Merge staging-next into staging
This commit is contained in:
commit
3945b4136d
|
@ -0,0 +1,94 @@
|
|||
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-booting-via-kexec">
|
||||
<title><quote>Booting</quote> into NixOS via kexec</title>
|
||||
<para>
|
||||
In some cases, your system might already be booted into/preinstalled
|
||||
with another Linux distribution, and booting NixOS by attaching an
|
||||
installation image is quite a manual process.
|
||||
</para>
|
||||
<para>
|
||||
This is particularly useful for (cloud) providers where you can’t
|
||||
boot a custom image, but get some Debian or Ubuntu installation.
|
||||
</para>
|
||||
<para>
|
||||
In these cases, it might be easier to use <literal>kexec</literal>
|
||||
to <quote>jump into NixOS</quote> from the running system, which
|
||||
only assumes <literal>bash</literal> and <literal>kexec</literal> to
|
||||
be installed on the machine.
|
||||
</para>
|
||||
<para>
|
||||
Note that kexec may not work correctly on some hardware, as devices
|
||||
are not fully re-initialized in the process. In practice, this
|
||||
however is rarely the case.
|
||||
</para>
|
||||
<para>
|
||||
To build the necessary files from your current version of nixpkgs,
|
||||
you can run:
|
||||
</para>
|
||||
<programlisting>
|
||||
nix-build -A kexec.x86_64-linux '<nixpkgs/nixos/release.nix>'
|
||||
</programlisting>
|
||||
<para>
|
||||
This will create a <literal>result</literal> directory containing
|
||||
the following:
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>bzImage</literal> (the Linux kernel)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>initrd</literal> (the initrd file)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>kexec-boot</literal> (a shellscript invoking
|
||||
<literal>kexec</literal>)
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para>
|
||||
These three files are meant to be copied over to the other already
|
||||
running Linux Distribution.
|
||||
</para>
|
||||
<para>
|
||||
Note it’s symlinks pointing elsewhere, so <literal>cd</literal> in,
|
||||
and use <literal>scp * root@$destination</literal> to copy it over,
|
||||
rather than rsync.
|
||||
</para>
|
||||
<para>
|
||||
Once you finished copying, execute <literal>kexec-boot</literal>
|
||||
<emphasis>on the destination</emphasis>, and after some seconds, the
|
||||
machine should be booting into an (ephemeral) NixOS installation
|
||||
medium.
|
||||
</para>
|
||||
<para>
|
||||
In case you want to describe your own system closure to kexec into,
|
||||
instead of the default installer image, you can build your own
|
||||
<literal>configuration.nix</literal>:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{ modulesPath, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/netboot/netboot-minimal.nix")
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"my-ssh-pubkey"
|
||||
];
|
||||
}
|
||||
</programlisting>
|
||||
<programlisting>
|
||||
nix-build '<nixpkgs/nixos>' \
|
||||
--arg configuration ./configuration.nix
|
||||
--attr config.system.build.kexecTree
|
||||
</programlisting>
|
||||
<para>
|
||||
Make sure your <literal>configuration.nix</literal> does still
|
||||
import <literal>netboot-minimal.nix</literal> (or
|
||||
<literal>netboot-base.nix</literal>).
|
||||
</para>
|
||||
</section>
|
|
@ -638,6 +638,7 @@ $ passwd eelco
|
|||
<title>Additional installation notes</title>
|
||||
<xi:include href="installing-usb.section.xml" />
|
||||
<xi:include href="installing-pxe.section.xml" />
|
||||
<xi:include href="installing-kexec.section.xml" />
|
||||
<xi:include href="installing-virtualbox-guest.section.xml" />
|
||||
<xi:include href="installing-from-other-distro.section.xml" />
|
||||
<xi:include href="installing-behind-a-proxy.section.xml" />
|
||||
|
|
64
nixos/doc/manual/installation/installing-kexec.section.md
Normal file
64
nixos/doc/manual/installation/installing-kexec.section.md
Normal file
|
@ -0,0 +1,64 @@
|
|||
# "Booting" into NixOS via kexec {#sec-booting-via-kexec}
|
||||
|
||||
In some cases, your system might already be booted into/preinstalled with
|
||||
another Linux distribution, and booting NixOS by attaching an installation
|
||||
image is quite a manual process.
|
||||
|
||||
This is particularly useful for (cloud) providers where you can't boot a custom
|
||||
image, but get some Debian or Ubuntu installation.
|
||||
|
||||
In these cases, it might be easier to use `kexec` to "jump into NixOS" from the
|
||||
running system, which only assumes `bash` and `kexec` to be installed on the
|
||||
machine.
|
||||
|
||||
Note that kexec may not work correctly on some hardware, as devices are not
|
||||
fully re-initialized in the process. In practice, this however is rarely the
|
||||
case.
|
||||
|
||||
To build the necessary files from your current version of nixpkgs,
|
||||
you can run:
|
||||
|
||||
```ShellSession
|
||||
nix-build -A kexec.x86_64-linux '<nixpkgs/nixos/release.nix>'
|
||||
```
|
||||
|
||||
This will create a `result` directory containing the following:
|
||||
- `bzImage` (the Linux kernel)
|
||||
- `initrd` (the initrd file)
|
||||
- `kexec-boot` (a shellscript invoking `kexec`)
|
||||
|
||||
These three files are meant to be copied over to the other already running
|
||||
Linux Distribution.
|
||||
|
||||
Note it's symlinks pointing elsewhere, so `cd` in, and use
|
||||
`scp * root@$destination` to copy it over, rather than rsync.
|
||||
|
||||
Once you finished copying, execute `kexec-boot` *on the destination*, and after
|
||||
some seconds, the machine should be booting into an (ephemeral) NixOS
|
||||
installation medium.
|
||||
|
||||
In case you want to describe your own system closure to kexec into, instead of
|
||||
the default installer image, you can build your own `configuration.nix`:
|
||||
|
||||
```nix
|
||||
{ modulesPath, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/netboot/netboot-minimal.nix")
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"my-ssh-pubkey"
|
||||
];
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
```ShellSession
|
||||
nix-build '<nixpkgs/nixos>' \
|
||||
--arg configuration ./configuration.nix
|
||||
--attr config.system.build.kexecTree
|
||||
```
|
||||
|
||||
Make sure your `configuration.nix` does still import `netboot-minimal.nix` (or
|
||||
`netboot-base.nix`).
|
|
@ -476,6 +476,7 @@ With a partitioned disk.
|
|||
```{=docbook}
|
||||
<xi:include href="installing-usb.section.xml" />
|
||||
<xi:include href="installing-pxe.section.xml" />
|
||||
<xi:include href="installing-kexec.section.xml" />
|
||||
<xi:include href="installing-virtualbox-guest.section.xml" />
|
||||
<xi:include href="installing-from-other-distro.section.xml" />
|
||||
<xi:include href="installing-behind-a-proxy.section.xml" />
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
# This module exposes a config.system.build.kexecBoot attribute,
|
||||
# which returns a directory with kernel, initrd and a shell script
|
||||
# running the necessary kexec commands.
|
||||
|
||||
# It's meant to be scp'ed to a machine with working ssh and kexec binary
|
||||
# installed.
|
||||
|
||||
# This is useful for (cloud) providers where you can't boot a custom image, but
|
||||
# get some Debian or Ubuntu installation.
|
||||
|
||||
{ pkgs
|
||||
, modulesPath
|
||||
, config
|
||||
, ...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/netboot/netboot-minimal.nix")
|
||||
];
|
||||
|
||||
config = {
|
||||
system.build.kexecBoot =
|
||||
let
|
||||
kexecScript = pkgs.writeScript "kexec-boot" ''
|
||||
#!/usr/bin/env bash
|
||||
if ! kexec -v >/dev/null 2>&1; then
|
||||
echo "kexec not found: please install kexec-tools" 2>&1
|
||||
exit 1
|
||||
fi
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
kexec --load ''${SCRIPT_DIR}/bzImage \
|
||||
--initrd=''${SCRIPT_DIR}/initrd.gz \
|
||||
--command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
|
||||
kexec -e
|
||||
''; in
|
||||
pkgs.linkFarm "kexec-tree" [
|
||||
{
|
||||
name = "initrd.gz";
|
||||
path = "${config.system.build.netbootRamdisk}/initrd";
|
||||
}
|
||||
{
|
||||
name = "bzImage";
|
||||
path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
|
||||
}
|
||||
{
|
||||
name = "kexec-boot";
|
||||
path = kexecScript;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -101,6 +101,37 @@ with lib;
|
|||
boot
|
||||
'';
|
||||
|
||||
# A script invoking kexec on ./bzImage and ./initrd.gz.
|
||||
# Usually used through system.build.kexecTree, but exposed here for composability.
|
||||
system.build.kexecScript = pkgs.writeScript "kexec-boot" ''
|
||||
#!/usr/bin/env bash
|
||||
if ! kexec -v >/dev/null 2>&1; then
|
||||
echo "kexec not found: please install kexec-tools" 2>&1
|
||||
exit 1
|
||||
fi
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
kexec --load ''${SCRIPT_DIR}/bzImage \
|
||||
--initrd=''${SCRIPT_DIR}/initrd.gz \
|
||||
--command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
|
||||
kexec -e
|
||||
'';
|
||||
|
||||
# A tree containing initrd.gz, bzImage and a kexec-boot script.
|
||||
system.build.kexecTree = pkgs.linkFarm "kexec-tree" [
|
||||
{
|
||||
name = "initrd.gz";
|
||||
path = "${config.system.build.netbootRamdisk}/initrd";
|
||||
}
|
||||
{
|
||||
name = "bzImage";
|
||||
path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
|
||||
}
|
||||
{
|
||||
name = "kexec-boot";
|
||||
path = config.system.build.kexecScript;
|
||||
}
|
||||
];
|
||||
|
||||
boot.loader.timeout = 10;
|
||||
|
||||
boot.postBootCommands =
|
||||
|
|
|
@ -8,8 +8,6 @@ let
|
|||
|
||||
cfg = config.systemd;
|
||||
|
||||
systemd = cfg.package;
|
||||
|
||||
inherit (systemdUtils.lib)
|
||||
generateUnits
|
||||
targetToUnit
|
||||
|
@ -439,7 +437,7 @@ in
|
|||
|
||||
system.build.units = cfg.units;
|
||||
|
||||
system.nssModules = [ systemd.out ];
|
||||
system.nssModules = [ cfg.package.out ];
|
||||
system.nssDatabases = {
|
||||
hosts = (mkMerge [
|
||||
(mkOrder 400 ["mymachines"]) # 400 to ensure it comes before resolve (which is mkBefore'd)
|
||||
|
@ -453,7 +451,7 @@ in
|
|||
]);
|
||||
};
|
||||
|
||||
environment.systemPackages = [ systemd ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
environment.etc = let
|
||||
# generate contents for /etc/systemd/system-${type} from attrset of links and packages
|
||||
|
|
|
@ -151,6 +151,13 @@ in rec {
|
|||
# Build the initial ramdisk so Hydra can keep track of its size over time.
|
||||
initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk);
|
||||
|
||||
kexec = forMatchingSystems supportedSystems (system: (import lib/eval-config.nix {
|
||||
inherit system;
|
||||
modules = [
|
||||
./modules/installer/netboot/netboot-minimal.nix
|
||||
];
|
||||
}).config.system.build.kexecTree);
|
||||
|
||||
netboot = forMatchingSystems supportedSystems (system: makeNetboot {
|
||||
module = ./modules/installer/netboot/netboot-minimal.nix;
|
||||
inherit system;
|
||||
|
|
|
@ -18,8 +18,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
|||
virtualisation.vlans = [ ];
|
||||
environment.systemPackages = [ pkgs.hello ];
|
||||
imports = [
|
||||
"${modulesPath}/installer/kexec/kexec-boot.nix"
|
||||
"${modulesPath}/profiles/minimal.nix"
|
||||
"${modulesPath}/installer/netboot/netboot-minimal.nix"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -33,14 +32,14 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
|||
node1.connect()
|
||||
node1.wait_for_unit("multi-user.target")
|
||||
|
||||
# Check if the machine with kexec-boot.nix profile boots up
|
||||
# Check if the machine with netboot-minimal.nix profile boots up
|
||||
node2.wait_for_unit("multi-user.target")
|
||||
node2.shutdown()
|
||||
|
||||
# Kexec node1 to the toplevel of node2 via the kexec-boot script
|
||||
node1.succeed('touch /run/foo')
|
||||
node1.fail('hello')
|
||||
node1.execute('${nodes.node2.config.system.build.kexecBoot}/kexec-boot', check_return=False)
|
||||
node1.execute('${nodes.node2.config.system.build.kexecTree}/kexec-boot', check_return=False)
|
||||
node1.succeed('! test -e /run/foo')
|
||||
node1.succeed('hello')
|
||||
node1.succeed('[ "$(hostname)" = "node2" ]')
|
||||
|
|
|
@ -45,9 +45,9 @@
|
|||
}
|
||||
},
|
||||
"ungoogled-chromium": {
|
||||
"version": "102.0.5005.61",
|
||||
"sha256": "07vbi3gn9g4n04b2qi2hm34r122snrqaifa46yk3pyh1d79rfdqs",
|
||||
"sha256bin64": "100n8k3d9k5bq58irc36ig6m5m0lxggffyk4crqqqcib2anqd0zv",
|
||||
"version": "102.0.5005.115",
|
||||
"sha256": "1rj7vy824vn513hiivc90lnxvxyi2s0qkdmfqsdssv9v6zjl079h",
|
||||
"sha256bin64": "0b32sscbjnvr98lk962i9k2srckv2s7fp9pifmsv5jlwndjhzm7y",
|
||||
"deps": {
|
||||
"gn": {
|
||||
"version": "2022-04-14",
|
||||
|
@ -56,8 +56,8 @@
|
|||
"sha256": "0b5xs0chcv3hfhy71rycsmgxnqbm375a333hwav8929k9cbi5p9h"
|
||||
},
|
||||
"ungoogled-patches": {
|
||||
"rev": "102.0.5005.61-1",
|
||||
"sha256": "1hlyi6k894blkkqmqsizx72bag2vj6wlpza0fvi8db5wp6i5b58g"
|
||||
"rev": "102.0.5005.115-1",
|
||||
"sha256": "1z2xkxxviggyyksga74cqa4v73gynlgzi22ckg8yv84qxrklik6p"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,33 +7,27 @@
|
|||
, gtk3
|
||||
, wrapGAppsHook
|
||||
, glib
|
||||
, gtksourceview4
|
||||
, itstool
|
||||
, gettext
|
||||
, pango
|
||||
, gdk-pixbuf
|
||||
, libsecret
|
||||
, gobject-introspection
|
||||
, xvfb-run
|
||||
}:
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "gtg";
|
||||
version = "0.5";
|
||||
version = "0.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "getting-things-gnome";
|
||||
repo = "gtg";
|
||||
rev = "v${version}";
|
||||
sha256 = "0b2slm7kjq6q8c7v4m7aqc8m1ynjxn3bl7445srpv1xc0dilq403";
|
||||
sha256 = "sha256-O8qBD92P2g8QrBdMXa6j0Ozk+W80Ny5yk0KNTy7ekfE=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# fix build with meson 0.60 (https://github.com/getting-things-gnome/gtg/pull/729)
|
||||
(fetchpatch {
|
||||
url = "https://github.com/getting-things-gnome/gtg/commit/1809d10663ae3d8f69c04138b66f9b4e66ee14f6.patch";
|
||||
sha256 = "sha256-bYr5PAsuvcSqTf0vaJj2APtuBrwHdhXJxtXoAb7CfGk=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson
|
||||
ninja
|
||||
|
@ -46,8 +40,10 @@ python3Packages.buildPythonApplication rec {
|
|||
buildInputs = [
|
||||
glib
|
||||
gtk3
|
||||
gtksourceview4
|
||||
pango
|
||||
gdk-pixbuf
|
||||
libsecret
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
|
@ -56,12 +52,14 @@ python3Packages.buildPythonApplication rec {
|
|||
lxml
|
||||
gst-python
|
||||
liblarch
|
||||
caldav
|
||||
];
|
||||
|
||||
checkInputs = with python3Packages; [
|
||||
nose
|
||||
mock
|
||||
xvfb-run
|
||||
pytest
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
|
@ -71,7 +69,7 @@ python3Packages.buildPythonApplication rec {
|
|||
format = "other";
|
||||
strictDeps = false; # gobject-introspection does not run with strictDeps (https://github.com/NixOS/nixpkgs/issues/56943)
|
||||
|
||||
checkPhase = "xvfb-run python3 ../run-tests";
|
||||
checkPhase = "xvfb-run pytest ../tests/";
|
||||
|
||||
meta = with lib; {
|
||||
description = " A personal tasks and TODO-list items organizer";
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "lefthook";
|
||||
version = "0.7.7";
|
||||
version = "0.8.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
rev = "v${version}";
|
||||
owner = "evilmartians";
|
||||
repo = "lefthook";
|
||||
sha256 = "sha256-XyuXegCTJSW4uO6fEaRKq/jZnE+JbrxZw0kcDvhpsVo=";
|
||||
sha256 = "sha256-ahkTxuBjMbvBzPuLtW7AhM2OUtL9Rw+ZqgnGGTkeCQQ=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-Rp67FnFU27u85t02MIs7wZQoOa8oGsHVVPQ9OdIyTJg=";
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "clojure";
|
||||
version = "1.11.1.1119";
|
||||
version = "1.11.1.1124";
|
||||
|
||||
src = fetchurl {
|
||||
# https://clojure.org/releases/tools
|
||||
url = "https://download.clojure.org/install/clojure-tools-${version}.tar.gz";
|
||||
sha256 = "sha256-DPFLExCMWheI5IIa8aNz/ZggftJpxgOUIOYZZKBdvIc=";
|
||||
sha256 = "sha256-QucUcLCzLPe/OpVyI8++Z+RFukNNRQ39imBaxZuH324=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchurl, fetchpatch, cmake, makeWrapper, minizip, pcsclite, opensc, openssl
|
||||
{ lib, stdenv, fetchurl, fetchpatch, cmake, minizip, pcsclite, opensc, openssl
|
||||
, xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
|
|||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ cmake makeWrapper pkg-config xxd ];
|
||||
nativeBuildInputs = [ cmake pkg-config xxd ];
|
||||
|
||||
buildInputs = [
|
||||
minizip pcsclite opensc openssl xercesc
|
||||
|
@ -31,11 +31,11 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "lib" "dev" "bin" ];
|
||||
|
||||
# replace this hack with a proper cmake variable or environment variable
|
||||
# once https://github.com/open-eid/cmake/pull/34 (or #35) gets merged.
|
||||
postInstall = ''
|
||||
wrapProgram $bin/bin/digidoc-tool \
|
||||
--prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/
|
||||
# libdigidocpp.so's `PKCS11Signer::PKCS11Signer()` dlopen()s "opensc-pkcs11.so"
|
||||
# itself, so add OpenSC to its DT_RUNPATH after the fixupPhase shrinked it.
|
||||
# https://github.com/open-eid/cmake/pull/35 might be an alternative.
|
||||
postFixup = ''
|
||||
patchelf --add-rpath ${opensc}/lib/pkcs11 $lib/lib/libdigidocpp.so
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "aioskybell";
|
||||
version = "22.6.0";
|
||||
version = "22.6.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.9";
|
||||
|
@ -19,8 +19,8 @@ buildPythonPackage rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "tkdrob";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-2AsEVGZ4cA1GeoxtGFuvjZ05W4FjQ5GFSM8euu9iY4s==";
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-VaG8r4ULbjI7LkIPCit3bILZgOi9k7ddRQXwVzplaCM=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
, python
|
||||
, pythonOlder
|
||||
, requirements-parser
|
||||
, sortedcontainers
|
||||
, setuptools
|
||||
, toml
|
||||
, types-setuptools
|
||||
|
@ -18,7 +19,7 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "cyclonedx-python-lib";
|
||||
version = "2.4.0";
|
||||
version = "2.5.1";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.9";
|
||||
|
@ -27,7 +28,7 @@ buildPythonPackage rec {
|
|||
owner = "CycloneDX";
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-IrMXHWeksEmON3LxJvQ3WSKwQTY0aRZ8XItWMr3p4gw=";
|
||||
hash = "sha256-w/av9U42fC4g7NUw7PSW+K822klH4e1xYFPh7I4jrRA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -39,6 +40,7 @@ buildPythonPackage rec {
|
|||
packageurl-python
|
||||
requirements-parser
|
||||
setuptools
|
||||
sortedcontainers
|
||||
toml
|
||||
types-setuptools
|
||||
types-toml
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "dogpile-cache";
|
||||
version = "1.1.5";
|
||||
version = "1.1.6";
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "dogpile.cache";
|
||||
inherit version;
|
||||
sha256 = "0f01bdc329329a8289af9705ff40fadb1f82a28c336f3174e12142b70d31c756";
|
||||
sha256 = "sha256-7tweMn5myT8MFah0BWmrdO89iSkELxCPmP3tnjX6/1U=";
|
||||
};
|
||||
|
||||
preCheck = ''
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
buildPythonApplication rec {
|
||||
pname = "mkdocs-material";
|
||||
version = "8.3.3";
|
||||
version = "8.3.4";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
@ -22,7 +22,7 @@ buildPythonApplication rec {
|
|||
owner = "squidfunk";
|
||||
repo = pname;
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-4rJ1fKYIQli4j6x1/xipQeCXMfbILyroxrwbpcPGYiU=";
|
||||
hash = "sha256-UQGszU1ICundexXSHMdDm15FjlnzK1ifuRn2M5fp1sA=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -6,14 +6,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "peaqevcore";
|
||||
version = "0.4.2";
|
||||
version = "0.4.7";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-s7vJ4rAOQPZBhCA8Q+ZJl6RBTBmP90XA9c6B/xwoHU0=";
|
||||
hash = "sha256-DEK8vOWHv+O6zpzluUkhozsihhM9Ad2lOCEf4YnT+Yk=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
buildPythonPackage rec {
|
||||
pname = "pulumi-aws";
|
||||
# Version is independant of pulumi's.
|
||||
version = "5.7.2";
|
||||
version = "5.8.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
@ -21,7 +21,7 @@ buildPythonPackage rec {
|
|||
owner = "pulumi";
|
||||
repo = "pulumi-aws";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-oy2TBxE9zDbRc6cSml4nwibAAEq3anWngoxj6h4sYbU=";
|
||||
hash = "sha256-exMPHz5sq6AW3hyv+pl66RmHR4nEBIeDu7NPPyH1mig=";
|
||||
};
|
||||
|
||||
sourceRoot = "${src.name}/sdk/python";
|
||||
|
|
32
pkgs/development/python-modules/py-sneakers/default.nix
Normal file
32
pkgs/development/python-modules/py-sneakers/default.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "py-sneakers";
|
||||
version = "1.0.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-bIhkYTzRe4uM0kbNhbDTr6TiaOEBSiCSkPJKKCivDZY=";
|
||||
};
|
||||
|
||||
# Module has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"py_sneakers"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Library to emulate the Sneakers movie effect";
|
||||
homepage = "https://github.com/aenima-x/py-sneakers";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -6,12 +6,12 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "pydal";
|
||||
version = "20220213.2";
|
||||
version = "20220609.1";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-7DBLcHSEkoT8wV6824TGWRLi9vK2t+r1RwwWmRBYD9I=";
|
||||
sha256 = "sha256-c9cWdQ+V1Phw1cfe5MUif2edXIrFQaDZC9qGBDevedI=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "transformers";
|
||||
version = "4.19.3";
|
||||
version = "4.19.4";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
@ -33,7 +33,7 @@ buildPythonPackage rec {
|
|||
owner = "huggingface";
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-kXgxIjU5L4YYCqHGvhqjX4YZ3VKNLYIxIKqT1Nmv/GU=";
|
||||
hash = "sha256-MxP87tmRsjAOkTkJ7VmlUjG4RE3mh/wF76TZQE/UOoQ=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "firejail";
|
||||
version = "0.9.68";
|
||||
version = "0.9.70";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "netblue30";
|
||||
repo = "firejail";
|
||||
rev = version;
|
||||
sha256 = "18yy1mykx7h78yj7sz729i3dlsrgi25m17m5x9gbrvsx7f87rw7j";
|
||||
sha256 = "sha256-x1txt0uER66bZN6BD6c/31Zu6fPPwC9kl/3bxEE6Ce8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -41,41 +41,6 @@ stdenv.mkDerivation rec {
|
|||
# By default fbuilder hardcodes the firejail binary to the install path.
|
||||
# On NixOS the firejail binary is a setuid wrapper available in $PATH.
|
||||
./fbuilder-call-firejail-on-path.patch
|
||||
|
||||
# NixOS specific whitelist to resolve binary paths in user environment
|
||||
# Fixes https://github.com/NixOS/nixpkgs/issues/170784
|
||||
# Upstream fix https://github.com/netblue30/firejail/pull/5131
|
||||
# Upstream hopefully fixed in later versions > 0.9.68
|
||||
./whitelist-nix-profile.patch
|
||||
|
||||
# Fix OpenGL support for various applications including Firefox
|
||||
# Issue: https://github.com/NixOS/nixpkgs/issues/55191
|
||||
# Upstream fix: https://github.com/netblue30/firejail/pull/5132
|
||||
# Hopefully fixed upstream in version > 0.9.68
|
||||
./fix-opengl-support.patch
|
||||
|
||||
# Fix CVE-2022-31214 by patching in 4 commits from upstream
|
||||
# https://seclists.org/oss-sec/2022/q2/188
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-31214-patch1"; # "fixing CVE-2022-31214"
|
||||
url = "https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50.patch";
|
||||
sha256 = "sha256-XXmnYCn4TPUvU43HifZDk4tEZQvOho9/7ehU6889nN4=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-31214-patch2"; # "shutdown testing"
|
||||
url = "https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86.patch";
|
||||
sha256 = "sha256-PV73hRlvYEQihuljSCQMNO34KJ0hDVFexhirpHcTK1I=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-31214-patch3"; # "CVE-2022-31214: fixing the fix"
|
||||
url = "https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7.patch";
|
||||
sha256 = "sha256-6plBIliW/nLKR7TdGeB88eQ65JHEasnaRsP3HPXAFyA=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2022-31214-patch4"; # "CVE-2022-31214: fixing the fix, one more time "
|
||||
url = "https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54.patch";
|
||||
sha256 = "sha256-inkpcdC5rl5w+CTAwwQVBOELlHTXb8UGlpU+8kMY95s=";
|
||||
})
|
||||
];
|
||||
|
||||
prePatch = ''
|
||||
|
|
|
@ -1,15 +1,13 @@
|
|||
{ buildGoPackage
|
||||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
, lib
|
||||
, nixosTests
|
||||
}:
|
||||
|
||||
buildGoPackage rec {
|
||||
buildGoModule rec {
|
||||
pname = "pebble";
|
||||
version = "2.3.1";
|
||||
|
||||
goPackagePath = "github.com/letsencrypt/${pname}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "letsencrypt";
|
||||
repo = pname;
|
||||
|
@ -17,6 +15,8 @@ buildGoPackage rec {
|
|||
sha256 = "sha256-S9+iRaTSRt4F6yMKK0OJO6Zto9p0dZ3q/mULaipudVo=";
|
||||
};
|
||||
|
||||
vendorSha256 = null;
|
||||
|
||||
passthru.tests = {
|
||||
smoke-test = nixosTests.acme;
|
||||
};
|
||||
|
|
|
@ -9,16 +9,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "lsd";
|
||||
version = "0.21.0";
|
||||
version = "0.22.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Peltoche";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-4pa8yJjUTO5MUDuljfU9Vo2ZjbsIwWJsJj6VVNfN25A=";
|
||||
sha256 = "sha256-YeSEaamtIjip2nLBw/1/RSkr6ZL0p1GG2pHU14Ry6XU=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-P0HJVp2ReJuLSZrArw/EAfLFDOZqswI0nD1SCHwegoE=";
|
||||
cargoSha256 = "sha256-JsPGw5hjNy+yTZiSBeF05o9Zl6pYXxEI4kIDLY6Q54Q=";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles pandoc ];
|
||||
postInstall = ''
|
||||
|
|
|
@ -93,15 +93,5 @@ in lib.makeExtensible (self: {
|
|||
|
||||
stable = self.nix_2_9;
|
||||
|
||||
# remember to backport updates to the stable branch!
|
||||
unstable = lib.lowPrio (common rec {
|
||||
version = "2.9";
|
||||
suffix = "pre20220610_${lib.substring 0 7 src.rev}";
|
||||
src = fetchFromGitHub {
|
||||
owner = "NixOS";
|
||||
repo = "nix";
|
||||
rev = "45ebaab66594692035f028796200a6db2b1fedaf";
|
||||
sha256 = "sha256-82M5jKdGUxQBfYj+8nK2SvfVv4Uo0YrPxiuWV/fnvtI=";
|
||||
};
|
||||
});
|
||||
unstable = self.stable;
|
||||
})
|
||||
|
|
|
@ -5,13 +5,14 @@
|
|||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "faraday-cli";
|
||||
version = "2.0.2";
|
||||
version = "2.1.5";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "infobyte";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-J3YlFsX/maOqWo4ILEMXzIJeQ8vr47ApGGiaBWrUCMs=";
|
||||
hash = "sha256-kl5yOJTMobccZoaIoWwQubCrswPa69I5Kmuox7JqAXs=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
|
@ -22,8 +23,10 @@ python3.pkgs.buildPythonApplication rec {
|
|||
faraday-plugins
|
||||
jsonschema
|
||||
log-symbols
|
||||
luddite
|
||||
packaging
|
||||
pyyaml
|
||||
py-sneakers
|
||||
simple-rest-client
|
||||
spinners
|
||||
tabulate
|
||||
|
|
|
@ -35,10 +35,14 @@ mkDerivation rec {
|
|||
qttranslations
|
||||
];
|
||||
|
||||
# replace this hack with a proper cmake variable or environment variable
|
||||
# once https://github.com/open-eid/cmake/pull/34 (or #35) gets merged.
|
||||
# qdigidoc4's `QPKCS11::reload()` dlopen()s "opensc-pkcs11.so" in QLibrary,
|
||||
# i.e. OpenSC's module is searched for in libQt5Core's DT_RUNPATH and fixing
|
||||
# qdigidoc4's DT_RUNPATH has no effect on Linux (at least OpenBSD's ld.so(1)
|
||||
# searches the program's runtime path as well).
|
||||
# LD_LIBRARY_PATH takes precedence for all calling objects, see dlopen(3).
|
||||
# https://github.com/open-eid/cmake/pull/35 might be an alternative.
|
||||
qtWrapperArgs = [
|
||||
"--prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/"
|
||||
"--prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -4,8 +4,7 @@ with pkgs;
|
|||
|
||||
runCommand "nixpkgs-metrics"
|
||||
{ nativeBuildInputs = with pkgs.lib; map getBin [ nix time jq ];
|
||||
# see https://github.com/NixOS/nixpkgs/issues/52436
|
||||
#requiredSystemFeatures = [ "benchmark" ]; # dedicated `t2a` machine, by @vcunat
|
||||
requiredSystemFeatures = [ "benchmark" ]; # dedicated `t2a` machine, by @vcunat
|
||||
}
|
||||
''
|
||||
export NIX_STORE_DIR=$TMPDIR/store
|
||||
|
|
|
@ -6980,6 +6980,8 @@ in {
|
|||
|
||||
py-synologydsm-api = callPackage ../development/python-modules/py-synologydsm-api { };
|
||||
|
||||
py-sneakers = callPackage ../development/python-modules/py-sneakers { };
|
||||
|
||||
py-tes = callPackage ../development/python-modules/py-tes { };
|
||||
|
||||
py-ubjson = callPackage ../development/python-modules/py-ubjson { };
|
||||
|
|
Loading…
Reference in a new issue