dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'staging' into release-cross-fixes

Browse Source
This commit is contained in:
Matthew Bauer 2019-05-18 14:57:53 -05:00 committed by GitHub
commit 872100cf41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
672 changed files with 14757 additions and 8853 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/languages-frameworks/python.section.md
View File

@ -594,6 +594,7 @@ All parameters from `stdenv.mkDerivation` function are still supported. The foll
* `catchConflicts ? true`: If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`. * `catchConflicts ? true`: If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`.
* `disabled` ? false: If `true`, package is not build for the particular Python interpreter version. * `disabled` ? false: If `true`, package is not build for the particular Python interpreter version.
* `dontWrapPythonPrograms ? false`: Skip wrapping of python programs. * `dontWrapPythonPrograms ? false`: Skip wrapping of python programs.
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment variable in wrapped programs.
* `installFlags ? []`: A list of strings. Arguments to be passed to `pip install`. To pass options to `python setup.py install`, use `--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`. * `installFlags ? []`: A list of strings. Arguments to be passed to `pip install`. To pass options to `python setup.py install`, use `--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`.
* `format ? "setuptools"`: Format of the source. Valid options are `"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`. `"setuptools"` is for when the source has a `setup.py` and `setuptools` is used to build a wheel, `flit`, in case `flit` should be used to build a wheel, and `wheel` in case a wheel is provided. Use `other` when a custom `buildPhase` and/or `installPhase` is needed. * `format ? "setuptools"`: Format of the source. Valid options are `"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`. `"setuptools"` is for when the source has a `setup.py` and `setuptools` is used to build a wheel, `flit`, in case `flit` should be used to build a wheel, and `wheel` in case a wheel is provided. Use `other` when a custom `buildPhase` and/or `installPhase` is needed.
* `makeWrapperArgs ? []`: A list of strings. Arguments to be passed to `makeWrapper`, which wraps generated binaries. By default, the arguments to `makeWrapper` set `PATH` and `PYTHONPATH` environment variables before calling the binary. Additional arguments here can allow a developer to set environment variables which will be available when the binary is run. For example, `makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`. * `makeWrapperArgs ? []`: A list of strings. Arguments to be passed to `makeWrapper`, which wraps generated binaries. By default, the arguments to `makeWrapper` set `PATH` and `PYTHONPATH` environment variables before calling the binary. Additional arguments here can allow a developer to set environment variables which will be available when the binary is run. For example, `makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`.
@ -756,6 +757,7 @@ specified packages in its path.
* `extraLibs`: List of packages installed inside the environment. * `extraLibs`: List of packages installed inside the environment.
* `postBuild`: Shell command executed after the build of environment. * `postBuild`: Shell command executed after the build of environment.
* `ignoreCollisions`: Ignore file collisions inside the environment (default is `false`). * `ignoreCollisions`: Ignore file collisions inside the environment (default is `false`).
* `permitUserSite`: Skip setting the `PYTHONNOUSERSITE` environment variable in wrapped binaries in the environment.
#### `python.withPackages` function #### `python.withPackages` function

13
doc/meta.xml
View File

@ -150,6 +150,19 @@ hello-2.3 A program that produces a familiar, friendly greeting
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
<varname>changelog</varname>
</term>
<listitem>
<para>
A link or a list of links to the location of Changelog for a package.
A link may use expansion to refer to the correct changelog version.
Example:
<literal>"https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}"</literal>
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<varname>license</varname> <varname>license</varname>

3
lib/systems/examples.nix
View File

@ -88,6 +88,9 @@ rec {
config = "aarch64-unknown-linux-musl"; config = "aarch64-unknown-linux-musl";
}; };
gnu64 = { config = "x86_64-unknown-linux-gnu"; };
gnu32 = { config = "i686-unknown-linux-gnu"; };
musl64 = { config = "x86_64-unknown-linux-musl"; }; musl64 = { config = "x86_64-unknown-linux-musl"; };
musl32 = { config = "i686-unknown-linux-musl"; }; musl32 = { config = "i686-unknown-linux-musl"; };

85
maintainers/maintainer-list.nix
View File

@ -1747,6 +1747,11 @@
github = "freepotion"; github = "freepotion";
name = "Free Potion"; name = "Free Potion";
}; };
freezeboy = {
email = "freezeboy@users.noreply.github.com";
github = "freezeboy";
name = "freezeboy";
};
Fresheyeball = { Fresheyeball = {
email = "fresheyeball@gmail.com"; email = "fresheyeball@gmail.com";
github = "fresheyeball"; github = "fresheyeball";
@ -2603,6 +2608,11 @@
github = "knl"; github = "knl";
name = "Nikola Knežević"; name = "Nikola Knežević";
}; };
kolaente = {
email = "k@knt.li";
github = "kolaente";
name = "Konrad Langenberg";
};
konimex = { konimex = {
email = "herdiansyah@netc.eu"; email = "herdiansyah@netc.eu";
github = "konimex"; github = "konimex";
@ -3203,6 +3213,11 @@
github = "mimadrid"; github = "mimadrid";
name = "Miguel Madrid"; name = "Miguel Madrid";
}; };
minijackson = {
email = "minijackson@riseup.net";
github = "minijackson";
name = "Rémi Nicole";
};
mirdhyn = { mirdhyn = {
email = "mirdhyn@gmail.com"; email = "mirdhyn@gmail.com";
github = "mirdhyn"; github = "mirdhyn";
@ -3333,6 +3348,11 @@
github = "fstamour"; github = "fstamour";
name = "Francis St-Amour"; name = "Francis St-Amour";
}; };
mredaelli = {
email = "massimo@typish.io";
github = "mredaelli";
name = "Massimo Redaelli";
};
mrkkrp = { mrkkrp = {
email = "markkarpov92@gmail.com"; email = "markkarpov92@gmail.com";
github = "mrkkrp"; github = "mrkkrp";
@ -4126,6 +4146,11 @@
github = "retrry"; github = "retrry";
name = "Tadas Barzdžius"; name = "Tadas Barzdžius";
}; };
rexim = {
email = "reximkut@gmail.com";
github = "rexim";
name = "Alexey Kutepov";
};
rht = { rht = {
email = "rhtbot@protonmail.com"; email = "rhtbot@protonmail.com";
github = "rht"; github = "rht";
@ -4464,6 +4489,11 @@
github = "shawndellysse"; github = "shawndellysse";
name = "Shawn Dellysse"; name = "Shawn Dellysse";
}; };
shazow = {
email = "andrey.petrov@shazow.net";
github = "shazow";
name = "Andrey Petrov";
};
sheenobu = { sheenobu = {
email = "sheena.artrip@gmail.com"; email = "sheena.artrip@gmail.com";
github = "sheenobu"; github = "sheenobu";
@ -4484,6 +4514,11 @@
github = "shlevy"; github = "shlevy";
name = "Shea Levy"; name = "Shea Levy";
}; };
shmish111 = {
email = "shmish111@gmail.com";
github = "shmish111";
name = "David Smith";
};
shou = { shou = {
email = "x+g@shou.io"; email = "x+g@shou.io";
github = "Shou"; github = "Shou";
@ -4649,6 +4684,11 @@
github = "srghma"; github = "srghma";
name = "Sergei Khoma"; name = "Sergei Khoma";
}; };
srgom = {
email = "srgom@users.noreply.github.com";
github = "srgom";
name = "SRGOM";
};
srhb = { srhb = {
email = "sbrofeldt@gmail.com"; email = "sbrofeldt@gmail.com";
github = "srhb"; github = "srhb";
@ -4873,6 +4913,11 @@
github = "terlar"; github = "terlar";
name = "Terje Larsen"; name = "Terje Larsen";
}; };
tesq0 = {
email = "mikolaj.galkowski@gmail.com";
github = "tesq0";
name = "Mikolaj Galkowski";
};
teto = { teto = {
email = "mcoudron@hotmail.com"; email = "mcoudron@hotmail.com";
github = "teto"; github = "teto";
@ -4922,6 +4967,11 @@
github = "ctheune"; github = "ctheune";
name = "Christian Theune"; name = "Christian Theune";
}; };
thiagokokada = {
email = "thiagokokada@gmail.com";
github = "thiagokokada";
name = "Thiago K. Okada";
};
ThomasMader = { ThomasMader = {
email = "thomas.mader@gmail.com"; email = "thomas.mader@gmail.com";
github = "ThomasMader"; github = "ThomasMader";
@ -5356,6 +5406,11 @@
github = "xaverdh"; github = "xaverdh";
name = "Dominik Xaver Hörl"; name = "Dominik Xaver Hörl";
}; };
xbreak = {
email = "xbreak@alphaware.se";
github = "xbreak";
name = "Calle Rosenquist";
};
xeji = { xeji = {
email = "xeji@cat3.de"; email = "xeji@cat3.de";
github = "xeji"; github = "xeji";
@ -5540,34 +5595,4 @@
github = "zzamboni"; github = "zzamboni";
name = "Diego Zamboni"; name = "Diego Zamboni";
}; };
mredaelli = {
email = "massimo@typish.io";
github = "mredaelli";
name = "Massimo Redaelli";
};
shmish111 = {
email = "shmish111@gmail.com";
github = "shmish111";
name = "David Smith";
};
minijackson = {
email = "minijackson@riseup.net";
github = "minijackson";
name = "Rémi Nicole";
};
shazow = {
email = "andrey.petrov@shazow.net";
github = "shazow";
name = "Andrey Petrov";
};
freezeboy = {
email = "freezeboy@users.noreply.github.com";
github = "freezeboy";
name = "freezeboy";
};
tesq0 = {
email = "mikolaj.galkowski@gmail.com";
github = "tesq0";
name = "Mikolaj Galkowski";
};
} }

4
maintainers/scripts/luarocks-packages.csv
View File

@ -2,9 +2,12 @@
ansicolors, ansicolors,
argparse, argparse,
basexx, basexx,
binaryheap,
dkjson dkjson
fifo fifo
http
inspect inspect
ldoc
lgi lgi
lpeg_patterns lpeg_patterns
lpty lpty
@ -22,6 +25,7 @@ luaevent,
luacheck luacheck
luaffi,,http://luarocks.org/dev, luaffi,,http://luarocks.org/dev,
luuid, luuid,
markdown,
penlight, penlight,
rapidjson, rapidjson,
say, say,

1 # nix name, luarocks name, server, version/additionnal args
2 ansicolors,
3 argparse,
4 basexx,
5 binaryheap,
6 dkjson
7 fifo
8 http
9 inspect
10 ldoc
11 lgi
12 lpeg_patterns
13 lpty
25 luacheck
26 luaffi,,http://luarocks.org/dev,
27 luuid,
28 markdown,
29 penlight,
30 rapidjson,
31 say,

24
maintainers/scripts/update-luarocks-packages
View File

@ -76,11 +76,7 @@ FOOTER="
function convert_pkg () { function convert_pkg () {
nix_pkg_name="$1" nix_pkg_name="$1"
lua_pkg_name="$2" lua_pkg_name="$2"
server="" server="${3:+--server=$3}"
if [ ! -z "$3" ]; then
server=" --server=$3"
fi
version="${4:-}" version="${4:-}"
echo "looking at $lua_pkg_name (version $version) from server [$server]" >&2 echo "looking at $lua_pkg_name (version $version) from server [$server]" >&2
@ -101,15 +97,15 @@ echo "$HEADER" | tee "$TMP_FILE"
# name,server,version # name,server,version
while IFS=, read -r nix_pkg_name lua_pkg_name server version while IFS=, read -r nix_pkg_name lua_pkg_name server version
do do
if [ "${nix_pkg_name:0:1}" == "#" ]; then if [ "${nix_pkg_name:0:1}" == "#" ]; then
echo "Skipping comment ${nix_pkg_name}" >&2 echo "Skipping comment ${nix_pkg_name}" >&2
continue continue
fi fi
if [ -z "$lua_pkg_name" ]; then if [ -z "$lua_pkg_name" ]; then
echo "Using nix_name as lua_pkg_name" >&2 echo "Using nix_name as lua_pkg_name" >&2
lua_pkg_name="$nix_pkg_name" lua_pkg_name="$nix_pkg_name"
fi fi
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version" convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
done < "$CSV_FILE" done < "$CSV_FILE"
# close the set # close the set

86
nixos/modules/config/malloc.nix Normal file
View File

@ -0,0 +1,86 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.environment.memoryAllocator;
# The set of alternative malloc(3) providers.
providers = {
"graphene-hardened" = rec {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = ''
An allocator designed to mitigate memory corruption attacks, such as
those caused by use-after-free bugs.
'';
};
"jemalloc" = {
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
description = ''
A general purpose allocator that emphasizes fragmentation avoidance
and scalable concurrency support.
'';
};
};
providerConf = providers."${cfg.provider}";
# An output that contains only the shared library, to avoid
# needlessly bloating the system closure
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
rec {
preferLocalBuild = true;
allowSubstitutes = false;
origLibPath = providerConf.libPath;
libName = baseNameOf origLibPath;
}
''
mkdir -p $out/lib
cp -L $origLibPath $out/lib/$libName
'';
# The full path to the selected provider shlib.
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
in
{
meta = {
maintainers = [ maintainers.joachifm ];
};
options = {
environment.memoryAllocator.provider = mkOption {
type = types.enum ([ "libc" ] ++ attrNames providers);
default = "libc";
description = ''
The system-wide memory allocator.
Briefly, the system-wide memory allocator providers are:
<itemizedlist>
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
${toString (mapAttrsToList
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
providers)}
</itemizedlist>
<warning>
<para>
Selecting an alternative allocator (i.e., anything other than
<literal>libc</literal>) may result in instability, data loss,
and/or service failure.
</para>
</warning>
<note>
<para>
Changing this option does not affect the current session.
</para>
</note>
'';
};
};
config = mkIf (cfg.provider != "libc") {
environment.variables.LD_PRELOAD = providerLibPath;
};
}

2
nixos/modules/module-list.nix
View File

@ -19,6 +19,7 @@
./config/iproute2.nix ./config/iproute2.nix
./config/krb5/default.nix ./config/krb5/default.nix
./config/ldap.nix ./config/ldap.nix
./config/malloc.nix
./config/networking.nix ./config/networking.nix
./config/no-x-libs.nix ./config/no-x-libs.nix
./config/nsswitch.nix ./config/nsswitch.nix
@ -144,6 +145,7 @@
./programs/xonsh.nix ./programs/xonsh.nix
./programs/xss-lock.nix ./programs/xss-lock.nix
./programs/yabar.nix ./programs/yabar.nix
./programs/zmap.nix
./programs/zsh/oh-my-zsh.nix ./programs/zsh/oh-my-zsh.nix
./programs/zsh/zsh.nix ./programs/zsh/zsh.nix
./programs/zsh/zsh-autoenv.nix ./programs/zsh/zsh-autoenv.nix

2
nixos/modules/profiles/hardened.nix
View File

@ -14,6 +14,8 @@ with lib;
nix.allowedUsers = mkDefault [ "@users" ]; nix.allowedUsers = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "graphene-hardened";
security.hideProcessInformation = mkDefault true; security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true; security.lockKernelModules = mkDefault true;

19
nixos/modules/programs/xss-lock.nix
View File

@ -8,12 +8,23 @@ in
{ {
options.programs.xss-lock = { options.programs.xss-lock = {
enable = mkEnableOption "xss-lock"; enable = mkEnableOption "xss-lock";
lockerCommand = mkOption { lockerCommand = mkOption {
default = "${pkgs.i3lock}/bin/i3lock"; default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy''; example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
type = types.string; type = types.string;
description = "Locker to be used with xsslock"; description = "Locker to be used with xsslock";
}; };
extraOptions = mkOption {
default = [ ];
example = [ "--ignore-sleep" ];
type = types.listOf types.str;
description = ''
Additional command-line arguments to pass to
<command>xss-lock</command>.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -21,7 +32,13 @@ in
description = "XSS Lock Daemon"; description = "XSS Lock Daemon";
wantedBy = [ "graphical-session.target" ]; wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${pkgs.xss-lock}/bin/xss-lock ${cfg.lockerCommand}"; serviceConfig.ExecStart = with lib;
strings.concatStringsSep " " ([
"${pkgs.xss-lock}/bin/xss-lock"
] ++ (map escapeShellArg cfg.extraOptions) ++ [
"--"
cfg.lockerCommand
]);
}; };
}; };
} }

18
nixos/modules/programs/zmap.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.programs.zmap;
in {
options.programs.zmap = {
enable = mkEnableOption "ZMap";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.zmap ];
environment.etc."zmap/blacklist.conf".source = "${pkgs.zmap}/etc/zmap/blacklist.conf";
environment.etc."zmap/zmap.conf".source = "${pkgs.zmap}/etc/zmap.conf";
};
}

3
nixos/modules/rename.nix
View File

@ -234,6 +234,9 @@ with lib;
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ]) (mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ]) (mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter" ] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ] "snmpExporter" "unifiExporter" "varnishExporter" ]

2
nixos/modules/security/apparmor.nix
View File

@ -29,6 +29,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.apparmor-utils ]; environment.systemPackages = [ pkgs.apparmor-utils ];
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
systemd.services.apparmor = let systemd.services.apparmor = let
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d") paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
([ pkgs.apparmor-profiles ] ++ cfg.packages); ([ pkgs.apparmor-profiles ] ++ cfg.packages);

18
nixos/modules/security/misc.nix
View File

@ -13,23 +13,17 @@ with lib;
default = true; default = true;
description = '' description = ''
Whether to allow creation of user namespaces. Whether to allow creation of user namespaces.
</para>
<para>
The motivation for disabling user namespaces is the potential The motivation for disabling user namespaces is the potential
presence of code paths where the kernel's permission checking presence of code paths where the kernel's permission checking
logic fails to account for namespacing, instead permitting a logic fails to account for namespacing, instead permitting a
namespaced process to act outside the namespace with the same namespaced process to act outside the namespace with the same
privileges as it would have inside it. This is particularly privileges as it would have inside it. This is particularly
damaging in the common case of running as root within the namespace. damaging in the common case of running as root within the namespace.
</para>
<para>
When user namespace creation is disallowed, attempting to create a When user namespace creation is disallowed, attempting to create a
user namespace fails with "no space left on device" (ENOSPC). user namespace fails with "no space left on device" (ENOSPC).
root may re-enable user namespace creation at runtime. root may re-enable user namespace creation at runtime.
</para>
<para>
''; '';
}; };
@ -48,21 +42,15 @@ with lib;
Whether to allow SMT/hyperthreading. Disabling SMT means that only Whether to allow SMT/hyperthreading. Disabling SMT means that only
physical CPU cores will be usable at runtime, potentially at physical CPU cores will be usable at runtime, potentially at
significant performance cost. significant performance cost.
</para>
<para>
The primary motivation for disabling SMT is to mitigate the risk of The primary motivation for disabling SMT is to mitigate the risk of
leaking data between threads running on the same CPU core (due to leaking data between threads running on the same CPU core (due to
e.g., shared caches). This attack vector is unproven. e.g., shared caches). This attack vector is unproven.
</para>
<para>
Disabling SMT is a supplement to the L1 data cache flushing mitigation Disabling SMT is a supplement to the L1 data cache flushing mitigation
(see <xref linkend="opt-security.virtualization.flushL1DataCache"/>) (see <xref linkend="opt-security.virtualization.flushL1DataCache"/>)
versus malicious VM guests (SMT could "bring back" previously flushed versus malicious VM guests (SMT could "bring back" previously flushed
data). data).
</para>
<para>
''; '';
}; };
@ -73,10 +61,8 @@ with lib;
Whether the hypervisor should flush the L1 data cache before Whether the hypervisor should flush the L1 data cache before
entering guests. entering guests.
See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>. See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>.
</para>
<para> <variablelist>
<variablelist>
<varlistentry> <varlistentry>
<term><literal>null</literal></term> <term><literal>null</literal></term>
<listitem><para>uses the kernel default</para></listitem> <listitem><para>uses the kernel default</para></listitem>
@ -98,7 +84,7 @@ with lib;
enters the guest. May incur significant performance cost. enters the guest. May incur significant performance cost.
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
''; '';
}; };
}; };

5
nixos/modules/security/rngd.nix
View File

@ -42,6 +42,11 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f" ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
+ optionalString cfg.debug " -d"; + optionalString cfg.debug " -d";
NoNewPrivileges = true;
PrivateNetwork = true;
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
}; };
}; };
}; };

27
nixos/modules/services/backup/znapzend.nix
View File

@ -7,28 +7,23 @@ let
planDescription = '' planDescription = ''
The znapzend backup plan to use for the source. The znapzend backup plan to use for the source.
</para>
<para>
The plan specifies how often to backup and for how long to keep the The plan specifies how often to backup and for how long to keep the
backups. It consists of a series of retention periodes to interval backups. It consists of a series of retention periodes to interval
associations: associations:
</para>
<para>
<literal> <literal>
retA=>intA,retB=>intB,... retA=>intA,retB=>intB,...
</literal> </literal>
</para>
<para> Both intervals and retention periods are expressed in standard units
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a
of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
shortcut according to the following listing:
</para>
<para>
<literal> <literal>
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
</literal> </literal>
</para>
<para>
See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info. See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.
''; '';
planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"; planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";
@ -139,12 +134,10 @@ let
type = nullOr ints.u16; type = nullOr ints.u16;
description = '' description = ''
Port to use for <command>mbuffer</command>. Port to use for <command>mbuffer</command>.
</para>
<para>
If this is null, it will run <command>mbuffer</command> through If this is null, it will run <command>mbuffer</command> through
ssh. ssh.
</para>
<para>
If this is not null, it will run <command>mbuffer</command> If this is not null, it will run <command>mbuffer</command>
directly through TCP, which is not encrypted but faster. In that directly through TCP, which is not encrypted but faster. In that
case the given port needs to be open on the destination host. case the given port needs to be open on the destination host.

43
nixos/modules/services/logging/journalbeat.nix
View File

@ -5,11 +5,13 @@ with lib;
let let
cfg = config.services.journalbeat; cfg = config.services.journalbeat;
lt6 = builtins.compareVersions cfg.package.version "6" < 0;
journalbeatYml = pkgs.writeText "journalbeat.yml" '' journalbeatYml = pkgs.writeText "journalbeat.yml" ''
name: ${cfg.name} name: ${cfg.name}
tags: ${builtins.toJSON cfg.tags} tags: ${builtins.toJSON cfg.tags}
journalbeat.cursor_state_file: ${cfg.stateDir}/cursor-state ${optionalString lt6 "journalbeat.cursor_state_file: /var/lib/${cfg.stateDir}/cursor-state"}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
@ -22,6 +24,16 @@ in
enable = mkEnableOption "journalbeat"; enable = mkEnableOption "journalbeat";
package = mkOption {
type = types.package;
default = pkgs.journalbeat;
defaultText = "pkgs.journalbeat";
example = literalExample "pkgs.journalbeat7";
description = ''
The journalbeat package to use
'';
};
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = "journalbeat"; default = "journalbeat";
@ -36,13 +48,17 @@ in
stateDir = mkOption { stateDir = mkOption {
type = types.str; type = types.str;
default = "/var/lib/journalbeat"; default = "journalbeat";
description = "The state directory. Journalbeat's own logs and other data are stored here."; description = ''
Directory below <literal>/var/lib/</literal> to store journalbeat's
own logs and other data. This directory will be created automatically
using systemd's StateDirectory mechanism.
'';
}; };
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = '' default = optionalString lt6 ''
journalbeat: journalbeat:
seek_position: cursor seek_position: cursor
cursor_seek_fallback: tail cursor_seek_fallback: tail
@ -61,7 +77,16 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.journalbeat = with pkgs; { assertions = [
{
assertion = !hasPrefix "/" cfg.stateDir;
message =
"The option services.journalbeat.stateDir shouldn't be an absolute directory." +
" It should be a directory relative to /var/lib/.";
}
];
systemd.services.journalbeat = {
description = "Journalbeat log shipper"; description = "Journalbeat log shipper";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
@ -69,7 +94,13 @@ in
mkdir -p ${cfg.stateDir}/logs mkdir -p ${cfg.stateDir}/logs
''; '';
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.journalbeat}/bin/journalbeat -c ${journalbeatYml} -path.data ${cfg.stateDir}/data -path.logs ${cfg.stateDir}/logs"; StateDirectory = cfg.stateDir;
ExecStart = ''
${cfg.package}/bin/journalbeat \
-c ${journalbeatYml} \
-path.data /var/lib/${cfg.stateDir}/data \
-path.logs /var/lib/${cfg.stateDir}/logs'';
Restart = "always";
}; };
}; };
}; };

35
nixos/modules/services/misc/home-assistant.nix
View File

@ -21,32 +21,23 @@ let
availableComponents = cfg.package.availableComponents; availableComponents = cfg.package.availableComponents;
# Given component "parentConfig.platform", returns whether config.parentConfig usedPlatforms = config:
# is a list containing a set with set.platform == "platform". if isAttrs config then
optional (config ? platform) config.platform
++ concatMap usedPlatforms (attrValues config)
else if isList config then
concatMap usedPlatforms config
else [ ];
# Given a component "platform", looks up whether it is used in the config
# as `platform = "platform";`.
# #
# For example, the component sensor.luftdaten is used as follows: # For example, the component mqtt.sensor is used as follows:
# config.sensor = [ { # config.sensor = [ {
# platform = "luftdaten"; # platform = "mqtt";
# ... # ...
# } ]; # } ];
# useComponentPlatform = component: elem component (usedPlatforms cfg.config);
# Beginning with 0.87 Home Assistant is migrating their components to the
# scheme "platform.subComponent", e.g. "hue.light" instead of "light.hue".
# See https://developers.home-assistant.io/blog/2019/02/19/the-great-migration.html.
# Hence, we also check whether we find an entry in the config when interpreting
# the first part of the path as the component.
useComponentPlatform = component:
let
path = splitString "." component;
# old: platform is the last part of path
parentConfig = attrByPath (init path) null cfg.config;
platform = last path;
# new: platform is the first part of the path
parentConfig' = attrByPath (tail path) null cfg.config;
platform' = head path;
in
(isList parentConfig && any (item: item.platform or null == platform) parentConfig)
|| (isList parentConfig' && any (item: item.platform or null == platform') parentConfig');
# Returns whether component is used in config # Returns whether component is used in config
useComponent = component: useComponent = component:

19
nixos/modules/services/monitoring/vnstat.nix
View File

@ -28,14 +28,29 @@ in {
path = [ pkgs.coreutils ]; path = [ pkgs.coreutils ];
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
unitConfig.documentation = "man:vnstatd(1) man:vnstat(1) man:vnstat.conf(5)"; documentation = [
"man:vnstatd(1)"
"man:vnstat(1)"
"man:vnstat.conf(5)"
];
preStart = "chmod 755 /var/lib/vnstat"; preStart = "chmod 755 /var/lib/vnstat";
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.vnstat}/bin/vnstatd -n"; ExecStart = "${pkgs.vnstat}/bin/vnstatd -n";
ExecReload = "${pkgs.procps}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.procps}/bin/kill -HUP $MAINPID";
ProtectHome = true;
# Hardening (from upstream example service)
ProtectSystem = "strict";
StateDirectory = "vnstat";
PrivateDevices = true; PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelModules = true;
PrivateTmp = true; PrivateTmp = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictNamespaces = true;
User = "vnstatd"; User = "vnstatd";
}; };
}; };

20
nixos/modules/services/security/fprintd.nix
View File

@ -26,28 +26,20 @@ in
}; };
}; };
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.fprintd ]; services.dbus.packages = [ pkgs.fprintd ];
environment.systemPackages = [ pkgs.fprintd ]; environment.systemPackages = [ pkgs.fprintd ];
systemd.services.fprintd = { systemd.packages = [ pkgs.fprintd ];
description = "Fingerprint Authentication Daemon";
serviceConfig = {
Type = "dbus";
BusName = "net.reactivated.Fprint";
ExecStart = "${pkgs.fprintd}/libexec/fprintd";
};
};
}; };
} }

340
nixos/modules/system/boot/binfmt.nix
View File

@ -1,8 +1,8 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
inherit (lib) mkOption types optionalString; inherit (lib) mkOption types optionalString;
cfg = config.boot.binfmtMiscRegistrations; cfg = config.boot.binfmt;
makeBinfmtLine = name: { recognitionType, offset, magicOrExtension makeBinfmtLine = name: { recognitionType, offset, magicOrExtension
, mask, preserveArgvZero, openBinary , mask, preserveArgvZero, openBinary
@ -13,125 +13,249 @@ let
mask' = toString mask; mask' = toString mask;
interpreter = "/run/binfmt/${name}"; interpreter = "/run/binfmt/${name}";
flags = if !(matchCredentials -> openBinary) flags = if !(matchCredentials -> openBinary)
then throw "boot.binfmtMiscRegistrations.${name}: you can't specify openBinary = false when matchCredentials = true." then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."
else optionalString preserveArgvZero "P" + else optionalString preserveArgvZero "P" +
optionalString (openBinary && !matchCredentials) "O" + optionalString (openBinary && !matchCredentials) "O" +
optionalString matchCredentials "C" + optionalString matchCredentials "C" +
optionalString fixBinary "F"; optionalString fixBinary "F";
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}"; in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
binfmtFile = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine cfg));
activationSnippet = name: { interpreter, ... }: activationSnippet = name: { interpreter, ... }:
"ln -sf ${interpreter} /run/binfmt/${name}"; "ln -sf ${interpreter} /run/binfmt/${name}";
activationScript = ''
mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet cfg)}
'';
in {
options = {
boot.binfmtMiscRegistrations = mkOption {
default = {};
description = '' getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
Extra binary formats to register with the kernel.
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
'';
type = types.attrsOf (types.submodule ({ config, ... }: { # Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
options = { # - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
recognitionType = mkOption { # and
default = "magic"; # - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
description = "Whether to recognize executables by magic number or extension."; # TODO: maybe put these in a JSON file?
type = types.enum [ "magic" "extension" ]; magics = {
}; armv6l-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
offset = mkOption { mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
default = null; };
description = "The byte offset of the magic number used for recognition."; armv7l-linux = {
type = types.nullOr types.int; magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
}; mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
magicOrExtension = mkOption { aarch64-linux = {
description = "The magic number or extension to match on."; magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
type = types.str; mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
}; };
aarch64_be-linux = {
mask = mkOption { magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';
default = null; mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
description = };
"A mask to be ANDed with the byte sequence of the file before matching"; i386-linux = {
type = types.nullOr types.str; magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';
}; mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
interpreter = mkOption { i486-linux = {
description = '' magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
The interpreter to invoke to run the program. mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
Note that the actual registration will point to i586-linux = {
/run/binfmt/''${name}, so the kernel interpreter length magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
limit doesn't apply. mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
''; };
type = types.path; i686-linux = {
}; magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
preserveArgvZero = mkOption { };
default = false; x86_64-linux = {
description = '' magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
Whether to pass the original argv[0] to the interpreter. mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
See the description of the 'P' flag in the kernel docs alpha-linux = {
for more details; magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';
''; mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
type = types.bool; };
}; sparc64-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';
openBinary = mkOption { mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
default = config.matchCredentials; };
description = '' sparc-linux = {
Whether to pass the binary to the interpreter as an open magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';
file descriptor, instead of a path. mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
''; };
type = types.bool; powerpc-linux = {
}; magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
matchCredentials = mkOption { };
default = false; powerpc64-linux = {
description = '' magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';
Whether to launch with the credentials and security mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
token of the binary, not the interpreter (e.g. setuid };
bit). powerpc64le-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';
See the description of the 'C' flag in the kernel docs mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';
for more details. };
mips-linux = {
Implies/requires openBinary = true. magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
''; mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
type = types.bool; };
}; mipsel-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
fixBinary = mkOption { mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
default = false; };
description = '' mips64-linux = {
Whether to open the interpreter file as soon as the magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
registration is loaded, rather than waiting for a mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
relevant file to be invoked. };
mips64el-linux = {
See the description of the 'F' flag in the kernel docs magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
for more details. mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
''; };
type = types.bool; riscv32-linux = {
}; magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
}; mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
})); };
riscv64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
x86_64-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
};
i686-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
}; };
}; };
config = lib.mkIf (cfg != {}) { in {
environment.etc."binfmt.d/nixos.conf".source = binfmtFile; options = {
system.activationScripts.binfmt = activationScript; boot.binfmt = {
systemd.additionalUpstreamSystemUnits = registrations = mkOption {
default = {};
description = ''
Extra binary formats to register with the kernel.
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
'';
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
recognitionType = mkOption {
default = "magic";
description = "Whether to recognize executables by magic number or extension.";
type = types.enum [ "magic" "extension" ];
};
offset = mkOption {
default = null;
description = "The byte offset of the magic number used for recognition.";
type = types.nullOr types.int;
};
magicOrExtension = mkOption {
description = "The magic number or extension to match on.";
type = types.str;
};
mask = mkOption {
default = null;
description =
"A mask to be ANDed with the byte sequence of the file before matching";
type = types.nullOr types.str;
};
interpreter = mkOption {
description = ''
The interpreter to invoke to run the program.
Note that the actual registration will point to
/run/binfmt/''${name}, so the kernel interpreter length
limit doesn't apply.
'';
type = types.path;
};
preserveArgvZero = mkOption {
default = false;
description = ''
Whether to pass the original argv[0] to the interpreter.
See the description of the 'P' flag in the kernel docs
for more details;
'';
type = types.bool;
};
openBinary = mkOption {
default = config.matchCredentials;
description = ''
Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
'';
type = types.bool;
};
matchCredentials = mkOption {
default = false;
description = ''
Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit).
See the description of the 'C' flag in the kernel docs
for more details.
Implies/requires openBinary = true.
'';
type = types.bool;
};
fixBinary = mkOption {
default = false;
description = ''
Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked.
See the description of the 'F' flag in the kernel docs
for more details.
'';
type = types.bool;
};
};
}));
};
emulatedSystems = mkOption {
default = [];
description = ''
List of systems to emulate. Will also configure Nix to
support your new systems.
'';
type = types.listOf types.string;
};
};
};
config = {
boot.binfmt.registrations = builtins.listToAttrs (map (system: {
name = system;
value = {
interpreter = getEmulator system;
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
}) cfg.emulatedSystems);
# TODO: add a nix.extraPlatforms option to NixOS!
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
'';
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
([ "/run/binfmt" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
system.activationScripts.binfmt = ''
mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
'';
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {})
[ "proc-sys-fs-binfmt_misc.automount" [ "proc-sys-fs-binfmt_misc.automount"
"proc-sys-fs-binfmt_misc.mount" "proc-sys-fs-binfmt_misc.mount"
]; ];

3
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View File

@ -62,8 +62,7 @@ in {
description = '' description = ''
The resolution of the console. The following values are valid: The resolution of the console. The following values are valid:
</para>
<para>
<itemizedlist> <itemizedlist>
<listitem><para> <listitem><para>
<literal>"0"</literal>: Standard UEFI 80x25 mode <literal>"0"</literal>: Standard UEFI 80x25 mode

175
nixos/modules/system/boot/luksroot.nix
View File

@ -76,6 +76,33 @@ let
fi fi
return 0 return 0
} }
wait_gpgcard() {
local secs="''${1:-10}"
gpg --card-status > /dev/null 2> /dev/null
if [ $? != 0 ]; then
echo -n "Waiting $secs seconds for GPG Card to appear"
local success=false
for try in $(seq $secs); do
echo -n .
sleep 1
gpg --card-status > /dev/null 2> /dev/null
if [ $? == 0 ]; then
success=true
break
fi
done
if [ $success == true ]; then
echo " - success";
return 0
else
echo " - failure";
return 1
fi
fi
return 0
}
''; '';
preCommands = '' preCommands = ''
@ -93,6 +120,13 @@ let
# For Yubikey salt storage # For Yubikey salt storage
mkdir -p /crypt-storage mkdir -p /crypt-storage
${optionalString luks.gpgSupport ''
export GPG_TTY=$(tty)
export GNUPGHOME=/crypt-ramfs/.gnupg
gpg-agent --daemon --scdaemon-program $out/bin/scdaemon > /dev/null 2> /dev/null
''}
# Disable all input echo for the whole stage. We could use read -s # Disable all input echo for the whole stage. We could use read -s
# instead but that would ocasionally leak characters between read # instead but that would ocasionally leak characters between read
# invocations. # invocations.
@ -105,7 +139,7 @@ let
umount /crypt-ramfs 2>/dev/null umount /crypt-ramfs 2>/dev/null
''; '';
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fallbackToPassword, ... }: assert name' == name;
let let
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}"; csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}"; cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
@ -182,7 +216,7 @@ let
''} ''}
} }
${if luks.yubikeySupport && (yubikey != null) then '' ${optionalString (luks.yubikeySupport && (yubikey != null)) ''
# Yubikey # Yubikey
rbtohex() { rbtohex() {
( od -An -vtx1 | tr -d ' \n' ) ( od -An -vtx1 | tr -d ' \n' )
@ -278,7 +312,7 @@ let
umount /crypt-storage umount /crypt-storage
} }
open_yubikey() { open_with_hardware() {
if wait_yubikey ${toString yubikey.gracePeriod}; then if wait_yubikey ${toString yubikey.gracePeriod}; then
do_open_yubikey do_open_yubikey
else else
@ -286,8 +320,75 @@ let
open_normally open_normally
fi fi
} }
''}
open_yubikey ${optionalString (luks.gpgSupport && (gpgCard != null)) ''
do_open_gpg_card() {
# Make all of these local to this function
# to prevent their values being leaked
local pin
local opened
gpg --import /gpg-keys/${device}/pubkey.asc > /dev/null 2> /dev/null
gpg --card-status > /dev/null 2> /dev/null
for try in $(seq 3); do
echo -n "PIN for GPG Card associated with device ${device}: "
pin=
while true; do
if [ -e /crypt-ramfs/passphrase ]; then
echo "reused"
pin=$(cat /crypt-ramfs/passphrase)
break
else
# and try reading it from /dev/console with a timeout
IFS= read -t 1 -r pin
if [ -n "$pin" ]; then
${if luks.reusePassphrases then ''
# remember it for the next device
echo -n "$pin" > /crypt-ramfs/passphrase
'' else ''
# Don't save it to ramfs. We are very paranoid
''}
echo
break
fi
fi
done
echo -n "Verifying passphrase for ${device}..."
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
if [ $? == 0 ]; then
echo " - success"
${if luks.reusePassphrases then ''
# we don't rm here because we might reuse it for the next device
'' else ''
rm -f /crypt-ramfs/passphrase
''}
break
else
echo " - failure"
# ask for a different one
rm -f /crypt-ramfs/passphrase
fi
done
[ "$opened" == false ] && die "Maximum authentication errors reached"
}
open_with_hardware() {
if wait_gpgcard ${toString gpgCard.gracePeriod}; then
do_open_gpg_card
else
echo "No GPG Card found, falling back to normal open procedure"
open_normally
fi
}
''}
${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) then ''
open_with_hardware
'' else '' '' else ''
open_normally open_normally
''} ''}
@ -473,6 +574,36 @@ in
''; '';
}; };
gpgCard = mkOption {
default = null;
description = ''
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.
If null (the default), GPG-Smartcard will be disabled for this device.
'';
type = with types; nullOr (submodule {
options = {
gracePeriod = mkOption {
default = 10;
type = types.int;
description = "Time in seconds to wait for the GPG Smartcard.";
};
encryptedPass = mkOption {
default = "";
type = types.path;
description = "Path to the GPG encrypted passphrase.";
};
publicKey = mkOption {
default = "";
type = types.path;
description = "Path to the Public Key.";
};
};
});
};
yubikey = mkOption { yubikey = mkOption {
default = null; default = null;
description = '' description = ''
@ -554,6 +685,14 @@ in
})); }));
}; };
boot.initrd.luks.gpgSupport = mkOption {
default = false;
type = types.bool;
description = ''
Enables support for authenticating with a GPG encrypted password.
'';
};
boot.initrd.luks.yubikeySupport = mkOption { boot.initrd.luks.yubikeySupport = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
@ -567,6 +706,12 @@ in
config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) { config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) {
assertions =
[ { assertion = !(luks.gpgSupport && luks.yubikeySupport);
message = "Yubikey and GPG Card may not be used at the same time.";
}
];
# actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested # actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
["firewire_ohci" "firewire_core" "firewire_sbp2"]; ["firewire_ohci" "firewire_core" "firewire_sbp2"];
@ -603,6 +748,23 @@ in
EOF EOF
chmod +x $out/bin/openssl-wrap chmod +x $out/bin/openssl-wrap
''} ''}
${optionalString luks.gpgSupport ''
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg-agent
copy_bin_and_libs ${pkgs.gnupg}/libexec/scdaemon
${concatMapStringsSep "\n" (x:
if x.gpgCard != null then
''
mkdir -p $out/secrets/gpg-keys/${x.device}
cp -a ${x.gpgCard.encryptedPass} $out/secrets/gpg-keys/${x.device}/cryptkey.gpg
cp -a ${x.gpgCard.publicKey} $out/secrets/gpg-keys/${x.device}/pubkey.asc
''
else ""
) (attrValues luks.devices)
}
''}
''; '';
boot.initrd.extraUtilsCommandsTest = '' boot.initrd.extraUtilsCommandsTest = ''
@ -612,6 +774,11 @@ in
$out/bin/ykinfo -V $out/bin/ykinfo -V
$out/bin/openssl-wrap version $out/bin/openssl-wrap version
''} ''}
${optionalString luks.gpgSupport ''
$out/bin/gpg --version
$out/bin/gpg-agent --version
$out/bin/scdaemon --version
''}
''; '';
boot.initrd.preFailCommands = postCommands; boot.initrd.preFailCommands = postCommands;

5
nixos/modules/system/boot/resolved.nix
View File

@ -35,7 +35,7 @@ in
when resolving single-label host names (domain names which when resolving single-label host names (domain names which
contain no dot), in order to qualify them into fully-qualified contain no dot), in order to qualify them into fully-qualified
domain names (FQDNs). domain names (FQDNs).
</para><para>
For compatibility reasons, if this setting is not specified, For compatibility reasons, if this setting is not specified,
the search domains listed in the search domains listed in
<filename>/etc/resolv.conf</filename> are used instead, if <filename>/etc/resolv.conf</filename> are used instead, if
@ -50,8 +50,9 @@ in
description = '' description = ''
Controls Link-Local Multicast Name Resolution support Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host. (RFC 4795) on the local host.
</para><para>
If set to If set to
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><literal>"true"</literal></term> <term><literal>"true"</literal></term>

13
nixos/modules/virtualisation/docker-containers.nix
View File

@ -65,10 +65,9 @@ let
default = []; default = [];
description = '' description = ''
Network ports to publish from the container to the outer host. Network ports to publish from the container to the outer host.
</para>
<para>
Valid formats: Valid formats:
</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
@ -91,21 +90,19 @@ let
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>
Both <literal>hostPort</literal> and Both <literal>hostPort</literal> and
<literal>containerPort</literal> can be specified as a range of <literal>containerPort</literal> can be specified as a range of
ports. When specifying ranges for both, the number of container ports. When specifying ranges for both, the number of container
ports in the range must match the number of host ports in the ports in the range must match the number of host ports in the
range. Example: <literal>1234-1236:1234-1236/tcp</literal> range. Example: <literal>1234-1236:1234-1236/tcp</literal>
</para>
<para>
When specifying a range for <literal>hostPort</literal> only, the When specifying a range for <literal>hostPort</literal> only, the
<literal>containerPort</literal> must <emphasis>not</emphasis> be a <literal>containerPort</literal> must <emphasis>not</emphasis> be a
range. In this case, the container port is published somewhere range. In this case, the container port is published somewhere
within the specified <literal>hostPort</literal> range. Example: within the specified <literal>hostPort</literal> range. Example:
<literal>1234-1236:1234/tcp</literal> <literal>1234-1236:1234/tcp</literal>
</para>
<para>
Refer to the Refer to the
<link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports"> <link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports">
Docker engine documentation</link> for full details. Docker engine documentation</link> for full details.

2
nixos/modules/virtualisation/virtualbox-host.nix
View File

@ -104,7 +104,7 @@ in
"VBoxNetNAT" "VBoxNetNAT"
"VBoxSDL" "VBoxSDL"
"VBoxVolInfo" "VBoxVolInfo"
"VirtualBox" "VirtualBoxVM"
])); ]));
users.groups.vboxusers.gid = config.ids.gids.vboxusers; users.groups.vboxusers.gid = config.ids.gids.vboxusers;

7
nixos/tests/docker-tools.nix
View File

@ -67,5 +67,12 @@ import ./make-test.nix ({ pkgs, ... }: {
# Ensure building an image on top of a layered Docker images work # Ensure building an image on top of a layered Docker images work
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}"); $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}");
# Ensure order of layers is correct
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layersOrder}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer1 | grep -q layer1");
# This is to be sure the order of layers of the parent image is preserved
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer2 | grep -q layer2");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer3 | grep -q layer3");
''; '';
}) })

61
nixos/tests/elk.nix
View File

@ -12,6 +12,11 @@ with pkgs.lib;
let let
esUrl = "http://localhost:9200"; esUrl = "http://localhost:9200";
totalHits = message :
"curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' " +
''-d '{\"query\" : { \"match\" : { \"message\" : \"${message}\"}}}' '' +
"| jq .hits.total";
mkElkTest = name : elk : mkElkTest = name : elk :
let elasticsearchGe7 = builtins.compareVersions elk.elasticsearch.version "7" >= 0; let elasticsearchGe7 = builtins.compareVersions elk.elasticsearch.version "7" >= 0;
in makeTest { in makeTest {
@ -21,7 +26,7 @@ let
}; };
nodes = { nodes = {
one = one =
{ pkgs, ... }: { { pkgs, lib, ... }: {
# Not giving the machine at least 2060MB results in elasticsearch failing with the following error: # Not giving the machine at least 2060MB results in elasticsearch failing with the following error:
# #
# OpenJDK 64-Bit Server VM warning: # OpenJDK 64-Bit Server VM warning:
@ -40,6 +45,26 @@ let
environment.systemPackages = [ pkgs.jq ]; environment.systemPackages = [ pkgs.jq ];
services = { services = {
journalbeat = let lt6 = builtins.compareVersions
elk.journalbeat.version "6" < 0; in {
enable = true;
package = elk.journalbeat;
extraConfig = mkOptionDefault (''
logging:
to_syslog: true
level: warning
metrics.enabled: false
output.elasticsearch:
hosts: [ "127.0.0.1:9200" ]
${optionalString lt6 "template.enabled: false"}
'' + optionalString (!lt6) ''
journalbeat.inputs:
- paths: []
seek: cursor
'');
};
logstash = { logstash = {
enable = true; enable = true;
package = elk.logstash; package = elk.logstash;
@ -107,14 +132,19 @@ let
testScript = '' testScript = ''
startAll; startAll;
# Wait until elasticsearch is listening for connections.
$one->waitForUnit("elasticsearch.service"); $one->waitForUnit("elasticsearch.service");
$one->waitForOpenPort(9200);
# Continue as long as the status is not "red". The status is probably # Continue as long as the status is not "red". The status is probably
# "yellow" instead of "green" because we are using a single elasticsearch # "yellow" instead of "green" because we are using a single elasticsearch
# node which elasticsearch considers risky. # node which elasticsearch considers risky.
# #
# TODO: extend this test with multiple elasticsearch nodes and see if the status turns "green". # TODO: extend this test with multiple elasticsearch nodes
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_cluster/health' | jq .status | grep -v red"); # and see if the status turns "green".
$one->waitUntilSucceeds(
"curl --silent --show-error '${esUrl}/_cluster/health' " .
"| jq .status | grep -v red");
# Perform some simple logstash tests. # Perform some simple logstash tests.
$one->waitForUnit("logstash.service"); $one->waitForUnit("logstash.service");
@ -123,16 +153,28 @@ let
# See if kibana is healthy. # See if kibana is healthy.
$one->waitForUnit("kibana.service"); $one->waitForUnit("kibana.service");
$one->waitUntilSucceeds("curl --silent --show-error 'http://localhost:5601/api/status' | jq .status.overall.state | grep green"); $one->waitUntilSucceeds(
"curl --silent --show-error 'http://localhost:5601/api/status' " .
"| jq .status.overall.state | grep green");
# See if logstash messages arive in elasticsearch. # See if logstash messages arive in elasticsearch.
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"flowers\"}}}' | jq .hits.total | grep -v 0"); $one->waitUntilSucceeds("${totalHits "flowers"} | grep -v 0");
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"dragons\"}}}' | jq .hits.total | grep 0"); $one->waitUntilSucceeds("${totalHits "dragons"} | grep 0");
# Test if a message logged to the journal
# is ingested by elasticsearch via journalbeat.
$one->waitForUnit("journalbeat.service");
$one->execute("echo 'Supercalifragilisticexpialidocious' | systemd-cat");
$one->waitUntilSucceeds(
"${totalHits "Supercalifragilisticexpialidocious"} | grep -v 0");
'' + optionalString (!elasticsearchGe7) '' '' + optionalString (!elasticsearchGe7) ''
# Test elasticsearch-curator. # Test elasticsearch-curator.
$one->systemctl("stop logstash"); $one->systemctl("stop logstash");
$one->systemctl("start elasticsearch-curator"); $one->systemctl("start elasticsearch-curator");
$one->waitUntilSucceeds("! curl --silent --show-error '${esUrl}/_cat/indices' | grep logstash | grep -q ^$1"); $one->waitUntilSucceeds(
"! curl --silent --show-error '${esUrl}/_cat/indices' " .
"| grep logstash | grep -q ^$1");
''; '';
}; };
in mapAttrs mkElkTest { in mapAttrs mkElkTest {
@ -140,6 +182,7 @@ in mapAttrs mkElkTest {
elasticsearch = pkgs.elasticsearch5; elasticsearch = pkgs.elasticsearch5;
logstash = pkgs.logstash5; logstash = pkgs.logstash5;
kibana = pkgs.kibana5; kibana = pkgs.kibana5;
journalbeat = pkgs.journalbeat5;
}; };
"ELK-6" = "ELK-6" =
if enableUnfree if enableUnfree
@ -147,11 +190,13 @@ in mapAttrs mkElkTest {
elasticsearch = pkgs.elasticsearch6; elasticsearch = pkgs.elasticsearch6;
logstash = pkgs.logstash6; logstash = pkgs.logstash6;
kibana = pkgs.kibana6; kibana = pkgs.kibana6;
journalbeat = pkgs.journalbeat6;
} }
else { else {
elasticsearch = pkgs.elasticsearch6-oss; elasticsearch = pkgs.elasticsearch6-oss;
logstash = pkgs.logstash6-oss; logstash = pkgs.logstash6-oss;
kibana = pkgs.kibana6-oss; kibana = pkgs.kibana6-oss;
journalbeat = pkgs.journalbeat6;
}; };
"ELK-7" = "ELK-7" =
if enableUnfree if enableUnfree
@ -159,10 +204,12 @@ in mapAttrs mkElkTest {
elasticsearch = pkgs.elasticsearch7; elasticsearch = pkgs.elasticsearch7;
logstash = pkgs.logstash7; logstash = pkgs.logstash7;
kibana = pkgs.kibana7; kibana = pkgs.kibana7;
journalbeat = pkgs.journalbeat7;
} }
else { else {
elasticsearch = pkgs.elasticsearch7-oss; elasticsearch = pkgs.elasticsearch7-oss;
logstash = pkgs.logstash7-oss; logstash = pkgs.logstash7-oss;
kibana = pkgs.kibana7-oss; kibana = pkgs.kibana7-oss;
journalbeat = pkgs.journalbeat7;
}; };
} }

2
nixos/tests/gitea.nix
View File

@ -9,7 +9,7 @@ with pkgs.lib;
{ {
mysql = makeTest { mysql = makeTest {
name = "gitea-mysql"; name = "gitea-mysql";
meta.maintainers = [ maintainers.aanderse ]; meta.maintainers = with maintainers; [ aanderse kolaente ];
machine = machine =
{ config, pkgs, ... }: { config, pkgs, ... }:

37
nixos/tests/hardened.nix
View File

@ -27,9 +27,33 @@ import ./make-test.nix ({ pkgs, ...} : {
}; };
testScript = testScript =
let
hardened-malloc-tests = pkgs.stdenv.mkDerivation rec {
name = "hardened-malloc-tests-${pkgs.graphene-hardened-malloc.version}";
src = pkgs.graphene-hardened-malloc.src;
buildPhase = ''
cd test/simple-memory-corruption
make -j4
'';
installPhase = ''
find . -type f -executable -exec install -Dt $out/bin '{}' +
'';
};
in
'' ''
$machine->waitForUnit("multi-user.target"); $machine->waitForUnit("multi-user.target");
subtest "apparmor-loaded", sub {
$machine->succeed("systemctl status apparmor.service");
};
# AppArmor securityfs
subtest "apparmor-securityfs", sub {
$machine->succeed("mountpoint -q /sys/kernel/security");
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
};
# Test loading out-of-tree modules # Test loading out-of-tree modules
subtest "extra-module-packages", sub { subtest "extra-module-packages", sub {
$machine->succeed("grep -Fq wireguard /proc/modules"); $machine->succeed("grep -Fq wireguard /proc/modules");
@ -83,5 +107,18 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->fail("systemctl hibernate"); $machine->fail("systemctl hibernate");
$machine->fail("systemctl kexec"); $machine->fail("systemctl kexec");
}; };
# Test hardened memory allocator
sub runMallocTestProg {
my ($progName, $errorText) = @_;
my $text = "fatal allocator error: " . $errorText;
$machine->fail("${hardened-malloc-tests}/bin/" . $progName) =~ $text;
};
subtest "hardenedmalloc", sub {
runMallocTestProg("double_free_large", "invalid free");
runMallocTestProg("unaligned_free_small", "invalid unaligned free");
runMallocTestProg("write_after_free_small", "detected write after free");
};
''; '';
}) })

42
nixos/tests/virtualbox.nix
View File

@ -2,9 +2,26 @@
config ? {}, config ? {},
pkgs ? import ../.. { inherit system config; }, pkgs ? import ../.. { inherit system config; },
debug ? false, debug ? false,
enableUnfree ? false enableUnfree ? false,
# Nested KVM virtualization (https://www.linux-kvm.org/page/Nested_Guests)
# requires a modprobe flag on the build machine: (kvm-amd for AMD CPUs)
# boot.extraModprobeConfig = "options kvm-intel nested=Y";
# Without this VirtualBox will use SW virtualization and will only be able
# to run 32-bit guests.
useKvmNestedVirt ? false,
# Whether to run 64-bit guests instead of 32-bit. Requires nested KVM.
use64bitGuest ? false,
# Whether to enable the virtual UART in VirtualBox guests, allowing to see
# the guest console. There is currently a bug in VirtualBox where this will
# cause a crash if running with SW virtualization
# (https://www.virtualbox.org/ticket/18632). If you need to debug the tests
# then enable this and nested KVM to work around the crash (see above).
enableVBoxUART ? false
}: }:
assert use64bitGuest -> useKvmNestedVirt;
assert enableVBoxUART -> useKvmNestedVirt; # VirtualBox bug, see above
with import ../lib/testing.nix { inherit system pkgs; }; with import ../lib/testing.nix { inherit system pkgs; };
with pkgs.lib; with pkgs.lib;
@ -94,7 +111,7 @@ let
testVM = vmName: vmScript: let testVM = vmName: vmScript: let
cfg = (import ../lib/eval-config.nix { cfg = (import ../lib/eval-config.nix {
system = "i686-linux"; system = if use64bitGuest then "x86_64-linux" else "i686-linux";
modules = [ modules = [
../modules/profiles/minimal.nix ../modules/profiles/minimal.nix
(testVMConfig vmName vmScript) (testVMConfig vmName vmScript)
@ -141,13 +158,15 @@ let
sharePath = "/home/alice/vboxshare-${name}"; sharePath = "/home/alice/vboxshare-${name}";
createFlags = mkFlags [ createFlags = mkFlags [
"--ostype Linux26" "--ostype ${if use64bitGuest then "Linux26_64" else "Linux26"}"
"--register" "--register"
]; ];
vmFlags = mkFlags ([ vmFlags = mkFlags (
"--uart1 0x3F8 4" (optionals enableVBoxUART [
"--uartmode1 client /run/virtualbox-log-${name}.sock" "--uart1 0x3F8 4"
"--uartmode1 client /run/virtualbox-log-${name}.sock"
]) ++ [
"--memory 768" "--memory 768"
"--audio none" "--audio none"
] ++ (attrs.vmFlags or [])); ] ++ (attrs.vmFlags or []));
@ -180,7 +199,7 @@ let
]; ];
in { in {
machine = { machine = {
systemd.sockets."vboxtestlog-${name}" = { systemd.sockets."vboxtestlog-${name}" = mkIf enableVBoxUART {
description = "VirtualBox Test Machine Log Socket For ${name}"; description = "VirtualBox Test Machine Log Socket For ${name}";
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ]; before = [ "multi-user.target" ];
@ -188,7 +207,7 @@ let
socketConfig.Accept = true; socketConfig.Accept = true;
}; };
systemd.services."vboxtestlog-${name}@" = { systemd.services."vboxtestlog-${name}@" = mkIf enableVBoxUART {
description = "VirtualBox Test Machine Log For ${name}"; description = "VirtualBox Test Machine Log For ${name}";
serviceConfig.StandardInput = "socket"; serviceConfig.StandardInput = "socket";
serviceConfig.StandardOutput = "syslog"; serviceConfig.StandardOutput = "syslog";
@ -346,6 +365,8 @@ let
vmConfigs = mapAttrsToList mkVMConf vms; vmConfigs = mapAttrsToList mkVMConf vms;
in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs; in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
virtualisation.memorySize = 2048; virtualisation.memorySize = 2048;
virtualisation.qemu.options =
if useKvmNestedVirt then ["-cpu" "kvm64,vmx=on"] else [];
virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.enable = true;
services.xserver.displayManager.auto.user = "alice"; services.xserver.displayManager.auto.user = "alice";
users.users.alice.extraGroups = let users.users.alice.extraGroups = let
@ -412,9 +433,14 @@ in mapAttrs (mkVBoxTest false vboxVMs) {
); );
$machine->sleep(5); $machine->sleep(5);
$machine->screenshot("gui_manager_started"); $machine->screenshot("gui_manager_started");
# Home to select Tools, down to move to the VM, enter to start it.
$machine->sendKeys("home");
$machine->sendKeys("down");
$machine->sendKeys("ret"); $machine->sendKeys("ret");
$machine->screenshot("gui_manager_sent_startup"); $machine->screenshot("gui_manager_sent_startup");
waitForStartup_simple (sub { waitForStartup_simple (sub {
$machine->sendKeys("home");
$machine->sendKeys("down");
$machine->sendKeys("ret"); $machine->sendKeys("ret");
}); });
$machine->screenshot("gui_started"); $machine->screenshot("gui_started");

36
nixos/tests/xss-lock.nix
View File

@ -6,19 +6,35 @@ with lib;
name = "xss-lock"; name = "xss-lock";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ]; meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
machine = { nodes = {
imports = [ ./common/x11.nix ./common/user-account.nix ]; simple = {
programs.xss-lock.enable = true; imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "alice"; programs.xss-lock.enable = true;
services.xserver.displayManager.auto.user = "alice";
};
custom_lockcmd = { pkgs, ... }: {
imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "alice";
programs.xss-lock = {
enable = true;
extraOptions = [ "-n" "${pkgs.libnotify}/bin/notify-send 'About to sleep!'"];
lockerCommand = "${pkgs.xlockmore}/bin/xlock -mode ant";
};
};
}; };
testScript = '' testScript = ''
$machine->start; startAll;
$machine->waitForX;
$machine->waitForUnit("xss-lock.service", "alice");
$machine->fail("pgrep xlock"); ${concatStringsSep "\n" (mapAttrsToList (name: lockCmd: ''
$machine->succeed("su -l alice -c 'xset dpms force standby'"); ${"$"+name}->start;
$machine->waitUntilSucceeds("pgrep i3lock"); ${"$"+name}->waitForX;
${"$"+name}->waitForUnit("xss-lock.service", "alice");
${"$"+name}->fail("pgrep ${lockCmd}");
${"$"+name}->succeed("su -l alice -c 'xset dpms force standby'");
${"$"+name}->waitUntilSucceeds("pgrep ${lockCmd}");
'') { simple = "i3lock"; custom_lockcmd = "xlock"; })}
''; '';
}) })

4
pkgs/applications/audio/cdparanoia/default.nix
View File

@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./utils.patch ] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./utils.patch
++ [./fix_private_keyword.patch]; ++ [./fix_private_keyword.patch];
buildInputs = stdenv.lib.optional stdenv.isAarch64 autoreconfHook; nativeBuildInputs = stdenv.lib.optional stdenv.isAarch64 autoreconfHook;
propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [
Carbon Carbon
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
hardeningDisable = [ "format" ]; hardeningDisable = [ "format" ];
preConfigure = "unset CC" + stdenv.lib.optionalString stdenv.isAarch64 ''\n preConfigure = "unset CC" + stdenv.lib.optionalString stdenv.isAarch64 '';
cp ${gnu-config}/config.sub configure.sub cp ${gnu-config}/config.sub configure.sub
cp ${gnu-config}/config.guess configure.guess cp ${gnu-config}/config.guess configure.guess
''; '';

4
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -11,8 +11,8 @@ let
sha256 = "0n75jq3xgq46hfmjkaaxz3gic77shs4fzajq40c8gk043i84xbdh"; sha256 = "0n75jq3xgq46hfmjkaaxz3gic77shs4fzajq40c8gk043i84xbdh";
}; };
"2" = { "2" = {
fluidsynthVersion = "2.0.4"; fluidsynthVersion = "2.0.5";
sha256 = "1v2vji02fbrjgypwb4fw2r90hnfwfbfh3d24j8vjwlbqxhxp16s0"; sha256 = "0rv0apxbj0cgm8f8sqf5xr6kdi4q58ph92ip6cg716ha0ca5lr8y";
}; };
}; };
in in

4
pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris"; pname = "Mopidy-Iris";
version = "3.37.0"; version = "3.37.1";
src = pythonPackages.fetchPypi { src = pythonPackages.fetchPypi {
inherit pname version; inherit pname version;
sha256 = "1fy802jx3817ldrm3g5inrfjbi7s8xcx96pnglbq54nvp41lzyh5"; sha256 = "0qcg456k7av0anymmmnlcn0v4642gbgk0nhic6w9bg9v5m0nj9ll";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [

8
pkgs/applications/audio/qmmp/default.nix
View File

@ -29,17 +29,17 @@
# handle that. # handle that.
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "qmmp-1.3.1"; name = "qmmp-1.3.2";
src = fetchurl { src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2"; url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "1dmybzibpr6hpr2iv1wvrjgww842mng2x0rh1mr8gs8j191xvlhw"; sha256 = "1rh063kcyg7gs9yj2r4v5irpnq4pjaxaxsgrw30mdr21xhhc15cz";
}; };
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = buildInputs =
[ # basic requirements [ # basic requirements
cmake pkgconfig xlibsWrapper qtbase qttools qtmultimedia qtx11extras xlibsWrapper
qtbase qttools qtmultimedia qtx11extras
# transports # transports
curl libmms curl libmms
# input plugins # input plugins

5
pkgs/applications/audio/vcv-rack/default.nix
View File

@ -72,8 +72,9 @@ with stdenv.lib; stdenv.mkDerivation rec {
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Open-source virtual modular synthesizer"; description = "Open-source virtual modular synthesizer";
homepage = http://vcvrack.com/; homepage = http://vcvrack.com/;
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or unfree # The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or under a
license = [ licenses.bsd3 licenses.cc-by-nc-40 licenses.unfree ]; # no-derivatives clause
license = with licenses; [ bsd3 cc-by-nc-40 unfreeRedistributable ];
maintainers = with maintainers; [ moredread ]; maintainers = with maintainers; [ moredread ];
platforms = platforms.linux; platforms = platforms.linux;
}; };

8
pkgs/applications/editors/android-studio/default.nix
View File

@ -12,11 +12,11 @@ let
build = "183.5452501"; build = "183.5452501";
sha256Hash = "0i8wz9v6nxzr27a07cv2330i84v94pcl13gjwvpglp55hyzd8axd"; sha256Hash = "0i8wz9v6nxzr27a07cv2330i84v94pcl13gjwvpglp55hyzd8axd";
}; };
betaVersion = stableVersion; betaVersion = latestVersion;
latestVersion = { # canary & dev latestVersion = { # canary & dev
version = "3.5.0.12"; # "Android Studio 3.5 Canary 13" version = "3.5.0.13"; # "Android Studio 3.5 Beta 1"
build = "191.5487692"; build = "191.5529924";
sha256Hash = "0iwd2qa551rs9b0w4rs7wmzdbh3r4j76xvs815l6i5pilk0s47gz"; sha256Hash = "0i710n2wr0a8lvxf1mg6a5pmdh1l72wa0hwyricyixi0mylwwc6l";
}; };
in rec { in rec {
# Attributes are named by their corresponding release channels # Attributes are named by their corresponding release channels

6
pkgs/applications/editors/howl/default.nix
View File

@ -4,12 +4,12 @@ with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "howl-${version}"; name = "howl-${version}";
version = "0.5.3"; version = "0.6";
# Use the release tarball containing pre-downloaded dependencies sources # Use the release tarball containing pre-downloaded dependencies sources
src = fetchurl { src = fetchurl {
url = "https://github.com/howl-editor/howl/releases/download/0.5.3/howl-0.5.3.tgz"; url = "https://github.com/howl-editor/howl/releases/download/${version}/howl-${version}.tgz";
sha256 = "0gnc8vr5h8mwapbcqc1zr9la62rb633awyqgy8q7pwjpiy85a03v"; sha256 = "1qc58l3rkr37cj6vhf8c7bnwbz93nscyraz7jxqwjq6k4gj0cjw3";
}; };
sourceRoot = "./howl-${version}/src"; sourceRoot = "./howl-${version}/src";

4
pkgs/applications/editors/neovim/default.nix
View File

@ -21,13 +21,13 @@ let
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "neovim-unwrapped-${version}"; name = "neovim-unwrapped-${version}";
version = "0.3.4"; version = "0.3.5";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "neovim"; owner = "neovim";
repo = "neovim"; repo = "neovim";
rev = "v${version}"; rev = "v${version}";
sha256 = "07ncvgp6xfhiwc6hd7qf7zk28n3yj47p26qj1ji29vqkwnk28y3s"; sha256 = "113lrr9gwimvvzlkwlishm4cjqcf30xq9jfxn7vh41ckgnbiwf3w";
}; };
patches = [ patches = [

4
pkgs/applications/editors/vim/common.nix
View File

@ -1,12 +1,12 @@
{ lib, fetchFromGitHub }: { lib, fetchFromGitHub }:
rec { rec {
version = "8.1.0675"; version = "8.1.1234";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "vim"; owner = "vim";
repo = "vim"; repo = "vim";
rev = "v${version}"; rev = "v${version}";
sha256 = "00nlh8f2rf0af3n434s0lp6idxlg4l7mi1lrlbz0xld9dsrzdmas"; sha256 = "1ywrgciwqh1kg93kfq54zh0gdxwzgy1h49wsjdsl6s4mfscmpwng";
}; };
enableParallelBuilding = true; enableParallelBuilding = true;

9
pkgs/applications/graphics/digikam/default.nix
View File

@ -8,6 +8,7 @@
, qtsvg , qtsvg
, qtwebengine , qtwebengine
, akonadi-contacts
, kcalcore , kcalcore
, kconfigwidgets , kconfigwidgets
, kcoreaddons , kcoreaddons
@ -50,14 +51,14 @@
}: }:
mkDerivation rec { mkDerivation rec {
name = "digikam-${version}"; pname = "digikam";
version = "6.0.0"; version = "6.1.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "KDE"; owner = "KDE";
repo = "digikam"; repo = "digikam";
rev = "v${version}"; rev = "v${version}";
sha256 = "1ifvrn0bm7fp07d059rl4dy146qzdxafl36ipxg1fg00dkv95hh4"; sha256 = "0h0jqfgpanhxfi3r7cgip58ppypqx79z6c5jj7i7f19hp2zziip8";
}; };
nativeBuildInputs = [ cmake doxygen extra-cmake-modules kdoctools wrapGAppsHook ]; nativeBuildInputs = [ cmake doxygen extra-cmake-modules kdoctools wrapGAppsHook ];
@ -88,6 +89,7 @@ mkDerivation rec {
qtsvg qtsvg
qtwebengine qtwebengine
akonadi-contacts
kcalcore kcalcore
kconfigwidgets kconfigwidgets
kcoreaddons kcoreaddons
@ -112,6 +114,7 @@ mkDerivation rec {
preFixup = '' preFixup = ''
gappsWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ gnumake hugin enblend-enfuse ]}) gappsWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ gnumake hugin enblend-enfuse ]})
gappsWrapperArgs+=(--suffix DK_PLUGIN_PATH : ${placeholder "out"}/${qtbase.qtPluginPrefix}/${pname})
substituteInPlace $out/bin/digitaglinktree \ substituteInPlace $out/bin/digitaglinktree \
--replace "/usr/bin/perl" "${perl}/bin/perl" \ --replace "/usr/bin/perl" "${perl}/bin/perl" \
--replace "/usr/bin/sqlite3" "${sqlite}/bin/sqlite3" --replace "/usr/bin/sqlite3" "${sqlite}/bin/sqlite3"

3
pkgs/applications/graphics/gimp/wrapper.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, plugins ? null}: { stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, gnome3, plugins ? null}:
let let
allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation" && !pkg.meta.broken or false) (lib.attrValues gimpPlugins); allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation" && !pkg.meta.broken or false) (lib.attrValues gimpPlugins);
@ -17,6 +17,7 @@ in symlinkJoin {
for each in gimp-${versionBranch} gimp-console-${versionBranch}; do for each in gimp-${versionBranch} gimp-console-${versionBranch}; do
wrapProgram $out/bin/$each \ wrapProgram $out/bin/$each \
--set GIMP2_PLUGINDIR "$out/lib/gimp/2.0" \ --set GIMP2_PLUGINDIR "$out/lib/gimp/2.0" \
--prefix GTK_PATH : "${gnome3.gnome-themes-extra}/lib/gtk-2.0" \
${toString extraArgs} ${toString extraArgs}
done done
set +x set +x

11
pkgs/applications/graphics/glabels/default.nix
View File

@ -4,11 +4,11 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "glabels-${version}"; pname = "glabels";
version = "3.4.1"; version = "3.4.1";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/glabels/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "0f2rki8i27pkd9r0gz03cdl1g4vnmvp0j49nhxqn275vi8lmgr0q"; sha256 = "0f2rki8i27pkd9r0gz03cdl1g4vnmvp0j49nhxqn275vi8lmgr0q";
}; };
@ -25,6 +25,13 @@ stdenv.mkDerivation rec {
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
''; '';
passthru = {
updateScript = gnome3.updateScript {
packageName = pname;
versionPolicy = "none";
};
};
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Create labels and business cards"; description = "Create labels and business cards";
homepage = https://glabels.org/; homepage = https://glabels.org/;

8
pkgs/applications/graphics/gthumb/default.nix
View File

@ -4,14 +4,12 @@
libchamplain, librsvg, libwebp, json-glib, webkitgtk, lcms2, bison, libchamplain, librsvg, libwebp, json-glib, webkitgtk, lcms2, bison,
flex, wrapGAppsHook, shared-mime-info }: flex, wrapGAppsHook, shared-mime-info }:
let stdenv.mkDerivation rec {
pname = "gthumb"; pname = "gthumb";
version = "3.6.2"; version = "3.6.2";
in stdenv.mkDerivation rec {
name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "0rjb0bsjhn7nyl5jyjgrypvr6qdr9dc2g586j3lzan96a2vnpgy9"; sha256 = "0rjb0bsjhn7nyl5jyjgrypvr6qdr9dc2g586j3lzan96a2vnpgy9";
}; };
@ -40,7 +38,7 @@ in stdenv.mkDerivation rec {
}; };
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = https://wiki.gnome.org/Apps/gthumb; homepage = "https://wiki.gnome.org/Apps/Gthumb";
description = "Image browser and viewer for GNOME"; description = "Image browser and viewer for GNOME";
platforms = platforms.linux; platforms = platforms.linux;
license = licenses.gpl2; license = licenses.gpl2;

4
pkgs/applications/graphics/ipe/default.nix
View File

@ -3,11 +3,11 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "ipe-7.2.11"; name = "ipe-7.2.12";
src = fetchurl { src = fetchurl {
url = "https://dl.bintray.com/otfried/generic/ipe/7.2/${name}-src.tar.gz"; url = "https://dl.bintray.com/otfried/generic/ipe/7.2/${name}-src.tar.gz";
sha256 = "09d71fdpiz359mcnb57460w2mcfizvlnidd6g1k4c3v6rglwlbd2"; sha256 = "1qw1cmwzi3wxk4x916i9y4prhi9brnwl14i9a1cbw23x1sr7i6kw";
}; };
sourceRoot = "${name}/src"; sourceRoot = "${name}/src";

25
pkgs/applications/graphics/openscad/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, qt5, libsForQt5 { stdenv, fetchFromGitHub, qt5, libsForQt5
, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal , bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext , mpfr, gmp, glib, pkgconfig, harfbuzz, gettext, freetype, fontconfig
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -18,11 +18,13 @@ stdenv.mkDerivation rec {
sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb"; sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb";
}; };
nativeBuildInputs = [ bison flex pkgconfig ];
buildInputs = [ buildInputs = [
bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib eigen boost glew opencsg cgal mpfr gmp glib
pkgconfig harfbuzz gettext harfbuzz gettext freetype fontconfig
] ] ++ stdenv.lib.optional stdenv.isLinux libGLU_combined
++ (with qt5; [qtbase qmake]) ++ (with qt5; [qtbase qmake] ++ stdenv.lib.optional stdenv.isDarwin qtmacextras)
++ (with libsForQt5; [qscintilla]) ++ (with libsForQt5; [qscintilla])
; ;
@ -33,6 +35,17 @@ stdenv.mkDerivation rec {
doCheck = false; doCheck = false;
postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
mkdir $out/Applications
mv $out/bin/*.app $out/Applications
rmdir $out/bin || true
mv --target-directory=$out/Applications/OpenSCAD.app/Contents/Resources \
$out/share/openscad/{examples,color-schemes,locale,libraries,fonts}
rmdir $out/share/openscad
'';
meta = { meta = {
description = "3D parametric model compiler"; description = "3D parametric model compiler";
longDescription = '' longDescription = ''
@ -48,7 +61,7 @@ stdenv.mkDerivation rec {
''; '';
homepage = http://openscad.org/; homepage = http://openscad.org/;
license = stdenv.lib.licenses.gpl2; license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux; platforms = stdenv.lib.platforms.unix;
maintainers = with stdenv.lib.maintainers; maintainers = with stdenv.lib.maintainers;
[ bjornfor raskin the-kenny ]; [ bjornfor raskin the-kenny ];
}; };

4
pkgs/applications/graphics/renderdoc/default.nix
View File

@ -12,14 +12,14 @@ let
}; };
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "1.2"; version = "1.4";
name = "renderdoc-${version}"; name = "renderdoc-${version}";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "baldurk"; owner = "baldurk";
repo = "renderdoc"; repo = "renderdoc";
rev = "v${version}"; rev = "v${version}";
sha256 = "0s1q5d58x18yz3nf94pv5i1qd2hc0a4gdj4qkpcn8s6ms2x05pz4"; sha256 = "1iann73r4yzkwnm13h4zqipqrp5i5cnkv27yyap0axz6h3npw94r";
}; };
buildInputs = [ buildInputs = [

6
pkgs/applications/kde/kgpg.nix
View File

@ -1,7 +1,7 @@
{ {
mkDerivation, lib, mkDerivation, lib,
extra-cmake-modules, kdoctools, ki18n, makeWrapper, extra-cmake-modules, kdoctools, ki18n, makeWrapper,
akonadi-contacts, gnupg1, karchive, kcodecs, kcontacts, kcoreaddons, akonadi-contacts, gnupg, karchive, kcodecs, kcontacts, kcoreaddons,
kcrash, kdbusaddons, kiconthemes, kjobwidgets, kio, knotifications, kservice, kcrash, kdbusaddons, kiconthemes, kjobwidgets, kio, knotifications, kservice,
ktextwidgets, kxmlgui, kwidgetsaddons, kwindowsystem, qgpgme, ktextwidgets, kxmlgui, kwidgetsaddons, kwindowsystem, qgpgme,
}: }:
@ -10,12 +10,12 @@ mkDerivation {
name = "kgpg"; name = "kgpg";
nativeBuildInputs = [ extra-cmake-modules kdoctools makeWrapper ]; nativeBuildInputs = [ extra-cmake-modules kdoctools makeWrapper ];
buildInputs = [ buildInputs = [
akonadi-contacts gnupg1 karchive kcodecs kcontacts kcoreaddons kcrash akonadi-contacts gnupg karchive kcodecs kcontacts kcoreaddons kcrash
kdbusaddons ki18n kiconthemes kjobwidgets kio knotifications kservice kdbusaddons ki18n kiconthemes kjobwidgets kio knotifications kservice
ktextwidgets kxmlgui kwidgetsaddons kwindowsystem qgpgme ktextwidgets kxmlgui kwidgetsaddons kwindowsystem qgpgme
]; ];
postFixup = '' postFixup = ''
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg1 ]}" wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg ]}"
''; '';
meta = { meta = {
license = [ lib.licenses.gpl2 ]; license = [ lib.licenses.gpl2 ];

7
pkgs/applications/misc/audio/sox/default.nix
View File

@ -1,9 +1,10 @@
{ config, lib, stdenv, fetchurl, CoreAudio { config, lib, stdenv, fetchurl, pkgconfig, CoreAudio
, enableAlsa ? true, alsaLib ? null , enableAlsa ? true, alsaLib ? null
, enableLibao ? true, libao ? null , enableLibao ? true, libao ? null
, enableLame ? config.sox.enableLame or false, lame ? null , enableLame ? config.sox.enableLame or false, lame ? null
, enableLibmad ? true, libmad ? null , enableLibmad ? true, libmad ? null
, enableLibogg ? true, libogg ? null, libvorbis ? null , enableLibogg ? true, libogg ? null, libvorbis ? null
, enableOpusfile ? true, opusfile ? null
, enableFLAC ? true, flac ? null , enableFLAC ? true, flac ? null
, enablePNG ? true, libpng ? null , enablePNG ? true, libpng ? null
, enableLibsndfile ? true, libsndfile ? null , enableLibsndfile ? true, libsndfile ? null
@ -22,12 +23,16 @@ stdenv.mkDerivation rec {
sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl"; sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";
}; };
# configure.ac uses pkg-config only to locate libopusfile
nativeBuildInputs = optional enableOpusfile pkgconfig;
buildInputs = buildInputs =
optional (enableAlsa && stdenv.isLinux) alsaLib ++ optional (enableAlsa && stdenv.isLinux) alsaLib ++
optional enableLibao libao ++ optional enableLibao libao ++
optional enableLame lame ++ optional enableLame lame ++
optional enableLibmad libmad ++ optional enableLibmad libmad ++
optionals enableLibogg [ libogg libvorbis ] ++ optionals enableLibogg [ libogg libvorbis ] ++
optional enableOpusfile opusfile ++
optional enableFLAC flac ++ optional enableFLAC flac ++
optional enablePNG libpng ++ optional enablePNG libpng ++
optional enableLibsndfile libsndfile ++ optional enableLibsndfile libsndfile ++

45
pkgs/applications/misc/bemenu/default.nix Normal file
View File

@ -0,0 +1,45 @@
{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
, pango, fribidi, harfbuzz, pcre, pkgconfig
, ncursesSupport ? true, ncurses ? null
, waylandSupport ? true, wayland ? null
, x11Support ? true, xlibs ? null, xorg ? null
}:
assert ncursesSupport -> ncurses != null;
assert waylandSupport -> wayland != null;
assert x11Support -> xlibs != null && xorg != null;
stdenv.mkDerivation rec {
pname = "bemenu";
version = "0.1.0";
src = fetchFromGitHub {
owner = "Cloudef";
repo = "bemenu";
rev = "33e540a2b04ce78f5c7ab4a60b899c67f586cc32";
sha256 = "11h55m9dx6ai12pqij52ydjm36dvrcc856pa834njihrp626pl4w";
};
nativeBuildInputs = [ cmake pkgconfig pcre ];
buildInputs = with stdenv.lib; [
cairo
fribidi
harfbuzz
libxkbcommon
pango
] ++ optionals ncursesSupport [ ncurses ]
++ optionals waylandSupport [ wayland ]
++ optionals x11Support [
xlibs.libX11 xlibs.libXinerama xlibs.libXft
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
];
meta = with stdenv.lib; {
homepage = "https://github.com/Cloudef/bemenu";
description = "Dynamic menu library and client program inspired by dmenu";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ thiagokokada ];
platforms = with platforms; linux;
};
}

12
pkgs/applications/misc/calcurse/default.nix
View File

@ -9,17 +9,13 @@ stdenv.mkDerivation rec {
sha256 = "0vw2xi6a2lrhrb8n55zq9lv4mzxhby4xdf3hmi1vlfpyrpdwkjzd"; sha256 = "0vw2xi6a2lrhrb8n55zq9lv4mzxhby4xdf3hmi1vlfpyrpdwkjzd";
}; };
buildInputs = [ ncurses gettext python3 ]; buildInputs = [ ncurses gettext python3 python3Packages.wrapPython ];
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
# Build Python environment with httplib2 for calcurse-caldav
pythonEnv = python3Packages.python.buildEnv.override {
extraLibs = [ python3Packages.httplib2 ];
};
propagatedBuildInputs = [ pythonEnv ];
postInstall = '' postInstall = ''
substituteInPlace $out/bin/calcurse-caldav --replace /usr/bin/python3 ${pythonEnv}/bin/python3 patchShebangs .
buildPythonPath ${python3Packages.httplib2}
patchPythonScript $out/bin/calcurse-caldav
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

2
pkgs/applications/misc/dmenu/default.nix
View File

@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk
''; '';
makeFlags = [ "CC:=$(CC)" ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "A generic, highly customizable, and efficient menu for the X Window System"; description = "A generic, highly customizable, and efficient menu for the X Window System";
homepage = https://tools.suckless.org/dmenu; homepage = https://tools.suckless.org/dmenu;

43
pkgs/applications/misc/electrum/default.nix
View File

@ -1,28 +1,36 @@
{ stdenv, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }: { stdenv, fetchurl, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
let let
qdarkstyle = python3Packages.buildPythonPackage rec { version = "3.3.5";
pname = "QDarkStyle";
version = "2.5.4"; # Not provided in official source releases, which are what upstream signs.
src = python3Packages.fetchPypi { tests = fetchFromGitHub {
inherit pname version; owner = "spesmilo";
sha256 = "1w715m1i5pycfqcpkrggpn0rs9cakx6cm5v8rggcxnf4p0i0kdiy"; repo = "electrum";
}; rev = version;
doCheck = false; # no tests sha256 = "11rzzrv5xxqazcb7q1ig93d6cisqmd1x0jrgvfgzysbzvi51gg11";
extraPostFetch = ''
mv $out ./all
mv ./all/electrum/tests $out
'';
}; };
in in
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "electrum"; pname = "electrum";
version = "3.3.4"; inherit version;
src = fetchFromGitHub { src = fetchurl {
owner = "spesmilo"; url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
repo = "electrum"; sha256 = "1csj0n96zlajnrs39wsazfj5lmy7v7n77cdz56lr8nkmchh6k9z1";
rev = version;
sha256 = "0yxdpc602jnd14xz3px85ka0b6db98zwbgfi9a3vj8p1k3mmiwaj";
}; };
postUnpack = ''
# can't symlink, tests get confused
cp -ar ${tests} $sourceRoot/electrum/tests
'';
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [
aiorpcx aiorpcx
aiohttp aiohttp
@ -64,7 +72,10 @@ python3Packages.buildPythonApplication rec {
rm -rf $out/${python3.sitePackages}/nix rm -rf $out/${python3.sitePackages}/nix
substituteInPlace $out/share/applications/electrum.desktop \ substituteInPlace $out/share/applications/electrum.desktop \
--replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" --replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum %u"' \
"Exec=$out/bin/electrum %u" \
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum --testnet %u"' \
"Exec=$out/bin/electrum --testnet %u"
''; '';
checkInputs = with python3Packages; [ pytest ]; checkInputs = with python3Packages; [ pytest ];

8
pkgs/applications/misc/fsv/default.nix
View File

@ -4,10 +4,10 @@
let let
gtkglarea = stdenv.mkDerivation rec { gtkglarea = stdenv.mkDerivation rec {
name = "gtkglarea-${version}"; pname = "gtkglarea";
version = "2.1.0"; version = "2.1.0";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/gtkglarea/2.1/${name}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "1pl2vdj6l64j864ilhkq1bcggb3hrlxjwk5m029i7xfjfxc587lf"; sha256 = "1pl2vdj6l64j864ilhkq1bcggb3hrlxjwk5m029i7xfjfxc587lf";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
@ -16,13 +16,13 @@ let
}; };
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
name = "fsv-${version}"; pname = "fsv";
version = "0.9-1"; version = "0.9-1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "mcuelenaere"; owner = "mcuelenaere";
repo = "fsv"; repo = "fsv";
rev = name; rev = "${pname}-${version}";
sha256 = "0n09jd7yqj18mx6zqbg7kab4idg5llr15g6avafj74fpg1h7iimj"; sha256 = "0n09jd7yqj18mx6zqbg7kab4idg5llr15g6avafj74fpg1h7iimj";
}; };

1
pkgs/applications/misc/hello/default.nix
View File

@ -18,6 +18,7 @@ stdenv.mkDerivation rec {
It is fully customizable. It is fully customizable.
''; '';
homepage = https://www.gnu.org/software/hello/manual/; homepage = https://www.gnu.org/software/hello/manual/;
changelog = "https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}";
license = licenses.gpl3Plus; license = licenses.gpl3Plus;
maintainers = [ maintainers.eelco ]; maintainers = [ maintainers.eelco ];
platforms = platforms.all; platforms = platforms.all;

9
pkgs/applications/misc/hubstaff/default.nix
View File

@ -5,7 +5,9 @@
let let
version = "1.3.1-ff75f26"; data = builtins.fromJSON (builtins.readFile ./revision.json);
inherit (data) version url sha256;
rpath = stdenv.lib.makeLibraryPath rpath = stdenv.lib.makeLibraryPath
[ libX11 zlib libSM libICE libXext freetype libXrender fontconfig libXft [ libX11 zlib libSM libICE libXext freetype libXrender fontconfig libXft
@ -17,10 +19,7 @@ in
stdenv.mkDerivation { stdenv.mkDerivation {
name = "hubstaff-${version}"; name = "hubstaff-${version}";
src = fetchurl { src = fetchurl { inherit sha256 url; };
url = "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/${version}/Hubstaff-${version}.sh";
sha256 = "0jm5l34r6lkfkg8vsdfqbr0axngxznhagwcl9y184lnyji91fmdl";
};
nativeBuildInputs = [ unzip makeWrapper ]; nativeBuildInputs = [ unzip makeWrapper ];

5
pkgs/applications/misc/hubstaff/revision.json Normal file
View File

@ -0,0 +1,5 @@
{
"url": "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/1.4.5-c5b459ea/Hubstaff-1.4.5-c5b459ea.sh",
"version": "1.4.5-c5b459ea",
"sha256": "180qglbj175wln0kh8d5czhjvy7z503zxn4w6522hkz4ddz201nz"
}

18
pkgs/applications/misc/hubstaff/update.sh Executable file
View File

@ -0,0 +1,18 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p nix-prefetch-git curl
SCRIPT_DIR=$(dirname "$(readlink -f "$BASH_SOURCE")")
installation_script_url=$(curl --fail --head --location --silent --output /dev/null --write-out %{url_effective} https://app.hubstaff.com/download/linux)
version=$(echo "$installation_script_url" | sed -r 's/^https:\/\/hubstaff\-production\.s3\.amazonaws\.com\/downloads\/HubstaffClient\/Builds\/Release\/([^\/]+)\/Hubstaff.+$/\1/')
sha256=$(nix-prefetch-url "$installation_script_url")
cat <<EOT > $SCRIPT_DIR/revision.json
{
"url": "$installation_script_url",
"version": "$version",
"sha256": "$sha256"
}
EOT

4
pkgs/applications/misc/josm/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "josm-${version}"; name = "josm-${version}";
version = "14945"; version = "15031";
src = fetchurl { src = fetchurl {
url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar"; url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
sha256 = "0kdfdn0i7gjfkkllb93598ywf0qlllzsia5q14szc5b5assl8qpb"; sha256 = "19qw1s5v0dha329a7rfnhby0rq5d109b3f1ln2w1dfkmirbl75ir";
}; };
buildInputs = [ jdk11 makeWrapper ]; buildInputs = [ jdk11 makeWrapper ];

23
pkgs/applications/misc/k2pdfopt/default.nix
View File

@ -57,7 +57,28 @@ stdenv.mkDerivation rec {
prePatch = '' prePatch = ''
cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/ cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/
''; '';
patches = []; patches = [
# stripped down copy of upstream commit b88c821f8d347bce0aea86d606c710303919f3d2
./leptonica-CVE-2018-3836.patch
(fetchpatch {
# CVE-2018-7186
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "ee301cb2029db8a6289c5295daa42bba7715e99a.patch";
sha256 = "0cgb7mvz2px1rg5i80wk1wxxjvzjga617d8q6j7qygkp7jm6495d";
})
(fetchpatch {
# CVE-2018-7247
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "c1079bb8e77cdd426759e466729917ca37a3ed9f.patch";
sha256 = "1z4iac5gwqggh7aa8cvyp6nl9fwd1v7wif26caxc9y5qr3jj34qf";
})
(fetchpatch {
# CVE-2018-7440
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b.patch";
sha256 = "1hjmva98iaw9xj7prg7aimykyayikcwnk4hk0380007hqb35lqmy";
})
];
}); });
tesseract_modded = tesseract4.override { tesseract_modded = tesseract4.override {
tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: { tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: {

95
pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch Normal file
View File

@ -0,0 +1,95 @@
--- a/src/allheaders.h
+++ b/src/allheaders.h
@@ -2600,6 +2600,7 @@
LEPT_DLL extern char * stringReverse ( const char *src );
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr );
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail );
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound );
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars );
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc );
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc );
--- a/src/gplot.c
+++ b/src/gplot.c
@@ -141,9 +141,10 @@
const char *xlabel,
const char *ylabel)
{
-char *newroot;
-char buf[L_BUF_SIZE];
-GPLOT *gplot;
+char *newroot;
+char buf[L_BUF_SIZE];
+l_int32 badchar;
+GPLOT *gplot;
PROCNAME("gplotCreate");
@@ -152,6 +153,9 @@
if (outformat != GPLOT_PNG && outformat != GPLOT_PS &&
outformat != GPLOT_EPS && outformat != GPLOT_LATEX)
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL);
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar);
+ if (badchar) /* danger of command injection */
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL);
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL)
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL);
--- a/src/utils2.c
+++ b/src/utils2.c
@@ -42,6 +42,7 @@
* l_int32 stringSplitOnToken()
*
* Find and replace string and array procs
+ * l_int32 stringCheckForChars()
* char *stringRemoveChars()
* l_int32 stringFindSubstr()
* char *stringReplaceSubstr()
@@ -701,6 +702,48 @@
/*--------------------------------------------------------------------*
* Find and replace procs *
*--------------------------------------------------------------------*/
+/*!
+ * \brief stringCheckForChars()
+ *
+ * \param[in] src input string; can be of zero length
+ * \param[in] chars string of chars to be searched for in %src
+ * \param[out] pfound 1 if any characters are found; 0 otherwise
+ * \return 0 if OK, 1 on error
+ *
+ * <pre>
+ * Notes:
+ * (1) This can be used to sanitize an operation by checking for
+ * special characters that don't belong in a string.
+ * </pre>
+ */
+l_int32
+stringCheckForChars(const char *src,
+ const char *chars,
+ l_int32 *pfound)
+{
+char ch;
+l_int32 i, n;
+
+ PROCNAME("stringCheckForChars");
+
+ if (!pfound)
+ return ERROR_INT("&found not defined", procName, 1);
+ *pfound = FALSE;
+ if (!src || !chars)
+ return ERROR_INT("src and chars not both defined", procName, 1);
+
+ n = strlen(src);
+ for (i = 0; i < n; i++) {
+ ch = src[i];
+ if (strchr(chars, ch)) {
+ *pfound = TRUE;
+ break;
+ }
+ }
+ return 0;
+}
+
+
/*!
* \brief stringRemoveChars()
*

15
pkgs/applications/misc/kitty/default.nix
View File

@ -2,7 +2,7 @@
harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel, harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel,
libstartup_notification, libX11, libXrandr, libXinerama, libXcursor, libstartup_notification, libX11, libXrandr, libXinerama, libXcursor,
libxkbcommon, libXi, libXext, wayland-protocols, wayland, libxkbcommon, libXi, libXext, wayland-protocols, wayland,
which, dbus, which, dbus, fetchpatch,
Cocoa, Cocoa,
CoreGraphics, CoreGraphics,
Foundation, Foundation,
@ -67,6 +67,17 @@ buildPythonApplication rec {
libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so"; libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so";
}) })
] ++ stdenv.lib.optionals stdenv.isDarwin [ ] ++ stdenv.lib.optionals stdenv.isDarwin [
(fetchpatch {
name = "macos-symlink-1";
url = https://github.com/kovidgoyal/kitty/commit/bdeec612667f6976109247fe1750b10dda9c24c0.patch;
sha256 = "1d18x260w059qag80kgb2cgi2h4rricvqhwpbrw79s8yxzs7jhxk";
})
(fetchpatch {
# fixup of previous patch
name = "macos-symlink-2";
url = https://github.com/kovidgoyal/kitty/commit/af2c9a49b1ad31e94242295d88598591623fbf11.patch;
sha256 = "0k3dmgbvmh66j8k3h8dw6la6ma6f20fng6jjypy982kxvracsnl5";
})
./macos-10.11.patch ./macos-10.11.patch
./no-lto.patch ./no-lto.patch
./no-werror.patch ./no-werror.patch
@ -84,7 +95,7 @@ buildPythonApplication rec {
mkdir -p $out mkdir -p $out
${if stdenv.isDarwin then '' ${if stdenv.isDarwin then ''
mkdir "$out/bin" mkdir "$out/bin"
ln -s ../Applications/kitty.app/Contents/MacOS/kitty "$out/bin/kitty" ln -s ../Applications/kitty.app/Contents/MacOS/kitty-deref-symlink "$out/bin/kitty"
mkdir "$out/Applications" mkdir "$out/Applications"
cp -r kitty.app "$out/Applications/kitty.app" cp -r kitty.app "$out/Applications/kitty.app"
'' else '' '' else ''

8
pkgs/applications/misc/moonlight-embedded/default.nix
View File

@ -1,18 +1,18 @@
{ stdenv, fetchFromGitHub, cmake, perl { stdenv, fetchFromGitHub, cmake, perl
, alsaLib, libevdev, libopus, udev, SDL2 , alsaLib, libevdev, libopus, udev, SDL2
, ffmpeg, pkgconfig, xorg, libvdpau, libpulseaudio, libcec , ffmpeg, pkgconfig, xorg, libvdpau, libpulseaudio, libcec
, curl, expat, avahi, enet, libuuid , curl, expat, avahi, enet, libuuid, libva
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "moonlight-embedded-${version}"; name = "moonlight-embedded-${version}";
version = "2.4.7"; version = "2.4.9";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "irtimmer"; owner = "irtimmer";
repo = "moonlight-embedded"; repo = "moonlight-embedded";
rev = "v${version}"; rev = "v${version}";
sha256 = "0ihgb0kh4rhbgn55s25rfbs8063zqvcyqn137jn3nsc0is1595a9"; sha256 = "1mzs0dr6bg57kjyxjh48hfmlsil7fvgqf9lhjzxxj3llvpxwws86";
fetchSubmodules = true; fetchSubmodules = true;
}; };
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
buildInputs = [ buildInputs = [
alsaLib libevdev libopus udev SDL2 alsaLib libevdev libopus udev SDL2
ffmpeg pkgconfig xorg.libxcb libvdpau libpulseaudio libcec ffmpeg pkgconfig xorg.libxcb libvdpau libpulseaudio libcec
xorg.libpthreadstubs curl expat avahi enet libuuid xorg.libpthreadstubs curl expat avahi enet libuuid libva
]; ];
meta = with stdenv.lib; { meta = with stdenv.lib; {

19
pkgs/applications/misc/octoprint/default.nix
View File

@ -15,13 +15,26 @@ let
packageOverrides = lib.foldr lib.composeExtensions (self: super: { }) ([ packageOverrides = lib.foldr lib.composeExtensions (self: super: { }) ([
(mkOverride "flask" "0.10.1" "0wrkavjdjndknhp8ya8j850jq7a1cli4g5a93mg8nh1xz2gq50sc") (mkOverride "flask" "0.10.1" "0wrkavjdjndknhp8ya8j850jq7a1cli4g5a93mg8nh1xz2gq50sc")
(mkOverride "flask_login" "0.2.11" "1rg3rsjs1gwi2pw6vr9jmhaqm9b3vc9c4hfcsvp4y8agbh7g3mc3") (mkOverride "flask_login" "0.2.11" "1rg3rsjs1gwi2pw6vr9jmhaqm9b3vc9c4hfcsvp4y8agbh7g3mc3")
(mkOverride "jinja2" "2.8.1" "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m")
(mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi") (mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi")
(mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar") (mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar")
(mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d") (mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d")
# https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134 # https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134
(mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c") (mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c")
# Octoprint holds back jinja2 to 2.8.1 due to breaking changes.
# This old version does not have updated test config for pytest 4,
# and pypi tarball doesn't contain tests dir anyways.
(pself: psuper: {
jinja2 = psuper.jinja2.overridePythonAttrs (oldAttrs: rec {
version = "2.8.1";
src = oldAttrs.src.override {
inherit version;
sha256 = "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m";
};
doCheck = false;
});
})
]); ]);
}; };
@ -69,7 +82,7 @@ in py.pkgs.buildPythonApplication rec {
pylru pyyaml sarge feedparser netifaces click websocket_client pylru pyyaml sarge feedparser netifaces click websocket_client
scandir chainmap future dateutil futures wrapt monotonic emoji scandir chainmap future dateutil futures wrapt monotonic emoji
frozendict frozendict
]; ] ++ lib.optionals stdenv.isDarwin [ py.pkgs.appdirs ];
checkInputs = with py.pkgs; [ nose mock ddt ]; checkInputs = with py.pkgs; [ nose mock ddt ];
@ -82,7 +95,7 @@ in py.pkgs.buildPythonApplication rec {
''; '';
checkPhase = '' checkPhase = ''
HOME=$(mktemp -d) nosetests HOME=$(mktemp -d) nosetests ${lib.optionalString stdenv.isDarwin "--exclude=test_set_external_modification"}
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

6
pkgs/applications/misc/pdfmod/default.nix
View File

@ -4,11 +4,11 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "pdfmod-${version}"; pname = "pdfmod";
version = "0.9.1"; version = "0.9.1";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/pdfmod/0.9/pdfmod-${version}.tar.bz2"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.bz2";
sha256 = "eb7c987514a053106ddf03f26544766c751c801d87762909b36415d46bc425c9"; sha256 = "eb7c987514a053106ddf03f26544766c751c801d87762909b36415d46bc425c9";
}; };
@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
dontStrip = true; dontStrip = true;
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = https://wiki.gnome.org/Apps/PdfMod; homepage = "https://wiki.gnome.org/Attic/PdfMod";
description = "A simple application for modifying PDF documents"; description = "A simple application for modifying PDF documents";
platforms = platforms.all; platforms = platforms.all;
maintainers = with maintainers; [ obadz ]; maintainers = with maintainers; [ obadz ];

4
pkgs/applications/misc/playonlinux/default.nix
View File

@ -4,7 +4,7 @@
, cabextract , cabextract
, gettext , gettext
, glxinfo , glxinfo
, gnupg1compat , gnupg
, icoutils , icoutils
, imagemagick , imagemagick
, netcat-gnu , netcat-gnu
@ -32,7 +32,7 @@ let
python2Packages.python python2Packages.python
gettext gettext
glxinfo glxinfo
gnupg1compat gnupg
icoutils icoutils
imagemagick imagemagick
netcat-gnu netcat-gnu

4
pkgs/applications/misc/tilix/default.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "tilix"; pname = "tilix";
version = "1.9.0"; version = "1.9.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "gnunn1"; owner = "gnunn1";
repo = "tilix"; repo = "tilix";
rev = version; rev = version;
sha256 = "1k8hqpq6bzmn06b4s8c257n37ghgp3fl7l9g6fy0giwk1x0ix735"; sha256 = "0mg9y4xd2pnv0smibg7dyy733jarvx6qpdqap3sj7fpyni0jvpph";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

4
pkgs/applications/misc/tzupdate/default.nix
View File

@ -5,11 +5,11 @@ let
in in
buildPythonApplication rec { buildPythonApplication rec {
pname = "tzupdate"; pname = "tzupdate";
version = "1.3.1"; version = "1.4.0";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
sha256 = "085kp4v9ijhkfvr0r5rzn4z7nrkb2qig05j0bajb0gkgynwf8wnz"; sha256 = "1sc3z2bx2nhnxg82x0jy19pr8lw56chbr90c2lr11w495csqwhz7";
}; };
propagatedBuildInputs = [ requests ]; propagatedBuildInputs = [ requests ];

10
pkgs/applications/misc/zathura/core/default.nix
View File

@ -32,15 +32,15 @@ stdenv.mkDerivation rec {
] ++ optional synctexSupport "-Dsynctex=enabled"; ] ++ optional synctexSupport "-Dsynctex=enabled";
nativeBuildInputs = [ nativeBuildInputs = [
meson ninja pkgconfig appstream-glib desktop-file-utils python3.pkgs.sphinx meson ninja pkgconfig desktop-file-utils python3.pkgs.sphinx
gettext makeWrapper libxml2 gettext makeWrapper libxml2
]; ] ++ optional stdenv.isLinux appstream-glib;
buildInputs = [ buildInputs = [
gtk girara libintl libseccomp gtk girara libintl sqlite glib file librsvg
sqlite glib file librsvg
] ++ optional synctexSupport texlive.bin.core ] ++ optional synctexSupport texlive.bin.core
++ optional stdenv.isDarwin [ gtk-mac-integration ]; ++ optional stdenv.isLinux libseccomp
++ optional stdenv.isDarwin gtk-mac-integration;
meta = { meta = {
homepage = https://pwmt.org/projects/zathura/; homepage = https://pwmt.org/projects/zathura/;

3
pkgs/applications/misc/zathura/default.nix
View File

@ -1,5 +1,6 @@
{ config, pkgs { config, pkgs
, useMupdf ? config.zathura.useMupdf or true # zathura_pdf_mupdf fails to load _opj_create_decompress at runtime on Darwin (https://github.com/NixOS/nixpkgs/pull/61295#issue-277982980)
, useMupdf ? config.zathura.useMupdf or (!pkgs.stdenv.isDarwin)
, synctexSupport ? true }: , synctexSupport ? true }:
let let

4
pkgs/applications/misc/zathura/pdf-mupdf/default.nix
View File

@ -21,9 +21,7 @@ stdenv.mkDerivation rec {
buildInputs = [ buildInputs = [
zathura_core girara mupdf cairo zathura_core girara mupdf cairo
] ++ stdenv.lib.optional stdenv.isDarwin [ ] ++ lib.optional stdenv.isDarwin gtk-mac-integration;
gtk-mac-integration
];
PKG_CONFIG_ZATHURA_PLUGINDIR= "lib/zathura"; PKG_CONFIG_ZATHURA_PLUGINDIR= "lib/zathura";

6
pkgs/applications/networking/cluster/minikube/default.nix
View File

@ -14,9 +14,9 @@ let
in buildGoPackage rec { in buildGoPackage rec {
pname = "minikube"; pname = "minikube";
name = "${pname}-${version}"; name = "${pname}-${version}";
version = "1.0.0"; version = "1.0.1";
kubernetesVersion = "1.14.0"; kubernetesVersion = "1.14.1";
goPackagePath = "k8s.io/minikube"; goPackagePath = "k8s.io/minikube";
@ -24,7 +24,7 @@ in buildGoPackage rec {
owner = "kubernetes"; owner = "kubernetes";
repo = "minikube"; repo = "minikube";
rev = "v${version}"; rev = "v${version}";
sha256 = "170iy0h27gkz2hg485rnawdw069gxwgkwsjmfj5yag2kkgl7gxa3"; sha256 = "1fgyaq8789wc3h6xmn4iw6if2jxdv5my35yn6ipx3q6i4hagxl4b";
}; };
buildInputs = [ go-bindata makeWrapper gpgme ] ++ stdenv.lib.optional stdenv.hostPlatform.isDarwin vmnet; buildInputs = [ go-bindata makeWrapper gpgme ] ++ stdenv.lib.optional stdenv.hostPlatform.isDarwin vmnet;

152
pkgs/applications/networking/cluster/terraform-providers/data.nix
View File

@ -4,22 +4,22 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-acme"; repo = "terraform-provider-acme";
version = "1.1.1"; version = "1.1.2";
sha256 = "0fva2kw82s94r4s4dpk38kcmssmcr71ia9jyg1rqmc00ifilfrzj"; sha256 = "1l77pckiwa72lwbwbqkjzy6m9xsgp13spmzc80gfl4q0gd3d46an";
}; };
alicloud = alicloud =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-alicloud"; repo = "terraform-provider-alicloud";
version = "1.39.0"; version = "1.41.0";
sha256 = "0m5fvqrvnb7v5iii67l743j3hq32rljrvnkgc7fcd46zrf38yl2h"; sha256 = "0bl24mgk0rangwwbz43ybymcivn3kjjg35rrvv7ashvhmx58qcf8";
}; };
archive = archive =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-archive"; repo = "terraform-provider-archive";
version = "1.2.1"; version = "1.2.2";
sha256 = "1avx3m0dkld0kmsi8ifqcla8254p1izh5wrziffr7r05s152r8qf"; sha256 = "1saprj2r74b63z03n80m3mfj3vhgvlm4gp2hzqzjbdgibxsz4jaw";
}; };
arukas = arukas =
{ {
@ -39,36 +39,36 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-aws"; repo = "terraform-provider-aws";
version = "2.6.0"; version = "2.9.0";
sha256 = "0hpnyid5w33n8ypwcz3a43gazbvk6m60b57qll2qgx6bm1q75b19"; sha256 = "1gkw60ihc2b3qhb110m0mckfvb21lqgx4vc4x249mfxxk25i26s7";
}; };
azuread = azuread =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-azuread"; repo = "terraform-provider-azuread";
version = "0.2.0"; version = "0.3.1";
sha256 = "01aiynw905gbn6dv23971yhwv0kfcbckcqp4f65sypn1l8szqyjg"; sha256 = "1bs4m9hwdag58by49zsjpys3xvxg98nq8qims17mc82pbsz6mpag";
}; };
azurerm = azurerm =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-azurerm"; repo = "terraform-provider-azurerm";
version = "1.25.0"; version = "1.27.1";
sha256 = "1fhcljxz6cb5q1kd7aprxv1bga53x6fg65q5wkp985aaqnl42b8k"; sha256 = "0lxa84j9kzinblz7zp4gizizj0sy0vidkjvgnb99sr3861rak1x5";
}; };
azurestack = azurestack =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-azurestack"; repo = "terraform-provider-azurestack";
version = "0.5.0"; version = "0.6.0";
sha256 = "0pi8hjl6350ibkiz5pi86p58gkj8jf0a27ar04npsrn2wcz90k8z"; sha256 = "0lh0an3bz3kh2s6ncadikivr08fj8cvq7zm20csmjbgwgicq4gl8";
}; };
bigip = bigip =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-bigip"; repo = "terraform-provider-bigip";
version = "0.12.0"; version = "0.12.2";
sha256 = "0fmmlx757hph45ffm19zafjfkldg41qkw83vz0jjmvxicza1afbd"; sha256 = "0pplv5hi1kjli0jpya12crb5dkc6bkzvm8094rwhjbxb4f65ca5d";
}; };
bitbucket = bitbucket =
{ {
@ -81,8 +81,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-brightbox"; repo = "terraform-provider-brightbox";
version = "1.1.1"; version = "1.1.2";
sha256 = "03fh287fmbg9jxsiniwj3sn6nsjdm46qv82b5aaqny3qmhjddjvq"; sha256 = "0k9qs7kpjznascads5llajzx2xkm4hdil2n4wl0fqy43s6dkvbbf";
}; };
chef = chef =
{ {
@ -144,15 +144,15 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-datadog"; repo = "terraform-provider-datadog";
version = "1.8.0"; version = "1.9.0";
sha256 = "1pmz4gxhfynj7mjcl07n2ggz00vccw4bv6cmp7na3ssbpnjiy1wx"; sha256 = "0c5s9ywd6p4qjd964y33rcqcgfqz225x5rp0jlsqxbv9i2r91fb0";
}; };
digitalocean = digitalocean =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-digitalocean"; repo = "terraform-provider-digitalocean";
version = "1.1.0"; version = "1.3.0";
sha256 = "1w5xslm8939rz13bsiv9hfcl8cyvi03gr0h24c0ybwj8alxmxhb4"; sha256 = "1bi482s6s3v7sqknwwchscwwncwrhr4jl4gl4l25bngp1kd7cp7i";
}; };
dme = dme =
{ {
@ -165,8 +165,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-dns"; repo = "terraform-provider-dns";
version = "2.0.0"; version = "2.1.1";
sha256 = "1km0pq1wp0bdccb612z9n0kj9w7hn1yvhk7xszwp2mzs8qmd7flv"; sha256 = "1iyfsx1fbpvp3zjrkq8c46nr6d80z40mzkfc4axfpqyrp9xqiy8j";
}; };
dnsimple = dnsimple =
{ {
@ -193,8 +193,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-external"; repo = "terraform-provider-external";
version = "1.1.1"; version = "1.1.2";
sha256 = "110kqp4gsag3l8h9hwjdq98s9rz9f5w31mrs50rygdc0yd43hq8z"; sha256 = "12wdzm3y0fd840bdf0dczvvmdmfwpfwfwnf0j4g6n9asdcvjaqlh";
}; };
fastly = fastly =
{ {
@ -207,36 +207,36 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-flexibleengine"; repo = "terraform-provider-flexibleengine";
version = "1.4.0"; version = "1.5.0";
sha256 = "1gj3y9xw9zzh2fs2i6q0afw591lhy1lvcn80xac4da08r5l3si6g"; sha256 = "17dksrqkh35wf0clqcd4v6ggmzc7xmrw8q7q0qa9n9zqyg1zibqk";
}; };
github = github =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-github"; repo = "terraform-provider-github";
version = "1.3.0"; version = "2.0.0";
sha256 = "1k7816dbpsjjbm3pa6l0qlrxw5hh8z5iwdr8mp1mp5liidhl6bqs"; sha256 = "1lvizak27qxgggp5xb15s8f504cjgr633889cv2jsr2rn64z4jv5";
}; };
gitlab = gitlab =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-gitlab"; repo = "terraform-provider-gitlab";
version = "1.2.0"; version = "1.3.0";
sha256 = "11j84kyw2lsqsn6ya070hx0k6igb3hhjl8zlnr4q3gpmv51y23qc"; sha256 = "0lh1v20msahcfjc22v7yf1cwinaq0zy2m8f7sl5jfn294j9nbam8";
}; };
google = google =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-google"; repo = "terraform-provider-google";
version = "2.4.0"; version = "2.6.0";
sha256 = "153pr01m7clvdq9c09xhvlivagn12nlxhykh1x9yya9ixkg0zrrv"; sha256 = "0y93hfwhzbk7dl7cw5lw2gwf5hdbc7rs9gh10b39vxgv9jrj4kqv";
}; };
google-beta = google-beta =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-google-beta"; repo = "terraform-provider-google-beta";
version = "2.4.0"; version = "2.6.0";
sha256 = "08vbj9m6x0byf7x77a5b5isg0kmlxvc9gswgilzi6djgwg0j6wwd"; sha256 = "1bm3nrv2pa6mf6l4vn5b0hads7bhp67bnhc5y72yingfky7kva5h";
}; };
grafana = grafana =
{ {
@ -263,8 +263,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-helm"; repo = "terraform-provider-helm";
version = "0.9.0"; version = "0.9.1";
sha256 = "1psqabifb1kabg268ca1x4l79z1xga1pr2sf8x9lrd7z856v18l9"; sha256 = "189w8zz2fv0qfggzxmppaw8814c7kylgb11m1r9mqii3phsgnlz1";
}; };
heroku = heroku =
{ {
@ -277,8 +277,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-http"; repo = "terraform-provider-http";
version = "1.0.1"; version = "1.1.1";
sha256 = "1bnqrx4xya3lm5wp4byy6npazll6w1g6bv4rawgncswsgx08zqng"; sha256 = "0ah4wi9gm5m7z0wyy6vn3baz2iw2sq7ah7q0lb9srwr887aai3x0";
}; };
huaweicloud = huaweicloud =
{ {
@ -312,8 +312,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-kubernetes"; repo = "terraform-provider-kubernetes";
version = "1.5.2"; version = "1.6.2";
sha256 = "0g1f5cbmzrd46abwd0rdyrf8wj8w9bx1251gf4s9z41adrxjy2lp"; sha256 = "14jql78a1rw1wl97myry29lgmqkcdn44qgmzjrfky958afnkgiig";
}; };
librato = librato =
{ {
@ -333,8 +333,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-local"; repo = "terraform-provider-local";
version = "1.2.1"; version = "1.2.2";
sha256 = "1hi2bxa79fbdf2n6z59xdfs7bx8cg7q2l84hrxdh3cqbnb8jvsbr"; sha256 = "0azrw62clki002nlv7ws3kzfsbqkadm713534i4xgvix2m08d1cx";
}; };
logentries = logentries =
{ {
@ -389,8 +389,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-ns1"; repo = "terraform-provider-ns1";
version = "1.3.0"; version = "1.3.1";
sha256 = "1h21a4z7js2iwg0gj217lq4d7wccxhjmi5k37asfj18ch0x37c7v"; sha256 = "04ibq5dgxqb5lpnvqxg4xkb498w77p2sbjfyy9zj7m5i62xrwg79";
}; };
nsxt = nsxt =
{ {
@ -403,22 +403,22 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-null"; repo = "terraform-provider-null";
version = "2.1.1"; version = "2.1.2";
sha256 = "0sw7j2cz9d5207l1v32ahqahmsk1dzzsf83zqivaa5jk3w4bfnjz"; sha256 = "0di1hxmd3s80sz8hl5q2i425by8fbk15f0r4jmnm6vra0cq89jw2";
}; };
nutanix = nutanix =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-nutanix"; repo = "terraform-provider-nutanix";
version = "1.0.0"; version = "1.0.1";
sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541"; sha256 = "1g7p6qg32g75x8fgspgxcdsa086mz3yabdgv1k68rykhw3zbri5d";
}; };
oci = oci =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-oci"; repo = "terraform-provider-oci";
version = "3.23.0-rc1"; version = "3.24.1";
sha256 = "11h8na7czj4iqm9z3pd8im06qqp3mng62h8ha5afvz2phv1g096h"; sha256 = "1yhcxwg3ivrgzasdsf5yq8v6h4j1lprnm881xfm4h1rpq465y1mj";
}; };
oneandone = oneandone =
{ {
@ -431,22 +431,22 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-opc"; repo = "terraform-provider-opc";
version = "1.3.3"; version = "1.3.6";
sha256 = "1hwbwyhjrs16cy66przs44znni0x3nwfsx18glxbikb2zx1ph93n"; sha256 = "1b11837j0d8s59pjkankbm3p5l87aw1s17mn2q7nvy65kgzalsra";
}; };
openstack = openstack =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-openstack"; repo = "terraform-provider-openstack";
version = "1.17.0"; version = "1.18.0";
sha256 = "1a3asmkf3w1ndy5rpyn09msp5l1sm2cdm3ca7cx5v00pjvww9f52"; sha256 = "05sr6vra4fsrysrz7a77vaa5zklhxf4hl8g029y9l1fln7vdpssg";
}; };
opentelekomcloud = opentelekomcloud =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-opentelekomcloud"; repo = "terraform-provider-opentelekomcloud";
version = "1.7.0"; version = "1.8.0";
sha256 = "15p5xvl6ryj5silpd2yrmjjh0d4qf89v8x6zbq8x7j351a1fljak"; sha256 = "068ap0sw17xmrfvri1yx70qdi8i5h0qhsm9bakm532xjxlgmaxpv";
}; };
opsgenie = opsgenie =
{ {
@ -459,8 +459,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-oraclepaas"; repo = "terraform-provider-oraclepaas";
version = "1.5.1"; version = "1.5.2";
sha256 = "0xyyhr2n1aw1qn90535llv72cdgdqpni9l4gn8sj0ligpjhba7qz"; sha256 = "0m886wfg5ski8s1zr7g1h1m6q5ai08jk35ymipxpb6ipx781qvvk";
}; };
ovh = ovh =
{ {
@ -473,8 +473,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-packet"; repo = "terraform-provider-packet";
version = "1.7.2"; version = "2.1.0";
sha256 = "103r0k626ham8wh7rwlx1hald4rik17mv2mcfjz9za65v7z139vr"; sha256 = "0hj8av0yry0wsi8fwgs0z9x9jxcnxz8imsanbdsrhb8lsj70n25v";
}; };
pagerduty = pagerduty =
{ {
@ -529,8 +529,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-random"; repo = "terraform-provider-random";
version = "2.1.1"; version = "2.1.2";
sha256 = "0ivmxacb9pzz7av2rr6jal5vwdv24689a2806nqvvzdy2s8mlzd3"; sha256 = "102bgd8s9yhm2ny2akv04mhwf5mphqhsxx9vxjbg7ygqnz9ka5nw";
}; };
rightscale = rightscale =
{ {
@ -585,8 +585,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-spotinst"; repo = "terraform-provider-spotinst";
version = "1.11.0"; version = "1.13.2";
sha256 = "10q1w66gbx6863797n6n15xx4llflmavrz2qk23pb8qd5pbni9bk"; sha256 = "1v3vgnspg3g0hvwzfplyvl37jxpc9m6hcsnmw6lkfqr57dy4dhlc";
}; };
statuscake = statuscake =
{ {
@ -606,15 +606,15 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-template"; repo = "terraform-provider-template";
version = "2.1.1"; version = "2.1.2";
sha256 = "182kdkbmnihpawvgfpxavg8vbczizw5mlkwp828ap0baqs09ai8i"; sha256 = "18w1mmma81m9j7yf6q500w8v9ss28w6sw2ynssl99pyw2gwmd04q";
}; };
tencentcloud = tencentcloud =
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-tencentcloud"; repo = "terraform-provider-tencentcloud";
version = "1.4.0"; version = "1.5.0";
sha256 = "1gqxvd5ss2cg49856nj3srirny1298l3fla506r7v8xf9ybkzpb4"; sha256 = "04psgirl78klbpzllcvzl510j66jcavxmi9zxnwmmmw128a3dig2";
}; };
terraform = terraform =
{ {
@ -634,8 +634,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-tls"; repo = "terraform-provider-tls";
version = "1.2.0"; version = "2.0.1";
sha256 = "0hvj00j8a820j18yi90xzhd635pkffivp1116d84wyqxya5acd4p"; sha256 = "08fh4k5fvkijl2ds8mxdc5fxlwhs11y5s48vvxdskklvkjhygzc7";
}; };
triton = triton =
{ {
@ -662,8 +662,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-vault"; repo = "terraform-provider-vault";
version = "1.7.0"; version = "1.8.0";
sha256 = "133ximk510kchr34zicpnp4da27nxvzab2nd8dqpf4sqg2z83i0y"; sha256 = "1g9cw14mzslb445yhj04dzs0s4cbhi4cxycd50vc3f9yyg6sz1rr";
}; };
vcd = vcd =
{ {
@ -683,8 +683,8 @@
{ {
owner = "terraform-providers"; owner = "terraform-providers";
repo = "terraform-provider-yandex"; repo = "terraform-provider-yandex";
version = "0.4.1"; version = "0.5.2";
sha256 = "0lvj7xlzqc6wfv1xpc4qc1gnk3wvcvnifbf4mqgjglz35cf697bb"; sha256 = "1fa1jicirww0zxg5kw4343ndzq86x0m7gkfj8yx7l6lb6gcrkbic";
}; };
matchbox = matchbox =
{ {

4
pkgs/applications/networking/cluster/terraform/default.nix
View File

@ -97,8 +97,8 @@ in rec {
terraform_0_11-full = terraform_0_11.full; terraform_0_11-full = terraform_0_11.full;
terraform_0_12 = pluggable (generic { terraform_0_12 = pluggable (generic {
version = "0.12.0-beta1"; version = "0.12.0-rc1";
sha256 = "0djakf2agbhpfqis4x0lf2i8s1ahvrdyfkcgr6lzp0nsks652rcm"; sha256 = "1ap1q5bixkzshnwy8xyfh768qwg3y4pcjzaiajzn2icjf4ay5nqm";
patches = [ ./provider-path.patch ]; patches = [ ./provider-path.patch ];
passthru = { inherit plugins; }; passthru = { inherit plugins; };
}); });

28
pkgs/applications/networking/instant-messengers/chatterino2/default.nix Normal file
View File

@ -0,0 +1,28 @@
{ stdenv, pkgconfig, fetchFromGitHub, qtbase, qtsvg, qtmultimedia, qmake, boost, openssl }:
stdenv.mkDerivation rec {
pname = "chatterino2";
version = "unstable-2019-05-11";
src = fetchFromGitHub {
owner = "fourtf";
repo = pname;
rev = "8c46cbf571dc8fd77287bf3186445ff52b1d1aaf";
sha256 = "0i2385hamhd9i7jdy906cfrd81cybw524j92l87c8pzrkxphignk";
fetchSubmodules = true;
};
nativeBuildInputs = [ qmake pkgconfig ];
buildInputs = [ qtbase qtsvg qtmultimedia boost openssl ];
meta = with stdenv.lib; {
description = "A chat client for Twitch chat";
longDescription = ''
Chatterino is a chat client for Twitch chat. It aims to be an
improved/extended version of the Twitch web chat. Chatterino 2 is
the second installment of the Twitch chat client series
"Chatterino".
'';
homepage = "https://github.com/fourtf/chatterino2";
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ rexim ];
};
}

23
pkgs/applications/networking/instant-messengers/ekiga/default.nix
View File

@ -5,10 +5,11 @@
, libXrandr, which, libxslt, libtasn1, gmp, nettle, sqlite, makeWrapper }: , libXrandr, which, libxslt, libtasn1, gmp, nettle, sqlite, makeWrapper }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "ekiga-4.0.1"; pname = "ekiga";
version = "4.0.1";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/ekiga/4.0/${name}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "5f4f491c9496cf65ba057a9345d6bb0278f4eca07bcda5baeecf50bfcd9a4a3b"; sha256 = "5f4f491c9496cf65ba057a9345d6bb0278f4eca07bcda5baeecf50bfcd9a4a3b";
}; };
@ -52,17 +53,21 @@ stdenv.mkDerivation rec {
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
''; '';
meta = with stdenv.lib; {
description = "VOIP/Videoconferencing app with full SIP and H.323 support";
maintainers = [ maintainers.raskin ];
platforms = platforms.linux;
license = licenses.gpl2Plus;
};
passthru = { passthru = {
updateInfo = { updateInfo = {
downloadPage = "mirror://gnome/sources/ekiga"; downloadPage = "mirror://gnome/sources/ekiga";
}; };
updateScript = gnome3.updateScript {
packageName = pname;
};
};
meta = with stdenv.lib; {
description = "VOIP/Videoconferencing app with full SIP and H.323 support";
homepage = "https://www.ekiga.org/";
maintainers = [ maintainers.raskin ];
platforms = platforms.linux;
license = licenses.gpl2Plus;
}; };
} }

30
pkgs/applications/networking/instant-messengers/pidgin-plugins/sipe/default.nix
View File

@ -1,24 +1,24 @@
{ stdenv, fetchurl, pidgin, intltool, libxml2, nss, nspr }: { stdenv, fetchurl, pidgin, intltool, libxml2, gmime, nss }:
let version = "1.23.3"; in stdenv.mkDerivation rec {
pname = "pidgin-sipe";
stdenv.mkDerivation { version = "1.24.0";
name = "pidgin-sipe-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/sipe/pidgin-sipe-${version}.tar.gz"; url = "mirror://sourceforge/sipe/${pname}-${version}.tar.gz";
sha256 = "0aaiblnagncb0lhdwb8qbps6hxxmyfjg7sdi15lrkl98i3fahg4n"; sha256 = "04cxprz6dbcsc4n2jg72mr1r9630nhrywn0zim9kwvbgps3wdd9c";
}; };
meta = with stdenv.lib; { nativeBuildInputs = [ intltool ];
description = "SIPE plugin for Pidgin IM"; buildInputs = [ pidgin gmime libxml2 nss ];
homepage = http://sipe.sourceforge.net/; enableParallelBuilding = true;
license = licenses.gpl2;
platforms = platforms.linux;
};
postInstall = "find $out -ls; ln -s \$out/lib/purple-2 \$out/share/pidgin-sipe"; postInstall = "find $out -ls; ln -s \$out/lib/purple-2 \$out/share/pidgin-sipe";
buildInputs = [ pidgin intltool libxml2 nss nspr ]; meta = with stdenv.lib; {
description = "SIPE plugin for Pidgin IM";
homepage = "http://sipe.sourceforge.net/";
license = licenses.gpl2;
platforms = platforms.linux;
};
} }

2
pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json
View File

@ -2,7 +2,7 @@
"name": "riot-web", "name": "riot-web",
"productName": "Riot", "productName": "Riot",
"main": "src/electron-main.js", "main": "src/electron-main.js",
"version": "1.0.8", "version": "1.1.0",
"description": "A feature-rich client for Matrix.org", "description": "A feature-rich client for Matrix.org",
"author": "New Vector Ltd.", "author": "New Vector Ltd.",
"dependencies": { "dependencies": {

4
pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix
View File

@ -7,12 +7,12 @@ with (import ./yarn2nix.nix { inherit pkgs; });
let let
executableName = "riot-desktop"; executableName = "riot-desktop";
version = "1.0.8"; version = "1.1.0";
riot-web-src = fetchFromGitHub { riot-web-src = fetchFromGitHub {
owner = "vector-im"; owner = "vector-im";
repo = "riot-web"; repo = "riot-web";
rev = "v${version}"; rev = "v${version}";
sha256 = "1krp608wxff1siih8zknc425n0qb6qjzf854fnp7qyjp1cnfc9sb"; sha256 = "0h1rr70jg64v824k31mvb93nfssr572xlyicc8yh91bl7hdh342x";
}; };
in mkYarnPackage rec { in mkYarnPackage rec {

4
pkgs/applications/networking/instant-messengers/riot/riot-web.nix
View File

@ -6,11 +6,11 @@
let configFile = writeText "riot-config.json" conf; in let configFile = writeText "riot-config.json" conf; in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name= "riot-web-${version}"; name= "riot-web-${version}";
version = "1.0.8"; version = "1.1.0";
src = fetchurl { src = fetchurl {
url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz"; url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz";
sha256 = "010m8b4lfnfi70d4v205wk3i4xhnsz7zkrdqrvw3si14xqy6192r"; sha256 = "14ap57hv1c5nh17771l39inpa5yacpyckzqcmjlbrb57illakwrd";
}; };
installPhase = '' installPhase = ''

9
pkgs/applications/networking/instant-messengers/slack/default.nix
View File

@ -1,7 +1,7 @@
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper { darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper , alsaLib, atk, cairo,
, alsaLib, atk, cairo, cups, curl, dbus, expat, fontconfig, freetype, glib cups, curl, dbus, expat, fontconfig, freetype, glib , gnome2, gtk3, gdk_pixbuf,
, gnome2, gtk3, gdk_pixbuf, libnotify, libxcb, nspr, nss, pango libappindicator-gtk3, libnotify, libxcb, nspr, nss, pango , systemd, xorg,
, systemd, xorg, at-spi2-atk }: at-spi2-atk }:
let let
@ -25,6 +25,7 @@ let
pango pango
libnotify libnotify
libxcb libxcb
libappindicator-gtk3
nspr nspr
nss nss
stdenv.cc.cc stdenv.cc.cc

8
pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
View File

@ -4,11 +4,11 @@ let
mkTelegram = args: qt5.callPackage (import ./generic.nix args) { }; mkTelegram = args: qt5.callPackage (import ./generic.nix args) { };
stableVersion = { stableVersion = {
stable = true; stable = true;
version = "1.6.7"; version = "1.7.0";
sha256Hash = "1537div6pky7wz3lansz67vsx2h6b653cx91xg9sswnxfsf8nrql"; sha256Hash = "1plfby243hf65wjmppq1qnqmp25pgi4x3awqd4h83ly9hn8qdwfk";
# svn log svn://svn.archlinux.org/community/telegram-desktop/trunk # svn log svn://svn.archlinux.org/community/telegram-desktop/trunk
archPatchesRevision = "429149"; archPatchesRevision = "464796";
archPatchesHash = "1ylpi9kb6hk27x9wmna4ing8vzn9b7247iya91pyxxrpxrcrhpli"; archPatchesHash = "1bq7r69k3i9p1csdsca0w41jyz6fbyn4qriv3lg7s28j9s803kw8";
}; };
in { in {
stable = mkTelegram stableVersion; stable = mkTelegram stableVersion;

4
pkgs/applications/networking/p2p/qbittorrent/default.nix
View File

@ -10,13 +10,13 @@ with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "qbittorrent-${version}"; name = "qbittorrent-${version}";
version = "4.1.5"; version = "4.1.6";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "qbittorrent"; owner = "qbittorrent";
repo = "qbittorrent"; repo = "qbittorrent";
rev = "release-${version}"; rev = "release-${version}";
sha256 = "09zcygaxfv9g6av0vsvlyzv4v65wvj766xyfx31yz5ig3xan6ak1"; sha256 = "1y9kv84sy5fg64wbl4xpm8qh0hjba7ibk045cazp0m736rjmxk8c";
}; };
# NOTE: 2018-05-31: CMake is working but it is not officially supported # NOTE: 2018-05-31: CMake is working but it is not officially supported

4
pkgs/applications/networking/p2p/tixati/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "tixati-${version}"; name = "tixati-${version}";
version = "2.59"; version = "2.61";
src = fetchurl { src = fetchurl {
url = "https://download2.tixati.com/download/tixati-${version}-1.x86_64.manualinstall.tar.gz"; url = "https://download2.tixati.com/download/tixati-${version}-1.x86_64.manualinstall.tar.gz";
sha256 = "0vf5y9kj2g7psgdzv2r46jdh5krdps838ca4wwwxi0dd1mwa65my"; sha256 = "05f8lcsac2mr90bhk999qkj8wwd6igdl07389bqrd1ydjasacl2k";
}; };
installPhase = '' installPhase = ''

6
pkgs/applications/networking/sniffers/wireshark/default.nix
View File

@ -14,7 +14,8 @@ let
variant = if withQt then "qt" else "cli"; variant = if withQt then "qt" else "cli";
in stdenv.mkDerivation { in stdenv.mkDerivation {
name = "wireshark-${variant}-${version}"; pname = "wireshark-${variant}";
inherit version;
outputs = [ "out" "dev" ]; outputs = [ "out" "dev" ];
src = fetchurl { src = fetchurl {
@ -24,7 +25,6 @@ in stdenv.mkDerivation {
cmakeFlags = [ cmakeFlags = [
"-DBUILD_wireshark=${if withQt then "ON" else "OFF"}" "-DBUILD_wireshark=${if withQt then "ON" else "OFF"}"
"-DENABLE_QT5=${if withQt then "ON" else "OFF"}"
"-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}" "-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
]; ];
@ -95,6 +95,8 @@ in stdenv.mkDerivation {
enableParallelBuilding = true; enableParallelBuilding = true;
dontFixCmake = true;
shellHook = '' shellHook = ''
# to be able to run the resulting binary # to be able to run the resulting binary
export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1

4
pkgs/applications/networking/syncthing/default.nix
View File

@ -3,14 +3,14 @@
let let
common = { stname, target, postInstall ? "" }: common = { stname, target, postInstall ? "" }:
buildGoPackage rec { buildGoPackage rec {
version = "1.1.1"; version = "1.1.3";
name = "${stname}-${version}"; name = "${stname}-${version}";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "syncthing"; owner = "syncthing";
repo = "syncthing"; repo = "syncthing";
rev = "v${version}"; rev = "v${version}";
sha256 = "1nkc4ivc8mg9c1njqlkhb9i5f4c1via1rdqfbhwgkj86s6cnxrg7"; sha256 = "00jshqa0nkwj06bfq16p359ss6nl6h49s31hag79wl9gwkca38va";
}; };
goPackagePath = "github.com/syncthing/syncthing"; goPackagePath = "github.com/syncthing/syncthing";

15
pkgs/applications/networking/vnstat/default.nix
View File

@ -1,20 +1,25 @@
{ stdenv, fetchurl, gd, ncurses, sqlite }: { stdenv, fetchurl, pkgconfig, gd, ncurses, sqlite, check }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "vnstat-${version}"; pname = "vnstat";
version = "2.2"; version = "2.2";
src = fetchurl { src = fetchurl {
sha256 = "0b7020rlc568pz6vkiy28kl8493z88wzrn18wv9b0iq2bv1pn2n6"; sha256 = "0b7020rlc568pz6vkiy28kl8493z88wzrn18wv9b0iq2bv1pn2n6";
url = "https://humdi.net/vnstat/${name}.tar.gz"; url = "https://humdi.net/${pname}/${pname}-${version}.tar.gz";
}; };
buildInputs = [ gd ncurses sqlite ];
postPatch = '' postPatch = ''
substituteInPlace src/cfg.c --replace /usr/local $out substituteInPlace src/cfg.c --replace /usr/local $out
''; '';
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ gd ncurses sqlite ];
checkInputs = [ check ];
doCheck = true;
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Console-based network statistics utility for Linux"; description = "Console-based network statistics utility for Linux";
longDescription = '' longDescription = ''

14
pkgs/applications/office/kmymoney/default.nix
View File

@ -5,6 +5,8 @@
, kcmutils, kcontacts, kdewebkit, kdiagram, kholidays, kidentitymanagement , kcmutils, kcontacts, kdewebkit, kdiagram, kholidays, kidentitymanagement
, kitemmodels, libical, libofx, qgpgme , kitemmodels, libical, libofx, qgpgme
, sqlcipher
# Needed for running tests: # Needed for running tests:
, qtbase, xvfb_run , qtbase, xvfb_run
@ -14,20 +16,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "kmymoney-${version}"; name = "kmymoney-${version}";
version = "5.0.1"; version = "5.0.4";
src = fetchurl { src = fetchurl {
url = "mirror://kde/stable/kmymoney/${version}/src/${name}.tar.xz"; url = "mirror://kde/stable/kmymoney/${version}/src/${name}.tar.xz";
sha256 = "1c9apnvc07y17pzy4vygry1dai5ass2z7j354lrcppa85b18yvnx"; sha256 = "06lbavhl9b8cybnss2mmy3g5w8qn2vl6zhipvbl11lsr3j9bsa8q";
}; };
# Fix build with Qt 5.11.
patches = lib.singleton (fetchpatch {
url = "https://cgit.kde.org/kmymoney.git/patch/?id="
+ "e5198a902996b27bf9abde0ad24af82d55ab5dc1";
sha256 = "1h2f1xznf7343s26fh94x8n2ci0pijk5j86f24lvghawsw848316";
});
# Hidden dependency that wasn't included in CMakeLists.txt: # Hidden dependency that wasn't included in CMakeLists.txt:
NIX_CFLAGS_COMPILE = "-I${kitemmodels.dev}/include/KF5"; NIX_CFLAGS_COMPILE = "-I${kitemmodels.dev}/include/KF5";
@ -41,6 +36,7 @@ stdenv.mkDerivation rec {
akonadi alkimia aqbanking gmp gwenhywfar kactivities karchive kcmutils akonadi alkimia aqbanking gmp gwenhywfar kactivities karchive kcmutils
kcontacts kdewebkit kdiagram kholidays kidentitymanagement kitemmodels kcontacts kdewebkit kdiagram kholidays kidentitymanagement kitemmodels
libical libofx qgpgme libical libofx qgpgme
sqlcipher
# Put it into buildInputs so that CMake can find it, even though we patch # Put it into buildInputs so that CMake can find it, even though we patch
# it into the interface later. # it into the interface later.

6
pkgs/applications/office/mendeley/default.nix
View File

@ -42,14 +42,14 @@ let
then "i386" then "i386"
else "amd64"; else "amd64";
shortVersion = "1.19.1-stable"; shortVersion = "1.19.5-stable";
version = "${shortVersion}_${arch}"; version = "${shortVersion}_${arch}";
url = "http://desktop-download.mendeley.com/download/apt/pool/main/m/mendeleydesktop/mendeleydesktop_${version}.deb"; url = "http://desktop-download.mendeley.com/download/apt/pool/main/m/mendeleydesktop/mendeleydesktop_${version}.deb";
sha256 = if stdenv.hostPlatform.system == arch32 sha256 = if stdenv.hostPlatform.system == arch32
then "0fcyl5i8xdgb5j0x1643qc0j74d8p11jczvqmgqkqh0wgid1y1ad" then "01x83a44qlxi937b128y8y0px0q4w37g72z652lc42kv50dhyy3f"
else "1dzwa2cnn9xakrhhq159fhh71gw5wlbf017rrikdlia694m8akq6"; else "1cagqq0xziznaj97z30bqfhrwjv3a4h83ckhwigq35nhk1ggq1ry";
deps = [ deps = [
qtbase qtbase

4
pkgs/applications/science/biology/eggnog-mapper/default.nix
View File

@ -12,8 +12,8 @@ python27Packages.buildPythonApplication rec {
}; };
patches = (fetchpatch { patches = (fetchpatch {
url = https://github.com/eggnogdb/eggnog-mapper/pull/125/commits/b7828e4c8c1c453e391aef050f06ff3f84ff9faf.patch; url = "https://github.com/eggnogdb/eggnog-mapper/commit/6972f601ade85b65090efca747d2302acb58507f.patch";
sha256 = "0nz1a7ybm4j5c7vdm3annnxz9036iam2044hia341a0am9wydmzk"; sha256 = "0abnmn0bh11jihf5d3cggiild1ykawzv5f5fhb4cyyi8fvy4hcxf";
}); });
buildInputs = [ makeWrapper ]; buildInputs = [ makeWrapper ];

4
pkgs/applications/science/biology/minimap2/default.nix
View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "minimap2"; pname = "minimap2";
version = "2.16"; version = "2.17";
src = fetchFromGitHub { src = fetchFromGitHub {
repo = pname; repo = pname;
owner = "lh3"; owner = "lh3";
rev = "v${version}"; rev = "v${version}";
sha256 = "1ggm5psv3gwsz627ik9kl6ry9gzgmfsvya6ni0gv6ahwlrhdim73"; sha256 = "0qdwlkib3aa6112372hdgvnvk86hsjjkhjar0p53pq4ajrr2cdlb";
}; };
buildInputs = [ zlib ]; buildInputs = [ zlib ];

5
pkgs/applications/science/logic/symbiyosys/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, yosys, python3 }: { stdenv, fetchFromGitHub, yosys, bash, python3 }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "symbiyosys-${version}"; name = "symbiyosys-${version}";
@ -26,6 +26,9 @@ stdenv.mkDerivation rec {
substituteInPlace $out/bin/sby \ substituteInPlace $out/bin/sby \
--replace "##yosys-sys-path##" \ --replace "##yosys-sys-path##" \
"sys.path += [p + \"/share/yosys/python3/\" for p in [\"$out\", \"${yosys}\"]]" "sys.path += [p + \"/share/yosys/python3/\" for p in [\"$out\", \"${yosys}\"]]"
substituteInPlace $out/share/yosys/python3/sby_core.py \
--replace "/bin/bash" \
"${bash}/bin/bash"
''; '';
meta = { meta = {
description = "Tooling for Yosys-based verification flows"; description = "Tooling for Yosys-based verification flows";

4
pkgs/applications/science/logic/tptp/default.nix
View File

@ -6,8 +6,8 @@ stdenv.mkDerivation rec {
src = fetchurl { src = fetchurl {
urls = [ urls = [
"http://www.cs.miami.edu/~tptp/TPTP/Distribution/TPTP-v${version}.tgz" "http://tptp.cs.miami.edu/TPTP/Distribution/TPTP-v${version}.tgz"
"http://www.cs.miami.edu/~tptp/TPTP/Archive/TPTP-v${version}.tgz" "http://tptp.cs.miami.edu/TPTP/Archive/TPTP-v${version}.tgz"
]; ];
sha256 = "0yq8452b6mym4yscy46pshg0z2my8xi74b5bp2qlxd5bjwcrg6rl"; sha256 = "0yq8452b6mym4yscy46pshg0z2my8xi74b5bp2qlxd5bjwcrg6rl";
}; };

6
pkgs/applications/science/logic/vampire/default.nix
View File

@ -8,9 +8,9 @@ stdenv.mkDerivation rec {
owner = "vprover"; owner = "vprover";
repo = "vampire"; repo = "vampire";
rev = version; rev = version;
sha256 = "0d1klprlgqrcn8r5ywgvsahr4qz96ayl67ry5jks946v0k94m1k1"; sha256 = "03dqjxr3cwz4h6sn9074kc6b6wjz12kpsvsi0mq2w0j5l9f8d80y";
fetchSubmodules = true; #fetchSubmodules = true;
leaveDotGit = true; #leaveDotGit = true;
}; };
nativeBuildInputs = [ git ]; nativeBuildInputs = [ git ];

10
pkgs/applications/science/math/cbc/default.nix
View File

@ -1,11 +1,12 @@
{ lib, stdenv, fetchurl, zlib, bzip2 }: { lib, stdenv, fetchurl, zlib, bzip2 }:
stdenv.mkDerivation { stdenv.mkDerivation rec {
name = "cbc-2.9.9"; pname = "cbc";
version = "2.10.2";
src = fetchurl { src = fetchurl {
url = "https://www.coin-or.org/download/source/Cbc/Cbc-2.9.9.tgz"; url = "https://www.coin-or.org/download/source/Cbc/Cbc-${version}.tgz";
sha256 = "1w8axdzm05xf5y13c31w7rc5z6ywxqxiwafnxcq3p195kgj0915a"; sha256 = "0frbxkh6nbh46kaxsx5bmzridgip3v7aq75l8yak5npiiq4jlwv3";
}; };
configureFlags = [ "-C" ]; configureFlags = [ "-C" ];
@ -23,6 +24,7 @@ stdenv.mkDerivation {
license = lib.licenses.epl10; license = lib.licenses.epl10;
maintainers = [ lib.maintainers.eelco ]; maintainers = [ lib.maintainers.eelco ];
platforms = lib.platforms.linux ++ lib.platforms.darwin; platforms = lib.platforms.linux ++ lib.platforms.darwin;
broken = stdenv.isAarch64; # Missing <immintrin.h> after 2.10.0
description = "A mixed integer programming solver"; description = "A mixed integer programming solver";
}; };
} }

4
pkgs/applications/science/math/pynac/default.nix
View File

@ -9,14 +9,14 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "0.7.24"; version = "0.7.25";
pname = "pynac"; pname = "pynac";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "pynac"; owner = "pynac";
repo = "pynac"; repo = "pynac";
rev = "pynac-${version}"; rev = "pynac-${version}";
sha256 = "0i3qxww28576jim0abgkqy9mi2k0lfllgyx8xpfqsqb75ai970ik"; sha256 = "0nnifvg6kzx0lq6gz7znind8g30v3d2pjfwgsdiks3vv9kv9nbj3";
}; };
buildInputs = [ buildInputs = [

8
pkgs/applications/science/math/sage/sage-src.nix
View File

@ -141,6 +141,14 @@ stdenv.mkDerivation rec {
url = "https://git.sagemath.org/sage.git/patch/?h=8b7dbd0805d02d0e8674a272e161ceb24a637966"; url = "https://git.sagemath.org/sage.git/patch/?h=8b7dbd0805d02d0e8674a272e161ceb24a637966";
sha256 = "1c81f13z1w62s06yvp43gz6vkp8mxcs289n6l4gj9xj10slimzff"; sha256 = "1c81f13z1w62s06yvp43gz6vkp8mxcs289n6l4gj9xj10slimzff";
}) })
# https://trac.sagemath.org/ticket/26932
(fetchSageDiff {
name = "givaro-4.1.0_fflas-ffpack-2.4.0_linbox-1.6.0.patch";
base = "8.8.beta4";
rev = "c11d9cfa23ff9f77681a8f12742f68143eed4504";
sha256 = "0xzra7mbgqvahk9v45bjwir2mqz73hrhhy314jq5nxrb35ysdxyi";
})
]; ];
patches = nixPatches ++ bugfixPatches ++ packageUpgradePatches; patches = nixPatches ++ bugfixPatches ++ packageUpgradePatches;

6
pkgs/applications/science/robotics/apmplanner2/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "apmplanner2-${version}"; name = "apmplanner2-${version}";
# TODO revert Qt59 to Qt5 in pkgs/top-level/all-packages.nix on next release # TODO revert Qt511 to Qt5 in pkgs/top-level/all-packages.nix on next release
version = "2.0.26"; version = "2.0.27-rc1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ArduPilot"; owner = "ArduPilot";
repo = "apm_planner"; repo = "apm_planner";
rev = "${version}"; rev = "${version}";
sha256 = "0bnyi1r8k8ij5sq2zqv7mfbrxm0xdw97qrx3sk4rinqv2g6h6di4"; sha256 = "1k0786mjzi49nb6yw4chh9l4dmkf9gybpxg9zqkr5yg019nyzcvd";
}; };
qtInputs = [ qtInputs = [

51
pkgs/applications/version-management/git-and-tools/fast-export/default.nix
View File

@ -1,41 +1,42 @@
{stdenv, fetchgit, mercurial, makeWrapper, subversion}: {stdenv, fetchgit, mercurial, makeWrapper}:
with stdenv.lib; stdenv.mkDerivation rec {
stdenv.mkDerivation { pname = "fast-export";
name = "fast-export"; version = "190107";
src = fetchgit { src = fetchgit {
url = git://repo.or.cz/fast-export.git; url = git://repo.or.cz/fast-export.git;
rev = "d202200fd9daa75cdb37d4cf067d4ca00e269535"; rev = "v${version}";
sha256 = "0m4llsg9rx4sza1kf39kxsdvhi6y87a18wm5k19c5r2h3vpylwcc"; sha256 = "14azfps9jd5anivcvfwflgsvqdyy6gm9jy284kzx2ng9f7871d14";
}; };
buildInputs = [mercurial.python mercurial makeWrapper subversion]; buildInputs = [mercurial.python mercurial makeWrapper];
dontBuild = true; # skip svn for now
# TODO also support svn stuff
# moving .py files into lib directory so that you can't pick the wrong file from PATH.
# This requires redefining ROOT
installPhase = '' installPhase = ''
sed -i "s@/usr/bin/env.*@$(type -p python)@" *.py binPath=$out/bin
l=$out/libexec/git-fast-export libexecPath=$out/libexec/${pname}
mkdir -p $out/{bin,doc/git-fast-export} $l sitepackagesPath=$out/${mercurial.python.sitePackages}
sed -i "s@ROOT=.*@ROOT=$l@" *.sh mkdir -p $binPath $libexecPath $sitepackagesPath
mv *.sh $out/bin
mv *.py $l # Patch shell scripts so they can execute the Python scripts
for p in $out/bin/*.sh; do sed -i "s|ROOT=.*|ROOT=$libexecPath|" *.sh
wrapProgram $p \
--prefix PYTHONPATH : "$(echo ${mercurial}/lib/python*/site-packages):$(echo ${mercurial.python}/lib/python*/site-packages)${stdenv.lib.concatMapStrings (x: ":$(echo ${x}/lib/python*/site-packages)") mercurial.pythonPackages or []}" \ mv hg-fast-export.sh hg-reset.sh $binPath
--prefix PATH : "$(dirname $(type -p python))":$l mv hg-fast-export.py hg-reset.py $libexecPath
mv hg2git.py pluginloader plugins $sitepackagesPath
for script in $out/bin/*.sh; do
wrapProgram $script \
--prefix PATH : "${mercurial.python}/bin":$libexec \
--prefix PYTHONPATH : "${mercurial}/${mercurial.python.sitePackages}":$sitepackagesPath
done done
''; '';
meta = { meta = with stdenv.lib; {
description = "Import svn, mercurial into git"; description = "Import mercurial into git";
homepage = https://repo.or.cz/w/fast-export.git; homepage = https://repo.or.cz/w/fast-export.git;
license = licenses.gpl2; license = licenses.gpl2;
maintainers = [ maintainers.koral ]; maintainers = [ maintainers.koral ];
platforms = stdenv.lib.platforms.unix; platforms = platforms.unix;
}; };
} }

Some files were not shown because too many files have changed in this diff Show More