b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #195862 from NixOS/staging-next

Browse source
This commit is contained in:
Martin Weinelt 2022-10-22 14:36:29 +02:00 committed by GitHub
parent 598f7de7bc 71e4896d63
commit 3928cfa27d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
576 changed files with 3150 additions and 1525 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
lib/deprecated.nix
View file

@ -157,7 +157,36 @@ rec {
}
);
closePropagation = list: (uniqList {inputList = (innerClosePropagation [] list);});
closePropagationSlow = list: (uniqList {inputList = (innerClosePropagation [] list);});
# This is an optimisation of lib.closePropagation which avoids the O(n^2) behavior
# Using a list of derivations, it generates the full closure of the propagatedXXXBuildInputs
# The ordering / sorting / comparison is done based on the `outPath`
# attribute of each derivation.
# On some benchmarks, it performs up to 15 times faster than lib.closePropagation.
# See https://github.com/NixOS/nixpkgs/pull/194391 for details.
closePropagationFast = list:
builtins.map (x: x.val) (builtins.genericClosure {
startSet = builtins.map (x: {
key = x.outPath;
val = x;
}) (builtins.filter (x: x != null) list);
operator = item:
if !builtins.isAttrs item.val then
[ ]
else
builtins.concatMap (x:
if x != null then [{
key = x.outPath;
val = x;
}] else
[ ]) ((item.val.propagatedBuildInputs or [ ])
++ (item.val.propagatedNativeBuildInputs or [ ]));
});
closePropagation = if builtins ? genericClosure
then closePropagationFast
else closePropagationSlow;
# calls a function (f attr value ) for each record item. returns a list
mapAttrsFlatten = f: r: map (attr: f attr r.${attr}) (attrNames r);

2
lib/generators.nix
View file

@ -378,7 +378,7 @@ rec {
attr = let attrFilter = name: value: name != "_module" && value != null;
in ind: x: libStr.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList
(name: value: lib.optional (attrFilter name value) [
(name: value: lib.optionals (attrFilter name value) [
(key "\t${ind}" name)
(expr "\t${ind}" value)
]) x));

2
nixos/doc/manual/administration/declarative-containers.section.md
View file

@ -9,7 +9,7 @@ containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_10;
services.postgresql.package = pkgs.postgresql_14;
};
};
```

2
nixos/doc/manual/configuration/config-file.section.md
View file

@ -166,7 +166,7 @@ Packages
pkgs.emacs
];
services.postgresql.package = pkgs.postgresql_10;
services.postgresql.package = pkgs.postgresql_14;
```
The latter option definition changes the default PostgreSQL package

2
nixos/doc/manual/from_md/administration/declarative-containers.section.xml
View file

@ -11,7 +11,7 @@ containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_10;
services.postgresql.package = pkgs.postgresql_14;
};
};
</programlisting>

2
nixos/doc/manual/from_md/configuration/config-file.section.xml
View file

@ -217,7 +217,7 @@ environment.systemPackages =
pkgs.emacs
];
services.postgresql.package = pkgs.postgresql_10;
services.postgresql.package = pkgs.postgresql_14;
</programlisting>
<para>
The latter option definition changes the default PostgreSQL

25
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
View file

@ -155,6 +155,15 @@
certificates by default.
</para>
</listitem>
<listitem>
<para>
Improved performances of
<literal>lib.closePropagation</literal> which was previously
quadratic. This is used in e.g.
<literal>ghcWithPackages</literal>. Please see backward
incompatibilities notes below.
</para>
</listitem>
<listitem>
<para>
Cinnamon has been updated to 5.4. While at it, the cinnamon
@ -505,6 +514,16 @@
future Git update without notice.
</para>
</listitem>
<listitem>
<para>
<literal>openssh</literal> was updated to version 9.1,
disabling the generation of DSA keys when using
<literal>ssh-keygen -A</literal> as they are insecure. Also,
<literal>SetEnv</literal> directives in
<literal>ssh_config</literal> and
<literal>sshd_config</literal> are now first-match-wins
</para>
</listitem>
<listitem>
<para>
<literal>bsp-layout</literal> no longer uses the command
@ -611,6 +630,12 @@
notes</link>.
</para>
</listitem>
<listitem>
<para>
<literal>lib.closePropagation</literal> now needs that all
gathered sets have an <literal>outPath</literal> attribute.
</para>
</listitem>
<listitem>
<para>
lemmy module option

6
nixos/doc/manual/release-notes/rl-2211.section.md
View file

@ -65,6 +65,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default.
- Improved performances of `lib.closePropagation` which was previously quadratic. This is used in e.g. `ghcWithPackages`. Please see backward incompatibilities notes below.
- Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to
blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream.
@ -172,6 +174,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.
- `openssh` was updated to version 9.1, disabling the generation of DSA keys when using `ssh-keygen -A` as they are insecure. Also, `SetEnv` directives in `ssh_config` and `sshd_config` are now first-match-wins
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
- The Barco ClickShare driver/client package `pkgs.clickshare-csc1` and the option `programs.clickshare-csc1.enable` have been removed,
@ -205,6 +209,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- `teleport` has been upgraded to major version 10. Please see upstream [upgrade instructions](https://goteleport.com/docs/ver/10.0/management/operations/upgrading/) and [release notes](https://goteleport.com/docs/ver/10.0/changelog/#1000).
- `lib.closePropagation` now needs that all gathered sets have an `outPath` attribute.
- lemmy module option `services.lemmy.settings.database.createLocally`
moved to `services.lemmy.database.createLocally`.

2
nixos/lib/make-options-doc/default.nix
View file

@ -122,7 +122,7 @@ in rec {
optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
buildInputs = [
nativeBuildInputs = [
pkgs.brotli
(let
self = (pkgs.python3Minimal.override {

2
nixos/modules/config/users-groups.nix
View file

@ -697,7 +697,7 @@ in {
value = "[a-zA-Z0-9/+.-]+";
options = "${id}(=${value})?(,${id}=${value})*";
scheme = "${id}(${sep}${options})?";
content = "${base64}${sep}${base64}";
content = "${base64}${sep}${base64}(${sep}${base64})?";
mcf = "^${sep}${scheme}${sep}${content}$";
in
if (allowsLogin user.hashedPassword

2
nixos/modules/hardware/video/nvidia.nix
View file

@ -261,7 +261,7 @@ in
in optional primeEnabled {
name = igpuDriver;
display = offloadCfg.enable;
modules = optional (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
modules = optionals (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
deviceSection = ''
BusID "${igpuBusId}"
${optionalString (syncCfg.enable && igpuDriver != "amdgpu") ''Option "AccelMethod" "none"''}

28
nixos/modules/services/desktops/pipewire/daemon/filter-chain.conf.json Normal file
View file

@ -0,0 +1,28 @@
{
"context.properties": {
"log.level": 0
},
"context.spa-libs": {
"audio.convert.*": "audioconvert/libspa-audioconvert",
"support.*": "support/libspa-support"
},
"context.modules": [
{
"name": "libpipewire-module-rt",
"args": {},
"flags": [
"ifexists",
"nofail"
]
},
{
"name": "libpipewire-module-protocol-native"
},
{
"name": "libpipewire-module-client-node"
},
{
"name": "libpipewire-module-adapter"
}
]
}

38
nixos/modules/services/desktops/pipewire/daemon/pipewire-avb.conf.json Normal file
View file

@ -0,0 +1,38 @@
{
"context.properties": {},
"context.spa-libs": {
"audio.convert.*": "audioconvert/libspa-audioconvert",
"support.*": "support/libspa-support"
},
"context.modules": [
{
"name": "libpipewire-module-rt",
"args": {
"nice.level": -11
},
"flags": [
"ifexists",
"nofail"
]
},
{
"name": "libpipewire-module-protocol-native"
},
{
"name": "libpipewire-module-client-node"
},
{
"name": "libpipewire-module-adapter"
},
{
"name": "libpipewire-module-avb",
"args": {}
}
],
"context.exec": [],
"stream.properties": {},
"avb.properties": {
"ifname": "enp3s0",
"vm.overrides": {}
}
}

2
nixos/modules/services/misc/ethminer.nix
View file

@ -85,7 +85,7 @@ in
config = mkIf cfg.enable {
systemd.services.ethminer = {
path = optional (cfg.toolkit == "cuda") [ pkgs.cudaPackages.cudatoolkit ];
path = optionals (cfg.toolkit == "cuda") [ pkgs.cudaPackages.cudatoolkit ];
description = "ethminer ethereum mining service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];

2
nixos/modules/services/misc/podgrab.nix
View file

@ -36,7 +36,7 @@ in
};
serviceConfig = {
DynamicUser = true;
EnvironmentFile = lib.optional (cfg.passwordFile != null) [
EnvironmentFile = lib.optionals (cfg.passwordFile != null) [
cfg.passwordFile
];
ExecStart = "${pkgs.podgrab}/bin/podgrab";

2
nixos/modules/services/networking/hostapd.nix
View file

@ -199,7 +199,7 @@ in
environment.systemPackages = [ pkgs.hostapd ];
services.udev.packages = optional (cfg.countryCode != null) [ pkgs.crda ];
services.udev.packages = optionals (cfg.countryCode != null) [ pkgs.crda ];
systemd.services.hostapd =
{ description = "hostapd wireless AP";

4
nixos/modules/services/networking/ntp/chrony.nix
View file

@ -27,7 +27,7 @@ let
${cfg.extraConfig}
'';
chronyFlags = "-n -m -u chrony -f ${configFile} ${toString cfg.extraFlags}";
chronyFlags = [ "-n" "-m" "-u" "chrony" "-f" "${configFile}" ] ++ cfg.extraFlags;
in
{
options = {
@ -166,7 +166,7 @@ in
unitConfig.ConditionCapability = "CAP_SYS_TIME";
serviceConfig =
{ Type = "simple";
ExecStart = "${chronyPkg}/bin/chronyd ${chronyFlags}";
ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}";
ProtectHome = "yes";
ProtectSystem = "full";

4
nixos/modules/services/networking/ntp/ntpd.nix
View file

@ -25,7 +25,7 @@ let
${cfg.extraConfig}
'';
ntpFlags = "-c ${configFile} -u ntp:ntp ${toString cfg.extraFlags}";
ntpFlags = [ "-c" "${configFile}" "-u" "ntp:ntp" ] ++ cfg.extraFlags;
in
@ -137,7 +137,7 @@ in
'';
serviceConfig = {
ExecStart = "@${ntp}/bin/ntpd ntpd -g ${ntpFlags}";
ExecStart = "@${ntp}/bin/ntpd ntpd -g ${builtins.toString ntpFlags}";
Type = "forking";
};
};

4
nixos/modules/services/security/tor.nix
View file

@ -816,13 +816,13 @@ in
always create a container/VM with a separate Tor daemon instance.
'' ++
flatten (mapAttrsToList (n: o:
optional (o.settings.HiddenServiceVersion == 2) [
optionals (o.settings.HiddenServiceVersion == 2) [
(optional (o.settings.HiddenServiceExportCircuitID != null) ''
HiddenServiceExportCircuitID is used in the HiddenService: ${n}
but this option is only for v3 hidden services.
'')
] ++
optional (o.settings.HiddenServiceVersion != 2) [
optionals (o.settings.HiddenServiceVersion != 2) [
(optional (o.settings.HiddenServiceAuthorizeClient != null) ''
HiddenServiceAuthorizeClient is used in the HiddenService: ${n}
but this option is only for v2 hidden services.

2
nixos/modules/services/web-apps/netbox.nix
View file

@ -46,7 +46,7 @@ let
'';
})).override {
plugins = ps: ((cfg.plugins ps)
++ optional cfg.enableLdap [ ps.django-auth-ldap ]);
++ optionals cfg.enableLdap [ ps.django-auth-ldap ]);
};
netboxManageScript = with pkgs; (writeScriptBin "netbox-manage" ''
#!${stdenv.shell}

6
nixos/modules/system/boot/luksroot.nix
View file

@ -905,9 +905,11 @@ in
{ assertion = config.boot.initrd.systemd.enable -> !luks.gpgSupport;
message = "systemd stage 1 does not support GPG smartcards yet.";
}
# TODO
{ assertion = config.boot.initrd.systemd.enable -> !luks.fido2Support;
message = "systemd stage 1 does not support FIDO2 yet.";
message = ''
systemd stage 1 does not support configuring FIDO2 unlocking through `boot.initrd.luks.devices.<name>.fido2`.
Use systemd-cryptenroll(1) to configure FIDO2 support.
'';
}
# TODO
{ assertion = config.boot.initrd.systemd.enable -> !luks.yubikeySupport;

3
nixos/modules/system/boot/systemd.nix
View file

@ -151,6 +151,9 @@ let
] ++ optionals cfg.package.withHostnamed [
"dbus-org.freedesktop.hostname1.service"
"systemd-hostnamed.service"
] ++ optionals cfg.package.withPortabled [
"dbus-org.freedesktop.portable1.service"
"systemd-portabled.service"
] ++ [
"systemd-exit.service"
"systemd-update-done.service"

16
nixos/modules/system/boot/systemd/initrd.nix
View file

@ -332,7 +332,10 @@ in {
config = mkIf (config.boot.initrd.enable && cfg.enable) {
system.build = { inherit initialRamdisk; };
boot.initrd.availableKernelModules = [ "autofs4" ]; # systemd needs this for some features
boot.initrd.availableKernelModules = [
"autofs4" # systemd needs this for some features
"tpm-tis" "tpm-crb" # systemd-cryptenroll
];
boot.initrd.systemd = {
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages;
@ -403,6 +406,17 @@ in {
# so NSS can look up usernames
"${pkgs.glibc}/lib/libnss_files.so.2"
] ++ optionals cfg.package.withCryptsetup [
# tpm2 support
"${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so"
pkgs.tpm2-tss
# fido2 support
"${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
"${pkgs.libfido2}/lib/libfido2.so.1"
# the unwrapped systemd-cryptsetup executable
"${cfg.package}/lib/systemd/.systemd-cryptsetup-wrapped"
] ++ jobScripts;
targets.initrd.aliases = ["default.target"];

2
nixos/modules/system/boot/systemd/logind.nix
View file

@ -82,6 +82,8 @@ in
"dbus-org.freedesktop.import1.service"
] ++ optionals config.systemd.package.withMachined [
"dbus-org.freedesktop.machine1.service"
] ++ optionals config.systemd.package.withPortabled [
"dbus-org.freedesktop.portable1.service"
] ++ [
"dbus-org.freedesktop.login1.service"
"user@.service"

1
nixos/modules/system/boot/systemd/tmpfiles.nix
View file

@ -79,6 +79,7 @@ in
ln -s "${systemd}/example/tmpfiles.d/home.conf"
ln -s "${systemd}/example/tmpfiles.d/journal-nocow.conf"
ln -s "${systemd}/example/tmpfiles.d/portables.conf"
ln -s "${systemd}/example/tmpfiles.d/static-nodes-permissions.conf"
ln -s "${systemd}/example/tmpfiles.d/systemd.conf"
ln -s "${systemd}/example/tmpfiles.d/systemd-nologin.conf"

2
nixos/modules/virtualisation/nixos-containers.nix
View file

@ -720,7 +720,7 @@ in
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_10;
services.postgresql.package = pkgs.postgresql_14;
system.stateVersion = "21.05";
};

4
nixos/tests/all-tests.nix
View file

@ -600,8 +600,10 @@ in {
systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {};
systemd-escaping = handleTest ./systemd-escaping.nix {};
systemd-initrd-btrfs-raid = handleTest ./systemd-initrd-btrfs-raid.nix {};
systemd-initrd-luks-fido2 = handleTest ./systemd-initrd-luks-fido2.nix {};
systemd-initrd-luks-keyfile = handleTest ./systemd-initrd-luks-keyfile.nix {};
systemd-initrd-luks-password = handleTest ./systemd-initrd-luks-password.nix {};
systemd-initrd-luks-tpm2 = handleTest ./systemd-initrd-luks-tpm2.nix {};
systemd-initrd-modprobe = handleTest ./systemd-initrd-modprobe.nix {};
systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; };
systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {};
@ -613,8 +615,10 @@ in {
systemd-networkd-dhcpserver-static-leases = handleTest ./systemd-networkd-dhcpserver-static-leases.nix {};
systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {};
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
systemd-no-tainted = handleTest ./systemd-no-tainted.nix {};
systemd-nspawn = handleTest ./systemd-nspawn.nix {};
systemd-oomd = handleTest ./systemd-oomd.nix {};
systemd-portabled = handleTest ./systemd-portabled.nix {};
systemd-shutdown = handleTest ./systemd-shutdown.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-misc = handleTest ./systemd-misc.nix {};

4
nixos/tests/installed-tests/default.nix
View file

@ -28,7 +28,7 @@ let
, withX11 ? false
# Extra flags to pass to gnome-desktop-testing-runner.
, testRunnerFlags ? ""
, testRunnerFlags ? []
# Extra attributes to pass to makeTest.
# They will be recursively merged into the attrset created by this function.
@ -67,7 +67,7 @@ let
'' +
''
machine.succeed(
"gnome-desktop-testing-runner ${testRunnerFlags} -d '${tested.installedTests}/share'"
"gnome-desktop-testing-runner ${escapeShellArgs testRunnerFlags} -d '${tested.installedTests}/share'"
)
'';
}

2
nixos/tests/installed-tests/flatpak-builder.nix
View file

@ -11,5 +11,5 @@ makeInstalledTest {
virtualisation.diskSize = 2048;
};
testRunnerFlags = "--timeout 3600";
testRunnerFlags = [ "--timeout" "3600" ];
}

2
nixos/tests/installed-tests/flatpak.nix
View file

@ -13,5 +13,5 @@ makeInstalledTest {
virtualisation.diskSize = 3072;
};
testRunnerFlags = "--timeout 3600";
testRunnerFlags = [ "--timeout" "3600" ];
}

2
nixos/tests/installed-tests/gdk-pixbuf.nix
View file

@ -9,5 +9,5 @@ makeInstalledTest {
virtualisation.memorySize = if pkgs.stdenv.isi686 then 2047 else 4096;
};
testRunnerFlags = "--timeout 1800";
testRunnerFlags = [ "--timeout" "1800" ];
}

41
nixos/tests/k3s/multi-node.nix
View file

@ -54,15 +54,15 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
role = "server";
package = pkgs.k3s;
clusterInit = true;
extraFlags = ''
--disable coredns \
--disable local-storage \
--disable metrics-server \
--disable servicelb \
--disable traefik \
--node-ip 192.168.1.1 \
--pause-image test.local/pause:local
'';
extraFlags = builtins.toString [
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--node-ip" "192.168.1.1"
"--pause-image" "test.local/pause:local"
];
};
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
@ -84,15 +84,15 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
enable = true;
serverAddr = "https://192.168.1.1:6443";
clusterInit = false;
extraFlags = ''
--disable coredns \
--disable local-storage \
--disable metrics-server \
--disable servicelb \
--disable traefik \
--node-ip 192.168.1.3 \
--pause-image test.local/pause:local
'';
extraFlags = builtins.toString [
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--node-ip" "192.168.1.3"
"--pause-image" "test.local/pause:local"
];
};
networking.firewall.allowedTCPPorts = [ 2379 2380 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];
@ -112,7 +112,10 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
enable = true;
role = "agent";
serverAddr = "https://192.168.1.3:6443";
extraFlags = "--pause-image test.local/pause:local --node-ip 192.168.1.2";
extraFlags = lib.toString [
"--pause-image" "test.local/pause:local"
"--node-ip" "192.168.1.2"
];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
networking.firewall.allowedUDPPorts = [ 8472 ];

17
nixos/tests/k3s/single-node.nix
View file

@ -40,15 +40,14 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
services.k3s.role = "server";
services.k3s.package = pkgs.k3s;
# Slightly reduce resource usage
services.k3s.extraFlags = ''
--disable coredns \
--disable local-storage \
--disable metrics-server \
--disable servicelb \
--disable traefik \
--pause-image \
test.local/pause:local
'';
services.k3s.extraFlags = builtins.toString [
"--disable" "coredns"
"--disable" "local-storage"
"--disable" "metrics-server"
"--disable" "servicelb"
"--disable" "traefik"
"--pause-image" "test.local/pause:local"
];
users.users = {
noprivs = {

30
nixos/tests/shadow.nix
View file

@ -3,6 +3,8 @@ let
password2 = "helloworld";
password3 = "bazqux";
password4 = "asdf123";
hashed_bcrypt = "$2b$05$8xIEflrk2RxQtcVXbGIxs.Vl0x7dF1/JSv3cyX6JJt0npzkTCWvxK"; # fnord
hashed_yeshash = "$y$j9T$d8Z4EAf8P1SvM/aDFbxMS0$VnTXMp/Hnc7QdCBEaLTq5ZFOAFo2/PM0/xEAFuOE88."; # fnord
in import ./make-test-python.nix ({ pkgs, ... }: {
name = "shadow";
meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; };
@ -27,6 +29,16 @@ in import ./make-test-python.nix ({ pkgs, ... }: {
password = password4;
shell = pkgs.bash;
};
users.berta = {
isNormalUser = true;
hashedPassword = hashed_bcrypt;
shell = pkgs.bash;
};
users.yesim = {
isNormalUser = true;
hashedPassword = hashed_yeshash;
shell = pkgs.bash;
};
};
};
@ -115,5 +127,23 @@ in import ./make-test-python.nix ({ pkgs, ... }: {
shadow.wait_until_succeeds("pgrep login")
shadow.send_chars("${password2}\n")
shadow.wait_until_tty_matches("5", "login:")
with subtest("check alternate password hashes"):
shadow.send_key("alt-f6")
shadow.wait_until_succeeds("[ $(fgconsole) = 6 ]")
for u in ["berta", "yesim"]:
shadow.wait_for_unit("getty@tty6.service")
shadow.wait_until_succeeds("pgrep -f 'agetty.*tty6'")
shadow.wait_until_tty_matches("6", "login: ")
shadow.send_chars(f"{u}\n")
shadow.wait_until_tty_matches("6", f"login: {u}")
shadow.wait_until_succeeds("pgrep login")
shadow.sleep(2)
shadow.send_chars("fnord\n")
shadow.send_chars(f"whoami > /tmp/{u}\n")
shadow.wait_for_file(f"/tmp/{u}")
print(shadow.succeed(f"cat /tmp/{u}"))
assert u in shadow.succeed(f"cat /tmp/{u}")
shadow.send_chars("logout\n")
'';
})

45
nixos/tests/systemd-initrd-luks-fido2.nix Normal file
View file

@ -0,0 +1,45 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "systemd-initrd-luks-fido2";
nodes.machine = { pkgs, config, ... }: {
# Use systemd-boot
virtualisation = {
emptyDiskImages = [ 512 ];
useBootLoader = true;
useEFIBoot = true;
qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; });
qemu.options = [ "-device canokey,file=/tmp/canokey-file" ];
};
boot.loader.systemd-boot.enable = true;
boot.initrd.systemd.enable = true;
environment.systemPackages = with pkgs; [ cryptsetup ];
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
crypttabExtraOpts = [ "fido2-device=auto" ];
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
};
};
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdc |& systemd-cat")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
machine.succeed("sync")
machine.crash()
# Boot and decrypt the disk
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
'';
})

72
nixos/tests/systemd-initrd-luks-tpm2.nix Normal file
View file

@ -0,0 +1,72 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "systemd-initrd-luks-tpm2";
nodes.machine = { pkgs, ... }: {
# Use systemd-boot
virtualisation = {
emptyDiskImages = [ 512 ];
useBootLoader = true;
useEFIBoot = true;
qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"];
};
boot.loader.systemd-boot.enable = true;
boot.initrd.availableKernelModules = [ "tpm_tis" ];
environment.systemPackages = with pkgs; [ cryptsetup ];
boot.initrd.systemd = {
enable = true;
};
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
};
};
testScript = ''
import subprocess
import os
import time
class Tpm:
def __init__(self):
os.mkdir("/tmp/mytpm1")
self.start()
def start(self):
self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir=/tmp/mytpm1", "--ctrl", "type=unixio,path=/tmp/mytpm1/swtpm-sock", "--log", "level=20", "--tpm2"])
def wait_for_death_then_restart(self):
while self.proc.poll() is None:
print("waiting for tpm to die")
time.sleep(1)
assert self.proc.returncode == 0
self.start()
tpm = Tpm()
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdc |& systemd-cat")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")
machine.succeed("sync")
machine.crash()
tpm.wait_for_death_then_restart()
# Boot and decrypt the disk
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
'';
})

14
nixos/tests/systemd-no-tainted.nix Normal file
View file

@ -0,0 +1,14 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "systemd-no-tainted";
nodes.machine = { };
testScript = ''
machine.wait_for_unit("multi-user.target")
with subtest("systemctl should not report tainted with unmerged-usr"):
output = machine.succeed("systemctl status")
print(output)
assert "Tainted" not in output
assert "unmerged-usr" not in output
'';
})

51
nixos/tests/systemd-portabled.nix Normal file
View file

@ -0,0 +1,51 @@
import ./make-test-python.nix ({pkgs, lib, ...}: let
demo-program = pkgs.writeShellScriptBin "demo" ''
while ${pkgs.coreutils}/bin/sleep 3; do
echo Hello World > /dev/null
done
'';
demo-service = pkgs.writeText "demo.service" ''
[Unit]
Description=demo service
Requires=demo.socket
After=demo.socket
[Service]
Type=simple
ExecStart=${demo-program}/bin/demo
Restart=always
[Install]
WantedBy=multi-user.target
Also=demo.socket
'';
demo-socket = pkgs.writeText "demo.socket" ''
[Unit]
Description=demo socket
[Socket]
ListenStream=/run/demo.sock
SocketMode=0666
[Install]
WantedBy=sockets.target
'';
demo-portable = pkgs.portableService {
pname = "demo";
version = "1.0";
description = ''A demo "Portable Service" for a shell program built with nix'';
units = [ demo-service demo-socket ];
};
in {
name = "systemd-portabled";
nodes.machine = {};
testScript = ''
machine.succeed("portablectl")
machine.wait_for_unit("systemd-portabled.service")
machine.succeed("portablectl attach --now --runtime ${demo-portable}/demo_1.0.raw")
machine.wait_for_unit("demo.service")
machine.succeed("portablectl detach --now --runtime demo_1.0")
machine.fail("systemctl status demo.service")
'';
})

2
pkgs/applications/audio/chuck/default.nix
View file

@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
buildInputs = [ libsndfile ]
++ lib.optional (!stdenv.isDarwin) alsa-lib
++ lib.optional stdenv.isDarwin [ AppKit Carbon CoreAudio CoreMIDI CoreServices Kernel ];
++ lib.optionals stdenv.isDarwin [ AppKit Carbon CoreAudio CoreMIDI CoreServices Kernel ];
patches = [ ./darwin-limits.patch ];

30
pkgs/applications/audio/flac/default.nix
View file

@ -1,4 +1,12 @@
{ lib, stdenv, fetchurl, fetchpatch, libogg }:
{ lib
, stdenv
, fetchurl
, cmake
, pkg-config
, doxygen
, graphviz
, libogg
}:
stdenv.mkDerivation rec {
pname = "flac";
@ -10,9 +18,25 @@ stdenv.mkDerivation rec {
sha256 = "91303c3e5dfde52c3e94e75976c0ab3ee14ced278ab8f60033a3a12db9209ae6";
};
buildInputs = [ libogg ];
nativeBuildInputs = [
cmake
pkg-config
doxygen
graphviz
];
#doCheck = true; # takes lots of time
buildInputs = [
libogg
];
cmakeFlags = lib.optionals (!stdenv.hostPlatform.isStatic) [
"-DBUILD_SHARED_LIBS=ON"
];
CFLAGS = [ "-O3" "-funroll-loops" ];
CXXFLAGS = [ "-O3" ];
# doCheck = true; # takes lots of time
outputs = [ "bin" "dev" "out" "man" "doc" ];

2
pkgs/applications/audio/grandorgue/default.nix
View file

@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
++ lib.optionals stdenv.isDarwin [ Cocoa ]
++ lib.optional jackaudioSupport libjack2;
cmakeFlags = lib.optional (!jackaudioSupport) [
cmakeFlags = lib.optionals (!jackaudioSupport) [
"-DRTAUDIO_USE_JACK=OFF"
"-DRTMIDI_USE_JACK=OFF"
"-DGO_USE_JACK=OFF"

4
pkgs/applications/audio/muse/default.nix
View file

@ -1,6 +1,6 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, qttools, wrapQtAppsHook
, alsa-lib, dssi, fluidsynth, ladspaH, lash, libinstpatch, libjack2, liblo
, libsamplerate, libsndfile, lilv, lrdf, lv2, qtsvg, rtaudio, rubberband, sord
, libsamplerate, libsndfile, lilv, lrdf, lv2, qtsvg, rtaudio, rubberband, sord, serd
}:
stdenv.mkDerivation rec {
@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
libsamplerate libsndfile lilv lrdf lv2 qtsvg rtaudio rubberband sord
];
NIX_CFLAGS_COMPILE = [ "-I${lib.getDev serd}/include/serd-0" ];
meta = with lib; {
homepage = "https://muse-sequencer.github.io/";
description = "MIDI/Audio sequencer with recording and editing capabilities";

2
pkgs/applications/audio/snapcast/default.nix
View file

@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
aixlog popl soxr
] ++ lib.optional pulseaudioSupport libpulseaudio
++ lib.optional stdenv.isLinux alsa-lib
++ lib.optional stdenv.isDarwin [darwin.apple_sdk.frameworks.IOKit darwin.apple_sdk.frameworks.AudioToolbox];
++ lib.optionals stdenv.isDarwin [darwin.apple_sdk.frameworks.IOKit darwin.apple_sdk.frameworks.AudioToolbox];
TARGET=lib.optionalString stdenv.isDarwin "MACOS";

2
pkgs/applications/blockchains/openethereum/default.nix
View file

@ -37,7 +37,7 @@ rustPlatform.buildRustPackage rec {
# Exclude some tests that don't work in the sandbox
# - Nat test requires network access
checkFlags = "--skip configuration::tests::should_resolve_external_nat_hosts";
checkFlags = [ "--skip" "configuration::tests::should_resolve_external_nat_hosts" ];
meta = with lib; {
broken = stdenv.isDarwin;

2
pkgs/applications/blockchains/polkadot/default.nix
View file

@ -34,7 +34,7 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "sha256-mnfA0ecfmMMAy1TZeydbep6hCIu9yZQY7/c5hb1OMGc=";
buildInputs = lib.optional stdenv.isDarwin [ Security ];
buildInputs = lib.optionals stdenv.isDarwin [ Security ];
nativeBuildInputs = [ clang ];

17
pkgs/applications/editors/neovim/build-neovim-plugin.nix
View file

@ -1,8 +1,6 @@
{ lib
, stdenv
, buildVimPluginFrom2Nix
, buildLuarocksPackage
, lua51Packages
, lua
, toVimPlugin
}:
let
@ -19,16 +17,21 @@ in
, ...
}@attrs:
let
originalLuaDrv = lua51Packages.${luaAttr};
luaDrv = lua51Packages.luaLib.overrideLuarocks originalLuaDrv (drv: {
originalLuaDrv = lua.pkgs.${luaAttr};
luaDrv = (lua.pkgs.luaLib.overrideLuarocks originalLuaDrv (drv: {
extraConfig = ''
-- to create a flat hierarchy
lua_modules_path = "lua"
'';
})).overrideAttrs (drv: {
version = attrs.version;
rockspecVersion = drv.rockspecVersion;
});
finalDrv = toVimPlugin (luaDrv.overrideAttrs(oa: {
finalDrv = toVimPlugin (luaDrv.overrideAttrs(oa: attrs // {
nativeBuildInputs = oa.nativeBuildInputs or [] ++ [
lua51Packages.luarocksMoveDataFolder
lua.pkgs.luarocksMoveDataFolder
];
}));
in

6
pkgs/applications/editors/neovim/utils.nix
View file

@ -1,11 +1,11 @@
{ lib
, buildLuarocksPackage
, callPackage
, vimUtils
, nodejs
, neovim-unwrapped
, bundlerEnv
, ruby
, lua
, python3Packages
, writeText
, wrapNeovimUnstable
@ -193,7 +193,7 @@ in
inherit legacyWrapper;
buildNeovimPluginFrom2Nix = callPackage ./build-neovim-plugin.nix {
inherit (vimUtils) buildVimPluginFrom2Nix toVimPlugin;
inherit buildLuarocksPackage;
inherit (vimUtils) toVimPlugin;
inherit lua;
};
}

4
pkgs/applications/editors/rstudio/default.nix
View file

@ -85,7 +85,7 @@ in
makeWrapper
pandoc
nodejs
] ++ lib.optional (!server) [
] ++ lib.optionals (!server) [
copyDesktopItems
];
@ -118,7 +118,7 @@ in
"-DQUARTO_ENABLED=FALSE"
"-DPANDOC_VERSION=${pandoc.version}"
"-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/lib/rstudio"
] ++ lib.optional (!server) [
] ++ lib.optionals (!server) [
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
];

2
pkgs/applications/editors/vim/configurable.nix
View file

@ -109,7 +109,7 @@ in stdenv.mkDerivation rec {
++ lib.optionals luaSupport [
"--with-lua-prefix=${lua}"
"--enable-luainterp"
] ++ lib.optional lua.pkgs.isLuaJIT [
] ++ lib.optionals lua.pkgs.isLuaJIT [
"--with-luajit"
]
++ lib.optionals pythonSupport [

10
pkgs/applications/editors/vim/plugins/build-vim-plugin.nix
View file

@ -8,6 +8,12 @@
}:
rec {
addRtp = drv:
drv // {
rtp = lib.warn "`rtp` attribute is deprecated, use `outPath` instead." drv.outPath;
overrideAttrs = f: addRtp (drv.overrideAttrs f);
};
buildVimPlugin = attrs@{
name ? "${attrs.pname}-${attrs.version}",
namePrefix ? "vimplugin-",
@ -36,9 +42,7 @@ rec {
runHook postInstall
'';
});
in toVimPlugin(drv.overrideAttrs(oa: {
rtp = "${drv}";
}));
in addRtp (toVimPlugin drv);
buildVimPluginFrom2Nix = attrs: buildVimPlugin ({
# vim plugins may override this

2
pkgs/applications/editors/vim/plugins/overrides.nix
View file

@ -676,8 +676,6 @@ self: super: {
inherit parinfer-rust;
# plenary-nvim = super.toVimPlugin(luaPackages.plenary-nvim);
plenary-nvim = super.plenary-nvim.overrideAttrs (old: {
postPatch = ''
sed -Ei lua/plenary/curl.lua \

4
pkgs/applications/editors/vim/plugins/vim-utils.nix
View file

@ -243,10 +243,10 @@ let
*/
plugImpl =
''
source ${vimPlugins.vim-plug.rtp}/plug.vim
source ${vimPlugins.vim-plug}/plug.vim
silent! call plug#begin('/dev/null')
'' + (lib.concatMapStringsSep "\n" (pkg: "Plug '${pkg.rtp}'") plug.plugins) + ''
'' + (lib.concatMapStringsSep "\n" (pkg: "Plug '${pkg}'") plug.plugins) + ''
call plug#end()
'';

2
pkgs/applications/editors/vim/vimacs.nix
View file

@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
--replace '-gvim}' '-@bin@/bin/vim -g}' \
--replace '--cmd "let g:VM_Enabled = 1"' \
'--cmd "let g:VM_Enabled = 1" --cmd "set rtp^=@rtp@" ${vimacsExtraArgs}' \
--replace @rtp@ ${vimPlugins.vimacs.rtp} \
--replace @rtp@ ${vimPlugins.vimacs} \
--replace @bin@ ${vimPackage}
for prog in vm gvm gvimacs vmdiff vimacsdiff
do

2
pkgs/applications/editors/vscode/generic.nix
View file

@ -65,7 +65,7 @@ let
buildInputs = [ libsecret libXScrnSaver libxshmfence ]
++ lib.optionals (!stdenv.isDarwin) ([ at-spi2-atk ] ++ atomEnv.packages);
runtimeDependencies = lib.optional stdenv.isLinux [ (lib.getLib systemd) fontconfig.lib libdbusmenu ];
runtimeDependencies = lib.optionals stdenv.isLinux [ (lib.getLib systemd) fontconfig.lib libdbusmenu ];
nativeBuildInputs = [ unzip ]
++ lib.optionals stdenv.isLinux [

2
pkgs/applications/emulators/retroarch/cores.nix
View file

@ -676,7 +676,7 @@ in
description = "Fast MegaDrive/MegaCD/32X emulator";
license = "MAME";
dontConfigure = true;
makeFlags = lib.optional stdenv.hostPlatform.isAarch64 [ "platform=aarch64" ];
makeFlags = lib.optionals stdenv.hostPlatform.isAarch64 [ "platform=aarch64" ];
};
play = mkLibRetroCore {

4
pkgs/applications/file-managers/nnn/default.nix
View file

@ -40,8 +40,8 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isMusl "-lfts";
makeFlags = [ "PREFIX=${placeholder "out"}" ]
++ lib.optional withIcons [ "O_ICONS=1" ]
++ lib.optional withNerdIcons [ "O_NERD=1" ];
++ lib.optionals withIcons [ "O_ICONS=1" ]
++ lib.optionals withNerdIcons [ "O_NERD=1" ];
binPath = lib.makeBinPath [ file which ];

2
pkgs/applications/gis/gmt/default.nix
View file

@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
"-DGMT_INSTALL_MODULE_LINKS:BOOL=FALSE"
"-DLICENSE_RESTRICTED=LGPL" # "GPL" and "no" also valid
] ++ (with stdenv;
lib.optional (!isDarwin) [
lib.optionals (!isDarwin) [
"-DFFTW3_ROOT=${fftwSinglePrec.dev}"
"-DLAPACK_LIBRARY=${lapack}/lib/liblapack.so"
"-DBLAS_LIBRARY=${blas}/lib/libblas.so"

2
pkgs/applications/graphics/kcc/default.nix
View file

@ -23,7 +23,7 @@ mkDerivationWith python3Packages.buildPythonApplication rec {
raven
];
qtWrapperArgs = lib.optional archiveSupport [ "--prefix" "PATH" ":" "${ lib.makeBinPath [ p7zip ] }" ];
qtWrapperArgs = lib.optionals archiveSupport [ "--prefix" "PATH" ":" "${ lib.makeBinPath [ p7zip ] }" ];
postFixup = ''
wrapProgram $out/bin/kcc "''${qtWrapperArgs[@]}"

2
pkgs/applications/graphics/xournalpp/default.nix
View file

@ -48,7 +48,7 @@ stdenv.mkDerivation rec {
]
++ lib.optional withLua lua;
buildFlags = "translations";
buildFlags = [ "translations" ];
hardeningDisable = [ "format" ];

2
pkgs/applications/misc/audio/sox/default.nix
View file

@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
autoreconfHook
autoconf-archive
] ++ lib.optional enableOpusfile [
] ++ lib.optionals enableOpusfile [
# configure.ac uses pkg-config only to locate libopusfile
pkg-config
];

2
pkgs/applications/misc/blender/default.nix
View file

@ -127,7 +127,7 @@ stdenv.mkDerivation rec {
# Clang doesn't support "-export-dynamic"
++ optional stdenv.cc.isClang "-DPYTHON_LINKFLAGS="
++ optional jackaudioSupport "-DWITH_JACK=ON"
++ optional cudaSupport [
++ optionals cudaSupport [
"-DWITH_CYCLES_CUDA_BINARIES=ON"
"-DWITH_CYCLES_DEVICE_OPTIX=ON"
"-DOPTIX_ROOT_DIR=${optix}"

16
pkgs/development/python-modules/notifymuch/default.nix → pkgs/applications/misc/notifymuch/default.nix
View file

@ -1,19 +1,16 @@
{ lib
, buildPythonApplication
, isPy3k
, fetchFromGitHub
, notmuch
, pygobject3
, gobject-introspection
, libnotify
, wrapGAppsHook
, gtk3
, python3
}:
buildPythonApplication rec {
python3.pkgs.buildPythonApplication rec {
pname = "notifymuch";
version = "0.1";
disabled = !isPy3k;
format = "setuptools";
src = fetchFromGitHub {
owner = "kspi";
@ -24,11 +21,12 @@ buildPythonApplication rec {
};
propagatedBuildInputs = [
notmuch
pygobject3
libnotify
gtk3
];
] ++ (with python3.pkgs; [
notmuch
pygobject3
]);
nativeBuildInputs = [
gobject-introspection

2
pkgs/applications/networking/browsers/ladybird/default.nix
View file

@ -5,6 +5,7 @@
, ninja
, unzip
, wrapQtAppsHook
, libxcrypt
, qtbase
, qttools
, nixosTests
@ -37,6 +38,7 @@ in gcc11Stdenv.mkDerivation {
];
buildInputs = [
libxcrypt
qtbase
];

2
pkgs/applications/networking/browsers/links2/default.nix
View file

@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
[ libev librsvg libpng libjpeg libtiff openssl xz bzip2 zlib ]
++ optionals stdenv.isLinux [ gpm ]
++ optionals enableX11 [ libX11 libXau libXt ]
++ optional enableDirectFB [ directfb ];
++ optionals enableDirectFB [ directfb ];
nativeBuildInputs = [ pkg-config bzip2 ];

2
pkgs/applications/networking/cluster/hadoop/default.nix
View file

@ -37,7 +37,7 @@ let
doCheck = true;
nativeBuildInputs = [ makeWrapper ]
++ optional (stdenv.isLinux && (nativeLibs != [ ] || libPatches != "")) [ autoPatchelfHook ];
++ optionals (stdenv.isLinux && (nativeLibs != [ ] || libPatches != "")) [ autoPatchelfHook ];
buildInputs = [ openssl ] ++ nativeLibs;
installPhase = ''

2
pkgs/applications/networking/firehol/default.nix
View file

@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--localstatedir=/var"
"--disable-doc" "--disable-man"
"--disable-update-ipsets" ] ++
lib.optional onlyQOS [ "--disable-firehol" ];
lib.optionals onlyQOS [ "--disable-firehol" ];
meta = with lib; {
description = "A firewall for humans";

2
pkgs/applications/networking/instant-messengers/pantalaimon/default.nix
View file

@ -34,7 +34,7 @@ buildPythonApplication rec {
peewee
prompt-toolkit
setuptools
] ++ lib.optional enableDbusUi [
] ++ lib.optionals enableDbusUi [
dbus-python
notify2
pygobject3

2
pkgs/applications/networking/irc/convos/default.nix
View file

@ -16,7 +16,7 @@ perlPackages.buildPerlPackage rec {
};
nativeBuildInputs = [ makeWrapper ]
++ optional stdenv.isDarwin [ shortenPerlShebang ];
++ optionals stdenv.isDarwin [ shortenPerlShebang ];
buildInputs = with perlPackages; [
CryptPassphrase CryptPassphraseArgon2 CryptPassphraseBcrypt

4
pkgs/applications/networking/irc/epic5/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, openssl, ncurses, libiconv, tcl, coreutils, fetchpatch }:
{ lib, stdenv, fetchurl, openssl, ncurses, libiconv, tcl, coreutils, fetchpatch, libxcrypt }:
stdenv.mkDerivation rec {
pname = "epic5";
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
};
# Darwin needs libiconv, tcl; while Linux build don't
buildInputs = [ openssl ncurses ]
buildInputs = [ openssl ncurses libxcrypt ]
++ lib.optionals stdenv.isDarwin [ libiconv tcl ];
patches = [

2
pkgs/applications/networking/irc/weechat/default.nix
View file

@ -50,7 +50,7 @@ let
cmakeFlags = with lib; [
"-DENABLE_MAN=ON"
"-DENABLE_DOC=OFF" # TODO(@ncfavier): Documentation fails to build, was deactivated to push through security update
"-DENABLE_DOC=ON"
"-DENABLE_TESTS=${if enableTests then "ON" else "OFF"}"
]
++ optionals stdenv.isDarwin ["-DICONV_LIBRARY=${libiconv}/lib/libiconv.dylib"]

2
pkgs/applications/networking/mailreaders/alot/default.nix
View file

@ -15,7 +15,7 @@ with python3.pkgs; buildPythonApplication rec {
outputs = [
"out"
] ++ lib.optional withManpage [
] ++ lib.optionals withManpage [
"man"
];

4
pkgs/applications/networking/mailreaders/alpine/default.nix
View file

@ -1,5 +1,5 @@
{lib, stdenv, fetchurl, ncurses, tcl, openssl, pam, libkrb5
, openldap
, openldap, libxcrypt
}:
stdenv.mkDerivation rec {
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
buildInputs = [
ncurses tcl openssl pam libkrb5 openldap
ncurses tcl openssl pam libkrb5 openldap libxcrypt
];
hardeningDisable = [ "format" ];

2
pkgs/applications/networking/mailreaders/meli/default.nix
View file

@ -31,7 +31,7 @@ rustPlatform.buildRustPackage rec {
checkInputs = [ file ];
buildFeatures = lib.optional withNotmuch [ "notmuch" ];
buildFeatures = lib.optionals withNotmuch [ "notmuch" ];
postInstall = ''
mkdir -p $out/share/man/man1

4
pkgs/applications/networking/mpop/default.nix
View file

@ -25,11 +25,11 @@ stdenv.mkDerivation rec {
gnutls
gsasl
libidn
] ++ lib.optional stdenv.isDarwin [
] ++ lib.optionals stdenv.isDarwin [
Security
];
configureFlags = lib.optional stdenv.isDarwin [
configureFlags = lib.optionals stdenv.isDarwin [
"--with-macosx-keyring"
];

4
pkgs/applications/networking/nntp-proxy/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, libconfig, pkg-config, libevent, openssl }:
{ lib, stdenv, fetchFromGitHub, libconfig, pkg-config, libevent, openssl, libxcrypt }:
stdenv.mkDerivation {
pname = "nntp-proxy";
@ -12,7 +12,7 @@ stdenv.mkDerivation {
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libconfig libevent openssl ];
buildInputs = [ libconfig libevent openssl libxcrypt ];
installFlags = [ "INSTALL_DIR=$(out)/bin/" ];

2
pkgs/applications/networking/shellhub-agent/default.nix
View file

@ -4,6 +4,7 @@
, gitUpdater
, makeWrapper
, openssh
, libxcrypt
}:
buildGoModule rec {
@ -31,6 +32,7 @@ buildGoModule rec {
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ libxcrypt ];
postInstall = ''
wrapProgram $out/bin/agent --prefix PATH : ${lib.makeBinPath [ openssh ]}

2
pkgs/applications/networking/sync/lsyncd/default.nix
View file

@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
# Special flags needed on Darwin:
# https://github.com/axkibe/lsyncd/blob/42413cabbedca429d55a5378f6e830f191f3cc86/INSTALL#L51
cmakeFlags = lib.optional stdenv.isDarwin [ "-DWITH_INOTIFY=OFF" "-DWITH_FSEVENTS=ON" ];
cmakeFlags = lib.optionals stdenv.isDarwin [ "-DWITH_INOTIFY=OFF" "-DWITH_FSEVENTS=ON" ];
dontUseCmakeBuildDir = true;

4
pkgs/applications/networking/sync/rsync/default.nix
View file

@ -20,12 +20,12 @@
stdenv.mkDerivation rec {
pname = "rsync";
version = "3.2.5";
version = "3.2.6";
src = fetchurl {
# signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5
url = "mirror://samba/rsync/src/rsync-${version}.tar.gz";
sha256 = "sha256-KsTSFjXN95GGe8N3w1ym3af1DZGaWL5FBX/VFgDGmro=";
sha256 = "sha256-+zNlurJ4N9Qf6vQulnxXvTpHvI8Qdlo2ce/Wo4NUVNM=";
};
nativeBuildInputs = [ perl ];

4
pkgs/applications/networking/znc/default.nix
View file

@ -36,8 +36,8 @@ stdenv.mkDerivation rec {
(lib.enableFeature withTcl "tcl")
(lib.withFeatureAs withTcl "tcl" "${tcl}/lib")
(lib.enableFeature withCyrus "cyrus")
] ++ optional (!withIPv6) [ "--disable-ipv6" ]
++ optional withDebug [ "--enable-debug" ];
] ++ optionals (!withIPv6) [ "--disable-ipv6" ]
++ optionals withDebug [ "--enable-debug" ];
enableParallelBuilding = true;

2
pkgs/applications/radio/rtl-sdr/default.nix
View file

@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
buildInputs = [ libusb1 ];
cmakeFlags = lib.optional stdenv.isLinux [
cmakeFlags = lib.optionals stdenv.isLinux [
"-DINSTALL_UDEV_RULES=ON"
"-DWITH_RPC=ON"
];

2
pkgs/applications/science/biology/megahit/default.nix
View file

@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake ];
buildInputs = [ zlib ];
cmakeFlags = lib.optional stdenv.hostPlatform.isStatic [
cmakeFlags = lib.optionals stdenv.hostPlatform.isStatic [
"-DSTATIC_BUILD=ON"
];
meta = with lib; {

2
pkgs/applications/science/biology/neuron/default.nix
View file

@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
sha256 = "0f26v3qvzblcdjg7isq0m9j2q8q7x3vhmkfllv8lsr3gyj44lljf";
};
patches = (lib.optional (stdenv.isDarwin) [ ./neuron-carbon-disable.patch ]);
patches = (lib.optionals (stdenv.isDarwin) [ ./neuron-carbon-disable.patch ]);
# With LLVM 3.8 and above, clang (really libc++) gets upset if you attempt to redefine these...
postPatch = lib.optionalString stdenv.cc.isClang ''

2
pkgs/applications/science/biology/samtools/default.nix
View file

@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-htslib=${htslib}" ]
++ lib.optional (ncurses == null) "--without-curses"
++ lib.optional stdenv.hostPlatform.isStatic ["--without-curses" ]
++ lib.optionals stdenv.hostPlatform.isStatic ["--without-curses" ]
;
preCheck = ''

2
pkgs/applications/science/logic/fast-downward/default.nix
View file

@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake python3.pkgs.wrapPython ];
buildInputs = [ python3 osi ];
cmakeFlags = lib.optional osi.withCplex [ "-DDOWNWARD_CPLEX_ROOT=${cplex}/cplex" ];
cmakeFlags = lib.optionals osi.withCplex [ "-DDOWNWARD_CPLEX_ROOT=${cplex}/cplex" ];
configurePhase = ''
python build.py release

2
pkgs/applications/science/math/ratpoints/default.nix
View file

@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
buildInputs = [ gmp ];
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ];
buildFlags = lib.optional stdenv.isDarwin ["CCFLAGS2=-lgmp -lc -lm" "CCFLAGS=-UUSE_SSE"];
buildFlags = lib.optionals stdenv.isDarwin ["CCFLAGS2=-lgmp -lc -lm" "CCFLAGS=-UUSE_SSE"];
installFlags = [ "INSTALL_DIR=$(out)" ];
preInstall = ''mkdir -p "$out"/{bin,share,lib,include}'';

3
pkgs/applications/science/misc/root/5.nix
View file

@ -14,6 +14,7 @@
, libGL
, zlib
, libxml2
, libxcrypt
, lz4
, xz
, gsl_1
@ -33,7 +34,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ pcre python2 zlib libxml2 lz4 xz gsl_1 xxHash ]
buildInputs = [ pcre python2 zlib libxml2 lz4 xz gsl_1 xxHash libxcrypt ]
++ lib.optionals (!stdenv.isDarwin) [ libX11 libXpm libXft libXext libGLU libGL ]
++ lib.optionals (stdenv.isDarwin) [ Cocoa OpenGL ]
;

2
pkgs/applications/science/misc/root/default.nix
View file

@ -16,6 +16,7 @@
, libXext
, libGLU
, libGL
, libxcrypt
, libxml2
, llvm_9
, lz4
@ -72,6 +73,7 @@ stdenv.mkDerivation rec {
zlib
zstd
lapack
libxcrypt
libxml2
_llvm_9
lz4

5
pkgs/applications/science/networking/sumo/default.nix
View file

@ -1,7 +1,7 @@
{ lib, bzip2, cmake, eigen, fetchFromGitHub, ffmpeg, fox_1_6, gdal,
git, gl2ps, gpp , gtest, jdk, libGL, libGLU, libX11, libjpeg,
libpng, libtiff, openscenegraph , proj, python3, python37Packages,
stdenv, swig, xercesc, xorg, zlib }:
libpng, libtiff, libxcrypt, openscenegraph , proj, python3,
python37Packages, stdenv, swig, xercesc, xorg, zlib }:
stdenv.mkDerivation rec {
pname = "sumo";
@ -36,6 +36,7 @@ stdenv.mkDerivation rec {
libjpeg
libpng
libtiff
libxcrypt
openscenegraph
proj
python37Packages.setuptools

2
pkgs/applications/terminal-emulators/x3270/default.nix
View file

@ -18,7 +18,7 @@ in stdenv.mkDerivation rec {
sha256 = "0km24rgll0s4ji6iz8lvy5ra76ds162s95y33w5px6697cwqkp9j";
};
buildFlags = "unix";
buildFlags = [ "unix" ];
postConfigure = ''
pushd c3270 ; ./configure ; popd

4
pkgs/applications/terminal-emulators/xterm/default.nix
View file

@ -4,14 +4,14 @@
stdenv.mkDerivation rec {
pname = "xterm";
version = "373";
version = "374";
src = fetchurl {
urls = [
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
];
sha256 = "sha256-3rCYlHOmOQi1qNRN/uqDAchxD2zgH7V86MMAAjdXRrY=";
sha256 = "sha256-EdTWJmcNTW17aft0Z+nsIxgX5a0iUC+RZ3aP2IrBvfU=";
};
strictDeps = true;

4
pkgs/applications/version-management/datalad/default.nix
View file

@ -59,8 +59,8 @@ python3.pkgs.buildPythonApplication rec {
# python>=3.8
distro
] ++ lib.optional stdenv.hostPlatform.isWindows [ colorama ]
++ lib.optional (python3.pythonOlder "3.10") [ importlib-metadata ];
] ++ lib.optionals stdenv.hostPlatform.isWindows [ colorama ]
++ lib.optionals (python3.pythonOlder "3.10") [ importlib-metadata ];
postInstall = ''
installShellCompletion --cmd datalad \

8
pkgs/applications/version-management/dvc/default.nix
View file

@ -72,17 +72,17 @@ python3.pkgs.buildPythonApplication rec {
typing-extensions
voluptuous
zc_lockfile
] ++ lib.optional enableGoogle [
] ++ lib.optionals enableGoogle [
gcsfs
google-cloud-storage
] ++ lib.optional enableAWS [
] ++ lib.optionals enableAWS [
aiobotocore
boto3
s3fs
] ++ lib.optional enableAzure [
] ++ lib.optionals enableAzure [
azure-identity
knack
] ++ lib.optional enableSSH [
] ++ lib.optionals enableSSH [
bcrypt
] ++ lib.optionals (pythonOlder "3.8") [
importlib-metadata

8
pkgs/applications/version-management/git-and-tools/git/default.nix
View file

@ -28,7 +28,7 @@ assert sendEmailSupport -> perlSupport;
assert svnSupport -> perlSupport;
let
version = "2.37.3";
version = "2.38.0";
svn = subversionClient.override { perlBindings = perlSupport; };
gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
in
@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
sha256 = "sha256-gUZB1/YWWc+8F4JdBGJJnKFAPjn/U9dqhRIFDmSD6Ho=";
sha256 = "sha256-kj6t4msYFN540GvajgqfXai3xLMEs/kFD/tGTwMQMgo=";
};
outputs = [ "out" ] ++ lib.optional withManual "doc";
@ -339,6 +339,10 @@ stdenv.mkDerivation (finalAttrs: {
disable_test t5319-multi-pack-index
disable_test t6421-merge-partial-clone
# Fails reproducibly on ZFS on Linux with formD normalization
disable_test t0021-conversion
disable_test t3910-mac-os-precompose
${lib.optionalString (!perlSupport) ''
# request-pull is a Bash script that invokes Perl, so it is not available
# when NO_PERL=1, and the test should be skipped, but the test suite does

2
pkgs/applications/version-management/git-and-tools/tig/default.nix
View file

@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper autoreconfHook asciidoc xmlto docbook_xsl docbook_xml_dtd_45 findXMLCatalogs pkg-config ];
autoreconfFlags = "-I tools -v";
autoreconfFlags = [ "-I" "tools" "-v" ];
buildInputs = [ ncurses readline git ]
++ lib.optionals stdenv.isDarwin [ libiconv ];

2
pkgs/applications/version-management/gitlab/default.nix
View file

@ -37,7 +37,7 @@ let
railties = x.railties // {
dontBuild = false;
patches = [ ./railties-remove-yarn-install-enhancement.patch ];
patchFlags = "-p2";
patchFlags = [ "-p2" ];
};
};
groups = [

2
pkgs/applications/version-management/subversion/default.nix
View file

@ -40,7 +40,7 @@ let
++ lib.optionals pythonBindings [ python3 py3c ]
++ lib.optional perlBindings perl
++ lib.optional saslSupport sasl
++ lib.optional stdenv.hostPlatform.isDarwin [ CoreServices Security ];
++ lib.optionals stdenv.hostPlatform.isDarwin [ CoreServices Security ];
patches = [ ./apr-1.patch ] ++ extraPatches;

10
pkgs/applications/video/kodi/unwrapped.nix
View file

@ -1,6 +1,6 @@
{ stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, makeWrapper
, pkg-config, cmake, yasm, python3Packages
, libgcrypt, libgpg-error, libunistring
, libxcrypt, libgcrypt, libgpg-error, libunistring
, boost, avahi, lame
, gettext, pcre-cpp, yajl, fribidi, which
, openssl, gperf, tinyxml2, taglib, libssh, swig, jre_headless
@ -131,14 +131,14 @@ in stdenv.mkDerivation {
sqlite libmysqlclient avahi lame
curl bzip2 zip unzip glxinfo
libcec libcec_platform dcadec libuuid
libgcrypt libgpg-error libunistring
libxcrypt libgcrypt libgpg-error libunistring
libcrossguid libplist
bluez giflib glib harfbuzz lcms2 libpthreadstubs
ffmpeg flatbuffers fstrcmp rapidjson
lirc
mesa # for libEGL
]
++ lib.optional x11Support [
++ lib.optionals x11Support [
libX11 xorgproto libXt libXmu libXext.dev libXdmcp
libXinerama libXrandr.dev libXtst libXfixes
]
@ -158,7 +158,7 @@ in stdenv.mkDerivation {
# Not sure why ".dev" is needed here, but CMake doesn't find libxkbcommon otherwise
libxkbcommon.dev
]
++ lib.optional gbmSupport [
++ lib.optionals gbmSupport [
libxkbcommon.dev
mesa.dev
libinput.dev
@ -200,7 +200,7 @@ in stdenv.mkDerivation {
# whitelisted directories). This adds the entire nix store to the Kodi
# webserver whitelist to avoid this problem.
"-DKODI_WEBSERVER_EXTRA_WHITELIST=${builtins.storeDir}"
] ++ lib.optional waylandSupport [
] ++ lib.optionals waylandSupport [
"-DWAYLANDPP_SCANNER=${buildPackages.waylandpp}/bin/wayland-scanner++"
];

4
pkgs/applications/virtualization/open-vm-tools/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook
, bash, fuse3, libmspack, openssl, pam, xercesc, icu, libdnet, procps, libtirpc, rpcsvc-proto
, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst
, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst, libxcrypt
, pkg-config, glib, gdk-pixbuf-xlib, gtk3, gtkmm3, iproute2, dbus, systemd, which
, libdrm, udev, util-linux
, withX ? true
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
outputs = [ "out" "dev" ];
nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ];
buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc openssl pam procps rpcsvc-proto udev xercesc ]
buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc libxcrypt openssl pam procps rpcsvc-proto udev xercesc ]
++ lib.optionals withX [ gdk-pixbuf-xlib gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ];
postPatch = ''

4
pkgs/applications/virtualization/virtualbox/default.nix
View file

@ -23,14 +23,14 @@ let
buildType = "release";
# Use maintainers/scripts/update.nix to update the version and all related hashes or
# change the hashes in extpack.nix and guest-additions/default.nix as well manually.
version = "6.1.36";
version = "6.1.40";
in stdenv.mkDerivation {
pname = "virtualbox";
inherit version;
src = fetchurl {
url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2";
sha256 = "e47942e42892c13c621869865e2b7b320340154f0fa74ecbdaf18fdaf70ef047";
sha256 = "bc857555d3e836ad9350a8f7b03bb54d2fdc04dddb2043d09813f4634bca4814";
};
outputs = [ "out" "modsrc" ];

2
pkgs/applications/virtualization/virtualbox/extpack.nix
View file

@ -12,7 +12,7 @@ fetchurl rec {
# Manually sha256sum the extensionPack file, must be hex!
# Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`.
# Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS
let value = "3c84f0177a47a1969aff7c98e01ddceedd50348f56cc52d63f4c2dd38ad2ca75";
let value = "29cf8410e2514ea4393f63f5e955b8311787873679fc23ae9a897fb70ef3f84a";
in assert (builtins.stringLength value) == 64; value;
meta = {

Some files were not shown because too many files have changed in this diff Show more