lib.toInt (lib.last (lib.splitString ":" data.listenHTTP)) < 1024) {
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
# Working directory will be /tmp
script = (if (lockfileName == null) then lib.id else wrapInFlock "${lockdir}${lockfileName}") ''
${optionalString data.enableDebugLogs "set -x"}
${lib.optionalString data.enableDebugLogs "set -x"}
set -euo pipefail
# This reimplements the expiration date check, but without querying
@ -425,7 +424,7 @@ let
[[ $expiration_days -gt ${toString data.validMinDays} ]]
}
${optionalString (data.webroot != null) ''
${lib.optionalString (data.webroot != null) ''
# Ensure the webroot exists. Fixing group is required in case configuration was changed between runs.
# Lego will fail if the webroot does not exist at all.
(
@ -461,7 +460,7 @@ let
# Produce a nice error for those doing their first nixos-rebuild with these certs
echo Failed to fetch certificates. \
This may mean your DNS records are set up incorrectly. \
${optionalString (cfg.preliminarySelfsigned) "Selfsigned certs are in place and dependant services will still start."}
${lib.optionalString (cfg.preliminarySelfsigned) "Selfsigned certs are in place and dependant services will still start."}
# Exit 10 so that users can potentially amend SuccessExitStatus to ignore this error.
# High number to avoid Systemd reserved codes.
exit 10
@ -490,7 +489,7 @@ let
};
};
certConfigs = mapAttrs certToConfig cfg.certs;
certConfigs = lib.mapAttrs certToConfig cfg.certs;
# These options can be specified within
# security.acme.defaults or security.acme.certs.<name>
@ -504,22 +503,22 @@ let
# stay constant. Though notably it wouldn't matter much, because to get
# the option information, a submodule with name `<name>` is evaluated
# without any definitions.
defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}";
defaultText = if isDefaults then default else lib.literalExpression "config.security.acme.defaults.${name}";
};
in {
imports = [
(mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ])
(lib.mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ])
];
options = {
validMinDays = mkOption {
type = types.int;
validMinDays = lib.mkOption {
type = lib.types.int;
inherit (defaultAndText "validMinDays" 30) default defaultText;
description = "Minimum remaining validity before renewal in days.";
};
renewInterval = mkOption {
type = types.str;
renewInterval = lib.mkOption {
type = lib.types.str;
inherit (defaultAndText "renewInterval" "daily") default defaultText;
description = ''
Systemd calendar expression when to check for renewal. See
@ -527,12 +526,12 @@ let
'';
};
enableDebugLogs = mkEnableOption "debug logging for this certificate" // {
enableDebugLogs = lib.mkEnableOption "debug logging for this certificate" // {
inherit (defaultAndText "enableDebugLogs" true) default defaultText;
};
webroot = mkOption {
type = types.nullOr types.str;
webroot = lib.mkOption {
type = lib.types.nullOr lib.types.str;
inherit (defaultAndText "webroot" null) default defaultText;
example = "/var/lib/acme/acme-challenge";
description = ''
@ -544,8 +543,8 @@ let
'';
};
server = mkOption {
type = types.nullOr types.str;
server = lib.mkOption {
type = lib.types.nullOr lib.types.str;
inherit (defaultAndText "server" "https://acme-v02.api.letsencrypt.org/directory") default defaultText;
example = "https://acme-staging-v02.api.letsencrypt.org/directory";
description = ''
@ -556,8 +555,8 @@ let
'';
};
email = mkOption {
type = types.nullOr types.str;
email = lib.mkOption {
type = lib.types.nullOr lib.types.str;
inherit (defaultAndText "email" null) default defaultText;
description = ''
Email address for account creation and correspondence from the CA.
@ -566,14 +565,14 @@ let
'';
};
group = mkOption {
type = types.str;
group = lib.mkOption {
type = lib.types.str;
inherit (defaultAndText "group" "acme") default defaultText;
description = "Group running the ACME client.";
};
reloadServices = mkOption {
type = types.listOf types.str;
reloadServices = lib.mkOption {
type = lib.types.listOf lib.types.str;
inherit (defaultAndText "reloadServices" []) default defaultText;
description = ''
The list of systemd services to call `systemctl try-reload-or-restart`
@ -581,8 +580,8 @@ let
'';
};
postRun = mkOption {
type = types.lines;
postRun = lib.mkOption {
type = lib.types.lines;
inherit (defaultAndText "postRun" "") default defaultText;
example = "cp full.pem backup.pem";
description = ''
@ -593,8 +592,8 @@ let
'';
};
keyType = mkOption {
type = types.str;
keyType = lib.mkOption {
type = lib.types.str;
inherit (defaultAndText "keyType" "ec256") default defaultText;
description = ''
Key type to use for private keys.
@ -603,8 +602,8 @@ let
'';
};
dnsProvider = mkOption {
type = types.nullOr types.str;
dnsProvider = lib.mkOption {
type = lib.types.nullOr lib.types.str;
inherit (defaultAndText "dnsProvider" null) default defaultText;
example = "route53";
description = ''
@ -613,8 +612,8 @@ let
'';
};
dnsResolver = mkOption {
type = types.nullOr types.str;
dnsResolver = lib.mkOption {
type = lib.types.nullOr lib.types.str;
inherit (defaultAndText "dnsResolver" null) default defaultText;
example = "1.1.1.1:53";
description = ''
@ -624,8 +623,8 @@ let
'';
};
environmentFile = mkOption {
type = types.nullOr types.path;
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
inherit (defaultAndText "environmentFile" null) default defaultText;
description = ''
Path to an EnvironmentFile for the cert's service containing any required and
@ -636,8 +635,8 @@ let
example = "/var/src/secrets/example.org-route53-api-token";
};
credentialFiles = mkOption {
type = types.attrsOf (types.path);
credentialFiles = lib.mkOption {
type = lib.types.attrsOf (lib.types.path);
inherit (defaultAndText "credentialFiles" {}) default defaultText;
description = ''
Environment variables suffixed by "_FILE" to set for the cert's service
@ -647,15 +646,15 @@ let
This allows to securely pass credential files to lego by leveraging systemd
credentials.
'';
example = literalExpression ''
example = lib.literalExpression ''
{
"RFC2136_TSIG_SECRET_FILE" = "/run/secrets/tsig-secret-example.org";
}
'';
};
dnsPropagationCheck = mkOption {
type = types.bool;
dnsPropagationCheck = lib.mkOption {
type = lib.types.bool;
inherit (defaultAndText "dnsPropagationCheck" true) default defaultText;
description = ''
Toggles lego DNS propagation check, which is used alongside DNS-01
@ -663,8 +662,8 @@ let
'';
};
ocspMustStaple = mkOption {
type = types.bool;
ocspMustStaple = lib.mkOption {
type = lib.types.bool;
inherit (defaultAndText "ocspMustStaple" false) default defaultText;
description = ''
Turns on the OCSP Must-Staple TLS extension.
@ -675,24 +674,24 @@ let
'';
};
extraLegoFlags = mkOption {
type = types.listOf types.str;
extraLegoFlags = lib.mkOption {
type = lib.types.listOf lib.types.str;
inherit (defaultAndText "extraLegoFlags" []) default defaultText;
description = ''
Additional global flags to pass to all lego commands.
'';
};
extraLegoRenewFlags = mkOption {
type = types.listOf types.str;
extraLegoRenewFlags = lib.mkOption {
type = lib.types.listOf lib.types.str;
inherit (defaultAndText "extraLegoRenewFlags" []) default defaultText;
description = ''
Additional flags to pass to lego renew.
'';
};
extraLegoRunFlags = mkOption {
type = types.listOf types.str;
extraLegoRunFlags = lib.mkOption {
type = lib.types.listOf lib.types.str;
inherit (defaultAndText "extraLegoRunFlags" []) default defaultText;
description = ''
Additional flags to pass to lego run.
@ -704,40 +703,40 @@ let
certOpts = { name, config, ... }: {
options = {
# user option has been removed
user = mkOption {
user = lib.mkOption {
visible = false;
default = "_mkRemovedOptionModule";
};
# allowKeysForGroup option has been removed
allowKeysForGroup = mkOption {
allowKeysForGroup = lib.mkOption {
visible = false;
default = "_mkRemovedOptionModule";
};
# extraDomains was replaced with extraDomainNames
extraDomains = mkOption {
extraDomains = lib.mkOption {
visible = false;
default = "_mkMergedOptionModule";
};
directory = mkOption {
type = types.str;
directory = lib.mkOption {
type = lib.types.str;
readOnly = true;
default = "/var/lib/acme/${name}";
description = "Directory where certificate and other state is stored.";
};
domain = mkOption {
type = types.str;
domain = lib.mkOption {
type = lib.types.str;
default = name;
description = "Domain to fetch certificate for (defaults to the entry name).";
};
extraDomainNames = mkOption {
type = types.listOf types.str;
extraDomainNames = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = literalExpression ''
example = lib.literalExpression ''
[
"example.org"
"mydomain.org"
@ -751,8 +750,8 @@ let
# This setting must be different for each configured certificate, otherwise
# two or more renewals may fail to bind to the address. Hence, it is not in
# the inheritableOpts.
listenHTTP = mkOption {
type = types.nullOr types.str;
listenHTTP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = ":1360";
description = ''
@ -762,8 +761,8 @@ let
'';
};
s3Bucket = mkOption {
type = types.nullOr types.str;
s3Bucket = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "acme";
description = ''
@ -771,7 +770,7 @@ let
'';
};
inheritDefaults = mkOption {
inheritDefaults = lib.mkOption {
default = true;
example = true;
description = "Whether to inherit values set in `security.acme.defaults` or not.";
@ -784,8 +783,8 @@ in {
options = {
security.acme = {
preliminarySelfsigned = mkOption {
type = types.bool;
preliminarySelfsigned = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether a preliminary self-signed certificate should be generated before
@ -797,8 +796,8 @@ in {
'';
};
acceptTerms = mkOption {
type = types.bool;
acceptTerms = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Accept the CA's terms of service. The default provider is Let's Encrypt,
@ -806,8 +805,8 @@ in {
'';
};
useRoot = mkOption {
type = types.bool;
useRoot = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to use the root user when generating certs. This is not recommended
@ -818,8 +817,8 @@ in {
'';
};
defaults = mkOption {
type = types.submodule (inheritableModule true);
defaults = lib.mkOption {
type = lib.types.submodule (inheritableModule true);
description = ''
Default values inheritable by all configured certs. You can
use this to define options shared by all your certs. These defaults
@ -828,9 +827,9 @@ in {
'';
};
certs = mkOption {
certs = lib.mkOption {
default = { };
type = with types; attrsOf (submodule [ (inheritableModule false) certOpts ]);
type = with lib.types; attrsOf (submodule [ (inheritableModule false) certOpts ]);
description = ''
Attribute set of certificates to get signed and renewed. Creates
`acme-''${cert}.{service,timer}` systemd units for
@ -838,7 +837,7 @@ in {
to those units if they rely on the certificates being present,
or trigger restarts of the service if certificates get renewed.
'';
example = literalExpression ''
example = lib.literalExpression ''
{
"example.com" = {
webroot = "/var/lib/acme/acme-challenge/";
@ -852,9 +851,9 @@ in {
}
'';
};
maxConcurrentRenewals = mkOption {
maxConcurrentRenewals = lib.mkOption {
default = 5;
type = types.int;
type = lib.types.int;
description = ''
Maximum number of concurrent certificate generation or renewal jobs. All other
jobs will queue and wait running jobs to finish. Reduces the system load of
@ -867,39 +866,39 @@ in {
};
imports = [
(mkRemovedOptionModule [ "security" "acme" "production" ] ''
(lib.mkRemovedOptionModule [ "security" "acme" "production" ] ''
Use security.acme.server to define your staging ACME server URL instead.
To use the let's encrypt staging server, use security.acme.server =
"https://acme-staging-v02.api.letsencrypt.org/directory".
'')
(mkRemovedOptionModule [ "security" "acme" "directory" ] "ACME Directory is now hardcoded to /var/lib/acme and its permissions are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkChangedOptionModule [ "security" "acme" "validMin" ] [ "security" "acme" "defaults" "validMinDays" ] (config: config.security.acme.validMin / (24 * 3600)))
(mkChangedOptionModule [ "security" "acme" "validMinDays" ] [ "security" "acme" "defaults" "validMinDays" ] (config: config.security.acme.validMinDays))
(mkChangedOptionModule [ "security" "acme" "renewInterval" ] [ "security" "acme" "defaults" "renewInterval" ] (config: config.security.acme.renewInterval))
(mkChangedOptionModule [ "security" "acme" "email" ] [ "security" "acme" "defaults" "email" ] (config: config.security.acme.email))
(mkChangedOptionModule [ "security" "acme" "server" ] [ "security" "acme" "defaults" "server" ] (config: config.security.acme.server))
(mkChangedOptionModule [ "security" "acme" "enableDebugLogs" ] [ "security" "acme" "defaults" "enableDebugLogs" ] (config: config.security.acme.enableDebugLogs))
(lib.mkRemovedOptionModule [ "security" "acme" "directory" ] "ACME Directory is now hardcoded to /var/lib/acme and its permissions are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(lib.mkRemovedOptionModule [ "security" "acme" "preDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(lib.mkRemovedOptionModule [ "security" "acme" "activationDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(lib.mkChangedOptionModule [ "security" "acme" "validMin" ] [ "security" "acme" "defaults" "validMinDays" ] (config: config.security.acme.validMin / (24 * 3600)))
(lib.mkChangedOptionModule [ "security" "acme" "validMinDays" ] [ "security" "acme" "defaults" "validMinDays" ] (config: config.security.acme.validMinDays))
(lib.mkChangedOptionModule [ "security" "acme" "renewInterval" ] [ "security" "acme" "defaults" "renewInterval" ] (config: config.security.acme.renewInterval))
(lib.mkChangedOptionModule [ "security" "acme" "email" ] [ "security" "acme" "defaults" "email" ] (config: config.security.acme.email))
(lib.mkChangedOptionModule [ "security" "acme" "server" ] [ "security" "acme" "defaults" "server" ] (config: config.security.acme.server))
(lib.mkChangedOptionModule [ "security" "acme" "enableDebugLogs" ] [ "security" "acme" "defaults" "enableDebugLogs" ] (config: config.security.acme.enableDebugLogs))
];
config = mkMerge [
(mkIf (cfg.certs != { }) {
config = lib.mkMerge [
(lib.mkIf (cfg.certs != { }) {
# FIXME Most of these custom warnings and filters for security.acme.certs.* are required
# because using mkRemovedOptionModule/mkChangedOptionModule with attrsets isn't possible.
warnings = filter (w: w != "") (mapAttrsToList (cert: data: optionalString (data.extraDomains != "_mkMergedOptionModule") ''
warnings = lib.filter (w: w != "") (lib.mapAttrsToList (cert: data: lib.optionalString (data.extraDomains != "_mkMergedOptionModule") ''
The option definition `security.acme.certs.${cert}.extraDomains` has changed
to `security.acme.certs.${cert}.extraDomainNames` and is now a list of strings.
Setting a custom webroot for extra domains is not possible, instead use separate certs.
'') cfg.certs);
assertions = let
certs = attrValues cfg.certs;
certs = lib.attrValues cfg.certs;
in [
{
assertion = cfg.defaults.email != null || all (certOpts: certOpts.email != null) certs;
assertion = cfg.defaults.email != null || lib.all (certOpts: certOpts.email != null) certs;
message = ''
You must define `security.acme.certs.<name>.email` or
`security.acme.defaults.email` to register with the CA. Note that using
@ -914,7 +913,7 @@ in {
to `true`. For Let's Encrypt's ToS see https://letsencrypt.org/repository/
'';
}
] ++ (builtins.concatLists (mapAttrsToList (cert: data: [
] ++ (builtins.concatLists (lib.mapAttrsToList (cert: data: [
{
assertion = data.user == "_mkRemovedOptionModule";
message = ''
@ -936,7 +935,7 @@ in {
# referencing them as a user quite weird too. Best practice is to use
# the domain option.
{
assertion = ! hasInfix "*" cert;
assertion = ! lib.hasInfix "*" cert;
message = ''
The cert option path `security.acme.certs.${cert}.dnsProvider`
cannot contain a * character.
@ -959,7 +958,7 @@ in {
'';
})
{
assertion = all (hasSuffix "_FILE") (attrNames data.credentialFiles);
assertion = lib.all (lib.hasSuffix "_FILE") (lib.attrNames data.credentialFiles);
message = ''
Option `security.acme.certs.${cert}.credentialFiles` can only be
used for variables suffixed by "_FILE".
@ -982,27 +981,27 @@ in {
];
systemd.services = let
renewServiceFunctions = mapAttrs' (cert: conf: nameValuePair "acme-${cert}" conf.renewService) certConfigs;
renewServiceFunctions = lib.mapAttrs' (cert: conf: lib.nameValuePair "acme-${cert}" conf.renewService) certConfigs;
renewServices = if cfg.maxConcurrentRenewals > 0
then roundRobinApplyAttrs renewServiceFunctions concurrencyLockfiles
else mapAttrs (_: f: f null) renewServiceFunctions;
selfsignServiceFunctions = mapAttrs' (cert: conf: nameValuePair "acme-selfsigned-${cert}" conf.selfsignService) certConfigs;
else lib.mapAttrs (_: f: f null) renewServiceFunctions;
selfsignServiceFunctions = lib.mapAttrs' (cert: conf: lib.nameValuePair "acme-selfsigned-${cert}" conf.selfsignService) certConfigs;
selfsignServices = if cfg.maxConcurrentRenewals > 0
then roundRobinApplyAttrs selfsignServiceFunctions concurrencyLockfiles
else mapAttrs (_: f: f null) selfsignServiceFunctions;
else lib.mapAttrs (_: f: f null) selfsignServiceFunctions;
in
{ "acme-fixperms" = userMigrationService; }
// (optionalAttrs (cfg.maxConcurrentRenewals > 0) {"acme-lockfiles" = lockfilePrepareService; })
// (lib.optionalAttrs (cfg.maxConcurrentRenewals > 0) {"acme-lockfiles" = lockfilePrepareService; })
// renewServices
// (optionalAttrs (cfg.preliminarySelfsigned) ({
// (lib.optionalAttrs (cfg.preliminarySelfsigned) ({
"acme-selfsigned-ca" = selfsignCAService;
} // selfsignServices));
systemd.timers = mapAttrs' (cert: conf: nameValuePair "acme-${cert}" conf.renewTimer) certConfigs;
systemd.timers = lib.mapAttrs' (cert: conf: lib.nameValuePair "acme-${cert}" conf.renewTimer) certConfigs;
systemd.targets = let
# Create some targets which can be depended on to be "active" after cert renewals
finishedTargets = mapAttrs' (cert: conf: nameValuePair "acme-finished-${cert}" {
finishedTargets = lib.mapAttrs' (cert: conf: lib.nameValuePair "acme-finished-${cert}" {
wantedBy = [ "default.target" ];
requires = [ "acme-${cert}.service" ];
after = [ "acme-${cert}.service" ];
@ -1017,15 +1016,15 @@ in {
# Using a target here is fine - account creation is a one time event. Even if
# systemd clean --what=state is used to delete the account, so long as the user
# then runs one of the cert services, there won't be any issues.
accountTargets = mapAttrs' (hash: confs: let
accountTargets = lib.mapAttrs' (hash: confs: let
leader = "acme-${(builtins.head confs).cert}.service";
dependantServices = map (conf: "acme-${conf.cert}.service") (builtins.tail confs);
in nameValuePair "acme-account-${hash}" {
in lib.nameValuePair "acme-account-${hash}" {
requiredBy = dependantServices;
before = dependantServices;
requires = [ leader ];
after = [ leader ];
}) (groupBy (conf: conf.accountHash) (attrValues certConfigs));
}) (lib.groupBy (conf: conf.accountHash) (lib.attrValues certConfigs));
in finishedTargets // accountTargets;
})
];

35
nixos/modules/services/matrix/appservice-irc.nix
View file

@ -137,6 +137,37 @@ in {
type = submodule { freeformType = jsonType; };
description = "IRC servers to connect to";
};
mediaProxy = {
signingKeyPath = lib.mkOption {
type = path;
default = "/var/lib/matrix-appservice-irc/media-signingkey.jwk";
description = ''
Path to the signing key file for authenticated media.
'';
};
ttlSeconds = lib.mkOption {
type = ints.positive;
default = 3600;
description = ''
Lifetime in seconds, that generated URLs stay valid.
'';
};
bindPort = lib.mkOption {
type = port;
default = 11111;
description = ''
Port that the media proxy binds to.
'';
};
publicUrl = lib.mkOption {
type = str;
example = "https://matrix.example.com/media";
description = ''
URL under which the media proxy is publicly acccessible.
'';
};
};
};
};
};
@ -144,6 +175,7 @@ in {
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.matrix-appservice-irc = {
description = "Matrix-IRC bridge";
@ -181,6 +213,9 @@ in {
sed -i "s/^hs_token:.*$/$hs_token/g" ${registrationFile}
sed -i "s/^as_token:.*$/$as_token/g" ${registrationFile}
fi
if ! [ -f "${cfg.settings.ircService.mediaProxy.signingKeyPath}"]; then
${lib.getExe pkgs.nodejs} ${pkg}/lib/generate-signing-key.js > "${cfg.settings.ircService.mediaProxy.signingKeyPath}"
fi
# Allow synapse access to the registration
if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then
chgrp matrix-synapse ${registrationFile}

4
nixos/modules/services/matrix/synapse.md
View file

@ -188,7 +188,7 @@ or [OpenID](https://element-hq.github.io/synapse/latest/openid.html).
## Element (formerly known as Riot) Web Client {#module-services-matrix-element-web}
[Element Web](https://github.com/vector-im/riot-web/) is
[Element Web](https://github.com/element-hq/element-web) is
the reference web client for Matrix and developed by the core team at
matrix.org. Element was formerly known as Riot.im, see the
[Element introductory blog post](https://element.io/blog/welcome-to-element/)
@ -228,6 +228,6 @@ the example, this means that you should not reuse the
`myhostname.example.org` virtualHost to also serve Element,
but instead serve it on a different subdomain, like
`element.example.org` in the example. See the
[Element Important Security Notes](https://github.com/vector-im/element-web/tree/v1.10.0#important-security-notes)
[Element Important Security Notes](https://github.com/element-hq/element-web/tree/v1.10.0#important-security-notes)
for more information on this subject.
:::

5
nixos/modules/system/boot/resolved.nix
View file

@ -205,11 +205,12 @@ in
boot.initrd.systemd = {
contents = {
"/etc/tmpfiles.d/resolv.conf".text =
"L /etc/resolv.conf - - - - /run/systemd/resolve/stub-resolv.conf";
"/etc/systemd/resolved.conf".text = resolvedConf;
};
tmpfiles.settings.systemd-resolved-stub."/etc/resolv.conf".L.argument =
"/run/systemd/resolve/stub-resolv.conf";
additionalUpstreamUnits = ["systemd-resolved.service"];
users.systemd-resolve = {};
groups.systemd-resolve = {};

65
nixos/modules/system/boot/systemd/dm-verity.nix
View file

@ -1,65 +0,0 @@
{ config, lib, ... }:
let
cfg = config.boot.initrd.systemd.dmVerity;
in
{
options = {
boot.initrd.systemd.dmVerity = {
enable = lib.mkEnableOption "dm-verity" // {
description = ''
Mount verity-protected block devices in the initrd.
Enabling this option allows to use `systemd-veritysetup` and
`systemd-veritysetup-generator` in the initrd.
'';
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> config.boot.initrd.systemd.enable;
message = ''
'boot.initrd.systemd.dmVerity.enable' requires 'boot.initrd.systemd.enable' to be enabled.
'';
}
];
boot.initrd = {
availableKernelModules = [
# For documentation, see https://docs.kernel.org/admin-guide/device-mapper/dm-init.html
"dm_mod"
# For documentation, see:
# - https://docs.kernel.org/admin-guide/device-mapper/verity.html
# - https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMVerity
"dm_verity"
];
# dm-verity needs additional udev rules from LVM to work.
services.lvm.enable = true;
# The additional targets and store paths allow users to integrate verity-protected devices
# through the systemd tooling.
systemd = {
additionalUpstreamUnits = [
# https://github.com/systemd/systemd/blob/main/units/veritysetup-pre.target
"veritysetup-pre.target"
# https://github.com/systemd/systemd/blob/main/units/veritysetup.target
"veritysetup.target"
# https://github.com/systemd/systemd/blob/main/units/remote-veritysetup.target
"remote-veritysetup.target"
];
storePaths = [
# These are the two binaries mentioned in https://github.com/systemd/systemd/blob/main/src/veritysetup/meson.build; there are no others.
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-veritysetup"
"${config.boot.initrd.systemd.package}/lib/systemd/system-generators/systemd-veritysetup-generator"
];
};
};
};
meta.maintainers = [ lib.maintainers.msanft ];
}

11
nixos/modules/system/boot/systemd/initrd.nix
View file

@ -218,7 +218,7 @@ in {
};
root = lib.mkOption {
type = lib.types.nullOr (lib.types.enum [ "fstab" "gpt-auto" ]);
type = lib.types.enum [ "fstab" "gpt-auto" ];
default = "fstab";
example = "gpt-auto";
description = ''
@ -227,9 +227,6 @@ in {
allow specifying the root file system itself this
way. Instead, the `fstab` value is used in order to interpret
the root file system specified with the `fileSystems` option.
If the root FS is mounted by other means, such as systemd generators other than
`fstab`, `gpt-auto` or a custom generator, set this to `null`.
'';
};
@ -401,9 +398,9 @@ in {
++ lib.optional (cfg.enableTpm2 && !(pkgs.stdenv.hostPlatform.isRiscV64 || pkgs.stdenv.hostPlatform.isArmv7)) "tpm-crb"
++ lib.optional cfg.package.withEfi "efivarfs";
boot.kernelParams =
lib.optional (config.boot.initrd.systemd.root != null) "root=${config.boot.initrd.systemd.root}"
++ lib.optional (config.boot.resumeDevice != "") "resume=${config.boot.resumeDevice}"
boot.kernelParams = [
"root=${config.boot.initrd.systemd.root}"
] ++ lib.optional (config.boot.resumeDevice != "") "resume=${config.boot.resumeDevice}"
# `systemd` mounts root in initrd as read-only unless "rw" is on the kernel command line.
# For NixOS activation to succeed, we need to have root writable in initrd.
++ lib.optional (config.boot.initrd.systemd.root == "gpt-auto") "rw";

14
nixos/modules/system/boot/systemd/tmpfiles.nix
View file

@ -163,6 +163,20 @@ in
};
config = {
warnings =
let
paths = lib.filter (path:
path != null && lib.hasPrefix "/etc/tmpfiles.d/" path
) (map (path: path.target) config.boot.initrd.systemd.storePaths);
in
lib.optional (lib.length paths > 0) (lib.concatStringsSep " " [
"Files inside /etc/tmpfiles.d in the initrd need to be created with"
"boot.initrd.systemd.tmpfiles.settings."
"Creating them by hand using boot.initrd.systemd.contents or"
"boot.initrd.systemd.storePaths will lead to errors in the future."
"Found these problematic files: ${lib.concatStringsSep ", " paths}"
]);
systemd.additionalUpstreamSystemUnits = [
"systemd-tmpfiles-clean.service"
"systemd-tmpfiles-clean.timer"

3
nixos/tests/all-tests.nix
View file

@ -259,7 +259,6 @@ in {
dhparams = handleTest ./dhparams.nix {};
disable-installer-tools = handleTest ./disable-installer-tools.nix {};
discourse = handleTest ./discourse.nix {};
dm-verity = runTest ./dm-verity.nix;
dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};
dnscrypt-wrapper = runTestOn ["x86_64-linux"] ./dnscrypt-wrapper;
dnsdist = import ./dnsdist.nix { inherit pkgs runTest; };
@ -571,7 +570,7 @@ in {
mate-wayland = handleTest ./mate-wayland.nix {};
matter-server = handleTest ./matter-server.nix {};
matomo = handleTest ./matomo.nix {};
matrix-appservice-irc = handleTest ./matrix/appservice-irc.nix {};
matrix-appservice-irc = runTest ./matrix/appservice-irc.nix;
matrix-conduit = handleTest ./matrix/conduit.nix {};
matrix-synapse = handleTest ./matrix/synapse.nix {};
matrix-synapse-workers = handleTest ./matrix/synapse-workers.nix {};

245
nixos/tests/dm-verity.nix
View file

@ -1,245 +0,0 @@
# Tests a NixOS system with a read-only root filesystem that's integrity-protected
# through DM-verity. The root filesystem is mounted read-only, and for NixOS activation
# to succeed, an overlay `tmpfs` is mounted on top of it.
# This test uses systemd-repart to create a bootable disk image, as it supplies handy
# utilities for creating verity partitions, but it can also be setup manually through
# `systemd-veritysetup`.
{ lib, pkgs, ... }:
let
imageId = "verity-root-image";
imageVersion = "1-rc1";
# Use a random, but fixed root hash placeholder to allow us specifying the "real" root hash
# after the image is first built.
roothashPlaceholder = "61fe0f0c98eff2a595dd2f63a5e481a0a25387261fa9e34c37e3a4910edf32b8";
in
{
name = "verity-root";
meta.maintainers = with lib.maintainers; [ msanft ];
nodes.machine =
{
lib,
pkgs,
config,
modulesPath,
...
}:
{
imports = [ "${modulesPath}/image/repart.nix" ];
virtualisation.directBoot.enable = false;
virtualisation.mountHostNixStore = false;
virtualisation.useEFIBoot = true;
# Disable boot loaders, as a UKI is used, which contains systemd-stub.
# TODO(raitobezarius): revisit this when #244907 lands
boot.loader.grub.enable = false;
system.image.id = imageId;
system.image.version = imageVersion;
# systemd-veritysetup-generator takes care of setting up the root filesystem.
fileSystems = lib.mkForce { };
virtualisation.fileSystems = lib.mkForce { };
# Provides 'veritysetup' to check if the verity-protected device
# has been mapped correctly.
environment.systemPackages = with pkgs; [ cryptsetup ];
boot.initrd = {
kernelModules = [ "overlay" ];
supportedFilesystems = [ "erofs" ];
systemd = {
enable = true;
dmVerity.enable = true;
root = null; # systemd-veritysetup-generator takes care of mounting /
tmpfiles.settings = {
"10-mountpoints" =
let
conf = {
mode = "0755";
user = "root";
group = "root";
};
in
{
"/run/etc/upper".d = conf;
"/run/etc/work".d = conf;
"/run/var/upper".d = conf;
"/run/var/work".d = conf;
"/run/tmp/upper".d = conf;
"/run/tmp/work".d = conf;
};
};
# We directly define the mount units here, as we need to specify dependencies very
# granularly, and systemd-fstab-generator doesn't give us that flexibility.
mounts = [
{
where = "/sysroot/etc";
what = "overlay";
type = "overlay";
options = "lowerdir=/sysroot${config.system.build.etc}/etc,upperdir=/run/etc/upper,workdir=/run/etc/work";
wantedBy = [
"initrd-fs.target"
"initrd-switch-root.target"
"default.target"
];
before = [ "initrd-fs.target" ];
after = [ "systemd-tmpfiles-setup.service" ];
unitConfig.RequiresMountsFor = "/sysroot/nix/store";
unitConfig.DefaultDependencies = false;
}
{
where = "/sysroot/var";
what = "overlay";
type = "overlay";
options = "lowerdir=/sysroot/var,upperdir=/run/var/upper,workdir=/run/var/work";
wantedBy = [
"initrd-fs.target"
"initrd-switch-root.target"
"default.target"
];
before = [ "initrd-fs.target" ];
after = [ "systemd-tmpfiles-setup.service" ];
unitConfig.RequiresMountsFor = "/sysroot/nix/store";
unitConfig.DefaultDependencies = false;
}
{
where = "/sysroot/tmp";
what = "overlay";
type = "overlay";
options = "lowerdir=/sysroot/tmp,upperdir=/run/tmp/upper,workdir=/run/tmp/work";
wantedBy = [
"initrd-fs.target"
"initrd-switch-root.target"
"default.target"
];
before = [ "initrd-fs.target" ];
after = [ "systemd-tmpfiles-setup.service" ];
unitConfig.RequiresMountsFor = "/sysroot/nix/store";
unitConfig.DefaultDependencies = false;
}
];
};
};
boot.kernelParams = [
"systemd.verity=yes"
"roothash=${roothashPlaceholder}"
];
image.repart = {
name = imageId;
# OVMF does not work with the default repart sector size of 4096
sectorSize = 512;
partitions = {
# ESP
"00-esp" = {
contents =
let
efiArch = config.nixpkgs.hostPlatform.efiArch;
in
{
"/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = "${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
"/EFI/Linux/${config.system.boot.loader.ukiFile}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
};
repartConfig = {
Type = "esp";
Format = "vfat";
# Minimize = "guess" seems to not work very well for vfat
# partitions. It's better to set a sensible default instead. The
# aarch64 kernel seems to generally be a little bigger than the
# x86_64 kernel. To stay on the safe side, leave some more slack
# for every platform other than x86_64.
SizeMinBytes = if config.nixpkgs.hostPlatform.isx86_64 then "64M" else "96M";
};
};
# Root Partition
"10-root" = {
storePaths = [ config.system.build.toplevel ];
repartConfig = {
Type = "root";
Format = "erofs";
Label = "root";
Verity = "data";
VerityMatchKey = "root";
Minimize = "best";
# We need to ensure that mountpoints are available.
MakeDirectories = "/bin /boot /dev /etc /home /lib /lib64 /mnt /nix /opt /proc /root /run /srv /sys /tmp /usr /var";
};
};
# Verity hashtree for the root partition
"20-root-verity" = {
repartConfig = {
Type = "root-verity";
Label = "root-verity";
Verity = "hash";
VerityMatchKey = "root";
Minimize = "best";
};
};
};
};
};
testScript =
let
# We override the build of the image by extending it with code to replace the placeholder with the real root hash.
# This way, we can build the image first and then set the root hash afterwards in a single derivation.
buildOverride = oldAttrs: {
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.jq ];
postInstall = ''
# Replace the placeholder with the real root hash.
realRoothash=$(${pkgs.jq}/bin/jq -r "[.[] | select(.roothash != null)] | .[0].roothash" $out/repart-output.json)
sed -i "0,/${roothashPlaceholder}/ s/${roothashPlaceholder}/$realRoothash/" $out/${oldAttrs.pname}_${oldAttrs.version}.raw
'';
};
in
{ nodes, ... }:
''
import os, subprocess, tempfile
tmp_disk_image = tempfile.NamedTemporaryFile()
subprocess.run([
"${nodes.machine.virtualisation.qemu.package}/bin/qemu-img",
"create",
"-f",
"qcow2",
"-b",
"${nodes.machine.system.build.image.overrideAttrs buildOverride}/${nodes.machine.image.repart.imageFile}",
"-F",
"raw",
tmp_disk_image.name,
])
# Set NIX_DISK_IMAGE so that the qemu script finds the right disk image.
os.environ['NIX_DISK_IMAGE'] = tmp_disk_image.name
os_release = machine.succeed("cat /etc/os-release")
assert 'IMAGE_ID="${imageId}"' in os_release
assert 'IMAGE_VERSION="${imageVersion}"' in os_release
bootctl_status = machine.succeed("bootctl status")
assert "Boot Loader Specification Type #2 (.efi)" in bootctl_status
verity_status = machine.succeed("veritysetup status root")
assert "type: VERITY" in verity_status
assert "status: verified" in verity_status
commandline = machine.succeed("cat /proc/cmdline")
roothash = commandline.split("roothash=")[1].split(" ")[0]
assert roothash in verity_status
'';
}

25
nixos/tests/matrix/appservice-irc.nix
View file

@ -1,4 +1,4 @@
import ../make-test-python.nix ({ pkgs, ... }:
{ pkgs, ... }:
let
homeserverUrl = "http://homeserver:8008";
in
@ -9,7 +9,7 @@ import ../make-test-python.nix ({ pkgs, ... }:
};
nodes = {
homeserver = { pkgs, ... }: {
homeserver = {
# We'll switch to this once the config is copied into place
specialisation.running.configuration = {
services.matrix-synapse = {
@ -46,7 +46,7 @@ import ../make-test-python.nix ({ pkgs, ... }:
};
};
ircd = { pkgs, ... }: {
ircd = {
services.ngircd = {
enable = true;
config = ''
@ -75,13 +75,16 @@ import ../make-test-python.nix ({ pkgs, ... }:
homeserver.url = homeserverUrl;
homeserver.domain = "homeserver";
ircService.servers."ircd" = {
name = "IRCd";
port = 6667;
dynamicChannels = {
enabled = true;
aliasTemplate = "#irc_$CHANNEL";
ircService = {
servers."ircd" = {
name = "IRCd";
port = 6667;
dynamicChannels = {
enabled = true;
aliasTemplate = "#irc_$CHANNEL";
};
};
mediaProxy.publicUrl = "http://localhost:11111/media";
};
};
};
@ -203,6 +206,8 @@ import ../make-test-python.nix ({ pkgs, ... }:
with subtest("start the appservice"):
appservice.wait_for_unit("matrix-appservice-irc.service")
appservice.wait_for_open_port(8009)
appservice.wait_for_file("/var/lib/matrix-appservice-irc/media-signingkey.jwk")
appservice.wait_for_open_port(11111)
with subtest("copy the registration file"):
appservice.copy_from_vm("/var/lib/matrix-appservice-irc/registration.yml")
@ -222,4 +227,4 @@ import ../make-test-python.nix ({ pkgs, ... }:
with subtest("ensure messages can be exchanged"):
client.succeed("do_test ${homeserverUrl} >&2")
'';
})
}

4
pkgs/applications/audio/picard/default.nix
View file

@ -21,14 +21,14 @@ in
pythonPackages.buildPythonApplication rec {
pname = "picard";
# nix-update --commit picard --version-regex 'release-(.*)'
version = "2.12.2";
version = "2.12.3";
format = "setuptools";
src = fetchFromGitHub {
owner = "metabrainz";
repo = "picard";
rev = "refs/tags/release-${version}";
hash = "sha256-m0cFJKkYNH01YzcRrbKgkXpjlZ9ZEymwGDnOFQfZKv0=";
hash = "sha256-ysHOiX8b9tlUaQDGl4qHUVLrLUF9MUDc4+vOQB76cj4=";
};
nativeBuildInputs = [

2
pkgs/applications/graphics/ImageMagick/default.nix
View file

@ -133,7 +133,7 @@ stdenv.mkDerivation (finalAttrs: {
version = testers.testVersion { package = finalAttrs.finalPackage; };
inherit nixos-icons;
inherit (perlPackages) ImageMagick;
inherit (python3.pkgs) img2pdf;
inherit (python3.pkgs) img2pdf willow;
pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
version = lib.head (lib.splitString "-" finalAttrs.version);

16
pkgs/applications/networking/cluster/k3s/1_28/images-versions.json
View file

@ -1,18 +1,18 @@
{
"airgap-images-amd64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.12%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "0dhzkn5y3ng7blyxj4bwrhbq5qvl3hq1hzg0h9633h8swv0xbsss"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.13%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "1v3vyrb86xijyvljs0s0skhxpjbarjqg2sx9m40332dfq9din7xq"
},
"airgap-images-arm": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.12%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "1225nqsfg7p6iq7a7qibzf3d0r7iwn53hnd9w6l189dxqna97015"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.13%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "0yifpx6vix5bjzkz81i5rsn89hkpp0rhk77ndl1lgy66pq4csbmm"
},
"airgap-images-arm64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.12%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "1lic564naj9323dkkq0z0y10n3j3yfmhixargqqs60syanfvj2p7"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.13%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "1p8zf47pghhjqhrcvmzdbcfxxy78pjpqwvmhm3wdidsa8xyy375a"
},
"images-list": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.12%2Bk3s1/k3s-images.txt",
"sha256": "1my3lfs5rfazcnnpsc9dj84dfnxx88xydrl86z6yw5n5p84x4nif"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.28.13%2Bk3s1/k3s-images.txt",
"sha256": "1f1d33jn4g5b6zmzdzzm4ffwfrmjwh60v9gnph0ysxjwsq1k0pxp"
}
}

12
pkgs/applications/networking/cluster/k3s/1_28/versions.nix
View file

@ -1,15 +1,15 @@
{
k3sVersion = "1.28.12+k3s1";
k3sCommit = "4717e2a58e04f0ba3d9f43d574a7eff01dea9146";
k3sRepoSha256 = "02wywlqqna0dj9cam6q3ykb3p5mi96f6lclrg5yhjky7jdvkffds";
k3sVendorHash = "sha256-RyUlaGQnfrCm4cB5FRs9IAeF+zn4LzAXmIViU3o30Z4=";
k3sVersion = "1.28.13+k3s1";
k3sCommit = "47737e1c4c941325574e8aa14e4a3af2e596f696";
k3sRepoSha256 = "1x66n36lxcvi5d9bdz0f1w2p24493rh3vbk1pskqd1f3v3fbv7kn";
k3sVendorHash = "sha256-/knBr0l7dZ6lX9QpohyPNrFEi4WQpNM01zOE5bCIB2E=";
chartVersions = import ./chart-versions.nix;
imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json);
k3sRootVersion = "0.14.0";
k3sRootSha256 = "15cs9faw3jishsb5nhgmb5ldjc47hkwf7hz2126fp8ahf80m0fcl";
k3sCNIVersion = "1.4.0-k3s2";
k3sCNISha256 = "17dg6jgjx18nrlyfmkv14dhzxsljz4774zgwz5dchxcf38bvarqa";
containerdVersion = "1.7.17-k3s1.28";
containerdSha256 = "0nhhx932j551ran3kkvyp4nmsg5c71mq0g6jrcbs2j4nn7yqdkhm";
containerdVersion = "1.7.20-k3s2.28";
containerdSha256 = "0jqqa9202d94qd7g8d5zy161snlsc42cdjpmp50w4j3pnp2i1cki";
criCtlVersion = "1.26.0-rc.0-k3s1";
}

16
pkgs/applications/networking/cluster/k3s/1_29/images-versions.json
View file

@ -1,18 +1,18 @@
{
"airgap-images-amd64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.7%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "1dyh107ygnlv9gyq2f9jdgrwjiyg25a61id69z48vc60gq480888"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.8%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "1v3vyrb86xijyvljs0s0skhxpjbarjqg2sx9m40332dfq9din7xq"
},
"airgap-images-arm": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.7%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "16l6d1ix3ri1l2wr2k5brg11a1snbkqhqasrk69wrix6diddklrn"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.8%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "0yifpx6vix5bjzkz81i5rsn89hkpp0rhk77ndl1lgy66pq4csbmm"
},
"airgap-images-arm64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.7%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "0pg4nzh1rf28003yxhl3jklxs41vjjgldviybvnqqp146ib6hy0r"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.8%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "1p8zf47pghhjqhrcvmzdbcfxxy78pjpqwvmhm3wdidsa8xyy375a"
},
"images-list": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.7%2Bk3s1/k3s-images.txt",
"sha256": "1my3lfs5rfazcnnpsc9dj84dfnxx88xydrl86z6yw5n5p84x4nif"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.29.8%2Bk3s1/k3s-images.txt",
"sha256": "1f1d33jn4g5b6zmzdzzm4ffwfrmjwh60v9gnph0ysxjwsq1k0pxp"
}
}

12
pkgs/applications/networking/cluster/k3s/1_29/versions.nix
View file

@ -1,15 +1,15 @@
{
k3sVersion = "1.29.7+k3s1";
k3sCommit = "f246bbc390a05f45431e49617b58013fe06a460d";
k3sRepoSha256 = "0fv628rxxavqmb2gv0ncsx4m8ghn3v6ddn2n06x8q4ar27d9gijg";
k3sVendorHash = "sha256-pAOyGgEaO6ewNv+6yhDt83NZl95rmLseFUs4vlXNH6Q=";
k3sVersion = "1.29.8+k3s1";
k3sCommit = "33fdc35dd67cf6c07989327e992fd26ed89b2449";
k3sRepoSha256 = "0ky5f039nkhdj6y5v9yr6lk875l29c67j6kqc2dzdb3iqbwskcbr";
k3sVendorHash = "sha256-VxVGBvpeKf/nuw09Llf85d4P8oCD2GvD1f0Mxt6fMj8=";
chartVersions = import ./chart-versions.nix;
imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json);
k3sRootVersion = "0.14.0";
k3sRootSha256 = "15cs9faw3jishsb5nhgmb5ldjc47hkwf7hz2126fp8ahf80m0fcl";
k3sCNIVersion = "1.4.0-k3s2";
k3sCNISha256 = "17dg6jgjx18nrlyfmkv14dhzxsljz4774zgwz5dchxcf38bvarqa";
containerdVersion = "1.7.17-k3s1";
containerdSha256 = "1j61mbgx346ydvnjd8b07wf7nmvvplx28wi5jjdzi1k688r2hxpf";
containerdVersion = "1.7.20-k3s1";
containerdSha256 = "12ihr3z8vcglv5b0v9ris29zkkkdvjbcp3bf7ym71a0xdbg83s8i";
criCtlVersion = "1.29.0-k3s1";
}

16
pkgs/applications/networking/cluster/k3s/1_30/images-versions.json
View file

@ -1,18 +1,18 @@
{
"airgap-images-amd64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "1ym7cdm3a2f05wgh4vba2g7q1zihrfvvm2zngcs0gm8djj7hy4d9"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.4%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "145sj4gpwdjvfv3bphpdg6db1d83bbwl0shbnsqpjizsm3ifvmm9"
},
"airgap-images-arm": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "15mj949msrd30xhqryhpsvx1bi3pywm1z5bmi0h40qyzc1mcfvjk"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.4%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "0sdkfsjxxi5sq0nxjw7g7r1p7711l74r39y5ss12q85q4sla0m7l"
},
"airgap-images-arm64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "1k2q6rzczajnrkj57p97fdr7lgmrfv7x54by2syngfwb5in8fhd5"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.4%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "1kw85g79rywk6n3wda7ffvjhf030wwj8g3x8n73rgiprvksw4p7j"
},
"images-list": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.3%2Bk3s1/k3s-images.txt",
"sha256": "1my3lfs5rfazcnnpsc9dj84dfnxx88xydrl86z6yw5n5p84x4nif"
"url": "https://github.com/k3s-io/k3s/releases/download/v1.30.4%2Bk3s1/k3s-images.txt",
"sha256": "1f1d33jn4g5b6zmzdzzm4ffwfrmjwh60v9gnph0ysxjwsq1k0pxp"
}
}

12
pkgs/applications/networking/cluster/k3s/1_30/versions.nix
View file

@ -1,15 +1,15 @@
{
k3sVersion = "1.30.3+k3s1";
k3sCommit = "f646604010affc6a1d3233a8a0870bca46bf80cf";
k3sRepoSha256 = "1sqa4cx5rihrqcnriq7if7sm4hx73ma975yyr5k9nvhg71dvlig3";
k3sVendorHash = "sha256-HMlYdWDUoELpwsfCtyCxVIcFULdvu5gna83lc79AUWc=";
k3sVersion = "1.30.4+k3s1";
k3sCommit = "98262b5dee29fe5ac849a0cef90b5d50292b020b";
k3sRepoSha256 = "1iwg7j0divbh41dx40kz69qkvscvppqb37dqvxayw3ha1yja4sq6";
k3sVendorHash = "sha256-EovTZ3DvDqWFR9vxhtjgcZcPXVk1C0PYNCxEV5XA6wg=";
chartVersions = import ./chart-versions.nix;
imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json);
k3sRootVersion = "0.14.0";
k3sRootSha256 = "15cs9faw3jishsb5nhgmb5ldjc47hkwf7hz2126fp8ahf80m0fcl";
k3sCNIVersion = "1.4.0-k3s2";
k3sCNISha256 = "17dg6jgjx18nrlyfmkv14dhzxsljz4774zgwz5dchxcf38bvarqa";
containerdVersion = "1.7.17-k3s1";
containerdSha256 = "1j61mbgx346ydvnjd8b07wf7nmvvplx28wi5jjdzi1k688r2hxpf";
containerdVersion = "1.7.20-k3s1";
containerdSha256 = "12ihr3z8vcglv5b0v9ris29zkkkdvjbcp3bf7ym71a0xdbg83s8i";
criCtlVersion = "1.29.0-k3s1";
}

10
pkgs/applications/networking/cluster/k3s/1_31/chart-versions.nix Normal file
View file

@ -0,0 +1,10 @@
{
traefik-crd = {
url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz";
sha256 = "1z693i4kd3jyf26ccnb0sxjyxadipl6k13n7jyg5v4y93fv1rpdw";
};
traefik = {
url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.3+up25.0.0.tgz";
sha256 = "1a24qlp7c6iri72ka1i37l1lzn13xibrd26dy295z2wzr55gg7if";
};
}

18
pkgs/applications/networking/cluster/k3s/1_31/images-versions.json Normal file
View file

@ -0,0 +1,18 @@
{
"airgap-images-amd64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.31.0%2Bk3s1/k3s-airgap-images-amd64.tar.zst",
"sha256": "13pakr8nxlbqhqcz40gyjncw4bghk7x7ryb2ynmr5airspqcdrl6"
},
"airgap-images-arm": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.31.0%2Bk3s1/k3s-airgap-images-arm.tar.zst",
"sha256": "0vc2v89qy9gbzfbmfrdb0l5yzyprk7yma5ps0yfj60jd9av07qvh"
},
"airgap-images-arm64": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.31.0%2Bk3s1/k3s-airgap-images-arm64.tar.zst",
"sha256": "10ffa45pm1scavcd5cimdaw29rlc55c9i40qzh3n3451g1yqlmmk"
},
"images-list": {
"url": "https://github.com/k3s-io/k3s/releases/download/v1.31.0%2Bk3s1/k3s-images.txt",
"sha256": "0y4x02fj1iysghq6s88wsiqfpsajrrwrg89m59qk431cii23nrza"
}
}

15
pkgs/applications/networking/cluster/k3s/1_31/versions.nix Normal file
View file

@ -0,0 +1,15 @@
{
k3sVersion = "1.31.0+k3s1";
k3sCommit = "34be6d96d17d8d65fda86272b62b752cb0e9c45e";
k3sRepoSha256 = "16yzsx56jmca07jdnzjvy4pcfrvvibv987l1mzdaws1vkm3xqfnw";
k3sVendorHash = "sha256-1uYlvGkW6n4aiUVX/2OjppczdobY/fk1ZaK6j3AEwvM=";
chartVersions = import ./chart-versions.nix;
imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json);
k3sRootVersion = "0.14.0";
k3sRootSha256 = "15cs9faw3jishsb5nhgmb5ldjc47hkwf7hz2126fp8ahf80m0fcl";
k3sCNIVersion = "1.4.0-k3s2";
k3sCNISha256 = "17dg6jgjx18nrlyfmkv14dhzxsljz4774zgwz5dchxcf38bvarqa";
containerdVersion = "1.7.20-k3s1";
containerdSha256 = "12ihr3z8vcglv5b0v9ris29zkkkdvjbcp3bf7ym71a0xdbg83s8i";
criCtlVersion = "1.31.0-k3s2";
}

2
pkgs/applications/networking/cluster/k3s/builder.nix
View file

@ -211,7 +211,7 @@ let
sed --quiet '/# --- run the install process --/q;p' ${k3sRepo}/install.sh > install.sh
# Let killall expect "containerd-shim" in the Nix store
to_replace="k3s/data/\[\^/\]\*/bin/containerd-shim"
to_replace="/data/\[\^/\]\*/bin/containerd-shim"
replacement="/nix/store/.*k3s-containerd.*/bin/containerd-shim"
changes=$(sed -i "s|$to_replace|$replacement| w /dev/stdout" install.sh)
if [ -z "$changes" ]; then

10
pkgs/applications/networking/cluster/k3s/default.nix
View file

@ -43,4 +43,14 @@ in
];
}
) extraArgs;
k3s_1_31 = common (
(import ./1_31/versions.nix)
// {
updateScript = [
./update-script.sh
"31"
];
}
) extraArgs;
}

8
pkgs/applications/networking/cluster/k3s/update-script.sh
View file

@ -107,7 +107,13 @@ CONTAINERD_VERSION=$(grep github.com/containerd/containerd ${FILE_GO_MOD} \
CONTAINERD_SHA256=$(nix-prefetch-url --quiet --unpack \
"https://github.com/k3s-io/containerd/archive/refs/tags/v${CONTAINERD_VERSION}.tar.gz")
CRI_CTL_VERSION=$(grep github.com/kubernetes-sigs/cri-tools ${FILE_GO_MOD} \
# The repository of "cri-tools" changes for 1.31.x, this can likely be removed in future releases
if [ "$MINOR_VERSION" -gt 30 ]; then
CRI_CTL_REPO=sigs.k8s.io
else
CRI_CTL_REPO=github.com/kubernetes-sigs
fi
CRI_CTL_VERSION=$(grep "$CRI_CTL_REPO/cri-tools" ${FILE_GO_MOD} \
| head -n1 | awk '{print $4}' | sed -e 's/"//g' -e 's/^v//')
setKV () {

2
pkgs/applications/networking/cluster/kubectl-view-allocations/default.nix
View file

@ -2,7 +2,6 @@
, stdenv
, rustPlatform
, fetchFromGitHub
, perl
, Security ? null
}:
@ -25,7 +24,6 @@ rustPlatform.buildRustPackage rec {
lockFile = ./Cargo.lock;
};
nativeBuildInputs = [ perl ];
buildInputs = lib.optionals stdenv.isDarwin [ Security ];
meta = with lib; {

6
pkgs/applications/networking/cluster/kubergrunt/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubergrunt";
version = "0.15.0";
version = "0.16.0";
src = fetchFromGitHub {
owner = "gruntwork-io";
repo = "kubergrunt";
rev = "v${version}";
sha256 = "sha256-yN5tpe3ayQPhTlBvxlt7CD6mSURCB4lxGatEK9OThzs=";
sha256 = "sha256-FOXnerB6qmUUotWLlTTsR5x0+A0Q9D8PVDTMG8j8b9o=";
};
vendorHash = "sha256-VJkqg2cnpYHuEYOv5+spoyRWFAdFWE7YIVYaN9OmIZM=";
vendorHash = "sha256-rgU6Yv+gmKShWfpPaWtK2VIBPgFSsPVOnUzIp2+V7oI=";
# Disable tests since it requires network access and relies on the
# presence of certain AWS infrastructure

6
pkgs/applications/networking/cluster/kuttl/default.nix
View file

@ -2,17 +2,17 @@
buildGoModule rec {
pname = "kuttl";
version = "0.18.0";
version = "0.19.0";
cli = "kubectl-kuttl";
src = fetchFromGitHub {
owner = "kudobuilder";
repo = "kuttl";
rev = "v${version}";
sha256 = "sha256-wTnBMNgwHqK8PdpEa3RAsVJemnGw/ymn6GJciPFsYrU=";
sha256 = "sha256-7fcVmLvRbKYuWuqwqZWlQf08YEyowcTxrp5RteV8qyU=";
};
vendorHash = "sha256-RKQM1JxyZA1HwqRjCULY4X3jZK9SgclW55/qXp395cQ=";
vendorHash = "sha256-E6gzr9gCLbRaoJU/pYA2cAy0rv5SUVmwf0m34lchF+M=";
subPackages = [ "cmd/kubectl-kuttl" ];

6
pkgs/applications/networking/instant-messengers/element/element-desktop.nix
View file

@ -30,7 +30,7 @@ stdenv.mkDerivation (finalAttrs: builtins.removeAttrs pinData [ "hashes" ] // {
pname = "element-desktop";
name = "${finalAttrs.pname}-${finalAttrs.version}";
src = fetchFromGitHub {
owner = "vector-im";
owner = "element-hq";
repo = "element-desktop";
rev = "v${finalAttrs.version}";
hash = desktopSrcHash;
@ -112,7 +112,7 @@ stdenv.mkDerivation (finalAttrs: builtins.removeAttrs pinData [ "hashes" ] // {
'';
# The desktop item properties should be kept in sync with data from upstream:
# https://github.com/vector-im/element-desktop/blob/develop/package.json
# https://github.com/element-hq/element-desktop/blob/develop/package.json
desktopItem = makeDesktopItem {
name = "element-desktop";
exec = "${executableName} %u";
@ -147,7 +147,7 @@ stdenv.mkDerivation (finalAttrs: builtins.removeAttrs pinData [ "hashes" ] // {
meta = with lib; {
description = "A feature-rich client for Matrix.org";
homepage = "https://element.io/";
changelog = "https://github.com/vector-im/element-desktop/blob/v${finalAttrs.version}/CHANGELOG.md";
changelog = "https://github.com/element-hq/element-desktop/blob/v${finalAttrs.version}/CHANGELOG.md";
license = licenses.asl20;
maintainers = teams.matrix.members;
inherit (electron.meta) platforms;

6
pkgs/applications/networking/instant-messengers/element/element-web.nix
View file

@ -20,7 +20,7 @@ stdenv.mkDerivation (finalAttrs: builtins.removeAttrs pinData [ "hashes" ] // {
pname = "element-web";
src = fetchFromGitHub {
owner = "vector-im";
owner = "element-hq";
repo = "element-web";
rev = "v${finalAttrs.version}";
hash = webSrcHash;
@ -51,7 +51,7 @@ stdenv.mkDerivation (finalAttrs: builtins.removeAttrs pinData [ "hashes" ] // {
# with the update of openssl3, some key ciphers are not supported anymore
# this flag will allow those codecs again as a workaround
# see https://medium.com/the-node-js-collection/node-js-17-is-here-8dba1e14e382#5f07
# and https://github.com/vector-im/element-web/issues/21043
# and https://github.com/element-hq/element-web/issues/21043
export NODE_OPTIONS=--openssl-legacy-provider
mkdir -p $HOME
@ -77,7 +77,7 @@ stdenv.mkDerivation (finalAttrs: builtins.removeAttrs pinData [ "hashes" ] // {
meta = {
description = "Glossy Matrix collaboration client for the web";
homepage = "https://element.io/";
changelog = "https://github.com/vector-im/element-web/blob/v${finalAttrs.version}/CHANGELOG.md";
changelog = "https://github.com/element-hq/element-web/blob/v${finalAttrs.version}/CHANGELOG.md";
maintainers = lib.teams.matrix.members;
license = lib.licenses.asl20;
platforms = lib.platforms.all;

10
pkgs/applications/networking/instant-messengers/element/update.sh
View file

@ -12,15 +12,15 @@ version="$1"
set -euo pipefail
if [ -z "$version" ]; then
version="$(wget -q -O- "https://api.github.com/repos/vector-im/element-desktop/releases?per_page=1" | jq -r '.[0].tag_name')"
version="$(wget -q -O- "https://api.github.com/repos/element-hq/element-desktop/releases?per_page=1" | jq -r '.[0].tag_name')"
fi
# strip leading "v"
version="${version#v}"
# Element Web
web_src="https://raw.githubusercontent.com/vector-im/element-web/v$version"
web_src_hash=$(nix-prefetch-github vector-im element-web --rev v${version} | jq -r .hash)
web_src="https://raw.githubusercontent.com/element-hq/element-web/v$version"
web_src_hash=$(nix-prefetch-github element-hq element-web --rev v${version} | jq -r .hash)
web_tmpdir=$(mktemp -d)
trap 'rm -rf "$web_tmpdir"' EXIT
@ -31,8 +31,8 @@ web_yarn_hash=$(prefetch-yarn-deps yarn.lock)
popd
# Element Desktop
desktop_src="https://raw.githubusercontent.com/vector-im/element-desktop/v$version"
desktop_src_hash=$(nix-prefetch-github vector-im element-desktop --rev v${version} | jq -r .hash)
desktop_src="https://raw.githubusercontent.com/element-hq/element-desktop/v$version"
desktop_src_hash=$(nix-prefetch-github element-hq element-desktop --rev v${version} | jq -r .hash)
desktop_tmpdir=$(mktemp -d)
trap 'rm -rf "$desktop_tmpdir"' EXIT

4
pkgs/applications/networking/instant-messengers/hydrogen-web/unwrapped.nix
View file

@ -12,7 +12,7 @@ stdenv.mkDerivation (finalAttrs: {
version = "0.4.0";
src = fetchFromGitHub {
owner = "vector-im";
owner = "element-hq";
repo = "hydrogen-web";
rev = "v${finalAttrs.version}";
hash = "sha256-u8Yex3r7EZH+JztQHJbfncYeyyl6hgb1ZNFIg//wcb0=";
@ -57,7 +57,7 @@ stdenv.mkDerivation (finalAttrs: {
meta = {
description = "Lightweight matrix client with legacy and mobile browser support";
homepage = "https://github.com/vector-im/hydrogen-web";
homepage = "https://github.com/element-hq/hydrogen-web";
maintainers = lib.teams.matrix.members;
license = lib.licenses.asl20;
platforms = lib.platforms.all;

4
pkgs/applications/networking/xpipe/default.nix
View file

@ -33,14 +33,14 @@ let
}.${system} or throwSystem;
hash = {
x86_64-linux = "sha256-l67oq9Jj2mmxcLsEMI4t+85cKD65xxMNkTNJrrRrwJQ=";
x86_64-linux = "sha256-DoN6I1lk4WpOZ+jC+od7jum3lxBHFppea5QFTuqY5nk=";
}.${system} or throwSystem;
displayname = "XPipe";
in stdenvNoCC.mkDerivation rec {
pname = "xpipe";
version = "11.0";
version = "11.1";
src = fetchzip {
url = "https://github.com/xpipe-io/xpipe/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";

6
pkgs/applications/office/appflowy/default.nix
View file

@ -17,11 +17,11 @@ let
rec {
x86_64-linux = {
urlSuffix = "linux-x86_64.tar.gz";
hash = "sha256-2v7LF53UmVxFzoNHwv+B2zN7I6pSP66x32OplcIR7Fk=";
hash = "sha256-sQ3dxwPWHLUoWgnR9+oHaFoDzXxtwKRiBvz2wkFB01g=";
};
x86_64-darwin = {
urlSuffix = "macos-universal.zip";
hash = "sha256-73Do2Jhso6GJsyDiSz3ACN8pEmZbuPNW3vjW3BFLhY4=";
hash = "sha256-4bU/qecZBrTr34SZAjDDgwpXAAHDITz6lV6mJGjElko=";
};
aarch64-darwin = x86_64-darwin;
}
@ -29,7 +29,7 @@ let
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "appflowy";
version = "0.6.6";
version = "0.6.8";
src = fetchzip {
url = "https://github.com/AppFlowy-IO/appflowy/releases/download/${finalAttrs.version}/AppFlowy-${finalAttrs.version}-${dist.urlSuffix}";

4
pkgs/applications/science/robotics/qgroundcontrol/default.nix
View file

@ -4,7 +4,7 @@
stdenv.mkDerivation rec {
pname = "qgroundcontrol";
version = "4.4.1";
version = "4.4.2";
propagatedBuildInputs = [
qtbase qtcharts qtlocation qtserialport qtsvg qtquickcontrols2
@ -67,7 +67,7 @@ stdenv.mkDerivation rec {
owner = "mavlink";
repo = pname;
rev = "v${version}";
hash = "sha256-FdF9QQYCF7HbmjvUQgV6HytJo2Aje2OEDPO2GSl1dqE=";
hash = "sha256-2Bc4uC/2e+PTsvFZ4RjnTzkOiBO9vsYHeLPkcwpDRrg=";
fetchSubmodules = true;
};

2
pkgs/applications/system/qjournalctl/default.nix
View file

@ -40,6 +40,6 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/pentix/qjournalctl";
license = licenses.gpl3Only;
platforms = platforms.all;
maintainers = with maintainers; [ srgom romildo ];
maintainers = with maintainers; [ romildo ];
};
}

6
pkgs/applications/version-management/sublime-merge/default.nix
View file

@ -11,9 +11,9 @@ in
} { };
sublime-merge-dev = common {
buildVersion = "2095";
buildVersion = "2099";
dev = true;
aarch64sha256 = "FmXz8VAWS7e0bB9NeXbihnhdhWMyNJJs6PNt+K2G0Bk=";
x64sha256 = "83Hw27RgGPgugpf4eMuWT6/MSQ2Q2VBCbaXoSGFtTPI=";
aarch64sha256 = "6rfUwzSBCJ3CRrL5E4+wBQ3FuB3PaAUCwh5pDtAbNKE=";
x64sha256 = "qIXDlsdaxY8wvky/ClwhZykZTVrUShsV56utb6BRCWQ=";
} { };
}

36
pkgs/by-name/ag/age-plugin-fido2-hmac/package.nix
View file

@ -1,10 +1,27 @@
{ lib
, buildGoModule
, fetchFromGitHub
, libfido2
, stdenv
{
lib,
buildGoModule,
fetchFromGitHub,
stdenv,
libfido2,
openssl,
libcbor
}:
let
darwin_arch = if stdenv.hostPlatform.system == "aarch64-darwin" then "arm64" else "amd64";
darwin_configure = ''
chmod -R +w vendor/github.com/keys-pub/go-libfido2
cat << EOF > vendor/github.com/keys-pub/go-libfido2/fido2_static_${darwin_arch}.go
package libfido2
/*
#cgo darwin LDFLAGS: -framework CoreFoundation -framework IOKit -L${lib.getLib openssl}/lib -L${lib.getLib libcbor}/lib -lfido2
#cgo darwin CFLAGS: -I${libfido2.dev}/include -I${openssl.dev}/include
*/
import "C"
EOF
'';
in
buildGoModule rec {
pname = "age-plugin-fido2-hmac";
version = "0.2.3";
@ -18,11 +35,11 @@ buildGoModule rec {
vendorHash = "sha256-h4/tyq9oZt41IfRJmmsLHUpJiPJ7YuFu59ccM7jHsFo=";
ldflags = [ "-s" "-w" ];
ldflags = [ "-s" "-w" "-X main.version=v${version}" ];
buildInputs = [
libfido2
];
buildInputs = [ libfido2 ];
postConfigure = lib.optional stdenv.isDarwin darwin_configure;
meta = with lib; {
description = "Age plugin to encrypt files with fido2 tokens using the hmac-secret extension and non-discoverable credentials";
@ -30,6 +47,5 @@ buildGoModule rec {
license = licenses.mit;
maintainers = with maintainers; [ matthewcroughan ];
mainProgram = "age-plugin-fido2-hmac";
broken = stdenv.isDarwin;
};
}

4
pkgs/by-name/an/anytype/package.nix
View file

@ -2,11 +2,11 @@
let
pname = "anytype";
version = "0.42.5";
version = "0.42.6";
name = "Anytype-${version}";
src = fetchurl {
url = "https://github.com/anyproto/anytype-ts/releases/download/v${version}/${name}.AppImage";
hash = "sha256-43g/CdmmQTSxk7OTZMPIiWIYJjCG2zJNM9kaAq1jOqE=";
hash = "sha256-ubYk3CsdaUW4AtMYskmFunznUAVcBdbJh4dyGgSs1Io=";
};
appimageContents = appimageTools.extractType2 { inherit pname version src; };
in appimageTools.wrapType2 {

733
pkgs/by-name/at/atlauncher/deps.json generated
View file

File diff suppressed because it is too large Load diff

4
pkgs/by-name/at/atlauncher/package.nix
View file

@ -21,13 +21,13 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "atlauncher";
version = "3.4.36.10";
version = "3.4.37.2";
src = fetchFromGitHub {
owner = "ATLauncher";
repo = "ATLauncher";
rev = "v${finalAttrs.version}";
hash = "sha256-EMV/M5W/acJaQJsi4COoRQC2YVfuJG9HGcwvGfakoNo=";
hash = "sha256-1sIzQBJWbkGk8VrZdRi3eIHBAfiu90lodEZVouZNzVM=";
};
postPatch = ''

6
pkgs/by-name/ci/civo/package.nix
View file

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "civo";
version = "1.0.89";
version = "1.0.90";
src = fetchFromGitHub {
owner = "civo";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-hX/tmeQYcTDs3JZSFhvzCrcbqvfa78MXtTo8VcuAqxY=";
sha256 = "sha256-2UWEQZRbtPArYK7Kr0eHtF8+XWXl06v86nAb8nka50g=";
};
vendorHash = "sha256-bwmJnKxdvVskrrTCa0cdpiYeFVZWTYyaFNEbeymT7P0=";
vendorHash = "sha256-ZnomzHbsNKWwAsRjOjESKSdR+KgSiMMlG0xq33qpzX0=";
nativeBuildInputs = [ installShellFiles ];

4
pkgs/by-name/fa/fast-float/package.nix
View file

@ -7,13 +7,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "fast-float";
version = "6.1.4";
version = "6.1.5";
src = fetchFromGitHub {
owner = "fastfloat";
repo = "fast_float";
rev = "v${finalAttrs.version}";
hash = "sha256-0eVovauN7SnO3nSIWBRWAJ4dR7q5beZrIGUZ18M2pao=";
hash = "sha256-tFHrvwZKZkNkJM5VEpWRPD+yDMH1seuNDR/Rd9pCqBg=";
};
nativeBuildInputs = [ cmake ];

4
pkgs/by-name/la/lazysql/package.nix
View file

@ -8,13 +8,13 @@
buildGoModule rec {
pname = "lazysql";
version = "0.2.5";
version = "0.2.9";
src = fetchFromGitHub {
owner = "jorgerojas26";
repo = "lazysql";
rev = "v${version}";
hash = "sha256-QzvaQMSr0PjeAGJr5ThAQ/U0dRMa17E5hiPnc2ViUNo=";
hash = "sha256-6aJrLkmebOhLrnVhl9cnbW1ZBt0vq8lR7Lhz9nPFr8Q=";
};
vendorHash = "sha256-celee8uyoirX+vtAww2iQJtRwJEHyfHL2mZA2muSRiQ=";

6
pkgs/by-name/le/leetgo/package.nix
View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "leetgo";
version = "1.4.8";
version = "1.4.9";
src = fetchFromGitHub {
owner = "j178";
repo = "leetgo";
rev = "v${version}";
hash = "sha256-4Y/NwgLNBdd2uL7oiIdM1I08ZnLjreHf397s/vhS+Ac=";
hash = "sha256-FlQYTNz1Fh0igwnufjVXN4bsUYBB1kls19D+/v7Ztps=";
};
vendorHash = "sha256-zpS+6Z31m6g67we4JaQ0sPodqC315lgftqGzZkelDCU=";
vendorHash = "sha256-DdAe9yyusA6Ac8ioKqLiM5lcOt9Xy7F77gMG6yBTl7Q=";
nativeBuildInputs = [ installShellFiles ];

2
pkgs/by-name/si/sink-rotate/package.nix
View file

@ -21,7 +21,7 @@ rustPlatform.buildRustPackage {
cargoHash = "sha256-MPeyPTkxpi6iw/BT5m4S7jVBD0c2zG2rsv+UZWQxpUU=";
buildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper ];
postFixup = ''
wrapProgram $out/bin/sink-rotate \

2
pkgs/by-name/un/unrar-free/package.nix
View file

@ -34,7 +34,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
homepage = "https://gitlab.com/bgermann/unrar-free";
license = lib.licenses.gpl2Plus;
mainProgram = "unrar";
mainProgram = "unrar-free";
maintainers = with lib.maintainers; [ thiagokokada ];
platforms = lib.platforms.unix;
broken = stdenv.isDarwin;

4
pkgs/by-name/vc/vcpkg/package.nix
View file

@ -8,13 +8,13 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "vcpkg";
version = "2024.07.12";
version = "2024.08.23";
src = fetchFromGitHub {
owner = "microsoft";
repo = "vcpkg";
rev = finalAttrs.version;
hash = "sha256-WE+BeF9BYR9/Gmi60g6ApXsWQ2vch2N6XhH1A9HAHsc=";
hash = "sha256-cJOy7DG5Ea5cpnHvUiv70FV2ULrevs64Bu5eBJi9BLs=";
leaveDotGit = true;
postFetch = ''
cd "$out"

2
pkgs/by-name/vp/vpsfree-client/Gemfile
View file

@ -2,4 +2,4 @@
source "https://rubygems.org"
gem "vpsfree-client", "0.18.0"
gem "vpsfree-client"

52
pkgs/by-name/vp/vpsfree-client/Gemfile.lock
View file

@ -1,45 +1,48 @@
GEM
remote: https://rubygems.org/
specs:
activesupport (7.1.3.2)
activesupport (7.2.1)
base64
bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2)
concurrent-ruby (~> 1.0, >= 1.3.1)
connection_pool (>= 2.2.5)
drb
i18n (>= 1.6, < 2)
logger (>= 1.4.2)
minitest (>= 5.1)
mutex_m
tzinfo (~> 2.0)
securerandom (>= 0.3)
tzinfo (~> 2.0, >= 2.0.5)
base64 (0.2.0)
bigdecimal (3.1.6)
concurrent-ruby (1.2.3)
bigdecimal (3.1.8)
concurrent-ruby (1.3.4)
connection_pool (2.4.1)
curses (1.4.4)
curses (1.4.6)
domain_name (0.6.20240107)
drb (2.2.1)
haveapi-client (0.19.3)
haveapi-client (0.23.7)
activesupport (>= 7.0)
highline (~> 2.1.0)
highline (~> 3.1)
json
require_all (~> 2.0.0)
rest-client (~> 2.1.0)
ruby-progressbar (~> 1.13.0)
highline (2.1.0)
highline (3.1.1)
reline
http-accept (1.7.0)
http-cookie (1.0.5)
http-cookie (1.0.7)
domain_name (~> 0.5)
i18n (1.14.3)
i18n (1.14.5)
concurrent-ruby (~> 1.0)
racc (~> 1.7)
json (2.7.1)
io-console (0.7.2)
json (2.7.2)
logger (1.6.1)
mime-types (3.5.2)
mime-types-data (~> 3.2015)
mime-types-data (3.2024.0305)
minitest (5.22.2)
mutex_m (0.2.0)
mime-types-data (3.2024.0903)
minitest (5.25.1)
netrc (0.11.0)
racc (1.7.3)
reline (0.5.10)
io-console (~> 0.5)
require_all (2.0.0)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
@ -47,20 +50,21 @@ GEM
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
ruby-progressbar (1.13.0)
securerandom (0.3.1)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
vpsadmin-client (3.0.0.master.20231229.pre.0.51d41b07)
vpsadmin-client (4.0.0)
curses
haveapi-client (~> 0.19.0)
haveapi-client (~> 0.23.6)
json
vpsfree-client (0.18.0)
vpsadmin-client (= 3.0.0.master.20231229.pre.0.51d41b07)
vpsfree-client (0.19.0)
vpsadmin-client (~> 4.0)
PLATFORMS
ruby
DEPENDENCIES
vpsfree-client (= 0.18.0)
vpsfree-client
BUNDLED WITH
2.4.22
2.5.9

104
pkgs/by-name/vp/vpsfree-client/gemset.nix
View file

@ -1,14 +1,14 @@
{
activesupport = {
dependencies = ["base64" "bigdecimal" "concurrent-ruby" "connection_pool" "drb" "i18n" "minitest" "mutex_m" "tzinfo"];
dependencies = ["base64" "bigdecimal" "concurrent-ruby" "connection_pool" "drb" "i18n" "logger" "minitest" "securerandom" "tzinfo"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0blbbf2x7dn7ar4g9aij403582zb6zscbj48bz63lvaamsvlb15d";
sha256 = "094cv9kxa8hwlsw3c0njkvvayd0wszcz9b6xywv4yajrg83zlmvm";
type = "gem";
};
version = "7.1.3.2";
version = "7.2.1";
};
base64 = {
groups = ["default"];
@ -25,20 +25,20 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "00db5v09k1z3539g1zrk7vkjrln9967k08adh6qx33ng97a2gg5w";
sha256 = "1gi7zqgmqwi5lizggs1jhc3zlwaqayy9rx2ah80sxy24bbnng558";
type = "gem";
};
version = "3.1.6";
version = "3.1.8";
};
concurrent-ruby = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1qh1b14jwbbj242klkyz5fc7npd4j0mvndz62gajhvl1l3wd7zc2";
sha256 = "0chwfdq2a6kbj6xz9l6zrdfnyghnh32si82la1dnpa5h75ir5anl";
type = "gem";
};
version = "1.2.3";
version = "1.3.4";
};
connection_pool = {
groups = ["default"];
@ -55,10 +55,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "00y9g79lzfffxarj3rmhnkblsnyx7izx91mh8c1sdcs9y2pdfq53";
sha256 = "15pj04v9m06lj7xcq5xjk6b0nqfpq3kiaisjmh2pysmi6nvsg9ly";
type = "gem";
};
version = "1.4.4";
version = "1.4.6";
};
domain_name = {
groups = ["default"];
@ -86,20 +86,21 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0yjcf6yf90sqjsywlcxzfrfrl835ndw96x6bh4grvc75zbb5ijki";
sha256 = "1a6k0milq4rfybf1pc8gzikpr18dmnzpz1wi2avzdkp0dpqkvaw3";
type = "gem";
};
version = "0.19.3";
version = "0.23.7";
};
highline = {
dependencies = ["reline"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1f8cr014j7mdqpdb9q17fp5vb5b8n1pswqaif91s3ylg5x3pygfn";
sha256 = "1q0f7izfi542sp93gl276spm0xyws1kpqxm0alrwwmz06mz4i0ks";
type = "gem";
};
version = "2.1.0";
version = "3.1.1";
};
http-accept = {
groups = ["default"];
@ -117,31 +118,51 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "13rilvlv8kwbzqfb644qp6hrbsj82cbqmnzcvqip1p6vqx36sxbk";
sha256 = "0lr2yk5g5vvf9nzlmkn3p7mhh9mn55gpdc7kl2w21xs46fgkjynb";
type = "gem";
};
version = "1.0.5";
version = "1.0.7";
};
i18n = {
dependencies = ["concurrent-ruby" "racc"];
dependencies = ["concurrent-ruby"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1j9zl6ssshkdjdn21lckdhsfkkw1n4wcynqp8n67afa5qps2gmds";
sha256 = "1ffix518y7976qih9k1lgnc17i3v6yrlh0a3mckpxdb4wc2vrp16";
type = "gem";
};
version = "1.14.3";
version = "1.14.5";
};
io-console = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "08d2lx42pa8jjav0lcjbzfzmw61b8imxr9041pva8xzqabrczp7h";
type = "gem";
};
version = "0.7.2";
};
json = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0r9jmjhg2ly3l736flk7r2al47b5c8cayh0gqkq0yhjqzc9a6zhq";
sha256 = "0b4qsi8gay7ncmigr0pnbxyb17y3h8kavdyhsh7nrlqwr35vb60q";
type = "gem";
};
version = "2.7.1";
version = "2.7.2";
};
logger = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0lwncq2rf8gm79g2rcnnyzs26ma1f4wnfjm6gs4zf2wlsdz5in9s";
type = "gem";
};
version = "1.6.1";
};
mime-types = {
dependencies = ["mime-types-data"];
@ -159,30 +180,20 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "00x7w5xqsj9m33v3vkmy23wipkkysafksib53ypzn27p5g81w455";
sha256 = "0d5bmxcq87nj6h5rx6b1fkdzq8256yba97s2vlkszpwhc47m9rfs";
type = "gem";
};
version = "3.2024.0305";
version = "3.2024.0903";
};
minitest = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0667vf0zglacry87nkcl3ns8421aydvz71vfa3g3yjhiq8zh19f5";
sha256 = "1n1akmc6bibkbxkzm1p1wmfb4n9vv397knkgz0ffykb3h1d7kdix";
type = "gem";
};
version = "5.22.2";
};
mutex_m = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1ma093ayps1m92q845hmpk0dmadicvifkbf05rpq9pifhin0rvxn";
type = "gem";
};
version = "0.2.0";
version = "5.25.1";
};
netrc = {
groups = ["default"];
@ -194,15 +205,16 @@
};
version = "0.11.0";
};
racc = {
reline = {
dependencies = ["io-console"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp";
sha256 = "0rl1jmxs7pay58l7lkxkrn6nkdpk52k8rvnfwqsd1swjlxlwjq0n";
type = "gem";
};
version = "1.7.3";
version = "0.5.10";
};
require_all = {
groups = ["default"];
@ -235,6 +247,16 @@
};
version = "1.13.0";
};
securerandom = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1phv6kh417vkanhssbjr960c0gfqvf8z7d3d9fd2yvd41q64bw4q";
type = "gem";
};
version = "0.3.1";
};
tzinfo = {
dependencies = ["concurrent-ruby"];
groups = ["default"];
@ -252,10 +274,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0d1bdyda8l42x8csf4ri2cqcr3xf6pcnv7s1k859rb8ysj7y8aqx";
sha256 = "1qy0l0gyhsyz9hdbqdb324l4zlgs78hml1cnp3gx1jl5ndj62znc";
type = "gem";
};
version = "3.0.0.master.20231229.pre.0.51d41b07";
version = "4.0.0";
};
vpsfree-client = {
dependencies = ["vpsadmin-client"];
@ -263,9 +285,9 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "038a57avnp4wmfqdya5a6r4a135nh6crzs6nf0khnhdhb9kkjfjg";
sha256 = "0cl6r20r7hksd3g6sjqrgi9x21ykbvv170vszf2l06a8ifrrqlk7";
type = "gem";
};
version = "0.18.0";
version = "0.19.0";
};
}

6
pkgs/by-name/vs/vsce/package.nix
View file

@ -12,16 +12,16 @@
buildNpmPackage rec {
pname = "vsce";
version = "3.0.0";
version = "3.1.0";
src = fetchFromGitHub {
owner = "microsoft";
repo = "vscode-vsce";
rev = "v${version}";
hash = "sha256-FoJfpzrbui+tKCEq15wGC0o44iLCBAuVYBISiy+zOmE=";
hash = "sha256-k2jeYeDLpSVw3puiOqlrtQ1a156OV1Er/TqdJuJ+578=";
};
npmDepsHash = "sha256-TTFolysg+La605EoS87gmhEjlzwNUVYmnXKr49De7fk=";
npmDepsHash = "sha256-k6LdGCpVoBNpHe4z7NrS0T/gcB1EQBvBxGAM3zo+AAo=";
postPatch = ''
substituteInPlace package.json --replace '"version": "0.0.0"' '"version": "${version}"'

4
pkgs/by-name/we/weblate/package.nix
View file

@ -28,7 +28,7 @@ let
in
python.pkgs.buildPythonApplication rec {
pname = "weblate";
version = "5.7.1";
version = "5.7.2";
pyproject = true;
@ -41,7 +41,7 @@ python.pkgs.buildPythonApplication rec {
owner = "WeblateOrg";
repo = "weblate";
rev = "refs/tags/weblate-${version}";
hash = "sha256-h5+0lOMD+H0ehtZ0bngA9bI5va1I5KjZH9boaEtXJPo=";
hash = "sha256-cIwCNYXbg7l6z9OAkMAGJ783QI/nCOyrhLPURDcDv+Y=";
};
patches = [

38
pkgs/by-name/wi/wine-discord-ipc-bridge/package.nix Normal file
View file

@ -0,0 +1,38 @@
{
lib,
stdenv,
fetchFromGitHub,
}:
stdenv.mkDerivation {
pname = "wine-discord-ipc-bridge";
version = "unstable-2023-08-09";
src = fetchFromGitHub {
owner = "0e4ef622";
repo = "wine-discord-ipc-bridge";
rev = "f8198c9d52e708143301017a296f7557c4387127";
hash = "sha256-tAknITFlG63+gI5cN9SfUIUZkbIq/MgOPoGIcvoNo4Q=";
};
postPatch = ''
patchShebangs winediscordipcbridge-steam.sh
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp winediscordipcbridge.exe $out/bin
cp winediscordipcbridge-steam.sh $out/bin
runHook postInstall
'';
meta = with lib; {
description = "Enable games running under wine to use Discord Rich Presence";
homepage = "https://github.com/0e4ef622/wine-discord-ipc-bridge";
license = licenses.mit;
maintainers = [ maintainers.uku3lig ];
mainProgram = "winediscordipcbridge";
platforms = [ "mingw32" ];
};
}

126
pkgs/by-name/ya/yarg/package.nix Normal file
View file

@ -0,0 +1,126 @@
{
lib,
stdenv,
fetchzip,
autoPatchelfHook,
alsa-lib,
gtk3,
zlib,
dbus,
hidapi,
libGL,
libXcursor,
libXext,
libXi,
libXinerama,
libxkbcommon,
libXrandr,
libXScrnSaver,
libXxf86vm,
udev,
vulkan-loader,
wayland, # (not used by default, enable with SDL_VIDEODRIVER=wayland - doesn't support HiDPI)
makeDesktopItem,
nix-update-script,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "yarg";
version = "0.12.6";
src = fetchzip {
url = "https://github.com/YARC-Official/YARG/releases/download/v${finalAttrs.version}/YARG_v${finalAttrs.version}-Linux-x86_64.zip";
stripRoot = false;
hash = "sha256-Za+CnuSTfJZVdW0pWvGDnKcbhZsgtNPRWYj1qOA8+Zs=";
};
nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = [
# Load-time libraries (loaded from DT_NEEDED section in ELF binary)
alsa-lib
gtk3
stdenv.cc.cc.lib
zlib
# Run-time libraries (loaded with dlopen)
dbus
hidapi
libGL
libXcursor
libXext
libXi
libXinerama
libxkbcommon
libXrandr
libXScrnSaver
libXxf86vm
udev
vulkan-loader
wayland
];
desktopItem = makeDesktopItem {
name = "yarg";
desktopName = "YARG";
comment = finalAttrs.meta.description;
icon = "yarg";
exec = "yarg";
categories = [ "Game" ];
};
installPhase = ''
runHook preInstall
install -Dm755 YARG "$out/bin/yarg"
install -Dm644 UnityPlayer.so "$out/libexec/yarg/UnityPlayer.so"
mkdir -p "$out/share/pixmaps"
cp -r YARG_Data "$out/share/yarg"
ln -s "$out/share/yarg" "$out/bin/yarg_Data"
ln -s "$out/share/yarg/Resources/UnityPlayer.png" "$out/share/pixmaps/yarg.png"
install -Dm644 "$desktopItem/share/applications/yarg.desktop" "$out/share/applications/yarg.desktop"
runHook postInstall
'';
# Patch required run-time libraries as load-time libraries
#
# Libraries found with:
# > strings UnityPlayer.so | grep '\.so'
# and:
# > LD_DEBUG=libs yarg
postFixup = ''
patchelf \
--add-needed libasound.so.2 \
--add-needed libdbus-1.so.3 \
--add-needed libGL.so.1 \
--add-needed libhidapi-hidraw.so.0 \
--add-needed libpthread.so.0 \
--add-needed libudev.so.1 \
--add-needed libvulkan.so.1 \
--add-needed libwayland-client.so.0 \
--add-needed libwayland-cursor.so.0 \
--add-needed libwayland-egl.so.1 \
--add-needed libX11.so.6 \
--add-needed libXcursor.so.1 \
--add-needed libXext.so.6 \
--add-needed libXi.so.6 \
--add-needed libXinerama.so.1 \
--add-needed libxkbcommon.so.0 \
--add-needed libXrandr.so.2 \
--add-needed libXss.so.1 \
--add-needed libXxf86vm.so.1 \
"$out/libexec/yarg/UnityPlayer.so"
'';
passthru.updateScript = nix-update-script { };
meta = with lib; {
description = "Free, open-source, plastic guitar game";
homepage = "https://yarg.in";
license = licenses.lgpl3Plus;
maintainers = with maintainers; [ kira-bruneau ];
platforms = [ "x86_64-linux" ];
};
})

2
pkgs/development/compilers/idris2/idris2-lsp.nix
View file

@ -35,7 +35,7 @@ let
};
idrisLibraries = [idris2Api lspLib];
buildInputs = [makeWrapper];
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
wrapProgram $out/bin/idris2-lsp \
--suffix IDRIS2_PACKAGE_PATH ':' "${globalLibrariesPath}"

1
pkgs/development/lisp-modules/packages.nix
View file

@ -104,7 +104,6 @@ let
nativeBuildInputs = [ pkgs.allegro5 ];
nativeLibs = [ pkgs.allegro5 ];
lispLibs = super.cl-liballegro-nuklear.lispLibs ++ [ self.cl-liballegro ];
patches = [ ./patches/cl-liballegro-nuklear-missing-dll.patch ];
};
lessp = build-asdf-system {

17
pkgs/development/lisp-modules/patches/cl-liballegro-nuklear-missing-dll.patch
View file

@ -1,17 +0,0 @@
Fix system not loading due to:
Unhandled CFFI:LOAD-FOREIGN-LIBRARY-ERROR
Unable to load foreign library (LIBALLEGRO-NUKLEAR).
Error opening shared object "/build/source/src/liballegro_nuklear.so":
/build/source/src/liballegro_nuklear.so: undefined symbol: al_draw_ellipse.
--- a/cl-liballegro-nuklear.asd
+++ b/cl-liballegro-nuklear.asd
@@ -12,7 +12,7 @@
:description "CFFI wrapper for the Nuklear IM GUI library with liballegro backend, to be used with cl-liballegro."
:author "Andrew Kravchuk <awkravchuk@gmail.com>"
:license "MIT"
- :depends-on (:cffi :cffi-libffi :trivial-features)
+ :depends-on (:cl-liballegro :cffi :cffi-libffi :trivial-features)
:pathname "src"
:serial t
:components ((:makefile "Makefile")

12
pkgs/development/python-modules/ansible-runner/default.nix
View file

@ -35,7 +35,7 @@ buildPythonPackage rec {
postPatch = ''
substituteInPlace pyproject.toml \
--replace '"setuptools>=45, <=69.0.2", "setuptools-scm[toml]>=6.2, <=8.0.4"' '"setuptools", "setuptools-scm"'
--replace-fail '"setuptools>=45, <=69.0.2", "setuptools-scm[toml]>=6.2, <=8.0.4"' '"setuptools", "setuptools-scm"'
'';
build-system = [
@ -69,13 +69,18 @@ buildPythonPackage rec {
'';
disabledTests = [
# Requires network access
# Tests require network access
"test_callback_plugin_task_args_leak"
"test_env_accuracy"
# Times out on slower hardware
"test_large_stdout_blob"
# Failed: DID NOT RAISE <class 'RuntimeError'>
"test_validate_pattern"
# Assertion error
"test_get_role_list"
"test_include_role_from_collection_events"
"test_resolved_actions"
"test_callback_plugin_censoring_does_not_overwrite"
];
disabledTestPaths =
@ -95,9 +100,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Helps when interfacing with Ansible";
mainProgram = "ansible-runner";
homepage = "https://github.com/ansible/ansible-runner";
changelog = "https://github.com/ansible/ansible-runner/releases/tag/${version}";
license = licenses.asl20;
maintainers = [ ];
mainProgram = "ansible-runner";
};
}

4
pkgs/development/python-modules/asyncssh/default.nix
View file

@ -21,14 +21,14 @@
buildPythonPackage rec {
pname = "asyncssh";
version = "2.15.0";
version = "2.17.0";
pyproject = true;
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
hash = "sha256-ChOkOBb0bPCEZX+wVZaCO5PVtI5173djyKdW7BIXg3o=";
hash = "sha256-OxWcEFqjiMHiJFxPr0g/VArajK2ZQCKBEZEAFm5e2zw=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/azure-appconfiguration/default.nix
View file

@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "azure-appconfiguration";
version = "1.6.0";
version = "1.7.1";
pyporject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-z2KKPh6mZDR5ZDzSRt2kZO3Eq3hXQzOaao/oCbwTf+w=";
hash = "sha256-Pr5B6b4/SubKYeXbxCxLfMAHoBBUqFBlAaJt/Bmf0+w=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/azure-mgmt-appcontainers/default.nix
View file

@ -11,14 +11,14 @@
buildPythonPackage rec {
pname = "azure-mgmt-appcontainers";
version = "3.0.0";
version = "3.1.0";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-oqKPEOnZaIU7IMzDqT552IBJr9RtWt3vFO3SlG8igs0=";
hash = "sha256-PHlDnxK8788UCvjG572LUWJOlx/ZH1rOmKzAc8Lm+uw=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/azure-mgmt-datafactory/default.nix
View file

@ -11,14 +11,14 @@
buildPythonPackage rec {
pname = "azure-mgmt-datafactory";
version = "8.0.0";
version = "9.0.0";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-CL1Z50yjbEkncmKT4FhJ7UaOiUtw1CD85TVEJ7KHjQ4=";
hash = "sha256-j1TMe2/jkSVa7p4Ar9HmZjh56GNqtkHP+QbSuyTDT04=";
};
nativeBuildInputs = [ setuptools ];

4
pkgs/development/python-modules/azure-mgmt-netapp/default.nix
View file

@ -11,14 +11,14 @@
buildPythonPackage rec {
pname = "azure-mgmt-netapp";
version = "13.1.0";
version = "13.2.0";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-8JzJFZTplNGo74wBelP8Geo7+FQ7WYmAOAef4jv533M=";
hash = "sha256-31wzzDeQrs04AL8Qsz050RY/AllvXwy+8Ng+QbUihjo=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/azure-mgmt-network/default.nix
View file

@ -11,14 +11,14 @@
buildPythonPackage rec {
pname = "azure-mgmt-network";
version = "25.4.0";
version = "26.0.0";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-ozjmLYH9vwUPgCFDwoy5ZbB+3UOADvBQTN+muIVNdVQ=";
hash = "sha256-TeZ2GEGVBT/bEGpuoQQqiU5wxzGm08imM9UvUin07hs=";
};
nativeBuildInputs = [ setuptools ];

4
pkgs/development/python-modules/azure-mgmt-web/default.nix
View file

@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "azure-mgmt-web";
version = "7.3.0";
version = "7.3.1";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-IDK/TVDfC7uCLqAMrDv74OZ0h9LJzBGCwIWPgxSc3qk=";
hash = "sha256-h7dxQ2vJmnqN9Z0K0YW5aHmgbc4UdkoGs/w9r6j8tWs=";
};
propagatedBuildInputs = [

39
pkgs/development/python-modules/blis/default.nix
View file

@ -3,33 +3,41 @@
buildPythonPackage,
fetchFromGitHub,
setuptools,
cython_0,
cython,
hypothesis,
numpy,
pytestCheckHook,
pythonOlder,
blis,
numpy_2,
gitUpdater,
}:
buildPythonPackage rec {
pname = "blis";
version = "0.7.11";
version = "1.0.0";
pyproject = true;
disabled = pythonOlder "3.7";
disabled = pythonOlder "3.9";
src = fetchFromGitHub {
owner = "explosion";
repo = "cython-blis";
rev = "refs/tags/v${version}";
hash = "sha256-p8pzGZc5OiiGTvXULDgzsBC3jIhovTKUq3RtPnQ/+to=";
rev = "refs/tags/release-v${version}";
hash = "sha256-XS6h2c+8BJ9pAvIX8340C4vRZEBRmEZc6/6tH7ooqNU=";
};
postPatch = ''
# The commit pinning numpy to version 2 doesn't have any functional changes:
# https://github.com/explosion/cython-blis/pull/108
# BLIS should thus work with numpy and numpy_2.
substituteInPlace pyproject.toml setup.py \
--replace-fail "numpy>=2.0.0,<3.0.0" numpy
# See https://github.com/numpy/numpy/issues/21079
# has no functional difference as the name is only used in log output
substituteInPlace blis/benchmark.py \
--replace 'numpy.__config__.blas_ilp64_opt_info["libraries"]' '["dummy"]'
--replace-fail 'numpy.__config__.blas_ilp64_opt_info["libraries"]' '["dummy"]'
'';
preCheck = ''
@ -37,12 +45,13 @@ buildPythonPackage rec {
rm -rf ./blis
'';
nativeBuildInputs = [
build-system = [
setuptools
cython_0
cython
numpy
];
propagatedBuildInputs = [ numpy ];
dependencies = [ numpy ];
nativeCheckInputs = [
hypothesis
@ -52,16 +61,18 @@ buildPythonPackage rec {
pythonImportsCheck = [ "blis" ];
passthru = {
# Do not update to BLIS 0.9.x until the following issue is resolved:
# https://github.com/explosion/thinc/issues/771#issuecomment-1255825935
skipBulkUpdate = true;
tests = {
numpy_2 = blis.overridePythonAttrs (old: {
numpy = numpy_2;
});
};
updateScript = gitUpdater {
rev-prefix = "v";
ignoredVersions = "0\.9\..*";
rev-prefix = "release-v";
};
};
meta = with lib; {
changelog = "https://github.com/explosion/cython-blis/releases/tag/release-v${version}";
description = "BLAS-like linear algebra library";
homepage = "https://github.com/explosion/cython-blis";
license = licenses.bsd3;

14
pkgs/development/python-modules/blocksat-cli/default.nix
View file

@ -5,6 +5,7 @@
fetchFromGitHub,
pyasyncore,
pysnmp,
pysnmplib,
pytestCheckHook,
python-gnupg,
pythonAtLeast,
@ -16,7 +17,7 @@
buildPythonPackage rec {
pname = "blocksat-cli";
version = "2.4.6";
version = "2.4.7";
pyproject = true;
disabled = pythonOlder "3.8";
@ -25,14 +26,17 @@ buildPythonPackage rec {
owner = "Blockstream";
repo = "satellite";
rev = "refs/tags/v${version}";
hash = "sha256-1gz2lAS/AHeY54AaVXGeofLC68KjAP7POsIaBL3v2EY=";
hash = "sha256-OmIQUrUH3kWgf+v+9Hl2OgDdGPwb3guNY0+H64CWkeg=";
};
nativeBuildInputs = [ setuptools ];
pythonRelaxDeps = [ "pyasyncore" ];
propagatedBuildInputs = [
build-system = [ setuptools ];
dependencies = [
distro
pysnmp
pysnmplib
python-gnupg
qrcode
requests
@ -50,10 +54,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Blockstream Satellite CLI";
mainProgram = "blocksat-cli";
homepage = "https://github.com/Blockstream/satellite";
changelog = "https://github.com/Blockstream/satellite/releases/tag/v${version}";
license = licenses.gpl3Only;
maintainers = with maintainers; [ prusnak ];
mainProgram = "blocksat-cli";
};
}

4
pkgs/development/python-modules/catppuccin/default.nix
View file

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "catppuccin";
version = "2.3.0";
version = "2.3.1";
pyproject = true;
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "catppuccin";
repo = "python";
rev = "refs/tags/v${version}";
hash = "sha256-1CPNs+n9S7fV+EvhFWBwnv6/N3UWQ/jiyRcn4XKzmd8=";
hash = "sha256-MIxhl9D6nur26ZrbcXAwH8xO9YZlBvVKlB82qKX3Tx0=";
};
build-system = [

46
pkgs/development/python-modules/ctypesgen/default.nix Normal file
View file

@ -0,0 +1,46 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
unittestCheckHook,
pythonOlder,
setuptools-scm,
setuptools,
toml,
wheel,
}:
buildPythonPackage rec {
pname = "ctypesgen";
version = "1.1.1";
pyproject = true;
disabled = pythonOlder "3.11";
src = fetchFromGitHub {
owner = "ctypesgen";
repo = "ctypesgen";
rev = "refs/tags/${version}";
hash = "sha256-TwIWPellmjMpTGQ+adJBLNMdAqB0kLOMl4YAubvXKqo=";
};
build-system = [
setuptools
setuptools-scm
toml
wheel
];
# Various compiler errors
doCheck = false;
pythonImportsCheck = [ "ctypesgen" ];
meta = with lib; {
description = "Pure-python wrapper generator for ctypes";
homepage = "https://github.com/ctypesgen/ctypesgen";
changelog = "https://github.com/ctypesgen/ctypesgen/blob/${src.rev}/CHANGELOG.md";
license = licenses.bsd2;
maintainers = with maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/django-modeltranslation/default.nix
View file

@ -13,7 +13,7 @@
let
# 0.18.12 was yanked from PyPI, it refers to this issue:
# https://github.com/deschler/django-modeltranslation/issues/701
version = "0.19.7";
version = "0.19.8";
in
buildPythonPackage {
pname = "django-modeltranslation";
@ -23,7 +23,7 @@ buildPythonPackage {
owner = "deschler";
repo = "django-modeltranslation";
rev = "refs/tags/v${version}";
hash = "sha256-jZm51HmK4pgEPeDirMkbLdLJQONspjuqSc2HgiSCtOY=";
hash = "sha256-23htGjPtupmg/oSO/5SuxOfbDmRQKrqx2/lvfqYp7dA=";
};
disabled = pythonOlder "3.6";

4
pkgs/development/python-modules/exchangelib/default.nix
View file

@ -29,7 +29,7 @@
buildPythonPackage rec {
pname = "exchangelib";
version = "5.4.2";
version = "5.4.3";
pyproject = true;
disabled = pythonOlder "3.8";
@ -38,7 +38,7 @@ buildPythonPackage rec {
owner = "ecederstrand";
repo = "exchangelib";
rev = "refs/tags/v${version}";
hash = "sha256-UAc8Aju2+AM7m8XbWliVNzfWlL5fdPDa2q6Fsw04nHQ=";
hash = "sha256-SX5F0OXKdxA2HoDwvCe4M7RftdjUEdQuFbxRyuABC4E=";
};
pythonRelaxDeps = [ "defusedxml" ];

4
pkgs/development/python-modules/fastcore/default.nix
View file

@ -9,7 +9,7 @@
buildPythonPackage rec {
pname = "fastcore";
version = "1.7.2";
version = "1.7.4";
pyproject = true;
disabled = pythonOlder "3.8";
@ -18,7 +18,7 @@ buildPythonPackage rec {
owner = "fastai";
repo = "fastcore";
rev = "refs/tags/${version}";
hash = "sha256-3BOsOd3g+SepFUH2czywyaBnA88qLVyu/8eyHGkuEPY=";
hash = "sha256-pm/8YRefobh7urVWiAlb05COQbaBrXB70buDmuKY/qc=";
};
build-system = [ setuptools ];

55
pkgs/development/python-modules/fickling/default.nix Normal file
View file

@ -0,0 +1,55 @@
{
lib,
astunparse,
buildPythonPackage,
distutils,
fetchFromGitHub,
fickling,
flit-core,
numpy,
pytestCheckHook,
pythonOlder,
torch,
torchvision,
}:
buildPythonPackage rec {
pname = "fickling";
version = "0.1.3";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "trailofbits";
repo = "fickling";
rev = "refs/tags/v${version}";
hash = "sha256-/cV1XhJ8KMFby9nZ/qXEYxf+P6352Q2DZOLuvebyuHQ=";
};
build-system = [
distutils
flit-core
];
dependencies = [ astunparse ];
optional-dependencies = {
torch = [
torch
torchvision
];
};
nativeCheckInputs = [ pytestCheckHook ] ++ lib.flatten (builtins.attrValues optional-dependencies);
pythonImportsCheck = [ "fickling" ];
meta = with lib; {
description = "A Python pickling decompiler and static analyzer";
homepage = "https://github.com/trailofbits/fickling";
changelog = "https://github.com/trailofbits/fickling/releases/tag/v${version}";
license = licenses.lgpl3Plus;
maintainers = with maintainers; [ ];
};
}

4
pkgs/development/python-modules/flipr-api/default.nix
View file

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "flipr-api";
version = "1.6.0";
version = "1.6.1";
pyproject = true;
disabled = pythonOlder "3.9";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "cnico";
repo = "flipr-api";
rev = "refs/tags/${version}";
hash = "sha256-sFCeWfu5rwImIizzik9RzfCWaEHiqhsQrapfuCXHr+4=";
hash = "sha256-/px8NuBwukAPMxdXvHdyfO/j/a9UatKbdrjDNuT0f4k=";
};
build-system = [ poetry-core ];

30
pkgs/development/python-modules/graphtage/default.nix
View file

@ -1,14 +1,17 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
pytestCheckHook,
pythonOlder,
colorama,
distutils,
fetchFromGitHub,
fickling,
intervaltree,
json5,
pytestCheckHook,
pythonOlder,
pyyaml,
scipy,
setuptools,
tqdm,
typing-extensions,
}:
@ -16,24 +19,27 @@
buildPythonPackage rec {
pname = "graphtage";
version = "0.3.1";
format = "setuptools";
pyproject = true;
disabled = pythonOlder "3.6";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "trailofbits";
repo = pname;
repo = "graphtage";
rev = "refs/tags/v${version}";
hash = "sha256-Bz2T8tVdVOdXt23yPITkDNL46Y5LZPhY3SXZ5bF3CHw=";
};
postPatch = ''
substituteInPlace setup.py \
--replace "json5==0.9.5" "json5>=0.9.5"
'';
pythonRelaxDeps = [ "json5" ];
propagatedBuildInputs = [
build-system = [
distutils
setuptools
];
dependencies = [
colorama
fickling
intervaltree
json5
pyyaml
@ -48,10 +54,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Utility to diff tree-like files such as JSON and XML";
mainProgram = "graphtage";
homepage = "https://github.com/trailofbits/graphtage";
changelog = "https://github.com/trailofbits/graphtage/releases/tag/v${version}";
license = licenses.lgpl3Plus;
maintainers = with maintainers; [ veehaitch ];
mainProgram = "graphtage";
};
}

2
pkgs/development/python-modules/jaxlib/bin.nix
View file

@ -181,7 +181,7 @@ buildPythonPackage {
or (throw "jaxlib-bin is not supported on ${stdenv.hostPlatform.system}")
)
else
gpuSrcs."${gpuSrcVersionString}";
gpuSrcs."${gpuSrcVersionString}" or (throw "jaxlib-bin: No gpuSrc for ${gpuSrcVersionString}");
# Prebuilt wheels are dynamically linked against things that nix can't find.
# Run `autoPatchelfHook` to automagically fix them.

4
pkgs/development/python-modules/mizani/default.nix
View file

@ -19,7 +19,7 @@
buildPythonPackage rec {
pname = "mizani";
version = "0.12.1";
version = "0.12.2";
pyproject = true;
disabled = pythonOlder "3.10";
@ -28,7 +28,7 @@ buildPythonPackage rec {
owner = "has2k1";
repo = "mizani";
rev = "refs/tags/v${version}";
hash = "sha256-a/+yZ7oUZG0fKgBUMwIf3XHUjac8Gsh3AosDVuUVoJU=";
hash = "sha256-aTc8LC/2zLrrTfOXABWs049m752PctpvlguA6qhyhp8=";
};
build-system = [ setuptools-scm ];

4
pkgs/development/python-modules/msoffcrypto-tool/default.nix
View file

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "msoffcrypto-tool";
version = "5.4.1";
version = "5.4.2";
pyproject = true;
disabled = pythonOlder "3.8";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "nolze";
repo = "msoffcrypto-tool";
rev = "refs/tags/v${version}";
hash = "sha256-BVm4hMKvvNI3bJ82t4NIRcx8o8mgQgoulIerDwoVIT0=";
hash = "sha256-nwCjgcZqD0hptHC0WqIodHC5m/JHYyUdfEngIoXzNqA=";
};
build-system = [ poetry-core ];

4
pkgs/development/python-modules/nomadnet/default.nix
View file

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "nomadnet";
version = "0.4.9";
version = "0.5.0";
pyproject = true;
disabled = pythonOlder "3.7";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "markqvist";
repo = "NomadNet";
rev = "refs/tags/${version}";
hash = "sha256-Ut/YifODoiHCo3bhN8nV5ZPNIr70FM6MjlZCrUuNaFc=";
hash = "sha256-pYlEstApB0SYnkEfQ0kZl53xtbvTkRV+930TrCMqhbA=";
};
build-system = [ setuptools ];

5
pkgs/development/python-modules/numpy/2.nix
View file

@ -58,7 +58,7 @@ let
in
buildPythonPackage rec {
pname = "numpy";
version = "2.1.0";
version = "2.1.1";
pyproject = true;
disabled = pythonOlder "3.10";
@ -66,7 +66,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
extension = "tar.gz";
hash = "sha256-fckNoAgffh2knsTjmO3mqOnMT16+X54GtEPtiJ7pqqI=";
hash = "sha256-0M99VbEFE4eAdAWziY76+oYpl7TLqKpdvmV755Sv6v0=";
};
patches = lib.optionals python.hasDistutilsCxxPatch [
@ -176,5 +176,6 @@ buildPythonPackage rec {
description = "Scientific tools for Python";
homepage = "https://numpy.org/";
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ doronbehar ];
};
}

4
pkgs/development/python-modules/pykdtree/default.nix
View file

@ -17,12 +17,12 @@
buildPythonPackage rec {
pname = "pykdtree";
version = "1.3.12";
version = "1.3.13";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-zCCypnxkBWSFoxTSwrbbo1SvfuHI+42uG+byk2o3Q0E=";
hash = "sha256-Osz4UulGZT45nD1Nu+EZ28bT9yz9LVqVyr8L8Mf5JP4=";
};
postPatch = ''

39
pkgs/development/python-modules/pynslookup/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
dnspython,
pythonOlder,
}:
buildPythonPackage rec {
pname = "pynslookup";
version = "1.8.1";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "wesinator";
repo = "pynslookup";
rev = "refs/tags/v${version}";
hash = "sha256-cb8oyI8D8SzBP+tm1jGPPshJYhPegYOH0RwIH03/K/A=";
};
build-system = [ setuptools ];
dependencies = [ dnspython ];
# Module has no tests
doCheck = false;
pythonImportsCheck = [ "nslookup" ];
meta = with lib; {
description = "Module to do DNS lookups";
homepage = "https://github.com/wesinator/pynslookup";
license = licenses.mpl20;
maintainers = with maintainers; [ fab ];
};
}

34
pkgs/development/python-modules/spacy/default.nix
View file

@ -10,13 +10,11 @@
fetchPypi,
hypothesis,
jinja2,
jsonschema,
langcodes,
mock,
murmurhash,
numpy,
packaging,
pathy,
preshed,
pydantic,
pytestCheckHook,
@ -29,7 +27,6 @@
thinc,
tqdm,
typer,
typing-extensions,
wasabi,
weasel,
writeScript,
@ -40,36 +37,39 @@
buildPythonPackage rec {
pname = "spacy";
version = "3.7.5";
version = "3.7.6";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-pkjGy/Ksx6Vaae6ef6TyK99pqoKKWHobxc//CM88LdM=";
hash = "sha256-9AZcCqxcSLv7L/4ZHVXMszv7AFN2r71MzW1ek0FRTjQ=";
};
pythonRelaxDeps = [
"smart-open"
"typer"
];
postPatch = ''
# thinc version 8.3.0 had no functional changes
# also see https://github.com/explosion/spaCy/issues/13607
substituteInPlace pyproject.toml setup.cfg \
--replace-fail "thinc>=8.2.2,<8.3.0" "thinc>=8.2.2,<8.4.0"
'';
nativeBuildInputs = [
build-system = [
cymem
cython_0
murmurhash
numpy
thinc
];
propagatedBuildInputs = [
blis
dependencies = [
catalogue
cymem
jinja2
jsonschema
langcodes
murmurhash
numpy
packaging
pathy
preshed
pydantic
requests
@ -82,7 +82,7 @@ buildPythonPackage rec {
typer
wasabi
weasel
] ++ lib.optionals (pythonOlder "3.8") [ typing-extensions ];
];
nativeCheckInputs = [
pytestCheckHook
@ -90,8 +90,6 @@ buildPythonPackage rec {
mock
];
doCheck = true;
# Fixes ModuleNotFoundError when running tests on Cythonized code. See #255262
preCheck = ''
cd $out
@ -132,7 +130,7 @@ buildPythonPackage rec {
description = "Industrial-strength Natural Language Processing (NLP)";
mainProgram = "spacy";
homepage = "https://github.com/explosion/spaCy";
changelog = "https://github.com/explosion/spaCy/releases/tag/v${version}";
changelog = "https://github.com/explosion/spaCy/releases/tag/release-v${version}";
license = licenses.mit;
maintainers = [ ];
};

13
pkgs/development/python-modules/sshfs/default.nix
View file

@ -54,10 +54,15 @@ buildPythonPackage rec {
pytestCheckHook
];
disabledTests = lib.optionals stdenv.isDarwin [
# test fails with sandbox enabled
"test_checksum"
];
disabledTests =
[
# Test requires network access
"test_config_expansions"
]
++ lib.optionals stdenv.isDarwin [
# Test fails with sandbox enabled
"test_checksum"
];
pythonImportsCheck = [ "sshfs" ];

4
pkgs/development/python-modules/tencentcloud-sdk-python/default.nix
View file

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "tencentcloud-sdk-python";
version = "3.0.1224";
version = "3.0.1225";
pyproject = true;
disabled = pythonOlder "3.9";
@ -19,7 +19,7 @@ buildPythonPackage rec {
owner = "TencentCloud";
repo = "tencentcloud-sdk-python";
rev = "refs/tags/${version}";
hash = "sha256-HO4W3EevyPC1nmPsTOVAFyc18CTKAE3cKYnQ7onlLPg=";
hash = "sha256-Fckkv5Oq8JqTqAqw4aOYqxELfk3+TMVOF5eTsGIRjLY=";
};
build-system = [ setuptools ];

46
pkgs/development/python-modules/thinc/default.nix
View file

@ -16,7 +16,6 @@
mock,
murmurhash,
numpy,
plac,
preshed,
pydantic,
pytestCheckHook,
@ -24,51 +23,59 @@
pythonOlder,
setuptools,
srsly,
tqdm,
typing-extensions,
wasabi,
}:
buildPythonPackage rec {
pname = "thinc";
version = "8.2.3";
format = "setuptools";
version = "8.3.0";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-9a/FIikSqAvai9zslYNiorpTjXAn3I22FUhF0oWdynY=";
hash = "sha256-6zvtVPXADsmt2qogjFHM+gWUg9cxQM1RWqMzc3Fcblk=";
};
postPatch = ''
# As per https://github.com/explosion/thinc/releases/tag/release-v8.3.0 no
# code changes were required for NumPy 2.0. Thus Thinc should be compatible
# with NumPy 1.0 and 2.0.
substituteInPlace pyproject.toml setup.cfg \
--replace-fail "numpy>=2.0.0,<2.1.0" numpy
substituteInPlace setup.cfg \
--replace "preshed>=3.0.2,<3.1.0" "preshed"
--replace-fail "numpy>=2.0.1,<2.1.0" numpy
'';
nativeBuildInputs = [ setuptools ];
build-system = [
blis
cymem
cython_0
murmurhash
numpy
preshed
setuptools
];
buildInputs =
[ cython_0 ]
++ lib.optionals stdenv.isDarwin [
Accelerate
CoreFoundation
CoreGraphics
CoreVideo
];
buildInputs = lib.optionals stdenv.isDarwin [
Accelerate
CoreFoundation
CoreGraphics
CoreVideo
];
propagatedBuildInputs = [
dependencies = [
blis
catalogue
confection
cymem
murmurhash
numpy
plac
preshed
pydantic
srsly
tqdm
wasabi
] ++ lib.optionals (pythonOlder "3.8") [ typing-extensions ];
@ -78,10 +85,7 @@ buildPythonPackage rec {
pytestCheckHook
];
# Add native extensions.
preCheck = ''
export PYTHONPATH=$out/${python.sitePackages}:$PYTHONPATH
# avoid local paths, relative imports wont resolve correctly
mv thinc/tests tests
rm -r thinc

4
pkgs/development/python-modules/twilio/default.nix
View file

@ -20,7 +20,7 @@
buildPythonPackage rec {
pname = "twilio";
version = "9.2.4";
version = "9.3.0";
pyproject = true;
disabled = pythonOlder "3.7";
@ -29,7 +29,7 @@ buildPythonPackage rec {
owner = "twilio";
repo = "twilio-python";
rev = "refs/tags/${version}";
hash = "sha256-5HHHSAvyUxR5myKucWpjkF7NQv/b1pViij606TZGzTY=";
hash = "sha256-v+Xq2t9eaKHLQFypNUTzLVBLo+3m0bKkjI09jwD3ieQ=";
};
build-system = [ setuptools ];

4
pkgs/development/tools/analysis/checkov/default.nix
View file

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "checkov";
version = "3.2.243";
version = "3.2.246";
pyproject = true;
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = "checkov";
rev = "refs/tags/${version}";
hash = "sha256-cOBbfBCpF+//f+lB65XjQqUarZDepkuvh6OvJz7xSdA=";
hash = "sha256-oEAu/GDW7u/jPCGLkvazmFJ5c73gAMDWwRu/AkVLDpk=";
};
patches = [ ./flake8-compat-5.x.patch ];

54
pkgs/development/tools/azure-static-sites-client/versions.json
View file

@ -1,25 +1,44 @@
[
{
"version": "latest",
"buildId": "1.0.026911",
"publishDate": "2024-05-15T19:23:23.3973684Z",
"buildId": "19449a00c0269fefc8f29a6d01801c4b19308181",
"publishDate": "2024-08-06T04:39:59.0569065Z",
"files": {
"linux-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/1.0.026911/linux/StaticSitesClient",
"sha": "e1d9e033c973a35f64b7e41b6a114bd8e48022c9c3f7676e79047e87245a874d"
"url": "https://swalocaldeploy.azureedge.net/downloads/19449a00c0269fefc8f29a6d01801c4b19308181/linux/StaticSitesClient",
"sha": "87b0852f6a839fcf8e7d76df78aea1d36b803bb4cc4610fa9cd9531ff53175f0"
},
"win-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/1.0.026911/windows/StaticSitesClient.exe",
"sha": "c67e5eed2b28fcf5c98348732653d1e2b37d842e6dde9a6b30322832c5d86fc7"
"url": "https://swalocaldeploy.azureedge.net/downloads/19449a00c0269fefc8f29a6d01801c4b19308181/windows/StaticSitesClient.exe",
"sha": "8d21e065a68a9aa983fdf95f6965b76f19286dba3dcc159d9af212b3fea31126"
},
"osx-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/1.0.026911/macOS/StaticSitesClient",
"sha": "18ca42a1b13db9b8b6db6bd8c77e65def56fa7bf3ce3fb1184e890d8cd7dd033"
"url": "https://swalocaldeploy.azureedge.net/downloads/19449a00c0269fefc8f29a6d01801c4b19308181/macOS/StaticSitesClient",
"sha": "a8d40d343d4135ccca4ebfd754d0e5c0d71821786a4d7c1b0d42c1b2679c80c1"
}
}
},
{
"version": "stable",
"buildId": "19449a00c0269fefc8f29a6d01801c4b19308181",
"publishDate": "2024-08-06T04:39:59.0569065Z",
"files": {
"linux-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/19449a00c0269fefc8f29a6d01801c4b19308181/linux/StaticSitesClient",
"sha": "87b0852f6a839fcf8e7d76df78aea1d36b803bb4cc4610fa9cd9531ff53175f0"
},
"win-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/19449a00c0269fefc8f29a6d01801c4b19308181/windows/StaticSitesClient.exe",
"sha": "8d21e065a68a9aa983fdf95f6965b76f19286dba3dcc159d9af212b3fea31126"
},
"osx-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/19449a00c0269fefc8f29a6d01801c4b19308181/macOS/StaticSitesClient",
"sha": "a8d40d343d4135ccca4ebfd754d0e5c0d71821786a4d7c1b0d42c1b2679c80c1"
}
}
},
{
"version": "backup",
"buildId": "1.0.026911",
"publishDate": "2024-05-15T19:23:23.3973684Z",
"files": {
@ -36,24 +55,5 @@
"sha": "18ca42a1b13db9b8b6db6bd8c77e65def56fa7bf3ce3fb1184e890d8cd7dd033"
}
}
},
{
"version": "backup",
"buildId": "1.0.026792",
"publishDate": "2024-05-03T18:31:36.0288058Z",
"files": {
"linux-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/1.0.026792/linux/StaticSitesClient",
"sha": "a9dcd998d22a3476fb97fe1c446e83cc7f060a3a36cdb6757b828d0facc42347"
},
"win-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/1.0.026792/windows/StaticSitesClient.exe",
"sha": "15f03e3f91208db2ea4015c4fce0623a692da1a289f23a782578ab7bc8a810e2"
},
"osx-x64": {
"url": "https://swalocaldeploy.azureedge.net/downloads/1.0.026792/macOS/StaticSitesClient",
"sha": "454b10f0351694ec3475a3d85b8746356932b2061a5be7e7fc093a6509cf000c"
}
}
}
]

6
pkgs/development/tools/build-managers/moon/default.nix
View file

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "moon";
version = "1.27.6";
version = "1.27.10";
src = fetchFromGitHub {
owner = "moonrepo";
repo = pname;
rev = "v${version}";
hash = "sha256-oadbF1bXDaJPp6R7C6Ozm5NgFPmvPwgiPIDuRiNrWg8=";
hash = "sha256-RAOPF47uUgF8ORECr04YcngWacaKQrMlQaG9YnECVdc=";
};
cargoHash = "sha256-p3CBjdWOutEWIQMWS5nAYAsE9BQf2MViyoLIOD1OE/s=";
cargoHash = "sha256-pQvto1G0XptEaAStbOKd2q4nlt4sKpIYu7K9lqakkTk=";
env = {
RUSTFLAGS = "-C strip=symbols";

39
pkgs/development/tools/circup/default.nix
View file

@ -1,56 +1,55 @@
{ lib
, fetchFromGitHub
, python3
{
lib,
fetchFromGitHub,
python3,
}:
python3.pkgs.buildPythonApplication rec {
pname = "circup";
version = "1.4.0";
format = "setuptools";
version = "2.0.4";
pyproject = true;
src = fetchFromGitHub {
owner = "adafruit";
repo = pname;
repo = "circup";
rev = "refs/tags/${version}";
hash = "sha256-kax4gnvRkHSqj0Y6Rk8eyPpT7Wia2QngCQtxpqWSl9s=";
hash = "sha256-Iid6IwPoj7F9X6Yb0ESsuvD9/tZdRQyCceGOVt2R1qw=";
};
pythonRelaxDeps = [
"semver"
];
pythonRelaxDeps = [ "semver" ];
nativeBuildInputs = with python3.pkgs; [
setuptools-scm
];
build-system = with python3.pkgs; [ setuptools-scm ];
propagatedBuildInputs = with python3.pkgs; [
dependencies = with python3.pkgs; [
appdirs
click
findimports
requests
semver
setuptools
toml
update-checker
];
nativeCheckInputs = with python3.pkgs; [
pytestCheckHook
];
nativeCheckInputs = with python3.pkgs; [ pytestCheckHook ];
postBuild = ''
export HOME=$(mktemp -d);
'';
pythonImportsCheck = [
"circup"
pythonImportsCheck = [ "circup" ];
disabledTests = [
# Test requires network access
"test_libraries_from_imports_bad"
];
meta = with lib; {
description = "CircuitPython library updater";
mainProgram = "circup";
homepage = "https://github.com/adafruit/circup";
changelog = "https://github.com/adafruit/circup/releases/tag/${version}";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
mainProgram = "circup";
};
}

4
pkgs/development/tools/json2hcl/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "json2hcl";
version = "0.1.1";
version = "0.2.0";
src = fetchFromGitHub {
owner = "kvz";
repo = pname;
rev = "v${version}";
sha256 = "sha256-0ku8sON4fzWAirqY+dhYAks2LSyC7OH/LKI0kb+QhpM=";
sha256 = "sha256-h7DudYVWvDRCbjoIgOoCIudf7ZfUfWXp5OJ4ni0nm6c=";
};
vendorHash = "sha256-GxYuFak+5CJyHgC1/RsS0ub84bgmgL+bI4YKFTb+vIY=";

6
pkgs/development/tools/misc/terraform-ls/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "terraform-ls";
version = "0.34.2";
version = "0.34.3";
src = fetchFromGitHub {
owner = "hashicorp";
repo = pname;
rev = "v${version}";
hash = "sha256-4k9ro5XfcZs68p4QmvO+SBxfgBFf2Z8yrXiWmkbOj1c=";
hash = "sha256-fN/C7H0s7ZhXSg8pLn9iex6WglMKsx6hA8OK/HYqbRU=";
};
vendorHash = "sha256-znBfzX6oS19auL1ptcVXM0l2Thpnb7DrciYs5Z2XVJY=";
vendorHash = "sha256-NL5pqcQTjauxLschhj3kCiZLBLagABSCU/zHLcG2anM=";
ldflags = [ "-s" "-w" ];

6
pkgs/development/tools/rust/rust-analyzer/default.nix
View file

@ -13,14 +13,14 @@
rustPlatform.buildRustPackage rec {
pname = "rust-analyzer-unwrapped";
version = "2024-08-27";
cargoHash = "sha256-zYKBNByyHjLbShhmoVTvqWe30EKVf3XBKzktZzGjifo=";
version = "2024-09-02";
cargoHash = "sha256-t45RzYkuywGByGWwUON3dW0aKjLYcFXB8uy4CybPuf4=";
src = fetchFromGitHub {
owner = "rust-lang";
repo = "rust-analyzer";
rev = version;
hash = "sha256-tRaJTAfFpV2y+kqf8ZzX74waPpkZ0r2EB4WIKLQAsrw=";
hash = "sha256-YH0kH5CSOnAuPUB1BUzUqvnKiv5SgDhfMNjrkki9Ahk=";
};
cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];

6
pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
View file

@ -13,19 +13,19 @@
let
pname = "matrix-appservice-irc";
version = "2.0.1";
version = "3.0.0";
src = fetchFromGitHub {
owner = "matrix-org";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-ue3fOkrEBRI/NRE+uKFR+NaqP8QvzVVeX3LUh4aZYJA=";
hash = "sha256-ZT8ugev+Tgu47KLuVVo5sFfiGtWLDc6JW5NZvsQ1mA8=";
};
yarnOfflineCache = fetchYarnDeps {
name = "${pname}-${version}-offline-cache";
yarnLock = "${src}/yarn.lock";
hash = "sha256-hapEbdjvvzeZHfrpYRW9W3vXkQVNyGZ0qydO34+mQqQ=";
hash = "sha256-13OUcxZOlW1pp4uB1aRmqlzKf6rTgyP/nMnLmksXV3w=";
};
in

6
pkgs/servers/spicedb/zed.nix
View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "zed";
version = "0.21.0";
version = "0.21.1";
src = fetchFromGitHub {
owner = "authzed";
repo = "zed";
rev = "v${version}";
hash = "sha256-jHKugGQ3tta9vGjMtVEyTrLrmivLc41VFYVqAjH/IGQ=";
hash = "sha256-X8kZjPjFGMUfSQLdS6/XA1eNRQH6n/FffgbC19r1WRU=";
};
vendorHash = "sha256-nYf/ruU1IPDOcumhQz6LGEpKLyAxgASgxjPT7qz0N8c=";
vendorHash = "sha256-Q8OW9aBs1fcUdKin6uX1s6oD289eCUffmAK5nr3xn0s=";
ldflags = [
"-X 'github.com/jzelinskie/cobrautil/v2.Version=${src.rev}'"

Some files were not shown because too many files have changed in this diff Show more