b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into staging-next

Browse source
This commit is contained in:
Vladimír Čunát 2023-02-08 21:50:23 +01:00
parent ef5aa34f4c ca42235b6e
commit 1e42908aa7
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
217 changed files with 3838 additions and 4238 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/contributing/coding-conventions.chapter.md
View file

@ -204,13 +204,13 @@ The key words _must_, _must not_, _required_, _shall_, _shall not_, _should_, _s
In Nixpkgs, there are generally three different names associated with a package:
- The `name` attribute of the derivation (excluding the version part). This is what most users see, in particular when using `nix-env`.
- The `pname` attribute of the derivation. This is what most users see, in particular when using `nix-env`.
- The variable name used for the instantiated package in `all-packages.nix`, and when passing it as a dependency to other functions. Typically this is called the _package attribute name_. This is what Nix expression authors see. It can also be used when installing using `nix-env -iA`.
- The filename for (the directory containing) the Nix expression.
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `name` attribute `"e2fsprogs-version"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
Most of the time, these are the same. For instance, the package `e2fsprogs` has a `pname` attribute `"e2fsprogs"`, is bound to the variable name `e2fsprogs` in `all-packages.nix`, and the Nix expression is in `pkgs/os-specific/linux/e2fsprogs/default.nix`.
There are a few naming guidelines:

35
nixos/doc/manual/default.nix
View file

@ -21,6 +21,8 @@ let
withManOptDedupPatch = true;
};
manpageUrls = pkgs.path + "/doc/manpage-urls.json";
# We need to strip references to /nix/store/* from options,
# including any `extraSources` if some modules came from elsewhere,
# or else the build will fail.
@ -72,7 +74,7 @@ let
nativeBuildInputs = [ pkgs.nixos-render-docs ];
} ''
nixos-render-docs manual docbook \
--manpage-urls ${pkgs.path + "/doc/manpage-urls.json"} \
--manpage-urls ${manpageUrls} \
"$out" \
--section \
--section-id modules \
@ -255,9 +257,12 @@ in rec {
manpages = runCommand "nixos-manpages"
{ inherit sources;
nativeBuildInputs = [
buildPackages.installShellFiles
] ++ lib.optionals allowDocBook [
buildPackages.libxml2.bin
buildPackages.libxslt.bin
buildPackages.installShellFiles
] ++ lib.optionals (! allowDocBook) [
buildPackages.nixos-render-docs
];
allowedReferences = ["out"];
}
@ -265,14 +270,24 @@ in rec {
# Generate manpages.
mkdir -p $out/share/man/man8
installManPage ${./manpages}/*
xsltproc --nonet \
--maxdepth 6000 \
--param man.output.in.separate.dir 1 \
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
--param man.break.after.slash 1 \
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
${manual-combined}/man-pages-combined.xml
${if allowDocBook
then ''
xsltproc --nonet \
--maxdepth 6000 \
--param man.output.in.separate.dir 1 \
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
--param man.break.after.slash 1 \
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
${manual-combined}/man-pages-combined.xml
''
else ''
mkdir -p $out/share/man/man5
nixos-render-docs options manpage \
--revision ${lib.escapeShellArg revision} \
${optionsJSON}/share/doc/nixos/options.json \
$out/share/man/man5/configuration.nix.5
''}
'';
}

4
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
View file

@ -577,8 +577,8 @@
</listitem>
<listitem>
<para>
<literal>services.openssh.cyphers</literal> to
<literal>services.openssh.settings.Cyphers</literal>
<literal>services.openssh.ciphers</literal> to
<literal>services.openssh.settings.Ciphers</literal>
</para>
</listitem>
<listitem>

2
nixos/doc/manual/release-notes/rl-2305.section.md
View file

@ -137,7 +137,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.openssh.logLevel` to `services.openssh.settings.LogLevel`
- `services.openssh.kexAlgorithms` to `services.openssh.settings.KexAlgorithms`
- `services.openssh.macs` to `services.openssh.settings.Macs`
- `services.openssh.cyphers` to `services.openssh.settings.Cyphers`
- `services.openssh.ciphers` to `services.openssh.settings.Ciphers`
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.

2
nixos/lib/make-options-doc/default.nix
View file

@ -78,7 +78,7 @@ let
title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path);
in ''
- [`${lib.optionalString (title != null) "${title} aka "}pkgs.${name}`](
- [${lib.optionalString (title != null) "${title} aka "}`pkgs.${name}`](
https://search.nixos.org/packages?show=${name}&sort=relevance&query=${name}
)${
lib.optionalString (args ? comment) "\n\n ${args.comment}"

2
nixos/modules/config/stevenblack.nix
View file

@ -15,7 +15,7 @@ let
in
{
options.networking.stevenblack = {
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist.");
enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist");
block = mkOption {
type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]);

4
nixos/modules/programs/k3b.nix
View file

@ -28,7 +28,7 @@ with lib;
k3b
dvdplusrwtools
cdrdao
cdrkit
cdrtools
];
security.wrappers = {
@ -44,7 +44,7 @@ with lib;
owner = "root";
group = "cdrom";
permissions = "u+wrx,g+x";
source = "${pkgs.cdrkit}/bin/cdrecord";
source = "${pkgs.cdrtools}/bin/cdrecord";
};
};

2
nixos/modules/programs/proxychains.nix
View file

@ -86,7 +86,7 @@ in {
description = lib.mdDoc "Proxy DNS requests - no leak for DNS data.";
};
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library).");
quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library)");
remoteDNSSubnet = mkOption {
type = types.enum [ 10 127 224 ];

2
nixos/modules/security/polkit.nix
View file

@ -14,7 +14,7 @@ in
security.polkit.enable = mkEnableOption (lib.mdDoc "polkit");
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions.");
security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions");
security.polkit.extraConfig = mkOption {
type = types.lines;

2
nixos/modules/services/backup/zfs-replication.nix
View file

@ -9,7 +9,7 @@ let
in {
options = {
services.zfs.autoReplication = {
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication.");
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication");
followDelete = mkOption {
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent.";

2
nixos/modules/services/cluster/kubernetes/addon-manager.nix
View file

@ -62,7 +62,7 @@ in
'';
};
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager.");
enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager");
};
###### implementation

2
nixos/modules/services/cluster/kubernetes/kubelet.nix
View file

@ -146,7 +146,7 @@ in
default = "unix:///run/containerd/containerd.sock";
};
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet.");
enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet");
extraOpts = mkOption {
description = lib.mdDoc "Kubernetes kubelet extra command line options.";

4
nixos/modules/services/desktops/gnome/evolution-data-server.nix
View file

@ -27,7 +27,7 @@ with lib;
options = {
services.gnome.evolution-data-server = {
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars.");
enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars");
plugins = mkOption {
type = types.listOf types.package;
default = [ ];
@ -35,7 +35,7 @@ with lib;
};
};
programs.evolution = {
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.");
enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality");
plugins = mkOption {
type = types.listOf types.package;
default = [ ];

2
nixos/modules/services/development/zammad.nix
View file

@ -28,7 +28,7 @@ in
options = {
services.zammad = {
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution.");
enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution");
package = mkOption {
type = types.package;

2
nixos/modules/services/games/freeciv.nix
View file

@ -54,7 +54,7 @@ in
default = 0;
description = lib.mdDoc "Set debug log level.";
};
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends.");
options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends");
options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled");
options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled");
options.port = mkOption {

2
nixos/modules/services/hardware/udisks2.nix
View file

@ -19,7 +19,7 @@ in
services.udisks2 = {
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices.");
enable = mkEnableOption (lib.mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices");
settings = mkOption rec {
type = types.attrsOf settingsFormat.type;

14
nixos/modules/services/mail/dovecot.nix
View file

@ -171,11 +171,11 @@ in
options.services.dovecot2 = {
enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server");
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled).");
enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled)");
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled).") // { default = true; };
enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled)") // { default = true; };
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled).");
enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled)");
protocols = mkOption {
type = types.listOf types.str;
@ -300,9 +300,9 @@ in
description = lib.mdDoc "Path to the server's private key.";
};
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins.") // { default = true; };
enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; };
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange.") // { default = true; };
enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange") // { default = true; };
sieveScripts = mkOption {
type = types.attrsOf types.path;
@ -310,7 +310,7 @@ in
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
};
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW).");
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)");
mailboxes = mkOption {
type = with types; coercedTo
@ -326,7 +326,7 @@ in
description = lib.mdDoc "Configure mailboxes and auto create or subscribe them.";
};
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service.");
enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service");
quotaPort = mkOption {
type = types.str;

2
nixos/modules/services/misc/atuin.nix
View file

@ -8,7 +8,7 @@ in
{
options = {
services.atuin = {
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin.");
enable = mkEnableOption (mdDoc "Enable server for shell history sync with atuin");
openRegistration = mkOption {
type = types.bool;

2
nixos/modules/services/misc/input-remapper.nix
View file

@ -6,7 +6,7 @@ let cfg = config.services.input-remapper; in
{
options = {
services.input-remapper = {
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons.");
enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons");
package = mkPackageOptionMD pkgs "input-remapper" { };
enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140");
serviceWantedBy = mkOption {

2
nixos/modules/services/misc/sourcehut/default.nix
View file

@ -438,7 +438,7 @@ in
};
options."lists.sr.ht" = commonServiceSettings "lists" // {
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists.");
allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists");
notify-from = mkOption {
description = lib.mdDoc "Outgoing email for notifications generated by users.";
type = types.str;

2
nixos/modules/services/monitoring/mackerel-agent.nix
View file

@ -11,7 +11,7 @@ in {
# the upstream package runs as root, but doesn't seem to be strictly
# necessary for basic functionality
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root.");
runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root");
autoRetirement = mkEnableOption (lib.mdDoc ''
Whether to automatically retire the host upon OS shutdown.

6
nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix
View file

@ -24,9 +24,9 @@ in {
inherit (options.services.unpoller.unifi) controllers;
inherit (options.services.unpoller) loki;
log = {
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs.");
quiet = mkEnableOption (lib.mdDoc "startup and error logs only.");
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus.");
debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs");
quiet = mkEnableOption (lib.mdDoc "startup and error logs only");
prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus");
};
};

4
nixos/modules/services/monitoring/uptime-kuma.nix
View file

@ -11,7 +11,7 @@ in
options = {
services.uptime-kuma = {
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set.");
enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set");
package = mkOption {
type = types.package;
@ -20,7 +20,7 @@ in
description = lib.mdDoc "Uptime Kuma package to use.";
};
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications.");
appriseSupport = mkEnableOption (mdDoc "apprise support for notifications");
settings = lib.mkOption {
type = lib.types.submodule { freeformType = with lib.types; attrsOf str; };

6
nixos/modules/services/network-filesystems/moosefs.nix
View file

@ -85,7 +85,7 @@ in {
description = lib.mdDoc "Run daemons as user moosefs instead of root.";
};
client.enable = mkEnableOption (lib.mdDoc "Moosefs client.");
client.enable = mkEnableOption (lib.mdDoc "Moosefs client");
master = {
enable = mkOption {
@ -131,7 +131,7 @@ in {
};
metalogger = {
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon.");
enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon");
settings = mkOption {
type = types.submodule {
@ -149,7 +149,7 @@ in {
};
chunkserver = {
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon.");
enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon");
openFirewall = mkOption {
type = types.bool;

2
nixos/modules/services/networking/blockbook-frontend.nix
View file

@ -10,7 +10,7 @@ let
options = {
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application.");
enable = mkEnableOption (lib.mdDoc "blockbook-frontend application");
package = mkOption {
type = types.package;

2
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -106,7 +106,7 @@ in
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
(mkRenamedOptionModule [ "services" "openssh" "macs" ] [ "services" "openssh" "settings" "Macs" ])
(mkRenamedOptionModule [ "services" "openssh" "cyphers" ] [ "services" "openssh" "settings" "Cyphers" ])
(mkRenamedOptionModule [ "services" "openssh" "ciphers" ] [ "services" "openssh" "settings" "Ciphers" ])
(mkRenamedOptionModule [ "services" "openssh" "kexAlgorithms" ] [ "services" "openssh" "settings" "KexAlgorithms" ])
(mkRenamedOptionModule [ "services" "openssh" "gatewayPorts" ] [ "services" "openssh" "settings" "GatewayPorts" ])
(mkRenamedOptionModule [ "services" "openssh" "forwardX11" ] [ "services" "openssh" "settings" "X11Forwarding" ])

2
nixos/modules/services/security/kanidm.nix
View file

@ -55,7 +55,7 @@ in
options.services.kanidm = {
enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client");
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration.");
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
serverSettings = lib.mkOption {
type = lib.types.submodule {

2
nixos/modules/services/web-apps/cloudlog.nix
View file

@ -68,7 +68,7 @@ let
in
{
options.services.cloudlog = with types; {
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog.");
enable = mkEnableOption (mdDoc "Whether to enable Cloudlog");
dataDir = mkOption {
type = str;
default = "/var/lib/cloudlog";

2
nixos/modules/services/web-apps/dokuwiki.nix
View file

@ -148,7 +148,7 @@ let
];
options = {
enable = mkEnableOption (lib.mdDoc "DokuWiki web application.");
enable = mkEnableOption (lib.mdDoc "DokuWiki web application");
package = mkOption {
type = types.package;

2
nixos/modules/services/web-apps/galene.nix
View file

@ -12,7 +12,7 @@ in
{
options = {
services.galene = {
enable = mkEnableOption (lib.mdDoc "Galene Service.");
enable = mkEnableOption (lib.mdDoc "Galene Service");
stateDir = mkOption {
default = defaultstateDir;

2
nixos/modules/services/web-apps/hledger-web.nix
View file

@ -7,7 +7,7 @@ in {
enable = mkEnableOption (lib.mdDoc "hledger-web service");
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI.");
serveApi = mkEnableOption (lib.mdDoc "Serve only the JSON web API, without the web UI");
host = mkOption {
type = types.str;

2
nixos/modules/services/web-apps/jirafeau.nix
View file

@ -36,7 +36,7 @@ in
description = lib.mdDoc "Location of Jirafeau storage directory.";
};
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application.");
enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application");
extraConfig = mkOption {
type = types.lines;

2
nixos/modules/services/web-apps/limesurvey.nix
View file

@ -32,7 +32,7 @@ in
# interface
options.services.limesurvey = {
enable = mkEnableOption (lib.mdDoc "Limesurvey web application.");
enable = mkEnableOption (lib.mdDoc "Limesurvey web application");
database = {
type = mkOption {

1
nixos/modules/services/x11/desktop-managers/plasma5.nix
View file

@ -448,6 +448,7 @@ in
dolphin-plugins
ffmpegthumbs
kdegraphics-thumbnailers
pkgs.kio-admin
kio-extras
];
optionalPackages = [

4
nixos/modules/services/x11/extra-layouts.nix
View file

@ -106,9 +106,9 @@ in
description = lib.mdDoc ''
Extra custom layouts that will be included in the xkb configuration.
Information on how to create a new layout can be found here:
[](https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts).
<https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts>.
For more examples see
[](https://wiki.archlinux.org/index.php/X_KeyBoard_extension#Basic_examples)
<https://wiki.archlinux.org/index.php/X_KeyBoard_extension#Basic_examples>
'';
};

10
nixos/modules/system/boot/initrd-ssh.nix
View file

@ -128,13 +128,13 @@ in
HostKey ${initrdKeyPath path}
'')}
KexAlgorithms ${concatStringsSep "," sshdCfg.kexAlgorithms}
Ciphers ${concatStringsSep "," sshdCfg.ciphers}
MACs ${concatStringsSep "," sshdCfg.macs}
KexAlgorithms ${concatStringsSep "," sshdCfg.settings.KexAlgorithms}
Ciphers ${concatStringsSep "," sshdCfg.settings.Ciphers}
MACs ${concatStringsSep "," sshdCfg.settings.Macs}
LogLevel ${sshdCfg.logLevel}
LogLevel ${sshdCfg.settings.LogLevel}
${if sshdCfg.useDns then ''
${if sshdCfg.settings.UseDns then ''
UseDNS yes
'' else ''
UseDNS no

2
nixos/modules/system/boot/kernel.nix
View file

@ -20,7 +20,7 @@ in
###### interface
options = {
boot.kernel.enable = mkEnableOption (lib.mdDoc "the Linux kernel. This is useful for systemd-like containers which do not require a kernel.") // {
boot.kernel.enable = mkEnableOption (lib.mdDoc "the Linux kernel. This is useful for systemd-like containers which do not require a kernel") // {
default = true;
};

13
nixos/modules/system/boot/luksroot.nix
View file

@ -929,7 +929,14 @@ in
++ (if builtins.elem "xts" luks.cryptoModules then ["ecb"] else []);
# copy the cryptsetup binary and it's dependencies
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''
boot.initrd.extraUtilsCommands = let
pbkdf2-sha512 = pkgs.runCommandCC "pbkdf2-sha512" { buildInputs = [ pkgs.openssl ]; } ''
mkdir -p "$out/bin"
cc -O3 -lcrypto ${./pbkdf2-sha512.c} -o "$out/bin/pbkdf2-sha512"
strip -s "$out/bin/pbkdf2-sha512"
'';
in
mkIf (!config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup
copy_bin_and_libs ${askPass}/bin/cryptsetup-askpass
sed -i s,/bin/sh,$out/bin/sh, $out/bin/cryptsetup-askpass
@ -939,9 +946,7 @@ in
copy_bin_and_libs ${pkgs.yubikey-personalization}/bin/ykinfo
copy_bin_and_libs ${pkgs.openssl.bin}/bin/openssl
cc -O3 -I${pkgs.openssl.dev}/include -L${lib.getLib pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto
strip -s pbkdf2-sha512
copy_bin_and_libs pbkdf2-sha512
copy_bin_and_libs ${pbkdf2-sha512}/bin/pbkdf2-sha512
mkdir -p $out/etc/ssl
cp -pdv ${pkgs.openssl.out}/etc/ssl/openssl.cnf $out/etc/ssl

18
nixos/modules/tasks/filesystems/envfs.nix
View file

@ -7,11 +7,11 @@ let
device = "none";
fsType = "envfs";
options = [
"fallback-path=${pkgs.runCommand "fallback-path" {} ''
"fallback-path=${pkgs.runCommand "fallback-path" {} (''
mkdir -p $out
ln -s ${pkgs.coreutils}/bin/env $out/env
ln -s ${config.system.build.binsh}/bin/sh $out/sh
''}"
ln -s ${config.environment.usrbinenv} $out/env
ln -s ${config.environment.binsh} $out/sh
'' + cfg.extraFallbackPathCommands)}"
];
};
"/bin" = {
@ -31,11 +31,19 @@ in {
etc.
'';
};
package = lib.mkOption {
type = lib.types.package;
description = lib.mdDoc "Which package to use for the envfs.";
default = pkgs.envfs;
defaultText = lib.literalExpression "pkgs.envfs";
description = lib.mdDoc "Which package to use for the envfs.";
};
extraFallbackPathCommands = lib.mkOption {
type = lib.types.lines;
default = "";
example = "ln -s $''{pkgs.bash}/bin/bash $out/bash";
description = lib.mdDoc "Extra commands to run in the package that contains fallback executables in case not other executable is found";
};
};
};

4
pkgs/applications/audio/callaudiod/default.nix
View file

@ -11,14 +11,14 @@
stdenv.mkDerivation rec {
pname = "callaudiod";
version = "0.1.4";
version = "0.1.7";
src = fetchFromGitLab {
domain = "gitlab.com";
owner = "mobian1";
repo = pname;
rev = version;
sha256 = "sha256-71+9ALz55aqxXRBRwOcs9fwiQK31pJ9E72pGRmt0OkE=";
sha256 = "sha256-BDEu3ASlnovMK0lQC+CQvpXvtdt33BRntstPAWaAnsg=";
};
strictDeps = true;

4
pkgs/applications/audio/snapcast/default.nix
View file

@ -9,13 +9,13 @@ assert pulseaudioSupport -> libpulseaudio != null;
stdenv.mkDerivation rec {
pname = "snapcast";
version = "0.26.0";
version = "0.27.0";
src = fetchFromGitHub {
owner = "badaix";
repo = "snapcast";
rev = "v${version}";
sha256 = "sha256-CCifn9OEFM//Hk1PJj8T3MXIV8pXCTdBBXPsHuZwLyQ=";
sha256 = "sha256-dlK1xQQqst4VQjioC7MZzqXwMC+JfqtvnD5lrOqGhYI=";
};
nativeBuildInputs = [ cmake pkg-config ];

6
pkgs/applications/blockchains/erigon/default.nix
View file

@ -2,7 +2,7 @@
let
pname = "erigon";
version = "2.37.0";
version = "2.38.1";
in
buildGoModule {
inherit pname version;
@ -11,11 +11,11 @@ buildGoModule {
owner = "ledgerwatch";
repo = pname;
rev = "v${version}";
sha256 = "sha256-r/mumt/f0wrOsXyEHo/NX0lJGt8zqXEVNC+9DWDkHAM=";
sha256 = "sha256-sLJMmSEUQNsodZ9Ms0ipDwN2QOYa9pZTlEqt4CF23Sc=";
fetchSubmodules = true;
};
vendorSha256 = "sha256-vSJZ1wIx1CiLE04ZBDnQDQqM2v8BBLxw5qbAsixC3/U=";
vendorSha256 = "sha256-KESY+PSbWQHPJphop4GnVF4T8Q/MPb2GFDEko0ieXEM=";
proxyVendor = true;
# Build errors in mdbx when format hardening is enabled:

28
pkgs/applications/blockchains/torq/default.nix
View file

@ -1,9 +1,10 @@
{ lib
, buildGoModule
, buildNpmPackage
, fetchFromGitHub
}:
buildGoModule rec {
let
pname = "torq";
version = "0.17.3";
@ -14,6 +15,27 @@ buildGoModule rec {
hash = "sha256-fqHJZi1NQCrZqsa+N+FVYZ8s9o0D555Sqn5qNlJ1MmI=";
};
web = buildNpmPackage {
pname = "${pname}-frontend";
inherit version;
src = "${src}/web";
npmDepsHash = "sha256-8mUfTFzPjQlQvhC3zZf+WruDBkYnmGt3yckNi0CPWs0=";
# copied from upstream Dockerfile
npmInstallFlags = [ "--legacy-peer-deps" ];
TSX_COMPILE_ON_ERROR="true";
ESLINT_NO_DEV_ERRORS="true";
# override npmInstallHook, we only care about the build/ directory
installPhase = ''
mkdir $out
cp -r build $out/
'';
};
in
buildGoModule rec {
inherit pname version src;
vendorHash = "sha256-HETN2IMnpxnTyg6bQDpoD0saJu+gKocdEf0VzEi12Gs=";
subPackages = [ "cmd/torq" ];
@ -24,6 +46,10 @@ buildGoModule rec {
"-X github.com/lncapital/torq/build.version=v${version}"
];
postInstall = ''
ln -s ${web} $out/web
'';
meta = with lib; {
description = "Capital management tool for lightning network nodes";
license = licenses.mit;

4
pkgs/applications/editors/vscode/extensions/default.nix
View file

@ -2580,8 +2580,8 @@ let
mktplcRef = {
name = "code-spell-checker";
publisher = "streetsidesoftware";
version = "2.15.0";
sha256 = "sha256-YfcO/01nO+92xZEJgYyLYAkqXMqfV/QDkcN9Dnjp5ZA=";
version = "2.16.0";
sha256 = "sha256-Qr4cYAEvAkvvE6KytVeInJzcMQJZqr/e/KPfelVzjUA=";
};
meta = with lib; {
changelog = "https://marketplace.visualstudio.com/items/streetsidesoftware.code-spell-checker/changelog";

10
pkgs/applications/graphics/ImageMagick/6.x.nix
View file

@ -21,6 +21,7 @@
, libde265Support ? true, libde265
, fftw
, ApplicationServices, Foundation
, testers
}:
let
@ -33,14 +34,14 @@ let
else null;
in
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "imagemagick";
version = "6.9.12-68";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick6";
rev = version;
rev = finalAttrs.version;
sha256 = "sha256-slQcA0cblxtG/1DiJx5swUh7Kfwgz5HG70eqJFLaQJI=";
};
@ -109,10 +110,13 @@ stdenv.mkDerivation rec {
done
'';
passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
meta = with lib; {
homepage = "https://legacy.imagemagick.org/";
changelog = "https://legacy.imagemagick.org/script/changelog.php";
description = "A software suite to create, edit, compose, or convert bitmap images";
pkgConfigModules = [ "ImageMagick" "MagickWand" ];
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ ];
license = licenses.asl20;
@ -137,4 +141,4 @@ stdenv.mkDerivation rec {
"CVE-2022-2719"
];
};
}
})

8
pkgs/applications/graphics/ImageMagick/default.nix
View file

@ -45,14 +45,14 @@ let
else null;
in
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "imagemagick";
version = "7.1.0-61";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
rev = version;
rev = finalAttrs.version;
hash = "sha256-g7WeqPpPd1gceU+s+vRDpb41IX1lzpiqh3cAYeFdUlg=";
};
@ -126,14 +126,16 @@ stdenv.mkDerivation rec {
passthru.tests = {
version = testers.testVersion { package = imagemagick; };
inherit (python3.pkgs) img2pdf;
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
};
meta = with lib; {
homepage = "http://www.imagemagick.org/";
description = "A software suite to create, edit, compose, or convert bitmap images";
pkgConfigModules = [ "ImageMagick" "MagickWand" ];
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ erictapen dotlambda ];
license = licenses.asl20;
mainProgram = "magick";
};
}
})

4
pkgs/applications/graphics/drawio/default.nix
View file

@ -11,11 +11,11 @@
stdenv.mkDerivation rec {
pname = "drawio";
version = "20.8.10";
version = "20.8.16";
src = fetchurl {
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/drawio-x86_64-${version}.rpm";
sha256 = "118e9c9a328c92aeeda3c5925c8d8ed50d0993c07715726447ee720699958626";
sha256 = "sha256-FBnyogqf5BHLRInjJzC2dENnAwFcWMHDvJ+F0I3ffVg=";
};
nativeBuildInputs = [

18
pkgs/applications/misc/1password-gui/default.nix
View file

@ -9,43 +9,43 @@
let
pname = "1password";
version = if channel == "stable" then "8.9.10" else "8.9.12-4.BETA";
version = if channel == "stable" then "8.9.14" else "8.10.0-20.BETA";
sources = {
stable = {
x86_64-linux = {
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
sha256 = "sha256-aoa00W5zvZQeHKd2Eqyrxl5Z1PwLMHc5lkMUskLiD74=";
sha256 = "sha256-rlLzPDPOmzamDnRxuvgrpAW0QrMINw/PsdLxOiBpMnA=";
};
aarch64-linux = {
url = "https://downloads.1password.com/linux/tar/stable/aarch64/1password-${version}.arm64.tar.gz";
sha256 = "sha256-Zt64UGKI3+DayS6XP7jTE+pxv52tUUZbUHiuzjcm1JI=";
sha256 = "sha256-hJTqFr6/KOl4C+1oyo/zrnCbqvRQin6HjyLKOppUl/M=";
};
x86_64-darwin = {
url = "https://downloads.1password.com/mac/1Password-${version}-x86_64.zip";
sha256 = "sha256-sx9eASpMcgkIH1GRzJMqSQa5Y5GJlYU/20CZFyFK+OU=";
sha256 = "sha256-3/aiUj+WYZfPItYrYNQKsUSpkRTgOhyb8L5gURt1O74=";
};
aarch64-darwin = {
url = "https://downloads.1password.com/mac/1Password-${version}-aarch64.zip";
sha256 = "sha256-Z1cEynO9iWZra542CVGmefrTNerMe13OcTAzWXNi8jI=";
sha256 = "sha256-n0xqD5WbcC9B6spisa5V7JJRXGZubBwzJFUS8edvz/Q=";
};
};
beta = {
x86_64-linux = {
url = "https://downloads.1password.com/linux/tar/beta/x86_64/1password-${version}.x64.tar.gz";
sha256 = "sha256-/WXaLINqLFLft+wrmr+fV0kM9qS5w4etFiGltnzoVdo=";
sha256 = "sha256-r2MRyw0dfD3vGnCcPW624K5rSaNSCjTVW4cWFgPAIaY=";
};
aarch64-linux = {
url = "https://downloads.1password.com/linux/tar/beta/aarch64/1password-${version}.arm64.tar.gz";
sha256 = "sha256-Zv9uHkFCZ0flBMAwQBjNhqFWhAXKyHBfZk733hbSag4=";
sha256 = "sha256-98sv4yLvLw8J5uQBB66qTV3lRWnyeZiifhEOW7shz8s=";
};
x86_64-darwin = {
url = "https://downloads.1password.com/mac/1Password-${version}-x86_64.zip";
sha256 = "sha256-Vryk6nMQY+0NIgwJkZ2j3vrxyhrzxbe96jbyoNbPIR0=";
sha256 = "sha256-ezHk6OgUsmFfMfsY+yyWqn+6JgHSmpkFWGNCCaBv/Bo=";
};
aarch64-darwin = {
url = "https://downloads.1password.com/mac/1Password-${version}-aarch64.zip";
sha256 = "sha256-74iOaNkuPRKUsTNNd7UTpy5ahjoMmxiNT84Op5ztRGk=";
sha256 = "sha256-JmCrEBucXGPpGbiKOxA8vu6bUVYsavfsYA5QY58Grnw=";
};
};
};

46
pkgs/applications/misc/1password-gui/update.sh Executable file
View file

@ -0,0 +1,46 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p jq
#shellcheck shell=bash
CURRENT_HASH=""
print_hash() {
OS="$1"
CHANNEL="$2"
ARCH="$3"
VERSION="$4"
if [[ "$OS" == "linux" ]]; then
if [[ "$ARCH" == "x86_64" ]]; then
EXT="x64.tar.gz"
else
EXT="arm64.tar.gz"
fi
URL="https://downloads.1password.com/${OS}/tar/${CHANNEL}/${ARCH}/1password-${VERSION}.${EXT}"
else
EXT="$ARCH.zip"
URL="https://downloads.1password.com/${OS}/1Password-${VERSION}-${EXT}"
fi
CURRENT_HASH=$(nix store prefetch-file "$URL" --json | jq -r '.hash')
echo "$CHANNEL ${ARCH}-${OS}: $CURRENT_HASH"
}
if [[ -z "$STABLE_VER" ]]; then
echo "No 'STABLE_VER' environment variable provided, skipping"
else
print_hash "linux" "stable" "x86_64" "$STABLE_VER"
print_hash "linux" "stable" "aarch64" "$STABLE_VER"
print_hash "mac" "stable" "x86_64" "$STABLE_VER"
print_hash "mac" "stable" "aarch64" "$STABLE_VER"
fi
if [[ -z "$BETA_VER" ]]; then
echo "No 'BETA_VER' environment variable provided, skipping"
else
print_hash "linux" "beta" "x86_64" "$BETA_VER"
print_hash "linux" "beta" "aarch64" "$BETA_VER"
print_hash "mac" "beta" "x86_64" "$BETA_VER"
print_hash "mac" "beta" "aarch64" "$BETA_VER"
fi

4
pkgs/applications/misc/cubiomes-viewer/default.nix
View file

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "cubiomes-viewer";
version = "3.0.1";
version = "3.1.0";
src = fetchFromGitHub {
owner = "Cubitect";
repo = pname;
rev = version;
sha256 = "sha256-UPphXaxq/Hnt1U3J+lgwa0lp3vX1B/Ou8eqD9rHe3sw=";
sha256 = "sha256-pA+SWktSjgH7lRqK14yJX2ziLoKpxMCpEIh0H6slpxw=";
fetchSubmodules = true;
};

46
pkgs/applications/misc/gcfflasher/default.nix Normal file
View file

@ -0,0 +1,46 @@
{ lib
, stdenv
, fetchFromGitHub
, pkg-config
, libgpiod
, cmake
}:
stdenv.mkDerivation rec {
pname = "gcfflasher";
version = "4.0.3-beta";
src = fetchFromGitHub {
owner = "dresden-elektronik";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-m+iDBfsHo+PLYd3K8JaKwhIXcnj+Q8w7gIgmHp+0plk=";
};
nativeBuildInputs = [
pkg-config
cmake
];
postPatch = ''
substituteInPlace CMakeLists.txt \
--replace 'main_windows.c' 'main_posix.c'
'';
buildInputs = lib.optionals stdenv.isLinux [
libgpiod
];
installPhase = ''
runHook preInstall
install -Dm0755 GCFFlasher $out/bin/GCFFlasher
runHook postInstall
'';
meta = with lib; {
description = "CFFlasher is the tool to program the firmware of dresden elektronik's Zigbee products";
license = licenses.bsd3;
homepage = "https://github.com/dresden-elektronik/gcfflasher";
maintainers = with maintainers; [ fleaz ];
};
}

4
pkgs/applications/misc/klayout/default.nix
View file

@ -5,13 +5,13 @@
mkDerivation rec {
pname = "klayout";
version = "0.28.4";
version = "0.28.5";
src = fetchFromGitHub {
owner = "KLayout";
repo = "klayout";
rev = "v${version}";
hash = "sha256-6RIzgC/PA2DqO24vKu+d/+GttufUbIH+k9GZe09M0vM=";
hash = "sha256-fjKxQ3oVtnFwzLeeE6kN0jKE5PIfBZubTF54KO+k/DE=";
};
postPatch = ''

6
pkgs/applications/misc/nwg-panel/default.nix
View file

@ -14,13 +14,13 @@
python3Packages.buildPythonApplication rec {
pname = "nwg-panel";
version = "0.7.11";
version = "0.7.16";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-panel";
rev = "refs/tags/v${version}";
sha256 = "sha256-Esr1OPyQCCQIOfgkl6RIn93ZaJkF0O2RM9ObIgBlPi4=";
sha256 = "sha256-dwnDrFQZVz6Vxa8bX0gFPBZFQwRJ3+wUy6Rsxvb2dhw=";
};
# No tests
@ -56,6 +56,6 @@ python3Packages.buildPythonApplication rec {
description = "GTK3-based panel for Sway window manager";
license = licenses.mit;
platforms = platforms.linux;
maintainers = with maintainers; [ berbiche ];
maintainers = with maintainers; [ ];
};
}

6
pkgs/applications/misc/oxker/default.nix
View file

@ -2,14 +2,14 @@
rustPlatform.buildRustPackage rec {
pname = "oxker";
version = "0.2.1";
version = "0.2.3";
src = fetchCrate {
inherit pname version;
sha256 = "sha256-CsfzQN7n/LsNIivJShDG02cHwPktkXl/0udBSPz0i2U=";
sha256 = "sha256-J+3wi1nqkxR3ZDfR+F3rvFjUz1DJ7/jhjmcvFdMzWYc=";
};
cargoHash = "sha256-FSuhG+ZSQzwj1YB3xs3A1uFWPhwK8FIfVfUY9V/J2Z8=";
cargoHash = "sha256-oQPCUm/X2vt6wN5AKhtgq8tzQQrp0H42bBK7Az+I9BE=";
meta = with lib; {
description = "A simple tui to view & control docker containers";

8
pkgs/applications/misc/yubioath-flutter/default.nix
View file

@ -10,19 +10,19 @@
}:
let
vendorHashes = {
x86_64-linux = "sha256-BwhWA8N0S55XkljDKPNkDhsj0QSpmJJ5MwEnrPjymS8=";
aarch64-linux = "sha256-T1aGz3+2Sls+rkUVDUo39Ky2igg+dxGSUaf3qpV7ovQ=";
x86_64-linux = "sha256-Upe0cEDG02RJD50Ht9VNMwkelsJHX8zOuJZssAhMuMY=";
aarch64-linux = "sha256-lKER4+gcyFqnCvgBl/qdVBCbUpocWUnXGLXsX82MSy4=";
};
in
flutter.mkFlutterApp rec {
pname = "yubioath-flutter";
version = "6.0.2";
version = "6.1.0";
src = fetchFromGitHub {
owner = "Yubico";
repo = "yubioath-flutter";
rev = version;
sha256 = "13nh5qpq02c6azfdh4cbzhlrq0hs9is45q5z5cnxg84hrx26hd4k";
sha256 = "sha256-N9/qwC79mG9r+zMPLHSPjNSQ+srGtnXuKsf0ijtH7CI=";
};
passthru.helper = python3.pkgs.callPackage ./helper.nix { inherit src version meta; };

41
pkgs/applications/networking/cluster/k3s/1_23/0001-script-download-strip-downloading-just-package-CRD.patch Normal file
View file

@ -0,0 +1,41 @@
From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001
From: Euan Kemp <euank@euank.com>
Date: Thu, 3 Feb 2022 23:50:40 -0800
Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD
The CRD packaging is a complicated set of commands, so let's reuse it.
---
scripts/download | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/scripts/download b/scripts/download
index 5effc0562a..82361803ee 100755
--- a/scripts/download
+++ b/scripts/download
@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}
mkdir -p ${CHARTS_DIR}
mkdir -p ${DATA_DIR}
-curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
-
-git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
-
-git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}
-
setup_tmp() {
TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
cleanup() {
@@ -44,8 +38,8 @@ setup_tmp() {
download_and_package_traefik () {
echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
- curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
- code=$?
+ # nixpkgs: copy in our known traefik chart instead
+ cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}
if [ $code -ne 0 ]; then
echo "Error: Failed to download Traefik Helm chart!"
--
2.34.1

331
pkgs/applications/networking/cluster/k3s/1_23/default.nix Normal file
View file

@ -0,0 +1,331 @@
{ stdenv
, lib
, makeWrapper
, socat
, iptables
, iproute2
, bridge-utils
, btrfs-progs
, conntrack-tools
, buildGoModule
, runc
, rsync
, kmod
, libseccomp
, pkg-config
, ethtool
, util-linux
, fetchFromGitHub
, fetchurl
, fetchzip
, fetchgit
, zstd
, yq-go
, nixosTests
, k3s
, pkgsBuildBuild
}:
with lib;
# k3s is a kinda weird derivation. One of the main points of k3s is the
# simplicity of it being one binary that can perform several tasks.
# However, when you have a good package manager (like nix), that doesn't
# actually make much of a difference; you don't really care if it's one binary
# or 10 since with a good package manager, installing and running it is
# identical.
# Since upstream k3s packages itself as one large binary with several
# "personalities" (in the form of subcommands like 'k3s agent' and 'k3s
# kubectl'), it ends up being easiest to mostly mimic upstream packaging, with
# some exceptions.
# K3s also carries patches to some packages (such as containerd and cni
# plugins), so we intentionally use the k3s versions of those binaries for k3s,
# even if the upstream version of those binaries exist in nixpkgs already. In
# the end, that means we have a thick k3s binary that behaves like the upstream
# one for the most part.
# However, k3s also bundles several pieces of unpatched software, from the
# strongswan vpn software, to iptables, to socat, conntrack, busybox, etc.
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
k3sVersion = "1.23.6+k3s1"; # k3s git tag
k3sCommit = "418c3fa858b69b12b9cefbcff0526f666a6236b9"; # k3s git commit at the above version
k3sRepoSha256 = "0fmw491dn5mpi058mr7sij51i5m4qg2grx30cnl3h2v4s0sdkx2i";
k3sVendorSha256 = "sha256-iHg5ySMaiSWXs98YGmxPwdZr4zdBIFma12dNEuf30Hs=";
# taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
# The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
traefikChartVersion = "10.19.3";
traefikChartSha256 = "04zg5li957svgscdmkzmzjkwljaljyav68rzxmhakkwgav6q9058";
# taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47
k3sRootVersion = "0.11.0";
k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
# taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
k3sCNIVersion = "1.0.1-k3s1";
k3sCNISha256 = "11ihlzzdnqf9p21y0a4ckpbxac016nm7746dcykhj26ym9zxyv92";
# taken from go.mod, the 'github.com/containerd/containerd' line
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
containerdVersion = "1.5.11-k3s2";
containerdSha256 = "16132snvrg8r0vwm6c0lz0q6fx686s2ix53nm3aka9a83xs75vf2";
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
criCtlVersion = "1.22.0-k3s1";
baseMeta = k3s.meta;
# https://github.com/k3s-io/k3s/blob/5fb370e53e0014dc96183b8ecb2c25a61e891e76/scripts/build#L19-L40
versionldflags = [
"-X github.com/rancher/k3s/pkg/version.Version=v${k3sVersion}"
"-X github.com/rancher/k3s/pkg/version.GitCommit=${lib.substring 0 8 k3sCommit}"
"-X k8s.io/client-go/pkg/version.gitVersion=v${k3sVersion}"
"-X k8s.io/client-go/pkg/version.gitCommit=${k3sCommit}"
"-X k8s.io/client-go/pkg/version.gitTreeState=clean"
"-X k8s.io/client-go/pkg/version.buildDate=1970-01-01T01:01:01Z"
"-X k8s.io/component-base/version.gitVersion=v${k3sVersion}"
"-X k8s.io/component-base/version.gitCommit=${k3sCommit}"
"-X k8s.io/component-base/version.gitTreeState=clean"
"-X k8s.io/component-base/version.buildDate=1970-01-01T01:01:01Z"
"-X github.com/kubernetes-sigs/cri-tools/pkg/version.Version=v${criCtlVersion}"
"-X github.com/containerd/containerd/version.Version=v${containerdVersion}"
"-X github.com/containerd/containerd/version.Package=github.com/k3s-io/containerd"
];
# bundled into the k3s binary
traefikChart = fetchurl {
url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
sha256 = traefikChartSha256;
};
# so, k3s is a complicated thing to package
# This derivation attempts to avoid including any random binaries from the
# internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which
# we don't care about doing, we can add those as build or runtime
# dependencies using a real package manager).
# In addition to those binaries, it's also configuration though (right now
# mostly strongswan configuration), and k3s does use those files.
# As such, we download it in order to grab 'etc' and bundle it into the final
# k3s binary.
k3sRoot = fetchzip {
# Note: marked as apache 2.0 license
url = "https://github.com/k3s-io/k3s-root/releases/download/v${k3sRootVersion}/k3s-root-amd64.tar";
sha256 = k3sRootSha256;
stripRoot = false;
};
k3sCNIPlugins = buildGoModule rec {
pname = "k3s-cni-plugins";
version = k3sCNIVersion;
vendorSha256 = null;
subPackages = [ "." ];
src = fetchFromGitHub {
owner = "rancher";
repo = "plugins";
rev = "v${version}";
sha256 = k3sCNISha256;
};
postInstall = ''
mv $out/bin/plugins $out/bin/cni
'';
meta = baseMeta // {
description = "CNI plugins, as patched by rancher for k3s";
};
};
# Grab this separately from a build because it's used by both stages of the
# k3s build.
k3sRepo = fetchgit {
url = "https://github.com/k3s-io/k3s";
rev = "v${k3sVersion}";
sha256 = k3sRepoSha256;
};
# Stage 1 of the k3s build:
# Let's talk about how k3s is structured.
# One of the ideas of k3s is that there's the single "k3s" binary which can
# do everything you need, from running a k3s server, to being a worker node,
# to running kubectl.
# The way that actually works is that k3s is a single go binary that contains
# a bunch of bindata that it unpacks at runtime into directories (either the
# user's home directory or /var/lib/rancher if run as root).
# This bindata includes both binaries and configuration.
# In order to let nixpkgs do all its autostripping/patching/etc, we split this into two derivations.
# First, we build all the binaries that get packed into the thick k3s binary
# (and output them from one derivation so they'll all be suitably patched up).
# Then, we bundle those binaries into our thick k3s binary and use that as
# the final single output.
# This approach was chosen because it ensures the bundled binaries all are
# correctly built to run with nix (we can lean on the existing buildGoModule
# stuff), and we can again lean on that tooling for the final k3s binary too.
# Other alternatives would be to manually run the
# strip/patchelf/remove-references step ourselves in the installPhase of the
# derivation when we've built all the binaries, but haven't bundled them in
# with generated bindata yet.
k3sServer = buildGoModule rec {
pname = "k3s-server";
version = k3sVersion;
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libseccomp ];
subPackages = [ "cmd/server" ];
ldflags = versionldflags;
# create the multicall symlinks for k3s
postInstall = ''
mv $out/bin/server $out/bin/k3s
pushd $out
# taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113
ln -s k3s ./bin/k3s-agent
ln -s k3s ./bin/k3s-server
ln -s k3s ./bin/k3s-etcd-snapshot
ln -s k3s ./bin/k3s-secrets-encrypt
ln -s k3s ./bin/k3s-certificate
ln -s k3s ./bin/kubectl
ln -s k3s ./bin/crictl
ln -s k3s ./bin/ctr
popd
'';
meta = baseMeta // {
description = "The various binaries that get packaged into the final k3s binary";
};
};
k3sContainerd = buildGoModule {
pname = "k3s-containerd";
version = containerdVersion;
src = fetchFromGitHub {
owner = "k3s-io";
repo = "containerd";
rev = "v${containerdVersion}";
sha256 = containerdSha256;
};
vendorSha256 = null;
buildInputs = [ btrfs-progs ];
subPackages = [ "cmd/containerd" "cmd/containerd-shim-runc-v2" ];
ldflags = versionldflags;
};
in
buildGoModule rec {
pname = "k3s";
version = k3sVersion;
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
patches = [
./0001-script-download-strip-downloading-just-package-CRD.patch
];
postPatch = ''
# Nix prefers dynamically linked binaries over static binary.
substituteInPlace scripts/package-cli \
--replace '"$LDFLAGS $STATIC" -o' \
'"$LDFLAGS" -o' \
--replace "STATIC=\"-extldflags \'-static\'\"" \
""
# Upstream codegen fails with trimpath set. Removes "trimpath" for 'go generate':
substituteInPlace scripts/package-cli \
--replace '"''${GO}" generate' \
'GOFLAGS="" \
GOOS="${pkgsBuildBuild.go.GOOS}" \
GOARCH="${pkgsBuildBuild.go.GOARCH}" \
CC="${pkgsBuildBuild.stdenv.cc}/bin/cc" \
"''${GO}" generate'
'';
# Important utilities used by the kubelet, see
# https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
# Note the list in that issue is stale and some aren't relevant for k3s.
k3sRuntimeDeps = [
kmod
socat
iptables
iproute2
bridge-utils
ethtool
util-linux # kubelet wants 'nsenter' from util-linux: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-705994388
conntrack-tools
];
buildInputs = k3sRuntimeDeps;
nativeBuildInputs = [
makeWrapper
rsync
yq-go
zstd
];
# embedded in the final k3s cli
propagatedBuildInputs = [
k3sCNIPlugins
k3sContainerd
k3sServer
runc
];
# We override most of buildPhase due to peculiarities in k3s's build.
# Specifically, it has a 'go generate' which runs part of the package. See
# this comment:
# https://github.com/NixOS/nixpkgs/pull/158089#discussion_r799965694
# So, why do we use buildGoModule at all? For the `vendorSha256` / `go mod download` stuff primarily.
buildPhase = ''
patchShebangs ./scripts/package-cli ./scripts/download ./scripts/build-upload
# copy needed 'go generate' inputs into place
mkdir -p ./bin/aux
rsync -a --no-perms ${k3sServer}/bin/ ./bin/
ln -vsf ${runc}/bin/runc ./bin/runc
ln -vsf ${k3sCNIPlugins}/bin/cni ./bin/cni
ln -vsf ${k3sContainerd}/bin/* ./bin/
rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/
mkdir -p ./build/static/charts
# Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.
export TRAEFIK_CHART_FILE=${traefikChart}
# place the traefik chart using their code since it's complicated
# We trim the actual download, see patches
./scripts/download
export ARCH=$GOARCH
export DRONE_TAG="v${k3sVersion}"
export DRONE_COMMIT="${k3sCommit}"
# use ./scripts/package-cli to run 'go generate' + 'go build'
./scripts/package-cli
mkdir -p $out/bin
'';
# Otherwise it depends on 'getGoDirs', which is normally set in buildPhase
doCheck = false;
installPhase = ''
# wildcard to match the arm64 build too
install -m 0755 dist/artifacts/k3s* -D $out/bin/k3s
wrapProgram $out/bin/k3s \
--prefix PATH : ${lib.makeBinPath k3sRuntimeDeps} \
--prefix PATH : "$out/bin"
'';
doInstallCheck = true;
installCheckPhase = ''
$out/bin/k3s --version | grep -F "v${k3sVersion}" >/dev/null
'';
# Fix-Me: Needs to be adapted specifically for 1.23
# passthru.updateScript = ./update.sh;
# Fix-Me: Needs to be adapted specifically for 1.23
# passthru.tests = { inherit (nixosTests) k3s-single-node k3s-single-node-docker; };
meta = baseMeta;
}

41
pkgs/applications/networking/cluster/k3s/1_24/0001-script-download-strip-downloading-just-package-CRD.patch Normal file
View file

@ -0,0 +1,41 @@
From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001
From: Euan Kemp <euank@euank.com>
Date: Thu, 3 Feb 2022 23:50:40 -0800
Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD
The CRD packaging is a complicated set of commands, so let's reuse it.
---
scripts/download | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/scripts/download b/scripts/download
index 5effc0562a..82361803ee 100755
--- a/scripts/download
+++ b/scripts/download
@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}
mkdir -p ${CHARTS_DIR}
mkdir -p ${DATA_DIR}
-curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
-
-git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
-
-git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}
-
setup_tmp() {
TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
cleanup() {
@@ -44,8 +38,8 @@ setup_tmp() {
download_and_package_traefik () {
echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
- curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
- code=$?
+ # nixpkgs: copy in our known traefik chart instead
+ cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}
if [ $code -ne 0 ]; then
echo "Error: Failed to download Traefik Helm chart!"
--
2.34.1

329
pkgs/applications/networking/cluster/k3s/1_24/default.nix Normal file
View file

@ -0,0 +1,329 @@
{ stdenv
, lib
, makeWrapper
, socat
, iptables
, iproute2
, bridge-utils
, btrfs-progs
, conntrack-tools
, buildGoModule
, runc
, rsync
, kmod
, libseccomp
, pkg-config
, ethtool
, util-linux
, fetchFromGitHub
, fetchurl
, fetchzip
, fetchgit
, zstd
, yq-go
, nixosTests
, k3s
, pkgsBuildBuild
}:
# k3s is a kinda weird derivation. One of the main points of k3s is the
# simplicity of it being one binary that can perform several tasks.
# However, when you have a good package manager (like nix), that doesn't
# actually make much of a difference; you don't really care if it's one binary
# or 10 since with a good package manager, installing and running it is
# identical.
# Since upstream k3s packages itself as one large binary with several
# "personalities" (in the form of subcommands like 'k3s agent' and 'k3s
# kubectl'), it ends up being easiest to mostly mimic upstream packaging, with
# some exceptions.
# K3s also carries patches to some packages (such as containerd and cni
# plugins), so we intentionally use the k3s versions of those binaries for k3s,
# even if the upstream version of those binaries exist in nixpkgs already. In
# the end, that means we have a thick k3s binary that behaves like the upstream
# one for the most part.
# However, k3s also bundles several pieces of unpatched software, from the
# strongswan vpn software, to iptables, to socat, conntrack, busybox, etc.
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
k3sVersion = "1.24.4+k3s1"; # k3s git tag
k3sCommit = "c3f830e9b9ed8a4d9d0e2aa663b4591b923a296e"; # k3s git commit at the above version
k3sRepoSha256 = "00ns6n7jxnacah8ahndhgdb160prgsqhswbb5809kkgvig7k8b27";
k3sVendorSha256 = "sha256-ReZvJCgxqffG2H39JlynGPUBSV5ngPkRtAoZ++OQZZI=";
# taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
# The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
traefikChartVersion = "10.19.3";
traefikChartSha256 = "04zg5li957svgscdmkzmzjkwljaljyav68rzxmhakkwgav6q9058";
# taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47
k3sRootVersion = "0.11.0";
k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
# taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
k3sCNIVersion = "1.1.1-k3s1";
k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl";
# taken from go.mod, the 'github.com/containerd/containerd' line
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
containerdVersion = "1.5.13-k3s1";
containerdSha256 = "09bj4ghwbsj9whkv1d5icqs52k64m449j8b73dmak2wz62fbzbvp";
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
criCtlVersion = "1.24.0-k3s1";
baseMeta = k3s.meta;
# https://github.com/k3s-io/k3s/blob/5fb370e53e0014dc96183b8ecb2c25a61e891e76/scripts/build#L19-L40
versionldflags = [
"-X github.com/rancher/k3s/pkg/version.Version=v${k3sVersion}"
"-X github.com/rancher/k3s/pkg/version.GitCommit=${lib.substring 0 8 k3sCommit}"
"-X k8s.io/client-go/pkg/version.gitVersion=v${k3sVersion}"
"-X k8s.io/client-go/pkg/version.gitCommit=${k3sCommit}"
"-X k8s.io/client-go/pkg/version.gitTreeState=clean"
"-X k8s.io/client-go/pkg/version.buildDate=1970-01-01T01:01:01Z"
"-X k8s.io/component-base/version.gitVersion=v${k3sVersion}"
"-X k8s.io/component-base/version.gitCommit=${k3sCommit}"
"-X k8s.io/component-base/version.gitTreeState=clean"
"-X k8s.io/component-base/version.buildDate=1970-01-01T01:01:01Z"
"-X github.com/kubernetes-sigs/cri-tools/pkg/version.Version=v${criCtlVersion}"
"-X github.com/containerd/containerd/version.Version=v${containerdVersion}"
"-X github.com/containerd/containerd/version.Package=github.com/k3s-io/containerd"
];
# bundled into the k3s binary
traefikChart = fetchurl {
url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
sha256 = traefikChartSha256;
};
# so, k3s is a complicated thing to package
# This derivation attempts to avoid including any random binaries from the
# internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which
# we don't care about doing, we can add those as build or runtime
# dependencies using a real package manager).
# In addition to those binaries, it's also configuration though (right now
# mostly strongswan configuration), and k3s does use those files.
# As such, we download it in order to grab 'etc' and bundle it into the final
# k3s binary.
k3sRoot = fetchzip {
# Note: marked as apache 2.0 license
url = "https://github.com/k3s-io/k3s-root/releases/download/v${k3sRootVersion}/k3s-root-amd64.tar";
sha256 = k3sRootSha256;
stripRoot = false;
};
k3sCNIPlugins = buildGoModule rec {
pname = "k3s-cni-plugins";
version = k3sCNIVersion;
vendorSha256 = null;
subPackages = [ "." ];
src = fetchFromGitHub {
owner = "rancher";
repo = "plugins";
rev = "v${version}";
sha256 = k3sCNISha256;
};
postInstall = ''
mv $out/bin/plugins $out/bin/cni
'';
meta = baseMeta // {
description = "CNI plugins, as patched by rancher for k3s";
};
};
# Grab this separately from a build because it's used by both stages of the
# k3s build.
k3sRepo = fetchgit {
url = "https://github.com/k3s-io/k3s";
rev = "v${k3sVersion}";
sha256 = k3sRepoSha256;
};
# Stage 1 of the k3s build:
# Let's talk about how k3s is structured.
# One of the ideas of k3s is that there's the single "k3s" binary which can
# do everything you need, from running a k3s server, to being a worker node,
# to running kubectl.
# The way that actually works is that k3s is a single go binary that contains
# a bunch of bindata that it unpacks at runtime into directories (either the
# user's home directory or /var/lib/rancher if run as root).
# This bindata includes both binaries and configuration.
# In order to let nixpkgs do all its autostripping/patching/etc, we split this into two derivations.
# First, we build all the binaries that get packed into the thick k3s binary
# (and output them from one derivation so they'll all be suitably patched up).
# Then, we bundle those binaries into our thick k3s binary and use that as
# the final single output.
# This approach was chosen because it ensures the bundled binaries all are
# correctly built to run with nix (we can lean on the existing buildGoModule
# stuff), and we can again lean on that tooling for the final k3s binary too.
# Other alternatives would be to manually run the
# strip/patchelf/remove-references step ourselves in the installPhase of the
# derivation when we've built all the binaries, but haven't bundled them in
# with generated bindata yet.
k3sServer = buildGoModule rec {
pname = "k3s-server";
version = k3sVersion;
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libseccomp ];
subPackages = [ "cmd/server" ];
ldflags = versionldflags;
# create the multicall symlinks for k3s
postInstall = ''
mv $out/bin/server $out/bin/k3s
pushd $out
# taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113
ln -s k3s ./bin/k3s-agent
ln -s k3s ./bin/k3s-server
ln -s k3s ./bin/k3s-etcd-snapshot
ln -s k3s ./bin/k3s-secrets-encrypt
ln -s k3s ./bin/k3s-certificate
ln -s k3s ./bin/kubectl
ln -s k3s ./bin/crictl
ln -s k3s ./bin/ctr
popd
'';
meta = baseMeta // {
description = "The various binaries that get packaged into the final k3s binary";
};
};
k3sContainerd = buildGoModule {
pname = "k3s-containerd";
version = containerdVersion;
src = fetchFromGitHub {
owner = "k3s-io";
repo = "containerd";
rev = "v${containerdVersion}";
sha256 = containerdSha256;
};
vendorSha256 = null;
buildInputs = [ btrfs-progs ];
subPackages = [ "cmd/containerd" "cmd/containerd-shim-runc-v2" ];
ldflags = versionldflags;
};
in
buildGoModule rec {
pname = "k3s";
version = k3sVersion;
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
patches = [
./0001-script-download-strip-downloading-just-package-CRD.patch
];
postPatch = ''
# Nix prefers dynamically linked binaries over static binary.
substituteInPlace scripts/package-cli \
--replace '"$LDFLAGS $STATIC" -o' \
'"$LDFLAGS" -o' \
--replace "STATIC=\"-extldflags \'-static\'\"" \
""
# Upstream codegen fails with trimpath set. Removes "trimpath" for 'go generate':
substituteInPlace scripts/package-cli \
--replace '"''${GO}" generate' \
'GOFLAGS="" \
GOOS="${pkgsBuildBuild.go.GOOS}" \
GOARCH="${pkgsBuildBuild.go.GOARCH}" \
CC="${pkgsBuildBuild.stdenv.cc}/bin/cc" \
"''${GO}" generate'
'';
# Important utilities used by the kubelet, see
# https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
# Note the list in that issue is stale and some aren't relevant for k3s.
k3sRuntimeDeps = [
kmod
socat
iptables
iproute2
bridge-utils
ethtool
util-linux # kubelet wants 'nsenter' from util-linux: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-705994388
conntrack-tools
];
buildInputs = k3sRuntimeDeps;
nativeBuildInputs = [
makeWrapper
rsync
yq-go
zstd
];
# embedded in the final k3s cli
propagatedBuildInputs = [
k3sCNIPlugins
k3sContainerd
k3sServer
runc
];
# We override most of buildPhase due to peculiarities in k3s's build.
# Specifically, it has a 'go generate' which runs part of the package. See
# this comment:
# https://github.com/NixOS/nixpkgs/pull/158089#discussion_r799965694
# So, why do we use buildGoModule at all? For the `vendorSha256` / `go mod download` stuff primarily.
buildPhase = ''
patchShebangs ./scripts/package-cli ./scripts/download ./scripts/build-upload
# copy needed 'go generate' inputs into place
mkdir -p ./bin/aux
rsync -a --no-perms ${k3sServer}/bin/ ./bin/
ln -vsf ${runc}/bin/runc ./bin/runc
ln -vsf ${k3sCNIPlugins}/bin/cni ./bin/cni
ln -vsf ${k3sContainerd}/bin/* ./bin/
rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/
mkdir -p ./build/static/charts
# Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.
export TRAEFIK_CHART_FILE=${traefikChart}
# place the traefik chart using their code since it's complicated
# We trim the actual download, see patches
./scripts/download
export ARCH=$GOARCH
export DRONE_TAG="v${k3sVersion}"
export DRONE_COMMIT="${k3sCommit}"
# use ./scripts/package-cli to run 'go generate' + 'go build'
./scripts/package-cli
mkdir -p $out/bin
'';
# Otherwise it depends on 'getGoDirs', which is normally set in buildPhase
doCheck = false;
installPhase = ''
# wildcard to match the arm64 build too
install -m 0755 dist/artifacts/k3s* -D $out/bin/k3s
wrapProgram $out/bin/k3s \
--prefix PATH : ${lib.makeBinPath k3sRuntimeDeps} \
--prefix PATH : "$out/bin"
'';
doInstallCheck = true;
installCheckPhase = ''
$out/bin/k3s --version | grep -F "v${k3sVersion}" >/dev/null
'';
# Fix-Me: Needs to be adapted specifically for 1.24
# passthru.updateScript = ./update.sh;
# Fix-Me: Needs to be adapted specifically for 1.24
# passthru.tests = nixosTests.k3s;
meta = baseMeta;
}

41
pkgs/applications/networking/cluster/k3s/1_25/0001-script-download-strip-downloading-just-package-CRD.patch Normal file
View file

@ -0,0 +1,41 @@
From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001
From: Euan Kemp <euank@euank.com>
Date: Thu, 3 Feb 2022 23:50:40 -0800
Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD
The CRD packaging is a complicated set of commands, so let's reuse it.
---
scripts/download | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/scripts/download b/scripts/download
index 5effc0562a..82361803ee 100755
--- a/scripts/download
+++ b/scripts/download
@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}
mkdir -p ${CHARTS_DIR}
mkdir -p ${DATA_DIR}
-curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
-
-git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
-
-git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}
-
setup_tmp() {
TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
cleanup() {
@@ -44,8 +38,8 @@ setup_tmp() {
download_and_package_traefik () {
echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
- curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
- code=$?
+ # nixpkgs: copy in our known traefik chart instead
+ cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}
if [ $code -ne 0 ]; then
echo "Error: Failed to download Traefik Helm chart!"
--
2.34.1

329
pkgs/applications/networking/cluster/k3s/1_25/default.nix Normal file
View file

@ -0,0 +1,329 @@
{ stdenv
, lib
, makeWrapper
, socat
, iptables
, iproute2
, bridge-utils
, btrfs-progs
, conntrack-tools
, buildGoModule
, runc
, rsync
, kmod
, libseccomp
, pkg-config
, ethtool
, util-linux
, fetchFromGitHub
, fetchurl
, fetchzip
, fetchgit
, zstd
, yq-go
, nixosTests
, pkgsBuildBuild
, k3s
}:
# k3s is a kinda weird derivation. One of the main points of k3s is the
# simplicity of it being one binary that can perform several tasks.
# However, when you have a good package manager (like nix), that doesn't
# actually make much of a difference; you don't really care if it's one binary
# or 10 since with a good package manager, installing and running it is
# identical.
# Since upstream k3s packages itself as one large binary with several
# "personalities" (in the form of subcommands like 'k3s agent' and 'k3s
# kubectl'), it ends up being easiest to mostly mimic upstream packaging, with
# some exceptions.
# K3s also carries patches to some packages (such as containerd and cni
# plugins), so we intentionally use the k3s versions of those binaries for k3s,
# even if the upstream version of those binaries exist in nixpkgs already. In
# the end, that means we have a thick k3s binary that behaves like the upstream
# one for the most part.
# However, k3s also bundles several pieces of unpatched software, from the
# strongswan vpn software, to iptables, to socat, conntrack, busybox, etc.
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
k3sVersion = "1.25.3+k3s1"; # k3s git tag
k3sCommit = "f2585c1671b31b4b34bddbb3bf4e7d69662b0821"; # k3s git commit at the above version
k3sRepoSha256 = "0zwf3iwjcidx14zw36s1hr0q8wmmbfc0rfqwd7fmpjq597h8zkms";
k3sVendorSha256 = "sha256-U67tJRGqPFk5AfRe7I50zKGC9HJ2oh+iI/C7qF/76BQ=";
# taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
# The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
traefikChartVersion = "12.0.0";
traefikChartSha256 = "1sqmi71fi3ad5dh5fmsp9mv80x6pkgqwi4r9fr8l6i9sdnai6f1a";
# taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47
k3sRootVersion = "0.11.0";
k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
# taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
k3sCNIVersion = "1.1.1-k3s1";
k3sCNISha256 = "14mb3zsqibj1sn338gjmsyksbm0mxv9p016dij7zidccx2rzn6nl";
# taken from go.mod, the 'github.com/containerd/containerd' line
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
containerdVersion = "1.5.13-k3s2";
containerdSha256 = "1pfr2ji4aij9js90gf4a3hqnhyw5hshcjdccm62l700j68gs5z97";
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
criCtlVersion = "1.25.0-k3s1";
baseMeta = k3s.meta;
# https://github.com/k3s-io/k3s/blob/5fb370e53e0014dc96183b8ecb2c25a61e891e76/scripts/build#L19-L40
versionldflags = [
"-X github.com/rancher/k3s/pkg/version.Version=v${k3sVersion}"
"-X github.com/rancher/k3s/pkg/version.GitCommit=${lib.substring 0 8 k3sCommit}"
"-X k8s.io/client-go/pkg/version.gitVersion=v${k3sVersion}"
"-X k8s.io/client-go/pkg/version.gitCommit=${k3sCommit}"
"-X k8s.io/client-go/pkg/version.gitTreeState=clean"
"-X k8s.io/client-go/pkg/version.buildDate=1970-01-01T01:01:01Z"
"-X k8s.io/component-base/version.gitVersion=v${k3sVersion}"
"-X k8s.io/component-base/version.gitCommit=${k3sCommit}"
"-X k8s.io/component-base/version.gitTreeState=clean"
"-X k8s.io/component-base/version.buildDate=1970-01-01T01:01:01Z"
"-X github.com/kubernetes-sigs/cri-tools/pkg/version.Version=v${criCtlVersion}"
"-X github.com/containerd/containerd/version.Version=v${containerdVersion}"
"-X github.com/containerd/containerd/version.Package=github.com/k3s-io/containerd"
];
# bundled into the k3s binary
traefikChart = fetchurl {
url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
sha256 = traefikChartSha256;
};
# so, k3s is a complicated thing to package
# This derivation attempts to avoid including any random binaries from the
# internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which
# we don't care about doing, we can add those as build or runtime
# dependencies using a real package manager).
# In addition to those binaries, it's also configuration though (right now
# mostly strongswan configuration), and k3s does use those files.
# As such, we download it in order to grab 'etc' and bundle it into the final
# k3s binary.
k3sRoot = fetchzip {
# Note: marked as apache 2.0 license
url = "https://github.com/k3s-io/k3s-root/releases/download/v${k3sRootVersion}/k3s-root-amd64.tar";
sha256 = k3sRootSha256;
stripRoot = false;
};
k3sCNIPlugins = buildGoModule rec {
pname = "k3s-cni-plugins";
version = k3sCNIVersion;
vendorSha256 = null;
subPackages = [ "." ];
src = fetchFromGitHub {
owner = "rancher";
repo = "plugins";
rev = "v${version}";
sha256 = k3sCNISha256;
};
postInstall = ''
mv $out/bin/plugins $out/bin/cni
'';
meta = baseMeta // {
description = "CNI plugins, as patched by rancher for k3s";
};
};
# Grab this separately from a build because it's used by both stages of the
# k3s build.
k3sRepo = fetchgit {
url = "https://github.com/k3s-io/k3s";
rev = "v${k3sVersion}";
sha256 = k3sRepoSha256;
};
# Stage 1 of the k3s build:
# Let's talk about how k3s is structured.
# One of the ideas of k3s is that there's the single "k3s" binary which can
# do everything you need, from running a k3s server, to being a worker node,
# to running kubectl.
# The way that actually works is that k3s is a single go binary that contains
# a bunch of bindata that it unpacks at runtime into directories (either the
# user's home directory or /var/lib/rancher if run as root).
# This bindata includes both binaries and configuration.
# In order to let nixpkgs do all its autostripping/patching/etc, we split this into two derivations.
# First, we build all the binaries that get packed into the thick k3s binary
# (and output them from one derivation so they'll all be suitably patched up).
# Then, we bundle those binaries into our thick k3s binary and use that as
# the final single output.
# This approach was chosen because it ensures the bundled binaries all are
# correctly built to run with nix (we can lean on the existing buildGoModule
# stuff), and we can again lean on that tooling for the final k3s binary too.
# Other alternatives would be to manually run the
# strip/patchelf/remove-references step ourselves in the installPhase of the
# derivation when we've built all the binaries, but haven't bundled them in
# with generated bindata yet.
k3sServer = buildGoModule rec {
pname = "k3s-server";
version = k3sVersion;
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libseccomp ];
subPackages = [ "cmd/server" ];
ldflags = versionldflags;
# create the multicall symlinks for k3s
postInstall = ''
mv $out/bin/server $out/bin/k3s
pushd $out
# taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113
ln -s k3s ./bin/k3s-agent
ln -s k3s ./bin/k3s-server
ln -s k3s ./bin/k3s-etcd-snapshot
ln -s k3s ./bin/k3s-secrets-encrypt
ln -s k3s ./bin/k3s-certificate
ln -s k3s ./bin/kubectl
ln -s k3s ./bin/crictl
ln -s k3s ./bin/ctr
popd
'';
meta = baseMeta // {
description = "The various binaries that get packaged into the final k3s binary";
};
};
k3sContainerd = buildGoModule {
pname = "k3s-containerd";
version = containerdVersion;
src = fetchFromGitHub {
owner = "k3s-io";
repo = "containerd";
rev = "v${containerdVersion}";
sha256 = containerdSha256;
};
vendorSha256 = null;
buildInputs = [ btrfs-progs ];
subPackages = [ "cmd/containerd" "cmd/containerd-shim-runc-v2" ];
ldflags = versionldflags;
};
in
buildGoModule rec {
pname = "k3s";
version = k3sVersion;
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
patches = [
./0001-script-download-strip-downloading-just-package-CRD.patch
];
postPatch = ''
# Nix prefers dynamically linked binaries over static binary.
substituteInPlace scripts/package-cli \
--replace '"$LDFLAGS $STATIC" -o' \
'"$LDFLAGS" -o' \
--replace "STATIC=\"-extldflags \'-static\'\"" \
""
# Upstream codegen fails with trimpath set. Removes "trimpath" for 'go generate':
substituteInPlace scripts/package-cli \
--replace '"''${GO}" generate' \
'GOFLAGS="" \
GOOS="${pkgsBuildBuild.go.GOOS}" \
GOARCH="${pkgsBuildBuild.go.GOARCH}" \
CC="${pkgsBuildBuild.stdenv.cc}/bin/cc" \
"''${GO}" generate'
'';
# Important utilities used by the kubelet, see
# https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
# Note the list in that issue is stale and some aren't relevant for k3s.
k3sRuntimeDeps = [
kmod
socat
iptables
iproute2
bridge-utils
ethtool
util-linux # kubelet wants 'nsenter' from util-linux: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-705994388
conntrack-tools
];
buildInputs = k3sRuntimeDeps;
nativeBuildInputs = [
makeWrapper
rsync
yq-go
zstd
];
# embedded in the final k3s cli
propagatedBuildInputs = [
k3sCNIPlugins
k3sContainerd
k3sServer
runc
];
# We override most of buildPhase due to peculiarities in k3s's build.
# Specifically, it has a 'go generate' which runs part of the package. See
# this comment:
# https://github.com/NixOS/nixpkgs/pull/158089#discussion_r799965694
# So, why do we use buildGoModule at all? For the `vendorSha256` / `go mod download` stuff primarily.
buildPhase = ''
patchShebangs ./scripts/package-cli ./scripts/download ./scripts/build-upload
# copy needed 'go generate' inputs into place
mkdir -p ./bin/aux
rsync -a --no-perms ${k3sServer}/bin/ ./bin/
ln -vsf ${runc}/bin/runc ./bin/runc
ln -vsf ${k3sCNIPlugins}/bin/cni ./bin/cni
ln -vsf ${k3sContainerd}/bin/* ./bin/
rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/
mkdir -p ./build/static/charts
# Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.
export TRAEFIK_CHART_FILE=${traefikChart}
# place the traefik chart using their code since it's complicated
# We trim the actual download, see patches
./scripts/download
export ARCH=$GOARCH
export DRONE_TAG="v${k3sVersion}"
export DRONE_COMMIT="${k3sCommit}"
# use ./scripts/package-cli to run 'go generate' + 'go build'
./scripts/package-cli
mkdir -p $out/bin
'';
# Otherwise it depends on 'getGoDirs', which is normally set in buildPhase
doCheck = false;
installPhase = ''
# wildcard to match the arm64 build too
install -m 0755 dist/artifacts/k3s* -D $out/bin/k3s
wrapProgram $out/bin/k3s \
--prefix PATH : ${lib.makeBinPath k3sRuntimeDeps} \
--prefix PATH : "$out/bin"
'';
doInstallCheck = true;
installCheckPhase = ''
$out/bin/k3s --version | grep -F "v${k3sVersion}" >/dev/null
'';
# Fix-Me: Needs to be adapted specifically for 1.25
# passthru.updateScript = ./update.sh;
# Fix-Me: Needs to be adapted specifically for 1.25
# passthru.tests = nixosTests.k3s;
meta = baseMeta;
}

0
pkgs/applications/networking/cluster/k3s/chart-versions.nix → pkgs/applications/networking/cluster/k3s/1_26/chart-versions.nix
View file

0
pkgs/applications/networking/cluster/k3s/default.nix → pkgs/applications/networking/cluster/k3s/1_26/default.nix
View file

0
pkgs/applications/networking/cluster/k3s/update.sh → pkgs/applications/networking/cluster/k3s/1_26/update.sh
View file

9
pkgs/applications/networking/cluster/temporal/default.nix
View file

@ -2,16 +2,18 @@
buildGoModule rec {
pname = "temporal";
version = "1.17.5";
version = "1.19.1";
src = fetchFromGitHub {
owner = "temporalio";
repo = "temporal";
rev = "v${version}";
sha256 = "sha256-u8GyaXpiVZdPDoPAqIa+TY+JQFZeSGOLrUy+e3E4kig=";
hash = "sha256-j2+K/ZDDNakofrToxhyA1gh534l3Eq6G/fNXE0ktceY=";
};
vendorSha256 = "sha256-MT/BmGTdyEzmXjuwlA6WhLIWlrQz3Wc4Tl5dMI1587Q=";
vendorHash = "sha256-KkgyL37VJy1DhfCB5RJpjczBPbzQwt1xsovQ0xCXGr4=";
excludedPackages = [ "./build" ];
CGO_ENABLED = 0;
@ -26,6 +28,7 @@ buildGoModule rec {
install -Dm755 "$GOPATH/bin/server" -T $out/bin/temporal-server
install -Dm755 "$GOPATH/bin/cassandra" -T $out/bin/temporal-cassandra-tool
install -Dm755 "$GOPATH/bin/sql" -T $out/bin/temporal-sql-tool
install -Dm755 "$GOPATH/bin/tdbg" -T $out/bin/tdbg
runHook postInstall
'';

8
pkgs/applications/networking/cluster/terraform-providers/providers.json
View file

@ -812,11 +812,11 @@
"vendorHash": "sha256-LRIfxQGwG988HE5fftGl6JmBG7tTknvmgpm4Fu1NbWI="
},
"oci": {
"hash": "sha256-L8y00f+57hndpVevliJ2kNqpGeNR2Jv/FHbqkAUIRMI=",
"hash": "sha256-ecel4aXOqkPmeOzG5G/D8vmjo2HP9TG+c8H27pCYn2g=",
"homepage": "https://registry.terraform.io/providers/oracle/oci",
"owner": "oracle",
"repo": "terraform-provider-oci",
"rev": "v4.105.0",
"rev": "v4.106.0",
"spdx": "MPL-2.0",
"vendorHash": null
},
@ -1091,11 +1091,11 @@
"vendorHash": "sha256-2wPmLpjhG6QgG+BUCO0oIzHjBOWIOYuptgdtSIm9TZw="
},
"tencentcloud": {
"hash": "sha256-QJUxLwKG3XabACbAvLLKBG9+cmCYRQFpRTWRU6rKwfI=",
"hash": "sha256-yVI1f86Gpkwl3jCAs5d54rZS8lM7cjbwWq+HUXwi8EU=",
"homepage": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud",
"owner": "tencentcloudstack",
"repo": "terraform-provider-tencentcloud",
"rev": "v1.79.7",
"rev": "v1.79.8",
"spdx": "MPL-2.0",
"vendorHash": null
},

6
pkgs/applications/networking/cluster/velero/default.nix
View file

@ -2,14 +2,14 @@
buildGoModule rec {
pname = "velero";
version = "1.10.0";
version = "1.10.1";
src = fetchFromGitHub {
owner = "vmware-tanzu";
repo = "velero";
rev = "v${version}";
sha256 = "sha256-PBCTVws5N42q68rKcMLW7GgZvdsQgmdlsKMpJ5bCF00=";
sha256 = "sha256-jN45chUeoGJGJWD6Rj6duNE36/QCzPqci8V3h1OHtw4=";
};
ldflags = [
@ -20,7 +20,7 @@ buildGoModule rec {
"-X github.com/vmware-tanzu/velero/pkg/buildinfo.GitSHA=none"
];
vendorSha256 = "sha256-5Po8TRCE6VP+RcaIJImYjElTMHHS/2JwbrHreeWLxio=";
vendorHash = "sha256-mvVwf4w/65L+F6aiTNf2jmJtaT1EpWCQJ6r9NHUUUqQ=";
excludedPackages = [ "issue-template-gen" "release-tools" "v1" "velero-restic-restore-helper" ];

4
pkgs/applications/networking/feedreaders/rssguard/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "rssguard";
version = "4.3.1";
version = "4.3.2";
src = fetchFromGitHub {
owner = "martinrotter";
repo = pname;
rev = version;
sha256 = "sha256-hfUtxPGPhPC2VgGLLIaYHlEMpXHAPZ5fkLL0glhyQcY=";
sha256 = "sha256-2h9fVah0WZ8X0GsCLtiUWRan1Gkl4WBxuEQ3gx4FFBo=";
};
buildInputs = [ qtwebengine qttools ];

31
pkgs/applications/networking/instant-messengers/element/keytar/default.nix
View file

@ -1,5 +1,5 @@
{ lib, stdenv, fetchFromGitHub, nodejs, python3, callPackage, removeReferencesTo
, fixup_yarn_lock, yarn, pkg-config, libsecret, xcbuild, Security, AppKit, fetchYarnDeps }:
, pkg-config, libsecret, xcbuild, Security, AppKit, fetchNpmDeps, npmHooks }:
let
pinData = lib.importJSON ./pin.json;
@ -15,39 +15,26 @@ in stdenv.mkDerivation rec {
sha256 = pinData.srcHash;
};
nativeBuildInputs = [ nodejs python3 yarn pkg-config ]
nativeBuildInputs = [
nodejs python3 pkg-config
npmHooks.npmConfigHook
]
++ lib.optional stdenv.isDarwin xcbuild;
buildInputs = lib.optionals (!stdenv.isDarwin) [ libsecret ]
++ lib.optionals stdenv.isDarwin [ Security AppKit ];
npm_config_nodedir = nodejs;
yarnOfflineCache = fetchYarnDeps {
yarnLock = ./yarn.lock;
sha256 = pinData.yarnHash;
npmDeps = fetchNpmDeps {
inherit src;
hash = pinData.npmHash;
};
buildPhase = ''
runHook preBuild
cp ${./yarn.lock} ./yarn.lock
chmod u+w . ./yarn.lock
export HOME=$PWD/tmp
mkdir -p $HOME
yarn config --offline set yarn-offline-mirror $yarnOfflineCache
${fixup_yarn_lock}/bin/fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
patchShebangs node_modules/
node_modules/.bin/node-gyp rebuild
runHook postBuild
'';
doCheck = false;
installPhase = ''
runHook preInstall
shopt -s extglob
rm -rf node_modules
rm -rf $HOME
mkdir -p $out
cp -r ./!(build) $out
install -D -t $out/build/Release build/Release/keytar.node

6
pkgs/applications/networking/instant-messengers/element/keytar/pin.json
View file

@ -1,5 +1,5 @@
{
"version": "7.7.0",
"srcHash": "sd6h+vDJGvmXFhOm4MDAljb4dAOMBB8W1IL7JSfJWyo=",
"yarnHash": "1m75hvl06mcj260hicbmv75p94h73gw5d24zpm5wxwc0q8v8wzfl"
"version": "7.9.0",
"srcHash": "Mnl0Im2hZJXJEtyXb5rgMntekkUAnOG2MN1bwfgh0eg=",
"npmHash": "sha256-ldfRWV+HXBdBYO2ZiGbVFSHV4/bMG43U7w+sJ4kpVUY="
}

8
pkgs/applications/networking/instant-messengers/element/keytar/update.sh
View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -I nixpkgs=../../../../../../ -i bash -p wget prefetch-yarn-deps yarn
#!nix-shell -I nixpkgs=../../../../../../ -i bash -p wget prefetch-npm-deps
if [ "$#" -gt 1 ] || [[ "$1" == -* ]]; then
echo "Regenerates packaging data for the keytar package."
@ -22,10 +22,8 @@ SRC="https://raw.githubusercontent.com/atom/node-keytar/v$version"
wget "$SRC/package-lock.json"
wget "$SRC/package.json"
rm -f yarn.lock
yarn import
npm_hash=$(prefetch-npm-deps package-lock.json)
rm -rf node_modules package.json package-lock.json
yarn_hash=$(prefetch-yarn-deps yarn.lock)
src_hash=$(nix-prefetch-github atom node-keytar --rev v${version} | jq -r .sha256)
@ -33,6 +31,6 @@ cat > pin.json << EOF
{
"version": "$version",
"srcHash": "$src_hash",
"yarnHash": "$yarn_hash"
"npmHash": "$npm_hash"
}
EOF

2531
pkgs/applications/networking/instant-messengers/element/keytar/yarn.lock
View file

File diff suppressed because it is too large Load diff

8
pkgs/applications/networking/instant-messengers/element/seshat/pin.json
View file

@ -1,6 +1,6 @@
{
"version": "2.3.0",
"srcHash": "JyqtM1CCRgxAAdhgQYaIUYPnxEcDrlW1SjDCmsrPL34=",
"yarnHash": "0bym6i1f0i3bs4fncbiwzwmbxp7j14rz1v4kyvsl02qs97qw1jac",
"cargoHash": "sha256-EjtH96SC2kgan631+wlu9LStGKm6ljCR4x3/WpCTS0E="
"version": "2.3.3",
"srcHash": "HmKHWFoO8TQ9S/RcJnJ3h85/2uSkqGrgLnX82hkux4Q=",
"yarnHash": "1cbkv8ap7f8vxl5brzqb86d2dyxg555sz67cldrp0vgnk8sq6ibp",
"cargoHash": "sha256-WsgTbQ91aZZV5sIuFVjsccdiXivjtAUC1Zs/4uNk1zU="
}

59
pkgs/applications/networking/instant-messengers/flare-signal/default.nix Normal file
View file

@ -0,0 +1,59 @@
{ lib
, stdenv
, fetchFromGitLab
, meson
, ninja
, pkg-config
, protobuf
, libsecret
, libadwaita
, rustPlatform
, desktop-file-utils
, wrapGAppsHook4
}:
stdenv.mkDerivation rec {
pname = "flare";
version = "0.6.0";
src = fetchFromGitLab {
domain = "gitlab.com";
owner = "Schmiddiii";
repo = pname;
rev = version;
hash = "sha256-wY95sXWGDjEy8vvP79XliJOn5GQkAvDmOXKmRz0TPEw=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-J3MGQlPYGjhZKH599vfW2WhkXx+Tdr53PviiVpye4R0=";
};
nativeBuildInputs = [
desktop-file-utils # for update-desktop-database
meson
ninja
pkg-config
wrapGAppsHook4
] ++ (with rustPlatform; [
cargoSetupHook
rust.cargo
rust.rustc
]);
buildInputs = [
libadwaita
libsecret
protobuf
];
meta = {
changelog = "https://gitlab.com/Schmiddiii/flare/-/blob/${src.rev}/CHANGELOG.md";
description = "An unofficial Signal GTK client";
homepage = "https://gitlab.com/Schmiddiii/flare";
license = lib.licenses.agpl3Plus;
maintainers = with lib.maintainers; [ dotlambda tomfitzhenry ];
platforms = lib.platforms.linux;
};
}

12
pkgs/applications/networking/instant-messengers/zoom-us/default.nix
View file

@ -48,23 +48,23 @@ let
# and often with different versions. We write them on three lines
# like this (rather than using {}) so that the updater script can
# find where to edit them.
versions.aarch64-darwin = "5.13.6.14918";
versions.x86_64-darwin = "5.13.6.14918";
versions.x86_64-linux = "5.13.5.431";
versions.aarch64-darwin = "5.13.7.15481";
versions.x86_64-darwin = "5.13.7.15481";
versions.x86_64-linux = "5.13.7.683";
srcs = {
aarch64-darwin = fetchurl {
url = "https://zoom.us/client/${versions.aarch64-darwin}/zoomusInstallerFull.pkg?archType=arm64";
name = "zoomusInstallerFull.pkg";
hash = "sha256-QY9z1bTKtL32HE4XWnBIvCNmDF+3x5N9BdfqJA+24fA=";
hash = "sha256-lCg8xCEuZSWnd4fieug9xjudE9q6pNICRsbvA4ATVK8=";
};
x86_64-darwin = fetchurl {
url = "https://zoom.us/client/${versions.x86_64-darwin}/zoomusInstallerFull.pkg";
hash = "sha256-eSPKzxDPXCbME0eTTDlfsI5KM5qRm79JTtnGJvpiS98=";
hash = "sha256-jmMpkqUga/KQJfXFbGURcWQudnCKlIi5NGY6LuekjKw=";
};
x86_64-linux = fetchurl {
url = "https://zoom.us/client/${versions.x86_64-linux}/zoom_x86_64.pkg.tar.xz";
hash = "sha256-R0IMV/+R7AGFy/ZvNyyvIBv10t1x1U1X6jdHoo6UHKY=";
hash = "sha256-1aA3W9eXYhjxr39PoTSAVG7mToFInF7uz8MCiJhk/10=";
};
};

4
pkgs/applications/networking/mailreaders/thunderbird/packages.nix
View file

@ -5,13 +5,13 @@ rec {
thunderbird-102 = (buildMozillaMach rec {
pname = "thunderbird";
version = "102.7.1";
version = "102.7.2";
application = "comm/mail";
applicationName = "Mozilla Thunderbird";
binaryName = pname;
src = fetchurl {
url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz";
sha512 = "6310f3f122a1a61917ec2d0efe3a031b199ac13681e9fb4035abc0f4de0dbafb12accffbd63facb23f2cebf0124a13f7538a33176a2a513d1f685bee40db50ba";
sha512 = "7371079d59cceb47fdd0e9661f79eae7510ab0f5bf8e80c21952dfb5fed3db72279a4ac9d3a3de3617194fb36a9420ae814a69ee19a93ba242d2aa2b921e3010";
};
extraPatches = [
# The file to be patched is different from firefox's `no-buildconfig-ffx90.patch`.

11
pkgs/applications/networking/nextcloud-client/0001-Explicitly-copy-dbus-files-into-the-store-dir.patch
View file

@ -8,18 +8,13 @@ Subject: [PATCH] Explicitly copy dbus files into the store dir
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shell_integration/libcloudproviders/CMakeLists.txt b/shell_integration/libcloudproviders/CMakeLists.txt
index 1f35335..7f76951 100644
index 2e7349ef7..512d4b188 100644
--- a/shell_integration/libcloudproviders/CMakeLists.txt
+++ b/shell_integration/libcloudproviders/CMakeLists.txt
@@ -19,7 +19,7 @@ MACRO(PKGCONFIG_GETVAR _package _var _output_variable)
ENDMACRO(PKGCONFIG_GETVAR _package _var _output_variable)
@@ -1,5 +1,6 @@
macro(dbus_add_activation_service _sources)
- PKGCONFIG_GETVAR(dbus-1 session_bus_services_dir _install_dir)
pkg_get_variable(_install_dir dbus-1 session_bus_services_dir)
+ set(_install_dir "${CMAKE_INSTALL_DATADIR}/dbus-1/service")
foreach (_i ${_sources})
get_filename_component(_service_file ${_i} ABSOLUTE)
string(REGEX REPLACE "\\.service.*$" ".service" _output_file ${_i})
--
2.19.2

4
pkgs/applications/networking/nextcloud-client/default.nix
View file

@ -26,7 +26,7 @@
mkDerivation rec {
pname = "nextcloud-client";
version = "3.6.6";
version = "3.7.1";
outputs = [ "out" "dev" ];
@ -34,7 +34,7 @@ mkDerivation rec {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
sha256 = "sha256-P3LSgrcMZZM0OY3yQz8t3Cf5spJJTB+JTIpoT9U3+xc=";
sha256 = "sha256-MbxGS1Msb3xCW0z8FrIZEY3XaBa4BmN+JFBkV/Pf79A=";
};
patches = [

6
pkgs/applications/networking/remote/teamviewer/default.nix
View file

@ -26,11 +26,11 @@ mkDerivation rec {
pname = "teamviewer";
# teamviewer itself has not development files but the dev output removes propagated other dev outputs from runtime
outputs = [ "out" "dev" ];
version = "15.35.7";
version = "15.38.3";
src = fetchurl {
url = "https://dl.tvcdn.de/download/linux/version_15x/teamviewer_${version}_amd64.deb";
sha256 = "sha256-KNUhe0c6Th2pW7+Lmo62FYdOv+8t7Z5/eQkYPN8eusc=";
url = "https://dl.tvcdn.de/download/linux/version_${lib.versions.major version}x/teamviewer_${version}_amd64.deb";
sha256 = "sha256-+GGpGV8rl15VQvPRA2PWngQI4VoxCrZ0ArEm9FgdOVE=";
};
unpackPhase = ''

19
pkgs/applications/networking/sniffnet/default.nix
View file

@ -1,9 +1,11 @@
{ lib
, rustPlatform
, fetchCrate
, fetchFromGitHub
, pkg-config
, libpcap
, stdenv
, alsa-lib
, expat
, fontconfig
, libGL
, xorg
@ -12,20 +14,24 @@
rustPlatform.buildRustPackage rec {
pname = "sniffnet";
version = "1.0.1";
version = "1.1.0";
src = fetchCrate {
inherit pname version;
sha256 = "sha256-8K774j04BOEuJjnFYjaSctPwBrKYYKqjFS2+PyxJ2FM=";
src = fetchFromGitHub {
owner = "gyulyvgc";
repo = "sniffnet";
rev = "v${version}";
hash = "sha256-zqk0N1S0vylleyyXaSflIZyWncZV0+wbSy1oAbyLx/4=";
};
cargoSha256 = "sha256-096i4wDdoJCICd0L2QNY+7cKHQnijK22zj4XaQNuko8=";
cargoHash = "sha256-9CTA7Yh2O5S8DvRjwvkrb4ye0/8f+l0tsTxNBMmxLpQ=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
libpcap
] ++ lib.optionals stdenv.isLinux [
alsa-lib
expat
fontconfig
libGL
xorg.libX11
@ -34,6 +40,7 @@ rustPlatform.buildRustPackage rec {
xorg.libXrandr
] ++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.AppKit
rustPlatform.bindgenHook
];
postFixup = lib.optionalString stdenv.isLinux ''

4
pkgs/applications/radio/hackrf/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "hackrf";
version = "2022.09.1";
version = "2023.01.1";
src = fetchFromGitHub {
owner = "greatscottgadgets";
repo = "hackrf";
rev = "v${version}";
sha256 = "sha256-c+9DEMxioIbEDNTdLSOnxX1zpFk07K9rlGP9goEJMlU=";
sha256 = "sha256-zvSSCNtqHOZVlrBggjgxEyUTqTiAIAhdzUkm4Pm9b3k=";
};
nativeBuildInputs = [

10
pkgs/applications/radio/soapysdr/default.nix
View file

@ -5,7 +5,8 @@
, python ? null
, ncurses, swig2
, extraPackages ? []
} :
, testers
}:
let
@ -14,7 +15,7 @@ let
modulesPath = "lib/SoapySDR/modules" + modulesVersion;
extraPackagesSearchPath = lib.makeSearchPath modulesPath extraPackages;
in stdenv.mkDerivation {
in stdenv.mkDerivation (finalAttrs: {
pname = "soapysdr";
inherit version;
@ -58,12 +59,15 @@ in stdenv.mkDerivation {
done
'';
passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
meta = with lib; {
homepage = "https://github.com/pothosware/SoapySDR";
description = "Vendor and platform neutral SDR support library";
license = licenses.boost;
maintainers = with maintainers; [ markuskowa ];
mainProgram = "SoapySDRUtil";
pkgConfigModules = [ "SoapySDR" ];
platforms = platforms.unix;
};
}
})

2
pkgs/applications/science/math/bliss/default.nix
View file

@ -32,6 +32,6 @@ stdenv.mkDerivation rec {
description = "An open source tool for computing automorphism groups and canonical forms of graphs. It has both a command line user interface as well as C++ and C programming language APIs";
homepage = "http://www.tcs.hut.fi/Software/bliss/";
license = licenses.lgpl3;
platforms = [ "i686-linux" "x86_64-linux" ];
platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ];
};
}

4
pkgs/applications/science/math/polymake/default.nix
View file

@ -25,13 +25,13 @@
stdenv.mkDerivation rec {
pname = "polymake";
version = "4.8";
version = "4.9";
src = fetchurl {
# "The minimal version is a packager friendly version which omits
# the bundled sources of cdd, lrs, libnormaliz, nauty and jReality."
url = "https://polymake.org/lib/exe/fetch.php/download/polymake-${version}-minimal.tar.bz2";
sha256 = "sha256-GfsAypJBpHwpvoEl/IzJ1gQfeMcYwB7oNe01xWJ+86w=";
sha256 = "sha256-BMkLgms6JsWmPhi+MZv/Eqie8BKL+KaPtk3xBZSyWfM=";
};
nativeBuildInputs = [

4
pkgs/applications/science/molecular-dynamics/gromacs/default.nix
View file

@ -19,11 +19,11 @@ let
in stdenv.mkDerivation rec {
pname = "gromacs";
version = "2022.4";
version = "2023";
src = fetchurl {
url = "ftp://ftp.gromacs.org/pub/gromacs/gromacs-${version}.tar.gz";
sha256 = "sha256-xRG+YC/ylAIGW1CQaEHe+YdSY5uSqV8bChBg2bXicpc=";
sha256 = "sha256-rJLG2nL7vMpBT9io2Xnlbs8XxMHNq+0tpc+05yd7e6g=";
};
nativeBuildInputs = [ cmake ];

6
pkgs/applications/version-management/gfold/default.nix
View file

@ -12,7 +12,7 @@
let
pname = "gfold";
version = "4.2.0";
version = "4.3.0";
in
rustPlatform.buildRustPackage {
inherit pname version;
@ -21,10 +21,10 @@ rustPlatform.buildRustPackage {
owner = "nickgerace";
repo = pname;
rev = version;
sha256 = "sha256-cH4FhXrdT0ejpyt8G2rSGw9WE9sfOXRkSA9+FVwRmtQ=";
sha256 = "sha256-yvMp5x1uiJGkWHnwfONx4pVotSSE6sTW4uqWpI2AFXg=";
};
cargoSha256 = "sha256-NmVmqBzRUdumWQ9MzolZTo0VQW9JTjIyYRwUTzGiQZ4=";
cargoHash = "sha256-MBWaNjs840twU9SQLvgVcXTT0RN2QJ7PiaAohiiQu3s=";
buildInputs = lib.optionals stdenv.isDarwin [ libiconv Security ];

6
pkgs/applications/version-management/gh/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "gh";
version = "2.22.1";
version = "2.23.0";
src = fetchFromGitHub {
owner = "cli";
repo = "cli";
rev = "v${version}";
hash = "sha256-TREy2pzVAHClwbryfEgX2WqtQ8+RmJtCNrESeaHDHMs=";
hash = "sha256-91TmPIjFOCeZmbobn3mIJis5qofJFmNGuX19+Cyo8Ck=";
};
vendorHash = "sha256-OjTl43UQGGHqCrw0kMBShuS8aonjWczfzQGmGJLhdrU=";
vendorHash = "sha256-NiXC0ooUkAqFCLp3eRBpryazQU94gSnw0gYFwQNeCo4=";
nativeBuildInputs = [ installShellFiles ];

4
pkgs/applications/version-management/git-machete/default.nix
View file

@ -12,13 +12,13 @@
buildPythonApplication rec {
pname = "git-machete";
version = "3.14.3";
version = "3.15.0";
src = fetchFromGitHub {
owner = "virtuslab";
repo = pname;
rev = "v${version}";
hash = "sha256-VOny8r00JYUT4Z7LukvWTH9ZTn86vn2Dc1YhPmtdE5s=";
hash = "sha256-HSgCvHjSOrMPsdOPtgFUeK6b0ioVnwTtg2oHGg4BrZw=";
};
nativeBuildInputs = [ installShellFiles ];

6
pkgs/applications/version-management/glab/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "glab";
version = "1.24.1";
version = "1.25.3";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-CUchYPMBTINkMJg8TC8rKMVkrcj/Gy+ZxV7jbtMFvpg=";
hash = "sha256-x/VH6cRrJZ2t2iftBPC86FcgIwjRNzV11MwLG2y+Paw=";
};
vendorSha256 = "sha256-NuK63ibb1t+HnSR/gCFS7HWVtfGLazVx2M+qxRNCR1I=";
vendorHash = "sha256-FZ1CiR8Rj/sMoCnQm6ArGQfRTlvmD14EZDmufnlTSTk=";
ldflags = [
"-s"

10
pkgs/applications/version-management/sourcehut/default.nix
View file

@ -2,6 +2,7 @@
, callPackage
, recurseIntoAttrs
, nixosTests
, config
}:
# To expose the *srht modules, they have to be a python module so we use `buildPythonModule`
@ -28,12 +29,10 @@ let
};
};
in
with python.pkgs; recurseIntoAttrs {
with python.pkgs; recurseIntoAttrs ({
inherit python;
coresrht = toPythonApplication srht;
buildsrht = toPythonApplication buildsrht;
# Added 2022-10-29
dispatchsrht = throw "dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ for more information.";
gitsrht = toPythonApplication gitsrht;
hgsrht = toPythonApplication hgsrht;
hubsrht = toPythonApplication hubsrht;
@ -46,4 +45,7 @@ with python.pkgs; recurseIntoAttrs {
passthru.tests = {
nixos-sourcehut = nixosTests.sourcehut;
};
}
} // lib.optionalAttrs config.allowAliases {
# Added 2022-10-29
dispatchsrht = throw "dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ for more information.";
})

354
pkgs/applications/video/handbrake/default.nix
View file

@ -25,7 +25,7 @@
, numactl
, writeText
# Processing, video codecs, containers
, ffmpeg-full
, ffmpeg_5-full
, nv-codec-headers
, libogg
, x264
@ -34,6 +34,7 @@
, libtheora
, dav1d
, zimg
, svt-av1
# Codecs, audio
, libopus
, lame
@ -84,57 +85,55 @@
}:
let
version = "1.5.1";
version = "1.6.1";
src = fetchFromGitHub {
owner = "HandBrake";
repo = "HandBrake";
rev = version;
sha256 = "1kk11zl1mk37d4cvbc75gfndmma7vy3vkp4gmkyl92kiz6zadhyy";
sha256 = "sha256-0MJ1inMNA6s8l2S0wnpM2c7FxOoOHxs9u4E/rgKfjJo=";
};
# Handbrake maintains a set of ffmpeg patches. In particular, these
# patches are required for subtitle timing to work correctly. See:
# https://github.com/HandBrake/HandBrake/issues/4029
ffmpeg-version = "4.4.1";
ffmpeg-hb = (ffmpeg-full.override { withSdl2 = false; }).overrideAttrs (old: {
ffmpeg-version = "5.1.1";
ffmpeg-hb = ffmpeg_5-full.overrideAttrs (old: {
version = ffmpeg-version;
src = fetchurl {
url = "https://www.ffmpeg.org/releases/ffmpeg-${ffmpeg-version}.tar.bz2";
hash = "sha256-j8nyCsXtlRFanihWR63Q7t1cwamKA5raFMEyRS+YrEI=";
hash = "sha256-zQ4W+QNCEmbVzN3t97g7nldUrvS596fwbOnkyALwVFs=";
};
patches = old.patches or [] ++ [
"${src}/contrib/ffmpeg/A01-qsv-scale-fix-green-stripes.patch"
"${src}/contrib/ffmpeg/A02-qsv-interpolation.patch"
"${src}/contrib/ffmpeg/A03-qsv-dx11-ffmpeg44.patch"
"${src}/contrib/ffmpeg/A04-configure-ensure-the-right-libmfx-version-is-used-wh.patch"
"${src}/contrib/ffmpeg/A05-qsv-add-includedir-mfx-to-the-search-path-for-old-ve.patch"
"${src}/contrib/ffmpeg/A06-qsv-load-user-plugin-for-MFX_VERSION-2.0.patch"
"${src}/contrib/ffmpeg/A07-qsv-build-audio-related-code-when-MFX_VERSION-2.0.patch"
"${src}/contrib/ffmpeg/A08-qsvenc-don-t-support-multi-frame-encode-when-MFX_VER.patch"
"${src}/contrib/ffmpeg/A09-qsvenc-don-t-support-MFX_RATECONTROL_LA_EXT-when-MFX.patch"
"${src}/contrib/ffmpeg/A10-qsv-don-t-support-OPAQUE-memory-when-MFX_VERSION-2.0.patch"
"${src}/contrib/ffmpeg/A11-qsv-opaque-deinterlace.patch"
"${src}/contrib/ffmpeg/A12-qsv-opaque-vpp.patch"
"${src}/contrib/ffmpeg/A13-qsv-opaque-hwcontext_qsv.patch"
"${src}/contrib/ffmpeg/A14-configure-check-mfxdefs.h-instead-of-mfxvp9.h-for-MF.patch"
"${src}/contrib/ffmpeg/A15-configure-allow-user-to-build-FFmpeg-against-oneVPL.patch"
"${src}/contrib/ffmpeg/A16-qsv-add-macro-QSV_ONEVPL-for-the-oneVPL-SDK.patch"
"${src}/contrib/ffmpeg/A17-qsv-use-a-new-method-to-create-mfx-session-when-usin.patch"
"${src}/contrib/ffmpeg/A18-qsv-new-method-hwcontext_qsv.patch"
"${src}/contrib/ffmpeg/A19-qsv-fix-session-for-d3d11-device.patch"
"${src}/contrib/ffmpeg/A20-mov-read-name-track-tag-written-by-movenc.patch"
"${src}/contrib/ffmpeg/A21-movenc-write-3gpp-track-titl-tag.patch"
"${src}/contrib/ffmpeg/A22-mov-read-3gpp-udta-tags.patch"
"${src}/contrib/ffmpeg/A23-movenc-write-3gpp-track-names-tags-for-all-available.patch"
"${src}/contrib/ffmpeg/A24-FFmpeg-devel-amfenc-Add-support-for-pict_type-field.patch"
"${src}/contrib/ffmpeg/A25-dvdsubdec-fix-processing-of-partial-packets.patch"
"${src}/contrib/ffmpeg/A26-ccaption_dec-return-number-of-bytes-used.patch"
"${src}/contrib/ffmpeg/A27-dvdsubdec-return-number-of-bytes-used.patch"
"${src}/contrib/ffmpeg/A28-dvdsubdec-use-pts-of-initial-packet.patch"
"${src}/contrib/ffmpeg/A29-matroskaenc-aac-extradata-updated.patch"
"${src}/contrib/ffmpeg/A30-ccaption_dec-fix-pts-in-real_time-mode.patch"
"${src}/contrib/ffmpeg/A32-qsv-fix-decode-10bit-hdr.patch"
patches = old.patches or [ ] ++ [
"${src}/contrib/ffmpeg/A01-qsv-libavfilter-qsvvpp-change-the-output-frame-s-width-a.patch"
"${src}/contrib/ffmpeg/A02-qsv-configure-ensure-enable-libmfx-uses-libmfx-1.x.patch"
"${src}/contrib/ffmpeg/A03-qsv-configure-fix-the-check-for-MFX_CODEC_VP9.patch"
"${src}/contrib/ffmpeg/A04-qsv-remove-mfx-prefix-from-mfx-headers.patch"
"${src}/contrib/ffmpeg/A05-qsv-load-user-plugin-for-MFX_VERSION-2.0.patch"
"${src}/contrib/ffmpeg/A06-qsv-build-audio-related-code-when-MFX_VERSION-2.0.patch"
"${src}/contrib/ffmpeg/A07-qsvenc-support-multi-frame-encode-when-MFX_VERSION-2.patch"
"${src}/contrib/ffmpeg/A08-qsvenc-support-MFX_RATECONTROL_LA_EXT-when-MFX_VERSI.patch"
"${src}/contrib/ffmpeg/A09-qsv-support-OPAQUE-memory-when-MFX_VERSION-2.0.patch"
"${src}/contrib/ffmpeg/A10-qsv-configure-add-enable-libvpl-option.patch"
"${src}/contrib/ffmpeg/A11-qsv-use-a-new-method-to-create-mfx-session-when-usin.patch"
"${src}/contrib/ffmpeg/A12-qsv-fix-decode-10bit-hdr.patch"
"${src}/contrib/ffmpeg/A13-mov-read-name-track-tag-written-by-movenc.patch"
"${src}/contrib/ffmpeg/A14-movenc-write-3gpp-track-titl-tag.patch"
"${src}/contrib/ffmpeg/A15-mov-read-3gpp-udta-tags.patch"
"${src}/contrib/ffmpeg/A16-movenc-write-3gpp-track-names-tags-for-all-available.patch"
"${src}/contrib/ffmpeg/A17-FFmpeg-devel-amfenc-Add-support-for-pict_type-field.patch"
"${src}/contrib/ffmpeg/A18-dvdsubdec-fix-processing-of-partial-packets.patch"
"${src}/contrib/ffmpeg/A19-ccaption_dec-return-number-of-bytes-used.patch"
"${src}/contrib/ffmpeg/A20-dvdsubdec-return-number-of-bytes-used.patch"
"${src}/contrib/ffmpeg/A21-dvdsubdec-use-pts-of-initial-packet.patch"
"${src}/contrib/ffmpeg/A22-matroskaenc-aac-extradata-updated.patch"
"${src}/contrib/ffmpeg/A23-ccaption_dec-fix-pts-in-real_time-mode.patch"
"${src}/contrib/ffmpeg/A24-fix-eac3-dowmix.patch"
"${src}/contrib/ffmpeg/A25-enable-truehd-pass.patch"
"${src}/contrib/ffmpeg/A26-Update-the-min-version-to-1.4.23.0-for-AMF-SDK.patch"
"${src}/contrib/ffmpeg/A27-avcodec-amfenc-Fixes-the-color-information-in-the-ou.patch"
"${src}/contrib/ffmpeg/A28-avcodec-amfenc-HDR-metadata.patch"
"${src}/contrib/ffmpeg/A30-svt-av1-backports.patch"
];
});
@ -151,148 +150,151 @@ let
inherit (lib) optional optionals optionalString versions;
in
let self = stdenv.mkDerivation rec {
pname = "handbrake";
inherit version src;
let
self = stdenv.mkDerivation rec {
pname = "handbrake";
inherit version src;
postPatch = ''
install -Dm444 ${versionFile} ${versionFile.name}
postPatch = ''
install -Dm444 ${versionFile} ${versionFile.name}
patchShebangs scripts
patchShebangs scripts
substituteInPlace libhb/hb.c \
--replace 'return hb_version;' 'return "${version}";'
substituteInPlace libhb/hb.c \
--replace 'return hb_version;' 'return "${version}";'
# Force using nixpkgs dependencies
sed -i '/MODULES += contrib/d' make/include/main.defs
sed -e 's/^[[:space:]]*\(meson\|ninja\|nasm\)[[:space:]]*= ToolProbe.*$//g' \
-e '/ ## Additional library and tool checks/,/ ## MinGW specific library and tool checks/d' \
-i make/configure.py
'' + optionalString stdenv.isDarwin ''
# Use the Nix-provided libxml2 instead of the patched version available on
# the Handbrake website.
substituteInPlace libhb/module.defs \
--replace '$(CONTRIB.build/)include/libxml2' ${libxml2.dev}/include/libxml2
# Force using nixpkgs dependencies
sed -i '/MODULES += contrib/d' make/include/main.defs
sed -e 's/^[[:space:]]*\(meson\|ninja\|nasm\)[[:space:]]*= ToolProbe.*$//g' \
-e '/ ## Additional library and tool checks/,/ ## MinGW specific library and tool checks/d' \
-i make/configure.py
'' + optionalString stdenv.isDarwin ''
# Use the Nix-provided libxml2 instead of the patched version available on
# the Handbrake website.
substituteInPlace libhb/module.defs \
--replace '$(CONTRIB.build/)include/libxml2' ${libxml2.dev}/include/libxml2
# Prevent the configure script from failing if xcodebuild isn't available,
# which it isn't in the Nix context. (The actual build goes fine without
# xcodebuild.)
sed -e '/xcodebuild = ToolProbe/s/abort=.\+)/abort=False)/' -i make/configure.py
'' + optionalString stdenv.isLinux ''
# Use the Nix-provided libxml2 instead of the system-provided one.
substituteInPlace libhb/module.defs \
--replace /usr/include/libxml2 ${libxml2.dev}/include/libxml2
'';
nativeBuildInputs = [
autoconf
automake
libtool
m4
pkg-config
python3
]
++ optionals useGtk [ intltool wrapGAppsHook ];
buildInputs = [
a52dec
dav1d
ffmpeg-hb
fontconfig
freetype
fribidi
harfbuzz
jansson
lame
libass
libbluray
libdvdcss
libdvdnav
libdvdread
libiconv
libjpeg_turbo
libogg
libopus
libsamplerate
libtheora
libvorbis
libvpx
libxml2
speex
x264
x265
xz
zimg
]
++ optional (!stdenv.isDarwin) numactl
++ optionals useGtk [
dbus-glib
glib
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
gtk3
hicolor-icon-theme
libappindicator-gtk3
libgudev
libnotify
udev
]
++ optional useFdk fdk_aac
++ optionals stdenv.isDarwin [ AudioToolbox Foundation libobjc VideoToolbox ]
# NOTE: 2018-12-27: Handbrake supports nv-codec-headers for Linux only,
# look at ./make/configure.py search "enable_nvenc"
++ optional stdenv.isLinux nv-codec-headers;
configureFlags = [
"--disable-df-fetch"
"--disable-df-verify"
"--disable-gtk-update-checks"
]
++ optional (!useGtk) "--disable-gtk"
++ optional useFdk "--enable-fdk-aac"
++ optional stdenv.isDarwin "--disable-xcode"
++ optional stdenv.hostPlatform.isx86 "--harden";
# NOTE: 2018-12-27: Check NixOS HandBrake test if changing
NIX_LDFLAGS = [ "-lx265" ];
makeFlags = [ "--directory=build" ];
passthru.tests = {
basic-conversion =
let
# Big Buck Bunny example, licensed under CC Attribution 3.0.
testMkv = fetchurl {
url = "https://github.com/Matroska-Org/matroska-test-files/blob/cf0792be144ac470c4b8052cfe19bb691993e3a2/test_files/test1.mkv?raw=true";
sha256 = "1hfxbbgxwfkzv85pvpvx55a72qsd0hxjbm9hkl5r3590zw4s75h9";
};
in
runCommand "${pname}-${version}-basic-conversion" { nativeBuildInputs = [ self ]; } ''
mkdir -p $out
cd $out
HandBrakeCLI -i ${testMkv} -o test.mp4 -e x264 -q 20 -B 160
test -e test.mp4
HandBrakeCLI -i ${testMkv} -o test.mkv -e x264 -q 20 -B 160
test -e test.mkv
'';
version = testers.testVersion { package = self; command = "HandBrakeCLI --version"; };
};
meta = with lib; {
homepage = "https://handbrake.fr/";
description = "A tool for converting video files and ripping DVDs";
longDescription = ''
Tool for converting and remuxing video files
into selection of modern and widely supported codecs
and containers. Very versatile and customizable.
Package provides:
CLI - `HandbrakeCLI`
GTK GUI - `ghb`
# Prevent the configure script from failing if xcodebuild isn't available,
# which it isn't in the Nix context. (The actual build goes fine without
# xcodebuild.)
sed -e '/xcodebuild = ToolProbe/s/abort=.\+)/abort=False)/' -i make/configure.py
'' + optionalString stdenv.isLinux ''
# Use the Nix-provided libxml2 instead of the system-provided one.
substituteInPlace libhb/module.defs \
--replace /usr/include/libxml2 ${libxml2.dev}/include/libxml2
'';
license = licenses.gpl2Only;
maintainers = with maintainers; [ Anton-Latukha wmertens ];
platforms = with platforms; unix;
broken = stdenv.isDarwin && lib.versionOlder stdenv.hostPlatform.darwinMinVersion "10.13";
nativeBuildInputs = [
autoconf
automake
libtool
m4
pkg-config
python3
]
++ optionals useGtk [ intltool wrapGAppsHook ];
buildInputs = [
a52dec
dav1d
ffmpeg-hb
fontconfig
freetype
fribidi
harfbuzz
jansson
lame
libass
libbluray
libdvdcss
libdvdnav
libdvdread
libiconv
libjpeg_turbo
libogg
libopus
libsamplerate
libtheora
libvorbis
libvpx
libxml2
speex
svt-av1
x264
x265
xz
zimg
]
++ optional (!stdenv.isDarwin) numactl
++ optionals useGtk [
dbus-glib
glib
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
gtk3
hicolor-icon-theme
libappindicator-gtk3
libgudev
libnotify
udev
]
++ optional useFdk fdk_aac
++ optionals stdenv.isDarwin [ AudioToolbox Foundation libobjc VideoToolbox ]
# NOTE: 2018-12-27: Handbrake supports nv-codec-headers for Linux only,
# look at ./make/configure.py search "enable_nvenc"
++ optional stdenv.isLinux nv-codec-headers;
configureFlags = [
"--disable-df-fetch"
"--disable-df-verify"
"--disable-gtk-update-checks"
]
++ optional (!useGtk) "--disable-gtk"
++ optional useFdk "--enable-fdk-aac"
++ optional stdenv.isDarwin "--disable-xcode"
++ optional stdenv.hostPlatform.isx86 "--harden";
# NOTE: 2018-12-27: Check NixOS HandBrake test if changing
NIX_LDFLAGS = [ "-lx265" ];
makeFlags = [ "--directory=build" ];
passthru.tests = {
basic-conversion =
let
# Big Buck Bunny example, licensed under CC Attribution 3.0.
testMkv = fetchurl {
url = "https://github.com/Matroska-Org/matroska-test-files/blob/cf0792be144ac470c4b8052cfe19bb691993e3a2/test_files/test1.mkv?raw=true";
sha256 = "1hfxbbgxwfkzv85pvpvx55a72qsd0hxjbm9hkl5r3590zw4s75h9";
};
in
runCommand "${pname}-${version}-basic-conversion" { nativeBuildInputs = [ self ]; } ''
mkdir -p $out
cd $out
HandBrakeCLI -i ${testMkv} -o test.mp4 -e x264 -q 20 -B 160
test -e test.mp4
HandBrakeCLI -i ${testMkv} -o test.mkv -e x264 -q 20 -B 160
test -e test.mkv
'';
version = testers.testVersion { package = self; command = "HandBrakeCLI --version"; };
};
meta = with lib; {
homepage = "https://handbrake.fr/";
description = "A tool for converting video files and ripping DVDs";
longDescription = ''
Tool for converting and remuxing video files
into selection of modern and widely supported codecs
and containers. Very versatile and customizable.
Package provides:
CLI - `HandbrakeCLI`
GTK GUI - `ghb`
'';
license = licenses.gpl2Only;
maintainers = with maintainers; [ Anton-Latukha wmertens ];
platforms = with platforms; unix;
broken = stdenv.isDarwin && lib.versionOlder stdenv.hostPlatform.darwinMinVersion "10.13";
};
};
};
in self
in
self

3
pkgs/build-support/build-graalvm-native-image/default.nix
View file

@ -10,7 +10,6 @@
# except in special cases. In most cases, use extraNativeBuildArgs instead
, nativeImageBuildArgs ? [
"-jar" jar
"-H:CLibraryPath=${lib.getLib graalvm}/lib"
(lib.optionalString stdenv.isDarwin "-H:-CheckToolchain")
"-H:Name=${executable}"
"--verbose"
@ -50,6 +49,8 @@ stdenv.mkDerivation (args // {
runHook postInstall
'';
disallowedReferences = [ graalvmDrv ];
meta = {
# default to graalvm's platforms
platforms = graalvmDrv.meta.platforms;

6
pkgs/data/documentation/scheme-manpages/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "scheme-manpages";
version = "unstable-2022-07-04";
version = "unstable-2023-02-06";
src = fetchFromGitHub {
owner = "schemedoc";
repo = "manpages";
rev = "0b95de112857b185b83141ac9324fb0e786c56df";
sha256 = "sha256-HWkZJd4t7gsbbSGiQ92Lav9EMBPMLXmXFT6HVfyFLSI=";
rev = "ccaa76761a1b100e99287c120196bd5f32d4a403";
hash = "sha256-RL/94dQiZJ60cXHQ9r4P3hRBqe55oUissCmSp4XLM+o=";
};
dontBuild = true;

11
pkgs/data/fonts/iosevka/default.nix
View file

@ -1,9 +1,8 @@
{ stdenv
, lib
, pkgs
, buildNpmPackage
, fetchFromGitHub
, nodejs
, darwin
, remarshal
, ttfautohint-nox
# Custom font set options.
@ -67,7 +66,13 @@ buildNpmPackage rec {
npmDepsHash = "sha256-Ncf07ggyOnz/2SpgdmaYS2X/8Bad+J2sz8Yyx9Iri3E=";
nativeBuildInputs = [ nodejs remarshal ttfautohint-nox ];
nativeBuildInputs = [
remarshal
ttfautohint-nox
] ++ lib.optionals stdenv.isDarwin [
# libtool
darwin.cctools
];
buildPlan =
if builtins.isAttrs privateBuildPlan then

18
pkgs/desktops/deepin/default.nix
View file

@ -3,6 +3,15 @@ let
packages = self:
let
inherit (self) callPackage;
replaceAll = x: y: ''
echo Replacing "${x}" to "${y}":
for file in $(grep -rl "${x}"); do
echo -- $file
substituteInPlace $file \
--replace "${x}" "${y}"
done
'';
in {
#### LIBRARIES
dtkcommon = callPackage ./library/dtkcommon { };
@ -30,6 +39,15 @@ let
deepin-picker = callPackage ./apps/deepin-picker { };
deepin-terminal = callPackage ./apps/deepin-terminal { };
#### Go Packages
go-lib = callPackage ./go-package/go-lib { inherit replaceAll; };
go-gir-generator = callPackage ./go-package/go-gir-generator { };
go-dbus-factory = callPackage ./go-package/go-dbus-factory { };
deepin-pw-check = callPackage ./go-package/deepin-pw-check { };
#### TOOLS
deepin-gettext-tools = callPackage ./tools/deepin-gettext-tools { };
#### ARTWORK
dde-account-faces = callPackage ./artwork/dde-account-faces { };
deepin-icon-theme = callPackage ./artwork/deepin-icon-theme { };

84
pkgs/desktops/deepin/go-package/deepin-pw-check/default.nix Normal file
View file

@ -0,0 +1,84 @@
{ stdenv
, lib
, fetchFromGitHub
, buildGoPackage
, pkg-config
, deepin-gettext-tools
, go-dbus-factory
, go-gir-generator
, go-lib
, gtk3
, glib
, libxcrypt
, gettext
, iniparser
, cracklib
, linux-pam
}:
buildGoPackage rec {
pname = "deepin-pw-check";
version = "5.1.18";
goPackagePath = "github.com/linuxdeepin/deepin-pw-check";
src = fetchFromGitHub {
owner = "linuxdeepin";
repo = pname;
rev = version;
sha256 = "sha256-v1Z4ArkrejjOCO1vD+BhfEl9pTfuvKgLM6Ont0IUCQk=";
};
goDeps = ./deps.nix;
nativeBuildInputs = [
pkg-config
gettext
deepin-gettext-tools
];
buildInputs = [
go-dbus-factory
go-gir-generator
go-lib
glib
libxcrypt
gtk3
iniparser
cracklib
linux-pam
];
postPatch = ''
sed -i 's|iniparser/||' */*.c
substituteInPlace misc/pkgconfig/libdeepin_pw_check.pc \
--replace "/usr" "$out"
substituteInPlace misc/system-services/com.deepin.daemon.PasswdConf.service \
--replace "/usr/lib/deepin-pw-check/deepin-pw-check" "$out/lib/deepin-pw-check/deepin-pw-check"
'';
buildPhase = ''
runHook preBuild
GOPATH="$GOPATH:${go-dbus-factory}/share/gocode"
GOPATH="$GOPATH:${go-gir-generator}/share/gocode"
GOPATH="$GOPATH:${go-lib}/share/gocode"
make -C go/src/${goPackagePath}
runHook postBuild
'';
installPhase = ''
runHook preInstall
make install PREFIX="$out" PKG_FILE_DIR=$out/lib/pkg-config PAM_MODULE_DIR=$out/etc/pam.d -C go/src/${goPackagePath}
# https://github.com/linuxdeepin/deepin-pw-check/blob/d5597482678a489077a506a87f06d2b6c4e7e4ed/debian/rules#L21
ln -s $out/lib/libdeepin_pw_check.so $out/lib/libdeepin_pw_check.so.1
runHook postInstall
'';
meta = with lib; {
description = "Tool to verify the validity of the password";
homepage = "https://github.com/linuxdeepin/deepin-pw-check";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = teams.deepin.members;
};
}

75
pkgs/desktops/deepin/go-package/deepin-pw-check/deps.nix generated Normal file
View file

@ -0,0 +1,75 @@
[
{
goPackagePath = "github.com/fsnotify/fsnotify";
fetch = {
type = "git";
url = "https://github.com/fsnotify/fsnotify";
rev = "v1.5.1";
sha256 = "sha256-B8kZ8yiWgallT7R2j1kSRJcJkSGFVf9ise+TpXa+7XY=";
};
}
{
goPackagePath = "github.com/godbus/dbus";
fetch = {
type = "git";
url = "https://github.com/godbus/dbus";
rev = "v5.1.0";
sha256 = "sha256-JSPtmkGEStBEVrKGszeLCb7P38SzQKgMiDC3eDppXs0=";
};
}
{
goPackagePath = "github.com/stretchr/testify";
fetch = {
type = "git";
url = "https://github.com/stretchr/testify";
rev = "v1.7.1";
sha256 = "sha256-disUVIHiIDSj/go3APtJH8awSl8QwKRRFLKI7LRnl0w=";
};
}
{
goPackagePath = "golang.org/x/sys";
fetch = {
type = "git";
url = "https://github.com/golang/sys";
rev = "289d7a0edf712062d9f1484b07bdf2383f48802f";
sha256 = "sha256-AzS/J3OocI7mA0xsIfQzyskNKVija7F2yvuts+EFJBs=";
};
}
{
goPackagePath = "gopkg.in/yaml.v3";
fetch = {
type = "git";
url = "https://github.com/go-yaml/yaml";
rev = "496545a6307b2a7d7a710fd516e5e16e8ab62dbc";
sha256 = "sha256-j8yDji+vqsitpRZirpb4w/Em8nstgf28wpwkcrOlxBk=";
};
}
{
goPackagePath = "github.com/davecgh/go-spew";
fetch = {
type = "git";
url = "https://github.com/davecgh/go-spew";
rev = "v1.1.1";
sha256 = "sha256-nhzSUrE1fCkN0+RL04N4h8jWmRFPPPWbCuDc7Ss0akI=";
};
}
{
goPackagePath = "github.com/stretchr/objx";
fetch = {
type = "git";
url = "https://github.com/stretchr/objx";
rev = "v0.3.0";
sha256 = "sha256-T753/EiD5Cpk6H2JFhd+s1gFvpNptG2XlEHxZF6dQaw=";
};
}
{
goPackagePath = "github.com/pmezard/go-difflib";
fetch = {
type = "git";
url = "https://github.com/pmezard/go-difflib";
rev = "5d4384ee4fb2527b0a1256a821ebfc92f91efefc";
sha256 = "sha256-XA4Oj1gdmdV/F/+8kMI+DBxKPthZ768hbKsO3d9Gx90=";
};
}
]

26
pkgs/desktops/deepin/go-package/go-dbus-factory/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ stdenv
, lib
, fetchFromGitHub
}:
stdenv.mkDerivation rec {
pname = "go-dbus-factory";
version = "1.10.23";
src = fetchFromGitHub {
owner = "linuxdeepin";
repo = pname;
rev = version;
sha256 = "sha256-6u9Bpoa80j/K1MipncfM378/qmSSMZAlx88jE4hHYBk=";
};
makeFlags = [ "PREFIX=${placeholder "out"}" ];
meta = with lib; {
description = "Generate go binding of D-Bus interfaces";
homepage = "https://github.com/linuxdeepin/go-dbus-factory";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = teams.deepin.members;
};
}

43
pkgs/desktops/deepin/go-package/go-gir-generator/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ stdenv
, lib
, fetchFromGitHub
, go
, pkg-config
, libgudev
, gobject-introspection
}:
stdenv.mkDerivation rec {
pname = "go-gir-generator";
version = "2.2.0";
src = fetchFromGitHub {
owner = "linuxdeepin";
repo = pname;
rev = version;
sha256 = "sha256-lFseui/M3+TyfYoa+rnS0cGhN6gdLrgpzgOwqzYcyPk=";
};
nativeBuildInputs = [
pkg-config
go
];
buildInputs = [
libgudev
gobject-introspection
];
makeFlags = [
"PREFIX=${placeholder "out"}"
"GOCACHE=$(TMPDIR)/go-cache"
];
meta = with lib; {
description = "Generate static golang bindings for GObject";
homepage = "https://github.com/linuxdeepin/go-gir-generator";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = teams.deepin.members;
};
}

45
pkgs/desktops/deepin/go-package/go-lib/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ stdenv
, lib
, fetchFromGitHub
, fetchpatch
, replaceAll
, runtimeShell
}:
stdenv.mkDerivation rec {
pname = "go-lib";
version = "5.8.27";
src = fetchFromGitHub {
owner = "linuxdeepin";
repo = pname;
rev = version;
sha256 = "sha256-ZV5zWu7UvNKVcVo79/iKMhF4H09rGyDCvEL61H05lZc=";
};
patches = [
(fetchpatch {
name = "fix_IsDir_for_symlink";
url = "https://github.com/linuxdeepin/go-lib/commit/79239904679dc70a11e1ac8e65670afcfdd7c122.patch";
sha256 = "sha256-RsN9hK26i/W6P/+e1l1spCLdlgIEWTehhIW6POBOvW4=";
})
];
postPatch = replaceAll "/bin/sh" "${runtimeShell}";
installPhase = ''
runHook preInstall
mkdir -p $out/share/gocode/src/github.com/linuxdeepin/go-lib
cp -a * $out/share/gocode/src/github.com/linuxdeepin/go-lib
rm -r $out/share/gocode/src/github.com/linuxdeepin/go-lib/debian
runHook postInstall
'';
meta = with lib; {
description = "Library containing many useful go routines for things such as glib, gettext, archive, graphic, etc";
homepage = "https://github.com/linuxdeepin/go-lib";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = teams.deepin.members;
};
}

Some files were not shown because too many files have changed in this diff Show more