diff --git a/lib/filesystem.nix b/lib/filesystem.nix index 1014c274041f..a950720602a7 100644 --- a/lib/filesystem.nix +++ b/lib/filesystem.nix @@ -385,7 +385,6 @@ in recurseIntoAttrs removeSuffix ; - inherit (lib.path) append; # Generate an attrset corresponding to a given directory. # This function is outside `packagesFromDirectoryRecursive`'s lambda expression, @@ -396,7 +395,7 @@ in name: type: # for each directory entry let - path = append directory name; + path = directory + "/${name}"; in if type == "directory" then { @@ -429,7 +428,7 @@ in directory, }@args: let - defaultPath = append directory "package.nix"; + defaultPath = directory + "/package.nix"; in if pathExists defaultPath then # if `${directory}/package.nix` exists, call it directly diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix index a723d198cb88..d9a72b29f2f4 100644 --- a/lib/tests/misc.nix +++ b/lib/tests/misc.nix @@ -4158,6 +4158,34 @@ runTests { }; }; + # Make sure that passing a string for the `directory` works. + # + # See: https://github.com/NixOS/nixpkgs/pull/361424#discussion_r1934813568 + # See: https://github.com/NixOS/nix/issues/9428 + testPackagesFromDirectoryRecursiveStringDirectory = { + expr = packagesFromDirectoryRecursive { + callPackage = path: overrides: import path overrides; + # Do NOT remove the `builtins.toString` call here!!! + directory = builtins.toString ./packages-from-directory/plain; + }; + expected = { + a = "a"; + b = "b"; + # Note: Other files/directories in `./test-data/c/` are ignored and can be + # used by `package.nix`. + c = "c"; + my-namespace = { + d = "d"; + e = "e"; + f = "f"; + my-sub-namespace = { + g = "g"; + h = "h"; + }; + }; + }; + }; + # Check that `packagesFromDirectoryRecursive` can process a directory with a # top-level `package.nix` file into a single package. testPackagesFromDirectoryRecursiveTopLevelPackageNix = { diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 44e8e6b84364..694c8caadb2c 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -222,6 +222,8 @@ Alongside many enhancements to NixOS modules and general system improvements, th - [Limine](https://github.com/limine-bootloader/limine) a modern, advanced, portable, multiprotocol bootloader and boot manager. Available as [boot.loader.limine](#opt-boot.loader.limine.enable). +- [tee-supplicant](https://github.com/OP-TEE/optee_client), a userspace supplicant for OP-TEE OS. Available as [services.tee-supplicant](#opt-services.tee-supplicant.enable). + - [Orthanc](https://orthanc.uclouvain.be/) a lightweight, RESTful DICOM server for healthcare and medical research. Available as [services.orthanc](#opt-services.orthanc.enable). - [Docling Serve](https://github.com/docling-project/docling-serve) running [Docling](https://github.com/docling-project/docling) as an API service. Available as [services.docling-serve](#opt-services.docling-serve.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d0831c02e6d7..e17e301b5c17 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -930,6 +930,7 @@ ./services/misc/taskchampion-sync-server.nix ./services/misc/taskserver ./services/misc/tautulli.nix + ./services/misc/tee-supplicant ./services/misc/tiddlywiki.nix ./services/misc/tp-auto-kbbl.nix ./services/misc/transfer-sh.nix @@ -1413,6 +1414,7 @@ ./services/search/hound.nix ./services/search/manticore.nix ./services/search/meilisearch.nix + ./services/search/nominatim.nix ./services/search/opensearch.nix ./services/search/qdrant.nix ./services/search/quickwit.nix diff --git a/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix b/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix index 13595c320833..69b1c52a533e 100644 --- a/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix +++ b/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix @@ -10,18 +10,9 @@ nvidia-driver, runtimeShell, writeScriptBin, + extraArgs, }: let - mkMount = - { - hostPath, - containerPath, - mountOptions, - }: - { - inherit hostPath containerPath; - options = mountOptions; - }; mountToCommand = mount: "additionalMount \"${mount.hostPath}\" \"${mount.containerPath}\" '${builtins.toJSON mount.mountOptions}'"; @@ -48,7 +39,8 @@ writeScriptBin "nvidia-cdi-generator" '' --device-name-strategy ${device-name-strategy} \ --ldconfig-path ${lib.getExe' glibc "ldconfig"} \ --library-search-path ${lib.getLib nvidia-driver}/lib \ - --nvidia-cdi-hook-path ${lib.getExe' nvidia-container-toolkit.tools "nvidia-cdi-hook"} + --nvidia-cdi-hook-path ${lib.getExe' nvidia-container-toolkit.tools "nvidia-cdi-hook"} \ + ${lib.escapeShellArgs extraArgs} } function additionalMount { diff --git a/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix b/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix index d9596f754c6b..3e1648017a7c 100644 --- a/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix +++ b/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix @@ -120,6 +120,14 @@ }; package = lib.mkPackageOption pkgs "nvidia-container-toolkit" { }; + + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Extra arguments to be passed to nvidia-ctk. + ''; + }; }; }; @@ -241,6 +249,7 @@ device-name-strategy discovery-mode mounts + extraArgs ; nvidia-container-toolkit = config.hardware.nvidia-container-toolkit.package; nvidia-driver = config.hardware.nvidia.package; diff --git a/nixos/modules/services/misc/tee-supplicant/default.nix b/nixos/modules/services/misc/tee-supplicant/default.nix new file mode 100644 index 000000000000..185253e2c44d --- /dev/null +++ b/nixos/modules/services/misc/tee-supplicant/default.nix @@ -0,0 +1,95 @@ +{ + config, + pkgs, + lib, + ... +}: +let + inherit (lib) + getExe' + mkEnableOption + mkIf + mkOption + mkPackageOption + types + ; + + cfg = config.services.tee-supplicant; + + taDir = "optee_armtz"; + + trustedApplications = pkgs.linkFarm "runtime-trusted-applications" ( + map ( + ta: + let + # This is safe since we are using it as the path value, so the context + # will still ensure that this nix store path exists on the running + # system. + taFile = builtins.baseNameOf (builtins.unsafeDiscardStringContext ta); + in + { + name = "lib/${taDir}/${taFile}"; + path = ta; + } + ) cfg.trustedApplications + ); +in +{ + options.services.tee-supplicant = { + enable = mkEnableOption "OP-TEE userspace supplicant"; + + package = mkPackageOption pkgs "optee-client" { }; + + trustedApplications = mkOption { + type = types.listOf types.path; + default = [ ]; + description = '' + A list of full paths to trusted applications that will be loaded at + runtime by tee-supplicant. + ''; + }; + + pluginPath = mkOption { + type = types.path; + default = "/run/current-system/sw/lib/tee-supplicant/plugins"; + description = '' + The directory where plugins will be loaded from on startup. + ''; + }; + + reeFsParentPath = mkOption { + type = types.path; + default = "/var/lib/tee"; + description = '' + The directory where the secure filesystem will be stored in the rich + execution environment (REE FS). + ''; + }; + }; + + config = mkIf cfg.enable { + environment = mkIf (cfg.trustedApplications != [ ]) { + systemPackages = [ trustedApplications ]; + pathsToLink = [ "/lib/${taDir}" ]; + }; + + systemd.services.tee-supplicant = { + description = "Userspace supplicant for OPTEE-OS"; + + serviceConfig = { + ExecStart = toString [ + (getExe' cfg.package "tee-supplicant") + "--ta-dir ${taDir}" + "--fs-parent-path ${cfg.reeFsParentPath}" + "--plugin-path ${cfg.pluginPath}" + ]; + Restart = "always"; + }; + + after = [ "modprobe@optee.service" ]; + wants = [ "modprobe@optee.service" ]; + + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 70a96e4740d6..81c415da6bfa 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -847,7 +847,8 @@ in ]; }; - systemd.packages = [ pkgs.syncthing ]; + environment.systemPackages = [ cfg.package ]; + systemd.packages = [ cfg.package ]; users.users = mkIf (cfg.systemService && cfg.user == defaultUser) { ${defaultUser} = { diff --git a/nixos/modules/services/search/nominatim.nix b/nixos/modules/services/search/nominatim.nix new file mode 100644 index 000000000000..5701fcc18650 --- /dev/null +++ b/nixos/modules/services/search/nominatim.nix @@ -0,0 +1,324 @@ +{ + lib, + config, + pkgs, + ... +}: + +let + cfg = config.services.nominatim; + + localDb = cfg.database.host == "localhost"; + uiPackage = cfg.ui.package.override { customConfig = cfg.ui.config; }; +in +{ + options.services.nominatim = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable nominatim. + + Also enables nginx virtual host management. Further nginx configuration + can be done by adapting `services.nginx.virtualHosts.`. + See [](#opt-services.nginx.virtualHosts). + ''; + }; + + package = lib.mkPackageOption pkgs.python3Packages "nominatim-api" { }; + + hostName = lib.mkOption { + type = lib.types.str; + description = "Hostname to use for the nginx vhost."; + example = "nominatim.example.com"; + }; + + settings = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression '' + { + NOMINATIM_REPLICATION_URL = "https://planet.openstreetmap.org/replication/minute"; + NOMINATIM_REPLICATION_MAX_DIFF = "100"; + } + ''; + description = '' + Nominatim configuration settings. + For the list of available configuration options see + . + ''; + }; + + ui = { + package = lib.mkPackageOption pkgs "nominatim-ui" { }; + + config = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + Nominatim UI configuration placed to theme/config.theme.js file. + + For the list of available configuration options see + . + ''; + example = '' + Nominatim_Config.Page_Title='My Nominatim instance'; + Nominatim_Config.Nominatim_API_Endpoint='https://localhost/'; + ''; + }; + }; + + database = { + host = lib.mkOption { + type = lib.types.str; + default = "localhost"; + description = '' + Host of the postgresql server. If not set to `localhost`, Nominatim + database and postgresql superuser with appropriate permissions must + exist on target host. + ''; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 5432; + description = "Port of the postgresql database."; + }; + + dbname = lib.mkOption { + type = lib.types.str; + default = "nominatim"; + description = "Name of the postgresql database."; + }; + + superUser = lib.mkOption { + type = lib.types.str; + default = "nominatim"; + description = '' + Postgresql database superuser used to create Nominatim database and + import data. If `database.host` is set to `localhost`, a unix user and + group of the same name will be automatically created. + ''; + }; + + apiUser = lib.mkOption { + type = lib.types.str; + default = "nominatim-api"; + description = '' + Postgresql database user with read-only permissions used for Nominatim + web API service. + ''; + }; + + passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Password file used for Nominatim database connection. + Must be readable only for the Nominatim web API user. + + The file must be a valid `.pgpass` file as described in: + + + In most cases, the following will be enough: + ``` + *:*:*:*: + ``` + ''; + }; + + extraConnectionParams = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + Extra Nominatim database connection parameters. + + Format: + =;= + + See . + ''; + }; + }; + }; + + config = + let + nominatimSuperUserDsn = + "pgsql:dbname=${cfg.database.dbname};" + + "user=${cfg.database.superUser}" + + lib.optionalString (cfg.database.extraConnectionParams != null) ( + ";" + cfg.database.extraConnectionParams + ); + + nominatimApiDsn = + "pgsql:dbname=${cfg.database.dbname}" + + lib.optionalString (!localDb) ( + ";host=${cfg.database.host};" + + "port=${toString cfg.database.port};" + + "user=${cfg.database.apiUser}" + ) + + lib.optionalString (cfg.database.extraConnectionParams != null) ( + ";" + cfg.database.extraConnectionParams + ); + in + lib.mkIf cfg.enable { + # CLI package + environment.systemPackages = [ pkgs.nominatim ]; + + # Database + users.users.${cfg.database.superUser} = lib.mkIf localDb { + group = cfg.database.superUser; + isSystemUser = true; + createHome = false; + }; + users.groups.${cfg.database.superUser} = lib.mkIf localDb { }; + + services.postgresql = lib.mkIf localDb { + enable = true; + extensions = ps: with ps; [ postgis ]; + ensureUsers = [ + { + name = cfg.database.superUser; + ensureClauses.superuser = true; + } + { + name = cfg.database.apiUser; + } + ]; + }; + + # TODO: add nominatim-update service + + systemd.services.nominatim-init = lib.mkIf localDb { + after = [ "postgresql-setup.service" ]; + requires = [ "postgresql-setup.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + User = cfg.database.superUser; + RemainAfterExit = true; + PrivateTmp = true; + }; + script = '' + sql="SELECT COUNT(*) FROM pg_database WHERE datname='${cfg.database.dbname}'" + db_exists=$(${pkgs.postgresql}/bin/psql --dbname postgres -tAc "$sql") + + if [ "$db_exists" == "0" ]; then + ${lib.getExe pkgs.nominatim} import --prepare-database + else + echo "Database ${cfg.database.dbname} already exists. Skipping ..." + fi + ''; + path = [ + pkgs.postgresql + ]; + environment = { + NOMINATIM_DATABASE_DSN = nominatimSuperUserDsn; + NOMINATIM_DATABASE_WEBUSER = cfg.database.apiUser; + } // cfg.settings; + }; + + # Web API service + users.users.${cfg.database.apiUser} = { + group = cfg.database.apiUser; + isSystemUser = true; + createHome = false; + }; + users.groups.${cfg.database.apiUser} = { }; + + systemd.services.nominatim = { + after = [ "network.target" ] ++ lib.optionals localDb [ "nominatim-init.service" ]; + requires = lib.optionals localDb [ "nominatim-init.service" ]; + bindsTo = lib.optionals localDb [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + serviceConfig = { + Type = "simple"; + User = cfg.database.apiUser; + ExecStart = '' + ${pkgs.python3Packages.gunicorn}/bin/gunicorn \ + --bind unix:/run/nominatim.sock \ + --workers 4 \ + --worker-class uvicorn.workers.UvicornWorker "nominatim_api.server.falcon.server:run_wsgi()" + ''; + Environment = lib.optional ( + cfg.database.passwordFile != null + ) "PGPASSFILE=${cfg.database.passwordFile}"; + ExecReload = "${pkgs.procps}/bin/kill -s HUP $MAINPID"; + KillMode = "mixed"; + TimeoutStopSec = 5; + }; + environment = { + PYTHONPATH = + with pkgs.python3Packages; + pkgs.python3Packages.makePythonPath [ + cfg.package + falcon + uvicorn + ]; + NOMINATIM_DATABASE_DSN = nominatimApiDsn; + NOMINATIM_DATABASE_WEBUSER = cfg.database.apiUser; + } // cfg.settings; + }; + + systemd.sockets.nominatim = { + before = [ "nominatim.service" ]; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = "/run/nominatim.sock"; + SocketUser = cfg.database.apiUser; + SocketGroup = config.services.nginx.group; + }; + }; + + services.nginx = { + enable = true; + appendHttpConfig = '' + map $args $format { + default default; + ~(^|&)format=html(&|$) html; + } + + map $uri/$format $forward_to_ui { + default 0; # No forwarding by default. + + # Redirect to HTML UI if explicitly requested. + ~/reverse.*/html 1; + ~/search.*/html 1; + ~/lookup.*/html 1; + ~/details.*/html 1; + } + ''; + upstreams.nominatim = { + servers = { + "unix:/run/nominatim.sock" = { }; + }; + }; + virtualHosts = { + ${cfg.hostName} = { + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; + locations = { + "= /" = { + extraConfig = '' + return 301 $scheme://$http_host/ui/search.html; + ''; + }; + "/" = { + proxyPass = "http://nominatim"; + extraConfig = '' + if ($forward_to_ui) { + rewrite ^(/[^/.]*) /ui$1.html redirect; + } + ''; + }; + "/ui/" = { + alias = "${uiPackage}/"; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5beb6b265e4d..4664120c75db 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -605,7 +605,7 @@ in gns3-server = runTest ./gns3-server.nix; gnupg = runTest ./gnupg.nix; goatcounter = runTest ./goatcounter.nix; - go-camo = handleTest ./go-camo.nix { }; + go-camo = runTest ./go-camo.nix; go-neb = runTest ./go-neb.nix; gobgpd = runTest ./gobgpd.nix; gocd-agent = runTest ./gocd-agent.nix; @@ -649,10 +649,22 @@ in harmonia = runTest ./harmonia.nix; headscale = runTest ./headscale.nix; healthchecks = runTest ./web-apps/healthchecks.nix; - hbase2 = handleTest ./hbase.nix { package = pkgs.hbase2; }; - hbase_2_5 = handleTest ./hbase.nix { package = pkgs.hbase_2_5; }; - hbase_2_4 = handleTest ./hbase.nix { package = pkgs.hbase_2_4; }; - hbase3 = handleTest ./hbase.nix { package = pkgs.hbase3; }; + hbase2 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase2; + }; + hbase_2_5 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase_2_5; + }; + hbase_2_4 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase_2_4; + }; + hbase3 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase3; + }; hedgedoc = runTest ./hedgedoc.nix; herbstluftwm = runTest ./herbstluftwm.nix; homebox = runTest ./homebox.nix; @@ -1014,6 +1026,7 @@ in nixseparatedebuginfod = runTest ./nixseparatedebuginfod.nix; node-red = runTest ./node-red.nix; nomad = runTest ./nomad.nix; + nominatim = runTest ./nominatim.nix; non-default-filesystems = handleTest ./non-default-filesystems.nix { }; non-switchable-system = runTest ./non-switchable-system.nix; noto-fonts = runTest ./noto-fonts.nix; @@ -1067,6 +1080,7 @@ in openvscode-server = runTest ./openvscode-server.nix; open-webui = runTest ./open-webui.nix; openvswitch = runTest ./openvswitch.nix; + optee = handleTestOn [ "aarch64-linux" ] ./optee.nix { }; orangefs = runTest ./orangefs.nix; os-prober = handleTestOn [ "x86_64-linux" ] ./os-prober.nix { }; osquery = handleTestOn [ "x86_64-linux" ] ./osquery.nix { }; @@ -1319,7 +1333,7 @@ in stratis = handleTest ./stratis { }; strongswan-swanctl = runTest ./strongswan-swanctl.nix; stub-ld = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./stub-ld.nix { }; - stunnel = handleTest ./stunnel.nix { }; + stunnel = import ./stunnel.nix { inherit runTest; }; sudo = runTest ./sudo.nix; sudo-rs = runTest ./sudo-rs.nix; sunshine = runTest ./sunshine.nix; @@ -1364,7 +1378,7 @@ in systemd-initrd-luks-tpm2 = runTest ./systemd-initrd-luks-tpm2.nix; systemd-initrd-luks-unl0kr = runTest ./systemd-initrd-luks-unl0kr.nix; systemd-initrd-modprobe = runTest ./systemd-initrd-modprobe.nix; - systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix { }; + systemd-initrd-networkd = import ./systemd-initrd-networkd.nix { inherit runTest; }; systemd-initrd-networkd-ssh = runTest ./systemd-initrd-networkd-ssh.nix; systemd-initrd-networkd-openvpn = handleTestOn [ "x86_64-linux" @@ -1386,9 +1400,7 @@ in systemd-networkd = runTest ./systemd-networkd.nix; systemd-networkd-bridge = runTest ./systemd-networkd-bridge.nix; systemd-networkd-dhcpserver = runTest ./systemd-networkd-dhcpserver.nix; - systemd-networkd-dhcpserver-static-leases = - handleTest ./systemd-networkd-dhcpserver-static-leases.nix - { }; + systemd-networkd-dhcpserver-static-leases = runTest ./systemd-networkd-dhcpserver-static-leases.nix; systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix { }; @@ -1555,7 +1567,10 @@ in xterm = runTest ./xterm.nix; xxh = runTest ./xxh.nix; yarr = runTest ./yarr.nix; - ydotool = handleTest ./ydotool.nix { }; + ydotool = import ./ydotool.nix { + inherit (pkgs) lib; + inherit runTest; + }; yggdrasil = runTest ./yggdrasil.nix; your_spotify = runTest ./your_spotify.nix; zammad = runTest ./zammad.nix; diff --git a/nixos/tests/go-camo.nix b/nixos/tests/go-camo.nix index f53d5417ce74..d68bbde537b5 100644 --- a/nixos/tests/go-camo.nix +++ b/nixos/tests/go-camo.nix @@ -1,36 +1,26 @@ +{ lib, ... }: +let + key_val = "12345678"; +in { - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, -}: + name = "go-camo-file-key"; + meta = { + maintainers = [ lib.maintainers.viraptor ]; + }; -with import ../lib/testing-python.nix { inherit system pkgs; }; - -{ - gocamo_file_key = - let - key_val = "12345678"; - in - makeTest { - name = "go-camo-file-key"; - meta = { - maintainers = [ pkgs.lib.maintainers.viraptor ]; + nodes.machine = + { pkgs, ... }: + { + services.go-camo = { + enable = true; + keyFile = pkgs.writeText "foo" key_val; }; - - nodes.machine = - { config, pkgs, ... }: - { - services.go-camo = { - enable = true; - keyFile = pkgs.writeText "foo" key_val; - }; - }; - - # go-camo responds to http requests - testScript = '' - machine.wait_for_unit("go-camo.service") - machine.wait_for_open_port(8080) - machine.succeed("curl http://localhost:8080") - ''; }; + + # go-camo responds to http requests + testScript = '' + machine.wait_for_unit("go-camo.service") + machine.wait_for_open_port(8080) + machine.succeed("curl http://localhost:8080") + ''; } diff --git a/nixos/tests/hbase.nix b/nixos/tests/hbase.nix index 12afa3a2d221..25af5e495a4a 100644 --- a/nixos/tests/hbase.nix +++ b/nixos/tests/hbase.nix @@ -1,39 +1,33 @@ -import ./make-test-python.nix ( - { - pkgs, - lib, - package ? pkgs.hbase, - ... - }: - { - name = "hbase-standalone"; +{ getPackage, lib, ... }: +{ + name = "hbase-standalone"; - meta = with lib.maintainers; { - maintainers = [ illustris ]; + meta = with lib.maintainers; { + maintainers = [ illustris ]; + }; + + nodes.hbase = + { pkgs, ... }: + let + package = getPackage pkgs; + in + { + services.hbase-standalone = { + enable = true; + inherit package; + # Needed for standalone mode in hbase 2+ + # This setting and standalone mode are not suitable for production + settings."hbase.unsafe.stream.capability.enforce" = "false"; + }; + environment.systemPackages = [ + package + ]; }; - nodes = { - hbase = - { pkgs, ... }: - { - services.hbase-standalone = { - enable = true; - inherit package; - # Needed for standalone mode in hbase 2+ - # This setting and standalone mode are not suitable for production - settings."hbase.unsafe.stream.capability.enforce" = "false"; - }; - environment.systemPackages = with pkgs; [ - package - ]; - }; - }; - - testScript = '' - start_all() - hbase.wait_for_unit("hbase.service") - hbase.wait_until_succeeds("echo \"create 't1','f1'\" | sudo -u hbase hbase shell -n") - assert "NAME => 'f1'" in hbase.succeed("echo \"describe 't1'\" | sudo -u hbase hbase shell -n") - ''; - } -) + testScript = '' + start_all() + hbase.wait_for_unit("hbase.service") + hbase.wait_until_succeeds("echo \"create 't1','f1'\" | sudo -u hbase hbase shell -n") + assert "NAME => 'f1'" in hbase.succeed("echo \"describe 't1'\" | sudo -u hbase hbase shell -n") + ''; +} diff --git a/nixos/tests/nominatim.nix b/nixos/tests/nominatim.nix new file mode 100644 index 000000000000..3919f245abd1 --- /dev/null +++ b/nixos/tests/nominatim.nix @@ -0,0 +1,187 @@ +{ pkgs, lib, ... }: + +let + # Andorra - the smallest dataset in Europe (3.1 MB) + osmData = pkgs.fetchurl { + url = "https://web.archive.org/web/20250430211212/https://download.geofabrik.de/europe/andorra-latest.osm.pbf"; + hash = "sha256-Ey+ipTOFUm80rxBteirPW5N4KxmUsg/pCE58E/2rcyE="; + }; +in +{ + name = "nominatim"; + meta = { + maintainers = with lib.teams; [ + geospatial + ngi + ]; + }; + + nodes = { + # nominatim - self contained host + nominatim = + { config, pkgs, ... }: + { + # Nominatim + services.nominatim = { + enable = true; + hostName = "nominatim"; + settings = { + NOMINATIM_IMPORT_STYLE = "admin"; + }; + ui = { + config = '' + Nominatim_Config.Page_Title='Test Nominatim instance'; + Nominatim_Config.Nominatim_API_Endpoint='https://localhost/'; + ''; + }; + }; + + # Disable SSL + services.nginx.virtualHosts.nominatim = { + forceSSL = false; + enableACME = false; + }; + + # Database + services.postgresql = { + enableTCPIP = true; + authentication = lib.mkForce '' + local all all trust + host all all 0.0.0.0/0 md5 + host all all ::0/0 md5 + ''; + }; + systemd.services.postgresql-setup.postStart = '' + psql --command "ALTER ROLE \"nominatim-api\" WITH PASSWORD 'password';" + ''; + networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; + }; + + # api - web API only + api = + { config, pkgs, ... }: + { + # Database password + system.activationScripts = { + passwordFile.text = with config.services.nominatim.database; '' + mkdir -p /run/secrets + echo "${host}:${toString port}:${dbname}:${apiUser}:password" \ + > /run/secrets/pgpass + chown nominatim-api:nominatim-api /run/secrets/pgpass + chmod 0600 /run/secrets/pgpass + ''; + }; + + # Nominatim + services.nominatim = { + enable = true; + hostName = "nominatim"; + settings = { + NOMINATIM_LOG_DB = "yes"; + }; + database = { + host = "nominatim"; + passwordFile = "/run/secrets/pgpass"; + extraConnectionParams = "application_name=nominatim;connect_timeout=2"; + }; + }; + + # Disable SSL + services.nginx.virtualHosts.nominatim = { + forceSSL = false; + enableACME = false; + }; + }; + }; + + testScript = '' + # Test nominatim host + nominatim.start() + nominatim.wait_for_unit("nominatim.service") + + # Import OSM data + nominatim.succeed(""" + cd /tmp + sudo -u nominatim \ + NOMINATIM_DATABASE_WEBUSER=nominatim-api \ + NOMINATIM_IMPORT_STYLE=admin \ + nominatim import --continue import-from-file --osm-file ${osmData} + """) + nominatim.succeed("systemctl restart nominatim.service") + + # Test CLI + nominatim.succeed("sudo -u nominatim-api nominatim search --query Andorra") + + # Test web API + nominatim.succeed("curl 'http://localhost/status' | grep OK") + + nominatim.succeed(""" + curl "http://localhost/search?q=Andorra&format=geojson" | grep "Andorra" + curl "http://localhost/reverse?lat=42.5407167&lon=1.5732033&format=geojson" + """) + + # Test UI + nominatim.succeed(""" + curl "http://localhost/ui/search.html" \ + | grep "Nominatim Demo" + """) + + + # Test api host + api.start() + api.wait_for_unit("nominatim.service") + + # Test web API + api.succeed(""" + curl "http://localhost/search?q=Andorra&format=geojson" | grep "Andorra" + curl "http://localhost/reverse?lat=42.5407167&lon=1.5732033&format=geojson" + """) + + + # Test format rewrites + # Redirect / to search + nominatim.succeed(""" + curl --verbose "http://localhost" 2>&1 \ + | grep "Location: http://localhost/ui/search.html" + """) + + # Return text by default + nominatim.succeed(""" + curl --verbose "http://localhost/status" 2>&1 \ + | grep "Content-Type: text/plain" + """) + + # Return JSON by default + nominatim.succeed(""" + curl --verbose "http://localhost/search?q=Andorra" 2>&1 \ + | grep "Content-Type: application/json" + """) + + # Return XML by default + nominatim.succeed(""" + curl --verbose "http://localhost/lookup" 2>&1 \ + | grep "Content-Type: text/xml" + + curl --verbose "http://localhost/reverse?lat=0&lon=0" 2>&1 \ + | grep "Content-Type: text/xml" + """) + + # Redirect explicitly requested HTML format + nominatim.succeed(""" + curl --verbose "http://localhost/search?format=html" 2>&1 \ + | grep "Location: http://localhost/ui/search.html" + + curl --verbose "http://localhost/reverse?format=html" 2>&1 \ + | grep "Location: http://localhost/ui/reverse.html" + """) + + # Return explicitly requested JSON format + nominatim.succeed(""" + curl --verbose "http://localhost/search?format=json" 2>&1 \ + | grep "Content-Type: application/json" + + curl --verbose "http://localhost/reverse?format=json" 2>&1 \ + | grep "Content-Type: application/json" + """) + ''; +} diff --git a/nixos/tests/optee.nix b/nixos/tests/optee.nix new file mode 100644 index 000000000000..ac049b30378c --- /dev/null +++ b/nixos/tests/optee.nix @@ -0,0 +1,72 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "optee"; + + meta = with pkgs.lib.maintainers; { + maintainers = [ jmbaur ]; + }; + + nodes.machine = + { config, pkgs, ... }: + let + inherit (pkgs) armTrustedFirmwareQemu opteeQemuAarch64 ubootQemuAarch64; + + # Default environment for qemu-arm64 uboot does not work well with + # large nixos kernel/initrds. + uboot = ubootQemuAarch64.overrideAttrs (old: { + postPatch = + (old.postPatch or "") + + '' + substituteInPlace board/emulation/qemu-arm/qemu-arm.env \ + --replace-fail "ramdisk_addr_r=0x44000000" "ramdisk_addr_r=0x46000000" + ''; + }); + + bios = armTrustedFirmwareQemu.override { + extraMakeFlags = [ + "SPD=opteed" + "BL32=${opteeQemuAarch64}/tee-header_v2.bin" + "BL32_EXTRA1=${opteeQemuAarch64}/tee-pager_v2.bin" + "BL32_EXTRA2=${opteeQemuAarch64}/tee-pageable_v2.bin" + "BL33=${uboot}/u-boot.bin" + "all" + "fip" + ]; + filesToInstall = [ + "build/qemu/release/bl1.bin" + "build/qemu/release/fip.bin" + ]; + postInstall = '' + dd if=$out/bl1.bin of=$out/bios.bin bs=4096 conv=notrunc + dd if=$out/fip.bin of=$out/bios.bin seek=64 bs=4096 conv=notrunc + ''; + }; + in + { + virtualisation = { + inherit bios; + cores = 2; + qemu.options = [ + "-machine virt,secure=on,accel=tcg,gic-version=2" + "-cpu cortex-a57" + ]; + }; + + # VM boots up via qfw + boot.loader.grub.enable = false; + + services.tee-supplicant = { + enable = true; + # pkcs11 trusted application + trustedApplications = [ "${opteeQemuAarch64.devkit}/ta/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta" ]; + }; + }; + testScript = '' + machine.wait_for_unit("tee-supplicant.service") + out = machine.succeed("${pkgs.opensc}/bin/pkcs11-tool --module ${lib.getLib pkgs.optee-client}/lib/libckteec.so --list-token-slots") + if out.find("OP-TEE PKCS11 TA") < 0: + raise Exception("optee pkcs11 token not found") + ''; + } +) diff --git a/nixos/tests/stunnel.nix b/nixos/tests/stunnel.nix index 0d817ccf7fb5..4bc3c7aff908 100644 --- a/nixos/tests/stunnel.nix +++ b/nixos/tests/stunnel.nix @@ -1,11 +1,4 @@ -{ - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, -}: - -with import ../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; +{ runTest }: let stunnelCommon = { @@ -20,7 +13,12 @@ let }; }; makeCert = - { config, pkgs, ... }: + { + config, + lib, + pkgs, + ... + }: { systemd.services.create-test-cert = { wantedBy = [ "sysinit.target" ]; @@ -32,14 +30,14 @@ let unitConfig.DefaultDependencies = false; serviceConfig.Type = "oneshot"; script = '' - ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName} + ${lib.getExe pkgs.openssl} req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName} ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem ) chown stunnel /test-key.pem /test-key-and-cert.pem ''; }; }; serverCommon = - { pkgs, ... }: + { lib, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 443 ]; services.stunnel.servers.https = { @@ -51,7 +49,7 @@ let wantedBy = [ "multi-user.target" ]; script = '' cd /etc/webroot - ${pkgs.python3}/bin/python -m http.server 80 + ${lib.getExe' pkgs.python3 "python"} -m http.server 80 ''; }; }; @@ -61,10 +59,9 @@ let server_cert = ${src}.succeed("cat /test-cert.pem") ${dest}.succeed("echo %s > ${filename}" % quote(server_cert)) ''; - in { - basicServer = makeTest { + basicServer = runTest { name = "basicServer"; nodes = { @@ -92,7 +89,7 @@ in ''; }; - serverAndClient = makeTest { + serverAndClient = runTest { name = "serverAndClient"; nodes = { @@ -150,7 +147,7 @@ in ''; }; - mutualAuth = makeTest { + mutualAuth = runTest { name = "mutualAuth"; nodes = rec { diff --git a/nixos/tests/systemd-initrd-networkd.nix b/nixos/tests/systemd-initrd-networkd.nix index 86accd21d935..ddc5966725db 100644 --- a/nixos/tests/systemd-initrd-networkd.nix +++ b/nixos/tests/systemd-initrd-networkd.nix @@ -1,61 +1,80 @@ -{ - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, - lib ? pkgs.lib, -}: - -with import ../lib/testing-python.nix { inherit system pkgs; }; +{ runTest }: let - inherit (lib.maintainers) elvishjerricco; - - common = { - boot.initrd.systemd = { - enable = true; - network.wait-online.timeout = 10; - network.wait-online.anyInterface = true; - targets.network-online.requiredBy = [ "initrd.target" ]; - services.systemd-networkd-wait-online.requiredBy = [ "network-online.target" ]; - initrdBin = [ - pkgs.iproute2 - pkgs.iputils - pkgs.gnugrep - ]; + common = + { pkgs, ... }: + { + boot.initrd.systemd = { + enable = true; + network.wait-online.timeout = 10; + network.wait-online.anyInterface = true; + targets.network-online.requiredBy = [ "initrd.target" ]; + services.systemd-networkd-wait-online.requiredBy = [ "network-online.target" ]; + initrdBin = [ + pkgs.iproute2 + pkgs.iputils + pkgs.gnugrep + ]; + }; + testing.initrdBackdoor = true; + boot.initrd.network.enable = true; }; - testing.initrdBackdoor = true; - boot.initrd.network.enable = true; - }; mkFlushTest = flush: script: - makeTest { - name = "systemd-initrd-network-${lib.optionalString (!flush) "no-"}flush"; - meta.maintainers = [ elvishjerricco ]; + runTest ( + { lib, ... }: + { + name = "systemd-initrd-network-${lib.optionalString (!flush) "no-"}flush"; + meta.maintainers = with lib.maintainers; [ elvishjerricco ]; - nodes.machine = { - imports = [ common ]; + nodes.machine = + { pkgs, ... }: + { + imports = [ common ]; - boot.initrd.network.flushBeforeStage2 = flush; - systemd.services.check-flush = { - requiredBy = [ "multi-user.target" ]; - before = [ - "network-pre.target" - "multi-user.target" - "shutdown.target" - ]; - conflicts = [ "shutdown.target" ]; - wants = [ "network-pre.target" ]; - unitConfig.DefaultDependencies = false; - serviceConfig.Type = "oneshot"; - path = [ - pkgs.iproute2 - pkgs.iputils - pkgs.gnugrep - ]; - inherit script; - }; - }; + boot.initrd.network.flushBeforeStage2 = flush; + systemd.services.check-flush = { + requiredBy = [ "multi-user.target" ]; + before = [ + "network-pre.target" + "multi-user.target" + "shutdown.target" + ]; + conflicts = [ "shutdown.target" ]; + wants = [ "network-pre.target" ]; + unitConfig.DefaultDependencies = false; + serviceConfig.Type = "oneshot"; + path = [ + pkgs.iproute2 + pkgs.iputils + pkgs.gnugrep + ]; + inherit script; + }; + }; + + testScript = '' + machine.wait_for_unit("network-online.target") + machine.succeed( + "ip addr | grep 10.0.2.15", + "ping -c1 10.0.2.2", + ) + machine.switch_root() + + machine.wait_for_unit("multi-user.target") + ''; + } + ); +in +{ + basic = runTest ( + { lib, ... }: + { + name = "systemd-initrd-network"; + meta.maintainers = with lib.maintainers; [ elvishjerricco ]; + + nodes.machine = common; testScript = '' machine.wait_for_unit("network-online.target") @@ -65,33 +84,14 @@ let ) machine.switch_root() + # Make sure the systemd-network user was set correctly in initrd machine.wait_for_unit("multi-user.target") + machine.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]") + machine.succeed("ip addr show >&2") + machine.succeed("ip route show >&2") ''; - }; - -in -{ - basic = makeTest { - name = "systemd-initrd-network"; - meta.maintainers = [ elvishjerricco ]; - - nodes.machine = common; - - testScript = '' - machine.wait_for_unit("network-online.target") - machine.succeed( - "ip addr | grep 10.0.2.15", - "ping -c1 10.0.2.2", - ) - machine.switch_root() - - # Make sure the systemd-network user was set correctly in initrd - machine.wait_for_unit("multi-user.target") - machine.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]") - machine.succeed("ip addr show >&2") - machine.succeed("ip route show >&2") - ''; - }; + } + ); doFlush = mkFlushTest true '' if ip addr | grep 10.0.2.15; then diff --git a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix index 512925eb9f5b..81c2e35d334d 100644 --- a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix +++ b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix @@ -1,96 +1,94 @@ # In contrast to systemd-networkd-dhcpserver, this test configures # the router with a static DHCP lease for the client's MAC address. -import ./make-test-python.nix ( - { lib, ... }: - { - name = "systemd-networkd-dhcpserver-static-leases"; - meta = with lib.maintainers; { - maintainers = [ veehaitch ]; - }; - nodes = { - router = { - virtualisation.vlans = [ 1 ]; - systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; - networking = { - useNetworkd = true; - useDHCP = false; - firewall.enable = false; - }; - systemd.network = { - networks = { - # systemd-networkd will load the first network unit file - # that matches, ordered lexiographically by filename. - # /etc/systemd/network/{40-eth1,99-main}.network already - # exists. This network unit must be loaded for the test, - # however, hence why this network is named such. - "01-eth1" = { - name = "eth1"; - networkConfig = { - DHCPServer = true; - Address = "10.0.0.1/24"; - }; - dhcpServerStaticLeases = [ - { - MACAddress = "02:de:ad:be:ef:01"; - Address = "10.0.0.10"; - } - ]; - }; - }; - }; +{ lib, ... }: +{ + name = "systemd-networkd-dhcpserver-static-leases"; + meta = with lib.maintainers; { + maintainers = [ veehaitch ]; + }; + nodes = { + router = { + virtualisation.vlans = [ 1 ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; }; - - client = { - virtualisation.vlans = [ 1 ]; - systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; - systemd.network = { - enable = true; - links."10-eth1" = { - matchConfig.OriginalName = "eth1"; - linkConfig.MACAddress = "02:de:ad:be:ef:01"; - }; - networks."40-eth1" = { - matchConfig.Name = "eth1"; + systemd.network = { + networks = { + # systemd-networkd will load the first network unit file + # that matches, ordered lexiographically by filename. + # /etc/systemd/network/{40-eth1,99-main}.network already + # exists. This network unit must be loaded for the test, + # however, hence why this network is named such. + "01-eth1" = { + name = "eth1"; networkConfig = { - DHCP = "ipv4"; - IPv6AcceptRA = false; + DHCPServer = true; + Address = "10.0.0.1/24"; }; - # This setting is important to have the router assign the - # configured lease based on the client's MAC address. Also see: - # https://github.com/systemd/systemd/issues/21368#issuecomment-982193546 - dhcpV4Config.ClientIdentifier = "mac"; - linkConfig.RequiredForOnline = "routable"; + dhcpServerStaticLeases = [ + { + MACAddress = "02:de:ad:be:ef:01"; + Address = "10.0.0.10"; + } + ]; }; }; - networking = { - useDHCP = false; - firewall.enable = false; - interfaces.eth1 = lib.mkForce { }; - }; }; }; - testScript = '' - start_all() - with subtest("check router network configuration"): - router.systemctl("start systemd-networkd-wait-online.service") - router.wait_for_unit("systemd-networkd-wait-online.service") - eth1_status = router.succeed("networkctl status eth1") - assert "Network File: /etc/systemd/network/01-eth1.network" in eth1_status, \ - "The router interface eth1 is not using the expected network file" - assert "10.0.0.1" in eth1_status, "Did not find expected router IPv4" + client = { + virtualisation.vlans = [ 1 ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + systemd.network = { + enable = true; + links."10-eth1" = { + matchConfig.OriginalName = "eth1"; + linkConfig.MACAddress = "02:de:ad:be:ef:01"; + }; + networks."40-eth1" = { + matchConfig.Name = "eth1"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = false; + }; + # This setting is important to have the router assign the + # configured lease based on the client's MAC address. Also see: + # https://github.com/systemd/systemd/issues/21368#issuecomment-982193546 + dhcpV4Config.ClientIdentifier = "mac"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + networking = { + useDHCP = false; + firewall.enable = false; + interfaces.eth1 = lib.mkForce { }; + }; + }; + }; + testScript = '' + start_all() - with subtest("check client network configuration"): - client.systemctl("start systemd-networkd-wait-online.service") - client.wait_for_unit("systemd-networkd-wait-online.service") - eth1_status = client.succeed("networkctl status eth1") - assert "Network File: /etc/systemd/network/40-eth1.network" in eth1_status, \ - "The client interface eth1 is not using the expected network file" - assert "10.0.0.10" in eth1_status, "Did not find expected client IPv4" + with subtest("check router network configuration"): + router.systemctl("start systemd-networkd-wait-online.service") + router.wait_for_unit("systemd-networkd-wait-online.service") + eth1_status = router.succeed("networkctl status eth1") + assert "Network File: /etc/systemd/network/01-eth1.network" in eth1_status, \ + "The router interface eth1 is not using the expected network file" + assert "10.0.0.1" in eth1_status, "Did not find expected router IPv4" - with subtest("router and client can reach each other"): - client.wait_until_succeeds("ping -c 5 10.0.0.1") - router.wait_until_succeeds("ping -c 5 10.0.0.10") - ''; - } -) + with subtest("check client network configuration"): + client.systemctl("start systemd-networkd-wait-online.service") + client.wait_for_unit("systemd-networkd-wait-online.service") + eth1_status = client.succeed("networkctl status eth1") + assert "Network File: /etc/systemd/network/40-eth1.network" in eth1_status, \ + "The client interface eth1 is not using the expected network file" + assert "10.0.0.10" in eth1_status, "Did not find expected client IPv4" + + with subtest("router and client can reach each other"): + client.wait_until_succeeds("ping -c 5 10.0.0.1") + router.wait_until_succeeds("ping -c 5 10.0.0.10") + ''; +} diff --git a/nixos/tests/ydotool.nix b/nixos/tests/ydotool.nix index 7a739392aa56..72d3ffb1f536 100644 --- a/nixos/tests/ydotool.nix +++ b/nixos/tests/ydotool.nix @@ -1,16 +1,12 @@ -{ - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, - lib ? pkgs.lib, -}: +{ runTest, lib }: let - makeTest = import ./make-test-python.nix; textInput = "This works."; inputBoxText = "Enter input"; - inputBox = pkgs.writeShellScript "zenity-input" '' - ${lib.getExe pkgs.zenity} --entry --text '${inputBoxText}:' > /tmp/output & - ''; + inputBox = + pkgs: + pkgs.writeShellScript "zenity-input" '' + ${lib.getExe pkgs.zenity} --entry --text '${inputBoxText}:' > /tmp/output & + ''; asUser = '' def as_user(cmd: str): """ @@ -20,124 +16,137 @@ let ''; in { - headless = makeTest { - name = "headless"; + headless = runTest ( + { lib, ... }: + { + name = "headless"; - enableOCR = true; + enableOCR = true; - nodes.machine = { - imports = [ ./common/user-account.nix ]; + nodes.machine = { + imports = [ ./common/user-account.nix ]; - users.users.alice.extraGroups = [ "ydotool" ]; + users.users.alice.extraGroups = [ "ydotool" ]; - programs.ydotool.enable = true; + programs.ydotool.enable = true; - services.getty.autologinUser = "alice"; - }; + services.getty.autologinUser = "alice"; + }; - testScript = - asUser - + '' - start_all() + testScript = + asUser + + '' + start_all() - machine.wait_for_unit("multi-user.target") - machine.wait_for_text("alice") - machine.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input - machine.succeed(as_user("ydotool key 28:1 28:0")) # text input - machine.screenshot("headless_input") - machine.wait_for_file("/tmp/output") - machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input - ''; + machine.wait_for_unit("multi-user.target") + machine.wait_for_text("alice") + machine.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input + machine.succeed(as_user("ydotool key 28:1 28:0")) # text input + machine.screenshot("headless_input") + machine.wait_for_file("/tmp/output") + machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + ''; - meta.maintainers = with lib.maintainers; [ - OPNA2608 - quantenzitrone - ]; - }; - - x11 = makeTest { - name = "x11"; - - enableOCR = true; - - nodes.machine = { - imports = [ - ./common/user-account.nix - ./common/auto.nix - ./common/x11.nix + meta.maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone ]; + } + ); - users.users.alice.extraGroups = [ "ydotool" ]; + x11 = runTest ( + { config, lib, ... }: + { + name = "x11"; - programs.ydotool.enable = true; + enableOCR = true; - test-support.displayManager.auto = { - enable = true; - user = "alice"; - }; + nodes.machine = + { lib, ... }: + { + imports = [ + ./common/user-account.nix + ./common/auto.nix + ./common/x11.nix + ]; - services.xserver.windowManager.dwm.enable = true; - services.displayManager.defaultSession = lib.mkForce "none+dwm"; - }; + users.users.alice.extraGroups = [ "ydotool" ]; - testScript = - asUser - + '' + programs.ydotool.enable = true; + + test-support.displayManager.auto = { + enable = true; + user = "alice"; + }; + + services.xserver.windowManager.dwm.enable = true; + services.displayManager.defaultSession = lib.mkForce "none+dwm"; + }; + + testScript = + asUser + + '' + start_all() + + machine.wait_for_x() + machine.execute(as_user("${inputBox config.node.pkgs}")) + machine.wait_for_text("${inputBoxText}") + machine.succeed(as_user("ydotool type '${textInput}'")) # text input + machine.screenshot("x11_input") + machine.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input + machine.succeed(as_user("ydotool click 0xC0")) # mouse input + machine.wait_for_file("/tmp/output") + machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + ''; + + meta.maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone + ]; + } + ); + + wayland = runTest ( + { lib, ... }: + { + name = "wayland"; + + enableOCR = true; + + nodes.machine = + { pkgs, ... }: + { + imports = [ ./common/user-account.nix ]; + + services.cage = { + enable = true; + user = "alice"; + }; + + programs.ydotool.enable = true; + + services.cage.program = inputBox pkgs; + }; + + testScript = '' start_all() - machine.wait_for_x() - machine.execute(as_user("${inputBox}")) + machine.wait_for_unit("graphical.target") machine.wait_for_text("${inputBoxText}") - machine.succeed(as_user("ydotool type '${textInput}'")) # text input - machine.screenshot("x11_input") - machine.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input - machine.succeed(as_user("ydotool click 0xC0")) # mouse input + machine.succeed("ydotool type '${textInput}'") # text input + machine.screenshot("wayland_input") + machine.succeed("ydotool mousemove -a 100 100") # mouse input + machine.succeed("ydotool click 0xC0") # mouse input machine.wait_for_file("/tmp/output") machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input ''; - meta.maintainers = with lib.maintainers; [ - OPNA2608 - quantenzitrone - ]; - }; - - wayland = makeTest { - name = "wayland"; - - enableOCR = true; - - nodes.machine = { - imports = [ ./common/user-account.nix ]; - - services.cage = { - enable = true; - user = "alice"; - }; - - programs.ydotool.enable = true; - - services.cage.program = inputBox; - }; - - testScript = '' - start_all() - - machine.wait_for_unit("graphical.target") - machine.wait_for_text("${inputBoxText}") - machine.succeed("ydotool type '${textInput}'") # text input - machine.screenshot("wayland_input") - machine.succeed("ydotool mousemove -a 100 100") # mouse input - machine.succeed("ydotool click 0xC0") # mouse input - machine.wait_for_file("/tmp/output") - machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input - ''; - - meta.maintainers = with lib.maintainers; [ - OPNA2608 - quantenzitrone - ]; - }; + meta.maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone + ]; + } + ); customGroup = let @@ -147,38 +156,41 @@ in outsideGroupUsername = "other-user"; groupName = "custom-group"; in - makeTest { - inherit name; + runTest ( + { lib, ... }: + { + inherit name; - nodes."${nodeName}" = { - programs.ydotool = { - enable = true; - group = groupName; - }; - - users.users = { - "${insideGroupUsername}" = { - isNormalUser = true; - extraGroups = [ groupName ]; + nodes."${nodeName}" = { + programs.ydotool = { + enable = true; + group = groupName; + }; + + users.users = { + "${insideGroupUsername}" = { + isNormalUser = true; + extraGroups = [ groupName ]; + }; + "${outsideGroupUsername}".isNormalUser = true; }; - "${outsideGroupUsername}".isNormalUser = true; }; - }; - testScript = '' - start_all() + testScript = '' + start_all() - # Wait for service to start - ${nodeName}.wait_for_unit("multi-user.target") - ${nodeName}.wait_for_unit("ydotoold.service") + # Wait for service to start + ${nodeName}.wait_for_unit("multi-user.target") + ${nodeName}.wait_for_unit("ydotoold.service") - # Verify that user with the configured group can use the service - ${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'") + # Verify that user with the configured group can use the service + ${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'") - # Verify that user without the configured group can't use the service - ${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'") - ''; + # Verify that user without the configured group can't use the service + ${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'") + ''; - meta.maintainers = with lib.maintainers; [ l0b0 ]; - }; + meta.maintainers = with lib.maintainers; [ l0b0 ]; + } + ); } diff --git a/pkgs/applications/networking/browsers/chromium/info.json b/pkgs/applications/networking/browsers/chromium/info.json index 9efb34dec8fd..41e0be5b3cc3 100644 --- a/pkgs/applications/networking/browsers/chromium/info.json +++ b/pkgs/applications/networking/browsers/chromium/info.json @@ -802,7 +802,7 @@ } }, "ungoogled-chromium": { - "version": "138.0.7204.96", + "version": "138.0.7204.100", "deps": { "depot_tools": { "rev": "a8900cc0f023d6a662eb66b317e8ddceeb113490", @@ -813,16 +813,16 @@ "hash": "sha256-UB9a7Fr1W0yYld6WbXyRR8dFqWsj/zx4KumDZ5JQKSM=" }, "ungoogled-patches": { - "rev": "138.0.7204.96-1", - "hash": "sha256-tOQSvdwK3lMN/7l23rbw7txJ/ovRguSXe9oMeol63Cs=" + "rev": "138.0.7204.100-1", + "hash": "sha256-zIBOQlW8UAE7n8x6R5LLjiNUquLOiTPvyxx4sM9r85Y=" }, "npmHash": "sha256-8d5VTHutv51libabhxv7SqPRcHfhVmGDSOvTSv013rE=" }, "DEPS": { "src": { "url": "https://chromium.googlesource.com/chromium/src.git", - "rev": "f01343ee86bdb55cc999f82381f038cdbf20db62", - "hash": "sha256-9Ryxv2DvnIKVk4ZvjXegubFDUNzJ3YXGPuYHlntC3RU=", + "rev": "5f45b4744e3d5ba82c2ca6d942f1e7a516110752", + "hash": "sha256-bI75IXPl6YeauK2oTnUURh1ch1H7KKw/QzKYZ/q6htI=", "recompress": true }, "src/third_party/clang-format/script": { @@ -1047,8 +1047,8 @@ }, "src/third_party/devtools-frontend/src": { "url": "https://chromium.googlesource.com/devtools/devtools-frontend", - "rev": "f8dfe8b36e516cef8a5a169e88d16480d8abdc68", - "hash": "sha256-7ygnGBAeiLxwbTx5s7LRs9+ZOe06tr8VFcSY5cVHnS4=" + "rev": "a6dbe06dafbad00ef4b0ea139ece1a94a5e2e6d8", + "hash": "sha256-XkyJFRxo3ZTBGfKdTwSIo14SLNPQAKQvY4lEX03j6LM=" }, "src/third_party/dom_distiller_js/dist": { "url": "https://chromium.googlesource.com/chromium/dom-distiller/dist.git", diff --git a/pkgs/build-support/dart/build-dart-application/default.nix b/pkgs/build-support/dart/build-dart-application/default.nix index 444930985f8e..5ff4d0a3ef23 100644 --- a/pkgs/build-support/dart/build-dart-application/default.nix +++ b/pkgs/build-support/dart/build-dart-application/default.nix @@ -101,6 +101,7 @@ let } // sdkSourceBuilders; }; packageConfig = generators.linkPackageConfig { + inherit pubspecLock; packageConfig = pub2nix.generatePackageConfig { pname = if args.pname != null then "${args.pname}-${args.version}" else null; diff --git a/pkgs/build-support/dart/build-dart-application/generators.nix b/pkgs/build-support/dart/build-dart-application/generators.nix index 0d6095dc3fc0..409de4cb5d4f 100644 --- a/pkgs/build-support/dart/build-dart-application/generators.nix +++ b/pkgs/build-support/dart/build-dart-application/generators.nix @@ -49,6 +49,7 @@ let # Adds the root package to a dependency package_config.json file from pub2nix. linkPackageConfig = { + pubspecLock, packageConfig, extraSetupCommands ? "", }: @@ -67,15 +68,27 @@ let dontBuild = true; - installPhase = '' - runHook preInstall + installPhase = + let + m = builtins.match "^[[:space:]]*(\\^|>=|>)?[[:space:]]*([0-9]+\\.[0-9]+)\\.[0-9]+.*$" pubspecLock.sdks.dart; + languageVersion = + if m != null then + (builtins.elemAt m 1) + else if pubspecLock.sdks.dart == "any" then + "null" + else + # https://github.com/dart-lang/pub/blob/15b96589066884300a30bdc356566f3398794857/lib/src/language_version.dart#L109 + "2.7"; + in + '' + runHook preInstall - packageName="$(yq --raw-output .name pubspec.yaml)" - jq --arg name "$packageName" '.packages |= . + [{ name: $name, rootUri: "../", packageUri: "lib/" }]' '${packageConfig}' > "$out" - ${extraSetupCommands} + packageName="$(yq --raw-output .name pubspec.yaml)" + jq --arg name "$packageName" --arg languageVersion ${languageVersion} '.packages |= . + [{ name: $name, rootUri: "../", packageUri: "lib/", languageVersion: (if $languageVersion == "null" then null else $languageVersion end) }]' '${packageConfig}' > "$out" + ${extraSetupCommands} - runHook postInstall - ''; + runHook postInstall + ''; } ); in diff --git a/pkgs/build-support/fetchhg/default.nix b/pkgs/build-support/fetchhg/default.nix index 1e5e76ec4ca0..45319bad3f68 100644 --- a/pkgs/build-support/fetchhg/default.nix +++ b/pkgs/build-support/fetchhg/default.nix @@ -30,16 +30,14 @@ lib.extendMkDerivation { outputHashAlgo = if finalAttrs.hash != null && finalAttrs.hash != "" then null else "sha256"; outputHashMode = "recursive"; - outputHash = - lib.throwIf (finalAttrs.hash != null && sha256 != null) "Only one of sha256 or hash can be set" - ( - if finalAttrs.hash != null then - finalAttrs.hash - else if sha256 != null then - sha256 - else - "" - ); + outputHash = lib.throwIf (hash != null && sha256 != null) "Only one of sha256 or hash can be set" ( + if finalAttrs.hash != null then + finalAttrs.hash + else if sha256 != null then + sha256 + else + "" + ); inherit url rev hash; inherit preferLocalBuild; diff --git a/pkgs/by-name/ac/act/package.nix b/pkgs/by-name/ac/act/package.nix index 2e181bf370f6..663b7ba6eabc 100644 --- a/pkgs/by-name/ac/act/package.nix +++ b/pkgs/by-name/ac/act/package.nix @@ -8,7 +8,7 @@ }: let - version = "0.2.78"; + version = "0.2.79"; in buildGoModule { pname = "act"; @@ -18,10 +18,10 @@ buildGoModule { owner = "nektos"; repo = "act"; tag = "v${version}"; - hash = "sha256-S4Ev7MszuvlsUstnjOltYnZTuhzeqP/GDqMEWsFLe5Y="; + hash = "sha256-tIp9iG8SCppg+tX/KdvAON5fKAHAlU01GSJEgvm2JSg="; }; - vendorHash = "sha256-YH5SIZ73VYqg7+sSJpvqkIlBUy1rs3uNEWiEBDRdkQw="; + vendorHash = "sha256-wMtRpFUOMia7ZbuKUUkkcr2Gi88fiZydqFSVSAdiKdo="; doCheck = false; diff --git a/pkgs/by-name/aw/aws-lc/package.nix b/pkgs/by-name/aw/aws-lc/package.nix index de89ba8f5897..61f3a8497df2 100644 --- a/pkgs/by-name/aw/aws-lc/package.nix +++ b/pkgs/by-name/aw/aws-lc/package.nix @@ -10,13 +10,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "aws-lc"; - version = "1.53.1"; + version = "1.55.0"; src = fetchFromGitHub { owner = "aws"; repo = "aws-lc"; rev = "v${finalAttrs.version}"; - hash = "sha256-1liZ1xellboNNsL7D6vqYk9sHFpWN5c0o8B1S9B5Gnc="; + hash = "sha256-Ul+PoOItv7FU7v7NkpaCrZrr/ULnI9FSv6T8ePzTMCs="; }; outputs = [ diff --git a/pkgs/by-name/bi/bibiman/package.nix b/pkgs/by-name/bi/bibiman/package.nix index afd2f9aebf34..6f8c56d59ef0 100644 --- a/pkgs/by-name/bi/bibiman/package.nix +++ b/pkgs/by-name/bi/bibiman/package.nix @@ -8,18 +8,18 @@ rustPlatform.buildRustPackage rec { pname = "bibiman"; - version = "0.12.4"; + version = "0.13.1"; src = fetchFromGitea { domain = "codeberg.org"; owner = "lukeflo"; repo = "bibiman"; tag = "v${version}"; - hash = "sha256-6duqLBPm6GlBHm3Kr4foHF1MKodYOYKKDITk/BiX6mA="; + hash = "sha256-MdUabJQ5x3/n7dfbIjAqK9hDQ+lLNOtXknY4fTSW67Q="; }; useFetchCargoVendor = true; - cargoHash = "sha256-tbgzjTsK88+G4Wxex4Tl0K5Ii99tPNud3UEDzAHaI0M="; + cargoHash = "sha256-FARk/BCssI35aS4yxUnfGoV6C3i4/a/LQcEMIKD29Ac="; nativeInstallCheckInputs = [ versionCheckHook diff --git a/pkgs/by-name/br/bruno/package.nix b/pkgs/by-name/br/bruno/package.nix index a9e3b9577ba7..4eb4e5175505 100644 --- a/pkgs/by-name/br/bruno/package.nix +++ b/pkgs/by-name/br/bruno/package.nix @@ -19,20 +19,20 @@ buildNpmPackage rec { pname = "bruno"; - version = "2.6.1"; + version = "2.7.0"; src = fetchFromGitHub { owner = "usebruno"; repo = "bruno"; tag = "v${version}"; - hash = "sha256-GR/TmBuZbt/8cB9gtRPgzSVnzdrB1BKhYjahfJ3ErgQ="; + hash = "sha256-qNZCLd4FixJ+I5xaIIQ9EIKfCXnPOZFGbXHkgagBbFE="; postFetch = '' ${lib.getExe npm-lockfile-fix} $out/package-lock.json ''; }; - npmDepsHash = "sha256-/u7xyd1+RXNN7khVOglzYGMCI+fPjyiuSF2BSZAqEtI="; + npmDepsHash = "sha256-osdjtn9jn6T1YizQM7I9cfiHvIkrZ8HRDNjsR+FS/DE="; npmFlags = [ "--legacy-peer-deps" ]; nativeBuildInputs = diff --git a/pkgs/by-name/by/byedpi/package.nix b/pkgs/by-name/by/byedpi/package.nix index d80429cea8fe..5358b379ef88 100644 --- a/pkgs/by-name/by/byedpi/package.nix +++ b/pkgs/by-name/by/byedpi/package.nix @@ -6,13 +6,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "byedpi"; - version = "0.17"; + version = "0.17.1"; src = fetchFromGitHub { owner = "hufrea"; repo = "byedpi"; tag = "v${finalAttrs.version}"; - hash = "sha256-JedtEgkj21pDnNM19Oq6asI7iMIHZqf3ZolDlUDhHg8="; + hash = "sha256-an0UmsAZw5DJMuM4WpAWBVVN0ZVBpXhn0cbZ0ZbfBjo="; }; installPhase = '' diff --git a/pkgs/by-name/ca/cargo-mobile2/package.nix b/pkgs/by-name/ca/cargo-mobile2/package.nix index 5ec4c9e830ea..28bd1afe832d 100644 --- a/pkgs/by-name/ca/cargo-mobile2/package.nix +++ b/pkgs/by-name/ca/cargo-mobile2/package.nix @@ -10,7 +10,7 @@ let pname = "cargo-mobile2"; - version = "0.20.1"; + version = "0.20.2"; in rustPlatform.buildRustPackage { inherit pname version; @@ -18,7 +18,7 @@ rustPlatform.buildRustPackage { owner = "tauri-apps"; repo = "cargo-mobile2"; rev = "cargo-mobile2-v${version}"; - hash = "sha256-gKqGmd34nNKMc3fl5lMH09oOGnmRaMDBwsbHhAeUMBc="; + hash = "sha256-mXedzfAN40IG8ivcSa/tf/Ys/rKcwkCmxU7/ja9ec2U="; }; # Manually specify the sourceRoot since this crate depends on other crates in the workspace. Relevant info at @@ -26,7 +26,7 @@ rustPlatform.buildRustPackage { # sourceRoot = "${src.name}/tooling/cli"; useFetchCargoVendor = true; - cargoHash = "sha256-QEZe+7/i0XygXxs7pwdS9WtYbE2pfrUuRQC0dm+WqTo="; + cargoHash = "sha256-Y1ykz7QU48AJVKBcYdrWEuNcahontkaJyFmrrh4eQs0="; preBuild = '' mkdir -p $out/share/ diff --git a/pkgs/by-name/cl/claude-code/package-lock.json b/pkgs/by-name/cl/claude-code/package-lock.json index 028cc53b3dac..0ef129331cb8 100644 --- a/pkgs/by-name/cl/claude-code/package-lock.json +++ b/pkgs/by-name/cl/claude-code/package-lock.json @@ -6,13 +6,13 @@ "packages": { "": { "dependencies": { - "@anthropic-ai/claude-code": "^1.0.44" + "@anthropic-ai/claude-code": "^1.0.48" } }, "node_modules/@anthropic-ai/claude-code": { - "version": "1.0.44", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.44.tgz", - "integrity": "sha512-GCX0KeMcyhLlfs/dLWlMiHShAMmjt8d7xcVUS53z7VnV6s3cIIrRPsKQ/xX/Q9rFm5dSVmRnzU88Ku28fb3QKQ==", + "version": "1.0.48", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.48.tgz", + "integrity": "sha512-h63VBAZZ6Pl/DlYW2PjbfUeicZ4r9VSl8dymD3d+1lZEHwCPgfMpu3g+30+FDMs79Xqc7qSDm6CRnMApxhbjqw==", "hasInstallScript": true, "license": "SEE LICENSE IN README.md", "bin": { diff --git a/pkgs/by-name/cl/claude-code/package.nix b/pkgs/by-name/cl/claude-code/package.nix index b81187ca9982..015b0e958c29 100644 --- a/pkgs/by-name/cl/claude-code/package.nix +++ b/pkgs/by-name/cl/claude-code/package.nix @@ -7,16 +7,16 @@ buildNpmPackage rec { pname = "claude-code"; - version = "1.0.44"; + version = "1.0.48"; nodejs = nodejs_20; # required for sandboxed Nix builds on Darwin src = fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; - hash = "sha256-Dnooy0KNfhirTu7hv6DfwL7SHwf++CKtG8VHptNhcxU="; + hash = "sha256-nl7NGiREuFpbr0if273FfbSpjD/BG8a/uMXfYtiZgbE="; }; - npmDepsHash = "sha256-Q3m4q0g/H5ZWmnMXSipRt3FUFu+SgDAJutVelQsv9ls="; + npmDepsHash = "sha256-ppsyT+VXXaIP1ncuJx1I8M6eLTk7zP1KStf5nnWSwSo="; postPatch = '' cp ${./package-lock.json} package-lock.json diff --git a/pkgs/by-name/cl/clorinde/package.nix b/pkgs/by-name/cl/clorinde/package.nix index 3eed4fed07e1..9b1fa27376b4 100644 --- a/pkgs/by-name/cl/clorinde/package.nix +++ b/pkgs/by-name/cl/clorinde/package.nix @@ -8,17 +8,17 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "clorinde"; - version = "0.16.0"; + version = "1.0.0"; src = fetchFromGitHub { owner = "halcyonnouveau"; repo = "clorinde"; tag = "clorinde-v${finalAttrs.version}"; - hash = "sha256-ze/PEML1buh3HlVgz6ifMPWfZnr6eT3VpIXf7jR68jw="; + hash = "sha256-AYoSs3rDZ5j8Xt6E4X7RmgccM3bng3rgWzVLFjhmfR0="; }; useFetchCargoVendor = true; - cargoHash = "sha256-dp5m/PLVG8xUM6LCq48NKK0P8di44keB/YZ9ocfL0Bg="; + cargoHash = "sha256-hxOVocfQvBlaYh227SVLYncfVZ80bDxIvoMtthaqQqc="; cargoBuildFlags = [ "--package=clorinde" ]; diff --git a/pkgs/by-name/fa/fantomas/package.nix b/pkgs/by-name/fa/fantomas/package.nix index 8c61867c601f..f9c254cf6440 100644 --- a/pkgs/by-name/fa/fantomas/package.nix +++ b/pkgs/by-name/fa/fantomas/package.nix @@ -2,9 +2,9 @@ buildDotnetGlobalTool { pname = "fantomas"; - version = "7.0.2"; + version = "7.0.3"; - nugetHash = "sha256-BAaENIm/ksTiXrUImRgKoIXTGIlgsX7ch6ayoFjhJXA="; + nugetHash = "sha256-0XlfV7SxXPDnk/CjkUesJSaH0cxlNHJ+Jj86zNUhkNA="; meta = with lib; { description = "F# source code formatter"; diff --git a/pkgs/by-name/gi/gitaly/package.nix b/pkgs/by-name/gi/gitaly/package.nix index c44d42860fd1..f27132f57d2a 100644 --- a/pkgs/by-name/gi/gitaly/package.nix +++ b/pkgs/by-name/gi/gitaly/package.nix @@ -7,7 +7,7 @@ }: let - version = "18.1.1"; + version = "18.1.2"; package_version = "v${lib.versions.major version}"; gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}"; @@ -21,7 +21,7 @@ let owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - hash = "sha256-R79UV6QIEO/B7xQ3ds4scm7twHmalziksKBJ97tYVJM="; + hash = "sha256-ErA04W6rWsjSay02bst0ur1mztrdo8SW/mpGtln4unI="; }; vendorHash = "sha256-BTpcnaHNyLgdAA9KqqA+mBo18fmQ0+OwLGNOPHRJ/IE="; diff --git a/pkgs/by-name/gi/gitlab-container-registry/package.nix b/pkgs/by-name/gi/gitlab-container-registry/package.nix index 73f1209fbad9..d5013e8d13d6 100644 --- a/pkgs/by-name/gi/gitlab-container-registry/package.nix +++ b/pkgs/by-name/gi/gitlab-container-registry/package.nix @@ -6,7 +6,7 @@ buildGoModule rec { pname = "gitlab-container-registry"; - version = "4.23.1"; + version = "4.24.0"; rev = "v${version}-gitlab"; # nixpkgs-update: no auto update @@ -14,10 +14,10 @@ buildGoModule rec { owner = "gitlab-org"; repo = "container-registry"; inherit rev; - hash = "sha256-eCuSuQXtzd2jLJf9G8DO1KGXdT8bYGe9tcKw6BZNiiI="; + hash = "sha256-GNL7L6DKIKEgDEZQkeHNOn4R5SnWnHvNoUIs2YLjoR8="; }; - vendorHash = "sha256-OrdlQp+USRf+Yc7UDjIncDpbuRu5ui6TUoYY2MMc8Ro="; + vendorHash = "sha256-zisadCxyfItD/n7VGbtbvhl8MRHiqdw0Kkrg6ebgS/8="; checkFlags = let diff --git a/pkgs/by-name/gi/gitlab-pages/package.nix b/pkgs/by-name/gi/gitlab-pages/package.nix index 3981ac06c106..d21dba50c838 100644 --- a/pkgs/by-name/gi/gitlab-pages/package.nix +++ b/pkgs/by-name/gi/gitlab-pages/package.nix @@ -6,14 +6,14 @@ buildGoModule rec { pname = "gitlab-pages"; - version = "18.1.1"; + version = "18.1.2"; # nixpkgs-update: no auto update src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-pages"; rev = "v${version}"; - hash = "sha256-tqT+ARebnBhBHzOenkL/o7/tf4/urxKFAOFMwCQSzeA="; + hash = "sha256-XY/WK19nujQPdsicGDHS5gEZf3uJZdW41R4xK9hDML0="; }; vendorHash = "sha256-6ZHKwPhC3N813kiw1NnPOMVc2CBSIClwc4MunDi0gCk="; diff --git a/pkgs/by-name/gi/gitlab/data.json b/pkgs/by-name/gi/gitlab/data.json index fd510ddfea1e..7e6ef7cd5e0f 100644 --- a/pkgs/by-name/gi/gitlab/data.json +++ b/pkgs/by-name/gi/gitlab/data.json @@ -1,15 +1,15 @@ { - "version": "18.1.1", - "repo_hash": "1agw51d1qvvx6yyzz71sz4mkx04ic8hmql8lggz3x5scnhglnzjq", + "version": "18.1.2", + "repo_hash": "072ib6rc7mw9pdzql8514k4z76i1ahssyj5kypgyvf9qj4naym0b", "yarn_hash": "0c5pp3dpvw0q0nfl6w1lpdmk7dvkfinwb7z7a3vq22wgzca23x2m", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v18.1.1-ee", + "rev": "v18.1.2-ee", "passthru": { - "GITALY_SERVER_VERSION": "18.1.1", - "GITLAB_PAGES_VERSION": "18.1.1", + "GITALY_SERVER_VERSION": "18.1.2", + "GITLAB_PAGES_VERSION": "18.1.2", "GITLAB_SHELL_VERSION": "14.42.0", "GITLAB_ELASTICSEARCH_INDEXER_VERSION": "5.6.0", - "GITLAB_WORKHORSE_VERSION": "18.1.1" + "GITLAB_WORKHORSE_VERSION": "18.1.2" } } diff --git a/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix b/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix index 3c9a7bfe0e3b..d32d1530b2ce 100644 --- a/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix @@ -10,7 +10,7 @@ in buildGoModule rec { pname = "gitlab-workhorse"; - version = "18.1.1"; + version = "18.1.2"; # nixpkgs-update: no auto update src = fetchFromGitLab { diff --git a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile index 8913861030c1..b8cd3db40e42 100644 --- a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile +++ b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile @@ -648,7 +648,9 @@ gem 'gitaly', '~> 18.1.0.pre.rc1', feature_category: :gitaly # KAS GRPC protocol definitions gem 'gitlab-kas-grpc', '~> 17.11.0', feature_category: :deployment_management -gem 'grpc', '~> 1.72.0', feature_category: :shared +# Lock until 1.74.0 is available +# https://gitlab.com/gitlab-com/gl-infra/production/-/issues/20067 +gem 'grpc', '= 1.63.0', feature_category: :shared gem 'google-protobuf', '~> 3.25', '>= 3.25.3', feature_category: :shared diff --git a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock index 637c16927096..e5a452a4d519 100644 --- a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock +++ b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock @@ -48,7 +48,7 @@ PATH google-cloud-storage_transfer (~> 1.2.0) google-protobuf (~> 3.25, >= 3.25.3) googleauth (~> 1.8.1) - grpc (~> 1.72.0) + grpc (= 1.63.0) json (~> 2.7) jwt (~> 2.5) logger (~> 1.5) @@ -956,8 +956,8 @@ GEM graphql (~> 2.0) html-pipeline (~> 2.14, >= 2.14.3) sass-embedded (~> 1.58) - grpc (1.72.0) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) grpc-google-iam-v1 (1.5.0) google-protobuf (~> 3.18) @@ -2210,7 +2210,7 @@ DEPENDENCIES graphlyte (~> 1.0.0) graphql (= 2.4.13) graphql-docs (~> 5.0.0) - grpc (~> 1.72.0) + grpc (= 1.63.0) gssapi (~> 1.3.1) guard-rspec haml_lint (~> 0.58) diff --git a/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix b/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix index 33afdf2cb5d1..4edeca120f33 100644 --- a/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix +++ b/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix @@ -3886,10 +3886,10 @@ src: { platforms = [ ]; source = { remotes = [ "https://rubygems.org" ]; - sha256 = "02gakdhvpl777b41i8cgkrj7gk0jlq4fza9hjksp2r7ryji0vyjn"; + sha256 = "11ink0ayf14qgs3msn5a7dpg49vm3ck2415r64nfk1i8xv286hsz"; type = "gem"; }; - version = "1.72.0"; + version = "1.63.0"; }; grpc-google-iam-v1 = { dependencies = [ diff --git a/pkgs/by-name/go/go-camo/package.nix b/pkgs/by-name/go/go-camo/package.nix index e32a442178df..6ae59c258fa1 100644 --- a/pkgs/by-name/go/go-camo/package.nix +++ b/pkgs/by-name/go/go-camo/package.nix @@ -3,6 +3,7 @@ buildGo124Module, fetchFromGitHub, installShellFiles, + nixosTests, scdoc, }: @@ -43,6 +44,10 @@ buildGo124Module rec { rm pkg/camo/proxy_{,filter_}test.go ''; + passthru.tests = { + inherit (nixosTests) go-camo; + }; + meta = { description = "Camo server is a special type of image proxy that proxies non-secure images over SSL/TLS"; homepage = "https://github.com/cactus/go-camo"; diff --git a/pkgs/by-name/go/go-musicfox/package.nix b/pkgs/by-name/go/go-musicfox/package.nix index 81178025bb2d..8fc71f8323fe 100644 --- a/pkgs/by-name/go/go-musicfox/package.nix +++ b/pkgs/by-name/go/go-musicfox/package.nix @@ -11,13 +11,13 @@ buildGoModule rec { pname = "go-musicfox"; - version = "4.6.2"; + version = "4.6.3"; src = fetchFromGitHub { owner = "go-musicfox"; repo = "go-musicfox"; rev = "v${version}"; - hash = "sha256-GpzbHShQvsgPNnUjk52PSDhvmxEuJVXNXI7z8ESv6QQ="; + hash = "sha256-TxBd+Q7tEyJpcUwOWAl2U1gmdNRYrBkGCtT961/8K1E="; }; deleteVendor = true; diff --git a/pkgs/by-name/ja/janus-gateway/package.nix b/pkgs/by-name/ja/janus-gateway/package.nix index 5d9190b8a95b..66c75bf6734d 100644 --- a/pkgs/by-name/ja/janus-gateway/package.nix +++ b/pkgs/by-name/ja/janus-gateway/package.nix @@ -34,13 +34,13 @@ in stdenv.mkDerivation rec { pname = "janus-gateway"; - version = "1.3.1"; + version = "1.3.2"; src = fetchFromGitHub { owner = "meetecho"; repo = "janus-gateway"; rev = "v${version}"; - sha256 = "sha256-Y4MdbB706aziKPxM9y/3uCKpc60dMDlV0xgugDjfa7A="; + sha256 = "sha256-FvTNe2lpDBchhVLTD+fKtwTcuqsuSEeNWcRAbLibLbc="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/li/limine/package.nix b/pkgs/by-name/li/limine/package.nix index 9d7125cfd481..b93ccaebffc7 100644 --- a/pkgs/by-name/li/limine/package.nix +++ b/pkgs/by-name/li/limine/package.nix @@ -42,14 +42,14 @@ in # as bootloader for various platforms and corresponding binary and helper files. stdenv.mkDerivation (finalAttrs: { pname = "limine"; - version = "9.3.4"; + version = "9.4.0"; # We don't use the Git source but the release tarball, as the source has a # `./bootstrap` script performing network access to download resources. # Packaging that in Nix is very cumbersome. src = fetchurl { url = "https://github.com/limine-bootloader/limine/releases/download/v${finalAttrs.version}/limine-${finalAttrs.version}.tar.gz"; - hash = "sha256-GXArMxm7vDyUShTIM1O8/4M8h/ol/b8YcsXdodxJqeM="; + hash = "sha256-ddQB0wKMhKSnPrJflgsDfyWCzOiFehf/2CijPiVk65U="; }; enableParallelBuilding = true; diff --git a/pkgs/by-name/ll/llama-cpp/package.nix b/pkgs/by-name/ll/llama-cpp/package.nix index f6a5e873433b..89ad298ecbe8 100644 --- a/pkgs/by-name/ll/llama-cpp/package.nix +++ b/pkgs/by-name/ll/llama-cpp/package.nix @@ -72,13 +72,13 @@ let in effectiveStdenv.mkDerivation (finalAttrs: { pname = "llama-cpp"; - version = "5760"; + version = "5836"; src = fetchFromGitHub { owner = "ggml-org"; repo = "llama.cpp"; tag = "b${finalAttrs.version}"; - hash = "sha256-sl1lhj40c546YRuCTn6BlmS60Rd2TBKNx4TaQ0I6110="; + hash = "sha256-fo6wnwN3a4xZamwm68EVLNVfQkk+vSxgEoORQKLzdH8="; leaveDotGit = true; postFetch = '' git -C "$out" rev-parse --short HEAD > $out/COMMIT diff --git a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py index 90c3060e9ce4..c2abc9501bb9 100644 --- a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py +++ b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py @@ -108,9 +108,9 @@ def test_flake_from_arg( return_value=True, ), patch( - "pathlib.Path.is_symlink", + "pathlib.Path.resolve", autospec=True, - return_value=False, + return_value=Path("/etc/nixos/flake.nix"), ), ): assert m.Flake.from_arg(None, None) == m.Flake( @@ -123,11 +123,6 @@ def test_flake_from_arg( autospec=True, return_value=True, ), - patch( - "pathlib.Path.is_symlink", - autospec=True, - return_value=True, - ), patch( "pathlib.Path.resolve", autospec=True, diff --git a/pkgs/by-name/no/nominatim-ui/package.nix b/pkgs/by-name/no/nominatim-ui/package.nix index 323be48ae2cc..2efa4b66b1e8 100644 --- a/pkgs/by-name/no/nominatim-ui/package.nix +++ b/pkgs/by-name/no/nominatim-ui/package.nix @@ -3,6 +3,7 @@ stdenv, fetchFromGitHub, fetchYarnDeps, + nixosTests, writableTmpDirAsHomeHook, writeText, @@ -10,7 +11,7 @@ nodejs, yarn, - # Custom application configuration placed to theme/config.theme.js file + # Custom application configuration placed to theme/config.theme.js file. # For the list of available configuration options see # https://github.com/osm-search/nominatim-ui/blob/master/dist/config.defaults.js customConfig ? null, @@ -83,6 +84,10 @@ stdenv.mkDerivation (finalAttrs: { runHook postInstall ''; + passthru.tests = { + inherit (nixosTests) nominatim; + }; + meta = { description = "Debugging user interface for Nominatim geocoder"; homepage = "https://github.com/osm-search/nominatim-ui"; diff --git a/pkgs/by-name/no/nominatim/package.nix b/pkgs/by-name/no/nominatim/package.nix index add1001d86ef..d6c272e0f2a9 100644 --- a/pkgs/by-name/no/nominatim/package.nix +++ b/pkgs/by-name/no/nominatim/package.nix @@ -7,6 +7,7 @@ python3Packages, nominatim, # required for testVersion + nixosTests, testers, }: @@ -64,8 +65,9 @@ python3Packages.buildPythonApplication rec { pythonImportsCheck = [ "nominatim_db" ]; - passthru = { - tests.version = testers.testVersion { package = nominatim; }; + passthru.tests = { + version = testers.testVersion { package = nominatim; }; + inherit (nixosTests) nominatim; }; meta = { diff --git a/pkgs/by-name/op/optee-client/package.nix b/pkgs/by-name/op/optee-client/package.nix new file mode 100644 index 000000000000..dbe59890d452 --- /dev/null +++ b/pkgs/by-name/op/optee-client/package.nix @@ -0,0 +1,72 @@ +{ + fetchFromGitHub, + isNixOS ? true, + lib, + libuuid, + pkg-config, + stdenv, + which, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "optee-client"; + version = "4.6.0"; + + src = fetchFromGitHub { + owner = "OP-TEE"; + repo = "optee_client"; + rev = finalAttrs.version; + hash = "sha256-hHEIn0WU4XfqwZbOdg9kwSDxDcvK7Tvxtelamfc3IRM="; + }; + + outputs = [ + "out" + "lib" + "dev" + ]; + + strictDeps = true; + + enableParallelBuilding = true; + + nativeBuildInputs = [ + which + pkg-config + ]; + buildInputs = [ libuuid ]; + + makeFlags = + [ + "CROSS_COMPILE=${stdenv.cc.targetPrefix}" + "DESTDIR=$(out)" + "SBINDIR=/bin" + "INCLUDEDIR=/include" + "LIBDIR=/lib" + ] + ++ + # If we are building for NixOS, change default optee config to use paths + # that will work well with NixOS. + lib.optionals isNixOS [ + "CFG_TEE_CLIENT_LOAD_PATH=/run/current-system/sw/lib" + "CFG_TEE_PLUGIN_LOAD_PATH=/run/current-system/sw/lib/tee-supplicant/plugins" + "CFG_TEE_FS_PARENT_PATH=/var/lib/tee" + ]; + + preFixup = '' + mkdir -p "$lib" "$dev" + mv "$out/lib" "$lib" + mv "$out/include" "$dev" + ''; + + meta = { + description = "Normal world client for OPTEE OS"; + homepage = "https://github.com/OP-TEE/optee_client"; + changelog = "https://github.com/OP-TEE/optee_client/releases/tag/${finalAttrs.version}"; + license = lib.licenses.bsd2; + maintainers = [ lib.maintainers.jmbaur ]; + platforms = [ + "aarch64-linux" + "armv7l-linux" + ]; + }; +}) diff --git a/pkgs/by-name/pi/pimsync/package.nix b/pkgs/by-name/pi/pimsync/package.nix index c895512503de..8738263b6dd2 100644 --- a/pkgs/by-name/pi/pimsync/package.nix +++ b/pkgs/by-name/pi/pimsync/package.nix @@ -12,17 +12,17 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "pimsync"; - version = "0.4.2"; + version = "0.4.3"; src = fetchFromSourcehut { owner = "~whynothugo"; repo = "pimsync"; rev = "v${finalAttrs.version}"; - hash = "sha256-6oV9E6Q6FmCh24xT9+lsQ47GVs70sSujsn54dX6CPgY="; + hash = "sha256-VPrEY3aJKhn96oaehJ8MrrUj0XoSOMWC7APbnw6OrsQ="; }; useFetchCargoVendor = true; - cargoHash = "sha256-vnBk0uojWDM9PS8v5Qda2UflmIFZ09Qp9l25qTTWGMc="; + cargoHash = "sha256-m5tg50C6DMFuBrCW9sxYfeRRZv6Sncp8X40fzaKEsi0="; PIMSYNC_VERSION = finalAttrs.version; diff --git a/pkgs/by-name/ru/rustical/package.nix b/pkgs/by-name/ru/rustical/package.nix new file mode 100644 index 000000000000..8c492caf2331 --- /dev/null +++ b/pkgs/by-name/ru/rustical/package.nix @@ -0,0 +1,35 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + pkg-config, + openssl, +}: + +rustPlatform.buildRustPackage (finalAttrs: { + pname = "rustical"; + version = "0.4.11"; + + src = fetchFromGitHub { + owner = "lennart-k"; + repo = "rustical"; + tag = "v${finalAttrs.version}"; + hash = "sha256-QWuJKEc6hBA2rdbaqdhrah+WyRwVd91Y8/BIOaKlW28="; + }; + + cargoHash = "sha256-dQF+6my+TxZ6niFO5OnLXcPt0LGEymaXE9NqZWU5HJk="; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ openssl ]; + + env.OPENSSL_NO_VENDOR = true; + + meta = { + description = "Yet another calendar server aiming to be simple, fast and passwordless"; + homepage = "https://github.com/lennart-k/rustical"; + changelog = "https://github.com/lennart-k/rustical/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ PopeRigby ]; + mainProgram = "rustical"; + }; +}) diff --git a/pkgs/by-name/si/signal-export/package.nix b/pkgs/by-name/si/signal-export/package.nix index fe39aff53eee..83b12f5c6350 100644 --- a/pkgs/by-name/si/signal-export/package.nix +++ b/pkgs/by-name/si/signal-export/package.nix @@ -7,13 +7,13 @@ python3.pkgs.buildPythonApplication rec { pname = "signal-export"; - version = "3.5.1"; + version = "3.6.0"; pyproject = true; src = fetchPypi { inherit version; pname = "signal_export"; - hash = "sha256-UhLWSYdJEDhZ1zI3nxhJoqeH8JfR4s9Hdp6fJ4UNROQ="; + hash = "sha256-lflRY6EC9fqgdYwQ9Incc2PJ22okZC9Juu6X7pxGJ8w="; }; build-system = with python3.pkgs; [ diff --git a/pkgs/by-name/up/upbound/sources-main.json b/pkgs/by-name/up/upbound/sources-main.json index 9d0d2cd9ba00..af98b2112da7 100644 --- a/pkgs/by-name/up/upbound/sources-main.json +++ b/pkgs/by-name/up/upbound/sources-main.json @@ -8,38 +8,38 @@ "fetchurlAttrSet": { "docker-credential-up": { "aarch64-darwin": { - "hash": "sha256-ByiFy8k6qwKXTp7iLoojUNNKhhZnbqc6ms6g+r4f9u0=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/darwin_arm64.tar.gz" + "hash": "sha256-9X6D0WI9Vru/M3oQ/yK0AJjth6MTGfxeEf5Axx2rAlc=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/darwin_arm64.tar.gz" }, "aarch64-linux": { - "hash": "sha256-qis91nt43HGEfuqcCH5ri/s4QiHiMrRMTinSUjQeI3o=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/linux_arm64.tar.gz" + "hash": "sha256-g7AzAp4cdJIsZ3mtkYF2MzlLHgwauFORaIkQ6mdwkuI=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/linux_arm64.tar.gz" }, "x86_64-darwin": { - "hash": "sha256-s2ORdd3G87Vo9I5zSZXGisjSMr0x86sCu6WOxOZBWTk=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/darwin_amd64.tar.gz" + "hash": "sha256-8F7r3o3e3Mo+GDicS+5Hg6qNz5B+Tt8OHcosHzpZUQM=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/darwin_amd64.tar.gz" }, "x86_64-linux": { - "hash": "sha256-5q/XactXioaOqUYwrojg5xgZg+pKjqnxR9tB8ILaaHg=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/linux_amd64.tar.gz" + "hash": "sha256-3TduM86fAb3cIFhb8SNrAFisu9RjQ7H0gtd7csJfSb0=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/linux_amd64.tar.gz" } }, "up": { "aarch64-darwin": { - "hash": "sha256-Rud8CPSlxl08cRjChFsZFG6Mfro8BiRWN7f2+DRwUsE=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/darwin_arm64.tar.gz" + "hash": "sha256-xLIdYSR+ILRY2qf5lPMroxZDvDEfDYxrz3cX4ZI0+h0=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/darwin_arm64.tar.gz" }, "aarch64-linux": { - "hash": "sha256-KN84vzXue9Tc8O9Ci/4emI7GOX8pETcVc/hpFuBJmy4=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/linux_arm64.tar.gz" + "hash": "sha256-nUOTdWTUJe8eyHTIF4b/00Q9J0Qb4QaAIdAz90h4yHo=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/linux_arm64.tar.gz" }, "x86_64-darwin": { - "hash": "sha256-qHN7PSqU5nK5Dh8k4HEjwTmjN/yIoJh7VBoQ/dJS3/s=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/darwin_amd64.tar.gz" + "hash": "sha256-qn2cfprwaLP7chMcWN+zw8+G/tHGNlJtPMX6iB9XjCY=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/darwin_amd64.tar.gz" }, "x86_64-linux": { - "hash": "sha256-mw80qJ+9CRQFFKF7bhWiEYcW1P7Jm4dqkXTN+F8erPM=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/linux_amd64.tar.gz" + "hash": "sha256-AAmdDWW0MmLYP5viRJ0BpXIVpmU7R6iSN5hwGm6HIuc=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/linux_amd64.tar.gz" } } }, @@ -49,5 +49,5 @@ "x86_64-darwin", "x86_64-linux" ], - "version": "0.39.0-87.g20595f83" + "version": "0.39.0-115.gbdd4b5af" } diff --git a/pkgs/by-name/wi/wireless-regdb/package.nix b/pkgs/by-name/wi/wireless-regdb/package.nix index 9141651290f7..2664ed9a23e8 100644 --- a/pkgs/by-name/wi/wireless-regdb/package.nix +++ b/pkgs/by-name/wi/wireless-regdb/package.nix @@ -7,11 +7,11 @@ stdenvNoCC.mkDerivation rec { pname = "wireless-regdb"; - version = "2025.02.20"; + version = "2025.07.10"; src = fetchurl { url = "https://www.kernel.org/pub/software/network/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-V/jnchz1qIDBOuDCAu27IQkqBg1F+enFm80qgnK/pFY="; + hash = "sha256-qDQLzc0bXbbHkUmHnRIrFw87sHU4FxjU9Cmtgxpvoo0="; }; dontBuild = true; diff --git a/pkgs/development/python-modules/arviz/default.nix b/pkgs/development/python-modules/arviz/default.nix index 642973dd8c30..997d9921c5bd 100644 --- a/pkgs/development/python-modules/arviz/default.nix +++ b/pkgs/development/python-modules/arviz/default.nix @@ -39,14 +39,14 @@ buildPythonPackage rec { pname = "arviz"; - version = "0.21.0"; + version = "0.22.0"; pyproject = true; src = fetchFromGitHub { owner = "arviz-devs"; repo = "arviz"; tag = "v${version}"; - hash = "sha256-rrOvdyZE0wo3iiiQ2hHklAtLU38mXs3hLsb+Fwy9eAk="; + hash = "sha256-ZzZZKEtpVy44119H+upU36VLriZjjwPz3gqgKrL+gRI="; }; build-system = [ diff --git a/pkgs/development/python-modules/mmengine/default.nix b/pkgs/development/python-modules/mmengine/default.nix index da6d56052843..a5debed6a138 100644 --- a/pkgs/development/python-modules/mmengine/default.nix +++ b/pkgs/development/python-modules/mmengine/default.nix @@ -9,6 +9,7 @@ # dependencies addict, + distutils, matplotlib, numpy, opencv4, @@ -67,17 +68,13 @@ buildPythonPackage rec { + '' substituteInPlace tests/test_config/test_lazy.py \ --replace-fail "import numpy.compat" "" - - substituteInPlace mmengine/utils/dl_utils/collect_env.py \ - --replace-fail \ - "from distutils" \ - "from setuptools._distutils" ''; build-system = [ setuptools ]; dependencies = [ addict + distutils matplotlib numpy opencv4 diff --git a/pkgs/development/python-modules/orbax-checkpoint/default.nix b/pkgs/development/python-modules/orbax-checkpoint/default.nix index 68c88de3c4ae..3176db485bec 100644 --- a/pkgs/development/python-modules/orbax-checkpoint/default.nix +++ b/pkgs/development/python-modules/orbax-checkpoint/default.nix @@ -35,14 +35,14 @@ buildPythonPackage rec { pname = "orbax-checkpoint"; - version = "0.11.18"; + version = "0.11.19"; pyproject = true; src = fetchFromGitHub { owner = "google"; repo = "orbax"; tag = "v${version}"; - hash = "sha256-Uosd2TfC3KJMp46SnNnodPBc+G1nNdqFOwPQA+aVyrQ="; + hash = "sha256-j15E4jGvxIjEdWG6Lwr9mvPXr9WifrD1zFF6Vj+7wik="; }; sourceRoot = "${src.name}/checkpoint"; diff --git a/pkgs/development/python-modules/sqlite-vec/default.nix b/pkgs/development/python-modules/sqlite-vec/default.nix new file mode 100644 index 000000000000..7a389f10d40f --- /dev/null +++ b/pkgs/development/python-modules/sqlite-vec/default.nix @@ -0,0 +1,88 @@ +{ + lib, + buildPythonPackage, + fetchpatch, + + # build-system + setuptools, + setuptools-scm, + + # dependencies + sqlite-vec-c, # alias for pkgs.sqlite-vec + + # optional dependencies + numpy, + + # check inputs + openai, + pytestCheckHook, +}: + +buildPythonPackage rec { + inherit (sqlite-vec-c) pname version src; + pyproject = true; + + # The actual source root is bindings/python but the patches + # apply to the bindings directory. + # This is a known issue, see https://discourse.nixos.org/t/how-to-apply-patches-with-sourceroot/59727 + sourceRoot = "${src.name}/bindings"; + + patches = [ + (fetchpatch { + # https://github.com/asg017/sqlite-vec/pull/233 + name = "add-python-build-files.patch"; + url = "https://github.com/asg017/sqlite-vec/commit/c1917deb11aa79dcac32440679345b93e13b1b86.patch"; + hash = "sha256-4/9QLKuM/1AbD8AQHwJ14rhWVYVc+MILvK6+tWwWQlw="; + stripLen = 1; + }) + (fetchpatch { + # https://github.com/asg017/sqlite-vec/pull/233 + name = "add-python-test.patch"; + url = "https://github.com/asg017/sqlite-vec/commit/608972c9dcbfc7f4583e99fd8de6e5e16da11081.patch"; + hash = "sha256-8dfw7zs7z2FYh8DoAxurMYCDMOheg8Zl1XGcPw1A1BM="; + stripLen = 1; + }) + ]; + + # Change into the proper directory for building, move `extra_init.py` into its proper location, + # and supply the path to the library. + postPatch = '' + cd python + mv extra_init.py sqlite_vec/ + substituteInPlace sqlite_vec/__init__.py \ + --replace-fail "@libpath@" "${lib.getLib sqlite-vec-c}/lib/" + ''; + + build-system = [ + setuptools + setuptools-scm + ]; + + dependencies = [ + sqlite-vec-c + ]; + + optional-dependencies = { + numpy = [ + numpy + ]; + }; + + nativeCheckInputs = [ + numpy + openai + pytestCheckHook + sqlite-vec-c + ]; + + pythonImportsCheck = [ "sqlite_vec" ]; + + meta = sqlite-vec-c.meta // { + description = "Python bindings for sqlite-vec"; + maintainers = [ lib.maintainers.sarahec ]; + badPlatforms = [ + # segfaults during test + "x86_64-darwin" + ]; + }; +} diff --git a/pkgs/development/python-modules/timm/default.nix b/pkgs/development/python-modules/timm/default.nix index 585d7676b716..eca27fbca2d1 100644 --- a/pkgs/development/python-modules/timm/default.nix +++ b/pkgs/development/python-modules/timm/default.nix @@ -22,14 +22,14 @@ buildPythonPackage rec { pname = "timm"; - version = "1.0.16"; + version = "1.0.17"; pyproject = true; src = fetchFromGitHub { owner = "huggingface"; repo = "pytorch-image-models"; tag = "v${version}"; - hash = "sha256-8z23KQvb+wAlM/IXDC9j6OV8ioZE1dx0xhITSzdHoeY="; + hash = "sha256-NWWKDWcwRrQ2lrNSbkA2xepAoPP7+0G7g7eIjGLZSCw="; }; build-system = [ pdm-backend ]; diff --git a/pkgs/development/python-modules/txtai/default.nix b/pkgs/development/python-modules/txtai/default.nix index c2e51878a79a..888124f28ecb 100644 --- a/pkgs/development/python-modules/txtai/default.nix +++ b/pkgs/development/python-modules/txtai/default.nix @@ -24,7 +24,7 @@ hnswlib, pgvector, sqlalchemy, - sqlite-vec, + sqlite-vec-c, # api aiohttp, fastapi, @@ -103,7 +103,7 @@ let hnswlib pgvector sqlalchemy - sqlite-vec + sqlite-vec-c ]; api = [ aiohttp diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index d11ea977b5af..07732200ee8a 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -7,19 +7,15 @@ stdenv.mkDerivation rec { pname = "flow"; - version = "0.238.3"; + version = "0.274.2"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; - rev = "v${version}"; - hash = "sha256-WlHta/wXTULehopXeIUdNAQb12Lf0SJnm1HIVHTDshA="; + tag = "v${version}"; + hash = "sha256-ZktRFFgPvIfbsAY3C6g3s3zqX3wES+QShu811m183cA="; }; - postPatch = '' - substituteInPlace src/services/inference/check_cache.ml --replace 'Core_kernel' 'Core' - ''; - makeFlags = [ "FLOW_RELEASE=1" ]; installPhase = '' @@ -39,12 +35,12 @@ stdenv.mkDerivation rec { buildInputs = ( with ocamlPackages; [ - core_kernel + camlp-streams dtoa fileutils lwt_log lwt_ppx - ocaml_lwt + lwt ppx_deriving ppx_gen_rec ppx_let diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index c4618ba9403e..bcb0a2e1efe9 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -18,7 +18,7 @@ }: let - buildArmTrustedFirmware = + buildArmTrustedFirmware = lib.makeOverridable ( { filesToInstall, installDir ? "$out", @@ -59,8 +59,11 @@ let depsBuildBuild = [ buildPackages.stdenv.cc ]; - # For Cortex-M0 firmware in RK3399 - nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ]; + nativeBuildInputs = [ + pkgsCross.arm-embedded.stdenv.cc # For Cortex-M0 firmware in RK3399 + openssl # For fiptool + ]; + # Make the new toolchain guessing (from 2.11+) happy # https://github.com/ARM-software/arm-trusted-firmware/blob/4ec2948fe3f65dba2f19e691e702f7de2949179c/make_helpers/toolchains/rk3399-m0.mk#L21-L22 rk3399-m0-oc = "${pkgsCross.arm-embedded.stdenv.cc.targetPrefix}objcopy"; @@ -112,7 +115,8 @@ let // extraMeta; } // builtins.removeAttrs args [ "extraMeta" ] - ); + ) + ); in { diff --git a/pkgs/misc/optee-os/default.nix b/pkgs/misc/optee-os/default.nix new file mode 100644 index 000000000000..6b6d5ae692af --- /dev/null +++ b/pkgs/misc/optee-os/default.nix @@ -0,0 +1,127 @@ +{ + dtc, + fetchFromGitHub, + lib, + pkgsBuildBuild, + stdenv, +}: + +let + defaultVersion = "4.6.0"; + + defaultSrc = fetchFromGitHub { + owner = "OP-TEE"; + repo = "optee_os"; + rev = defaultVersion; + hash = "sha256-4z706DNfZE+CAPOa362CNSFhAN1KaNyKcI9C7+MRccs="; + }; + + buildOptee = lib.makeOverridable ( + { + version ? null, + src ? null, + platform, + extraMakeFlags ? [ ], + extraMeta ? { }, + ... + }@args: + + let + inherit (stdenv.hostPlatform) is32bit is64bit; + + taTarget = + { + "arm" = "ta_arm32"; + "arm64" = "ta_arm64"; + } + .${stdenv.hostPlatform.linuxArch}; + in + stdenv.mkDerivation ( + { + pname = "optee-os-${platform}"; + + version = if src == null then defaultVersion else version; + + src = if src == null then defaultSrc else src; + + postPatch = '' + patchShebangs $(find -type d -name scripts -printf '%p ') + ''; + + outputs = [ + "out" + "devkit" + ]; + + strictDeps = true; + + enableParallelBuilding = true; + + depsBuildBuild = [ pkgsBuildBuild.stdenv.cc ]; + + nativeBuildInputs = [ + dtc + (pkgsBuildBuild.python3.withPackages ( + p: with p; [ + pyelftools + cryptography + ] + )) + ]; + + makeFlags = + [ + "O=out" + "PLATFORM=${platform}" + "CFG_USER_TA_TARGETS=${taTarget}" + ] + ++ (lib.optionals (is32bit) [ + "CFG_ARM32_core=y" + "CROSS_COMPILE32=${stdenv.cc.targetPrefix}" + ]) + ++ (lib.optionals (is64bit) [ + "CFG_ARM64_core=y" + "CROSS_COMPILE64=${stdenv.cc.targetPrefix}" + ]) + ++ extraMakeFlags; + + installPhase = '' + runHook preInstall + + mkdir -p $out + cp out/core/{tee.elf,tee-pageable_v2.bin,tee.bin,tee-header_v2.bin,tee-pager_v2.bin,tee-raw.bin} $out + cp -r out/export-${taTarget} $devkit + + runHook postInstall + ''; + + meta = + with lib; + { + description = "A Trusted Execution Environment for ARM"; + homepage = "https://github.com/OP-TEE/optee_os"; + changelog = "https://github.com/OP-TEE/optee_os/blob/${defaultVersion}/CHANGELOG.md"; + license = licenses.bsd2; + maintainers = [ maintainers.jmbaur ]; + } + // extraMeta; + } + // removeAttrs args [ "extraMeta" ] + ) + ); +in +{ + inherit buildOptee; + + opteeQemuArm = buildOptee { + platform = "vexpress"; + extraMakeFlags = [ "PLATFORM_FLAVOR=qemu_virt" ]; + extraMeta.platforms = [ "armv7l-linux" ]; + }; + + opteeQemuAarch64 = buildOptee { + platform = "vexpress"; + extraMakeFlags = [ "PLATFORM_FLAVOR=qemu_armv8a" ]; + extraMeta.platforms = [ "aarch64-linux" ]; + }; +} diff --git a/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix b/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix index f046c21aecca..73ef72840313 100644 --- a/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix +++ b/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix @@ -6,16 +6,16 @@ buildNpmPackage rec { pname = "hourly-weather"; - version = "6.6.1"; + version = "6.7.0"; src = fetchFromGitHub { owner = "decompil3d"; repo = "lovelace-hourly-weather"; rev = version; - hash = "sha256-D2kCUcUgLyMVeba3xc02q/5PrEzXrBVCX+75F58j8y0="; + hash = "sha256-VrHgFup2hAnoxqJQGw23ZiPFpAwfgSLC97U+KHV3PKQ="; }; - npmDepsHash = "sha256-gpyqQd4pRF4xKgfT9gRAVnXLSFThjfJV2yu4zOCvVpg="; + npmDepsHash = "sha256-wXL1wLdBp8gkAfY29AS1fM/ZpCCoP1u9PTxDIahy1cg="; env.CYPRESS_INSTALL_BINARY = "0"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 040cb2f078bc..e27704502dfe 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7232,9 +7232,7 @@ with pkgs; haskellPackages.callPackage ../tools/misc/fffuu { } ); - flow = callPackage ../development/tools/analysis/flow { - ocamlPackages = ocaml-ng.ocamlPackages_4_14; - }; + flow = callPackage ../development/tools/analysis/flow { }; framac = callPackage ../by-name/fr/framac/package.nix { ocamlPackages = ocaml-ng.ocamlPackages_5_2; @@ -7434,6 +7432,12 @@ with pkgs; libiberty_static = libiberty.override { staticBuild = true; }; }; + inherit (callPackage ../misc/optee-os { }) + buildOptee + opteeQemuArm + opteeQemuAarch64 + ; + patchelf = callPackage ../development/tools/misc/patchelf { }; patchelfUnstable = lowPrio (callPackage ../development/tools/misc/patchelf/unstable.nix { }); diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 52becd9e4a4f..eb7176078a06 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17031,6 +17031,10 @@ self: super: with self; { sqlite-utils = callPackage ../development/python-modules/sqlite-utils { }; + sqlite-vec = callPackage ../development/python-modules/sqlite-vec { + sqlite-vec-c = pkgs.sqlite-vec; + }; + sqlitedict = callPackage ../development/python-modules/sqlitedict { }; sqliteschema = callPackage ../development/python-modules/sqliteschema { }; @@ -18332,7 +18336,7 @@ self: super: with self; { txrequests = callPackage ../development/python-modules/txrequests { }; - txtai = callPackage ../development/python-modules/txtai { }; + txtai = callPackage ../development/python-modules/txtai { sqlite-vec-c = pkgs.sqlite-vec; }; txtorcon = callPackage ../development/python-modules/txtorcon { };