diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index fa68e87eb11a..340a24cac087 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -10753,6 +10753,13 @@ githubId = 46386452; name = "Jeroen Wijenbergh"; }; + jwillikers = { + email = "jordan@jwillikers.com"; + github = "jwillikers"; + githubId = 19399197; + name = "Jordan Williams"; + keys = [ { fingerprint = "A6AB 406A F5F1 DE02 CEA3 B6F0 9FB4 2B0E 7F65 7D8C"; } ]; + }; jwygoda = { email = "jaroslaw@wygoda.me"; github = "jwygoda"; diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 9c9892d815ba..b40cabc5b37a 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -132,6 +132,8 @@ - [Gotenberg](https://gotenberg.dev), an API server for converting files to PDFs that can be used alongside Paperless-ngx. Available as [services.gotenberg](options.html#opt-services.gotenberg). +- [Suricata](https://suricata.io/), a free and open source, mature, fast and robust network threat detection engine. Available as [services.suricata](options.html#opt-services.suricata). + - [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld). - [MenhirLib](https://gitlab.inria.fr/fpottier/menhir/-/tree/master/coq-menhirlib) A support library for verified Coq parsers produced by Menhir. @@ -167,6 +169,8 @@ - [Veilid](https://veilid.com), a headless server that enables privacy-focused data sharing and messaging on a peer-to-peer network. Available as [services.veilid](#opt-services.veilid.enable). +- [Fedimint](https://github.com/fedimint/fedimint), a module based system for building federated applications (Federated E-Cash Mint). Available as [services.fedimintd](#opt-services.fedimintd). + ## Backward Incompatibilities {#sec-release-24.11-incompatibilities} - The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details. @@ -638,6 +642,8 @@ - `nix.channel.enable = false` no longer implies `nix.settings.nix-path = []`. Since Nix 2.13, a `nix-path` set in `nix.conf` cannot be overridden by the `NIX_PATH` configuration variable. +- ZFS now imports its pools in `postResumeCommands` rather than `postDeviceCommands`. If you had `postDeviceCommands` scripts that depended on ZFS pools being imported, those now need to be in `postResumeCommands`. + ## Detailed migration information {#sec-release-24.11-migration} ### `sound` options removal {#sec-release-24.11-migration-sound} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index fe67d39e70f9..dabeebb34e1e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1031,6 +1031,7 @@ ./services/networking/expressvpn.nix ./services/networking/fakeroute.nix ./services/networking/fastnetmon-advanced.nix + ./services/networking/fedimintd.nix ./services/networking/ferm.nix ./services/networking/firefox-syncserver.nix ./services/networking/fireqos.nix diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix b/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix index ba438ea74a3b..9028d1fd5a66 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix @@ -21,8 +21,8 @@ in }; leasesPath = mkOption { type = types.path; - default = "/var/lib/misc/dnsmasq.leases"; - example = "/var/lib/dnsmasq/dnsmasq.leases"; + default = "/var/lib/dnsmasq/dnsmasq.leases"; + example = "/var/lib/misc/dnsmasq.leases"; description = '' Path to the `dnsmasq.leases` file. ''; diff --git a/nixos/modules/services/networking/fedimintd.nix b/nixos/modules/services/networking/fedimintd.nix new file mode 100644 index 000000000000..1ede3a50553d --- /dev/null +++ b/nixos/modules/services/networking/fedimintd.nix @@ -0,0 +1,304 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) + concatLists + filterAttrs + mapAttrs' + mapAttrsToList + mkEnableOption + mkIf + mkOption + mkOverride + mkPackageOption + nameValuePair + recursiveUpdate + types + ; + + fedimintdOpts = + { + config, + lib, + name, + ... + }: + { + options = { + enable = mkEnableOption "fedimintd"; + + package = mkPackageOption pkgs "fedimint" { }; + + environment = mkOption { + type = types.attrsOf types.str; + description = "Extra Environment variables to pass to the fedimintd."; + default = { + RUST_BACKTRACE = "1"; + }; + example = { + RUST_LOG = "info,fm=debug"; + RUST_BACKTRACE = "1"; + }; + }; + + p2p = { + openFirewall = mkOption { + type = types.bool; + default = true; + description = "Opens port in firewall for fedimintd's p2p port"; + }; + port = mkOption { + type = types.port; + default = 8173; + description = "Port to bind on for p2p connections from peers"; + }; + bind = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "Address to bind on for p2p connections from peers"; + }; + url = mkOption { + type = types.str; + example = "fedimint://p2p.myfedimint.com"; + description = '' + Public address for p2p connections from peers + ''; + }; + }; + api = { + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Opens port in firewall for fedimintd's api port"; + }; + port = mkOption { + type = types.port; + default = 8174; + description = "Port to bind on for API connections relied by the reverse proxy/tls terminator."; + }; + bind = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Address to bind on for API connections relied by the reverse proxy/tls terminator."; + }; + url = mkOption { + type = types.str; + description = '' + Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`. + ''; + }; + }; + bitcoin = { + network = mkOption { + type = types.str; + default = "signet"; + example = "bitcoin"; + description = "Bitcoin network to participate in."; + }; + rpc = { + url = mkOption { + type = types.str; + default = "http://127.0.0.1:38332"; + example = "signet"; + description = "Bitcoin node (bitcoind/electrum/esplora) address to connect to"; + }; + + kind = mkOption { + type = types.str; + default = "bitcoind"; + example = "electrum"; + description = "Kind of a bitcoin node."; + }; + + secretFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + If set the URL specified in `bitcoin.rpc.url` will get the content of this file added + as an URL password, so `http://user@example.com` will turn into `http://user:SOMESECRET@example.com`. + + Example: + + `/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public` (for nix-bitcoin default) + ''; + }; + }; + }; + + consensus.finalityDelay = mkOption { + type = types.ints.unsigned; + default = 10; + description = "Consensus peg-in finality delay."; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/fedimintd-${name}/"; + readOnly = true; + description = '' + Path to the data dir fedimintd will use to store its data. + Note that due to using the DynamicUser feature of systemd, this value should not be changed + and is set to be read only. + ''; + }; + + nginx = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to configure nginx for fedimintd + ''; + }; + fqdn = mkOption { + type = types.str; + example = "api.myfedimint.com"; + description = "Public domain of the API address of the reverse proxy/tls terminator."; + }; + config = mkOption { + type = types.submodule ( + recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { + inherit config lib; + }) { } + ); + default = { }; + description = "Overrides to the nginx vhost section for api"; + }; + }; + }; + }; +in +{ + options = { + services.fedimintd = mkOption { + type = types.attrsOf (types.submodule fedimintdOpts); + default = { }; + description = "Specification of one or more fedimintd instances."; + }; + }; + + config = + let + eachFedimintd = filterAttrs (fedimintdName: cfg: cfg.enable) config.services.fedimintd; + eachFedimintdNginx = filterAttrs (fedimintdName: cfg: cfg.nginx.enable) eachFedimintd; + in + mkIf (eachFedimintd != { }) { + + networking.firewall.allowedTCPPorts = concatLists ( + mapAttrsToList ( + fedimintdName: cfg: + (lib.optional cfg.api.openFirewall cfg.api.port ++ lib.optional cfg.p2p.openFirewall cfg.p2p.port) + ) eachFedimintd + ); + + systemd.services = mapAttrs' ( + fedimintdName: cfg: + (nameValuePair "fedimintd-${fedimintdName}" ( + let + startScript = pkgs.writeShellScript "fedimintd-start" ( + ( + if cfg.bitcoin.rpc.secretFile != null then + '' + secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}") + prefix="''${FM_BITCOIN_RPC_URL%*@*}" # Everything before the last '@' + suffix="''${FM_BITCOIN_RPC_URL##*@}" # Everything after the last '@' + FM_BITCOIN_RPC_URL="''${prefix}:''${secret}@''${suffix}" + '' + else + "" + ) + + '' + exec ${cfg.package}/bin/fedimintd + '' + ); + in + { + description = "Fedimint Server"; + documentation = [ "https://github.com/fedimint/fedimint/" ]; + wantedBy = [ "multi-user.target" ]; + environment = lib.mkMerge [ + { + FM_BIND_P2P = "${cfg.p2p.bind}:${toString cfg.p2p.port}"; + FM_BIND_API = "${cfg.api.bind}:${toString cfg.api.port}"; + FM_P2P_URL = cfg.p2p.url; + FM_API_URL = cfg.api.url; + FM_DATA_DIR = cfg.dataDir; + FM_BITCOIN_NETWORK = cfg.bitcoin.network; + FM_BITCOIN_RPC_URL = cfg.bitcoin.rpc.url; + FM_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind; + } + cfg.environment + ]; + serviceConfig = { + DynamicUser = true; + + StateDirectory = "fedimintd-${fedimintdName}"; + StateDirectoryMode = "0700"; + ExecStart = startScript; + + Restart = "always"; + RestartSec = 10; + StartLimitBurst = 5; + UMask = "007"; + LimitNOFILE = "100000"; + + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "full"; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + }; + } + )) + ) eachFedimintd; + + services.nginx.virtualHosts = mapAttrs' ( + fedimintdName: cfg: + (nameValuePair cfg.nginx.fqdn ( + lib.mkMerge [ + cfg.nginx.config + + { + # Note: we want by default to enable OpenSSL, but it seems anything 100 and above is + # overriden by default value from vhost-options.nix + enableACME = mkOverride 99 true; + forceSSL = mkOverride 99 true; + # Currently Fedimint API only support JsonRPC on `/ws/` endpoint, so no need to handle `/` + locations."/ws/" = { + proxyPass = "http://127.0.0.1:${toString cfg.api.port}/"; + proxyWebsockets = true; + extraConfig = '' + proxy_pass_header Authorization; + ''; + }; + } + ] + )) + ) eachFedimintdNginx; + }; + + meta.maintainers = with lib.maintainers; [ dpc ]; +} diff --git a/nixos/modules/services/networking/suricata/default.nix b/nixos/modules/services/networking/suricata/default.nix new file mode 100644 index 000000000000..5473fc913ebc --- /dev/null +++ b/nixos/modules/services/networking/suricata/default.nix @@ -0,0 +1,282 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.services.suricata; + pkg = cfg.package; + yaml = pkgs.formats.yaml { }; + inherit (lib) + mkEnableOption + mkPackageOption + mkOption + types + literalExpression + filterAttrsRecursive + concatStringsSep + strings + lists + mkIf + ; +in +{ + meta.maintainers = with lib.maintainers; [ felbinger ]; + + options.services.suricata = { + enable = mkEnableOption "Suricata"; + + package = mkPackageOption pkgs "suricata" { }; + + configFile = mkOption { + type = types.path; + visible = false; + default = pkgs.writeTextFile { + name = "suricata.yaml"; + text = '' + %YAML 1.1 + --- + ${builtins.readFile ( + yaml.generate "suricata-settings-raw.yaml" ( + filterAttrsRecursive (name: value: value != null) cfg.settings + ) + )} + ''; + }; + description = '' + Configuration file for suricata. + + It is not usual to override the default values; it is recommended to use `settings`. + If you want to include extra configuration to the file, use the `settings.includes`. + ''; + }; + + settings = mkOption { + type = types.submodule (import ./settings.nix { inherit config lib yaml; }); + example = literalExpression '' + vars.address-groups.HOME_NET = "192.168.178.0/24"; + outputs = [ + { + fast = { + enabled = true; + filename = "fast.log"; + append = "yes"; + }; + } + { + eve-log = { + enabled = true; + filetype = "regular"; + filename = "eve.json"; + community-id = true; + types = [ + { + alert.tagged-packets = "yes"; + } + ]; + }; + } + ]; + af-packet = [ + { + interface = "eth0"; + cluster-id = "99"; + cluster-type = "cluster_flow"; + defrag = "yes"; + } + { + interface = "default"; + } + ]; + af-xdp = [ + { + interface = "eth1"; + } + ]; + dpdk.interfaces = [ + { + interface = "eth2"; + } + ]; + pcap = [ + { + interface = "eth3"; + } + ]; + app-layer.protocols = { + telnet.enabled = "yes"; + dnp3.enabled = "yes"; + modbus.enabled = "yes"; + }; + ''; + description = "Suricata settings"; + }; + + enabledSources = mkOption { + type = types.listOf types.str; + # see: nix-shell -p suricata python3Packages.pyyaml --command 'suricata-update list-sources' + default = [ + "et/open" + "etnetera/aggressive" + "stamus/lateral" + "oisf/trafficid" + "tgreen/hunting" + "sslbl/ja3-fingerprints" + "sslbl/ssl-fp-blacklist" + "malsilo/win-malware" + "pawpatrules" + ]; + description = '' + List of sources that should be enabled. + Currently sources which require a secret-code are not supported. + ''; + }; + + disabledRules = mkOption { + type = types.listOf types.str; + # protocol dnp3 seams to be disabled, which causes the signature evaluation to fail, so we disable the + # dnp3 rules, see https://github.com/OISF/suricata/blob/master/rules/dnp3-events.rules for more details + default = [ + "2270000" + "2270001" + "2270002" + "2270003" + "2270004" + ]; + description = '' + List of rules that should be disabled. + ''; + }; + }; + + config = + let + captureInterfaces = + let + inherit (lists) unique optionals; + in + unique ( + map (e: e.interface) ( + (optionals (cfg.settings.af-packet != null) cfg.settings.af-packet) + ++ (optionals (cfg.settings.af-xdp != null) cfg.settings.af-xdp) + ++ (optionals ( + cfg.settings.dpdk != null && cfg.settings.dpdk.interfaces != null + ) cfg.settings.dpdk.interfaces) + ++ (optionals (cfg.settings.pcap != null) cfg.settings.pcap) + ) + ); + in + mkIf cfg.enable { + assertions = [ + { + assertion = (builtins.length captureInterfaces) > 0; + message = '' + At least one capture interface must be configured: + - `services.suricata.settings.af-packet` + - `services.suricata.settings.af-xdp` + - `services.suricata.settings.dpdk.interfaces` + - `services.suricata.settings.pcap` + ''; + } + ]; + + boot.kernelModules = mkIf (cfg.settings.af-packet != null) [ "af_packet" ]; + + users = { + groups.${cfg.settings.run-as.group} = { }; + users.${cfg.settings.run-as.user} = { + group = cfg.settings.run-as.group; + isSystemUser = true; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.settings."default-log-dir"} 755 ${cfg.settings.run-as.user} ${cfg.settings.run-as.group}" + "d /var/lib/suricata 755 ${cfg.settings.run-as.user} ${cfg.settings.run-as.group}" + "d ${cfg.settings."default-rule-path"} 755 ${cfg.settings.run-as.user} ${cfg.settings.run-as.group}" + ]; + + systemd.services = { + suricata-update = { + description = "Update Suricata Rules"; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + script = + let + python = pkgs.python3.withPackages (ps: with ps; [ pyyaml ]); + enabledSourcesCmds = map ( + src: "${python.interpreter} ${pkg}/bin/suricata-update enable-source ${src}" + ) cfg.enabledSources; + in + '' + ${concatStringsSep "\n" enabledSourcesCmds} + ${python.interpreter} ${pkg}/bin/suricata-update update-sources + ${python.interpreter} ${pkg}/bin/suricata-update update --suricata-conf ${cfg.configFile} --no-test \ + --disable-conf ${pkgs.writeText "suricata-disable-conf" "${concatStringsSep "\n" cfg.disabledRules}"} + ''; + serviceConfig = { + Type = "oneshot"; + + PrivateTmp = true; + PrivateDevices = true; + PrivateIPC = true; + + DynamicUser = true; + User = cfg.settings.run-as.user; + Group = cfg.settings.run-as.group; + + ReadOnlyPaths = cfg.configFile; + ReadWritePaths = [ + "/var/lib/suricata" + cfg.settings."default-rule-path" + ]; + }; + }; + suricata = { + description = "Suricata"; + wantedBy = [ "multi-user.target" ]; + after = [ "suricata-update.service" ]; + serviceConfig = + let + interfaceOptions = strings.concatMapStrings (interface: " -i ${interface}") captureInterfaces; + in + { + ExecStartPre = "!${pkg}/bin/suricata -c ${cfg.configFile} -T"; + ExecStart = "!${pkg}/bin/suricata -c ${cfg.configFile}${interfaceOptions}"; + Restart = "on-failure"; + + User = cfg.settings.run-as.user; + Group = cfg.settings.run-as.group; + + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateIPC = true; + ProtectSystem = "strict"; + DevicePolicy = "closed"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + ProtectHostname = true; + ProtectProc = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProcSubset = "pid"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + RemoveIPC = true; + + ReadOnlyPaths = cfg.configFile; + ReadWritePaths = cfg.settings."default-log-dir"; + RuntimeDirectory = "suricata"; + }; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/suricata/settings.nix b/nixos/modules/services/networking/suricata/settings.nix new file mode 100644 index 000000000000..f96d78ca66d5 --- /dev/null +++ b/nixos/modules/services/networking/suricata/settings.nix @@ -0,0 +1,625 @@ +{ + lib, + config, + yaml, + ... +}: +let + cfg = config.services.suricata; + inherit (lib) + mkEnableOption + mkOption + types + literalExpression + ; + mkDisableOption = + name: + mkEnableOption name + // { + default = true; + example = false; + }; +in +{ + freeformType = yaml.type; + options = { + vars = mkOption { + type = types.nullOr ( + types.submodule { + options = { + address-groups = mkOption { + type = ( + types.submodule { + options = { + HOME_NET = mkOption { default = "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"; }; + EXTERNAL_NET = mkOption { default = "!$HOME_NET"; }; + HTTP_SERVERS = mkOption { default = "$HOME_NET"; }; + SMTP_SERVERS = mkOption { default = "$HOME_NET"; }; + SQL_SERVERS = mkOption { default = "$HOME_NET"; }; + DNS_SERVERS = mkOption { default = "$HOME_NET"; }; + TELNET_SERVERS = mkOption { default = "$HOME_NET"; }; + AIM_SERVERS = mkOption { default = "$EXTERNAL_NET"; }; + DC_SERVERS = mkOption { default = "$HOME_NET"; }; + DNP3_SERVER = mkOption { default = "$HOME_NET"; }; + DNP3_CLIENT = mkOption { default = "$HOME_NET"; }; + MODBUS_CLIENT = mkOption { default = "$HOME_NET"; }; + MODBUS_SERVER = mkOption { default = "$HOME_NET"; }; + ENIP_CLIENT = mkOption { default = "$HOME_NET"; }; + ENIP_SERVER = mkOption { default = "$HOME_NET"; }; + }; + } + ); + default = { }; + example = { + HOME_NET = "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"; + EXTERNAL_NET = "!$HOME_NET"; + HTTP_SERVERS = "$HOME_NET"; + SMTP_SERVERS = "$HOME_NET"; + SQL_SERVERS = "$HOME_NET"; + DNS_SERVERS = "$HOME_NET"; + TELNET_SERVERS = "$HOME_NET"; + AIM_SERVERS = "$EXTERNAL_NET"; + DC_SERVERS = "$HOME_NET"; + DNP3_SERVER = "$HOME_NET"; + DNP3_CLIENT = "$HOME_NET"; + MODBUS_CLIENT = "$HOME_NET"; + MODBUS_SERVER = "$HOME_NET"; + ENIP_CLIENT = "$HOME_NET"; + ENIP_SERVER = "$HOME_NET"; + }; + description = '' + The address group variables for suricata, if not defined the + default value of suricata (see example) will be used. + Your settings will extend the predefined values in example. + ''; + }; + + port-groups = mkOption { + type = with types; nullOr (attrsOf str); + default = { + HTTP_PORTS = "80"; + SHELLCODE_PORTS = "!80"; + ORACLE_PORTS = "1521"; + SSH_PORTS = "22"; + DNP3_PORTS = "20000"; + MODBUS_PORTS = "502"; + FILE_DATA_PORTS = "[$HTTP_PORTS,110,143]"; + FTP_PORTS = "21"; + GENEVE_PORTS = "6081"; + VXLAN_PORTS = "4789"; + TEREDO_PORTS = "3544"; + }; + description = '' + The port group variables for suricata. + ''; + }; + }; + } + ); + default = { }; # add default values to config + }; + + stats = mkOption { + type = + with types; + nullOr (submodule { + options = { + enable = mkEnableOption "suricata global stats"; + + interval = mkOption { + type = types.str; + default = "8"; + description = '' + The interval field (in seconds) controls the interval at + which stats are updated in the log. + ''; + }; + + decoder-events = mkOption { + type = types.bool; + default = true; + description = '' + Add decode events to stats + ''; + }; + + decoder-events-prefix = mkOption { + type = types.str; + default = "decoder.event"; + description = '' + Decoder event prefix in stats. Has been 'decoder' before, but that leads + to missing events in the eve.stats records. + ''; + }; + + stream-events = mkOption { + type = types.bool; + default = false; + description = '' + Add stream events as stats. + ''; + }; + }; + }); + default = null; # do not add to config unless specified + }; + + plugins = mkOption { + type = with types; nullOr (listOf path); + default = null; + description = '' + Plugins -- Experimental -- specify the filename for each plugin shared object + ''; + }; + + outputs = mkOption { + type = + with types; + nullOr ( + listOf ( + attrsOf (submodule { + freeformType = yaml.type; + options = { + enabled = mkEnableOption ""; + }; + }) + ) + ); + default = null; + example = literalExpression '' + [ + { + fast = { + enabled = "yes"; + filename = "fast.log"; + append = "yes"; + }; + } + { + eve-log = { + enabled = "yes"; + filetype = "regular"; + filename = "eve.json"; + community-id = true; + types = [ + { + alert.tagged-packets = "yes"; + } + ]; + }; + } + ]; + ''; + description = '' + Configure the type of alert (and other) logging you would like. + + Valid values for are e. g. `fast`, `eve-log`, `syslog`, `file-store`, ... + - `fast`: a line based alerts log similar to Snort's fast.log + - `eve-log`: Extensible Event Format (nicknamed EVE) event log in JSON format + + For more details regarding the configuration, checkout the shipped suricata.yaml + ```shell + nix-shell -p suricata yq coreutils-full --command 'yq < $(dirname $(which suricata))/../etc/suricata/suricata.yaml' + ``` + and the [suricata documentation](https://docs.suricata.io/en/latest/output/index.html). + ''; + }; + + "default-log-dir" = mkOption { + type = types.str; + default = "/var/log/suricata"; + description = '' + The default logging directory. Any log or output file will be placed here if it's + not specified with a full path name. This can be overridden with the -l command + line parameter. + ''; + }; + + logging = { + "default-log-level" = mkOption { + type = types.enum [ + "error" + "warning" + "notice" + "info" + "perf" + "config" + "debug" + ]; + default = "notice"; + description = '' + The default log level: can be overridden in an output section. + Note that debug level logging will only be emitted if Suricata was + compiled with the --enable-debug configure option. + ''; + }; + + "default-log-format" = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The default output format. Optional parameter, should default to + something reasonable if not provided. Can be overridden in an + output section. You can leave this out to get the default. + ''; + }; + + "default-output-filter" = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + A regex to filter output. Can be overridden in an output section. + Defaults to empty (no filter). + ''; + }; + + "stacktrace-on-signal" = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Requires libunwind to be available when Suricata is configured and built. + If a signal unexpectedly terminates Suricata, displays a brief diagnostic + message with the offending stacktrace if enabled. + ''; + }; + + outputs = { + console = { + enable = mkDisableOption "logging to console"; + }; + file = { + enable = mkDisableOption "logging to file"; + + level = mkOption { + type = types.enum [ + "error" + "warning" + "notice" + "info" + "perf" + "config" + "debug" + ]; + default = "info"; + description = '' + Loglevel for logs written to the logfile + ''; + }; + + filename = mkOption { + type = types.str; + default = "suricata.log"; + description = '' + Filename of the logfile + ''; + }; + + format = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Logformat for logs written to the logfile + ''; + }; + + type = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Type of logfile + ''; + }; + }; + syslog = { + enable = mkEnableOption "logging to syslog"; + + facility = mkOption { + type = types.str; + default = "local5"; + description = '' + Facility to log to + ''; + }; + + format = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Logformat for logs send to syslog + ''; + }; + + type = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Type of logs send to syslog + ''; + }; + }; + }; + }; + + "af-packet" = mkOption { + type = + with types; + nullOr ( + listOf (submodule { + freeformType = yaml.type; + options = { + interface = mkOption { + type = types.str; + default = null; + }; + }; + }) + ); + default = null; + description = '' + Linux high speed capture support + ''; + }; + + "af-xdp" = mkOption { + type = + with types; + nullOr ( + listOf (submodule { + freeformType = yaml.type; + options = { + interface = mkOption { + type = types.str; + default = null; + }; + }; + }) + ); + default = null; + description = '' + Linux high speed af-xdp capture support, see + [docs/capture-hardware/af-xdp](https://docs.suricata.io/en/suricata-7.0.3/capture-hardware/af-xdp.html) + ''; + }; + + "dpdk" = mkOption { + type = + with types; + nullOr (submodule { + options = { + eal-params.proc-type = mkOption { + type = with types; nullOr str; + default = null; + }; + interfaces = mkOption { + type = + with types; + nullOr ( + listOf (submodule { + freeformType = yaml.type; + options = { + interface = mkOption { + type = types.str; + default = null; + }; + }; + }) + ); + default = null; + }; + }; + }); + default = null; + description = '' + DPDK capture support, see + [docs/capture-hardware/dpdk](https://docs.suricata.io/en/suricata-7.0.3/capture-hardware/dpdk.html) + ''; + }; + + "pcap" = mkOption { + type = + with types; + nullOr ( + listOf (submodule { + freeformType = yaml.type; + options = { + interface = mkOption { + type = types.str; + default = null; + }; + }; + }) + ); + default = null; + description = '' + Cross platform libpcap capture support + ''; + }; + + "pcap-file".checksum-checks = mkOption { + type = types.enum [ + "yes" + "no" + "auto" + ]; + default = "auto"; + description = '' + Possible values are: + - yes: checksum validation is forced + - no: checksum validation is disabled + - auto: Suricata uses a statistical approach to detect when + checksum off-loading is used. (default) + Warning: 'checksum-validation' must be set to yes to have checksum tested + ''; + }; + + "app-layer" = mkOption { + type = + with types; + nullOr (submodule { + options = { + "error-policy" = mkOption { + type = types.enum [ + "drop-flow" + "pass-flow" + "bypass" + "drop-packet" + "pass-packet" + "reject" + "ignore" + ]; + default = "ignore"; + description = '' + The error-policy setting applies to all app-layer parsers. Values can be + "drop-flow", "pass-flow", "bypass", "drop-packet", "pass-packet", "reject" or + "ignore" (the default). + ''; + }; + protocols = mkOption { + type = + with types; + nullOr ( + attrsOf (submodule { + freeformType = yaml.type; + options = { + enabled = mkOption { + type = types.enum [ + "yes" + "no" + "detection-only" + ]; + default = "no"; + description = '' + The option "enabled" takes 3 values - "yes", "no", "detection-only". + "yes" enables both detection and the parser, "no" disables both, and + "detection-only" enables protocol detection only (parser disabled). + ''; + }; + }; + }) + ); + default = null; + }; + }; + }); + default = null; # do not add to config unless specified + }; + + "run-as" = { + user = mkOption { + type = types.str; + default = "suricata"; + description = "Run Suricata with a specific user-id"; + }; + group = mkOption { + type = types.str; + default = "suricata"; + description = "Run Suricata with a specific group-id"; + }; + }; + + "host-mode" = mkOption { + type = types.enum [ + "router" + "sniffer-only" + "auto" + ]; + default = "auto"; + description = '' + If the Suricata box is a router for the sniffed networks, set it to 'router'. If + it is a pure sniffing setup, set it to 'sniffer-only'. If set to auto, the variable + is internally switched to 'router' in IPS mode and 'sniffer-only' in IDS mode. + This feature is currently only used by the reject* keywords. + ''; + }; + + "unix-command" = mkOption { + type = + with types; + nullOr (submodule { + options = { + enabled = mkOption { + type = types.either types.bool (types.enum [ "auto" ]); + default = "auto"; + }; + filename = mkOption { + type = types.path; + default = "/run/suricata/suricata-command.socket"; + }; + }; + }); + default = { }; + description = '' + Unix command socket that can be used to pass commands to Suricata. + An external tool can then connect to get information from Suricata + or trigger some modifications of the engine. Set enabled to yes + to activate the feature. In auto mode, the feature will only be + activated in live capture mode. You can use the filename variable to set + the file name of the socket. + ''; + }; + + "exception-policy" = mkOption { + type = types.enum [ + "auto" + "drop-packet" + "drop-flow" + "reject" + "bypass" + "pass-packet" + "pass-flow" + "ignore" + ]; + default = "auto"; + description = '' + Define a common behavior for all exception policies. + In IPS mode, the default is drop-flow. For cases when that's not possible, the + engine will fall to drop-packet. To fallback to old behavior (setting each of + them individually, or ignoring all), set this to ignore. + All values available for exception policies can be used, and there is one + extra option: auto - which means drop-flow or drop-packet (as explained above) + in IPS mode, and ignore in IDS mode. Exception policy values are: drop-packet, + drop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable). + ''; + }; + + "default-rule-path" = mkOption { + type = types.path; + default = "/var/lib/suricata/rules"; + description = "Path in which suricata-update managed rules are stored by default"; + }; + + "rule-files" = mkOption { + type = types.listOf types.str; + default = [ "suricata.rules" ]; + description = "Files to load suricata-update managed rules, relative to 'default-rule-path'"; + }; + + "classification-file" = mkOption { + type = types.str; + default = "/var/lib/suricata/rules/classification.config"; + description = "Suricata classification configuration file"; + }; + + "reference-config-file" = mkOption { + type = types.str; + default = "${cfg.package}/etc/suricata/reference.config"; + description = "Suricata reference configuration file"; + }; + + "threshold-file" = mkOption { + type = types.str; + default = "${cfg.package}/etc/suricata/threshold.config"; + description = "Suricata threshold configuration file"; + }; + + includes = mkOption { + type = with types; nullOr (listOf path); + default = null; + description = '' + Files to include in the suricata configuration. See + [docs/configuration/suricata-yaml](https://docs.suricata.io/en/suricata-7.0.3/configuration/suricata-yaml.html) + for available options. + ''; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 69fe04c1bda8..3622c3474ec7 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -322,6 +322,7 @@ in { fancontrol = handleTest ./fancontrol.nix {}; fanout = handleTest ./fanout.nix {}; fcitx5 = handleTest ./fcitx5 {}; + fedimintd = runTest ./fedimintd.nix; fenics = handleTest ./fenics.nix {}; ferm = handleTest ./ferm.nix {}; ferretdb = handleTest ./ferretdb.nix {}; @@ -942,6 +943,7 @@ in { sudo = handleTest ./sudo.nix {}; sudo-rs = handleTest ./sudo-rs.nix {}; sunshine = handleTest ./sunshine.nix {}; + suricata = handleTest ./suricata.nix {}; suwayomi-server = handleTest ./suwayomi-server.nix {}; swap-file-btrfs = handleTest ./swap-file-btrfs.nix {}; swap-partition = handleTest ./swap-partition.nix {}; diff --git a/nixos/tests/fedimintd.nix b/nixos/tests/fedimintd.nix new file mode 100644 index 000000000000..19e92b43da65 --- /dev/null +++ b/nixos/tests/fedimintd.nix @@ -0,0 +1,37 @@ +# This test runs the fedimintd and verifies that it starts + +{ pkgs, ... }: + +{ + name = "fedimintd"; + + meta = with pkgs.lib.maintainers; { + maintainers = [ dpc ]; + }; + + nodes.machine = + { ... }: + { + services.fedimintd."mainnet" = { + enable = true; + p2p = { + url = "fedimint://example.com"; + }; + api = { + url = "wss://example.com"; + }; + environment = { + "FM_REL_NOTES_ACK" = "0_4_xyz"; + }; + }; + }; + + testScript = + { nodes, ... }: + '' + start_all() + + machine.wait_for_unit("fedimintd-mainnet.service") + machine.wait_for_open_port(${toString nodes.machine.services.fedimintd.mainnet.api.port}) + ''; +} diff --git a/nixos/tests/suricata.nix b/nixos/tests/suricata.nix new file mode 100644 index 000000000000..e1cdd91aaaa2 --- /dev/null +++ b/nixos/tests/suricata.nix @@ -0,0 +1,86 @@ +import ./make-test-python.nix ( + { lib, pkgs, ... }: + { + name = "suricata"; + meta.maintainers = with lib.maintainers; [ felbinger ]; + + nodes = { + ids = { + imports = [ + ../modules/profiles/minimal.nix + ../modules/services/networking/suricata/default.nix + ]; + + networking.interfaces.eth1 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.1.2"; + prefixLength = 24; + } + ]; + }; + + # disable suricata-update because this requires an Internet connection + systemd.services.suricata-update.enable = false; + + # install suricata package to make suricatasc program available + environment.systemPackages = with pkgs; [ suricata ]; + + services.suricata = { + enable = true; + settings = { + vars.address-groups.HOME_NET = "192.168.1.0/24"; + unix-command.enabled = true; + outputs = [ { fast.enabled = true; } ]; + af-packet = [ { interface = "eth1"; } ]; + classification-file = "${pkgs.suricata}/etc/suricata/classification.config"; + }; + }; + + # create suricata.rules with the rule to detect the output of the id command + systemd.tmpfiles.rules = [ + ''f /var/lib/suricata/rules/suricata.rules 644 suricata suricata 0 alert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:2100498; rev:7; metadata:created_at 2010_09_23, updated_at 2019_07_26;)'' + ]; + }; + helper = { + imports = [ ../modules/profiles/minimal.nix ]; + + networking.interfaces.eth1 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.1.1"; + prefixLength = 24; + } + ]; + }; + + services.nginx = { + enable = true; + virtualHosts."localhost".locations = { + "/id/".return = "200 'uid=0(root) gid=0(root) groups=0(root)'"; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + + testScript = '' + start_all() + + # check that configuration has been applied correctly with suricatasc + with subtest("suricata configuration test"): + ids.wait_for_unit("suricata.service") + assert '1' in ids.succeed("suricatasc -c 'iface-list' | ${pkgs.jq}/bin/jq .message.count") + + # test detection of events based on a static ruleset (output of id command) + with subtest("suricata rule test"): + helper.wait_for_unit("nginx.service") + ids.wait_for_unit("suricata.service") + + ids.succeed("curl http://192.168.1.1/id/") + assert "id check returned root [**] [Classification: Potentially Bad Traffic]" in ids.succeed("tail -n 1 /var/log/suricata/fast.log"), "Suricata didn't detect the output of id comment" + ''; + } +) diff --git a/pkgs/applications/audio/songrec/default.nix b/pkgs/applications/audio/songrec/default.nix index 37d69bcd48a1..a682c2b0df3c 100644 --- a/pkgs/applications/audio/songrec/default.nix +++ b/pkgs/applications/audio/songrec/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "songrec"; - version = "0.4.2"; + version = "0.4.3"; src = fetchFromGitHub { owner = "marin-m"; repo = pname; rev = version; - hash = "sha256-S44gtyz6L6uaLm3q75y8S4NJb77Vfy+Sd+J06IroHIM="; + hash = "sha256-pTonrxlYvfuLRKMXW0Lao4KCoNFlMzE9rH+hwpa60JY="; }; - cargoHash = "sha256-f2xAWh+y0Jw7QVLZBkajMLN3ocCyRsR480ai7+07LM4="; + cargoHash = "sha256-2BXUZD63xzHpUi8lk2fV5qBmeq6Gzpq0uEcKfbReANI="; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/applications/editors/vim/plugins/overrides.nix b/pkgs/applications/editors/vim/plugins/overrides.nix index cbf552106b3c..dc8151306bcd 100644 --- a/pkgs/applications/editors/vim/plugins/overrides.nix +++ b/pkgs/applications/editors/vim/plugins/overrides.nix @@ -587,19 +587,19 @@ in cord-nvim = let - version = "2024-07-19"; + version = "0-unstable-2024-09-26"; src = fetchFromGitHub { owner = "vyfor"; repo = "cord.nvim"; - rev = "cd97c25320fb0a672b11bcd95d8332bb3088ecce"; - hash = "sha256-66NtKteM1mvHP5wAU4e9JbsF+bq91lmCDcTh/6RPhoo="; + rev = "a26b00d58c42174aadf975917b49cec67650545f"; + hash = "sha256-jUxBvWnj0+axuw2SZ2zLzlhZS0tu+Bk8+wHtXENofkw="; }; extension = if stdenv.hostPlatform.isDarwin then "dylib" else "so"; rustPackage = rustPlatform.buildRustPackage { pname = "cord.nvim-rust"; inherit version src; - cargoHash = "sha256-6FYf4pHEPxvhKHHPmkjQ40zPxaiypnpDxF8kNH+h+tg="; + cargoHash = "sha256-M5mTdBACTaUVZhPpMOf1KQ3BcQpEoD2isAKRn+iAWjc="; installPhase = let cargoTarget = stdenv.hostPlatform.rust.cargoShortTarget; diff --git a/pkgs/applications/editors/vscode/extensions/equinusocio.vsc-material-theme/default.nix b/pkgs/applications/editors/vscode/extensions/equinusocio.vsc-material-theme/default.nix index c85d7c271280..79d080cb13e8 100644 --- a/pkgs/applications/editors/vscode/extensions/equinusocio.vsc-material-theme/default.nix +++ b/pkgs/applications/editors/vscode/extensions/equinusocio.vsc-material-theme/default.nix @@ -4,22 +4,16 @@ vscode-utils.buildVscodeMarketplaceExtension { mktplcRef = { name = "vsc-material-theme"; publisher = "Equinusocio"; - version = "34.3.1"; - hash = "sha256-3yxFTMtjJR1b4EzBDfm55HF9chrya5OUF5wN+KHEduE="; + version = "34.7.5"; + hash = "sha256-6YMr64MTtJrmMMMPW/s6hMh/IilDqLMrspKRPT4uSpM="; }; - # extensions wants to write at the /nix/store path, so we patch it to use the globalStorageUri instead. - prePatch = '' - substituteInPlace ./build/core/extension-manager.js \ - --replace-fail "path_1.posix.join(extensionFolderUri.path, env_1.USER_CONFIG_FILE_NAME)" "path_1.posix.join(ExtensionContext.globalStorageUri.fsPath, env_1.USER_CONFIG_FILE_NAME)" - ''; - meta = with lib; { changelog = "https://marketplace.visualstudio.com/items/Equinusocio.vsc-material-theme/changelog"; description = "Most epic theme now for Visual Studio Code"; downloadPage = "https://marketplace.visualstudio.com/items?itemName=Equinusocio.vsc-material-theme"; - homepage = "https://github.com/material-theme/vsc-material-theme"; - license = licenses.asl20; + homepage = "https://www.material-theme.dev/"; + license = licenses.unfree; maintainers = with maintainers; [ stunkymonkey ]; }; } diff --git a/pkgs/applications/misc/slweb/default.nix b/pkgs/applications/misc/slweb/default.nix deleted file mode 100644 index f71a0d61c2a5..000000000000 --- a/pkgs/applications/misc/slweb/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib -, stdenv -, fetchFromSourcehut -, redo-apenwarr -, testers -}: - -stdenv.mkDerivation (finalAttrs: { - pname = "slweb"; - version = "0.9.0"; - - src = fetchFromSourcehut { - owner = "~strahinja"; - repo = "slweb"; - rev = "v${finalAttrs.version}"; - hash = "sha256-QDHcp5pCmapgOlJpDDyyC12JOfh/biDyF6O+iKGbOGg="; - }; - - nativeBuildInputs = [ redo-apenwarr ]; - - installPhase = '' - runHook preInstall - export FALLBACKVER=${finalAttrs.version} - PREFIX=$out redo install - runHook postInstall - ''; - - enableParallelBuilding = true; - - passthru.tests.version = testers.testVersion { - package = finalAttrs.finalPackage; - }; - - meta = with lib; { - description = "Static website generator which aims at being simplistic"; - homepage = "https://strahinja.srht.site/slweb/"; - license = licenses.gpl3Plus; - platforms = platforms.linux; - maintainers = with maintainers; [ GaetanLepage ]; - mainProgram = "slweb"; - }; -}) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix index f1c25264abca..0582866e48b1 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix @@ -1,11 +1,11 @@ { stable = { chromedriver = { - hash_darwin = "sha256-m5kuSeaK4v8GtjlqJOP3isN/o+9uOxPuSEegi0nYaOM="; + hash_darwin = "sha256-cWY8P3D+PrIlbEdMYPp+4cFQZfOLbGeebC1Glg53Sx4="; hash_darwin_aarch64 = - "sha256-9WQH8Z7v3PtFKHA6bsrXgCJDWevh1YPjPyDp7M/xhlI="; - hash_linux = "sha256-dp060EKhFI4aRTBGLB8PyqeOj25Ov5Bd29KyESUDcwQ="; - version = "129.0.6668.70"; + "sha256-Tu11SCTlB+8/ao0uS7AbknB5WuvN+cw/gHiyL6xKH1o="; + hash_linux = "sha256-Da+xaXNNP8eRccq87LBxMb+2oXJ4WRGLdWoCAhG2yAQ="; + version = "129.0.6668.89"; }; deps = { gn = { @@ -15,8 +15,8 @@ version = "2024-08-19"; }; }; - hash = "sha256-L9h9jbwEMcUi/cu7FP2O/6wD0Br/3SzWCazu7m9ua+o="; - version = "129.0.6668.70"; + hash = "sha256-+n9LjRLFvVB/pYkSrRCxln/Xn2paFyoY+mJGD73NtII="; + version = "129.0.6668.89"; }; ungoogled-chromium = { deps = { diff --git a/pkgs/applications/networking/cluster/arkade/default.nix b/pkgs/applications/networking/cluster/arkade/default.nix index a484da72b6fb..2d9e23b7cc99 100644 --- a/pkgs/applications/networking/cluster/arkade/default.nix +++ b/pkgs/applications/networking/cluster/arkade/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "arkade"; - version = "0.11.26"; + version = "0.11.27"; src = fetchFromGitHub { owner = "alexellis"; repo = "arkade"; rev = version; - hash = "sha256-p3rLQQwuJ/5AUzsQfGA9JSoifYaG4vAE2NaNfTf6/uk="; + hash = "sha256-5/QAtaAAiIzpvOl43A4OqnIcKlfdxehGjmCREFRKXTs="; }; CGO_ENABLED = 0; diff --git a/pkgs/applications/networking/cluster/opentofu/default.nix b/pkgs/applications/networking/cluster/opentofu/default.nix index d37167b37c60..3619742d8a90 100644 --- a/pkgs/applications/networking/cluster/opentofu/default.nix +++ b/pkgs/applications/networking/cluster/opentofu/default.nix @@ -14,13 +14,13 @@ let package = buildGoModule rec { pname = "opentofu"; - version = "1.8.2"; + version = "1.8.3"; src = fetchFromGitHub { owner = "opentofu"; repo = "opentofu"; rev = "v${version}"; - hash = "sha256-kBI3Jgi4fDOx5bknTMlcI2K3LxKj6Q4dunbG9N33Ps0="; + hash = "sha256-+1ctvUz1Prhon+w5fGO+IQCYl7uEMZwAYMfQut7fmO4="; }; vendorHash = "sha256-cM2DSP2ss3vleUhPBIdyxKeWJxtHpdjL5b5HVS/iC6o="; diff --git a/pkgs/applications/networking/cluster/tf-summarize/default.nix b/pkgs/applications/networking/cluster/tf-summarize/default.nix index 09c6ee5ae0d7..9912edb0acdf 100644 --- a/pkgs/applications/networking/cluster/tf-summarize/default.nix +++ b/pkgs/applications/networking/cluster/tf-summarize/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "tf-summarize"; - version = "0.3.10"; + version = "0.3.11"; src = fetchFromGitHub { owner = "dineshba"; repo = "tf-summarize"; rev = "v${version}"; - hash = "sha256-OmGJgy36Jv7/kyGg2y1cNS1r6n1C/plfC0s6q08Wox4="; + hash = "sha256-HXmFxbYfzEp6hxdmvNcSI+8zM3wh7pVpFjquwP/t4PU="; }; vendorHash = "sha256-nfontEgMj2qPbrM35iR7b65qrkWHCMY1v944iYdNLG8="; diff --git a/pkgs/applications/networking/cluster/zarf/default.nix b/pkgs/applications/networking/cluster/zarf/default.nix index 5f030b872f69..ffc69b514713 100644 --- a/pkgs/applications/networking/cluster/zarf/default.nix +++ b/pkgs/applications/networking/cluster/zarf/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "zarf"; - version = "0.39.0"; + version = "0.40.1"; src = fetchFromGitHub { owner = "defenseunicorns"; repo = "zarf"; rev = "v${version}"; - hash = "sha256-ATC+eoM3B21iG/ih31vlxBjnJ6zwmuxOLiw4nHKTp4o="; + hash = "sha256-tSMaDb8lflkedDa5ICXthqMpWBkHg+UQ20aTrF4+hUQ="; }; vendorHash = "sha256-7G+gROPw8Ab6iGMr7vnmC7jAm7jLPd5pbLOkKqDKIDc="; diff --git a/pkgs/applications/science/logic/btor2tools/default.nix b/pkgs/applications/science/logic/btor2tools/default.nix index 2b547eeb9221..19bb53fb766b 100644 --- a/pkgs/applications/science/logic/btor2tools/default.nix +++ b/pkgs/applications/science/logic/btor2tools/default.nix @@ -21,11 +21,24 @@ stdenv.mkDerivation rec { cp -v lib/libbtor2parser.* $lib/lib ''; + doInstallCheck = true; + + installCheckPhase = '' + runHook preInstallCheck + + # make sure shared libraries are present and program can be executed + $out/bin/btorsim -h > /dev/null + + runHook postInstallCheck + ''; + outputs = [ "out" "dev" "lib" ]; cmakeFlags = [ # RPATH of binary /nix/store/.../bin/btorsim contains a forbidden reference to /build/ "-DCMAKE_SKIP_BUILD_RPATH=ON" + ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ + "-DCMAKE_BUILD_WITH_INSTALL_NAME_DIR=ON" ]; meta = with lib; { diff --git a/pkgs/applications/version-management/git-town/default.nix b/pkgs/applications/version-management/git-town/default.nix index 9f70f7594472..00d2722bcdbe 100644 --- a/pkgs/applications/version-management/git-town/default.nix +++ b/pkgs/applications/version-management/git-town/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "git-town"; - version = "16.2.1"; + version = "16.3.0"; src = fetchFromGitHub { owner = "git-town"; repo = "git-town"; rev = "v${version}"; - hash = "sha256-/60n/JvT7XRfEVic6Jmi05WpsAy4mRsE/GAnetTMC1I="; + hash = "sha256-q4bRUz6ZI6y0AYEDMUBMN1YJxmHkIDDkUiMd4rQbDHk="; }; vendorHash = null; diff --git a/pkgs/applications/version-management/gql/default.nix b/pkgs/applications/version-management/gql/default.nix index d92e38f13f78..4e8cfbfd43fc 100644 --- a/pkgs/applications/version-management/gql/default.nix +++ b/pkgs/applications/version-management/gql/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "gql"; - version = "0.27.0"; + version = "0.28.0"; src = fetchFromGitHub { owner = "AmrDeveloper"; repo = "GQL"; rev = version; - hash = "sha256-/cL/Ts5RbClGqs5D93RTC7A5fr6Ca1c1sNbVZE4zK+E="; + hash = "sha256-BA94Q8nRf4NptVBHSMYLMEklB9vHaXRU1+o7shXhkZQ="; }; - cargoHash = "sha256-o9eTOauQF5sf8UPyG0os2NQLsNkAIUOGhmMsZo6Kncw="; + cargoHash = "sha256-L+o0ZhTI7x01DpGuhWrvzvSZDYHc++31svWTJ41qx90="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/applications/video/kodi/addons/iagl/default.nix b/pkgs/applications/video/kodi/addons/iagl/default.nix index 1665a613bc08..90698a10cf9f 100644 --- a/pkgs/applications/video/kodi/addons/iagl/default.nix +++ b/pkgs/applications/video/kodi/addons/iagl/default.nix @@ -1,4 +1,4 @@ -{ lib, buildKodiAddon, fetchFromGitHub, dateutil, requests, routing, vfs-libarchive, archive_tool, youtube }: +{ lib, buildKodiAddon, fetchFromGitHub, dateutil, requests, routing, vfs-libarchive, archive_tool, youtube, infotagger }: buildKodiAddon rec { pname = "iagl"; @@ -19,6 +19,7 @@ buildKodiAddon rec { vfs-libarchive archive_tool youtube + infotagger ]; meta = with lib; { diff --git a/pkgs/applications/video/kodi/addons/radioparadise/default.nix b/pkgs/applications/video/kodi/addons/radioparadise/default.nix index 45e0e845acb7..9d18cfb6a60a 100644 --- a/pkgs/applications/video/kodi/addons/radioparadise/default.nix +++ b/pkgs/applications/video/kodi/addons/radioparadise/default.nix @@ -3,11 +3,11 @@ buildKodiAddon rec { pname = "radioparadise"; namespace = "script.radioparadise"; - version = "2.0.0"; + version = "2.0.1"; src = fetchzip { url = "https://mirrors.kodi.tv/addons/${lib.toLower rel}/script.radioparadise/script.radioparadise-${version}.zip"; - sha256 = "sha256-eRCP0XMQHmyDrZ8Y6RGFfxQ1r26/bWbE/PJz4PET7D8="; + sha256 = "sha256-osQoOFr1vyTgZdlq1gNmhhDY37e+4SFqN3uX3yT8NQE="; }; propagatedBuildInputs = [ diff --git a/pkgs/applications/video/kodi/addons/youtube/default.nix b/pkgs/applications/video/kodi/addons/youtube/default.nix index 8c007ec4b83e..faa623f37e29 100644 --- a/pkgs/applications/video/kodi/addons/youtube/default.nix +++ b/pkgs/applications/video/kodi/addons/youtube/default.nix @@ -3,13 +3,13 @@ buildKodiAddon rec { pname = "youtube"; namespace = "plugin.video.youtube"; - version = "7.0.9.2"; + version = "7.1.0"; src = fetchFromGitHub { owner = "anxdpanic"; repo = "plugin.video.youtube"; rev = "v${version}"; - hash = "sha256-42BBvXIrPAAhNgrGyPTK5dgg2DACPTT6/jRUoYcihFA="; + hash = "sha256-I3dSGcPQVVhn4RO8CHtn3FG2dheSv4XiDO7w+MtTjRU="; }; propagatedBuildInputs = [ diff --git a/pkgs/by-name/ai/aiken/package.nix b/pkgs/by-name/ai/aiken/package.nix index 61c66fda313a..272adcfb401e 100644 --- a/pkgs/by-name/ai/aiken/package.nix +++ b/pkgs/by-name/ai/aiken/package.nix @@ -10,16 +10,16 @@ rustPlatform.buildRustPackage rec { pname = "aiken"; - version = "1.1.3"; + version = "1.1.4"; src = fetchFromGitHub { owner = "aiken-lang"; repo = "aiken"; rev = "v${version}"; - hash = "sha256-n373MgPjJzP+yRSQLA07RijFBjbRItK/nX8k7SJ6ITE="; + hash = "sha256-PTC7qn8Z1PGcBTNK5MtMvThIEhmAqTj23B/cHHhiDFE="; }; - cargoHash = "sha256-gQ7DfYyVF6Gk8N+spBd97BWxTwydq+lDbnCsVPPzWLU="; + cargoHash = "sha256-p//1TZJ6sJUUDPPpxRBKL7w7MBTUQppbQedj2x4T17w="; buildInputs = [ openssl ] diff --git a/pkgs/by-name/ar/arcan/package.nix b/pkgs/by-name/ar/arcan/package.nix index b31d642c703e..5259b5560cfb 100644 --- a/pkgs/by-name/ar/arcan/package.nix +++ b/pkgs/by-name/ar/arcan/package.nix @@ -2,6 +2,7 @@ lib, SDL2, callPackage, + fetchpatch2, cmake, espeak-ng, ffmpeg, @@ -60,6 +61,14 @@ stdenv.mkDerivation (finalAttrs: { inherit (sources.letoram-arcan) pname version src; + patches = [ + # (encode) remove deprecated use of pts/channel-layout + (fetchpatch2 { + url = "https://github.com/letoram/arcan/commit/e717c1b5833bdc2dea7dc6f64eeaf39c683ebd26.patch?full_index=1"; + hash = "sha256-nUmOWfphGtGiLehUa78EJWqTlD7SvqJgl8lnn90vTFU="; + }) + ]; + nativeBuildInputs = [ cmake makeWrapper diff --git a/pkgs/by-name/ar/arcan/sources.nix b/pkgs/by-name/ar/arcan/sources.nix index 6701021eb6b4..01f800a4aa4b 100644 --- a/pkgs/by-name/ar/arcan/sources.nix +++ b/pkgs/by-name/ar/arcan/sources.nix @@ -6,13 +6,13 @@ letoram-arcan = let self = { pname = "arcan"; - version = "0.6.3"; + version = "0.6.3.3"; src = fetchFromGitHub { owner = "letoram"; repo = "arcan"; rev = self.version; - hash = "sha256-ZSKOkNrFa2QgmXmmXnLkB1pehmVJbEFVeNs43Z2DSKo="; + hash = "sha256-YH3VGU3gSR5gqHnAlA2vrzU8vasKd0hOpc+2ludnV+Y="; }; }; in diff --git a/pkgs/by-name/cp/cpuinfo/package.nix b/pkgs/by-name/cp/cpuinfo/package.nix index 9eca8f7f7022..8989bf8e1689 100644 --- a/pkgs/by-name/cp/cpuinfo/package.nix +++ b/pkgs/by-name/cp/cpuinfo/package.nix @@ -10,13 +10,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "cpuinfo"; - version = "0-unstable-2024-09-11"; + version = "0-unstable-2024-09-26"; src = fetchFromGitHub { owner = "pytorch"; repo = "cpuinfo"; - rev = "a5ff6df40ce528721cfc310c7ed43946d77404d5"; - hash = "sha256-JbIEQ6jFprbMpeH8IBhuRo3VXxo8a32lmT4yfxSIEj0="; + rev = "1e83a2fdd3102f65c6f1fb602c1b320486218a99"; + hash = "sha256-28cFACca+NYE8oKlP5aWXNCLeEjhWqJ6gRnFI+VxDvg="; }; passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch" ]; }; diff --git a/pkgs/by-name/go/google-chrome/package.nix b/pkgs/by-name/go/google-chrome/package.nix index 4698f9c9a416..d0fa310bcfa1 100644 --- a/pkgs/by-name/go/google-chrome/package.nix +++ b/pkgs/by-name/go/google-chrome/package.nix @@ -44,6 +44,7 @@ nss, pango, pipewire, + vulkan-loader, wayland, # ozone/wayland # Command line programs @@ -152,6 +153,7 @@ let speechd-minimal systemd util-linux + vulkan-loader wayland wget ] @@ -164,11 +166,11 @@ let linux = stdenv.mkDerivation (finalAttrs: { inherit pname meta passthru; - version = "129.0.6668.58"; + version = "129.0.6668.89"; src = fetchurl { url = "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${finalAttrs.version}-1_amd64.deb"; - hash = "sha256-lFYGwpdicvp+E4S+sw4+3uFQSwGKvhyFenBZMVgVnMo="; + hash = "sha256-7siTsIW29x4XZ+Zut9b5BFSTtc5tuhxusxnkJPouG1w="; }; # With strictDeps on, some shebangs were not being patched correctly @@ -209,9 +211,12 @@ let exe=$out/bin/google-chrome-$dist mkdir -p $out/bin $out/share + cp -v -a opt/* $out/share + cp -v -a usr/share/* $out/share - cp -a opt/* $out/share - cp -a usr/share/* $out/share + # replace bundled vulkan-loader + rm -v $out/share/google/$appname/libvulkan.so.1 + ln -v -s -t "$out/share/google/$appname" "${lib.getLib vulkan-loader}/lib/libvulkan.so.1" substituteInPlace $out/share/google/$appname/google-$appname \ --replace-fail 'CHROME_WRAPPER' 'WRAPPER' @@ -247,6 +252,9 @@ let --add-flags "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" \ --add-flags ${lib.escapeShellArg commandLineArgs} + # Make sure that libGL and libvulkan are found by ANGLE libGLESv2.so + patchelf --set-rpath $rpath $out/share/google/$appname/lib*GL* + for elf in $out/share/google/$appname/{chrome,chrome-sandbox,chrome_crashpad_handler}; do patchelf --set-rpath $rpath $elf patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $elf @@ -258,11 +266,11 @@ let darwin = stdenvNoCC.mkDerivation (finalAttrs: { inherit pname meta passthru; - version = "129.0.6668.59"; + version = "129.0.6668.90"; src = fetchurl { - url = "http://dl.google.com/release2/chrome/acinjqjzbtmzhvrebvzymzvzfaoq_129.0.6668.59/GoogleChrome-129.0.6668.59.dmg"; - hash = "sha256-02J3TpcAsCvsB71C8/bfgIxiqcGIxjKiTWR32On66+g="; + url = "http://dl.google.com/release2/chrome/n4gcpoygckhm4y53qwq7lkpnqu_129.0.6668.90/GoogleChrome-129.0.6668.90.dmg"; + hash = "sha256-viQSX8ogY5ywPqgVmMToHdZysxLuC8U78UJ9fIUrGCs="; }; dontPatch = true; diff --git a/pkgs/by-name/hu/hugo/package.nix b/pkgs/by-name/hu/hugo/package.nix index 11e9680d17d9..ffc22665098e 100644 --- a/pkgs/by-name/hu/hugo/package.nix +++ b/pkgs/by-name/hu/hugo/package.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "hugo"; - version = "0.134.3"; + version = "0.135.0"; src = fetchFromGitHub { owner = "gohugoio"; repo = "hugo"; rev = "refs/tags/v${version}"; - hash = "sha256-rdXiuFWMB+cTK5mhtpabWq8Uf9ihDnkHNG1JnD3rLKE="; + hash = "sha256-WCWaEVD2HON6feOev9HBfpqBWYIFmfevu6LH0OMtv2Q="; }; - vendorHash = "sha256-oDa5uWQ/vFSmTNwZ3zsYtsuLCzddV9DeaEGx5krwWRE="; + vendorHash = "sha256-XIFgmT0VyhRrUNfwy85Ac7YIO9fij0KqVmqb/s3IDVg="; doCheck = false; diff --git a/pkgs/by-name/lo/logiops/package.nix b/pkgs/by-name/lo/logiops/package.nix index 283f09eae41a..3ffaf371d4bf 100644 --- a/pkgs/by-name/lo/logiops/package.nix +++ b/pkgs/by-name/lo/logiops/package.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation (oldAttrs: { pname = "logiops"; - version = "0.3.4"; + version = "0.3.5"; src = fetchFromGitHub { owner = "PixlOne"; repo = "logiops"; rev = "v${oldAttrs.version}"; - hash = "sha256-IL7jQA3lGhxVLYCFRgeXdadaBlQr+Op9cedHBlLUCWY="; + hash = "sha256-GAnlPqjIFGyOWwYFs7gth2m9ITc1jyiaW0sWwQ2zFOs="; # In v0.3.0, the `ipcgull` submodule was added as a dependency # https://github.com/PixlOne/logiops/releases/tag/v0.3.0 fetchSubmodules = true; diff --git a/pkgs/by-name/lx/lxgw-wenkai-tc/package.nix b/pkgs/by-name/lx/lxgw-wenkai-tc/package.nix index fc8bb799930f..113d1c17b933 100644 --- a/pkgs/by-name/lx/lxgw-wenkai-tc/package.nix +++ b/pkgs/by-name/lx/lxgw-wenkai-tc/package.nix @@ -5,10 +5,10 @@ stdenvNoCC.mkDerivation rec { pname = "lxgw-wenkai-tc"; - version = "1.330"; + version = "1.500"; src = fetchurl { url = "https://github.com/lxgw/LxgwWenKaiTC/releases/download/v${version}/lxgw-wenkai-tc-v${version}.tar.gz"; - hash = "sha256-qpX5shH1HbGMa287u/R1rMFgQeAUC0wwKFVD+QSTyho="; + hash = "sha256-GuGIRgBQTmlKmarEVFmZ2RgYtlw6mz3nfFdWbjlm934="; }; installPhase = '' diff --git a/pkgs/by-name/nz/nzbhydra2/package.nix b/pkgs/by-name/nz/nzbhydra2/package.nix index 46eec0465ebd..db143bf1a513 100644 --- a/pkgs/by-name/nz/nzbhydra2/package.nix +++ b/pkgs/by-name/nz/nzbhydra2/package.nix @@ -10,11 +10,11 @@ }: stdenv.mkDerivation rec { pname = "nzbhydra2"; - version = "7.6.0"; + version = "7.7.0"; src = fetchzip { url = "https://github.com/theotherp/nzbhydra2/releases/download/v${version}/nzbhydra2-${version}-generic.zip"; - hash = "sha256-EMp7bR3VCFWgg32ddUzAIEVINIeGXq8qBiIp3G/YI0I="; + hash = "sha256-8Q/aTMwHFy7OG+VyoSRYlXp4l247nUSPP0YCMkv9Cec="; stripRoot = false; }; diff --git a/pkgs/by-name/pi/pietrasanta-traceroute/package.nix b/pkgs/by-name/pi/pietrasanta-traceroute/package.nix index 2c2b824f8616..78ec9b537289 100644 --- a/pkgs/by-name/pi/pietrasanta-traceroute/package.nix +++ b/pkgs/by-name/pi/pietrasanta-traceroute/package.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "pietrasanta-traceroute"; - version = "0.0.5-unstable-2024-06-11"; + version = "0.0.5-unstable-2024-09-06"; src = fetchFromGitHub { owner = "catchpoint"; repo = "Networking.traceroute"; - rev = "5b9f9cd2cbd5b8d90442d4ddb71ab788297e2153"; - hash = "sha256-/WsBh42brVCRP31LnCPS34kRaQKMvP+XEENyD5MjCfw="; + rev = "e4a5cf94dccd646e03b9b75a762e9b014e3a3128"; + hash = "sha256-5FbuITewgSh6UFUU1vttkokk8uZ2IrzkDwsCuWJPKlM="; }; passthru.updateScript = unstableGitUpdater { }; diff --git a/pkgs/by-name/pr/proto/package.nix b/pkgs/by-name/pr/proto/package.nix index ef25d0a3eba9..04618f14d5e9 100644 --- a/pkgs/by-name/pr/proto/package.nix +++ b/pkgs/by-name/pr/proto/package.nix @@ -10,16 +10,16 @@ rustPlatform.buildRustPackage rec { pname = "proto"; - version = "0.41.1"; + version = "0.41.3"; src = fetchFromGitHub { owner = "moonrepo"; repo = "proto"; rev = "v${version}"; - hash = "sha256-IQKFQvWEPB5yssvdHl6gGmgxkbXzpRhU6hqaTLsQizE="; + hash = "sha256-FkuHKfrMH+l/k9lfFhbG619KoDIxmEYwoaniHSPF8hQ="; }; - cargoHash = "sha256-SvdfTiyJhJ4w9aBiElh9zgug8hNwiX7xUjtYFjykJqc="; + cargoHash = "sha256-vll9ckegcECmzoOkTCe2q2M1r4s5JlUnv2DtzJEQ7bY="; buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.SystemConfiguration diff --git a/pkgs/by-name/pr/proton-ge-bin/package.nix b/pkgs/by-name/pr/proton-ge-bin/package.nix index 3541b7466af2..81262e2cf051 100644 --- a/pkgs/by-name/pr/proton-ge-bin/package.nix +++ b/pkgs/by-name/pr/proton-ge-bin/package.nix @@ -6,11 +6,11 @@ }: stdenvNoCC.mkDerivation (finalAttrs: { pname = "proton-ge-bin"; - version = "GE-Proton9-13"; + version = "GE-Proton9-15"; src = fetchzip { url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/${finalAttrs.version}/${finalAttrs.version}.tar.gz"; - hash = "sha256-/KaFYCLvojxH3coiJaArXMPIIwW5qzK+I0bGyt7oBNY="; + hash = "sha256-WeqntQxez6XPRZxpPNUAQ8/7sw6TzOKU1yrtPHmQNh0="; }; outputs = [ diff --git a/pkgs/by-name/se/sendme/package.nix b/pkgs/by-name/se/sendme/package.nix index ea5d670af8a2..f277c2a007c3 100644 --- a/pkgs/by-name/se/sendme/package.nix +++ b/pkgs/by-name/se/sendme/package.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "sendme"; - version = "0.16.0"; + version = "0.17.0"; src = fetchFromGitHub { owner = "n0-computer"; repo = pname; rev = "v${version}"; - hash = "sha256-nDYsNaR3NQ6ut6gtHwEoiwhj4B4Bac5+NOOq3H2NCYY="; + hash = "sha256-YnabQ8YHDsFYu5RX3E2NvPARsl+qn4688q9KxZ5Fegc="; }; - cargoHash = "sha256-U2/GUpWtpTX+RCBojh3N6DsWB0gjFkH1mGA+AS+fH+o="; + cargoHash = "sha256-yD40QKceLjtq80K6I98bT27sCAkCnkRkfE3m4eGjueU="; buildInputs = lib.optionals stdenv.hostPlatform.isDarwin ( with darwin.apple_sdk.frameworks; [ diff --git a/pkgs/by-name/sl/slweb/package.nix b/pkgs/by-name/sl/slweb/package.nix new file mode 100644 index 000000000000..ceabcd001d1b --- /dev/null +++ b/pkgs/by-name/sl/slweb/package.nix @@ -0,0 +1,41 @@ +{ + lib, + stdenv, + fetchFromSourcehut, + versionCheckHook, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "slweb"; + version = "0.10.1"; + + src = fetchFromSourcehut { + owner = "~strahinja"; + repo = "slweb"; + rev = "v${finalAttrs.version}"; + hash = "sha256-AJg8qgbNUKizU0uyTnq9EviIXOUuaGvQowLAyTWhGTY="; + }; + + postPatch = '' + substituteInPlace config.mk \ + --replace-fail "/usr/local" "$out" + ''; + + env = { + FALLBACKVER = finalAttrs.version; + }; + + nativeInstallCheckInputs = [ + versionCheckHook + ]; + doInstallCheck = true; + + meta = { + description = "Static website generator which aims at being simplistic"; + homepage = "https://strahinja.srht.site/slweb/"; + license = lib.licenses.gpl3Plus; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ GaetanLepage ]; + mainProgram = "slweb"; + }; +}) diff --git a/pkgs/by-name/te/tex-fmt/package.nix b/pkgs/by-name/te/tex-fmt/package.nix index 13a7195668d1..2a13821d7297 100644 --- a/pkgs/by-name/te/tex-fmt/package.nix +++ b/pkgs/by-name/te/tex-fmt/package.nix @@ -6,16 +6,16 @@ rustPlatform.buildRustPackage rec { pname = "tex-fmt"; - version = "0.4.3"; + version = "0.4.4"; src = fetchFromGitHub { owner = "WGUNDERWOOD"; repo = "tex-fmt"; rev = "refs/tags/v${version}"; - hash = "sha256-Atq/eyvdAuaUEeYDIC5D9icD44mcvuhsyuctYAPrBSU="; + hash = "sha256-o8TlD0qxz/0sS45tnBNXYNDzp+VAhH3Ym1odSleD/uw="; }; - cargoHash = "sha256-ShF2Z5Od/pgsNRM6WmxxFeE67pYZin1q4RR6nVmbrsA="; + cargoHash = "sha256-N3kCeBisjeOAG45QPQhplGRAvj5kebEX4U9pisM/GUQ="; meta = { description = "LaTeX formatter written in Rust"; diff --git a/pkgs/by-name/wa/waagent/package.nix b/pkgs/by-name/wa/waagent/package.nix index f313cb68ea70..0f643690921f 100644 --- a/pkgs/by-name/wa/waagent/package.nix +++ b/pkgs/by-name/wa/waagent/package.nix @@ -13,12 +13,12 @@ let in python.pkgs.buildPythonApplication rec { pname = "waagent"; - version = "2.11.1.4"; + version = "2.11.1.12"; src = fetchFromGitHub { owner = "Azure"; repo = "WALinuxAgent"; rev = "refs/tags/v${version}"; - hash = "sha256-5V9js9gGkIsdGYrQQK/V6tPfL9lh2Cht4llOKBVTyOM="; + hash = "sha256-1MaPjz9hWb/kJxuyJAUWPk065vpSyx2jq1ZSlDB4yFo="; }; patches = [ # Suppress the following error when waagent tries to configure sshd: diff --git a/pkgs/by-name/wl/wlink/package.nix b/pkgs/by-name/wl/wlink/package.nix new file mode 100644 index 000000000000..2b8e2c4a377f --- /dev/null +++ b/pkgs/by-name/wl/wlink/package.nix @@ -0,0 +1,52 @@ +{ + stdenv, + lib, + rustPlatform, + fetchCrate, + pkg-config, + libusb1, + udev, + nix-update-script, + testers, + wlink, +}: + +rustPlatform.buildRustPackage rec { + pname = "wlink"; + version = "0.0.9"; + + src = fetchCrate { + inherit pname version; + hash = "sha256-Jr494jsw9nStU88j1rHc3gyQR1jcMfDIyQ2u0SwkXt0="; + }; + + cargoHash = "sha256-rPiSEfRFESYxFOat92oMUABvmz0idZu/I1S7I3g5BgY="; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ + libusb1 + udev + ]; + + passthru = { + updateScript = nix-update-script { }; + tests.version = testers.testVersion { + package = wlink; + }; + }; + + meta = with lib; { + description = "WCH-Link flash tool for WCH's RISC-V MCUs(CH32V, CH56X, CH57X, CH58X, CH59X, CH32L103, CH32X035, CH641, CH643)"; + homepage = "https://github.com/ch32-rs/wlink"; + changelog = "https://github.com/ch32-rs/wlink/releases/tag/v${version}"; + license = with licenses; [ + mit # or + asl20 + ]; + platforms = with platforms; linux ++ darwin ++ windows; + broken = !stdenv.hostPlatform.isLinux; + maintainers = with maintainers; [ jwillikers ]; + mainProgram = "wlink"; + }; +} diff --git a/pkgs/development/libraries/mesa/common.nix b/pkgs/development/libraries/mesa/common.nix index 70c72ce58d0d..0261d4839054 100644 --- a/pkgs/development/libraries/mesa/common.nix +++ b/pkgs/development/libraries/mesa/common.nix @@ -5,14 +5,14 @@ # nix build .#legacyPackages.x86_64-darwin.mesa .#legacyPackages.aarch64-darwin.mesa rec { pname = "mesa"; - version = "24.2.3"; + version = "24.2.4"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "mesa"; repo = "mesa"; rev = "mesa-${version}"; - hash = "sha256-DcDeqOd5U/jgTRWpCsNNsPT9UJ9wAJJEGjFVz1gKAUY="; + hash = "sha256-pgyvgMHImWO+b4vpCCe4+zOI98XCqcG8NRWpIcImGUk="; }; meta = { diff --git a/pkgs/development/python-modules/aiohttp-basicauth/default.nix b/pkgs/development/python-modules/aiohttp-basicauth/default.nix index ee3e5483a1e4..eede039d4854 100644 --- a/pkgs/development/python-modules/aiohttp-basicauth/default.nix +++ b/pkgs/development/python-modules/aiohttp-basicauth/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "aiohttp-basicauth"; - version = "1.0.0"; + version = "1.1.0"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -18,8 +18,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "romis2012"; repo = "aiohttp-basicauth"; - rev = "v${version}"; - hash = "sha256-UaRzauHmBHYwXFqRwDn1py79BScqq5j5SWALM4dQBP4="; + rev = "refs/tags/v${version}"; + hash = "sha256-DjwrMlkVVceA5kDzm0c/on0VMOxyMMA3Hu4Y2Tiu0lI="; }; propagatedBuildInputs = [ aiohttp ]; diff --git a/pkgs/development/python-modules/aiomealie/default.nix b/pkgs/development/python-modules/aiomealie/default.nix index e6ea538d2453..ee4ad62a1baf 100644 --- a/pkgs/development/python-modules/aiomealie/default.nix +++ b/pkgs/development/python-modules/aiomealie/default.nix @@ -17,7 +17,7 @@ buildPythonPackage rec { pname = "aiomealie"; - version = "0.9.2"; + version = "0.9.3"; pyproject = true; disabled = pythonOlder "3.11"; @@ -26,7 +26,7 @@ buildPythonPackage rec { owner = "joostlek"; repo = "python-mealie"; rev = "refs/tags/v${version}"; - hash = "sha256-rvizMeV1+tsBQiZl2Am4SjLrFkyhR/SvvLFwOTVP6wI="; + hash = "sha256-FJhmipWE3DE4PRWkEq8/j9iz9HQ7G7J5I9hwjU6e3FA="; }; build-system = [ poetry-core ]; diff --git a/pkgs/development/python-modules/array-api-compat/default.nix b/pkgs/development/python-modules/array-api-compat/default.nix index 6de3c073b43a..258e69f44bda 100644 --- a/pkgs/development/python-modules/array-api-compat/default.nix +++ b/pkgs/development/python-modules/array-api-compat/default.nix @@ -18,14 +18,14 @@ buildPythonPackage rec { pname = "array-api-compat"; - version = "1.8"; + version = "1.9"; pyproject = true; src = fetchFromGitHub { owner = "data-apis"; repo = "array-api-compat"; rev = "refs/tags/${version}"; - hash = "sha256-DZs51yWgeMX7lmzR6jily0S3MRD4AVlk7BP8aU99Zp8="; + hash = "sha256-azd98kJtW8QKizfOr670pyr44BHNkWCO7BMFg3zr23g="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/python-modules/pathos/default.nix b/pkgs/development/python-modules/pathos/default.nix index b548dd3c6f0b..b82f3319426c 100644 --- a/pkgs/development/python-modules/pathos/default.nix +++ b/pkgs/development/python-modules/pathos/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "pathos"; - version = "0.3.2"; + version = "0.3.3"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "uqfoundation"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-b4HCiAvBGkFMxWh2PHC2kZ9G4PsQqVhKeIxLBKj09jU="; + hash = "sha256-J3rwnsn/3DXmChydwNC5yvsdSk1mzvPSnSo21BwkhSE="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pdm-backend/default.nix b/pkgs/development/python-modules/pdm-backend/default.nix index b8bc3fd40902..98c6b451ee6f 100644 --- a/pkgs/development/python-modules/pdm-backend/default.nix +++ b/pkgs/development/python-modules/pdm-backend/default.nix @@ -46,6 +46,7 @@ buildPythonPackage rec { # tests require a configured git identity export HOME=$TMPDIR + git config --global user.name nixbld git config --global user.email nixbld@localhost ''; diff --git a/pkgs/development/python-modules/pychromecast/default.nix b/pkgs/development/python-modules/pychromecast/default.nix index f14248b781b0..df5007d93828 100644 --- a/pkgs/development/python-modules/pychromecast/default.nix +++ b/pkgs/development/python-modules/pychromecast/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "pychromecast"; - version = "14.0.1"; + version = "14.0.2"; pyproject = true; disabled = pythonOlder "3.11"; @@ -20,7 +20,7 @@ buildPythonPackage rec { src = fetchPypi { pname = "PyChromecast"; inherit version; - hash = "sha256-4W4Kf5SIMZGRuLT6IcoL60vxLu2lyb9kAkEYjyvqCj4="; + hash = "sha256-CSxl9CGZG8pWUzi8YaDBSGHEfg9cCmWRml6T8C39Bxo="; }; postPatch = '' diff --git a/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix b/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix index b062ff435606..9ecc23541ce6 100644 --- a/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix +++ b/pkgs/development/python-modules/pysigma-backend-insightidr/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "pysigma-backend-insightidr"; - version = "0.2.3"; + version = "0.2.4"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -19,7 +19,7 @@ buildPythonPackage rec { owner = "SigmaHQ"; repo = "pySigma-backend-insightidr"; rev = "refs/tags/v${version}"; - hash = "sha256-wQMnnJ0KU+53MS3PIBkwIhUiyUdCrDbdUT6upk2Pp/8="; + hash = "sha256-dc25zDYQeU9W9qwrRz7zsM2wOl8kMapDvwFhB6VOwhY="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/tinygrad/default.nix b/pkgs/development/python-modules/tinygrad/default.nix index 92aa341dd6ce..14fd91a1bb12 100644 --- a/pkgs/development/python-modules/tinygrad/default.nix +++ b/pkgs/development/python-modules/tinygrad/default.nix @@ -67,6 +67,11 @@ buildPythonPackage rec { substituteInPlace tinygrad/runtime/autogen/opencl.py \ --replace-fail "ctypes.util.find_library('OpenCL')" "'${ocl-icd}/lib/libOpenCL.so'" '' + # Patch `clang` directly in the source file + + '' + substituteInPlace tinygrad/runtime/ops_clang.py \ + --replace-fail "'clang'" "'${lib.getExe clang}'" + '' + lib.optionalString rocmSupport '' substituteInPlace tinygrad/runtime/autogen/hip.py \ --replace-fail "/opt/rocm/lib/libamdhip64.so" "${rocmPackages.clr}/lib/libamdhip64.so" \ diff --git a/pkgs/development/tools/analysis/ikos/default.nix b/pkgs/development/tools/analysis/ikos/default.nix index e135b4f79a26..f7fb222b4b84 100644 --- a/pkgs/development/tools/analysis/ikos/default.nix +++ b/pkgs/development/tools/analysis/ikos/default.nix @@ -20,13 +20,13 @@ stdenv.mkDerivation rec { pname = "ikos"; - version = "3.3"; + version = "3.4"; src = fetchFromGitHub { owner = "NASA-SW-VnV"; repo = "ikos"; rev = "v${version}"; - hash = "sha256-4/M0fyqvzdr0aBPCUuLiBgqMOrHEmikkIjQMB9KSrdo="; + hash = "sha256-xJuSpQHShggDqLVQaj0a0fEPOWUFIrbGmxazu4FKISs="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/bazelisk/default.nix b/pkgs/development/tools/bazelisk/default.nix index e0faacc5e5d5..1c149e72190c 100644 --- a/pkgs/development/tools/bazelisk/default.nix +++ b/pkgs/development/tools/bazelisk/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "bazelisk"; - version = "1.21.0"; + version = "1.22.0"; src = fetchFromGitHub { owner = "bazelbuild"; repo = pname; rev = "v${version}"; - sha256 = "sha256-p5K0VYPAjorlwJx7GB2r7M/KGUzD3jyOp4dLkw11/tc="; + sha256 = "sha256-KD8lh3N9GFlht+HtcuE3i20noVha0lT21a5pSS3zbTw="; }; - vendorHash = "sha256-wMCJnbu9pKBujTvZ4rvxgJdB7l7Z6vB6eyem35Ghz0Q="; + vendorHash = "sha256-zoiQ69y0EicH9Jq2XYn+fttKHZY64GD4m/Edk+kle9M="; doCheck = false; diff --git a/pkgs/development/tools/heroku/default.nix b/pkgs/development/tools/heroku/default.nix index 638d046aa675..0314c3b90b04 100644 --- a/pkgs/development/tools/heroku/default.nix +++ b/pkgs/development/tools/heroku/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation { pname = "heroku"; - version = "9.2.1"; + version = "9.3.0"; src = fetchzip { - url = "https://cli-assets.heroku.com/versions/9.2.1/6e4f307/heroku-v9.2.1-6e4f307-linux-x64.tar.xz"; - hash = "sha256-9MeZx4LmKyh3DSIz+ZZVY/qpFDqk5oE4P/MIUQPmRb8="; + url = "https://cli-assets.heroku.com/versions/9.3.0/65eb66a/heroku-v9.3.0-65eb66a-linux-x64.tar.xz"; + hash = "sha256-4k/HLSB4o1BnzG7dPW20ejSFYmJ8o9eVrJWCdXrqC/Q="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/tools/language-servers/ccls/default.nix b/pkgs/development/tools/language-servers/ccls/default.nix index 175d2800e4c7..122ebea7c0f3 100644 --- a/pkgs/development/tools/language-servers/ccls/default.nix +++ b/pkgs/development/tools/language-servers/ccls/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "ccls"; - version = "0.20240202"; + version = "0.20240505"; src = fetchFromGitHub { owner = "MaskRay"; repo = "ccls"; rev = version; - sha256 = "sha256-xVx3+cnmIdoA7R1S31EaiPj+DOTqkINoQeMgauW61Ys="; + sha256 = "sha256-YZeP6sHYLNvlf49mvtymxHuH1lmIkqcanpqVMzeLeFQ="; }; nativeBuildInputs = [ cmake llvmPackages.llvm.dev ]; diff --git a/pkgs/development/tools/misc/planus/default.nix b/pkgs/development/tools/misc/planus/default.nix index 22cc165a93a5..b92906e18265 100644 --- a/pkgs/development/tools/misc/planus/default.nix +++ b/pkgs/development/tools/misc/planus/default.nix @@ -7,15 +7,15 @@ rustPlatform.buildRustPackage rec { pname = "planus"; - version = "0.4.0"; + version = "1.0.0"; src = fetchCrate { pname = "planus-cli"; inherit version; - hash = "sha256-KpX4KSA2MjfRS8M0WVYpY4hoSvOOB7MUz7YKZwEGqj8="; + hash = "sha256-HbnuLu1yCpwouDVBH/vcFVLDMZWeqHH6qHFJoTbaS9Y="; }; - cargoHash = "sha256-yT/ZK5GG0rXpiaCQlQclK2iY8BXhhmiW/UDX9aL8wBQ="; + cargoHash = "sha256-AJtQrImQlxnp1RbbOZHAJsvlhm39OlC5WyvD5jybMAY="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/development/tools/opcr-policy/default.nix b/pkgs/development/tools/opcr-policy/default.nix index 4c947f3e1aab..8eb77449342a 100644 --- a/pkgs/development/tools/opcr-policy/default.nix +++ b/pkgs/development/tools/opcr-policy/default.nix @@ -5,15 +5,15 @@ buildGoModule rec { pname = "opcr-policy"; - version = "0.2.18"; + version = "0.2.19"; src = fetchFromGitHub { owner = "opcr-io"; repo = "policy"; rev = "v${version}"; - sha256 = "sha256-Q/2r8mqz820mEQD7o9qzC1TPMrRH0f6nr1jgRQAEj/Y="; + sha256 = "sha256-A5dqKbQhdJlSOU7qxC8xrCCSXK5yGmDsoVWfgWKl2TE="; }; - vendorHash = "sha256-C6Y+R2q1ZRbeFN1qY109fikkzvcUsBfDn4CYCrKrLKI="; + vendorHash = "sha256-ASR8Y/L8ub0w36fO+UpJ5ZpijP+YCLVbRtnhzvMNj9U="; ldflags = [ "-s" "-w" "-X github.com/opcr-io/policy/pkg/version.ver=${version}" ]; diff --git a/pkgs/development/tools/rust/cargo-mutants/default.nix b/pkgs/development/tools/rust/cargo-mutants/default.nix index e5e7fcde55cb..2c415009cdff 100644 --- a/pkgs/development/tools/rust/cargo-mutants/default.nix +++ b/pkgs/development/tools/rust/cargo-mutants/default.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-mutants"; - version = "24.7.1"; + version = "24.9.0"; src = fetchFromGitHub { owner = "sourcefrog"; repo = "cargo-mutants"; rev = "v${version}"; - hash = "sha256-56IIMifv5epThXeWtQbNLwee1IQ52SPKik4hsHlnv6w="; + hash = "sha256-fMw3Whyl+zTPpDTdYpwvzMQtSdr42ueEvkdmRI0N2aA="; }; - cargoHash = "sha256-VRkhDgKunSUOz2/U4oC2t0YrDh5l48z4luevMazfj6o="; + cargoHash = "sha256-+vI/HPw0oe9K0kWpJXGBM0r7oVBh3+RJzSwklaywa54="; buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.SystemConfiguration diff --git a/pkgs/development/tools/rust/cargo-zigbuild/default.nix b/pkgs/development/tools/rust/cargo-zigbuild/default.nix index 3a6a509bda09..d2ef93622786 100644 --- a/pkgs/development/tools/rust/cargo-zigbuild/default.nix +++ b/pkgs/development/tools/rust/cargo-zigbuild/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-zigbuild"; - version = "0.19.2"; + version = "0.19.3"; src = fetchFromGitHub { owner = "messense"; repo = pname; rev = "v${version}"; - hash = "sha256-O3Sg7wVNqTH8uhBSlVpmPNmFv+JC9/tw3G0LcOYUzKc="; + hash = "sha256-fVsYQjv+DjGCWv/dAk8S8GcEtDIdaxb1yXAqCpTm0sQ="; }; - cargoHash = "sha256-C0TpZZ/CJgNx0sB920/0yJW3iY4tPF6M70bveS1Ux24="; + cargoHash = "sha256-R5jv8hFHdhS6MoU5oHleN5B7k2RPX7GhJMwym8kYAYY="; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/servers/misc/gobgpd/default.nix b/pkgs/servers/misc/gobgpd/default.nix index 4f653a50a972..11ffcbcd3b6b 100644 --- a/pkgs/servers/misc/gobgpd/default.nix +++ b/pkgs/servers/misc/gobgpd/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "gobgpd"; - version = "3.29.0"; + version = "3.30.0"; src = fetchFromGitHub { owner = "osrg"; repo = "gobgp"; rev = "refs/tags/v${version}"; - hash = "sha256-mTg3eN5ZmzQxItPq8ghPpFafr6zF+nliofGEKShnH88="; + hash = "sha256-UB3LYXRr6GnqVCRwAxnwqBCkOtor3mC4k73kPesZs0g="; }; - vendorHash = "sha256-wrgRQwisOHAhvRbvGXMW5VWkQuEifCwCo3usuxLie4A="; + vendorHash = "sha256-FYLH1Ej8Bm0+tS5Ikj1CPF+1t5opmzee8iHRZSW94Yk="; postConfigure = '' export CGO_ENABLED=0 diff --git a/pkgs/tools/X11/xpra/default.nix b/pkgs/tools/X11/xpra/default.nix index fe3f4ba0f4fb..cd37f57b369a 100644 --- a/pkgs/tools/X11/xpra/default.nix +++ b/pkgs/tools/X11/xpra/default.nix @@ -1,6 +1,5 @@ { lib , fetchFromGitHub -, substituteAll , pkg-config , runCommand , writeText @@ -38,6 +37,7 @@ , xdg-utils , xorg , xorgserver +, xxHash }: let @@ -70,20 +70,16 @@ let ''; in buildPythonApplication rec { pname = "xpra"; - version = "5.0.9"; + version = "6.1.2"; src = fetchFromGitHub { owner = "Xpra-org"; repo = "xpra"; rev = "v${version}"; - hash = "sha256-gwo5plCAryGC8/BKVEqyMkgB+3FM8HXG6sESomDOtNM="; + hash = "sha256-SmX0zwScyosiidBdW18vP3tV7BJfYfOmXwuRUbb+gX8="; }; patches = [ - (substituteAll { # correct hardcoded paths - src = ./fix-paths.patch; - inherit libfakeXinerama; - }) ./fix-41106.patch # https://github.com/NixOS/nixpkgs/issues/41106 ./fix-122159.patch # https://github.com/NixOS/nixpkgs/issues/122159 ]; @@ -137,6 +133,7 @@ in buildPythonApplication rec { pango x264 x265 + xxHash ] ++ lib.optional withNvenc nvencHeaders; propagatedBuildInputs = with python3.pkgs; ([ diff --git a/pkgs/tools/X11/xpra/fix-122159.patch b/pkgs/tools/X11/xpra/fix-122159.patch index 5fe2ce3892fd..58efa07e790d 100644 --- a/pkgs/tools/X11/xpra/fix-122159.patch +++ b/pkgs/tools/X11/xpra/fix-122159.patch @@ -1,16 +1,18 @@ diff --git a/xpra/scripts/main.py b/xpra/scripts/main.py -index 58c8bf6464..36f4b3cd3d 100755 +index 7806612e05..4c7a0ec2dd 100755 --- a/xpra/scripts/main.py +++ b/xpra/scripts/main.py -@@ -389,11 +389,7 @@ def run_mode(script_file:str, cmdline, error_cb, options, args, mode:str, defaul - "seamless", "desktop", "shadow", "shadow-screen", "expand", - "upgrade", "upgrade-seamless", "upgrade-desktop", - ) and not display_is_remote and use_systemd_run(options.systemd_run): -- #make sure we run via the same interpreter, -- #inject it into the command line if we have to: +@@ -444,13 +444,7 @@ def run_mode(script_file: str, cmdline, error_cb, options, args, full_mode: str, + "seamless", "desktop", "shadow", "shadow-screen", "expand", + "upgrade", "upgrade-seamless", "upgrade-desktop", + ) and not display_is_remote and options.daemon and use_systemd_run(options.systemd_run): +- # make sure we run via the same interpreter, +- # inject it into the command line if we have to: argv = list(cmdline) -- if argv[0].find("python")<0: -- argv.insert(0, "python%i.%i" % (sys.version_info.major, sys.version_info.minor)) - return systemd_run_wrap(mode, argv, options.systemd_run_args, user=getuid()!=0) +- if argv[0].find("python") < 0: +- major, minor = sys.version_info.major, sys.version_info.minor +- python = which("python%i.%i" % (major, minor)) or which("python%i" % major) or which("python") or "python" +- argv.insert(0, python) + return systemd_run_wrap(mode, argv, options.systemd_run_args, user=getuid() != 0) configure_env(options.env) configure_logging(options, mode) diff --git a/pkgs/tools/X11/xpra/fix-41106.patch b/pkgs/tools/X11/xpra/fix-41106.patch index a1a74a01c3fe..84061106323c 100644 --- a/pkgs/tools/X11/xpra/fix-41106.patch +++ b/pkgs/tools/X11/xpra/fix-41106.patch @@ -1,11 +1,11 @@ -diff --git a/xpra/server/server_util.py b/xpra/server/server_util.py -index 2e83712bb8..2dd0bf73d2 100644 ---- a/xpra/server/server_util.py -+++ b/xpra/server/server_util.py -@@ -166,6 +166,10 @@ def xpra_env_shell_script(socket_dir, env : Dict[str,str]) -> str: - return "\n".join(script) +diff --git a/xpra/server/util.py b/xpra/server/util.py +index 401a9fb959..678e2ce745 100644 +--- a/xpra/server/util.py ++++ b/xpra/server/util.py +@@ -175,6 +175,10 @@ def xpra_env_shell_script(socket_dir: str, env: dict[str, str]) -> str: - def xpra_runner_shell_script(xpra_file:str, starting_dir:str) -> str: + + def xpra_runner_shell_script(xpra_file: str, starting_dir: str) -> str: + # Nixpkgs contortion: + # xpra_file points to a shell wrapper, not to the python script. + dirname, basename = os.path.split(xpra_file) diff --git a/pkgs/tools/X11/xpra/fix-paths.patch b/pkgs/tools/X11/xpra/fix-paths.patch deleted file mode 100644 index 43210f4f15d6..000000000000 --- a/pkgs/tools/X11/xpra/fix-paths.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff --git a/xpra/x11/fakeXinerama.py b/xpra/x11/fakeXinerama.py -index a5289e0e43..527cdf90c9 100755 ---- a/xpra/x11/fakeXinerama.py -+++ b/xpra/x11/fakeXinerama.py -@@ -23,31 +23,7 @@ fakeXinerama_config_files = [ - ] - - def find_libfakeXinerama(): -- libname = "fakeXinerama" -- try: -- from ctypes.util import find_library -- flibname = find_library("fakeXinerama") -- if flibname: -- libname = flibname -- except Exception: -- pass -- if POSIX: -- for lib_dir in os.environ.get("LD_LIBRARY_PATH", "/usr/lib").split(os.pathsep): -- lib_path = os.path.join(lib_dir, libname) -- if not os.path.exists(lib_dir): -- continue -- if os.path.exists(lib_path) and os.path.isfile(lib_path): -- return lib_path -- if LINUX: -- try: -- libpath = find_lib_ldconfig("fakeXinerama") -- if libpath: -- return libpath -- except Exception as e: -- log("find_libfakeXinerama()", exc_info=True) -- log.error("Error: cannot launch ldconfig -p to locate libfakeXinerama:") -- log.estr(e) -- return find_lib("libfakeXinerama.so.1") -+ return "@libfakeXinerama@/lib/libfakeXinerama.so.1.0" - - current_xinerama_config = None - diff --git a/pkgs/tools/admin/scalr-cli/default.nix b/pkgs/tools/admin/scalr-cli/default.nix index 6dacaba03e76..4672e5e0bb57 100644 --- a/pkgs/tools/admin/scalr-cli/default.nix +++ b/pkgs/tools/admin/scalr-cli/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "scalr-cli"; - version = "0.15.5"; + version = "0.16.0"; src = fetchFromGitHub { owner = "Scalr"; repo = "scalr-cli"; rev = "v${version}"; - hash = "sha256-RXfUlpwlDNAZRJTbbE+n8mReVyrWxUsWkOGaaALz0Q4="; + hash = "sha256-9osB3bsc8IvH1ishG9uiIUnAwC1yZd0rFhiZdzYucI8="; }; vendorHash = "sha256-0p4f+KKD04IFAUQG8F3b+2sx9suYemt3wbgSNNOOIlk="; diff --git a/pkgs/tools/filesystems/moosefs/default.nix b/pkgs/tools/filesystems/moosefs/default.nix index 92a55f510f2d..ae0c653f0a17 100644 --- a/pkgs/tools/filesystems/moosefs/default.nix +++ b/pkgs/tools/filesystems/moosefs/default.nix @@ -1,11 +1,13 @@ -{ lib, stdenv -, fetchFromGitHub -, python3 -, fuse -, pkg-config -, libpcap -, zlib -, nixosTests +{ + lib, + stdenv, + fetchFromGitHub, + python3, + fuse, + pkg-config, + libpcap, + zlib, + nixosTests, }: stdenv.mkDerivation rec { @@ -23,12 +25,18 @@ stdenv.mkDerivation rec { pkg-config ]; - buildInputs = - [ fuse libpcap zlib python3 ]; + buildInputs = [ + fuse + libpcap + zlib + python3 + ]; strictDeps = true; - buildFlags = lib.optionals stdenv.hostPlatform.isDarwin [ "CPPFLAGS=-UHAVE_STRUCT_STAT_ST_BIRTHTIME" ]; + buildFlags = lib.optionals stdenv.hostPlatform.isDarwin [ + "CPPFLAGS=-UHAVE_STRUCT_STAT_ST_BIRTHTIME" + ]; # Fix the build on macOS with macFUSE installed postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' @@ -48,13 +56,18 @@ stdenv.mkDerivation rec { doCheck = true; - passthru.tests = { inherit (nixosTests) moosefs; }; + passthru.tests = { + inherit (nixosTests) moosefs; + }; - meta = with lib; { + meta = { homepage = "https://moosefs.com"; description = "Open Source, Petabyte, Fault-Tolerant, Highly Performing, Scalable Network Distributed File System"; - platforms = platforms.unix; - license = licenses.gpl2Only; - maintainers = [ maintainers.mfossen ]; + platforms = lib.platforms.unix; + license = lib.licenses.gpl2Only; + maintainers = with lib.maintainers; [ + mfossen + markuskowa + ]; }; } diff --git a/pkgs/tools/networking/gobgp/default.nix b/pkgs/tools/networking/gobgp/default.nix index e4a7bcdc423c..4585e420b437 100644 --- a/pkgs/tools/networking/gobgp/default.nix +++ b/pkgs/tools/networking/gobgp/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gobgp"; - version = "3.29.0"; + version = "3.30.0"; src = fetchFromGitHub { owner = "osrg"; repo = "gobgp"; rev = "v${version}"; - sha256 = "sha256-mTg3eN5ZmzQxItPq8ghPpFafr6zF+nliofGEKShnH88="; + sha256 = "sha256-UB3LYXRr6GnqVCRwAxnwqBCkOtor3mC4k73kPesZs0g="; }; - vendorHash = "sha256-wrgRQwisOHAhvRbvGXMW5VWkQuEifCwCo3usuxLie4A="; + vendorHash = "sha256-FYLH1Ej8Bm0+tS5Ikj1CPF+1t5opmzee8iHRZSW94Yk="; postConfigure = '' export CGO_ENABLED=0 diff --git a/pkgs/tools/networking/pritunl-ssh/default.nix b/pkgs/tools/networking/pritunl-ssh/default.nix index 4cae94e26ece..75440cc5e06c 100644 --- a/pkgs/tools/networking/pritunl-ssh/default.nix +++ b/pkgs/tools/networking/pritunl-ssh/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pritunl-ssh"; - version = "1.0.3219.78"; + version = "1.0.3231.6"; src = fetchFromGitHub { owner = "pritunl"; repo = "pritunl-zero-client"; rev = version; - sha256 = "sha256-ksTfgt1AWs8hgUR9w6aWv5MDXeORgYNWYZgAFUqj++s="; + sha256 = "sha256-kccc8ZDh3S/Ko/MaBd5u0UxMNIbg5dhvRuecJuE3D6c="; }; buildInputs = [ python3 ]; diff --git a/pkgs/tools/security/gowitness/default.nix b/pkgs/tools/security/gowitness/default.nix index d4b893d9f870..57a82168bdb9 100644 --- a/pkgs/tools/security/gowitness/default.nix +++ b/pkgs/tools/security/gowitness/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "gowitness"; - version = "3.0.3"; + version = "3.0.4"; src = fetchFromGitHub { owner = "sensepost"; repo = "gowitness"; rev = "refs/tags/${version}"; - hash = "sha256-yKG4qLjeZThFEMqMnUv4ryvM2e3uH5GLuVP3oa6XHtE="; + hash = "sha256-ygnYqX8il0nDvF5+jd52CypmHH8iiLMlOZWdoTsR0ig="; }; - vendorHash = "sha256-PjbC10Dh3tDF0mP2k4ei6ZSS3ND2wAaB1+Llmj37TR8="; + vendorHash = "sha256-2hG+93LzJ+kUVCOXFGk83Asvn7zLWq2BSqrq+eOJhQ0="; ldflags = [ "-s" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ff76ac4885df..b22d2841d5d0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -30180,8 +30180,6 @@ with pkgs; sleep-on-lan = callPackage ../tools/networking/sleep-on-lan { }; - slweb = callPackage ../applications/misc/slweb { }; - sonixd = callPackage ../applications/audio/sonixd { }; sonobus = callPackage ../applications/audio/sonobus { };