diff options
23 files changed, 122 insertions, 61 deletions
diff --git a/nixos/tests/stratis/default.nix b/nixos/tests/stratis/default.nix index 6964852e30a09..42daadd5fcaac 100644 --- a/nixos/tests/stratis/default.nix +++ b/nixos/tests/stratis/default.nix @@ -4,4 +4,5 @@ { simple = import ./simple.nix { inherit system pkgs; }; + encryption = import ./encryption.nix { inherit system pkgs; }; } diff --git a/nixos/tests/stratis/encryption.nix b/nixos/tests/stratis/encryption.nix new file mode 100644 index 0000000000000..3faa3171843f7 --- /dev/null +++ b/nixos/tests/stratis/encryption.nix @@ -0,0 +1,33 @@ +import ../make-test-python.nix ({ pkgs, ... }: + { + name = "stratis"; + + meta = with pkgs.lib.maintainers; { + maintainers = [ nickcao ]; + }; + + nodes.machine = { pkgs, ... }: { + services.stratis.enable = true; + virtualisation.emptyDiskImages = [ 2048 ]; + }; + + testScript = + let + testkey1 = pkgs.writeText "testkey1" "supersecret1"; + testkey2 = pkgs.writeText "testkey2" "supersecret2"; + in + '' + machine.wait_for_unit("stratisd") + # test creation of encrypted pool and filesystem + machine.succeed("stratis key set testkey1 --keyfile-path ${testkey1}") + machine.succeed("stratis key set testkey2 --keyfile-path ${testkey2}") + machine.succeed("stratis pool create testpool /dev/vdb --key-desc testkey1") + machine.succeed("stratis fs create testpool testfs") + # test rebinding encrypted pool + machine.succeed("stratis pool rebind keyring testpool testkey2") + # test restarting encrypted pool + uuid = machine.succeed("stratis pool list | grep -oE '[0-9a-fA-F-]{36}'").rstrip('\n') + machine.succeed(" stratis pool stop testpool") + machine.succeed(f"stratis pool start {uuid} --unlock-method keyring") + ''; + }) diff --git a/pkgs/applications/audio/faust/faustlive.nix b/pkgs/applications/audio/faust/faustlive.nix index 4ee5ab82e6e46..87f2920c200b5 100644 --- a/pkgs/applications/audio/faust/faustlive.nix +++ b/pkgs/applications/audio/faust/faustlive.nix @@ -5,12 +5,12 @@ stdenv.mkDerivation rec { pname = "faustlive"; - version = "2.5.11"; + version = "2.5.12"; src = fetchFromGitHub { owner = "grame-cncm"; repo = "faustlive"; rev = version; - sha256 = "sha256-ldn6st3/iIABjEfAwodOnPrI97DygWbnYmvMktlOgrk="; + sha256 = "sha256-pq9zO4opCh9GEEtuQjrxKdNvOasDlcGGUsQD4je7Wyw="; fetchSubmodules = true; }; diff --git a/pkgs/applications/misc/obsidian/default.nix b/pkgs/applications/misc/obsidian/default.nix index c38ee194b4e24..2ef17f9c1cdf3 100644 --- a/pkgs/applications/misc/obsidian/default.nix +++ b/pkgs/applications/misc/obsidian/default.nix @@ -12,7 +12,7 @@ let inherit (stdenv.hostPlatform) system; pname = "obsidian"; - version = "0.15.9"; + version = "1.0.0"; appname = "Obsidian"; meta = with lib; { description = "A powerful knowledge base that works on top of a local folder of plain text Markdown files"; @@ -25,7 +25,7 @@ let filename = if stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz"; src = fetchurl { url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}"; - sha256 = if stdenv.isDarwin then "1q9almr8k1i2wzksd09libgnvypj5k9j15y6cxg4rgnw32fa152n" else "sha256-Qz1Ic5FtxXIk8J/2spNZaqpPIgx3yNyXiAQllbVrGjw="; + sha256 = if stdenv.isDarwin then "sha256-KVWqdXzbQT93Dj4yesdnfFwAdYin1vfpPsj/ur1AGA0=" else "sha256-H1Cl9SBz/mwN8gezFkcV4KxI7+xVjQV2AtyLKyjVpI8="; }; icon = fetchurl { diff --git a/pkgs/applications/misc/osmscout-server/default.nix b/pkgs/applications/misc/osmscout-server/default.nix index 9f057e3b019a4..c463ade398622 100644 --- a/pkgs/applications/misc/osmscout-server/default.nix +++ b/pkgs/applications/misc/osmscout-server/default.nix @@ -14,13 +14,13 @@ let in mkDerivation rec { pname = "osmscout-server"; - version = "2.1.2"; + version = "2.2.2"; src = fetchFromGitHub { owner = "rinigus"; repo = "osmscout-server"; rev = version; - sha256 = "sha256-I14nQL0H2rMga+RDdAjykqmf7QIZveA6oGWu5PfZ89s="; + sha256 = "sha256-ngB3c6rUQ/+AeaJHKAFRl9lCkUobLWSnsn030brB+Bw="; fetchSubmodules = true; }; diff --git a/pkgs/applications/networking/cluster/kyverno/default.nix b/pkgs/applications/networking/cluster/kyverno/default.nix index d00b1b38b2eef..da602ac6864bd 100644 --- a/pkgs/applications/networking/cluster/kyverno/default.nix +++ b/pkgs/applications/networking/cluster/kyverno/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kyverno"; - version = "1.7.4"; + version = "1.8.0"; src = fetchFromGitHub { owner = "kyverno"; repo = "kyverno"; rev = "v${version}"; - sha256 = "sha256-EzPd4D+pK9mFSoJx9gEWEw9izXum2NgACiBuQ6uTYGo="; + sha256 = "sha256-VJhn3z/utbcZdJjmVzsjyqPfpKMmDXSKUcoALSmawqs="; }; ldflags = [ @@ -18,7 +18,7 @@ buildGoModule rec { "-X github.com/kyverno/kyverno/pkg/version.BuildTime=1970-01-01_00:00:00" ]; - vendorSha256 = "sha256-bpuEEoWobFPVsNZKKuOKTQGvV+/NAgaM4M63bv5y0Rk="; + vendorSha256 = "sha256-8Sk36IFk3tL/wqDnKJw/K1MtKBZuVRRFkyMl4b/XwDI="; subPackages = [ "cmd/cli/kubectl-kyverno" ]; diff --git a/pkgs/applications/science/electronics/gtkwave/default.nix b/pkgs/applications/science/electronics/gtkwave/default.nix index 10dcb2327c060..57104cb045eee 100644 --- a/pkgs/applications/science/electronics/gtkwave/default.nix +++ b/pkgs/applications/science/electronics/gtkwave/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "gtkwave"; - version = "3.3.111"; + version = "3.3.113"; src = fetchurl { url = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz"; - sha256 = "0cv222qhgldfniz6zys52zhrynfsp5v0h8ia857lng7v33vw5qdl"; + sha256 = "sha256-bv81puBSiFVkO2hNk63rMchbTSN3KtSnyHnL0/apQe0="; }; nativeBuildInputs = [ pkg-config wrapGAppsHook ]; diff --git a/pkgs/applications/science/logic/cbmc/default.nix b/pkgs/applications/science/logic/cbmc/default.nix index 07c3b62d37dab..4750dd08c0a97 100644 --- a/pkgs/applications/science/logic/cbmc/default.nix +++ b/pkgs/applications/science/logic/cbmc/default.nix @@ -13,13 +13,13 @@ stdenv.mkDerivation rec { pname = "cbmc"; - version = "5.67.0"; + version = "5.68.0"; src = fetchFromGitHub { owner = "diffblue"; repo = pname; rev = "${pname}-${version}"; - sha256 = "sha256-9w6GGi/yW7IYv3NoflpzO/UH712+LWp6f10+ak2hLIA="; + sha256 = "sha256-Hup/E426sPAj8/vpgBz8j6C65fG6U59oq78mqmGkDD8="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/version-management/git-and-tools/git-publish/default.nix b/pkgs/applications/version-management/git-and-tools/git-publish/default.nix new file mode 100644 index 0000000000000..0f0eeff156b06 --- /dev/null +++ b/pkgs/applications/version-management/git-and-tools/git-publish/default.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, python, perl, fetchFromGitHub, installShellFiles }: +stdenv.mkDerivation rec { + pname = "git-publish"; + version = "1.8.1"; + + src = fetchFromGitHub { + owner = "stefanha"; + repo = "git-publish"; + rev = "v${version}"; + sha256 = "14rz5kli6sz171cvdc46z3z0nnpd57rliwr6nn6vjjc49yyfwgl4"; + }; + + nativeBuildInputs = [ perl installShellFiles ]; + buildInputs = [ python ]; + + installPhase = '' + runHook preInstall + + install -Dm0755 git-publish $out/bin/git-publish + pod2man git-publish.pod > git-publish.1 + installManPage git-publish.1 + + runHook postInstall + ''; + + meta = { + description = "Prepare and store patch revisions as git tags"; + license = lib.licenses.mit; + maintainers = [ lib.maintainers.lheckemann ]; + homepage = "https://github.com/stefanha/git-publish"; + }; +} diff --git a/pkgs/development/compilers/scala/2.x.nix b/pkgs/development/compilers/scala/2.x.nix index bac99fd79ac8c..601f05a51bb0a 100644 --- a/pkgs/development/compilers/scala/2.x.nix +++ b/pkgs/development/compilers/scala/2.x.nix @@ -26,8 +26,8 @@ let }; "2.13" = { - version = "2.13.8"; - sha256 = "LLMdhGnGUYOfDpyDehqwZVDQMXJnUvVJBr4bneATFM8="; + version = "2.13.10"; + sha256 = "sha256-sBRhWZzQeGBCxktTN5D0XlG6u5HFLcRl2EaDjpcBnMQ="; pname = "scala_2_13"; }; }; diff --git a/pkgs/development/embedded/arduino/arduino-language-server/default.nix b/pkgs/development/embedded/arduino/arduino-language-server/default.nix index cba2e595cf78b..6ed310649368f 100644 --- a/pkgs/development/embedded/arduino/arduino-language-server/default.nix +++ b/pkgs/development/embedded/arduino/arduino-language-server/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "arduino-language-server"; - version = "0.7.1"; + version = "0.7.2"; src = fetchFromGitHub { owner = "arduino"; repo = "arduino-language-server"; rev = version; - hash = "sha256-FnkXtjktj22LCkmFPxzQ72qiVBC1WR/ZiwMsmZPL578="; + hash = "sha256-7xuVCD27gE8uDFBTQgBwH8bx8OWc9Lj71o27FYOSiTY="; }; subPackages = [ "." ]; diff --git a/pkgs/development/libraries/armadillo/default.nix b/pkgs/development/libraries/armadillo/default.nix index 5f67eda61a20d..5af49f23c44fd 100644 --- a/pkgs/development/libraries/armadillo/default.nix +++ b/pkgs/development/libraries/armadillo/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "armadillo"; - version = "11.4.0"; + version = "11.4.1"; src = fetchurl { url = "mirror://sourceforge/arma/armadillo-${version}.tar.xz"; - sha256 = "sha256-AWUxFSwCcppgKqbxb0ujsEdXQNXBvSjTTt1yZPR2Rhw="; + sha256 = "sha256-2ttf01vE3CUbNvXdgHKcPFiNZeLsvNTk41mtnLBFI/s="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/vte/default.nix b/pkgs/development/libraries/vte/default.nix index 6ec3acebd6e15..8fa3c08622488 100644 --- a/pkgs/development/libraries/vte/default.nix +++ b/pkgs/development/libraries/vte/default.nix @@ -48,6 +48,11 @@ stdenv.mkDerivation rec { url = "https://git.alpinelinux.org/aports/plain/community/vte3/fix-W_EXITCODE.patch?id=4d35c076ce77bfac7655f60c4c3e4c86933ab7dd"; sha256 = "FkVyhsM0mRUzZmS2Gh172oqwcfXv6PyD6IEgjBhy2uU="; }) + # error: implicit declaration of function 'cfmakeraw' is invalid in C99 [-Werror,-Wimplicit-function-declaration] + (fetchpatch { + url = "https://gitlab.gnome.org/GNOME/vte/-/commit/1f1f177ff797ac2bb453168951135865cfded900.patch"; + sha256 = "sha256-VRVhq8JAshtcFejJkNUpMilo7tLgcojlEnCTrAtGVa0="; + }) ]; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/meteofrance-api/default.nix b/pkgs/development/python-modules/meteofrance-api/default.nix index 4e8d96c3301bb..a49426bb64428 100644 --- a/pkgs/development/python-modules/meteofrance-api/default.nix +++ b/pkgs/development/python-modules/meteofrance-api/default.nix @@ -1,7 +1,6 @@ { lib , buildPythonPackage , fetchFromGitHub -, fetchpatch , poetry-core , pytestCheckHook , pythonOlder @@ -14,26 +13,18 @@ buildPythonPackage rec { pname = "meteofrance-api"; - version = "1.0.2"; + version = "1.1.0"; format = "pyproject"; - disabled = pythonOlder "3.6"; + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "hacf-fr"; repo = pname; rev = "v${version}"; - hash = "sha256-X8f0z9ZPXH7Wc3GqHmPptxpNxbHeezdOzw4gZCprumU="; + hash = "sha256-1ZN/9ur6uhK7M5TurmmWgUjzkc79MPqKnT637hbAAWA="; }; - patches = [ - (fetchpatch { - # Switch to poetry-core - url = "https://github.com/hacf-fr/meteofrance-api/commit/7536993fe38dfe3d0833da3fd750be9277aeffa6.patch"; - hash = "sha256-/4VgzoJxhaXoj1N1GNLJNvkQvv6IW9OcBJV6vg6kthM="; - }) - ]; - nativeBuildInputs = [ poetry-core ]; @@ -41,9 +32,8 @@ buildPythonPackage rec { propagatedBuildInputs = [ pytz requests - urllib3 - ] ++ lib.optionals (pythonOlder "3.7") [ typing-extensions + urllib3 ]; checkInputs = [ @@ -51,12 +41,6 @@ buildPythonPackage rec { requests-mock ]; - postPatch = '' - # https://github.com/hacf-fr/meteofrance-api/pull/378 - substituteInPlace pyproject.toml \ - --replace 'pytz = ">=2020.4,<2022.0"' 'pytz = ">=2020.4,<2023.0"' - ''; - pythonImportsCheck = [ "meteofrance_api" ]; diff --git a/pkgs/development/python-modules/nexia/default.nix b/pkgs/development/python-modules/nexia/default.nix index 8aaa833d2f0a2..18c70e47b216a 100644 --- a/pkgs/development/python-modules/nexia/default.nix +++ b/pkgs/development/python-modules/nexia/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "nexia"; - version = "2.0.2"; + version = "2.0.4"; format = "setuptools"; disabled = pythonOlder "3.5"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "bdraco"; repo = pname; rev = "refs/tags/${version}"; - sha256 = "sha256-JbWKNM7fNhIuBnIHAvRegAxmE0OOwsTDQWaMtuDVQcc="; + sha256 = "sha256-Pxr69NwdUY1FqIrJu60+KApHRBJ3WwAMifjweJuA8lI="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/plugwise/default.nix b/pkgs/development/python-modules/plugwise/default.nix index fb0536e623823..5401e07916a4e 100644 --- a/pkgs/development/python-modules/plugwise/default.nix +++ b/pkgs/development/python-modules/plugwise/default.nix @@ -21,7 +21,7 @@ buildPythonPackage rec { pname = "plugwise"; - version = "0.25.0"; + version = "0.25.1"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -30,7 +30,7 @@ buildPythonPackage rec { owner = pname; repo = "python-plugwise"; rev = "refs/tags/v${version}"; - sha256 = "sha256-5kgUSEwrSDdVmPTnWXHGPefDWIWP8AQFBQ+CbKed+Co="; + sha256 = "sha256-7LwQwtzNLB9dvV79CFBNdC5I8uw+BP+H108ljacQjgY="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pywbem/default.nix b/pkgs/development/python-modules/pywbem/default.nix index 0547f3edd9386..d978559290082 100644 --- a/pkgs/development/python-modules/pywbem/default.nix +++ b/pkgs/development/python-modules/pywbem/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "pywbem"; - version = "1.4.1"; + version = "1.5.0"; src = fetchPypi { inherit pname version; - sha256 = "sha256-rYu75Kt+eVciwPJ/JlbJL8Zzp+BqFM0VGlDwMGRU0X4="; + sha256 = "sha256-xffkWMJTDGE1j7xjM750+vNmqs546uM3QUMSZ63zJhA="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/tools/goda/default.nix b/pkgs/development/tools/goda/default.nix index 0127773befe28..3af0ef3152402 100644 --- a/pkgs/development/tools/goda/default.nix +++ b/pkgs/development/tools/goda/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "goda"; - version = "0.5.2"; + version = "0.5.3"; src = fetchFromGitHub { owner = "loov"; repo = "goda"; rev = "v${version}"; - sha256 = "sha256-gXpO0DvxghyJIIxjE/KGjF/uRQ5W3p5QhqtmzeDmAfA="; + sha256 = "sha256-qBuhwIQvfUZMyzCJ/7Kedc+InrGwpcLhDLvX9i0ws2A="; }; - vendorSha256 = "sha256-OyQEw6mRrRneo3T8wns0doU4lxJYEoilTd30xctLBJ4="; + vendorSha256 = "sha256-BYYuB4ZlCWD8NILkf4qrgM4q72ZTy7Ze3ICUXdoI5Ms="; passthru.updateScript = nix-update-script { attrPath = pname; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 0c5cb6b73a5aa..57fe7420f4818 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -506,6 +506,11 @@ let # Depends on MODULE_SIG and only really helps when you sign your modules # and enforce signatures which we don't do by default. SECURITY_LOCKDOWN_LSM = option no; + + # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis + PERSISTENT_KEYRINGS = yes; + # enable temporary caching of the last request_key() result + KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { # Detect buffer overflows on the stack diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 1ec98cc7b3498..99382ad4aae1c 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -37,10 +37,11 @@ rec { }; latest = selectHighestVersion production (generic { - version = "495.46"; - sha256_64bit = "2Dt30X2gxUZnqlsT1uqVpcUTBCV7Hs8vjUo7WuMcYvU="; - settingsSha256 = "vbcZYn+UBBGwjfrJ6SyXt3+JLBeNcXK4h8mjj7qxZPk="; - persistencedSha256 = "ieYqkVxe26cLw1LUgBsFSSowAyfZkTcItIzQCestCXI="; + version = "520.56.06"; + sha256_64bit = "sha256-UWdLAL7Wdm7EPUHKhNGNaTkGI0+FUZBptqNB92wRPEY="; + openSha256 = "sha256-miIxF/0fA7v8fU+oh/mx0DRqJdPBzmz14IqgPWJQeKU="; + settingsSha256 = "sha256-NeT3tb7NGicKHnNkuOwbte6BJsP1bUzPSE+TXnevCAM="; + persistencedSha256 = "sha256-3nWtnwpLaal3ty8GNMFa4zeonT8nKpYs6DIgsAq9+84="; }); beta = selectHighestVersion latest (generic { diff --git a/pkgs/servers/dendrite/default.nix b/pkgs/servers/dendrite/default.nix index 51b3abce6f617..38626c52c9ef1 100644 --- a/pkgs/servers/dendrite/default.nix +++ b/pkgs/servers/dendrite/default.nix @@ -3,19 +3,16 @@ buildGoModule rec { pname = "matrix-dendrite"; - version = "0.10.1"; + version = "0.10.3"; src = fetchFromGitHub { owner = "matrix-org"; repo = "dendrite"; rev = "v${version}"; - sha256 = "sha256-o+vdxjxbgTPhXtmjrMXf/kBGYaaF3nvVnrG+PGnaM70="; + sha256 = "sha256-ziKVv5ql1gIAIYpsRCV9f9y711hYz24M1Z+mGWO1vqs="; }; - vendorSha256 = "sha256-sd2frDxtMd0YUVCCQGaNYU7KopZQC1Ld5OHnjttTrgA="; - - # some tests are racy, re-enable once upstream has fixed them - doCheck = false; + vendorSha256 = "sha256-p1UmHIM4h6oe5PRSPD8rtEJpwypTxN1IHzge0Me/9mQ="; checkInputs = [ postgresqlTestHook @@ -37,6 +34,7 @@ buildGoModule rec { meta = with lib; { homepage = "https://matrix-org.github.io/dendrite"; description = "A second-generation Matrix homeserver written in Go"; + changelog = "https://github.com/matrix-org/dendrite/releases/tag/v${version}"; license = licenses.asl20; maintainers = teams.matrix.members; platforms = platforms.unix; diff --git a/pkgs/servers/endlessh-go/default.nix b/pkgs/servers/endlessh-go/default.nix index f6415ee72acda..0491e0e75eb34 100644 --- a/pkgs/servers/endlessh-go/default.nix +++ b/pkgs/servers/endlessh-go/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "endlessh-go"; - version = "20220731"; + version = "20221012"; src = fetchFromGitHub { owner = "shizunge"; repo = "endlessh-go"; rev = version; - sha256 = "sha256-xV9VCbpd6JC/m3RXJt0v8WCCGs8UpZLvAv3bzPRrae4="; + sha256 = "sha256-qgwOaqRyMiN3+vnwzwNet7jMQzgmFb09AVfYFwCAQJI="; }; - vendorSha256 = "sha256-YGVLntDnOX55IoIHIn0z1K7V/PhRLruEASfAGQsTUkk="; + vendorSha256 = "sha256-8W0yh+/FPIf6M5JipwbpLseKEdo4uVRmtsYYqfkwENU="; ldflags = [ "-s" "-w" ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index def3efbf0ac0b..09c498740129b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2610,6 +2610,8 @@ with pkgs; git-privacy = callPackage ../development/tools/git-privacy { }; + git-publish = python3Packages.callPackage ../applications/version-management/git-and-tools/git-publish { }; + git-repo-updater = python3Packages.callPackage ../development/tools/git-repo-updater { }; git-revise = with python3Packages; toPythonApplication git-revise; |