b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse source
This commit is contained in:
Frederik Rietdijk 2018-11-29 09:18:35 +01:00
parent 5987c5c694 9db2421d1f
commit 9b81c7e455
369 changed files with 6558 additions and 3058 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
doc/coding-conventions.xml
View file

@ -56,25 +56,30 @@ foo { arg = ...; }
or list elements should be aligned:
<programlisting>
# A long list.
list =
[ elem1
elem2
elem3
];
list = [
elem1
elem2
elem3
];
# A long attribute set.
attrs =
{ attr1 = short_expr;
attr2 =
if true then big_expr else big_expr;
};
# Alternatively:
attrs = {
attr1 = short_expr;
attr2 =
if true then big_expr else big_expr;
};
# Combined
listOfAttrs = [
{
attr1 = 3;
attr2 = "fff";
}
{
attr1 = 5;
attr2 = "ggg";
}
];
</programlisting>
</para>
</listitem>

2
doc/cross-compilation.xml
View file

@ -385,7 +385,7 @@ nix-build &lt;nixpkgs&gt; --arg crossSystem '(import &lt;nixpkgs/lib&gt;).system
Eventually we would like to make these platform examples an unnecessary
convenience so that
<programlisting>
nix-build &lt;nixpkgs&gt; --arg crossSystem.config '&lt;arch&gt;-&lt;os&gt;-&lt;vendor&gt;-&lt;abi&gt;' -A whatever</programlisting>
nix-build &lt;nixpkgs&gt; --arg crossSystem '{ config = "&lt;arch&gt;-&lt;os&gt;-&lt;vendor&gt;-&lt;abi&gt;"; }' -A whatever</programlisting>
works in the vast majority of cases. The problem today is dependencies on
other sorts of configuration which aren't given proper defaults. We rely on
the examples to crudely to set those configuration parameters in some

11
doc/languages-frameworks/ruby.xml
View file

@ -50,6 +50,17 @@ bundlerEnv rec {
future updates can be run easily.
</para>
<para>
Updating Ruby packages can then be done like this:
</para>
<screen>
<![CDATA[$ cd pkgs/servers/monitoring/sensu
$ nix-shell -p bundler --run 'bundle lock --update'
$ nix-shell -p bundix --run 'bundix'
]]>
</screen>
<para>
For tools written in Ruby - i.e. where the desire is to install a package and
then execute e.g. <command>rake</command> at the command line, there is an

43
doc/stdenv.xml
View file

@ -2428,12 +2428,31 @@ addEnvHooks "$hostOffset" myBashFunction
<para>
This is a special setup hook which helps in packaging proprietary
software in that it automatically tries to find missing shared library
dependencies of ELF files. All packages within the
<envar>runtimeDependencies</envar> environment variable are
unconditionally added to executables, which is useful for programs that
use <citerefentry>
<refentrytitle>dlopen</refentrytitle>
<manvolnum>3</manvolnum> </citerefentry> to load libraries at runtime.
dependencies of ELF files based on the given
<varname>buildInputs</varname> and <varname>nativeBuildInputs</varname>.
</para>
<para>
You can also specify a <envar>runtimeDependencies</envar> environment
variable which lists dependencies that are unconditionally added to all
executables.
</para>
<para>
This is useful for programs that use <citerefentry>
<refentrytitle>dlopen</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry> to load libraries at runtime.
</para>
<para>
In certain situations you may want to run the main command
(<command>autoPatchelf</command>) of the setup hook on a file or a set
of directories instead of unconditionally patching all outputs. This
can be done by setting the <envar>dontAutoPatchelf</envar> environment
variable to a non-empty value.
</para>
<para>
The <command>autoPatchelf</command> command also recognizes a
<parameter class="command">--no-recurse</parameter> command line flag,
which prevents it from recursing into subdirectories.
</para>
</listitem>
</varlistentry>
@ -2455,7 +2474,17 @@ addEnvHooks "$hostOffset" myBashFunction
use the cntr exec subcommand. Note that <command>cntr</command> also
needs to be executed on the machine that is doing the build, which might
be not the case when remote builders are enabled.
<command>cntr</command> is only supported on linux based platforms.
<command>cntr</command> is only supported on Linux-based platforms. To
use it first add <literal>cntr</literal> to your
<literal>environment.systemPackages</literal> on NixOS or alternatively to
the root user on non-NixOS systems. Then in the package that is supposed
to be inspected, add <literal>breakpointHook</literal> to
<literal>nativeBuildInputs</literal>.
<programlisting>
nativeBuildInputs = [ breakpointHook ];
</programlisting>
When a build failure happens there will be an instruction printed that
shows how to attach with <literal>cntr</literal> to the build sandbox.
</para>
</listitem>
</varlistentry>

19
nixos/doc/manual/configuration/modularity.xml
View file

@ -127,4 +127,23 @@ nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHo
[ "example.org" "example.gov" ]
</screen>
</para>
<para>
While abstracting your configuration, you may find it useful to generate
modules using code, instead of writing files. The example
below would have the same effect as importing a file which sets those
options.
<screen>
{ config, pkgs, ... }:
let netConfig = { hostName }: {
networking.hostName = hostName;
networking.useDHCP = false;
};
in
{ imports = [ (netConfig "nixos.localdomain") ]; }
</screen>
</para>
</section>

2
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View file

@ -19,7 +19,7 @@ starting VDE switch for network 1
&gt; startAll
&gt; testScript
&gt; $machine->succeed("touch /tmp/foo")
&gt; print($machine->succeed("pwd"), "\n") # Show stdout of command
&gt; print($machine->succeed("pwd")) # Show stdout of command
</screen>
The function <command>testScript</command> executes the entire test script
and drops you back into the test driver command line upon its completion.

2
nixos/doc/manual/development/writing-nixos-tests.xml
View file

@ -108,7 +108,7 @@ xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualis
<programlisting>
$machine->start;
$machine->waitForUnit("default.target");
die unless $machine->succeed("uname") =~ /Linux/;
$machine->succeed("uname") =~ /Linux/ or die;
</programlisting>
The first line is actually unnecessary; machines are implicitly started when
you first execute an action on them (such as <literal>waitForUnit</literal>

10
nixos/doc/manual/release-notes/rl-1903.xml
View file

@ -111,6 +111,16 @@
without Syncthing resetting the permission on every start.
</para>
</listitem>
<listitem>
<para>
The <literal>ntp</literal> module now has sane default restrictions.
If you're relying on the previous defaults, which permitted all queries
and commands from all firewall-permitted sources, you can set
<varname>services.ntp.restrictDefault</varname> and
<varname>services.ntp.restrictSource</varname> to
<literal>[]</literal>.
</para>
</listitem>
<listitem>
<para>
Package <varname>rabbitmq_server</varname> is renamed to

20
nixos/lib/make-system-tarball.nix
View file

@ -1,4 +1,4 @@
{ stdenv, perl, pixz, pathsFromGraph
{ stdenv, closureInfo, pixz
, # The file name of the resulting tarball
fileName ? "nixos-system-${stdenv.hostPlatform.system}"
@ -29,24 +29,28 @@
, extraInputs ? [ pixz ]
}:
let
symlinks = map (x: x.symlink) storeContents;
objects = map (x: x.object) storeContents;
in
stdenv.mkDerivation {
name = "tarball";
builder = ./make-system-tarball.sh;
buildInputs = [ perl ] ++ extraInputs;
buildInputs = extraInputs;
inherit fileName pathsFromGraph extraArgs extraCommands compressCommand;
inherit fileName extraArgs extraCommands compressCommand;
# !!! should use XML.
sources = map (x: x.source) contents;
targets = map (x: x.target) contents;
# !!! should use XML.
objects = map (x: x.object) storeContents;
symlinks = map (x: x.symlink) storeContents;
inherit symlinks objects;
# For obtaining the closure of `storeContents'.
exportReferencesGraph =
map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents;
closureInfo = closureInfo {
rootPaths = objects;
};
extension = compressionExtension;
}

9
nixos/lib/make-system-tarball.sh
View file

@ -3,7 +3,6 @@ source $stdenv/setup
sources_=($sources)
targets_=($targets)
echo $objects
objects=($objects)
symlinks=($symlinks)
@ -14,8 +13,6 @@ stripSlash() {
if test "${res:0:1}" = /; then res=${res:1}; fi
}
touch pathlist
# Add the individual files.
for ((i = 0; i < ${#targets_[@]}; i++)); do
stripSlash "${targets_[$i]}"
@ -25,9 +22,9 @@ done
# Add the closures of the top-level store objects.
chmod +w .
mkdir -p nix/store
storePaths=$(perl $pathsFromGraph closure-*)
for i in $storePaths; do
for i in $(< $closureInfo/store-paths); do
cp -a "$i" "${i:1}"
done
@ -35,7 +32,7 @@ done
# TODO tar ruxo
# Also include a manifest of the closures in a format suitable for
# nix-store --load-db.
printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration
cp $closureInfo/registration nix-path-registration
# Add symlinks to the top-level store objects.
for ((n = 0; n < ${#objects[*]}; n++)); do

2
nixos/lib/testing.nix
View file

@ -1,5 +1,5 @@
{ system
, pkgs
, pkgs ? import ../.. { inherit system config; }
# Use a minimal kernel?
, minimal ? false
# Ignored

4
nixos/maintainers/scripts/gce/create-gce.sh
View file

@ -7,9 +7,9 @@ BUCKET_NAME="${BUCKET_NAME:-nixos-cloud-images}"
TIMESTAMP="$(date +%Y%m%d%H%M)"
export TIMESTAMP
nix-build '<nixpkgs/nixos>' \
nix-build '<nixpkgs/nixos/lib/eval-config.nix>' \
-A config.system.build.googleComputeImage \
--arg configuration "{ imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; }" \
--arg modules "[ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]" \
--argstr system x86_64-linux \
-o gce \
-j 10

4
nixos/modules/hardware/raid/hpsa.nix
View file

@ -8,7 +8,7 @@ let
version = "2.40-13.0";
src = pkgs.fetchurl {
url = "http://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb";
url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb";
sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw";
};
@ -34,7 +34,7 @@ let
meta = with lib; {
description = "HP Smart Array CLI";
homepage = http://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/;
homepage = https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/;
license = licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ volth ];

4
nixos/modules/installer/cd-dvd/sd-image.nix
View file

@ -134,7 +134,9 @@ in
${config.sdImage.populateBootCommands}
# Copy the populated /boot into the SD image
(cd boot; mcopy -bpsvm -i ../bootpart.img ./* ::)
(cd boot; mcopy -psvm -i ../bootpart.img ./* ::)
# Verify the FAT partition before copying it.
fsck.vfat -vn bootpart.img
dd conv=notrunc if=bootpart.img of=$img seek=$START count=$SECTORS
'';
}) {};

4
nixos/modules/misc/ids.nix
View file

@ -175,7 +175,7 @@
dnsmasq = 141;
uhub = 142;
yandexdisk = 143;
#collectd = 144; #unused
mxisd = 144; # was once collectd
consul = 145;
mailpile = 146;
redmine = 147;
@ -484,7 +484,7 @@
#dnsmasq = 141; # unused
uhub = 142;
#yandexdisk = 143; # unused
#collectd = 144; # unused
mxisd = 144; # was once collectd
#consul = 145; # unused
mailpile = 146;
redmine = 147;

1
nixos/modules/module-list.nix
View file

@ -560,6 +560,7 @@
./services/networking/miredo.nix
./services/networking/mstpd.nix
./services/networking/murmur.nix
./services/networking/mxisd.nix
./services/networking/namecoind.nix
./services/networking/nat.nix
./services/networking/ndppd.nix

16
nixos/modules/profiles/docker-container.nix
View file

@ -15,15 +15,19 @@ in {
# Create the tarball
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
contents = [];
contents = [
{
source = "${config.system.build.toplevel}/.";
target = "./";
}
];
extraArgs = "--owner=0";
# Add init script to image
storeContents = [
{ object = config.system.build.toplevel + "/init";
symlink = "/init";
}
] ++ (pkgs2storeContents [ pkgs.stdenv ]);
storeContents = pkgs2storeContents [
config.system.build.toplevel
pkgs.stdenv
];
# Some container managers like lxc need these
extraCommands = "mkdir -p proc sys dev";

2
nixos/modules/profiles/hardened.nix
View file

@ -12,6 +12,8 @@ with lib;
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
nix.allowedUsers = mkDefault [ "@users" ];
security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true;

2
nixos/modules/programs/sway-beta.nix
View file

@ -8,7 +8,7 @@ let
swayWrapped = pkgs.writeShellScriptBin "sway" ''
${cfg.extraSessionCommands}
exec ${pkgs.dbus.dbus-launch} --exit-with-session ${swayPackage}/bin/sway
exec ${pkgs.dbus.dbus-launch} --exit-with-session ${swayPackage}/bin/sway "$@"
'';
swayJoined = pkgs.symlinkJoin {
name = "sway-joined";

8
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -784,7 +784,7 @@ in {
clusterCidr = mkOption {
description = "Kubernetes controller manager and proxy CIDR Range for Pods in cluster.";
default = "10.1.0.0/16";
type = types.str;
type = types.nullOr types.str;
};
flannel.enable = mkOption {
@ -1018,9 +1018,9 @@ in {
${if (cfg.controllerManager.rootCaFile!=null)
then "--root-ca-file=${cfg.controllerManager.rootCaFile}"
else "--root-ca-file=/var/run/kubernetes/apiserver.crt"} \
${optionalString (cfg.clusterCidr!=null)
"--cluster-cidr=${cfg.clusterCidr}"} \
--allocate-node-cidrs=true \
${if (cfg.clusterCidr!=null)
then "--cluster-cidr=${cfg.clusterCidr} --allocate-node-cidrs=true"
else "--allocate-node-cidrs=false"} \
${optionalString (cfg.controllerManager.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.controllerManager.featureGates}"} \
${optionalString cfg.verbose "--v=6"} \

3
nixos/modules/services/databases/postgresql.nix
View file

@ -238,6 +238,9 @@ in
User = "postgres";
Group = "postgres";
PermissionsStartOnly = true;
Type = if lib.versionAtLeast cfg.package.version "9.6"
then "notify"
else "simple";
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html

17
nixos/modules/services/mail/rspamd.nix
View file

@ -45,7 +45,9 @@ let
else "${config.socket}${maybeOption "mode"}${maybeOption "owner"}${maybeOption "group"}";
};
workerOpts = { name, ... }: {
traceWarning = w: x: builtins.trace "warning: ${w}" x;
workerOpts = { name, options, ... }: {
options = {
enable = mkOption {
type = types.nullOr types.bool;
@ -59,9 +61,18 @@ let
};
type = mkOption {
type = types.nullOr (types.enum [
"normal" "controller" "fuzzy_storage" "rspamd_proxy" "lua"
"normal" "controller" "fuzzy_storage" "rspamd_proxy" "lua" "proxy"
]);
description = "The type of this worker";
description = ''
The type of this worker. The type <literal>proxy</literal> is
deprecated and only kept for backwards compatibility and should be
replaced with <literal>rspamd_proxy</literal>.
'';
apply = let
from = "services.rspamd.workers.\”${name}\".type";
files = options.type.files;
warning = "The option `${from}` defined in ${showFiles files} has enum value `proxy` which has been renamed to `rspamd_proxy`";
in x: if x == "proxy" then traceWarning warning "rspamd_proxy" else x;
};
bindSockets = mkOption {
type = types.listOf (types.either types.str (types.submodule bindSocketOpts));

2
nixos/modules/services/monitoring/apcupsd.nix
View file

@ -180,7 +180,7 @@ in
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.apcupsd}/bin/apcupsd --killpower -f ${configFile}";
TimeoutSec = 0;
TimeoutSec = "infinity";
StandardOutput = "tty";
RemainAfterExit = "yes";
};

2
nixos/modules/services/monitoring/osquery.nix
View file

@ -78,7 +78,7 @@ in
mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})"
'';
serviceConfig = {
TimeoutStartSec = 0;
TimeoutStartSec = "infinity";
ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}";
KillMode = "process";
KillSignal = "SIGTERM";

2
nixos/modules/services/monitoring/systemhealth.nix
View file

@ -8,7 +8,7 @@ let
systemhealth = with pkgs; stdenv.mkDerivation {
name = "systemhealth-1.0";
src = fetchurl {
url = "http://www.brianlane.com/static/downloads/systemhealth/systemhealth-1.0.tar.bz2";
url = "https://www.brianlane.com/downloads/systemhealth/systemhealth-1.0.tar.bz2";
sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy";
};
buildInputs = [ python ];

2
nixos/modules/services/networking/consul.nix
View file

@ -185,7 +185,7 @@ in
PermissionsStartOnly = true;
User = if cfg.dropPrivileges then "consul" else null;
Restart = "on-failure";
TimeoutStartSec = "0";
TimeoutStartSec = "infinity";
} // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${cfg.package.bin}/bin/consul leave";
});

10
nixos/modules/services/networking/flashpolicyd.nix
View file

@ -11,7 +11,7 @@ let
src = pkgs.fetchurl {
name = "flashpolicyd_v0.6.zip";
url = "http://www.adobe.com/content/dotcom/en/devnet/flashplayer/articles/socket_policy_files/_jcr_content/articlePrerequistes/multiplefiles/node_1277808777771/file.res/flashpolicyd_v0.6%5B1%5D.zip";
url = "https://download.adobe.com/pub/adobe/devnet/flashplayer/articles/socket_policy_files/flashpolicyd_v0.6.zip";
sha256 = "16zk237233npwfq1m4ksy4g5lzy1z9fp95w7pz0cdlpmv0fv9sm3";
};
@ -35,9 +35,9 @@ in
###### interface
options = {
services.flashpolicyd = {
enable = mkOption {
default = false;
description =
@ -47,13 +47,13 @@ in
connections to your server.
'';
};
policy = mkOption {
default =
''
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

125
nixos/modules/services/networking/mxisd.nix Normal file
View file

@ -0,0 +1,125 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mxisd;
server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; }
// optionalAttrs (cfg.server.port != null) { inherit (cfg.server) port; };
baseConfig = {
matrix.domain = cfg.matrix.domain;
key.path = "${cfg.dataDir}/signing.key";
storage = {
provider.sqlite.database = "${cfg.dataDir}/mxisd.db";
};
} // optionalAttrs (server != {}) { inherit server; };
# merges baseConfig and extraConfig into a single file
fullConfig = recursiveUpdate baseConfig cfg.extraConfig;
configFile = pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
in {
options = {
services.mxisd = {
enable = mkEnableOption "mxisd matrix federated identity server";
package = mkOption {
type = types.package;
default = pkgs.mxisd;
defaultText = "pkgs.mxisd";
description = "The mxisd package to use";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/mxisd";
description = "Where data mxisd uses resides";
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = "Extra options merged into the mxisd configuration";
};
matrix = {
domain = mkOption {
type = types.str;
description = ''
the domain of the matrix homeserver
'';
};
};
server = {
name = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Public hostname of mxisd, if different from the Matrix domain.
'';
};
port = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
HTTP port to listen on (unencrypted)
'';
};
};
};
};
config = mkIf cfg.enable {
users.users = [
{
name = "mxisd";
group = "mxisd";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.mxisd;
}
];
users.groups = [
{
name = "mxisd";
gid = config.ids.gids.mxisd;
}
];
systemd.services.mxisd = {
description = "a federated identity server for the matrix ecosystem";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
# mxisd / spring.boot needs the configuration to be named "application.yaml"
preStart = ''
config=${cfg.dataDir}/application.yaml
cp ${configFile} $config
chmod 444 $config
'';
serviceConfig = {
Type = "simple";
User = "mxisd";
Group = "mxisd";
ExecStart = "${cfg.package}/bin/mxisd --spring.config.location=${cfg.dataDir}/ --spring.profiles.active=systemd --java.security.egd=file:/dev/./urandom";
WorkingDirectory = cfg.dataDir;
PermissionsStartOnly = true;
SuccessExitStatus = 143;
Restart = "on-failure";
};
};
};
}

38
nixos/modules/services/networking/ntpd.nix
View file

@ -15,6 +15,10 @@ let
configFile = pkgs.writeText "ntp.conf" ''
driftfile ${stateDir}/ntp.drift
restrict default ${toString cfg.restrictDefault}
restrict -6 default ${toString cfg.restrictDefault}
restrict source ${toString cfg.restrictSource}
restrict 127.0.0.1
restrict -6 ::1
@ -36,11 +40,40 @@ in
enable = mkOption {
default = false;
description = ''
Whether to synchronise your machine's time using the NTP
protocol.
Whether to synchronise your machine's time using ntpd, as a peer in
the NTP network.
</para>
<para>
Disables <literal>systemd.timesyncd</literal> if enabled.
'';
};
restrictDefault = mkOption {
type = types.listOf types.str;
description = ''
The restriction flags to be set by default.
</para>
<para>
The default flags prevent external hosts from using ntpd as a DDoS
reflector, setting system time, and querying OS/ntpd version. As
recommended in section 6.5.1.1.3, answer "No" of
http://support.ntp.org/bin/view/Support/AccessRestrictions
'';
default = [ "limited" "kod" "nomodify" "notrap" "noquery" "nopeer" ];
};
restrictSource = mkOption {
type = types.listOf types.str;
description = ''
The restriction flags to be set on source.
</para>
<para>
The default flags allow peers to be added by ntpd from configured
pool(s), but not by other means.
'';
default = [ "limited" "kod" "nomodify" "notrap" "noquery" ];
};
servers = mkOption {
default = config.networking.timeServers;
description = ''
@ -51,6 +84,7 @@ in
extraFlags = mkOption {
type = types.listOf types.str;
description = "Extra flags passed to the ntpd command.";
example = literalExample ''[ "--interface=eth0" ]'';
default = [];
};

7
nixos/modules/services/security/tor.nix
View file

@ -92,6 +92,7 @@ let
# Hidden services
+ concatStrings (flip mapAttrsToList cfg.hiddenServices (n: v: ''
HiddenServiceDir ${torDirectory}/onion/${v.name}
${optionalString (v.version != null) "HiddenServiceVersion ${toString v.version}"}
${flip concatMapStrings v.map (p: ''
HiddenServicePort ${toString p.port} ${p.destination}
'')}
@ -667,6 +668,12 @@ in
};
}));
};
version = mkOption {
default = null;
description = "Rendezvous service descriptor version to publish for the hidden service. Currently, versions 2 and 3 are supported. (Default: 2)";
type = types.nullOr (types.enum [ 2 3 ]);
};
};
config = {

8
nixos/modules/services/system/cloud-init.nix
View file

@ -119,7 +119,7 @@ in
{ Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init init --local";
RemainAfterExit = "yes";
TimeoutSec = "0";
TimeoutSec = "infinity";
StandardOutput = "journal+console";
};
};
@ -137,7 +137,7 @@ in
{ Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init init";
RemainAfterExit = "yes";
TimeoutSec = "0";
TimeoutSec = "infinity";
StandardOutput = "journal+console";
};
};
@ -153,7 +153,7 @@ in
{ Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init modules --mode=config";
RemainAfterExit = "yes";
TimeoutSec = "0";
TimeoutSec = "infinity";
StandardOutput = "journal+console";
};
};
@ -169,7 +169,7 @@ in
{ Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init modules --mode=final";
RemainAfterExit = "yes";
TimeoutSec = "0";
TimeoutSec = "infinity";
StandardOutput = "journal+console";
};
};

4
nixos/modules/services/web-servers/apache-httpd/mediawiki.nix
View file

@ -86,7 +86,7 @@ let
name= "mediawiki-1.29.1";
src = pkgs.fetchurl {
url = "http://download.wikimedia.org/mediawiki/1.29/${name}.tar.gz";
url = "https://releases.wikimedia.org/mediawiki/1.29/${name}.tar.gz";
sha256 = "03mpazbxvb011s2nmlw5p6dc43yjgl5yrsilmj1imyykm57bwb3m";
};
@ -311,7 +311,7 @@ in
description = ''
Any additional text to be appended to MediaWiki's
configuration file. This is a PHP script. For configuration
settings, see <link xlink:href='http://www.mediawiki.org/wiki/Manual:Configuration_settings'/>.
settings, see <link xlink:href='https://www.mediawiki.org/wiki/Manual:Configuration_settings'/>.
'';
};

30
nixos/modules/services/x11/urxvtd.nix
View file

@ -18,27 +18,17 @@ in {
};
config = mkIf cfg.enable {
systemd.user = {
sockets.urxvtd = {
description = "socket for urxvtd, the urxvt terminal daemon";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
socketConfig = {
ListenStream = "%t/urxvtd-socket";
};
systemd.user.services.urxvtd = {
description = "urxvt terminal daemon";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
path = [ pkgs.xsel ];
serviceConfig = {
ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd -o";
Environment = "RXVT_SOCKET=%t/urxvtd-socket";
Restart = "on-failure";
RestartSec = "5s";
};
services.urxvtd = {
description = "urxvt terminal daemon";
path = [ pkgs.xsel ];
serviceConfig = {
ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd -o";
Environment = "RXVT_SOCKET=%t/urxvtd-socket";
Restart = "on-failure";
RestartSec = "5s";
};
};
};
environment.systemPackages = [ pkgs.rxvt_unicode-with-plugins ];

2
nixos/modules/system/boot/systemd-nspawn.nix
View file

@ -112,7 +112,7 @@ in {
environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] [];
systemd.targets."multi-user".wants = [ "machines.target "];
systemd.targets."multi-user".wants = [ "machines.target" ];
};
}

8
nixos/modules/virtualisation/container-config.nix
View file

@ -22,12 +22,8 @@ with lib;
# Not supported in systemd-nspawn containers.
security.audit.enable = false;
# Make sure that root user in container will talk to host nix-daemon
environment.etc."profile".text = ''
export NIX_REMOTE=daemon
'';
# Use the host's nix-daemon.
environment.variables.NIX_REMOTE = "daemon";
};

38
nixos/modules/virtualisation/docker-image.nix
View file

@ -17,3 +17,41 @@
# Socket activated ssh presents problem in Docker.
services.openssh.startWhenNeeded = false;
}
# Example usage:
#
## default.nix
# let
# nixos = import <nixpkgs/nixos> {
# configuration = ./configuration.nix;
# system = "x86_64-linux";
# };
# in
# nixos.config.system.build.tarball
#
## configuration.nix
# { pkgs, config, lib, ... }:
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/docker-image.nix>
# <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
# ];
#
# documentation.doc.enable = false;
#
# environment.systemPackages = with pkgs; [
# bashInteractive
# cacert
# nix
# ];
# }
#
## Run
# Build the tarball:
# $ nix-build default.nix
# Load into docker:
# $ docker import result/tarball/nixos-system-*.tar.xz nixos-docker
# Boots into systemd
# $ docker run --privileged -it nixos-docker /init
# Log into the container
# $ docker exec -it <container-name> /run/current-system/sw/bin/bash

262
nixos/modules/virtualisation/google-compute-config.nix
View file

@ -1,5 +1,261 @@
{ ... }:
{ config, lib, pkgs, ... }:
with lib;
let
gce = pkgs.google-compute-engine;
cfg = config.virtualisation.googleComputeImage;
in
{
imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ];
imports = [
../profiles/headless.nix
../profiles/qemu-guest.nix
];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
};
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "virtio_scsi" ];
boot.kernelModules = [ "virtio_pci" "virtio_net" ];
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 0;
# Don't put old configurations in the GRUB menu. The user has no
# way to select them anyway.
boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false;
# Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ];
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
# Always include cryptsetup so that NixOps can use it.
environment.systemPackages = [ pkgs.cryptsetup ];
# Make sure GCE image does not replace host key that NixOps sets
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
[InstanceSetup]
set_host_keys = false
'';
# Rely on GCP's firewall instead
networking.firewall.enable = mkDefault false;
# Configure default metadata hostnames
networking.extraHosts = ''
169.254.169.254 metadata.google.internal metadata
'';
networking.timeServers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
# allow the google-accounts-daemon to manage users
users.mutableUsers = true;
# and allow users to sudo without password
security.sudo.enable = true;
security.sudo.extraConfig = ''
%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
'';
# NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist
# FIXME: not such file or directory on dynamic SSH provisioning
systemd.services.google-accounts-daemon = {
description = "Google Compute Engine Accounts Daemon";
# This daemon creates dynamic users
enable = config.users.mutableUsers;
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
path = with pkgs; [ shadow ];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_accounts_daemon --debug";
};
};
systemd.services.google-clock-skew-daemon = {
description = "Google Compute Engine Clock Skew Daemon";
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
};
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
path = with pkgs; [ ethtool openssh ];
serviceConfig = {
ExecStart = "${gce}/bin/google_instance_setup --debug";
Type = "oneshot";
};
};
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_daemon --debug";
};
};
systemd.services.google-shutdown-scripts = {
description = "Google Compute Engine Shutdown Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/true";
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
Type = "oneshot";
RemainAfterExit = true;
TimeoutStopSec = "infinity";
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
KillMode = "process";
Type = "oneshot";
};
};
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
boot.kernel.sysctl = {
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
# ignores source-routed packets
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
# ignores source-routed packets
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
# don't allow traffic between networks or act as a router
"net.ipv4.ip_forward" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
# ignores bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
# logs spoofed, source-routed, and redirect packets
"net.ipv4.conf.all.log_martians" = mkDefault "1";
# log spoofed, source-routed, and redirect packets
"net.ipv4.conf.default.log_martians" = mkDefault "1";
# implements RFC 1337 fix
"net.ipv4.tcp_rfc1337" = mkDefault "1";
# randomizes addresses of mmap base, heap, stack and VDSO page
"kernel.randomize_va_space" = mkDefault "2";
# Reboot the machine soon after a kernel panic.
"kernel.panic" = mkDefault "10";
## Not part of the original config
# provides protection from ToCToU races
"fs.protected_hardlinks" = mkDefault "1";
# provides protection from ToCToU races
"fs.protected_symlinks" = mkDefault "1";
# makes locating kernel addresses more difficult
"kernel.kptr_restrict" = mkDefault "1";
# set ptrace protections
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
# set perf only available to root
"kernel.perf_event_paranoid" = mkDefault "2";
};
}

362
nixos/modules/virtualisation/google-compute-image.nix
View file

@ -2,333 +2,59 @@
with lib;
let
diskSize = 1536; # MB
gce = pkgs.google-compute-engine;
cfg = config.virtualisation.googleComputeImage;
defaultConfigFile = pkgs.writeText "configuration.nix" ''
{ ... }:
{
imports = [
<nixpkgs/nixos/modules/virtualisation/google-compute-image.nix>
];
}
'';
in
{
imports = [ ../profiles/headless.nix ../profiles/qemu-guest.nix ];
system.build.googleComputeImage = import ../../lib/make-disk-image.nix {
name = "google-compute-image";
postVM = ''
PATH=$PATH:${pkgs.stdenv.lib.makeBinPath [ pkgs.gnutar pkgs.gzip ]}
pushd $out
mv $diskImage disk.raw
tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw.tar.gz disk.raw
rm $out/disk.raw
popd
'';
configFile = <nixpkgs/nixos/modules/virtualisation/google-compute-config.nix>;
format = "raw";
inherit diskSize;
inherit config lib pkgs;
};
imports = [ ./google-compute-config.nix ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
};
options = {
virtualisation.googleComputeImage.diskSize = mkOption {
type = with types; int;
default = 1536;
description = ''
Size of disk image. Unit is MB.
'';
};
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "virtio_scsi" ];
boot.kernelModules = [ "virtio_pci" "virtio_net" ];
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 0;
# Don't put old configurations in the GRUB menu. The user has no
# way to select them anyway.
boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false;
# Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ];
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
# Always include cryptsetup so that NixOps can use it.
environment.systemPackages = [ pkgs.cryptsetup ];
# Make sure GCE image does not replace host key that NixOps sets
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
[InstanceSetup]
set_host_keys = false
'';
# Rely on GCP's firewall instead
networking.firewall.enable = mkDefault false;
# Configure default metadata hostnames
networking.extraHosts = ''
169.254.169.254 metadata.google.internal metadata
'';
networking.timeServers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
# allow the google-accounts-daemon to manage users
users.mutableUsers = true;
# and allow users to sudo without password
security.sudo.enable = true;
security.sudo.extraConfig = ''
%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
'';
# NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist
# FIXME: not such file or directory on dynamic SSH provisioning
systemd.services.google-accounts-daemon = {
description = "Google Compute Engine Accounts Daemon";
# This daemon creates dynamic users
enable = config.users.mutableUsers;
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
path = with pkgs; [ shadow ];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_accounts_daemon --debug";
virtualisation.googleComputeImage.configFile = mkOption {
type = with types; nullOr str;
default = null;
description = ''
A path to a configuration file which will be placed at `/etc/nixos/configuration.nix`
and be used when switching to a new configuration.
If set to `null`, a default configuration is used, where the only import is
`<nixpkgs/nixos/modules/virtualisation/google-compute-image.nix>`.
'';
};
};
systemd.services.google-clock-skew-daemon = {
description = "Google Compute Engine Clock Skew Daemon";
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
#### implementation
config = {
system.build.googleComputeImage = import ../../lib/make-disk-image.nix {
name = "google-compute-image";
postVM = ''
PATH=$PATH:${with pkgs; stdenv.lib.makeBinPath [ gnutar gzip ]}
pushd $out
mv $diskImage disk.raw
tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw.tar.gz disk.raw
rm $out/disk.raw
popd
'';
format = "raw";
configFile = if isNull cfg.configFile then defaultConfigFile else cfg.configFile;
inherit (cfg) diskSize;
inherit config lib pkgs;
};
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
path = with pkgs; [ ethtool openssh ];
serviceConfig = {
ExecStart = "${gce}/bin/google_instance_setup --debug";
Type = "oneshot";
};
};
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_daemon --debug";
};
};
systemd.services.google-shutdown-scripts = {
description = "Google Compute Engine Shutdown Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/true";
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
Type = "oneshot";
RemainAfterExit = true;
TimeoutStopSec = 0;
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
KillMode = "process";
Type = "oneshot";
};
};
# TODO: remove this
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
script = let wget = "${pkgs.wget}/bin/wget --retry-connrefused -t 15 --waitretry=10 --header='Metadata-Flavor: Google'";
mktemp = "mktemp --tmpdir=/run"; in
''
# When dealing with cryptographic keys, we want to keep things private.
umask 077
# Don't download the SSH key if it has already been downloaded
echo "Obtaining SSH keys..."
mkdir -m 0700 -p /root/.ssh
AUTH_KEYS=$(${mktemp})
${wget} -O $AUTH_KEYS http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
if [ -s $AUTH_KEYS ]; then
# Read in key one by one, split in case Google decided
# to append metadata (it does sometimes) and add to
# authorized_keys if not already present.
touch /root/.ssh/authorized_keys
NEW_KEYS=$(${mktemp})
# Yes this is a nix escape of two single quotes.
while IFS=''' read -r line || [[ -n "$line" ]]; do
keyLine=$(echo -n "$line" | cut -d ':' -f2)
IFS=' ' read -r -a array <<< "$keyLine"
if [ ''${#array[@]} -ge 3 ]; then
echo ''${array[@]:0:3} >> $NEW_KEYS
echo "Added ''${array[@]:2} to authorized_keys"
fi
done < $AUTH_KEYS
mv $NEW_KEYS /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm -f $KEY_PUB
else
echo "Downloading http://metadata.google.internal/computeMetadata/v1/project/attributes/sshKeys failed."
false
fi
rm -f $AUTH_KEYS
SSH_HOST_KEYS_DIR=$(${mktemp} -d)
${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key
${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub
if [ -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key -a -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub ]; then
mv -f $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key* /etc/ssh/
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
else
echo "Setup of ssh host keys from http://metadata.google.internal/computeMetadata/v1/instance/attributes/ failed."
false
fi
rm -rf $SSH_HOST_KEYS_DIR
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
boot.kernel.sysctl = {
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
# ignores source-routed packets
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
# ignores source-routed packets
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
# don't allow traffic between networks or act as a router
"net.ipv4.ip_forward" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
# ignores bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
# logs spoofed, source-routed, and redirect packets
"net.ipv4.conf.all.log_martians" = mkDefault "1";
# log spoofed, source-routed, and redirect packets
"net.ipv4.conf.default.log_martians" = mkDefault "1";
# implements RFC 1337 fix
"net.ipv4.tcp_rfc1337" = mkDefault "1";
# randomizes addresses of mmap base, heap, stack and VDSO page
"kernel.randomize_va_space" = mkDefault "2";
# Reboot the machine soon after a kernel panic.
"kernel.panic" = mkDefault "10";
## Not part of the original config
# provides protection from ToCToU races
"fs.protected_hardlinks" = mkDefault "1";
# provides protection from ToCToU races
"fs.protected_symlinks" = mkDefault "1";
# makes locating kernel addresses more difficult
"kernel.kptr_restrict" = mkDefault "1";
# set ptrace protections
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
# set perf only available to root
"kernel.perf_event_paranoid" = mkDefault "2";
};

4
nixos/tests/gitlab.nix
View file

@ -16,6 +16,7 @@ import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"localhost" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
@ -75,7 +76,8 @@ import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
$gitlab->waitForUnit("gitlab.service");
$gitlab->waitForUnit("gitlab-sidekiq.service");
$gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket");
$gitlab->waitUntilSucceeds("curl -sSf http://localhost/users/sign_in");
$gitlab->waitUntilSucceeds("curl -sSf http://gitlab/users/sign_in");
$gitlab->succeed("curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in");
$gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2")
'';
})

7
nixos/tests/hardened.nix
View file

@ -10,6 +10,7 @@ import ./make-test.nix ({ pkgs, ...} : {
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
nix.useSandbox = false;
virtualisation.emptyDiskImages = [ 4096 ];
boot.initrd.postDeviceCommands = ''
${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb
@ -63,5 +64,11 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->succeed("mount /dev/disk/by-label/EFISYS /efi");
$machine->succeed("mountpoint -q /efi"); # now mounted
};
# Test Nix dæmon usage
subtest "nix-daemon", sub {
$machine->fail("su -l nobody -s /bin/sh -c 'nix ping-store'");
$machine->succeed("su -l alice -c 'nix ping-store'") =~ "OK";
};
'';
})

21
nixos/tests/mxisd.nix Normal file
View file

@ -0,0 +1,21 @@
import ./make-test.nix ({ pkgs, ... } : {
name = "mxisd";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ mguentner ];
};
nodes = {
server_mxisd = args : {
services.mxisd.enable = true;
services.mxisd.matrix.domain = "example.org";
};
};
testScript = ''
startAll;
$server_mxisd->waitForUnit("mxisd.service");
$server_mxisd->waitForOpenPort(8090);
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
'';
})

1
nixos/tests/rspamd.nix
View file

@ -235,6 +235,7 @@ in
services.rspamd = {
enable = true;
postfix.enable = true;
workers.rspamd_proxy.type = "proxy";
};
};
testScript = ''

6
pkgs/applications/audio/a2jmidid/default.nix
View file

@ -9,12 +9,12 @@ in stdenv.mkDerivation rec {
version = "8";
src = fetchurl {
url = "http://repo.or.cz/a2jmidid.git/snapshot/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz";
url = "https://repo.or.cz/a2jmidid.git/snapshot/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz";
sha256 = "06dgf5655znbvrd7fhrv8msv6zw8vk0hjqglcqkh90960mnnmwz7";
};
nativeBuildInputs = [ pkgconfig wafHook ];
buildInputs = [ makeWrapper alsaLib dbus libjack2 python dbus-python ];
nativeBuildInputs = [ pkgconfig makeWrapper wafHook ];
buildInputs = [ alsaLib dbus libjack2 python dbus-python ];
postInstall = ''
wrapProgram $out/bin/a2j_control --set PYTHONPATH $PYTHONPATH

4
pkgs/applications/audio/avldrums-lv2/default.nix
View file

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
name = "${pname}-${version}";
pname = "avldrums.lv2";
version = "0.3.0";
version = "0.3.1";
src = fetchFromGitHub {
owner = "x42";
repo = pname;
rev = "v${version}";
sha256 = "0w51gdshq2i5bix2x5l3g3gnycy84nlzf5sj0jkrw0zrnbk6ghwg";
sha256 = "0yhq3n5bahhqpj40mvlkxcjsdsw63jsbz20pl77bx2qj30w25i2j";
fetchSubmodules = true;
};

80
pkgs/applications/audio/cadence/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv
, fetchurl
, fetchzip
, pkgconfig
, qtbase
, makeWrapper
@ -12,31 +12,13 @@
version = "0.9.0";
pname = "cadence";
src = fetchurl {
src = fetchzip {
url = "https://github.com/falkTX/Cadence/archive/v${version}.tar.gz";
sha256 = "07z1mnb0bmldb3i31bgw816pnvlvr9gawr51rpx3mhixg5wpiqzb";
sha256 = "08vcggypkdfr70v49innahs5s11hi222dhhnm5wcqzdgksphqzwx";
};
buildInputs = [
makeWrapper
pkgconfig
qtbase
];
apps = [
"cadence"
"cadence-jacksettings"
"cadence-pulse2loopback"
"claudia"
"cadence-aloop-daemon"
"cadence-logs"
"cadence-render"
"catarina"
"claudia-launcher"
"cadence-pulse2jack"
"cadence-session-start"
"catia"
];
nativeBuildInputs = [ makeWrapper pkgconfig ];
buildInputs = [ qtbase ];
makeFlags = ''
PREFIX=""
@ -46,20 +28,54 @@
propagatedBuildInputs = with python3Packages; [ pyqt5 ];
postInstall = ''
# replace with our own wrappers.
for app in $apps; do
rm $out/bin/$app
makeWrapper ${python3Packages.python.interpreter} $out/bin/$app \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/$app.py"
done
# replace with our own wrappers. They need to be changed manually since it wouldn't work otherwise
rm $out/bin/cadence
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/cadence.py"
rm $out/bin/claudia
makeWrapper ${python3Packages.python.interpreter} $out/bin/claudia \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/claudia.py"
rm $out/bin/catarina
makeWrapper ${python3Packages.python.interpreter} $out/bin/catarina \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/catarina.py"
rm $out/bin/catia
makeWrapper ${python3Packages.python.interpreter} $out/bin/catia \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/catia.py"
rm $out/bin/cadence-jacksettings
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-jacksettings \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/jacksettings.py"
rm $out/bin/cadence-aloop-daemon
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-aloop-daemon \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/cadence_aloop_daemon.py"
rm $out/bin/cadence-logs
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-logs \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/logs.py"
rm $out/bin/cadence-render
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-render \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/render.py"
rm $out/bin/claudia-launcher
makeWrapper ${python3Packages.python.interpreter} $out/bin/claudia-launcher \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/claudia_launcher.py"
rm $out/bin/cadence-session-start
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-session-start \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/cadence_session_start.py"
'';
meta = {
homepage = https://github.com/falkTX/Cadence/;
description = "Collection of tools useful for audio production";
license = stdenv.lib.licenses.mit;
license = stdenv.lib.licenses.gpl2Plus;
maintainers = with stdenv.lib.maintainers; [ genesis ];
platforms = stdenv.lib.platforms.linux;
platforms = [ "x86_64-linux" ];
};
}

4
pkgs/applications/audio/dragonfly-reverb/default.nix
View file

@ -6,8 +6,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "michaelwillis";
repo = "dragonfly-reverb";
rev = "0.9.4";
sha256 = "0lc45jybjwg4wrcz4s9lvzpvqawgj825rkqhz2xxvalfbvjazi53";
rev = "1.0.0";
sha256 = "05m4hd8lg0a7iiia6cbiw5qmc4p8vbkxp2qh7ywaabawiwa9r24x";
fetchSubmodules = true;
};

6
pkgs/applications/audio/mopidy/iris.nix
View file

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.31.1";
version = "3.31.2";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "1djxkgjvfzijvlq3gill1p20l0q64dbv9wd55whbir1l7y8wdga5";
sha256 = "0639ib5nicrabckjd17wdmhl8n3822gc2p1bn0xv8mq70paspar6";
};
propagatedBuildInputs = [
@ -17,7 +17,7 @@ pythonPackages.buildPythonApplication rec {
pylast
spotipy
raven
tornado
tornado_4
]);
postPatch = "sed -i /tornado/d setup.py";

14
pkgs/applications/audio/renoise/default.nix
View file

@ -1,4 +1,5 @@
{ stdenv, fetchurl, libX11, libXext, libXcursor, libXrandr, libjack2, alsaLib, releasePath ? null }:
{ stdenv, fetchurl, libX11, libXext, libXcursor, libXrandr, libjack2, alsaLib
, mpg123, releasePath ? null }:
with stdenv.lib;
@ -35,7 +36,7 @@ stdenv.mkDerivation rec {
releasePath
else throw "Platform is not supported by Renoise";
buildInputs = [ libX11 libXext libXcursor libXrandr alsaLib libjack2 ];
buildInputs = [ alsaLib libjack2 libX11 libXcursor libXext libXrandr ];
installPhase = ''
cp -r Resources $out
@ -54,13 +55,18 @@ stdenv.mkDerivation rec {
mkdir $out/bin
ln -s $out/renoise $out/bin/renoise
'';
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath $out/lib $out/renoise
postFixup = ''
patchelf \
--set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
--set-rpath ${mpg123}/lib:$out/lib \
$out/renoise
'';
meta = {
description = "Modern tracker-based DAW";
homepage = http://www.renoise.com/;
homepage = https://www.renoise.com/;
license = licenses.unfree;
maintainers = [];
platforms = [ "i686-linux" "x86_64-linux" ];

2
pkgs/applications/audio/seq24/default.nix
View file

@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
version = "0.9.3";
src = fetchurl {
url = "http://launchpad.net/seq24/trunk/${version}/+download/${name}.tar.gz";
url = "https://launchpad.net/seq24/trunk/${version}/+download/${name}.tar.gz";
sha256 = "1qpyb7355s21sgy6gibkybxpzx4ikha57a8w644lca6qy9mhcwi3";
};

6
pkgs/applications/audio/synthv1/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "synthv1-${version}";
version = "0.9.2";
version = "0.9.3";
src = fetchurl {
url = "mirror://sourceforge/synthv1/${name}.tar.gz";
sha256 = "1r60l286n8y4a4rrlnbc3h7xk4s2pvqykvskls89prxg0lkpz7kl";
sha256 = "0f58k5n2k667q8wsigg7bzl3lfgaf6jdj98r2a5nvyb18v1wpy2c";
};
buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ];
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "An old-school 4-oscillator subtractive polyphonic synthesizer with stereo fx";
homepage = http://synthv1.sourceforge.net/;
homepage = https://synthv1.sourceforge.io/;
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = [ maintainers.goibhniu ];

37
pkgs/applications/audio/transcribe/default.nix
View file

@ -1,33 +1,31 @@
{ stdenv, fetchzip, lib, makeWrapper, alsaLib, atk, cairo, gdk_pixbuf
, glib, gst-ffmpeg, gst-plugins-bad, gst-plugins-base
, gst-plugins-good, gst-plugins-ugly, gstreamer, gtk2, libSM, libX11
, libpng12, pango, zlib }:
{ stdenv, fetchzip, wrapGAppsHook, alsaLib, atk, cairo, gdk_pixbuf
, glib, gst_all_1, gtk3, libSM, libX11, libpng12, pango, zlib }:
stdenv.mkDerivation rec {
name = "transcribe-${version}";
version = "8.40";
version = "8.72";
src = if stdenv.hostPlatform.system == "i686-linux" then
fetchzip {
url = "https://www.seventhstring.com/xscribe/downlinux32_old/xscsetup.tar.gz";
sha256 = "1ngidmj9zz8bmv754s5xfsjv7v6xr03vck4kigzq4bpc9b1fdhjq";
url = "https://www.seventhstring.com/xscribe/downlinux32/xscsetup.tar.gz";
sha256 = "1h5l7ry9c9awpxfnd29b0wm973ifrhj17xl5d2fdsclw2swsickb";
}
else if stdenv.hostPlatform.system == "x86_64-linux" then
fetchzip {
url = "https://www.seventhstring.com/xscribe/downlinux64_old/xsc64setup.tar.gz";
sha256 = "0svzi8svj6zn06gj0hr8mpnhq4416dvb4g5al0gpb1g3paywdaf9";
url = "https://www.seventhstring.com/xscribe/downlinux64/xsc64setup.tar.gz";
sha256 = "1rpd3ppnx5i5yrnfbjrx7h7dk48kwl99i9lnpa75ap7nxvbiznm0";
}
else throw "Platform not supported";
nativeBuildInputs = [ makeWrapper ];
nativeBuildInputs = [ wrapGAppsHook ];
buildInputs = [ gst-plugins-base gst-plugins-good
gst-plugins-bad gst-plugins-ugly gst-ffmpeg ];
buildInputs = with gst_all_1; [ gst-plugins-base gst-plugins-good
gst-plugins-bad gst-plugins-ugly ];
dontPatchELF = true;
libPath = lib.makeLibraryPath [
stdenv.cc.cc glib gtk2 atk pango cairo gdk_pixbuf alsaLib
libPath = with gst_all_1; stdenv.lib.makeLibraryPath [
stdenv.cc.cc glib gtk3 atk pango cairo gdk_pixbuf alsaLib
libX11 libSM libpng12 gstreamer gst-plugins-base zlib
];
@ -42,13 +40,18 @@ stdenv.mkDerivation rec {
patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
$out/libexec/transcribe
'';
wrapProgram $out/libexec/transcribe \
--prefix GST_PLUGIN_SYSTEM_PATH : "$GST_PLUGIN_SYSTEM_PATH" \
preFixup = ''
gappsWrapperArgs+=(
--prefix GST_PLUGIN_SYSTEM_PATH : "$GST_PLUGIN_SYSTEM_PATH_1_0"
--prefix LD_LIBRARY_PATH : "${libPath}"
)
'';
postFixup = ''
ln -s $out/libexec/transcribe $out/bin/
'';
'';
meta = with stdenv.lib; {
description = "Software to help transcribe recorded music";

6
pkgs/applications/audio/x42-plugins/default.nix
View file

@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec {
version = "20180812";
version = "20181103";
name = "x42-plugins-${version}";
src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${name}.tar.xz";
sha256 = "0gzwzxpa2k2w9c6j3pspwi9slfyd57wb192d6yqcg92pfmnxy9dz";
sha256 = "085d6qjj7nl22f0xamqdrnfxwi8zrfwgkwm1svm73bjkdv270438";
};
nativeBuildInputs = [ pkgconfig ];
@ -34,6 +34,6 @@ stdenv.mkDerivation rec {
homepage = https://github.com/x42/x42-plugins;
maintainers = with maintainers; [ magnetophon ];
license = licenses.gpl2;
platforms = platforms.linux;
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

12
pkgs/applications/editors/android-studio/default.nix
View file

@ -13,14 +13,14 @@ let
sha256Hash = "117skqjax1xz9plarhdnrw2rwprjpybdc7mx7wggxapyy920vv5r";
};
betaVersion = {
version = "3.3.0.16"; # "Android Studio 3.3 Beta 4"
build = "182.5114240";
sha256Hash = "12gzwnlvc1w5lywpdckdgwxy2yrhf0m0fvaljdsis2arw0x9qdh2";
version = "3.3.0.17"; # "Android Studio 3.3 RC 1"
build = "182.5138683";
sha256Hash = "0apc566l4gwkwvfgj50d4qxm2gw26rxdlyr8kj3kfcra9a33c2b7";
};
latestVersion = { # canary & dev
version = "3.4.0.3"; # "Android Studio 3.4 Canary 4"
build = "183.5129585";
sha256Hash = "10y09sy0h4yp39dwpp8x7kjvw8r7hvk0qllbbaqj76j33xa85793";
version = "3.4.0.4"; # "Android Studio 3.4 Canary 5"
build = "183.5141831";
sha256Hash = "0xfk5vyjk3pdb44jp43vb5394486z2qgzrdhjzbf1ncbhvaf0aji";
};
in rec {
# Old alias

4
pkgs/applications/editors/eclipse/plugins.nix
View file

@ -555,12 +555,12 @@ rec {
spotbugs = buildEclipseUpdateSite rec {
name = "spotbugs-${version}";
version = "3.1.8";
version = "3.1.9";
src = fetchzip {
stripRoot = false;
url = "https://github.com/spotbugs/spotbugs/releases/download/${version}/eclipsePlugin.zip";
sha256 = "0086shivxx745f69226f59xcv7l9xliwyr9kxm6zyn753c888js3";
sha256 = "0m68jbyaiz0rm4qq3nnwnvgndzv2c6ay6i29kh0p0vdbanggq3xz";
};
meta = with stdenv.lib; {

28
pkgs/applications/editors/jetbrains/default.nix
View file

@ -276,12 +276,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2018.2.4"; /* updated by script */
version = "2018.3"; /* updated by script */
description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "0aan23ggs314bvpsldsv9m4pdmnlgdcjac9x6hv1j145a1pp439i"; /* updated by script */
sha256 = "0hd44flxqnnxg390mkf4ppjs2nxv0nwdc7a2i65f69bp5h61x783"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand Release";
@ -289,12 +289,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2018.2.6"; /* updated by script */
version = "2018.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "02hpbyivji9vnik7p04zrja1rhhl49r0365g0i6sa1rrwd1fhvwf"; /* updated by script */
sha256 = "01ccz5ksbv8xh8mnk3zxqpia8zgayy8bcgmbwqibrykz47y6r7yy"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA Release";
@ -302,12 +302,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2018.2.6"; /* updated by script */
version = "2018.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz";
sha256 = "0x0ylcbj8spvzmwxrw3p4c64ad27iz58lwj4yb8a6vwh6p22gflk"; /* updated by script */
sha256 = "16z0pqmxjn5dl42rbz7mx8gi13xs3220pzkdsdkh1k1ny9caqzvj"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA Release";
@ -328,12 +328,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2018.2.5"; /* updated by script */
version = "2018.3"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0zfnhrkv4y90a3myq13406vzivg234l69x0c5d7vyv6ys7dmq5fm"; /* updated by script */
sha256 = "0kgrh3w4lpk7qkp5gss24in1nqahdfllvf97qz6r77zn9n5k1wq7"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm Release";
@ -341,12 +341,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2018.2.5"; /* updated by script */
version = "2018.3"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0yfq25kmzzd15x83zdbrq9j62c32maklzhsk1rzymabyb56blh5c"; /* updated by script */
sha256 = "0q4scwnqy0h725g9z5hd145c3n10iaj04z790s4lixg1c63h3y8q"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm Release";
@ -367,12 +367,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2018.2.4"; /* updated by script */
version = "2018.2.5"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "0dk3ch749ai5kyg9q8819ckrqw2jk4f656iqrkkpab9fjqfjylka"; /* updated by script */
sha256 = "0b01fnifk5iawyf2zi7r5ffz8dxlh18g2ilrkc5746vmnsp0jxq4"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine 2018.2";
@ -380,12 +380,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2018.2.6"; /* updated by script */
version = "2018.3"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1snx59b6d0szd1a07agpqxlprhy2mc9jvbnxcck5hfwxl3ic7x5g"; /* updated by script */
sha256 = "0msvgdjbdipc4g8j705d1jya2mjmx4wwhb23nch3znh7grryr75s"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm Release";

2
pkgs/applications/editors/monodevelop/default.nix
View file

@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
};
nunit2510 = fetchurl {
url = "http://launchpad.net/nunitv2/2.5/2.5.10/+download/NUnit-2.5.10.11092.zip";
url = "https://launchpad.net/nunitv2/2.5/2.5.10/+download/NUnit-2.5.10.11092.zip";
sha256 = "0k5h5bz1p2v3d0w0hpkpbpvdkcszgp8sr9ik498r1bs72w5qlwnc";
};

37
pkgs/applications/graphics/deskew/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ stdenv, fetchFromBitbucket, libtiff, fpc }:
stdenv.mkDerivation rec {
name = "deskew-${version}";
version = "1.25";
src = fetchFromBitbucket {
owner = "galfar";
repo = "app-deskew";
rev = "v${version}";
sha256 = "0zjjj66qhgqkmfxl3q7p78dv4xl4ci918pgl4d5259pqdj1bfgc8";
};
nativeBuildInputs = [ fpc ];
buildInputs = [ libtiff ];
buildPhase = ''
rm -r Bin # Remove pre-compiled binary
mkdir Bin
chmod +x compile.sh
./compile.sh
'';
installPhase = ''
install -Dt $out/bin Bin/*
'';
meta = with stdenv.lib; {
description = "A command line tool for deskewing scanned text documents";
homepage = https://bitbucket.org/galfar/app-deskew/overview;
license = licenses.mit;
maintainers = with maintainers; [ryantm];
platforms = platforms.all;
};
}

10
pkgs/applications/graphics/tesseract/4.x.nix
View file

@ -7,20 +7,20 @@
stdenv.mkDerivation rec {
name = "tesseract-${version}";
version = "4.00.00alpha-git-20170410";
version = "4.0.0";
src = fetchFromGitHub {
owner = "tesseract-ocr";
repo = "tesseract";
rev = "36a995bdc92eb2dd8bc5a63205708944a3f990a1";
sha256 = "0xz3krvap8sdm27v1dyb34lcdmx11wzvxyszpppfsfmjgkvg19bq";
rev = version;
sha256 = "1b5fi2vibc4kk9b30kkk4ais4bw8fbbv24bzr5709194hb81cav8";
};
tessdata = fetchFromGitHub {
owner = "tesseract-ocr";
repo = "tessdata";
rev = "8bf2e7ad08db9ca174ae2b0b3a7498c9f1f71d40";
sha256 = "0idwkv4qsmmqhrxcgyhy32yldl3vk054m7dkv4fjswfnalgsx794";
rev = version;
sha256 = "1chw1ya5zf8aaj2ixr9x013x7vwwwjjmx6f2ag0d6i14lypygy28";
};
nativeBuildInputs = [ pkgconfig autoreconfHook autoconf-archive ];

4
pkgs/applications/kde/dolphin.nix
View file

@ -4,7 +4,8 @@
baloo, baloo-widgets, kactivities, kbookmarks, kcmutils,
kcompletion, kconfig, kcoreaddons, kdelibs4support, kdbusaddons,
kfilemetadata, ki18n, kiconthemes, kinit, kio, knewstuff, knotifications,
kparts, ktexteditor, kwindowsystem, phonon, solid
kparts, ktexteditor, kwindowsystem, phonon, solid,
wayland, qtwayland
}:
mkDerivation {
@ -19,6 +20,7 @@ mkDerivation {
kcoreaddons kdelibs4support kdbusaddons kfilemetadata ki18n kiconthemes
kinit kio knewstuff knotifications kparts ktexteditor kwindowsystem
phonon solid
wayland qtwayland
];
outputs = [ "out" "dev" ];
# We need the RPATH for linking, because the `libkdeinit5_dolphin.so` links

75
pkgs/applications/misc/aminal/default.nix Normal file
View file

@ -0,0 +1,75 @@
{ buildGoPackage
, Carbon
, Cocoa
, Kernel
, cf-private
, fetchFromGitHub
, lib
, mesa_glu
, stdenv
, xorg
}:
buildGoPackage rec {
name = "aminal-${version}";
version = "0.7.4";
goPackagePath = "github.com/liamg/aminal";
buildInputs =
lib.optionals stdenv.isLinux [
mesa_glu
xorg.libX11
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXrandr
xorg.libXxf86vm
] ++ lib.optionals stdenv.isDarwin [
Carbon
Cocoa
Kernel
cf-private /* Needed for NSDefaultRunLoopMode */
];
src = fetchFromGitHub {
owner = "liamg";
repo = "aminal";
rev = "v${version}";
sha256 = "0wnzxjlv98pi3gy4hp3d19pwpa4kf1h5rqy03s9bcqdbpb1v1b7v";
};
preBuild = ''
buildFlagsArray=("-ldflags=-X ${goPackagePath}/version.Version=${version}")
'';
meta = with lib; {
description = "Golang terminal emulator from scratch";
longDescription = ''
Aminal is a modern terminal emulator for Mac/Linux implemented in Golang
and utilising OpenGL.
The project is experimental at the moment, so you probably won't want to
rely on Aminal as your main terminal for a while.
Features:
- Unicode support
- OpenGL rendering
- Customisation options
- True colour support
- Support for common ANSI escape sequences a la xterm
- Scrollback buffer
- Clipboard access
- Clickable URLs
- Multi platform support (Windows coming soon...)
- Sixel support
- Hints/overlays
- Built-in patched fonts for powerline
- Retina display support
'';
homepage = https://github.com/liamg/aminal;
license = licenses.gpl3;
maintainers = with maintainers; [ kalbasit ];
platforms = platforms.linux ++ platforms.darwin;
};
}

30
pkgs/applications/misc/autospotting/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ stdenv, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
name = "autospotting-${version}";
version = "unstable-2018-11-17";
goPackagePath = "github.com/AutoSpotting/AutoSpotting";
src = fetchFromGitHub {
owner = "AutoSpotting";
repo = "AutoSpotting";
rev = "122ab8f292a2f718dd85e79ec22acd455122907e";
sha256 = "0p48lgig9kblxvgq1kggczkn4qdbx6ciq9c8x0179i80vl4jf7v6";
};
goDeps = ./deps.nix;
# patching path where repository used to exist
postPatch = ''
sed -i "s+github.com/cristim/autospotting/core+github.com/AutoSpotting/AutoSpotting/core+" autospotting.go
'';
meta = with stdenv.lib; {
homepage = https://github.com/AutoSpotting/AutoSpotting;
description = "Automatically convert your existing AutoScaling groups to up to 90% cheaper spot instances with minimal configuration changes";
license = licenses.free;
maintainers = [ maintainers.costrouc ];
platforms = platforms.linux;
};
}

75
pkgs/applications/misc/autospotting/deps.nix generated Normal file
View file

@ -0,0 +1,75 @@
# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix)
[
{
goPackagePath = "github.com/aws/aws-lambda-go";
fetch = {
type = "git";
url = "https://github.com/aws/aws-lambda-go";
rev = "2d482ef09017ae953b1e8d5a6ddac5b696663a3c";
sha256 = "06v2yfvn4sn116lds0526a8mfrsng4vafrdjf1dhpalqarrbdvmz";
};
}
{
goPackagePath = "github.com/aws/aws-sdk-go";
fetch = {
type = "git";
url = "https://github.com/aws/aws-sdk-go";
rev = "9333060a8d957db41bff1c80603a802aa674fad8";
sha256 = "0fnypw6zm6k70fzhm5a8g69ag64rxbrrpdk7l3rkfqd99slyg5kz";
};
}
{
goPackagePath = "github.com/cristim/ec2-instances-info";
fetch = {
type = "git";
url = "https://github.com/cristim/ec2-instances-info";
rev = "73c042a5558cd6d8b61fb82502d6f7aec334e9ed";
sha256 = "1xajrkxqqz5wlbi9w2wdhnk115rbmqxyga29f8v9psq8hzwgi0rg";
};
}
{
goPackagePath = "github.com/davecgh/go-spew";
fetch = {
type = "git";
url = "https://github.com/davecgh/go-spew";
rev = "d8f796af33cc11cb798c1aaeb27a4ebc5099927d";
sha256 = "19z27f306fpsrjdvkzd61w1bdazcdbczjyjck177g33iklinhpvx";
};
}
{
goPackagePath = "github.com/go-ini/ini";
fetch = {
type = "git";
url = "https://github.com/go-ini/ini";
rev = "5cf292cae48347c2490ac1a58fe36735fb78df7e";
sha256 = "0xbnw1nd22q6k863n5gs0nxld15w0p8qxbhfky85akcb5rk1vwi9";
};
}
{
goPackagePath = "github.com/jmespath/go-jmespath";
fetch = {
type = "git";
url = "https://github.com/jmespath/go-jmespath";
rev = "0b12d6b5";
sha256 = "1vv6hph8j6xgv7gwl9vvhlsaaqsm22sxxqmgmldi4v11783pc1ld";
};
}
{
goPackagePath = "github.com/namsral/flag";
fetch = {
type = "git";
url = "https://github.com/namsral/flag";
rev = "67f268f20922975c067ed799e4be6bacf152208c";
sha256 = "1lmxq3z276zrsggpfq9b7yklzzxdyib49zr8sznb1lcqlvxqsr47";
};
}
{
goPackagePath = "github.com/pkg/errors";
fetch = {
type = "git";
url = "https://github.com/pkg/errors";
rev = "645ef00459ed84a119197bfb8d8205042c6df63d";
sha256 = "001i6n71ghp2l6kdl3qq1v2vmghcz3kicv9a5wgcihrzigm75pp5";
};
}
]

2
pkgs/applications/misc/llpp/default.nix
View file

@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
'';
meta = with stdenv.lib; {
homepage = http://repo.or.cz/w/llpp.git;
homepage = https://repo.or.cz/w/llpp.git;
description = "A MuPDF based PDF pager written in OCaml";
platforms = platforms.linux;
maintainers = with maintainers; [ pSub ];

4
pkgs/applications/misc/mako/default.nix
View file

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
name = "mako-${version}";
version = "1.1";
version = "1.2";
src = fetchFromGitHub {
owner = "emersion";
repo = "mako";
rev = "v${version}";
sha256 = "18krsyp9g6f689024dn1mq8dyj4yg8c3kcy5s88q1gm8py6c4493";
sha256 = "112b7s5bkvwlgsm2kng2vh8mn6wr3a6c7n1arl9adxlghdym449h";
};
nativeBuildInputs = [ meson ninja pkgconfig scdoc ];

4
pkgs/applications/misc/nnn/default.nix
View file

@ -4,13 +4,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "nnn-${version}";
version = "2.0";
version = "2.1";
src = fetchFromGitHub {
owner = "jarun";
repo = "nnn";
rev = "v${version}";
sha256 = "16c6fimr1ayb2x3mvli70x2va3nz106jdfyqn53bhss7zjqvszxl";
sha256 = "1vkrhsdwgacln335rjywdf7nj7fg1x55szmm8xrvwda8y2qjqhc4";
};
configFile = optionalString (conf!=null) (builtins.toFile "nnn.h" conf);

2
pkgs/applications/misc/pinfo/default.nix
View file

@ -5,7 +5,7 @@ stdenv.mkDerivation {
src = fetchurl {
# homepage needed you to login to download the tarball
url = "http://src.fedoraproject.org/repo/pkgs/pinfo/pinfo-0.6.10.tar.bz2"
url = "https://src.fedoraproject.org/repo/pkgs/pinfo/pinfo-0.6.10.tar.bz2"
+ "/fe3d3da50371b1773dfe29bf870dbc5b/pinfo-0.6.10.tar.bz2";
sha256 = "0p8wyrpz9npjcbx6c973jspm4c3xz4zxx939nngbq49xqah8088j";
};

2
pkgs/applications/misc/sakura/default.nix
View file

@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
version = "3.6.0";
src = fetchurl {
url = "http://launchpad.net/sakura/trunk/${version}/+download/${name}.tar.bz2";
url = "https://launchpad.net/sakura/trunk/${version}/+download/${name}.tar.bz2";
sha256 = "1q463qm41ym7jb3kbzjz7b6x549vmgkb70arpkhsf86yxly1y5m1";
};

8
pkgs/applications/misc/slic3r/prusa3d.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, makeWrapper, which, cmake, perl, perlPackages,
{ stdenv, lib, fetchFromGitHub, makeWrapper, which, cmake, perl, perlPackages,
boost, tbb, wxGTK30, pkgconfig, gtk3, fetchurl, gtk2, libGLU,
glew, eigen, curl, gtest, nlopt, pcre, xorg }:
let
@ -98,6 +98,10 @@ stdenv.mkDerivation rec {
# seems to be the easiest way.
sed -i "s|\''${PERL_VENDORARCH}|$out/lib/slic3r-prusa3d|g" xs/CMakeLists.txt
sed -i "s|\''${PERL_VENDORLIB}|$out/lib/slic3r-prusa3d|g" xs/CMakeLists.txt
'' + lib.optionalString (lib.versionOlder "2.5" nlopt.version) ''
# Since version 2.5.0 of nlopt we need to link to libnlopt, as libnlopt_cxx
# now seems to be integrated into the main lib.
sed -i 's|nlopt_cxx|nlopt|g' xs/src/libnest2d/cmake_modules/FindNLopt.cmake
'';
postInstall = ''
@ -114,7 +118,7 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "prusa3d";
repo = "Slic3r";
sha256 = "0068wwsjwmnxql7653vy3labcyslzf17kr8xdr4lg2jplm022hvy";
sha256 = "0crjrll8cjpkllval6abrqzvzp8g3rnb4vmwi5vivw0jvdv3w5y7";
rev = "version_${version}";
};

12
pkgs/applications/misc/tilda/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig
{ stdenv, fetchzip, pkgconfig
, autoreconfHook, gettext, expat
, confuse, vte, gtk
, libconfuse, vte, gtk
, makeWrapper }:
stdenv.mkDerivation rec {
@ -8,13 +8,13 @@ stdenv.mkDerivation rec {
name = "tilda-${version}";
version = "1.4.1";
src = fetchurl {
src = fetchzip {
url = "https://github.com/lanoxx/tilda/archive/${name}.tar.gz";
sha256 = "0w2hry2bqcqrkik4l100b1a9jlsih6sq8zwhfpl8zzfq20i00lfs";
sha256 = "154rsldqjv2m1bddisb930qicb0y35kx7bxq392n2hn68jr2pxkj";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ gettext confuse vte gtk makeWrapper ];
nativeBuildInputs = [ autoreconfHook makeWrapper pkgconfig ];
buildInputs = [ gettext libconfuse vte gtk ];
LD_LIBRARY_PATH = "${expat.out}/lib"; # ugly hack for xgettext to work during build

3
pkgs/applications/networking/browsers/brave/default.nix
View file

@ -75,10 +75,11 @@ let rpath = lib.makeLibraryPath [
in stdenv.mkDerivation rec {
pname = "brave";
version = "0.56.12";
version = "0.56.15";
src = fetchurl {
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
sha256 = "1pvablwchpsm1fdhfp9kr2912yv4812r8prv5fn799qpflzxvyai";
sha256 = "1d18fgnxcgl95bhkgfqjyv4p81q6fciqibd3ss4vwh1ljjy1fv76";
};
dontConfigure = true;

4
pkgs/applications/networking/browsers/lynx/default.nix
View file

@ -8,14 +8,14 @@ assert sslSupport -> openssl != null;
stdenv.mkDerivation rec {
name = "lynx-${version}";
version = "2.8.9dev.17";
version = "2.8.9rel.1";
src = fetchurl {
urls = [
"ftp://ftp.invisible-island.net/lynx/tarballs/lynx${version}.tar.bz2"
"https://invisible-mirror.net/archives/lynx/tarballs/lynx${version}.tar.bz2"
];
sha256 = "1lvfsnrw5mmwrmn1m76q9mx287xwm3h5lg8sv7bcqilc0ywi2f54";
sha256 = "15cmyyma2kz1hfaa6mwjgli8zwdzq3jv0q2cl6nwzycjfwyijzrq";
};
enableParallelBuilding = true;

4
pkgs/applications/networking/browsers/vivaldi/default.nix
View file

@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
name = "${product}-${version}";
product = "vivaldi";
version = "2.1.1337.47-1";
version = "2.1.1337.51-1";
src = fetchurl {
url = "https://downloads.vivaldi.com/stable/${product}-stable_${version}_amd64.deb";
sha256 = "0i4dd5fgipplfq9jylm23jc9vn0qzf03ph1v85qh252hw5fgnyj2";
sha256 = "08x6abyz65vx4ycj8ys8sib9z1adb8ybmnrqjck69b30kbz78rj2";
};
unpackPhase = ''

5
pkgs/applications/networking/cluster/kubetail/default.nix
View file

@ -12,7 +12,10 @@ stdenv.mkDerivation rec {
};
installPhase = ''
install -Dm755 kubetail $out/bin/kubetail
install -Dm755 kubetail "$out/bin/kubetail"
install -Dm755 completion/kubetail.bash "$out/share/bash-completion/completions/kubetail"
install -Dm755 completion/kubetail.fish "$out/share/fish/vendor_completions.d/kubetail.fish"
install -Dm755 completion/kubetail.zsh "$out/share/zsh/site-functions/_kubetail"
'';
meta = with lib; {

27
pkgs/applications/networking/cluster/stern/default.nix
View file

@ -1,4 +1,6 @@
{ lib, buildGoPackage, fetchFromGitHub }:
{ stdenv, lib, buildPackages, buildGoPackage, fetchFromGitHub }:
let isCrossBuild = stdenv.hostPlatform != stdenv.buildPlatform; in
buildGoPackage rec {
name = "stern-${version}";
@ -15,11 +17,20 @@ buildGoPackage rec {
goDeps = ./deps.nix;
meta = with lib; {
description = "Multi pod and container log tailing for Kubernetes";
homepage = "https://github.com/wercker/stern";
license = licenses.asl20;
maintainers = with maintainers; [ mbode ];
platforms = platforms.unix;
};
postInstall =
let stern = if isCrossBuild then buildPackages.stern else "$bin"; in
''
mkdir -p $bin/share/bash-completion/completions
${stern}/bin/stern --completion bash > $bin/share/bash-completion/completions/stern
mkdir -p $bin/share/zsh/site-functions
${stern}/bin/stern --completion zsh > $bin/share/zsh/site-functions/_stern
'';
meta = with lib; {
description = "Multi pod and container log tailing for Kubernetes";
homepage = "https://github.com/wercker/stern";
license = licenses.asl20;
maintainers = with maintainers; [ mbode ];
platforms = platforms.unix;
};
}

4
pkgs/applications/networking/cluster/terragrunt/default.nix
View file

@ -2,7 +2,7 @@
buildGoPackage rec {
name = "terragrunt-${version}";
version = "0.17.2";
version = "0.17.3";
goPackagePath = "github.com/gruntwork-io/terragrunt";
@ -10,7 +10,7 @@ buildGoPackage rec {
owner = "gruntwork-io";
repo = "terragrunt";
rev = "v${version}";
sha256 = "069l9ynyl96rfs9zw6w6n1yzjjin27731nj1ajr9jsyc8rhd84wv";
sha256 = "1b0fwql9nr00qpvcbsbdymxf1wrgr590gkms7yz3yirb4xfl3gl3";
};
goDeps = ./deps.nix;

8
pkgs/applications/networking/instant-messengers/dino/default.nix
View file

@ -10,16 +10,17 @@
, dbus
, gpgme
, pcre
, qrencode
}:
stdenv.mkDerivation rec {
name = "dino-unstable-2018-09-21";
name = "dino-unstable-2018-11-27";
src = fetchFromGitHub {
owner = "dino";
repo = "dino";
rev = "6b7ef800f54e781a618425236ba8d4ed2f2fef9c";
sha256 = "1si815b6y06lridj88hws0dgq54w9jfam9sqbrq3cfcvmhc38ysk";
rev = "141db9e40a3a81cfa3ad3587dc47f69c541d0fde";
sha256 = "006r1x7drlz39jjxlfdnxgrnambw9amhl9jcgf6p1dx71h1x8221";
fetchSubmodules = true;
};
@ -32,6 +33,7 @@ stdenv.mkDerivation rec {
];
buildInputs = [
qrencode
gobjectIntrospection
glib-networking
glib

4
pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
View file

@ -56,11 +56,11 @@ let
in stdenv.mkDerivation rec {
name = "signal-desktop-${version}";
version = "1.18.0";
version = "1.18.1";
src = fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb";
sha256 = "0l5q55k5dp7hbvw3dnjsz39blbsahx6nh9ln4c69752zg473yv4v";
sha256 = "1gak6nhv5gk37iv1bfmjx6wf0p1vcln5y29i6fkzmvcrp3j2cmfh";
};
phases = [ "unpackPhase" "installPhase" ];

4
pkgs/applications/networking/mailreaders/mutt/default.nix
View file

@ -35,8 +35,8 @@ stdenv.mkDerivation rec {
};
patches = optional smimeSupport (fetchpatch {
url = "https://sources.debian.net/src/mutt/1.7.2-1/debian/patches/misc/smime.rc.patch";
sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
url = "https://salsa.debian.org/mutt-team/mutt/raw/debian/1.10.1-2/debian/patches/misc/smime.rc.patch";
sha256 = "1rl27qqwl4nw321ll5jcvfmkmz4fkvcsh5vihjcrhzzyf6vz8wmj";
});
buildInputs =

8
pkgs/applications/networking/mailreaders/neomutt/default.nix
View file

@ -1,6 +1,7 @@
{ stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which, writeScript
, ncurses, perl , cyrus_sasl, gss, gpgme, kerberos, libidn, libxml2, notmuch, openssl
, lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42, mime-types }:
, lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42, mailcap
}:
let
muttWrapper = writeScript "mutt" ''
@ -28,7 +29,7 @@ in stdenv.mkDerivation rec {
buildInputs = [
cyrus_sasl gss gpgme kerberos libidn ncurses
notmuch openssl perl lmdb
mime-types
mailcap
];
nativeBuildInputs = [
@ -47,10 +48,11 @@ in stdenv.mkDerivation rec {
--replace http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd ${docbook_xml_dtd_42}/xml/dtd/docbook/docbookx.dtd
done
# allow neomutt to map attachments to their proper mime.types if specified wrongly
# and use a far more comprehensive list than the one shipped with neomutt
substituteInPlace sendlib.c \
--replace /etc/mime.types ${mime-types}/etc/mime.types
--replace /etc/mime.types ${mailcap}/etc/mime.types
# The string conversion tests all fail with the first version of neomutt
# that has tests (20180223) as well as 20180716 so we disable them for now.

4
pkgs/applications/networking/mailreaders/realpine/default.nix
View file

@ -36,7 +36,7 @@ stdenv.mkDerivation {
license = stdenv.lib.licenses.asl20;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux;
homepage = http://re-alpine.sf.net/;
downloadPage = "http://sourceforge.net/projects/re-alpine/files/";
homepage = https://sourceforge.net/projects/re-alpine/;
downloadPage = "https://sourceforge.net/projects/re-alpine/files/";
};
}

4
pkgs/applications/networking/seafile-client/default.nix
View file

@ -5,14 +5,14 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "6.2.5";
version = "6.2.7";
name = "seafile-client-${version}";
src = fetchFromGitHub {
owner = "haiwen";
repo = "seafile-client";
rev = "v${version}";
sha256 = "1g09gsaqr4swgwnjxz994xgjsv7mlfaypp6r37bbsiy89a7ppzfl";
sha256 = "16ikl6vkp9v16608bq2sfg48idn2p7ik3q8n6j866zxkmgdvkpsg";
};
nativeBuildInputs = [ pkgconfig cmake makeWrapper ];

5
pkgs/applications/networking/sync/rclone/default.nix
View file

@ -2,15 +2,16 @@
buildGoPackage rec {
name = "rclone-${version}";
version = "1.44";
version = "1.45";
goPackagePath = "github.com/ncw/rclone";
subPackages = [ "." ];
src = fetchFromGitHub {
owner = "ncw";
repo = "rclone";
rev = "v${version}";
sha256 = "0kpx9r4kksscsvia7r79z9h8ghph25ay9dgpqrnp599fq1bqky61";
sha256 = "06xg0ibv9pnrnmabh1kblvxx1pk8h5rmkr9mjbymv497sx3zgz26";
};
outputs = [ "bin" "out" "man" ];

3
pkgs/applications/office/kmymoney/default.nix
View file

@ -61,11 +61,12 @@ stdenv.mkDerivation rec {
'';
doInstallCheck = stdenv.hostPlatform == stdenv.buildPlatform;
installCheckInputs = [ xvfb_run ];
installCheckPhase = let
pluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}";
in lib.optionalString doInstallCheck ''
QT_PLUGIN_PATH=${lib.escapeShellArg pluginPath} \
${xvfb_run}/bin/xvfb-run -s '-screen 0 1024x768x24' make test \
xvfb-run -s '-screen 0 1024x768x24' make test \
ARGS="-E '(reports-chart-test)'" # Test fails, so exclude it for now.
'';

21
pkgs/applications/office/marp/default.nix
View file

@ -1,24 +1,29 @@
{ stdenv, fetchurl, atomEnv, libXScrnSaver }:
{ stdenv, fetchurl, atomEnv, libXScrnSaver, gtk2 }:
stdenv.mkDerivation rec {
name = "marp-${version}";
version = "0.0.13";
version = "0.0.14";
src = fetchurl {
url = "https://github.com/yhatt/marp/releases/download/v${version}/${version}-Marp-linux-x64.tar.gz";
sha256 = "1120mbw4mf7v4qfmss3121gkgp5pn31alk9cssxbrmdcsdkaq5ld";
sha256 = "0nklzxwdx5llzfwz1hl2jpp2kwz78w4y63h5l00fh6fv6zisw6j4";
};
sourceRoot = ".";
unpackPhase = ''
mkdir {locales,resources}
tar --delay-directory-restore -xf $src
chmod u+x {locales,resources}
'';
installPhase = ''
mkdir -p $out/lib/marp $out/bin
cp -r ./* $out/lib/marp
ln -s $out/lib/marp/Marp $out/bin
mkdir -p $out/lib/marp $out/bin
cp -r ./* $out/lib/marp
ln -s $out/lib/marp/Marp $out/bin
'';
postFixup = ''
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${atomEnv.libPath}:${stdenv.lib.makeLibraryPath [ libXScrnSaver ]}:$out/lib/marp" \
--set-rpath "${atomEnv.libPath}:${stdenv.lib.makeLibraryPath [ libXScrnSaver gtk2 ]}:$out/lib/marp" \
$out/bin/Marp
'';

9
pkgs/applications/science/biology/picard-tools/default.nix
View file

@ -2,14 +2,15 @@
stdenv.mkDerivation rec {
name = "picard-tools-${version}";
version = "2.18.14";
version = "2.18.17";
src = fetchurl {
url = "https://github.com/broadinstitute/picard/releases/download/${version}/picard.jar";
sha256 = "0xc5mqifav2j4zbln04q07wjlzpwp3w0y5iv5bkp4v5486cp2ha9";
sha256 = "0ks7ymrjfya5h77hp0bqyipzdri0kf97c8wks32nvwkj821687zm";
};
buildInputs = [ jre makeWrapper ];
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ jre ];
phases = [ "installPhase" ];
@ -21,7 +22,7 @@ stdenv.mkDerivation rec {
'';
meta = with stdenv.lib; {
description = "Tools for high-throughput sequencing (HTS) data and formats such as SAM/BAM/CRAM and VCF.";
description = "Tools for high-throughput sequencing (HTS) data and formats such as SAM/BAM/CRAM and VCF";
license = licenses.mit;
homepage = https://broadinstitute.github.io/picard/;
maintainers = with maintainers; [ jbedo ];

2
pkgs/applications/science/chemistry/gwyddion/default.nix
View file

@ -6,7 +6,7 @@ let version = "2.48"; in
stdenv.mkDerivation {
name = "gwyddion-${version}";
src = fetchurl {
url = "http://sourceforge.net/projects/gwyddion/files/gwyddion/${version}/gwyddion-${version}.tar.xz";
url = "mirror://sourceforge/gwyddion/files/gwyddion/${version}/gwyddion-${version}.tar.xz";
sha256 = "119iw58ac2wn4cas6js8m7r1n4gmmkga6b1y711xzcyjp9hshgwx";
};
nativeBuildInputs = [ pkgconfig ];

6
pkgs/applications/science/electronics/librepcb/default.nix
View file

@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
name = "librepcb-${version}";
version = "20181031";
version = "0.1.0";
src = fetchFromGitHub {
owner = "LibrePCB";
repo = "LibrePCB";
fetchSubmodules = true;
rev = "3cf8dba9fa88e5b392d639c9fdbcf3a44664170a";
sha256 = "0kr4mii5w3kj3kqvhgq7zjxjrq44scx8ky0x77gyqmwvwfwk7nmx";
rev = "d7458d3b3e126499902e1a66a0ef889f516a7c97";
sha256 = "19wh0398fzzpd65nh4mmc4jllkrgcrwxvxdby0gb5wh1sqyaqac4";
};
enableParallelBuilding = true;

4
pkgs/applications/science/logic/z3/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
name = "z3-${version}";
version = "4.8.1";
version = "4.8.3";
src = fetchFromGitHub {
owner = "Z3Prover";
repo = "z3";
rev = name;
sha256 = "1vr57bwx40sd5riijyrhy70i2wnv9xrdihf6y5zdz56yq88rl48f";
sha256 = "0p5gdmhd32x6zwmx7j5cgwh4jyfxa9yapym95nlmyfaqzak92qar";
};
buildInputs = [ python fixDarwinDylibNames ];

2
pkgs/applications/science/math/fricas/default.nix
View file

@ -8,7 +8,7 @@ stdenv.mkDerivation {
inherit name;
src = fetchurl {
url = "http://sourceforge.net/projects/fricas/files/fricas/${version}/${name}-full.tar.bz2";
url = "mirror://sourceforge/fricas/files/fricas/${version}/${name}-full.tar.bz2";
sha256 = "156k9az1623y5808j845c56z2nvvdrm48dzg1v0ivpplyl7vp57x";
};

41
pkgs/applications/science/math/sage/README.md
View file

@ -2,46 +2,7 @@
Sage is a pretty complex package that depends on many other complex packages and patches some of those. As a result, the sage nix package is also quite complex.
Don't feel discouraged to fix, simplify or improve things though. Here's a quick overview over the functions of the individual files:
- `sage-src.nix`
Downloads the source code and applies patches. This makes sure that all the other files work with the same sage source. If you want to apply a patch to sage or update sage to a new version, this is the place to do it.
- `env-locations.nix`
Creates a bash file that sets a bunch of environment variables telling sage where to find various packages and files. The definitions of those environment variables can be found in the sage source in the `src/env.py` file. This bash file needs to be sourced before sage is started (done in `sage-env.nix` and `sagedoc.nix`).
- `sage-env.nix`
Sets all environment variables sage needs to run. This includes the package locations defined in `env-locations.nix` as well as the location of sage itself and its various subdirectories.
- `sagelib.nix`
Defines the main sage package (without setting the necessary environments or running any tests).
- `sage-with-env.nix`
Wraps sage in the necessary environment.
- `sage.nix`
Runs sages doctests.
- `sage-wrapper.nix`
Optionally tells sage where do find the docs.
- `sagedoc.nix`
Builds and tests the sage html documentation. Can be used for offline documentation viewing as well as the sage `browse_sage_doc` and `search_doc` functions.
- `sagenb.nix`
The (semi deprecated) sage notebook.
- `default.nix`
Introduces necessary overrides, defines new packages and ties everything together (returning the `sage` package).
- `flask-oldsessions.nix`, `flask-openid.nix`, `python-openid.nix`
These are python packages that were rejected from the main nixpkgs tree because they appear unmaintained. They are needed for the (semi-deprecated) sage notebook. Since that notebook is still needed to run the sage doctests, these packages are included but not exposed to the rest of nixpkgs.
- `pybrial.nix`
pybrial is a dependency of sage. However, pybrial itself also has sage as a dependency. Because of that circular dependency, pybrial is hidden from the rest of nixpkgs (just as the flask packages and python-openid.
- `openblas-pc.nix`
This creates a `.pc` file to be read by `pkg-config` that allows openblas to take on different roles, like `cblas` or `lapack`.
Don't feel discouraged to fix, simplify or improve things though. The individual files have comments explaining their purpose. The most importent ones are `default.nix` linking everything together, `sage-src.nix` adding patches and `sagelib.nix` building the actual sage package.
## The sage build is broken

152
pkgs/applications/science/math/sage/default.nix
View file

@ -1,68 +1,101 @@
{ nixpkgs
{ pkgs
, withDoc ? false
}:
# Here sage and its dependencies are put together. Some dependencies may be pinned
# as a last resort. Patching sage for compatibility with newer dependency versions
# is always preferred, see `sage-src.nix` for that.
let
inherit (nixpkgs) fetchpatch fetchurl symlinkJoin callPackage nodePackages;
inherit (pkgs) fetchurl symlinkJoin callPackage nodePackages;
# https://trac.sagemath.org/ticket/15980 for tracking of python3 support
python = nixpkgs.python2.override {
python = pkgs.python2.override {
packageOverrides = self: super: {
# python packages that appear unmaintained and were not accepted into the nixpkgs
# tree because of that. These packages are only dependencies of the more-or-less
# deprecated sagenb. However sagenb is still a default dependency and the doctests
# depend on it.
# See https://github.com/NixOS/nixpkgs/pull/38787 for a discussion.
# The dependency on the sage notebook (and therefore these packages) will be
# removed in the future:
# https://trac.sagemath.org/ticket/25837
flask-oldsessions = self.callPackage ./flask-oldsessions.nix {};
flask-openid = self.callPackage ./flask-openid.nix {};
python-openid = self.callPackage ./python-openid.nix {};
pybrial = self.callPackage ./pybrial.nix {};
sagelib = self.callPackage ./sagelib.nix {
inherit flint ecl arb;
inherit sage-src openblas-blas-pc openblas-cblas-pc openblas-lapack-pc pynac singular;
linbox = nixpkgs.linbox.override { withSage = true; };
};
sagenb = self.callPackage ./sagenb.nix {
mathjax = nodePackages.mathjax;
};
sagedoc = self.callPackage ./sagedoc.nix {
inherit sage-src;
};
# Package with a cyclic dependency with sage
pybrial = self.callPackage ./pybrial.nix {};
env-locations = self.callPackage ./env-locations.nix {
inherit pari_data ecl;
inherit singular;
three = nodePackages.three;
mathjax = nodePackages.mathjax;
};
sage-env = self.callPackage ./sage-env.nix {
inherit sage-src python rWrapper openblas-cblas-pc ecl singular palp flint pynac pythonEnv;
pkg-config = nixpkgs.pkgconfig; # not to confuse with pythonPackages.pkgconfig
};
sage-with-env = self.callPackage ./sage-with-env.nix {
inherit pythonEnv;
inherit sage-src openblas-blas-pc openblas-cblas-pc openblas-lapack-pc pynac singular;
pkg-config = nixpkgs.pkgconfig; # not to confuse with pythonPackages.pkgconfig
three = nodePackages.three;
};
sage = self.callPackage ./sage.nix { };
sage-wrapper = self.callPackage ./sage-wrapper.nix {
inherit sage-src withDoc;
# `sagelib`, i.e. all of sage except some wrappers and runtime dependencies
sagelib = self.callPackage ./sagelib.nix {
inherit flint ecl arb;
inherit sage-src pynac singular;
linbox = pkgs.linbox.override { withSage = true; };
};
};
};
openblas-blas-pc = callPackage ./openblas-pc.nix { name = "blas"; };
openblas-cblas-pc = callPackage ./openblas-pc.nix { name = "cblas"; };
openblas-lapack-pc = callPackage ./openblas-pc.nix { name = "lapack"; };
jupyter-kernel-definition = {
displayName = "SageMath ${sage-src.version}";
argv = [
"${sage-with-env}/bin/sage" # FIXME which sage
"--python"
"-m"
"sage.repl.ipython_kernel"
"-f"
"{connection_file}"
];
language = "sagemath";
# just one 16x16 logo is available
logo32 = "${sage-src}/doc/common/themes/sage/static/sageicon.png";
logo64 = "${sage-src}/doc/common/themes/sage/static/sageicon.png";
};
# A bash script setting various environment variables to tell sage where
# the files its looking fore are located. Also see `sage-env`.
env-locations = callPackage ./env-locations.nix {
inherit pari_data ecl;
inherit singular;
cysignals = python.pkgs.cysignals;
three = nodePackages.three;
mathjax = nodePackages.mathjax;
};
# The shell file that gets sourced on every sage start. Will also source
# the env-locations file.
sage-env = callPackage ./sage-env.nix {
sagelib = python.pkgs.sagelib;
inherit env-locations;
inherit python rWrapper ecl singular palp flint pynac pythonEnv;
pkg-config = pkgs.pkgconfig; # not to confuse with pythonPackages.pkgconfig
};
# The documentation for sage, building it takes a lot of ram.
sagedoc = callPackage ./sagedoc.nix {
inherit sage-with-env;
inherit python;
};
# sagelib with added wrappers and a dependency on sage-tests to make sure thet tests were run.
sage-with-env = callPackage ./sage-with-env.nix {
inherit pythonEnv;
inherit sage-env;
inherit pynac singular;
pkg-config = pkgs.pkgconfig; # not to confuse with pythonPackages.pkgconfig
three = nodePackages.three;
};
# Doesn't actually build anything, just runs sages testsuite. This is a
# separate derivation to make it possible to re-run the tests without
# rebuilding sagelib (which takes ~30 minutes).
# Running the tests should take something in the order of 1h.
sage-tests = callPackage ./sage-tests.nix {
inherit sage-with-env;
};
sage-src = callPackage ./sage-src.nix {};
@ -77,6 +110,7 @@ let
sympy
fpylll
matplotlib
tkinter # optional, as a matplotlib backend (use with `%matplotlib tk`)
scipy
ipywidgets
rpy2
@ -91,10 +125,11 @@ let
} // { extraLibs = pythonRuntimeDeps; }; # make the libs accessible
# needs to be rWrapper, standard "R" doesn't include default packages
rWrapper = nixpkgs.rWrapper.override {
rWrapper = pkgs.rWrapper.override {
# https://trac.sagemath.org/ticket/25674
R = nixpkgs.R.overrideAttrs (attrs: rec {
R = pkgs.R.overrideAttrs (attrs: rec {
name = "R-3.4.4";
doCheck = false;
src = fetchurl {
url = "http://cran.r-project.org/src/base/R-3/${name}.tar.gz";
sha256 = "0dq3jsnwsb5j3fhl0wi3p5ycv8avf8s5j1y4ap3d2mkjmcppvsdk";
@ -102,44 +137,45 @@ let
});
};
arb = nixpkgs.arb.override { inherit flint; };
arb = pkgs.arb.override { inherit flint; };
singular = nixpkgs.singular.override { inherit flint; };
singular = pkgs.singular.override { inherit flint; };
# *not* to confuse with the python package "pynac"
pynac = nixpkgs.pynac.override { inherit singular flint; };
pynac = pkgs.pynac.override { inherit singular flint; };
# With openblas (64 bit), the tests fail the same way as when sage is build with
# openblas instead of openblasCompat. Apparently other packages somehow use flints
# blas when it is available. Alternative would be to override flint to use
# openblasCompat.
flint = nixpkgs.flint.override { withBlas = false; };
flint = pkgs.flint.override { withBlas = false; };
# Multiple palp dimensions need to be available and sage expects them all to be
# in the same folder.
palp = symlinkJoin {
name = "palp-${nixpkgs.palp.version}";
name = "palp-${pkgs.palp.version}";
paths = [
(nixpkgs.palp.override { dimensions = 4; doSymlink = false; })
(nixpkgs.palp.override { dimensions = 5; doSymlink = false; })
(nixpkgs.palp.override { dimensions = 6; doSymlink = true; })
(nixpkgs.palp.override { dimensions = 11; doSymlink = false; })
(pkgs.palp.override { dimensions = 4; doSymlink = false; })
(pkgs.palp.override { dimensions = 5; doSymlink = false; })
(pkgs.palp.override { dimensions = 6; doSymlink = true; })
(pkgs.palp.override { dimensions = 11; doSymlink = false; })
];
};
# Sage expects those in the same directory.
pari_data = symlinkJoin {
name = "pari_data";
paths = with nixpkgs; [
paths = with pkgs; [
pari-galdata
pari-seadata-small
];
};
# https://trac.sagemath.org/ticket/22191
ecl = nixpkgs.ecl_16_1_2;
ecl = pkgs.ecl_16_1_2;
in
python.pkgs.sage-wrapper // {
doc = python.pkgs.sagedoc;
lib = python.pkgs.sagelib;
}
# A wrapper around sage that makes sure sage finds its docs (if they were build).
callPackage ./sage.nix {
inherit sage-tests sage-with-env sagedoc jupyter-kernel-definition;
inherit withDoc;
}

2
pkgs/applications/science/math/sage/env-locations.nix
View file

@ -16,6 +16,8 @@
, cysignals
}:
# A bash script setting various environment variables to tell sage where
# the files its looking fore are located. Also see `sage-env`.
writeTextFile rec {
name = "sage-env-locations";
destination = "/${name}";

17
pkgs/applications/science/math/sage/openblas-pc.nix
View file

@ -1,17 +0,0 @@
{ openblasCompat
, writeTextFile
, name
}:
writeTextFile {
name = "openblas-${name}-pc-${openblasCompat.version}";
destination = "/lib/pkgconfig/${name}.pc";
text = ''
Name: ${name}
Version: ${openblasCompat.version}
Description: ${name} for SageMath, provided by the OpenBLAS package.
Cflags: -I${openblasCompat}/include
Libs: -L${openblasCompat}/lib -lopenblas
'';
}

16
pkgs/applications/science/math/sage/patches/eclib-20180710.patch
View file

@ -1,16 +0,0 @@
diff --git a/src/sage/interfaces/mwrank.py b/src/sage/interfaces/mwrank.py
index 4417b59276..ae57ca2991 100644
--- a/src/sage/interfaces/mwrank.py
+++ b/src/sage/interfaces/mwrank.py
@@ -54,8 +54,9 @@ def Mwrank(options="", server=None, server_tmpdir=None):
sage: M = Mwrank('-v 0 -l')
sage: print(M('0 0 1 -1 0'))
Curve [0,0,1,-1,0] : Rank = 1
- Generator 1 is [0:-1:1]; height 0.0511114082399688
- Regulator = 0.0511114082399688
+ Generator 1 is [0:-1:1]; height 0.051111408239969
+ Regulator = 0.051111408239969
+
"""
global instances
try:

98
pkgs/applications/science/math/sage/patches/eclib-regulator-precision.patch
View file

@ -1,98 +0,0 @@
diff --git a/src/sage/libs/eclib/interface.py b/src/sage/libs/eclib/interface.py
index f77000c478..9d17d412ae 100644
--- a/src/sage/libs/eclib/interface.py
+++ b/src/sage/libs/eclib/interface.py
@@ -1014,7 +1014,7 @@ class mwrank_MordellWeil(SageObject):
WARNING: saturation at primes p > 2 will not be done;
...
Gained index 2
- New regulator = 93.857300720636393209
+ New regulator = 93.85730...
(False, 2, '[ ]')
sage: EQ.points()
[[-2, 3, 1], [2707496766203306, 864581029138191, 2969715140223272], [-13422227300, -49322830557, 12167000000]]
@@ -1025,7 +1025,7 @@ class mwrank_MordellWeil(SageObject):
WARNING: saturation at primes p > 3 will not be done;
...
Gained index 3
- New regulator = 10.4285889689595992455
+ New regulator = 10.42858...
(False, 3, '[ ]')
sage: EQ.points()
[[-2, 3, 1], [-14, 25, 8], [-13422227300, -49322830557, 12167000000]]
@@ -1036,7 +1036,7 @@ class mwrank_MordellWeil(SageObject):
WARNING: saturation at primes p > 5 will not be done;
...
Gained index 5
- New regulator = 0.417143558758383969818
+ New regulator = 0.41714...
(False, 5, '[ ]')
sage: EQ.points()
[[-2, 3, 1], [-14, 25, 8], [1, -1, 1]]
@@ -1221,7 +1221,7 @@ class mwrank_MordellWeil(SageObject):
WARNING: saturation at primes p > 2 will not be done;
...
Gained index 2
- New regulator = 93.857300720636393209
+ New regulator = 93.85730...
(False, 2, '[ ]')
sage: EQ
Subgroup of Mordell-Weil group: [[-2:3:1], [2707496766203306:864581029138191:2969715140223272], [-13422227300:-49322830557:12167000000]]
@@ -1235,7 +1235,7 @@ class mwrank_MordellWeil(SageObject):
WARNING: saturation at primes p > 3 will not be done;
...
Gained index 3
- New regulator = 10.4285889689595992455
+ New regulator = 10.42858...
(False, 3, '[ ]')
sage: EQ
Subgroup of Mordell-Weil group: [[-2:3:1], [-14:25:8], [-13422227300:-49322830557:12167000000]]
@@ -1249,7 +1249,7 @@ class mwrank_MordellWeil(SageObject):
WARNING: saturation at primes p > 5 will not be done;
...
Gained index 5
- New regulator = 0.417143558758383969818
+ New regulator = 0.41714...
(False, 5, '[ ]')
sage: EQ
Subgroup of Mordell-Weil group: [[-2:3:1], [-14:25:8], [1:-1:1]]
diff --git a/src/sage/libs/eclib/mwrank.pyx b/src/sage/libs/eclib/mwrank.pyx
index a4f89e1ca5..f8a22d2f55 100644
--- a/src/sage/libs/eclib/mwrank.pyx
+++ b/src/sage/libs/eclib/mwrank.pyx
@@ -1234,9 +1234,9 @@ cdef class _two_descent:
sage: D2.saturate()
Searching for points (bound = 8)...done:
found points which generate a subgroup of rank 3
- and regulator 0.417143558758383969817119544618093396749810106098479
+ and regulator 0.41714...
Processing points found during 2-descent...done:
- now regulator = 0.417143558758383969817119544618093396749810106098479
+ now regulator = 0.41714...
No saturation being done
sage: D2.getbasis()
'[[1:-1:1], [-2:3:1], [-14:25:8]]'
@@ -1281,9 +1281,9 @@ cdef class _two_descent:
sage: D2.saturate()
Searching for points (bound = 8)...done:
found points which generate a subgroup of rank 3
- and regulator 0.417143558758383969817119544618093396749810106098479
+ and regulator 0.41714...
Processing points found during 2-descent...done:
- now regulator = 0.417143558758383969817119544618093396749810106098479
+ now regulator = 0.41714...
No saturation being done
sage: D2.getbasis()
'[[1:-1:1], [-2:3:1], [-14:25:8]]'
@@ -1329,9 +1329,9 @@ cdef class _two_descent:
sage: D2.saturate()
Searching for points (bound = 8)...done:
found points which generate a subgroup of rank 3
- and regulator 0.417143558758383969817119544618093396749810106098479
+ and regulator 0.41714...
Processing points found during 2-descent...done:
- now regulator = 0.417143558758383969817119544618093396749810106098479
+ now regulator = 0.41714...
No saturation being done
sage: D2.getbasis()
'[[1:-1:1], [-2:3:1], [-14:25:8]]'

15
pkgs/applications/science/math/sage/patches/known-padics-bug.patch
View file

@ -1,15 +0,0 @@
diff --git a/build/pkgs/openblas/package-version.txt b/build/pkgs/openblas/package-version.txt
index 3bc45c25d4..7c7c224887 100644
--- a/src/sage/schemes/elliptic_curves/padics.py
+++ b/src/sage/schemes/elliptic_curves/padics.py
@@ -292,8 +292,8 @@ def padic_regulator(self, p, prec=20, height=None, check_hypotheses=True):
sage: max_prec = 30 # make sure we get past p^2 # long time
sage: full = E.padic_regulator(5, max_prec) # long time
- sage: for prec in range(1, max_prec): # long time
- ....: assert E.padic_regulator(5, prec) == full # long time
+ sage: for prec in range(1, max_prec): # known bug (#25969) # long time
+ ....: assert E.padic_regulator(5, prec) == full # known bug (#25969) # long time
A case where the generator belongs to the formal group already
(:trac:`3632`)::

12
pkgs/applications/science/math/sage/patches/matplotlib-normed-deprecated.patch
View file

@ -1,12 +0,0 @@
diff --git a/src/sage/all.py b/src/sage/all.py
index 14cec431f1..25a35a0522 100644
--- a/src/sage/all.py
+++ b/src/sage/all.py
@@ -310,6 +310,7 @@ warnings.filters.remove(('ignore', None, DeprecationWarning, None, 0))
# Ignore all deprecations from IPython etc.
warnings.filterwarnings('ignore',
module='.*(IPython|ipykernel|jupyter_client|jupyter_core|nbformat|notebook|ipywidgets|storemagic)')
+warnings.filterwarnings('ignore', "The 'normed' kwarg is deprecated, and has been replaced by the 'density' kwarg.") # matplotlib normed deprecation
# However, be sure to keep OUR deprecation warnings
warnings.filterwarnings('default',
'[\s\S]*See http://trac.sagemath.org/[0-9]* for details.')

28
pkgs/applications/science/math/sage/sage-env.nix
View file

@ -2,7 +2,6 @@
, lib
, writeTextFile
, python
, sage-src
, sagelib
, env-locations
, gfortran
@ -37,7 +36,7 @@
, lcalc
, rubiks
, flintqs
, openblas-cblas-pc
, openblasCompat
, flint
, gmp
, mpfr
@ -47,6 +46,10 @@
, ntl
}:
# This generates a `sage-env` shell file that will be sourced by sage on startup.
# It sets up various environment variables, telling sage where to find its
# dependencies.
let
runtimepath = (lib.makeBinPath ([
"@sage-local@"
@ -96,26 +99,27 @@ writeTextFile rec {
destination = "/${name}";
text = ''
export PKG_CONFIG_PATH='${lib.concatStringsSep ":" (map (pkg: "${pkg}/lib/pkgconfig") [
# This is only needed in the src/sage/misc/cython.py test and I'm not sure if there's really a use-case
# for it outside of the tests. However since singular and openblas are runtime dependencies anyways
# and openblas-cblas-pc is tiny, it doesn't really hurt to include.
# This is only needed in the src/sage/misc/cython.py test and I'm not
# sure if there's really a usecase for it outside of the tests. However
# since singular and openblas are runtime dependencies anyways, it doesn't
# really hurt to include.
singular
openblas-cblas-pc
openblasCompat
])
}'
export SAGE_ROOT='${sage-src}'
export SAGE_ROOT='${sagelib.src}'
export SAGE_LOCAL='@sage-local@'
export SAGE_SHARE='${sagelib}/share'
orig_path="$PATH"
export PATH='${runtimepath}'
# set dependent vars, like JUPYTER_CONFIG_DIR
source "${sage-src}/src/bin/sage-env"
source "${sagelib.src}/src/bin/sage-env"
export PATH="${runtimepath}:$orig_path" # sage-env messes with PATH
export SAGE_LOGS="$TMPDIR/sage-logs"
export SAGE_DOC="''${SAGE_DOC_OVERRIDE:-doc-placeholder}"
export SAGE_DOC_SRC="''${SAGE_DOC_SRC_OVERRIDE:-${sage-src}/src/doc}"
export SAGE_DOC_SRC="''${SAGE_DOC_SRC_OVERRIDE:-${sagelib.src}/src/doc}"
# set locations of dependencies
. ${env-locations}/sage-env-locations
@ -154,9 +158,11 @@ writeTextFile rec {
export SAGE_LIB='${sagelib}/${python.sitePackages}'
export SAGE_EXTCODE='${sage-src}/src/ext'
export SAGE_EXTCODE='${sagelib.src}/src/ext'
# for find_library
# for find_library
export DYLD_LIBRARY_PATH="${lib.makeLibraryPath [stdenv.cc.libc singular]}:$DYLD_LIBRARY_PATH"
'';
} // {
lib = sagelib; # equivalent of `passthru`, which `writeTextFile` doesn't support
}

31
pkgs/applications/science/math/sage/sage-src.nix
View file

@ -2,6 +2,12 @@
, fetchFromGitHub
, fetchpatch
}:
# This file is responsible for fetching the sage source and adding necessary patches.
# It does not actually build anything, it just copies the patched sources to $out.
# This is done because multiple derivations rely on these sources and they should
# all get the same sources with the same patches applied.
stdenv.mkDerivation rec {
version = "8.4";
name = "sage-src-${version}";
@ -13,6 +19,8 @@ stdenv.mkDerivation rec {
sha256 = "0gips1hagiz9m7s21bg5as8hrrm2x5k47h1bsq0pc46iplfwmv2d";
};
# Patches needed because of particularities of nix or the way this is packaged.
# The goal is to upstream all of them and get rid of this list.
nixPatches = [
# https://trac.sagemath.org/ticket/25358
(fetchpatch {
@ -31,6 +39,7 @@ stdenv.mkDerivation rec {
# Revert the commit that made the sphinx build fork even in the single thread
# case. For some yet unknown reason, that breaks the docbuild on nix and archlinux.
# See https://groups.google.com/forum/#!msg/sage-packaging/VU4h8IWGFLA/mrmCMocYBwAJ.
# https://trac.sagemath.org/ticket/26608
./patches/revert-sphinx-always-fork.patch
# Make sure py2/py3 tests are only run when their expected context (all "sage"
@ -39,10 +48,16 @@ stdenv.mkDerivation rec {
./patches/Only-test-py2-py3-optional-tests-when-all-of-sage-is.patch
];
# Patches needed because of package updates. We could just pin the versions of
# dependencies, but that would lead to rebuilds, confusion and the burdons of
# maintaining multiple versions of dependencies. Instead we try to make sage
# compatible with never dependency versions when possible. All these changes
# should come from or be proposed to upstream. This list will probably never
# be empty since dependencies update all the time.
packageUpgradePatches = let
# fetch a diff between base and rev on sage's git server
# used to fetch trac tickets by setting the base to the release and the
# revision to the last commit that should be included
# Fetch a diff between `base` and `rev` on sage's git server.
# Used to fetch trac tickets by setting the `base` to the last release and the
# `rev` to the last commit of the ticket.
fetchSageDiff = { base, rev, ...}@args: (
fetchpatch ({
url = "https://git.sagemath.org/sage.git/patch?id2=${base}&id=${rev}";
@ -54,7 +69,7 @@ stdenv.mkDerivation rec {
in [
# New glpk version has new warnings, filter those out until upstream sage has found a solution
# https://trac.sagemath.org/ticket/24824
./patches/pari-stackwarn.patch # not actually necessary since tha pari upgrade, but necessary for the glpk patch to apply
./patches/pari-stackwarn.patch # not actually necessary since the pari upgrade, but necessary for the glpk patch to apply
(fetchpatch {
url = "https://salsa.debian.org/science-team/sagemath/raw/58bbba93a807ca2933ca317501d093a1bb4b84db/debian/patches/dt-version-glpk-4.65-ignore-warnings.patch";
sha256 = "0b9293v73wb4x13wv5zwyjgclc01zn16msccfzzi6znswklgvddp";
@ -64,8 +79,8 @@ stdenv.mkDerivation rec {
# https://trac.sagemath.org/ticket/25260
./patches/numpy-1.15.1.patch
# ntl upgrade
# https://trac.sagemath.org/ticket/25532#comment:29
# needed for ntl update
# https://trac.sagemath.org/ticket/25532
(fetchpatch {
name = "lcalc-c++11.patch";
url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/sagemath-lcalc-c++11.patch?h=packages/sagemath&id=0e31ae526ab7c6b5c0bfacb3f8b1c4fd490035aa";
@ -100,9 +115,7 @@ stdenv.mkDerivation rec {
})
];
patches = nixPatches ++ packageUpgradePatches ++ [
./patches/known-padics-bug.patch
];
patches = nixPatches ++ packageUpgradePatches;
postPatch = ''
# make sure shebangs etc are fixed, but sage-python23 still works

51
pkgs/applications/science/math/sage/sage-tests.nix Normal file
View file

@ -0,0 +1,51 @@
{ stdenv
, lib
, sage-with-env
, makeWrapper
, files ? null # "null" means run all tests
, longTests ? true # run tests marked as "long time"
}:
# for a quick test of some source files:
# nix-build -E 'with (import ./. {}); sage.tests.override { files = [ "src/sage/misc/cython.py" ];}'
let
src = sage-with-env.env.lib.src;
runAllTests = files == null;
testArgs = if runAllTests then "--all" else testFileList;
patienceSpecifier = if longTests then "--long" else "";
relpathToArg = relpath: lib.escapeShellArg "${src}/${relpath}"; # paths need to be absolute
testFileList = lib.concatStringsSep " " (map relpathToArg files);
in
stdenv.mkDerivation rec {
version = src.version;
name = "sage-tests-${version}";
inherit src;
buildInputs = [
makeWrapper
sage-with-env
];
unpackPhase = "#do nothing";
configurePhase = "#do nothing";
buildPhase = "#do nothing";
installPhase = ''
# This output is not actually needed for anything, the package just
# exists to decouple the sage build from its t ests.
mkdir -p "$out/bin"
# Like a symlink, but make sure that $0 points to the original.
makeWrapper "${sage-with-env}/bin/sage" "$out/bin/sage"
'';
doInstallCheck = true;
installCheckPhase = ''
export HOME="$TMPDIR/sage-home"
mkdir -p "$HOME"
# "--long" tests are in the order of 1h, without "--long" its 1/2h
"sage" -t --timeout=0 --nthreads "$NIX_BUILD_CORES" --optional=sage ${patienceSpecifier} ${testArgs}
'';
}

Some files were not shown because too many files have changed in this diff Show more