diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
index 26ce561013b6..5a21cb45d52b 100644
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -223,10 +223,10 @@ foreach my $u (@{$spec->{users}}) {
}
# Ensure home directory incl. ownership and permissions.
- if ($u->{createHome}) {
- make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry;
+ if ($u->{createHome} and !$is_dry) {
+ make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
- chmod 0700, $u->{home};
+ chmod oct($u->{homeMode}), $u->{home};
}
if (defined $u->{passwordFile}) {
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index b0f96c754fa5..d3bdf218c339 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -48,7 +48,7 @@ let
services such as SSH, or indirectly via su or
sudo). This should only be used for e.g. bootable
live systems. Note: this is different from setting an empty password,
- which ca be achieved using .
+ which can be achieved using .
If set to null (default) this user will not
be able to log in using a password (i.e. via login
@@ -139,6 +139,12 @@ let
description = "The user's home directory.";
};
+ homeMode = mkOption {
+ type = types.strMatching "[0-7]{1,5}";
+ default = "700";
+ description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if is true.";
+ };
+
cryptHomeLuks = mkOption {
type = with types; nullOr str;
default = null;
@@ -319,6 +325,7 @@ let
group = mkDefault "users";
createHome = mkDefault true;
home = mkDefault "/home/${config.name}";
+ homeMode = mkDefault "700";
useDefaultShell = mkDefault true;
isSystemUser = mkDefault false;
})
@@ -430,7 +437,7 @@ let
inherit (cfg) mutableUsers;
users = mapAttrsToList (_: u:
{ inherit (u)
- name uid group description home createHome isSystemUser
+ name uid group description home homeMode createHome isSystemUser
password passwordFile hashedPassword
autoSubUidGidRange subUidRanges subGidRanges
initialPassword initialHashedPassword;
diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix
index b41a2fd27be2..256d9457d396 100644
--- a/nixos/modules/services/networking/mosquitto.nix
+++ b/nixos/modules/services/networking/mosquitto.nix
@@ -199,6 +199,7 @@ let
allow_anonymous = 1;
allow_zero_length_clientid = 1;
auto_id_prefix = 1;
+ bind_interface = 1;
cafile = 1;
capath = 1;
certfile = 1;
@@ -295,7 +296,7 @@ let
};
listenerAsserts = prefix: listener:
- assertKeysValid prefix freeformListenerKeys listener.settings
+ assertKeysValid "${prefix}.settings" freeformListenerKeys listener.settings
++ userAsserts prefix listener.users
++ imap0
(i: v: authAsserts "${prefix}.authPlugins.${toString i}" v)
@@ -397,7 +398,7 @@ let
};
bridgeAsserts = prefix: bridge:
- assertKeysValid prefix freeformBridgeKeys bridge.settings
+ assertKeysValid "${prefix}.settings" freeformBridgeKeys bridge.settings
++ [ {
assertion = length bridge.addresses > 0;
message = "Bridge ${prefix} needs remote broker addresses";
@@ -526,7 +527,7 @@ let
globalAsserts = prefix: cfg:
flatten [
- (assertKeysValid prefix freeformGlobalKeys cfg.settings)
+ (assertKeysValid "${prefix}.settings" freeformGlobalKeys cfg.settings)
(imap0 (n: l: listenerAsserts "${prefix}.listener.${toString n}" l) cfg.listeners)
(mapAttrsToList (n: b: bridgeAsserts "${prefix}.bridge.${n}" b) cfg.bridges)
];
@@ -629,9 +630,10 @@ in
]));
RemoveIPC = true;
RestrictAddressFamilies = [
- "AF_UNIX" # for sd_notify() call
+ "AF_UNIX"
"AF_INET"
"AF_INET6"
+ "AF_NETLINK"
];
RestrictNamespaces = true;
RestrictRealtime = true;
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 2c9ee9fc319f..679c5210a6b3 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -35,11 +35,11 @@ let
"nss-lookup.target"
"nss-user-lookup.target"
"time-sync.target"
- ] ++ (optionals cfg.package.withCryptsetup [
+ ] ++ optionals cfg.package.withCryptsetup [
"cryptsetup.target"
"cryptsetup-pre.target"
"remote-cryptsetup.target"
- ]) ++ [
+ ] ++ [
"sigpwr.target"
"timers.target"
"paths.target"
@@ -133,20 +133,27 @@ let
# Slices / containers.
"slices.target"
+ ] ++ optionals cfg.package.withImportd [
+ "systemd-importd.service"
+ ] ++ optionals cfg.package.withMachined [
"machine.slice"
"machines.target"
- "systemd-importd.service"
"systemd-machined.service"
+ ] ++ [
"systemd-nspawn@.service"
# Misc.
"systemd-sysctl.service"
+ ] ++ optionals cfg.package.withTimedated [
"dbus-org.freedesktop.timedate1.service"
- "dbus-org.freedesktop.locale1.service"
- "dbus-org.freedesktop.hostname1.service"
"systemd-timedated.service"
+ ] ++ optionals cfg.package.withLocaled [
+ "dbus-org.freedesktop.locale1.service"
"systemd-localed.service"
+ ] ++ optionals cfg.package.withHostnamed [
+ "dbus-org.freedesktop.hostname1.service"
"systemd-hostnamed.service"
+ ] ++ [
"systemd-exit.service"
"systemd-update-done.service"
] ++ cfg.additionalUpstreamSystemUnits;
diff --git a/nixos/modules/system/boot/systemd/logind.nix b/nixos/modules/system/boot/systemd/logind.nix
index c1e6cfe61d04..97ac588bce17 100644
--- a/nixos/modules/system/boot/systemd/logind.nix
+++ b/nixos/modules/system/boot/systemd/logind.nix
@@ -81,8 +81,11 @@ in
"systemd-logind.service"
"autovt@.service"
"systemd-user-sessions.service"
+ ] ++ optionals config.systemd.package.withImportd [
"dbus-org.freedesktop.import1.service"
+ ] ++ optionals config.systemd.package.withMachined [
"dbus-org.freedesktop.machine1.service"
+ ] ++ [
"dbus-org.freedesktop.login1.service"
"user@.service"
"user-runtime-dir@.service"
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 0de71030c4fb..f4b6ee73562e 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -580,6 +580,7 @@ in
uptermd = handleTest ./uptermd.nix {};
usbguard = handleTest ./usbguard.nix {};
user-activation-scripts = handleTest ./user-activation-scripts.nix {};
+ user-home-mode = handleTest ./user-home-mode.nix {};
uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {};
diff --git a/nixos/tests/mosquitto.nix b/nixos/tests/mosquitto.nix
index 36cc8e3e3d9b..d516d3373d9f 100644
--- a/nixos/tests/mosquitto.nix
+++ b/nixos/tests/mosquitto.nix
@@ -4,6 +4,7 @@ let
port = 1888;
tlsPort = 1889;
anonPort = 1890;
+ bindTestPort = 1891;
password = "VERY_secret";
hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw==";
topic = "test/foo";
@@ -125,6 +126,10 @@ in {
};
};
}
+ {
+ settings.bind_interface = "eth0";
+ port = bindTestPort;
+ }
];
};
};
@@ -134,6 +139,8 @@ in {
};
testScript = ''
+ import json
+
def mosquitto_cmd(binary, user, topic, port):
return (
"mosquitto_{} "
@@ -162,6 +169,27 @@ in {
start_all()
server.wait_for_unit("mosquitto.service")
+ with subtest("bind_interface"):
+ addrs = dict()
+ for iface in json.loads(server.succeed("ip -json address show")):
+ for addr in iface['addr_info']:
+ # don't want to deal with multihoming here
+ assert addr['local'] not in addrs
+ addrs[addr['local']] = (iface['ifname'], addr['family'])
+
+ # mosquitto grabs *one* random address per type for bind_interface
+ (has4, has6) = (False, False)
+ for line in server.succeed("ss -HlptnO sport = ${toString bindTestPort}").splitlines():
+ items = line.split()
+ if "mosquitto" not in items[5]: continue
+ listener = items[3].rsplit(':', maxsplit=1)[0].strip('[]')
+ assert listener in addrs
+ assert addrs[listener][0] == "eth0"
+ has4 |= addrs[listener][1] == 'inet'
+ has6 |= addrs[listener][1] == 'inet6'
+ assert has4
+ assert has6
+
with subtest("check passwords"):
client1.succeed(publish("-m test", "password_store"))
client1.succeed(publish("-m test", "password_file"))
diff --git a/nixos/tests/user-home-mode.nix b/nixos/tests/user-home-mode.nix
new file mode 100644
index 000000000000..1366d102a99b
--- /dev/null
+++ b/nixos/tests/user-home-mode.nix
@@ -0,0 +1,27 @@
+import ./make-test-python.nix ({ lib, ... }: {
+ name = "user-home-mode";
+ meta = with lib.maintainers; { maintainers = [ fbeffa ]; };
+
+ nodes.machine = {
+ users.users.alice = {
+ initialPassword = "pass1";
+ isNormalUser = true;
+ };
+ users.users.bob = {
+ initialPassword = "pass2";
+ isNormalUser = true;
+ homeMode = "750";
+ };
+ };
+
+ testScript = ''
+ machine.wait_for_unit("multi-user.target")
+ machine.wait_for_unit("getty@tty1.service")
+ machine.wait_until_tty_matches(1, "login: ")
+ machine.send_chars("alice\n")
+ machine.wait_until_tty_matches(1, "Password: ")
+ machine.send_chars("pass1\n")
+ machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
+ machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
+ '';
+})
diff --git a/pkgs/applications/blockchains/sparrow/default.nix b/pkgs/applications/blockchains/sparrow/default.nix
new file mode 100644
index 000000000000..662164a9f6f3
--- /dev/null
+++ b/pkgs/applications/blockchains/sparrow/default.nix
@@ -0,0 +1,232 @@
+{ stdenv
+, lib
+, makeWrapper
+, fetchurl
+, makeDesktopItem
+, copyDesktopItems
+, autoPatchelfHook
+, openjdk17
+, gtk3
+, gsettings-desktop-schemas
+, writeScript
+, bash
+, gnugrep
+, tor
+, zlib
+, openimajgrabber
+, hwi
+, imagemagick
+}:
+
+let
+ pname = "sparrow";
+ version = "1.6.4";
+
+ src = fetchurl {
+ url = "https://github.com/sparrowwallet/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
+ sha256 = "1wdibpbhv3g6qk42ddfc5vyqkkwprczy45w5wi115qg3g1rf1in7";
+ };
+
+ launcher = writeScript "sparrow" ''
+ #! ${bash}/bin/bash
+ params=(
+ --module-path @out@/lib:@jdkModules@/modules
+ --add-opens javafx.graphics/com.sun.javafx.css=org.controlsfx.controls
+ --add-opens javafx.graphics/javafx.scene=org.controlsfx.controls
+ --add-opens javafx.controls/com.sun.javafx.scene.control.behavior=org.controlsfx.controls
+ --add-opens javafx.controls/com.sun.javafx.scene.control.inputmap=org.controlsfx.controls
+ --add-opens javafx.graphics/com.sun.javafx.scene.traversal=org.controlsfx.controls
+ --add-opens javafx.base/com.sun.javafx.event=org.controlsfx.controls
+ --add-opens javafx.controls/javafx.scene.control.cell=com.sparrowwallet.sparrow
+ --add-opens org.controlsfx.controls/impl.org.controlsfx.skin=com.sparrowwallet.sparrow
+ --add-opens org.controlsfx.controls/impl.org.controlsfx.skin=javafx.fxml
+ --add-opens javafx.graphics/com.sun.javafx.tk=centerdevice.nsmenufx
+ --add-opens javafx.graphics/com.sun.javafx.tk.quantum=centerdevice.nsmenufx
+ --add-opens javafx.graphics/com.sun.glass.ui=centerdevice.nsmenufx
+ --add-opens javafx.controls/com.sun.javafx.scene.control=centerdevice.nsmenufx
+ --add-opens javafx.graphics/com.sun.javafx.menu=centerdevice.nsmenufx
+ --add-opens javafx.graphics/com.sun.glass.ui=com.sparrowwallet.sparrow
+ --add-opens javafx.graphics/com.sun.javafx.application=com.sparrowwallet.sparrow
+ --add-opens java.base/java.net=com.sparrowwallet.sparrow
+ --add-opens java.base/java.io=com.google.gson
+ --add-reads com.sparrowwallet.merged.module=java.desktop
+ --add-reads com.sparrowwallet.merged.module=java.sql
+ --add-reads com.sparrowwallet.merged.module=com.sparrowwallet.sparrow
+ --add-reads com.sparrowwallet.merged.module=logback.classic
+ --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.databind
+ --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.annotation
+ --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.core
+ --add-reads com.sparrowwallet.merged.module=co.nstant.in.cbor
+ -m com.sparrowwallet.sparrow
+ )
+
+ XDG_DATA_DIRS=${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}:${gtk3}/share/gsettings-schemas/${gtk3.name}:$XDG_DATA_DIRS ${openjdk17}/bin/java ''${params[@]} $@
+ '';
+
+ torWrapper = writeScript "tor-wrapper" ''
+ #! ${bash}/bin/bash
+
+ exec ${tor}/bin/tor "$@"
+ '';
+
+ jdk-modules = stdenv.mkDerivation {
+ name = "jdk-modules";
+ nativeBuildInputs = [ openjdk17 ];
+ dontUnpack = true;
+
+ buildPhase = ''
+ # Extract the JDK's JIMAGE and generate a list of modules.
+ mkdir modules
+ pushd modules
+ jimage extract ${openjdk17}/lib/openjdk/lib/modules
+ ls | xargs -d " " -- echo > ../manifest.txt
+ popd
+ '';
+
+ installPhase = ''
+ mkdir -p $out
+ cp manifest.txt $out/
+ cp -r modules/ $out/
+ '';
+ };
+
+ sparrow-modules = stdenv.mkDerivation {
+ pname = "sparrow-modules";
+ inherit version src;
+ nativeBuildInputs = [ makeWrapper gnugrep openjdk17 autoPatchelfHook stdenv.cc.cc.lib zlib ];
+
+ buildPhase = ''
+ # Extract Sparrow's JIMAGE and generate a list of them.
+ mkdir modules
+ pushd modules
+ jimage extract ../lib/runtime/lib/modules
+
+ # Delete JDK modules
+ cat ${jdk-modules}/manifest.txt | xargs -I {} -- rm -fR {}
+
+ # Delete unneeded native libs.
+
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/freebsd-x86-64
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/freebsd-x86
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-aarch64
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-arm
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-armel
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-mips64el
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-ppc
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-ppc64le
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-s390x
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-x86
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/openbsd-x86-64
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/openbsd-x86
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-sparc
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-sparcv9
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-x86-64
+ rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-x86
+ rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_armel
+ rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_armhf
+ rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x86
+ rm com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x64/OpenIMAJGrabber.so
+ rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_arm32_armel
+ rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_armel
+ rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_armhf
+ rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_x86
+ rm -fR com.nativelibs4java.bridj/org/bridj/lib/sunos_x64
+ rm -fR com.nativelibs4java.bridj/org/bridj/lib/sunos_x86
+ rm -fR com.sparrowwallet.merged.module/linux-aarch64
+ rm -fR com.sparrowwallet.merged.module/linux-arm
+ rm -fR com.sparrowwallet.merged.module/linux-x86
+ rm com.sparrowwallet.sparrow/native/linux/x64/hwi
+
+ ls | xargs -d " " -- echo > ../manifest.txt
+ find . | grep "\.so$" | xargs -- chmod ugo+x
+ popd
+
+ # Replace the embedded Tor binary (which is in a Tar archive)
+ # with one from Nixpkgs.
+ cp ${torWrapper} ./tor
+ tar -cJf tor.tar.xz tor
+ cp tor.tar.xz modules/netlayer.jpms/native/linux/x64/tor.tar.xz
+ '';
+
+ installPhase = ''
+ mkdir -p $out
+ cp manifest.txt $out/
+ cp -r modules/ $out/
+ ln -s ${openimajgrabber}/lib/OpenIMAJGrabber.so $out/modules/com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x64/OpenIMAJGrabber.so
+ ln -s ${hwi}/bin/hwi $out/modules/com.sparrowwallet.sparrow/native/linux/x64/hwi
+ '';
+ };
+
+ # To use the udev rules for connected hardware wallets,
+ # add "pkgs.sparrow" to "services.udev.packages" and add user accounts to the user group "plugdev".
+ udev-rules = stdenv.mkDerivation {
+ name = "sparrow-udev";
+
+ src = let version = "2.0.2"; in
+ fetchurl {
+ url = "https://github.com/bitcoin-core/HWI/releases/download/${version}/hwi-${version}.tar.gz";
+ sha256 = "sha256-di1fRsMbwpHcBFNTCVivfxpwhUoUKLA3YTnJxKq/jHM=";
+ };
+
+ installPhase = ''
+ mkdir -p $out/etc/udev/rules.d
+ cp -a hwilib/udev/* $out/etc/udev/rules.d
+ rm $out/etc/udev/rules.d/README.md
+ '';
+ };
+in
+stdenv.mkDerivation rec {
+ inherit pname version src;
+ nativeBuildInputs = [ makeWrapper copyDesktopItems ];
+
+ desktopItems = [
+ (makeDesktopItem {
+ name = "Sparrow";
+ exec = pname;
+ icon = pname;
+ desktopName = "Sparrow Bitcoin Wallet";
+ genericName = "Bitcoin Wallet";
+ categories = [ "Finance" ];
+ })
+ ];
+
+ sparrow-icons = stdenv.mkDerivation {
+ inherit version src;
+ pname = "sparrow-icons";
+ nativeBuildInputs = [ imagemagick ];
+
+ installPhase = ''
+ for n in 16 24 32 48 64 96 128 256; do
+ size=$n"x"$n
+ mkdir -p $out/hicolor/$size/apps
+ convert lib/Sparrow.png -resize $size $out/hicolor/$size/apps/sparrow.png
+ done;
+ '';
+ };
+
+ installPhase = ''
+ runHook preInstall
+
+ mkdir -p $out/bin $out
+ ln -s ${sparrow-modules}/modules $out/lib
+ install -D -m 777 ${launcher} $out/bin/sparrow
+ substituteAllInPlace $out/bin/sparrow
+ substituteInPlace $out/bin/sparrow --subst-var-by jdkModules ${jdk-modules}
+
+ mkdir -p $out/share/icons
+ ln -s ${sparrow-icons}/hicolor $out/share/icons
+
+ mkdir -p $out/etc/udev
+ ln -s ${udev-rules}/etc/udev/rules.d $out/etc/udev/rules.d
+
+ runHook postInstall
+ '';
+
+ meta = with lib; {
+ description = "A modern desktop Bitcoin wallet application supporting most hardware wallets and built on common standards such as PSBT, with an emphasis on transparency and usability.";
+ homepage = "https://sparrowwallet.com";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ emmanuelrosa _1000101 ];
+ platforms = [ "x86_64-linux" ];
+ };
+}
diff --git a/pkgs/applications/blockchains/sparrow/openimajgrabber.nix b/pkgs/applications/blockchains/sparrow/openimajgrabber.nix
new file mode 100644
index 000000000000..0bf642d49d1c
--- /dev/null
+++ b/pkgs/applications/blockchains/sparrow/openimajgrabber.nix
@@ -0,0 +1,40 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, libv4l
+}:
+stdenv.mkDerivation rec {
+ pname = "openimajgrabber";
+ version = "1.3.10";
+
+ src = fetchFromGitHub {
+ owner = "openimaj";
+ repo = "openimaj";
+ rev = "openimaj-${version}";
+ sha256 = "sha256-Y8707ovE7f6Fk3cJ+PtwvzNpopgH5vlF55m2Xm4hjYM=";
+ };
+
+ buildInputs = [ libv4l ];
+
+ # These build instructions come from build.sh
+ buildPhase = ''
+ pushd hardware/core-video-capture/src-native/linux
+ g++ -fPIC -g -c OpenIMAJGrabber.cpp
+ g++ -fPIC -g -c capture.cpp
+ g++ -shared -Wl,-soname,OpenIMAJGrabber.so -o OpenIMAJGrabber.so OpenIMAJGrabber.o capture.o -lv4l2 -lrt -lv4lconvert
+ popd
+ '';
+
+ installPhase = ''
+ mkdir -p $out/lib
+ cp hardware/core-video-capture/src-native/linux/OpenIMAJGrabber.so $out/lib
+ '';
+
+ meta = with lib; {
+ description = "A collection of libraries and tools for multimedia (images, text, video, audio, etc.) content analysis and content generation. This package only builds the OpenIMAJGrabber for Linux.";
+ homepage = "http://www.openimaj.org";
+ license = licenses.bsd0;
+ maintainers = with maintainers; [ emmanuelrosa _1000101 ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/graphics/scantailor/advanced.nix b/pkgs/applications/graphics/scantailor/advanced.nix
index 048b8b56fc08..11ddc7c7db3f 100644
--- a/pkgs/applications/graphics/scantailor/advanced.nix
+++ b/pkgs/applications/graphics/scantailor/advanced.nix
@@ -4,21 +4,21 @@
mkDerivation rec {
pname = "scantailor-advanced";
- version = "1.0.16";
+ version = "1.0.18";
src = fetchFromGitHub {
- owner = "4lex4";
+ owner = "vigri";
repo = "scantailor-advanced";
rev = "v${version}";
- sha256 = "0lc9lzbpiy5hgimyhl4s4q67pb9gacpy985gl6iy8pl79zxhmcyp";
+ sha256 = "sha256-4/QSjgHvRgIduS/AXbT7osRTdOdgR7On3CbjRnGbwHU=";
};
nativeBuildInputs = [ cmake qttools ];
buildInputs = [ libjpeg libpng libtiff boost qtbase ];
meta = with lib; {
- homepage = "https://github.com/4lex4/scantailor-advanced";
- description = "Interactive post-processing tool for scanned pages";
+ homepage = "https://github.com/vigri/scantailor-advanced";
+ description = "Interactive post-processing tool for scanned pages (vigri's fork)";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ jfrankenau ];
platforms = with platforms; gnu ++ linux ++ darwin;
diff --git a/pkgs/development/libraries/gecode/default.nix b/pkgs/development/libraries/gecode/default.nix
index fc9835d85db5..fe13c893480c 100644
--- a/pkgs/development/libraries/gecode/default.nix
+++ b/pkgs/development/libraries/gecode/default.nix
@@ -1,4 +1,15 @@
-{ lib, stdenv, fetchFromGitHub, bison, flex, perl, gmp, mpfr, enableGist ? true, qtbase }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, bison
+, flex
+, perl
+, gmp
+, mpfr
+, qtbase
+, enableGist ? true
+}:
stdenv.mkDerivation rec {
pname = "gecode";
@@ -11,6 +22,15 @@ stdenv.mkDerivation rec {
sha256 = "0b1cq0c810j1xr2x9y9996p894571sdxng5h74py17c6nr8c6dmk";
};
+ patches = [
+ # https://github.com/Gecode/gecode/pull/74
+ (fetchpatch {
+ name = "fix-const-weights-clang.patch";
+ url = "https://github.com/Gecode/gecode/commit/c810c96b1ce5d3692e93439f76c4fa7d3daf9fbb.patch";
+ sha256 = "0270msm22q5g5sqbdh8kmrihlxnnxqrxszk9a49hdxd72736p4fc";
+ })
+ ];
+
enableParallelBuilding = true;
dontWrapQtApps = true;
nativeBuildInputs = [ bison flex ];
diff --git a/pkgs/development/python-modules/lektor/default.nix b/pkgs/development/python-modules/lektor/default.nix
index 4688b7394cc3..0c0c5c108a46 100644
--- a/pkgs/development/python-modules/lektor/default.nix
+++ b/pkgs/development/python-modules/lektor/default.nix
@@ -62,7 +62,6 @@ buildPythonPackage rec {
checkInputs = [
pytest-click
pytest-mock
- pytest-pylint
pytestCheckHook
];
diff --git a/pkgs/development/python-modules/pamqp/default.nix b/pkgs/development/python-modules/pamqp/default.nix
index 1785a8593102..a367a180807d 100644
--- a/pkgs/development/python-modules/pamqp/default.nix
+++ b/pkgs/development/python-modules/pamqp/default.nix
@@ -1,28 +1,46 @@
{ lib
, buildPythonPackage
-, fetchPypi
-, mock
-, nose
-, pep8
-, pylint
-, mccabe
+, pythonOlder
+, fetchFromGitHub
+, pytestCheckHook
}:
buildPythonPackage rec {
version = "3.1.0";
pname = "pamqp";
- src = fetchPypi {
- inherit pname version;
- sha256 = "e4f0886d72c6166637a5513626148bf5a7e818073a558980e9aaed8b4ccf30da";
+ disabled = pythonOlder "3.7";
+
+ format = "setuptools";
+
+ src = fetchFromGitHub {
+ owner = "gmr";
+ repo = "pamqp";
+ rev = version;
+ hash = "sha256-qiYfQsyYvG6pyRFDt3pyYKNNWNP88maj+VAeGD68OmY=";
};
- buildInputs = [ mock nose pep8 pylint mccabe ];
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ pythonImportsCheck = [
+ "pamqp.base"
+ "pamqp.body"
+ "pamqp.commands"
+ "pamqp.common"
+ "pamqp.decode"
+ "pamqp.encode"
+ "pamqp.exceptions"
+ "pamqp.frame"
+ "pamqp.header"
+ "pamqp.heartbeat"
+ ];
meta = with lib; {
description = "RabbitMQ Focused AMQP low-level library";
- homepage = "https://pypi.python.org/pypi/pamqp";
+ homepage = "https://github.com/gmr/pamqp";
license = licenses.bsd3;
+ maintainers = with maintainers; [ dotlambda ];
};
-
}
diff --git a/pkgs/development/python-modules/pulumi-aws/default.nix b/pkgs/development/python-modules/pulumi-aws/default.nix
new file mode 100644
index 000000000000..1b6eed0d31a6
--- /dev/null
+++ b/pkgs/development/python-modules/pulumi-aws/default.nix
@@ -0,0 +1,44 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, fetchpatch
+, pulumi
+, parver
+, semver
+, isPy27
+}:
+
+buildPythonPackage rec {
+ pname = "pulumi-aws";
+ # version is independant of pulumi's.
+ version = "5.3.0";
+ disabled = isPy27;
+
+ src = fetchFromGitHub {
+ owner = "pulumi";
+ repo = "pulumi-aws";
+ rev = "v${version}";
+ sha256 = "sha256-LrWiNYJeQQvXJDOxklRO86VSiaadvkOepQVPhh2BBkk=";
+ };
+
+ propagatedBuildInputs = [
+ pulumi
+ parver
+ semver
+ ];
+
+ postPatch = ''
+ cd sdk/python
+ '';
+
+ # checks require cloud resources
+ doCheck = false;
+ pythonImportsCheck = ["pulumi_aws"];
+
+ meta = with lib; {
+ description = "Pulumi python amazon web services provider";
+ homepage = "https://github.com/pulumi/pulumi-aws";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ costrouc ];
+ };
+}
diff --git a/pkgs/development/python-modules/pulumi/default.nix b/pkgs/development/python-modules/pulumi/default.nix
new file mode 100644
index 000000000000..e38157c69071
--- /dev/null
+++ b/pkgs/development/python-modules/pulumi/default.nix
@@ -0,0 +1,89 @@
+{ lib
+, buildPythonPackage
+, fetchpatch
+, fetchFromGitHub
+, protobuf
+, dill
+, grpcio
+, pulumi-bin
+, isPy27
+, semver
+, pyyaml
+, six
+
+
+# for tests
+, tox
+, go
+, pulumictl
+, bash
+, pylint
+, pytest
+, pytest-timeout
+, coverage
+, black
+, wheel
+, pytest-asyncio
+
+, mypy
+}:
+let
+ data = import ./data.nix {};
+in
+buildPythonPackage rec {
+ pname = "pulumi";
+ version = pulumi-bin.version;
+ disabled = isPy27;
+
+ src = fetchFromGitHub {
+ owner = "pulumi";
+ repo = "pulumi";
+ rev = "v${pulumi-bin.version}";
+ sha256 = "sha256-vqEZEHTpJV65a3leWwYhyi3dzAsN67BXOvk5hnTPeuI=";
+ };
+
+ propagatedBuildInputs = [
+ semver
+ protobuf
+ dill
+ grpcio
+ pyyaml
+ six
+ ];
+
+ checkInputs = [
+ pulumi-bin
+ pulumictl
+ mypy
+ bash
+ go
+ tox
+ pytest
+ pytest-timeout
+ coverage
+ pytest-asyncio
+ wheel
+ black
+ ];
+
+ pythonImportsCheck = ["pulumi"];
+
+ postPatch = ''
+ cp README.md sdk/python/lib
+ patchShebangs .
+ cd sdk/python/lib
+
+ substituteInPlace setup.py \
+ --replace "{VERSION}" "${version}"
+ '';
+
+ # disabled because tests try to fetch go packages from the net
+ doCheck = false;
+
+ meta = with lib; {
+ description = "Modern Infrastructure as Code. Any cloud, any language";
+ homepage = "https://github.com/pulumi/pulumi";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ teto ];
+ };
+}
diff --git a/pkgs/development/python-modules/pytile/default.nix b/pkgs/development/python-modules/pytile/default.nix
index a94201b037d4..b64418226d06 100644
--- a/pkgs/development/python-modules/pytile/default.nix
+++ b/pkgs/development/python-modules/pytile/default.nix
@@ -4,7 +4,6 @@
, buildPythonPackage
, fetchFromGitHub
, poetry-core
-, pylint
, pytest-aiohttp
, pytest-asyncio
, pytestCheckHook
@@ -31,7 +30,6 @@ buildPythonPackage rec {
propagatedBuildInputs = [
aiohttp
- pylint
];
checkInputs = [
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 14d5e29c372a..dad537a1564d 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -688,7 +688,7 @@ stdenv.mkDerivation {
# runtime; otherwise we can't and we need to reboot.
interfaceVersion = 2;
- inherit withCryptsetup util-linux kmod kbd;
+ inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withTimedated util-linux kmod kbd;
tests = {
inherit (nixosTests) switchTest;
diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix
index ff5c69b04fb8..b23b9bc32520 100644
--- a/pkgs/servers/home-assistant/default.nix
+++ b/pkgs/servers/home-assistant/default.nix
@@ -282,9 +282,6 @@ in python.pkgs.buildPythonApplication rec {
respx
stdlib-list
tqdm
- # required by tests/pylint
- astroid
- pylint
# required by tests/auth/mfa_modules
pyotp
] ++ lib.concatMap (component: getPackages component python.pkgs) [
@@ -308,6 +305,8 @@ in python.pkgs.buildPythonApplication rec {
];
disabledTestPaths = [
+ # we don't care about code quality
+ "tests/pylint"
# don't bulk test all components
"tests/components"
# pyotp since v2.4.0 complains about the short mock keys, hass pins v2.3.0
diff --git a/pkgs/tools/admin/pulumi/update-pulumi-shell.nix b/pkgs/tools/admin/pulumi/update-pulumi-shell.nix
new file mode 100644
index 000000000000..cf69e640550d
--- /dev/null
+++ b/pkgs/tools/admin/pulumi/update-pulumi-shell.nix
@@ -0,0 +1,8 @@
+{ nixpkgs ? import ../../../.. { } }:
+with nixpkgs;
+mkShell {
+ packages = [
+ pkgs.gh
+ ];
+}
+
diff --git a/pkgs/tools/admin/pulumi/update.sh b/pkgs/tools/admin/pulumi/update.sh
index fadc64cf1dfe..1097759c3bd6 100755
--- a/pkgs/tools/admin/pulumi/update.sh
+++ b/pkgs/tools/admin/pulumi/update.sh
@@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
-#!nix-shell -i bash -p gh
+#!nix-shell update-pulumi-shell.nix -i bash
# shellcheck shell=bash
# Bash 3 compatible for Darwin
diff --git a/pkgs/tools/filesystems/yandex-disk/default.nix b/pkgs/tools/filesystems/yandex-disk/default.nix
index e837350abd6f..4b8de7402a62 100644
--- a/pkgs/tools/filesystems/yandex-disk/default.nix
+++ b/pkgs/tools/filesystems/yandex-disk/default.nix
@@ -4,21 +4,26 @@ let
p = if stdenv.is64bit then {
arch = "x86_64";
gcclib = "${stdenv.cc.cc.lib}/lib64";
- sha256 = "e4f579963199f05476657f0066beaa32d1261aef2203382f3919e1ed4bc4594e";
+ sha256 = "sha256-HH/pLZmDr6m/B3e6MHafDGnNWR83oR2y1ijVMR/LOF0=";
+ webarchive = "20220519080155";
}
else {
arch = "i386";
gcclib = "${stdenv.cc.cc.lib}/lib";
- sha256 = "69113bf33ba0c57a363305b76361f2866c3b8394b173eed0f49db1f50bfe0373";
+ sha256 = "sha256-28dmdnJf+qh9r3F0quwlYXB/UqcOzcHzuzFq8vt2bf0=";
+ webarchive = "20220519080430";
};
in
stdenv.mkDerivation rec {
pname = "yandex-disk";
- version = "0.1.6.1074";
+ version = "0.1.6.1080";
src = fetchurl {
- url = "https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm";
+ urls = [
+ "https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm"
+ "https://web.archive.org/web/${p.webarchive}/https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm"
+ ];
sha256 = p.sha256;
};
diff --git a/pkgs/tools/networking/isync/default.nix b/pkgs/tools/networking/isync/default.nix
index e26526dc68d5..8e21ccee1084 100644
--- a/pkgs/tools/networking/isync/default.nix
+++ b/pkgs/tools/networking/isync/default.nix
@@ -29,5 +29,6 @@ stdenv.mkDerivation rec {
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ primeos lheckemann ];
+ mainProgram = "mbsync";
};
}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0e70449d99ba..e58cebb445d3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10424,6 +10424,10 @@ with pkgs;
sozu = callPackage ../servers/sozu { };
+ sparrow = callPackage ../applications/blockchains/sparrow {
+ openimajgrabber = callPackage ../applications/blockchains/sparrow/openimajgrabber.nix {};
+ };
+
sparsehash = callPackage ../development/libraries/sparsehash { };
spectre-meltdown-checker = callPackage ../tools/security/spectre-meltdown-checker { };
@@ -29363,7 +29367,7 @@ with pkgs;
scantailor = callPackage ../applications/graphics/scantailor { };
- scantailor-advanced = libsForQt514.callPackage ../applications/graphics/scantailor/advanced.nix { };
+ scantailor-advanced = libsForQt515.callPackage ../applications/graphics/scantailor/advanced.nix { };
sc-im = callPackage ../applications/misc/sc-im { };
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index dd21231dfecd..7262b18c944b 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1105,6 +1105,10 @@ in {
babelgladeextractor = callPackage ../development/python-modules/babelgladeextractor { };
+ pulumi = callPackage ../development/python-modules/pulumi { };
+
+ pulumi-aws = callPackage ../development/python-modules/pulumi-aws { };
+
backcall = callPackage ../development/python-modules/backcall { };
backoff = callPackage ../development/python-modules/backoff { };