diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index be881b7f554..5120eb4895f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -28,6 +28,7 @@ /lib/cli.nix @edolstra @nbp @Profpatsch /lib/debug.nix @edolstra @nbp @Profpatsch /lib/asserts.nix @edolstra @nbp @Profpatsch +/lib/path.* @infinisil @fricklerhandwerk # Nixpkgs Internals /default.nix @nbp diff --git a/doc/doc-support/default.nix b/doc/doc-support/default.nix index ec180064c35..e9cb96e37fd 100644 --- a/doc/doc-support/default.nix +++ b/doc/doc-support/default.nix @@ -12,6 +12,7 @@ let { name = "lists"; description = "list manipulation functions"; } { name = "debug"; description = "debugging functions"; } { name = "options"; description = "NixOS / nixpkgs option handling"; } + { name = "path"; description = "path functions"; } { name = "filesystem"; description = "filesystem functions"; } { name = "sources"; description = "source filtering functions"; } { name = "cli"; description = "command-line serialization functions"; } diff --git a/doc/doc-support/lib-function-docs.nix b/doc/doc-support/lib-function-docs.nix index d6fa08aa962..cf218fa7040 100644 --- a/doc/doc-support/lib-function-docs.nix +++ b/doc/doc-support/lib-function-docs.nix @@ -10,7 +10,11 @@ with pkgs; stdenv.mkDerivation { installPhase = '' function docgen { # TODO: wrap lib.$1 in , make nixdoc not escape it - nixdoc -c "$1" -d "lib.$1: $2" -f "$1.nix" > "$out/$1.xml" + if [[ -e "../lib/$1.nix" ]]; then + nixdoc -c "$1" -d "lib.$1: $2" -f "$1.nix" > "$out/$1.xml" + else + nixdoc -c "$1" -d "lib.$1: $2" -f "$1/default.nix" > "$out/$1.xml" + fi echo "" >> "$out/index.xml" } diff --git a/doc/doc-support/lib-function-locations.nix b/doc/doc-support/lib-function-locations.nix index ae1123c63ad..3ede09ba50f 100644 --- a/doc/doc-support/lib-function-locations.nix +++ b/doc/doc-support/lib-function-locations.nix @@ -2,19 +2,21 @@ let revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.revision or "master"); - libDefPos = set: - builtins.map - (name: { - name = name; + libDefPos = prefix: set: + builtins.concatMap + (name: [{ + name = builtins.concatStringsSep "." (prefix ++ [name]); location = builtins.unsafeGetAttrPos name set; - }) - (builtins.attrNames set); + }] ++ nixpkgsLib.optionals + (builtins.length prefix == 0 && builtins.isAttrs set.${name}) + (libDefPos (prefix ++ [name]) set.${name}) + ) (builtins.attrNames set); libset = toplib: builtins.map (subsetname: { subsetname = subsetname; - functions = libDefPos toplib.${subsetname}; + functions = libDefPos [] toplib.${subsetname}; }) (builtins.map (x: x.name) libsets); diff --git a/doc/languages-frameworks/python.section.md b/doc/languages-frameworks/python.section.md index ab5ba428958..2f15d0f0468 100644 --- a/doc/languages-frameworks/python.section.md +++ b/doc/languages-frameworks/python.section.md @@ -570,7 +570,13 @@ test run would be: ``` checkInputs = [ pytest ]; - checkPhase = "pytest"; + checkPhase = '' + runHook preCheck + + pytest + + runHook postCheck + ''; ``` However, many repositories' test suites do not translate well to nix's build @@ -582,7 +588,11 @@ To filter tests using pytest, one can do the following: checkInputs = [ pytest ]; # avoid tests which need additional data or touch network checkPhase = '' + runHook preCheck + pytest tests/ --ignore=tests/integration -k 'not download and not update' + + runHook postCheck ''; ``` @@ -1408,7 +1418,11 @@ example of such a situation is when `py.test` is used. # assumes the tests are located in tests checkInputs = [ pytest ]; checkPhase = '' + runHook preCheck + py.test -k 'not function_name and not other_function' tests + + runHook postCheck ''; } ``` diff --git a/lib/default.nix b/lib/default.nix index f0f136adbc4..6e1da00badf 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -27,7 +27,6 @@ let maintainers = import ../maintainers/maintainer-list.nix; teams = callLibs ../maintainers/team-list.nix; meta = callLibs ./meta.nix; - sources = callLibs ./sources.nix; versions = callLibs ./versions.nix; # module system @@ -53,7 +52,9 @@ let fetchers = callLibs ./fetchers.nix; # Eval-time filesystem handling + path = callLibs ./path; filesystem = callLibs ./filesystem.nix; + sources = callLibs ./sources.nix; # back-compat aliases platforms = self.systems.doubles; diff --git a/lib/path/README.md b/lib/path/README.md new file mode 100644 index 00000000000..87e552d120d --- /dev/null +++ b/lib/path/README.md @@ -0,0 +1,196 @@ +# Path library + +This document explains why the `lib.path` library is designed the way it is. + +The purpose of this library is to process [filesystem paths]. It does not read files from the filesystem. +It exists to support the native Nix [path value type] with extra functionality. + +[filesystem paths]: https://en.m.wikipedia.org/wiki/Path_(computing) +[path value type]: https://nixos.org/manual/nix/stable/language/values.html#type-path + +As an extension of the path value type, it inherits the same intended use cases and limitations: +- Only use paths to access files at evaluation time, such as the local project source. +- Paths cannot point to derivations, so they are unfit to represent dependencies. +- A path implicitly imports the referenced files into the Nix store when interpolated to a string. Therefore paths are not suitable to access files at build- or run-time, as you risk importing the path from the evaluation system instead. + +Overall, this library works with two types of paths: +- Absolute paths are represented with the Nix [path value type]. Nix automatically normalises these paths. +- Subpaths are represented with the [string value type] since path value types don't support relative paths. This library normalises these paths as safely as possible. Absolute paths in strings are not supported. + + A subpath refers to a specific file or directory within an absolute base directory. + It is a stricter form of a relative path, notably [without support for `..` components][parents] since those could escape the base directory. + +[string value type]: https://nixos.org/manual/nix/stable/language/values.html#type-string + +This library is designed to be as safe and intuitive as possible, throwing errors when operations are attempted that would produce surprising results, and giving the expected result otherwise. + +This library is designed to work well as a dependency for the `lib.filesystem` and `lib.sources` library components. Contrary to these library components, `lib.path` does not read any paths from the filesystem. + +This library makes only these assumptions about paths and no others: +- `dirOf path` returns the path to the parent directory of `path`, unless `path` is the filesystem root, in which case `path` is returned. + - There can be multiple filesystem roots: `p == dirOf p` and `q == dirOf q` does not imply `p == q`. + - While there's only a single filesystem root in stable Nix, the [lazy trees feature](https://github.com/NixOS/nix/pull/6530) introduces [additional filesystem roots](https://github.com/NixOS/nix/pull/6530#discussion_r1041442173). +- `path + ("/" + string)` returns the path to the `string` subdirectory in `path`. + - If `string` contains no `/` characters, then `dirOf (path + ("/" + string)) == path`. + - If `string` contains no `/` characters, then `baseNameOf (path + ("/" + string)) == string`. +- `path1 == path2` returns `true` only if `path1` points to the same filesystem path as `path2`. + +Notably we do not make the assumption that we can turn paths into strings using `toString path`. + +## Design decisions + +Each subsection here contains a decision along with arguments and counter-arguments for (+) and against (-) that decision. + +### Leading dots for relative paths +[leading-dots]: #leading-dots-for-relative-paths + +Observing: Since subpaths are a form of relative paths, they can have a leading `./` to indicate it being a relative path, this is generally not necessary for tools though. + +Considering: Paths should be as explicit, consistent and unambiguous as possible. + +Decision: Returned subpaths should always have a leading `./`. + +
+Arguments + +- (+) In shells, just running `foo` as a command wouldn't execute the file `foo`, whereas `./foo` would execute the file. In contrast, `foo/bar` does execute that file without the need for `./`. This can lead to confusion about when a `./` needs to be prefixed. If a `./` is always included, this becomes a non-issue. This effectively then means that paths don't overlap with command names. +- (+) Prepending with `./` makes the subpaths always valid as relative Nix path expressions. +- (+) Using paths in command line arguments could give problems if not escaped properly, e.g. if a path was `--version`. This is not a problem with `./--version`. This effectively then means that paths don't overlap with GNU-style command line options. +- (-) `./` is not required to resolve relative paths, resolution always has an implicit `./` as prefix. +- (-) It's less noisy without the `./`, e.g. in error messages. + - (+) But similarly, it could be confusing whether something was even a path. + e.g. `foo` could be anything, but `./foo` is more clearly a path. +- (+) Makes it more uniform with absolute paths (those always start with `/`). + - (-) That is not relevant for practical purposes. +- (+) `find` also outputs results with `./`. + - (-) But only if you give it an argument of `.`. If you give it the argument `some-directory`, it won't prefix that. +- (-) `realpath --relative-to` doesn't prefix relative paths with `./`. + - (+) There is no need to return the same result as `realpath`. + +
+ +### Representation of the current directory +[curdir]: #representation-of-the-current-directory + +Observing: The subpath that produces the base directory can be represented with `.` or `./` or `./.`. + +Considering: Paths should be as consistent and unambiguous as possible. + +Decision: It should be `./.`. + +
+Arguments + +- (+) `./` would be inconsistent with [the decision to not persist trailing slashes][trailing-slashes]. +- (-) `.` is how `realpath` normalises paths. +- (+) `.` can be interpreted as a shell command (it's a builtin for sourcing files in `bash` and `zsh`). +- (+) `.` would be the only path without a `/`. It could not be used as a Nix path expression, since those require at least one `/` to be parsed as such. +- (-) `./.` is rather long. + - (-) We don't require users to type this though, as it's only output by the library. + As inputs all three variants are supported for subpaths (and we can't do anything about absolute paths) +- (-) `builtins.dirOf "foo" == "."`, so `.` would be consistent with that. +- (+) `./.` is consistent with the [decision to have leading `./`][leading-dots]. +- (+) `./.` is a valid Nix path expression, although this property does not hold for every relative path or subpath. + +
+ +### Subpath representation +[relrepr]: #subpath-representation + +Observing: Subpaths such as `foo/bar` can be represented in various ways: +- string: `"foo/bar"` +- list with all the components: `[ "foo" "bar" ]` +- attribute set: `{ type = "relative-path"; components = [ "foo" "bar" ]; }` + +Considering: Paths should be as safe to use as possible. We should generate string outputs in the library and not encourage users to do that themselves. + +Decision: Paths are represented as strings. + +
+Arguments + +- (+) It's simpler for the users of the library. One doesn't have to convert a path a string before it can be used. + - (+) Naively converting the list representation to a string with `concatStringsSep "/"` would break for `[]`, requiring library users to be more careful. +- (+) It doesn't encourage people to do their own path processing and instead use the library. + With a list representation it would seem easy to just use `lib.lists.init` to get the parent directory, but then it breaks for `.`, which would be represented as `[ ]`. +- (+) `+` is convenient and doesn't work on lists and attribute sets. + - (-) Shouldn't use `+` anyways, we export safer functions for path manipulation. + +
+ +### Parent directory +[parents]: #parent-directory + +Observing: Relative paths can have `..` components, which refer to the parent directory. + +Considering: Paths should be as safe and unambiguous as possible. + +Decision: `..` path components in string paths are not supported, neither as inputs nor as outputs. Hence, string paths are called subpaths, rather than relative paths. + +
+Arguments + +- (+) If we wanted relative paths to behave according to the "physical" interpretation (as a directory tree with relations between nodes), it would require resolving symlinks, since e.g. `foo/..` would not be the same as `.` if `foo` is a symlink. + - (-) The "logical" interpretation is also valid (treating paths as a sequence of names), and is used by some software. It is simpler, and not using symlinks at all is safer. + - (+) Mixing both models can lead to surprises. + - (+) We can't resolve symlinks without filesystem access. + - (+) Nix also doesn't support reading symlinks at evaluation time. + - (-) We could just not handle such cases, e.g. `equals "foo" "foo/bar/.. == false`. The paths are different, we don't need to check whether the paths point to the same thing. + - (+) Assume we said `relativeTo /foo /bar == "../bar"`. If this is used like `/bar/../foo` in the end, and `bar` turns out to be a symlink to somewhere else, this won't be accurate. + - (-) We could decide to not support such ambiguous operations, or mark them as such, e.g. the normal `relativeTo` will error on such a case, but there could be `extendedRelativeTo` supporting that. +- (-) `..` are a part of paths, a path library should therefore support it. + - (+) If we can convincingly argue that all such use cases are better done e.g. with runtime tools, the library not supporting it can nudge people towards using those. +- (-) We could allow "..", but only in the prefix. + - (+) Then we'd have to throw an error for doing `append /some/path "../foo"`, making it non-composable. + - (+) The same is for returning paths with `..`: `relativeTo /foo /bar => "../bar"` would produce a non-composable path. +- (+) We argue that `..` is not needed at the Nix evaluation level, since we'd always start evaluation from the project root and don't go up from there. + - (+) `..` is supported in Nix paths, turning them into absolute paths. + - (-) This is ambiguous in the presence of symlinks. +- (+) If you need `..` for building or runtime, you can use build-/run-time tooling to create those (e.g. `realpath` with `--relative-to`), or use absolute paths instead. + This also gives you the ability to correctly handle symlinks. + +
+ +### Trailing slashes +[trailing-slashes]: #trailing-slashes + +Observing: Subpaths can contain trailing slashes, like `foo/`, indicating that the path points to a directory and not a file. + +Considering: Paths should be as consistent as possible, there should only be a single normalisation for the same path. + +Decision: All functions remove trailing slashes in their results. + +
+Arguments + +- (+) It allows normalisations to be unique, in that there's only a single normalisation for the same path. If trailing slashes were preserved, both `foo/bar` and `foo/bar/` would be valid but different normalisations for the same path. +- Comparison to other frameworks to figure out the least surprising behavior: + - (+) Nix itself doesn't support trailing slashes when parsing and doesn't preserve them when appending paths. + - (-) [Rust's std::path](https://doc.rust-lang.org/std/path/index.html) does preserve them during [construction](https://doc.rust-lang.org/std/path/struct.Path.html#method.new). + - (+) Doesn't preserve them when returning individual [components](https://doc.rust-lang.org/std/path/struct.Path.html#method.components). + - (+) Doesn't preserve them when [canonicalizing](https://doc.rust-lang.org/std/path/struct.Path.html#method.canonicalize). + - (+) [Python 3's pathlib](https://docs.python.org/3/library/pathlib.html#module-pathlib) doesn't preserve them during [construction](https://docs.python.org/3/library/pathlib.html#pathlib.PurePath). + - Notably it represents the individual components as a list internally. + - (-) [Haskell's filepath](https://hackage.haskell.org/package/filepath-1.4.100.0) has [explicit support](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html#g:6) for handling trailing slashes. + - (-) Does preserve them for [normalisation](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html#v:normalise). + - (-) [NodeJS's Path library](https://nodejs.org/api/path.html) preserves trailing slashes for [normalisation](https://nodejs.org/api/path.html#pathnormalizepath). + - (+) For [parsing a path](https://nodejs.org/api/path.html#pathparsepath) into its significant elements, trailing slashes are not preserved. +- (+) Nix's builtin function `dirOf` gives an unexpected result for paths with trailing slashes: `dirOf "foo/bar/" == "foo/bar"`. + Inconsistently, `baseNameOf` works correctly though: `baseNameOf "foo/bar/" == "bar"`. + - (-) We are writing a path library to improve handling of paths though, so we shouldn't use these functions and discourage their use. +- (-) Unexpected result when normalising intermediate paths, like `relative.normalise ("foo" + "/") + "bar" == "foobar"`. + - (+) This is not a practical use case though. + - (+) Don't use `+` to append paths, this library has a `join` function for that. + - (-) Users might use `+` out of habit though. +- (+) The `realpath` command also removes trailing slashes. +- (+) Even with a trailing slash, the path is the same, it's only an indication that it's a directory. + +
+ +## Other implementations and references + +- [Rust](https://doc.rust-lang.org/std/path/struct.Path.html) +- [Python](https://docs.python.org/3/library/pathlib.html) +- [Haskell](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html) +- [Nodejs](https://nodejs.org/api/path.html) +- [POSIX.1-2017](https://pubs.opengroup.org/onlinepubs/9699919799/nframe.html) diff --git a/lib/path/default.nix b/lib/path/default.nix new file mode 100644 index 00000000000..96a9244407b --- /dev/null +++ b/lib/path/default.nix @@ -0,0 +1,218 @@ +# Functions for working with paths, see ./path.md +{ lib }: +let + + inherit (builtins) + isString + split + match + ; + + inherit (lib.lists) + length + head + last + genList + elemAt + ; + + inherit (lib.strings) + concatStringsSep + substring + ; + + inherit (lib.asserts) + assertMsg + ; + + # Return the reason why a subpath is invalid, or `null` if it's valid + subpathInvalidReason = value: + if ! isString value then + "The given value is of type ${builtins.typeOf value}, but a string was expected" + else if value == "" then + "The given string is empty" + else if substring 0 1 value == "/" then + "The given string \"${value}\" starts with a `/`, representing an absolute path" + # We don't support ".." components, see ./path.md#parent-directory + else if match "(.*/)?\\.\\.(/.*)?" value != null then + "The given string \"${value}\" contains a `..` component, which is not allowed in subpaths" + else null; + + # Split and normalise a relative path string into its components. + # Error for ".." components and doesn't include "." components + splitRelPath = path: + let + # Split the string into its parts using regex for efficiency. This regex + # matches patterns like "/", "/./", "/././", with arbitrarily many "/"s + # together. These are the main special cases: + # - Leading "./" gets split into a leading "." part + # - Trailing "/." or "/" get split into a trailing "." or "" + # part respectively + # + # These are the only cases where "." and "" parts can occur + parts = split "/+(\\./+)*" path; + + # `split` creates a list of 2 * k + 1 elements, containing the k + + # 1 parts, interleaved with k matches where k is the number of + # (non-overlapping) matches. This calculation here gets the number of parts + # back from the list length + # floor( (2 * k + 1) / 2 ) + 1 == floor( k + 1/2 ) + 1 == k + 1 + partCount = length parts / 2 + 1; + + # To assemble the final list of components we want to: + # - Skip a potential leading ".", normalising "./foo" to "foo" + # - Skip a potential trailing "." or "", normalising "foo/" and "foo/." to + # "foo". See ./path.md#trailing-slashes + skipStart = if head parts == "." then 1 else 0; + skipEnd = if last parts == "." || last parts == "" then 1 else 0; + + # We can now know the length of the result by removing the number of + # skipped parts from the total number + componentCount = partCount - skipEnd - skipStart; + + in + # Special case of a single "." path component. Such a case leaves a + # componentCount of -1 due to the skipStart/skipEnd not verifying that + # they don't refer to the same character + if path == "." then [] + + # Generate the result list directly. This is more efficient than a + # combination of `filter`, `init` and `tail`, because here we don't + # allocate any intermediate lists + else genList (index: + # To get to the element we need to add the number of parts we skip and + # multiply by two due to the interleaved layout of `parts` + elemAt parts ((skipStart + index) * 2) + ) componentCount; + + # Join relative path components together + joinRelPath = components: + # Always return relative paths with `./` as a prefix (./path.md#leading-dots-for-relative-paths) + "./" + + # An empty string is not a valid relative path, so we need to return a `.` when we have no components + (if components == [] then "." else concatStringsSep "/" components); + +in /* No rec! Add dependencies on this file at the top. */ { + + + /* Whether a value is a valid subpath string. + + - The value is a string + + - The string is not empty + + - The string doesn't start with a `/` + + - The string doesn't contain any `..` path components + + Type: + subpath.isValid :: String -> Bool + + Example: + # Not a string + subpath.isValid null + => false + + # Empty string + subpath.isValid "" + => false + + # Absolute path + subpath.isValid "/foo" + => false + + # Contains a `..` path component + subpath.isValid "../foo" + => false + + # Valid subpath + subpath.isValid "foo/bar" + => true + + # Doesn't need to be normalised + subpath.isValid "./foo//bar/" + => true + */ + subpath.isValid = value: + subpathInvalidReason value == null; + + + /* Normalise a subpath. Throw an error if the subpath isn't valid, see + `lib.path.subpath.isValid` + + - Limit repeating `/` to a single one + + - Remove redundant `.` components + + - Remove trailing `/` and `/.` + + - Add leading `./` + + Laws: + + - (Idempotency) Normalising multiple times gives the same result: + + subpath.normalise (subpath.normalise p) == subpath.normalise p + + - (Uniqueness) There's only a single normalisation for the paths that lead to the same file system node: + + subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q}) + + - Don't change the result when appended to a Nix path value: + + base + ("/" + p) == base + ("/" + subpath.normalise p) + + - Don't change the path according to `realpath`: + + $(realpath ${p}) == $(realpath ${subpath.normalise p}) + + - Only error on invalid subpaths: + + builtins.tryEval (subpath.normalise p)).success == subpath.isValid p + + Type: + subpath.normalise :: String -> String + + Example: + # limit repeating `/` to a single one + subpath.normalise "foo//bar" + => "./foo/bar" + + # remove redundant `.` components + subpath.normalise "foo/./bar" + => "./foo/bar" + + # add leading `./` + subpath.normalise "foo/bar" + => "./foo/bar" + + # remove trailing `/` + subpath.normalise "foo/bar/" + => "./foo/bar" + + # remove trailing `/.` + subpath.normalise "foo/bar/." + => "./foo/bar" + + # Return the current directory as `./.` + subpath.normalise "." + => "./." + + # error on `..` path components + subpath.normalise "foo/../bar" + => + + # error on empty string + subpath.normalise "" + => + + # error on absolute path + subpath.normalise "/foo" + => + */ + subpath.normalise = path: + assert assertMsg (subpathInvalidReason path == null) + "lib.path.subpath.normalise: Argument is not a valid subpath string: ${subpathInvalidReason path}"; + joinRelPath (splitRelPath path); + +} diff --git a/lib/path/tests/default.nix b/lib/path/tests/default.nix new file mode 100644 index 00000000000..9a31e42828f --- /dev/null +++ b/lib/path/tests/default.nix @@ -0,0 +1,34 @@ +{ + nixpkgs ? ../../.., + system ? builtins.currentSystem, + pkgs ? import nixpkgs { + config = {}; + overlays = []; + inherit system; + }, + libpath ? ../.., + # Random seed + seed ? null, +}: +pkgs.runCommand "lib-path-tests" { + nativeBuildInputs = with pkgs; [ + nix + jq + bc + ]; +} '' + # Needed to make Nix evaluation work + export NIX_STATE_DIR=$(mktemp -d) + + cp -r ${libpath} lib + export TEST_LIB=$PWD/lib + + echo "Running unit tests lib/path/tests/unit.nix" + nix-instantiate --eval lib/path/tests/unit.nix \ + --argstr libpath "$TEST_LIB" + + echo "Running property tests lib/path/tests/prop.sh" + bash lib/path/tests/prop.sh ${toString seed} + + touch $out +'' diff --git a/lib/path/tests/generate.awk b/lib/path/tests/generate.awk new file mode 100644 index 00000000000..811dd0c46d3 --- /dev/null +++ b/lib/path/tests/generate.awk @@ -0,0 +1,64 @@ +# Generate random path-like strings, separated by null characters. +# +# Invocation: +# +# awk -f ./generate.awk -v = | tr '\0' '\n' +# +# Customizable variables (all default to 0): +# - seed: Deterministic random seed to use for generation +# - count: Number of paths to generate +# - extradotweight: Give extra weight to dots being generated +# - extraslashweight: Give extra weight to slashes being generated +# - extranullweight: Give extra weight to null being generated, making paths shorter +BEGIN { + # Random seed, passed explicitly for reproducibility + srand(seed) + + # Don't include special characters below 32 + minascii = 32 + # Don't include DEL at 128 + maxascii = 127 + upperascii = maxascii - minascii + + # add extra weight for ., in addition to the one weight from the ascii range + upperdot = upperascii + extradotweight + + # add extra weight for /, in addition to the one weight from the ascii range + upperslash = upperdot + extraslashweight + + # add extra weight for null, indicating the end of the string + # Must be at least 1 to have strings end at all + total = upperslash + 1 + extranullweight + + # new=1 indicates that it's a new string + new=1 + while (count > 0) { + + # Random integer between [0, total) + value = int(rand() * total) + + if (value < upperascii) { + # Ascii range + printf("%c", value + minascii) + new=0 + + } else if (value < upperdot) { + # Dot range + printf "." + new=0 + + } else if (value < upperslash) { + # If it's the start of a new path, only generate a / in 10% of cases + # This is always an invalid subpath, which is not a very interesting case + if (new && rand() > 0.1) continue + printf "/" + + } else { + # Do not generate empty strings + if (new) continue + printf "\x00" + count-- + new=1 + } + } +} diff --git a/lib/path/tests/prop.nix b/lib/path/tests/prop.nix new file mode 100644 index 00000000000..67e5c1e9d61 --- /dev/null +++ b/lib/path/tests/prop.nix @@ -0,0 +1,60 @@ +# Given a list of path-like strings, check some properties of the path library +# using those paths and return a list of attribute sets of the following form: +# +# { = ; } +# +# If `normalise` fails to evaluate, the attribute value is set to `""`. +# If not, the resulting value is normalised again and an appropriate attribute set added to the output list. +{ + # The path to the nixpkgs lib to use + libpath, + # A flat directory containing files with randomly-generated + # path-like values + dir, +}: +let + lib = import libpath; + + # read each file into a string + strings = map (name: + builtins.readFile (dir + "/${name}") + ) (builtins.attrNames (builtins.readDir dir)); + + inherit (lib.path.subpath) normalise isValid; + inherit (lib.asserts) assertMsg; + + normaliseAndCheck = str: + let + originalValid = isValid str; + + tryOnce = builtins.tryEval (normalise str); + tryTwice = builtins.tryEval (normalise tryOnce.value); + + absConcatOrig = /. + ("/" + str); + absConcatNormalised = /. + ("/" + tryOnce.value); + in + # Check the lib.path.subpath.normalise property to only error on invalid subpaths + assert assertMsg + (originalValid -> tryOnce.success) + "Even though string \"${str}\" is valid as a subpath, the normalisation for it failed"; + assert assertMsg + (! originalValid -> ! tryOnce.success) + "Even though string \"${str}\" is invalid as a subpath, the normalisation for it succeeded"; + + # Check normalisation idempotency + assert assertMsg + (originalValid -> tryTwice.success) + "For valid subpath \"${str}\", the normalisation \"${tryOnce.value}\" was not a valid subpath"; + assert assertMsg + (originalValid -> tryOnce.value == tryTwice.value) + "For valid subpath \"${str}\", normalising it once gives \"${tryOnce.value}\" but normalising it twice gives a different result: \"${tryTwice.value}\""; + + # Check that normalisation doesn't change a string when appended to an absolute Nix path value + assert assertMsg + (originalValid -> absConcatOrig == absConcatNormalised) + "For valid subpath \"${str}\", appending to an absolute Nix path value gives \"${absConcatOrig}\", but appending the normalised result \"${tryOnce.value}\" gives a different value \"${absConcatNormalised}\""; + + # Return an empty string when failed + if tryOnce.success then tryOnce.value else ""; + +in lib.genAttrs strings normaliseAndCheck diff --git a/lib/path/tests/prop.sh b/lib/path/tests/prop.sh new file mode 100755 index 00000000000..c956e55bbfa --- /dev/null +++ b/lib/path/tests/prop.sh @@ -0,0 +1,179 @@ +#!/usr/bin/env bash + +# Property tests for the `lib.path` library +# +# It generates random path-like strings and runs the functions on +# them, checking that the expected laws of the functions hold + +set -euo pipefail +shopt -s inherit_errexit + +# https://stackoverflow.com/a/246128 +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +if test -z "${TEST_LIB:-}"; then + TEST_LIB=$SCRIPT_DIR/../.. +fi + +tmp="$(mktemp -d)" +clean_up() { + rm -rf "$tmp" +} +trap clean_up EXIT +mkdir -p "$tmp/work" +cd "$tmp/work" + +# Defaulting to a random seed but the first argument can override this +seed=${1:-$RANDOM} +echo >&2 "Using seed $seed, use \`lib/path/tests/prop.sh $seed\` to reproduce this result" + +# The number of random paths to generate. This specific number was chosen to +# be fast enough while still generating enough variety to detect bugs. +count=500 + +debug=0 +# debug=1 # print some extra info +# debug=2 # print generated values + +# Fine tuning parameters to balance the number of generated invalid paths +# to the variance in generated paths. +extradotweight=64 # Larger value: more dots +extraslashweight=64 # Larger value: more slashes +extranullweight=16 # Larger value: shorter strings + +die() { + echo >&2 "test case failed: " "$@" + exit 1 +} + +if [[ "$debug" -ge 1 ]]; then + echo >&2 "Generating $count random path-like strings" +fi + +# Read stream of null-terminated strings entry-by-entry into bash, +# write it to a file and the `strings` array. +declare -a strings=() +mkdir -p "$tmp/strings" +while IFS= read -r -d $'\0' str; do + echo -n "$str" > "$tmp/strings/${#strings[@]}" + strings+=("$str") +done < <(awk \ + -f "$SCRIPT_DIR"/generate.awk \ + -v seed="$seed" \ + -v count="$count" \ + -v extradotweight="$extradotweight" \ + -v extraslashweight="$extraslashweight" \ + -v extranullweight="$extranullweight") + +if [[ "$debug" -ge 1 ]]; then + echo >&2 "Trying to normalise the generated path-like strings with Nix" +fi + +# Precalculate all normalisations with a single Nix call. Calling Nix for each +# string individually would take way too long +nix-instantiate --eval --strict --json \ + --argstr libpath "$TEST_LIB" \ + --argstr dir "$tmp/strings" \ + "$SCRIPT_DIR"/prop.nix \ + >"$tmp/result.json" + +# Uses some jq magic to turn the resulting attribute set into an associative +# bash array assignment +declare -A normalised_result="($(jq ' + to_entries + | map("[\(.key | @sh)]=\(.value | @sh)") + | join(" \n")' -r < "$tmp/result.json"))" + +# Looks up a normalisation result for a string +# Checks that the normalisation is only failing iff it's an invalid subpath +# For valid subpaths, returns 0 and prints the normalisation result +# For invalid subpaths, returns 1 +normalise() { + local str=$1 + # Uses the same check for validity as in the library implementation + if [[ "$str" == "" || "$str" == /* || "$str" =~ ^(.*/)?\.\.(/.*)?$ ]]; then + valid= + else + valid=1 + fi + + normalised=${normalised_result[$str]} + # An empty string indicates failure, this is encoded in ./prop.nix + if [[ -n "$normalised" ]]; then + if [[ -n "$valid" ]]; then + echo "$normalised" + else + die "For invalid subpath \"$str\", lib.path.subpath.normalise returned this result: \"$normalised\"" + fi + else + if [[ -n "$valid" ]]; then + die "For valid subpath \"$str\", lib.path.subpath.normalise failed" + else + if [[ "$debug" -ge 2 ]]; then + echo >&2 "String \"$str\" is not a valid subpath" + fi + # Invalid and it correctly failed, we let the caller continue if they catch the exit code + return 1 + fi + fi +} + +# Intermediate result populated by test_idempotency_realpath +# and used in test_normalise_uniqueness +# +# Contains a mapping from a normalised subpath to the realpath result it represents +declare -A norm_to_real + +test_idempotency_realpath() { + if [[ "$debug" -ge 1 ]]; then + echo >&2 "Checking idempotency of each result and making sure the realpath result isn't changed" + fi + + # Count invalid subpaths to display stats + invalid=0 + for str in "${strings[@]}"; do + if ! result=$(normalise "$str"); then + ((invalid++)) || true + continue + fi + + # Check the law that it doesn't change the result of a realpath + mkdir -p -- "$str" "$result" + real_orig=$(realpath -- "$str") + real_norm=$(realpath -- "$result") + + if [[ "$real_orig" != "$real_norm" ]]; then + die "realpath of the original string \"$str\" (\"$real_orig\") is not the same as realpath of the normalisation \"$result\" (\"$real_norm\")" + fi + + if [[ "$debug" -ge 2 ]]; then + echo >&2 "String \"$str\" gets normalised to \"$result\" and file path \"$real_orig\"" + fi + norm_to_real["$result"]="$real_orig" + done + if [[ "$debug" -ge 1 ]]; then + echo >&2 "$(bc <<< "scale=1; 100 / $count * $invalid")% of the total $count generated strings were invalid subpath strings, and were therefore ignored" + fi +} + +test_normalise_uniqueness() { + if [[ "$debug" -ge 1 ]]; then + echo >&2 "Checking for the uniqueness law" + fi + + for norm_p in "${!norm_to_real[@]}"; do + real_p=${norm_to_real["$norm_p"]} + for norm_q in "${!norm_to_real[@]}"; do + real_q=${norm_to_real["$norm_q"]} + # Checks normalisation uniqueness law for each pair of values + if [[ "$norm_p" != "$norm_q" && "$real_p" == "$real_q" ]]; then + die "Normalisations \"$norm_p\" and \"$norm_q\" are different, but the realpath of them is the same: \"$real_p\"" + fi + done + done +} + +test_idempotency_realpath +test_normalise_uniqueness + +echo >&2 tests ok diff --git a/lib/path/tests/unit.nix b/lib/path/tests/unit.nix new file mode 100644 index 00000000000..eccf3b7b1c3 --- /dev/null +++ b/lib/path/tests/unit.nix @@ -0,0 +1,125 @@ +# Unit tests for lib.path functions. Use `nix-build` in this directory to +# run these +{ libpath }: +let + lib = import libpath; + inherit (lib.path) subpath; + + cases = lib.runTests { + testSubpathIsValidExample1 = { + expr = subpath.isValid null; + expected = false; + }; + testSubpathIsValidExample2 = { + expr = subpath.isValid ""; + expected = false; + }; + testSubpathIsValidExample3 = { + expr = subpath.isValid "/foo"; + expected = false; + }; + testSubpathIsValidExample4 = { + expr = subpath.isValid "../foo"; + expected = false; + }; + testSubpathIsValidExample5 = { + expr = subpath.isValid "foo/bar"; + expected = true; + }; + testSubpathIsValidExample6 = { + expr = subpath.isValid "./foo//bar/"; + expected = true; + }; + testSubpathIsValidTwoDotsEnd = { + expr = subpath.isValid "foo/.."; + expected = false; + }; + testSubpathIsValidTwoDotsMiddle = { + expr = subpath.isValid "foo/../bar"; + expected = false; + }; + testSubpathIsValidTwoDotsPrefix = { + expr = subpath.isValid "..foo"; + expected = true; + }; + testSubpathIsValidTwoDotsSuffix = { + expr = subpath.isValid "foo.."; + expected = true; + }; + testSubpathIsValidTwoDotsPrefixComponent = { + expr = subpath.isValid "foo/..bar/baz"; + expected = true; + }; + testSubpathIsValidTwoDotsSuffixComponent = { + expr = subpath.isValid "foo/bar../baz"; + expected = true; + }; + testSubpathIsValidThreeDots = { + expr = subpath.isValid "..."; + expected = true; + }; + testSubpathIsValidFourDots = { + expr = subpath.isValid "...."; + expected = true; + }; + testSubpathIsValidThreeDotsComponent = { + expr = subpath.isValid "foo/.../bar"; + expected = true; + }; + testSubpathIsValidFourDotsComponent = { + expr = subpath.isValid "foo/..../bar"; + expected = true; + }; + + testSubpathNormaliseExample1 = { + expr = subpath.normalise "foo//bar"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample2 = { + expr = subpath.normalise "foo/./bar"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample3 = { + expr = subpath.normalise "foo/bar"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample4 = { + expr = subpath.normalise "foo/bar/"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample5 = { + expr = subpath.normalise "foo/bar/."; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample6 = { + expr = subpath.normalise "."; + expected = "./."; + }; + testSubpathNormaliseExample7 = { + expr = (builtins.tryEval (subpath.normalise "foo/../bar")).success; + expected = false; + }; + testSubpathNormaliseExample8 = { + expr = (builtins.tryEval (subpath.normalise "")).success; + expected = false; + }; + testSubpathNormaliseExample9 = { + expr = (builtins.tryEval (subpath.normalise "/foo")).success; + expected = false; + }; + testSubpathNormaliseIsValidDots = { + expr = subpath.normalise "./foo/.bar/.../baz...qux"; + expected = "./foo/.bar/.../baz...qux"; + }; + testSubpathNormaliseWrongType = { + expr = (builtins.tryEval (subpath.normalise null)).success; + expected = false; + }; + testSubpathNormaliseTwoDots = { + expr = (builtins.tryEval (subpath.normalise "..")).success; + expected = false; + }; + }; +in + if cases == [] then "Unit tests successful" + else throw "Path unit tests failed: ${lib.generators.toPretty {} cases}" diff --git a/lib/tests/release.nix b/lib/tests/release.nix index b93a4236f91..f67892ab962 100644 --- a/lib/tests/release.nix +++ b/lib/tests/release.nix @@ -15,6 +15,9 @@ pkgs.runCommand "nixpkgs-lib-tests" { inherit pkgs; lib = import ../.; }) + (import ../path/tests { + inherit pkgs; + }) ]; } '' datadir="${pkgs.nix}/share" diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index 4c1266200f8..6972fd1a474 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -358,6 +358,13 @@ And backup your data. + + + services.chronyd is now started with + additional systemd sandbox/hardening options for better + security. + + The module services.headscale was diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index b8a2fbf965c..f93db5fdad7 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -98,6 +98,8 @@ In addition to numerous new and upgraded packages, this release has the followin And backup your data. +- `services.chronyd` is now started with additional systemd sandbox/hardening options for better security. + - The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: - Most settings has been migrated under [services.headscale.settings](#opt-services.headscale.settings) which is an attribute-set that diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index 828f24f9911..cb8d0ecff4c 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -135,7 +135,7 @@ in # The SSH agent protocol doesn't have support for changing TTYs; however we # can simulate this with the `exec` feature of openssh (see ssh_config(5)) # that hooks a command to the shell currently running the ssh program. - Match host * exec "${cfg.package}/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1" + Match host * exec "${pkgs.runtimeShell} -c '${cfg.package}/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1'" ''; environment.extraInit = mkIf cfg.agent.enableSSHSupport '' diff --git a/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json b/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json index 128178bfa02..4a173f73229 100644 --- a/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json +++ b/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json @@ -33,6 +33,31 @@ "actions": { "update-props": {} } + }, + { + "matches": [ + { + "application.process.binary": "jack_bufsize" + } + ], + "actions": { + "update-props": { + "jack.global-buffer-size": true + } + } + }, + { + "matches": [ + { + "application.process.binary": "qsynth" + } + ], + "actions": { + "update-props": { + "node.pause-on-idle": false, + "node.passive": true + } + } } ] } diff --git a/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json b/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json index 114afbfb0ea..b1a86485332 100644 --- a/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json +++ b/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json @@ -32,10 +32,12 @@ "args": {} } ], - "context.exec": [ + "context.exec": [], + "pulse.cmd": [ { - "path": "pactl", - "args": "load-module module-always-sink" + "cmd": "load-module", + "args": "module-always-sink", + "flags": [] } ], "stream.properties": {}, @@ -89,13 +91,14 @@ { "matches": [ { - "application.name": "~speech-dispatcher*" + "application.name": "~speech-dispatcher.*" } ], "actions": { "update-props": { - "pulse.min.req": "1024/48000", - "pulse.min.quantum": "1024/48000" + "pulse.min.req": "512/48000", + "pulse.min.quantum": "512/48000", + "pulse.idle.timeout": 5 } } } diff --git a/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json b/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json index bf3b2d66082..53fc103d221 100644 --- a/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json +++ b/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json @@ -70,6 +70,14 @@ }, { "name": "libpipewire-module-session-manager" + }, + { + "name": "libpipewire-module-x11-bell", + "args": {}, + "flags": [ + "ifexists", + "nofail" + ] } ], "context.objects": [ diff --git a/nixos/modules/services/networking/ntp/chrony.nix b/nixos/modules/services/networking/ntp/chrony.nix index 7e3bb565d10..dc180d4a4f9 100644 --- a/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixos/modules/services/networking/ntp/chrony.nix @@ -147,9 +147,9 @@ in systemd.services.systemd-timedated.environment = { SYSTEMD_TIMEDATED_NTP_SERVICES = "chronyd.service"; }; systemd.tmpfiles.rules = [ - "d ${stateDir} 0755 chrony chrony - -" - "f ${driftFile} 0640 chrony chrony -" - "f ${keyFile} 0640 chrony chrony -" + "d ${stateDir} 0750 chrony chrony - -" + "f ${driftFile} 0640 chrony chrony - -" + "f ${keyFile} 0640 chrony chrony - -" ]; systemd.services.chronyd = @@ -164,15 +164,47 @@ in path = [ chronyPkg ]; unitConfig.ConditionCapability = "CAP_SYS_TIME"; - serviceConfig = - { Type = "simple"; - ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}"; - - ProtectHome = "yes"; - ProtectSystem = "full"; - PrivateTmp = "yes"; - }; + serviceConfig = { + Type = "simple"; + ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}"; + # Proc filesystem + ProcSubset = "pid"; + ProtectProc = "invisible"; + # Access write directories + ReadWritePaths = [ "${stateDir}" ]; + UMask = "0027"; + # Capabilities + CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_DAC_OVERRIDE" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" "CAP_SYS_RESOURCE" "CAP_SYS_TIME" ]; + # Device Access + DeviceAllow = [ "char-pps rw" "char-ptp rw" "char-rtc rw" ]; + DevicePolicy = "closed"; + # Security + NoNewPrivileges = true; + # Sandboxing + ProtectSystem = "full"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = false; + ProtectHostname = true; + ProtectClock = false; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + # System Call Filtering + SystemCallArchitectures = "native"; + SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ]; + }; }; }; } diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix index 314a69a73a8..93b0aafab64 100644 --- a/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixos/modules/services/web-apps/snipe-it.nix @@ -454,8 +454,9 @@ in { # A placeholder file for invalid barcodes invalid_barcode_location="${cfg.dataDir}/public/uploads/barcodes/invalid_barcode.gif" - [ ! -e "$invalid_barcode_location" ] \ - && cp ${snipe-it}/share/snipe-it/invalid_barcode.gif "$invalid_barcode_location" + if [ ! -e "$invalid_barcode_location" ]; then + cp ${snipe-it}/share/snipe-it/invalid_barcode.gif "$invalid_barcode_location" + fi ''; }; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 9fcb408c287..eb30e601dd0 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -32,7 +32,7 @@ let inherit (lib) getBin optionalString literalExpression mkRemovedOptionModule mkRenamedOptionModule - mkDefault mkIf mkMerge mkOption types; + mkDefault mkIf mkMerge mkOption mkPackageOption types; ini = pkgs.formats.ini { }; @@ -198,6 +198,11 @@ in example = literalExpression "[ pkgs.plasma5Packages.oxygen ]"; }; + notoPackage = mkPackageOption pkgs "Noto fonts" { + default = [ "noto-fonts" ]; + example = "noto-fonts-lgc-plus"; + }; + # Internally allows configuring kdeglobals globally kdeglobals = mkOption { internal = true; @@ -401,7 +406,7 @@ in # Enable GTK applications to load SVG icons services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ]; - fonts.fonts = with pkgs; [ noto-fonts hack-font ]; + fonts.fonts = with pkgs; [ cfg.notoPackage hack-font ]; fonts.fontconfig.defaultFonts = { monospace = [ "Hack" "Noto Sans Mono" ]; sansSerif = [ "Noto Sans" ]; @@ -545,7 +550,7 @@ in } { # The user interface breaks without pulse - assertion = config.hardware.pulseaudio.enable; + assertion = config.hardware.pulseaudio.enable || (config.services.pipewire.enable && config.services.pipewire.pulse.enable); message = "Plasma Mobile requires pulseaudio."; } ]; diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix index 64109e0c39f..5bb73cd0bfb 100644 --- a/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixos/modules/services/x11/window-managers/i3.nix @@ -31,7 +31,6 @@ in type = types.package; default = pkgs.i3; defaultText = literalExpression "pkgs.i3"; - example = literalExpression "pkgs.i3-gaps"; description = lib.mdDoc '' i3 package to use. ''; @@ -73,6 +72,6 @@ in imports = [ (mkRemovedOptionModule [ "services" "xserver" "windowManager" "i3-gaps" "enable" ] - "Use services.xserver.windowManager.i3.enable and set services.xserver.windowManager.i3.package to pkgs.i3-gaps to use i3-gaps.") + "i3-gaps was merged into i3. Use services.xserver.windowManager.i3.enable instead.") ]; } diff --git a/nixos/modules/virtualisation/waydroid.nix b/nixos/modules/virtualisation/waydroid.nix index a2cfd806f32..46e5f901015 100644 --- a/nixos/modules/virtualisation/waydroid.nix +++ b/nixos/modules/virtualisation/waydroid.nix @@ -56,12 +56,8 @@ in wantedBy = [ "multi-user.target" ]; - unitConfig = { - ConditionPathExists = "/var/lib/waydroid/lxc/waydroid"; - }; - serviceConfig = { - ExecStart = "${pkgs.waydroid}/bin/waydroid container start"; + ExecStart = "${pkgs.waydroid}/bin/waydroid -w container start"; ExecStop = "${pkgs.waydroid}/bin/waydroid container stop"; ExecStopPost = "${pkgs.waydroid}/bin/waydroid session stop"; }; diff --git a/pkgs/applications/audio/spotifyd/default.nix b/pkgs/applications/audio/spotifyd/default.nix index bfeb8a7dab3..274b054955b 100644 --- a/pkgs/applications/audio/spotifyd/default.nix +++ b/pkgs/applications/audio/spotifyd/default.nix @@ -9,16 +9,16 @@ rustPackages.rustPlatform.buildRustPackage rec { pname = "spotifyd"; - version = "0.3.3"; + version = "0.3.4"; src = fetchFromGitHub { owner = "Spotifyd"; repo = "spotifyd"; rev = "v${version}"; - sha256 = "1liql2wp7cx0x4ha1578wx3m4byd295m4ph268s05yw2wrnr3v6c"; + sha256 = "sha256-9zwHBDrdvE2R/cdrWgjsfHlm3wEZ9SB2VNcqezB/Op0="; }; - cargoSha256 = "1plvqd55d1gj0ydimv3154pwgj2sh1fqx2182nw8akzdfmzg1150"; + cargoSha256 = "sha256-fQm7imXpm5AcKdg0cU/Rf2mAeg2ebZKRisJZSnG0REI="; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/applications/gis/saga/default.nix b/pkgs/applications/gis/saga/default.nix index fc940cfce30..59794b88a4f 100644 --- a/pkgs/applications/gis/saga/default.nix +++ b/pkgs/applications/gis/saga/default.nix @@ -31,11 +31,11 @@ mkDerivation rec { pname = "saga"; - version = "8.4.0"; + version = "8.5.0"; src = fetchurl { url = "mirror://sourceforge/saga-gis/SAGA%20-%20${lib.versions.major version}/SAGA%20-%20${version}/saga-${version}.tar.gz"; - sha256 = "sha256-v6DPwV20fcsznrEaFJk0/ewU4z3cTjzYYuLkyMwSLV0="; + sha256 = "sha256-JzSuu1wGfCkxIDcTbP5jpHtJNvl8eAP3jznXvwSPeY0="; }; sourceRoot = "saga-${version}/saga-gis"; diff --git a/pkgs/applications/graphics/eyedropper/default.nix b/pkgs/applications/graphics/eyedropper/default.nix index 32098c97704..41999239af1 100644 --- a/pkgs/applications/graphics/eyedropper/default.nix +++ b/pkgs/applications/graphics/eyedropper/default.nix @@ -15,19 +15,19 @@ stdenv.mkDerivation rec { pname = "eyedropper"; - version = "0.4.0"; + version = "0.5.0"; src = fetchFromGitHub { owner = "FineFindus"; repo = pname; - rev = version; - hash = "sha256-bOpwHaFOoUlh+yyC1go6BeFxfJhUmwZPi6kYAqCagEI="; + rev = "v${version}"; + hash = "sha256-sDrMIryVFkjMGHbYvNDmKb1HyJNGb3Hd+muxUJKhogE="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-TkdOq+icU2zNbXzN6nbkXjL1o/Lfumqr/5S0pQaxY5Q="; + hash = "sha256-mztc44hHdqzR3WbG6tkCL38EfgBajRLlpMC8ElpXnlo="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/flexget/default.nix b/pkgs/applications/networking/flexget/default.nix index 665af1cf2ea..8782816b232 100644 --- a/pkgs/applications/networking/flexget/default.nix +++ b/pkgs/applications/networking/flexget/default.nix @@ -5,7 +5,7 @@ python3Packages.buildPythonApplication rec { pname = "flexget"; - version = "3.5.13"; + version = "3.5.16"; format = "pyproject"; # Fetch from GitHub in order to use `requirements.in` @@ -13,7 +13,7 @@ python3Packages.buildPythonApplication rec { owner = "flexget"; repo = "flexget"; rev = "refs/tags/v${version}"; - hash = "sha256-0yO4prnYJkD7eiyrEOPHlDTsgGgRhQujsp8k2FsLYKI="; + hash = "sha256-9hcl7OZLi86hZHLotsN1QlPzQ1Ep5vJumAyZxSxxIE8="; }; postPatch = '' diff --git a/pkgs/applications/networking/syncthing/default.nix b/pkgs/applications/networking/syncthing/default.nix index 297520dcb92..e74084e14c5 100644 --- a/pkgs/applications/networking/syncthing/default.nix +++ b/pkgs/applications/networking/syncthing/default.nix @@ -4,16 +4,16 @@ let common = { stname, target, postInstall ? "" }: buildGoModule rec { pname = stname; - version = "1.22.2"; + version = "1.23.0"; src = fetchFromGitHub { owner = "syncthing"; repo = "syncthing"; rev = "v${version}"; - hash = "sha256-t1JIkUjSEshSm3Zi5Ck8IOmTv2tC0dUYyJvlKua/BcI="; + hash = "sha256-Z4YVU45na4BgIbN/IlORpTCuf2EuSuOyppDRzswn3EI="; }; - vendorSha256 = "sha256-UdzWD8I8ulPBXdF5wZQ7hQoVO9Bnj18Gw5t4wqolSPA="; + vendorHash = "sha256-q63iaRxJRvPY0Np20O6JmdMEjSg/kxRneBfs8fRTwXk="; doCheck = false; diff --git a/pkgs/applications/office/ledger/default.nix b/pkgs/applications/office/ledger/default.nix index d4b4bde7b10..e885e03c1cd 100644 --- a/pkgs/applications/office/ledger/default.nix +++ b/pkgs/applications/office/ledger/default.nix @@ -41,6 +41,13 @@ stdenv.mkDerivation rec { sha256 = "sha256-vwVQnY9EUCXPzhDJ4PSOmQStb9eF6H0yAOiEmL6sAlk="; excludes = [ "doc/NEWS.md" ]; }) + + # Fix included bug with boost >= 1.76. Remove with the next release + (fetchpatch { + url = "https://github.com/ledger/ledger/commit/1cb9b84fdecc5604bd1172cdd781859ff3871a52.patch"; + sha256 = "sha256-ipVkRcTmnEvpfyPgMzLVJ9Sz8QxHeCURQI5dX8xh758="; + excludes = [ "test/regress/*" ]; + }) ]; installTargets = [ "doc" "install" ]; diff --git a/pkgs/applications/science/electronics/dataexplorer/default.nix b/pkgs/applications/science/electronics/dataexplorer/default.nix index 5df312cd153..535871e4edb 100644 --- a/pkgs/applications/science/electronics/dataexplorer/default.nix +++ b/pkgs/applications/science/electronics/dataexplorer/default.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { pname = "dataexplorer"; - version = "3.7.3"; + version = "3.7.4"; src = fetchurl { url = "mirror://savannah/dataexplorer/dataexplorer-${version}-src.tar.gz"; - sha256 = "sha256-cqvlPV4i9m0x3hbruC5y2APsyjfI5y9RT8XVzsDaT/Q="; + sha256 = "sha256-bghI7Hun7ZKUVEj7T58K0oaclnhUGd4z+eIqZF3eXHQ="; }; nativeBuildInputs = [ ant makeWrapper ]; diff --git a/pkgs/applications/version-management/deepgit/default.nix b/pkgs/applications/version-management/deepgit/default.nix new file mode 100644 index 00000000000..312dc523710 --- /dev/null +++ b/pkgs/applications/version-management/deepgit/default.nix @@ -0,0 +1,86 @@ +{ copyDesktopItems +, fetchurl +, glib +, gnome +, gtk3 +, jre +, lib +, makeDesktopItem +, stdenv +, wrapGAppsHook +}: + +stdenv.mkDerivation rec { + pname = "deepgit"; + version = "4.3"; + + src = fetchurl { + url = "https://www.syntevo.com/downloads/deepgit/deepgit-linux-${lib.replaceStrings [ "." ] [ "_" ] version}.tar.gz"; + hash = "sha256-bA/EySZjuSDYaZplwHcpeP1VakcnG5K1hYTk7cSVbz0="; + }; + + nativeBuildInputs = [ + copyDesktopItems + wrapGAppsHook + ]; + + buildInputs = [ + gnome.adwaita-icon-theme + gtk3 + jre + ]; + + preFixup = '' + gappsWrapperArgs+=( + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ glib gtk3 ]} + --set DEEPGIT_JAVA_HOME ${jre} + ) + patchShebangs bin/deepgit.sh + ''; + + desktopItems = [(makeDesktopItem rec { + name = pname; + desktopName = "DeepGit"; + keywords = [ "git" ]; + comment = "Git-Client"; + categories = [ + "Development" + "RevisionControl" + ]; + terminal = false; + startupNotify = true; + startupWMClass = desktopName; + exec = pname; + mimeTypes = [ + "x-scheme-handler/${pname}" + "x-scheme-handler/sourcetree" + ]; + icon = pname; + })]; + + installPhase = '' + runHook preInstall + + mkdir -pv $out/{bin,share/icons/hicolor/scalable/apps/} + cp -a lib license.html $out + mv bin/deepgit.sh $out/bin/deepgit + + for icon_size in 32 48 64 128 256; do + path=$icon_size'x'$icon_size + icon=bin/deepgit-$icon_size.png + mkdir -p $out/share/icons/hicolor/$path/apps + cp $icon $out/share/icons/hicolor/$path/apps/deepgit.png + done + + runHook postInstall + ''; + + meta = with lib; { + description = "A tool to investigate the history of source code"; + homepage = "https://www.syntevo.com/deepgit"; + changelog = "https://www.syntevo.com/deepgit/changelog.txt"; + license = licenses.unfree; + maintainers = with maintainers; [ urandom ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/window-managers/i3/default.nix b/pkgs/applications/window-managers/i3/default.nix index 4ffa04d73bf..b9079c88281 100644 --- a/pkgs/applications/window-managers/i3/default.nix +++ b/pkgs/applications/window-managers/i3/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "i3"; - version = "4.21.1"; + version = "4.22"; src = fetchurl { url = "https://i3wm.org/downloads/${pname}-${version}.tar.xz"; - sha256 = "sha256-7f14EoXGVKBdxtsnLOAwDEQo5vvYddmZZOV94ltBvB4="; + sha256 = "sha256-KGOZEeWdlWOfCSZCqYL14d6lkiUMK1zpjtoQCDNRPks="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/window-managers/i3/gaps.nix b/pkgs/applications/window-managers/i3/gaps.nix deleted file mode 100644 index 35a58bd25f0..00000000000 --- a/pkgs/applications/window-managers/i3/gaps.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ fetchFromGitHub, lib, i3 }: - -i3.overrideAttrs (oldAttrs : rec { - pname = "i3-gaps"; - version = "4.21.1"; - - src = fetchFromGitHub { - owner = "Airblader"; - repo = "i3"; - rev = version; - sha256 = "sha256-+JxJjvzEuAA4CH+gufzAzIqd5BSvHtPvLm2zTfXc/xk="; - }; - - meta = with lib; { - description = "A fork of the i3 tiling window manager with some additional features"; - homepage = "https://github.com/Airblader/i3"; - maintainers = with maintainers; [ fmthoma ]; - license = licenses.bsd3; - platforms = platforms.linux ++ platforms.netbsd ++ platforms.openbsd; - - longDescription = '' - Fork of i3wm, a tiling window manager primarily targeted at advanced users - and developers. Based on a tree as data structure, supports tiling, - stacking, and tabbing layouts, handled dynamically, as well as floating - windows. This fork adds a few features such as gaps between windows. - Configured via plain text file. Multi-monitor. UTF-8 clean. - ''; - }; -}) diff --git a/pkgs/data/fonts/noto-fonts/default.nix b/pkgs/data/fonts/noto-fonts/default.nix index da3b0f81d43..6161f711958 100644 --- a/pkgs/data/fonts/noto-fonts/default.nix +++ b/pkgs/data/fonts/noto-fonts/default.nix @@ -11,21 +11,43 @@ , imagemagick , zopfli , buildPackages +, variants ? [ ] }: - let - mkNoto = { pname, weights }: - stdenvNoCC.mkDerivation { + notoLongDescription = '' + When text is rendered by a computer, sometimes characters are + displayed as “tofu”. They are little boxes to indicate your device + doesn’t have a font to display the text. + + Google has been developing a font family called Noto, which aims to + support all languages with a harmonious look and feel. Noto is + Google’s answer to tofu. The name noto is to convey the idea that + Google’s goal is to see “no more tofu”. Noto has multiple styles and + weights, and freely available to all. + + This package also includes the Arimo, Cousine, and Tinos fonts. + ''; +in +rec { + mkNoto = + { pname + , weights + , variants ? [ ] + , longDescription ? notoLongDescription + }: + stdenvNoCC.mkDerivation rec { inherit pname; - version = "2020-01-23"; + version = "20201206-phase3"; src = fetchFromGitHub { owner = "googlefonts"; repo = "noto-fonts"; - rev = "f4726a2ec36169abd02a6d8abe67c8ff0236f6d8"; - sha256 = "0zc1r7zph62qmvzxqfflsprazjf6x1qnwc2ma27kyzh6v36gaykw"; + rev = "v${version}"; + hash = "sha256-x60RvCRFLoGe0CNvswROnDkIsUFbWH+/laN8q2qkUPk="; }; + _variants = map (variant: builtins.replaceStrings [ " " ] [ "" ] variant) variants; + installPhase = '' # We copy in reverse preference order -- unhinted first, then # hinted -- to get the "best" version of each font while @@ -33,29 +55,24 @@ let # # TODO: install OpenType, variable versions? local out_ttf=$out/share/fonts/truetype/noto - install -m444 -Dt $out_ttf phaseIII_only/unhinted/ttf/*/*-${weights}.ttf - install -m444 -Dt $out_ttf phaseIII_only/hinted/ttf/*/*-${weights}.ttf - install -m444 -Dt $out_ttf unhinted/*/*-${weights}.ttf - install -m444 -Dt $out_ttf hinted/*/*-${weights}.ttf - ''; + '' + (if _variants == [ ] then '' + install -m444 -Dt $out_ttf archive/unhinted/*/*-${weights}.ttf + install -m444 -Dt $out_ttf archive/hinted/*/*-${weights}.ttf + install -m444 -Dt $out_ttf unhinted/*/*/*-${weights}.ttf + install -m444 -Dt $out_ttf hinted/*/*/*-${weights}.ttf + '' else '' + for variant in $_variants; do + install -m444 -Dt $out_ttf archive/unhinted/$variant/*-${weights}.ttf + install -m444 -Dt $out_ttf archive/hinted/$variant/*-${weights}.ttf + install -m444 -Dt $out_ttf unhinted/*/$variant/*-${weights}.ttf + install -m444 -Dt $out_ttf hinted/*/$variant/*-${weights}.ttf + done + ''); meta = with lib; { description = "Beautiful and free fonts for many languages"; homepage = "https://www.google.com/get/noto/"; - longDescription = - '' - When text is rendered by a computer, sometimes characters are - displayed as “tofu”. They are little boxes to indicate your device - doesn’t have a font to display the text. - - Google has been developing a font family called Noto, which aims to - support all languages with a harmonious look and feel. Noto is - Google’s answer to tofu. The name noto is to convey the idea that - Google’s goal is to see “no more tofu”. Noto has multiple styles and - weights, and freely available to all. - - This package also includes the Arimo, Cousine, and Tinos fonts. - ''; + inherit longDescription; license = licenses.ofl; platforms = platforms.all; maintainers = with maintainers; [ mathnerd314 emily ]; @@ -100,14 +117,34 @@ let maintainers = with maintainers; [ mathnerd314 emily ]; }; }; -in -{ noto-fonts = mkNoto { pname = "noto-fonts"; weights = "{Regular,Bold,Light,Italic,BoldItalic,LightItalic}"; }; + noto-fonts-lgc-plus = mkNoto { + pname = "noto-fonts-lgc-plus"; + weights = "{Regular,Bold,Light,Italic,BoldItalic,LightItalic}"; + variants = [ + "Noto Sans" + "Noto Serif" + "Noto Sans Display" + "Noto Serif Display" + "Noto Sans Mono" + "Noto Music" + "Noto Sans Symbols" + "Noto Sans Symbols 2" + "Noto Sans Math" + ]; + longDescription = '' + This package provides the Noto Fonts, but only for latin, greek + and cyrillic scripts, as well as some extra fonts. To create a + custom Noto package with custom variants, see the `mkNoto` + helper function. + ''; + }; + noto-fonts-extra = mkNoto { pname = "noto-fonts-extra"; weights = "{Black,Condensed,Extra,Medium,Semi,Thin}*"; @@ -127,65 +164,67 @@ in sha256 = "sha256-1w66Ge7DZjbONGhxSz69uFhfsjMsDiDkrGl6NsoB7dY="; }; - noto-fonts-emoji = let - version = "2.038"; - emojiPythonEnv = - buildPackages.python3.withPackages (p: with p; [ fonttools nototools ]); - in stdenvNoCC.mkDerivation { - pname = "noto-fonts-emoji"; - inherit version; + noto-fonts-emoji = + let + version = "2.038"; + emojiPythonEnv = + buildPackages.python3.withPackages (p: with p; [ fonttools nototools ]); + in + stdenvNoCC.mkDerivation { + pname = "noto-fonts-emoji"; + inherit version; - src = fetchFromGitHub { - owner = "googlefonts"; - repo = "noto-emoji"; - rev = "v${version}"; - sha256 = "1rgmcc6nqq805iqr8kvxxlk5cf50q714xaxk3ld6rjrd69kb8ix9"; + src = fetchFromGitHub { + owner = "googlefonts"; + repo = "noto-emoji"; + rev = "v${version}"; + sha256 = "1rgmcc6nqq805iqr8kvxxlk5cf50q714xaxk3ld6rjrd69kb8ix9"; + }; + + depsBuildBuild = [ + buildPackages.stdenv.cc + pkg-config + cairo + ]; + + nativeBuildInputs = [ + imagemagick + zopfli + pngquant + which + emojiPythonEnv + ]; + + postPatch = '' + patchShebangs *.py + patchShebangs third_party/color_emoji/*.py + # remove check for virtualenv, since we handle + # python requirements using python.withPackages + sed -i '/ifndef VIRTUAL_ENV/,+2d' Makefile + + # Make the build verbose so it won't get culled by Hydra thinking that + # it somehow got stuck doing nothing. + sed -i 's;\t@;\t;' Makefile + ''; + + enableParallelBuilding = true; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/fonts/noto + cp NotoColorEmoji.ttf $out/share/fonts/noto + runHook postInstall + ''; + + meta = with lib; { + description = "Color and Black-and-White emoji fonts"; + homepage = "https://github.com/googlefonts/noto-emoji"; + license = with licenses; [ ofl asl20 ]; + platforms = platforms.all; + maintainers = with maintainers; [ mathnerd314 sternenseemann ]; + }; }; - depsBuildBuild = [ - buildPackages.stdenv.cc - pkg-config - cairo - ]; - - nativeBuildInputs = [ - imagemagick - zopfli - pngquant - which - emojiPythonEnv - ]; - - postPatch = '' - patchShebangs *.py - patchShebangs third_party/color_emoji/*.py - # remove check for virtualenv, since we handle - # python requirements using python.withPackages - sed -i '/ifndef VIRTUAL_ENV/,+2d' Makefile - - # Make the build verbose so it won't get culled by Hydra thinking that - # it somehow got stuck doing nothing. - sed -i 's;\t@;\t;' Makefile - ''; - - enableParallelBuilding = true; - - installPhase = '' - runHook preInstall - mkdir -p $out/share/fonts/noto - cp NotoColorEmoji.ttf $out/share/fonts/noto - runHook postInstall - ''; - - meta = with lib; { - description = "Color and Black-and-White emoji fonts"; - homepage = "https://github.com/googlefonts/noto-emoji"; - license = with licenses; [ ofl asl20 ]; - platforms = platforms.all; - maintainers = with maintainers; [ mathnerd314 sternenseemann ]; - }; - }; - noto-fonts-emoji-blob-bin = let pname = "noto-fonts-emoji-blob-bin"; diff --git a/pkgs/development/compilers/gcc-arm-embedded/12/default.nix b/pkgs/development/compilers/gcc-arm-embedded/12/default.nix new file mode 100644 index 00000000000..caff0ad023f --- /dev/null +++ b/pkgs/development/compilers/gcc-arm-embedded/12/default.nix @@ -0,0 +1,52 @@ +{ lib +, stdenv +, fetchurl +, ncurses5 +, python38 +}: + +stdenv.mkDerivation rec { + pname = "gcc-arm-embedded"; + version = "12.2.rel1"; + + platform = { + aarch64-linux = "aarch64"; + x86_64-darwin = "darwin-x86_64"; + x86_64-linux = "x86_64"; + }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + + src = fetchurl { + url = "https://developer.arm.com/-/media/Files/downloads/gnu/${version}/binrel/arm-gnu-toolchain-${version}-${platform}-arm-none-eabi.tar.xz"; + sha256 = { + aarch64-linux = "131ydgndff7dyhkivfchbk43lv3cv2p172knkqilx64aapvk5qvy"; + x86_64-darwin = "00i9gd1ny00681pwinh6ng9x45xsyrnwc6hm2vr348z9gasyxh00"; + x86_64-linux = "0rv8r5zh0a5621v0xygxi8f6932qgwinw2s9vnniasp9z7897gl4"; + }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + }; + + dontConfigure = true; + dontBuild = true; + dontPatchELF = true; + dontStrip = true; + + installPhase = '' + mkdir -p $out + cp -r * $out + ''; + + preFixup = '' + find $out -type f | while read f; do + patchelf "$f" > /dev/null 2>&1 || continue + patchelf --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) "$f" || true + patchelf --set-rpath ${lib.makeLibraryPath [ "$out" stdenv.cc.cc ncurses5 python38 ]} "$f" || true + done + ''; + + meta = with lib; { + description = "Pre-built GNU toolchain from ARM Cortex-M & Cortex-R processors"; + homepage = "https://developer.arm.com/open-source/gnu-toolchain/gnu-rm"; + license = with licenses; [ bsd2 gpl2 gpl3 lgpl21 lgpl3 mit ]; + maintainers = with maintainers; [ prusnak ]; + platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ]; + }; +} diff --git a/pkgs/development/compilers/ispc/default.nix b/pkgs/development/compilers/ispc/default.nix index c75c6e25b75..004bf4bb10d 100644 --- a/pkgs/development/compilers/ispc/default.nix +++ b/pkgs/development/compilers/ispc/default.nix @@ -2,7 +2,7 @@ , cmake, which, m4, python3, bison, flex, llvmPackages, ncurses # the default test target is sse4, but that is not supported by all Hydra agents -, testedTargets ? [ "sse2-i32x4" ] +, testedTargets ? if stdenv.isAarch64 || stdenv.isAarch32 then [ "neon-i32x4" ] else [ "sse2-i32x4" ] }: stdenv.mkDerivation rec { @@ -58,14 +58,15 @@ stdenv.mkDerivation rec { "-DCLANGPP_EXECUTABLE=${llvmPackages.clang}/bin/clang++" "-DISPC_INCLUDE_EXAMPLES=OFF" "-DISPC_INCLUDE_UTILS=OFF" - "-DARM_ENABLED=FALSE" + ("-DARM_ENABLED=" + (if stdenv.isAarch64 || stdenv.isAarch32 then "TRUE" else "FALSE")) + ("-DX86_ENABLED=" + (if stdenv.isx86_64 || stdenv.isx86_32 then "TRUE" else "FALSE")) ]; meta = with lib; { homepage = "https://ispc.github.io/"; description = "Intel 'Single Program, Multiple Data' Compiler, a vectorised language"; license = licenses.bsd3; - platforms = [ "x86_64-linux" "x86_64-darwin" ]; # TODO: buildable on more platforms? + platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; # TODO: buildable on more platforms? maintainers = with maintainers; [ aristid thoughtpolice athas ]; }; } diff --git a/pkgs/development/compilers/julia/1.8.nix b/pkgs/development/compilers/julia/1.8.nix index 643e762ab11..83e87bf4c2f 100644 --- a/pkgs/development/compilers/julia/1.8.nix +++ b/pkgs/development/compilers/julia/1.8.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { # https://github.com/JuliaCI/julia-buildbot/blob/master/master/inventory.py "JULIA_CPU_TARGET=generic;sandybridge,-xsaveopt,clone_all;haswell,-rdrnd,base(1)" ] ++ lib.optionals stdenv.isAarch64 [ - "JULIA_CPU_TERGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" + "JULIA_CPU_TARGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" ]; # remove forbidden reference to $TMPDIR diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index bc93190490e..57d1e6d84fe 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -260,7 +260,7 @@ let inherit lib stdenv makeWrapper buildRubyGem buildEnv; gemConfig = defaultGemConfig; ruby = self; - }) withPackages gems; + }) withPackages buildGems gems; } // lib.optionalAttrs useBaseRuby { inherit baseRuby; diff --git a/pkgs/development/libraries/ada/spark2014/default.nix b/pkgs/development/libraries/ada/spark2014/default.nix index 1e6157cfb9a..d928dddfc8d 100644 --- a/pkgs/development/libraries/ada/spark2014/default.nix +++ b/pkgs/development/libraries/ada/spark2014/default.nix @@ -5,7 +5,6 @@ , gnatcoll-core , gprbuild , python3 -, why3 , ocaml , ocamlPackages , makeWrapper @@ -53,11 +52,9 @@ stdenv.mkDerivation rec { make setup ''; - postInstall = '' + installPhase = '' + make install-all cp -a ./install/. $out - # help gnatprove to locate why3server - wrapProgram "$out/bin/gnatprove" \ - --prefix PATH : "${why3}/lib/why3" ''; meta = with lib; { diff --git a/pkgs/development/libraries/libmilter/darwin.patch b/pkgs/development/libraries/libmilter/darwin.patch index be46662d6b3..9bad640450c 100644 --- a/pkgs/development/libraries/libmilter/darwin.patch +++ b/pkgs/development/libraries/libmilter/darwin.patch @@ -13,16 +13,16 @@ Fix build issues on Darwin. define(`confLDOPTS', `${Extra_LD_Flags}') --- a/sendmail/sendmail.h 2020-05-18 14:51:17.000000000 +0200 +++ b/sendmail/sendmail.h 2020-05-18 14:51:00.000000000 +0200 -@@ -104,7 +104,11 @@ - # endif /* NETX25 */ +@@ -122,7 +122,11 @@ + # endif - # if NAMED_BIND --# include -+# ifdef __APPLE__ -+# include -+# else -+# include -+# endif - # ifdef NOERROR - # undef NOERROR /* avoid conflict */ - # endif /* NOERROR */ + #if NAMED_BIND +-# include ++# ifdef __APPLE__ ++# include ++# else ++# include ++# endif + # ifdef NOERROR + # undef NOERROR /* avoid conflict */ + # endif diff --git a/pkgs/development/libraries/libmilter/default.nix b/pkgs/development/libraries/libmilter/default.nix index 38788b3c964..ee92235adac 100644 --- a/pkgs/development/libraries/libmilter/default.nix +++ b/pkgs/development/libraries/libmilter/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libmilter"; - version = "8.15.2"; + version = "8.17.1"; src = fetchurl { url = "ftp://ftp.sendmail.org/pub/sendmail/sendmail.${version}.tar.gz"; - sha256 = "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"; + sha256 = "sha256-BLx2tsiG5tERvn/Y2qMrjOABKKKItrUuBnvCnzhUpuY="; }; buildPhase = '' @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { sh Build -f ./a.m4 ''; - patches = [ ./install.patch ./sharedlib.patch ./glibc-2.30.patch ./darwin.patch ]; + patches = [ ./install.patch ./sharedlib.patch ./darwin.patch ]; nativeBuildInputs = [ m4 ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames; diff --git a/pkgs/development/libraries/libmilter/glibc-2.30.patch b/pkgs/development/libraries/libmilter/glibc-2.30.patch deleted file mode 100644 index e72ec9911e3..00000000000 --- a/pkgs/development/libraries/libmilter/glibc-2.30.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff --git a/libmilter/sm_gethost.c b/libmilter/sm_gethost.c -index 2423c34..f00468c 100644 ---- a/libmilter/sm_gethost.c -+++ b/libmilter/sm_gethost.c -@@ -52,16 +52,8 @@ sm_getipnodebyname(name, family, flags, err) - bool resv6 = true; - struct hostent *h; - -- if (family == AF_INET6) -- { -- /* From RFC2133, section 6.1 */ -- resv6 = bitset(RES_USE_INET6, _res.options); -- _res.options |= RES_USE_INET6; -- } - SM_SET_H_ERRNO(0); -- h = gethostbyname(name); -- if (family == AF_INET6 && !resv6) -- _res.options &= ~RES_USE_INET6; -+ h = gethostbyname2(name, family); - - /* the function is supposed to return only the requested family */ - if (h != NULL && h->h_addrtype != family) -diff --git a/sendmail/conf.c b/sendmail/conf.c -index c73334e..500dafb 100644 ---- a/sendmail/conf.c -+++ b/sendmail/conf.c -@@ -4243,16 +4243,8 @@ sm_getipnodebyname(name, family, flags, err) - # else /* HAS_GETHOSTBYNAME2 */ - bool resv6 = true; - -- if (family == AF_INET6) -- { -- /* From RFC2133, section 6.1 */ -- resv6 = bitset(RES_USE_INET6, _res.options); -- _res.options |= RES_USE_INET6; -- } - SM_SET_H_ERRNO(0); -- h = gethostbyname(name); -- if (!resv6) -- _res.options &= ~RES_USE_INET6; -+ h = gethostbyname2(name, family); - - /* the function is supposed to return only the requested family */ - if (h != NULL && h->h_addrtype != family) diff --git a/pkgs/development/libraries/libpg_query/default.nix b/pkgs/development/libraries/libpg_query/default.nix index 0387679835e..cb5f545c9d9 100644 --- a/pkgs/development/libraries/libpg_query/default.nix +++ b/pkgs/development/libraries/libpg_query/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libpg_query"; - version = "14-3.0.0"; + version = "15-4.0.0"; src = fetchFromGitHub { owner = "pganalyze"; repo = "libpg_query"; rev = version; - sha256 = "sha256-rICN8fkPcYw32N6TdpbrszGUoRzwQdfRSW6A0AC8toM="; + sha256 = "sha256-2BZT/jGfGwia+Map5OkeTcWVFJssykhrdRT2IDAzrfs="; }; nativeBuildInputs = [ which ]; diff --git a/pkgs/development/python-modules/python-arango/default.nix b/pkgs/development/python-modules/python-arango/default.nix index ba44e94b9a3..c5c3a93c3ba 100644 --- a/pkgs/development/python-modules/python-arango/default.nix +++ b/pkgs/development/python-modules/python-arango/default.nix @@ -22,15 +22,16 @@ in buildPythonPackage rec { pname = "python-arango"; - version = "7.5.3"; - disabled = pythonOlder "3.7"; + version = "7.5.4"; format = "setuptools"; + disabled = pythonOlder "3.7"; + src = fetchFromGitHub { owner = "ArangoDB-Community"; repo = "python-arango"; - rev = version; - sha256 = "0qb2yp05z8dmgsyyxqrl3q0a60jaiih96zhxmqrn2yf7as45n07j"; + rev = "refs/tags/${version}"; + hash = "sha256-b3UZuH2hpulRSThReBkDwh0MLJmc95HeWInmmMAl4g0="; }; propagatedBuildInputs = [ @@ -127,12 +128,15 @@ buildPythonPackage rec { "test_replication_applier" ]; - pythonImportsCheck = [ "arango" ]; + pythonImportsCheck = [ + "arango" + ]; meta = with lib; { description = "Python Driver for ArangoDB"; homepage = "https://github.com/ArangoDB-Community/python-arango"; + changelog = "https://github.com/ArangoDB-Community/python-arango/releases/tag/${version}"; license = licenses.mit; - maintainers = [ maintainers.jsoo1 ]; + maintainers = with maintainers; [ jsoo1 ]; }; } diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index 35b93abda49..43878362bb6 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -4,8 +4,8 @@ buildRubyGem rec { inherit ruby; name = "${gemName}-${version}"; gemName = "bundler"; - version = "2.3.26"; - source.sha256 = "sha256-HuU832HnKK2Cxtv/Bs/NhVHVQi6I6GID8OLb6a6Zngk="; + version = "2.4.2"; + source.sha256 = "sha256-mYUOxAWH7hv7Kn521OVI8PyzoO3T6LGPJjAxA07buR8="; dontPatchShebangs = true; passthru.updateScript = writeScript "gem-update-script" '' diff --git a/pkgs/development/tools/esbuild/default.nix b/pkgs/development/tools/esbuild/default.nix index 42f02ee15f8..07b136ab03b 100644 --- a/pkgs/development/tools/esbuild/default.nix +++ b/pkgs/development/tools/esbuild/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "esbuild"; - version = "0.16.7"; + version = "0.16.13"; src = fetchFromGitHub { owner = "evanw"; repo = "esbuild"; rev = "v${version}"; - sha256 = "sha256-zo7YQ4Is3VWsXGvPNrg95tZ76qTSQRyntFjDeqhoyVw="; + hash = "sha256-X4UB2RDfupUP+u+4g2jLxbpx4n4uarhcjs5VtP9Zi20="; }; - vendorSha256 = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; + vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; subPackages = [ "cmd/esbuild" ]; diff --git a/pkgs/development/tools/misc/ptags/default.nix b/pkgs/development/tools/misc/ptags/default.nix index b8be0ee3dc6..6f554e6d352 100644 --- a/pkgs/development/tools/misc/ptags/default.nix +++ b/pkgs/development/tools/misc/ptags/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "ptags"; - version = "0.3.2"; + version = "0.3.4"; src = fetchFromGitHub { owner = "dalance"; repo = "ptags"; rev = "v${version}"; - sha256 = "1xr1szh4dfrcmi6s6dj791k1ix2zbv75rqkqbyb1lmh5548kywkg"; + sha256 = "sha256-hFHzNdTX3nw2OwRxk9lKrt/YpaBXwi5aE/Qn3W9PRf4="; }; - cargoSha256 = "1pz5hvn1iq26i8c2cmqavhnri8h0sn40khrxvcdkj9q47nsj5wcx"; + cargoSha256 = "sha256-cFezB7uwUznC/8NXJNrBqP0lf0sXAQBoGksXFOGrUIg="; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/tools/ocaml/dune/3.nix b/pkgs/development/tools/ocaml/dune/3.nix index c6e5c3da016..7c305012c57 100644 --- a/pkgs/development/tools/ocaml/dune/3.nix +++ b/pkgs/development/tools/ocaml/dune/3.nix @@ -6,11 +6,11 @@ else stdenv.mkDerivation rec { pname = "dune"; - version = "3.6.1"; + version = "3.6.2"; src = fetchurl { url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz"; - sha256 = "sha256-8dWsBLegJ/PVSeJc+IXr96zBNeApHBjmtDEjp5nBQ84="; + sha256 = "sha256-ttSrhI77BKoqMl0AFdMu1EFO1xMOx6oS+YFY7/RFzzw="; }; nativeBuildInputs = [ ocaml findlib ]; diff --git a/pkgs/games/rare/default.nix b/pkgs/games/rare/default.nix index fbd3f951282..766673d3ea0 100644 --- a/pkgs/games/rare/default.nix +++ b/pkgs/games/rare/default.nix @@ -3,13 +3,13 @@ buildPythonApplication rec { pname = "rare"; - version = "1.9.3"; + version = "1.9.4"; src = fetchFromGitHub { owner = "Dummerle"; repo = "Rare"; - rev = version; - sha256 = "sha256-M+OMsyamh4WHIx7Pv2sLylOrnSmYrv1aEm3atqXrDaw="; + rev = "refs/tags/${version}"; + sha256 = "sha256-+STwVsDdvjP7HaqmaQVug+6h0n0rw/j4LGQQSNdLVQQ="; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/waydroid/default.nix b/pkgs/os-specific/linux/waydroid/default.nix index 55630f2fad3..3ed99073d1c 100644 --- a/pkgs/os-specific/linux/waydroid/default.nix +++ b/pkgs/os-specific/linux/waydroid/default.nix @@ -2,6 +2,7 @@ , lib , fetchFromGitHub , python3Packages +, bash , dnsmasq , gawk , getent @@ -17,14 +18,14 @@ python3Packages.buildPythonApplication rec { pname = "waydroid"; - version = "1.3.3"; + version = "1.3.4"; format = "other"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "sha256-av1kcOSViUV2jsFiTE21N6sAJIL6K+zKkpPHjx6iYVk="; + sha256 = "sha256-0GBob9BUwiE5cFGdK8AdwsTjTOdc+AIWqUGN/gFfOqI="; }; propagatedBuildInputs = with python3Packages; [ diff --git a/pkgs/servers/sql/postgresql/ext/pg_ivm.nix b/pkgs/servers/sql/postgresql/ext/pg_ivm.nix index be044befb26..1def48d46d9 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_ivm.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_ivm.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pg_ivm"; - version = "1.3"; + version = "1.4"; src = fetchFromGitHub { owner = "sraoss"; repo = pname; rev = "v${version}"; - hash = "sha256-HdIqAB/A6+EvioKhS2OKmlABjpeTAgkbU5ihbt/OzdI="; + hash = "sha256-pz9eHmd7GC30r0uUObOlrcdkAX4c+szjYAXS1U999CE="; }; buildInputs = [ postgresql ]; diff --git a/pkgs/servers/sql/postgresql/ext/pgroonga.nix b/pkgs/servers/sql/postgresql/ext/pgroonga.nix index 05be683f1ff..0bccc1bfb7a 100644 --- a/pkgs/servers/sql/postgresql/ext/pgroonga.nix +++ b/pkgs/servers/sql/postgresql/ext/pgroonga.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pgroonga"; - version = "2.4.0"; + version = "2.4.2"; src = fetchurl { url = "https://packages.groonga.org/source/${pname}/${pname}-${version}.tar.gz"; - sha256 = "sha256-W6quDn2B+BZ+J46aNMbtVq7OizT1q5jyKMZECAk0F7M="; + sha256 = "sha256-5klltU+9dz30tjE0lQfNinrVEZyT8UpK120kQ1j/yig="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/servers/sql/postgresql/ext/pgrouting.nix b/pkgs/servers/sql/postgresql/ext/pgrouting.nix index 68aaa1dd0a4..5dc21742ef4 100644 --- a/pkgs/servers/sql/postgresql/ext/pgrouting.nix +++ b/pkgs/servers/sql/postgresql/ext/pgrouting.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "pgrouting"; - version = "3.3.2"; + version = "3.4.2"; nativeBuildInputs = [ cmake perl ]; buildInputs = [ postgresql boost ]; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { owner = "pgRouting"; repo = pname; rev = "v${version}"; - sha256 = "sha256-H7h+eiH02qLscpiZ8yV5ofL7upeqRBXNQDGYS86f3og="; + sha256 = "sha256-By3XX4ow5+OdvpLlpozZe3674VSehO9T96pQtJy5y6g="; }; installPhase = '' diff --git a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix index 3254bf9e251..4c5b0060991 100644 --- a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix +++ b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "plpgsql_check"; - version = "2.2.4"; + version = "2.2.6"; src = fetchFromGitHub { owner = "okbob"; repo = pname; rev = "v${version}"; - sha256 = "sha256-YUJLh1IgOOnNxPrH8NaY3jGEV+4mTjRffooIANkbbFo="; + hash = "sha256-8HFyIzJ1iF3K2vTlibFallvkMKjFTJ2DO64fORToD8E="; }; buildInputs = [ postgresql ]; diff --git a/pkgs/tools/audio/vgmtools/default.nix b/pkgs/tools/audio/vgmtools/default.nix index a65ba1b4cda..9571e116066 100644 --- a/pkgs/tools/audio/vgmtools/default.nix +++ b/pkgs/tools/audio/vgmtools/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "vgmtools"; - version = "unstable-2022-12-03"; + version = "unstable-2022-12-30"; src = fetchFromGitHub { owner = "vgmrips"; repo = "vgmtools"; - rev = "b9216623ffb9219c46a7a10669175c7a4c8cd946"; - sha256 = "fPt/z4D4C8TWoz7FivxmXGDcYGc7sXWvxE0+CoyFgDQ="; + rev = "6c2c21dfc871f8cb9c33a77fe7db01419b6ad97d"; + sha256 = "qe8cHGf8X7JjjoiRQ/S3q/WhyvgrMEwsCo7QoQkmg5w="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix index de710e6b3f1..2b1bee85bcf 100644 --- a/pkgs/tools/networking/chrony/default.nix +++ b/pkgs/tools/networking/chrony/default.nix @@ -1,5 +1,7 @@ -{ lib, stdenv, fetchurl, pkg-config, libcap, readline, texinfo, nss, nspr -, libseccomp, pps-tools, gnutls }: +{ lib, stdenv, fetchurl, pkg-config +, gnutls, libedit, nspr, nss, readline, texinfo +, libcap, libseccomp, pps-tools +}: stdenv.mkDerivation rec { pname = "chrony"; @@ -7,22 +9,33 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz"; - sha256 = "sha256-nQ2oiahl8ImlohYQ/7ZxPjyUOM4wOmO0nC+26v9biAQ="; + hash = "sha256-nQ2oiahl8ImlohYQ/7ZxPjyUOM4wOmO0nC+26v9biAQ="; }; + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ gnutls libedit nspr nss readline texinfo ] + ++ lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ]; + + configureFlags = [ + "--enable-ntp-signd" + "--sbindir=$(out)/bin" + "--chronyrundir=/run/chrony" + ] ++ lib.optional stdenv.isLinux "--enable-scfilter"; + + patches = [ + # Cleanup the installation script + ./makefile.patch + ]; + postPatch = '' patchShebangs test ''; - buildInputs = [ readline texinfo nss nspr gnutls ] - ++ lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ]; - nativeBuildInputs = [ pkg-config ]; - hardeningEnable = [ "pie" ]; - configureFlags = [ "--chronyvardir=$(out)/var/lib/chrony" "--enable-ntp-signd" ] - ++ lib.optional stdenv.isLinux "--enable-scfilter"; - meta = with lib; { description = "Sets your computer's clock from time servers on the Net"; homepage = "https://chrony.tuxfamily.org/"; diff --git a/pkgs/tools/networking/chrony/makefile.patch b/pkgs/tools/networking/chrony/makefile.patch new file mode 100644 index 00000000000..be15ccb5cb2 --- /dev/null +++ b/pkgs/tools/networking/chrony/makefile.patch @@ -0,0 +1,23 @@ +diff --git a/Makefile.in b/Makefile.in +index ef100a4..47f54f4 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -23,7 +23,7 @@ + + SYSCONFDIR = @SYSCONFDIR@ + BINDIR = @BINDIR@ +-SBINDIR = @SBINDIR@ ++SBINDIR = @BINDIR@ + LOCALSTATEDIR = @LOCALSTATEDIR@ + CHRONYVARDIR = @CHRONYVARDIR@ + DESTDIR = +@@ -86,9 +86,7 @@ getdate : + + install: chronyd chronyc + [ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR) +- [ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR) + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) +- [ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR) + if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi + if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi + cp chronyd $(DESTDIR)$(SBINDIR)/chronyd diff --git a/pkgs/tools/networking/shadowsocks-rust/default.nix b/pkgs/tools/networking/shadowsocks-rust/default.nix index 0b203ba2caa..d4e2b590b08 100644 --- a/pkgs/tools/networking/shadowsocks-rust/default.nix +++ b/pkgs/tools/networking/shadowsocks-rust/default.nix @@ -1,24 +1,22 @@ -{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, CoreServices, libiconv }: +{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, Security, CoreServices }: rustPlatform.buildRustPackage rec { pname = "shadowsocks-rust"; - version = "1.14.3"; + version = "1.15.2"; src = fetchFromGitHub { rev = "v${version}"; owner = "shadowsocks"; repo = pname; - sha256 = "sha256-tRiziyCw1Qpm22RtZHeKt4VFReJidFHsPxPSjxIA3hA="; + hash = "sha256-CvAOvtC5U2njQuUjFxjnGeqhuxrCw4XI6goo1TxIhIU="; }; - cargoSha256 = "sha256-snnzNb1yJ8L5pMvNNEIf5hZOpFV6DKOWGtGP1T3YTWg="; + cargoHash = "sha256-ctZlYo82M7GKVvrEkw/7+aH9R0MeEsyv3IKl9k4SbiA="; - RUSTC_BOOTSTRAP = 1; + nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; - nativeBuildInputs = [ pkg-config ]; - - buildInputs = [ openssl ] - ++ lib.optionals stdenv.isDarwin [ CoreServices libiconv ]; + buildInputs = lib.optionals stdenv.isLinux [ openssl ] + ++ lib.optionals stdenv.isDarwin [ Security CoreServices ]; cargoBuildFlags = [ "--features=aead-cipher-extra,local-dns,local-http-native-tls,local-redir,local-tun" @@ -36,8 +34,9 @@ rustPlatform.buildRustPackage rec { ]; meta = with lib; { + description = "A Rust port of Shadowsocks"; homepage = "https://github.com/shadowsocks/shadowsocks-rust"; - description = "A Rust port of shadowsocks"; + changelog = "https://github.com/shadowsocks/shadowsocks-rust/raw/v${version}/debian/changelog"; license = licenses.mit; maintainers = [ maintainers.marsam ]; }; diff --git a/pkgs/tools/nix/nixdoc/default.nix b/pkgs/tools/nix/nixdoc/default.nix index 945809e7a76..be485f90655 100644 --- a/pkgs/tools/nix/nixdoc/default.nix +++ b/pkgs/tools/nix/nixdoc/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, rustPlatform, darwin }: rustPlatform.buildRustPackage rec { pname = "nixdoc"; @@ -11,6 +11,14 @@ rustPlatform.buildRustPackage rec { sha256 = "14d4dq06jdqazxvv7fq5872zy0capxyb0fdkp8qg06gxl1iw201s"; }; + patches = [ + # Support nested identifiers https://github.com/nix-community/nixdoc/pull/27 + (fetchpatch { + url = "https://github.com/nix-community/nixdoc/pull/27/commits/ea542735bf675fe2ccd37edaffb9138d1a8c1b7e.patch"; + sha256 = "1fmz44jv2r9qsnjxvkkjfb0safy69l4x4vx1g5gisrp8nwdn94rj"; + }) + ]; + buildInputs = lib.optionals stdenv.isDarwin [ darwin.Security ]; cargoSha256 = "1nv6g8rmjjbwqmjkrpqncypqvx5c7xp2zlx5h6rw2j9d1wlys0v5"; diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index 0b7941ce46e..2030e8195e6 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -57,7 +57,8 @@ stdenv.mkDerivation rec { "--with-ksba-prefix=${libksba.dev}" "--with-npth-prefix=${npth}" ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" - ++ lib.optional withTpm2Tss "--with-tss=intel"; + ++ lib.optional withTpm2Tss "--with-tss=intel" + ++ lib.optional stdenv.isDarwin "--disable-ccid-driver"; postInstall = if enableMinimal then '' rm -r $out/{libexec,sbin,share} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index d9c53ec0981..aba3ad716ab 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -633,6 +633,7 @@ mapAliases ({ ### I ### + i3-gaps = i3; # Added 2023-01-03 i3cat = throw "i3cat has been dropped due to the lack of maintanence from upstream since 2016"; # Added 2022-06-02 iana_etc = throw "'iana_etc' has been renamed to/replaced by 'iana-etc'"; # Converted to throw 2022-02-22 iasl = throw "iasl has been removed, use acpica-tools instead"; # Added 2021-08-08 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 033e8f73877..e01f8b3d5b8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1543,6 +1543,8 @@ with pkgs; ### APPLICATIONS/VERSION-MANAGEMENT + deepgit = callPackage ../applications/version-management/deepgit {}; + git = callPackage ../applications/version-management/git { inherit (darwin.apple_sdk.frameworks) CoreServices Security; perlLibs = [perlPackages.LWP perlPackages.URI perlPackages.TermReadKey]; @@ -11594,7 +11596,7 @@ with pkgs; shabnam-fonts = callPackage ../data/fonts/shabnam-fonts { }; shadowsocks-rust = callPackage ../tools/networking/shadowsocks-rust { - inherit (darwin.apple_sdk.frameworks) CoreServices; + inherit (darwin.apple_sdk.frameworks) Security CoreServices; }; shadowsocks-v2ray-plugin = callPackage ../tools/networking/shadowsocks-v2ray-plugin { }; @@ -14521,7 +14523,8 @@ with pkgs; gcc-arm-embedded-9 = callPackage ../development/compilers/gcc-arm-embedded/9 {}; gcc-arm-embedded-10 = callPackage ../development/compilers/gcc-arm-embedded/10 {}; gcc-arm-embedded-11 = callPackage ../development/compilers/gcc-arm-embedded/11 {}; - gcc-arm-embedded = gcc-arm-embedded-11; + gcc-arm-embedded-12 = callPackage ../development/compilers/gcc-arm-embedded/12 {}; + gcc-arm-embedded = gcc-arm-embedded-12; # Has to match the default gcc so that there are no linking errors when # using C/C++ libraries in D packages @@ -27108,7 +27111,9 @@ with pkgs; nordzy-icon-theme = callPackage ../data/icons/nordzy-icon-theme { }; inherit (callPackages ../data/fonts/noto-fonts {}) + mkNoto noto-fonts + noto-fonts-lgc-plus noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji @@ -29846,8 +29851,6 @@ with pkgs; i3-auto-layout = callPackage ../applications/window-managers/i3/auto-layout.nix { }; - i3-gaps = callPackage ../applications/window-managers/i3/gaps.nix { }; - i3-rounded = callPackage ../applications/window-managers/i3/rounded.nix { }; i3altlayout = callPackage ../applications/window-managers/i3/altlayout.nix { };