diff --git a/doc/stdenv/meta.chapter.md b/doc/stdenv/meta.chapter.md index c1bb3f8863f..475006b1259 100644 --- a/doc/stdenv/meta.chapter.md +++ b/doc/stdenv/meta.chapter.md @@ -249,3 +249,31 @@ Unfree package that cannot be redistributed. You can build it yourself, but you ### `lib.licenses.unfreeRedistributableFirmware`, `"unfree-redistributable-firmware"` {#lib.licenses.unfreeredistributablefirmware-unfree-redistributable-firmware} This package supplies unfree, redistributable firmware. This is a separate value from `unfree-redistributable` because not everybody cares whether firmware is free. + +## Source provenance {#sec-meta-sourceProvenance} + +The value of a package's `meta.sourceProvenance` attribute specifies the provenance of the package's derivation outputs. + +If a package contains elements that are not built from the original source by a nixpkgs derivation, the `meta.sourceProvenance` attribute should be a list containing one or more value from `lib.sourceTypes` defined in [`nixpkgs/lib/source-types.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/source-types.nix). + +Adding this information helps users who have needs related to build transparency and supply-chain security to gain some visibility into their installed software or set policy to allow or disallow installation based on source provenance. + +The presence of a particular `sourceType` in a package's `meta.sourceProvenance` list indicates that the package contains some components falling into that category, though the *absence* of that `sourceType` does not *guarantee* the absence of that category of `sourceType` in the package's contents. A package with no `meta.sourceProvenance` set implies it has no *known* `sourceType`s other than `fromSource`. + +The meaning of the `meta.sourceProvenance` attribute does not depend on the value of the `meta.license` attribute. + +### `lib.sourceTypes.fromSource` {#lib.sourceTypes.fromSource} + +Package elements which are produced by a nixpkgs derivation which builds them from source code. + +### `lib.sourceTypes.binaryNativeCode` {#lib.sourceTypes.binaryNativeCode} + +Native code to be executed on the target system's CPU, built by a third party. This includes packages which wrap a downloaded AppImage or Debian package. + +### `lib.sourceTypes.binaryFirmware` {#lib.sourceTypes.binaryFirmware} + +Code to be executed on a peripheral device or embedded controller, built by a third party. + +### `lib.sourceTypes.binaryBytecode` {#lib.sourceTypes.binaryBytecode} + +Code to run on a VM interpreter or JIT compiled into bytecode by a third party. This includes packages which download Java `.jar` files from another source. diff --git a/lib/default.nix b/lib/default.nix index e919509e724..791eba8a930 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -36,6 +36,7 @@ let # constants licenses = callLibs ./licenses.nix; + sourceTypes = callLibs ./source-types.nix; systems = callLibs ./systems; # serialization diff --git a/lib/source-types.nix b/lib/source-types.nix new file mode 100644 index 00000000000..c4f263dcf46 --- /dev/null +++ b/lib/source-types.nix @@ -0,0 +1,19 @@ +{ lib }: + +let + defaultSourceType = tname: { + shortName = tname; + isSource = false; + }; +in lib.mapAttrs (tname: tset: defaultSourceType tname // tset) { + + fromSource = { + isSource = true; + }; + + binaryNativeCode = {}; + + binaryBytecode = {}; + + binaryFirmware = {}; +} diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 0c2333399e8..160d76597c8 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -932,7 +932,7 @@ in # System Call Filtering SystemCallArchitectures = "native"; SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid" ] - ++ optionals ((cfg.package != pkgs.tengine) && (!lib.any (mod: (mod.disableIPC or false)) cfg.package.modules)) [ "~@ipc" ]; + ++ optionals ((cfg.package != pkgs.tengine) && (cfg.package != pkgs.openresty) && (!lib.any (mod: (mod.disableIPC or false)) cfg.package.modules)) [ "~@ipc" ]; }; }; diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 22d5ec76af7..337064034ef 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -14,6 +14,8 @@ extraUtils="@extraUtils@" export LD_LIBRARY_PATH=@extraUtils@/lib export PATH=@extraUtils@/bin ln -s @extraUtils@/bin /bin +# hardcoded in util-linux's mount helper search path `/run/wrappers/bin:/run/current-system/sw/bin:/sbin` +ln -s @extraUtils@/bin /sbin # Copy the secrets to their needed location if [ -d "@extraUtils@/secrets" ]; then diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index d10ebac5682..e35ccff2907 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -31,6 +31,9 @@ let # mounting `/`, like `/` on a loopback). fileSystems = filter utils.fsNeededForBoot config.system.build.fileSystems; + # Determine whether zfs-mount(8) is needed. + zfsRequiresMountHelper = any (fs: lib.elem "zfsutil" fs.options) fileSystems; + # A utility for enumerating the shared-library dependencies of a program findLibs = pkgs.buildPackages.writeShellScriptBin "find-libs" '' set -euo pipefail @@ -107,6 +110,22 @@ let copy_bin_and_libs $BIN done + ${optionalString zfsRequiresMountHelper '' + # Filesystems using the "zfsutil" option are mounted regardless of the + # mount.zfs(8) helper, but it is required to ensure that ZFS properties + # are used as mount options. + # + # BusyBox does not use the ZFS helper in the first place. + # util-linux searches /sbin/ as last path for helpers (stage-1-init.sh + # must symlink it to the store PATH). + # Without helper program, both `mount`s silently fails back to internal + # code, using default options and effectively ignore security relevant + # ZFS properties such as `setuid=off` and `exec=off` (unless manually + # duplicated in `fileSystems.*.options`, defeating "zfsutil"'s purpose). + copy_bin_and_libs ${pkgs.util-linux}/bin/mount + copy_bin_and_libs ${pkgs.zfs}/bin/mount.zfs + ''} + # Copy some util-linux stuff. copy_bin_and_libs ${pkgs.util-linux}/sbin/blkid @@ -204,24 +223,29 @@ let # Run patchelf to make the programs refer to the copied libraries. find $out/bin $out/lib -type f | while read i; do - if ! test -L $i; then - nuke-refs -e $out $i - fi + nuke-refs -e $out $i done find $out/bin -type f | while read i; do - if ! test -L $i; then - echo "patching $i..." - patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true - fi + echo "patching $i..." + patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true + done + + find $out/lib -type f \! -name 'ld*.so.?' | while read i; do + echo "patching $i..." + patchelf --set-rpath $out/lib $i done if [ -z "${toString (pkgs.stdenv.hostPlatform != pkgs.stdenv.buildPlatform)}" ]; then # Make sure that the patchelf'ed binaries still work. echo "testing patched programs..." $out/bin/ash -c 'echo hello world' | grep "hello world" - export LD_LIBRARY_PATH=$out/lib - $out/bin/mount --help 2>&1 | grep -q "BusyBox" + ${if zfsRequiresMountHelper then '' + $out/bin/mount -V 1>&1 | grep -q "mount from util-linux" + $out/bin/mount.zfs -h 2>&1 | grep -q "Usage: mount.zfs" + '' else '' + $out/bin/mount --help 2>&1 | grep -q "BusyBox" + ''} $out/bin/blkid -V 2>&1 | grep -q 'libblkid' $out/bin/udevadm --version $out/bin/dmsetup --version 2>&1 | tee -a log | grep -q "version:" @@ -260,8 +284,6 @@ let } '' mkdir -p $out - echo 'ENV{LD_LIBRARY_PATH}="${extraUtils}/lib"' > $out/00-env.rules - cp -v ${udev}/lib/udev/rules.d/60-cdrom_id.rules $out/ cp -v ${udev}/lib/udev/rules.d/60-persistent-storage.rules $out/ cp -v ${udev}/lib/udev/rules.d/75-net-description.rules $out/ diff --git a/nixos/modules/virtualisation/vmware-guest.nix b/nixos/modules/virtualisation/vmware-guest.nix index 3caed746ca9..d468a200872 100644 --- a/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixos/modules/virtualisation/vmware-guest.nix @@ -64,7 +64,6 @@ in environment.etc.vmware-tools.source = "${open-vm-tools}/etc/vmware-tools/*"; services.xserver = mkIf (!cfg.headless) { - videoDrivers = mkOverride 50 [ "vmware" ]; modules = [ xf86inputvmmouse ]; config = '' diff --git a/pkgs/applications/audio/clementine/clementine-spotify-blob.patch b/pkgs/applications/audio/clementine/clementine-spotify-blob.patch deleted file mode 100644 index 344fc31d70d..00000000000 --- a/pkgs/applications/audio/clementine/clementine-spotify-blob.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/internet/spotify/spotifyservice.cpp b/src/internet/spotify/spotifyservice.cpp -index 88c7383..6e0893c 100644 ---- a/src/internet/spotify/spotifyservice.cpp -+++ b/src/internet/spotify/spotifyservice.cpp -@@ -94,7 +94,7 @@ SpotifyService::SpotifyService(Application* app, InternetModel* parent) - system_blob_path_ = QCoreApplication::applicationDirPath() + - "/../PlugIns/clementine-spotifyblob"; - #else -- system_blob_path_ = QCoreApplication::applicationDirPath() + -+ system_blob_path_ = qgetenv("CLEMENTINE_SPOTIFYBLOB") + - "/clementine-spotifyblob" CMAKE_EXECUTABLE_SUFFIX; - #endif - diff --git a/pkgs/applications/audio/clementine/default.nix b/pkgs/applications/audio/clementine/default.nix index aa6c862641a..e3558127a61 100644 --- a/pkgs/applications/audio/clementine/default.nix +++ b/pkgs/applications/audio/clementine/default.nix @@ -23,7 +23,6 @@ , libpulseaudio , gvfs , libcdio -, libspotify , pcre , projectm , protobuf @@ -49,7 +48,8 @@ let withMTP = config.clementine.mtp or true; withCD = config.clementine.cd or true; withCloud = config.clementine.cloud or true; - +in mkDerivation { + pname = "clementine"; version = "unstable-2022-04-11"; src = fetchFromGitHub { @@ -59,10 +59,6 @@ let sha256 = "06fcbs3wig3mh711iypyj49qm5246f7qhvgvv8brqfrd8cqyh6qf"; }; - patches = [ - ./clementine-spotify-blob.patch - ]; - nativeBuildInputs = [ cmake pkg-config @@ -101,6 +97,8 @@ let alsa-lib ] + # gst_plugins needed for setup-hooks + ++ gst_plugins ++ lib.optionals (withIpod) [ libgpod libplist usbmuxd ] ++ lib.optionals (withMTP) [ libmtp ] ++ lib.optionals (withCD) [ libcdio ] @@ -115,74 +113,25 @@ let -e 's,libprotobuf.a,protobuf,g' ''; - free = mkDerivation { - pname = "clementine-free"; - inherit version; - inherit src patches nativeBuildInputs postPatch; + preConfigure = '' + rm -rf ext/{,lib}clementine-spotifyblob + ''; - # gst_plugins needed for setup-hooks - buildInputs = buildInputs ++ gst_plugins; + cmakeFlags = [ + "-DUSE_SYSTEM_PROJECTM=ON" + "-DSPOTIFY_BLOB=OFF" + ]; - preConfigure = '' - rm -rf ext/{,lib}clementine-spotifyblob - ''; + postInstall = '' + wrapProgram $out/bin/clementine \ + --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" + ''; - cmakeFlags = [ - "-DUSE_SYSTEM_PROJECTM=ON" - "-DSPOTIFY_BLOB=OFF" - ]; - - passthru.unfree = unfree; - - postInstall = '' - wrapProgram $out/bin/clementine \ - --prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" - ''; - - meta = with lib; { - homepage = "https://www.clementine-player.org"; - description = "A multiplatform music player"; - license = licenses.gpl3Plus; - platforms = platforms.linux; - maintainers = [ maintainers.ttuegel ]; - }; + meta = with lib; { + homepage = "https://www.clementine-player.org"; + description = "A multiplatform music player"; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = [ maintainers.ttuegel ]; }; - - # Unfree Spotify blob for Clementine - unfree = mkDerivation { - pname = "clementine-blob"; - inherit version; - # Use the same patches and sources as Clementine - inherit src nativeBuildInputs patches postPatch; - - buildInputs = buildInputs ++ [ libspotify ]; - # Only build and install the Spotify blob - preBuild = '' - cd ext/clementine-spotifyblob - ''; - postInstall = '' - mkdir -p $out/libexec/clementine - mv $out/bin/clementine-spotifyblob $out/libexec/clementine - rmdir $out/bin - - makeWrapper ${free}/bin/clementine $out/bin/clementine \ - --set CLEMENTINE_SPOTIFYBLOB $out/libexec/clementine - - mkdir -p $out/share - for dir in applications icons kde4; do - ln -s "${free}/share/$dir" "$out/share/$dir" - done - ''; - - meta = with lib; { - homepage = "https://www.clementine-player.org"; - description = "Spotify integration for Clementine"; - # The blob itself is Apache-licensed, although libspotify is unfree. - license = licenses.asl20; - platforms = platforms.linux; - maintainers = [ maintainers.ttuegel ]; - }; - }; - -in -free +} diff --git a/pkgs/applications/audio/mopidy/default.nix b/pkgs/applications/audio/mopidy/default.nix index 8bf50e72092..facad887962 100644 --- a/pkgs/applications/audio/mopidy/default.nix +++ b/pkgs/applications/audio/mopidy/default.nix @@ -33,10 +33,6 @@ lib.makeScope newScope (self: with self; { mopidy-soundcloud = callPackage ./soundcloud.nix { }; - mopidy-spotify = callPackage ./spotify.nix { }; - - mopidy-spotify-tunigo = callPackage ./spotify-tunigo.nix { }; - mopidy-tunein = callPackage ./tunein.nix { }; mopidy-youtube = callPackage ./youtube.nix { }; diff --git a/pkgs/applications/audio/mopidy/spotify-tunigo.nix b/pkgs/applications/audio/mopidy/spotify-tunigo.nix deleted file mode 100644 index 70d076190cd..00000000000 --- a/pkgs/applications/audio/mopidy/spotify-tunigo.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, fetchFromGitHub, pythonPackages, mopidy, mopidy-spotify }: - -pythonPackages.buildPythonApplication rec { - pname = "mopidy-spotify-tunigo"; - version = "1.0.0"; - - src = fetchFromGitHub { - owner = "trygveaa"; - repo = "mopidy-spotify-tunigo"; - rev = "v${version}"; - sha256 = "1jwk0b2iz4z09qynnhcr07w15lx6i1ra09s9lp48vslqcf2fp36x"; - }; - - propagatedBuildInputs = [ mopidy mopidy-spotify pythonPackages.tunigo ]; - - doCheck = false; - - meta = with lib; { - description = "Mopidy extension for providing the browse feature of Spotify"; - license = licenses.asl20; - maintainers = [ maintainers.spwhitt ]; - }; -} diff --git a/pkgs/applications/audio/mopidy/spotify.nix b/pkgs/applications/audio/mopidy/spotify.nix deleted file mode 100644 index ed68769f665..00000000000 --- a/pkgs/applications/audio/mopidy/spotify.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, fetchFromGitHub, pythonPackages, mopidy }: - -pythonPackages.buildPythonApplication rec { - pname = "mopidy-spotify"; - version = "4.1.1"; - - src = fetchFromGitHub { - owner = "mopidy"; - repo = "mopidy-spotify"; - rev = "v${version}"; - sha256 = "1qsac2yy26cdlsmxd523v8ayacs0s6jj9x79sngwap781i63zqrm"; - }; - - propagatedBuildInputs = [ mopidy pythonPackages.pyspotify ]; - - doCheck = false; - - meta = with lib; { - homepage = "https://www.mopidy.com/"; - description = "Mopidy extension for playing music from Spotify"; - license = licenses.asl20; - maintainers = with maintainers; [ rski ]; - hydraPlatforms = [ ]; - }; -} diff --git a/pkgs/applications/networking/cluster/terraform-providers/providers.json b/pkgs/applications/networking/cluster/terraform-providers/providers.json index 54a3904550b..114ebe445a1 100644 --- a/pkgs/applications/networking/cluster/terraform-providers/providers.json +++ b/pkgs/applications/networking/cluster/terraform-providers/providers.json @@ -49,10 +49,10 @@ "owner": "aliyun", "provider-source-address": "registry.terraform.io/aliyun/alicloud", "repo": "terraform-provider-alicloud", - "rev": "v1.168.0", - "sha256": "sha256-NN4dqEywcoP4tk2J6RfWqoGw+95bIEoxb4YpwPtoTZ0=", - "vendorSha256": "sha256-qZNYfSlUkCu7FudbKF4IOgK1xWM5LqUghclOeGOxYXg=", - "version": "1.168.0" + "rev": "v1.169.0", + "sha256": "sha256-rtQN1l6OMEN/fudg67BFmk/OpwMVxxDM36zks3WvyUM=", + "vendorSha256": "sha256-bSJDPNkO8MQT1/coyHSCWNQ8zudrX+2KNwsASGeKh8s=", + "version": "1.169.0" }, "ansible": { "owner": "nbering", @@ -103,10 +103,10 @@ "owner": "hashicorp", "provider-source-address": "registry.terraform.io/hashicorp/aws", "repo": "terraform-provider-aws", - "rev": "v4.15.1", - "sha256": "sha256-o8yUcjw4X+Vx49hV+0guccueWoHvpxSs+sMsbAoAw9o=", - "vendorSha256": "sha256-l7Fe5hhEvJ5DiZ3t79sZYIt+6eZkjjf7Npmr8p2/e/4=", - "version": "4.15.1" + "rev": "v4.16.0", + "sha256": "sha256-PHm2MR1JDH3RnMqX3FjbjVFNTPD8CX2K7eemJ9ZMiJU=", + "vendorSha256": "sha256-UBOvQexfbSUh/9XKCvOYoMVH+QYLiwcdlZ8mcjy2AKU=", + "version": "4.16.0" }, "azuread": { "owner": "hashicorp", @@ -121,10 +121,10 @@ "owner": "hashicorp", "provider-source-address": "registry.terraform.io/hashicorp/azurerm", "repo": "terraform-provider-azurerm", - "rev": "v3.7.0", - "sha256": "sha256-dvkR2nEtf4HvLTIoa++4PI5oNOPuJzI4obxdI4meKG4=", + "rev": "v3.8.0", + "sha256": "sha256-PqupNzZlcgqld25dFN0GHNM7YJ8zSuZ04cz40dUMv/0=", "vendorSha256": null, - "version": "3.7.0" + "version": "3.8.0" }, "azurestack": { "owner": "hashicorp", @@ -145,22 +145,23 @@ "version": "0.8.0" }, "baiducloud": { + "deleteVendor": true, "owner": "baidubce", "provider-source-address": "registry.terraform.io/baidubce/baiducloud", "repo": "terraform-provider-baiducloud", - "rev": "v1.12.0", - "sha256": "1m7cw08ld073q1dsa7njshps21nc71gsz0kp6qj0p638zqx62xn7", - "vendorSha256": null, - "version": "1.12.0" + "rev": "v1.12.5", + "sha256": "sha256-SR2LYwxeGR9UJLj8+13+UtgXynLquttDGvIIQqxvbcY=", + "vendorSha256": "sha256-pA2dAC8AasWLTlC+SddS4kWT16FqcyBrtdVMV9k/FtE=", + "version": "1.12.5" }, "bigip": { "owner": "F5Networks", "provider-source-address": "registry.terraform.io/F5Networks/bigip", "repo": "terraform-provider-bigip", - "rev": "v1.13.1", - "sha256": "sha256-nNcOHTFJrvvjKAZUsb1IVTp71/Xk5OuSzihPyi08anw=", + "rev": "v1.14.0", + "sha256": "sha256-Z3YqiKGlMrn55ZZsRjuvKAFRNW1G2D2Iczlk42yHk34=", "vendorSha256": null, - "version": "1.13.1" + "version": "1.14.0" }, "bitbucket": { "owner": "DrFaust92", @@ -184,10 +185,10 @@ "owner": "buildkite", "provider-source-address": "registry.terraform.io/buildkite/buildkite", "repo": "terraform-provider-buildkite", - "rev": "v0.9.0", - "sha256": "sha256-k7caRT/9YA198I6K3Qv3UcyQiULpOvJ3Smc816sKHkQ=", + "rev": "v0.11.0", + "sha256": "sha256-BpQpMAecpknI8b1q6XuZPty8I/AUTAwQWm5Y28XJ+G4=", "vendorSha256": "sha256-smBADIbH/t2IUt2w0VQ2BOU6iAuxVRa1yu4C5P2VeIo=", - "version": "0.9.0" + "version": "0.11.0" }, "checkly": { "owner": "checkly", @@ -221,10 +222,10 @@ "owner": "cloudamqp", "provider-source-address": "registry.terraform.io/cloudamqp/cloudamqp", "repo": "terraform-provider-cloudamqp", - "rev": "v1.16.0", - "sha256": "sha256-swE4Nr1cQzNQOq8q6o0nZhhYRtgAwTfx6Epm76Jjjqg=", - "vendorSha256": "sha256-oPeldPn30uS5Yl6IfXVPy2R7/wsAdZsEbbhVnVHQVwk=", - "version": "1.16.0" + "rev": "v1.17.2", + "sha256": "sha256-/17CEejRGgLAJfAt4bOijpNVZhR2Tt9sXxBcfcC8EDQ=", + "vendorSha256": "sha256-tPYbkQz7he5V5+z3Swt9ch9Sdr1xqgbpDHasd4xB1B8=", + "version": "1.17.2" }, "cloudflare": { "owner": "cloudflare", @@ -294,10 +295,10 @@ "owner": "DataDog", "provider-source-address": "registry.terraform.io/DataDog/datadog", "repo": "terraform-provider-datadog", - "rev": "v3.11.0", - "sha256": "sha256-9ugNj/D6VPaERckV0cCPlBjNtzS9tLJj+rc/8MhxCVU=", - "vendorSha256": "sha256-XxOOOljx+p4onI6SF8UY+gy7x7G2pduEqODT1UX4zfg=", - "version": "3.11.0" + "rev": "v3.12.0", + "sha256": "sha256-17VtO+dHYMVvbG8cOVRx5qKPvmOoUGkNUl4aHrdsemQ=", + "vendorSha256": "sha256-Od80m/RsxUQpyalF4jN1Hv6/+kVwYEmqeJyiTbEwC2g=", + "version": "3.12.0" }, "dhall": { "owner": "awakesecurity", @@ -312,10 +313,10 @@ "owner": "digitalocean", "provider-source-address": "registry.terraform.io/digitalocean/digitalocean", "repo": "terraform-provider-digitalocean", - "rev": "v2.19.0", - "sha256": "sha256-I1BcBsl9liyg9XVd30q6Un+B8km7dpLhLMn1Vgn21dk=", + "rev": "v2.20.0", + "sha256": "sha256-1RgQgxGORVvXovx4Ovm5SUsGgMD7CJjgHsgzw+bO8U4=", "vendorSha256": null, - "version": "2.19.0" + "version": "2.20.0" }, "dme": { "owner": "DNSMadeEasy", @@ -375,10 +376,10 @@ "owner": "exoscale", "provider-source-address": "registry.terraform.io/exoscale/exoscale", "repo": "terraform-provider-exoscale", - "rev": "v0.35.0", - "sha256": "sha256-iIClnbCldGnihpML9xF0kyR4viXZzAsTF8MFT53wg+A=", + "rev": "v0.36.0", + "sha256": "sha256-cziPxZrvmv3Lpqn2kCwy8DGwOhQCTPcHZg22hYSBW0A=", "vendorSha256": null, - "version": "0.35.0" + "version": "0.36.0" }, "external": { "owner": "hashicorp", @@ -429,39 +430,39 @@ "owner": "integrations", "provider-source-address": "registry.terraform.io/integrations/github", "repo": "terraform-provider-github", - "rev": "v4.25.0", - "sha256": "sha256-9sZYg/gpCq2qpUhhFQjLVZLlNnYWaCz5K4/+TvCD/qk=", + "rev": "v4.26.0", + "sha256": "sha256-VH5AFT0wDFZ9MJtv+/KlcXD43Tg3QuDHI3vOw6qQoOU=", "vendorSha256": null, - "version": "4.25.0" + "version": "4.26.0" }, "gitlab": { "owner": "gitlabhq", "provider-source-address": "registry.terraform.io/gitlabhq/gitlab", "repo": "terraform-provider-gitlab", - "rev": "v3.14.0", - "sha256": "sha256-KUlFEVeST/ujerpkjHYzdROwkFD4ASx0juHOKWKM14o=", - "vendorSha256": "sha256-M03+MK7YB3IPHA/w+yrO6YohPzknCmhguO5b25qzDzw=", - "version": "3.14.0" + "rev": "v3.15.0", + "sha256": "sha256-UF0yhgynqgW9dnVae19yaDqPsmanyGOgmwU9YaTTYMo=", + "vendorSha256": "sha256-wstFJ0eOIutyexhEvxvdUCAMOW+bPZnc+Ec9C4T5BuI=", + "version": "3.15.0" }, "google": { "owner": "hashicorp", "provider-source-address": "registry.terraform.io/hashicorp/google", "proxyVendor": true, "repo": "terraform-provider-google", - "rev": "v4.21.0", - "sha256": "sha256-xintCclIhM2FqmbYoWTPGq/twkUH3M2ebc/b0SZ/hXY=", - "vendorSha256": "sha256-B3JiVeCzeCtsAvQiHayZY3pahN4bwizE6d99Qw2VYK8=", - "version": "4.21.0" + "rev": "v4.22.0", + "sha256": "sha256-L85rh/UNXBO64VBJUNePMrAgTAKJMghH9LeQgYNhuqg=", + "vendorSha256": "sha256-wc+B0PPgq+m/Kxkaappf8jiLhm3ch8yP+KqGzzlmwFI=", + "version": "4.22.0" }, "google-beta": { "owner": "hashicorp", "provider-source-address": "registry.terraform.io/hashicorp/google-beta", "proxyVendor": true, "repo": "terraform-provider-google-beta", - "rev": "v4.21.0", - "sha256": "sha256-3oViGAFwUTBC4tMUlnjUDHdmk+sxtCeVZNbYGGwHhwU=", - "vendorSha256": "sha256-B3JiVeCzeCtsAvQiHayZY3pahN4bwizE6d99Qw2VYK8=", - "version": "4.21.0" + "rev": "v4.22.0", + "sha256": "sha256-D21cdG3dPNOJjGS+x4Yb2cwsmzrwnkg0ByQGRjuMZcI=", + "vendorSha256": "sha256-wc+B0PPgq+m/Kxkaappf8jiLhm3ch8yP+KqGzzlmwFI=", + "version": "4.22.0" }, "googleworkspace": { "owner": "hashicorp", @@ -476,10 +477,10 @@ "owner": "grafana", "provider-source-address": "registry.terraform.io/grafana/grafana", "repo": "terraform-provider-grafana", - "rev": "v1.22.0", - "sha256": "sha256-0OkFf2YiwJHwXheYkN1HA1DG5vadyhZOzVjmu0BNDHI=", - "vendorSha256": "sha256-Pd4cSmDzRhu8MD2osXg6mVYiKG2VM6MQ67aC6jDy59U=", - "version": "1.22.0" + "rev": "v1.23.0", + "sha256": "sha256-5cOl+HmMKcEA8MOjopH1h8BGuI2wa8QWHUNs3JoFFP0=", + "vendorSha256": "sha256-nnJNYi16nqddMQRCXy9TzsRFGsPOPCF0cWmCDB2m5xM=", + "version": "1.23.0" }, "gridscale": { "owner": "gridscale", @@ -692,10 +693,10 @@ "owner": "logicmonitor", "provider-source-address": "registry.terraform.io/logicmonitor/logicmonitor", "repo": "terraform-provider-logicmonitor", - "rev": "v2.0.1", - "sha256": "sha256-LW88NTWwzGrpOpliVqc1AOjxaZ4p/8gq9twEpjY3FzE=", + "rev": "v2.0.2", + "sha256": "sha256-F22tBNnH8dvSjrd0Wx+bAfiiQ9emJjHGXn3x4mQKH5E=", "vendorSha256": null, - "version": "2.0.1" + "version": "2.0.2" }, "lxd": { "owner": "terraform-lxd", @@ -782,10 +783,10 @@ "owner": "newrelic", "provider-source-address": "registry.terraform.io/newrelic/newrelic", "repo": "terraform-provider-newrelic", - "rev": "v2.45.1", - "sha256": "sha256-KA4uvhK54JgzjAeIMvlLWQjul8ZZFbvmXyQTqOonxYY=", - "vendorSha256": "sha256-8nEbs5lDpXZ49QkIC1oRxZm+gVGx9xqDHe6jK8wWOA8=", - "version": "2.45.1" + "rev": "v2.46.1", + "sha256": "sha256-XWCvgBIFOY9fX+WwCoPalHDmFozAm2LPL+R+znDs1XA=", + "vendorSha256": "sha256-bRegJiWC3NvFBEEOAnSbZBT71W0Yeor+bmtXf7lLr78=", + "version": "2.46.1" }, "nomad": { "owner": "hashicorp", @@ -800,10 +801,10 @@ "owner": "ns1-terraform", "provider-source-address": "registry.terraform.io/ns1-terraform/ns1", "repo": "terraform-provider-ns1", - "rev": "v1.12.6", - "sha256": "sha256-nP951YipGzsweJvV2PE0UlWGP+cAM6s18F5MCcxTxeo=", + "rev": "v1.12.7", + "sha256": "sha256-pzFfU/fs+c0AjY63CmKeKEKrnf+PF1cfG5P4euFY4ns=", "vendorSha256": "sha256-MaJHCxvD9BM5G8wJbSo06+TIPvJTlXzQ+l9Kdbg0QQw=", - "version": "1.12.6" + "version": "1.12.7" }, "nsxt": { "owner": "vmware", @@ -837,19 +838,19 @@ "owner": "oracle", "provider-source-address": "registry.terraform.io/oracle/oci", "repo": "terraform-provider-oci", - "rev": "v4.76.0", - "sha256": "sha256-sJ837jK/iYOC3dPFHoix1fiiSFMCNSqYEus9VlhXqMg=", + "rev": "v4.77.0", + "sha256": "sha256-FUCqNugAdJtTv7HtPH8ji56423iyWYPnDVGtOgJWatg=", "vendorSha256": null, - "version": "4.76.0" + "version": "4.77.0" }, "okta": { "owner": "okta", "provider-source-address": "registry.terraform.io/okta/okta", "repo": "terraform-provider-okta", - "rev": "v3.27.0", - "sha256": "sha256-DDNq4Yvx45ynNePg8bW8tQ6LuyvUfudxY+M88+pIXMQ=", - "vendorSha256": "sha256-but/2CF3OW2aefUIy5XnDvhtXYqfCkHIrS1EDQoD9jM=", - "version": "3.27.0" + "rev": "v3.28.0", + "sha256": "sha256-1lTmXcBdCwQFDyO6ABByGl1klvTU8r6DpOrCX0l/aTU=", + "vendorSha256": "sha256-uI+C8LFw+R0np2dN1aUbcR2shVNhg6fiBICr0aWyngY=", + "version": "3.28.0" }, "oktaasa": { "owner": "oktadeveloper", @@ -882,10 +883,10 @@ "owner": "opentelekomcloud", "provider-source-address": "registry.terraform.io/opentelekomcloud/opentelekomcloud", "repo": "terraform-provider-opentelekomcloud", - "rev": "v1.29.3", - "sha256": "sha256-rFaryW9yibw5whTYOb7kDF45l5NI9bdZvVQezIqudE8=", - "vendorSha256": "sha256-FOcddb1+uG5avqYZMvzR1UXDvtDDwtxBzf7FsN6ZROM=", - "version": "1.29.3" + "rev": "v1.29.4", + "sha256": "sha256-ZsrCmg/7Flef8tU7ZTI+MnorJbafnY63mf1/anxwMaQ=", + "vendorSha256": "sha256-jxtkF3VXrsfF/Dpp7mDz+3XYootoxQX3YSp9bX7j6Cg=", + "version": "1.29.4" }, "opsgenie": { "owner": "opsgenie", @@ -963,10 +964,10 @@ "owner": "rancher", "provider-source-address": "registry.terraform.io/rancher/rancher2", "repo": "terraform-provider-rancher2", - "rev": "v1.23.0", - "sha256": "sha256-GmesO28YUaaBBTr+hbn8OxDf4oABQFEw8wPzA9LtFyM=", - "vendorSha256": "sha256-kTPL/db/wBzLWaqib6WQPokuuT2bcDyBgEvfm8xjhuw=", - "version": "1.23.0" + "rev": "v1.24.0", + "sha256": "sha256-rNoz34ogNcthKBO26OL4TkIOyD95amPT2ByC6afqV1w=", + "vendorSha256": "sha256-cSf/peZBChjrElkwAK4eoczll1fyDvfnxm16wF/pqTs=", + "version": "1.24.0" }, "random": { "owner": "hashicorp", @@ -1017,10 +1018,10 @@ "owner": "jianyuan", "provider-source-address": "registry.terraform.io/jianyuan/sentry", "repo": "terraform-provider-sentry", - "rev": "v0.7.0", - "sha256": "09rxgq4m28nhwg6y51m5sq3d12lx7r1q3k76zrd5gpbxagqhvhkr", - "vendorSha256": "1wh2nf5q69j1p568c0q5yhlkd8ij3r8jg2769qy51wsj3bbv0wcj", - "version": "0.7.0" + "rev": "v0.8.0", + "sha256": "sha256-3PTM3GOImwO/yqzR6tOuwU0f+74DfK4RQSBY0vmH3qs=", + "vendorSha256": "sha256-naMuvrVIJp82NIFoR1oEEN6cZFqG4craDh8YU3+NSf0=", + "version": "0.8.0" }, "shell": { "owner": "scottwinkler", @@ -1071,10 +1072,10 @@ "owner": "spotinst", "provider-source-address": "registry.terraform.io/spotinst/spotinst", "repo": "terraform-provider-spotinst", - "rev": "v1.74.0", - "sha256": "sha256-wdhpkQM7J4WO4nN+0R8XfgbuusK0zDzSDy/DyOB8GcI=", - "vendorSha256": "sha256-OT5YuAlZNRCvwvZpCrhtKj4YiosEuHrTLQkWFYuKZrw=", - "version": "1.74.0" + "rev": "v1.75.0", + "sha256": "sha256-4MQVttAyt6o0fFKOLFnMlBS6iN51LdaM5ajEnpDmQXE=", + "vendorSha256": "sha256-oTtu/h7Fu+UtjQeOmxnHQr39dUIpsFST8zkejyuN3ig=", + "version": "1.75.0" }, "stackpath": { "owner": "stackpath", @@ -1261,10 +1262,10 @@ "owner": "vmware", "provider-source-address": "registry.terraform.io/vmware/wavefront", "repo": "terraform-provider-wavefront", - "rev": "v3.0.2", - "sha256": "sha256-HCo6Hw724kQrPOCHoyByThq7L5NIZ/0AHmnQD27RUFA=", - "vendorSha256": "sha256-PdSW3tyQUWbBiaM9U3NsqX/j4fMw9ZmjEDdyjxmRfD0=", - "version": "3.0.2" + "rev": "v3.1.0", + "sha256": "sha256-Q9ikBBlqprdu4BheItrWBoWqODgMXLgbtSg9RHtejBE=", + "vendorSha256": "sha256-sUzlDapp1smQ4lbgvsz22y3/fGkfJdHBlK7HNfihYpI=", + "version": "3.1.0" }, "yandex": { "owner": "yandex-cloud", diff --git a/pkgs/applications/networking/cluster/terraform-providers/update-provider b/pkgs/applications/networking/cluster/terraform-providers/update-provider index fb506cefbe0..482da6a6027 100755 --- a/pkgs/applications/networking/cluster/terraform-providers/update-provider +++ b/pkgs/applications/networking/cluster/terraform-providers/update-provider @@ -129,7 +129,7 @@ if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && $ echo_provider "already at version ${version}" exit fi -if [[ ${version} =~ (alpha|beta|pre) && ${force} != 1 ]]; then +if [[ ${version} =~ [[:alpha:]] && ${force} != 1 ]]; then echo_provider "not updating to unstable version ${version}" exit fi diff --git a/pkgs/applications/networking/gopher/geomyidae/default.nix b/pkgs/applications/networking/gopher/geomyidae/default.nix new file mode 100644 index 00000000000..c9aa26ad987 --- /dev/null +++ b/pkgs/applications/networking/gopher/geomyidae/default.nix @@ -0,0 +1,24 @@ +{ lib, stdenv, fetchurl, libressl, +}: + +stdenv.mkDerivation rec { + pname = "geomyidae"; + version = "0.50.1"; + + src = fetchurl { + url = "gopher://bitreich.org/9/scm/geomyidae/tag/geomyidae-v${version}.tar.gz"; + sha512 = "2a71b12f51c2ef8d6e791089f9eea49eb90a36be45b874d4234eba1e673186be945711be1f92508190f5c0a6f502f132c4b7cb82caf805a39a3f31903032ac47"; + }; + + buildInputs = [ libressl ]; + + makeFlags = [ "PREFIX=${placeholder "out"}" ]; + + meta = with lib; { + description = "A gopher daemon for Linux/BSD"; + homepage = "gopher://bitreich.org/1/scm/geomyidae"; + license = licenses.mit; + maintainers = [ maintainers.athas ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/applications/networking/instant-messengers/gajim/default.nix b/pkgs/applications/networking/instant-messengers/gajim/default.nix index 24b65db364d..3f26cfc4f6d 100644 --- a/pkgs/applications/networking/instant-messengers/gajim/default.nix +++ b/pkgs/applications/networking/instant-messengers/gajim/default.nix @@ -22,11 +22,11 @@ python3.pkgs.buildPythonApplication rec { pname = "gajim"; - version = "1.4.1"; + version = "1.4.2"; src = fetchurl { url = "https://gajim.org/downloads/${lib.versions.majorMinor version}/gajim-${version}.tar.gz"; - sha256 = "sha256:0mbx7s1d2xgk7bkhwqcdss6ynshkqdiwh3qgv7d45frb4c3k33l2"; + sha256 = "sha256:151lbz9092z8r2yva5039g867chcid3n804jk7hjawrd9vnw81az"; }; buildInputs = [ diff --git a/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix b/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix index 03788d94378..111aa6bfefa 100644 --- a/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix +++ b/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix @@ -28,11 +28,11 @@ stdenv.mkDerivation rec { pname = "gnome-remote-desktop"; - version = "42.1.1"; + version = "42.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - hash = "sha256-pEZqYsL+7GLn9XLwkpxY24iyXWCVuv5LFZHpnPqaDuY="; + hash = "sha256-wcy82MpwN+9ttz9r8rXdOKM2t9gKKpyY32/4g4eP+dU="; }; nativeBuildInputs = [ diff --git a/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix b/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix index 2815c3d53ea..5ec1df8fe9c 100644 --- a/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix +++ b/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix @@ -13,11 +13,11 @@ stdenv.mkDerivation rec { pname = "gnome-shell-extensions"; - version = "42.1"; + version = "42.2"; src = fetchurl { url = "mirror://gnome/sources/gnome-shell-extensions/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "LYjv61d+2viqrkMcd5um5uuWHuvd8FzKLsyhqgTbekA="; + sha256 = "ZXGEQKocLxe7CSIv+AJpn2Qf1RJ5Ih8EyxkZOWjsCzA="; }; patches = [ diff --git a/pkgs/desktops/gnome/core/gnome-shell/default.nix b/pkgs/desktops/gnome/core/gnome-shell/default.nix index e3b8d6c344d..d422fd85677 100644 --- a/pkgs/desktops/gnome/core/gnome-shell/default.nix +++ b/pkgs/desktops/gnome/core/gnome-shell/default.nix @@ -67,13 +67,13 @@ let in stdenv.mkDerivation rec { pname = "gnome-shell"; - version = "42.1"; + version = "42.2"; outputs = [ "out" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/gnome-shell/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "9e6KYVj6EiYnQScmy4gATn4tBGrcMiFQViROWbdAY+o="; + sha256 = "Z+sTzRdeIDGoOMzqkukDdK4OnMumFoP7rNZ/9q/dWQ4="; }; patches = [ diff --git a/pkgs/desktops/gnome/core/mutter/default.nix b/pkgs/desktops/gnome/core/mutter/default.nix index 205f0467b14..c30ca2b4576 100644 --- a/pkgs/desktops/gnome/core/mutter/default.nix +++ b/pkgs/desktops/gnome/core/mutter/default.nix @@ -46,13 +46,13 @@ let self = stdenv.mkDerivation rec { pname = "mutter"; - version = "42.1"; + version = "42.2"; outputs = [ "out" "dev" "man" ]; src = fetchurl { url = "mirror://gnome/sources/mutter/${lib.versions.major version}/${pname}-${version}.tar.xz"; - sha256 = "cZQhi/7EW5o+/avOb4RQ7Uw5dyIaHqQBTC5Fii/poVQ="; + sha256 = "vTDXi+fRcAE6CovMg3zsXubETXcP8AZ03N/CizQms0w="; }; patches = [ diff --git a/pkgs/development/compilers/blueprint/default.nix b/pkgs/development/compilers/blueprint/default.nix new file mode 100644 index 00000000000..9aa1893effe --- /dev/null +++ b/pkgs/development/compilers/blueprint/default.nix @@ -0,0 +1,51 @@ +{ python3 +, stdenv +, fetchFromGitLab +, gobject-introspection +, lib +, meson +, ninja +}: + +stdenv.mkDerivation rec { + pname = "blueprint-compiler"; + version = "unstable-2022-05-27"; + + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; + owner = "jwestman"; + repo = pname; + rev = "cebd9ecadc53790cd547392899589dd5de0ac552"; + sha256 = "sha256-mNR0ooJSRBIXy2E4avXYEdO1aSST+j41TsVg8+kitwo="; + }; + + # Requires pythonfuzz, which I've found difficult to package + doCheck = false; + + nativeBuildInputs = [ + meson + ninja + python3.pkgs.wrapPython + ]; + + buildInputs = [ + python3 + ]; + + propagatedBuildInputs = [ + # So that the compiler can find GIR and .ui files + gobject-introspection + ]; + + postFixup = '' + wrapPythonPrograms + ''; + + meta = with lib; { + description = "A markup language for GTK user interface files"; + homepage = "https://gitlab.gnome.org/jwestman/blueprint-compiler"; + license = licenses.lgpl3Plus; + maintainers = [ maintainers.ranfdev ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/libraries/liblouis/default.nix b/pkgs/development/libraries/liblouis/default.nix index 893704ddb18..6f630eedf5b 100644 --- a/pkgs/development/libraries/liblouis/default.nix +++ b/pkgs/development/libraries/liblouis/default.nix @@ -1,5 +1,7 @@ { fetchFromGitHub -, lib, stdenv +, lib +, stdenv +, fetchpatch , autoreconfHook , pkg-config , gettext @@ -21,6 +23,14 @@ stdenv.mkDerivation rec { sha256 = "sha256-Hfn0dfXihtUfO3R+qJaetrPwupcIwblvi1DQdHCF1s8="; }; + patches = [ + (fetchpatch { + name = "parenthesize-memcpy-calls-clang.patch"; + url = "https://github.com/liblouis/liblouis/commit/528f38938e9f539a251d9de92ad1c1b90401c4d0.patch"; + sha256 = "0hlhqsvd5wflg70bd7bmssnchk8znzbr93in0zpspzbyap6xz112"; + }) + ]; + outputs = [ "out" "dev" "man" "info" "doc" ]; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libspotify/default.nix b/pkgs/development/libraries/libspotify/default.nix deleted file mode 100644 index d9be4a2964f..00000000000 --- a/pkgs/development/libraries/libspotify/default.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ lib, stdenv, fetchurl, libspotify, alsa-lib, readline, pkg-config, apiKey ? null, unzip, gnused }: - -let - version = "12.1.51"; - isLinux = (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "i686-linux"); -in - -if (stdenv.hostPlatform.system != "x86_64-linux" && stdenv.hostPlatform.system != "x86_64-darwin" && stdenv.hostPlatform.system != "i686-linux") -then throw "Check https://developer.spotify.com/technologies/libspotify/ for a tarball for your system and add it here" -else stdenv.mkDerivation { - pname = "libspotify"; - inherit version; - - src = - if stdenv.hostPlatform.system == "x86_64-linux" then - fetchurl { - url = "https://developer.spotify.com/download/libspotify/libspotify-${version}-Linux-x86_64-release.tar.gz"; - sha256 = "0n0h94i4xg46hfba95n3ypah93crwb80bhgsg00f6sms683lx8a3"; - } - else if stdenv.hostPlatform.system == "x86_64-darwin" then - fetchurl { - url = "https://developer.spotify.com/download/libspotify/libspotify-${version}-Darwin-universal.zip"; - sha256 = "1gcgrc8arim3hnszcc886lmcdb4iigc08abkaa02l6gng43ky1c0"; - } - else if stdenv.hostPlatform.system == "i686-linux" then - fetchurl { - url = "https://developer.spotify.com/download/libspotify/libspotify-${version}-Linux-i686-release.tar.gz"; - sha256 = "1bjmn64gbr4p9irq426yap4ipq9rb84zsyhjjr7frmmw22xb86ll"; - } - else - null; - - dontBuild = true; - - installPhase = if (isLinux) - then "installPhase" - else '' - mkdir -p "$out"/include/libspotify - mv -v libspotify.framework/Versions/Current/Headers/api.h \ - "$out"/include/libspotify - mkdir -p "$out"/lib - mv -v libspotify.framework/Versions/Current/libspotify \ - "$out"/lib/libspotify.dylib - mkdir -p "$out"/share/man - mv -v man3 "$out"/share/man - ''; - - - # darwin-specific - nativeBuildInputs = lib.optional (stdenv.hostPlatform.system == "x86_64-darwin") unzip; - - # linux-specific - installFlags = lib.optional isLinux - "prefix=$(out)"; - patchPhase = lib.optionalString isLinux - "${gnused}/bin/sed -i 's/ldconfig//' Makefile"; - postInstall = lib.optionalString isLinux - "mv -v share $out"; - - passthru = { - samples = if apiKey == null - then throw '' - Please visit ${libspotify.meta.homepage} to get an api key then set config.libspotify.apiKey accordingly - '' else stdenv.mkDerivation { - pname = "libspotify-samples"; - inherit version; - src = libspotify.src; - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libspotify readline ] - ++ lib.optional (!stdenv.isDarwin) alsa-lib; - postUnpack = "sourceRoot=$sourceRoot/share/doc/libspotify/examples"; - patchPhase = "cp ${apiKey} appkey.c"; - installPhase = '' - mkdir -p $out/bin - install -m 755 jukebox/jukebox $out/bin - install -m 755 spshell/spshell $out/bin - install -m 755 localfiles/posix_stu $out/bin - ''; - meta = libspotify.meta // { description = "Spotify API library samples"; }; - }; - - inherit apiKey; - }; - - meta = with lib; { - description = "Spotify API library"; - homepage = "https://developer.spotify.com/technologies/libspotify"; - maintainers = with maintainers; [ lovek323 ]; - license = licenses.unfree; - }; -} diff --git a/pkgs/development/python-modules/brother/default.nix b/pkgs/development/python-modules/brother/default.nix index 551dffa6541..7dbab50b63b 100644 --- a/pkgs/development/python-modules/brother/default.nix +++ b/pkgs/development/python-modules/brother/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "brother"; - version = "1.2.2"; + version = "1.2.3"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -19,7 +19,7 @@ buildPythonPackage rec { owner = "bieniu"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-pxFp/CSoskAx6DdZlkBRvocUJ5Kt5ymPwxpLhT743uE="; + hash = "sha256-+o6hv63u6FBEu57mD02lss0LQPwgBnXsP8CKQ+/74/Q="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/celery/default.nix b/pkgs/development/python-modules/celery/default.nix index dd08fda6b1c..a005d0cfbfb 100644 --- a/pkgs/development/python-modules/celery/default.nix +++ b/pkgs/development/python-modules/celery/default.nix @@ -57,11 +57,6 @@ buildPythonPackage rec { pytestCheckHook ]; - postPatch = '' - substituteInPlace requirements/default.txt \ - --replace "setuptools>=59.1.1,<59.7.0" "setuptools" - ''; - disabledTestPaths = [ # test_eventlet touches network "t/unit/concurrency/test_eventlet.py" diff --git a/pkgs/development/python-modules/codespell/default.nix b/pkgs/development/python-modules/codespell/default.nix index d9b64cb8399..95b64dda4b2 100644 --- a/pkgs/development/python-modules/codespell/default.nix +++ b/pkgs/development/python-modules/codespell/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonApplication, fetchFromGitHub, pytestCheckHook, pytest-cov, pytest-dependency, aspell-python, aspellDicts, chardet }: +{ lib, buildPythonApplication, fetchFromGitHub, pytestCheckHook, pytest-dependency, aspell-python, aspellDicts, chardet }: buildPythonApplication rec { pname = "codespell"; @@ -11,7 +11,13 @@ buildPythonApplication rec { sha256 = "sha256-BhYVztSr2MalILEcOcvMl07CObYa73o3kW8S/idqAO8="; }; - checkInputs = [ aspell-python chardet pytestCheckHook pytest-cov pytest-dependency ]; + postPatch = '' + substituteInPlace setup.cfg \ + --replace "--cov=codespell_lib" "" \ + --replace "--cov-report=" "" + ''; + + checkInputs = [ aspell-python chardet pytestCheckHook pytest-dependency ]; preCheck = '' export ASPELL_CONF="dict-dir ${aspellDicts.en}/lib/aspell" diff --git a/pkgs/development/python-modules/coqui-trainer/default.nix b/pkgs/development/python-modules/coqui-trainer/default.nix index 3c447db0a0e..62d49d2aba0 100644 --- a/pkgs/development/python-modules/coqui-trainer/default.nix +++ b/pkgs/development/python-modules/coqui-trainer/default.nix @@ -15,7 +15,7 @@ let pname = "coqui-trainer"; - version = "0.0.5"; + version = "0.0.11"; in buildPythonPackage { inherit pname version; @@ -27,7 +27,7 @@ buildPythonPackage { owner = "coqui-ai"; repo = "Trainer"; rev = "v${version}"; - hash = "sha256-NsgCh+N2qWmRkTOjXqisVCP5aInH2zcNz6lsnIfVLiY="; + hash = "sha256-ujuQ9l6NOpDb2TdQbRcOM+j91RfbE8wCL9C0PID8g8Q="; }; patches = [ diff --git a/pkgs/development/python-modules/elasticsearch-dsl/default.nix b/pkgs/development/python-modules/elasticsearch-dsl/default.nix index 5f55a3ac473..2fe746ea7f3 100644 --- a/pkgs/development/python-modules/elasticsearch-dsl/default.nix +++ b/pkgs/development/python-modules/elasticsearch-dsl/default.nix @@ -1,9 +1,7 @@ { lib , buildPythonPackage , fetchPypi -, isPy3k , elasticsearch -, ipaddress , python-dateutil , six }: @@ -17,8 +15,7 @@ buildPythonPackage rec { sha256 = "c4a7b93882918a413b63bed54018a1685d7410ffd8facbc860ee7fd57f214a6d"; }; - propagatedBuildInputs = [ elasticsearch python-dateutil six ] - ++ lib.optional (!isPy3k) ipaddress; + propagatedBuildInputs = [ elasticsearch python-dateutil six ]; # ImportError: No module named test_elasticsearch_dsl # Tests require a local instance of elasticsearch diff --git a/pkgs/development/python-modules/fake_factory/default.nix b/pkgs/development/python-modules/fake_factory/default.nix deleted file mode 100644 index 002df15177b..00000000000 --- a/pkgs/development/python-modules/fake_factory/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, python -, six -, python-dateutil -, ipaddress -, mock -}: - -buildPythonPackage rec { - pname = "fake-factory"; - version = "9999.9.9"; - - src = fetchPypi { - inherit pname version; - sha256 = "f5bd18deb22ad8cb4402513c025877bc6b50de58902d686b6b21ba8981dce260"; - }; - - propagatedBuildInputs = [ six python-dateutil ipaddress mock ]; - - # fake-factory is depreciated and single test will always fail - doCheck = false; - - checkPhase = '' - ${python.interpreter} -m unittest faker.tests - ''; - - meta = with lib; { - description = "A Python package that generates fake data for you"; - homepage = "https://pypi.python.org/pypi/fake-factory"; - license = licenses.mit; - maintainers = with maintainers; [ lovek323 ]; - platforms = platforms.unix; - }; - -} diff --git a/pkgs/development/python-modules/flask-httpauth/default.nix b/pkgs/development/python-modules/flask-httpauth/default.nix index fb313faff23..9c57881f4b2 100644 --- a/pkgs/development/python-modules/flask-httpauth/default.nix +++ b/pkgs/development/python-modules/flask-httpauth/default.nix @@ -2,14 +2,14 @@ buildPythonPackage rec { pname = "flask-httpauth"; - version = "4.6.0"; + version = "4.7.0"; disabled = python.pythonOlder "3"; src = fetchPypi { pname = "Flask-HTTPAuth"; version = version; - sha256 = "sha256-IHbPhuhMaqRC7gM0S/91Hq4TPTWhpIkx5vmfFHFhtVs="; + sha256 = "sha256-9xmee60g1baLPwtivd/KdjfFUIfp0C9gWuJuDeR5/ZQ="; }; checkInputs = [ pytestCheckHook ]; diff --git a/pkgs/development/python-modules/geoip2/default.nix b/pkgs/development/python-modules/geoip2/default.nix index 2a626c9c9ea..c5e9a01db53 100644 --- a/pkgs/development/python-modules/geoip2/default.nix +++ b/pkgs/development/python-modules/geoip2/default.nix @@ -4,6 +4,7 @@ , mocket , requests , requests-mock +, urllib3 , pytestCheckHook }: @@ -21,7 +22,7 @@ buildPythonPackage rec { substituteInPlace requirements.txt --replace "requests>=2.24.0,<3.0.0" "requests" ''; - propagatedBuildInputs = [ aiohttp requests maxminddb ]; + propagatedBuildInputs = [ aiohttp maxminddb requests urllib3 ]; checkInputs = [ mocket @@ -32,7 +33,7 @@ buildPythonPackage rec { pythonImportsCheck = [ "geoip2" ]; meta = with lib; { - description = "Python client for GeoIP2 webservice client and database reader"; + description = "GeoIP2 webservice client and database reader"; homepage = "https://github.com/maxmind/GeoIP2-python"; license = licenses.asl20; maintainers = with maintainers; [ ]; diff --git a/pkgs/development/python-modules/gpsoauth/default.nix b/pkgs/development/python-modules/gpsoauth/default.nix index 20d2e51e922..bf76347c9d0 100644 --- a/pkgs/development/python-modules/gpsoauth/default.nix +++ b/pkgs/development/python-modules/gpsoauth/default.nix @@ -1,41 +1,33 @@ { lib , buildPythonPackage , fetchPypi -, cffi -, cryptography -, enum34 -, idna -, ipaddress -, ndg-httpsclient -, pyopenssl -, pyasn1 -, pycparser , pycryptodomex +, pythonOlder , requests -, six }: buildPythonPackage rec { version = "1.0.0"; pname = "gpsoauth"; + disabled = pythonOlder "3.8"; + src = fetchPypi { inherit pname version; sha256 = "1c4d6a980625b8ab6f6f1cf3e30d9b10a6c61ababb2b60bfe4870649e9c82be0"; }; - propagatedBuildInputs = [ cffi cryptography enum34 idna ipaddress ndg-httpsclient pyopenssl pyasn1 pycparser pycryptodomex requests six ]; + propagatedBuildInputs = [ pycryptodomex requests ]; - # no tests executed + # upstream tests are not very comprehensive doCheck = false; pythonImportsCheck = [ "gpsoauth" ]; meta = with lib; { - description = "A python client library for Google Play Services OAuth"; + description = "Library for Google Play Services OAuth"; homepage = "https://github.com/simon-weber/gpsoauth"; license = licenses.mit; maintainers = with maintainers; [ jgillich ]; }; - } diff --git a/pkgs/development/python-modules/hahomematic/default.nix b/pkgs/development/python-modules/hahomematic/default.nix index a815625bf6e..3d4af789a85 100644 --- a/pkgs/development/python-modules/hahomematic/default.nix +++ b/pkgs/development/python-modules/hahomematic/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "hahomematic"; - version = "1.5.4"; + version = "1.6.1"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "danielperna84"; repo = pname; rev = "refs/tags/${version}"; - sha256 = "sha256-V9wQXXPeoplxVcFDIhQcJFnKkewwDEaoQfTsQ7IyjOU="; + sha256 = "sha256-/v0om2SbikNpMCvJhwIGlWSiZilhnJi7qj8SCV+zHCU="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/kubernetes/default.nix b/pkgs/development/python-modules/kubernetes/default.nix index 61333cc52bd..bba71224cfd 100644 --- a/pkgs/development/python-modules/kubernetes/default.nix +++ b/pkgs/development/python-modules/kubernetes/default.nix @@ -12,6 +12,8 @@ , pyyaml , requests , requests-oauthlib +, setuptools +, six , urllib3 , websocket-client @@ -22,7 +24,7 @@ buildPythonPackage rec { pname = "kubernetes"; - version = "20.13.0"; + version = "23.6.0"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -31,8 +33,7 @@ buildPythonPackage rec { owner = "kubernetes-client"; repo = "python"; rev = "v${version}"; - sha256 = "sha256-zZb5jEQEluY1dfa7UegW+P7MV86ESqOey7kkC74ETlM="; - fetchSubmodules = true; + sha256 = "sha256-d6S7cMTiwIgqOcN9j3yeEXUNSro9I2b8HLJw1oGKjWI="; }; propagatedBuildInputs = [ @@ -43,6 +44,8 @@ buildPythonPackage rec { pyyaml requests requests-oauthlib + setuptools + six urllib3 websocket-client ]; @@ -65,6 +68,6 @@ buildPythonPackage rec { description = "Kubernetes Python client"; homepage = "https://github.com/kubernetes-client/python"; license = licenses.asl20; - maintainers = with maintainers; [ lsix ]; + maintainers = with maintainers; [ lsix SuperSandro2000 ]; }; } diff --git a/pkgs/development/python-modules/mail-parser/default.nix b/pkgs/development/python-modules/mail-parser/default.nix index d3be0844f6f..42123445fc5 100644 --- a/pkgs/development/python-modules/mail-parser/default.nix +++ b/pkgs/development/python-modules/mail-parser/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonPackage, python, pythonOlder, glibcLocales, fetchFromGitHub, six, simplejson }: +{ lib, buildPythonPackage, python, glibcLocales, fetchFromGitHub, six, simplejson }: buildPythonPackage rec { pname = "mail-parser"; diff --git a/pkgs/development/python-modules/pglast/default.nix b/pkgs/development/python-modules/pglast/default.nix index 5c1a4b74a87..baef7ea8aad 100644 --- a/pkgs/development/python-modules/pglast/default.nix +++ b/pkgs/development/python-modules/pglast/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "pglast"; - version = "3.10"; + version = "3.11"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-rkoCtcBe5LBTTpmd+cj6s80UWXyTpMk74FipyK0t5go="; + hash = "sha256-JvWYrfo4HmvzwJ4vi8iGMfUKTMmpN6FS8fx2McKDj3Y="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pims/default.nix b/pkgs/development/python-modules/pims/default.nix index 85a867ec511..879e25f7741 100644 --- a/pkgs/development/python-modules/pims/default.nix +++ b/pkgs/development/python-modules/pims/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "pims"; - version = "0.6.0"; + version = "0.6.1"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -19,8 +19,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "soft-matter"; repo = pname; - rev = "v${version}"; - hash = "sha256-F4UWbD9fOfvaZwYcY1l7XOzVKZyqqTGTqVJoNPo1Ozg="; + rev = "refs/tags/v${version}"; + hash = "sha256-QdllA1QTSJ8vWaSJ0XoUanX53sb4RaOmdXBCFEsoWMU="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pynetgear/default.nix b/pkgs/development/python-modules/pynetgear/default.nix index e60b667d80b..a6cda6e4d33 100644 --- a/pkgs/development/python-modules/pynetgear/default.nix +++ b/pkgs/development/python-modules/pynetgear/default.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { pname = "pynetgear"; - version = "0.10.2"; + version = "0.10.3"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -16,7 +16,7 @@ buildPythonPackage rec { owner = "MatMaul"; repo = pname; rev = "refs/tags/${version}"; - sha256 = "sha256-/JynomaMARuE3svTdnnczHmP839S0EXLbE7xG9dYEv0="; + sha256 = "sha256-CuKV4a3f5FlkDRAOv6H7k5oGTiT8rRhE+NosKpvZj6g="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pysaml2/default.nix b/pkgs/development/python-modules/pysaml2/default.nix index 1c6d9b45c56..ac46cdf0ec4 100644 --- a/pkgs/development/python-modules/pysaml2/default.nix +++ b/pkgs/development/python-modules/pysaml2/default.nix @@ -14,6 +14,7 @@ , pytz , requests , responses +, setuptools , six , substituteAll , xmlschema @@ -36,11 +37,12 @@ buildPythonPackage rec { propagatedBuildInputs = [ cryptography - python-dateutil defusedxml pyopenssl + python-dateutil pytz requests + setuptools six xmlschema ] ++ lib.optionals (pythonOlder "3.9") [ diff --git a/pkgs/development/python-modules/pyspotify/default.nix b/pkgs/development/python-modules/pyspotify/default.nix deleted file mode 100644 index ae7e7468db9..00000000000 --- a/pkgs/development/python-modules/pyspotify/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ lib -, stdenv -, buildPythonPackage -, fetchFromGitHub -, cffi -, libspotify -}: - -buildPythonPackage rec { - pname = "pyspotify"; - version = "2.1.3"; - - src = fetchFromGitHub { - owner = "mopidy"; - repo = "pyspotify"; - rev = "v${version}"; - sha256 = "sha256-CjIRwSlR5HPOJ9tp7lrdcDPiKH3p/PxvEJ8sqVD5s3Q="; - }; - - propagatedBuildInputs = [ cffi ]; - buildInputs = [ libspotify ]; - - # python zip complains about old timestamps - preConfigure = '' - find -print0 | xargs -0 touch - ''; - - postInstall = lib.optionalString stdenv.isDarwin '' - find "$out" -name _spotify.so -exec \ - install_name_tool -change \ - @loader_path/../Frameworks/libspotify.framework/libspotify \ - ${libspotify}/lib/libspotify.dylib \ - {} \; - ''; - - # There are no tests - doCheck = false; - - meta = with lib; { - homepage = "http://pyspotify.mopidy.com"; - description = "A Python interface to Spotify’s online music streaming service"; - license = licenses.unfree; - maintainers = with maintainers; [ lovek323 ]; - }; -} diff --git a/pkgs/development/python-modules/sphinxcontrib-spelling/default.nix b/pkgs/development/python-modules/sphinxcontrib-spelling/default.nix index 5ffdc0221e7..80f988c477a 100644 --- a/pkgs/development/python-modules/sphinxcontrib-spelling/default.nix +++ b/pkgs/development/python-modules/sphinxcontrib-spelling/default.nix @@ -10,14 +10,14 @@ buildPythonPackage rec { pname = "sphinxcontrib-spelling"; - version = "7.4.0"; + version = "7.4.1"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-GLsQu912pXRg7dejBka9lXZt+oxv50/T7J2ZQ2BlmGA="; + hash = "sha256-OpbyKqxq9JQHOvrLmI2U2NfCtgJ7IFA6jyDa4ysQw74="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/structlog/default.nix b/pkgs/development/python-modules/structlog/default.nix index b6eb0c2672a..2bc61dac161 100644 --- a/pkgs/development/python-modules/structlog/default.nix +++ b/pkgs/development/python-modules/structlog/default.nix @@ -5,7 +5,6 @@ , pytest-asyncio , pretend , freezegun -, twisted , simplejson , six , pythonAtLeast @@ -16,7 +15,6 @@ buildPythonPackage rec { version = "21.5.0"; format = "flit"; - # sdist is missing conftest.py src = fetchFromGitHub { owner = "hynek"; repo = "structlog"; @@ -24,12 +22,14 @@ buildPythonPackage rec { sha256 = "0bc5lj0732j0hjq89llgrncyzs6k3aaffvg07kr3la44w0hlrb4l"; }; - checkInputs = [ pytestCheckHook pytest-asyncio pretend freezegun simplejson twisted ]; propagatedBuildInputs = [ six ]; - meta = { + checkInputs = [ pytestCheckHook pytest-asyncio pretend freezegun simplejson ]; + + meta = with lib; { description = "Painless structural logging"; homepage = "https://github.com/hynek/structlog"; - license = lib.licenses.asl20; + license = licenses.asl20; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/development/python-modules/transformers/default.nix b/pkgs/development/python-modules/transformers/default.nix index adef7a19afc..dcc89161d4e 100644 --- a/pkgs/development/python-modules/transformers/default.nix +++ b/pkgs/development/python-modules/transformers/default.nix @@ -17,7 +17,7 @@ , scikit-learn , pillow , pyyaml -, torch +, pytorch , tokenizers , tqdm }: @@ -67,7 +67,7 @@ buildPythonPackage rec { # tf2onnx ]; torch = [ - torch + pytorch ]; tokenizers = [ tokenizers diff --git a/pkgs/development/python-modules/wordcloud/default.nix b/pkgs/development/python-modules/wordcloud/default.nix index e04f17c214d..2ac682c775f 100644 --- a/pkgs/development/python-modules/wordcloud/default.nix +++ b/pkgs/development/python-modules/wordcloud/default.nix @@ -1,35 +1,44 @@ -{ lib, buildPythonPackage, fetchFromGitHub +{ lib +, buildPythonPackage +, cython +, fetchFromGitHub +, fetchpatch , matplotlib , mock , numpy , pillow -, cython -, pytest-cov -, pytest -, fetchpatch +, pytestCheckHook +, pythonOlder }: buildPythonPackage rec { - pname = "word_cloud"; + pname = "wordcloud"; version = "1.8.1"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; - # tests are not included in pypi tarball src = fetchFromGitHub { owner = "amueller"; repo = pname; rev = version; - sha256 = "sha256-4EFQfv+Jn9EngUAyDoJP0yv9zr9Tnbrdwq1YzDacB9Q="; + hash = "sha256-4EFQfv+Jn9EngUAyDoJP0yv9zr9Tnbrdwq1YzDacB9Q="; }; - nativeBuildInputs = [ cython ]; - propagatedBuildInputs = [ matplotlib numpy pillow ]; + nativeBuildInputs = [ + cython + ]; - # Tests require extra dependencies - checkInputs = [ mock pytest pytest-cov ]; + propagatedBuildInputs = [ + matplotlib + numpy + pillow + ]; - checkPhase = '' - PATH=$out/bin:$PATH pytest test - ''; + checkInputs = [ + mock + pytestCheckHook + ]; patches = [ (fetchpatch { @@ -39,8 +48,26 @@ buildPythonPackage rec { }) ]; + postPatch = '' + substituteInPlace setup.cfg \ + --replace " --cov --cov-report xml --tb=short" "" + ''; + + preCheck = '' + cd test + ''; + + pythonImportsCheck = [ + "wordcloud" + ]; + + disabledTests = [ + # Don't tests CLI + "test_cli_as_executable" + ]; + meta = with lib; { - description = "A little word cloud generator in Python"; + description = "Word cloud generator in Python"; homepage = "https://github.com/amueller/word_cloud"; license = licenses.mit; maintainers = with maintainers; [ jm2dev ]; diff --git a/pkgs/development/tools/misc/hydra/unstable.nix b/pkgs/development/tools/misc/hydra/unstable.nix index 2759c08fbca..709af8f4485 100644 --- a/pkgs/development/tools/misc/hydra/unstable.nix +++ b/pkgs/development/tools/misc/hydra/unstable.nix @@ -239,7 +239,7 @@ stdenv.mkDerivation rec { doCheck = true; passthru = { - inherit perlDeps; + inherit nix perlDeps; tests.basic = nixosTests.hydra.hydra_unstable; }; diff --git a/pkgs/os-specific/linux/bpftrace/default.nix b/pkgs/os-specific/linux/bpftrace/default.nix index abf8fb63bc3..0dd477ee31d 100644 --- a/pkgs/os-specific/linux/bpftrace/default.nix +++ b/pkgs/os-specific/linux/bpftrace/default.nix @@ -4,12 +4,31 @@ , libelf, libbfd, libbpf, libopcodes, bcc , cereal, asciidoctor , nixosTests +, util-linux }: stdenv.mkDerivation rec { pname = "bpftrace"; version = "0.14.1"; + # Cherry-picked from merged PR, remove this hook on next update + # https://github.com/iovisor/bpftrace/pull/2242 + # Cannot `fetchpatch` such pure renaming diff since + # https://github.com/iovisor/bpftrace/commit/2df807dbae4037aa8bf0afc03f52fb3f6321c62a.patch + # does not contain any diff in unified format but just this instead: + # ... + # man/man8/{bashreadline.8 => bashreadline.bt.8} | 0 + # ... + # 35 files changed, 0 insertions(+), 0 deletions(-) + # rename man/man8/{bashreadline.8 => bashreadline.bt.8} (100%) + # ... + # on witch `fetchpatch` fails with + # error: Normalized patch '/build/patch' is empty (while the fetched file was not)! + # Did you maybe fetch a HTML representation of a patch instead of a raw patch? + postUnpack = '' + rename .8 .bt.8 "$sourceRoot"/man/man8/*.8 + ''; + src = fetchFromGitHub { owner = "iovisor"; repo = "bpftrace"; @@ -29,7 +48,7 @@ stdenv.mkDerivation rec { cereal asciidoctor ]; - nativeBuildInputs = [ cmake pkg-config flex bison llvmPackages.llvm.dev ]; + nativeBuildInputs = [ cmake pkg-config flex bison llvmPackages.llvm.dev util-linux ]; # tests aren't built, due to gtest shenanigans. see: # diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix index f4b5bf65fea..dd5ae58d2a4 100644 --- a/pkgs/servers/http/nginx/mainline.nix +++ b/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ -{ callPackage, openssl_3_0, ... }@args: +{ callPackage, ... }@args: -callPackage ./generic.nix (args // { openssl = openssl_3_0; }) { - version = "1.21.6"; - sha256 = "1bh52jqqcaj5wlh2kvhxr00jhk2hnk8k97ki4pwyj4c8920p1p36"; +callPackage ./generic.nix args { + version = "1.22.0"; + sha256 = "0lzb4sn8hv491zad9kbpvka3m5ayjf1pxqbwllri980idyd5cgdk"; } diff --git a/pkgs/servers/http/nginx/quic.nix b/pkgs/servers/http/nginx/quic.nix index 4db1b19644c..8743d31939b 100644 --- a/pkgs/servers/http/nginx/quic.nix +++ b/pkgs/servers/http/nginx/quic.nix @@ -6,8 +6,8 @@ callPackage ./generic.nix args { src = fetchhg { url = "https://hg.nginx.org/nginx-quic"; - rev = "55b38514729b"; # branch=quic - sha256 = "sha256-EJ3Fuxb4Z43I5eSb3mzzIOBfppAZ4Adv1yVZWbVCv0A="; + rev = "5b1011b5702b"; # branch=quic + sha256 = "sha256-q1gsJ6CJ7SD1XLitygnRusJ+exFPFg+B3wdsN+NvuL8="; }; preConfigure = '' diff --git a/pkgs/servers/http/nginx/stable.nix b/pkgs/servers/http/nginx/stable.nix index c219b01fbb3..5d4db3a403b 100644 --- a/pkgs/servers/http/nginx/stable.nix +++ b/pkgs/servers/http/nginx/stable.nix @@ -1,13 +1,6 @@ -{ callPackage, fetchpatch, ... } @ args: +{ callPackage, ... } @ args: callPackage ./generic.nix args { - version = "1.20.2"; - sha256 = "0hjsyjzd35qyw49w210f67g678kvzinw4kg1acb0l6c2fxspd24m"; - extraPatches = [ - (fetchpatch { - name = "CVE-2021-3618.patch"; - url = "https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a.patch"; - sha256 = "0cnxmbkp6ip61w7y1ihhnvziiwzz3p3wi2vpi5c7yaj5m964k5db"; - }) - ]; + version = "1.22.0"; + sha256 = "0lzb4sn8hv491zad9kbpvka3m5ayjf1pxqbwllri980idyd5cgdk"; } diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 1da098dabbe..4e5db210637 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -20,6 +20,9 @@ let allowUnfree = config.allowUnfree || builtins.getEnv "NIXPKGS_ALLOW_UNFREE" == "1"; + allowNonSource = config.allowNonSource or true + || builtins.getEnv "NIXPKGS_ALLOW_NONSOURCE" == "1"; + allowlist = config.allowlistedLicenses or config.whitelistedLicenses or []; blocklist = config.blocklistedLicenses or config.blacklistedLicenses or []; @@ -86,12 +89,39 @@ let allowInsecurePredicate attrs || builtins.getEnv "NIXPKGS_ALLOW_INSECURE" == "1"; - showLicense = license: toString (map (l: l.shortName or "unknown") (lib.lists.toList license)); + + isNonSource = sourceTypes: lib.lists.any (t: !t.isSource) sourceTypes; + + hasNonSourceProvenance = attrs: + (attrs ? meta.sourceProvenance) && + isNonSource (lib.lists.toList attrs.meta.sourceProvenance); + + # Allow granular checks to allow only some non-source-built packages + # Example: + # {pkgs, ...}: + # { + # allowNonSource = false; + # allowNonSourcePredicate = with lib.lists; pkg: !(any (p: !p.isSource && p!=lib.sourceTypes.binaryFirmware) (toList pkg.meta.sourceProvenance)); + # } + allowNonSourcePredicate = config.allowNonSourcePredicate or (x: false); + + # Check whether non-source packages are allowed and if not, whether the + # package has non-source provenance and is not explicitly allowed by the + # `allowNonSourcePredicate` function. + hasDeniedNonSourceProvenance = attrs: + hasNonSourceProvenance attrs && + !allowNonSource && + !allowNonSourcePredicate attrs; + + showLicenseOrSourceType = value: toString (map (v: v.shortName or "unknown") (lib.lists.toList value)); + showLicense = showLicenseOrSourceType; + showSourceType = showLicenseOrSourceType; pos_str = meta: meta.position or "«unknown-file»"; remediation = { - unfree = remediate_allowlist "Unfree" remediate_unfree_predicate; + unfree = remediate_allowlist "Unfree" (remediate_predicate "allowUnfreePredicate"); + non-source = remediate_allowlist "NonSource" (remediate_predicate "allowNonSourcePredicate"); broken = remediate_allowlist "Broken" (x: ""); unsupported = remediate_allowlist "UnsupportedSystem" (x: ""); blocklisted = x: ""; @@ -104,17 +134,19 @@ let Unfree = "NIXPKGS_ALLOW_UNFREE"; Broken = "NIXPKGS_ALLOW_BROKEN"; UnsupportedSystem = "NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM"; + NonSource = "NIXPKGS_ALLOW_NONSOURCE"; }.${allow_attr}; remediation_phrase = allow_attr: { Unfree = "unfree packages"; Broken = "broken packages"; UnsupportedSystem = "packages that are unsupported for this system"; + NonSource = "packages not built from source"; }.${allow_attr}; - remediate_unfree_predicate = attrs: + remediate_predicate = predicateConfigAttr: attrs: '' Alternatively you can configure a predicate to allow specific packages: - { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + { nixpkgs.config.${predicateConfigAttr} = pkg: builtins.elem (lib.getName pkg) [ "${lib.getName attrs}" ]; } @@ -226,6 +258,7 @@ let downloadPage = str; changelog = either (listOf str) str; license = either (listOf lib.types.attrs) (either lib.types.attrs str); + sourceProvenance = either (listOf lib.types.attrs) lib.types.attrs; maintainers = listOf (attrsOf str); priority = int; platforms = listOf str; @@ -288,6 +321,7 @@ let checkValidity = attrs: { unfree = hasUnfreeLicense attrs; + nonSource = hasNonSourceProvenance attrs; broken = isMarkedBroken attrs; unsupported = hasUnsupportedPlatform attrs; insecure = isMarkedInsecure attrs; @@ -296,6 +330,8 @@ let { valid = "no"; reason = "unfree"; errormsg = "has an unfree license (‘${showLicense attrs.meta.license}’)"; } else if hasBlocklistedLicense attrs then { valid = "no"; reason = "blocklisted"; errormsg = "has a blocklisted license (‘${showLicense attrs.meta.license}’)"; } + else if hasDeniedNonSourceProvenance attrs then + { valid = "no"; reason = "non-source"; errormsg = "contains elements not built from source (‘${showSourceType attrs.meta.sourceProvenance}’)"; } else if !allowBroken && attrs.meta.broken or false then { valid = "no"; reason = "broken"; errormsg = "is marked as broken"; } else if !allowUnsupportedSystem && hasUnsupportedPlatform attrs then diff --git a/pkgs/tools/audio/tts/default.nix b/pkgs/tools/audio/tts/default.nix index a15a29f9d57..c9116b22ba0 100644 --- a/pkgs/tools/audio/tts/default.nix +++ b/pkgs/tools/audio/tts/default.nix @@ -31,14 +31,14 @@ let in python.pkgs.buildPythonApplication rec { pname = "tts"; - version = "0.6.1"; + version = "0.6.2"; format = "setuptools"; src = fetchFromGitHub { owner = "coqui-ai"; repo = "TTS"; rev = "v${version}"; - sha256 = "sha256-YzMR/Tl1UvjdSqV/h4lYR6DuarEqEIM7RReqYznFU4Q="; + sha256 = "sha256-n27a1s3Dpe5Hd3JryD4fPAjRcNc0YR1fpop+uhYA6sQ="; }; postPatch = let @@ -132,6 +132,8 @@ python.pkgs.buildPythonApplication rec { ]; disabledTestPaths = [ + # Requires network acccess to download models + "tests/aux_tests/test_remove_silence_vad_script.py" # phonemes mismatch between espeak-ng and gruuts phonemizer "tests/text_tests/test_phonemizer.py" # no training, it takes too long @@ -146,7 +148,6 @@ python.pkgs.buildPythonApplication rec { "tests/tts_tests/test_tacotron2_d-vectors_train.py" "tests/tts_tests/test_tacotron2_speaker_emb_train.py" "tests/tts_tests/test_tacotron2_train.py" - "tests/tts_tests/test_tacotron2_train_fsspec_path.py" "tests/tts_tests/test_tacotron_train.py" "tests/tts_tests/test_vits_d-vectors_train.py" "tests/tts_tests/test_vits_multilingual_speaker_emb_train.py" diff --git a/pkgs/tools/misc/gh-cal/default.nix b/pkgs/tools/misc/gh-cal/default.nix index f4f4a66a496..3e38cdf9d75 100644 --- a/pkgs/tools/misc/gh-cal/default.nix +++ b/pkgs/tools/misc/gh-cal/default.nix @@ -2,7 +2,7 @@ , stdenv , fetchCrate , rustPlatform -, pkgconfig +, pkg-config , openssl , Security }: @@ -17,7 +17,7 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "sha256-73gqk0DjhaLGIEP5VQQlubPomxHQyg4RnY5XTgE7msQ="; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security ]; meta = with lib; { diff --git a/pkgs/tools/virtualization/cri-tools/default.nix b/pkgs/tools/virtualization/cri-tools/default.nix index 62a13499dd8..9bffe01c8d3 100644 --- a/pkgs/tools/virtualization/cri-tools/default.nix +++ b/pkgs/tools/virtualization/cri-tools/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "cri-tools"; - version = "1.24.1"; + version = "1.24.2"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "v${version}"; - sha256 = "sha256-7WZ7Kb3Rx/hq7LYaDN/B9CpPgr9+aR5+FKDG7G/JydA="; + sha256 = "sha256-uhLaBX5vgQO/RkZUrP2uAubavq5MBvr3TRsGYchfR5s="; }; vendorSha256 = null; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 6ad3af02118..2ef27b25740 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -193,6 +193,7 @@ mapAliases ({ clawsMail = throw "'clawsMail' has been renamed to/replaced by 'claws-mail'"; # Converted to throw 2022-02-22 cldr-emoji-annotation = throw "'cldr-emoji-annotation' has been removed, as it was unmaintained; use 'cldr-annotations' instead"; # Added 2022-04-03 clearsilver = throw "clearsilver has been removed: abandoned by upstream"; # Added 2022-03-15 + clementineUnfree = throw "clementineUnfree has been removed because Spotify stopped supporting libspotify"; # added 2022-05-29 clutter_gtk = throw "'clutter_gtk' has been renamed to/replaced by 'clutter-gtk'"; # Converted to throw 2022-02-22 cmakeWithQt4Gui = throw "cmakeWithQt4Gui has been removed in favor of cmakeWithGui (Qt 5)"; # Added 2021-05 codimd = hedgedoc; # Added 2020-11-29 @@ -698,6 +699,7 @@ mapAliases ({ libressl_3_2 = throw "'libressl_3_2' has reached end-of-life "; # Added 2022-03-19 librsync_0_9 = throw "librsync_0_9 has been removed"; # Added 2021-07-24 libseat = seatd; # Added 2021-06-24 + libspotify = throw "libspotify has been removed because Spotify stopped supporting it"; # added 2022-05-29 libstdcxxHook = throw "libstdcxx hook has been removed because cc-wrapper is now directly aware of the c++ standard library intended to be used"; # Added 2020-06-22 libsysfs = throw "'libsysfs' has been renamed to/replaced by 'sysfsutils'"; # Converted to throw 2022-02-22 libtidy = throw "'libtidy' has been renamed to/replaced by 'html-tidy'"; # Converted to throw 2022-02-22 @@ -842,6 +844,8 @@ mapAliases ({ mopidy-gmusic = throw "mopidy-gmusic has been removed because Google Play Music was discontinued"; # Added 2021-03-07 mopidy-local-images = throw "mopidy-local-images has been removed as it's unmaintained. Its functionality has been merged into the mopidy-local extension"; # Added 2020-10-18 mopidy-local-sqlite = throw "mopidy-local-sqlite has been removed as it's unmaintained. Its functionality has been merged into the mopidy-local extension"; # Added 2020-10-18 + mopidy-spotify = throw "mopidy-spotify has been removed because Spotify stopped supporting libspotify"; # added 2022-05-29 + mopidy-spotify-tunigo = throw "mopidy-spotify-tunigo has been removed because Spotify stopped supporting libspotify"; # added 2022-05-29 morituri = throw "'morituri' has been renamed to/replaced by 'whipper'"; # Converted to throw 2022-02-22 mozart-binary = mozart2-binary; # Added 2019-09-23 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eeff19f9dd6..3feac0bc06c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4625,8 +4625,6 @@ with pkgs; protobuf = protobuf3_19; }; - clementineUnfree = clementine.unfree; - mellowplayer = libsForQt5.callPackage ../applications/audio/mellowplayer { }; ciopfs = callPackage ../tools/filesystems/ciopfs { }; @@ -12336,6 +12334,8 @@ with pkgs; binaryen = callPackage ../development/compilers/binaryen { }; + blueprint-compiler = callPackage ../development/compilers/blueprint { }; + bluespec = callPackage ../development/compilers/bluespec { gmp-static = gmp.override { withStatic = true; }; tex = texlive.combined.scheme-full; @@ -17342,6 +17342,8 @@ with pkgs; geoipjava = callPackage ../development/libraries/java/geoipjava { }; + geomyidae = callPackage ../applications/networking/gopher/geomyidae { }; + geos = callPackage ../development/libraries/geos { }; geos39 = callPackage ../development/libraries/geos/3.9.nix { }; @@ -22045,6 +22047,7 @@ with pkgs; nginxQuic = callPackage ../servers/http/nginx/quic.nix { zlib = zlib-ng.override { withZlibCompat = true; }; + pcre = pcre2; withPerl = false; # We don't use `with` statement here on purpose! # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334 @@ -22055,6 +22058,8 @@ with pkgs; nginxStable = callPackage ../servers/http/nginx/stable.nix { zlib = zlib-ng.override { withZlibCompat = true; }; + openssl = openssl_3_0; + pcre = pcre2; withPerl = false; # We don't use `with` statement here on purpose! # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334 @@ -22063,6 +22068,8 @@ with pkgs; nginxMainline = callPackage ../servers/http/nginx/mainline.nix { zlib = zlib-ng.override { withZlibCompat = true; }; + openssl = openssl_3_0; + pcre = pcre2; withKTLS = true; withPerl = false; # We don't use `with` statement here on purpose! @@ -28218,8 +28225,6 @@ with pkgs; mopidy-scrobbler mopidy-somafm mopidy-soundcloud - mopidy-spotify - mopidy-spotify-tunigo mopidy-subidy mopidy-tunein mopidy-youtube @@ -29720,8 +29725,6 @@ with pkgs; spotify = callPackage ../applications/audio/spotify/wrapper.nix { }; - libspotify = callPackage ../development/libraries/libspotify (config.libspotify or {}); - sourcetrail = let llvmPackages = llvmPackages_10; in libsForQt5.callPackage ../development/tools/sourcetrail { diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 2018b1b8b99..d4e26b3fda8 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -68,6 +68,7 @@ mapAliases ({ dogpile_cache = dogpile-cache; # added 2021-10-28 dogpile-core = throw "dogpile-core is no longer maintained, use dogpile-cache instead"; # added 2021-11-20 eebrightbox = throw "eebrightbox is unmaintained upstream and has therefore been removed"; # added 2022-02-03 + fake_factory = throw "fake_factory has been removed because it is unused and deprecated by upstream since 2016."; # added 2022-05-30 faulthandler = throw "faulthandler is built into ${python.executable}"; # added 2021-07-12 flask_testing = flask-testing; # added 2022-04-25 flask_wtf = flask-wtf; # added 2022-05-24 @@ -112,6 +113,7 @@ mapAliases ({ pymssql = throw "pymssql has been abandoned upstream."; # added 2020-05-04 pyreadability = readability-lxml; # added 2022-05-24 pysmart-smartx = pysmart; # added 2021-10-22 + pyspotify = throw "pyspotify has been removed because Spotify stopped supporting libspotify"; # added 2022-05-29 pytest_6 = pytest; # added 2022-02-10 pytestcov = pytest-cov; # added 2021-01-04 pytest-pep8 = pytestpep8; # added 2021-01-04 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 189207368ba..bd2f70d4a02 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2891,8 +2891,6 @@ in { factory_boy = callPackage ../development/python-modules/factory_boy { }; - fake_factory = callPackage ../development/python-modules/fake_factory { }; - fake-useragent = callPackage ../development/python-modules/fake-useragent { }; faker = callPackage ../development/python-modules/faker { }; @@ -8081,8 +8079,6 @@ in { pyspnego = callPackage ../development/python-modules/pyspnego { }; - pyspotify = callPackage ../development/python-modules/pyspotify { }; - pysptk = callPackage ../development/python-modules/pysptk { }; pysqlcipher3 = callPackage ../development/python-modules/pysqlcipher3 {