diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2018-12-24 15:02:29 +0100 |
---|---|---|
committer | Jan Tojnar <jtojnar@gmail.com> | 2018-12-24 15:02:29 +0100 |
commit | ef935fa1016ba6209a8882f4ccd776c5272a4359 (patch) | |
tree | 8d4c66fda8f30dc3bb2a1c5ce5da5b7fca999dd8 /pkgs/tools | |
parent | d5d15828b51a7d4fd7eee82c6e9a1b261aa49115 (diff) | |
parent | dd3eea4b476552cbdf95388179bfdd668d04b8b7 (diff) |
Merge branch 'master' into staging
Diffstat (limited to 'pkgs/tools')
29 files changed, 303 insertions, 107 deletions
diff --git a/pkgs/tools/admin/nomachine-client/default.nix b/pkgs/tools/admin/nomachine-client/default.nix index be616c1bf9e0f..32d0e584f31a0 100644 --- a/pkgs/tools/admin/nomachine-client/default.nix +++ b/pkgs/tools/admin/nomachine-client/default.nix @@ -1,6 +1,7 @@ -{ stdenv, lib, file, fetchurl, makeWrapper, autoPatchelfHook, jsoncpp }: +{ stdenv, lib, file, fetchurl, makeWrapper, + autoPatchelfHook, jsoncpp, libpulseaudio }: let - versionMajor = "6.3"; + versionMajor = "6.4"; versionMinor = "6_1"; in stdenv.mkDerivation rec { @@ -11,12 +12,12 @@ in if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_x86_64.tar.gz"; - sha256 = "1035j2z2rqmdfb8cfm1pakd05c575640604b8lkljmilpky9mw5d"; + sha256 = "141pv277kl5ij1pmc0iadc0hnslxri2qaqvsjkmmvls4432jh0yi"; } else if stdenv.hostPlatform.system == "i686-linux" then fetchurl { url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_i686.tar.gz"; - sha256 = "07j9f6mlq9m01ch8ik5dybi283vrp5dlv156jr5n7n2chzk34kf3"; + sha256 = "0a2vi4ygw34yw8rcjhw17mqx5qbjnym4jkap8paik8lisb5mhnyj"; } else throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}"; @@ -31,7 +32,7 @@ in ''; nativeBuildInputs = [ file makeWrapper autoPatchelfHook ]; - buildInputs = [ jsoncpp ]; + buildInputs = [ jsoncpp libpulseaudio ]; installPhase = '' rm bin/nxplayer bin/nxclient @@ -63,6 +64,10 @@ in postFixup = '' makeWrapper $out/bin/nxplayer.bin $out/bin/nxplayer --set NX_SYSTEM $out/NX makeWrapper $out/bin/nxclient.bin $out/bin/nxclient --set NX_SYSTEM $out/NX + + # libnxcau.so needs libpulse.so.0 for audio to work, but doesn't + # have a DT_NEEDED entry for it. + patchelf --add-needed libpulse.so.0 $out/NX/lib/libnxcau.so ''; dontBuild = true; diff --git a/pkgs/tools/admin/pulumi/default.nix b/pkgs/tools/admin/pulumi/default.nix index b24b88fa96a2f..e2e1980dad921 100644 --- a/pkgs/tools/admin/pulumi/default.nix +++ b/pkgs/tools/admin/pulumi/default.nix @@ -2,17 +2,17 @@ let - version = "0.16.2"; + version = "0.16.7"; # switch the dropdown to “manual” on https://pulumi.io/quickstart/install.html # TODO: update script pulumiArchPackage = { "x86_64-linux" = { url = "https://get.pulumi.com/releases/sdk/pulumi-v${version}-linux-x64.tar.gz"; - sha256 = "16qgy2pj3xkf1adi3882fpsl99jwsm19111fi5vzh1xqf39sg549"; + sha256 = "1l1cn8pk05vl7vpmhny9rlz1hj0iqclqjj1r2q12qip7f4qkgsfw"; }; "x86_64-darwin" = { url = "https://get.pulumi.com/releases/sdk/pulumi-v${version}-darwin-x64.tar.gz"; - sha256 = "18ck9khspa0x798bdlwk8dzylbsq7s35xmla8yasd9qqlab1yy1a"; + sha256 = "0p07jvgy0xl524fgb5d9wijxa91isv4h4mcn9qghycqj90yqnjhx"; }; }; diff --git a/pkgs/tools/archivers/fsarchiver/default.nix b/pkgs/tools/archivers/fsarchiver/default.nix new file mode 100644 index 0000000000000..cb73233dcb460 --- /dev/null +++ b/pkgs/tools/archivers/fsarchiver/default.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig +, zlib, bzip2, lzma, lzo, lz4, zstd, xz +, libgcrypt, e2fsprogs, utillinux, libgpgerror }: + +let + version = "0.8.5"; + +in stdenv.mkDerivation { + name = "fsarchiver-${version}"; + + src = fetchFromGitHub { + owner = "fdupoux"; + repo = "fsarchiver"; + rev = version; + sha256 = "1rvwq5v3rl14bqxjm1ibfapyicf0sa44nw7451v10kx39lp56ylp"; + }; + + nativeBuildInputs = [ + autoreconfHook pkgconfig + ]; + + buildInputs = [ + zlib bzip2 lzma lzo lz4 zstd xz + libgcrypt e2fsprogs utillinux libgpgerror + ]; + + meta = with stdenv.lib; { + description = "File system archiver for linux"; + longDescription = '' + FSArchiver is a system tool that allows you to save the contents of a + file-system to a compressed archive file. The file-system can be restored + on a partition which has a different size and it can be restored on a + different file-system. Unlike tar/dar, FSArchiver also creates the + file-system when it extracts the data to partitions. Everything is + checksummed in the archive in order to protect the data. If the archive is + corrupt, you just loose the current file, not the whole archive. + ''; + homepage = http://www.fsarchiver.org/; + license = licenses.lgpl2; + maintainers = [ maintainers.etu ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/audio/abcm2ps/default.nix b/pkgs/tools/audio/abcm2ps/default.nix index eefb8160cbba9..8fe445fedbebf 100644 --- a/pkgs/tools/audio/abcm2ps/default.nix +++ b/pkgs/tools/audio/abcm2ps/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "abcm2ps-${version}"; - version = "8.14.1"; + version = "8.14.2"; src = fetchFromGitHub { owner = "leesavide"; repo = "abcm2ps"; rev = "v${version}"; - sha256 = "1i39wfrnjflhfbqhcphr9dw08q4si5i724wv423996whk5xni61l"; + sha256 = "15hka82zps3rfp4xdbzlf23wz4hqjk084awzfjh357qn168bwwid"; }; prePatch = '' diff --git a/pkgs/tools/audio/playerctl/default.nix b/pkgs/tools/audio/playerctl/default.nix index 15e7a772bbd1b..d1edbf94fe07f 100644 --- a/pkgs/tools/audio/playerctl/default.nix +++ b/pkgs/tools/audio/playerctl/default.nix @@ -1,28 +1,25 @@ -{ stdenv, meson, ninja, fetchFromGitHub, glib, pkgconfig, gobject-introspection }: +{ stdenv, meson, ninja, fetchFromGitHub, glib, pkgconfig, gtk-doc, docbook_xsl, gobject-introspection }: stdenv.mkDerivation rec { name = "playerctl-${version}"; - version = "0.6.1"; + version = "2.0.1"; src = fetchFromGitHub { owner = "acrisci"; repo = "playerctl"; rev = "v${version}"; - sha256 = "0jnylj5d6i29c5y6yjxg1a88r2qfbac5pj95f2aljjkfh9428jbb"; + sha256 = "0j1fvcc80307ybl1z9l752sr4bcza2fmb8qdivpnm4xmm82faigb"; }; - nativeBuildInputs = [ meson ninja pkgconfig gobject-introspection ]; + nativeBuildInputs = [ meson ninja pkgconfig gtk-doc docbook_xsl gobject-introspection ]; buildInputs = [ glib ]; - # docs somehow crashes the install phase: - # https://github.com/acrisci/playerctl/issues/85 - mesonFlags = [ "-Dgtk-doc=false" ]; - meta = with stdenv.lib; { description = "Command-line utility and library for controlling media players that implement MPRIS"; homepage = https://github.com/acrisci/playerctl; license = licenses.lgpl3; platforms = platforms.unix; maintainers = with maintainers; [ puffnfresh ]; + broken = stdenv.hostPlatform.isDarwin; }; } diff --git a/pkgs/tools/compression/mozlz4a/default.nix b/pkgs/tools/compression/mozlz4a/default.nix index 16455fe358842..abd0948366643 100644 --- a/pkgs/tools/compression/mozlz4a/default.nix +++ b/pkgs/tools/compression/mozlz4a/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "${pname}-${version}"; pname = "mozlz4a"; - version = "2015-07-24"; + version = "2018-08-23"; # or fetchFromGitHub(owner,repo,rev) or fetchgit(rev) src = fetchurl { - url = "https://gist.githubusercontent.com/Tblue/62ff47bef7f894e92ed5/raw/2483756c55ed34be565aea269f05bd5eeb6b0a33/mozlz4a.py"; - sha256 = "1y52zqkdyfacl2hr5adkjphgqfyfylp8ksrkh165bq48zlbf00s8"; + url = "https://gist.githubusercontent.com/kaefer3000/73febe1eec898cd50ce4de1af79a332a/raw/a266410033455d6b4af515d7a9d34f5afd35beec/mozlz4a.py"; + sha256 = "1d1ai062kdms34bya9dlykkx011rj8d8nh5l7d76xj8k9kv4ssq6"; }; unpackPhase = "true;"; diff --git a/pkgs/tools/filesystems/duperemove/default.nix b/pkgs/tools/filesystems/duperemove/default.nix index 56795332a96df..208cbb83209cc 100644 --- a/pkgs/tools/filesystems/duperemove/default.nix +++ b/pkgs/tools/filesystems/duperemove/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libgcrypt glib linuxHeaders sqlite ]; - makeFlags = [ "DESTDIR=$(out)" "PREFIX=" ]; + makeFlags = [ "PREFIX=${placeholder "out"}" ]; meta = with stdenv.lib; { description = "A simple tool for finding duplicated extents and submitting them for deduplication"; diff --git a/pkgs/tools/filesystems/sshfs-fuse/default.nix b/pkgs/tools/filesystems/sshfs-fuse/default.nix index ddec6b7eff897..1a24cf7e75c43 100644 --- a/pkgs/tools/filesystems/sshfs-fuse/default.nix +++ b/pkgs/tools/filesystems/sshfs-fuse/default.nix @@ -4,14 +4,14 @@ }: stdenv.mkDerivation rec { - version = "3.5.0"; + version = "3.5.1"; name = "sshfs-fuse-${version}"; src = fetchFromGitHub { owner = "libfuse"; repo = "sshfs"; rev = "sshfs-${version}"; - sha256 = "1mczf13ic5ycfhcxmxma50n5h32vygcll0d8m39vam237s95aqy6"; + sha256 = "07ryavfbbzfxaswsbr8ifnnfn6g8yxgxam6mk6gvcskld6rkf6gd"; }; nativeBuildInputs = [ meson pkgconfig ninja docutils ]; diff --git a/pkgs/tools/misc/datamash/default.nix b/pkgs/tools/misc/datamash/default.nix index d8591647ad31c..230a97da5e443 100644 --- a/pkgs/tools/misc/datamash/default.nix +++ b/pkgs/tools/misc/datamash/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "datamash-${version}"; - version = "1.3"; + version = "1.4"; src = fetchurl { url = "mirror://gnu/datamash/${name}.tar.gz"; - sha256 = "19jpcv4ryvbz0476d6dgpxpbjkpmih4q84wj06nslls338bm5fzf"; + sha256 = "fa44dd2d5456bcb94ef49dfc6cfe62c83fd53ac435119a85d34e6812f6e6472a"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/misc/hyperledger-fabric/default.nix b/pkgs/tools/misc/hyperledger-fabric/default.nix new file mode 100644 index 0000000000000..a66923b03f496 --- /dev/null +++ b/pkgs/tools/misc/hyperledger-fabric/default.nix @@ -0,0 +1,35 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "hyperledger-fabric"; + version = "1.3.0"; + + goPackagePath = "github.com/hyperledger/fabric"; + + # taken from https://github.com/hyperledger/fabric/blob/v1.3.0/Makefile#L108 + subPackages = [ + "common/tools/configtxgen" + "common/tools/configtxlator" + "common/tools/cryptogen" + "common/tools/idemixgen" + "cmd/discover" + "peer" + "orderer" + ]; + + src = fetchFromGitHub { + owner = "hyperledger"; + repo = "fabric"; + rev = "v${version}"; + sha256 = "08qrrxzgkqg9v7n3y8f2vggyqx9j65wisxi17hrabz5mzaq299xs"; + }; + + doCheck = true; + + meta = with stdenv.lib; { + description = "An implementation of blockchain technology, leveraging familiar and proven technologies"; + homepage = https://wiki.hyperledger.org/projects/Fabric; + license = licenses.asl20; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/pkgs/tools/misc/qt5ct/default.nix b/pkgs/tools/misc/qt5ct/default.nix index 72ba4863c40ab..04151812a0780 100644 --- a/pkgs/tools/misc/qt5ct/default.nix +++ b/pkgs/tools/misc/qt5ct/default.nix @@ -4,11 +4,11 @@ let inherit (stdenv.lib) getDev; in stdenv.mkDerivation rec { name = "qt5ct-${version}"; - version = "0.36"; + version = "0.37"; src = fetchurl { url = "mirror://sourceforge/qt5ct/${name}.tar.bz2"; - sha256 = "12gfhchp05xn311zsxh41k3anyrscg53r5d06dasyxyk6hpr9hwg"; + sha256 = "0n8csvbpislxjr2s1xi8r5a4q4bqn4kylcy2zws6w7z4m8pdzrny"; }; nativeBuildInputs = [ qmake qttools ]; diff --git a/pkgs/tools/misc/you-get/default.nix b/pkgs/tools/misc/you-get/default.nix index 6ca284f15a60a..2d0ed3ac1c50a 100644 --- a/pkgs/tools/misc/you-get/default.nix +++ b/pkgs/tools/misc/you-get/default.nix @@ -2,7 +2,7 @@ buildPythonApplication rec { pname = "you-get"; - version = "0.4.1181"; + version = "0.4.1193"; # Tests aren't packaged, but they all hit the real network so # probably aren't suitable for a build environment anyway. @@ -10,7 +10,7 @@ buildPythonApplication rec { src = fetchPypi { inherit pname version; - sha256 = "1rcy590392aycjazi3z8gf6ll39rxkbgmkgnsbsl6yl5vb3jgk83"; + sha256 = "1q7wha0d55pw077bs92bbzx6ck3nsmhnxblz7zaqzladn23hs9zg"; }; meta = with stdenv.lib; { diff --git a/pkgs/tools/networking/bud/default.nix b/pkgs/tools/networking/bud/default.nix index c0383b7c822fb..386642614bc96 100644 --- a/pkgs/tools/networking/bud/default.nix +++ b/pkgs/tools/networking/bud/default.nix @@ -29,6 +29,8 @@ stdenv.mkDerivation rec { description = "A TLS terminating proxy"; license = licenses.mit; platforms = platforms.linux; + # Does not build on aarch64-linux. + badPlatforms = [ "aarch64-linux" ]; maintainers = with maintainers; [ cstrahan ]; }; } diff --git a/pkgs/tools/networking/nss-pam-ldapd/default.nix b/pkgs/tools/networking/nss-pam-ldapd/default.nix index fc961675c7f1a..b199d850f971b 100644 --- a/pkgs/tools/networking/nss-pam-ldapd/default.nix +++ b/pkgs/tools/networking/nss-pam-ldapd/default.nix @@ -1,16 +1,19 @@ -{ stdenv, fetchurl, pkgconfig, openldap, python, pam, makeWrapper }: +{ stdenv, fetchurl +, pkgconfig, makeWrapper, autoreconfHook +, openldap, python, pam +}: stdenv.mkDerivation rec { name = "nss-pam-ldapd-${version}"; version = "0.9.10"; - + src = fetchurl { url = "https://arthurdejong.org/nss-pam-ldapd/${name}.tar.gz"; sha256 = "1cqamcr6qpgwxijlr6kg7jspjamjra8w0haan0qssn0yxn95d7c0"; }; - - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ makeWrapper python openldap pam ]; + + nativeBuildInputs = [ pkgconfig makeWrapper autoreconfHook ]; + buildInputs = [ openldap pam python ]; preConfigure = '' substituteInPlace Makefile.in --replace "install-data-local: " "# install-data-local: " @@ -21,6 +24,7 @@ stdenv.mkDerivation rec { "--with-nslcd-socket=/run/nslcd/socket" "--with-nslcd-pidfile=/run/nslcd/nslcd.pid" "--with-pam-seclib-dir=$(out)/lib/security" + "--enable-kerberos=no" ]; postInstall = '' diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix index eac1ccb253fc5..c0ec4eb9b95da 100644 --- a/pkgs/tools/networking/strongswan/default.nix +++ b/pkgs/tools/networking/strongswan/default.nix @@ -6,6 +6,7 @@ , curl , enableTNC ? false, trousers, sqlite, libxml2 , enableNetworkManager ? false, networkmanager +, libpcap }: # Note on curl support: If curl is built with gnutls as its backend, the @@ -30,7 +31,10 @@ stdenv.mkDerivation rec { [ curl gmp python iptables ldns unbound openssl pcsclite ] ++ optionals enableTNC [ trousers sqlite libxml2 ] ++ optionals stdenv.isLinux [ systemd.dev pam ] - ++ optionals enableNetworkManager [ networkmanager ]; + ++ optionals enableNetworkManager [ networkmanager ] + # ad-hoc fix for https://github.com/NixOS/nixpkgs/pull/51787 + # Remove when the above PR lands in master + ++ [ libpcap ]; patches = [ ./ext_auth-path.patch diff --git a/pkgs/tools/networking/tgt/default.nix b/pkgs/tools/networking/tgt/default.nix index b2ef684f58950..71c9263a6e2b6 100644 --- a/pkgs/tools/networking/tgt/default.nix +++ b/pkgs/tools/networking/tgt/default.nix @@ -15,9 +15,14 @@ in stdenv.mkDerivation rec { buildInputs = [ libxslt systemd libaio docbook_xsl ]; - DESTDIR = "$(out)"; - PREFIX = "/"; - SD_NOTIFY="1"; + makeFlags = [ + "PREFIX=${placeholder "out"}" + "SD_NOTIFY=1" + ]; + + installFlags = [ + "sysconfdir=${placeholder "out"}/etc" + ]; preConfigure = '' sed -i 's|/usr/bin/||' doc/Makefile diff --git a/pkgs/tools/networking/wireguard-tools/default.nix b/pkgs/tools/networking/wireguard-tools/default.nix index 51e23e5dee1f4..07b75737a3553 100644 --- a/pkgs/tools/networking/wireguard-tools/default.nix +++ b/pkgs/tools/networking/wireguard-tools/default.nix @@ -4,11 +4,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "wireguard-tools-${version}"; - version = "0.0.20181119"; + version = "0.0.20181218"; src = fetchzip { url = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${version}.tar.xz"; - sha256 = "1cxws2h64xvg6idb6jb6rdvn9wgmhdvq8s2lzqjbmds7sj6n09wa"; + sha256 = "15lch0s4za7q5mr0dzdzwfsr7pr2i9gjygmpdnidwlx4z72vsajj"; }; sourceRoot = "source/src/tools"; diff --git a/pkgs/tools/package-management/cde/default.nix b/pkgs/tools/package-management/cde/default.nix index 17150c75466ea..e45906688ada3 100644 --- a/pkgs/tools/package-management/cde/default.nix +++ b/pkgs/tools/package-management/cde/default.nix @@ -33,5 +33,7 @@ stdenv.mkDerivation rec { license = licenses.gpl3; maintainers = [ maintainers.rlupton20 ]; platforms = platforms.linux; + # error: architecture aarch64 is not supported by strace + badPlatforms = [ "aarch64-linux" ]; }; } diff --git a/pkgs/tools/package-management/nix-review/default.nix b/pkgs/tools/package-management/nix-review/default.nix index 0409df7906c77..5481182fbd1da 100644 --- a/pkgs/tools/package-management/nix-review/default.nix +++ b/pkgs/tools/package-management/nix-review/default.nix @@ -8,13 +8,13 @@ python3.pkgs.buildPythonApplication rec { pname = "nix-review"; - version = "1.0.1"; + version = "1.0.2"; src = fetchFromGitHub { owner = "Mic92"; repo = "nix-review"; rev = version; - sha256 = "18z7dws3ngx0ffqqgybq65xxsiycildd101q58sj51z1k3lnrynh"; + sha256 = "0vgar8sb2471zipxa1cw0n90mrnn5da7wqdlxhamnkrylbh0mc0d"; }; makeWrapperArgs = [ diff --git a/pkgs/tools/security/b2sum/default.nix b/pkgs/tools/security/b2sum/default.nix index 1679b7fddd072..f9d2855e739fc 100644 --- a/pkgs/tools/security/b2sum/default.nix +++ b/pkgs/tools/security/b2sum/default.nix @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { homepage = "https://blake2.net"; license = with licenses; [ asl20 cc0 openssl ]; maintainers = with maintainers; [ kirelagin ]; - platforms = platforms.all; + # "This code requires at least SSE2." + platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin; }; } diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index 0ce44b11acc54..114ba57e17005 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -2,13 +2,23 @@ , perl, libassuan, libgcrypt , perlPackages, lockfileProgs, gnupg, coreutils # For the tests: -, bash, openssh, which, socat, cpio, hexdump +, bash, openssh, which, socat, cpio, hexdump, openssl }: -stdenv.mkDerivation rec { +let + # A patch is needed to run the tests inside the Nix sandbox: + # /etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell" + # sshd: "User nixbld not allowed because shell /noshell does not exist" + opensshUnsafe = openssh.overrideAttrs (oldAttrs: { + patches = oldAttrs.patches ++ [ ./openssh-nixos-sandbox.patch ]; + }); +in stdenv.mkDerivation rec { name = "monkeysphere-${version}"; version = "0.42"; + # The patched OpenSSH binary MUST NOT be used (except in the check phase): + disallowedRequisites = [ opensshUnsafe ]; + src = fetchurl { url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; sha256 = "1haqgjxm8v2xnhc652lx79p2cqggb9gxgaf19w9l9akar2qmdjf1"; @@ -23,7 +33,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ makeWrapper ]; buildInputs = [ perl libassuan libgcrypt ] ++ stdenv.lib.optional doCheck - ([ gnupg openssh which socat cpio hexdump lockfileProgs ] ++ + ([ gnupg opensshUnsafe which socat cpio hexdump lockfileProgs ] ++ (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ])); makeFlags = '' @@ -31,15 +41,19 @@ stdenv.mkDerivation rec { DESTDIR=$(out) ''; - # The tests "drain" entropy (GnuPG still uses /dev/random) and they don't run - # inside of the sandbox, because nixbld isn't allowed to login via SSH - # (/etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell", - # sshd: "User nixbld not allowed because shell /noshell does not exist"). + # The tests should be run (and succeed) when making changes to this package + # but they aren't enabled by default because they "drain" entropy (GnuPG + # still uses /dev/random). doCheck = false; - preCheck = '' + preCheck = stdenv.lib.optionalString doCheck '' patchShebangs tests/ patchShebangs src/ - sed -i "s,/usr/sbin/sshd,${openssh}/bin/sshd," tests/basic + sed -i \ + -e "s,/usr/sbin/sshd,${opensshUnsafe}/bin/sshd," \ + -e "s,/bin/true,${coreutils}/bin/true," \ + -e "s,/bin/false,${coreutils}/bin/false," \ + -e "s,openssl\ req,${openssl}/bin/openssl req," \ + tests/basic sed -i "s/<(hd/<(hexdump/" tests/keytrans ''; diff --git a/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch b/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch new file mode 100644 index 0000000000000..2a9a1fc8dfa94 --- /dev/null +++ b/pkgs/tools/security/monkeysphere/openssh-nixos-sandbox.patch @@ -0,0 +1,17 @@ +diff --git a/auth.c b/auth.c +index d2a8cd65..811a129f 100644 +--- a/auth.c ++++ b/auth.c +@@ -580,6 +580,12 @@ getpwnamallow(const char *user) + #endif + + pw = getpwnam(user); ++ if (pw != NULL) { ++ // This is only for testing purposes, ++ // DO NOT USE THIS PATCH IN PRODUCTION! ++ char *shell = "/bin/sh"; ++ pw->pw_shell = shell; ++ } + + #if defined(_AIX) && defined(HAVE_SETAUTHDB) + aix_restoreauthdb(); diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix index 7cb442bdf6273..cf5f760cda47e 100644 --- a/pkgs/tools/security/neopg/default.nix +++ b/pkgs/tools/security/neopg/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { name = "neopg-${version}"; - version = "0.0.5"; + version = "0.0.4"; src = fetchFromGitHub { owner = "das-labor"; repo = "neopg"; rev = "v${version}"; - sha256 = "1ky3pwg6w8kyaa9iksfx6rryva87mbj1h3yi2mrzp2h7jhrfffpp"; + sha256 = "0hhkl326ff6f76k8pwggpzmivbm13fz497nlyy6ybn5bmi9xfblm"; fetchSubmodules = true; }; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index ac79fc8d464cc..4d646cfd332f7 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "vault-${version}"; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "0wqqf9mif6icfl888w2izvml7vqs4hkd5hrq4dhzcyig5w1bp0if"; + sha256 = "17gyl8hb72gwb3vy7nrp3cj9lrj0zgb8xja0bgwqpv511hg1qwwf"; }; nativeBuildInputs = [ go gox removeReferencesTo ]; diff --git a/pkgs/tools/system/collectd/default.nix b/pkgs/tools/system/collectd/default.nix index 8b99f1c7ca9fa..3fdc87808881b 100644 --- a/pkgs/tools/system/collectd/default.nix +++ b/pkgs/tools/system/collectd/default.nix @@ -1,41 +1,44 @@ { stdenv, fetchurl, fetchpatch, darwin -# optional: -, pkgconfig ? null # most of the extra deps need pkgconfig to be found -, curl ? null -, iptables ? null -, jdk ? null -, libatasmart ? null -, libcredis ? null -, libdbi ? null -, libgcrypt ? null -, libmemcached ? null, cyrus_sasl ? null -, libmicrohttpd ? null -, libmodbus ? null -, libnotify ? null, gdk_pixbuf ? null -, liboping ? null -, libpcap ? null -, libsigrok ? null -, libvirt ? null -, libxml2 ? null -, libtool ? null -, lm_sensors ? null -, lvm2 ? null -, mysql ? null -, postgresql ? null -, protobufc ? null -, python ? null -, rabbitmq-c ? null -, riemann_c_client ? null -, rrdtool ? null -, udev ? null -, varnish ? null -, yajl ? null -, net_snmp ? null -, hiredis ? null -, libmnl ? null -, mosquitto ? null -, rdkafka ? null -, mongoc ? null +, autoreconfHook +, pkgconfig +, curl +, iptables +, jdk +, libapparmor +, libatasmart +, libcap_ng +, libcredis +, libdbi +, libgcrypt +, libmemcached, cyrus_sasl +, libmicrohttpd +, libmodbus +, libnotify, gdk_pixbuf +, liboping +, libpcap +, libsigrok +, libvirt +, libxml2 +, libtool +, lm_sensors +, lvm2 +, mysql +, numactl +, postgresql +, protobufc +, python +, rabbitmq-c +, riemann_c_client +, rrdtool +, udev +, varnish +, yajl +, net_snmp +, hiredis +, libmnl +, mosquitto +, rdkafka +, mongoc }: stdenv.mkDerivation rec { version = "5.8.1"; @@ -46,10 +49,14 @@ stdenv.mkDerivation rec { sha256 = "1njk8hh56gb755xafsh7ahmqr9k2d4lam4ddj7s7fqz0gjigv5p7"; }; - # on 5.8.0: lvm2app.h:21:2: error: #warning "liblvm2app is deprecated, use D-Bus API instead." [-Werror=cpp] - NIX_CFLAGS_COMPILE = [ "-Wno-error=cpp" ]; + patches = [ + (fetchpatch { + url = "https://github.com/rpv-tomsk/collectd/commit/d5a3c020d33cc33ee8049f54c7b4dffcd123bf83.patch"; + sha256 = "1n65zw4d2k2bxapayaaw51ym7hy72a0cwi2abd8jgxcw3d0m5g15"; + }) + ]; - nativeBuildInputs = [ pkgconfig ]; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; buildInputs = [ curl libdbi libgcrypt libmemcached cyrus_sasl libnotify gdk_pixbuf liboping libpcap libvirt @@ -60,12 +67,18 @@ stdenv.mkDerivation rec { ] ++ stdenv.lib.optionals stdenv.isLinux [ iptables libatasmart libcredis libmodbus libsigrok lm_sensors lvm2 rabbitmq-c udev net_snmp libmnl + # those might be no longer required when https://github.com/NixOS/nixpkgs/pull/51767 + # is merged + libapparmor numactl libcap_ng ] ++ stdenv.lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.IOKit darwin.apple_sdk.frameworks.ApplicationServices ]; - configureFlags = [ "--localstatedir=/var" ]; + configureFlags = [ + "--localstatedir=/var" + "--disable-werror" + ]; # do not create directories in /var during installPhase postConfigure = '' diff --git a/pkgs/tools/system/localtime/default.nix b/pkgs/tools/system/localtime/default.nix index 442b9a42f2b81..45cf378a14ed3 100644 --- a/pkgs/tools/system/localtime/default.nix +++ b/pkgs/tools/system/localtime/default.nix @@ -1,6 +1,6 @@ -{ stdenv, go, systemd, polkit, fetchFromGitHub, m4, removeReferencesTo }: +{ stdenv, systemd, polkit, fetchFromGitHub, buildGoPackage, m4}: -stdenv.mkDerivation { +buildGoPackage rec { name = "localtime-2017-11-07"; src = fetchFromGitHub { @@ -9,14 +9,20 @@ stdenv.mkDerivation { rev = "2e7b4317c723406bd75b2a1d640219ab9f8090ce"; sha256 = "04fyna8p7q7skzx9fzmncd6gx7x5pwa9jh8a84hpljlvj0kldfs8"; }; + goPackagePath = "github.com/Stebalien/localtime"; - buildInputs = [ go systemd polkit m4 removeReferencesTo ]; - disallowedRequisites = [ go ]; + buildInputs = [ systemd polkit m4 ]; makeFlags = [ "PREFIX=$(out)" ]; - preFixup = '' - find $out/bin -type f -exec remove-references-to -t ${go} '{}' + + buildPhase = '' + cd go/src/${goPackagePath} + make localtimed + ''; + + installPhase = '' + mkdir -p $bin/bin + install -Dm555 localtimed $bin/bin ''; meta = with stdenv.lib; { diff --git a/pkgs/tools/system/syslog-ng/default.nix b/pkgs/tools/system/syslog-ng/default.nix index 1ce7e766a18e4..7283819f14bfa 100644 --- a/pkgs/tools/system/syslog-ng/default.nix +++ b/pkgs/tools/system/syslog-ng/default.nix @@ -11,11 +11,11 @@ in stdenv.mkDerivation rec { name = "${pname}-${version}"; - version = "3.18.1"; + version = "3.19.1"; src = fetchurl { url = "https://github.com/balabit/${pname}/releases/download/${name}/${name}.tar.gz"; - sha256 = "1y1v16vvyirh0qv4wzczqp8d3llh6dl63lz3irwib1qhh7x56dyn"; + sha256 = "0y2ixmbl4af4yf0a56pmg1c00nh0yvlfwr9ck9nhxbdysylk3yaw"; }; nativeBuildInputs = [ pkgconfig which ]; diff --git a/pkgs/tools/video/bento4/default.nix b/pkgs/tools/video/bento4/default.nix index 687f80f1adfca..75964a3c2e5e5 100644 --- a/pkgs/tools/video/bento4/default.nix +++ b/pkgs/tools/video/bento4/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Full-featured MP4 format and MPEG DASH library and tools"; homepage = http://bento4.com; - license = licenses.gpl3; + license = licenses.gpl2Plus; maintainers = with maintainers; [ makefu ]; broken = stdenv.isAarch64; platforms = platforms.linux; diff --git a/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix b/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix new file mode 100644 index 0000000000000..5096c7f94686d --- /dev/null +++ b/pkgs/tools/virtualization/google-compute-engine-oslogin/default.nix @@ -0,0 +1,48 @@ +{ stdenv +, fetchFromGitHub +, curl +, json_c +, pam +}: + +stdenv.mkDerivation rec { + name = "google-compute-engine-oslogin-${version}"; + version = "1.4.3"; + + src = fetchFromGitHub { + repo = "compute-image-packages"; + owner = "GoogleCloudPlatform"; + rev = "2ccfe80f162a01b5b7c3316ca37981fc8b3fc32a"; + sha256 = "036g7609ni164rmm68pzi47vrywfz2rcv0ad67gqf331pvlr92x1"; + }; + sourceRoot = "source/google_compute_engine_oslogin"; + + postPatch = '' + # change sudoers dir from /var/google-sudoers.d to /run/google-sudoers.d (managed through systemd-tmpfiles) + substituteInPlace pam_module/pam_oslogin_admin.cc --replace /var/google-sudoers.d /run/google-sudoers.d + # fix "User foo not allowed because shell /bin/bash does not exist" + substituteInPlace utils/oslogin_utils.cc --replace /bin/bash /bin/sh + ''; + + buildInputs = [ curl.dev pam ]; + + NIX_CFLAGS_COMPILE="-I${json_c.dev}/include/json-c"; + NIX_CFLAGS_LINK="-L${json_c}/lib"; + + installPhase = '' + mkdir -p $out/{bin,lib} + + install -Dm755 libnss_cache_google-compute-engine-oslogin-${version}.so $out/lib/libnss_cache_oslogin.so.2 + install -Dm755 libnss_google-compute-engine-oslogin-${version}.so $out/lib/libnss_oslogin.so.2 + + install -Dm755 pam_oslogin_admin.so pam_oslogin_login.so $out/lib + install -Dm755 google_{oslogin_nss_cache,authorized_keys} $out/bin + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/GoogleCloudPlatform/compute-image-packages; + description = "OS Login Guest Environment for Google Compute Engine"; + license = licenses.asl20; + maintainers = with maintainers; [ adisbladis flokli ]; + }; +} |