diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-11-20 18:01:45 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-20 18:01:45 +0000 |
| commit | 77fbd162dfb1cb918242bdaef3f3cd08f569f48a (patch) | |
| tree | a3a7d210a9ad9d66bcb705111466429b96f76486 | |
| parent | 800d82aea922942501f27ea89b99c8d6dcd6d3b9 (diff) | |
| parent | 1fde037c419c8d070a3a67ac7036b444c3ae08d6 (diff) | |
Merge staging-next into staging
54 files changed, 657 insertions, 301 deletions
diff --git a/doc/stdenv/cross-compilation.chapter.md b/doc/stdenv/cross-compilation.chapter.md index 0eff70de5ca1d..5f7ff513959ab 100644 --- a/doc/stdenv/cross-compilation.chapter.md +++ b/doc/stdenv/cross-compilation.chapter.md @@ -250,5 +250,5 @@ Thirdly, it is because everything target-mentioning only exists to accommodate c ::: ::: {.note} -If one explores Nixpkgs, they will see derivations with names like `gccCross`. Such `*Cross` derivations is a holdover from before we properly distinguished between the host and target platforms—the derivation with “Cross” in the name covered the `build = host != target` case, while the other covered the `host = target`, with build platform the same or not based on whether one was using its `.nativeDrv` or `.crossDrv`. This ugliness will disappear soon. +If one explores Nixpkgs, they will see derivations with names like `gccCross`. Such `*Cross` derivations is a holdover from before we properly distinguished between the host and target platforms—the derivation with “Cross” in the name covered the `build = host != target` case, while the other covered the `host = target`, with build platform the same or not based on whether one was using its `.__spliced.buildHost` or `.__spliced.hostTarget`. ::: diff --git a/lib/customisation.nix b/lib/customisation.nix index cc9a9b1c55d0a..bd7ee3c83b8cf 100644 --- a/lib/customisation.nix +++ b/lib/customisation.nix @@ -38,12 +38,15 @@ rec { // (drv.passthru or {}) // - (if (drv ? crossDrv && drv ? nativeDrv) - then { - crossDrv = overrideDerivation drv.crossDrv f; - nativeDrv = overrideDerivation drv.nativeDrv f; - } - else { })); + # TODO(@Artturin): remove before release 23.05 and only have __spliced. + (lib.optionalAttrs (drv ? crossDrv && drv ? nativeDrv) { + crossDrv = overrideDerivation drv.crossDrv f; + nativeDrv = overrideDerivation drv.nativeDrv f; + }) + // + lib.optionalAttrs (drv ? __spliced) { + __spliced = {} // (lib.mapAttrs (_: sDrv: overrideDerivation sDrv f) drv.__spliced); + }); /* `makeOverridable` takes a function from attribute set to attribute set and diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 1b6e9a0f7f356..c56cfb10538bb 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -141,6 +141,11 @@ </listitem> <listitem> <para> + PHP 8.2.0 RC 6 is available. + </para> + </listitem> + <listitem> + <para> <literal>protonup</literal> has been aliased to and replaced by <literal>protonup-ng</literal> due to upstream not maintaining it. @@ -626,6 +631,23 @@ </listitem> <listitem> <para> + The <literal>openssl</literal>-extension for the PHP + interpreter used by Nextcloud is built against OpenSSL 1.1 if + <xref linkend="opt-system.stateVersion" /> is below + <literal>22.11</literal>. This is to make sure that people + using + <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side + encryption</link> don’t loose access to their files. + </para> + <para> + In any other case it’s safe to use OpenSSL 3 for PHP’s openssl + extension. This can be done by setting + <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" /> + to <literal>false</literal>. + </para> + </listitem> + <listitem> + <para> The <literal>coq</literal> package and versioned variants starting at <literal>coq_8_14</literal> no longer include CoqIDE, which is now available through diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index dab7d3723e306..5daafa8e986b4 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -57,6 +57,8 @@ In addition to numerous new and upgraded packages, this release has the followin `mod_php` usage we still enable `ZTS` (Zend Thread Safe). This has been a common practice for a long time in other distributions. +- PHP 8.2.0 RC 6 is available. + - `protonup` has been aliased to and replaced by `protonup-ng` due to upstream not maintaining it. - Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default. @@ -202,6 +204,13 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead. +- The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if + [](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html) + don't loose access to their files. + + In any other case it's safe to use OpenSSL 3 for PHP's openssl extension. This can be done by setting + [](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`. + - The `coq` package and versioned variants starting at `coq_8_14` no longer include CoqIDE, which is now available through `coqPackages.coqide`. It is still possible to get CoqIDE as part of diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 04599884f139c..da621573f2a26 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -13,7 +13,12 @@ let phpPackage = cfg.phpPackage.buildEnv { extensions = { enabled, all }: (with all; - enabled + # disable default openssl extension + (lib.filter (e: e.pname != "php-openssl") enabled) + # use OpenSSL 1.1 for RC4 Nextcloud encryption if user + # has acknowledged the brokeness of the ciphers (RC4). + # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed. + ++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ]) ++ optional cfg.enableImagemagick imagick # Optionally enabled depending on caching settings ++ optional cfg.caching.apcu apcu @@ -80,6 +85,40 @@ in { options.services.nextcloud = { enable = mkEnableOption (lib.mdDoc "nextcloud"); + + enableBrokenCiphersForSSE = mkOption { + type = types.bool; + default = versionOlder stateVersion "22.11"; + defaultText = literalExpression "versionOlder system.stateVersion \"22.11\""; + description = lib.mdDoc '' + This option enables using the OpenSSL PHP extension linked against OpenSSL 1.1 + rather than latest OpenSSL (≥ 3), this is not recommended unless you need + it for server-side encryption (SSE). SSE uses the legacy RC4 cipher which is + considered broken for several years now. See also [RFC7465](https://datatracker.ietf.org/doc/html/rfc7465). + + This cipher has been disabled in OpenSSL ≥ 3 and requires + a specific legacy profile to re-enable it. + + If you deploy Nextcloud using OpenSSL ≥ 3 for PHP and have + server-side encryption configured, you will not be able to access + your files anymore. Enabling this option can restore access to your files. + Upon testing we didn't encounter any data corruption when turning + this on and off again, but this cannot be guaranteed for + each Nextcloud installation. + + It is `true` by default for systems with a [](#opt-system.stateVersion) below + `22.11` to make sure that existing installations won't break on update. On newer + NixOS systems you have to explicitly enable it on your own. + + Please note that this only provides additional value when using + external storage such as S3 since it's not an end-to-end encryption. + If this is not the case, + it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) and set this to `false`. + + In the future, Nextcloud may move to AES-256-GCM, by then, + this option will be removed. + ''; + }; hostName = mkOption { type = types.str; description = lib.mdDoc "FQDN for the nextcloud instance."; @@ -649,6 +688,23 @@ in { ++ (optional (versionOlder cfg.package.version "23") (upgradeWarning 22 "22.05")) ++ (optional (versionOlder cfg.package.version "24") (upgradeWarning 23 "22.05")) ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11")) + ++ (optional cfg.enableBrokenCiphersForSSE '' + You're using PHP's openssl extension built against OpenSSL 1.1 for Nextcloud. + This is only necessary if you're using Nextcloud's server-side encryption. + Please keep in mind that it's using the broken RC4 cipher. + + If you don't use that feature, you can switch to OpenSSL 3 and get + rid of this warning by declaring + + services.nextcloud.enableBrokenCiphersForSSE = false; + + If you need to use server-side encryption you can ignore this waring. + Otherwise you'd have to disable server-side encryption first in order + to be able to safely disable this option and get rid of this warning. + See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this. + + For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470 + '') ++ (optional isUnsupportedMariadb '' You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)! Please note that this isn't supported officially by Nextcloud. You can either diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index a0b69dbd606ce..ca57692fc16a8 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -170,6 +170,20 @@ </listitem> </itemizedlist> </listitem> + <listitem> + <formalpara> + <title>Server-side encryption</title> + <para> + Nextcloud supports <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side encryption (SSE)</link>. + This is not an end-to-end encryption, but can be used to encrypt files that will be persisted + to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3 + for PHP's openssl extension because this is implemented using the legacy cipher RC4. + If <xref linkend="opt-system.stateVersion" /> is <emphasis>above</emphasis> <literal>22.05</literal>, + this is disabled by default. To turn it on again and for further information please refer to + <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />. + </para> + </formalpara> + </listitem> </itemizedlist> </section> diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 96330bd40f60e..d3dc8b9ca08a4 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -495,6 +495,7 @@ in { php = handleTest ./php {}; php80 = handleTest ./php { php = pkgs.php80; }; php81 = handleTest ./php { php = pkgs.php81; }; + php82 = handleTest ./php { php = pkgs.php82; }; phylactery = handleTest ./web-apps/phylactery.nix {}; pict-rs = handleTest ./pict-rs.nix {}; pinnwand = handleTest ./pinnwand.nix {}; diff --git a/nixos/tests/common/acme/server/acme.test.cert.pem b/nixos/tests/common/acme/server/acme.test.cert.pem index 76b0d916a8175..562e7a329b681 100644 --- a/nixos/tests/common/acme/server/acme.test.cert.pem +++ b/nixos/tests/common/acme/server/acme.test.cert.pem @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDLDCCAhSgAwIBAgIIRDAN3FHH//IwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMB4XDTIwMTAyMTEzMjgzNloXDTIyMTEy -MDEzMjgzNlowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9 -Z4Xu5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeH -pImHO/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCN -Xf/LjIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/l -EnHrkcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOY -H+RfQfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABo3YwdDAOBgNVHQ8B +MIIDLDCCAhSgAwIBAgIIHvJkPAdMFGAwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNDYwMjMxMB4XDTIyMTEyMDE1MzcwNFoXDTI0MTIy +MDE1MzcwNFowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAs/Xad8Jn0YMI8nTjbVakGsFplxSKkgWs9Jv8tETC1FBV +KNo3yF6IElBhzKw3eF6piZqDwNFXobuMCZ3Ckaj+EOdSA0DhjwUSBmEok/0siIu4 +WbAS2iKwZGuJlJRYOmfXRPt2nNSPhuNHtZJoTWufN5K1XS+4v1dsVUWdWvkUuaC5 +/uoujcYd4D6XDhJCubDCE+WSYk0KBLtMQ8irbNu4FGoCn5T7kDq46XwVjulWxc5q +dZ/Z/zgKQkoLaHgWKLjvuu7/CZw6RXyBlwVJh36pljixRnpnLfMMykO9Sq7Z3cR2 +aVcMRjjeH0uScfFHIb3hvqyZLd+NHw3SqE8la/Nq1wIDAQABo3YwdDAOBgNVHQ8B Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB -/wQCMAAwHwYDVR0jBBgwFoAU+8IZlLV/Qp5CXqpXMLvtxWlxcJwwFAYDVR0RBA0w -C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQB0pe8I5/VDkB5VMgQB2GJV -GKzyigfWbVez9uLmqMj9PPP/zzYKSYeq+91aMuOZrnH7NqBxSTwanULkmqAmhbJJ -YkXw+FlFekf9FyxcuArzwzzNZDSGcjcdXpN8S2K1qkBd00iSJF9kU7pdZYCIKR20 -QirdBrELEfsJ3GU62a6N3a2YsrisZUvq5TbjGJDcytAtt+WG3gmV7RInLdFfPwbw -bEHPCnx0uiV0nxLjd/aVT+RceVrFQVt4hR99jLoMlBitSKluZ1ljsrpIyroBhQT0 -pp/pVi6HJdijG0fsPrC325NEGAwcpotLUhczoeM/rffKJd54wLhDkfYxOyRZXivs +/wQCMAAwHwYDVR0jBBgwFoAUW4rxHHeasqLl7KMK+F3uVN0JGwYwFAYDVR0RBA0w +C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBDT8HY62N6YbG7Fp3gPD2L +Y0ZFHAAYM5l+Qn55aYkaTxpaRFPAeh0POmTIgSXfFSQYR00w3x2ni0K1ecBI814y +Mkgoki+jP6JhgV1fPTa5Wqm2x/Ufcr6LbTIDVqO5zFxTdkqZHfC7sMahDNULVrN2 +RVkTLppDfmQ+oFcwNvZSgK9SDJNMlsNllOyGGUuMSd1KjWU4/Wr0AmaS+V3Cjf14 +MsvgVhN66ECom1yyy3q9HZgAoZy6lnHOWHD4BVXOmbS2Y1lSVv/atmiGH7F9nvNN +Ggh/+RmkXGczV80wT2TnivEamJGHA4kwThL40SRKfaTTX7miImI25E6+390hBXyw -----END CERTIFICATE----- diff --git a/nixos/tests/common/acme/server/acme.test.key.pem b/nixos/tests/common/acme/server/acme.test.key.pem index 741df99a372e3..fd3e9f7dbcf61 100644 --- a/nixos/tests/common/acme/server/acme.test.key.pem +++ b/nixos/tests/common/acme/server/acme.test.key.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9Z4Xu -5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeHpImH -O/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCNXf/L -jIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/lEnHr -kcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOYH+Rf -QfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABAoIBADox/2FwVFo8ioS4 -R+Ex5OZjMAcjU6sX/516jTmlT05q2+UFerYgqB/YqXqtW/V9/brulN8VhmRRuRbO -grq9TBu5o3hMDK0f18EkZB/MBnLbx594H033y6gEkPBZAyhRYtuNOEH3VwxdZhtW -1Lu1EoiYSUqLcNMBy6+KWJ8GRaXyacMYBlj2lMHmyzkA/t1+2mwTGC3lT6zN0F5Y -E5umXOxsn6Tb6q3KM9O5IvtmMMKpgj4HIHZLZ6j40nNgHwGRaAv4Sha/vx0DeBw3 -6VlNiTTPdShEkhESlM5/ocqTfI92VHJpM5gkqTYOWBi2aKIPfAopXoqoJdWl4pQ/ -NCFIu2ECgYEAzntNKIcQtf0ewe0/POo07SIFirvz6jVtYNMTzeQfL6CoEjYArJeu -Vzc4wEQfA4ZFVerBb1/O6M449gI3zex1PH4AX0h8q8DSjrppK1Jt2TnpVh97k7Gg -Tnat/M/yW3lWYkcMVJJ3AYurXLFTT1dYP0HvBwZN04yInrEcPNXKfmcCgYEAywyJ -51d4AE94PrANathKqSI/gk8sP+L1gzylZCcUEAiGk/1r45iYB4HN2gvWbS+CvSdp -F7ShlDWrTaNh2Bm1dgTjc4pWb4J+CPy/KN2sgLwIuM4+ZWIZmEDcio6khrM/gNqK -aR7xUsvWsqU26O84woY/xR8IHjSNF7cFWE1H2c8CgYEAt6SSi2kVQ8dMg84uYE8t -o3qO00U3OycpkOQqyQQLeKC62veMwfRl6swCfX4Y11mkcTXJtPTRYd2Ia8StPUkB -PDwUuKoPt/JXUvoYb59wc7M+BIsbrdBdc2u6cw+/zfutCNuH6/AYSBeg4WAVaIuW -wSwzG1xP+8cR+5IqOzEqWCECgYATweeVTCyQEyuHJghYMi2poXx+iIesu7/aAkex -pB/Oo5W8xrb90XZRnK7UHbzCqRHWqAQQ23Gxgztk9ZXqui2vCzC6qGZauV7cLwPG -zTMg36sVmHP314DYEM+k59ZYiQ6P0jQPoIQo407D2VGrfsOOIhQIcUmP7tsfyJ5L -hlGMfwKBgGq4VNnnuX8I5kl03NpaKfG+M8jEHmVwtI9RkPTCCX9bMjeG0cDxqPTF -TRkf3r8UWQTZ5QfAfAXYAOlZvmGhHjSembRbXMrMdi3rGsYRSrQL6n5NHnORUaMy -FCWo4gyAnniry7tx9dVNgmHmbjEHuQnf8AC1r3dibRCjvJWUiQ8H +MIIEowIBAAKCAQEAs/Xad8Jn0YMI8nTjbVakGsFplxSKkgWs9Jv8tETC1FBVKNo3 +yF6IElBhzKw3eF6piZqDwNFXobuMCZ3Ckaj+EOdSA0DhjwUSBmEok/0siIu4WbAS +2iKwZGuJlJRYOmfXRPt2nNSPhuNHtZJoTWufN5K1XS+4v1dsVUWdWvkUuaC5/uou +jcYd4D6XDhJCubDCE+WSYk0KBLtMQ8irbNu4FGoCn5T7kDq46XwVjulWxc5qdZ/Z +/zgKQkoLaHgWKLjvuu7/CZw6RXyBlwVJh36pljixRnpnLfMMykO9Sq7Z3cR2aVcM +RjjeH0uScfFHIb3hvqyZLd+NHw3SqE8la/Nq1wIDAQABAoIBAG2s50FXjLgmONyz +Giv3wrm/qF94GF+X7+l/64nd4jNM5imonJiT7C/lJ0V6q6/DWWXQcn2f191slJMD +v6HQMU8R+2yaLR1hxLN4oSdYA70QEgEvCr5Ap+n7k/SmWAL4aDzVWFuKPBLED178 +ZG7SqU1QLxIk1F5gpFhvvc/Ev7nE0KAzTJ3jGyWHZjJ1TKAWHx6oeKOw4OejRcGO ++rDBfQrV59fiCy8CFraGPDGie5Eb7ioXyt4cf4/odtLol7bSIwH4BLwfvKJbRobi +gSjvL5JJLjhjWzeoj+JC4o0sWQegytWpNCHSFETfHQ8rlcagTN8JaTcBg6+wrR2O +OPeoFqkCgYEA7o9jSk7i23SiKo3C+T9KFIL2OS7akwUqIQZehZJ6LXljYEDP1lcz +wjvWuLGVzlST3fmumHIMZLjjBU1cMYAPZrbUrEeayATD4jBxyiXbHqhB3DQ0W4CX +obUhcdsLGsKp0zXls8FeiQs6GOeEwSDU+1nAL9/hLK7w6cJ2zyj8HBUCgYEAwR3H +/ltIjD8tXNF05ayOguzrbivx2vaXusskZgn9QqntoGqqsXLOgsqcUH0dtiTyVOn+ +Nba7w+o5NfaAfE9uR+oeZSo1IJU8oEi/EZqXTcYf5p3oAjXXZ9wXX8kl91EjCzKl +0kDpSpsMhUzdB2i5I9Oh1fLaW4iMwyuY1CgnqjsCgYBHIJFmEmcpL3k6XtIHJoub +2gA3xHR+6UdKWW/NO4MaE9tBU5GkQpO4EcdPggM8ZZNA17Tq1vZDAa0OY6ZdS+VL +pq96Pk8z29fblL4Ym3jdhyU71oTV011iZXL3U2vYKrofsy4tjjX1fldwHXdDbdqS +povaulGU1QQXblemJH4mkQKBgC3IUq6Rk4x0OdvkaFM+6nZNlq8Cyg7AIU6OdG2g +dqNER+qc/yScdCr7v70xPEb/UVgiNTskvDUBJVkOvH08E4gHD/ep3vh/iOTy+iFB +RheRHeT9kJBdlVixC/WQaWjNmoJAGqHS87vVME214Dyubh35QUfIkE3c/IoUnuHF +N0obAoGBANJpPBF36H1nb+TcVerOBXI8oqeIyoq7f4W/wbIirnZq/XfBaaOL5R6v +6+p4LEcQ1Mf33Yfr5M4aR0q7fgNDg/g4LcMg6fI3+UwPC6lJY+K8zzF4fmGDhheC +D+LsZG0Funl9kT0yxPBQhCJmmkJNIHiSNuRLt9Infne2408+YV+T -----END RSA PRIVATE KEY----- diff --git a/nixos/tests/common/acme/server/ca.cert.pem b/nixos/tests/common/acme/server/ca.cert.pem index 5c33e879b675b..8d52a0a8f462c 100644 --- a/nixos/tests/common/acme/server/ca.cert.pem +++ b/nixos/tests/common/acme/server/ca.cert.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSzCCAjOgAwIBAgIIeHRvRrNvbGQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMCAXDTIwMTAyMTEzMjgzNloYDzIxMjAx -MDIxMTMyODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3ODc0NmYwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrNTzVLDJOKtGYGLU98EEcLKps -tXHCLC6G54LKbEcU80fn+ArX8qsPSHyhdXQkcYjq6Vh/EDJ1TctyRSnvAjwyG4Aa -1Zy1QFc/JnjMjvzimCkUc9lQ+wkLwHSM/KGwR1cGjmtQ/EMClZTA0NwulJsXMKVz -bd5asXbq/yJTQ5Ww25HtdNjwRQXTvB7r3IKcY+DsED9CvFvC9oG/ZhtZqZuyyRdC -kFUrrv8WNUDkWSN+lMR6xMx8v0583IN6f11IhX0b+svK98G81B2eswBdkzvVyv9M -unZBO0JuJG8sdM502KhWLmzBC1ZbvgUBF9BumDRpMFH4DCj7+qQ2taWeGyc7AgMB +MIIDSzCCAjOgAwIBAgIIRgIx/Q6DdK0wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNDYwMjMxMCAXDTIyMTEyMDE1MzcwNFoYDzIxMjIx +MTIwMTUzNzA0WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA0NjAyMzEwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYxM/efiS7rNNzdu+AK+J57+om +QYsoteVpmwcU6Ul8Zr6pcsBSLetV2PCWGVKKfXdK1Ep+JdBoiuG8EY/wffYJy+So +WRRWX+bGIFly74urX2iOH/yimF8XMaHj4CzjMD1wM2rFLswL3VK2DM+wrCMO2zE2 +BAiUAJ++ws99Dl74DQ9lGne8hMjFgzakINCNd948/t2+LMVxqCgQ7fI+iHA1X7QF +1AT5c86wd/GxLzfl343DxLSeMRFbGUVSH6NBBnIQdFDq1GjNGPbn8ZlDXw5WWeR5 +ufnxcRRNpp3GnHG3/VOebFAr++5/0ze+QvF6XPXk9RZWvhh0dD14/8W/PMK1AgMB AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7whmUtX9CnkJe -qlcwu+3FaXFwnDAfBgNVHSMEGDAWgBT7whmUtX9CnkJeqlcwu+3FaXFwnDANBgkq -hkiG9w0BAQsFAAOCAQEARMe1wKmF33GjEoLLw0oDDS4EdAv26BzCwtrlljsEtwQN -95oSzUNd6o4Js7WCG2o543OX6cxzM+yju8TES3+vJKDgsbNMU0bWCv//tdrb0/G8 -OkU3Kfi5q4fOauZ1pqGv/pXdfYhZ5ieB/zwis3ykANe5JfB0XqwCb1Vd0C3UCIS2 -NPKngRwNSzphIsbzfvxGDkdM1enuGl5CVyDhrwTMqGaJGDSOv6U5jKFxKRvigqTN -Ls9lPmT5NXYETduWLBR3yUIdH6kZXrcozZ02B9vjOB2Cv4RMDc+9eM30CLIWpf1I -097e7JkhzxFhfC/bMMt3P1FeQc+fwH91wdBmNi7tQw== +BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRbivEcd5qyouXs +owr4Xe5U3QkbBjAfBgNVHSMEGDAWgBRbivEcd5qyouXsowr4Xe5U3QkbBjANBgkq +hkiG9w0BAQsFAAOCAQEAdSudxwrpXf/nxXJ8THob63UEvvof0o7uENbNPjqt7VZZ +lQeKnZOrzjYbTcsbyDpm/zsniT9620ntVcL4/IG2eeuSPA9btHNiFM6R3Nby8Op4 +emqNzrS0DFqV/CAOAue+C44Vb9IS+ibFxEpI3GTH0FVWpEglLuesXKV+boy1aCNq +BYvk6lVplmnTtyfEUAQxyjJhTHu0+ZDwmw1+/NY9Wn2aeile+/G8ao+MBXARELmq +aoGKfFfrMGRT/KDSyODBEdJ1XkLr0TYjNvyctsaYBp9FhVQiuNMOyCku7EB8y+tZ +odYtLw6ecNnrjgQAnxSDg1ChrQ0wNSdPyjvycNgvjQ== -----END CERTIFICATE----- diff --git a/nixos/tests/common/acme/server/ca.key.pem b/nixos/tests/common/acme/server/ca.key.pem index ed46f5dccf467..cde4e8ac7c758 100644 --- a/nixos/tests/common/acme/server/ca.key.pem +++ b/nixos/tests/common/acme/server/ca.key.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqzU81SwyTirRmBi1PfBBHCyqbLVxwiwuhueCymxHFPNH5/gK -1/KrD0h8oXV0JHGI6ulYfxAydU3LckUp7wI8MhuAGtWctUBXPyZ4zI784pgpFHPZ -UPsJC8B0jPyhsEdXBo5rUPxDApWUwNDcLpSbFzClc23eWrF26v8iU0OVsNuR7XTY -8EUF07we69yCnGPg7BA/QrxbwvaBv2YbWambsskXQpBVK67/FjVA5FkjfpTEesTM -fL9OfNyDen9dSIV9G/rLyvfBvNQdnrMAXZM71cr/TLp2QTtCbiRvLHTOdNioVi5s -wQtWW74FARfQbpg0aTBR+Awo+/qkNrWlnhsnOwIDAQABAoIBAA3ykVkgd5ysmlSU -trcsCnHcJaojgff6l3PACoSpG4VWaGY6a8+54julgRm6MtMBONFCX0ZCsImj484U -Wl0xRmwil2YYPuL5MeJgJPktMObY1IfpBCw3tz3w2M3fiuCMf0d2dMGtO1xLiUnH -+hgFXTkfamsj6ThkOrbcQBSebeRxbKM5hqyCaQoieV+0IJnyxUVq/apib8N50VsH -SHd4oqLUuEZgg6N70+l5DpzedJUb4nrwS/KhUHUBgnoPItYBCiGPmrwLk7fUhPs6 -kTDqJDtc/xW/JbjmzhWEpVvtumcC/OEKULss7HLdeQqwVBrRQkznb0M9AnSra3d0 -X11/Y4ECgYEA3FC8SquLPFb2lHK4+YbJ4Ac6QVWeYFEHiZ0Rj+CmONmjcAvOGLPE -SblRLm3Nbrkxbm8FF6/AfXa/rviAKEVPs5xqGfSDw/3n1uInPcmShiBCLwM/jHH5 -NeVG+R5mTg5zyQ/pQMLWRcs+Ail+ZAnZuoGpW3Cdc8OtCUYFQ7XB6nsCgYEAxvBJ -zFxcTtsDzWbMWXejugQiUqJcEbKWwEfkRbf3J2rAVO2+EFr7LxdRfN2VwPiTQcWc -LnN2QN+ouOjqBMTh3qm5oQY+TLLHy86k9g1k0gXWkMRQgP2ZdfWH1HyrwjLUgLe1 -VezFN7N1azgy6xFkInAAvuA4loxElZNvkGBgekECgYA/Xw26ILvNIGqO6qzgQXAh -+5I7JsiGheg4IjDiBMlrQtbrLMoceuD0H9UFGNplhel9DXwWgxxIOncKejpK2x0A -2fX+/0FDh+4+9hA5ipiV8gN3iGSoHkSDxy5yC9d7jlapt+TtFt4Rd1OfxZWwatDw -/8jaH3t6yAcmyrhK8KYVrwKBgAE5KwsBqmOlvyE9N5Z5QN189wUREIXfVkP6bTHs -jq2EX4hmKdwJ4y+H8i1VY31bSfSGlY5HkXuWpH/2lrHO0CDBZG3UDwADvWzIaYVF -0c/kz0v2mRQh+xaZmus4lQnNrDbaalgL666LAPbW0qFVaws3KxoBYPe0BxvwWyhF -H3LBAoGBAKRRNsq2pWQ8Gqxc0rVoH0FlexU9U2ci3lsLmgEB0A/o/kQkSyAxaRM+ -VdKp3sWfO8o8lX5CVQslCNBSjDTNcat3Co4NEBLg6Xv1yKN/WN1GhusnchP9szsP -oU47gC89QhUyWSd6vvr2z2NG9C3cACxe4dhDSHQcE4nHSldzCKv2 +MIIEowIBAAKCAQEAmMTP3n4ku6zTc3bvgCviee/qJkGLKLXlaZsHFOlJfGa+qXLA +Ui3rVdjwlhlSin13StRKfiXQaIrhvBGP8H32CcvkqFkUVl/mxiBZcu+Lq19ojh/8 +ophfFzGh4+As4zA9cDNqxS7MC91StgzPsKwjDtsxNgQIlACfvsLPfQ5e+A0PZRp3 +vITIxYM2pCDQjXfePP7dvizFcagoEO3yPohwNV+0BdQE+XPOsHfxsS835d+Nw8S0 +njERWxlFUh+jQQZyEHRQ6tRozRj25/GZQ18OVlnkebn58XEUTaadxpxxt/1TnmxQ +K/vuf9M3vkLxelz15PUWVr4YdHQ9eP/FvzzCtQIDAQABAoIBAAMvJv4GNxHKWmXv +trI/N+s+uuytNQ9WKz/2QUGIU0XKhnLVt3h/CIazjOA0CupkDxZ6MktK0ns7WdUn +sI5cscImg8+We7wJJ7A9gF/K6mhaBr3foM5qyqCbIjqzs3vQx5cNG06c2RfuNwkg +XzvZeqmWnAH6N4uOL8Y0HUsH/6a/5rHEBTgUOnOidR8T1vdIN5vnpknef/H575ab +jTdDyb15Vns7nC4Q8lortkLsQzOt//LWpVuLZXGDm1Xi47ahNXM8Fo/MFK+xcBDF +onMFuclxImN3FqkyMH6PgJS392bZ1LLcmS4bqZ0oIwfUZ/kIEwAI2cTwEYfYmN7C +ekgvpsECgYEAxoJUcZW4iWvT8kznWKKT+YJAfTYmgwOxB1Dn3RxFA8cXocQQvwvM +mSl1AKOjWHFl/eW9s4zwy/fOnsN1m1tCTuWSNn5sudZSJfbd5CCiYaYTI66McCCm +5FGzqLM44Wm5y2qLa7l3in8Tza/645RpLXZyRfMInoW5In0XKbokLbkCgYEAxQM/ +p63V5KuZYsm9BWNcCvAbS6G9NHjbeRrkAd171SSdibdwLIBeyn7A5JCiVqhZZbsO +1q1okO4m4j+JHzntWi63yXwG49sEVNaFbExPE4tfJeHD0Po8MJffoLNVTE+INT0B +fl1elhMpE9qpizFIHF7L8KnUf5Igi+yp0d6Amt0CgYACAhmGmKQoR736KosAm4xx +rr6mRaD4HFZzI39k/j84fZAgo9IjjKQCPKghXIZvg54rhmJ36YoaFiSx+Ho9Gxw9 +nhbvlDHXY3KrTacLAsWBxWNWLhLfo4TstGLj5wRBS4eEpkxIx7SM4yI5J3mbScoS +mqsnSAEjUWkBD1DnrClniQKBgQCdfC9SNp+Yn6OJWIKE4Bwfkjf/iVbZrxKiCGDj +LM1kYFSeVciRijw72n8PNp7ObtyneZQu/4dq8zSZ/vf5wjB9uoKnyUEou1cHCkS1 +gXpkwTBZ89K4JpAeuAjHSROSYLEc/ZtIDBMkHETl3hFRdx+RriWQR/HZ2FG0CIbn +gNmE8QKBgDlFu+TcspI2R9mKbHrbPTXOAlmi2g7RZ3jF1m4S/aZqSL/bqPRBb0OU +dY7MX4GHhJYR7RnMMROZQI0H4ZwWSMfokBDa96MDY107atK8TqZmYKaZQsEB8B4r +fMmKnQljYj91d/reowLJrQRf5SjBvtDIEIsiC8UgjQImAsZ8huEX -----END RSA PRIVATE KEY----- diff --git a/nixos/tests/nextcloud/basic.nix b/nixos/tests/nextcloud/basic.nix index eb37470a4c7bb..a475049e7b264 100644 --- a/nixos/tests/nextcloud/basic.nix +++ b/nixos/tests/nextcloud/basic.nix @@ -37,6 +37,8 @@ in { "d /var/lib/nextcloud-data 0750 nextcloud nginx - -" ]; + system.stateVersion = "22.11"; # stateVersion >=21.11 to make sure that we use OpenSSL3 + services.nextcloud = { enable = true; datadir = "/var/lib/nextcloud-data"; @@ -99,6 +101,10 @@ in { # This is just to ensure the nextcloud-occ program is working nextcloud.succeed("nextcloud-occ status") nextcloud.succeed("curl -sSf http://nextcloud/login") + # Ensure that no OpenSSL 1.1 is used. + nextcloud.succeed( + "${nodes.nextcloud.services.phpfpm.pools.nextcloud.phpPackage}/bin/php -i | grep 'OpenSSL Library Version' | awk -F'=>' '{ print $2 }' | awk '{ print $2 }' | grep -v 1.1" + ) nextcloud.succeed( "${withRcloneEnv} ${copySharedFile}" ) @@ -108,5 +114,6 @@ in { "${withRcloneEnv} ${diffSharedFile}" ) assert "hi" in client.succeed("cat /mnt/dav/test-shared-file") + nextcloud.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud-data/data/root/files/test-shared-file") ''; })) args diff --git a/nixos/tests/nextcloud/default.nix b/nixos/tests/nextcloud/default.nix index 7dbdff9882387..b8d3ba75b51a9 100644 --- a/nixos/tests/nextcloud/default.nix +++ b/nixos/tests/nextcloud/default.nix @@ -8,6 +8,10 @@ with pkgs.lib; foldl (matrix: ver: matrix // { "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; }; + "openssl-sse${toString ver}" = import ./openssl-sse.nix { + inherit system pkgs; + nextcloudVersion = ver; + }; "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix { inherit system pkgs; nextcloudVersion = ver; diff --git a/nixos/tests/nextcloud/openssl-sse.nix b/nixos/tests/nextcloud/openssl-sse.nix new file mode 100644 index 0000000000000..7595ee2c67e31 --- /dev/null +++ b/nixos/tests/nextcloud/openssl-sse.nix @@ -0,0 +1,105 @@ +args@{ pkgs, nextcloudVersion ? 25, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let + adminuser = "root"; + adminpass = "notproduction"; + nextcloudBase = { + networking.firewall.allowedTCPPorts = [ 80 ]; + system.stateVersion = "22.05"; # stateVersions <22.11 use openssl 1.1 by default + services.nextcloud = { + enable = true; + config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; + }; + }; +in { + name = "nextcloud-openssl"; + meta = with pkgs.lib.maintainers; { + maintainers = [ ma27 ]; + }; + nodes.nextcloudwithopenssl1 = { + imports = [ nextcloudBase ]; + services.nextcloud.hostName = "nextcloudwithopenssl1"; + }; + nodes.nextcloudwithopenssl3 = { + imports = [ nextcloudBase ]; + services.nextcloud = { + hostName = "nextcloudwithopenssl3"; + enableBrokenCiphersForSSE = false; + }; + }; + testScript = { nodes, ... }: let + withRcloneEnv = host: pkgs.writeScript "with-rclone-env" '' + #!${pkgs.runtimeShell} + export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav + export RCLONE_CONFIG_NEXTCLOUD_URL="http://${host}/remote.php/webdav/" + export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" + export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}" + export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})" + "''${@}" + ''; + withRcloneEnv1 = withRcloneEnv "nextcloudwithopenssl1"; + withRcloneEnv3 = withRcloneEnv "nextcloudwithopenssl3"; + copySharedFile1 = pkgs.writeScript "copy-shared-file" '' + #!${pkgs.runtimeShell} + echo 'hi' | ${withRcloneEnv1} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file + ''; + copySharedFile3 = pkgs.writeScript "copy-shared-file" '' + #!${pkgs.runtimeShell} + echo 'bye' | ${withRcloneEnv3} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file2 + ''; + openssl1-node = nodes.nextcloudwithopenssl1.config.system.build.toplevel; + openssl3-node = nodes.nextcloudwithopenssl3.config.system.build.toplevel; + in '' + nextcloudwithopenssl1.start() + nextcloudwithopenssl1.wait_for_unit("multi-user.target") + nextcloudwithopenssl1.succeed("nextcloud-occ status") + nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login") + + with subtest("With OpenSSL 1 SSE can be enabled and used"): + nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption") + nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable") + + with subtest("Upload file and ensure it's encrypted"): + nextcloudwithopenssl1.succeed("${copySharedFile1}") + nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file") + nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") + + with subtest("Switch to OpenSSL 3"): + nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test") + nextcloudwithopenssl1.wait_for_open_port(80) + nextcloudwithopenssl1.succeed("nextcloud-occ status") + + with subtest("Existing encrypted files cannot be read, but new files can be added"): + nextcloudwithopenssl1.fail("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2") + nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable") + nextcloudwithopenssl1.succeed("${copySharedFile3}") + nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2") + nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") + + with subtest("Switch back to OpenSSL 1.1 and ensure that encrypted files are readable again"): + nextcloudwithopenssl1.succeed("${openssl1-node}/bin/switch-to-configuration test") + nextcloudwithopenssl1.wait_for_open_port(80) + nextcloudwithopenssl1.succeed("nextcloud-occ status") + nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable") + nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") + nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") + nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file") + nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2") + + with subtest("Ensure that everything can be decrypted"): + nextcloudwithopenssl1.succeed("echo y | nextcloud-occ encryption:decrypt-all >&2") + nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") + nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") + nextcloudwithopenssl1.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file") + + with subtest("Switch to OpenSSL 3 ensure that all files are usable now"): + nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test") + nextcloudwithopenssl1.wait_for_open_port(80) + nextcloudwithopenssl1.succeed("nextcloud-occ status") + nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") + nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") + + nextcloudwithopenssl1.shutdown() + ''; +})) args diff --git a/pkgs/applications/editors/texstudio/default.nix b/pkgs/applications/editors/texstudio/default.nix index 76762fd927cc5..6a0f498fa5543 100644 --- a/pkgs/applications/editors/texstudio/default.nix +++ b/pkgs/applications/editors/texstudio/default.nix @@ -3,13 +3,13 @@ mkDerivation rec { pname = "texstudio"; - version = "4.3.1"; + version = "4.4.0"; src = fetchFromGitHub { owner = "${pname}-org"; repo = pname; rev = version; - hash = "sha256-CwfnRkG8GsRQuE0+l394gMdj5ao3SUKaDnYP2dfUEew="; + hash = "sha256-BaTfebLilUeDNtCJZmgAx+hN+L+4MtnuL6t3wQRX/Ns="; }; nativeBuildInputs = [ qmake wrapQtAppsHook pkg-config ]; diff --git a/pkgs/applications/misc/gallery-dl/default.nix b/pkgs/applications/misc/gallery-dl/default.nix index 602c5c0e47e95..0b7233e189c03 100644 --- a/pkgs/applications/misc/gallery-dl/default.nix +++ b/pkgs/applications/misc/gallery-dl/default.nix @@ -2,13 +2,13 @@ buildPythonApplication rec { pname = "gallery-dl"; - version = "1.23.5"; + version = "1.24.0"; format = "setuptools"; src = fetchPypi { inherit version; pname = "gallery_dl"; - sha256 = "sha256-NhnuW7rq5Dgrnkw/nUO/pFg/Sh2D/d9gFCIb+gQy5QE="; + sha256 = "sha256-LGZjPkiX252IRgRG1fxVS4IdnKA3RgVjOhZLxYScIJo="; }; propagatedBuildInputs = [ diff --git a/pkgs/applications/misc/tty-share/default.nix b/pkgs/applications/misc/tty-share/default.nix index a1adc152349ba..37cc10c3823ce 100644 --- a/pkgs/applications/misc/tty-share/default.nix +++ b/pkgs/applications/misc/tty-share/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "tty-share"; - version = "2.2.1"; + version = "2.3.0"; src = fetchFromGitHub { owner = "elisescu"; repo = "tty-share"; rev = "v${version}"; - sha256 = "sha256-aAqKfi0ZX0UB07yGY6x0HcMspvq4rcJXKHSONxAwMlc="; + sha256 = "sha256-/oK2m2kxmF9HHYfTK6NlZxKKkDS7Oay+ed7jR/+szs0="; }; # Upstream has a `./vendor` directory with all deps which we rely upon. @@ -19,7 +19,6 @@ buildGoModule rec { meta = with lib; { homepage = "https://tty-share.com"; description = "Share terminal via browser for remote work or shared sessions"; - platforms = platforms.linux; license = licenses.mit; maintainers = with maintainers; [ andys8 ]; }; diff --git a/pkgs/applications/networking/browsers/firefox-bin/default.nix b/pkgs/applications/networking/browsers/firefox-bin/default.nix index 3048f047485e4..0ad125beb53e1 100644 --- a/pkgs/applications/networking/browsers/firefox-bin/default.nix +++ b/pkgs/applications/networking/browsers/firefox-bin/default.nix @@ -36,7 +36,7 @@ , pango , pipewire , pciutils -, libheimdal +, heimdal , libpulseaudio , systemd , channel @@ -134,7 +134,7 @@ stdenv.mkDerivation { pango pipewire pciutils - libheimdal + heimdal libpulseaudio systemd ffmpeg diff --git a/pkgs/applications/networking/instant-messengers/threema-desktop/default.nix b/pkgs/applications/networking/instant-messengers/threema-desktop/default.nix index 852abe8e6dc45..6a21fe8a9ef01 100644 --- a/pkgs/applications/networking/instant-messengers/threema-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/threema-desktop/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "threema-desktop"; - version = "1.2.13"; + version = "1.2.21"; src = fetchurl { # As Threema only offers a Latest Release url, the plan is to upload each # new release url to web.archive.org until their Github releases page gets populated. - url = "https://web.archive.org/web/20220621152620id_/https://releases.threema.ch/web-electron/v1/release/Threema-Latest.deb"; - sha256 = "sha256-X16GMxUIKUloj0FxhzWQKUBf4zwfSBVg0cwLgGxHPHE="; + url = "https://web.archive.org/web/20220915175906if_/https://releases.threema.ch/web-electron/v1/release/Threema-Latest.deb"; + sha256 = "0icxn5whsvwmdmfbkfk4xnl3dn4iif5s5yw5hsimmyx066fq0qhb"; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix b/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix index ff93dd61351d1..9bd99c86e773b 100644 --- a/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix +++ b/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix @@ -42,7 +42,7 @@ , pango , pipewire , pciutils -, libheimdal +, heimdal , libpulseaudio , systemd , writeScript @@ -137,7 +137,7 @@ stdenv.mkDerivation { pango pipewire pciutils - libheimdal + heimdal libpulseaudio systemd ffmpeg diff --git a/pkgs/applications/networking/remote/freerdp/default.nix b/pkgs/applications/networking/remote/freerdp/default.nix index ea09e1a942f13..d072a03c0b478 100644 --- a/pkgs/applications/networking/remote/freerdp/default.nix +++ b/pkgs/applications/networking/remote/freerdp/default.nix @@ -62,13 +62,13 @@ let in stdenv.mkDerivation rec { pname = "freerdp"; - version = "2.8.1"; + version = "2.9.0"; src = fetchFromGitHub { owner = "FreeRDP"; repo = "FreeRDP"; rev = version; - sha256 = "sha256-0heCwXFms6Ni/F1TaS5QEK+ePlR9DXUrzVj3vA5DvCk="; + sha256 = "sha256-I9xJWHoY8fZ5T9zca77gFciC+7JdD6fMwV16giiY4FU="; }; postPatch = '' diff --git a/pkgs/applications/radio/rtl_433/default.nix b/pkgs/applications/radio/rtl_433/default.nix index 1dac6525ee630..44ecec312b3f6 100644 --- a/pkgs/applications/radio/rtl_433/default.nix +++ b/pkgs/applications/radio/rtl_433/default.nix @@ -1,28 +1,18 @@ -{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, fetchpatch +{ lib, stdenv, fetchFromGitHub, cmake, pkg-config , libusb1, rtl-sdr, soapysdr-with-plugins }: stdenv.mkDerivation rec { - version = "21.12"; + version = "22.11"; pname = "rtl_433"; src = fetchFromGitHub { owner = "merbanan"; repo = "rtl_433"; rev = version; - sha256 = "sha256-KoDKyI7KDdGSe79ZTuL9ObKnOJsqTN4wrMq+/cvQ/Xk="; + sha256 = "sha256-qDY+prdf8O/dqmAgLU6lpsNIvL1R5V2AwsB+4CpOqGM="; }; - patches = [( fetchpatch { - name = "CVE-2022-27419"; - url = "https://github.com/merbanan/rtl_433/commit/37455483889bd1c641bdaafc493d1cc236b74904.patch"; - sha256 = "172jndh8x5nlcbx2jp5y8fgfxsawwfz95037pcjp170gf93ijy88"; - }) ( fetchpatch { - name = "CVE-2022-25051"; - url = "https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8.patch"; - sha256 = "sha256-IfxwdnuA7WbaVdxMTln069mA5hKNuPz+XYQaNA4YY24="; - })]; - nativeBuildInputs = [ pkg-config cmake ]; buildInputs = [ libusb1 rtl-sdr soapysdr-with-plugins ]; @@ -36,5 +26,4 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ earldouglas markuskowa ]; platforms = platforms.all; }; - } diff --git a/pkgs/build-support/kernel/make-initrd-ng.nix b/pkgs/build-support/kernel/make-initrd-ng.nix index e762464fc4893..dc0e9b87db2ab 100644 --- a/pkgs/build-support/kernel/make-initrd-ng.nix +++ b/pkgs/build-support/kernel/make-initrd-ng.nix @@ -76,7 +76,7 @@ in nativeBuildInputs = [makeInitrdNGTool cpio] ++ lib.optional makeUInitrd ubootTools ++ lib.optional strip binutils; - STRIP = if strip then "${(binutils.nativeDrv or binutils).targetPrefix}strip" else null; + STRIP = if strip then "${pkgsBuildHost.binutils.targetPrefix}strip" else null; }) '' mkdir ./root make-initrd-ng "$contentsPath" ./root diff --git a/pkgs/build-support/node/build-npm-package/hooks/default.nix b/pkgs/build-support/node/build-npm-package/hooks/default.nix index d2293ed42f793..4ac981af916cf 100644 --- a/pkgs/build-support/node/build-npm-package/hooks/default.nix +++ b/pkgs/build-support/node/build-npm-package/hooks/default.nix @@ -1,4 +1,4 @@ -{ lib, makeSetupHook, nodejs, srcOnly, diffutils, jq, makeWrapper }: +{ lib, makeSetupHook, nodejs, srcOnly, buildPackages, makeWrapper }: { npmConfigHook = makeSetupHook @@ -9,9 +9,8 @@ # Specify the stdenv's `diff` and `jq` by abspath to ensure that the user's build # inputs do not cause us to find the wrong binaries. - # The `.nativeDrv` stanza works like nativeBuildInputs and ensures cross-compiling has the right version available. - diff = "${diffutils.nativeDrv or diffutils}/bin/diff"; - jq = "${jq.nativeDrv or jq}/bin/jq"; + diff = "${buildPackages.diffutils}/bin/diff"; + jq = "${buildPackages.jq}/bin/jq"; nodeVersion = nodejs.version; nodeVersionMajor = lib.versions.major nodejs.version; @@ -29,7 +28,7 @@ deps = [ makeWrapper ]; substitutions = { hostNode = "${nodejs}/bin/node"; - jq = "${jq.nativeDrv or jq}/bin/jq"; + jq = "${buildPackages.jq}/bin/jq"; }; } ./npm-install-hook.sh; } diff --git a/pkgs/build-support/rust/hooks/default.nix b/pkgs/build-support/rust/hooks/default.nix index 9d3fc9b126ef6..6ee122adb52a1 100644 --- a/pkgs/build-support/rust/hooks/default.nix +++ b/pkgs/build-support/rust/hooks/default.nix @@ -2,7 +2,6 @@ , callPackage , cargo , clang -, diffutils , lib , makeSetupHook , maturin @@ -65,8 +64,7 @@ in { # Specify the stdenv's `diff` by abspath to ensure that the user's build # inputs do not cause us to find the wrong `diff`. - # The `.nativeDrv` stanza works like nativeBuildInputs and ensures cross-compiling has the right version available. - diff = "${diffutils.nativeDrv or diffutils}/bin/diff"; + diff = "${lib.getBin buildPackages.diffutils}/bin/diff"; # We want to specify the correct crt-static flag for both # the build and host platforms. This is important when the wanted diff --git a/pkgs/development/interpreters/php/8.2.nix b/pkgs/development/interpreters/php/8.2.nix new file mode 100644 index 0000000000000..72816da1d4b11 --- /dev/null +++ b/pkgs/development/interpreters/php/8.2.nix @@ -0,0 +1,61 @@ +{ callPackage, lib, stdenv, fetchurl, ... }@_args: + +let + hash = "sha256-sbT8sIwle3OugXxqLZO3jKXlrOQsX1iH7WRH8G+nv8Y="; + + base = callPackage ./generic.nix (_args // { + version = "8.2.0"; + phpAttrsOverrides = attrs: attrs // { + src = fetchurl { + url = "https://downloads.php.net/~sergey/php-8.2.0RC6.tar.xz"; + inherit hash; + }; + }; + inherit hash; + }); + +in +base.withExtensions ({ all, ... }: with all; ([ + bcmath + calendar + curl + ctype + dom + exif + fileinfo + filter + ftp + gd + gettext + gmp + iconv + imap + intl + ldap + mbstring + mysqli + mysqlnd + opcache + openssl + pcntl + pdo + pdo_mysql + pdo_odbc + pdo_pgsql + pdo_sqlite + pgsql + posix + readline + session + simplexml + sockets + soap + sodium + sysvsem + sqlite3 + tokenizer + xmlreader + xmlwriter + zip + zlib +])) diff --git a/pkgs/development/interpreters/php/generic.nix b/pkgs/development/interpreters/php/generic.nix index e252e011105e1..96ba56e00b92b 100644 --- a/pkgs/development/interpreters/php/generic.nix +++ b/pkgs/development/interpreters/php/generic.nix @@ -91,7 +91,7 @@ let [ ] allExtensionFunctions; - getExtName = ext: lib.removePrefix "php-" (builtins.parseDrvName ext.name).name; + getExtName = ext: ext.extensionName; # Recursively get a list of all internal dependencies # for a list of extensions. diff --git a/pkgs/development/libraries/gsl/gsl-1_16.nix b/pkgs/development/libraries/gsl/gsl-1_16.nix deleted file mode 100644 index 2cda6c7955c23..0000000000000 --- a/pkgs/development/libraries/gsl/gsl-1_16.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ fetchurl, fetchpatch, lib, stdenv }: - -stdenv.mkDerivation rec { - pname = "gsl"; - version = "1.16"; - - src = fetchurl { - url = "mirror://gnu/gsl/gsl-${version}.tar.gz"; - sha256 = "0lrgipi0z6559jqh82yx8n4xgnxkhzj46v96dl77hahdp58jzg3k"; - }; - - # do not let -march=skylake to enable FMA (https://lists.gnu.org/archive/html/bug-gsl/2011-11/msg00019.html) - NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isx86_64 "-mno-fma"; - - patches = [ - (fetchpatch { - name = "bug-39055.patch"; - url = "https://git.savannah.gnu.org/cgit/gsl.git/patch/?id=9cc12d"; - sha256 = "1bmrmihi28cly9g9pq54kkix2jy59y7cd7h5fw4v1c7h5rc2qvs8"; - }) - - (fetchpatch { - name = "fix-parallel-test.patch"; - url = "https://git.savannah.gnu.org/cgit/gsl.git/patch/?id=12654373c3b60541230921aae81f93b484ec5eaf"; - sha256 = "1flzpbsfj7gjywv6v9qvm8wpdrkbpj7shryinfdpb40y7si9njdw"; - }) - ]; - - enableParallelBuilding = true; - doCheck = true; - - meta = { - description = "The GNU Scientific Library, a large numerical library"; - homepage = "https://www.gnu.org/software/gsl/"; - license = lib.licenses.gpl3Plus; - - longDescription = '' - The GNU Scientific Library (GSL) is a numerical library for C - and C++ programmers. It is free software under the GNU General - Public License. - - The library provides a wide range of mathematical routines such - as random number generators, special functions and least-squares - fitting. There are over 1000 functions in total with an - extensive test suite. - ''; - platforms = lib.platforms.unix; - # Failing "eigen" tests on aarch64. - badPlatforms = [ "aarch64-linux" ]; - }; -} diff --git a/pkgs/development/libraries/libheif/default.nix b/pkgs/development/libraries/libheif/default.nix index 51bd86edb719e..45c04b857f76f 100644 --- a/pkgs/development/libraries/libheif/default.nix +++ b/pkgs/development/libraries/libheif/default.nix @@ -1,9 +1,27 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, dav1d, rav1e, libde265, x265, libpng, - libjpeg, libaom }: +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, dav1d +, rav1e +, libde265 +, x265 +, libpng +, libjpeg +, libaom + +# for passthru.tests +, gimp +, imagemagick +, imlib2Full +, imv +, vips +}: stdenv.mkDerivation rec { pname = "libheif"; - version = "1.13.0"; + version = "1.14.0"; outputs = [ "bin" "out" "dev" "man" ]; @@ -11,7 +29,7 @@ stdenv.mkDerivation rec { owner = "strukturag"; repo = "libheif"; rev = "v${version}"; - sha256 = "sha256-/w/I6dgyiAscUqVpPjw2z6LbZJ6IBTeE5lawLg0awTM="; + sha256 = "sha256-MvCiVAHM9C/rxeh6f9Bd13GECc2ladEP7Av7y3eWDcY="; }; nativeBuildInputs = [ autoreconfHook pkg-config ]; @@ -19,6 +37,10 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + passthru.tests = { + inherit gimp imagemagick imlib2Full imv vips; + }; + meta = { homepage = "http://www.libheif.org/"; description = "ISO/IEC 23008-12:2017 HEIF image file format decoder and encoder"; diff --git a/pkgs/development/libraries/qt-6/default.nix b/pkgs/development/libraries/qt-6/default.nix index 5d17df8028d2e..4c36e29f02f2c 100644 --- a/pkgs/development/libraries/qt-6/default.nix +++ b/pkgs/development/libraries/qt-6/default.nix @@ -107,6 +107,8 @@ let } ./hooks/qmake-hook.sh; }; + # TODO(@Artturin): convert to makeScopeWithSplicing + # simple example of how to do that in 5568a4d25ca406809530420996d57e0876ca1a01 self = lib.makeScope newScope addPackages; in self diff --git a/pkgs/development/libraries/qt-6/qtModule.nix b/pkgs/development/libraries/qt-6/qtModule.nix index 3ef0ea191a760..5f6d429edf58b 100644 --- a/pkgs/development/libraries/qt-6/qtModule.nix +++ b/pkgs/development/libraries/qt-6/qtModule.nix @@ -61,7 +61,7 @@ stdenv.mkDerivation (args // { if [[ -z "$dontSyncQt" && -f sync.profile ]]; then # FIXME: this probably breaks crosscompiling as it's not from nativeBuildInputs # I don't know how to get /libexec from nativeBuildInputs to work, it's not under /bin - ${self.qtbase.dev.nativeDrv or self.qtbase.dev}/libexec/syncqt.pl -version "''${version%%-*}" + ${lib.getDev self.qtbase}/libexec/syncqt.pl -version "''${version%%-*}" fi ''; diff --git a/pkgs/development/php-packages/datadog_trace/default.nix b/pkgs/development/php-packages/datadog_trace/default.nix index 9b91d85fefe5f..f77433a8a9ec3 100644 --- a/pkgs/development/php-packages/datadog_trace/default.nix +++ b/pkgs/development/php-packages/datadog_trace/default.nix @@ -1,4 +1,4 @@ -{ buildPecl, curl, fetchFromGitHub, lib, pcre2 }: +{ buildPecl, curl, fetchFromGitHub, lib, pcre2, php }: buildPecl rec { pname = "ddtrace"; @@ -14,6 +14,7 @@ buildPecl rec { buildInputs = [ curl pcre2 ]; meta = with lib; { + broken = lib.versionOlder php.version "8.1"; # Broken on PHP older than 8.1. description = "Datadog Tracing PHP Client"; homepage = "https://github.com/DataDog/dd-trace-php"; license = licenses.apsl20; diff --git a/pkgs/development/php-packages/gnupg/default.nix b/pkgs/development/php-packages/gnupg/default.nix index 1d0b65d2c5625..22ce2be4473b5 100644 --- a/pkgs/development/php-packages/gnupg/default.nix +++ b/pkgs/development/php-packages/gnupg/default.nix @@ -1,4 +1,4 @@ -{ buildPecl, lib, gpgme, file, gnupg }: +{ buildPecl, lib, gpgme, file, gnupg, php }: buildPecl { pname = "gnupg"; @@ -29,6 +29,7 @@ buildPecl { doCheck = true; meta = with lib; { + broken = lib.versionOlder php.version "8.1"; # Broken on PHP older than 8.1. description = "PHP wrapper for GpgME library that provides access to GnuPG"; license = licenses.bsd3; homepage = "https://pecl.php.net/package/gnupg"; diff --git a/pkgs/development/php-packages/oci8/default.nix b/pkgs/development/php-packages/oci8/default.nix index 2657a67d38ba7..477eea5898e59 100644 --- a/pkgs/development/php-packages/oci8/default.nix +++ b/pkgs/development/php-packages/oci8/default.nix @@ -1,12 +1,18 @@ -{ buildPecl, lib, oracle-instantclient }: +{ buildPecl, lib, oracle-instantclient, php }: + let - version = "3.0.1"; - sha256 = "108ds92620dih5768z19hi0jxfa7wfg5hdvyyvpapir87c0ap914"; + versionData = if (lib.versionOlder php.version "8.1") then { + version = "3.0.1"; + sha256 = "108ds92620dih5768z19hi0jxfa7wfg5hdvyyvpapir87c0ap914"; + } else { + version = "3.2.1"; + sha256 = "zyF703DzRZDBhlNFFt/dknmZ7layqhgjG1/ZDN+PEsg="; + }; in buildPecl { pname = "oci8"; - inherit version sha256; + inherit (versionData) version sha256; buildInputs = [ oracle-instantclient ]; configureFlags = [ "--with-oci8=shared,instantclient,${oracle-instantclient.lib}/lib" ]; diff --git a/pkgs/development/php-packages/xdebug/default.nix b/pkgs/development/php-packages/xdebug/default.nix index 80b0ec73109c3..388360462dcf6 100644 --- a/pkgs/development/php-packages/xdebug/default.nix +++ b/pkgs/development/php-packages/xdebug/default.nix @@ -1,10 +1,18 @@ -{ buildPecl, lib }: +{ buildPecl, lib, php }: +let + versionData = if (lib.versionOlder php.version "8.1") then { + version = "3.1.6"; + sha256 = "1lnmrb5kgq8lbhjs48j3wwhqgk44pnqb1yjq4b5r6ysv9l5wlkjm"; + } else { + version = "3.2.0RC2"; + sha256 = "dQgXDP3Ifg+D0niWxaJ4ec71Vfr8KH40jv6QbxSyY+4="; + }; +in buildPecl { pname = "xdebug"; - version = "3.1.6"; - sha256 = "1lnmrb5kgq8lbhjs48j3wwhqgk44pnqb1yjq4b5r6ysv9l5wlkjm"; + inherit (versionData) version sha256; doCheck = true; checkTarget = "test"; diff --git a/pkgs/development/python-modules/numba/cuda_path.patch b/pkgs/development/python-modules/numba/cuda_path.patch index 275eeb1ccab60..1ad472ec424f7 100644 --- a/pkgs/development/python-modules/numba/cuda_path.patch +++ b/pkgs/development/python-modules/numba/cuda_path.patch @@ -1,5 +1,5 @@ diff --git a/numba/cuda/cuda_paths.py b/numba/cuda/cuda_paths.py -index b9988bc..a642680 100644 +index 0da435d33..7b1fde087 100644 --- a/numba/cuda/cuda_paths.py +++ b/numba/cuda/cuda_paths.py @@ -24,10 +24,7 @@ def _find_valid_path(options): @@ -14,15 +14,12 @@ index b9988bc..a642680 100644 ] by, libdir = _find_valid_path(options) return by, libdir -@@ -35,18 +32,16 @@ def _get_libdevice_path_decision(): +@@ -35,16 +32,14 @@ def _get_libdevice_path_decision(): def _nvvm_lib_dir(): if IS_WIN32: - return 'nvvm', 'bin' + return 'bin', - elif IS_OSX: -- return 'nvvm', 'lib' -+ return 'lib', else: - return 'nvvm', 'lib64' + return 'lib64', @@ -33,13 +30,13 @@ index b9988bc..a642680 100644 - ('Conda environment', get_conda_ctk()), - ('CUDA_HOME', get_cuda_home(*_nvvm_lib_dir())), - ('System', get_system_ctk(*_nvvm_lib_dir())), -+ ('Nix store', get_nix_ctk(*_nvvm_lib_dir())), ++ ('Nix store', get_nix_ctk(*_nvvm_lib_dir())), ] by, path = _find_valid_path(options) return by, path -@@ -74,14 +69,12 @@ def _cudalib_path(): - elif IS_OSX: - return 'lib' +@@ -64,14 +59,12 @@ def _cudalib_path(): + if IS_WIN32: + return 'bin' else: - return 'lib64' + return 'lib' @@ -54,7 +51,7 @@ index b9988bc..a642680 100644 ] by, libdir = _find_valid_path(options) return by, libdir -@@ -92,6 +85,22 @@ def _get_cudalib_dir(): +@@ -82,6 +75,22 @@ def _get_cudalib_dir(): return _env_path_tuple(by, libdir) diff --git a/pkgs/development/python-modules/numba/default.nix b/pkgs/development/python-modules/numba/default.nix index 965130658c444..35145189207a3 100644 --- a/pkgs/development/python-modules/numba/default.nix +++ b/pkgs/development/python-modules/numba/default.nix @@ -11,6 +11,8 @@ , libcxx , importlib-metadata , substituteAll +, runCommand +, fetchpatch # CUDA-only dependencies: , addOpenGLRunpath ? null @@ -23,14 +25,14 @@ let inherit (cudaPackages) cudatoolkit; in buildPythonPackage rec { - version = "0.56.2"; + version = "0.56.4"; pname = "numba"; format = "setuptools"; disabled = pythonOlder "3.6" || pythonAtLeast "3.11"; src = fetchPypi { inherit pname version; - hash = "sha256-NJLwpdCeJX/FIfU3emxrkH7sGSDRRznwskWLnSmUalo="; + hash = "sha256-Mtn+9BLIFIPX7+DOts9NMxD96LYkqc7MoA95BXOslu4="; }; postPatch = '' @@ -55,7 +57,15 @@ in buildPythonPackage rec { cudatoolkit.lib ]; - patches = lib.optionals cudaSupport [ + patches = [ + # fix failure in test_cache_invalidate (numba.tests.test_caching.TestCache) + # remove when upgrading past version 0.56 + (fetchpatch { + name = "fix-test-cache-invalidate-readonly.patch"; + url = "https://github.com/numba/numba/commit/993e8c424055a7677b2755b184fc9e07549713b9.patch"; + hash = "sha256-IhIqRLmP8gazx+KWIyCxZrNLMT4jZT8CWD3KcH4KjOo="; + }) + ] ++ lib.optionals cudaSupport [ (substituteAll { src = ./cuda_path.patch; cuda_toolkit_path = cudatoolkit; @@ -70,18 +80,40 @@ in buildPythonPackage rec { done ''; - # Copy test script into $out and run the test suite. + # run a smoke test in a temporary directory so that + # a) Python picks up the installed library in $out instead of the build files + # b) we have somewhere to put $HOME so some caching tests work + # c) it doesn't take 6 CPU hours for the full suite checkPhase = '' - ${python.interpreter} -m numba.runtests - ''; + runHook preCheck - # ImportError: cannot import name '_typeconv' - doCheck = false; + pushd $(mktemp -d) + HOME=. ${python.interpreter} -m numba.runtests -m $NIX_BUILD_CORES numba.tests.test_usecases + popd + + runHook postCheck + ''; pythonImportsCheck = [ "numba" ]; + passthru.tests = { + # CONTRIBUTOR NOTE: numba also contains CUDA tests, though these cannot be run in + # this sandbox environment. Consider running similar commands to those below outside the + # sandbox manually if you have the appropriate hardware; support will be detected + # and the corresponding tests enabled automatically. + # Also, the full suite currently does not complete on anything but x86_64-linux. + fullSuite = runCommand "${pname}-test" {} '' + pushd $(mktemp -d) + # pip and python in $PATH is needed for the test suite to pass fully + PATH=${python.withPackages (p: [ p.numba p.pip ])}/bin:$PATH + HOME=$PWD python -m numba.runtests -m $NIX_BUILD_CORES + popd + touch $out # stop Nix from complaining no output was generated and failing the build + ''; + }; + meta = with lib; { description = "Compiling Python code using LLVM"; homepage = "https://numba.pydata.org/"; diff --git a/pkgs/development/tools/build-managers/buck/default.nix b/pkgs/development/tools/build-managers/buck/default.nix index 1602b8083414d..d94dccf7fbc8a 100644 --- a/pkgs/development/tools/build-managers/buck/default.nix +++ b/pkgs/development/tools/build-managers/buck/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "buck"; - version = "2021.05.05.01"; + version = "2022.05.05.01"; src = fetchFromGitHub { owner = "facebook"; repo = pname; rev = "v${version}"; - sha256 = "sha256-mASJCLxW7320MXYUUWYfaxs9AbSdltxlae8OQsPUZJc="; + sha256 = "15v4sk1l43pgd5jxr5lxnh0ks6vb3xk5253n66s7vvsnph48j14q"; }; patches = [ ./pex-mtime.patch ]; diff --git a/pkgs/development/tools/continuous-integration/github-runner/default.nix b/pkgs/development/tools/continuous-integration/github-runner/default.nix index e460ffd2590ad..84c9c92684961 100644 --- a/pkgs/development/tools/continuous-integration/github-runner/default.nix +++ b/pkgs/development/tools/continuous-integration/github-runner/default.nix @@ -1,4 +1,5 @@ { autoPatchelfHook +, autoSignDarwinBinariesHook , coreutils , curl , dotnetCorePackages @@ -6,7 +7,6 @@ , fetchFromGitHub , fetchurl , git -, glibc , icu , libkrb5 , lib @@ -40,6 +40,8 @@ let runtimeIds = { "x86_64-linux" = "linux-x64"; "aarch64-linux" = "linux-arm64"; + "x86_64-darwin" = "osx-x64"; + "aarch64-darwin" = "osx-arm64"; }; runtimeId = runtimeIds.${stdenv.system}; fakeSha1 = "0000000000000000000000000000000000000000"; @@ -61,16 +63,20 @@ stdenv.mkDerivation rec { dotnetSdk dotnetPackages.Nuget makeWrapper + ] ++ lib.optionals stdenv.isLinux [ autoPatchelfHook + ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ + autoSignDarwinBinariesHook ]; buildInputs = [ curl # libcurl.so.4 libkrb5 # libgssapi_krb5.so.2 - lttng-ust # liblttng-ust.so.0 stdenv.cc.cc.lib # libstdc++.so.6 zlib # libz.so.1 icu + ] ++ lib.optionals stdenv.isLinux [ + lttng-ust # liblttng-ust.so.0 ]; patches = [ @@ -104,6 +110,8 @@ stdenv.mkDerivation rec { --replace '/bin/ln' '${coreutils}/bin/ln' ''; + DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = stdenv.isDarwin; + configurePhase = '' runHook preConfigure @@ -137,6 +145,8 @@ stdenv.mkDerivation rec { doCheck = true; + __darwinAllowLocalNetworking = true; + # Fully qualified name of disabled tests disabledTests = [ "GitHub.Runner.Common.Tests.Listener.SelfUpdaterL0.TestSelfUpdateAsync" ] @@ -195,6 +205,13 @@ stdenv.mkDerivation rec { ++ lib.optionals (stdenv.hostPlatform.system == "aarch64-linux") [ # "JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64" "GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNodeRuntimeVersionInAlpineContainerAsync" + ] + ++ lib.optionals DOTNET_SYSTEM_GLOBALIZATION_INVARIANT [ + "GitHub.Runner.Common.Tests.ProcessExtensionL0.SuccessReadProcessEnv" + "GitHub.Runner.Common.Tests.Util.StringUtilL0.FormatUsesInvariantCulture" + "GitHub.Runner.Common.Tests.Worker.VariablesL0.Constructor_SetsOrdinalIgnoreCaseComparer" + "GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchCancellation" + "GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchRunNewJob" ]; checkInputs = [ git ]; @@ -269,7 +286,7 @@ stdenv.mkDerivation rec { # Stripping breaks the binaries dontStrip = true; - preFixup = '' + preFixup = lib.optionalString stdenv.isLinux '' patchelf --replace-needed liblttng-ust.so.0 liblttng-ust.so $out/lib/libcoreclrtraceptprovider.so ''; @@ -277,17 +294,16 @@ stdenv.mkDerivation rec { fix_rpath() { patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/lib/$1 } - wrap() { makeWrapper $out/lib/$1 $out/bin/$1 \ --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath (buildInputs ++ [ openssl ])} \ "''${@:2}" } - + '' + lib.optionalString stdenv.isLinux '' fix_rpath Runner.Listener fix_rpath Runner.PluginHost fix_rpath Runner.Worker - + '' + '' wrap Runner.Listener wrap Runner.PluginHost wrap Runner.Worker @@ -296,7 +312,7 @@ stdenv.mkDerivation rec { wrap config.sh --run 'export RUNNER_ROOT=''${RUNNER_ROOT:-$HOME/.github-runner}' \ --run 'mkdir -p $RUNNER_ROOT' \ - --prefix PATH : ${lib.makeBinPath [ glibc.bin ]} \ + --prefix PATH : ${lib.makeBinPath [ stdenv.cc ]} \ --chdir $out ''; @@ -308,7 +324,7 @@ stdenv.mkDerivation rec { # Inspired by passthru.fetch-deps in pkgs/build-support/build-dotnet-module/default.nix passthru.createDepsFile = writeShellApplication { name = "create-deps-file"; - runtimeInputs = [ dotnetSdk (nuget-to-nix.override { dotnet-sdk = dotnetSdk; }) ]; + runtimeInputs = [ coreutils dotnetSdk (nuget-to-nix.override { dotnet-sdk = dotnetSdk; }) ]; text = '' # Disable telemetry data export DOTNET_CLI_TELEMETRY_OPTOUT=1 diff --git a/pkgs/development/tools/mysql-shell/default.nix b/pkgs/development/tools/mysql-shell/default.nix index b84c884340170..26dd21ef0dd40 100644 --- a/pkgs/development/tools/mysql-shell/default.nix +++ b/pkgs/development/tools/mysql-shell/default.nix @@ -4,6 +4,11 @@ , cmake , fetchurl , git +, cctools +, developer_cmds +, DarwinTools +, makeWrapper +, CoreServices , bison , openssl , protobuf @@ -26,30 +31,24 @@ , python3 , cyrus_sasl , openldap -, numactl -, cctools -, CoreServices -, developer_cmds -, DarwinTools -, makeWrapper +, antlr }: let pythonDeps = with python3.pkgs; [ certifi paramiko pyyaml ]; - pythonPath = lib.makeSearchPath python3.sitePackages pythonDeps; in -stdenv.mkDerivation rec{ +stdenv.mkDerivation rec { pname = "mysql-shell"; - version = "8.0.30"; + version = "8.0.31"; srcs = [ (fetchurl { url = "https://cdn.mysql.com//Downloads/MySQL-Shell/mysql-shell-${version}-src.tar.gz"; - sha256 = "sha256-/UJgcYkPG8RShZzybqdcMQDpNUTVWAfAa2p0Cm23fXA="; + sha256 = "sha256-VA9dqvPmw2WXP3hAJS2xRTvxBM8D/IPsWYIaYwRZI/s="; }) (fetchurl { url = "https://dev.mysql.com/get/Downloads/MySQL-${lib.versions.majorMinor version}/mysql-${version}.tar.gz"; - sha256 = "sha256-yYjVxrqaVmkqbNbpgTRltfyTaO1LRh35cFmi/BYMi4Q="; + sha256 = "sha256-Z7uMunWyjpXH95SFY/AfuEUo/LsaNduoOdTORP4Bm6o="; }) ]; @@ -62,7 +61,9 @@ stdenv.mkDerivation rec{ substituteInPlace cmake/libutils.cmake --replace /usr/bin/libtool libtool ''; - nativeBuildInputs = [ pkg-config cmake git bison makeWrapper ] ++ lib.optionals (!stdenv.isDarwin) [ rpcsvc-proto ]; + nativeBuildInputs = [ pkg-config cmake git bison makeWrapper ] + ++ lib.optionals (!stdenv.isDarwin) [ rpcsvc-proto ] + ++ lib.optionals stdenv.isDarwin [ cctools developer_cmds DarwinTools ]; buildInputs = [ boost @@ -84,13 +85,15 @@ stdenv.mkDerivation rec{ openldap v8 python3 - ] ++ pythonDeps ++ lib.optionals stdenv.isLinux [ - numactl - libtirpc - ] ++ lib.optionals stdenv.isDarwin [ cctools CoreServices developer_cmds DarwinTools ]; + antlr.runtime.cpp + ] ++ pythonDeps + ++ lib.optionals stdenv.isLinux [ libtirpc ] + ++ lib.optionals stdenv.isDarwin [ CoreServices ]; preConfigure = '' # Build MySQL + echo "Building mysqlclient mysqlxclient" + cmake -DWITH_BOOST=system -DWITH_SYSTEM_LIBS=ON -DWITH_ROUTER=OFF -DWITH_UNIT_TESTS=OFF \ -DFORCE_UNSUPPORTED_COMPILER=1 -S ../mysql-${version} -B ../mysql-${version}/build @@ -114,7 +117,7 @@ stdenv.mkDerivation rec{ CXXFLAGS = [ "-DV8_COMPRESS_POINTERS=1" "-DV8_31BIT_SMIS_ON_64BIT_ARCH=1" ]; postFixup = '' - wrapProgram $out/bin/mysqlsh --set PYTHONPATH "${pythonPath}" + wrapProgram $out/bin/mysqlsh --set PYTHONPATH "${lib.makeSearchPath python3.sitePackages pythonDeps}" ''; meta = with lib; { diff --git a/pkgs/development/tools/worker-build/default.nix b/pkgs/development/tools/worker-build/default.nix index dc6f2e9e9df59..b96a9fb605ec5 100644 --- a/pkgs/development/tools/worker-build/default.nix +++ b/pkgs/development/tools/worker-build/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "worker-build"; - version = "0.0.11"; + version = "0.0.12"; src = fetchFromGitHub { owner = "cloudflare"; repo = "workers-rs"; rev = "v${version}"; - sha256 = "sha256-oqnYWrytQ3hCf4T/PNIXTs3tW+W8HvuvIulRhdhzsDU="; + sha256 = "sha256-s5fcs1A31ePr2EvFdNvX55jMRkHZkR+LRkcy59brwXg="; }; - cargoSha256 = "sha256-t35LMyiQl2bsGjNIKqb8sKbrmCLZ0pmoo0qX0buGA+o="; + cargoSha256 = "sha256-2jLv3/mLLnSsSKEGaAd4jaM5FOdTvdJg2W1Nc4mVkqs="; buildInputs = lib.optionals stdenv.isDarwin [ Security ]; diff --git a/pkgs/servers/asterisk/default.nix b/pkgs/servers/asterisk/default.nix index eeefe0dcd14f0..36927f4f6d3a9 100644 --- a/pkgs/servers/asterisk/default.nix +++ b/pkgs/servers/asterisk/default.nix @@ -3,12 +3,30 @@ util-linux, dmidecode, libuuid, newt, lua, speex, libopus, opusfile, libogg, srtp, wget, curl, iksemel, pkg-config, - autoconf, libtool, automake, + autoconf, libtool, automake, fetchpatch, python39, writeScript, withOpus ? true, }: let + # remove when upgrading to pjsip >2.12.1 + pjsip_patches = [ + (fetchpatch { + name = "0150-CVE-2022-31031.patch"; + url = "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202.patch"; + sha256 = "sha256-30kHrmB51UIw4x/J6/CD+vPKf/gBYDCcFoUpwEWkDMY="; + }) + (fetchpatch { + name = "0151-CVE-2022-39244.patch"; + url = "https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae.patch"; + sha256 = "sha256-hTUMh6bYAizn6GF+sRV1vjKVxSf9pnI+eQdPOqsdJI4="; + }) + (fetchpatch { + name = "0152-CVE-2022-39269.patch"; + url = "https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc.patch"; + sha256 = "sha256-bKE/MrRAqN1FqD2ubhxIOOf5MgvZluHHeVXPjbR12iQ="; + }) + ]; common = {version, sha256, externals}: stdenv.mkDerivation { inherit version; pname = "asterisk"; @@ -58,6 +76,9 @@ let cp ${asterisk-opus}/codecs/* ./codecs cp ${asterisk-opus}/formats/* ./formats ''} + ${lib.concatMapStringsSep "\n" (patch: '' + cp ${patch} ./third-party/pjproject/patches/${patch.name} + '') pjsip_patches} ./bootstrap.sh ''; @@ -69,6 +90,7 @@ let ]; preBuild = '' + cat third-party/pjproject/source/pjlib-util/src/pjlib-util/scanner.c make menuselect.makeopts ${lib.optionalString (externals ? "addons/mp3") '' substituteInPlace menuselect.makeopts --replace 'format_mp3 ' "" @@ -93,9 +115,9 @@ let }; }; - pjproject_2_12 = fetchurl { - url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.12/pjproject-2.12.tar.bz2"; - hash = "sha256-T3q4r/4WCAZCNGnULxMnNKH9wEK7gkseV/sV8IPasHQ="; + pjproject_2_12_1 = fetchurl { + url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.12.1/pjproject-2.12.1.tar.bz2"; + hash = "sha256-DiNH1hB5ZheYzyUjFyk1EtlsMJlgjf+QRVKjEk+hNjc="; }; mp3-202 = fetchsvn { @@ -116,7 +138,7 @@ let versions = lib.mapAttrs (_: {version, sha256}: common { inherit version sha256; externals = { - "externals_cache/pjproject-2.12.tar.bz2" = pjproject_2_12; + "externals_cache/pjproject-2.12.1.tar.bz2" = pjproject_2_12_1; "addons/mp3" = mp3-202; }; }) (lib.importJSON ./versions.json); @@ -136,6 +158,7 @@ in { # 16.x LTS 2018-10-09 2022-10-09 2023-10-09 # 18.x LTS 2020-10-20 2024-10-20 2025-10-20 # 19.x Standard 2021-11-02 2022-11-02 2023-11-02 + # 20.x LTS 2022-11-02 2026-10-19 2027-10-19 asterisk-lts = versions.asterisk_18; asterisk-stable = versions.asterisk_19; asterisk = versions.asterisk_19.overrideAttrs (o: { diff --git a/pkgs/servers/asterisk/versions.json b/pkgs/servers/asterisk/versions.json index 77023dac2c28c..7e6943a6822d0 100644 --- a/pkgs/servers/asterisk/versions.json +++ b/pkgs/servers/asterisk/versions.json @@ -1,14 +1,18 @@ { "asterisk_16": { - "sha256": "201c92e591fc1db2c71b264907beef594d62d660168d42b5e83f9dc593b1bce0", - "version": "16.26.1" + "sha256": "406a91290e18d25a6fc23ae6b9c56b1fb2bd70216e336c74cf9c26b908c89c3d", + "version": "16.29.0" }, "asterisk_18": { - "sha256": "acbb58e5c3cd2b9c7c4506fa80b717c3c3c550ce9722ff0177b4f11f98725563", - "version": "18.12.1" + "sha256": "a963dafeba0e7e1051a1ac56964999c111dbcdb25a47010bc1f772bf8edbed75", + "version": "18.15.0" }, "asterisk_19": { - "sha256": "6b0b985163f20fcc8f8878069b8a9ee725eef4cfbdb1c1031fe3840fb32d7abe", - "version": "19.4.1" + "sha256": "832a967c5a040b0768c0e8df1646762f7304019fcf7f2e065a8b4828fa4092b7", + "version": "19.7.0" + }, + "asterisk_20": { + "sha256": "949022c20dc6da65b456e1b1b5b42a7901bb41fc9ce20920891739e7220d72eb", + "version": "20.0.0" } } diff --git a/pkgs/servers/snappymail/default.nix b/pkgs/servers/snappymail/default.nix index 3aae7b2d25c19..e8db05548070f 100644 --- a/pkgs/servers/snappymail/default.nix +++ b/pkgs/servers/snappymail/default.nix @@ -2,11 +2,11 @@ , dataPath ? "/var/lib/snappymail" }: stdenv.mkDerivation rec { pname = "snappymail"; - version = "2.21.0"; + version = "2.21.3"; src = fetchurl { url = "https://github.com/the-djmaze/snappymail/releases/download/v${version}/snappymail-${version}.tar.gz"; - sha256 = "sha256-rJRNSlzGPNRFsvloTatB0o9uumbp18I15L5G6ms47EM="; + sha256 = "sha256-lDtbbovgPuXOgNKkHN2EiDltgzSQCVNvN/Qw4FOUVwo="; }; sourceRoot = "snappymail"; diff --git a/pkgs/servers/sql/postgresql/ext/pg_repack.nix b/pkgs/servers/sql/postgresql/ext/pg_repack.nix index 83c3ac0796a71..d7991ebde4b64 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_repack.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_repack.nix @@ -9,8 +9,8 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "reorg"; repo = "pg_repack"; - rev = "f42c1bd707bd5d69a9eb33494133db2e47a2c05a"; # no release tag - sha256 = "sha256-pZjspnmPTXS/SbyLAd7vcoF01cbC6PnxZjuto4lUuQA="; + rev = "ver_${version}"; + sha256 = "sha256-Et8aMRzG7ez0uy9wG6qsg57/kPPZdUhb+/gFxW86D08="; }; installPhase = '' diff --git a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix index 0650cf8a7b2a3..6ee0f55b2bc13 100644 --- a/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix +++ b/pkgs/servers/sql/postgresql/ext/plpgsql_check.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "plpgsql_check"; - version = "2.2.2"; + version = "2.2.3"; src = fetchFromGitHub { owner = "okbob"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Nxq4wpOWYt4oyoLxERWPhlEwWmLiDEk27EFyDtW/BfI="; + sha256 = "sha256-XluwevRw+cP0Tx8cr4ixTnX1rakj9zq98rclcrxfMKI="; }; buildInputs = [ postgresql ]; diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 78cbad190a6e3..510537aac9f39 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -209,7 +209,7 @@ else let dependencies = map (map lib.chooseDevOutputs) [ [ (map (drv: drv.__spliced.buildBuild or drv) (checkDependencyList "depsBuildBuild" depsBuildBuild)) - (map (drv: drv.nativeDrv or drv) (checkDependencyList "nativeBuildInputs" nativeBuildInputs + (map (drv: drv.__spliced.buildHost or drv) (checkDependencyList "nativeBuildInputs" nativeBuildInputs ++ lib.optional separateDebugInfo' ../../build-support/setup-hooks/separate-debug-info.sh ++ lib.optional stdenv.hostPlatform.isWindows ../../build-support/setup-hooks/win-dll-link.sh ++ lib.optionals doCheck checkInputs @@ -218,7 +218,7 @@ else let ] [ (map (drv: drv.__spliced.hostHost or drv) (checkDependencyList "depsHostHost" depsHostHost)) - (map (drv: drv.crossDrv or drv) (checkDependencyList "buildInputs" buildInputs)) + (map (drv: drv.__spliced.hostTarget or drv) (checkDependencyList "buildInputs" buildInputs)) ] [ (map (drv: drv.__spliced.targetTarget or drv) (checkDependencyList "depsTargetTarget" depsTargetTarget)) @@ -227,12 +227,12 @@ else let propagatedDependencies = map (map lib.chooseDevOutputs) [ [ (map (drv: drv.__spliced.buildBuild or drv) (checkDependencyList "depsBuildBuildPropagated" depsBuildBuildPropagated)) - (map (drv: drv.nativeDrv or drv) (checkDependencyList "propagatedNativeBuildInputs" propagatedNativeBuildInputs)) + (map (drv: drv.__spliced.buildHost or drv) (checkDependencyList "propagatedNativeBuildInputs" propagatedNativeBuildInputs)) (map (drv: drv.__spliced.buildTarget or drv) (checkDependencyList "depsBuildTargetPropagated" depsBuildTargetPropagated)) ] [ (map (drv: drv.__spliced.hostHost or drv) (checkDependencyList "depsHostHostPropagated" depsHostHostPropagated)) - (map (drv: drv.crossDrv or drv) (checkDependencyList "propagatedBuildInputs" propagatedBuildInputs)) + (map (drv: drv.__spliced.hostTarget or drv) (checkDependencyList "propagatedBuildInputs" propagatedBuildInputs)) ] [ (map (drv: drv.__spliced.targetTarget or drv) (checkDependencyList "depsTargetTargetPropagated" depsTargetTargetPropagated)) diff --git a/pkgs/tools/cd-dvd/ventoy-bin/default.nix b/pkgs/tools/cd-dvd/ventoy-bin/default.nix index 6a481e52139df..8f1571d1aee6d 100644 --- a/pkgs/tools/cd-dvd/ventoy-bin/default.nix +++ b/pkgs/tools/cd-dvd/ventoy-bin/default.nix @@ -51,13 +51,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "ventoy-bin"; - version = "1.0.81"; + version = "1.0.82"; src = let inherit (finalAttrs) version; in fetchurl { url = "https://github.com/ventoy/Ventoy/releases/download/v${version}/ventoy-${version}-linux.tar.gz"; - hash = "sha256-15y05g+F+oEFYUUy7SE57GZ1RSHqdZnk2iOPsy1L0GI="; + hash = "sha256-NN36gg2rUZgAxyMoYhMc7IbWgQLrPvuWERDF7JVsFfw="; }; patches = [ diff --git a/pkgs/tools/graphics/feedgnuplot/default.nix b/pkgs/tools/graphics/feedgnuplot/default.nix index a205f03f079c3..827481af497c1 100644 --- a/pkgs/tools/graphics/feedgnuplot/default.nix +++ b/pkgs/tools/graphics/feedgnuplot/default.nix @@ -1,6 +1,14 @@ -{ lib, fetchFromGitHub, makeWrapper -, makeFontsConf, freefont_ttf, gnuplot, perl, perlPackages -, stdenv, shortenPerlShebang +{ lib +, fetchFromGitHub +, makeWrapper +, makeFontsConf +, freefont_ttf +, gnuplot +, perl +, perlPackages +, stdenv +, shortenPerlShebang +, installShellFiles }: let @@ -11,18 +19,18 @@ in perlPackages.buildPerlPackage rec { pname = "feedgnuplot"; - version = "1.58"; + version = "1.61"; src = fetchFromGitHub { owner = "dkogan"; repo = "feedgnuplot"; rev = "v${version}"; - sha256 = "1qix4lwwyhqibz0a6q2rrb497rmk00v1fvmdyinj0dqmgjw155zr"; + sha256 = "sha256-r5rszxr65lSozkUNaqfBn4I4XjLtvQ6T/BG366JXLRM="; }; outputs = [ "out" ]; - nativeBuildInputs = [ makeWrapper ] ++ lib.optional stdenv.isDarwin shortenPerlShebang; + nativeBuildInputs = [ makeWrapper installShellFiles ] ++ lib.optional stdenv.isDarwin shortenPerlShebang; buildInputs = [ gnuplot perl ] ++ (with perlPackages; [ ListMoreUtils IPCRun StringShellQuote ]); @@ -43,10 +51,9 @@ perlPackages.buildPerlPackage rec { wrapProgram $out/bin/feedgnuplot \ --prefix "PATH" ":" "$PATH" \ --prefix "PERL5LIB" ":" "$PERL5LIB" - install -D -m 444 -t $out/share/bash-completion/completions \ - completions/bash/feedgnuplot - install -D -m 444 -t $out/share/zsh/site-functions \ - completions/zsh/_feedgnuplot + + installShellCompletion --bash --name feedgnuplot.bash completions/bash/feedgnuplot + installShellCompletion --zsh completions/zsh/_feedgnuplot ''; meta = with lib; { diff --git a/pkgs/tools/text/rust-petname/default.nix b/pkgs/tools/text/rust-petname/default.nix index f20a9e519de98..fda0ebf904042 100644 --- a/pkgs/tools/text/rust-petname/default.nix +++ b/pkgs/tools/text/rust-petname/default.nix @@ -2,15 +2,15 @@ rustPlatform.buildRustPackage rec { pname = "rust-petname"; - version = "1.1.2"; + version = "1.1.3"; src = fetchCrate { inherit version; crateName = "petname"; - sha256 = "sha256-DfRWGwnWVJBcbW7aPEzgPd+gfldP+ypZlk8FcPZzp8g="; + sha256 = "sha256-C6EJ8awdTV9TecMeYdbmleK8171+hvphjXJrWNJSXxo="; }; - cargoSha256 = "sha256-tCVJX8NcbT+6t2kDeCMfcSDaq3O89ycj08bxTmp3JHs="; + cargoSha256 = "sha256-mB4n1IxhNXrAsCz/jv5jgqyO9OgISZnI5E/vFu80+FE="; meta = with lib; { description = "Generate human readable random names"; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index f83cec0de8b70..a1a21ac97e2a4 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -582,6 +582,7 @@ mapAliases ({ gr-rds = gnuradio3_7.pkgs.rds; # Added 2019-05-27, changed 2020-10-16 grv = throw "grv has been dropped due to the lack of maintanence from upstream since 2019"; # Added 2022-06-01 gsettings_desktop_schemas = throw "'gsettings_desktop_schemas' has been renamed to/replaced by 'gsettings-desktop-schemas'"; # Converted to throw 2022-02-22 + gsl_1 = throw "'gsl_1' has been renamed to/replaced by 'gsl'"; # Added 2022-11-19 gtk_doc = throw "'gtk_doc' has been renamed to/replaced by 'gtk-doc'"; # Converted to throw 2022-02-22 gtklick = throw "gtklick has been removed from nixpkgs as the project is stuck on python2"; # Added 2022-01-01 gtmess = throw "gtmess has been removed, because it was a MSN client."; # add 2021-12-15 @@ -756,6 +757,7 @@ mapAliases ({ libgpgerror = libgpg-error; # Added 2021-09-04 libgroove = throw "libgroove has been removed, because it depends on an outdated and insecure version of ffmpeg"; # Added 2022-01-21 libgumbo = throw "'libgumbo' has been renamed to/replaced by 'gumbo'"; # Converted to throw 2022-02-22 + libheimdal = heimdal; # Added 2022-11-18 libintlOrEmpty = lib.optional (!stdenv.isLinux || stdenv.hostPlatform.libc != "glibc") gettext; # Added 2018-03-14 libixp_hg = libixp; libjpeg_drop = libjpeg_original; # Added 2020-06-05 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b4cec20cb1467..8a6a82bb7ecc8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -790,6 +790,7 @@ with pkgs; mysql-shell = callPackage ../development/tools/mysql-shell { inherit (darwin) cctools developer_cmds DarwinTools; inherit (darwin.apple_sdk.frameworks) CoreServices; + antlr = antlr4_10; boost = boost177; # Configure checks for specific version. protobuf = protobuf3_19; icu = icu69; @@ -7196,7 +7197,9 @@ with pkgs; github-backup = callPackage ../tools/misc/github-backup { }; - github-runner = callPackage ../development/tools/continuous-integration/github-runner { }; + github-runner = callPackage ../development/tools/continuous-integration/github-runner { + inherit (darwin) autoSignDarwinBinariesHook; + }; gitkraken = callPackage ../applications/version-management/gitkraken { }; @@ -15783,6 +15786,16 @@ with pkgs; phpExtensions = php.extensions; phpPackages = php.packages; + # Import PHP82 interpreter, extensions and packages + php82 = callPackage ../development/interpreters/php/8.2.nix { + stdenv = if stdenv.cc.isClang then llvmPackages.stdenv else stdenv; + pcre2 = pcre2.override { + withJitSealloc = !stdenv.isDarwin; + }; + }; + php82Extensions = recurseIntoAttrs php82.extensions; + php82Packages = recurseIntoAttrs php82.packages; + # Import PHP81 interpreter, extensions and packages php81 = callPackage ../development/interpreters/php/8.1.nix { stdenv = if stdenv.cc.isClang then llvmPackages.stdenv else stdenv; @@ -18577,7 +18590,7 @@ with pkgs; cypress = callPackage ../development/web/cypress { }; cyrus_sasl = callPackage ../development/libraries/cyrus-sasl { - libkrb5 = if stdenv.isFreeBSD then libheimdal else libkrb5; + libkrb5 = if stdenv.isFreeBSD then heimdal else libkrb5; }; # Make bdb5 the default as it is the last release under the custom @@ -19315,8 +19328,6 @@ with pkgs; gsl = callPackage ../development/libraries/gsl { }; - gsl_1 = callPackage ../development/libraries/gsl/gsl-1_16.nix { }; - gsl-lite = callPackage ../development/libraries/gsl-lite { }; gsm = callPackage ../development/libraries/gsm {}; @@ -19494,7 +19505,6 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration; autoreconfHook = buildPackages.autoreconfHook269; }; - libheimdal = heimdal; harfbuzz = callPackage ../development/libraries/harfbuzz { inherit (darwin.apple_sdk.frameworks) ApplicationServices CoreText; @@ -23485,7 +23495,7 @@ with pkgs; inherit (callPackages ../servers/asterisk { }) asterisk asterisk-stable asterisk-lts - asterisk_16 asterisk_18 asterisk_19; + asterisk_16 asterisk_18 asterisk_19 asterisk_20; asterisk-module-sccp = callPackage ../servers/asterisk/sccp { }; diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index 69d849f2208b5..53f29b00ac5c7 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -73,16 +73,17 @@ lib.makeScope pkgs.newScope (self: with self; { # will mark the extension as a zend extension or not. mkExtension = lib.makeOverridable ({ name - , configureFlags ? [ "--enable-${name}" ] + , configureFlags ? [ "--enable-${extName}" ] , internalDeps ? [ ] , postPhpize ? "" , buildInputs ? [ ] , zendExtension ? false , doCheck ? true + , extName ? name , ... }@args: stdenv.mkDerivation ((builtins.removeAttrs args [ "name" ]) // { pname = "php-${name}"; - extensionName = name; + extensionName = extName; outputs = [ "out" "dev" ]; @@ -105,7 +106,7 @@ lib.makeScope pkgs.newScope (self: with self; { cdToExtensionRootPhase = '' # Go to extension source root. - cd "ext/${name}" + cd "ext/${extName}" ''; preConfigure = '' @@ -141,7 +142,7 @@ lib.makeScope pkgs.newScope (self: with self; { runHook preInstall mkdir -p $out/lib/php/extensions - cp modules/${name}.so $out/lib/php/extensions/${name}.so + cp modules/${extName}.so $out/lib/php/extensions/${extName}.so mkdir -p $dev/include ${rsync}/bin/rsync -r --filter="+ */" \ --filter="+ *.h" \ @@ -416,6 +417,16 @@ lib.makeScope pkgs.newScope (self: with self; { configureFlags = [ "--with-openssl" ]; doCheck = false; } + # This provides a legacy OpenSSL PHP extension + # For situations where OpenSSL 3 do not support a set of features + # without a specific openssl.cnf file + { + name = "openssl-legacy"; + extName = "openssl"; + buildInputs = [ openssl_1_1 ]; + configureFlags = [ "--with-openssl" ]; + doCheck = false; + } { name = "pcntl"; } { name = "pdo"; doCheck = false; } { diff --git a/pkgs/top-level/splice.nix b/pkgs/top-level/splice.nix index 459baaca2e636..2bf15252f9ada 100644 --- a/pkgs/top-level/splice.nix +++ b/pkgs/top-level/splice.nix @@ -8,16 +8,9 @@ # The solution is to splice the package sets together as we do below, so every # `callPackage`d expression in fact gets both versions. Each# derivation (and # each derivation's outputs) consists of the run-time version, augmented with a -# `nativeDrv` field for the build-time version, and `crossDrv` field for the +# `__spliced.buildHost` field for the build-time version, and `__spliced.hostTarget` field for the # run-time version. # -# We could have used any names we want for the disambiguated versions, but -# `crossDrv` and `nativeDrv` were somewhat similarly used for the old -# cross-compiling infrastructure. The names are mostly invisible as -# `mkDerivation` knows how to pull out the right ones for `buildDepends` and -# friends, but a few packages use them directly, so it seemed efficient (to -# @Ericson2314) to reuse those names, at least initially, to minimize breakage. -# # For performance reasons, rather than uniformally splice in all cases, we only # do so when `pkgs` and `buildPackages` are distinct. The `actuallySplice` # parameter there the boolean value of that equality check. @@ -46,14 +39,16 @@ let valueHostTarget = pkgsHostTarget.${name} or {}; valueTargetTarget = pkgsTargetTarget.${name} or {}; augmentedValue = defaultValue - # TODO(@Ericson2314): Stop using old names after transition period - // (lib.optionalAttrs (pkgsBuildHost ? ${name}) { nativeDrv = valueBuildHost; }) - // (lib.optionalAttrs (pkgsHostTarget ? ${name}) { crossDrv = valueHostTarget; }) + # TODO(@Artturin): remove before release 23.05 and only have __spliced. + // (lib.optionalAttrs (pkgsBuildHost ? ${name}) { nativeDrv = lib.warn "use ${name}.__spliced.buildHost instead of ${name}.nativeDrv" valueBuildHost; }) + // (lib.optionalAttrs (pkgsHostTarget ? ${name}) { crossDrv = lib.warn "use ${name}.__spliced.hostTarget instead of ${name}.crossDrv" valueHostTarget; }) // { __spliced = (lib.optionalAttrs (pkgsBuildBuild ? ${name}) { buildBuild = valueBuildBuild; }) + // (lib.optionalAttrs (pkgsBuildHost ? ${name}) { buildHost = valueBuildHost; }) // (lib.optionalAttrs (pkgsBuildTarget ? ${name}) { buildTarget = valueBuildTarget; }) // (lib.optionalAttrs (pkgsHostHost ? ${name}) { hostHost = valueHostHost; }) + // (lib.optionalAttrs (pkgsHostTarget ? ${name}) { hostTarget = valueHostTarget; }) // (lib.optionalAttrs (pkgsTargetTarget ? ${name}) { targetTarget = valueTargetTarget; }); }; |