From 597e558b144f03d1660b6426b04faac79e5fba86 Mon Sep 17 00:00:00 2001 From: Matt Bryant Date: Mon, 16 Jan 2023 12:44:14 -0800 Subject: [PATCH 01/22] maintainers: add tehmatt --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index bdf93d4e6d29..52ef44245067 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -14297,6 +14297,12 @@ githubId = 139251; name = "Tom Hunger"; }; + tehmatt = { + name = "tehmatt"; + email = "nix@programsareproofs.com"; + github = "tehmatt"; + githubId = 3358866; + }; tejasag = { name = "Tejas Agarwal"; email = "tejasagarwalbly@gmail.com"; From a6b406e5afedfd217ae44305e199e1dc3fca4dc3 Mon Sep 17 00:00:00 2001 From: Matt Bryant Date: Sun, 18 Dec 2022 21:14:16 -0800 Subject: [PATCH 02/22] flac2all: init at version 5.1 Added initial version of https://github.com/ZivaVatra/flac2all --- pkgs/applications/audio/flac2all/default.nix | 45 ++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 47 insertions(+) create mode 100644 pkgs/applications/audio/flac2all/default.nix diff --git a/pkgs/applications/audio/flac2all/default.nix b/pkgs/applications/audio/flac2all/default.nix new file mode 100644 index 000000000000..e0681b94f683 --- /dev/null +++ b/pkgs/applications/audio/flac2all/default.nix @@ -0,0 +1,45 @@ +{ python3Packages, lib, flac, lame, opusTools, vorbis-tools, ffmpeg }: + +python3Packages.buildPythonApplication rec { + pname = "flac2all"; + version = "5.1"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "OBjlr7cbSx2WOIfZUNwHy5Hpb2Fmh3vmZdc70JiWsiI="; + }; + + # Not sure why this is needed, but setup.py expects this to be set + postPatch = '' + echo ${version} > ./flac2all_pkg/version + ''; + + propagatedBuildInputs = [ + python3Packages.pyzmq + ]; + + postInstall = '' + wrapProgram $out/bin/flac2all \ + --set PATH ${lib.makeBinPath [ + # Hard requirements + flac + lame + # Optional deps depending on encoding types + opusTools + vorbis-tools + ffmpeg + ]} + ''; + + # Has no standard tests, so we verify a few imports instead. + doCheck = false; + pythonImportsCheck = [ "flac2all_pkg.vorbis" "flac2all_pkg.mp3" ]; + + meta = with lib; { + description = "Multi process, clustered, FLAC to multi codec audio converter with tagging support"; + homepage = "https://github.com/ZivaVatra/flac2all"; + license = licenses.gpl3; + # TODO: This has only been tested on Linux, but may work on Mac too. + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 522d94c60319..73d2f1767e48 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -38865,6 +38865,8 @@ with pkgs; alsa-scarlett-gui = callPackage ../applications/audio/alsa-scarlett-gui { }; + flac2all = callPackage ../applications/audio/flac2all {}; + tuner = callPackage ../applications/audio/tuner { }; locate-dominating-file = callPackage ../tools/misc/locate-dominating-file { }; From 31b324c027bb6aa4cd6943dcb2c9694f1e17e34c Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Sun, 29 Jan 2023 09:04:13 +0000 Subject: [PATCH 03/22] filtron: use buildGoModule --- pkgs/servers/filtron/default.nix | 26 +++++++++++++------- pkgs/servers/filtron/deps.nix | 41 -------------------------------- 2 files changed, 18 insertions(+), 49 deletions(-) delete mode 100644 pkgs/servers/filtron/deps.nix diff --git a/pkgs/servers/filtron/default.nix b/pkgs/servers/filtron/default.nix index fccc1ba0016b..f50e3b19583c 100644 --- a/pkgs/servers/filtron/default.nix +++ b/pkgs/servers/filtron/default.nix @@ -1,22 +1,32 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, fetchpatch }: -buildGoPackage rec { +buildGoModule rec { pname = "filtron"; version = "0.2.0"; - goPackagePath = "github.com/asciimoo/filtron"; - src = fetchFromGitHub { owner = "asciimoo"; repo = "filtron"; rev = "v${version}"; - sha256 = "18d3h0i2sfqbc0bjx26jm2n9f37zwp8z9z4wd17sw7nvkfa72a26"; + hash = "sha256-RihxlJvbHq5PaJz89NHl/wyXrKjSiC4XYAs7LSKAo6E="; }; - goDeps = ./deps.nix; + vendorHash = "sha256-1DRR16WiBGvhOpq12L5njJJRRCIA7ajs1Py9j/3cWPE="; - # The upstream test checks are obsolete/unmaintained. - doCheck = false; + patches = [ + # Update golang version in go.mod + (fetchpatch { + url = "https://github.com/asciimoo/filtron/commit/365a0131074b3b12aaa65194bfb542182a63413c.patch"; + hash = "sha256-QGR6YetEzA/b6tC4uD94LBkWv0+9PG7RD72Tpkn2gQU="; + }) + # Add missing go.sum file + (fetchpatch { + url = "https://github.com/asciimoo/filtron/commit/077769282b4e392e96a194c8ae71ff9f693560ea.patch"; + hash = "sha256-BhHbXDKiRjSzC6NKhKUiH6rjt/EgJcEprHMMJ1x/wiQ="; + }) + ]; + + ldflags = [ "-s" "-w" ]; meta = with lib; { description = "Reverse HTTP proxy to filter requests by different rules."; diff --git a/pkgs/servers/filtron/deps.nix b/pkgs/servers/filtron/deps.nix deleted file mode 100644 index 61320f868d05..000000000000 --- a/pkgs/servers/filtron/deps.nix +++ /dev/null @@ -1,41 +0,0 @@ -[ - { - goPackagePath = "github.com/valyala/fasthttp"; - fetch = { - type = "git"; - url = "https://github.com/valyala/fasthttp"; - rev = "v1.41.0"; - sha256 = "sha256-lV9FP7GjnQk/kJACE9l5CZ/8kzORdNpYS5lPokEYrZM="; - }; - } - - { - goPackagePath = "github.com/klauspost/compress"; - fetch = { - type = "git"; - url = "https://github.com/klauspost/compress"; - rev = "v1.15.12"; - sha256 = "sha256-D41sCSbaqX9tXIRcTU9TYyjPyZpuKLDeQMXETE2ulbM="; - }; - } - - { - goPackagePath = "github.com/valyala/bytebufferpool"; - fetch = { - type = "git"; - url = "https://github.com/valyala/bytebufferpool"; - rev = "v1.0.0"; - sha256 = "sha256-I9FPZ3kCNRB+o0dpMwBnwZ35Fj9+ThvITn8a3Jr8mAY="; - }; - } - - { - goPackagePath = "github.com/andybalholm/brotli"; - fetch = { - type = "git"; - url = "https://github.com/andybalholm/brotli"; - rev = "v1.0.4"; - sha256 = "sha256-gAnPRdGP4yna4hiRIEDyBtDOVJqd7RU27wlPu96Rdf8="; - }; - } -] From ff167d8172c3cca60cb3be5a65ef85a93598f3ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Niemier?= Date: Fri, 3 Feb 2023 10:22:38 +0100 Subject: [PATCH 04/22] netdata-go.d.plugin: from 0.32.3 to 0.50.0 Netdata package has been updated several times in the meantime, but this (somewhat crucial) dependency was left forgotten and unloved. So this is quite huge jump in versions, but it is needed as many of the collectors were added there (the one I have noticed that is missing is PostgreSQL collector, but I bet that there is more). It also adds missing Bash `buildInput` as I noticed that it is needed by some shell collectors (cgroups I believe). --- pkgs/tools/system/netdata/go.d.plugin.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/system/netdata/go.d.plugin.nix b/pkgs/tools/system/netdata/go.d.plugin.nix index ebc552687cf7..5b45ddbb3ae2 100644 --- a/pkgs/tools/system/netdata/go.d.plugin.nix +++ b/pkgs/tools/system/netdata/go.d.plugin.nix @@ -1,17 +1,16 @@ -{ lib, fetchFromGitHub, buildGoModule }: - -buildGoModule rec { +{ lib, fetchFromGitHub, buildGo119Module }: +buildGo119Module rec { pname = "netdata-go.d.plugin"; - version = "0.32.3"; + version = "0.50.0"; src = fetchFromGitHub { owner = "netdata"; repo = "go.d.plugin"; rev = "v${version}"; - sha256 = "sha256-SayFqr6n6OLLUXseYiR8iBIf2xeDEHXHD0qBrgHY6+o="; + sha256 = "5kDc6zszVuFTDkNMuHBRwrfDnH+AdD6ULzmywtvL8iA="; }; - vendorSha256 = "sha256-tIuHWfAjvr5s2nJSnhnMZIjyy77BbobwgQoDOy4gdGI="; + vendorSha256 = "sha256-Wv6xqzpQxlZCrVnS+g9t1qiYCkm3NfXfW8XDYA9Txxs="; doCheck = false; From b3cc29c288b6ac5e2fa71477cabb2d088f568001 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 9 Feb 2023 07:25:50 +0000 Subject: [PATCH 05/22] types: explicitly state unique options are expected to be unique --- lib/options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index d14d209a8347..22eb6c2eeb1d 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -184,7 +184,7 @@ rec { if length defs == 1 then (head defs).value else assert length defs > 1; - throw "The option `${showOption loc}' is defined multiple times.\n${message}\nDefinition values:${showDefs defs}"; + throw "The option `${showOption loc}' is defined multiple times while it's expected to be unique.\n${message}\nDefinition values:${showDefs defs}"; /* "Merge" option definitions by checking that they all have the same value. */ mergeEqualOption = loc: defs: From fe734efc9c2c0a42b9c34dfd6280d82558744a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 9 Feb 2023 07:38:40 +0000 Subject: [PATCH 06/22] types: suggest how to resolve the conflict --- lib/options.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index 22eb6c2eeb1d..5e8f4ca4bb95 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -36,6 +36,9 @@ let inherit (lib.types) mkOptionType ; + prioritySuggestion = '' + Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions. + ''; in rec { @@ -184,7 +187,7 @@ rec { if length defs == 1 then (head defs).value else assert length defs > 1; - throw "The option `${showOption loc}' is defined multiple times while it's expected to be unique.\n${message}\nDefinition values:${showDefs defs}"; + throw "The option `${showOption loc}' is defined multiple times while it's expected to be unique.\n${message}\nDefinition values:${showDefs defs}\n${prioritySuggestion}"; /* "Merge" option definitions by checking that they all have the same value. */ mergeEqualOption = loc: defs: @@ -195,7 +198,7 @@ rec { else if length defs == 1 then (head defs).value else (foldl' (first: def: if def.value != first.value then - throw "The option `${showOption loc}' has conflicting definition values:${showDefs [ first def ]}" + throw "The option `${showOption loc}' has conflicting definition values:${showDefs [ first def ]}\n${prioritySuggestion}" else first) (head defs) (tail defs)).value; From 998c3cd1ce7d6186f9931ccd9dce9e89208972a0 Mon Sep 17 00:00:00 2001 From: Michael Adler Date: Thu, 9 Feb 2023 09:47:53 +0100 Subject: [PATCH 07/22] ungoogled-chromium: 109.0.5414.120 -> 110.0.5481.78 --- .../networking/browsers/chromium/common.nix | 13 ++----------- .../browsers/chromium/upstream-info.json | 14 +++++++------- 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 4a7048010c81..b79c69275adf 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -150,10 +150,10 @@ let libdrm wayland mesa.drivers libxkbcommon curl libepoxy + libffi ] ++ lib.optional systemdSupport systemd ++ lib.optionals cupsSupport [ libgcrypt cups ] - ++ lib.optional pulseSupport libpulseaudio - ++ lib.optional (chromiumVersionAtLeast "110") libffi; + ++ lib.optional pulseSupport libpulseaudio; patches = [ # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed): @@ -293,15 +293,6 @@ let chrome_pgo_phase = 0; clang_base_path = "${llvmPackages.clang}"; use_qt = false; - } // lib.optionalAttrs (!chromiumVersionAtLeast "110") { - # The default has changed to false. We'll build with libwayland from - # Nixpkgs for now but might want to eventually use the bundled libwayland - # as well to avoid incompatibilities (if this continues to be a problem - # from time to time): - use_system_libwayland = true; - # The default value is hardcoded instead of using pkg-config: - system_wayland_scanner_path = "${wayland.bin}/bin/wayland-scanner"; - } // lib.optionalAttrs (chromiumVersionAtLeast "110") { # To fix the build as we don't provide libffi_pic.a # (ld.lld: error: unable to find library -l:libffi_pic.a): use_system_libffi = true; diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 1eeec11742a6..620041643676 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -45,19 +45,19 @@ } }, "ungoogled-chromium": { - "version": "109.0.5414.120", - "sha256": "1yvfd0a7zfz4x00f83irrs6hy15wn85mrbbm7mk5wy4gjwg5zyrj", + "version": "110.0.5481.78", + "sha256": "1m67xfdgggaan09xsbppna209b8sm882xq587i0hsnnnzb3fdxdj", "sha256bin64": null, "deps": { "gn": { - "version": "2022-11-10", + "version": "2022-12-12", "url": "https://gn.googlesource.com/gn", - "rev": "1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41", - "sha256": "02621c9nqpr4pwcapy31x36l5kbyd0vdgd0wdaxj5p8hrxk67d6b" + "rev": "5e19d2fb166fbd4f6f32147fbb2f497091a54ad8", + "sha256": "1b5fwldfmkkbpp5x63n1dxv0nc965hphc8rm8ah7zg44zscm9z30" }, "ungoogled-patches": { - "rev": "109.0.5414.120-1", - "sha256": "0hq48lsjl7da8rdq129mc7cd0z5ykqbaf1sbhhs1d10dzm5zs4p3" + "rev": "110.0.5481.78-1", + "sha256": "1ffb2wf1bdmzlxk4ih8qq439jzqz17f8nchvx7na52y48am1qr3c" } } } From f7fe775fc1623a61c6c3de117a4ec8b1ddf8e10c Mon Sep 17 00:00:00 2001 From: Steven Kou Date: Thu, 9 Feb 2023 21:52:47 +0800 Subject: [PATCH 08/22] tailscale: 1.36.0 -> 1.36.1 Diff: https://github.com/tailscale/tailscale/compare/v1.36.0...v1.36.1 --- pkgs/servers/tailscale/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix index b936fd316283..75adec85e541 100644 --- a/pkgs/servers/tailscale/default.nix +++ b/pkgs/servers/tailscale/default.nix @@ -2,15 +2,15 @@ buildGoModule rec { pname = "tailscale"; - version = "1.36.0"; + version = "1.36.1"; src = fetchFromGitHub { owner = "tailscale"; repo = "tailscale"; rev = "v${version}"; - sha256 = "sha256-hNyEABs/GdfOx6vLTVBgbOzkbFvEDYZ0y1y0a0mIsfA="; + sha256 = "sha256-xTfMq8n9Io99qg/cc7SAWelcxXaWr21IQhsICeDCDNU="; }; - vendorSha256 = "sha256-Jy3kjUA8qLhcw9XLw4Xo1zhD+IWZrDNM79TsbnKpx/g="; + vendorSha256 = "sha256-xdZlwv/2knOE7xaGeNHYNdztflhLLmirGzPOJpDvk3s="; nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ]; From 131957d90f97542f709584b420b02e1a99440015 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 9 Feb 2023 09:01:10 -0800 Subject: [PATCH 09/22] libpgf: 7.21.2 -> 7.21.7 --- pkgs/development/libraries/libpgf/default.nix | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/libpgf/default.nix b/pkgs/development/libraries/libpgf/default.nix index 682ff485d65c..c0d24cb3cdf5 100644 --- a/pkgs/development/libraries/libpgf/default.nix +++ b/pkgs/development/libraries/libpgf/default.nix @@ -1,21 +1,29 @@ -{ lib, stdenv, fetchzip, autoreconfHook }: +{ lib +, stdenv +, fetchzip +, autoreconfHook +, dos2unix +}: stdenv.mkDerivation rec { pname = "libpgf"; - version = "7.21.2"; + version = "7.21.7"; src = fetchzip { url = "mirror://sourceforge/${pname}/${pname}/${version}/${pname}.zip"; - sha256 = "0l1j5b1d02jn27miggihlppx656i0pc70cn6x89j1rpj33zn0g9r"; + hash = "sha256-TAWIuikijfyeTRetZWoMMdB/FeGAR7ZjNssVxUevlVg="; }; - nativeBuildInputs = [ autoreconfHook ]; - - autoreconfPhase = '' + postPatch = '' + find . -type f | xargs dos2unix mv README.txt README - sh autogen.sh ''; + nativeBuildInputs = [ + autoreconfHook + dos2unix + ]; + meta = { homepage = "https://www.libpgf.org/"; description = "Progressive Graphics Format"; From ac17c2b4b3a14b038bfcf5c7a7958be1bfad3594 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 9 Feb 2023 09:06:15 -0800 Subject: [PATCH 10/22] pgf_graphics: 6.14.12 -> 7.21.7 --- pkgs/tools/graphics/pgf/default.nix | 39 ++++++++++++++++++----------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/pkgs/tools/graphics/pgf/default.nix b/pkgs/tools/graphics/pgf/default.nix index a2adb7ee61d9..e63875c19cd3 100644 --- a/pkgs/tools/graphics/pgf/default.nix +++ b/pkgs/tools/graphics/pgf/default.nix @@ -1,26 +1,37 @@ -{ lib, stdenv, fetchurl, autoconf, automake, libtool, dos2unix, libpgf, freeimage, doxygen }: +{ lib +, stdenv +, fetchzip +, autoreconfHook +, dos2unix +, doxygen +, freeimage +, libpgf +}: stdenv.mkDerivation rec { pname = "pgf"; - version = "6.14.12"; + version = "7.21.7"; - src = fetchurl { - url = "mirror://sourceforge/libpgf/pgf-console-src-${version}.tar.gz"; - sha256 = "1vfm12cfq3an3xg0679bcwdmjq2x1bbij1iwsmm60hwmrm3zvab0"; + src = fetchzip { + url = "mirror://sourceforge/libpgf/libpgf/${version}/pgf-console.zip"; + hash = "sha256-W9eXYhbynLtvZQsn724Uw0SZ5TuyK2MwREwYKGFhJj0="; }; - nativeBuildInputs = [ autoconf automake ]; - buildInputs = [ libtool dos2unix libpgf freeimage doxygen ]; - - patchPhase = '' - sed 1i'#include ' -i src/PGF.cpp - sed s/__int64/int64_t/g -i src/PGF.cpp - rm include/FreeImage.h include/FreeImagePlus.h + postPatch = '' + find . -type f | xargs dos2unix + mv README.txt README ''; - preConfigure = "dos2unix configure.ac; sh autogen.sh"; + nativeBuildInputs = [ + autoreconfHook + dos2unix + doxygen + ]; -# configureFlags = optional static "--enable-static --disable-shared"; + buildInputs = [ + freeimage + libpgf + ]; meta = { homepage = "https://www.libpgf.org/"; From 0d1461d6a57958b4b973a75a9b9eb1a8716ba86f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 9 Feb 2023 09:52:50 -0800 Subject: [PATCH 11/22] keepass: 2.53 -> 2.53.1 fixes CVE-2023-24055 Changelog: https://keepass.info/news/n230109_2.53.html --- pkgs/applications/misc/keepass/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/keepass/default.nix b/pkgs/applications/misc/keepass/default.nix index d91f03a696a0..022eba1fd6cb 100644 --- a/pkgs/applications/misc/keepass/default.nix +++ b/pkgs/applications/misc/keepass/default.nix @@ -4,11 +4,11 @@ let inherit (builtins) add length readFile replaceStrings unsafeDiscardStringContext toString map; in buildDotnetPackage rec { pname = "keepass"; - version = "2.53"; + version = "2.53.1"; src = fetchurl { url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip"; - hash = "sha256-wpXbLH9VyjJyb+KuQ8xmbik1jq+xqAFRxsxAuLM5MI0="; + hash = "sha256-R7KWxlxrhl55nOaDNYwA/cJJl+kd5ZYy6eZVqyrxxnM="; }; sourceRoot = "."; From a8f2090bc8264a0bae90583a60e28e7d9ac5fc7a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 16 Jan 2023 14:13:09 +0000 Subject: [PATCH 12/22] epubcheck: 4.2.6 -> 5.0.0 --- pkgs/tools/text/epubcheck/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/epubcheck/default.nix b/pkgs/tools/text/epubcheck/default.nix index 796aa0da8f91..8912f3ac2c3f 100644 --- a/pkgs/tools/text/epubcheck/default.nix +++ b/pkgs/tools/text/epubcheck/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "epubcheck"; - version = "4.2.6"; + version = "5.0.0"; src = fetchzip { url = "https://github.com/w3c/epubcheck/releases/download/v${version}/epubcheck-${version}.zip"; - sha256 = "sha256-f4r0ODKvZrl+YBcP2T9Z+zEuCyvQm9W7GNiLTr4p278="; + sha256 = "sha256-Lcd+rLO4G2i5FTq/okjKQ1+EIfuZ8khkCijgeDxxwq8="; }; nativeBuildInputs = [ makeWrapper ]; From 63dd9fb5c8b99209ea9fea0ab9aeb82f2710dba0 Mon Sep 17 00:00:00 2001 From: Alvar Penning Date: Sat, 14 Jan 2023 20:20:00 +0100 Subject: [PATCH 13/22] nixos/ympd: Unit hardening Next to some systemd unit hardening, the nobody user isn't used anymore, as suggested in #55370. --- nixos/modules/services/audio/ympd.nix | 40 ++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/audio/ympd.nix b/nixos/modules/services/audio/ympd.nix index 811b81030efc..b74cc3f9c0b4 100644 --- a/nixos/modules/services/audio/ympd.nix +++ b/nixos/modules/services/audio/ympd.nix @@ -48,8 +48,46 @@ in { systemd.services.ympd = { description = "Standalone MPD Web GUI written in C"; + wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${cfg.mpd.host} --port ${toString cfg.mpd.port} --webport ${toString cfg.webPort} --user nobody"; + after = [ "network-online.target" ]; + + serviceConfig = { + ExecStart = '' + ${pkgs.ympd}/bin/ympd \ + --host ${cfg.mpd.host} \ + --port ${toString cfg.mpd.port} \ + --webport ${toString cfg.webPort} + ''; + + DynamicUser = true; + NoNewPrivileges = true; + + ProtectProc = "invisible"; + ProtectSystem = "strict"; + ProtectHome = "tmpfs"; + + PrivateTmp = true; + PrivateDevices = true; + PrivateIPC = true; + + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictRealtime = true; + RestrictSUIDSGID = true; + + SystemCallFilter = [ + "@system-service" + "~@process" + "~@setuid" + ]; + }; }; }; From e2a7510f3db12db9820fd45c8edcb6f5c4b33935 Mon Sep 17 00:00:00 2001 From: Aaron Bieber Date: Fri, 13 Jan 2023 05:47:24 -0700 Subject: [PATCH 14/22] rex: install shell completions --- pkgs/tools/system/rex/default.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/system/rex/default.nix b/pkgs/tools/system/rex/default.nix index 2bb67333121e..cf59a22cecee 100644 --- a/pkgs/tools/system/rex/default.nix +++ b/pkgs/tools/system/rex/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, fetchurl, perlPackages, rsync, ... }: +{ pkgs, lib, fetchurl, perlPackages, rsync, installShellFiles, ... }: perlPackages.buildPerlPackage rec { pname = "Rex"; @@ -18,7 +18,7 @@ perlPackages.buildPerlPackage rec { rsync ]; - nativeBuildInputs = with perlPackages; [ ParallelForkManager ]; + nativeBuildInputs = with perlPackages; [ installShellFiles ParallelForkManager ]; propagatedBuildInputs = with perlPackages; [ AWSSignature4 @@ -44,6 +44,17 @@ perlPackages.buildPerlPackage rec { doCheck = false; + outputs = [ "out" ]; + + fixupPhase = '' + for sh in bash zsh; do + substituteInPlace ./share/rex-tab-completion.$sh \ + --replace 'perl' "${pkgs.perl.withPackages (ps: [ ps.YAML ])}/bin/perl" + done + installShellCompletion --name _rex --zsh ./share/rex-tab-completion.zsh + installShellCompletion --name rex --bash ./share/rex-tab-completion.bash + ''; + meta = { homepage = "https://www.rexify.org"; description = "The friendly automation framework"; From c257eba8e2cd34d9213ffc6f3c6a81ea9c313a62 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 9 Feb 2023 17:06:10 +0000 Subject: [PATCH 15/22] mawk: 1.3.4-20200120 -> 1.3.4-20230203 --- pkgs/tools/text/mawk/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/mawk/default.nix b/pkgs/tools/text/mawk/default.nix index 62a23318ca2f..203a79fa381d 100644 --- a/pkgs/tools/text/mawk/default.nix +++ b/pkgs/tools/text/mawk/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "mawk"; - version = "1.3.4-20200120"; + version = "1.3.4-20230203"; src = fetchurl { urls = [ "ftp://ftp.invisible-island.net/mawk/mawk-${version}.tgz" "https://invisible-mirror.net/archives/mawk/mawk-${version}.tgz" ]; - sha256 = "0dw2icf8bnqd9y0clfd9pkcxz4b2phdihwci13z914mf3wgcvm3z"; + sha256 = "sha256-bbejKsecURB60xpAfU+SxrhC3eL2inUztOe3sD6JAL4="; }; meta = with lib; { From f6b16324f73d824bf4d3717a29da23e8796cec8f Mon Sep 17 00:00:00 2001 From: Alexey Palazhchenko Date: Wed, 23 Nov 2022 20:58:42 +0400 Subject: [PATCH 16/22] ferretdb: 0.7.1 -> 0.9.0 Tweak the build process to set correct version. --- pkgs/servers/nosql/ferretdb/default.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/nosql/ferretdb/default.nix b/pkgs/servers/nosql/ferretdb/default.nix index 77f4aa5a300e..41a5d6bca7ce 100644 --- a/pkgs/servers/nosql/ferretdb/default.nix +++ b/pkgs/servers/nosql/ferretdb/default.nix @@ -5,29 +5,32 @@ buildGoModule rec { pname = "ferretdb"; - version = "0.7.1"; + version = "0.9.0"; src = fetchFromGitHub { owner = "FerretDB"; repo = "FerretDB"; rev = "v${version}"; - sha256 = "sha256-i3XCYVJfZ2sF4XGOxaBZqBOw7nRdzcGKhNNdqQMccPU="; + sha256 = "sha256-+tmClWkW3uhBXuQzuSMJnzeA1rrkpLV0QLCzcKhbThw="; }; postPatch = '' - echo ${version} > internal/util/version/gen/version.txt + echo v${version} > build/version/version.txt + echo nixpkgs > build/version/package.txt ''; - vendorSha256 = "sha256-qyAc5EVg8QPTnXQjqJGpT3waDrfn8iXz+O1iESCzCIc="; + vendorSha256 = "sha256-43FxDRcif8FDHyXdNL/FJEt5ZnCQ8r7d5Red3l9442Q="; CGO_ENABLED = 0; subPackages = [ "cmd/ferretdb" ]; + tags = [ "ferretdb_tigris" ]; + meta = with lib; { description = "A truly Open Source MongoDB alternative"; - homepage = "https://github.com/FerretDB/FerretDB"; + homepage = "https://www.ferretdb.io/"; license = licenses.asl20; - maintainers = with maintainers; [ dit7ya ]; + maintainers = with maintainers; [ dit7ya noisersup ]; }; } From ae87533ba16cfe9bd2a77132df0080e9ab5fd9a5 Mon Sep 17 00:00:00 2001 From: Artturin Date: Thu, 9 Feb 2023 19:48:31 +0200 Subject: [PATCH 17/22] linuxHeaders: cleanup android compared output and the build log and python2 is not required both build 'pkgsCross.aarch64-android.linuxHeaders' 'pkgsCross.aarch64-android.bionic.linuxHeaders' linux-headers> LEX scripts/kconfig/lexer.lex.c linux-headers> sh: line 1: flex: command not found linux-headers> YACC scripts/kconfig/parser.tab.[ch] linux-headers> sh: line 1: bison: command not found linux-headers> INSTALL ./usr/include linux-headers> sh: line 1: rsync: command not found Co-authored-by: exarkun --- pkgs/os-specific/linux/kernel-headers/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index 34fbde9d676a..a64787cac1eb 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -1,11 +1,8 @@ { stdenvNoCC, lib, buildPackages, fetchurl, perl, elf-header -, bison ? null, flex ? null, python ? null, rsync ? null +, bison, flex, rsync , writeTextFile }: -assert stdenvNoCC.hostPlatform.isAndroid -> - (flex != null && bison != null && python != null && rsync != null); - let # As part of building a hostPlatform=mips kernel, Linux creates and runs a @@ -50,7 +47,7 @@ let nativeBuildInputs = [ perl elf-header ] ++ lib.optionals stdenvNoCC.hostPlatform.isAndroid [ - flex bison python rsync + bison flex rsync ] ++ lib.optionals (stdenvNoCC.buildPlatform.isDarwin && stdenvNoCC.hostPlatform.isMips) [ darwin-endian-h From 5cb3cdf6d49c13ad2e76ebbdda7a9564f43fddec Mon Sep 17 00:00:00 2001 From: Philipp Hausmann Date: Thu, 9 Feb 2023 22:09:21 +0100 Subject: [PATCH 18/22] simutrans: remove phile314 as maintainer --- pkgs/games/simutrans/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/games/simutrans/default.nix b/pkgs/games/simutrans/default.nix index 1f051242ad90..cc8b864c1f3e 100644 --- a/pkgs/games/simutrans/default.nix +++ b/pkgs/games/simutrans/default.nix @@ -163,7 +163,7 @@ let homepage = "http://www.simutrans.com/"; license = with licenses; [ artistic1 gpl1Plus ]; - maintainers = with maintainers; [ phile314 ]; + maintainers = with maintainers; [ ]; platforms = with platforms; linux; # TODO: ++ darwin; }; }; From 8f972f694f1a78401298018a0e00e468192e81a5 Mon Sep 17 00:00:00 2001 From: Philipp Hausmann Date: Thu, 9 Feb 2023 22:09:58 +0100 Subject: [PATCH 19/22] cloud-init: remove phile314 as maintainer --- pkgs/tools/virtualization/cloud-init/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/virtualization/cloud-init/default.nix b/pkgs/tools/virtualization/cloud-init/default.nix index 40e3bfd5c1bd..97c80ec560cc 100644 --- a/pkgs/tools/virtualization/cloud-init/default.nix +++ b/pkgs/tools/virtualization/cloud-init/default.nix @@ -118,7 +118,7 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://cloudinit.readthedocs.org"; description = "Provides configuration and customization of cloud instance"; license = with licenses; [ asl20 gpl3Plus ]; - maintainers = with maintainers; [ phile314 illustris ]; + maintainers = with maintainers; [ illustris ]; platforms = platforms.all; }; } From 79f3b75f3c542a0b2c79f0ebd3e1a046f0af546a Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Thu, 9 Feb 2023 14:32:14 -0600 Subject: [PATCH 20/22] picat: 3.0p4 -> 3.3p3 Signed-off-by: Austin Seipp --- pkgs/development/compilers/picat/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/picat/default.nix b/pkgs/development/compilers/picat/default.nix index 159dec05e293..76d1ebdb4102 100644 --- a/pkgs/development/compilers/picat/default.nix +++ b/pkgs/development/compilers/picat/default.nix @@ -9,11 +9,11 @@ let in stdenv.mkDerivation { pname = "picat"; - version = "3.0p4"; + version = "3.3p3"; src = fetchurl { - url = "http://picat-lang.org/download/picat30_4_src.tar.gz"; - sha256 = "1rwin44m7ni2h2v51sh2r8gj2k6wm6f86zgaylrria9jr57inpqj"; + url = "http://picat-lang.org/download/picat333_src.tar.gz"; + hash = "sha256-LMmAHCGKgon/wNbrXTUH9hiHyGVwwSDpB1236xawzXs="; }; buildInputs = [ zlib ]; From d53177da93afb7492b8681b6933a2dd5d547d7ad Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Thu, 9 Feb 2023 14:30:53 -0600 Subject: [PATCH 21/22] trealla: 2.2.6 -> 2.8.4 Signed-off-by: Austin Seipp --- pkgs/development/interpreters/trealla/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/interpreters/trealla/default.nix b/pkgs/development/interpreters/trealla/default.nix index 770661c60534..c1a20a198f3b 100644 --- a/pkgs/development/interpreters/trealla/default.nix +++ b/pkgs/development/interpreters/trealla/default.nix @@ -1,14 +1,14 @@ -{ lib, stdenv, fetchFromGitHub, readline, openssl, libffi, withThread ? true, withSSL ? true, xxd }: +{ lib, stdenv, fetchFromGitHub, readline, openssl, libffi, valgrind, withThread ? true, withSSL ? true, xxd }: stdenv.mkDerivation rec { pname = "trealla"; - version = "2.2.6"; + version = "2.8.4"; src = fetchFromGitHub { owner = "trealla-prolog"; repo = "trealla"; rev = "v${version}"; - sha256 = "sha256-DxlexijQPcNxlPjo/oIvsN//8nZ0injXFHc2t3n4yjg="; + sha256 = "sha256-/jB4jlYotvdU068+zj9Z+G0g75sI9dTmtgN874i0qAE="; }; postPatch = '' @@ -27,6 +27,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ xxd ]; buildInputs = [ readline openssl libffi ]; + checkInputs = [ valgrind ]; enableParallelBuilding = true; installPhase = '' From 275d807773b07e481b711ec98eb13bb8ea925ad7 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 10 Feb 2023 06:52:14 +1000 Subject: [PATCH 22/22] terraform: 1.3.7 -> 1.3.8 https://github.com/hashicorp/terraform/releases/tag/v1.3.8 --- pkgs/applications/networking/cluster/terraform/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/terraform/default.nix b/pkgs/applications/networking/cluster/terraform/default.nix index 4865ca4901cb..81f9159c230a 100644 --- a/pkgs/applications/networking/cluster/terraform/default.nix +++ b/pkgs/applications/networking/cluster/terraform/default.nix @@ -168,9 +168,9 @@ rec { mkTerraform = attrs: pluggable (generic attrs); terraform_1 = mkTerraform { - version = "1.3.7"; - sha256 = "sha256-z49DXJ9oYObJQWHPeuKvQ6jJtAheYuy0+QmvZ74ZbTQ"; - vendorSha256 = "sha256-fviukVGBkbxFs2fJpEp/tFMymXex7NRQdcGIIA9W88k="; + version = "1.3.8"; + sha256 = "sha256-AXLk5s3qu3QZ1aXx/FwPNq3hM26skBj0wyn/x8nVMkE="; + vendorSha256 = "sha256-CE6jNBvM0980+R0e5brK5lMrkad+91qTt9mp2h3NZyY="; patches = [ ./provider-path-0_15.patch ]; passthru = { inherit plugins;