b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2021-03-09 12:25:54 +00:00 committed by GitHub
parent c5eea46e60 a262124577
commit 5d13702776
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 561 additions and 227 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
nixos/doc/manual/configuration/x-windows.xml
View file

@ -150,7 +150,6 @@
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy390" ];
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy340" ];
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy304" ];
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy173" ];
</programlisting>
You may need to reboot after enabling this driver to prevent a clash with
other kernel modules.
@ -159,21 +158,16 @@
<simplesect xml:id="sec-x11--graphics-cards-amd">
<title>Proprietary AMD drivers</title>
<para>
AMD provides a proprietary driver for its graphics cards that has better 3D
performance than the X.org drivers. It is not enabled by default because
its not free software. You can enable it as follows:
AMD provides a proprietary driver for its graphics cards that is not
enabled by default because its not Free Software, is often broken
in nixpkgs and as of this writing doesn't offer more features or
performance. If you still want to use it anyway, you need to explicitly set:
<programlisting>
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "ati_unfree" ];
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "amdgpu-pro" ];
</programlisting>
You will need to reboot after enabling this driver to prevent a clash with
other kernel modules.
</para>
<note>
<para>
For recent AMD GPUs you most likely want to keep either the defaults
or <literal>"amdgpu"</literal> (both free).
</para>
</note>
</simplesect>
<simplesect xml:id="sec-x11-touchpads">
<title>Touchpads</title>

23
nixos/doc/manual/release-notes/rl-2105.xml
View file

@ -39,6 +39,24 @@
(<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#7547</link>).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
Compared to the previous release, Privoxy has gained support for HTTPS
inspection (still experimental), Brotli decompression, several new filters
and lots of bug fixes, including security ones. In addition, the package
is now built with compression and external filters support, which were
previously disabled.
</para>
<para>
Regarding the NixOS module, new options for HTTPS inspection have been added
and <option>services.privoxy.extraConfig</option> has been replaced by the new
<xref linkend="opt-services.privoxy.settings"/>
(See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
for the motivation).
</para>
</listitem>
</itemizedlist>
</section>
@ -539,6 +557,11 @@ self: super:
<package>imagemagick6Big</package> if you need the older version.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.xserver.videoDrivers" /> no longer uses the deprecated <literal>cirrus</literal> and <literal>vesa</literal> device dependent X drivers by default. It also enables both <literal>amdgpu</literal> and <literal>nouveau</literal> drivers by default now.
</para>
</listitem>
</itemizedlist>
</section>

303
nixos/modules/services/networking/privoxy.nix
View file

@ -4,26 +4,46 @@ with lib;
let
inherit (pkgs) privoxy;
cfg = config.services.privoxy;
confFile = pkgs.writeText "privoxy.conf" (''
user-manual ${privoxy}/share/doc/privoxy/user-manual
confdir ${privoxy}/etc/
listen-address ${cfg.listenAddress}
enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
'' + optionalString cfg.enableTor ''
forward-socks5t / 127.0.0.1:9063 .
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
'' + ''
${cfg.extraConfig}
'');
serialise = name: val:
if isList val then concatMapStrings (serialise name) val
else if isBool val then serialise name (if val then "1" else "0")
else "${name} ${toString val}\n";
configType = with types;
let atom = oneOf [ int bool string path ];
in attrsOf (either atom (listOf atom))
// { description = ''
privoxy configuration type. The format consists of an attribute
set of settings. Each setting can be either a value (integer, string,
boolean or path) or a list of such values.
'';
};
ageType = types.str // {
check = x:
isString x &&
(builtins.match "([0-9]+([smhdw]|min|ms|us)*)+" x != null);
description = "tmpfiles.d(5) age format";
};
configFile = pkgs.writeText "privoxy.conf"
(concatStrings (
# Relative paths in some options are relative to confdir. Privoxy seems
# to parse the options in order of appearance, so this must come first.
# Nix however doesn't preserve the order in attrsets, so we have to
# hardcode confdir here.
[ "confdir ${pkgs.privoxy}/etc\n" ]
++ mapAttrsToList serialise cfg.settings
));
inspectAction = pkgs.writeText "inspect-all-https.action"
''
# Enable HTTPS inspection for all requests
{+https-inspection}
/
'';
in
@ -31,70 +51,130 @@ in
###### interface
options = {
options.services.privoxy = {
services.privoxy = {
enable = mkEnableOption "Privoxy, non-caching filtering proxy";
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Privoxy non-caching filtering proxy.
'';
};
listenAddress = mkOption {
type = types.str;
default = "127.0.0.1:8118";
description = ''
Address the proxy server is listening to.
'';
};
actionsFiles = mkOption {
type = types.listOf types.str;
example = [ "match-all.action" "default.action" "/etc/privoxy/user.action" ];
default = [ "match-all.action" "default.action" ];
description = ''
List of paths to Privoxy action files.
These paths may either be absolute or relative to the privoxy configuration directory.
'';
};
filterFiles = mkOption {
type = types.listOf types.str;
example = [ "default.filter" "/etc/privoxy/user.filter" ];
default = [ "default.filter" ];
description = ''
List of paths to Privoxy filter files.
These paths may either be absolute or relative to the privoxy configuration directory.
'';
};
enableEditActions = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not the web-based actions file editor may be used.
'';
};
enableTor = mkOption {
type = types.bool;
default = false;
description = ''
Whether to configure Privoxy to use Tor's faster SOCKS port,
suitable for HTTP.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "" ;
description = ''
Extra configuration. Contents will be added verbatim to the configuration file.
'';
enableTor = mkOption {
type = types.bool;
default = false;
description = ''
Whether to configure Privoxy to use Tor's faster SOCKS port,
suitable for HTTP.
'';
};
inspectHttps = mkOption {
type = types.bool;
default = false;
description = ''
Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well. This works by decrypting
and re-encrypting the requests using a per-domain generated certificate.
To issue per-domain certificates, Privoxy must be provided with a CA
certificate, using the <literal>ca-cert-file</literal>,
<literal>ca-key-file</literal> settings.
<warning><para>
The CA certificate must also be added to the system trust roots,
otherwise browsers will reject all Privoxy certificates as invalid.
You can do so by using the option
<option>security.pki.certificateFiles</option>.
</para></warning>
'';
};
certsLifetime = mkOption {
type = ageType;
default = "10d";
example = "12h";
description = ''
If <literal>inspectHttps</literal> is enabled, the time generated HTTPS
certificates will be stored in a temporary directory for reuse. Once
the lifetime has expired the directory will cleared and the certificate
will have to be generated again, on-demand.
Depending on the traffic, you may want to reduce the lifetime to limit
the disk usage, since Privoxy itself never deletes the certificates.
<note><para>The format is that of the <literal>tmpfiles.d(5)</literal>
Age parameter.</para></note>
'';
};
userActions = mkOption {
type = types.lines;
default = "";
description = ''
Actions to be included in a <literal>user.action</literal> file. This
will have a higher priority and can be used to override all other
actions.
'';
};
userFilters = mkOption {
type = types.lines;
default = "";
description = ''
Filters to be included in a <literal>user.filter</literal> file. This
will have a higher priority and can be used to override all other
filters definitions.
'';
};
settings = mkOption {
type = types.submodule {
freeformType = configType;
options.listen-address = mkOption {
type = types.str;
default = "127.0.0.1:8118";
description = "Pair of address:port the proxy server is listening to.";
};
options.enable-edit-actions = mkOption {
type = types.bool;
default = false;
description = "Whether the web-based actions file editor may be used.";
};
options.actionsfile = mkOption {
type = types.listOf types.str;
# This must come after all other entries, in order to override the
# other actions/filters installed by Privoxy or the user.
apply = x: x ++ optional (cfg.userActions != "")
(toString (pkgs.writeText "user.actions" cfg.userActions));
default = [ "match-all.action" "default.action" ];
description = ''
List of paths to Privoxy action files. These paths may either be
absolute or relative to the privoxy configuration directory.
'';
};
options.filterfile = mkOption {
type = types.listOf types.str;
default = [ "default.filter" ];
apply = x: x ++ optional (cfg.userFilters != "")
(toString (pkgs.writeText "user.filter" cfg.userFilters));
description = ''
List of paths to Privoxy filter files. These paths may either be
absolute or relative to the privoxy configuration directory.
'';
};
};
default = {};
example = literalExample ''
{ listen-address = "[::]:8118"; # listen on IPv6 only
forward-socks5 = ".onion localhost:9050 ."; # forward .onion requests to Tor
}
'';
description = ''
This option is mapped to the main Privoxy configuration file.
Check out the Privoxy user manual at
<link xlink:href="file://${pkgs.privoxy}/share/doc/privoxy/user-manual/config.html"/>
for available settings and documentation.
'';
};
};
@ -104,23 +184,34 @@ in
config = mkIf cfg.enable {
users.users.privoxy = {
description = "Privoxy daemon user";
isSystemUser = true;
home = "/var/empty";
group = "privoxy";
};
users.groups.privoxy = {};
systemd.tmpfiles.rules = with cfg.settings; [
"d ${certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}"
];
systemd.services.privoxy = {
description = "Filtering web proxy";
after = [ "network.target" "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${privoxy}/bin/privoxy --no-daemon --user privoxy ${confFile}";
serviceConfig.PrivateDevices = true;
serviceConfig.PrivateTmp = true;
serviceConfig.ProtectHome = true;
serviceConfig.ProtectSystem = "full";
serviceConfig = {
User = "privoxy";
Group = "privoxy";
ExecStart = "${pkgs.privoxy}/bin/privoxy --no-daemon ${configFile}";
PrivateDevices = true;
PrivateTmp = true;
ProtectHome = true;
ProtectSystem = "full";
};
unitConfig = mkIf cfg.inspectHttps {
ConditionPathExists = with cfg.settings;
[ ca-cert-file ca-key-file ];
};
};
services.tor.settings.SOCKSPort = mkIf cfg.enableTor [
@ -128,8 +219,48 @@ in
{ addr = "127.0.0.1"; port = 9063; IsolateDestAddr = false; }
];
services.privoxy.settings = {
user-manual = "${pkgs.privoxy}/share/doc/privoxy/user-manual";
# This is needed for external filters
temporary-directory = "/tmp";
filterfile = [ "default.filter" ];
actionsfile =
[ "match-all.action"
"default.action"
] ++ optional cfg.inspectHttps (toString inspectAction);
} // (optionalAttrs cfg.enableTor {
forward-socks5 = "127.0.0.1:9063 .";
toggle = true;
enable-remote-toggle = false;
enable-edit-actions = false;
enable-remote-http-toggle = false;
}) // (optionalAttrs cfg.inspectHttps {
# This allows setting absolute key/crt paths
ca-directory = "/var/empty";
certificate-directory = "/run/privoxy/certs";
trusted-cas-file = "/etc/ssl/certs/ca-certificates.crt";
});
};
imports =
let
top = x: [ "services" "privoxy" x ];
setting = x: [ "services" "privoxy" "settings" x ];
in
[ (mkRenamedOptionModule (top "enableEditActions") (setting "enable-edit-actions"))
(mkRenamedOptionModule (top "listenAddress") (setting "listen-address"))
(mkRenamedOptionModule (top "actionsFiles") (setting "actionsfile"))
(mkRenamedOptionModule (top "filterFiles") (setting "filterfile"))
(mkRemovedOptionModule (top "extraConfig")
''
Use services.privoxy.settings instead.
This is part of the general move to use structured settings instead of raw
text for config as introduced by RFC0042:
https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
'')
];
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
}

7
nixos/modules/services/x11/xserver.nix
View file

@ -251,11 +251,10 @@ in
videoDrivers = mkOption {
type = types.listOf types.str;
# !!! We'd like "nv" here, but it segfaults the X server.
default = [ "radeon" "cirrus" "vesa" "modesetting" ];
default = [ "amdgpu" "radeon" "nouveau" "modesetting" "fbdev" ];
example = [
"ati_unfree" "amdgpu" "amdgpu-pro"
"nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304"
"nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304"
"amdgpu-pro"
];
# TODO(@oxij): think how to easily add the rest, like those nvidia things
relatedPackages = concatLists

1
nixos/tests/all-tests.nix
View file

@ -326,6 +326,7 @@ in
predictable-interface-names = handleTest ./predictable-interface-names.nix {};
printing = handleTest ./printing.nix {};
privacyidea = handleTest ./privacyidea.nix {};
privoxy = handleTest ./privoxy.nix {};
prometheus = handleTest ./prometheus.nix {};
prometheus-exporters = handleTest ./prometheus-exporters.nix {};
prosody = handleTest ./xmpp/prosody.nix {};

113
nixos/tests/privoxy.nix Normal file
View file

@ -0,0 +1,113 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
let
# Note: For some reason Privoxy can't issue valid
# certificates if the CA is generated using gnutls :(
certs = pkgs.runCommand "example-certs"
{ buildInputs = [ pkgs.openssl ]; }
''
mkdir $out
# generate CA keypair
openssl req -new -nodes -x509 \
-extensions v3_ca -keyout $out/ca.key \
-out $out/ca.crt -days 365 \
-subj "/O=Privoxy CA/CN=Privoxy CA"
# generate server key/signing request
openssl genrsa -out $out/server.key 3072
openssl req -new -key $out/server.key \
-out server.csr -sha256 \
-subj "/O=An unhappy server./CN=example.com"
# sign the request/generate the certificate
openssl x509 -req -in server.csr -CA $out/ca.crt \
-CAkey $out/ca.key -CAcreateserial -out $out/server.crt \
-days 500 -sha256
'';
in
{
name = "privoxy";
meta = with lib.maintainers; {
maintainers = [ rnhmjoj ];
};
machine = { ... }: {
services.nginx.enable = true;
services.nginx.virtualHosts."example.com" = {
addSSL = true;
sslCertificate = "${certs}/server.crt";
sslCertificateKey = "${certs}/server.key";
locations."/".root = pkgs.writeTextFile
{ name = "bad-day";
destination = "/how-are-you/index.html";
text = "I've had a bad day!\n";
};
locations."/ads".extraConfig = ''
return 200 "Hot Nixpkgs PRs in your area. Click here!\n";
'';
};
services.privoxy = {
enable = true;
inspectHttps = true;
settings = {
ca-cert-file = "${certs}/ca.crt";
ca-key-file = "${certs}/ca.key";
debug = 65536;
};
userActions = ''
{+filter{positive}}
example.com
{+block{Fake ads}}
example.com/ads
'';
userFilters = ''
FILTER: positive This is a filter example.
s/bad/great/ig
'';
};
security.pki.certificateFiles = [ "${certs}/ca.crt" ];
networking.hosts."::1" = [ "example.com" ];
networking.proxy.httpProxy = "http://localhost:8118";
networking.proxy.httpsProxy = "http://localhost:8118";
};
testScript =
''
with subtest("Privoxy is running"):
machine.wait_for_unit("privoxy")
machine.wait_for_open_port("8118")
machine.succeed("curl -f http://config.privoxy.org")
with subtest("Privoxy can filter http requests"):
machine.wait_for_open_port("80")
assert "great day" in machine.succeed(
"curl -sfL http://example.com/how-are-you? | tee /dev/stderr"
)
with subtest("Privoxy can filter https requests"):
machine.wait_for_open_port("443")
assert "great day" in machine.succeed(
"curl -sfL https://example.com/how-are-you? | tee /dev/stderr"
)
with subtest("Blocks are working"):
machine.wait_for_open_port("443")
machine.fail("curl -f https://example.com/ads 1>&2")
machine.succeed("curl -f https://example.com/PRIVOXY-FORCE/ads 1>&2")
with subtest("Temporary certificates are cleaned"):
# Count current certificates
machine.succeed("test $(ls /run/privoxy/certs | wc -l) -gt 0")
# Forward in time 12 days, trigger the timer..
machine.succeed("date -s \"$(date --date '12 days')\"")
machine.systemctl("start systemd-tmpfiles-clean")
# ...and count again
machine.succeed("test $(ls /run/privoxy/certs | wc -l) -eq 0")
'';
})

16
pkgs/applications/misc/foxtrotgps/default.nix
View file

@ -6,8 +6,8 @@ let
srcs = {
foxtrot = fetchbzr {
url = "lp:foxtrotgps";
rev = "326";
sha256 = "191pgcy5rng8djy22a5z9s8gssc73f9p5hm4ig52ra189cb48d8k";
rev = "329";
sha256 = "0fwgnsrah63h1xdgm5xdi5ancrz89shdp5sdzw1qc1m7i9a03rid";
};
screenshots = fetchbzr {
url = "lp:foxtrotgps/screenshots";
@ -17,23 +17,21 @@ let
};
in stdenv.mkDerivation rec {
pname = "foxtrotgps";
version = "1.2.2+326";
version = "1.2.2+329";
# Pull directly from bzr because gpsd API version 9 is not supported on latest release
src = srcs.foxtrot;
patches = [
./gps-status-fix.patch
nativeBuildInputs = [
pkg-config autoreconfHook texinfo help2man
imagemagick wrapGAppsHook intltool
];
nativeBuildInputs = [ pkg-config autoreconfHook texinfo help2man imagemagick wrapGAppsHook ];
buildInputs = [
curl.dev
gnome2.libglade.dev
gpsd
gtk2.dev
intltool
libexif
sqlite.dev
(python3Packages.python.withPackages (pythonPackages: with python3Packages;
@ -58,7 +56,7 @@ in stdenv.mkDerivation rec {
innovation.
'';
homepage = "https://www.foxtrotgps.org/";
license = licenses.gpl2;
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ wucke13 ];
};

14
pkgs/applications/misc/foxtrotgps/gps-status-fix.patch
View file

@ -1,14 +0,0 @@
--- foxtrot/src/gps_functions.c.orig 2020-12-04 15:02:22.290163204 -0600
+++ foxtrot/src/gps_functions.c 2020-12-04 15:04:54.470648534 -0600
@@ -762,7 +762,11 @@
{
gpsdata->fix.time = (time_t) 0;
}
+#if GPSD_API_MAJOR_VERSION >= 9
+ gpsdata->valid = (libgps_gpsdata.fix.status != STATUS_NO_FIX);
+#else
gpsdata->valid = (libgps_gpsdata.status != STATUS_NO_FIX);
+#endif
if (gpsdata->valid)
{
gpsdata->seen_valid = TRUE;

31
pkgs/applications/networking/irc/qweechat/default.nix
View file

@ -1,31 +0,0 @@
{ lib, fetchFromGitHub, python27Packages }:
python27Packages.buildPythonApplication rec {
version = "2016-07-29";
name = "qweechat-unstable-${version}";
namePrefix = "";
src = fetchFromGitHub {
owner = "weechat";
repo = "qweechat";
rev = "f5e54d01691adb3abef47e051a6412186c33313c";
sha256 = "0dhlriwvkrsn7jj01p2wqhf2p63n9qd173jsgccgxlacm2zzvhaz";
};
prePatch = ''
substituteInPlace setup.py \
--replace 'qweechat = qweechat.qweechat' 'qweechat = qweechat.qweechat:main'
'';
propagatedBuildInputs = with python27Packages; [
pyside setuptools
];
meta = with lib; {
homepage = "https://github.com/weechat/qweechat";
description = "Qt remote GUI for WeeChat";
license = licenses.gpl3;
maintainers = with maintainers; [ ramkromberg ];
platforms = with platforms; linux;
};
}

4
pkgs/applications/office/zotero/default.nix
View file

@ -36,11 +36,11 @@
stdenv.mkDerivation rec {
pname = "zotero";
version = "5.0.95";
version = "5.0.96";
src = fetchurl {
url = "https://download.zotero.org/client/release/${version}/Zotero-${version}_linux-x86_64.tar.bz2";
sha256 = "16rahl14clgnl7gzpw7rxx23yxbw1nbrz219q051zkjkkw5ai8lv";
sha256 = "sha256-W8Iu8UoTqC3aK7lB4bq1L7cNmjaEvjEK+ODcZ9kk3f8=";
};
nativeBuildInputs = [ wrapGAppsHook ];

9
pkgs/applications/video/minitube/default.nix
View file

@ -1,16 +1,15 @@
{ mkDerivation, lib, fetchFromGitHub, phonon, phonon-backend-vlc, qtbase, qmake
, qtdeclarative, qttools, qtx11extras, mpv
# "Free" key generated by nckx <github@tobias.gr>. I no longer have a Google
# account. You'll need to generate (and please share :-) a new one if it breaks.
, withAPIKey ? "AIzaSyBtFgbln3bu1swQC-naMxMtKh384D3xJZE" }:
# "Free" key generated by pasqui23
, withAPIKey ? "AIzaSyBQvZXseEVvgu5Ega_DI-AIJ55v0OsHmVY" }:
mkDerivation rec {
pname = "minitube";
version = "3.6";
version = "3.8.1";
src = fetchFromGitHub {
sha256 = "6IaBPYL/yGWKUHxPe1FnAR1gDHImXYGItYWq7VNjwEU=";
sha256 = "3lpZyPwo4NnxZJKfmCFsH4WdakV4KB5BtCr5xsleeIQ=";
rev = version;
repo = "minitube";
owner = "flaviotordini";

4
pkgs/build-support/docker/default.nix
View file

@ -518,9 +518,9 @@ rec {
};
result = runCommand "docker-image-${baseName}.tar.gz" {
nativeBuildInputs = [ jshon pigz coreutils findutils jq moreutils ];
# Image name and tag must be lowercase
# Image name must be lowercase
imageName = lib.toLower name;
imageTag = if tag == null then "" else lib.toLower tag;
imageTag = if tag == null then "" else tag;
inherit fromImage baseJson;
layerClosure = writeReferencesToFile layer;
passthru.buildArgs = args;

36
pkgs/development/compilers/gambit/build.nix
View file

@ -25,10 +25,11 @@ gccStdenv.mkDerivation rec {
inherit src version git-version;
bootstrap = gambit-support.gambit-bootstrap;
nativeBuildInputs = [ git autoconf ];
# TODO: if/when we can get all the library packages we depend on to have static versions,
# we could use something like (makeStaticLibraries openssl) to enable creation
# of statically linked binaries by gsc.
buildInputs = [ git autoconf bootstrap openssl ];
buildInputs = [ openssl ];
# TODO: patch gambit's source so it has the full path to sed, grep, fgrep? Is there more?
# Or wrap relevant programs to add a suitable PATH ?
@ -62,11 +63,11 @@ gccStdenv.mkDerivation rec {
lib.optional (!gccStdenv.isDarwin) "--enable-poll";
configurePhase = ''
export CC=${gcc}/bin/gcc \
CXX=${gcc}/bin/g++ \
CPP=${gcc}/bin/cpp \
CXXCPP=${gcc}/bin/cpp \
LD=${gcc}/bin/ld \
export CC=${gccStdenv.cc.targetPrefix}gcc \
CXX=${gccStdenv.cc.targetPrefix}g++ \
CPP=${gccStdenv.cc.targetPrefix}cpp \
CXXCPP=${gccStdenv.cc.targetPrefix}cpp \
LD=${gccStdenv.cc.targetPrefix}ld \
XMKMF=${coreutils}/bin/false
unset CFLAGS LDFLAGS LIBS CPPFLAGS CXXFLAGS
@ -76,22 +77,23 @@ gccStdenv.mkDerivation rec {
# OS-specific paths are hardcoded in ./configure
substituteInPlace config.status \
--replace /usr/local/opt/openssl/lib "${openssl.out}/lib" \
--replace /usr/local/opt/openssl@1.1/lib "${openssl.out}/lib"
--replace "/usr/local/opt/openssl@1.1" "${openssl.out}" \
--replace "/usr/local/opt/openssl" "${openssl.out}"
./config.status
'';
buildPhase = ''
# Make bootstrap compiler, from release bootstrap
mkdir -p boot &&
cp -rp ${bootstrap}/gambit/. boot/. &&
chmod -R u+w boot &&
cd boot &&
cp ../gsc/makefile.in ../gsc/*.scm gsc/ && # */
./configure &&
for i in lib gsi gsc ; do (cd $i ; make -j$NIX_BUILD_CORES) ; done &&
cd .. &&
cp boot/gsc/gsc gsc-boot &&
mkdir -p boot
cp -rp ${bootstrap}/gambit/. boot/.
chmod -R u+w boot
cd boot
cp ../gsc/makefile.in ../gsc/*.scm gsc/
./configure
for i in lib gsi gsc ; do (cd $i ; make -j$NIX_BUILD_CORES) ; done
cd ..
cp boot/gsc/gsc gsc-boot
# Now use the bootstrap compiler to build the real thing!
make -j$NIX_BUILD_CORES from-scratch

2
pkgs/development/compilers/gerbil/build.nix
View file

@ -1,4 +1,4 @@
{ pkgs, gccStdenv, lib, coreutils, bash, # makeStaticLibraries,
{ pkgs, gccStdenv, lib, coreutils,
openssl, zlib, sqlite, libxml2, libyaml, libmysqlclient, lmdb, leveldb, postgresql,
version, git-version,
gambit-support,

86
pkgs/development/libraries/librsb/default.nix Normal file
View file

@ -0,0 +1,86 @@
{ lib, stdenv, fetchurl
, gfortran
, pkg-config, libtool
, m4, gnum4
, file
# Memory Hierarchy (End-user can provide this.)
, memHierarchy ? ""
# Headers/Libraries
, blas, zlib
# RPC headers (rpc/xdr.h)
, openmpi
, help2man
, doxygen
, octave
}:
stdenv.mkDerivation rec {
pname = "librsb";
version = "1.2.0.9";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "1ynrsgnvv1jfm8dv3jwjrip9x9icxv7w3qrk149025j6fbaza8gl";
};
# The default configure flags are still present when building
# --disable-static --disable-dependency-tracking
# Along with the --prefix=... flag (but we want that one).
configureFlags = [
"--enable-static"
"--enable-doc-build"
"--enable-octave-testing"
"--enable-sparse-blas-interface"
"--enable-fortran-module-install"
"--enable-pkg-config-install"
"--enable-matrix-types=all"
"--with-zlib=${zlib}/lib/libz.so"
"--with-memhinfo=${memHierarchy}"
];
# Ensure C/Fortran code is position-independent.
NIX_CFLAGS_COMPILE = [ "-fPIC" "-Ofast" ];
FCFLAGS = [ "-fPIC" "-Ofast" ];
enableParallelBuilding = true;
nativeBuildInputs = [
gfortran
pkg-config libtool
m4 gnum4
file
blas zlib
openmpi
octave
help2man # Turn "--help" into a man-page
doxygen # Build documentation
];
# Need to run cleanall target to remove any previously-generated files.
preBuild = ''
make cleanall
'';
checkInputs = [
octave
];
checkTarget = "tests";
meta = with lib; {
homepage = "http://librsb.sourceforge.net/";
description = "Shared memory parallel sparse matrix and sparse BLAS library";
longDescription = ''
Library for sparse matrix computations featuring the Recursive Sparse
Blocks (RSB) matrix format. This format allows cache efficient and
multi-threaded (that is, shared memory parallel) operations on large
sparse matrices.
librsb implements the Sparse BLAS standard, as specified in the BLAS
Forum documents.
Contains libraries and header files for developing applications that
want to make use of librsb.
'';
license = with licenses; [ lgpl3Plus ];
maintainers = with maintainers; [ KarlJoad ];
platforms = platforms.all;
};
}

4
pkgs/development/ocaml-modules/batteries/default.nix
View file

@ -1,13 +1,13 @@
{ stdenv, lib, fetchurl, ocaml, findlib, ocamlbuild, qtest, num }:
let version = "3.2.0"; in
let version = "3.3.0"; in
stdenv.mkDerivation {
name = "ocaml${ocaml.version}-batteries-${version}";
src = fetchurl {
url = "https://github.com/ocaml-batteries-team/batteries-included/releases/download/v${version}/batteries-${version}.tar.gz";
sha256 = "0a77njgc6c6kz4rpwqgmnii7f1na6hzsa55nqqm3dndhq9xh628w";
sha256 = "002pqkcg18zx59hsf172wg6s7lwsiagp5sfvf5yssp7xxal5jdgx";
};
buildInputs = [ ocaml findlib ocamlbuild ];

4
pkgs/development/php-packages/apcu/default.nix
View file

@ -3,8 +3,8 @@
buildPecl {
pname = "apcu";
version = "5.1.19";
sha256 = "1q3c4y9jqh1yz5vps2iiz2x04vn0y1g5ibxg1x8zp7n7sncvqzw3";
version = "5.1.20";
sha256 = "sha256-uZ1A+v7Ab00TL87lPnUm3b/B0EHqbgThc4nfrSj5w5A=";
buildInputs = [ pcre' ];
doCheck = true;

4
pkgs/development/php-packages/smbclient/default.nix
View file

@ -1,8 +1,8 @@
{ buildPecl, lib, samba, pkg-config }:
buildPecl {
pname = "smbclient";
version = "1.0.5";
sha256 = "sha256-cNvTa1qzYrlhuX4oNehXt+XKqmqfonyomW/usQdQQO0=";
version = "1.0.6";
sha256 = "sha256-ZsQzdDt6NLRWBsA75om9zkxSvB6zBsvvPhXJZrX/KNc=";
# TODO: remove this when upstream merges a fix - https://github.com/eduardok/libsmbclient-php/pull/66
LIBSMBCLIENT_INCDIR = "${samba.dev}/include/samba-4.0";

4
pkgs/development/python-modules/buildbot/default.nix
View file

@ -25,11 +25,11 @@ let
package = buildPythonPackage rec {
pname = "buildbot";
version = "2.10.1";
version = "3.0.0";
src = fetchPypi {
inherit pname version;
sha256 = "0jmgpvgn36kfc1sa27a1l1g26dawhl99a1wl8gn4ajbcbcvc2pkh";
sha256 = "0li47fpm398dk69q6g2zjaxx46w00g3n0jszz88kf57sakri553y";
};
propagatedBuildInputs = [

2
pkgs/development/python-modules/buildbot/pkg.nix
View file

@ -6,7 +6,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
sha256 = "0ymqkjz1zk4gs0hkxjh07napc4k24xxb8f3pganw27fca60xcii0";
sha256 = "0ihcxdkbm1lq79fdjmcrj316zh6sjlc3162yynww8nggv2mlnz6v";
};
postPatch = ''

10
pkgs/development/python-modules/buildbot/plugins.nix
View file

@ -7,7 +7,7 @@
src = fetchPypi {
inherit pname version;
sha256 = "0x2k95lwx2gz2zj2ys646qiylhyqzlbiqf1k3q1l8w1wlggwv3xp";
sha256 = "0pk7h5wwvmdn74ngj5rspz7z9y80ryzgqd2z2qy7kf9chpz7qczk";
};
# Remove unneccessary circular dependency on buildbot
@ -34,7 +34,7 @@
src = fetchPypi {
inherit pname version;
sha256 = "0fpam6x8x207la1xrr8m45yx35r646iizrs4gsaghlysmr95jb3i";
sha256 = "1y9dpxi7r5r2ya5y0i28b4g5fvla6wrbjz9rffqaqldf4h316jx2";
};
buildInputs = [ buildbot-pkg ];
@ -56,7 +56,7 @@
src = fetchPypi {
inherit pname version;
sha256 = "0ari338hmi1bb1pln3mxv4k9aclbcby6z3km61wg3va511qhrrbq";
sha256 = "0vhnqqxl693b2d14ayifpjz8zlg3dngl127svr08amzmbad7irh1";
};
buildInputs = [ buildbot-pkg ];
@ -78,7 +78,7 @@
src = fetchPypi {
inherit pname version;
sha256 = "0a5nrklyzfasaa119y4ivr7449rvsgifpkyravinacrl1g9phlls";
sha256 = "1dgs33z3sjr3s8ymqyxjkx2g6iah3p91ng9hxllmyyp4xpxaxyhk";
};
buildInputs = [ buildbot-pkg ];
@ -100,7 +100,7 @@
src = fetchPypi {
inherit pname version;
sha256 = "0rris2p7ic9p9ms3qcczia4nn5mb1yx2gv5mlnmg2yligjad2jaf";
sha256 = "06j6f2k0r8nyh8swh689cy4zq50lmy5glx0pa3zdpnk02k4x3q72";
};
buildInputs = [ buildbot-pkg ];

2
pkgs/development/python-modules/buildbot/worker.nix
View file

@ -7,7 +7,7 @@ buildPythonPackage (rec {
src = fetchPypi {
inherit pname version;
sha256 = "10ap7jlxs9vcmnyafr62mxlgsp709165nw55xmv9sw18r7m8wsm6";
sha256 = "0zrd9h9i7fnmh81zvscxzq3rspyvjvidzbgcziq2m0z522krs8qq";
};
propagatedBuildInputs = [ twisted future ];

14
pkgs/development/python-modules/docker/default.nix
View file

@ -1,8 +1,11 @@
{ lib, stdenv, buildPythonPackage, fetchPypi, isPy27
{ lib
, stdenv
, buildPythonPackage
, fetchPypi
, isPy27
, backports_ssl_match_hostname
, mock
, paramiko
, pytest
, pytestCheckHook
, requests
, six
@ -11,11 +14,11 @@
buildPythonPackage rec {
pname = "docker";
version = "4.4.3";
version = "4.4.4";
src = fetchPypi {
inherit pname version;
sha256 = "de5753b7f6486dd541a98393e423e387579b8974a5068748b83f852cc76a89d6";
sha256 = "d3393c878f575d3a9ca3b94471a3c89a6d960b35feb92f033c0de36cc9d934db";
};
nativeBuildInputs = lib.optional isPy27 mock;
@ -32,8 +35,9 @@ buildPythonPackage rec {
];
pytestFlagsArray = [ "tests/unit" ];
# Deselect socket tests on Darwin because it hits the path length limit for a Unix domain socket
disabledTests = lib.optionals stdenv.isDarwin [ "stream_response" "socket_file" ];
disabledTests = lib.optionals stdenv.isDarwin [ "api_test" "stream_response" "socket_file" ];
dontUseSetuptoolsCheck = true;

13
pkgs/development/tools/kustomize/default.nix
View file

@ -2,9 +2,9 @@
buildGoModule rec {
pname = "kustomize";
version = "3.10.0";
# rev is the 3.9.3 commit, mainly for kustomize version command output
rev = "602ad8aa98e2e17f6c9119e027a09757e63c8bec";
version = "4.0.5";
# rev is the commit of the tag, mainly for kustomize version command output
rev = "9e8e7a7fe99ec9fbf801463e8607928322fc5245";
buildFlagsArray = let t = "sigs.k8s.io/kustomize/api/provenance"; in
''
@ -17,13 +17,16 @@ buildGoModule rec {
owner = "kubernetes-sigs";
repo = pname;
rev = "kustomize/v${version}";
sha256 = "1qr0mi83df8d9qd2svyr1h26pg97qi67nnygrkydnp8an28k48hi";
sha256 = "sha256-rv65sDr6V6hEYgIRxS1OSu9txmW75F7/YGAy/zRXGyY=";
};
# TODO: Remove once https://github.com/kubernetes-sigs/kustomize/pull/3708 got merged.
doCheck = false;
# avoid finding test and development commands
sourceRoot = "source/kustomize";
vendorSha256 = "0p2j8mm7jpladpm6v3451g38n5bax0g368dk5h5r5gmkr6srxdy4";
vendorSha256 = "sha256-lLUi0vD7uyfDR4HjDiosoTU0NbfQTY7ewZGm38ZT9nU=";
meta = with lib; {
description = "Customization of kubernetes YAML configurations";

4
pkgs/development/tools/ocaml/dune/2.nix
View file

@ -6,11 +6,11 @@ else
stdenv.mkDerivation rec {
pname = "dune";
version = "2.8.2";
version = "2.8.4";
src = fetchurl {
url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz";
sha256 = "07mf6pnmv1a6wh4la45zf6cn6qy2vcmz4xgx0djj75kw1wiyii72";
sha256 = "1b78f8gk53m68i9igvfpylmvi55h4qqfwymknz1vval4flbj0r2f";
};
buildInputs = [ ocaml findlib ];

29
pkgs/tools/filesystems/unionfs-fuse/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, fuse }:
{ lib, stdenv, fetchFromGitHub, cmake, fuse, osxfuse }:
stdenv.mkDerivation rec {
pname = "unionfs-fuse";
@ -11,16 +11,23 @@ stdenv.mkDerivation rec {
sha256 = "0bwx70x834qgqh53vqp18bhbxbsny80hz922rbgj8k9wj7cbfilm";
};
patches =
[ # Prevent the unionfs daemon from being killed during
# shutdown. See
# http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/
# for details.
./prevent-kill-on-shutdown.patch
];
patches = [
# Prevent the unionfs daemon from being killed during
# shutdown. See
# http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/
# for details.
./prevent-kill-on-shutdown.patch
];
postPatch = lib.optionalString stdenv.isDarwin ''
substituteInPlace CMakeLists.txt \
--replace '/usr/local/include/osxfuse/fuse' '${osxfuse}/include/osxfuse/fuse'
substituteInPlace src/CMakeLists.txt \
--replace 'target_link_libraries(unionfs fuse pthread)' 'target_link_libraries(unionfs osxfuse pthread)'
'';
nativeBuildInputs = [ cmake ];
buildInputs = [ fuse ];
buildInputs = [ (if stdenv.isDarwin then osxfuse else fuse) ];
# Put the unionfs mount helper in place as mount.unionfs-fuse. This makes it
# possible to do:
@ -28,7 +35,7 @@ stdenv.mkDerivation rec {
#
# This must be done in preConfigure because the build process removes
# helper from the source directory during the build.
preConfigure = ''
preConfigure = lib.optionalString (!stdenv.isDarwin) ''
mkdir -p $out/sbin
cp -a mount.unionfs $out/sbin/mount.unionfs-fuse
substituteInPlace $out/sbin/mount.unionfs-fuse --replace mount.fuse ${fuse}/sbin/mount.fuse
@ -39,7 +46,7 @@ stdenv.mkDerivation rec {
description = "FUSE UnionFS implementation";
homepage = "https://github.com/rpodgorny/unionfs-fuse";
license = licenses.bsd3;
platforms = platforms.linux;
platforms = platforms.unix;
maintainers = with maintainers; [ orivej ];
};
}

25
pkgs/tools/networking/privoxy/default.nix
View file

@ -1,4 +1,9 @@
{ lib, stdenv, fetchurl, autoreconfHook, zlib, pcre, w3m, man }:
{ lib, stdenv
, nixosTests
, fetchurl, autoreconfHook
, zlib, pcre, w3m, man
, mbedtls, brotli
}:
stdenv.mkDerivation rec {
@ -13,18 +18,28 @@ stdenv.mkDerivation rec {
hardeningEnable = [ "pie" ];
nativeBuildInputs = [ autoreconfHook w3m man ];
buildInputs = [ zlib pcre ];
buildInputs = [ zlib pcre mbedtls brotli ];
makeFlags = [ "STRIP="];
makeFlags = [ "STRIP=" ];
configureFlags = [
"--with-mbedtls"
"--with-brotli"
"--enable-external-filters"
"--enable-compression"
];
postInstall = ''
rm -rf $out/var
rm -r $out/var
'';
passthru.tests.privoxy = nixosTests.privoxy;
meta = with lib; {
homepage = "https://www.privoxy.org/";
description = "Non-caching web proxy with advanced filtering capabilities";
license = licenses.gpl2Plus;
# When linked with mbedtls, the license becomes GPLv3 (or later), otherwise
# GPLv2 (or later). See https://www.privoxy.org/user-manual/copyright.html
license = licenses.gpl3Plus;
platforms = platforms.all;
maintainers = [ maintainers.phreedom ];
};

1
pkgs/top-level/aliases.nix
View file

@ -564,6 +564,7 @@ mapAliases ({
qr-filetransfer = throw ''"qr-filetransfer" has been renamed to "qrcp"''; # added 2020-12-02
quake3game = ioquake3; # added 2016-01-14
qvim = throw "qvim has been removed."; # added 2020-08-31
qweechat = throw "qweechat has been removed because it was broken"; # added 2021-03-08
qwt6 = libsForQt5.qwt; # added 2015-12-19
qtcurve = libsForQt5.qtcurve; # added 2020-11-07
qtpfsgui = throw "qtpfsgui is now luminanceHDR"; # added 2019-06-26

7
pkgs/top-level/all-packages.nix
View file

@ -15337,6 +15337,11 @@ in
librime = callPackage ../development/libraries/librime {};
librsb = callPackage ../development/libraries/librsb {
# Taken from https://build.opensuse.org/package/view_file/science/librsb/librsb.spec
memHierarchy = "L3:16/64/8192K,L2:16/64/2048K,L1:8/64/16K";
};
librtprocess = callPackage ../development/libraries/librtprocess { };
libsamplerate = callPackage ../development/libraries/libsamplerate {
@ -27311,8 +27316,6 @@ in
pysolfc = python3Packages.callPackage ../games/pysolfc { };
qweechat = callPackage ../applications/networking/irc/qweechat { };
qqwing = callPackage ../games/qqwing { };
quake3wrapper = callPackage ../games/quake3/wrapper { };