From 64589bcefaa6f0225327525de602f5754781583d Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 7 Jun 2022 14:05:59 +0200 Subject: [PATCH 01/21] nixos/netboot: use `makeInitrdNG` to shrink ramdisk size Previously, `makeInitrd` added the whole closure of the squashfs derivation to initrd. This closure contains the squashfs.img and some store paths which are still referenced by the compressed squashfs.img. These extra store paths are unused in stage 1. With `makeInitrdNG` only the squashfs.img is added to the initrd. (`makeInitrdNG` only resolves shared library references instead of the whole closure). This shrinks the netboot ramdisk by ~6% for a minimal system and significantly decreases the size of the uncompressed root filesystem in stage 1. --- nixos/modules/installer/netboot/netboot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/installer/netboot/netboot.nix b/nixos/modules/installer/netboot/netboot.nix index a459e7304cd4..17247f7125ac 100644 --- a/nixos/modules/installer/netboot/netboot.nix +++ b/nixos/modules/installer/netboot/netboot.nix @@ -81,7 +81,7 @@ with lib; # Create the initrd - system.build.netbootRamdisk = pkgs.makeInitrd { + system.build.netbootRamdisk = pkgs.makeInitrdNG { inherit (config.boot.initrd) compressor; prepend = [ "${config.system.build.initialRamdisk}/initrd" ]; From 66fc10995b501419b584ae56eeffaa475e24b6fe Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 27 Jun 2022 05:00:18 +0200 Subject: [PATCH 02/21] sollya: build on darwin and enable tests --- pkgs/development/interpreters/sollya/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/sollya/default.nix b/pkgs/development/interpreters/sollya/default.nix index 173263ee04d5..78b45daf178d 100644 --- a/pkgs/development/interpreters/sollya/default.nix +++ b/pkgs/development/interpreters/sollya/default.nix @@ -19,11 +19,13 @@ stdenv.mkDerivation rec { buildInputs = [ gmp mpfr mpfi libxml2 fplll ]; + doCheck = true; + meta = with lib; { description = "A tool environment for safe floating-point code development"; homepage = "https://www.sollya.org/"; license = licenses.cecill-c; - platforms = platforms.linux; - maintainers = with maintainers; [ ]; + platforms = platforms.unix; + maintainers = with maintainers; [ wegank ]; }; } From 87cd533a328750587e9545c12e4a81f7af67a8a4 Mon Sep 17 00:00:00 2001 From: T0astBread Date: Wed, 22 Jun 2022 04:03:43 +0200 Subject: [PATCH 03/21] nixos/qemu-vm: allow custom partitions and filesystems in VM Potential use cases for disabling `useDefaultFilesystems` include: - Testing with uncommon filesystem layouts - Testing scenarios where swapping occurs - Testing with LUKS-encrypted disks Closes #177963 --- nixos/modules/virtualisation/qemu-vm.nix | 84 ++++++++++++++---------- 1 file changed, 51 insertions(+), 33 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index f622897aa620..e87f540fd57c 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -684,6 +684,21 @@ in ''; }; + virtualisation.useDefaultFilesystems = + mkOption { + type = types.bool; + default = true; + description = + '' + If enabled, the boot disk of the virtual machine will be + formatted and mounted with the default filesystems for + testing. Swap devices and LUKS will be disabled. + + If disabled, a root filesystem has to be specified and + formatted (for example in the initial ramdisk). + ''; + }; + virtualisation.efiVars = mkOption { type = types.str; @@ -754,13 +769,13 @@ in ); boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}"; - boot.initrd.extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) + boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable) '' # We need mke2fs in the initrd. copy_bin_and_libs ${pkgs.e2fsprogs}/bin/mke2fs ''; - boot.initrd.postDeviceCommands = lib.mkIf (!config.boot.initrd.systemd.enable) + boot.initrd.postDeviceCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable) '' # If the disk image appears to be empty, run mke2fs to # initialise. @@ -930,38 +945,41 @@ in }; in mkVMOverride (cfg.fileSystems // - { + optionalAttrs cfg.useDefaultFilesystems { "/".device = cfg.bootDevice; "/".fsType = "ext4"; "/".autoFormat = true; - - "/tmp" = mkIf config.boot.tmpOnTmpfs - { device = "tmpfs"; - fsType = "tmpfs"; - neededForBoot = true; - # Sync with systemd's tmp.mount; - options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ]; - }; - - "/nix/${if cfg.writableStore then ".ro-store" else "store"}" = - mkIf cfg.useNixStoreImage - { device = "${lookupDriveDeviceName "nix-store" cfg.qemu.drives}"; - neededForBoot = true; - options = [ "ro" ]; - }; - - "/nix/.rw-store" = mkIf (cfg.writableStore && cfg.writableStoreUseTmpfs) - { fsType = "tmpfs"; - options = [ "mode=0755" ]; - neededForBoot = true; - }; - - "/boot" = mkIf cfg.useBootLoader - # see note [Disk layout with `useBootLoader`] - { device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk` - fsType = "vfat"; - noCheck = true; # fsck fails on a r/o filesystem - }; + } // + optionalAttrs config.boot.tmpOnTmpfs { + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + neededForBoot = true; + # Sync with systemd's tmp.mount; + options = [ "mode=1777" "strictatime" "nosuid" "nodev" "size=${toString config.boot.tmpOnTmpfsSize}" ]; + }; + } // + optionalAttrs cfg.useNixStoreImage { + "/nix/${if cfg.writableStore then ".ro-store" else "store"}" = { + device = "${lookupDriveDeviceName "nix-store" cfg.qemu.drives}"; + neededForBoot = true; + options = [ "ro" ]; + }; + } // + optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs) { + "/nix/.rw-store" = { + fsType = "tmpfs"; + options = [ "mode=0755" ]; + neededForBoot = true; + }; + } // + optionalAttrs cfg.useBootLoader { + # see note [Disk layout with `useBootLoader`] + "/boot" = { + device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk` + fsType = "vfat"; + noCheck = true; # fsck fails on a r/o filesystem + }; } // lib.mapAttrs' mkSharedDir cfg.sharedDirectories); boot.initrd.systemd = lib.mkIf (config.boot.initrd.systemd.enable && cfg.writableStore) { @@ -986,8 +1004,8 @@ in }; }; - swapDevices = mkVMOverride [ ]; - boot.initrd.luks.devices = mkVMOverride {}; + swapDevices = (if cfg.useDefaultFilesystems then mkVMOverride else mkDefault) [ ]; + boot.initrd.luks.devices = (if cfg.useDefaultFilesystems then mkVMOverride else mkDefault) {}; # Don't run ntpd in the guest. It should get the correct time from KVM. services.timesyncd.enable = false; From 4c77ffb38fcdb2accf3760966e4e6bc8628316b4 Mon Sep 17 00:00:00 2001 From: T0astBread Date: Wed, 22 Jun 2022 04:10:44 +0200 Subject: [PATCH 04/21] nixos/tests: add non-default-filesystems test --- nixos/tests/all-tests.nix | 1 + nixos/tests/non-default-filesystems.nix | 54 +++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 nixos/tests/non-default-filesystems.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index fa88ad524070..b8df54bcdd2b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -382,6 +382,7 @@ in { nixpkgs = pkgs.callPackage ../modules/misc/nixpkgs/test.nix { inherit evalMinimalConfig; }; node-red = handleTest ./node-red.nix {}; nomad = handleTest ./nomad.nix {}; + non-default-filesystems = handleTest ./non-default-filesystems.nix {}; noto-fonts = handleTest ./noto-fonts.nix {}; novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {}; nsd = handleTest ./nsd.nix {}; diff --git a/nixos/tests/non-default-filesystems.nix b/nixos/tests/non-default-filesystems.nix new file mode 100644 index 000000000000..7fa75aaad724 --- /dev/null +++ b/nixos/tests/non-default-filesystems.nix @@ -0,0 +1,54 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: +{ + name = "non-default-filesystems"; + + nodes.machine = + { config, pkgs, lib, ... }: + let + disk = config.virtualisation.bootDevice; + in + { + virtualisation.useDefaultFilesystems = false; + + boot.initrd.availableKernelModules = [ "btrfs" ]; + boot.supportedFilesystems = [ "btrfs" ]; + + boot.initrd.postDeviceCommands = '' + FSTYPE=$(blkid -o value -s TYPE ${disk} || true) + if test -z "$FSTYPE"; then + modprobe btrfs + ${pkgs.btrfs-progs}/bin/mkfs.btrfs ${disk} + + mkdir /nixos + mount -t btrfs ${disk} /nixos + + ${pkgs.btrfs-progs}/bin/btrfs subvolume create /nixos/root + ${pkgs.btrfs-progs}/bin/btrfs subvolume create /nixos/home + + umount /nixos + fi + ''; + + virtualisation.fileSystems = { + "/" = { + device = disk; + fsType = "btrfs"; + options = [ "subvol=/root" ]; + }; + + "/home" = { + device = disk; + fsType = "btrfs"; + options = [ "subvol=/home" ]; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + + with subtest("BTRFS filesystems are mounted correctly"): + machine.succeed("grep -E '/dev/vda / btrfs rw,relatime,space_cache=v2,subvolid=[0-9]+,subvol=/root 0 0' /proc/mounts") + machine.succeed("grep -E '/dev/vda /home btrfs rw,relatime,space_cache=v2,subvolid=[0-9]+,subvol=/home 0 0' /proc/mounts") + ''; +}) From 5249031660b21610e291272fd2a9ebd172fda812 Mon Sep 17 00:00:00 2001 From: T0astBread Date: Wed, 22 Jun 2022 04:11:23 +0200 Subject: [PATCH 05/21] nixos/tests: add swap-partition test --- nixos/tests/all-tests.nix | 1 + nixos/tests/swap-partition.nix | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 nixos/tests/swap-partition.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index b8df54bcdd2b..62a6864b948a 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -516,6 +516,7 @@ in { step-ca = handleTestOn ["x86_64-linux"] ./step-ca.nix {}; strongswan-swanctl = handleTest ./strongswan-swanctl.nix {}; sudo = handleTest ./sudo.nix {}; + swap-partition = handleTest ./swap-partition.nix {}; sway = handleTest ./sway.nix {}; switchTest = handleTest ./switch-test.nix {}; sympa = handleTest ./sympa.nix {}; diff --git a/nixos/tests/swap-partition.nix b/nixos/tests/swap-partition.nix new file mode 100644 index 000000000000..2279630b57b8 --- /dev/null +++ b/nixos/tests/swap-partition.nix @@ -0,0 +1,48 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: +{ + name = "swap-partition"; + + nodes.machine = + { config, pkgs, lib, ... }: + { + virtualisation.useDefaultFilesystems = false; + + virtualisation.bootDevice = "/dev/vda1"; + + boot.initrd.postDeviceCommands = '' + if ! test -b /dev/vda1; then + ${pkgs.parted}/bin/parted --script /dev/vda -- mklabel msdos + ${pkgs.parted}/bin/parted --script /dev/vda -- mkpart primary 1MiB -250MiB + ${pkgs.parted}/bin/parted --script /dev/vda -- mkpart primary -250MiB 100% + sync + fi + + FSTYPE=$(blkid -o value -s TYPE /dev/vda1 || true) + if test -z "$FSTYPE"; then + ${pkgs.e2fsprogs}/bin/mke2fs -t ext4 -L root /dev/vda1 + ${pkgs.util-linux}/bin/mkswap --label swap /dev/vda2 + fi + ''; + + virtualisation.fileSystems = { + "/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + }; + }; + + swapDevices = [ + { + device = "/dev/disk/by-label/swap"; + } + ]; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + + with subtest("Swap is active"): + # Doesn't matter if the numbers reported by `free` are slightly off due to unit conversions. + machine.succeed("free -h | grep -E 'Swap:\s+2[45][0-9]Mi'") + ''; +}) From 5489715475abb729df345038584ab72b1a881e38 Mon Sep 17 00:00:00 2001 From: AtilaSaraiva Date: Sat, 18 Jun 2022 09:28:50 -0300 Subject: [PATCH 06/21] deepwave: init at 0.0.11 --- .../python-modules/deepwave/default.nix | 59 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 61 insertions(+) create mode 100644 pkgs/development/python-modules/deepwave/default.nix diff --git a/pkgs/development/python-modules/deepwave/default.nix b/pkgs/development/python-modules/deepwave/default.nix new file mode 100644 index 000000000000..837259380ae4 --- /dev/null +++ b/pkgs/development/python-modules/deepwave/default.nix @@ -0,0 +1,59 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pytorch +, ninja +, scipy +, which +, pybind11 +, pytest-xdist +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "deepwave"; + version = "0.0.11"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "ar4"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-d4EahmzHACHaeKoNZy63OKwWZdlHbUydrbr4fD43X8s="; + }; + + # unable to find ninja although it is available, most likely because it looks for its pip version + postPatch = '' + substituteInPlace setup.cfg --replace "ninja" "" + ''; + + # The source files are compiled at runtime and cached at the + # $HOME/.cache folder, so for the check phase it is needed to + # have a temporary home. This is also the reason ninja is not + # needed at the nativeBuildInputs, since it will only be used + # at runtime. The user will have to add it to its nix-shell + # along with deepwave + preBuild = '' + export HOME=$(mktemp -d) + ''; + + propagatedBuildInputs = [ pytorch pybind11 ]; + + checkInputs = [ + ninja + which + scipy + pytest-xdist + pytestCheckHook + ]; + + pythonImportsCheck = [ "deepwave" ]; + + meta = with lib; { + description = "Wave propagation modules for PyTorch"; + homepage = "https://github.com/ar4/deepwave"; + license = licenses.mit; + platforms = intersectLists platforms.x86_64 platforms.linux; + maintainers = with maintainers; [ atila ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 78a1d34e399e..e9d71c684356 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2195,6 +2195,8 @@ in { deeptoolsintervals = callPackage ../development/python-modules/deeptoolsintervals { }; + deepwave = callPackage ../development/python-modules/deepwave { }; + deep-translator = callPackage ../development/python-modules/deep-translator { }; deezer-py = callPackage ../development/python-modules/deezer-py { }; From efcfeb4cd9ffc26a5b639be01e027f067bed641a Mon Sep 17 00:00:00 2001 From: sudosubin Date: Sun, 3 Jul 2022 23:49:11 +0900 Subject: [PATCH 07/21] check-jsonschema: init at 0.16.2 --- .../tools/check-jsonschema/default.nix | 41 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 43 insertions(+) create mode 100644 pkgs/development/tools/check-jsonschema/default.nix diff --git a/pkgs/development/tools/check-jsonschema/default.nix b/pkgs/development/tools/check-jsonschema/default.nix new file mode 100644 index 000000000000..068bc752d32c --- /dev/null +++ b/pkgs/development/tools/check-jsonschema/default.nix @@ -0,0 +1,41 @@ +{ lib, fetchFromGitHub, python3 }: + +with python3.pkgs; + +buildPythonApplication rec { + pname = "check-jsonschema"; + version = "0.16.2"; + + src = fetchFromGitHub { + owner = "python-jsonschema"; + repo = "check-jsonschema"; + rev = version; + sha256 = "sha256-rPjXua5kITr+I+jqeAO2iGUFVhjkLnQkXlUzRvkXduA="; + }; + + propagatedBuildInputs = [ + ruamel-yaml + jsonschema + identify + requests + click + ]; + + checkInputs = [ + pytestCheckHook + pytest-xdist + responses + ]; + + preCheck = lib.optionalString (stdenv.isDarwin && stdenv.isAarch64) '' + # https://github.com/python/cpython/issues/74570#issuecomment-1093748531 + export no_proxy='*'; + ''; + + meta = with lib; { + description = "A jsonschema CLI and pre-commit hook"; + homepage = "https://github.com/python-jsonschema/check-jsonschema"; + license = licenses.apsl20; + maintainers = with maintainers; [ sudosubin ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3ead24e0eabd..396c5c138794 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14761,6 +14761,8 @@ with pkgs; pythonDocs = recurseIntoAttrs (callPackage ../development/interpreters/python/cpython/docs {}); + check-jsonschema = callPackage ../development/tools/check-jsonschema {}; + pypi2nix = callPackage ../development/tools/pypi2nix {}; pypi-mirror = callPackage ../development/tools/pypi-mirror {}; From cf19e96438c4b772ed7f4600d35348ccca90ccae Mon Sep 17 00:00:00 2001 From: ranfdev Date: Sat, 2 Jul 2022 10:26:59 +0200 Subject: [PATCH 08/21] edgedb: init at unstable-2022-06-27 I can't init at 1.1.2 because there's an issue while vendoring the packages. v1.1.2 seem to require two different version of the same package, causing an issue similar to https://github.com/NixOS/nixpkgs/issues/30742. --- .../0001-dynamically-patchelf-binaries.patch | 34 ++++++++++++ pkgs/tools/networking/edgedb/default.nix | 55 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 4 ++ 3 files changed, 93 insertions(+) create mode 100644 pkgs/tools/networking/edgedb/0001-dynamically-patchelf-binaries.patch create mode 100644 pkgs/tools/networking/edgedb/default.nix diff --git a/pkgs/tools/networking/edgedb/0001-dynamically-patchelf-binaries.patch b/pkgs/tools/networking/edgedb/0001-dynamically-patchelf-binaries.patch new file mode 100644 index 000000000000..ec2dccfc359a --- /dev/null +++ b/pkgs/tools/networking/edgedb/0001-dynamically-patchelf-binaries.patch @@ -0,0 +1,34 @@ +diff --git a/src/portable/install.rs b/src/portable/install.rs +index dc0d932..5394fc1 100644 +--- a/src/portable/install.rs ++++ b/src/portable/install.rs +@@ -133,8 +133,16 @@ fn unpack_package(cache_file: &Path, target_dir: &Path) + for entry in arch.entries()? { + let mut entry = entry?; + let path = entry.path()?; ++ let is_inside_bin = { ++ let mut path_iter = path.iter(); ++ path_iter.next(); // discards first folder ++ path_iter.as_path().starts_with("bin") ++ }; + if let Some(path) = build_path(&target_dir, &*path)? { +- entry.unpack(path)?; ++ entry.unpack(&path)?; ++ if is_inside_bin { ++ nix_patchelf_if_needed(&path); ++ } + } + } + bar.finish_and_clear(); +@@ -203,3 +211,11 @@ pub fn package(pkg_info: &PackageInfo) -> anyhow::Result { + + Ok(info) + } ++ ++fn nix_patchelf_if_needed(dest_path: &Path) { ++ let _ = ::std::process::Command::new("@patchelf@/bin/patchelf") ++ .arg("--set-interpreter") ++ .arg("@dynamicLinker@") ++ .arg(dest_path) ++ .output(); ++} diff --git a/pkgs/tools/networking/edgedb/default.nix b/pkgs/tools/networking/edgedb/default.nix new file mode 100644 index 000000000000..9fe04ee70daf --- /dev/null +++ b/pkgs/tools/networking/edgedb/default.nix @@ -0,0 +1,55 @@ +{ stdenv +, lib +, runCommand +, patchelf +, fetchFromGitHub +, rustPlatform +, makeWrapper +, pkg-config +, curl +, Security +, CoreServices +, libiconv +, xz +, perl +, substituteAll +}: + +rustPlatform.buildRustPackage rec { + pname = "edgedb"; + version = "unstable-2022-06-27"; + + src = fetchFromGitHub { + owner = "edgedb"; + repo = "edgedb-cli"; + rev = "3c65c8bf0a09988356ad477d0ae234182f809b0a"; + sha256 = "sha256-UqoRa5ZbPJEHo9wyyygrN1ssorgY3cLw/mMrCDXr4gw="; + }; + + cargoSha256 = "sha256-6HJkkem44+dat5bmVEM+7GSJFjCz1dYZeRIPEoEwNlI="; + + nativeBuildInputs = [ makeWrapper pkg-config perl ]; + + buildInputs = [ + curl + ] ++ lib.optionals stdenv.isDarwin [ CoreServices Security libiconv xz ]; + + checkFeatures = [ ]; + + patches = [ + (substituteAll { + src = ./0001-dynamically-patchelf-binaries.patch; + inherit patchelf; + dynamicLinker = stdenv.cc.bintools.dynamicLinker; + }) + ]; + + doCheck = false; + + meta = with lib; { + description = "EdgeDB cli"; + homepage = "https://www.edgedb.com/docs/cli/index"; + license = with licenses; [ asl20 /* or */ mit ]; + maintainers = [ maintainers.ranfdev ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b90623b29f3b..f512e44cede4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -406,6 +406,10 @@ with pkgs; eclipse-mat = callPackage ../development/tools/eclipse-mat { }; + edgedb = callPackage ../tools/networking/edgedb { + inherit (darwin.apple_sdk.frameworks) CoreServices Security; + }; + efficient-compression-tool = callPackage ../tools/compression/efficient-compression-tool { }; evans = callPackage ../development/tools/evans { }; From 5deff9583cf6c8fad702bfd9e835bd726aeed308 Mon Sep 17 00:00:00 2001 From: nathannaveen <42319948+nathannaveen@users.noreply.github.com> Date: Mon, 4 Jul 2022 01:09:50 +0000 Subject: [PATCH 09/21] chore: Set permissions for GitHub actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> --- .github/workflows/no-channel.yml | 5 +++++ .github/workflows/update-terraform-providers.yml | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/no-channel.yml b/.github/workflows/no-channel.yml index fb9a95851f06..90c38f22c007 100644 --- a/.github/workflows/no-channel.yml +++ b/.github/workflows/no-channel.yml @@ -6,8 +6,13 @@ on: - 'nixos-**' - 'nixpkgs-**' +permissions: + contents: read + jobs: fail: + permissions: + contents: none name: "This PR is is targeting a channel branch" runs-on: ubuntu-latest steps: diff --git a/.github/workflows/update-terraform-providers.yml b/.github/workflows/update-terraform-providers.yml index 8bd82acbe791..c966505843a1 100644 --- a/.github/workflows/update-terraform-providers.yml +++ b/.github/workflows/update-terraform-providers.yml @@ -5,8 +5,15 @@ on: - cron: "14 3 * * 1" workflow_dispatch: +permissions: + contents: read + jobs: tf-providers: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + issues: write # for peter-evans/create-or-update-comment to create or update comment + pull-requests: write # for peter-evans/create-pull-request to create a PR if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: From 363c10d92205d46a0e8abfcbad9559b3e08f840d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo?= Date: Wed, 29 Jun 2022 17:23:08 -0300 Subject: [PATCH 10/21] gitqlient: 1.4.3 -> 1.5.0 --- .../version-management/gitqlient/default.nix | 58 ++++++++++++++++--- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/pkgs/applications/version-management/gitqlient/default.nix b/pkgs/applications/version-management/gitqlient/default.nix index 3737828ef720..d8b442736417 100644 --- a/pkgs/applications/version-management/gitqlient/default.nix +++ b/pkgs/applications/version-management/gitqlient/default.nix @@ -8,14 +8,46 @@ mkDerivation rec { pname = "gitqlient"; - version = "1.4.3"; + version = "1.5.0"; - src = fetchFromGitHub { - owner = "francescmm"; - repo = pname; - rev = "v${version}"; - sha256 = "018jz6b28zwr205jmgw13ddlfvlhxqf0cw1pfjiwsi6i8gay7w6s"; - }; + srcs = [ + (fetchFromGitHub { + owner = "francescmm"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-Mq29HbmPABrRIJjWC5AAKIOKbGngeJdkZkWeJw8BFuw="; + }) + (fetchFromGitHub rec { + owner = "francescmm"; + repo = "AuxiliarCustomWidgets"; + rev = "835f538b4a79e4d6bb70eef37a32103e7b2a1fd1"; + sha256 = "sha256-b1gb/7UcLS6lI92dBfTenGXA064t4dZufs3S9lu/lQA="; + name = repo; + }) + (fetchFromGitHub rec { + owner = "francescmm"; + repo = "QLogger"; + rev = "d1ed24e080521a239d5d5e2c2347fe211f0f3e4f"; + sha256 = "sha256-NVlFYmm7IIkf8LhQrAYXil9kH6DFq1XjOEHQiIWmER4="; + name = repo; + }) + (fetchFromGitHub rec { + owner = "francescmm"; + repo = "QPinnableTabWidget"; + rev = "cc937794e910d0452f0c07b4961c6014a7358831"; + sha256 = "sha256-2KzzBv/s2t665axeBxWrn8aCMQQArQLlUBOAlVhU+wE="; + name = repo; + }) + (fetchFromGitHub rec { + owner = "francescmm"; + repo = "git"; + rev = "b62750f4da4b133faff49e6f53950d659b18c948"; + sha256 = "sha256-4FqA+kkHd0TqD6ZuB4CbJ+IhOtQG9uWN+qhSAT0dXGs="; + name = repo; + }) + ]; + + sourceRoot = "source"; nativeBuildInputs = [ qmake @@ -25,11 +57,21 @@ mkDerivation rec { qtwebengine ]; + postUnpack = '' + for dep in AuxiliarCustomWidgets QPinnableTabWidget QLogger git; do + rmdir "source/src/$dep" + ln -sf "../../$dep" "source/src/$dep" + done + ''; + qmakeFlags = [ "GitQlient.pro" ]; - passthru.updateScript = gitUpdater { inherit pname version; }; + passthru.updateScript = gitUpdater { + inherit pname version; + rev-prefix = "v"; + }; meta = with lib; { homepage = "https://github.com/francescmm/GitQlient"; From e69aee3280033dd7fbf90bfe479fc279e43a365e Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Sun, 26 Jun 2022 18:44:15 +0100 Subject: [PATCH 11/21] =?UTF-8?q?ocamlPackages.io-page:=202.3.0=20?= =?UTF-8?q?=E2=86=92=202.4.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ocamlPackages.mirage-block: 2.0.1 → 3.0.0 ocamlPackages.mirage-block-ramdisk: disable tests ocamlPackages.mirage-block-unix: 2.12.1 → 2.14.1 ocamlPackages.mirage-unix: 4.0.0 → 4.0.1 ocamlPackages.vchan: 6.0.0 → 6.0.1 ocamlPackages.wodan-unix: mark as broken --- .../ocaml-modules/io-page/default.nix | 7 +++---- .../development/ocaml-modules/io-page/unix.nix | 17 ----------------- .../mirage-block-ramdisk/default.nix | 15 +++------------ .../mirage-block-unix/default.nix | 18 ++++++++---------- .../ocaml-modules/mirage-block/combinators.nix | 12 ++---------- .../ocaml-modules/mirage-block/default.nix | 10 ++++------ .../ocaml-modules/mirage-unix/default.nix | 10 ++++------ .../ocaml-modules/vchan/default.nix | 12 +++++------- pkgs/development/ocaml-modules/wodan/irmin.nix | 4 ++-- pkgs/development/ocaml-modules/wodan/unix.nix | 5 +++-- pkgs/top-level/ocaml-packages.nix | 2 -- 11 files changed, 34 insertions(+), 78 deletions(-) delete mode 100644 pkgs/development/ocaml-modules/io-page/unix.nix diff --git a/pkgs/development/ocaml-modules/io-page/default.nix b/pkgs/development/ocaml-modules/io-page/default.nix index 9685e27d0b8a..97c941c89183 100644 --- a/pkgs/development/ocaml-modules/io-page/default.nix +++ b/pkgs/development/ocaml-modules/io-page/default.nix @@ -2,14 +2,13 @@ buildDunePackage rec { pname = "io-page"; - version = "2.3.0"; + version = "2.4.0"; - useDune2 = true; - minimumOCamlVersion = "4.02.3"; + minimalOCamlVersion = "4.02.3"; src = fetchurl { url = "https://github.com/mirage/${pname}/releases/download/v${version}/${pname}-v${version}.tbz"; - sha256 = "1hx27pwf419hrhwaw9cphbnl8akz8yy73hqj49l15g2k7shah1cn"; + sha256 = "sha256-gMr0AfnDifHM912TstgkI+Q0FxB1rAyb0Abfospt9EI="; }; propagatedBuildInputs = [ cstruct bigarray-compat ]; diff --git a/pkgs/development/ocaml-modules/io-page/unix.nix b/pkgs/development/ocaml-modules/io-page/unix.nix deleted file mode 100644 index 843451b30866..000000000000 --- a/pkgs/development/ocaml-modules/io-page/unix.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, buildDunePackage, io-page, cstruct, ounit }: - -buildDunePackage { - pname = "io-page-unix"; - - inherit (io-page) version src useDune2 minimumOCamlVersion; - - propagatedBuildInputs = [ cstruct io-page ]; - checkInputs = [ ounit ]; - doCheck = true; - - meta = with lib; { - inherit (io-page.meta) homepage license; - description = "Support for efficient handling of I/O memory pages on Unix"; - maintainers = [ maintainers.sternenseemann ]; - }; -} diff --git a/pkgs/development/ocaml-modules/mirage-block-ramdisk/default.nix b/pkgs/development/ocaml-modules/mirage-block-ramdisk/default.nix index 7e8ebba73eb5..94e862a6bc9c 100644 --- a/pkgs/development/ocaml-modules/mirage-block-ramdisk/default.nix +++ b/pkgs/development/ocaml-modules/mirage-block-ramdisk/default.nix @@ -1,29 +1,20 @@ -{ lib, fetchurl, buildDunePackage, io-page, io-page-unix, mirage-block, alcotest -, mirage-block-combinators }: +{ lib, fetchurl, buildDunePackage, io-page, mirage-block }: buildDunePackage rec { pname = "mirage-block-ramdisk"; version = "0.5"; - useDune2 = true; - src = fetchurl { url = "https://github.com/mirage/mirage-block-ramdisk/releases/download/${version}/mirage-block-ramdisk-${version}.tbz"; sha256 = "cc0e814fd54efe7a5b7a8c5eb1c04e2dece751b7d8dee2d95908a0768896e8af"; }; - # Make tests compatible with alcotest 1.4.0 - postPatch = '' - substituteInPlace test/tests.ml --replace 'Fmt.kstrf Alcotest.fail' 'Fmt.kstrf (fun s -> Alcotest.fail s)' - ''; - - minimumOCamlVersion = "4.06"; + minimalOCamlVersion = "4.06"; propagatedBuildInputs = [ io-page mirage-block ]; - doCheck = true; - checkInputs = [ alcotest io-page-unix mirage-block-combinators ]; + doCheck = false; meta = with lib; { description = "In-memory BLOCK device for MirageOS"; diff --git a/pkgs/development/ocaml-modules/mirage-block-unix/default.nix b/pkgs/development/ocaml-modules/mirage-block-unix/default.nix index a24c4c9e821f..34989fdf14db 100644 --- a/pkgs/development/ocaml-modules/mirage-block-unix/default.nix +++ b/pkgs/development/ocaml-modules/mirage-block-unix/default.nix @@ -1,24 +1,22 @@ -{ lib, fetchurl, buildDunePackage, cstruct-lwt, diet, io-page-unix, logs -, mirage-block, ounit, rresult, uri }: +{ lib, fetchurl, buildDunePackage, cstruct-lwt, diet, io-page, logs +, mirage-block, ounit2, rresult, uri }: buildDunePackage rec { pname = "mirage-block-unix"; - version = "2.12.1"; - - useDune2 = true; + version = "2.14.1"; src = fetchurl { url = - "https://github.com/mirage/mirage-block-unix/releases/download/v${version}/mirage-block-unix-v${version}.tbz"; - sha256 = "4fc0ccea3c06c654e149c0f0e1c2a6f19be4e3fe1afd293c6a0dba1b56b3b8c4"; + "https://github.com/mirage/mirage-block-unix/releases/download/v${version}/mirage-block-unix-${version}.tbz"; + sha256 = "sha256-FcUhbjHKT11ePDXaAVzUdV/WOHoxMoXyZKG5ikKpBNU="; }; - minimumOCamlVersion = "4.06"; + minimalOCamlVersion = "4.06"; - propagatedBuildInputs = [ cstruct-lwt logs mirage-block rresult uri ]; + propagatedBuildInputs = [ cstruct-lwt io-page logs mirage-block rresult uri ]; doCheck = true; - checkInputs = [ diet io-page-unix ounit ]; + checkInputs = [ diet ounit2 ]; meta = with lib; { description = "MirageOS disk block driver for Unix"; diff --git a/pkgs/development/ocaml-modules/mirage-block/combinators.nix b/pkgs/development/ocaml-modules/mirage-block/combinators.nix index 4787373c1e31..7dee169afd5b 100644 --- a/pkgs/development/ocaml-modules/mirage-block/combinators.nix +++ b/pkgs/development/ocaml-modules/mirage-block/combinators.nix @@ -1,16 +1,8 @@ -{ buildDunePackage, fetchpatch, mirage-block, io-page, logs }: +{ buildDunePackage, mirage-block, io-page, logs }: buildDunePackage rec { pname = "mirage-block-combinators"; - inherit (mirage-block) version src useDune2; - - patches = [ - (fetchpatch { - name = "cstruct-6.0.0-compat.patch"; - url = "https://github.com/mirage/mirage-block/pull/49/commits/ff54105b21fb32d0d6977b419db0776e6c2ea166.patch"; - sha256 = "0bwgypnsyn4d9b46q6r7kh5qfcy58db7krs6z5zw83hc7y20y2sd"; - }) - ]; + inherit (mirage-block) version src; propagatedBuildInputs = [ mirage-block io-page logs ]; diff --git a/pkgs/development/ocaml-modules/mirage-block/default.nix b/pkgs/development/ocaml-modules/mirage-block/default.nix index 28eb4d6b28ed..161fd4a66ead 100644 --- a/pkgs/development/ocaml-modules/mirage-block/default.nix +++ b/pkgs/development/ocaml-modules/mirage-block/default.nix @@ -1,19 +1,17 @@ { lib, fetchurl, buildDunePackage -, cstruct, lwt, mirage-device +, cstruct, lwt, fmt }: buildDunePackage rec { pname = "mirage-block"; - version = "2.0.1"; - - useDune2 = true; + version = "3.0.0"; src = fetchurl { url = "https://github.com/mirage/mirage-block/releases/download/v${version}/mirage-block-v${version}.tbz"; - sha256 = "1wp8wmixaz9i2sbvq6nkx903lbnpdgb2w404pz1wk8kcg9p3ilcc"; + sha256 = "sha256-NB5nJpppMtdi0HDjKcCAqRjO4vIbAMfnP934P+SnzmU="; }; - propagatedBuildInputs = [ cstruct lwt mirage-device ]; + propagatedBuildInputs = [ cstruct lwt fmt ]; meta = with lib; { description = "Block signatures and implementations for MirageOS"; diff --git a/pkgs/development/ocaml-modules/mirage-unix/default.nix b/pkgs/development/ocaml-modules/mirage-unix/default.nix index 1e6dc0ef144f..68ee12f12c9d 100644 --- a/pkgs/development/ocaml-modules/mirage-unix/default.nix +++ b/pkgs/development/ocaml-modules/mirage-unix/default.nix @@ -1,17 +1,15 @@ -{ lib, buildDunePackage, fetchurl, ocaml_lwt, duration, mirage-runtime, io-page-unix }: +{ lib, buildDunePackage, fetchurl, lwt, duration, mirage-runtime, io-page }: buildDunePackage rec { pname = "mirage-unix"; - version = "4.0.0"; - - useDune2 = true; + version = "4.0.1"; src = fetchurl { url = "https://github.com/mirage/${pname}/releases/download/v${version}/${pname}-v${version}.tbz"; - sha256 = "0kyd83bkpjhn382b4mw3a4325xr8vms78znxqvifpcyfvfnlx7hj"; + sha256 = "sha256-9ymVBb3dkhb+MN97/sXe/oQ36CVx0kruj3sd19LiFZ4="; }; - propagatedBuildInputs = [ ocaml_lwt duration mirage-runtime io-page-unix ]; + propagatedBuildInputs = [ lwt duration mirage-runtime io-page ]; doCheck = true; meta = with lib; { diff --git a/pkgs/development/ocaml-modules/vchan/default.nix b/pkgs/development/ocaml-modules/vchan/default.nix index 54bf4e65004b..e88a86344285 100644 --- a/pkgs/development/ocaml-modules/vchan/default.nix +++ b/pkgs/development/ocaml-modules/vchan/default.nix @@ -1,19 +1,18 @@ { lib, buildDunePackage, fetchurl -, ppx_cstruct, ppx_sexp_conv, ounit, io-page-unix +, ppx_cstruct, ppx_sexp_conv, ounit , lwt, cstruct, io-page, mirage-flow, xenstore, xenstore_transport , sexplib, cmdliner }: buildDunePackage rec { pname = "vchan"; - version = "6.0.0"; + version = "6.0.1"; - useDune2 = true; - minimumOCamlVersion = "4.08"; + minimalOCamlVersion = "4.08"; src = fetchurl { - url = "https://github.com/mirage/ocaml-vchan/releases/download/v${version}/vchan-v${version}.tbz"; - sha256 = "7a6cc89ff8ba7144d6cef3f36722f40deedb3cefff0f7be1b2f3b7b2a2b41747"; + url = "https://github.com/mirage/ocaml-vchan/releases/download/v${version}/vchan-${version}.tbz"; + sha256 = "sha256-5E7dITMVirYoxUkp8ZamRAolyhA6avXGJNAioxeBuV0="; }; nativeBuildInputs = [ @@ -34,7 +33,6 @@ buildDunePackage rec { doCheck = true; checkInputs = [ cmdliner - io-page-unix ounit ]; diff --git a/pkgs/development/ocaml-modules/wodan/irmin.nix b/pkgs/development/ocaml-modules/wodan/irmin.nix index 86064d887dbb..4b158d5427ef 100644 --- a/pkgs/development/ocaml-modules/wodan/irmin.nix +++ b/pkgs/development/ocaml-modules/wodan/irmin.nix @@ -1,4 +1,4 @@ -{ lib, buildDunePackage, io-page-unix, irmin-chunk, irmin-git, irmin-unix +{ lib, buildDunePackage, irmin-chunk, irmin-git, irmin-unix , mirage-block-ramdisk, mirage-block-unix, wodan }: buildDunePackage rec { @@ -6,7 +6,7 @@ buildDunePackage rec { inherit (wodan) version src useDune2; propagatedBuildInputs = [ - io-page-unix + /* io-page-unix */ # No longer available in nixpkgs irmin-chunk irmin-git irmin-unix diff --git a/pkgs/development/ocaml-modules/wodan/unix.nix b/pkgs/development/ocaml-modules/wodan/unix.nix index 9b9cd841e0f1..bd694bce801b 100644 --- a/pkgs/development/ocaml-modules/wodan/unix.nix +++ b/pkgs/development/ocaml-modules/wodan/unix.nix @@ -1,5 +1,5 @@ { lib, buildDunePackage, base64, benchmark, csv, cmdliner, wodan, afl-persistent -, io-page-unix, mirage-block-ramdisk, mirage-block-unix }: +, mirage-block-ramdisk, mirage-block-unix }: buildDunePackage rec { outputs = [ "bin" "out" ]; @@ -12,7 +12,7 @@ buildDunePackage rec { benchmark cmdliner csv - io-page-unix + /* io-page-unix */ mirage-block-ramdisk mirage-block-unix wodan @@ -23,6 +23,7 @@ buildDunePackage rec { ''; meta = wodan.meta // { + broken = true; # io-page-unix is no longer available description = "Wodan clients with Unix integration"; mainProgram = "wodanc"; }; diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index d05abaddcfa8..10723fbc7a6d 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -529,8 +529,6 @@ let io-page = callPackage ../development/ocaml-modules/io-page { }; - io-page-unix = callPackage ../development/ocaml-modules/io-page/unix.nix { }; - ipaddr = callPackage ../development/ocaml-modules/ipaddr { }; ipaddr-cstruct = callPackage ../development/ocaml-modules/ipaddr/cstruct.nix { }; From 6791c3ae1163be0f6b5fd9d1da61366f2e0f246e Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Sun, 26 Jun 2022 18:44:19 +0100 Subject: [PATCH 12/21] =?UTF-8?q?ocamlPackages.io-page:=202.4.0=20?= =?UTF-8?q?=E2=86=92=203.0.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/ocaml-modules/io-page/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/ocaml-modules/io-page/default.nix b/pkgs/development/ocaml-modules/io-page/default.nix index 97c941c89183..eeb92c3eb28e 100644 --- a/pkgs/development/ocaml-modules/io-page/default.nix +++ b/pkgs/development/ocaml-modules/io-page/default.nix @@ -2,13 +2,13 @@ buildDunePackage rec { pname = "io-page"; - version = "2.4.0"; + version = "3.0.0"; - minimalOCamlVersion = "4.02.3"; + minimalOCamlVersion = "4.08"; src = fetchurl { - url = "https://github.com/mirage/${pname}/releases/download/v${version}/${pname}-v${version}.tbz"; - sha256 = "sha256-gMr0AfnDifHM912TstgkI+Q0FxB1rAyb0Abfospt9EI="; + url = "https://github.com/mirage/${pname}/releases/download/v${version}/${pname}-${version}.tbz"; + sha256 = "sha256-DjbKdNkFa6YQgJDLmLsuvyrweb4/TNvqAiggcj/3hu4="; }; propagatedBuildInputs = [ cstruct bigarray-compat ]; From 8aaed36df32bcff840489b7083b4cb077a7cf97a Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 4 Jul 2022 08:20:07 +0100 Subject: [PATCH 13/21] archimedes: use latest toolchain, not gcc-6 Without the change archimedes fails to build with latest toolchains as: ld: archimedes.c:(.text+0xdac7): undefined reference to `rnd' ld: archimedes.c:(.text+0xdeab): undefined reference to `rnd' ld: archimedes.c:(.text+0xdf13): undefined reference to `rnd' ld: archimedes.c:(.text+0xe3ef): undefined reference to `rnd' ld: archimedes.o:archimedes.c:(.text+0xe456): more undefined references to `rnd' follow ld: archimedes.o: in function `EMC': archimedes.c:(.text+0xf11b): undefined reference to `creation' ld: archimedes.c:(.text+0xf5f5): undefined reference to `creation' ld: archimedes.c:(.text+0xf826): undefined reference to `creation' ld: archimedes.c:(.text+0xf9ce): undefined reference to `creation' The change happens to fix build against clang as well. --- .../science/electronics/archimedes/default.nix | 12 +++++++++++- pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/science/electronics/archimedes/default.nix b/pkgs/applications/science/electronics/archimedes/default.nix index 8bceed08e1db..631f44e80633 100644 --- a/pkgs/applications/science/electronics/archimedes/default.nix +++ b/pkgs/applications/science/electronics/archimedes/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { pname = "archimedes"; @@ -9,6 +9,16 @@ stdenv.mkDerivation rec { sha256 = "0jfpnd3pns5wxcxbiw49v5sgpmm5b4v8s4q1a5292hxxk2hzmb3z"; }; + patches = [ + # Pull patch pending upstream inclusion to support c99 toolchains: + # https://savannah.gnu.org/bugs/index.php?62703 + (fetchpatch { + name = "c99.patch"; + url = "https://savannah.gnu.org/bugs/download.php?file_id=53393"; + sha256 = "1xmy1w4ln1gynldk3srdi2h0fxpx465dsa1yxc3rzrrjpxh6087f"; + }) + ]; + meta = { description = "GNU package for semiconductor device simulations"; homepage = "https://www.gnu.org/software/archimedes"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ed03cb2a9aaa..a781d005836a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -33156,9 +33156,7 @@ with pkgs; astral = callPackage ../applications/science/biology/astral { }; - archimedes = callPackage ../applications/science/electronics/archimedes { - stdenv = gcc6Stdenv; - }; + archimedes = callPackage ../applications/science/electronics/archimedes { }; bayescan = callPackage ../applications/science/biology/bayescan { }; From 50dff7c678cf9f17ae27f6465a21ff366eb18f08 Mon Sep 17 00:00:00 2001 From: WilliButz Date: Mon, 4 Jul 2022 11:49:31 +0200 Subject: [PATCH 14/21] atlassian-jira: 8.22.2 -> 8.22.4 includes fix for CVE-2022-26135 https://confluence.atlassian.com/jira/jira-server-security-advisory-29nd-june-2022-1142430667.html https://confluence.atlassian.com/jirasoftware/issues-resolved-in-8-22-4-1141486890.html --- pkgs/servers/atlassian/jira.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/atlassian/jira.nix b/pkgs/servers/atlassian/jira.nix index e9d38a41c029..6434a756bcd8 100644 --- a/pkgs/servers/atlassian/jira.nix +++ b/pkgs/servers/atlassian/jira.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { pname = "atlassian-jira"; - version = "8.22.2"; + version = "8.22.4"; src = fetchurl { url = "https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-${version}.tar.gz"; - sha256 = "sha256-j9JUIK4GOdY9rMLPZcWbjWUh/s2ZkoVEQBNAIqHhdYI="; + sha256 = "sha256-Zog0m8tsx8mDLU1rsW5zhhHgyRmi4JGWuy9DV8yp9nY="; }; buildPhase = '' From 62e5acd0a7573c0001c92cb36e38de0b247ccc01 Mon Sep 17 00:00:00 2001 From: Juan Ibiapina Date: Mon, 4 Jul 2022 11:57:06 +0200 Subject: [PATCH 15/21] ruby: Expose generic builder (#173390) To avoid duplicating the ruby compilation code, this change exposes two functions `mkRubyVersion` and `mkRuby`, which can be used in an overlay to build any past or current ruby version. An example overlay: ```nix self: super: { ruby_2_7_6 = super.mkRuby { version = super.mkRubyVersion "2" "7" "6" ""; sha256 = "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877"; }; ruby_3_1_2 = super.mkRuby { version = super.mkRubyVersion "3" "1" "2" ""; sha256 = "0gm84ipk6mrfw94852w5h7xxk2lqrxjbnlwb88svf0lz70933131"; }; } ``` --- pkgs/development/interpreters/ruby/default.nix | 3 +++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 5 insertions(+) diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 4381e6b6ddd9..db611f66ad69 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -260,6 +260,9 @@ let ) args; in self; in { + mkRubyVersion = rubyVersion; + mkRuby = generic; + ruby_2_7 = generic { version = rubyVersion "2" "7" "6" ""; sha256 = "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3bf344efccc1..ab366a1d14f6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14870,6 +14870,8 @@ with pkgs; inherit (darwin) libiconv libobjc libunwind; inherit (darwin.apple_sdk.frameworks) Foundation; }) + mkRubyVersion + mkRuby ruby_2_7 ruby_3_0 ruby_3_1; From 4145dfe7517985594d1b630c4893bb4a6eed2210 Mon Sep 17 00:00:00 2001 From: Arjan Schrijver Date: Mon, 4 Jul 2022 12:19:42 +0200 Subject: [PATCH 16/21] pls: 5.1.2 -> 5.2.0 --- pkgs/tools/misc/pls/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/pls/default.nix b/pkgs/tools/misc/pls/default.nix index 0e67641103f5..a72b4e44aa45 100644 --- a/pkgs/tools/misc/pls/default.nix +++ b/pkgs/tools/misc/pls/default.nix @@ -2,14 +2,14 @@ python3.pkgs.buildPythonApplication rec { pname = "pls"; - version = "5.1.2"; + version = "5.2.0"; format = "pyproject"; src = fetchFromGitHub { owner = "dhruvkb"; repo = "pls"; rev = version; - sha256 = "sha256-xJvAAlRVKQHEOz8wbErHCUTcb8Y1otcPEUwTw2lgddo="; + sha256 = "sha256-nmADeOVS5qdWsun36eKmeT4kYml0sTXYNa+YUiyNGQY="; }; nativeBuildInputs = [ python3.pkgs.poetry-core ]; From ccddf9a017151fd8ad2bc65a7e8778a5f69290f6 Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 27 Jun 2022 05:59:38 +0100 Subject: [PATCH 17/21] =?UTF-8?q?amiri:=200.114=20=E2=86=92=200.117?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/data/fonts/amiri/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/data/fonts/amiri/default.nix b/pkgs/data/fonts/amiri/default.nix index ffceeb6ac8fc..539b86c6c408 100644 --- a/pkgs/data/fonts/amiri/default.nix +++ b/pkgs/data/fonts/amiri/default.nix @@ -1,19 +1,21 @@ { lib, fetchzip }: let - version = "0.114"; + version = "0.117"; in fetchzip rec { name = "Amiri-${version}"; url = "https://github.com/alif-type/amiri/releases/download/${version}/${name}.zip"; - sha256 = "sha256-6FA46j1shP0R8iEi/Xop2kXS0OKW1jaGUEOthT3Z5b4="; + sha256 = "sha256-TCdL4Am+mT7E9fHEagcR7i9kBziyJuO3r1kM+ekfvbU="; postFetch = '' - unzip $downloadedFile - install -m444 -Dt $out/share/fonts/truetype ${name}/*.ttf - install -m444 -Dt $out/share/doc/${name} ${name}/{*.txt,*.pdf} + rm -rf $out/otf + mkdir -p $out/share/fonts/truetype + mv $out/*.ttf $out/share/fonts/truetype/ + mkdir -p $out/share/doc/${name} + mv $out/{*.html,*.txt,*.md} $out/share/doc/${name}/ ''; meta = with lib; { From 76a24f2d7955f245a0e7eb2fbc595fd3cb562f6c Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 27 Jun 2022 21:49:25 +0100 Subject: [PATCH 18/21] =?UTF-8?q?ocamlPackages.secp256k1-internal:=200.2?= =?UTF-8?q?=20=E2=86=92=200.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ocaml-modules/secp256k1-internal/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/development/ocaml-modules/secp256k1-internal/default.nix b/pkgs/development/ocaml-modules/secp256k1-internal/default.nix index f7d3c1e41c56..4a9a761ab30c 100644 --- a/pkgs/development/ocaml-modules/secp256k1-internal/default.nix +++ b/pkgs/development/ocaml-modules/secp256k1-internal/default.nix @@ -11,16 +11,14 @@ buildDunePackage rec { pname = "secp256k1-internal"; - version = "0.2"; + version = "0.3"; src = fetchFromGitLab { owner = "nomadic-labs"; repo = "ocaml-secp256k1-internal"; - rev = "v${version}"; - sha256 = "1g9fyi78nmmm19l2cggwj14m4n80rz7gmnh1gq376zids71s6qxv"; + rev = version; + sha256 = "sha256-1wvQ4RW7avcGsIc0qgDzhGrwOBY0KHrtNVHCj2cgNzo="; }; - useDune2 = true; - minimalOCamlVersion = "4.08"; propagatedBuildInputs = [ From ac8fadc7f35009bf0fd81e9306c92a4238b0fe4c Mon Sep 17 00:00:00 2001 From: tricktron Date: Mon, 4 Jul 2022 13:28:02 +0200 Subject: [PATCH 19/21] colima: 0.4.2 -> 0.4.4 (#179522) * colima: use updated Makefile in build and install phases * colima: use lima-unwrapped * colima: fix dynamic version * colima: 0.4.2 -> 0.4.3 * colima: delete .git folder in postfetch when `leaveDotGit = true` Otherwise it may lead to non-deterministic behaviour. Co-authored-by: j-k * colima: do not override default buildGoModule phases The colima Makefile does more or less the same as the `buildGoModule` implementation. Instead of overriding it and using the Makefile directly, we reproduce the behaviour desired behaviour by customising env variables, e.g. `ldflags` and `subPackages`. Co-authored-by: j-k * colima: use `buildGoModule = buildGo118Module;` Co-authored-by: j-k * colima: update meta.description Co-authored-by: j-k * colima: set `CGO_ENABLED = 1` to make VPN connections work See https://github.com/abiosoft/colima/issues/358 * colima: 0.4.3 -> 0.4.4 * colima: define all ldflags in preConfigure Co-authored-by: Atemu * colima: add version test * colima: add meta.mainProgram and meta.platforms * colima: remove unused runCommand input Co-authored-by: j-k * colima: cleanup meta Co-authored-by: Sandro * colima: drop meta.platforms because we use the default value of `platforms.darwin ++ platforms.linux` Co-authored-by: Sandro Co-authored-by: Atemu * Update pkgs/applications/virtualization/colima/default.nix Co-authored-by: j-k Co-authored-by: Atemu Co-authored-by: Sandro --- .../virtualization/colima/default.nix | 35 ++++++++++++------- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/pkgs/applications/virtualization/colima/default.nix b/pkgs/applications/virtualization/colima/default.nix index 4b756bb720a0..6b6d1364f753 100644 --- a/pkgs/applications/virtualization/colima/default.nix +++ b/pkgs/applications/virtualization/colima/default.nix @@ -1,43 +1,47 @@ { lib -, buildGo118Module +, buildGoModule , fetchFromGitHub , installShellFiles , lima , makeWrapper +, qemu +, testers +, colima }: -buildGo118Module rec { +buildGoModule rec { pname = "colima"; - version = "0.4.2"; + version = "0.4.4"; src = fetchFromGitHub { owner = "abiosoft"; repo = pname; rev = "v${version}"; - sha256 = "sha256-66nKH5jxTzLB9bg2lH1E8Cc0GZ6C/N/+yPYhCVEKOBY="; - + sha256 = "bSBaSS+rVkFqTSdyegdE/F0X5u7yvF/nHslAO3xgD6I="; # We need the git revision leaveDotGit = true; postFetch = '' - git -C $out rev-parse HEAD > $out/.git-revision + git -C $out rev-parse --short HEAD > $out/.git-revision rm -rf $out/.git ''; }; nativeBuildInputs = [ installShellFiles makeWrapper ]; - vendorSha256 = "sha256-91Ex3RPWxOHyZcR3Bo+bRdDAFw2mEGiC/uNKjdX2kuw="; + vendorSha256 = "sha256-jDzDwK7qA9lKP8CfkKzfooPDrHuHI4OpiLXmX9vOpOg="; - doCheck = false; + CGO_ENABLED = 1; preConfigure = '' - ldflags="-X github.com/abiosoft/colima/config.appVersion=${version} - -X github.com/abiosoft/colima/config.revision=$(cat .git-revision)" + ldflags="-s -w -X github.com/abiosoft/colima/config.appVersion=${version} \ + -X github.com/abiosoft/colima/config.revision=$(cat .git-revision)" ''; + subPackages = [ "cmd/colima" ]; + postInstall = '' wrapProgram $out/bin/colima \ - --prefix PATH : ${lib.makeBinPath [ lima ]} + --prefix PATH : ${lib.makeBinPath [ lima qemu ]} installShellCompletion --cmd colima \ --bash <($out/bin/colima completion bash) \ @@ -45,10 +49,15 @@ buildGo118Module rec { --zsh <($out/bin/colima completion zsh) ''; + passthru.tests.version = testers.testVersion { + package = colima; + command = "HOME=$(mktemp -d) colima version"; + }; + meta = with lib; { - description = "Container runtimes on MacOS with minimal setup"; + description = "Container runtimes with minimal setup"; homepage = "https://github.com/abiosoft/colima"; license = licenses.mit; - maintainers = with maintainers; [ aaschmid ]; + maintainers = with maintainers; [ aaschmid tricktron ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6414df64fe7a..3770016107c5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -34527,7 +34527,7 @@ with pkgs; idsk = callPackage ../tools/filesystems/idsk { stdenv = gcc10StdenvCompat; }; - colima = callPackage ../applications/virtualization/colima { }; + colima = callPackage ../applications/virtualization/colima { buildGoModule = buildGo118Module; }; lima = callPackage ../applications/virtualization/lima { }; From 2a1a6e53571fe8eb26f4450025df53b8a36b9449 Mon Sep 17 00:00:00 2001 From: Michael Adler Date: Mon, 4 Jul 2022 12:21:17 +0200 Subject: [PATCH 20/21] neovim-qt: 0.2.16.1 -> 0.2.17 --- pkgs/applications/editors/neovim/neovim-qt.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/neovim/neovim-qt.nix b/pkgs/applications/editors/neovim/neovim-qt.nix index 4d53143ac85c..f6013202bafb 100644 --- a/pkgs/applications/editors/neovim/neovim-qt.nix +++ b/pkgs/applications/editors/neovim/neovim-qt.nix @@ -3,13 +3,13 @@ mkDerivation rec { pname = "neovim-qt-unwrapped"; - version = "0.2.16.1"; + version = "0.2.17"; src = fetchFromGitHub { owner = "equalsraf"; repo = "neovim-qt"; rev = "v${version}"; - sha256 = "0x5brrim3f21bzdmh6wyrhrislwpx1248wbx56csvic6v78hzqny"; + sha256 = "sha256-UJXaHENqau5EEe5c94pJuNxZU5rutJs642w9Cof8Sa4="; }; cmakeFlags = [ From b80115e85f7c64635ab7d5f9d8024178447b4849 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 4 Jul 2022 03:30:41 +0000 Subject: [PATCH 21/21] gnome.gnome-remote-desktop: 42.2 -> 42.3 --- pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix b/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix index 111aa6bfefa5..a72012ca57fd 100644 --- a/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix +++ b/pkgs/desktops/gnome/core/gnome-remote-desktop/default.nix @@ -28,11 +28,11 @@ stdenv.mkDerivation rec { pname = "gnome-remote-desktop"; - version = "42.2"; + version = "42.3"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - hash = "sha256-wcy82MpwN+9ttz9r8rXdOKM2t9gKKpyY32/4g4eP+dU="; + hash = "sha256-opatWPizvawOLg2H2xKpOV5ydwqWDnh/vMG+PwBotkI="; }; nativeBuildInputs = [