b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2023-04-21 12:01:11 +00:00 committed by GitHub
parent 2994ad0fdd 789bb04f46
commit aac843d611
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
66 changed files with 810 additions and 617 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/CODEOWNERS vendored
View file

@ -90,6 +90,9 @@
# NixOS integration test driver
/nixos/lib/test-driver @tfc
# NixOS QEMU virtualisation
/nixos/virtualisation/qemu-vm.nix @raitobezarius
# Systemd
/nixos/modules/system/boot/systemd.nix @NixOS/systemd
/nixos/modules/system/boot/systemd @NixOS/systemd
@ -139,7 +142,7 @@
# C compilers
/pkgs/development/compilers/gcc @matthewbauer
/pkgs/development/compilers/llvm @matthewbauer
/pkgs/development/compilers/llvm @matthewbauer @RaitoBezarius
# Compatibility stuff
/pkgs/top-level/unix-tools.nix @matthewbauer

10
maintainers/maintainer-list.nix
View file

@ -3518,7 +3518,7 @@
};
davidcromp = {
email = "davidcrompton1192@gmail.com";
github = "DavidCromp";
github = "CyborgPotato";
githubId = 10701143;
name = "David Crompton";
};
@ -8417,7 +8417,7 @@
};
kristian-brucaj = {
email = "kbrucaj@gmail.com";
github = "Kristian-Brucaj";
github = "Flameslice";
githubId = 8893110;
name = "Kristian Brucaj";
};
@ -9590,7 +9590,7 @@
mateodd25 = {
email = "mateodd@icloud.com";
github = "mateodd25";
githubId = 854770;
githubId = 7878181;
name = "Mateo Diaz";
};
math-42 = {
@ -14367,7 +14367,7 @@
name = "Smitty van Bodegom";
email = "me@smitop.com";
matrix = "@smitop:kde.org";
github = "Smittyvb";
github = "syvb";
githubId = 10530973;
};
sna = {
@ -17333,7 +17333,7 @@
zseri = {
name = "zseri";
email = "zseri.devel@ytrizja.de";
github = "zseri";
github = "fogti";
githubId = 1618343;
keys = [{
fingerprint = "7AFB C595 0D3A 77BD B00F 947B 229E 63AE 5644 A96D";

4
nixos/modules/services/web-apps/nextcloud.md
View file

@ -132,7 +132,9 @@ Auto updates for Nextcloud apps can be enabled using
Nextcloud supports [server-side encryption (SSE)](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html).
This is not an end-to-end encryption, but can be used to encrypt files that will be persisted
to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3
for PHP's openssl extension because this is implemented using the legacy cipher RC4.
for PHP's openssl extension and **Nextcloud 25 or older** because this is implemented using the
legacy cipher RC4. For Nextcloud26 this isn't relevant anymore, because Nextcloud has an RC4 implementation
written in native PHP and thus doesn't need `ext-openssl` for that anymore.
If [](#opt-system.stateVersion) is *above* `22.05`,
this is disabled by default. To turn it on again and for further information please refer to
[](#opt-services.nextcloud.enableBrokenCiphersForSSE).

6
nixos/modules/services/web-apps/nextcloud.nix
View file

@ -204,7 +204,7 @@ in {
package = mkOption {
type = types.package;
description = lib.mdDoc "Which package to use for the Nextcloud instance.";
relatedPackages = [ "nextcloud24" "nextcloud25" "nextcloud26" ];
relatedPackages = [ "nextcloud25" "nextcloud26" ];
};
phpPackage = mkOption {
type = types.package;
@ -712,6 +712,10 @@ in {
See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470
'')
++ (optional (cfg.enableBrokenCiphersForSSE && versionAtLeast cfg.package.version "26") ''
Nextcloud26 supports RC4 without requiring legacy OpenSSL, so
`services.nextcloud.enableBrokenCiphersForSSE` can be set to `false`.
'');
services.nextcloud.package = with pkgs;

1
nixos/modules/virtualisation/parallels-guest.nix
View file

@ -87,7 +87,6 @@ in
bindsTo = [ "cups.service" ];
path = [ prl-tools ];
serviceConfig = {
Type = "forking";
ExecStart = "${prl-tools}/bin/prlshprint";
WorkingDirectory = "${prl-tools}/bin";
};

301
nixos/modules/virtualisation/qemu-vm.nix
View file

@ -55,6 +55,11 @@ let
};
selectPartitionTableLayout = { useEFIBoot, useDefaultFilesystems }:
if useDefaultFilesystems then
if useEFIBoot then "efi" else "legacy"
else "none";
driveCmdline = idx: { file, driveExtraOpts, deviceExtraOpts, ... }:
let
drvId = "drive${toString idx}";
@ -98,7 +103,6 @@ let
addDeviceNames =
imap1 (idx: drive: drive // { device = driveDeviceName idx; });
# Shell script to start the VM.
startVM =
''
@ -111,8 +115,23 @@ let
NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${toString config.virtualisation.diskImage}}") || test -z "$NIX_DISK_IMAGE"
if test -n "$NIX_DISK_IMAGE" && ! test -e "$NIX_DISK_IMAGE"; then
${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
${toString config.virtualisation.diskSize}M
echo "Disk image do not exist, creating the virtualisation disk image..."
# If we are using a bootloader and default filesystems layout.
# We have to reuse the system image layout as a backing image format (CoW)
# So we can write on the top of it.
# If we are not using the default FS layout, potentially, we are interested into
# performing operations in postDeviceCommands or at early boot on the raw device.
# We can still boot through QEMU direct kernel boot feature.
# CoW prevent size to be attributed to an image.
# FIXME: raise this issue to upstream.
${qemu}/bin/qemu-img create \
${concatStringsSep " \\\n" ([ "-f qcow2" ]
++ optional (cfg.useBootLoader && cfg.useDefaultFilesystems) "-F qcow2 -b ${systemImage}/nixos.qcow2"
++ optional (!(cfg.useBootLoader && cfg.useDefaultFilesystems)) "-o size=${toString config.virtualisation.diskSize}M"
++ [ "$NIX_DISK_IMAGE" ])}
echo "Virtualisation disk image created."
fi
# Create a directory for storing temporary data of the running VM.
@ -152,19 +171,13 @@ let
${lib.optionalString cfg.useBootLoader
''
if ${if !cfg.persistBootDevice then "true" else "! test -e $TMPDIR/disk.img"}; then
# Create a writable copy/snapshot of the boot disk.
# A writable boot disk can be booted from automatically.
${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img"
fi
NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}")
NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${config.system.name}-efi-vars.fd}")
${lib.optionalString cfg.useEFIBoot
''
# VM needs writable EFI vars
if ! test -e "$NIX_EFI_VARS"; then
cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS"
cp ${systemImage}/efi-vars.fd "$NIX_EFI_VARS"
chmod 0644 "$NIX_EFI_VARS"
fi
''}
@ -200,95 +213,29 @@ let
regInfo = pkgs.closureInfo { rootPaths = config.virtualisation.additionalPaths; };
# Generate a hard disk image containing a /boot partition and GRUB
# in the MBR. Used when the `useBootLoader' option is set.
# Uses `runInLinuxVM` to create the image in a throwaway VM.
# See note [Disk layout with `useBootLoader`].
# FIXME: use nixos/lib/make-disk-image.nix.
bootDisk =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "nixos-boot-disk"
{ preVM =
''
mkdir $out
diskImage=$out/disk.img
${qemu}/bin/qemu-img create -f qcow2 $diskImage "120M"
${lib.optionalString cfg.useEFIBoot ''
efiVars=$out/efi-vars.fd
cp ${cfg.efi.variables} $efiVars
chmod 0644 $efiVars
''}
'';
buildInputs = [ pkgs.util-linux ];
QEMU_OPTS = "-nographic -serial stdio -monitor none"
+ lib.optionalString cfg.useEFIBoot (
" -drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}"
+ " -drive if=pflash,format=raw,unit=1,file=$efiVars");
}
''
# Create a /boot EFI partition with 120M and arbitrary but fixed GUIDs for reproducibility
${pkgs.gptfdisk}/bin/sgdisk \
--set-alignment=1 --new=1:34:2047 --change-name=1:BIOSBootPartition --typecode=1:ef02 \
--set-alignment=512 --largest-new=2 --change-name=2:EFISystem --typecode=2:ef00 \
--attributes=1:set:1 \
--attributes=2:set:2 \
--disk-guid=97FD5997-D90B-4AA3-8D16-C1723AEA73C1 \
--partition-guid=1:1C06F03B-704E-4657-B9CD-681A087A2FDC \
--partition-guid=2:970C694F-AFD0-4B99-B750-CDB7A329AB6F \
--hybrid 2 \
--recompute-chs /dev/vda
${optionalString (config.boot.loader.grub.device != "/dev/vda")
# In this throwaway VM, we only have the /dev/vda disk, but the
# actual VM described by `config` (used by `switch-to-configuration`
# below) may set `boot.loader.grub.device` to a different device
# that's nonexistent in the throwaway VM.
# Create a symlink for that device, so that the `grub-install`
# by `switch-to-configuration` will hit /dev/vda anyway.
''
ln -s /dev/vda ${config.boot.loader.grub.device}
''
}
${pkgs.dosfstools}/bin/mkfs.fat -F16 /dev/vda2
export MTOOLS_SKIP_CHECK=1
${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot
# Mount /boot; load necessary modules first.
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true
mkdir /boot
mount /dev/vda2 /boot
${optionalString config.boot.loader.efi.canTouchEfiVariables ''
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
''}
# This is needed for GRUB 0.97, which doesn't know about virtio devices.
mkdir /boot/grub
echo '(hd0) /dev/vda' > /boot/grub/device.map
# This is needed for systemd-boot to find ESP, and udev is not available here to create this
mkdir -p /dev/block
ln -s /dev/vda2 /dev/block/254:2
# Set up system profile (normally done by nixos-rebuild / nix-env --set)
mkdir -p /nix/var/nix/profiles
ln -s ${config.system.build.toplevel} /nix/var/nix/profiles/system-1-link
ln -s /nix/var/nix/profiles/system-1-link /nix/var/nix/profiles/system
# Install bootloader
touch /etc/NIXOS
export NIXOS_INSTALL_BOOTLOADER=1
${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /boot
'' # */
);
# System image is akin to a complete NixOS install with
# a boot partition and root partition.
systemImage = import ../../lib/make-disk-image.nix {
inherit pkgs config lib;
additionalPaths = [ regInfo ];
format = "qcow2";
onlyNixStore = false;
partitionTableType = selectPartitionTableLayout { inherit (cfg) useDefaultFilesystems useEFIBoot; };
# Bootloader should be installed on the system image only if we are booting through bootloaders.
# Though, if a user is not using our default filesystems, it is possible to not have any ESP
# or a strange partition table that's incompatible with GRUB configuration.
# As a consequence, this may lead to disk image creation failures.
# To avoid this, we prefer to let the user find out about how to install the bootloader on its ESP/disk.
# Usually, this can be through building your own disk image.
# TODO: If a user is interested into a more fine grained heuristic for `installBootLoader`
# by examining the actual contents of `cfg.fileSystems`, please send a PR.
installBootLoader = cfg.useBootLoader && cfg.useDefaultFilesystems;
touchEFIVars = cfg.useEFIBoot;
diskSize = "auto";
additionalSpace = "0M";
copyChannel = false;
OVMF = cfg.efi.OVMF;
};
storeImage = import ../../lib/make-disk-image.nix {
inherit pkgs config lib;
@ -297,17 +244,42 @@ let
onlyNixStore = true;
partitionTableType = "none";
installBootLoader = false;
touchEFIVars = false;
diskSize = "auto";
additionalSpace = "0M";
copyChannel = false;
};
bootConfiguration =
if cfg.useDefaultFilesystems
then
if cfg.useBootLoader
then
if cfg.useEFIBoot then "efi_bootloading_with_default_fs"
else "legacy_bootloading_with_default_fs"
else
"direct_boot_with_default_fs"
else
"custom";
suggestedRootDevice = {
"efi_bootloading_with_default_fs" = "${cfg.bootLoaderDevice}2";
"legacy_bootloading_with_default_fs" = "${cfg.bootLoaderDevice}1";
"direct_boot_with_default_fs" = cfg.bootLoaderDevice;
# This will enforce a NixOS module type checking error
# to ask explicitly the user to set a rootDevice.
# As it will look like `rootDevice = lib.mkDefault null;` after
# all "computations".
"custom" = null;
}.${bootConfiguration};
in
{
imports = [
../profiles/qemu-guest.nix
(mkRenamedOptionModule [ "virtualisation" "pathsInNixDB" ] [ "virtualisation" "additionalPaths" ])
(mkRemovedOptionModule [ "virtualisation" "bootDevice" ] "This option was renamed to `virtualisation.rootDevice`, as it was incorrectly named and misleading. Take the time to review what you want to do and look at the new options like `virtualisation.{bootLoaderDevice, bootPartition}`, open an issue in case of issues.")
(mkRemovedOptionModule [ "virtualisation" "efiVars" ] "This option was removed, it is possible to provide a template UEFI variable with `virtualisation.efi.variables` ; if this option is important to you, open an issue")
(mkRemovedOptionModule [ "virtualisation" "persistBootDevice" ] "Boot device is always persisted if you use a bootloader through the root disk image ; if this does not work for your usecase, please examine carefully what `virtualisation.{bootDevice, rootDevice, bootPartition}` options offer you and open an issue explaining your need.`")
];
options = {
@ -362,25 +334,48 @@ in
'';
};
virtualisation.bootDevice =
virtualisation.bootLoaderDevice =
mkOption {
type = types.path;
default = lookupDriveDeviceName "root" cfg.qemu.drives;
defaultText = literalExpression ''lookupDriveDeviceName "root" cfg.qemu.drives'';
example = "/dev/vda";
description =
lib.mdDoc ''
The disk to be used for the root filesystem.
The disk to be used for the boot filesystem.
By default, it is the same disk as the root filesystem.
'';
};
virtualisation.bootPartition =
mkOption {
type = types.nullOr types.path;
default = if cfg.useEFIBoot then "${cfg.bootLoaderDevice}1" else null;
defaultText = literalExpression ''if cfg.useEFIBoot then "''${cfg.bootLoaderDevice}1" else null'';
example = "/dev/vda1";
description =
lib.mdDoc ''
The boot partition to be used to mount /boot filesystem.
In legacy boots, this should be null.
By default, in EFI boot, it is the first partition of the boot device.
'';
};
virtualisation.persistBootDevice =
virtualisation.rootDevice =
mkOption {
type = types.bool;
default = false;
type = types.nullOr types.path;
example = "/dev/vda2";
description =
lib.mdDoc ''
If useBootLoader is specified, whether to recreate the boot device
on each instantiaton or allow it to persist.
'';
The disk or partition to be used for the root filesystem.
By default (read the source code for more details):
- under EFI with a bootloader: 2nd partition of the boot disk
- in legacy boot with a bootloader: 1st partition of the boot disk
- in direct boot (i.e. without a bootloader): whole disk
In case you are not using a default boot device or a default filesystem, you have to set explicitly your root device.
'';
};
virtualisation.emptyDiskImages =
@ -749,10 +744,22 @@ in
};
virtualisation.efi = {
OVMF = mkOption {
type = types.package;
default = (pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
}).fd;
defaultText = ''(pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
}).fd'';
description =
lib.mdDoc "OVMF firmware package, defaults to OVMF configured with secure boot if needed.";
};
firmware = mkOption {
type = types.path;
default = pkgs.OVMF.firmware;
defaultText = literalExpression "pkgs.OVMF.firmware";
default = cfg.efi.OVMF.firmware;
defaultText = literalExpression "cfg.efi.OVMF.firmware";
description =
lib.mdDoc ''
Firmware binary for EFI implementation, defaults to OVMF.
@ -761,8 +768,8 @@ in
variables = mkOption {
type = types.path;
default = pkgs.OVMF.variables;
defaultText = literalExpression "pkgs.OVMF.variables";
default = cfg.efi.OVMF.variables;
defaultText = literalExpression "cfg.efi.OVMF.variables";
description =
lib.mdDoc ''
Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware.
@ -786,18 +793,17 @@ in
'';
};
virtualisation.efiVars =
virtualisation.useSecureBoot =
mkOption {
type = types.str;
default = "./${config.system.name}-efi-vars.fd";
defaultText = literalExpression ''"./''${config.system.name}-efi-vars.fd"'';
type = types.bool;
default = false;
description =
lib.mdDoc ''
Path to nvram image containing UEFI variables. The will be created
on startup if it does not exist.
Enable Secure Boot support in the EFI firmware.
'';
};
virtualisation.bios =
mkOption {
type = types.nullOr types.package;
@ -853,30 +859,13 @@ in
${opt.writableStore} = false;
'';
# Note [Disk layout with `useBootLoader`]
#
# If `useBootLoader = true`, we configure 2 drives:
# `/dev/?da` for the root disk, and `/dev/?db` for the boot disk
# which has the `/boot` partition and the boot loader.
# Concretely:
#
# * The second drive's image `disk.img` is created in `bootDisk = ...`
# using a throwaway VM. Note that there the disk is always `/dev/vda`,
# even though in the final VM it will be at `/dev/*b`.
# * The disks are attached in `virtualisation.qemu.drives`.
# Their order makes them appear as devices `a`, `b`, etc.
# * `fileSystems."/boot"` is adjusted to be on device `b`.
# * The disk.img is recreated each time the VM is booted unless
# virtualisation.persistBootDevice is set.
# If `useBootLoader`, GRUB goes to the second disk, see
# note [Disk layout with `useBootLoader`].
boot.loader.grub.device = mkVMOverride (
if cfg.useBootLoader
then driveDeviceName 2 # second disk
else cfg.bootDevice
);
# In UEFI boot, we use a EFI-only partition table layout, thus GRUB will fail when trying to install
# legacy and UEFI. In order to avoid this, we have to put "nodev" to force UEFI-only installs.
# Otherwise, we set the proper bootloader device for this.
# FIXME: make a sense of this mess wrt to multiple ESP present in the system, probably use boot.efiSysMountpoint?
boot.loader.grub.device = mkVMOverride (if cfg.useEFIBoot then "nodev" else cfg.bootLoaderDevice);
boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}";
virtualisation.rootDevice = mkDefault suggestedRootDevice;
boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
@ -890,10 +879,10 @@ in
''
# If the disk image appears to be empty, run mke2fs to
# initialise.
FSTYPE=$(blkid -o value -s TYPE ${cfg.bootDevice} || true)
PARTTYPE=$(blkid -o value -s PTTYPE ${cfg.bootDevice} || true)
FSTYPE=$(blkid -o value -s TYPE ${cfg.rootDevice} || true)
PARTTYPE=$(blkid -o value -s PTTYPE ${cfg.rootDevice} || true)
if test -z "$FSTYPE" -a -z "$PARTTYPE"; then
mke2fs -t ext4 ${cfg.bootDevice}
mke2fs -t ext4 ${cfg.rootDevice}
fi
'';
@ -939,8 +928,6 @@ in
optional cfg.writableStore "overlay"
++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx";
virtualisation.bootDevice = mkDefault (driveDeviceName 1);
virtualisation.additionalPaths = [ config.system.build.toplevel ];
virtualisation.sharedDirectories = {
@ -997,7 +984,7 @@ in
])
(mkIf cfg.useEFIBoot [
"-drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}"
"-drive if=pflash,format=raw,unit=1,file=$NIX_EFI_VARS"
"-drive if=pflash,format=raw,unit=1,readonly=off,file=$NIX_EFI_VARS"
])
(mkIf (cfg.bios != null) [
"-bios ${cfg.bios}/bios.bin"
@ -1013,23 +1000,14 @@ in
file = ''"$NIX_DISK_IMAGE"'';
driveExtraOpts.cache = "writeback";
driveExtraOpts.werror = "report";
deviceExtraOpts.bootindex = "1";
}])
(mkIf cfg.useNixStoreImage [{
name = "nix-store";
file = ''"$TMPDIR"/store.img'';
deviceExtraOpts.bootindex = if cfg.useBootLoader then "3" else "2";
deviceExtraOpts.bootindex = "2";
driveExtraOpts.format = if cfg.writableStore then "qcow2" else "raw";
}])
(mkIf cfg.useBootLoader [
# The order of this list determines the device names, see
# note [Disk layout with `useBootLoader`].
{
name = "boot";
file = ''"$TMPDIR"/disk.img'';
driveExtraOpts.media = "disk";
deviceExtraOpts.bootindex = "1";
}
])
(imap0 (idx: _: {
file = "$(pwd)/empty${toString idx}.qcow2";
driveExtraOpts.werror = "report";
@ -1065,7 +1043,7 @@ in
device = "tmpfs";
fsType = "tmpfs";
} else {
device = cfg.bootDevice;
device = cfg.rootDevice;
fsType = "ext4";
autoFormat = true;
});
@ -1086,9 +1064,8 @@ in
options = [ "mode=0755" ];
neededForBoot = true;
};
# see note [Disk layout with `useBootLoader`]
"/boot" = lib.mkIf cfg.useBootLoader {
device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk`
"/boot" = lib.mkIf (cfg.useBootLoader && cfg.bootPartition != null) {
device = cfg.bootPartition; # 1 for e.g. `vda1`, as created in `systemImage`
fsType = "vfat";
noCheck = true; # fsck fails on a r/o filesystem
};

4
nixos/tests/bootspec.nix
View file

@ -108,9 +108,9 @@ in
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /run/current-system/bootspec/boot.json")
machine.succeed("test -e /run/current-system/boot.json")
bootspec = json.loads(machine.succeed("jq -r '.v1' /run/current-system/bootspec/boot.json"))
bootspec = json.loads(machine.succeed("jq -r '.v1' /run/current-system/boot.json"))
assert all(key in bootspec for key in ('initrd', 'initrdSecrets')), "Bootspec should contain initrd or initrdSecrets field when initrd is enabled"
'';

2
nixos/tests/hibernate.nix
View file

@ -63,7 +63,7 @@ in makeTest {
# Small root disk for installer
512
];
virtualisation.bootDevice = "/dev/vdb";
virtualisation.rootDevice = "/dev/vdb";
};
};

10
nixos/tests/initrd-luks-empty-passphrase.nix
View file

@ -30,26 +30,26 @@ in {
specialisation.boot-luks-wrong-keyfile.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
keyFile = "/etc/cryptroot.key";
tryEmptyPassphrase = true;
fallbackToPassword = !systemdStage1;
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
boot.initrd.secrets."/etc/cryptroot.key" = keyfile;
};
specialisation.boot-luks-missing-keyfile.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
keyFile = "/etc/cryptroot.key";
tryEmptyPassphrase = true;
fallbackToPassword = !systemdStage1;
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
};
@ -76,7 +76,7 @@ in {
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo "" | cryptsetup luksFormat /dev/vdc --batch-mode")
machine.succeed("echo "" | cryptsetup luksFormat /dev/vdb --batch-mode")
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-wrong-keyfile.conf")
machine.succeed("sync")
machine.crash()

1
nixos/tests/initrd-secrets-changing.nix
View file

@ -15,7 +15,6 @@ testing.makeTest {
nodes.machine = { ... }: {
virtualisation.useBootLoader = true;
virtualisation.persistBootDevice = true;
boot.loader.grub.device = "/dev/vda";

3
nixos/tests/installer.nix
View file

@ -316,8 +316,9 @@ let
# installer. This ensures the target disk (/dev/vda) is
# the same during and after installation.
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.bootDevice =
virtualisation.rootDevice =
if grubVersion == 1 then "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive2" else "/dev/vdb";
virtualisation.bootLoaderDevice = "/dev/vda";
virtualisation.qemu.diskInterface =
if grubVersion == 1 then "scsi" else "virtio";

8
nixos/tests/luks.nix
View file

@ -18,10 +18,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
# We have two disks and only type one password - key reuse is in place
cryptroot.device = "/dev/vdc";
cryptroot2.device = "/dev/vdd";
cryptroot.device = "/dev/vdb";
cryptroot2.device = "/dev/vdc";
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
boot-luks-custom-keymap.configuration = lib.mkMerge [
boot-luks.configuration
@ -37,8 +37,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdd -")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

8
nixos/tests/lvm2/systemd-stage-1.nix
View file

@ -1,18 +1,18 @@
{ kernelPackages ? null, flavour }: let
preparationCode = {
raid = ''
machine.succeed("vgcreate test_vg /dev/vdc /dev/vdd")
machine.succeed("vgcreate test_vg /dev/vdb /dev/vdc")
machine.succeed("lvcreate -L 512M --type raid0 test_vg -n test_lv")
'';
thinpool = ''
machine.succeed("vgcreate test_vg /dev/vdc")
machine.succeed("vgcreate test_vg /dev/vdb")
machine.succeed("lvcreate -L 512M -T test_vg/test_thin_pool")
machine.succeed("lvcreate -n test_lv -V 16G --thinpool test_thin_pool test_vg")
'';
vdo = ''
machine.succeed("vgcreate test_vg /dev/vdc")
machine.succeed("vgcreate test_vg /dev/vdb")
machine.succeed("lvcreate --type vdo -n test_lv -L 6G -V 12G test_vg/vdo_pool_lv")
'';
}.${flavour};
@ -79,7 +79,7 @@ in import ../make-test-python.nix ({ pkgs, ... }: {
kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages;
};
specialisation.boot-lvm.configuration.virtualisation.bootDevice = "/dev/test_vg/test_lv";
specialisation.boot-lvm.configuration.virtualisation.rootDevice = "/dev/test_vg/test_lv";
};
testScript = ''

2
nixos/tests/nextcloud/default.nix
View file

@ -26,4 +26,4 @@ foldl
};
})
{ }
[ 24 25 26 ]
[ 25 26 ]

3
nixos/tests/non-default-filesystems.nix
View file

@ -5,9 +5,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
nodes.machine =
{ config, pkgs, lib, ... }:
let
disk = config.virtualisation.bootDevice;
disk = config.virtualisation.rootDevice;
in
{
virtualisation.rootDevice = "/dev/vda";
virtualisation.useDefaultFilesystems = false;
boot.initrd.availableKernelModules = [ "btrfs" ];

2
nixos/tests/swap-file-btrfs.nix
View file

@ -9,7 +9,7 @@ import ./make-test-python.nix ({ lib, ... }:
{
virtualisation.useDefaultFilesystems = false;
virtualisation.bootDevice = "/dev/vda";
virtualisation.rootDevice = "/dev/vda";
boot.initrd.postDeviceCommands = ''
${pkgs.btrfs-progs}/bin/mkfs.btrfs --label root /dev/vda

2
nixos/tests/swap-partition.nix
View file

@ -7,7 +7,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
{
virtualisation.useDefaultFilesystems = false;
virtualisation.bootDevice = "/dev/vda1";
virtualisation.rootDevice = "/dev/vda1";
boot.initrd.postDeviceCommands = ''
if ! test -b /dev/vda1; then

8
nixos/tests/systemd-initrd-btrfs-raid.nix
View file

@ -21,14 +21,14 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
fileSystems = lib.mkVMOverride {
"/".fsType = lib.mkForce "btrfs";
};
virtualisation.bootDevice = "/dev/vdc";
virtualisation.rootDevice = "/dev/vdb";
};
};
testScript = ''
# Create RAID
machine.succeed("mkfs.btrfs -d raid0 /dev/vdc /dev/vdd")
machine.succeed("mkdir -p /mnt && mount /dev/vdc /mnt && echo hello > /mnt/test && umount /mnt")
machine.succeed("mkfs.btrfs -d raid0 /dev/vdb /dev/vdc")
machine.succeed("mkdir -p /mnt && mount /dev/vdb /mnt && echo hello > /mnt/test && umount /mnt")
# Boot from the RAID
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-btrfs-raid.conf")
@ -38,7 +38,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
# Ensure we have successfully booted from the RAID
assert "(initrd)" in machine.succeed("systemd-analyze") # booted with systemd in stage 1
assert "/dev/vdc on / type btrfs" in machine.succeed("mount")
assert "/dev/vdb on / type btrfs" in machine.succeed("mount")
assert "hello" in machine.succeed("cat /test")
assert "Total devices 2" in machine.succeed("btrfs filesystem show")
'';

8
nixos/tests/systemd-initrd-luks-fido2.nix
View file

@ -19,19 +19,19 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
crypttabExtraOpts = [ "fido2-device=auto" ];
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
};
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdc |& systemd-cat")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdb |& systemd-cat")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

6
nixos/tests/systemd-initrd-luks-keyfile.nix
View file

@ -27,11 +27,11 @@ in {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
keyFile = "/etc/cryptroot.key";
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
boot.initrd.secrets."/etc/cryptroot.key" = keyfile;
};
};
@ -39,7 +39,7 @@ in {
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("cryptsetup luksFormat -q --iter-time=1 -d ${keyfile} /dev/vdc")
machine.succeed("cryptsetup luksFormat -q --iter-time=1 -d ${keyfile} /dev/vdb")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

12
nixos/tests/systemd-initrd-luks-password.nix
View file

@ -19,10 +19,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
# We have two disks and only type one password - key reuse is in place
cryptroot.device = "/dev/vdc";
cryptroot2.device = "/dev/vdd";
cryptroot.device = "/dev/vdb";
cryptroot2.device = "/dev/vdc";
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
# test mounting device unlocked in initrd after switching root
virtualisation.fileSystems."/cryptroot2".device = "/dev/mapper/cryptroot2";
};
@ -31,9 +31,9 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdd -")
machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdd cryptroot2")
machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdc cryptroot2")
machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2")
# Boot from the encrypted disk
@ -47,7 +47,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
machine.send_console("supersecret\n")
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list"
assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount")
'';
})

8
nixos/tests/systemd-initrd-luks-tpm2.nix
View file

@ -21,11 +21,11 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
};
@ -55,8 +55,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdc |& systemd-cat")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

6
nixos/tests/systemd-initrd-swraid.nix
View file

@ -20,18 +20,18 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
services.swraid = {
enable = true;
mdadmConf = ''
ARRAY /dev/md0 devices=/dev/vdc,/dev/vdd
ARRAY /dev/md0 devices=/dev/vdb,/dev/vdc
'';
};
kernelModules = [ "raid0" ];
};
specialisation.boot-swraid.configuration.virtualisation.bootDevice = "/dev/disk/by-label/testraid";
specialisation.boot-swraid.configuration.virtualisation.rootDevice = "/dev/disk/by-label/testraid";
};
testScript = ''
# Create RAID
machine.succeed("mdadm --create --force /dev/md0 -n 2 --level=raid0 /dev/vdc /dev/vdd")
machine.succeed("mdadm --create --force /dev/md0 -n 2 --level=raid0 /dev/vdb /dev/vdc")
machine.succeed("mkfs.ext4 -L testraid /dev/md0")
machine.succeed("mkdir -p /mnt && mount /dev/md0 /mnt && echo hello > /mnt/test && umount /mnt")

38
nixos/tests/zfs.nix
View file

@ -80,6 +80,11 @@ let
fsType = "zfs";
options = [ "noauto" ];
};
virtualisation.fileSystems."/manual/httpkey" = {
device = "manual/httpkey";
fsType = "zfs";
options = [ "noauto" ];
};
};
specialisation.forcepool.configuration = {
@ -92,21 +97,34 @@ let
options = [ "noauto" ];
};
};
services.nginx = {
enable = true;
virtualHosts = {
localhost = {
locations = {
"/zfskey" = {
return = ''200 "httpkeyabc"'';
};
};
};
};
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.succeed(
"zpool status",
"parted --script /dev/vdb mklabel msdos",
"parted --script /dev/vdb -- mkpart primary 1024M -1s",
"parted --script /dev/vdc mklabel msdos",
"parted --script /dev/vdc -- mkpart primary 1024M -1s",
"parted --script /dev/vdd mklabel msdos",
"parted --script /dev/vdd -- mkpart primary 1024M -1s",
)
with subtest("sharesmb works"):
machine.succeed(
"zpool create rpool /dev/vdc1",
"zpool create rpool /dev/vdb1",
"zfs create -o mountpoint=legacy rpool/root",
# shared datasets cannot have legacy mountpoint
"zfs create rpool/shared_smb",
@ -126,10 +144,12 @@ let
with subtest("encryption works"):
machine.succeed(
'echo password | zpool create -O mountpoint=legacy '
+ "-O encryption=aes-256-gcm -O keyformat=passphrase automatic /dev/vdc1",
"zpool create -O mountpoint=legacy manual /dev/vdd1",
+ "-O encryption=aes-256-gcm -O keyformat=passphrase automatic /dev/vdb1",
"zpool create -O mountpoint=legacy manual /dev/vdc1",
"echo otherpass | zfs create "
+ "-o encryption=aes-256-gcm -o keyformat=passphrase manual/encrypted",
"zfs create -o encryption=aes-256-gcm -o keyformat=passphrase "
+ "-o keylocation=http://localhost/zfskey manual/httpkey",
"bootctl set-default nixos-generation-1-specialisation-encryption.conf",
"sync",
"zpool export automatic",
@ -141,10 +161,12 @@ let
machine.send_console("password\n")
machine.wait_for_unit("multi-user.target")
machine.succeed(
"zfs get keystatus manual/encrypted | grep unavailable",
"zfs get -Ho value keystatus manual/encrypted | grep -Fx unavailable",
"echo otherpass | zfs load-key manual/encrypted",
"systemctl start manual-encrypted.mount",
"umount /automatic /manual/encrypted /manual",
"zfs load-key manual/httpkey",
"systemctl start manual-httpkey.mount",
"umount /automatic /manual/encrypted /manual/httpkey /manual",
"zpool destroy automatic",
"zpool destroy manual",
)
@ -153,7 +175,7 @@ let
machine.succeed(
"rm /etc/hostid",
"zgenhostid deadcafe",
"zpool create forcepool /dev/vdc1 -O mountpoint=legacy",
"zpool create forcepool /dev/vdb1 -O mountpoint=legacy",
"bootctl set-default nixos-generation-1-specialisation-forcepool.conf",
"rm /etc/hostid",
"sync",

8
pkgs/applications/editors/emacs/elisp-packages/elpa-packages.nix
View file

@ -106,7 +106,9 @@ self: let
};
});
jinx = super.jinx.overrideAttrs (old: {
jinx = super.jinx.overrideAttrs (old: let
libExt = pkgs.stdenv.targetPlatform.extensions.sharedLibrary;
in {
dontUnpack = false;
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
@ -117,12 +119,12 @@ self: let
postBuild = ''
NIX_CFLAGS_COMPILE="$($PKG_CONFIG --cflags enchant-2) $NIX_CFLAGS_COMPILE"
$CC -shared -o jinx-mod.so jinx-mod.c -lenchant-2
$CC -shared -o jinx-mod${libExt} jinx-mod.c -lenchant-2
'';
postInstall = (old.postInstall or "") + "\n" + ''
outd=$out/share/emacs/site-lisp/elpa/jinx-*
install -m444 -t $outd jinx-mod.so
install -m444 -t $outd jinx-mod${libExt}
rm $outd/jinx-mod.c $outd/emacs-module.h
'';

8
pkgs/applications/editors/emacs/elisp-packages/melpa-packages.nix
View file

@ -314,7 +314,9 @@ let
ivy-rtags = fix-rtags super.ivy-rtags;
jinx = super.jinx.overrideAttrs (old: {
jinx = super.jinx.overrideAttrs (old: let
libExt = pkgs.stdenv.targetPlatform.extensions.sharedLibrary;
in {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
pkgs.pkg-config
];
@ -324,14 +326,14 @@ let
postBuild = ''
pushd working/jinx
NIX_CFLAGS_COMPILE="$($PKG_CONFIG --cflags enchant-2) $NIX_CFLAGS_COMPILE"
$CC -shared -o jinx-mod.so jinx-mod.c -lenchant-2
$CC -shared -o jinx-mod${libExt} jinx-mod.c -lenchant-2
popd
'';
postInstall = (old.postInstall or "") + "\n" + ''
pushd source
outd=$(echo $out/share/emacs/site-lisp/elpa/jinx-*)
install -m444 --target-directory=$outd jinx-mod.so
install -m444 --target-directory=$outd jinx-mod${libExt}
rm $outd/jinx-mod.c $outd/emacs-module.h
popd
'';

6
pkgs/applications/graphics/gscan2pdf/default.nix
View file

@ -130,6 +130,12 @@ perlPackages.buildPerlPackage rec {
# Non-zero wait status: 139
rm t/0601_Dialog_Scan.t
# Disable a test which failed due to convert returning an exit value of 1
# convert: negative or zero image size `/build/KL5kTVnNCi/YfgegFM53e.pnm' @ error/resize.c/ResizeImage/3743.
# *** unhandled exception in callback:
# *** "convert" unexpectedly returned exit value 1 at t/357_unpaper_rtl.t line 63.
rm t/357_unpaper_rtl.t
xvfb-run -s '-screen 0 800x600x24' \
make test
'';

8
pkgs/applications/networking/cluster/k3s/1_26/default.nix
View file

@ -47,10 +47,10 @@
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
k3sVersion = "1.26.3+k3s1"; # k3s git tag
k3sCommit = "01ea3ff27be0b04f945179171cec5a8e11a14f7b"; # k3s git commit at the above version
k3sRepoSha256 = "1wpciikmr4l2nw92i3wlz301vxjiyz8rlzkn8jhzcaiifykc565s";
k3sVendorSha256 = "sha256-1HFLj3zSHV7RvA0fsQ/dPzwnkSRqE9TXXDA4m8OhwZE=";
k3sVersion = "1.26.4+k3s1"; # k3s git tag
k3sCommit = "8d0255af07e95b841952563253d27b0d10bd72f0"; # k3s git commit at the above version
k3sRepoSha256 = "0qlszdnlsvj3hzx2p0wl3zhaw908w8a62z6vlf2g69a3c75f55cs";
k3sVendorSha256 = "sha256-JXTsZYtTspu/pWMRSS2BcegktawBJ6BK7YEKbz1J/ao=";
# nix generated by update.sh
# Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/d71ab6317e22dd34673faa307a412a37a16767f6/scripts/download#L29-L32

4
pkgs/applications/networking/nextcloud-client/default.nix
View file

@ -26,7 +26,7 @@
mkDerivation rec {
pname = "nextcloud-client";
version = "3.8.0";
version = "3.8.1";
outputs = [ "out" "dev" ];
@ -34,7 +34,7 @@ mkDerivation rec {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
sha256 = "sha256-kwSETOz/0/LMypbTmwvMMrGzZdquBjkXfoSrLgTfPiQ=";
sha256 = "sha256-BTve1dq+OiUwh/Kiy20iSAyALolkdOX7FHwxvVAdS4U=";
};
patches = [

10
pkgs/applications/networking/remote/vmware-horizon-client/default.nix
View file

@ -1,10 +1,11 @@
{ stdenv
, lib
, buildFHSEnv
, buildFHSEnvChroot
, fetchurl
, gsettings-desktop-schemas
, makeDesktopItem
, makeWrapper
, opensc
, writeTextDir
, configText ? ""
}:
@ -53,11 +54,16 @@ let
# This library causes the program to core-dump occasionally. Use ours instead.
rm -r $out/lib/vmware/view/crtbora
# This opensc library is required to support smartcard authentication during the
# initial connection to Horizon.
mkdir $out/lib/vmware/view/pkcs11
ln -s ${opensc}/lib/pkcs11/opensc-pkcs11.so $out/lib/vmware/view/pkcs11/libopenscpkcs11.so
${lib.concatMapStrings wrapBinCommands bins}
'';
};
vmwareFHSUserEnv = name: buildFHSEnv {
vmwareFHSUserEnv = name: buildFHSEnvChroot {
inherit name;
runScript = "${vmwareHorizonClientFiles}/bin/${name}_wrapper";

25
pkgs/applications/radio/uhd/default.nix
View file

@ -11,9 +11,9 @@
# requires numpy
, enablePythonApi ? false
, python3
, buildPackages
, enableExamples ? false
, enableUtils ? false
, enableSim ? false
, libusb1
, enableDpdk ? false
, dpdk
@ -34,6 +34,11 @@
let
onOffBool = b: if b then "ON" else "OFF";
inherit (lib) optionals;
# Later used in pythonEnv generation. Python + mako are always required for the build itself but not necessary for runtime.
pythonEnvArg = (ps: with ps; [ mako ]
++ optionals (enablePythonApi) [ numpy setuptools ]
++ optionals (enableUtils) [ requests six ]
);
in
stdenv.mkDerivation rec {
@ -84,22 +89,14 @@ stdenv.mkDerivation rec {
++ [ (lib.optionalString stdenv.isAarch32 "-DCMAKE_CXX_FLAGS=-Wno-psabi") ]
;
# Python + mako are always required for the build itself but not necessary for runtime.
pythonEnv = python3.withPackages (ps: with ps; [ mako ]
++ optionals (enablePythonApi) [ numpy setuptools ]
++ optionals (enableUtils) [ requests six ]
);
pythonEnv = python3.withPackages pythonEnvArg;
nativeBuildInputs = [
cmake
pkg-config
python3
]
# If both enableLibuhd_Python_api and enableUtils are off, we don't need
# pythonEnv in buildInputs as it's a 'build' dependency and not a runtime
# dependency
++ optionals (!enablePythonApi && !enableUtils) [ pythonEnv ]
;
# Present both here and in buildInputs for cross compilation.
(buildPackages.python3.withPackages pythonEnvArg)
];
buildInputs = [
boost
libusb1
@ -122,8 +119,6 @@ stdenv.mkDerivation rec {
patches = [
# Disable tests that fail in the sandbox
./no-adapter-tests.patch
] ++ lib.optionals stdenv.isAarch32 [
./neon.patch
];
postPhases = [ "installFirmware" "removeInstalledTests" ]

19
pkgs/applications/radio/uhd/neon.patch
View file

@ -1,19 +0,0 @@
Description: When building for armhf, enable NEON
NEON is part of the armhf baseline, so this will always be enabled on
armhf.
Author: Paul Tagliamonte <paultag@debian.org>
Bug-Debian: https://bugs.debian.org/873608
Origin: vendor
Last-Update: 2017-08-29
--- uhd-3.10.2.0.orig/host/lib/convert/CMakeLists.txt
+++ uhd-3.10.2.0/host/lib/convert/CMakeLists.txt
@@ -67,6 +67,8 @@ IF(HAVE_ARM_NEON_H AND (${CMAKE_SIZEOF_V
${CMAKE_CURRENT_SOURCE_DIR}/convert_with_neon.cpp
${CMAKE_CURRENT_SOURCE_DIR}/convert_neon.S
)
+
+ SET ( CMAKE_CXX_FLAGS "-mfpu=neon" )
ENDIF()
########################################################################

178
pkgs/applications/terminal-emulators/mlterm/default.nix
View file

@ -1,14 +1,98 @@
{ stdenv, lib, fetchFromGitHub, pkg-config, autoconf, makeDesktopItem, nixosTests
, libX11, gdk-pixbuf, cairo, libXft, gtk3, vte
, harfbuzz #substituting glyphs with opentype fonts
, fribidi, m17n_lib #bidi and encoding
{ stdenv
, lib
, fetchFromGitHub
, pkg-config
, autoconf
, makeDesktopItem
, nixosTests
, vte
, harfbuzz # can be replaced with libotf
, fribidi
, m17n_lib
, libssh2 #build-in ssh
, fcitx5, fcitx5-gtk, ibus, uim #IME
, fcitx5
, fcitx5-gtk
, ibus
, uim #IME
, wrapGAppsHook #color picker in mlconfig
, Cocoa #Darwin
, gdk-pixbuf
, gtk3
, gtk ? gtk3
# List of gui libraries to use. According to `./configure --help` ran on
# release 3.9.3, options are: (xlib|win32|fb|quartz|console|wayland|sdl2|beos)
, enableGuis ? {
xlib = enableX11;
fb = stdenv.isLinux;
quartz = stdenv.isDarwin;
wayland = stdenv.isLinux;
sdl2 = true;
}
, libxkbcommon
, wayland # for the "wayland" --with-gui option
, SDL2 # for the "sdl" --with-gui option
# List of typing engines, the default list enables compiling all of the
# available ones, as recorded on release 3.9.3
, enableTypeEngines ? {
xcore = false; # Considered legacy
xft = enableX11;
cairo = true;
}
, libX11
, libXft
, cairo
# List of external tools to create, this default list includes all default
# tools, as recorded on release 3.9.3.
, enableTools ? {
mlclient = true;
mlconfig = true;
mlcc = true;
mlterm-menu = true;
# Note that according to upstream's ./configure script, to disable
# mlimgloader you have to disable _all_ tools. See:
# https://github.com/arakiken/mlterm/issues/69
mlimgloader = true;
registobmp = true;
mlfc = true;
}
# Whether to enable the X window system
, enableX11 ? stdenv.isLinux
# Most of the input methods and other build features are enabled by default,
# the following attribute set can be used to disable some of them. It's parsed
# when we set `configureFlags`. If you find other configure Flags that require
# dependencies, it'd be nice to make that contribution here.
, enableFeatures ? {
uim = !stdenv.isDarwin;
ibus = !stdenv.isDarwin;
fcitx = !stdenv.isDarwin;
m17n = !stdenv.isDarwin;
ssh2 = true;
bidi = true;
# Open Type layout support, (substituting glyphs with opentype fonts)
otl = true;
}
# Configure the Exec directive in the generated .desktop file
, desktopBinary ? (
if enableGuis.xlib then
"mlterm"
else if enableGuis.wayland then
"mlterm-wl"
else if enableGuis.sdl2 then
"mlterm-sdl2"
else
throw "mlterm: couldn't figure out what desktopBinary to use."
)
}:
stdenv.mkDerivation rec {
let
# Returns a --with-feature=<comma separated string list of all `true`
# attributes>, or `--without-feature` if all attributes are false or don't
# exist. Used later in configureFlags
withFeaturesList = featureName: attrset: let
commaSepList = lib.concatStringsSep "," (builtins.attrNames (lib.filterAttrs (n: v: v) attrset));
in
lib.withFeatureAs (commaSepList != "") featureName commaSepList
;
in stdenv.mkDerivation rec {
pname = "mlterm";
version = "3.9.3";
@ -19,25 +103,41 @@ stdenv.mkDerivation rec {
sha256 = "sha256-gfs5cdwUUwSBWwJJSaxrQGWJvLkI27RMlk5QvDALEDg=";
};
nativeBuildInputs = [ pkg-config autoconf wrapGAppsHook ];
nativeBuildInputs = [
pkg-config
autoconf
] ++ lib.optionals enableTools.mlconfig [
wrapGAppsHook
];
buildInputs = [
libX11
gdk-pixbuf.dev
cairo
libXft
gtk3
harfbuzz
fribidi
gtk
vte
gdk-pixbuf
] ++ lib.optionals enableTypeEngines.xcore [
libX11
] ++ lib.optionals enableTypeEngines.xft [
libXft
] ++ lib.optionals enableTypeEngines.cairo [
cairo
] ++ lib.optionals enableGuis.wayland [
libxkbcommon
wayland
] ++ lib.optionals enableGuis.sdl2 [
SDL2
] ++ lib.optionals enableFeatures.otl [
harfbuzz
] ++ lib.optionals enableFeatures.bidi [
fribidi
] ++ lib.optionals enableFeatures.ssh2 [
libssh2
] ++ lib.optionals (!stdenv.isDarwin) [
# Not supported on Darwin
] ++ lib.optionals enableFeatures.m17n [
m17n_lib
] ++ lib.optionals enableFeatures.fcitx [
fcitx5
fcitx5-gtk
] ++ lib.optionals enableFeatures.ibus [
ibus
] ++ lib.optionals enableFeatures.uim [
uim
];
@ -62,20 +162,13 @@ stdenv.mkDerivation rec {
'';
configureFlags = [
"--with-imagelib=gdk-pixbuf" #or mlimgloader depending on your bugs of choice
"--with-type-engines=cairo,xft,xcore"
"--with-gtk=3.0"
"--enable-ind" #indic scripts
"--enable-fribidi" #bidi scripts
"--with-tools=mlclient,mlconfig,mlcc,mlterm-menu,mlimgloader,registobmp,mlfc"
#mlterm-menu and mlconfig depend on enabling gnome.at-spi2-core
#and configuring ~/.mlterm/key correctly.
] ++ lib.optionals (!stdenv.isDarwin) [
"--with-x=yes"
"--with-gui=xlib,fb"
"--enable-m17nlib" #character encodings
] ++ lib.optionals stdenv.isDarwin [
"--with-gui=quartz"
(withFeaturesList "type-engines" enableTypeEngines)
(withFeaturesList "tools" enableTools)
(withFeaturesList "gui" enableGuis)
(lib.withFeature enableX11 "x")
] ++ lib.optionals (gtk != null) [
"--with-gtk=${lib.versions.major gtk.version}.0"
] ++ (lib.mapAttrsToList (n: v: lib.enableFeature v n) enableFeatures) ++ [
];
enableParallelBuilding = true;
@ -92,23 +185,32 @@ stdenv.mkDerivation rec {
desktopItem = makeDesktopItem {
name = "mlterm";
exec = "mlterm %U";
exec = "${desktopBinary} %U";
icon = "mlterm";
type = "Application";
comment = "Terminal emulator";
comment = "Multi Lingual TERMinal emulator";
desktopName = "mlterm";
genericName = "Terminal emulator";
categories = [ "Application" "System" "TerminalEmulator" ];
categories = [ "System" "TerminalEmulator" ];
startupNotify = false;
};
passthru.tests.test = nixosTests.terminal-emulators.mlterm;
passthru = {
tests.test = nixosTests.terminal-emulators.mlterm;
inherit
enableTypeEngines
enableTools
enableGuis
enableFeatures
;
};
meta = with lib; {
description = "Multi Lingual TERMinal emulator";
homepage = "https://mlterm.sourceforge.net/";
license = licenses.bsd3;
maintainers = with maintainers; [ ramkromberg atemu ];
maintainers = with maintainers; [ ramkromberg atemu doronbehar ];
platforms = platforms.all;
mainProgram = desktopBinary;
};
}

17
pkgs/applications/video/kodi/addons/certifi/default.nix
View file

@ -1,4 +1,4 @@
{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
{ lib, buildKodiAddon, fetchzip, addonUpdateScript, cacert }:
buildKodiAddon rec {
pname = "certifi";
namespace = "script.module.certifi";
@ -9,6 +9,21 @@ buildKodiAddon rec {
sha256 = "sha256-kIPGEjmnHlgVb11W2RKBlrMy3/+kUOcQZiLCcnHCcno=";
};
patches = [
# Add support for NIX_SSL_CERT_FILE
./env.patch
];
postPatch = ''
# Use our system-wide ca-bundle instead of the bundled one
ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "lib/certifi/cacert.pem"
'';
propagatedNativeBuildInputs = [
# propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE`
cacert
];
passthru = {
pythonPath = "lib";
updateScript = addonUpdateScript {

86
pkgs/applications/video/kodi/addons/certifi/env.patch Normal file
View file

@ -0,0 +1,86 @@
diff --git a/lib/certifi/core.py b/lib/certifi/core.py
index de02898..c033d20 100644
--- a/lib/certifi/core.py
+++ b/lib/certifi/core.py
@@ -4,15 +4,25 @@ certifi.py
This module returns the installation location of cacert.pem or its contents.
"""
+import os
import sys
+def get_cacert_path_from_environ():
+ path = os.environ.get("NIX_SSL_CERT_FILE", None)
+
+ if path == "/no-cert-file.crt":
+ return None
+
+ return path
+
+
if sys.version_info >= (3, 11):
from importlib.resources import as_file, files
_CACERT_CTX = None
- _CACERT_PATH = None
+ _CACERT_PATH = get_cacert_path_from_environ()
def where() -> str:
# This is slightly terrible, but we want to delay extracting the file
@@ -39,14 +49,16 @@ if sys.version_info >= (3, 11):
return _CACERT_PATH
def contents() -> str:
- return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")
+ if _CACERT_PATH is not None:
+ return open(_CACERT_PATH, encoding="utf-8").read()
+ return files("certifi").joinpath("cacert.pem").read_text(encoding="utf-8")
elif sys.version_info >= (3, 7):
from importlib.resources import path as get_path, read_text
_CACERT_CTX = None
- _CACERT_PATH = None
+ _CACERT_PATH = get_cacert_path_from_environ()
def where() -> str:
# This is slightly terrible, but we want to delay extracting the
@@ -74,7 +86,9 @@ elif sys.version_info >= (3, 7):
return _CACERT_PATH
def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
+ if _CACERT_PATH is not None:
+ return open(_CACERT_PATH, encoding="utf-8").read()
+ return read_text("certifi", "cacert.pem", encoding="utf-8")
else:
import os
@@ -84,6 +98,8 @@ else:
Package = Union[types.ModuleType, str]
Resource = Union[str, "os.PathLike"]
+ _CACERT_PATH = get_cacert_path_from_environ()
+
# This fallback will work for Python versions prior to 3.7 that lack the
# importlib.resources module but relies on the existing `where` function
# so won't address issues with environments like PyOxidizer that don't set
@@ -102,7 +118,14 @@ else:
def where() -> str:
f = os.path.dirname(__file__)
+ if _CACERT_PATH is not None:
+ return _CACERT_PATH
+
return os.path.join(f, "cacert.pem")
def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
+ if _CACERT_PATH is not None:
+ with open(_CACERT_PATH, encoding="utf-8") as data:
+ return data.read()
+
+ return read_text("certifi", "cacert.pem", encoding="utf-8")

87
pkgs/applications/window-managers/owl/default.nix Normal file
View file

@ -0,0 +1,87 @@
{ lib
, stdenv
, fetchFromGitHub
, gnustep
, libxkbcommon
, makeWrapper
, wayland
, wayland-scanner
, darwin
}:
assert wayland.withLibraries;
let
mkDerivation = if stdenv.isDarwin then stdenv.mkDerivation else gnustep.gsmakeDerivation;
in
mkDerivation {
pname = "owl";
version = "unstable-2021-11-10";
src = fetchFromGitHub {
owner = "owl-compositor";
repo = "owl";
rev = "91abf02613cd2ddb97be58b5b6703240320233a0";
hash = "sha256-a+TznasOVEzSNrs66/y91AeMRDEfyd+WO5mO811hLj0=";
};
# use pregenerated nib files because generating them requires Xcode
postPatch = lib.optionalString stdenv.isDarwin ''
sed -i "/ibtool/d" configure
mkdir -p build/Owl.app/Contents/Resources/English.lproj
cp ${./mac/MainMenu.nib} build/Owl.app/Contents/Resources/English.lproj/MainMenu.nib
cp ${./mac/OwlPreferences.nib} build/Owl.app/Contents/Resources/English.lproj/OwlPreferences.nib
'';
strictDeps = true;
nativeBuildInputs = [
makeWrapper
wayland-scanner
] ++ lib.optionals stdenv.isDarwin [
darwin.DarwinTools
darwin.bootstrap_cmds
] ++ lib.optionals (!stdenv.isDarwin) [
gnustep.make
];
buildInputs = [
libxkbcommon
wayland
] ++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Cocoa
] ++ lib.optionals (!stdenv.isDarwin) [
gnustep.back
gnustep.base
gnustep.gui
];
preConfigure = ''
mkdir -p build
cd build
'';
configureScript = "../configure";
# error: "Your gnustep-base was configured for the objc-nonfragile-abi but you are not using it now."
env.NIX_CFLAGS_COMPILE = lib.optionalString (!stdenv.isDarwin) "-fobjc-runtime=gnustep-2.0";
installPhase = ''
runHook preInstall
mkdir -p $out/{Applications,bin}
mv Owl.app $out/Applications
makeWrapper $out/{Applications/Owl.app${lib.optionalString stdenv.isDarwin "/Contents/MacOS"},bin}/Owl
runHook postInstall
'';
meta = with lib; {
description = "A portable Wayland compositor in Objective-C";
homepage = "https://github.com/owl-compositor/owl";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ wegank ];
platforms = platforms.unix;
mainProgram = "Owl";
};
}

BIN
pkgs/applications/window-managers/owl/mac/MainMenu.nib generated Normal file
View file

Binary file not shown.

BIN
pkgs/applications/window-managers/owl/mac/OwlPreferences.nib generated Normal file
View file

Binary file not shown.

93
pkgs/desktops/deepin/apps/deepin-system-monitor/default.nix Normal file
View file

@ -0,0 +1,93 @@
{ stdenv
, lib
, fetchFromGitHub
, cmake
, pkg-config
, qttools
, deepin-gettext-tools
, wrapQtAppsHook
, dtkwidget
, qt5integration
, qt5platform-plugins
, qtbase
, qtsvg
, qtx11extras
, dde-qt-dbus-factory
, dde-dock
, gsettings-qt
, procps
, libpcap
, libnl
, util-linux
, systemd
, polkit
}:
stdenv.mkDerivation rec {
pname = "deepin-system-monitor";
version = "5.9.32";
src = fetchFromGitHub {
owner = "linuxdeepin";
repo = pname;
rev = version;
sha256 = "sha256-jze5Pigk4edjojmpNNwaVVfcpk5Aed/S0y9YE0HdC0A";
};
postPatch = ''
substituteInPlace deepin-system-monitor-main/process/process_controller.cpp \
deepin-system-monitor-main/process/priority_controller.cpp \
deepin-system-monitor-main/service/service_manager.cpp \
deepin-system-monitor-main/translations/policy/com.deepin.pkexec.deepin-system-monitor.policy \
--replace "/usr/bin/kill" "${util-linux}/bin/kill" \
--replace "/usr/bin/renice" "${util-linux}/bin/renice" \
--replace '/usr/bin/systemctl' '${lib.getBin systemd}/systemctl'
substituteInPlace deepin-system-monitor-main/{service/service_manager.cpp,process/{priority_controller.cpp,process_controller.cpp}} \
--replace "/usr/bin/pkexec" "${lib.getBin polkit}/bin/pkexec"
for file in $(grep -rl "/usr")
do
substituteInPlace $file \
--replace "/usr" "$out"
done
'';
nativeBuildInputs = [
cmake
pkg-config
qttools
deepin-gettext-tools
wrapQtAppsHook
];
buildInputs = [
dtkwidget
qt5integration
qt5platform-plugins
qtbase
qtsvg
qtx11extras
dde-qt-dbus-factory
dde-dock
gsettings-qt
procps
libpcap
libnl
];
cmakeFlags = [
"-DVERSION=${version}"
"-DUSE_DEEPIN_WAYLAND=OFF"
];
strictDeps = true;
meta = with lib; {
description = "A more user-friendly system monitor";
homepage = "https://github.com/linuxdeepin/deepin-system-monitor";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = teams.deepin.members;
};
}

1
pkgs/desktops/deepin/default.nix
View file

@ -49,6 +49,7 @@ let
deepin-music = callPackage ./apps/deepin-music { };
deepin-picker = callPackage ./apps/deepin-picker { };
deepin-shortcut-viewer = callPackage ./apps/deepin-shortcut-viewer { };
deepin-system-monitor = callPackage ./apps/deepin-system-monitor { };
deepin-terminal = callPackage ./apps/deepin-terminal { };
deepin-reader = callPackage ./apps/deepin-reader { };
deepin-voice-note = callPackage ./apps/deepin-voice-note { };

3
pkgs/development/haskell-modules/configuration-common.nix
View file

@ -745,9 +745,6 @@ self: super: {
inline-c-win32 = dontDistribute super.inline-c-win32;
Southpaw = dontDistribute super.Southpaw;
# Hydra no longer allows building texlive packages.
lhs2tex = dontDistribute super.lhs2tex;
# https://ghc.haskell.org/trac/ghc/ticket/9825
vimus = overrideCabal (drv: { broken = pkgs.stdenv.isLinux && pkgs.stdenv.isi686; }) super.vimus;

4
pkgs/development/python-modules/crate/default.nix
View file

@ -12,14 +12,14 @@
buildPythonPackage rec {
pname = "crate";
version = "0.30.0";
version = "0.31.0";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-8xraDCFZbpJZsh3sO5VlSHwnEfH4u4AJZkXA+L4TB60=";
hash = "sha256-HhncnVmUXyHLaLkhIFS89NnKoSY42C1GipOqurIsoZ4=";
};
propagatedBuildInputs = [

30
pkgs/development/tools/language-servers/docker-compose-language-service/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib
, buildNpmPackage
, nodejs-16_x
, fetchFromGitHub
}:
let
buildNpmPackage' = buildNpmPackage.override { nodejs = nodejs-16_x; };
in
buildNpmPackage' rec {
pname = "docker-compose-language-service";
version = "0.1.3";
src = fetchFromGitHub {
owner = "microsoft";
repo = "compose-language-service";
rev = "v${version}";
hash = "sha256-faQvUHzqtCipceGnamVQIlAWCDpo7oX01/zGz9RLjMY=";
};
npmDepsHash = "sha256-gWaZMsI1HVIXKZInfgzfH8syzOwU2C6kcKvB2M6KLX4=";
meta = with lib; {
description = "Language service for Docker Compose documents";
homepage = "https://github.com/microsoft/compose-language-service";
changelog = "https://github.com/microsoft/compose-language-service/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ natsukium ];
mainProgram = "docker-compose-langserver";
};
}

6
pkgs/development/tools/sq/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "sq";
version = "0.25.1";
version = "0.33.0";
src = fetchFromGitHub {
owner = "neilotoole";
repo = pname;
rev = "v${version}";
sha256 = "sha256-FYEgCXXcVhm6vv1QT8UqCBo+/o0dAPwbR3ZNB72MrGI=";
sha256 = "sha256-1I6adQLbVx4Gj9rdocpEPyQagEpaI4a4sHUaSyntyGI=";
};
vendorHash = "sha256-Kcl0/txbq7+xA6826SzSrZx4L02GHcXG5ciKmkrtWLI=";
vendorHash = "sha256-e14qz4KTD2aAl1G5wj2/T0cxocvscj0r+c8So+omA38=";
proxyVendor = true;

6
pkgs/games/blightmud/default.nix
View file

@ -11,16 +11,16 @@
rustPlatform.buildRustPackage rec {
pname = "blightmud";
version = "5.1.0";
version = "5.2.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-0cvMROnblt9c4d6Kbr5iY/Qobf3hOKIhWHvOVQONhO4=";
sha256 = "sha256-sLqkDuohCgHJTMte1WIa2Yu43oWXVvnIpeiDBoQpKY8=";
};
cargoSha256 = "sha256-7jSuadpAZXtlYVw4/NBATTIAFO8M6I11FuxfGFQx51Y=";
cargoHash = "sha256-ffADKoMysYY2vwX3asHnjR2EiND4RJsf/W334PWvkGs=";
buildFeatures = lib.optional withTTS "tts";

8
pkgs/os-specific/linux/kernel/hardened/patches.json
View file

@ -51,10 +51,10 @@
},
"6.1": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.1.24-hardened1.patch",
"sha256": "1fzgf50qj2i12v3wm0zg5bx2kpd5zsvk3zwfnzzm0mg9cap5mpla",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.24-hardened1/linux-hardened-6.1.24-hardened1.patch"
"extra": "-hardened2",
"name": "linux-hardened-6.1.24-hardened2.patch",
"sha256": "1bjcjq0gqvhknryq97qj1a6q3fi71pql23knvs0c42k4vknfih9q",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.24-hardened2/linux-hardened-6.1.24-hardened2.patch"
},
"sha256": "0135aj8asplpxqr48hwdmwynx8n8hzhdgh55yl8r0n1kivisgrma",
"version": "6.1.24"

4
pkgs/os-specific/linux/kernel/linux-4.14.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.14.312";
version = "4.14.313";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "03bwrnm7z8jxxn681dd5jffrj76l14ngkcccfgbg1p4a0471q436";
sha256 = "0k2j856niappvkp9m1wxr87xvbwdzdy03mbcj827kmpjd9gdca76";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.19.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.19.280";
version = "4.19.281";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1xmg9p3ky75n5q894f522s8nwcmbd5c15nmjr0n96m6xzag3kd7w";
sha256 = "13nwzsh3h634450k37pxdca5j8vr3qswx7k79bs2999xp2js9pf0";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.10.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.10.177";
version = "5.10.178";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0waml6svj07b7f8yb1kzrflqlf61x4kcqbgsr372s484m3z628lz";
sha256 = "1bx8wws9gvksg1c1af29nm03jjz2f5a5sq9hzc00ymjyf7isvkqs";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.15.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.15.107";
version = "5.15.108";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1a5gqpxmzls5mp4a0cw10ldrps4pvbn19nzfri91ys25j1v0wdqr";
sha256 = "1fj38bvsyr9g89qr8pcjrp0kaq44g301x46gyjibq73gljnnkswb";
};
} // (args.argsOverride or { }))

4
pkgs/os-specific/linux/kernel/linux-5.4.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.4.240";
version = "5.4.241";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0ihf0rqhx7dav3k3igk29962sscb1xyniy2gx8chyllprr0z126w";
sha256 = "0z7api3qcjrd6w7fva7k6fj4zx17mg5ibn28a6qbgy27dyny1h7z";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-6.1.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "6.1.24";
version = "6.1.25";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
sha256 = "0135aj8asplpxqr48hwdmwynx8n8hzhdgh55yl8r0n1kivisgrma";
sha256 = "149h95r5msvqah868zd36y92ls9h41cr1rb5vzinl20mxdn46wnb";
};
} // (args.argsOverride or { }))

4
pkgs/os-specific/linux/kernel/linux-6.2.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "6.2.11";
version = "6.2.12";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
sha256 = "0iyx03z58pv1d5nrryjx94k3nxwyvm4b3bim6nawg1qbws26f8qd";
sha256 = "1j6cn1ifmcqfqvxp9h10y8yfxi918yzl3yjbf96gmb9p4ysldqf7";
};
} // (args.argsOverride or { }))

6
pkgs/os-specific/linux/kernel/linux-rt-5.15.nix
View file

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.15.96-rt61"; # updated by ./update-rt.sh
version = "5.15.107-rt62"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "167g34xjbqxr5klqp127j2j15pms4jmgs0y7gr8zipiz2i69g39l";
sha256 = "1a5gqpxmzls5mp4a0cw10ldrps4pvbn19nzfri91ys25j1v0wdqr";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "1s6h80q4sddnsxjx4ilc52j4kvxwbzj638rbh7wwxvknh21vkwvl";
sha256 = "0w7ksdv3xpzqiwfxc007k496ghklblb7kglswxhn7y1yqn6pgqzs";
};
}; in [ rt-patch ] ++ kernelPatches;

4
pkgs/os-specific/linux/zfs/default.nix
View file

@ -10,6 +10,7 @@
, gawk, gnugrep, gnused, systemd
, smartmontools, enableMail ? false
, sysstat, pkg-config
, curl
# Kernel dependencies
, kernel ? null
@ -76,6 +77,8 @@ let
nfs-utils.override (old: { enablePython = old.enablePython or true && enablePython; })
}/bin/exportfs"
substituteInPlace ./lib/libshare/smb.h --replace "/usr/bin/net" "${samba}/bin/net"
# Disable dynamic loading of libcurl
substituteInPlace ./config/user-libfetch.m4 --replace "curl-config --built-shared" "true"
substituteInPlace ./config/user-systemd.m4 --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
substituteInPlace ./config/zfs-build.m4 --replace "\$sysconfdir/init.d" "$out/etc/init.d" \
--replace "/etc/default" "$out/etc/default"
@ -111,6 +114,7 @@ let
++ optional buildUser pkg-config;
buildInputs = optionals buildUser [ zlib libuuid attr libtirpc ]
++ optional buildUser openssl
++ optional buildUser curl
++ optional (buildUser && enablePython) python3;
# for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work

6
pkgs/servers/home-automation/evcc/default.nix
View file

@ -16,16 +16,16 @@
buildGo120Module rec {
pname = "evcc";
version = "0.116.2";
version = "0.116.3";
src = fetchFromGitHub {
owner = "evcc-io";
repo = pname;
rev = version;
hash = "sha256-SZwfXoIJRdkr0jQSizmXGOWZYteqa2IWrJNSTOQ3OQ8=";
hash = "sha256-w4AExQmItvSbUSGBOnoyP4rGnEYsyFUU9Y+lF+0xGVc=";
};
vendorHash = "sha256-V0etgtYoU5a6OexoHmy4rKv2J9qvNlT57utJp1Nxyas=";
vendorHash = "sha256-lu6/tRf9o0n13lVsT9OBxc6Ytz3IVEE16vLZ+pZ4Czk=";
npmDeps = fetchNpmDeps {
inherit src;

6
pkgs/servers/minio/default.nix
View file

@ -15,16 +15,16 @@ let
in
buildGoModule rec {
pname = "minio";
version = "2023-03-24T21-41-23Z";
version = "2023-04-13T03-08-07Z";
src = fetchFromGitHub {
owner = "minio";
repo = "minio";
rev = "RELEASE.${version}";
sha256 = "sha256-n42At76bE0LQUiGeW4a9KeVcqVJ+pD9t2WGlUbwZ0Tg=";
sha256 = "sha256-hwNIQO2ZVPs/pw4AiuXMYF6IH/OeXUZ9NMxIWropXVk=";
};
vendorHash = "sha256-OFHifFSsyKIpiffxgVxF538AFBUrJrrcwkqkYyArY7o=";
vendorHash = "sha256-ZBGrZjqrfcF8EYbJwlnpUsV1nOWYmserVV1PXBMkagg=";
doCheck = false;

23
pkgs/servers/nextcloud/default.nix
View file

@ -39,19 +39,26 @@ let
};
};
in {
nextcloud24 = generic {
version = "24.0.11";
sha256 = "sha256-ipsg4rulhRnatEW9VwUJLvOEtX5ZiK7MXK3AU8Q9qIo=";
};
nextcloud24 = throw ''
Nextcloud v24 has been removed from `nixpkgs` as the support for is dropped
by upstream in 2023-04. Please upgrade to at least Nextcloud v25 by declaring
services.nextcloud.package = pkgs.nextcloud25;
in your NixOS config.
WARNING: if you were on Nextcloud 23 you have to upgrade to Nextcloud 24
first on 22.11 because Nextcloud doesn't support upgrades across multiple major versions!
'';
nextcloud25 = generic {
version = "25.0.5";
sha256 = "sha256-xtxjLYPGK9V0GvUzXcE7awzeYQZNPNmlHuDmtHeMqaU=";
version = "25.0.6";
sha256 = "sha256-fYtO3CZ5oNpaIs+S+emMrxqYNlck0AC43fxdiomsjDg=";
};
nextcloud26 = generic {
version = "26.0.0";
sha256 = "sha256-8WMVA2Ou6TZuy1zVJZv2dW7U8HPOp4tfpRXK2noNDD0=";
version = "26.0.1";
sha256 = "sha256-b5xqEkjXyK9K1HPXOkJWX2rautRTHFz6V7w0l7K2T0g=";
};
# tip: get the sha with:

242
pkgs/servers/nextcloud/packages/24.json
View file

@ -1,242 +0,0 @@
{
"bookmarks": {
"sha256": "1jkbwzig4xd042jcbdbdh4whkpxb87f7ba0c89c78bdgcqzjv1a3",
"url": "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz",
"version": "11.0.4",
"description": "- 📂 Sort bookmarks into folders\n- 🏷 Add tags and personal notes\n- 🔍 Full-text search\n- 📲 Synchronize with all your browsers and devices\n- 👪 Share bookmarks with other users and publicly\n- ☠ Find broken links\n- ⚛ Generate RSS feeds of your collections\n- 📔 Read archived versions of your links in case they are depublished\n- 💬 Create new bookmarks directly from within Nextcloud Talk\n- 💼 Built-in Dashboard widgets for frequent and recent links\n\nRequirements:\n - PHP v7.4+\n - PHP extensions:\n - intl: *\n - mbstring: *\n - when using MySQL, use at least v8.0",
"homepage": "https://github.com/nextcloud/bookmarks",
"licenses": [
"agpl"
]
},
"calendar": {
"sha256": "0zzq556727yryxa0zas6agm6azl1898gbjx4wnl8d8m9hczf6xr2",
"url": "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.7/calendar-v3.5.7.tar.gz",
"version": "3.5.7",
"description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* 🚀 **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite teams matchdays in your calendar? No problem!\n* 🙋 **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* 🔍 Search! Find your events at ease\n* ☑️ Tasks! See tasks with a due date directly in the calendar\n* 🙈 **Were not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.",
"homepage": "https://github.com/nextcloud/calendar/",
"licenses": [
"agpl"
]
},
"contacts": {
"sha256": "1r0z0ldywzaw7a87hlsbn1f9pxqndqpxxa6khn70yh02cjrzh03m",
"url": "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.5/contacts-v4.2.5.tar.gz",
"version": "4.2.5",
"description": "The Nextcloud contacts app is a user interface for Nextcloud's CardDAV server. Easily sync contacts from various devices with your Nextcloud and edit them online.\n\n* 🚀 **Integration with other Nextcloud apps!** Currently Mail and Calendar more to come.\n* 🎉 **Never forget a birthday!** You can sync birthdays and other recurring events with your Nextcloud Calendar.\n* 👥 **Sharing of Adressbooks!** You want to share your contacts with your friends or coworkers? No problem!\n* 🙈 **Were not reinventing the wheel!** Based on the great and open SabreDAV library.",
"homepage": "https://github.com/nextcloud/contacts#readme",
"licenses": [
"agpl"
]
},
"deck": {
"sha256": "1q21vpq9fv6p9harn96fq7cn68qixw3d08s9yf25mnxzpynrwv50",
"url": "https://github.com/nextcloud-releases/deck/releases/download/v1.7.3/deck-v1.7.3.tar.gz",
"version": "1.7.3",
"description": "Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.\n\n\n- 📥 Add your tasks to cards and put them in order\n- 📄 Write down additional notes in Markdown\n- 🔖 Assign labels for even better organization\n- 👥 Share with your team, friends or family\n- 📎 Attach files and embed them in your Markdown description\n- 💬 Discuss with your team using comments\n- ⚡ Keep track of changes in the activity stream\n- 🚀 Get your project organized",
"homepage": "https://github.com/nextcloud/deck",
"licenses": [
"agpl"
]
},
"files_markdown": {
"sha256": "1dhl83vxk6aznakmvbcx52gl8slhy6jz1vqwiv8nwfjh75aczzxy",
"url": "https://github.com/icewind1991/files_markdown/releases/download/v2.3.6/files_markdown.tar.gz",
"version": "2.3.6",
"description": "Markdown Editor extends the Nextcloud text editor with a live preview for markdown files.\n\nA full list of features can be found [in the README](https://github.com/icewind1991/files_markdown)",
"homepage": "https://github.com/icewind1991/files_markdown",
"licenses": [
"agpl"
]
},
"files_texteditor": {
"sha256": "0rmk14iw34pd81snp3lm01k07wm5j2nh9spcd4j0m43l20b7kxss",
"url": "https://github.com/nextcloud-releases/files_texteditor/releases/download/v2.15.0/files_texteditor.tar.gz",
"version": "2.15.0",
"description": "This application enables Nextcloud users to open, save and edit text files in the web browser. If enabled, an entry called \"Text file\" in the \"New\" button menu at the top of the web browser appears. When clicked, a new text file opens in the browser and the file can be saved into the current Nextcloud directory. Further, when a text file is clicked in the web browser, it will be opened and editable. If the privileges allow, a user can also edit shared files and save these changes back into the web browser.\nMore information is available in the text editor documentation.",
"homepage": "https://github.com/nextcloud/files_texteditor",
"licenses": [
"agpl"
]
},
"forms": {
"sha256": "1payxppd2j0n67kcswb3dkk2a467fahwakxs7wqsfqgqgr9mcbl4",
"url": "https://github.com/nextcloud/forms/releases/download/v2.5.2/forms.tar.gz",
"version": "2.5.2",
"description": "**Simple surveys and questionnaires, self-hosted!**\n\n- **📝 Simple design:** No mass of options, only the essentials. Works well on mobile of course.\n- **📊 View & export results:** Results are visualized and can also be exported as CSV in the same format used by Google Forms.\n- **🔒 Data under your control!** Unlike in Google Forms, Typeform, Doodle and others, the survey info and responses are kept private on your instance.\n- **🧑‍💻 Connect to your software:** Easily integrate Forms into your service with our full-fledged [REST-API](https://github.com/nextcloud/forms/blob/main/docs/API.md).\n- **🙋 Get involved!** We have lots of stuff planned like more question types, collaboration on forms, [and much more](https://github.com/nextcloud/forms/milestones)!",
"homepage": "https://github.com/nextcloud/forms",
"licenses": [
"agpl"
]
},
"groupfolders": {
"sha256": "09lz63n9i040lndzmpm6rdlpviaa8m9skpjw98m18miamdmqbf0d",
"url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v12.0.3/groupfolders-v12.0.3.tar.gz",
"version": "12.0.3",
"description": "Admin configured folders shared with everyone in a group.\n\nFolders can be configured from *Group folders* in the admin settings.\n\nAfter a folder is created, the admin can give access to the folder to one or more groups, control their write/sharing permissions and assign a quota for the folder.\n\nNote: Encrypting the contents of group folders is currently not supported.",
"homepage": "https://github.com/nextcloud/groupfolders",
"licenses": [
"agpl"
]
},
"impersonate": {
"sha256": "1kjibw5rigij51j6vjmx7ykrk61lg98syp7kkr0fzgwzvxrdniah",
"url": "https://github.com/nextcloud-releases/impersonate/releases/download/v1.11.1/impersonate-v1.11.1.tar.gz",
"version": "1.11.1",
"description": "By installing the impersonate app of your Nextcloud you enable administrators to impersonate other users on the Nextcloud server. This is especially useful for debugging issues reported by users.\n\nTo impersonate a user an administrator has to simply follow the following four steps:\n\n1. Login as administrator to Nextcloud.\n2. Open users administration interface.\n3. Select the impersonate button on the affected user.\n4. Confirm the impersonation.\n\nThe administrator is then logged-in as the user, to switch back to the regular user account they simply have to press the logout button.\n\n**Note:**\n\n- This app is not compatible with instances that have encryption enabled.\n- While impersonate actions are logged note that actions performed impersonated will be logged as the impersonated user.\n- Impersonating a user is only possible after their first login.",
"homepage": "https://github.com/nextcloud/impersonate",
"licenses": [
"agpl"
]
},
"keeweb": {
"sha256": "19wzp588p3a87bi7ajn2r8jmsjjzzc1g8bkpwkidv66gi87gv9sr",
"url": "https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.12/keeweb-0.6.12.tar.gz",
"version": "0.6.12",
"description": "Open Keepass stores inside Nextcloud with Keeweb just by clicking on an *.kdbx file in your Nextcloud.",
"homepage": "https://github.com/jhass/nextcloud-keeweb",
"licenses": [
"agpl"
]
},
"mail": {
"sha256": "1a697wf2lq596dk04acd6qpmx9immh6v8npj0kf43m31kc3hm0rs",
"url": "https://github.com/nextcloud-releases/mail/releases/download/v1.15.3/mail-v1.15.3.tar.gz",
"version": "1.15.3",
"description": "**💌 A mail app for Nextcloud**\n\n- **🚀 Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files more to come.\n- **📥 Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **🔒 Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **🙈 Were not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **📬 Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!",
"homepage": "https://github.com/nextcloud/mail#readme",
"licenses": [
"agpl"
]
},
"news": {
"sha256": "1zyn6rs24f5dsb4z65dzx2mdkw8gy8n3adk9dgyyd4cjjhhixhsm",
"url": "https://github.com/nextcloud/news/releases/download/21.2.0-beta3/news.tar.gz",
"version": "21.2.0-beta3",
"description": "📰 A RSS/Atom Feed reader App for Nextcloud\n\n- 📲 Synchronize your feeds with multiple mobile or desktop [clients](https://nextcloud.github.io/news/clients/)\n- 🔄 Automatic updates of your news feeds\n- 🆓 Free and open source under AGPLv3, no ads or premium functions\n\n**System Cron is currently required for this app to work**\n\nRequirements can be found [here](https://nextcloud.github.io/news/install/#dependencies)\n\nThe Changelog is available [here](https://github.com/nextcloud/news/blob/master/CHANGELOG.md)\n\nCreate a [bug report](https://github.com/nextcloud/news/issues/new/choose)\n\nCreate a [feature request](https://github.com/nextcloud/news/discussions/new)\n\nReport a [feed issue](https://github.com/nextcloud/news/discussions/new)",
"homepage": "https://github.com/nextcloud/news",
"licenses": [
"agpl"
]
},
"notes": {
"sha256": "0b88xsznfi31la7iyj4b7j1qlb8wvrmq49z9dgdrwja3r81mxnsr",
"url": "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz",
"version": "4.5.1",
"description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into third-party apps (currently, there are notes apps for [Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios) and the [console](https://git.danielmoch.com/nncli/about) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.",
"homepage": "https://github.com/nextcloud/notes",
"licenses": [
"agpl"
]
},
"notify_push": {
"sha256": "1fz6wi5nb4c2w33vp9ry2mk4lmv7aa3axyfxzldf5w4glfzaymzw",
"url": "https://github.com/nextcloud-releases/notify_push/releases/download/v0.6.2/notify_push-v0.6.2.tar.gz",
"version": "0.6.2",
"description": "Push update support for desktop app.\n\nOnce the app is installed, the push binary needs to be setup. You can either use the setup wizard with `occ notify_push:setup` or see the [README](http://github.com/nextcloud/notify_push) for detailed setup instructions",
"homepage": "",
"licenses": [
"agpl"
]
},
"onlyoffice": {
"sha256": "0hscbm7jcnxyg7ib0g16b0sw8nz7rl6qzx90qmki5knhzrf6hf1j",
"url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v7.7.0/onlyoffice.tar.gz",
"version": "7.7.0",
"description": "ONLYOFFICE connector allows you to view, edit and collaborate on text documents, spreadsheets and presentations within Nextcloud using ONLYOFFICE Docs. This will create a new Edit in ONLYOFFICE action within the document library for Office documents. This allows multiple users to co-author documents in real time from the familiar web interface and save the changes back to your file storage.",
"homepage": "https://www.onlyoffice.com",
"licenses": [
"apache"
]
},
"polls": {
"sha256": "0qdm0hnljkv0df1s929awyjj1gsp3d6xv9llr52cxv66kkfx086y",
"url": "https://github.com/nextcloud/polls/releases/download/v3.8.4/polls.tar.gz",
"version": "3.8.4",
"description": "A polls app, similar to Doodle/Dudle with the possibility to restrict access (members, certain groups/users, hidden and public).",
"homepage": "https://github.com/nextcloud/polls",
"licenses": [
"agpl"
]
},
"previewgenerator": {
"sha256": "0vwlx3z80i12f9hm0qrm014a0wybjk2j5is7vyn9wcizhr6mpzjv",
"url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.2.2/previewgenerator-v5.2.2.tar.gz",
"version": "5.2.2",
"description": "The Preview Generator app allows admins to pre-generate previews. The app listens to edit events and stores this information. Once a cron job is triggered it will generate start preview generation. This means that you can better utilize your system by pre-generating previews when your system is normally idle and thus putting less load on your machine when the requests are actually served.\n\nThe app does not replace on demand preview generation so if a preview is requested before it is pre-generated it will still be shown.\nThe first time you install this app, before using a cron job, you properly want to generate all previews via:\n**./occ preview:generate-all -vvv**\n\n**Important**: To enable pre-generation of previews you must add **php /var/www/nextcloud/occ preview:pre-generate** to a system cron job that runs at times of your choosing.",
"homepage": "https://github.com/nextcloud/previewgenerator",
"licenses": [
"agpl"
]
},
"registration": {
"sha256": "0m45limwsk8a86fqjxj2w1753hd2vc5icpv0wcbwrlr0mxxdc46f",
"url": "https://github.com/nextcloud-releases/registration/releases/download/v1.5.0/registration-v1.5.0.tar.gz",
"version": "1.5.0",
"description": "User registration\n\nThis app allows users to register a new account.\n\n# Features\n\n- Add users to a given group\n- Allow-list with email domains (including wildcard) to register with\n- Administrator will be notified via email for new user creation or require approval\n- Supports Nextcloud's Client Login Flow v1 and v2 - allowing registration in the mobile Apps and Desktop clients\n\n# Web form registration flow\n\n1. User enters their email address\n2. Verification link is sent to the email address\n3. User clicks on the verification link\n4. User is lead to a form where they can choose their username and password\n5. New account is created and is logged in automatically",
"homepage": "https://github.com/nextcloud/registration",
"licenses": [
"agpl"
]
},
"spreed": {
"sha256": "1r2n312kxx6ymlwrvqsj230x4zsg6im4xrss04zagiflvfljr5da",
"url": "https://github.com/nextcloud-releases/spreed/releases/download/v14.0.10/spreed-v14.0.10.tar.gz",
"version": "14.0.10",
"description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* 👥 **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* 💻 **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* 🚀 **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* ✋ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds",
"homepage": "https://github.com/nextcloud/spreed",
"licenses": [
"agpl"
]
},
"tasks": {
"sha256": "0jm13d6nm7cfsw27yfiq1il9xjlh0qrq8xby2yz9dmggn7lk1dx5",
"url": "https://github.com/nextcloud/tasks/releases/download/v0.14.5/tasks.tar.gz",
"version": "0.14.5",
"description": "Once enabled, a new Tasks menu will appear in your Nextcloud apps menu. From there you can add and delete tasks, edit their title, description, start and due dates and mark them as important. Tasks can be shared between users. Tasks can be synchronized using CalDav (each task list is linked to an Nextcloud calendar, to sync it to your local client: Thunderbird, Evolution, KDE Kontact, iCal … - just add the calendar as a remote calendar in your client). You can download your tasks as ICS files using the download button for each calendar.",
"homepage": "https://github.com/nextcloud/tasks/",
"licenses": [
"agpl"
]
},
"twofactor_nextcloud_notification": {
"sha256": "1zdx7khsa22k6g9zhcxrgr1mykl16064z0scr5jbgq5ms3hh2q9w",
"url": "https://github.com/nextcloud-releases/twofactor_nextcloud_notification/releases/download/v3.4.0/twofactor_nextcloud_notification-v3.4.0.tar.gz",
"version": "3.4.0",
"description": "Allows using any of your logged in devices as second factor",
"homepage": "https://github.com/nextcloud/twofactor_nextcloud_notification",
"licenses": [
"agpl"
]
},
"twofactor_totp": {
"sha256": "189cwq78dqanqxhsl69dahdkh230zhz2r285lvf0b7pg0sxcs0yc",
"url": "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz",
"version": "6.4.1",
"description": "A Two-Factor-Auth Provider for TOTP (RFC 6238)",
"homepage": "https://github.com/nextcloud/twofactor_totp#readme",
"licenses": [
"agpl"
]
},
"twofactor_webauthn": {
"sha256": "10f6dm9cxljicmfk9l4ncg6r7c1jy1pvm0b5kvz35q9jgniq0hcs",
"url": "https://github.com/nextcloud-releases/twofactor_webauthn/releases/download/v0.3.3/twofactor_webauthn-v0.3.3.tar.gz",
"version": "0.3.3",
"description": "A two-factor provider for WebAuthn devices",
"homepage": "https://github.com/nextcloud/twofactor_webauthn#readme",
"licenses": [
"agpl"
]
},
"unsplash": {
"sha256": "1xlqpzry2qq0msrq8alg0mywlhjh09m3z5glh4rgwmh3p5b0777c",
"url": "https://github.com/nextcloud/unsplash/releases/download/v2.0.1/unsplash.tar.gz",
"version": "2.0.1",
"description": "Show a new random featured nature photo in your nextcloud. Now with choosable motives!",
"homepage": "https://github.com/nextcloud/unsplash/",
"licenses": [
"agpl"
]
}
}

4
pkgs/servers/ser2net/default.nix
View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "ser2net";
version = "4.3.11";
version = "4.3.12";
src = fetchFromGitHub {
owner = "cminyard";
repo = pname;
rev = "v${version}";
hash = "sha256-5Jo6wwxRwf6JbpG7vEGpEBFA9b0v7DqbfpvgETHHhpY=";
hash = "sha256-jF1tk/JeZ3RGHol+itwtkTF/cn5FHm/vhUgXJzi9J9E=";
};
passthru = {

4
pkgs/tools/graphics/wdisplays/default.nix
View file

@ -15,6 +15,10 @@ stdenv.mkDerivation rec {
sha256 = "sha256-cOF3+T34zPro58maWUouGG+vlLm2C5NfcH7PZhSvApE=";
};
patchPhase = ''
substituteInPlace ./resources/wdisplays.desktop.in --replace "@app_id@" "wdisplays"
'';
meta = with lib; {
description = "A graphical application for configuring displays in Wayland compositors";
homepage = "https://github.com/luispabon/wdisplays";

6
pkgs/tools/networking/minio-client/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "minio-client";
version = "2023-03-23T20-03-04Z";
version = "2023-04-12T02-21-51Z";
src = fetchFromGitHub {
owner = "minio";
repo = "mc";
rev = "RELEASE.${version}";
sha256 = "sha256-wiYgLtFemdB7Cc/hJDvBbjvxH4I9QQkOIdyyPzWO8w0=";
sha256 = "sha256-jNgReeR4KNzB1LKbiAOLWiYeJJ61qgf3J9nMy97FVGU=";
};
vendorHash = "sha256-VtBrxsfi2CUGzXSiHKLvr3Iw1myWyf3uPEQEZahjDhw=";
vendorHash = "sha256-d8cC/exdM7OMGE24bN00BVE3jqE1tj6727JiON/aJkc=";
subPackages = [ "." ];

6
pkgs/tools/networking/termscp/default.nix
View file

@ -13,16 +13,16 @@
rustPlatform.buildRustPackage rec {
pname = "termscp";
version = "0.11.0";
version = "0.11.2";
src = fetchFromGitHub {
owner = "veeso";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-+5ljnCVbaiqqfXCJjMMInoLjLmZjCIoDkQi9pS6VKpc=";
hash = "sha256-bQvoTy48eYK369Ei6B8l6F5/pfQGYiHdz3KsQV7Bi9Y=";
};
cargoHash = "sha256-GoWVDU1XVjbzZlGPEuHucnxcvhf4Rqx/nSEVygD9gCo=";
cargoHash = "sha256-/nadstDHzLOrimL+xK7/ldOozz7ZS1nRQmkIhGHK8p8=";
nativeBuildInputs = [
pkg-config

4
pkgs/tools/security/gitleaks/default.nix
View file

@ -8,13 +8,13 @@
buildGoModule rec {
pname = "gitleaks";
version = "8.16.2";
version = "8.16.3";
src = fetchFromGitHub {
owner = "zricethezav";
repo = pname;
rev = "v${version}";
hash = "sha256-AR/08O0wUp3clbIF+2Kw0klMQ6UorFkIRsnqfX4Q3SY=";
hash = "sha256-WukTYi7iqagOLpx8KATEittlM6OvIfxDYiNTdsotjTY=";
};
vendorHash = "sha256-Ev0/CSpwJDmc+Dvu/bFDzsgsq80rWImJWXNAUqYHgoE=";

10
pkgs/tools/typesetting/tex/advi/default.nix
View file

@ -34,8 +34,6 @@ ocamlPackages.buildDunePackage rec {
pname = "advi";
version = "2.0.0";
useDune2 = true;
minimalOCamlVersion = "4.11";
src = fetchurl {
@ -43,6 +41,14 @@ ocamlPackages.buildDunePackage rec {
hash = "sha256-c0DQHlvdekJyXCxmR4+Ut/njtoCzmqX6hNazNv8PpBQ=";
};
postPatch = ''
substituteInPlace ./Makefile \
--replace "\$(DUNE) install \$(DUNEROOT) --display=short" \
"\$(DUNE) install \$(DUNEROOT) --prefix $out --docdir $out/share/doc --mandir $out/share/man"
'';
duneVersion = "3";
nativeBuildInputs = [ fake-opam kpsexpand makeWrapper texlive.combined.scheme-medium which ];
buildInputs = with ocamlPackages; [ camlimages ghostscriptX graphics ];

13
pkgs/top-level/all-packages.nix
View file

@ -2575,8 +2575,9 @@ with pkgs;
microcom = callPackage ../applications/terminal-emulators/microcom { };
mlterm = darwin.apple_sdk_11_0.callPackage ../applications/terminal-emulators/mlterm {
inherit (darwin.apple_sdk_11_0.frameworks) Cocoa;
mlterm = darwin.apple_sdk_11_0.callPackage ../applications/terminal-emulators/mlterm { };
mlterm-wayland = mlterm.override {
enableX11 = false;
};
mrxvt = callPackage ../applications/terminal-emulators/mrxvt { };
@ -10263,9 +10264,7 @@ with pkgs;
inherit (callPackage ../servers/nextcloud {})
nextcloud24 nextcloud25 nextcloud26;
nextcloud24Packages = ( callPackage ../servers/nextcloud/packages {
apps = lib.importJSON ../servers/nextcloud/packages/24.json;
});
nextcloud24Packages = throw "Nextcloud24 is EOL!";
nextcloud25Packages = ( callPackage ../servers/nextcloud/packages {
apps = lib.importJSON ../servers/nextcloud/packages/25.json;
});
@ -17300,6 +17299,8 @@ with pkgs;
llvmPackages = llvmPackages_latest;
};
docker-compose-language-service = callPackage ../development/tools/language-servers/docker-compose-language-service { };
dot-language-server = callPackage ../development/tools/language-servers/dot-language-server { };
fortls = python3.pkgs.callPackage ../development/tools/language-servers/fortls { };
@ -30895,6 +30896,8 @@ with pkgs;
offpunk = callPackage ../applications/networking/browsers/offpunk { };
owl-compositor = callPackage ../applications/window-managers/owl { };
p2pool = callPackage ../applications/misc/p2pool { };
pass2csv = python3Packages.callPackage ../tools/security/pass2csv { };