Merge staging-next into staging
This commit is contained in:
commit
00623e191a
5
.github/CODEOWNERS
vendored
5
.github/CODEOWNERS
vendored
@ -310,3 +310,8 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
|
||||
/pkgs/build-support/node/build-npm-package @winterqt
|
||||
/pkgs/build-support/node/fetch-npm-deps @winterqt
|
||||
/doc/languages-frameworks/javascript.section.md @winterqt
|
||||
|
||||
# OCaml
|
||||
/pkgs/build-support/ocaml @romildo @superherointj @ulrikstrid
|
||||
/pkgs/development/compilers/ocaml @romildo @superherointj @ulrikstrid
|
||||
/pkgs/development/ocaml-modules @romildo @superherointj @ulrikstrid
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ lib, stdenv, fetchFromGitHub, libjpeg }:
|
||||
{ lib, stdenv, fetchFromGitHub, fetchpatch, libjpeg }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.5.2";
|
||||
@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "sha256-PROQvOqsis8we58OOZ/kuY+L/CoV7XfnY9wvrpsTJu8=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-27781.patch";
|
||||
url = "https://github.com/tjko/jpegoptim/commit/29a073ad297a0954f5e865264e24755d0ffe53ed.patch";
|
||||
hash = "sha256-YUjVg0cvElhzMG3b4t5bqcqnHAuzDoNvSqe0yvlgX4E=";
|
||||
})
|
||||
];
|
||||
|
||||
# There are no checks, it seems.
|
||||
doCheck = false;
|
||||
|
||||
|
@ -62,9 +62,9 @@ rec {
|
||||
|
||||
nomad_1_4 = generic {
|
||||
buildGoModule = buildGo120Module;
|
||||
version = "1.4.4";
|
||||
sha256 = "sha256-mAimuWolTJ3lMY/ArnLZFu+GZv9ADdGsriXsTcEgdYc=";
|
||||
vendorSha256 = "sha256-QtP7pzsIBd2S79AUcbOeVG71Mb5qK706rq5DkT41VqM=";
|
||||
version = "1.4.6";
|
||||
sha256 = "sha256-l4GvQIS5JSSgjBjPivAKAb7gKlVLw4WoZpPR8LxnLNc=";
|
||||
vendorSha256 = "sha256-05BhKF6kx0wbu74cidpTFhUN668R/AxV6qWmchCm/WE=";
|
||||
passthru.tests.nomad = nixosTests.nomad;
|
||||
};
|
||||
}
|
||||
|
@ -172,8 +172,7 @@ let
|
||||
makeWrapper $out/lib/slack/slack $out/bin/slack \
|
||||
--prefix XDG_DATA_DIRS : $GSETTINGS_SCHEMAS_PATH \
|
||||
--suffix PATH : ${lib.makeBinPath [xdg-utils]} \
|
||||
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
|
||||
--add-flags "\''${WAYLAND_DISPLAY:+--enable-features=WebRTCPipeWireCapturer}"
|
||||
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations,WebRTCPipeWireCapturer}}"
|
||||
|
||||
# Fix the desktop link
|
||||
substituteInPlace $out/share/applications/slack.desktop \
|
||||
|
@ -26,7 +26,7 @@ let
|
||||
"unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"
|
||||
]);
|
||||
|
||||
etcBindFlags = let
|
||||
etcBindEntries = let
|
||||
files = [
|
||||
# NixOS Compatibility
|
||||
"static"
|
||||
@ -69,8 +69,7 @@ let
|
||||
"ca-certificates"
|
||||
"pki"
|
||||
];
|
||||
in concatStringsSep "\n "
|
||||
(map (file: "--ro-bind-try $(${coreutils}/bin/readlink -m /etc/${file}) /etc/${file}") files);
|
||||
in map (path: "/etc/${path}") files;
|
||||
|
||||
# Create this on the fly instead of linking from /nix
|
||||
# The container might have to modify it and re-run ldconfig if there are
|
||||
@ -99,19 +98,20 @@ let
|
||||
'';
|
||||
|
||||
bwrapCmd = { initArgs ? "" }: ''
|
||||
blacklist=(/nix /dev /proc /etc)
|
||||
ignored=(/nix /dev /proc /etc)
|
||||
ro_mounts=()
|
||||
symlinks=()
|
||||
etc_ignored=()
|
||||
for i in ${env}/*; do
|
||||
path="/''${i##*/}"
|
||||
if [[ $path == '/etc' ]]; then
|
||||
:
|
||||
elif [[ -L $i ]]; then
|
||||
symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$path")
|
||||
blacklist+=("$path")
|
||||
ignored+=("$path")
|
||||
else
|
||||
ro_mounts+=(--ro-bind "$i" "$path")
|
||||
blacklist+=("$path")
|
||||
ignored+=("$path")
|
||||
fi
|
||||
done
|
||||
|
||||
@ -124,14 +124,26 @@ let
|
||||
continue
|
||||
fi
|
||||
ro_mounts+=(--ro-bind "$i" "/etc$path")
|
||||
etc_ignored+=("/etc$path")
|
||||
done
|
||||
fi
|
||||
|
||||
for i in ${lib.escapeShellArgs etcBindEntries}; do
|
||||
if [[ "''${etc_ignored[@]}" =~ "$i" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ -L $i ]]; then
|
||||
symlinks+=(--symlink "$(${coreutils}/bin/readlink "$i")" "$i")
|
||||
else
|
||||
ro_mounts+=(--ro-bind-try "$i" "$i")
|
||||
fi
|
||||
done
|
||||
|
||||
declare -a auto_mounts
|
||||
# loop through all directories in the root
|
||||
for dir in /*; do
|
||||
# if it is a directory and it is not in the blacklist
|
||||
if [[ -d "$dir" ]] && [[ ! "''${blacklist[@]}" =~ "$dir" ]]; then
|
||||
# if it is a directory and it is not ignored
|
||||
if [[ -d "$dir" ]] && [[ ! "''${ignored[@]}" =~ "$dir" ]]; then
|
||||
# add it to the mount list
|
||||
auto_mounts+=(--bind "$dir" "$dir")
|
||||
fi
|
||||
@ -179,7 +191,6 @@ let
|
||||
--symlink /etc/ld.so.cache ${pkgsi686Linux.glibc}/etc/ld.so.cache \
|
||||
--ro-bind ${pkgsi686Linux.glibc}/etc/rpc ${pkgsi686Linux.glibc}/etc/rpc \
|
||||
--remount-ro ${pkgsi686Linux.glibc}/etc \
|
||||
${etcBindFlags}
|
||||
"''${ro_mounts[@]}"
|
||||
"''${symlinks[@]}"
|
||||
"''${auto_mounts[@]}"
|
||||
|
@ -16,14 +16,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "lightning-utilities";
|
||||
version = "0.7.1";
|
||||
version = "0.8.0";
|
||||
format = "pyproject";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Lightning-AI";
|
||||
repo = "utilities";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-xjE5FsU1d/YcVHlfjtZE0T2LjGvsIOzbGJFU7PMDqdc=";
|
||||
hash = "sha256-uwmX+/SK2zBkZQbN/t/DZ3i+XbdAJ/RM+Q649QwMUz0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -57,7 +57,13 @@ buildPythonPackage rec {
|
||||
|
||||
disabledTestPaths = [
|
||||
"docs"
|
||||
# doctests that expect docs.txt in the wrong location
|
||||
"src/lightning_utilities/install/requirements.py"
|
||||
];
|
||||
|
||||
pytestFlagsArray = [
|
||||
# warns about distutils removal in python 3.12
|
||||
"-W" "ignore::DeprecationWarning"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -15,14 +15,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pdm-backend";
|
||||
version = "2.0.2";
|
||||
version = "2.0.5";
|
||||
format = "pyproject";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "pdm-project";
|
||||
repo = "pdm-backend";
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-3Wgc4kKQcE2FzfcqTs9jtfJ1Oj+qtHiDM4q8KuMNAak=";
|
||||
hash = "sha256-d5kr5pr9tBc6So0wTy3/ASgk8KTOf2AV8Vfsmml5Qh0=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = lib.optionals (pythonOlder "3.10") [
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pypdf";
|
||||
version = "3.5.1";
|
||||
version = "3.5.2";
|
||||
format = "pyproject";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
@ -33,7 +33,7 @@ buildPythonPackage rec {
|
||||
rev = "refs/tags/${version}";
|
||||
# fetch sample files used in tests
|
||||
fetchSubmodules = true;
|
||||
hash = "sha256-2Ewa6mTLSNiUFIplfmZDRXmoiX1IQMwg4wq5dAU0O+4=";
|
||||
hash = "sha256-f+M4sfUzDy8hxHUiWG9hyu0EYvnjNA46OtHzBSJdID0=";
|
||||
};
|
||||
|
||||
outputs = [
|
||||
|
44
pkgs/os-specific/linux/usbguard-notifier/default.nix
Normal file
44
pkgs/os-specific/linux/usbguard-notifier/default.nix
Normal file
@ -0,0 +1,44 @@
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
autoreconfHook,
|
||||
pkg-config,
|
||||
libqb,
|
||||
usbguard,
|
||||
librsvg,
|
||||
libnotify,
|
||||
catch2,
|
||||
asciidoc,
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "usbguard-notifier";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Cropi";
|
||||
repo = pname;
|
||||
rev = "${pname}-${version}";
|
||||
hash = "sha256-gWvCGSbOuey2ELAPD2WCG4q77IClL0S7rE2RaUJDc1I=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook pkg-config asciidoc ];
|
||||
buildInputs = [ libqb usbguard librsvg libnotify ];
|
||||
|
||||
configureFlags = [ "CPPFLAGS=-I${catch2}/include/catch2" ];
|
||||
|
||||
prePatch = ''
|
||||
substituteInPlace configure.ac \
|
||||
--replace 'AC_MSG_FAILURE([Cannot detect the systemd system unit dir])' \
|
||||
'systemd_unit_dir="$out/lib/systemd/user"'
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Notifications for detecting usbguard policy and device presence changes";
|
||||
homepage = "https://github.com/Cropi/usbguard-notifier";
|
||||
maintainers = with lib.maintainers; [ fpletz ];
|
||||
platforms = lib.platforms.linux;
|
||||
license = lib.licenses.gpl2Plus;
|
||||
};
|
||||
}
|
@ -178,11 +178,11 @@ self: with self; {
|
||||
# THIS IS A GENERATED FILE. DO NOT EDIT!
|
||||
fontalias = callPackage ({ stdenv, pkg-config, fetchurl }: stdenv.mkDerivation {
|
||||
pname = "font-alias";
|
||||
version = "1.0.4";
|
||||
version = "1.0.5";
|
||||
builder = ./builder.sh;
|
||||
src = fetchurl {
|
||||
url = "mirror://xorg/individual/font/font-alias-1.0.4.tar.bz2";
|
||||
sha256 = "0xjjjindczv3g7m1597l0x19zz75xy70wh5garghz61fpzl1l4gk";
|
||||
url = "mirror://xorg/individual/font/font-alias-1.0.5.tar.xz";
|
||||
sha256 = "0vkb5mybc0fjfq29lgf5w1b536bwifzkyj8ad9iy7q3kpcby52cz";
|
||||
};
|
||||
hardeningDisable = [ "bindnow" "relro" ];
|
||||
strictDeps = true;
|
||||
|
@ -135,7 +135,7 @@ mirror://xorg/individual/font/font-adobe-75dpi-1.0.3.tar.bz2
|
||||
mirror://xorg/individual/font/font-adobe-utopia-100dpi-1.0.4.tar.bz2
|
||||
mirror://xorg/individual/font/font-adobe-utopia-75dpi-1.0.4.tar.bz2
|
||||
mirror://xorg/individual/font/font-adobe-utopia-type1-1.0.4.tar.bz2
|
||||
mirror://xorg/individual/font/font-alias-1.0.4.tar.bz2
|
||||
mirror://xorg/individual/font/font-alias-1.0.5.tar.xz
|
||||
mirror://xorg/individual/font/font-arabic-misc-1.0.3.tar.bz2
|
||||
mirror://xorg/individual/font/font-bh-100dpi-1.0.3.tar.bz2
|
||||
mirror://xorg/individual/font/font-bh-75dpi-1.0.3.tar.bz2
|
||||
|
@ -7,16 +7,16 @@
|
||||
}:
|
||||
buildGoModule rec {
|
||||
pname = "aws-vault";
|
||||
version = "7.0.2";
|
||||
version = "7.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "99designs";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-uNe2dltwLoUBUH/p4CN6HCOvBsq2yASxxwkSEtkJRbQ=";
|
||||
sha256 = "sha256-ydg//2t+B02eXwnwsmECx+I8oluPf6dKntz7L6gWV88=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-CPn4JLIZz23ZNcl3LPJumx20WOXTI13s69MVo/Pof+s=";
|
||||
vendorHash = "sha256-4bJKDEZlO0DzEzTQ7m+SQuzhe+wKmL6wLueqgSz/46s=";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles makeWrapper ];
|
||||
|
||||
|
61
pkgs/tools/admin/balena-cli/default.nix
Normal file
61
pkgs/tools/admin/balena-cli/default.nix
Normal file
@ -0,0 +1,61 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchzip
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (stdenv.hostPlatform) system;
|
||||
throwSystem = throw "Unsupported system: ${system}";
|
||||
|
||||
plat = {
|
||||
x86_64-linux = "linux-x64";
|
||||
x86_64-darwin = "macOS-x64";
|
||||
# Balena only packages for x86 so we rely on Rosetta for Apple Silicon
|
||||
aarch64-darwin = "macOS-x64";
|
||||
x86_64-windows = "windows-x64";
|
||||
}.${system} or throwSystem;
|
||||
|
||||
sha256 = {
|
||||
x86_64-linux = "0gxki6w8p7ihv0zy02978hg8i242algiw0wpcajrvbx1ncbcb7yn";
|
||||
x86_64-darwin = "1ihxyf35px3s6q2yk4p3dy03rcj93hy96bj3pxqlv0rp05gnsf02";
|
||||
aarch64-darwin = "1ihxyf35px3s6q2yk4p3dy03rcj93hy96bj3pxqlv0rp05gnsf02";
|
||||
x86_64-windows = "104hc3qvs04l2hmjmp0bcjr5g5scp4frhprk1fpszziqhdmhwa40";
|
||||
}.${system} or throwSystem;
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "balena-cli";
|
||||
version = "15.1.1";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://github.com/balena-io/balena-cli/releases/download/v${version}/balena-cli-v${version}-${plat}-standalone.zip";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin
|
||||
cp -r ./* $out/
|
||||
|
||||
ln -s $out/balena $out/bin/balena
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "A command line interface for balenaCloud or openBalena";
|
||||
longDescription = ''
|
||||
The balena CLI is a Command Line Interface for balenaCloud or openBalena. It is a software
|
||||
tool available for Windows, macOS and Linux, used through a command prompt / terminal window.
|
||||
It can be used interactively or invoked in scripts. The balena CLI builds on the balena API
|
||||
and the balena SDK, and can also be directly imported in Node.js applications.
|
||||
'';
|
||||
homepage = "https://github.com/balena-io/balena-cli";
|
||||
changelog = "https://github.com/balena-io/balena-cli/blob/v${version}/CHANGELOG.md";
|
||||
license = licenses.asl20;
|
||||
maintainers = [ maintainers.kalebpace ];
|
||||
platforms = platforms.linux ++ platforms.darwin ++ platforms.cygwin ++ platforms.windows;
|
||||
sourceProvenance = [ sourceTypes.binaryNativeCode ];
|
||||
mainProgram = "balena";
|
||||
};
|
||||
}
|
@ -7,13 +7,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "tbls";
|
||||
version = "1.62.1";
|
||||
version = "1.63.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "k1LoW";
|
||||
repo = "tbls";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-x3Bh/xB/x71xNjVL5zqp1ag8TPQoxOpuOyDE1f54sGQ=";
|
||||
hash = "sha256-r0jCuSTNx5BVkJshPSAO5Wwz1C2Lw2AYXYA46cMB+qY=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-YrDQSySBplYgakgvb6BwK1AK6h0Usy8MvCndHSSYrlQ=";
|
||||
|
0
pkgs/tools/security/vault/update-bin.sh
Normal file → Executable file
0
pkgs/tools/security/vault/update-bin.sh
Normal file → Executable file
@ -2,7 +2,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "vault-bin";
|
||||
version = "1.12.2";
|
||||
version = "1.13.0";
|
||||
|
||||
src =
|
||||
let
|
||||
@ -16,11 +16,11 @@ stdenv.mkDerivation rec {
|
||||
aarch64-darwin = "darwin_arm64";
|
||||
};
|
||||
sha256 = selectSystem {
|
||||
x86_64-linux = "sha256-viBGcd6MmevCOKBmizzTKzcAQ93kcvg4dZE70dhy4O4=";
|
||||
aarch64-linux = "sha256-2Zy96bTP3N6CFCOJgPI0DTnsAvraBlFax3TeB+j/7Yw=";
|
||||
i686-linux = "sha256-PZLDSeg9d01iL6e+EoRjpXwnoA8DUwTFcKL7X3S26mw=";
|
||||
x86_64-darwin = "sha256-xV6bZVpTtEIZMeMVff+hmDKK7qVkItQ0ZRC0yycxad0=";
|
||||
aarch64-darwin = "sha256-K0b8O04ZSrKbuM8tu3nt2tI7FktOpqwHEpoNTWYJpm4=";
|
||||
x86_64-linux = "sha256-UIgFgfpqsWsjmyuU3Z/dA282S8gZ2RR2vUuvZngvQQk=";
|
||||
aarch64-linux = "sha256-IEuFgfWmRl5ewrA0GX0Rv/88EbWnuWLag2InZ1oHaiU=";
|
||||
i686-linux = "sha256-hm9SAZOanMckINTVUBQs+bn3X8p3m7gtw9F0gdMKJXA=";
|
||||
x86_64-darwin = "sha256-/tjJFCBgsBvGa6icNIXz8DCmiKjjcoIC9/3dcSK4400=";
|
||||
aarch64-darwin = "sha256-xdwSjDZdrUunhyBqZJMjuaFBI961JgU5mWw6UQr3oj0=";
|
||||
};
|
||||
in
|
||||
fetchzip {
|
||||
|
@ -1429,6 +1429,8 @@ with pkgs;
|
||||
|
||||
asleap = callPackage ../tools/networking/asleap { };
|
||||
|
||||
balena-cli = callPackage ../tools/admin/balena-cli { };
|
||||
|
||||
butler = callPackage ../games/itch/butler.nix {
|
||||
inherit (darwin.apple_sdk.frameworks) Cocoa;
|
||||
};
|
||||
@ -27184,6 +27186,8 @@ with pkgs;
|
||||
|
||||
usbguard = callPackage ../os-specific/linux/usbguard { };
|
||||
|
||||
usbguard-notifier = callPackage ../os-specific/linux/usbguard-notifier { };
|
||||
|
||||
usbrelay = callPackage ../os-specific/linux/usbrelay { };
|
||||
usbrelayd = callPackage ../os-specific/linux/usbrelay/daemon.nix { };
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user