diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-10-23 12:02:04 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-23 12:02:04 +0000 |
commit | 2c2c0379b759c234413de63478847266cdc8ed93 (patch) | |
tree | 92ebd45d1cd2a17d5fb63ff5c6c006a4d8f25f7e | |
parent | 1026189bd67abfd6f7def1c697988217caafbc5c (diff) | |
parent | a3b463e8874fe9182e758919eeb18bb44070097c (diff) |
Merge staging-next into staging
37 files changed, 399 insertions, 253 deletions
diff --git a/nixos/modules/programs/browserpass.nix b/nixos/modules/programs/browserpass.nix index abd99056ff3ba..a9670a37e618c 100644 --- a/nixos/modules/programs/browserpass.nix +++ b/nixos/modules/programs/browserpass.nix @@ -27,6 +27,6 @@ with lib; "opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium"; "opt/brave/policies/managed/${appId}".source = source "policies/chromium"; }; - programs.firefox.wrapperConfig.enableBrowserpass = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.browserpass ]; }; } diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index 813e0e0105f69..85f47530cf5af 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -5,8 +5,6 @@ with lib; let cfg = config.programs.firefox; - nmh = cfg.nativeMessagingHosts; - policyFormat = pkgs.formats.json { }; organisationInfo = '' @@ -17,6 +15,50 @@ let given control of your browser, unless of course they also control your NixOS configuration. ''; + + # deprecated per-native-messaging-host options + nmhOptions = { + browserpass = { + name = "Browserpass"; + package = pkgs.browserpass; + }; + bukubrow = { + name = "Bukubrow"; + package = pkgs.bukubrow; + }; + euwebid = { + name = "Web eID"; + package = pkgs.web-eid-app; + }; + ff2mpv = { + name = "ff2mpv"; + package = pkgs.ff2mpv; + }; + fxCast = { + name = "fx_cast"; + package = pkgs.fx-cast-bridge; + }; + gsconnect = { + name = "GSConnect"; + package = pkgs.gnomeExtensions.gsconnect; + }; + jabref = { + name = "JabRef"; + package = pkgs.jabref; + }; + passff = { + name = "PassFF"; + package = pkgs.passff-host; + }; + tridactyl = { + name = "Tridactyl"; + package = pkgs.tridactyl-native; + }; + ugetIntegrator = { + name = "Uget Integrator"; + package = pkgs.uget-integrator; + }; + }; in { options.programs.firefox = { @@ -204,46 +246,31 @@ in ''; }; - nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) { - browserpass = "Browserpass support"; - bukubrow = "Bukubrow support"; - euwebid = "Web eID support"; - ff2mpv = "ff2mpv support"; - fxCast = "fx_cast support"; - gsconnect = "GSConnect support"; - jabref = "JabRef support"; - passff = "PassFF support"; - tridactyl = "Tridactyl support"; - ugetIntegrator = "Uget Integrator support"; - }; + nativeMessagingHosts = ({ + packages = mkOption { + type = types.listOf types.package; + default = []; + description = mdDoc '' + Additional packages containing native messaging hosts that should be made available to Firefox extensions. + ''; + }; + }) // (mapAttrs (k: v: mkEnableOption (mdDoc "${v.name} support")) nmhOptions); }; - config = mkIf cfg.enable { + config = let + forEachEnabledNmh = fn: flatten (mapAttrsToList (k: v: lib.optional cfg.nativeMessagingHosts.${k} (fn k v)) nmhOptions); + in mkIf cfg.enable { + warnings = forEachEnabledNmh (k: v: + "The `programs.firefox.nativeMessagingHosts.${k}` option is deprecated, " + + "please add `${v.package.pname}` to `programs.firefox.nativeMessagingHosts.packages` instead." + ); + programs.firefox.nativeMessagingHosts.packages = forEachEnabledNmh (_: v: v.package); + environment.systemPackages = [ (cfg.package.override (old: { - extraPrefs = cfg.autoConfig; - extraNativeMessagingHosts = - old.extraNativeMessagingHosts or [] - ++ optional nmh.ff2mpv pkgs.ff2mpv - ++ optional nmh.euwebid pkgs.web-eid-app - ++ optional nmh.gsconnect pkgs.gnomeExtensions.gsconnect - ++ optional nmh.jabref pkgs.jabref - ++ optional nmh.passff pkgs.passff-host; - cfg = let - # copy-pasted from the wrapper; TODO: figure out fix - applicationName = cfg.package.binaryName or (lib.getName cfg.package); - - oldCfg = old.cfg or {}; - nixpkgsConfig = pkgs.config.${applicationName} or {}; - optionConfig = cfg.wrapperConfig; - nmhConfig = { - enableBrowserpass = nmh.browserpass; - enableBukubrow = nmh.bukubrow; - enableTridactylNative = nmh.tridactyl; - enableUgetIntegrator = nmh.ugetIntegrator; - enableFXCastBridge = nmh.fxCast; - }; - in oldCfg // nixpkgsConfig // optionConfig // nmhConfig; + extraPrefsFiles = old.extraPrefsFiles or [] ++ [(pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig)]; + nativeMessagingHosts = old.nativeMessagingHosts or [] ++ cfg.nativeMessagingHosts.packages; + cfg = (old.cfg or {}) // cfg.wrapperConfig; })) ]; diff --git a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix index d18e303891e47..4f680eabbe15c 100644 --- a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix +++ b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix @@ -42,6 +42,6 @@ in services.dbus.packages = [ pkgs.gnome-browser-connector ]; - programs.firefox.wrapperConfig.enableGnomeExtensions = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnome-browser-connector ]; }; } diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index b38b35361cf02..12e27ef26ff3e 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -60,7 +60,6 @@ let ++ lib.optional (cfg.settings ? oidc_providers) "oidc" ++ lib.optional (cfg.settings ? jwt_config) "jwt" ++ lib.optional (cfg.settings ? saml2_config) "saml2" - ++ lib.optional (cfg.settings ? opentracing) "opentracing" ++ lib.optional (cfg.settings ? redis) "redis" ++ lib.optional (cfg.settings ? sentry) "sentry" ++ lib.optional (cfg.settings ? user_directory) "user-search" @@ -334,7 +333,6 @@ in { [ "cache-memory" # Provide statistics about caching memory consumption "jwt" # JSON Web Token authentication - "opentracing" # End-to-end tracing support using Jaeger "oidc" # OpenID Connect authentication "postgres" # PostgreSQL database backend "redis" # Redis support for the replication stream between worker processes diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index c82f02ecefecd..9db4c8e23025b 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -35,7 +35,10 @@ with lib; }; port = mkOption { type = types.nullOr port; - description = lib.mdDoc "Port number."; + description = lib.mdDoc '' + Port number to listen on. + If unset and the listen address is not a socket then nginx defaults to 80. + ''; default = null; }; ssl = mkOption { diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 285d0a1819317..fc32870457101 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -379,7 +379,7 @@ in # Update the start menu for each user that is currently logged in system.userActivationScripts.plasmaSetup = activationScript; - programs.firefox.wrapperConfig.enablePlasmaBrowserIntegration = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.plasma5Packages.plasma-browser-integration ]; }) (mkIf (cfg.kwinrc != {}) { diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index 64c8ab74bba6a..6f0a62d0ea899 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -49,7 +49,7 @@ let ''; }; - checkedSystemdBootBuilder = pkgs.runCommandLocal "systemd-boot" { + checkedSystemdBootBuilder = pkgs.runCommand "systemd-boot" { nativeBuildInputs = [ pkgs.mypy ]; } '' install -m755 ${systemdBootBuilder} $out diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 737a935711ae6..55d23b6fb8b5d 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -198,6 +198,39 @@ let fi ''} + ${lib.optionalString cfg.tpm.enable '' + NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}") + mkdir -p "$NIX_SWTPM_DIR" + ${lib.getExe cfg.tpm.package} \ + socket \ + --tpmstate dir="$NIX_SWTPM_DIR" \ + --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket,terminate \ + --pid file="$NIX_SWTPM_DIR"/pid --daemon \ + --tpm2 \ + --log file="$NIX_SWTPM_DIR"/stdout,level=6 + + # Enable `fdflags` builtin in Bash + # We will need it to perform surgical modification of the file descriptor + # passed in the coprocess to remove `FD_CLOEXEC`, i.e. close the file descriptor + # on exec. + # If let alone, it will trigger the coprocess to read EOF when QEMU is `exec` + # at the end of this script. To work around that, we will just clear + # the `FD_CLOEXEC` bits as a first step. + enable -f ${hostPkgs.bash}/lib/bash/fdflags fdflags + # leave a dangling subprocess because the swtpm ctrl socket has + # "terminate" when the last connection disconnects, it stops swtpm. + # When qemu stops, or if the main shell process ends, the coproc will + # get signaled by virtue of the pipe between main and coproc ending. + # Which in turns triggers a socat connect-disconnect to swtpm which + # will stop it. + coproc waitingswtpm { + read || : + echo "" | ${lib.getExe hostPkgs.socat} STDIO UNIX-CONNECT:"$NIX_SWTPM_DIR"/socket + } + # Clear `FD_CLOEXEC` on the coprocess' file descriptor stdin. + fdflags -s-cloexec ''${waitingswtpm[1]} + ''} + cd "$TMPDIR" ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} @@ -863,6 +896,32 @@ in }; }; + virtualisation.tpm = { + enable = mkEnableOption "a TPM device in the virtual machine with a driver, using swtpm."; + + package = mkPackageOptionMD cfg.host.pkgs "swtpm" { }; + + deviceModel = mkOption { + type = types.str; + default = ({ + "i686-linux" = "tpm-tis"; + "x86_64-linux" = "tpm-tis"; + "ppc64-linux" = "tpm-spapr"; + "armv7-linux" = "tpm-tis-device"; + "aarch64-linux" = "tpm-tis-device"; + }.${pkgs.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU")); + defaultText = '' + Based on the guest platform Linux system: + + - `tpm-tis` for (i686, x86_64) + - `tpm-spapr` for ppc64 + - `tpm-tis-device` for (armv7, aarch64) + ''; + example = "tpm-tis-device"; + description = lib.mdDoc "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed."; + }; + }; + virtualisation.useDefaultFilesystems = mkOption { type = types.bool; @@ -1028,7 +1087,8 @@ in boot.initrd.availableKernelModules = optional cfg.writableStore "overlay" - ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx"; + ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx" + ++ optional (cfg.tpm.enable) "tpm_tis"; virtualisation.additionalPaths = [ config.system.build.toplevel ]; @@ -1099,6 +1159,11 @@ in (mkIf (!cfg.graphics) [ "-nographic" ]) + (mkIf (cfg.tpm.enable) [ + "-chardev socket,id=chrtpm,path=\"$NIX_SWTPM_DIR\"/socket" + "-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm" + "-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0" + ]) ]; virtualisation.qemu.drives = mkMerge [ diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index 3f9cea6662fbe..fbea95dc75235 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -1,14 +1,7 @@ import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }: -let firefoxPackage' = firefoxPackage.override (args: { - extraPrefsFiles = (args.extraPrefsFiles or []) ++ [ - # make sure that autoplay is enabled by default for the audio test - (builtins.toString (builtins.toFile "autoplay-pref.js" ''defaultPref("media.autoplay.default",0);'')) - ]; - }); - -in { - name = firefoxPackage'.unwrapped.pname; + name = firefoxPackage.pname; + meta = with pkgs.lib.maintainers; { maintainers = [ eelco shlevy ]; }; @@ -17,10 +10,13 @@ in { pkgs, ... }: { imports = [ ./common/x11.nix ]; - environment.systemPackages = [ - firefoxPackage' - pkgs.xdotool - ]; + environment.systemPackages = [ pkgs.xdotool ]; + + programs.firefox = { + enable = true; + preferences."media.autoplay.default" = 0; + package = firefoxPackage; + }; # Create a virtual sound device, with mixing # and all, for recording audio. @@ -58,7 +54,9 @@ in }; - testScript = '' + testScript = let + exe = firefoxPackage.unwrapped.binaryName; + in '' from contextlib import contextmanager @@ -97,7 +95,7 @@ in with subtest("Wait until Firefox has finished loading the Valgrind docs page"): machine.execute( - "xterm -e '${firefoxPackage'.unwrapped.binaryName} file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' >&2 &" + "xterm -e '${exe} file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' >&2 &" ) machine.wait_for_window("Valgrind") machine.sleep(40) @@ -105,7 +103,7 @@ in with subtest("Check whether Firefox can play sound"): with record_audio(machine): machine.succeed( - "${firefoxPackage'.unwrapped.binaryName} file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga >&2 &" + "${exe} file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga >&2 &" ) wait_for_sound(machine) machine.copy_from_vm("/tmp/record.wav") diff --git a/nixos/tests/systemd-credentials-tpm2.nix b/nixos/tests/systemd-credentials-tpm2.nix index d2dc1fd7b615b..bf74183122368 100644 --- a/nixos/tests/systemd-credentials-tpm2.nix +++ b/nixos/tests/systemd-credentials-tpm2.nix @@ -1,13 +1,4 @@ -import ./make-test-python.nix ({ lib, pkgs, system, ... }: - -let - tpmSocketPath = "/tmp/swtpm-sock"; - tpmDeviceModels = { - x86_64-linux = "tpm-tis"; - aarch64-linux = "tpm-tis-device"; - }; -in - +import ./make-test-python.nix ({ lib, pkgs, ... }: { name = "systemd-credentials-tpm2"; @@ -16,51 +7,11 @@ in }; nodes.machine = { pkgs, ... }: { - virtualisation = { - qemu.options = [ - "-chardev socket,id=chrtpm,path=${tpmSocketPath}" - "-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm" - "-device ${tpmDeviceModels.${system}},tpmdev=tpm_dev_0" - ]; - }; - - boot.initrd.availableKernelModules = [ "tpm_tis" ]; - + virtualisation.tpm.enable = true; environment.systemPackages = with pkgs; [ diffutils ]; }; testScript = '' - import subprocess - from tempfile import TemporaryDirectory - - # From systemd-initrd-luks-tpm2.nix - class Tpm: - def __init__(self): - self.state_dir = TemporaryDirectory() - self.start() - - def start(self): - self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", - "socket", - "--tpmstate", f"dir={self.state_dir.name}", - "--ctrl", "type=unixio,path=${tpmSocketPath}", - "--tpm2", - ]) - - # Check whether starting swtpm failed - try: - exit_code = self.proc.wait(timeout=0.2) - if exit_code is not None and exit_code != 0: - raise Exception("failed to start swtpm") - except subprocess.TimeoutExpired: - pass - - """Check whether the swtpm process exited due to an error""" - def check(self): - exit_code = self.proc.poll() - if exit_code is not None and exit_code != 0: - raise Exception("swtpm process died") - CRED_NAME = "testkey" CRED_RAW_FILE = f"/root/{CRED_NAME}" CRED_FILE = f"/root/{CRED_NAME}.cred" @@ -85,12 +36,6 @@ in machine.log("systemd-run finished successfully") - tpm = Tpm() - - @polling_condition - def swtpm_running(): - tpm.check() - machine.wait_for_unit("multi-user.target") with subtest("Check whether TPM device exists"): diff --git a/nixos/tests/systemd-cryptenroll.nix b/nixos/tests/systemd-cryptenroll.nix index 055ae7d1681f2..034aae1d5e955 100644 --- a/nixos/tests/systemd-cryptenroll.nix +++ b/nixos/tests/systemd-cryptenroll.nix @@ -8,47 +8,34 @@ import ./make-test-python.nix ({ pkgs, ... }: { environment.systemPackages = [ pkgs.cryptsetup ]; virtualisation = { emptyDiskImages = [ 512 ]; - qemu.options = [ - "-chardev socket,id=chrtpm,path=/tmp/swtpm-sock" - "-tpmdev emulator,id=tpm0,chardev=chrtpm" - "-device tpm-tis,tpmdev=tpm0" - ]; + tpm.enable = true; }; }; testScript = '' - import subprocess - import tempfile - - def start_swtpm(tpmstate): - subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir="+tpmstate, "--ctrl", "type=unixio,path=/tmp/swtpm-sock", "--log", "level=0", "--tpm2"]) - - with tempfile.TemporaryDirectory() as tpmstate: - start_swtpm(tpmstate) - machine.start() - - # Verify the TPM device is available and accessible by systemd-cryptenroll - machine.succeed("test -e /dev/tpm0") - machine.succeed("test -e /dev/tpmrm0") - machine.succeed("systemd-cryptenroll --tpm2-device=list") - - # Create LUKS partition - machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -") - # Enroll new LUKS key and bind it to Secure Boot state - # For more details on PASSWORD variable, check the following issue: - # https://github.com/systemd/systemd/issues/20955 - machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb") - # Add LUKS partition to /etc/crypttab to test auto unlock - machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab") - machine.shutdown() - - start_swtpm(tpmstate) - machine.start() - - # Test LUKS partition automatic unlock on boot - machine.wait_for_unit("systemd-cryptsetup@luks.service") - # Wipe TPM2 slot - machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb") + machine.start() + + # Verify the TPM device is available and accessible by systemd-cryptenroll + machine.succeed("test -e /dev/tpm0") + machine.succeed("test -e /dev/tpmrm0") + machine.succeed("systemd-cryptenroll --tpm2-device=list") + + # Create LUKS partition + machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -") + # Enroll new LUKS key and bind it to Secure Boot state + # For more details on PASSWORD variable, check the following issue: + # https://github.com/systemd/systemd/issues/20955 + machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb") + # Add LUKS partition to /etc/crypttab to test auto unlock + machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab") + + machine.shutdown() + machine.start() + + # Test LUKS partition automatic unlock on boot + machine.wait_for_unit("systemd-cryptsetup@luks.service") + # Wipe TPM2 slot + machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb") ''; }) diff --git a/nixos/tests/systemd-initrd-luks-tpm2.nix b/nixos/tests/systemd-initrd-luks-tpm2.nix index d9dd9118a3a24..e292acfd1c5f9 100644 --- a/nixos/tests/systemd-initrd-luks-tpm2.nix +++ b/nixos/tests/systemd-initrd-luks-tpm2.nix @@ -9,7 +9,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { # Booting off the TPM2-encrypted device requires an available init script mountHostNixStore = true; useEFIBoot = true; - qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"]; + tpm.enable = true; }; boot.loader.systemd-boot.enable = true; @@ -33,29 +33,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { }; testScript = '' - import subprocess - import os - import time - - - class Tpm: - def __init__(self): - os.mkdir("/tmp/mytpm1") - self.start() - - def start(self): - self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir=/tmp/mytpm1", "--ctrl", "type=unixio,path=/tmp/mytpm1/swtpm-sock", "--log", "level=20", "--tpm2"]) - - def wait_for_death_then_restart(self): - while self.proc.poll() is None: - print("waiting for tpm to die") - time.sleep(1) - assert self.proc.returncode == 0 - self.start() - - tpm = Tpm() - - # Create encrypted volume machine.wait_for_unit("multi-user.target") machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") @@ -66,8 +43,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { machine.succeed("sync") machine.crash() - tpm.wait_for_death_then_restart() - # Boot and decrypt the disk machine.wait_for_unit("multi-user.target") assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 28e97bcaa41e8..ed1ec5692a0c5 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -34,6 +34,7 @@ let , nameSuffix ? "" , icon ? applicationName , wmClass ? applicationName + , nativeMessagingHosts ? [] , extraNativeMessagingHosts ? [] , pkcs11Modules ? [] , useGlvnd ? true @@ -62,18 +63,28 @@ let # PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards smartcardSupport = cfg.smartcardSupport or false; - nativeMessagingHosts = - [ ] - ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) - ++ lib.optional (cfg.enableBukubrow or false) bukubrow - ++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native - ++ lib.optional (cfg.enableGnomeExtensions or false) gnome-browser-connector - ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator - ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration - ++ lib.optional (cfg.enableFXCastBridge or false) fx-cast-bridge - ++ lib.optional (cfg.enableKeePassXC or false) keepassxc - ++ extraNativeMessagingHosts - ; + deprecatedNativeMessagingHost = option: pkg: + if (cfg.${option} or false) + then + lib.warn "The cfg.${option} argument for `firefox.override` is deprecated, please add `pkgs.${pkg.pname}` to `nativeMessagingHosts` instead" + [pkg] + else []; + + allNativeMessagingHosts = builtins.map lib.getBin ( + nativeMessagingHosts + ++ deprecatedNativeMessagingHost "enableBrowserpass" browserpass + ++ deprecatedNativeMessagingHost "enableBukubrow" bukubrow + ++ deprecatedNativeMessagingHost "enableTridactylNative" tridactyl-native + ++ deprecatedNativeMessagingHost "enableGnomeExtensions" gnome-browser-connector + ++ deprecatedNativeMessagingHost "enableUgetIntegrator" uget-integrator + ++ deprecatedNativeMessagingHost "enablePlasmaBrowserIntegration" plasma5Packages.plasma-browser-integration + ++ deprecatedNativeMessagingHost "enableFXCastBridge" fx-cast-bridge + ++ deprecatedNativeMessagingHost "enableKeePassXC" keepassxc + ++ (if extraNativeMessagingHosts != [] + then lib.warn "The extraNativeMessagingHosts argument for the Firefox wrapper is deprecated, please use `nativeMessagingHosts`" extraNativeMessagingHosts + else []) + ); + libs = lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups pciutils ] ++ lib.optional pipewireSupport pipewire ++ lib.optional ffmpegSupport ffmpeg_5 @@ -338,7 +349,7 @@ let install -D -t $out/share/applications $desktopItem/share/applications/* mkdir -p $out/lib/mozilla/native-messaging-hosts - for ext in ${toString nativeMessagingHosts}; do + for ext in ${toString allNativeMessagingHosts}; do ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/* done diff --git a/pkgs/applications/science/electronics/verilator/default.nix b/pkgs/applications/science/electronics/verilator/default.nix index 90601651e5109..86d6716eaeb75 100644 --- a/pkgs/applications/science/electronics/verilator/default.nix +++ b/pkgs/applications/science/electronics/verilator/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "verilator"; - version = "5.012"; + version = "5.016"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - hash = "sha256-Y6GkIgkauayJmGhOQg2kWjbcxYVIob6InMopv555Lb8="; + hash = "sha256-MVQbAZXSIdzX7+yKbSrFLLd0j6dfLSXpES3uu6bcPt8="; }; enableParallelBuilding = true; diff --git a/pkgs/applications/video/mediathekview/default.nix b/pkgs/applications/video/mediathekview/default.nix index 36d941ec94f42..6db16f1aec066 100644 --- a/pkgs/applications/video/mediathekview/default.nix +++ b/pkgs/applications/video/mediathekview/default.nix @@ -42,6 +42,7 @@ stdenv.mkDerivation rec { homepage = "https://mediathekview.de/"; sourceProvenance = with sourceTypes; [ binaryBytecode ]; license = licenses.gpl3Plus; + mainProgram = "mediathek"; maintainers = with maintainers; [ moredread ]; platforms = platforms.all; }; diff --git a/pkgs/build-support/rust/build-rust-crate/default.nix b/pkgs/build-support/rust/build-rust-crate/default.nix index 4e3e2045e8ec4..d977fb9f7c27e 100644 --- a/pkgs/build-support/rust/build-rust-crate/default.nix +++ b/pkgs/build-support/rust/build-rust-crate/default.nix @@ -366,6 +366,10 @@ crate_: lib.makeOverridable meta = { mainProgram = crateName; + badPlatforms = [ + # Rust is currently unable to target the n32 ABI + lib.systems.inspect.patterns.isMips64n32 + ]; }; } // extraDerivationAttrs ) diff --git a/pkgs/build-support/rust/build-rust-package/default.nix b/pkgs/build-support/rust/build-rust-package/default.nix index a27c1de013b19..0b28121a5b7a4 100644 --- a/pkgs/build-support/rust/build-rust-package/default.nix +++ b/pkgs/build-support/rust/build-rust-package/default.nix @@ -162,5 +162,9 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg "x86_64-redox" "wasm32-wasi" ]; + badPlatforms = [ + # Rust is currently unable to target the n32 ABI + lib.systems.inspect.patterns.isMips64n32 + ]; } // meta; }) diff --git a/pkgs/by-name/ri/river-bnf/package.nix b/pkgs/by-name/ri/river-bnf/package.nix new file mode 100644 index 0000000000000..f869a6e2ff0c0 --- /dev/null +++ b/pkgs/by-name/ri/river-bnf/package.nix @@ -0,0 +1,42 @@ +{ lib +, stdenv +, fetchFromSourcehut +, wayland +, wayland-scanner +, unstableGitUpdater +}: + +stdenv.mkDerivation rec { + pname = "river-bnf"; + version = "unstable-2023-10-10"; + + src = fetchFromSourcehut { + owner = "~leon_plickat"; + repo = pname; + rev = "bb8ded380ed5d539777533065b4fd33646ad5603"; + hash = "sha256-rm9Nt3WLgq9QOXzrkYBGp45EALNYFTQGInxfYIN0XcU="; + }; + + nativeBuildInputs = [ + wayland-scanner + ]; + + buildInputs = [ + wayland.dev + ]; + + postPatch = '' + substituteInPlace Makefile --replace '/usr/local' $out + ''; + + passthru.updateScript = unstableGitUpdater { }; + + meta = { + description = "Switch back'n'forth between river tags"; + homepage = "https://git.sr.ht/~leon_plickat/river-bnf"; + license = lib.licenses.gpl3Only; + maintainers = with lib.maintainers; [ adamcstephens ]; + mainProgram = "river-bnf"; + platforms = lib.platforms.linux; + }; +} diff --git a/pkgs/development/libraries/gtk/2.x.nix b/pkgs/development/libraries/gtk/2.x.nix index 539cfc37051ba..b2afb21b6214e 100644 --- a/pkgs/development/libraries/gtk/2.x.nix +++ b/pkgs/development/libraries/gtk/2.x.nix @@ -66,6 +66,8 @@ stdenv.mkDerivation (finalAttrs: { ] ++ lib.optionals stdenv.isDarwin [ ./patches/2.0-gnome_bugzilla_557780_306776_freeciv_darwin.patch ./patches/2.0-darwin-x11.patch + # Fixes an incompatible function pointer conversion and implicit int errors with clang 16. + ./patches/2.0-clang.patch ]; propagatedBuildInputs = [ diff --git a/pkgs/development/libraries/gtk/patches/2.0-clang.patch b/pkgs/development/libraries/gtk/patches/2.0-clang.patch new file mode 100644 index 0000000000000..1e2e73b9833d7 --- /dev/null +++ b/pkgs/development/libraries/gtk/patches/2.0-clang.patch @@ -0,0 +1,49 @@ +diff --git a/gtk/gtkscale.c b/gtk/gtkscale.c +index 4317523fb8..3c09cd3ae8 100644 +--- a/gtk/gtkscale.c ++++ b/gtk/gtkscale.c +@@ -1471,7 +1471,7 @@ gtk_scale_add_mark (GtkScale *scale, + mark->position = position; + + priv->marks = g_slist_insert_sorted_with_data (priv->marks, mark, +- (GCompareFunc) compare_marks, ++ (GCompareDataFunc) compare_marks, + GINT_TO_POINTER ( + gtk_range_get_inverted (GTK_RANGE (scale)) + )); +diff --git a/tests/testmenubars.c b/tests/testmenubars.c +index 416a939861..c65e82be26 100644 +--- a/tests/testmenubars.c ++++ b/tests/testmenubars.c +@@ -21,7 +21,7 @@ + #include <gtk/gtk.h> + + static GtkWidget * +-create_menu (depth) ++create_menu (int depth, gboolean _unused) + { + GtkWidget *menu; + GtkWidget *menuitem; +@@ -35,19 +35,19 @@ create_menu (depth) + gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem); + gtk_widget_show (menuitem); + gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), +- create_menu (depth - 1)); ++ create_menu (depth - 1, _unused)); + + menuitem = gtk_menu_item_new_with_mnemonic ("Two"); + gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem); + gtk_widget_show (menuitem); + gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), +- create_menu (depth - 1)); ++ create_menu (depth - 1, _unused)); + + menuitem = gtk_menu_item_new_with_mnemonic ("Three"); + gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem); + gtk_widget_show (menuitem); + gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), +- create_menu (depth - 1)); ++ create_menu (depth - 1, _unused)); + + return menu; + } diff --git a/pkgs/development/libraries/lzlib/default.nix b/pkgs/development/libraries/lzlib/default.nix index 4e28fc3a5b0d2..b8c86221b489d 100644 --- a/pkgs/development/libraries/lzlib/default.nix +++ b/pkgs/development/libraries/lzlib/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { substituteInPlace Makefile.in --replace '-Wl,--soname=' '-Wl,-install_name,$(out)/lib/' ''; - makeFlags = [ "CC:=$(CC)" ]; + makeFlags = [ "CC:=$(CC)" "AR:=$(AR)" ]; doCheck = true; configureFlags = [ "--enable-shared" ]; diff --git a/pkgs/development/ocaml-modules/carton/default.nix b/pkgs/development/ocaml-modules/carton/default.nix index 727d407ac5423..7ba02d68ff5f4 100644 --- a/pkgs/development/ocaml-modules/carton/default.nix +++ b/pkgs/development/ocaml-modules/carton/default.nix @@ -8,14 +8,13 @@ buildDunePackage rec { pname = "carton"; - version = "0.6.0"; + version = "0.7.0"; minimalOCamlVersion = "4.08"; - duneVersion = "3"; src = fetchurl { url = "https://github.com/mirage/ocaml-git/releases/download/${pname}-v${version}/git-${pname}-v${version}.tbz"; - hash = "sha256-NAm4Xq7L0Dgynr8cKZQ356M4GR6D19LbCRxvnSlIf1U="; + hash = "sha256-vWkBJdP4ZpRCEwzrFMzsdHay4VyiXix/+1qzk+7yDvk="; }; patches = [ diff --git a/pkgs/development/python-modules/aiowithings/default.nix b/pkgs/development/python-modules/aiowithings/default.nix index bc6e695343422..19d9997ed8d7c 100644 --- a/pkgs/development/python-modules/aiowithings/default.nix +++ b/pkgs/development/python-modules/aiowithings/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "aiowithings"; - version = "0.4.4"; + version = "1.0.0"; pyproject = true; disabled = pythonOlder "3.11"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "joostlek"; repo = "python-withings"; rev = "refs/tags/v${version}"; - hash = "sha256-YmTYwj3Udo1Pev25LLvY7757BR0h44aefqIe8b8FlTc="; + hash = "sha256-3necwO/EpjWD1fAItqsZJKgv0CIBklxcM1jNRPxhSVY="; }; postPatch = '' diff --git a/pkgs/development/python-modules/pyfibaro/default.nix b/pkgs/development/python-modules/pyfibaro/default.nix index b1a38f11f6acc..2f059d19a1b9f 100644 --- a/pkgs/development/python-modules/pyfibaro/default.nix +++ b/pkgs/development/python-modules/pyfibaro/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "pyfibaro"; - version = "0.7.5"; + version = "0.7.6"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "rappenze"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-hllYxPPbLu3dpjHwXfIvTMW0LWtcglTVfN7youZaXTw="; + hash = "sha256-yE9HkAlGj1t90FwmwHDsk3ea2UOl0bG3UtYXxz/SWbI="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/pywemo/default.nix b/pkgs/development/python-modules/pywemo/default.nix index 277de7a83170d..69b8114a95e57 100644 --- a/pkgs/development/python-modules/pywemo/default.nix +++ b/pkgs/development/python-modules/pywemo/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "pywemo"; - version = "1.3.0"; + version = "1.3.1"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = pname; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-+AdNT7ClT8JkYLkwk+IVNWgXGS04WNtENOtqmbjv7nQ="; + hash = "sha256-RZeg6/xAGRumd4aM/mQQnIrIXB/rUrdeQQxk2c1mJNI="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/qbittorrent-api/default.nix b/pkgs/development/python-modules/qbittorrent-api/default.nix index a31438335ef82..16ad74dd24695 100644 --- a/pkgs/development/python-modules/qbittorrent-api/default.nix +++ b/pkgs/development/python-modules/qbittorrent-api/default.nix @@ -11,12 +11,12 @@ buildPythonPackage rec { pname = "qbittorrent-api"; - version = "2023.9.53"; + version = "2023.10.54"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-/q0bL1WxIn6giOp9kLUCLZRpS/2d2Rdr61rRwZXQRP8="; + hash = "sha256-xCHB/pPURc1+vje6IhBHZ6HogUsmYfBE9977Qtwoc2w="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/rotary-embedding-torch/default.nix b/pkgs/development/python-modules/rotary-embedding-torch/default.nix index 1c93184a36e6f..450fa9c8bee21 100644 --- a/pkgs/development/python-modules/rotary-embedding-torch/default.nix +++ b/pkgs/development/python-modules/rotary-embedding-torch/default.nix @@ -13,14 +13,14 @@ buildPythonPackage rec { pname = "rotary-embedding-torch"; - version = "0.3.2"; + version = "0.3.3"; pyproject = true; src = fetchFromGitHub { owner = "lucidrains"; repo = "rotary-embedding-torch"; rev = version; - hash = "sha256-EozW8J1i/2ym1hwUMciaWVtp7kSWfG+mC5RkWLJdK3g="; + hash = "sha256-uTOKdxqbSLRJl0gnz3TvpVwhrfqflAp0wfn6d13+YrM="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/rust/crate2nix/default.nix b/pkgs/development/tools/rust/crate2nix/default.nix index cba3b4b3dd7df..5f8b3d2cdc6ec 100644 --- a/pkgs/development/tools/rust/crate2nix/default.nix +++ b/pkgs/development/tools/rust/crate2nix/default.nix @@ -10,18 +10,18 @@ rustPlatform.buildRustPackage rec { pname = "crate2nix"; - version = "0.10.0"; + version = "0.11.0"; src = fetchFromGitHub { - owner = "kolloch"; + owner = "nix-community"; repo = pname; rev = version; - sha256 = "sha256-JaF9/H3m4Wrc5MtXcONkOAgKVkswLVw0yZe0dBr2e4Y="; + sha256 = "sha256-nyX1lfaA0eBSB/BaxPzCsyD8p/hxCwNIvr4Ru3i/YX0="; }; sourceRoot = "${src.name}/crate2nix"; - cargoSha256 = "sha256-PD7R1vcb3FKd4hfpViKyvfCExJ5H1Xo2HPYden5zpxQ="; + cargoSha256 = "sha256-3+emOr3hh+DDkboJbYyJFZgkzmcdA9jdronz7wM4x28="; nativeBuildInputs = [ makeWrapper ]; @@ -32,6 +32,13 @@ rustPlatform.buildRustPackage rec { postFixup = '' wrapProgram $out/bin/crate2nix \ --suffix PATH ":" ${lib.makeBinPath [ cargo nix nix-prefetch-git ]} + + rm -rf $out/lib $out/bin/crate2nix.d + mkdir -p \ + $out/share/bash-completion/completions \ + $out/share/zsh/vendor-completions + $out/bin/crate2nix completions -s 'bash' -o $out/share/bash-completion/completions + $out/bin/crate2nix completions -s 'zsh' -o $out/share/zsh/vendor-completions ''; meta = with lib; { @@ -40,9 +47,10 @@ rustPlatform.buildRustPackage rec { Crate2nix generates Nix files from Cargo.toml/lock files so that you can build every crate individually in a Nix sandbox. ''; - homepage = "https://github.com/kolloch/crate2nix"; + homepage = "https://github.com/nix-community/crate2nix"; license = licenses.asl20; maintainers = with maintainers; [ kolloch cole-h ]; platforms = platforms.all; }; } + diff --git a/pkgs/os-specific/linux/zfs/generic.nix b/pkgs/os-specific/linux/zfs/generic.nix index 7bb4a1b7496e6..8adbb8cab8f91 100644 --- a/pkgs/os-specific/linux/zfs/generic.nix +++ b/pkgs/os-specific/linux/zfs/generic.nix @@ -202,15 +202,15 @@ stdenv'.mkDerivation { changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}"; license = lib.licenses.cddl; - # The case-block for TARGET_CPU has branches for only five CPU families, + # The case-block for TARGET_CPU has branches for only some CPU families, # which prevents ZFS from building on any other platform. Since the NixOS # `boot.zfs.enabled` property is `readOnly`, excluding platforms where ZFS # does not build is the only way to produce a NixOS installer on such # platforms. - # https://github.com/openzfs/zfs/blob/6a6bd493988c75331deab06e5352a9bed035a87d/config/always-arch.m4#L16 + # https://github.com/openzfs/zfs/blob/6723d1110f6daf93be93db74d5ea9f6b64c9bce5/config/always-arch.m4#L12 platforms = with lib.systems.inspect.patterns; - map (p: p // isLinux) [ isx86_32 isx86_64 isPower isAarch64 isSparc ]; + map (p: p // isLinux) ([ isx86_32 isx86_64 isPower isAarch64 isSparc ] ++ isArmv7); maintainers = with lib.maintainers; [ jcumming jonringer globin raitobezarius ]; mainProgram = "zfs"; diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index 04077ad2c261c..9de7a7e093f1d 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -113,10 +113,6 @@ python3.pkgs.buildPythonApplication rec { sentry = [ sentry-sdk ]; - opentracing = [ - jaeger-client - opentracing - ]; jwt = [ authlib ]; diff --git a/pkgs/servers/mpd/default.nix b/pkgs/servers/mpd/default.nix index 0f92847a23788..aa781f7e26fb8 100644 --- a/pkgs/servers/mpd/default.nix +++ b/pkgs/servers/mpd/default.nix @@ -9,7 +9,7 @@ , audiofile, faad2, ffmpeg, flac, fluidsynth, game-music-emu , libmad, libmikmod, mpg123, libopus, libvorbis, lame # Filters -, libsamplerate +, libsamplerate, soxr # Outputs , alsa-lib, libjack2, libpulseaudio, libshout, pipewire # Misc @@ -62,6 +62,7 @@ let lame = [ lame ]; # Filter plugins libsamplerate = [ libsamplerate ]; + soxr = [ soxr ]; # Output plugins alsa = [ alsa-lib ]; jack = [ libjack2 ]; diff --git a/pkgs/servers/tracing/tempo/default.nix b/pkgs/servers/tracing/tempo/default.nix index 2a992d01ad6a9..d837b6b264274 100644 --- a/pkgs/servers/tracing/tempo/default.nix +++ b/pkgs/servers/tracing/tempo/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, fetchpatch }: buildGoModule rec { pname = "tempo"; @@ -12,6 +12,15 @@ buildGoModule rec { hash = "sha256-23wjD8HTSEGonIMAWCoKORMLIISASxlN4FeY+Bmt/+I="; }; + patches = [ + # Backport patch for Go 1.21 compatibility + # FIXME: remove after 2.3.0 + (fetchpatch { + url = "https://github.com/grafana/tempo/commit/0d37e8f0edd8a96876b0a5f5ab97ef79ff04608f.patch"; + hash = "sha256-YC59g5pdcrwJeQ4raS0Oq+fZvRBKFj4johZtGTAYpEs="; + }) + ]; + vendorHash = null; subPackages = [ diff --git a/pkgs/tools/misc/rpi-imager/default.nix b/pkgs/tools/misc/rpi-imager/default.nix index 61ca001563f59..579aa7fcc5e9c 100644 --- a/pkgs/tools/misc/rpi-imager/default.nix +++ b/pkgs/tools/misc/rpi-imager/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , wrapQtAppsHook , cmake +, pkg-config , util-linux , curl , libarchive @@ -12,23 +13,26 @@ , qttools , qtquickcontrols2 , qtgraphicaleffects +, xz +, testers , nix-update-script , enableTelemetry ? false }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "rpi-imager"; - version = "1.7.5"; + version = "1.8.1"; src = fetchFromGitHub { owner = "raspberrypi"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-yB+H1zWL40KzxOrBuvg7nBC3zmWilsOgOW7ndiDWuDA="; + repo = finalAttrs.pname; + rev = "refs/tags/v${finalAttrs.version}"; + sha256 = "sha256-drHiZ0eYYvJg6/v3oEozGAbBKm1KLpec+kYZWwpT9yM="; }; nativeBuildInputs = [ cmake + pkg-config util-linux wrapQtAppsHook ]; @@ -48,40 +52,34 @@ stdenv.mkDerivation rec { qttools qtquickcontrols2 qtgraphicaleffects + xz ]; - sourceRoot = "${src.name}/src"; + sourceRoot = "${finalAttrs.src.name}/src"; /* By default, the builder checks for JSON support in lsblk by running "lsblk --json", but that throws an error, as /sys/dev doesn't exist in the sandbox. This patch removes the check. */ patches = [ ./lsblkCheckFix.patch ]; - doInstallCheck = true; - - installCheckPhase = '' - runHook preInstallCheck - - # Without this, the tests fail because they cannot create the QT Window - export QT_QPA_PLATFORM=offscreen - $out/bin/rpi-imager --version - - runHook postInstallCheck - ''; - passthru = { + tests.version = testers.testVersion { + package = finalAttrs.finalPackage; + command = "QT_QPA_PLATFORM=offscreen rpi-imager --version"; + }; updateScript = nix-update-script { }; }; meta = with lib; { description = "Raspberry Pi Imaging Utility"; homepage = "https://www.raspberrypi.com/software/"; - changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${version}"; + changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${finalAttrs.version}"; downloadPage = "https://github.com/raspberrypi/rpi-imager/"; license = licenses.asl20; + mainProgram = "rpi-imager"; maintainers = with maintainers; [ ymarkus anthonyroussel ]; platforms = platforms.all; # does not build on darwin broken = stdenv.isDarwin; }; -} +}) diff --git a/pkgs/tools/misc/ttyplot/default.nix b/pkgs/tools/misc/ttyplot/default.nix index 7becc090a83bf..a136031dfc137 100644 --- a/pkgs/tools/misc/ttyplot/default.nix +++ b/pkgs/tools/misc/ttyplot/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "ttyplot"; - version = "1.4"; + version = "1.5"; src = fetchFromGitHub { owner = "tenox7"; repo = "ttyplot"; rev = version; - sha256 = "19qm0hx9ljdw9qg78lydn3c627xy7xnx3knq5f7caw9lf0cdp7kf"; + sha256 = "sha256-COnqzWqah1J/q64XrOBhMOsrafAs/BptqNvrjHJ9edQ="; }; buildInputs = [ ncurses ]; diff --git a/pkgs/tools/networking/nqptp/default.nix b/pkgs/tools/networking/nqptp/default.nix index 5261a6afb58f0..2db121e2d1891 100644 --- a/pkgs/tools/networking/nqptp/default.nix +++ b/pkgs/tools/networking/nqptp/default.nix @@ -3,26 +3,36 @@ , fetchFromGitHub , autoreconfHook , pkg-config +, gitUpdater }: stdenv.mkDerivation rec { - version = "1.2.3"; + version = "1.2.4"; pname = "nqptp"; src = fetchFromGitHub { owner = "mikebrady"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-Ppsz3hDG6sEf6LJ2WdbTdJ8Gi53f0YmvaUU8TOfVMz4="; + hash = "sha256-roTNcr3v2kzE6vQ5plAVtlw1+2yJplltOYsGGibtoZo="; }; + patches = [ + # this patch should be removed when > 1.2.4 + ./remove-setcap.patch + ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; - meta = with lib; { + passthru.updateScript = gitUpdater { + ignoredVersions = ".*(-dev|d0)"; + }; + + meta = { homepage = "https://github.com/mikebrady/nqptp"; description = "Daemon and companion application to Shairport Sync that monitors timing data from any PTP clocks"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ jordanisaacs ]; - platforms = platforms.linux ++ platforms.freebsd; + license = lib.licenses.gpl2Only; + maintainers = with lib.maintainers; [ jordanisaacs adamcstephens ]; + platforms = lib.platforms.linux ++ lib.platforms.freebsd; }; } diff --git a/pkgs/tools/networking/nqptp/remove-setcap.patch b/pkgs/tools/networking/nqptp/remove-setcap.patch new file mode 100644 index 0000000000000..2fa56ac0150a4 --- /dev/null +++ b/pkgs/tools/networking/nqptp/remove-setcap.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile.am b/Makefile.am +index 78f36d7..8dc4e4f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -19,8 +19,6 @@ endif + + install-exec-hook: + if BUILD_FOR_LINUX +-# NQPTP runs as user/group nqptp/nqptp on Linux and uses setcap to access ports 319 and 320 +- setcap 'cap_net_bind_service=+ep' $(bindir)/nqptp + # no installer for System V + if INSTALL_SYSTEMD_STARTUP + getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 463a5a6cd576b..00d36466617a5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14039,6 +14039,7 @@ with pkgs; trezord = callPackage ../servers/trezord { inherit (darwin.apple_sdk.frameworks) AppKit; + buildGoModule = buildGo120Module; }; trezor_agent = with python3Packages; toPythonApplication trezor_agent; |