From e9ad02461516d74b3e53c5fde55bd41f104dcad5 Mon Sep 17 00:00:00 2001 From: William Johansson Date: Mon, 3 May 2021 19:34:21 +0200 Subject: [PATCH 01/33] xen: move patches specific for 4.10 Makes it easier to include 4.15 patches later. --- ...all-python.patch => 0000-fix-install-python.4.10.patch} | 0 ...000-fix-ipxe-src.patch => 0000-fix-ipxe-src.4.10.patch} | 0 ...se-efi-ld.patch => 0004-makefile-use-efi-ld.4.10.patch} | 0 ...patch => 0005-makefile-fix-efi-mountdir-use.4.10.patch} | 0 pkgs/applications/virtualization/xen/4.10.nix | 7 +++++++ pkgs/applications/virtualization/xen/generic.nix | 4 ---- 6 files changed, 7 insertions(+), 4 deletions(-) rename pkgs/applications/virtualization/xen/{0000-fix-install-python.patch => 0000-fix-install-python.4.10.patch} (100%) rename pkgs/applications/virtualization/xen/{0000-fix-ipxe-src.patch => 0000-fix-ipxe-src.4.10.patch} (100%) rename pkgs/applications/virtualization/xen/{0004-makefile-use-efi-ld.patch => 0004-makefile-use-efi-ld.4.10.patch} (100%) rename pkgs/applications/virtualization/xen/{0005-makefile-fix-efi-mountdir-use.patch => 0005-makefile-fix-efi-mountdir-use.4.10.patch} (100%) diff --git a/pkgs/applications/virtualization/xen/0000-fix-install-python.patch b/pkgs/applications/virtualization/xen/0000-fix-install-python.4.10.patch similarity index 100% rename from pkgs/applications/virtualization/xen/0000-fix-install-python.patch rename to pkgs/applications/virtualization/xen/0000-fix-install-python.4.10.patch diff --git a/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch b/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.10.patch similarity index 100% rename from pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch rename to pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.10.patch diff --git a/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch b/pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.4.10.patch similarity index 100% rename from pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.patch rename to pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.4.10.patch diff --git a/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch b/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.10.patch similarity index 100% rename from pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.patch rename to pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.10.patch diff --git a/pkgs/applications/virtualization/xen/4.10.nix b/pkgs/applications/virtualization/xen/4.10.nix index cb91d850563..a7a1807790c 100644 --- a/pkgs/applications/virtualization/xen/4.10.nix +++ b/pkgs/applications/virtualization/xen/4.10.nix @@ -165,6 +165,13 @@ callPackage (import ./generic.nix (rec { "-Wno-error=zero-length-bounds" ]; + patches = [ + ./0000-fix-ipxe-src.4.10.patch + ./0000-fix-install-python.4.10.patch + ./0004-makefile-use-efi-ld.4.10.patch + ./0005-makefile-fix-efi-mountdir-use.4.10.patch + ]; + postPatch = '' # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. sed 1i'#include ' \ diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 8299304045d..2b7addc52e4 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -133,10 +133,6 @@ stdenv.mkDerivation (rec { ''; patches = [ - ./0000-fix-ipxe-src.patch - ./0000-fix-install-python.patch - ./0004-makefile-use-efi-ld.patch - ./0005-makefile-fix-efi-mountdir-use.patch ] ++ (config.patches or []); postPatch = '' From 2f40c4647b1bf46abded4136075ea47533906fcb Mon Sep 17 00:00:00 2001 From: William Johansson Date: Thu, 22 Apr 2021 23:24:10 +0200 Subject: [PATCH 02/33] xen: upgrade to 4.15 --- .../xen/0000-fix-install-python.4.15.patch | 16 ++ .../xen/0000-fix-ipxe-src.4.15.patch | 27 +++ .../xen/0004-makefile-use-efi-ld.4.15.patch | 42 ++++ ...5-makefile-fix-efi-mountdir-use.4.15.patch | 37 ++++ pkgs/applications/virtualization/xen/4.10.nix | 15 +- pkgs/applications/virtualization/xen/4.15.nix | 179 ++++++++++++++++++ .../virtualization/xen/generic.nix | 23 +-- .../virtualization/xen/packages.nix | 47 ++++- pkgs/top-level/all-packages.nix | 6 + 9 files changed, 376 insertions(+), 16 deletions(-) create mode 100644 pkgs/applications/virtualization/xen/0000-fix-install-python.4.15.patch create mode 100644 pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.15.patch create mode 100644 pkgs/applications/virtualization/xen/0004-makefile-use-efi-ld.4.15.patch create mode 100644 pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.15.patch create mode 100644 pkgs/applications/virtualization/xen/4.15.nix diff --git a/pkgs/applications/virtualization/xen/0000-fix-install-python.4.15.patch b/pkgs/applications/virtualization/xen/0000-fix-install-python.4.15.patch new file mode 100644 index 00000000000..5fc5a6012ee --- /dev/null +++ b/pkgs/applications/virtualization/xen/0000-fix-install-python.4.15.patch @@ -0,0 +1,16 @@ +tools/python/install-wrap script brakes shebangs patching, disable + +diff --git a/tools/Rules.mk b/tools/Rules.mk +index 444e5bacdd..c99ea959ff 100644 +--- a/tools/Rules.mk ++++ b/tools/Rules.mk +@@ -135,8 +135,7 @@ CFLAGS += $(CFLAGS-y) + + CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) + +-INSTALL_PYTHON_PROG = \ +- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) ++INSTALL_PYTHON_PROG = $(INSTALL_PROG) + + %.opic: %.c + $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.15.patch b/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.15.patch new file mode 100644 index 00000000000..08e9aa5ad2f --- /dev/null +++ b/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.4.15.patch @@ -0,0 +1,27 @@ +hack to make etherboot use prefetched ipxe + +diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile +index ed9e11305f..979a3acea8 100644 +--- a/tools/firmware/etherboot/Makefile ++++ b/tools/firmware/etherboot/Makefile +@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz + + D=ipxe + T=ipxe.tar.gz ++G=ipxe.git + + ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS))) + ROM = $D/src/bin/ipxe.bin +@@ -41,9 +42,9 @@ $T: + fi + mv _$T $T + +-$D/src/arch/i386/Makefile: $T Config +- rm -rf $D +- gzip -dc $T | tar xf - ++$D/src/arch/i386/Makefile: $G Config ++ mkdir $D ++ cp -a $G/* $D + for i in $$(cat patches/series) ; do \ + patch -d $D -p1 --quiet /dev/null && echo y) + # Check if the linker supports PE. + EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(XEN_LDFLAGS)) --subsystem=10 --strip-debug +-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y)) ++XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(EFI_LD) $(EFI_LDFLAGS) -o efi/check.efi efi/check.o 2>/dev/null && echo y)) + CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI + # Check if the linker produces fixups in PE by default (we need to disable it doing so for now). + XEN_NO_PE_FIXUPS := $(if $(XEN_BUILD_EFI), \ +- $(shell $(LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \ ++ $(shell $(EFI_LD) $(EFI_LDFLAGS) --disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \ + echo --disable-reloc-section)) + endif + +@@ -217,20 +217,20 @@ note_file_option ?= $(note_file) + ifeq ($(XEN_BUILD_PE),y) + $(TARGET).efi: prelink-efi.o $(note_file) efi.lds efi/relocs-dummy.o efi/mkreloc + $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ +- $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \ ++ $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< efi/relocs-dummy.o \ + $(BASEDIR)/common/symbols-dummy.o $(note_file_option) -o $(@D)/.$(@F).$(base).0 &&) : + efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).0) >$(@D)/.$(@F).0r.S + $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).0 \ + | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).0s.S + $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o + $(foreach base, $(VIRT_BASE) $(ALT_BASE), \ +- $(LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ ++ $(EFI_LD) $(call EFI_LDFLAGS,$(base)) -T efi.lds -N $< \ + $(@D)/.$(@F).0r.o $(@D)/.$(@F).0s.o $(note_file_option) -o $(@D)/.$(@F).$(base).1 &&) : + efi/mkreloc $(foreach base,$(VIRT_BASE) $(ALT_BASE),$(@D)/.$(@F).$(base).1) >$(@D)/.$(@F).1r.S + $(NM) -pa --format=sysv $(@D)/.$(@F).$(VIRT_BASE).1 \ + | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S + $(MAKE) -f $(BASEDIR)/Rules.mk $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o +- $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ ++ $(EFI_LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T efi.lds -N $< \ + $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ + $(NM) -pa --format=sysv $(@D)/$(@F) \ + | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map diff --git a/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.15.patch b/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.15.patch new file mode 100644 index 00000000000..8f07c1a8e29 --- /dev/null +++ b/pkgs/applications/virtualization/xen/0005-makefile-fix-efi-mountdir-use.4.15.patch @@ -0,0 +1,37 @@ +EFI_MOUNTPOINT is conventionally /boot/efi or /boot/EFI or something +like that, and (on my machine) has directories within that called +{Boot, nixos, gummiboot}. + +This patch does two things: + +1) Xen apparently wants to put files in +$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR) - we remove the duplicate 'efi' name +because I can't see why we have it + +2) Ensures the said directory exists + + +diff --git a/xen/Makefile b/xen/Makefile +index acb2d28891..d0763fbbe7 100644 +--- a/xen/Makefile ++++ b/xen/Makefile +@@ -289,7 +289,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) + ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ + ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ + if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ +- $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ ++ [ -d $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ] || \ ++ $(INSTALL_DIR) $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR) ;\ ++ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ + elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ + echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \ + fi; \ +@@ -319,7 +321,7 @@ _uninstall: + rm -f $(D)$(DEBUG_DIR)/$(T)-$(XEN_FULLVERSION).efi.map + rm -f $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi + rm -f $(D)$(EFI_DIR)/$(T).efi +- rm -f $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ++ rm -f $(D)$(EFI_MOUNTPOINT)/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi + + .PHONY: _debug + _debug: diff --git a/pkgs/applications/virtualization/xen/4.10.nix b/pkgs/applications/virtualization/xen/4.10.nix index a7a1807790c..aadd66304e6 100644 --- a/pkgs/applications/virtualization/xen/4.10.nix +++ b/pkgs/applications/virtualization/xen/4.10.nix @@ -8,6 +8,9 @@ , withOVMF ? false, OVMF , withLibHVM ? true +# xen +, lvm2, ncurses, python2Packages + # qemu , udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir , alsa-lib, glib, python2 @@ -173,6 +176,13 @@ callPackage (import ./generic.nix (rec { ]; postPatch = '' + substituteInPlace tools/blktap2/lvm/lvm-util.c \ + --replace /usr/sbin/vgs ${lvm2}/bin/vgs \ + --replace /usr/sbin/lvs ${lvm2}/bin/lvs + + substituteInPlace tools/xenstat/Makefile \ + --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. sed 1i'#include ' \ -i tools/blktap2/control/tap-ctl-allocate.c \ @@ -188,4 +198,7 @@ callPackage (import ./generic.nix (rec { else throw "this xen has no qemu builtin"; }; -})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) +})) ({ + ocamlPackages = ocaml-ng.ocamlPackages_4_05; + pythonPackages = python2Packages; +} // args) diff --git a/pkgs/applications/virtualization/xen/4.15.nix b/pkgs/applications/virtualization/xen/4.15.nix new file mode 100644 index 00000000000..a1d4368c8fb --- /dev/null +++ b/pkgs/applications/virtualization/xen/4.15.nix @@ -0,0 +1,179 @@ +{ lib, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? false + +# xen +, python3Packages + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsa-lib, glib, python3 +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; +assert !withLibHVM; + +with lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsa-lib glib python3 + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.15.0"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "1bddy402pw7brng5xnbm9l592ylvgm2hfrydxl9jk7vcfaa17x3c"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + qemu-xen = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen.git"; + # rev = "refs/tags/qemu-xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "7ea428895af2840d85c524f0bd11a38aac308308"; + sha256 = "0p6v8w3xasp2jggwyjnyn7hrzdmx1qimf8x49p070xcfr96mrpyp"; + }; + buildInputs = qemuDeps; + postPatch = '' + # needed in build but /usr/bin/env is not available in sandbox + substituteInPlace scripts/tracetool.py \ + --replace "/usr/bin/env python" "${python3}/bin/python" + ''; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + # TODO 4.15: something happened with traditional in this release? + qemu-xen-traditional = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; + # rev = "refs/tags/xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "3d273dd05e51e5a1ffba3d98c7437ee84e8f8764"; + sha256 = "1dc6dhjp4y2irmi9yiyw1kzmm1habyy8j1s2zkf6qyak850krqj7"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/seabios.git"; + rev = "b0d61ecef66eb05bd7a4eb7ada88ec5dab06dfee"; + sha256 = "07y06vlqj0qm1945c50pg07lvcpv6bibc6qxhavfcx3zskzsz863"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/ovmf.git"; + rev = "a3741780fe3535e19e02efa869a7cac481891129"; + sha256 = "0000000000000000000000000000000000000000000000000000"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = "https://git.ipxe.org/ipxe.git"; + rev = "988d2c13cdf0f0b4140685af35ced70ac5b3283c"; + sha256 = "1pkf1n1c0rdlzfls8fvjvi1sd9xjd9ijqlyz3wigr70ijcv6x8i9"; + }; + meta.description = "Xen's fork of iPXE"; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + NIX_CFLAGS_COMPILE = toString [ + # TODO 4.15: drop unneeded ones + # Fix build on Glibc 2.24. + "-Wno-error=deprecated-declarations" + # Fix build with GCC 8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" + # Fix build with GCC 9 + "-Wno-error=address-of-packed-member" + "-Wno-error=format-overflow" + "-Wno-error=absolute-value" + # Fix build with GCC 10 + "-Wno-error=enum-conversion" + "-Wno-error=zero-length-bounds" + ]; + + patches = [ + ./0000-fix-ipxe-src.4.15.patch + ./0000-fix-install-python.4.15.patch + ./0004-makefile-use-efi-ld.4.15.patch + ./0005-makefile-fix-efi-mountdir-use.4.15.patch + ]; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include ' \ + -i tools/libs/light/libxl_device.c + + # Fix missing pkg-config dir + mkdir -p tools/pkg-config + ''; + + preBuild = '' + # PKG_CONFIG env var collides with variables used in tools Makefiles. + unset PKG_CONFIG + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ + ocamlPackages = ocaml-ng.ocamlPackages_4_05; + pythonPackages = python3Packages; +} // args) diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 2b7addc52e4..682f35b0471 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -4,9 +4,8 @@ config: # Xen , bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib , acpica-tools, libaio, libiconv, libuuid, ncurses, openssl, perl -, python2Packages -# python2Packages.python , xz, yajl, zlib +, pythonPackages # Xen Optional , ocamlPackages @@ -14,10 +13,9 @@ config: # Scripts , coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools , iproute2, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd -, lvm2, util-linux, procps, systemd +, util-linux, procps, systemd # Documentation -# python2Packages.markdown , transfig, ghostscript, texinfo, pandoc , binutils-unwrapped @@ -72,16 +70,16 @@ stdenv.mkDerivation (rec { # Xen bison bzip2 checkpolicy dev86 figlet flex gettext glib acpica-tools libaio - libiconv libuuid ncurses openssl perl python2Packages.python xz yajl zlib + libiconv libuuid ncurses openssl perl pythonPackages.python xz yajl zlib # oxenstored ocamlPackages.findlib ocamlPackages.ocaml systemd # Python fixes - python2Packages.wrapPython + pythonPackages.wrapPython # Documentation - python2Packages.markdown transfig ghostscript texinfo pandoc + pythonPackages.markdown transfig ghostscript texinfo pandoc # Others ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles)) @@ -152,10 +150,6 @@ stdenv.mkDerivation (rec { substituteInPlace tools/libfsimage/common/fsimage_plugin.c \ --replace /usr $out - substituteInPlace tools/blktap2/lvm/lvm-util.c \ - --replace /usr/sbin/vgs ${lvm2}/bin/vgs \ - --replace /usr/sbin/lvs ${lvm2}/bin/lvs - substituteInPlace tools/misc/xenpvnetboot \ --replace /usr/sbin/mount ${util-linux}/bin/mount \ --replace /usr/sbin/umount ${util-linux}/bin/umount @@ -163,9 +157,6 @@ stdenv.mkDerivation (rec { substituteInPlace tools/xenmon/xenmon.py \ --replace /usr/bin/pkill ${procps}/bin/pkill - substituteInPlace tools/xenstat/Makefile \ - --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h - ${optionalString (builtins.compareVersions config.version "4.8" >= 0) '' substituteInPlace tools/hotplug/Linux/launch-xenstore.in \ --replace /bin/mkdir mkdir @@ -205,6 +196,10 @@ stdenv.mkDerivation (rec { makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ] ++ (config.makeFlags or []); + preBuild = '' + ${config.preBuild or ""} + ''; + buildFlags = [ "xen" "tools" ]; postBuild = '' diff --git a/pkgs/applications/virtualization/xen/packages.nix b/pkgs/applications/virtualization/xen/packages.nix index 5ff263dc8ff..72255146194 100644 --- a/pkgs/applications/virtualization/xen/packages.nix +++ b/pkgs/applications/virtualization/xen/packages.nix @@ -52,8 +52,53 @@ rec { }; }; + xen_4_15-vanilla = callPackage ./4.15.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_15-slim = xen_4_15-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_15-light = xen_4_15-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + xen-vanilla = xen_4_10-vanilla; xen-slim = xen_4_10-slim; xen-light = xen_4_10-light; - } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f2d1001077b..39fd663b229 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22452,6 +22452,8 @@ with pkgs; qemu_xen-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen-light; }); qemu_xen_4_10 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-slim; }); qemu_xen_4_10-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_10-light; }); + qemu_xen_4_15 = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_15-slim; }); + qemu_xen_4_15-light = lowPrio (qemu.override { hostCpuOnly = true; xenSupport = true; xen = xen_4_15-light; }); qemu_test = lowPrio (qemu.override { hostCpuOnly = true; nixosTestRunner = true; }); @@ -29221,6 +29223,10 @@ with pkgs; xen_4_10-slim = xenPackages.xen_4_10-slim; xen_4_10-light = xenPackages.xen_4_10-light; + xen_4_15 = xenPackages.xen_4_15-vanilla; + xen_4_15-slim = xenPackages.xen_4_15-slim; + xen_4_15-light = xenPackages.xen_4_15-light; + xkbset = callPackage ../tools/X11/xkbset { }; xkbmon = callPackage ../applications/misc/xkbmon { }; From 9591c9170fd20966e6a5e6f108bc4d4f19fcd25d Mon Sep 17 00:00:00 2001 From: William Johansson Date: Sat, 13 Nov 2021 18:29:58 +0100 Subject: [PATCH 03/33] xen: bump to 4.15.1 --- pkgs/applications/virtualization/xen/4.15.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/virtualization/xen/4.15.nix b/pkgs/applications/virtualization/xen/4.15.nix index a1d4368c8fb..d600c06e369 100644 --- a/pkgs/applications/virtualization/xen/4.15.nix +++ b/pkgs/applications/virtualization/xen/4.15.nix @@ -42,11 +42,11 @@ let in callPackage (import ./generic.nix (rec { - version = "4.15.0"; + version = "4.15.1"; src = fetchurl { url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; - sha256 = "1bddy402pw7brng5xnbm9l592ylvgm2hfrydxl9jk7vcfaa17x3c"; + sha256 = "1rmc7gb72xwhr3h9rc3bkac41s8kjjzz45miwdq6yalyq7j7vss5"; }; # Sources needed to build tools and firmwares. @@ -56,8 +56,8 @@ callPackage (import ./generic.nix (rec { url = "https://xenbits.xen.org/git-http/qemu-xen.git"; # rev = "refs/tags/qemu-xen-${version}"; # use revision hash - reproducible but must be updated with each new version - rev = "7ea428895af2840d85c524f0bd11a38aac308308"; - sha256 = "0p6v8w3xasp2jggwyjnyn7hrzdmx1qimf8x49p070xcfr96mrpyp"; + rev = "e2af2d050338c99e8436e251ad67aafb3ebbd501"; + sha256 = "sha256-gVykPtzAA7tmpe6iVvnulaW+b0jD3gwL1JXC5yeIA7M="; }; buildInputs = qemuDeps; postPatch = '' @@ -90,8 +90,8 @@ callPackage (import ./generic.nix (rec { "firmware/seabios-dir-remote" = { src = fetchgit { url = "https://xenbits.xen.org/git-http/seabios.git"; - rev = "b0d61ecef66eb05bd7a4eb7ada88ec5dab06dfee"; - sha256 = "07y06vlqj0qm1945c50pg07lvcpv6bibc6qxhavfcx3zskzsz863"; + rev = "155821a1990b6de78dde5f98fa5ab90e802021e0"; + sha256 = "sha256-F3lzr00CMAObJtpz0eZFT/rwjFx+bvlI37/JtHXP5Eo="; }; patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; meta.description = "Xen's fork of Seabios"; From 93437909af24b6728e447ffbeaef7923f8814f3c Mon Sep 17 00:00:00 2001 From: William Johansson Date: Sat, 13 Nov 2021 18:30:35 +0100 Subject: [PATCH 04/33] xen: patch 4.15 with XSA-386 --- pkgs/applications/virtualization/xen/4.15.nix | 4 +++- pkgs/applications/virtualization/xen/xsa-patches.nix | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/virtualization/xen/4.15.nix b/pkgs/applications/virtualization/xen/4.15.nix index d600c06e369..505bc313c43 100644 --- a/pkgs/applications/virtualization/xen/4.15.nix +++ b/pkgs/applications/virtualization/xen/4.15.nix @@ -146,11 +146,13 @@ callPackage (import ./generic.nix (rec { "-Wno-error=zero-length-bounds" ]; - patches = [ + patches = with xsa; flatten [ ./0000-fix-ipxe-src.4.15.patch ./0000-fix-install-python.4.15.patch ./0004-makefile-use-efi-ld.4.15.patch ./0005-makefile-fix-efi-mountdir-use.4.15.patch + + XSA_386 ]; postPatch = '' diff --git a/pkgs/applications/virtualization/xen/xsa-patches.nix b/pkgs/applications/virtualization/xen/xsa-patches.nix index b1d1d7783c2..d789697a559 100644 --- a/pkgs/applications/virtualization/xen/xsa-patches.nix +++ b/pkgs/applications/virtualization/xen/xsa-patches.nix @@ -485,4 +485,9 @@ in { sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm"; }) ]; + + XSA_386 = (xsaPatch { + name = "386"; + sha256 = "sha256-pAuLgt3sDeL73NSDqZCWxRGZk1tWaYlDbh7cUcJ4s+w="; + }); } From 1a2c2846b0933b596c51e964acb8a45ab9a13691 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Wed, 18 Jan 2023 18:15:55 +0100 Subject: [PATCH 05/33] lib.path.subpath.join: init This function can be used to safely join subpaths together --- lib/path/default.nix | 77 +++++++++++++++++++++++++++++++++++++++++ lib/path/tests/unit.nix | 30 ++++++++++++++++ 2 files changed, 107 insertions(+) diff --git a/lib/path/default.nix b/lib/path/default.nix index 075e2fc0d13..a4a08668ae6 100644 --- a/lib/path/default.nix +++ b/lib/path/default.nix @@ -15,6 +15,9 @@ let last genList elemAt + all + concatMap + foldl' ; inherit (lib.strings) @@ -190,6 +193,80 @@ in /* No rec! Add dependencies on this file at the top. */ { subpathInvalidReason value == null; + /* Join subpath strings together using `/`, returning a normalised subpath string. + + Like `concatStringsSep "/"` but safer, specifically: + + - All elements must be valid subpath strings, see `lib.path.subpath.isValid` + + - The result gets normalised, see `lib.path.subpath.normalise` + + - The edge case of an empty list gets properly handled by returning the neutral subpath `"./."` + + Laws: + + - Associativity: + + subpath.join [ x (subpath.join [ y z ]) ] == subpath.join [ (subpath.join [ x y ]) z ] + + - Identity - `"./."` is the neutral element for normalised paths: + + subpath.join [ ] == "./." + subpath.join [ (subpath.normalise p) "./." ] == subpath.normalise p + subpath.join [ "./." (subpath.normalise p) ] == subpath.normalise p + + - Normalisation - the result is normalised according to `lib.path.subpath.normalise`: + + subpath.join ps == subpath.normalise (subpath.join ps) + + - For non-empty lists, the implementation is equivalent to normalising the result of `concatStringsSep "/"`. + Note that the above laws can be derived from this one. + + ps != [] -> subpath.join ps == subpath.normalise (concatStringsSep "/" ps) + + Type: + subpath.join :: [ String ] -> String + + Example: + subpath.join [ "foo" "bar/baz" ] + => "./foo/bar/baz" + + # normalise the result + subpath.join [ "./foo" "." "bar//./baz/" ] + => "./foo/bar/baz" + + # passing an empty list results in the current directory + subpath.join [ ] + => "./." + + # elements must be valid subpath strings + subpath.join [ /foo ] + => + subpath.join [ "" ] + => + subpath.join [ "/foo" ] + => + subpath.join [ "../foo" ] + => + */ + subpath.join = + # The list of subpaths to join together + subpaths: + # Fast in case all paths are valid + if all isValid subpaths + then joinRelPath (concatMap splitRelPath subpaths) + else + # Otherwise we take our time to gather more info for a better error message + # Strictly go through each path, throwing on the first invalid one + # Tracks the list index in the fold accumulator + foldl' (i: path: + if isValid path + then i + 1 + else throw '' + lib.path.subpath.join: Element at index ${toString i} is not a valid subpath string: + ${subpathInvalidReason path}'' + ) 0 subpaths; + /* Normalise a subpath. Throw an error if the subpath isn't valid, see `lib.path.subpath.isValid` diff --git a/lib/path/tests/unit.nix b/lib/path/tests/unit.nix index a1a45173a90..61c4ab4d6f2 100644 --- a/lib/path/tests/unit.nix +++ b/lib/path/tests/unit.nix @@ -107,6 +107,36 @@ let expected = true; }; + # Test examples from the lib.path.subpath.join documentation + testSubpathJoinExample1 = { + expr = subpath.join [ "foo" "bar/baz" ]; + expected = "./foo/bar/baz"; + }; + testSubpathJoinExample2 = { + expr = subpath.join [ "./foo" "." "bar//./baz/" ]; + expected = "./foo/bar/baz"; + }; + testSubpathJoinExample3 = { + expr = subpath.join [ ]; + expected = "./."; + }; + testSubpathJoinExample4 = { + expr = (builtins.tryEval (subpath.join [ /foo ])).success; + expected = false; + }; + testSubpathJoinExample5 = { + expr = (builtins.tryEval (subpath.join [ "" ])).success; + expected = false; + }; + testSubpathJoinExample6 = { + expr = (builtins.tryEval (subpath.join [ "/foo" ])).success; + expected = false; + }; + testSubpathJoinExample7 = { + expr = (builtins.tryEval (subpath.join [ "../foo" ])).success; + expected = false; + }; + # Test examples from the lib.path.subpath.normalise documentation testSubpathNormaliseExample1 = { expr = subpath.normalise "foo//bar"; From bd7bc857e3da164df6686be04a3cefa6a2a67cc0 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Tue, 7 Mar 2023 20:01:24 +0100 Subject: [PATCH 06/33] matrix-appservice-slack: 2.1.0 -> 2.1.1 https://github.com/matrix-org/matrix-appservice-slack/releases/tag/2.1.1 --- .../matrix-synapse/matrix-appservice-slack/package.json | 4 ++-- .../servers/matrix-synapse/matrix-appservice-slack/pin.json | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-slack/package.json b/pkgs/servers/matrix-synapse/matrix-appservice-slack/package.json index dd5c93989c8..aa3225725df 100644 --- a/pkgs/servers/matrix-synapse/matrix-appservice-slack/package.json +++ b/pkgs/servers/matrix-synapse/matrix-appservice-slack/package.json @@ -1,6 +1,6 @@ { "name": "matrix-appservice-slack", - "version": "2.1.0", + "version": "2.1.1", "description": "A Matrix <--> Slack bridge", "engines": { "node": ">=16 <=18" @@ -42,7 +42,7 @@ "axios": "^0.27.2", "classnames": "^2.3.2", "escape-string-regexp": "^4.0.0", - "matrix-appservice-bridge": "^8.1.0", + "matrix-appservice-bridge": "^8.1.1", "matrix-widget-api": "^1.1.1", "minimist": "^1.2.6", "nedb": "^1.8.0", diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-slack/pin.json b/pkgs/servers/matrix-synapse/matrix-appservice-slack/pin.json index 06d4e4b1426..7a9f4b44e26 100644 --- a/pkgs/servers/matrix-synapse/matrix-appservice-slack/pin.json +++ b/pkgs/servers/matrix-synapse/matrix-appservice-slack/pin.json @@ -1,5 +1,5 @@ { - "version": "2.1.0", - "srcHash": "qAmbW/aDeBWTi1czQtrsb6d5TEYw9gYJ4lpJbaX9nb0=", - "yarnHash": "1r5fqw7y8fzgjnl5xlr8djfmmkm8kqw5p3w12ffll6irwz90wajx" + "version": "2.1.1", + "srcHash": "+NO/V3EyqdxavnSTBU7weJnueL6+aCH3UWkqclpsId0=", + "yarnHash": "1pqv7g3xbfs4zhmyxy5p216kq2jwjfjzxw2dv2a7hl0qwk6igyki" } From bc3335af8b5aff0c20551b7b5c932ecf83b9e17f Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Tue, 7 Mar 2023 20:02:00 +0100 Subject: [PATCH 07/33] matrix-appservice-slack: add chvp to maintainers --- pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix index 19ddce8cc85..21e49c9b1e0 100644 --- a/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix +++ b/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix @@ -47,7 +47,7 @@ mkYarnPackage rec { meta = with lib; { description = "A Matrix <--> Slack bridge"; - maintainers = with maintainers; [ beardhatcode ]; + maintainers = with maintainers; [ beardhatcode chvp ]; license = licenses.asl20; }; } From 639825c943b5d5618d2d6be289274d40d8c5f5ac Mon Sep 17 00:00:00 2001 From: Thibault Gagnaux Date: Thu, 9 Mar 2023 10:12:48 +0100 Subject: [PATCH 08/33] bats: update 1.8.2 -> 1.9.0 --- pkgs/development/interpreters/bats/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/bats/default.nix b/pkgs/development/interpreters/bats/default.nix index 00aada39652..4e7effcbb80 100644 --- a/pkgs/development/interpreters/bats/default.nix +++ b/pkgs/development/interpreters/bats/default.nix @@ -22,13 +22,13 @@ resholve.mkDerivation rec { pname = "bats"; - version = "1.8.2"; + version = "1.9.0"; src = fetchFromGitHub { owner = "bats-core"; repo = "bats-core"; rev = "v${version}"; - sha256 = "sha256-Kitlx26cK2RiAC+PdRIdDLF5crorg6UB6uSzbKCrDHE="; + sha256 = "sha256-nKBNbqJYRd/3tO85E6KrOh32yOaNKpLXxz5gQ5Uvmcc="; }; patchPhase = '' @@ -91,6 +91,8 @@ resholve.mkDerivation rec { "$pre_command" = true; "$BATS_TEST_NAME" = true; "${placeholder "out"}/libexec/bats-core/bats-exec-test" = true; + "$BATS_LINE_REFERENCE_FORMAT" = "comma_line"; + "$BATS_LOCKING_IMPLEMENTATION" = "${flock}/bin/flock"; }; execer = [ /* From a42a71cdbb618d2f999ff7a1d2c873f65d941f5e Mon Sep 17 00:00:00 2001 From: Thibault Gagnaux Date: Sat, 11 Mar 2023 10:32:26 +0100 Subject: [PATCH 09/33] bats: bats-assert 2.0.0 -> 2.1.0 --- pkgs/development/interpreters/bats/libraries.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/development/interpreters/bats/libraries.nix b/pkgs/development/interpreters/bats/libraries.nix index ef0b40c31b7..9e60a4dc992 100644 --- a/pkgs/development/interpreters/bats/libraries.nix +++ b/pkgs/development/interpreters/bats/libraries.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchFromGitHub }: { - bats-assert = stdenv.mkDerivation { + bats-assert = stdenv.mkDerivation rec { pname = "bats-assert"; - version = "2.0.0"; + version = "2.1.0"; src = fetchFromGitHub { owner = "bats-core"; repo = "bats-assert"; - rev = "v2.0.0"; - sha256 = "sha256-whSbAj8Xmnqclf78dYcjf1oq099ePtn4XX9TUJ9AlyQ="; + rev = "v${version}"; + sha256 = "sha256-opgyrkqTwtnn/lUjMebbLfS/3sbI2axSusWd5i/5wm4="; }; dontBuild = true; installPhase = '' @@ -23,13 +23,13 @@ }; }; - bats-file = stdenv.mkDerivation { + bats-file = stdenv.mkDerivation rec { pname = "bats-file"; version = "0.3.0"; src = fetchFromGitHub { owner = "bats-core"; repo = "bats-file"; - rev = "v0.3.0"; + rev = "v${version}"; sha256 = "sha256-3xevy0QpwNZrEe+2IJq58tKyxQzYx8cz6dD2nz7fYUM="; }; dontBuild = true; @@ -47,13 +47,13 @@ }; }; - bats-support = stdenv.mkDerivation { + bats-support = stdenv.mkDerivation rec { pname = "bats-support"; version = "0.3.0"; src = fetchFromGitHub { owner = "bats-core"; repo = "bats-support"; - rev = "v0.3.0"; + rev = "v${version}"; sha256 = "sha256-4N7XJS5XOKxMCXNC7ef9halhRpg79kUqDuRnKcrxoeo="; }; dontBuild = true; From f4fcb40eb45ccd25d5631d81d7fb410d4ab1f58e Mon Sep 17 00:00:00 2001 From: Thibault Gagnaux Date: Sat, 11 Mar 2023 10:48:09 +0100 Subject: [PATCH 10/33] bats: add bats-file library test --- pkgs/development/interpreters/bats/default.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/bats/default.nix b/pkgs/development/interpreters/bats/default.nix index 4e7effcbb80..97a209f2084 100644 --- a/pkgs/development/interpreters/bats/default.nix +++ b/pkgs/development/interpreters/bats/default.nix @@ -138,8 +138,15 @@ resholve.mkDerivation rec { setup() { bats_load_library bats-support bats_load_library bats-assert + bats_load_library bats-file bats_require_minimum_version 1.5.0 + + TEST_TEMP_DIR="$(temp_make --prefix 'nixpkgs-bats-test')" + } + + teardown() { + temp_del "$TEST_TEMP_DIR" } @test echo_hi { @@ -152,10 +159,17 @@ resholve.mkDerivation rec { assert_line --index 0 "cp: missing file operand" assert_line --index 1 "Try 'cp --help' for more information." } + + @test file_exists { + echo "hi" > "$TEST_TEMP_DIR/hello.txt" + assert_file_exist "$TEST_TEMP_DIR/hello.txt" + run cat "$TEST_TEMP_DIR/hello.txt" + assert_output "hi" + } ''; passAsFile = [ "testScript" ]; } '' - ${bats.withLibraries (p: [ p.bats-support p.bats-assert ])}/bin/bats "$testScriptPath" + ${bats.withLibraries (p: [ p.bats-support p.bats-assert p.bats-file ])}/bin/bats "$testScriptPath" touch "$out" ''; From 9705c197c8bee54262e5870cb11eb6a957d21385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 12 Mar 2023 17:34:45 +0100 Subject: [PATCH 11/33] nix-eval-jobs: 2.13.0 -> 2.14.0 --- pkgs/tools/package-management/nix-eval-jobs/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/package-management/nix-eval-jobs/default.nix b/pkgs/tools/package-management/nix-eval-jobs/default.nix index 3d42d4907e7..0ec3f8603d3 100644 --- a/pkgs/tools/package-management/nix-eval-jobs/default.nix +++ b/pkgs/tools/package-management/nix-eval-jobs/default.nix @@ -11,12 +11,12 @@ }: stdenv.mkDerivation rec { pname = "nix-eval-jobs"; - version = "2.13.0"; + version = "2.14.0"; src = fetchFromGitHub { owner = "nix-community"; repo = pname; rev = "v${version}"; - hash = "sha256-O0Ro9vwf2kDhGFs32puQIeW/rSSduC9sD5zV8e/GtvA="; + hash = "sha256-fpksS7lbaYwjf7NuPFE44wvyGcT5d+ERBCJmZoKXaWA="; }; buildInputs = [ boost diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 36577abfc3c..f7baa6183a2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -38280,7 +38280,9 @@ with pkgs; dnadd = callPackage ../tools/nix/dnadd { }; - nix-eval-jobs = callPackage ../tools/package-management/nix-eval-jobs { }; + nix-eval-jobs = callPackage ../tools/package-management/nix-eval-jobs { + nix = nixVersions.nix_2_14; + }; nix-doc = callPackage ../tools/package-management/nix-doc { }; From 581c92f09e846f79e5cd6ac5ca3959d85aa26b44 Mon Sep 17 00:00:00 2001 From: Sefa Eyeoglu Date: Mon, 13 Mar 2023 13:37:49 +0100 Subject: [PATCH 12/33] listenbrainz-mpd: 2.0.2 -> 2.1.0 Signed-off-by: Sefa Eyeoglu --- pkgs/applications/audio/listenbrainz-mpd/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/audio/listenbrainz-mpd/default.nix b/pkgs/applications/audio/listenbrainz-mpd/default.nix index 04216bdf09f..b8315098549 100644 --- a/pkgs/applications/audio/listenbrainz-mpd/default.nix +++ b/pkgs/applications/audio/listenbrainz-mpd/default.nix @@ -5,25 +5,26 @@ , stdenv , openssl , libiconv +, sqlite , Security }: rustPlatform.buildRustPackage rec { pname = "listenbrainz-mpd"; - version = "2.0.2"; + version = "2.1.0"; src = fetchFromGitea { domain = "codeberg.org"; owner = "elomatreb"; repo = "listenbrainz-mpd"; rev = "v${version}"; - hash = "sha256-DO7YUqaJZyVWjiAZ9WIVNTTvOU0qdsI2ct7aT/6O5dQ="; + hash = "sha256-AalZTlizaw93KlVffFDjGNoKkCHUFQTiElZgJo64shs="; }; - cargoHash = "sha256-MiAalxe0drRHrST3maVvi8GM2y3d0z4Zl7R7Zx8VjEM="; + cargoHash = "sha256-n24P56ZrF8qEpM45uIFr7bJhlzuAexNr6siEsF219uA="; nativeBuildInputs = [ pkg-config ]; - buildInputs = if stdenv.isDarwin then [ libiconv Security ] else [ openssl ]; + buildInputs = [ sqlite ] ++ (if stdenv.isDarwin then [ libiconv Security ] else [ openssl ]); meta = with lib; { homepage = "https://codeberg.org/elomatreb/listenbrainz-mpd"; From 8a48222ce98ba3d3d69bdabf1f516764ef290058 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 08:30:14 +0100 Subject: [PATCH 13/33] python310Packages.argcomplete: update ordering and style --- .../python-modules/argcomplete/default.nix | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/argcomplete/default.nix b/pkgs/development/python-modules/argcomplete/default.nix index 12fd0fbd5a3..c1ffee25db7 100644 --- a/pkgs/development/python-modules/argcomplete/default.nix +++ b/pkgs/development/python-modules/argcomplete/default.nix @@ -1,6 +1,6 @@ -{ buildPythonPackage +{ lib +, buildPythonPackage , fetchPypi -, lib , pexpect }: @@ -10,7 +10,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "sha256-cuCDQIUtMlREWcDBmq0bSKosOpbejG5XQkVrT1OMpS8="; + hash = "sha256-cuCDQIUtMlREWcDBmq0bSKosOpbejG5XQkVrT1OMpS8="; }; postPatch = '' @@ -19,19 +19,21 @@ buildPythonPackage rec { --replace " + lint_require" "" ''; - # tries to build and install test packages which fails - doCheck = false; - propagatedBuildInputs = [ pexpect ]; - pythonImportsCheck = [ "argcomplete" ]; + # tries to build and install test packages which fails + doCheck = false; + + pythonImportsCheck = [ + "argcomplete" + ]; meta = with lib; { description = "Bash tab completion for argparse"; homepage = "https://kislyuk.github.io/argcomplete/"; - maintainers = [ maintainers.womfoo ]; - license = [ licenses.asl20 ]; + license = licenses.asl20; + maintainers = with maintainers; [ womfoo ]; }; } From c921484a9814523da13327b359fd31ca321d0797 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 08:31:41 +0100 Subject: [PATCH 14/33] python310Packages.argcomplete: add changelog to meta --- pkgs/development/python-modules/argcomplete/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/argcomplete/default.nix b/pkgs/development/python-modules/argcomplete/default.nix index c1ffee25db7..260e26d0f38 100644 --- a/pkgs/development/python-modules/argcomplete/default.nix +++ b/pkgs/development/python-modules/argcomplete/default.nix @@ -33,6 +33,7 @@ buildPythonPackage rec { meta = with lib; { description = "Bash tab completion for argparse"; homepage = "https://kislyuk.github.io/argcomplete/"; + changelog = "https://github.com/kislyuk/argcomplete/blob/v${version}/Changes.rst"; license = licenses.asl20; maintainers = with maintainers; [ womfoo ]; }; From d9925fdefa3ff6324109cc82464c1c0659490ef5 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 08:33:30 +0100 Subject: [PATCH 15/33] python310Packages.argcomplete: disable on unsupported Python releases --- pkgs/development/python-modules/argcomplete/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/python-modules/argcomplete/default.nix b/pkgs/development/python-modules/argcomplete/default.nix index 260e26d0f38..9725d8b92bd 100644 --- a/pkgs/development/python-modules/argcomplete/default.nix +++ b/pkgs/development/python-modules/argcomplete/default.nix @@ -2,11 +2,15 @@ , buildPythonPackage , fetchPypi , pexpect +, pythonOlder }: buildPythonPackage rec { pname = "argcomplete"; version = "2.1.1"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; From 533bd10ef6bf30d2e3296cc667ac7abb50d1895c Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 08:41:41 +0100 Subject: [PATCH 16/33] python310Packages.easyenergy: 0.2.0 -> 0.2.1 Changelog: https://github.com/klaasnicolaas/python-easyenergy/releases/tag/v0.2.1 --- pkgs/development/python-modules/easyenergy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/easyenergy/default.nix b/pkgs/development/python-modules/easyenergy/default.nix index bb2191d706b..99a6a72d499 100644 --- a/pkgs/development/python-modules/easyenergy/default.nix +++ b/pkgs/development/python-modules/easyenergy/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "easyenergy"; - version = "0.2.0"; + version = "0.2.1"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "klaasnicolaas"; repo = "python-easyenergy"; rev = "refs/tags/v${version}"; - hash = "sha256-EhpZKwoayT53lhyuM/DlyLQ/1OSGuiAaiBdjM0UTZ8E="; + hash = "sha256-FjqkePMD55LWLwL6ZWzKwCI0tcYACPdRuci5fy6n02s="; }; postPatch = '' From 234304f50d9f5d65a4d38a0ffea2028c2e2fa7f1 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 08:44:25 +0100 Subject: [PATCH 17/33] python310Packages.ulid-transform: 0.4.0 -> 0.4.2 Changelog: https://github.com/bdraco/ulid-transform/releases/tag/v0.4.2 --- pkgs/development/python-modules/ulid-transform/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/ulid-transform/default.nix b/pkgs/development/python-modules/ulid-transform/default.nix index d53281f5f06..171b1dc499a 100644 --- a/pkgs/development/python-modules/ulid-transform/default.nix +++ b/pkgs/development/python-modules/ulid-transform/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "ulid-transform"; - version = "0.4.0"; + version = "0.4.2"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -19,7 +19,7 @@ buildPythonPackage rec { owner = "bdraco"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-JuTIE8FAVZkfn+byJ1z9/ep9Oih1uXpz/QTB2OfM0WU="; + hash = "sha256-eRLmA/8fKfG0qEl0QbX6FziEviU34uU7SP0iyZmbku8="; }; nativeBuildInputs = [ From 5c50f54db8f94b766d18c2e10c7a19df56d618d1 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 09:13:31 +0100 Subject: [PATCH 18/33] python310Packages.rflink: 0.0.63 -> 0.0.65 Diff: https://github.com/aequitas/python-rflink/compare/0.0.63...0.0.65 Changelog: https://github.com/aequitas/python-rflink/releases/tag/0.0.65 --- .../python-modules/rflink/default.nix | 24 +++++-------------- 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/pkgs/development/python-modules/rflink/default.nix b/pkgs/development/python-modules/rflink/default.nix index 8c02dd5393e..fc829a40e5c 100644 --- a/pkgs/development/python-modules/rflink/default.nix +++ b/pkgs/development/python-modules/rflink/default.nix @@ -1,37 +1,29 @@ { lib , buildPythonPackage , fetchFromGitHub -, fetchpatch , async-timeout , docopt , pyserial , pyserial-asyncio , setuptools , pytestCheckHook -, pythonAtLeast +, pythonOlder }: buildPythonPackage rec { pname = "rflink"; - version = "0.0.63"; + version = "0.0.65"; format = "setuptools"; + disabled = pythonOlder "3.7"; + src = fetchFromGitHub { owner = "aequitas"; repo = "python-rflink"; rev = "refs/tags/${version}"; - sha256 = "sha256-BNKcXtsBB90KQe4HXmfJ7H3yepk1dEkozSEy5v8KSAA="; + hash = "sha256-DUnhuA84nkmYkREa7vUiyLg7JUdEEeLewg3vFFlcar8="; }; - patches = [ - # https://github.com/aequitas/python-rflink/pull/70 - (fetchpatch { - name = "python311-compat.patch"; - url = "https://github.com/aequitas/python-rflink/commit/ba807ddd2fde823b8d50bc50bb500a691d9e331f.patch"; - hash = "sha256-4Wh7b7j8qsvzYKdFwaY+B5Jd8EkyjAe1awlY0BDu2YA="; - }) - ]; - propagatedBuildInputs = [ async-timeout docopt @@ -44,11 +36,6 @@ buildPythonPackage rec { pytestCheckHook ]; - disabledTestPaths = lib.optionals (pythonAtLeast "3.10") [ - # https://github.com/aequitas/python-rflink/issues/65 - "tests/test_proxy.py" - ]; - postPatch = '' substituteInPlace setup.py \ --replace "version=version_from_git()" "version='${version}'" @@ -61,6 +48,7 @@ buildPythonPackage rec { meta = with lib; { description = "Library and CLI tools for interacting with RFlink 433MHz transceiver"; homepage = "https://github.com/aequitas/python-rflink"; + changelog = "https://github.com/aequitas/python-rflink/releases/tag/${version}"; license = licenses.mit; maintainers = with maintainers; [ dotlambda ]; }; From 144e7d8859761538d062aa262941baeefb0c5d63 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 11:49:54 +0100 Subject: [PATCH 19/33] databricks-sql-cli: add changelog to meta --- .../misc/databricks-sql-cli/default.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/misc/databricks-sql-cli/default.nix b/pkgs/applications/misc/databricks-sql-cli/default.nix index be798894ba8..9af9dd873d5 100644 --- a/pkgs/applications/misc/databricks-sql-cli/default.nix +++ b/pkgs/applications/misc/databricks-sql-cli/default.nix @@ -22,8 +22,8 @@ buildPythonApplication rec { src = fetchFromGitHub { owner = "databricks"; repo = "databricks-sql-cli"; - rev = "v${version}"; - sha256 = "sha256-gr7LJfnvIu2Jf1XgILqfZoi8CbXeQyq0g1wLEBa5TPM="; + rev = "refs/tags/v${version}"; + hash = "sha256-gr7LJfnvIu2Jf1XgILqfZoi8CbXeQyq0g1wLEBa5TPM="; }; patches = [ @@ -40,7 +40,9 @@ buildPythonApplication rec { --replace 'pandas = "1.3.4"' 'pandas = "~1.4"' ''; - nativeBuildInputs = [ poetry-core ]; + nativeBuildInputs = [ + poetry-core + ]; propagatedBuildInputs = [ prompt-toolkit @@ -53,11 +55,14 @@ buildPythonApplication rec { click ]; - nativeCheckInputs = [ pytestCheckHook ]; + nativeCheckInputs = [ + pytestCheckHook + ]; meta = with lib; { description = "CLI for querying Databricks SQL"; homepage = "https://github.com/databricks/databricks-sql-cli"; + changelog = "https://github.com/databricks/databricks-sql-cli/releases/tag/v${version}"; license = licenses.databricks; maintainers = with maintainers; [ kfollesdal ]; }; From d51b160067442c8b232366cc0e91e6760104c459 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 11:55:11 +0100 Subject: [PATCH 20/33] databricks-sql-cli: use python3.pkgs --- .../misc/databricks-sql-cli/default.nix | 34 +++++++------------ 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/pkgs/applications/misc/databricks-sql-cli/default.nix b/pkgs/applications/misc/databricks-sql-cli/default.nix index 9af9dd873d5..ae118501f47 100644 --- a/pkgs/applications/misc/databricks-sql-cli/default.nix +++ b/pkgs/applications/misc/databricks-sql-cli/default.nix @@ -1,20 +1,10 @@ { lib -, buildPythonApplication , fetchFromGitHub , fetchpatch -, poetry-core -, pandas -, prompt-toolkit -, databricks-sql-connector -, pygments -, configobj -, sqlparse -, cli-helpers -, click -, pytestCheckHook +, python3 }: -buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "databricks-sql-cli"; version = "0.1.4"; format = "pyproject"; @@ -37,25 +27,25 @@ buildPythonApplication rec { postPatch = '' substituteInPlace pyproject.toml \ --replace 'python = ">=3.7.1,<4.0"' 'python = ">=3.8,<4.0"' \ - --replace 'pandas = "1.3.4"' 'pandas = "~1.4"' + --replace 'pandas = "1.3.4"' 'pandas = "~1.5"' ''; - nativeBuildInputs = [ + nativeBuildInputs = with python3.pkgs; [ poetry-core ]; - propagatedBuildInputs = [ - prompt-toolkit - pandas - databricks-sql-connector - pygments - configobj - sqlparse + propagatedBuildInputs = with python3.pkgs; [ cli-helpers click + configobj + databricks-sql-connector + pandas + prompt-toolkit + pygments + sqlparse ]; - nativeCheckInputs = [ + nativeCheckInputs = with python3.pkgs; [ pytestCheckHook ]; From 1df9510fdba443f7cc24a7f291cf173f49dd9504 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 12:07:48 +0100 Subject: [PATCH 21/33] python310Packages.databricks-sql-connector: 2.3.0 -> 2.4.0 Changelog: https://github.com/databricks/databricks-sql-python/blob/v2.4.0/CHANGELOG.md --- .../databricks-sql-connector/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/databricks-sql-connector/default.nix b/pkgs/development/python-modules/databricks-sql-connector/default.nix index 5c01cb734d7..278d7c15faa 100644 --- a/pkgs/development/python-modules/databricks-sql-connector/default.nix +++ b/pkgs/development/python-modules/databricks-sql-connector/default.nix @@ -1,21 +1,24 @@ { lib , buildPythonPackage , fetchFromGitHub +, alembic , lz4 , numpy , oauthlib +, openpyxl , pandas , poetry-core , pyarrow , pytestCheckHook , pythonOlder , pythonRelaxDepsHook +, sqlalchemy , thrift }: buildPythonPackage rec { pname = "databricks-sql-connector"; - version = "2.3.0"; + version = "2.4.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -24,7 +27,7 @@ buildPythonPackage rec { owner = "databricks"; repo = "databricks-sql-python"; rev = "refs/tags/v${version}"; - hash = "sha256-XyDkL/bGnivx7MRG86vGS69mKdrWw7kKiuvQfBYFKVQ="; + hash = "sha256-V8Nl6xr96Xnd1gkw9R0aqXkitLESsAyW7ufTYn6ttLg="; }; pythonRelaxDeps = [ @@ -38,11 +41,14 @@ buildPythonPackage rec { ]; propagatedBuildInputs = [ + alembic lz4 numpy oauthlib + openpyxl pandas pyarrow + sqlalchemy thrift ]; From 628686ab4539af55de0503405518f3bb2e97a156 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 14 Mar 2023 14:31:16 +0100 Subject: [PATCH 22/33] amass: 3.22.0 -> 3.22.1 Diff: https://github.com/OWASP/Amass/compare/v3.22.0...v3.22.1 Changelog: https://github.com/OWASP/Amass/releases/tag/v3.22.1 --- pkgs/tools/networking/amass/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/amass/default.nix b/pkgs/tools/networking/amass/default.nix index a9da1417c9f..4666cdf97bd 100644 --- a/pkgs/tools/networking/amass/default.nix +++ b/pkgs/tools/networking/amass/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "amass"; - version = "3.22.0"; + version = "3.22.1"; src = fetchFromGitHub { owner = "OWASP"; repo = "Amass"; rev = "v${version}"; - hash = "sha256-ph5SYN91/ibZdAAA/SZt7lecZCC93uotjfzkI4erzgU="; + hash = "sha256-hkYN28M2t8SXmIrSEQEWM5ndCx1xgpHThNg0UFzQqLU="; }; vendorHash = "sha256-fZd++VsLcs3MzcM23zE3AVaDPXf+cuLdJp8hsCeEZ1Y="; From 77e09950a6095ca89aad69778ee65d9d5b4db3f2 Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 14 Mar 2023 20:27:10 +0300 Subject: [PATCH 23/33] plasma: 5.27.2 -> 5.27.3 --- pkgs/desktops/plasma-5/fetch.sh | 2 +- pkgs/desktops/plasma-5/srcs.nix | 480 ++++++++++++++++---------------- 2 files changed, 241 insertions(+), 241 deletions(-) diff --git a/pkgs/desktops/plasma-5/fetch.sh b/pkgs/desktops/plasma-5/fetch.sh index feb1a5d3a80..9040a5d3bf7 100644 --- a/pkgs/desktops/plasma-5/fetch.sh +++ b/pkgs/desktops/plasma-5/fetch.sh @@ -1 +1 @@ -WGET_ARGS=( https://download.kde.org/stable/plasma/5.27.2/ -A '*.tar.xz' ) +WGET_ARGS=( https://download.kde.org/stable/plasma/5.27.3/ -A '*.tar.xz' ) diff --git a/pkgs/desktops/plasma-5/srcs.nix b/pkgs/desktops/plasma-5/srcs.nix index caa9494e7db..b056b176673 100644 --- a/pkgs/desktops/plasma-5/srcs.nix +++ b/pkgs/desktops/plasma-5/srcs.nix @@ -4,483 +4,483 @@ { aura-browser = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/aura-browser-5.27.2.tar.xz"; - sha256 = "0ri1zv3xbd2wivnfi404zv8baf0h2a7wclmnbqjn0z5i898icmsr"; - name = "aura-browser-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/aura-browser-5.27.3.tar.xz"; + sha256 = "00ysfwf4r9x5csyxws7c7fazvcpr6240f8wshrg9dqsp5bwd86bl"; + name = "aura-browser-5.27.3.tar.xz"; }; }; bluedevil = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/bluedevil-5.27.2.tar.xz"; - sha256 = "0v3nq4yiqiyh3crizv3nilriqxvhajm5hghhqdrgabw9a7svp001"; - name = "bluedevil-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/bluedevil-5.27.3.tar.xz"; + sha256 = "1n8v2vdjp3mby2p9dpf53rjzsjwgw5z63s4lhm17090a152jwc1b"; + name = "bluedevil-5.27.3.tar.xz"; }; }; breeze = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/breeze-5.27.2.tar.xz"; - sha256 = "1ajr8ljn5nias0smjr3wlqwisgb59qzmmkmm4yc5il21ib20lp8l"; - name = "breeze-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/breeze-5.27.3.tar.xz"; + sha256 = "12krg073i08dly13zhy8jxpw6asdl7cc1dvafp48gr4irsygar3p"; + name = "breeze-5.27.3.tar.xz"; }; }; breeze-grub = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/breeze-grub-5.27.2.tar.xz"; - sha256 = "1fr84vylyvpba1z81sf6qj46ya7s853l7a2lflzrjrg41k84q7g4"; - name = "breeze-grub-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/breeze-grub-5.27.3.tar.xz"; + sha256 = "0mpjvll5ca0rg4nxsplqynrnc6bmlwg9m2xdvgbljpa7yiwymw06"; + name = "breeze-grub-5.27.3.tar.xz"; }; }; breeze-gtk = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/breeze-gtk-5.27.2.tar.xz"; - sha256 = "00k5b2cmz9b5l0mabj47pjaw5wn13laga2z3m5p2dz4y6m8gm3f1"; - name = "breeze-gtk-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/breeze-gtk-5.27.3.tar.xz"; + sha256 = "0ydz7xrmjfwq4nmdrazhyzm8n0jlqi3p8srydk2ivcjaq24v3f9p"; + name = "breeze-gtk-5.27.3.tar.xz"; }; }; breeze-plymouth = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/breeze-plymouth-5.27.2.tar.xz"; - sha256 = "1zbkj0mjpzkgbkl47zbrg9cxfk68245jm5i5p3194sqbw9l104mx"; - name = "breeze-plymouth-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/breeze-plymouth-5.27.3.tar.xz"; + sha256 = "0kqls4ss7m0dxzhqm747b2wig4nfbwcj1fi7qdwqy4lf1fw3r4sm"; + name = "breeze-plymouth-5.27.3.tar.xz"; }; }; discover = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/discover-5.27.2.tar.xz"; - sha256 = "0bcnm1ccvwhhvcdz8a44canrzfjl03hkrqfjwrr89y0mxiws46rc"; - name = "discover-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/discover-5.27.3.tar.xz"; + sha256 = "1nqav8zh6290c5jxjs1vfgxxbq5szzln7skhqvx0v0mkd1889i48"; + name = "discover-5.27.3.tar.xz"; }; }; drkonqi = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/drkonqi-5.27.2.tar.xz"; - sha256 = "0fwjz7qxal0dixrh1wjb17vpr6jx8fki91xxbbdfnr8ykixfsx56"; - name = "drkonqi-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/drkonqi-5.27.3.tar.xz"; + sha256 = "1p1mv0qbnbpj640sv4w965jry4w9179w0mvq1avv2hkpj6mx7jy3"; + name = "drkonqi-5.27.3.tar.xz"; }; }; flatpak-kcm = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/flatpak-kcm-5.27.2.tar.xz"; - sha256 = "0rrw6v8vwgxj78v16wwa3d4gamymjvgpi27lmcqmf9588chnn8xf"; - name = "flatpak-kcm-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/flatpak-kcm-5.27.3.tar.xz"; + sha256 = "1zjv7p8r3bic9jkla629n9a1g347d7mv22w0znpiah4xcdzci49n"; + name = "flatpak-kcm-5.27.3.tar.xz"; }; }; kactivitymanagerd = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kactivitymanagerd-5.27.2.tar.xz"; - sha256 = "1ni2yqk51qf23ck6j4kbli6pqhbnlix2w51la4af45ma8wr2gvix"; - name = "kactivitymanagerd-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kactivitymanagerd-5.27.3.tar.xz"; + sha256 = "097fx3rqilqihgs4miylgx7vwgmrrwac7c1g9l7ydc20ihx4l434"; + name = "kactivitymanagerd-5.27.3.tar.xz"; }; }; kde-cli-tools = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kde-cli-tools-5.27.2.tar.xz"; - sha256 = "189n92i79yxj6v2rwawg3grav4k5kdazh9fgnhijkwg2s6m7pdfm"; - name = "kde-cli-tools-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kde-cli-tools-5.27.3.tar.xz"; + sha256 = "191sz7v39fzhhpf81hjdxhw08p45fx83s1mfyyd3w39bfmv038m1"; + name = "kde-cli-tools-5.27.3.tar.xz"; }; }; kde-gtk-config = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kde-gtk-config-5.27.2.tar.xz"; - sha256 = "1m4qzv6haa9vq8z0m9v6i2y05syagazpg6inrgf6bvyrwh0zwbfa"; - name = "kde-gtk-config-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kde-gtk-config-5.27.3.tar.xz"; + sha256 = "04bix5d6n480qwfkhihss3nqpra3kcp939ppa4kws5ry1s759b5a"; + name = "kde-gtk-config-5.27.3.tar.xz"; }; }; kdecoration = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kdecoration-5.27.2.tar.xz"; - sha256 = "0xds1xx6jj6qy7jrl9wsnpcm1w4qd4im1bl21b9g1gmz7m53zvdm"; - name = "kdecoration-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kdecoration-5.27.3.tar.xz"; + sha256 = "1nzym6qf7pqsk03qs3583lisf9vzcy13mwwhcjpri0bng57ih3h7"; + name = "kdecoration-5.27.3.tar.xz"; }; }; kdeplasma-addons = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kdeplasma-addons-5.27.2.tar.xz"; - sha256 = "1fr0fnw1k9jm55dhk22wxfxl4asyk7712gmyrmc8w93i1lnnwd19"; - name = "kdeplasma-addons-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kdeplasma-addons-5.27.3.tar.xz"; + sha256 = "17rvsxg1fsbm5vyrm4sq4q0x720wj2y89i9n5w4v41fygarbia8w"; + name = "kdeplasma-addons-5.27.3.tar.xz"; }; }; kgamma5 = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kgamma5-5.27.2.tar.xz"; - sha256 = "03drd26nmy4q1vdw4kyzj6dvyfydzjybbzffyjdnnfc3yflhc32g"; - name = "kgamma5-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kgamma5-5.27.3.tar.xz"; + sha256 = "0z5ngivlg9zz844k55m2sxvzpjdivlggml38l0rzcqpzdqaab2fy"; + name = "kgamma5-5.27.3.tar.xz"; }; }; khotkeys = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/khotkeys-5.27.2.tar.xz"; - sha256 = "02fv67x68dlxk9q80qpfkyjrd4bgwqhzi6c6jari5f24ajl2kfqp"; - name = "khotkeys-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/khotkeys-5.27.3.tar.xz"; + sha256 = "1sq6p22bikjdxbb43l9s8rgzamyl83h00y5ksp281287k3swn6z6"; + name = "khotkeys-5.27.3.tar.xz"; }; }; kinfocenter = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kinfocenter-5.27.2.tar.xz"; - sha256 = "1v10xfqcrj16ljasz8v0f0isjrc2brdmblfq6il4f4nckb23qmmw"; - name = "kinfocenter-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kinfocenter-5.27.3.tar.xz"; + sha256 = "12wqryghhvs1a1l80k7zmwldyclvp3c2cdaaank7xwy3nyrnnzw4"; + name = "kinfocenter-5.27.3.tar.xz"; }; }; kmenuedit = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kmenuedit-5.27.2.tar.xz"; - sha256 = "1v6147x23rbp9nfmznbwf550ycml8zh6xa85vjj8gw7dma0zfx97"; - name = "kmenuedit-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kmenuedit-5.27.3.tar.xz"; + sha256 = "126wcw38abnwpfcapkbhk8xi2m5gp7qshvayzh23xdajg0lkh47p"; + name = "kmenuedit-5.27.3.tar.xz"; }; }; kpipewire = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kpipewire-5.27.2.tar.xz"; - sha256 = "1w15w49ali3v8sf3ahcsbbaynd20an5jy5305diza0g5ivyz0xh9"; - name = "kpipewire-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kpipewire-5.27.3.tar.xz"; + sha256 = "0b95jjkfpkvc2ld3x6p7nw6kn6fkqba9q7x95ywvgag2b00jdb56"; + name = "kpipewire-5.27.3.tar.xz"; }; }; kscreen = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kscreen-5.27.2.tar.xz"; - sha256 = "0xfj57xszxyrfpn2wq9sbmy6psxk81zirwz5x85sdlbzdz9cz28w"; - name = "kscreen-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kscreen-5.27.3.tar.xz"; + sha256 = "0ddxd0rmzq6bp00nw65z854pc8dsgiqdvwhkfrs9cprjdprnf3n1"; + name = "kscreen-5.27.3.tar.xz"; }; }; kscreenlocker = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kscreenlocker-5.27.2.tar.xz"; - sha256 = "0683rr6jg6zf12h00hypwb2hsvbngfq3vpf08qms0lcl78r5c41s"; - name = "kscreenlocker-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kscreenlocker-5.27.3.tar.xz"; + sha256 = "0m48bjrq95psmd11hny15nwqb4ypbfp7sik40hzzx216pqs9ma8s"; + name = "kscreenlocker-5.27.3.tar.xz"; }; }; ksshaskpass = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/ksshaskpass-5.27.2.tar.xz"; - sha256 = "1ianh4zqdym9a8r2rzffryyn1bwv6v8fbcha5ac2qi57mdkhk5fr"; - name = "ksshaskpass-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/ksshaskpass-5.27.3.tar.xz"; + sha256 = "0bgnxx0k62a26pkq2alvb8r9kqyd80wnxci3sxa7rppdx8z3ahd5"; + name = "ksshaskpass-5.27.3.tar.xz"; }; }; ksystemstats = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/ksystemstats-5.27.2.tar.xz"; - sha256 = "1wm3xf4h3y7cz8gpmyz3nm6lrdz31v7hf7cah9hzsk6i8ahc8bpr"; - name = "ksystemstats-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/ksystemstats-5.27.3.tar.xz"; + sha256 = "0rk34pav5zkw01h51m97i7jhq2wslhzap3wdp32v1xgsgmjlhs22"; + name = "ksystemstats-5.27.3.tar.xz"; }; }; kwallet-pam = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kwallet-pam-5.27.2.tar.xz"; - sha256 = "04krmcvkbpm8m0yx7gr1n53w0j9ifi1yl4p3b9z5ammkbrw7xrb8"; - name = "kwallet-pam-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kwallet-pam-5.27.3.tar.xz"; + sha256 = "1nqzx8pxk9yqqxpmra3mi8m61b7vl03vjpmnyrlh7krzynfjj672"; + name = "kwallet-pam-5.27.3.tar.xz"; }; }; kwayland-integration = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kwayland-integration-5.27.2.tar.xz"; - sha256 = "00qwrihgy2xxjpcshkhygvq15wyclsn4s9hl0m29y6d34j1m4awn"; - name = "kwayland-integration-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kwayland-integration-5.27.3.tar.xz"; + sha256 = "0jkgkzh9zp1yb72npzgfbhq79zmgwzf7vzw8xxbz3vsmk3rih0fd"; + name = "kwayland-integration-5.27.3.tar.xz"; }; }; kwin = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kwin-5.27.2.tar.xz"; - sha256 = "1xanx9yx0gzn75mkns5dpp65hlvijr85lxapac0rj8nw1hkfrcnh"; - name = "kwin-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kwin-5.27.3.tar.xz"; + sha256 = "1ry0mwah77ly1b4ywhiprjq5aqrb0njawqik11997q0k720i4b78"; + name = "kwin-5.27.3.tar.xz"; }; }; kwrited = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/kwrited-5.27.2.tar.xz"; - sha256 = "12sb6g4dj5188iq7yv37js65999api8r60vcqcap3gjzsrxn1ilw"; - name = "kwrited-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/kwrited-5.27.3.tar.xz"; + sha256 = "1m2qcqnsq3nbqa00y0fa0bnya8j7741pp3zgn58hjvhfbrh52262"; + name = "kwrited-5.27.3.tar.xz"; }; }; layer-shell-qt = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/layer-shell-qt-5.27.2.tar.xz"; - sha256 = "1zq82q035wf9dfs8imk2dbkxczjihlm23gc6pbnkpn1c3g7q1a1s"; - name = "layer-shell-qt-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/layer-shell-qt-5.27.3.tar.xz"; + sha256 = "1rvjkw11nxcj0fl9b45hfv20xaqq87jvfrxz72xkmixnsv3wv70f"; + name = "layer-shell-qt-5.27.3.tar.xz"; }; }; libkscreen = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/libkscreen-5.27.2.tar.xz"; - sha256 = "1kr9nkxsa3a3d4pdwlv89rw9c8rqhh9wcr3ii4hh791179v82wkb"; - name = "libkscreen-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/libkscreen-5.27.3.tar.xz"; + sha256 = "0py6x6l0bc64wakd3x6j4lmcnqzjxx0a4qr2p3i94rrx68b73mw5"; + name = "libkscreen-5.27.3.tar.xz"; }; }; libksysguard = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/libksysguard-5.27.2.tar.xz"; - sha256 = "01ksfg07a2q6f1jisfrfk3j4zvcvpspc8xakc9a14dpzkib7ifnn"; - name = "libksysguard-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/libksysguard-5.27.3.tar.xz"; + sha256 = "07xvs6pr605p9mjm6s8f5x53lyv2mscxvm4xfa0y056ngipvpwiz"; + name = "libksysguard-5.27.3.tar.xz"; }; }; milou = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/milou-5.27.2.tar.xz"; - sha256 = "1qxsnqdxw3y3jpdnx1wz0q17ll3gwqq4jrx2sddz887yf8kmbhsk"; - name = "milou-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/milou-5.27.3.tar.xz"; + sha256 = "07vf2mi6jnmw28r8bw5qj7f7467ja5mhsdp1k8hb32ivls92sv7b"; + name = "milou-5.27.3.tar.xz"; }; }; oxygen = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/oxygen-5.27.2.tar.xz"; - sha256 = "0gz03yskna0sjf4mpzpgh8s8xy9vxk2rp3w5d2vwvq798yqj4i36"; - name = "oxygen-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/oxygen-5.27.3.tar.xz"; + sha256 = "1drmjf8bgzm9gzpy887wbyi4zd71vlilhx7057qr8df6sbnzh4ch"; + name = "oxygen-5.27.3.tar.xz"; }; }; oxygen-sounds = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/oxygen-sounds-5.27.2.tar.xz"; - sha256 = "0v0rdcd08fhjbh5lhl7n77pady278lxb6sid4486ip050wzgmdhk"; - name = "oxygen-sounds-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/oxygen-sounds-5.27.3.tar.xz"; + sha256 = "1kppckhyll3v973jg2csp5z3ryxbipp9jpg6hfqrw1rqkv83rf8d"; + name = "oxygen-sounds-5.27.3.tar.xz"; }; }; plank-player = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plank-player-5.27.2.tar.xz"; - sha256 = "1zksd833sm4khjm7qaaxf2zlg1lscf2mdcqqcgxa590kb6cdk4g7"; - name = "plank-player-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plank-player-5.27.3.tar.xz"; + sha256 = "0iv26dics4w89j9xfms9bi4fs9b1cq4wnjgz1jv5w6834imvplrw"; + name = "plank-player-5.27.3.tar.xz"; }; }; plasma-bigscreen = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-bigscreen-5.27.2.tar.xz"; - sha256 = "1ap6w8s8lzsk4qlkjbig5vaq2kkghg4jc4rmmrmh55qb5805d29j"; - name = "plasma-bigscreen-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-bigscreen-5.27.3.tar.xz"; + sha256 = "0vp1n2048d9f15hnfiz2jkkk209n6zn6z45s9xa4a622xrqbvr3x"; + name = "plasma-bigscreen-5.27.3.tar.xz"; }; }; plasma-browser-integration = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-browser-integration-5.27.2.tar.xz"; - sha256 = "0cj46jsd8piy773qdamhpihywdl9qk2qpiigyyhbnsbwxcvl4fbw"; - name = "plasma-browser-integration-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-browser-integration-5.27.3.tar.xz"; + sha256 = "10ivly31xb2s1d2cizjppm805qxdh8lij8cry46fbgg51r5w1qnd"; + name = "plasma-browser-integration-5.27.3.tar.xz"; }; }; plasma-desktop = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-desktop-5.27.2.tar.xz"; - sha256 = "0dsic9had0nihw5k8a6vw5svdxsysa2kphk295kirf6k9qm2k2v5"; - name = "plasma-desktop-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-desktop-5.27.3.tar.xz"; + sha256 = "1q9lyc213fyvrjv816mhm0b0dzsjqy2m2hli9a70cy5i36id3pg2"; + name = "plasma-desktop-5.27.3.tar.xz"; }; }; plasma-disks = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-disks-5.27.2.tar.xz"; - sha256 = "0mapi9bclsnn6mv3gl5c87jxygm3pr3cc6ksvkpwqah46c76mmi3"; - name = "plasma-disks-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-disks-5.27.3.tar.xz"; + sha256 = "0m9wdqf1k346kbpc6c2d5z2xiqiyp598k1973g06jr1af0b2pi9f"; + name = "plasma-disks-5.27.3.tar.xz"; }; }; plasma-firewall = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-firewall-5.27.2.tar.xz"; - sha256 = "0vi64wkc9vxrfc2h1m4f8q8sqc2wl6s610ajs12r0sf8c4297fv1"; - name = "plasma-firewall-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-firewall-5.27.3.tar.xz"; + sha256 = "0qd40ihgd60znxmsr6s7vpr9af8r5dbasm4yjld4p7250pjvvn01"; + name = "plasma-firewall-5.27.3.tar.xz"; }; }; plasma-integration = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-integration-5.27.2.tar.xz"; - sha256 = "1220f4f2ykmrrxngmlc8xdjip63fidlhh42vslgy9bll6ag0qkys"; - name = "plasma-integration-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-integration-5.27.3.tar.xz"; + sha256 = "13lrg0r4zq71wvfah8brm53v9cbsn7zpknafi948nq3smbd1h196"; + name = "plasma-integration-5.27.3.tar.xz"; }; }; plasma-mobile = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-mobile-5.27.2.tar.xz"; - sha256 = "0v0cli1fyhzv80vhav4nablss0p9mzflll48f6lvx2sdqpiypcgq"; - name = "plasma-mobile-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-mobile-5.27.3.tar.xz"; + sha256 = "0rf09rqc2avcma61r6ngc6bc1lmrivrvi7rkv73mrw8klnh3vf9f"; + name = "plasma-mobile-5.27.3.tar.xz"; }; }; plasma-nano = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-nano-5.27.2.tar.xz"; - sha256 = "1lk7pg2j6fkvys849qfvd0crxkalrvmvqxl6ifw12d7kvdmz91nx"; - name = "plasma-nano-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-nano-5.27.3.tar.xz"; + sha256 = "11ivbr03dv75ryp0lcmj9iyw7y2x7pplybglpavmfz2ryq2vsy93"; + name = "plasma-nano-5.27.3.tar.xz"; }; }; plasma-nm = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-nm-5.27.2.tar.xz"; - sha256 = "15lh7nxryvv66hbf43bwarfw38jzr6405waf1z8dsvn5wckp093v"; - name = "plasma-nm-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-nm-5.27.3.tar.xz"; + sha256 = "02646jl8qq28b11hgxg73xycb2biy6girxkgpxnpdb1gxmfmfnvn"; + name = "plasma-nm-5.27.3.tar.xz"; }; }; plasma-pa = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-pa-5.27.2.tar.xz"; - sha256 = "0imwyv0w6xkbcyafhqsg4h3w56sclfaxnjfjkjbzn1hgmizx7n7k"; - name = "plasma-pa-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-pa-5.27.3.tar.xz"; + sha256 = "177hwsr75xif0r36hib1gh6bjyljnilb4s9zyzvr5z1lwiz10y91"; + name = "plasma-pa-5.27.3.tar.xz"; }; }; plasma-remotecontrollers = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-remotecontrollers-5.27.2.tar.xz"; - sha256 = "1ash4z6fi0kzdysnnlbh7vxpdwbfi0xyyyg845pmvhwhv6i82c7y"; - name = "plasma-remotecontrollers-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-remotecontrollers-5.27.3.tar.xz"; + sha256 = "04am5shh882k86yic1ca42j60l2rnqn9487i30k0332kzd0wir1w"; + name = "plasma-remotecontrollers-5.27.3.tar.xz"; }; }; plasma-sdk = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-sdk-5.27.2.tar.xz"; - sha256 = "1p68hfa884jym5mb22lrssxg5xwdnwsichdvmmqfy50szsv2n7mf"; - name = "plasma-sdk-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-sdk-5.27.3.tar.xz"; + sha256 = "0rsz846x3rldz950zm31aj8192b0h5d33fvizmgxnxjibxxf2q24"; + name = "plasma-sdk-5.27.3.tar.xz"; }; }; plasma-systemmonitor = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-systemmonitor-5.27.2.tar.xz"; - sha256 = "1kl9xjfkwy36nzva1hkq5pabczl174w29lxkzhim3q8laap6dql6"; - name = "plasma-systemmonitor-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-systemmonitor-5.27.3.tar.xz"; + sha256 = "122rw8nfzhk0808d1bk54ld41b45616fg3hca9jg4ib6k7nka367"; + name = "plasma-systemmonitor-5.27.3.tar.xz"; }; }; plasma-tests = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-tests-5.27.2.tar.xz"; - sha256 = "0q5qb4c1lbd7jpww382h86h74llvpm1zdnjb8a66x1nfnnws7db3"; - name = "plasma-tests-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-tests-5.27.3.tar.xz"; + sha256 = "1ijh1lfr81bwdw8nla55n6snxkmmz95qf3j8wbf61v64r9n3w2zp"; + name = "plasma-tests-5.27.3.tar.xz"; }; }; plasma-thunderbolt = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-thunderbolt-5.27.2.tar.xz"; - sha256 = "0aml4xx3bdnyx367lz3crnd21f08w239ps77wy41a0pdp47i5nfd"; - name = "plasma-thunderbolt-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-thunderbolt-5.27.3.tar.xz"; + sha256 = "17hs1mrr7lkd9nkxs9269bs3hs4c8qxg3ksirksrgnbz4zas1m55"; + name = "plasma-thunderbolt-5.27.3.tar.xz"; }; }; plasma-vault = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-vault-5.27.2.tar.xz"; - sha256 = "0hqxjmm236bivvlhivrzcypsa0kki4pc44l46jzvm5a0dsljv827"; - name = "plasma-vault-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-vault-5.27.3.tar.xz"; + sha256 = "0ilpkdd0nfg9z2klyf5s02npmqr1ypb0wgm584zi27q048hnicls"; + name = "plasma-vault-5.27.3.tar.xz"; }; }; plasma-welcome = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-welcome-5.27.2.tar.xz"; - sha256 = "06g8hnqnja2g17cx3vwx21zlrywmhiqb6zk0d72c02avr67px3gn"; - name = "plasma-welcome-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-welcome-5.27.3.tar.xz"; + sha256 = "1m6mpzbcyy7cimhcsbbmk1v86pibcrp86b22dh7pwgrg309ihsm4"; + name = "plasma-welcome-5.27.3.tar.xz"; }; }; plasma-workspace = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-workspace-5.27.2.tar.xz"; - sha256 = "19hlbp2ihblw5ynk44lasfgr4nk5z2mqm3gza5zvf08zpzwc437i"; - name = "plasma-workspace-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-workspace-5.27.3.tar.xz"; + sha256 = "0g710y1l2hpxnjg6r1k60dkvn6gf98fg5yhx72wa2y1in3nkglzl"; + name = "plasma-workspace-5.27.3.tar.xz"; }; }; plasma-workspace-wallpapers = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plasma-workspace-wallpapers-5.27.2.tar.xz"; - sha256 = "1x4mxs6b90z0rz3lacxr20ii8ihjq3z36vi2y9rllhcdzvpcbzy6"; - name = "plasma-workspace-wallpapers-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plasma-workspace-wallpapers-5.27.3.tar.xz"; + sha256 = "1ppsi5ic6yp9wnqwmz37jsmjs3l5jxafjarxa0xasalg69k10k4c"; + name = "plasma-workspace-wallpapers-5.27.3.tar.xz"; }; }; plymouth-kcm = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/plymouth-kcm-5.27.2.tar.xz"; - sha256 = "1nkxz8jmqwm8js16j9pcbbhjns7vhs98k70lsj0mc7mgh3y5bdf6"; - name = "plymouth-kcm-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/plymouth-kcm-5.27.3.tar.xz"; + sha256 = "09p6ii29lq08h8999zb1ddbaa4l7piykcr5xmhwir75pi7gnnacg"; + name = "plymouth-kcm-5.27.3.tar.xz"; }; }; polkit-kde-agent = { - version = "1-5.27.2"; + version = "1-5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/polkit-kde-agent-1-5.27.2.tar.xz"; - sha256 = "0pz7dnrh10lzxlxnfsg06k012wb3qlqgvn0wwv7xb76yis75jmi4"; - name = "polkit-kde-agent-1-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/polkit-kde-agent-1-5.27.3.tar.xz"; + sha256 = "1axgqg07xm12qrrww8jvbh8yvhi7pf2x4ssq65qja0zz9kxiahcx"; + name = "polkit-kde-agent-1-5.27.3.tar.xz"; }; }; powerdevil = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/powerdevil-5.27.2.tar.xz"; - sha256 = "1awrfwki1ldmvwamdss4vkb5mlclw58zijpg6ip732ripiawhx1x"; - name = "powerdevil-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/powerdevil-5.27.3.tar.xz"; + sha256 = "16bcnm56g5amwygzkdz0sy396dfn47n6wiynnvr7nfhpzbfx81y8"; + name = "powerdevil-5.27.3.tar.xz"; }; }; qqc2-breeze-style = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/qqc2-breeze-style-5.27.2.tar.xz"; - sha256 = "0j2dy64sr0giagyi3yw9c40lnjmn1wsdi5vmj6cakvglhklnwl5w"; - name = "qqc2-breeze-style-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/qqc2-breeze-style-5.27.3.tar.xz"; + sha256 = "13hd2f08cb6gjdyns1qfszq7sn1ckr78l3lhl6g6yiab3jn1v6b4"; + name = "qqc2-breeze-style-5.27.3.tar.xz"; }; }; sddm-kcm = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/sddm-kcm-5.27.2.tar.xz"; - sha256 = "1lnciz566iz7alpz51j27cvdpkxnv88v5nnfjlql80d8a74gq3vs"; - name = "sddm-kcm-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/sddm-kcm-5.27.3.tar.xz"; + sha256 = "0hicpzsyym1r3amd6crz964gk19rhg5z9g87fr6i77r77iavb1ds"; + name = "sddm-kcm-5.27.3.tar.xz"; }; }; systemsettings = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/systemsettings-5.27.2.tar.xz"; - sha256 = "1qdj18plsi4l3z4hlm4c41gz3xmv9rkishs9a45kib2avd0sxvnd"; - name = "systemsettings-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/systemsettings-5.27.3.tar.xz"; + sha256 = "0gjh9hny0h2x5cqqsn5scm1k9hjfl3vgpmsjqqc66hb1ac8a9g04"; + name = "systemsettings-5.27.3.tar.xz"; }; }; xdg-desktop-portal-kde = { - version = "5.27.2"; + version = "5.27.3"; src = fetchurl { - url = "${mirror}/stable/plasma/5.27.2/xdg-desktop-portal-kde-5.27.2.tar.xz"; - sha256 = "05rjm8h375bmmsslpm6nl1m7zsd8f7n3vm15nq4771hnlv8dml4p"; - name = "xdg-desktop-portal-kde-5.27.2.tar.xz"; + url = "${mirror}/stable/plasma/5.27.3/xdg-desktop-portal-kde-5.27.3.tar.xz"; + sha256 = "0d47kx9y4bfylmn3q4s11vg6fzz1yjlcbxmpgpd9al8nils2ifnd"; + name = "xdg-desktop-portal-kde-5.27.3.tar.xz"; }; }; } From b8dc60372462f7bd676c7ffb026b1d523af98278 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Sat, 11 Mar 2023 17:14:57 +0300 Subject: [PATCH 24/33] slsa-verifier: init at 2.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın --- pkgs/tools/security/slsa-verifier/default.nix | 43 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 45 insertions(+) create mode 100644 pkgs/tools/security/slsa-verifier/default.nix diff --git a/pkgs/tools/security/slsa-verifier/default.nix b/pkgs/tools/security/slsa-verifier/default.nix new file mode 100644 index 00000000000..188052452db --- /dev/null +++ b/pkgs/tools/security/slsa-verifier/default.nix @@ -0,0 +1,43 @@ +{ lib +, fetchFromGitHub +, buildGoModule +}: + +buildGoModule rec { + pname = "slsa-verifier"; + version = "2.0.1"; + + src = fetchFromGitHub { + owner = "slsa-framework"; + repo = "slsa-verifier"; + rev = "v${version}"; + hash = "sha256-Gef8TQSd6bTWIzFOQ9xjqB49We7IKBu9p/Lb426nNbc="; + }; + + vendorHash = "sha256-1syIEjvqYHCiOLf8Fc2vghFKfN6ADM05By11jGNZODs="; + + CGO_ENABLED = 0; + GO111MODULE = "on"; + GOFLAGS = "-trimpath"; + + subPackages = [ "cli/slsa-verifier" ]; + + tags = [ "netgo" ]; + + ldflags = [ + "-s" + "-w" + "-buildid=" + "-X sigs.k8s.io/release-utils/version.gitVersion=${version}" + ]; + + doCheck = false; + + meta = { + homepage = "https://github.com/slsa-framework/slsa-verifier"; + changelog = "https://github.com/slsa-framework/slsa-verifier/releases/tag/v${version}"; + description = "Verify provenance from SLSA compliant builders"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ developer-guy mlieberman85 ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 12382fb2162..009d563e36f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12140,6 +12140,8 @@ with pkgs; slowlorust = callPackage ../tools/networking/slowlorust { }; + slsa-verifier = callPackage ../tools/security/slsa-verifier { }; + slsnif = callPackage ../tools/misc/slsnif { }; slstatus = callPackage ../applications/misc/slstatus { From 86dbc928fbc8f5f577b628100e55bf852652549e Mon Sep 17 00:00:00 2001 From: sternenseemann Date: Mon, 13 Mar 2023 10:22:06 +0100 Subject: [PATCH 25/33] writers: make codesign_allocate available in PATH on aarch64-darwin codesign_allocate is assumed to be in PATH: https://github.com/NixOS/nixpkgs/issues/154203 https://github.com/NixOS/nixpkgs/issues/148189 Using an absolute reference in post-link-sign-hook would be another possibility, but hasn't been fruitful so far: https://github.com/NixOS/nixpkgs/pull/148282 https://github.com/NixOS/nixpkgs/pull/208120 --- pkgs/build-support/writers/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/build-support/writers/default.nix b/pkgs/build-support/writers/default.nix index 88da1ca54a9..ca0184beeb0 100644 --- a/pkgs/build-support/writers/default.nix +++ b/pkgs/build-support/writers/default.nix @@ -76,6 +76,11 @@ let passAsFile = [ "content" ]; } else { contentPath = content; + } // lib.optionalAttrs (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) { + # post-link-hook expects codesign_allocate to be in PATH + # https://github.com/NixOS/nixpkgs/issues/154203 + # https://github.com/NixOS/nixpkgs/issues/148189 + nativeBuildInputs = [ stdenv.cc.bintools ]; }) '' ${compileScript} ${lib.optionalString strip From dafedbbba653303852c0f71d059b74491f38f4b5 Mon Sep 17 00:00:00 2001 From: Janik H Date: Tue, 14 Mar 2023 19:33:25 +0100 Subject: [PATCH 26/33] nixos/woodpecker: init --- nixos/modules/module-list.nix | 2 + .../woodpecker/agent.nix | 99 +++++++++++++++++++ .../woodpecker/server.nix | 98 ++++++++++++++++++ 3 files changed, 199 insertions(+) create mode 100644 nixos/modules/services/continuous-integration/woodpecker/agent.nix create mode 100644 nixos/modules/services/continuous-integration/woodpecker/server.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 60f3bbc98c0..314d67419b7 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -377,6 +377,8 @@ ./services/continuous-integration/jenkins/default.nix ./services/continuous-integration/jenkins/job-builder.nix ./services/continuous-integration/jenkins/slave.nix + ./services/continuous-integration/woodpecker/agent.nix + ./services/continuous-integration/woodpecker/server.nix ./services/databases/aerospike.nix ./services/databases/cassandra.nix ./services/databases/clickhouse.nix diff --git a/nixos/modules/services/continuous-integration/woodpecker/agent.nix b/nixos/modules/services/continuous-integration/woodpecker/agent.nix new file mode 100644 index 00000000000..1aedec81c96 --- /dev/null +++ b/nixos/modules/services/continuous-integration/woodpecker/agent.nix @@ -0,0 +1,99 @@ +{ config +, lib +, pkgs +, ... +}: + +let + cfg = config.services.woodpecker-agent; +in +{ + meta.maintainers = [ lib.maintainers.janik ]; + + options = { + services.woodpecker-agent = { + enable = lib.mkEnableOption (lib.mdDoc "the Woodpecker-Agent, Agents execute tasks generated by a Server, every install will need one server and at least one agent"); + package = lib.mkPackageOptionMD pkgs "woodpecker-agent" { }; + + environment = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression '' + { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_BACKEND = "docker"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + } + ''; + description = lib.mdDoc "woodpecker-agent config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; + }; + + extraGroups = lib.mkOption { + default = null; + type = lib.types.nullOr (lib.types.listOf lib.types.str); + example = [ "podman" ]; + description = lib.mdDoc '' + Additional groups for the systemd service. + ''; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + example = "/root/woodpecker-agent.env"; + description = lib.mdDoc '' + File to load environment variables + from. This is helpful for specifying secrets. + Example content of environmentFile: + ``` + WOODPECKER_AGENT_SECRET=your-shared-secret-goes-here + ``` + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services = { + woodpecker-agent = { + description = "Woodpecker-Agent Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + DynamicUser = true; + SupplementaryGroups = lib.optionals (cfg.extraGroups != null) cfg.extraGroups; + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; + ExecStart = "${cfg.package}/bin/woodpecker-agent"; + Restart = "on-failure"; + RestartSec = 15; + CapabilityBoundingSet = ""; + # Security + NoNewPrivileges = true; + # Sandboxing + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + # System Call Filtering + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + }; + inherit (cfg) environment; + }; + }; + }; +} + diff --git a/nixos/modules/services/continuous-integration/woodpecker/server.nix b/nixos/modules/services/continuous-integration/woodpecker/server.nix new file mode 100644 index 00000000000..6b4e4732465 --- /dev/null +++ b/nixos/modules/services/continuous-integration/woodpecker/server.nix @@ -0,0 +1,98 @@ +{ config +, lib +, pkgs +, ... +}: + +let + cfg = config.services.woodpecker-server; +in +{ + meta.maintainers = [ lib.maintainers.janik ]; + + + options = { + services.woodpecker-server = { + enable = lib.mkEnableOption (lib.mdDoc "the Woodpecker-Server, a CI/CD application for automatic builds, deployments and tests"); + package = lib.mkPackageOptionMD pkgs "woodpecker-server" { }; + environment = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression + '' + { + WOODPECKER_HOST = "https://woodpecker.example.com"; + WOODPECKER_OPEN = "true"; + WOODPECKER_GITEA = "true"; + WOODPECKER_GITEA_CLIENT = "ffffffff-ffff-ffff-ffff-ffffffffffff"; + WOODPECKER_GITEA_URL = "https://git.example.com"; + } + ''; + description = lib.mdDoc "woodpecker-server config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; + }; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + example = "/root/woodpecker-server.env"; + description = lib.mdDoc '' + File to load environment variables + from. This is helpful for specifying secrets. + Example content of environmentFile: + ``` + WOODPECKER_AGENT_SECRET=your-shared-secret-goes-here + WOODPECKER_GITEA_SECRET=gto_************************************** + ``` + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services = { + woodpecker-server = { + description = "Woodpecker-Server Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + DynamicUser = true; + WorkingDirectory = "%S/woodpecker-server"; + StateDirectory = "woodpecker-server"; + StateDirectoryMode = "0700"; + UMask = "0007"; + ConfigurationDirectory = "woodpecker-server"; + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; + ExecStart = "${cfg.package}/bin/woodpecker-server"; + Restart = "on-failure"; + RestartSec = 15; + CapabilityBoundingSet = ""; + # Security + NoNewPrivileges = true; + # Sandboxing + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + # System Call Filtering + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + }; + inherit (cfg) environment; + }; + }; + }; +} + From a8e4f58d903295920c5a3cdb3d4882d0675b0480 Mon Sep 17 00:00:00 2001 From: Janik H Date: Tue, 14 Mar 2023 19:33:39 +0100 Subject: [PATCH 27/33] rl-2305: Mention woodpecker addition --- nixos/doc/manual/release-notes/rl-2305.section.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 97ac092c9a0..b5e157cdb76 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -71,6 +71,10 @@ In addition to numerous new and upgraded packages, this release has the followin - [nimdow](https://github.com/avahe-kellenberger/nimdow), a window manager written in Nim, inspired by dwm. +- [woodpecker-agent](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agent](#opt-services.woodpecker-agent.enable). + +- [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable). + ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} From 1e338049757a67c487babb604bc566daa59db52e Mon Sep 17 00:00:00 2001 From: Kiskae Date: Tue, 7 Mar 2023 16:54:12 +0100 Subject: [PATCH 28/33] linuxPackages_6_2.nvidia_x11_legacy470: add patch fixes #219907 --- pkgs/os-specific/linux/nvidia-x11/default.nix | 16 ++++++++++++++++ pkgs/os-specific/linux/nvidia-x11/generic.nix | 3 ++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 40ac5eb65b5..be0978ffe64 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -71,6 +71,22 @@ rec { sha256_64bit = "sha256-Xagqf4x254Hn1/C+e3mNtNNE8mvU+s+avPPHHHH+dkA="; settingsSha256 = "sha256-ryUSiI8PsY3knkJLg0k1EmyYW5OWkhuZma/hmXNuojw="; persistencedSha256 = "sha256-/2h90Gq9NQd9Q+9eLVE6vrxXmINXxlLcSNOHxKToOEE="; + + prePatch = "pushd kernel"; + postPatch = "popd"; + + patches = [ + # source: https://gist.github.com/joanbm/963906fc6772d8955faf1b9cc46c6b04 + (fetchpatch { + url = "https://gist.github.com/joanbm/963906fc6772d8955faf1b9cc46c6b04/raw/0f99aa10d47b524aa0e6e3845664deac3a1ad9d9/nvidia-470xx-fix-linux-6.2.patch"; + hash = "sha256-5n5/4ivK8od8EJNJf0PI9ZZ4U5RjOw+h4HakA+lmW1c="; + }) + # source: https://gist.github.com/joanbm/d10e9cbbbb8e245b6e7e27b2db338faf + (fetchpatch { + url = "https://gist.github.com/joanbm/d10e9cbbbb8e245b6e7e27b2db338faf/raw/f5d5238bdbaa16cd4008658a0f82b9dd84f1b38f/nvidia-470xx-fix-linux-6.3.patch"; + hash = "sha256-mR+vXDHgVhWC0JeLgGlbNVCH8XTs7XnhEJS6BV75tI8="; + }) + ]; }; # Last one supporting x86 diff --git a/pkgs/os-specific/linux/nvidia-x11/generic.nix b/pkgs/os-specific/linux/nvidia-x11/generic.nix index ea9dbcabd0e..e56318deca9 100644 --- a/pkgs/os-specific/linux/nvidia-x11/generic.nix +++ b/pkgs/os-specific/linux/nvidia-x11/generic.nix @@ -13,6 +13,7 @@ , settings32Bit ? false , prePatch ? "" +, postPatch ? null , patches ? [] , broken ? false , brokenOpen ? broken @@ -68,7 +69,7 @@ let else throw "nvidia-x11 does not support platform ${stdenv.hostPlatform.system}"; patches = if libsOnly then null else patches; - inherit prePatch; + inherit prePatch postPatch; inherit version useGLVND useProfiles; inherit (stdenv.hostPlatform) system; inherit i686bundled; From f9758c35680a2b197291f06a321d1d6a0894c947 Mon Sep 17 00:00:00 2001 From: Kirill Radzikhovskyy Date: Wed, 15 Mar 2023 07:12:19 +1100 Subject: [PATCH 29/33] awscli2: fixup, downgrade ipython --- pkgs/tools/admin/awscli2/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/tools/admin/awscli2/default.nix b/pkgs/tools/admin/awscli2/default.nix index 1185bd4d13b..9068b916017 100644 --- a/pkgs/tools/admin/awscli2/default.nix +++ b/pkgs/tools/admin/awscli2/default.nix @@ -11,6 +11,18 @@ let py = python3.override { packageOverrides = self: super: { + ipython = super.ipython.overridePythonAttrs (oldAttrs: rec { + pname = "ipython"; + version = "8.5.0"; + + src = self.fetchPypi { + inherit pname version; + sha256 = "sha256-CXvfXNh1dv0GYXnJ9/IIAE96aGTuGyDzfTRsC8sJn4Q="; + }; + + disabledTests = [ "testIPythonLexer" ] ++ oldAttrs.disabledTests; + }); + prompt-toolkit = super.prompt-toolkit.overridePythonAttrs (oldAttrs: rec { version = "3.0.28"; src = self.fetchPypi { @@ -36,6 +48,8 @@ with py.pkgs; buildPythonApplication rec { }; postPatch = '' + substituteInPlace requirements/bootstrap.txt \ + --replace "pip>=22.0.0,<23.0.0" "pip>=22.0.0,<24.0.0" substituteInPlace pyproject.toml \ --replace "distro>=1.5.0,<1.6.0" "distro>=1.5.0" \ --replace "cryptography>=3.3.2,<38.0.5" "cryptography>=3.3.2" From c9401ebf15e7f204b0f35984388fa357b3b47be2 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 14 Mar 2023 20:46:59 +0100 Subject: [PATCH 30/33] python310Packages.ntlm-auth: drop The package relies on python providing support for md4 implementation. But that support requires building python with a non-default openssl package, which reenables these legacy ciphers. The package is also unmaintained, and the upstream recommends using pyspnego instead, which provides their own md4 implementation. --- .../python-modules/ntlm-auth/default.nix | 58 ------------------- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 - 3 files changed, 1 insertion(+), 60 deletions(-) delete mode 100644 pkgs/development/python-modules/ntlm-auth/default.nix diff --git a/pkgs/development/python-modules/ntlm-auth/default.nix b/pkgs/development/python-modules/ntlm-auth/default.nix deleted file mode 100644 index d3d64bcbe23..00000000000 --- a/pkgs/development/python-modules/ntlm-auth/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib -, buildPythonPackage -, cryptography -, fetchFromGitHub -, mock -, pytestCheckHook -, pythonOlder -, requests -}: - -buildPythonPackage rec { - pname = "ntlm-auth"; - version = "1.5.0"; - format = "setuptools"; - - disabled = pythonOlder "3.7"; - - src = fetchFromGitHub { - owner = "jborean93"; - repo = "ntlm-auth"; - rev = "v${version}"; - hash = "sha256-CRBR2eXUGngU7IvGuRfBnvH6QZhhwyh1dgd47VZxtwE="; - }; - - propagatedBuildInputs = [ - cryptography - ]; - - nativeCheckInputs = [ - mock - pytestCheckHook - requests - ]; - - pythonImportsCheck = [ - "ntlm_auth" - ]; - - disabledTests = [ - # Tests are outdated as module will be replaced by pyspnego - "test_authenticate_message" - "test_authenticate_without_domain_workstation" - "test_create_authenticate_message" - "test_get_" - "test_lm_v" - "test_nt_" - "test_ntlm_context" - "test_ntowfv" - ]; - - meta = with lib; { - description = "Calculates NTLM Authentication codes"; - homepage = "https://github.com/jborean93/ntlm-auth"; - changelog = "https://github.com/jborean93/ntlm-auth/releases/tag/v${version}"; - license = licenses.mit; - maintainers = with maintainers; [ elasticdog ]; - }; -} diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 6934fa77290..b251be559dd 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -157,6 +157,7 @@ mapAliases ({ nose_progressive = throw "nose_progressive has been removed, it was using setuptools 2to3 translation feature, which has been removed in setuptools 58"; #added 2023-02-21 notifymuch = throw "notifymuch has been promoted to a top-level attribute"; # added 2022-10-02 Nuitka = nuitka; # added 2023-02-19 + ntlm-auth = throw "ntlm-auth has been removed, because it relies on the md4 implementation provided by openssl. Use pyspnego instead."; ordereddict = throw "ordereddict has been removed because it is only useful on unsupported python versions."; # added 2022-05-28 pafy = throw "pafy has been removed because it is unmaintained and only a dependency of mps-youtube, itself superseded by yewtube"; # Added 2023-01-19 pam = python-pam; # added 2020-09-07. diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 43c0ce04e03..b3f6c560d65 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -6590,8 +6590,6 @@ self: super: with self; { ntc-templates = callPackage ../development/python-modules/ntc-templates { }; - ntlm-auth = callPackage ../development/python-modules/ntlm-auth { }; - ntplib = callPackage ../development/python-modules/ntplib { }; nuitka = callPackage ../development/python-modules/nuitka { }; From 63c033e2a0dca7caa6a24a77fe56f8c6b1e63fc3 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Tue, 14 Mar 2023 22:57:08 +0200 Subject: [PATCH 31/33] xen_4_15: fix build --- pkgs/applications/virtualization/xen/4.15.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/applications/virtualization/xen/4.15.nix b/pkgs/applications/virtualization/xen/4.15.nix index 505bc313c43..c5c02f7e918 100644 --- a/pkgs/applications/virtualization/xen/4.15.nix +++ b/pkgs/applications/virtualization/xen/4.15.nix @@ -144,6 +144,9 @@ callPackage (import ./generic.nix (rec { # Fix build with GCC 10 "-Wno-error=enum-conversion" "-Wno-error=zero-length-bounds" + # Fix build with GCC 12 + # xentoollog_stubs.c:57: error: "Some_val" redefined [-Werror] + "-Wno-error" ]; patches = with xsa; flatten [ From a9dfc77ae35c47ccceecda211d72d0c5055dde9c Mon Sep 17 00:00:00 2001 From: Ivan Kovnatsky <75213+ivankovnatsky@users.noreply.github.com> Date: Tue, 14 Mar 2023 23:05:43 +0200 Subject: [PATCH 32/33] eks-node-viewer: init at 0.2.0 (#210510) Co-authored-by: Sandro --- .../cluster/eks-node-viewer/default.nix | 23 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 pkgs/applications/networking/cluster/eks-node-viewer/default.nix diff --git a/pkgs/applications/networking/cluster/eks-node-viewer/default.nix b/pkgs/applications/networking/cluster/eks-node-viewer/default.nix new file mode 100644 index 00000000000..b75f850f737 --- /dev/null +++ b/pkgs/applications/networking/cluster/eks-node-viewer/default.nix @@ -0,0 +1,23 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "eks-node-viewer"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "awslabs"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-utn0OJX3NLCyAV4F01GIkvh/KFPv7vfLQMwso7x7yCw"; + }; + + vendorSha256 = "sha256-28TKZYZM2kddXAusxmjhrKFy+ATU7kZM4Ad7zvP/F3A"; + + meta = with lib; { + description = "Tool to visualize dynamic node usage within a cluster"; + homepage = "https://github.com/awslabs/eks-node-viewer"; + changelog = "https://github.com/awslabs/eks-node-viewer/releases/tag/${version}"; + license = licenses.afl20; + maintainers = [ maintainers.ivankovnatsky ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ace80b96519..a4ad447c5e2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6768,6 +6768,8 @@ with pkgs; driftctl = callPackage ../applications/networking/cluster/driftctl { }; + eks-node-viewer = callPackage ../applications/networking/cluster/eks-node-viewer { }; + drill = callPackage ../tools/networking/drill { inherit (darwin.apple_sdk.frameworks) Security; }; From ba9292408a18e8361930597c89aef7ad83aeb508 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Tue, 14 Mar 2023 23:12:09 +0200 Subject: [PATCH 33/33] qubes-core-vchan-xen: xen_4_10 -> xen --- pkgs/applications/qubes/qubes-core-vchan-xen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/qubes/qubes-core-vchan-xen/default.nix b/pkgs/applications/qubes/qubes-core-vchan-xen/default.nix index 3a1359ca573..6ce255675b1 100644 --- a/pkgs/applications/qubes/qubes-core-vchan-xen/default.nix +++ b/pkgs/applications/qubes/qubes-core-vchan-xen/default.nix @@ -1,6 +1,6 @@ { lib, stdenv , fetchFromGitHub -, xen_4_10 +, xen }: stdenv.mkDerivation rec { @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { sha256 = "sha256:02l1vs5c2jfw22gxvl2fb66m0d99n8ya1i7rphsb5cxsljvxary0"; }; - buildInputs = [ xen_4_10 ]; + buildInputs = [ xen ]; buildPhase = '' make all PREFIX=/ LIBDIR="$out/lib" INCLUDEDIR="$out/include"