diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-08-27 18:04:19 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-27 18:04:19 +0000 |
| commit | 903fa485a48a97dbae446953fd87b3b245c9c2d4 (patch) | |
| tree | e90fc52ed30471a0a055ff12289c3626975db61a | |
| parent | e7712f7a07d0f7b968d913eeb2a09389c99db6ec (diff) | |
| parent | f7439a07f6632cb7194308190e870117925626ac (diff) | |
Merge master into staging-next
62 files changed, 769 insertions, 428 deletions
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs index 480cba954acdb..8922ab37e1f56 100644 --- a/.git-blame-ignore-revs +++ b/.git-blame-ignore-revs @@ -168,3 +168,6 @@ fc7a83f8b62e90de5679e993d4d49ca014ea013d # nrr: format with nixfmt-rfc-style (#334578) cffc27daf06c77c0d76bc35d24b929cb9d68c3c9 + +# nixos/kanidm: inherit lib, nixfmt +8f18393d380079904d072007fb19dc64baef0a3a diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index ed5817f578012..b424321e6436b 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -2736,7 +2736,7 @@ }; blitz = { email = "js@alien8.de"; - matrix = "@js:ukvly.org"; + matrix = "@blitz:chat.x86.lol"; github = "blitz"; githubId = 37907; name = "Julian Stecklina"; @@ -16685,6 +16685,13 @@ githubId = 74465; name = "James Fargher"; }; + progrm_jarvis = { + email = "mrjarviscraft+nix@gmail.com"; + github = "JarvisCraft"; + githubId = 7693005; + name = "Petr Portnov"; + keys = [ { fingerprint = "884B 08D2 8DFF 6209 1857 C1C7 7E8F C8F7 D1BB 84A3"; } ]; + }; progval = { email = "progval+nix@progval.net"; github = "progval"; diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index 1daee20ff7ccb..6534cdcc97b58 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -504,6 +504,7 @@ with lib.maintainers; githubTeams = [ "k3s" ]; members = [ euank + frederictobiasc marcusramberg mic92 rorosen diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 4c6a8c561534d..af1b1c01ebd86 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -384,6 +384,8 @@ - Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`. +- Kanidm previously had an incorrect systemd service type, causing dependent units with an `after` and `requires` directive to start before `kanidm*` finished startup. The module has now been updated in line with upstream recommendations. + - To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules. The derivation now installs "impl" headers selectively instead of by a wildcard. Use `imgui.src` if you just want to access the unpacked sources. diff --git a/nixos/modules/services/misc/ollama.nix b/nixos/modules/services/misc/ollama.nix index a1141c784b4d1..f9d1519279955 100644 --- a/nixos/modules/services/misc/ollama.nix +++ b/nixos/modules/services/misc/ollama.nix @@ -127,8 +127,7 @@ in example = "10.3.0"; description = '' Override what rocm will detect your gpu model as. - For example, make rocm treat your RX 5700 XT (or any other model) - as an RX 6900 XT using a value of `"10.3.0"` (gfx 1030). + For example, if you have an RX 5700 XT, try setting this to `"10.1.0"` (gfx 1010). This sets the value of `HSA_OVERRIDE_GFX_VERSION`. See [ollama's docs]( https://github.com/ollama/ollama/blob/main/docs/gpu.md#amd-radeon diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index 2e572a3d071af..d9c314f5ec647 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -313,11 +313,16 @@ in group = cfg.user; description = "smokeping daemon user"; home = smokepingHome; - createHome = true; - # When `cfg.webService` is enabled, `nginx` requires read permissions on the home directory. - homeMode = "711"; }; + + users.users.${config.services.nginx.user} = mkIf cfg.webService { + extraGroups = [ + cfg.user ## user == group in this module + ]; + }; + users.groups.${cfg.user} = { }; + systemd.services.smokeping = { reloadTriggers = [ configPath ]; requiredBy = [ "multi-user.target" ]; @@ -327,15 +332,23 @@ in ExecStart = "${cfg.package}/bin/smokeping --config=/etc/smokeping.conf --nodaemon"; }; preStart = '' - mkdir -m 0755 -p ${smokepingHome}/cache ${smokepingHome}/data - ln -snf ${cfg.package}/htdocs/css ${smokepingHome}/css - ln -snf ${cfg.package}/htdocs/js ${smokepingHome}/js - ln -snf ${cgiHome} ${smokepingHome}/smokeping.fcgi ${cfg.package}/bin/smokeping --check --config=${configPath} ${cfg.package}/bin/smokeping --static --config=${configPath} ''; }; + systemd.tmpfiles.rules = [ + # create cache and data directories + "d ${smokepingHome}/cache 0750 ${cfg.user} ${cfg.user}" + "d ${smokepingHome}/data 0750 ${cfg.user} ${cfg.user}" + # create symlings + "L+ ${smokepingHome}/css - - - - ${cfg.package}/htdocs/css" + "L+ ${smokepingHome}/js - - - - ${cfg.package}/htdocs/js" + "L+ ${smokepingHome}/smokeping.fcgi - - - - ${cgiHome}" + # recursively adjust access mode and ownership (in case config change) + "Z ${smokepingHome} 0750 ${cfg.user} ${cfg.user}" + ]; + # use nginx to serve the smokeping web service services.fcgiwrap.instances.smokeping = mkIf cfg.webService { process.user = cfg.user; @@ -367,4 +380,3 @@ in nh2 ]; } - diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix index dd86fab09a17d..cf2fffac3f5d5 100644 --- a/nixos/modules/services/security/kanidm.nix +++ b/nixos/modules/services/security/kanidm.nix @@ -6,10 +6,42 @@ ... }: let + inherit (lib) + any + attrNames + attrValues + concatLines + concatLists + converge + filter + filterAttrs + filterAttrsRecursive + flip + foldl' + getExe + hasInfix + hasPrefix + isStorePath + last + mapAttrsToList + mkEnableOption + mkForce + mkIf + mkMerge + mkOption + mkPackageOption + optional + optionalString + splitString + subtractLists + types + unique + ; + cfg = config.services.kanidm; settingsFormat = pkgs.formats.toml { }; # Remove null values, so we can document optional values that don't end up in the generated TOML file. - filterConfig = lib.converge (lib.filterAttrsRecursive (_: v: v != null)); + filterConfig = converge (filterAttrsRecursive (_: v: v != null)); serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings); clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings); unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings); @@ -22,24 +54,26 @@ let # This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is already in the mount # paths, no new bind mount is added. Adding subpaths caused problems on ofborg. hasPrefixInList = - list: newPath: - lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list; - mergePaths = lib.foldl' ( + list: newPath: any (path: hasPrefix (builtins.toString path) (builtins.toString newPath)) list; + mergePaths = foldl' ( merged: newPath: let # If the new path is a prefix to some existing path, we need to filter it out - filteredPaths = lib.filter ( - p: !lib.hasPrefix (builtins.toString newPath) (builtins.toString p) - ) merged; + filteredPaths = filter (p: !hasPrefix (builtins.toString newPath) (builtins.toString p)) merged; # If a prefix of the new path is already in the list, do not add it - filteredNew = lib.optional (!hasPrefixInList filteredPaths newPath) newPath; + filteredNew = optional (!hasPrefixInList filteredPaths newPath) newPath; in filteredPaths ++ filteredNew ) [ ]; defaultServiceConfig = { + # Setting the type to notify enables additional healthchecks, ensuring units + # after and requiring kanidm-* wait for it to complete startup + Type = "notify"; BindReadOnlyPaths = [ "/nix/store" + # For healthcheck notifications + "/run/systemd/notify" "-/etc/resolv.conf" "-/etc/nsswitch.conf" "-/etc/hosts" @@ -84,13 +118,13 @@ let mkPresentOption = what: - lib.mkOption { + mkOption { description = "Whether to ensure that this ${what} is present or absent."; - type = lib.types.bool; + type = types.bool; default = true; }; - filterPresent = lib.filterAttrs (_: v: v.present); + filterPresent = filterAttrs (_: v: v.present); provisionStateJson = pkgs.writeText "provision-state.json" ( builtins.toJSON { inherit (cfg.provision) groups persons systems; } @@ -98,7 +132,7 @@ let # Only recover the admin account if a password should explicitly be provisioned # for the account. Otherwise it is not needed for provisioning. - maybeRecoverAdmin = lib.optionalString (cfg.provision.adminPasswordFile != null) '' + maybeRecoverAdmin = optionalString (cfg.provision.adminPasswordFile != null) '' KANIDM_ADMIN_PASSWORD=$(< ${cfg.provision.adminPasswordFile}) # We always reset the admin account password if a desired password was specified. if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} admin --from-environment >/dev/null; then @@ -128,7 +162,7 @@ let echo "kanidm provision: Failed to recover admin account" >&2 exit 1 fi - if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${lib.getExe pkgs.jq} -r .password); then + if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${getExe pkgs.jq} -r .password); then echo "$recover_out" >&2 echo "kanidm provision: Failed to parse password for idm_admin account" >&2 exit 1 @@ -140,8 +174,8 @@ let # Wait for the kanidm server to come online count=0 - while ! ${lib.getExe pkgs.curl} -L --silent --max-time 1 --connect-timeout 1 --fail \ - ${lib.optionalString cfg.provision.acceptInvalidCerts "--insecure"} \ + while ! ${getExe pkgs.curl} -L --silent --max-time 1 --connect-timeout 1 --fail \ + ${optionalString cfg.provision.acceptInvalidCerts "--insecure"} \ ${cfg.provision.instanceUrl} >/dev/null do sleep 1 @@ -156,58 +190,58 @@ let ${maybeRecoverAdmin} KANIDM_PROVISION_IDM_ADMIN_TOKEN=$KANIDM_IDM_ADMIN_PASSWORD \ - ${lib.getExe pkgs.kanidm-provision} \ - ${lib.optionalString (!cfg.provision.autoRemove) "--no-auto-remove"} \ - ${lib.optionalString cfg.provision.acceptInvalidCerts "--accept-invalid-certs"} \ + ${getExe pkgs.kanidm-provision} \ + ${optionalString (!cfg.provision.autoRemove) "--no-auto-remove"} \ + ${optionalString cfg.provision.acceptInvalidCerts "--accept-invalid-certs"} \ --url "${cfg.provision.instanceUrl}" \ --state ${provisionStateJson} ''; serverPort = # ipv6: - if lib.hasInfix "]:" cfg.serverSettings.bindaddress then - lib.last (lib.splitString "]:" cfg.serverSettings.bindaddress) + if hasInfix "]:" cfg.serverSettings.bindaddress then + last (splitString "]:" cfg.serverSettings.bindaddress) else # ipv4: - if lib.hasInfix "." cfg.serverSettings.bindaddress then - lib.last (lib.splitString ":" cfg.serverSettings.bindaddress) + if hasInfix "." cfg.serverSettings.bindaddress then + last (splitString ":" cfg.serverSettings.bindaddress) # default is 8443 else "8443"; in { options.services.kanidm = { - enableClient = lib.mkEnableOption "the Kanidm client"; - enableServer = lib.mkEnableOption "the Kanidm server"; - enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration"; + enableClient = mkEnableOption "the Kanidm client"; + enableServer = mkEnableOption "the Kanidm server"; + enablePam = mkEnableOption "the Kanidm PAM and NSS integration"; - package = lib.mkPackageOption pkgs "kanidm" { }; + package = mkPackageOption pkgs "kanidm" { }; - serverSettings = lib.mkOption { - type = lib.types.submodule { + serverSettings = mkOption { + type = types.submodule { freeformType = settingsFormat.type; options = { - bindaddress = lib.mkOption { + bindaddress = mkOption { description = "Address/port combination the webserver binds to."; example = "[::1]:8443"; - type = lib.types.str; + type = types.str; }; # Should be optional but toml does not accept null - ldapbindaddress = lib.mkOption { + ldapbindaddress = mkOption { description = '' Address and port the LDAP server is bound to. Setting this to `null` disables the LDAP interface. ''; example = "[::1]:636"; default = null; - type = lib.types.nullOr lib.types.str; + type = types.nullOr types.str; }; - origin = lib.mkOption { + origin = mkOption { description = "The origin of your Kanidm instance. Must have https as protocol."; example = "https://idm.example.org"; - type = lib.types.strMatching "^https://.*"; + type = types.strMatching "^https://.*"; }; - domain = lib.mkOption { + domain = mkOption { description = '' The `domain` that Kanidm manages. Must be below or equal to the domain specified in `serverSettings.origin`. @@ -218,58 +252,58 @@ in ''; example = "example.org"; default = null; - type = lib.types.nullOr lib.types.str; + type = types.nullOr types.str; }; - db_path = lib.mkOption { + db_path = mkOption { description = "Path to Kanidm database."; default = "/var/lib/kanidm/kanidm.db"; readOnly = true; - type = lib.types.path; + type = types.path; }; - tls_chain = lib.mkOption { + tls_chain = mkOption { description = "TLS chain in pem format."; - type = lib.types.path; + type = types.path; }; - tls_key = lib.mkOption { + tls_key = mkOption { description = "TLS key in pem format."; - type = lib.types.path; + type = types.path; }; - log_level = lib.mkOption { + log_level = mkOption { description = "Log level of the server."; default = "info"; - type = lib.types.enum [ + type = types.enum [ "info" "debug" "trace" ]; }; - role = lib.mkOption { + role = mkOption { description = "The role of this server. This affects the replication relationship and thereby available features."; default = "WriteReplica"; - type = lib.types.enum [ + type = types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ]; }; online_backup = { - path = lib.mkOption { + path = mkOption { description = "Path to the output directory for backups."; - type = lib.types.path; + type = types.path; default = "/var/lib/kanidm/backups"; }; - schedule = lib.mkOption { + schedule = mkOption { description = "The schedule for backups in cron format."; - type = lib.types.str; + type = types.str; default = "00 22 * * *"; }; - versions = lib.mkOption { + versions = mkOption { description = '' Number of backups to keep. The default is set to `0`, in order to disable backups by default. ''; - type = lib.types.ints.unsigned; + type = types.ints.unsigned; default = 0; example = 7; }; @@ -285,14 +319,14 @@ in ''; }; - clientSettings = lib.mkOption { - type = lib.types.submodule { + clientSettings = mkOption { + type = types.submodule { freeformType = settingsFormat.type; - options.uri = lib.mkOption { + options.uri = mkOption { description = "Address of the Kanidm server."; example = "http://127.0.0.1:8080"; - type = lib.types.str; + type = types.str; }; }; description = '' @@ -303,20 +337,20 @@ in ''; }; - unixSettings = lib.mkOption { - type = lib.types.submodule { + unixSettings = mkOption { + type = types.submodule { freeformType = settingsFormat.type; options = { - pam_allowed_login_groups = lib.mkOption { + pam_allowed_login_groups = mkOption { description = "Kanidm groups that are allowed to login using PAM."; example = "my_pam_group"; - type = lib.types.listOf lib.types.str; + type = types.listOf types.str; }; - hsm_pin_path = lib.mkOption { + hsm_pin_path = mkOption { description = "Path to a HSM pin."; default = "/var/cache/kanidm-unixd/hsm-pin"; - type = lib.types.path; + type = types.path; }; }; }; @@ -329,73 +363,73 @@ in }; provision = { - enable = lib.mkEnableOption "provisioning of groups, users and oauth2 resource servers"; + enable = mkEnableOption "provisioning of groups, users and oauth2 resource servers"; - instanceUrl = lib.mkOption { + instanceUrl = mkOption { description = "The instance url to which the provisioning tool should connect."; default = "https://localhost:${serverPort}"; defaultText = ''"https://localhost:<port from serverSettings.bindaddress>"''; - type = lib.types.str; + type = types.str; }; - acceptInvalidCerts = lib.mkOption { + acceptInvalidCerts = mkOption { description = '' Whether to allow invalid certificates when provisioning the target instance. By default this is only allowed when the instanceUrl is localhost. This is dangerous when used with an external URL. ''; - type = lib.types.bool; - default = lib.hasPrefix "https://localhost:" cfg.provision.instanceUrl; - defaultText = ''lib.hasPrefix "https://localhost:" cfg.provision.instanceUrl''; + type = types.bool; + default = hasPrefix "https://localhost:" cfg.provision.instanceUrl; + defaultText = ''hasPrefix "https://localhost:" cfg.provision.instanceUrl''; }; - adminPasswordFile = lib.mkOption { + adminPasswordFile = mkOption { description = "Path to a file containing the admin password for kanidm. Do NOT use a file from the nix store here!"; example = "/run/secrets/kanidm-admin-password"; default = null; - type = lib.types.nullOr lib.types.path; + type = types.nullOr types.path; }; - idmAdminPasswordFile = lib.mkOption { + idmAdminPasswordFile = mkOption { description = '' Path to a file containing the idm admin password for kanidm. Do NOT use a file from the nix store here! If this is not given but provisioning is enabled, the idm_admin password will be reset on each restart. ''; example = "/run/secrets/kanidm-idm-admin-password"; default = null; - type = lib.types.nullOr lib.types.path; + type = types.nullOr types.path; }; - autoRemove = lib.mkOption { + autoRemove = mkOption { description = '' Determines whether deleting an entity in this provisioning config should automatically cause them to be removed from kanidm, too. This works because the provisioning tool tracks all entities it has ever created. If this is set to false, you need to explicitly specify `present = false` to delete an entity. ''; - type = lib.types.bool; + type = types.bool; default = true; }; - groups = lib.mkOption { + groups = mkOption { description = "Provisioning of kanidm groups"; default = { }; - type = lib.types.attrsOf ( - lib.types.submodule (groupSubmod: { + type = types.attrsOf ( + types.submodule (groupSubmod: { options = { present = mkPresentOption "group"; - members = lib.mkOption { + members = mkOption { description = "List of kanidm entities (persons, groups, ...) which are part of this group."; - type = lib.types.listOf lib.types.str; - apply = lib.unique; + type = types.listOf types.str; + apply = unique; default = [ ]; }; }; - config.members = lib.concatLists ( - lib.flip lib.mapAttrsToList cfg.provision.persons ( + config.members = concatLists ( + flip mapAttrsToList cfg.provision.persons ( person: personCfg: - lib.optional ( + optional ( personCfg.present && builtins.elem groupSubmod.config._module.args.name personCfg.groups ) person ) @@ -404,38 +438,38 @@ in ); }; - persons = lib.mkOption { + persons = mkOption { description = "Provisioning of kanidm persons"; default = { }; - type = lib.types.attrsOf ( - lib.types.submodule { + type = types.attrsOf ( + types.submodule { options = { present = mkPresentOption "person"; - displayName = lib.mkOption { + displayName = mkOption { description = "Display name"; - type = lib.types.str; + type = types.str; example = "My User"; }; - legalName = lib.mkOption { + legalName = mkOption { description = "Full legal name"; - type = lib.types.nullOr lib.types.str; + type = types.nullOr types.str; example = "Jane Doe"; default = null; }; - mailAddresses = lib.mkOption { + mailAddresses = mkOption { description = "Mail addresses. First given address is considered the primary address."; - type = lib.types.listOf lib.types.str; + type = types.listOf types.str; example = [ "jane.doe@example.com" ]; default = [ ]; }; - groups = lib.mkOption { + groups = mkOption { description = "List of groups this person should belong to."; - type = lib.types.listOf lib.types.str; - apply = lib.unique; + type = types.listOf types.str; + apply = unique; default = [ ]; }; }; @@ -443,119 +477,119 @@ in ); }; - systems.oauth2 = lib.mkOption { + systems.oauth2 = mkOption { description = "Provisioning of oauth2 resource servers"; default = { }; - type = lib.types.attrsOf ( - lib.types.submodule { + type = types.attrsOf ( + types.submodule { options = { present = mkPresentOption "oauth2 resource server"; - public = lib.mkOption { + public = mkOption { description = "Whether this is a public client (enforces PKCE, doesn't use a basic secret)"; - type = lib.types.bool; + type = types.bool; default = false; }; - displayName = lib.mkOption { + displayName = mkOption { description = "Display name"; - type = lib.types.str; + type = types.str; example = "Some Service"; }; - originUrl = lib.mkOption { + originUrl = mkOption { description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash."; type = let - originStrType = lib.types.strMatching ".*://.*/$"; + originStrType = types.strMatching ".*://.*/$"; in - lib.types.either originStrType (lib.types.nonEmptyListOf originStrType); + types.either originStrType (types.nonEmptyListOf originStrType); example = "https://someservice.example.com/"; }; - originLanding = lib.mkOption { + originLanding = mkOption { description = "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions."; - type = lib.types.str; + type = types.str; example = "https://someservice.example.com/home"; }; - basicSecretFile = lib.mkOption { + basicSecretFile = mkOption { description = '' The basic secret to use for this service. If null, the random secret generated by kanidm will not be touched. Do NOT use a path from the nix store here! ''; - type = lib.types.nullOr lib.types.path; + type = types.nullOr types.path; example = "/run/secrets/some-oauth2-basic-secret"; default = null; }; - enableLocalhostRedirects = lib.mkOption { + enableLocalhostRedirects = mkOption { description = "Allow localhost redirects. Only for public clients."; - type = lib.types.bool; + type = types.bool; default = false; }; - enableLegacyCrypto = lib.mkOption { + enableLegacyCrypto = mkOption { description = "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256."; - type = lib.types.bool; + type = types.bool; default = false; }; - allowInsecureClientDisablePkce = lib.mkOption { + allowInsecureClientDisablePkce = mkOption { description = '' Disable PKCE on this oauth2 resource server to work around insecure clients that may not support it. You should request the client to enable PKCE! Only for non-public clients. ''; - type = lib.types.bool; + type = types.bool; default = false; }; - preferShortUsername = lib.mkOption { + preferShortUsername = mkOption { description = "Use 'name' instead of 'spn' in the preferred_username claim"; - type = lib.types.bool; + type = types.bool; default = false; }; - scopeMaps = lib.mkOption { + scopeMaps = mkOption { description = '' Maps kanidm groups to returned oauth scopes. See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information. ''; - type = lib.types.attrsOf (lib.types.listOf lib.types.str); + type = types.attrsOf (types.listOf types.str); default = { }; }; - supplementaryScopeMaps = lib.mkOption { + supplementaryScopeMaps = mkOption { description = '' Maps kanidm groups to additionally returned oauth scopes. See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information. ''; - type = lib.types.attrsOf (lib.types.listOf lib.types.str); + type = types.attrsOf (types.listOf types.str); default = { }; }; - removeOrphanedClaimMaps = lib.mkOption { + removeOrphanedClaimMaps = mkOption { description = "Whether claim maps not specified here but present in kanidm should be removed from kanidm."; - type = lib.types.bool; + type = types.bool; default = true; }; - claimMaps = lib.mkOption { + claimMaps = mkOption { description = '' Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to. See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information. ''; default = { }; - type = lib.types.attrsOf ( - lib.types.submodule { + type = types.attrsOf ( + types.submodule { options = { - joinType = lib.mkOption { + joinType = mkOption { description = '' Determines how multiple values are joined to create the claim value. See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information. ''; - type = lib.types.enum [ + type = types.enum [ "array" "csv" "ssv" @@ -563,10 +597,10 @@ in default = "array"; }; - valuesByGroup = lib.mkOption { + valuesByGroup = mkOption { description = "Maps kanidm groups to values for the claim."; default = { }; - type = lib.types.attrsOf (lib.types.listOf lib.types.str); + type = types.attrsOf (types.listOf types.str); }; }; } @@ -579,26 +613,26 @@ in }; }; - config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) { + config = mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) { assertions = let entityList = - type: attrs: lib.flip lib.mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; }); + type: attrs: flip mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; }); entities = entityList "group" cfg.provision.groups ++ entityList "person" cfg.provision.persons ++ entityList "oauth2" cfg.provision.systems.oauth2; # Accumulate entities by name. Track corresponding entity types for later duplicate check. - entitiesByName = lib.foldl' ( + entitiesByName = foldl' ( acc: { type, name }: acc // { ${name} = (acc.${name} or [ ]) ++ [ type ]; } ) { } entities; assertGroupsKnown = opt: groups: let - knownGroups = lib.attrNames (filterPresent cfg.provision.groups); - unknownGroups = lib.subtractLists knownGroups groups; + knownGroups = attrNames (filterPresent cfg.provision.groups); + unknownGroups = subtractLists knownGroups groups; in { assertion = (cfg.enableServer && cfg.provision.enable) -> unknownGroups == [ ]; @@ -608,7 +642,7 @@ in assertEntitiesKnown = opt: entities: let - unknownEntities = lib.subtractLists (lib.attrNames entitiesByName) entities; + unknownEntities = subtractLists (attrNames entitiesByName) entities; in { assertion = (cfg.enableServer && cfg.provision.enable) -> unknownEntities == [ ]; @@ -620,7 +654,7 @@ in assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) - || (!lib.isStorePath cfg.serverSettings.tls_chain); + || (!isStorePath cfg.serverSettings.tls_chain); message = '' <option>services.kanidm.serverSettings.tls_chain</option> points to a file in the Nix store. You should use a quoted absolute path to @@ -631,7 +665,7 @@ in assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) - || (!lib.isStorePath cfg.serverSettings.tls_key); + || (!isStorePath cfg.serverSettings.tls_key); message = '' <option>services.kanidm.serverSettings.tls_key</option> points to a file in the Nix store. You should use a quoted absolute path to @@ -677,9 +711,7 @@ in && ( cfg.provision.adminPasswordFile != null || cfg.provision.idmAdminPasswordFile != null - || lib.any (x: x.basicSecretFile != null) ( - lib.attrValues (filterPresent cfg.provision.systems.oauth2) - ) + || any (x: x.basicSecretFile != null) (attrValues (filterPresent cfg.provision.systems.oauth2)) ) ) -> cfg.package.enableSecretProvisioning; @@ -692,48 +724,48 @@ in ( let # Filter all names that occurred in more than one entity type. - duplicateNames = lib.filterAttrs (_: v: builtins.length v > 1) entitiesByName; + duplicateNames = filterAttrs (_: v: builtins.length v > 1) entitiesByName; in { assertion = cfg.provision.enable -> duplicateNames == { }; message = '' services.kanidm.provision requires all entity names (group, person, oauth2, ...) to be unique! - ${lib.concatLines ( - lib.mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames + ${concatLines ( + mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames )}''; } ) ] - ++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.persons) ( + ++ flip mapAttrsToList (filterPresent cfg.provision.persons) ( person: personCfg: assertGroupsKnown "services.kanidm.provision.persons.${person}.groups" personCfg.groups ) - ++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.groups) ( + ++ flip mapAttrsToList (filterPresent cfg.provision.groups) ( group: groupCfg: assertEntitiesKnown "services.kanidm.provision.groups.${group}.members" groupCfg.members ) - ++ lib.concatLists ( - lib.flip lib.mapAttrsToList (filterPresent cfg.provision.systems.oauth2) ( + ++ concatLists ( + flip mapAttrsToList (filterPresent cfg.provision.systems.oauth2) ( oauth2: oauth2Cfg: [ (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.scopeMaps" ( - lib.attrNames oauth2Cfg.scopeMaps + attrNames oauth2Cfg.scopeMaps )) (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.supplementaryScopeMaps" ( - lib.attrNames oauth2Cfg.supplementaryScopeMaps + attrNames oauth2Cfg.supplementaryScopeMaps )) ] - ++ lib.concatLists ( - lib.flip lib.mapAttrsToList oauth2Cfg.claimMaps ( + ++ concatLists ( + flip mapAttrsToList oauth2Cfg.claimMaps ( claim: claimCfg: [ (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim}.valuesByGroup" ( - lib.attrNames claimCfg.valuesByGroup + attrNames claimCfg.valuesByGroup )) # At least one group must map to a value in each claim map { assertion = (cfg.provision.enable && cfg.enableServer) - -> lib.any (xs: xs != [ ]) (lib.attrValues claimCfg.valuesByGroup); + -> any (xs: xs != [ ]) (attrValues claimCfg.valuesByGroup); message = "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim} does not specify any values for any group"; } # Public clients cannot define a basic secret @@ -762,7 +794,7 @@ in ) ); - environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ]; + environment.systemPackages = mkIf cfg.enableClient [ cfg.package ]; systemd.tmpfiles.settings."10-kanidm" = { ${cfg.serverSettings.online_backup.path}.d = { @@ -772,11 +804,11 @@ in }; }; - systemd.services.kanidm = lib.mkIf cfg.enableServer { + systemd.services.kanidm = mkIf cfg.enableServer { description = "kanidm identity management daemon"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - serviceConfig = lib.mkMerge [ + serviceConfig = mkMerge [ # Merge paths and ignore existing prefixes needs to sidestep mkMerge ( defaultServiceConfig @@ -789,7 +821,7 @@ in StateDirectoryMode = "0700"; RuntimeDirectory = "kanidmd"; ExecStart = "${cfg.package}/bin/kanidmd server -c ${serverConfigFile}"; - ExecStartPost = lib.mkIf cfg.provision.enable postStartScript; + ExecStartPost = mkIf cfg.provision.enable postStartScript; User = "kanidm"; Group = "kanidm"; @@ -803,9 +835,9 @@ in AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; # This would otherwise override the CAP_NET_BIND_SERVICE capability. - PrivateUsers = lib.mkForce false; + PrivateUsers = mkForce false; # Port needs to be exposed to the host network - PrivateNetwork = lib.mkForce false; + PrivateNetwork = mkForce false; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" @@ -817,7 +849,7 @@ in environment.RUST_LOG = "info"; }; - systemd.services.kanidm-unixd = lib.mkIf cfg.enablePam { + systemd.services.kanidm-unixd = mkIf cfg.enablePam { description = "Kanidm PAM daemon"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -825,7 +857,7 @@ in unixConfigFile clientConfigFile ]; - serviceConfig = lib.mkMerge [ + serviceConfig = mkMerge [ defaultServiceConfig { CacheDirectory = "kanidm-unixd"; @@ -848,7 +880,7 @@ in "/run/kanidm-unixd:/var/run/kanidm-unixd" ]; # Needs to connect to kanidmd - PrivateNetwork = lib.mkForce false; + PrivateNetwork = mkForce false; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" @@ -860,7 +892,7 @@ in environment.RUST_LOG = "info"; }; - systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam { + systemd.services.kanidm-unixd-tasks = mkIf cfg.enablePam { description = "Kanidm PAM home management daemon"; wantedBy = [ "multi-user.target" ]; after = [ @@ -910,25 +942,25 @@ in }; # These paths are hardcoded - environment.etc = lib.mkMerge [ - (lib.mkIf cfg.enableServer { "kanidm/server.toml".source = serverConfigFile; }) - (lib.mkIf options.services.kanidm.clientSettings.isDefined { + environment.etc = mkMerge [ + (mkIf cfg.enableServer { "kanidm/server.toml".source = serverConfigFile; }) + (mkIf options.services.kanidm.clientSettings.isDefined { "kanidm/config".source = clientConfigFile; }) - (lib.mkIf cfg.enablePam { "kanidm/unixd".source = unixConfigFile; }) + (mkIf cfg.enablePam { "kanidm/unixd".source = unixConfigFile; }) ]; - system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ]; + system.nssModules = mkIf cfg.enablePam [ cfg.package ]; - system.nssDatabases.group = lib.optional cfg.enablePam "kanidm"; - system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm"; + system.nssDatabases.group = optional cfg.enablePam "kanidm"; + system.nssDatabases.passwd = optional cfg.enablePam "kanidm"; - users.groups = lib.mkMerge [ - (lib.mkIf cfg.enableServer { kanidm = { }; }) - (lib.mkIf cfg.enablePam { kanidm-unixd = { }; }) + users.groups = mkMerge [ + (mkIf cfg.enableServer { kanidm = { }; }) + (mkIf cfg.enablePam { kanidm-unixd = { }; }) ]; - users.users = lib.mkMerge [ - (lib.mkIf cfg.enableServer { + users.users = mkMerge [ + (mkIf cfg.enableServer { kanidm = { description = "Kanidm server"; isSystemUser = true; @@ -936,7 +968,7 @@ in packages = [ cfg.package ]; }; }) - (lib.mkIf cfg.enablePam { + (mkIf cfg.enablePam { kanidm-unixd = { description = "Kanidm PAM daemon"; isSystemUser = true; diff --git a/nixos/tests/invidious.nix b/nixos/tests/invidious.nix index 372b47b56c345..c042b1065c261 100644 --- a/nixos/tests/invidious.nix +++ b/nixos/tests/invidious.nix @@ -20,7 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { }; networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; }; - machine = { config, lib, pkgs, ... }: { + machine = { lib, pkgs, ... }: { services.invidious = { enable = true; }; @@ -81,11 +81,11 @@ import ./make-test-python.nix ({ pkgs, ... }: { def activate_specialisation(name: str): - machine.succeed(f"${nodes.machine.config.system.build.toplevel}/specialisation/{name}/bin/switch-to-configuration test >&2") + machine.succeed(f"${nodes.machine.system.build.toplevel}/specialisation/{name}/bin/switch-to-configuration test >&2") - url = "http://localhost:${toString nodes.machine.config.services.invidious.port}" - port = ${toString nodes.machine.config.services.invidious.port} + url = "http://localhost:${toString nodes.machine.services.invidious.port}" + port = ${toString nodes.machine.services.invidious.port} # start postgres vm now postgres_tcp.start() diff --git a/pkgs/applications/emulators/box64/default.nix b/pkgs/applications/emulators/box64/default.nix index 5a6e87b0644aa..7a9c22999b3ee 100644 --- a/pkgs/applications/emulators/box64/default.nix +++ b/pkgs/applications/emulators/box64/default.nix @@ -21,13 +21,13 @@ assert stdenv.mkDerivation (finalAttrs: { pname = "box64"; - version = "0.2.8"; + version = "0.3.0"; src = fetchFromGitHub { owner = "ptitSeb"; repo = "box64"; rev = "v${finalAttrs.version}"; - hash = "sha256-P+m+JS3THh3LWMZYW6BQ7QyNWlBuL+hMcUtUbpMHzis="; + hash = "sha256-8PpTN7lUjpmSowbaRsfSRWJQRDZICFhVvn05tQYC4PQ="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/cluster/clusterctl/default.nix b/pkgs/applications/networking/cluster/clusterctl/default.nix index 6b144b683d0ed..c100416a55c46 100644 --- a/pkgs/applications/networking/cluster/clusterctl/default.nix +++ b/pkgs/applications/networking/cluster/clusterctl/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "clusterctl"; - version = "1.8.0"; + version = "1.8.1"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = "cluster-api"; rev = "v${version}"; - hash = "sha256-x82ek6KsfmVjG9P9EaGlvbncGaORqMB2lMxannZT4YE="; + hash = "sha256-Z7cFwR8IUThEd4Te3KHPC8K8v56ymAG7nIM/7pxWq4U="; }; - vendorHash = "sha256-z859ZjuvY53HqHXNo8zZkK9XAtMOxh57FeXgGfno3G0="; + vendorHash = "sha256-0VVaD1vGIGezgkVCvIhNHmZqVFxFu4UcUUh0wuX2viw="; subPackages = [ "cmd/clusterctl" ]; diff --git a/pkgs/applications/networking/cluster/kubectl-evict-pod/default.nix b/pkgs/applications/networking/cluster/kubectl-evict-pod/default.nix index cd20e48f734c5..ac1f1cbf0b681 100644 --- a/pkgs/applications/networking/cluster/kubectl-evict-pod/default.nix +++ b/pkgs/applications/networking/cluster/kubectl-evict-pod/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kubectl-evict-pod"; - version = "0.0.13"; + version = "0.0.14"; src = fetchFromGitHub { owner = "rajatjindal"; repo = pname; rev = "v${version}"; - sha256 = "sha256-yA88GDcu1Sg8d5RCC4yiDPYZPxDSnke/4X7nSBSGf88="; + sha256 = "sha256-Z1NIueonjyO2GHulBbXbsQtX7V/Z95GUoZv9AqjLIR0="; }; vendorHash = null; diff --git a/pkgs/applications/window-managers/wayfire/wcm.nix b/pkgs/applications/window-managers/wayfire/wcm.nix index 4f1a6769ffbd3..f82dac2e51622 100644 --- a/pkgs/applications/window-managers/wayfire/wcm.nix +++ b/pkgs/applications/window-managers/wayfire/wcm.nix @@ -18,14 +18,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "wcm"; - version = "0.8.0"; + version = "0.9.0"; src = fetchFromGitHub { owner = "WayfireWM"; repo = "wcm"; rev = "v${finalAttrs.version}"; fetchSubmodules = true; - hash = "sha256-UwHJ4Wi83ATnA1CQKNSt8Qga7ooLnAY7QARz2FXvUIo="; + hash = "sha256-oaaEtyu/9XVhFTkmD7WjScMycpKf+M7oPyQatbY23Vo="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/ch/chatzone-desktop/package.nix b/pkgs/by-name/ch/chatzone-desktop/package.nix new file mode 100644 index 0000000000000..27a0aba212e30 --- /dev/null +++ b/pkgs/by-name/ch/chatzone-desktop/package.nix @@ -0,0 +1,74 @@ +{ + lib, + appimageTools, + fetchurl, + stdenvNoCC, + makeDesktopItem, + copyDesktopItems, + makeWrapper, +}: + +let + pname = "chatzone-desktop"; + version = "5.2.1"; + src = fetchurl { + url = "https://cdn1.ozone.ru/s3/chatzone-clients/ci/31072024-1/407/chatzone-desktop-linux-5.2.1.AppImage"; + hash = "sha256-IXn7mAY3+2q+/PKcNQbRVW+wbAPMWLUh/DGAic6M898="; + }; + appimageContents = appimageTools.extract { inherit pname version src; }; +in +stdenvNoCC.mkDerivation { + inherit pname version; + + src = appimageTools.wrapType2 { inherit pname version src; }; + + nativeBuildInputs = [ + copyDesktopItems + makeWrapper + ]; + + desktopItems = [ + (makeDesktopItem { + name = "chatzone"; + exec = "chatzone-desktop"; + icon = "chatzone-desktop"; + terminal = false; + desktopName = "Chatzone"; + genericName = "Ozon corporate messenger"; + comment = "Mattermost Desktop application for Linux"; + categories = [ + "Network" + "InstantMessaging" + "Chat" + ]; + mimeTypes = [ "x-scheme-handler/mattermost" ]; + }) + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/ + cp -r bin $out/bin + + mkdir -p $out/share/chatzone-desktop/ + cp ${appimageContents}/app_icon.png $out/share/chatzone-desktop/ + cp -r ${appimageContents}/usr/share/icons $out/share + + wrapProgram $out/bin/chatzone-desktop \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" + + runHook postInstall + ''; + + meta = { + description = "Ozon corporate messenger"; + mainProgram = "chatzone-desktop"; + homepage = "https://apps.o3team.ru/"; + downloadPage = "https://apps.o3team.ru/"; + sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; + license = lib.licenses.unfreeRedistributable; + maintainers = [ lib.maintainers.progrm_jarvis ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/by-name/fl/flatpak/package.nix b/pkgs/by-name/fl/flatpak/package.nix index 34cb1059b4f45..6e98f54facc15 100644 --- a/pkgs/by-name/fl/flatpak/package.nix +++ b/pkgs/by-name/fl/flatpak/package.nix @@ -231,9 +231,9 @@ stdenv.mkDerivation (finalAttrs: { validate-icon = runCommand "test-icon-validation" { } '' ${finalAttrs.finalPackage}/libexec/flatpak-validate-icon \ --sandbox 512 512 \ - "${nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake-white.svg" > "$out" + "${nixos-icons}/share/icons/hicolor/512x512/apps/nix-snowflake.png" > "$out" - grep format=svg "$out" + grep format=png "$out" ''; version = testers.testVersion { package = finalAttrs.finalPackage; }; diff --git a/pkgs/by-name/gl/glasskube/package.nix b/pkgs/by-name/gl/glasskube/package.nix index 15500ed8ea9d2..254a27f2cca04 100644 --- a/pkgs/by-name/gl/glasskube/package.nix +++ b/pkgs/by-name/gl/glasskube/package.nix @@ -7,12 +7,12 @@ }: let - version = "0.16.0"; + version = "0.17.0"; gitSrc = fetchFromGitHub { owner = "glasskube"; repo = "glasskube"; rev = "refs/tags/v${version}"; - hash = "sha256-NZ7FQMJyQlJW5ZS8dNzsURhRcu0IQXyTn/6e91eGhEg="; + hash = "sha256-uo612trSSdbj6XpZHddXELNQideJ/M/qh+LLdzVZL6U="; }; web-bundle = buildNpmPackage rec { inherit version; @@ -20,7 +20,7 @@ let src = gitSrc; - npmDepsHash = "sha256-0PzjOOdKkKjKUsi+uWYkGAyEXynMNq2OODH/sX2SsWQ="; + npmDepsHash = "sha256-s3ViR6zBUTTu864fiD06N1ouMUYXccj6AMXt5pj+BSc="; dontNpmInstall = true; @@ -40,7 +40,7 @@ in buildGoModule rec { src = gitSrc; - vendorHash = "sha256-bh1ZQhd3xYoz4AEe/EZ4baBryQx4WfdacTQDP1Roi2Y="; + vendorHash = "sha256-KzoFPhySX2w7ndU6nndx/KqoUfE8o6OT/9a2DEz5YuI="; CGO_ENABLED = 0; diff --git a/pkgs/by-name/im/immich-go/package.nix b/pkgs/by-name/im/immich-go/package.nix index 456dc2b72d372..a68b155a6a215 100644 --- a/pkgs/by-name/im/immich-go/package.nix +++ b/pkgs/by-name/im/immich-go/package.nix @@ -1,13 +1,13 @@ { lib, buildGoModule, fetchFromGitHub, nix-update-script, testers, immich-go }: buildGoModule rec { pname = "immich-go"; - version = "1.21.3"; + version = "0.22.0"; src = fetchFromGitHub { owner = "simulot"; repo = "immich-go"; rev = "${version}"; - hash = "sha256-DgTEkiT9D+8wa6mzWWnsh98f7hEEK5r3QiH2e1yarCU="; + hash = "sha256-dSyVn7CQqZ/tCxF/Yl12eubWkZrV5FM8uRexCjZILbw="; # Inspired by: https://github.com/NixOS/nixpkgs/blob/f2d7a289c5a5ece8521dd082b81ac7e4a57c2c5c/pkgs/applications/graphics/pdfcpu/default.nix#L20-L32 # The intention here is to write the information into files in the `src`'s diff --git a/pkgs/by-name/le/legba/package.nix b/pkgs/by-name/le/legba/package.nix index 0ac2c5718726f..3f2453a13d86d 100644 --- a/pkgs/by-name/le/legba/package.nix +++ b/pkgs/by-name/le/legba/package.nix @@ -5,6 +5,8 @@ , pkg-config , openssl , samba +, stdenv +, darwin }: rustPlatform.buildRustPackage rec { @@ -21,7 +23,9 @@ rustPlatform.buildRustPackage rec { cargoHash = "sha256-viDfJ214Zf5segjrLSTbHav5T5e219NAF+MvuPow+JQ="; nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ openssl.dev samba ]; + buildInputs = [ openssl.dev samba ] ++ lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.SystemConfiguration + ]; # Paho C test fails due to permission issue doCheck = false; diff --git a/pkgs/by-name/lo/loopwm/package.nix b/pkgs/by-name/lo/loopwm/package.nix index 5b1829a8ee04f..bb3f2cca9a05a 100644 --- a/pkgs/by-name/lo/loopwm/package.nix +++ b/pkgs/by-name/lo/loopwm/package.nix @@ -29,6 +29,10 @@ stdenvNoCC.mkDerivation (finalAttrs: { runHook postInstall ''; + passthru = { + updateScript = ./update.sh; + }; + meta = { description = "macOS Window management made elegant"; homepage = "https://github.com/MrKai77/Loop"; diff --git a/pkgs/by-name/lo/loopwm/update.sh b/pkgs/by-name/lo/loopwm/update.sh new file mode 100755 index 0000000000000..82b720fa98fd3 --- /dev/null +++ b/pkgs/by-name/lo/loopwm/update.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl jq gnused + +set -euo pipefail + +cd "$(dirname "$0")" || exit 1 + +# Grab latest release version +LOOPWM_LATEST_VER="$(curl --fail -s ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} "https://api.github.com/repos/MrKai77/Loop/releases/latest" | jq -r '.tag_name' | sed 's/^v//')" +LOOPWM_CURRENT_VER="$(grep -oP 'version = "\K[^"]+' package.nix)" + +if [[ "$LOOPWM_LATEST_VER" == "$LOOPWM_CURRENT_VER" ]]; then + echo "loopwm is up-to-date" + exit 0 +fi + +LOOPWM_DARWIN_HASH="$(nix-hash --to-sri --type sha256 "$(nix-prefetch-url --type sha256 "https://github.com/MrKai77/Loop/releases/download/${LOOPWM_LATEST_VER}/Loop.zip")")" + +sed -i "s#hash = \".*\"#hash = \"$LOOPWM_DARWIN_HASH\"#g" package.nix +sed -i "s#version = \".*\";#version = \"$LOOPWM_LATEST_VER\";#g" package.nix diff --git a/pkgs/by-name/md/mdbook-alerts/package.nix b/pkgs/by-name/md/mdbook-alerts/package.nix index 10f46976dc1a7..d3bb146a60f0f 100644 --- a/pkgs/by-name/md/mdbook-alerts/package.nix +++ b/pkgs/by-name/md/mdbook-alerts/package.nix @@ -7,7 +7,7 @@ CoreServices ? darwin.apple_sdk.frameworks.CoreServices, }: let - version = "0.6.3"; + version = "0.6.4"; in rustPlatform.buildRustPackage { pname = "mdbook-alerts"; @@ -17,10 +17,10 @@ rustPlatform.buildRustPackage { owner = "lambdalisue"; repo = "rs-mdbook-alerts"; rev = "v${version}"; - hash = "sha256-MoaV/JRhWKYEzUkzxRTgYjqBw+gb2h+Bjb4mEvWEkp8="; + hash = "sha256-bg3X7M2H553tGxH8cEkkT0XK20fWwkp2nTVEgtZ819s="; }; - cargoHash = "sha256-tHRbeDSK4aULz69jy5MeU4rANVuO2q3GUhDvBA4iQCM="; + cargoHash = "sha256-MMhpH3WIAXnjw6xOl2HNfrIFEwjHfVDPquWnFhhZCMU="; buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ]; diff --git a/pkgs/by-name/mi/minijinja/package.nix b/pkgs/by-name/mi/minijinja/package.nix index 635d593f28518..84aa6de0ba0db 100644 --- a/pkgs/by-name/mi/minijinja/package.nix +++ b/pkgs/by-name/mi/minijinja/package.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "minijinja"; - version = "2.1.2"; + version = "2.2.0"; src = fetchFromGitHub { owner = "mitsuhiko"; repo = "minijinja"; rev = version; - hash = "sha256-BB8uM0yU8M5Crh5hLucJkhvjLC1Vlk5bGKmeO1rCy+Y="; + hash = "sha256-ctFer7KPvES/tSV2e3G3rRIe7z2U4wgViB2qxBZuTUM="; }; - cargoHash = "sha256-bn7qJZE68UJPNaARQRXy6GPkplv0KAkKByy85ooi5kg="; + cargoHash = "sha256-kDWmUg86aZP99ebkv/1aKT2YJv7DdTT5oxnegxpD9gQ="; # The tests relies on the presence of network connection doCheck = false; diff --git a/pkgs/by-name/nb/nbfc-linux/package.nix b/pkgs/by-name/nb/nbfc-linux/package.nix index 4e4e5bd4b3742..4e41574dcd189 100644 --- a/pkgs/by-name/nb/nbfc-linux/package.nix +++ b/pkgs/by-name/nb/nbfc-linux/package.nix @@ -6,13 +6,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "nbfc-linux"; - version = "0.1.15"; + version = "0.2.7"; src = fetchFromGitHub { owner = "nbfc-linux"; repo = "nbfc-linux"; rev = "${finalAttrs.version}"; - hash = "sha256-+xYr2uIxfMaMAaHGvvA+0WPZjwj3wVAc34e1DWsJLqE="; + hash = "sha256-1tLW/xEh01y8BjVbgIa95DkYWf7CDVSo/lI/1U28Xs8="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/misc/nbqa/default.nix b/pkgs/by-name/nb/nbqa/package.nix index 91a501e80319b..f4b1a8fdf527e 100644 --- a/pkgs/tools/misc/nbqa/default.nix +++ b/pkgs/by-name/nb/nbqa/package.nix @@ -1,20 +1,27 @@ -{ black -, blacken-docs -, fetchFromGitHub -, lib -, python3 -, ruff +{ + lib, + python3, + fetchFromGitHub, + + # optional-dependencies + black, + blacken-docs, + ruff, + + # passthru + testers, + nbqa, }: python3.pkgs.buildPythonApplication rec { pname = "nbqa"; - version = "1.8.7"; + version = "1.9.0"; pyproject = true; src = fetchFromGitHub { owner = "nbQA-dev"; repo = "nbQA"; rev = "refs/tags/${version}"; - hash = "sha256-zn+e/svaxeJU9P1sIaRrVuKW0+FM0GLKZTUx3PfuThk="; + hash = "sha256-9s+q2unh+jezU0Er7ZH0tvgntmPFts9OmsgAMeQXRrY="; }; build-system = with python3.pkgs; [ @@ -33,7 +40,8 @@ python3.pkgs.buildPythonApplication rec { ruff = [ ruff ]; }; - dependencies = with python3.pkgs; + dependencies = + with python3.pkgs; [ autopep8 ipython @@ -90,6 +98,12 @@ python3.pkgs.buildPythonApplication rec { "tests/test_include_exclude.py" ]; + passthru = { + tests.version = testers.testVersion { + package = nbqa; + }; + }; + meta = { homepage = "https://github.com/nbQA-dev/nbQA"; changelog = "https://nbqa.readthedocs.io/en/latest/history.html"; diff --git a/pkgs/by-name/op/opshin/package.nix b/pkgs/by-name/op/opshin/package.nix index bda3768ca1d71..ce865e9d9218c 100644 --- a/pkgs/by-name/op/opshin/package.nix +++ b/pkgs/by-name/op/opshin/package.nix @@ -6,15 +6,15 @@ python3.pkgs.buildPythonApplication rec { pname = "opshin"; - version = "0.22.0"; + version = "0.23.0"; format = "pyproject"; src = fetchFromGitHub { owner = "OpShin"; repo = "opshin"; - rev = version; - hash = "sha256-ixA5D7Bm/tjYEFhqaJ4sKkCkqQZpDyrwfD/LgN6Y4Uo="; + rev = "refs/tags/${version}"; + hash = "sha256-H6tuSJYV9bAwXu/5Y8g6aFbbQFCpq2aqcmRaDq2cAEg="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/by-name/pr/protoc-gen-prost-crate/package.nix b/pkgs/by-name/pr/protoc-gen-prost-crate/package.nix index 97c62110931cf..3679c10de1d05 100644 --- a/pkgs/by-name/pr/protoc-gen-prost-crate/package.nix +++ b/pkgs/by-name/pr/protoc-gen-prost-crate/package.nix @@ -7,14 +7,14 @@ rustPlatform.buildRustPackage rec { pname = "protoc-gen-prost-crate"; - version = "0.4.0"; + version = "0.4.1"; src = fetchCrate { inherit pname version; - hash = "sha256-+TSZ2QstAF8DXsHunV/nQyqF++0bFud1ZWJQEI3JEwc="; + hash = "sha256-9rIFDZbI6XGDsNzFMnMYY4loJxojdz6vnQKAz9eDAyQ="; }; - cargoHash = "sha256-KbErgnXG11ngzLVSktuyUAupYs1ZD64z3plKVtzLx1A="; + cargoHash = "sha256-uAygKDdm+0SEDFBQcaoYTRMRgnodiO/kL1sGbRmdJKE="; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/by-name/pr/protoc-gen-prost-serde/package.nix b/pkgs/by-name/pr/protoc-gen-prost-serde/package.nix index 3486fbea0e1e8..098bec2f78903 100644 --- a/pkgs/by-name/pr/protoc-gen-prost-serde/package.nix +++ b/pkgs/by-name/pr/protoc-gen-prost-serde/package.nix @@ -7,14 +7,14 @@ rustPlatform.buildRustPackage rec { pname = "protoc-gen-prost-serde"; - version = "0.3.0"; + version = "0.3.1"; src = fetchCrate { inherit pname version; - hash = "sha256-O2Mpft31ZQncqETWzwD73I1nX1Wt5XVHcTJUk5qhRLY="; + hash = "sha256-RQlNVGa6BRIqIGodqNN3eGl//hkUWrq7GpTGpRBCDgE="; }; - cargoHash = "sha256-aUWmNS3jF1I0NLApBn3GMMv6ID9mM/j7r7sPFCsFIuw="; + cargoHash = "sha256-ZQOlDqDUd1nZi+2iFKCUq4Gnc9HGcLblIGY2cdQyGM0="; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/by-name/pr/protoc-gen-prost/package.nix b/pkgs/by-name/pr/protoc-gen-prost/package.nix index 7c92095fbeee7..8429f8ba27c16 100644 --- a/pkgs/by-name/pr/protoc-gen-prost/package.nix +++ b/pkgs/by-name/pr/protoc-gen-prost/package.nix @@ -7,14 +7,14 @@ rustPlatform.buildRustPackage rec { pname = "protoc-gen-prost"; - version = "0.3.1"; + version = "0.4.0"; src = fetchCrate { inherit pname version; - hash = "sha256-ma9sdt3/uq06BMELwsNadMkiEfstQhA4DAQEPdizZJM="; + hash = "sha256-Bz5/LyKludw0Tz3r+xr4DMRdMSz/nRzjs7Q66z1PrTU="; }; - cargoHash = "sha256-pJDrwX5uDIrycxtmbds8l4wadZE0RdgmNpMwVkUGJDs="; + cargoHash = "sha256-X6yEJBgW9XzCNSxEQYj6LdPjbCPyh4SnKwdA/+sNNeg="; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/by-name/pr/protoc-gen-tonic/package.nix b/pkgs/by-name/pr/protoc-gen-tonic/package.nix index 55c1828618e9d..0e3334885ef4f 100644 --- a/pkgs/by-name/pr/protoc-gen-tonic/package.nix +++ b/pkgs/by-name/pr/protoc-gen-tonic/package.nix @@ -7,14 +7,14 @@ rustPlatform.buildRustPackage rec { pname = "protoc-gen-tonic"; - version = "0.4.0"; + version = "0.4.1"; src = fetchCrate { inherit pname version; - hash = "sha256-3qz1ea9lEsZjhWNA0lcwqsPkNmjj2ZBljqNRr5/2lKM="; + hash = "sha256-H7YQ8y6YA8kjR9bhHfBOYu0OEFc8ezqXkqC6jGScs3s="; }; - cargoHash = "sha256-nUsRoDaP+omZdOTnaxvHbJT1uNGtyfgXyEFZbp/CeYA="; + cargoHash = "sha256-eYX3w/rSi/kuH6gyWCWT4on7pKedPKnl9pht1jXNwpg="; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/by-name/ra/rathole/package.nix b/pkgs/by-name/ra/rathole/package.nix new file mode 100644 index 0000000000000..38d163daf8d8e --- /dev/null +++ b/pkgs/by-name/ra/rathole/package.nix @@ -0,0 +1,47 @@ +{ + lib, + stdenv, + fetchFromGitHub, + rustPlatform, + pkg-config, + openssl, + nixosTests, + darwin, +}: + +rustPlatform.buildRustPackage { + pname = "rathole"; + version = "0.5.0-unstable-2024-06-06"; + + src = fetchFromGitHub { + owner = "rapiz1"; + repo = "rathole"; + rev = "be14d124a22e298d12d92e56ef4fec0e51517998"; + hash = "sha256-C0/G4JOZ4pTAvcKZhRHsGvlLlwAyWBQ0rMScLvaLSuA="; + }; + + cargoHash = "sha256-zlwIgzqpoEgYqZe4Gv8owJQ3m7UFgPA5joRMiyq+T/M="; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ + openssl + ] ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ CoreServices ]); + + __darwinAllowLocalNetworking = true; + + passthru.tests = { + inherit (nixosTests) rathole; + }; + + meta = { + description = "Reverse proxy for NAT traversal"; + homepage = "https://github.com/rapiz1/rathole"; + license = lib.licenses.asl20; + mainProgram = "rathole"; + maintainers = with lib.maintainers; [ + dit7ya + xokdvium + ]; + }; +} diff --git a/pkgs/by-name/rk/rkboot/package.nix b/pkgs/by-name/rk/rkboot/package.nix index 5e71406967a62..5cf424a43c3a2 100644 --- a/pkgs/by-name/rk/rkboot/package.nix +++ b/pkgs/by-name/rk/rkboot/package.nix @@ -1,7 +1,7 @@ { stdenv , lib , rkbin -, box64 +, qemu }: stdenv.mkDerivation { @@ -19,7 +19,7 @@ stdenv.mkDerivation { do # The proprietary, statically linked binaries to perform boot_merge are # x86_64 only. Though we use box64 to emulate if building on aarch64-linux - ${lib.optionalString stdenv.isAarch64 "${lib.getExe box64}"} ./tools/boot_merger "$i" || true + ${lib.optionalString stdenv.isAarch64 "${qemu}/bin/qemu-x86_64"} ./tools/boot_merger "$i" || true done ''; diff --git a/pkgs/applications/networking/instant-messengers/viber/default.nix b/pkgs/by-name/vi/viber/package.nix index 9459084a48739..30ba2c31de98d 100644 --- a/pkgs/applications/networking/instant-messengers/viber/default.nix +++ b/pkgs/by-name/vi/viber/package.nix @@ -43,15 +43,17 @@ stdenv.mkDerivation { pname = "viber"; - version = "21.8.0.11"; + version = "23.2.0.3"; src = fetchurl { - # Official link: https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb - url = "https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb"; + # Taking Internet Archive snapshot of a specific version to avoid breakage + # on new versions + url = "https://web.archive.org/web/20240824071651/https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb"; hash = "sha256-9WHiI2WlsgEhCPkrQoAunmF6lSb2n5RgQJ2+sdnSShM="; }; nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ dpkg ]; dontUnpack = true; diff --git a/pkgs/applications/video/video-trimmer/default.nix b/pkgs/by-name/vi/video-trimmer/package.nix index 3ff12dbffcce4..dc94d051e4e7d 100644 --- a/pkgs/applications/video/video-trimmer/default.nix +++ b/pkgs/by-name/vi/video-trimmer/package.nix @@ -1,37 +1,38 @@ -{ stdenv -, lib -, fetchFromGitLab -, rustPlatform -, cargo -, pkg-config -, meson -, rustc -, wrapGAppsHook4 -, desktop-file-utils -, blueprint-compiler -, ninja -, gtk4 -, libadwaita -, gst_all_1 -, ffmpeg-headless +{ + stdenv, + lib, + fetchFromGitLab, + rustPlatform, + cargo, + pkg-config, + meson, + rustc, + wrapGAppsHook4, + desktop-file-utils, + blueprint-compiler, + ninja, + gtk4, + libadwaita, + gst_all_1, + ffmpeg-headless, }: stdenv.mkDerivation (finalAttrs: { pname = "video-trimmer"; - version = "0.8.1"; + version = "0.8.2"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "YaLTeR"; repo = "video-trimmer"; rev = "v${finalAttrs.version}"; - hash = "sha256-nr0PAvp4wlswQBNN2LLyYQMpk3IIleHf3+978XhUGGQ="; + hash = "sha256-GXFbfebwiESplOeYDWxBH8Q0SCgV0vePYV7rv0qgrHM="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit (finalAttrs) src; name = "${finalAttrs.pname}-${finalAttrs.version}"; - hash = "sha256-YFbLMpQbHUtxRrBVarcoIeDsvc26NWc1YhMeCaLgJAc="; + hash = "sha256-szxJzBFtyFZ1T5TZb2MDPFJzn+EYETa/JbPdlg6UrTk="; }; nativeBuildInputs = [ @@ -67,12 +68,15 @@ stdenv.mkDerivation (finalAttrs: { ) ''; - meta = with lib; { + meta = { homepage = "https://gitlab.gnome.org/YaLTeR/video-trimmer"; description = "Trim videos quickly"; - maintainers = with maintainers; [ doronbehar ]; - license = licenses.gpl3Plus; - platforms = platforms.linux; + maintainers = with lib.maintainers; [ + doronbehar + aleksana + ]; + license = lib.licenses.gpl3Plus; + platforms = lib.platforms.linux; mainProgram = "video-trimmer"; }; }) diff --git a/pkgs/by-name/wa/warp-terminal/versions.json b/pkgs/by-name/wa/warp-terminal/versions.json index 7578a57afb3ff..936d8cbd3598a 100644 --- a/pkgs/by-name/wa/warp-terminal/versions.json +++ b/pkgs/by-name/wa/warp-terminal/versions.json @@ -1,10 +1,10 @@ { "darwin": { - "hash": "sha256-imHJKbE+M4jFzeymhBaFkzUqG1jiY6Bi17Ll+JSsj7w=", - "version": "0.2024.08.13.08.02.stable_03" + "hash": "sha256-EDhj4Gb0ykFX8W2G8osusjggemcuHO7hkUKb151cQ6g=", + "version": "0.2024.08.20.08.02.stable_00" }, "linux": { - "hash": "sha256-MkNt6LzZdn/FjLcISm49ELPjIa8KAs/fd3k0/EhAyZQ=", - "version": "0.2024.08.13.08.02.stable_04" + "hash": "sha256-Uk5pSoAvEppjLnskLc5/ftcCaiJnXATJfCPDP2QpBo8=", + "version": "0.2024.08.20.08.02.stable_00" } } diff --git a/pkgs/by-name/ya/yandex-music/info.json b/pkgs/by-name/ya/yandex-music/info.json new file mode 100644 index 0000000000000..809ec521526ae --- /dev/null +++ b/pkgs/by-name/ya/yandex-music/info.json @@ -0,0 +1,7 @@ +{ + "branch": "master", + "commit_hash": "4ac238a00ca0b36e9755e55e54a22d3107ba443c", + "commit_message": "Update packages", + "date": "2024-08-27", + "tag": "v5.13.2" +} diff --git a/pkgs/by-name/ya/yandex-music/package.nix b/pkgs/by-name/ya/yandex-music/package.nix new file mode 100644 index 0000000000000..581bea8904569 --- /dev/null +++ b/pkgs/by-name/ya/yandex-music/package.nix @@ -0,0 +1,88 @@ +{ + fetchurl, + stdenvNoCC, + lib, + makeWrapper, + p7zip, + asar, + jq, + python3, + electron, + fetchFromGitHub, + electronArguments ? "", + trayEnabled ? true, +}: +stdenvNoCC.mkDerivation rec { + pname = "yandex-music"; + version = "5.13.2"; + + src = fetchFromGitHub { + owner = "cucumber-sp"; + repo = "yandex-music-linux"; + rev = "v${version}"; + hash = "sha256-yQX2GEulAQ02BndpwAAwGdTYtUlNXCgsCUdmXxPwtKU="; + }; + + nativeBuildInputs = [ + p7zip + asar + jq + python3 + makeWrapper + ]; + + passthru.updateScript = ./update.sh; + + ymExe = + let + ym_info = builtins.fromJSON (builtins.readFile ./ym_info.json); + in + fetchurl { + url = ym_info.ym.exe_link; + sha256 = ym_info.ym.exe_sha256; + }; + + buildPhase = '' + runHook preBuild + bash "./repack.sh" -o "./app" "$ymExe" + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p "$out/share/nodejs" + mv app/yandex-music.asar "$out/share/nodejs" + + CONFIG_FILE="$out/share/yandex-music.conf" + echo "TRAY_ENABLED=${if trayEnabled then "1" else "0"}" >> "$CONFIG_FILE" + echo "ELECTRON_ARGS=\"${electronArguments}\"" >> "$CONFIG_FILE" + + + install -Dm755 "$src/templates/yandex-music.sh" "$out/bin/yandex-music" + substituteInPlace "$out/bin/yandex-music" \ + --replace-fail "%electron_path%" "${electron}/bin/electron" \ + --replace-fail "%asar_path%" "$out/share/nodejs/yandex-music.asar" + + wrapProgram "$out/bin/yandex-music" \ + --set-default YANDEX_MUSIC_CONFIG "$CONFIG_FILE" + + install -Dm644 "./app/favicon.png" "$out/share/pixmaps/yandex-music.png" + install -Dm644 "./app/favicon.png" "$out/share/icons/hicolor/48x48/apps/yandex-music.png" + install -Dm644 "./app/favicon.svg" "$out/share/icons/hicolor/scalable/apps/yandex-music.svg" + + install -Dm644 "$src/templates/desktop" "$out/share/applications/yandex-music.desktop" + + runHook postInstall + ''; + + meta = { + description = "Yandex Music - Personal recommendations, selections for any occasion and new music"; + homepage = "https://music.yandex.ru/"; + downloadPage = "https://music.yandex.ru/download/"; + changelog = "https://github.com/cucumber-sp/yandex-music-linux/releases/tag/v5.13.2"; + license = lib.licenses.unfree; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ shved ]; + }; +} diff --git a/pkgs/by-name/ya/yandex-music/update.sh b/pkgs/by-name/ya/yandex-music/update.sh new file mode 100755 index 0000000000000..92ebdb8d8a2e2 --- /dev/null +++ b/pkgs/by-name/ya/yandex-music/update.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p common-updater-scripts fd jq + +set -eou pipefail + +OWNER="cucumber-sp" +REPO="yandex-music-linux" +URL="https://api.github.com/repos/$OWNER/$REPO" +RAW="https://raw.githubusercontent.com/$OWNER/$REPO" + +latest_release="$(curl --silent "$URL/releases/latest")" +latest_tag="$(curl --silent "$URL/tags?per_page=1")" +commit_hash="$(jq -r '.[0].commit.sha' <<<"$latest_tag")" +latest_commit="$(curl --silent "$URL/commits/$commit_hash"'')" +commit_message="$(jq -r '.commit.message' <<<"$latest_commit")" + +tag=$(jq -r '.tag_name' <<<"$latest_release") +# drop 'v' prefix +version="${tag#v}" + +branch=$(jq -r '.target_commitish' <<<"$latest_release") + +date=$(jq -r '.created_at' <<<"$latest_release") +# truncate time +date=${date%T*} + +# update version; otherwise fail +update-source-version yandex-music "$version" --ignore-same-hash + +# set yandex-music dir +dir="pkgs/by-name/ya/yandex-music" + +echo -e '{ + "branch": "'"$branch"'", + "commit_hash": "'"$commit_hash"'", + "commit_message": "'"$commit_message"'", + "date": "'"$date"'", + "tag": "'"$tag"'" +}' >"$dir/info.json" || echo "Please run the script in the root of the Nixpkgs repo" + +curl --silent "$RAW/$commit_hash/utility/version_info.json" |\ + jq . > "$dir/ym_info.json" ||\ + echo "Please run the script in the root of the Nixpkgs repo" diff --git a/pkgs/by-name/ya/yandex-music/ym_info.json b/pkgs/by-name/ya/yandex-music/ym_info.json new file mode 100644 index 0000000000000..4a1609ca71197 --- /dev/null +++ b/pkgs/by-name/ya/yandex-music/ym_info.json @@ -0,0 +1,14 @@ +{ + "ym": { + "version": "5.13.2", + "exe_name": "Yandex_Music_x64_5.13.2.exe", + "exe_link": "https://music-desktop-application.s3.yandex.net/stable/Yandex_Music_x64_5.13.2.exe", + "exe_sha256": "ac7a489a59e074358559f544a26143ca81a6bdfa41481242f3419b76eaffdb0b" + }, + "electron": { + "version": "29.4.6", + "x64": "https://github.com/electron/electron/releases/download/v29.4.6/electron-v29.4.6-linux-x64.zip", + "armv7l": "https://github.com/electron/electron/releases/download/v29.4.6/electron-v29.4.6-linux-armv7l.zip", + "arm64": "https://github.com/electron/electron/releases/download/v29.4.6/electron-v29.4.6-linux-arm64.zip" + } +} diff --git a/pkgs/by-name/ze/zed-editor/Cargo.lock b/pkgs/by-name/ze/zed-editor/Cargo.lock index 7f938f8c9508b..7d0f9ac4819a0 100644 --- a/pkgs/by-name/ze/zed-editor/Cargo.lock +++ b/pkgs/by-name/ze/zed-editor/Cargo.lock @@ -13839,7 +13839,7 @@ dependencies = [ [[package]] name = "zed" -version = "0.149.5" +version = "0.149.6" dependencies = [ "activity_indicator", "anyhow", diff --git a/pkgs/by-name/ze/zed-editor/package.nix b/pkgs/by-name/ze/zed-editor/package.nix index 2c343c4f65175..29d665722acd5 100644 --- a/pkgs/by-name/ze/zed-editor/package.nix +++ b/pkgs/by-name/ze/zed-editor/package.nix @@ -35,13 +35,13 @@ assert withGLES -> stdenv.isLinux; rustPlatform.buildRustPackage rec { pname = "zed"; - version = "0.149.5"; + version = "0.149.6"; src = fetchFromGitHub { owner = "zed-industries"; repo = "zed"; rev = "refs/tags/v${version}"; - hash = "sha256-RQGYcJJf65arew9iwtPh/jFYMbXiY9Wg7xEjAsUSvEA="; + hash = "sha256-YWXK5heCCw6eXhc1Fh7eIC0tzszC86FP3ovzkCYkdtc="; fetchSubmodules = true; }; diff --git a/pkgs/desktops/lomiri/development/libusermetrics/default.nix b/pkgs/desktops/lomiri/development/libusermetrics/default.nix index 351900af7f13f..7305db4cb5938 100644 --- a/pkgs/desktops/lomiri/development/libusermetrics/default.nix +++ b/pkgs/desktops/lomiri/development/libusermetrics/default.nix @@ -1,37 +1,40 @@ -{ stdenv -, lib -, fetchFromGitLab -, gitUpdater -, testers -, cmake -, cmake-extras -, dbus -, doxygen -, gsettings-qt -, gtest -, intltool -, json-glib -, libapparmor -, libqtdbustest -, pkg-config -, qdjango -, qtbase -, qtdeclarative -, qtxmlpatterns -, ubports-click -, validatePkgConfig -, wrapQtAppsHook +{ + stdenv, + lib, + fetchFromGitLab, + fetchpatch, + gitUpdater, + testers, + cmake, + cmake-extras, + dbus, + doxygen, + glibcLocales, + gsettings-qt, + gtest, + intltool, + json-glib, + libapparmor, + libqtdbustest, + pkg-config, + qdjango, + qtbase, + qtdeclarative, + qtxmlpatterns, + ubports-click, + validatePkgConfig, + wrapQtAppsHook, }: stdenv.mkDerivation (finalAttrs: { pname = "libusermetrics"; - version = "1.3.2"; + version = "1.3.3"; src = fetchFromGitLab { owner = "ubports"; repo = "development/core/libusermetrics"; rev = finalAttrs.version; - hash = "sha256-jmJH5vByBnBqgQfyb7HNVe+eS/jHcU64R2dnvuLbqss="; + hash = "sha256-V4vxNyHMs2YYBILkpco79FN9xnooULgB+z2Kf3V0790="; }; outputs = [ @@ -41,21 +44,21 @@ stdenv.mkDerivation (finalAttrs: { ]; patches = [ - # Not submitted yet, waiting for decision on how CMake testing should be handled - ./2001-Remove-custom-check-target.patch - - # Due to https://gitlab.com/ubports/development/core/libusermetrics/-/issues/8, we require knowledge about AppArmor availability at launch time - # Custom patch to launch a module-defined service that can handle this - ./2002-Launch-module-created-systemd-service.patch + # Remove when https://gitlab.com/ubports/development/core/libusermetrics/-/merge_requests/17 merged & in release + (fetchpatch { + name = "0001-libusermetrics-BUILD_TESTING.patch"; + url = "https://gitlab.com/ubports/development/core/libusermetrics/-/commit/c1e4847601cc4522034a766755ce491d48132d77.patch"; + hash = "sha256-UWc9/ngpuiSm0Rd6eBK/R3N/NwDRtMxie78seN3+y/8="; + }) ]; postPatch = '' # Tries to query QMake for QT_INSTALL_QML variable, would return broken paths into /build/qtbase-<commit> even if qmake was available substituteInPlace src/modules/UserMetrics/CMakeLists.txt \ - --replace 'query_qmake(QT_INSTALL_QML QT_IMPORTS_DIR)' 'set(QT_IMPORTS_DIR "''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}")' + --replace-fail 'query_qmake(QT_INSTALL_QML QT_IMPORTS_DIR)' 'set(QT_IMPORTS_DIR "''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}")' substituteInPlace doc/CMakeLists.txt \ - --replace "\''${CMAKE_INSTALL_DATAROOTDIR}/doc/libusermetrics-doc" "\''${CMAKE_INSTALL_DOCDIR}" + --replace-fail "\''${CMAKE_INSTALL_FULL_DATAROOTDIR}/doc/libusermetrics-doc" "\''${CMAKE_INSTALL_DOCDIR}" ''; strictDeps = true; @@ -82,8 +85,12 @@ stdenv.mkDerivation (finalAttrs: { qtbase ]; + # Tests need to be able to check locale + LC_ALL = lib.optionalString finalAttrs.finalPackage.doCheck "en_US.UTF-8"; + nativeCheckInputs = [ dbus + glibcLocales ]; checkInputs = [ @@ -96,14 +103,6 @@ stdenv.mkDerivation (finalAttrs: { (lib.cmakeBool "GSETTINGS_LOCALINSTALL" true) (lib.cmakeBool "GSETTINGS_COMPILE" true) (lib.cmakeBool "ENABLE_CLICK" true) - (lib.cmakeBool "ENABLE_TESTS" finalAttrs.finalPackage.doCheck) - (lib.cmakeFeature "CMAKE_CTEST_ARGUMENTS" (lib.concatStringsSep ";" [ - # Exclude tests - "-E" (lib.strings.escapeShellArg "(${lib.concatStringsSep "|" [ - # Flaky, randomly failing in UserMetricsImplTest.AddTranslatedData (data not ready when signal is emitted?) - "^usermetricsoutput-unit-tests" - ]})") - ])) ]; doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform; @@ -118,13 +117,13 @@ stdenv.mkDerivation (finalAttrs: { updateScript = gitUpdater { }; }; - meta = with lib; { + meta = { description = "Enables apps to locally store interesting numerical data for later presentation"; homepage = "https://gitlab.com/ubports/development/core/libusermetrics"; changelog = "https://gitlab.com/ubports/development/core/libusermetrics/-/blob/${finalAttrs.version}/ChangeLog"; - license = licenses.lgpl3Only; - maintainers = teams.lomiri.members; - platforms = platforms.linux; + license = lib.licenses.lgpl3Only; + maintainers = lib.teams.lomiri.members; + platforms = lib.platforms.linux; mainProgram = "usermetricsinput"; pkgConfigModules = [ "libusermetricsinput-1" diff --git a/pkgs/development/coq-modules/waterproof/default.nix b/pkgs/development/coq-modules/waterproof/default.nix new file mode 100644 index 0000000000000..7d9431c25c286 --- /dev/null +++ b/pkgs/development/coq-modules/waterproof/default.nix @@ -0,0 +1,24 @@ +{ lib, mkCoqDerivation, coq, version ? null }: + +mkCoqDerivation { + pname = "waterproof"; + owner = "impermeable"; + repo = "coq-waterproof"; + inherit version; + defaultVersion = let inherit (lib.versions) range; in + lib.switch coq.coq-version [ + { case = range "8.18" "8.18"; out = "2.1.1+8.18"; } + ] null; + release = { + "2.1.1+8.18".sha256 = "sha256-jYuQ9SPFRefNCUfn6+jEaJ4399EnU0gXPPkEDCpJYOI="; + }; + + mlPlugin = true; + + useDune = true; + + meta = { + description = "Coq proofs in a style that resembles non-mechanized mathematical proofs"; + license = lib.licenses.lgpl3Plus; + }; +} diff --git a/pkgs/development/embedded/avrdude/default.nix b/pkgs/development/embedded/avrdude/default.nix index 1fb0741061a22..29edb66f9f5f1 100644 --- a/pkgs/development/embedded/avrdude/default.nix +++ b/pkgs/development/embedded/avrdude/default.nix @@ -1,4 +1,4 @@ -{ lib, callPackage, stdenv, fetchFromGitHub, cmake, bison, flex, libusb1, elfutils +{ lib, callPackage, stdenv, fetchFromGitHub, cmake, bison, flex, pkg-config, libusb1, elfutils , libftdi1, readline, hidapi, libserialport, libusb-compat-0_1 # Documentation building doesn't work on Darwin. It fails with: # Undefined subroutine &Locale::Messages::dgettext called in ... texi2html @@ -12,16 +12,16 @@ in stdenv.mkDerivation (finalAttrs: { pname = "avrdude"; - version = "7.3"; + version = "8.0"; src = fetchFromGitHub { owner = "avrdudes"; - repo = "avdude"; + repo = "avrdude"; rev = "v${finalAttrs.version}"; - sha256 = "sha256-JqW3AOMmAfcy+PQRcqviWlxA6GoMSEfzIFt1pRYY7Dw="; + sha256 = "w58HVCvKuWpGJwllupbj7ndeq4iE9LPs/IjFSUN0DOU="; }; - nativeBuildInputs = [ cmake bison flex ] ++ lib.optionals docSupport [ + nativeBuildInputs = [ cmake bison flex pkg-config ] ++ lib.optionals docSupport [ unixtools.more texliveMedium texinfo @@ -48,11 +48,6 @@ stdenv.mkDerivation (finalAttrs: { cmakeFlags = lib.optionals docSupport [ "-DBUILD_DOC=ON" ] ++ lib.optionals stdenv.hostPlatform.isLinux [ "-DHAVE_LINUXSPI=ON" "-DHAVE_PARPORT=ON" ]; - # dvips output references texlive in comments, resulting in a huge closure - postInstall = lib.optionalString docSupport '' - rm $out/share/doc/avrdude/*.ps - ''; - passthru = { # Vendored and mutated copy of libelf for avrdudes use. # Produces a static library only. diff --git a/pkgs/development/libraries/rapidyaml/default.nix b/pkgs/development/libraries/rapidyaml/default.nix index 0ab61d3e7178a..bab70f5a6f566 100644 --- a/pkgs/development/libraries/rapidyaml/default.nix +++ b/pkgs/development/libraries/rapidyaml/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "rapidyaml"; - version = "0.7.1"; + version = "0.7.2"; src = fetchFromGitHub { owner = "biojppm"; repo = pname; fetchSubmodules = true; rev = "v${version}"; - hash = "sha256-NUPx/1DkhSeCTt3Y5WpsN3wX7pMNOeku7eHdmFv/OWw="; + hash = "sha256-vAYafhWo9xavM2j+mT3OGcX7ZSS25mieR/3b79BO+jA="; }; nativeBuildInputs = [ cmake git ]; diff --git a/pkgs/development/python-modules/aioesphomeapi/default.nix b/pkgs/development/python-modules/aioesphomeapi/default.nix index 085f267cc1a15..a3797f5107285 100644 --- a/pkgs/development/python-modules/aioesphomeapi/default.nix +++ b/pkgs/development/python-modules/aioesphomeapi/default.nix @@ -26,7 +26,7 @@ buildPythonPackage rec { pname = "aioesphomeapi"; - version = "25.1.0"; + version = "25.2.1"; pyproject = true; disabled = pythonOlder "3.9"; @@ -35,7 +35,7 @@ buildPythonPackage rec { owner = "esphome"; repo = "aioesphomeapi"; rev = "refs/tags/v${version}"; - hash = "sha256-YRUX7WHiizAIHjGkCZwefqqMXykokXgwrHZ3OwLIVCs="; + hash = "sha256-pQ8RR8e9NVQNBKaQMI60WYANI0rSK5L/H+5e2Tu7zUU="; }; build-system = [ diff --git a/pkgs/development/python-modules/libknot/default.nix b/pkgs/development/python-modules/libknot/default.nix index effdecfa624fb..03f249969a002 100644 --- a/pkgs/development/python-modules/libknot/default.nix +++ b/pkgs/development/python-modules/libknot/default.nix @@ -12,12 +12,12 @@ buildPythonPackage rec { pname = "libknot"; - version = "3.3.8"; + version = "3.3.9"; pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-RG2NOFQC6rxeutawn3ArZy9uNLn+gPmEqrv1E0YYJx4="; + hash = "sha256-AAjH5+IQdkzTIp1+q638d9dzAfo7nXUudOLQm81P7lU="; }; postPatch = '' diff --git a/pkgs/development/python-modules/pytouchlinesl/default.nix b/pkgs/development/python-modules/pytouchlinesl/default.nix index 2cd211c769d54..209c5f270f703 100644 --- a/pkgs/development/python-modules/pytouchlinesl/default.nix +++ b/pkgs/development/python-modules/pytouchlinesl/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "pytouchlinesl"; - version = "0.1.3"; + version = "0.1.5"; pyproject = true; disabled = pythonOlder "3.10"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "jnsgruk"; repo = "pytouchlinesl"; rev = "refs/tags/${version}"; - hash = "sha256-TLKZ3mPNS7jRpbx3nllLlv5jPVQDLcTs44oJr6rNGeQ="; + hash = "sha256-kdLMuxA1Ig85mH7s9rlmVjEsItXxRlDA1JTFasnJogg="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/python-modules/tesserocr/default.nix b/pkgs/development/python-modules/tesserocr/default.nix index cfc4922eccf7a..1bddf639b4c7e 100644 --- a/pkgs/development/python-modules/tesserocr/default.nix +++ b/pkgs/development/python-modules/tesserocr/default.nix @@ -21,12 +21,12 @@ buildPythonPackage rec { pname = "tesserocr"; - version = "2.7.0"; + version = "2.7.1"; format = "setuptools"; src = fetchPypi { inherit pname version; - hash = "sha256-RcCTYwM30Bpqj5d6JGrW1zLrEfLgcrsibVmtPSR4HJk="; + hash = "sha256-N0TFyLur8YFyhJx3Mb4A3C5eRPjFVtN8hQ54h5SuCvQ="; }; # https://github.com/sirfz/tesserocr/issues/314 diff --git a/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix b/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix index 2b26f3898723d..4e2fa7b6234d0 100644 --- a/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix +++ b/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "cirrus-cli"; - version = "0.122.2"; + version = "0.122.4"; src = fetchFromGitHub { owner = "cirruslabs"; repo = pname; rev = "v${version}"; - hash = "sha256-+P4FpGH09hgY+PCrFNKAZgh9/hO8C0aFAnv545bA0gw="; + hash = "sha256-YpdzwGThmc9r4I+Rx8nxTZToi+J3UbqwZD+F2hYEG8M="; }; vendorHash = "sha256-WAYjYIHsBkQiTUmMDRXnx3Q1UAFVfXmZDFxzw7Kh0ds="; diff --git a/pkgs/development/tools/firebase-tools/default.nix b/pkgs/development/tools/firebase-tools/default.nix index 8e3d1dab2e941..3e78b575df76e 100644 --- a/pkgs/development/tools/firebase-tools/default.nix +++ b/pkgs/development/tools/firebase-tools/default.nix @@ -8,16 +8,16 @@ buildNpmPackage rec { pname = "firebase-tools"; - version = "13.15.2"; + version = "13.15.4"; src = fetchFromGitHub { owner = "firebase"; repo = "firebase-tools"; rev = "v${version}"; - hash = "sha256-8W602Rs5kPAYhhwhUaSmA7oV0DROA0Ut2+QHBubNqJM="; + hash = "sha256-sVLzEswyewffGoHhc/eJvOoHzMbMmoq1M23noJmvWxE="; }; - npmDepsHash = "sha256-HWTCpBfMvpa9pUOaYOSDCc/JdZzBhZfEO/ejSNxwnXA="; + npmDepsHash = "sha256-hBXcA/rmbictMuBihu1kDgkriunwC+gP/lWEhaPklLM="; postPatch = '' ln -s npm-shrinkwrap.json package-lock.json diff --git a/pkgs/development/tools/language-servers/helm-ls/default.nix b/pkgs/development/tools/language-servers/helm-ls/default.nix index e160042d35f15..f34d3a8ba7324 100644 --- a/pkgs/development/tools/language-servers/helm-ls/default.nix +++ b/pkgs/development/tools/language-servers/helm-ls/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "helm-ls"; - version = "0.0.21"; + version = "0.0.22"; src = fetchFromGitHub { owner = "mrjosh"; repo = "helm-ls"; rev = "v${version}"; - hash = "sha256-O30gdcQdNjKADraPCltTjNglztz37CVx+fUeoVI3/O8="; + hash = "sha256-h3ppVj+Y1jtvsZLWzZxmFmmxr0My9Nd4zQBqeDSX0ZI="; }; vendorHash = "sha256-AWKCE2BZGVYcr6Pe8URQo11Xnr3sfgWWkm9v7vvILOo="; diff --git a/pkgs/development/tools/misc/circleci-cli/default.nix b/pkgs/development/tools/misc/circleci-cli/default.nix index 768e3d230ed6b..8f1f2ecc37677 100644 --- a/pkgs/development/tools/misc/circleci-cli/default.nix +++ b/pkgs/development/tools/misc/circleci-cli/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "circleci-cli"; - version = "0.1.30888"; + version = "0.1.30995"; src = fetchFromGitHub { owner = "CircleCI-Public"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ZnU48pj1xv2GuiDW/lsKzOcdLbwKyVupV0PBw7CJvm0="; + sha256 = "sha256-DSgpyQ9luC7RSFq/TbJplQzEKJEDdGIPHsFX3LuzqaQ="; }; vendorHash = "sha256-60edYYhbSPiJWmuQXXEt+xCnSxsHf8Q38RgyWwdP6vQ="; diff --git a/pkgs/servers/invidious/default.nix b/pkgs/servers/invidious/default.nix index 0cd88f4ffa92c..a52d431a1ce98 100644 --- a/pkgs/servers/invidious/default.nix +++ b/pkgs/servers/invidious/default.nix @@ -1,7 +1,7 @@ { lib , callPackage , crystal -, fetchFromGitea +, fetchFromGitHub , librsvg , pkg-config , libxml2 @@ -29,8 +29,7 @@ crystal.buildCrystalPackage rec { pname = "invidious"; inherit (versions.invidious) version; - src = fetchFromGitea { - domain = "gitea.invidious.io"; + src = fetchFromGitHub { owner = "iv-org"; repo = "invidious"; fetchSubmodules = true; diff --git a/pkgs/servers/invidious/shards.nix b/pkgs/servers/invidious/shards.nix index 8e38d563be204..97979576efa60 100644 --- a/pkgs/servers/invidious/shards.nix +++ b/pkgs/servers/invidious/shards.nix @@ -1,8 +1,8 @@ { ameba = { url = "https://github.com/crystal-ameba/ameba.git"; - rev = "v1.5.0"; - sha256 = "1idivsbpmi40aqvs82fsv37nrgikirprxrj3ls9chsb876fq9p2d"; + rev = "v1.6.1"; + sha256 = "1qlgqpgycfxvvrfzih7b9ayb6fvkffz5aw0msbj70z2q7wvsq29p"; }; athena-negotiation = { url = "https://github.com/athena-framework/negotiation.git"; diff --git a/pkgs/servers/invidious/update.sh b/pkgs/servers/invidious/update.sh index 2ba5c3452c6c6..848a6a9010eae 100755 --- a/pkgs/servers/invidious/update.sh +++ b/pkgs/servers/invidious/update.sh @@ -36,7 +36,7 @@ if [ ! -d "$git_dir" ]; then fi git -C "$git_dir" fetch origin --tags "$git_branch" -new_tag="$(git -C "$git_dir" ls-remote --tags --sort=committerdate origin | head -n1 | grep -Po '(?<=refs/tags/).*')" +new_tag="$(git -C "$git_dir" ls-remote --tags --sort=-committerdate origin | tail -n1 | grep -Po '(?<=refs/tags/).*')" new_version="${new_tag#v}" if [ "$new_version" = "$old_version" ]; then @@ -44,8 +44,9 @@ if [ "$new_version" = "$old_version" ]; then exit fi +info "updating to $new_tag" commit="$(git -C "$git_dir" rev-list "$new_tag" --max-count=1 --abbrev-commit)" -date="$(git -C "$git_dir" log -1 --format=%cd --date=format:%Y.%m.%d)" +date="$(git -C "$git_dir" log -1 --format=%cd --date=format:%Y.%m.%d "$commit")" json_set '.invidious.date' "$date" json_set '.invidious.commit' "$commit" json_set '.invidious.version' "$new_version" diff --git a/pkgs/servers/invidious/versions.json b/pkgs/servers/invidious/versions.json index 35a6f77b84b61..4a4776b17649a 100644 --- a/pkgs/servers/invidious/versions.json +++ b/pkgs/servers/invidious/versions.json @@ -1,9 +1,9 @@ { "invidious": { - "hash": "sha256-YZ+uhn1ESuRTZxAMoxKCpxEaUfeCUqOrSr3LkdbrTkU=", - "version": "2.20240427", - "date": "2024.04.27", - "commit": "eda7444c" + "hash": "sha256-oNkEFATRVgPC8Bhp0v04an3LvqgsSEjLZdeblb7n8TI=", + "version": "2.20240825.2", + "date": "2024.08.26", + "commit": "4782a670" }, "videojs": { "hash": "sha256-jED3zsDkPN8i6GhBBJwnsHujbuwlHdsVpVqa1/pzSH4=" diff --git a/pkgs/servers/monitoring/prometheus/knot-exporter.nix b/pkgs/servers/monitoring/prometheus/knot-exporter.nix index 55324b9af88dc..5750b01163157 100644 --- a/pkgs/servers/monitoring/prometheus/knot-exporter.nix +++ b/pkgs/servers/monitoring/prometheus/knot-exporter.nix @@ -6,13 +6,13 @@ python3.pkgs.buildPythonApplication rec { pname = "knot-exporter"; - version = "3.3.8"; + version = "3.3.9"; pyproject = true; src = fetchPypi { pname = "knot_exporter"; inherit version; - hash = "sha256-c6J2c9UpuLOW9rUif+k76PUb7Mh2WIH5Nn3alKaVNyw="; + hash = "sha256-8OeMWEXnAaLYpZD/bKAm8vtf0mkGCavmJOV4ThWGDDo="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/admin/chamber/default.nix b/pkgs/tools/admin/chamber/default.nix index 579885b806ef1..4936b4bfd5293 100644 --- a/pkgs/tools/admin/chamber/default.nix +++ b/pkgs/tools/admin/chamber/default.nix @@ -2,18 +2,18 @@ buildGoModule rec { pname = "chamber"; - version = "3.0.1"; + version = "3.1.0"; src = fetchFromGitHub { owner = "segmentio"; repo = pname; rev = "v${version}"; - sha256 = "sha256-zjVch0NzCmimydk7/Uz4FZhcgQD+9xV6H6sAtPnFhDE="; + sha256 = "sha256-BD4gtdlIh5IRgTtrCdEN+o5d00wZsczsH0JbdoFdg4o="; }; CGO_ENABLED = 0; - vendorHash = "sha256-1glSjsuHN7urlktxJ/vR/jfDgbVBWsui0bZWMhmJ50c="; + vendorHash = "sha256-Rk6doJqLD8ucU+mGDtteCyM/QvnzbIVnFmFW9b09560="; ldflags = [ "-s" "-w" "-X main.Version=v${version}" ]; diff --git a/pkgs/tools/networking/picosnitch/default.nix b/pkgs/tools/networking/picosnitch/default.nix index c874fbf80c1b3..d0cb9f82c56bb 100644 --- a/pkgs/tools/networking/picosnitch/default.nix +++ b/pkgs/tools/networking/picosnitch/default.nix @@ -39,5 +39,8 @@ python3.pkgs.buildPythonApplication rec { license = licenses.gpl3Plus; maintainers = [ maintainers.elesiuta ]; platforms = platforms.linux; + knownVulnerabilities = [ + "Allows an unprivileged user to write to arbitrary files as root; see https://github.com/elesiuta/picosnitch/issues/40" + ]; }; } diff --git a/pkgs/tools/networking/rathole/default.nix b/pkgs/tools/networking/rathole/default.nix deleted file mode 100644 index 8453792e703ec..0000000000000 --- a/pkgs/tools/networking/rathole/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ lib -, stdenv -, fetchFromGitHub -, rustPlatform -, pkg-config -, openssl -, nixosTests -, CoreServices -}: - -rustPlatform.buildRustPackage rec { - pname = "rathole"; - version = "0.5.0"; - - src = fetchFromGitHub { - owner = "rapiz1"; - repo = pname; - rev = "refs/tags/v${version}"; - hash = "sha256-YfLzR1lHk+0N3YU1XTNxz+KE1S3xaiKJk0zASm6cr1s="; - }; - - cargoHash = "sha256-UyQXAUPnp32THZJAs/p3bIXZjcXTvjy207QBVLCfkr8="; - - nativeBuildInputs = [ - pkg-config - ]; - - buildInputs = [ - openssl - ] ++ lib.optionals stdenv.isDarwin [ - CoreServices - ]; - - __darwinAllowLocalNetworking = true; - - doCheck = false; # https://github.com/rapiz1/rathole/issues/222 - - passthru.tests = { inherit (nixosTests) rathole; }; - - meta = with lib; { - description = "Reverse proxy for NAT traversal"; - homepage = "https://github.com/rapiz1/rathole"; - changelog = "https://github.com/rapiz1/rathole/releases/tag/v${version}"; - license = licenses.asl20; - maintainers = with maintainers; [ dit7ya ]; - mainProgram = "rathole"; - }; -} diff --git a/pkgs/tools/virtualization/govc/default.nix b/pkgs/tools/virtualization/govc/default.nix index 29be15a5817bb..c7144003c4295 100644 --- a/pkgs/tools/virtualization/govc/default.nix +++ b/pkgs/tools/virtualization/govc/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "govc"; - version = "0.40.0"; + version = "0.42.0"; subPackages = [ "govc" ]; @@ -10,7 +10,7 @@ buildGoModule rec { rev = "v${version}"; owner = "vmware"; repo = "govmomi"; - sha256 = "sha256-Lyuz1m6JUbh2+pdWCQLoiOz72ZCigZIjUu+y0GYTPlM="; + sha256 = "sha256-Sr3cJHnNeEPpYcAl+DmVL6lG0FKFhNHOVejRWBE3yUM="; }; vendorHash = "sha256-W4Q4jCbW5lruXEhgKg7ZiPCHGxuYwYqi8Qm2JMyJaFE="; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9cd0ca8b76f88..efb86221e5d60 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10658,8 +10658,6 @@ with pkgs; nb = callPackage ../tools/misc/nb { }; - nbqa = callPackage ../tools/misc/nbqa { }; - kb = callPackage ../tools/misc/kb { }; notable = callPackage ../applications/misc/notable { }; @@ -13685,8 +13683,6 @@ with pkgs; pythonPackages = python3Packages; }; - video-trimmer = callPackage ../applications/video/video-trimmer { }; - via = callPackage ../tools/misc/via { }; vial = callPackage ../tools/misc/vial { }; @@ -18721,10 +18717,6 @@ with pkgs; ran = callPackage ../servers/http/ran { }; - rathole = callPackage ../tools/networking/rathole { - inherit (darwin.apple_sdk.frameworks) CoreServices; - }; - retry = callPackage ../tools/system/retry { }; rizin = pkgs.callPackage ../development/tools/analysis/rizin { }; @@ -33335,8 +33327,6 @@ with pkgs; tart = callPackage ../applications/virtualization/tart { }; - viber = callPackage ../applications/networking/instant-messengers/viber { }; - wavebox = callPackage ../applications/networking/instant-messengers/wavebox { }; sonic-pi = libsForQt5.callPackage ../applications/audio/sonic-pi { }; diff --git a/pkgs/top-level/coq-packages.nix b/pkgs/top-level/coq-packages.nix index ecdbe8bd6eff6..c6a6ce952f719 100644 --- a/pkgs/top-level/coq-packages.nix +++ b/pkgs/top-level/coq-packages.nix @@ -159,6 +159,7 @@ let paco = self.paco.override { version = "4.1.2"; }; }; })); + waterproof = callPackage ../development/coq-modules/waterproof {}; zorns-lemma = callPackage ../development/coq-modules/zorns-lemma {}; filterPackages = doesFilter: if doesFilter then filterCoqPackages self else self; }; |