diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-05-20 06:01:10 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-20 06:01:10 +0000 |
| commit | 4edfd12c6e6cfa8c77eba32c09ce234188d25320 (patch) | |
| tree | 1e5963ff764e411e5c97603bfdb9727e886c1bd3 | |
| parent | aea14e9bacfb787ed930eecf5a57eab9ddf416d6 (diff) | |
| parent | 0f6bec728b496fbfcc3b614ced5487621dbd55ea (diff) | |
Merge master into staging-next
29 files changed, 545 insertions, 311 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 87d26007c494e..7d8c61e541157 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -21616,6 +21616,12 @@ name = "Kostas Karachalios"; githubId = 81346; }; + vringar = { + email = "git@zabka.it"; + github = "vringar"; + name = "Stefan Zabka"; + githubId = 13276717; + }; vrthra = { email = "rahul@gopinath.org"; github = "vrthra"; diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index f937de4d611e2..29212d7c4725e 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -555,6 +555,14 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `icu` no longer includes `install-sh` and `mkinstalldirs` in the shared folder. +- The `go-ethereum` package has been updated to v1.14.3. Geth v1.14.0 introduced a brand new live-tracing feature, + which required a number of breaking internal API changes. If you had your own native tracers implemented before this change, + the [changelog](https://github.com/ethereum/go-ethereum/blob/master/core/tracing/CHANGELOG.md) contains the necessary steps needed to update your old code for the new APIs. + Geth v1.14.0 drops support for running pre-merge networks ([#29169](https://github.com/ethereum/go-ethereum/pull/29169)). + It also stops automatically constructing the pending block ([#28623](https://github.com/ethereum/go-ethereum/pull/28623)), + removes support for filtering pending logs, switched to using Go v1.22 by default (#28946), which means we've dropped support for Go v1.20. + See [the 1.14.0 release notes](https://github.com/ethereum/go-ethereum/releases/tag/v1.14.0) for more details. + ## Other Notable Changes {#sec-release-24.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixos/modules/programs/screen.nix b/nixos/modules/programs/screen.nix index 01af5b4c9597a..4f3cd9fcf9a56 100644 --- a/nixos/modules/programs/screen.nix +++ b/nixos/modules/programs/screen.nix @@ -12,7 +12,8 @@ in package = lib.mkPackageOptionMD pkgs "screen" { }; screenrc = lib.mkOption { - type = with lib.types; nullOr lines; + type = lib.types.lines; + default = ""; example = '' defscrollback 10000 startup_message off @@ -22,20 +23,22 @@ in }; }; - config = { - # TODO: Added in 24.05, remove before 24.11 - assertions = [ - { - assertion = cfg.screenrc != null -> cfg.enable; - message = "`programs.screen.screenrc` has been configured, but `programs.screen.enable` is not true"; - } - ]; - } // lib.mkIf cfg.enable { - environment.etc.screenrc = { - enable = cfg.screenrc != null; - text = cfg.screenrc; - }; - environment.systemPackages = [ cfg.package ]; - security.pam.services.screen = {}; - }; + config = lib.mkMerge [ + { + # TODO: Added in 24.05, remove before 24.11 + assertions = [ + { + assertion = cfg.screenrc != "" -> cfg.enable; + message = "`programs.screen.screenrc` has been configured, but `programs.screen.enable` is not true"; + } + ]; + } + (lib.mkIf cfg.enable { + environment.etc.screenrc = { + text = cfg.screenrc; + }; + environment.systemPackages = [ cfg.package ]; + security.pam.services.screen = {}; + }) + ]; } diff --git a/pkgs/applications/audio/go-musicfox/default.nix b/pkgs/applications/audio/go-musicfox/default.nix index 4a51ab0503141..613756ffaeebb 100644 --- a/pkgs/applications/audio/go-musicfox/default.nix +++ b/pkgs/applications/audio/go-musicfox/default.nix @@ -2,20 +2,21 @@ , buildGoModule , fetchFromGitHub , pkg-config -, alsa-lib , flac +, stdenv +, alsa-lib , nix-update-script }: buildGoModule rec { pname = "go-musicfox"; - version = "4.4.0"; + version = "4.4.1"; src = fetchFromGitHub { owner = "go-musicfox"; repo = "go-musicfox"; rev = "v${version}"; - hash = "sha256-11N3dykuEDKAryieNVaPfb3G7E/a4A7Znx9rBvFTHC4="; + hash = "sha256-pIfQ0ufn8W0opm+N6IPFBPWNxNWMOU7FudPtIFop51c="; }; deleteVendor = true; @@ -35,8 +36,9 @@ buildGoModule rec { ]; buildInputs = [ - alsa-lib flac + ] ++ lib.optionals stdenv.isLinux [ + alsa-lib ]; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/applications/blockchains/go-ethereum/default.nix b/pkgs/applications/blockchains/go-ethereum/default.nix index f56fdb09a707b..028232f6cc707 100644 --- a/pkgs/applications/blockchains/go-ethereum/default.nix +++ b/pkgs/applications/blockchains/go-ethereum/default.nix @@ -9,16 +9,17 @@ let in buildGoModule rec { pname = "go-ethereum"; - version = "1.13.5"; + version = "1.14.3"; src = fetchFromGitHub { owner = "ethereum"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UbRsY9fSUYAwPcLfGGDHeqvSsLKUKR+2a93jH5xA9uQ="; + sha256 = "sha256-h2i/q4gfvqO8SgFxjoIhm4y0icpt+qe0Tq+3W6Ld8KM="; }; - vendorHash = "sha256-dOvpOCMxxmcAaticSLVlro1L4crAVJWyvgx/JZZ7buE="; + proxyVendor = true; + vendorHash = "sha256-ugoRsxzJjPOS5yPhwqXhMPuThvyqCWvZD7PBnrkm0sQ="; doCheck = false; @@ -32,12 +33,13 @@ in buildGoModule rec { subPackages = [ "cmd/abidump" "cmd/abigen" + "cmd/blsync" "cmd/bootnode" "cmd/clef" "cmd/devp2p" + "cmd/era" "cmd/ethkey" "cmd/evm" - "cmd/faucet" "cmd/geth" "cmd/p2psim" "cmd/rlpdump" diff --git a/pkgs/applications/version-management/git-credential-1password/default.nix b/pkgs/applications/version-management/git-credential-1password/default.nix deleted file mode 100644 index 832698718c3d6..0000000000000 --- a/pkgs/applications/version-management/git-credential-1password/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, buildGoModule, fetchFromGitHub }: - -buildGoModule rec { - pname = "git-credential-1password"; - version = "1.2.1"; - - src = fetchFromGitHub { - owner = "develerik"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-8qdUOJ0MOk/xVvp3kDuxNRo3lMEJhLeI3Fle0tuZez0="; - }; - - vendorHash = "sha256-B6BlVnUX4XLT+9EpL63Ht4S8Wo84RsmY99CL+srQfpw="; - - meta = with lib; { - description = "A git credential helper for 1Password"; - homepage = "https://github.com/develerik/git-credential-1password"; - changelog = "https://github.com/develerik/git-credential-1password/releases/tag/v${version}"; - license = licenses.isc; - maintainers = [ maintainers.ivankovnatsky ]; - mainProgram = "git-credential-1password"; - }; -} diff --git a/pkgs/by-name/di/discordchatexporter-cli/deps.nix b/pkgs/by-name/di/discordchatexporter-cli/deps.nix index 46c8ca0682791..db36b866f0504 100644 --- a/pkgs/by-name/di/discordchatexporter-cli/deps.nix +++ b/pkgs/by-name/di/discordchatexporter-cli/deps.nix @@ -8,11 +8,10 @@ (fetchNuGet { pname = "CliFx"; version = "2.3.5"; sha256 = "0rlbv93ssw0d8kvhnvrz2f06ka66gz4gbz1va2q135dab99cmrin"; }) (fetchNuGet { pname = "CSharpier.MsBuild"; version = "0.28.2"; sha256 = "10c3v3pqv49y5wi0slswfzkwjh9q93diihpmkbfp3r7yjpv6871d"; }) (fetchNuGet { pname = "Deorcify"; version = "1.0.2"; sha256 = "0nwxyrl4rd5x621i2hs5fl3w7fxpm13lkdssxr9fd5042px2gqbm"; }) - (fetchNuGet { pname = "DotnetRuntimeBootstrapper"; version = "2.5.4"; sha256 = "0pjzyvq0a975m0y7b0k8wsr7mskykv3bzba98xmcc29nsyib2a8h"; }) (fetchNuGet { pname = "Gress"; version = "2.1.1"; sha256 = "1svz1flhyl26h3xjch0acjjinympgf6bhj5vpb188njfih3ip4ck"; }) (fetchNuGet { pname = "JsonExtensions"; version = "1.2.0"; sha256 = "0g54hibabbqqfhxjlnxwv1rxagpali5agvnpymp2w3dk8h6q66xy"; }) - (fetchNuGet { pname = "Polly"; version = "8.3.1"; sha256 = "19q7s493sv90879052pxfcbsk3bmxjg5688ya7l12964ddafiwsl"; }) - (fetchNuGet { pname = "Polly.Core"; version = "8.3.1"; sha256 = "15ylkqdcwpr76n0nfzpvd6s00ywjagn1ignyrcz9arwahrxpsm4b"; }) + (fetchNuGet { pname = "Polly"; version = "8.4.0"; sha256 = "1zpq6590zpj3sibdhrn3fydqrm9ga43xdxvjv3rwzhigrkddg9zl"; }) + (fetchNuGet { pname = "Polly.Core"; version = "8.4.0"; sha256 = "1gp66r03zqvwwr4nw96n49bfv08bk54qpdbiqgxg93yhfsbsmkg8"; }) (fetchNuGet { pname = "RazorBlade"; version = "0.6.0"; sha256 = "11k2j7d7ddb47sj4lkply8v4aqrfxl0b314cv0l4f5syi4ilfa6s"; }) (fetchNuGet { pname = "Spectre.Console"; version = "0.49.1"; sha256 = "0fhl96p3xjd5k1wwvhs80cp35rrlgnza6mw9vy0knhmf7ji9b95n"; }) (fetchNuGet { pname = "Superpower"; version = "3.0.0"; sha256 = "0p6riay4732j1fahc081dzgs9q4z3n2fpxrin4zfpj6q2226dhz4"; }) diff --git a/pkgs/by-name/di/discordchatexporter-cli/package.nix b/pkgs/by-name/di/discordchatexporter-cli/package.nix index ed6f4e836aa3b..818aee7b5bf64 100644 --- a/pkgs/by-name/di/discordchatexporter-cli/package.nix +++ b/pkgs/by-name/di/discordchatexporter-cli/package.nix @@ -8,13 +8,13 @@ buildDotnetModule rec { pname = "discordchatexporter-cli"; - version = "2.43"; + version = "2.43.1"; src = fetchFromGitHub { owner = "tyrrrz"; repo = "discordchatexporter"; rev = version; - hash = "sha256-FbZ2Kt5lKTINpj0EsJGXWY1aK0qitks16GClBWa/iQ4="; + hash = "sha256-MLOWZJehajB002SqBW2HJTjr00eU9RV+Weu3rmgoEew="; }; projectFile = "DiscordChatExporter.Cli/DiscordChatExporter.Cli.csproj"; diff --git a/pkgs/by-name/ho/home-manager/package.nix b/pkgs/by-name/ho/home-manager/package.nix index c2a9cd7fd6ee1..b724d90de6eb2 100644 --- a/pkgs/by-name/ho/home-manager/package.nix +++ b/pkgs/by-name/ho/home-manager/package.nix @@ -16,14 +16,14 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "home-manager"; - version = "0-unstable-2024-05-12"; + version = "0-unstable-2024-05-17"; src = fetchFromGitHub { name = "home-manager-source"; owner = "nix-community"; repo = "home-manager"; - rev = "44677a1c96810a8e8c4ffaeaad10c842402647c1"; - hash = "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4="; + rev = "e3ad5108f54177e6520535768ddbf1e6af54b59d"; + hash = "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/op/openvas-scanner/package.nix b/pkgs/by-name/op/openvas-scanner/package.nix index f20eaafd2f638..f732a8226ce17 100644 --- a/pkgs/by-name/op/openvas-scanner/package.nix +++ b/pkgs/by-name/op/openvas-scanner/package.nix @@ -31,13 +31,13 @@ stdenv.mkDerivation rec { pname = "openvas-scanner"; - version = "23.2.1"; + version = "23.3.0"; src = fetchFromGitHub { owner = "greenbone"; repo = "openvas-scanner"; rev = "refs/tags/v${version}"; - hash = "sha256-fP21F9SGT20sGPsQI5BxwQUCgZdLCBt+fsXutZu463k="; + hash = "sha256-CkwDhHPdTbXNrqY/obg1rOtGB1HC+fUwZ5+5d82vlV4="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/mailchecker/default.nix b/pkgs/development/python-modules/mailchecker/default.nix index 1f038308a76b9..2216aa7937cde 100644 --- a/pkgs/development/python-modules/mailchecker/default.nix +++ b/pkgs/development/python-modules/mailchecker/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "mailchecker"; - version = "6.0.4"; + version = "6.0.5"; pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-XtZOk3KgIzu9vwI0HnoklGQVZ42KVOPQBXxJ1fpfJjA="; + hash = "sha256-jdcewXJO8I83zvAKb4UbKmuQC4SUbtS5H+RmFDTNwcI="; }; build-system = [ setuptools ]; diff --git a/pkgs/servers/home-assistant/custom-lovelace-modules/android-tv-card/default.nix b/pkgs/servers/home-assistant/custom-lovelace-modules/android-tv-card/default.nix index 34fc23dfcc881..0e7f86be6baa7 100644 --- a/pkgs/servers/home-assistant/custom-lovelace-modules/android-tv-card/default.nix +++ b/pkgs/servers/home-assistant/custom-lovelace-modules/android-tv-card/default.nix @@ -5,18 +5,18 @@ buildNpmPackage rec { pname = "android-tv-card"; - version = "3.7.0"; + version = "3.7.1"; src = fetchFromGitHub { owner = "Nerwyn"; repo = "android-tv-card"; rev = version; - hash = "sha256-6SwSoFeGS3kzk4jz+vSVb8ENMcSFxaunyTzuPe1kHBI="; + hash = "sha256-+g93NybZreixpXylVqWQvjP0l9Z1x5JbEMC0RDpscBE="; }; patches = [ ./dont-call-git.patch ]; - npmDepsHash = "sha256-QO3IAd7RC8VBa2YjQVn4HUm64mQL86OuAhjJO0Oo94M="; + npmDepsHash = "sha256-oKIDL8BPalkIqtvA68D1YFINgg8qJ2C1KTuAr1IhJjE="; installPhase = '' runHook preInstall diff --git a/pkgs/tools/archivers/7zz/default.nix b/pkgs/tools/archivers/7zz/default.nix index a10283dc59f80..f4eb5e9327fe5 100644 --- a/pkgs/tools/archivers/7zz/default.nix +++ b/pkgs/tools/archivers/7zz/default.nix @@ -11,7 +11,6 @@ , enableUnfree ? false # For tests -, _7zz , testers }: @@ -26,13 +25,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "7zz"; - version = "23.01"; + version = "24.05"; src = fetchurl { url = "https://7-zip.org/a/7z${lib.replaceStrings [ "." ] [ "" ] finalAttrs.version}-src.tar.xz"; hash = { - free = "sha256-F1ybQsyReF2NBR/3eMZySvxVEntpwq2VUlRCHp/5nZs="; - unfree = "sha256-NWBxAHNg5aGCTZkEmT6LJIC1G1cOjJ+vfA9Y6+S/n3Q="; + free = "sha256-yYq3IEV2GeDWwW6KrdpgK2/QOsmDcBpIZvbk6VKZETY="; + unfree = "sha256-Y/NBz4C40ofG6UVRmz2g+nVVPIVXKkcbf6bmj5qQt5A="; }.${if enableUnfree then "unfree" else "free"}; downloadToTemp = (!enableUnfree); # remove the unRAR related code from the src drv @@ -55,8 +54,6 @@ stdenv.mkDerivation (finalAttrs: { patches = [ ./fix-cross-mingw-build.patch - # remove unneeded semicolons related to -Wextra-semi-stmt, caused by upstream - ./fix-empty-expr-stmt.patch ]; postPatch = lib.optionalString stdenv.hostPlatform.isMinGW '' @@ -117,23 +114,23 @@ stdenv.mkDerivation (finalAttrs: { passthru = { updateScript = ./update.sh; tests.version = testers.testVersion { - package = _7zz; + package = finalAttrs.finalPackage; command = "7zz --help"; }; }; - meta = with lib; { + meta = { description = "Command line archiver utility"; homepage = "https://7-zip.org"; - license = with licenses; + license = with lib.licenses; # 7zip code is largely lgpl2Plus # CPP/7zip/Compress/LzfseDecoder.cpp is bsd3 [ lgpl2Plus /* and */ bsd3 ] ++ # and CPP/7zip/Compress/Rar* are unfree with the unRAR license restriction # the unRAR compression code is disabled by default lib.optionals enableUnfree [ unfree ]; - maintainers = with maintainers; [ anna328p eclairevoyant jk peterhoeg ]; - platforms = platforms.unix ++ platforms.windows; + maintainers = with lib.maintainers; [ anna328p eclairevoyant jk peterhoeg ]; + platforms = with lib.platforms; unix ++ windows; mainProgram = "7zz"; }; }) diff --git a/pkgs/tools/archivers/7zz/fix-cross-mingw-build.patch b/pkgs/tools/archivers/7zz/fix-cross-mingw-build.patch index 4b0ccb6f2b0f0..4d77b1bb10242 100644 --- a/pkgs/tools/archivers/7zz/fix-cross-mingw-build.patch +++ b/pkgs/tools/archivers/7zz/fix-cross-mingw-build.patch @@ -1,14 +1,3 @@ ---- a/C/7zVersion.rc -+++ b/C/7zVersion.rc -@@ -5,7 +5,7 @@ - #define MY_VFT_APP 0x00000001L - #define MY_VFT_DLL 0x00000002L - --// #include <WinVer.h> -+// #include <winver.h> - - #ifndef MY_VERSION - #include "7zVersion.h" --- a/C/7zip_gcc_c.mak +++ b/C/7zip_gcc_c.mak @@ -106,7 +106,7 @@ @@ -20,39 +9,78 @@ CFLAGS_EXTRA = -DUNICODE -D_UNICODE # -Wno-delete-non-virtual-dtor ---- a/CPP/7zip/7zip_gcc.mak -+++ b/CPP/7zip/7zip_gcc.mak -@@ -124,8 +124,8 @@ - DEL_OBJ_EXE = -$(RM) $(O)\*.o $(O)\$(PROG).exe $(O)\$(PROG).dll - endif +--- a/C/7zVersion.rc ++++ b/C/7zVersion.rc +@@ -5,7 +5,7 @@ + #define MY_VFT_APP 0x00000001L + #define MY_VFT_DLL 0x00000002L --LIB2_GUI = -lOle32 -lGdi32 -lComctl32 -lComdlg32 -lShell32 $(LIB_HTMLHELP) --LIB2 = -loleaut32 -luuid -ladvapi32 -lUser32 $(LIB2_GUI) -+LIB2_GUI = -lole32 -lgdi32 -lcomctl32 -lcomdlg32 -lshell32 $(LIB_HTMLHELP) -+LIB2 = -loleaut32 -luuid -ladvapi32 -luser32 $(LIB2_GUI) +-// #include <WinVer.h> ++// #include <winver.h> - CXXFLAGS_EXTRA = -DUNICODE -D_UNICODE - # -Wno-delete-non-virtual-dtor + #ifndef MY_VERSION + #include "7zVersion.h" --- a/C/Util/7zipInstall/resource.rc +++ b/C/Util/7zipInstall/resource.rc -@@ -1,6 +1,6 @@ - #include <winnt.h> - #include <WinUser.h> +@@ -1,7 +1,7 @@ + #include <windows.h> + // #include <winnt.h> + // #include <WinUser.h> -#include <CommCtrl.h> +#include <commctrl.h> #define USE_COPYRIGHT_CR #include "../../7zVersion.rc" +--- a/C/Util/7zipInstall/resource.rc.rej ++++ b/C/Util/7zipInstall/resource.rc.rej +@@ -0,0 +1,10 @@ ++--- C/Util/7zipInstall/resource.rc +++++ C/Util/7zipInstall/resource.rc ++@@ -1,6 +1,6 @@ ++ #include <winnt.h> ++ #include <WinUser.h> ++-#include <CommCtrl.h> +++#include <commctrl.h> ++ ++ #define USE_COPYRIGHT_CR ++ #include "../../7zVersion.rc" --- a/C/Util/7zipUninstall/resource.rc +++ b/C/Util/7zipUninstall/resource.rc -@@ -1,6 +1,6 @@ - #include <winnt.h> - #include <WinUser.h> +@@ -1,7 +1,7 @@ + #include <windows.h> + // #include <winnt.h> + // #include <WinUser.h> -#include <CommCtrl.h> +#include <commctrl.h> #define USE_COPYRIGHT_CR #include "../../7zVersion.rc" +--- a/C/Util/7zipUninstall/resource.rc.rej ++++ b/C/Util/7zipUninstall/resource.rc.rej +@@ -0,0 +1,10 @@ ++--- C/Util/7zipUninstall/resource.rc +++++ C/Util/7zipUninstall/resource.rc ++@@ -1,6 +1,6 @@ ++ #include <winnt.h> ++ #include <WinUser.h> ++-#include <CommCtrl.h> +++#include <commctrl.h> ++ ++ #define USE_COPYRIGHT_CR ++ #include "../../7zVersion.rc" +--- a/CPP/7zip/7zip_gcc.mak ++++ b/CPP/7zip/7zip_gcc.mak +@@ -142,8 +142,8 @@ + DEL_OBJ_EXE = -$(RM) $(O)\*.o $(O)\$(PROG).exe $(O)\$(PROG).dll + endif + +-LIB2_GUI = -lOle32 -lGdi32 -lComctl32 -lComdlg32 -lShell32 $(LIB_HTMLHELP) +-LIB2 = -loleaut32 -luuid -ladvapi32 -lUser32 $(LIB2_GUI) ++LIB2_GUI = -lole32 -lgdi32 -lcomctl32 -lcomdlg32 -lshell32 $(LIB_HTMLHELP) ++LIB2 = -loleaut32 -luuid -ladvapi32 -luser32 $(LIB2_GUI) + + # v24.00: -DUNICODE and -D_UNICODE are defined in precompilation header files + # CXXFLAGS_EXTRA = -DUNICODE -D_UNICODE --- a/CPP/7zip/Crypto/RandGen.cpp +++ b/CPP/7zip/Crypto/RandGen.cpp @@ -19,7 +19,7 @@ @@ -111,8 +139,8 @@ --- a/CPP/Windows/Control/ImageList.h +++ b/CPP/Windows/Control/ImageList.h @@ -3,7 +3,7 @@ - #ifndef __WINDOWS_CONTROL_IMAGE_LIST_H - #define __WINDOWS_CONTROL_IMAGE_LIST_H + #ifndef ZIP7_INC_WINDOWS_CONTROL_IMAGE_LIST_H + #define ZIP7_INC_WINDOWS_CONTROL_IMAGE_LIST_H -#include <CommCtrl.h> +#include <commctrl.h> @@ -144,8 +172,8 @@ --- a/CPP/Windows/SecurityUtils.h +++ b/CPP/Windows/SecurityUtils.h @@ -3,7 +3,7 @@ - #ifndef __WINDOWS_SECURITY_UTILS_H - #define __WINDOWS_SECURITY_UTILS_H + #ifndef ZIP7_INC_WINDOWS_SECURITY_UTILS_H + #define ZIP7_INC_WINDOWS_SECURITY_UTILS_H -#include <NTSecAPI.h> +#include <ntsecapi.h> diff --git a/pkgs/tools/archivers/7zz/fix-empty-expr-stmt.patch b/pkgs/tools/archivers/7zz/fix-empty-expr-stmt.patch deleted file mode 100644 index 7583482d5d388..0000000000000 --- a/pkgs/tools/archivers/7zz/fix-empty-expr-stmt.patch +++ /dev/null @@ -1,184 +0,0 @@ -diff -Naur a/C/7zCrc.c b/C/7zCrc.c ---- a/C/7zCrc.c -+++ b/C/7zCrc.c -@@ -174,7 +174,7 @@ - UInt32 Z7_FASTCALL CrcUpdateT0_32(UInt32 v, const void *data, size_t size, const UInt32 *table) - { - const Byte *p = (const Byte *)data; -- UNUSED_VAR(table); -+ UNUSED_VAR(table) - - for (; size != 0 && ((unsigned)(ptrdiff_t)p & (T0_32_UNROLL_BYTES - 1)) != 0; size--) - v = __crc32b(v, *p++); -@@ -206,7 +206,7 @@ - UInt32 Z7_FASTCALL CrcUpdateT0_64(UInt32 v, const void *data, size_t size, const UInt32 *table) - { - const Byte *p = (const Byte *)data; -- UNUSED_VAR(table); -+ UNUSED_VAR(table) - - for (; size != 0 && ((unsigned)(ptrdiff_t)p & (T0_64_UNROLL_BYTES - 1)) != 0; size--) - v = __crc32b(v, *p++); -diff -Naur a/C/AesOpt.c b/C/AesOpt.c ---- a/C/AesOpt.c -+++ b/C/AesOpt.c -@@ -639,7 +639,7 @@ - const v128 k_z0 = w[2]; - for (; numBlocks != 0; numBlocks--, data++) - { -- MM_XOR_m (*data); -+ MM_XOR_m (*data) - AES_E_MC_m (k0) - AES_E_MC_m (k1) - AES_E_MC_m (k2) -@@ -660,7 +660,7 @@ - } - } - AES_E_m (k_z1) -- MM_XOR_m (k_z0); -+ MM_XOR_m (k_z0) - *data = m; - } - *p = m; -@@ -745,7 +745,7 @@ - while (w != p); - WOP_KEY (AES_D, 1) - WOP_KEY (AES_XOR, 0) -- MM_XOR (m0, iv); -+ MM_XOR (m0, iv) - WOP_M1 (XOR_data_M1) - iv = data[NUM_WAYS - 1]; - WOP (STORE_data) -@@ -759,14 +759,14 @@ - AES_D_IMC_m (w[2]) - do - { -- AES_D_IMC_m (w[1]); -- AES_D_IMC_m (w[0]); -+ AES_D_IMC_m (w[1]) -+ AES_D_IMC_m (w[0]) - w -= 2; - } - while (w != p); -- AES_D_m (w[1]); -- MM_XOR_m (w[0]); -- MM_XOR_m (iv); -+ AES_D_m (w[1]) -+ MM_XOR_m (w[0]) -+ MM_XOR_m (iv) - iv = *data; - *data = m; - } -@@ -809,11 +809,11 @@ - { - const v128 *w = p; - v128 m; -- CTR_START (m, 0); -+ CTR_START (m, 0) - do - { -- AES_E_MC_m (w[0]); -- AES_E_MC_m (w[1]); -+ AES_E_MC_m (w[0]) -+ AES_E_MC_m (w[1]) - w += 2; - } - while (w != wEnd); -diff -Naur a/C/LzmaEnc.c b/C/LzmaEnc.c ---- a/C/LzmaEnc.c -+++ b/C/LzmaEnc.c -@@ -195,11 +195,11 @@ - unsigned GetPosSlot1(UInt32 pos) - { - unsigned res; -- BSR2_RET(pos, res); -+ BSR2_RET(pos, res) - return res; - } --#define GetPosSlot2(pos, res) { BSR2_RET(pos, res); } --#define GetPosSlot(pos, res) { if (pos < 2) res = pos; else BSR2_RET(pos, res); } -+#define GetPosSlot2(pos, res) { BSR2_RET(pos, res) } -+#define GetPosSlot(pos, res) { if (pos < 2) res = pos; else BSR2_RET(pos, res) } - - - #else // ! LZMA_LOG_BSR -diff -Naur a/C/Sha1Opt.c b/C/Sha1Opt.c ---- a/C/Sha1Opt.c -+++ b/C/Sha1Opt.c -@@ -300,26 +300,26 @@ - LOAD_SHUFFLE (m2, 2) - LOAD_SHUFFLE (m3, 3) - -- T(m0, c0); H(e1); C(e0); -- T(m1, c0); SU0(m0, m1, m2); H(e0); C(e1); -- T(m2, c0); SU0(m1, m2, m3); SU1(m0, m3); H(e1); C(e0); -- T(m3, c0); SU0(m2, m3, m0); SU1(m1, m0); H(e0); C(e1); -- T(m0, c0); SU0(m3, m0, m1); SU1(m2, m1); H(e1); C(e0); -- T(m1, c1); SU0(m0, m1, m2); SU1(m3, m2); H(e0); P(e1); -- T(m2, c1); SU0(m1, m2, m3); SU1(m0, m3); H(e1); P(e0); -- T(m3, c1); SU0(m2, m3, m0); SU1(m1, m0); H(e0); P(e1); -- T(m0, c1); SU0(m3, m0, m1); SU1(m2, m1); H(e1); P(e0); -- T(m1, c1); SU0(m0, m1, m2); SU1(m3, m2); H(e0); P(e1); -- T(m2, c2); SU0(m1, m2, m3); SU1(m0, m3); H(e1); M(e0); -- T(m3, c2); SU0(m2, m3, m0); SU1(m1, m0); H(e0); M(e1); -- T(m0, c2); SU0(m3, m0, m1); SU1(m2, m1); H(e1); M(e0); -- T(m1, c2); SU0(m0, m1, m2); SU1(m3, m2); H(e0); M(e1); -- T(m2, c2); SU0(m1, m2, m3); SU1(m0, m3); H(e1); M(e0); -- T(m3, c3); SU0(m2, m3, m0); SU1(m1, m0); H(e0); P(e1); -- T(m0, c3); SU0(m3, m0, m1); SU1(m2, m1); H(e1); P(e0); -- T(m1, c3); SU1(m3, m2); H(e0); P(e1); -- T(m2, c3); H(e1); P(e0); -- T(m3, c3); H(e0); P(e1); -+ T(m0, c0); H(e1); C(e0) -+ T(m1, c0); SU0(m0, m1, m2) H(e0); C(e1) -+ T(m2, c0); SU0(m1, m2, m3) SU1(m0, m3) H(e1); C(e0) -+ T(m3, c0); SU0(m2, m3, m0) SU1(m1, m0) H(e0); C(e1) -+ T(m0, c0); SU0(m3, m0, m1) SU1(m2, m1) H(e1); C(e0) -+ T(m1, c1); SU0(m0, m1, m2) SU1(m3, m2) H(e0); P(e1) -+ T(m2, c1); SU0(m1, m2, m3) SU1(m0, m3) H(e1); P(e0) -+ T(m3, c1); SU0(m2, m3, m0) SU1(m1, m0) H(e0); P(e1) -+ T(m0, c1); SU0(m3, m0, m1) SU1(m2, m1) H(e1); P(e0) -+ T(m1, c1); SU0(m0, m1, m2) SU1(m3, m2) H(e0); P(e1) -+ T(m2, c2); SU0(m1, m2, m3) SU1(m0, m3) H(e1); M(e0) -+ T(m3, c2); SU0(m2, m3, m0) SU1(m1, m0) H(e0); M(e1) -+ T(m0, c2); SU0(m3, m0, m1) SU1(m2, m1) H(e1); M(e0) -+ T(m1, c2); SU0(m0, m1, m2) SU1(m3, m2) H(e0); M(e1) -+ T(m2, c2); SU0(m1, m2, m3) SU1(m0, m3) H(e1); M(e0) -+ T(m3, c3); SU0(m2, m3, m0) SU1(m1, m0) H(e0); P(e1) -+ T(m0, c3); SU0(m3, m0, m1) SU1(m2, m1) H(e1); P(e0) -+ T(m1, c3); SU1(m3, m2) H(e0); P(e1) -+ T(m2, c3); H(e1); P(e0) -+ T(m3, c3); H(e0); P(e1) - - abcd = vaddq_u32(abcd, abcd_save); - e0 += e0_save; -diff -Naur a/C/Sha256Opt.c b/C/Sha256Opt.c ---- a/C/Sha256Opt.c -+++ b/C/Sha256Opt.c -@@ -316,10 +316,10 @@ - LOAD_SHUFFLE (m2, 2) - LOAD_SHUFFLE (m3, 3) - -- R16 ( 0, NNN, NNN, SM1, NNN, SM1, SM2, SM1, SM2 ); -- R16 ( 1, SM1, SM2, SM1, SM2, SM1, SM2, SM1, SM2 ); -- R16 ( 2, SM1, SM2, SM1, SM2, SM1, SM2, SM1, SM2 ); -- R16 ( 3, SM1, SM2, NNN, SM2, NNN, NNN, NNN, NNN ); -+ R16 ( 0, NNN, NNN, SM1, NNN, SM1, SM2, SM1, SM2 ) -+ R16 ( 1, SM1, SM2, SM1, SM2, SM1, SM2, SM1, SM2 ) -+ R16 ( 2, SM1, SM2, SM1, SM2, SM1, SM2, SM1, SM2 ) -+ R16 ( 3, SM1, SM2, NNN, SM2, NNN, NNN, NNN, NNN ) - - state0 = vaddq_u32(state0, state0_save); - state1 = vaddq_u32(state1, state1_save); -diff -Naur a/CPP/Windows/System.h b/CPP/Windows/System.h ---- a/CPP/Windows/System.h -+++ b/CPP/Windows/System.h -@@ -105,7 +105,7 @@ - } - - void CpuZero() { } -- void CpuSet(unsigned cpuIndex) { UNUSED_VAR(cpuIndex); } -+ void CpuSet(unsigned cpuIndex) { UNUSED_VAR(cpuIndex) } - int IsCpuSet(unsigned cpuIndex) const { return (cpuIndex < numSysThreads) ? 1 : 0; } - - BOOL SetProcAffinity() const diff --git a/pkgs/tools/archivers/7zz/update.sh b/pkgs/tools/archivers/7zz/update.sh index f641cf9ad0c51..bc3179615d357 100755 --- a/pkgs/tools/archivers/7zz/update.sh +++ b/pkgs/tools/archivers/7zz/update.sh @@ -1,14 +1,12 @@ #! /usr/bin/env nix-shell -#! nix-shell -i bash -p coreutils gnused curl jq nix-prefetch +#! nix-shell -i bash -p curl xq-xml nix-prefetch set -euo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" DRV_DIR="$PWD" OLD_VERSION="$(sed -nE 's/\s*version = "(.*)".*/\1/p' ./default.nix)" -# The best_release.json is not always up-to-date -# In those cases you can force the version by calling `./update.sh <newer_version>` -NEW_VERSION="${1:-$(curl -H "Accept: application/json" 'https://sourceforge.net/projects/sevenzip/best_release.json' | jq '.platform_releases.linux.filename' -r | cut -d/ -f3)}" +NEW_VERSION="$(curl -H 'Accept: application/rss+xml' 'https://sourceforge.net/projects/sevenzip/rss?path=/7-Zip' | xq -x "substring((/rss/channel/item[link[contains(., 'src.tar.xz')]])[1]/title, 8, 5)")" echo "comparing versions $OLD_VERSION => $NEW_VERSION" if [[ "$OLD_VERSION" == "$NEW_VERSION" ]]; then @@ -26,10 +24,11 @@ OLD_UNFREE_HASH="$(nix-instantiate --eval --strict -E "with import $NIXPKGS_ROOT NEW_VERSION_FORMATTED="$(echo "$NEW_VERSION" | tr -d '.')" URL="https://7-zip.org/a/7z${NEW_VERSION_FORMATTED}-src.tar.xz" +# `nix-prefetch` is broken without flakes +# see https://github.com/msteen/nix-prefetch/issues/51 +NEW_FREE_HASH=$(nix-prefetch -f "$NIXPKGS_ROOT" -E "_7zz.src" --url "$URL" --option extra-experimental-features flakes) -NEW_FREE_HASH=$(nix-prefetch -f "$NIXPKGS_ROOT" -E "_7zz.src" --url "$URL") - -NEW_UNFREE_OUT=$(nix-prefetch -f "$NIXPKGS_ROOT" -E "(_7zz.override { enableUnfree = true; }).src" --url "$URL" --output raw --print-path) +NEW_UNFREE_OUT=$(nix-prefetch -f "$NIXPKGS_ROOT" -E "(_7zz.override { enableUnfree = true; }).src" --url "$URL" --output raw --print-path --option extra-experimental-features flakes) # first line of raw output is the hash NEW_UNFREE_HASH="$(echo "$NEW_UNFREE_OUT" | sed -n 1p)" # second line of raw output is the src path diff --git a/pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch b/pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch new file mode 100644 index 0000000000000..0e87aa71a4073 --- /dev/null +++ b/pkgs/tools/security/ghidra/0002-Load-nix-extensions.patch @@ -0,0 +1,15 @@ +diff --git a/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java b/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java +index ea12a661f0..da7779b07f 100644 +--- a/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java ++++ b/Ghidra/Framework/Utility/src/main/java/utility/application/ApplicationUtilities.java +@@ -36,6 +36,10 @@ public class ApplicationUtilities { + */ + public static Collection<ResourceFile> findDefaultApplicationRootDirs() { + Collection<ResourceFile> applicationRootDirs = new ArrayList<>(); ++ String nixGhidraHome = System.getenv("NIX_GHIDRAHOME"); ++ if (nixGhidraHome != null) { ++ applicationRootDirs.add(new ResourceFile(nixGhidraHome)); ++ }; + ResourceFile applicationRootDir = findPrimaryApplicationRootDir(); + if (applicationRootDir != null) { + applicationRootDirs.add(applicationRootDir); diff --git a/pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch b/pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch new file mode 100644 index 0000000000000..0a89487015024 --- /dev/null +++ b/pkgs/tools/security/ghidra/0003-Remove-build-datestamp.patch @@ -0,0 +1,26 @@ +diff --git a/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle b/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle +index bc194f219..94b00fabd 100644 +--- a/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle ++++ b/Ghidra/RuntimeScripts/Common/support/buildExtension.gradle +@@ -82,7 +82,7 @@ dependencies { + helpPath fileTree(dir: ghidraDir + '/Features/Base', include: "**/Base.jar") + } + +-def ZIP_NAME_PREFIX = "${DISTRO_PREFIX}_${RELEASE_NAME}_${getCurrentDate()}" ++def ZIP_NAME_PREFIX = "${DISTRO_PREFIX}_${RELEASE_NAME}" + def DISTRIBUTION_DIR = file("dist") + + def pathInZip = "${project.name}" +diff --git a/gradle/root/distribution.gradle b/gradle/root/distribution.gradle +index f44c8267b..f6231c417 100644 +--- a/gradle/root/distribution.gradle ++++ b/gradle/root/distribution.gradle +@@ -32,7 +32,7 @@ apply from: "$rootProject.projectDir/gradle/support/sbom.gradle" + def currentPlatform = getCurrentPlatformName() + def PROJECT_DIR = file (rootProject.projectDir.absolutePath) + ext.DISTRIBUTION_DIR = file("$buildDir/dist") +-ext.ZIP_NAME_PREFIX = "${rootProject.DISTRO_PREFIX}_${rootProject.BUILD_DATE_SHORT}" ++ext.ZIP_NAME_PREFIX = "${rootProject.DISTRO_PREFIX}" + ext.ZIP_DIR_PREFIX = "${rootProject.DISTRO_PREFIX}" + ext.ALL_REPOS = [rootProject.file('.').getName()] + diff --git a/pkgs/tools/security/ghidra/build-extension.nix b/pkgs/tools/security/ghidra/build-extension.nix new file mode 100644 index 0000000000000..373f35784e546 --- /dev/null +++ b/pkgs/tools/security/ghidra/build-extension.nix @@ -0,0 +1,78 @@ +{ lib +, stdenv +, unzip +, jdk +, gradle +, ghidra +}: + +let + metaCommon = oldMeta: + oldMeta // (with lib; { + maintainers = (oldMeta.maintainers or []) ++ (with maintainers; [ vringar ]); + platforms = oldMeta.platforms or ghidra.meta.platforms; + }); + + buildGhidraExtension = { + pname, nativeBuildInputs ? [], meta ? { }, ... + }@args: + stdenv.mkDerivation (args // { + nativeBuildInputs = nativeBuildInputs ++ [ + unzip + jdk + gradle + ]; + + buildPhase = args.buildPhase or '' + runHook preBuild + + # Set project name, otherwise defaults to directory name + echo -e '\nrootProject.name = "${pname}"' >> settings.gradle + + export GRADLE_USER_HOME=$(mktemp -d) + gradle \ + --offline \ + --no-daemon \ + -PGHIDRA_INSTALL_DIR=${ghidra}/lib/ghidra + + runHook postBuild + ''; + + installPhase = args.installPhase or '' + runHook preInstall + + mkdir -p $out/lib/ghidra/Ghidra/Extensions + unzip -d $out/lib/ghidra/Ghidra/Extensions dist/*.zip + + runHook postInstall + ''; + + meta = metaCommon meta; + }); + + buildGhidraScripts = { pname, meta ? { }, ... }@args: + stdenv.mkDerivation (args // { + installPhase = '' + runHook preInstall + + GHIDRA_HOME=$out/lib/ghidra/Ghidra/Extensions/${pname} + mkdir -p $GHIDRA_HOME + cp -r . $GHIDRA_HOME/ghidra_scripts + + touch $GHIDRA_HOME/Module.manifest + cat <<'EOF' > extension.properties + name=${pname} + description=${meta.description or ""} + author= + createdOn= + version=${lib.getVersion ghidra} + + EOF + + runHook postInstall + ''; + + meta = metaCommon meta; + }); +in + { inherit buildGhidraExtension buildGhidraScripts; } diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix index f8f0fb3ae5a81..c0a8dca4cd0e8 100644 --- a/pkgs/tools/security/ghidra/build.nix +++ b/pkgs/tools/security/ghidra/build.nix @@ -1,6 +1,7 @@ { stdenv , fetchFromGitHub , lib +, callPackage , gradle_7 , perl , makeWrapper @@ -10,6 +11,7 @@ , icoutils , xcbuild , protobuf +, ghidra-extensions }: let @@ -17,15 +19,40 @@ let pname = "ghidra"; version = "11.0.3"; + releaseName = "NIX"; + distroPrefix = "ghidra_${version}_${releaseName}"; src = fetchFromGitHub { owner = "NationalSecurityAgency"; repo = "Ghidra"; rev = "Ghidra_${version}_build"; - hash = "sha256-Id595aKYHP1R3Zw9sV1oL32nAUAr7D/K4wn6Zs7q3Jo="; + hash = "sha256-IiLxaJvfJcK275FDZEsUCGp7haJjp8O2fUIoM4F9H30="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + # 1970-Jan-01 + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%b-%d" > $out/SOURCE_DATE_EPOCH + # 19700101 + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y%m%d" > $out/SOURCE_DATE_EPOCH_SHORT + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; }; gradle = gradle_7; + patches = [ + # Use our own protoc binary instead of the prebuilt one + ./0001-Use-protobuf-gradle-plugin.patch + + # Override installation directory to allow loading extensions + ./0002-Load-nix-extensions.patch + + # Remove build dates from output filenames for easier reference + ./0003-Remove-build-datestamp.patch + ]; + desktopItem = makeDesktopItem { name = "ghidra"; exec = "ghidra"; @@ -35,7 +62,25 @@ let categories = [ "Development" ]; }; - # postPatch scripts. + postPatch = '' + # Set name of release (eg. PUBLIC, DEV, etc.) + sed -i -e 's/application\.release\.name=.*/application.release.name=${releaseName}/' Ghidra/application.properties + + # Set build date and git revision + echo "application.build.date=$(cat SOURCE_DATE_EPOCH)" >> Ghidra/application.properties + echo "application.build.date.short=$(cat SOURCE_DATE_EPOCH_SHORT)" >> Ghidra/application.properties + echo "application.revision.ghidra=$(cat COMMIT)" >> Ghidra/application.properties + + # Tells ghidra to use our own protoc binary instead of the prebuilt one. + cat >>Ghidra/Debug/Debugger-gadp/build.gradle <<HERE + protobuf { + protoc { + path = '${protobuf}/bin/protoc' + } + } + HERE + ''; + # Adds a gradle step that downloads all the dependencies to the gradle cache. addResolveStep = '' cat >>build.gradle <<HERE @@ -64,9 +109,8 @@ HERE # Taken from mindustry derivation. deps = stdenv.mkDerivation { pname = "${pname}-deps"; - inherit version src; + inherit version src patches; - patches = [ ./0001-Use-protobuf-gradle-plugin.patch ]; postPatch = addResolveStep; nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild; @@ -98,8 +142,8 @@ HERE outputHash = "sha256-nKfJiGoZlDEpbCmYVKNZXz2PYIosCd4nPFdy3MfprHc="; }; -in stdenv.mkDerivation { - inherit pname version src; +in stdenv.mkDerivation (finalAttrs: { + inherit pname version src patches postPatch; nativeBuildInputs = [ gradle unzip makeWrapper icoutils protobuf @@ -107,9 +151,7 @@ in stdenv.mkDerivation { dontStrip = true; - patches = [ - ./0001-Use-protobuf-gradle-plugin.patch - ]; + __darwinAllowLocalNetworking = true; buildPhase = '' runHook preBuild @@ -152,9 +194,17 @@ in stdenv.mkDerivation { mkdir -p "$out/bin" ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra" wrapProgram "${pkg_path}/support/launch.sh" \ + --set-default NIX_GHIDRAHOME "${pkg_path}/Ghidra" \ --prefix PATH : ${lib.makeBinPath [ openjdk17 ]} ''; + passthru = { + inherit releaseName distroPrefix; + inherit (ghidra-extensions.override { ghidra = finalAttrs.finalPackage; }) buildGhidraExtension buildGhidraScripts; + + withExtensions = callPackage ./with-extensions.nix { ghidra = finalAttrs.finalPackage; }; + }; + meta = with lib; { description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; mainProgram = "ghidra"; @@ -165,8 +215,8 @@ in stdenv.mkDerivation { binaryBytecode # deps ]; license = licenses.asl20; - maintainers = with maintainers; [ roblabla ]; + maintainers = with maintainers; [ roblabla vringar ]; broken = stdenv.isDarwin && stdenv.isx86_64; }; -} +}) diff --git a/pkgs/tools/security/ghidra/extensions.nix b/pkgs/tools/security/ghidra/extensions.nix new file mode 100644 index 0000000000000..3f30dd8ab40a6 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions.nix @@ -0,0 +1,14 @@ +{ lib, newScope, callPackage, ghidra }: + +lib.makeScope newScope (self: { + inherit (callPackage ./build-extension.nix { inherit ghidra; }) buildGhidraExtension buildGhidraScripts; + + ghidraninja-ghidra-scripts = self.callPackage ./extensions/ghidraninja-ghidra-scripts { }; + + gnudisassembler = self.callPackage ./extensions/gnudisassembler { inherit ghidra; }; + + machinelearning = self.callPackage ./extensions/machinelearning { inherit ghidra; }; + + sleighdevtools = self.callPackage ./extensions/sleighdevtools { inherit ghidra; }; + +}) diff --git a/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix b/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix new file mode 100644 index 0000000000000..6c5e2ec2ea2af --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/ghidraninja-ghidra-scripts/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, buildGhidraScripts +, binwalk +, swift +, yara +}: + +buildGhidraScripts { + pname = "ghidraninja-ghidra-scripts"; + version = "unstable-2020-10-07"; + + src = fetchFromGitHub { + owner = "ghidraninja"; + repo = "ghidra_scripts"; + rev = "99f2a8644a29479618f51e2d4e28f10ba5e9ac48"; + sha256 = "aElx0mp66/OHQRfXwTkqdLL0gT2T/yL00bOobYleME8="; + }; + + postPatch = '' + # Replace subprocesses with store versions + substituteInPlace binwalk.py --replace-fail 'subprocess.call(["binwalk"' 'subprocess.call(["${binwalk}/bin/binwalk"' + substituteInPlace swift_demangler.py --replace-fail '"swift"' '"${swift}/bin/swift"' + substituteInPlace yara.py --replace-fail 'subprocess.check_output(["yara"' 'subprocess.check_output(["${yara}/bin/yara"' + substituteInPlace YaraSearch.py --replace-fail '"yara "' '"${yara}/bin/yara "' + ''; + + meta = with lib; { + description = "Scripts for the Ghidra software reverse engineering suite"; + homepage = "https://github.com/ghidraninja/ghidra_scripts"; + license = with licenses; [ + gpl3Only + gpl2Only + ]; + }; +} diff --git a/pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix b/pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix new file mode 100644 index 0000000000000..7ca4b056842e9 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/gnudisassembler/default.nix @@ -0,0 +1,71 @@ +{ lib +, stdenv +, fetchurl +, buildGhidraExtension +, ghidra +, flex +, bison +, texinfo +, perl +, zlib +, xcbuild +}: + +let + # Incorporates source from binutils + # https://github.com/NationalSecurityAgency/ghidra/blob/7ab9bf6abffb6938d61d072040fc34ad3331332b/GPL/GnuDisassembler/build.gradle#L34-L35 + binutils-version = "2.41"; + binutils-src = fetchurl { + url = "mirror://gnu/binutils/binutils-${binutils-version}.tar.bz2"; + sha256 = "sha256-pMS+wFL3uDcAJOYDieGUN38/SLVmGEGOpRBn9nqqsws="; + }; +in +buildGhidraExtension { + pname = "gnudisassembler"; + version = lib.getVersion ghidra; + + src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_GnuDisassembler.zip"; + + postPatch = '' + ln -s ${binutils-src} binutils-${binutils-version}.tar.bz2 + ''; + + # Don't modify ELF stub resources + dontPatchELF = true; + dontStrip = true; + + __darwinAllowLocalNetworking = true; + + nativeBuildInputs = [ + flex + bison + texinfo + perl + ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ + xcbuild + ]; + + buildInputs = [ + zlib + ]; + + installPhase = '' + runHook preInstall + + EXTENSIONS_ROOT=$out/lib/ghidra/Ghidra/Extensions + mkdir -p $EXTENSIONS_ROOT + unzip -d $EXTENSIONS_ROOT $src + + mkdir -p $EXTENSIONS_ROOT/GnuDisassembler/build + cp -r build/os $EXTENSIONS_ROOT/GnuDisassembler/build/ + + runHook postInstall + ''; + + meta = with lib; { + description = "Leverage the binutils disassembler capabilities for various processors"; + homepage = "https://ghidra-sre.org/"; + downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/GPL/GnuDisassembler"; + license = licenses.gpl2Only; + }; +} diff --git a/pkgs/tools/security/ghidra/extensions/machinelearning/default.nix b/pkgs/tools/security/ghidra/extensions/machinelearning/default.nix new file mode 100644 index 0000000000000..ba1e315c75126 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/machinelearning/default.nix @@ -0,0 +1,34 @@ +{ lib +, buildGhidraExtension +, ghidra +}: + +buildGhidraExtension { + pname = "machinelearning"; + version = lib.getVersion ghidra; + + src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_MachineLearning.zip"; + dontUnpack = true; + + # Built as part ghidra + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/ghidra/Ghidra/Extensions + unzip -d $out/lib/ghidra/Ghidra/Extensions $src + + runHook postInstall + ''; + + meta = with lib; { + inherit (ghidra.meta) homepage license; + description = "Finds functions using ML"; + downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Extensions/MachineLearning"; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; + }; +} diff --git a/pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix b/pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix new file mode 100644 index 0000000000000..d8fd0182ab9d3 --- /dev/null +++ b/pkgs/tools/security/ghidra/extensions/sleighdevtools/default.nix @@ -0,0 +1,40 @@ +{ lib +, buildGhidraExtension +, ghidra +, python3 +}: + +buildGhidraExtension { + pname = "sleighdevtools"; + version = lib.getVersion ghidra; + + src = "${ghidra}/lib/ghidra/Extensions/Ghidra/${ghidra.distroPrefix}_SleighDevTools.zip"; + dontUnpack = true; + + # Built as part ghidra + dontBuild = true; + buildInputs = [ python3 ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/ghidra/Ghidra/Extensions + unzip -d $out/lib/ghidra/Ghidra/Extensions $src + + runHook postInstall + ''; + + meta = with lib; { + inherit (ghidra.meta) homepage license; + description = "Sleigh language development tools including external disassembler capabilities"; + longDescription = '' + Sleigh language development tools including external disassembler capabilities. + The GnuDisassembler extension may be also be required as a disassembly provider. + ''; + downloadPage = "https://github.com/NationalSecurityAgency/ghidra/tree/master/Ghidra/Extensions/SleighDevTools"; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; + }; +} diff --git a/pkgs/tools/security/ghidra/with-extensions.nix b/pkgs/tools/security/ghidra/with-extensions.nix new file mode 100644 index 0000000000000..8ce4a04c2d460 --- /dev/null +++ b/pkgs/tools/security/ghidra/with-extensions.nix @@ -0,0 +1,30 @@ +{ lib +, callPackage +, symlinkJoin +, makeBinaryWrapper +, ghidra +}: + +let + ghidra-extensions = callPackage ./extensions.nix { inherit ghidra; }; + allExtensions = lib.filterAttrs (n: pkg: lib.isDerivation pkg) ghidra-extensions; + + /* Make Ghidra with additional extensions + Example: + pkgs.ghidra.withExtensions (p: with p; [ + ghostrings + ]); + => /nix/store/3yn0rbnz5mbrxf0x70jbjq73wgkszr5c-ghidra-with-extensions-10.2.2 + */ + withExtensions = f: (symlinkJoin { + name = "${ghidra.pname}-with-extensions-${lib.getVersion ghidra}"; + paths = (f allExtensions); + nativeBuildInputs = [ makeBinaryWrapper ]; + postBuild = '' + makeWrapper '${ghidra}/bin/ghidra' "$out/bin/ghidra" \ + --set NIX_GHIDRAHOME "$out/lib/ghidra/Ghidra" + ''; + inherit (ghidra) meta; + }); +in + withExtensions diff --git a/pkgs/tools/typesetting/tex/texlive/build-tex-env.nix b/pkgs/tools/typesetting/tex/texlive/build-tex-env.nix index 59b520e50c3bb..148e51f55de58 100644 --- a/pkgs/tools/typesetting/tex/texlive/build-tex-env.nix +++ b/pkgs/tools/typesetting/tex/texlive/build-tex-env.nix @@ -308,6 +308,9 @@ buildEnv' { postBuild = '' . "${./build-tex-env.sh}" ''; + + allowSubstitutes = true; + preferLocalBuild = false; }; # outputsToInstall must be set *after* overrideAttrs (used in buildEnv') or it fails the checkMeta tests in if __combine || __formatsOf != null then out else lib.addMetaAttrs { inherit (pkgList) outputsToInstall; } out) diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index a313f1c88628e..ca49ea7496c49 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -407,6 +407,7 @@ mapAliases ({ ghostwriter = libsForQt5.kdeGear.ghostwriter; # Added 2023-03-18 go-dependency-manager = throw "'go-dependency-manager' is unmaintained and the go community now uses 'go.mod' mostly instead"; # Added 2023-10-04 gotktrix = throw "'gotktrix' has been removed, as it was broken and unmaintained"; # Added 2023-12-06 + git-credential-1password = throw "'git-credential-1password' has been removed, as the upstream project is deleted."; # Added 2024-05-20 git-subset = throw "'git-subset' has been removed in favor of 'git-filter-repo'"; # Added 2023-01-13 gitAndTools = self // { diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d79e4307c31ee..ae5e6a775cbd8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2332,8 +2332,6 @@ with pkgs; git-crecord = callPackage ../applications/version-management/git-crecord { }; - git-credential-1password = callPackage ../applications/version-management/git-credential-1password { }; - git-credential-keepassxc = darwin.apple_sdk_11_0.callPackage ../applications/version-management/git-credential-keepassxc { inherit (darwin.apple_sdk.frameworks) DiskArbitration Foundation; }; @@ -5384,6 +5382,8 @@ with pkgs; protobuf = protobuf_21; }; + ghidra-extensions = recurseIntoAttrs (callPackage ../tools/security/ghidra/extensions.nix { }); + ghidra-bin = callPackage ../tools/security/ghidra { }; gh2md = callPackage ../tools/backup/gh2md { }; |