b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse source
This commit is contained in:
github-actions[bot] 2022-08-17 00:13:55 +00:00 committed by GitHub
parent c096937e1b bdf1b57cd2
commit 8df3a34451
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
239 changed files with 27091 additions and 1715 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
maintainers/maintainer-list.nix
View file

@ -7262,7 +7262,7 @@
};
lassulus = {
email = "lassulus@gmail.com";
matrix = "@lassulus:nixos.dev";
matrix = "@lassulus:lassul.us";
github = "Lassulus";
githubId = 621759;
name = "Lassulus";
@ -10178,6 +10178,16 @@
fingerprint = "5D69 CF04 B7BC 2BC1 A567 9267 00BC F29B 3208 0700";
}];
};
phfroidmont = {
name = "Paul-Henri Froidmont";
email = "nix.contact-j9dw4d@froidmont.org";
github = "phfroidmont";
githubId = 8150907;
keys = [{
fingerprint = "3AC6 F170 F011 33CE 393B CD94 BE94 8AFD 7E78 73BE";
}];
};
philandstuff = {
email = "philip.g.potter@gmail.com";
github = "philandstuff";

12
nixos/doc/manual/from_md/installation/installing.chapter.xml
View file

@ -177,17 +177,17 @@ OK
the boot partition.
</para>
<programlisting>
# parted /dev/sda -- mkpart primary 512MiB -8GiB
# parted /dev/sda -- mkpart primary 512MB -8GB
</programlisting>
</listitem>
<listitem>
<para>
Next, add a <emphasis>swap</emphasis> partition. The size
required will vary according to needs, here a 8GiB one is
required will vary according to needs, here a 8GB one is
created.
</para>
<programlisting>
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
</programlisting>
<note>
<para>
@ -204,7 +204,7 @@ OK
reserved 512MiB at the start of the disk.
</para>
<programlisting>
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB
# parted /dev/sda -- set 3 esp on
</programlisting>
</listitem>
@ -242,7 +242,7 @@ OK
live.
</para>
<programlisting>
# parted /dev/sda -- mkpart primary 1MiB -8GiB
# parted /dev/sda -- mkpart primary 1MB -8GB
</programlisting>
</listitem>
<listitem>
@ -252,7 +252,7 @@ OK
created.
</para>
<programlisting>
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
</programlisting>
<note>
<para>

8
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
View file

@ -191,6 +191,14 @@
<link linkend="opt-services.tempo.enable">services.tempo</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/zalando/patroni">Patroni</link>,
a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
Available as
<link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.11-incompatibilities">

12
nixos/doc/manual/installation/installing.chapter.md
View file

@ -133,14 +133,14 @@ update /etc/fstab.
which will be used by the boot partition.
```ShellSession
# parted /dev/sda -- mkpart primary 512MiB -8GiB
# parted /dev/sda -- mkpart primary 512MB -8GB
```
3. Next, add a *swap* partition. The size required will vary according
to needs, here a 8GiB one is created.
to needs, here a 8GB one is created.
```ShellSession
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
```
::: {.note}
@ -153,7 +153,7 @@ update /etc/fstab.
reserved 512MiB at the start of the disk.
```ShellSession
# parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
# parted /dev/sda -- mkpart ESP fat32 1MB 512MB
# parted /dev/sda -- set 3 esp on
```
@ -180,14 +180,14 @@ update /etc/fstab.
end part, where the swap will live.
```ShellSession
# parted /dev/sda -- mkpart primary 1MiB -8GiB
# parted /dev/sda -- mkpart primary 1MB -8GB
```
3. Finally, add a *swap* partition. The size required will vary
according to needs, here a 8GiB one is created.
```ShellSession
# parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
# parted /dev/sda -- mkpart primary linux-swap -8GB 100%
```
::: {.note}

3
nixos/doc/manual/release-notes/rl-2211.section.md
View file

@ -75,6 +75,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
Available as [services.patroni](options.html#opt-services.patroni.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}

519
nixos/modules/config/mysql.nix Normal file
View file

@ -0,0 +1,519 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.users.mysql;
in
{
options = {
users.mysql = {
enable = mkEnableOption "Authentication against a MySQL/MariaDB database";
host = mkOption {
type = types.str;
example = "localhost";
description = "The hostname of the MySQL/MariaDB server";
};
database = mkOption {
type = types.str;
example = "auth";
description = "The name of the database containing the users";
};
user = mkOption {
type = types.str;
example = "nss-user";
description = "The username to use when connecting to the database";
};
passwordFile = mkOption {
type = types.path;
example = "/run/secrets/mysql-auth-db-passwd";
description = "The path to the file containing the password for the user";
};
pam = mkOption {
description = "Settings for <literal>pam_mysql</literal>";
type = types.submodule {
options = {
table = mkOption {
type = types.str;
example = "users";
description = "The name of table that maps unique login names to the passwords.";
};
updateTable = mkOption {
type = types.nullOr types.str;
default = null;
example = "users_updates";
description = ''
The name of the table used for password alteration. If not defined, the value
of the <literal>table</literal> option will be used instead.
'';
};
userColumn = mkOption {
type = types.str;
example = "username";
description = "The name of the column that contains a unix login name.";
};
passwordColumn = mkOption {
type = types.str;
example = "password";
description = "The name of the column that contains a (encrypted) password string.";
};
statusColumn = mkOption {
type = types.nullOr types.str;
default = null;
example = "status";
description = ''
The name of the column or an SQL expression that indicates the status of
the user. The status is expressed by the combination of two bitfields
shown below:
<itemizedlist>
<listitem>
<para>
<literal>bit 0 (0x01)</literal>:
if flagged, <literal>pam_mysql</literal> deems the account to be expired and
returns <literal>PAM_ACCT_EXPIRED</literal>. That is, the account is supposed
to no longer be available. Note this doesn't mean that <literal>pam_mysql</literal>
rejects further authentication operations.
</para>
</listitem>
<listitem>
<para>
<literal>bit 1 (0x02)</literal>:
if flagged, <literal>pam_mysql</literal> deems the authentication token
(password) to be expired and returns <literal>PAM_NEW_AUTHTOK_REQD</literal>.
This ends up requiring that the user enter a new password.
</para>
</listitem>
</itemizedlist>
'';
};
passwordCrypt = mkOption {
example = "2";
type = types.enum [
"0" "plain"
"1" "Y"
"2" "mysql"
"3" "md5"
"4" "sha1"
"5" "drupal7"
"6" "joomla15"
"7" "ssha"
"8" "sha512"
"9" "sha256"
];
description = ''
The method to encrypt the user's password:
<itemizedlist>
<listitem>
<para>
<literal>0</literal> (or <literal>"plain"</literal>):
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
</para>
</listitem>
<listitem>
<para>
<literal>1</literal> (or <literal>"Y"</literal>):
Use crypt(3) function.
</para>
</listitem>
<listitem>
<para>
<literal>2</literal> (or <literal>"mysql"</literal>):
Use the MySQL PASSWORD() function. It is possible that the encryption function used
by <literal>pam_mysql</literal> is different from that of the MySQL server, as
<literal>pam_mysql</literal> uses the function defined in MySQL's C-client API
instead of using PASSWORD() SQL function in the query.
</para>
</listitem>
<listitem>
<para>
<literal>3</literal> (or <literal>"md5"</literal>):
Use plain hex MD5.
</para>
</listitem>
<listitem>
<para>
<literal>4</literal> (or <literal>"sha1"</literal>):
Use plain hex SHA1.
</para>
</listitem>
<listitem>
<para>
<literal>5</literal> (or <literal>"drupal7"</literal>):
Use Drupal7 salted passwords.
</para>
</listitem>
<listitem>
<para>
<literal>6</literal> (or <literal>"joomla15"</literal>):
Use Joomla15 salted passwords.
</para>
</listitem>
<listitem>
<para>
<literal>7</literal> (or <literal>"ssha"</literal>):
Use ssha hashed passwords.
</para>
</listitem>
<listitem>
<para>
<literal>8</literal> (or <literal>"sha512"</literal>):
Use sha512 hashed passwords.
</para>
</listitem>
<listitem>
<para>
<literal>9</literal> (or <literal>"sha256"</literal>):
Use sha256 hashed passwords.
</para>
</listitem>
</itemizedlist>
'';
};
cryptDefault = mkOption {
type = types.nullOr (types.enum [ "md5" "sha256" "sha512" "blowfish" ]);
default = null;
example = "blowfish";
description = "The default encryption method to use for <literal>passwordCrypt = 1</literal>.";
};
where = mkOption {
type = types.nullOr types.str;
default = null;
example = "host.name='web' AND user.active=1";
description = "Additional criteria for the query.";
};
verbose = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, produces logs with detailed messages that describes what
<literal>pam_mysql</literal> is doing. May be useful for debugging.
'';
};
disconnectEveryOperation = mkOption {
type = types.bool;
default = false;
description = ''
By default, <literal>pam_mysql</literal> keeps the connection to the MySQL
database until the session is closed. If this option is set to true it
disconnects every time the PAM operation has finished. This option may
be useful in case the session lasts quite long.
'';
};
logging = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enables logging of authentication attempts in the MySQL database.";
};
table = mkOption {
type = types.str;
example = "logs";
description = "The name of the table to which logs are written.";
};
msgColumn = mkOption {
type = types.str;
example = "msg";
description = ''
The name of the column in the log table to which the description
of the performed operation is stored.
'';
};
userColumn = mkOption {
type = types.str;
example = "user";
description = ''
The name of the column in the log table to which the name of the
user being authenticated is stored.
'';
};
pidColumn = mkOption {
type = types.str;
example = "pid";
description = ''
The name of the column in the log table to which the pid of the
process utilising the <literal>pam_mysql's</literal> authentication
service is stored.
'';
};
hostColumn = mkOption {
type = types.str;
example = "host";
description = ''
The name of the column in the log table to which the name of the user
being authenticated is stored.
'';
};
rHostColumn = mkOption {
type = types.str;
example = "rhost";
description = ''
The name of the column in the log table to which the name of the remote
host that initiates the session is stored. The value is supposed to be
set by the PAM-aware application with <literal>pam_set_item(PAM_RHOST)
</literal>.
'';
};
timeColumn = mkOption {
type = types.str;
example = "timestamp";
description = ''
The name of the column in the log table to which the timestamp of the
log entry is stored.
'';
};
};
};
};
};
nss = mkOption {
description = ''
Settings for <literal>libnss-mysql</literal>.
All examples are from the <link xlink:href="https://github.com/saknopper/libnss-mysql/tree/master/sample/minimal">minimal example</link>
of <literal>libnss-mysql</literal>, but they are modified with NixOS paths for bash.
'';
type = types.submodule {
options = {
getpwnam = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE username='%1$s' \
LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getpwnam.3.html">getpwnam</link>
syscall.
'';
};
getpwuid = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE uid='%1$u' \
LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getpwuid.3.html">getpwuid</link>
syscall.
'';
};
getspnam = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,password,'1','0','99999','0','0','-1','0' \
FROM users \
WHERE username='%1$s' \
LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getspnam.3.html">getspnam</link>
syscall.
'';
};
getpwent = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getpwent.3.html">getpwent</link>
syscall.
'';
};
getspent = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username,password,'1','0','99999','0','0','-1','0' FROM users
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getspent.3.html">getspent</link>
syscall.
'';
};
getgrnam = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getgrnam.3.html">getgrnam</link>
syscall.
'';
};
getgrgid = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getgrgid.3.html">getgrgid</link>
syscall.
'';
};
getgrent = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT name,password,gid FROM groups
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/getgrent.3.html">getgrent</link>
syscall.
'';
};
memsbygid = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT username FROM grouplist WHERE gid='%1$u'
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/memsbygid.3.html">memsbygid</link>
syscall.
'';
};
gidsbymem = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
SELECT gid FROM grouplist WHERE username='%1$s'
'';
description = ''
SQL query for the <link
xlink:href="https://man7.org/linux/man-pages/man3/gidsbymem.3.html">gidsbymem</link>
syscall.
'';
};
};
};
};
};
};
config = mkIf cfg.enable {
system.nssModules = [ pkgs.libnss-mysql ];
system.nssDatabases.shadow = [ "mysql" ];
system.nssDatabases.group = [ "mysql" ];
system.nssDatabases.passwd = [ "mysql" ];
environment.etc."security/pam_mysql.conf" = {
user = "root";
group = "root";
mode = "0600";
# password will be added from password file in activation script
text = ''
users.host=${cfg.host}
users.db_user=${cfg.user}
users.database=${cfg.database}
users.table=${cfg.pam.table}
users.user_column=${cfg.pam.userColumn}
users.password_column=${cfg.pam.passwordColumn}
users.password_crypt=${cfg.pam.passwordCrypt}
users.disconnect_every_operation=${if cfg.pam.disconnectEveryOperation then "1" else "0"}
verbose=${if cfg.pam.verbose then "1" else "0"}
'' + optionalString (cfg.pam.cryptDefault != null) ''
users.use_${cfg.pam.cryptDefault}=1
'' + optionalString (cfg.pam.where != null) ''
users.where_clause=${cfg.pam.where}
'' + optionalString (cfg.pam.statusColumn != null) ''
users.status_column=${cfg.pam.statusColumn}
'' + optionalString (cfg.pam.updateTable != null) ''
users.update_table=${cfg.pam.updateTable}
'' + optionalString cfg.pam.logging.enable ''
log.enabled=true
log.table=${cfg.pam.logging.table}
log.message_column=${cfg.pam.logging.msgColumn}
log.pid_column=${cfg.pam.logging.pidColumn}
log.user_column=${cfg.pam.logging.userColumn}
log.host_column=${cfg.pam.logging.hostColumn}
log.rhost_column=${cfg.pam.logging.rHostColumn}
log.time_column=${cfg.pam.logging.timeColumn}
'';
};
environment.etc."libnss-mysql.cfg" = {
mode = "0600";
user = config.services.nscd.user;
group = config.services.nscd.group;
text = optionalString (cfg.nss.getpwnam != null) ''
getpwnam ${cfg.nss.getpwnam}
'' + optionalString (cfg.nss.getpwuid != null) ''
getpwuid ${cfg.nss.getpwuid}
'' + optionalString (cfg.nss.getspnam != null) ''
getspnam ${cfg.nss.getspnam}
'' + optionalString (cfg.nss.getpwent != null) ''
getpwent ${cfg.nss.getpwent}
'' + optionalString (cfg.nss.getspent != null) ''
getspent ${cfg.nss.getspent}
'' + optionalString (cfg.nss.getgrnam != null) ''
getgrnam ${cfg.nss.getgrnam}
'' + optionalString (cfg.nss.getgrgid != null) ''
getgrgid ${cfg.nss.getgrgid}
'' + optionalString (cfg.nss.getgrent != null) ''
getgrent ${cfg.nss.getgrent}
'' + optionalString (cfg.nss.memsbygid != null) ''
memsbygid ${cfg.nss.memsbygid}
'' + optionalString (cfg.nss.gidsbymem != null) ''
gidsbymem ${cfg.nss.gidsbymem}
'' + ''
host ${cfg.host}
database ${cfg.database}
'';
};
environment.etc."libnss-mysql-root.cfg" = {
mode = "0600";
user = config.services.nscd.user;
group = config.services.nscd.group;
# password will be added from password file in activation script
text = ''
username ${cfg.user}
'';
};
# Activation script to append the password from the password file
# to the configuration files. It also fixes the owner of the
# libnss-mysql-root.cfg because it is changed to root after the
# password is appended.
system.activationScripts.mysql-auth-passwords = ''
if [[ -r ${cfg.passwordFile} ]]; then
org_umask=$(umask)
umask 0077
conf_nss="$(mktemp)"
cp /etc/libnss-mysql-root.cfg $conf_nss
printf 'password %s\n' "$(cat ${cfg.passwordFile})" >> $conf_nss
mv -fT "$conf_nss" /etc/libnss-mysql-root.cfg
chown ${config.services.nscd.user}:${config.services.nscd.group} /etc/libnss-mysql-root.cfg
conf_pam="$(mktemp)"
cp /etc/security/pam_mysql.conf $conf_pam
printf 'users.db_passwd=%s\n' "$(cat ${cfg.passwordFile})" >> $conf_pam
mv -fT "$conf_pam" /etc/security/pam_mysql.conf
umask $org_umask
fi
'';
};
}

2
nixos/modules/config/power-management.nix
View file

@ -91,7 +91,7 @@ in
systemd.services.post-resume =
{ description = "Post-Resume Actions";
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
script =
''
/run/current-system/systemd/bin/systemctl try-restart post-resume.target

2
nixos/modules/module-list.nix
View file

@ -22,6 +22,7 @@
./config/ldap.nix
./config/locale.nix
./config/malloc.nix
./config/mysql.nix
./config/networking.nix
./config/no-x-libs.nix
./config/nsswitch.nix
@ -329,6 +330,7 @@
./services/cluster/kubernetes/proxy.nix
./services/cluster/kubernetes/scheduler.nix
./services/cluster/pacemaker/default.nix
./services/cluster/patroni/default.nix
./services/cluster/spark/default.nix
./services/computing/boinc/client.nix
./services/computing/foldingathome/client.nix

30
nixos/modules/security/pam.nix
View file

@ -142,6 +142,16 @@ let
'';
};
mysqlAuth = mkOption {
default = config.users.mysql.enable;
defaultText = literalExpression "config.users.mysql.enable";
type = types.bool;
description = ''
If set, the <literal>pam_mysql</literal> module will be used to
authenticate users against a MySQL/MariaDB database.
'';
};
fprintAuth = mkOption {
default = config.services.fprintd.enable;
defaultText = literalExpression "config.services.fprintd.enable";
@ -441,11 +451,13 @@ let
(
''
# Account management.
account required pam_unix.so
'' +
optionalString use_ldap ''
account sufficient ${pam_ldap}/lib/security/pam_ldap.so
'' +
optionalString cfg.mysqlAuth ''
account sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) ''
account sufficient ${pkgs.sssd}/lib/security/pam_sss.so
'' +
@ -459,7 +471,11 @@ let
account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so
'' +
# The required pam_unix.so module has to come after all the sufficient modules
# because otherwise, the account lookup will fail if the user does not exist
# locally, for example with MySQL- or LDAP-auth.
''
account required pam_unix.so
# Authentication management.
'' +
@ -475,6 +491,9 @@ let
optionalString cfg.logFailures ''
auth required pam_faillock.so
'' +
optionalString cfg.mysqlAuth ''
auth sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) ''
auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}
'' +
@ -572,6 +591,9 @@ let
optionalString use_ldap ''
password sufficient ${pam_ldap}/lib/security/pam_ldap.so
'' +
optionalString cfg.mysqlAuth ''
password sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString config.services.sssd.enable ''
password sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_authtok
'' +
@ -615,6 +637,9 @@ let
optionalString use_ldap ''
session optional ${pam_ldap}/lib/security/pam_ldap.so
'' +
optionalString cfg.mysqlAuth ''
session optional ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
'' +
optionalString config.services.sssd.enable ''
session optional ${pkgs.sssd}/lib/security/pam_sss.so
'' +
@ -1236,6 +1261,9 @@ in
optionalString (isEnabled (cfg: cfg.oathAuth)) ''
"mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so,
'' +
optionalString (isEnabled (cfg: cfg.mysqlAuth)) ''
mr ${pkgs.pam_mysql}/lib/security/pam_mysql.so,
'' +
optionalString (isEnabled (cfg: cfg.yubicoAuth)) ''
mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,
'' +

34
nixos/modules/services/backup/syncoid.nix
View file

@ -16,11 +16,11 @@ let
lib.concatMapStrings (s: if lib.isList s then "-" else s)
(builtins.split "[^a-zA-Z0-9_.\\-]+" name);
# Function to build "zfs allow" commands for the filesystems we've
# delegated permissions to. It also checks if the target dataset
# exists before delegating permissions, if it doesn't exist we
# delegate it to the parent dataset. This should solve the case of
# provisoning new datasets.
# Function to build "zfs allow" commands for the filesystems we've delegated
# permissions to. It also checks if the target dataset exists before
# delegating permissions, if it doesn't exist we delegate it to the parent
# dataset (if it exists). This should solve the case of provisoning new
# datasets.
buildAllowCommand = permissions: dataset: (
"-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS
@ -38,15 +38,17 @@ let
(concatStringsSep "," permissions)
dataset
]}
else
${lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs"
"allow"
cfg.user
(concatStringsSep "," permissions)
# Remove the last part of the path
(builtins.dirOf dataset)
]}
${lib.optionalString ((builtins.dirOf dataset) != ".") ''
else
${lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs"
"allow"
cfg.user
(concatStringsSep "," permissions)
# Remove the last part of the path
(builtins.dirOf dataset)
]}
''}
fi
''}"
);
@ -67,14 +69,14 @@ let
(concatStringsSep "," permissions)
dataset
]}
${lib.escapeShellArgs [
${lib.optionalString ((builtins.dirOf dataset) != ".") (lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs"
"unallow"
cfg.user
(concatStringsSep "," permissions)
# Remove the last part of the path
(builtins.dirOf dataset)
]}
])}
''}"
);
in

268
nixos/modules/services/cluster/patroni/default.nix Normal file
View file

@ -0,0 +1,268 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.patroni;
defaultUser = "patroni";
defaultGroup = "patroni";
format = pkgs.formats.yaml { };
#boto doesn't support python 3.10 yet
patroni = pkgs.patroni.override { pythonPackages = pkgs.python39Packages; };
configFileName = "patroni-${cfg.scope}-${cfg.name}.yaml";
configFile = format.generate configFileName cfg.settings;
in
{
options.services.patroni = {
enable = mkEnableOption "Patroni";
postgresqlPackage = mkOption {
type = types.package;
example = literalExpression "pkgs.postgresql_14";
description = mdDoc ''
PostgreSQL package to use.
Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`.
'';
};
postgresqlDataDir = mkOption {
type = types.path;
defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"'';
example = "/var/lib/postgresql/14";
default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}";
description = mdDoc ''
The data directory for PostgreSQL. If left as the default value
this directory will automatically be created before the PostgreSQL server starts, otherwise
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
and permissions.
'';
};
postgresqlPort = mkOption {
type = types.port;
default = 5432;
description = mdDoc ''
The port on which PostgreSQL listens.
'';
};
user = mkOption {
type = types.str;
default = defaultUser;
example = "postgres";
description = mdDoc ''
The user for the service. If left as the default value this user will automatically be created,
otherwise the sysadmin is responsible for ensuring the user exists.
'';
};
group = mkOption {
type = types.str;
default = defaultGroup;
example = "postgres";
description = mdDoc ''
The group for the service. If left as the default value this group will automatically be created,
otherwise the sysadmin is responsible for ensuring the group exists.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/patroni";
description = mdDoc ''
Folder where Patroni data will be written, used by Raft as well if enabled.
'';
};
scope = mkOption {
type = types.str;
example = "cluster1";
description = mdDoc ''
Cluster name.
'';
};
name = mkOption {
type = types.str;
example = "node1";
description = mdDoc ''
The name of the host. Must be unique for the cluster.
'';
};
namespace = mkOption {
type = types.str;
default = "/service";
description = mdDoc ''
Path within the configuration store where Patroni will keep information about the cluster.
'';
};
nodeIp = mkOption {
type = types.str;
example = "192.168.1.1";
description = mdDoc ''
IP address of this node.
'';
};
otherNodesIps = mkOption {
type = types.listOf types.string;
example = [ "192.168.1.2" "192.168.1.3" ];
description = mdDoc ''
IP addresses of the other nodes.
'';
};
restApiPort = mkOption {
type = types.port;
default = 8008;
description = mdDoc ''
The port on Patroni's REST api listens.
'';
};
raft = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
This will configure Patroni to use its own RAFT implementation instead of using a dedicated DCS.
'';
};
raftPort = mkOption {
type = types.port;
default = 5010;
description = mdDoc ''
The port on which RAFT listens.
'';
};
softwareWatchdog = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
This will configure Patroni to use the software watchdog built into the Linux kernel
as described in the [documentation](https://patroni.readthedocs.io/en/latest/watchdog.html#setting-up-software-watchdog-on-linux).
'';
};
settings = mkOption {
type = format.type;
default = { };
description = mdDoc ''
The primary patroni configuration. See the [documentation](https://patroni.readthedocs.io/en/latest/SETTINGS.html)
for possible values.
Secrets should be passed in by using the `environmentFiles` option.
'';
};
environmentFiles = mkOption {
type = with types; attrsOf (nullOr (oneOf [ str path package ]));
default = { };
example = {
PATRONI_REPLICATION_PASSWORD = "/secret/file";
PATRONI_SUPERUSER_PASSWORD = "/secret/file";
};
description = mdDoc "Environment variables made available to Patroni as files content, useful for providing secrets from files.";
};
};
config = mkIf cfg.enable {
services.patroni.settings = {
scope = cfg.scope;
name = cfg.name;
namespace = cfg.namespace;
restapi = {
listen = "${cfg.nodeIp}:${toString cfg.restApiPort}";
connect_address = "${cfg.nodeIp}:${toString cfg.restApiPort}";
};
raft = mkIf cfg.raft {
data_dir = "${cfg.dataDir}/raft";
self_addr = "${cfg.nodeIp}:5010";
partner_addrs = map (ip: ip + ":5010") cfg.otherNodesIps;
};
postgresql = {
listen = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
connect_address = "${cfg.nodeIp}:${toString cfg.postgresqlPort}";
data_dir = cfg.postgresqlDataDir;
bin_dir = "${cfg.postgresqlPackage}/bin";
pgpass = "${cfg.dataDir}/pgpass";
};
watchdog = mkIf cfg.softwareWatchdog {
mode = "required";
device = "/dev/watchdog";
safety_margin = 5;
};
};
users = {
users = mkIf (cfg.user == defaultUser) {
patroni = {
group = cfg.group;
isSystemUser = true;
};
};
groups = mkIf (cfg.group == defaultGroup) {
patroni = { };
};
};
systemd.services = {
patroni = {
description = "Runners to orchestrate a high-availability PostgreSQL";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${concatStringsSep "\n" (attrValues (mapAttrs (name: path: ''export ${name}="$(< ${escapeShellArg path})"'') cfg.environmentFiles))}
exec ${patroni}/bin/patroni ${configFile}
'';
serviceConfig = mkMerge [
{
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
TimeoutSec = 30;
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
KillMode = "process";
}
(mkIf (cfg.postgresqlDataDir == "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}" && cfg.dataDir == "/var/lib/patroni") {
StateDirectory = "patroni patroni/raft postgresql postgresql/${cfg.postgresqlPackage.psqlSchema}";
StateDirectoryMode = "0750";
})
];
};
};
boot.kernelModules = mkIf cfg.softwareWatchdog [ "softdog" ];
services.udev.extraRules = mkIf cfg.softwareWatchdog ''
KERNEL=="watchdog", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="0600"
'';
environment.systemPackages = [
patroni
cfg.postgresqlPackage
(mkIf cfg.raft pkgs.python310Packages.pysyncobj)
];
environment.etc."${configFileName}".source = configFile;
environment.sessionVariables = {
PATRONICTL_CONFIG_FILE = "/etc/${configFileName}";
};
};
meta.maintainers = [ maintainers.phfroidmont ];
}

1
nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json
View file

@ -10,6 +10,7 @@
},
"context.spa-libs": {
"audio.convert.*": "audioconvert/libspa-audioconvert",
"avb.*": "avb/libspa-avb",
"api.alsa.*": "alsa/libspa-alsa",
"api.v4l2.*": "v4l2/libspa-v4l2",
"api.libcamera.*": "libcamera/libspa-libcamera",

13
nixos/modules/services/monitoring/tuptime.nix
View file

@ -45,7 +45,7 @@ in {
services = {
tuptime = {
description = "the total uptime service";
description = "The total uptime service";
documentation = [ "man:tuptime(1)" ];
after = [ "time-sync.target" ];
wantedBy = [ "multi-user.target" ];
@ -59,10 +59,9 @@ in {
};
};
tuptime-oneshot = mkIf cfg.timer.enable {
description = "the tuptime scheduled execution unit";
tuptime-sync = mkIf cfg.timer.enable {
description = "Tuptime scheduled sync service";
serviceConfig = {
StateDirectory = "tuptime";
Type = "oneshot";
User = "_tuptime";
ExecStart = "${pkgs.tuptime}/bin/tuptime -x";
@ -70,8 +69,8 @@ in {
};
};
timers.tuptime = mkIf cfg.timer.enable {
description = "the tuptime scheduled execution timer";
timers.tuptime-sync = mkIf cfg.timer.enable {
description = "Tuptime scheduled sync timer";
# this timer should be started if the service is started
# even if the timer was previously stopped
wantedBy = [ "tuptime.service" "timers.target" ];
@ -80,7 +79,7 @@ in {
timerConfig = {
OnBootSec = "1min";
OnCalendar = cfg.timer.period;
Unit = "tuptime-oneshot.service";
Unit = "tuptime-sync.service";
};
};
};

15
nixos/modules/services/security/vault.nix
View file

@ -104,9 +104,9 @@ in
storagePath = mkOption {
type = types.nullOr types.path;
default = if cfg.storageBackend == "file" then "/var/lib/vault" else null;
default = if cfg.storageBackend == "file" || cfg.storageBackend == "raft" then "/var/lib/vault" else null;
defaultText = literalExpression ''
if config.${opt.storageBackend} == "file"
if config.${opt.storageBackend} == "file" || cfg.storageBackend == "raft"
then "/var/lib/vault"
else null
'';
@ -172,11 +172,16 @@ in
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.storageBackend == "inmem" -> (cfg.storagePath == null && cfg.storageConfig == null);
{
assertion = cfg.storageBackend == "inmem" -> (cfg.storagePath == null && cfg.storageConfig == null);
message = ''The "inmem" storage expects no services.vault.storagePath nor services.vault.storageConfig'';
}
{ assertion = (cfg.storageBackend == "file" -> (cfg.storagePath != null && cfg.storageConfig == null)) && (cfg.storagePath != null -> cfg.storageBackend == "file");
message = ''You must set services.vault.storagePath only when using the "file" backend'';
{
assertion = (
(cfg.storageBackend == "file" -> (cfg.storagePath != null && cfg.storageConfig == null)) &&
(cfg.storagePath != null -> (cfg.storageBackend == "file" || cfg.storageBackend == "raft"))
);
message = ''You must set services.vault.storagePath only when using the "file" or "raft" backend'';
}
];

49
nixos/modules/services/system/nscd.nix
View file

@ -27,6 +27,22 @@ in
'';
};
user = mkOption {
type = types.str;
default = "nscd";
description = ''
User account under which nscd runs.
'';
};
group = mkOption {
type = types.str;
default = "nscd";
description = ''
User group under which nscd runs.
'';
};
config = mkOption {
type = types.lines;
default = builtins.readFile ./nscd.conf;
@ -56,12 +72,20 @@ in
config = mkIf cfg.enable {
environment.etc."nscd.conf".text = cfg.config;
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
};
users.groups.${cfg.group} = {};
systemd.services.nscd =
{ description = "Name Service Cache Daemon";
before = [ "nss-lookup.target" "nss-user-lookup.target" ];
wants = [ "nss-lookup.target" "nss-user-lookup.target" ];
wantedBy = [ "multi-user.target" ];
requiredBy = [ "nss-lookup.target" "nss-user-lookup.target" ];
environment = { LD_LIBRARY_PATH = nssModulesPath; };
@ -69,18 +93,29 @@ in
config.environment.etc.hosts.source
config.environment.etc."nsswitch.conf".source
config.environment.etc."nscd.conf".source
] ++ optionals config.users.mysql.enable [
config.environment.etc."libnss-mysql.cfg".source
config.environment.etc."libnss-mysql-root.cfg".source
];
# We use DynamicUser because in default configurations nscd doesn't
# create any files that need to survive restarts. However, in some
# configurations, nscd needs to be started as root; it will drop
# privileges after all the NSS modules have read their configuration
# files. So prefix the ExecStart command with "!" to prevent systemd
# from dropping privileges early. See ExecStart in systemd.service(5).
# In some configurations, nscd needs to be started as root; it will
# drop privileges after all the NSS modules have read their
# configuration files. So prefix the ExecStart command with "!" to
# prevent systemd from dropping privileges early. See ExecStart in
# systemd.service(5). We use a static user, because some NSS modules
# sill want to read their configuration files after the privilege drop
# and so users can set the owner of those files to the nscd user.
serviceConfig =
{ ExecStart = "!@${cfg.package}/bin/nscd nscd";
Type = "forking";
DynamicUser = true;
User = cfg.user;
Group = cfg.group;
RemoveIPC = true;
PrivateTmp = true;
NoNewPrivileges = true;
RestrictSUIDSGID = true;
ProtectSystem = "strict";
ProtectHome = "read-only";
RuntimeDirectory = "nscd";
PIDFile = "/run/nscd/nscd.pid";
Restart = "always";

2
nixos/tests/all-tests.nix
View file

@ -41,6 +41,7 @@ in {
apparmor = handleTest ./apparmor.nix {};
atd = handleTest ./atd.nix {};
atop = handleTest ./atop.nix {};
auth-mysql = handleTest ./auth-mysql.nix {};
avahi = handleTest ./avahi.nix {};
avahi-with-resolved = handleTest ./avahi.nix { networkd = true; };
babeld = handleTest ./babeld.nix {};
@ -417,6 +418,7 @@ in {
pam-u2f = handleTest ./pam/pam-u2f.nix {};
pam-ussh = handleTest ./pam/pam-ussh.nix {};
pass-secret-service = handleTest ./pass-secret-service.nix {};
patroni = handleTest ./patroni.nix {};
pantalaimon = handleTest ./matrix/pantalaimon.nix {};
pantheon = handleTest ./pantheon.nix {};
paperless = handleTest ./paperless.nix {};

177
nixos/tests/auth-mysql.nix Normal file
View file

@ -0,0 +1,177 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
dbUser = "nixos_auth";
dbPassword = "topsecret123";
dbName = "auth";
mysqlUsername = "mysqltest";
mysqlPassword = "topsecretmysqluserpassword123";
mysqlGroup = "mysqlusers";
localUsername = "localtest";
localPassword = "topsecretlocaluserpassword123";
mysqlInit = pkgs.writeText "mysqlInit" ''
CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${dbPassword}';
CREATE DATABASE ${dbName};
GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost';
FLUSH PRIVILEGES;
USE ${dbName};
CREATE TABLE `groups` (
rowid int(11) NOT NULL auto_increment,
gid int(11) NOT NULL,
name char(255) NOT NULL,
PRIMARY KEY (rowid)
);
CREATE TABLE `users` (
name varchar(255) NOT NULL,
uid int(11) NOT NULL auto_increment,
gid int(11) NOT NULL,
password varchar(255) NOT NULL,
PRIMARY KEY (uid),
UNIQUE (name)
) AUTO_INCREMENT=5000;
INSERT INTO `users` (name, uid, gid, password) VALUES
('${mysqlUsername}', 5000, 5000, SHA2('${mysqlPassword}', 256));
INSERT INTO `groups` (name, gid) VALUES ('${mysqlGroup}', 5000);
'';
in
{
name = "auth-mysql";
meta.maintainers = with lib.maintainers; [ netali ];
nodes.machine =
{ ... }:
{
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings.mysqld.bind-address = "127.0.0.1";
initialScript = mysqlInit;
};
users.users.${localUsername} = {
isNormalUser = true;
password = localPassword;
};
security.pam.services.login.makeHomeDir = true;
users.mysql = {
enable = true;
host = "127.0.0.1";
user = dbUser;
database = dbName;
passwordFile = "${builtins.toFile "dbPassword" dbPassword}";
pam = {
table = "users";
userColumn = "name";
passwordColumn = "password";
passwordCrypt = "sha256";
disconnectEveryOperation = true;
};
nss = {
getpwnam = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users \
WHERE name='%1$s' \
LIMIT 1
'';
getpwuid = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users \
WHERE id=%1$u \
LIMIT 1
'';
getspnam = ''
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
FROM users \
WHERE name='%1$s' \
LIMIT 1
'';
getpwent = ''
SELECT name, 'x', uid, gid, name, CONCAT('/home/', name), "/run/current-system/sw/bin/bash" \
FROM users
'';
getspent = ''
SELECT name, password, 1, 0, 99999, 7, 0, -1, 0 \
FROM users
'';
getgrnam = ''
SELECT name, 'x', gid FROM groups WHERE name='%1$s' LIMIT 1
'';
getgrgid = ''
SELECT name, 'x', gid FROM groups WHERE gid='%1$u' LIMIT 1
'';
getgrent = ''
SELECT name, 'x', gid FROM groups
'';
memsbygid = ''
SELECT name FROM users WHERE gid=%1$u
'';
gidsbymem = ''
SELECT gid FROM users WHERE name='%1$s'
'';
};
};
};
testScript = ''
def switch_to_tty(tty_number):
machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'")
machine.send_key(f"alt-f{tty_number}")
machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]")
machine.wait_for_unit(f"getty@tty{tty_number}.service")
machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'")
def try_login(tty_number, username, password):
machine.wait_until_tty_matches(tty_number, "login: ")
machine.send_chars(f"{username}\n")
machine.wait_until_tty_matches(tty_number, f"login: {username}")
machine.wait_until_succeeds("pgrep login")
machine.wait_until_tty_matches(tty_number, "Password: ")
machine.send_chars(f"{password}\n")
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("mysql.service")
machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
with subtest("Local login"):
switch_to_tty("2")
try_login("2", "${localUsername}", "${localPassword}")
machine.wait_until_succeeds("pgrep -u ${localUsername} bash")
machine.send_chars("id > local_id.txt\n")
machine.wait_for_file("/home/${localUsername}/local_id.txt")
machine.succeed("cat /home/${localUsername}/local_id.txt | grep 'uid=1000(${localUsername}) gid=100(users) groups=100(users)'")
with subtest("Local incorrect login"):
switch_to_tty("3")
try_login("3", "${localUsername}", "wrongpassword")
machine.wait_until_tty_matches("3", "Login incorrect")
machine.wait_until_tty_matches("3", "login:")
with subtest("MySQL login"):
switch_to_tty("4")
try_login("4", "${mysqlUsername}", "${mysqlPassword}")
machine.wait_until_succeeds("pgrep -u ${mysqlUsername} bash")
machine.send_chars("id > mysql_id.txt\n")
machine.wait_for_file("/home/${mysqlUsername}/mysql_id.txt")
machine.succeed("cat /home/${mysqlUsername}/mysql_id.txt | grep 'uid=5000(${mysqlUsername}) gid=5000(${mysqlGroup}) groups=5000(${mysqlGroup})'")
with subtest("MySQL incorrect login"):
switch_to_tty("5")
try_login("5", "${mysqlUsername}", "wrongpassword")
machine.wait_until_tty_matches("5", "Login incorrect")
machine.wait_until_tty_matches("5", "login:")
'';
})

204
nixos/tests/patroni.nix Normal file
View file

@ -0,0 +1,204 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
nodesIps = [
"192.168.1.1"
"192.168.1.2"
"192.168.1.3"
];
createNode = index: { pkgs, ... }:
let
ip = builtins.elemAt nodesIps index; # since we already use IPs to identify servers
in
{
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = ip; prefixLength = 16; }
];
networking.firewall.allowedTCPPorts = [ 5432 8008 5010 ];
environment.systemPackages = [ pkgs.jq ];
services.patroni = {
enable = true;
postgresqlPackage = pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate ]);
scope = "cluster1";
name = "node${toString(index + 1)}";
nodeIp = ip;
otherNodesIps = builtins.filter (h: h != ip) nodesIps;
softwareWatchdog = true;
settings = {
bootstrap = {
dcs = {
ttl = 30;
loop_wait = 10;
retry_timeout = 10;
maximum_lag_on_failover = 1048576;
};
initdb = [
{ encoding = "UTF8"; }
"data-checksums"
];
};
postgresql = {
use_pg_rewind = true;
use_slots = true;
authentication = {
replication = {
username = "replicator";
};
superuser = {
username = "postgres";
};
rewind = {
username = "rewind";
};
};
parameters = {
listen_addresses = "${ip}";
wal_level = "replica";
hot_standby_feedback = "on";
unix_socket_directories = "/tmp";
};
pg_hba = [
"host replication replicator 192.168.1.0/24 md5"
# Unsafe, do not use for anything other than tests
"host all all 0.0.0.0/0 trust"
];
};
etcd3 = {
host = "192.168.1.4:2379";
};
};
environmentFiles = {
PATRONI_REPLICATION_PASSWORD = pkgs.writeText "replication-password" "postgres";
PATRONI_SUPERUSER_PASSWORD = pkgs.writeText "superuser-password" "postgres";
PATRONI_REWIND_PASSWORD = pkgs.writeText "rewind-password" "postgres";
};
};
# We always want to restart so the tests never hang
systemd.services.patroni.serviceConfig.StartLimitIntervalSec = 0;
};
in
{
name = "patroni";
nodes = {
node1 = createNode 0;
node2 = createNode 1;
node3 = createNode 2;
etcd = { pkgs, ... }: {
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.1.4"; prefixLength = 16; }
];
services.etcd = {
enable = true;
listenClientUrls = [ "http://192.168.1.4:2379" ];
};
networking.firewall.allowedTCPPorts = [ 2379 ];
};
client = { pkgs, ... }: {
environment.systemPackages = [ pkgs.postgresql_14 ];
networking.interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.2.1"; prefixLength = 16; }
];
services.haproxy = {
enable = true;
config = ''
global
maxconn 100
defaults
log global
mode tcp
retries 2
timeout client 30m
timeout connect 4s
timeout server 30m
timeout check 5s
listen cluster1
bind 127.0.0.1:5432
option httpchk
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
${builtins.concatStringsSep "\n" (map (ip: "server postgresql_${ip}_5432 ${ip}:5432 maxconn 100 check port 8008") nodesIps)}
'';
};
};
};
testScript = ''
nodes = [node1, node2, node3]
def wait_for_all_nodes_ready(expected_replicas=2):
booted_nodes = filter(lambda node: node.booted, nodes)
for node in booted_nodes:
print(node.succeed("patronictl list cluster1"))
node.wait_until_succeeds(f"[ $(patronictl list -f json cluster1 | jq 'length') == {expected_replicas + 1} ]")
node.wait_until_succeeds("[ $(patronictl list -f json cluster1 | jq 'map(select(.Role | test(\"^Leader$\"))) | map(select(.State | test(\"^running$\"))) | length') == 1 ]")
node.wait_until_succeeds(f"[ $(patronictl list -f json cluster1 | jq 'map(select(.Role | test(\"^Replica$\"))) | map(select(.State | test(\"^running$\"))) | length') == {expected_replicas} ]")
print(node.succeed("patronictl list cluster1"))
client.wait_until_succeeds("psql -h 127.0.0.1 -U postgres --command='select 1;'")
def run_dummy_queries():
client.succeed("psql -h 127.0.0.1 -U postgres --pset='pager=off' --tuples-only --command='insert into dummy(val) values (101);'")
client.succeed("test $(psql -h 127.0.0.1 -U postgres --pset='pager=off' --tuples-only --command='select val from dummy where val = 101;') -eq 101")
client.succeed("psql -h 127.0.0.1 -U postgres --pset='pager=off' --tuples-only --command='delete from dummy where val = 101;'")
start_all()
with subtest("should bootstrap a new patroni cluster"):
wait_for_all_nodes_ready()
with subtest("should be able to insert and select"):
client.succeed("psql -h 127.0.0.1 -U postgres --command='create table dummy as select * from generate_series(1, 100) as val;'")
client.succeed("test $(psql -h 127.0.0.1 -U postgres --pset='pager=off' --tuples-only --command='select count(distinct val) from dummy;') -eq 100")
with subtest("should restart after all nodes are crashed"):
for node in nodes:
node.crash()
for node in nodes:
node.start()
wait_for_all_nodes_ready()
with subtest("should be able to run queries while any one node is crashed"):
masterNodeName = node1.succeed("patronictl list -f json cluster1 | jq '.[] | select(.Role | test(\"^Leader$\")) | .Member' -r").strip()
masterNodeIndex = int(masterNodeName[len(masterNodeName)-1]) - 1
# Move master node at the end of the list to avoid multiple failovers (makes the test faster and more consistent)
nodes.append(nodes.pop(masterNodeIndex))
for node in nodes:
node.crash()
wait_for_all_nodes_ready(1)
# Execute some queries while a node is down.
run_dummy_queries()
# Restart crashed node.
node.start()
wait_for_all_nodes_ready()
# Execute some queries with the node back up.
run_dummy_queries()
'';
})

4
nixos/tests/powerdns.nix
View file

@ -47,7 +47,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
with subtest("Adding an example zone works"):
# Extract configuration file needed by pdnsutil
unit = server.succeed("systemctl cat pdns")
conf = re.search("(--config-dir=[^ ]+)", unit).group(1)
match = re.search("(--config-dir=[^ ]+)", unit)
assert(match is not None)
conf = match.group(1)
pdnsutil = "sudo -u pdns pdnsutil " + conf
server.succeed(f"{pdnsutil} create-zone example.com ns1.example.com")
server.succeed(f"{pdnsutil} add-record example.com ns1 A 192.168.1.2")

6
nixos/tests/sanoid.nix
View file

@ -48,6 +48,9 @@ in {
};
# Take snapshot and sync
"pool/syncoid".target = "root@target:pool/syncoid";
# Test pool without parent (regression test for https://github.com/NixOS/nixpkgs/pull/180111)
"pool".target = "root@target:pool/full-pool";
};
};
};
@ -105,6 +108,9 @@ in {
source.systemctl("start --wait syncoid-pool-syncoid.service")
target.succeed("cat /mnt/pool/syncoid/test.txt")
source.systemctl("start --wait syncoid-pool.service")
target.succeed("[[ -d /mnt/pool/full-pool/syncoid ]]")
assert len(source.succeed("zfs allow pool")) == 0, "Pool shouldn't have delegated permissions set after syncing snapshots"
assert len(source.succeed("zfs allow pool/sanoid")) == 0, "Sanoid dataset shouldn't have delegated permissions set after syncing snapshots"
assert len(source.succeed("zfs allow pool/syncoid")) == 0, "Syncoid dataset shouldn't have delegated permissions set after syncing snapshots"

20
nixos/tests/systemd-machinectl.nix
View file

@ -33,12 +33,12 @@ import ./make-test-python.nix (
networking.useNetworkd = true;
networking.useDHCP = false;
# open DHCP server on interface to container
networking.firewall.trustedInterfaces = [ "ve-+" ];
# do not try to access cache.nixos.org
nix.settings.substituters = lib.mkForce [ ];
# auto-start container
systemd.targets.machines.wants = [ "systemd-nspawn@${containerName}.service" ];
virtualisation.additionalPaths = [ containerSystem ];
};
@ -59,6 +59,12 @@ import ./make-test-python.nix (
machine.succeed("machinectl start ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test nss_mymachines without nscd
machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}');
# Test nss_mymachines via nscd
machine.succeed("getent hosts ${containerName}");
# Test systemd-nspawn network configuration
machine.succeed("ping -n -c 1 ${containerName}");
@ -73,6 +79,14 @@ import ./make-test-python.nix (
machine.succeed("machinectl reboot ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Restart machine
machine.shutdown()
machine.start()
machine.wait_for_unit("default.target");
# Test auto-start
machine.succeed("machinectl show ${containerName}")
# Test machinectl stop
machine.succeed("machinectl stop ${containerName}");
machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive");

1686
pkgs/applications/audio/netease-cloud-music-gtk/cargo-lock.patch
View file

File diff suppressed because it is too large Load diff

82
pkgs/applications/audio/netease-cloud-music-gtk/default.nix
View file

@ -1,60 +1,78 @@
{ lib
, stdenv
, glib
, gtk3
, curl
, dbus
, openssl
, gst_all_1
, pkg-config
, rustPlatform
, wrapGAppsHook
, fetchurl
, fetchFromGitHub
, rustPlatform
, meson
, ninja
, pkg-config
, glib
, gtk4
, appstream-glib
, desktop-file-utils
, libxml2
, wrapGAppsHook4
, openssl
, dbus
, libadwaita
, gst_all_1
, Foundation
, SystemConfiguration
}:
rustPlatform.buildRustPackage rec {
stdenv.mkDerivation rec {
pname = "netease-cloud-music-gtk";
version = "1.2.2";
version = "2.0.1";
src = fetchFromGitHub {
owner = "gmg137";
repo = "netease-cloud-music-gtk";
repo = pname;
rev = version;
sha256 = "sha256-42MaylfG5LY+TiYHWQMoh9CiVLShKXSBpMrxdWhujow=";
hash = "sha256-dlJZvmfw9+cavAysxVzCekgPdygg5zbU3ZR5BOjPk08=";
};
patches = [ ./cargo-lock.patch ];
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src patches;
hash = "sha256-mJyjWEBsLhHwJCeZyRdby/K/jse0F9UBwfQxkNtZito=";
};
cargoSha256 = "sha256-A9wIcESdaJwLY4g/QlOxMU5PBB9wjvIzaXBSqeiRJBM=";
cargoPatches = [ ./cargo-lock.patch ];
nativeBuildInputs = [
glib
gtk3
dbus
meson
ninja
pkg-config
wrapGAppsHook
];
glib # glib-compile-resources
gtk4 # gtk4-update-icon-cache
appstream-glib # appstream-util
desktop-file-utils # update-desktop-database
libxml2 # xmllint
wrapGAppsHook4
] ++ (with rustPlatform; [
cargoSetupHook
rust.cargo
rust.rustc
]);
buildInputs = [
glib
gtk3
curl
dbus
openssl
dbus
libadwaita
] ++ (with gst_all_1; [
gstreamer
gst-plugins-base
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
]);
postPatch = ''
install -D netease-cloud-music-gtk.desktop $out/share/applications/netease-cloud-music-gtk.desktop
install -D icons/netease-cloud-music-gtk.svg $out/share/icons/hicolor/scalable/apps/netease-cloud-music-gtk.svg
'';
]) ++ lib.optionals stdenv.isDarwin [
Foundation
SystemConfiguration
];
meta = with lib; {
description = "netease-cloud-music-gtk is a Rust + GTK based netease cloud music player";
description = "A Rust + GTK based netease cloud music player";
homepage = "https://github.com/gmg137/netease-cloud-music-gtk";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ diffumist ];
mainProgram = "netease-cloud-music-gtk4";
};
}

2
pkgs/applications/audio/netease-cloud-music-gtk/update-cargo-lock.sh
View file

@ -6,7 +6,7 @@
set -eu -vx
here=$PWD
version=$(cat default.nix | rg '^ version = "' | cut -d '"' -f 2)
version=$(rg '^ version = "' default.nix | cut -d '"' -f 2)
checkout=$(mktemp -d)
git clone -b "$version" --depth=1 https://github.com/gmg137/netease-cloud-music-gtk "$checkout"

4
pkgs/applications/editors/micro/default.nix
View file

@ -24,6 +24,10 @@ buildGoModule rec {
"-X ${t}/util.CommitHash=${src.rev}"
];
preBuild = ''
go generate ./runtime
'';
postInstall = ''
installManPage assets/packaging/micro.1
install -Dt $out/share/applications assets/packaging/micro.desktop

4
pkgs/applications/editors/vim/common.nix
View file

@ -1,12 +1,12 @@
{ lib, fetchFromGitHub }:
rec {
version = "9.0.0115";
version = "9.0.0135";
src = fetchFromGitHub {
owner = "vim";
repo = "vim";
rev = "v${version}";
sha256 = "sha256-McotjgjN+ze1jdaAxkdJGTqIIIuOlHENriHdMrYSf5w=";
sha256 = "sha256-xAIfGNJIPO9XoSbAQTRa36Tjln3y+oWQk0lADCnL25g=";
};
enableParallelBuilding = true;

4
pkgs/applications/gis/gmt/dcw.nix
View file

@ -2,10 +2,10 @@
stdenv.mkDerivation rec {
pname = "dcw-gmt";
version = "2.1.0";
version = "2.1.1";
src = fetchurl {
url = "ftp://ftp.soest.hawaii.edu/gmt/dcw-gmt-${version}.tar.gz";
sha256 = "sha256-6BBWfNR01a+dhHUZOKy0R6hhI5HtZhkNYNeJl0ofnik=";
sha256 = "sha256-q3LIJTB2OAyEd6EiU3C8QfSv+BHCjS9k11BS/z2QA68=";
};
installPhase = ''

2
pkgs/applications/graphics/epick/default.nix
View file

@ -22,7 +22,7 @@ rustPlatform.buildRustPackage rec {
owner = "vv9k";
repo = pname;
rev = version;
sha256 = "sha256-JSKenJEM+FUk/2BtAstIhJ26kFBRDvvFAlBsb0ltUsY=";
sha256 = "sha256-BrJkG1OYpkAfBYUfLn/CNDBc0n1tW5OLnpobkPABQow=";
};
cargoSha256 = "sha256-hFay+XL2oqA7SC+I3wlrzhUmUitO2vbeqfoArU9Jsp4=";

2
pkgs/applications/graphics/geeqie/default.nix
View file

@ -6,7 +6,7 @@
stdenv.mkDerivation rec {
pname = "geeqie";
version = "1.7.3";
version = "2.0.1";
src = fetchFromGitHub {
owner = "BestImageViewer";

3
pkgs/applications/graphics/image-roll/default.nix
View file

@ -27,6 +27,9 @@ rustPlatform.buildRustPackage rec {
checkFlags = [
# fails in the sandbox
"--skip=file_list::tests"
# sometimes fails on darwin
"image_list::tests::save_current_image_overwrites_image_at_current_image_path_when_filename_is_set_to_none"
];
postInstall = ''

3
pkgs/applications/kde/messagelib.nix
View file

@ -1,5 +1,6 @@
{
mkDerivation, lib, kdepimTeam,
cmake_3_23,
extra-cmake-modules, kdoctools,
akonadi, akonadi-mime, akonadi-notes, akonadi-search, gpgme, grantlee,
grantleetheme, karchive, kcodecs, kconfig, kconfigwidgets, kcontacts,
@ -14,7 +15,7 @@ mkDerivation {
license = with lib.licenses; [ gpl2 lgpl21 fdl12 ];
maintainers = kdepimTeam;
};
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
nativeBuildInputs = [ (extra-cmake-modules.override { cmake = cmake_3_23; }) kdoctools ];
buildInputs = [
akonadi-notes akonadi-search gpgme grantlee grantleetheme karchive kcodecs
kconfig kconfigwidgets kiconthemes kio kjobwidgets kldap

8
pkgs/applications/misc/cura/default.nix
View file

@ -3,20 +3,20 @@
mkDerivation rec {
pname = "cura";
version = "4.12.1";
version = "4.13.1";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "Cura";
rev = version;
sha256 = "sha256-QvX9o1nrYmY6zzPcxl+xD6JTMdphzT/is1SMYrISu4o=";
sha256 = "sha256-R88SdAxx3tkQCDInrFTKad1tPSDTSYaVAPUVmdk94Xk=";
};
materials = fetchFromGitHub {
owner = "Ultimaker";
repo = "fdm_materials";
rev = version;
sha256 = "0ykf14j4yx4cf12qw0d4bff9ixrx96m6wxqvi83sn721y7dsd2rs";
rev = "4.13.2";
sha256 = "sha256-7y4OcbeQHv+loJ4cMgPU0e818Zsv90EwARdztNWS8zM=";
};
buildInputs = [ qtbase qtquickcontrols2 qtgraphicaleffects ];

4
pkgs/applications/misc/free42/default.nix
View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "free42";
version = "3.0.13";
version = "3.0.14";
src = fetchFromGitHub {
owner = "thomasokken";
repo = pname;
rev = "v${version}";
hash = "sha256-0CFDkGUV9dihshYbjc0JL0axBcW499mt13xxdfO31vg=";
hash = "sha256-Jx+MLItr+rIGfzJdQku1pRXaIldfrpG3vfOhjebSIZA=";
};
nativeBuildInputs = [

4
pkgs/applications/misc/k4dirstat/default.nix
View file

@ -13,13 +13,13 @@
mkDerivation rec {
pname = "k4dirstat";
version = "3.4.0";
version = "3.4.2";
src = fetchFromGitHub {
owner = "jeromerobert";
repo = pname;
rev = version;
hash = "sha256-+JhMSatgCunzxIVSYIzt1L7O36LYbcFw7vmokgNffPY=";
hash = "sha256-nedtCa3h62pAmJYGIYp9jkNYiqe9WevVjwNAqVaaFuc=";
};
nativeBuildInputs = [ extra-cmake-modules ];

8
pkgs/applications/misc/octoprint/default.nix
View file

@ -54,14 +54,14 @@ let
self: super: {
octoprint-pisupport = self.buildPythonPackage rec {
pname = "OctoPrint-PiSupport";
version = "2022.3.28";
version = "2022.6.13";
format = "setuptools";
src = fetchFromGitHub {
owner = "OctoPrint";
repo = "OctoPrint-PiSupport";
rev = version;
sha256 = "yzE/jz604nX/CHcW3aa7goH1ey8qZ7rLw31SMfNKJZM=";
sha256 = "sha256-3z5Btl287W3j+L+MQG8FOWt21smML0vpmu9BP48B9A0=";
};
# requires octoprint itself during tests
@ -74,13 +74,13 @@ let
self: super: {
octoprint = self.buildPythonPackage rec {
pname = "OctoPrint";
version = "1.8.1";
version = "1.8.2";
src = fetchFromGitHub {
owner = "OctoPrint";
repo = "OctoPrint";
rev = version;
sha256 = "sha256-9phB9B8y3ay1Bsvf/m/E9xdl7vmQur4qbWOw9v6KFak=";
sha256 = "sha256-uJuGeDS4TnGH1r+6oHtcJDZVGM7hDmkJpB35B1JtqQ0=";
};
propagatedBuildInputs = with super; [

7
pkgs/applications/misc/p2pool/default.nix
View file

@ -1,5 +1,6 @@
{ stdenv
, cmake
, curl
, fetchFromGitHub
, gss
, hwloc
@ -14,18 +15,18 @@
stdenv.mkDerivation rec {
pname = "p2pool";
version = "2.1";
version = "2.2.1";
src = fetchFromGitHub {
owner = "SChernykh";
repo = "p2pool";
rev = "v${version}";
sha256 = "sha256-cpBMzYLcU93GXYkBhUdoRovjQ2hd1+pAt6d9aAOaZT8=";
sha256 = "sha256-iDswjKDGii1OnMmdhiisbwuWjs7omNOF+tubJLs69qY=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ libuv zeromq libsodium gss hwloc openssl ];
buildInputs = [ libuv zeromq libsodium gss hwloc openssl curl ];
installPhase = ''
runHook preInstall

5
pkgs/applications/misc/prusa-slicer/default.nix
View file

@ -126,6 +126,11 @@ stdenv.mkDerivation rec {
# Since version 2.5.0 of nlopt we need to link to libnlopt, as libnlopt_cxx
# now seems to be integrated into the main lib.
sed -i 's|nlopt_cxx|nlopt|g' cmake/modules/FindNLopt.cmake
# Disable test_voronoi.cpp as the assembler hangs during build,
# likely due to commit e682dd84cff5d2420fcc0a40508557477f6cc9d3
# See issue #185808 for details.
sed -i 's|test_voronoi.cpp||g' tests/libslic3r/CMakeLists.txt
'';
src = fetchFromGitHub {

75
pkgs/applications/misc/swaynotificationcenter/default.nix
View file

@ -1,25 +1,29 @@
{ lib
, stdenv
, fetchFromGitHub
, testers
, wrapGAppsHook
, bash-completion
, dbus
, dbus-glib
, fish
, gdk-pixbuf
, glib
, gobject-introspection
, gtk-layer-shell
, gtk3
, json-glib
, libhandy
, librsvg
, meson
, ninja
, pkg-config
, scdoc
, vala
, gtk3
, glib
, gtk-layer-shell
, dbus
, dbus-glib
, json-glib
, librsvg
, libhandy
, gobject-introspection
, gdk-pixbuf
, wrapGAppsHook
, xvfb-run
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: rec {
pname = "SwayNotificationCenter";
version = "0.6.3";
@ -30,15 +34,54 @@ stdenv.mkDerivation rec {
hash = "sha256-79Kda2Mi2r38f0J12bRm9wbHiZCy9+ojPDxwlFG8EYw=";
};
nativeBuildInputs = [ gobject-introspection meson ninja pkg-config scdoc vala wrapGAppsHook ];
nativeBuildInputs = [
bash-completion
# cmake # currently conflicts with meson
fish
glib
gobject-introspection
meson
ninja
pkg-config
scdoc
vala
wrapGAppsHook
];
buildInputs = [ dbus dbus-glib gdk-pixbuf glib gtk-layer-shell gtk3 json-glib libhandy librsvg ];
buildInputs = [
dbus
dbus-glib
gdk-pixbuf
glib
gtk-layer-shell
gtk3
json-glib
libhandy
librsvg
# systemd # ends with broken permission
];
# Fix-Me: Broken in 0.6.3, but fixed on master. Enable on next release. Requires python3 in nativeBuildInputs.
# postPatch = ''
# chmod +x build-aux/meson/postinstall.py
# patchShebangs build-aux/meson/postinstall.py
# '';
# Remove past 0.6.3
postInstall = ''
glib-compile-schemas "$out"/share/glib-2.0/schemas
'';
passthru.tests.version = testers.testVersion {
package = finalAttrs.finalPackage;
command = "${xvfb-run}/bin/xvfb-run swaync --version";
};
meta = with lib; {
description = "Simple notification daemon with a GUI built for Sway";
homepage = "https://github.com/ErikReider/SwayNotificationCenter";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = [ maintainers.berbiche ];
maintainers = with maintainers; [ berbiche pedrohlc ];
};
}
})

18
pkgs/applications/networking/browsers/chromium/upstream-info.json
View file

@ -19,9 +19,9 @@
}
},
"beta": {
"version": "105.0.5195.19",
"sha256": "08wap1v2qjx8nzd8sbiv24vx0vdc2dhlzrlv3g4zpm2qj7l4mki7",
"sha256bin64": "15rhslgq77wiwiycf6m89vi3f5vry286b7kqfk0v5ibmcsf6clgf",
"version": "105.0.5195.28",
"sha256": "14hy1f59ypsvqmrp0k4kv5cfcw48dizw4nkmigaxxv4bnmpwlcy1",
"sha256bin64": "0rgv1r94z91khzwmf1scnnsz9yqks6ygicl7bdsdbckw69njq91z",
"deps": {
"gn": {
"version": "2022-07-11",
@ -32,15 +32,15 @@
}
},
"dev": {
"version": "106.0.5216.6",
"sha256": "1mgdzm5iw0ml9w68wszcscw0d3l2rlsanhznyz2ll2qv412wxgci",
"sha256bin64": "02kj2swqfvcvn27x22i98g7r0fj4p20bqcabagigxs1bhxw56akc",
"version": "106.0.5231.2",
"sha256": "0cygann80jmc2vk83kpc7kprhw75yf7qqfi1208ksyp6m94cxnp6",
"sha256bin64": "1p7hq5vsmwgkyjam7blm1gxa246dg5plhk2f0vbvlnycwj54cvjm",
"deps": {
"gn": {
"version": "2022-07-11",
"version": "2022-08-08",
"url": "https://gn.googlesource.com/gn",
"rev": "9ef321772ecc161937db69acb346397e0ccc484d",
"sha256": "0j85kgf8c1psys6kfsq5mph8n80hcbzhr7d2blqiiysmjj0wc6ng"
"rev": "3d773bba0927e67eae8fdaee5e28b0f6203d3bee",
"sha256": "1pfv6iq04r5lbg5b6xa6d5vn6mzyqksmspris7cgq5lihwq825ld"
}
}
},

94
pkgs/applications/networking/browsers/ladybird/default.nix Normal file
View file

@ -0,0 +1,94 @@
{ lib
, gcc11Stdenv
, fetchFromGitHub
, cmake
, ninja
, unzip
, wrapQtAppsHook
, makeWrapper
, qtbase
, qttools
}:
let serenity = fetchFromGitHub {
owner = "SerenityOS";
repo = "serenity";
rev = "094ba6525f0217f3b8d5e467cef326caeb659e8a";
hash = "sha256-IHXe2Td9iRSL1oQVwL2gZHxEM2ID4SghZwK6ewjFV1Y=";
};
in gcc11Stdenv.mkDerivation {
pname = "ladybird";
version = "unstable-2022-07-20";
# Remember to update `serenity` too!
src = fetchFromGitHub {
owner = "awesomekling";
repo = "ladybird";
rev = "9e3a1f47d484cee6f23c4dae6c51750af155a8fc";
hash = "sha256-1cPWpPvjM/VcVUEf2k+MvGvTgZ3Fc4LFHZCLh1wU78Y=";
};
nativeBuildInputs = [
cmake
ninja
unzip
wrapQtAppsHook
makeWrapper
];
buildInputs = [
qtbase
];
cmakeFlags = [
"-DSERENITY_SOURCE_DIR=${serenity}"
# Disable network operations
"-DENABLE_TIME_ZONE_DATABASE_DOWNLOAD=false"
"-DENABLE_UNICODE_DATABASE_DOWNLOAD=false"
];
NIX_CFLAGS_COMPILE = [ "-Wno-error" ];
# Upstream install rules are missing
# https://github.com/awesomekling/ladybird/issues/36
installPhase = ''
runHook preInstall
install -Dm755 ladybird $out/bin/ladybird
mkdir -p $out/lib/ladybird
cp -d _deps/lagom-build/*.so* $out/lib/ladybird/
runHook postInstall
'';
# Patch rpaths
# https://github.com/awesomekling/ladybird/issues/36
preFixup = ''
for f in $out/bin/ladybird $out/lib/ladybird/*.so; do
old_rpath=$(patchelf --print-rpath "$f")
# Remove reference to libraries from build directory
rpath_without_build=$(sed -e 's@[^:]*/_deps/lagom-build:@@g' <<< $old_rpath)
# Add directory where we install those libraries
new_rpath=$out/lib/ladybird:$rpath_without_build
patchelf --set-rpath "$new_rpath" "$f"
done
'';
# According to the readme, the program needs access to the serenity sources
# at runtime
postFixup = ''
wrapProgram $out/bin/ladybird --set SERENITY_SOURCE_DIR "${serenity}"
'';
# Stripping results in a symbol lookup error
dontStrip = true;
meta = with lib; {
description = "A browser using the SerenityOS LibWeb engine with a Qt GUI";
homepage = "https://github.com/awesomekling/ladybird";
license = licenses.bsd2;
maintainers = with maintainers; [ fgaz ];
# SerenityOS only works on x86, and can only be built on unix systems.
# We also use patchelf in preFixup, so we restrict that to linux only.
platforms = [ "x86_64-linux" "i686-linux" ];
};
}

4
pkgs/applications/networking/cluster/docker-machine/default.nix
View file

@ -3,7 +3,7 @@
buildGoPackage rec {
pname = "machine";
version = "0.16.1";
version = "0.16.2";
goPackagePath = "github.com/docker/machine";
@ -11,7 +11,7 @@ buildGoPackage rec {
rev = "v${version}";
owner = "docker";
repo = "machine";
sha256 = "0xxzxi5v7ji9j2k7kxhi0ah91lfa7b9rg3nywgx0lkv8dlgp8kmy";
sha256 = "sha256-Mo2OGpem3p6hCNJ46+RH3BfC7kmKB4yk4Vzo38K88UM=";
};
nativeBuildInputs = [ installShellFiles ];

6
pkgs/applications/networking/cluster/glooctl/default.nix
View file

@ -2,17 +2,17 @@
buildGoModule rec {
pname = "glooctl";
version = "1.12.3";
version = "1.12.6";
src = fetchFromGitHub {
owner = "solo-io";
repo = "gloo";
rev = "v${version}";
hash = "sha256-0neq2EjlHddjLHyNlnqFjXCZpv8r7DGMeYNCzJUEFFg=";
hash = "sha256-g2cKT3ZTLYFBCw3xlcuB2qZ6MTV7qBfN7sieenFUeMM=";
};
subPackages = [ "projects/gloo/cli/cmd" ];
vendorSha256 = "sha256-1FbcNgTD5+YI29LOmkJMjhE+MnxrKmomTKK4DgyXCws=";
vendorSha256 = "sha256-wY0f9RUe9Z1FpjqWDpDG6QXQlFDChfAkjJzlvBMaaFE=";
nativeBuildInputs = [ installShellFiles ];

9
pkgs/applications/networking/cluster/helm/default.nix
View file

@ -2,23 +2,22 @@
buildGoModule rec {
pname = "kubernetes-helm";
version = "3.9.1";
gitCommit = "a7c043acb5ff905c261cfdc923a35776ba5e66e4";
version = "3.9.3";
src = fetchFromGitHub {
owner = "helm";
repo = "helm";
rev = "v${version}";
sha256 = "sha256-bhd8SyxiJ/8XrZpVwqvHSRe5gvE2VVEwmvUbVPsSC/4=";
sha256 = "sha256-fRlHI2g+pSexPzeEqUnow5WTPvNMGnQNWjnllzJ42fY=";
};
vendorSha256 = "sha256-v6jY90ht1S1tmO/Z9VGWDOz4zOSF0G77NSIqwAsktFo=";
vendorSha256 = "sha256-ZOY25wgxCdVQafdhBW4Z3aQxOGTs7N3SvSDJ/Fu5psg=";
subPackages = [ "cmd/helm" ];
ldflags = [
"-w"
"-s"
"-X helm.sh/helm/v3/internal/version.version=v${version}"
"-X helm.sh/helm/v3/internal/version.gitCommit=${gitCommit}"
"-X helm.sh/helm/v3/internal/version.gitCommit=${src.rev}"
];
preCheck = ''

6
pkgs/applications/networking/cluster/rancher/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "rancher";
version = "2.6.5";
version = "2.6.7";
src = fetchFromGitHub {
owner = "rancher";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-/HI3qcpgNJTurPFEZFlg+H0ndowSgEF6cHp1cuaJjR8=";
sha256 = "sha256-vSwGUgGREH1veF4NN+LBGRVbuTcio6bcr6HuSN97BJI=";
};
ldflags = [
@ -19,7 +19,7 @@ buildGoModule rec {
"-static"
];
vendorSha256 = "sha256-Nay4YkUNXuH7vTK3ergILF0efCF1XyJZd2wBiT6fims=";
vendorSha256 = "sha256-oclMnt6uJa8SG2fNM0fi+HCVMMi4rkykx8VpK/tXilQ=";
postInstall = ''
mv $out/bin/cli $out/bin/rancher

6
pkgs/applications/networking/cluster/terragrunt/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "terragrunt";
version = "0.37.0";
version = "0.38.7";
src = fetchFromGitHub {
owner = "gruntwork-io";
repo = pname;
rev = "v${version}";
sha256 = "sha256-7nil/T6q1crZh9ARTP615UzfjKcgsclpIt2N1ifABBk=";
sha256 = "sha256-MPetGR/VAVSLuDHyYeP1s9+4RRZzKanf9xyxas3heYY=";
};
vendorSha256 = "sha256-7SUf4r+6r6dkBoBZFg2AUK114QEl0+1lwRA4ymYArFs=";
vendorSha256 = "sha256-CqImT90jFFLi6XR7jfzFKwhnCHK6B+aM+Ba/L+G3bEg=";
doCheck = false;

5
pkgs/applications/networking/instant-messengers/matrix-commander/default.nix
View file

@ -36,11 +36,6 @@ buildPythonApplication rec {
-e '/asyncio/d' \
-e '/datetime/d' \
setup.cfg requirements.txt
# Dependencies not correctly detected
sed -i \
-e '/dbus-python/d' \
setup.cfg requirements.txt
'';
propagatedBuildInputs = [

43
pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix
View file

@ -1,35 +1,48 @@
{ lib, stdenv, fetchFromGitHub, openssl, sqlite }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, openssl, sqlite }:
stdenv.mkDerivation rec {
pname = "signalbackup-tools";
version = "20220711";
version = "20220810";
src = fetchFromGitHub {
owner = "bepaald";
repo = pname;
rev = version;
sha256 = "sha256-dKU8oTQ6ECwycDN3k7NY/pKpNWH16ceJIFDnRNEA90c=";
sha256 = "sha256-z/RAvNUss9rNuBQvxjJQl66ZMrlxvmS9at8L/vSG0XU=";
};
buildInputs = [ openssl sqlite ];
buildFlags = [
"-Wall"
"-Wextra"
"-Wshadow"
"-Wold-style-cast"
"-Woverloaded-virtual"
"-pedantic"
"-std=c++2a"
"-O3"
"-march=native"
# TODO: Remove when updating to next release.
patches = [
(fetchpatch {
name = "fix-platform-checks.patch";
url = "https://github.com/bepaald/signalbackup-tools/compare/20220810..a81baf25b6ba63da7d30d9a239e5b4bbc8d1ab4f.patch";
sha256 = "sha256-i7fuPBil8zB+V3wHHdcbmP79OZoTfG2ZpXPQ3m7X06c=";
})
];
postPatch = ''
patchShebangs BUILDSCRIPT_MULTIPROC.bash44
'';
buildInputs = [ openssl sqlite ];
# Manually define `CXXFLAGS` and `LDFLAGS` on Darwin since the build scripts includes flags
# that don't work on Darwin.
buildPhase = ''
$CXX $buildFlags */*.cc *.cc -lcrypto -lsqlite3 -o signalbackup-tools
runHook preBuild
'' + lib.optionalString stdenv.isDarwin ''
export CXXFLAGS="-Wall -Wextra -Wshadow -Wold-style-cast -Woverloaded-virtual -pedantic -O3"
export LDFLAGS="-Wall -Wextra -O3"
'' + ''
./BUILDSCRIPT_MULTIPROC.bash44
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp signalbackup-tools $out/bin/
runHook postInstall
'';
meta = with lib; {

6
pkgs/applications/networking/nali/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "nali";
version = "0.5.0";
version = "0.5.3";
src = fetchFromGitHub {
owner = "zu1k";
repo = "nali";
rev = "v${version}";
sha256 = "sha256-rK+UKECwG+2WcltV4zhODSFZ1EGkmLTBggLgKGMCAGI=";
sha256 = "sha256-mKZQe+VuhXm5N2SAOfHUlPK6wJPa8Cd+wgDjqSGbR7I=";
};
vendorSha256 = "sha256-pIJsCBevCVMg6NXc96f6hAbFK5VKwjFwCe34A+54NW8=";
vendorSha256 = "sha256-iNgYU/OgdbKscIA9dIVKqV5tiyLaC3Q4D3W1QsW7CWg=";
subPackages = [ "." ];
meta = with lib; {

11
pkgs/applications/networking/sync/rsync/default.nix
View file

@ -53,14 +53,9 @@ stdenv.mkDerivation rec {
# disable the included zlib explicitly as it otherwise still compiles and
# links them even.
"--with-included-zlib=no"
]
# Work around issue with cross-compilation:
# configure.sh: error: cannot run test program while cross compiling
# Remove once 3.2.4 or more recent is released.
# The following PR should fix the cross-compilation issue.
# Test using `nix-build -A pkgsCross.aarch64-multiplatform.rsync`.
# https://github.com/WayneD/rsync/commit/b7fab6f285ff0ff3816b109a8c3131b6ded0b484
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "--enable-simd=no";
];
enableParallelBuilding = true;
passthru.tests = { inherit (nixosTests) rsyncd; };

4
pkgs/applications/office/qownnotes/default.nix
View file

@ -5,13 +5,13 @@
mkDerivation rec {
pname = "qownnotes";
version = "22.8.0";
version = "22.8.1";
src = fetchurl {
url = "https://download.tuxfamily.org/${pname}/src/${pname}-${version}.tar.xz";
# Fetch the checksum of current version with curl:
# curl https://download.tuxfamily.org/qownnotes/src/qownnotes-<version>.tar.xz.sha256
sha256 = "37ae0952119341b7a07a80bb79e732d91edab3a684b6b9a626e5a9d13a97fad1";
sha256 = "82b231c53c485671568571e97f34b98887b0cee6e8a336a61e7d490edc605061";
};
nativeBuildInputs = [ qmake qttools ];

15
pkgs/applications/office/zim/default.nix
View file

@ -7,18 +7,24 @@
python3Packages.buildPythonApplication rec {
pname = "zim";
version = "0.74.2";
version = "0.74.3";
src = fetchurl {
url = "https://zim-wiki.org/downloads/zim-${version}.tar.gz";
sha256 = "sha256-tZxBlpps2nLThSOq3WJ42iUQ4NG1Lb463bvDQ+djZJA=";
sha256 = "sha256-3ehPIkhsf1JnC9Qx3kQ6ilvRaBB7auBm2C1HOuNGzRU=";
};
buildInputs = [ gtk3 gobject-introspection wrapGAppsHook gnome.adwaita-icon-theme ];
buildInputs = [ gtk3 gobject-introspection gnome.adwaita-icon-theme ];
propagatedBuildInputs = with python3Packages; [ pyxdg pygobject3 ];
# see https://github.com/NixOS/nixpkgs/issues/56943#issuecomment-1131643663
nativeBuildInputs = [ gobject-introspection wrapGAppsHook ];
dontWrapGApps = true;
preFixup = ''
export makeWrapperArgs="--prefix XDG_DATA_DIRS : $out/share --argv0 $out/bin/.zim-wrapped"
makeWrapperArgs+=(--prefix XDG_DATA_DIRS : $out/share)
makeWrapperArgs+=(--argv0 $out/bin/.zim-wrapped)
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
# RuntimeError: could not create GtkClipboard object
@ -31,6 +37,7 @@ python3Packages.buildPythonApplication rec {
meta = with lib; {
description = "A desktop wiki";
homepage = "https://zim-wiki.org/";
changelog = "https://github.com/zim-desktop-wiki/zim-desktop-wiki/blob/${version}/CHANGELOG.md";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ pSub ];
broken = stdenv.isDarwin; # https://github.com/NixOS/nixpkgs/pull/52658#issuecomment-449565790

4
pkgs/applications/radio/freedv/default.nix
View file

@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "freedv";
version = "1.7.0";
version = "1.8.3";
src = fetchFromGitHub {
owner = "drowe67";
repo = "freedv-gui";
rev = "v${version}";
hash = "sha256-0E7r/7+AQRPIFAcE6O1WE0NYiKzAlBR0jKbssqWvRMU=";
hash = "sha256-hZcaA8ZAkNigWwcaU8K6R6atNi8pqIUUEwkje+3sW8A=";
};
nativeBuildInputs = [ cmake ];

3
pkgs/applications/terminal-emulators/terminator/default.nix
View file

@ -50,9 +50,6 @@ python3.pkgs.buildPythonApplication rec {
postPatch = ''
patchShebangs tests po
# dbus-python is correctly passed in propagatedBuildInputs, but for some reason setup.py complains.
# The wrapped terminator has the correct path added, so ignore this.
substituteInPlace setup.py --replace "'dbus-python'," ""
'';
doCheck = false;

6
pkgs/applications/version-management/git-and-tools/glitter/default.nix
View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "glitter";
version = "1.5.15";
version = "1.6.1";
src = fetchFromGitHub {
owner = "milo123459";
repo = pname;
rev = "v${version}";
sha256 = "sha256-4oI0opwbmEyHc3zx06l8bDPnOi7rGrMqUJPBDAfmPY0=";
sha256 = "sha256-1iBTuFhxgsOFO3GueIB0kqNfmLglzircnCY+AffFj9I=";
};
cargoSha256 = "sha256-rmECD/0ThDXBAGqDMNbyHi9eoGNOJhBndaxCuUS/qpc=";
cargoSha256 = "sha256-wY60B+3ndKL6IAaLmvbIcCxvq/Un/Sgzgedml6ouqFc=";
# tests require it to be in a git repository
preCheck = ''

2
pkgs/applications/version-management/git-and-tools/radicle-cli/default.nix
View file

@ -58,7 +58,7 @@ rustPlatform.buildRustPackage rec {
meta = {
description = "Command-line tooling for Radicle, a decentralized code collaboration network";
homepage = "https://radicle.xyz";
license = lib.licenses.gpl3;
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ amesgen ];
platforms = lib.platforms.unix;
mainProgram = "rad";

4
pkgs/applications/video/mkvtoolnix/default.nix
View file

@ -47,13 +47,13 @@ let
in
stdenv.mkDerivation rec {
pname = "mkvtoolnix";
version = "69.0.0";
version = "70.0.0";
src = fetchFromGitLab {
owner = "mbunkus";
repo = "mkvtoolnix";
rev = "release-${version}";
sha256 = "sha256-sKm/TjlVFj6Vy6lfy3v7UJoEUXALZZSKO3zoIrYtwrc=";
sha256 = "sha256-7ryLf/SKM5m7MdOd2K2XhJEdLF2H8xjV1aZMKUjm+Ok=";
};
nativeBuildInputs = [

13
pkgs/applications/video/mpv/scripts/mpris.nix
View file

@ -1,22 +1,15 @@
{ lib, stdenv, fetchpatch, fetchFromGitHub, pkg-config, glib, mpv-unwrapped }:
{ lib, stdenv, fetchFromGitHub, pkg-config, glib, mpv-unwrapped }:
stdenv.mkDerivation rec {
pname = "mpv-mpris";
version = "0.5";
version = "0.8.1";
src = fetchFromGitHub {
owner = "hoyon";
repo = "mpv-mpris";
rev = version;
sha256 = "07p6li5z38pkfd40029ag2jqx917vyl3ng5p2i4v5a0af14slcnk";
sha256 = "ugEiQZA1vQCVwyv3ViM84Qz8lhRvy17vcxjayYevTAs=";
};
patches = [
# Enables to "make SCRIPTS_DIR=... install" https://github.com/hoyon/mpv-mpris/pull/38
(fetchpatch {
url = "https://github.com/hoyon/mpv-mpris/commit/f1482350868bf20e4575f923943ec998469b255e.patch";
sha256 = "1lqy867wpmj6hv3zgi6g679a7x3dv5skpw24hwd05b28galnyd4l";
})
];
nativeBuildInputs = [ pkg-config ];

10
pkgs/applications/video/mpv/scripts/thumbnail.nix
View file

@ -1,13 +1,13 @@
{ fetchFromGitHub, lib, python3, stdenvNoCC }:
{ lib, stdenvNoCC, fetchFromGitHub, python3 }:
stdenvNoCC.mkDerivation rec {
pname = "mpv_thumbnail_script";
version = "unstable-2020-01-16";
version = "0.4.9";
src = fetchFromGitHub {
owner = "theamm";
owner = "marzzzello";
repo = pname;
rev = "682becf5b5115c2a206b4f0bdee413d4be8b5bef";
rev = version;
sha256 = "0dgfrb8ypc5vlq35kzn423fm6l6348ivl85vb6j3ccc9a51xprw3";
};
@ -28,7 +28,7 @@ stdenvNoCC.mkDerivation rec {
meta = with lib; {
description = "A lua script to show preview thumbnails in mpv's OSC seekbar";
homepage = "https://github.com/theamm/mpv_thumbnail_script";
homepage = "https://github.com/marzzzello/mpv_thumbnail_script";
license = licenses.gpl3Plus;
platforms = platforms.all;
maintainers = with maintainers; [ figsoda ];

4
pkgs/applications/virtualization/ecs-agent/default.nix
View file

@ -2,7 +2,7 @@
buildGoPackage rec {
pname = "amazon-ecs-agent";
version = "1.18.0";
version = "1.62.1";
goPackagePath = "github.com/aws/${pname}";
subPackages = [ "agent" ];
@ -11,7 +11,7 @@ buildGoPackage rec {
rev = "v${version}";
owner = "aws";
repo = pname;
sha256 = "1l6c2if6wpjmq2hh6k818w38s1rsbwgd6igqy948dwcrb1g1mixr";
sha256 = "sha256-p3o5Z6NIieBoEjxN8NnDYCSD4IQs2daxCwg4ndp5TTk=";
};
meta = with lib; {

4
pkgs/applications/window-managers/cage/default.nix
View file

@ -17,6 +17,10 @@ stdenv.mkDerivation rec {
sha256 = "0vm96gxinhy48m3x9p1sfldyd03w3gk6iflb7n9kn06j1vqyswr6";
};
depsBuildBuild = [
pkg-config
];
nativeBuildInputs = [ meson ninja pkg-config wayland-scanner scdoc makeWrapper ];
buildInputs = [

2
pkgs/data/icons/beauty-line-icon-theme/default.nix
View file

@ -21,7 +21,7 @@ stdenvNoCC.mkDerivation rec {
sparseCheckout = ''
BeautyLine-V3
'';
sha256 = "sha256-VEQWMY77cVz6UDn7FeMYYyYgXmXl1lLYs8MlFUuGRZE=";
sha256 = "sha256-IkkypAj250+OXbf19TampCnqYsSbJVIjeYlxJoyhpzk=";
};
sourceRoot = "${src.name}/BeautyLine-V3";

18
pkgs/data/themes/material-kwin-decoration/default.nix
View file

@ -12,24 +12,20 @@
, kwindowsystem
, kiconthemes
, kwayland
, unstableGitUpdater
}:
mkDerivation rec {
pname = "material-kwin-decoration";
version = "unstable-2021-10-28";
version = "unstable-2022-01-19";
src = fetchFromGitHub {
owner = "Zren";
repo = "material-decoration";
rev = "cc5cc399a546b66907629b28c339693423c894c8";
sha256 = "sha256-aYlnPFhf+ISVe5Ycryu5BSXY8Lb5OoueMqnWQZiv6Lc=";
rev = "973949761f609f9c676c5b2b7c6d9560661d34c3";
sha256 = "sha256-n+yUmBUrkS+06qLnzl2P6CTQZZbDtJLy+2mDPCcQz9M=";
};
postPatch = ''
substituteInPlace CMakeLists.txt \
--replace "-Werror" ""
'';
nativeBuildInputs = [ cmake extra-cmake-modules ];
buildInputs = [
@ -44,10 +40,14 @@ mkDerivation rec {
kwayland
];
passthru = {
updateScript = unstableGitUpdater { };
};
meta = with lib; {
description = "Material-ish window decoration theme for KWin";
homepage = "https://github.com/Zren/material-decoration";
license = licenses.gpl2;
maintainers = [ maintainers.nickcao ];
maintainers = with maintainers; [ nickcao ];
};
}

60
pkgs/desktops/gnome/extensions/extensions.json
View file

File diff suppressed because one or more lines are too long

6
pkgs/desktops/pantheon/apps/switchboard-plugs/pantheon-shell/default.nix
View file

@ -8,6 +8,7 @@
, vala
, glib
, libgee
, libhandy
, granite
, gexiv2
, gnome-settings-daemon
@ -24,13 +25,13 @@
stdenv.mkDerivation rec {
pname = "switchboard-plug-pantheon-shell";
version = "6.2.0";
version = "6.3.0";
src = fetchFromGitHub {
owner = "elementary";
repo = pname;
rev = version;
sha256 = "sha256-s7EMs8jeBFkDlLqOLtKuyQmCFNgXYMzKOKW/dVR2eqA=";
sha256 = "sha256-xaMoemI87uSlTN6qkxMiC26mdoU7nHTTCRnJgjQFtF4=";
};
nativeBuildInputs = [
@ -53,6 +54,7 @@ stdenv.mkDerivation rec {
granite
gtk3
libgee
libhandy
switchboard
wingpanel
];

4
pkgs/development/compilers/dictu/default.nix
View file

@ -13,13 +13,13 @@ assert enableLTO -> stdenv.cc.isGNU;
stdenv.mkDerivation rec {
pname = "dictu";
version = "0.24.0";
version = "0.25.0";
src = fetchFromGitHub {
owner = "dictu-lang";
repo = pname;
rev = "v${version}";
sha256 = "sha256-EYoLEyK8jh4z3/9aMuUBt0pCwks7NIevsK2mOh8x6bQ=";
sha256 = "sha256-Tahi2K8Q/KPc9MN7yWhkqp/MzXfzJzrGSsvnTCyI03U=";
};
nativeBuildInputs = [ cmake ];

20
pkgs/development/compilers/gcl/2.6.13-pre.nix
View file

@ -1,5 +1,5 @@
{ lib, stdenv, fetchgit, mpfr, m4, binutils, emacs, zlib, which
, texinfo, libX11, xorgproto, libXi, gmp, readline, strace
, texinfo, libX11, xorgproto, libXi, gmp, readline
, libXext, libXt, libXaw, libXmu } :
assert stdenv ? cc ;
@ -7,34 +7,32 @@ assert stdenv.cc.isGNU ;
assert stdenv.cc ? libc ;
assert stdenv.cc.libc != null ;
stdenv.mkDerivation {
stdenv.mkDerivation rec {
pname = "gcl";
version = "2.6.13pre50";
version = "2.6.13pre124";
src = fetchgit {
sha256 = "0vpxb6z5g9fjavrgx8gz8fsjvskfz64f63qibh5s00fvvndlwi88";
sha256 = "sha256-e4cUQlNSfdz+B3urlZ82pf7fTc6aoloUyDDorAUi5kc=";
url = "https://git.savannah.gnu.org/r/gcl.git";
rev = "refs/tags/Version_2_6_13pre50";
rev = "refs/tags/Version_${builtins.replaceStrings ["."] ["_"] version}";
};
postPatch = ''
sed -e 's/<= obj-date/<= (if (= 0 obj-date) 1 obj-date)/' -i lsp/make.lisp
''
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902475
+ ''
substituteInPlace h/elf64_i386_reloc.h \
--replace 'case R_X86_64_PC32:' 'case R_X86_64_PC32: case R_X86_64_PLT32:'
'';
sourceRoot = "gcl/gcl";
# breaks when compiling in parallel
enableParallelBuilding = false;
patches = [];
buildInputs = [
mpfr m4 binutils emacs gmp
libX11 xorgproto libXi
libXext libXt libXaw libXmu
zlib which texinfo readline strace
zlib which texinfo readline
];
configureFlags = [

17
pkgs/development/compilers/go/1.18.nix
View file

@ -1,6 +1,5 @@
{ lib
, stdenv
, fetchpatch
, fetchurl
, tzdata
, iana-etc
@ -56,11 +55,11 @@ let
in
stdenv.mkDerivation rec {
pname = "go";
version = "1.18.4";
version = "1.18.5";
src = fetchurl {
url = "https://go.dev/dl/go${version}.src.tar.gz";
sha256 = "sha256-RSWqaw487LV4RfQGCnB1qvyat1K7e2tM+KIS1DB44eQ=";
sha256 = "sha256-mSDTMGoaxTbN0seW1ss8VLxVnCJvw8w5wy8eC9f1DSo=";
};
strictDeps = true;
@ -168,11 +167,7 @@ stdenv.mkDerivation rec {
touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd
'';
patches = let
fetchBase64Patch = args: (fetchpatch args).overrideAttrs (o: {
postFetch = "mv $out p; base64 -d p > $out; " + o.postFetch;
});
in [
patches = [
./remove-tools-1.11.patch
./ssl-cert-file-1.16.patch
./remove-test-pie-1.15.patch
@ -182,12 +177,6 @@ stdenv.mkDerivation rec {
./skip-nohup-tests.patch
./skip-cgo-tests-1.15.patch
./go_no_vendor_checks-1.16.patch
# https://go-review.googlesource.com/c/go/+/417615/
(fetchBase64Patch {
url = "https://go-review.googlesource.com/changes/go~417615/revisions/3/patch";
sha256 = "sha256-Gu5eZUwGGch7et75A/BNynbs4VlQUBClVUxjxPkdjOs=";
})
];
postPatch = ''

3
pkgs/development/compilers/zig/default.nix
View file

@ -18,6 +18,9 @@ stdenv.mkDerivation rec {
hash = "sha256-x2c4c9RSrNWGqEngio4ArW7dJjW0gg+8nqBwPcR721k=";
};
# Fix index out of bounds reading RPATH (cherry-picked from 0.10-dev)
patches = [ ./rpath.patch ];
nativeBuildInputs = [
cmake
llvmPackages.llvm.dev

39
pkgs/development/compilers/zig/rpath.patch Normal file
View file

@ -0,0 +1,39 @@
commit ebcdbd9b3c9d437780aee4d6af76bbd2ab32ea06
Author: LeRoyce Pearson <contact@leroycepearson.dev>
Date: 2022-07-17 16:01:22 -0600
Read dynstr starting at rpath offset
Since we know the offset, we may as well read starting there. Still expects
rpath to fit in 4096 bytes; that might be worth fixing in the future.
Fixes issue #12112
diff --git a/lib/std/zig/system/NativeTargetInfo.zig b/lib/std/zig/system/NativeTargetInfo.zig
index af41fc790579..ad0b6d5ce1e1 100644
--- a/lib/std/zig/system/NativeTargetInfo.zig
+++ b/lib/std/zig/system/NativeTargetInfo.zig
@@ -652,14 +652,19 @@ pub fn abiAndDynamicLinkerFromFile(
} else null;
if (dynstr) |ds| {
- const strtab_len = std.math.min(ds.size, strtab_buf.len);
- const strtab_read_len = try preadMin(file, &strtab_buf, ds.offset, strtab_len);
- const strtab = strtab_buf[0..strtab_read_len];
// TODO this pointer cast should not be necessary
const rpoff_usize = std.math.cast(usize, rpoff) catch |err| switch (err) {
error.Overflow => return error.InvalidElfFile,
};
- const rpath_list = mem.sliceTo(std.meta.assumeSentinel(strtab[rpoff_usize..].ptr, 0), 0);
+ if (rpoff_usize > ds.size) return error.InvalidElfFile;
+ const rpoff_file = ds.offset + rpoff_usize;
+ const rp_max_size = ds.size - rpoff_usize;
+
+ const strtab_len = std.math.min(rp_max_size, strtab_buf.len);
+ const strtab_read_len = try preadMin(file, &strtab_buf, rpoff_file, strtab_len);
+ const strtab = strtab_buf[0..strtab_read_len];
+
+ const rpath_list = mem.sliceTo(std.meta.assumeSentinel(strtab.ptr, 0), 0);
var it = mem.tokenize(u8, rpath_list, ":");
while (it.next()) |rpath| {
var dir = fs.cwd().openDir(rpath, .{}) catch |err| switch (err) {

24
pkgs/development/interpreters/perl/default.nix
View file

@ -198,14 +198,14 @@ let
priority = 6; # in `buildEnv' (including the one inside `perl.withPackages') the library files will have priority over files in `perl`
};
} // optionalAttrs (stdenv.buildPlatform != stdenv.hostPlatform) rec {
crossVersion = "31dac3e264a7f1f53dbf49570771123ebd514055"; # May 03, 2022
crossVersion = "c876045741f5159318085d2737b0090f35a842ca"; # June 5, 2022
perl-cross-src = fetchFromGitHub {
name = "perl-cross-unstable-${crossVersion}";
owner = "arsv";
repo = "perl-cross";
rev = crossVersion;
sha256 = "sha256-5hLUP34WwTFRsG0o8zSJm8WM3WfBAhHeYrrQF2MtMKc=";
sha256 = "sha256-m9UCoTQgXBxSgk9Q1Zv6wl3Qnd0aZm/jEPXkcMKti8U=";
};
depsBuildBuild = [ buildPackages.stdenv.cc makeWrapper ];
@ -222,14 +222,6 @@ let
setupHook = ./setup-hook-cross.sh;
});
in {
# Maint version
perl532 = common {
perl = pkgs.perl532;
buildPerl = buildPackages.perl532;
version = "5.32.1";
sha256 = "0b7brakq9xs4vavhg391as50nbhzryc7fy5i65r81bnq3j897dh3";
};
# Maint version
perl534 = common {
perl = pkgs.perl534;
@ -238,11 +230,19 @@ in {
sha256 = "sha256-NXlRpJGwuhzjYRJjki/ux4zNWB3dwkpEawM+JazyQqE=";
};
# Maint version
perl536 = common {
perl = pkgs.perl536;
buildPerl = buildPackages.perl536;
version = "5.36.0";
sha256 = "sha256-4mCFr4rDlvYq3YpTPDoOqMhJfYNvBok0esWr17ek4Ao=";
};
# the latest Devel version
perldevel = common {
perl = pkgs.perldevel;
buildPerl = buildPackages.perldevel;
version = "5.35.9";
sha256 = "sha256-/nmSCIIXHXoC68DxFM9b5GM2AKU4WlLbfWLgduanL7U=";
version = "5.37.0";
sha256 = "sha256-8RQO6gtH+WmghqzRafbqAH1MhKv/vJCcvysi7/+T9XI=";
};
}

4
pkgs/development/interpreters/python/default.nix
View file

@ -140,10 +140,10 @@ with pkgs;
sourceVersion = {
major = "3";
minor = "10";
patch = "5";
patch = "6";
suffix = "";
};
sha256 = "sha256-hDfv1bEG7wp1qr+/I9iAYlEgpzqGoireTS4uaNe3RIY=";
sha256 = "sha256-95X/h9EdSwx8M7yIUbDChkjYpFg6ohAKmMIrQya20/M=";
};
};

5
pkgs/development/libraries/SDL/default.nix
View file

@ -104,6 +104,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/libsdl-org/SDL-1.2/commit/7933032ad4d57c24f2230db29f67eb7d21bb5654.patch";
sha256 = "1by16firaxyr0hjvn35whsgcmq6bl0nwhnpjf75grjzsw9qvwyia";
})
(fetchpatch {
name = "CVE-2022-34568.patch";
url = "https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b.patch";
sha256 = "sha256-fuxXsqZW94/C8CKu9LakppCU4zHupj66O2MngQ4BO9o=";
})
];
postInstall = ''

9
pkgs/development/libraries/cairo/default.nix
View file

@ -62,6 +62,15 @@ in stdenv.mkDerivation rec {
url = "https://gitlab.freedesktop.org/cairo/cairo/-/commit/e22d7212acb454daccc088619ee147af03883974.diff";
sha256 = "sha256-8G98nsPz3MLEWPDX9F0jKgXC4hC4NNdFQLSpmW3ay2s=";
})
# Fix unexpected color addition on grayscale images (usually text).
# Upstream fix: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/114
# Can be removed after 1.18 release
(fetchpatch {
name = "fix-grayscale-anialias.patch";
url = "https://gitlab.freedesktop.org/cairo/cairo/-/commit/4f4d89506f58a64b4829b1bb239bab9e46d63727.diff";
sha256 = "sha256-mbTg67e7APfdELsuMAgXdY3xokWbGtHF7VDD5UyYqKM=";
})
];
outputs = [ "out" "dev" "devdoc" ];

2
pkgs/development/libraries/capnproto/default.nix
View file

@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ];
buildInputs = [ openssl zlib ];
propagatedBuildInputs = [ openssl zlib ];
meta = with lib; {
homepage = "https://capnproto.org/";

6
pkgs/development/libraries/dbus/default.nix
View file

@ -5,7 +5,7 @@
, pkg-config
, expat
, enableSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isStatic
, systemd
, systemdMinimal
, audit
, libapparmor
, dbus
@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
libX11
libICE
libSM
]) ++ lib.optional enableSystemd systemd
]) ++ lib.optional enableSystemd systemdMinimal
++ lib.optionals stdenv.isLinux [ audit libapparmor ];
# ToDo: optional selinux?
@ -94,7 +94,7 @@ stdenv.mkDerivation rec {
"--with-systemduserunitdir=${placeholder "out"}/etc/systemd/user"
] ++ lib.optional (!x11Support) "--without-x"
++ lib.optionals stdenv.isLinux [ "--enable-apparmor" "--enable-libaudit" ]
++ lib.optionals enableSystemd [ "SYSTEMCTL=${systemd}/bin/systemctl" ];
++ lib.optionals enableSystemd [ "SYSTEMCTL=${systemdMinimal}/bin/systemctl" ];
NIX_CFLAGS_LINK = lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed";

4
pkgs/development/libraries/folly/default.nix
View file

@ -22,13 +22,13 @@
stdenv.mkDerivation rec {
pname = "folly";
version = "2022.08.08.00";
version = "2022.08.15.00";
src = fetchFromGitHub {
owner = "facebook";
repo = "folly";
rev = "v${version}";
sha256 = "sha256-shgqM7hUz0uHOtaXSSdnsQW0eUvCUAo3mtq0EISeQgU=";
sha256 = "sha256-GJYjilN2nwKEpuWj2NJQ25hT9lI2pdkWzgfLBph5mmU=";
};
nativeBuildInputs = [

15
pkgs/development/libraries/freeglut/default.nix
View file

@ -1,23 +1,14 @@
{ lib, stdenv, fetchurl, fetchpatch, libXi, libXrandr, libXxf86vm, libGL, libGLU, xlibsWrapper, cmake }:
{ lib, stdenv, fetchurl, libXi, libXrandr, libXxf86vm, libGL, libGLU, xlibsWrapper, cmake }:
stdenv.mkDerivation rec {
pname = "freeglut";
version = "3.2.1";
version = "3.2.2";
src = fetchurl {
url = "mirror://sourceforge/freeglut/freeglut-${version}.tar.gz";
sha256 = "0s6sk49q8ijgbsrrryb7dzqx2fa744jhx1wck5cz5jia2010w06l";
sha256 = "sha256-xZRKCC3wu6lrV1bd2x910M1yzie1OVxsHd6Fwv8pelA=";
};
patches = [
(fetchpatch {
# upstream build fix against -fno-common compilers like >=gcc-10
url = "https://github.com/dcnieho/FreeGLUT/commit/b9998bbc1e1c329f6bf69c24606a2be7a4973b8c.patch";
sha256 = "0j43vrnm22mz3r3c43szgcnil19cx9vcydzky9gwzqlyacr51swd";
stripLen = 2;
})
];
outputs = [ "out" "dev" ];
nativeBuildInputs = [ cmake ];

2
pkgs/development/libraries/irrlichtmt/default.nix
View file

@ -7,7 +7,6 @@
, libjpeg
, libGL
, libX11
, libXxf86vm
, withTouchSupport ? false
, libXi
, libXext
@ -43,7 +42,6 @@ stdenv.mkDerivation rec {
libjpeg
libGL
libX11
libXxf86vm
] ++ lib.optionals withTouchSupport [
libXi
libXext

4
pkgs/development/libraries/libass/default.nix
View file

@ -11,11 +11,11 @@ assert fontconfigSupport -> fontconfig != null;
with lib;
stdenv.mkDerivation rec {
pname = "libass";
version = "0.15.2";
version = "0.16.0";
src = fetchurl {
url = "https://github.com/libass/libass/releases/download/${version}/${pname}-${version}.tar.xz";
sha256 = "sha256-G+LfnESFpX14uxjAqO0Ve8h6Wo3UjGYZYcYlyxEoMv0=";
sha256 = "sha256-Xb3p4iM5EZz47tWe6mxiOgdG71qQtonmigkBCQeOPAg=";
};
configureFlags = [

34
pkgs/development/libraries/libbluray/BDJ-JARFILE-path.patch
View file

@ -1,27 +1,27 @@
diff --git a/configure.ac b/configure.ac
index 5fd3c8de..7ae343e0 100644
index 5007bbd..f46de1a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -228,6 +228,10 @@ if test "x$use_bdjava_jar" = "xyes" && test "x$HAVE_ANT" = "xno"; then
AC_MSG_ERROR([BD-J requires ANT, but ant was not found. Please install it.])
fi
@@ -253,7 +253,7 @@ AS_IF([test "x${JDK_HOME}" != "x"], [
])
+if test "x$use_bdjava_jar" = "xyes"; then
+ CPPFLAGS="${CPPFLAGS} -DJARDIR='\"\$(datadir)/java\"'"
+fi
+
AC_DEFINE_UNQUOTED([JAVA_ARCH], ["$java_arch"], ["Defines the architecture of the java vm."])
AC_DEFINE_UNQUOTED([JDK_HOME], ["$JDK_HOME"], [""])
AM_CONDITIONAL([USING_BDJAVA_BUILD_JAR], [ test $use_bdjava_jar = "yes" ])
AS_IF([test "x$use_bdjava_jar" = "xyes"], [
-
+ CPPFLAGS="${CPPFLAGS} -DJARDIR='\"\$(datadir)/java\"'"
dnl check for ant
AC_CHECK_PROG(HAVE_ANT, [ant], yes, no)
AS_IF([test "x$HAVE_ANT" = "xno"], [
diff --git a/src/libbluray/bdj/bdj.c b/src/libbluray/bdj/bdj.c
index 511ad533..e273b9e0 100644
index 1cb1bfe..f3711c2 100644
--- a/src/libbluray/bdj/bdj.c
+++ b/src/libbluray/bdj/bdj.c
@@ -478,6 +478,7 @@ static const char *_find_libbluray_jar(BDJ_STORAGE *storage)
// pre-defined search paths for libbluray.jar
static const char * const jar_paths[] = {
#ifndef _WIN32
@@ -533,6 +533,9 @@ static char *_find_libbluray_jar0()
# ifdef __FreeBSD__
"/usr/local/share/java/" BDJ_JARFILE,
# else
+# ifdef JARDIR
+ JARDIR "/" BDJ_JARFILE,
+# endif
"/usr/share/java/" BDJ_JARFILE,
"/usr/share/libbluray/lib/" BDJ_JARFILE,
#endif
# endif

8
pkgs/development/libraries/libbluray/default.nix
View file

@ -20,11 +20,13 @@ stdenv.mkDerivation rec {
sha256 = "sha256-wksPQcW3N7u2XFRP5jSVY3p3HBClGd/IAudp8RK0O3U=";
};
patches = optional withJava ./BDJ-JARFILE-path.patch;
patches = [
./BDJ-JARFILE-path.patch
./libbluray-1.3.1-Fix-build-failure-after-Oracle-Java-CPU-for-April-2022.patch
];
nativeBuildInputs = [ pkg-config autoreconfHook ]
++ optionals withJava [ ant ]
;
++ optionals withJava [ ant ];
buildInputs = [ fontconfig ]
++ optional withJava jdk

25
pkgs/development/libraries/libbluray/libbluray-1.3.1-Fix-build-failure-after-Oracle-Java-CPU-for-April-2022.patch Normal file
View file

@ -0,0 +1,25 @@
From 8f26777b1ce124ff761f80ef52d6be10bcea323e Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Mon, 25 Apr 2022 14:28:58 +0300
Subject: [PATCH] Fix build failure after Oracle Java CPU for April 2022
--- a/src/libbluray/bdj/java/java/io/BDFileSystem.java
+++ b/src/libbluray/bdj/java/java/io/BDFileSystem.java
@@ -227,6 +227,17 @@ public abstract class BDFileSystem extends FileSystem {
return fs.isAbsolute(f);
}
+ public boolean isInvalid(File f) {
+ try {
+ Method m = fs.getClass().getDeclaredMethod("isInvalid", new Class[] { File.class });
+ Object[] args = new Object[] {(Object)f};
+ Boolean result = (Boolean)m.invoke(fs, args);
+ return result.booleanValue();
+ } finally {
+ return false;
+ }
+ }
+
public String resolve(File f) {
if (!booted)
return fs.resolve(f);

47
pkgs/development/libraries/libdrm/cross-build-nm-path.patch
View file

@ -1,47 +0,0 @@
From 9e05fece7918edce9c6aa5a1f1ea375108e5b2be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 2 Aug 2019 10:26:37 +0100
Subject: [PATCH] meson: support for custom nm path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When cross-compiling target toolchains i.e. binutils are often
prefixed by its target architecture. This patch gives the user
to option to specify the nm used during the build process.
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
meson.build | 2 +-
meson_options.txt | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
--- meson.build.orig 2020-06-18 11:13:57.716321962 +0200
+++ meson.build 2020-06-18 11:19:50.456861311 +0200
@@ -45,7 +45,7 @@
cc = meson.get_compiler('c')
symbols_check = find_program('symbols-check.py')
-prog_nm = find_program('nm')
+prog_nm = find_program(get_option('nm-path'))
# Check for atomics
intel_atomics = false
diff --git a/meson_options.txt b/meson_options.txt
index 8af33f1c..b4f46a52 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -141,3 +141,9 @@ option(
value : false,
description : 'Enable support for using udev instead of mknod.',
)
+option(
+ 'nm-path',
+ type : 'string',
+ description : 'path to nm',
+ value : 'nm'
+)
--
2.22.0

3
pkgs/development/libraries/libdrm/default.nix
View file

@ -18,10 +18,7 @@ stdenv.mkDerivation rec {
buildInputs = [ libpthreadstubs libpciaccess ]
++ lib.optional withValgrind valgrind-light;
patches = [ ./cross-build-nm-path.patch ];
mesonFlags = [
"-Dnm-path=${stdenv.cc.targetPrefix}nm"
"-Dinstall-test-programs=true"
"-Domap=true"
] ++ lib.optionals stdenv.hostPlatform.isAarch [

4
pkgs/development/libraries/libdvdread/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "libdvdread";
version = "6.1.2";
version = "6.1.3";
src = fetchurl {
url = "http://get.videolan.org/libdvdread/${version}/${pname}-${version}.tar.bz2";
sha256 = "sha256-zBkPVTdYztdXGFnjAfgCy0gh8WTQK/rP0yDBSk4Np2M=";
sha256 = "sha256-zjVFSZeiCMvlDpEjLw5z+xrDRxllgToTuHMKjxihU2k=";
};
buildInputs = [libdvdcss];

12
pkgs/development/libraries/libfido2/default.nix
View file

@ -8,23 +8,26 @@
, openssl
, udev
, zlib
, pcsclite
}:
stdenv.mkDerivation rec {
pname = "libfido2";
version = "1.10.0";
version = "1.11.0";
# releases on https://developers.yubico.com/libfido2/Releases/ are signed
src = fetchurl {
url = "https://developers.yubico.com/${pname}/Releases/${pname}-${version}.tar.gz";
sha256 = "sha256-Um79PVavcGwF0J89IfGO47CxWsDB9cXaGsvCfCcwuZs=";
sha256 = "sha256-CDDFhT47RAmalxZuDOxUpltUt/qqwHBxhy93uOTXswI=";
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ libcbor openssl zlib ]
buildInputs = [ libcbor zlib ]
++ lib.optionals stdenv.isDarwin [ hidapi ]
++ lib.optionals stdenv.isLinux [ udev ];
++ lib.optionals stdenv.isLinux [ udev pcsclite ];
propagatedBuildInputs = [ openssl ];
cmakeFlags = [
"-DUDEV_RULES_DIR=${placeholder "out"}/etc/udev/rules.d"
@ -33,6 +36,7 @@ stdenv.mkDerivation rec {
"-DUSE_HIDAPI=1"
] ++ lib.optionals stdenv.isLinux [
"-DNFC_LINUX=1"
"-DUSE_PCSC=1"
];
meta = with lib; {

51
pkgs/development/libraries/libtiff/aarch64-darwin.nix
View file

@ -1,51 +0,0 @@
{ lib, stdenv
, fetchurl
, pkg-config
, cmake
, libdeflate
, libjpeg
, xz
, zlib
}:
stdenv.mkDerivation rec {
pname = "libtiff";
version = "4.2.0";
src = fetchurl {
url = "https://download.osgeo.org/libtiff/tiff-${version}.tar.gz";
sha256 = "1jrkjv0xya9radddn8idxvs2gqzp3l2b1s8knlizmn7ad3jq817b";
};
# FreeImage needs this patch
patches = [ ./headers-cmake.patch ];
outputs = [ "bin" "dev" "dev_private" "out" "man" "doc" ];
postFixup = ''
moveToOutput include/tif_dir.h $dev_private
moveToOutput include/tif_config.h $dev_private
moveToOutput include/tiffiop.h $dev_private
'';
nativeBuildInputs = [ cmake pkg-config ];
propagatedBuildInputs = [ libjpeg xz zlib ]; #TODO: opengl support (bogus configure detection)
buildInputs = [ libdeflate ]; # TODO: move all propagatedBuildInputs to buildInputs.
enableParallelBuilding = true;
doInstallCheck = true;
installCheckTarget = "test";
meta = with lib; {
description = "Library and utilities for working with the TIFF image file format";
homepage = "https://libtiff.gitlab.io/libtiff";
changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html";
license = licenses.libtiff;
platforms = platforms.unix;
};
}

7
pkgs/development/libraries/libtiff/default.nix
View file

@ -21,8 +21,6 @@
, imlib
}:
#FIXME: fix aarch64-darwin build and get rid of ./aarch64-darwin.nix
stdenv.mkDerivation rec {
pname = "libtiff";
version = "4.4.0";
@ -38,6 +36,11 @@ stdenv.mkDerivation rec {
# libc++abi 11 has an `#include <version>`, this picks up files name
# `version` in the project's include paths
./rename-version.patch
(fetchpatch {
name = "CVE-2022-34526.patch";
url = "https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990.patch";
sha256 = "sha256-faKsdJjvQwNdkAKjYm4vubvZvnULt9zz4l53zBFr67s=";
})
];
postPatch = ''

13
pkgs/development/libraries/libtiff/headers-cmake.patch
View file

@ -1,13 +0,0 @@
diff -ruN a/libtiff/CMakeLists.txt b/libtiff/CMakeLists.txt
--- a/libtiff/CMakeLists.txt 2019-05-31 13:05:22.849705817 +0000
+++ b/libtiff/CMakeLists.txt 2020-11-27 21:50:03.527831837 +0000
@@ -42,6 +42,9 @@
libtiffxx.map)
set(tiff_HEADERS
+ tiffiop.h
+ ${CMAKE_CURRENT_BINARY_DIR}/tif_config.h
+ tif_dir.h
tiff.h
tiffio.h
tiffvers.h)

4
pkgs/development/libraries/libwebp/default.nix
View file

@ -27,13 +27,13 @@
stdenv.mkDerivation rec {
pname = "libwebp";
version = "1.2.2";
version = "1.2.3";
src = fetchFromGitHub {
owner = "webmproject";
repo = pname;
rev = "v${version}";
hash = "sha256-WF2HZPS7mbotk+d1oLM/JC5l/FWfkrk+T3Z6EW9oYEI=";
hash = "sha256-t27d+eJR4iTHSLlI3J7RqHgsWACThjsI9O6R2Zb9F1g=";
};
prePatch = "patchShebangs .";

8
pkgs/development/libraries/mesa/default.nix
View file

@ -81,19 +81,11 @@ self = stdenv.mkDerivation {
postPatch = ''
patchShebangs .
substituteInPlace meson.build --replace \
"find_program('pkg-config')" \
"find_program('${buildPackages.pkg-config.targetPrefix}pkg-config')"
# The drirc.d directory cannot be installed to $drivers as that would cause a cyclic dependency:
substituteInPlace src/util/xmlconfig.c --replace \
'DATADIR "/drirc.d"' '"${placeholder "out"}/share/drirc.d"'
substituteInPlace src/util/meson.build --replace \
"get_option('datadir')" "'${placeholder "out"}/share'"
'' + lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) ''
substituteInPlace meson.build --replace \
"find_program('nm')" \
"find_program('${stdenv.cc.targetPrefix}nm')"
'';
outputs = [ "out" "dev" "drivers" ]

4
pkgs/development/libraries/nspr/default.nix
View file

@ -8,11 +8,11 @@
stdenv.mkDerivation rec {
pname = "nspr";
version = "4.34";
version = "4.34.1";
src = fetchurl {
url = "mirror://mozilla/nspr/releases/v${version}/src/nspr-${version}.tar.gz";
sha256 = "177rxcf3lglabs7sgwcvf72ww4v56qa71lc495wl13sxs4f03vxy";
hash = "sha256-xbg1TEi2Mrj0wZcGKBRsDgwMqPMscxXX1XNsAC4Dd08=";
};
patches = [

6
pkgs/development/libraries/openal-soft/default.nix
View file

@ -29,8 +29,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) stdenv.cc.libc
++ lib.optional alsaSupport alsa-lib
buildInputs = lib.optional alsaSupport alsa-lib
++ lib.optional dbusSupport dbus
++ lib.optional pipewireSupport pipewire
++ lib.optional pulseSupport libpulseaudio
@ -40,6 +39,9 @@ stdenv.mkDerivation rec {
# Automatically links dependencies without having to rely on dlopen, thus
# removes the need for NIX_LDFLAGS.
"-DALSOFT_DLOPEN=OFF"
] ++ lib.optionals stdenv.hostPlatform.isLinux [
# https://github.com/NixOS/nixpkgs/issues/183774
"-DOSS_INCLUDE_DIR=${stdenv.cc.libc}/include"
];
meta = with lib; {

4
pkgs/development/libraries/openh264/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "openh264";
version = "2.2.0";
version = "2.3.0";
src = fetchFromGitHub {
owner = "cisco";
repo = pname;
rev = "v${version}";
sha256 = "sha256-l64xP39Uaislqh4D7oSxJiQGhXkklol4LgS9BVPbaGk=";
sha256 = "sha256-OSTsU2E4UWiwBqq3NqD0lj8uqVXeyd3MJ/gre6W2Jvs=";
};
nativeBuildInputs = [ nasm ];

7
pkgs/development/libraries/pcre2/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, withJitSealloc ? true
}:
stdenv.mkDerivation rec {
@ -17,9 +18,9 @@ stdenv.mkDerivation rec {
"--enable-pcre2-32"
# only enable jit on supported platforms which excludes Apple Silicon, see https://github.com/zherczeg/sljit/issues/51
"--enable-jit=auto"
# fix pcre jit in systemd units that set MemoryDenyWriteExecute=true like gitea
"--enable-jit-sealloc"
];
]
# fix pcre jit in systemd units that set MemoryDenyWriteExecute=true like gitea
++ lib.optional withJitSealloc "--enable-jit-sealloc";
outputs = [ "bin" "dev" "out" "doc" "man" "devdoc" ];

4
pkgs/development/libraries/polkit/default.nix
View file

@ -22,7 +22,7 @@
, gtk-doc
, coreutils
, useSystemd ? stdenv.isLinux
, systemd
, systemdMinimal
, elogind
# A few tests currently fail on musl (polkitunixusertest, polkitunixgrouptest, polkitidentitytest segfault).
# Not yet investigated; it may be due to the "Make netgroup support optional"
@ -106,7 +106,7 @@ stdenv.mkDerivation rec {
duktape
] ++ lib.optionals stdenv.isLinux [
# On Linux, fall back to elogind when systemd support is off.
(if useSystemd then systemd else elogind)
(if useSystemd then systemdMinimal else elogind)
];
propagatedBuildInputs = [

31
pkgs/development/libraries/qt-5/5.15/qtbase.patch.d/0001-qtbase-mkspecs-mac.patch
View file

@ -355,6 +355,37 @@ index e3534561a5..3b01424e67 100644
-xcode_copy_phase_strip_setting.name = COPY_PHASE_STRIP
-xcode_copy_phase_strip_setting.value = NO
-QMAKE_MAC_XCODE_SETTINGS += xcode_copy_phase_strip_setting
diff --git a/mkspecs/features/mac/sdk.mk b/mkspecs/features/mac/sdk.mk
--- a/mkspecs/features/mac/sdk.mk
+++ b/mkspecs/features/mac/sdk.mk
@@ -1,27 +0,0 @@
-
-ifeq ($(QT_MAC_SDK_NO_VERSION_CHECK),)
- CHECK_SDK_COMMAND = /usr/bin/xcrun --sdk $(EXPORT_QMAKE_MAC_SDK) -show-sdk-version 2>/dev/null
- CURRENT_MAC_SDK_VERSION := $(shell DEVELOPER_DIR=$(EXPORT_QMAKE_XCODE_DEVELOPER_PATH) $(CHECK_SDK_COMMAND))
- ifneq ($(CURRENT_MAC_SDK_VERSION),$(EXPORT_QMAKE_MAC_SDK_VERSION))
- # We don't want to complain about out of date SDK unless the target needs to be remade.
- # This covers use-cases such as running 'make check' after moving the build to a
- # computer without Xcode or with a different Xcode version.
- TARGET_UP_TO_DATE := $(shell QT_MAC_SDK_NO_VERSION_CHECK=1 $(MAKE) --question $(QMAKE_TARGET) && echo 1 || echo 0)
- ifeq ($(TARGET_UP_TO_DATE),0)
- ifneq ($(findstring missing DEVELOPER_DIR path,$(CURRENT_MAC_SDK_VERSION)),)
- $(info The developer dir $(EXPORT_QMAKE_XCODE_DEVELOPER_PATH) is no longer valid.)
- else ifneq ($(findstring SDK "$(EXPORT_QMAKE_MAC_SDK)" cannot be located,$(CURRENT_MAC_SDK_VERSION)),)
- $(info The developer dir $(EXPORT_QMAKE_XCODE_DEVELOPER_PATH) no longer contains the $(EXPORT_QMAKE_MAC_SDK_VERSION) platform SDK.)
- else ifneq ($(CURRENT_MAC_SDK_VERSION),)
- $(info The $(EXPORT_QMAKE_MAC_SDK) platform SDK has been changed from version $(EXPORT_QMAKE_MAC_SDK_VERSION) to version $(CURRENT_MAC_SDK_VERSION).)
- else
- $(info Unknown error resolving current platform SDK version.)
- endif
- $(info This requires a fresh build of your project. Please wipe the build directory)
- ifneq ($(EXPORT__QMAKE_STASH_),)
- $(info including the qmake cache in $(EXPORT__QMAKE_STASH_))
- endif
- $(error ^)
- endif
- endif
-endif
diff --git a/mkspecs/features/mac/sdk.prf b/mkspecs/features/mac/sdk.prf
deleted file mode 100644
index 3a9c2778bb..0000000000

4
pkgs/development/libraries/qt-6/modules/qtwebengine.nix
View file

@ -3,6 +3,7 @@
, qtwebchannel
, qtpositioning
, qtwebsockets
, buildPackages
, bison
, coreutils
, flex
@ -105,6 +106,9 @@ qtModule rec {
patchShebangs .
)
substituteInPlace cmake/Functions.cmake \
--replace "/bin/bash" "${buildPackages.bash}/bin/bash"
sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \
src/3rdparty/chromium/device/udev_linux/udev?_loader.cc

13
pkgs/development/libraries/wayland/add-placeholder-for-nm.patch
View file

@ -1,13 +0,0 @@
diff --git a/egl/meson.build b/egl/meson.build
index b3cbdf3..cdc15ca 100644
--- a/egl/meson.build
+++ b/egl/meson.build
@@ -11,7 +11,7 @@ wayland_egl = library(
executable('wayland-egl-abi-check', 'wayland-egl-abi-check.c')
-nm_path = find_program('nm').full_path()
+nm_path = find_program('@nm@').full_path()
test(
'wayland-egl symbols check',

7
pkgs/development/libraries/wayland/default.nix
View file

@ -36,13 +36,6 @@ stdenv.mkDerivation rec {
sha256 = "1b0ixya9bfw5c9jx8mzlr7yqnlyvd3jv5z8wln9scdv8q5zlvikd";
};
patches = [
(substituteAll {
src = ./add-placeholder-for-nm.patch;
nm = "${stdenv.cc.targetPrefix}nm";
})
];
postPatch = lib.optionalString withDocumentation ''
patchShebangs doc/doxygen/gen-doxygen.py
'' + lib.optionalString stdenv.hostPlatform.isStatic ''

Some files were not shown because too many files have changed in this diff Show more