movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 20:55:31 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge staging-next-25.05 into staging-25.05

Browse source
This commit is contained in:
nixpkgs-ci[bot] 2025-06-03 00:23:12 +00:00 committed by GitHub
commit 8a8e32778d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
71 changed files with 606 additions and 357 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.github/labeler-no-sync.yml vendored
View file

@ -22,11 +22,4 @@
- doc/**/* - doc/**/*
- nixos/doc/**/* - nixos/doc/**/*
"backport release-24.11":
- any:
- changed-files:
- any-glob-to-any-file:
- .github/workflows/*
- ci/**/*.*
# keep-sorted end # keep-sorted end

19
.github/workflows/check-cherry-picks.yml vendored
View file

@ -115,16 +115,17 @@ jobs:
repo: context.repo.repo, repo: context.repo.repo,
pull_number: context.payload.pull_request.number pull_number: context.payload.pull_request.number
})).filter(review => })).filter(review =>
review.user.login == 'github-actions[bot]' && review.user.login == 'github-actions[bot]'
review.state == 'CHANGES_REQUESTED'
).map(async (review) => { ).map(async (review) => {
await github.rest.pulls.dismissReview({ if (review.state == 'CHANGES_REQUESTED') {
owner: context.repo.owner, await github.rest.pulls.dismissReview({
repo: context.repo.repo, owner: context.repo.owner,
pull_number: context.payload.pull_request.number, repo: context.repo.repo,
review_id: review.id, pull_number: context.payload.pull_request.number,
message: 'All cherry-picks are good now, thank you!' review_id: review.id,
}) message: 'All cherry-picks are good now, thank you!'
})
}
await github.graphql(`mutation($node_id:ID!) { await github.graphql(`mutation($node_id:ID!) {
minimizeComment(input: { minimizeComment(input: {
classifier: RESOLVED, classifier: RESOLVED,

2
.github/workflows/check-format.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
with: with:
merged-as-untrusted: true merged-as-untrusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true

8
.github/workflows/check-shell.yml vendored
View file

@ -42,7 +42,13 @@ jobs:
with: with:
merged-as-untrusted: true merged-as-untrusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Build shell - name: Build shell
run: nix-build untrusted/ci -A shell run: nix-build untrusted/ci -A shell

16
.github/workflows/codeowners-v2.yml vendored
View file

@ -45,7 +45,6 @@ jobs:
check: check:
name: Check name: Check
runs-on: ubuntu-24.04-arm runs-on: ubuntu-24.04-arm
if: github.repository_owner == 'NixOS'
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
@ -56,7 +55,7 @@ jobs:
merged-as-untrusted: true merged-as-untrusted: true
target-as-trusted: true target-as-trusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16 - uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
with: with:
@ -68,7 +67,7 @@ jobs:
run: nix-build trusted/ci -A codeownersValidator run: nix-build trusted/ci -A codeownersValidator
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
if: vars.OWNER_RO_APP_ID if: github.event_name == 'pull_request_target' && vars.OWNER_RO_APP_ID
id: app-token id: app-token
with: with:
app-id: ${{ vars.OWNER_RO_APP_ID }} app-id: ${{ vars.OWNER_RO_APP_ID }}
@ -91,9 +90,8 @@ jobs:
request: request:
name: Request name: Request
runs-on: ubuntu-24.04-arm runs-on: ubuntu-24.04-arm
if: github.repository_owner == 'NixOS'
steps: steps:
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR head. # Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR head.
# This is intentional, because we need to request the review of owners as declared in the base branch. # This is intentional, because we need to request the review of owners as declared in the base branch.
@ -101,8 +99,11 @@ jobs:
with: with:
path: trusted path: trusted
- name: Build review request package
run: nix-build trusted/ci -A requestReviews
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
if: vars.OWNER_APP_ID if: github.event_name == 'pull_request_target' && vars.OWNER_APP_ID
id: app-token id: app-token
with: with:
app-id: ${{ vars.OWNER_APP_ID }} app-id: ${{ vars.OWNER_APP_ID }}
@ -111,9 +112,6 @@ jobs:
permission-members: read permission-members: read
permission-pull-requests: write permission-pull-requests: write
- name: Build review request package
run: nix-build trusted/ci -A requestReviews
- name: Request reviews - name: Request reviews
if: steps.app-token.outputs.token if: steps.app-token.outputs.token
env: env:

30
.github/workflows/dismissed-review.yml vendored
View file

@ -1,30 +0,0 @@
name: Dismissed Review
on:
pull_request_review:
types: [dismissed]
permissions:
pull-requests: write
jobs:
# The check-cherry-picks workflow creates review comments,
# that should sometimes be manually dismissed.
# When a CI-generated review is dismissed, this job automatically
# minimizes it, to prevent it from cluttering the PR.
minimize:
name: Minimize as resolved
if: github.event.review.user.login == 'github-actions[bot]'
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
await github.graphql(`mutation($node_id:ID!) {
minimizeComment(input: {
classifier: RESOLVED,
subjectId: $node_id
})
{ clientMutationId }
}`, { node_id: context.payload.review.node_id })

2
.github/workflows/eval-aliases.yml vendored
View file

@ -26,7 +26,7 @@ jobs:
merged-as-untrusted: true merged-as-untrusted: true
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true

6
.github/workflows/eval.yml vendored
View file

@ -4,7 +4,7 @@ on:
pull_request: pull_request:
paths: paths:
- .github/workflows/eval.yml - .github/workflows/eval.yml
- .github/workflows/reviews.yml # needs eval results from the same event type - .github/workflows/reviewers.yml # needs eval results from the same event type
pull_request_target: pull_request_target:
push: push:
# Keep this synced with ci/request-reviews/dev-branches.txt # Keep this synced with ci/request-reviews/dev-branches.txt
@ -68,7 +68,7 @@ jobs:
path: untrusted path: untrusted
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true
@ -180,7 +180,7 @@ jobs:
path: trusted path: trusted
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true

8
.github/workflows/lib-tests.yml vendored
View file

@ -28,10 +28,16 @@ jobs:
with: with:
merged-as-untrusted: true merged-as-untrusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Building Nixpkgs lib-tests - name: Building Nixpkgs lib-tests
run: | run: |
nix-build untrusted/ci -A lib-tests nix-build untrusted/ci -A lib-tests

2
.github/workflows/manual-nixos-v2.yml vendored
View file

@ -45,7 +45,7 @@ jobs:
with: with:
merged-as-untrusted: true merged-as-untrusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true

2
.github/workflows/manual-nixpkgs-v2.yml vendored
View file

@ -29,7 +29,7 @@ jobs:
with: with:
merged-as-untrusted: true merged-as-untrusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true

2
.github/workflows/nix-parse-v2.yml vendored
View file

@ -26,7 +26,7 @@ jobs:
with: with:
merged-as-untrusted: true merged-as-untrusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true
nix_path: nixpkgs=channel:nixpkgs-unstable nix_path: nixpkgs=channel:nixpkgs-unstable

2
.github/workflows/nixpkgs-vet.yml vendored
View file

@ -36,7 +36,7 @@ jobs:
merged-as-untrusted: true merged-as-untrusted: true
target-as-trusted: true target-as-trusted: true
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
- name: Running nixpkgs-vet - name: Running nixpkgs-vet
env: env:

4
.github/workflows/reviewers.yml vendored
View file

@ -34,7 +34,7 @@ jobs:
sparse-checkout: ci sparse-checkout: ci
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
with: with:
extra_nix_config: sandbox = true extra_nix_config: sandbox = true
@ -44,7 +44,7 @@ jobs:
# See ./codeowners-v2.yml, reuse the same App because we need the same permissions # See ./codeowners-v2.yml, reuse the same App because we need the same permissions
# Can't use the token received from permissions above, because it can't get enough permissions # Can't use the token received from permissions above, because it can't get enough permissions
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
if: vars.OWNER_APP_ID if: github.event_name == 'pull_request_target' && vars.OWNER_APP_ID
id: app-token id: app-token
with: with:
app-id: ${{ vars.OWNER_APP_ID }} app-id: ${{ vars.OWNER_APP_ID }}

24
ci/README.md
View file

@ -7,9 +7,9 @@ This is in contrast with [`maintainers/scripts`](../maintainers/scripts) which i
CI may need certain packages from Nixpkgs. CI may need certain packages from Nixpkgs.
In order to ensure that the needed packages are generally available without building, In order to ensure that the needed packages are generally available without building,
[`pinned-nixpkgs.json`](./pinned-nixpkgs.json) contains a pinned Nixpkgs version tested by Hydra. [`pinned.json`](./pinned.json) contains a pinned Nixpkgs version tested by Hydra.
Run [`update-pinned-nixpkgs.sh`](./update-pinned-nixpkgs.sh) to update it. Run [`update-pinned.sh`](./update-pinned.sh) to update it.
## `ci/nixpkgs-vet.sh BASE_BRANCH [REPOSITORY]` ## `ci/nixpkgs-vet.sh BASE_BRANCH [REPOSITORY]`
@ -20,23 +20,3 @@ Arguments:
- `BASE_BRANCH`: The base branch to use, e.g. master or release-24.05 - `BASE_BRANCH`: The base branch to use, e.g. master or release-24.05
- `REPOSITORY`: The repository from which to fetch the base branch. Defaults to <https://github.com/NixOS/nixpkgs.git>. - `REPOSITORY`: The repository from which to fetch the base branch. Defaults to <https://github.com/NixOS/nixpkgs.git>.
## `ci/nixpkgs-vet`
This directory contains scripts and files used and related to [`nixpkgs-vet`](https://github.com/NixOS/nixpkgs-vet/), which the CI uses to implement `pkgs/by-name` checks, along with many other Nixpkgs architecture rules.
See also the [CI GitHub Action](../.github/workflows/nixpkgs-vet.yml).
## `ci/nixpkgs-vet/update-pinned-tool.sh`
Updates the pinned [`nixpkgs-vet` tool](https://github.com/NixOS/nixpkgs-vet) in [`ci/nixpkgs-vet/pinned-version.txt`](./nixpkgs-vet/pinned-version.txt) to the latest [release](https://github.com/NixOS/nixpkgs-vet/releases).
Each release contains a pre-built `x86_64-linux` version of the tool which is used by CI.
This script currently needs to be called manually when the CI tooling needs to be updated.
Why not just build the tooling right from the PRs Nixpkgs version?
- Because it allows CI to check all PRs, even if they would break the CI tooling.
- Because it makes the CI check very fast, since no Nix builds need to be done, even for mass rebuilds.
- Because it improves security, since we don't have to build potentially untrusted code from PRs.
The tool only needs a very minimal Nix evaluation at runtime, which can work with [readonly-mode](https://nixos.org/manual/nix/stable/command-ref/opt-common.html#opt-readonly-mode) and [restrict-eval](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-restrict-eval).

2
ci/codeowners-validator/default.nix
View file

@ -20,7 +20,7 @@ buildGoModule {
}) })
# Undoes part of the above PR: We don't want to require write access # Undoes part of the above PR: We don't want to require write access
# to the repository, that's only needed for GitHub's native CODEOWNERS. # to the repository, that's only needed for GitHub's native CODEOWNERS.
# Furthermore, it removes an unneccessary check from the code # Furthermore, it removes an unnecessary check from the code
# that breaks tokens generated for GitHub Apps. # that breaks tokens generated for GitHub Apps.
./permissions.patch ./permissions.patch
# Allows setting a custom CODEOWNERS path using the OWNERS_FILE env var # Allows setting a custom CODEOWNERS path using the OWNERS_FILE env var

11
ci/default.nix
View file

@ -1,5 +1,5 @@
let let
pinnedNixpkgs = builtins.fromJSON (builtins.readFile ./pinned-nixpkgs.json); pinned = (builtins.fromJSON (builtins.readFile ./pinned.json)).pins;
in in
{ {
system ? builtins.currentSystem, system ? builtins.currentSystem,
@ -10,8 +10,8 @@ let
nixpkgs' = nixpkgs' =
if nixpkgs == null then if nixpkgs == null then
fetchTarball { fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/${pinnedNixpkgs.rev}.tar.gz"; inherit (pinned.nixpkgs) url;
sha256 = pinnedNixpkgs.sha256; sha256 = pinned.nixpkgs.hash;
} }
else else
nixpkgs; nixpkgs;
@ -25,9 +25,8 @@ let
fmt = fmt =
let let
treefmtNixSrc = fetchTarball { treefmtNixSrc = fetchTarball {
# Master at 2025-02-12 inherit (pinned.treefmt-nix) url;
url = "https://github.com/numtide/treefmt-nix/archive/4f09b473c936d41582dd744e19f34ec27592c5fd.tar.gz"; sha256 = pinned.treefmt-nix.hash;
sha256 = "051vh6raskrxw5k6jncm8zbk9fhbzgm1gxpq9gm5xw1b6wgbgcna";
}; };
treefmtEval = (import treefmtNixSrc).evalModule pkgs { treefmtEval = (import treefmtNixSrc).evalModule pkgs {
# Important: The auto-rebase script uses `git filter-branch --tree-filter`, # Important: The auto-rebase script uses `git filter-branch --tree-filter`,

2
ci/nixpkgs-vet.nix
View file

@ -25,6 +25,8 @@ runCommand "nixpkgs-vet"
env.NIXPKGS_VET_NIX_PACKAGE = nix; env.NIXPKGS_VET_NIX_PACKAGE = nix;
} }
'' ''
export NIX_STATE_DIR=$(mktemp -d)
nixpkgs-vet --base ${filtered base} ${filtered head} nixpkgs-vet --base ${filtered base} ${filtered head}
touch $out touch $out

3
ci/nixpkgs-vet.sh
View file

@ -61,9 +61,6 @@ trace "Done"
trace -n "Merging base branch into the HEAD commit in $tmp/merged.. " trace -n "Merging base branch into the HEAD commit in $tmp/merged.. "
git -C "$tmp/merged" merge -q --no-edit "$baseSha" git -C "$tmp/merged" merge -q --no-edit "$baseSha"
trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m" trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m"
trace -n "Reading pinned nixpkgs-vet version from pinned-version.txt.. "
toolVersion=$(<"$tmp/merged/ci/nixpkgs-vet/pinned-version.txt")
trace -e "\e[34m$toolVersion\e[0m"
trace "Running nixpkgs-vet.." trace "Running nixpkgs-vet.."
nix-build ci -A nixpkgs-vet --argstr base "$tmp/base" --argstr head "$tmp/merged" nix-build ci -A nixpkgs-vet --argstr base "$tmp/base" --argstr head "$tmp/merged"

1
ci/nixpkgs-vet/pinned-version.txt
View file

@ -1 +0,0 @@
0.1.4

22
ci/nixpkgs-vet/update-pinned-tool.sh
View file

@ -1,22 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p jq curl
set -o pipefail -o errexit -o nounset
trace() { echo >&2 "$@"; }
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
repository=NixOS/nixpkgs-vet
pin_file=$SCRIPT_DIR/pinned-version.txt
trace -n "Fetching latest release of $repository.. "
latestRelease=$(curl -sSfL \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/"$repository"/releases/latest)
latestVersion=$(jq .tag_name -r <<< "$latestRelease")
trace "$latestVersion"
trace "Updating $pin_file"
echo "$latestVersion" > "$pin_file"

4
ci/pinned-nixpkgs.json
View file

@ -1,4 +0,0 @@
{
"rev": "3d1f29646e4b57ed468d60f9d286cde23a8d1707",
"sha256": "1wzvc9h9a6l9wyhzh892xb5x88kxmbzxb1k8s7fizyyw2q4nqw07"
}

31
ci/pinned.json Normal file
View file

@ -0,0 +1,31 @@
{
"pins": {
"nixpkgs": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "NixOS",
"repo": "nixpkgs"
},
"branch": "nixpkgs-unstable",
"submodules": false,
"revision": "8ca7ec685bbee55d6dcb326abe23945c0806c39e",
"url": "https://github.com/NixOS/nixpkgs/archive/8ca7ec685bbee55d6dcb326abe23945c0806c39e.tar.gz",
"hash": "1hkxm871m66mjsc4acdki32qqnpgk3n6vi3zrzns2bwlwp6ivcjx"
},
"treefmt-nix": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "numtide",
"repo": "treefmt-nix"
},
"branch": "main",
"submodules": false,
"revision": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"url": "https://github.com/numtide/treefmt-nix/archive/1f3f7b784643d488ba4bf315638b2b0a4c5fb007.tar.gz",
"hash": "13qisjalw9qvd6lkd9g8225r46j5wdjrp3zw6jrs81q2vxwdz37m"
}
},
"version": 5
}

17
ci/update-pinned-nixpkgs.sh
View file

@ -1,17 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p jq
set -euo pipefail
# https://stackoverflow.com/a/246128
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
repo=https://github.com/nixos/nixpkgs
branch=nixpkgs-unstable
file=$SCRIPT_DIR/pinned-nixpkgs.json
defaultRev=$(git ls-remote "$repo" refs/heads/"$branch" | cut -f1)
rev=${1:-$defaultRev}
sha256=$(nix-prefetch-url --unpack "$repo/archive/$rev.tar.gz" --name source)
jq -n --arg rev "$rev" --arg sha256 "$sha256" '$ARGS.named' | tee /dev/stderr > $file

8
ci/update-pinned.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p npins
set -euo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
npins --lock-file pinned.json update

21
doc/languages-frameworks/haskell.section.md
View file

@ -161,6 +161,27 @@ completely incompatible with packages from `haskellPackages`.
<!-- TODO(@maralorn) Link to package set generation docs in the contributors guide below. --> <!-- TODO(@maralorn) Link to package set generation docs in the contributors guide below. -->
### GHC Deprecation Policy {#ghc-deprecation-policy}
We remove GHC versions according to the following policy:
#### Major GHC versions {#major-ghc-deprecation}
We keep the following GHC major versions:
1. The current Stackage LTS as the default and all later major versions.
2. The two latest major versions older than our default.
3. The currently recommended GHCup version and all later major versions.
Older GHC versions might be kept longer, if there are in-tree consumers. We will coordinate with the maintainers of those dependencies to find a way forward.
#### Minor GHC versions {#minor-ghc-deprecation}
Every major version has a default minor version. The default minor version will be updated as soon as viable without breakage.
Older minor versions for a supported major version will only be kept, if they are the last supported version of a major Stackage LTS release.
<!-- Policy introduced here: https://discourse.nixos.org/t/nixpkgs-ghc-deprecation-policy-user-feedback-necessary/64153 -->
## `haskellPackages.mkDerivation` {#haskell-mkderivation} ## `haskellPackages.mkDerivation` {#haskell-mkderivation}
Every haskell package set has its own haskell-aware `mkDerivation` which is used Every haskell package set has its own haskell-aware `mkDerivation` which is used

9
doc/redirects.json
View file

@ -37,9 +37,18 @@
"ex-testEqualArrayOrMap-test-function-add-cowbell": [ "ex-testEqualArrayOrMap-test-function-add-cowbell": [
"index.html#ex-testEqualArrayOrMap-test-function-add-cowbell" "index.html#ex-testEqualArrayOrMap-test-function-add-cowbell"
], ],
"ghc-deprecation-policy": [
"index.html#ghc-deprecation-policy"
],
"inkscape-plugins": [ "inkscape-plugins": [
"index.html#inkscape-plugins" "index.html#inkscape-plugins"
], ],
"major-ghc-deprecation": [
"index.html#major-ghc-deprecation"
],
"minor-ghc-deprecation": [
"index.html#minor-ghc-deprecation"
],
"neovim": [ "neovim": [
"index.html#neovim" "index.html#neovim"
], ],

4
doc/release-notes/rl-2505.section.md
View file

@ -28,6 +28,10 @@
- Applications linked against different Mesa versions than installed on the system should now work correctly going forward (however, applications against older Mesa, e.g. from Nixpkgs releases before 25.05, remain broken) - Applications linked against different Mesa versions than installed on the system should now work correctly going forward (however, applications against older Mesa, e.g. from Nixpkgs releases before 25.05, remain broken)
- Packages that used to depend on Mesa for libgbm or libdri should use `libgbm` or `dri-pkgconfig-stub` as inputs, respectively - Packages that used to depend on Mesa for libgbm or libdri should use `libgbm` or `dri-pkgconfig-stub` as inputs, respectively
- GNU Taler has been updated to version 1.0.
This marks a significant milestone as the GNU Taler payment system is now available in Swiss Francs for individuals and businesses in Switzerland.
For more details, see the [upstream release notes](https://www.taler.net/en/news/2025-01.html).
- OpenSSH has been updated from 9.9p2 to 10.0p2, dropping support for DSA keys and adding a new `ssh-auth` binary to handle user authentication in a different address space from unauthenticated sessions. See the [full changelog](https://www.openwall.com/lists/oss-security/2025/04/09/1) for more details. - OpenSSH has been updated from 9.9p2 to 10.0p2, dropping support for DSA keys and adding a new `ssh-auth` binary to handle user authentication in a different address space from unauthenticated sessions. See the [full changelog](https://www.openwall.com/lists/oss-security/2025/04/09/1) for more details.
- Emacs has been updated to 30.1. - Emacs has been updated to 30.1.

2
lib/tests/maintainers.nix
View file

@ -54,7 +54,7 @@ let
missingGithubIds = lib.concatLists (lib.mapAttrsToList checkMaintainer lib.maintainers); missingGithubIds = lib.concatLists (lib.mapAttrsToList checkMaintainer lib.maintainers);
success = pkgs.runCommand "checked-maintainers-success" { } ">$out"; success = pkgs.runCommand "checked-maintainers-success" { } "mkdir $out";
failure = failure =
pkgs.runCommand "checked-maintainers-failure" pkgs.runCommand "checked-maintainers-failure"

11
lib/tests/release.nix
View file

@ -28,5 +28,14 @@ let
in in
pkgsBB.symlinkJoin { pkgsBB.symlinkJoin {
name = "nixpkgs-lib-tests"; name = "nixpkgs-lib-tests";
paths = map testWithNix nixVersions; paths = map testWithNix nixVersions ++ [
(import ./maintainers.nix {
inherit pkgs;
lib = import ../.;
})
(import ./teams.nix {
inherit pkgs;
lib = import ../.;
})
];
} }

8
lib/tests/test-with-nix.nix
View file

@ -19,14 +19,6 @@ pkgs.runCommand "nixpkgs-lib-tests-nix-${nix.version}"
buildInputs = [ buildInputs = [
(import ./check-eval.nix) (import ./check-eval.nix)
(import ./fetchers.nix) (import ./fetchers.nix)
(import ./maintainers.nix {
inherit pkgs;
lib = import ../.;
})
(import ./teams.nix {
inherit pkgs;
lib = import ../.;
})
(import ../path/tests { (import ../path/tests {
inherit pkgs; inherit pkgs;
}) })

6
maintainers/maintainer-list.nix
View file

@ -15490,6 +15490,12 @@
name = "Max Niederman"; name = "Max Niederman";
keys = [ { fingerprint = "1DE4 424D BF77 1192 5DC4 CF5E 9AED 8814 81D8 444E"; } ]; keys = [ { fingerprint = "1DE4 424D BF77 1192 5DC4 CF5E 9AED 8814 81D8 444E"; } ];
}; };
max06 = {
email = "max06.net@outlook.com";
github = "max06";
githubId = 7556827;
name = "Flo";
};
maxbrunet = { maxbrunet = {
email = "max@brnt.mx"; email = "max@brnt.mx";
github = "maxbrunet"; github = "maxbrunet";

3
nixos/modules/services/finance/libeufin/common.nix
View file

@ -35,6 +35,7 @@ libeufinComponent:
cfg.settings."libeufin-${libeufinComponent}db-postgres".CONFIG; cfg.settings."libeufin-${libeufinComponent}db-postgres".CONFIG;
bankPort = cfg.settings."${if isNexus then "nexus-httpd" else "libeufin-bank"}".PORT; bankPort = cfg.settings."${if isNexus then "nexus-httpd" else "libeufin-bank"}".PORT;
bankHost = lib.elemAt (lib.splitString "/" cfg.settings.libeufin-bank.BASE_URL) 2;
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
services.libeufin.settings = cfg.settings; services.libeufin.settings = cfg.settings;
@ -82,7 +83,7 @@ libeufinComponent:
args = lib.cli.toGNUCommandLineShell { } { args = lib.cli.toGNUCommandLineShell { } {
c = configFile; c = configFile;
inherit (account) username password name; inherit (account) username password name;
payto_uri = "payto://x-taler-bank/bank:${toString bankPort}/${account.username}?receiver-name=${account.name}"; payto_uri = "payto://x-taler-bank/${bankHost}/${account.username}?receiver-name=${account.name}";
exchange = lib.toLower account.username == "exchange"; exchange = lib.toLower account.username == "exchange";
}; };
in in

5
nixos/modules/services/finance/taler/common.nix
View file

@ -51,7 +51,7 @@ in
(lib.genAttrs (map (n: "taler-${talerComponent}-${n}") services) (name: { (lib.genAttrs (map (n: "taler-${talerComponent}-${n}") services) (name: {
serviceConfig = { serviceConfig = {
DynamicUser = true; DynamicUser = true;
User = name; User = dbName;
Group = groupName; Group = groupName;
ExecStart = toString [ ExecStart = toString [
(lib.getExe' cfg.package name) (lib.getExe' cfg.package name)
@ -85,6 +85,7 @@ in
Type = "oneshot"; Type = "oneshot";
DynamicUser = true; DynamicUser = true;
User = dbName; User = dbName;
Group = groupName;
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "5s"; RestartSec = "5s";
}; };
@ -116,7 +117,7 @@ in
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ dbName ]; ensureDatabases = [ dbName ];
ensureUsers = map (service: { name = "taler-${talerComponent}-${service}"; }) servicesDB ++ [ ensureUsers = [
{ {
name = dbName; name = dbName;
ensureDBOwnership = true; ensureDBOwnership = true;

40
nixos/modules/services/finance/taler/exchange.nix
View file

@ -25,6 +25,8 @@ let
"secmod-eddsa" "secmod-eddsa"
"secmod-rsa" "secmod-rsa"
]; ];
configFile = config.environment.etc."taler/taler.conf".source;
in in
{ {
@ -44,11 +46,19 @@ in
options = { options = {
# TODO: do we want this to be a sub-attribute or only define the exchange set of options here # TODO: do we want this to be a sub-attribute or only define the exchange set of options here
exchange = { exchange = {
AML_THRESHOLD = lib.mkOption { CURRENCY = lib.mkOption {
type = lib.types.nonEmptyStr;
description = ''
The currency which the exchange will operate with. This cannot be changed later.
'';
};
CURRENCY_ROUND_UNIT = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "${cfgTaler.settings.taler.CURRENCY}:1000000"; default = "${cfg.settings.exchange.CURRENCY}:0.01";
defaultText = "1000000 in {option}`CURRENCY`"; defaultText = "0.01 in {option}`CURRENCY`";
description = "Monthly transaction volume until an account is considered suspicious and flagged for AML review."; description = ''
Smallest amount in this currency that can be transferred using the underlying RTGS. For example: "EUR:0.01" or "JPY:1"
'';
}; };
DB = lib.mkOption { DB = lib.mkOption {
type = lib.types.enum [ "postgres" ]; type = lib.types.enum [ "postgres" ];
@ -131,24 +141,8 @@ in
after = [ "taler-exchange-httpd.service" ]; after = [ "taler-exchange-httpd.service" ];
}; };
# Taken from https://docs.taler.net/taler-exchange-manual.html#exchange-database-setup systemd.services."taler-${talerComponent}-dbinit".script = ''
# TODO: Why does aggregator need DELETE? ${lib.getExe' cfg.package "taler-exchange-dbinit"} -c ${configFile}
systemd.services."taler-${talerComponent}-dbinit".script = '';
let
deletePerm = name: lib.optionalString (name == "aggregator") ",DELETE";
dbScript = pkgs.writers.writeText "taler-exchange-db-permissions.sql" (
lib.pipe servicesDB [
(map (name: ''
GRANT SELECT,INSERT,UPDATE${deletePerm name} ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-${name}";
GRANT USAGE ON SCHEMA exchange TO "taler-exchange-${name}";
''))
lib.concatStrings
]
);
in
''
${lib.getExe' cfg.package "taler-exchange-dbinit"}
psql -U taler-exchange-httpd -f ${dbScript}
'';
}; };
} }

23
nixos/modules/services/finance/taler/merchant.nix
View file

@ -17,8 +17,10 @@ let
"webhook" "webhook"
"wirewatch" "wirewatch"
"depositcheck" "depositcheck"
"exchange" "exchangekeyupdate"
]; ];
configFile = config.environment.etc."taler/taler.conf".source;
in in
{ {
imports = [ imports = [
@ -88,21 +90,8 @@ in
path = [ cfg.package ]; path = [ cfg.package ];
}; };
systemd.services."taler-${talerComponent}-dbinit".script = systemd.services."taler-${talerComponent}-dbinit".script = ''
let ${lib.getExe' cfg.package "taler-merchant-dbinit"} -c ${configFile}
# NOTE: not documented, but is necessary '';
dbScript = pkgs.writers.writeText "taler-merchant-db-permissions.sql" (
lib.concatStrings (
map (name: ''
GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA merchant TO "taler-merchant-${name}";
GRANT USAGE ON SCHEMA merchant TO "taler-merchant-${name}";
'') servicesDB
)
);
in
''
${lib.getExe' cfg.package "taler-merchant-dbinit"}
psql -U taler-${talerComponent}-httpd -f ${dbScript}
'';
}; };
} }

4
nixos/modules/services/home-automation/wyoming/satellite.nix
View file

@ -23,8 +23,8 @@ let
; ;
finalPackage = cfg.package.overridePythonAttrs (oldAttrs: { finalPackage = cfg.package.overridePythonAttrs (oldAttrs: {
propagatedBuildInputs = dependencies =
oldAttrs.propagatedBuildInputs oldAttrs.dependencies
# for audio enhancements like auto-gain, noise suppression # for audio enhancements like auto-gain, noise suppression
++ cfg.package.optional-dependencies.webrtc ++ cfg.package.optional-dependencies.webrtc
# vad is currently optional, because it is broken on aarch64-linux # vad is currently optional, because it is broken on aarch64-linux

12
nixos/tests/taler/common/nodes.nix
View file

@ -55,14 +55,22 @@ rec {
settings = { settings = {
taler.CURRENCY = CURRENCY; taler.CURRENCY = CURRENCY;
}; };
includes = [ ../conf/taler-accounts.conf ]; includes = [
../conf/taler-accounts.conf
# The exchange requires a token from the bank, so its credentials
# need to be set at runtime
"/etc/taler/secrets/exchange-account.secret.conf"
];
exchange = { exchange = {
enable = true; enable = true;
debug = true; debug = true;
openFirewall = true; openFirewall = true;
# https://docs.taler.net/taler-exchange-manual.html#coins-denomination-keys
# NOTE: use `taler-harness`, not `taler-wallet-cli`
denominationConfig = lib.readFile ../conf/taler-denominations.conf; denominationConfig = lib.readFile ../conf/taler-denominations.conf;
settings = { settings = {
exchange = { exchange = {
inherit CURRENCY;
MASTER_PUBLIC_KEY = "2TQSTPFZBC2MC4E52NHPA050YXYG02VC3AB50QESM6JX1QJEYVQ0"; MASTER_PUBLIC_KEY = "2TQSTPFZBC2MC4E52NHPA050YXYG02VC3AB50QESM6JX1QJEYVQ0";
BASE_URL = "http://exchange:8081/"; BASE_URL = "http://exchange:8081/";
}; };
@ -103,7 +111,7 @@ rec {
# WIRE_TYPE = "iban"; # WIRE_TYPE = "iban";
X_TALER_BANK_PAYTO_HOSTNAME = "bank:8082"; X_TALER_BANK_PAYTO_HOSTNAME = "bank:8082";
# IBAN_PAYTO_BIC = "SANDBOXX"; # IBAN_PAYTO_BIC = "SANDBOXX";
BASE_URL = "bank:8082"; BASE_URL = "http://bank:8082/";
# Allow creating new accounts # Allow creating new accounts
ALLOW_REGISTRATION = "yes"; ALLOW_REGISTRATION = "yes";

31
nixos/tests/taler/common/scripts.nix
View file

@ -7,7 +7,7 @@
let let
cfgNodes = pkgs.callPackage ./nodes.nix { inherit lib; }; cfgNodes = pkgs.callPackage ./nodes.nix { inherit lib; };
bankConfig = nodes.bank.config.environment.etc."libeufin/libeufin.conf".source; bankConfig = nodes.bank.environment.etc."libeufin/libeufin.conf".source;
inherit (cfgNodes) CURRENCY FIAT_CURRENCY; inherit (cfgNodes) CURRENCY FIAT_CURRENCY;
in in
@ -68,6 +68,31 @@ in
+ command + command
) )
# https://docs.taler.net/core/api-corebank.html#authentication
def create_token(machine, username, password):
"""Create a read-write bank access token for a user"""
response = succeed(machine, [
"curl -X POST",
f"-u {username}:{password}",
"-H 'Content-Type: application/json'",
"""
--data '{ "scope": "readwrite" }'
""",
f"-sSfL 'http://bank:8082/accounts/{username}/token'"
])
return json.loads(response)["access_token"]
# Basic auth is deprecated, so exchange credentials must be set at
# runtime because it requires a token from the bank.
def create_exchange_auth(token: str):
template = f"""
[exchange-accountcredentials-test]
WIRE_GATEWAY_URL = http://bank:8082/accounts/exchange/taler-wire-gateway/
WIRE_GATEWAY_AUTH_METHOD = BEARER
TOKEN = "{token}"
"""
return "\n".join([line.strip() for line in template.splitlines()])
def verify_balance(balanceWanted: str): def verify_balance(balanceWanted: str):
"""Compare Taler CLI wallet balance with expected amount""" """Compare Taler CLI wallet balance with expected amount"""
@ -84,14 +109,14 @@ in
client.succeed(f"echo Withdraw successfully made. New balance: {balanceWanted}") client.succeed(f"echo Withdraw successfully made. New balance: {balanceWanted}")
def verify_conversion(regionalWanted: str): def verify_conversion(regionalWanted: str, accessToken: str):
"""Compare converted Libeufin Nexus funds with expected regional currency""" """Compare converted Libeufin Nexus funds with expected regional currency"""
# Get transaction details # Get transaction details
response = json.loads( response = json.loads(
succeed(bank, [ succeed(bank, [
"curl -sSfL", "curl -sSfL",
f"-H 'Authorization: Bearer {accessToken}'",
# TODO: get exchange from config? # TODO: get exchange from config?
"-u exchange:exchange",
"http://bank:8082/accounts/exchange/transactions" "http://bank:8082/accounts/exchange/transactions"
]) ])
) )

6
nixos/tests/taler/conf/taler-accounts.conf
View file

@ -2,9 +2,3 @@
PAYTO_URI = payto://x-taler-bank/bank:8082/exchange?receiver-name=Exchange PAYTO_URI = payto://x-taler-bank/bank:8082/exchange?receiver-name=Exchange
ENABLE_DEBIT = YES ENABLE_DEBIT = YES
ENABLE_CREDIT = YES ENABLE_CREDIT = YES
[exchange-accountcredentials-test]
WIRE_GATEWAY_URL = http://bank:8082/accounts/exchange/taler-wire-gateway/
WIRE_GATEWAY_AUTH_METHOD = BASIC
USERNAME = exchange
PASSWORD = exchange

63
nixos/tests/taler/tests/basic.nix
View file

@ -35,13 +35,14 @@ import ../../make-test-python.nix (
inherit (cfgNodes) CURRENCY FIAT_CURRENCY; inherit (cfgNodes) CURRENCY FIAT_CURRENCY;
inherit (cfgScripts) commonScripts; inherit (cfgScripts) commonScripts;
bankConfig = nodes.bank.config.environment.etc."libeufin/libeufin.conf".source; configFile = nodes.exchange.environment.etc."taler/taler.conf".source;
bankConfig = nodes.bank.environment.etc."libeufin/libeufin.conf".source;
bankSettings = nodes.bank.services.libeufin.settings.libeufin-bank; bankSettings = nodes.bank.services.libeufin.settings.libeufin-bank;
nexusSettings = nodes.bank.services.libeufin.nexus.settings; nexusSettings = nodes.bank.services.libeufin.nexus.settings;
# Bank admin account credentials # Bank admin account credentials
AUSER = "admin"; AUSER = "admin";
APASS = "admin"; APASS = "testAdmin";
TUSER = "testUser"; TUSER = "testUser";
TPASS = "testUser"; TPASS = "testUser";
@ -76,17 +77,28 @@ import ../../make-test-python.nix (
exchange.start() exchange.start()
# exchange credentials must be set at runtime because it requires a token from the bank
exchange.succeed("mkdir -p /etc/taler/secrets/")
exchange.succeed("touch /etc/taler/secrets/exchange-account.secret.conf")
exchange.wait_for_open_port(8081) exchange.wait_for_open_port(8081)
# Create access token for exchange
accessTokenExchange = create_token(exchange, "exchange", "exchange")
exchange.succeed(f'echo "{create_exchange_auth(accessTokenExchange)}" > /etc/taler/secrets/exchange-account.secret.conf')
with subtest("Set up exchange"): with subtest("Set up exchange"):
exchange.wait_until_succeeds("taler-exchange-offline download sign upload") # Set up exchange keys
# Enable exchange wire account exchange.wait_until_succeeds('taler-exchange-offline -c "${configFile}" download sign upload')
exchange.succeed('taler-exchange-offline upload < ${exchangeAccount}')
# NOTE: cannot deposit coins/pay merchant if wire fees are not set up # Enable exchange wire account
exchange.succeed('taler-exchange-offline wire-fee now x-taler-bank "${CURRENCY}:0" "${CURRENCY}:0" upload') exchange.succeed('taler-exchange-offline -c "${configFile}" upload < ${exchangeAccount}')
exchange.succeed('taler-exchange-offline global-fee now "${CURRENCY}:0" "${CURRENCY}:0" "${CURRENCY}:0" 1h 6a 0 upload')
# Set up wire fees, needed in order to deposit coins/pay merchant
exchange.succeed('taler-exchange-offline -c "${configFile}" wire-fee now x-taler-bank "${CURRENCY}:0.01" "${CURRENCY}:0.01" upload')
exchange.succeed('taler-exchange-offline -c "${configFile}" global-fee now "${CURRENCY}:0.01" "${CURRENCY}:0.0" "${CURRENCY}:0" 1h 6a 0 upload')
# Verify that exchange keys exist # Verify that exchange keys exist
@ -96,12 +108,14 @@ import ../../make-test-python.nix (
merchant.start() merchant.start()
merchant.wait_for_open_port(8083) merchant.wait_for_open_port(8083)
# Create access token for merchant
accessTokenMerchant = create_token(client, "merchant", "merchant")
with subtest("Set up merchant"): with subtest("Set up merchant"):
# Create default instance (similar to admin) # Create default instance (similar to admin)
succeed(merchant, [ succeed(merchant, [
"curl -X POST", "curl -X POST",
"-H 'Authorization: Bearer secret-token:super_secret'", f"-H 'Authorization: Bearer {accessTokenMerchant}'",
""" """
--data '{ --data '{
"auth": { "method": "external" }, "auth": { "method": "external" },
@ -128,7 +142,7 @@ import ../../make-test-python.nix (
"credit_facade_credentials":{"type":"basic","username":"merchant","password":"merchant"} "credit_facade_credentials":{"type":"basic","username":"merchant","password":"merchant"}
}' }'
""", """,
"-sSfL 'http://merchant:8083/private/accounts'" "-sSfL 'http://merchant:8083/instances/default/private/accounts'"
]) ])
# Register a new product to be ordered # Register a new product to be ordered
succeed(merchant, [ succeed(merchant, [
@ -144,12 +158,14 @@ import ../../make-test-python.nix (
"next_restock": { "t_s": "never" } "next_restock": { "t_s": "never" }
}' }'
""", """,
"-sSfL 'http://merchant:8083/private/products'" "-sSfL 'http://merchant:8083/instances/default/private/products'"
]) ])
client.succeed("curl -s http://exchange:8081/") client.succeed("curl -s http://exchange:8081/")
# Create access token for user
accessTokenUser = create_token(client, "${TUSER}", "${TPASS}")
# Make a withdrawal from the CLI wallet # Make a withdrawal from the CLI wallet
with subtest("Make a withdrawal from the CLI wallet"): with subtest("Make a withdrawal from the CLI wallet"):
@ -164,7 +180,7 @@ import ../../make-test-python.nix (
withdrawal = json.loads( withdrawal = json.loads(
succeed(client, [ succeed(client, [
"curl -X POST", "curl -X POST",
"-u ${TUSER}:${TPASS}", f"-H 'Authorization: Bearer {accessTokenUser}'",
"-H 'Content-Type: application/json'", "-H 'Content-Type: application/json'",
f"""--data '{{"amount": "{balanceWanted}"}}'""", # double brackets escapes them f"""--data '{{"amount": "{balanceWanted}"}}'""", # double brackets escapes them
"-sSfL 'http://bank:8082/accounts/${TUSER}/withdrawals'" "-sSfL 'http://bank:8082/accounts/${TUSER}/withdrawals'"
@ -173,11 +189,16 @@ import ../../make-test-python.nix (
# Accept & confirm withdrawal # Accept & confirm withdrawal
with subtest("Accept & confirm withdrawal"): with subtest("Accept & confirm withdrawal"):
wallet_cli(f"withdraw accept-uri {withdrawal["taler_withdraw_uri"]} --exchange http://exchange:8081/") # the withdrawal can only be confirmed if this is executed twice, for some reason
for i in range(2):
wallet_cli(f"withdraw accept-uri {withdrawal["taler_withdraw_uri"]} --exchange 'http://exchange:8081/'")
client.sleep(5) # needs some time to process things
succeed(client, [ succeed(client, [
"curl -X POST", "curl -X POST",
"-u ${TUSER}:${TPASS}", f"-H 'Authorization: Bearer {accessTokenUser}'",
"-H 'Content-Type: application/json'", "-H 'Content-Type: application/json'",
f"""--data '{{"amount": "{balanceWanted}"}}'""", # double brackets escapes them
f"-sSfL 'http://bank:8082/accounts/${TUSER}/withdrawals/{withdrawal["withdrawal_id"]}/confirm'" f"-sSfL 'http://bank:8082/accounts/${TUSER}/withdrawals/{withdrawal["withdrawal_id"]}/confirm'"
]) ])
@ -188,7 +209,8 @@ import ../../make-test-python.nix (
with subtest("Pay for an order"): with subtest("Pay for an order"):
balanceWanted = "${CURRENCY}:9" # after paying # after paying (1 for the order and 0.1 as fee)
balanceWanted = "${CURRENCY}:8.9"
# Create an order to be paid # Create an order to be paid
response = json.loads( response = json.loads(
@ -201,7 +223,7 @@ import ../../make-test-python.nix (
"inventory_products": [{ "product_id": "1", "quantity": 1 }] "inventory_products": [{ "product_id": "1", "quantity": 1 }]
}' }'
""", """,
"-sSfL 'http://merchant:8083/private/orders'" "-sSfL 'http://merchant:8083/instances/default/private/orders'"
]) ])
) )
order_id = response["order_id"] order_id = response["order_id"]
@ -211,7 +233,7 @@ import ../../make-test-python.nix (
response = json.loads( response = json.loads(
succeed(merchant, [ succeed(merchant, [
"curl -sSfL", "curl -sSfL",
f"http://merchant:8083/private/orders/{order_id}" f"http://merchant:8083/instances/default/private/orders/{order_id}"
]) ])
) )
wallet_cli("run-until-done") wallet_cli("run-until-done")
@ -231,14 +253,17 @@ import ../../make-test-python.nix (
with subtest("Libeufin Nexus currency conversion"): with subtest("Libeufin Nexus currency conversion"):
regionalWanted = "20" regionalWanted = "20"
# Create access token
accessTokenAdmin = create_token(bank, "${AUSER}", "${APASS}")
# Setup Nexus ebics keys # Setup Nexus ebics keys
systemd_run(bank, "libeufin-nexus ebics-setup -L debug -c /etc/libeufin/libeufin.conf", "libeufin-nexus") systemd_run(bank, "libeufin-nexus ebics-setup -L debug -c /etc/libeufin/libeufin.conf", "libeufin-nexus")
# Set currency conversion rates (1:1) # Set currency conversion rates (1:1)
succeed(bank, [ succeed(bank, [
"curl -X POST", "curl -X POST",
f"-H 'Authorization: Bearer {accessTokenAdmin}'",
"-H 'Content-Type: application/json'", "-H 'Content-Type: application/json'",
"-u ${AUSER}:${APASS}",
""" """
--data '{ --data '{
"cashin_ratio": "1", "cashin_ratio": "1",
@ -264,7 +289,7 @@ import ../../make-test-python.nix (
systemd_run(bank, f"""libeufin-nexus testing fake-incoming -c ${bankConfig} --amount="${FIAT_CURRENCY}:{regionalWanted}" --subject="{reservePub}" "payto://iban/CH4740123RW4167362694" """, "libeufin-nexus") systemd_run(bank, f"""libeufin-nexus testing fake-incoming -c ${bankConfig} --amount="${FIAT_CURRENCY}:{regionalWanted}" --subject="{reservePub}" "payto://iban/CH4740123RW4167362694" """, "libeufin-nexus")
wallet_cli("run-until-done") wallet_cli("run-until-done")
verify_conversion(regionalWanted) verify_conversion(regionalWanted, accessTokenExchange)
''; '';
} }
) )

6
pkgs/by-name/al/alertmanager-ntfy/package.nix
View file

@ -8,13 +8,13 @@
buildGoModule { buildGoModule {
pname = "alertmanager-ntfy"; pname = "alertmanager-ntfy";
version = "0-unstable-2025-05-04"; version = "0-unstable-2025-05-31";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "alexbakker"; owner = "alexbakker";
repo = "alertmanager-ntfy"; repo = "alertmanager-ntfy";
rev = "f05e3c029bab3bdfb9aefbddbfc6bd9c7d4aa80f"; rev = "76d5f772f70d6915c89da00414c20009b03cc361";
hash = "sha256-rKCJnffsBEXmTg2s0nqQf8BuHQnSgcwVBhC7gRzg4ew="; hash = "sha256-newJ1fCMEE3gsZncWU899Q6cS6llPNwJlHT7HdLQZf8=";
}; };
vendorHash = "sha256-e1JAoDNm2+xB/bZcEGr5l4+va8GIg1R8pdj3d+/Y+UY="; vendorHash = "sha256-e1JAoDNm2+xB/bZcEGr5l4+va8GIg1R8pdj3d+/Y+UY=";

10
pkgs/by-name/bu/burp/package.nix
View file

@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
owner = "grke"; owner = "grke";
repo = "burp"; repo = "burp";
rev = version; rev = version;
sha256 = "sha256-y6kRd1jD6t+Q6d5t7W9MDuk+m2Iq1THQkP50PJwI7Nc="; hash = "sha256-y6kRd1jD6t+Q6d5t7W9MDuk+m2Iq1THQkP50PJwI7Nc=";
}; };
patches = [ patches = [
@ -29,7 +29,13 @@ stdenv.mkDerivation rec {
(fetchpatch { (fetchpatch {
name = "ncurses-6.3.patch"; name = "ncurses-6.3.patch";
url = "https://github.com/grke/burp/commit/1d6c931af7c11f164cf7ad3479781e8f03413496.patch"; url = "https://github.com/grke/burp/commit/1d6c931af7c11f164cf7ad3479781e8f03413496.patch";
sha256 = "14sfbfahlankz3xg6v10i8fnmpnmqpp73q9xm0l0hnjh25igv6bl"; hash = "sha256-dJn9YhFQWggoqD3hce7F1d5qHYogbPP6+NMqCpVbTpM=";
})
# Pull upstream fix for backup resuming
(fetchpatch {
name = "fix-resume.patch";
url = "https://github.com/grke/burp/commit/b5ed667f73805b5af9842bb0351f5af95d4d50b3.patch";
hash = "sha256-MT9D2thLgV4nT3LsIDHZp8sWQF2GlOENj0nkOQXZKuk=";
}) })
]; ];

6
pkgs/by-name/cl/clorinde/package.nix
View file

@ -8,17 +8,17 @@
rustPlatform.buildRustPackage (finalAttrs: { rustPlatform.buildRustPackage (finalAttrs: {
pname = "clorinde"; pname = "clorinde";
version = "0.15.1"; version = "0.15.2";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "halcyonnouveau"; owner = "halcyonnouveau";
repo = "clorinde"; repo = "clorinde";
tag = "clorinde-v${finalAttrs.version}"; tag = "clorinde-v${finalAttrs.version}";
hash = "sha256-Ynz1pdgckQzMLuUJUGSzNRNwWZKrEZuYgrrT/BxAxzc="; hash = "sha256-CrgJtgFX5RBNfFFr2ZZ0d3oKfryyLAHva7g2JyBFiB8=";
}; };
useFetchCargoVendor = true; useFetchCargoVendor = true;
cargoHash = "sha256-g3pWvoTq1DlKlIDJq79IJrvDiLR0HZRPIt4K1YUPsvM="; cargoHash = "sha256-jUtkhOAosrxHGRbAdzdrgLzL5Xp2YhxcrG/dcwUhdLg=";
cargoBuildFlags = [ "--package=clorinde" ]; cargoBuildFlags = [ "--package=clorinde" ];

62
pkgs/by-name/co/copier/package.nix
View file

@ -1,62 +1,4 @@
{ {
lib, python3Packages,
git,
python3,
fetchFromGitHub,
}: }:
python3Packages.toPythonApplication python3Packages.copier
python3.pkgs.buildPythonApplication rec {
pname = "copier";
version = "9.6.0";
pyproject = true;
src = fetchFromGitHub {
owner = "copier-org";
repo = "copier";
tag = "v${version}";
# Conflict on APFS on darwin
postFetch = ''
rm $out/tests/demo/doc/ma*ana.txt
'';
hash = "sha256-mezmXrOvfqbZGZadNZklQZt/OEKqRYnwugNkZc88t6o=";
};
POETRY_DYNAMIC_VERSIONING_BYPASS = version;
build-system = with python3.pkgs; [
poetry-core
poetry-dynamic-versioning
];
dependencies = with python3.pkgs; [
colorama
decorator
dunamai
funcy
iteration-utilities
jinja2
jinja2-ansible-filters
mkdocs-material
mkdocs-mermaid2-plugin
mkdocstrings
packaging
pathspec
plumbum
pydantic
pygments
pyyaml
pyyaml-include
questionary
];
makeWrapperArgs = [ "--suffix PATH : ${lib.makeBinPath [ git ]}" ];
meta = {
description = "Library and command-line utility for rendering projects templates";
homepage = "https://copier.readthedocs.io";
changelog = "https://github.com/copier-org/copier/blob/v${version}/CHANGELOG.md";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ greg ];
mainProgram = "copier";
};
}

4
pkgs/by-name/du/duplicity/package.nix
View file

@ -22,13 +22,13 @@
let let
self = python3.pkgs.buildPythonApplication rec { self = python3.pkgs.buildPythonApplication rec {
pname = "duplicity"; pname = "duplicity";
version = "3.0.4"; version = "3.0.4.1";
src = fetchFromGitLab { src = fetchFromGitLab {
owner = "duplicity"; owner = "duplicity";
repo = "duplicity"; repo = "duplicity";
rev = "rel.${version}"; rev = "rel.${version}";
hash = "sha256-FoaKuB0mo2RFksMHnIUx984+h/U0tdvk+bvsuYt3r5g="; hash = "sha256-cVzGdn3a9/Kvu/QYWaTXJ1llkPRvj0g8qb7TUjennws=";
}; };
patches = [ patches = [

4
pkgs/by-name/ga/garnet/package.nix
View file

@ -8,13 +8,13 @@
buildDotnetModule rec { buildDotnetModule rec {
pname = "garnet"; pname = "garnet";
version = "1.0.65"; version = "1.0.69";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "microsoft"; owner = "microsoft";
repo = "garnet"; repo = "garnet";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-Gebd0dj5VbUiYPTmOlkDQEiIDjflV02GLHCEIjh4S04="; hash = "sha256-U90y8VxGrRgXTdrusImNK2kRO+Tw9uiXoMiEb3YgaBM=";
}; };
projectFile = "main/GarnetServer/GarnetServer.csproj"; projectFile = "main/GarnetServer/GarnetServer.csproj";

1
pkgs/by-name/li/libcs50/package.nix
View file

@ -20,7 +20,6 @@ stdenv.mkDerivation (finalAttrs: {
mkdir $out mkdir $out
cp -R build/lib $out/lib cp -R build/lib $out/lib
cp -R build/include $out/include cp -R build/include $out/include
ln -sf $out/lib/libcs50.so.11.0.3 $out/lib/libcs50.so.11
runHook postInstall runHook postInstall
''; '';

13
pkgs/by-name/lo/logseq/package.nix
View file

@ -5,12 +5,12 @@
fetchFromGitHub, fetchFromGitHub,
fetchYarnDeps, fetchYarnDeps,
replaceVars, replaceVars,
runCommand,
writeShellScriptBin, writeShellScriptBin,
copyDesktopItems, copyDesktopItems,
cctools, cctools,
clojure, clojure,
darwin,
makeDesktopItem, makeDesktopItem,
makeWrapper, makeWrapper,
nodejs, nodejs,
@ -26,13 +26,13 @@
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "logseq"; pname = "logseq";
version = "0.10.9-unstable-2025-03-11"; version = "0.10.12";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "logseq"; owner = "logseq";
repo = "logseq"; repo = "logseq";
rev = "ac0a0dae727c46b348d0f1410138d5e49d446692"; tag = finalAttrs.version;
hash = "sha256-esCB51BeWnni/JFL4yMKcJj5lka2+hLpcvWGify0T2o="; hash = "sha256-SUzt4hYHE6XJOEMxFp2a0om2oVUk1MHQUteGFiM9Lkc=";
}; };
patches = [ patches = [
@ -98,7 +98,7 @@ stdenv.mkDerivation (finalAttrs: {
yarnOfflineCacheRoot = fetchYarnDeps { yarnOfflineCacheRoot = fetchYarnDeps {
name = "logseq-${finalAttrs.version}-yarn-deps-root"; name = "logseq-${finalAttrs.version}-yarn-deps-root";
inherit (finalAttrs) src; inherit (finalAttrs) src;
hash = "sha256-z4G675kxfpmG2AJlbK5bfeUUgX7jz1ys2FlMNHJqrQ4="; hash = "sha256-sbC6WQLjEHIKTuejSQXplQOWZwUmBJdGXuAkilQGjYs=";
}; };
# ./static and ./resources are combined into ./static by the build process # ./static and ./resources are combined into ./static by the build process
@ -107,7 +107,7 @@ stdenv.mkDerivation (finalAttrs: {
name = "logseq-${finalAttrs.version}-yarn-deps-static-resources"; name = "logseq-${finalAttrs.version}-yarn-deps-static-resources";
inherit (finalAttrs) src; inherit (finalAttrs) src;
sourceRoot = "${finalAttrs.src.name}/static"; sourceRoot = "${finalAttrs.src.name}/static";
hash = "sha256-xuZj2EKHxvkiDPKMLh3ZSvLT54k+buHqg9lRTFv8rNI="; hash = "sha256-01t6lolMbBL5f6SFk4qTkTx6SQXWtHuVkBhDwW+HScc=";
}; };
yarnOfflineCacheAmplify = fetchYarnDeps { yarnOfflineCacheAmplify = fetchYarnDeps {
@ -151,6 +151,7 @@ stdenv.mkDerivation (finalAttrs: {
] ]
++ lib.optionals stdenv.hostPlatform.isDarwin [ ++ lib.optionals stdenv.hostPlatform.isDarwin [
cctools cctools
darwin.autoSignDarwinBinariesHook
xcbuild xcbuild
]; ];

4
pkgs/by-name/ma/mattermost/package.nix
View file

@ -19,8 +19,8 @@
# #
# Ensure you also check ../mattermostLatest/package.nix. # Ensure you also check ../mattermostLatest/package.nix.
regex = "^v(10\\.5\\.[0-9]+)$"; regex = "^v(10\\.5\\.[0-9]+)$";
version = "10.5.6"; version = "10.5.7";
srcHash = "sha256-etHEJ3EBTolXZr/2Kd39Jdtf1qBMuVO5zRkuM6k4F3w="; srcHash = "sha256-HPQmN6GXDTEmloIcU0k+sYx/Qeh1j6T2yCT/W1/aWz4=";
vendorHash = "sha256-9Jl+lxvSoxUReziTqkDRyeNrijGWcBDbqoywJRIeD2k="; vendorHash = "sha256-9Jl+lxvSoxUReziTqkDRyeNrijGWcBDbqoywJRIeD2k=";
npmDepsHash = "sha256-tIeuDUZbqgqooDm5TRfViiTT5OIyN0BPwvJdI+wf7p0="; npmDepsHash = "sha256-tIeuDUZbqgqooDm5TRfViiTT5OIyN0BPwvJdI+wf7p0=";
lockfileOverlay = '' lockfileOverlay = ''

6
pkgs/by-name/ol/olivetin/package.nix
View file

@ -81,18 +81,18 @@ buildGoModule (
{ {
pname = "olivetin"; pname = "olivetin";
version = "2025.5.26"; version = "2025.6.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "OliveTin"; owner = "OliveTin";
repo = "OliveTin"; repo = "OliveTin";
tag = finalAttrs.version; tag = finalAttrs.version;
hash = "sha256-BD52MxIHE56y3oWuRTCYmrEYMge70/MXt4B6g84ahF0="; hash = "sha256-Bd+zxVEhP7LZk74Mfai/MkML1pKlPBKm4kh4jAkC/kQ=";
}; };
modRoot = "service"; modRoot = "service";
vendorHash = "sha256-kfk4QFG+l+XKkKoOs2C1B6ZuMeeDz9DrzzR46S8Qnyk="; vendorHash = "sha256-8rPJoB75de2Y56iyIwdI9HPk7OlCgfMPy28TW1i7+sU=";
ldflags = [ ldflags = [
"-s" "-s"

13
pkgs/by-name/pe/pencil2d/git-inherit.patch Normal file
View file

@ -0,0 +1,13 @@
--- a/app/app.pro
+++ b/app/app.pro
@@ -208,8 +208,8 @@
GIT {
DEFINES += GIT_EXISTS \
- "GIT_CURRENT_SHA1=$$system(git --git-dir=.git --work-tree=. -C $$_PRO_FILE_PWD_/../ rev-parse HEAD)" \
- "GIT_TIMESTAMP=$$system(git --git-dir=.git --work-tree=. -C $$_PRO_FILE_PWD_/../ log -n 1 --pretty=format:"%cd" --date=format:"%Y-%m-%d_%H:%M:%S")"
+ "GIT_CURRENT_SHA1=$$cat($$_PRO_FILE_PWD_/../COMMIT)" \
+ "GIT_TIMESTAMP=$$cat($$_PRO_FILE_PWD_/../SOURCE_TIMESTAMP_EPOCH)"
}
macx {

32
pkgs/by-name/pe/pencil2d/package.nix
View file

@ -3,30 +3,56 @@
stdenv, stdenv,
fetchFromGitHub, fetchFromGitHub,
qt5, qt5,
git,
ffmpeg_6,
nix-update-script,
}: }:
stdenv.mkDerivation (FinalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "pencil2d"; pname = "pencil2d";
version = "0.7.0"; version = "0.7.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "pencil2d"; owner = "pencil2d";
repo = "pencil"; repo = "pencil";
tag = "v${FinalAttrs.version}"; tag = "v${finalAttrs.version}";
hash = "sha256-OuZpKgX2BgfuQdnjk/RTBww/blO1CIrYWr7KytqcIbQ="; hash = "sha256-l+iW0k3WdNXDwXtt958JJWSe3zNhQVul4FUcPPMrVxE=";
leaveDotGit = true;
postFetch = ''
# Obtain the last commit ID and its timestamp, then zap .git for reproducibility
cd $out
git rev-parse HEAD > $out/COMMIT
# 0000-00-00T00:00:00Z
date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%d_%H:%M:%S" > $out/SOURCE_TIMESTAMP_EPOCH
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
}; };
patches = [ ./git-inherit.patch ];
nativeBuildInputs = with qt5; [ nativeBuildInputs = with qt5; [
qmake qmake
wrapQtAppsHook wrapQtAppsHook
qttools qttools
git
]; ];
qmakeFlags = [
"pencil2d.pro"
"CONFIG+=release"
"CONFIG+=PENCIL2D_RELEASE"
"CONFIG+=GIT"
"VERSION=${finalAttrs.version}"
];
passthru.updateScript = nix-update-script { };
buildInputs = with qt5; [ buildInputs = with qt5; [
qtbase qtbase
qtmultimedia qtmultimedia
qtsvg qtsvg
qtwayland qtwayland
ffmpeg_6
]; ];
meta = { meta = {

10
pkgs/by-name/pr/prowlarr/package.nix
View file

@ -37,16 +37,16 @@ let
hash = hash =
{ {
aarch64-darwin = "sha256-zHaYgR9UXKnyikt5z3UUmh6oTNoNv5mqtnAId9kCzgE="; aarch64-darwin = "sha256-IkFkQoEPVaV+eVp2DkZECXTkzJyyNYTUBsCBdXCBZC8=";
aarch64-linux = "sha256-xChYbzs4zTWe71xwn3TfUZHGTOHHjzDwbkzPgQEfQZk="; aarch64-linux = "sha256-uwg5Ec9MC6jLwNdauF1tj2gSkhWdyhvWnUTLt8P1OZw=";
x86_64-darwin = "sha256-mual72UuFh9h7Hc/hHqSUeFInwm09f+UptX8jqknXlg="; x86_64-darwin = "sha256-mdDZvKyhKXnHEKvZRH8Di6dZP80AEktnkMOnIZW+Gik=";
x86_64-linux = "sha256-UCiHeg46ncRQA6rDW4uxoFRqC7cuwMdr33OrN7yj51o="; x86_64-linux = "sha256-N0KDb6MsGAJKSh5GSm7aiamjflHRXb06fL1KM2T1+bg=";
} }
.${stdenv.hostPlatform.system} or unsupported; .${stdenv.hostPlatform.system} or unsupported;
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
inherit pname; inherit pname;
version = "1.35.1.5034"; version = "1.36.3.5071";
src = fetchurl { src = fetchurl {
url = "https://github.com/Prowlarr/Prowlarr/releases/download/v${version}/Prowlarr.master.${version}.${os}-core-${arch}.tar.gz"; url = "https://github.com/Prowlarr/Prowlarr/releases/download/v${version}/Prowlarr.master.${version}.${os}-core-${arch}.tar.gz";

18
pkgs/by-name/rs/rsshub/0002-fix-network-call.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/scripts/workflow/build-routes.ts b/scripts/workflow/build-routes.ts
index 9807cfc..b9dcfb9 100644
--- a/scripts/workflow/build-routes.ts
+++ b/scripts/workflow/build-routes.ts
@@ -4,6 +4,7 @@ import { parse } from 'tldts';
import fs from 'node:fs';
import path from 'node:path';
import toSource from 'tosource';
+import { exit } from 'node:process';
import { getCurrentPath } from '../../lib/utils/helpers';
const __dirname = getCurrentPath(import.meta.url);
@@ -73,3 +74,5 @@ fs.writeFileSync(path.join(__dirname, '../../assets/build/radar-rules.js'), `(${
fs.writeFileSync(path.join(__dirname, '../../assets/build/maintainers.json'), JSON.stringify(maintainers, null, 2));
fs.writeFileSync(path.join(__dirname, '../../assets/build/routes.json'), JSON.stringify(namespaces, null, 2));
fs.writeFileSync(path.join(__dirname, '../../assets/build/routes.js'), `export default ${JSON.stringify(namespaces, null, 2)}`.replaceAll(/"module": "(.*)"\n/g, `"module": $1\n`));
+
+exit(0);

20
pkgs/by-name/rs/rsshub/package.nix
View file

@ -7,48 +7,48 @@
replaceVars, replaceVars,
stdenv, stdenv,
}: }:
let
pnpm = pnpm_9;
in
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "rsshub"; pname = "rsshub";
version = "0-unstable-2025-02-03"; version = "0-unstable-2025-05-31";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "DIYgod"; owner = "DIYgod";
repo = "RSSHub"; repo = "RSSHub";
rev = "72f78e2bfbcf000a6f374a92894430cf845fd1fd"; rev = "2dce2e32dd5f4dade2fc915ac8384c953e11cc83";
hash = "sha256-okavLIYJZ+0iCsYtBc2r3FS18MVE/ap2OwRae7rWTrw="; hash = "sha256-gS/t6O3MishJgi2K9hV22hT95oYHfm44cJqrUo2GPlM=";
}; };
patches = [ patches = [
(replaceVars ./0001-fix-git-hash.patch { (replaceVars ./0001-fix-git-hash.patch {
"GIT_HASH" = finalAttrs.src.rev; "GIT_HASH" = finalAttrs.src.rev;
}) })
./0002-fix-network-call.patch
]; ];
pnpmDeps = pnpm_9.fetchDeps { pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs) pname version src; inherit (finalAttrs) pname version src;
hash = "sha256-c16Ue5YiRWlF7ldt/8WLi1/xYhGqqr6XqvUieQbvbWg="; hash = "sha256-7qh6YZbIH/kHVssDZxHY7X8bytrnMcUq0MiJzWZYItc=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
makeBinaryWrapper makeBinaryWrapper
nodejs nodejs
pnpm_9.configHook pnpm.configHook
]; ];
buildPhase = '' buildPhase = ''
runHook preBuild runHook preBuild
pnpm build pnpm build
runHook postBuild runHook postBuild
''; '';
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
mkdir -p $out/bin $out/lib/rsshub mkdir -p $out/bin $out/lib/rsshub
cp -r lib node_modules assets api package.json tsconfig.json $out/lib/rsshub cp -r lib node_modules assets api package.json tsconfig.json $out/lib/rsshub
runHook postInstall runHook postInstall
''; '';

6
pkgs/by-name/sy/synapse-admin-etkecc/package.nix
View file

@ -17,18 +17,18 @@ assert lib.asserts.assertMsg (
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "synapse-admin-etkecc"; pname = "synapse-admin-etkecc";
version = "0.11.0-etke42"; version = "0.11.1-etke43";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "etkecc"; owner = "etkecc";
repo = "synapse-admin"; repo = "synapse-admin";
tag = "v${finalAttrs.version}"; tag = "v${finalAttrs.version}";
hash = "sha256-HWhyG/dVP9M84OOYH95RPLqiXDYOs+QOxwLM8pPl1vA="; hash = "sha256-mubONaT4qnbPlnYY15UtHGEp45k5mIxWt1shHRdwwTA=";
}; };
yarnOfflineCache = fetchYarnDeps { yarnOfflineCache = fetchYarnDeps {
yarnLock = finalAttrs.src + "/yarn.lock"; yarnLock = finalAttrs.src + "/yarn.lock";
hash = "sha256-GO5m+7fcm/XO38XlsQq6fwKslzdZkE6WleP3GHNKuPU="; hash = "sha256-WFE2mtyK3xBOVIgJ0ODsv1C0pjpGdBM3+TtIiZUpj58=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

3
pkgs/by-name/ta/taler-exchange/package.nix
View file

@ -19,6 +19,7 @@
gettext, gettext,
texinfo, texinfo,
libtool, libtool,
nixosTests,
}: }:
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
@ -109,6 +110,8 @@ stdenv.mkDerivation (finalAttrs: {
checkTarget = "check"; checkTarget = "check";
passthru.tests = nixosTests.taler.basic;
meta = { meta = {
description = "Exchange component for the GNU Taler electronic payment system"; description = "Exchange component for the GNU Taler electronic payment system";
longDescription = '' longDescription = ''

11
pkgs/by-name/ta/taler-merchant/package.nix
View file

@ -14,6 +14,7 @@
libgcrypt, libgcrypt,
texinfo, texinfo,
curl, curl,
nixosTests,
}: }:
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
@ -82,6 +83,14 @@ stdenv.mkDerivation (finalAttrs: {
done done
''; '';
postFixup = ''
# - taler-merchant-dbinit expects `versioning.sql` under `share/taler/sql`
# - taler-merchant-httpd expects `share/taler/merchant/templates`
mkdir -p $out/share/taler/sql
ln -s $out/share/taler-merchant $out/share/taler/merchant
ln -s $out/share/taler-merchant/sql $out/share/taler/sql/merchant
'';
enableParallelBuilding = true; enableParallelBuilding = true;
doInstallCheck = true; doInstallCheck = true;
@ -90,6 +99,8 @@ stdenv.mkDerivation (finalAttrs: {
checkTarget = "check"; checkTarget = "check";
passthru.tests = nixosTests.taler.basic;
meta = { meta = {
description = "Merchant component for the GNU Taler electronic payment system"; description = "Merchant component for the GNU Taler electronic payment system";
longDescription = '' longDescription = ''

5
pkgs/by-name/ta/taler-wallet-core/package.nix
View file

@ -95,6 +95,11 @@ stdenv.mkDerivation (finalAttrs: {
done done
''; '';
postFixup = ''
# else it fails to find the python interpreter
patchShebangs --build $out/bin/taler-helper-sqlite3
'';
env.ESBUILD_BINARY_PATH = lib.getExe esbuild'; env.ESBUILD_BINARY_PATH = lib.getExe esbuild';
meta = { meta = {

1
pkgs/by-name/vi/vivaldi/package.nix
View file

@ -235,6 +235,7 @@ stdenv.mkDerivation rec {
mainProgram = "vivaldi"; mainProgram = "vivaldi";
maintainers = with lib.maintainers; [ maintainers = with lib.maintainers; [
marcusramberg marcusramberg
max06
rewine rewine
]; ];
platforms = [ platforms = [

6
pkgs/by-name/wi/winbox4/package.nix
View file

@ -5,7 +5,7 @@
}: }:
let let
pname = "winbox"; pname = "winbox";
version = "4.0beta20"; version = "4.0beta21";
metaCommon = { metaCommon = {
description = "Graphical configuration utility for RouterOS-based devices"; description = "Graphical configuration utility for RouterOS-based devices";
@ -23,13 +23,13 @@ let
x86_64-zip = callPackage ./build-from-zip.nix { x86_64-zip = callPackage ./build-from-zip.nix {
inherit pname version metaCommon; inherit pname version metaCommon;
hash = "sha256-mU+z7yRYKXnGAXHB5LS5SVUgIzRlR9nV2FzXispntF0="; hash = "sha256-Uoawz+CW1JLVOEoxSF49WpF31VuUDWK4q9tl1qAwS/c=";
}; };
x86_64-dmg = callPackage ./build-from-dmg.nix { x86_64-dmg = callPackage ./build-from-dmg.nix {
inherit pname version metaCommon; inherit pname version metaCommon;
hash = "sha256-tLsreK6YsqsbMaY4dil34eiHxAG7GrZYyll6BX9dsx8="; hash = "sha256-PCdN5z77RU5WgYzk2h/ou2OeswZQl32FfxozEZ8ZlTo=";
}; };
in in
(if stdenvNoCC.hostPlatform.isDarwin then x86_64-dmg else x86_64-zip).overrideAttrs (oldAttrs: { (if stdenvNoCC.hostPlatform.isDarwin then x86_64-dmg else x86_64-zip).overrideAttrs (oldAttrs: {

6
pkgs/development/coq-modules/vscoq-language-server/default.nix
View file

@ -14,8 +14,8 @@ let
with lib.versions; with lib.versions;
lib.switch coq.coq-version [ lib.switch coq.coq-version [
{ {
case = isEq "9.0"; case = range "8.18" "9.0";
out = "2.2.5"; out = "2.2.6";
} }
{ {
case = range "8.18" "8.20"; case = range "8.18" "8.20";
@ -48,6 +48,8 @@ let
release."2.2.1".sha256 = "sha256-miIVAv/8jlP1pXnoK1MWz4O6nlmb309a8UjcCivbiB4="; release."2.2.1".sha256 = "sha256-miIVAv/8jlP1pXnoK1MWz4O6nlmb309a8UjcCivbiB4=";
release."2.2.5".rev = "v2.2.5"; release."2.2.5".rev = "v2.2.5";
release."2.2.5".sha256 = "sha256-XyIjwem/yS7UIpQATNixgKkrMOHHs74nkAOvpU5WG1k="; release."2.2.5".sha256 = "sha256-XyIjwem/yS7UIpQATNixgKkrMOHHs74nkAOvpU5WG1k=";
release."2.2.6".rev = "v2.2.6";
release."2.2.6".sha256 = "sha256-J8nRTAwN6GBEYgqlXa2kkkrHPatXsSObQg9QUQoZhgE=";
inherit location; inherit location;
}); });
fetched = fetch (if version != null then version else defaultVersion); fetched = fetch (if version != null then version else defaultVersion);

38
pkgs/development/python-modules/copier-template-tester/default.nix Normal file
View file

@ -0,0 +1,38 @@
{
buildPythonPackage,
copier,
corallium,
fetchFromGitHub,
lib,
poetry-core,
poetry-dynamic-versioning,
}:
buildPythonPackage rec {
pname = "copier-template-tester";
version = "2.1.1";
format = "pyproject";
src = fetchFromGitHub {
owner = "KyleKing";
repo = pname;
rev = version;
hash = "sha256-q1SNsy5CbBmGTGVejSN8P8BkdiasZjnW8BWMXOfSD1s=";
};
build-system = [
poetry-core
poetry-dynamic-versioning
];
dependencies = [
copier
corallium
];
meta = with lib; {
description = "ctt: CLI and pre-commit tool for testing copier";
homepage = "https://copier-template-tester.kyleking.me";
license = licenses.mit;
maintainers = with maintainers; [ yajo ];
};
}

82
pkgs/development/python-modules/copier/default.nix Normal file
View file

@ -0,0 +1,82 @@
{
buildPythonPackage,
colorama,
decorator,
dunamai,
fetchFromGitHub,
funcy,
git,
iteration-utilities,
jinja2,
jinja2-ansible-filters,
lib,
mkdocs-material,
mkdocs-mermaid2-plugin,
mkdocstrings,
packaging,
pathspec,
plumbum,
poetry-core,
poetry-dynamic-versioning,
pydantic,
pygments,
pyyaml,
pyyaml-include,
questionary,
}:
buildPythonPackage rec {
pname = "copier";
version = "9.6.0";
pyproject = true;
src = fetchFromGitHub {
owner = "copier-org";
repo = "copier";
tag = "v${version}";
# Conflict on APFS on darwin
postFetch = ''
rm $out/tests/demo/doc/ma*ana.txt
'';
hash = "sha256-mezmXrOvfqbZGZadNZklQZt/OEKqRYnwugNkZc88t6o=";
};
POETRY_DYNAMIC_VERSIONING_BYPASS = version;
build-system = [
poetry-core
poetry-dynamic-versioning
];
dependencies = [
colorama
decorator
dunamai
funcy
iteration-utilities
jinja2
jinja2-ansible-filters
mkdocs-material
mkdocs-mermaid2-plugin
mkdocstrings
packaging
pathspec
plumbum
pydantic
pygments
pyyaml
pyyaml-include
questionary
];
makeWrapperArgs = [ "--suffix PATH : ${lib.makeBinPath [ git ]}" ];
meta = {
description = "Library and command-line utility for rendering projects templates";
homepage = "https://copier.readthedocs.io";
changelog = "https://github.com/copier-org/copier/blob/v${version}/CHANGELOG.md";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ greg ];
mainProgram = "copier";
};
}

44
pkgs/development/python-modules/corallium/default.nix Normal file
View file

@ -0,0 +1,44 @@
{
beartype,
buildPythonPackage,
fetchFromGitHub,
lib,
poetry-core,
pydantic,
python,
rich,
tomli,
}:
buildPythonPackage rec {
pname = "corallium";
version = "0.3.3";
format = "pyproject";
src = fetchFromGitHub {
owner = "KyleKing";
repo = pname;
rev = version;
hash = "sha256-fZzm3o8EwegNG+sYn8lbPz60NMyA/OzGFUf/J/lbGbI=";
};
build-system = [
poetry-core
];
dependencies =
[
beartype
pydantic
rich
]
++ lib.optionals (python.pythonOlder "3.11") [
tomli
];
meta = with lib; {
description = "Shared functionality for calcipy-ecosystem";
homepage = "https://corallium.kyleking.me";
license = licenses.mit;
maintainers = with maintainers; [ yajo ];
};
}

16
pkgs/development/python-modules/msmart-ng/default.nix
View file

@ -2,7 +2,6 @@
lib, lib,
buildPythonPackage, buildPythonPackage,
fetchFromGitHub, fetchFromGitHub,
fetchpatch2,
# build-system # build-system
setuptools, setuptools,
@ -18,27 +17,16 @@
buildPythonPackage rec { buildPythonPackage rec {
pname = "msmart-ng"; pname = "msmart-ng";
version = "2025.3.3"; version = "2025.5.1";
pyproject = true; pyproject = true;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "mill1000"; owner = "mill1000";
repo = "midea-msmart"; repo = "midea-msmart";
tag = version; tag = version;
hash = "sha256-M8Gl6QXj0tRN7VFDhop47vINk8MeWSyCJ9bboo3j8Go="; hash = "sha256-dZD93ZZiQLmWuMAR/nnYB7oGBBYr4YPEi+LdpSzweVc=";
}; };
patches = [
(fetchpatch2 {
# Revert <https://github.com/mill1000/midea-msmart/pull/209> until setuptools
# implements support for <https://peps.python.org/pep-0639/>.
name = "revert-pyproject-license-declaration-pep639-syntax.patch";
url = "https://github.com/mill1000/midea-msmart/commit/e5d6a982135e497c251095e421d3de4686f36056.patch?full_index=1";
hash = "sha256-+mxmFGZd04MZY2C5eo4k1lFoXsM8XyeJNazShnjAseE=";
revert = true;
})
];
build-system = [ build-system = [
setuptools setuptools
setuptools-scm setuptools-scm

7
pkgs/development/tools/build-managers/rebar3/default.nix
View file

@ -12,11 +12,12 @@
git, git,
gnused, gnused,
nix, nix,
nixfmt-rfc-style,
rebar3-nix, rebar3-nix,
}: }:
let let
version = "3.24.0"; version = "3.25.0";
owner = "erlang"; owner = "erlang";
deps = import ./rebar-deps.nix { inherit fetchFromGitHub fetchgit fetchHex; }; deps = import ./rebar-deps.nix { inherit fetchFromGitHub fetchgit fetchHex; };
rebar3 = stdenv.mkDerivation rec { rebar3 = stdenv.mkDerivation rec {
@ -29,7 +30,7 @@ let
inherit owner; inherit owner;
repo = pname; repo = pname;
rev = version; rev = version;
sha256 = "OhzgDipFhscHtRGlfc33ZewBgHgQLa9Zhjby/r1m49A="; sha256 = "uiKgB+YuqKnfs9TZbnudp6TZd6ZGXfpF9c8jJffCs/U=";
}; };
buildInputs = [ erlang ]; buildInputs = [ erlang ];
@ -94,6 +95,7 @@ let
git git
gnused gnused
nix nix
nixfmt-rfc-style
(rebar3WithPlugins { globalPlugins = [ rebar3-nix ]; }) (rebar3WithPlugins { globalPlugins = [ rebar3-nix ]; })
] ]
} }
@ -105,6 +107,7 @@ let
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
cp -R $(nix-build $nixpkgs --no-out-link -A rebar3.src)/* "$tmpdir" cp -R $(nix-build $nixpkgs --no-out-link -A rebar3.src)/* "$tmpdir"
(cd "$tmpdir" && rebar3 as test nix lock -o "$nix_path/rebar-deps.nix") (cd "$tmpdir" && rebar3 as test nix lock -o "$nix_path/rebar-deps.nix")
nixfmt "$nix_path/rebar-deps.nix"
else else
echo "rebar3 is already up-to-date" echo "rebar3 is already up-to-date"
fi fi

4
pkgs/servers/home-assistant/custom-components/midea_ac/package.nix
View file

@ -8,13 +8,13 @@
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "mill1000"; owner = "mill1000";
domain = "midea_ac"; domain = "midea_ac";
version = "2025.4.0"; version = "2025.5.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "mill1000"; owner = "mill1000";
repo = "midea-ac-py"; repo = "midea-ac-py";
tag = version; tag = version;
hash = "sha256-ZkLC0GhfN+jp1DWv30LNVCP+NEZywt9Pxycs2RWBzrM="; hash = "sha256-6CNxhgygAyzpy3idj3RkVvI8WMHCfar9v0GG21Y7YKE=";
}; };
dependencies = [ msmart-ng ]; dependencies = [ msmart-ng ];

36
pkgs/servers/openafs/1.8/module.nix
View file

@ -40,6 +40,42 @@ stdenv.mkDerivation {
decode = "base64 -d"; decode = "base64 -d";
hash = "sha256-08jedwZ1KX1RSs8y9sh7BUvv5xK9tlzZ6uBOR4kS0Jo="; hash = "sha256-08jedwZ1KX1RSs8y9sh7BUvv5xK9tlzZ6uBOR4kS0Jo=";
}) })
# Linux: Add required MODULE_DESCRIPTION
(fetchpatch {
url = "https://gerrit.openafs.org/changes/16372/revisions/39189eba45542376e668636bd79a93ae6a8a7cd2/patch";
decode = "base64 -d";
hash = "sha256-j5ckKQvybEvmlnFs5jX8g8Dfw37LYWGnfsl4hnZ3+A4=";
})
# linux: inode_ops mkdir returns struct dentry *
(fetchpatch {
url = "https://gerrit.openafs.org/changes/16373/revisions/769847e205d5908a0c430f7bcfbd2f48e19f8bf8/patch";
decode = "base64 -d";
hash = "sha256-znv5gunyPnJgi4SRFERJudtYFqiS+AVYDWfvr52Ku3s=";
})
# Linux: Use __filemap_get_folio()
(fetchpatch {
url = "https://gerrit.openafs.org/changes/16374/revisions/f187add554da9e9c52752edbfa98f486f683cf25/patch";
decode = "base64 -d";
hash = "sha256-+ay87ThSn6QyPZcN0+oE01Wqbxmz0Z1KXYwocQCvYLg=";
})
# Linux: Use folio_wait_locked()
(fetchpatch {
url = "https://gerrit.openafs.org/changes/16375/revisions/87a93f6488585553d833e1397e7f0dae0545cb7e/patch";
decode = "base64 -d";
hash = "sha256-MOVX2LFe8OBnvsQ2UdLvwKrwztOmnu1rdIou4CF+EBs=";
})
# cf: Introduce AC_CHECK_LINUX_SYMBOL
(fetchpatch {
url = "https://gerrit.openafs.org/changes/16376/revisions/bab5968d7f4639d4a0cbe81aaa3e9716dda00632/patch";
decode = "base64 -d";
hash = "sha256-d6DZqDTW1uEKSB5PsomS4ix9fYYQzdQVmDATKl6n7x4=";
})
# cf: check for dentry flag macros/enums
(fetchpatch {
url = "https://gerrit.openafs.org/changes/16377/revisions/f791d8ca4804486c656bc7c221076480df39b465/patch";
decode = "base64 -d";
hash = "sha256-7B0VJE3FeSQU1ElvXI5zXCPq1JRLAycyhqIQuDdR7xE=";
})
]; ];
nativeBuildInputs = [ nativeBuildInputs = [

6
pkgs/top-level/python-packages.nix
View file

@ -2859,10 +2859,16 @@ self: super: with self; {
coordinates = callPackage ../development/python-modules/coordinates { }; coordinates = callPackage ../development/python-modules/coordinates { };
copier = callPackage ../development/python-modules/copier { };
copier-template-tester = callPackage ../development/python-modules/copier-template-tester { };
copykitten = callPackage ../development/python-modules/copykitten { }; copykitten = callPackage ../development/python-modules/copykitten { };
coqpit = callPackage ../development/python-modules/coqpit { }; coqpit = callPackage ../development/python-modules/coqpit { };
corallium = callPackage ../development/python-modules/corallium { };
coreapi = callPackage ../development/python-modules/coreapi { }; coreapi = callPackage ../development/python-modules/coreapi { };
coredis = callPackage ../development/python-modules/coredis { }; coredis = callPackage ../development/python-modules/coredis { };