diff options
23 files changed, 328 insertions, 214 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 8a177be26d7c7..c38231f184075 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -12091,6 +12091,12 @@ githubId = 7512804; name = "Martin Langlotz"; }; + stargate01 = { + email = "christoph.honal@web.de"; + github = "StarGate01"; + githubId = 6362238; + name = "Christoph Honal"; + }; steamwalker = { email = "steamwalker@xs4all.nl"; github = "steamwalker"; diff --git a/nixos/modules/installer/tools/get-version-suffix b/nixos/modules/installer/tools/get-version-suffix index b8972cd57d22b..8d72905cdcb47 100644 --- a/nixos/modules/installer/tools/get-version-suffix +++ b/nixos/modules/installer/tools/get-version-suffix @@ -1,14 +1,15 @@ getVersion() { local dir="$1" rev= - if [ -e "$dir/.git" ]; then + gitDir="$dir/.git" + if [ -e "$gitDir" ]; then if [ -z "$(type -P git)" ]; then echo "warning: Git not found; cannot figure out revision of $dir" >&2 return fi cd "$dir" - rev=$(git rev-parse --short HEAD) - if git describe --always --dirty | grep -q dirty; then + rev=$(git --git-dir="$gitDir" rev-parse --short HEAD) + if git --git-dir="$gitDir" describe --always --dirty | grep -q dirty; then rev+=M fi fi diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix index 3211d4d88e4d9..db643c3d84795 100644 --- a/nixos/modules/services/misc/geoipupdate.nix +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -2,6 +2,7 @@ let cfg = config.services.geoipupdate; + inherit (builtins) isAttrs isString isInt isList typeOf hashString; in { imports = [ @@ -27,11 +28,30 @@ in }; settings = lib.mkOption { + example = lib.literalExpression '' + { + AccountID = 200001; + DatabaseDirectory = "/var/lib/GeoIP"; + LicenseKey = { _secret = "/run/keys/maxmind_license_key"; }; + Proxy = "10.0.0.10:8888"; + ProxyUserPassword = { _secret = "/run/keys/proxy_pass"; }; + } + ''; description = '' <productname>geoipupdate</productname> configuration options. See <link xlink:href="https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md" /> for a full list of available options. + + Settings containing secret data should be set to an + attribute set containing the attribute + <literal>_secret</literal> - a string pointing to a file + containing the value the option should be set to. See the + example to get a better picture of this: in the resulting + <filename>GeoIP.conf</filename> file, the + <literal>ProxyUserPassword</literal> key will be set to the + contents of the + <filename>/run/keys/proxy_pass</filename> file. ''; type = lib.types.submodule { freeformType = @@ -65,11 +85,18 @@ in }; LicenseKey = lib.mkOption { - type = lib.types.path; + type = with lib.types; either path (attrsOf path); description = '' - A file containing the <productname>MaxMind</productname> - license key. + A file containing the + <productname>MaxMind</productname> license key. + + Always handled as a secret whether the value is + wrapped in a <literal>{ _secret = ...; }</literal> + attrset or not (refer to <xref + linkend="opt-services.geoipupdate.settings" /> for + details). ''; + apply = x: if isAttrs x then x else { _secret = x; }; }; DatabaseDirectory = lib.mkOption { @@ -102,6 +129,9 @@ in systemd.services.geoipupdate-create-db-dir = { serviceConfig.Type = "oneshot"; script = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + mkdir -p ${cfg.settings.DatabaseDirectory} chmod 0755 ${cfg.settings.DatabaseDirectory} ''; @@ -115,32 +145,41 @@ in "network-online.target" "nss-lookup.target" ]; + path = [ pkgs.replace-secret ]; wants = [ "network-online.target" ]; startAt = cfg.interval; serviceConfig = { ExecStartPre = let + isSecret = v: isAttrs v && v ? _secret && isString v._secret; geoipupdateKeyValue = lib.generators.toKeyValue { mkKeyValue = lib.flip lib.generators.mkKeyValueDefault " " rec { - mkValueString = v: with builtins; + mkValueString = v: if isInt v then toString v else if isString v then v else if true == v then "1" else if false == v then "0" else if isList v then lib.concatMapStringsSep " " mkValueString v + else if isSecret v then hashString "sha256" v._secret else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; }; }; + secretPaths = lib.catAttrs "_secret" (lib.collect isSecret cfg.settings); + mkSecretReplacement = file: '' + replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/geoipupdate/GeoIP.conf" ]} + ''; + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; geoipupdateConf = pkgs.writeText "geoipupdate.conf" (geoipupdateKeyValue cfg.settings); script = '' + set -o errexit -o pipefail -o nounset -o errtrace + shopt -s inherit_errexit + chown geoip "${cfg.settings.DatabaseDirectory}" cp ${geoipupdateConf} /run/geoipupdate/GeoIP.conf - ${pkgs.replace-secret}/bin/replace-secret '${cfg.settings.LicenseKey}' \ - '${cfg.settings.LicenseKey}' \ - /run/geoipupdate/GeoIP.conf + ${secretReplacements} ''; in "+${pkgs.writeShellScript "start-pre-full-privileges" script}"; diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index ec71365ba3c1c..efc7f69be7d64 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -3,7 +3,19 @@ let cfg = config.services.parsedmarc; opt = options.services.parsedmarc; - ini = pkgs.formats.ini {}; + isSecret = v: isAttrs v && v ? _secret && isString v._secret; + ini = pkgs.formats.ini { + mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" rec { + mkValueString = v: + if isInt v then toString v + else if isString v then v + else if true == v then "True" + else if false == v then "False" + else if isSecret v then hashString "sha256" v._secret + else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; + }; + }; + inherit (builtins) elem isAttrs isString isInt isList typeOf hashString; in { options.services.parsedmarc = { @@ -107,11 +119,35 @@ in }; settings = lib.mkOption { + example = lib.literalExpression '' + { + imap = { + host = "imap.example.com"; + user = "alice@example.com"; + password = { _secret = "/run/keys/imap_password" }; + watch = true; + }; + splunk_hec = { + url = "https://splunkhec.example.com"; + token = { _secret = "/run/keys/splunk_token" }; + index = "email"; + }; + } + ''; description = '' Configuration parameters to set in <filename>parsedmarc.ini</filename>. For a full list of available parameters, see <link xlink:href="https://domainaware.github.io/parsedmarc/#configuration-file" />. + + Settings containing secret data should be set to an attribute + set containing the attribute <literal>_secret</literal> - a + string pointing to a file containing the value the option + should be set to. See the example to get a better picture of + this: in the resulting <filename>parsedmarc.ini</filename> + file, the <literal>splunk_hec.token</literal> key will be set + to the contents of the + <filename>/run/keys/splunk_token</filename> file. ''; type = lib.types.submodule { @@ -170,11 +206,18 @@ in }; password = lib.mkOption { - type = with lib.types; nullOr path; + type = with lib.types; nullOr (either path (attrsOf path)); default = null; description = '' - The path to a file containing the IMAP server password. + The IMAP server password. + + Always handled as a secret whether the value is + wrapped in a <literal>{ _secret = ...; }</literal> + attrset or not (refer to <xref + linkend="opt-services.parsedmarc.settings" /> for + details). ''; + apply = x: if isAttrs x || x == null then x else { _secret = x; }; }; watch = lib.mkOption { @@ -228,11 +271,18 @@ in }; password = lib.mkOption { - type = with lib.types; nullOr path; + type = with lib.types; nullOr (either path (attrsOf path)); default = null; description = '' - The path to a file containing the SMTP server password. + The SMTP server password. + + Always handled as a secret whether the value is + wrapped in a <literal>{ _secret = ...; }</literal> + attrset or not (refer to <xref + linkend="opt-services.parsedmarc.settings" /> for + details). ''; + apply = x: if isAttrs x || x == null then x else { _secret = x; }; }; from = lib.mkOption { @@ -274,12 +324,19 @@ in }; password = lib.mkOption { - type = with lib.types; nullOr path; + type = with lib.types; nullOr (either path (attrsOf path)); default = null; description = '' - The path to a file containing the password to use when - connecting to Elasticsearch, if required. + The password to use when connecting to Elasticsearch, + if required. + + Always handled as a secret whether the value is + wrapped in a <literal>{ _secret = ...; }</literal> + attrset or not (refer to <xref + linkend="opt-services.parsedmarc.settings" /> for + details). ''; + apply = x: if isAttrs x || x == null then x else { _secret = x; }; }; ssl = lib.mkOption { @@ -299,63 +356,6 @@ in ''; }; }; - - kafka = { - hosts = lib.mkOption { - default = []; - type = with lib.types; listOf str; - apply = x: if x == [] then null else lib.concatStringsSep "," x; - description = '' - A list of Apache Kafka hosts to publish parsed reports - to. - ''; - }; - - user = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - description = '' - Username to use when connecting to Kafka, if - required. - ''; - }; - - password = lib.mkOption { - type = with lib.types; nullOr path; - default = null; - description = '' - The path to a file containing the password to use when - connecting to Kafka, if required. - ''; - }; - - ssl = lib.mkOption { - type = with lib.types; nullOr bool; - default = null; - description = '' - Whether to use an encrypted SSL/TLS connection. - ''; - }; - - aggregate_topic = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - example = "aggregate"; - description = '' - The Kafka topic to publish aggregate reports on. - ''; - }; - - forensic_topic = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - example = "forensic"; - description = '' - The Kafka topic to publish forensic reports on. - ''; - }; - }; - }; }; @@ -404,21 +404,14 @@ in enable = cfg.provision.grafana.datasource || cfg.provision.grafana.dashboard; datasources = let - pkgVer = lib.getVersion config.services.elasticsearch.package; - esVersion = - if lib.versionOlder pkgVer "7" then - "60" - else if lib.versionOlder pkgVer "8" then - "70" - else - throw "When provisioning parsedmarc grafana datasources: unknown Elasticsearch version."; + esVersion = lib.getVersion config.services.elasticsearch.package; in lib.mkIf cfg.provision.grafana.datasource [ { name = "dmarc-ag"; type = "elasticsearch"; access = "proxy"; - url = "localhost:9200"; + url = "http://localhost:9200"; jsonData = { timeField = "date_range"; inherit esVersion; @@ -428,7 +421,7 @@ in name = "dmarc-fo"; type = "elasticsearch"; access = "proxy"; - url = "localhost:9200"; + url = "http://localhost:9200"; jsonData = { timeField = "date_range"; inherit esVersion; @@ -467,12 +460,17 @@ in # lists, empty attrsets and null. This makes it possible to # list interesting options in `settings` without them always # ending up in the resulting config. - filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! builtins.elem v [ null [] {} ])) cfg.settings; + filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null [] {} ])) cfg.settings; + + # Extract secrets (attributes set to an attrset with a + # "_secret" key) from the settings and generate the commands + # to run to perform the secret replacements. + secretPaths = lib.catAttrs "_secret" (lib.collect isSecret filteredConfig); parsedmarcConfig = ini.generate "parsedmarc.ini" filteredConfig; - mkSecretReplacement = file: - lib.optionalString (file != null) '' - replace-secret '${file}' '${file}' /run/parsedmarc/parsedmarc.ini - ''; + mkSecretReplacement = file: '' + replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/parsedmarc/parsedmarc.ini" ]} + ''; + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; in { wantedBy = [ "multi-user.target" ]; @@ -487,10 +485,7 @@ in umask u=rwx,g=,o= cp ${parsedmarcConfig} /run/parsedmarc/parsedmarc.ini chown parsedmarc:parsedmarc /run/parsedmarc/parsedmarc.ini - ${mkSecretReplacement cfg.settings.smtp.password} - ${mkSecretReplacement cfg.settings.imap.password} - ${mkSecretReplacement cfg.settings.elasticsearch.password} - ${mkSecretReplacement cfg.settings.kafka.password} + ${secretReplacements} '' + lib.optionalString cfg.provision.localMail.enable '' openssl rand -hex 64 >/run/parsedmarc/dmarc_user_passwd replace-secret '@imap-password@' '/run/parsedmarc/dmarc_user_passwd' /run/parsedmarc/parsedmarc.ini diff --git a/pkgs/applications/audio/noisetorch/default.nix b/pkgs/applications/audio/noisetorch/default.nix index 1015829709ebd..9fcd35a9de324 100644 --- a/pkgs/applications/audio/noisetorch/default.nix +++ b/pkgs/applications/audio/noisetorch/default.nix @@ -16,7 +16,7 @@ buildGoModule rec { doCheck = false; - ldflags = [ "-X main.version=${version}" "-X main.distribution=nix" ]; + ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.distribution=nix" ]; subPackages = [ "." ]; diff --git a/pkgs/applications/audio/reaper/default.nix b/pkgs/applications/audio/reaper/default.nix index d186755eccea2..6f94b0f531cb3 100644 --- a/pkgs/applications/audio/reaper/default.nix +++ b/pkgs/applications/audio/reaper/default.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "reaper"; - version = "6.47"; + version = "6.61"; src = fetchurl { url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_${stdenv.hostPlatform.qemuArch}.tar.xz"; hash = { - x86_64-linux = "sha256-31HmIx/ohbrzu5uj8KOOZiHNCmXwng9h+fIGaJfYyqA="; - aarch64-linux = "sha256-CMmcBpaZ6BEZJ1144aQhOJ/o2NrGD7/8aq+ObLVMXYE="; + x86_64-linux = "sha256-Lp2EVky1+ruc86LdMmvhZIisoYl0OxdkVnN3h/u09IQ="; + aarch64-linux = "sha256-sPLCMA//xAdWXjY7++R6eLWS56Zi0u+9ju7JlICGvVc="; }.${stdenv.hostPlatform.system}; }; diff --git a/pkgs/applications/backup/pika-backup/default.nix b/pkgs/applications/backup/pika-backup/default.nix index a8524dea91be2..868241b92326b 100644 --- a/pkgs/applications/backup/pika-backup/default.nix +++ b/pkgs/applications/backup/pika-backup/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchFromGitLab -, fetchpatch , rustPlatform , substituteAll , desktop-file-utils @@ -19,20 +18,20 @@ stdenv.mkDerivation rec { pname = "pika-backup"; - version = "0.4.0"; + version = "0.4.1"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "World"; repo = "pika-backup"; rev = "v${version}"; - hash = "sha256-vQ0hlwsrY0WOUc/ppleE+kKRGHPt/ScEChXrkukln3U="; + hash = "sha256-D5QkNgscvNaPEykbcR451Wx8Mvn7HTuQE/22lp95Kbo="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-IKUh5gkXTpmMToDaec+CpCIQqJjwJM2ZrmGQhZeTDsg="; + hash = "sha256-c4nYlPyc7D1AMOfHjhoDJox+i83+H1YKfWzR3i6bmng="; }; patches = [ @@ -40,11 +39,6 @@ stdenv.mkDerivation rec { src = ./borg-path.patch; borg = "${borgbackup}/bin/borg"; }) - (fetchpatch { - name = "use-gtk4-update-icon-cache.patch"; - url = "https://gitlab.gnome.org/World/pika-backup/-/merge_requests/64.patch"; - hash = "sha256-AttGQGWealvTIvPwBl5M6FiC4Al/UD4/XckUAxM38SE="; - }) ]; postPatch = '' diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index d4a542bb99e4e..2de4575d440bc 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -739,8 +739,8 @@ let mktplcRef = { name = "theme-dracula"; publisher = "dracula-theme"; - version = "2.22.3"; - sha256 = "0wni9sriin54ci8rly2s68lkfx8rj1cys6mgcizvps9sam6377w6"; + version = "2.24.2"; + sha256 = "sha256-YNqWEIvlEI29mfPxOQVdd4db9G2qNodhz8B0MCAAWK8="; }; meta = with lib; { changelog = "https://marketplace.visualstudio.com/items/dracula-theme.theme-dracula/changelog"; diff --git a/pkgs/applications/networking/appgate-sdp/default.nix b/pkgs/applications/networking/appgate-sdp/default.nix index d6f21aa04237a..cac64ba7f63f1 100644 --- a/pkgs/applications/networking/appgate-sdp/default.nix +++ b/pkgs/applications/networking/appgate-sdp/default.nix @@ -87,11 +87,11 @@ let in stdenv.mkDerivation rec { pname = "appgate-sdp"; - version = "5.5.4"; + version = "5.5.5"; src = fetchurl { url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb"; - sha256 = "sha256-7qfgUYD7uPb+ZEierREVfnHoGz0/b/J+hcsX/duDFWU="; + sha256 = "sha256-eXcGHd3TGNFqjFQ+wSg4+1hF/6DJTPOs0ldjegFktGo="; }; # just patch interpreter diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index f661e64bac7f8..7d8d077e2ac86 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -19,15 +19,15 @@ } }, "beta": { - "version": "103.0.5060.53", - "sha256": "00di0nw6h3kb0qp2wp3ny3zsar1ayn1lyx5zr28dl1h5cwaaxjqf", - "sha256bin64": "01vzhhnngr6a7mm1y25ax8vhph6dl948fvkyhdhb9m4j5l4lcqj4", + "version": "104.0.5112.20", + "sha256": "0adzdk3m2l4pjlk82sqavwgxf6a5darbiwchmlrsxc58p9xxag4s", + "sha256bin64": "1cm5k4gpxc0dn0vdqf3qwwf36pc77va9pnci84zcpaxx0jih7l9b", "deps": { "gn": { - "version": "2022-05-11", + "version": "2022-06-08", "url": "https://gn.googlesource.com/gn", - "rev": "578a7fe4c3c6b0bc2ae1fd2e37f14857d09895bf", - "sha256": "03dqfrdpf5xxl64dby3qmbwpzdq2gsa8g7xl438py3a629rgxg63" + "rev": "2ecd43a10266bd091c98e6dcde507c64f6a0dad3", + "sha256": "1q06vsz9b4bb764wy1wy8n177z2pgpm97kq3rl1hmq185mz5fhra" } } }, diff --git a/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix b/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix new file mode 100644 index 0000000000000..1b16786649f90 --- /dev/null +++ b/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix @@ -0,0 +1,58 @@ +{ lib +, stdenv +, fetchzip +, openjdk +, makeWrapper +, tor +, p7zip +, bash +, writeScript +}: +let + + briar-tor = writeScript "briar-tor" '' + #! ${bash}/bin/bash + exec ${tor}/bin/tor "$@" + ''; + +in +stdenv.mkDerivation rec { + pname = "briar-desktop"; + version = "0.2.1-beta"; + + src = fetchzip { + url = "https://code.briarproject.org/briar/briar-desktop/-/jobs/18424/artifacts/download?file_type=archive"; + sha256 = "sha256-ivMbgo0+iZE4/Iffq9HUBErGIQMVLrRZUQ6R3V3X8II="; + extension = "zip"; + }; + + nativeBuildInputs = [ + makeWrapper + p7zip + ]; + + installPhase = '' + mkdir -p $out/{bin,lib} + cp ${src}/briar-desktop.jar $out/lib/ + makeWrapper ${openjdk}/bin/java $out/bin/briar-desktop \ + --add-flags "-jar $out/lib/briar-desktop.jar" + ''; + + fixupPhase = '' + # Replace the embedded Tor binary (which is in a Tar archive) + # with one from Nixpkgs. + cp ${briar-tor} ./tor + for arch in {aarch64,armhf,x86_64}; do + 7z a tor_linux-$arch.zip tor + 7z a $out/lib/briar-desktop.jar tor_linux-$arch.zip + done + ''; + + meta = with lib; { + description = "Decentalized and secure messnger"; + homepage = "https://code.briarproject.org/briar/briar-desktop"; + license = licenses.gpl3; + maintainers = with maintainers; [ onny ]; + platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" ]; + }; +} diff --git a/pkgs/applications/networking/instant-messengers/chatty/default.nix b/pkgs/applications/networking/instant-messengers/chatty/default.nix index a6e31573ae816..fc9c4c10b2187 100644 --- a/pkgs/applications/networking/instant-messengers/chatty/default.nix +++ b/pkgs/applications/networking/instant-messengers/chatty/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { pname = "chatty"; - version = "0.6.6"; + version = "0.6.7"; src = fetchFromGitLab { domain = "source.puri.sm"; @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { repo = "chatty"; rev = "v${version}"; fetchSubmodules = true; - hash = "sha256-vwgXfoyZOCSMnRAB6bFSrtYlSrpMa9OOcmxYTqhU+lA="; + hash = "sha256-W4w/00mRgjfyQmLQ81/EAN+80qk7kDkBmMPJnOU+AIc="; }; postPatch = '' diff --git a/pkgs/applications/networking/instant-messengers/element/element-web.nix b/pkgs/applications/networking/instant-messengers/element/element-web.nix index 7cdfcabdce58b..0049ccd6a33d1 100644 --- a/pkgs/applications/networking/instant-messengers/element/element-web.nix +++ b/pkgs/applications/networking/instant-messengers/element/element-web.nix @@ -8,6 +8,7 @@ , yarn , fixup_yarn_lock , nodejs +, jitsi-meet , conf ? { } }: @@ -65,6 +66,7 @@ mkYarnPackage rec { runHook preInstall cp -R webapp $out + cp ${jitsi-meet}/libs/external_api.min.js $out/jitsi_external_api.min.js echo "${version}" > "$out/version" jq -s '.[0] * .[1]' "config.sample.json" "${configOverrides}" > "$out/config.json" diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix index 2dc167012221e..601cb127ff1f6 100644 --- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix +++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix @@ -2,6 +2,7 @@ , lib , python , fetchFromGitHub +, fetchpatch , pyopenssl , webcolors , future @@ -33,6 +34,11 @@ in buildPythonPackage { hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; }; + patches = fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/poljar/weechat-matrix/pull/309.patch"; + sha256 = "sha256-Grdht+TOFvCYRpL7uhPivqL7YzLoNVF3iQNHgbv1Te0="; + }; + propagatedBuildInputs = [ pyopenssl webcolors diff --git a/pkgs/development/interpreters/erlang/R16B02-basho.nix b/pkgs/development/interpreters/erlang/R16B02-basho.nix deleted file mode 100644 index 69d0ac6b7a5fa..0000000000000 --- a/pkgs/development/interpreters/erlang/R16B02-basho.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, mkDerivation }: - -mkDerivation { - baseName = "erlang"; - version = "16B02.basho10"; - - src = pkgs.fetchFromGitHub { - owner = "basho"; - repo = "otp"; - rev = "OTP_R16B02_basho10"; - sha256 = "1s2c3ag9dnp6xmcr27kh95n1w50xly97n1mp8ivc2a3gpv4blqmj"; - }; - - preConfigure = '' - export HOME=$PWD/../ - export LANG=C - export ERL_TOP=$(pwd) - sed -e s@/bin/pwd@pwd@g -i otp_build - sed -e s@"/usr/bin/env escript"@$(pwd)/bootstrap/bin/escript@g -i lib/diameter/bin/diameterc - - ./otp_build autoconf - ''; - - enableHipe = false; - - # Do not install docs, instead use prebuilt versions. - installTargets = "install"; - postInstall = let - manpages = pkgs.fetchurl { - url = "https://www.erlang.org/download/otp_doc_man_R16B02.tar.gz"; - sha256 = "12apxjmmd591y9g9bhr97z5jbd1jarqg7wj0y2sqhl21hc1yp75p"; - }; - in '' - sed -e s@$(pwd)/bootstrap/bin/escript@$out/bin/escript@g -i $out/lib/erlang/lib/diameter-1.4.3/bin/diameterc - - tar xf "${manpages}" -C "$out/lib/erlang" - for i in "$out"/lib/erlang/man/man[0-9]/*.[0-9]; do - prefix="''${i%/*}" - mkdir -p "$out/share/man/''${prefix##*/}" - ln -s "$i" "$out/share/man/''${prefix##*/}/''${i##*/}erl" - done - ''; - - meta = { - homepage = "https://github.com/basho/otp/"; - description = "Programming language used for massively scalable soft real-time systems, Basho fork"; - - longDescription = '' - Erlang is a programming language used to build massively scalable - soft real-time systems with requirements on high availability. - Some of its uses are in telecoms, banking, e-commerce, computer - telephony and instant messaging. Erlang's runtime system has - built-in support for concurrency, distribution and fault - tolerance. - This version of Erlang is Basho's version, forked from Ericsson's - repository. - ''; - - knownVulnerabilities = [ "CVE-2017-1000385" ]; - - platforms = ["x86_64-linux" "x86_64-darwin"]; - license = pkgs.lib.licenses.asl20; - maintainers = with pkgs.lib.maintainers; [ mdaiter ]; - }; -} diff --git a/pkgs/development/libraries/armadillo/default.nix b/pkgs/development/libraries/armadillo/default.nix index 6513d4be3964b..539288acd4c85 100644 --- a/pkgs/development/libraries/armadillo/default.nix +++ b/pkgs/development/libraries/armadillo/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "armadillo"; - version = "11.1.1"; + version = "11.2.0"; src = fetchurl { url = "mirror://sourceforge/arma/armadillo-${version}.tar.xz"; - sha256 = "sha256-v6YVSl/v2DLSjVMKWCIf5KLP8qO729guEJveU/sp3Ns="; + sha256 = "sha256-31yiFZAcaMY0Z8C/7hTwjjTYdaR6sPCVCCqzLd/08kM="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/nrf5-sdk/default.nix b/pkgs/development/libraries/nrf5-sdk/default.nix new file mode 100644 index 0000000000000..c8667287a0020 --- /dev/null +++ b/pkgs/development/libraries/nrf5-sdk/default.nix @@ -0,0 +1,37 @@ +{ lib +, stdenv +, fetchzip +}: + +stdenv.mkDerivation rec { + pname = "nrf5-sdk"; + version = "17.1.0"; + + urlHash = "ddde560"; + + src = fetchzip { + url = "https://nsscprodmedia.blob.core.windows.net/prod/software-and-other-downloads/sdks/nrf5/binaries/nrf5_sdk_${version}_${urlHash}.zip"; + sha256 = "sha256-q4WQ7X7/z/42/qcii+mOLnobqcbUy0tInkOfRH/Gwus="; + }; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/nRF5_SDK + mv * $out/share/nRF5_SDK + rm $out/share/nRF5_SDK/*.msi + + runHook postInstall + ''; + + meta = with lib; { + description = "Nordic Semiconductor nRF5 Software Development Kit"; + homepage = "https://www.nordicsemi.com/Products/Development-software/nRF5-SDK"; + license = licenses.unfree; + platforms = platforms.all; + maintainers = with maintainers; [ stargate01 ]; + }; +} diff --git a/pkgs/development/python-modules/geoip2/default.nix b/pkgs/development/python-modules/geoip2/default.nix index c5e9a01db5381..65f938fd6a97d 100644 --- a/pkgs/development/python-modules/geoip2/default.nix +++ b/pkgs/development/python-modules/geoip2/default.nix @@ -9,13 +9,13 @@ }: buildPythonPackage rec { - version = "4.5.0"; + version = "4.6.0"; pname = "geoip2"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - sha256 = "b542252e87eb40adc3a2fc0f4e84b514c4c5e04ed46923a3a74d509f25f3103a"; + sha256 = "sha256-8OgLzoCwa7OL0Iv0h31ahONU6TIJXmzPtNJ7tZj6T4M="; }; patchPhase = '' diff --git a/pkgs/development/python-modules/nodeenv/default.nix b/pkgs/development/python-modules/nodeenv/default.nix index 1ff2d47b32d63..d08fcf4699ab7 100644 --- a/pkgs/development/python-modules/nodeenv/default.nix +++ b/pkgs/development/python-modules/nodeenv/default.nix @@ -1,31 +1,55 @@ -{ lib, buildPythonPackage, fetchPypi, setuptools, python, which }: +{ lib +, buildPythonPackage +, fetchFromGitHub +, mock +, pytestCheckHook +, python +, pythonOlder +, setuptools +, which +}: buildPythonPackage rec { pname = "nodeenv"; - version = "1.6.0"; + version = "1.7.0"; + format = "setuptools"; - src = fetchPypi { - inherit pname version; - sha256 = "3ef13ff90291ba2a4a7a4ff9a979b63ffdd00a464dbe04acf0ea6471517a4c2b"; + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "ekalinin"; + repo = pname; + rev = version; + hash = "sha256-X30PUiOMT/vXqmdSJKHTNNA8aLWavCUaKa7LzqkdLrk="; }; propagatedBuildInputs = [ setuptools ]; - # Tests not included in PyPI tarball - doCheck = false; + checkInputs = [ + mock + pytestCheckHook + ]; preFixup = '' substituteInPlace $out/${python.sitePackages}/nodeenv.py \ --replace '["which", candidate]' '["${lib.getBin which}/bin/which", candidate]' ''; - pythonImportsCheck = [ "nodeenv" ]; + pythonImportsCheck = [ + "nodeenv" + ]; + + disabledTests = [ + # Test requires coverage + "test_smoke" + ]; meta = with lib; { description = "Node.js virtual environment builder"; homepage = "https://github.com/ekalinin/nodeenv"; license = licenses.bsd3; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/os-specific/linux/intel-ocl/default.nix b/pkgs/os-specific/linux/intel-ocl/default.nix index 026ce80c645af..b1451421d69b9 100644 --- a/pkgs/os-specific/linux/intel-ocl/default.nix +++ b/pkgs/os-specific/linux/intel-ocl/default.nix @@ -9,6 +9,7 @@ stdenv.mkDerivation rec { urls = [ "https://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" "http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" + "https://web.archive.org/web/20190526190814/http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip" ]; sha256 = "0qbp63l74s0i80ysh9ya8x7r79xkddbbz4378nms9i7a0kprg9p2"; stripRoot = false; @@ -69,9 +70,9 @@ stdenv.mkDerivation rec { meta = { description = "Official OpenCL runtime for Intel CPUs"; - homepage = "https://software.intel.com/en-us/articles/opencl-drivers"; - license = lib.licenses.unfree; - platforms = [ "x86_64-linux" ]; + homepage = "https://software.intel.com/en-us/articles/opencl-drivers"; + license = lib.licenses.unfree; + platforms = [ "x86_64-linux" ]; maintainers = [ lib.maintainers.kierdavis ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eb1812ab2c811..3b9e6c0e6b416 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4599,6 +4599,8 @@ with pkgs; boofuzz= callPackage ../tools/security/boofuzz { }; + briar-desktop = callPackage ../applications/networking/instant-messengers/briar-desktop { }; + bsdbuild = callPackage ../development/tools/misc/bsdbuild { }; bsdiff = callPackage ../tools/compression/bsdiff { }; @@ -14440,7 +14442,7 @@ with pkgs; inherit (beam.interpreters) erlang erlangR25 erlangR24 erlangR23 erlangR22 erlangR21 - erlang_odbc erlang_javac erlang_odbc_javac erlang_basho_R16B02 + erlang_odbc erlang_javac erlang_odbc_javac elixir elixir_1_13 elixir_1_12 elixir_1_11 elixir_1_10 elixir_1_9 elixir_ls; @@ -16130,6 +16132,8 @@ with pkgs; sdk = true; }; + nrf5-sdk = callPackage ../development/libraries/nrf5-sdk { }; + nrfutil = callPackage ../development/tools/misc/nrfutil { }; obelisk = callPackage ../development/tools/ocaml/obelisk { menhir = ocamlPackages.menhir; }; @@ -20920,6 +20924,23 @@ with pkgs; sphinx = with python3Packages; toPythonApplication sphinx; + # A variation of sphinx that is only suitable for offline use as it excludes + # pyopenssl, which is broken on aarch64-darwin. + # https://github.com/NixOS/nixpkgs/issues/175875 + sphinx_offline = + if !(stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isAarch64) + then sphinx + else + sphinx.override (o: { + requests = pkgsBuildTarget.python3Packages.requests.override (o: { + urllib3 = pkgsBuildTarget.python3Packages.urllib3.overrideAttrs (o: { + # urllib3 adds the optional pyopenssl to propagatedBuildInputs + # pkgs/development/python-modules/urllib3/default.nix + propagatedBuildInputs = []; + }); + }); + }); + sphinx-autobuild = with python3Packages; toPythonApplication sphinx-autobuild; sphinx-serve = with python3Packages; toPythonApplication sphinx-serve; @@ -26981,6 +27002,8 @@ with pkgs; # Git with SVN support, but without GUI. gitSVN = lowPrio (git.override { svnSupport = true; }); + git-autofixup = perlPackages.GitAutofixup; + git-doc = lib.addMetaAttrs { description = "Additional documentation for Git"; longDescription = '' diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index e7f4b6b5250f5..714873775269a 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -92,15 +92,6 @@ with beam; { odbcSupport = true; }; - # Basho fork, using custom builder. - erlang_basho_R16B02 = - lib.callErlang ../development/interpreters/erlang/R16B02-basho.nix { - autoconf = buildPackages.autoconf269; - inherit wxSupport; - }; - erlang_basho_R16B02_odbc = - erlang_basho_R16B02.override { odbcSupport = true; }; - # Other Beam languages. These are built with `beam.interpreters.erlang`. To # access for example elixir built with different version of Erlang, use # `beam.packages.erlangR24.elixir`. diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix index 68a3230995694..54a050be73f8c 100644 --- a/pkgs/top-level/haskell-packages.nix +++ b/pkgs/top-level/haskell-packages.nix @@ -49,6 +49,8 @@ let # Use this rather than `rec { ... }` below for sake of overlays. inherit (pkgs.haskell) compiler packages; + sphinx = buildPackages.sphinx_offline; + in { lib = haskellLibUncomposable; @@ -97,7 +99,7 @@ in { packages.ghc8102Binary else packages.ghc865Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_7; llvmPackages = pkgs.llvmPackages_7; }; @@ -110,7 +112,7 @@ in { packages.ghc8107BinaryMinimal else packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. @@ -126,7 +128,7 @@ in { packages.ghc8107BinaryMinimal else packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; inherit (buildPackages.darwin) autoSignDarwinBinariesHook xattr; buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_12; llvmPackages = pkgs.llvmPackages_12; @@ -138,7 +140,7 @@ in { packages.ghc8107BinaryMinimal else packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. @@ -148,7 +150,7 @@ in { }; ghcHEAD = callPackage ../development/compilers/ghc/head.nix { bootPkgs = packages.ghc8107Binary; - inherit (buildPackages.python3Packages) sphinx; + inherit sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. |