diff --git a/doc/stdenv/cross-compilation.chapter.md b/doc/stdenv/cross-compilation.chapter.md index 53522962a5c9..f6e61a1af196 100644 --- a/doc/stdenv/cross-compilation.chapter.md +++ b/doc/stdenv/cross-compilation.chapter.md @@ -158,9 +158,9 @@ One would think that `localSystem` and `crossSystem` overlap horribly with the t ### Implementation of dependencies {#ssec-cross-dependency-implementation} -The categories of dependencies developed in [](#ssec-cross-dependency-categorization) are specified as lists of derivations given to `mkDerivation`, as documented in [](#ssec-stdenv-dependencies). In short, each list of dependencies for "host → target" of "foo → bar" is called `depsFooBar`, with exceptions for backwards compatibility that `depsBuildHost` is instead called `nativeBuildInputs` and `depsHostTarget` is instead called `buildInputs`. Nixpkgs is now structured so that each `depsFooBar` is automatically taken from `pkgsFooBar`. (These `pkgsFooBar`s are quite new, so there is no special case for `nativeBuildInputs` and `buildInputs`.) For example, `pkgsBuildHost.gcc` should be used at build-time, while `pkgsHostTarget.gcc` should be used at run-time. +The categories of dependencies developed in [](#ssec-cross-dependency-categorization) are specified as lists of derivations given to `mkDerivation`, as documented in [](#ssec-stdenv-dependencies). In short, each list of dependencies for "host → target" is called `deps` (where `host`, and `target` values are either `build`, `host`, or `target`), with exceptions for backwards compatibility that `depsBuildHost` is instead called `nativeBuildInputs` and `depsHostTarget` is instead called `buildInputs`. Nixpkgs is now structured so that each `deps` is automatically taken from `pkgs`. (These `pkgs`s are quite new, so there is no special case for `nativeBuildInputs` and `buildInputs`.) For example, `pkgsBuildHost.gcc` should be used at build-time, while `pkgsHostTarget.gcc` should be used at run-time. -Now, for most of Nixpkgs's history, there were no `pkgsFooBar` attributes, and most packages have not been refactored to use it explicitly. Prior to those, there were just `buildPackages`, `pkgs`, and `targetPackages`. Those are now redefined as aliases to `pkgsBuildHost`, `pkgsHostTarget`, and `pkgsTargetTarget`. It is acceptable, even recommended, to use them for libraries to show that the host platform is irrelevant. +Now, for most of Nixpkgs's history, there were no `pkgs` attributes, and most packages have not been refactored to use it explicitly. Prior to those, there were just `buildPackages`, `pkgs`, and `targetPackages`. Those are now redefined as aliases to `pkgsBuildHost`, `pkgsHostTarget`, and `pkgsTargetTarget`. It is acceptable, even recommended, to use them for libraries to show that the host platform is irrelevant. But before that, there was just `pkgs`, even though both `buildInputs` and `nativeBuildInputs` existed. \[Cross barely worked, and those were implemented with some hacks on `mkDerivation` to override dependencies.\] What this means is the vast majority of packages do not use any explicit package set to populate their dependencies, just using whatever `callPackage` gives them even if they do correctly sort their dependencies into the multiple lists described above. And indeed, asking that users both sort their dependencies, _and_ take them from the right attribute set, is both too onerous and redundant, so the recommended approach (for now) is to continue just categorizing by list and not using an explicit package set. diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index 02042407f6ce..c108fffd1b01 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -116,15 +116,27 @@ On Linux, `stdenv` also includes the `patchelf` utility. ## Specifying dependencies {#ssec-stdenv-dependencies} -As described in the Nix manual, almost any `*.drv` store path in a derivation’s attribute set will induce a dependency on that derivation. `mkDerivation`, however, takes a few attributes intended to, between them, include all the dependencies of a package. This is done both for structure and consistency, but also so that certain other setup can take place. For example, certain dependencies need their bin directories added to the `PATH`. That is built-in, but other setup is done via a pluggable mechanism that works in conjunction with these dependency attributes. See [](#ssec-setup-hooks) for details. +As described in the Nix manual, almost any `*.drv` store path in a derivation’s attribute set will induce a dependency on that derivation. `mkDerivation`, however, takes a few attributes intended to include all the dependencies of a package. This is done both for structure and consistency, but also so that certain other setup can take place. For example, certain dependencies need their bin directories added to the `PATH`. That is built-in, but other setup is done via a pluggable mechanism that works in conjunction with these dependency attributes. See [](#ssec-setup-hooks) for details. Dependencies can be broken down along three axes: their host and target platforms relative to the new derivation’s, and whether they are propagated. The platform distinctions are motivated by cross compilation; see [](#chap-cross) for exactly what each platform means. [^footnote-stdenv-ignored-build-platform] But even if one is not cross compiling, the platforms imply whether or not the dependency is needed at run-time or build-time, a concept that makes perfect sense outside of cross compilation. By default, the run-time/build-time distinction is just a hint for mental clarity, but with `strictDeps` set it is mostly enforced even in the native case. The extension of `PATH` with dependencies, alluded to above, proceeds according to the relative platforms alone. The process is carried out only for dependencies whose host platform matches the new derivation’s build platform i.e. dependencies which run on the platform where the new derivation will be built. [^footnote-stdenv-native-dependencies-in-path] For each dependency \ of those dependencies, `dep/bin`, if present, is added to the `PATH` environment variable. -The dependency is propagated when it forces some of its other-transitive (non-immediate) downstream dependencies to also take it on as an immediate dependency. Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency. +A dependency is said to be **propagated** when some of its other-transitive (non-immediate) downstream dependencies also need it as an immediate dependency. +[^footnote-stdenv-propagated-dependencies] -It is important to note that dependencies are not necessarily propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up. The exact rules for dependency propagation can be given by assigning to each dependency two integers based one how its host and target platforms are offset from the depending derivation’s platforms. Those offsets are given below in the descriptions of each dependency list attribute. Algorithmically, we traverse propagated inputs, accumulating every propagated dependency’s propagated dependencies and adjusting them to account for the “shift in perspective” described by the current dependency’s platform offsets. This results in sort a transitive closure of the dependency relation, with the offsets being approximately summed when two dependency links are combined. We also prune transitive dependencies whose combined offsets go out-of-bounds, which can be viewed as a filter over that transitive closure removing dependencies that are blatantly absurd. +It is important to note that dependencies are not necessarily propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up. To determine the exact rules for dependency propagation, we start by assigning to each dependency a couple of ternary numbers (`-1` for `build`, `0` for `host`, and `1` for `target`), representing how respectively its host and target platforms are "offset" from the depending derivation’s platforms. The following table summarize the different combinations that can be obtained: + +| `host → target` | attribute name | offset | +| ------------------- | ------------------- | -------- | +| `build --> build` | `depsBuildBuild` | `-1, -1` | +| `build --> host` | `nativeBuildInputs` | `-1, 0` | +| `build --> target` | `depsBuildTarget` | `-1, 1` | +| `host --> host` | `depsHostHost` | `0, 0` | +| `host --> target` | `buildInputs` | `0, 1` | +| `target --> target` | `depsTargetTarget` | `1, 1` | + +Algorithmically, we traverse propagated inputs, accumulating every propagated dependency’s propagated dependencies and adjusting them to account for the “shift in perspective” described by the current dependency’s platform offsets. This results is sort of a transitive closure of the dependency relation, with the offsets being approximately summed when two dependency links are combined. We also prune transitive dependencies whose combined offsets go out-of-bounds, which can be viewed as a filter over that transitive closure removing dependencies that are blatantly absurd. We can define the process precisely with [Natural Deduction](https://en.wikipedia.org/wiki/Natural_deduction) using the inference rules. This probably seems a bit obtuse, but so is the bash code that actually implements it! [^footnote-stdenv-find-inputs-location] They’re confusing in very different ways so… hopefully if something doesn’t make sense in one presentation, it will in the other! @@ -179,37 +191,37 @@ Overall, the unifying theme here is that propagation shouldn’t be introducing #### `depsBuildBuild` {#var-stdenv-depsBuildBuild} -A list of dependencies whose host and target platforms are the new derivation’s build platform. This means a `-1` host and `-1` target offset from the new derivation’s platforms. These are programs and libraries used at build time that produce programs and libraries also used at build time. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it in `nativeBuildInputs` instead. The most common use of this `buildPackages.stdenv.cc`, the default C compiler for this role. That example crops up more than one might think in old commonly used C libraries. +A list of dependencies whose host and target platforms are the new derivation’s build platform. These are programs and libraries used at build time that produce programs and libraries also used at build time. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it in `nativeBuildInputs` instead. The most common use of this `buildPackages.stdenv.cc`, the default C compiler for this role. That example crops up more than one might think in old commonly used C libraries. Since these packages are able to be run at build-time, they are always added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. #### `nativeBuildInputs` {#var-stdenv-nativeBuildInputs} -A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s host platform. This means a `-1` host offset and `0` target offset from the new derivation’s platforms. These are programs and libraries used at build-time that, if they are a compiler or similar tool, produce code to run at run-time—i.e. tools used to build the new derivation. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild` or `depsBuildTarget`. This could be called `depsBuildHost` but `nativeBuildInputs` is used for historical continuity. +A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s host platform. These are programs and libraries used at build-time that, if they are a compiler or similar tool, produce code to run at run-time—i.e. tools used to build the new derivation. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild` or `depsBuildTarget`. This could be called `depsBuildHost` but `nativeBuildInputs` is used for historical continuity. Since these packages are able to be run at build-time, they are added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. #### `depsBuildTarget` {#var-stdenv-depsBuildTarget} -A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s target platform. This means a `-1` host offset and `1` target offset from the new derivation’s platforms. These are programs used at build time that produce code to run with code produced by the depending package. Most commonly, these are tools used to build the runtime or standard library that the currently-being-built compiler will inject into any code it compiles. In many cases, the currently-being-built-compiler is itself employed for that task, but when that compiler won’t run (i.e. its build and host platform differ) this is not possible. Other times, the compiler relies on some other tool, like binutils, that is always built separately so that the dependency is unconditional. +A list of dependencies whose host platform is the new derivation’s build platform, and target platform is the new derivation’s target platform. These are programs used at build time that produce code to run with code produced by the depending package. Most commonly, these are tools used to build the runtime or standard library that the currently-being-built compiler will inject into any code it compiles. In many cases, the currently-being-built-compiler is itself employed for that task, but when that compiler won’t run (i.e. its build and host platform differ) this is not possible. Other times, the compiler relies on some other tool, like binutils, that is always built separately so that the dependency is unconditional. -This is a somewhat confusing concept to wrap one’s head around, and for good reason. As the only dependency type where the platform offsets are not adjacent integers, it requires thinking of a bootstrapping stage *two* away from the current one. It and its use-case go hand in hand and are both considered poor form: try to not need this sort of dependency, and try to avoid building standard libraries and runtimes in the same derivation as the compiler produces code using them. Instead strive to build those like a normal library, using the newly-built compiler just as a normal library would. In short, do not use this attribute unless you are packaging a compiler and are sure it is needed. +This is a somewhat confusing concept to wrap one’s head around, and for good reason. As the only dependency type where the platform offsets, `-1` and `1`, are not adjacent integers, it requires thinking of a bootstrapping stage *two* away from the current one. It and its use-case go hand in hand and are both considered poor form: try to not need this sort of dependency, and try to avoid building standard libraries and runtimes in the same derivation as the compiler produces code using them. Instead strive to build those like a normal library, using the newly-built compiler just as a normal library would. In short, do not use this attribute unless you are packaging a compiler and are sure it is needed. Since these packages are able to run at build time, they are added to the `PATH`, as described above. But since these packages are only guaranteed to be able to run then, they shouldn’t persist as run-time dependencies. This isn’t currently enforced, but could be in the future. #### `depsHostHost` {#var-stdenv-depsHostHost} -A list of dependencies whose host and target platforms match the new derivation’s host platform. This means a `0` host offset and `0` target offset from the new derivation’s host platform. These are packages used at run-time to generate code also used at run-time. In practice, this would usually be tools used by compilers for macros or a metaprogramming system, or libraries used by the macros or metaprogramming code itself. It’s always preferable to use a `depsBuildBuild` dependency in the derivation being built over a `depsHostHost` on the tool doing the building for this purpose. +A list of dependencies whose host and target platforms match the new derivation’s host platform. In practice, this would usually be tools used by compilers for macros or a metaprogramming system, or libraries used by the macros or metaprogramming code itself. It’s always preferable to use a `depsBuildBuild` dependency in the derivation being built over a `depsHostHost` on the tool doing the building for this purpose. #### `buildInputs` {#var-stdenv-buildInputs} -A list of dependencies whose host platform and target platform match the new derivation’s. This means a `0` host offset and a `1` target offset from the new derivation’s host platform. This would be called `depsHostTarget` but for historical continuity. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild`. +A list of dependencies whose host platform and target platform match the new derivation’s. This would be called `depsHostTarget` but for historical continuity. If the dependency doesn’t care about the target platform (i.e. isn’t a compiler or similar tool), put it here, rather than in `depsBuildBuild`. These are often programs and libraries used by the new derivation at *run*-time, but that isn’t always the case. For example, the machine code in a statically-linked library is only used at run-time, but the derivation containing the library is only needed at build-time. Even in the dynamic case, the library may also be needed at build-time to appease the linker. #### `depsTargetTarget` {#var-stdenv-depsTargetTarget} -A list of dependencies whose host platform matches the new derivation’s target platform. This means a `1` offset from the new derivation’s platforms. These are packages that run on the target platform, e.g. the standard library or run-time deps of standard library that a compiler insists on knowing about. It’s poor form in almost all cases for a package to depend on another from a future stage \[future stage corresponding to positive offset\]. Do not use this attribute unless you are packaging a compiler and are sure it is needed. +A list of dependencies whose host platform matches the new derivation’s target platform. These are packages that run on the target platform, e.g. the standard library or run-time deps of standard library that a compiler insists on knowing about. It’s poor form in almost all cases for a package to depend on another from a future stage \[future stage corresponding to positive offset\]. Do not use this attribute unless you are packaging a compiler and are sure it is needed. #### `depsBuildBuildPropagated` {#var-stdenv-depsBuildBuildPropagated} @@ -1228,6 +1240,7 @@ If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`. [^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation. [^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`. +[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency. [^footnote-stdenv-find-inputs-location]: The `findInputs` function, currently residing in `pkgs/stdenv/generic/setup.sh`, implements the propagation logic. [^footnote-stdenv-sys-lib-search-path]: It clears the `sys_lib_*search_path` variables in the Libtool script to prevent Libtool from using libraries in `/usr/lib` and such. [^footnote-stdenv-build-time-guessing-impurity]: Eventually these will be passed building natively as well, to improve determinism: build-time guessing, as is done today, is a risk of impurity. diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 1e316c379f5b..efc9bd39b366 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -453,7 +453,7 @@ in cantarell-fonts dejavu_fonts source-code-pro # Default monospace font in 3.32 - source-sans-pro + source-sans ]; # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-38/elements/core/meta-gnome-core-shell.bst diff --git a/pkgs/applications/blockchains/chia/default.nix b/pkgs/applications/blockchains/chia/default.nix index b4ffd2a4f2ad..83d9cee9ec6c 100644 --- a/pkgs/applications/blockchains/chia/default.nix +++ b/pkgs/applications/blockchains/chia/default.nix @@ -6,14 +6,14 @@ let chia = python3Packages.buildPythonApplication rec { pname = "chia"; - version = "1.2.9"; + version = "1.2.10"; src = fetchFromGitHub { owner = "Chia-Network"; repo = "chia-blockchain"; rev = version; fetchSubmodules = true; - sha256 = "sha256-ZDWkVCga/NsKOnj5HP0lnmnX6vqw+I0b3a1Wr1t1VN0="; + sha256 = "sha256-TzSBGjgaE0IWaqJcCIoO/u+gDh17NtAqhE8ldbbjNIE="; }; postPatch = '' diff --git a/pkgs/applications/editors/texstudio/default.nix b/pkgs/applications/editors/texstudio/default.nix index 853593557dc5..6b1b34e11cf0 100644 --- a/pkgs/applications/editors/texstudio/default.nix +++ b/pkgs/applications/editors/texstudio/default.nix @@ -3,13 +3,13 @@ mkDerivation rec { pname = "texstudio"; - version = "4.0.0"; + version = "4.0.2"; src = fetchFromGitHub { owner = "${pname}-org"; repo = pname; rev = version; - sha256 = "0fapgc6dvzn47gmhxkqymwi3818rdiag33ml57j2mfmsi5pjxi0f"; + sha256 = "sha256-SCrWoIZan8mFwQoXaXvM0Ujdhcic3FbmfgKZSFXFBGE="; }; nativeBuildInputs = [ qmake wrapQtAppsHook pkg-config ]; diff --git a/pkgs/applications/graphics/ImageMagick/6.x.nix b/pkgs/applications/graphics/ImageMagick/6.x.nix index 7cb4018f38f4..4c06eb7962bc 100644 --- a/pkgs/applications/graphics/ImageMagick/6.x.nix +++ b/pkgs/applications/graphics/ImageMagick/6.x.nix @@ -16,13 +16,13 @@ in stdenv.mkDerivation rec { pname = "imagemagick"; - version = "6.9.12-19"; + version = "6.9.12-26"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick6"; rev = version; - sha256 = "sha256-8KofT9aNd8SXL0YBQ0RUOTccVxQNacvJL1uYPZiSPkY="; + sha256 = "sha256-oNorY/93jk1v5BS1T3wqctXuzV4o8JlyZtHnsNYmO4U="; }; outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix index 64fdf50a0d15..78c00b7984e3 100644 --- a/pkgs/applications/graphics/ImageMagick/7.0.nix +++ b/pkgs/applications/graphics/ImageMagick/7.0.nix @@ -18,13 +18,13 @@ in stdenv.mkDerivation rec { pname = "imagemagick"; - version = "7.1.0-9"; + version = "7.1.0-11"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick"; rev = version; - sha256 = "sha256-9eeOY6TvNykWA3yyQH1UR3ahdhOja87I9rsie9fMbso="; + sha256 = "sha256-z7ZpoB8NlcS5NVyoW0ngSlakCcb5qC3bh3xDVYuWS6w="; }; outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big diff --git a/pkgs/applications/networking/cluster/k3s/default.nix b/pkgs/applications/networking/cluster/k3s/default.nix index 6f72a3bc7e81..9d59bdfe088a 100644 --- a/pkgs/applications/networking/cluster/k3s/default.nix +++ b/pkgs/applications/networking/cluster/k3s/default.nix @@ -42,18 +42,18 @@ with lib; # Those pieces of software we entirely ignore upstream's handling of, and just # make sure they're in the path if desired. let - k3sVersion = "1.21.4+k3s1"; # k3s git tag - k3sCommit = "3e250fdbab72d88f7e6aae57446023a0567ffc97"; # k3s git commit at the above version - k3sRepoSha256 = "1w7drvk0bmlmqrxh1y6dxjy7dk6bdrl72pkd25lc1ir6wbzb05h9"; + k3sVersion = "1.22.2+k3s2"; # k3s git tag + k3sCommit = "3f5774b41eb475eb10c93bb0ce58459a6f777c5f"; # k3s git commit at the above version + k3sRepoSha256 = "1kjf2zkm5d3s1aj4w9gzsc3ms3a0cm900fyi9899ijczw1cbrc61"; - traefikChartVersion = "9.18.2"; # taken from ./manifests/traefik.yaml at spec.version - traefikChartSha256 = "sha256-9d7p0ngyMN27u4OPgz7yI14Zj9y36t9o/HMX5wyDpUI="; + traefikChartVersion = "10.3.0"; # taken from ./manifests/traefik.yaml at spec.version + traefikChartSha256 = "0y6wr64xp7bgx24kqil0x6myr3pnfrg8rw0d1h5zd2n5a8nfd73f"; k3sRootVersion = "0.9.1"; # taken from ./scripts/download at ROOT_VERSION - k3sRootSha256 = "sha256-qI84KYJKY/T6pqWZW9lOTq5NzZiu//v1zrMzUCiRTGQ="; + k3sRootSha256 = "0r2cj4l50cxkrvszpzxfk36lvbjf9vcmp6d5lvxg8qsah8lki3x8"; - k3sCNIVersion = "0.8.6-k3s1"; # taken from ./scripts/version.sh at VERSION_CNIPLUGINS - k3sCNISha256 = "sha256-uAy17eRRAXPCcnh481KxFMvFQecnnBs24jn5YnVNfY4="; + k3sCNIVersion = "0.9.1-k3s1"; # taken from ./scripts/version.sh at VERSION_CNIPLUGINS + k3sCNISha256 = "1327vmfph7b8i14q05c2xdfzk60caflg1zhycx0mrf3d59f4zsz5"; baseMeta = { description = "A lightweight Kubernetes distribution"; diff --git a/pkgs/applications/networking/cluster/k3s/update.sh b/pkgs/applications/networking/cluster/k3s/update.sh index 34257fcda2fc..01b3434b5bae 100755 --- a/pkgs/applications/networking/cluster/k3s/update.sh +++ b/pkgs/applications/networking/cluster/k3s/update.sh @@ -12,7 +12,9 @@ LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE} -LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | grep -v -e rc -e engine | sed 's/["|,| ]//g' | sort -V -r | head -n1) +LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | \ + grep -v -e rc -e engine | tail -n +2 | head -n -1 | sed 's|[", ]||g' | sort -rV | head -n1) + K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ diff --git a/pkgs/applications/networking/cluster/linkerd/default.nix b/pkgs/applications/networking/cluster/linkerd/default.nix index ac85ef8a6a33..51dced0af280 100644 --- a/pkgs/applications/networking/cluster/linkerd/default.nix +++ b/pkgs/applications/networking/cluster/linkerd/default.nix @@ -2,7 +2,7 @@ (callPackage ./generic.nix { }) { channel = "stable"; - version = "2.10.2"; - sha256 = "sha256-dOD0S4FJ2lXE+1VZooi8tKvC8ndGEHAxmAvSqoWI/m0="; - vendorSha256 = "sha256-Qb0FZOvKL9GgncfUl538PynkYbm3V8Q6lUpApUoIp5s="; + version = "2.11.0"; + sha256 = "172in8vmr7c5sff111rrd5127lz2pv7bbh7p399xafnk8ri0fx2i"; + vendorSha256 = "sha256-c3EyVrblqtFuoP7+YdbyPN0DdN6TcQ5DTtFQ/frKM0Q="; } diff --git a/pkgs/applications/networking/cluster/linkerd/edge.nix b/pkgs/applications/networking/cluster/linkerd/edge.nix index 8f2b9cda0b9d..8744c0f1744e 100644 --- a/pkgs/applications/networking/cluster/linkerd/edge.nix +++ b/pkgs/applications/networking/cluster/linkerd/edge.nix @@ -2,7 +2,7 @@ (callPackage ./generic.nix { }) { channel = "edge"; - version = "21.9.3"; - sha256 = "0swqx4myvr24visj39icg8g90kj325pvf22bq447rnm0whq3cnyz"; - vendorSha256 = "sha256-fMtAR66TwMNR/HCVQ9Jg3sJ0XBx2jUKDG7/ts0lEZM4="; + version = "21.10.3"; + sha256 = "09k4c0dgn9vvgp6xb20x0vylk6bbd03srk3sra8vnpywwi591mcv"; + vendorSha256 = "sha256-uGj1sMEa791ZKA7hpJ1A9vtwsmrZDGAYp6HQo6QNAYY="; } diff --git a/pkgs/data/fonts/source-han/default.nix b/pkgs/data/fonts/source-han/default.nix index e24bc8ae0dd3..1672af411c04 100644 --- a/pkgs/data/fonts/source-han/default.nix +++ b/pkgs/data/fonts/source-han/default.nix @@ -48,8 +48,13 @@ in serif = makePackage { family = "serif"; description = "serif"; - rev = "1.001R"; - sha256 = "0nnsb2w140ih0cnp1fh7s4csvzp9y0cavz9df2ryhv215mh9z4m0"; + rev = "2.000R"; + sha256 = "0x3n6s4khdd6l0crwd7g9sjaqp8lkvksglhc7kj3cv80hldab9wp"; + postFetch = '' + mkdir -p $out/share/fonts/opentype/source-han-serif + unzip $downloadedFile -d $out/share/fonts/opentype/source-han-serif + ''; + zip = ".zip"; }; mono = makePackage { diff --git a/pkgs/development/libraries/libnfc/default.nix b/pkgs/development/libraries/libnfc/default.nix index b4daab97388e..7e0d18115ef7 100644 --- a/pkgs/development/libraries/libnfc/default.nix +++ b/pkgs/development/libraries/libnfc/default.nix @@ -11,6 +11,8 @@ stdenv.mkDerivation { buildInputs = [ libusb-compat-0_1 readline ]; + configureFlags = [ "sysconfdir=/etc" ]; + meta = with lib; { description = "Open source library libnfc for Near Field Communication"; license = licenses.gpl3; diff --git a/pkgs/development/libraries/physics/fastjet-contrib/default.nix b/pkgs/development/libraries/physics/fastjet-contrib/default.nix index a09f031e7651..d87c9d68b715 100644 --- a/pkgs/development/libraries/physics/fastjet-contrib/default.nix +++ b/pkgs/development/libraries/physics/fastjet-contrib/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "fastjet-contrib"; - version = "1.045"; + version = "1.046"; src = fetchurl { url = "http://fastjet.hepforge.org/contrib/downloads/fjcontrib-${version}.tar.gz"; - sha256 = "1y45jx7i30ik2pjv33y16fi5i5jpmi0zp1jh32pwywd3diaiazv6"; + sha256 = "sha256-cgavrH/rIHXZn7sDa7NRPTKy2sOvMDQQJjmGNUeT7s8="; }; buildInputs = [ fastjet ]; diff --git a/pkgs/development/libraries/vte/default.nix b/pkgs/development/libraries/vte/default.nix index 6b65f8419645..0411086c78c3 100644 --- a/pkgs/development/libraries/vte/default.nix +++ b/pkgs/development/libraries/vte/default.nix @@ -25,13 +25,13 @@ stdenv.mkDerivation rec { pname = "vte"; - version = "0.66.0"; + version = "0.64.2"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "sha256-0IE6wA+x102IhR52X3VdSWyD4JcJc1jqG6rbOLN7ezM="; + sha256 = "sha256-KzyCC2WmZ8HYhZuiBHi+Ym0VGcwxWdrCX3AzMMbQfhg="; }; patches = [ diff --git a/pkgs/development/python-modules/casbin/default.nix b/pkgs/development/python-modules/casbin/default.nix index dc31600f9475..07ed4c5b1957 100644 --- a/pkgs/development/python-modules/casbin/default.nix +++ b/pkgs/development/python-modules/casbin/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "casbin"; - version = "1.9.2"; + version = "1.9.3"; disabled = isPy27; @@ -17,7 +17,7 @@ buildPythonPackage rec { owner = pname; repo = "pycasbin"; rev = "v${version}"; - sha256 = "0awqdh4jsarf0lr2bl2qiaff1yk9vndq15jcl4abiig9wr2yghpc"; + sha256 = "sha256-PN31/1BpXcNqsqBZ8sS/MM3UL47/Bi24bUh+jGOJevk="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/insegel/default.nix b/pkgs/development/python-modules/insegel/default.nix new file mode 100644 index 000000000000..499d38067539 --- /dev/null +++ b/pkgs/development/python-modules/insegel/default.nix @@ -0,0 +1,27 @@ +{ lib, buildPythonPackage, fetchPypi, pygments }: + +buildPythonPackage rec { + pname = "insegel"; + version = "1.3.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "1d055dd64f6eb335580a485271511ba2f4e3b5e315f48f827f58da3cace4b4ae"; + }; + + propagatedBuildInputs = [ pygments ]; + + # No tests included + doCheck = false; + + pythonImportsCheck = [ + "insegel" + ]; + + meta = with lib; { + homepage = "https://github.com/autophagy/insegel"; + description = "A monochrome 2 column Sphinx theme"; + license = licenses.mit; + maintainers = with maintainers; [ autophagy ]; + }; +} diff --git a/pkgs/development/python-modules/minio/default.nix b/pkgs/development/python-modules/minio/default.nix index 7b1085e78fec..19c549243843 100644 --- a/pkgs/development/python-modules/minio/default.nix +++ b/pkgs/development/python-modules/minio/default.nix @@ -16,14 +16,14 @@ buildPythonPackage rec { pname = "minio"; - version = "7.1.0"; + version = "7.1.1"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "minio"; repo = "minio-py"; rev = version; - sha256 = "sha256-0N9hPjGGYHFyGzEWWDnW7KsPQtv0y/j/lCBLNC9IlpA="; + sha256 = "sha256-dUNx6r7KppfeHefa1IeJPXSEMyElPk+RAGdn447ax1g="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/py-synologydsm-api/default.nix b/pkgs/development/python-modules/py-synologydsm-api/default.nix index 73ac2fcc0191..e363cd412d66 100644 --- a/pkgs/development/python-modules/py-synologydsm-api/default.nix +++ b/pkgs/development/python-modules/py-synologydsm-api/default.nix @@ -1,28 +1,40 @@ { lib , buildPythonPackage , fetchFromGitHub -, pytestCheckHook , poetry-core -, urllib3 +, pytestCheckHook , requests +, urllib3 }: buildPythonPackage rec { pname = "py-synologydsm-api"; - version = "1.0.4"; + version = "1.0.5"; format = "pyproject"; src = fetchFromGitHub { owner = "mib1185"; repo = "synologydsm-api"; rev = "v${version}"; - sha256 = "1f9fbcp6dbh1c7q1cpppwggnw4m89w14cjdgl64f1bzv72rggpn1"; + sha256 = "sha256-mm5N2RKn2KP2dV7+dw0sNWlCDT5X/fRmH8POQqJIoZY="; }; - nativeBuildInputs = [ poetry-core ]; - propagatedBuildInputs = [ urllib3 requests ]; - pythonImportsCheck = [ "synology_dsm" ]; - checkInputs = [ pytestCheckHook ]; + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + requests + urllib3 + ]; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "synology_dsm" + ]; meta = with lib; { description = "Python API for Synology DSM"; diff --git a/pkgs/development/python-modules/pylgnetcast/default.nix b/pkgs/development/python-modules/pylgnetcast/default.nix new file mode 100644 index 000000000000..de16471fa55b --- /dev/null +++ b/pkgs/development/python-modules/pylgnetcast/default.nix @@ -0,0 +1,39 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, requests +, pythonOlder +}: + +buildPythonPackage rec { + pname = "pylgnetcast"; + version = "0.3.4"; + format = "setuptools"; + + disabled = pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "Drafteed"; + repo = "python-lgnetcast"; + rev = "v${version}-1"; + sha256 = "04bh5i4zchdg0lgwpic8wfbk77n225g71z55iin9r0083xbhd7bh"; + }; + + propagatedBuildInputs = [ + requests + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "pylgnetcast" + ]; + + meta = with lib; { + description = "Python API client for the LG Smart TV running NetCast 3 or 4"; + homepage = "https://github.com/Drafteed/python-lgnetcast"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/development/python-modules/pytradfri/default.nix b/pkgs/development/python-modules/pytradfri/default.nix index 597702e6d34b..36ffb02623a3 100644 --- a/pkgs/development/python-modules/pytradfri/default.nix +++ b/pkgs/development/python-modules/pytradfri/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "pytradfri"; - version = "7.1.0"; + version = "7.1.1"; disabled = pythonOlder "3.7"; @@ -17,7 +17,7 @@ buildPythonPackage rec { owner = "home-assistant-libs"; repo = "pytradfri"; rev = version; - sha256 = "sha256-r/qt06YPia8PYhwOeDXk0oK3YvEZ/1kN//+LXj34fmE="; + sha256 = "sha256-rLpqCpvHTXv6SyT3SOv6oUrWnSDhMG5r+BmznlnNKwg="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pyvicare/default.nix b/pkgs/development/python-modules/pyvicare/default.nix index 7f3b3f5da8f0..b9eb4da6f469 100644 --- a/pkgs/development/python-modules/pyvicare/default.nix +++ b/pkgs/development/python-modules/pyvicare/default.nix @@ -10,14 +10,14 @@ buildPythonPackage rec { pname = "pyvicare"; - version = "2.13.0"; + version = "2.13.1"; disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "somm15"; repo = "PyViCare"; rev = version; - sha256 = "sha256-v1twWyxd0nhXxvbRCbnH5TP736eeDYE5Nz62sf6HIcA="; + sha256 = "sha256-L43aickagJolw+VTRX4ZwRcfOm9fMBZOimPx8jLPHhE="; }; SETUPTOOLS_SCM_PRETEND_VERSION = version; diff --git a/pkgs/development/python-modules/simpleeval/default.nix b/pkgs/development/python-modules/simpleeval/default.nix index cb6f50fdd287..6467dc964ef3 100644 --- a/pkgs/development/python-modules/simpleeval/default.nix +++ b/pkgs/development/python-modules/simpleeval/default.nix @@ -1,16 +1,37 @@ -{ lib, fetchPypi, buildPythonPackage }: +{ lib +, buildPythonPackage +, fetchFromGitHub +, pytestCheckHook +}: buildPythonPackage rec { pname = "simpleeval"; - version = "0.9.10"; - src = fetchPypi { - inherit pname version; - sha256 = "1skvl467kj83rzkhk01i0wm8m5vmh6j5znrfdizn6r18ii45a839"; + version = "0.9.11"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "danthedeckie"; + repo = pname; + rev = version; + sha256 = "111w76mahbf3lm2p72dkqp5fhwg7nvnwm4l078dgsgkixssjazi7"; }; - meta = { + + checkInputs = [ + pytestCheckHook + ]; + + pytestFlagsArray = [ + "test_simpleeval.py" + ]; + + pythonImportsCheck = [ + "simpleeval" + ]; + + meta = with lib; { + description = "Simple, safe single expression evaluator library"; homepage = "https://github.com/danthedeckie/simpleeval"; - description = "A simple, safe single expression evaluator library"; - maintainers = with lib.maintainers; [ johbo ]; - license = lib.licenses.mit; + license = licenses.mit; + maintainers = with maintainers; [ johbo ]; }; } diff --git a/pkgs/development/python-modules/wakeonlan/default.nix b/pkgs/development/python-modules/wakeonlan/default.nix index 9499254ae4c2..699af4120158 100644 --- a/pkgs/development/python-modules/wakeonlan/default.nix +++ b/pkgs/development/python-modules/wakeonlan/default.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "wakeonlan"; - version = "2.0.1"; + version = "2.1.0"; disabled = pythonOlder "3.6"; format = "pyproject"; @@ -16,7 +16,7 @@ buildPythonPackage rec { owner = "remcohaszing"; repo = "pywakeonlan"; rev = version; - sha256 = "sha256-WgoL8ntfEaHcvVbJjdewe0wE31Lq7WBj8Bppeq1uJx8="; + sha256 = "sha256-5ri4bXc0EMNntzmcUZYpRIfaXoex4s5M6psf/9ta17Y="; }; nativeBuildInputs = [ @@ -27,12 +27,16 @@ buildPythonPackage rec { pytestCheckHook ]; - pytestFlagsArray = [ "test_wakeonlan.py" ]; + pytestFlagsArray = [ + "test_wakeonlan.py" + ]; - pythonImportsCheck = [ "wakeonlan" ]; + pythonImportsCheck = [ + "wakeonlan" + ]; meta = with lib; { - description = "A small python module for wake on lan"; + description = "Python module for wake on lan"; homepage = "https://github.com/remcohaszing/pywakeonlan"; license = licenses.mit; maintainers = with maintainers; [ peterhoeg ]; diff --git a/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix b/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix index 95365cd9caa1..e77da6d03813 100644 --- a/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix +++ b/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix @@ -1,16 +1,16 @@ { lib, buildGoPackage, fetchFromGitLab, fetchurl }: let - version = "14.3.2"; + version = "14.4.0"; # Gitlab runner embeds some docker images these are prebuilt for arm and x86_64 docker_x86_64 = fetchurl { url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/binaries/gitlab-runner-helper/gitlab-runner-helper.x86_64"; - sha256 = "0np2ijgrq6yg3r0744qlj9a9va7y996f7csfs4ajyfqq3vm7jz2g"; + sha256 = "0cd0bcqfy2cwkhgj1d4mmn0xv4n5mmhyf2yv42ynvv0yr5xk75n0"; }; docker_arm = fetchurl { url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/binaries/gitlab-runner-helper/gitlab-runner-helper.arm"; - sha256 = "0adjczad3y2f55i76pcp1q2kzdwqr04y59bslb9523s4dlav9jcd"; + sha256 = "06dnxj1w1nnqkkxrbhz8p85g1afr49j8jizkf2g8j01dsk5b2gvi"; }; in buildGoPackage rec { @@ -29,7 +29,7 @@ buildGoPackage rec { owner = "gitlab-org"; repo = "gitlab-runner"; rev = "v${version}"; - sha256 = "15mwyhr7a4b9vl7c0qz299qv91h3kcmf6d6p5vjjrm1phiy3bpgf"; + sha256 = "07dvbair8fiska7ay4k4hbdwlkgyrq8hmxxwdzkhcpyc0faxqlly"; }; patches = [ ./fix-shell-path.patch ]; diff --git a/pkgs/development/tools/metal-cli/default.nix b/pkgs/development/tools/metal-cli/default.nix new file mode 100644 index 000000000000..92aca00259fe --- /dev/null +++ b/pkgs/development/tools/metal-cli/default.nix @@ -0,0 +1,28 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "metal-cli"; + version = "0.6.0"; + + src = fetchFromGitHub { + owner = "equinix"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-dGeOFrsqhW0+aQyB4f6pvv4ZBawqKX2+WRskDWoLS7E="; + }; + + vendorSha256 = "sha256-ifSfeJjrZI1Hrsq64zAGBiLVc8GKvq+Ddg26gQooyTs="; + + postInstall = '' + ln -s $out/bin/metal-cli $out/bin/metal + ''; + + doCheck = false; + + meta = with lib; { + description = "Official Equinix Metal CLI"; + homepage = "https://github.com/equinix/metal-cli/"; + license = licenses.mit; + maintainers = with maintainers; [ Br1ght0ne nshalman ]; + }; +} diff --git a/pkgs/development/tools/packet-cli/default.nix b/pkgs/development/tools/packet-cli/default.nix deleted file mode 100644 index fbe5c879fca9..000000000000 --- a/pkgs/development/tools/packet-cli/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib, buildGoModule, fetchFromGitHub }: - -buildGoModule rec { - pname = "packet-cli"; - version = "0.5.0"; - - src = fetchFromGitHub { - owner = "packethost"; - repo = pname; - rev = version; - sha256 = "0dlcx186l8kh6w3i4dvj7v90lhjkgvq1xkjb2vijy6399z41grw2"; - }; - - vendorSha256 = "1y1c369gsaf5crkdvv5g8d9p2g5602x2gcj8zy1q3wjx9lwhl0i6"; - - postInstall = '' - ln -s $out/bin/packet-cli $out/bin/packet - ''; - - doCheck = false; - - meta = with lib; { - description = "Official Packet CLI"; - homepage = "https://github.com/packethost/packet-cli"; - license = licenses.mit; - maintainers = with maintainers; [ Br1ght0ne nshalman ]; - }; -} diff --git a/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix b/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix index 50a4dd26ee85..d4200c335524 100644 --- a/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix +++ b/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix @@ -38,8 +38,8 @@ in ((vscode-utils.override { stdenv = gccStdenv; }).buildVscodeMarketplaceExtens mktplcRef = { name = "vsliveshare"; publisher = "ms-vsliveshare"; - version = "1.0.4836"; - sha256 = "7hK2ptNU2mQt3iTZgkrKU9ZTVN+m7VFmAlXHxkiPL+o="; + version = "1.0.5043"; + sha256 = "OdFOFvidUV/trySHvF8iELPNVP2kq8+vZQ4q4Nf7SiQ="; }; }).overrideAttrs({ nativeBuildInputs ? [], buildInputs ? [], ... }: { nativeBuildInputs = nativeBuildInputs ++ [ diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix index e66f138c66cb..d680607e5b10 100644 --- a/pkgs/servers/home-assistant/component-packages.nix +++ b/pkgs/servers/home-assistant/component-packages.nix @@ -452,7 +452,7 @@ "lastfm" = ps: with ps; [ pylast ]; "launch_library" = ps: with ps; [ ]; # missing inputs: pylaunches "lcn" = ps: with ps; [ pypck ]; - "lg_netcast" = ps: with ps; [ ]; # missing inputs: pylgnetcast + "lg_netcast" = ps: with ps; [ pylgnetcast ]; "lg_soundbar" = ps: with ps; [ ]; # missing inputs: temescal "life360" = ps: with ps; [ ]; # missing inputs: life360 "lifx" = ps: with ps; [ aiolifx aiolifx-effects ]; diff --git a/pkgs/tools/admin/trivy/default.nix b/pkgs/tools/admin/trivy/default.nix index c3b90d99bafb..60bf80653a4c 100644 --- a/pkgs/tools/admin/trivy/default.nix +++ b/pkgs/tools/admin/trivy/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "trivy"; - version = "0.19.2"; + version = "0.20.2"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; - sha256 = "sha256-aYPG0xvuijASKXBGgB+6UyF9bmeU8l5snOoPWI8Ewh8="; + sha256 = "sha256-ittOVWsM+1IaILCLCJNOeLxRbRHiiMN4qgLTS9gxV0w="; }; - vendorSha256 = "sha256-4FO6/1eNyxy/CH7XMUkLfRqEg2+XUXL1gKleL6o4EoM="; + vendorSha256 = "sha256-HrDj09gUJtkZhQ3nYfoj0K8+T62ib0CWAhhcuvg8cyc="; excludedPackages = "misc"; diff --git a/pkgs/tools/misc/debootstrap/default.nix b/pkgs/tools/misc/debootstrap/default.nix index b75f31c61720..2f9db4c85cb4 100644 --- a/pkgs/tools/misc/debootstrap/default.nix +++ b/pkgs/tools/misc/debootstrap/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, dpkg, gawk, perl, wget, coreutils, util-linux -, gnugrep, gnutar, gnused, gzip, makeWrapper }: +, gnugrep, gnupg1, gnutar, gnused, gzip, makeWrapper }: # USAGE like this: debootstrap sid /tmp/target-chroot-directory # There is also cdebootstrap now. Is that easier to maintain? let binPath = lib.makeBinPath [ @@ -7,6 +7,7 @@ let binPath = lib.makeBinPath [ dpkg gawk gnugrep + gnupg1 gnused gnutar gzip diff --git a/pkgs/tools/misc/snapper/default.nix b/pkgs/tools/misc/snapper/default.nix index 8eeee269b07d..37361abf2b2f 100644 --- a/pkgs/tools/misc/snapper/default.nix +++ b/pkgs/tools/misc/snapper/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "snapper"; - version = "0.9.0"; + version = "0.9.1"; src = fetchFromGitHub { owner = "openSUSE"; repo = "snapper"; rev = "v${version}"; - sha256 = "1gx3ichbkdqlzl7w187vc3xpmr9prmnp7as0h6ympgigradj5c7g"; + sha256 = "1ci5mdsph2n5cqad51zf4sank35yj741adsqy2gg7vqwxrhpm8mj"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/networking/mu/default.nix b/pkgs/tools/networking/mu/default.nix index 0d94861da295..b94cc498fa09 100644 --- a/pkgs/tools/networking/mu/default.nix +++ b/pkgs/tools/networking/mu/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "mu"; - version = "1.6.7"; + version = "1.6.9"; src = fetchFromGitHub { owner = "djcb"; repo = "mu"; rev = version; - sha256 = "bhZrottFT5NX43Iz1wFGYzaUSAgvgkhOwNHX6fjUs7M="; + sha256 = "RoSj283fcllEbirZOScKRU4BKLoxgatDdL1qYZu+LEI="; }; postPatch = lib.optionalString (batchSize != null) '' diff --git a/pkgs/tools/security/sn0int/default.nix b/pkgs/tools/security/sn0int/default.nix index bdcfe6e28bac..42f8c8beaefc 100644 --- a/pkgs/tools/security/sn0int/default.nix +++ b/pkgs/tools/security/sn0int/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "sn0int"; - version = "0.22.0"; + version = "0.23.0"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; rev = "v${version}"; - sha256 = "sha256-0BadgWZhP73WOVO18jtcdhsM0L7AM0TQ3PF7MNJM7M0="; + sha256 = "sha256-DsDSGF43yEyYYduRHu4+VRrPZ89Ce1fwtDxit0x8Apo="; }; - cargoSha256 = "sha256-KYrJIOaFX2wTDj4KeHn3d8wBHfVevCKQK/bDglfLWAU="; + cargoSha256 = "sha256-dXNIbngfwMVvLx4uSO6MWpSrZfUGhlggGvXHysYAJIE="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/tools/security/snowcat/default.nix b/pkgs/tools/security/snowcat/default.nix new file mode 100644 index 000000000000..e6211caec556 --- /dev/null +++ b/pkgs/tools/security/snowcat/default.nix @@ -0,0 +1,33 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "snowcat"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "praetorian-inc"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-EulQYGOMIh952e4Xp13hT/HMW3qP1QXYtt5PEej1VTY="; + }; + vendorSha256 = "sha256-D6ipwGMxT0B3uYUzg6Oo2TYnsOVBY0mYO5lC7vtVPc0="; + + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://github.com/praetorian-inc/snowcat"; + changelog = "https://github.com/praetorian-inc/snowcat/releases/tag/v${version}"; + description = "A tool to audit the istio service mesh"; + longDescription = '' + Snowcat gathers and analyzes the configuration of an Istio cluster and + audits it for potential violations of security best practices. + + There are two main modes of operation for Snowcat. With no positional + argument, Snowcat will assume it is running inside of a cluster enabled + with Istio, and begin to enumerate the required data. Optionally, you can + point snowcat at a directory containing Kubernets YAML files. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index fdb08d8989e8..76de35caac94 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -620,6 +620,7 @@ mapAliases ({ owncloudclient = owncloud-client; # added 2016-08 ocz-ssd-guru = throw "ocz-ssd-guru has been removed due to there being no source available"; # added 2021-07-12 p11_kit = p11-kit; # added 2018-02-25 + packet-cli = metal-cli; # added 2021-10-25 paperless = paperless-ng; # added 2021-06-06 parity = openethereum; # added 2020-08-01 parquet-cpp = arrow-cpp; # added 2018-09-08 @@ -775,6 +776,7 @@ mapAliases ({ qt-3 = throw "qt-3 has been removed from nixpkgs, as it's unmaintained and insecure"; # added 2021-02-15 rfkill = throw "rfkill has been removed, as it's included in util-linux"; # added 2020-08-23 riak-cs = throw "riak-cs is not maintained anymore"; # added 2020-10-14 + ring-daemon = jami-daemon; #added 2021-10-26 radare2-cutter = cutter; # added 2021-03-30 redkite = throw "redkite was archived by upstream"; # added 2021-04-12 rkt = throw "rkt was archived by upstream"; # added 2020-05-16 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 170d484c3b66..037fe69983f4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3483,6 +3483,8 @@ with pkgs; snippetpixie = callPackage ../tools/text/snippetpixie { }; + snowcat = callPackage ../tools/security/snowcat { }; + socklog = callPackage ../tools/system/socklog { }; soju = callPackage ../applications/networking/soju { }; @@ -27147,7 +27149,7 @@ with pkgs; packet-sd = callPackage ../development/tools/packet-sd { }; - packet-cli = callPackage ../development/tools/packet-cli { }; + metal-cli = callPackage ../development/tools/metal-cli { }; pb_cli = callPackage ../tools/misc/pb_cli {}; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 717dabfe40ae..f008bf9f4700 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -3730,6 +3730,8 @@ in { inquirer = callPackage ../development/python-modules/inquirer { }; + insegel = callPackage ../development/python-modules/insegel { }; + intake = callPackage ../development/python-modules/intake { }; intake-parquet = callPackage ../development/python-modules/intake-parquet { }; @@ -6507,6 +6509,8 @@ in { pylev = callPackage ../development/python-modules/pylev { }; + pylgnetcast = callPackage ../development/python-modules/pylgnetcast { }; + pylibacl = callPackage ../development/python-modules/pylibacl { }; pylibconfig2 = callPackage ../development/python-modules/pylibconfig2 { };