From 7850178edc979935bb5f493d5fecf71ac2e181d4 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 6 May 2021 02:53:01 +0000 Subject: [PATCH 01/20] ddccontrol: 0.5.1 -> 0.5.2 --- pkgs/tools/misc/ddccontrol/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/ddccontrol/default.nix b/pkgs/tools/misc/ddccontrol/default.nix index 41f2bede9995..b7d0f2c3aad9 100644 --- a/pkgs/tools/misc/ddccontrol/default.nix +++ b/pkgs/tools/misc/ddccontrol/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { pname = "ddccontrol"; - version = "0.5.1"; + version = "0.5.2"; src = fetchFromGitHub { owner = "ddccontrol"; repo = "ddccontrol"; - rev = "0.5.1"; - sha256 = "sha256-e6Rzzz5S+Um2ZBuUkfAJQA4V+zqCqsUHB0f1t/dTU2w="; + rev = "0.5.2"; + sha256 = "sha256-kul0sjbwbCwadvrccG3KwL/fKWACFUg74QGvgfWE4FQ="; }; nativeBuildInputs = [ From c234c5b16dc9a1a66d9bda38dcd8e1eb034e74a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Thu, 6 May 2021 19:32:51 +0200 Subject: [PATCH 02/20] fedora-backgrounds.f34: init at 34.0.1 --- pkgs/data/misc/fedora-backgrounds/default.nix | 11 +++++++++++ .../misc/fedora-backgrounds/f34-fix-xfce-path.patch | 13 +++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 pkgs/data/misc/fedora-backgrounds/f34-fix-xfce-path.patch diff --git a/pkgs/data/misc/fedora-backgrounds/default.nix b/pkgs/data/misc/fedora-backgrounds/default.nix index 31bc28a9f9c1..3089e721a7c9 100644 --- a/pkgs/data/misc/fedora-backgrounds/default.nix +++ b/pkgs/data/misc/fedora-backgrounds/default.nix @@ -20,4 +20,15 @@ in { # Fix broken symlinks in the Xfce background directory. patches = [ ./f33-fix-xfce-path.patch ]; }; + + f34 = fedoraBackground rec { + version = "34.0.1"; + src = fetchurl { + url = "https://github.com/fedoradesign/backgrounds/releases/download/v${version}/f${lib.versions.major version}-backgrounds-${version}.tar.xz"; + hash = "sha256-0gotgQ4N0yE8WZbsu7B3jmUIZrycbqjEMxZl01JcJj4="; + }; + # Fix broken symlinks in the Xfce background directory. + patches = [ ./f34-fix-xfce-path.patch ]; + }; + } diff --git a/pkgs/data/misc/fedora-backgrounds/f34-fix-xfce-path.patch b/pkgs/data/misc/fedora-backgrounds/f34-fix-xfce-path.patch new file mode 100644 index 000000000000..847927667133 --- /dev/null +++ b/pkgs/data/misc/fedora-backgrounds/f34-fix-xfce-path.patch @@ -0,0 +1,13 @@ +diff --git a/default/Makefile b/default/Makefile +index 172d5d9..540a1c0 100644 +--- a/default/Makefile ++++ b/default/Makefile +@@ -1,7 +1,7 @@ + WP_NAME=f34 + WP_BIGNAME=F34 + WP_DIR=$(DESTDIR)/usr/share/backgrounds/$(WP_NAME) +-WP_DIR_LN=/usr/share/backgrounds/$(WP_NAME) ++WP_DIR_LN=$(DESTDIR)/usr/share/backgrounds/$(WP_NAME) + GNOME_BG_DIR=$(DESTDIR)/usr/share/gnome-background-properties + KDE_BG_DIR=$(DESTDIR)/usr/share/wallpapers + MATE_BG_DIR=$(DESTDIR)/usr/share/mate-background-properties From 8c934146d792272248b369220910d4fefae28eaa Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Thu, 6 May 2021 08:22:24 -0700 Subject: [PATCH 03/20] pythonPackages.python-socks: init at 1.2.4 --- .../python-modules/python-socks/default.nix | 22 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 24 insertions(+) create mode 100644 pkgs/development/python-modules/python-socks/default.nix diff --git a/pkgs/development/python-modules/python-socks/default.nix b/pkgs/development/python-modules/python-socks/default.nix new file mode 100644 index 000000000000..dcf268808275 --- /dev/null +++ b/pkgs/development/python-modules/python-socks/default.nix @@ -0,0 +1,22 @@ +{ lib, buildPythonPackage, trio, curio, async-timeout, fetchPypi, pythonOlder }: + +buildPythonPackage rec { + pname = "python-socks"; + version = "1.2.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "1n6xb18jy41ybgkmamakg6psp3qididd45qknxiggngaiibz43kx"; + }; + + disabled = pythonOlder "3.6.1"; + + propagatedBuildInputs = [ trio curio async-timeout ]; + + meta = with lib; { + description = "Core proxy client (SOCKS4, SOCKS5, HTTP) functionality for Python"; + homepage = "https://github.com/romis2012/python-socks"; + license = licenses.asl20; + maintainers = with maintainers; [ mjlbach ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 33559777930e..34e2f79264e3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -6634,6 +6634,8 @@ in { python-socketio_4 = callPackage ../development/python-modules/python-socketio/4.nix { }; + python-socks = callPackage ../development/python-modules/python-socks { }; + python-sql = callPackage ../development/python-modules/python-sql { }; python-stdnum = callPackage ../development/python-modules/python-stdnum { }; From aa9f35493f772b91d9fc97fe7010e60b58ead82a Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Thu, 6 May 2021 10:50:55 -0700 Subject: [PATCH 04/20] pythonPackages.unpaddedbase64: 1.1.0 -> 2.1.0 --- .../python-modules/unpaddedbase64/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/unpaddedbase64/default.nix b/pkgs/development/python-modules/unpaddedbase64/default.nix index 96b27127cc60..b5ff5be20616 100644 --- a/pkgs/development/python-modules/unpaddedbase64/default.nix +++ b/pkgs/development/python-modules/unpaddedbase64/default.nix @@ -1,19 +1,25 @@ { lib , buildPythonPackage , fetchFromGitHub +, poetry-core }: buildPythonPackage rec { pname = "unpaddedbase64"; - version = "1.1.0"; + version = "2.1.0"; + format = "pyproject"; src = fetchFromGitHub { owner = "matrix-org"; repo = "python-${pname}"; rev = "refs/tags/v${version}"; - sha256 = "0if3fjfxga0bwdq47v77fs9hrcqpmwdxry2i2a7pdqsp95258nxd"; + sha256 = "1n6har8pxv0mqb96lanzihp1xf76aa17jw3977drb1fgz947pnmz"; }; + nativeBuildInputs = [ + poetry-core + ]; + meta = with lib; { homepage = "https://github.com/matrix-org/python-unpaddedbase64"; description = "Unpadded Base64"; From 9c220bb2e857212229fde7a6c153e12bf0ba8747 Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Thu, 6 May 2021 10:52:30 -0700 Subject: [PATCH 05/20] pythonPackages.aiohttp-socks: 0.3.9 -> 0.6.0 --- pkgs/development/python-modules/aiohttp-socks/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/aiohttp-socks/default.nix b/pkgs/development/python-modules/aiohttp-socks/default.nix index 7b0bfe80684a..4e75f56a8dab 100644 --- a/pkgs/development/python-modules/aiohttp-socks/default.nix +++ b/pkgs/development/python-modules/aiohttp-socks/default.nix @@ -1,16 +1,16 @@ -{ lib, fetchPypi, buildPythonPackage, pythonOlder, aiohttp, attrs }: +{ lib, fetchPypi, buildPythonPackage, pythonOlder, aiohttp, python-socks, attrs }: buildPythonPackage rec { pname = "aiohttp-socks"; - version = "0.3.9"; + version = "0.6.0"; src = fetchPypi { inherit version; pname = "aiohttp_socks"; - sha256 = "1mn2ng66951mri49f99zh3660j83kvqhr6dpx90s9fkjwk83hmjy"; + sha256 = "04w010bvi719ifpc3sshav95k10hf9nq8czn9yglkj206yxcypdr"; }; - propagatedBuildInputs = [ aiohttp attrs ]; + propagatedBuildInputs = [ aiohttp attrs python-socks ]; # Checks needs internet access doCheck = false; From 76269d59b3eef323bae5b634562db5da011763f2 Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Thu, 6 May 2021 10:53:39 -0700 Subject: [PATCH 06/20] pythonPackages.matrix-nio: 0.15.2 -> 0.18.0 --- pkgs/development/python-modules/matrix-nio/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/matrix-nio/default.nix b/pkgs/development/python-modules/matrix-nio/default.nix index 69774b58eb69..8615414f9b8a 100644 --- a/pkgs/development/python-modules/matrix-nio/default.nix +++ b/pkgs/development/python-modules/matrix-nio/default.nix @@ -2,9 +2,11 @@ , buildPythonPackage , fetchFromGitHub , git +, poetry-core , attrs , future , aiohttp +, aiohttp-socks , aiofiles , h11 , h2 @@ -20,23 +22,26 @@ buildPythonPackage rec { pname = "matrix-nio"; - version = "0.15.2"; + version = "0.18.0"; + format = "pyproject"; src = fetchFromGitHub { owner = "poljar"; repo = "matrix-nio"; rev = version; - sha256 = "190xw3cvk4amr9pl8ip2i7k3xdjd0231kn2zl6chny5axx22p1dv"; + sha256 = "1rn5lz81y4bvgjhxzd57qhr0lmkm5xljl4bj9w10lnm4f7ls0xdi"; }; nativeBuildInputs = [ git + poetry-core ]; propagatedBuildInputs = [ attrs future aiohttp + aiohttp-socks aiofiles h11 h2 From 3f053cf4ab17d498b475e2fd270bd040e3c2ec51 Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Sat, 20 Mar 2021 18:54:15 +0100 Subject: [PATCH 07/20] python3.pkgs.matrix-nio: enable tests --- .../python-modules/matrix-nio/default.nix | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/matrix-nio/default.nix b/pkgs/development/python-modules/matrix-nio/default.nix index 8615414f9b8a..9f10510d243b 100644 --- a/pkgs/development/python-modules/matrix-nio/default.nix +++ b/pkgs/development/python-modules/matrix-nio/default.nix @@ -18,6 +18,12 @@ , peewee , cachetools , atomicwrites +, pytestCheckHook +, faker +, aioresponses +, hypothesis +, pytest-aiohttp +, pytest-benchmark }: buildPythonPackage rec { @@ -35,6 +41,7 @@ buildPythonPackage rec { nativeBuildInputs = [ git poetry-core + pytestCheckHook ]; propagatedBuildInputs = [ @@ -55,7 +62,20 @@ buildPythonPackage rec { atomicwrites ]; - doCheck = false; + checkInputs = [ + faker + aioresponses + hypothesis + pytest-aiohttp + pytest-benchmark + ]; + + disabledTests = [ + # touches network + "test_connect_wrapper" + # time dependent and flaky + "test_transfer_monitor_callbacks" + ]; meta = with lib; { description = "A Python Matrix client library, designed according to sans I/O principles"; From d7ba1c9cfd93aec87c561dbbdb5a6bf4cff790f7 Mon Sep 17 00:00:00 2001 From: Guillaume Girol Date: Fri, 7 May 2021 12:00:00 +0000 Subject: [PATCH 08/20] python3Packages.peewee: 0.13.3 -> 0.14.4 --- pkgs/development/python-modules/peewee/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/peewee/default.nix b/pkgs/development/python-modules/peewee/default.nix index 6f5d8e262279..fd057d24d31e 100644 --- a/pkgs/development/python-modules/peewee/default.nix +++ b/pkgs/development/python-modules/peewee/default.nix @@ -12,14 +12,14 @@ buildPythonPackage rec { pname = "peewee"; - version = "3.13.3"; + version = "3.14.4"; # pypi release does not provide tests src = fetchFromGitHub { owner = "coleifer"; repo = pname; rev = version; - sha256 = "1r67hxb9m6v0xbnbqfnsw6dahmdr94pf81b4x51jfw6x9sa4izi4"; + sha256 = "0x85swpaffysc05kka0mab87cnilzw1lpacfhcx5ayabh0i2qsh6"; }; From 7c8e33bbd46d208b69c2f9e248c36d64115a60cf Mon Sep 17 00:00:00 2001 From: Guillaume Girol Date: Fri, 7 May 2021 12:00:00 +0000 Subject: [PATCH 09/20] pantalaimon: 0.8.0 -> 0.9.2 fix build --- .../instant-messengers/pantalaimon/default.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/pantalaimon/default.nix b/pkgs/applications/networking/instant-messengers/pantalaimon/default.nix index 9c99741823aa..dd46b64e4f64 100644 --- a/pkgs/applications/networking/instant-messengers/pantalaimon/default.nix +++ b/pkgs/applications/networking/instant-messengers/pantalaimon/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, buildPythonApplication, fetchFromGitHub, pythonOlder, attrs, aiohttp, appdirs, click, keyring, Logbook, peewee, janus, prompt_toolkit, matrix-nio, dbus-python, pydbus, notify2, pygobject3, - setuptools, + setuptools, fetchpatch, pytest, faker, pytest-aiohttp, aioresponses, @@ -10,7 +10,7 @@ buildPythonApplication rec { pname = "pantalaimon"; - version = "0.8.0"; + version = "0.9.2"; disabled = pythonOlder "3.6"; @@ -19,9 +19,17 @@ buildPythonApplication rec { owner = "matrix-org"; repo = pname; rev = version; - sha256 = "0n86cdpw85qzlcr1ynvar0f0zbphmdz1jia9r75lmj07iw4r5hk9"; + sha256 = "11dfv5b2slqybisq6npmrqxrzslh4bjs4093vrc05s94046d9d9n"; }; + patches = [ + # accept newer matrix-nio versions + (fetchpatch { + url = "https://github.com/matrix-org/pantalaimon/commit/73f68c76fb05037bd7fe71688ce39eb1f526a385.patch"; + sha256 = "0wvqcfan8yp67p6khsqkynbkifksp2422b9jy511mvhpy51sqykl"; + }) + ]; + propagatedBuildInputs = [ aiohttp appdirs From 9317570735b68b744004ca6ac9c2fb7b175ff131 Mon Sep 17 00:00:00 2001 From: Laurynas Alekna Date: Fri, 7 May 2021 20:46:21 +0100 Subject: [PATCH 10/20] nixos/docker: ensure ipv4 forwarding is enabled Fixes #118656 --- nixos/modules/virtualisation/docker.nix | 4 ++++ nixos/tests/docker.nix | 3 +++ 2 files changed, 7 insertions(+) diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 3eb0de3a8559..954e33ff24a3 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -150,6 +150,10 @@ in config = mkIf cfg.enable (mkMerge [{ boot.kernelModules = [ "bridge" "veth" ]; + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = mkOverride 99 true; + "net.ipv4.conf.default.forwarding" = mkOverride 99 true; + }; environment.systemPackages = [ cfg.package ] ++ optional cfg.enableNvidia pkgs.nvidia-docker; users.groups.docker.gid = config.ids.gids.docker; diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index 58e33535ed31..dee7480eb4a9 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -45,5 +45,8 @@ import ./make-test-python.nix ({ pkgs, ...} : { # Must match version 4 times to ensure client and server git commits and versions are correct docker.succeed('[ $(docker version | grep ${pkgs.docker.version} | wc -l) = "4" ]') + docker.succeed("systemctl restart systemd-sysctl") + docker.succeed("grep 1 /proc/sys/net/ipv4/conf/all/forwarding") + docker.succeed("grep 1 /proc/sys/net/ipv4/conf/default/forwarding") ''; }) From 5624aa9f812aeccc6b70de9812a28df28996545a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 5 May 2021 13:09:45 +0200 Subject: [PATCH 11/20] nixos/sudo: add option execWheelOnly By setting the executable's group to wheel and permissions to 4510, we make sure that only members of the wheel group can execute sudo. --- nixos/modules/security/sudo.nix | 28 +++++++++++++++++++++++++--- nixos/tests/sudo.nix | 21 ++++++++++++++++++++- 2 files changed, 45 insertions(+), 4 deletions(-) diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index cc3ff3d11b91..2e73f8f4f311 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -61,6 +61,17 @@ in ''; }; + security.sudo.execWheelOnly = mkOption { + type = types.bool; + default = false; + description = '' + Only allow members of the wheel group to execute sudo by + setting the executable's permissions accordingly. + This prevents users that are not members of wheel from + exploiting vulnerabilities in sudo such as CVE-2021-3156. + ''; + }; + security.sudo.configFile = mkOption { type = types.lines; # Note: if syntax errors are detected in this file, the NixOS @@ -216,9 +227,20 @@ in ${cfg.extraConfig} ''; - security.wrappers = { - sudo.source = "${cfg.package.out}/bin/sudo"; - sudoedit.source = "${cfg.package.out}/bin/sudoedit"; + security.wrappers = let + owner = "root"; + group = if cfg.execWheelOnly then "wheel" else "root"; + setuid = true; + permissions = if cfg.execWheelOnly then "u+rx,g+x" else "u+rx,g+x,o+x"; + in { + sudo = { + source = "${cfg.package.out}/bin/sudo"; + inherit owner group setuid permissions; + }; + sudoedit = { + source = "${cfg.package.out}/bin/sudoedit"; + inherit owner group setuid permissions; + }; }; environment.systemPackages = [ sudo ]; diff --git a/nixos/tests/sudo.nix b/nixos/tests/sudo.nix index 2a85c490665a..4885d6e17b82 100644 --- a/nixos/tests/sudo.nix +++ b/nixos/tests/sudo.nix @@ -10,7 +10,7 @@ in maintainers = [ lschuermann ]; }; - machine = + nodes.machine = { lib, ... }: with lib; { @@ -48,6 +48,19 @@ in }; }; + nodes.strict = { ... }: { + users.users = { + admin = { isNormalUser = true; extraGroups = [ "wheel" ]; }; + noadmin = { isNormalUser = true; }; + }; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + execWheelOnly = true; + }; + }; + testScript = '' with subtest("users in wheel group should have passwordless sudo"): @@ -79,5 +92,11 @@ in with subtest("users in group 'barfoo' should not be able to keep their environment"): machine.fail("sudo -u test3 sudo -n -E -u root true") + + with subtest("users in wheel should be able to run sudo despite execWheelOnly"): + strict.succeed('su - admin -c "sudo -u root true"') + + with subtest("non-wheel users should be unable to run sudo thanks to execWheelOnly"): + strict.fail('su - noadmin -c "sudo --help"') ''; }) From 41e2941fc29de4e6fe158d17e7ae6228adbb67a5 Mon Sep 17 00:00:00 2001 From: "Robert T. McGibbon" Date: Sat, 8 May 2021 12:01:02 -0400 Subject: [PATCH 12/20] python3Packages.mlrose: fix build --- .../python-modules/mlrose/default.nix | 34 ++++++++++++++++--- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/mlrose/default.nix b/pkgs/development/python-modules/mlrose/default.nix index 40e3b6ce0953..b17b56b8f9ee 100644 --- a/pkgs/development/python-modules/mlrose/default.nix +++ b/pkgs/development/python-modules/mlrose/default.nix @@ -1,21 +1,45 @@ -{ lib, isPy27, buildPythonPackage, fetchPypi, scikitlearn }: +{ lib +, isPy27 +, buildPythonPackage +, fetchFromGitHub +, fetchpatch +, scikitlearn +, pytestCheckHook +, pytest-randomly +}: buildPythonPackage rec { pname = "mlrose"; version = "1.3.0"; disabled = isPy27; - src = fetchPypi { - inherit pname version; - sha256 = "cec83253bf6da67a7fb32b2c9ae13e9dbc6cfbcaae2aa3107993e69e9788f15e"; + src = fetchFromGitHub { + owner = "gkhayes"; + repo = "mlrose"; + rev = "v${version}"; + sha256 = "1dn43k3rcypj58ymcj849b37w66jz7fphw8842v6mlbij3x0rxfl"; }; + patches = [ + # Fixes compatibility with scikit-learn 0.24.1 + (fetchpatch { + url = "https://github.com/gkhayes/mlrose/pull/55/commits/19caf8616fc194402678aa67917db334ad02852a.patch"; + sha256 = "1nivz3bn21nd21bxbcl16a6jmy7y5j8ilz90cjmd0xq4v7flsahf"; + }) + ]; + propagatedBuildInputs = [ scikitlearn ]; + checkInputs = [ pytest-randomly pytestCheckHook ]; postPatch = '' - sed -i 's,sklearn,scikit-learn,g' setup.py + substituteInPlace setup.py --replace sklearn scikit-learn ''; + pythonImportsCheck = [ "mlrose" ]; + + # Fix random seed during tests + pytestFlagsArray = [ "--randomly-seed 0" ]; + meta = with lib; { description = "Machine Learning, Randomized Optimization and SEarch"; homepage = "https://github.com/gkhayes/mlrose"; From c6f9eceb3dd6518cd0b82fddf74a1d177eb976c3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 9 May 2021 02:18:51 +0000 Subject: [PATCH 13/20] clash: 1.5.0 -> 1.6.0 --- pkgs/tools/networking/clash/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/clash/default.nix b/pkgs/tools/networking/clash/default.nix index 9cad36c68a63..61e529dc8729 100644 --- a/pkgs/tools/networking/clash/default.nix +++ b/pkgs/tools/networking/clash/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "clash"; - version = "1.5.0"; + version = "1.6.0"; src = fetchFromGitHub { owner = "Dreamacro"; repo = pname; rev = "v${version}"; - sha256 = "sha256-I4qpcHsN8WGt7YLNXO08BJypilhMSVmZjqECDjlEqXU="; + sha256 = "sha256-XG/nci8Sj0vfa/SFPpJwl1Zmt/23LfKxocejplZtS0E="; }; - vendorSha256 = "sha256-Nfzk7p52msGxTPDbs4g9KuRPFxp4Npt0QXkdVOZvipc="; + vendorSha256 = "sha256-WR1CpjEMHRkpd0/iqrOm0oVXvyQO+r6GyeP0L0zx8aA="; doCheck = false; From bedbf2c81c2e8cf29cc11df4b3b7eaeae326c119 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 9 May 2021 04:45:59 +0000 Subject: [PATCH 14/20] fselect: 0.7.4 -> 0.7.5 --- pkgs/tools/misc/fselect/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/fselect/default.nix b/pkgs/tools/misc/fselect/default.nix index d60e68a0e320..eaddc8790e94 100644 --- a/pkgs/tools/misc/fselect/default.nix +++ b/pkgs/tools/misc/fselect/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "fselect"; - version = "0.7.4"; + version = "0.7.5"; src = fetchFromGitHub { owner = "jhspetersson"; repo = "fselect"; rev = version; - sha256 = "sha256-gwFX5c5y4bL+KhPDnvCbDco1ORYyqZYFsetMrmOATZU="; + sha256 = "sha256-6/mcGq6qKYmcBcNndYYJB3rnHr6ZVpEcVjJBz7NEJEw="; }; - cargoSha256 = "sha256-gWCiaAgb7hBenbp1kogCoB6vctYfDZccRW9li2yxJaU="; + cargoSha256 = "sha256-W6YmFsTlU3LD3tvhLuA/3k/269gR2RLLOo86BQC5x98="; nativeBuildInputs = [ installShellFiles ]; buildInputs = lib.optional stdenv.isDarwin libiconv; From 438b60f3f72725aceecf0e1a3eab0b02d56101c6 Mon Sep 17 00:00:00 2001 From: fortuneteller2k Date: Sun, 9 May 2021 13:42:12 +0800 Subject: [PATCH 15/20] openrazer: 3.0.0 -> 3.0.1, mark broken for kernels < 4.19 --- pkgs/development/python-modules/openrazer/common.nix | 6 +++--- pkgs/os-specific/linux/openrazer/driver.nix | 8 +++++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/openrazer/common.nix b/pkgs/development/python-modules/openrazer/common.nix index 35655b207a59..985d4e199e18 100644 --- a/pkgs/development/python-modules/openrazer/common.nix +++ b/pkgs/development/python-modules/openrazer/common.nix @@ -1,16 +1,16 @@ { lib , fetchFromGitHub }: rec { - version = "3.0.0"; + version = "3.0.1"; src = fetchFromGitHub { owner = "openrazer"; repo = "openrazer"; rev = "v${version}"; - sha256 = "sha256-gw6Qt9BntPcF3zw19PXftDbhoCeBr8hwrujy51rb5Fc="; + sha256 = "sha256-ptB0jP0kp1Liynkfz0B0OMw6xNQG1s8IvxhgNAdEytM="; }; meta = with lib; { homepage = "https://openrazer.github.io/"; - license = licenses.gpl2; + license = licenses.gpl2Only; maintainers = with maintainers; [ roelvandijk evanjs ]; platforms = platforms.linux; }; diff --git a/pkgs/os-specific/linux/openrazer/driver.nix b/pkgs/os-specific/linux/openrazer/driver.nix index 4745ba818a90..07113e628625 100644 --- a/pkgs/os-specific/linux/openrazer/driver.nix +++ b/pkgs/os-specific/linux/openrazer/driver.nix @@ -10,7 +10,8 @@ let common = import ../../../development/python-modules/openrazer/common.nix { inherit lib fetchFromGitHub; }; in stdenv.mkDerivation (common // { - name = "openrazer-${common.version}-${kernel.version}"; + pname = "openrazer"; + version = "${common.version}-${kernel.version}"; nativeBuildInputs = kernel.moduleBuildDependencies; @@ -19,6 +20,8 @@ stdenv.mkDerivation (common // { ]; installPhase = '' + runHook preInstall + binDir="$out/lib/modules/${kernel.modDirVersion}/kernel/drivers/hid" mkdir -p "$binDir" cp -v driver/*.ko "$binDir" @@ -32,9 +35,12 @@ stdenv.mkDerivation (common // { --replace /usr/bin/logger ${util-linux}/bin/logger \ --replace chgrp ${coreutils}/bin/chgrp \ --replace "PATH='/sbin:/bin:/usr/sbin:/usr/bin'" "" + + runHook postInstall ''; meta = common.meta // { description = "An entirely open source Linux driver that allows you to manage your Razer peripherals on GNU/Linux"; + broken = kernel.kernelOlder "4.19"; }; }) From 16a600d29e03751e0a025bfc212f0621778013ab Mon Sep 17 00:00:00 2001 From: freezeboy Date: Sun, 9 May 2021 09:35:15 +0200 Subject: [PATCH 16/20] tuir: unbreak adding six dependency --- pkgs/applications/misc/tuir/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/misc/tuir/default.nix b/pkgs/applications/misc/tuir/default.nix index c086cdb9503b..fb1a85b1e491 100644 --- a/pkgs/applications/misc/tuir/default.nix +++ b/pkgs/applications/misc/tuir/default.nix @@ -21,7 +21,7 @@ buildPythonApplication rec { checkInputs = [ coverage coveralls docopt mock pylint pytest vcrpy ]; - propagatedBuildInputs = [ beautifulsoup4 decorator kitchen requests ]; + propagatedBuildInputs = [ beautifulsoup4 decorator kitchen requests six ]; meta = with lib; { description = "Browse Reddit from your Terminal (fork of rtv)"; From d3ed0f5028bf29c1ccee82bb815deaf40d337a51 Mon Sep 17 00:00:00 2001 From: erictapen Date: Sun, 9 May 2021 10:40:10 +0200 Subject: [PATCH 17/20] ghostwriter: 2.0.0-rc5 -> 2.0.0 (#122268) --- pkgs/applications/editors/ghostwriter/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/ghostwriter/default.nix b/pkgs/applications/editors/ghostwriter/default.nix index 2249009af777..4d6eafaa0f0d 100644 --- a/pkgs/applications/editors/ghostwriter/default.nix +++ b/pkgs/applications/editors/ghostwriter/default.nix @@ -2,13 +2,13 @@ mkDerivation rec { pname = "ghostwriter"; - version = "2.0.0-rc5"; + version = "2.0.0"; src = fetchFromGitHub { owner = "wereturtle"; repo = pname; rev = version; - sha256 = "sha256-Gc0/AHxxJd5Cq3dBQ0Xy2TF78CBmQFYUzm4s7q1aHEE="; + sha256 = "sha256-5O2W7ZQeDkNzwi6t9MfNbv4fmNvak1AcMnzJTE1F9L8="; }; nativeBuildInputs = [ qmake pkg-config qttools ]; From fb8b11917e12d52287de10c52506ba2376123188 Mon Sep 17 00:00:00 2001 From: pacien Date: Sun, 9 May 2021 10:49:52 +0200 Subject: [PATCH 18/20] visidata: 2.2.1 -> 2.4 --- pkgs/applications/misc/visidata/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/visidata/default.nix b/pkgs/applications/misc/visidata/default.nix index fc609b280f99..ad49a1b291e2 100644 --- a/pkgs/applications/misc/visidata/default.nix +++ b/pkgs/applications/misc/visidata/default.nix @@ -15,13 +15,13 @@ }: buildPythonApplication rec { pname = "visidata"; - version = "2.2.1"; + version = "2.4"; src = fetchFromGitHub { owner = "saulpw"; repo = "visidata"; rev = "v${version}"; - sha256 = "1gkvnywjg0n3n7d855ivclsj3d8mzihhkgv9a18srcszkmyix903"; + sha256 = "0mvf2603d9b0s6rh7sl7mg4ipbh0nk05xgh1078mwvx31qjsmq1i"; }; propagatedBuildInputs = [ From c0a998de58a89ed92a4657871d0b9e24f38fd92a Mon Sep 17 00:00:00 2001 From: DavHau Date: Sun, 9 May 2021 14:42:02 +0700 Subject: [PATCH 19/20] python3Packages.pyexcel-xls: unbreak --- pkgs/development/python-modules/pyexcel-xls/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/pyexcel-xls/default.nix b/pkgs/development/python-modules/pyexcel-xls/default.nix index 7e09a21e3627..29d6df409a60 100644 --- a/pkgs/development/python-modules/pyexcel-xls/default.nix +++ b/pkgs/development/python-modules/pyexcel-xls/default.nix @@ -30,7 +30,11 @@ buildPythonPackage rec { mock ]; - checkPhase = "nosetests"; + postPatch = '' + substituteInPlace setup.py --replace "xlrd<2" "xlrd<3" + ''; + + checkPhase = "nosetests --exclude test_issue_151"; meta = { description = "A wrapper library to read, manipulate and write data in xls using xlrd and xlwt"; From ca365f6946d6349a5e2fb70ceaff126772169691 Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Sun, 9 May 2021 00:10:23 +0200 Subject: [PATCH 20/20] monotone: 1.1 -> 1.1-unstable-2021-05-01 to move from insecure botan 1 --- .../version-management/monotone/default.nix | 40 ++++++++++++++----- pkgs/top-level/all-packages.nix | 1 - 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/version-management/monotone/default.nix b/pkgs/applications/version-management/monotone/default.nix index f20d827dc5ff..48af459260df 100644 --- a/pkgs/applications/version-management/monotone/default.nix +++ b/pkgs/applications/version-management/monotone/default.nix @@ -1,10 +1,11 @@ -{ lib, stdenv, fetchurl, boost, zlib, botan, libidn -, lua, pcre, sqlite, perl, pkg-config, expect +{ lib, stdenv, fetchurl, fetchFromGitHub, boost, zlib, botan2, libidn +, lua, pcre, sqlite, perl, pkg-config, expect, less , bzip2, gmp, openssl +, autoreconfHook, texinfo }: let - version = "1.1"; + version = "1.1-unstable-2021-05-01"; perlVersion = lib.getVersion perl; in @@ -14,22 +15,41 @@ stdenv.mkDerivation rec { pname = "monotone"; inherit version; - src = fetchurl { - url = "http://monotone.ca/downloads/${version}/monotone-${version}.tar.bz2"; - sha256 = "124cwgi2q86hagslbk5idxbs9j896rfjzryhr6z63r6l485gcp7r"; + # src = fetchurl { + # url = "http://monotone.ca/downloads/${version}/monotone-${version}.tar.bz2"; + # sha256 = "124cwgi2q86hagslbk5idxbs9j896rfjzryhr6z63r6l485gcp7r"; + # }; + + # My mirror of upstream Monotone repository + # Could fetchmtn, but circular dependency; snapshot requested + # https://lists.nongnu.org/archive/html/monotone-devel/2021-05/msg00000.html + src = fetchFromGitHub { + owner = "7c6f434c"; + repo = "monotone-mirror"; + rev = "b30b0e1c16def043d2dad57d1467d5bfdecdb070"; + hash = "sha256:1hfy8vaap3184cd7h3qhz0da7c992idkc6q2nz9frhma45c5vgmd"; }; patches = [ ./monotone-1.1-Adapt-to-changes-in-pcre-8.42.patch ]; - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ boost zlib botan libidn lua pcre sqlite expect - openssl gmp bzip2 ]; + postPatch = '' + sed -e 's@/usr/bin/less@${less}/bin/less@' -i src/unix/terminal.cc + ''; + + nativeBuildInputs = [ pkg-config autoreconfHook texinfo ]; + buildInputs = [ boost zlib botan2 libidn lua pcre sqlite expect + openssl gmp bzip2 perl ]; postInstall = '' mkdir -p $out/share/${pname}-${version} cp -rv contrib/ $out/share/${pname}-${version}/contrib mkdir -p $out/${perl.libPrefix}/${perlVersion} cp -v contrib/Monotone.pm $out/${perl.libPrefix}/${perlVersion} + + patchShebangs "$out/share/monotone" + patchShebangs "$out/share/${pname}-${version}" + + find "$out"/share/{doc/monotone,${pname}-${version}}/contrib/ -type f | xargs sed -e 's@! */usr/bin/@!/usr/bin/env @; s@! */bin/bash@!/usr/bin/env bash@' -i ''; #doCheck = true; # some tests fail (and they take VERY long) @@ -38,6 +58,6 @@ stdenv.mkDerivation rec { description = "A free distributed version control system"; maintainers = [ maintainers.raskin ]; platforms = platforms.unix; - license = licenses.gpl2; + license = licenses.gpl2Plus; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2bbc2ca4957a..29c8b530ac5b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24717,7 +24717,6 @@ in monotone = callPackage ../applications/version-management/monotone { lua = lua5; - botan = botan.override (x: { openssl = null; }); }; monotoneViz = callPackage ../applications/version-management/monotone-viz {