diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 0e6570805996..ffeb234f7eac 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -7186,6 +7186,12 @@ githubId = 28287; name = "Jon Roberts"; }; + encode42 = { + name = "encode42"; + email = "me@encode42.dev"; + github = "encode42"; + githubId = 34699884; + }; enderger = { email = "endergeryt@gmail.com"; github = "enderger"; @@ -23609,6 +23615,13 @@ githubId = 1901799; name = "Nathan van Doorn"; }; + tanya1866 = { + email = "tanyaarora@tutamail.com"; + matrix = "@tanya1866:matrix.org"; + github = "tanya1866"; + githubId = 119473725; + name = "Tanya Arora"; + }; taranarmo = { email = "taranarmo@gmail.com"; github = "taranarmo"; diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index ae18c087ceea..984b18511e19 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -85,8 +85,6 @@ - [ncps](https://github.com/kalbasit/ncps), a Nix binary cache proxy service implemented in Go using [go-nix](https://github.com/nix-community/go-nix). Available as [services.ncps](options.html#opt-services.ncps.enable). -- [Conduwuit](https://conduwuit.puppyirl.gay/), a federated chat server implementing the Matrix protocol, forked from Conduit. Available as [services.conduwuit](#opt-services.conduwuit.enable). - - [Readeck](https://readeck.org/), a read-it later web-application. Available as [services.readeck](#opt-services.readeck.enable). - [Traccar](https://www.traccar.org/), a modern GPS Tracking Platform. Available as [services.traccar](#opt-services.traccar.enable). @@ -345,9 +343,14 @@ Given a site example.com, http://example.com now 301 redirects to https://example.com. To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`. +- `slskd` has been updated to v0.22.3, which includes breaking changes to `script` integrations. Please review the [changelog](https://github.com/slskd/slskd/releases/tag/0.22.3) + and the accompanying [pull request](https://github.com/slskd/slskd/pull/1292). + - The behavior of `services.hostapd.radios..networks..authentication.enableRecommendedPairwiseCiphers` was changed to not include `CCMP-256` anymore. Since all configured pairwise ciphers have to be supported by the radio, this caused startup failures on many devices which is hard to debug in hostapd. +- The `conduwuit` matrix server implementation has officially been discontinued by upstream and the package has thus been marked as vulnerable, as it is a security-sensitive package that has reached EOL. + - `gkraken` software and `hardware.gkraken.enable` option have been removed, use `coolercontrol` via `programs.coolercontrol.enable` option instead. - To avoid delaying user logins unnecessarily the `multi-user.target` is no longer ordered after `network-online.target`. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 939f9b0d3b35..238f42652849 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -748,7 +748,6 @@ ./services/matrix/appservice-discord.nix ./services/matrix/appservice-irc.nix ./services/matrix/conduit.nix - ./services/matrix/conduwuit.nix ./services/matrix/dendrite.nix ./services/matrix/hebbot.nix ./services/matrix/hookshot.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 49872bc7a96b..0e8711fd489a 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -311,6 +311,10 @@ in (mkRemovedOptionModule [ "services" "rippleDataApi" ] '' The corresponding package was broken, abandoned upstream and thus removed from nixpkgs. '') + (mkRemovedOptionModule [ "services" "conduwuit" ] '' + The conduwuit project has been discontinued by upstream. + See https://github.com/NixOS/nixpkgs/pull/397902 for more information. + '') # Do NOT add any option renames here, see top of the file ]; diff --git a/nixos/modules/services/matrix/conduwuit.nix b/nixos/modules/services/matrix/conduwuit.nix deleted file mode 100644 index b4d9fdd1c95e..000000000000 --- a/nixos/modules/services/matrix/conduwuit.nix +++ /dev/null @@ -1,265 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.services.conduwuit; - defaultUser = "conduwuit"; - defaultGroup = "conduwuit"; - - format = pkgs.formats.toml { }; - configFile = format.generate "conduwuit.toml" cfg.settings; -in -{ - meta.maintainers = with lib.maintainers; [ niklaskorz ]; - options.services.conduwuit = { - enable = lib.mkEnableOption "conduwuit"; - - user = lib.mkOption { - type = lib.types.nonEmptyStr; - description = '' - The user {command}`conduwuit` is run as. - ''; - default = defaultUser; - }; - - group = lib.mkOption { - type = lib.types.nonEmptyStr; - description = '' - The group {command}`conduwuit` is run as. - ''; - default = defaultGroup; - }; - - extraEnvironment = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - description = "Extra Environment variables to pass to the conduwuit server."; - default = { }; - example = { - RUST_BACKTRACE = "yes"; - }; - }; - - package = lib.mkPackageOption pkgs "conduwuit" { }; - - settings = lib.mkOption { - type = lib.types.submodule { - freeformType = format.type; - options = { - global.server_name = lib.mkOption { - type = lib.types.nonEmptyStr; - example = "example.com"; - description = "The server_name is the name of this server. It is used as a suffix for user and room ids."; - }; - global.address = lib.mkOption { - type = lib.types.nullOr (lib.types.listOf lib.types.nonEmptyStr); - default = null; - example = [ - "127.0.0.1" - "::1" - ]; - description = '' - Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator. - If set to `null`, conduwuit will listen on IPv4 and IPv6 localhost. - Must be `null` if `unix_socket_path` is set. - ''; - }; - global.port = lib.mkOption { - type = lib.types.listOf lib.types.port; - default = [ 6167 ]; - description = '' - The port(s) conduwuit will be running on. - You need to set up a reverse proxy in your web server (e.g. apache or nginx), - so all requests to /_matrix on port 443 and 8448 will be forwarded to the conduwuit - instance running on this port. - ''; - }; - global.unix_socket_path = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - description = '' - Listen on a UNIX socket at the specified path. If listening on a UNIX socket, - listening on an address will be disabled. The `address` option must be set to - `null` (the default value). The option {option}`services.conduwuit.group` must - be set to a group your reverse proxy is part of. - - This will automatically add a system user "conduwuit" to your system if - {option}`services.conduwuit.user` is left at the default, and a "conduwuit" - group if {option}`services.conduwuit.group` is left at the default. - ''; - }; - global.unix_socket_perms = lib.mkOption { - type = lib.types.ints.positive; - default = 660; - description = "The default permissions (in octal) to create the UNIX socket with."; - }; - global.max_request_size = lib.mkOption { - type = lib.types.ints.positive; - default = 20000000; - description = "Max request size in bytes. Don't forget to also change it in the proxy."; - }; - global.allow_registration = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether new users can register on this server. - - Registration with token requires `registration_token` or `registration_token_file` to be set. - - If set to true without a token configured, and - `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` - is set to true, users can freely register. - ''; - }; - global.allow_encryption = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work."; - }; - global.allow_federation = lib.mkOption { - type = lib.types.bool; - default = true; - description = '' - Whether this server federates with other servers. - ''; - }; - global.trusted_servers = lib.mkOption { - type = lib.types.listOf lib.types.nonEmptyStr; - default = [ "matrix.org" ]; - description = '' - Servers listed here will be used to gather public keys of other servers - (notary trusted key servers). - - Currently, conduwuit doesn't support inbound batched key requests, so - this list should only contain other Synapse servers. - - Example: `[ "matrix.org" "constellatory.net" "tchncs.de" ]` - ''; - }; - global.database_path = lib.mkOption { - readOnly = true; - type = lib.types.path; - default = "/var/lib/conduwuit/"; - description = '' - Path to the conduwuit database, the directory where conduwuit will save its data. - Note that database_path cannot be edited because of the service's reliance on systemd StateDir. - ''; - }; - global.allow_check_for_updates = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - If enabled, conduwuit will send a simple GET request periodically to - for any new announcements made. - Despite the name, this is not an update check endpoint, it is simply an announcement check endpoint. - - Disabled by default. - ''; - }; - }; - }; - default = { }; - # TOML does not allow null values, so we use null to omit those fields - apply = lib.filterAttrsRecursive (_: v: v != null); - description = '' - Generates the conduwuit.toml configuration file. Refer to - - for details on supported values. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = !(cfg.settings ? global.unix_socket_path) || !(cfg.settings ? global.address); - message = '' - In `services.conduwuit.settings.global`, `unix_socket_path` and `address` cannot be set at the - same time. - Leave one of the two options unset or explicitly set them to `null`. - ''; - } - { - assertion = cfg.user != defaultUser -> config ? users.users.${cfg.user}; - message = "If `services.conduwuit.user` is changed, the configured user must already exist."; - } - { - assertion = cfg.group != defaultGroup -> config ? users.groups.${cfg.group}; - message = "If `services.conduwuit.group` is changed, the configured group must already exist."; - } - ]; - - users.users = lib.mkIf (cfg.user == defaultUser) { - ${defaultUser} = { - group = cfg.group; - home = cfg.settings.global.database_path; - isSystemUser = true; - }; - }; - - users.groups = lib.mkIf (cfg.group == defaultGroup) { - ${defaultGroup} = { }; - }; - - systemd.services.conduwuit = { - description = "Conduwuit Matrix Server"; - documentation = [ "https://conduwuit.puppyirl.gay/" ]; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - environment = lib.mkMerge ([ - { CONDUWUIT_CONFIG = configFile; } - cfg.extraEnvironment - ]); - startLimitBurst = 5; - startLimitIntervalSec = 60; - serviceConfig = { - DynamicUser = true; - User = cfg.user; - Group = cfg.group; - - DevicePolicy = "closed"; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateTmp = true; - PrivateUsers = true; - PrivateIPC = true; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service @resources" - "~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc" - ]; - SystemCallErrorNumber = "EPERM"; - - StateDirectory = "conduwuit"; - StateDirectoryMode = "0700"; - RuntimeDirectory = "conduwuit"; - RuntimeDirectoryMode = "0750"; - - ExecStart = lib.getExe cfg.package; - Restart = "on-failure"; - RestartSec = 10; - }; - }; - }; -} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 0d5c39d48512..9ffc0db8513b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -317,7 +317,6 @@ in coder = handleTest ./coder.nix { }; collectd = handleTest ./collectd.nix { }; commafeed = handleTest ./commafeed.nix { }; - conduwuit = runTest ./matrix/conduwuit.nix; connman = handleTest ./connman.nix { }; consul = handleTest ./consul.nix { }; consul-template = handleTest ./consul-template.nix { }; diff --git a/nixos/tests/matrix/conduwuit.nix b/nixos/tests/matrix/conduwuit.nix deleted file mode 100644 index 3e1123b692a6..000000000000 --- a/nixos/tests/matrix/conduwuit.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ lib, ... }: -let - name = "conduwuit"; -in -{ - inherit name; - - nodes = { - conduwuit = { - services.conduwuit = { - enable = true; - settings.global = { - server_name = name; - address = [ "0.0.0.0" ]; - allow_registration = true; - yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true; - }; - extraEnvironment.RUST_BACKTRACE = "yes"; - }; - networking.firewall.allowedTCPPorts = [ 6167 ]; - }; - client = - { pkgs, ... }: - { - environment.systemPackages = [ - (pkgs.writers.writePython3Bin "do_test" { libraries = [ pkgs.python3Packages.matrix-nio ]; } '' - import asyncio - import nio - - - async def main() -> None: - # Connect to conduwuit - client = nio.AsyncClient("http://conduwuit:6167", "alice") - - # Register as user alice - response = await client.register("alice", "my-secret-password") - - # Log in as user alice - response = await client.login("my-secret-password") - - # Create a new room - response = await client.room_create(federate=False) - print("Matrix room create response:", response) - assert isinstance(response, nio.RoomCreateResponse) - room_id = response.room_id - - # Join the room - response = await client.join(room_id) - print("Matrix join response:", response) - assert isinstance(response, nio.JoinResponse) - - # Send a message to the room - response = await client.room_send( - room_id=room_id, - message_type="m.room.message", - content={ - "msgtype": "m.text", - "body": "Hello conduwuit!" - } - ) - print("Matrix room send response:", response) - assert isinstance(response, nio.RoomSendResponse) - - # Sync responses - response = await client.sync(timeout=30000) - print("Matrix sync response:", response) - assert isinstance(response, nio.SyncResponse) - - # Check the message was received by conduwuit - last_message = response.rooms.join[room_id].timeline.events[-1].body - assert last_message == "Hello conduwuit!" - - # Leave the room - response = await client.room_leave(room_id) - print("Matrix room leave response:", response) - assert isinstance(response, nio.RoomLeaveResponse) - - # Close the client - await client.close() - - - if __name__ == "__main__": - asyncio.run(main()) - '') - ]; - }; - }; - - testScript = '' - start_all() - - with subtest("start conduwuit"): - conduwuit.wait_for_unit("conduwuit.service") - conduwuit.wait_for_open_port(6167) - - with subtest("ensure messages can be exchanged"): - client.succeed("do_test >&2") - ''; - - meta.maintainers = with lib.maintainers; [ - niklaskorz - ]; -} diff --git a/pkgs/applications/emulators/wine/base.nix b/pkgs/applications/emulators/wine/base.nix index 6c608bcdfdf7..0ca31e9695be 100644 --- a/pkgs/applications/emulators/wine/base.nix +++ b/pkgs/applications/emulators/wine/base.nix @@ -265,7 +265,7 @@ stdenv.mkDerivation ( hidden="$(dirname "$prog")/.$(basename "$prog")" mv "$prog" "$hidden" makeWrapper "$hidden" "$prog" \ - --inherit-argv0 \ + ${lib.optionalString (lib.versionAtLeast version "10.1") "--inherit-argv0"} \ --set WINELOADER "$hidden" \ --prefix GST_PLUGIN_SYSTEM_PATH_1_0 ":" "$GST_PLUGIN_SYSTEM_PATH_1_0" fi diff --git a/pkgs/by-name/af/affine/package.nix b/pkgs/by-name/af/affine/package.nix index 0628d85c49ad..b54ab0dce852 100644 --- a/pkgs/by-name/af/affine/package.nix +++ b/pkgs/by-name/af/affine/package.nix @@ -21,6 +21,8 @@ nix-update-script, buildType ? "stable", commandLineArgs ? "", + llvmPackages, + apple-sdk_15, }: let hostPlatform = stdenvNoCC.hostPlatform; @@ -41,17 +43,17 @@ in stdenv.mkDerivation (finalAttrs: { pname = binName; - version = "0.20.5"; + version = "0.21.2"; src = fetchFromGitHub { owner = "toeverything"; repo = "AFFiNE"; tag = "v${finalAttrs.version}"; - hash = "sha256-eMVHwjJe6u3A3Dxo6SurusRuMksp/moPmXAUv0FXBwc="; + hash = "sha256-d5dHHiiCXhzn8qJlCqJVw0qC86PvKyDZstPivX9bpCI="; }; cargoDeps = rustPlatform.fetchCargoVendor { inherit (finalAttrs) pname version src; - hash = "sha256-Ob+A7NMTFuJ2wmRkHmemHnqkEAiY7G8NyxXXrT7NTR8="; + hash = "sha256-0vhUeqCStM7P8+sDs3ZI+JlEzPAreoP+1X8x5zKOJUo="; }; yarnOfflineCache = stdenvNoCC.mkDerivation { name = "yarn-offline-cache"; @@ -96,8 +98,13 @@ stdenv.mkDerivation (finalAttrs: { ''; dontInstall = true; outputHashMode = "recursive"; - outputHash = "sha256-e5GNWgeYw4CcpOGDd/LNk+syBupqAuws0hz+wUbaFL4="; + outputHash = "sha256-pJiMCyBJSuTaxix3kKnSCrURL2+t26zB4Y59gGdxalo="; }; + + buildInputs = lib.optionals hostPlatform.isDarwin [ + apple-sdk_15 + ]; + nativeBuildInputs = [ nodejs @@ -113,10 +120,18 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals hostPlatform.isLinux [ copyDesktopItems makeWrapper + ] + ++ lib.optionals hostPlatform.isDarwin [ + # bindgenHook is needed to build `coreaudio-sys` on darwin + rustPlatform.bindgenHook ]; - # force yarn install run in CI mode - env.CI = "1"; + env = { + # force yarn install run in CI mode + CI = "1"; + # `LIBCLANG_PATH` is needed to build `coreaudio-sys` on darwin + LIBCLANG_PATH = lib.optionalString hostPlatform.isDarwin "${lib.getLib llvmPackages.libclang}/lib"; + }; # Remove code under The AFFiNE Enterprise Edition (EE) license. # Keep file package.json for `yarn install --immutable` lockfile check. diff --git a/pkgs/by-name/ap/aporetic-bin/package.nix b/pkgs/by-name/ap/aporetic-bin/package.nix new file mode 100644 index 000000000000..fe9d0b1753d2 --- /dev/null +++ b/pkgs/by-name/ap/aporetic-bin/package.nix @@ -0,0 +1,39 @@ +{ + stdenvNoCC, + lib, + fetchFromGitHub, +}: + +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "aporetic-bin"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "protesilaos"; + repo = "aporetic"; + tag = finalAttrs.version; + hash = "sha256-5lPViAo9SztOdds6HEmKJpT17tgcxmU/voXDffxTMDI="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/fonts/truetype + cp -r $src/{aporetic-sans-mono,aporetic-sans,aporetic-serif-mono,aporetic-serif} $out/share/fonts/truetype + + runHook postInstall + ''; + + meta = { + homepage = "https://github.com/protesilaos/aporetic"; + description = '' + Custom build of Iosevka with different style and metrics than the default. This is the successor to my "Iosevka Comfy" fonts. + ''; + license = lib.licenses.ofl; + platforms = lib.platforms.all; + maintainers = with lib.maintainers; [ + DamienCassou + drupol + ]; + }; +}) diff --git a/pkgs/by-name/ap/aporetic/package.nix b/pkgs/by-name/ap/aporetic/package.nix index acfd47d95aca..e16b39318fd3 100644 --- a/pkgs/by-name/ap/aporetic/package.nix +++ b/pkgs/by-name/ap/aporetic/package.nix @@ -17,9 +17,9 @@ let version = "1.1.0"; src = fetchFromGitHub { owner = "protesilaos"; - repo = pname; - rev = version; - sha256 = "sha256-5lPViAo9SztOdds6HEmKJpT17tgcxmU/voXDffxTMDI="; + repo = "aporetic"; + tag = version; + hash = "sha256-5lPViAo9SztOdds6HEmKJpT17tgcxmU/voXDffxTMDI="; }; privateBuildPlan = src.outPath + "/private-build-plans.toml"; makeIosevkaFont = @@ -45,21 +45,22 @@ let }; npmDepsHash = "sha256-HeqwpZyHLHdMhd/UfXVBonMu+PhStrLCxAMuP/KuTT8="; - - meta = with lib; { - inherit (src.meta) homepage; - description = '' - Customised build of the Iosevka typeface, with a consistent rounded style and overrides for almost all individual glyphs in both roman (upright) and italic (slanted) variants. - ''; - license = licenses.ofl; - platforms = iosevka.meta.platforms; - maintainers = [ maintainers.DamienCassou ]; - }; } ); }); in symlinkJoin { inherit pname version; + paths = (builtins.map makeIosevkaFont sets); + + meta = { + inherit (src.meta) homepage; + description = '' + Custom build of Iosevka with different style and metrics than the default, successor to my "Iosevka Comfy" fonts + ''; + license = lib.licenses.ofl; + platforms = iosevka.meta.platforms; + maintainers = [ lib.maintainers.DamienCassou ]; + }; } diff --git a/pkgs/by-name/au/authentik/package.nix b/pkgs/by-name/au/authentik/package.nix index ea5f865ad081..b6b1a3b465da 100644 --- a/pkgs/by-name/au/authentik/package.nix +++ b/pkgs/by-name/au/authentik/package.nix @@ -7,6 +7,7 @@ buildNpmPackage, buildGoModule, runCommand, + bash, chromedriver, openapi-generator-cli, nodejs, @@ -343,6 +344,8 @@ stdenvNoCC.mkDerivation { pname = "authentik"; inherit src version; + buildInputs = [ bash ]; + postPatch = '' rm Makefile patchShebangs lifecycle/ak diff --git a/pkgs/by-name/ay/ayatana-indicator-session/package.nix b/pkgs/by-name/ay/ayatana-indicator-session/package.nix index e6a2c4737bd4..24a1371488f9 100644 --- a/pkgs/by-name/ay/ayatana-indicator-session/package.nix +++ b/pkgs/by-name/ay/ayatana-indicator-session/package.nix @@ -22,13 +22,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "ayatana-indicator-session"; - version = "24.5.0"; + version = "24.5.1"; src = fetchFromGitHub { owner = "AyatanaIndicators"; repo = "ayatana-indicator-session"; tag = finalAttrs.version; - hash = "sha256-p4nu7ZgnEjnnxNqyZIg//YcssnQcCY7GFDbpGIu1dz0="; + hash = "sha256-jqcgQTsC4VBit3wwtKKTdEG71CUPJpeMtpzikE4IGhE="; }; postPatch = '' diff --git a/pkgs/by-name/co/conduwuit/package.nix b/pkgs/by-name/co/conduwuit/package.nix index 89af36894092..15ebfc2e3649 100644 --- a/pkgs/by-name/co/conduwuit/package.nix +++ b/pkgs/by-name/co/conduwuit/package.nix @@ -15,7 +15,6 @@ rust-jemalloc-sys, enableLiburing ? stdenv.hostPlatform.isLinux, liburing, - nixosTests, }: let rust-jemalloc-sys' = rust-jemalloc-sys.override { @@ -81,16 +80,12 @@ rustPlatform.buildRustPackage rec { passthru = { updateScript = nix-update-script { }; - tests = - { - version = testers.testVersion { - inherit version; - package = conduwuit; - }; - } - // lib.optionalAttrs stdenv.hostPlatform.isLinux { - inherit (nixosTests) conduwuit; + tests = { + version = testers.testVersion { + inherit version; + package = conduwuit; }; + }; }; meta = { @@ -98,6 +93,9 @@ rustPlatform.buildRustPackage rec { homepage = "https://conduwuit.puppyirl.gay/"; changelog = "https://github.com/girlbossceo/conduwuit/releases/tag/v${version}"; license = lib.licenses.asl20; + knownVulnerabilities = [ + "On April 11, 2025, the conduwuit project officially ceased development" + ]; maintainers = with lib.maintainers; [ niklaskorz ]; # Not a typo, conduwuit is a drop-in replacement for conduit. mainProgram = "conduit"; diff --git a/pkgs/by-name/fi/firewalld/add-config-path-env-var.patch b/pkgs/by-name/fi/firewalld/add-config-path-env-var.patch new file mode 100644 index 000000000000..bba877e5593a --- /dev/null +++ b/pkgs/by-name/fi/firewalld/add-config-path-env-var.patch @@ -0,0 +1,12 @@ +--- a/src/firewall/config/__init__.py.in ++++ b/src/firewall/config/__init__.py.in +@@ -80,7 +80,8 @@ + FIREWALLD_POLICIES = path + "/policies" + + +-set_default_config_paths("/usr/lib/firewalld") ++import os ++set_default_config_paths(os.environ.get("NIX_FIREWALLD_CONFIG_PATH", "/usr/lib/firewalld")) + + FIREWALLD_LOGFILE = "/var/log/firewalld" + diff --git a/pkgs/by-name/fi/firewalld/package.nix b/pkgs/by-name/fi/firewalld/package.nix index 5fe266ea17e3..59c62cdfd2d8 100644 --- a/pkgs/by-name/fi/firewalld/package.nix +++ b/pkgs/by-name/fi/firewalld/package.nix @@ -2,20 +2,27 @@ lib, stdenv, fetchFromGitHub, - autoreconfHook, - bash, + autoconf, + automake, docbook_xml_dtd_42, docbook-xsl-nons, glib, gobject-introspection, gtk3, intltool, + ipset, + iptables, + kdePackages, + kmod, libnotify, libxml2, libxslt, + networkmanager, networkmanagerapplet, pkg-config, python3, + qt6, + sysctl, wrapGAppsNoGuiHook, withGui ? false, }: @@ -30,8 +37,7 @@ let pygobject3 ] ++ lib.optionals withGui [ - pyqt5 - pyqt5-sip + pyqt6 ] ); in @@ -47,27 +53,32 @@ stdenv.mkDerivation rec { }; patches = [ + ./add-config-path-env-var.patch ./respect-xml-catalog-files-var.patch + ./specify-localedir.patch ]; postPatch = '' - substituteInPlace src/firewall/config/__init__.py.in \ - --replace "/usr/share" "$out/share" + substituteInPlace config/xmlschema/check.sh \ + --replace-fail /usr/bin/ "" - for file in config/firewall-{applet,config}.desktop.in; do - substituteInPlace $file \ - --replace "/usr/bin/" "$out/bin/" + for file in src/{firewall-offline-cmd.in,firewall/config/__init__.py.in} \ + config/firewall-{applet,config}.desktop.in; do + substituteInPlace $file \ + --replace-fail /usr "$out" done '' + lib.optionalString withGui '' substituteInPlace src/firewall-applet.in \ - --replace "/usr/bin/nm-connection-editor" "${networkmanagerapplet}/bin/nm-connection-editor" + --replace-fail "/usr/bin/systemsettings" "${kdePackages.systemsettings}/bin/systemsettings" \ + --replace-fail "/usr/bin/nm-connection-editor" "${networkmanagerapplet}/bin/nm-connection-editor" ''; nativeBuildInputs = [ - autoreconfHook + autoconf + automake docbook_xml_dtd_42 docbook-xsl-nons glib @@ -77,40 +88,78 @@ stdenv.mkDerivation rec { pkg-config python3 python3.pkgs.wrapPython + wrapGAppsNoGuiHook ] ++ lib.optionals withGui [ - gobject-introspection - wrapGAppsNoGuiHook + qt6.wrapQtAppsHook ]; buildInputs = [ - bash glib + gobject-introspection + ipset + iptables + kmod + networkmanager + pythonPath + sysctl ] ++ lib.optionals withGui [ gtk3 libnotify - pythonPath + qt6.qtbase ]; - dontWrapGApps = true; - - preFixup = lib.optionalString withGui '' - makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + preConfigure = '' + ./autogen.sh ''; + ac_cv_path_MODPROBE = lib.getExe' kmod "modprobe"; + ac_cv_path_RMMOD = lib.getExe' kmod "rmmod"; + ac_cv_path_SYSCTL = lib.getExe' sysctl "sysctl"; + + configureFlags = [ + "--with-iptables=${lib.getExe' iptables "iptables"}" + "--with-iptables-restore=${lib.getExe' iptables "iptables-restore"}" + "--with-ip6tables=${lib.getExe' iptables "ip6tables"}" + "--with-ip6tables-restore=${lib.getExe' iptables "ip6tables-restore"}" + "--with-ebtables=${lib.getExe' iptables "ebtables"}" + "--with-ebtables-restore=${lib.getExe' iptables "ebtables-restore"}" + "--with-ipset=${lib.getExe' ipset "ipset"}" + ]; + + postInstall = + '' + rm -r $out/share/firewalld/testsuite + '' + + lib.optionalString (!withGui) '' + rm $out/bin/firewall-{applet,config} + ''; + + dontWrapGApps = true; + dontWrapQtApps = true; + + preFixup = + '' + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + '' + + lib.optionalString withGui '' + makeWrapperArgs+=("''${qtWrapperArgs[@]}") + ''; + postFixup = '' - chmod +x $out/share/firewalld/*.py $out/share/firewalld/testsuite/python/*.py $out/share/firewalld/testsuite/{,integration/}testsuite - patchShebangs --host $out/share/firewalld/testsuite/{,integration/}testsuite $out/share/firewalld/*.py + chmod +x $out/share/firewalld/*.py + patchShebangs --host $out/share/firewalld/*.py wrapPythonProgramsIn "$out/bin" "$out ${pythonPath}" - wrapPythonProgramsIn "$out/share/firewalld/testsuite/python" "$out ${pythonPath}" ''; - meta = with lib; { + meta = { description = "Firewall daemon with D-Bus interface"; - homepage = "https://github.com/firewalld/firewalld"; - license = licenses.gpl2Plus; - maintainers = [ ]; + homepage = "https://firewalld.org"; + downloadPage = "https://github.com/firewalld/firewalld/releases"; + license = lib.licenses.gpl2Plus; + maintainers = with lib.maintainers; [ prince213 ]; + platforms = lib.platforms.linux; }; } diff --git a/pkgs/by-name/fi/firewalld/specify-localedir.patch b/pkgs/by-name/fi/firewalld/specify-localedir.patch new file mode 100644 index 000000000000..57e79da4d0b1 --- /dev/null +++ b/pkgs/by-name/fi/firewalld/specify-localedir.patch @@ -0,0 +1,12 @@ +--- a/src/firewall/config/__init__.py.in ++++ b/src/firewall/config/__init__.py.in +@@ -19,6 +19,9 @@ + DOMAIN = "firewalld" + import gettext + ++locale.bindtextdomain(DOMAIN, "/usr/share/locale") ++gettext.bindtextdomain(DOMAIN, "/usr/share/locale") ++ + gettext.install(domain=DOMAIN) + + from . import dbus # noqa: F401 diff --git a/pkgs/by-name/kn/knot-dns/package.nix b/pkgs/by-name/kn/knot-dns/package.nix index a0cee0a2722d..f2c58300c055 100644 --- a/pkgs/by-name/kn/knot-dns/package.nix +++ b/pkgs/by-name/kn/knot-dns/package.nix @@ -33,11 +33,11 @@ stdenv.mkDerivation rec { pname = "knot-dns"; - version = "3.4.5"; + version = "3.4.6"; src = fetchurl { url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz"; - sha256 = "sha256-NZr3Cvr6fMqhhDmnwes1Jw/57s6B0HVq5MpxaxQzy0s="; + sha256 = "sha256-0ZxaH/lLTyYCfWNd4Qjb/Ij1ZSvobMs7qaRO6b4OWDk="; }; outputs = [ diff --git a/pkgs/by-name/li/libhydrogen/package.nix b/pkgs/by-name/li/libhydrogen/package.nix new file mode 100644 index 000000000000..eda73c73877d --- /dev/null +++ b/pkgs/by-name/li/libhydrogen/package.nix @@ -0,0 +1,65 @@ +{ + lib, + stdenv, + fetchFromGitHub, + testers, + pkg-config, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "libhydrogen"; + version = "0-unstable-2025-04-06"; + + src = fetchFromGitHub { + owner = "jedisct1"; + repo = "libhydrogen"; + rev = "bbca575b62510bfdc6dd927a4bfa7df4a51cb846"; + hash = "sha256-sLOE3oR53hmvRqIPD5PU9Q04TFqw2KuWT1OQBA/KdRc="; + }; + + outputs = [ + "out" + "dev" + ]; + + nativeBuildInputs = [ pkg-config ]; + enableParallelBuilding = true; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + "INCLUDE_INSTALL_DIR=${placeholder "dev"}/include" + "LIBRARY_INSTALL_DIR=${placeholder "out"}/lib" + "PKGCONFIG_INSTALL_DIR=${placeholder "dev"}/lib/pkgconfig" + "lib" + ]; + + checkTarget = "test"; + + postInstall = '' + mkdir -p "$dev/lib/pkgconfig" + cat > "$dev/lib/pkgconfig/libhydrogen.pc" < +Date: Fri, 11 Apr 2025 03:24:38 +0200 +Subject: [PATCH] Fix installation of cmake files + +When binaries, libs and development files like include or cmake files +are installed to different target directories then those where before +relatively installed to the binary and not in the correct directory +where other development related files where installed. + +Tested inside of nixpkgs with zxing using the system library of zint. +--- + CMakeLists.txt | 2 +- + backend/CMakeLists.txt | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 6f7cf220..ecfe53c3 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -201,4 +201,4 @@ if(ZINT_UNINSTALL) + endif() + + configure_file("zint-config.cmake.in" "zint-config.cmake" @ONLY) +-install(FILES "${CMAKE_CURRENT_BINARY_DIR}/zint-config.cmake" DESTINATION "${CMAKE_INSTALL_DATADIR}/zint") ++install(FILES "${CMAKE_CURRENT_BINARY_DIR}/zint-config.cmake" DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/zint") +diff --git a/backend/CMakeLists.txt b/backend/CMakeLists.txt +index 45538515..1e7e40b3 100644 +--- a/backend/CMakeLists.txt ++++ b/backend/CMakeLists.txt +@@ -131,7 +131,7 @@ endif() + if(ZINT_STATIC) + install(TARGETS zint-static EXPORT zint-targets ${INSTALL_TARGETS_DEFAULT_ARGS}) + endif() +-install(EXPORT zint-targets NAMESPACE zint:: DESTINATION "${CMAKE_INSTALL_DATADIR}/zint") ++install(EXPORT zint-targets NAMESPACE zint:: DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/zint") + install(FILES zint.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} COMPONENT Devel) + + if(ZINT_TEST) diff --git a/pkgs/by-name/zi/zint/package.nix b/pkgs/by-name/zi/zint/package.nix index f38c6277bf56..605e6c26ce29 100644 --- a/pkgs/by-name/zi/zint/package.nix +++ b/pkgs/by-name/zi/zint/package.nix @@ -26,14 +26,11 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-+dXIU66HIS2mE0pa99UemMMFBGCYjupUX8P7q3G7Nis="; }; - postPatch = '' + patches = [ # Fix cmake file installation # https://github.com/zint/zint/pull/8 - substituteInPlace CMakeLists.txt \ - --replace-fail 'DESTINATION "''${CMAKE_INSTALL_DATADIR}/zint"' 'DESTINATION lib/cmake/zint' - substituteInPlace backend/CMakeLists.txt \ - --replace-fail 'DESTINATION "''${CMAKE_INSTALL_DATADIR}/zint"' 'DESTINATION lib/cmake/zint' - ''; + ./fix-installation-of-cmake-files.patch + ]; nativeBuildInputs = [ cmake diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix index 594b2eacebbf..82f4249c21f0 100644 --- a/pkgs/development/interpreters/php/8.3.nix +++ b/pkgs/development/interpreters/php/8.3.nix @@ -4,8 +4,8 @@ let base = callPackage ./generic.nix ( _args // { - version = "8.3.19"; - hash = "sha256-rWkCoqAvlOw+mYIGniZou6POR+L2u7q5Xra323vz01A="; + version = "8.3.20"; + hash = "sha256-NrTmoyPNRWc6VPKW6dJma39d9XZBAxx3xP2BN7xOvrM="; } ); in diff --git a/pkgs/development/interpreters/php/8.4.nix b/pkgs/development/interpreters/php/8.4.nix index 77a36a6cdaa9..50159b0f2f35 100644 --- a/pkgs/development/interpreters/php/8.4.nix +++ b/pkgs/development/interpreters/php/8.4.nix @@ -4,8 +4,8 @@ let base = callPackage ./generic.nix ( _args // { - version = "8.4.5"; - hash = "sha256-k3jHiIfQzXRi/FwX8t4wyFLyD3nSh5XiVz/jJQ05Q24="; + version = "8.4.6"; + hash = "sha256-nPJzRQm2A/ZYlherUqlxKgPg/gWZUc3dLUYj30v3xsY="; } ); in diff --git a/pkgs/development/php-packages/parallel/default.nix b/pkgs/development/php-packages/parallel/default.nix index abb5da0bb888..c3ab601ae1d5 100644 --- a/pkgs/development/php-packages/parallel/default.nix +++ b/pkgs/development/php-packages/parallel/default.nix @@ -6,8 +6,8 @@ buildPecl { pname = "parallel"; - version = "1.2.4"; - hash = "sha256-s9W9aZpQsJLdzZ/d2E1iGDsMTAAjeWbOgWeKP6nNp0A="; + version = "1.2.6"; + hash = "sha256-tFQUbRxEb7gJlec0447akrngkJ0UZqojz5QNfXqvDcA="; meta = { description = "Parallel concurrency API"; # parallel extension requires PHP with ZTS enabled diff --git a/pkgs/development/php-packages/phalcon/default.nix b/pkgs/development/php-packages/phalcon/default.nix index 6202a1adc7ab..d36cf582fbe6 100644 --- a/pkgs/development/php-packages/phalcon/default.nix +++ b/pkgs/development/php-packages/phalcon/default.nix @@ -37,6 +37,5 @@ buildPecl rec { license = licenses.bsd3; homepage = "https://phalcon.io"; maintainers = teams.php.members ++ [ maintainers.krzaczek ]; - broken = lib.versionAtLeast php.version "8.4"; }; } diff --git a/pkgs/development/python-modules/transformers/default.nix b/pkgs/development/python-modules/transformers/default.nix index ec0b502b711c..6886bc9c93a2 100644 --- a/pkgs/development/python-modules/transformers/default.nix +++ b/pkgs/development/python-modules/transformers/default.nix @@ -58,14 +58,14 @@ buildPythonPackage rec { pname = "transformers"; - version = "4.51.1"; + version = "4.51.2"; pyproject = true; src = fetchFromGitHub { owner = "huggingface"; repo = "transformers"; tag = "v${version}"; - hash = "sha256-02HT0GAfEyGgqPvly7EPZX0loSeS2mJQNI87E8WbEGY="; + hash = "sha256-RBG0//uKSRO8wBGdaQe8KPeIUXUKAws+VlSXYYtUr+o="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/tools/qtcreator/default.nix b/pkgs/development/tools/qtcreator/default.nix index ed43fd476372..8a9b6d01ac03 100644 --- a/pkgs/development/tools/qtcreator/default.nix +++ b/pkgs/development/tools/qtcreator/default.nix @@ -31,11 +31,11 @@ stdenv.mkDerivation rec { pname = "qtcreator"; - version = "16.0.0"; + version = "16.0.1"; src = fetchurl { url = "mirror://qt/official_releases/${pname}/${lib.versions.majorMinor version}/${version}/qt-creator-opensource-src-${version}.tar.xz"; - hash = "sha256-GLQ1PmijHAYnEwCMBc5/fuiKqvVtWsDG3lebq/soN9o="; + hash = "sha256-Elz13fDOK9n7MTEE7Edy9iirpm1o6yOFCB+yJtiYMSw="; }; nativeBuildInputs = [ diff --git a/pkgs/servers/sql/postgresql/ext/pg-gvm.nix b/pkgs/servers/sql/postgresql/ext/pg-gvm.nix index 679374aae167..e08982715966 100644 --- a/pkgs/servers/sql/postgresql/ext/pg-gvm.nix +++ b/pkgs/servers/sql/postgresql/ext/pg-gvm.nix @@ -14,13 +14,13 @@ postgresqlBuildExtension (finalAttrs: { pname = "pg-gvm"; - version = "22.6.8"; + version = "22.6.9"; src = fetchFromGitHub { owner = "greenbone"; repo = "pg-gvm"; tag = "v${finalAttrs.version}"; - hash = "sha256-D8KpOTF+vcBNIn//8Y0Hwk4B+OBF2Hh3dkWyO2KYeqw="; + hash = "sha256-T1U7t6ORHtmWeg77PR4gUH4nn3ywVC3MnvqoEIpJ4aw="; }; nativeBuildInputs = [ diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 3a7c90d69a3b..4575c28d68b2 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1565,6 +1565,7 @@ mapAliases { shipyard = jumppad; # Added 2023-06-06 siduck76-st = st-snazzy; # Added 2024-12-24 signal-desktop-beta = throw "signal-desktop-beta has been removed to make the signal-desktop package easier to maintain"; + signal-desktop = lib.warnOnInstantiate "'signal-desktop' has been renamed to 'signal-desktop-bin'; in the future, 'signal-desktop' will point to 'signal-desktop-source'" signal-desktop-bin; # Added 2025-04-01 sheesy-cli = throw "'sheesy-cli' has been removed due to lack of upstream maintenance"; # Added 2025-01-26 shout = nodePackages.shout; # Added unknown; moved 2024-10-19 sky = throw "'sky' has been removed because its upstream website disappeared"; # Added 2024-07-21