From 356b874541f191cbeef1a01cef5db61396ade0e2 Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Thu, 3 Apr 2025 22:26:18 +0000 Subject: [PATCH 01/30] lxcfs: 6.0.3 -> 6.0.4 https://discuss.linuxcontainers.org/t/lxcfs-6-0-4-lts-has-been-released/23389 https://github.com/lxc/lxcfs/releases/tag/v6.0.4 --- pkgs/by-name/lx/lxcfs/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/lx/lxcfs/package.nix b/pkgs/by-name/lx/lxcfs/package.nix index 966d93df2ac8..8b10fd6886d3 100644 --- a/pkgs/by-name/lx/lxcfs/package.nix +++ b/pkgs/by-name/lx/lxcfs/package.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "lxcfs"; - version = "6.0.3"; + version = "6.0.4"; src = fetchFromGitHub { owner = "lxc"; repo = "lxcfs"; - rev = "v${version}"; - hash = "sha256-+Xlx1E6ggB/Vx3yOJGgh4UfEvaVyT7uOttaxelDA7Iw="; + tag = "v${version}"; + hash = "sha256-jmadClC/3nHfNL+F/gC5NM6u03OE9flEVtPU28nylw4="; }; patches = [ From b53467502234c9a4fc483e880b96fa1979e92996 Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Thu, 3 Apr 2025 22:31:14 +0000 Subject: [PATCH 02/30] lxc: 6.0.3 -> 6.0.4 https://discuss.linuxcontainers.org/t/lxc-6-0-4-lts-has-been-released/23390 https://github.com/lxc/lxc/releases/tag/v6.0.4 --- pkgs/by-name/lx/lxc/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/lx/lxc/package.nix b/pkgs/by-name/lx/lxc/package.nix index 6398ec6093a2..fba1b0efba4b 100644 --- a/pkgs/by-name/lx/lxc/package.nix +++ b/pkgs/by-name/lx/lxc/package.nix @@ -22,13 +22,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "lxc"; - version = "6.0.3"; + version = "6.0.4"; src = fetchFromGitHub { owner = "lxc"; repo = "lxc"; tag = "v${finalAttrs.version}"; - hash = "sha256-h41lcHGjJmIH28XRpM0gdFsOQOCLSWevSLfvQ7gIf7Q="; + hash = "sha256-zmL568PprrpIWTVCkScXHEzTZ+NduSH4r8ETnz4NY64="; }; nativeBuildInputs = [ From 160d352c6a933f223efee02a692066763dc18ef1 Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Thu, 3 Apr 2025 22:32:38 +0000 Subject: [PATCH 03/30] incus-lts: 6.0.3 -> 6.0.4 https://discuss.linuxcontainers.org/t/incus-6-0-4-lts-has-been-released/23391 https://github.com/lxc/incus/releases/tag/v6.0.4 --- pkgs/by-name/in/incus/lts.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/in/incus/lts.nix b/pkgs/by-name/in/incus/lts.nix index a6cbeffb08d4..f7e89ba71bf3 100644 --- a/pkgs/by-name/in/incus/lts.nix +++ b/pkgs/by-name/in/incus/lts.nix @@ -1,7 +1,7 @@ import ./generic.nix { - hash = "sha256-+W4imWem5iQ6nPVcoObc4COFxQVED0ppVd/YC+Nqtgw="; - version = "6.0.3"; - vendorHash = "sha256-ZUtWzbAjHij95khYx8lWYEpA8ITlMtKpObG5Vl7aE90="; + hash = "sha256-zwefzCmj4K1GJRbherOS28swLoGbHnUxbF9bmLOh738="; + version = "6.0.4"; + vendorHash = "sha256-4of741V2ztxkyI2r5UVEL5ON/9kaDTygosLxyTw6ShQ="; patches = [ # qemu 9.1 compat, remove when added to LTS ./572afb06f66f83ca95efa1b9386fceeaa1c9e11b.patch From cadf4cfc8307b5df7f8a1ac72b5c166d14fcf55f Mon Sep 17 00:00:00 2001 From: Cassie Cheung Date: Sat, 22 Mar 2025 14:03:09 +0800 Subject: [PATCH 04/30] nixos/anubis: init module --- nixos/doc/manual/redirects.json | 9 + .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/anubis.md | 61 ++++ nixos/modules/services/networking/anubis.nix | 314 ++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/anubis.nix | 98 ++++++ 7 files changed, 486 insertions(+) create mode 100644 nixos/modules/services/networking/anubis.md create mode 100644 nixos/modules/services/networking/anubis.nix create mode 100644 nixos/tests/anubis.nix diff --git a/nixos/doc/manual/redirects.json b/nixos/doc/manual/redirects.json index 29f7f9d51996..4995273654d0 100644 --- a/nixos/doc/manual/redirects.json +++ b/nixos/doc/manual/redirects.json @@ -2,6 +2,15 @@ "book-nixos-manual": [ "index.html#book-nixos-manual" ], + "module-services-anubis": [ + "index.html#module-services-anubis" + ], + "module-services-anubis-configuration": [ + "index.html#module-services-anubis-configuration" + ], + "module-services-anubis-quickstart": [ + "index.html#module-services-anubis-quickstart" + ], "module-services-crab-hole": [ "index.html#module-services-crab-hole" ], diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 269b308fc3f8..2837e4e50ce6 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -168,6 +168,8 @@ - [PDS](https://github.com/bluesky-social/pds), Personal Data Server for [bsky](https://bsky.social/). Available as [services.pds](option.html#opt-services.pds). +- [Anubis](https://github.com/TecharoHQ/anubis), a scraper defense software. Available as [services.anubis](options.html#opt-services.anubis). + - [synapse-auto-compressor](https://github.com/matrix-org/rust-synapse-compress-state?tab=readme-ov-file#automated-tool-synapse_auto_compressor), a rust-based matrix-synapse state compressor for postgresql. Available as [services.synapse-auto-compressor](#opt-services.synapse-auto-compressor.enable). - [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index daad3727a341..9ac296973411 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1038,6 +1038,7 @@ ./services/networking/adguardhome.nix ./services/networking/alice-lg.nix ./services/networking/amuled.nix + ./services/networking/anubis.nix ./services/networking/aria2.nix ./services/networking/asterisk.nix ./services/networking/atftpd.nix diff --git a/nixos/modules/services/networking/anubis.md b/nixos/modules/services/networking/anubis.md new file mode 100644 index 000000000000..8a9a2ea76aa6 --- /dev/null +++ b/nixos/modules/services/networking/anubis.md @@ -0,0 +1,61 @@ +# Anubis {#module-services-anubis} + +[Anubis](https://anubis.techaro.lol) is a scraper defense software that blocks AI scrapers. It is designed to sit +between a reverse proxy and the service to be protected. + +## Quickstart {#module-services-anubis-quickstart} + +This module is designed to use Unix domain sockets as the socket paths can be automatically configured for multiple +instances, but TCP sockets are also supported. + +A minimal configuration with [nginx](#opt-services.nginx.enable) may look like the following: + +```nix +{ config, ... }: { + services.anubis.instances.default.settings.TARGET = "http://localhost:8000"; + + # required due to unix socket permissions + users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; + services.nginx.virtualHosts."example.com" = { + locations = { + "/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}"; + }; + }; +} +``` + +If Unix domain sockets are not needed or desired, this module supports operating with only TCP sockets. + +```nix +{ + services.anubis = { + instances.default = { + settings = { + TARGET = "http://localhost:8080"; + BIND = ":9000"; + BIND_NETWORK = "tcp"; + METRICS_BIND = "127.0.0.1:9001"; + METRICS_BIND_NETWORK = "tcp"; + }; + }; + }; +} +``` + +## Configuration {#module-services-anubis-configuration} + +It is possible to configure default settings for all instances of Anubis, via {option}`services.anubis.defaultOptions`. + +```nix +{ + services.anubis.defaultOptions = { + botPolicy = { dnsbl = false; }; + settings.DIFFICULTY = 3; + }; +} +``` + +Note that at the moment, a custom bot policy is not merged with the baked-in one. That means to only override a setting +like `dnsbl`, copying the entire bot policy is required. Check +[the upstream repository](https://github.com/TecharoHQ/anubis/blob/1509b06cb921aff842e71fbb6636646be6ed5b46/cmd/anubis/botPolicies.json) +for the policy. diff --git a/nixos/modules/services/networking/anubis.nix b/nixos/modules/services/networking/anubis.nix new file mode 100644 index 000000000000..e2d9fdc0f290 --- /dev/null +++ b/nixos/modules/services/networking/anubis.nix @@ -0,0 +1,314 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) types; + jsonFormat = pkgs.formats.json { }; + + cfg = config.services.anubis; + enabledInstances = lib.filterAttrs (_: conf: conf.enable) cfg.instances; + instanceName = name: if name == "" then "anubis" else "anubis-${name}"; + + commonSubmodule = + isDefault: + let + mkDefaultOption = + path: opts: + lib.mkOption ( + opts + // lib.optionalAttrs (!isDefault && opts ? default) { + default = + lib.attrByPath (lib.splitString "." path) + (throw "This is a bug in the Anubis module. Please report this as an issue.") + cfg.defaultOptions; + defaultText = lib.literalExpression "config.services.anubis.defaultOptions.${path}"; + } + ); + in + { name, ... }: + { + options = { + enable = lib.mkEnableOption "this instance of Anubis" // { + default = true; + }; + user = mkDefaultOption "user" { + default = "anubis"; + description = '' + The user under which Anubis is run. + + This module utilizes systemd's DynamicUser feature. See the corresponding section in + {manpage}`systemd.exec(5)` for more details. + ''; + type = types.str; + }; + group = mkDefaultOption "group" { + default = "anubis"; + description = '' + The group under which Anubis is run. + + This module utilizes systemd's DynamicUser feature. See the corresponding section in + {manpage}`systemd.exec(5)` for more details. + ''; + type = types.str; + }; + + botPolicy = lib.mkOption { + default = null; + description = '' + Anubis policy configuration in Nix syntax. Set to `null` to use the baked-in policy which should be + sufficient for most use-cases. + + This option has no effect if `settings.POLICY_FNAME` is set to a different value, which is useful for + importing an existing configuration. + + See [the documentation](https://anubis.techaro.lol/docs/admin/policies) for details. + ''; + type = types.nullOr jsonFormat.type; + }; + + extraFlags = mkDefaultOption "extraFlags" { + default = [ ]; + description = "A list of extra flags to be passed to Anubis."; + example = [ "-metrics-bind \"\"" ]; + type = types.listOf types.str; + }; + + settings = lib.mkOption { + default = { }; + description = '' + Freeform configuration via environment variables for Anubis. + + See [the documentation](https://anubis.techaro.lol/docs/admin/installation) for a complete list of + available environment variables. + ''; + type = types.submodule [ + { + freeformType = + with types; + attrsOf ( + nullOr (oneOf [ + str + int + bool + ]) + ); + + options = { + # BIND and METRICS_BIND are defined in instance specific options, since global defaults don't make sense + BIND_NETWORK = mkDefaultOption "settings.BIND_NETWORK" { + default = "unix"; + description = '' + The network family that Anubis should bind to. + + Accepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen). + + Common values are `tcp` and `unix`. + ''; + example = "tcp"; + type = types.str; + }; + METRICS_BIND_NETWORK = mkDefaultOption "settings.METRICS_BIND_NETWORK" { + default = "unix"; + description = '' + The network family that the metrics server should bind to. + + Accepts anything supported by Go's [`net.Listen`](https://pkg.go.dev/net#Listen). + + Common values are `tcp` and `unix`. + ''; + example = "tcp"; + type = types.str; + }; + SOCKET_MODE = mkDefaultOption "settings.SOCKET_MODE" { + default = "0770"; + description = "The permissions on the Unix domain sockets created."; + example = "0700"; + type = types.str; + }; + DIFFICULTY = mkDefaultOption "settings.DIFFICULTY" { + default = 4; + description = '' + The difficulty required for clients to solve the challenge. + + Currently, this means the amount of leading zeros in a successful response. + ''; + type = types.int; + example = 5; + }; + SERVE_ROBOTS_TXT = mkDefaultOption "settings.SERVE_ROBOTS_TXT" { + default = false; + description = '' + Whether to serve a default robots.txt that denies access to common AI bots by name and all other + bots by wildcard. + ''; + type = types.bool; + }; + + # generated by default + POLICY_FNAME = mkDefaultOption "settings.POLICY_FNAME" { + default = null; + description = '' + The bot policy file to use. Leave this as `null` to respect the value set in + {option}`services.anubis.instances..botPolicy`. + ''; + type = types.nullOr types.path; + }; + }; + } + (lib.optionalAttrs (!isDefault) (instanceSpecificOptions name)) + ]; + }; + }; + }; + + instanceSpecificOptions = name: { + options = { + # see other options above + BIND = lib.mkOption { + default = "/run/anubis/${instanceName name}.sock"; + description = '' + The address that Anubis listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for syntax. + + Defaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `BIND_NETWORK` to `"tcp"`. + ''; + example = ":8080"; + type = types.str; + }; + METRICS_BIND = lib.mkOption { + default = "/run/anubis/${instanceName name}-metrics.sock"; + description = '' + The address Anubis' metrics server listens to. See Go's [`net.Listen`](https://pkg.go.dev/net#Listen) for + syntax. + + The metrics server is enabled by default and may be disabled. However, due to implementation details, this is + only possible by setting a command line flag. See {option}`services.anubis.defaultOptions.extraFlags` for an + example. + + Defaults to Unix domain sockets. To use TCP sockets, set this to a TCP address and `METRICS_BIND_NETWORK` to + `"tcp"`. + ''; + example = "127.0.0.1:8081"; + type = types.str; + }; + TARGET = lib.mkOption { + description = '' + The reverse proxy target that Anubis is protecting. This is a required option. + + The usage of Unix domain sockets is supported by the following syntax: `unix:///path/to/socket.sock`. + ''; + example = "http://127.0.0.1:8000"; + type = types.str; + }; + }; + }; +in +{ + options.services.anubis = { + package = lib.mkPackageOption pkgs "anubis" { }; + + defaultOptions = lib.mkOption { + default = { }; + description = "Default options for all instances of Anubis."; + type = types.submodule (commonSubmodule true); + }; + + instances = lib.mkOption { + default = { }; + description = '' + An attribute set of Anubis instances. + + The attribute name may be an empty string, in which case the `-` suffix is not added to the service name + and socket paths. + ''; + type = types.attrsOf (types.submodule (commonSubmodule false)); + }; + }; + + config = lib.mkIf (enabledInstances != { }) { + users.users = lib.mkIf (cfg.defaultOptions.user == "anubis") { + anubis = { + isSystemUser = true; + group = cfg.defaultOptions.group; + }; + }; + + users.groups = lib.mkIf (cfg.defaultOptions.group == "anubis") { + anubis = { }; + }; + + systemd.services = lib.mapAttrs' ( + name: instance: + lib.nameValuePair "${instanceName name}" { + description = "Anubis (${if name == "" then "default" else name} instance)"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + + environment = lib.mapAttrs (lib.const (lib.generators.mkValueStringDefault { })) ( + lib.filterAttrs (_: v: v != null) instance.settings + ); + + serviceConfig = { + User = instance.user; + Group = instance.group; + DynamicUser = true; + + ExecStart = lib.concatStringsSep " " ( + (lib.singleton (lib.getExe cfg.package)) ++ instance.extraFlags + ); + RuntimeDirectory = + if + lib.any (lib.hasPrefix "/run/anubis") ( + with instance.settings; + [ + BIND + METRICS_BIND + ] + ) + then + "anubis" + else + null; + + # hardening + NoNewPrivileges = true; + CapabilityBoundingSet = null; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + SystemCallArchitectures = "native"; + MemoryDenyWriteExecute = true; + + PrivateUsers = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectHome = true; + ProtectClock = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + ProtectControlGroups = "strict"; + LockPersonality = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RestrictNamespaces = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + }; + } + ) enabledInstances; + }; + + meta.maintainers = with lib.maintainers; [ soopyc ]; + meta.doc = ./anubis.md; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index d1d13a452708..82deac582e5b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -174,6 +174,7 @@ in { amd-sev = runTest ./amd-sev.nix; angie-api = runTest ./angie-api.nix; anki-sync-server = runTest ./anki-sync-server.nix; + anubis = runTest ./anubis.nix; anuko-time-tracker = runTest ./anuko-time-tracker.nix; apcupsd = runTest ./apcupsd.nix; apfs = runTest ./apfs.nix; diff --git a/nixos/tests/anubis.nix b/nixos/tests/anubis.nix new file mode 100644 index 000000000000..f00a2a827326 --- /dev/null +++ b/nixos/tests/anubis.nix @@ -0,0 +1,98 @@ +{ lib, ... }: +{ + name = "anubis"; + meta.maintainers = [ lib.maintainers.soopyc ]; + + nodes.machine = + { + config, + pkgs, + ... + }: + { + services.anubis.instances = { + "".settings.TARGET = "http://localhost:8080"; + + "tcp" = { + user = "anubis-tcp"; + group = "anubis-tcp"; + settings = { + TARGET = "http://localhost:8080"; + BIND = ":9000"; + BIND_NETWORK = "tcp"; + METRICS_BIND = ":9001"; + METRICS_BIND_NETWORK = "tcp"; + }; + }; + + "unix-upstream" = { + group = "nginx"; + settings.TARGET = "unix:///run/nginx/nginx.sock"; + }; + }; + + # support + users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."basic.localhost".locations = { + "/".proxyPass = "http://unix:${config.services.anubis.instances."".settings.BIND}"; + "/metrics".proxyPass = "http://unix:${config.services.anubis.instances."".settings.METRICS_BIND}"; + }; + + virtualHosts."tcp.localhost".locations = { + "/".proxyPass = "http://localhost:9000"; + "/metrics".proxyPass = "http://localhost:9001"; + }; + + virtualHosts."unix.localhost".locations = { + "/".proxyPass = "http://unix:${config.services.anubis.instances.unix-upstream.settings.BIND}"; + }; + + # emulate an upstream with nginx, listening on tcp and unix sockets. + virtualHosts."upstream.localhost" = { + default = true; # make nginx match this vhost for `localhost` + listen = [ + { addr = "unix:/run/nginx/nginx.sock"; } + { + addr = "localhost"; + port = 8080; + } + ]; + locations."/" = { + tryFiles = "$uri $uri/index.html =404"; + root = pkgs.runCommand "anubis-test-upstream" { } '' + mkdir $out + echo "it works" >> $out/index.html + ''; + }; + }; + }; + }; + + testScript = '' + for unit in ["nginx", "anubis", "anubis-tcp", "anubis-unix-upstream"]: + machine.wait_for_unit(unit + ".service") + + for port in [9000, 9001]: + machine.wait_for_open_port(port) + + for instance in ["anubis", "anubis-unix-upstream"]: + machine.wait_for_open_unix_socket(f"/run/anubis/{instance}.sock") + machine.wait_for_open_unix_socket(f"/run/anubis/{instance}-metrics.sock") + + # Default unix socket mode + machine.succeed('curl -f http://basic.localhost | grep "it works"') + machine.succeed('curl -f http://basic.localhost -H "User-Agent: Mozilla" | grep anubis') + machine.succeed('curl -f http://basic.localhost/metrics | grep anubis_challenges_issued') + machine.succeed('curl -f -X POST http://basic.localhost/.within.website/x/cmd/anubis/api/make-challenge | grep challenge') + + # TCP mode + machine.succeed('curl -f http://tcp.localhost -H "User-Agent: Mozilla" | grep anubis') + machine.succeed('curl -f http://tcp.localhost/metrics | grep anubis_challenges_issued') + + # Upstream is a unix socket mode + machine.succeed('curl -f http://unix.localhost/index.html | grep "it works"') + ''; +} From 9bb50570afbbf71c9f2209bdbb9578c5616acc2e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 18:47:05 +0000 Subject: [PATCH 05/30] tana: 1.0.24 -> 1.0.25 --- pkgs/by-name/ta/tana/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ta/tana/package.nix b/pkgs/by-name/ta/tana/package.nix index 6fe5d1f00675..75b730b139c6 100644 --- a/pkgs/by-name/ta/tana/package.nix +++ b/pkgs/by-name/ta/tana/package.nix @@ -62,7 +62,7 @@ let stdenv.cc.cc stdenv.cc.libc ]; - version = "1.0.24"; + version = "1.0.25"; in stdenv.mkDerivation { pname = "tana"; @@ -70,7 +70,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://github.com/tanainc/tana-desktop-releases/releases/download/v${version}/tana_${version}_amd64.deb"; - hash = "sha256-K3hJD42CWD+yQwbbzysMg2QD9RCw52h1mOV5lTO9CLc="; + hash = "sha256-2At28FVZEtn2RDoHpt+CeUizlBb1JCH6jXxcYoZcvYk="; }; nativeBuildInputs = [ From 955cadfb1908dcdb7de682862d296372027b27c7 Mon Sep 17 00:00:00 2001 From: Katherine Jamison Date: Mon, 7 Apr 2025 15:38:40 -0600 Subject: [PATCH 06/30] linuxKernel.kernels.linux_zen: 6.14.0-zen1 -> 6.14.1-zen1 --- pkgs/os-specific/linux/kernel/zen-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 97af24aadb67..91ca1ab0c1da 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -16,9 +16,9 @@ let variants = { # ./update-zen.py zen zen = { - version = "6.14"; # zen + version = "6.14.1"; # zen suffix = "zen1"; # zen - sha256 = "1lgzmjqybf4k7npwg2jkwmyxh0zfzhvbdpw3ajlr84i4sny2i6cy"; # zen + sha256 = "07fif9yj33lidp7dp8r66bsqyyh6fckjb3nhxynaikgb17hx9w5b"; # zen isLqx = false; }; # ./update-zen.py lqx From 77f706014febbc463e9627a1af5f199c72564514 Mon Sep 17 00:00:00 2001 From: Katherine Jamison Date: Mon, 7 Apr 2025 15:40:01 -0600 Subject: [PATCH 07/30] linuxKernel.kernels.linux_lqx: 6.14.0-lqx1 -> 6.14.1-lqx1 --- pkgs/os-specific/linux/kernel/zen-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 91ca1ab0c1da..4ff673a89752 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -23,9 +23,9 @@ let }; # ./update-zen.py lqx lqx = { - version = "6.14.0"; # lqx + version = "6.14.1"; # lqx suffix = "lqx1"; # lqx - sha256 = "1py2zg8wr5azr88ixm04v3nvlfihk7iimzc7sdjgz2mb0ji5kxjc"; # lqx + sha256 = "0gga9xrdp9q5jdzl3mjbx140wnwxibavvvdgxvqz9f2g3f20d69y"; # lqx isLqx = true; }; }; From 6725c129d4c2b58a90d56433c7f5192ec2dd2c63 Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Mon, 10 Feb 2025 15:06:19 +0000 Subject: [PATCH 08/30] nixos-rebuild-ng: add systemd-run to switch-to-configuration See the original reason for this here: https://github.com/NixOS/nixpkgs/pull/258571. While it seems the original reason may not be valid anymore since `nixos-rebuild` do not allocate TTY in SSH, it seems that some people depends on the `nixos-rebuild-switch-to-configuration` to exist. --- pkgs/by-name/ni/nixos-rebuild-ng/README.md | 2 - .../nixos-rebuild-ng/src/nixos_rebuild/nix.py | 31 +++++- .../nixos-rebuild-ng/src/tests/test_main.py | 99 ++++++++++++++++--- .../ni/nixos-rebuild-ng/src/tests/test_nix.py | 61 +++++++++++- 4 files changed, 178 insertions(+), 15 deletions(-) diff --git a/pkgs/by-name/ni/nixos-rebuild-ng/README.md b/pkgs/by-name/ni/nixos-rebuild-ng/README.md index 206cfdbb4912..10bd1a90e9d4 100644 --- a/pkgs/by-name/ni/nixos-rebuild-ng/README.md +++ b/pkgs/by-name/ni/nixos-rebuild-ng/README.md @@ -148,8 +148,6 @@ not possible to fix, please open an issue and we can discuss a solution. ## TODON'T -- Reimplement `systemd-run` logic: will be moved to the new - [`apply`](https://github.com/NixOS/nixpkgs/pull/344407) script - Nix bootstrap: it is only used for non-Flake paths and it is basically useless nowadays. It was created at a time when Nix was changing frequently and there was a need to bootstrap a new version of Nix before evaluating the diff --git a/pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py b/pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py index a8fed7d8b9de..8ea339e7b064 100644 --- a/pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py +++ b/pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py @@ -29,6 +29,22 @@ from .utils import Args, dict_to_flags FLAKE_FLAGS: Final = ["--extra-experimental-features", "nix-command flakes"] FLAKE_REPL_TEMPLATE: Final = "repl.nix.template" +SWITCH_TO_CONFIGURATION_CMD_PREFIX: Final = [ + "systemd-run", + "-E", + # Will be set to new value early in switch-to-configuration script, + # but interpreter starts out with old value + "LOCALE_ARCHIVE", + "-E", + "NIXOS_INSTALL_BOOTLOADER", + "--collect", + "--no-ask-password", + "--pipe", + "--quiet", + "--same-dir", + "--service-type=exec", + "--unit=nixos-rebuild-switch-to-configuration", +] logger = logging.getLogger(__name__) @@ -628,8 +644,21 @@ def switch_to_configuration( if not path_to_config.exists(): raise NRError(f"specialisation not found: {specialisation}") + r = run_wrapper( + ["test", "-d", "/run/systemd/system"], + remote=target_host, + check=False, + ) + cmd = SWITCH_TO_CONFIGURATION_CMD_PREFIX + if r.returncode: + logger.debug( + "skipping systemd-run to switch configuration since systemd is " + + "not working in target host" + ) + cmd = [] + run_wrapper( - [path_to_config / "bin/switch-to-configuration", str(action)], + [*cmd, path_to_config / "bin/switch-to-configuration", str(action)], extra_env={"NIXOS_INSTALL_BOOTLOADER": "1" if install_bootloader else "0"}, remote=target_host, sudo=sudo, diff --git a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py index 35306fc7e30c..db21ddd9d64a 100644 --- a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py +++ b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py @@ -234,7 +234,7 @@ def test_execute_nix_boot(mock_run: Mock, tmp_path: Path) -> None: nr.execute(["nixos-rebuild", "boot", "--no-flake", "-vvv", "--no-reexec"]) - assert mock_run.call_count == 6 + assert mock_run.call_count == 7 mock_run.assert_has_calls( [ call( @@ -279,7 +279,16 @@ def test_execute_nix_boot(mock_run: Mock, tmp_path: Path) -> None: **DEFAULT_RUN_KWARGS, ), call( - [config_path / "bin/switch-to-configuration", "boot"], + ["test", "-d", "/run/systemd/system"], + check=False, + **DEFAULT_RUN_KWARGS, + ), + call( + [ + *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX, + config_path / "bin/switch-to-configuration", + "boot", + ], check=True, **(DEFAULT_RUN_KWARGS | {"env": {"NIXOS_INSTALL_BOOTLOADER": "0"}}), ), @@ -442,7 +451,7 @@ def test_execute_nix_switch_flake(mock_run: Mock, tmp_path: Path) -> None: ] ) - assert mock_run.call_count == 3 + assert mock_run.call_count == 4 mock_run.assert_has_calls( [ call( @@ -476,7 +485,17 @@ def test_execute_nix_switch_flake(mock_run: Mock, tmp_path: Path) -> None: **DEFAULT_RUN_KWARGS, ), call( - ["sudo", config_path / "bin/switch-to-configuration", "switch"], + ["test", "-d", "/run/systemd/system"], + check=False, + **DEFAULT_RUN_KWARGS, + ), + call( + [ + "sudo", + *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX, + config_path / "bin/switch-to-configuration", + "switch", + ], check=True, **(DEFAULT_RUN_KWARGS | {"env": {"NIXOS_INSTALL_BOOTLOADER": "1"}}), ), @@ -535,7 +554,7 @@ def test_execute_nix_switch_build_target_host( ] ) - assert mock_run.call_count == 10 + assert mock_run.call_count == 11 mock_run.assert_has_calls( [ call( @@ -661,6 +680,19 @@ def test_execute_nix_switch_build_target_host( check=True, **DEFAULT_RUN_KWARGS, ), + call( + [ + "ssh", + *nr.process.SSH_DEFAULT_OPTS, + "user@target-host", + "--", + "test", + "-d", + "/run/systemd/system", + ], + check=False, + **DEFAULT_RUN_KWARGS, + ), call( [ "ssh", @@ -670,6 +702,7 @@ def test_execute_nix_switch_build_target_host( "sudo", "env", "NIXOS_INSTALL_BOOTLOADER=0", + *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX, str(config_path / "bin/switch-to-configuration"), "switch", ], @@ -712,7 +745,7 @@ def test_execute_nix_switch_flake_target_host( ] ) - assert mock_run.call_count == 4 + assert mock_run.call_count == 5 mock_run.assert_has_calls( [ call( @@ -750,6 +783,19 @@ def test_execute_nix_switch_flake_target_host( check=True, **DEFAULT_RUN_KWARGS, ), + call( + [ + "ssh", + *nr.process.SSH_DEFAULT_OPTS, + "user@localhost", + "--", + "test", + "-d", + "/run/systemd/system", + ], + check=False, + **DEFAULT_RUN_KWARGS, + ), call( [ "ssh", @@ -759,6 +805,7 @@ def test_execute_nix_switch_flake_target_host( "sudo", "env", "NIXOS_INSTALL_BOOTLOADER=0", + *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX, str(config_path / "bin/switch-to-configuration"), "switch", ], @@ -802,7 +849,7 @@ def test_execute_nix_switch_flake_build_host( ] ) - assert mock_run.call_count == 6 + assert mock_run.call_count == 7 mock_run.assert_has_calls( [ call( @@ -863,7 +910,16 @@ def test_execute_nix_switch_flake_build_host( **DEFAULT_RUN_KWARGS, ), call( - [config_path / "bin/switch-to-configuration", "switch"], + ["test", "-d", "/run/systemd/system"], + check=False, + **DEFAULT_RUN_KWARGS, + ), + call( + [ + *nr.nix.SWITCH_TO_CONFIGURATION_CMD_PREFIX, + config_path / "bin/switch-to-configuration", + "switch", + ], check=True, **DEFAULT_RUN_KWARGS, ), @@ -881,6 +937,8 @@ def test_execute_switch_rollback(mock_run: Mock, tmp_path: Path) -> None: return CompletedProcess([], 0, str(nixpkgs_path)) elif args[0] == "git": return CompletedProcess([], 0, "") + elif args[0] == "test": + return CompletedProcess([], 1) else: return CompletedProcess([], 0) @@ -897,7 +955,7 @@ def test_execute_switch_rollback(mock_run: Mock, tmp_path: Path) -> None: ] ) - assert mock_run.call_count == 4 + assert mock_run.call_count == 5 mock_run.assert_has_calls( [ call( @@ -929,6 +987,11 @@ def test_execute_switch_rollback(mock_run: Mock, tmp_path: Path) -> None: check=True, **DEFAULT_RUN_KWARGS, ), + call( + ["test", "-d", "/run/systemd/system"], + check=False, + **DEFAULT_RUN_KWARGS, + ), call( [ Path("/nix/var/nix/profiles/system/bin/switch-to-configuration"), @@ -978,6 +1041,8 @@ def test_execute_test_flake(mock_run: Mock, tmp_path: Path) -> None: def run_side_effect(args: list[str], **kwargs: Any) -> CompletedProcess[str]: if args[0] == "nix": return CompletedProcess([], 0, str(config_path)) + elif args[0] == "test": + return CompletedProcess([], 1) else: return CompletedProcess([], 0) @@ -987,7 +1052,7 @@ def test_execute_test_flake(mock_run: Mock, tmp_path: Path) -> None: ["nixos-rebuild", "test", "--flake", "github:user/repo#hostname", "--no-reexec"] ) - assert mock_run.call_count == 2 + assert mock_run.call_count == 3 mock_run.assert_has_calls( [ call( @@ -1003,6 +1068,11 @@ def test_execute_test_flake(mock_run: Mock, tmp_path: Path) -> None: stdout=PIPE, **DEFAULT_RUN_KWARGS, ), + call( + ["test", "-d", "/run/systemd/system"], + check=False, + **DEFAULT_RUN_KWARGS, + ), call( [config_path / "bin/switch-to-configuration", "test"], check=True, @@ -1031,6 +1101,8 @@ def test_execute_test_rollback( 2084 2024-11-07 23:54:17 (current) """), ) + elif args[0] == "test": + return CompletedProcess([], 1) else: return CompletedProcess([], 0) @@ -1040,7 +1112,7 @@ def test_execute_test_rollback( ["nixos-rebuild", "test", "--rollback", "--profile-name", "foo", "--no-reexec"] ) - assert mock_run.call_count == 2 + assert mock_run.call_count == 3 mock_run.assert_has_calls( [ call( @@ -1054,6 +1126,11 @@ def test_execute_test_rollback( stdout=PIPE, **DEFAULT_RUN_KWARGS, ), + call( + ["test", "-d", "/run/systemd/system"], + check=False, + **DEFAULT_RUN_KWARGS, + ), call( [ Path( diff --git a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py index 6f615872ac43..a6fac1c6de1e 100644 --- a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py +++ b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py @@ -689,9 +689,12 @@ def test_set_profile(mock_run: Mock) -> None: @patch(get_qualified_name(n.run_wrapper, n), autospec=True) -def test_switch_to_configuration(mock_run: Mock, monkeypatch: MonkeyPatch) -> None: +def test_switch_to_configuration_without_systemd_run( + mock_run: Any, monkeypatch: MonkeyPatch +) -> None: profile_path = Path("/path/to/profile") config_path = Path("/path/to/config") + mock_run.return_value = CompletedProcess([], 1) with monkeypatch.context() as mp: mp.setenv("LOCALE_ARCHIVE", "") @@ -749,6 +752,62 @@ def test_switch_to_configuration(mock_run: Mock, monkeypatch: MonkeyPatch) -> No ) +@patch(get_qualified_name(n.run_wrapper, n), autospec=True) +def test_switch_to_configuration_with_systemd_run( + mock_run: Mock, monkeypatch: MonkeyPatch +) -> None: + profile_path = Path("/path/to/profile") + config_path = Path("/path/to/config") + mock_run.return_value = CompletedProcess([], 0) + + with monkeypatch.context() as mp: + mp.setenv("LOCALE_ARCHIVE", "") + + n.switch_to_configuration( + profile_path, + m.Action.SWITCH, + sudo=False, + target_host=None, + specialisation=None, + install_bootloader=False, + ) + mock_run.assert_called_with( + [ + *n.SWITCH_TO_CONFIGURATION_CMD_PREFIX, + profile_path / "bin/switch-to-configuration", + "switch", + ], + extra_env={"NIXOS_INSTALL_BOOTLOADER": "0"}, + sudo=False, + remote=None, + ) + + target_host = m.Remote("user@localhost", [], None) + with monkeypatch.context() as mp: + mp.setenv("LOCALE_ARCHIVE", "/path/to/locale") + mp.setenv("PATH", "/path/to/bin") + mp.setattr(Path, Path.exists.__name__, lambda self: True) + + n.switch_to_configuration( + Path("/path/to/config"), + m.Action.TEST, + sudo=True, + target_host=target_host, + install_bootloader=True, + specialisation="special", + ) + mock_run.assert_called_with( + [ + *n.SWITCH_TO_CONFIGURATION_CMD_PREFIX, + config_path / "specialisation/special/bin/switch-to-configuration", + "test", + ], + extra_env={"NIXOS_INSTALL_BOOTLOADER": "1"}, + sudo=True, + remote=target_host, + ) + + @patch( get_qualified_name(n.Path.glob, n), autospec=True, From 0f188ba7b2859c888a8261ef8cbd603057d9435c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Apr 2025 14:58:26 +0000 Subject: [PATCH 09/30] netbird-ui: 0.39.2 -> 0.40.0 --- pkgs/by-name/ne/netbird/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ne/netbird/package.nix b/pkgs/by-name/ne/netbird/package.nix index e43016e3ddb7..faee3cb4e78a 100644 --- a/pkgs/by-name/ne/netbird/package.nix +++ b/pkgs/by-name/ne/netbird/package.nix @@ -31,16 +31,16 @@ let in buildGoModule (finalAttrs: { pname = "netbird"; - version = "0.39.2"; + version = "0.40.0"; src = fetchFromGitHub { owner = "netbirdio"; repo = "netbird"; tag = "v${finalAttrs.version}"; - hash = "sha256-K1qnQfkptMFviWWqzDA+yju/L/aMNTyO3qDHzMJnXzU="; + hash = "sha256-GbKA6tJLCQNCiG9rj3iW4l51nQEbt42u7B6tFCbDSTQ="; }; - vendorHash = "sha256-yNFyW1D2gFkt2VDTyiaDXPw0zrT4KBQTe72x0Jh0jOs="; + vendorHash = "sha256-vy725OvkYLyCDYEmnPpXJWqyofb29GiP4GkLn1GInm0="; nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config; From 57ffc96875f6ec4fd6b3a4cf212b87ae9ece1800 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Apr 2025 18:18:12 +0000 Subject: [PATCH 10/30] firefox-beta-unwrapped: 137.0b6 -> 138.0b4 --- .../networking/browsers/firefox/packages/firefox-beta.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/packages/firefox-beta.nix b/pkgs/applications/networking/browsers/firefox/packages/firefox-beta.nix index 18c64c870307..a4231f204e28 100644 --- a/pkgs/applications/networking/browsers/firefox/packages/firefox-beta.nix +++ b/pkgs/applications/networking/browsers/firefox/packages/firefox-beta.nix @@ -10,11 +10,11 @@ buildMozillaMach rec { pname = "firefox-beta"; binaryName = pname; - version = "137.0b6"; + version = "138.0b4"; applicationName = "Firefox Beta"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; - sha512 = "84c010f6e21957768a6fcebe6ec2f0e6a50b45b6a416cad3701f36d69dff9a448423e5b4f2ce0dc7abe46cb40ec02872027ad855b9afef355006ba32e13f4e27"; + sha512 = "a8f9e645c80d9c40b0435ee00261aa9fcac801efcfcbf42b10e6af9390290b9f643358aca6a01d9465eab3b64f46b2b71b4a3ea4c7e0a8f96bdfce15bf817f92"; }; meta = { From 73469ffe36d595f414ef02078a32d3708be27b6a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Apr 2025 18:48:18 +0000 Subject: [PATCH 11/30] supermariowar: 2024-unstable-2025-01-30 -> 2024-unstable-2025-04-03 --- pkgs/by-name/su/supermariowar/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/su/supermariowar/package.nix b/pkgs/by-name/su/supermariowar/package.nix index 2a8b4dd92878..960131aeb9bb 100644 --- a/pkgs/by-name/su/supermariowar/package.nix +++ b/pkgs/by-name/su/supermariowar/package.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "supermariowar"; - version = "2024-unstable-2025-01-30"; + version = "2024-unstable-2025-04-03"; src = fetchFromGitHub { owner = "mmatyas"; repo = "supermariowar"; - rev = "8192bbda2eca807cfe1e2793018bd55ecdaac50a"; - hash = "sha256-i/UdKXIOUViv+FJFyss3Xa4Z8+OwW2CQjJ3hROZVaRA="; + rev = "c0ed774a2415ad45e72bd6086add2a5cbfc88898"; + hash = "sha256-vh8SSMxAOG8f9nyJmKUlA8yb+G61Bfc62dhB2eLdo20="; fetchSubmodules = true; }; From 6322dd1c858b1b0184b90596f921c9056b7515be Mon Sep 17 00:00:00 2001 From: FliegendeWurst Date: Tue, 8 Apr 2025 09:28:01 +0200 Subject: [PATCH 12/30] python3Packages.pytest-retry: init at 1.7.0 --- .../python-modules/pytest-retry/default.nix | 40 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 42 insertions(+) create mode 100644 pkgs/development/python-modules/pytest-retry/default.nix diff --git a/pkgs/development/python-modules/pytest-retry/default.nix b/pkgs/development/python-modules/pytest-retry/default.nix new file mode 100644 index 000000000000..599e06e1fc99 --- /dev/null +++ b/pkgs/development/python-modules/pytest-retry/default.nix @@ -0,0 +1,40 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + pytest, + pytestCheckHook, + setuptools, +}: + +buildPythonPackage rec { + pname = "pytest-retry"; + version = "1.7.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "str0zzapreti"; + repo = "pytest-retry"; + tag = version; + hash = "sha256-Gf+L7zvC1FGAm0Wd6E6fV3KynassoGyHSD0CPgEJ02k="; + }; + + build-system = [ setuptools ]; + + dependencies = [ pytest ]; + + nativeCheckInputs = [ pytestCheckHook ]; + + pythonImportsCheck = [ "pytest_retry" ]; + + meta = { + description = "Plugin for retrying flaky tests in CI environments"; + longDescription = '' + This plugin adds a decorator to mark tests as flaky: `@pytest.mark.flaky(retries=3, delay=1)`. + ''; + homepage = "https://github.com/str0zzapreti/pytest-retry"; + changelog = "https://github.com/str0zzapreti/pytest-retry/releases/tag/${src.tag}"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ fliegendewurst ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 442976c40a3b..fda2924fdedb 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13649,6 +13649,8 @@ self: super: with self; { pytest-responses = callPackage ../development/python-modules/pytest-responses { }; + pytest-retry = callPackage ../development/python-modules/pytest-retry { }; + pytest-reverse = callPackage ../development/python-modules/pytest-reverse { }; pytest-ruff = callPackage ../development/python-modules/pytest-ruff { }; From b80de3ca290e69429e17fef0bd52f0d8e1fb8dd5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Apr 2025 21:17:06 +0000 Subject: [PATCH 13/30] buf: 1.51.0 -> 1.52.0 --- pkgs/by-name/bu/buf/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/bu/buf/package.nix b/pkgs/by-name/bu/buf/package.nix index ba104a09d707..1e9add6b045f 100644 --- a/pkgs/by-name/bu/buf/package.nix +++ b/pkgs/by-name/bu/buf/package.nix @@ -11,16 +11,16 @@ buildGoModule rec { pname = "buf"; - version = "1.51.0"; + version = "1.52.0"; src = fetchFromGitHub { owner = "bufbuild"; repo = "buf"; rev = "v${version}"; - hash = "sha256-/6SDsIVyorDWjOkdUB1t0vAA2VLy6MiGyiFo+2rUfEU="; + hash = "sha256-Jg3UcSPkJgYxdxRJJCCzxp+pGarToEQut9k/drIdka4="; }; - vendorHash = "sha256-4GD2yNfYTQobPeJ+zPQ+ECDTeNUi4PK8oXSxpBF/4Wk="; + vendorHash = "sha256-+zJ2pCLyXnqFOIWWfnhAzSnUOjQSDo4AqCxBNNZED7E="; patches = [ # Skip a test that requires networking to be available to work. From f43947e2006a39d78e4c496b03ba36f4415651c8 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Apr 2025 22:32:30 +0000 Subject: [PATCH 14/30] archipelago: 0.6.0 -> 0.6.1 --- pkgs/by-name/ar/archipelago/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ar/archipelago/package.nix b/pkgs/by-name/ar/archipelago/package.nix index b1384d9d60f8..4140936fc5e7 100644 --- a/pkgs/by-name/ar/archipelago/package.nix +++ b/pkgs/by-name/ar/archipelago/package.nix @@ -7,10 +7,10 @@ }: let pname = "archipelago"; - version = "0.6.0"; + version = "0.6.1"; src = fetchurl { url = "https://github.com/ArchipelagoMW/Archipelago/releases/download/${version}/Archipelago_${version}_linux-x86_64.AppImage"; - hash = "sha256-hpyMi/Zd4yDKd/53xuChRTQDD9QkcyqwqrmwoWSQMkY="; + hash = "sha256-8mPlR5xVnHL9I0rV4bMFaffSJv7dMlCcPHrLkM/pyVU="; }; appimageContents = appimageTools.extractType2 { inherit pname version src; }; From fce5edc7552b2174da48361151960e78db8f7cd2 Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Tue, 8 Apr 2025 23:19:37 -0400 Subject: [PATCH 15/30] lxcfs: wrap lxc.reboot.hook --- pkgs/by-name/lx/lxcfs/package.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/by-name/lx/lxcfs/package.nix b/pkgs/by-name/lx/lxcfs/package.nix index 8b10fd6886d3..07a8f1725392 100644 --- a/pkgs/by-name/lx/lxcfs/package.nix +++ b/pkgs/by-name/lx/lxcfs/package.nix @@ -59,6 +59,13 @@ stdenv.mkDerivation rec { util-linux ] } + + # requires access to sleep + wrapProgram "$out/share/lxcfs/lxc.reboot.hook" --prefix PATH : ${ + lib.makeBinPath [ + coreutils + ] + } ''; postFixup = '' From 1913a364e047d0c2860e4ed89d75c91d738288c4 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 9 Apr 2025 08:08:11 +0000 Subject: [PATCH 16/30] steel: 0.6.0-unstable-2025-03-28 -> 0.6.0-unstable-2025-04-08 --- pkgs/by-name/st/steel/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/st/steel/package.nix b/pkgs/by-name/st/steel/package.nix index 7b3289bfb5ed..7f4d88d8e562 100644 --- a/pkgs/by-name/st/steel/package.nix +++ b/pkgs/by-name/st/steel/package.nix @@ -20,13 +20,13 @@ }: rustPlatform.buildRustPackage { pname = "steel"; - version = "0.6.0-unstable-2025-03-28"; + version = "0.6.0-unstable-2025-04-08"; src = fetchFromGitHub { owner = "mattwparas"; repo = "steel"; - rev = "2f0fba8b16a3fbab083cedcf09974514b3a29d25"; - hash = "sha256-i/bmZFoC3fRocO1KeCPGB9K/0yEAcKlLh56N+r1V7CI="; + rev = "764cc318dd427f7502f0c7f2a3bb9f1ba4705cd7"; + hash = "sha256-Uxqy8vzRgQ3B/aAUV04OQumWrD9l4RNx1BX20R6lfAE="; }; useFetchCargoVendor = true; From 76fc7de2a316f69d50ed1929d4b4f369a9e1c7b2 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 9 Apr 2025 08:10:25 +0000 Subject: [PATCH 17/30] incus-ui-canonical: 0.15.1 -> 0.15.2 --- pkgs/by-name/in/incus-ui-canonical/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/in/incus-ui-canonical/package.nix b/pkgs/by-name/in/incus-ui-canonical/package.nix index 6a8b74ca1ab6..a911e8b712a1 100644 --- a/pkgs/by-name/in/incus-ui-canonical/package.nix +++ b/pkgs/by-name/in/incus-ui-canonical/package.nix @@ -20,14 +20,14 @@ let in stdenv.mkDerivation rec { pname = "incus-ui-canonical"; - version = "0.15.1"; + version = "0.15.2"; src = fetchFromGitHub { owner = "zabbly"; repo = "incus-ui-canonical"; # only use tags prefixed by incus- they are the tested fork versions tag = "incus-${version}"; - hash = "sha256-oXdkMalzAAcHEwca6h83cHH4buC/gGu5F3S82RM+IX4="; + hash = "sha256-jcdjbrQsBshpSogPkDO2DHYIyWmxEOJbFFG25X2mni0="; }; offlineCache = fetchYarnDeps { From ba200968e8c797ba014b6df71d35d7a6498d18b9 Mon Sep 17 00:00:00 2001 From: FliegendeWurst Date: Tue, 8 Apr 2025 09:28:01 +0200 Subject: [PATCH 18/30] python3Packages.debugpy: use retry plugin Otherwise the tests complete with warnings about an unknown decorator. --- pkgs/development/python-modules/debugpy/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/debugpy/default.nix b/pkgs/development/python-modules/debugpy/default.nix index 27b586407015..4204e22f4ce1 100644 --- a/pkgs/development/python-modules/debugpy/default.nix +++ b/pkgs/development/python-modules/debugpy/default.nix @@ -11,6 +11,7 @@ pytestCheckHook, pytest-xdist, pytest-timeout, + pytest-retry, importlib-metadata, psutil, untangle, @@ -99,6 +100,7 @@ buildPythonPackage rec { pytestCheckHook pytest-xdist pytest-timeout + pytest-retry ## Used by test helpers: importlib-metadata @@ -129,7 +131,12 @@ buildPythonPackage rec { ''; # Override default arguments in pytest.ini - pytestFlagsArray = [ "--timeout=0" ]; + pytestFlags = [ "--timeout=0" ]; + + disabledTests = [ + # hanging test (flaky) + "test_systemexit" + ]; # Fixes hanging tests on Darwin __darwinAllowLocalNetworking = true; From 365863c670a6c44ebfbd9ec564ef65da705f974b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 9 Apr 2025 09:38:57 +0000 Subject: [PATCH 19/30] godns: 3.2.2 -> 3.2.3 --- pkgs/by-name/go/godns/package.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/go/godns/package.nix b/pkgs/by-name/go/godns/package.nix index 7d27a7fca534..58ce85ef38d3 100644 --- a/pkgs/by-name/go/godns/package.nix +++ b/pkgs/by-name/go/godns/package.nix @@ -10,19 +10,19 @@ buildGoModule rec { pname = "godns"; - version = "3.2.2"; + version = "3.2.3"; src = fetchFromGitHub { owner = "TimothyYe"; repo = "godns"; tag = "v${version}"; - hash = "sha256-2VBgc+cp1IF3GprSt0oc5WOAepmV8dGhKjwodZ2JS6k="; + hash = "sha256-gKfuyw3cayDNHW2RrPaq1+vETDWyu5yxoiQvmRquwDU="; }; - vendorHash = "sha256-cR+hlIGRPffP21lqDZmqBF4unS6ZyEvEvRlTrswg+js="; + vendorHash = "sha256-3HN67FUtLfIF/V/Ax/UsFD/hmm1g+MsAZkQsZ/DvEcI="; npmDeps = fetchNpmDeps { src = "${src}/web"; - hash = "sha256-lchAfi97a97TPs22ML3sMrlSZdvWMMC+wBrGbvke5rg="; + hash = "sha256-wumu3uTzZh4uXlxaDfS8rxWapjkKnzCQGk3izH242qc="; }; npmRoot = "web"; From 9d0ca0f59a02116c906c65a29cc7e63e5d798e71 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 11:29:36 +0100 Subject: [PATCH 20/30] python3Packages.craft-platforms: 0.6.0 -> 0.7.0 --- pkgs/development/python-modules/craft-platforms/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/craft-platforms/default.nix b/pkgs/development/python-modules/craft-platforms/default.nix index 07482338e95c..c00db93c93f8 100644 --- a/pkgs/development/python-modules/craft-platforms/default.nix +++ b/pkgs/development/python-modules/craft-platforms/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "craft-platforms"; - version = "0.6.0"; + version = "0.7.0"; pyproject = true; disabled = pythonOlder "3.10"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "canonical"; repo = "craft-platforms"; tag = version; - hash = "sha256-/mnRFw79YMG34/0aQMi237KMNxWanyJixkEKq+zaSuE="; + hash = "sha256-BFs+LqcJWqKMgEr7IzyP5qME+zaV6EFc79ustOB1Cno="; }; postPatch = '' From 24c32b0ce4fb94a3ba568d153a0ae7f22aca69a5 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 11:55:38 +0100 Subject: [PATCH 21/30] python3Packages.craft-cli: 2.15.0 -> 3.0.0 --- pkgs/development/python-modules/craft-cli/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/craft-cli/default.nix b/pkgs/development/python-modules/craft-cli/default.nix index 1ab9e9145629..32cce3bd82f2 100644 --- a/pkgs/development/python-modules/craft-cli/default.nix +++ b/pkgs/development/python-modules/craft-cli/default.nix @@ -15,7 +15,7 @@ buildPythonPackage rec { pname = "craft-cli"; - version = "2.15.0"; + version = "3.0.0"; pyproject = true; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "canonical"; repo = "craft-cli"; tag = version; - hash = "sha256-L8hOQJhjVAMo/WxEHHEk2QorlSdDFMGdcL/Q3Pv6mT4="; + hash = "sha256-RAnvx5519iXZnJm8jtY635e0DEL7jnIgZtTCindqMTY="; }; postPatch = '' @@ -48,6 +48,11 @@ buildPythonPackage rec { pytestCheckHook ]; + preCheck = '' + mkdir -p check-phase + export HOME="$(pwd)/check-phase" + ''; + pytestFlagsArray = [ "tests/unit" ]; passthru.updateScript = nix-update-script { }; From a25607539d4ce5063061b146525a419537f82fc2 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 11:26:28 +0100 Subject: [PATCH 22/30] rockcraft: 1.9.0 -> 1.10.0 --- pkgs/by-name/ro/rockcraft/package.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ro/rockcraft/package.nix b/pkgs/by-name/ro/rockcraft/package.nix index faec0ef7014e..823dd5da81aa 100644 --- a/pkgs/by-name/ro/rockcraft/package.nix +++ b/pkgs/by-name/ro/rockcraft/package.nix @@ -11,13 +11,13 @@ python3Packages.buildPythonApplication rec { pname = "rockcraft"; - version = "1.9.0"; + version = "1.10.0"; src = fetchFromGitHub { owner = "canonical"; repo = "rockcraft"; rev = version; - hash = "sha256-cgNKMxQrD9/OfmY5YEnpbNDstDdXqc/wdfCb4HvsgNM="; + hash = "sha256-LrUs6/YRQYU0o1kmNdBhafvDIyw91FnW8+9i0Jj5f+Y="; }; pyproject = true; @@ -53,6 +53,14 @@ python3Packages.buildPythonApplication rec { "test_run_init_django" ]; + disabledTestPaths = [ + # Relies upon info in the .git directory which is stripped by fetchFromGitHub, + # and the version is overridden anyway. + "tests/integration/test_version.py" + # Tests non-Nix native packaging + "tests/integration/test_setuptools.py" + ]; + passthru = { updateScript = nix-update-script { }; tests.version = testers.testVersion { From c5c77ad7f769e39699ed02c90f56ec9ce517b795 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 11:27:02 +0100 Subject: [PATCH 23/30] snapcraft: 8.7.3 -> 8.8.0 --- .../sn/snapcraft/lxd-socket-path.patch | 8 ++++---- pkgs/by-name/sn/snapcraft/package.nix | 4 ++-- .../sn/snapcraft/set-channel-for-nix.patch | 19 ++++++------------- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/pkgs/by-name/sn/snapcraft/lxd-socket-path.patch b/pkgs/by-name/sn/snapcraft/lxd-socket-path.patch index 4219fcbfa7d4..af732c1e0fbb 100644 --- a/pkgs/by-name/sn/snapcraft/lxd-socket-path.patch +++ b/pkgs/by-name/sn/snapcraft/lxd-socket-path.patch @@ -1,7 +1,7 @@ -diff --git a/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py b/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py -index 5fa4f898..41264ebb 100644 ---- a/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py -+++ b/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py +diff --git i/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py w/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py +index 5fa4f898b..41264ebb0 100644 +--- i/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py ++++ w/snapcraft_legacy/internal/build_providers/_lxd/_lxd.py @@ -142,7 +142,7 @@ class LXD(Provider): build_provider_flags=build_provider_flags, ) diff --git a/pkgs/by-name/sn/snapcraft/package.nix b/pkgs/by-name/sn/snapcraft/package.nix index ac4118158968..f6c624de9ae3 100644 --- a/pkgs/by-name/sn/snapcraft/package.nix +++ b/pkgs/by-name/sn/snapcraft/package.nix @@ -13,7 +13,7 @@ python3Packages.buildPythonApplication rec { pname = "snapcraft"; - version = "8.7.3"; + version = "8.8.0"; pyproject = true; @@ -21,7 +21,7 @@ python3Packages.buildPythonApplication rec { owner = "canonical"; repo = "snapcraft"; tag = version; - hash = "sha256-T39hhosZTttX8jMlF5ul9oBcsh+FKusepj0k2NMZHNU="; + hash = "sha256-54UOXEH3DxT1P/CRi09gEoq9si+x/1GHFuWRIyEvz3E="; }; patches = [ diff --git a/pkgs/by-name/sn/snapcraft/set-channel-for-nix.patch b/pkgs/by-name/sn/snapcraft/set-channel-for-nix.patch index b90f0b4e1df2..99dc04c2b8bc 100644 --- a/pkgs/by-name/sn/snapcraft/set-channel-for-nix.patch +++ b/pkgs/by-name/sn/snapcraft/set-channel-for-nix.patch @@ -1,20 +1,13 @@ -diff --git a/snapcraft/providers.py b/snapcraft/providers.py -index a999537a..dcd290a7 100644 ---- a/snapcraft/providers.py -+++ b/snapcraft/providers.py -@@ -21,6 +21,7 @@ import sys - from pathlib import Path - from textwrap import dedent - from typing import Dict, Optional -+import platform - - from craft_cli import emit - from craft_providers import Provider, ProviderError, bases, executor -@@ -178,14 +179,14 @@ def get_base_configuration( +diff --git i/snapcraft/providers.py w/snapcraft/providers.py +index 41ab6e8f1..ceaf7539b 100644 +--- i/snapcraft/providers.py ++++ w/snapcraft/providers.py +@@ -177,14 +177,15 @@ def get_base_configuration( # injecting a snap on a non-linux system is not supported, so default to # install snapcraft from the store's stable channel snap_channel = get_managed_environment_snap_channel() - if sys.platform != "linux" and not snap_channel: ++ import platform + if snap_channel is None and (sys.platform != "linux" or "NixOS" in platform.version()): emit.progress( - "Using snapcraft from snap store channel 'latest/stable' in instance " From b64bbcf19dfc66a9c245626db0fa1d3982cd9aba Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 12:54:43 +0100 Subject: [PATCH 24/30] rockcraft: use `writableTmpDirAsHomeHook` for checks --- pkgs/by-name/ro/rockcraft/package.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/ro/rockcraft/package.nix b/pkgs/by-name/ro/rockcraft/package.nix index 823dd5da81aa..9ec578ffe1e6 100644 --- a/pkgs/by-name/ro/rockcraft/package.nix +++ b/pkgs/by-name/ro/rockcraft/package.nix @@ -7,6 +7,7 @@ testers, rockcraft, cacert, + writableTmpDirAsHomeHook, }: python3Packages.buildPythonApplication rec { @@ -39,14 +40,10 @@ python3Packages.buildPythonApplication rec { pytest-mock pytest-subprocess pytestCheckHook + writableTmpDirAsHomeHook ] ++ [ dpkg ]; - preCheck = '' - mkdir -p check-phase - export HOME="$(pwd)/check-phase" - ''; - disabledTests = [ "test_project_all_platforms_invalid" "test_run_init_flask" From 2e5e140f0288467ab0e3aba8ada62568498300bf Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 9 Apr 2025 12:01:30 +0000 Subject: [PATCH 25/30] codesnap: 0.10.5 -> 0.10.7 --- pkgs/by-name/co/codesnap/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/co/codesnap/package.nix b/pkgs/by-name/co/codesnap/package.nix index 3940a4302a5c..8cfa02716dc4 100644 --- a/pkgs/by-name/co/codesnap/package.nix +++ b/pkgs/by-name/co/codesnap/package.nix @@ -7,13 +7,13 @@ }: rustPlatform.buildRustPackage rec { pname = "codesnap"; - version = "0.10.5"; + version = "0.10.7"; src = fetchFromGitHub { owner = "mistricky"; repo = "CodeSnap"; tag = "v${version}"; - hash = "sha256-g2Xu/PKRSYrHKDJ5/MZRUkDQeYuxvNWPTuymhI8Iu5Q="; + hash = "sha256-gDV66eLHcg7OuVR0Wo5x3anqKjnS/BsCCVaR6VOnM+s="; }; useFetchCargoVendor = true; From 9efe0c425a0721e54d62fd970c9977cc2213dbfc Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 13:08:35 +0100 Subject: [PATCH 26/30] python3Packages.craft-cli: use `writableTmpDirAsHomeHook` for checks --- pkgs/development/python-modules/craft-cli/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/craft-cli/default.nix b/pkgs/development/python-modules/craft-cli/default.nix index 32cce3bd82f2..99c6d6bfa0de 100644 --- a/pkgs/development/python-modules/craft-cli/default.nix +++ b/pkgs/development/python-modules/craft-cli/default.nix @@ -11,6 +11,7 @@ pytest-check, pytest-mock, pytestCheckHook, + writableTmpDirAsHomeHook, }: buildPythonPackage rec { @@ -46,13 +47,9 @@ buildPythonPackage rec { pytest-check pytest-mock pytestCheckHook + writableTmpDirAsHomeHook ]; - preCheck = '' - mkdir -p check-phase - export HOME="$(pwd)/check-phase" - ''; - pytestFlagsArray = [ "tests/unit" ]; passthru.updateScript = nix-update-script { }; From 8002e2926c94ba482ce191f90defe28e8c0485b5 Mon Sep 17 00:00:00 2001 From: Jon Seager Date: Wed, 9 Apr 2025 14:28:58 +0100 Subject: [PATCH 27/30] parca: add update script --- pkgs/by-name/pa/parca/package.nix | 5 +++ pkgs/by-name/pa/parca/update.sh | 53 +++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100755 pkgs/by-name/pa/parca/update.sh diff --git a/pkgs/by-name/pa/parca/package.nix b/pkgs/by-name/pa/parca/package.nix index a2dfc4668591..9f115f8dd184 100644 --- a/pkgs/by-name/pa/parca/package.nix +++ b/pkgs/by-name/pa/parca/package.nix @@ -68,6 +68,11 @@ buildGoModule rec { cp -r ${ui}/share/parca/ui/* ui/packages/app/web/build ''; + passthru = { + inherit ui; + updateScript = ./update.sh; + }; + meta = { mainProgram = "parca"; description = "Continuous profiling for analysis of CPU and memory usage"; diff --git a/pkgs/by-name/pa/parca/update.sh b/pkgs/by-name/pa/parca/update.sh new file mode 100755 index 000000000000..a20292a935e0 --- /dev/null +++ b/pkgs/by-name/pa/parca/update.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env nix-shell +#!nix-shell -I nixpkgs=./. -i bash -p curl jq git pnpm_9 +# shellcheck shell=bash +set -euo pipefail +nixpkgs="$(pwd)" +cd $(readlink -e $(dirname "${BASH_SOURCE[0]}")) + +# Update the hash of the parca source code in the Nix expression. +update_parca_source() { + local version; version="$1" + echo "Updating parca source" + + old_version="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.version" | jq -r)" + sed -i "s|${old_version}|${version}|g" package.nix + + old_hash="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.src.outputHash" | jq -r)" + new_hash="$(nix-build --impure --expr "let src = (import $nixpkgs/default.nix {}).parca.src; in (src.overrideAttrs or (f: src // f src)) (_: { outputHash = \"\"; outputHashAlgo = \"sha256\"; })" 2>&1 | tr -s ' ' | grep -Po "got: \K.+$")" || true + + sed -i "s|${old_hash}|${new_hash}|g" package.nix +} + +# Update the hash of the parca ui pnpm dependencies in the Nix expression. +update_pnpm_deps_hash() { + echo "Updating parca ui pnpm deps hash" + + old_hash="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.ui.pnpmDeps.outputHash" | jq -r)" + new_hash="$(nix-build --impure --expr "let src = (import $nixpkgs/default.nix {}).parca.ui.pnpmDeps; in (src.overrideAttrs or (f: src // f src)) (_: { outputHash = \"\"; outputHashAlgo = \"sha256\"; })" 2>&1 | tr -s ' ' | grep -Po "got: \K.+$")" || true + + sed -i "s|${old_hash}|${new_hash}|g" package.nix +} + +# Update the hash of the parca go dependencies in the Nix expression. +update_go_deps_hash() { + echo "Updating parca go deps hash" + + old_hash="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.vendorHash" | jq -r)" + new_hash="$(nix-build --impure --expr "let src = (import $nixpkgs/default.nix {}).parca; in (src.overrideAttrs { vendorHash = \"\"; })" 2>&1 | tr -s ' ' | grep -Po "got: \K.+$")" || true + + sed -i "s|${old_hash}|${new_hash}|g" package.nix +} + +LATEST_TAG="$(curl -s ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} https://api.github.com/repos/parca-dev/parca/releases/latest | jq -r '.tag_name')" +LATEST_VERSION="$(expr "$LATEST_TAG" : 'v\(.*\)')" +CURRENT_VERSION="$(nix eval --json --impure --expr "(import $nixpkgs/default.nix {}).parca.version" | jq -r)" + +if [[ "$CURRENT_VERSION" == "$LATEST_VERSION" ]]; then + echo "parca is up to date: ${CURRENT_VERSION}" + exit 0 +fi + +update_parca_source "$LATEST_VERSION" +update_pnpm_deps_hash +update_go_deps_hash From 93a9e4d7a17f7feade59c1fbf78a2d9b78812702 Mon Sep 17 00:00:00 2001 From: liberodark Date: Fri, 17 Jan 2025 15:05:55 +0100 Subject: [PATCH 28/30] rav1d: init at 1.0.0 --- pkgs/by-name/ra/rav1d/package.nix | 63 +++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 pkgs/by-name/ra/rav1d/package.nix diff --git a/pkgs/by-name/ra/rav1d/package.nix b/pkgs/by-name/ra/rav1d/package.nix new file mode 100644 index 000000000000..192732b0fcaa --- /dev/null +++ b/pkgs/by-name/ra/rav1d/package.nix @@ -0,0 +1,63 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + nasm, + meson, + ninja, + pkg-config, + + nix-update-script, +}: + +rustPlatform.buildRustPackage (finalAttrs: { + pname = "rav1d"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "memorysafety"; + repo = "rav1d"; + tag = "v${finalAttrs.version}"; + hash = "sha256-8Moj3v7cxPluzNPmOmGhYuz/Qh48BnBjN7Vt4f8aY2o="; + }; + + cargoHash = "sha256-M0j0zgDqElhG3Jgetjx2sL3rxLrShK0zTMmOXwNxBEI="; + + nativeBuildInputs = [ + nasm + ]; + + # Tests are using meson + # https://github.com/memorysafety/rav1d/tree/v1.0.0?tab=readme-ov-file#running-tests + nativeCheckInputs = [ + meson + ninja + pkg-config + ]; + + checkPhase = + let + cargoTarget = rustPlatform.cargoInstallHook.targetSubdirectory; + in + '' + runHook preCheck + + patchShebangs .github/workflows/test.sh + .github/workflows/test.sh -r target/${cargoTarget}/release/dav1d + + runHook postCheck + ''; + + passthru = { + updateScript = nix-update-script { }; + }; + + meta = { + description = "AV1 cross-platform decoder, Rust port of dav1d"; + homepage = "https://github.com/memorysafety/rav1d"; + changelog = "https://github.com/memorysafety/rav1d/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.bsd2; + maintainers = with lib.maintainers; [ liberodark ]; + mainProgram = "dav1d"; + }; +}) From 066ed9a8f2e39294b89b76889d35a90907586948 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Apr 2025 21:09:48 +0000 Subject: [PATCH 29/30] open-web-calendar: 1.48 -> 1.49 --- pkgs/by-name/op/open-web-calendar/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/op/open-web-calendar/package.nix b/pkgs/by-name/op/open-web-calendar/package.nix index 0d8c0cc7cac9..c56fbbb4285c 100644 --- a/pkgs/by-name/op/open-web-calendar/package.nix +++ b/pkgs/by-name/op/open-web-calendar/package.nix @@ -12,7 +12,7 @@ let in python.pkgs.buildPythonApplication rec { pname = "open-web-calendar"; - version = "1.48"; + version = "1.49"; pyproject = true; disabled = python.pythonOlder "3.9"; @@ -20,7 +20,7 @@ python.pkgs.buildPythonApplication rec { src = fetchPypi { inherit version; pname = "open_web_calendar"; - hash = "sha256-SSe5vkrfTpUFdSLglBxo5//VZfuXYnWs5sUKJL2zWOw="; + hash = "sha256-vtmIqiF85zn8CiMUWsCKJUzfiiK/j+xlZIyuIMGxR4I="; }; # The Pypi tarball doesn't contain open_web_calendars/features From dae8e0d6fb07e1d0f109a9b4a04d4c634953c064 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 9 Apr 2025 14:23:33 +0000 Subject: [PATCH 30/30] dracula-theme: 4.0.0-unstable-2025-03-22 -> 4.0.0-unstable-2025-04-01 --- pkgs/by-name/dr/dracula-theme/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/dr/dracula-theme/package.nix b/pkgs/by-name/dr/dracula-theme/package.nix index 29de15dfc711..1346f68d2719 100644 --- a/pkgs/by-name/dr/dracula-theme/package.nix +++ b/pkgs/by-name/dr/dracula-theme/package.nix @@ -8,7 +8,7 @@ let themeName = "Dracula"; - version = "4.0.0-unstable-2025-03-22"; + version = "4.0.0-unstable-2025-04-01"; in stdenvNoCC.mkDerivation { pname = "dracula-theme"; @@ -17,8 +17,8 @@ stdenvNoCC.mkDerivation { src = fetchFromGitHub { owner = "dracula"; repo = "gtk"; - rev = "e7f118ac0434988800453bc30671b55ccfe02bd9"; - hash = "sha256-f7bYYkAm4f0kSaDY1X2ZLLxlXwzUdFtjHkIeX0QmX9w="; + rev = "ceeb13795df115d150fca7c8ae1721b9a618cb3b"; + hash = "sha256-vdA3pkMha+vFQwAspZVLIkNi1VviArN+VUoievdrHZM="; }; propagatedUserEnvPkgs = [