From 23c15323ce1c5b9ec138dda788fff2b2e3e9c60d Mon Sep 17 00:00:00 2001 From: talyz Date: Mon, 28 Mar 2022 15:04:31 +0200 Subject: [PATCH 01/27] nixos/geoipupdate: Add error handling to scripts --- nixos/modules/services/misc/geoipupdate.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix index 3211d4d88e4..6a0b616473f 100644 --- a/nixos/modules/services/misc/geoipupdate.nix +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -102,6 +102,9 @@ in systemd.services.geoipupdate-create-db-dir = { serviceConfig.Type = "oneshot"; script = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + mkdir -p ${cfg.settings.DatabaseDirectory} chmod 0755 ${cfg.settings.DatabaseDirectory} ''; @@ -135,6 +138,9 @@ in geoipupdateConf = pkgs.writeText "geoipupdate.conf" (geoipupdateKeyValue cfg.settings); script = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + chown geoip "${cfg.settings.DatabaseDirectory}" cp ${geoipupdateConf} /run/geoipupdate/GeoIP.conf From 89665c944a85b6c3e3b5a56b01c5f62f47b8c3fb Mon Sep 17 00:00:00 2001 From: linsui Date: Thu, 16 Jun 2022 00:17:57 +0800 Subject: [PATCH 02/27] element-web: fix jitsi --- .../networking/instant-messengers/element/element-web.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/networking/instant-messengers/element/element-web.nix b/pkgs/applications/networking/instant-messengers/element/element-web.nix index 7cdfcabdce5..0049ccd6a33 100644 --- a/pkgs/applications/networking/instant-messengers/element/element-web.nix +++ b/pkgs/applications/networking/instant-messengers/element/element-web.nix @@ -8,6 +8,7 @@ , yarn , fixup_yarn_lock , nodejs +, jitsi-meet , conf ? { } }: @@ -65,6 +66,7 @@ mkYarnPackage rec { runHook preInstall cp -R webapp $out + cp ${jitsi-meet}/libs/external_api.min.js $out/jitsi_external_api.min.js echo "${version}" > "$out/version" jq -s '.[0] * .[1]' "config.sample.json" "${configOverrides}" > "$out/config.json" From 4dddca82409b9c53dfc5777b0a7219092b4492c5 Mon Sep 17 00:00:00 2001 From: talyz Date: Mon, 28 Mar 2022 15:05:26 +0200 Subject: [PATCH 03/27] nixos/geoipupdate: Improve secret handling Make secret replacement more robust and futureproof: - Allow any attribute in `services.geoipupdate.settings` to be a secret if set to `{ _secret = "/path/to/secret"; }`. - Hash the license key path before using it as a placeholder in the config file to minimize the risk of conflicting file paths being replaced instead. --- nixos/modules/services/misc/geoipupdate.nix | 47 ++++++++++++++++++--- 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix index 6a0b616473f..db643c3d847 100644 --- a/nixos/modules/services/misc/geoipupdate.nix +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -2,6 +2,7 @@ let cfg = config.services.geoipupdate; + inherit (builtins) isAttrs isString isInt isList typeOf hashString; in { imports = [ @@ -27,11 +28,30 @@ in }; settings = lib.mkOption { + example = lib.literalExpression '' + { + AccountID = 200001; + DatabaseDirectory = "/var/lib/GeoIP"; + LicenseKey = { _secret = "/run/keys/maxmind_license_key"; }; + Proxy = "10.0.0.10:8888"; + ProxyUserPassword = { _secret = "/run/keys/proxy_pass"; }; + } + ''; description = '' geoipupdate configuration options. See for a full list of available options. + + Settings containing secret data should be set to an + attribute set containing the attribute + _secret - a string pointing to a file + containing the value the option should be set to. See the + example to get a better picture of this: in the resulting + GeoIP.conf file, the + ProxyUserPassword key will be set to the + contents of the + /run/keys/proxy_pass file. ''; type = lib.types.submodule { freeformType = @@ -65,11 +85,18 @@ in }; LicenseKey = lib.mkOption { - type = lib.types.path; + type = with lib.types; either path (attrsOf path); description = '' - A file containing the MaxMind - license key. + A file containing the + MaxMind license key. + + Always handled as a secret whether the value is + wrapped in a { _secret = ...; } + attrset or not (refer to for + details). ''; + apply = x: if isAttrs x then x else { _secret = x; }; }; DatabaseDirectory = lib.mkOption { @@ -118,22 +145,30 @@ in "network-online.target" "nss-lookup.target" ]; + path = [ pkgs.replace-secret ]; wants = [ "network-online.target" ]; startAt = cfg.interval; serviceConfig = { ExecStartPre = let + isSecret = v: isAttrs v && v ? _secret && isString v._secret; geoipupdateKeyValue = lib.generators.toKeyValue { mkKeyValue = lib.flip lib.generators.mkKeyValueDefault " " rec { - mkValueString = v: with builtins; + mkValueString = v: if isInt v then toString v else if isString v then v else if true == v then "1" else if false == v then "0" else if isList v then lib.concatMapStringsSep " " mkValueString v + else if isSecret v then hashString "sha256" v._secret else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; }; }; + secretPaths = lib.catAttrs "_secret" (lib.collect isSecret cfg.settings); + mkSecretReplacement = file: '' + replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/geoipupdate/GeoIP.conf" ]} + ''; + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; geoipupdateConf = pkgs.writeText "geoipupdate.conf" (geoipupdateKeyValue cfg.settings); @@ -144,9 +179,7 @@ in chown geoip "${cfg.settings.DatabaseDirectory}" cp ${geoipupdateConf} /run/geoipupdate/GeoIP.conf - ${pkgs.replace-secret}/bin/replace-secret '${cfg.settings.LicenseKey}' \ - '${cfg.settings.LicenseKey}' \ - /run/geoipupdate/GeoIP.conf + ${secretReplacements} ''; in "+${pkgs.writeShellScript "start-pre-full-privileges" script}"; From 6686a3115c4482ea36fcc63916a0435692bc7980 Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 31 Mar 2022 15:53:49 +0200 Subject: [PATCH 04/27] nixos/parsedmarc: Fix compatibility with recent versions of grafana --- nixos/modules/services/monitoring/parsedmarc.nix | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index ec71365ba3c..092186b3444 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -404,21 +404,14 @@ in enable = cfg.provision.grafana.datasource || cfg.provision.grafana.dashboard; datasources = let - pkgVer = lib.getVersion config.services.elasticsearch.package; - esVersion = - if lib.versionOlder pkgVer "7" then - "60" - else if lib.versionOlder pkgVer "8" then - "70" - else - throw "When provisioning parsedmarc grafana datasources: unknown Elasticsearch version."; + esVersion = lib.getVersion config.services.elasticsearch.package; in lib.mkIf cfg.provision.grafana.datasource [ { name = "dmarc-ag"; type = "elasticsearch"; access = "proxy"; - url = "localhost:9200"; + url = "http://localhost:9200"; jsonData = { timeField = "date_range"; inherit esVersion; @@ -428,7 +421,7 @@ in name = "dmarc-fo"; type = "elasticsearch"; access = "proxy"; - url = "localhost:9200"; + url = "http://localhost:9200"; jsonData = { timeField = "date_range"; inherit esVersion; From 32e057881a5a8e48da2bff645f06a0d09965b5a4 Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 31 Mar 2022 15:54:45 +0200 Subject: [PATCH 05/27] nixos/parsedmarc: Remove kafka support It's broken (see https://github.com/domainaware/parsedmarc/issues/243) and providing settings for it is therefore misleading. --- .../services/monitoring/parsedmarc.nix | 58 ------------------- 1 file changed, 58 deletions(-) diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index 092186b3444..ae1b2076ad0 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -299,63 +299,6 @@ in ''; }; }; - - kafka = { - hosts = lib.mkOption { - default = []; - type = with lib.types; listOf str; - apply = x: if x == [] then null else lib.concatStringsSep "," x; - description = '' - A list of Apache Kafka hosts to publish parsed reports - to. - ''; - }; - - user = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - description = '' - Username to use when connecting to Kafka, if - required. - ''; - }; - - password = lib.mkOption { - type = with lib.types; nullOr path; - default = null; - description = '' - The path to a file containing the password to use when - connecting to Kafka, if required. - ''; - }; - - ssl = lib.mkOption { - type = with lib.types; nullOr bool; - default = null; - description = '' - Whether to use an encrypted SSL/TLS connection. - ''; - }; - - aggregate_topic = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - example = "aggregate"; - description = '' - The Kafka topic to publish aggregate reports on. - ''; - }; - - forensic_topic = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - example = "forensic"; - description = '' - The Kafka topic to publish forensic reports on. - ''; - }; - }; - }; }; @@ -483,7 +426,6 @@ in ${mkSecretReplacement cfg.settings.smtp.password} ${mkSecretReplacement cfg.settings.imap.password} ${mkSecretReplacement cfg.settings.elasticsearch.password} - ${mkSecretReplacement cfg.settings.kafka.password} '' + lib.optionalString cfg.provision.localMail.enable '' openssl rand -hex 64 >/run/parsedmarc/dmarc_user_passwd replace-secret '@imap-password@' '/run/parsedmarc/dmarc_user_passwd' /run/parsedmarc/parsedmarc.ini From 858a0c3fa69c71e45d81978810e0981956d412d3 Mon Sep 17 00:00:00 2001 From: talyz Date: Thu, 31 Mar 2022 15:58:26 +0200 Subject: [PATCH 06/27] nixos/parsedmarc: Improve secret handling Make secret replacement more robust and futureproof: - Allow any attribute in `services.parsedmarc.settings` to be a secret if set to `{ _secret = "/path/to/secret"; }`. - Hash secret file paths before using them as a placeholders in the config file to minimize the risk of conflicting file paths being replaced instead. --- .../services/monitoring/parsedmarc.nix | 92 +++++++++++++++---- 1 file changed, 76 insertions(+), 16 deletions(-) diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index ae1b2076ad0..efc7f69be7d 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -3,7 +3,19 @@ let cfg = config.services.parsedmarc; opt = options.services.parsedmarc; - ini = pkgs.formats.ini {}; + isSecret = v: isAttrs v && v ? _secret && isString v._secret; + ini = pkgs.formats.ini { + mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" rec { + mkValueString = v: + if isInt v then toString v + else if isString v then v + else if true == v then "True" + else if false == v then "False" + else if isSecret v then hashString "sha256" v._secret + else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; + }; + }; + inherit (builtins) elem isAttrs isString isInt isList typeOf hashString; in { options.services.parsedmarc = { @@ -107,11 +119,35 @@ in }; settings = lib.mkOption { + example = lib.literalExpression '' + { + imap = { + host = "imap.example.com"; + user = "alice@example.com"; + password = { _secret = "/run/keys/imap_password" }; + watch = true; + }; + splunk_hec = { + url = "https://splunkhec.example.com"; + token = { _secret = "/run/keys/splunk_token" }; + index = "email"; + }; + } + ''; description = '' Configuration parameters to set in parsedmarc.ini. For a full list of available parameters, see . + + Settings containing secret data should be set to an attribute + set containing the attribute _secret - a + string pointing to a file containing the value the option + should be set to. See the example to get a better picture of + this: in the resulting parsedmarc.ini + file, the splunk_hec.token key will be set + to the contents of the + /run/keys/splunk_token file. ''; type = lib.types.submodule { @@ -170,11 +206,18 @@ in }; password = lib.mkOption { - type = with lib.types; nullOr path; + type = with lib.types; nullOr (either path (attrsOf path)); default = null; description = '' - The path to a file containing the IMAP server password. + The IMAP server password. + + Always handled as a secret whether the value is + wrapped in a { _secret = ...; } + attrset or not (refer to for + details). ''; + apply = x: if isAttrs x || x == null then x else { _secret = x; }; }; watch = lib.mkOption { @@ -228,11 +271,18 @@ in }; password = lib.mkOption { - type = with lib.types; nullOr path; + type = with lib.types; nullOr (either path (attrsOf path)); default = null; description = '' - The path to a file containing the SMTP server password. + The SMTP server password. + + Always handled as a secret whether the value is + wrapped in a { _secret = ...; } + attrset or not (refer to for + details). ''; + apply = x: if isAttrs x || x == null then x else { _secret = x; }; }; from = lib.mkOption { @@ -274,12 +324,19 @@ in }; password = lib.mkOption { - type = with lib.types; nullOr path; + type = with lib.types; nullOr (either path (attrsOf path)); default = null; description = '' - The path to a file containing the password to use when - connecting to Elasticsearch, if required. + The password to use when connecting to Elasticsearch, + if required. + + Always handled as a secret whether the value is + wrapped in a { _secret = ...; } + attrset or not (refer to for + details). ''; + apply = x: if isAttrs x || x == null then x else { _secret = x; }; }; ssl = lib.mkOption { @@ -403,12 +460,17 @@ in # lists, empty attrsets and null. This makes it possible to # list interesting options in `settings` without them always # ending up in the resulting config. - filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! builtins.elem v [ null [] {} ])) cfg.settings; + filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null [] {} ])) cfg.settings; + + # Extract secrets (attributes set to an attrset with a + # "_secret" key) from the settings and generate the commands + # to run to perform the secret replacements. + secretPaths = lib.catAttrs "_secret" (lib.collect isSecret filteredConfig); parsedmarcConfig = ini.generate "parsedmarc.ini" filteredConfig; - mkSecretReplacement = file: - lib.optionalString (file != null) '' - replace-secret '${file}' '${file}' /run/parsedmarc/parsedmarc.ini - ''; + mkSecretReplacement = file: '' + replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/parsedmarc/parsedmarc.ini" ]} + ''; + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; in { wantedBy = [ "multi-user.target" ]; @@ -423,9 +485,7 @@ in umask u=rwx,g=,o= cp ${parsedmarcConfig} /run/parsedmarc/parsedmarc.ini chown parsedmarc:parsedmarc /run/parsedmarc/parsedmarc.ini - ${mkSecretReplacement cfg.settings.smtp.password} - ${mkSecretReplacement cfg.settings.imap.password} - ${mkSecretReplacement cfg.settings.elasticsearch.password} + ${secretReplacements} '' + lib.optionalString cfg.provision.localMail.enable '' openssl rand -hex 64 >/run/parsedmarc/dmarc_user_passwd replace-secret '@imap-password@' '/run/parsedmarc/dmarc_user_passwd' /run/parsedmarc/parsedmarc.ini From 3f521fc3a448555435c0fa1742d4964c4dda7549 Mon Sep 17 00:00:00 2001 From: Christoph Honal Date: Wed, 22 Jun 2022 16:46:26 +0200 Subject: [PATCH 07/27] maintainers: add stargate01 --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index bc4be66d903..29eaf4340f4 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -12047,6 +12047,12 @@ githubId = 7512804; name = "Martin Langlotz"; }; + stargate01 = { + email = "christoph.honal@web.de"; + github = "StarGate01"; + githubId = 6362238; + name = "Christoph Honal"; + }; steamwalker = { email = "steamwalker@xs4all.nl"; github = "steamwalker"; From 21ab1d1ed8069e6bc89b3c3d098e3a6384df8687 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= Date: Sat, 25 Jun 2022 01:14:05 +1000 Subject: [PATCH 08/27] noisetorch: add strip flags --- pkgs/applications/audio/noisetorch/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/audio/noisetorch/default.nix b/pkgs/applications/audio/noisetorch/default.nix index 1015829709e..9fcd35a9de3 100644 --- a/pkgs/applications/audio/noisetorch/default.nix +++ b/pkgs/applications/audio/noisetorch/default.nix @@ -16,7 +16,7 @@ buildGoModule rec { doCheck = false; - ldflags = [ "-X main.version=${version}" "-X main.distribution=nix" ]; + ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.distribution=nix" ]; subPackages = [ "." ]; From b8f5d289f5e13e3766e9dd54d59ca3a772f3432c Mon Sep 17 00:00:00 2001 From: Christoph Honal Date: Fri, 24 Jun 2022 16:00:02 +0200 Subject: [PATCH 09/27] nrf5-sdk: init at 17.1.0 --- .../libraries/nrf5-sdk/default.nix | 37 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 39 insertions(+) create mode 100644 pkgs/development/libraries/nrf5-sdk/default.nix diff --git a/pkgs/development/libraries/nrf5-sdk/default.nix b/pkgs/development/libraries/nrf5-sdk/default.nix new file mode 100644 index 00000000000..c8667287a00 --- /dev/null +++ b/pkgs/development/libraries/nrf5-sdk/default.nix @@ -0,0 +1,37 @@ +{ lib +, stdenv +, fetchzip +}: + +stdenv.mkDerivation rec { + pname = "nrf5-sdk"; + version = "17.1.0"; + + urlHash = "ddde560"; + + src = fetchzip { + url = "https://nsscprodmedia.blob.core.windows.net/prod/software-and-other-downloads/sdks/nrf5/binaries/nrf5_sdk_${version}_${urlHash}.zip"; + sha256 = "sha256-q4WQ7X7/z/42/qcii+mOLnobqcbUy0tInkOfRH/Gwus="; + }; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/nRF5_SDK + mv * $out/share/nRF5_SDK + rm $out/share/nRF5_SDK/*.msi + + runHook postInstall + ''; + + meta = with lib; { + description = "Nordic Semiconductor nRF5 Software Development Kit"; + homepage = "https://www.nordicsemi.com/Products/Development-software/nRF5-SDK"; + license = licenses.unfree; + platforms = platforms.all; + maintainers = with maintainers; [ stargate01 ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4574cbb72ea..d85ab1f1786 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16056,6 +16056,8 @@ with pkgs; sdk = true; }; + nrf5-sdk = callPackage ../development/libraries/nrf5-sdk { }; + nrfutil = callPackage ../development/tools/misc/nrfutil { }; obelisk = callPackage ../development/tools/ocaml/obelisk { menhir = ocamlPackages.menhir; }; From c326712df4000f152c9b163413df1e4163858ef3 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 25 Jun 2022 05:24:57 +0000 Subject: [PATCH 10/27] armadillo: 11.1.1 -> 11.2.0 --- pkgs/development/libraries/armadillo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/armadillo/default.nix b/pkgs/development/libraries/armadillo/default.nix index 6513d4be396..539288acd4c 100644 --- a/pkgs/development/libraries/armadillo/default.nix +++ b/pkgs/development/libraries/armadillo/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "armadillo"; - version = "11.1.1"; + version = "11.2.0"; src = fetchurl { url = "mirror://sourceforge/arma/armadillo-${version}.tar.xz"; - sha256 = "sha256-v6YVSl/v2DLSjVMKWCIf5KLP8qO729guEJveU/sp3Ns="; + sha256 = "sha256-31yiFZAcaMY0Z8C/7hTwjjTYdaR6sPCVCCqzLd/08kM="; }; nativeBuildInputs = [ cmake ]; From ea125a798787001e3f4362be611c41417585082b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 25 Jun 2022 05:53:35 +0000 Subject: [PATCH 11/27] appgate-sdp: 5.5.4 -> 5.5.5 --- pkgs/applications/networking/appgate-sdp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/appgate-sdp/default.nix b/pkgs/applications/networking/appgate-sdp/default.nix index d6f21aa0423..cac64ba7f63 100644 --- a/pkgs/applications/networking/appgate-sdp/default.nix +++ b/pkgs/applications/networking/appgate-sdp/default.nix @@ -87,11 +87,11 @@ let in stdenv.mkDerivation rec { pname = "appgate-sdp"; - version = "5.5.4"; + version = "5.5.5"; src = fetchurl { url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb"; - sha256 = "sha256-7qfgUYD7uPb+ZEierREVfnHoGz0/b/J+hcsX/duDFWU="; + sha256 = "sha256-eXcGHd3TGNFqjFQ+wSg4+1hF/6DJTPOs0ldjegFktGo="; }; # just patch interpreter From becb9565fc56329c7e4373f76f4554a7ee991cd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= Date: Sun, 26 Jun 2022 21:25:10 +1000 Subject: [PATCH 12/27] reaper: 6.47 -> 6.61 --- pkgs/applications/audio/reaper/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/audio/reaper/default.nix b/pkgs/applications/audio/reaper/default.nix index d186755ecce..6f94b0f531c 100644 --- a/pkgs/applications/audio/reaper/default.nix +++ b/pkgs/applications/audio/reaper/default.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "reaper"; - version = "6.47"; + version = "6.61"; src = fetchurl { url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_${stdenv.hostPlatform.qemuArch}.tar.xz"; hash = { - x86_64-linux = "sha256-31HmIx/ohbrzu5uj8KOOZiHNCmXwng9h+fIGaJfYyqA="; - aarch64-linux = "sha256-CMmcBpaZ6BEZJ1144aQhOJ/o2NrGD7/8aq+ObLVMXYE="; + x86_64-linux = "sha256-Lp2EVky1+ruc86LdMmvhZIisoYl0OxdkVnN3h/u09IQ="; + aarch64-linux = "sha256-sPLCMA//xAdWXjY7++R6eLWS56Zi0u+9ju7JlICGvVc="; }.${stdenv.hostPlatform.system}; }; From fb9e656d48784ef32353c06330558161abefde60 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 26 Jun 2022 18:35:55 +0200 Subject: [PATCH 13/27] git-autofixup: init as alias A top-level attribute makes this program easier to find for nix repl junkies like me. --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 45a89043efa..84d050fce32 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26919,6 +26919,8 @@ with pkgs; # Git with SVN support, but without GUI. gitSVN = lowPrio (git.override { svnSupport = true; }); + git-autofixup = perlPackages.GitAutofixup; + git-doc = lib.addMetaAttrs { description = "Additional documentation for Git"; longDescription = '' From 1e6ba0387a5ade65cdeb09fab6810cde4cff94ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 26 Jun 2022 19:07:32 +0200 Subject: [PATCH 14/27] python310Packages.geoip2: 4.5.0 -> 4.6.0 --- pkgs/development/python-modules/geoip2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/geoip2/default.nix b/pkgs/development/python-modules/geoip2/default.nix index c5e9a01db53..65f938fd6a9 100644 --- a/pkgs/development/python-modules/geoip2/default.nix +++ b/pkgs/development/python-modules/geoip2/default.nix @@ -9,13 +9,13 @@ }: buildPythonPackage rec { - version = "4.5.0"; + version = "4.6.0"; pname = "geoip2"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - sha256 = "b542252e87eb40adc3a2fc0f4e84b514c4c5e04ed46923a3a74d509f25f3103a"; + sha256 = "sha256-8OgLzoCwa7OL0Iv0h31ahONU6TIJXmzPtNJ7tZj6T4M="; }; patchPhase = '' From b75a20420b72fa7bb433c3722377c7212dbb9b2e Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 26 Jun 2022 20:09:01 +0200 Subject: [PATCH 15/27] sphinx_offline: init --- pkgs/top-level/all-packages.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 45a89043efa..40650b3d148 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20864,6 +20864,23 @@ with pkgs; sphinx = with python3Packages; toPythonApplication sphinx; + # A variation of sphinx that is only suitable for offline use as it excludes + # pyopenssl, which is broken on aarch64-darwin. + # https://github.com/NixOS/nixpkgs/issues/175875 + sphinx_offline = + if !(stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isAarch64) + then sphinx + else + sphinx.override (o: { + requests = pkgsBuildTarget.python3Packages.requests.override (o: { + urllib3 = pkgsBuildTarget.python3Packages.urllib3.overrideAttrs (o: { + # urllib3 adds the optional pyopenssl to propagatedBuildInputs + # pkgs/development/python-modules/urllib3/default.nix + propagatedBuildInputs = []; + }); + }); + }); + sphinx-autobuild = with python3Packages; toPythonApplication sphinx-autobuild; sphinx-serve = with python3Packages; toPythonApplication sphinx-serve; From 7898af7d3a134e9741458c335da523f42944d92b Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 26 Jun 2022 13:39:46 +0200 Subject: [PATCH 16/27] ghc: Work around broken pyopenssl on aarch64-darwin --- pkgs/top-level/haskell-packages.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix index 79815b65f60..1c0cd34c56d 100644 --- a/pkgs/top-level/haskell-packages.nix +++ b/pkgs/top-level/haskell-packages.nix @@ -47,6 +47,8 @@ let # Use this rather than `rec { ... }` below for sake of overlays. inherit (pkgs.haskell) compiler packages; + sphinx = buildPackages.sphinx_offline; + in { lib = haskellLibUncomposable; @@ -87,7 +89,7 @@ in { packages.ghc8102Binary else packages.ghc865Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_7; llvmPackages = pkgs.llvmPackages_7; }; @@ -100,7 +102,7 @@ in { packages.ghc8107BinaryMinimal else packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. @@ -116,7 +118,7 @@ in { packages.ghc8107BinaryMinimal else packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; inherit (buildPackages.darwin) autoSignDarwinBinariesHook xattr; buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_12; llvmPackages = pkgs.llvmPackages_12; @@ -128,7 +130,7 @@ in { packages.ghc8107BinaryMinimal else packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. @@ -138,7 +140,7 @@ in { }; ghcHEAD = callPackage ../development/compilers/ghc/head.nix { bootPkgs = packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. From 57a56ee3d56b63d820db30fa18b1595209ab0986 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 26 Jun 2022 23:38:16 +0200 Subject: [PATCH 17/27] chromiumBeta: 103.0.5060.53 -> 104.0.5112.20 --- .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index f661e64bac7..7d8d077e2ac 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -19,15 +19,15 @@ } }, "beta": { - "version": "103.0.5060.53", - "sha256": "00di0nw6h3kb0qp2wp3ny3zsar1ayn1lyx5zr28dl1h5cwaaxjqf", - "sha256bin64": "01vzhhnngr6a7mm1y25ax8vhph6dl948fvkyhdhb9m4j5l4lcqj4", + "version": "104.0.5112.20", + "sha256": "0adzdk3m2l4pjlk82sqavwgxf6a5darbiwchmlrsxc58p9xxag4s", + "sha256bin64": "1cm5k4gpxc0dn0vdqf3qwwf36pc77va9pnci84zcpaxx0jih7l9b", "deps": { "gn": { - "version": "2022-05-11", + "version": "2022-06-08", "url": "https://gn.googlesource.com/gn", - "rev": "578a7fe4c3c6b0bc2ae1fd2e37f14857d09895bf", - "sha256": "03dqfrdpf5xxl64dby3qmbwpzdq2gsa8g7xl438py3a629rgxg63" + "rev": "2ecd43a10266bd091c98e6dcde507c64f6a0dad3", + "sha256": "1q06vsz9b4bb764wy1wy8n177z2pgpm97kq3rl1hmq185mz5fhra" } } }, From 0e444785a16b0cb278dfd5aaa4d04b7730a269d8 Mon Sep 17 00:00:00 2001 From: Profpatsch Date: Sun, 26 Jun 2022 18:45:32 +0200 Subject: [PATCH 18/27] installer/tools/get-version-suffix: set --git-dir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `nixos-rebuild` tool calls `get-version-suffix` to figure out the git revision of the nixpkgs directory if there is a .git. https://nvd.nist.gov/vuln/detail/CVE-2022-24765 made git throw an error if the .git search logic is not turned off and a user tries to access a `.git` directory they don’t own (otherwise a different user could trick them into setting arbitrary git config). So from now on we should always explicitely set `--git-dir`, which turns this search logic (and thus the security check) off. --- nixos/modules/installer/tools/get-version-suffix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/modules/installer/tools/get-version-suffix b/nixos/modules/installer/tools/get-version-suffix index b8972cd57d2..8d72905cdcb 100644 --- a/nixos/modules/installer/tools/get-version-suffix +++ b/nixos/modules/installer/tools/get-version-suffix @@ -1,14 +1,15 @@ getVersion() { local dir="$1" rev= - if [ -e "$dir/.git" ]; then + gitDir="$dir/.git" + if [ -e "$gitDir" ]; then if [ -z "$(type -P git)" ]; then echo "warning: Git not found; cannot figure out revision of $dir" >&2 return fi cd "$dir" - rev=$(git rev-parse --short HEAD) - if git describe --always --dirty | grep -q dirty; then + rev=$(git --git-dir="$gitDir" rev-parse --short HEAD) + if git --git-dir="$gitDir" describe --always --dirty | grep -q dirty; then rev+=M fi fi From 284d5486a5155329f9831be8c5f92775260440be Mon Sep 17 00:00:00 2001 From: Profpatsch Date: Sun, 26 Jun 2022 16:47:47 +0200 Subject: [PATCH 19/27] weechat-matrix: fix startup crash Python 3.10 has a bug in its SSL module. Fixes: https://github.com/NixOS/nixpkgs/issues/178540 --- .../irc/weechat/scripts/weechat-matrix/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix index 2dc16701222..601cb127ff1 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix @@ -2,6 +2,7 @@ , lib , python , fetchFromGitHub +, fetchpatch , pyopenssl , webcolors , future @@ -33,6 +34,11 @@ in buildPythonPackage { hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; }; + patches = fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/poljar/weechat-matrix/pull/309.patch"; + sha256 = "sha256-Grdht+TOFvCYRpL7uhPivqL7YzLoNVF3iQNHgbv1Te0="; + }; + propagatedBuildInputs = [ pyopenssl webcolors From 284ff42c48771e90d1522ac1885c996687084da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 26 Jun 2022 19:07:29 +0000 Subject: [PATCH 20/27] chatty: 0.6.6 -> 0.6.7 https://source.puri.sm/Librem5/chatty/-/blob/v0.6.7/NEWS --- .../networking/instant-messengers/chatty/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/chatty/default.nix b/pkgs/applications/networking/instant-messengers/chatty/default.nix index a6e31573ae8..fc9c4c10b21 100644 --- a/pkgs/applications/networking/instant-messengers/chatty/default.nix +++ b/pkgs/applications/networking/instant-messengers/chatty/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { pname = "chatty"; - version = "0.6.6"; + version = "0.6.7"; src = fetchFromGitLab { domain = "source.puri.sm"; @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { repo = "chatty"; rev = "v${version}"; fetchSubmodules = true; - hash = "sha256-vwgXfoyZOCSMnRAB6bFSrtYlSrpMa9OOcmxYTqhU+lA="; + hash = "sha256-W4w/00mRgjfyQmLQ81/EAN+80qk7kDkBmMPJnOU+AIc="; }; postPatch = '' From 00fe47bc0eda6aab90758e0808a6ea2fb1562763 Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Mon, 27 Jun 2022 07:40:11 -0600 Subject: [PATCH 21/27] intel-ocl: add web archive link since other links 404 Signed-off-by: Sumner Evans --- pkgs/os-specific/linux/intel-ocl/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/intel-ocl/default.nix b/pkgs/os-specific/linux/intel-ocl/default.nix index 026ce80c645..b1451421d69 100644 --- a/pkgs/os-specific/linux/intel-ocl/default.nix +++ b/pkgs/os-specific/linux/intel-ocl/default.nix @@ -9,6 +9,7 @@ stdenv.mkDerivation rec { urls = [ "https://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" "http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" + "https://web.archive.org/web/20190526190814/http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" ]; sha256 = "0qbp63l74s0i80ysh9ya8x7r79xkddbbz4378nms9i7a0kprg9p2"; stripRoot = false; @@ -69,9 +70,9 @@ stdenv.mkDerivation rec { meta = { description = "Official OpenCL runtime for Intel CPUs"; - homepage = "https://software.intel.com/en-us/articles/opencl-drivers"; - license = lib.licenses.unfree; - platforms = [ "x86_64-linux" ]; + homepage = "https://software.intel.com/en-us/articles/opencl-drivers"; + license = lib.licenses.unfree; + platforms = [ "x86_64-linux" ]; maintainers = [ lib.maintainers.kierdavis ]; }; } From e4c7b303df800aecbdd32de98ff3864dad568d4f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 26 Jun 2022 16:38:05 +0000 Subject: [PATCH 22/27] python310Packages.nodeenv: 1.6.0 -> 1.7.0 --- pkgs/development/python-modules/nodeenv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/nodeenv/default.nix b/pkgs/development/python-modules/nodeenv/default.nix index 1ff2d47b32d..176846c3e06 100644 --- a/pkgs/development/python-modules/nodeenv/default.nix +++ b/pkgs/development/python-modules/nodeenv/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "nodeenv"; - version = "1.6.0"; + version = "1.7.0"; src = fetchPypi { inherit pname version; - sha256 = "3ef13ff90291ba2a4a7a4ff9a979b63ffdd00a464dbe04acf0ea6471517a4c2b"; + sha256 = "sha256-4Of337hfxTlMb+Ho+pgTGiRz4EMRpFr7ZQj3zxg2+is="; }; propagatedBuildInputs = [ From a0aea1e6c34f47d74f0c1bf0c8d23f911bf9561e Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Mon, 27 Jun 2022 08:51:55 +0200 Subject: [PATCH 23/27] python310Packages.nodeenv: enable tests - disable on older Python releases --- .../python-modules/nodeenv/default.nix | 38 +++++++++++++++---- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/pkgs/development/python-modules/nodeenv/default.nix b/pkgs/development/python-modules/nodeenv/default.nix index 176846c3e06..d08fcf4699a 100644 --- a/pkgs/development/python-modules/nodeenv/default.nix +++ b/pkgs/development/python-modules/nodeenv/default.nix @@ -1,31 +1,55 @@ -{ lib, buildPythonPackage, fetchPypi, setuptools, python, which }: +{ lib +, buildPythonPackage +, fetchFromGitHub +, mock +, pytestCheckHook +, python +, pythonOlder +, setuptools +, which +}: buildPythonPackage rec { pname = "nodeenv"; version = "1.7.0"; + format = "setuptools"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-4Of337hfxTlMb+Ho+pgTGiRz4EMRpFr7ZQj3zxg2+is="; + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "ekalinin"; + repo = pname; + rev = version; + hash = "sha256-X30PUiOMT/vXqmdSJKHTNNA8aLWavCUaKa7LzqkdLrk="; }; propagatedBuildInputs = [ setuptools ]; - # Tests not included in PyPI tarball - doCheck = false; + checkInputs = [ + mock + pytestCheckHook + ]; preFixup = '' substituteInPlace $out/${python.sitePackages}/nodeenv.py \ --replace '["which", candidate]' '["${lib.getBin which}/bin/which", candidate]' ''; - pythonImportsCheck = [ "nodeenv" ]; + pythonImportsCheck = [ + "nodeenv" + ]; + + disabledTests = [ + # Test requires coverage + "test_smoke" + ]; meta = with lib; { description = "Node.js virtual environment builder"; homepage = "https://github.com/ekalinin/nodeenv"; license = licenses.bsd3; + maintainers = with maintainers; [ ]; }; } From fb9aa8ce6174874cc814ce755c8823860c50f49f Mon Sep 17 00:00:00 2001 From: Thomas Depierre Date: Mon, 27 Jun 2022 18:10:27 +0200 Subject: [PATCH 24/27] erlang: remove r16-basho --- .../interpreters/erlang/R16B02-basho.nix | 65 ------------------- pkgs/top-level/all-packages.nix | 2 +- pkgs/top-level/beam-packages.nix | 9 --- 3 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 pkgs/development/interpreters/erlang/R16B02-basho.nix diff --git a/pkgs/development/interpreters/erlang/R16B02-basho.nix b/pkgs/development/interpreters/erlang/R16B02-basho.nix deleted file mode 100644 index 69d0ac6b7a5..00000000000 --- a/pkgs/development/interpreters/erlang/R16B02-basho.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, mkDerivation }: - -mkDerivation { - baseName = "erlang"; - version = "16B02.basho10"; - - src = pkgs.fetchFromGitHub { - owner = "basho"; - repo = "otp"; - rev = "OTP_R16B02_basho10"; - sha256 = "1s2c3ag9dnp6xmcr27kh95n1w50xly97n1mp8ivc2a3gpv4blqmj"; - }; - - preConfigure = '' - export HOME=$PWD/../ - export LANG=C - export ERL_TOP=$(pwd) - sed -e s@/bin/pwd@pwd@g -i otp_build - sed -e s@"/usr/bin/env escript"@$(pwd)/bootstrap/bin/escript@g -i lib/diameter/bin/diameterc - - ./otp_build autoconf - ''; - - enableHipe = false; - - # Do not install docs, instead use prebuilt versions. - installTargets = "install"; - postInstall = let - manpages = pkgs.fetchurl { - url = "https://www.erlang.org/download/otp_doc_man_R16B02.tar.gz"; - sha256 = "12apxjmmd591y9g9bhr97z5jbd1jarqg7wj0y2sqhl21hc1yp75p"; - }; - in '' - sed -e s@$(pwd)/bootstrap/bin/escript@$out/bin/escript@g -i $out/lib/erlang/lib/diameter-1.4.3/bin/diameterc - - tar xf "${manpages}" -C "$out/lib/erlang" - for i in "$out"/lib/erlang/man/man[0-9]/*.[0-9]; do - prefix="''${i%/*}" - mkdir -p "$out/share/man/''${prefix##*/}" - ln -s "$i" "$out/share/man/''${prefix##*/}/''${i##*/}erl" - done - ''; - - meta = { - homepage = "https://github.com/basho/otp/"; - description = "Programming language used for massively scalable soft real-time systems, Basho fork"; - - longDescription = '' - Erlang is a programming language used to build massively scalable - soft real-time systems with requirements on high availability. - Some of its uses are in telecoms, banking, e-commerce, computer - telephony and instant messaging. Erlang's runtime system has - built-in support for concurrency, distribution and fault - tolerance. - This version of Erlang is Basho's version, forked from Ericsson's - repository. - ''; - - knownVulnerabilities = [ "CVE-2017-1000385" ]; - - platforms = ["x86_64-linux" "x86_64-darwin"]; - license = pkgs.lib.licenses.asl20; - maintainers = with pkgs.lib.maintainers; [ mdaiter ]; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3990b84e910..8db017b3991 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14422,7 +14422,7 @@ with pkgs; inherit (beam.interpreters) erlang erlangR25 erlangR24 erlangR23 erlangR22 erlangR21 - erlang_odbc erlang_javac erlang_odbc_javac erlang_basho_R16B02 + erlang_odbc erlang_javac erlang_odbc_javac elixir elixir_1_13 elixir_1_12 elixir_1_11 elixir_1_10 elixir_1_9 elixir_ls; diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index e7f4b6b5250..71487377526 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -92,15 +92,6 @@ with beam; { odbcSupport = true; }; - # Basho fork, using custom builder. - erlang_basho_R16B02 = - lib.callErlang ../development/interpreters/erlang/R16B02-basho.nix { - autoconf = buildPackages.autoconf269; - inherit wxSupport; - }; - erlang_basho_R16B02_odbc = - erlang_basho_R16B02.override { odbcSupport = true; }; - # Other Beam languages. These are built with `beam.interpreters.erlang`. To # access for example elixir built with different version of Erlang, use # `beam.packages.erlangR24.elixir`. From 2d958456dbf6e7eb3c9fc9c8ddcc5497b8baea9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sat, 25 Jun 2022 21:36:07 +0000 Subject: [PATCH 25/27] pika-backup: 0.4.0 -> 0.4.1 https://gitlab.gnome.org/World/pika-backup/-/releases#v0.4.1 --- pkgs/applications/backup/pika-backup/default.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/backup/pika-backup/default.nix b/pkgs/applications/backup/pika-backup/default.nix index a8524dea91b..868241b9232 100644 --- a/pkgs/applications/backup/pika-backup/default.nix +++ b/pkgs/applications/backup/pika-backup/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitLab -, fetchpatch , rustPlatform , substituteAll , desktop-file-utils @@ -19,20 +18,20 @@ stdenv.mkDerivation rec { pname = "pika-backup"; - version = "0.4.0"; + version = "0.4.1"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "World"; repo = "pika-backup"; rev = "v${version}"; - hash = "sha256-vQ0hlwsrY0WOUc/ppleE+kKRGHPt/ScEChXrkukln3U="; + hash = "sha256-D5QkNgscvNaPEykbcR451Wx8Mvn7HTuQE/22lp95Kbo="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-IKUh5gkXTpmMToDaec+CpCIQqJjwJM2ZrmGQhZeTDsg="; + hash = "sha256-c4nYlPyc7D1AMOfHjhoDJox+i83+H1YKfWzR3i6bmng="; }; patches = [ @@ -40,11 +39,6 @@ stdenv.mkDerivation rec { src = ./borg-path.patch; borg = "${borgbackup}/bin/borg"; }) - (fetchpatch { - name = "use-gtk4-update-icon-cache.patch"; - url = "https://gitlab.gnome.org/World/pika-backup/-/merge_requests/64.patch"; - hash = "sha256-AttGQGWealvTIvPwBl5M6FiC4Al/UD4/XckUAxM38SE="; - }) ]; postPatch = '' From 0ff3a27898457ade5f0f42ca417cdc4ff438a3c5 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Sat, 29 Jan 2022 16:08:35 +0100 Subject: [PATCH 26/27] briar: init at 0.2.1-beta --- .../briar-desktop/default.nix | 58 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 60 insertions(+) create mode 100644 pkgs/applications/networking/instant-messengers/briar-desktop/default.nix diff --git a/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix b/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix new file mode 100644 index 00000000000..1b16786649f --- /dev/null +++ b/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix @@ -0,0 +1,58 @@ +{ lib +, stdenv +, fetchzip +, openjdk +, makeWrapper +, tor +, p7zip +, bash +, writeScript +}: +let + + briar-tor = writeScript "briar-tor" '' + #! ${bash}/bin/bash + exec ${tor}/bin/tor "$@" + ''; + +in +stdenv.mkDerivation rec { + pname = "briar-desktop"; + version = "0.2.1-beta"; + + src = fetchzip { + url = "https://code.briarproject.org/briar/briar-desktop/-/jobs/18424/artifacts/download?file_type=archive"; + sha256 = "sha256-ivMbgo0+iZE4/Iffq9HUBErGIQMVLrRZUQ6R3V3X8II="; + extension = "zip"; + }; + + nativeBuildInputs = [ + makeWrapper + p7zip + ]; + + installPhase = '' + mkdir -p $out/{bin,lib} + cp ${src}/briar-desktop.jar $out/lib/ + makeWrapper ${openjdk}/bin/java $out/bin/briar-desktop \ + --add-flags "-jar $out/lib/briar-desktop.jar" + ''; + + fixupPhase = '' + # Replace the embedded Tor binary (which is in a Tar archive) + # with one from Nixpkgs. + cp ${briar-tor} ./tor + for arch in {aarch64,armhf,x86_64}; do + 7z a tor_linux-$arch.zip tor + 7z a $out/lib/briar-desktop.jar tor_linux-$arch.zip + done + ''; + + meta = with lib; { + description = "Decentalized and secure messnger"; + homepage = "https://code.briarproject.org/briar/briar-desktop"; + license = licenses.gpl3; + maintainers = with maintainers; [ onny ]; + platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8db017b3991..97407ee2952 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4581,6 +4581,8 @@ with pkgs; boofuzz= callPackage ../tools/security/boofuzz { }; + briar-desktop = callPackage ../applications/networking/instant-messengers/briar-desktop { }; + bsdbuild = callPackage ../development/tools/misc/bsdbuild { }; bsdiff = callPackage ../tools/compression/bsdiff { }; From 29e7fe71ef2648ec6b3771f96462063a97b63b22 Mon Sep 17 00:00:00 2001 From: kilianar Date: Mon, 27 Jun 2022 14:59:12 +0200 Subject: [PATCH 27/27] vscode-extensions.dracula-theme.theme-dracula: 2.22.3 -> 2.24.2 --- pkgs/applications/editors/vscode/extensions/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index d4a542bb99e..2de4575d440 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -739,8 +739,8 @@ let mktplcRef = { name = "theme-dracula"; publisher = "dracula-theme"; - version = "2.22.3"; - sha256 = "0wni9sriin54ci8rly2s68lkfx8rj1cys6mgcizvps9sam6377w6"; + version = "2.24.2"; + sha256 = "sha256-YNqWEIvlEI29mfPxOQVdd4db9G2qNodhz8B0MCAAWK8="; }; meta = with lib; { changelog = "https://marketplace.visualstudio.com/items/dracula-theme.theme-dracula/changelog";