dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
Frederik Rietdijk 2019-05-14 10:23:13 +02:00
commit 8abe5ee07e
307 changed files with 3534 additions and 1507 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
maintainers/maintainer-list.nix
View File

@ -4967,6 +4967,11 @@
github = "ctheune";
name = "Christian Theune";
};
thiagokokada = {
email = "thiagokokada@gmail.com";
github = "thiagokokada";
name = "Thiago K. Okada";
};
ThomasMader = {
email = "thomas.mader@gmail.com";
github = "ThomasMader";

5
nixos/modules/config/malloc.nix
View File

@ -54,9 +54,7 @@ in
default = "libc";
description = ''
The system-wide memory allocator.
</para>
<para>
Briefly, the system-wide memory allocator providers are:
<itemizedlist>
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
@ -64,7 +62,6 @@ in
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
providers)}
</itemizedlist>
</para>
<warning>
<para>
@ -79,8 +76,6 @@ in
Changing this option does not affect the current session.
</para>
</note>
<para>
'';
};
};

3
nixos/modules/rename.nix
View File

@ -234,6 +234,9 @@ with lib;
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]

18
nixos/modules/security/misc.nix
View File

@ -13,23 +13,17 @@ with lib;
default = true;
description = ''
Whether to allow creation of user namespaces.
</para>
<para>
The motivation for disabling user namespaces is the potential
presence of code paths where the kernel's permission checking
logic fails to account for namespacing, instead permitting a
namespaced process to act outside the namespace with the same
privileges as it would have inside it. This is particularly
damaging in the common case of running as root within the namespace.
</para>
<para>
When user namespace creation is disallowed, attempting to create a
user namespace fails with "no space left on device" (ENOSPC).
root may re-enable user namespace creation at runtime.
</para>
<para>
'';
};
@ -48,21 +42,15 @@ with lib;
Whether to allow SMT/hyperthreading. Disabling SMT means that only
physical CPU cores will be usable at runtime, potentially at
significant performance cost.
</para>
<para>
The primary motivation for disabling SMT is to mitigate the risk of
leaking data between threads running on the same CPU core (due to
e.g., shared caches). This attack vector is unproven.
</para>
<para>
Disabling SMT is a supplement to the L1 data cache flushing mitigation
(see <xref linkend="opt-security.virtualization.flushL1DataCache"/>)
versus malicious VM guests (SMT could "bring back" previously flushed
data).
</para>
<para>
'';
};
@ -73,10 +61,8 @@ with lib;
Whether the hypervisor should flush the L1 data cache before
entering guests.
See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>.
</para>
<para>
<variablelist>
<variablelist>
<varlistentry>
<term><literal>null</literal></term>
<listitem><para>uses the kernel default</para></listitem>
@ -98,7 +84,7 @@ with lib;
enters the guest. May incur significant performance cost.
</para></listitem>
</varlistentry>
</variablelist>
</variablelist>
'';
};
};

27
nixos/modules/services/backup/znapzend.nix
View File

@ -7,28 +7,23 @@ let
planDescription = ''
The znapzend backup plan to use for the source.
</para>
<para>
The plan specifies how often to backup and for how long to keep the
backups. It consists of a series of retention periodes to interval
associations:
</para>
<para>
<literal>
retA=>intA,retB=>intB,...
</literal>
</para>
<para>
Both intervals and retention periods are expressed in standard units
of time or multiples of them. You can use both the full name or a
shortcut according to the following listing:
</para>
<para>
Both intervals and retention periods are expressed in standard units
of time or multiples of them. You can use both the full name or a
shortcut according to the following listing:
<literal>
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
</literal>
</para>
<para>
See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.
'';
planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";
@ -139,12 +134,10 @@ let
type = nullOr ints.u16;
description = ''
Port to use for <command>mbuffer</command>.
</para>
<para>
If this is null, it will run <command>mbuffer</command> through
ssh.
</para>
<para>
If this is not null, it will run <command>mbuffer</command>
directly through TCP, which is not encrypted but faster. In that
case the given port needs to be open on the destination host.

20
nixos/modules/services/security/fprintd.nix
View File

@ -26,28 +26,20 @@ in
};
};
};
###### implementation
config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.fprintd ];
environment.systemPackages = [ pkgs.fprintd ];
systemd.services.fprintd = {
description = "Fingerprint Authentication Daemon";
serviceConfig = {
Type = "dbus";
BusName = "net.reactivated.Fprint";
ExecStart = "${pkgs.fprintd}/libexec/fprintd";
};
};
systemd.packages = [ pkgs.fprintd ];
};
}

340
nixos/modules/system/boot/binfmt.nix
View File

@ -1,8 +1,8 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
inherit (lib) mkOption types optionalString;
cfg = config.boot.binfmtMiscRegistrations;
cfg = config.boot.binfmt;
makeBinfmtLine = name: { recognitionType, offset, magicOrExtension
, mask, preserveArgvZero, openBinary
@ -13,125 +13,249 @@ let
mask' = toString mask;
interpreter = "/run/binfmt/${name}";
flags = if !(matchCredentials -> openBinary)
then throw "boot.binfmtMiscRegistrations.${name}: you can't specify openBinary = false when matchCredentials = true."
then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."
else optionalString preserveArgvZero "P" +
optionalString (openBinary && !matchCredentials) "O" +
optionalString matchCredentials "C" +
optionalString fixBinary "F";
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
binfmtFile = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine cfg));
activationSnippet = name: { interpreter, ... }:
"ln -sf ${interpreter} /run/binfmt/${name}";
activationScript = ''
mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet cfg)}
'';
in {
options = {
boot.binfmtMiscRegistrations = mkOption {
default = {};
description = ''
Extra binary formats to register with the kernel.
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
'';
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
recognitionType = mkOption {
default = "magic";
description = "Whether to recognize executables by magic number or extension.";
type = types.enum [ "magic" "extension" ];
};
offset = mkOption {
default = null;
description = "The byte offset of the magic number used for recognition.";
type = types.nullOr types.int;
};
magicOrExtension = mkOption {
description = "The magic number or extension to match on.";
type = types.str;
};
mask = mkOption {
default = null;
description =
"A mask to be ANDed with the byte sequence of the file before matching";
type = types.nullOr types.str;
};
interpreter = mkOption {
description = ''
The interpreter to invoke to run the program.
Note that the actual registration will point to
/run/binfmt/''${name}, so the kernel interpreter length
limit doesn't apply.
'';
type = types.path;
};
preserveArgvZero = mkOption {
default = false;
description = ''
Whether to pass the original argv[0] to the interpreter.
See the description of the 'P' flag in the kernel docs
for more details;
'';
type = types.bool;
};
openBinary = mkOption {
default = config.matchCredentials;
description = ''
Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
'';
type = types.bool;
};
matchCredentials = mkOption {
default = false;
description = ''
Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit).
See the description of the 'C' flag in the kernel docs
for more details.
Implies/requires openBinary = true.
'';
type = types.bool;
};
fixBinary = mkOption {
default = false;
description = ''
Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked.
See the description of the 'F' flag in the kernel docs
for more details.
'';
type = types.bool;
};
};
}));
# Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
# - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
# and
# - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
# TODO: maybe put these in a JSON file?
magics = {
armv6l-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
armv7l-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
aarch64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
aarch64_be-linux = {
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
i386-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
i486-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
i586-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
i686-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
x86_64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
alpha-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
sparc64-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
sparc-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
powerpc-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
powerpc64-linux = {
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
powerpc64le-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';
};
mips-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
mipsel-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
mips64-linux = {
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
mips64el-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
riscv32-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
riscv64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
x86_64-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
};
i686-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
};
};
config = lib.mkIf (cfg != {}) {
environment.etc."binfmt.d/nixos.conf".source = binfmtFile;
system.activationScripts.binfmt = activationScript;
systemd.additionalUpstreamSystemUnits =
in {
options = {
boot.binfmt = {
registrations = mkOption {
default = {};
description = ''
Extra binary formats to register with the kernel.
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
'';
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
recognitionType = mkOption {
default = "magic";
description = "Whether to recognize executables by magic number or extension.";
type = types.enum [ "magic" "extension" ];
};
offset = mkOption {
default = null;
description = "The byte offset of the magic number used for recognition.";
type = types.nullOr types.int;
};
magicOrExtension = mkOption {
description = "The magic number or extension to match on.";
type = types.str;
};
mask = mkOption {
default = null;
description =
"A mask to be ANDed with the byte sequence of the file before matching";
type = types.nullOr types.str;
};
interpreter = mkOption {
description = ''
The interpreter to invoke to run the program.
Note that the actual registration will point to
/run/binfmt/''${name}, so the kernel interpreter length
limit doesn't apply.
'';
type = types.path;
};
preserveArgvZero = mkOption {
default = false;
description = ''
Whether to pass the original argv[0] to the interpreter.
See the description of the 'P' flag in the kernel docs
for more details;
'';
type = types.bool;
};
openBinary = mkOption {
default = config.matchCredentials;
description = ''
Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
'';
type = types.bool;
};
matchCredentials = mkOption {
default = false;
description = ''
Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit).
See the description of the 'C' flag in the kernel docs
for more details.
Implies/requires openBinary = true.
'';
type = types.bool;
};
fixBinary = mkOption {
default = false;
description = ''
Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked.
See the description of the 'F' flag in the kernel docs
for more details.
'';
type = types.bool;
};
};
}));
};
emulatedSystems = mkOption {
default = [];
description = ''
List of systems to emulate. Will also configure Nix to
support your new systems.
'';
type = types.listOf types.string;
};
};
};
config = {
boot.binfmt.registrations = builtins.listToAttrs (map (system: {
name = system;
value = {
interpreter = getEmulator system;
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
}) cfg.emulatedSystems);
# TODO: add a nix.extraPlatforms option to NixOS!
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
'';
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
([ "/run/binfmt" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
system.activationScripts.binfmt = ''
mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
'';
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {})
[ "proc-sys-fs-binfmt_misc.automount"
"proc-sys-fs-binfmt_misc.mount"
];

3
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View File

@ -62,8 +62,7 @@ in {
description = ''
The resolution of the console. The following values are valid:
</para>
<para>
<itemizedlist>
<listitem><para>
<literal>"0"</literal>: Standard UEFI 80x25 mode

175
nixos/modules/system/boot/luksroot.nix
View File

@ -76,6 +76,33 @@ let
fi
return 0
}
wait_gpgcard() {
local secs="''${1:-10}"
gpg --card-status > /dev/null 2> /dev/null
if [ $? != 0 ]; then
echo -n "Waiting $secs seconds for GPG Card to appear"
local success=false
for try in $(seq $secs); do
echo -n .
sleep 1
gpg --card-status > /dev/null 2> /dev/null
if [ $? == 0 ]; then
success=true
break
fi
done
if [ $success == true ]; then
echo " - success";
return 0
else
echo " - failure";
return 1
fi
fi
return 0
}
'';
preCommands = ''
@ -93,6 +120,13 @@ let
# For Yubikey salt storage
mkdir -p /crypt-storage
${optionalString luks.gpgSupport ''
export GPG_TTY=$(tty)
export GNUPGHOME=/crypt-ramfs/.gnupg
gpg-agent --daemon --scdaemon-program $out/bin/scdaemon > /dev/null 2> /dev/null
''}
# Disable all input echo for the whole stage. We could use read -s
# instead but that would ocasionally leak characters between read
# invocations.
@ -105,7 +139,7 @@ let
umount /crypt-ramfs 2>/dev/null
'';
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name;
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fallbackToPassword, ... }: assert name' == name;
let
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
@ -182,7 +216,7 @@ let
''}
}
${if luks.yubikeySupport && (yubikey != null) then ''
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
# Yubikey
rbtohex() {
( od -An -vtx1 | tr -d ' \n' )
@ -278,7 +312,7 @@ let
umount /crypt-storage
}
open_yubikey() {
open_with_hardware() {
if wait_yubikey ${toString yubikey.gracePeriod}; then
do_open_yubikey
else
@ -286,8 +320,75 @@ let
open_normally
fi
}
''}
open_yubikey
${optionalString (luks.gpgSupport && (gpgCard != null)) ''
do_open_gpg_card() {
# Make all of these local to this function
# to prevent their values being leaked
local pin
local opened
gpg --import /gpg-keys/${device}/pubkey.asc > /dev/null 2> /dev/null
gpg --card-status > /dev/null 2> /dev/null
for try in $(seq 3); do
echo -n "PIN for GPG Card associated with device ${device}: "
pin=
while true; do
if [ -e /crypt-ramfs/passphrase ]; then
echo "reused"
pin=$(cat /crypt-ramfs/passphrase)
break
else
# and try reading it from /dev/console with a timeout
IFS= read -t 1 -r pin
if [ -n "$pin" ]; then
${if luks.reusePassphrases then ''
# remember it for the next device
echo -n "$pin" > /crypt-ramfs/passphrase
'' else ''
# Don't save it to ramfs. We are very paranoid
''}
echo
break
fi
fi
done
echo -n "Verifying passphrase for ${device}..."
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
if [ $? == 0 ]; then
echo " - success"
${if luks.reusePassphrases then ''
# we don't rm here because we might reuse it for the next device
'' else ''
rm -f /crypt-ramfs/passphrase
''}
break
else
echo " - failure"
# ask for a different one
rm -f /crypt-ramfs/passphrase
fi
done
[ "$opened" == false ] && die "Maximum authentication errors reached"
}
open_with_hardware() {
if wait_gpgcard ${toString gpgCard.gracePeriod}; then
do_open_gpg_card
else
echo "No GPG Card found, falling back to normal open procedure"
open_normally
fi
}
''}
${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) then ''
open_with_hardware
'' else ''
open_normally
''}
@ -473,6 +574,36 @@ in
'';
};
gpgCard = mkOption {
default = null;
description = ''
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.
If null (the default), GPG-Smartcard will be disabled for this device.
'';
type = with types; nullOr (submodule {
options = {
gracePeriod = mkOption {
default = 10;
type = types.int;
description = "Time in seconds to wait for the GPG Smartcard.";
};
encryptedPass = mkOption {
default = "";
type = types.path;
description = "Path to the GPG encrypted passphrase.";
};
publicKey = mkOption {
default = "";
type = types.path;
description = "Path to the Public Key.";
};
};
});
};
yubikey = mkOption {
default = null;
description = ''
@ -554,6 +685,14 @@ in
}));
};
boot.initrd.luks.gpgSupport = mkOption {
default = false;
type = types.bool;
description = ''
Enables support for authenticating with a GPG encrypted password.
'';
};
boot.initrd.luks.yubikeySupport = mkOption {
default = false;
type = types.bool;
@ -567,6 +706,12 @@ in
config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) {
assertions =
[ { assertion = !(luks.gpgSupport && luks.yubikeySupport);
message = "Yubikey and GPG Card may not be used at the same time.";
}
];
# actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
["firewire_ohci" "firewire_core" "firewire_sbp2"];
@ -603,6 +748,23 @@ in
EOF
chmod +x $out/bin/openssl-wrap
''}
${optionalString luks.gpgSupport ''
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg-agent
copy_bin_and_libs ${pkgs.gnupg}/libexec/scdaemon
${concatMapStringsSep "\n" (x:
if x.gpgCard != null then
''
mkdir -p $out/secrets/gpg-keys/${x.device}
cp -a ${x.gpgCard.encryptedPass} $out/secrets/gpg-keys/${x.device}/cryptkey.gpg
cp -a ${x.gpgCard.publicKey} $out/secrets/gpg-keys/${x.device}/pubkey.asc
''
else ""
) (attrValues luks.devices)
}
''}
'';
boot.initrd.extraUtilsCommandsTest = ''
@ -612,6 +774,11 @@ in
$out/bin/ykinfo -V
$out/bin/openssl-wrap version
''}
${optionalString luks.gpgSupport ''
$out/bin/gpg --version
$out/bin/gpg-agent --version
$out/bin/scdaemon --version
''}
'';
boot.initrd.preFailCommands = postCommands;

5
nixos/modules/system/boot/resolved.nix
View File

@ -35,7 +35,7 @@ in
when resolving single-label host names (domain names which
contain no dot), in order to qualify them into fully-qualified
domain names (FQDNs).
</para><para>
For compatibility reasons, if this setting is not specified,
the search domains listed in
<filename>/etc/resolv.conf</filename> are used instead, if
@ -50,8 +50,9 @@ in
description = ''
Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host.
</para><para>
If set to
<variablelist>
<varlistentry>
<term><literal>"true"</literal></term>

13
nixos/modules/virtualisation/docker-containers.nix
View File

@ -65,10 +65,9 @@ let
default = [];
description = ''
Network ports to publish from the container to the outer host.
</para>
<para>
Valid formats:
</para>
<itemizedlist>
<listitem>
<para>
@ -91,21 +90,19 @@ let
</para>
</listitem>
</itemizedlist>
<para>
Both <literal>hostPort</literal> and
<literal>containerPort</literal> can be specified as a range of
ports. When specifying ranges for both, the number of container
ports in the range must match the number of host ports in the
range. Example: <literal>1234-1236:1234-1236/tcp</literal>
</para>
<para>
When specifying a range for <literal>hostPort</literal> only, the
<literal>containerPort</literal> must <emphasis>not</emphasis> be a
range. In this case, the container port is published somewhere
within the specified <literal>hostPort</literal> range. Example:
<literal>1234-1236:1234/tcp</literal>
</para>
<para>
Refer to the
<link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports">
Docker engine documentation</link> for full details.

7
nixos/tests/docker-tools.nix
View File

@ -67,5 +67,12 @@ import ./make-test.nix ({ pkgs, ... }: {
# Ensure building an image on top of a layered Docker images work
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}");
# Ensure order of layers is correct
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layersOrder}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer1 | grep -q layer1");
# This is to be sure the order of layers of the parent image is preserved
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer2 | grep -q layer2");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer3 | grep -q layer3");
'';
})

8
pkgs/applications/audio/qmmp/default.nix
View File

@ -29,17 +29,17 @@
# handle that.
stdenv.mkDerivation rec {
name = "qmmp-1.3.1";
name = "qmmp-1.3.2";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "1dmybzibpr6hpr2iv1wvrjgww842mng2x0rh1mr8gs8j191xvlhw";
sha256 = "1rh063kcyg7gs9yj2r4v5irpnq4pjaxaxsgrw30mdr21xhhc15cz";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs =
[ # basic requirements
cmake pkgconfig xlibsWrapper
qtbase qttools qtmultimedia qtx11extras
qtbase qttools qtmultimedia qtx11extras xlibsWrapper
# transports
curl libmms
# input plugins

5
pkgs/applications/audio/vcv-rack/default.nix
View File

@ -72,8 +72,9 @@ with stdenv.lib; stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Open-source virtual modular synthesizer";
homepage = http://vcvrack.com/;
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or unfree
license = [ licenses.bsd3 licenses.cc-by-nc-40 licenses.unfree ];
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or under a
# no-derivatives clause
license = with licenses; [ bsd3 cc-by-nc-40 unfreeRedistributable ];
maintainers = with maintainers; [ moredread ];
platforms = platforms.linux;
};

25
pkgs/applications/graphics/openscad/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, qt5, libsForQt5
, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext, freetype, fontconfig
}:
stdenv.mkDerivation rec {
@ -18,11 +18,13 @@ stdenv.mkDerivation rec {
sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb";
};
nativeBuildInputs = [ bison flex pkgconfig ];
buildInputs = [
bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib
pkgconfig harfbuzz gettext
]
++ (with qt5; [qtbase qmake])
eigen boost glew opencsg cgal mpfr gmp glib
harfbuzz gettext freetype fontconfig
] ++ stdenv.lib.optional stdenv.isLinux libGLU_combined
++ (with qt5; [qtbase qmake] ++ stdenv.lib.optional stdenv.isDarwin qtmacextras)
++ (with libsForQt5; [qscintilla])
;
@ -33,6 +35,17 @@ stdenv.mkDerivation rec {
doCheck = false;
postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
mkdir $out/Applications
mv $out/bin/*.app $out/Applications
rmdir $out/bin || true
mv --target-directory=$out/Applications/OpenSCAD.app/Contents/Resources \
$out/share/openscad/{examples,color-schemes,locale,libraries,fonts}
rmdir $out/share/openscad
'';
meta = {
description = "3D parametric model compiler";
longDescription = ''
@ -48,7 +61,7 @@ stdenv.mkDerivation rec {
'';
homepage = http://openscad.org/;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
platforms = stdenv.lib.platforms.unix;
maintainers = with stdenv.lib.maintainers;
[ bjornfor raskin the-kenny ];
};

6
pkgs/applications/kde/kgpg.nix
View File

@ -1,7 +1,7 @@
{
mkDerivation, lib,
extra-cmake-modules, kdoctools, ki18n, makeWrapper,
akonadi-contacts, gnupg1, karchive, kcodecs, kcontacts, kcoreaddons,
akonadi-contacts, gnupg, karchive, kcodecs, kcontacts, kcoreaddons,
kcrash, kdbusaddons, kiconthemes, kjobwidgets, kio, knotifications, kservice,
ktextwidgets, kxmlgui, kwidgetsaddons, kwindowsystem, qgpgme,
}:
@ -10,12 +10,12 @@ mkDerivation {
name = "kgpg";
nativeBuildInputs = [ extra-cmake-modules kdoctools makeWrapper ];
buildInputs = [
akonadi-contacts gnupg1 karchive kcodecs kcontacts kcoreaddons kcrash
akonadi-contacts gnupg karchive kcodecs kcontacts kcoreaddons kcrash
kdbusaddons ki18n kiconthemes kjobwidgets kio knotifications kservice
ktextwidgets kxmlgui kwidgetsaddons kwindowsystem qgpgme
];
postFixup = ''
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg1 ]}"
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg ]}"
'';
meta = {
license = [ lib.licenses.gpl2 ];

45
pkgs/applications/misc/bemenu/default.nix Normal file
View File

@ -0,0 +1,45 @@
{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
, pango, fribidi, harfbuzz, pcre, pkgconfig
, ncursesSupport ? true, ncurses ? null
, waylandSupport ? true, wayland ? null
, x11Support ? true, xlibs ? null, xorg ? null
}:
assert ncursesSupport -> ncurses != null;
assert waylandSupport -> wayland != null;
assert x11Support -> xlibs != null && xorg != null;
stdenv.mkDerivation rec {
pname = "bemenu";
version = "0.1.0";
src = fetchFromGitHub {
owner = "Cloudef";
repo = "bemenu";
rev = "33e540a2b04ce78f5c7ab4a60b899c67f586cc32";
sha256 = "11h55m9dx6ai12pqij52ydjm36dvrcc856pa834njihrp626pl4w";
};
nativeBuildInputs = [ cmake pkgconfig pcre ];
buildInputs = with stdenv.lib; [
cairo
fribidi
harfbuzz
libxkbcommon
pango
] ++ optionals ncursesSupport [ ncurses ]
++ optionals waylandSupport [ wayland ]
++ optionals x11Support [
xlibs.libX11 xlibs.libXinerama xlibs.libXft
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
];
meta = with stdenv.lib; {
homepage = "https://github.com/Cloudef/bemenu";
description = "Dynamic menu library and client program inspired by dmenu";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ thiagokokada ];
platforms = with platforms; linux;
};
}

10
pkgs/applications/misc/electrum/default.nix
View File

@ -3,16 +3,6 @@
let
version = "3.3.5";
qdarkstyle = python3Packages.buildPythonPackage rec {
pname = "QDarkStyle";
version = "2.5.4";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "1w715m1i5pycfqcpkrggpn0rs9cakx6cm5v8rggcxnf4p0i0kdiy";
};
doCheck = false; # no tests
};
# Not provided in official source releases, which are what upstream signs.
tests = fetchFromGitHub {
owner = "spesmilo";

23
pkgs/applications/misc/k2pdfopt/default.nix
View File

@ -57,7 +57,28 @@ stdenv.mkDerivation rec {
prePatch = ''
cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/
'';
patches = [];
patches = [
# stripped down copy of upstream commit b88c821f8d347bce0aea86d606c710303919f3d2
./leptonica-CVE-2018-3836.patch
(fetchpatch {
# CVE-2018-7186
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "ee301cb2029db8a6289c5295daa42bba7715e99a.patch";
sha256 = "0cgb7mvz2px1rg5i80wk1wxxjvzjga617d8q6j7qygkp7jm6495d";
})
(fetchpatch {
# CVE-2018-7247
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "c1079bb8e77cdd426759e466729917ca37a3ed9f.patch";
sha256 = "1z4iac5gwqggh7aa8cvyp6nl9fwd1v7wif26caxc9y5qr3jj34qf";
})
(fetchpatch {
# CVE-2018-7440
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b.patch";
sha256 = "1hjmva98iaw9xj7prg7aimykyayikcwnk4hk0380007hqb35lqmy";
})
];
});
tesseract_modded = tesseract4.override {
tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: {

95
pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch Normal file
View File

@ -0,0 +1,95 @@
--- a/src/allheaders.h
+++ b/src/allheaders.h
@@ -2600,6 +2600,7 @@
LEPT_DLL extern char * stringReverse ( const char *src );
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr );
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail );
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound );
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars );
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc );
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc );
--- a/src/gplot.c
+++ b/src/gplot.c
@@ -141,9 +141,10 @@
const char *xlabel,
const char *ylabel)
{
-char *newroot;
-char buf[L_BUF_SIZE];
-GPLOT *gplot;
+char *newroot;
+char buf[L_BUF_SIZE];
+l_int32 badchar;
+GPLOT *gplot;
PROCNAME("gplotCreate");
@@ -152,6 +153,9 @@
if (outformat != GPLOT_PNG && outformat != GPLOT_PS &&
outformat != GPLOT_EPS && outformat != GPLOT_LATEX)
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL);
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar);
+ if (badchar) /* danger of command injection */
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL);
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL)
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL);
--- a/src/utils2.c
+++ b/src/utils2.c
@@ -42,6 +42,7 @@
* l_int32 stringSplitOnToken()
*
* Find and replace string and array procs
+ * l_int32 stringCheckForChars()
* char *stringRemoveChars()
* l_int32 stringFindSubstr()
* char *stringReplaceSubstr()
@@ -701,6 +702,48 @@
/*--------------------------------------------------------------------*
* Find and replace procs *
*--------------------------------------------------------------------*/
+/*!
+ * \brief stringCheckForChars()
+ *
+ * \param[in] src input string; can be of zero length
+ * \param[in] chars string of chars to be searched for in %src
+ * \param[out] pfound 1 if any characters are found; 0 otherwise
+ * \return 0 if OK, 1 on error
+ *
+ * <pre>
+ * Notes:
+ * (1) This can be used to sanitize an operation by checking for
+ * special characters that don't belong in a string.
+ * </pre>
+ */
+l_int32
+stringCheckForChars(const char *src,
+ const char *chars,
+ l_int32 *pfound)
+{
+char ch;
+l_int32 i, n;
+
+ PROCNAME("stringCheckForChars");
+
+ if (!pfound)
+ return ERROR_INT("&found not defined", procName, 1);
+ *pfound = FALSE;
+ if (!src || !chars)
+ return ERROR_INT("src and chars not both defined", procName, 1);
+
+ n = strlen(src);
+ for (i = 0; i < n; i++) {
+ ch = src[i];
+ if (strchr(chars, ch)) {
+ *pfound = TRUE;
+ break;
+ }
+ }
+ return 0;
+}
+
+
/*!
* \brief stringRemoveChars()
*

15
pkgs/applications/misc/kitty/default.nix
View File

@ -2,7 +2,7 @@
harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel,
libstartup_notification, libX11, libXrandr, libXinerama, libXcursor,
libxkbcommon, libXi, libXext, wayland-protocols, wayland,
which, dbus,
which, dbus, fetchpatch,
Cocoa,
CoreGraphics,
Foundation,
@ -67,6 +67,17 @@ buildPythonApplication rec {
libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so";
})
] ++ stdenv.lib.optionals stdenv.isDarwin [
(fetchpatch {
name = "macos-symlink-1";
url = https://github.com/kovidgoyal/kitty/commit/bdeec612667f6976109247fe1750b10dda9c24c0.patch;
sha256 = "1d18x260w059qag80kgb2cgi2h4rricvqhwpbrw79s8yxzs7jhxk";
})
(fetchpatch {
# fixup of previous patch
name = "macos-symlink-2";
url = https://github.com/kovidgoyal/kitty/commit/af2c9a49b1ad31e94242295d88598591623fbf11.patch;
sha256 = "0k3dmgbvmh66j8k3h8dw6la6ma6f20fng6jjypy982kxvracsnl5";
})
./macos-10.11.patch
./no-lto.patch
./no-werror.patch
@ -84,7 +95,7 @@ buildPythonApplication rec {
mkdir -p $out
${if stdenv.isDarwin then ''
mkdir "$out/bin"
ln -s ../Applications/kitty.app/Contents/MacOS/kitty "$out/bin/kitty"
ln -s ../Applications/kitty.app/Contents/MacOS/kitty-deref-symlink "$out/bin/kitty"
mkdir "$out/Applications"
cp -r kitty.app "$out/Applications/kitty.app"
'' else ''

19
pkgs/applications/misc/octoprint/default.nix
View File

@ -15,13 +15,26 @@ let
packageOverrides = lib.foldr lib.composeExtensions (self: super: { }) ([
(mkOverride "flask" "0.10.1" "0wrkavjdjndknhp8ya8j850jq7a1cli4g5a93mg8nh1xz2gq50sc")
(mkOverride "flask_login" "0.2.11" "1rg3rsjs1gwi2pw6vr9jmhaqm9b3vc9c4hfcsvp4y8agbh7g3mc3")
(mkOverride "jinja2" "2.8.1" "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m")
(mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi")
(mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar")
(mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d")
# https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134
(mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c")
# Octoprint holds back jinja2 to 2.8.1 due to breaking changes.
# This old version does not have updated test config for pytest 4,
# and pypi tarball doesn't contain tests dir anyways.
(pself: psuper: {
jinja2 = psuper.jinja2.overridePythonAttrs (oldAttrs: rec {
version = "2.8.1";
src = oldAttrs.src.override {
inherit version;
sha256 = "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m";
};
doCheck = false;
});
})
]);
};
@ -69,7 +82,7 @@ in py.pkgs.buildPythonApplication rec {
pylru pyyaml sarge feedparser netifaces click websocket_client
scandir chainmap future dateutil futures wrapt monotonic emoji
frozendict
];
] ++ lib.optionals stdenv.isDarwin [ py.pkgs.appdirs ];
checkInputs = with py.pkgs; [ nose mock ddt ];
@ -82,7 +95,7 @@ in py.pkgs.buildPythonApplication rec {
'';
checkPhase = ''
HOME=$(mktemp -d) nosetests
HOME=$(mktemp -d) nosetests ${lib.optionalString stdenv.isDarwin "--exclude=test_set_external_modification"}
'';
meta = with stdenv.lib; {

4
pkgs/applications/misc/playonlinux/default.nix
View File

@ -4,7 +4,7 @@
, cabextract
, gettext
, glxinfo
, gnupg1compat
, gnupg
, icoutils
, imagemagick
, netcat-gnu
@ -32,7 +32,7 @@ let
python2Packages.python
gettext
glxinfo
gnupg1compat
gnupg
icoutils
imagemagick
netcat-gnu

4
pkgs/applications/misc/tilix/default.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "tilix";
version = "1.9.0";
version = "1.9.3";
src = fetchFromGitHub {
owner = "gnunn1";
repo = "tilix";
rev = version;
sha256 = "1k8hqpq6bzmn06b4s8c257n37ghgp3fl7l9g6fy0giwk1x0ix735";
sha256 = "0mg9y4xd2pnv0smibg7dyy733jarvx6qpdqap3sj7fpyni0jvpph";
};
nativeBuildInputs = [

4
pkgs/applications/misc/tzupdate/default.nix
View File

@ -5,11 +5,11 @@ let
in
buildPythonApplication rec {
pname = "tzupdate";
version = "1.3.1";
version = "1.4.0";
src = fetchPypi {
inherit pname version;
sha256 = "085kp4v9ijhkfvr0r5rzn4z7nrkb2qig05j0bajb0gkgynwf8wnz";
sha256 = "1sc3z2bx2nhnxg82x0jy19pr8lw56chbr90c2lr11w495csqwhz7";
};
propagatedBuildInputs = [ requests ];

10
pkgs/applications/misc/zathura/core/default.nix
View File

@ -32,15 +32,15 @@ stdenv.mkDerivation rec {
] ++ optional synctexSupport "-Dsynctex=enabled";
nativeBuildInputs = [
meson ninja pkgconfig appstream-glib desktop-file-utils python3.pkgs.sphinx
meson ninja pkgconfig desktop-file-utils python3.pkgs.sphinx
gettext makeWrapper libxml2
];
] ++ optional stdenv.isLinux appstream-glib;
buildInputs = [
gtk girara libintl libseccomp
sqlite glib file librsvg
gtk girara libintl sqlite glib file librsvg
] ++ optional synctexSupport texlive.bin.core
++ optional stdenv.isDarwin [ gtk-mac-integration ];
++ optional stdenv.isLinux libseccomp
++ optional stdenv.isDarwin gtk-mac-integration;
meta = {
homepage = https://pwmt.org/projects/zathura/;

3
pkgs/applications/misc/zathura/default.nix
View File

@ -1,5 +1,6 @@
{ config, pkgs
, useMupdf ? config.zathura.useMupdf or true
# zathura_pdf_mupdf fails to load _opj_create_decompress at runtime on Darwin (https://github.com/NixOS/nixpkgs/pull/61295#issue-277982980)
, useMupdf ? config.zathura.useMupdf or (!pkgs.stdenv.isDarwin)
, synctexSupport ? true }:
let

4
pkgs/applications/misc/zathura/pdf-mupdf/default.nix
View File

@ -21,9 +21,7 @@ stdenv.mkDerivation rec {
buildInputs = [
zathura_core girara mupdf cairo
] ++ stdenv.lib.optional stdenv.isDarwin [
gtk-mac-integration
];
] ++ lib.optional stdenv.isDarwin gtk-mac-integration;
PKG_CONFIG_ZATHURA_PLUGINDIR= "lib/zathura";

4
pkgs/applications/networking/p2p/qbittorrent/default.nix
View File

@ -10,13 +10,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "qbittorrent-${version}";
version = "4.1.5";
version = "4.1.6";
src = fetchFromGitHub {
owner = "qbittorrent";
repo = "qbittorrent";
rev = "release-${version}";
sha256 = "09zcygaxfv9g6av0vsvlyzv4v65wvj766xyfx31yz5ig3xan6ak1";
sha256 = "1y9kv84sy5fg64wbl4xpm8qh0hjba7ibk045cazp0m736rjmxk8c";
};
# NOTE: 2018-05-31: CMake is working but it is not officially supported

4
pkgs/applications/networking/p2p/tixati/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "tixati-${version}";
version = "2.59";
version = "2.61";
src = fetchurl {
url = "https://download2.tixati.com/download/tixati-${version}-1.x86_64.manualinstall.tar.gz";
sha256 = "0vf5y9kj2g7psgdzv2r46jdh5krdps838ca4wwwxi0dd1mwa65my";
sha256 = "05f8lcsac2mr90bhk999qkj8wwd6igdl07389bqrd1ydjasacl2k";
};
installPhase = ''

6
pkgs/applications/networking/sniffers/wireshark/default.nix
View File

@ -14,7 +14,8 @@ let
variant = if withQt then "qt" else "cli";
in stdenv.mkDerivation {
name = "wireshark-${variant}-${version}";
pname = "wireshark-${variant}";
inherit version;
outputs = [ "out" "dev" ];
src = fetchurl {
@ -24,7 +25,6 @@ in stdenv.mkDerivation {
cmakeFlags = [
"-DBUILD_wireshark=${if withQt then "ON" else "OFF"}"
"-DENABLE_QT5=${if withQt then "ON" else "OFF"}"
"-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
];
@ -95,6 +95,8 @@ in stdenv.mkDerivation {
enableParallelBuilding = true;
dontFixCmake = true;
shellHook = ''
# to be able to run the resulting binary
export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1

4
pkgs/applications/networking/syncthing/default.nix
View File

@ -3,14 +3,14 @@
let
common = { stname, target, postInstall ? "" }:
buildGoPackage rec {
version = "1.1.1";
version = "1.1.3";
name = "${stname}-${version}";
src = fetchFromGitHub {
owner = "syncthing";
repo = "syncthing";
rev = "v${version}";
sha256 = "1nkc4ivc8mg9c1njqlkhb9i5f4c1via1rdqfbhwgkj86s6cnxrg7";
sha256 = "00jshqa0nkwj06bfq16p359ss6nl6h49s31hag79wl9gwkca38va";
};
goPackagePath = "github.com/syncthing/syncthing";

4
pkgs/applications/science/biology/eggnog-mapper/default.nix
View File

@ -12,8 +12,8 @@ python27Packages.buildPythonApplication rec {
};
patches = (fetchpatch {
url = https://github.com/eggnogdb/eggnog-mapper/pull/125/commits/b7828e4c8c1c453e391aef050f06ff3f84ff9faf.patch;
sha256 = "0nz1a7ybm4j5c7vdm3annnxz9036iam2044hia341a0am9wydmzk";
url = "https://github.com/eggnogdb/eggnog-mapper/commit/6972f601ade85b65090efca747d2302acb58507f.patch";
sha256 = "0abnmn0bh11jihf5d3cggiild1ykawzv5f5fhb4cyyi8fvy4hcxf";
});
buildInputs = [ makeWrapper ];

5
pkgs/applications/science/logic/symbiyosys/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, yosys, python3 }:
{ stdenv, fetchFromGitHub, yosys, bash, python3 }:
stdenv.mkDerivation rec {
name = "symbiyosys-${version}";
@ -26,6 +26,9 @@ stdenv.mkDerivation rec {
substituteInPlace $out/bin/sby \
--replace "##yosys-sys-path##" \
"sys.path += [p + \"/share/yosys/python3/\" for p in [\"$out\", \"${yosys}\"]]"
substituteInPlace $out/share/yosys/python3/sby_core.py \
--replace "/bin/bash" \
"${bash}/bin/bash"
'';
meta = {
description = "Tooling for Yosys-based verification flows";

10
pkgs/applications/science/math/cbc/default.nix
View File

@ -1,11 +1,12 @@
{ lib, stdenv, fetchurl, zlib, bzip2 }:
stdenv.mkDerivation {
name = "cbc-2.9.9";
stdenv.mkDerivation rec {
pname = "cbc";
version = "2.10.2";
src = fetchurl {
url = "https://www.coin-or.org/download/source/Cbc/Cbc-2.9.9.tgz";
sha256 = "1w8axdzm05xf5y13c31w7rc5z6ywxqxiwafnxcq3p195kgj0915a";
url = "https://www.coin-or.org/download/source/Cbc/Cbc-${version}.tgz";
sha256 = "0frbxkh6nbh46kaxsx5bmzridgip3v7aq75l8yak5npiiq4jlwv3";
};
configureFlags = [ "-C" ];
@ -23,6 +24,7 @@ stdenv.mkDerivation {
license = lib.licenses.epl10;
maintainers = [ lib.maintainers.eelco ];
platforms = lib.platforms.linux ++ lib.platforms.darwin;
broken = stdenv.isAarch64; # Missing <immintrin.h> after 2.10.0
description = "A mixed integer programming solver";
};
}

4
pkgs/applications/science/math/pynac/default.nix
View File

@ -9,14 +9,14 @@
}:
stdenv.mkDerivation rec {
version = "0.7.24";
version = "0.7.25";
pname = "pynac";
src = fetchFromGitHub {
owner = "pynac";
repo = "pynac";
rev = "pynac-${version}";
sha256 = "0i3qxww28576jim0abgkqy9mi2k0lfllgyx8xpfqsqb75ai970ik";
sha256 = "0nnifvg6kzx0lq6gz7znind8g30v3d2pjfwgsdiks3vv9kv9nbj3";
};
buildInputs = [

51
pkgs/applications/version-management/git-and-tools/fast-export/default.nix
View File

@ -1,41 +1,42 @@
{stdenv, fetchgit, mercurial, makeWrapper, subversion}:
{stdenv, fetchgit, mercurial, makeWrapper}:
with stdenv.lib;
stdenv.mkDerivation {
name = "fast-export";
stdenv.mkDerivation rec {
pname = "fast-export";
version = "190107";
src = fetchgit {
url = git://repo.or.cz/fast-export.git;
rev = "d202200fd9daa75cdb37d4cf067d4ca00e269535";
sha256 = "0m4llsg9rx4sza1kf39kxsdvhi6y87a18wm5k19c5r2h3vpylwcc";
rev = "v${version}";
sha256 = "14azfps9jd5anivcvfwflgsvqdyy6gm9jy284kzx2ng9f7871d14";
};
buildInputs = [mercurial.python mercurial makeWrapper subversion];
buildInputs = [mercurial.python mercurial makeWrapper];
dontBuild = true; # skip svn for now
# TODO also support svn stuff
# moving .py files into lib directory so that you can't pick the wrong file from PATH.
# This requires redefining ROOT
installPhase = ''
sed -i "s@/usr/bin/env.*@$(type -p python)@" *.py
l=$out/libexec/git-fast-export
mkdir -p $out/{bin,doc/git-fast-export} $l
sed -i "s@ROOT=.*@ROOT=$l@" *.sh
mv *.sh $out/bin
mv *.py $l
for p in $out/bin/*.sh; do
wrapProgram $p \
--prefix PYTHONPATH : "$(echo ${mercurial}/lib/python*/site-packages):$(echo ${mercurial.python}/lib/python*/site-packages)${stdenv.lib.concatMapStrings (x: ":$(echo ${x}/lib/python*/site-packages)") mercurial.pythonPackages or []}" \
--prefix PATH : "$(dirname $(type -p python))":$l
binPath=$out/bin
libexecPath=$out/libexec/${pname}
sitepackagesPath=$out/${mercurial.python.sitePackages}
mkdir -p $binPath $libexecPath $sitepackagesPath
# Patch shell scripts so they can execute the Python scripts
sed -i "s|ROOT=.*|ROOT=$libexecPath|" *.sh
mv hg-fast-export.sh hg-reset.sh $binPath
mv hg-fast-export.py hg-reset.py $libexecPath
mv hg2git.py pluginloader plugins $sitepackagesPath
for script in $out/bin/*.sh; do
wrapProgram $script \
--prefix PATH : "${mercurial.python}/bin":$libexec \
--prefix PYTHONPATH : "${mercurial}/${mercurial.python.sitePackages}":$sitepackagesPath
done
'';
meta = {
description = "Import svn, mercurial into git";
meta = with stdenv.lib; {
description = "Import mercurial into git";
homepage = https://repo.or.cz/w/fast-export.git;
license = licenses.gpl2;
maintainers = [ maintainers.koral ];
platforms = stdenv.lib.platforms.unix;
platforms = platforms.unix;
};
}

4
pkgs/applications/version-management/git-and-tools/git-crypt/default.nix
View File

@ -1,4 +1,4 @@
{ fetchFromGitHub, git, gnupg1compat, makeWrapper, openssl, stdenv }:
{ fetchFromGitHub, git, gnupg, makeWrapper, openssl, stdenv }:
stdenv.mkDerivation rec {
name = "git-crypt-${version}";
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
installPhase = ''
make install PREFIX=$out
wrapProgram $out/bin/* --prefix PATH : $out/bin:${git}/bin:${gnupg1compat}/bin
wrapProgram $out/bin/* --prefix PATH : $out/bin:${git}/bin:${gnupg}/bin
'';
meta = with stdenv.lib; {

4
pkgs/applications/version-management/git-and-tools/git-remote-gcrypt/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, docutils, makeWrapper
, gnupg1compat, curl, rsync, coreutils
, gnupg, curl, rsync, coreutils
, gawk, gnused, gnugrep
}:
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
installPhase = ''
prefix="$out" ./install.sh
wrapProgram "$out/bin/git-remote-gcrypt" \
--prefix PATH ":" "${stdenv.lib.makeBinPath [ gnupg1compat curl rsync coreutils
--prefix PATH ":" "${stdenv.lib.makeBinPath [ gnupg curl rsync coreutils
gawk gnused gnugrep ]}"
'';

4
pkgs/applications/version-management/git-and-tools/svn-all-fast-export/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchFromGitHub, qmake, qtbase, qttools, subversion, apr }:
let
version = "1.0.13";
version = "1.0.16";
in
stdenv.mkDerivation {
name = "svn-all-fast-export-${version}";
@ -10,7 +10,7 @@ stdenv.mkDerivation {
owner = "svn-all-fast-export";
repo = "svn2git";
rev = version;
sha256 = "0f1qj0c4cdq46mz54wcy17g7rq1fy2q0bq3sswhr7r5a2s433x4f";
sha256 = "1xs3gngjkna458liaqjsc8ryld03mdmvycnkzwsgyzfxsgjx1i3l";
};
nativeBuildInputs = [ qmake qttools ];

14
pkgs/applications/version-management/src/default.nix
View File

@ -2,20 +2,21 @@
stdenv.mkDerivation rec {
name = "src-${version}";
version = "1.24";
version = "1.25";
src = fetchurl {
url = "http://www.catb.org/~esr/src/${name}.tar.gz";
sha256 = "0n9j2mywbm8c7mc5b3m7dvn6gff88wwwaygk4y1jivpg1f6s3k3l";
sha256 = "0qd10w8fwbrgaj8sx49q6cfhqq3ylhwn7nl9v6kxi1yjlw2p098p";
};
buildInputs = [ python rcs git makeWrapper ];
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ python rcs git ];
preConfigure = ''
patchShebangs .
'';
makeFlags = [ "prefix=$(out)" ];
makeFlags = [ "prefix=${placeholder "out"}" ];
postInstall = ''
wrapProgram $out/bin/src \
@ -32,8 +33,9 @@ stdenv.mkDerivation rec {
will seem familiar to Subversion/Git/hg users, and no binary blobs
anywhere.
'';
homepage = http://www.catb.org/esr/src/;
license = licenses.bsd3;
homepage = "http://www.catb.org/esr/src/";
changelog = "https://gitlab.com/esr/src/raw/${version}/NEWS";
license = licenses.bsd2;
platforms = platforms.all;
maintainers = with maintainers; [ calvertvl AndersonTorres ];
};

37
pkgs/applications/video/mkclean/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ dos2unix, fetchurl, stdenv }:
stdenv.mkDerivation rec {
pname = "mkclean";
version = "0.8.10";
hardeningDisable = [ "format" ];
nativeBuildInputs = [ dos2unix ];
src = fetchurl {
url = "mirror://sourceforge/matroska/${pname}-${version}.tar.bz2";
sha256 = "0zbpi4sm68zb20d53kbss93fv4aafhcmz7dsd0zdf01vj1r3wxwn";
};
configurePhase = ''
dos2unix ./mkclean/configure.compiled
./mkclean/configure.compiled
'';
buildPhase = ''
make -C mkclean
'';
installPhase = ''
mkdir -p $out/{bin,lib}
mv release/gcc_linux_*/*.* $out/lib
mv release/gcc_linux_*/* $out/bin
'';
meta = with stdenv.lib; {
description = "mkclean is a command line tool to clean and optimize Matroska (.mkv / .mka / .mks / .mk3d) and WebM (.webm / .weba) files that have already been muxed.";
homepage = "https://www.matroska.org";
license = licenses.bsdOriginal;
maintainers = with maintainers; [ chrisaw ];
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

4
pkgs/applications/virtualization/rkt/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, autoreconfHook, acl, go, file, git, wget, gnupg1, trousers, squashfsTools,
{ stdenv, lib, autoreconfHook, acl, go, file, git, wget, gnupg, trousers, squashfsTools,
cpio, fetchurl, fetchFromGitHub, iptables, systemd, makeWrapper, glibc }:
let
@ -30,7 +30,7 @@ in stdenv.mkDerivation rec {
buildInputs = [
glibc.out glibc.static
autoreconfHook go file git wget gnupg1 trousers squashfsTools cpio acl systemd
autoreconfHook go file git wget gnupg trousers squashfsTools cpio acl systemd
makeWrapper
];

15
pkgs/applications/window-managers/i3/wk-switch.nix
View File

@ -1,18 +1,17 @@
{ stdenv, fetchFromGitHub, python2Packages }:
{ stdenv, fetchFromGitHub, python3Packages }:
python2Packages.buildPythonApplication rec {
python3Packages.buildPythonApplication rec {
pname = "i3-wk-switch";
version = "2017-08-21";
version = "2019-05-10";
# https://github.com/tmfink/i3-wk-switch/commit/484f840bc4c28ddc60fa3be81e2098f7689e78fb
src = fetchFromGitHub {
owner = "tmfink";
repo = pname;
rev = "484f840";
sha256 = "0nrc13ld5bx07wrgnpzgpbaixb4rpi93xiapvyb8srd49fj9pcmb";
rev = "05a2d5d35e9841d2a26630f1866fc0a0e8e708eb";
sha256 = "0ln192abdqrrs7rdazp9acbji2y6pf68z2d1by4nf2q529dh24dc";
};
propagatedBuildInputs = with python2Packages; [ i3-py ];
propagatedBuildInputs = with python3Packages; [ i3ipc ];
dontBuild = true;
doCheck = false;
@ -23,7 +22,7 @@ python2Packages.buildPythonApplication rec {
'';
meta = with stdenv.lib; {
description = "XMonad-like workspace switching for i3";
description = "XMonad-like workspace switching for i3 and sway";
maintainers = with maintainers; [ synthetica ];
platforms = platforms.linux;
license = licenses.mit;

21
pkgs/build-support/docker/default.nix
View File

@ -216,7 +216,7 @@ rec {
find image/$extractionID/layer -name ".wh.*" -exec bash -c 'name="$(basename {}|sed "s/^.wh.//")"; mknod "$(dirname {})/$name" c 0 0; rm {}' \;
# Get the next lower directory and continue the loop.
lowerdir=$lowerdir''${lowerdir:+:}image/$extractionID/layer
lowerdir=image/$extractionID/layer''${lowerdir:+:}$lowerdir
done
mkdir work
@ -585,9 +585,9 @@ rec {
layerID=$(sha256sum "$layer/json" | cut -d ' ' -f 1)
ln -s "$layer" "./image/$layerID"
manifestJson=$(echo "$manifestJson" | jq ".[0].Layers |= [\"$layerID/layer.tar\"] + .")
imageJson=$(echo "$imageJson" | jq ".history |= [{\"created\": \"$(jq -r .created ${configJson})\"}] + .")
imageJson=$(echo "$imageJson" | jq ".rootfs.diff_ids |= [\"sha256:$layerChecksum\"] + .")
manifestJson=$(echo "$manifestJson" | jq ".[0].Layers |= . + [\"$layerID/layer.tar\"]")
imageJson=$(echo "$imageJson" | jq ".history |= . + [{\"created\": \"$(jq -r .created ${configJson})\"}]")
imageJson=$(echo "$imageJson" | jq ".rootfs.diff_ids |= . + [\"sha256:$layerChecksum\"]")
done
imageJsonChecksum=$(echo "$imageJson" | sha256sum | cut -d ' ' -f1)
echo "$imageJson" > "image/$imageJsonChecksum.json"
@ -779,23 +779,24 @@ rec {
# Use the temp folder we've been working on to create a new image.
mv temp image/$layerID
# Add the new layer ID to the beginning of the layer list
# Add the new layer ID to the end of the layer list
(
cat layer-list
# originally this used `sed -i "1i$layerID" layer-list`, but
# would fail if layer-list was completely empty.
echo "$layerID/layer.tar"
cat layer-list
) | ${pkgs.moreutils}/bin/sponge layer-list
# Create image json and image manifest
imageJson=$(cat ${baseJson} | jq ". + {\"rootfs\": {\"diff_ids\": [], \"type\": \"layers\"}}")
manifestJson=$(jq -n "[{\"RepoTags\":[\"$imageName:$imageTag\"]}]")
for layerTar in $(tac ./layer-list); do
for layerTar in $(cat ./layer-list); do
layerChecksum=$(sha256sum image/$layerTar | cut -d ' ' -f1)
imageJson=$(echo "$imageJson" | jq ".history |= [{\"created\": \"$(jq -r .created ${baseJson})\"}] + .")
imageJson=$(echo "$imageJson" | jq ".rootfs.diff_ids |= [\"sha256:$layerChecksum\"] + .")
manifestJson=$(echo "$manifestJson" | jq ".[0].Layers |= [\"$layerTar\"] + .")
imageJson=$(echo "$imageJson" | jq ".history |= . + [{\"created\": \"$(jq -r .created ${baseJson})\"}]")
# diff_ids order is from the bottom-most to top-most layer
imageJson=$(echo "$imageJson" | jq ".rootfs.diff_ids |= . + [\"sha256:$layerChecksum\"]")
manifestJson=$(echo "$manifestJson" | jq ".[0].Layers |= . + [\"$layerTar\"]")
done
imageJsonChecksum=$(echo "$imageJson" | sha256sum | cut -d ' ' -f1)

39
pkgs/build-support/docker/examples.nix
View File

@ -187,4 +187,43 @@ rec {
runAsRoot = "touch /example-file";
fromImage = bash;
};
# 13. example of 3 layers images This image is used to verify the
# order of layers is correct.
# It allows to validate
# - the layer of parent are below
# - the order of parent layer is preserved at image build time
# (this is why there are 3 images)
layersOrder = let
l1 = pkgs.dockerTools.buildImage {
name = "l1";
tag = "latest";
extraCommands = ''
mkdir -p tmp
echo layer1 > tmp/layer1
echo layer1 > tmp/layer2
echo layer1 > tmp/layer3
'';
};
l2 = pkgs.dockerTools.buildImage {
name = "l2";
fromImage = l1;
tag = "latest";
extraCommands = ''
mkdir -p tmp
echo layer2 > tmp/layer2
echo layer2 > tmp/layer3
'';
};
in pkgs.dockerTools.buildImage {
name = "l3";
fromImage = l2;
tag = "latest";
contents = [ pkgs.coreutils ];
extraCommands = ''
mkdir -p tmp
echo layer3 > tmp/layer3
'';
};
}

27
pkgs/data/fonts/agave/default.nix
View File

@ -1,24 +1,21 @@
{ stdenv, fetchurl }:
{ lib, fetchurl }:
stdenv.mkDerivation rec {
let
pname = "agave";
version = "009";
in fetchurl {
name = "${pname}-${version}";
url = "https://github.com/agarick/agave/releases/download/v${version}/agave-r.ttf";
src = fetchurl {
url = "https://github.com/agarick/agave/releases/download/v${version}/agave-r.ttf";
sha256 = "05766gp2glm1p2vknk1nncxigq28hg8s58kjwsbn8zpwy8ivywpk";
};
sourceRoot = ".";
unpackPhase = ":";
dontBuild = true;
installPhase = ''
mkdir -p $out/share/fonts/truetype
cp $src $out/share/fonts/truetype/
downloadToTemp = true;
recursiveHash = true;
postFetch = ''
install -D $downloadedFile $out/share/fonts/truetype/agave-r.ttf
'';
meta = with stdenv.lib; {
sha256 = "16qvz3zpwiq2nw0gxygva5pssswcia5xp0q6ir5jfkackvqf3fql";
meta = with lib; {
description = "truetype monospaced typeface designed for X environments";
homepage = https://b.agaric.net/page/agave;
license = licenses.mit;

4
pkgs/data/fonts/aileron/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
majorVersion = "0";
@ -17,7 +17,7 @@ fetchzip rec {
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype/${pname}
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = "http://dotcolon.net/font/${pname}/";
description = "A helvetica font in nine weights";
platforms = platforms.all;

4
pkgs/data/fonts/andagii/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "1.0.2";
@ -17,7 +17,7 @@ in fetchzip {
# There are multiple claims that the font is GPL, so I include the
# package; but I cannot find the original source, so use it on your
# own risk Debian claims it is GPL - good enough for me.
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://www.i18nguy.com/unicode/unicode-font.html;
description = "Unicode Plane 1 Osmanya script font";
maintainers = with maintainers; [ raskin rycee ];

4
pkgs/data/fonts/andika/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "5.000";
@ -16,7 +16,7 @@ in
sha256 = "1jy9vpcprpd1k48p20wh6jhyn909ibia8lr5i747p41l0s8a7lqy";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://software.sil.org/andika;
description = "A family designed especially for literacy use taking into account the needs of beginning readers";
longDescription = ''

4
pkgs/data/fonts/ankacoder/condensed.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let version = "1.100"; in
fetchzip rec {
@ -13,7 +13,7 @@ fetchzip rec {
sha256 = "0i80zpr2y9368rg2i6x8jv0g7d03kdyr5h7w9yz7pjd7i9xd8439";
meta = with stdenv.lib; {
meta = with lib; {
description = "Anka/Coder Condensed font";
homepage = https://code.google.com/archive/p/anka-coder-fonts;
license = licenses.ofl;

4
pkgs/data/fonts/ankacoder/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let version = "1.100"; in
fetchzip rec {
@ -13,7 +13,7 @@ fetchzip rec {
sha256 = "1jqx9micfmiarqh9xp330gl96v3vxbwzz9cmg2vi845n9md4im85";
meta = with stdenv.lib; {
meta = with lib; {
description = "Anka/Coder fonts";
homepage = https://code.google.com/archive/p/anka-coder-fonts;
license = licenses.ofl;

4
pkgs/data/fonts/anonymous-pro/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "1.002";
@ -13,7 +13,7 @@ in fetchzip rec {
'';
sha256 = "05rgzag38qc77b31sm5i2vwwrxbrvwzfsqh3slv11skx36pz337f";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://www.marksimonson.com/fonts/view/anonymous-pro;
description = "TrueType font set intended for source code";
longDescription = ''

3
pkgs/data/fonts/arkpandora/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl }:
{ lib, fetchurl }:
let
version = "2.04";
@ -21,6 +21,5 @@ in fetchurl {
meta = {
description = "Font, metrically identical to Arial and Times New Roman";
platforms = stdenv.lib.platforms.unix;
};
}

6
pkgs/data/fonts/arphic/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip, mkfontscale, mkfontdir }:
{ lib, fetchzip, mkfontscale, mkfontdir }:
let
version = "0.2.20080216.2";
@ -18,7 +18,7 @@ in {
sha256 = "0xi5ycm7ydzpn7cqxv1kcj9vd70nr9wn8v27hmibyjc25y2qdmzl";
meta = with stdenv.lib; {
meta = with lib; {
description = "CJK Unicode font Kai style";
homepage = https://www.freedesktop.org/wiki/Software/CJKUnifonts/;
@ -43,7 +43,7 @@ in {
sha256 = "16jybvj1cxamm682caj6nsm6l5c60x9mgchp1l2izrw2rvc8x38d";
meta = with stdenv.lib; {
meta = with lib; {
description = "CJK Unicode font Ming style";
homepage = https://www.freedesktop.org/wiki/Software/CJKUnifonts/;

17
pkgs/data/fonts/aurulent-sans/default.nix
View File

@ -1,12 +1,13 @@
{stdenv, fetchzip}:
{ lib, fetchFromGitHub }:
fetchzip rec {
fetchFromGitHub rec {
name = "aurulent-sans-0.1";
url = "https://github.com/deepfire/hartke-aurulent-sans/archive/${name}.zip";
owner = "deepfire";
repo = "hartke-aurulent-sans";
rev = name;
postFetch = ''
mkdir -p $out/share/fonts
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype
tar xf $downloadedFile -C $out/share/fonts --strip=1
'';
sha256 = "1l60psfv9x0x9qx9vp1qnhmck7a7kks385m5ycrd3d91irz1j5li";
@ -14,8 +15,8 @@ fetchzip rec {
description = "Aurulent Sans";
longDescription = "Aurulent Sans is a humanist sans serif intended to be used as an interface font.";
homepage = http://delubrum.org/;
maintainers = with stdenv.lib.maintainers; [ deepfire ];
license = stdenv.lib.licenses.ofl;
platforms = stdenv.lib.platforms.all;
maintainers = with lib.maintainers; [ deepfire ];
license = lib.licenses.ofl;
platforms = lib.platforms.all;
};
}

17
pkgs/data/fonts/b612/default.nix
View File

@ -1,20 +1,21 @@
{ stdenv, fetchzip, lib }:
{ lib, fetchFromGitHub }:
let
version = "1.008";
pname = "b612";
in
fetchzip rec {
in fetchFromGitHub {
name = "${pname}-font-${version}";
url = "https://github.com/polarsys/b612/archive/${version}.zip";
sha256 = "0r3lana1q9w3siv8czb3p9rrb5d9svp628yfbvvmnj7qvjrmfsiq";
owner = "polarsys";
repo = "b612";
rev = version;
postFetch = ''
tar xf $downloadedFile --strip=1
mkdir -p $out/share/fonts/truetype/${pname}
unzip -j $downloadedFile \*.ttf -d $out/share/fonts/truetype/${pname}
cp fonts/ttf/*.ttf $out/share/fonts/truetype/${pname}
'';
sha256 = "0r3lana1q9w3siv8czb3p9rrb5d9svp628yfbvvmnj7qvjrmfsiq";
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://b612-font.com/;
description = "Highly legible font family for use on aircraft cockpit screens";
longDescription = ''

8
pkgs/data/fonts/babelstone-han/default.nix
View File

@ -1,7 +1,7 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "11.0.3";
version = "12.1.4";
in fetchzip {
name = "babelstone-han-${version}";
@ -10,9 +10,9 @@ in fetchzip {
mkdir -p $out/share/fonts/truetype
unzip $downloadedFile '*.ttf' -d $out/share/fonts/truetype
'';
sha256 = "0c8s21kllyilwivrb8gywq818y67w3zpann34hz36vy0wyiswn1c";
sha256 = "1fypwk2i87jfrckvxg9wz4x84z7c6ifgzrjb8fylhac50lzi6kni";
meta = with stdenv.lib; {
meta = with lib; {
description = "Unicode CJK font with over 36000 Han characters";
homepage = http://www.babelstone.co.uk/Fonts/Han.html;

8
pkgs/data/fonts/baekmuk-ttf/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
fetchzip rec {
name = "baekmuk-ttf-2.2";
@ -6,9 +6,8 @@ fetchzip rec {
url = "http://kldp.net/baekmuk/release/865-${name}.tar.gz";
postFetch = ''
tar -xzvf $downloadedFile --strip-components=1
mkdir -p $out/share/fonts $out/share/doc/${name}
cp ttf/*.ttf $out/share/fonts
cp COPYRIGHT* $out/share/doc/${name}
install -m444 -Dt $out/share/fonts ttf/*.ttf
install -m444 -Dt $out/share/doc/${name} COPYRIGHT*
'';
sha256 = "1jgsvack1l14q8lbcv4qhgbswi30mf045k37rl772hzcmx0r206g";
@ -16,7 +15,6 @@ fetchzip rec {
description = "Korean font";
homepage = http://kldp.net/projects/baekmuk/;
license = "BSD-like";
platforms = stdenv.lib.platforms.linux;
};
}

3
pkgs/data/fonts/bakoma-ttf/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
fetchzip {
name = "bakoma-ttf";
@ -16,6 +16,5 @@ fetchzip {
meta = {
description = "TrueType versions of the Computer Modern and AMS TeX Fonts";
homepage = http://www.ctan.org/tex-archive/fonts/cm/ps-type1/bakoma/ttf/;
platforms = stdenv.lib.platforms.unix;
};
}

25
pkgs/data/fonts/behdad-fonts/default.nix
View File

@ -1,22 +1,21 @@
{ stdenv, fetchFromGitHub }:
{ lib, fetchFromGitHub }:
stdenv.mkDerivation rec {
let
pname = "behdad-fonts";
version = "0.0.3";
in fetchFromGitHub rec {
name = "${pname}-${version}";
owner = "font-store";
repo = "BehdadFont";
rev = "v${version}";
src = fetchFromGitHub {
owner = "font-store";
repo = "BehdadFont";
rev = "v${version}";
sha256 = "0rlmyv82qmyy90zvkjnlva44ia7dyhiyk7axbq526v7zip3g79w0";
};
installPhase = ''
mkdir -p $out/share/fonts/behdad-fonts
cp -v $( find . -name '*.ttf') $out/share/fonts/behdad-fonts
postFetch = ''
tar xf $downloadedFile --strip=1
find . -name '*.ttf' -exec install -m444 -Dt $out/share/fonts/behrad-fonts {} \;
'';
sha256 = "0c57232462cv1jrfn0m2bl7jzcfkacirrdd2qimrc8iqhkz0ajfz";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://github.com/font-store/BehdadFont;
description = "A Persian/Arabic Open Source Font";
license = licenses.ofl;

18
pkgs/data/fonts/cabin/default.nix
View File

@ -1,19 +1,21 @@
{ stdenv, fetchzip }:
{ lib, fetchFromGitHub }:
fetchzip rec {
fetchFromGitHub rec {
name = "cabin-1.005";
url = https://github.com/impallari/Cabin/archive/982839c790e9dc57c343972aa34c51ed3b3677fd.zip;
owner = "impallari";
repo = "Cabin";
rev = "982839c790e9dc57c343972aa34c51ed3b3677fd";
postFetch = ''
mkdir -p $out/share/{doc,fonts}
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype
unzip -j $downloadedFile \*README.md \*FONTLOG.txt -d "$out/share/doc/${name}"
tar xf $downloadedFile --strip=1
install -m444 -Dt $out/share/fonts/opentype fonts/OTF/*.otf
install -m444 -Dt $out/share/doc/${name} README.md FONTLOG.txt
'';
sha256 = "1ax5c2iab48qsk9zn3gjvqaib2lnlm25f1wr0aysf5ngw0y0jkrd";
sha256 = "1bl7h217m695jn4rbniialfk573aa44fslp2rjxnhkicakpcm44h";
meta = with stdenv.lib; {
meta = with lib; {
description = "A humanist sans with 4 weights and true italics";
longDescription = ''
The Cabin font family is a humanist sans with 4 weights and true italics,

4
pkgs/data/fonts/caladea/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "20130214";
@ -15,7 +15,7 @@ in fetchzip rec {
'';
sha256 = "0kwm42ggr8kvcn3554cpmv90xzam1sdncx7x3zs3bzp88mxrnv1z";
meta = with stdenv.lib; {
meta = with lib; {
# This font doesn't appear to have any official web site but this
# one provides some good information and samples.
homepage = http://openfontlibrary.org/en/font/caladea;

12
pkgs/data/fonts/camingo-code/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "1.0";
@ -8,14 +8,12 @@ in fetchzip rec {
url = https://github.com/chrissimpkins/codeface/releases/download/font-collection/codeface-fonts.zip;
postFetch = ''
unzip $downloadedFile
mkdir -p $out/share/fonts/truetype
mkdir -p $out/share/doc/${name}
cp -v fonts/camingo-code/*.ttf $out/share/fonts/truetype/
cp -v fonts/camingo-code/*.txt $out/share/doc/${name}/
install -m444 -Dt $out/share/fonts/truetype fonts/camingo-code/*.ttf
install -m444 -Dt $out/share/doc/${name} fonts/camingo-code/*.txt
'';
sha256 = "035z2k6lwwy2bysw27pirn3vjxnj2h23nyx8jr213rb2bl0m21x1";
sha256 = "16iqjwwa7pnswvcc4w8nglkd0m0fz50qsz96i1kcpqip3nwwvw7y";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://www.myfonts.com/fonts/jan-fromm/camingo-code/;
description = "A monospaced typeface designed for source-code editors";
platforms = platforms.all;

4
pkgs/data/fonts/carlito/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "20130920";
@ -17,7 +17,7 @@ in fetchzip rec {
sha256 = "0d72zy6kdmxgpi63r3yvi3jh1hb7lvlgv8hgd4ag0x10dz18mbzv";
meta = with stdenv.lib; {
meta = with lib; {
# This font doesn't appear to have any official web site but this
# one provides some good information and samples.
homepage = http://openfontlibrary.org/en/font/carlito;

4
pkgs/data/fonts/charis-sil/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "5.000";
@ -16,7 +16,7 @@ in
sha256 = "1a220s8n0flvcdkazqf5g10v6r55s2an308slvvarynpj6l7x27n";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://software.sil.org/charis;
description = "A family of highly readable fonts for broad multilingual use";
longDescription = ''

20
pkgs/data/fonts/clearlyU/default.nix
View File

@ -7,18 +7,17 @@ stdenv.mkDerivation {
url = https://www.math.nmsu.edu/~mleisher/Software/cu/cu12-1.9.tgz;
sha256 = "1xn14jbv3m1khy7ydvad9ydkn7yygdbhjy9wm1v000jzjwr3lv21";
};
nativeBuildInputs = [ mkfontdir mkfontscale ];
installPhase =
''
mkdir -p $out/share/fonts
cp *.bdf $out/share/fonts
cd $out/share/fonts
mkfontdir
mkfontscale
'';
installPhase = ''
mkdir -p $out/share/fonts
cp *.bdf $out/share/fonts
cd $out/share/fonts
mkfontdir
mkfontscale
'';
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "127zrg65s90ksj99kr9hxny40rbxvpai62mf5nqk853hcd1bzpr6";
@ -26,6 +25,5 @@ stdenv.mkDerivation {
meta = {
description = "A Unicode font";
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.unix;
};
}

10
pkgs/data/fonts/cm-unicode/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "0.7.0";
@ -9,15 +9,13 @@ in fetchzip rec {
postFetch = ''
tar -xJvf $downloadedFile --strip-components=1
mkdir -p $out/share/fonts/opentype
mkdir -p $out/share/doc/${name}
cp -v *.otf $out/share/fonts/opentype/
cp -v README FontLog.txt $out/share/doc/${name}
install -m444 -Dt $out/share/fonts/opentype *.otf
install -m444 -Dt $out/share/doc/${name} README FontLog.txt
'';
sha256 = "1rzz7yhqq3lljyqxbg46jfzfd09qgpgx865lijr4sgc94riy1ypn";
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://canopus.iacp.dvo.ru/~panov/cm-unicode/;
description = "Computer Modern Unicode fonts";
maintainers = with maintainers; [ raskin rycee ];

5
pkgs/data/fonts/comfortaa/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "3.001";
@ -8,13 +8,12 @@ in fetchzip rec {
url = "https://orig00.deviantart.net/40a3/f/2017/093/d/4/comfortaa___font_by_aajohan-d1qr019.zip";
postFetch = ''
mkdir -p $out/share/fonts $out/share/doc
unzip -l $downloadedFile
unzip -j $downloadedFile \*.ttf -d $out/share/fonts/truetype
unzip -j $downloadedFile \*/FONTLOG.txt \*/donate.html -d $out/share/doc/${name}
'';
sha256 = "0z7xr0cnn6ghwivrm5b5awq9bzhnay3y99qq6dkdgfkfdsaz0n9h";
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://aajohan.deviantart.com/art/Comfortaa-font-105395949;
description = "A clean and modern font suitable for headings and logos";
license = licenses.ofl;

4
pkgs/data/fonts/comic-neue/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "2.2";
@ -19,7 +19,7 @@ in fetchzip rec {
sha256 = "1yypq5aqqzv3q1c6vx5130mi2iwihzzvrawhwqpwsfjl0p25sq9q";
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://comicneue.com/;
description = "A casual type face: Make your lemonade stand look like a fortune 500 company";
longDescription = ''

4
pkgs/data/fonts/comic-relief/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "1.1";
@ -18,7 +18,7 @@ in fetchzip rec {
sha256 = "0dz0y7w6mq4hcmmxv6fn4mp6jkln9mzr4s96vsg68wrl5b7k9yff";
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://loudifier.com/comic-relief/;
description = "A font metric-compatible with Microsoft Comic Sans";
longDescription = ''

6
pkgs/data/fonts/cooper-hewitt/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
fetchzip rec {
fetchzip {
name = "cooper-hewitt-2014-06-09";
url = https://www.cooperhewitt.org/wp-content/uploads/fonts/CooperHewitt-OTF-public.zip;
@ -12,7 +12,7 @@ fetchzip rec {
sha256 = "01iwqmjvqkc6fmc2r0486vk06s6f51n9wxzl1pf9z48n0igj4gqd";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://www.cooperhewitt.org/open-source-at-cooper-hewitt/cooper-hewitt-the-typeface-by-chester-jenkins/;
description = "A contemporary sans serif, with characters composed of modified-geometric curves and arches";
license = licenses.ofl;

6
pkgs/data/fonts/corefonts/default.nix
View File

@ -41,12 +41,10 @@ stdenv.mkDerivation {
cabextract --lowercase viewer1.cab
fontDir=$out/share/fonts/truetype
mkdir -p $fontDir
cp *.ttf $fontDir
install -m444 -Dt $out/share/fonts/truetype *.ttf
# Also put the EULA there to be on the safe side.
cp ${eula} $fontDir/eula.html
cp ${eula} $out/share/fonts/truetype/eula.html
# Set up no-op font configs to override any aliases set up by
# other packages.

11
pkgs/data/fonts/crimson/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "2014.10";
@ -9,16 +9,13 @@ in fetchzip rec {
postFetch = ''
tar -xzvf $downloadedFile --strip-components=1
mkdir -p $out/share/fonts/opentype
mkdir -p $out/share/doc/${name}
cp -v "Desktop Fonts/OTF/"*.otf $out/share/fonts/opentype
cp -v README.md $out/share/doc/${name}
install -m444 -Dt $out/share/fonts/opentype "Desktop Fonts/OTF/"*.otf
install -m444 -Dt $out/share/doc/${name} README.md
'';
sha256 = "0mg65f0ydyfmb43jqr1f34njpd10w8npw15cbb7z0nxmy4nkl842";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://aldusleaf.org/crimson.html;
description = "A font family inspired by beautiful oldstyle typefaces";
license = licenses.ofl;

19
pkgs/data/fonts/culmus/default.nix
View File

@ -1,16 +1,12 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "0.133";
in stdenv.mkDerivation {
in fetchzip {
name = "culmus-${version}";
src = fetchzip {
url = "mirror://sourceforge/culmus/culmus/${version}/culmus-${version}.tar.gz";
sha256 = "0q80j3vixn364sc23hcy6098rkgy0kb4p91lky6224am1dwn2qmr";
};
installPhase = ''
url = "mirror://sourceforge/culmus/culmus/${version}/culmus-${version}.tar.gz";
postFetch = ''
tar xf $downloadedFile --strip=1
mkdir -p $out/share/fonts/{truetype,type1}
cp -v *.pfa $out/share/fonts/type1/
cp -v *.afm $out/share/fonts/type1/
@ -19,12 +15,13 @@ in stdenv.mkDerivation {
cp -v *.otf $out/share/fonts/truetype/
cp -v fonts.scale-ttf $out/share/fonts/truetype/fonts.scale
'';
sha256 = "0zqqjcrqmbd4389hqz2dwymkkcxjrq9ylyriiv3gbmzl6l1ffk3g";
meta = {
description = "Culmus Hebrew fonts";
longDescription = "The Culmus project aims at providing the Hebrew-speaking GNU/Linux and Unix community with a basic collection of Hebrew fonts for X Windows.";
platforms = stdenv.lib.platforms.all;
license = stdenv.lib.licenses.gpl2;
platforms = lib.platforms.all;
license = lib.licenses.gpl2;
homepage = http://culmus.sourceforge.net/;
downloadPage = http://culmus.sourceforge.net/download.html;
};

6
pkgs/data/fonts/d2coding/default.nix
View File

@ -1,10 +1,10 @@
{ stdenv, fetchzip, unzip }:
{ lib, fetchzip, unzip }:
let
version = "1.3.2";
pname = "d2codingfont";
in fetchzip rec {
in fetchzip {
name = "${pname}-${version}";
url = "https://github.com/naver/${pname}/releases/download/VER${version}/D2Coding-Ver${version}-20180524.zip";
@ -15,7 +15,7 @@ in fetchzip rec {
sha256 = "1812r82530wzfki7k9cm35fy6k2lvis7j6w0w8svc784949m1wwj";
meta = with stdenv.lib; {
meta = with lib; {
description = "Monospace font with support for Korean and latin characters";
longDescription = ''
D2Coding is a monospace font developed by a Korean IT Company called Naver.

1
pkgs/data/fonts/dina-pcf/default.nix
View File

@ -60,6 +60,5 @@ stdenv.mkDerivation rec {
downloadPage = https://www.donationcoder.com/Software/Jibz/Dina/;
license = licenses.free;
maintainers = [ maintainers.prikhi ];
platforms = platforms.unix;
};
}

7
pkgs/data/fonts/dina/default.nix
View File

@ -5,11 +5,13 @@ let
in fetchzip rec {
name = "dina-font-${version}";
url = "http://www.donationcoder.com/Software/Jibz/Dina/downloads/Dina.zip";
# `meta.homepage` has no direct download link
url = "https://github.com/ProgrammingFonts/ProgrammingFonts/archive/b15ef365146be7eef4a46979cfe157c5aeefb7c0.zip";
postFetch = ''
mkdir -p $out/share/fonts
unzip -j $downloadedFile \*.bdf -d $out/share/fonts
unzip -j $downloadedFile '*/Dina/*.bdf' -d $out/share/fonts
chmod u-x $out/share/fonts/*
'';
sha256 = "02a6hqbq18sw69npylfskriqhvj1nsk65hjjyd05nl913ycc6jl7";
@ -25,6 +27,5 @@ in fetchzip rec {
downloadPage = https://www.donationcoder.com/Software/Jibz/Dina/;
license = licenses.free;
maintainers = [ maintainers.prikhi ];
platforms = platforms.unix;
};
}

1
pkgs/data/fonts/dosemu-fonts/default.nix
View File

@ -31,6 +31,5 @@ stdenv.mkDerivation rec {
meta = {
description = "Various fonts from the DOSEmu project";
platforms = stdenv.lib.platforms.linux;
};
}

18
pkgs/data/fonts/dosis/default.nix
View File

@ -1,19 +1,21 @@
{ stdenv, fetchzip}:
{ lib, fetchFromGitHub }:
fetchzip rec {
fetchFromGitHub rec {
name = "dosis-1.007";
url = https://github.com/impallari/Dosis/archive/12df1e13e58768f20e0d48ff15651b703f9dd9dc.zip;
owner = "impallari";
repo = "Dosis";
rev = "12df1e13e58768f20e0d48ff15651b703f9dd9dc";
postFetch = ''
mkdir -p $out/share/{doc,fonts}
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype
unzip -j $downloadedFile \*README.md \*FONTLOG.txt -d "$out/share/doc/${name}"
tar xf $downloadedFile --strip=1
find . -name '*.otf' -exec install -m444 -Dt $out/share/fonts/opentype {} \;
install -m444 -Dt $out/share/doc/${name} README.md FONTLOG.txt
'';
sha256 = "11a8jmgaly14l7rm3jxkwwv3ngr8fdlkp70nicjk2rg0nny2cvfq";
sha256 = "0vz25w45i8flfvppymr5h83pa2n1r37da20v7691p44018fdsdny";
meta = with stdenv.lib; {
meta = with lib; {
description = "A very simple, rounded, sans serif family";
longDescription = ''
Dosis is a very simple, rounded, sans serif family.

4
pkgs/data/fonts/doulos-sil/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
let
version = "5.000";
@ -16,7 +16,7 @@ in
sha256 = "04a9cr7jbw7d8llcj8xsqp9rp8w6gcgbd9sdwvi02kz7jhqa0vad";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://software.sil.org/doulos;
description = "A font that provides complete support for the International Phonetic Alphabet";
longDescription = ''

4
pkgs/data/fonts/eb-garamond/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "0.016";
@ -15,7 +15,7 @@ in fetchzip rec {
sha256 = "04jq4mpln85zzbla8ybsjw7vn9qr3r0snmk5zykrm24imq7ripv3";
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://www.georgduffner.at/ebgaramond/;
description = "Digitization of the Garamond shown on the Egenolff-Berner specimen";
maintainers = with maintainers; [ relrod rycee ];

4
pkgs/data/fonts/emacs-all-the-icons-fonts/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "3.2.0";
@ -14,7 +14,7 @@ in fetchzip {
sha256 = "0ps8q9nkx67ivgn8na4s012360v36jwr0951rsg7j6dyyw9g41jq";
meta = with stdenv.lib; {
meta = with lib; {
description = "Icon fonts for emacs all-the-icons";
longDescription = ''
The emacs package all-the-icons provides icons to improve

1
pkgs/data/fonts/emojione/default.nix
View File

@ -29,7 +29,6 @@ stdenv.mkDerivation rec {
description = "Open source emoji set";
homepage = http://emojione.com/;
license = licenses.cc-by-40;
platforms = platforms.linux;
maintainers = with maintainers; [ abbradar ];
};
}

4
pkgs/data/fonts/encode-sans/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
fetchzip rec {
name = "encode-sans-1.002";
@ -13,7 +13,7 @@ fetchzip rec {
sha256 = "16mx894zqlwrhnp4rflgayxhxppmsj6k7haxdngajhb30rlwf08p";
meta = with stdenv.lib; {
meta = with lib; {
description = "A versatile sans serif font family";
longDescription = ''
The Encode Sans family is a versatile workhorse. Featuring a huge range of

4
pkgs/data/fonts/eunomia/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
majorVersion = "0";
@ -17,7 +17,7 @@ fetchzip rec {
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype/${pname}
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = http://dotcolon.net/font/eunomia/;
description = "A futuristic decorative font.";
platforms = platforms.all;

4
pkgs/data/fonts/f5_6/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
majorVersion = "0";
@ -17,7 +17,7 @@ fetchzip rec {
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype/${pname}
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = "http://dotcolon.net/font/${pname}/";
description = "A weighted decorative font.";
platforms = platforms.all;

6
pkgs/data/fonts/fantasque-sans-mono/default.nix
View File

@ -1,9 +1,7 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "1.7.2";
in
fetchzip rec {
@ -19,7 +17,7 @@ fetchzip rec {
sha256 = "1fwvbqfrgb539xybwdawvwa8cg4f215kw905rgl9a6p0iwa1nxqk";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://github.com/belluzj/fantasque-sans;
description = "A font family with a great monospaced variant for programmers";
license = licenses.ofl;

4
pkgs/data/fonts/ferrum/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
majorVersion = "0";
@ -17,7 +17,7 @@ fetchzip rec {
unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype/${pname}
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = "http://dotcolon.net/font/${pname}/";
description = "A decorative font.";
platforms = platforms.all;

19
pkgs/data/fonts/fira/default.nix
View File

@ -1,18 +1,23 @@
{ stdenv, fetchzip }:
{ lib, fetchFromGitHub }:
fetchzip rec {
name = "fira-4.106";
let
version = "4.106";
in fetchFromGitHub {
name = "fira-${version}";
url = https://github.com/mozilla/Fira/archive/4.106.zip;
owner = "mozilla";
repo = "Fira";
rev = version;
postFetch = ''
mkdir -p $out/share/fonts
unzip -j $downloadedFile Fira-4.106/otf/FiraSans\*.otf -d $out/share/fonts/opentype
tar xf $downloadedFile --strip=1
mkdir -p $out/share/fonts/opentype
cp otf/*.otf $out/share/fonts/opentype
'';
sha256 = "0c97nmihcq0ki7ywj8zn048a2bgrszc61lb9p0djfi65ar52jab4";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://mozilla.github.io/Fira/;
description = "Sans-serif font for Firefox OS";
longDescription = ''

32
pkgs/data/fonts/fixedsys-excelsior/default.nix
View File

@ -1,33 +1,25 @@
{ stdenv, fetchurl } :
let
let
major = "3";
minor = "00";
version = "${major}.${minor}";
in
stdenv.mkDerivation rec {
in fetchurl rec {
name = "fixedsys-excelsior-${version}";
src = fetchurl {
url = http://www.fixedsysexcelsior.com/fonts/FSEX300.ttf;
sha256 = "6ee0f3573bc5e33e93b616ef6282f49bc0e227a31aa753ac76ed2e3f3d02056d";
};
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/share/fonts/truetype/
cp $src $out/share/fonts/truetype/${name}.ttf
urls = [
http://www.fixedsysexcelsior.com/fonts/FSEX300.ttf
https://raw.githubusercontent.com/chrissimpkins/codeface/master/fonts/fixed-sys-excelsior/FSEX300.ttf
http://tarballs.nixos.org/sha256/6ee0f3573bc5e33e93b616ef6282f49bc0e227a31aa753ac76ed2e3f3d02056d
];
downloadToTemp = true;
recursiveHash = true;
postFetch = ''
install -m444 -D $downloadedFile $out/share/fonts/truetype/${name}.ttf
'';
outputHashMode = "recursive";
sha256 = "32d6f07f1ff08c764357f8478892b2ba5ade23427af99759f34a0ba24bcd2e37";
outputHashAlgo = "sha256";
outputHash = "32d6f07f1ff08c764357f8478892b2ba5ade23427af99759f34a0ba24bcd2e37";
meta = {
description = "Pan-unicode version of Fixedsys, a classic DOS font.";
homepage = http://www.fixedsysexcelsior.com/;

14
pkgs/data/fonts/font-awesome-5/default.nix
View File

@ -1,20 +1,22 @@
{ stdenv, fetchzip }:
{ lib, fetchFromGitHub }:
let
version = "5.8.2";
in fetchzip rec {
in fetchFromGitHub rec {
name = "font-awesome-${version}";
url = "https://github.com/FortAwesome/Font-Awesome/archive/${version}.zip";
owner = "FortAwesome";
repo = "Font-Awesome";
rev = version;
postFetch = ''
mkdir -p $out/share/fonts
unzip -j $downloadedFile "Font-Awesome-${version}/otfs/*.otf" -d $out/share/fonts/opentype
tar xf $downloadedFile --strip=1
install -m444 -Dt $out/share/fonts/opentype otfs/*.otf
'';
sha256 = "1h0qhvkfyfs4579jvrk3gwc7dp4i9s46bkj406b493dvmxxhv986";
meta = with stdenv.lib; {
meta = with lib; {
description = "Font Awesome - OTF font";
longDescription = ''
Font Awesome gives you scalable vector icons that can instantly be customized.

4
pkgs/data/fonts/fontconfig-penultimate/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip
{ lib, fetchzip
, version ? "0.3.5"
, sha256 ? "1gfgl7qimp76q4z0nv55vv57yfs4kscdr329np701k0xnhncwvrk"
}:
@ -14,7 +14,7 @@ fetchzip {
unzip -j $downloadedFile \*.conf -d $out/etc/fonts/conf.d
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://github.com/ttuegel/fontconfig-penultimate;
description = "Sensible defaults for Fontconfig";
license = licenses.asl20;

6
pkgs/data/fonts/freefont-ttf/default.nix
View File

@ -1,4 +1,4 @@
{stdenv, fetchzip}:
{ lib, fetchzip }:
fetchzip rec {
name = "freefont-ttf-20120503";
@ -20,8 +20,8 @@ fetchzip rec {
10646/Unicode UCS (Universal Character Set).
'';
homepage = https://www.gnu.org/software/freefont/;
license = stdenv.lib.licenses.gpl3Plus;
platforms = stdenv.lib.platforms.all;
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.all;
maintainers = [];
};
}

25
pkgs/data/fonts/gandom-fonts/default.nix
View File

@ -1,22 +1,21 @@
{ stdenv, fetchFromGitHub }:
{ lib, fetchFromGitHub }:
stdenv.mkDerivation rec {
let
pname = "gandom-fonts";
version = "0.6";
in fetchFromGitHub {
name = "${pname}-${version}";
owner = "rastikerdar";
repo = "gandom-font";
rev = "v${version}";
src = fetchFromGitHub {
owner = "rastikerdar";
repo = "gandom-font";
rev = "v${version}";
sha256 = "1pdbqhvcsz6aq3qgarhfd05ip0wmh7bxqkmxrwa0kgxsly6zxz9x";
};
installPhase = ''
mkdir -p $out/share/fonts/gandom-fonts
cp -v $( find . -name '*.ttf') $out/share/fonts/gandom-fonts
postFetch = ''
tar xf $downloadedFile --strip=1
find . -name '*.ttf' -exec install -m444 -Dt $out/share/fonts/gandom-fonts {} \;
'';
sha256 = "0zsq6s9ziyb5jz0v8aj00dlxd1aly0ibxgszd05dfvykmgz051lc";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://github.com/rastikerdar/gandom-font;
description = "A Persian (Farsi) Font - فونت (قلم) فارسی گندم";
license = licenses.ofl;

36
pkgs/data/fonts/gdouros/default.nix
View File

@ -1,29 +1,16 @@
{stdenv, fetchzip, lib}:
{ fetchzip, lib }:
let
fonts = {
symbola = { version = "9.17"; file = "Symbola.zip"; sha256 = "13z18lxx0py54nns61ihgxacpf1lg9s7g2sbpbnxpllqw7j73iq2";
description = "Basic Latin, Greek, Cyrillic and many Symbol blocks of Unicode"; };
aegyptus = { version = "6.17"; file = "Aegyptus.zip"; sha256 = "19rkf89msqb076qjdfa75pqrx35c3slj64vxw08zqdvyavq7jc79";
description = "Egyptian Hieroglyphs, Coptic, Meroitic"; };
akkadian = { version = "7.17"; file = "AkkadianAssyrian.zip"; sha256 = "1xw2flrwb5r89sk7jd195v3svsb21brf1li2i3pdjcfqxfp5m0g7";
description = "Sumero-Akkadian Cuneiform"; };
anatolian = { version = "5.17"; file = "Anatolian.zip"; sha256 = "0dqcyjakc4fy076pjplm6psl8drpwxiwyq97xrf6a3qa098gc0qc";
description = "Anatolian Hieroglyphs"; };
maya = { version = "4.17"; file = "Maya.zip"; sha256 = "17s5c23wpqrcq5h6pgssbmzxiv4jvhdh2ssr99j9q6j32a51h9gh";
description = "Maya Hieroglyphs"; };
unidings = { version = "9.17"; file = "Unidings.zip"; sha256 = "0nzw8mrhk0hbjnl2cgi31b00vmi785win86kiz9d2yzdfz1is6sk";
description = "Glyphs and Icons for blocks of The Unicode Standard"; };
musica = { version = "3.17"; file = "Musica.zip"; sha256 = "0mnv61dxzs2npvxgs5l9q81q19xzzi1sn53x5qwpiirkmi6bg5y6";
description = "Musical Notation"; };
analecta = { version = "5.17"; file = "Analecta.zip"; sha256 = "13npnfscd9mz6vf89qxxbj383njf53a1smqjh0c1w2lvijgak3aj";
description = "Coptic, Gothic, Deseret"; };
textfonts = { version = "7.17"; file = "TextfontsFonts.zip"; sha256 = "1ggflqnslp81v8pzmzx6iwi2sa38l9bpivjjci7nvx3y5xynm6wl";
description = "Aroania, Anaktoria, Alexander, Avdira and Asea"; };
aegan = { version = "9.17"; file = "AegeanFonts.zip"; sha256 = "0dm2ck3p11bc9izrh7xz3blqfqg1mgsvy4jsgmz9rcs4m74xrhsf";
description = "Aegean"; };
abydos = { version = "1.23"; file = "AbydosFont.zip"; sha256 = "04r7ysnjjq0nrr3m8lbz8ssyx6xaikqybjqxzl3ziywl9h6nxdj8";
description = "AbydosFont"; };
aegan = { version = "10.00"; file = "Aegean.zip"; sha256 = "0k47nhzw4vx771ch3xx8mf6xx5vx0hg0cif5jdlmdaz4h2c3rawz"; description = "Aegean"; };
aegyptus = { version = "8.00"; file = "Aegyptus.zip"; sha256 = "13h2pi641k9vxgqi9l11mjya10ym9ln54wrkwxx6gxq63zy7y5mj"; description = "Egyptian Hieroglyphs, Coptic, Meroitic"; };
akkadian = { version = "7.18"; file = "Akkadian.zip"; sha256 = "1bplcvszbdrk85kqipn9lzhr62647wjibz1p8crzjvsw6f9ymxy3"; description = "Sumero-Akkadian Cuneiform"; };
assyrian = { version = "2.00"; file = "AssyrianFont.zip"; sha256 = "0vdvb24vsnmwzd6bw14akqg0hbvsk8avgnbwk9fkybn1f801475k"; description = "Neo-Assyrian in Unicode with OpenType"; };
eemusic = { version = "2.00"; file = "EEMusic.zip"; sha256 = "1y9jf105a2b689m7hdjmhhr7z5j0qd2w6dmb3iic9bwaczlrjy7j"; description = "Byzantine Musical Notation in Unicode with OpenType"; };
maya = { version = "4.18"; file = "Maya.zip"; sha256 = "08z2ch0z2c43fjfg5m4yp3l1dp0cbk7lv5i7wzsr3cr9kr59wpi9"; description = "Maya Hieroglyphs"; };
symbola = { version = "12.00"; file = "Symbola.zip"; sha256 = "1i3xra33xkj32vxs55xs2afrqyc822nk25669x78px5g5qd8gypm"; description = "Basic Latin, Greek, Cyrillic and many Symbol blocks of Unicode"; };
textfonts = { version = "9.00"; file = "Textfonts.zip"; sha256 = "0wzxz4j4fgk81b88d58715n1wvq2mqmpjpk4g5hi3vk77y2zxc4d"; description = "Aroania, Anaktoria, Alexander, Avdira and Asea"; };
unidings = { version = "9.19"; file = "Unidings.zip"; sha256 = "1bybzgdqhmq75hb12n3pjrsdcpw1a6sgryx464s68jlq4zi44g78"; description = "Glyphs and Icons for blocks of The Unicode Standard"; };
};
mkpkg = name_: {version, file, sha256, description}: fetchzip rec {
@ -42,9 +29,8 @@ let
# In lieu of a license:
# Fonts in this site are offered free for any use;
# they may be installed, embedded, opened, edited, modified, regenerated, posted, packaged and redistributed.
license = stdenv.lib.licenses.free;
license = lib.licenses.free;
homepage = http://users.teilar.gr/~g1951d/;
platforms = stdenv.lib.platforms.unix;
};
};
in

5
pkgs/data/fonts/gentium-book-basic/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
major = "1";
@ -11,14 +11,13 @@ in fetchzip rec {
postFetch = ''
mkdir -p $out/share/{doc,fonts}
unzip -l $downloadedFile
unzip -j $downloadedFile \*.ttf -d $out/share/fonts/truetype
unzip -j $downloadedFile \*/FONTLOG.txt \*/GENTIUM-FAQ.txt -d $out/share/doc/${name}
'';
sha256 = "0598zr5f7d6ll48pbfbmmkrybhhdks9b2g3m2g67wm40070ffzmd";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://software.sil.org/gentium/;
description = "A high-quality typeface family for Latin, Cyrillic, and Greek";
maintainers = with maintainers; [ ];

4
pkgs/data/fonts/gentium/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchzip }:
{ lib, fetchzip }:
let
version = "5.000";
@ -17,7 +17,7 @@ in fetchzip rec {
sha256 = "1qr2wjdmm93167b0w9cidlf3wwsyjx4838ja9jmm4jkyian5whhp";
meta = with stdenv.lib; {
meta = with lib; {
homepage = https://software.sil.org/gentium/;
description = "A high-quality typeface family for Latin, Cyrillic, and Greek";
longDescription = ''

22
pkgs/data/fonts/go-font/default.nix
View File

@ -1,26 +1,22 @@
{ stdenv, fetchgit }:
stdenv.mkDerivation rec {
name = "go-font-${version}";
let
version = "2017-03-30";
in (fetchgit {
name = "go-font-${version}";
url = "https://go.googlesource.com/image";
rev = "f03a046406d4d7fbfd4ed29f554da8f6114049fc";
src = fetchgit {
url = "https://go.googlesource.com/image";
rev = "f03a046406d4d7fbfd4ed29f554da8f6114049fc";
sha256 = "1aq6mnjayks55gd9ahavk6jfydlq5lm4xm0xk4pd5sqa74p5p74d";
};
installPhase = ''
postFetch = ''
mv $out/* .
mkdir -p $out/share/fonts/truetype
mkdir -p $out/share/doc/go-font
cp font/gofont/ttfs/* $out/share/fonts/truetype
mv $out/share/fonts/truetype/README $out/share/doc/go-font/LICENSE
'';
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "10hfm2cpxlx1ng7r2mbvykjhmy131qlgzpdzj7ibg9kr293bcjc0";
sha256 = "1488426ya2nzmwjas947fx9h5wzxrp9wasn8nkjqf0y0mpd4f1xz";
}) // {
meta = with stdenv.lib; {
homepage = https://blog.golang.org/go-fonts;
description = "The Go font family";

1
pkgs/data/fonts/gohufont/default.nix
View File

@ -67,6 +67,5 @@ stdenv.mkDerivation rec {
homepage = http://font.gohu.org/;
license = licenses.wtfpl;
maintainers = with maintainers; [ epitrochoid rnhmjoj ];
platforms = platforms.unix;
};
}

Some files were not shown because too many files have changed in this diff Show More