From 973c7b12caebf5dd8dee48f15b14e5525551f95d Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Tue, 15 Nov 2022 12:35:20 +0000 Subject: [PATCH 01/54] gnupg: fix smartcards (yubikeys) on Darwin Since version 2.3, GnuPG no longer falls back to other access methods if its built-in CCID driver fails to access smartcards, including yubikeys. The built-in CCID driver fails on macOS. The upstream developers recommend disabling CCID support in this case: If it works and the distribution doesn't offer appropriate USB configuration, I think that it's good for the distribution to use --disable-ccid-driver for building GnuPG. Cite: https://dev.gnupg.org/T5415 See also: https://dev.gnupg.org/T5409 Fixes #155629 --- pkgs/tools/security/gnupg/23.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index 0b7941ce46e..2030e8195e6 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -57,7 +57,8 @@ stdenv.mkDerivation rec { "--with-ksba-prefix=${libksba.dev}" "--with-npth-prefix=${npth}" ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" - ++ lib.optional withTpm2Tss "--with-tss=intel"; + ++ lib.optional withTpm2Tss "--with-tss=intel" + ++ lib.optional stdenv.isDarwin "--disable-ccid-driver"; postInstall = if enableMinimal then '' rm -r $out/{libexec,sbin,share} From 31f5f62c50931addae2a0f3de4e7a89521b284f7 Mon Sep 17 00:00:00 2001 From: laalsaas Date: Sat, 19 Nov 2022 01:56:45 +0100 Subject: [PATCH 02/54] noto-fonts: 2020-01-23 -> v20201206-phase3 --- pkgs/data/fonts/noto-fonts/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/data/fonts/noto-fonts/default.nix b/pkgs/data/fonts/noto-fonts/default.nix index 019ed1f371c..1a875a853b1 100644 --- a/pkgs/data/fonts/noto-fonts/default.nix +++ b/pkgs/data/fonts/noto-fonts/default.nix @@ -15,15 +15,15 @@ let mkNoto = { pname, weights }: - stdenvNoCC.mkDerivation { + stdenvNoCC.mkDerivation rec { inherit pname; - version = "2020-01-23"; + version = "v20201206-phase3"; src = fetchFromGitHub { owner = "googlefonts"; repo = "noto-fonts"; - rev = "f4726a2ec36169abd02a6d8abe67c8ff0236f6d8"; - sha256 = "0zc1r7zph62qmvzxqfflsprazjf6x1qnwc2ma27kyzh6v36gaykw"; + rev = version; + hash = "sha256-x60RvCRFLoGe0CNvswROnDkIsUFbWH+/laN8q2qkUPk="; }; installPhase = '' @@ -33,10 +33,10 @@ let # # TODO: install OpenType, variable versions? local out_ttf=$out/share/fonts/truetype/noto - install -m444 -Dt $out_ttf phaseIII_only/unhinted/ttf/*/*-${weights}.ttf - install -m444 -Dt $out_ttf phaseIII_only/hinted/ttf/*/*-${weights}.ttf - install -m444 -Dt $out_ttf unhinted/*/*-${weights}.ttf - install -m444 -Dt $out_ttf hinted/*/*-${weights}.ttf + install -m444 -Dt $out_ttf archive/unhinted/*/*-${weights}.ttf + install -m444 -Dt $out_ttf archive/hinted/*/*-${weights}.ttf + install -m444 -Dt $out_ttf unhinted/*/*/*-${weights}.ttf + install -m444 -Dt $out_ttf hinted/*/*/*-${weights}.ttf ''; meta = with lib; { From f943c3fb899aa6f620cd85918f89a67574b50493 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Fri, 9 Dec 2022 12:19:26 -0500 Subject: [PATCH 03/54] add `buildGems` to ruby passthru This is useful for adding ruby gems that don't come with `nixpkgs` i.e. `pkgs.ruby.withPackages (_: [ (pkgs.ruby.buildGems ./my-gemset.nix).foo ])` --- pkgs/development/interpreters/ruby/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index c7e01ea0f94..04ed31bbf3a 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -248,7 +248,7 @@ let inherit lib stdenv makeWrapper buildRubyGem buildEnv; gemConfig = defaultGemConfig; ruby = self; - }) withPackages gems; + }) withPackages buildGems gems; } // lib.optionalAttrs useBaseRuby { inherit baseRuby; From 34e2d794504188864c28c6e94c6083ce96bb1dca Mon Sep 17 00:00:00 2001 From: laalsaas Date: Sat, 19 Nov 2022 18:42:20 +0100 Subject: [PATCH 04/54] noto-fonts-lgc-plus: init at 20201206-phase3 This is an effort to provide more sane defaults when it comes to which fonts to install. Nobody needs Noto fonts for >190 different scripts. The noto-fonts-lgc-plus package provides the Noto Fonts for latin, greek and cyrillic, and some extras and it gives users the opportunity to specify extra fonts to install. This shoud especially be used by other modules to prevent polluting the installed fonts, making font selection in some Programs almost unusable. --- pkgs/data/fonts/noto-fonts/default.nix | 193 +++++++++++++++---------- pkgs/top-level/all-packages.nix | 2 + 2 files changed, 118 insertions(+), 77 deletions(-) diff --git a/pkgs/data/fonts/noto-fonts/default.nix b/pkgs/data/fonts/noto-fonts/default.nix index 1a875a853b1..0eaa4911cde 100644 --- a/pkgs/data/fonts/noto-fonts/default.nix +++ b/pkgs/data/fonts/noto-fonts/default.nix @@ -11,21 +11,43 @@ , imagemagick , zopfli , buildPackages +, variants ? [ ] }: - let - mkNoto = { pname, weights }: + notoLongDescription = '' + When text is rendered by a computer, sometimes characters are + displayed as “tofu”. They are little boxes to indicate your device + doesn’t have a font to display the text. + + Google has been developing a font family called Noto, which aims to + support all languages with a harmonious look and feel. Noto is + Google’s answer to tofu. The name noto is to convey the idea that + Google’s goal is to see “no more tofu”. Noto has multiple styles and + weights, and freely available to all. + + This package also includes the Arimo, Cousine, and Tinos fonts. + ''; +in +rec { + mkNoto = + { pname + , weights + , variants ? [ ] + , longDescription ? notoLongDescription + }: stdenvNoCC.mkDerivation rec { inherit pname; - version = "v20201206-phase3"; + version = "20201206-phase3"; src = fetchFromGitHub { owner = "googlefonts"; repo = "noto-fonts"; - rev = version; + rev = "v${version}"; hash = "sha256-x60RvCRFLoGe0CNvswROnDkIsUFbWH+/laN8q2qkUPk="; }; + _variants = map (variant: builtins.replaceStrings [ " " ] [ "" ] variant) variants; + installPhase = '' # We copy in reverse preference order -- unhinted first, then # hinted -- to get the "best" version of each font while @@ -33,29 +55,24 @@ let # # TODO: install OpenType, variable versions? local out_ttf=$out/share/fonts/truetype/noto + '' + (if _variants == [ ] then '' install -m444 -Dt $out_ttf archive/unhinted/*/*-${weights}.ttf install -m444 -Dt $out_ttf archive/hinted/*/*-${weights}.ttf install -m444 -Dt $out_ttf unhinted/*/*/*-${weights}.ttf install -m444 -Dt $out_ttf hinted/*/*/*-${weights}.ttf - ''; + '' else '' + for variant in $_variants; do + install -m444 -Dt $out_ttf archive/unhinted/$variant/*-${weights}.ttf + install -m444 -Dt $out_ttf archive/hinted/$variant/*-${weights}.ttf + install -m444 -Dt $out_ttf unhinted/*/$variant/*-${weights}.ttf + install -m444 -Dt $out_ttf hinted/*/$variant/*-${weights}.ttf + done + ''); meta = with lib; { description = "Beautiful and free fonts for many languages"; homepage = "https://www.google.com/get/noto/"; - longDescription = - '' - When text is rendered by a computer, sometimes characters are - displayed as “tofu”. They are little boxes to indicate your device - doesn’t have a font to display the text. - - Google has been developing a font family called Noto, which aims to - support all languages with a harmonious look and feel. Noto is - Google’s answer to tofu. The name noto is to convey the idea that - Google’s goal is to see “no more tofu”. Noto has multiple styles and - weights, and freely available to all. - - This package also includes the Arimo, Cousine, and Tinos fonts. - ''; + inherit longDescription; license = licenses.ofl; platforms = platforms.all; maintainers = with maintainers; [ mathnerd314 emily ]; @@ -100,14 +117,34 @@ let maintainers = with maintainers; [ mathnerd314 emily ]; }; }; -in -{ noto-fonts = mkNoto { pname = "noto-fonts"; weights = "{Regular,Bold,Light,Italic,BoldItalic,LightItalic}"; }; + noto-fonts-lgc-plus = mkNoto { + pname = "noto-fonts-lgc-plus"; + weights = "{Regular,Bold,Light,Italic,BoldItalic,LightItalic}"; + variants = [ + "Noto Sans" + "Noto Serif" + "Noto Sans Display" + "Noto Serif Display" + "Noto Sans Mono" + "Noto Music" + "Noto Sans Symbols" + "Noto Sans Symbols 2" + "Noto Sans Math" + ]; + longDescription = '' + This package provides the Noto Fonts, but only for latin, greek + and cyrillic scripts, as well as some extra fonts. To create a + custom Noto package with custom variants, see the `mkNoto` + helper function. + ''; + }; + noto-fonts-extra = mkNoto { pname = "noto-fonts-extra"; weights = "{Black,Condensed,Extra,Medium,Semi,Thin}*"; @@ -127,65 +164,67 @@ in sha256 = "sha256-1w66Ge7DZjbONGhxSz69uFhfsjMsDiDkrGl6NsoB7dY="; }; - noto-fonts-emoji = let - version = "2.038"; - emojiPythonEnv = - buildPackages.python3.withPackages (p: with p; [ fonttools nototools ]); - in stdenvNoCC.mkDerivation { - pname = "noto-fonts-emoji"; - inherit version; + noto-fonts-emoji = + let + version = "2.038"; + emojiPythonEnv = + buildPackages.python3.withPackages (p: with p; [ fonttools nototools ]); + in + stdenvNoCC.mkDerivation { + pname = "noto-fonts-emoji"; + inherit version; - src = fetchFromGitHub { - owner = "googlefonts"; - repo = "noto-emoji"; - rev = "v${version}"; - sha256 = "1rgmcc6nqq805iqr8kvxxlk5cf50q714xaxk3ld6rjrd69kb8ix9"; + src = fetchFromGitHub { + owner = "googlefonts"; + repo = "noto-emoji"; + rev = "v${version}"; + sha256 = "1rgmcc6nqq805iqr8kvxxlk5cf50q714xaxk3ld6rjrd69kb8ix9"; + }; + + depsBuildBuild = [ + buildPackages.stdenv.cc + pkg-config + cairo + ]; + + nativeBuildInputs = [ + imagemagick + zopfli + pngquant + which + emojiPythonEnv + ]; + + postPatch = '' + patchShebangs *.py + patchShebangs third_party/color_emoji/*.py + # remove check for virtualenv, since we handle + # python requirements using python.withPackages + sed -i '/ifndef VIRTUAL_ENV/,+2d' Makefile + + # Make the build verbose so it won't get culled by Hydra thinking that + # it somehow got stuck doing nothing. + sed -i 's;\t@;\t;' Makefile + ''; + + enableParallelBuilding = true; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/fonts/noto + cp NotoColorEmoji.ttf $out/share/fonts/noto + runHook postInstall + ''; + + meta = with lib; { + description = "Color and Black-and-White emoji fonts"; + homepage = "https://github.com/googlefonts/noto-emoji"; + license = with licenses; [ ofl asl20 ]; + platforms = platforms.all; + maintainers = with maintainers; [ mathnerd314 sternenseemann ]; + }; }; - depsBuildBuild = [ - buildPackages.stdenv.cc - pkg-config - cairo - ]; - - nativeBuildInputs = [ - imagemagick - zopfli - pngquant - which - emojiPythonEnv - ]; - - postPatch = '' - patchShebangs *.py - patchShebangs third_party/color_emoji/*.py - # remove check for virtualenv, since we handle - # python requirements using python.withPackages - sed -i '/ifndef VIRTUAL_ENV/,+2d' Makefile - - # Make the build verbose so it won't get culled by Hydra thinking that - # it somehow got stuck doing nothing. - sed -i 's;\t@;\t;' Makefile - ''; - - enableParallelBuilding = true; - - installPhase = '' - runHook preInstall - mkdir -p $out/share/fonts/noto - cp NotoColorEmoji.ttf $out/share/fonts/noto - runHook postInstall - ''; - - meta = with lib; { - description = "Color and Black-and-White emoji fonts"; - homepage = "https://github.com/googlefonts/noto-emoji"; - license = with licenses; [ ofl asl20 ]; - platforms = platforms.all; - maintainers = with maintainers; [ mathnerd314 sternenseemann ]; - }; - }; - noto-fonts-emoji-blob-bin = let pname = "noto-fonts-emoji-blob-bin"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6f3d7a3dde6..5364e9e05d6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26683,7 +26683,9 @@ with pkgs; nordzy-icon-theme = callPackage ../data/icons/nordzy-icon-theme { }; inherit (callPackages ../data/fonts/noto-fonts {}) + mkNoto noto-fonts + noto-fonts-lgc-plus noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji From 3546fca5a4c4b550f0335d8fad920fd8abc89c2a Mon Sep 17 00:00:00 2001 From: laalsaas Date: Mon, 21 Nov 2022 13:29:39 +0100 Subject: [PATCH 05/54] plasma5: add notoPackage option Some users don't want all >190 Noto fonts. --- nixos/modules/services/x11/desktop-managers/plasma5.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 44faa19bc22..112c7e7a922 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -32,7 +32,7 @@ let inherit (lib) getBin optionalString literalExpression mkRemovedOptionModule mkRenamedOptionModule - mkDefault mkIf mkMerge mkOption types; + mkDefault mkIf mkMerge mkOption mkPackageOption types; ini = pkgs.formats.ini { }; @@ -198,6 +198,11 @@ in example = literalExpression "[ pkgs.plasma5Packages.oxygen ]"; }; + notoPackage = mkPackageOption pkgs "Noto fonts" { + default = [ "noto-fonts" ]; + example = "noto-fonts-lgc-plus"; + }; + # Internally allows configuring kdeglobals globally kdeglobals = mkOption { internal = true; @@ -396,7 +401,7 @@ in # Enable GTK applications to load SVG icons services.xserver.gdk-pixbuf.modulePackages = [ pkgs.librsvg ]; - fonts.fonts = with pkgs; [ noto-fonts hack-font ]; + fonts.fonts = with pkgs; [ cfg.notoPackage hack-font ]; fonts.fontconfig.defaultFonts = { monospace = [ "Hack" "Noto Sans Mono" ]; sansSerif = [ "Noto Sans" ]; From a00d2880d17f11feb6f42a359615f1ee56ca72f1 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 17 Dec 2022 16:22:34 +0000 Subject: [PATCH 06/54] libpg_query: 14-3.0.0 -> 15-4.0.0 --- pkgs/development/libraries/libpg_query/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libpg_query/default.nix b/pkgs/development/libraries/libpg_query/default.nix index 0387679835e..cb5f545c9d9 100644 --- a/pkgs/development/libraries/libpg_query/default.nix +++ b/pkgs/development/libraries/libpg_query/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libpg_query"; - version = "14-3.0.0"; + version = "15-4.0.0"; src = fetchFromGitHub { owner = "pganalyze"; repo = "libpg_query"; rev = version; - sha256 = "sha256-rICN8fkPcYw32N6TdpbrszGUoRzwQdfRSW6A0AC8toM="; + sha256 = "sha256-2BZT/jGfGwia+Map5OkeTcWVFJssykhrdRT2IDAzrfs="; }; nativeBuildInputs = [ which ]; From 979332605c3ad44a6102cf857ea04f4f82abbefe Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 17 Dec 2022 23:21:48 +0000 Subject: [PATCH 07/54] spotifyd: 0.3.3 -> 0.3.4 --- pkgs/applications/audio/spotifyd/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/audio/spotifyd/default.nix b/pkgs/applications/audio/spotifyd/default.nix index bfeb8a7dab3..274b054955b 100644 --- a/pkgs/applications/audio/spotifyd/default.nix +++ b/pkgs/applications/audio/spotifyd/default.nix @@ -9,16 +9,16 @@ rustPackages.rustPlatform.buildRustPackage rec { pname = "spotifyd"; - version = "0.3.3"; + version = "0.3.4"; src = fetchFromGitHub { owner = "Spotifyd"; repo = "spotifyd"; rev = "v${version}"; - sha256 = "1liql2wp7cx0x4ha1578wx3m4byd295m4ph268s05yw2wrnr3v6c"; + sha256 = "sha256-9zwHBDrdvE2R/cdrWgjsfHlm3wEZ9SB2VNcqezB/Op0="; }; - cargoSha256 = "1plvqd55d1gj0ydimv3154pwgj2sh1fqx2182nw8akzdfmzg1150"; + cargoSha256 = "sha256-fQm7imXpm5AcKdg0cU/Rf2mAeg2ebZKRisJZSnG0REI="; nativeBuildInputs = [ pkg-config ]; From b3f1fee9401466faa76a0b2d5923f770eebd2d0c Mon Sep 17 00:00:00 2001 From: Ivan Kozik Date: Sun, 18 Dec 2022 13:21:45 +0000 Subject: [PATCH 08/54] postgresqlPackages.pg_ivm: 1.3 -> 1.4 --- pkgs/servers/sql/postgresql/ext/pg_ivm.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/ext/pg_ivm.nix b/pkgs/servers/sql/postgresql/ext/pg_ivm.nix index be044befb26..1def48d46d9 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_ivm.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_ivm.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pg_ivm"; - version = "1.3"; + version = "1.4"; src = fetchFromGitHub { owner = "sraoss"; repo = pname; rev = "v${version}"; - hash = "sha256-HdIqAB/A6+EvioKhS2OKmlABjpeTAgkbU5ihbt/OzdI="; + hash = "sha256-pz9eHmd7GC30r0uUObOlrcdkAX4c+szjYAXS1U999CE="; }; buildInputs = [ postgresql ]; From 58b20af68b5fc160e77224b0ca6c1051aaa59e72 Mon Sep 17 00:00:00 2001 From: Ivan Kozik Date: Sun, 18 Dec 2022 13:33:42 +0000 Subject: [PATCH 09/54] postgresqlPackages.pgroonga: 2.4.0 -> 2.4.2 --- pkgs/servers/sql/postgresql/ext/pgroonga.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/ext/pgroonga.nix b/pkgs/servers/sql/postgresql/ext/pgroonga.nix index 05be683f1ff..0bccc1bfb7a 100644 --- a/pkgs/servers/sql/postgresql/ext/pgroonga.nix +++ b/pkgs/servers/sql/postgresql/ext/pgroonga.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "pgroonga"; - version = "2.4.0"; + version = "2.4.2"; src = fetchurl { url = "https://packages.groonga.org/source/${pname}/${pname}-${version}.tar.gz"; - sha256 = "sha256-W6quDn2B+BZ+J46aNMbtVq7OizT1q5jyKMZECAk0F7M="; + sha256 = "sha256-5klltU+9dz30tjE0lQfNinrVEZyT8UpK120kQ1j/yig="; }; nativeBuildInputs = [ pkg-config ]; From c8663bb893b9a3abf57a9e9cf3080277992f641c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 19 Dec 2022 01:19:02 +0000 Subject: [PATCH 10/54] postgresql11Packages.plpgsql_check: 2.2.4 -> 2.2.5 --- pkgs/servers/sql/postgresql/ext/plpgsql_check.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix index 3254bf9e251..688f8b3ce6f 100644 --- a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix +++ b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "plpgsql_check"; - version = "2.2.4"; + version = "2.2.5"; src = fetchFromGitHub { owner = "okbob"; repo = pname; rev = "v${version}"; - sha256 = "sha256-YUJLh1IgOOnNxPrH8NaY3jGEV+4mTjRffooIANkbbFo="; + sha256 = "sha256-47fuc0dnTWeu93P8zntsjT9L8SstN5p0WvnNtT4cHzM="; }; buildInputs = [ postgresql ]; From 471deafbaf10b0ed62c0a6242454999dfb55be71 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 19 Dec 2022 17:01:09 +0000 Subject: [PATCH 11/54] shadowsocks-rust: 1.14.3 -> 1.15.1 --- pkgs/tools/networking/shadowsocks-rust/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/shadowsocks-rust/default.nix b/pkgs/tools/networking/shadowsocks-rust/default.nix index 0b203ba2caa..cc72409622a 100644 --- a/pkgs/tools/networking/shadowsocks-rust/default.nix +++ b/pkgs/tools/networking/shadowsocks-rust/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "shadowsocks-rust"; - version = "1.14.3"; + version = "1.15.1"; src = fetchFromGitHub { rev = "v${version}"; owner = "shadowsocks"; repo = pname; - sha256 = "sha256-tRiziyCw1Qpm22RtZHeKt4VFReJidFHsPxPSjxIA3hA="; + sha256 = "sha256-CmTkqIr41vGQuY6/GmtibDeubs72VLjoUrpG3MDMeDg="; }; - cargoSha256 = "sha256-snnzNb1yJ8L5pMvNNEIf5hZOpFV6DKOWGtGP1T3YTWg="; + cargoSha256 = "sha256-rdV7VErDSEJqpI4487D4eUvV1nGPdE0vDj+S7cZZ/G8="; RUSTC_BOOTSTRAP = 1; From 91fe8e2f43ff10e575449e2f9e86791604460c1f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 23 Dec 2022 01:28:05 +0000 Subject: [PATCH 12/54] ptags: 0.3.2 -> 0.3.4 --- pkgs/development/tools/misc/ptags/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/misc/ptags/default.nix b/pkgs/development/tools/misc/ptags/default.nix index b8be0ee3dc6..6f554e6d352 100644 --- a/pkgs/development/tools/misc/ptags/default.nix +++ b/pkgs/development/tools/misc/ptags/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "ptags"; - version = "0.3.2"; + version = "0.3.4"; src = fetchFromGitHub { owner = "dalance"; repo = "ptags"; rev = "v${version}"; - sha256 = "1xr1szh4dfrcmi6s6dj791k1ix2zbv75rqkqbyb1lmh5548kywkg"; + sha256 = "sha256-hFHzNdTX3nw2OwRxk9lKrt/YpaBXwi5aE/Qn3W9PRf4="; }; - cargoSha256 = "1pz5hvn1iq26i8c2cmqavhnri8h0sn40khrxvcdkj9q47nsj5wcx"; + cargoSha256 = "sha256-cFezB7uwUznC/8NXJNrBqP0lf0sXAQBoGksXFOGrUIg="; nativeBuildInputs = [ makeWrapper ]; From b3792b44c55ce58147055e553cd45f1f04ca3e51 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 23 Dec 2022 20:57:19 +0100 Subject: [PATCH 13/54] lib: correctly render docs for nested identifiers Applies https://github.com/nix-community/nixdoc/pull/27 and fixes up the location information rendering, allowing lib functions to be nested in further scopes Needed for later commits --- doc/doc-support/lib-function-locations.nix | 16 +++++++++------- pkgs/tools/nix/nixdoc/default.nix | 10 +++++++++- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/doc/doc-support/lib-function-locations.nix b/doc/doc-support/lib-function-locations.nix index ae1123c63ad..3ede09ba50f 100644 --- a/doc/doc-support/lib-function-locations.nix +++ b/doc/doc-support/lib-function-locations.nix @@ -2,19 +2,21 @@ let revision = pkgs.lib.trivial.revisionWithDefault (nixpkgs.revision or "master"); - libDefPos = set: - builtins.map - (name: { - name = name; + libDefPos = prefix: set: + builtins.concatMap + (name: [{ + name = builtins.concatStringsSep "." (prefix ++ [name]); location = builtins.unsafeGetAttrPos name set; - }) - (builtins.attrNames set); + }] ++ nixpkgsLib.optionals + (builtins.length prefix == 0 && builtins.isAttrs set.${name}) + (libDefPos (prefix ++ [name]) set.${name}) + ) (builtins.attrNames set); libset = toplib: builtins.map (subsetname: { subsetname = subsetname; - functions = libDefPos toplib.${subsetname}; + functions = libDefPos [] toplib.${subsetname}; }) (builtins.map (x: x.name) libsets); diff --git a/pkgs/tools/nix/nixdoc/default.nix b/pkgs/tools/nix/nixdoc/default.nix index 945809e7a76..be485f90655 100644 --- a/pkgs/tools/nix/nixdoc/default.nix +++ b/pkgs/tools/nix/nixdoc/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, rustPlatform, darwin }: rustPlatform.buildRustPackage rec { pname = "nixdoc"; @@ -11,6 +11,14 @@ rustPlatform.buildRustPackage rec { sha256 = "14d4dq06jdqazxvv7fq5872zy0capxyb0fdkp8qg06gxl1iw201s"; }; + patches = [ + # Support nested identifiers https://github.com/nix-community/nixdoc/pull/27 + (fetchpatch { + url = "https://github.com/nix-community/nixdoc/pull/27/commits/ea542735bf675fe2ccd37edaffb9138d1a8c1b7e.patch"; + sha256 = "1fmz44jv2r9qsnjxvkkjfb0safy69l4x4vx1g5gisrp8nwdn94rj"; + }) + ]; + buildInputs = lib.optionals stdenv.isDarwin [ darwin.Security ]; cargoSha256 = "1nv6g8rmjjbwqmjkrpqncypqvx5c7xp2zlx5h6rw2j9d1wlys0v5"; From 8496683ec95f26b00035b5a965021dfffae269a6 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 23 Dec 2022 20:57:49 +0100 Subject: [PATCH 14/54] lib: Allow doc rendering for lib//default.nix --- doc/doc-support/lib-function-docs.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/doc-support/lib-function-docs.nix b/doc/doc-support/lib-function-docs.nix index d6fa08aa962..cf218fa7040 100644 --- a/doc/doc-support/lib-function-docs.nix +++ b/doc/doc-support/lib-function-docs.nix @@ -10,7 +10,11 @@ with pkgs; stdenv.mkDerivation { installPhase = '' function docgen { # TODO: wrap lib.$1 in , make nixdoc not escape it - nixdoc -c "$1" -d "lib.$1: $2" -f "$1.nix" > "$out/$1.xml" + if [[ -e "../lib/$1.nix" ]]; then + nixdoc -c "$1" -d "lib.$1: $2" -f "$1.nix" > "$out/$1.xml" + else + nixdoc -c "$1" -d "lib.$1: $2" -f "$1/default.nix" > "$out/$1.xml" + fi echo "" >> "$out/index.xml" } From 7bf40ca14040c63a55a18b86a3f16ab80579dcd7 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 24 Dec 2022 03:43:19 +0000 Subject: [PATCH 15/54] dune_3: 3.6.1 -> 3.6.2 --- pkgs/development/tools/ocaml/dune/3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/ocaml/dune/3.nix b/pkgs/development/tools/ocaml/dune/3.nix index c6e5c3da016..7c305012c57 100644 --- a/pkgs/development/tools/ocaml/dune/3.nix +++ b/pkgs/development/tools/ocaml/dune/3.nix @@ -6,11 +6,11 @@ else stdenv.mkDerivation rec { pname = "dune"; - version = "3.6.1"; + version = "3.6.2"; src = fetchurl { url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz"; - sha256 = "sha256-8dWsBLegJ/PVSeJc+IXr96zBNeApHBjmtDEjp5nBQ84="; + sha256 = "sha256-ttSrhI77BKoqMl0AFdMu1EFO1xMOx6oS+YFY7/RFzzw="; }; nativeBuildInputs = [ ocaml findlib ]; From 62b3018d91b0dfba0d9a3f95c98dafa3bec98b50 Mon Sep 17 00:00:00 2001 From: "Aaron L. Zeng" Date: Sat, 24 Dec 2022 14:33:05 -0500 Subject: [PATCH 16/54] ledger: Import patch to fix ledger/ledger#2075 --- pkgs/applications/office/ledger/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/applications/office/ledger/default.nix b/pkgs/applications/office/ledger/default.nix index d4b4bde7b10..e885e03c1cd 100644 --- a/pkgs/applications/office/ledger/default.nix +++ b/pkgs/applications/office/ledger/default.nix @@ -41,6 +41,13 @@ stdenv.mkDerivation rec { sha256 = "sha256-vwVQnY9EUCXPzhDJ4PSOmQStb9eF6H0yAOiEmL6sAlk="; excludes = [ "doc/NEWS.md" ]; }) + + # Fix included bug with boost >= 1.76. Remove with the next release + (fetchpatch { + url = "https://github.com/ledger/ledger/commit/1cb9b84fdecc5604bd1172cdd781859ff3871a52.patch"; + sha256 = "sha256-ipVkRcTmnEvpfyPgMzLVJ9Sz8QxHeCURQI5dX8xh758="; + excludes = [ "test/regress/*" ]; + }) ]; installTargets = [ "doc" "install" ]; From b36e8f733df3ca8a60fec114e1ce85e15fb198b2 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Mon, 26 Dec 2022 17:54:12 +0100 Subject: [PATCH 17/54] plasma5: allow pipewire-pulse instead of pulseaudio for mobile --- nixos/modules/services/x11/desktop-managers/plasma5.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 2ab24951ec6..c07e867de7d 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -545,7 +545,7 @@ in } { # The user interface breaks without pulse - assertion = config.hardware.pulseaudio.enable; + assertion = config.hardware.pulseaudio.enable || (config.services.pipewire.enable && config.services.pipewire.pulse.enable); message = "Plasma Mobile requires pulseaudio."; } ]; From 0fe0ee997ff8914b198f305f48f5de8695e8601d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 27 Dec 2022 01:04:17 +0000 Subject: [PATCH 18/54] pipewire: 0.3.63 -> 0.3.63 --- .../desktops/pipewire/daemon/jack.conf.json | 25 +++++++++++++++++++ .../pipewire/daemon/pipewire-pulse.conf.json | 15 ++++++----- .../pipewire/daemon/pipewire.conf.json | 8 ++++++ 3 files changed, 42 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json b/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json index 128178bfa02..4a173f73229 100644 --- a/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json +++ b/nixos/modules/services/desktops/pipewire/daemon/jack.conf.json @@ -33,6 +33,31 @@ "actions": { "update-props": {} } + }, + { + "matches": [ + { + "application.process.binary": "jack_bufsize" + } + ], + "actions": { + "update-props": { + "jack.global-buffer-size": true + } + } + }, + { + "matches": [ + { + "application.process.binary": "qsynth" + } + ], + "actions": { + "update-props": { + "node.pause-on-idle": false, + "node.passive": true + } + } } ] } diff --git a/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json b/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json index 114afbfb0ea..b1a86485332 100644 --- a/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json +++ b/nixos/modules/services/desktops/pipewire/daemon/pipewire-pulse.conf.json @@ -32,10 +32,12 @@ "args": {} } ], - "context.exec": [ + "context.exec": [], + "pulse.cmd": [ { - "path": "pactl", - "args": "load-module module-always-sink" + "cmd": "load-module", + "args": "module-always-sink", + "flags": [] } ], "stream.properties": {}, @@ -89,13 +91,14 @@ { "matches": [ { - "application.name": "~speech-dispatcher*" + "application.name": "~speech-dispatcher.*" } ], "actions": { "update-props": { - "pulse.min.req": "1024/48000", - "pulse.min.quantum": "1024/48000" + "pulse.min.req": "512/48000", + "pulse.min.quantum": "512/48000", + "pulse.idle.timeout": 5 } } } diff --git a/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json b/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json index bf3b2d66082..53fc103d221 100644 --- a/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json +++ b/nixos/modules/services/desktops/pipewire/daemon/pipewire.conf.json @@ -70,6 +70,14 @@ }, { "name": "libpipewire-module-session-manager" + }, + { + "name": "libpipewire-module-x11-bell", + "args": {}, + "flags": [ + "ifexists", + "nofail" + ] } ], "context.objects": [ From 644c9c2f087a8267fcb318b5bb830f86b65e1320 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 27 Dec 2022 19:13:19 +0000 Subject: [PATCH 19/54] postgresql11Packages.pgrouting: 3.3.2 -> 3.4.2 --- pkgs/servers/sql/postgresql/ext/pgrouting.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/ext/pgrouting.nix b/pkgs/servers/sql/postgresql/ext/pgrouting.nix index 68aaa1dd0a4..5dc21742ef4 100644 --- a/pkgs/servers/sql/postgresql/ext/pgrouting.nix +++ b/pkgs/servers/sql/postgresql/ext/pgrouting.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "pgrouting"; - version = "3.3.2"; + version = "3.4.2"; nativeBuildInputs = [ cmake perl ]; buildInputs = [ postgresql boost ]; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { owner = "pgRouting"; repo = pname; rev = "v${version}"; - sha256 = "sha256-H7h+eiH02qLscpiZ8yV5ofL7upeqRBXNQDGYS86f3og="; + sha256 = "sha256-By3XX4ow5+OdvpLlpozZe3674VSehO9T96pQtJy5y6g="; }; installPhase = '' From af46fc90d245bde924484e712e76d8e9ddeaeff4 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 29 Dec 2022 01:55:04 +0000 Subject: [PATCH 20/54] flexget: 3.5.13 -> 3.5.15 --- pkgs/applications/networking/flexget/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/flexget/default.nix b/pkgs/applications/networking/flexget/default.nix index 665af1cf2ea..b6ed57f6b6f 100644 --- a/pkgs/applications/networking/flexget/default.nix +++ b/pkgs/applications/networking/flexget/default.nix @@ -5,7 +5,7 @@ python3Packages.buildPythonApplication rec { pname = "flexget"; - version = "3.5.13"; + version = "3.5.15"; format = "pyproject"; # Fetch from GitHub in order to use `requirements.in` @@ -13,7 +13,7 @@ python3Packages.buildPythonApplication rec { owner = "flexget"; repo = "flexget"; rev = "refs/tags/v${version}"; - hash = "sha256-0yO4prnYJkD7eiyrEOPHlDTsgGgRhQujsp8k2FsLYKI="; + hash = "sha256-h/NrXoltu51Q/ZJfScr3sqtVkvUZHpsyq1h235Qz/Rk="; }; postPatch = '' From 63ef59b586262453101921f79dc058c7552f0d30 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 29 Dec 2022 09:28:34 +0000 Subject: [PATCH 21/54] rare: 1.9.3 -> 1.9.4 --- pkgs/games/rare/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/games/rare/default.nix b/pkgs/games/rare/default.nix index fbd3f951282..766673d3ea0 100644 --- a/pkgs/games/rare/default.nix +++ b/pkgs/games/rare/default.nix @@ -3,13 +3,13 @@ buildPythonApplication rec { pname = "rare"; - version = "1.9.3"; + version = "1.9.4"; src = fetchFromGitHub { owner = "Dummerle"; repo = "Rare"; - rev = version; - sha256 = "sha256-M+OMsyamh4WHIx7Pv2sLylOrnSmYrv1aEm3atqXrDaw="; + rev = "refs/tags/${version}"; + sha256 = "sha256-+STwVsDdvjP7HaqmaQVug+6h0n0rw/j4LGQQSNdLVQQ="; }; nativeBuildInputs = [ From 8ed7ff3938fc116cc74487ac69572948f783d350 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 30 Dec 2022 09:13:40 +0000 Subject: [PATCH 22/54] vgmtools: unstable-2022-12-03 -> unstable-2022-12-30 --- pkgs/tools/audio/vgmtools/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/audio/vgmtools/default.nix b/pkgs/tools/audio/vgmtools/default.nix index a65ba1b4cda..9571e116066 100644 --- a/pkgs/tools/audio/vgmtools/default.nix +++ b/pkgs/tools/audio/vgmtools/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "vgmtools"; - version = "unstable-2022-12-03"; + version = "unstable-2022-12-30"; src = fetchFromGitHub { owner = "vgmrips"; repo = "vgmtools"; - rev = "b9216623ffb9219c46a7a10669175c7a4c8cd946"; - sha256 = "fPt/z4D4C8TWoz7FivxmXGDcYGc7sXWvxE0+CoyFgDQ="; + rev = "6c2c21dfc871f8cb9c33a77fe7db01419b6ad97d"; + sha256 = "qe8cHGf8X7JjjoiRQ/S3q/WhyvgrMEwsCo7QoQkmg5w="; }; nativeBuildInputs = [ From 754ca17e1f7cfcf9ddee6aa68a29ed8b7e395f58 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 31 Dec 2022 13:26:52 +0000 Subject: [PATCH 23/54] esbuild: 0.16.7 -> 0.16.12 --- pkgs/development/tools/esbuild/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/esbuild/default.nix b/pkgs/development/tools/esbuild/default.nix index 42f02ee15f8..546483e2161 100644 --- a/pkgs/development/tools/esbuild/default.nix +++ b/pkgs/development/tools/esbuild/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "esbuild"; - version = "0.16.7"; + version = "0.16.12"; src = fetchFromGitHub { owner = "evanw"; repo = "esbuild"; rev = "v${version}"; - sha256 = "sha256-zo7YQ4Is3VWsXGvPNrg95tZ76qTSQRyntFjDeqhoyVw="; + sha256 = "sha256-H/dH0NDhBE9EyPRGdN0D0lg/qwXIGj54Yd8jsd6slP8="; }; vendorSha256 = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; From cde346ccd522b09595abce60631b087665811075 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 31 Dec 2022 16:36:44 +0000 Subject: [PATCH 24/54] dataexplorer: 3.7.3 -> 3.7.4 --- .../applications/science/electronics/dataexplorer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/electronics/dataexplorer/default.nix b/pkgs/applications/science/electronics/dataexplorer/default.nix index 9d06f614870..33b99d5befd 100644 --- a/pkgs/applications/science/electronics/dataexplorer/default.nix +++ b/pkgs/applications/science/electronics/dataexplorer/default.nix @@ -9,11 +9,11 @@ stdenv.mkDerivation rec { pname = "dataexplorer"; - version = "3.7.3"; + version = "3.7.4"; src = fetchurl { url = "mirror://savannah/dataexplorer/dataexplorer-${version}-src.tar.gz"; - sha256 = "sha256-cqvlPV4i9m0x3hbruC5y2APsyjfI5y9RT8XVzsDaT/Q="; + sha256 = "sha256-bghI7Hun7ZKUVEj7T58K0oaclnhUGd4z+eIqZF3eXHQ="; }; nativeBuildInputs = [ ant makeWrapper ]; From b221d0ad7328e7fa6cf079a0ace5ad28c987360a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 31 Dec 2022 19:03:55 +0000 Subject: [PATCH 25/54] saga: 8.4.0 -> 8.5.0 --- pkgs/applications/gis/saga/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/gis/saga/default.nix b/pkgs/applications/gis/saga/default.nix index fc940cfce30..59794b88a4f 100644 --- a/pkgs/applications/gis/saga/default.nix +++ b/pkgs/applications/gis/saga/default.nix @@ -31,11 +31,11 @@ mkDerivation rec { pname = "saga"; - version = "8.4.0"; + version = "8.5.0"; src = fetchurl { url = "mirror://sourceforge/saga-gis/SAGA%20-%20${lib.versions.major version}/SAGA%20-%20${version}/saga-${version}.tar.gz"; - sha256 = "sha256-v6DPwV20fcsznrEaFJk0/ewU4z3cTjzYYuLkyMwSLV0="; + sha256 = "sha256-JzSuu1wGfCkxIDcTbP5jpHtJNvl8eAP3jznXvwSPeY0="; }; sourceRoot = "saga-${version}/saga-gis"; From 0c4a91ee5ffed71e766b51be7e26f51a7b91dc4a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 1 Jan 2023 04:36:33 +0000 Subject: [PATCH 26/54] python310Packages.python-arango: 7.5.3 -> 7.5.4 --- pkgs/development/python-modules/python-arango/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/python-arango/default.nix b/pkgs/development/python-modules/python-arango/default.nix index ba44e94b9a3..ad7b743a9af 100644 --- a/pkgs/development/python-modules/python-arango/default.nix +++ b/pkgs/development/python-modules/python-arango/default.nix @@ -22,15 +22,15 @@ in buildPythonPackage rec { pname = "python-arango"; - version = "7.5.3"; + version = "7.5.4"; disabled = pythonOlder "3.7"; format = "setuptools"; src = fetchFromGitHub { owner = "ArangoDB-Community"; repo = "python-arango"; - rev = version; - sha256 = "0qb2yp05z8dmgsyyxqrl3q0a60jaiih96zhxmqrn2yf7as45n07j"; + rev = "refs/tags/${version}"; + sha256 = "sha256-b3UZuH2hpulRSThReBkDwh0MLJmc95HeWInmmMAl4g0="; }; propagatedBuildInputs = [ From e34bc5d628c510cd2bd85d41eda5a540d3dc89a4 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Mon, 2 Jan 2023 11:52:04 +0100 Subject: [PATCH 27/54] python310Packages.python-arango: add changelog to meta --- .../python-modules/python-arango/default.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/python-arango/default.nix b/pkgs/development/python-modules/python-arango/default.nix index ad7b743a9af..c5c3a93c3ba 100644 --- a/pkgs/development/python-modules/python-arango/default.nix +++ b/pkgs/development/python-modules/python-arango/default.nix @@ -23,14 +23,15 @@ in buildPythonPackage rec { pname = "python-arango"; version = "7.5.4"; - disabled = pythonOlder "3.7"; format = "setuptools"; + disabled = pythonOlder "3.7"; + src = fetchFromGitHub { owner = "ArangoDB-Community"; repo = "python-arango"; rev = "refs/tags/${version}"; - sha256 = "sha256-b3UZuH2hpulRSThReBkDwh0MLJmc95HeWInmmMAl4g0="; + hash = "sha256-b3UZuH2hpulRSThReBkDwh0MLJmc95HeWInmmMAl4g0="; }; propagatedBuildInputs = [ @@ -127,12 +128,15 @@ buildPythonPackage rec { "test_replication_applier" ]; - pythonImportsCheck = [ "arango" ]; + pythonImportsCheck = [ + "arango" + ]; meta = with lib; { description = "Python Driver for ArangoDB"; homepage = "https://github.com/ArangoDB-Community/python-arango"; + changelog = "https://github.com/ArangoDB-Community/python-arango/releases/tag/${version}"; license = licenses.mit; - maintainers = [ maintainers.jsoo1 ]; + maintainers = with maintainers; [ jsoo1 ]; }; } From 0067737a8bed0f6e4e69057afdda24e2d8b91a3c Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Mon, 2 Jan 2023 14:43:37 +0100 Subject: [PATCH 28/54] bundler: 2.3.26 -> 2.4.2 --- pkgs/development/ruby-modules/bundler/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index 35b93abda49..43878362bb6 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -4,8 +4,8 @@ buildRubyGem rec { inherit ruby; name = "${gemName}-${version}"; gemName = "bundler"; - version = "2.3.26"; - source.sha256 = "sha256-HuU832HnKK2Cxtv/Bs/NhVHVQi6I6GID8OLb6a6Zngk="; + version = "2.4.2"; + source.sha256 = "sha256-mYUOxAWH7hv7Kn521OVI8PyzoO3T6LGPJjAxA07buR8="; dontPatchShebangs = true; passthru.updateScript = writeScript "gem-update-script" '' From 78e43c3df1efe30d7d2a5d6479587574ce774bd3 Mon Sep 17 00:00:00 2001 From: kilianar Date: Mon, 2 Jan 2023 16:11:05 +0100 Subject: [PATCH 29/54] syncthing: 1.22.2 -> 1.23.0 https://github.com/syncthing/syncthing/releases/tag/v1.23.0 --- pkgs/applications/networking/syncthing/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/syncthing/default.nix b/pkgs/applications/networking/syncthing/default.nix index 297520dcb92..e74084e14c5 100644 --- a/pkgs/applications/networking/syncthing/default.nix +++ b/pkgs/applications/networking/syncthing/default.nix @@ -4,16 +4,16 @@ let common = { stname, target, postInstall ? "" }: buildGoModule rec { pname = stname; - version = "1.22.2"; + version = "1.23.0"; src = fetchFromGitHub { owner = "syncthing"; repo = "syncthing"; rev = "v${version}"; - hash = "sha256-t1JIkUjSEshSm3Zi5Ck8IOmTv2tC0dUYyJvlKua/BcI="; + hash = "sha256-Z4YVU45na4BgIbN/IlORpTCuf2EuSuOyppDRzswn3EI="; }; - vendorSha256 = "sha256-UdzWD8I8ulPBXdF5wZQ7hQoVO9Bnj18Gw5t4wqolSPA="; + vendorHash = "sha256-q63iaRxJRvPY0Np20O6JmdMEjSg/kxRneBfs8fRTwXk="; doCheck = false; From a6663badb1c373241b9c89e2eed55ed2bf2d413d Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Mon, 2 Jan 2023 23:09:42 +0100 Subject: [PATCH 30/54] libmilter: 8.15.2 -> 8.17.1 Changelog: ``` [...] 8.16.1/8.16.1 2020/07/05 [...] LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret of Alcatel-Lucent. LIBMILTER: Fix reference in xxfi_negotiate documentation. Patch from Sven Neuhaus. LIBMILTER: Fix function name in smfi_addrcpt_par documentation. Patch from G.W. Haywood. LIBMILTER: Fix a potential memory leak in smfi_setsymlist(). Patch from Martin Svec. [...] ``` --- .../libraries/libmilter/darwin.patch | 24 +++++----- .../libraries/libmilter/default.nix | 6 +-- .../libraries/libmilter/glibc-2.30.patch | 44 ------------------- 3 files changed, 15 insertions(+), 59 deletions(-) delete mode 100644 pkgs/development/libraries/libmilter/glibc-2.30.patch diff --git a/pkgs/development/libraries/libmilter/darwin.patch b/pkgs/development/libraries/libmilter/darwin.patch index be46662d6b3..9bad640450c 100644 --- a/pkgs/development/libraries/libmilter/darwin.patch +++ b/pkgs/development/libraries/libmilter/darwin.patch @@ -13,16 +13,16 @@ Fix build issues on Darwin. define(`confLDOPTS', `${Extra_LD_Flags}') --- a/sendmail/sendmail.h 2020-05-18 14:51:17.000000000 +0200 +++ b/sendmail/sendmail.h 2020-05-18 14:51:00.000000000 +0200 -@@ -104,7 +104,11 @@ - # endif /* NETX25 */ +@@ -122,7 +122,11 @@ + # endif - # if NAMED_BIND --# include -+# ifdef __APPLE__ -+# include -+# else -+# include -+# endif - # ifdef NOERROR - # undef NOERROR /* avoid conflict */ - # endif /* NOERROR */ + #if NAMED_BIND +-# include ++# ifdef __APPLE__ ++# include ++# else ++# include ++# endif + # ifdef NOERROR + # undef NOERROR /* avoid conflict */ + # endif diff --git a/pkgs/development/libraries/libmilter/default.nix b/pkgs/development/libraries/libmilter/default.nix index 38788b3c964..ee92235adac 100644 --- a/pkgs/development/libraries/libmilter/default.nix +++ b/pkgs/development/libraries/libmilter/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libmilter"; - version = "8.15.2"; + version = "8.17.1"; src = fetchurl { url = "ftp://ftp.sendmail.org/pub/sendmail/sendmail.${version}.tar.gz"; - sha256 = "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"; + sha256 = "sha256-BLx2tsiG5tERvn/Y2qMrjOABKKKItrUuBnvCnzhUpuY="; }; buildPhase = '' @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { sh Build -f ./a.m4 ''; - patches = [ ./install.patch ./sharedlib.patch ./glibc-2.30.patch ./darwin.patch ]; + patches = [ ./install.patch ./sharedlib.patch ./darwin.patch ]; nativeBuildInputs = [ m4 ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames; diff --git a/pkgs/development/libraries/libmilter/glibc-2.30.patch b/pkgs/development/libraries/libmilter/glibc-2.30.patch deleted file mode 100644 index e72ec9911e3..00000000000 --- a/pkgs/development/libraries/libmilter/glibc-2.30.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff --git a/libmilter/sm_gethost.c b/libmilter/sm_gethost.c -index 2423c34..f00468c 100644 ---- a/libmilter/sm_gethost.c -+++ b/libmilter/sm_gethost.c -@@ -52,16 +52,8 @@ sm_getipnodebyname(name, family, flags, err) - bool resv6 = true; - struct hostent *h; - -- if (family == AF_INET6) -- { -- /* From RFC2133, section 6.1 */ -- resv6 = bitset(RES_USE_INET6, _res.options); -- _res.options |= RES_USE_INET6; -- } - SM_SET_H_ERRNO(0); -- h = gethostbyname(name); -- if (family == AF_INET6 && !resv6) -- _res.options &= ~RES_USE_INET6; -+ h = gethostbyname2(name, family); - - /* the function is supposed to return only the requested family */ - if (h != NULL && h->h_addrtype != family) -diff --git a/sendmail/conf.c b/sendmail/conf.c -index c73334e..500dafb 100644 ---- a/sendmail/conf.c -+++ b/sendmail/conf.c -@@ -4243,16 +4243,8 @@ sm_getipnodebyname(name, family, flags, err) - # else /* HAS_GETHOSTBYNAME2 */ - bool resv6 = true; - -- if (family == AF_INET6) -- { -- /* From RFC2133, section 6.1 */ -- resv6 = bitset(RES_USE_INET6, _res.options); -- _res.options |= RES_USE_INET6; -- } - SM_SET_H_ERRNO(0); -- h = gethostbyname(name); -- if (!resv6) -- _res.options &= ~RES_USE_INET6; -+ h = gethostbyname2(name, family); - - /* the function is supposed to return only the requested family */ - if (h != NULL && h->h_addrtype != family) From 1c6497ec05b6ee767920bc9b4905a42fc4d3874a Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 3 Jan 2023 04:20:00 +0000 Subject: [PATCH 31/54] shadowsocks-rust: 1.15.1 -> 1.15.2 https://github.com/shadowsocks/shadowsocks-rust/releases/tag/v1.15.2 --- .../networking/shadowsocks-rust/default.nix | 16 +++++++--------- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/tools/networking/shadowsocks-rust/default.nix b/pkgs/tools/networking/shadowsocks-rust/default.nix index cc72409622a..716f15ed88f 100644 --- a/pkgs/tools/networking/shadowsocks-rust/default.nix +++ b/pkgs/tools/networking/shadowsocks-rust/default.nix @@ -1,24 +1,22 @@ -{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, CoreServices, libiconv }: +{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, openssl, Security, CoreServices }: rustPlatform.buildRustPackage rec { pname = "shadowsocks-rust"; - version = "1.15.1"; + version = "1.15.2"; src = fetchFromGitHub { rev = "v${version}"; owner = "shadowsocks"; repo = pname; - sha256 = "sha256-CmTkqIr41vGQuY6/GmtibDeubs72VLjoUrpG3MDMeDg="; + hash = "sha256-CvAOvtC5U2njQuUjFxjnGeqhuxrCw4XI6goo1TxIhIU="; }; - cargoSha256 = "sha256-rdV7VErDSEJqpI4487D4eUvV1nGPdE0vDj+S7cZZ/G8="; + cargoHash = "sha256-ctZlYo82M7GKVvrEkw/7+aH9R0MeEsyv3IKl9k4SbiA="; - RUSTC_BOOTSTRAP = 1; + nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; - nativeBuildInputs = [ pkg-config ]; - - buildInputs = [ openssl ] - ++ lib.optionals stdenv.isDarwin [ CoreServices libiconv ]; + buildInputs = lib.optionals stdenv.isLinux [ openssl ] + ++ lib.optionals stdenv.isDarwin [ Security CoreServices ]; cargoBuildFlags = [ "--features=aead-cipher-extra,local-dns,local-http-native-tls,local-redir,local-tun" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ff60bc1d6a3..e98cfee9e85 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11542,7 +11542,7 @@ with pkgs; shabnam-fonts = callPackage ../data/fonts/shabnam-fonts { }; shadowsocks-rust = callPackage ../tools/networking/shadowsocks-rust { - inherit (darwin.apple_sdk.frameworks) CoreServices; + inherit (darwin.apple_sdk.frameworks) Security CoreServices; }; shadowsocks-v2ray-plugin = callPackage ../tools/networking/shadowsocks-v2ray-plugin { }; From 8dcc2da332e90925e5d02ae352d4881b811ad737 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 3 Jan 2023 04:20:00 +0000 Subject: [PATCH 32/54] esbuild: 0.16.12 -> 0.16.13 https://github.com/evanw/esbuild/releases/tag/v0.16.13 --- pkgs/development/tools/esbuild/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/esbuild/default.nix b/pkgs/development/tools/esbuild/default.nix index 546483e2161..07b136ab03b 100644 --- a/pkgs/development/tools/esbuild/default.nix +++ b/pkgs/development/tools/esbuild/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "esbuild"; - version = "0.16.12"; + version = "0.16.13"; src = fetchFromGitHub { owner = "evanw"; repo = "esbuild"; rev = "v${version}"; - sha256 = "sha256-H/dH0NDhBE9EyPRGdN0D0lg/qwXIGj54Yd8jsd6slP8="; + hash = "sha256-X4UB2RDfupUP+u+4g2jLxbpx4n4uarhcjs5VtP9Zi20="; }; - vendorSha256 = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; + vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ="; subPackages = [ "cmd/esbuild" ]; From c1c7ae2d6cff390a2babec789c4761ab595f4ece Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 3 Jan 2023 04:20:00 +0000 Subject: [PATCH 33/54] postgresqlPackages.plpgsql_check: 2.2.5 -> 2.2.6 --- pkgs/servers/sql/postgresql/ext/plpgsql_check.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix index 688f8b3ce6f..4c5b0060991 100644 --- a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix +++ b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "plpgsql_check"; - version = "2.2.5"; + version = "2.2.6"; src = fetchFromGitHub { owner = "okbob"; repo = pname; rev = "v${version}"; - sha256 = "sha256-47fuc0dnTWeu93P8zntsjT9L8SstN5p0WvnNtT4cHzM="; + hash = "sha256-8HFyIzJ1iF3K2vTlibFallvkMKjFTJ2DO64fORToD8E="; }; buildInputs = [ postgresql ]; From e389394c71fa4c55070aa277de022a1b43d61160 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 3 Jan 2023 04:20:00 +0000 Subject: [PATCH 34/54] flexget: 3.5.15 -> 3.5.16 --- pkgs/applications/networking/flexget/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/flexget/default.nix b/pkgs/applications/networking/flexget/default.nix index b6ed57f6b6f..8782816b232 100644 --- a/pkgs/applications/networking/flexget/default.nix +++ b/pkgs/applications/networking/flexget/default.nix @@ -5,7 +5,7 @@ python3Packages.buildPythonApplication rec { pname = "flexget"; - version = "3.5.15"; + version = "3.5.16"; format = "pyproject"; # Fetch from GitHub in order to use `requirements.in` @@ -13,7 +13,7 @@ python3Packages.buildPythonApplication rec { owner = "flexget"; repo = "flexget"; rev = "refs/tags/v${version}"; - hash = "sha256-h/NrXoltu51Q/ZJfScr3sqtVkvUZHpsyq1h235Qz/Rk="; + hash = "sha256-9hcl7OZLi86hZHLotsN1QlPzQ1Ep5vJumAyZxSxxIE8="; }; postPatch = '' From 8d82e8eacce932df2296c3453d7addd3b394f27f Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Tue, 3 Jan 2023 04:20:00 +0000 Subject: [PATCH 35/54] shadowsocks-rust: add changelog to meta --- pkgs/tools/networking/shadowsocks-rust/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/shadowsocks-rust/default.nix b/pkgs/tools/networking/shadowsocks-rust/default.nix index 716f15ed88f..d4e2b590b08 100644 --- a/pkgs/tools/networking/shadowsocks-rust/default.nix +++ b/pkgs/tools/networking/shadowsocks-rust/default.nix @@ -34,8 +34,9 @@ rustPlatform.buildRustPackage rec { ]; meta = with lib; { + description = "A Rust port of Shadowsocks"; homepage = "https://github.com/shadowsocks/shadowsocks-rust"; - description = "A Rust port of shadowsocks"; + changelog = "https://github.com/shadowsocks/shadowsocks-rust/raw/v${version}/debian/changelog"; license = licenses.mit; maintainers = [ maintainers.marsam ]; }; From 53cbb123f5772e2fe26fceeab96ee06ea65fd7c3 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Mon, 2 Jan 2023 15:12:47 +0300 Subject: [PATCH 36/54] chrony: update build configuration --- pkgs/tools/networking/chrony/default.nix | 33 ++++++++++++++------- pkgs/tools/networking/chrony/makefile.patch | 23 ++++++++++++++ 2 files changed, 46 insertions(+), 10 deletions(-) create mode 100644 pkgs/tools/networking/chrony/makefile.patch diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix index de710e6b3f1..2b1bee85bcf 100644 --- a/pkgs/tools/networking/chrony/default.nix +++ b/pkgs/tools/networking/chrony/default.nix @@ -1,5 +1,7 @@ -{ lib, stdenv, fetchurl, pkg-config, libcap, readline, texinfo, nss, nspr -, libseccomp, pps-tools, gnutls }: +{ lib, stdenv, fetchurl, pkg-config +, gnutls, libedit, nspr, nss, readline, texinfo +, libcap, libseccomp, pps-tools +}: stdenv.mkDerivation rec { pname = "chrony"; @@ -7,22 +9,33 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz"; - sha256 = "sha256-nQ2oiahl8ImlohYQ/7ZxPjyUOM4wOmO0nC+26v9biAQ="; + hash = "sha256-nQ2oiahl8ImlohYQ/7ZxPjyUOM4wOmO0nC+26v9biAQ="; }; + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ gnutls libedit nspr nss readline texinfo ] + ++ lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ]; + + configureFlags = [ + "--enable-ntp-signd" + "--sbindir=$(out)/bin" + "--chronyrundir=/run/chrony" + ] ++ lib.optional stdenv.isLinux "--enable-scfilter"; + + patches = [ + # Cleanup the installation script + ./makefile.patch + ]; + postPatch = '' patchShebangs test ''; - buildInputs = [ readline texinfo nss nspr gnutls ] - ++ lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ]; - nativeBuildInputs = [ pkg-config ]; - hardeningEnable = [ "pie" ]; - configureFlags = [ "--chronyvardir=$(out)/var/lib/chrony" "--enable-ntp-signd" ] - ++ lib.optional stdenv.isLinux "--enable-scfilter"; - meta = with lib; { description = "Sets your computer's clock from time servers on the Net"; homepage = "https://chrony.tuxfamily.org/"; diff --git a/pkgs/tools/networking/chrony/makefile.patch b/pkgs/tools/networking/chrony/makefile.patch new file mode 100644 index 00000000000..be15ccb5cb2 --- /dev/null +++ b/pkgs/tools/networking/chrony/makefile.patch @@ -0,0 +1,23 @@ +diff --git a/Makefile.in b/Makefile.in +index ef100a4..47f54f4 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -23,7 +23,7 @@ + + SYSCONFDIR = @SYSCONFDIR@ + BINDIR = @BINDIR@ +-SBINDIR = @SBINDIR@ ++SBINDIR = @BINDIR@ + LOCALSTATEDIR = @LOCALSTATEDIR@ + CHRONYVARDIR = @CHRONYVARDIR@ + DESTDIR = +@@ -86,9 +86,7 @@ getdate : + + install: chronyd chronyc + [ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR) +- [ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR) + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) +- [ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR) + if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi + if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi + cp chronyd $(DESTDIR)$(SBINDIR)/chronyd From a38f523576c095191c080a3d2843f4998e7822fe Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Tue, 3 Jan 2023 13:11:08 +0800 Subject: [PATCH 37/54] eyedropper: 0.4.0 -> 0.5.0 --- pkgs/applications/graphics/eyedropper/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/graphics/eyedropper/default.nix b/pkgs/applications/graphics/eyedropper/default.nix index 32098c97704..41999239af1 100644 --- a/pkgs/applications/graphics/eyedropper/default.nix +++ b/pkgs/applications/graphics/eyedropper/default.nix @@ -15,19 +15,19 @@ stdenv.mkDerivation rec { pname = "eyedropper"; - version = "0.4.0"; + version = "0.5.0"; src = fetchFromGitHub { owner = "FineFindus"; repo = pname; - rev = version; - hash = "sha256-bOpwHaFOoUlh+yyC1go6BeFxfJhUmwZPi6kYAqCagEI="; + rev = "v${version}"; + hash = "sha256-sDrMIryVFkjMGHbYvNDmKb1HyJNGb3Hd+muxUJKhogE="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-TkdOq+icU2zNbXzN6nbkXjL1o/Lfumqr/5S0pQaxY5Q="; + hash = "sha256-mztc44hHdqzR3WbG6tkCL38EfgBajRLlpMC8ElpXnlo="; }; nativeBuildInputs = [ From 7b0c8a8318624f01a47a968ac9678c9c9e3f788a Mon Sep 17 00:00:00 2001 From: Philip Munksgaard Date: Fri, 30 Dec 2022 20:11:59 +0100 Subject: [PATCH 38/54] ispc: Add aarch64-linux and aarch64-darwin platforms According to https://ispc.github.io/ispc.html#selecting-the-compilation-target, aarch64 is supported. --- pkgs/development/compilers/ispc/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/ispc/default.nix b/pkgs/development/compilers/ispc/default.nix index c75c6e25b75..004bf4bb10d 100644 --- a/pkgs/development/compilers/ispc/default.nix +++ b/pkgs/development/compilers/ispc/default.nix @@ -2,7 +2,7 @@ , cmake, which, m4, python3, bison, flex, llvmPackages, ncurses # the default test target is sse4, but that is not supported by all Hydra agents -, testedTargets ? [ "sse2-i32x4" ] +, testedTargets ? if stdenv.isAarch64 || stdenv.isAarch32 then [ "neon-i32x4" ] else [ "sse2-i32x4" ] }: stdenv.mkDerivation rec { @@ -58,14 +58,15 @@ stdenv.mkDerivation rec { "-DCLANGPP_EXECUTABLE=${llvmPackages.clang}/bin/clang++" "-DISPC_INCLUDE_EXAMPLES=OFF" "-DISPC_INCLUDE_UTILS=OFF" - "-DARM_ENABLED=FALSE" + ("-DARM_ENABLED=" + (if stdenv.isAarch64 || stdenv.isAarch32 then "TRUE" else "FALSE")) + ("-DX86_ENABLED=" + (if stdenv.isx86_64 || stdenv.isx86_32 then "TRUE" else "FALSE")) ]; meta = with lib; { homepage = "https://ispc.github.io/"; description = "Intel 'Single Program, Multiple Data' Compiler, a vectorised language"; license = licenses.bsd3; - platforms = [ "x86_64-linux" "x86_64-darwin" ]; # TODO: buildable on more platforms? + platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; # TODO: buildable on more platforms? maintainers = with maintainers; [ aristid thoughtpolice athas ]; }; } From 9e949edd9a34b3b7ca3b6ee0470f7fac2a286470 Mon Sep 17 00:00:00 2001 From: Nick Cao Date: Tue, 3 Jan 2023 16:46:24 +0800 Subject: [PATCH 39/54] julia_18: fix typo in JULIA_CPU_TARGET --- pkgs/development/compilers/julia/1.8.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/julia/1.8.nix b/pkgs/development/compilers/julia/1.8.nix index 643e762ab11..83e87bf4c2f 100644 --- a/pkgs/development/compilers/julia/1.8.nix +++ b/pkgs/development/compilers/julia/1.8.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { # https://github.com/JuliaCI/julia-buildbot/blob/master/master/inventory.py "JULIA_CPU_TARGET=generic;sandybridge,-xsaveopt,clone_all;haswell,-rdrnd,base(1)" ] ++ lib.optionals stdenv.isAarch64 [ - "JULIA_CPU_TERGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" + "JULIA_CPU_TARGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm" ]; # remove forbidden reference to $TMPDIR From 18d4d8224abe9334a30f81d07e62537349f8d054 Mon Sep 17 00:00:00 2001 From: prtzl Date: Tue, 3 Jan 2023 10:08:13 +0100 Subject: [PATCH 40/54] gcc-arm-embedded-12: init at 12.2.rel1 --- .../compilers/gcc-arm-embedded/12/default.nix | 52 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 3 +- 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/compilers/gcc-arm-embedded/12/default.nix diff --git a/pkgs/development/compilers/gcc-arm-embedded/12/default.nix b/pkgs/development/compilers/gcc-arm-embedded/12/default.nix new file mode 100644 index 00000000000..caff0ad023f --- /dev/null +++ b/pkgs/development/compilers/gcc-arm-embedded/12/default.nix @@ -0,0 +1,52 @@ +{ lib +, stdenv +, fetchurl +, ncurses5 +, python38 +}: + +stdenv.mkDerivation rec { + pname = "gcc-arm-embedded"; + version = "12.2.rel1"; + + platform = { + aarch64-linux = "aarch64"; + x86_64-darwin = "darwin-x86_64"; + x86_64-linux = "x86_64"; + }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + + src = fetchurl { + url = "https://developer.arm.com/-/media/Files/downloads/gnu/${version}/binrel/arm-gnu-toolchain-${version}-${platform}-arm-none-eabi.tar.xz"; + sha256 = { + aarch64-linux = "131ydgndff7dyhkivfchbk43lv3cv2p172knkqilx64aapvk5qvy"; + x86_64-darwin = "00i9gd1ny00681pwinh6ng9x45xsyrnwc6hm2vr348z9gasyxh00"; + x86_64-linux = "0rv8r5zh0a5621v0xygxi8f6932qgwinw2s9vnniasp9z7897gl4"; + }.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + }; + + dontConfigure = true; + dontBuild = true; + dontPatchELF = true; + dontStrip = true; + + installPhase = '' + mkdir -p $out + cp -r * $out + ''; + + preFixup = '' + find $out -type f | while read f; do + patchelf "$f" > /dev/null 2>&1 || continue + patchelf --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) "$f" || true + patchelf --set-rpath ${lib.makeLibraryPath [ "$out" stdenv.cc.cc ncurses5 python38 ]} "$f" || true + done + ''; + + meta = with lib; { + description = "Pre-built GNU toolchain from ARM Cortex-M & Cortex-R processors"; + homepage = "https://developer.arm.com/open-source/gnu-toolchain/gnu-rm"; + license = with licenses; [ bsd2 gpl2 gpl3 lgpl21 lgpl3 mit ]; + maintainers = with maintainers; [ prusnak ]; + platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 033bc386330..03bf3164bed 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14520,7 +14520,8 @@ with pkgs; gcc-arm-embedded-9 = callPackage ../development/compilers/gcc-arm-embedded/9 {}; gcc-arm-embedded-10 = callPackage ../development/compilers/gcc-arm-embedded/10 {}; gcc-arm-embedded-11 = callPackage ../development/compilers/gcc-arm-embedded/11 {}; - gcc-arm-embedded = gcc-arm-embedded-11; + gcc-arm-embedded-12 = callPackage ../development/compilers/gcc-arm-embedded/12 {}; + gcc-arm-embedded = gcc-arm-embedded-12; # Has to match the default gcc so that there are no linking errors when # using C/C++ libraries in D packages From 9701c2e9a0acfe07db588c2f47299b853c8e20e5 Mon Sep 17 00:00:00 2001 From: Reed Date: Tue, 3 Jan 2023 05:20:13 -0500 Subject: [PATCH 41/54] i3: 4.21.1 -> 4.22 --- pkgs/applications/window-managers/i3/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/window-managers/i3/default.nix b/pkgs/applications/window-managers/i3/default.nix index 4ffa04d73bf..b9079c88281 100644 --- a/pkgs/applications/window-managers/i3/default.nix +++ b/pkgs/applications/window-managers/i3/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "i3"; - version = "4.21.1"; + version = "4.22"; src = fetchurl { url = "https://i3wm.org/downloads/${pname}-${version}.tar.xz"; - sha256 = "sha256-7f14EoXGVKBdxtsnLOAwDEQo5vvYddmZZOV94ltBvB4="; + sha256 = "sha256-KGOZEeWdlWOfCSZCqYL14d6lkiUMK1zpjtoQCDNRPks="; }; nativeBuildInputs = [ From b2a3c6bd6a7695e21170c640e657c18bf9d3ec0c Mon Sep 17 00:00:00 2001 From: Reed Date: Tue, 3 Jan 2023 05:36:06 -0500 Subject: [PATCH 42/54] i3-gaps: drop --- pkgs/applications/window-managers/i3/gaps.nix | 29 ------------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 -- 3 files changed, 1 insertion(+), 31 deletions(-) delete mode 100644 pkgs/applications/window-managers/i3/gaps.nix diff --git a/pkgs/applications/window-managers/i3/gaps.nix b/pkgs/applications/window-managers/i3/gaps.nix deleted file mode 100644 index 35a58bd25f0..00000000000 --- a/pkgs/applications/window-managers/i3/gaps.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ fetchFromGitHub, lib, i3 }: - -i3.overrideAttrs (oldAttrs : rec { - pname = "i3-gaps"; - version = "4.21.1"; - - src = fetchFromGitHub { - owner = "Airblader"; - repo = "i3"; - rev = version; - sha256 = "sha256-+JxJjvzEuAA4CH+gufzAzIqd5BSvHtPvLm2zTfXc/xk="; - }; - - meta = with lib; { - description = "A fork of the i3 tiling window manager with some additional features"; - homepage = "https://github.com/Airblader/i3"; - maintainers = with maintainers; [ fmthoma ]; - license = licenses.bsd3; - platforms = platforms.linux ++ platforms.netbsd ++ platforms.openbsd; - - longDescription = '' - Fork of i3wm, a tiling window manager primarily targeted at advanced users - and developers. Based on a tree as data structure, supports tiling, - stacking, and tabbing layouts, handled dynamically, as well as floating - windows. This fork adds a few features such as gaps between windows. - Configured via plain text file. Multi-monitor. UTF-8 clean. - ''; - }; -}) diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 3f7ae1cc2f8..7041d012f4b 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -633,6 +633,7 @@ mapAliases ({ ### I ### + i3-gaps = i3; # Added 2023-01-03 i3cat = throw "i3cat has been dropped due to the lack of maintanence from upstream since 2016"; # Added 2022-06-02 iana_etc = throw "'iana_etc' has been renamed to/replaced by 'iana-etc'"; # Converted to throw 2022-02-22 iasl = throw "iasl has been removed, use acpica-tools instead"; # Added 2021-08-08 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 033bc386330..ef43093878b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29775,8 +29775,6 @@ with pkgs; i3-auto-layout = callPackage ../applications/window-managers/i3/auto-layout.nix { }; - i3-gaps = callPackage ../applications/window-managers/i3/gaps.nix { }; - i3-rounded = callPackage ../applications/window-managers/i3/rounded.nix { }; i3altlayout = callPackage ../applications/window-managers/i3/altlayout.nix { }; From e3539cdd2c53683ce9afd259bd8db9105eff97d5 Mon Sep 17 00:00:00 2001 From: Reed Date: Tue, 3 Jan 2023 06:28:51 -0500 Subject: [PATCH 43/54] nixos/i3: update doc for gaps merge --- nixos/modules/services/x11/window-managers/i3.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix index 64109e0c39f..5bb73cd0bfb 100644 --- a/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixos/modules/services/x11/window-managers/i3.nix @@ -31,7 +31,6 @@ in type = types.package; default = pkgs.i3; defaultText = literalExpression "pkgs.i3"; - example = literalExpression "pkgs.i3-gaps"; description = lib.mdDoc '' i3 package to use. ''; @@ -73,6 +72,6 @@ in imports = [ (mkRemovedOptionModule [ "services" "xserver" "windowManager" "i3-gaps" "enable" ] - "Use services.xserver.windowManager.i3.enable and set services.xserver.windowManager.i3.package to pkgs.i3-gaps to use i3-gaps.") + "i3-gaps was merged into i3. Use services.xserver.windowManager.i3.enable instead.") ]; } From ba7ed22f844b984a1da0031da736d13a11509bb7 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 23 Dec 2022 20:59:25 +0100 Subject: [PATCH 44/54] lib.path: init README.md document Adds initial work towards a `lib.path` library Originally proposed in https://github.com/NixOS/nixpkgs/pull/200718, but has since gone through some revisions Co-Authored-By: Valentin Gagarin Co-Authored-By: Robert Hensing --- .github/CODEOWNERS | 1 + lib/path/README.md | 196 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 197 insertions(+) create mode 100644 lib/path/README.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 5385e4a1e0a..760ba2d95fe 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -28,6 +28,7 @@ /lib/cli.nix @edolstra @nbp @Profpatsch /lib/debug.nix @edolstra @nbp @Profpatsch /lib/asserts.nix @edolstra @nbp @Profpatsch +/lib/path.* @infinisil @fricklerhandwerk # Nixpkgs Internals /default.nix @nbp diff --git a/lib/path/README.md b/lib/path/README.md new file mode 100644 index 00000000000..87e552d120d --- /dev/null +++ b/lib/path/README.md @@ -0,0 +1,196 @@ +# Path library + +This document explains why the `lib.path` library is designed the way it is. + +The purpose of this library is to process [filesystem paths]. It does not read files from the filesystem. +It exists to support the native Nix [path value type] with extra functionality. + +[filesystem paths]: https://en.m.wikipedia.org/wiki/Path_(computing) +[path value type]: https://nixos.org/manual/nix/stable/language/values.html#type-path + +As an extension of the path value type, it inherits the same intended use cases and limitations: +- Only use paths to access files at evaluation time, such as the local project source. +- Paths cannot point to derivations, so they are unfit to represent dependencies. +- A path implicitly imports the referenced files into the Nix store when interpolated to a string. Therefore paths are not suitable to access files at build- or run-time, as you risk importing the path from the evaluation system instead. + +Overall, this library works with two types of paths: +- Absolute paths are represented with the Nix [path value type]. Nix automatically normalises these paths. +- Subpaths are represented with the [string value type] since path value types don't support relative paths. This library normalises these paths as safely as possible. Absolute paths in strings are not supported. + + A subpath refers to a specific file or directory within an absolute base directory. + It is a stricter form of a relative path, notably [without support for `..` components][parents] since those could escape the base directory. + +[string value type]: https://nixos.org/manual/nix/stable/language/values.html#type-string + +This library is designed to be as safe and intuitive as possible, throwing errors when operations are attempted that would produce surprising results, and giving the expected result otherwise. + +This library is designed to work well as a dependency for the `lib.filesystem` and `lib.sources` library components. Contrary to these library components, `lib.path` does not read any paths from the filesystem. + +This library makes only these assumptions about paths and no others: +- `dirOf path` returns the path to the parent directory of `path`, unless `path` is the filesystem root, in which case `path` is returned. + - There can be multiple filesystem roots: `p == dirOf p` and `q == dirOf q` does not imply `p == q`. + - While there's only a single filesystem root in stable Nix, the [lazy trees feature](https://github.com/NixOS/nix/pull/6530) introduces [additional filesystem roots](https://github.com/NixOS/nix/pull/6530#discussion_r1041442173). +- `path + ("/" + string)` returns the path to the `string` subdirectory in `path`. + - If `string` contains no `/` characters, then `dirOf (path + ("/" + string)) == path`. + - If `string` contains no `/` characters, then `baseNameOf (path + ("/" + string)) == string`. +- `path1 == path2` returns `true` only if `path1` points to the same filesystem path as `path2`. + +Notably we do not make the assumption that we can turn paths into strings using `toString path`. + +## Design decisions + +Each subsection here contains a decision along with arguments and counter-arguments for (+) and against (-) that decision. + +### Leading dots for relative paths +[leading-dots]: #leading-dots-for-relative-paths + +Observing: Since subpaths are a form of relative paths, they can have a leading `./` to indicate it being a relative path, this is generally not necessary for tools though. + +Considering: Paths should be as explicit, consistent and unambiguous as possible. + +Decision: Returned subpaths should always have a leading `./`. + +
+Arguments + +- (+) In shells, just running `foo` as a command wouldn't execute the file `foo`, whereas `./foo` would execute the file. In contrast, `foo/bar` does execute that file without the need for `./`. This can lead to confusion about when a `./` needs to be prefixed. If a `./` is always included, this becomes a non-issue. This effectively then means that paths don't overlap with command names. +- (+) Prepending with `./` makes the subpaths always valid as relative Nix path expressions. +- (+) Using paths in command line arguments could give problems if not escaped properly, e.g. if a path was `--version`. This is not a problem with `./--version`. This effectively then means that paths don't overlap with GNU-style command line options. +- (-) `./` is not required to resolve relative paths, resolution always has an implicit `./` as prefix. +- (-) It's less noisy without the `./`, e.g. in error messages. + - (+) But similarly, it could be confusing whether something was even a path. + e.g. `foo` could be anything, but `./foo` is more clearly a path. +- (+) Makes it more uniform with absolute paths (those always start with `/`). + - (-) That is not relevant for practical purposes. +- (+) `find` also outputs results with `./`. + - (-) But only if you give it an argument of `.`. If you give it the argument `some-directory`, it won't prefix that. +- (-) `realpath --relative-to` doesn't prefix relative paths with `./`. + - (+) There is no need to return the same result as `realpath`. + +
+ +### Representation of the current directory +[curdir]: #representation-of-the-current-directory + +Observing: The subpath that produces the base directory can be represented with `.` or `./` or `./.`. + +Considering: Paths should be as consistent and unambiguous as possible. + +Decision: It should be `./.`. + +
+Arguments + +- (+) `./` would be inconsistent with [the decision to not persist trailing slashes][trailing-slashes]. +- (-) `.` is how `realpath` normalises paths. +- (+) `.` can be interpreted as a shell command (it's a builtin for sourcing files in `bash` and `zsh`). +- (+) `.` would be the only path without a `/`. It could not be used as a Nix path expression, since those require at least one `/` to be parsed as such. +- (-) `./.` is rather long. + - (-) We don't require users to type this though, as it's only output by the library. + As inputs all three variants are supported for subpaths (and we can't do anything about absolute paths) +- (-) `builtins.dirOf "foo" == "."`, so `.` would be consistent with that. +- (+) `./.` is consistent with the [decision to have leading `./`][leading-dots]. +- (+) `./.` is a valid Nix path expression, although this property does not hold for every relative path or subpath. + +
+ +### Subpath representation +[relrepr]: #subpath-representation + +Observing: Subpaths such as `foo/bar` can be represented in various ways: +- string: `"foo/bar"` +- list with all the components: `[ "foo" "bar" ]` +- attribute set: `{ type = "relative-path"; components = [ "foo" "bar" ]; }` + +Considering: Paths should be as safe to use as possible. We should generate string outputs in the library and not encourage users to do that themselves. + +Decision: Paths are represented as strings. + +
+Arguments + +- (+) It's simpler for the users of the library. One doesn't have to convert a path a string before it can be used. + - (+) Naively converting the list representation to a string with `concatStringsSep "/"` would break for `[]`, requiring library users to be more careful. +- (+) It doesn't encourage people to do their own path processing and instead use the library. + With a list representation it would seem easy to just use `lib.lists.init` to get the parent directory, but then it breaks for `.`, which would be represented as `[ ]`. +- (+) `+` is convenient and doesn't work on lists and attribute sets. + - (-) Shouldn't use `+` anyways, we export safer functions for path manipulation. + +
+ +### Parent directory +[parents]: #parent-directory + +Observing: Relative paths can have `..` components, which refer to the parent directory. + +Considering: Paths should be as safe and unambiguous as possible. + +Decision: `..` path components in string paths are not supported, neither as inputs nor as outputs. Hence, string paths are called subpaths, rather than relative paths. + +
+Arguments + +- (+) If we wanted relative paths to behave according to the "physical" interpretation (as a directory tree with relations between nodes), it would require resolving symlinks, since e.g. `foo/..` would not be the same as `.` if `foo` is a symlink. + - (-) The "logical" interpretation is also valid (treating paths as a sequence of names), and is used by some software. It is simpler, and not using symlinks at all is safer. + - (+) Mixing both models can lead to surprises. + - (+) We can't resolve symlinks without filesystem access. + - (+) Nix also doesn't support reading symlinks at evaluation time. + - (-) We could just not handle such cases, e.g. `equals "foo" "foo/bar/.. == false`. The paths are different, we don't need to check whether the paths point to the same thing. + - (+) Assume we said `relativeTo /foo /bar == "../bar"`. If this is used like `/bar/../foo` in the end, and `bar` turns out to be a symlink to somewhere else, this won't be accurate. + - (-) We could decide to not support such ambiguous operations, or mark them as such, e.g. the normal `relativeTo` will error on such a case, but there could be `extendedRelativeTo` supporting that. +- (-) `..` are a part of paths, a path library should therefore support it. + - (+) If we can convincingly argue that all such use cases are better done e.g. with runtime tools, the library not supporting it can nudge people towards using those. +- (-) We could allow "..", but only in the prefix. + - (+) Then we'd have to throw an error for doing `append /some/path "../foo"`, making it non-composable. + - (+) The same is for returning paths with `..`: `relativeTo /foo /bar => "../bar"` would produce a non-composable path. +- (+) We argue that `..` is not needed at the Nix evaluation level, since we'd always start evaluation from the project root and don't go up from there. + - (+) `..` is supported in Nix paths, turning them into absolute paths. + - (-) This is ambiguous in the presence of symlinks. +- (+) If you need `..` for building or runtime, you can use build-/run-time tooling to create those (e.g. `realpath` with `--relative-to`), or use absolute paths instead. + This also gives you the ability to correctly handle symlinks. + +
+ +### Trailing slashes +[trailing-slashes]: #trailing-slashes + +Observing: Subpaths can contain trailing slashes, like `foo/`, indicating that the path points to a directory and not a file. + +Considering: Paths should be as consistent as possible, there should only be a single normalisation for the same path. + +Decision: All functions remove trailing slashes in their results. + +
+Arguments + +- (+) It allows normalisations to be unique, in that there's only a single normalisation for the same path. If trailing slashes were preserved, both `foo/bar` and `foo/bar/` would be valid but different normalisations for the same path. +- Comparison to other frameworks to figure out the least surprising behavior: + - (+) Nix itself doesn't support trailing slashes when parsing and doesn't preserve them when appending paths. + - (-) [Rust's std::path](https://doc.rust-lang.org/std/path/index.html) does preserve them during [construction](https://doc.rust-lang.org/std/path/struct.Path.html#method.new). + - (+) Doesn't preserve them when returning individual [components](https://doc.rust-lang.org/std/path/struct.Path.html#method.components). + - (+) Doesn't preserve them when [canonicalizing](https://doc.rust-lang.org/std/path/struct.Path.html#method.canonicalize). + - (+) [Python 3's pathlib](https://docs.python.org/3/library/pathlib.html#module-pathlib) doesn't preserve them during [construction](https://docs.python.org/3/library/pathlib.html#pathlib.PurePath). + - Notably it represents the individual components as a list internally. + - (-) [Haskell's filepath](https://hackage.haskell.org/package/filepath-1.4.100.0) has [explicit support](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html#g:6) for handling trailing slashes. + - (-) Does preserve them for [normalisation](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html#v:normalise). + - (-) [NodeJS's Path library](https://nodejs.org/api/path.html) preserves trailing slashes for [normalisation](https://nodejs.org/api/path.html#pathnormalizepath). + - (+) For [parsing a path](https://nodejs.org/api/path.html#pathparsepath) into its significant elements, trailing slashes are not preserved. +- (+) Nix's builtin function `dirOf` gives an unexpected result for paths with trailing slashes: `dirOf "foo/bar/" == "foo/bar"`. + Inconsistently, `baseNameOf` works correctly though: `baseNameOf "foo/bar/" == "bar"`. + - (-) We are writing a path library to improve handling of paths though, so we shouldn't use these functions and discourage their use. +- (-) Unexpected result when normalising intermediate paths, like `relative.normalise ("foo" + "/") + "bar" == "foobar"`. + - (+) This is not a practical use case though. + - (+) Don't use `+` to append paths, this library has a `join` function for that. + - (-) Users might use `+` out of habit though. +- (+) The `realpath` command also removes trailing slashes. +- (+) Even with a trailing slash, the path is the same, it's only an indication that it's a directory. + +
+ +## Other implementations and references + +- [Rust](https://doc.rust-lang.org/std/path/struct.Path.html) +- [Python](https://docs.python.org/3/library/pathlib.html) +- [Haskell](https://hackage.haskell.org/package/filepath-1.4.100.0/docs/System-FilePath.html) +- [Nodejs](https://nodejs.org/api/path.html) +- [POSIX.1-2017](https://pubs.opengroup.org/onlinepubs/9699919799/nframe.html) From 98fbcf17888872f5ebdf9fb6247266929f4308db Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 23 Dec 2022 21:04:14 +0100 Subject: [PATCH 45/54] lib.path.subpath.isValid: init The first path library function --- doc/doc-support/default.nix | 1 + lib/default.nix | 3 +- lib/path/default.nix | 75 ++++++++++++++++++++++++++++++++++++ lib/path/tests/default.nix | 27 +++++++++++++ lib/path/tests/unit.nix | 76 +++++++++++++++++++++++++++++++++++++ lib/tests/release.nix | 3 ++ 6 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 lib/path/default.nix create mode 100644 lib/path/tests/default.nix create mode 100644 lib/path/tests/unit.nix diff --git a/doc/doc-support/default.nix b/doc/doc-support/default.nix index ec180064c35..e9cb96e37fd 100644 --- a/doc/doc-support/default.nix +++ b/doc/doc-support/default.nix @@ -12,6 +12,7 @@ let { name = "lists"; description = "list manipulation functions"; } { name = "debug"; description = "debugging functions"; } { name = "options"; description = "NixOS / nixpkgs option handling"; } + { name = "path"; description = "path functions"; } { name = "filesystem"; description = "filesystem functions"; } { name = "sources"; description = "source filtering functions"; } { name = "cli"; description = "command-line serialization functions"; } diff --git a/lib/default.nix b/lib/default.nix index 68e5b8dea1e..15fe542c574 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -27,7 +27,6 @@ let maintainers = import ../maintainers/maintainer-list.nix; teams = callLibs ../maintainers/team-list.nix; meta = callLibs ./meta.nix; - sources = callLibs ./sources.nix; versions = callLibs ./versions.nix; # module system @@ -53,7 +52,9 @@ let fetchers = callLibs ./fetchers.nix; # Eval-time filesystem handling + path = callLibs ./path; filesystem = callLibs ./filesystem.nix; + sources = callLibs ./sources.nix; # back-compat aliases platforms = self.systems.doubles; diff --git a/lib/path/default.nix b/lib/path/default.nix new file mode 100644 index 00000000000..59f670dfed0 --- /dev/null +++ b/lib/path/default.nix @@ -0,0 +1,75 @@ +# Functions for working with paths, see ./path.md +{ lib }: +let + + inherit (builtins) + isString + match + ; + + inherit (lib.strings) + substring + ; + + inherit (lib.asserts) + assertMsg + ; + + # Return the reason why a subpath is invalid, or `null` if it's valid + subpathInvalidReason = value: + if ! isString value then + "The given value is of type ${builtins.typeOf value}, but a string was expected" + else if value == "" then + "The given string is empty" + else if substring 0 1 value == "/" then + "The given string \"${value}\" starts with a `/`, representing an absolute path" + # We don't support ".." components, see ./path.md#parent-directory + else if match "(.*/)?\\.\\.(/.*)?" value != null then + "The given string \"${value}\" contains a `..` component, which is not allowed in subpaths" + else null; + +in /* No rec! Add dependencies on this file at the top. */ { + + + /* Whether a value is a valid subpath string. + + - The value is a string + + - The string is not empty + + - The string doesn't start with a `/` + + - The string doesn't contain any `..` path components + + Type: + subpath.isValid :: String -> Bool + + Example: + # Not a string + subpath.isValid null + => false + + # Empty string + subpath.isValid "" + => false + + # Absolute path + subpath.isValid "/foo" + => false + + # Contains a `..` path component + subpath.isValid "../foo" + => false + + # Valid subpath + subpath.isValid "foo/bar" + => true + + # Doesn't need to be normalised + subpath.isValid "./foo//bar/" + => true + */ + subpath.isValid = value: + subpathInvalidReason value == null; + +} diff --git a/lib/path/tests/default.nix b/lib/path/tests/default.nix new file mode 100644 index 00000000000..784a3af68b6 --- /dev/null +++ b/lib/path/tests/default.nix @@ -0,0 +1,27 @@ +{ + nixpkgs ? ../../.., + system ? builtins.currentSystem, + pkgs ? import nixpkgs { + config = {}; + overlays = []; + inherit system; + }, + libpath ? ../.., +}: +pkgs.runCommand "lib-path-tests" { + nativeBuildInputs = with pkgs; [ + nix + ]; +} '' + # Needed to make Nix evaluation work + export NIX_STATE_DIR=$(mktemp -d) + + cp -r ${libpath} lib + export TEST_LIB=$PWD/lib + + echo "Running unit tests lib/path/tests/unit.nix" + nix-instantiate --eval lib/path/tests/unit.nix \ + --argstr libpath "$TEST_LIB" + + touch $out +'' diff --git a/lib/path/tests/unit.nix b/lib/path/tests/unit.nix new file mode 100644 index 00000000000..15f5940a51e --- /dev/null +++ b/lib/path/tests/unit.nix @@ -0,0 +1,76 @@ +# Unit tests for lib.path functions. Use `nix-build` in this directory to +# run these +{ libpath }: +let + lib = import libpath; + inherit (lib.path) subpath; + + cases = lib.runTests { + testSubpathIsValidExample1 = { + expr = subpath.isValid null; + expected = false; + }; + testSubpathIsValidExample2 = { + expr = subpath.isValid ""; + expected = false; + }; + testSubpathIsValidExample3 = { + expr = subpath.isValid "/foo"; + expected = false; + }; + testSubpathIsValidExample4 = { + expr = subpath.isValid "../foo"; + expected = false; + }; + testSubpathIsValidExample5 = { + expr = subpath.isValid "foo/bar"; + expected = true; + }; + testSubpathIsValidExample6 = { + expr = subpath.isValid "./foo//bar/"; + expected = true; + }; + testSubpathIsValidTwoDotsEnd = { + expr = subpath.isValid "foo/.."; + expected = false; + }; + testSubpathIsValidTwoDotsMiddle = { + expr = subpath.isValid "foo/../bar"; + expected = false; + }; + testSubpathIsValidTwoDotsPrefix = { + expr = subpath.isValid "..foo"; + expected = true; + }; + testSubpathIsValidTwoDotsSuffix = { + expr = subpath.isValid "foo.."; + expected = true; + }; + testSubpathIsValidTwoDotsPrefixComponent = { + expr = subpath.isValid "foo/..bar/baz"; + expected = true; + }; + testSubpathIsValidTwoDotsSuffixComponent = { + expr = subpath.isValid "foo/bar../baz"; + expected = true; + }; + testSubpathIsValidThreeDots = { + expr = subpath.isValid "..."; + expected = true; + }; + testSubpathIsValidFourDots = { + expr = subpath.isValid "...."; + expected = true; + }; + testSubpathIsValidThreeDotsComponent = { + expr = subpath.isValid "foo/.../bar"; + expected = true; + }; + testSubpathIsValidFourDotsComponent = { + expr = subpath.isValid "foo/..../bar"; + expected = true; + }; + }; +in + if cases == [] then "Unit tests successful" + else throw "Path unit tests failed: ${lib.generators.toPretty {} cases}" diff --git a/lib/tests/release.nix b/lib/tests/release.nix index b93a4236f91..f67892ab962 100644 --- a/lib/tests/release.nix +++ b/lib/tests/release.nix @@ -15,6 +15,9 @@ pkgs.runCommand "nixpkgs-lib-tests" { inherit pkgs; lib = import ../.; }) + (import ../path/tests { + inherit pkgs; + }) ]; } '' datadir="${pkgs.nix}/share" From 63dd6d20db8ac4b5576b48a58fe434319791a7d7 Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 23 Dec 2022 21:07:30 +0100 Subject: [PATCH 46/54] lib.path.subpath.normalise: init --- lib/path/default.nix | 143 ++++++++++++++++++++++++++++++++++++++++ lib/path/tests/unit.nix | 49 ++++++++++++++ 2 files changed, 192 insertions(+) diff --git a/lib/path/default.nix b/lib/path/default.nix index 59f670dfed0..96a9244407b 100644 --- a/lib/path/default.nix +++ b/lib/path/default.nix @@ -4,10 +4,20 @@ let inherit (builtins) isString + split match ; + inherit (lib.lists) + length + head + last + genList + elemAt + ; + inherit (lib.strings) + concatStringsSep substring ; @@ -28,6 +38,60 @@ let "The given string \"${value}\" contains a `..` component, which is not allowed in subpaths" else null; + # Split and normalise a relative path string into its components. + # Error for ".." components and doesn't include "." components + splitRelPath = path: + let + # Split the string into its parts using regex for efficiency. This regex + # matches patterns like "/", "/./", "/././", with arbitrarily many "/"s + # together. These are the main special cases: + # - Leading "./" gets split into a leading "." part + # - Trailing "/." or "/" get split into a trailing "." or "" + # part respectively + # + # These are the only cases where "." and "" parts can occur + parts = split "/+(\\./+)*" path; + + # `split` creates a list of 2 * k + 1 elements, containing the k + + # 1 parts, interleaved with k matches where k is the number of + # (non-overlapping) matches. This calculation here gets the number of parts + # back from the list length + # floor( (2 * k + 1) / 2 ) + 1 == floor( k + 1/2 ) + 1 == k + 1 + partCount = length parts / 2 + 1; + + # To assemble the final list of components we want to: + # - Skip a potential leading ".", normalising "./foo" to "foo" + # - Skip a potential trailing "." or "", normalising "foo/" and "foo/." to + # "foo". See ./path.md#trailing-slashes + skipStart = if head parts == "." then 1 else 0; + skipEnd = if last parts == "." || last parts == "" then 1 else 0; + + # We can now know the length of the result by removing the number of + # skipped parts from the total number + componentCount = partCount - skipEnd - skipStart; + + in + # Special case of a single "." path component. Such a case leaves a + # componentCount of -1 due to the skipStart/skipEnd not verifying that + # they don't refer to the same character + if path == "." then [] + + # Generate the result list directly. This is more efficient than a + # combination of `filter`, `init` and `tail`, because here we don't + # allocate any intermediate lists + else genList (index: + # To get to the element we need to add the number of parts we skip and + # multiply by two due to the interleaved layout of `parts` + elemAt parts ((skipStart + index) * 2) + ) componentCount; + + # Join relative path components together + joinRelPath = components: + # Always return relative paths with `./` as a prefix (./path.md#leading-dots-for-relative-paths) + "./" + + # An empty string is not a valid relative path, so we need to return a `.` when we have no components + (if components == [] then "." else concatStringsSep "/" components); + in /* No rec! Add dependencies on this file at the top. */ { @@ -72,4 +136,83 @@ in /* No rec! Add dependencies on this file at the top. */ { subpath.isValid = value: subpathInvalidReason value == null; + + /* Normalise a subpath. Throw an error if the subpath isn't valid, see + `lib.path.subpath.isValid` + + - Limit repeating `/` to a single one + + - Remove redundant `.` components + + - Remove trailing `/` and `/.` + + - Add leading `./` + + Laws: + + - (Idempotency) Normalising multiple times gives the same result: + + subpath.normalise (subpath.normalise p) == subpath.normalise p + + - (Uniqueness) There's only a single normalisation for the paths that lead to the same file system node: + + subpath.normalise p != subpath.normalise q -> $(realpath ${p}) != $(realpath ${q}) + + - Don't change the result when appended to a Nix path value: + + base + ("/" + p) == base + ("/" + subpath.normalise p) + + - Don't change the path according to `realpath`: + + $(realpath ${p}) == $(realpath ${subpath.normalise p}) + + - Only error on invalid subpaths: + + builtins.tryEval (subpath.normalise p)).success == subpath.isValid p + + Type: + subpath.normalise :: String -> String + + Example: + # limit repeating `/` to a single one + subpath.normalise "foo//bar" + => "./foo/bar" + + # remove redundant `.` components + subpath.normalise "foo/./bar" + => "./foo/bar" + + # add leading `./` + subpath.normalise "foo/bar" + => "./foo/bar" + + # remove trailing `/` + subpath.normalise "foo/bar/" + => "./foo/bar" + + # remove trailing `/.` + subpath.normalise "foo/bar/." + => "./foo/bar" + + # Return the current directory as `./.` + subpath.normalise "." + => "./." + + # error on `..` path components + subpath.normalise "foo/../bar" + => + + # error on empty string + subpath.normalise "" + => + + # error on absolute path + subpath.normalise "/foo" + => + */ + subpath.normalise = path: + assert assertMsg (subpathInvalidReason path == null) + "lib.path.subpath.normalise: Argument is not a valid subpath string: ${subpathInvalidReason path}"; + joinRelPath (splitRelPath path); + } diff --git a/lib/path/tests/unit.nix b/lib/path/tests/unit.nix index 15f5940a51e..eccf3b7b1c3 100644 --- a/lib/path/tests/unit.nix +++ b/lib/path/tests/unit.nix @@ -70,6 +70,55 @@ let expr = subpath.isValid "foo/..../bar"; expected = true; }; + + testSubpathNormaliseExample1 = { + expr = subpath.normalise "foo//bar"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample2 = { + expr = subpath.normalise "foo/./bar"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample3 = { + expr = subpath.normalise "foo/bar"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample4 = { + expr = subpath.normalise "foo/bar/"; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample5 = { + expr = subpath.normalise "foo/bar/."; + expected = "./foo/bar"; + }; + testSubpathNormaliseExample6 = { + expr = subpath.normalise "."; + expected = "./."; + }; + testSubpathNormaliseExample7 = { + expr = (builtins.tryEval (subpath.normalise "foo/../bar")).success; + expected = false; + }; + testSubpathNormaliseExample8 = { + expr = (builtins.tryEval (subpath.normalise "")).success; + expected = false; + }; + testSubpathNormaliseExample9 = { + expr = (builtins.tryEval (subpath.normalise "/foo")).success; + expected = false; + }; + testSubpathNormaliseIsValidDots = { + expr = subpath.normalise "./foo/.bar/.../baz...qux"; + expected = "./foo/.bar/.../baz...qux"; + }; + testSubpathNormaliseWrongType = { + expr = (builtins.tryEval (subpath.normalise null)).success; + expected = false; + }; + testSubpathNormaliseTwoDots = { + expr = (builtins.tryEval (subpath.normalise "..")).success; + expected = false; + }; }; in if cases == [] then "Unit tests successful" From 0667ef5dd5cc7aa00e7d5ebf4391b7ee1d414a0c Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 23 Dec 2022 21:08:09 +0100 Subject: [PATCH 47/54] lib.path.subpath.normalise: add property tests --- lib/path/tests/default.nix | 7 ++ lib/path/tests/generate.awk | 64 +++++++++++++ lib/path/tests/prop.nix | 60 ++++++++++++ lib/path/tests/prop.sh | 179 ++++++++++++++++++++++++++++++++++++ 4 files changed, 310 insertions(+) create mode 100644 lib/path/tests/generate.awk create mode 100644 lib/path/tests/prop.nix create mode 100755 lib/path/tests/prop.sh diff --git a/lib/path/tests/default.nix b/lib/path/tests/default.nix index 784a3af68b6..9a31e42828f 100644 --- a/lib/path/tests/default.nix +++ b/lib/path/tests/default.nix @@ -7,10 +7,14 @@ inherit system; }, libpath ? ../.., + # Random seed + seed ? null, }: pkgs.runCommand "lib-path-tests" { nativeBuildInputs = with pkgs; [ nix + jq + bc ]; } '' # Needed to make Nix evaluation work @@ -23,5 +27,8 @@ pkgs.runCommand "lib-path-tests" { nix-instantiate --eval lib/path/tests/unit.nix \ --argstr libpath "$TEST_LIB" + echo "Running property tests lib/path/tests/prop.sh" + bash lib/path/tests/prop.sh ${toString seed} + touch $out '' diff --git a/lib/path/tests/generate.awk b/lib/path/tests/generate.awk new file mode 100644 index 00000000000..811dd0c46d3 --- /dev/null +++ b/lib/path/tests/generate.awk @@ -0,0 +1,64 @@ +# Generate random path-like strings, separated by null characters. +# +# Invocation: +# +# awk -f ./generate.awk -v = | tr '\0' '\n' +# +# Customizable variables (all default to 0): +# - seed: Deterministic random seed to use for generation +# - count: Number of paths to generate +# - extradotweight: Give extra weight to dots being generated +# - extraslashweight: Give extra weight to slashes being generated +# - extranullweight: Give extra weight to null being generated, making paths shorter +BEGIN { + # Random seed, passed explicitly for reproducibility + srand(seed) + + # Don't include special characters below 32 + minascii = 32 + # Don't include DEL at 128 + maxascii = 127 + upperascii = maxascii - minascii + + # add extra weight for ., in addition to the one weight from the ascii range + upperdot = upperascii + extradotweight + + # add extra weight for /, in addition to the one weight from the ascii range + upperslash = upperdot + extraslashweight + + # add extra weight for null, indicating the end of the string + # Must be at least 1 to have strings end at all + total = upperslash + 1 + extranullweight + + # new=1 indicates that it's a new string + new=1 + while (count > 0) { + + # Random integer between [0, total) + value = int(rand() * total) + + if (value < upperascii) { + # Ascii range + printf("%c", value + minascii) + new=0 + + } else if (value < upperdot) { + # Dot range + printf "." + new=0 + + } else if (value < upperslash) { + # If it's the start of a new path, only generate a / in 10% of cases + # This is always an invalid subpath, which is not a very interesting case + if (new && rand() > 0.1) continue + printf "/" + + } else { + # Do not generate empty strings + if (new) continue + printf "\x00" + count-- + new=1 + } + } +} diff --git a/lib/path/tests/prop.nix b/lib/path/tests/prop.nix new file mode 100644 index 00000000000..67e5c1e9d61 --- /dev/null +++ b/lib/path/tests/prop.nix @@ -0,0 +1,60 @@ +# Given a list of path-like strings, check some properties of the path library +# using those paths and return a list of attribute sets of the following form: +# +# { = ; } +# +# If `normalise` fails to evaluate, the attribute value is set to `""`. +# If not, the resulting value is normalised again and an appropriate attribute set added to the output list. +{ + # The path to the nixpkgs lib to use + libpath, + # A flat directory containing files with randomly-generated + # path-like values + dir, +}: +let + lib = import libpath; + + # read each file into a string + strings = map (name: + builtins.readFile (dir + "/${name}") + ) (builtins.attrNames (builtins.readDir dir)); + + inherit (lib.path.subpath) normalise isValid; + inherit (lib.asserts) assertMsg; + + normaliseAndCheck = str: + let + originalValid = isValid str; + + tryOnce = builtins.tryEval (normalise str); + tryTwice = builtins.tryEval (normalise tryOnce.value); + + absConcatOrig = /. + ("/" + str); + absConcatNormalised = /. + ("/" + tryOnce.value); + in + # Check the lib.path.subpath.normalise property to only error on invalid subpaths + assert assertMsg + (originalValid -> tryOnce.success) + "Even though string \"${str}\" is valid as a subpath, the normalisation for it failed"; + assert assertMsg + (! originalValid -> ! tryOnce.success) + "Even though string \"${str}\" is invalid as a subpath, the normalisation for it succeeded"; + + # Check normalisation idempotency + assert assertMsg + (originalValid -> tryTwice.success) + "For valid subpath \"${str}\", the normalisation \"${tryOnce.value}\" was not a valid subpath"; + assert assertMsg + (originalValid -> tryOnce.value == tryTwice.value) + "For valid subpath \"${str}\", normalising it once gives \"${tryOnce.value}\" but normalising it twice gives a different result: \"${tryTwice.value}\""; + + # Check that normalisation doesn't change a string when appended to an absolute Nix path value + assert assertMsg + (originalValid -> absConcatOrig == absConcatNormalised) + "For valid subpath \"${str}\", appending to an absolute Nix path value gives \"${absConcatOrig}\", but appending the normalised result \"${tryOnce.value}\" gives a different value \"${absConcatNormalised}\""; + + # Return an empty string when failed + if tryOnce.success then tryOnce.value else ""; + +in lib.genAttrs strings normaliseAndCheck diff --git a/lib/path/tests/prop.sh b/lib/path/tests/prop.sh new file mode 100755 index 00000000000..c956e55bbfa --- /dev/null +++ b/lib/path/tests/prop.sh @@ -0,0 +1,179 @@ +#!/usr/bin/env bash + +# Property tests for the `lib.path` library +# +# It generates random path-like strings and runs the functions on +# them, checking that the expected laws of the functions hold + +set -euo pipefail +shopt -s inherit_errexit + +# https://stackoverflow.com/a/246128 +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +if test -z "${TEST_LIB:-}"; then + TEST_LIB=$SCRIPT_DIR/../.. +fi + +tmp="$(mktemp -d)" +clean_up() { + rm -rf "$tmp" +} +trap clean_up EXIT +mkdir -p "$tmp/work" +cd "$tmp/work" + +# Defaulting to a random seed but the first argument can override this +seed=${1:-$RANDOM} +echo >&2 "Using seed $seed, use \`lib/path/tests/prop.sh $seed\` to reproduce this result" + +# The number of random paths to generate. This specific number was chosen to +# be fast enough while still generating enough variety to detect bugs. +count=500 + +debug=0 +# debug=1 # print some extra info +# debug=2 # print generated values + +# Fine tuning parameters to balance the number of generated invalid paths +# to the variance in generated paths. +extradotweight=64 # Larger value: more dots +extraslashweight=64 # Larger value: more slashes +extranullweight=16 # Larger value: shorter strings + +die() { + echo >&2 "test case failed: " "$@" + exit 1 +} + +if [[ "$debug" -ge 1 ]]; then + echo >&2 "Generating $count random path-like strings" +fi + +# Read stream of null-terminated strings entry-by-entry into bash, +# write it to a file and the `strings` array. +declare -a strings=() +mkdir -p "$tmp/strings" +while IFS= read -r -d $'\0' str; do + echo -n "$str" > "$tmp/strings/${#strings[@]}" + strings+=("$str") +done < <(awk \ + -f "$SCRIPT_DIR"/generate.awk \ + -v seed="$seed" \ + -v count="$count" \ + -v extradotweight="$extradotweight" \ + -v extraslashweight="$extraslashweight" \ + -v extranullweight="$extranullweight") + +if [[ "$debug" -ge 1 ]]; then + echo >&2 "Trying to normalise the generated path-like strings with Nix" +fi + +# Precalculate all normalisations with a single Nix call. Calling Nix for each +# string individually would take way too long +nix-instantiate --eval --strict --json \ + --argstr libpath "$TEST_LIB" \ + --argstr dir "$tmp/strings" \ + "$SCRIPT_DIR"/prop.nix \ + >"$tmp/result.json" + +# Uses some jq magic to turn the resulting attribute set into an associative +# bash array assignment +declare -A normalised_result="($(jq ' + to_entries + | map("[\(.key | @sh)]=\(.value | @sh)") + | join(" \n")' -r < "$tmp/result.json"))" + +# Looks up a normalisation result for a string +# Checks that the normalisation is only failing iff it's an invalid subpath +# For valid subpaths, returns 0 and prints the normalisation result +# For invalid subpaths, returns 1 +normalise() { + local str=$1 + # Uses the same check for validity as in the library implementation + if [[ "$str" == "" || "$str" == /* || "$str" =~ ^(.*/)?\.\.(/.*)?$ ]]; then + valid= + else + valid=1 + fi + + normalised=${normalised_result[$str]} + # An empty string indicates failure, this is encoded in ./prop.nix + if [[ -n "$normalised" ]]; then + if [[ -n "$valid" ]]; then + echo "$normalised" + else + die "For invalid subpath \"$str\", lib.path.subpath.normalise returned this result: \"$normalised\"" + fi + else + if [[ -n "$valid" ]]; then + die "For valid subpath \"$str\", lib.path.subpath.normalise failed" + else + if [[ "$debug" -ge 2 ]]; then + echo >&2 "String \"$str\" is not a valid subpath" + fi + # Invalid and it correctly failed, we let the caller continue if they catch the exit code + return 1 + fi + fi +} + +# Intermediate result populated by test_idempotency_realpath +# and used in test_normalise_uniqueness +# +# Contains a mapping from a normalised subpath to the realpath result it represents +declare -A norm_to_real + +test_idempotency_realpath() { + if [[ "$debug" -ge 1 ]]; then + echo >&2 "Checking idempotency of each result and making sure the realpath result isn't changed" + fi + + # Count invalid subpaths to display stats + invalid=0 + for str in "${strings[@]}"; do + if ! result=$(normalise "$str"); then + ((invalid++)) || true + continue + fi + + # Check the law that it doesn't change the result of a realpath + mkdir -p -- "$str" "$result" + real_orig=$(realpath -- "$str") + real_norm=$(realpath -- "$result") + + if [[ "$real_orig" != "$real_norm" ]]; then + die "realpath of the original string \"$str\" (\"$real_orig\") is not the same as realpath of the normalisation \"$result\" (\"$real_norm\")" + fi + + if [[ "$debug" -ge 2 ]]; then + echo >&2 "String \"$str\" gets normalised to \"$result\" and file path \"$real_orig\"" + fi + norm_to_real["$result"]="$real_orig" + done + if [[ "$debug" -ge 1 ]]; then + echo >&2 "$(bc <<< "scale=1; 100 / $count * $invalid")% of the total $count generated strings were invalid subpath strings, and were therefore ignored" + fi +} + +test_normalise_uniqueness() { + if [[ "$debug" -ge 1 ]]; then + echo >&2 "Checking for the uniqueness law" + fi + + for norm_p in "${!norm_to_real[@]}"; do + real_p=${norm_to_real["$norm_p"]} + for norm_q in "${!norm_to_real[@]}"; do + real_q=${norm_to_real["$norm_q"]} + # Checks normalisation uniqueness law for each pair of values + if [[ "$norm_p" != "$norm_q" && "$real_p" == "$real_q" ]]; then + die "Normalisations \"$norm_p\" and \"$norm_q\" are different, but the realpath of them is the same: \"$real_p\"" + fi + done + done +} + +test_idempotency_realpath +test_normalise_uniqueness + +echo >&2 tests ok From 5e96eb14ce38fe9067fe5d8545379560a0c331c4 Mon Sep 17 00:00:00 2001 From: Yaya Date: Tue, 3 Jan 2023 13:49:07 +0100 Subject: [PATCH 48/54] nixos/snipe-it: Fix a bug in the setup script (#206869) The `snipe-it-setup.service` script exits with an error if the invalid_barcode.gif already exists at the destination, due to `set -euo pipefail` at the beginning of the script. This commit refactors the affected lines so that it no longer causes an error. Resolves #205791 --- nixos/modules/services/web-apps/snipe-it.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix index 314a69a73a8..93b0aafab64 100644 --- a/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixos/modules/services/web-apps/snipe-it.nix @@ -454,8 +454,9 @@ in { # A placeholder file for invalid barcodes invalid_barcode_location="${cfg.dataDir}/public/uploads/barcodes/invalid_barcode.gif" - [ ! -e "$invalid_barcode_location" ] \ - && cp ${snipe-it}/share/snipe-it/invalid_barcode.gif "$invalid_barcode_location" + if [ ! -e "$invalid_barcode_location" ]; then + cp ${snipe-it}/share/snipe-it/invalid_barcode.gif "$invalid_barcode_location" + fi ''; }; From b943fb24b7bb827677fb7dad0de1562c13db27c5 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Mon, 2 Jan 2023 15:49:23 +0300 Subject: [PATCH 49/54] chrony: update sandboxing options --- .../from_md/release-notes/rl-2305.section.xml | 7 +++ .../manual/release-notes/rl-2305.section.md | 2 + .../services/networking/ntp/chrony.nix | 54 +++++++++++++++---- 3 files changed, 52 insertions(+), 11 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index ea3be31a206..4fb5749e71c 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -339,6 +339,13 @@ And backup your data. + + + services.chronyd is now started with + additional systemd sandbox/hardening options for better + security. + + The module services.headscale was diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index df0ec622e56..b5c9c4ceb55 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -94,6 +94,8 @@ In addition to numerous new and upgraded packages, this release has the followin And backup your data. +- `services.chronyd` is now started with additional systemd sandbox/hardening options for better security. + - The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: - Most settings has been migrated under [services.headscale.settings](#opt-services.headscale.settings) which is an attribute-set that diff --git a/nixos/modules/services/networking/ntp/chrony.nix b/nixos/modules/services/networking/ntp/chrony.nix index 7e3bb565d10..dc180d4a4f9 100644 --- a/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixos/modules/services/networking/ntp/chrony.nix @@ -147,9 +147,9 @@ in systemd.services.systemd-timedated.environment = { SYSTEMD_TIMEDATED_NTP_SERVICES = "chronyd.service"; }; systemd.tmpfiles.rules = [ - "d ${stateDir} 0755 chrony chrony - -" - "f ${driftFile} 0640 chrony chrony -" - "f ${keyFile} 0640 chrony chrony -" + "d ${stateDir} 0750 chrony chrony - -" + "f ${driftFile} 0640 chrony chrony - -" + "f ${keyFile} 0640 chrony chrony - -" ]; systemd.services.chronyd = @@ -164,15 +164,47 @@ in path = [ chronyPkg ]; unitConfig.ConditionCapability = "CAP_SYS_TIME"; - serviceConfig = - { Type = "simple"; - ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}"; - - ProtectHome = "yes"; - ProtectSystem = "full"; - PrivateTmp = "yes"; - }; + serviceConfig = { + Type = "simple"; + ExecStart = "${chronyPkg}/bin/chronyd ${builtins.toString chronyFlags}"; + # Proc filesystem + ProcSubset = "pid"; + ProtectProc = "invisible"; + # Access write directories + ReadWritePaths = [ "${stateDir}" ]; + UMask = "0027"; + # Capabilities + CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_DAC_OVERRIDE" "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" "CAP_SYS_RESOURCE" "CAP_SYS_TIME" ]; + # Device Access + DeviceAllow = [ "char-pps rw" "char-ptp rw" "char-rtc rw" ]; + DevicePolicy = "closed"; + # Security + NoNewPrivileges = true; + # Sandboxing + ProtectSystem = "full"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = false; + ProtectHostname = true; + ProtectClock = false; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + # System Call Filtering + SystemCallArchitectures = "native"; + SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ]; + }; }; }; } From a72e226b04c008ccc499e9e19dcda9dae493a8c9 Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Tue, 3 Jan 2023 00:59:55 -0600 Subject: [PATCH 50/54] spark2014: fix incomplete install (#208830) The previous installPhase was only using `make install`, while the real target needed is `make install-all`. This installs many missing tools under `$out/libexec/`, such as the missing `gnatwhy3` binary, which was the root cause of #208830. With this, gnatprove can now successfully discharge and prove things with solvers like Z3, etc. And, because it also includes `why3server`, we don't need to use wrapProgram on it anymore, either! Closes #208830 Signed-off-by: Austin Seipp --- pkgs/development/libraries/ada/spark2014/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/ada/spark2014/default.nix b/pkgs/development/libraries/ada/spark2014/default.nix index 1e6157cfb9a..d928dddfc8d 100644 --- a/pkgs/development/libraries/ada/spark2014/default.nix +++ b/pkgs/development/libraries/ada/spark2014/default.nix @@ -5,7 +5,6 @@ , gnatcoll-core , gprbuild , python3 -, why3 , ocaml , ocamlPackages , makeWrapper @@ -53,11 +52,9 @@ stdenv.mkDerivation rec { make setup ''; - postInstall = '' + installPhase = '' + make install-all cp -a ./install/. $out - # help gnatprove to locate why3server - wrapProgram "$out/bin/gnatprove" \ - --prefix PATH : "${why3}/lib/why3" ''; meta = with lib; { From 9cc1e97f615b66e3f89fe0d1b7277fce44bd07aa Mon Sep 17 00:00:00 2001 From: Marc Jakobi Date: Tue, 27 Dec 2022 00:48:35 +0100 Subject: [PATCH 51/54] nixos/gnupg: (fix) use runtimeShell to call updatestartuptty --- nixos/modules/programs/gnupg.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index 828f24f9911..cb8d0ecff4c 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -135,7 +135,7 @@ in # The SSH agent protocol doesn't have support for changing TTYs; however we # can simulate this with the `exec` feature of openssh (see ssh_config(5)) # that hooks a command to the shell currently running the ssh program. - Match host * exec "${cfg.package}/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1" + Match host * exec "${pkgs.runtimeShell} -c '${cfg.package}/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1'" ''; environment.extraInit = mkIf cfg.agent.enableSSHSupport '' From 2628f0003c708c20191022dbe911002c17ec5203 Mon Sep 17 00:00:00 2001 From: Charles Johnson <32775248+ChemicalXandco@users.noreply.github.com> Date: Tue, 3 Jan 2023 16:43:06 +0000 Subject: [PATCH 52/54] waydroid: 1.3.3 -> 1.3.4 (#206833) Co-authored-by: Sandro --- nixos/modules/virtualisation/waydroid.nix | 6 +----- pkgs/os-specific/linux/waydroid/default.nix | 5 +++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/virtualisation/waydroid.nix b/nixos/modules/virtualisation/waydroid.nix index a2cfd806f32..46e5f901015 100644 --- a/nixos/modules/virtualisation/waydroid.nix +++ b/nixos/modules/virtualisation/waydroid.nix @@ -56,12 +56,8 @@ in wantedBy = [ "multi-user.target" ]; - unitConfig = { - ConditionPathExists = "/var/lib/waydroid/lxc/waydroid"; - }; - serviceConfig = { - ExecStart = "${pkgs.waydroid}/bin/waydroid container start"; + ExecStart = "${pkgs.waydroid}/bin/waydroid -w container start"; ExecStop = "${pkgs.waydroid}/bin/waydroid container stop"; ExecStopPost = "${pkgs.waydroid}/bin/waydroid session stop"; }; diff --git a/pkgs/os-specific/linux/waydroid/default.nix b/pkgs/os-specific/linux/waydroid/default.nix index 55630f2fad3..3ed99073d1c 100644 --- a/pkgs/os-specific/linux/waydroid/default.nix +++ b/pkgs/os-specific/linux/waydroid/default.nix @@ -2,6 +2,7 @@ , lib , fetchFromGitHub , python3Packages +, bash , dnsmasq , gawk , getent @@ -17,14 +18,14 @@ python3Packages.buildPythonApplication rec { pname = "waydroid"; - version = "1.3.3"; + version = "1.3.4"; format = "other"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "sha256-av1kcOSViUV2jsFiTE21N6sAJIL6K+zKkpPHjx6iYVk="; + sha256 = "sha256-0GBob9BUwiE5cFGdK8AdwsTjTOdc+AIWqUGN/gFfOqI="; }; propagatedBuildInputs = with python3Packages; [ From 83481b87082efe630b6bcd3c5089f488d90be51f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Tue, 3 Jan 2023 14:28:23 +0100 Subject: [PATCH 53/54] doc: python: Run hooks in checkPhase --- doc/languages-frameworks/python.section.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/doc/languages-frameworks/python.section.md b/doc/languages-frameworks/python.section.md index ab5ba428958..2f15d0f0468 100644 --- a/doc/languages-frameworks/python.section.md +++ b/doc/languages-frameworks/python.section.md @@ -570,7 +570,13 @@ test run would be: ``` checkInputs = [ pytest ]; - checkPhase = "pytest"; + checkPhase = '' + runHook preCheck + + pytest + + runHook postCheck + ''; ``` However, many repositories' test suites do not translate well to nix's build @@ -582,7 +588,11 @@ To filter tests using pytest, one can do the following: checkInputs = [ pytest ]; # avoid tests which need additional data or touch network checkPhase = '' + runHook preCheck + pytest tests/ --ignore=tests/integration -k 'not download and not update' + + runHook postCheck ''; ``` @@ -1408,7 +1418,11 @@ example of such a situation is when `py.test` is used. # assumes the tests are located in tests checkInputs = [ pytest ]; checkPhase = '' + runHook preCheck + py.test -k 'not function_name and not other_function' tests + + runHook postCheck ''; } ``` From 7724ff0721356aa421e063a0c0a44b1fd1fd5dd8 Mon Sep 17 00:00:00 2001 From: Colin Arnott Date: Mon, 26 Dec 2022 07:35:10 +0000 Subject: [PATCH 54/54] deepgit: init at 4.3 Fixes #206573 --- .../version-management/deepgit/default.nix | 86 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 88 insertions(+) create mode 100644 pkgs/applications/version-management/deepgit/default.nix diff --git a/pkgs/applications/version-management/deepgit/default.nix b/pkgs/applications/version-management/deepgit/default.nix new file mode 100644 index 00000000000..312dc523710 --- /dev/null +++ b/pkgs/applications/version-management/deepgit/default.nix @@ -0,0 +1,86 @@ +{ copyDesktopItems +, fetchurl +, glib +, gnome +, gtk3 +, jre +, lib +, makeDesktopItem +, stdenv +, wrapGAppsHook +}: + +stdenv.mkDerivation rec { + pname = "deepgit"; + version = "4.3"; + + src = fetchurl { + url = "https://www.syntevo.com/downloads/deepgit/deepgit-linux-${lib.replaceStrings [ "." ] [ "_" ] version}.tar.gz"; + hash = "sha256-bA/EySZjuSDYaZplwHcpeP1VakcnG5K1hYTk7cSVbz0="; + }; + + nativeBuildInputs = [ + copyDesktopItems + wrapGAppsHook + ]; + + buildInputs = [ + gnome.adwaita-icon-theme + gtk3 + jre + ]; + + preFixup = '' + gappsWrapperArgs+=( + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ glib gtk3 ]} + --set DEEPGIT_JAVA_HOME ${jre} + ) + patchShebangs bin/deepgit.sh + ''; + + desktopItems = [(makeDesktopItem rec { + name = pname; + desktopName = "DeepGit"; + keywords = [ "git" ]; + comment = "Git-Client"; + categories = [ + "Development" + "RevisionControl" + ]; + terminal = false; + startupNotify = true; + startupWMClass = desktopName; + exec = pname; + mimeTypes = [ + "x-scheme-handler/${pname}" + "x-scheme-handler/sourcetree" + ]; + icon = pname; + })]; + + installPhase = '' + runHook preInstall + + mkdir -pv $out/{bin,share/icons/hicolor/scalable/apps/} + cp -a lib license.html $out + mv bin/deepgit.sh $out/bin/deepgit + + for icon_size in 32 48 64 128 256; do + path=$icon_size'x'$icon_size + icon=bin/deepgit-$icon_size.png + mkdir -p $out/share/icons/hicolor/$path/apps + cp $icon $out/share/icons/hicolor/$path/apps/deepgit.png + done + + runHook postInstall + ''; + + meta = with lib; { + description = "A tool to investigate the history of source code"; + homepage = "https://www.syntevo.com/deepgit"; + changelog = "https://www.syntevo.com/deepgit/changelog.txt"; + license = licenses.unfree; + maintainers = with maintainers; [ urandom ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1623a08256a..30224ac9b3f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1543,6 +1543,8 @@ with pkgs; ### APPLICATIONS/VERSION-MANAGEMENT + deepgit = callPackage ../applications/version-management/deepgit {}; + git = callPackage ../applications/version-management/git { inherit (darwin.apple_sdk.frameworks) CoreServices Security; perlLibs = [perlPackages.LWP perlPackages.URI perlPackages.TermReadKey];