diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 4517080bb301..a7d8a1786562 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -14,7 +14,9 @@ For new packages please briefly describe the package or provide a link to its ho - [ ] aarch64-linux - [ ] x86_64-darwin - [ ] aarch64-darwin -- [ ] For non-Linux: Is `sandbox = true` set in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html)) +- For non-Linux: Is sandboxing enabled in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html)) + - [ ] `sandbox = relaxed` + - [ ] `sandbox = true` - [ ] Tested, as applicable: - [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - and/or [package tests](https://nixos.org/manual/nixpkgs/unstable/#sec-package-tests) diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index bd041db007a1..0c4a71c6dfe4 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -108,8 +108,7 @@ in ProtectClock = true; ProtectHome = true; ProtectHostname = true; - # Would re-mount paths ignored by temporary root - #ProtectSystem = "strict"; + ProtectSystem = "strict"; ProtectControlGroups = true; ProtectKernelLogs = true; ProtectKernelModules = true; @@ -121,9 +120,7 @@ in RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; - TemporaryFileSystem = "/:ro"; - # Does not work well with the temporary root - #UMask = "0066"; + UMask = "0066"; } // optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; }; diff --git a/nixos/modules/system/boot/grow-partition.nix b/nixos/modules/system/boot/grow-partition.nix index a2764187a533..1ce4d5e56233 100644 --- a/nixos/modules/system/boot/grow-partition.nix +++ b/nixos/modules/system/boot/grow-partition.nix @@ -16,29 +16,28 @@ with lib; }; config = mkIf config.boot.growPartition { + assertions = [ + { + assertion = !config.boot.initrd.systemd.repart.enable && !config.systemd.repart.enable; + message = "systemd-repart already grows the root partition and thus you should not use boot.growPartition"; + } + ]; + systemd.services.growpart = { + wantedBy = [ "-.mount" ]; + after = [ "-.mount" ]; + before = [ "systemd-growfs-root.service" ]; + conflicts = [ "shutdown.target" ]; + unitConfig.DefaultDependencies = false; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + TimeoutSec = "infinity"; + # growpart returns 1 if the partition is already grown + SuccessExitStatus = "0 1"; + }; - assertions = [{ - assertion = !config.boot.initrd.systemd.enable; - message = "systemd stage 1 does not support 'boot.growPartition' yet."; - }]; - - boot.initrd.extraUtilsCommands = '' - copy_bin_and_libs ${pkgs.gawk}/bin/gawk - copy_bin_and_libs ${pkgs.gnused}/bin/sed - copy_bin_and_libs ${pkgs.util-linux}/sbin/sfdisk - copy_bin_and_libs ${pkgs.util-linux}/sbin/lsblk - - substitute "${pkgs.cloud-utils.guest}/bin/.growpart-wrapped" "$out/bin/growpart" \ - --replace "${pkgs.bash}/bin/sh" "/bin/sh" \ - --replace "awk" "gawk" \ - --replace "sed" "gnused" - - ln -s sed $out/bin/gnused - ''; - - boot.initrd.postDeviceCommands = '' - rootDevice="${config.fileSystems."/".device}" - if waitDevice "$rootDevice"; then + script = '' + rootDevice="${config.fileSystems."/".device}" rootDevice="$(readlink -f "$rootDevice")" parentDevice="$rootDevice" while [ "''${parentDevice%[0-9]}" != "''${parentDevice}" ]; do @@ -48,11 +47,8 @@ with lib; if [ "''${parentDevice%[0-9]p}" != "''${parentDevice}" ] && [ -b "''${parentDevice%p}" ]; then parentDevice="''${parentDevice%p}" fi - TMPDIR=/run sh $(type -P growpart) "$parentDevice" "$partNum" - udevadm settle - fi - ''; - + "${pkgs.cloud-utils.guest}/bin/growpart" "$parentDevice" "$partNum" + ''; + }; }; - } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 22371c9fec37..33f8abf6ccd4 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -332,6 +332,7 @@ in { graphite = handleTest ./graphite.nix {}; graylog = handleTest ./graylog.nix {}; grocy = handleTest ./grocy.nix {}; + grow-partition = runTest ./grow-partition.nix; grub = handleTest ./grub.nix {}; guacamole-server = handleTest ./guacamole-server.nix {}; gvisor = handleTest ./gvisor.nix {}; diff --git a/nixos/tests/grow-partition.nix b/nixos/tests/grow-partition.nix new file mode 100644 index 000000000000..344910848dca --- /dev/null +++ b/nixos/tests/grow-partition.nix @@ -0,0 +1,83 @@ +{ lib, ... }: + +let + rootFslabel = "external"; + rootFsDevice = "/dev/disk/by-label/${rootFslabel}"; + + externalModule = partitionTableType: { config, lib, pkgs, ... }: { + virtualisation.directBoot.enable = false; + virtualisation.mountHostNixStore = false; + virtualisation.useEFIBoot = partitionTableType == "efi"; + + # This stops the qemu-vm module from overriding the fileSystems option + # with virtualisation.fileSystems. + virtualisation.fileSystems = lib.mkForce { }; + + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = partitionTableType == "efi"; + boot.loader.grub.efiInstallAsRemovable = partitionTableType == "efi"; + boot.loader.grub.device = if partitionTableType == "efi" then "nodev" else "/dev/vda"; + + boot.growPartition = true; + + fileSystems = { + "/".device = rootFsDevice; + }; + + system.build.diskImage = import ../lib/make-disk-image.nix { + inherit config lib pkgs; + label = rootFslabel; + inherit partitionTableType; + format = "raw"; + bootSize = "128M"; + additionalSpace = "0M"; + copyChannel = false; + }; + }; +in +{ + name = "grow-partition"; + + meta.maintainers = with lib.maintainers; [ arianvp ]; + + nodes = { + efi = externalModule "efi"; + legacy = externalModule "legacy"; + legacyGPT = externalModule "legacy+gpt"; + hybrid = externalModule "hybrid"; + }; + + + testScript = { nodes, ... }: + lib.concatLines (lib.mapAttrsToList (name: node: '' + import os + import subprocess + import tempfile + import shutil + + tmp_disk_image = tempfile.NamedTemporaryFile() + + shutil.copyfile("${node.system.build.diskImage}/nixos.img", tmp_disk_image.name) + + subprocess.run([ + "${node.virtualisation.qemu.package}/bin/qemu-img", + "resize", + "-f", + "raw", + tmp_disk_image.name, + "+32M", + ]) + + # Set NIX_DISK_IMAGE so that the qemu script finds the right disk image. + os.environ['NIX_DISK_IMAGE'] = tmp_disk_image.name + + ${name}.wait_for_unit("growpart.service") + systemd_growpart_logs = ${name}.succeed("journalctl --boot --unit growpart.service") + assert "CHANGED" in systemd_growpart_logs + ${name}.succeed("systemctl restart growpart.service") + systemd_growpart_logs = ${name}.succeed("journalctl --boot --unit growpart.service") + assert "NOCHANGE" in systemd_growpart_logs + + '') nodes); +} diff --git a/pkgs/applications/misc/html5validator/default.nix b/pkgs/applications/misc/html5validator/default.nix index 71ba3dcf100a..6c9c65cf4270 100644 --- a/pkgs/applications/misc/html5validator/default.nix +++ b/pkgs/applications/misc/html5validator/default.nix @@ -1,25 +1,41 @@ -{ buildPythonApplication, fetchFromGitHub, nose, openjdk, lib }: +{ lib +, fetchFromGitHub +, openjdk +, python3 +}: -buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "html5validator"; - version = "0.3.3"; + version = "0.4.2"; + format = "setuptools"; src = fetchFromGitHub { owner = "svenkreiss"; repo = "html5validator"; - rev = "v${version}"; - sha256 = "130acqi0dsy3midg7hwslykzry6crr4ln6ia0f0avyywkz4bplsv"; + rev = "refs/tags/v${version}"; + hash = "sha256-yvclqE4+2R9q/UJU9W95U1/xVJeNj+5eKvT6VQel9k8="; }; - propagatedBuildInputs = [ openjdk ]; + propagatedBuildInputs = [ + openjdk + ] ++ (with python3.pkgs; [ + pyyaml + ]); - nativeCheckInputs = [ nose ]; - checkPhase = "PATH=$PATH:$out/bin nosetests"; + nativeCheckInputs = with python3.pkgs; [ + hacking + pytestCheckHook + ]; + + preCheck = '' + export PATH="$PATH:$out/bin"; + ''; meta = with lib; { - homepage = "https://github.com/svenkreiss/html5validator"; description = "Command line tool that tests files for HTML5 validity"; + homepage = "https://github.com/svenkreiss/html5validator"; + changelog = "https://github.com/svenkreiss/html5validator/releases/tag/v${version}"; license = licenses.mit; - maintainers = [ maintainers.phunehehe ]; + maintainers = with maintainers; [ phunehehe ]; }; } diff --git a/pkgs/applications/networking/cluster/argocd-autopilot/default.nix b/pkgs/applications/networking/cluster/argocd-autopilot/default.nix index e42a4e0c4b49..3b0250c5f9a9 100644 --- a/pkgs/applications/networking/cluster/argocd-autopilot/default.nix +++ b/pkgs/applications/networking/cluster/argocd-autopilot/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "argocd-autopilot"; - version = "0.4.16"; + version = "0.4.17"; src = fetchFromGitHub { owner = "argoproj-labs"; repo = "argocd-autopilot"; rev = "v${version}"; - sha256 = "sha256-KxEH6FpCaOVOjdNKn7dYbFlT/W4gA8276Zt3sIs3Tg8="; + sha256 = "sha256-txbs1SzAaV1nCl104m0Ht5DwzCmK+sBDn4rZ1newdLc="; }; - vendorHash = "sha256-3f5eEge5tGko/B7MtPcifoQOkkVr0jjFX5nF6g1kow4="; + vendorHash = "sha256-1nolJLWkArzSKf11fzlvvgiCnvMYSu5MHRNAn1lryms="; proxyVendor = true; diff --git a/pkgs/applications/networking/cluster/terraform/default.nix b/pkgs/applications/networking/cluster/terraform/default.nix index 38051dff543c..5974560092c8 100644 --- a/pkgs/applications/networking/cluster/terraform/default.nix +++ b/pkgs/applications/networking/cluster/terraform/default.nix @@ -167,9 +167,9 @@ rec { mkTerraform = attrs: pluggable (generic attrs); terraform_1 = mkTerraform { - version = "1.6.1"; - hash = "sha256-qUJruwpec4uZ/gPWzpbQOMfSxkwRkRDlWDmVIgqe5A8="; - vendorHash = "sha256-1ZQDgNeMC59KrmZpA8T+Etbuk2MQKQsDYzqPGl6Y4Hg="; + version = "1.6.2"; + hash = "sha256-24B8YlorL00OqmYYVM1xg5dM9hZ4enDWJ1XIGmeEAiM="; + vendorHash = "sha256-fIirGWt4Os2uZHo4ui7wmZEp+DRUHu/0p+cQCbUbzjc="; patches = [ ./provider-path-0_15.patch ]; passthru = { inherit plugins; diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix index 8ab64a6e57dd..e4440b483595 100644 --- a/pkgs/applications/networking/ids/zeek/default.nix +++ b/pkgs/applications/networking/ids/zeek/default.nix @@ -22,6 +22,7 @@ let broker = callPackage ./broker { }; + python = python3.withPackages (p: [ p.gitpython p.semantic-version ]); in stdenv.mkDerivation rec { pname = "zeek"; @@ -43,7 +44,7 @@ stdenv.mkDerivation rec { cmake file flex - python3 + python ]; buildInputs = [ @@ -56,11 +57,11 @@ stdenv.mkDerivation rec { openssl swig zlib + python ] ++ lib.optionals stdenv.isLinux [ libkqueue ] ++ lib.optionals stdenv.isDarwin [ gettext - python3 ]; postPatch = '' diff --git a/pkgs/applications/networking/opsdroid/default.nix b/pkgs/applications/networking/opsdroid/default.nix index 4398c771e535..d4f2a9b26a18 100644 --- a/pkgs/applications/networking/opsdroid/default.nix +++ b/pkgs/applications/networking/opsdroid/default.nix @@ -17,7 +17,7 @@ python3Packages.buildPythonPackage rec { doCheck = false; propagatedBuildInputs = with python3Packages; [ - click babel opsdroid_get_image_size slackclient webexteamssdk bleach + click babel opsdroid-get-image-size slackclient webexteamssdk bleach parse emoji puremagic yamale nbformat websockets pycron nbconvert aiohttp matrix-api-async aioredis aiosqlite arrow pyyaml motor regex mattermostdriver setuptools voluptuous ibm-watson tailer multidict diff --git a/pkgs/applications/science/biology/bioawk/default.nix b/pkgs/applications/science/biology/bioawk/default.nix new file mode 100644 index 000000000000..cfbb1a551fac --- /dev/null +++ b/pkgs/applications/science/biology/bioawk/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, fetchFromGitHub +, installShellFiles +, bison +, zlib +}: + +stdenv.mkDerivation { + pname = "bioawk"; + version = "unstable-2017-09-11"; + + src = fetchFromGitHub { + owner = "lh3"; + repo = "bioawk"; + rev = "fd40150b7c557da45e781a999d372abbc634cc21"; + hash = "sha256-WWgz96DPP83J45isWkMbgEvOlibq6WefK//ImV6+AU0="; + }; + + nativeBuildInputs = [ + bison + installShellFiles + ]; + + buildInputs = [ + zlib + ]; + + buildFlags = [ + "CC=${stdenv.cc.targetPrefix}cc" + ]; + + installPhase = '' + runHook preInstall + + install -Dm755 bioawk -t $out/bin + mv awk.1 bioawk.1 + installManPage bioawk.1 + + runHook postInstall + ''; + + meta = with lib; { + description = "BWK awk modified for biological data"; + homepage = "https://github.com/lh3/bioawk"; + license = licenses.hpnd; + maintainers = with maintainers; [ natsukium ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/applications/window-managers/cwm/default.nix b/pkgs/applications/window-managers/cwm/default.nix index d46811290a2c..94b75af3ea5c 100644 --- a/pkgs/applications/window-managers/cwm/default.nix +++ b/pkgs/applications/window-managers/cwm/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "cwm"; - version = "7.1"; + version = "7.4"; src = fetchFromGitHub { owner = "leahneukirchen"; repo = pname; rev = "v${version}"; - sha256 = "sha256-lkjsxGMXOrnu4cUiV/TO7yzd9FzM297MhaFKauqmiHo="; + sha256 = "sha256-L3u4mH2UH2pTHhSPVr5dUi94b9DheslkIWL6EgQ05yA="; }; strictDeps = true; diff --git a/pkgs/by-name/fo/fortune-kind/package.nix b/pkgs/by-name/fo/fortune-kind/package.nix index 54d1ecc33fae..c3e76a5f0c61 100644 --- a/pkgs/by-name/fo/fortune-kind/package.nix +++ b/pkgs/by-name/fo/fortune-kind/package.nix @@ -11,16 +11,16 @@ rustPlatform.buildRustPackage rec { pname = "fortune-kind"; - version = "0.1.4"; + version = "0.1.5"; src = fetchFromGitHub { owner = "cafkafk"; repo = "fortune-kind"; rev = "v${version}"; - hash = "sha256-xIibKXca3RXQpRJyQ62GL7l24ovX4KXhdk2zK1gB98M="; + hash = "sha256-bpQ1cPsgKgOU3stnUwGrMnY9RZGZnuoR6B05LyARtVY="; }; - cargoHash = "sha256-7JBT3EhwrcNITR5ocQkLoQw4/R7xAoplZ9I1cTs9DW8="; + cargoHash = "sha256-2hL4vbbfvzJk73cvMU+eau+UHDFtokt4v8GBXyNkjbw="; nativeBuildInputs = [ makeBinaryWrapper installShellFiles ]; buildInputs = lib.optionals stdenv.isDarwin [ libiconv darwin.apple_sdk.frameworks.Security ]; diff --git a/pkgs/by-name/ge/geticons/package.nix b/pkgs/by-name/ge/geticons/package.nix new file mode 100644 index 000000000000..f3afda0f136d --- /dev/null +++ b/pkgs/by-name/ge/geticons/package.nix @@ -0,0 +1,27 @@ +{ lib +, rustPlatform +, fetchFromSourcehut +, gitUpdater +}: + +rustPlatform.buildRustPackage rec { + pname = "geticons"; + version = "1.2.2"; + + src = fetchFromSourcehut { + owner = "~zethra"; + repo = pname; + rev = version; + hash = "sha256-HEnUfOLeRTi2dRRqjDPVwVVHo/GN9wE28x5qv3qOpCY="; + }; + + cargoHash = "sha256-Znwni7uMnG9cpZbztUMY1j73K+XrDLv5zyNEZDoxWg4="; + passthru.updateScript = gitUpdater { }; + + meta = with lib; { + description = "CLI utility to get icons for apps on your system or other generic icons by name"; + homepage = "https://git.sr.ht/~zethra/geticons"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ Madouura ]; + }; +} diff --git a/pkgs/by-name/ko/kokkos/package.nix b/pkgs/by-name/ko/kokkos/package.nix new file mode 100644 index 000000000000..b6578f4a020f --- /dev/null +++ b/pkgs/by-name/ko/kokkos/package.nix @@ -0,0 +1,44 @@ +{ lib +, stdenv +, fetchFromGitHub +, gitUpdater +, cmake +, python3 +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "kokkos"; + version = "4.1.00"; + + src = fetchFromGitHub { + owner = "kokkos"; + repo = "kokkos"; + rev = finalAttrs.version; + hash = "sha256-bPgXn1Lv+EiiKEHgTVhRFhcELUnZCphaXDlrTYq6cpY="; + }; + + nativeBuildInputs = [ + cmake + python3 + ]; + + cmakeFlags = [ + (lib.cmakeBool "Kokkos_ENABLE_TESTS" true) + ]; + + postPatch = '' + patchShebangs . + ''; + + doCheck = true; + passthru.updateScript = gitUpdater { }; + + meta = with lib; { + description = "C++ Performance Portability Programming EcoSystem"; + homepage = "https://github.com/kokkos/kokkos"; + license = with licenses; [ asl20-llvm ]; + maintainers = with maintainers; [ Madouura ]; + platforms = platforms.unix; + broken = stdenv.isDarwin; + }; +}) diff --git a/pkgs/data/documentation/scheme-manpages/default.nix b/pkgs/data/documentation/scheme-manpages/default.nix index 08916f3e561f..6eb1e3e74170 100644 --- a/pkgs/data/documentation/scheme-manpages/default.nix +++ b/pkgs/data/documentation/scheme-manpages/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "scheme-manpages"; - version = "unstable-2023-08-13"; + version = "unstable-2023-08-27"; src = fetchFromGitHub { owner = "schemedoc"; repo = "manpages"; - rev = "c17abb7dfb733fede4cf776a932e9696ccc7a4f2"; - hash = "sha256-9s/1sJEA4nowzQRpySOFzY+PxiUdz1Z3D931rMet4CA="; + rev = "44317b20616699b13b2b6276c86d796f4ae0c8dd"; + hash = "sha256-qxj9sEQYOZ+me2IhDS5S2GRSho4KWWrEm+5MNxfw1VI="; }; dontBuild = true; diff --git a/pkgs/desktops/gnome/core/zenity/default.nix b/pkgs/desktops/gnome/core/zenity/default.nix index b171ef202252..6ff36b1c1960 100644 --- a/pkgs/desktops/gnome/core/zenity/default.nix +++ b/pkgs/desktops/gnome/core/zenity/default.nix @@ -45,6 +45,7 @@ stdenv.mkDerivation rec { }; meta = with lib; { + mainProgram = "zenity"; description = "Tool to display dialogs from the commandline and shell scripts"; homepage = "https://wiki.gnome.org/Projects/Zenity"; license = licenses.lgpl21Plus; diff --git a/pkgs/development/interpreters/janet/default.nix b/pkgs/development/interpreters/janet/default.nix index 3c44239dc2fa..f186021eb3d6 100644 --- a/pkgs/development/interpreters/janet/default.nix +++ b/pkgs/development/interpreters/janet/default.nix @@ -1,19 +1,30 @@ -{ lib, stdenv, fetchFromGitHub, meson, ninja }: +{ lib +, stdenv +, fetchFromGitHub +, meson +, ninja +, nix-update-script +, runCommand +}: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "janet"; - version = "1.31.0"; + version = "1.32.1"; src = fetchFromGitHub { owner = "janet-lang"; - repo = pname; - rev = "v${version}"; - hash = "sha256-Dj2fj1dsdAMl/H0vNKTf9qjPB4GVRpgWPVR+PuZWZMc="; + repo = "janet"; + rev = "v${finalAttrs.version}"; + hash = "sha256-24d9N59pTfQATWmAZN4dAFT8RTTlUlBPKokcQ/Fd2No="; }; postPatch = '' substituteInPlace janet.1 \ --replace /usr/local/ $out/ + '' + lib.optionalString stdenv.isDarwin '' + # error: Socket is not connected + substituteInPlace meson.build \ + --replace "'test/suite-ev.janet'," "" ''; nativeBuildInputs = [ meson ninja ]; @@ -29,6 +40,21 @@ stdenv.mkDerivation rec { $out/bin/janet -e '(+ 1 2 3)' ''; + passthru = { + tests.run = runCommand "janet-test-run" { + nativeBuildInputs = [finalAttrs.finalPackage]; + } '' + echo "(+ 1 2 3)" | janet | tail -n 1 > arithmeticTest.txt; + diff -U3 --color=auto <(cat arithmeticTest.txt) <(echo "6"); + + echo "(print \"Hello, World!\")" | janet | tail -n 2 > ioTest.txt; + diff -U3 --color=auto <(cat ioTest.txt) <(echo -e "Hello, World!\nnil"); + + touch $out; + ''; + updateScript = nix-update-script {}; + }; + meta = with lib; { description = "Janet programming language"; homepage = "https://janet-lang.org/"; @@ -36,4 +62,4 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ andrewchambers peterhoeg ]; platforms = platforms.all; }; -} +}) diff --git a/pkgs/development/libraries/CGAL/default.nix b/pkgs/development/libraries/CGAL/default.nix index 9d9233aad20e..672facdc230c 100644 --- a/pkgs/development/libraries/CGAL/default.nix +++ b/pkgs/development/libraries/CGAL/default.nix @@ -1,5 +1,5 @@ { lib, stdenv -, fetchFromGitHub +, fetchurl , cmake , boost , gmp @@ -8,13 +8,11 @@ stdenv.mkDerivation rec { pname = "cgal"; - version = "5.5.2"; + version = "5.5.3"; - src = fetchFromGitHub { - owner = "CGAL"; - repo = "releases"; - rev = "CGAL-${version}"; - sha256 = "sha256-olMPT/8Q0bf+rooJoNc0k8NrO//O7z0yqBoP8KX39yQ="; + src = fetchurl { + url = "https://github.com/CGAL/cgal/releases/download/v${version}/CGAL-${version}.tar.xz"; + hash = "sha256-CgT2YmkyVjKLBbq/q7XjpbfbL1pY1S48Ug350IKN3XM="; }; # note: optional component libCGAL_ImageIO would need zlib and opengl; diff --git a/pkgs/development/python-modules/aiohomekit/default.nix b/pkgs/development/python-modules/aiohomekit/default.nix index 7eb2a64d38e6..644c3cda0801 100644 --- a/pkgs/development/python-modules/aiohomekit/default.nix +++ b/pkgs/development/python-modules/aiohomekit/default.nix @@ -19,7 +19,7 @@ buildPythonPackage rec { pname = "aiohomekit"; - version = "3.0.5"; + version = "3.0.6"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -28,7 +28,7 @@ buildPythonPackage rec { owner = "Jc2k"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-Rux3fRP1lM42i42K24t27DwAadi+NRJJHDhPAjZXb7s="; + hash = "sha256-e7KSgUOEA3iAR4QdUhjYcHsPdtCJRxu6u+uxuDMaghQ="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/asdf-transform-schemas/default.nix b/pkgs/development/python-modules/asdf-transform-schemas/default.nix index 545062e0dd5a..d00e43e756a3 100644 --- a/pkgs/development/python-modules/asdf-transform-schemas/default.nix +++ b/pkgs/development/python-modules/asdf-transform-schemas/default.nix @@ -9,15 +9,15 @@ buildPythonPackage rec { pname = "asdf-transform-schemas"; - version = "0.3.0"; - format = "pyproject"; + version = "0.4.0"; + pyproject = true; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchPypi { pname = "asdf_transform_schemas"; inherit version; - hash = "sha256-DPL/eyLMtAj+WN3ZskQaWbpz/jI+QW1ZueCkcop9LdY="; + hash = "sha256-3n/cP+41+5V/wylXh3oOnX3U0uhRvWMaclnxHCvSlMo="; }; nativeBuildInputs = [ @@ -40,6 +40,7 @@ buildPythonPackage rec { meta = with lib; { description = "ASDF schemas for validating transform tags"; homepage = "https://github.com/asdf-format/asdf-transform-schemas"; + changelog = "https://github.com/asdf-format/asdf-transform-schemas/releases/tag/${version}"; license = licenses.bsd3; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/development/python-modules/bellows/default.nix b/pkgs/development/python-modules/bellows/default.nix index 2566e8e02e61..13cc8d991774 100644 --- a/pkgs/development/python-modules/bellows/default.nix +++ b/pkgs/development/python-modules/bellows/default.nix @@ -15,7 +15,7 @@ buildPythonPackage rec { pname = "bellows"; - version = "0.36.6"; + version = "0.36.7"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -24,7 +24,7 @@ buildPythonPackage rec { owner = "zigpy"; repo = "bellows"; rev = "refs/tags/${version}"; - hash = "sha256-ThLUWcGMTHg/ASKiL19iLe+9hq7KybWm+38PdoDhWvk="; + hash = "sha256-j7Awqt14/J0BbYcKwIR10UtVeqt9BpQkzT8dqGRVEOU="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/desktop-entry-lib/default.nix b/pkgs/development/python-modules/desktop-entry-lib/default.nix new file mode 100644 index 000000000000..5a6d3c00e7f0 --- /dev/null +++ b/pkgs/development/python-modules/desktop-entry-lib/default.nix @@ -0,0 +1,35 @@ +{ lib +, buildPythonPackage +, pythonOlder +, pytestCheckHook +, fetchFromGitea +, setuptools +}: + +buildPythonPackage rec { + pname = "desktop-entry-lib"; + version = "3.1"; + pyproject = true; + disabled = pythonOlder "3.9"; + + # We could use fetchPypi, but then the tests won't run + src = fetchFromGitea { + domain = "codeberg.org"; + owner = "JakobDev"; + repo = pname; + rev = version; + hash = "sha256-+c+FuLv88wc4yVw3iyFFtfbocnWzTCIe2DS0SWoj+VI="; + }; + + nativeBuildInputs = [ setuptools ]; + nativeCheckInputs = [ pytestCheckHook ]; + pythonImportsCheck = [ "desktop_entry_lib" ]; + + meta = with lib; { + description = "Allows reading and writing .desktop files according to the Desktop Entry Specification"; + homepage = "https://codeberg.org/JakobDev/desktop-entry-lib"; + changelog = "https://codeberg.org/JakobDev/desktop-entry-lib/releases/tag/${version}"; + license = licenses.bsd2; + maintainers = with maintainers; [ Madouura ]; + }; +} diff --git a/pkgs/development/python-modules/fnv-hash-fast/default.nix b/pkgs/development/python-modules/fnv-hash-fast/default.nix index 7fe9ba92b638..01e57845d3bb 100644 --- a/pkgs/development/python-modules/fnv-hash-fast/default.nix +++ b/pkgs/development/python-modules/fnv-hash-fast/default.nix @@ -11,14 +11,14 @@ buildPythonPackage rec { pname = "fnv-hash-fast"; - version = "0.4.1"; + version = "0.5.0"; format = "pyproject"; src = fetchFromGitHub { owner = "bdraco"; repo = "fnv-hash-fast"; rev = "v${version}"; - hash = "sha256-vKv3Hfla+U1teYVB+w8ONj0Ur996noanbg6aaJ6S6+I="; + hash = "sha256-gAHCssJC6sTR6ftkQHrtF/5Nf9dXE4ykRhVusb0Gu3I="; }; postPatch = '' diff --git a/pkgs/development/python-modules/opsdroid_get_image_size/default.nix b/pkgs/development/python-modules/opsdroid-get-image-size/default.nix similarity index 60% rename from pkgs/development/python-modules/opsdroid_get_image_size/default.nix rename to pkgs/development/python-modules/opsdroid-get-image-size/default.nix index 0f33da44145f..edd09d2750e2 100644 --- a/pkgs/development/python-modules/opsdroid_get_image_size/default.nix +++ b/pkgs/development/python-modules/opsdroid-get-image-size/default.nix @@ -1,15 +1,24 @@ -{ lib, buildPythonPackage, fetchPypi +{ lib +, buildPythonPackage +, fetchPypi +, setuptools }: buildPythonPackage rec { - pname = "opsdroid_get_image_size"; + pname = "opsdroid-get-image-size"; version = "0.2.2"; + pyproject = true; src = fetchPypi { - inherit pname version; - sha256 = "124j2xvfxv09q42qfb8nqlcn55y7f09iayrix3yfyrs2qyzav78a"; + pname = "opsdroid_get_image_size"; + inherit version; + hash = "sha256-Cp2tvsdCZ+/86DF7FRNwx5diGcUWLYcFwQns7nYXkog="; }; + nativeBuildInputs = [ + setuptools + ]; + # test data not included on pypi doCheck = false; diff --git a/pkgs/development/python-modules/optuna/default.nix b/pkgs/development/python-modules/optuna/default.nix index f3b41af02096..7a3b3cca06b0 100644 --- a/pkgs/development/python-modules/optuna/default.nix +++ b/pkgs/development/python-modules/optuna/default.nix @@ -13,6 +13,7 @@ , distributed , fakeredis , fastai +, google-cloud-storage , lightgbm , matplotlib , mlflow @@ -43,7 +44,7 @@ buildPythonPackage rec { pname = "optuna"; - version = "3.3.0"; + version = "3.4.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -52,7 +53,7 @@ buildPythonPackage rec { owner = "optuna"; repo = "optuna"; rev = "refs/tags/v${version}"; - hash = "sha256-uHv8uEJOQO1+AeNSxBtnCt6gDQHLT1RToF4hfolVVX0="; + hash = "sha256-WUjO13NxX0FneOPS4nn6aHq48X95r+GJR/Oxir6n8Pk="; }; nativeBuildInputs = [ @@ -62,7 +63,6 @@ buildPythonPackage rec { propagatedBuildInputs = [ alembic - cmaes colorlog numpy packaging @@ -96,6 +96,8 @@ buildPythonPackage rec { optional = [ boto3 botorch + cmaes + google-cloud-storage matplotlib pandas plotly diff --git a/pkgs/development/python-modules/publicsuffixlist/default.nix b/pkgs/development/python-modules/publicsuffixlist/default.nix index 47bca9e9311e..1b0745990ec5 100644 --- a/pkgs/development/python-modules/publicsuffixlist/default.nix +++ b/pkgs/development/python-modules/publicsuffixlist/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "publicsuffixlist"; - version = "0.10.0.20231002"; + version = "0.10.0.20231020"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-qO8/V0UZb9lWvPb0JbUABFCJbGFu5ulRMOFH4vrhDMw="; + hash = "sha256-5Woh5xWIVvVvgmp4xtpU51rXSCZDH0ljPpLpkvFmO+8="; }; passthru.optional-dependencies = { diff --git a/pkgs/development/python-modules/pydiscovergy/default.nix b/pkgs/development/python-modules/pydiscovergy/default.nix index d5cdb74b7671..3c87b6b6f3a1 100644 --- a/pkgs/development/python-modules/pydiscovergy/default.nix +++ b/pkgs/development/python-modules/pydiscovergy/default.nix @@ -15,7 +15,7 @@ buildPythonPackage rec { pname = "pydiscovergy"; - version = "2.0.4"; + version = "2.0.5"; format = "pyproject"; disabled = pythonOlder "3.10"; @@ -24,7 +24,7 @@ buildPythonPackage rec { owner = "jpbede"; repo = "pydiscovergy"; rev = "refs/tags/${version}"; - hash = "sha256-yHACEo5481BZVqqEj8WeuIpSWAfBqnmRdOWRPH5RuHQ="; + hash = "sha256-u2G+o/vhPri7CPSnekC8rUo/AvuvePpG51MR+FdH2XA="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/sphinx_pypi_upload/default.nix b/pkgs/development/python-modules/sphinx_pypi_upload/default.nix deleted file mode 100644 index d2c20e980e7a..000000000000 --- a/pkgs/development/python-modules/sphinx_pypi_upload/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -}: - -buildPythonPackage rec { - pname = "Sphinx-PyPI-upload"; - version = "0.2.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "5f919a47ce7a7e6028dba809de81ae1297ac192347cf6fc54efca919d4865159"; - }; - - meta = with lib; { - description = "Setuptools command for uploading Sphinx documentation to PyPI"; - homepage = "https://bitbucket.org/jezdez/sphinx-pypi-upload/"; - license = licenses.bsd0; - }; - -} diff --git a/pkgs/development/python-modules/zope-lifecycleevent/default.nix b/pkgs/development/python-modules/zope-lifecycleevent/default.nix new file mode 100644 index 000000000000..fc6b0005ffac --- /dev/null +++ b/pkgs/development/python-modules/zope-lifecycleevent/default.nix @@ -0,0 +1,44 @@ +{ lib +, buildPythonPackage +, fetchPypi +, pythonOlder +, setuptools +, zope_event +, zope_interface +}: + +buildPythonPackage rec { + pname = "zope-lifecycleevent"; + version = "5.0"; + pyproject = true; + + disabled = pythonOlder "3.7"; + + src = fetchPypi { + pname = "zope.lifecycleevent"; + inherit version; + hash = "sha256-6tP7SW52FPm1adFtrUt4BSsKwhh1utjWbKNQNS2bb50="; + }; + + nativeBuildInputs = [ + setuptools + ]; + + propagatedBuildInputs = [ zope_event zope_interface ]; + + # namespace colides with local directory + doCheck = false; + + pythonImportsCheck = [ + "zope.lifecycleevent" + "zope.interface" + ]; + + meta = with lib; { + homepage = "https://github.com/zopefoundation/zope.lifecycleevent"; + description = "Object life-cycle events"; + changelog = "https://github.com/zopefoundation/zope.lifecycleevent/blob/${version}/CHANGES.rst"; + license = licenses.zpl21; + maintainers = with maintainers; [ goibhniu ]; + }; +} diff --git a/pkgs/development/python-modules/zope_lifecycleevent/default.nix b/pkgs/development/python-modules/zope_lifecycleevent/default.nix deleted file mode 100644 index 807deb097feb..000000000000 --- a/pkgs/development/python-modules/zope_lifecycleevent/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, isPy3k -, zope_event -, zope-component -}: - -buildPythonPackage rec { - pname = "zope.lifecycleevent"; - version = "4.4"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-9ahU6J/5fe6ke/vqN4u77yeJ0uDMkKHB2lfZChzmfLU="; - }; - - propagatedBuildInputs = [ zope_event zope-component ]; - - # namespace colides with local directory - doCheck = false; - - # zope uses pep 420 namespaces for python3, doesn't work with nix + python2 - pythonImportsCheck = lib.optionals isPy3k [ - "zope.lifecycleevent" - "zope.interface" - ]; - - meta = with lib; { - homepage = "https://github.com/zopefoundation/zope.lifecycleevent"; - description = "Object life-cycle events"; - license = licenses.zpl20; - maintainers = with maintainers; [ goibhniu ]; - }; - -} diff --git a/pkgs/development/tools/buildkit/default.nix b/pkgs/development/tools/buildkit/default.nix index 6787ca6b07dd..41843024a515 100644 --- a/pkgs/development/tools/buildkit/default.nix +++ b/pkgs/development/tools/buildkit/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "buildkit"; - version = "0.12.2"; + version = "0.12.3"; src = fetchFromGitHub { owner = "moby"; repo = "buildkit"; rev = "v${version}"; - hash = "sha256-u85Yrg3aMG6Tx8onivSy1p7yB4lZxsBWF4bxnwO68EE="; + hash = "sha256-ph44J90g5zOTi/+FVbdnDDJp1gXcxPt7coA1rvhsQSQ="; }; vendorHash = null; diff --git a/pkgs/development/tools/kustomize/default.nix b/pkgs/development/tools/kustomize/default.nix index 6f62f7d86c92..a8e90fc7b036 100644 --- a/pkgs/development/tools/kustomize/default.nix +++ b/pkgs/development/tools/kustomize/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "kustomize"; - version = "5.1.1"; + version = "5.2.1"; ldflags = let t = "sigs.k8s.io/kustomize/api/provenance"; in [ @@ -15,13 +15,13 @@ buildGoModule rec { owner = "kubernetes-sigs"; repo = pname; rev = "kustomize/v${version}"; - hash = "sha256-XtpMws2o3h19PsRJXKg+y5/Zk3bc6mJ4O1LLZ40ioTM="; + hash = "sha256-NuDg9Vtfxddosi8J7p6+WI2jDM2k16gbWsQcZF27vJo="; }; # avoid finding test and development commands modRoot = "kustomize"; proxyVendor = true; - vendorHash = "sha256-/XyxZHhlxD0CpaDAuJbLkOHysLXo1+ThTcexqtNdVIs="; + vendorHash = "sha256-pA0B4CA5RXyo2GTyk9Xa/unpU46gnLI6ulCY5vTLTvA="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/development/web/nodejs/v21.nix b/pkgs/development/web/nodejs/v21.nix new file mode 100644 index 000000000000..6d59e20dfa5f --- /dev/null +++ b/pkgs/development/web/nodejs/v21.nix @@ -0,0 +1,19 @@ +{ callPackage, openssl, python3, enableNpm ? true }: + +let + buildNodejs = callPackage ./nodejs.nix { + inherit openssl; + python = python3; + }; +in +buildNodejs { + inherit enableNpm; + version = "21.0.0"; + sha256 = "sha256-vFYZK5Ua0YNQbcqaz3pNDAJZEUC3/I8lZhN1GZJm8/I="; + patches = [ + ./revert-arm64-pointer-auth.patch + ./disable-darwin-v8-system-instrumentation-node19.patch + ./bypass-darwin-xcrun-node16.patch + ./node-npm-build-npm-package-logic.patch + ]; +} diff --git a/pkgs/os-specific/linux/cpufrequtils/default.nix b/pkgs/os-specific/linux/cpufrequtils/default.nix index d64996c4961e..f62d8463714e 100644 --- a/pkgs/os-specific/linux/cpufrequtils/default.nix +++ b/pkgs/os-specific/linux/cpufrequtils/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://ftp.be.debian.org/pub/linux/utils/kernel/cpufreq/cpufrequtils-${version}.tar.gz"; - sha256 = "127i38d4w1hv2dzdy756gmbhq25q3k34nqb2s0xlhsfhhdqs0lq0"; + hash = "sha256-AFOgcYPQaUg70GJhS8YcuAgMV32mHN9+ExsGThoa8Yg="; }; patches = [ @@ -27,5 +27,6 @@ stdenv.mkDerivation rec { homepage = "http://ftp.be.debian.org/pub/linux/utils/kernel/cpufreq/cpufrequtils.html"; license = licenses.gpl2Only; platforms = [ "x86_64-linux" ]; + mainProgram = "cpufreq-set"; }; } diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 038a3105a182..ceb34fe0c76f 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -146,7 +146,7 @@ let scheduler = { IOSCHED_CFQ = whenOlder "5.0" yes; # Removed in 5.0-RC1 BLK_CGROUP = yes; # required by CFQ" - BLK_CGROUP_IOLATENCY = whenAtLeast "4.19" yes; + BLK_CGROUP_IOLATENCY = yes; BLK_CGROUP_IOCOST = whenAtLeast "5.4" yes; IOSCHED_DEADLINE = whenOlder "5.0" yes; # Removed in 5.0-RC1 MQ_IOSCHED_DEADLINE = yes; @@ -183,8 +183,8 @@ let BPF_JIT = whenPlatformHasEBPFJit yes; BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit no; # whenPlatformHasEBPFJit yes; # see https://github.com/NixOS/nixpkgs/issues/79304 HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; - BPF_STREAM_PARSER = whenAtLeast "4.19" yes; - XDP_SOCKETS = whenAtLeast "4.19" yes; + BPF_STREAM_PARSER = yes; + XDP_SOCKETS = yes; XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes; WAN = yes; TCP_CONG_ADVANCED = yes; @@ -208,7 +208,7 @@ let IPV6_FOU_TUNNEL = module; IPV6_SEG6_LWTUNNEL = yes; IPV6_SEG6_HMAC = yes; - IPV6_SEG6_BPF = whenAtLeast "4.18" yes; + IPV6_SEG6_BPF = yes; NET_CLS_BPF = module; NET_ACT_BPF = module; NET_SCHED = yes; @@ -237,22 +237,17 @@ let NF_CONNTRACK_TIMEOUT = yes; NF_CONNTRACK_TIMESTAMP = yes; NETFILTER_NETLINK_GLUE_CT = yes; - NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; - NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; + NF_TABLES_INET = yes; + NF_TABLES_NETDEV = yes; NFT_REJECT_NETDEV = whenAtLeast "5.11" module; # IP: Netfilter Configuration - NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; - NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; + NF_TABLES_IPV4 = yes; + NF_TABLES_ARP = yes; # IPv6: Netfilter Configuration - NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module) - (whenAtLeast "4.17" yes) ]; + NF_TABLES_IPV6 = yes; # Bridge Netfilter Configuration - NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) + NF_TABLES_BRIDGE = mkMerge [ (whenOlder "5.3" yes) (whenAtLeast "5.3" module) ]; # needed for `dropwatch` @@ -274,7 +269,7 @@ let # Kernel TLS TLS = module; - TLS_DEVICE = whenAtLeast "4.18" yes; + TLS_DEVICE = yes; # infiniband INFINIBAND = module; @@ -323,7 +318,7 @@ let FB_3DFX_ACCEL = yes; FB_VESA = yes; FRAMEBUFFER_CONSOLE = yes; - FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = whenAtLeast "4.19" yes; + FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER = yes; FRAMEBUFFER_CONSOLE_ROTATION = yes; FB_GEODE = mkIf (stdenv.hostPlatform.system == "i686-linux") yes; # On 5.14 this conflicts with FB_SIMPLE. @@ -357,8 +352,7 @@ let # Allow device firmware updates DRM_DP_AUX_CHARDEV = yes; # amdgpu display core (DC) support - DRM_AMD_DC_DCN1_0 = whenBetween "4.15" "5.6" yes; - DRM_AMD_DC_PRE_VEGA = whenBetween "4.15" "4.18" yes; + DRM_AMD_DC_DCN1_0 = whenOlder "5.6" yes; DRM_AMD_DC_DCN2_0 = whenBetween "5.3" "5.6" yes; DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes; DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes; @@ -368,8 +362,8 @@ let DRM_AMD_DC_SI = whenAtLeast "5.10" yes; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { # Intel GVT-g graphics virtualization supports 64-bit only - DRM_I915_GVT = whenAtLeast "4.16" yes; - DRM_I915_GVT_KVMGT = whenAtLeast "4.16" module; + DRM_I915_GVT = yes; + DRM_I915_GVT_KVMGT = module; # Enable Hyper-V Synthetic DRM Driver DRM_HYPERV = whenAtLeast "5.14" module; } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { @@ -425,25 +419,9 @@ let usb-serial = { USB_SERIAL_GENERIC = yes; # USB Generic Serial Driver - } // optionalAttrs (versionOlder version "4.16") { - # Include firmware for various USB serial devices. - # Only applicable for kernels below 4.16, after that no firmware is shipped in the kernel tree. - USB_SERIAL_KEYSPAN_MPR = yes; - USB_SERIAL_KEYSPAN_USA28 = yes; - USB_SERIAL_KEYSPAN_USA28X = yes; - USB_SERIAL_KEYSPAN_USA28XA = yes; - USB_SERIAL_KEYSPAN_USA28XB = yes; - USB_SERIAL_KEYSPAN_USA19 = yes; - USB_SERIAL_KEYSPAN_USA18X = yes; - USB_SERIAL_KEYSPAN_USA19W = yes; - USB_SERIAL_KEYSPAN_USA19QW = yes; - USB_SERIAL_KEYSPAN_USA19QI = yes; - USB_SERIAL_KEYSPAN_USA49W = yes; - USB_SERIAL_KEYSPAN_USA49WLC = yes; }; usb = { - USB_DEBUG = { optional = true; tristate = whenOlder "4.18" "n";}; USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies) @@ -514,7 +492,6 @@ let CIFS_XATTR = yes; CIFS_POSIX = option yes; CIFS_FSCACHE = yes; - CIFS_STATS = whenOlder "4.19" yes; CIFS_WEAK_PW_HASH = whenOlder "5.15" yes; CIFS_UPCALL = yes; CIFS_ACL = whenOlder "5.3" yes; @@ -569,7 +546,7 @@ let SECURITY_APPARMOR = yes; DEFAULT_SECURITY_APPARMOR = yes; - RANDOM_TRUST_CPU = whenOlder "6.2" (whenAtLeast "4.19" yes); # allow RDRAND to seed the RNG + RANDOM_TRUST_CPU = whenOlder "6.2" yes; # allow RDRAND to seed the RNG RANDOM_TRUST_BOOTLOADER = whenOlder "6.2" (whenAtLeast "5.4" yes); # allow the bootloader to seed the RNG MODULE_SIG = no; # r13y, generates a random key during build and bakes it in @@ -581,10 +558,6 @@ let PERSISTENT_KEYRINGS = yes; # enable temporary caching of the last request_key() result KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; - } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { - - # Detect buffer overflows on the stack - CC_STACKPROTECTOR_REGULAR = {optional = true; tristate = whenOlder "4.18" "y";}; } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; @@ -596,7 +569,7 @@ let # AMD SME AMD_MEM_ENCRYPT = yes; # AMD SEV and AMD SEV-SE - KVM_AMD_SEV = whenAtLeast "4.16" yes; + KVM_AMD_SEV = yes; # AMD SEV-SNP SEV_GUEST = whenAtLeast "5.19" module; }; @@ -702,7 +675,6 @@ let XEN_PVH = option yes; XEN_PVHVM = option yes; XEN_SAVE_RESTORE = option yes; - XEN_SCRUB_PAGES = whenOlder "4.19" yes; XEN_SELFBALLOONING = whenOlder "5.3" yes; # Enable device detection on virtio-mmio hypervisors @@ -756,40 +728,11 @@ let tests = { # This menu disables all/most of them on >= 4.16 RUNTIME_TESTING_MENU = option no; - } // optionalAttrs (versionOlder version "4.16") { - # For older kernels, painstakingly disable each symbol. - ARM_KPROBES_TEST = option no; - ASYNC_RAID6_TEST = option no; - ATOMIC64_SELFTEST = option no; - BACKTRACE_SELF_TEST = option no; - INTERVAL_TREE_TEST = option no; - PERCPU_TEST = option no; - RBTREE_TEST = option no; - TEST_BITMAP = option no; - TEST_BPF = option no; - TEST_FIRMWARE = option no; - TEST_HASH = option no; - TEST_HEXDUMP = option no; - TEST_KMOD = option no; - TEST_KSTRTOX = option no; - TEST_LIST_SORT = option no; - TEST_LKM = option no; - TEST_PARMAN = option no; - TEST_PRINTF = option no; - TEST_RHASHTABLE = option no; - TEST_SORT = option no; - TEST_STATIC_KEYS = option no; - TEST_STRING_HELPERS = option no; - TEST_UDELAY = option no; - TEST_USER_COPY = option no; - TEST_UUID = option no; } // { CRC32_SELFTEST = option no; CRYPTO_TEST = option no; EFI_TEST = option no; GLOB_SELFTEST = option no; - DRM_DEBUG_MM_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; - LNET_SELFTEST = { optional = true; tristate = whenOlder "4.18" "n";}; LOCK_TORTURE_TEST = option no; MTD_TESTS = option no; NOTIFIER_ERROR_INJECTION = option no; @@ -801,23 +744,11 @@ let XZ_DEC_TEST = option no; }; - criu = if (versionAtLeast version "4.19") then { + criu = { # Unconditionally enabled, because it is required for CRIU and # it provides the kcmp() system call that Mesa depends on. CHECKPOINT_RESTORE = yes; - } else optionalAttrs (features.criu or false) ({ - # For older kernels, CHECKPOINT_RESTORE is hidden behind EXPERT. - EXPERT = yes; - CHECKPOINT_RESTORE = yes; - } // optionalAttrs (features.criu_revert_expert or true) { - RFKILL_INPUT = option yes; - HID_PICOLCD_FB = option yes; - HID_PICOLCD_BACKLIGHT = option yes; - HID_PICOLCD_LCD = option yes; - HID_PICOLCD_LEDS = option yes; - HID_PICOLCD_CIR = option yes; - DEBUG_MEMORY_INIT = option yes; - }); + }; misc = let # Use zstd for kernel compression if 64-bit and newer than 5.9, otherwise xz. @@ -861,7 +792,6 @@ let PM_TRACE_RTC = no; # Disable some expensive (?) features. ACCESSIBILITY = yes; # Accessibility support AUXDISPLAY = yes; # Auxiliary Display support - DONGLE = whenOlder "4.17" yes; # Serial dongle support HIPPI = yes; MTD_COMPLEX_MAPPINGS = yes; # needed for many devices @@ -917,7 +847,6 @@ let FUSION = yes; # Fusion MPT device support IDE = whenOlder "5.14" no; # deprecated IDE support, removed in 5.14 IDLE_PAGE_TRACKING = yes; - IRDA_ULTRA = whenOlder "4.17" yes; # Ultra (connectionless) protocol JOYSTICK_IFORCE_232 = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force Serial joysticks and wheels JOYSTICK_IFORCE_USB = { optional = true; tristate = whenOlder "5.3" "y"; }; # I-Force USB joysticks and wheels @@ -939,7 +868,7 @@ let MLX5_CORE_EN = option yes; - NVME_MULTIPATH = whenAtLeast "4.15" yes; + NVME_MULTIPATH = yes; PSI = whenAtLeast "4.20" yes; @@ -1014,7 +943,7 @@ let X86_PLATFORM_DRIVERS_DELL = whenAtLeast "5.12" yes; X86_PLATFORM_DRIVERS_HP = whenAtLeast "6.1" yes; - LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ]; + LIRC = yes; SCHED_CORE = whenAtLeast "5.14" yes; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 1981ad96b551..cadef31334df 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -52,12 +52,12 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.57-hardened1.patch", - "sha256": "0cjcjphl2val9kl9vn37yvgd1k02pn2qm6g7dnfpzph4mxg17ap4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.57-hardened1/linux-hardened-6.1.57-hardened1.patch" + "name": "linux-hardened-6.1.58-hardened1.patch", + "sha256": "0xca1pf6hkipci7blly111cchfw58cj22b73nr38dks0xvyb4rx6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.58-hardened1/linux-hardened-6.1.58-hardened1.patch" }, - "sha256": "1ccidrxswblxw9yaa45y6ds16pc7647f6fz36xxxhljivhyzxszr", - "version": "6.1.57" + "sha256": "1b913ina3rcw4dx2s7n37kynv8rqsmrqa2ialsib6h7nsb9px66f", + "version": "6.1.58" }, "6.5": { "patch": { diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index b4772aa24271..94c383ff8dbd 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -4,20 +4,20 @@ "hash": "sha256:1yzzf0bswqqarmbkw17vqcrkghivin7ca84x919aa2i8z7fyg2hw" }, "6.5": { - "version": "6.5.7", - "hash": "sha256:135v3y2vgc83dca4xi7q52wqi4dkfal74k1y73jwzj85h12fl28d" + "version": "6.5.8", + "hash": "sha256:05zpdh4dxaadq52hlczdmwb7bsqfm3q45v7bdqbsmplhgn4wm719" }, "6.4": { "version": "6.4.16", "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" }, "6.1": { - "version": "6.1.58", - "hash": "sha256:1b913ina3rcw4dx2s7n37kynv8rqsmrqa2ialsib6h7nsb9px66f" + "version": "6.1.59", + "hash": "sha256:1860r1aan258yi2jq68bp1kdbcyy7ygc7d8g54wnc0vmqqj7fzv2" }, "5.15": { - "version": "5.15.135", - "hash": "sha256:0w3i8jvzqvfnlarcvg89k1144ln96fszv16lzrn16zr3kri5x0ql" + "version": "5.15.136", + "hash": "sha256:1f5cxrair8qycjcc931kcdsarbrph32ypdyhrws8sw74gvzbj966" }, "5.10": { "version": "5.10.198", diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index 3db19396bee9..1f175c03d8a8 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -2,7 +2,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt , nginx-doc , nixosTests -, substituteAll, removeReferencesTo, gd, geoip, perl +, installShellFiles, substituteAll, removeReferencesTo, gd, geoip, perl , withDebug ? false , withKTLS ? false , withStream ? true @@ -51,15 +51,17 @@ assert lib.assertMsg (lib.unique moduleNames == moduleNames) stdenv.mkDerivation { inherit pname version nginxVersion; - outputs = ["out" "doc"]; + outputs = [ "out" "doc" ]; src = if src != null then src else fetchurl { url = "https://nginx.org/download/nginx-${version}.tar.gz"; inherit hash; }; - nativeBuildInputs = [ removeReferencesTo ] - ++ nativeBuildInputs; + nativeBuildInputs = [ + installShellFiles + removeReferencesTo + ] ++ nativeBuildInputs; buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip perl ] ++ buildInputs @@ -166,6 +168,12 @@ stdenv.mkDerivation { preInstall = '' mkdir -p $doc cp -r ${nginx-doc}/* $doc + + # TODO: make it unconditional when `openresty` and `nginx` are not + # sharing this code. + if [[ -e man/nginx.8 ]]; then + installManPage man/nginx.8 + fi ''; disallowedReferences = map (m: m.src) modules; diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index 8e9aee8ad986..8b6623200eba 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -52,6 +52,9 @@ perlPackages.buildPerlPackage rec { export HOME=$NIX_BUILD_TOP/home mkdir -p $HOME mkdir t/log # pre-create to avoid race conditions + + # https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8068 + checkFlagsArray+=(TEST_FILES='$(shell find t -name *.t -not -name spamd_ssl_accept_fail.t)') ''; postInstall = '' diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix index 25d889694504..b1f3bb7adcc3 100644 --- a/pkgs/servers/nosql/redis/default.nix +++ b/pkgs/servers/nosql/redis/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "redis"; - version = "7.2.1"; + version = "7.2.2"; src = fetchurl { url = "https://download.redis.io/releases/redis-${finalAttrs.version}.tar.gz"; - hash = "sha256-XHbZkKGxxflJvNHu2Q0Mik9wNpvb3LQCiMVh3fiJZ6Q="; + hash = "sha256-ypmb4IgA7cbSZTecTHqvrZLw7kAGkuTi1pgpq0tMPQg="; }; patches = lib.optionals useSystemJemalloc [ diff --git a/pkgs/servers/shairport-sync/default.nix b/pkgs/servers/shairport-sync/default.nix index 7cd768bd332a..b1bac49ba919 100644 --- a/pkgs/servers/shairport-sync/default.nix +++ b/pkgs/servers/shairport-sync/default.nix @@ -40,13 +40,13 @@ in stdenv.mkDerivation rec { pname = "shairport-sync"; - version = "4.3.1"; + version = "4.3.2"; src = fetchFromGitHub { repo = "shairport-sync"; owner = "mikebrady"; rev = "refs/tags/${version}"; - hash = "sha256-Yj0SKMKACj2B/ADPkUzO4EvaYZX39erKmjaTsr5UN0s="; + hash = "sha256-M7bJO8KVxP2H27aB0qJcsaN9uHADWeOYPdNo8Xfg9gc="; }; nativeBuildInputs = [ diff --git a/pkgs/servers/sql/pgbouncer/default.nix b/pkgs/servers/sql/pgbouncer/default.nix index b0f2bcb61626..7f6cfa0f898a 100644 --- a/pkgs/servers/sql/pgbouncer/default.nix +++ b/pkgs/servers/sql/pgbouncer/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pgbouncer"; - version = "1.20.1"; + version = "1.21.0"; src = fetchurl { url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz"; - hash = "sha256-JJks9VfXNCbXBIaY3/x7AZ5jZNTYdXriz14kcShqIIg="; + hash = "sha256-fh3WIMjYWoSQr/JQYdUFXXrvnPPov+LZ53GbjuWRFOI="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/shells/nushell/plugins/default.nix b/pkgs/shells/nushell/plugins/default.nix index 44b5b05a739f..dfe2a4062c89 100644 --- a/pkgs/shells/nushell/plugins/default.nix +++ b/pkgs/shells/nushell/plugins/default.nix @@ -4,4 +4,5 @@ lib.makeScope newScope (self: with self; { gstat = callPackage ./gstat.nix { inherit Security; }; formats = callPackage ./formats.nix { inherit IOKit Foundation; }; query = callPackage ./query.nix { inherit IOKit CoreFoundation; }; + regex = callPackage ./regex.nix { }; }) diff --git a/pkgs/shells/nushell/plugins/regex.nix b/pkgs/shells/nushell/plugins/regex.nix new file mode 100644 index 000000000000..457c7170a5b3 --- /dev/null +++ b/pkgs/shells/nushell/plugins/regex.nix @@ -0,0 +1,32 @@ +{ stdenv +, lib +, rustPlatform +, fetchFromGitHub +, nix-update-script +}: + +rustPlatform.buildRustPackage { + pname = "nushell_plugin_regex"; + version = "unstable-2023-10-08"; + + src = fetchFromGitHub { + owner = "fdncred"; + repo = "nu_plugin_regex"; + rev = "e1aa88e703f1f632ede685dd733472d34dd0c8e7"; + hash = "sha256-GJgnsaeNDJoJjw8RPw6wpEq1mIult18Eh4frl8Plgxc="; + }; + + cargoHash = "sha256-AACpzSavY6MlYnl1lDYxVlfsEvEpNK0u8SzsoSZbqFc="; + + passthru = { + updateScript = nix-update-script { }; + }; + + meta = with lib; { + description = "A Nushell plugin to parse regular expressions"; + homepage = "https://github.com/fdncred/nu_plugin_regex"; + license = licenses.mit; + maintainers = with maintainers; [ aidalgol ]; + platforms = with platforms; all; + }; +} diff --git a/pkgs/tools/admin/chamber/default.nix b/pkgs/tools/admin/chamber/default.nix index 7f716e3b1fbe..0dca98037997 100644 --- a/pkgs/tools/admin/chamber/default.nix +++ b/pkgs/tools/admin/chamber/default.nix @@ -2,18 +2,18 @@ buildGoModule rec { pname = "chamber"; - version = "2.13.3"; + version = "2.13.4"; src = fetchFromGitHub { owner = "segmentio"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Pte2fOIuezFJ1Hz5MgjRDTIAMJ5r+LO1hKHc3sLu0W4="; + sha256 = "sha256-J6sLDalvUl4SgSyr5DK/tW7DyRa/qdKw6zornz1R2ck="; }; CGO_ENABLED = 0; - vendorHash = "sha256-McicBVC2niLvP902monJwPMOrQKSum10zeHNcO32/M8="; + vendorHash = "sha256-BkTC6sqitc1OHdQFlA2BtqxHI31ubBj2GRszs3YlWsA="; ldflags = [ "-s" "-w" "-X main.Version=v${version}" ]; diff --git a/pkgs/tools/misc/fzf/default.nix b/pkgs/tools/misc/fzf/default.nix index 29f87b4ffdd0..be7992f94af5 100644 --- a/pkgs/tools/misc/fzf/default.nix +++ b/pkgs/tools/misc/fzf/default.nix @@ -79,7 +79,10 @@ buildGoModule rec { install -D shell/* -t $out/share/fzf/ install -D shell/key-bindings.fish $out/share/fish/vendor_functions.d/fzf_key_bindings.fish mkdir -p $out/share/fish/vendor_conf.d - echo fzf_key_bindings > $out/share/fish/vendor_conf.d/load-fzf-key-bindings.fish + cat << EOF > $out/share/fish/vendor_conf.d/load-fzf-key-bindings.fish + status is-interactive; or exit 0 + fzf_key_bindings + EOF cat <