diff options
95 files changed, 1819 insertions, 2356 deletions
diff --git a/doc/contributing/coding-conventions.chapter.md b/doc/contributing/coding-conventions.chapter.md index 275a3c7af5d2b..f6a0970165f56 100644 --- a/doc/contributing/coding-conventions.chapter.md +++ b/doc/contributing/coding-conventions.chapter.md @@ -260,6 +260,10 @@ When in doubt, consider refactoring the `pkgs/` tree, e.g. creating new categori - `development/tools/build-managers` (e.g. `gnumake`) + - **If it’s a _language server_:** + + - `development/tools/language-servers` (e.g. `ccls` or `rnix-lsp`) + - **Else:** - `development/tools/misc` (e.g. `binutils`) diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md index a9d8e54cafd89..ec703105e15a3 100644 --- a/doc/languages-frameworks/rust.section.md +++ b/doc/languages-frameworks/rust.section.md @@ -186,6 +186,23 @@ added. To find the correct hash, you can first use `lib.fakeSha256` or `lib.fakeHash` as a stub hash. Building the package (and thus the vendored dependencies) will then inform you of the correct hash. +For usage outside nixpkgs, `allowBuiltinFetchGit` could be used to +avoid having to specify `outputHashes`. For example: + +```nix +rustPlatform.buildRustPackage rec { + pname = "myproject"; + version = "1.0.0"; + + cargoLock = { + lockFile = ./Cargo.lock; + allowBuiltinFetchGit = true; + }; + + # ... +} +``` + ### Cargo features {#cargo-features} You can disable default features using `buildNoDefaultFeatures`, and diff --git a/lib/types.nix b/lib/types.nix index 270ac1748c796..e7e8a99e5743b 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -558,15 +558,6 @@ rec { nestedTypes.elemType = elemType; }; - # TODO: drop this in the future: - loaOf = elemType: types.attrsOf elemType // { - name = "loaOf"; - deprecationMessage = "Mixing lists with attribute values is no longer" - + " possible; please use `types.attrsOf` instead. See" - + " https://github.com/NixOS/nixpkgs/issues/1800 for the motivation."; - nestedTypes.elemType = elemType; - }; - # Value of given type but with no merging (i.e. `uniq list`s are not concatenated). uniq = elemType: mkOptionType rec { name = "uniq"; diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index ab1a63c807991..902678f8c6fda 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -368,6 +368,13 @@ </listitem> <listitem> <para> + The <literal>firewall</literal> and <literal>nat</literal> + module now has a nftables based implementation. Enable + <literal>networking.nftables</literal> to use it. + </para> + </listitem> + <listitem> + <para> The <literal>services.fwupd</literal> module now allows arbitrary daemon settings to be configured in a structured manner diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 76e2a1f8b4329..9ce5384c5a273 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -101,6 +101,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. +- The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it. + - The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)). - The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream. diff --git a/nixos/lib/make-options-doc/default.nix b/nixos/lib/make-options-doc/default.nix index a3436caad8f98..a5e91a31b8bf8 100644 --- a/nixos/lib/make-options-doc/default.nix +++ b/nixos/lib/make-options-doc/default.nix @@ -93,15 +93,19 @@ let in rec { inherit optionsNix; - optionsAsciiDoc = pkgs.runCommand "options.adoc" {} '' - ${pkgs.python3Minimal}/bin/python ${./generateDoc.py} \ + optionsAsciiDoc = pkgs.runCommand "options.adoc" { + nativeBuildInputs = [ pkgs.python3Minimal ]; + } '' + python ${./generateDoc.py} \ --format asciidoc \ ${optionsJSON}/share/doc/nixos/options.json \ > $out ''; - optionsCommonMark = pkgs.runCommand "options.md" {} '' - ${pkgs.python3Minimal}/bin/python ${./generateDoc.py} \ + optionsCommonMark = pkgs.runCommand "options.md" { + nativeBuildInputs = [ pkgs.python3Minimal ]; + } '' + python ${./generateDoc.py} \ --format commonmark \ ${optionsJSON}/share/doc/nixos/options.json \ > $out @@ -153,16 +157,20 @@ in rec { # Convert options.json into an XML file. # The actual generation of the xml file is done in nix purely for the convenience # of not having to generate the xml some other way - optionsXML = pkgs.runCommand "options.xml" {} '' + optionsXML = pkgs.runCommand "options.xml" { + nativeBuildInputs = with pkgs; [ nix ]; + } '' export NIX_STORE_DIR=$TMPDIR/store export NIX_STATE_DIR=$TMPDIR/state - ${pkgs.nix}/bin/nix-instantiate \ + nix-instantiate \ --eval --xml --strict ${./optionsJSONtoXML.nix} \ --argstr file ${optionsJSON}/share/doc/nixos/options.json \ > "$out" ''; - optionsDocBook = pkgs.runCommand "options-docbook.xml" {} '' + optionsDocBook = pkgs.runCommand "options-docbook.xml" { + nativeBuildInputs = with pkgs; [ libxslt.bin libxslt.bin python3Minimal ]; + } '' optionsXML=${optionsXML} if grep /nixpkgs/nixos/modules $optionsXML; then echo "The manual appears to depend on the location of Nixpkgs, which is bad" @@ -172,14 +180,14 @@ in rec { exit 1 fi - ${pkgs.python3Minimal}/bin/python ${./sortXML.py} $optionsXML sorted.xml - ${pkgs.libxslt.bin}/bin/xsltproc \ + python ${./sortXML.py} $optionsXML sorted.xml + xsltproc \ --stringparam documentType '${documentType}' \ --stringparam revision '${revision}' \ --stringparam variablelistId '${variablelistId}' \ --stringparam optionIdPrefix '${optionIdPrefix}' \ -o intermediate.xml ${./options-to-docbook.xsl} sorted.xml - ${pkgs.libxslt.bin}/bin/xsltproc \ + xsltproc \ -o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml ''; } diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index 5a5d88d9a4e00..9108bcbd1652a 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -26,9 +26,7 @@ in imports = [ (mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ]) - (mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] '' - S3TC support is now always enabled in Mesa. - '') + (mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] "S3TC support is now always enabled in Mesa.") ]; options = { @@ -89,21 +87,28 @@ in extraPackages = mkOption { type = types.listOf types.package; default = []; - example = literalExpression "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]"; + example = literalExpression "with pkgs; [ intel-media-driver intel-ocl vaapiIntel ]"; description = lib.mdDoc '' - Additional packages to add to OpenGL drivers. This can be used - to add OpenCL drivers, VA-API/VDPAU drivers etc. + Additional packages to add to OpenGL drivers. + This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. + + ::: {.note} + intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained vaapiIntel driver. + ::: ''; }; extraPackages32 = mkOption { type = types.listOf types.package; default = []; - example = literalExpression "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; + example = literalExpression "with pkgs.pkgsi686Linux; [ intel-media-driver vaapiIntel ]"; description = lib.mdDoc '' - Additional packages to add to 32-bit OpenGL drivers on - 64-bit systems. Used when {option}`driSupport32Bit` is - set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. + Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. + Used when {option}`driSupport32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. + + ::: {.note} + intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained vaapiIntel driver. + ::: ''; }; @@ -124,7 +129,6 @@ in }; config = mkIf cfg.enable { - assertions = [ { assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64; message = "Option driSupport32Bit only makes sense on a 64-bit system."; diff --git a/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix b/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix index 21a257378a633..6bcf6c99545a6 100644 --- a/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix +++ b/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix @@ -18,8 +18,9 @@ let interactiveDriver = (testing.makeTest { inherit nodes; name = "network"; testScript = "start_all(); join_all();"; }).test.driverInteractive; in - -pkgs.runCommand "nixos-build-vms" { nativeBuildInputs = [ pkgs.makeWrapper ]; } '' + pkgs.runCommandLocal "nixos-build-vms" { + nativeBuildInputs = [ pkgs.makeWrapper ]; + } '' mkdir -p $out/bin ln -s ${interactiveDriver}/bin/nixos-test-driver $out/bin/nixos-test-driver ln -s ${interactiveDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index 64a8f7846b463..1557bf4bd3e20 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -77,10 +77,11 @@ let pkgsLibPath = filter (pkgs.path + "/pkgs/pkgs-lib"); nixosPath = filter (pkgs.path + "/nixos"); modules = map (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy; + nativeBuildInputs = with pkgs; [ nix ]; } '' export NIX_STORE_DIR=$TMPDIR/store export NIX_STATE_DIR=$TMPDIR/state - ${pkgs.buildPackages.nix}/bin/nix-instantiate \ + nix-instantiate \ --show-trace \ --eval --json --strict \ --argstr libPath "$libPath" \ diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ac40b6cbfd97c..af7fd4f712ca6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -821,6 +821,8 @@ ./services/networking/firefox-syncserver.nix ./services/networking/fireqos.nix ./services/networking/firewall.nix + ./services/networking/firewall-iptables.nix + ./services/networking/firewall-nftables.nix ./services/networking/flannel.nix ./services/networking/freenet.nix ./services/networking/freeradius.nix @@ -890,6 +892,8 @@ ./services/networking/namecoind.nix ./services/networking/nar-serve.nix ./services/networking/nat.nix + ./services/networking/nat-iptables.nix + ./services/networking/nat-nftables.nix ./services/networking/nats.nix ./services/networking/nbd.nix ./services/networking/ncdns.nix diff --git a/nixos/modules/services/audio/roon-bridge.nix b/nixos/modules/services/audio/roon-bridge.nix index db84ba2862210..e9335091ba9a9 100644 --- a/nixos/modules/services/audio/roon-bridge.nix +++ b/nixos/modules/services/audio/roon-bridge.nix @@ -53,13 +53,18 @@ in { networking.firewall = mkIf cfg.openFirewall { allowedTCPPortRanges = [{ from = 9100; to = 9200; }]; allowedUDPPorts = [ 9003 ]; - extraCommands = '' + extraCommands = optionalString (!config.networking.nftables.enable) '' iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT ''; + extraInputRules = optionalString config.networking.nftables.enable '' + ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept + ip daddr 224.0.0.0/4 accept + pkttype { multicast, broadcast } accept + ''; }; diff --git a/nixos/modules/services/audio/roon-server.nix b/nixos/modules/services/audio/roon-server.nix index 74cae909f5dbe..fbe74f63b9dac 100644 --- a/nixos/modules/services/audio/roon-server.nix +++ b/nixos/modules/services/audio/roon-server.nix @@ -58,7 +58,7 @@ in { { from = 30000; to = 30010; } ]; allowedUDPPorts = [ 9003 ]; - extraCommands = '' + extraCommands = optionalString (!config.networking.nftables.enable) '' ## IGMP / Broadcast ## iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT @@ -66,6 +66,11 @@ in { iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT ''; + extraInputRules = optionalString config.networking.nftables.enable '' + ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept + ip daddr 224.0.0.0/4 accept + pkttype { multicast, broadcast } accept + ''; }; diff --git a/nixos/modules/services/networking/firewall-iptables.nix b/nixos/modules/services/networking/firewall-iptables.nix new file mode 100644 index 0000000000000..63e952194d671 --- /dev/null +++ b/nixos/modules/services/networking/firewall-iptables.nix @@ -0,0 +1,334 @@ +/* This module enables a simple firewall. + + The firewall can be customised in arbitrary ways by setting + ‘networking.firewall.extraCommands’. For modularity, the firewall + uses several chains: + + - ‘nixos-fw’ is the main chain for input packet processing. + + - ‘nixos-fw-accept’ is called for accepted packets. If you want + additional logging, or want to reject certain packets anyway, you + can insert rules at the start of this chain. + + - ‘nixos-fw-log-refuse’ and ‘nixos-fw-refuse’ are called for + refused packets. (The former jumps to the latter after logging + the packet.) If you want additional logging, or want to accept + certain packets anyway, you can insert rules at the start of + this chain. + + - ‘nixos-fw-rpfilter’ is used as the main chain in the mangle table, + called from the built-in ‘PREROUTING’ chain. If the kernel + supports it and `cfg.checkReversePath` is set this chain will + perform a reverse path filter test. + + - ‘nixos-drop’ is used while reloading the firewall in order to drop + all traffic. Since reloading isn't implemented in an atomic way + this'll prevent any traffic from leaking through while reloading + the firewall. However, if the reloading fails, the ‘firewall-stop’ + script will be called which in return will effectively disable the + complete firewall (in the default configuration). + +*/ + +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.networking.firewall; + + inherit (config.boot.kernelPackages) kernel; + + kernelHasRPFilter = ((kernel.config.isEnabled or (x: false)) "IP_NF_MATCH_RPFILTER") || (kernel.features.netfilterRPFilter or false); + + helpers = import ./helpers.nix { inherit config lib; }; + + writeShScript = name: text: + let + dir = pkgs.writeScriptBin name '' + #! ${pkgs.runtimeShell} -e + ${text} + ''; + in + "${dir}/bin/${name}"; + + startScript = writeShScript "firewall-start" '' + ${helpers} + + # Flush the old firewall rules. !!! Ideally, updating the + # firewall would be atomic. Apparently that's possible + # with iptables-restore. + ip46tables -D INPUT -j nixos-fw 2> /dev/null || true + for chain in nixos-fw nixos-fw-accept nixos-fw-log-refuse nixos-fw-refuse; do + ip46tables -F "$chain" 2> /dev/null || true + ip46tables -X "$chain" 2> /dev/null || true + done + + + # The "nixos-fw-accept" chain just accepts packets. + ip46tables -N nixos-fw-accept + ip46tables -A nixos-fw-accept -j ACCEPT + + + # The "nixos-fw-refuse" chain rejects or drops packets. + ip46tables -N nixos-fw-refuse + + ${if cfg.rejectPackets then '' + # Send a reset for existing TCP connections that we've + # somehow forgotten about. Send ICMP "port unreachable" + # for everything else. + ip46tables -A nixos-fw-refuse -p tcp ! --syn -j REJECT --reject-with tcp-reset + ip46tables -A nixos-fw-refuse -j REJECT + '' else '' + ip46tables -A nixos-fw-refuse -j DROP + ''} + + + # The "nixos-fw-log-refuse" chain performs logging, then + # jumps to the "nixos-fw-refuse" chain. + ip46tables -N nixos-fw-log-refuse + + ${optionalString cfg.logRefusedConnections '' + ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " + ''} + ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' + ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ + -j LOG --log-level info --log-prefix "refused broadcast: " + ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ + -j LOG --log-level info --log-prefix "refused multicast: " + ''} + ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse + ${optionalString cfg.logRefusedPackets '' + ip46tables -A nixos-fw-log-refuse \ + -j LOG --log-level info --log-prefix "refused packet: " + ''} + ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse + + + # The "nixos-fw" chain does the actual work. + ip46tables -N nixos-fw + + # Clean up rpfilter rules + ip46tables -t mangle -D PREROUTING -j nixos-fw-rpfilter 2> /dev/null || true + ip46tables -t mangle -F nixos-fw-rpfilter 2> /dev/null || true + ip46tables -t mangle -X nixos-fw-rpfilter 2> /dev/null || true + + ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' + # Perform a reverse-path test to refuse spoofers + # For now, we just drop, as the mangle table doesn't have a log-refuse yet + ip46tables -t mangle -N nixos-fw-rpfilter 2> /dev/null || true + ip46tables -t mangle -A nixos-fw-rpfilter -m rpfilter --validmark ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN + + # Allows this host to act as a DHCP4 client without first having to use APIPA + iptables -t mangle -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN + + # Allows this host to act as a DHCPv4 server + iptables -t mangle -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN + + ${optionalString cfg.logReversePathDrops '' + ip46tables -t mangle -A nixos-fw-rpfilter -j LOG --log-level info --log-prefix "rpfilter drop: " + ''} + ip46tables -t mangle -A nixos-fw-rpfilter -j DROP + + ip46tables -t mangle -A PREROUTING -j nixos-fw-rpfilter + ''} + + # Accept all traffic on the trusted interfaces. + ${flip concatMapStrings cfg.trustedInterfaces (iface: '' + ip46tables -A nixos-fw -i ${iface} -j nixos-fw-accept + '')} + + # Accept packets from established or related connections. + ip46tables -A nixos-fw -m conntrack --ctstate ESTABLISHED,RELATED -j nixos-fw-accept + + # Accept connections to the allowed TCP ports. + ${concatStrings (mapAttrsToList (iface: cfg: + concatMapStrings (port: + '' + ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + '' + ) cfg.allowedTCPPorts + ) cfg.allInterfaces)} + + # Accept connections to the allowed TCP port ranges. + ${concatStrings (mapAttrsToList (iface: cfg: + concatMapStrings (rangeAttr: + let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in + '' + ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + '' + ) cfg.allowedTCPPortRanges + ) cfg.allInterfaces)} + + # Accept packets on the allowed UDP ports. + ${concatStrings (mapAttrsToList (iface: cfg: + concatMapStrings (port: + '' + ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + '' + ) cfg.allowedUDPPorts + ) cfg.allInterfaces)} + + # Accept packets on the allowed UDP port ranges. + ${concatStrings (mapAttrsToList (iface: cfg: + concatMapStrings (rangeAttr: + let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in + '' + ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} + '' + ) cfg.allowedUDPPortRanges + ) cfg.allInterfaces)} + + # Optionally respond to ICMPv4 pings. + ${optionalString cfg.allowPing '' + iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null) + "-m limit ${cfg.pingLimit} " + }-j nixos-fw-accept + ''} + + ${optionalString config.networking.enableIPv6 '' + # Accept all ICMPv6 messages except redirects and node + # information queries (type 139). See RFC 4890, section + # 4.4. + ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP + ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP + ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept + + # Allow this host to act as a DHCPv6 client + ip6tables -A nixos-fw -d fe80::/64 -p udp --dport 546 -j nixos-fw-accept + ''} + + ${cfg.extraCommands} + + # Reject/drop everything else. + ip46tables -A nixos-fw -j nixos-fw-log-refuse + + + # Enable the firewall. + ip46tables -A INPUT -j nixos-fw + ''; + + stopScript = writeShScript "firewall-stop" '' + ${helpers} + + # Clean up in case reload fails + ip46tables -D INPUT -j nixos-drop 2>/dev/null || true + + # Clean up after added ruleset + ip46tables -D INPUT -j nixos-fw 2>/dev/null || true + + ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' + ip46tables -t mangle -D PREROUTING -j nixos-fw-rpfilter 2>/dev/null || true + ''} + + ${cfg.extraStopCommands} + ''; + + reloadScript = writeShScript "firewall-reload" '' + ${helpers} + + # Create a unique drop rule + ip46tables -D INPUT -j nixos-drop 2>/dev/null || true + ip46tables -F nixos-drop 2>/dev/null || true + ip46tables -X nixos-drop 2>/dev/null || true + ip46tables -N nixos-drop + ip46tables -A nixos-drop -j DROP + + # Don't allow traffic to leak out until the script has completed + ip46tables -A INPUT -j nixos-drop + + ${cfg.extraStopCommands} + + if ${startScript}; then + ip46tables -D INPUT -j nixos-drop 2>/dev/null || true + else + echo "Failed to reload firewall... Stopping" + ${stopScript} + exit 1 + fi + ''; + +in + +{ + + options = { + + networking.firewall = { + extraCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -A INPUT -p icmp -j ACCEPT"; + description = lib.mdDoc '' + Additional shell commands executed as part of the firewall + initialisation script. These are executed just before the + final "reject" firewall rule is added, so they can be used + to allow packets that would otherwise be refused. + + This option only works with the iptables based firewall. + ''; + }; + + extraStopCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -P INPUT ACCEPT"; + description = lib.mdDoc '' + Additional shell commands executed as part of the firewall + shutdown script. These are executed just after the removal + of the NixOS input rule, or if the service enters a failed + state. + + This option only works with the iptables based firewall. + ''; + }; + }; + + }; + + # FIXME: Maybe if `enable' is false, the firewall should still be + # built but not started by default? + config = mkIf (cfg.enable && config.networking.nftables.enable == false) { + + assertions = [ + # This is approximately "checkReversePath -> kernelHasRPFilter", + # but the checkReversePath option can include non-boolean + # values. + { + assertion = cfg.checkReversePath == false || kernelHasRPFilter; + message = "This kernel does not support rpfilter"; + } + ]; + + networking.firewall.checkReversePath = mkIf (!kernelHasRPFilter) (mkDefault false); + + systemd.services.firewall = { + description = "Firewall"; + wantedBy = [ "sysinit.target" ]; + wants = [ "network-pre.target" ]; + before = [ "network-pre.target" ]; + after = [ "systemd-modules-load.service" ]; + + path = [ cfg.package ] ++ cfg.extraPackages; + + # FIXME: this module may also try to load kernel modules, but + # containers don't have CAP_SYS_MODULE. So the host system had + # better have all necessary modules already loaded. + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; + unitConfig.DefaultDependencies = false; + + reloadIfChanged = true; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "@${startScript} firewall-start"; + ExecReload = "@${reloadScript} firewall-reload"; + ExecStop = "@${stopScript} firewall-stop"; + }; + }; + + }; + +} diff --git a/nixos/modules/services/networking/firewall-nftables.nix b/nixos/modules/services/networking/firewall-nftables.nix new file mode 100644 index 0000000000000..0ed3c228075d3 --- /dev/null +++ b/nixos/modules/services/networking/firewall-nftables.nix @@ -0,0 +1,167 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.networking.firewall; + + ifaceSet = concatStringsSep ", " ( + map (x: ''"${x}"'') cfg.trustedInterfaces + ); + + portsToNftSet = ports: portRanges: concatStringsSep ", " ( + map (x: toString x) ports + ++ map (x: "${toString x.from}-${toString x.to}") portRanges + ); + +in + +{ + + options = { + + networking.firewall = { + extraInputRules = mkOption { + type = types.lines; + default = ""; + example = "ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"; + description = lib.mdDoc '' + Additional nftables rules to be appended to the input-allow + chain. + + This option only works with the nftables based firewall. + ''; + }; + + extraForwardRules = mkOption { + type = types.lines; + default = ""; + example = "iifname wg0 accept"; + description = lib.mdDoc '' + Additional nftables rules to be appended to the forward-allow + chain. + + This option only works with the nftables based firewall. + ''; + }; + }; + + }; + + config = mkIf (cfg.enable && config.networking.nftables.enable) { + + assertions = [ + { + assertion = cfg.extraCommands == ""; + message = "extraCommands is incompatible with the nftables based firewall: ${cfg.extraCommands}"; + } + { + assertion = cfg.extraStopCommands == ""; + message = "extraStopCommands is incompatible with the nftables based firewall: ${cfg.extraStopCommands}"; + } + { + assertion = cfg.pingLimit == null || !(hasPrefix "--" cfg.pingLimit); + message = "nftables syntax like \"2/second\" should be used in networking.firewall.pingLimit"; + } + { + assertion = config.networking.nftables.rulesetFile == null; + message = "networking.nftables.rulesetFile conflicts with the firewall"; + } + ]; + + networking.nftables.ruleset = '' + + table inet nixos-fw { + + ${optionalString (cfg.checkReversePath != false) '' + chain rpfilter { + type filter hook prerouting priority mangle + 10; policy drop; + + meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server" + fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept + + ${optionalString cfg.logReversePathDrops '' + log level info prefix "rpfilter drop: " + ''} + + } + ''} + + chain input { + type filter hook input priority filter; policy drop; + + ${optionalString (ifaceSet != "") ''iifname { ${ifaceSet} } accept comment "trusted interfaces"''} + + # Some ICMPv6 types like NDP is untracked + ct state vmap { invalid : drop, established : accept, related : accept, * : jump input-allow } comment "*: new and untracked" + + ${optionalString cfg.logRefusedConnections '' + tcp flags syn / fin,syn,rst,ack log level info prefix "refused connection: " + ''} + ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' + pkttype broadcast log level info prefix "refused broadcast: " + pkttype multicast log level info prefix "refused multicast: " + ''} + ${optionalString cfg.logRefusedPackets '' + pkttype host log level info prefix "refused packet: " + ''} + + ${optionalString cfg.rejectPackets '' + meta l4proto tcp reject with tcp reset + reject + ''} + + } + + chain input-allow { + + ${concatStrings (mapAttrsToList (iface: cfg: + let + ifaceExpr = optionalString (iface != "default") "iifname ${iface}"; + tcpSet = portsToNftSet cfg.allowedTCPPorts cfg.allowedTCPPortRanges; + udpSet = portsToNftSet cfg.allowedUDPPorts cfg.allowedUDPPortRanges; + in + '' + ${optionalString (tcpSet != "") "${ifaceExpr} tcp dport { ${tcpSet} } accept"} + ${optionalString (udpSet != "") "${ifaceExpr} udp dport { ${udpSet} } accept"} + '' + ) cfg.allInterfaces)} + + ${optionalString cfg.allowPing '' + icmp type echo-request ${optionalString (cfg.pingLimit != null) "limit rate ${cfg.pingLimit}"} accept comment "allow ping" + ''} + + icmpv6 type != { nd-redirect, 139 } accept comment "Accept all ICMPv6 messages except redirects and node information queries (type 139). See RFC 4890, section 4.4." + ip6 daddr fe80::/64 udp dport 546 accept comment "DHCPv6 client" + + ${cfg.extraInputRules} + + } + + ${optionalString cfg.filterForward '' + chain forward { + type filter hook forward priority filter; policy drop; + + ct state vmap { invalid : drop, established : accept, related : accept, * : jump forward-allow } comment "*: new and untracked" + + } + + chain forward-allow { + + icmpv6 type != { router-renumbering, 139 } accept comment "Accept all ICMPv6 messages except renumbering and node information queries (type 139). See RFC 4890, section 4.3." + + ct status dnat accept comment "allow port forward" + + ${cfg.extraForwardRules} + + } + ''} + + } + + ''; + + }; + +} diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 27119dcc57c55..4e332d489e4dc 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -1,35 +1,3 @@ -/* This module enables a simple firewall. - - The firewall can be customised in arbitrary ways by setting - ‘networking.firewall.extraCommands’. For modularity, the firewall - uses several chains: - - - ‘nixos-fw’ is the main chain for input packet processing. - - - ‘nixos-fw-accept’ is called for accepted packets. If you want - additional logging, or want to reject certain packets anyway, you - can insert rules at the start of this chain. - - - ‘nixos-fw-log-refuse’ and ‘nixos-fw-refuse’ are called for - refused packets. (The former jumps to the latter after logging - the packet.) If you want additional logging, or want to accept - certain packets anyway, you can insert rules at the start of - this chain. - - - ‘nixos-fw-rpfilter’ is used as the main chain in the mangle table, - called from the built-in ‘PREROUTING’ chain. If the kernel - supports it and `cfg.checkReversePath` is set this chain will - perform a reverse path filter test. - - - ‘nixos-drop’ is used while reloading the firewall in order to drop - all traffic. Since reloading isn't implemented in an atomic way - this'll prevent any traffic from leaking through while reloading - the firewall. However, if the reloading fails, the ‘firewall-stop’ - script will be called which in return will effectively disable the - complete firewall (in the default configuration). - -*/ - { config, lib, pkgs, ... }: with lib; @@ -38,216 +6,6 @@ let cfg = config.networking.firewall; - inherit (config.boot.kernelPackages) kernel; - - kernelHasRPFilter = ((kernel.config.isEnabled or (x: false)) "IP_NF_MATCH_RPFILTER") || (kernel.features.netfilterRPFilter or false); - - helpers = import ./helpers.nix { inherit config lib; }; - - writeShScript = name: text: let dir = pkgs.writeScriptBin name '' - #! ${pkgs.runtimeShell} -e - ${text} - ''; in "${dir}/bin/${name}"; - - defaultInterface = { default = mapAttrs (name: value: cfg.${name}) commonOptions; }; - allInterfaces = defaultInterface // cfg.interfaces; - - startScript = writeShScript "firewall-start" '' - ${helpers} - - # Flush the old firewall rules. !!! Ideally, updating the - # firewall would be atomic. Apparently that's possible - # with iptables-restore. - ip46tables -D INPUT -j nixos-fw 2> /dev/null || true - for chain in nixos-fw nixos-fw-accept nixos-fw-log-refuse nixos-fw-refuse; do - ip46tables -F "$chain" 2> /dev/null || true - ip46tables -X "$chain" 2> /dev/null || true - done - - - # The "nixos-fw-accept" chain just accepts packets. - ip46tables -N nixos-fw-accept - ip46tables -A nixos-fw-accept -j ACCEPT - - - # The "nixos-fw-refuse" chain rejects or drops packets. - ip46tables -N nixos-fw-refuse - - ${if cfg.rejectPackets then '' - # Send a reset for existing TCP connections that we've - # somehow forgotten about. Send ICMP "port unreachable" - # for everything else. - ip46tables -A nixos-fw-refuse -p tcp ! --syn -j REJECT --reject-with tcp-reset - ip46tables -A nixos-fw-refuse -j REJECT - '' else '' - ip46tables -A nixos-fw-refuse -j DROP - ''} - - - # The "nixos-fw-log-refuse" chain performs logging, then - # jumps to the "nixos-fw-refuse" chain. - ip46tables -N nixos-fw-log-refuse - - ${optionalString cfg.logRefusedConnections '' - ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " - ''} - ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' - ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ - -j LOG --log-level info --log-prefix "refused broadcast: " - ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ - -j LOG --log-level info --log-prefix "refused multicast: " - ''} - ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse - ${optionalString cfg.logRefusedPackets '' - ip46tables -A nixos-fw-log-refuse \ - -j LOG --log-level info --log-prefix "refused packet: " - ''} - ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse - - - # The "nixos-fw" chain does the actual work. - ip46tables -N nixos-fw - - # Clean up rpfilter rules - ip46tables -t mangle -D PREROUTING -j nixos-fw-rpfilter 2> /dev/null || true - ip46tables -t mangle -F nixos-fw-rpfilter 2> /dev/null || true - ip46tables -t mangle -X nixos-fw-rpfilter 2> /dev/null || true - - ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' - # Perform a reverse-path test to refuse spoofers - # For now, we just drop, as the mangle table doesn't have a log-refuse yet - ip46tables -t mangle -N nixos-fw-rpfilter 2> /dev/null || true - ip46tables -t mangle -A nixos-fw-rpfilter -m rpfilter --validmark ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN - - # Allows this host to act as a DHCP4 client without first having to use APIPA - iptables -t mangle -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN - - # Allows this host to act as a DHCPv4 server - iptables -t mangle -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN - - ${optionalString cfg.logReversePathDrops '' - ip46tables -t mangle -A nixos-fw-rpfilter -j LOG --log-level info --log-prefix "rpfilter drop: " - ''} - ip46tables -t mangle -A nixos-fw-rpfilter -j DROP - - ip46tables -t mangle -A PREROUTING -j nixos-fw-rpfilter - ''} - - # Accept all traffic on the trusted interfaces. - ${flip concatMapStrings cfg.trustedInterfaces (iface: '' - ip46tables -A nixos-fw -i ${iface} -j nixos-fw-accept - '')} - - # Accept packets from established or related connections. - ip46tables -A nixos-fw -m conntrack --ctstate ESTABLISHED,RELATED -j nixos-fw-accept - - # Accept connections to the allowed TCP ports. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (port: - '' - ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} - '' - ) cfg.allowedTCPPorts - ) allInterfaces)} - - # Accept connections to the allowed TCP port ranges. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (rangeAttr: - let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in - '' - ip46tables -A nixos-fw -p tcp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} - '' - ) cfg.allowedTCPPortRanges - ) allInterfaces)} - - # Accept packets on the allowed UDP ports. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (port: - '' - ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} - '' - ) cfg.allowedUDPPorts - ) allInterfaces)} - - # Accept packets on the allowed UDP port ranges. - ${concatStrings (mapAttrsToList (iface: cfg: - concatMapStrings (rangeAttr: - let range = toString rangeAttr.from + ":" + toString rangeAttr.to; in - '' - ip46tables -A nixos-fw -p udp --dport ${range} -j nixos-fw-accept ${optionalString (iface != "default") "-i ${iface}"} - '' - ) cfg.allowedUDPPortRanges - ) allInterfaces)} - - # Optionally respond to ICMPv4 pings. - ${optionalString cfg.allowPing '' - iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null) - "-m limit ${cfg.pingLimit} " - }-j nixos-fw-accept - ''} - - ${optionalString config.networking.enableIPv6 '' - # Accept all ICMPv6 messages except redirects and node - # information queries (type 139). See RFC 4890, section - # 4.4. - ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP - ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP - ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept - - # Allow this host to act as a DHCPv6 client - ip6tables -A nixos-fw -d fe80::/64 -p udp --dport 546 -j nixos-fw-accept - ''} - - ${cfg.extraCommands} - - # Reject/drop everything else. - ip46tables -A nixos-fw -j nixos-fw-log-refuse - - - # Enable the firewall. - ip46tables -A INPUT -j nixos-fw - ''; - - stopScript = writeShScript "firewall-stop" '' - ${helpers} - - # Clean up in case reload fails - ip46tables -D INPUT -j nixos-drop 2>/dev/null || true - - # Clean up after added ruleset - ip46tables -D INPUT -j nixos-fw 2>/dev/null || true - - ${optionalString (kernelHasRPFilter && (cfg.checkReversePath != false)) '' - ip46tables -t mangle -D PREROUTING -j nixos-fw-rpfilter 2>/dev/null || true - ''} - - ${cfg.extraStopCommands} - ''; - - reloadScript = writeShScript "firewall-reload" '' - ${helpers} - - # Create a unique drop rule - ip46tables -D INPUT -j nixos-drop 2>/dev/null || true - ip46tables -F nixos-drop 2>/dev/null || true - ip46tables -X nixos-drop 2>/dev/null || true - ip46tables -N nixos-drop - ip46tables -A nixos-drop -j DROP - - # Don't allow traffic to leak out until the script has completed - ip46tables -A INPUT -j nixos-drop - - ${cfg.extraStopCommands} - - if ${startScript}; then - ip46tables -D INPUT -j nixos-drop 2>/dev/null || true - else - echo "Failed to reload firewall... Stopping" - ${stopScript} - exit 1 - fi - ''; - canonicalizePortList = ports: lib.unique (builtins.sort builtins.lessThan ports); @@ -257,22 +15,20 @@ let default = [ ]; apply = canonicalizePortList; example = [ 22 80 ]; - description = - lib.mdDoc '' - List of TCP ports on which incoming connections are - accepted. - ''; + description = lib.mdDoc '' + List of TCP ports on which incoming connections are + accepted. + ''; }; allowedTCPPortRanges = mkOption { type = types.listOf (types.attrsOf types.port); default = [ ]; - example = [ { from = 8999; to = 9003; } ]; - description = - lib.mdDoc '' - A range of TCP ports on which incoming connections are - accepted. - ''; + example = [{ from = 8999; to = 9003; }]; + description = lib.mdDoc '' + A range of TCP ports on which incoming connections are + accepted. + ''; }; allowedUDPPorts = mkOption { @@ -280,20 +36,18 @@ let default = [ ]; apply = canonicalizePortList; example = [ 53 ]; - description = - lib.mdDoc '' - List of open UDP ports. - ''; + description = lib.mdDoc '' + List of open UDP ports. + ''; }; allowedUDPPortRanges = mkOption { type = types.listOf (types.attrsOf types.port); default = [ ]; - example = [ { from = 60000; to = 61000; } ]; - description = - lib.mdDoc '' - Range of open UDP ports. - ''; + example = [{ from = 60000; to = 61000; }]; + description = lib.mdDoc '' + Range of open UDP ports. + ''; }; }; @@ -301,240 +55,222 @@ in { - ###### interface - options = { networking.firewall = { enable = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' - Whether to enable the firewall. This is a simple stateful - firewall that blocks connection attempts to unauthorised TCP - or UDP ports on this machine. It does not affect packet - forwarding. - ''; + description = lib.mdDoc '' + Whether to enable the firewall. This is a simple stateful + firewall that blocks connection attempts to unauthorised TCP + or UDP ports on this machine. + ''; }; package = mkOption { type = types.package; - default = pkgs.iptables; - defaultText = literalExpression "pkgs.iptables"; + default = if config.networking.nftables.enable then pkgs.nftables else pkgs.iptables; + defaultText = literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; example = literalExpression "pkgs.iptables-legacy"; - description = - lib.mdDoc '' - The iptables package to use for running the firewall service. - ''; + description = lib.mdDoc '' + The package to use for running the firewall service. + ''; }; logRefusedConnections = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' - Whether to log rejected or dropped incoming connections. - Note: The logs are found in the kernel logs, i.e. dmesg - or journalctl -k. - ''; + description = lib.mdDoc '' + Whether to log rejected or dropped incoming connections. + Note: The logs are found in the kernel logs, i.e. dmesg + or journalctl -k. + ''; }; logRefusedPackets = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' - Whether to log all rejected or dropped incoming packets. - This tends to give a lot of log messages, so it's mostly - useful for debugging. - Note: The logs are found in the kernel logs, i.e. dmesg - or journalctl -k. - ''; + description = lib.mdDoc '' + Whether to log all rejected or dropped incoming packets. + This tends to give a lot of log messages, so it's mostly + useful for debugging. + Note: The logs are found in the kernel logs, i.e. dmesg + or journalctl -k. + ''; }; logRefusedUnicastsOnly = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' - If {option}`networking.firewall.logRefusedPackets` - and this option are enabled, then only log packets - specifically directed at this machine, i.e., not broadcasts - or multicasts. - ''; + description = lib.mdDoc '' + If {option}`networking.firewall.logRefusedPackets` + and this option are enabled, then only log packets + specifically directed at this machine, i.e., not broadcasts + or multicasts. + ''; }; rejectPackets = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' - If set, refused packets are rejected rather than dropped - (ignored). This means that an ICMP "port unreachable" error - message is sent back to the client (or a TCP RST packet in - case of an existing connection). Rejecting packets makes - port scanning somewhat easier. - ''; + description = lib.mdDoc '' + If set, refused packets are rejected rather than dropped + (ignored). This means that an ICMP "port unreachable" error + message is sent back to the client (or a TCP RST packet in + case of an existing connection). Rejecting packets makes + port scanning somewhat easier. + ''; }; trustedInterfaces = mkOption { type = types.listOf types.str; default = [ ]; example = [ "enp0s2" ]; - description = - lib.mdDoc '' - Traffic coming in from these interfaces will be accepted - unconditionally. Traffic from the loopback (lo) interface - will always be accepted. - ''; + description = lib.mdDoc '' + Traffic coming in from these interfaces will be accepted + unconditionally. Traffic from the loopback (lo) interface + will always be accepted. + ''; }; allowPing = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' - Whether to respond to incoming ICMPv4 echo requests - ("pings"). ICMPv6 pings are always allowed because the - larger address space of IPv6 makes network scanning much - less effective. - ''; + description = lib.mdDoc '' + Whether to respond to incoming ICMPv4 echo requests + ("pings"). ICMPv6 pings are always allowed because the + larger address space of IPv6 makes network scanning much + less effective. + ''; }; pingLimit = mkOption { type = types.nullOr (types.separatedString " "); default = null; example = "--limit 1/minute --limit-burst 5"; - description = - lib.mdDoc '' - If pings are allowed, this allows setting rate limits - on them. If non-null, this option should be in the form of - flags like "--limit 1/minute --limit-burst 5" - ''; + description = lib.mdDoc '' + If pings are allowed, this allows setting rate limits on them. + + For the iptables based firewall, it should be set like + "--limit 1/minute --limit-burst 5". + + For the nftables based firewall, it should be set like + "2/second" or "1/minute burst 5 packets". + ''; }; checkReversePath = mkOption { - type = types.either types.bool (types.enum ["strict" "loose"]); - default = kernelHasRPFilter; - defaultText = literalMD "`true` if supported by the chosen kernel"; + type = types.either types.bool (types.enum [ "strict" "loose" ]); + default = true; + defaultText = literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; example = "loose"; - description = - lib.mdDoc '' - Performs a reverse path filter test on a packet. If a reply - to the packet would not be sent via the same interface that - the packet arrived on, it is refused. - - If using asymmetric routing or other complicated routing, set - this option to loose mode or disable it and setup your own - counter-measures. - - This option can be either true (or "strict"), "loose" (only - drop the packet if the source address is not reachable via any - interface) or false. Defaults to the value of - kernelHasRPFilter. - ''; + description = lib.mdDoc '' + Performs a reverse path filter test on a packet. If a reply + to the packet would not be sent via the same interface that + the packet arrived on, it is refused. + + If using asymmetric routing or other complicated routing, set + this option to loose mode or disable it and setup your own + counter-measures. + + This option can be either true (or "strict"), "loose" (only + drop the packet if the source address is not reachable via any + interface) or false. + ''; }; logReversePathDrops = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' - Logs dropped packets failing the reverse path filter test if - the option networking.firewall.checkReversePath is enabled. - ''; + description = lib.mdDoc '' + Logs dropped packets failing the reverse path filter test if + the option networking.firewall.checkReversePath is enabled. + ''; + }; + + filterForward = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Enable filtering in IP forwarding. + + This option only works with the nftables based firewall. + ''; }; connectionTrackingModules = mkOption { type = types.listOf types.str; default = [ ]; example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]; - description = - lib.mdDoc '' - List of connection-tracking helpers that are auto-loaded. - The complete list of possible values is given in the example. - - As helpers can pose as a security risk, it is advised to - set this to an empty list and disable the setting - networking.firewall.autoLoadConntrackHelpers unless you - know what you are doing. Connection tracking is disabled - by default. - - Loading of helpers is recommended to be done through the - CT target. More info: - https://home.regit.org/netfilter-en/secure-use-of-helpers/ - ''; + description = lib.mdDoc '' + List of connection-tracking helpers that are auto-loaded. + The complete list of possible values is given in the example. + + As helpers can pose as a security risk, it is advised to + set this to an empty list and disable the setting + networking.firewall.autoLoadConntrackHelpers unless you + know what you are doing. Connection tracking is disabled + by default. + + Loading of helpers is recommended to be done through the + CT target. More info: + https://home.regit.org/netfilter-en/secure-use-of-helpers/ + ''; }; autoLoadConntrackHelpers = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' - Whether to auto-load connection-tracking helpers. - See the description at networking.firewall.connectionTrackingModules - - (needs kernel 3.5+) - ''; - }; + description = lib.mdDoc '' + Whether to auto-load connection-tracking helpers. + See the description at networking.firewall.connectionTrackingModules - extraCommands = mkOption { - type = types.lines; - default = ""; - example = "iptables -A INPUT -p icmp -j ACCEPT"; - description = - lib.mdDoc '' - Additional shell commands executed as part of the firewall - initialisation script. These are executed just before the - final "reject" firewall rule is added, so they can be used - to allow packets that would otherwise be refused. - ''; + (needs kernel 3.5+) + ''; }; extraPackages = mkOption { type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.ipset ]"; - description = - lib.mdDoc '' - Additional packages to be included in the environment of the system - as well as the path of networking.firewall.extraCommands. - ''; - }; - - extraStopCommands = mkOption { - type = types.lines; - default = ""; - example = "iptables -P INPUT ACCEPT"; - description = - lib.mdDoc '' - Additional shell commands executed as part of the firewall - shutdown script. These are executed just after the removal - of the NixOS input rule, or if the service enters a failed - state. - ''; + description = lib.mdDoc '' + Additional packages to be included in the environment of the system + as well as the path of networking.firewall.extraCommands. + ''; }; interfaces = mkOption { default = { }; - type = with types; attrsOf (submodule [ { options = commonOptions; } ]); - description = - lib.mdDoc '' - Interface-specific open ports. - ''; + type = with types; attrsOf (submodule [{ options = commonOptions; }]); + description = lib.mdDoc '' + Interface-specific open ports. + ''; + }; + + allInterfaces = mkOption { + internal = true; + visible = false; + default = { default = mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; + type = with types; attrsOf (submodule [{ options = commonOptions; }]); + description = lib.mdDoc '' + All open ports. + ''; }; } // commonOptions; }; - ###### implementation - - # FIXME: Maybe if `enable' is false, the firewall should still be - # built but not started by default? config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.filterForward -> config.networking.nftables.enable; + message = "filterForward only works with the nftables based firewall"; + } + ]; + networking.firewall.trustedInterfaces = [ "lo" ]; environment.systemPackages = [ cfg.package ] ++ cfg.extraPackages; @@ -545,40 +281,6 @@ in options nf_conntrack nf_conntrack_helper=1 ''; - assertions = [ - # This is approximately "checkReversePath -> kernelHasRPFilter", - # but the checkReversePath option can include non-boolean - # values. - { assertion = cfg.checkReversePath == false || kernelHasRPFilter; - message = "This kernel does not support rpfilter"; } - ]; - - systemd.services.firewall = { - description = "Firewall"; - wantedBy = [ "sysinit.target" ]; - wants = [ "network-pre.target" ]; - before = [ "network-pre.target" ]; - after = [ "systemd-modules-load.service" ]; - - path = [ cfg.package ] ++ cfg.extraPackages; - - # FIXME: this module may also try to load kernel modules, but - # containers don't have CAP_SYS_MODULE. So the host system had - # better have all necessary modules already loaded. - unitConfig.ConditionCapability = "CAP_NET_ADMIN"; - unitConfig.DefaultDependencies = false; - - reloadIfChanged = true; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "@${startScript} firewall-start"; - ExecReload = "@${reloadScript} firewall-reload"; - ExecStop = "@${stopScript} firewall-stop"; - }; - }; - }; } diff --git a/nixos/modules/services/networking/nat-iptables.nix b/nixos/modules/services/networking/nat-iptables.nix new file mode 100644 index 0000000000000..d1bed401feeb9 --- /dev/null +++ b/nixos/modules/services/networking/nat-iptables.nix @@ -0,0 +1,191 @@ +# This module enables Network Address Translation (NAT). +# XXX: todo: support multiple upstream links +# see http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.networking.nat; + + mkDest = externalIP: + if externalIP == null + then "-j MASQUERADE" + else "-j SNAT --to-source ${externalIP}"; + dest = mkDest cfg.externalIP; + destIPv6 = mkDest cfg.externalIPv6; + + # Whether given IP (plus optional port) is an IPv6. + isIPv6 = ip: builtins.length (lib.splitString ":" ip) > 2; + + helpers = import ./helpers.nix { inherit config lib; }; + + flushNat = '' + ${helpers} + ip46tables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true + ip46tables -w -t nat -F nixos-nat-pre 2>/dev/null || true + ip46tables -w -t nat -X nixos-nat-pre 2>/dev/null || true + ip46tables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -F nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -X nixos-nat-post 2>/dev/null || true + ip46tables -w -t nat -D OUTPUT -j nixos-nat-out 2>/dev/null || true + ip46tables -w -t nat -F nixos-nat-out 2>/dev/null || true + ip46tables -w -t nat -X nixos-nat-out 2>/dev/null || true + + ${cfg.extraStopCommands} + ''; + + mkSetupNat = { iptables, dest, internalIPs, forwardPorts }: '' + # We can't match on incoming interface in POSTROUTING, so + # mark packets coming from the internal interfaces. + ${concatMapStrings (iface: '' + ${iptables} -w -t nat -A nixos-nat-pre \ + -i '${iface}' -j MARK --set-mark 1 + '') cfg.internalInterfaces} + + # NAT the marked packets. + ${optionalString (cfg.internalInterfaces != []) '' + ${iptables} -w -t nat -A nixos-nat-post -m mark --mark 1 \ + ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest} + ''} + + # NAT packets coming from the internal IPs. + ${concatMapStrings (range: '' + ${iptables} -w -t nat -A nixos-nat-post \ + -s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest} + '') internalIPs} + + # NAT from external ports to internal ports. + ${concatMapStrings (fwd: '' + ${iptables} -w -t nat -A nixos-nat-pre \ + -i ${toString cfg.externalInterface} -p ${fwd.proto} \ + --dport ${builtins.toString fwd.sourcePort} \ + -j DNAT --to-destination ${fwd.destination} + + ${concatMapStrings (loopbackip: + let + matchIP = if isIPv6 fwd.destination then "[[]([0-9a-fA-F:]+)[]]" else "([0-9.]+)"; + m = builtins.match "${matchIP}:([0-9-]+)" fwd.destination; + destinationIP = if m == null then throw "bad ip:ports `${fwd.destination}'" else elemAt m 0; + destinationPorts = if m == null then throw "bad ip:ports `${fwd.destination}'" else builtins.replaceStrings ["-"] [":"] (elemAt m 1); + in '' + # Allow connections to ${loopbackip}:${toString fwd.sourcePort} from the host itself + ${iptables} -w -t nat -A nixos-nat-out \ + -d ${loopbackip} -p ${fwd.proto} \ + --dport ${builtins.toString fwd.sourcePort} \ + -j DNAT --to-destination ${fwd.destination} + + # Allow connections to ${loopbackip}:${toString fwd.sourcePort} from other hosts behind NAT + ${iptables} -w -t nat -A nixos-nat-pre \ + -d ${loopbackip} -p ${fwd.proto} \ + --dport ${builtins.toString fwd.sourcePort} \ + -j DNAT --to-destination ${fwd.destination} + + ${iptables} -w -t nat -A nixos-nat-post \ + -d ${destinationIP} -p ${fwd.proto} \ + --dport ${destinationPorts} \ + -j SNAT --to-source ${loopbackip} + '') fwd.loopbackIPs} + '') forwardPorts} + ''; + + setupNat = '' + ${helpers} + # Create subchains where we store rules + ip46tables -w -t nat -N nixos-nat-pre + ip46tables -w -t nat -N nixos-nat-post + ip46tables -w -t nat -N nixos-nat-out + + ${mkSetupNat { + iptables = "iptables"; + inherit dest; + inherit (cfg) internalIPs; + forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts; + }} + + ${optionalString cfg.enableIPv6 (mkSetupNat { + iptables = "ip6tables"; + dest = destIPv6; + internalIPs = cfg.internalIPv6s; + forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts; + })} + + ${optionalString (cfg.dmzHost != null) '' + iptables -w -t nat -A nixos-nat-pre \ + -i ${toString cfg.externalInterface} -j DNAT \ + --to-destination ${cfg.dmzHost} + ''} + + ${cfg.extraCommands} + + # Append our chains to the nat tables + ip46tables -w -t nat -A PREROUTING -j nixos-nat-pre + ip46tables -w -t nat -A POSTROUTING -j nixos-nat-post + ip46tables -w -t nat -A OUTPUT -j nixos-nat-out + ''; + +in + +{ + + options = { + + networking.nat.extraCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -A INPUT -p icmp -j ACCEPT"; + description = lib.mdDoc '' + Additional shell commands executed as part of the nat + initialisation script. + + This option is incompatible with the nftables based nat module. + ''; + }; + + networking.nat.extraStopCommands = mkOption { + type = types.lines; + default = ""; + example = "iptables -D INPUT -p icmp -j ACCEPT || true"; + description = lib.mdDoc '' + Additional shell commands executed as part of the nat + teardown script. + + This option is incompatible with the nftables based nat module. + ''; + }; + + }; + + + config = mkIf (!config.networking.nftables.enable) + (mkMerge [ + ({ networking.firewall.extraCommands = mkBefore flushNat; }) + (mkIf config.networking.nat.enable { + + networking.firewall = mkIf config.networking.firewall.enable { + extraCommands = setupNat; + extraStopCommands = flushNat; + }; + + systemd.services = mkIf (!config.networking.firewall.enable) { + nat = { + description = "Network Address Translation"; + wantedBy = [ "network.target" ]; + after = [ "network-pre.target" "systemd-modules-load.service" ]; + path = [ config.networking.firewall.package ]; + unitConfig.ConditionCapability = "CAP_NET_ADMIN"; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + script = flushNat + setupNat; + + postStop = flushNat; + }; + }; + }) + ]); +} diff --git a/nixos/modules/services/networking/nat-nftables.nix b/nixos/modules/services/networking/nat-nftables.nix new file mode 100644 index 0000000000000..483910a16658c --- /dev/null +++ b/nixos/modules/services/networking/nat-nftables.nix @@ -0,0 +1,184 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.networking.nat; + + mkDest = externalIP: + if externalIP == null + then "masquerade" + else "snat ${externalIP}"; + dest = mkDest cfg.externalIP; + destIPv6 = mkDest cfg.externalIPv6; + + toNftSet = list: concatStringsSep ", " list; + toNftRange = ports: replaceStrings [ ":" ] [ "-" ] (toString ports); + + ifaceSet = toNftSet (map (x: ''"${x}"'') cfg.internalInterfaces); + ipSet = toNftSet cfg.internalIPs; + ipv6Set = toNftSet cfg.internalIPv6s; + oifExpr = optionalString (cfg.externalInterface != null) ''oifname "${cfg.externalInterface}"''; + + # Whether given IP (plus optional port) is an IPv6. + isIPv6 = ip: length (lib.splitString ":" ip) > 2; + + splitIPPorts = IPPorts: + let + matchIP = if isIPv6 IPPorts then "[[]([0-9a-fA-F:]+)[]]" else "([0-9.]+)"; + m = builtins.match "${matchIP}:([0-9-]+)" IPPorts; + in + { + IP = if m == null then throw "bad ip:ports `${IPPorts}'" else elemAt m 0; + ports = if m == null then throw "bad ip:ports `${IPPorts}'" else elemAt m 1; + }; + + mkTable = { ipVer, dest, ipSet, forwardPorts, dmzHost }: + let + # nftables does not support both port and port range as values in a dnat map. + # e.g. "dnat th dport map { 80 : 10.0.0.1 . 80, 443 : 10.0.0.2 . 900-1000 }" + # So we split them. + fwdPorts = filter (x: length (splitString "-" x.destination) == 1) forwardPorts; + fwdPortsRange = filter (x: length (splitString "-" x.destination) > 1) forwardPorts; + + # nftables maps for port forward + # l4proto . dport : addr . port + toFwdMap = forwardPorts: toNftSet (map + (fwd: + with (splitIPPorts fwd.destination); + "${fwd.proto} . ${toNftRange fwd.sourcePort} : ${IP} . ${ports}" + ) + forwardPorts); + fwdMap = toFwdMap fwdPorts; + fwdRangeMap = toFwdMap fwdPortsRange; + + # nftables maps for port forward loopback dnat + # daddr . l4proto . dport : addr . port + toFwdLoopDnatMap = forwardPorts: toNftSet (concatMap + (fwd: map + (loopbackip: + with (splitIPPorts fwd.destination); + "${loopbackip} . ${fwd.proto} . ${toNftRange fwd.sourcePort} : ${IP} . ${ports}" + ) + fwd.loopbackIPs) + forwardPorts); + fwdLoopDnatMap = toFwdLoopDnatMap fwdPorts; + fwdLoopDnatRangeMap = toFwdLoopDnatMap fwdPortsRange; + + # nftables set for port forward loopback snat + # daddr . l4proto . dport + fwdLoopSnatSet = toNftSet (map + (fwd: + with (splitIPPorts fwd.destination); + "${IP} . ${fwd.proto} . ${ports}" + ) + forwardPorts); + in + '' + chain pre { + type nat hook prerouting priority dstnat; + + ${optionalString (fwdMap != "") '' + iifname "${cfg.externalInterface}" dnat meta l4proto . th dport map { ${fwdMap} } comment "port forward" + ''} + ${optionalString (fwdRangeMap != "") '' + iifname "${cfg.externalInterface}" dnat meta l4proto . th dport map { ${fwdRangeMap} } comment "port forward" + ''} + + ${optionalString (fwdLoopDnatMap != "") '' + dnat ${ipVer} daddr . meta l4proto . th dport map { ${fwdLoopDnatMap} } comment "port forward loopback from other hosts behind NAT" + ''} + ${optionalString (fwdLoopDnatRangeMap != "") '' + dnat ${ipVer} daddr . meta l4proto . th dport map { ${fwdLoopDnatRangeMap} } comment "port forward loopback from other hosts behind NAT" + ''} + + ${optionalString (dmzHost != null) '' + iifname "${cfg.externalInterface}" dnat ${dmzHost} comment "dmz" + ''} + } + + chain post { + type nat hook postrouting priority srcnat; + + ${optionalString (ifaceSet != "") '' + iifname { ${ifaceSet} } ${oifExpr} ${dest} comment "from internal interfaces" + ''} + ${optionalString (ipSet != "") '' + ${ipVer} saddr { ${ipSet} } ${oifExpr} ${dest} comment "from internal IPs" + ''} + + ${optionalString (fwdLoopSnatSet != "") '' + iifname != "${cfg.externalInterface}" ${ipVer} daddr . meta l4proto . th dport { ${fwdLoopSnatSet} } masquerade comment "port forward loopback snat" + ''} + } + + chain out { + type nat hook output priority mangle; + + ${optionalString (fwdLoopDnatMap != "") '' + dnat ${ipVer} daddr . meta l4proto . th dport map { ${fwdLoopDnatMap} } comment "port forward loopback from the host itself" + ''} + ${optionalString (fwdLoopDnatRangeMap != "") '' + dnat ${ipVer} daddr . meta l4proto . th dport map { ${fwdLoopDnatRangeMap} } comment "port forward loopback from the host itself" + ''} + } + ''; + +in + +{ + + config = mkIf (config.networking.nftables.enable && cfg.enable) { + + assertions = [ + { + assertion = cfg.extraCommands == ""; + message = "extraCommands is incompatible with the nftables based nat module: ${cfg.extraCommands}"; + } + { + assertion = cfg.extraStopCommands == ""; + message = "extraStopCommands is incompatible with the nftables based nat module: ${cfg.extraStopCommands}"; + } + { + assertion = config.networking.nftables.rulesetFile == null; + message = "networking.nftables.rulesetFile conflicts with the nat module"; + } + ]; + + networking.nftables.ruleset = '' + table ip nixos-nat { + ${mkTable { + ipVer = "ip"; + inherit dest ipSet; + forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts; + inherit (cfg) dmzHost; + }} + } + + ${optionalString cfg.enableIPv6 '' + table ip6 nixos-nat { + ${mkTable { + ipVer = "ip6"; + dest = destIPv6; + ipSet = ipv6Set; + forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts; + dmzHost = null; + }} + } + ''} + ''; + + networking.firewall.extraForwardRules = optionalString config.networking.firewall.filterForward '' + ${optionalString (ifaceSet != "") '' + iifname { ${ifaceSet} } ${oifExpr} accept comment "from internal interfaces" + ''} + ${optionalString (ipSet != "") '' + ip saddr { ${ipSet} } ${oifExpr} accept comment "from internal IPs" + ''} + ${optionalString (ipv6Set != "") '' + ip6 saddr { ${ipv6Set} } ${oifExpr} accept comment "from internal IPv6s" + ''} + ''; + + }; +} diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 0b70ae47ccf52..a6f403b46f875 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -7,219 +7,95 @@ with lib; let - cfg = config.networking.nat; - - mkDest = externalIP: if externalIP == null - then "-j MASQUERADE" - else "-j SNAT --to-source ${externalIP}"; - dest = mkDest cfg.externalIP; - destIPv6 = mkDest cfg.externalIPv6; - - # Whether given IP (plus optional port) is an IPv6. - isIPv6 = ip: builtins.length (lib.splitString ":" ip) > 2; - - helpers = import ./helpers.nix { inherit config lib; }; - - flushNat = '' - ${helpers} - ip46tables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true - ip46tables -w -t nat -F nixos-nat-pre 2>/dev/null || true - ip46tables -w -t nat -X nixos-nat-pre 2>/dev/null || true - ip46tables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true - ip46tables -w -t nat -F nixos-nat-post 2>/dev/null || true - ip46tables -w -t nat -X nixos-nat-post 2>/dev/null || true - ip46tables -w -t nat -D OUTPUT -j nixos-nat-out 2>/dev/null || true - ip46tables -w -t nat -F nixos-nat-out 2>/dev/null || true - ip46tables -w -t nat -X nixos-nat-out 2>/dev/null || true - - ${cfg.extraStopCommands} - ''; - - mkSetupNat = { iptables, dest, internalIPs, forwardPorts }: '' - # We can't match on incoming interface in POSTROUTING, so - # mark packets coming from the internal interfaces. - ${concatMapStrings (iface: '' - ${iptables} -w -t nat -A nixos-nat-pre \ - -i '${iface}' -j MARK --set-mark 1 - '') cfg.internalInterfaces} - - # NAT the marked packets. - ${optionalString (cfg.internalInterfaces != []) '' - ${iptables} -w -t nat -A nixos-nat-post -m mark --mark 1 \ - ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest} - ''} - - # NAT packets coming from the internal IPs. - ${concatMapStrings (range: '' - ${iptables} -w -t nat -A nixos-nat-post \ - -s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest} - '') internalIPs} - - # NAT from external ports to internal ports. - ${concatMapStrings (fwd: '' - ${iptables} -w -t nat -A nixos-nat-pre \ - -i ${toString cfg.externalInterface} -p ${fwd.proto} \ - --dport ${builtins.toString fwd.sourcePort} \ - -j DNAT --to-destination ${fwd.destination} - ${concatMapStrings (loopbackip: - let - matchIP = if isIPv6 fwd.destination then "[[]([0-9a-fA-F:]+)[]]" else "([0-9.]+)"; - m = builtins.match "${matchIP}:([0-9-]+)" fwd.destination; - destinationIP = if m == null then throw "bad ip:ports `${fwd.destination}'" else elemAt m 0; - destinationPorts = if m == null then throw "bad ip:ports `${fwd.destination}'" else builtins.replaceStrings ["-"] [":"] (elemAt m 1); - in '' - # Allow connections to ${loopbackip}:${toString fwd.sourcePort} from the host itself - ${iptables} -w -t nat -A nixos-nat-out \ - -d ${loopbackip} -p ${fwd.proto} \ - --dport ${builtins.toString fwd.sourcePort} \ - -j DNAT --to-destination ${fwd.destination} - - # Allow connections to ${loopbackip}:${toString fwd.sourcePort} from other hosts behind NAT - ${iptables} -w -t nat -A nixos-nat-pre \ - -d ${loopbackip} -p ${fwd.proto} \ - --dport ${builtins.toString fwd.sourcePort} \ - -j DNAT --to-destination ${fwd.destination} - - ${iptables} -w -t nat -A nixos-nat-post \ - -d ${destinationIP} -p ${fwd.proto} \ - --dport ${destinationPorts} \ - -j SNAT --to-source ${loopbackip} - '') fwd.loopbackIPs} - '') forwardPorts} - ''; - - setupNat = '' - ${helpers} - # Create subchains where we store rules - ip46tables -w -t nat -N nixos-nat-pre - ip46tables -w -t nat -N nixos-nat-post - ip46tables -w -t nat -N nixos-nat-out - - ${mkSetupNat { - iptables = "iptables"; - inherit dest; - inherit (cfg) internalIPs; - forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts; - }} - - ${optionalString cfg.enableIPv6 (mkSetupNat { - iptables = "ip6tables"; - dest = destIPv6; - internalIPs = cfg.internalIPv6s; - forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts; - })} - - ${optionalString (cfg.dmzHost != null) '' - iptables -w -t nat -A nixos-nat-pre \ - -i ${toString cfg.externalInterface} -j DNAT \ - --to-destination ${cfg.dmzHost} - ''} - - ${cfg.extraCommands} - - # Append our chains to the nat tables - ip46tables -w -t nat -A PREROUTING -j nixos-nat-pre - ip46tables -w -t nat -A POSTROUTING -j nixos-nat-post - ip46tables -w -t nat -A OUTPUT -j nixos-nat-out - ''; + cfg = config.networking.nat; in { - ###### interface - options = { networking.nat.enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' - Whether to enable Network Address Translation (NAT). - ''; + description = lib.mdDoc '' + Whether to enable Network Address Translation (NAT). + ''; }; networking.nat.enableIPv6 = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' - Whether to enable IPv6 NAT. - ''; + description = lib.mdDoc '' + Whether to enable IPv6 NAT. + ''; }; networking.nat.internalInterfaces = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; example = [ "eth0" ]; - description = - lib.mdDoc '' - The interfaces for which to perform NAT. Packets coming from - these interface and destined for the external interface will - be rewritten. - ''; + description = lib.mdDoc '' + The interfaces for which to perform NAT. Packets coming from + these interface and destined for the external interface will + be rewritten. + ''; }; networking.nat.internalIPs = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; example = [ "192.168.1.0/24" ]; - description = - lib.mdDoc '' - The IP address ranges for which to perform NAT. Packets - coming from these addresses (on any interface) and destined - for the external interface will be rewritten. - ''; + description = lib.mdDoc '' + The IP address ranges for which to perform NAT. Packets + coming from these addresses (on any interface) and destined + for the external interface will be rewritten. + ''; }; networking.nat.internalIPv6s = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; example = [ "fc00::/64" ]; - description = - lib.mdDoc '' - The IPv6 address ranges for which to perform NAT. Packets - coming from these addresses (on any interface) and destined - for the external interface will be rewritten. - ''; + description = lib.mdDoc '' + The IPv6 address ranges for which to perform NAT. Packets + coming from these addresses (on any interface) and destined + for the external interface will be rewritten. + ''; }; networking.nat.externalInterface = mkOption { type = types.nullOr types.str; default = null; example = "eth1"; - description = - lib.mdDoc '' - The name of the external network interface. - ''; + description = lib.mdDoc '' + The name of the external network interface. + ''; }; networking.nat.externalIP = mkOption { type = types.nullOr types.str; default = null; example = "203.0.113.123"; - description = - lib.mdDoc '' - The public IP address to which packets from the local - network are to be rewritten. If this is left empty, the - IP address associated with the external interface will be - used. - ''; + description = lib.mdDoc '' + The public IP address to which packets from the local + network are to be rewritten. If this is left empty, the + IP address associated with the external interface will be + used. + ''; }; networking.nat.externalIPv6 = mkOption { type = types.nullOr types.str; default = null; example = "2001:dc0:2001:11::175"; - description = - lib.mdDoc '' - The public IPv6 address to which packets from the local - network are to be rewritten. If this is left empty, the - IP address associated with the external interface will be - used. - ''; + description = lib.mdDoc '' + The public IPv6 address to which packets from the local + network are to be rewritten. If this is left empty, the + IP address associated with the external interface will be + used. + ''; }; networking.nat.forwardPorts = mkOption { @@ -246,122 +122,75 @@ in loopbackIPs = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; example = literalExpression ''[ "55.1.2.3" ]''; description = lib.mdDoc "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort' from the host itself and from other hosts behind NAT"; }; }; }); - default = []; + default = [ ]; example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; } { sourcePort = 8080; destination = "[fc00::2]:80"; proto = "tcp"; } ]; - description = - lib.mdDoc '' - List of forwarded ports from the external interface to - internal destinations by using DNAT. Destination can be - IPv6 if IPv6 NAT is enabled. - ''; + description = lib.mdDoc '' + List of forwarded ports from the external interface to + internal destinations by using DNAT. Destination can be + IPv6 if IPv6 NAT is enabled. + ''; }; networking.nat.dmzHost = mkOption { type = types.nullOr types.str; default = null; example = "10.0.0.1"; - description = - lib.mdDoc '' - The local IP address to which all traffic that does not match any - forwarding rule is forwarded. - ''; - }; - - networking.nat.extraCommands = mkOption { - type = types.lines; - default = ""; - example = "iptables -A INPUT -p icmp -j ACCEPT"; - description = - lib.mdDoc '' - Additional shell commands executed as part of the nat - initialisation script. - ''; - }; - - networking.nat.extraStopCommands = mkOption { - type = types.lines; - default = ""; - example = "iptables -D INPUT -p icmp -j ACCEPT || true"; - description = - lib.mdDoc '' - Additional shell commands executed as part of the nat - teardown script. - ''; + description = lib.mdDoc '' + The local IP address to which all traffic that does not match any + forwarding rule is forwarded. + ''; }; }; - ###### implementation - - config = mkMerge [ - { networking.firewall.extraCommands = mkBefore flushNat; } - (mkIf config.networking.nat.enable { - - assertions = [ - { assertion = cfg.enableIPv6 -> config.networking.enableIPv6; - message = "networking.nat.enableIPv6 requires networking.enableIPv6"; - } - { assertion = (cfg.dmzHost != null) -> (cfg.externalInterface != null); - message = "networking.nat.dmzHost requires networking.nat.externalInterface"; - } - { assertion = (cfg.forwardPorts != []) -> (cfg.externalInterface != null); - message = "networking.nat.forwardPorts requires networking.nat.externalInterface"; - } - ]; - - # Use the same iptables package as in config.networking.firewall. - # When the firewall is enabled, this should be deduplicated without any - # error. - environment.systemPackages = [ config.networking.firewall.package ]; - - boot = { - kernelModules = [ "nf_nat_ftp" ]; - kernel.sysctl = { - "net.ipv4.conf.all.forwarding" = mkOverride 99 true; - "net.ipv4.conf.default.forwarding" = mkOverride 99 true; - } // optionalAttrs cfg.enableIPv6 { - # Do not prevent IPv6 autoconfiguration. - # See <http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/>. - "net.ipv6.conf.all.accept_ra" = mkOverride 99 2; - "net.ipv6.conf.default.accept_ra" = mkOverride 99 2; - - # Forward IPv6 packets. - "net.ipv6.conf.all.forwarding" = mkOverride 99 true; - "net.ipv6.conf.default.forwarding" = mkOverride 99 true; - }; - }; - - networking.firewall = mkIf config.networking.firewall.enable { - extraCommands = setupNat; - extraStopCommands = flushNat; + config = mkIf config.networking.nat.enable { + + assertions = [ + { + assertion = cfg.enableIPv6 -> config.networking.enableIPv6; + message = "networking.nat.enableIPv6 requires networking.enableIPv6"; + } + { + assertion = (cfg.dmzHost != null) -> (cfg.externalInterface != null); + message = "networking.nat.dmzHost requires networking.nat.externalInterface"; + } + { + assertion = (cfg.forwardPorts != [ ]) -> (cfg.externalInterface != null); + message = "networking.nat.forwardPorts requires networking.nat.externalInterface"; + } + ]; + + # Use the same iptables package as in config.networking.firewall. + # When the firewall is enabled, this should be deduplicated without any + # error. + environment.systemPackages = [ config.networking.firewall.package ]; + + boot = { + kernelModules = [ "nf_nat_ftp" ]; + kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = mkOverride 99 true; + "net.ipv4.conf.default.forwarding" = mkOverride 99 true; + } // optionalAttrs cfg.enableIPv6 { + # Do not prevent IPv6 autoconfiguration. + # See <http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/>. + "net.ipv6.conf.all.accept_ra" = mkOverride 99 2; + "net.ipv6.conf.default.accept_ra" = mkOverride 99 2; + + # Forward IPv6 packets. + "net.ipv6.conf.all.forwarding" = mkOverride 99 true; + "net.ipv6.conf.default.forwarding" = mkOverride 99 true; }; + }; - systemd.services = mkIf (!config.networking.firewall.enable) { nat = { - description = "Network Address Translation"; - wantedBy = [ "network.target" ]; - after = [ "network-pre.target" "systemd-modules-load.service" ]; - path = [ config.networking.firewall.package ]; - unitConfig.ConditionCapability = "CAP_NET_ADMIN"; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - script = flushNat + setupNat; - - postStop = flushNat; - }; }; - }) - ]; + }; } diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index 8166a8e7110bd..bd13e8c9929a3 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -12,11 +12,9 @@ in default = false; description = lib.mdDoc '' - Whether to enable nftables. nftables is a Linux-based packet - filtering framework intended to replace frameworks like iptables. - - This conflicts with the standard networking firewall, so make sure to - disable it before using nftables. + Whether to enable nftables and use nftables based firewall if enabled. + nftables is a Linux-based packet filtering framework intended to + replace frameworks like iptables. Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to @@ -79,19 +77,17 @@ in lib.mdDoc '' The ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is updated atomically. + This option conflicts with rulesetFile. ''; }; networking.nftables.rulesetFile = mkOption { - type = types.path; - default = pkgs.writeTextFile { - name = "nftables-rules"; - text = cfg.ruleset; - }; - defaultText = literalMD ''a file with the contents of {option}`networking.nftables.ruleset`''; + type = types.nullOr types.path; + default = null; description = lib.mdDoc '' The ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is updated atomically. + This option conflicts with ruleset and nftables based firewall. ''; }; }; @@ -99,10 +95,6 @@ in ###### implementation config = mkIf cfg.enable { - assertions = [{ - assertion = config.networking.firewall.enable == false; - message = "You can not use nftables and iptables at the same time. networking.firewall.enable must be set to false."; - }]; boot.blacklistedKernelModules = [ "ip_tables" ]; environment.systemPackages = [ pkgs.nftables ]; networking.networkmanager.firewallBackend = mkDefault "nftables"; @@ -116,7 +108,9 @@ in rulesScript = pkgs.writeScript "nftables-rules" '' #! ${pkgs.nftables}/bin/nft -f flush ruleset - include "${cfg.rulesetFile}" + ${if cfg.rulesetFile != null then '' + include "${cfg.rulesetFile}" + '' else cfg.ruleset} ''; in { Type = "oneshot"; diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index 1dcc6f7a7c5bc..f69f1749aeb83 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -83,11 +83,12 @@ in AmbientCapabilities = "CAP_NET_BIND_SERVICE"; BindReadOnlyPaths = [ "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" + "-/etc/dex" "-/etc/hosts" "-/etc/localtime" - "-/etc/dex" + "-/etc/nsswitch.conf" + "-/etc/resolv.conf" + "-/etc/ssl/certs/ca-certificates.crt" ]; BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; diff --git a/nixos/modules/virtualisation/brightbox-image.nix b/nixos/modules/virtualisation/brightbox-image.nix index 9641b693f1847..004b7ded0d5a9 100644 --- a/nixos/modules/virtualisation/brightbox-image.nix +++ b/nixos/modules/virtualisation/brightbox-image.nix @@ -27,21 +27,21 @@ in popd ''; diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw"; - buildInputs = [ pkgs.util-linux pkgs.perl ]; - exportReferencesGraph = - [ "closure" config.system.build.toplevel ]; + nativeBuildInputs = with pkgs; [ e2fsprogs parted ]; + buildInputs = with pkgs; [ util-linux perl ]; + exportReferencesGraph = [ "closure" config.system.build.toplevel ]; } '' # Create partition table - ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted --script /dev/vda mkpart primary ext4 1 ${diskSize} - ${pkgs.parted}/sbin/parted --script /dev/vda print + parted --script /dev/vda mklabel msdos + parted --script /dev/vda mkpart primary ext4 1 ${diskSize} + parted --script /dev/vda print . /sys/class/block/vda1/uevent mknod /dev/vda1 b $MAJOR $MINOR # Create an empty filesystem and mount it. - ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1 - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 + mkfs.ext4 -L nixos /dev/vda1 + tune2fs -c 0 -i 0 /dev/vda1 mkdir /mnt mount /dev/vda1 /mnt diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 1b3c0e23f97db..51ac85b0a4f4a 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -218,7 +218,8 @@ let chmod 0644 $efiVars '' else ""} ''; - buildInputs = [ pkgs.util-linux ]; + nativeBuildInputs = with pkgs; [ dosfstools gptfdisk kmod mtools ]; + buildInputs = with pkgs; [ util-linux ]; QEMU_OPTS = "-nographic -serial stdio -monitor none" + lib.optionalString cfg.useEFIBoot ( " -drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}" @@ -226,7 +227,7 @@ let } '' # Create a /boot EFI partition with 60M and arbitrary but fixed GUIDs for reproducibility - ${pkgs.gptfdisk}/bin/sgdisk \ + sgdisk \ --set-alignment=1 --new=1:34:2047 --change-name=1:BIOSBootPartition --typecode=1:ef02 \ --set-alignment=512 --largest-new=2 --change-name=2:EFISystem --typecode=2:ef00 \ --attributes=1:set:1 \ @@ -249,16 +250,16 @@ let '' } - ${pkgs.dosfstools}/bin/mkfs.fat -F16 /dev/vda2 + mkfs.fat -F16 /dev/vda2 export MTOOLS_SKIP_CHECK=1 - ${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot + mlabel -i /dev/vda2 ::boot # Mount /boot; load necessary modules first. - ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true - ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true - ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true - ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true - ${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true + insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true + insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true + insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true + insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true + insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true mkdir /boot mount /dev/vda2 /boot diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 4a07ec7dad306..e577001a3baf9 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -211,7 +211,8 @@ in { firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job firefox-esr-102 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-102; }; firejail = handleTest ./firejail.nix {}; - firewall = handleTest ./firewall.nix {}; + firewall = handleTest ./firewall.nix { nftables = false; }; + firewall-nftables = handleTest ./firewall.nix { nftables = true; }; fish = handleTest ./fish.nix {}; flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {}; fluentd = handleTest ./fluentd.nix {}; @@ -413,6 +414,9 @@ in { nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; nat.standalone = handleTest ./nat.nix { withFirewall = false; }; + nat.nftables.firewall = handleTest ./nat.nix { withFirewall = true; nftables = true; }; + nat.nftables.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; nftables = true; }; + nat.nftables.standalone = handleTest ./nat.nix { withFirewall = false; nftables = true; }; nats = handleTest ./nats.nix {}; navidrome = handleTest ./navidrome.nix {}; nbd = handleTest ./nbd.nix {}; diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index 5c434c1cb6d68..dd7551f143a5e 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -1,7 +1,7 @@ # Test the firewall module. -import ./make-test-python.nix ( { pkgs, ... } : { - name = "firewall"; +import ./make-test-python.nix ( { pkgs, nftables, ... } : { + name = "firewall" + pkgs.lib.optionalString nftables "-nftables"; meta = with pkgs.lib.maintainers; { maintainers = [ eelco ]; }; @@ -11,6 +11,7 @@ import ./make-test-python.nix ( { pkgs, ... } : { { ... }: { networking.firewall.enable = true; networking.firewall.logRefusedPackets = true; + networking.nftables.enable = nftables; services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; }; @@ -23,6 +24,7 @@ import ./make-test-python.nix ( { pkgs, ... } : { { ... }: { networking.firewall.enable = true; networking.firewall.rejectPackets = true; + networking.nftables.enable = nftables; }; attacker = @@ -35,10 +37,11 @@ import ./make-test-python.nix ( { pkgs, ... } : { testScript = { nodes, ... }: let newSystem = nodes.walled2.config.system.build.toplevel; + unit = if nftables then "nftables" else "firewall"; in '' start_all() - walled.wait_for_unit("firewall") + walled.wait_for_unit("${unit}") walled.wait_for_unit("httpd") attacker.wait_for_unit("network.target") @@ -54,12 +57,12 @@ import ./make-test-python.nix ( { pkgs, ... } : { walled.succeed("ping -c 1 attacker >&2") # If we stop the firewall, then connections should succeed. - walled.stop_job("firewall") + walled.stop_job("${unit}") attacker.succeed("curl -v http://walled/ >&2") # Check whether activation of a new configuration reloads the firewall. walled.succeed( - "${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF firewall.service" + "${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF ${unit}.service" ) ''; }) diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 545eb46f2bf59..912a04deae8b3 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -3,14 +3,16 @@ # client on the inside network, a server on the outside network, and a # router connected to both that performs Network Address Translation # for the client. -import ./make-test-python.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ... }: +import ./make-test-python.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, nftables ? false, ... }: let - unit = if withFirewall then "firewall" else "nat"; + unit = if nftables then "nftables" else (if withFirewall then "firewall" else "nat"); routerBase = lib.mkMerge [ { virtualisation.vlans = [ 2 1 ]; networking.firewall.enable = withFirewall; + networking.firewall.filterForward = nftables; + networking.nftables.enable = nftables; networking.nat.internalIPs = [ "192.168.1.0/24" ]; networking.nat.externalInterface = "eth1"; } @@ -21,7 +23,8 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? ]; in { - name = "nat" + (if withFirewall then "WithFirewall" else "Standalone") + name = "nat" + (lib.optionalString nftables "Nftables") + + (if withFirewall then "WithFirewall" else "Standalone") + (lib.optionalString withConntrackHelpers "withConntrackHelpers"); meta = with pkgs.lib.maintainers; { maintainers = [ eelco rob ]; @@ -34,6 +37,7 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? { virtualisation.vlans = [ 1 ]; networking.defaultGateway = (pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ipv4.addresses).address; + networking.nftables.enable = nftables; } (lib.optionalAttrs withConntrackHelpers { networking.firewall.connectionTrackingModules = [ "ftp" ]; @@ -111,7 +115,7 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? # FIXME: this should not be necessary, but nat.service is not started because # network.target is not triggered # (https://github.com/NixOS/nixpkgs/issues/16230#issuecomment-226408359) - ${lib.optionalString (!withFirewall) '' + ${lib.optionalString (!withFirewall && !nftables) '' router.succeed("systemctl start nat.service") ''} client.succeed("curl --fail http://server/ >&2") diff --git a/nixos/tests/step-ca.nix b/nixos/tests/step-ca.nix index a855b590232dd..d4e1c1ae01446 100644 --- a/nixos/tests/step-ca.nix +++ b/nixos/tests/step-ca.nix @@ -1,11 +1,13 @@ import ./make-test-python.nix ({ pkgs, ... }: let - test-certificates = pkgs.runCommandLocal "test-certificates" { } '' + test-certificates = pkgs.runCommandLocal "test-certificates" { + nativeBuildInputs = with pkgs; [ step-cli ]; + } '' mkdir -p $out echo insecure-root-password > $out/root-password-file echo insecure-intermediate-password > $out/intermediate-password-file - ${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca - ${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key + step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca + step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key ''; in { diff --git a/pkgs/applications/audio/gtkcord4/default.nix b/pkgs/applications/audio/gtkcord4/default.nix index 99005937a142e..5611407cfe913 100644 --- a/pkgs/applications/audio/gtkcord4/default.nix +++ b/pkgs/applications/audio/gtkcord4/default.nix @@ -7,8 +7,10 @@ , graphene , gtk4 , lib +, libadwaita , pango , pkg-config +, withLibadwaita ? false , wrapGAppsHook4 }: @@ -36,8 +38,18 @@ buildGoModule rec { graphene gtk4 pango + ] ++ lib.optionals withLibadwaita [ + libadwaita ]; + tags = lib.optionals withLibadwaita [ "libadwaita" ]; + + postInstall = '' + install -D -m 444 -t $out/share/applications .nix/com.github.diamondburned.gtkcord4.desktop + install -D -m 444 internal/icons/svg/logo.svg $out/share/icons/hicolor/scalable/apps/gtkcord4.svg + install -D -m 444 internal/icons/png/logo.png $out/share/icons/hicolor/256x256/apps/gtkcord4.png + ''; + vendorHash = "sha256-QZSjSk1xu5ZcrNEra5TxnUVvlQWb5/h31fm5Nc7WMoI="; meta = with lib; { diff --git a/pkgs/applications/editors/gnome-builder/default.nix b/pkgs/applications/editors/gnome-builder/default.nix index 634fd79282d40..bacc629448bc1 100644 --- a/pkgs/applications/editors/gnome-builder/default.nix +++ b/pkgs/applications/editors/gnome-builder/default.nix @@ -129,7 +129,7 @@ stdenv.mkDerivation rec { ''; checkPhase = '' - export NO_AT_BRIDGE=1 + GTK_A11Y=none \ xvfb-run -s '-screen 0 800x600x24' dbus-run-session \ --config-file=${dbus}/share/dbus-1/session.conf \ meson test --print-errorlogs diff --git a/pkgs/applications/editors/netbeans/default.nix b/pkgs/applications/editors/netbeans/default.nix index 06faac39cbc39..9146b526262f8 100644 --- a/pkgs/applications/editors/netbeans/default.nix +++ b/pkgs/applications/editors/netbeans/default.nix @@ -3,7 +3,7 @@ }: let - version = "15"; + version = "16"; desktopItem = makeDesktopItem { name = "netbeans"; exec = "netbeans"; @@ -19,7 +19,7 @@ stdenv.mkDerivation { inherit version; src = fetchurl { url = "mirror://apache/netbeans/netbeans/${version}/netbeans-${version}-bin.zip"; - hash = "sha512-WxqAQiPKdMfQCw9Hxaa7K2VIGTJj+Hu9WO2ehG4yQUkHBd+l0f0siLKk/i2xqLE1ZA522rxKud6iwXDuAsjjDg=="; + hash = "sha512-k+Zj6TKW0tOSYvM6V1okF4Qz62gZMETC6XG98W23Vtz3+vdiaddd8BC2DBg7p9Z1CofRq8sbwtpeTJM3FaXv0g=="; }; buildCommand = '' diff --git a/pkgs/applications/editors/vim/plugins/generated.nix b/pkgs/applications/editors/vim/plugins/generated.nix index 01e3a868ceb2b..af7add89053e5 100644 --- a/pkgs/applications/editors/vim/plugins/generated.nix +++ b/pkgs/applications/editors/vim/plugins/generated.nix @@ -293,12 +293,12 @@ final: prev: SchemaStore-nvim = buildVimPluginFrom2Nix { pname = "SchemaStore.nvim"; - version = "2022-12-23"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "b0o"; repo = "SchemaStore.nvim"; - rev = "9f294b2f5890210293e59a1702c3ee504ec7704e"; - sha256 = "1yj9bh04c6pgzz2kisjd2zx1xhg33626snp7307ma65cpr7pbqbx"; + rev = "ceebc0d0e5f6fe48c7739331e05c3843c07ade37"; + sha256 = "04zwi4k8ldqy02xkqwpdbicpr5mpnz1l6p4ykwhjvzyjsjl782i9"; }; meta.homepage = "https://github.com/b0o/SchemaStore.nvim/"; }; @@ -559,12 +559,12 @@ final: prev: ale = buildVimPluginFrom2Nix { pname = "ale"; - version = "2022-12-22"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "dense-analysis"; repo = "ale"; - rev = "1e398202b9a63fcd91808a3205d3422b79435fa0"; - sha256 = "013wm78jv848ni8c5nar6qnnzgw8vm5lwxdb3jv1dymnjwl22b4j"; + rev = "522b5d0433ba8c29f2f154f62184e34c2e5f301f"; + sha256 = "1h9xwjxnlkjrmhz1ixpshf7qhpl09ny8ynfbdcfzhzdm9aq8yra6"; }; meta.homepage = "https://github.com/dense-analysis/ale/"; }; @@ -979,12 +979,12 @@ final: prev: bufferline-nvim = buildVimPluginFrom2Nix { pname = "bufferline.nvim"; - version = "2022-12-22"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "akinsho"; repo = "bufferline.nvim"; - rev = "877e778afd2dbbe52b9847d9ea473a29a0c3646d"; - sha256 = "1qvlp7p39fy6pmbixlzd7h588bcmym37frciy7y5vansim7q44bn"; + rev = "c7492a76ce8218e3335f027af44930576b561013"; + sha256 = "18vfx8mq2gsv2hqy0c0vgbmx5mhr63bb8ixrmzmjgvbx2djz1jdb"; }; meta.homepage = "https://github.com/akinsho/bufferline.nvim/"; }; @@ -1003,12 +1003,12 @@ final: prev: calendar-vim = buildVimPluginFrom2Nix { pname = "calendar.vim"; - version = "2022-12-12"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "itchyny"; repo = "calendar.vim"; - rev = "d3aad0aa9d432cf8a312f3c33ae63987f8eae0f5"; - sha256 = "1i2w80h0zcm7i40hlp1r1ym5d7hk3m2ar19a6i6q4j6ws2wr29a0"; + rev = "2d11943edaca4b9a8ce127c25a56bf36c578a76a"; + sha256 = "1hkg4bdallk2a8h5nl1j9bx2cp0fk5f0nhydc6ycg54syh1ss7fd"; }; meta.homepage = "https://github.com/itchyny/calendar.vim/"; }; @@ -1039,12 +1039,12 @@ final: prev: ccc-nvim = buildVimPluginFrom2Nix { pname = "ccc.nvim"; - version = "2022-12-17"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "uga-rosa"; repo = "ccc.nvim"; - rev = "dd1d7276485ff9a74c5f1870e887289e5821e434"; - sha256 = "1sv77fq91qjc1dhdywi816hjya5chjp8030029sh7jqmaxpbyizw"; + rev = "4ea096a150fe2636782f6f68b97d3cff7ee28b4f"; + sha256 = "1jb4dd9bg7q2an963fnn2mclpj52bjqvfv6k642757zfasx20x6p"; }; meta.homepage = "https://github.com/uga-rosa/ccc.nvim/"; }; @@ -1567,12 +1567,12 @@ final: prev: cmp-tabnine = buildVimPluginFrom2Nix { pname = "cmp-tabnine"; - version = "2022-11-21"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "tzachar"; repo = "cmp-tabnine"; - rev = "851fbcc8ee54bdb93f9482e13b5fc31b50012422"; - sha256 = "1ll0m244zvfj5xbic7dda8s42hfk0g64p6rqani335fiznf9gijw"; + rev = "e9603484cb1937fb84ace447a8d5cb467f9aab45"; + sha256 = "0s73ys2dz0scf62zjkxb8lgyzh3x6am7w5z4pb1xq0h9gk5ip2ll"; }; meta.homepage = "https://github.com/tzachar/cmp-tabnine/"; }; @@ -1699,12 +1699,12 @@ final: prev: coc-fzf = buildVimPluginFrom2Nix { pname = "coc-fzf"; - version = "2022-11-14"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "antoinemadec"; repo = "coc-fzf"; - rev = "403e69ff873cf4447adad0477db7b7563813f13a"; - sha256 = "1njkvzy0q7r9ssq2994rc389isjwycs05lyxba5l9jsi7df7had9"; + rev = "4f8d072df2609219b8d79b67641a9753e3d7fff0"; + sha256 = "1nsv5ag13yzcffq404darfk0vz4sbchj941bcf960znnlynlcya0"; }; meta.homepage = "https://github.com/antoinemadec/coc-fzf/"; }; @@ -1759,12 +1759,12 @@ final: prev: coc-nvim = buildVimPluginFrom2Nix { pname = "coc.nvim"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "neoclide"; repo = "coc.nvim"; - rev = "28feeffa7daa1cfe0373c00b1d58f9d293691a1e"; - sha256 = "0pqcglvvkkcnnqrlzzbws4lqdqv5vj6lql4z081ghp3a0c9ffd4b"; + rev = "95b43f67147391cf2c69e550bd001b742781d226"; + sha256 = "0rmva45znh39r4rhakk1zmqk9hrgi2d2daw8v1rfv1jd054w3vx1"; }; meta.homepage = "https://github.com/neoclide/coc.nvim/"; }; @@ -1843,12 +1843,12 @@ final: prev: comment-nvim = buildVimPluginFrom2Nix { pname = "comment.nvim"; - version = "2022-11-18"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "numtostr"; repo = "comment.nvim"; - rev = "5f01c1a89adafc52bf34e3bf690f80d9d726715d"; - sha256 = "0qgb1vx5ipzcgglphhk9wck55hdscx6bdh4lr2y7f7wfxg54r3d6"; + rev = "45dc21a71ad1450606f5e98261badb28db59d74c"; + sha256 = "05278b42qwm77svl3k2a17vsdlmfjknlwkx01x80na9sciav07mz"; }; meta.homepage = "https://github.com/numtostr/comment.nvim/"; }; @@ -2033,6 +2033,18 @@ final: prev: meta.homepage = "https://github.com/Shougo/context_filetype.vim/"; }; + copilot-lua = buildVimPluginFrom2Nix { + pname = "copilot.lua"; + version = "2022-12-20"; + src = fetchFromGitHub { + owner = "zbirenbaum"; + repo = "copilot.lua"; + rev = "81eb5d1bc2eddad5ff0b4e3c1c4be5c09bdfaa63"; + sha256 = "1hyv1iccy4fjpmdq16rl8pplhnrnz71nxjsndyf955q029l06ics"; + }; + meta.homepage = "https://github.com/zbirenbaum/copilot.lua/"; + }; + copilot-vim = buildVimPluginFrom2Nix { pname = "copilot.vim"; version = "2022-12-19"; @@ -2047,24 +2059,24 @@ final: prev: coq-artifacts = buildVimPluginFrom2Nix { pname = "coq.artifacts"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "ms-jpq"; repo = "coq.artifacts"; - rev = "42a63a90f93a457f5f1c40320bdc017c626ec653"; - sha256 = "1vd6plbhyc1cfm73gmi71m04h1h8v7jd72y096g8ngw7zrxv7z87"; + rev = "9d90bbff10171fcd9c6c4598e2cc7de1e6101463"; + sha256 = "1pchn21aq8chrlk16qkwxc8q63bccysqk2lnz5gc5j3gnnlx3asm"; }; meta.homepage = "https://github.com/ms-jpq/coq.artifacts/"; }; coq-thirdparty = buildVimPluginFrom2Nix { pname = "coq.thirdparty"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "ms-jpq"; repo = "coq.thirdparty"; - rev = "d717f8d0383be382ffd4b461abcff0af2336ffa6"; - sha256 = "0a9kydl976zcs07g8ll72fyir95k69xy5rq2wc3pc6k60mifarya"; + rev = "48c0b049999549c18365fc4d7bb23ecbae58b47d"; + sha256 = "0y4rwr4vfacvmj5bnia3s4h51fk73cay4kmwaajp1r1gbsxxiynq"; }; meta.homepage = "https://github.com/ms-jpq/coq.thirdparty/"; }; @@ -2083,12 +2095,12 @@ final: prev: coq_nvim = buildVimPluginFrom2Nix { pname = "coq_nvim"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "ms-jpq"; repo = "coq_nvim"; - rev = "0207a61d2bdb35eea0bf316da0f1287aadcc1f86"; - sha256 = "03j6yg0gm9k9hidvcywp5xq1m0gmg0blfzqm41kc74myjsscy5ym"; + rev = "6ca864153bab793b5d75c8af1b8e2195145dba80"; + sha256 = "1mqciqyd4fjdrssf07mi3wk4qgvf48khpzgqzbsbv6c0g1k4pmn4"; }; meta.homepage = "https://github.com/ms-jpq/coq_nvim/"; }; @@ -3515,12 +3527,12 @@ final: prev: haskell-tools-nvim = buildVimPluginFrom2Nix { pname = "haskell-tools.nvim"; - version = "2022-12-20"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "MrcJkb"; repo = "haskell-tools.nvim"; - rev = "1125fedcc96b7bc9d532d564f8ae4b09a82b0cf3"; - sha256 = "1l8qp4g1cfc2dbnp28ax6dnnymj39h9zq76kn7s5jskqi5p2cj45"; + rev = "7d771612036ffded31a80e34daa048e060566f9d"; + sha256 = "1rz9csy28bljyy5aad73iblqqa8f8kwsb9gklqpcfhzi628pp2bj"; }; meta.homepage = "https://github.com/MrcJkb/haskell-tools.nvim/"; }; @@ -3886,12 +3898,12 @@ final: prev: jedi-vim = buildVimPluginFrom2Nix { pname = "jedi-vim"; - version = "2022-11-23"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "davidhalter"; repo = "jedi-vim"; - rev = "6b8013c480b54614d20e38966c4cd8ac4d20b86d"; - sha256 = "1nfz7av0cxsbmc9winy72xdcgrn1sjhd2qrfcw1gyi5hqzsdsavh"; + rev = "e07338597639f08fc4ef0f1d55f401ce5da5ef9f"; + sha256 = "0qavd22pn2k42279cxpr5ayafw6f7cxlq32yixiik53zbx2zm9rd"; fetchSubmodules = true; }; meta.homepage = "https://github.com/davidhalter/jedi-vim/"; @@ -4055,12 +4067,12 @@ final: prev: lazy-nvim = buildVimPluginFrom2Nix { pname = "lazy.nvim"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "folke"; repo = "lazy.nvim"; - rev = "a973c2edc2167012d4721a784a0da46906cf005c"; - sha256 = "1cjm24n295hm4ijpccyx1sns35n6rmz3ic07n15hvs8p2rgbk65b"; + rev = "6c5af82589f846a773ac2e8ed44f7479fb28a870"; + sha256 = "11256cyja2nc0lv2cdsl1s88l4s3vjx72f181hh1pzq2ml9z2b77"; }; meta.homepage = "https://github.com/folke/lazy.nvim/"; }; @@ -4307,12 +4319,12 @@ final: prev: lir-nvim = buildVimPluginFrom2Nix { pname = "lir.nvim"; - version = "2022-11-30"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "tamago324"; repo = "lir.nvim"; - rev = "806651bc22cc1aa0053fba4385a18800f576cc6b"; - sha256 = "1xi2l412637vkp79338p65xb4zm0licyzrp188s2rijjqf3g2mzb"; + rev = "84af01547e51e15fc97e878330414385eeb825e8"; + sha256 = "1idk82wyzwr1qk4waj8hik5jcv2zgbyc7zbb2bxl2vj0pdij8knw"; }; meta.homepage = "https://github.com/tamago324/lir.nvim/"; }; @@ -4679,12 +4691,12 @@ final: prev: mini-nvim = buildVimPluginFrom2Nix { pname = "mini.nvim"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "echasnovski"; repo = "mini.nvim"; - rev = "c18abb4d0f1e2507676c22fdb9e4af4705c2a808"; - sha256 = "1zm30nraa6n89nri9487bf9vhllvgmpxlfzwqhn3s83w5zw1b899"; + rev = "37e48cc5467fc695730d975bf269b10cc90bd3a3"; + sha256 = "1zqajz99pp3nx60d95kgy3924af1daj81r81yzpj187a2s0vdy4c"; }; meta.homepage = "https://github.com/echasnovski/mini.nvim/"; }; @@ -5471,12 +5483,12 @@ final: prev: nui-nvim = buildVimPluginFrom2Nix { pname = "nui.nvim"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "MunifTanjim"; repo = "nui.nvim"; - rev = "5d1ca66829d8fac9965cd18fcc2cd9aa49ba1ea5"; - sha256 = "17qddgg15abmigj45lilfircf0rq78hl48va56ay53sjy1j52jhz"; + rev = "20385a698e8a5dd98ee7e63f16b700a10b921098"; + sha256 = "0widn891dgw3isg9axrgqc94yxb8s1mr5vxr5qfnf9rm2qk1hx71"; }; meta.homepage = "https://github.com/MunifTanjim/nui.nvim/"; }; @@ -5531,12 +5543,12 @@ final: prev: nvim-autopairs = buildVimPluginFrom2Nix { pname = "nvim-autopairs"; - version = "2022-12-17"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "windwp"; repo = "nvim-autopairs"; - rev = "b5994e6547d64f781cfca853a1aa6174d238fe0e"; - sha256 = "0xdyldrhzrva955qzm6ji6z2cs6yhn266x65p932wsl8498zkq1a"; + rev = "03580d758231956d33c8dd91e2be195106a79fa4"; + sha256 = "1qc7i1q4mkxqqmmcn22aig3sagg8g3qn6iw7xy56lv8dxk8yml9d"; }; meta.homepage = "https://github.com/windwp/nvim-autopairs/"; }; @@ -5963,12 +5975,12 @@ final: prev: nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2022-12-24"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "3e2cc7061957292850cc386d9146f55458ae9fe3"; - sha256 = "0jk84lsx79as2pigcgnqpvgz8ppp1dmcf0lvwd5wfd0dcwazjnz1"; + rev = "212b99bc12a5416df8b2a610711ba399e2fc388a"; + sha256 = "1yyi3iq5aacgad32jsvhj6ap37sy9m5mnqlqi6rn9x9c91213y19"; }; meta.homepage = "https://github.com/neovim/nvim-lspconfig/"; }; @@ -6167,12 +6179,12 @@ final: prev: nvim-surround = buildVimPluginFrom2Nix { pname = "nvim-surround"; - version = "2022-12-22"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "kylechui"; repo = "nvim-surround"; - rev = "f0077c3726d243eeaabd2ec280216e8c3ca7da9f"; - sha256 = "0wf35dpz4adfd2c11dk7s1vgkqspy4kgqsnh49vzjjlyv6s493df"; + rev = "6aafeeda19a98768d1c17ff6dde5548bc77a1a2d"; + sha256 = "0ci25qy82phrlm7lp9zaaiyvf17rk6yvczbiwf6b578r4c8jq87j"; }; meta.homepage = "https://github.com/kylechui/nvim-surround/"; }; @@ -6203,12 +6215,12 @@ final: prev: nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "cf6b5cb1ede83741d5cca7071fd75df3b942d3ca"; - sha256 = "169nnb3q4qj5cx1plzgvhkbyva5z2zwb2w8bcg9pj3a81p19wcwm"; + rev = "a2d7e78b0714a0dc066416100b7398d3f0941c23"; + sha256 = "07mvh417zywnh5xhm2lkyhizs1gi2lwq0s6r0ad1cbxbjw6xfajd"; }; meta.homepage = "https://github.com/nvim-treesitter/nvim-treesitter/"; }; @@ -6251,12 +6263,12 @@ final: prev: nvim-treesitter-textobjects = buildVimPluginFrom2Nix { pname = "nvim-treesitter-textobjects"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter-textobjects"; - rev = "b062311ea6da061756ebb591d30f61c9e5b44141"; - sha256 = "1xd79smq4wpr1d38x0lw9zdxslhbgg5s986sk6k6l5vqs71i3gad"; + rev = "83a494a6f93675beff7bbd320c04c87433b1462f"; + sha256 = "0qhi73kmdr3rr9jvklrvl7a7p7fz4i21i5yg1v927f15aq1lglsi"; }; meta.homepage = "https://github.com/nvim-treesitter/nvim-treesitter-textobjects/"; }; @@ -6467,12 +6479,12 @@ final: prev: onenord-nvim = buildVimPluginFrom2Nix { pname = "onenord.nvim"; - version = "2022-12-14"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "rmehri01"; repo = "onenord.nvim"; - rev = "9a8ca2030c8b4c1a577da3b3e2e396458272953b"; - sha256 = "16n0cymqs44g2fl90kr3hdgfy913pxfxxh5nrfkmyl9jyir5s790"; + rev = "3fca21ce5a849b0a5f4c97a2e6db8e61669cc617"; + sha256 = "15vhgjpqg97ll57ysakyq794cncigik6024z6k22ky1m19ybhjhr"; }; meta.homepage = "https://github.com/rmehri01/onenord.nvim/"; }; @@ -7853,12 +7865,12 @@ final: prev: telescope-file-browser-nvim = buildVimPluginFrom2Nix { pname = "telescope-file-browser.nvim"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope-file-browser.nvim"; - rev = "dcba9a2a385b95b831159ea35d633b488fd73290"; - sha256 = "07kjpnj11sc0yxbf69ajw43psbkvz1ck9knx41dksnvmz0y6n962"; + rev = "b8581d00afa02c6bb4c947348e3cee62db65b119"; + sha256 = "0bn1l3jkap292p399fyx848yyb34gb3am7ih0d6wxz93sjpgzsps"; }; meta.homepage = "https://github.com/nvim-telescope/telescope-file-browser.nvim/"; }; @@ -8323,12 +8335,12 @@ final: prev: treesj = buildVimPluginFrom2Nix { pname = "treesj"; - version = "2022-12-12"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "Wansmer"; repo = "treesj"; - rev = "9afe7983ce6351936a81d57adac651dc8f16c20b"; - sha256 = "1na8yxl0b1150c6b4shigh3asm2gy1yjlidp6bxhivzwh01rpp9j"; + rev = "8853418ad35abc35475131fa289bc8f3d704a1fa"; + sha256 = "08xbvrf0la34knv7jwrvnmnfv8a1mx09hs2h8lk6fymdijhdfa38"; }; meta.homepage = "https://github.com/Wansmer/treesj/"; }; @@ -10243,12 +10255,12 @@ final: prev: vim-graphql = buildVimPluginFrom2Nix { pname = "vim-graphql"; - version = "2022-06-05"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "jparise"; repo = "vim-graphql"; - rev = "4bf5d33bda83117537aa3c117dee5b9b14fc9333"; - sha256 = "119ldy55w58mq31zb8whlq17rp3ginvx7n45h1r91279p2gl1ch6"; + rev = "ee618bc2101040a4a702b4724a094ca2820562b4"; + sha256 = "1qj5jsdz3r9j6djhqdfjpd6qmpqbamngr8y4lvgkjpbjz2jvrgp1"; }; meta.homepage = "https://github.com/jparise/vim-graphql/"; }; @@ -13356,12 +13368,12 @@ final: prev: which-key-nvim = buildVimPluginFrom2Nix { pname = "which-key.nvim"; - version = "2022-10-28"; + version = "2022-12-24"; src = fetchFromGitHub { owner = "folke"; repo = "which-key.nvim"; - rev = "61553aeb3d5ca8c11eea8be6eadf478062982ac9"; - sha256 = "11wvm95484axpjzar8y3pc8ah9162gn6s63yhn7z7y4c7zm4zci1"; + rev = "8682d3003595017cd8ffb4c860a07576647cc6f8"; + sha256 = "0x3dz9qkpqjccxqlqv4ncji9f2ggnzzpd901szg3jbsqxdals89p"; }; meta.homepage = "https://github.com/folke/which-key.nvim/"; }; @@ -13657,12 +13669,12 @@ final: prev: chad = buildVimPluginFrom2Nix { pname = "chad"; - version = "2022-12-23"; + version = "2022-12-25"; src = fetchFromGitHub { owner = "ms-jpq"; repo = "chadtree"; - rev = "113f946b40e38e169ac98b95737f1facdfb1067d"; - sha256 = "11c637v1ab47h1p67phdknhwiakidrjr5rn3mhhy2b2nnw6ybiqy"; + rev = "0deeed4aef43b249650cf4fc57722d5a4905703f"; + sha256 = "1b98v4jzinf2hwdfhijl4qh12gvg3pr86w3j27wazlhb86wqlmi5"; }; meta.homepage = "https://github.com/ms-jpq/chadtree/"; }; diff --git a/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix b/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix index 105519b8f3e25..67af5e9de1aa8 100644 --- a/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix +++ b/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix @@ -626,12 +626,12 @@ }; hlsl = buildGrammar { language = "hlsl"; - version = "329e3c8"; + version = "39c822b"; source = fetchFromGitHub { owner = "theHamsta"; repo = "tree-sitter-hlsl"; - rev = "329e3c8bd6f696a6128e0dccba34b2799dc3037e"; - hash = "sha256-unxcw0KTlMDtcdjvIZidU/QckjfHBtc+LzAR7SukdU0="; + rev = "39c822b795bd6533815d100b5e7d1ec7778a1c2a"; + hash = "sha256-WXlOl+aopL332rW2c2dYyf/xoYx9g7BfkdMUIFJbxzg="; }; meta.homepage = "https://github.com/theHamsta/tree-sitter-hlsl"; }; diff --git a/pkgs/applications/editors/vim/plugins/vim-plugin-names b/pkgs/applications/editors/vim/plugins/vim-plugin-names index de1e008f3895d..dcf8d1ca7e297 100644 --- a/pkgs/applications/editors/vim/plugins/vim-plugin-names +++ b/pkgs/applications/editors/vim/plugins/vim-plugin-names @@ -170,6 +170,7 @@ https://github.com/rhysd/conflict-marker.vim/,, https://github.com/Olical/conjure/,, https://github.com/wellle/context.vim/,, https://github.com/Shougo/context_filetype.vim/,, +https://github.com/zbirenbaum/copilot.lua/,HEAD, https://github.com/github/copilot.vim/,, https://github.com/ms-jpq/coq.artifacts/,HEAD, https://github.com/ms-jpq/coq.thirdparty/,HEAD, diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index 4ef8375c32c43..7c43c0493c5f4 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -3011,6 +3011,22 @@ let llvm-org.lldb-vscode = llvmPackages_8.lldb; + waderyan.gitblame = buildVscodeMarketplaceExtension { + mktplcRef = { + name = "gitblame"; + publisher = "waderyan"; + version = "10.1.0"; + sha256 = "TTYBaJ4gcMVICz4bGZTvbNRPpWD4tXuAJbI8QcHNDv0="; + }; + meta = { + changelog = "https://marketplace.visualstudio.com/items/waderyan.gitblame/changelog"; + description = "Visual Studio Code Extension - See Git Blame info in status bar"; + downloadPage = "https://marketplace.visualstudio.com/items?itemName=waderyan.gitblame"; + homepage = "https://github.com/Sertion/vscode-gitblame"; + license = lib.licenses.mit; + }; + }; + WakaTime.vscode-wakatime = callPackage ./wakatime { }; wingrunr21.vscode-ruby = buildVscodeMarketplaceExtension { diff --git a/pkgs/applications/editors/vscode/generic.nix b/pkgs/applications/editors/vscode/generic.nix index a87097547d325..c41fcb4f4e349 100644 --- a/pkgs/applications/editors/vscode/generic.nix +++ b/pkgs/applications/editors/vscode/generic.nix @@ -169,6 +169,10 @@ let krb5 ]) ++ additionalPkgs pkgs; + extraBwrapArgs = [ + "--bind-try /etc/nixos/ /etc/nixos/" + ]; + # symlink shared assets, including icons and desktop entries extraInstallCommands = '' ln -s "${unwrapped}/share" "$out/" diff --git a/pkgs/applications/misc/eaglemode/default.nix b/pkgs/applications/misc/eaglemode/default.nix index 285c5270948d1..056f3a4606ba8 100644 --- a/pkgs/applications/misc/eaglemode/default.nix +++ b/pkgs/applications/misc/eaglemode/default.nix @@ -1,24 +1,26 @@ -{ lib, stdenv, fetchurl, perl, libX11, libXinerama, libjpeg, libpng, libtiff, pkg-config, -librsvg, glib, gtk2, libXext, libXxf86vm, poppler, xine-lib, ghostscript, makeWrapper }: +{ lib, stdenv, fetchurl, perl, libX11, libXinerama, libjpeg, libpng, libtiff, libwebp, pkg-config, +librsvg, glib, gtk2, libXext, libXxf86vm, poppler, vlc, ghostscript, makeWrapper, tzdata }: stdenv.mkDerivation rec { pname = "eaglemode"; - version = "0.94.2"; + version = "0.96.0"; src = fetchurl { url = "mirror://sourceforge/eaglemode/${pname}-${version}.tar.bz2"; - sha256 = "10zxih7gmyhq0az1mnsw2x563l4bbwcns794s4png8rf4d6hjszm"; + hash = "sha256-aMVXJpfws9rh2Eaa/EzSLwtwvn0pVJlEbhxzvXME1hs="; }; + # Fixes "Error: No time zones found." on the clock + postPatch = '' + substituteInPlace src/emClock/emTimeZonesModel.cpp --replace "/usr/share/zoneinfo" "${tzdata}/share/zoneinfo" + ''; + nativeBuildInputs = [ pkg-config makeWrapper ]; - buildInputs = [ perl libX11 libXinerama libjpeg libpng libtiff - librsvg glib gtk2 libXxf86vm libXext poppler xine-lib ghostscript ]; + buildInputs = [ perl libX11 libXinerama libjpeg libpng libtiff libwebp + librsvg glib gtk2 libXxf86vm libXext poppler vlc ghostscript ]; # The program tries to dlopen Xxf86vm, Xext and Xinerama, so we use the # trick on NIX_LDFLAGS and dontPatchELF to make it find them. - # I use 'yes y' to skip a build error linking with xine-lib, - # because xine stopped exporting "_x_vo_new_port" - # https://sourceforge.net/projects/eaglemode/forums/forum/808824/topic/5115261 buildPhase = '' export NIX_LDFLAGS="$NIX_LDFLAGS -lXxf86vm -lXext -lXinerama" perl make.pl build @@ -36,8 +38,9 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "http://eaglemode.sourceforge.net"; description = "Zoomable User Interface"; + changelog = "https://eaglemode.sourceforge.net/ChangeLog.html"; license = licenses.gpl3; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ chuangzhu ]; platforms = platforms.linux; }; } diff --git a/pkgs/applications/misc/remarkable/rmapi/default.nix b/pkgs/applications/misc/remarkable/rmapi/default.nix index aa2b1af194d3f..2a3fbb4470110 100644 --- a/pkgs/applications/misc/remarkable/rmapi/default.nix +++ b/pkgs/applications/misc/remarkable/rmapi/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "rmapi"; - version = "0.0.22.1"; + version = "0.0.23"; src = fetchFromGitHub { owner = "juruen"; repo = "rmapi"; rev = "v${version}"; - sha256 = "sha256-tYGlI7p5KAskN+Y6vvBEm4+s9rKtL4TN43N/btN27UI="; + sha256 = "sha256-x6J3lQqSiqROLFB+S6nY/ONSluc7ffqJcK93bQpsjIs="; }; - vendorSha256 = "sha256-LmKcHV0aq7NDEwaL+u8zXkbKzzdWD8zmnAGw5xShDYo="; + vendorSha256 = "sha256-Id2RaiSxthyR6egDQz2zulbSZ4STRTaA3yQIr6Mx9kg="; doCheck = false; diff --git a/pkgs/applications/networking/cluster/terraform-providers/providers.json b/pkgs/applications/networking/cluster/terraform-providers/providers.json index ac52b952c2575..294dc59bc0f5f 100644 --- a/pkgs/applications/networking/cluster/terraform-providers/providers.json +++ b/pkgs/applications/networking/cluster/terraform-providers/providers.json @@ -11,14 +11,14 @@ "vendorHash": "sha256-AB+uj4hQIYMVQHhw1cISB2TotNO8rw1iU0/gP096CoE=" }, "acme": { - "hash": "sha256-H+1/Au/jCxNxrV+kk6tylUF85taZcs44uWed1QH1aRo=", + "hash": "sha256-fK34A45plTqtOYGbq8CAtFnyMYOvdOKFycY7X5ZlRRY=", "homepage": "https://registry.terraform.io/providers/vancluever/acme", "owner": "vancluever", "proxyVendor": true, "repo": "terraform-provider-acme", - "rev": "v2.11.1", + "rev": "v2.12.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-QGZKoxiSiT78gk2vc8uE6k1LAi/S1o5W9TZN7T/1XfA=" + "vendorHash": "sha256-L8d2Y4gSmqqmg24lULWrdKSI+194rRTVZyxJAEL+gqM=" }, "age": { "hash": "sha256-bJrzjvkrCX93bNqCA+FdRibHnAw6cb61StqtwUY5ok4=", @@ -30,29 +30,29 @@ "vendorHash": "sha256-jK7JuARpoxq7hvq5+vTtUwcYot0YqlOZdtDwq4IqKvk=" }, "aiven": { - "hash": "sha256-PeIb/HErJ3iIBwzeUmdhNXCYZBqayI2cRSDrye8A3Ys=", + "hash": "sha256-6HZHDqdYeIthzqMwTEpYTyjh624tifhoAFOXIh8xqMg=", "homepage": "https://registry.terraform.io/providers/aiven/aiven", "owner": "aiven", "repo": "terraform-provider-aiven", - "rev": "v3.9.0", + "rev": "v3.10.0", "spdx": "MIT", "vendorHash": "sha256-J/x5oc4Qr4c/K5RKswFeWgUDE+ns1bUxfpRlj29uCY0=" }, "akamai": { - "hash": "sha256-SKaSKBV47B9Y0w2zmNOek/UEbUQLtB1qAm6866RAhdA=", + "hash": "sha256-vna0TVanrfhbELwpD3ZidwkBfB20dM+11Gq6qdZ0MmA=", "homepage": "https://registry.terraform.io/providers/akamai/akamai", "owner": "akamai", "repo": "terraform-provider-akamai", - "rev": "v3.1.0", + "rev": "v3.2.1", "spdx": "MPL-2.0", - "vendorHash": "sha256-byReViTX0KRFVgWMkte00CDB/3Mw8Ov5GyD48sENmIA=" + "vendorHash": "sha256-pz+h8vbdCEgNSH9AoPlIP7zprViAMawXk64SV0wnVPo=" }, "alicloud": { - "hash": "sha256-VGrMkgX7WmIz7v0+D1OPYerslVueGw5XRBtWebLrkQk=", + "hash": "sha256-m5IZ6JiEbyAuNo2LiuuP05yApvoHypjFnGioWJ/4ETQ=", "homepage": "https://registry.terraform.io/providers/aliyun/alicloud", "owner": "aliyun", "repo": "terraform-provider-alicloud", - "rev": "v1.194.0", + "rev": "v1.194.1", "spdx": "MPL-2.0", "vendorHash": null }, @@ -84,13 +84,13 @@ "vendorHash": "sha256-U88K2CZcN7xh1rPmkZpbRWgj3+lPKN7hkB9T60jR1JQ=" }, "auth0": { - "hash": "sha256-l41GOH5J0ZF+Vp/Vabhm30ZLG6/XJrI7QeCdl2WvNso=", + "hash": "sha256-87T0ta5xU61COOfIZ1CP3TTWdCyd6RKLJ2hqShq+giM=", "homepage": "https://registry.terraform.io/providers/auth0/auth0", "owner": "auth0", "repo": "terraform-provider-auth0", - "rev": "v0.40.0", + "rev": "v0.41.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-0BE+NZe4DgAU0lNuwsHiGogMJKhM2fy9CriMtKzmJcI=" + "vendorHash": "sha256-OhtomdRIjKxELnSQGbZvrHAE1ag4VAyuSOMrZvZ5q0s=" }, "avi": { "hash": "sha256-0FcdVd7EGVHZ0iRonoGfjwYgXpJtUhqX5i925Ejhv54=", @@ -112,13 +112,13 @@ "vendorHash": null }, "aws": { - "hash": "sha256-5eqUaO8XRPh2wkltGu7D3GToNAq1zSpQ1LS/h0W/CQA=", + "hash": "sha256-EN8b2mkGys9td4XmTJ4N/Hi1T3EhLo0nv6Mludu3Mso=", "homepage": "https://registry.terraform.io/providers/hashicorp/aws", "owner": "hashicorp", "repo": "terraform-provider-aws", - "rev": "v4.46.0", + "rev": "v4.48.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-xo9Z50jK8dWxQ8DeGLjB8ppnGuUmGlQLhzRHpKs8hYg=" + "vendorHash": "sha256-BplPkGuyoljbGZnX7uDuEJsWZFWAXKe/asma9/wCGRM=" }, "azuread": { "hash": "sha256-itaFeOEnoTIJfACvJZCIe9RWNVgewdVFZzXUK7yGglQ=", @@ -130,11 +130,11 @@ "vendorHash": null }, "azurerm": { - "hash": "sha256-GNp4Am/ooMm//LGMMxJlMxQIh4rHmQdnpVEYZn3Hjb8=", + "hash": "sha256-xrP3znKMbS4jwtKxIobo8IIeiDp+clFboPrJY6aVYlA=", "homepage": "https://registry.terraform.io/providers/hashicorp/azurerm", "owner": "hashicorp", "repo": "terraform-provider-azurerm", - "rev": "v3.35.0", + "rev": "v3.37.0", "spdx": "MPL-2.0", "vendorHash": null }, @@ -149,40 +149,40 @@ }, "baiducloud": { "deleteVendor": true, - "hash": "sha256-Yw0dtfPiXLSLDvlAL3OUfZsd8ihc/OCBedsSSUcedOU=", + "hash": "sha256-4v9FuM69U+4V2Iy85vc4RP9KgzeME/R8rXxNSMBABdM=", "homepage": "https://registry.terraform.io/providers/baidubce/baiducloud", "owner": "baidubce", "repo": "terraform-provider-baiducloud", - "rev": "v1.18.3", + "rev": "v1.18.4", "spdx": "MPL-2.0", "vendorHash": "sha256-ya2FpsLQMIu8zWYObpyPgBHVkHoNKzHgdMxukbtsje4=" }, "bigip": { - "hash": "sha256-erJeg7KF3QUi85ueOQTrab2woIC1nkMXRIj/pFm0DGY=", + "hash": "sha256-VntKiBTQxe8lKV8Bb3A0moA/EUzyQQ7CInPjKJL4iBQ=", "homepage": "https://registry.terraform.io/providers/F5Networks/bigip", "owner": "F5Networks", "repo": "terraform-provider-bigip", - "rev": "v1.16.0", + "rev": "v1.16.1", "spdx": "MPL-2.0", "vendorHash": null }, "bitbucket": { - "hash": "sha256-NPcAYceokJHqfQU/cx9S2c8riFbU2tTTJEuHXPPP+eE=", + "hash": "sha256-DRczX/UQB/0KVZG7wcMCvNerOSIjiEl222Nhq0HjpZM=", "homepage": "https://registry.terraform.io/providers/DrFaust92/bitbucket", "owner": "DrFaust92", "repo": "terraform-provider-bitbucket", - "rev": "v2.24.0", + "rev": "v2.26.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-Db8mo4XOjWi3n8Ni94f4/urWkU3/WfEVQsmXEGFmpQI=" + "vendorHash": "sha256-8/ZEO0cxseXqQHx+/wKjsM0T3l+tBdCTFZqNfjaTOpo=" }, "brightbox": { - "hash": "sha256-F/AQq45ADM0+PbFpMPtpMvbYw8F41GDBzk7LoY/L/Qg=", + "hash": "sha256-ISK6cpE4DVrVzjC0N5BdyR3Z5LfF9qfg/ACTgDP+WqY=", "homepage": "https://registry.terraform.io/providers/brightbox/brightbox", "owner": "brightbox", "repo": "terraform-provider-brightbox", - "rev": "v3.0.6", + "rev": "v3.2.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-ZT+SOHn/8aoZLXUau9toc3NtQNaXfttM0agIw8T28tk=" + "vendorHash": "sha256-IiP1LvAX8fknB56gJoI75kGGkRIIoSfpmPkoTxujVDU=" }, "buildkite": { "hash": "sha256-BpQpMAecpknI8b1q6XuZPty8I/AUTAwQWm5Y28XJ+G4=", @@ -213,29 +213,29 @@ "vendorHash": null }, "cloudamqp": { - "hash": "sha256-ocwPi39Wn+nHtkRshqFKkCknFCKgmrxSMy1SJFd7ni8=", + "hash": "sha256-gT6Ik4okCAH8555KSGv0wmca0n0NFumRSkQrSvrGit4=", "homepage": "https://registry.terraform.io/providers/cloudamqp/cloudamqp", "owner": "cloudamqp", "repo": "terraform-provider-cloudamqp", - "rev": "v1.20.1", + "rev": "v1.21.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-pnQHWSXI3rqYv0EeG9rGINtInSgQ/NSMMYiPrXRMUuM=" + "vendorHash": "sha256-PALZGyGZ6Ggccl4V9gG+gsEdNipYG+DCaZkqF0W1IMQ=" }, "cloudflare": { - "hash": "sha256-1Ak5NPaOSqF0mJU2/CnssQjz7ekyVE/kqDOS5rYSN10=", + "hash": "sha256-Vlugad/EF53rbMOz2djIPEeTpO62y9OpiDHlDDeu/jI=", "homepage": "https://registry.terraform.io/providers/cloudflare/cloudflare", "owner": "cloudflare", "repo": "terraform-provider-cloudflare", - "rev": "v3.29.0", + "rev": "v3.30.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-2H+xp/A3J/xUf02voYyWP+J5MSsFM7Kz7KlgjaF99ao=" + "vendorHash": "sha256-s0z+CvCH3SCbddppwdXKD+Fle4MmHM5eRV07r+DNrnU=" }, "cloudfoundry": { - "hash": "sha256-RYUs35sSL9CuwrOfUQ/S1G6W8ILgpJqVn8Xk9s2s35Y=", + "hash": "sha256-RIzAUhusyA+lMHkfsWk/27x3ZRGVcAzqgBaoI8erQSY=", "homepage": "https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry", "owner": "cloudfoundry-community", "repo": "terraform-provider-cloudfoundry", - "rev": "v0.50.2", + "rev": "v0.50.3", "spdx": "MPL-2.0", "vendorHash": "sha256-mEWhLh4E3SI7xfmal1sJ5PdAYbYJrW/YFoBjTW9w4bA=" }, @@ -249,11 +249,11 @@ "vendorHash": null }, "cloudscale": { - "hash": "sha256-Eo7zT/KiJdzo7fhAcCg6EV29ENM/XSBumAHmL9J8agU=", + "hash": "sha256-DQ7yIqA9gII0Ub1C8DEa1AMhQbzRFvsng8TMBGz+qzg=", "homepage": "https://registry.terraform.io/providers/cloudscale-ch/cloudscale", "owner": "cloudscale-ch", "repo": "terraform-provider-cloudscale", - "rev": "v4.0.0", + "rev": "v4.1.0", "spdx": "MIT", "vendorHash": null }, @@ -286,13 +286,13 @@ "vendorHash": "sha256-QlmVrcC1ctjAHOd7qsqc9gpqttKplEy4hlT++cFUZfM=" }, "datadog": { - "hash": "sha256-QKUmbCyB9Xlr+wfEGiCR+xn8xz81FJ77pY90AzMc/Bw=", + "hash": "sha256-PSFxY/etCWojqX4Dw4sYjNjYBglT0lw5Qi6OzZtZCP0=", "homepage": "https://registry.terraform.io/providers/DataDog/datadog", "owner": "DataDog", "repo": "terraform-provider-datadog", - "rev": "v3.18.0", + "rev": "v3.19.1", "spdx": "MPL-2.0", - "vendorHash": "sha256-t3A7ACNbIZ/i5fDhIMDWnKlswT1IHwULejzkfqT5mxQ=" + "vendorHash": "sha256-+NHssfTu4JM37AYyeaBNzhNrnFGcnpVP2DPZngjKfcg=" }, "dhall": { "hash": "sha256-K0j90YAzYqdyJD4aofyxAJF9QBYNMbhSVm/s1GvWuJ4=", @@ -340,13 +340,13 @@ "vendorHash": "sha256-z0vos/tZDUClK/s2yrXZG2RU8QgA8IM6bJj6jSdCnBk=" }, "docker": { - "hash": "sha256-SWfA3WaShBa+5FTyqLv+idVdvavet7V6qRKRGwYePUM=", + "hash": "sha256-+zKOwEMWOZoq4fau/Ieo+s+p+fTb4thMqfhrEnopiVQ=", "homepage": "https://registry.terraform.io/providers/kreuzwerker/docker", "owner": "kreuzwerker", "repo": "terraform-provider-docker", - "rev": "v2.23.1", + "rev": "v2.24.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-EaWVf8GmNsabpfeOEzRjKPubCyEReGjdzRy7Ohb4mno=" + "vendorHash": "sha256-OdZQb81d7N1TdbDWEImq2U3kLkCPdhRk38+8T8fu+F4=" }, "elasticsearch": { "hash": "sha256-a6kHN3w0sQCP+0+ZtFwcg9erfVBYkhNo+yOrnwweGWo=", @@ -395,13 +395,13 @@ "vendorHash": null }, "flexibleengine": { - "hash": "sha256-LPMSYBp9qSx6PDKAHfFpO6AAR13E9oMCXyH0tkyXamU=", + "hash": "sha256-ie7GbJxkB3wekGqA+S9wBWwRDAYK0RIzbFSG+VmTSjw=", "homepage": "https://registry.terraform.io/providers/FlexibleEngineCloud/flexibleengine", "owner": "FlexibleEngineCloud", "repo": "terraform-provider-flexibleengine", - "rev": "v1.35.0", + "rev": "v1.35.1", "spdx": "MPL-2.0", - "vendorHash": "sha256-KoqhPXacce8ENYC3nsOOOzYW6baVUfnMbaVbfADyuSw=" + "vendorHash": "sha256-Q9xbrRhrq75yzjSK/LTP47xA9uP7PNBsEjTx3oNEwRY=" }, "fortios": { "deleteVendor": true, @@ -415,11 +415,11 @@ "vendorHash": "sha256-ZgVA2+2tu17dnAc51Aw3k6v8k7QosNTmFjFhmeknxa8=" }, "gandi": { - "hash": "sha256-uXZcYiNsBf5XsMjOjjQeNtGwLhTgYES1E9t63fBEI6Q=", + "hash": "sha256-dF3YCX3ghjg/OGLQT3Vzs/VLRoiuDXrTo5xP1Y8Jhgw=", "homepage": "https://registry.terraform.io/providers/go-gandi/gandi", "owner": "go-gandi", "repo": "terraform-provider-gandi", - "rev": "v2.2.0", + "rev": "v2.2.1", "spdx": "MPL-2.0", "vendorHash": "sha256-cStVmI58V46I3MYYYrbCY3llnOx2pyuM2Ku+rhe5DVQ=" }, @@ -433,31 +433,31 @@ "vendorHash": null }, "gitlab": { - "hash": "sha256-lNEkUleH0Y3ZQnHqu8cEIGdigqrbRkVRg+9kOk8kU3c=", + "hash": "sha256-RCN4CRFffg1rhyNACo/5ebVzbvsUXf6otDRuxlF8RoM=", "homepage": "https://registry.terraform.io/providers/gitlabhq/gitlab", "owner": "gitlabhq", "repo": "terraform-provider-gitlab", - "rev": "v3.20.0", + "rev": "v15.7.1", "spdx": "MPL-2.0", - "vendorHash": "sha256-QAFx/Ew86T4LWJ6ZtJTUWwR5rGunWj0E5Vzt++BN9ks=" + "vendorHash": "sha256-7XiZP51K/S5Al+VNJw4NcqzkMeqs2iSHCOlNAI4+id4=" }, "google": { - "hash": "sha256-EKPXlEpZVcQ0r97Um3kX8YZneaoKJrY76414hC5+1iA=", + "hash": "sha256-eF7y62pHjQ5YBs/M3Fh4h0qHyrTs6FyiPQ2hD+oHaVI=", "homepage": "https://registry.terraform.io/providers/hashicorp/google", "owner": "hashicorp", "proxyVendor": true, "repo": "terraform-provider-google", - "rev": "v4.46.0", + "rev": "v4.47.0", "spdx": "MPL-2.0", "vendorHash": "sha256-kyE1MPc1CofhngsMYLIPaownEZQmHc9UMSegwVZ8zIA=" }, "google-beta": { - "hash": "sha256-4ksd2LPAG6GeEexeThy4FnzTcDwDo753FP+02pCoyFU=", + "hash": "sha256-DcqVJ5qZIw/qUsZkbhcPiM2gSRpEOyn1irv9kbG5aCs=", "homepage": "https://registry.terraform.io/providers/hashicorp/google-beta", "owner": "hashicorp", "proxyVendor": true, "repo": "terraform-provider-google-beta", - "rev": "v4.46.0", + "rev": "v4.47.0", "spdx": "MPL-2.0", "vendorHash": "sha256-kyE1MPc1CofhngsMYLIPaownEZQmHc9UMSegwVZ8zIA=" }, @@ -489,11 +489,11 @@ "vendorHash": null }, "hcloud": { - "hash": "sha256-LbMnERF4ymsM5TLyAxIuawmwnTQMA8A96xKtluPj/2s=", + "hash": "sha256-ebkd9YbbK2nHjgpKkXgmusbaaDYk2bdtqpsu6dw0HDs=", "homepage": "https://registry.terraform.io/providers/hetznercloud/hcloud", "owner": "hetznercloud", "repo": "terraform-provider-hcloud", - "rev": "v1.36.1", + "rev": "v1.36.2", "spdx": "MPL-2.0", "vendorHash": "sha256-/dsiIxgW4BxSpRtnD77NqtkxEEAXH1Aj5hDCRSdiDYg=" }, @@ -625,11 +625,11 @@ "vendorHash": "sha256-nDvnLEOtXkUJFY22pKogOzkWrj4qjyQbdlJ5pa/xnK8=" }, "ksyun": { - "hash": "sha256-PfUTE8j2tb4piNeRx4FRy8s45w8euQU773oJHbcdlVE=", + "hash": "sha256-B8ficMkGmChPFxCDULcDtIusH+gil3w+yJo4B/nahzg=", "homepage": "https://registry.terraform.io/providers/kingsoftcloud/ksyun", "owner": "kingsoftcloud", "repo": "terraform-provider-ksyun", - "rev": "v1.3.59", + "rev": "v1.3.60", "spdx": "MPL-2.0", "vendorHash": "sha256-miHKAz+ONXtuC1DNukcyZbbaYReY69dz9Zk6cJdORdQ=" }, @@ -697,12 +697,12 @@ "vendorHash": "sha256-5rqn9/NE7Q0VI6SRd2VFKJl4npz9Y0Qp1pEpfj9KxrQ=" }, "lxd": { - "hash": "sha256-DfRhPRclg/hCmmp0V087hl66WSFbEyXHFUGeehlU290=", + "hash": "sha256-2YqziG5HZbD/Io/vKYZFZK1PFYVYHOjzHah7s3xEtR0=", "homepage": "https://registry.terraform.io/providers/terraform-lxd/lxd", "owner": "terraform-lxd", "proxyVendor": true, "repo": "terraform-provider-lxd", - "rev": "v1.8.0", + "rev": "v1.9.0", "spdx": "MPL-2.0", "vendorHash": "sha256-omaslX89hMAdIppBfILsGO6133Q3UgihgiJcy/Gn83M=" }, @@ -770,13 +770,13 @@ "vendorHash": null }, "newrelic": { - "hash": "sha256-nN4KXXSYp4HWxImfgd/C/ykQi02EIpq4mb20EpKboaE=", + "hash": "sha256-vSqVYFC79lR19AydrsEVJj9cPRGD5LmBrjzY/X3w6vk=", "homepage": "https://registry.terraform.io/providers/newrelic/newrelic", "owner": "newrelic", "repo": "terraform-provider-newrelic", - "rev": "v3.9.0", + "rev": "v3.11.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-WuGf6gMOOCTwUTzbinyT7yNM3S8ddHY5aS5VTAEf5Js=" + "vendorHash": "sha256-l+N4U5y1SLGiMKHsGkgA40SI+fFR6l2H9p5JqVrxrEI=" }, "nomad": { "hash": "sha256-oHY+jM4JQgLlE1wd+/H9H8H2g0e9ZuxI6OMlz3Izfjg=", diff --git a/pkgs/applications/radio/ax25-tools/default.nix b/pkgs/applications/radio/ax25-tools/default.nix new file mode 100644 index 0000000000000..0e806c1107e59 --- /dev/null +++ b/pkgs/applications/radio/ax25-tools/default.nix @@ -0,0 +1,29 @@ +{ lib +, stdenv +, fetchurl +, libax25 +}: + +stdenv.mkDerivation rec { + pname = "ax25-tools"; + version = "0.0.10-rc5"; + + buildInputs = [ libax25 ]; + + # Due to recent unsolvable administrative domain problems with linux-ax25.org, + # the new domain is linux-ax25.in-berlin.de + src = fetchurl { + url = "https://linux-ax25.in-berlin.de/pub/ax25-tools/ax25-tools-${version}.tar.gz"; + sha256 = "sha256-kqnLi1iobcufVWMPxUyaRsWKIPyTvtUkuMERGQs2qgY="; + }; + + configureFlags = [ "--sysconfdir=/etc" ]; + + meta = with lib; { + description = "Non-GUI tools used to configure an AX.25 enabled computer"; + homepage = "https://linux-ax25.in-berlin.de/wiki/Main_Page"; + license = licenses.lgpl21Only; + maintainers = with maintainers; [ sarcasticadmin ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/version-management/gh/default.nix b/pkgs/applications/version-management/gh/default.nix index 7d5a9cc6d6089..6035c1d7eb783 100644 --- a/pkgs/applications/version-management/gh/default.nix +++ b/pkgs/applications/version-management/gh/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gh"; - version = "2.20.2"; + version = "2.21.1"; src = fetchFromGitHub { owner = "cli"; repo = "cli"; rev = "v${version}"; - sha256 = "sha256-atUC6vb/tOO2GapMjTqFi4qjDAdSf2F8v3gZuzyt+9Q="; + sha256 = "sha256-DVdbyHGBnbFkKu0h01i0d1qw5OuBYydyP7qHc6B1qs0="; }; - vendorSha256 = "sha256-FSniCYr3emV9W/BuEkWe0a4aZ5RCoZJc7+K+f2q49ys="; + vendorSha256 = "sha256-b4pNcOfG+W+l2cqn4ncvR47zJltKYIcE3W1GvrWEOFY="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/applications/version-management/gitkraken/default.nix b/pkgs/applications/version-management/gitkraken/default.nix index bce2d3b7cf70b..196845bf52d7f 100644 --- a/pkgs/applications/version-management/gitkraken/default.nix +++ b/pkgs/applications/version-management/gitkraken/default.nix @@ -10,24 +10,24 @@ with lib; let pname = "gitkraken"; - version = "8.9.1"; + version = "9.0.0"; throwSystem = throw "Unsupported system: ${stdenv.hostPlatform.system}"; srcs = { x86_64-linux = fetchzip { url = "https://release.axocdn.com/linux/GitKraken-v${version}.tar.gz"; - sha256 = "sha256-taz610BIAZm8TB2GQSHLjcDLVjfvtcyLqJ2XBaD6NRE="; + sha256 = "sha256-I6iIg+RBTz5HyommAvDuQBBURjMm04t31o5OZNCrYGc="; }; x86_64-darwin = fetchzip { url = "https://release.axocdn.com/darwin/GitKraken-v${version}.zip"; - sha256 = "sha256-TMcXtRO9ANQlmHPULgC/05qrqQC6oN58G3ytokRr/Z8="; + sha256 = "1dhswjzyjrfz4psjji53fjpvb8845lv44qqc6ncfv1ljx9ky828r"; }; aarch64-darwin = fetchzip { url = "https://release.axocdn.com/darwin-arm64/GitKraken-v${version}.zip"; - sha256 = "sha256-vuk0nfl+Ga5yiZWNwDd9o8qOjmiTLe5tQjGhia0bIk0="; + sha256 = "0jzcwx1z240rr08qc6vbasn51bcadz2jl3vm3jwgjpfdwypnsvk1"; }; }; diff --git a/pkgs/applications/virtualization/containerd/default.nix b/pkgs/applications/virtualization/containerd/default.nix index c84ba7a6c46e0..7a16489c044cd 100644 --- a/pkgs/applications/virtualization/containerd/default.nix +++ b/pkgs/applications/virtualization/containerd/default.nix @@ -10,13 +10,13 @@ buildGoModule rec { pname = "containerd"; - version = "1.6.12"; + version = "1.6.14"; src = fetchFromGitHub { owner = "containerd"; repo = "containerd"; rev = "v${version}"; - sha256 = "sha256-02eg2RNEim47Q3TyTLYc0IdaBJcOf89qTab8GV8fDgA="; + sha256 = "sha256-+2K2lLxTXZS8pjgqhJZd+JovUFqG5Cgw9iAbDjnUvvQ="; }; vendorSha256 = null; diff --git a/pkgs/build-support/rust/import-cargo-lock.nix b/pkgs/build-support/rust/import-cargo-lock.nix index e571c01f95c5d..7a4ddec3ebd1d 100644 --- a/pkgs/build-support/rust/import-cargo-lock.nix +++ b/pkgs/build-support/rust/import-cargo-lock.nix @@ -7,6 +7,9 @@ # Cargo lock file contents as string , lockFileContents ? null + # Allow `builtins.fetchGit` to be used to not require hashes for git dependencies +, allowBuiltinFetchGit ? false + # Hashes for git dependencies. , outputHashes ? {} } @ args: @@ -38,14 +41,14 @@ let # There is no source attribute for the source package itself. But # since we do not want to vendor the source package anyway, we can # safely skip it. - depPackages = (builtins.filter (p: p ? "source") packages); + depPackages = builtins.filter (p: p ? "source") packages; # Create dependent crates from packages. # # Force evaluation of the git SHA -> hash mapping, so that an error is # thrown if there are stale hashes. We cannot rely on gitShaOutputHash # being evaluated otherwise, since there could be no git dependencies. - depCrates = builtins.deepSeq (gitShaOutputHash) (builtins.map mkCrate depPackages); + depCrates = builtins.deepSeq gitShaOutputHash (builtins.map mkCrate depPackages); # Map package name + version to git commit SHA for packages with a git source. namesGitShas = builtins.listToAttrs ( @@ -117,12 +120,20 @@ let If you use `buildRustPackage`, you can add this attribute to the `cargoLock` attribute set. ''; - sha256 = gitShaOutputHash.${gitParts.sha} or missingHash; - tree = fetchgit { - inherit sha256; - inherit (gitParts) url; - rev = gitParts.sha; # The commit SHA is always available. - }; + tree = + if gitShaOutputHash ? ${gitParts.sha} then + fetchgit { + inherit (gitParts) url; + rev = gitParts.sha; # The commit SHA is always available. + sha256 = gitShaOutputHash.${gitParts.sha}; + } + else if allowBuiltinFetchGit then + builtins.fetchGit { + inherit (gitParts) url; + rev = gitParts.sha; + } + else + missingHash; in runCommand "${pkg.name}-${pkg.version}" {} '' tree=${tree} diff --git a/pkgs/common-updater/nix-update.nix b/pkgs/common-updater/nix-update.nix index bb547302b79a9..269e1b6e64553 100644 --- a/pkgs/common-updater/nix-update.nix +++ b/pkgs/common-updater/nix-update.nix @@ -1,7 +1,7 @@ -{ nix-update }: +{ lib, nix-update }: -{ attrPath -, extraArgs ? [] +{ attrPath ? null +, extraArgs ? [ ] }: -[ "${nix-update}/bin/nix-update" ] ++ extraArgs ++ [ attrPath ] +[ "${nix-update}/bin/nix-update" ] ++ extraArgs ++ lib.optional (attrPath != null) attrPath diff --git a/pkgs/desktops/xfce/default.nix b/pkgs/desktops/xfce/default.nix index 546681afedf92..76923f4d57a26 100644 --- a/pkgs/desktops/xfce/default.nix +++ b/pkgs/desktops/xfce/default.nix @@ -192,55 +192,4 @@ lib.makeScopeWithSplicing thunar-bare = self.thunar.override { thunarPlugins = [ ]; }; # added 2019-11-04 - }) // lib.optionalAttrs config.allowAliases { - #### Legacy aliases. They need to be outside the scope or they will shadow the attributes from parent scope. - - terminal = throw "xfce.terminal has been removed, use xfce.xfce4-terminal instead"; # added 2022-05-24 - thunar-build = throw "xfce.thunar-build has been removed, use xfce.thunar-bare instead"; # added 2022-05-24 - thunarx-2-dev = throw "xfce.thunarx-2-dev has been removed, use xfce.thunar-bare instead"; # added 2022-05-24 - thunar_volman = throw "xfce.thunar_volman has been removed, use xfce.thunar-volman instead"; # added 2022-05-24 - xfce4panel = throw "xfce.xfce4panel has been removed, use xfce.xfce4-panel instead"; # added 2022-05-24 - xfce4session = throw "xfce.xfce4session has been removed, use xfce.xfce4-session instead"; # added 2022-05-24 - xfce4settings = throw "xfce.xfce4settings has been removed, use xfce.xfce4-settings instead"; # added 2022-05-24 - xfce4_power_manager = throw "xfce.xfce4_power_manager has been removed, use xfce.xfce4-power-manager instead"; # added 2022-05-24 - xfce4_appfinder = throw "xfce.xfce4_appfinder has been removed, use xfce.xfce4-appfinder instead"; # added 2022-05-24 - xfce4_dev_tools = throw "xfce.xfce4_dev_tools has been removed, use xfce.xfce4-dev-tools instead"; # added 2022-05-24 - xfce4notifyd = throw "xfce.xfce4notifyd has been removed, use xfce.xfce4-notifyd instead"; # added 2022-05-24 - xfce4taskmanager = throw "xfce.xfce4taskmanager has been removed, use xfce.xfce4-taskmanager instead"; # added 2022-05-24 - xfce4terminal = throw "xfce.xfce4terminal has been removed, use xfce.xfce4-terminal instead"; # added 2022-05-24 - xfce4volumed_pulse = throw "xfce.xfce4volumed_pulse has been removed, use xfce.xfce4-volumed-pulse instead"; # added 2022-05-24 - xfce4icontheme = throw "xfce.xfce4icontheme has been removed, use xfce.xfce4-icon-theme instead"; # added 2022-05-24 - xfwm4themes = throw "xfce.xfwm4themes has been removed, use xfce.xfwm4-themes instead"; # added 2022-05-24 - xfce4_battery_plugin = throw "xfce.xfce4_battery_plugin has been removed, use xfce.xfce4-battery-plugin instead"; # added 2022-05-24 - xfce4_clipman_plugin = throw "xfce.xfce4_clipman_plugin has been removed, use xfce.xfce4-clipman-plugin instead"; # added 2022-05-24 - xfce4_cpufreq_plugin = throw "xfce.xfce4_cpufreq_plugin has been removed, use xfce.xfce4-cpufreq-plugin instead"; # added 2022-05-24 - xfce4_cpugraph_plugin = throw "xfce.xfce4_cpugraph_plugin has been removed, use xfce.xfce4-cpugraph-plugin instead"; # added 2022-05-24 - xfce4_datetime_plugin = throw "xfce.xfce4_datetime_plugin has been removed, use xfce.xfce4-datetime-plugin instead"; # added 2022-05-24 - xfce4_dockbarx_plugin = throw "xfce.xfce4_dockbarx_plugin has been removed, use xfce.xfce4-dockbarx-plugin instead"; # added 2022-05-24 - xfce4_embed_plugin = throw "xfce.xfce4_embed_plugin has been removed, use xfce.xfce4-embed-plugin instead"; # added 2022-05-24 - xfce4_eyes_plugin = throw "xfce.xfce4_eyes_plugin has been removed, use xfce.xfce4-eyes-plugin instead"; # added 2022-05-24 - xfce4_fsguard_plugin = throw "xfce.xfce4_fsguard_plugin has been removed, use xfce.xfce4-fsguard-plugin instead"; # added 2022-05-24 - xfce4_genmon_plugin = throw "xfce.xfce4_genmon_plugin has been removed, use xfce.xfce4-genmon-plugin instead"; # added 2022-05-24 - xfce4_hardware_monitor_plugin = throw "xfce.xfce4_hardware_monitor_plugin has been removed, use xfce.xfce4-hardware-monitor-plugin instead"; # added 2022-05-24 - xfce4_namebar_plugin = throw "xfce.xfce4_namebar_plugin has been removed, use xfce.xfce4-namebar-plugin instead"; # added 2022-05-24 - xfce4_netload_plugin = throw "xfce.xfce4_netload_plugin has been removed, use xfce.xfce4-netload-plugin instead"; # added 2022-05-24 - xfce4_notes_plugin = throw "xfce.xfce4_notes_plugin has been removed, use xfce.xfce4-notes-plugin instead"; # added 2022-05-24 - xfce4_mailwatch_plugin = throw "xfce.xfce4_mailwatch_plugin has been removed, use xfce.xfce4-mailwatch-plugin instead"; # added 2022-05-24 - xfce4_mpc_plugin = throw "xfce.xfce4_mpc_plugin has been removed, use xfce.xfce4-mpc-plugin instead"; # added 2022-05-24 - xfce4_sensors_plugin = throw "xfce.xfce4_sensors_plugin has been removed, use xfce.xfce4-sensors-plugin instead"; # added 2022-05-24 - xfce4_systemload_plugin = throw "xfce.xfce4_systemload_plugin has been removed, use xfce.xfce4-systemload-plugin instead"; # added 2022-05-24 - xfce4_timer_plugin = throw "xfce.xfce4_timer_plugin has been removed, use xfce.xfce4-timer-plugin instead"; # added 2022-05-24 - xfce4_verve_plugin = throw "xfce.xfce4_verve_plugin has been removed, use xfce.xfce4-verve-plugin instead"; # added 2022-05-24 - xfce4_xkb_plugin = throw "xfce.xfce4_xkb_plugin has been removed, use xfce.xfce4-xkb-plugin instead"; # added 2022-05-24 - xfce4_weather_plugin = throw "xfce.xfce4_weather_plugin has been removed, use xfce.xfce4-weather-plugin instead"; # added 2022-05-24 - xfce4_whiskermenu_plugin = throw "xfce.xfce4_whiskermenu_plugin has been removed, use xfce.xfce4-whiskermenu-plugin instead"; # added 2022-05-24 - xfce4_windowck_plugin = throw "xfce.xfce4_windowck_plugin has been removed, use xfce.xfce4-windowck-plugin instead"; # added 2022-05-24 - xfce4_pulseaudio_plugin = throw "xfce.xfce4_pulseaudio_plugin has been removed, use xfce.xfce4-pulseaudio-plugin instead"; # added 2022-05-24 - libxfce4ui_gtk3 = throw "xfce.libxfce4ui_gtk3 has been removed, use xfce.libxfce4ui instead"; # added 2022-05-24 - xfce4panel_gtk3 = throw "xfce.xfce4panel_gtk3 has been removed, use xfce.xfce4-panel instead"; # added 2022-05-24 - xfce4_power_manager_gtk3 = throw "xfce.xfce4_power_manager_gtk3 has been removed, use xfce.xfce4-power-manager instead"; # added 2022-05-24 - gtk = throw "xfce.gtk has been removed, use gtk2 instead"; # added 2022-05-24 - gtksourceview = throw "xfce.gtksourceview has been removed, use gtksourceview instead"; # added 2022-05-24 - dconf = throw "xfce.dconf has been removed, use dconf instead"; # added 2022-05-24 - vte = throw "xfce.vte has been removed, use vte instead"; # added 2022-05-24 -} + }) diff --git a/pkgs/development/interpreters/lua-5/build-lua-package.nix b/pkgs/development/interpreters/lua-5/build-lua-package.nix index d11c0d0f03906..a15a12dd284d0 100644 --- a/pkgs/development/interpreters/lua-5/build-lua-package.nix +++ b/pkgs/development/interpreters/lua-5/build-lua-package.nix @@ -14,7 +14,7 @@ , rockspecVersion ? version # by default prefix `name` e.g. "lua5.2-${name}" -, namePrefix ? "${lua.pname}${lua.sourceVersion.major}.${lua.sourceVersion.minor}-" +, namePrefix ? "${lua.pname}${lib.versions.majorMinor version}-" # Dependencies for building the package , buildInputs ? [] diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix index ac903545b0f32..3cf436419f34d 100644 --- a/pkgs/development/interpreters/lua-5/default.nix +++ b/pkgs/development/interpreters/lua-5/default.nix @@ -1,5 +1,5 @@ # similar to interpreters/python/default.nix -{ stdenv, lib, callPackage, fetchurl, fetchpatch, makeBinaryWrapper }: +{ stdenv, lib, callPackage, fetchFromGitHub, fetchurl, fetchpatch, makeBinaryWrapper }: let @@ -8,7 +8,6 @@ let # copied from python passthruFun = { executable - , sourceVersion , luaversion , packageOverrides , luaOnBuildForBuild @@ -67,7 +66,7 @@ let withPackages = import ./with-packages.nix { inherit buildEnv luaPackages;}; pkgs = luaPackages; interpreter = "${self}/bin/${executable}"; - inherit executable luaversion sourceVersion; + inherit executable luaversion; luaOnBuild = luaOnBuildForHost.override { inherit packageOverrides; self = luaOnBuild; }; tests = callPackage ./tests { inherit (luaPackages) wrapLua; }; @@ -80,7 +79,7 @@ in rec { lua5_4 = callPackage ./interpreter.nix { self = lua5_4; - sourceVersion = { major = "5"; minor = "4"; patch = "4"; }; + version = "5.4.4"; hash = "sha256-Fkx4SWU7gK5nvsS3RzuIS/XMjS3KBWU0dewu0nuev2E="; makeWrapper = makeBinaryWrapper; inherit passthruFun; @@ -112,7 +111,7 @@ rec { lua5_3 = callPackage ./interpreter.nix { self = lua5_3; - sourceVersion = { major = "5"; minor = "3"; patch = "6"; }; + version = "5.3.6"; hash = "0q3d8qhd7p0b7a4mh9g7fxqksqfs6mr1nav74vq26qvkp2dxcpzw"; makeWrapper = makeBinaryWrapper; inherit passthruFun; @@ -129,7 +128,7 @@ rec { lua5_2 = callPackage ./interpreter.nix { self = lua5_2; - sourceVersion = { major = "5"; minor = "2"; patch = "4"; }; + version = "5.2.4"; hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr"; makeWrapper = makeBinaryWrapper; inherit passthruFun; @@ -146,7 +145,7 @@ rec { lua5_1 = callPackage ./interpreter.nix { self = lua5_1; - sourceVersion = { major = "5"; minor = "1"; patch = "5"; }; + version = "5.1.5"; hash = "2640fc56a795f29d28ef15e13c34a47e223960b0240e8cb0a82d9b0738695333"; makeWrapper = makeBinaryWrapper; inherit passthruFun; @@ -156,12 +155,12 @@ rec { luajit_2_0 = import ../luajit/2.0.nix { self = luajit_2_0; - inherit callPackage lib passthruFun; + inherit callPackage fetchFromGitHub lib passthruFun; }; luajit_2_1 = import ../luajit/2.1.nix { self = luajit_2_1; - inherit callPackage passthruFun; + inherit callPackage fetchFromGitHub passthruFun; }; } diff --git a/pkgs/development/interpreters/lua-5/interpreter.nix b/pkgs/development/interpreters/lua-5/interpreter.nix index c265785b8d85d..59afff3794494 100644 --- a/pkgs/development/interpreters/lua-5/interpreter.nix +++ b/pkgs/development/interpreters/lua-5/interpreter.nix @@ -9,19 +9,19 @@ , pkgsBuildTarget , pkgsHostHost , pkgsTargetTarget -, sourceVersion +, version , hash , passthruFun , patches ? [] , postConfigure ? null , postBuild ? null , staticOnly ? stdenv.hostPlatform.isStatic -, luaAttr ? "lua${sourceVersion.major}_${sourceVersion.minor}" +, luaAttr ? "lua${lib.versions.major version}_${lib.versions.minor version}" } @ inputs: let luaPackages = self.pkgs; - luaversion = with sourceVersion; "${major}.${minor}"; + luaversion = lib.versions.majorMinor version; plat = if (stdenv.isLinux && lib.versionOlder self.luaversion "5.4") then "linux" else if (stdenv.isLinux && lib.versionAtLeast self.luaversion "5.4") then "linux-readline" @@ -36,7 +36,7 @@ in stdenv.mkDerivation rec { pname = "lua"; - version = "${luaversion}.${sourceVersion.patch}"; + inherit version; src = fetchurl { url = "https://www.lua.org/ftp/${pname}-${version}.tar.gz"; @@ -136,7 +136,7 @@ stdenv.mkDerivation rec { inputs' = lib.filterAttrs (n: v: ! lib.isDerivation v && n != "passthruFun") inputs; override = attr: let lua = attr.override (inputs' // { self = lua; }); in lua; in passthruFun rec { - inherit self luaversion packageOverrides luaAttr sourceVersion; + inherit self luaversion packageOverrides luaAttr; executable = "lua"; luaOnBuildForBuild = override pkgsBuildBuild.${luaAttr}; luaOnBuildForHost = override pkgsBuildHost.${luaAttr}; diff --git a/pkgs/development/interpreters/luajit/2.0.nix b/pkgs/development/interpreters/luajit/2.0.nix index 3df2ac457c07a..daa298761762e 100644 --- a/pkgs/development/interpreters/luajit/2.0.nix +++ b/pkgs/development/interpreters/luajit/2.0.nix @@ -1,13 +1,18 @@ -{ self, callPackage, lib, passthruFun }: +{ self, callPackage, fetchFromGitHub, lib, passthruFun }: + callPackage ./default.nix { - sourceVersion = { major = "2"; minor = "0"; patch = "5"; }; - inherit self passthruFun; version = "2.0.5-2022-09-13"; - rev = "46e62cd963a426e83a60f691dcbbeb742c7b3ba2"; isStable = true; - hash = "sha256-/XR9+6NjXs2TrUVKJNkH2h970BkDNFqMDJTWcy/bswU="; + src = fetchFromGitHub { + owner = "LuaJIT"; + repo = "LuaJIT"; + rev = "46e62cd963a426e83a60f691dcbbeb742c7b3ba2"; + hash = "sha256-/XR9+6NjXs2TrUVKJNkH2h970BkDNFqMDJTWcy/bswU="; + }; + extraMeta = { # this isn't precise but it at least stops the useless Hydra build platforms = with lib; filter (p: !hasPrefix "aarch64-" p) (platforms.linux ++ platforms.darwin); }; + inherit self passthruFun; } diff --git a/pkgs/development/interpreters/luajit/2.1.nix b/pkgs/development/interpreters/luajit/2.1.nix index d2233f15819fd..8362aab55e0fa 100644 --- a/pkgs/development/interpreters/luajit/2.1.nix +++ b/pkgs/development/interpreters/luajit/2.1.nix @@ -1,9 +1,13 @@ -{ self, callPackage, passthruFun }: +{ self, callPackage, fetchFromGitHub, passthruFun }: callPackage ./default.nix { - sourceVersion = { major = "2"; minor = "1"; patch = "0"; }; - inherit self passthruFun; version = "2.1.0-2022-10-04"; - rev = "6c4826f12c4d33b8b978004bc681eb1eef2be977"; isStable = false; - hash = "sha256-GMgoSVHrfIuLdk8mW9XgdemNFsAkkQR4wiGGjaAXAKg="; + src = fetchFromGitHub { + owner = "LuaJIT"; + repo = "LuaJIT"; + rev = "6c4826f12c4d33b8b978004bc681eb1eef2be977"; + hash = "sha256-GMgoSVHrfIuLdk8mW9XgdemNFsAkkQR4wiGGjaAXAKg="; + }; + + inherit self passthruFun; } diff --git a/pkgs/development/interpreters/luajit/default.nix b/pkgs/development/interpreters/luajit/default.nix index 1f830ac65d0db..64aa0345e80b0 100644 --- a/pkgs/development/interpreters/luajit/default.nix +++ b/pkgs/development/interpreters/luajit/default.nix @@ -3,9 +3,8 @@ , fetchFromGitHub , buildPackages , isStable -, hash -, rev , version +, src , extraMeta ? { } , callPackage , self @@ -15,7 +14,6 @@ , pkgsBuildTarget , pkgsHostHost , pkgsTargetTarget -, sourceVersion , passthruFun , enableFFI ? true , enableJIT ? true @@ -28,7 +26,7 @@ , enableAPICheck ? false , enableVMAssertions ? false , useSystemMalloc ? false -, luaAttr ? "luajit_${sourceVersion.major}_${sourceVersion.minor}" +, luaAttr ? "luajit_${lib.versions.major version}_${lib.versions.minor version}" } @ inputs: assert enableJITDebugModule -> enableJIT; assert enableGDBJITSupport -> enableJIT; @@ -51,12 +49,7 @@ let in stdenv.mkDerivation rec { pname = "luajit"; - inherit version; - src = fetchFromGitHub { - owner = "LuaJIT"; - repo = "LuaJIT"; - inherit hash rev; - }; + inherit version src; luaversion = "5.1"; @@ -113,7 +106,7 @@ stdenv.mkDerivation rec { inputs' = lib.filterAttrs (n: v: ! lib.isDerivation v && n != "passthruFun") inputs; override = attr: let lua = attr.override (inputs' // { self = lua; }); in lua; in passthruFun rec { - inherit self luaversion packageOverrides luaAttr sourceVersion; + inherit self luaversion packageOverrides luaAttr; executable = "lua"; luaOnBuildForBuild = override pkgsBuildBuild.${luaAttr}; luaOnBuildForHost = override pkgsBuildHost.${luaAttr}; diff --git a/pkgs/development/libraries/sundials/default.nix b/pkgs/development/libraries/sundials/default.nix index 367b7d999eeea..7868214e6cd72 100644 --- a/pkgs/development/libraries/sundials/default.nix +++ b/pkgs/development/libraries/sundials/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { pname = "sundials"; - version = "6.4.1"; + version = "6.5.0"; outputs = [ "out" "examples" ]; src = fetchurl { url = "https://github.com/LLNL/sundials/releases/download/v${version}/sundials-${version}.tar.gz"; - hash = "sha256-e/EKjSkgWRrz+6LbklSOka1g63JBqyM1CpsbxR4F6NA="; + hash = "sha256-TguZjf8pKiYX4Xlgm1ObUR64CDb1+qz4AOaIqIYohQI="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/bleak-retry-connector/default.nix b/pkgs/development/python-modules/bleak-retry-connector/default.nix index 320f009ef35ff..80f13ecee603b 100644 --- a/pkgs/development/python-modules/bleak-retry-connector/default.nix +++ b/pkgs/development/python-modules/bleak-retry-connector/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "bleak-retry-connector"; - version = "2.10.2"; + version = "2.13.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "Bluetooth-Devices"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-9s7Ff7lH7a/zoV0blrp5tOZoZkBDAoSZx5aL9VQyzFo="; + hash = "sha256-p61U2WF+Bq2xJif3W74ghS51UggjLjIsFMGdhEu3pq8="; }; postPatch = '' @@ -60,6 +60,7 @@ buildPythonPackage rec { meta = with lib; { description = "Connector for Bleak Clients that handles transient connection failures"; homepage = "https://github.com/bluetooth-devices/bleak-retry-connector"; + changelog = "https://github.com/bluetooth-devices/bleak-retry-connector/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/development/python-modules/bluetooth-adapters/default.nix b/pkgs/development/python-modules/bluetooth-adapters/default.nix index d467e6924d6cb..15487e607c758 100644 --- a/pkgs/development/python-modules/bluetooth-adapters/default.nix +++ b/pkgs/development/python-modules/bluetooth-adapters/default.nix @@ -17,7 +17,7 @@ buildPythonPackage rec { pname = "bluetooth-adapters"; - version = "0.14.1"; + version = "0.15.2"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -26,7 +26,7 @@ buildPythonPackage rec { owner = "Bluetooth-Devices"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-QqwEnz3b5+r7bUSrZkzTwFn8fYczNuUi49hpa1LRsrw="; + hash = "sha256-vwcOMg10XRT6wNkQQF6qkbWSG2rsUXaDSEiIevii1eA="; }; postPatch = '' diff --git a/pkgs/development/python-modules/fakeredis/default.nix b/pkgs/development/python-modules/fakeredis/default.nix index dfde6be5c4ca1..a0f68ea0da661 100644 --- a/pkgs/development/python-modules/fakeredis/default.nix +++ b/pkgs/development/python-modules/fakeredis/default.nix @@ -16,7 +16,7 @@ buildPythonPackage rec { pname = "fakeredis"; - version = "2.3.0"; + version = "2.4.0"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -25,7 +25,7 @@ buildPythonPackage rec { owner = "dsoftwareinc"; repo = "fakeredis-py"; rev = "refs/tags/v${version}"; - hash = "sha256-3CHBSjuvpH614Hag+8EWzpvVcdx140/NvsQHf3DyzZM="; + hash = "sha256-LKUDwx3EEcOQFhUjTe5xm3AQRuwTGsYY27Vmg2R9ofc="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/ssh-mitm/default.nix b/pkgs/development/python-modules/ssh-mitm/default.nix index ea2aa9531c59f..ae703fb48e53c 100644 --- a/pkgs/development/python-modules/ssh-mitm/default.nix +++ b/pkgs/development/python-modules/ssh-mitm/default.nix @@ -1,23 +1,21 @@ { lib +, argcomplete , buildPythonPackage , fetchFromGitHub , pythonOlder , colored -, enhancements , packaging , paramiko , pytz , pyyaml -, requests , rich , sshpubkeys -, typeguard , pytestCheckHook }: buildPythonPackage rec { pname = "ssh-mitm"; - version = "2.1.0"; + version = "3.0.1"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -26,20 +24,18 @@ buildPythonPackage rec { owner = pname; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-DMXzDgSt1p3ZNGrXnSr79KH33SJNN8U4/94Hoz7Rs+I="; + hash = "sha256-bFxpgzomtcFGf0LfLUR05y3+/8DNhND6EKAmCZcYb5E="; }; propagatedBuildInputs = [ + argcomplete colored - enhancements packaging paramiko pytz pyyaml - requests rich sshpubkeys - typeguard ]; # Module has no tests @@ -52,7 +48,8 @@ buildPythonPackage rec { meta = with lib; { description = "Tool for SSH security audits"; homepage = "https://github.com/ssh-mitm/ssh-mitm"; - license = licenses.lgpl3Only; + changelog = "https://github.com/ssh-mitm/ssh-mitm/blob/${version}/CHANGELOG.md"; + license = licenses.gpl3Only; maintainers = with maintainers; [ fab ]; }; } diff --git a/pkgs/development/python-modules/tablib/default.nix b/pkgs/development/python-modules/tablib/default.nix index f07691abdca76..39ca2941c0380 100644 --- a/pkgs/development/python-modules/tablib/default.nix +++ b/pkgs/development/python-modules/tablib/default.nix @@ -16,14 +16,14 @@ buildPythonPackage rec { pname = "tablib"; - version = "3.2.1"; + version = "3.3.0"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-pX8ncLjCJf6+wcseZQEqac8w3Si+gQ4P+Y0CR2jH0PE="; + hash = "sha256-EeAqb4HSVuBmaHfYOXly0QMCMHpUwE/XFX6S+vdAyxA="; }; postPatch = '' diff --git a/pkgs/development/tools/analysis/svlint/Cargo.lock b/pkgs/development/tools/analysis/svlint/Cargo.lock deleted file mode 100644 index 60378bcc0575f..0000000000000 --- a/pkgs/development/tools/analysis/svlint/Cargo.lock +++ /dev/null @@ -1,784 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "aho-corasick" -version = "0.7.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4f55bd91a0978cbfd91c457a164bab8b4001c833b7f323132c0a4e1922dd44e" -dependencies = [ - "memchr", -] - -[[package]] -name = "anyhow" -version = "1.0.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216261ddc8289130e551ddcd5ce8a064710c0d064a4d2895c67151c92b5443f6" - -[[package]] -name = "arrayvec" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" - -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi", - "libc", - "winapi", -] - -[[package]] -name = "autocfg" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" - -[[package]] -name = "bitflags" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" - -[[package]] -name = "bitvec" -version = "0.19.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55f93d0ef3363c364d5976646a38f04cf67cfe1d4c8d160cdea02cab2c116b33" -dependencies = [ - "funty", - "radium", - "tap", - "wyz", -] - -[[package]] -name = "bytecount" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f861d9ce359f56dbcb6e0c2a1cb84e52ad732cadb57b806adeb3c7668caccbd8" - -[[package]] -name = "bytecount" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c676a478f63e9fa2dd5368a42f28bba0d6c560b775f38583c8bbaa7fcd67c9c" - -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "clap" -version = "3.2.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5" -dependencies = [ - "atty", - "bitflags", - "clap_derive", - "clap_lex", - "indexmap", - "once_cell", - "strsim", - "termcolor", - "textwrap", -] - -[[package]] -name = "clap_derive" -version = "3.2.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea0c8bce528c4be4da13ea6fead8965e95b6073585a2f05204bd8f4119f82a65" -dependencies = [ - "heck", - "proc-macro-error", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "clap_lex" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" -dependencies = [ - "os_str_bytes", -] - -[[package]] -name = "colored" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3616f750b84d8f0de8a58bda93e08e2a81ad3f523089b05f1dffecab48c6cbd" -dependencies = [ - "atty", - "lazy_static", - "winapi", -] - -[[package]] -name = "dirs-next" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b98cf8ebf19c3d1b223e151f99a4f9f0690dca41414773390fc824184ac833e1" -dependencies = [ - "cfg-if", - "dirs-sys-next", -] - -[[package]] -name = "dirs-sys-next" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d" -dependencies = [ - "libc", - "redox_users", - "winapi", -] - -[[package]] -name = "enquote" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06c36cb11dbde389f4096111698d8b567c0720e3452fd5ac3e6b4e47e1939932" -dependencies = [ - "thiserror", -] - -[[package]] -name = "funty" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" - -[[package]] -name = "getrandom" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" -dependencies = [ - "cfg-if", - "libc", - "wasi", -] - -[[package]] -name = "hashbrown" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" - -[[package]] -name = "heck" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9" - -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - -[[package]] -name = "indexmap" -version = "1.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e" -dependencies = [ - "autocfg", - "hashbrown", -] - -[[package]] -name = "lazy_static" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" - -[[package]] -name = "lexical-core" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6607c62aa161d23d17a9072cc5da0be67cdfc89d3afb1e8d9c842bebc2525ffe" -dependencies = [ - "arrayvec", - "bitflags", - "cfg-if", - "ryu", - "static_assertions", -] - -[[package]] -name = "libc" -version = "0.2.137" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc7fcc620a3bff7cdd7a365be3376c97191aeaccc2a603e600951e452615bf89" - -[[package]] -name = "libloading" -version = "0.7.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" -dependencies = [ - "cfg-if", - "winapi", -] - -[[package]] -name = "memchr" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" - -[[package]] -name = "nom" -version = "5.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af" -dependencies = [ - "lexical-core", - "memchr", - "version_check", -] - -[[package]] -name = "nom" -version = "6.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2" -dependencies = [ - "bitvec", - "funty", - "lexical-core", - "memchr", - "version_check", -] - -[[package]] -name = "nom-greedyerror" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "133e5024c0b65c4235e3200a3b6e30f3875475f1e452525e1a421b7f2a997c52" -dependencies = [ - "nom 5.1.2", - "nom 6.1.2", - "nom_locate 1.0.0", - "nom_locate 2.1.0", - "nom_locate 3.0.2", -] - -[[package]] -name = "nom-packrat" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5c5a5a7eae83c3c9d53bdfd94e8bb1d700c6bb78f00d25af71263fc07cf477b" -dependencies = [ - "nom-packrat-macros", - "nom_locate 1.0.0", - "nom_locate 3.0.2", -] - -[[package]] -name = "nom-packrat-macros" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fccdfb4771d14a08918cd7b7352de2797ade66a2df9920cee13793e943c3d09" -dependencies = [ - "quote", - "syn", -] - -[[package]] -name = "nom-recursive" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0de2967d4f9065b08596dcfa9be631abc4997951b9e0a93e2279b052370bacc" -dependencies = [ - "nom-recursive-macros", - "nom_locate 1.0.0", - "nom_locate 3.0.2", -] - -[[package]] -name = "nom-recursive-macros" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07744fc6b7423baf7198f9e1200305f27eafe7395289fa7462b63dacd4eac78d" -dependencies = [ - "quote", - "syn", -] - -[[package]] -name = "nom-tracable" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "128b58b88f084359e18858edde832830041e0a561d23bb214e656e00972de316" -dependencies = [ - "nom 6.1.2", - "nom-tracable-macros", - "nom_locate 1.0.0", - "nom_locate 3.0.2", -] - -[[package]] -name = "nom-tracable-macros" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8416fc5553b00d217b0381929fbce7368935d609afdee46c844e09f962b379e6" -dependencies = [ - "quote", - "syn", -] - -[[package]] -name = "nom_locate" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f932834fd8e391fc7710e2ba17e8f9f8645d846b55aa63207e17e110a1e1ce35" -dependencies = [ - "bytecount 0.3.2", - "memchr", - "nom 5.1.2", -] - -[[package]] -name = "nom_locate" -version = "2.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a67484adf5711f94f2f28b653bf231bff8e438be33bf5b0f35935a0db4f618a2" -dependencies = [ - "bytecount 0.6.3", - "memchr", - "nom 5.1.2", -] - -[[package]] -name = "nom_locate" -version = "3.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4689294073dda8a54e484212171efdcb6b12b1908fd70c3dc3eec15b8833b06d" -dependencies = [ - "bytecount 0.6.3", - "memchr", - "nom 6.1.2", -] - -[[package]] -name = "once_cell" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860" - -[[package]] -name = "os_str_bytes" -version = "6.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3baf96e39c5359d2eb0dd6ccb42c62b91d9678aa68160d261b9e0ccbf9e9dea9" - -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - -[[package]] -name = "proc-macro2" -version = "1.0.47" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "radium" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" - -[[package]] -name = "redox_syscall" -version = "0.2.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" -dependencies = [ - "bitflags", -] - -[[package]] -name = "redox_users" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" -dependencies = [ - "getrandom", - "redox_syscall", - "thiserror", -] - -[[package]] -name = "regex" -version = "1.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e076559ef8e241f2ae3479e36f97bd5741c0330689e217ad51ce2c76808b868a" -dependencies = [ - "aho-corasick", - "memchr", - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.6.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" - -[[package]] -name = "rustversion" -version = "1.0.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97477e48b4cf8603ad5f7aaf897467cf42ab4218a38ef76fb14c2d6773a6d6a8" - -[[package]] -name = "ryu" -version = "1.0.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4501abdff3ae82a1c1b477a17252eb69cee9e66eb915c1abaa4f44d873df9f09" - -[[package]] -name = "same-file" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" -dependencies = [ - "winapi-util", -] - -[[package]] -name = "serde" -version = "1.0.147" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d193d69bae983fc11a79df82342761dfbf28a99fc8d203dca4c3c1b590948965" - -[[package]] -name = "serde_derive" -version = "1.0.147" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f1d362ca8fc9c3e3a7484440752472d68a6caa98f1ab81d99b5dfe517cec852" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "serde_regex" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8136f1a4ea815d7eac4101cfd0b16dc0cb5e1fe1b8609dfd728058656b7badf" -dependencies = [ - "regex", - "serde", -] - -[[package]] -name = "static_assertions" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" - -[[package]] -name = "str-concat" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3468939e48401c4fe3cdf5e5cef50951c2808ed549d1467fde249f1fcb602634" - -[[package]] -name = "strsim" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" - -[[package]] -name = "sv-filelist-parser" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d0f9e489371e30a263649576eb16c695084e37f7e6be2cb636422069a5208f8" -dependencies = [ - "regex", -] - -[[package]] -name = "sv-parser" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "172a5b3cb5516198bb3511c0f5b25c7f9911cd46189f4d07c8245d0488ad7c93" -dependencies = [ - "nom 6.1.2", - "nom-greedyerror", - "sv-parser-error", - "sv-parser-parser", - "sv-parser-pp", - "sv-parser-syntaxtree", -] - -[[package]] -name = "sv-parser-error" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31d940ac5717eab14042763f6c67ef2c9e0bcf381b726694eb92c32b96c21b9f" -dependencies = [ - "thiserror", -] - -[[package]] -name = "sv-parser-macros" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fed5b1dbf2209da2f4aa7f623ad0e9a941844ec586b2c2ca9747a9a4de815065" -dependencies = [ - "quote", - "syn", -] - -[[package]] -name = "sv-parser-parser" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44acd0cd81361b2be53349e5e612b08e58f8e4175d1a3484b05828da53135adf" -dependencies = [ - "nom 6.1.2", - "nom-greedyerror", - "nom-packrat", - "nom-recursive", - "nom-tracable", - "nom_locate 3.0.2", - "str-concat", - "sv-parser-macros", - "sv-parser-syntaxtree", -] - -[[package]] -name = "sv-parser-pp" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e7d2da3c2ace6950bc7d9d88f9bd5ddc37b85af9bd28f75eca511264c687953" -dependencies = [ - "nom 6.1.2", - "nom-greedyerror", - "sv-parser-error", - "sv-parser-parser", - "sv-parser-syntaxtree", -] - -[[package]] -name = "sv-parser-syntaxtree" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57964e3fb7332344b6d9e38919f4a417f9dc4ac44dcac15d1b6c3cd194b4bb61" -dependencies = [ - "regex", - "sv-parser-macros", - "walkdir", -] - -[[package]] -name = "svlint" -version = "0.6.0" -dependencies = [ - "anyhow", - "clap", - "colored", - "enquote", - "libloading", - "regex", - "serde", - "serde_derive", - "serde_regex", - "sv-filelist-parser", - "sv-parser", - "term", - "toml", - "walkdir", -] - -[[package]] -name = "syn" -version = "1.0.103" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a864042229133ada95abf3b54fdc62ef5ccabe9515b64717bcb9a1919e59445d" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "tap" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" - -[[package]] -name = "term" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c59df8ac95d96ff9bede18eb7300b0fda5e5d8d90960e76f8e14ae765eedbf1f" -dependencies = [ - "dirs-next", - "rustversion", - "winapi", -] - -[[package]] -name = "termcolor" -version = "1.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" -dependencies = [ - "winapi-util", -] - -[[package]] -name = "textwrap" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" - -[[package]] -name = "thiserror" -version = "1.0.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10deb33631e3c9018b9baf9dcbbc4f737320d2b576bac10f6aefa048fa407e3e" -dependencies = [ - "thiserror-impl", -] - -[[package]] -name = "thiserror-impl" -version = "1.0.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "toml" -version = "0.5.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d82e1a7758622a465f8cee077614c73484dac5b836c02ff6a40d5d1010324d7" -dependencies = [ - "serde", -] - -[[package]] -name = "unicode-ident" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ceab39d59e4c9499d4e5a8ee0e2735b891bb7308ac83dfb4e80cad195c9f6f3" - -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "walkdir" -version = "2.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "808cf2735cd4b6866113f648b791c6adc5714537bc222d9347bb203386ffda56" -dependencies = [ - "same-file", - "winapi", - "winapi-util", -] - -[[package]] -name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-util" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" -dependencies = [ - "winapi", -] - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - -[[package]] -name = "wyz" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214" diff --git a/pkgs/development/tools/analysis/svlint/default.nix b/pkgs/development/tools/analysis/svlint/default.nix index 757eb56a3bf7d..390b25b642c23 100644 --- a/pkgs/development/tools/analysis/svlint/default.nix +++ b/pkgs/development/tools/analysis/svlint/default.nix @@ -1,29 +1,25 @@ { lib , rustPlatform -, fetchFromGitHub +, fetchCrate }: rustPlatform.buildRustPackage rec { pname = "svlint"; - version = "0.6.0"; + version = "0.6.1"; - src = fetchFromGitHub { - owner = "dalance"; - repo = "svlint"; - rev = "v${version}"; - sha256 = "sha256-dtfOSj0WnNyQLimXkSK+L8pWL/oc0nIugDyUmGaBP3w="; + src = fetchCrate { + inherit pname version; + sha256 = "sha256-rPgURBjhfCRO7XFtr24Y7Dvcm/VEv7frq8p6wvtgjdY="; }; - cargoLock.lockFile = ./Cargo.lock; - postPatch = '' - cp ${./Cargo.lock} Cargo.lock - ''; + cargoSha256 = "sha256-IFoK52Qmw34oghAwlGtGFLl9MWXtJkMcx86jIqiwjuQ="; - cargoSha256 = "sha256-A9cL5veliWDNp1RbhOzR1e2X7c7mTAnl1qMATaMhhT8="; + cargoBuildFlags = [ "--bin" "svlint" ]; meta = with lib; { description = "SystemVerilog linter"; homepage = "https://github.com/dalance/svlint"; + changelog = "https://github.com/dalance/svlint/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ trepetti ]; }; diff --git a/pkgs/development/tools/ansible-language-server/default.nix b/pkgs/development/tools/language-servers/ansible-language-server/default.nix index a1547675dc083..a1547675dc083 100644 --- a/pkgs/development/tools/ansible-language-server/default.nix +++ b/pkgs/development/tools/language-servers/ansible-language-server/default.nix diff --git a/pkgs/development/tools/beancount-language-server/default.nix b/pkgs/development/tools/language-servers/beancount-language-server/default.nix index b415906eead76..b415906eead76 100644 --- a/pkgs/development/tools/beancount-language-server/default.nix +++ b/pkgs/development/tools/language-servers/beancount-language-server/default.nix diff --git a/pkgs/development/tools/buf-language-server/default.nix b/pkgs/development/tools/language-servers/buf-language-server/default.nix index 88da6eb944827..88da6eb944827 100644 --- a/pkgs/development/tools/buf-language-server/default.nix +++ b/pkgs/development/tools/language-servers/buf-language-server/default.nix diff --git a/pkgs/development/tools/misc/ccls/default.nix b/pkgs/development/tools/language-servers/ccls/default.nix index a401fc47eac9e..a401fc47eac9e 100644 --- a/pkgs/development/tools/misc/ccls/default.nix +++ b/pkgs/development/tools/language-servers/ccls/default.nix diff --git a/pkgs/development/tools/misc/ccls/wrapper b/pkgs/development/tools/language-servers/ccls/wrapper index 294b60893a3f8..294b60893a3f8 100644 --- a/pkgs/development/tools/misc/ccls/wrapper +++ b/pkgs/development/tools/language-servers/ccls/wrapper diff --git a/pkgs/development/tools/fortls/default.nix b/pkgs/development/tools/language-servers/fortls/default.nix index 9aed276a63fa5..9aed276a63fa5 100644 --- a/pkgs/development/tools/fortls/default.nix +++ b/pkgs/development/tools/language-servers/fortls/default.nix diff --git a/pkgs/development/tools/fortran-language-server/default.nix b/pkgs/development/tools/language-servers/fortran-language-server/default.nix index 2c606ab715b51..2c606ab715b51 100644 --- a/pkgs/development/tools/fortran-language-server/default.nix +++ b/pkgs/development/tools/language-servers/fortran-language-server/default.nix diff --git a/pkgs/development/tools/gopls/default.nix b/pkgs/development/tools/language-servers/gopls/default.nix index ca0a0b5638fe9..ca0a0b5638fe9 100644 --- a/pkgs/development/tools/gopls/default.nix +++ b/pkgs/development/tools/language-servers/gopls/default.nix diff --git a/pkgs/development/tools/jdt-language-server/default.nix b/pkgs/development/tools/language-servers/jdt-language-server/default.nix index 1af69700152d2..1af69700152d2 100644 --- a/pkgs/development/tools/jdt-language-server/default.nix +++ b/pkgs/development/tools/language-servers/jdt-language-server/default.nix diff --git a/pkgs/development/tools/jsonnet-language-server/default.nix b/pkgs/development/tools/language-servers/jsonnet-language-server/default.nix index f35900ec41ad5..f35900ec41ad5 100644 --- a/pkgs/development/tools/jsonnet-language-server/default.nix +++ b/pkgs/development/tools/language-servers/jsonnet-language-server/default.nix diff --git a/pkgs/development/tools/kotlin-language-server/default.nix b/pkgs/development/tools/language-servers/kotlin-language-server/default.nix index b3b1085273d10..b3b1085273d10 100644 --- a/pkgs/development/tools/kotlin-language-server/default.nix +++ b/pkgs/development/tools/language-servers/kotlin-language-server/default.nix diff --git a/pkgs/development/tools/metals/default.nix b/pkgs/development/tools/language-servers/metals/default.nix index 5b275f82346b8..5b275f82346b8 100644 --- a/pkgs/development/tools/metals/default.nix +++ b/pkgs/development/tools/language-servers/metals/default.nix diff --git a/pkgs/development/tools/millet/default.nix b/pkgs/development/tools/language-servers/millet/default.nix index ccc895b895694..ccc895b895694 100644 --- a/pkgs/development/tools/millet/default.nix +++ b/pkgs/development/tools/language-servers/millet/default.nix diff --git a/pkgs/development/tools/nil/default.nix b/pkgs/development/tools/language-servers/nil/default.nix index de87838105bfa..de87838105bfa 100644 --- a/pkgs/development/tools/nil/default.nix +++ b/pkgs/development/tools/language-servers/nil/default.nix diff --git a/pkgs/development/tools/rnix-lsp/default.nix b/pkgs/development/tools/language-servers/rnix-lsp/default.nix index a587f87b3da74..a587f87b3da74 100644 --- a/pkgs/development/tools/rnix-lsp/default.nix +++ b/pkgs/development/tools/language-servers/rnix-lsp/default.nix diff --git a/pkgs/development/tools/sumneko-lua-language-server/default.nix b/pkgs/development/tools/language-servers/sumneko-lua-language-server/default.nix index bd9e704eef329..bd9e704eef329 100644 --- a/pkgs/development/tools/sumneko-lua-language-server/default.nix +++ b/pkgs/development/tools/language-servers/sumneko-lua-language-server/default.nix diff --git a/pkgs/development/tools/misc/svls/default.nix b/pkgs/development/tools/language-servers/svls/default.nix index 5b5b87b0392f6..5b5b87b0392f6 100644 --- a/pkgs/development/tools/misc/svls/default.nix +++ b/pkgs/development/tools/language-servers/svls/default.nix diff --git a/pkgs/development/tools/vala-language-server/default.nix b/pkgs/development/tools/language-servers/vala-language-server/default.nix index 52e33fee6b608..52e33fee6b608 100644 --- a/pkgs/development/tools/vala-language-server/default.nix +++ b/pkgs/development/tools/language-servers/vala-language-server/default.nix diff --git a/pkgs/development/tools/verible/default.nix b/pkgs/development/tools/language-servers/verible/default.nix index d39b91180f98a..d39b91180f98a 100644 --- a/pkgs/development/tools/verible/default.nix +++ b/pkgs/development/tools/language-servers/verible/default.nix diff --git a/pkgs/development/tools/verible/remove-unused-deps.patch b/pkgs/development/tools/language-servers/verible/remove-unused-deps.patch index 19d20309c106b..19d20309c106b 100644 --- a/pkgs/development/tools/verible/remove-unused-deps.patch +++ b/pkgs/development/tools/language-servers/verible/remove-unused-deps.patch diff --git a/pkgs/development/tools/misc/hydra/unstable.nix b/pkgs/development/tools/misc/hydra/unstable.nix index 3afc807b07470..17ed1328d0bc7 100644 --- a/pkgs/development/tools/misc/hydra/unstable.nix +++ b/pkgs/development/tools/misc/hydra/unstable.nix @@ -126,35 +126,34 @@ let in stdenv.mkDerivation rec { pname = "hydra"; - version = "2022-11-24"; + version = "unstable-2022-12-05"; src = fetchFromGitHub { owner = "NixOS"; repo = "hydra"; - rev = "14d4624dc20956ec9ff54882e70c5c0bc377921a"; - sha256 = "sha256-xY3CDFjLG3po2tdaTZToqZmLCQnSwsUqAn8sIXFrybw="; + rev = "d1fac69c213002721971cd983e2576b784677d40"; + sha256 = "sha256-HVsp+BPjEDS1lR7sjplWNrNljHvYcaUiaAn8gGNAMxU="; }; - buildInputs = - [ - libpqxx - top-git - mercurial - darcs - subversion - breezy - openssl - bzip2 - libxslt - nix - perlDeps - perl - pixz - boost - postgresql - nlohmann_json - prometheus-cpp - ]; + buildInputs = [ + libpqxx + top-git + mercurial + darcs + subversion + breezy + openssl + bzip2 + libxslt + nix + perlDeps + perl + pixz + boost + postgresql + nlohmann_json + prometheus-cpp + ]; hydraPath = lib.makeBinPath ( [ diff --git a/pkgs/development/tools/rust/cargo-hack/default.nix b/pkgs/development/tools/rust/cargo-hack/default.nix index e17d16c4b5520..85015e713d521 100644 --- a/pkgs/development/tools/rust/cargo-hack/default.nix +++ b/pkgs/development/tools/rust/cargo-hack/default.nix @@ -2,14 +2,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-hack"; - version = "0.5.24"; + version = "0.5.25"; src = fetchCrate { inherit pname version; - sha256 = "sha256-brzefn9Nfb4+OnO0gCH5mPbXDdqaFSoqB6phFPwQXoY="; + sha256 = "sha256-1X2/C9JNTuRWY9nke3c7S1x5HuomDs0Em+v0P1HU4aQ="; }; - cargoSha256 = "sha256-RPQgZoIPFxZGP3Bpwp/VdTYPi5+IdfY3Zy+rYnYev3g="; + cargoSha256 = "sha256-Ylo0HeIlXEJg6g93u4QMGTbzBtU2EpHW5BWIBDCX+EU="; # some necessary files are absent in the crate version doCheck = false; diff --git a/pkgs/misc/drivers/epkowa/default.nix b/pkgs/misc/drivers/epkowa/default.nix index 37e4d2baa35ee..cf54b048f5914 100644 --- a/pkgs/misc/drivers/epkowa/default.nix +++ b/pkgs/misc/drivers/epkowa/default.nix @@ -255,6 +255,38 @@ let plugins = { }; meta = common_meta // { description = "iscan GT-S650 for " + passthru.hw; }; }; + x750 = stdenv.mkDerivation rec { + name = "iscan-gt-x750-bundle"; + version = "2.30.4"; + + src = fetchurl { + urls = [ + "https://download2.ebz.epson.net/iscan/plugin/gt-x750/rpm/x64/iscan-gt-x750-bundle-${version}.x64.rpm.tar.gz" + "https://web.archive.org/web/https://download2.ebz.epson.net/iscan/plugin/gt-x750/rpm/x64/iscan-gt-x750-bundle-${version}.x64.rpm.tar.gz" + ]; + sha256 = "sha256-9EeBHmh1nwSxnTnevPP8RZ4WBdyY+itR3VXo2I7f5N0="; + }; + + nativeBuildInputs = [ autoPatchelfHook rpm ]; + + installPhase = '' + cd plugins + ${rpm}/bin/rpm2cpio iscan-plugin-gt-x750-*.x86_64.rpm | ${cpio}/bin/cpio -idmv + mkdir $out + cp -r usr/share $out + cp -r usr/lib64 $out/lib + mv $out/share/iscan $out/share/esci + mv $out/lib/iscan $out/lib/esci + ''; + + passthru = { + registrationCommand = '' + $registry --add interpreter usb 0x04b8 0x0119 "$plugin/lib/esci/libesint54 $plugin/share/esci/esfw54.bin" + ''; + hw = "GT-X750, Perfection 4490"; + }; + meta = common_meta // { description = "iscan GT-X750 for " + passthru.hw; }; + }; network = stdenv.mkDerivation rec { pname = "iscan-nt-bundle"; # for the version, look for the driver of XP-750 in the search page diff --git a/pkgs/servers/etcd/3.4.nix b/pkgs/servers/etcd/3.4.nix index a5725b98a8d1d..7f5517fa7507a 100644 --- a/pkgs/servers/etcd/3.4.nix +++ b/pkgs/servers/etcd/3.4.nix @@ -2,9 +2,9 @@ buildGoModule rec { pname = "etcd"; - version = "3.4.22"; + version = "3.4.23"; - vendorSha256 = "sha256-P3EQTraMdZ2fAHDue5cKAxyHbh6nNeFV9ykT0rH7KPs="; + vendorSha256 = "sha256-kq9KYe4wnPbOLHra5DHZH1N3w2R+dNF7ouF2c26e/cU="; doCheck = false; @@ -12,7 +12,7 @@ buildGoModule rec { owner = "etcd-io"; repo = "etcd"; rev = "v${version}"; - sha256 = "sha256-LIhAvW/oIlPp6U4VVUvUlmOHCduIbzYnrKc4PyfcXQQ="; + sha256 = "sha256-7HAA3MHDlsnTYDu5AmzpFfiWaarUGO09QHrPGLHolyM="; }; buildPhase = '' diff --git a/pkgs/servers/http/nginx/modules.nix b/pkgs/servers/http/nginx/modules.nix index 2eebf84b41eaf..64be47874a40d 100644 --- a/pkgs/servers/http/nginx/modules.nix +++ b/pkgs/servers/http/nginx/modules.nix @@ -1,4 +1,35 @@ -{ config, fetchFromGitHub, fetchFromGitLab, fetchhg, lib, pkgs }: +{ lib +, config +, fetchFromGitHub +, fetchFromGitLab +, fetchhg +, fetchpatch +, runCommand + +, arpa2common +, brotli +, curl +, expat +, fdk_aac +, ffmpeg +, geoip +, libbsd +, libiconv +, libmaxminddb +, libmodsecurity +, libuuid +, libxml2 +, lmdb +, luajit +, msgpuck +, openssl +, opentracing-cpp +, pam +, psol +, which +, yajl +, zlib +}: let @@ -31,7 +62,7 @@ let self = { rev = "34fd0c94d2c43c642f323491c4f4a226cd83b962"; sha256 = "0yf34s11vgkcl03wbl6gjngm3p9hs8vvm7hkjkwhjh39vkk2a7cy"; }; - inputs = [ pkgs.openssl ]; + inputs = [ openssl ]; }; auth-a2aclr = { @@ -44,7 +75,7 @@ let self = { sha256 = "sha256-h2LgMhreCgod+H/bNQzY9BvqG9ezkwikwWB3T6gHH04="; }; inputs = [ - (pkgs.arpa2common.overrideAttrs + (arpa2common.overrideAttrs (old: rec { version = "0.7.1"; @@ -71,19 +102,19 @@ let self = { brotli = { name = "brotli"; - src = let gitsrc = pkgs.fetchFromGitHub { + src = let gitsrc = fetchFromGitHub { name = "brotli"; owner = "google"; repo = "ngx_brotli"; rev = "25f86f0bac1101b6512135eac5f93c49c63609e3"; sha256 = "02hfvfa6milj40qc2ikpb9f95sxqvxk4hly3x74kqhysbdi06hhv"; }; in - pkgs.runCommand "ngx_brotli-src" { } '' + runCommand "ngx_brotli-src" { } '' cp -a ${gitsrc} $out substituteInPlace $out/filter/config \ - --replace '$ngx_addon_dir/deps/brotli/c' ${lib.getDev pkgs.brotli} + --replace '$ngx_addon_dir/deps/brotli/c' ${lib.getDev brotli} ''; - inputs = [ pkgs.brotli ]; + inputs = [ brotli ]; }; cache-purge = { @@ -117,7 +148,7 @@ let self = { rev = "v3.0.0"; sha256 = "000dm5zk0m1hm1iq60aff5r6y8xmqd7djrwhgnz9ig01xyhnjv9w"; }; - inputs = [ pkgs.expat ]; + inputs = [ expat ]; }; develkit = { @@ -176,7 +207,7 @@ let self = { rev = "3.3"; sha256 = "EEn/qxPsBFgVBqOgPYTrRhaLPwSBlSPWYYSr3SL8wZA="; }; - inputs = [ pkgs.libmaxminddb ]; + inputs = [ libmaxminddb ]; meta = { maintainers = with lib.maintainers; [ pinpox ]; @@ -201,7 +232,7 @@ let self = { rev = "v1.0.1"; sha256 = "0qcx15c8wbsmyz2hkmyy5yd7qn1n84kx9amaxnfxkpqi05vzm1zz"; } + "/ipscrub"; - inputs = [ pkgs.libbsd ]; + inputs = [ libbsd ]; }; limit-speed = { @@ -226,19 +257,33 @@ let self = { }; }; - lua = { + lua = rec { name = "lua"; src = fetchFromGitHub { name = "lua"; owner = "openresty"; repo = "lua-nginx-module"; - rev = "v0.10.15"; - sha256 = "1j216isp0546hycklbr5wi8mlga5hq170hk7f2sm16sfavlkh5gz"; - }; - inputs = [ pkgs.luajit ]; - preConfigure = '' - export LUAJIT_LIB="${pkgs.luajit}/lib" - export LUAJIT_INC="${pkgs.luajit}/include/luajit-2.0" + rev = "v0.10.22"; + sha256 = "sha256-TyeTL7/0dI2wS2eACS4sI+9tu7UpDq09aemMaklkUss="; + }; + inputs = [ luajit ]; + preConfigure = let + # fix compilation against nginx 1.23.0 + nginx-1-23-patch = fetchpatch { + url = "https://github.com/openresty/lua-nginx-module/commit/b6d167cf1a93c0c885c28db5a439f2404874cb26.patch"; + sha256 = "sha256-l7GHFNZXg+RG2SIBjYJO1JHdGUtthWnzLIqEORJUNr4="; + }; + in '' + export LUAJIT_LIB="${luajit}/lib" + export LUAJIT_INC="$(realpath ${luajit}/include/luajit-*)" + + # make source directory writable to allow generating src/ngx_http_lua_autoconf.h + lua_src=$TMPDIR/lua-src + cp -r "${src}/" "$lua_src" + chmod -R +w "$lua_src" + patch -p1 -d $lua_src -i ${nginx-1-23-patch} + export configureFlags="''${configureFlags//"${src}"/"$lua_src"}" + unset lua_src ''; allowMemoryWriteExecute = true; }; @@ -252,7 +297,7 @@ let self = { rev = "v0.07"; sha256 = "1gqccg8airli3i9103zv1zfwbjm27h235qjabfbfqk503rjamkpk"; }; - inputs = [ pkgs.luajit ]; + inputs = [ luajit ]; allowMemoryWriteExecute = true; }; @@ -265,7 +310,7 @@ let self = { rev = "v1.0.3"; sha256 = "sha256-xp0/eqi5PJlzb9NaUbNnzEqNcxDPyjyNwZOwmlv1+ag="; }; - inputs = [ pkgs.curl pkgs.geoip pkgs.libmodsecurity pkgs.libxml2 pkgs.lmdb pkgs.yajl ]; + inputs = [ curl geoip libmodsecurity libxml2 lmdb yajl ]; disableIPC = true; }; @@ -322,7 +367,7 @@ let self = { unset NJS_SOURCE_DIR ''; - inputs = [ pkgs.which ]; + inputs = [ which ]; }; opentracing = { @@ -336,42 +381,33 @@ let self = { sha256 = "1q234s3p55xv820207dnh4fcxkqikjcq5rs02ai31ylpmfsf0kkb"; }; in "${src'}/opentracing"; - inputs = [ pkgs.opentracing-cpp ]; + inputs = [ opentracing-cpp ]; }; - pagespeed = - let - version = pkgs.psol.version; - + pagespeed = { + name = "pagespeed"; + src = let moduleSrc = fetchFromGitHub { name = "pagespeed"; owner = "pagespeed"; repo = "ngx_pagespeed"; - rev = "v${version}-stable"; + rev = "v${psol.version}-stable"; sha256 = "0ry7vmkb2bx0sspl1kgjlrzzz6lbz07313ks2lr80rrdm2zb16wp"; }; - - ngx_pagespeed = pkgs.runCommand - "ngx_pagespeed" - { - meta = { - description = "PageSpeed module for Nginx"; - homepage = "https://developers.google.com/speed/pagespeed/module/"; - license = pkgs.lib.licenses.asl20; - }; - } - '' - cp -r "${moduleSrc}" "$out" - chmod -R +w "$out" - ln -s "${pkgs.psol}" "$out/psol" - ''; - in - { - name = "pagespeed"; - src = ngx_pagespeed; - inputs = [ pkgs.zlib pkgs.libuuid ]; # psol deps - allowMemoryWriteExecute = true; - }; + in runCommand "ngx_pagespeed" { + meta = { + description = "PageSpeed module for Nginx"; + homepage = "https://developers.google.com/speed/pagespeed/module/"; + license = lib.licenses.asl20; + }; + } '' + cp -r "${moduleSrc}" "$out" + chmod -R +w "$out" + ln -s "${psol}" "$out/psol" + ''; + inputs = [ zlib libuuid ]; # psol deps + allowMemoryWriteExecute = true; + }; pam = { name = "pam"; @@ -382,7 +418,7 @@ let self = { rev = "v1.5.3"; sha256 = "sha256:09lnljdhjg65643bc4535z378lsn4llbq67zcxlln0pizk9y921a"; }; - inputs = [ pkgs.pam ]; + inputs = [ pam ]; }; pinba = { @@ -427,7 +463,7 @@ let self = { rev = "95bdc0d1aca06ea7fe42555f71e65910bd74914d"; sha256 = "19wzck1xzq4kz7nyabcwzlank1k7wi7w2wn2c1mwz374c79g8ggp"; }; - inputs = [ pkgs.openssl ]; + inputs = [ openssl ]; }; set-misc = { @@ -582,7 +618,7 @@ let self = { rev = "v2.7.1"; sha256 = "0ya4330in7zjzqw57djv4icpk0n1j98nvf0f8v296yi9rjy054br"; }; - inputs = [ pkgs.msgpuck.dev pkgs.yajl ]; + inputs = [ msgpuck.dev yajl ]; }; url = { @@ -605,7 +641,7 @@ let self = { rev = "92b80642538eec4cfc98114dec5917b8d820e912"; sha256 = "0a8d9ifryhhnll7k7jcsf9frshk5yhpsgz7zgxdmw81wbz5hxklc"; }; - inputs = [ pkgs.ffmpeg ]; + inputs = [ ffmpeg ]; }; vod = { @@ -617,7 +653,7 @@ let self = { rev = "1.29"; sha256 = "1z0ka0cwqbgh3fv2d5yva395sf90626rdzx7lyfrgs89gy4h9nrr"; }; - inputs = with pkgs; [ ffmpeg fdk_aac openssl libxml2 libiconv ]; + inputs = [ ffmpeg fdk_aac openssl libxml2 libiconv ]; }; vts = { diff --git a/pkgs/shells/fish/default.nix b/pkgs/shells/fish/default.nix index 4f53883cb77ae..f391076900e49 100644 --- a/pkgs/shells/fish/default.nix +++ b/pkgs/shells/fish/default.nix @@ -327,7 +327,7 @@ let ${fish}/bin/fish ${fishScript} && touch $out ''; }; - updateScript = nix-update-script { attrPath = pname; }; + updateScript = nix-update-script { }; }; }; in diff --git a/pkgs/tools/admin/aws-lambda-runtime-interface-emulator/default.nix b/pkgs/tools/admin/aws-lambda-runtime-interface-emulator/default.nix index 21981897cf4ff..df074a2b2e62c 100644 --- a/pkgs/tools/admin/aws-lambda-runtime-interface-emulator/default.nix +++ b/pkgs/tools/admin/aws-lambda-runtime-interface-emulator/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "aws-lambda-runtime-interface-emulator"; - version = "1.8"; + version = "1.10"; src = fetchFromGitHub { owner = "aws"; repo = "aws-lambda-runtime-interface-emulator"; rev = "v${version}"; - sha256 = "sha256-KpMfgPcBih4pRKwTBExy080HIkx3i0M1EujU4yqj6p8="; + sha256 = "sha256-sRb1JYSAveei/X1m5/xfuGZFUwBopczrz1n+8gn4eKw="; }; - vendorSha256 = "sha256-ncUtJKJnWiut0ZVKm3MLWKq8eyHrTgv6Nva8xcvvqSI="; + vendorSha256 = "sha256-9aSALE42M/DoQS4PBHIVNDKzNdL5UhdXKAmLUSws3+Y="; # disabled because I lack the skill doCheck = false; diff --git a/pkgs/tools/cd-dvd/ventoy-bin/default.nix b/pkgs/tools/cd-dvd/ventoy-bin/default.nix index 5ade321103038..d136d95e6de78 100644 --- a/pkgs/tools/cd-dvd/ventoy-bin/default.nix +++ b/pkgs/tools/cd-dvd/ventoy-bin/default.nix @@ -51,13 +51,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "ventoy-bin"; - version = "1.0.85"; + version = "1.0.86"; src = let inherit (finalAttrs) version; in fetchurl { url = "https://github.com/ventoy/Ventoy/releases/download/v${version}/ventoy-${version}-linux.tar.gz"; - hash = "sha256-EjS/Gf+DdgGEv38O+dnssAC8SxWBRXklbpUdcIahRCA="; + hash = "sha256-ksxXMA7GPlFrPi1oJa+Yg4my6qMGwVrhOL7pLruXiNA="; }; patches = [ diff --git a/pkgs/tools/filesystems/xfsdump/default.nix b/pkgs/tools/filesystems/xfsdump/default.nix index 499179548d83e..a6867e3c0a5fe 100644 --- a/pkgs/tools/filesystems/xfsdump/default.nix +++ b/pkgs/tools/filesystems/xfsdump/default.nix @@ -13,11 +13,11 @@ stdenv.mkDerivation rec { pname = "xfsdump"; - version = "3.1.10"; + version = "3.1.12"; src = fetchurl { url = "mirror://kernel/linux/utils/fs/xfs/${pname}/${pname}-${version}.tar.xz"; - sha256 = "sha256-mqt6U6oFzUbtyXJp6/FFaqsrYKuMH/+q+KpJLwtfZRc="; + sha256 = "sha256-85xMGzBrLdfsl5wOlNYP5pCD0uz5rwUcrF7zvtdyx0o="; }; nativeBuildInputs = [ @@ -33,11 +33,6 @@ stdenv.mkDerivation rec { ncurses ]; - # fixes build against xfsprogs >= 5.18 - # taken from https://lore.kernel.org/linux-xfs/20220203174540.GT8313@magnolia/ - # should be included upsteam next release - patches = [ ./remove-dmapapi.patch ]; - postPatch = '' substituteInPlace Makefile \ --replace "cp include/install-sh ." "cp -f include/install-sh ." diff --git a/pkgs/tools/filesystems/xfsdump/remove-dmapapi.patch b/pkgs/tools/filesystems/xfsdump/remove-dmapapi.patch deleted file mode 100644 index ebfb3e19dfd89..0000000000000 --- a/pkgs/tools/filesystems/xfsdump/remove-dmapapi.patch +++ /dev/null @@ -1,322 +0,0 @@ -diff --git a/doc/xfsdump.html b/doc/xfsdump.html -index d4d157f..2c9324b 100644 ---- a/doc/xfsdump.html -+++ b/doc/xfsdump.html -@@ -1092,7 +1092,6 @@ the size of the hash table. - bool_t p_ownerpr - whether to restore directory owner/group attributes - bool_t p_fullpr - whether restoring a full level 0 non-resumed dump - bool_t p_ignoreorphpr - set if positive subtree or interactive -- bool_t p_restoredmpr - restore DMI event settings - </pre> - <p> - The hash table maps the inode number to the tree node. It is a -diff --git a/po/de.po b/po/de.po -index 62face8..bdf47d1 100644 ---- a/po/de.po -+++ b/po/de.po -@@ -3972,11 +3972,6 @@ msgstr "" - msgid "no additional media objects needed\n" - msgstr "keine zusätzlichen Mediendateien benötigt\n" - --#: .././restore/content.c:9547 --#, c-format --msgid "fssetdm_by_handle of %s failed %s\n" --msgstr "fssetdm_by_handle von %s fehlgeschlagen %s\n" -- - #: .././restore/content.c:9566 - #, c-format - msgid "%s quota information written to '%s'\n" -diff --git a/po/pl.po b/po/pl.po -index 3cba8d6..ba25420 100644 ---- a/po/pl.po -+++ b/po/pl.po -@@ -3455,11 +3455,6 @@ msgstr "nie są potrzebne dodatkowe obiekty nośnika\n" - msgid "path_to_handle of %s failed:%s\n" - msgstr "path_to_handle na %s nie powiodło się: %s\n" - --#: .././restore/content.c:9723 --#, c-format --msgid "fssetdm_by_handle of %s failed %s\n" --msgstr "fssetdm_by_handle na %s nie powiodło się: %s\n" -- - #: .././restore/content.c:9742 - #, c-format - msgid "%s quota information written to '%s'\n" -diff --git a/restore/content.c b/restore/content.c -index 6b22965..e9b0a07 100644 ---- a/restore/content.c -+++ b/restore/content.c -@@ -477,9 +477,6 @@ struct pers { - /* how many pages following the header page are reserved - * for the subtree descriptors - */ -- bool_t restoredmpr; -- /* restore DMAPI event settings -- */ - bool_t restoreextattrpr; - /* restore extended attributes - */ -@@ -858,7 +855,6 @@ static void partial_reg(ix_t d_index, xfs_ino_t ino, off64_t fsize, - off64_t offset, off64_t sz); - static bool_t partial_check (xfs_ino_t ino, off64_t fsize); - static bool_t partial_check2 (partial_rest_t *isptr, off64_t fsize); --static int do_fssetdm_by_handle(char *path, fsdmidata_t *fdmp); - static int quotafilecheck(char *type, char *dstdir, char *quotafile); - - /* definition of locally defined global variables ****************************/ -@@ -894,7 +890,6 @@ content_init(int argc, char *argv[], size64_t vmsz) - bool_t changepr;/* cmd line overwrite inhibit specification */ - bool_t interpr; /* cmd line interactive mode requested */ - bool_t ownerpr; /* cmd line chown/chmod requested */ -- bool_t restoredmpr; /* cmd line restore dm api attrs specification */ - bool_t restoreextattrpr; /* cmd line restore extended attr spec */ - bool_t sesscpltpr; /* force completion of prev interrupted session */ - ix_t stcnt; /* cmd line number of subtrees requested */ -@@ -956,7 +951,6 @@ content_init(int argc, char *argv[], size64_t vmsz) - newerpr = BOOL_FALSE; - changepr = BOOL_FALSE; - ownerpr = BOOL_FALSE; -- restoredmpr = BOOL_FALSE; - restoreextattrpr = BOOL_TRUE; - sesscpltpr = BOOL_FALSE; - stcnt = 0; -@@ -1162,8 +1156,11 @@ content_init(int argc, char *argv[], size64_t vmsz) - tranp->t_noinvupdatepr = BOOL_TRUE; - break; - case GETOPT_SETDM: -- restoredmpr = BOOL_TRUE; -- break; -+ mlog(MLOG_NORMAL | MLOG_ERROR, _( -+ "-%c option no longer supported\n"), -+ GETOPT_SETDM); -+ usage(); -+ return BOOL_FALSE; - case GETOPT_ALERTPROG: - if (!optarg || optarg[0] == '-') { - mlog(MLOG_NORMAL | MLOG_ERROR, _( -@@ -1574,12 +1571,6 @@ content_init(int argc, char *argv[], size64_t vmsz) - } - - if (persp->a.valpr) { -- if (restoredmpr && persp->a.restoredmpr != restoredmpr) { -- mlog(MLOG_NORMAL | MLOG_ERROR, _( -- "-%c cannot reset flag from previous restore\n"), -- GETOPT_SETDM); -- return BOOL_FALSE; -- } - if (!restoreextattrpr && - persp->a.restoreextattrpr != restoreextattrpr) { - mlog(MLOG_NORMAL | MLOG_ERROR, _( -@@ -1734,7 +1725,6 @@ content_init(int argc, char *argv[], size64_t vmsz) - persp->a.newerpr = newerpr; - persp->a.newertime = newertime; - } -- persp->a.restoredmpr = restoredmpr; - if (!persp->a.dstdirisxfspr) { - restoreextattrpr = BOOL_FALSE; - } -@@ -2365,7 +2355,6 @@ content_stream_restore(ix_t thrdix) - scrhdrp->cih_inomap_nondircnt, - tranp->t_vmsz, - fullpr, -- persp->a.restoredmpr, - persp->a.dstdirisxfspr, - grhdrp->gh_version, - tranp->t_truncategenpr); -@@ -7549,12 +7538,6 @@ restore_reg(drive_t *drivep, - } - } - -- if (persp->a.dstdirisxfspr && persp->a.restoredmpr) { -- HsmBeginRestoreFile(bstatp, -- *fdp, -- &strctxp->sc_hsmflags); -- } -- - return BOOL_TRUE; - } - -@@ -7726,26 +7709,6 @@ restore_complete_reg(stream_context_t *strcxtp) - strerror(errno)); - } - -- if (persp->a.dstdirisxfspr && persp->a.restoredmpr) { -- fsdmidata_t fssetdm; -- -- /* Set the DMAPI Fields. */ -- fssetdm.fsd_dmevmask = bstatp->bs_dmevmask; -- fssetdm.fsd_padding = 0; -- fssetdm.fsd_dmstate = bstatp->bs_dmstate; -- -- rval = ioctl(fd, XFS_IOC_FSSETDM, (void *)&fssetdm); -- if (rval) { -- mlog(MLOG_NORMAL | MLOG_WARNING, -- _("attempt to set DMI attributes of %s " -- "failed: %s\n"), -- path, -- strerror(errno)); -- } -- -- HsmEndRestoreFile(path, fd, &strcxtp->sc_hsmflags); -- } -- - /* set any extended inode flags that couldn't be set - * prior to restoring the data. - */ -@@ -8064,17 +8027,6 @@ restore_symlink(drive_t *drivep, - strerror(errno)); - } - } -- -- if (persp->a.restoredmpr) { -- fsdmidata_t fssetdm; -- -- /* Restore DMAPI fields. */ -- -- fssetdm.fsd_dmevmask = bstatp->bs_dmevmask; -- fssetdm.fsd_padding = 0; -- fssetdm.fsd_dmstate = bstatp->bs_dmstate; -- rval = do_fssetdm_by_handle(path, &fssetdm); -- } - } - - return BOOL_TRUE; -@@ -8777,7 +8729,7 @@ restore_extattr(drive_t *drivep, - } - assert(nread == (int)(recsz - EXTATTRHDR_SZ)); - -- if (!persp->a.restoreextattrpr && !persp->a.restoredmpr) { -+ if (!persp->a.restoreextattrpr) { - continue; - } - -@@ -8796,19 +8748,6 @@ restore_extattr(drive_t *drivep, - } - } else if (isfilerestored && path[0] != '\0') { - setextattr(path, ahdrp); -- -- if (persp->a.dstdirisxfspr && persp->a.restoredmpr) { -- int flag = 0; -- char *attrname = (char *)&ahdrp[1]; -- if (ahdrp->ah_flags & EXTATTRHDR_FLAGS_ROOT) -- flag = ATTR_ROOT; -- else if (ahdrp->ah_flags & EXTATTRHDR_FLAGS_SECURE) -- flag = ATTR_SECURE; -- -- HsmRestoreAttribute(flag, -- attrname, -- &strctxp->sc_hsmflags); -- } - } - } - /* NOTREACHED */ -@@ -9709,32 +9648,6 @@ display_needed_objects(purp_t purp, - } - } - --static int --do_fssetdm_by_handle( -- char *path, -- fsdmidata_t *fdmp) --{ -- void *hanp; -- size_t hlen=0; -- int rc; -- -- if (path_to_handle(path, &hanp, &hlen)) { -- mlog(MLOG_NORMAL | MLOG_WARNING, _( -- "path_to_handle of %s failed:%s\n"), -- path, strerror(errno)); -- return -1; -- } -- -- rc = fssetdm_by_handle(hanp, hlen, fdmp); -- free_handle(hanp, hlen); -- if (rc) { -- mlog(MLOG_NORMAL | MLOG_WARNING, _( -- "fssetdm_by_handle of %s failed %s\n"), -- path, strerror(errno)); -- } -- return rc; --} -- - static int - quotafilecheck(char *type, char *dstdir, char *quotafile) - { -diff --git a/restore/tree.c b/restore/tree.c -index 0670318..5429b74 100644 ---- a/restore/tree.c -+++ b/restore/tree.c -@@ -108,9 +108,6 @@ struct treePersStorage { - bool_t p_ignoreorphpr; - /* set if positive subtree or interactive - */ -- bool_t p_restoredmpr; -- /* restore DMI event settings -- */ - bool_t p_truncategenpr; - /* truncate inode generation number (for compatibility - * with xfsdump format 2 and earlier) -@@ -348,7 +345,6 @@ tree_init(char *hkdir, - size64_t nondircnt, - size64_t vmsz, - bool_t fullpr, -- bool_t restoredmpr, - bool_t dstdirisxfspr, - uint32_t dumpformat, - bool_t truncategenpr) -@@ -508,10 +504,6 @@ tree_init(char *hkdir, - */ - persp->p_fullpr = fullpr; - -- /* record if DMI event settings should be restored -- */ -- persp->p_restoredmpr = restoredmpr; -- - /* record if truncated generation numbers are required - */ - if (dumpformat < GLOBAL_HDR_VERSION_3) { -@@ -2550,31 +2542,6 @@ setdirattr(dah_t dah, char *path) - } - } - -- if (tranp->t_dstdirisxfspr && persp->p_restoredmpr) { -- fsdmidata_t fssetdm; -- -- fssetdm.fsd_dmevmask = dirattr_get_dmevmask(dah); -- fssetdm.fsd_padding = 0; /* not used */ -- fssetdm.fsd_dmstate = (uint16_t)dirattr_get_dmstate(dah); -- -- /* restore DMAPI event settings etc. -- */ -- rval = ioctl(fd, -- XFS_IOC_FSSETDM, -- (void *)&fssetdm); -- if (rval) { -- mlog(errno == EINVAL -- ? -- (MLOG_NITTY + 1) | MLOG_TREE -- : -- MLOG_NITTY | MLOG_TREE, -- "set DMI attributes" -- " of %s failed: %s\n", -- path, -- strerror(errno)); -- } -- } -- - utimbuf.actime = dirattr_get_atime(dah); - utimbuf.modtime = dirattr_get_mtime(dah); - rval = utime(path, &utimbuf); -diff --git a/restore/tree.h b/restore/tree.h -index 4f9ffe8..bf66e3d 100644 ---- a/restore/tree.h -+++ b/restore/tree.h -@@ -31,7 +31,6 @@ extern bool_t tree_init(char *hkdir, - size64_t nondircnt, - size64_t vmsz, - bool_t fullpr, -- bool_t restoredmpr, - bool_t dstdirisxfspr, - uint32_t dumpformat, - bool_t truncategenpr); diff --git a/pkgs/tools/filesystems/xfsprogs/default.nix b/pkgs/tools/filesystems/xfsprogs/default.nix index b18057fed4892..1ade9a4ac510d 100644 --- a/pkgs/tools/filesystems/xfsprogs/default.nix +++ b/pkgs/tools/filesystems/xfsprogs/default.nix @@ -4,11 +4,12 @@ stdenv.mkDerivation rec { pname = "xfsprogs"; - version = "5.19.0"; + version = "6.1.0"; src = fetchurl { - url = "mirror://kernel/linux/utils/fs/xfs/xfsprogs/${pname}-${version}.tar.xz"; - hash = "sha256-S2xsmMA2o39tkMgst/6UBdO1hW2TRWYgMtAf9LFAWSw="; + url = "mirror://kernel/linux/utils/fs/xfs/xfsprogs/${pname}-${version}.tag.xz"; + name = "${pname}-${version}.tar.xz"; + hash = "sha256-7OuQFcTr76VvqF+v91bMtR7Sz5w5uiOXZ/jnhwXoUlE="; }; outputs = [ "bin" "dev" "out" "doc" ]; diff --git a/pkgs/tools/misc/open-pdf-sign/default.nix b/pkgs/tools/misc/open-pdf-sign/default.nix index ca72a2ca6b17e..c91721654511a 100644 --- a/pkgs/tools/misc/open-pdf-sign/default.nix +++ b/pkgs/tools/misc/open-pdf-sign/default.nix @@ -1,12 +1,12 @@ -{ lib, stdenv, fetchurl, makeWrapper, jre }: +{ lib, stdenv, fetchurl, makeWrapper, jre, nix-update-script }: stdenv.mkDerivation rec { - version = "0.1.0"; + version = "0.1.1"; pname = "open-pdf-sign"; src = fetchurl { url = "https://github.com/open-pdf-sign/open-pdf-sign/releases/download/v${version}/open-pdf-sign.jar"; - sha256 = "AfxpqDLIycXMQmYexRoFh5DD/UCBHrnGSMjfjljvKs4="; + sha256 = "sha256-n8ua/wUz/PquB7viaFqBu2XX1KQYago4s6JUwYRLvNA="; }; nativeBuildInputs = [ makeWrapper ]; @@ -19,6 +19,12 @@ stdenv.mkDerivation rec { --add-flags "-jar $out/lib/open-pdf-sign.jar" ''; + passthru = { + updateScript = nix-update-script { + attrPath = pname; + }; + }; + meta = with lib; { description = "Digitally sign PDF files from your commandline"; homepage = "https://github.com/open-pdf-sign/open-pdf-sign"; diff --git a/pkgs/tools/networking/gvproxy/default.nix b/pkgs/tools/networking/gvproxy/default.nix index f87ccef5cd1fe..59ba36c5d7f58 100644 --- a/pkgs/tools/networking/gvproxy/default.nix +++ b/pkgs/tools/networking/gvproxy/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "gvproxy"; - version = "0.4.0"; + version = "0.5.0"; src = fetchFromGitHub { owner = "containers"; repo = "gvisor-tap-vsock"; rev = "v${version}"; - sha256 = "sha256-mU5uJ/RnVAbL7M1lcBZKjGvfc2WfbJGyZB+65GrAr5M="; + sha256 = "sha256-UtOOBXl063Ur28h/DT00paulZ8JzHLZ6nyxhyq4+goM="; }; vendorSha256 = null; diff --git a/pkgs/tools/package-management/nix-update/default.nix b/pkgs/tools/package-management/nix-update/default.nix index 45fbd7a6a1d71..8fa7ed61c53a2 100644 --- a/pkgs/tools/package-management/nix-update/default.nix +++ b/pkgs/tools/package-management/nix-update/default.nix @@ -8,14 +8,14 @@ buildPythonApplication rec { pname = "nix-update"; - version = "0.11.0"; + version = "0.12.0"; format = "setuptools"; src = fetchFromGitHub { owner = "Mic92"; repo = pname; rev = version; - sha256 = "sha256-nBLNMQKLgx5m5VyxTdSLBE9kNhUPdaRzVi5BQx83m+4="; + sha256 = "sha256-7Co8mKG3eyM5WmGoAskyYleeutH4/kygSkvFpSg7Y04="; }; makeWrapperArgs = [ diff --git a/pkgs/tools/virtualization/cri-tools/default.nix b/pkgs/tools/virtualization/cri-tools/default.nix index 034eefb0c6983..d358125a28826 100644 --- a/pkgs/tools/virtualization/cri-tools/default.nix +++ b/pkgs/tools/virtualization/cri-tools/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "cri-tools"; - version = "1.25.0"; + version = "1.26.0"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "v${version}"; - sha256 = "sha256-soZLLDf83jmyFtiBpZR8iQMPgrnKCRJ1j8hOgty0sTQ="; + sha256 = "sha256-ALeK51fsGEys9iEHv0C8vCZVD4vx+VYUooj7pH7p7tg="; }; vendorSha256 = null; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 63e2305462675..75f0d7731213d 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1621,9 +1621,8 @@ mapAliases ({ xbmcPlain = throw "'xbmcPlain' has been renamed to/replaced by 'kodiPlain'"; # Converted to throw 2022-02-22 xbmcPlugins = throw "'xbmcPlugins' has been renamed to/replaced by 'kodiPackages'"; # Converted to throw 2022-02-22 xdg_utils = xdg-utils; # Added 2021-02-01 - xfce4-12 = throw "xfce4-12 has been replaced by xfce4-14"; # Added 2020-03-14 - xfce4-14 = xfce; - xfceUnstable = xfce4-14; # Added 2019-09-17 + xfce4-14 = throw "xfce4-14 has been removed, use xfce instead"; # added 2022-12-25 + xfceUnstable = throw "xfceUnstable has been removed, use xfce instead"; # added 2022-12-25 xineLib = xine-lib; # Added 2021-04-27 xineUI = xine-ui; # Added 2021-04-27 xmonad_log_applet_gnome3 = throw "'xmonad_log_applet_gnome3' has been renamed to/replaced by 'xmonad_log_applet'"; # Converted to throw 2022-02-22 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f75fb132dfbec..a2a30e938cf62 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -320,8 +320,6 @@ with pkgs; buf = callPackage ../development/tools/buf { }; - buf-language-server = callPackage ../development/tools/buf-language-server { }; - cbfmt = callPackage ../development/tools/cbfmt { }; cfn-nag = callPackage ../development/tools/cfn-nag { }; @@ -7855,9 +7853,7 @@ with pkgs; gvolicon = callPackage ../tools/audio/gvolicon {}; - gvproxy = callPackage ../tools/networking/gvproxy { - buildGoModule = buildGo118Module; # fails to build with 1.19 - }; + gvproxy = callPackage ../tools/networking/gvproxy { }; gzip = callPackage ../tools/compression/gzip { }; @@ -12678,8 +12674,6 @@ with pkgs; verco = callPackage ../applications/version-management/verco { }; - verible = callPackage ../development/tools/verible { }; - verilator = callPackage ../applications/science/electronics/verilator {}; verilog = callPackage ../applications/science/electronics/verilog { @@ -14835,8 +14829,6 @@ with pkgs; kotlin = callPackage ../development/compilers/kotlin { }; kotlin-native = callPackage ../development/compilers/kotlin/native.nix { }; - kotlin-language-server = callPackage ../development/tools/kotlin-language-server {}; - lazarus = callPackage ../development/compilers/fpc/lazarus.nix { fpc = fpc; }; @@ -15003,8 +14995,6 @@ with pkgs; microscheme = callPackage ../development/compilers/microscheme { }; - millet = callPackage ../development/tools/millet {}; - mint = callPackage ../development/compilers/mint { }; mitama-cpp-result = callPackage ../development/libraries/mitama-cpp-result { }; @@ -15556,7 +15546,6 @@ with pkgs; coursier = coursier.override { jre = jdk8; }; }; - metals = callPackage ../development/tools/metals { }; scalafix = callPackage ../development/tools/scalafix { jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 }; @@ -16582,7 +16571,47 @@ with pkgs; ansible-doctor = with python3.pkgs; toPythonApplication ansible-doctor; - ansible-language-server = callPackage ../development/tools/ansible-language-server { }; + ### DEVELOPMENT / TOOLS / LANGUAGE-SERVERS + + ansible-language-server = callPackage ../development/tools/language-servers/ansible-language-server { }; + + beancount-language-server = callPackage ../development/tools/language-servers/beancount-language-server { }; + + buf-language-server = callPackage ../development/tools/language-servers/buf-language-server { }; + + ccls = callPackage ../development/tools/language-servers/ccls { + llvmPackages = llvmPackages_latest; + }; + + fortls = python3.pkgs.callPackage ../development/tools/language-servers/fortls { }; + + fortran-language-server = python3.pkgs.callPackage ../development/tools/language-servers/fortran-language-server { }; + + gopls = callPackage ../development/tools/language-servers/gopls { }; + + jdt-language-server = callPackage ../development/tools/language-servers/jdt-language-server { }; + + jsonnet-language-server = callPackage ../development/tools/language-servers/jsonnet-language-server { }; + + kotlin-language-server = callPackage ../development/tools/language-servers/kotlin-language-server { }; + + metals = callPackage ../development/tools/language-servers/metals { }; + + millet = callPackage ../development/tools/language-servers/millet { }; + + nil = callPackage ../development/tools/language-servers/nil { }; + + rnix-lsp = callPackage ../development/tools/language-servers/rnix-lsp { nix = nixVersions.nix_2_9; }; + + sumneko-lua-language-server = darwin.apple_sdk_11_0.callPackage ../development/tools/language-servers/sumneko-lua-language-server { + inherit (darwin.apple_sdk_11_0.frameworks) CoreFoundation Foundation; + }; + + svls = callPackage ../development/tools/language-servers/svls { }; + + vala-language-server = callPackage ../development/tools/language-servers/vala-language-server { }; + + verible = callPackage ../development/tools/language-servers/verible { }; ansible-later = with python3.pkgs; toPythonApplication ansible-later; @@ -17070,10 +17099,6 @@ with pkgs; cpplint = callPackage ../development/tools/analysis/cpplint { }; - ccls = callPackage ../development/tools/misc/ccls { - llvmPackages = llvmPackages_latest; - }; - credstash = with python3Packages; toPythonApplication credstash; creduce = callPackage ../development/tools/misc/creduce { @@ -17313,10 +17338,6 @@ with pkgs; fprettify = callPackage ../development/tools/fprettify { }; - fortls = python3.pkgs.callPackage ../development/tools/fortls { }; - - fortran-language-server = python3.pkgs.callPackage ../development/tools/fortran-language-server { }; - framac = callPackage ../development/tools/analysis/frama-c { }; frame = callPackage ../development/libraries/frame { }; @@ -17749,8 +17770,6 @@ with pkgs; nap = callPackage ../development/tools/nap { }; - nil = callPackage ../development/tools/nil { }; - ninja = callPackage ../development/tools/build-managers/ninja { }; nimbo = with python3Packages; callPackage ../applications/misc/nimbo { }; @@ -17996,8 +18015,6 @@ with pkgs; rman = callPackage ../development/tools/misc/rman { }; - rnix-lsp = callPackage ../development/tools/rnix-lsp { nix = nixVersions.nix_2_9; }; - rnginline = with python3Packages; toPythonApplication rnginline; rolespec = callPackage ../development/tools/misc/rolespec { }; @@ -18174,8 +18191,6 @@ with pkgs; svlint = callPackage ../development/tools/analysis/svlint { }; - svls = callPackage ../development/tools/misc/svls { }; - swarm = callPackage ../development/tools/analysis/swarm { }; swiftformat = callPackage ../development/tools/swiftformat { }; @@ -18302,8 +18317,6 @@ with pkgs; vagrant = callPackage ../development/tools/vagrant {}; - vala-language-server = callPackage ../development/tools/vala-language-server {}; - bashdb = callPackage ../development/tools/misc/bashdb { }; gdb = callPackage ../development/tools/misc/gdb { @@ -18992,6 +19005,7 @@ with pkgs; driversi686Linux = recurseIntoAttrs { inherit (pkgsi686Linux) amdvlk + intel-media-driver mesa vaapiIntel libvdpau-va-gl @@ -20090,8 +20104,6 @@ with pkgs; jsonnet-bundler = callPackage ../development/tools/jsonnet-bundler { }; - jsonnet-language-server = callPackage ../development/tools/jsonnet-language-server { }; - jrsonnet = callPackage ../development/compilers/jrsonnet { }; go-jsonnet = callPackage ../development/compilers/go-jsonnet { }; @@ -25864,8 +25876,6 @@ with pkgs; gomodifytags = callPackage ../development/tools/gomodifytags { }; - gopls = callPackage ../development/tools/gopls { }; - gops = callPackage ../development/tools/gops { }; gore = callPackage ../development/tools/gore { }; @@ -26772,8 +26782,6 @@ with pkgs; iwona = callPackage ../data/fonts/iwona { }; - jdt-language-server = callPackage ../development/tools/jdt-language-server {}; - jetbrains-mono = callPackage ../data/fonts/jetbrains-mono { }; jost = callPackage ../data/fonts/jost { }; @@ -27739,6 +27747,8 @@ with pkgs; avocode = callPackage ../applications/graphics/avocode {}; + ax25-tools = callPackage ../applications/radio/ax25-tools {}; + azpainter = callPackage ../applications/graphics/azpainter { }; bambootracker = libsForQt5.callPackage ../applications/audio/bambootracker { }; @@ -34003,8 +34013,6 @@ with pkgs; beancount-black = with python3.pkgs; toPythonApplication beancount-black; - beancount-language-server = callPackage ../development/tools/beancount-language-server {}; - bean-add = callPackage ../applications/office/beancount/bean-add.nix { }; bench = haskell.lib.compose.justStaticExecutables haskellPackages.bench; @@ -37545,10 +37553,6 @@ with pkgs; sqsh = callPackage ../development/tools/sqsh { }; - sumneko-lua-language-server = darwin.apple_sdk_11_0.callPackage ../development/tools/sumneko-lua-language-server { - inherit (darwin.apple_sdk_11_0.frameworks) CoreFoundation Foundation; - }; - sysz = callPackage ../tools/misc/sysz { }; go-swag = callPackage ../development/tools/go-swag { }; |