movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
nixpkgs-ci[bot] 2025-05-11 12:06:00 +00:00 committed by GitHub
commit 9af3319f5f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
139 changed files with 1494 additions and 831 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/labeler.yml vendored
View file

@ -39,7 +39,7 @@
- changed-files:
- any-glob-to-any-file:
- .github/**/*
- ci/**/*
- ci/**/*.*
"6.topic: coq":
- any:

2
.github/workflows/backport.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
backport:
name: Backport Pull Request
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport'))
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs

2
.github/workflows/check-cherry-picks.yml vendored
View file

@ -12,7 +12,7 @@ permissions: {}
jobs:
check:
name: cherry-pick-check
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

2
.github/workflows/check-format.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
nixos:
name: fmt-check
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:

6
.github/workflows/check-shell.yml vendored
View file

@ -16,6 +16,10 @@ jobs:
include:
- runner: ubuntu-24.04
system: x86_64-linux
- runner: ubuntu-24.04-arm
system: aarch64-linux
- runner: macos-13
system: x86_64-darwin
- runner: macos-14
system: aarch64-darwin
@ -30,4 +34,4 @@ jobs:
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
- name: Build shell
run: nix-build shell.nix
run: nix-build ci -A shell

4
.github/workflows/codeowners-v2.yml vendored
View file

@ -41,7 +41,7 @@ jobs:
# Check that code owners is valid
check:
name: Check
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: github.repository_owner == 'NixOS' && needs.get-merge-commit.outputs.mergedSha
steps:
@ -89,7 +89,7 @@ jobs:
# Request reviews from code owners
request:
name: Request
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
if: github.repository_owner == 'NixOS'
steps:
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31

33
.github/workflows/eval-aliases.yml vendored Normal file
View file

@ -0,0 +1,33 @@
name: Eval aliases
on:
pull_request_target:
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
eval-aliases:
name: Eval nixpkgs with aliases enabled
runs-on: ubuntu-24.04-arm
needs: [ get-merge-commit ]
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- name: Ensure flake outputs on all systems still evaluate
run: nix --experimental-features 'nix-command flakes' flake check --all-systems --no-build ./nixpkgs
- name: Query nixpkgs with aliases enabled to check for basic syntax errors
run: |
time nix-env -I ./nixpkgs -f ./nixpkgs -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null

41
.github/workflows/eval.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
attrs:
name: Attributes
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
outputs:
@ -59,32 +59,9 @@ jobs:
name: paths
path: result/*
eval-aliases:
name: Eval nixpkgs with aliases enabled
runs-on: ubuntu-24.04
needs: [ get-merge-commit ]
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- name: Ensure flake outputs on all systems still evaluate
run: nix --experimental-features 'nix-command flakes' flake check --all-systems --no-build ./nixpkgs
- name: Query nixpkgs with aliases enabled to check for basic syntax errors
run: |
time nix-env -I ./nixpkgs -f ./nixpkgs -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null
outpaths:
name: Outpaths
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: [ attrs, get-merge-commit ]
strategy:
fail-fast: false
@ -93,10 +70,10 @@ jobs:
steps:
- name: Enable swap
run: |
sudo fallocate -l 10G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo fallocate -l 10G /swap
sudo chmod 600 /swap
sudo mkswap /swap
sudo swapon /swap
- name: Download the list of all attributes
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@ -133,7 +110,7 @@ jobs:
process:
name: Process
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: [ outpaths, attrs, get-merge-commit ]
outputs:
targetRunId: ${{ steps.targetRunId.outputs.targetRunId }}
@ -219,7 +196,7 @@ jobs:
# Use the target branch to get accurate maintainer info
nix-build target/ci -A eval.compare \
--arg beforeResultDir ./targetResult \
--arg afterResultDir $(realpath prResult) \
--arg afterResultDir "$(realpath prResult)" \
--arg touchedFilesJson ./touched-files.json \
-o comparison
@ -235,7 +212,7 @@ jobs:
# Separate job to have a very tightly scoped PR write token
tag:
name: Tag
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: [ attrs, process ]
if: needs.process.outputs.targetRunId
permissions:

2
.github/workflows/get-merge-commit.yml vendored
View file

@ -11,7 +11,7 @@ permissions: {}
jobs:
resolve-merge-commit:
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
outputs:
mergedSha: ${{ steps.merged.outputs.mergedSha }}
steps:

2
.github/workflows/labels.yml vendored
View file

@ -16,7 +16,7 @@ permissions:
jobs:
labels:
name: label-pr
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0

2
.github/workflows/eval-lib-tests.yml → .github/workflows/lib-tests.yml vendored
View file

@ -28,4 +28,4 @@ jobs:
- name: Building Nixpkgs lib-tests
run: |
nix-build --arg pkgs "(import ./ci/. {}).pkgs" ./lib/tests/release.nix
nix-build ci -A lib-tests

7
.github/workflows/lint-actions.sh vendored
View file

@ -1,7 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash actionlint shellcheck -I nixpkgs=../..
set -euo pipefail
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
cd "$SCRIPT_DIR/../.."
actionlint

14
.github/workflows/manual-nixos-v2.yml vendored
View file

@ -22,12 +22,12 @@ jobs:
strategy:
fail-fast: false
matrix:
system:
- x86_64-linux
- aarch64-linux
runs-on: >-
${{ (matrix.system == 'x86_64-linux' && 'ubuntu-24.04')
|| (matrix.system == 'aarch64-linux' && 'ubuntu-24.04-arm') }}
include:
- runner: ubuntu-24.04
system: x86_64-linux
- runner: ubuntu-24.04-arm
system: aarch64-linux
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
@ -46,7 +46,7 @@ jobs:
- name: Build NixOS manual
id: build-manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.${{ matrix.system }}
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true ci -A manual-nixos --argstr system ${{ matrix.system }}
- name: Upload NixOS manual
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

6
.github/workflows/manual-nixpkgs-v2.yml vendored
View file

@ -7,14 +7,14 @@ on:
paths:
- 'doc/**'
- 'lib/**'
- 'pkgs/tools/nix/nixdoc/**'
- 'pkgs/by-name/ni/nixdoc/**'
permissions: {}
jobs:
nixpkgs:
name: nixpkgs-manual-build
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
@ -32,4 +32,4 @@ jobs:
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Building Nixpkgs manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true ci -A manual-nixpkgs -A manual-nixpkgs-tests

25
.github/workflows/nix-parse-v2.yml vendored
View file

@ -11,37 +11,20 @@ jobs:
tests:
name: nix-files-parseable-check
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/${{ github.repository }}/pulls/${{github.event.number}}/files --paginate \
| jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
> "$HOME/changed_files"
if [[ -s "$HOME/changed_files" ]]; then
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Parse all changed or added nix files
- name: Parse all nix files
run: |
ret=0
while IFS= read -r file; do
out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
done < "$HOME/changed_files"
exit "$ret"
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
# Tests multiple versions at once, let's make sure all of them run, so keep-going.
nix-build ci -A parse --keep-going

2
.github/workflows/no-channel.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
startsWith(github.event.pull_request.base.ref, 'nixos-') ||
startsWith(github.event.pull_request.base.ref, 'nixpkgs-')
name: "This PR is targeting a channel branch"
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
steps:
- run: |
cat <<EOF

2
.github/workflows/periodic-merge.yml vendored
View file

@ -14,7 +14,7 @@ on:
jobs:
merge:
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
name: ${{ inputs.from }} → ${{ inputs.into }}
steps:
# Use a GitHub App to create the PR so that CI gets triggered

1
ci/OWNERS
View file

@ -251,6 +251,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/maintainers/scripts/kde @K900 @NickCao @SuperSandro2000 @ttuegel
# PostgreSQL and related stuff
/pkgs/by-name/po/postgresqlTestHook @NixOS/postgres
/pkgs/by-name/ps/psqlodbc @NixOS/postgres
/pkgs/servers/sql/postgresql @NixOS/postgres
/pkgs/development/tools/rust/cargo-pgrx @NixOS/postgres

14
ci/default.nix
View file

@ -44,6 +44,8 @@ let
# By default it's info, which is too noisy since we have many unmatched files
settings.on-unmatched = "debug";
programs.actionlint.enable = true;
programs.keep-sorted.enable = true;
# This uses nixfmt-rfc-style underneath,
@ -79,4 +81,16 @@ in
requestReviews = pkgs.callPackage ./request-reviews { };
codeownersValidator = pkgs.callPackage ./codeowners-validator { };
eval = pkgs.callPackage ./eval { };
# CI jobs
lib-tests = import ../lib/tests/release.nix { inherit pkgs; };
manual-nixos = (import ../nixos/release.nix { }).manual.${system} or null;
manual-nixpkgs = (import ../pkgs/top-level/release.nix { }).manual;
manual-nixpkgs-tests = (import ../pkgs/top-level/release.nix { }).manual.tests;
parse = pkgs.lib.recurseIntoAttrs {
latest = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.latest; };
lix = pkgs.callPackage ./parse.nix { nix = pkgs.lix; };
minimum = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.minimum; };
};
shell = import ../shell.nix { inherit nixpkgs system; };
}

43
ci/parse.nix Normal file
View file

@ -0,0 +1,43 @@
{
lib,
nix,
runCommand,
}:
let
nixpkgs =
with lib.fileset;
toSource {
root = ../.;
fileset = (fileFilter (file: file.hasExt "nix") ../.);
};
in
runCommand "nix-parse-${nix.name}"
{
nativeBuildInputs = [
nix
];
}
''
export NIX_STORE_DIR=$TMPDIR/store
export NIX_STATE_DIR=$TMPDIR/state
cd "${nixpkgs}"
# Passes all files to nix-instantiate at once.
# Much faster, but will only show first error.
parse-all() {
find . -type f -iname '*.nix' | xargs -P $(nproc) nix-instantiate --parse >/dev/null 2>/dev/null
}
# Passes each file separately to nix-instantiate with -n1.
# Much slower, but will show all errors.
parse-each() {
find . -type f -iname '*.nix' | xargs -n1 -P $(nproc) nix-instantiate --parse >/dev/null
}
if ! parse-all; then
parse-each
fi
touch $out
''

2
doc/release-notes/rl-2505.section.md
View file

@ -424,6 +424,8 @@
- [`lib.packagesFromDirectoryRecursive`] now rejects unknown arguments.
[`lib.packagesFromDirectoryRecursive`]: https://nixos.org/manual/nixpkgs/stable/#function-library-lib.filesystem.packagesFromDirectoryRecursive
- The `godot-export-templates` package now has its content at `share/godot/export_templates/$version` instead of the output root. This makes it more convenient for for symlinking into `~/.local`, but scripts expecting the old layout will need to be changed.
### Deprecations {#sec-nixpkgs-release-25.05-lib-deprecations}
- `functor` is an implementation detail and should not be relied upon, but since its status wasn't clear and it has had some use cases without alternatives, changes are being handled as gracefully as possible. Deprecations within functor:

24
nixos/doc/manual/development/running-nixos-tests-interactively.section.md
View file

@ -87,11 +87,33 @@ $ ssh vsock/3 -o User=root
The socket numbers correspond to the node number of the test VM, but start
at three instead of one because that's the lowest possible
vsock number.
vsock number. The exact SSH commands are also printed out when starting
`nixos-test-driver`.
On non-NixOS systems you'll probably need to enable
the SSH config from {manpage}`systemd-ssh-proxy(1)` yourself.
If starting VM fails with an error like
```
qemu-system-x86_64: -device vhost-vsock-pci,guest-cid=3: vhost-vsock: unable to set guest cid: Address already in use
```
it means that the vsock numbers for the VMs are already in use. This can happen
if another interactive test with SSH backdoor enabled is running on the machine.
In that case, you need to assign another range of vsock numbers. You can pick another
offset with
```nix
{
sshBackdoor = {
enable = true;
vsockOffset = 23542;
};
}
```
## Port forwarding to NixOS test VMs {#sec-nixos-test-port-forwarding}
If your test has only a single VM, you may use e.g.

9
nixos/doc/manual/redirects.json
View file

@ -1286,6 +1286,12 @@
"module-services-postgres-initializing-extra-permissions-service-user-oneshot": [
"index.html#module-services-postgres-initializing-extra-permissions-service-user-oneshot"
],
"module-services-postgres-authentication": [
"index.html#module-services-postgres-authentication"
],
"module-services-postgres-authentication-user-mapping": [
"index.html#module-services-postgres-authentication-user-mapping"
],
"module-services-postgres-upgrading": [
"index.html#module-services-postgres-upgrading"
],
@ -1826,6 +1832,9 @@
"test-opt-sshBackdoor.enable": [
"index.html#test-opt-sshBackdoor.enable"
],
"test-opt-sshBackdoor.vsockOffset": [
"index.html#test-opt-sshBackdoor.vsockOffset"
],
"test-opt-defaults": [
"index.html#test-opt-defaults"
],

6
nixos/lib/test-driver/src/test_driver/__init__.py
View file

@ -112,7 +112,7 @@ def main() -> None:
arg_parser.add_argument(
"--dump-vsocks",
help="indicates that the interactive SSH backdoor is active and dumps information about it on start",
action="store_true",
type=int,
)
args = arg_parser.parse_args()
@ -141,8 +141,8 @@ def main() -> None:
if args.interactive:
history_dir = os.getcwd()
history_path = os.path.join(history_dir, ".nixos-test-history")
if args.dump_vsocks:
driver.dump_machine_ssh()
if offset := args.dump_vsocks:
driver.dump_machine_ssh(offset)
ptpython.ipython.embed(
user_ns=driver.test_symbols(),
history_filename=history_path,

4
nixos/lib/test-driver/src/test_driver/driver.py
View file

@ -178,14 +178,14 @@ class Driver:
)
return {**general_symbols, **machine_symbols, **vlan_symbols}
def dump_machine_ssh(self) -> None:
def dump_machine_ssh(self, offset: int) -> None:
print("SSH backdoor enabled, the machines can be accessed like this:")
print(
f"{Style.BRIGHT}Note:{Style.RESET_ALL} this requires {Style.BRIGHT}systemd-ssh-proxy(1){Style.RESET_ALL} to be enabled (default on NixOS 25.05 and newer)."
)
names = [machine.name for machine in self.machines]
longest_name = len(max(names, key=len))
for num, name in enumerate(names, start=3):
for num, name in enumerate(names, start=offset + 1):
spaces = " " * (longest_name - len(name) + 2)
print(
f" {name}:{spaces}{Style.BRIGHT}ssh -o User=root vsock/{num}{Style.RESET_ALL}"

46
nixos/lib/testing/nodes.nix
View file

@ -84,6 +84,22 @@ in
type = types.bool;
description = "Whether to turn on the VSOCK-based access to all VMs. This provides an unauthenticated access intended for debugging.";
};
vsockOffset = mkOption {
default = 2;
type = types.ints.between 2 4294967296;
description = ''
This field is only relevant when multiple users run the (interactive)
driver outside the sandbox and with the SSH backdoor activated.
The typical symptom for this being a problem are error messages like this:
`vhost-vsock: unable to set guest cid: Address already in use`
This option allows to assign an offset to each vsock number to
resolve this.
This is a 32bit number. The lowest possible vsock number is `3`
(i.e. with the lowest node number being `1`, this is 2+1).
'';
};
};
node.type = mkOption {
@ -182,7 +198,7 @@ in
passthru.nodes = config.nodesCompat;
extraDriverArgs = mkIf config.sshBackdoor.enable [
"--dump-vsocks"
"--dump-vsocks=${toString config.sshBackdoor.vsockOffset}"
];
defaults = mkMerge [
@ -190,9 +206,31 @@ in
nixpkgs.pkgs = config.node.pkgs;
imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
})
(mkIf config.sshBackdoor.enable {
testing.sshBackdoor.enable = true;
})
(mkIf config.sshBackdoor.enable (
let
inherit (config.sshBackdoor) vsockOffset;
in
{ config, ... }:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
};
};
security.pam.services.sshd = {
allowNullPassword = true;
};
virtualisation.qemu.options = [
"-device vhost-vsock-pci,guest-cid=${
toString (config.virtualisation.test.nodeNumber + vsockOffset)
}"
];
}
))
];
};

12
nixos/modules/services/continuous-integration/hydra/default.nix
View file

@ -564,16 +564,14 @@ in
services.postgresql.enable = lib.mkIf haveLocalDB true;
services.postgresql.identMap = lib.optionalString haveLocalDB ''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
hydra-users root hydra
# The postgres user is used to create the pg_trgm extension for the hydra database
hydra-users postgres postgres
hydra hydra hydra
hydra hydra-queue-runner hydra
hydra hydra-www hydra
hydra root hydra
'';
services.postgresql.authentication = lib.optionalString haveLocalDB ''
local hydra all ident map=hydra-users
local all hydra peer map=hydra
'';
};

32
nixos/modules/services/databases/postgresql.md
View file

@ -170,6 +170,38 @@ are already created.
}
```
## Authentication {#module-services-postgres-authentication}
Local connections are made through unix sockets by default and support [peer authentication](https://www.postgresql.org/docs/current/auth-peer.html).
This allows system users to login with database roles of the same name.
For example, the `postgres` system user is allowed to login with the database role `postgres`.
System users and database roles might not always match.
In this case, to allow access for a service, you can create a [user name map](https://www.postgresql.org/docs/current/auth-username-maps.html) between system roles and an existing database role.
### User Mapping {#module-services-postgres-authentication-user-mapping}
Assume that your app creates a role `admin` and you want the `root` user to be able to login with it.
You can then use [](#opt-services.postgresql.identMap) to define the map and [](#opt-services.postgresql.authentication) to enable it:
```nix
services.postgresql = {
identMap = ''
admin root admin
'';
authentication = ''
local all admin peer map=admin
'';
}
```
::: {.warning}
To avoid conflicts with other modules, you should never apply a map to `all` roles.
Because PostgreSQL will stop on the first matching line in `pg_hba.conf`, a line matching all roles would lock out other services.
Each module should only manage user maps for the database roles that belong to this module.
Best practice is to name the map after the database role it manages to avoid name conflicts.
:::
## Upgrading {#module-services-postgres-upgrading}
::: {.note}

16
nixos/modules/services/databases/postgresql.nix
View file

@ -274,6 +274,14 @@ in
Defines the mapping from system users to database users.
See the [auth doc](https://postgresql.org/docs/current/auth-username-maps.html).
There is a default map "postgres" which is used for local peer authentication
as the postgres superuser role.
For example, to allow the root user to login as the postgres superuser, add:
```
postgres root postgres
```
'';
};
@ -674,12 +682,20 @@ in
(mkBefore "# Generated file; do not edit!")
(mkAfter ''
# default value of services.postgresql.authentication
local all postgres peer map=postgres
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
'')
];
# The default allows to login with the same database username as the current system user.
# This is the default for peer authentication without a map, but needs to be made explicit
# once a map is used.
services.postgresql.identMap = mkAfter ''
postgres postgres postgres
'';
services.postgresql.systemCallFilter = mkMerge [
(mapAttrs (const mkDefault) {
"@system-service" = true;

34
nixos/modules/services/networking/anubis.nix
View file

@ -122,12 +122,6 @@ let
example = "tcp";
type = types.str;
};
SOCKET_MODE = mkDefaultOption "settings.SOCKET_MODE" {
default = "0770";
description = "The permissions on the Unix domain sockets created.";
example = "0700";
type = types.str;
};
DIFFICULTY = mkDefaultOption "settings.DIFFICULTY" {
default = 4;
description = ''
@ -146,6 +140,26 @@ let
'';
type = types.bool;
};
OG_PASSTHROUGH = mkDefaultOption "settings.OG_PASSTHROUGH" {
default = false;
description = ''
Whether to enable Open Graph tag passthrough.
This enables social previews of resources protected by
Anubis without having to exempt each scraper individually.
'';
type = types.bool;
};
WEBMASTER_EMAIL = mkDefaultOption "settings.WEBMASTER_EMAIL" {
default = null;
description = ''
If set, shows a contact email address when rendering error pages.
This email address will be how users can get in contact with administrators.
'';
example = "alice@example.com";
type = types.nullOr types.str;
};
# generated by default
POLICY_FNAME = mkDefaultOption "settings.POLICY_FNAME" {
@ -224,6 +238,9 @@ in
and socket paths.
'';
type = types.attrsOf (types.submodule (commonSubmodule false));
# Merge defaultOptions into each instance
apply = lib.mapAttrs (_: lib.recursiveUpdate cfg.defaultOptions);
};
};
@ -309,6 +326,9 @@ in
) enabledInstances;
};
meta.maintainers = with lib.maintainers; [ soopyc ];
meta.maintainers = with lib.maintainers; [
soopyc
nullcube
];
meta.doc = ./anubis.md;
}

21
nixos/modules/testing/test-instrumentation.nix
View file

@ -86,11 +86,6 @@ in
enables commands to be sent to test and debug stage 1. Use
machine.switch_root() to leave stage 1 and proceed to stage 2
'';
sshBackdoor = {
enable = mkEnableOption "vsock-based ssh backdoor for the VM";
};
};
config = {
@ -104,18 +99,6 @@ in
}
];
services.openssh = mkIf config.testing.sshBackdoor.enable {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
};
};
security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable {
allowNullPassword = true;
};
systemd.services.backdoor = lib.mkMerge [
backdoorService
{
@ -191,10 +174,6 @@ in
# we avoid defining attributes if not possible.
# TODO: refactor such that test-instrumentation can import qemu-vm
package = lib.mkDefault pkgs.qemu_test;
options = mkIf config.testing.sshBackdoor.enable [
"-device vhost-vsock-pci,guest-cid=${toString (config.virtualisation.test.nodeNumber + 2)}"
];
};
};

59
nixos/tests/anubis.nix
View file

@ -1,7 +1,10 @@
{ lib, ... }:
{
name = "anubis";
meta.maintainers = [ lib.maintainers.soopyc ];
meta.maintainers = with lib.maintainers; [
soopyc
nullcube
];
nodes.machine =
{
@ -10,24 +13,34 @@
...
}:
{
services.anubis.instances = {
"".settings.TARGET = "http://localhost:8080";
"tcp" = {
user = "anubis-tcp";
group = "anubis-tcp";
settings = {
TARGET = "http://localhost:8080";
BIND = ":9000";
BIND_NETWORK = "tcp";
METRICS_BIND = ":9001";
METRICS_BIND_NETWORK = "tcp";
};
services.anubis = {
defaultOptions.settings = {
DIFFICULTY = 3;
USER_DEFINED_DEFAULT = true;
};
instances = {
"".settings = {
TARGET = "http://localhost:8080";
DIFFICULTY = 5;
USER_DEFINED_INSTANCE = true;
};
"unix-upstream" = {
group = "nginx";
settings.TARGET = "unix:///run/nginx/nginx.sock";
"tcp" = {
user = "anubis-tcp";
group = "anubis-tcp";
settings = {
TARGET = "http://localhost:8080";
BIND = ":9000";
BIND_NETWORK = "tcp";
METRICS_BIND = ":9001";
METRICS_BIND_NETWORK = "tcp";
};
};
"unix-upstream" = {
group = "nginx";
settings.TARGET = "unix:///run/nginx/nginx.sock";
};
};
};
@ -94,5 +107,17 @@
# Upstream is a unix socket mode
machine.succeed('curl -f http://unix.localhost/index.html | grep "it works"')
# Default user-defined environment variables
machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "USER_DEFINED_DEFAULT"')
machine.succeed('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "USER_DEFINED_DEFAULT"')
# Instance-specific user-specified environment variables
machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "USER_DEFINED_INSTANCE"')
machine.fail('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "USER_DEFINED_INSTANCE"')
# Make sure defaults don't overwrite themselves
machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "DIFFICULTY=5"')
machine.succeed('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "DIFFICULTY=3"')
'';
}

5
nixos/tests/postgresql/postgresql.nix
View file

@ -54,6 +54,9 @@ let
services.postgresql = {
inherit package;
enable = true;
identMap = ''
postgres root postgres
'';
# TODO(@Ma27) split this off into its own VM test and move a few other
# extension tests to use postgresqlTestExtension.
extensions = ps: with ps; [ plv8 ];
@ -73,7 +76,7 @@ let
in
''
def check_count(statement, lines):
return 'test $(sudo -u postgres psql postgres -tAc "{}"|wc -l) -eq {}'.format(
return 'test $(psql -U postgres postgres -tAc "{}"|wc -l) -eq {}'.format(
statement, lines
)

2
nixos/tests/scion/freestanding-deployment/default.nix
View file

@ -23,7 +23,7 @@ import ../../make-test-python.nix (
networkConfig.Address = "192.168.1.${toString hostId}/24";
};
environment.etc = {
"scion/topology.json".source = ./topology${toString hostId}.json;
"scion/topology.json".source = ./topology + "${toString hostId}.json";
"scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
"scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
"scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";

4
pkgs/applications/editors/vscode/extensions/ms-toolsai.jupyter/default.nix
View file

@ -9,8 +9,8 @@ vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "jupyter";
publisher = "ms-toolsai";
version = "2025.3.0";
hash = "sha256-dH74EX5PDq4t/CukjsswtKLVwbE+q0J+fpZ1MA8CDZI=";
version = "2025.4.0";
hash = "sha256-UU2Ar6JNuEaODSqgssuR6E+XHEtjBojxfxEM8WiejMs=";
};
nativeBuildInputs = [

4
pkgs/applications/editors/vscode/extensions/sourcery.sourcery/default.nix
View file

@ -10,8 +10,8 @@ vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "sourcery";
publisher = "sourcery";
version = "1.35.0";
hash = "sha256-3+8kzQ+DZVysv0wYc3uM+8Z6jACgxCKNcZVJ2LOlodo=";
version = "1.36.0";
hash = "sha256-HbOPoDu0R47US+UtK7i2BLiYgUhnNMD1i6Ibo8h3Auk=";
};
nativeBuildInputs = lib.optionals stdenv.hostPlatform.isLinux [ autoPatchelfHook ];

2
pkgs/applications/virtualization/docker/default.nix
View file

@ -86,7 +86,7 @@ rec {
};
preBuild = ''
substituteInPlace Makefile --replace-warn "/bin/bash" "${lib.getExe bash}"
substituteInPlace Makefile --replace-warn "/bin/bash" "${stdenv.shell}"
'';
# docker/runc already include these patches / are not applicable

22
pkgs/by-name/af/affine/package.nix
View file

@ -4,9 +4,9 @@
stdenvNoCC,
fetchFromGitHub,
rustPlatform,
electron_34,
electron_35,
nodejs_22,
yarn-berry,
yarn-berry_4,
cacert,
writableTmpDirAsHomeHook,
cargo,
@ -17,12 +17,12 @@
jq,
copyDesktopItems,
makeWrapper,
llvmPackages,
apple-sdk_15,
makeDesktopItem,
nix-update-script,
buildType ? "stable",
commandLineArgs ? "",
llvmPackages,
apple-sdk_15,
}:
let
hostPlatform = stdenvNoCC.hostPlatform;
@ -34,21 +34,21 @@ let
}
.${hostPlatform.parsed.cpu.name}
or (throw "affine(${buildType}): unsupported CPU family ${hostPlatform.parsed.cpu.name}");
electron = electron_34;
electron = electron_35;
nodejs = nodejs_22;
yarn = yarn-berry.override { inherit nodejs; };
yarn-berry = yarn-berry_4.override { inherit nodejs; };
productName = if buildType != "stable" then "AFFiNE-${buildType}" else "AFFiNE";
binName = lib.toLower productName;
in
stdenv.mkDerivation (finalAttrs: {
pname = binName;
version = "0.21.4";
version = "0.21.6";
src = fetchFromGitHub {
owner = "toeverything";
repo = "AFFiNE";
tag = "v${finalAttrs.version}";
hash = "sha256-Xd8b+JXL46r9Jv5Uv5wdtvSKwnHafEo52v1aERmyxrI=";
hash = "sha256-xiOfy3uskqYv5b0U2s1Zpc4/ydsRhhUd8M33IH0BJ10=";
};
cargoDeps = rustPlatform.fetchCargoVendor {
@ -59,7 +59,7 @@ stdenv.mkDerivation (finalAttrs: {
name = "yarn-offline-cache";
inherit (finalAttrs) src;
nativeBuildInputs = [
yarn
yarn-berry
cacert
writableTmpDirAsHomeHook
];
@ -98,7 +98,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
dontInstall = true;
outputHashMode = "recursive";
outputHash = "sha256-w9Lz8wFq34VXInoE5pUeg1B7N92D+TnBWbL2qJ/q8ik=";
outputHash = "sha256-XpVygLwK/vjQJ5cDckIRM3Uo5hcahTz/XV1WjBQmOac=";
};
buildInputs = lib.optionals hostPlatform.isDarwin [
@ -108,7 +108,7 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs =
[
nodejs
yarn
yarn-berry
cargo
rustc
findutils

4
pkgs/by-name/ch/charge-lnd/package.nix
View file

@ -7,13 +7,13 @@
python3Packages.buildPythonApplication rec {
pname = "charge-lnd";
version = "0.2.13";
version = "0.3.0";
src = fetchFromGitHub {
owner = "accumulator";
repo = "charge-lnd";
tag = "v${version}";
hash = "sha256-mNU8bhiZqvYbNUU8vJNk9WbpAVrCTi9Fy3hlIpb06ac=";
hash = "sha256-a/zIEA2oF1+BoZXk4YDWx69eVFSnANUE/F+ARI/VsXU=";
};
propagatedBuildInputs = with python3Packages; [

38
pkgs/by-name/cm/cmctl/package.nix
View file

@ -9,24 +9,20 @@
buildGoModule rec {
pname = "cmctl";
version = "1.14.7";
version = "2.2.0";
src = fetchFromGitHub {
owner = "cert-manager";
repo = "cert-manager";
repo = "cmctl";
rev = "v${version}";
hash = "sha256-ZvrR8k1jiyAMUKM9VA6vKH2uhMKnd22OQe08CIlxXjs=";
hash = "sha256-Kr7vwVW6v08QRbJDs2u0vK241ljNfhLVYIQCBl31QSs=";
};
sourceRoot = "${src.name}/cmd/ctl";
vendorHash = "sha256-qaSzAPNVe25Fbbfqy0OFFnMJ21IlWuoJKwnT7y2wmOs=";
vendorHash = "sha256-D83Ufpa7PLQWBCHX5d51me3aYprGzc9RoKVma2Ax1Is=";
ldflags = [
"-s"
"-w"
"-X github.com/cert-manager/cert-manager/cmd/ctl/pkg/build.name=cmctl"
"-X github.com/cert-manager/cert-manager/cmd/ctl/pkg/build/commands.registerCompletion=true"
"-X github.com/cert-manager/cert-manager/pkg/util.AppVersion=v${version}"
"-X github.com/cert-manager/cert-manager/pkg/util.AppGitCommit=${src.rev}"
];
@ -35,24 +31,23 @@ buildGoModule rec {
installShellFiles
];
# Trusted by this computer: no: x509: “cert-manager” certificate is not trusted
checkPhase = ''
go test --race $(go list ./... | grep -v /test/)
'';
# Trusted by this computer: no: x509: “cert-manager” certificate is not
# trusted
doCheck = !stdenv.hostPlatform.isDarwin;
postInstall =
''
mv $out/bin/ctl $out/bin/cmctl
''
+ lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd cmctl \
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd cmctl \
--bash <($out/bin/cmctl completion bash) \
--fish <($out/bin/cmctl completion fish) \
--zsh <($out/bin/cmctl completion zsh)
'';
passthru.updateScript = nix-update-script { };
'';
meta = with lib; {
description = "CLI tool for managing cert-manager service on Kubernetes clusters";
description = "Command line utility to interact with a cert-manager instalation on Kubernetes";
mainProgram = "cmctl";
longDescription = ''
cert-manager adds certificates and certificate issuers as resource types
@ -63,8 +58,11 @@ buildGoModule rec {
Let's Encrypt, HashiCorp Vault, and Venafi as well as private PKI, and it
ensures certificates remain valid and up to date, attempting to renew
certificates at an appropriate time before expiry.
cmctl is a command line tool to help you manage cert-manager and its
resources inside your Kubernetes cluster.
'';
downloadPage = "https://github.com/cert-manager/cert-manager";
downloadPage = "https://github.com/cert-manager/cmctl";
license = licenses.asl20;
homepage = "https://cert-manager.io/";
maintainers = with maintainers; [ joshvanl ];

8
pkgs/by-name/cr/crosvm/package.nix
View file

@ -21,19 +21,19 @@
rustPlatform.buildRustPackage {
pname = "crosvm";
version = "0-unstable-2025-04-25";
version = "0-unstable-2025-05-06";
src = fetchgit {
url = "https://chromium.googlesource.com/chromiumos/platform/crosvm";
rev = "6b75e831de4d5f44a362142d25b77d9c4d7988aa";
hash = "sha256-hqnzKFdjM32omoECKYTGkSukkpy837e44vMMnN5B05I=";
rev = "55ea45ba0b2b95b49287e5498fb46b74f7a83ac6";
hash = "sha256-i9p3UFtGSbSAlup2h/UpXBGy4huFbpeKegTMMB+I5us=";
fetchSubmodules = true;
};
separateDebugInfo = true;
useFetchCargoVendor = true;
cargoHash = "sha256-A5yHGG5KEsSUlDb+m+R6NnKEvReClPaGRxWjNjXlgys=";
cargoHash = "sha256-23F0WU//4xvP9xffxr+cQa0m0sSJjcWyz+usKBpDg20=";
nativeBuildInputs = [
pkg-config

4
pkgs/by-name/di/diffoscope/package.nix
View file

@ -106,11 +106,11 @@ in
# Note: when upgrading this package, please run the list-missing-tools.sh script as described below!
python.pkgs.buildPythonApplication rec {
pname = "diffoscope";
version = "294";
version = "295";
src = fetchurl {
url = "https://diffoscope.org/archive/diffoscope-${version}.tar.bz2";
hash = "sha256-9LwP/IL58OdKlB9X4zo0HDEG3nuR6HOBZmSp5166N6E=";
hash = "sha256-BxyE14vXS7lGFwWsruDAcdXMRsoETFwXPQxfMpSh1+E=";
};
outputs = [

4
pkgs/by-name/di/disko/package.nix
View file

@ -12,12 +12,12 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "disko";
version = "1.11.0";
version = "1.12.0";
src = fetchFromGitHub {
owner = "nix-community";
repo = "disko";
rev = "v${finalAttrs.version}";
hash = "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=";
hash = "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=";
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ bash ];

4
pkgs/by-name/dr/dropbear/package.nix
View file

@ -20,11 +20,11 @@ in
stdenv.mkDerivation rec {
pname = "dropbear";
version = "2025.87";
version = "2025.88";
src = fetchurl {
url = "https://matt.ucc.asn.au/dropbear/releases/dropbear-${version}.tar.bz2";
sha256 = "sha256-c4t/NYVH8MZMPhpWu8XvmNNNnsat+czfAdwL8sqivI0=";
sha256 = "sha256-eD9Q6iexfBbaiVePr9tt7PpEu49lkOVpik5NNnLcU9Q=";
};
CFLAGS = lib.pipe (lib.attrNames dflags) [

6
pkgs/by-name/ec/ecspresso/package.nix
View file

@ -7,20 +7,20 @@
buildGoModule rec {
pname = "ecspresso";
version = "2.4.6";
version = "2.5.0";
src = fetchFromGitHub {
owner = "kayac";
repo = "ecspresso";
tag = "v${version}";
hash = "sha256-tpTtGU0tqBuRu61jtEdK+/JbJsWdVEks1iKCsne9sQQ=";
hash = "sha256-j0vSDOWAnYhHV0+LXULX+5pHxGl4QCRREqir2ak00rY=";
};
subPackages = [
"cmd/ecspresso"
];
vendorHash = "sha256-P5qx6rNFzyKA4L/bAIsdzL1McGkeRF/5ah0gRx1lBZk=";
vendorHash = "sha256-Y3Oxmk2nmZUGHzvSn0Wxp9ApPNy0x2fbYB3agZmCL8U=";
ldflags = [
"-s"

6
pkgs/by-name/fo/forgejo-cli/package.nix
View file

@ -9,7 +9,7 @@
zlib,
}:
let
version = "0.2.0";
version = "0.3.0";
in
rustPlatform.buildRustPackage {
pname = "forgejo-cli";
@ -20,11 +20,11 @@ rustPlatform.buildRustPackage {
owner = "Cyborus";
repo = "forgejo-cli";
rev = "v${version}";
hash = "sha256-rHyPncAARIPakkv2/CD1/aF2G5AS9bb3T2x8QCQWl5o=";
hash = "sha256-8KPR7Fx26hj5glKDjczCLP6GgQBUsA5TpjhO5UZOpik=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-PkKinAZrZ+v1/eygiPis4F7EJnmjYfeQFPKfGpza0yA=";
cargoHash = "sha256-kW7Pexydkosaufk1e8P5FaY+dgkeeTG5qgJxestWkVs=";
nativeBuildInputs = [ pkg-config ];

52
pkgs/by-name/fr/freediameter/package.nix Normal file
View file

@ -0,0 +1,52 @@
{
lib,
stdenv,
fetchFromGitHub,
bison,
cmake,
flex,
pkg-config,
gnutls,
libgcrypt,
libidn2,
lksctp-tools,
unstableGitUpdater,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "freediameter";
version = "1.5.0-unstable-2025-03-16";
src = fetchFromGitHub {
owner = "freeDiameter";
repo = "freeDiameter";
rev = "8e525acdfd439995f3e8e26d5a802fc4ad95d24c";
hash = "sha256-ai2R8scP++tdPh303RAl0qdIpehzFoyykAuAyl2w3MA=";
};
strictDeps = true;
nativeBuildInputs = [
bison
cmake
flex
pkg-config
];
buildInputs = [
gnutls
libgcrypt
libidn2
lksctp-tools
];
passthru.updateScript = unstableGitUpdater { };
meta = {
description = "Implementation of the Diameter Protocol";
homepage = "https://github.com/freeDiameter/freeDiameter";
license = lib.licenses.bsd3;
platforms = lib.platforms.unix;
teams = with lib.teams; [ ngi ];
maintainers = with lib.maintainers; [ ];
};
})

6
pkgs/by-name/gh/gh-dash/package.nix
View file

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "gh-dash";
version = "4.12.0";
version = "4.15.0";
src = fetchFromGitHub {
owner = "dlvhdr";
repo = "gh-dash";
rev = "v${version}";
hash = "sha256-qtSJbp9BGX4669fl/B1Z6rGG3432Nj1IQ+aYfIE9W50=";
hash = "sha256-NTKU3/omeeeKy5XhGjeylwHrLrU6xWiOpXC1j6q6ZaA=";
};
vendorHash = "sha256-7s+Lp8CHo1+h2TmbTOcAGZORK+/1wytk4nv9fgD2Mhw=";
vendorHash = "sha256-9EuPq8leSf4K+HZUoUh4gNe8/ZV3g1WXSTXYWawHd14=";
ldflags = [
"-s"

71
pkgs/by-name/go/go-away/package.nix Normal file
View file

@ -0,0 +1,71 @@
{
lib,
buildGoModule,
fetchFromGitea,
# asset compression
brotli,
zopfli,
# wasm compilation
clang,
tinygo,
}:
buildGoModule (finalAttrs: {
pname = "go-away";
version = "0.6.0";
src = fetchFromGitea {
domain = "git.gammaspectra.live";
owner = "git";
repo = "go-away";
tag = "v${finalAttrs.version}";
hash = "sha256-txHS7KljO7t/VoRonsELPo8cELxpaDmQmD24Ta+kPMw=";
};
vendorHash = "sha256-bSIG7m7f/dexJeGbvCLSGCWZNEXXqrUdI1ArZuOBoeA=";
nativeBuildInputs = [
# build-compress.sh
brotli
zopfli
# build-wasm.sh
clang
tinygo
];
postPatch = ''
patchShebangs *.sh
'';
preBuild = ''
./build-compress.sh
# build-wasm.sh
export HOME=$(mktemp -d)
go generate -v ./...
'';
subPackages = [
"cmd/go-away"
];
meta = {
changelog = "https://git.gammaspectra.live/git/go-away/releases/tag/${finalAttrs.src.tag}";
description = "Self-hosted abuse detection and rule enforcement against low-effort mass AI scraping and bots";
longDescription = ''
go-away sits in between your site and the Internet / upstream proxy.
Incoming requests can be selected by rules to be actioned or challenged to filter suspicious requests.
The tool is designed highly flexible so the operator can minimize impact to legit users, while surgically targeting heavy endpoints or scrapers.
Challenges can be transparent (not shown to user, depends on backend or other logic), non-JavaScript (challenges common browser properties), or custom JavaScript (from Proof of Work to fingerprinting or Captcha is supported)
'';
homepage = "https://git.gammaspectra.live/git/go-away";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ hexa ];
};
})

8
pkgs/by-name/go/godns/package.nix
View file

@ -10,19 +10,19 @@
buildGoModule rec {
pname = "godns";
version = "3.2.3";
version = "3.2.4";
src = fetchFromGitHub {
owner = "TimothyYe";
repo = "godns";
tag = "v${version}";
hash = "sha256-gKfuyw3cayDNHW2RrPaq1+vETDWyu5yxoiQvmRquwDU=";
hash = "sha256-Uf+V6A5Q1gQQn+hJUUwmeaGve8364Lui2dMeCzkkeTQ=";
};
vendorHash = "sha256-3HN67FUtLfIF/V/Ax/UsFD/hmm1g+MsAZkQsZ/DvEcI=";
vendorHash = "sha256-PrXi460v7ooBhFooLw14tMDvLvEzIYt+4Y+36BYdWzA=";
npmDeps = fetchNpmDeps {
src = "${src}/web";
hash = "sha256-wumu3uTzZh4uXlxaDfS8rxWapjkKnzCQGk3izH242qc=";
hash = "sha256-+a5IrJLamuNmwGhPIA7JKvgm6COnYre6bPuAv1PgGns=";
};
npmRoot = "web";

17
pkgs/applications/file-managers/krusader/default.nix → pkgs/by-name/kr/krusader/package.nix
View file

@ -3,17 +3,8 @@
stdenv,
fetchurl,
extra-cmake-modules,
kdoctools,
karchive,
kconfig,
kcrash,
kguiaddons,
kparts,
kwindowsystem,
cmake,
wrapQtAppsHook,
qt5compat,
kstatusnotifieritem,
kdePackages,
}:
stdenv.mkDerivation rec {
@ -28,11 +19,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
cmake
extra-cmake-modules
kdoctools
wrapQtAppsHook
kdePackages.kdoctools
kdePackages.wrapQtAppsHook
];
propagatedBuildInputs = [
propagatedBuildInputs = with kdePackages; [
karchive
kconfig
kcrash

89
pkgs/by-name/li/libnop/001-system-install.patch Normal file
View file

@ -0,0 +1,89 @@
From ae29a8772f38fdb1efc24af9ec2e3f6814eb2158 Mon Sep 17 00:00:00 2001
From: Petr Hodina <petr.hodina@luxonis.com>
Date: Sun, 4 May 2025 09:30:55 +0200
Subject: [PATCH] Makefile: Add install into the system
---
Makefile | 44 ++++++++++++++++++++++++++++++++++++++++++++
libnop.pc.in | 7 +++++++
2 files changed, 51 insertions(+)
create mode 100644 libnop.pc.in
diff --git a/Makefile b/Makefile
index 84cb459..e5b8a67 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,7 @@
what_to_build:: all
+VERSION ?= 0-unstable-2022-09-04
+
-include local.mk
TOOLCHAIN ?=
@@ -17,6 +19,12 @@ HOST_CFLAGS := -g -O2 -Wall -Werror -Wextra -Iinclude
HOST_CXXFLAGS := -std=c++14
HOST_LDFLAGS :=
+# Define install locations in the system
+INSTALL_PREFIX ?= /usr/local
+INCLUDE_INSTALL_DIR ?= $(INSTALL_PREFIX)/include/
+PKGCONFIG_INSTALL_DIR ?= $(INSTALL_PREFIX)/lib/pkgconfig
+CMAKE_CONFIG_INSTALL_DIR ?= $(INSTALL_PREFIX)/lib/cmake/libnop
+
ifeq ($(HOST_OS),Linux)
HOST_LDFLAGS := -lpthread
endif
@@ -138,3 +146,39 @@ all:: $(ALL)
# we generate .d as a side-effect of compiling. override generic rule:
%.d:
-include $(DEPS)
+
+# Handle install into the system
+.PHONY: install install-pkgconfig install-cmake
+
+install: install-headers install-pkgconfig install-cmake
+
+install-headers:
+ @echo "Installing headers to $(INCLUDE_INSTALL_DIR)"
+ mkdir -p $(INCLUDE_INSTALL_DIR)
+ cp -r include/* $(INCLUDE_INSTALL_DIR)
+
+install-pkgconfig: $(OUT)/libnop.pc
+ @echo "Installing pkg-config file to $(PKGCONFIG_INSTALL_DIR)"
+ mkdir -p $(PKGCONFIG_INSTALL_DIR)
+ cp $< $(PKGCONFIG_INSTALL_DIR)
+
+PC_TEMPLATE := libnop.pc.in
+
+$(OUT)/libnop.pc: $(PC_TEMPLATE)
+ mkdir -p $(dir $@)
+ sed \
+ -e 's|@prefix@|$(INSTALL_PREFIX)|g' \
+ -e 's|@includedir@|$(INSTALL_PREFIX)/include|g' \
+ -e 's|@version@|$(VERSION)|g' \
+ $< > $@
+
+install-cmake: $(OUT)/libnopConfig.cmake
+ @echo "Installing CMake config to $(CMAKE_CONFIG_INSTALL_DIR)"
+ mkdir -p $(CMAKE_CONFIG_INSTALL_DIR)
+ cp $< $(CMAKE_CONFIG_INSTALL_DIR)
+
+$(OUT)/libnopConfig.cmake:
+ mkdir -p $(dir $@)
+ echo "set(LIBNOP_INCLUDE_DIR \"$(INCLUDE_INSTALL_DIR)\")" > $@
+ echo "set(LIBNOP_FOUND TRUE)" >> $@
+ echo "mark_as_advanced(LIBNOP_INCLUDE_DIR)" >> $@
diff --git a/libnop.pc.in b/libnop.pc.in
new file mode 100644
index 0000000..8c5475b
--- /dev/null
+++ b/libnop.pc.in
@@ -0,0 +1,7 @@
+prefix=@prefix@
+includedir=@includedir@
+
+Name: libnop
+Description: Header-only C++ Native Object Protocols library
+Version: @version@
+Cflags: -I${includedir}

54
pkgs/by-name/li/libnop/002-fix-template-warning.patch Normal file
View file

@ -0,0 +1,54 @@
From 199978a0fb0dc31de43b80f7504b53958fd202ee Mon Sep 17 00:00:00 2001
From: Petr Hodina <petr.hodina@luxonis.com>
Date: Sun, 4 May 2025 09:58:20 +0200
Subject: [PATCH] C++: Fix compilation issue
-Wno-missing-template-arg-list-after-template-kw
---
include/nop/rpc/interface.h | 2 +-
include/nop/types/variant.h | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/nop/rpc/interface.h b/include/nop/rpc/interface.h
index 167d203..9772d06 100644
--- a/include/nop/rpc/interface.h
+++ b/include/nop/rpc/interface.h
@@ -245,7 +245,7 @@ struct InterfaceMethod {
template <typename Sender>
static void Invoke(Sender* sender, Status<Return>* return_value,
Args... args) {
- sender->NOP_TEMPLATE SendMethod(InterfaceMethod::Selector, return_value,
+ sender->NOP_TEMPLATE SendMethod<>(InterfaceMethod::Selector, return_value,
std::forward_as_tuple(args...));
}
diff --git a/include/nop/types/variant.h b/include/nop/types/variant.h
index fdf8e03..af8c81e 100644
--- a/include/nop/types/variant.h
+++ b/include/nop/types/variant.h
@@ -239,7 +239,7 @@ class Variant {
// resulting type.
template <typename... Args>
void Construct(Args&&... args) {
- index_ = value_.NOP_TEMPLATE Construct(std::forward<Args>(args)...);
+ index_ = value_.NOP_TEMPLATE Construct<>(std::forward<Args>(args)...);
}
void Construct(EmptyVariant) {}
@@ -256,14 +256,14 @@ class Variant {
// multiple element types.
template <typename T, typename U>
void Assign(TypeTag<T>, U&& value) {
- if (!value_.NOP_TEMPLATE Assign(TypeTag<T>{}, index_, std::forward<U>(value))) {
+ if (!value_.NOP_TEMPLATE Assign<>(TypeTag<T>{}, index_, std::forward<U>(value))) {
Destruct();
Construct(TypeTag<T>{}, std::forward<U>(value));
}
}
template <typename T>
void Assign(T&& value) {
- if (!value_.NOP_TEMPLATE Assign(index_, std::forward<T>(value))) {
+ if (!value_.NOP_TEMPLATE Assign<>(index_, std::forward<T>(value))) {
Destruct();
Construct(std::forward<T>(value));
}

47
pkgs/by-name/li/libnop/package.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
stdenv,
fetchpatch,
fetchFromGitHub,
gtest,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "libnop";
version = "0-unstable-2022-09-04";
src = fetchFromGitHub {
owner = "luxonis";
repo = "libnop";
rev = "ab842f51dc2eb13916dc98417c2186b78320ed10";
sha256 = "sha256-d2z/lDI9pe5TR82MxGkR9bBMNXPvzqb9Gsd5jOv6x1A=";
};
patches = [
# System install
# https://github.com/luxonis/libnop/pull/6/commits/ae29a8772f38fdb1efc24af9ec2e3f6814eb2158.patch
./001-system-install.patch
# Fix template warning
# https://github.com/luxonis/libnop/pull/6/commits/199978a0fb0dc31de43b80f7504b53958fd202ee.patch
./002-fix-template-warning.patch
];
nativeBuildInputs = [ gtest ];
# Add optimization flags to address _FORTIFY_SOURCE warning
NIX_CFLAGS_COMPILE = [ "-O1" ];
installPhase = ''
runHook preInstall
make INSTALL_PREFIX=$out install
runHook postInstall
'';
meta = {
description = "A fast, header-only C++ serialization library";
homepage = "https://github.com/google/libnop";
license = lib.licenses.asl20;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [ phodina ];
};
})

4
pkgs/by-name/ma/mapproxy/package.nix
View file

@ -7,14 +7,14 @@
python3Packages.buildPythonApplication rec {
pname = "mapproxy";
version = "4.0.2";
version = "4.1.1";
disabled = python3Packages.pythonOlder "3.8";
src = fetchFromGitHub {
owner = "mapproxy";
repo = "mapproxy";
tag = version;
hash = "sha256-2c9tYra6EM1eL+bk1Kg+HVy6oXRKWTJz4ZnZA7hX2HA=";
hash = "sha256-rsravNSmvx1/291VvfRm0Yx1eg32UJd+egeG4S2SNnk=";
};
prePatch = ''

6
pkgs/applications/file-managers/mc/default.nix → pkgs/by-name/mc/mc/package.nix
View file

@ -17,7 +17,7 @@
libssh2,
openssl,
coreutils,
autoSignDarwinBinariesHook,
darwin,
x11Support ? true,
libX11,
@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
# The preFixup hook rewrites the binary, which invaliates the code
# signature. Add the fixup hook to sign the output.
++ lib.optionals (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) [
autoSignDarwinBinariesHook
darwin.autoSignDarwinBinariesHook
];
buildInputs =
@ -104,7 +104,7 @@ stdenv.mkDerivation rec {
homepage = "https://midnight-commander.org";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ sander ];
platforms = with platforms; linux ++ darwin;
platforms = platforms.linux ++ platforms.darwin;
mainProgram = "mc";
};
}

42
pkgs/by-name/mk/mkclean/package.nix
View file

@ -1,45 +1,35 @@
{
dos2unix,
fetchurl,
lib,
stdenv,
fetchurl,
cmake,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "mkclean";
version = "0.8.10";
hardeningDisable = [ "format" ];
nativeBuildInputs = [ dos2unix ];
version = "0.9.0";
src = fetchurl {
url = "mirror://sourceforge/matroska/${pname}-${version}.tar.bz2";
sha256 = "0zbpi4sm68zb20d53kbss93fv4aafhcmz7dsd0zdf01vj1r3wxwn";
url = "mirror://sourceforge/matroska/mkclean-${finalAttrs.version}.tar.bz2";
hash = "sha256-L1zcqw4Jtl+f74lJpV7wDuPdcA5LQFDiRdRCNH18w9s=";
};
configurePhase = ''
dos2unix ./mkclean/configure.compiled
./mkclean/configure.compiled
nativeBuildInputs = [ cmake ];
hardeningDisable = [ "format" ];
postInstall = ''
install -Dm0755 mkclean/mkclean $out/bin/mkclean
'';
buildPhase = ''
make -C mkclean
'';
installPhase = ''
mkdir -p $out/{bin,lib}
mv release/gcc_linux_*/*.* $out/lib
mv release/gcc_linux_*/* $out/bin
'';
meta = with lib; {
meta = {
description = "Command line tool to clean and optimize Matroska (.mkv / .mka / .mks / .mk3d) and WebM (.webm / .weba) files that have already been muxed";
homepage = "https://www.matroska.org";
license = licenses.bsdOriginal;
maintainers = with maintainers; [ cawilliamson ];
license = lib.licenses.bsdOriginal;
maintainers = with lib.maintainers; [ cawilliamson ];
platforms = [
"i686-linux"
"x86_64-linux"
];
};
}
})

6
pkgs/by-name/nu/nuclei/package.nix
View file

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "nuclei";
version = "3.4.2";
version = "3.4.3";
src = fetchFromGitHub {
owner = "projectdiscovery";
repo = "nuclei";
tag = "v${version}";
hash = "sha256-p3coR11+1xFQF3flIxfEP6HqQOD7+gHuT0ysOSKQyzc=";
hash = "sha256-mrmuPSieC3Mf/TkxE6pZv/1adeN4Kj66W3CNQe9VfOg=";
};
vendorHash = "sha256-cT8ZDp1GSdlgMr0i23i2WAVRmSbhwZZa/RKNPezr9l0=";
vendorHash = "sha256-4owpHvF95qMaasx87G63eLS/2ah3ZiogqyYtug3rvig=";
proxyVendor = true; # hash mismatch between Linux and Darwin

6
pkgs/by-name/op/open-webui/package.nix
View file

@ -8,13 +8,13 @@
}:
let
pname = "open-webui";
version = "0.6.7";
version = "0.6.9";
src = fetchFromGitHub {
owner = "open-webui";
repo = "open-webui";
tag = "v${version}";
hash = "sha256-4V0WhiVhjxYtbwDt+83AfkjJtQFew2P6i1sLtRL13lg=";
hash = "sha256-Eib5UpPPQHXHOBVWrsNH1eEJrF8Vx9XshGYUnnAehpM=";
};
frontend = buildNpmPackage rec {
@ -30,7 +30,7 @@ let
url = "https://github.com/pyodide/pyodide/releases/download/${pyodideVersion}/pyodide-${pyodideVersion}.tar.bz2";
};
npmDepsHash = "sha256-kOqfYAMkpiT2d79fpH1ON5FQAuV1i3/PL9waQq/YR58=";
npmDepsHash = "sha256-Vcc8ExET53EVtNUhb4JoxYIUWoQ++rVTpxUPgcZ+GNI=";
# Disabling `pyodide:fetch` as it downloads packages during `buildPhase`
# Until this is solved, running python packages from the browser will not work.

50
pkgs/by-name/op/opengamepadui/package.nix
View file

@ -1,6 +1,5 @@
{
alsa-lib,
autoPatchelfHook,
cargo,
dbus,
fetchFromGitHub,
@ -43,34 +42,12 @@ stdenv.mkDerivation (finalAttrs: {
cargoRoot = "extensions";
nativeBuildInputs = [
autoPatchelfHook
cargo
godot_4_4
godot_4_4.export-templates-bin
pkg-config
rustPlatform.cargoSetupHook
];
runtimeDependencies = [
alsa-lib
dbus
gamescope
hwdata
libGL
libpulseaudio
mesa-demos
udev
upower
vulkan-loader
xorg.libX11
xorg.libXcursor
xorg.libXext
xorg.libXi
xorg.libXrandr
xorg.libXres
xorg.libXtst
];
dontStrip = withDebug;
env =
@ -81,7 +58,7 @@ stdenv.mkDerivation (finalAttrs: {
GODOT = lib.getExe godot_4_4;
GODOT_VERSION = lib.elemAt versionAndRelease 0;
GODOT_RELEASE = lib.elemAt versionAndRelease 1;
EXPORT_TEMPLATE = "${godot_4_4.export-templates-bin}";
EXPORT_TEMPLATE = "${godot_4_4.export-template}/share/godot/export_templates";
BUILD_TYPE = "${finalAttrs.buildType}";
};
@ -92,15 +69,26 @@ stdenv.mkDerivation (finalAttrs: {
preBuild = ''
# Godot looks for export templates in HOME
export HOME=$(mktemp -d)
mkdir -p $HOME/.local/share/godot/export_templates
ln -s "${godot_4_4.export-templates-bin}" "$HOME/.local/share/godot/export_templates/$GODOT_VERSION.$GODOT_RELEASE"
mkdir -p $HOME/.local/share/godot/
ln -s "$EXPORT_TEMPLATE" "$HOME"/.local/share/godot/
'';
postInstall = ''
# The Godot binary looks in "../lib" for gdextensions
mkdir -p $out/share/lib
mv $out/share/opengamepadui/*.so $out/share/lib
'';
postInstall =
let
runtimeDependencies = [
gamescope
hwdata
mesa-demos
udev
upower
];
in
''
# The Godot binary looks in "../lib" for gdextensions
mkdir -p $out/share/lib
mv $out/share/opengamepadui/*.so $out/share/lib
patchelf --add-rpath ${lib.makeLibraryPath runtimeDependencies} $out/share/lib/*.so
'';
passthru.updateScript = nix-update-script { };

30
pkgs/by-name/pi/pixelorama/package.nix
View file

@ -1,20 +1,9 @@
{
lib,
stdenv,
alsa-lib,
autoPatchelfHook,
fetchFromGitHub,
godot_4_3,
libGL,
libpulseaudio,
libX11,
libXcursor,
libXext,
libXi,
libXrandr,
nix-update-script,
udev,
vulkan-loader,
}:
let
@ -28,7 +17,6 @@ let
or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
godot = godot_4_3;
godot_version_folder = lib.replaceStrings [ "-" ] [ "." ] godot.version;
in
stdenv.mkDerivation (finalAttrs: {
pname = "pixelorama";
@ -44,29 +32,15 @@ stdenv.mkDerivation (finalAttrs: {
strictDeps = true;
nativeBuildInputs = [
autoPatchelfHook
godot
];
runtimeDependencies = map lib.getLib [
alsa-lib
libGL
libpulseaudio
libX11
libXcursor
libXext
libXi
libXrandr
udev
vulkan-loader
];
buildPhase = ''
runHook preBuild
export HOME=$(mktemp -d)
mkdir -p $HOME/.local/share/godot/export_templates
ln -s "${godot.export-templates-bin}" "$HOME/.local/share/godot/export_templates/${godot_version_folder}"
mkdir -p $HOME/.local/share/godot/
ln -s "${godot.export-template}"/share/godot/export_templates "$HOME"/.local/share/godot/
mkdir -p build
godot4 --headless --export-release "${preset}" ./build/pixelorama

6
pkgs/by-name/po/postgresqlTestHook/postgresql-test-hook.sh
View file

@ -1,5 +1,5 @@
preCheckHooks+=('postgresqlStart')
postCheckHooks+=('postgresqlStop')
preCheckHooks+=(postgresqlStart)
postCheckHooks+=(postgresqlStop)
postgresqlStart() {
@ -69,6 +69,7 @@ EOF
echo 'starting postgresql'
eval "${postgresqlStartCommands:-pg_ctl start}"
failureHooks+=(postgresqlStop)
echo 'setting up postgresql'
eval "$postgresqlTestSetupCommands"
@ -80,4 +81,5 @@ EOF
postgresqlStop() {
echo 'stopping postgresql'
pg_ctl stop
failureHooks=("${failureHooks[@]/postgresqlStop}")
}

4
pkgs/by-name/pr/prowler/package.nix
View file

@ -21,14 +21,14 @@ let
in
py.pkgs.buildPythonApplication rec {
pname = "prowler";
version = "5.5.1";
version = "5.6.0";
pyproject = true;
src = fetchFromGitHub {
owner = "prowler-cloud";
repo = "prowler";
tag = version;
hash = "sha256-SljpmFZNfenLB+meJHjnGsnDCRBi+60/IMlJLWtBw7Q=";
hash = "sha256-+AZEeWvkG8abC44WmVjDzZ9BT+MrLp5+iLDOMmN0aN4=";
};
pythonRelaxDeps = true;

10
pkgs/by-name/q2/q2pro/package.nix
View file

@ -32,18 +32,18 @@
stdenv.mkDerivation (finalAttrs: rec {
pname = "q2pro";
version = "0-unstable-2025-04-27";
version = "0-unstable-2025-05-03";
src = fetchFromGitHub {
owner = "skullernet";
repo = "q2pro";
rev = "9d3b9d1628a0fcd17eb1cf8bb65cff6d917c9a25";
hash = "sha256-MyEAoBEASfB4MQdVTu6O8YcZCUWtuIijN34dpwsELPs=";
rev = "aba81ef8bc277e9a4e11733a449a29d07ea28c7a";
hash = "sha256-5iUvHmqhB8X9ylTMS1va4qTnPCRPI4yOg2L0Qp2d9hE=";
};
# build date and rev number is displayed in the game's console
revCount = "3812"; # git rev-list --count ${src.rev}
SOURCE_DATE_EPOCH = "1745703870"; # git show -s --format=%ct ${src.rev}
revCount = "3817"; # git rev-list --count ${src.rev}
SOURCE_DATE_EPOCH = "1746223027"; # git show -s --format=%ct ${src.rev}
nativeBuildInputs =
[

6
pkgs/by-name/ri/rio/package.nix
View file

@ -53,17 +53,17 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "rio";
version = "0.2.12";
version = "0.2.14";
src = fetchFromGitHub {
owner = "raphamorim";
repo = "rio";
rev = "v${version}";
hash = "sha256-NAg8Hm90CxRt3rthFas8IyAjc1oj/PSRjjG/5R68CD8=";
hash = "sha256-ymu2t6J8s9SSGCc17ogNclVPgbQUeEJEqiR70LVsM9Q=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-myOZNiLdc9430jn5bSKtGmW4dY4yo7wt2Mf3dEQZaSs=";
cargoHash = "sha256-MXQDlA8FHZdgLmQtO6iFkxwftnq8EpIvprrO6zPK9BM=";
nativeBuildInputs =
[

4
pkgs/by-name/sp/spicy-parser-generator/package.nix
View file

@ -12,7 +12,7 @@
stdenv.mkDerivation rec {
pname = "spicy";
version = "1.12.0";
version = "1.13.0";
strictDeps = true;
@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
owner = "zeek";
repo = "spicy";
rev = "v${version}";
hash = "sha256-MLwBklSNLqx3LgNSFvo5p/MPyt/IlYGwvTbN1PJlims=";
hash = "sha256-BMypkuBmepuLmOXUjeG5hZhOXojjFodaZzZz5S+iBoE=";
fetchSubmodules = true;
};

10
pkgs/by-name/ti/tideways-cli/package.nix
View file

@ -11,7 +11,7 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "tideways-cli";
version = "1.2.8";
version = "1.2.10";
nativeBuildInputs = [ installShellFiles ];
@ -38,19 +38,19 @@ stdenvNoCC.mkDerivation (finalAttrs: {
sources = {
"x86_64-linux" = fetchurl {
url = "https://s3-eu-west-1.amazonaws.com/tideways/cli/${finalAttrs.version}/tideways-cli_linux_amd64-${finalAttrs.version}.tar.gz";
hash = "sha256-eIgCUgyjGDJ1cPVJb3tuN45VrQGXegbcxUGYj4BRQ/k=";
hash = "sha256-dUWwX+0rDQce/AklrBU4ALRSmHbBnbQQGlUtfK+Foeg=";
};
"aarch64-linux" = fetchurl {
url = "https://s3-eu-west-1.amazonaws.com/tideways/cli/${finalAttrs.version}/tideways-cli_linux_arm64-${finalAttrs.version}.tar.gz";
hash = "sha256-4g7zXmz5e9PjmWV5WHc3zmDkJQyn6lYvDHqqhGsTZeg=";
hash = "sha256-a/0H64NSJZG2ixJCeCAp1SD/2l6HGCT1oECTSsgfu2E=";
};
"x86_64-darwin" = fetchurl {
url = "https://s3-eu-west-1.amazonaws.com/tideways/cli/${finalAttrs.version}/tideways-cli_macos_amd64-${finalAttrs.version}.tar.gz";
hash = "sha256-++B5ut7a4kIEJS5cRlG2q7QQzNH9VQh6K1JdFWAJ6Ns=";
hash = "sha256-B5K7CvBVdSpgRfPXxYraPIZwkwW/kxlkPmaDEy1cOuE=";
};
"aarch64-darwin" = fetchurl {
url = "https://s3-eu-west-1.amazonaws.com/tideways/cli/${finalAttrs.version}/tideways-cli_macos_arm64-${finalAttrs.version}.tar.gz";
hash = "sha256-ot3MQhOYHow7gh92CmEw5nw7OLuBTHMnXP/4GPAo0k4=";
hash = "sha256-xstTc8y03uWmN33Oi8h7zmoMm4XtY8kl3taLlaJCYmk=";
};
};

6
pkgs/by-name/ty/typos-lsp/package.nix
View file

@ -7,17 +7,17 @@ rustPlatform.buildRustPackage rec {
pname = "typos-lsp";
# Please update the corresponding VSCode extension too.
# See pkgs/applications/editors/vscode/extensions/tekumara.typos-vscode/default.nix
version = "0.1.36";
version = "0.1.37";
src = fetchFromGitHub {
owner = "tekumara";
repo = "typos-lsp";
tag = "v${version}";
hash = "sha256-TA0mWhHhTFBleybdpv3ypQmwYhqt1EKmWoDeKUiF9VI=";
hash = "sha256-+G4jOoC8AdCE5tEb7qN8cord/pe8Qsa/U1YpL0fWSeo=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-5G2hV1c063WKfc2Y8oW3OQdO2v0b8M6kfxf2NV+jMlA=";
cargoHash = "sha256-D3XmCPQYBbr5OwY62xigtYnHATSePZQnkGoUZWqGMR8=";
# fix for compilation on aarch64
# see https://github.com/NixOS/nixpkgs/issues/145726

6
pkgs/by-name/ve/velocity/package.nix
View file

@ -35,13 +35,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "velocity";
version = "3.4.0-unstable-2025-04-30";
version = "3.4.0-unstable-2025-05-09";
src = fetchFromGitHub {
owner = "PaperMC";
repo = "Velocity";
rev = "b411a0fa09f76aec062921b77642828408f0099f";
hash = "sha256-R61N4OxS5r4vtZC9IRGX1aizj6J5JB6nVP09+q1pyUo=";
rev = "e13c8c340f242d270b16ec6931d1ba94a9e8f1f3";
hash = "sha256-CJVUEwYnpXDaYgXoi1Qk0uyB/CHM3UDQzQfhtDxDKdE=";
};
nativeBuildInputs =

0
pkgs/applications/file-managers/xfe/default.nix → pkgs/by-name/xf/xfe/package.nix
View file

6
pkgs/by-name/ya/yanic/package.nix
View file

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "yanic";
version = "1.6.2";
version = "1.7.1";
src = fetchFromGitHub {
owner = "FreifunkBremen";
repo = "yanic";
rev = "v${version}";
hash = "sha256-z2vr1QmRCo8y4hopWP14xSV7lsWKkCzK9OehlVLFdIg=";
hash = "sha256-uqmojpwGFs6inhmKIztYlGFvUS8AjQIYTHSkZcGyEUo=";
};
vendorHash = "sha256-6UiiajKLzW5e7y0F6GMYDZP6xTyOiccLIKlwvOY7LRo=";
vendorHash = "sha256-UYrQwOyWlKxDH5hHKAZCxQbO+eA6JsPuG0SbkWMF/HQ=";
ldflags = [
"-X github.com/FreifunkBremen/yanic/cmd.VERSION=${version}"

4
pkgs/development/python-modules/aider-chat/default.nix
View file

@ -130,7 +130,7 @@ let
];
};
version = "0.83.0";
version = "0.83.1";
aider-chat = buildPythonPackage {
pname = "aider-chat";
inherit version;
@ -143,7 +143,7 @@ let
owner = "Aider-AI";
repo = "aider";
tag = "v${version}";
hash = "sha256-hXKrjo/9Y3WLgluwEK2q123QcfBVA0ByEKaq8Rtd70E=";
hash = "sha256-2OHPqsS1znl7G4Z8mu8oKHNPdDr4YmSfGzXLylTgooE=";
};
pythonRelaxDeps = true;

9
pkgs/development/python-modules/pynina/default.nix
View file

@ -3,20 +3,17 @@
aiohttp,
buildPythonPackage,
fetchPypi,
pythonOlder,
setuptools,
}:
buildPythonPackage rec {
pname = "pynina";
version = "0.3.5";
version = "0.3.6";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-M+0gujriblTDj/qDmBnC4DlKjlZbbStsr7tep5HeNlg=";
hash = "sha256-w5iJXmOd0fqWIZnVG6zDop1t2h4B+4v0/EuwgS00LkA=";
};
pythonRelaxDeps = [ "aiohttp" ];
@ -33,7 +30,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Python API wrapper to retrieve warnings from the german NINA app";
homepage = "https://gitlab.com/DeerMaximum/pynina";
changelog = "https://gitlab.com/DeerMaximum/pynina/-/releases/${version}";
changelog = "https://gitlab.com/DeerMaximum/pynina/-/releases/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};

4
pkgs/development/tools/esbuild/default.nix
View file

@ -6,13 +6,13 @@
buildGoModule rec {
pname = "esbuild";
version = "0.25.3";
version = "0.25.4";
src = fetchFromGitHub {
owner = "evanw";
repo = "esbuild";
rev = "v${version}";
hash = "sha256-YYwvz6TCLAtVHsmXLGC+L/CQVAy5qSFU6JS1o5O5Zkg=";
hash = "sha256-fh+w8ZIWfNavZo6kBU8gKS6IwPXP3z+eXLDz3v6gVt4=";
};
vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ=";

9
pkgs/development/tools/godot/4.3/default.nix
View file

@ -1,6 +1,11 @@
{
version = "4.3-stable";
hash = "sha256-MzElflwXHWLgPtoOIhPLA00xX8eEdQsexZaGIEOzbj0=";
exportTemplatesHash = "sha256-XRnKii+eexIkbGf7bqc42SR0NBULFvgMdOpSRNNk6kg=";
nugetDeps = ./deps.json;
default = {
exportTemplatesHash = "sha256-9fENuvVqeQg0nmS5TqjCyTwswR+xAUyVZbaKK7Q3uSI=";
};
mono = {
exportTemplatesHash = "sha256-pkDZfkJHiDtY05TGERwTNDES88SbuFfZVYb5hln6O+U=";
nugetDeps = ./deps.json;
};
}

9
pkgs/development/tools/godot/4.4/default.nix
View file

@ -1,6 +1,11 @@
{
version = "4.4.1-stable";
hash = "sha256-O4TdPYu1K2zWKMBP/7xd0UPLDb7/4dBnkGM7QydD3Yo=";
exportTemplatesHash = "sha256-KV4sDBZPiMf7IORaNFR2uEK1midnyyjCUfG9hl6AwHY=";
nugetDeps = ./deps.json;
default = {
exportTemplatesHash = "sha256-eo0UreSJ/U0i8XgZMCH+iodqnlEGjtTd4m2sOuTFmog=";
};
mono = {
exportTemplatesHash = "sha256-tk0WS5axndcXWhuj86blg+nU3FB7PRMzVj8ka1gRgj4=";
nugetDeps = ./deps.json;
};
}

30
pkgs/development/tools/godot/CSharpLanguage-fix-crash-in-reload_assemblies-after-.patch Normal file
View file

@ -0,0 +1,30 @@
From 42f89dd50dde0896d6c55282c82db9af41cd12d8 Mon Sep 17 00:00:00 2001
From: David McFarland <corngood@gmail.com>
Date: Wed, 26 Mar 2025 09:52:17 -0300
Subject: [PATCH] CSharpLanguage: fix crash in reload_assemblies after editor
shutdown
---
modules/mono/csharp_script.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/modules/mono/csharp_script.cpp b/modules/mono/csharp_script.cpp
index 36c8a40ed9..2b161fb69b 100644
--- a/modules/mono/csharp_script.cpp
+++ b/modules/mono/csharp_script.cpp
@@ -1001,8 +1001,10 @@ void CSharpLanguage::reload_assemblies(bool p_soft_reload) {
#ifdef TOOLS_ENABLED
// FIXME: Hack to refresh editor in order to display new properties and signals. See if there is a better alternative.
if (Engine::get_singleton()->is_editor_hint()) {
- InspectorDock::get_inspector_singleton()->update_tree();
- NodeDock::get_singleton()->update_lists();
+ if (InspectorDock::get_singleton())
+ InspectorDock::get_inspector_singleton()->update_tree();
+ if (NodeDock::get_singleton())
+ NodeDock::get_singleton()->update_lists();
}
#endif
}
--
2.48.1

861
pkgs/development/tools/godot/common.nix
View file

@ -2,10 +2,14 @@
alsa-lib,
autoPatchelfHook,
buildPackages,
callPackage,
dbus,
dotnetCorePackages,
exportTemplatesHash,
fetchFromGitHub,
fetchpatch,
fontconfig,
glib,
hash,
installShellFiles,
lib,
@ -22,6 +26,7 @@
libXrandr,
libXrender,
makeWrapper,
perl,
pkg-config,
runCommand,
scons,
@ -30,10 +35,12 @@
stdenvNoCC,
testers,
udev,
updateScript,
version,
vulkan-loader,
wayland,
wayland-scanner,
withAlsa ? true,
withDbus ? true,
withFontconfig ? true,
withMono ? false,
@ -42,7 +49,6 @@
withPrecision ? "single",
withPulseaudio ? true,
withSpeechd ? true,
withTarget ? "editor",
withTouch ? true,
withUdev ? true,
# Wayland in Godot requires X11 until upstream fix is merged
@ -59,348 +65,525 @@ let
k: v: if builtins.isString v then "${k}=${v}" else "${k}=${builtins.toJSON v}"
);
suffix = if withMono then "-mono" else "";
arch = stdenv.hostPlatform.linuxArch;
dotnet-sdk = dotnetCorePackages.sdk_8_0-source;
attrs = finalAttrs: rec {
pname = "godot4${suffix}";
inherit version;
dottedVersion = lib.replaceStrings [ "-" ] [ "." ] version + lib.optionalString withMono ".mono";
src = fetchFromGitHub {
owner = "godotengine";
repo = "godot";
tag = version;
inherit hash;
# Required for the commit hash to be included in the version number.
#
# `methods.py` reads the commit hash from `.git/HEAD` and manually follows
# refs.
#
# See also 'hash' in
# https://docs.godotengine.org/en/stable/classes/class_engine.html#class-engine-method-get-version-info
leaveDotGit = true;
# Only keep HEAD, because leaveDotGit is non-deterministic:
# https://github.com/NixOS/nixpkgs/issues/8567
postFetch = ''
hash=$(git -C "$out" rev-parse HEAD)
rm -r "$out"/.git
mkdir "$out"/.git
echo "$hash" > "$out"/.git/HEAD
'';
};
attrsForTarget =
target: finalAttrs:
let
editor = target == "editor";
suffix = lib.optionalString withMono "-mono" + lib.optionalString (!editor) "-template";
binary = lib.concatStringsSep "." (
[
"godot"
withPlatform
target
]
++ lib.optional (withPrecision != "single") withPrecision
++ [ arch ]
++ lib.optional withMono "mono"
);
in
rec {
pname = "godot${suffix}";
inherit version;
outputs = [
"out"
"man"
];
separateDebugInfo = true;
# Set the build name which is part of the version. In official downloads, this
# is set to 'official'. When not specified explicitly, it is set to
# 'custom_build'. Other platforms packaging Godot (Gentoo, Arch, Flatpack
# etc.) usually set this to their name as well.
#
# See also 'methods.py' in the Godot repo and 'build' in
# https://docs.godotengine.org/en/stable/classes/class_engine.html#class-engine-method-get-version-info
BUILD_NAME = "nixpkgs";
preConfigure = lib.optionalString withMono ''
# TODO: avoid pulling in dependencies of windows-only project
dotnet sln modules/mono/editor/GodotTools/GodotTools.sln \
remove modules/mono/editor/GodotTools/GodotTools.OpenVisualStudio/GodotTools.OpenVisualStudio.csproj
dotnet restore modules/mono/glue/GodotSharp/GodotSharp.sln
dotnet restore modules/mono/editor/GodotTools/GodotTools.sln
dotnet restore modules/mono/editor/Godot.NET.Sdk/Godot.NET.Sdk.sln
'';
# From: https://github.com/godotengine/godot/blob/4.2.2-stable/SConstruct
sconsFlags = mkSconsFlagsFromAttrSet {
# Options from 'SConstruct'
precision = withPrecision; # Floating-point precision level
production = true; # Set defaults to build Godot for use in production
platform = withPlatform;
target = withTarget;
debug_symbols = true;
# Options from 'platform/linuxbsd/detect.py'
dbus = withDbus; # Use D-Bus to handle screensaver and portal desktop settings
fontconfig = withFontconfig; # Use fontconfig for system fonts support
pulseaudio = withPulseaudio; # Use PulseAudio
speechd = withSpeechd; # Use Speech Dispatcher for Text-to-Speech support
touch = withTouch; # Enable touch events
udev = withUdev; # Use udev for gamepad connection callbacks
wayland = withWayland; # Compile with Wayland support
x11 = withX11; # Compile with X11 support
module_mono_enabled = withMono;
linkflags = "-Wl,--build-id";
};
enableParallelBuilding = true;
strictDeps = true;
depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
buildPackages.stdenv.cc
pkg-config
];
buildInputs = lib.optionals withMono dotnet-sdk.packages;
nativeBuildInputs =
[
autoPatchelfHook
installShellFiles
pkg-config
scons
]
++ lib.optionals withWayland [ wayland-scanner ]
++ lib.optionals withMono [
dotnet-sdk
makeWrapper
];
postBuild = lib.optionalString withMono ''
echo "Generating Glue"
if [[ ${withPrecision} == *double* ]]; then
bin/godot.${withPlatform}.${withTarget}.${withPrecision}.${arch}.mono --headless --generate-mono-glue modules/mono/glue
else
bin/godot.${withPlatform}.${withTarget}.${arch}.mono --headless --generate-mono-glue modules/mono/glue
fi
echo "Building C#/.NET Assemblies"
python modules/mono/build_scripts/build_assemblies.py --godot-output-dir bin --precision=${withPrecision}
'';
runtimeDependencies =
[
alsa-lib
libGL
vulkan-loader
]
++ lib.optionals withX11 [
libX11
libXcursor
libXext
libXfixes
libXi
libXinerama
libxkbcommon
libXrandr
libXrender
]
++ lib.optionals withWayland [
libdecor
wayland
]
++ lib.optionals withDbus [
dbus
dbus.lib
]
++ lib.optionals withFontconfig [
fontconfig
fontconfig.lib
]
++ lib.optionals withPulseaudio [ libpulseaudio ]
++ lib.optionals withSpeechd [ speechd-minimal ]
++ lib.optionals withUdev [ udev ];
installPhase =
''
runHook preInstall
mkdir -p "$out/bin"
cp bin/godot.* $out/bin/godot4${suffix}
installManPage misc/dist/linux/godot.6
mkdir -p "$out"/share/{applications,icons/hicolor/scalable/apps}
cp misc/dist/linux/org.godotengine.Godot.desktop "$out/share/applications/org.godotengine.Godot4${suffix}.desktop"
substituteInPlace "$out/share/applications/org.godotengine.Godot4${suffix}.desktop" \
--replace "Exec=godot" "Exec=$out/bin/godot4${suffix}" \
--replace "Godot Engine" "Godot Engine 4"
cp icon.svg "$out/share/icons/hicolor/scalable/apps/godot.svg"
cp icon.png "$out/share/icons/godot.png"
''
+ lib.optionalString withMono ''
cp -r bin/GodotSharp/ $out/bin/
wrapProgram $out/bin/godot4${suffix} \
--set DOTNET_ROOT ${dotnet-sdk} \
--prefix PATH : "${
lib.makeBinPath [
dotnet-sdk
]
}"
''
+ ''
ln -s godot4${suffix} "$out"/bin/godot
runHook post Install
'';
# patching $debug can crash patchelf
# (https://github.com/NixOS/patchelf/issues/373), so explicitly patch $out
dontAutoPatchelf = true;
postFixup = ''
autoPatchelf "$out"
'';
passthru = {
tests =
let
pkg = finalAttrs.finalPackage;
dottedVersion = lib.replaceStrings [ "-" ] [ "." ] version;
exportedProject = stdenvNoCC.mkDerivation {
name = "${pkg.name}-project-export";
nativeBuildInputs = [
pkg
autoPatchelfHook
];
runtimeDependencies = map lib.getLib [
alsa-lib
libGL
libpulseaudio
libX11
libXcursor
libXext
libXi
libXrandr
udev
vulkan-loader
];
unpackPhase = ''
runHook preUnpack
mkdir test
cd test
touch project.godot
cat >create-scene.gd <<'EOF'
extends SceneTree
func _initialize():
var node = Node.new()
var script = ResourceLoader.load("res://test.gd")
print(script)
node.set_script(script)
var scene = PackedScene.new()
var scenePath = "res://test.tscn"
scene.pack(node)
var x = ResourceSaver.save(scene, scenePath)
ProjectSettings["application/run/main_scene"] = scenePath
ProjectSettings.save()
node.free()
quit()
EOF
cat >test.gd <<'EOF'
extends Node
func _ready():
print("Hello, World!")
get_tree().quit()
EOF
cat >export_presets.cfg <<'EOF'
[preset.0]
name="build"
platform="Linux"
runnable=true
export_filter="all_resources"
include_filter=""
exclude_filter=""
[preset.0.options]
__empty=""
EOF
runHook postUnpack
'';
buildPhase = ''
runHook preBuild
export HOME=$(mktemp -d)
mkdir -p $HOME/.local/share/godot/export_templates
ln -s "${pkg.export-templates-bin}" "$HOME/.local/share/godot/export_templates/${dottedVersion}"
godot --headless -s create-scene.gd
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p "$out"/bin
godot --headless --export-release build "$out"/bin/test
runHook postInstall
'';
};
in
{
version = testers.testVersion {
package = pkg;
version = dottedVersion;
};
project-runs = runCommand "${pkg.name}-project-runs" { } ''
(
set -eo pipefail
HOME=$(mktemp -d)
"${exportedProject}"/bin/test --headless | tail -n1 | (
read output
if [[ "$output" != "Hello, World!" ]]; then
echo "unexpected output: $output" >&2
exit 1
fi
)
touch "$out"
)
'';
};
};
requiredSystemFeatures = [
# fixes: No space left on device
"big-parallel"
];
meta = {
changelog = "https://github.com/godotengine/godot/releases/tag/${version}";
description = "Free and Open Source 2D and 3D game engine";
homepage = "https://godotengine.org";
license = lib.licenses.mit;
platforms = [
"x86_64-linux"
"aarch64-linux"
] ++ lib.optional (!withMono) "i686-linux";
maintainers = with lib.maintainers; [
shiryel
corngood
];
mainProgram = "godot4${suffix}";
};
};
in
stdenv.mkDerivation (
if withMono then
dotnetCorePackages.addNuGetDeps {
inherit nugetDeps;
overrideFetchAttrs = old: rec {
runtimeIds = map (system: dotnetCorePackages.systemToDotnetRid system) old.meta.platforms;
buildInputs =
old.buildInputs
++ lib.concatLists (lib.attrValues (lib.getAttrs runtimeIds dotnet-sdk.targetPackages));
src = fetchFromGitHub {
owner = "godotengine";
repo = "godot";
tag = version;
inherit hash;
# Required for the commit hash to be included in the version number.
#
# `methods.py` reads the commit hash from `.git/HEAD` and manually follows
# refs.
#
# See also 'hash' in
# https://docs.godotengine.org/en/stable/classes/class_engine.html#class-engine-method-get-version-info
leaveDotGit = true;
# Only keep HEAD, because leaveDotGit is non-deterministic:
# https://github.com/NixOS/nixpkgs/issues/8567
postFetch = ''
hash=$(git -C "$out" rev-parse HEAD)
rm -r "$out"/.git
mkdir "$out"/.git
echo "$hash" > "$out"/.git/HEAD
'';
};
} attrs
else
attrs
)
outputs = [
"out"
] ++ lib.optional (editor) "man";
separateDebugInfo = true;
# Set the build name which is part of the version. In official downloads, this
# is set to 'official'. When not specified explicitly, it is set to
# 'custom_build'. Other platforms packaging Godot (Gentoo, Arch, Flatpack
# etc.) usually set this to their name as well.
#
# See also 'methods.py' in the Godot repo and 'build' in
# https://docs.godotengine.org/en/stable/classes/class_engine.html#class-engine-method-get-version-info
BUILD_NAME = "nixpkgs";
preConfigure = lib.optionalString withMono ''
# TODO: avoid pulling in dependencies of windows-only project
dotnet sln modules/mono/editor/GodotTools/GodotTools.sln \
remove modules/mono/editor/GodotTools/GodotTools.OpenVisualStudio/GodotTools.OpenVisualStudio.csproj
dotnet restore modules/mono/glue/GodotSharp/GodotSharp.sln
dotnet restore modules/mono/editor/GodotTools/GodotTools.sln
dotnet restore modules/mono/editor/Godot.NET.Sdk/Godot.NET.Sdk.sln
'';
# From: https://github.com/godotengine/godot/blob/4.2.2-stable/SConstruct
sconsFlags = mkSconsFlagsFromAttrSet {
# Options from 'SConstruct'
precision = withPrecision; # Floating-point precision level
production = true; # Set defaults to build Godot for use in production
platform = withPlatform;
inherit target;
debug_symbols = true;
# Options from 'platform/linuxbsd/detect.py'
alsa = withAlsa;
dbus = withDbus; # Use D-Bus to handle screensaver and portal desktop settings
fontconfig = withFontconfig; # Use fontconfig for system fonts support
pulseaudio = withPulseaudio; # Use PulseAudio
speechd = withSpeechd; # Use Speech Dispatcher for Text-to-Speech support
touch = withTouch; # Enable touch events
udev = withUdev; # Use udev for gamepad connection callbacks
wayland = withWayland; # Compile with Wayland support
x11 = withX11; # Compile with X11 support
module_mono_enabled = withMono;
# aliasing bugs exist with hardening+LTO
# https://github.com/godotengine/godot/pull/104501
ccflags = "-fno-strict-aliasing";
linkflags = "-Wl,--build-id";
use_sowrap = false;
};
enableParallelBuilding = true;
strictDeps = true;
patches = lib.optionals (lib.versionOlder version "4.4") [
(fetchpatch {
name = "wayland-header-fix.patch";
url = "https://github.com/godotengine/godot/commit/6ce71f0fb0a091cffb6adb4af8ab3f716ad8930b.patch";
hash = "sha256-hgAtAtCghF5InyGLdE9M+9PjPS1BWXWGKgIAyeuqkoU=";
})
# Fix a crash in the mono test project build. It no longer seems to
# happen in 4.4, but an existing fix couldn't be identified.
./CSharpLanguage-fix-crash-in-reload_assemblies-after-.patch
];
postPatch = ''
# this stops scons from hiding e.g. NIX_CFLAGS_COMPILE
perl -pi -e '{ $r += s:(env = Environment\(.*):\1\nenv["ENV"] = os.environ: } END { exit ($r != 1) }' SConstruct
substituteInPlace thirdparty/glad/egl.c \
--replace-fail \
'static const char *NAMES[] = {"libEGL.so.1", "libEGL.so"}' \
'static const char *NAMES[] = {"${lib.getLib libGL}/lib/libEGL.so"}'
substituteInPlace thirdparty/glad/gl.c \
--replace-fail \
'static const char *NAMES[] = {"libGLESv2.so.2", "libGLESv2.so"}' \
'static const char *NAMES[] = {"${lib.getLib libGL}/lib/libGLESv2.so"}' \
substituteInPlace thirdparty/glad/gl{,x}.c \
--replace-fail \
'"libGL.so.1"' \
'"${lib.getLib libGL}/lib/libGL.so"'
substituteInPlace thirdparty/volk/volk.c \
--replace-fail \
'dlopen("libvulkan.so.1"' \
'dlopen("${lib.getLib vulkan-loader}/lib/libvulkan.so"'
'';
depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
buildPackages.stdenv.cc
pkg-config
];
buildInputs =
lib.optionals withMono dotnet-sdk.packages
++ lib.optional withAlsa alsa-lib
++ lib.optional (withX11 || withWayland) libxkbcommon
++ lib.optionals withX11 [
libX11
libXcursor
libXext
libXfixes
libXi
libXinerama
libXrandr
libXrender
]
++ lib.optionals withWayland [
# libdecor
wayland
]
++ lib.optionals withDbus [
dbus
]
++ lib.optionals withFontconfig [
fontconfig
]
++ lib.optional withPulseaudio libpulseaudio
++ lib.optionals withSpeechd [
speechd-minimal
glib
]
++ lib.optional withUdev udev;
nativeBuildInputs =
[
installShellFiles
perl
pkg-config
scons
]
++ lib.optionals withWayland [ wayland-scanner ]
++ lib.optionals withMono [
dotnet-sdk
makeWrapper
];
postBuild = lib.optionalString (editor && withMono) ''
echo "Generating Glue"
bin/${binary} --headless --generate-mono-glue modules/mono/glue
echo "Building C#/.NET Assemblies"
python modules/mono/build_scripts/build_assemblies.py --godot-output-dir bin --precision=${withPrecision}
'';
installPhase =
''
runHook preInstall
mkdir -p "$out"/{bin,libexec}
cp -r bin/* "$out"/libexec
cd "$out"/bin
ln -s ../libexec/${binary} godot${lib.versions.majorMinor version}${suffix}
ln -s godot${lib.versions.majorMinor version}${suffix} godot${lib.versions.major version}${suffix}
ln -s godot${lib.versions.major version}${suffix} godot${suffix}
cd -
''
+ (
if editor then
''
installManPage misc/dist/linux/godot.6
mkdir -p "$out"/share/{applications,icons/hicolor/scalable/apps}
cp misc/dist/linux/org.godotengine.Godot.desktop "$out/share/applications/org.godotengine.Godot${lib.versions.majorMinor version}${suffix}.desktop"
substituteInPlace "$out/share/applications/org.godotengine.Godot${lib.versions.majorMinor version}${suffix}.desktop" \
--replace "Exec=godot" "Exec=$out/bin/godot${suffix}" \
--replace "Godot Engine" "Godot Engine ${
lib.versions.majorMinor version + lib.optionalString withMono " (Mono)"
}"
cp icon.svg "$out/share/icons/hicolor/scalable/apps/godot.svg"
cp icon.png "$out/share/icons/godot.png"
''
+ lib.optionalString withMono ''
mkdir -p "$out"/share/nuget
mv "$out"/libexec/GodotSharp/Tools/nupkgs "$out"/share/nuget/source
wrapProgram $out/libexec/${binary} \
--set DOTNET_ROOT ${dotnet-sdk}/share/dotnet \
--prefix PATH : "${
lib.makeBinPath [
dotnet-sdk
]
}"
''
else
let
template =
(lib.replaceStrings
[ "template" ]
[
{
linuxbsd = "linux";
}
.${withPlatform}
]
target
)
+ "."
+ arch;
in
''
templates="$out"/share/godot/export_templates/${dottedVersion}
mkdir -p "$templates"
ln -s "$out"/libexec/${binary} "$templates"/${template}
''
)
+ ''
runHook postInstall
'';
passthru =
{
inherit updateScript;
tests =
{
version = testers.testVersion {
package = finalAttrs.finalPackage;
version = dottedVersion;
};
}
// lib.optionalAttrs (editor) (
let
pkg = finalAttrs.finalPackage;
project-src = runCommand "${pkg.name}-project-src" { } (
''
mkdir "$out"
cd "$out"
touch project.godot
cat >create-scene.gd <<'EOF'
extends SceneTree
func _initialize():
var node = Node.new()
var script = ResourceLoader.load("res://test.gd")
node.set_script(script)
''
+ lib.optionalString withMono ''
${""}
var monoNode = Node.new()
var monoScript = ResourceLoader.load("res://Test.cs")
monoNode.set_script(monoScript)
node.add_child(monoNode)
monoNode.owner = node
''
+ ''
var scene = PackedScene.new()
var scenePath = "res://test.tscn"
scene.pack(node)
node.free()
var x = ResourceSaver.save(scene, scenePath)
ProjectSettings["application/run/main_scene"] = scenePath
ProjectSettings.save()
quit()
EOF
cat >test.gd <<'EOF'
extends Node
func _ready():
print("Hello, World!")
get_tree().quit()
EOF
cat >export_presets.cfg <<'EOF'
[preset.0]
name="build"
platform="Linux"
runnable=true
export_filter="all_resources"
include_filter=""
exclude_filter=""
[preset.0.options]
binary_format/architecture="${arch}"
EOF
''
+ lib.optionalString withMono ''
cat >Test.cs <<'EOF'
using Godot;
using System;
public partial class Test : Node
{
public override void _Ready()
{
GD.Print("Hello, Mono!");
GetTree().Quit();
}
}
EOF
sdk_version=$(basename ${pkg}/share/nuget/packages/godot.net.sdk/*)
cat >UnnamedProject.csproj <<EOF
<Project Sdk="Godot.NET.Sdk/$sdk_version">
<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<EnableDynamicLoading>true</EnableDynamicLoading>
</PropertyGroup>
</Project>
EOF
''
);
export-tests = lib.makeExtensible (final: {
inherit (pkg) export-template;
export = stdenvNoCC.mkDerivation {
name = "${final.export-template.name}-export";
nativeBuildInputs = [
pkg
] ++ lib.optional withMono dotnet-sdk;
src = project-src;
postConfigure = lib.optionalString withMono ''
dotnet new sln -n UnnamedProject
message=$(dotnet sln add UnnamedProject.csproj)
echo "$message"
# dotnet sln doesn't return an error when it fails to add the project
[[ $message == "Project \`UnnamedProject.csproj\` added to the solution." ]]
'';
exportTemplate = pkg.export-template;
buildPhase = ''
runHook preBuild
export HOME=$(mktemp -d)
mkdir -p $HOME/.local/share/godot/
ln -s "${final.export-template}"/share/godot/export_templates "$HOME"/.local/share/godot/
godot${suffix} --headless --build-solutions -s create-scene.gd
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p "$out"/bin
godot${suffix} --headless --export-release build "$out"/bin/test
runHook postInstall
'';
};
run = runCommand "${final.export.name}-runs" { passthru = { inherit (final) export; }; } (
''
(
set -eo pipefail
HOME=$(mktemp -d)
"${final.export}"/bin/test --headless | tail -n+3 | (
''
+ lib.optionalString withMono ''
# indent
read output
if [[ "$output" != "Hello, Mono!" ]]; then
echo "unexpected output: $output" >&2
exit 1
fi
''
+ ''
read output
if [[ "$output" != "Hello, World!" ]]; then
echo "unexpected output: $output" >&2
exit 1
fi
)
touch "$out"
)
''
);
});
in
{
export-runs = export-tests.run;
export-bin-runs =
(export-tests.extend (
final: prev: {
export-template = pkg.export-templates-bin;
export = prev.export.overrideAttrs (prev: {
nativeBuildInputs = prev.nativeBuildInputs or [ ] ++ [
autoPatchelfHook
];
# stripping dlls results in:
# Failed to load System.Private.CoreLib.dll (error code 0x8007000B)
stripExclude = lib.optional withMono [ "*.dll" ];
runtimeDependencies =
prev.runtimeDependencies or [ ]
++ map lib.getLib [
alsa-lib
libpulseaudio
libX11
libXcursor
libXext
libXi
libXrandr
udev
vulkan-loader
];
});
}
)).run;
}
);
}
// lib.optionalAttrs editor {
export-template = mkTarget "template_release";
export-templates-bin = (
callPackage ./export-templates-bin.nix {
inherit version withMono;
godot = finalAttrs.finalPackage;
hash = exportTemplatesHash;
}
);
};
requiredSystemFeatures = [
# fixes: No space left on device
"big-parallel"
];
meta = {
changelog = "https://github.com/godotengine/godot/releases/tag/${version}";
description = "Free and Open Source 2D and 3D game engine";
homepage = "https://godotengine.org";
license = lib.licenses.mit;
platforms = [
"x86_64-linux"
"aarch64-linux"
] ++ lib.optional (!withMono) "i686-linux";
maintainers = with lib.maintainers; [
shiryel
corngood
];
mainProgram = "godot${suffix}";
};
};
mkTarget =
target:
let
attrs = attrsForTarget target;
in
stdenv.mkDerivation (
if withMono then
dotnetCorePackages.addNuGetDeps {
inherit nugetDeps;
overrideFetchAttrs = old: rec {
runtimeIds = map (system: dotnetCorePackages.systemToDotnetRid system) old.meta.platforms;
buildInputs =
old.buildInputs
++ lib.concatLists (lib.attrValues (lib.getAttrs runtimeIds dotnet-sdk.targetPackages));
};
} attrs
else
attrs
);
in
mkTarget "editor"

72
pkgs/development/tools/godot/default.nix
View file

@ -1,5 +1,9 @@
# TODO:
# - combine binary and source tests
# - filter builtInputs by builtin_ flags
{
callPackage,
lib,
nix-update-script,
fetchzip,
}:
@ -8,43 +12,40 @@ let
versionPrefix:
let
attrs = import (./. + "/${versionPrefix}/default.nix");
inherit (attrs)
version
hash
exportTemplatesHash
nugetDeps
;
updateScript = [
./update.sh
versionPrefix
(builtins.unsafeGetAttrPos "version" attrs).file
];
in
rec {
godot = (callPackage ./common.nix { inherit version hash nugetDeps; }).overrideAttrs (old: {
passthru = old.passthru or { } // {
inherit export-templates-bin;
updateScript = [
./update.sh
versionPrefix
(builtins.unsafeGetAttrPos "version" attrs).file
];
};
});
lib.recurseIntoAttrs rec {
godot = callPackage ./common.nix {
inherit updateScript;
inherit (attrs)
version
hash
;
inherit (attrs.default)
exportTemplatesHash
;
};
godot-mono = godot.override {
withMono = true;
inherit (attrs.mono)
exportTemplatesHash
nugetDeps
;
};
export-templates-bin = (
callPackage ./export-templates-bin.nix {
inherit version godot;
hash = exportTemplatesHash;
}
);
};
export-template = godot.export-template;
export-template-mono = godot-mono.export-template;
godotPackages_4_3 = mkGodotPackages "4.3";
godotPackages_4_4 = mkGodotPackages "4.4";
godotPackages_4 = godotPackages_4_4;
godotPackages = godotPackages_4;
export-templates-bin = godot.export-templates-bin;
export-templates-mono-bin = godot-mono.export-templates-bin;
};
in
{
rec {
godot3 = callPackage ./3 { };
godot3-export-templates = callPackage ./3/export-templates.nix { };
godot3-headless = callPackage ./3/headless.nix { };
@ -56,16 +57,21 @@ in
godot3-mono-debug-server = callPackage ./3/mono/debug-server.nix { };
godot3-mono-server = callPackage ./3/mono/server.nix { };
godotPackages_4_3 = mkGodotPackages "4.3";
godotPackages_4_4 = mkGodotPackages "4.4";
godotPackages_4 = godotPackages_4_4;
godotPackages = godotPackages_4;
godot_4_3 = godotPackages_4_3.godot;
godot_4_3-mono = godotPackages_4_3.godot-mono;
godot_4_3-export-templates = godotPackages_4_3.export-templates-bin;
godot_4_3-export-templates-bin = godotPackages_4_3.export-templates-bin;
godot_4_4 = godotPackages_4_4.godot;
godot_4_4-mono = godotPackages_4_4.godot-mono;
godot_4_4-export-templates = godotPackages_4_4.export-templates-bin;
godot_4_4-export-templates-bin = godotPackages_4_4.export-templates-bin;
godot_4 = godotPackages_4.godot;
godot_4-mono = godotPackages_4.godot-mono;
godot_4-export-templates = godotPackages_4.export-templates-bin;
godot_4-export-templates-bin = godotPackages_4.export-templates-bin;
godot = godotPackages.godot;
godot-mono = godotPackages.godot-mono;
godot-export-templates = godotPackages.export-templates-bin;
godot-export-templates-bin = godotPackages.export-templates-bin;
}

62
pkgs/development/tools/godot/export-templates-bin.nix
View file

@ -1,29 +1,57 @@
{
fetchzip,
fetchurl,
godot,
hash,
lib,
stdenvNoCC,
unzip,
version,
withMono ? false,
}:
# Export templates is necessary for setting up Godot engine, it's used when exporting projects.
# Godot applications/games packages needs to reference export templates.
# Export templates version should be kept in sync with Godot version.
# https://docs.godotengine.org/en/stable/tutorials/export/exporting_projects.html#export-templates
fetchzip {
pname = "godot-export-templates";
version = version;
extension = "zip";
url = "https://github.com/godotengine/godot/releases/download/${version}/Godot_v${version}_export_templates.tpz";
inherit hash;
let
self = stdenvNoCC.mkDerivation {
pname = "godot-export-templates${lib.optionalString withMono "-mono"}-bin";
version = version;
meta = {
inherit (godot.meta)
changelog
description
homepage
license
maintainers
;
sourceProvenance = [ lib.sourceTypes.binaryNativeCode ];
src = fetchurl {
url = "https://github.com/godotengine/godot/releases/download/${version}/Godot_v${version}${lib.optionalString withMono "_mono"}_export_templates.tpz";
inherit hash;
};
nativeBuildInputs = [
unzip
];
unpackPhase = ''
runHook preUnpack
unzip -q "$src"
runHook postUnpack
'';
installPhase = ''
templates="$out"/share/godot/export_templates
mkdir -p "$templates"
read version < templates/version.txt
mv templates "$templates/$version"
'';
# this allows update-source-version to work
passthru.src = self;
meta = {
inherit (godot.meta)
changelog
description
homepage
license
maintainers
;
sourceProvenance = [ lib.sourceTypes.binaryNativeCode ];
};
};
}
in
self

16
pkgs/development/tools/godot/update.sh
View file

@ -1,18 +1,20 @@
#!/usr/bin/env nix-shell
#!nix-shell -I nixpkgs=./. --pure -i bash -p bash nix nix-update git cacert common-updater-scripts --keep UPDATE_NIX_ATTR_PATH --keep UPDATE_NIX_OLD_VERSION
#!nix-shell -I nixpkgs=./. --pure -i bash -p bash nix nix-update git cacert common-updater-scripts
set -euo pipefail
versionPrefix=$1
file=$2
attr=$UPDATE_NIX_ATTR_PATH
attr=godotPackages_${versionPrefix/./_}
prev_version=$UPDATE_NIX_OLD_VERSION
nix-update "$attr" \
prev_version=$(nix eval --raw -f. "$attr".godot)
nix-update "$attr".godot \
--version-regex "($versionPrefix\\b.*-stable)" \
--override-filename "$2" \
--src-only
[[ $(nix eval --raw -f. "$attr".version) != "$prev_version" ]] || exit 0
[[ $(nix eval --raw -f. "$attr".godot) != "$prev_version" ]] || exit 0
"$(nix build --impure --expr "((import ./. {}).$attr.override { withMono = true; }).fetch-deps" --print-out-paths --no-link)"
fetch_deps=$(nix build -f. "$attr".godot-mono.fetch-deps --print-out-paths --no-link)
"$fetch_deps"
update-source-version "$attr" --ignore-same-version --source-key=export-templates-bin --file="$file"
update-source-version "$attr".godot.export-templates-bin --ignore-same-version --file="$file"
update-source-version "$attr".godot-mono.export-templates-bin --ignore-same-version --file="$file"

1
pkgs/os-specific/linux/scx/default.nix
View file

@ -2,7 +2,6 @@
lib,
callPackage,
fetchFromGitHub,
fetchpatch2,
}:
let
scx-common = rec {

4
pkgs/os-specific/linux/scx/scx_cscheds.nix
View file

@ -13,6 +13,8 @@
zlib,
zstd,
scx-common,
protobuf,
libseccomp,
}:
let
@ -74,6 +76,7 @@ llvmPackages.stdenv.mkDerivation (finalAttrs: {
jq
pkg-config
zstd
protobuf
]
++ bpftools.buildInputs
++ bpftools.nativeBuildInputs;
@ -81,6 +84,7 @@ llvmPackages.stdenv.mkDerivation (finalAttrs: {
buildInputs = [
elfutils
zlib
libseccomp
];
mesonFlags = [

4
pkgs/os-specific/linux/scx/scx_rustscheds.nix
View file

@ -8,6 +8,8 @@
zstd,
scx-common,
scx,
protobuf,
libseccomp,
}:
rustPlatform.buildRustPackage {
pname = "scx_rustscheds";
@ -26,11 +28,13 @@ rustPlatform.buildRustPackage {
nativeBuildInputs = [
pkg-config
rustPlatform.bindgenHook
protobuf
];
buildInputs = [
elfutils
zlib
zstd
libseccomp
];
env = {

6
pkgs/os-specific/linux/scx/version.json
View file

@ -1,8 +1,8 @@
{
"scx": {
"version": "1.0.11",
"hash": "sha256-Lj+YH+pWcdbGvpk6PAgat279cXOGkm0SZ5+wdK+2u9Q=",
"cargoHash": "sha256-sDrkUiZpX04A6a4ltFFZo6qtUgUgZ0ydml4mfKYYu3g="
"version": "1.0.12",
"hash": "sha256-ti4SPx66Ykwqsel7l8Rb0WEBypFbQKoDd0foMAtEmlE=",
"cargoHash": "sha256-nD+RalFCJLqQGMVtaJm/NLCrY8Iq5/eAsW+ydABvw2o="
},
"bpftool": {
"rev": "183e7010387d1fc9f08051426e9a9fbd5f8d409e",

5
pkgs/servers/sql/postgresql/ext/anonymizer.nix
View file

@ -7,10 +7,9 @@
postgresql,
postgresqlBuildExtension,
runtimeShell,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {
postgresqlBuildExtension {
pname = "postgresql_anonymizer";
inherit (pg-dump-anon) version src;
@ -32,4 +31,4 @@ postgresqlBuildExtension (finalAttrs: {
meta = lib.getAttrs [ "homepage" "teams" "license" ] pg-dump-anon.meta // {
description = "Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database";
};
})
}

1
pkgs/servers/sql/postgresql/ext/apache_datasketches.nix
View file

@ -5,7 +5,6 @@
postgresql,
postgresqlBuildExtension,
postgresqlTestExtension,
stdenv,
}:
let

1
pkgs/servers/sql/postgresql/ext/citus.nix
View file

@ -7,7 +7,6 @@
postgresql,
postgresqlBuildExtension,
postgresqlTestExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/cstore_fdw.nix
View file

@ -4,7 +4,6 @@
postgresql,
postgresqlBuildExtension,
protobufc,
stdenv,
}:
postgresqlBuildExtension {

1
pkgs/servers/sql/postgresql/ext/hypopg.nix
View file

@ -4,7 +4,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/jsonb_deep_sum.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension {

1
pkgs/servers/sql/postgresql/ext/lantern.nix
View file

@ -6,7 +6,6 @@
postgresql,
postgresqlBuildExtension,
postgresqlTestExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/periods.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/pg-semver.nix
View file

@ -4,7 +4,6 @@
postgresql,
postgresqlBuildExtension,
postgresqlTestExtension,
testers,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/pg_auto_failover.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/pg_cron.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/pg_ed25519.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/pg_hint_plan.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
let

1
pkgs/servers/sql/postgresql/ext/pg_hll.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

1
pkgs/servers/sql/postgresql/ext/pg_ivm.nix
View file

@ -3,7 +3,6 @@
lib,
postgresql,
postgresqlBuildExtension,
stdenv,
}:
postgresqlBuildExtension (finalAttrs: {

Some files were not shown because too many files have changed in this diff Show more