diff options
34 files changed, 887 insertions, 157 deletions
diff --git a/lib/licenses.nix b/lib/licenses.nix index 190eeefc1bf88..830cb95aff949 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -100,6 +100,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) { fullName = "BSD Zero Clause License"; }; + bsd1 = spdx { + spdxId = "BSD-1-Clause"; + fullName = "BSD 1-Clause License"; + }; + bsd2 = spdx { spdxId = "BSD-2-Clause"; fullName = ''BSD 2-clause "Simplified" License''; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0dff21236e129..0d26b7300d05b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -876,6 +876,7 @@ ./services/web-apps/documize.nix ./services/web-apps/dokuwiki.nix ./services/web-apps/engelsystem.nix + ./services/web-apps/galene.nix ./services/web-apps/gerrit.nix ./services/web-apps/gotify-server.nix ./services/web-apps/grocy.nix diff --git a/nixos/modules/services/web-apps/galene.nix b/nixos/modules/services/web-apps/galene.nix new file mode 100644 index 0000000000000..769490e915ac8 --- /dev/null +++ b/nixos/modules/services/web-apps/galene.nix @@ -0,0 +1,178 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.galene; + defaultstateDir = "/var/lib/galene"; + defaultrecordingsDir = "${cfg.stateDir}/recordings"; + defaultgroupsDir = "${cfg.stateDir}/groups"; + defaultdataDir = "${cfg.stateDir}/data"; +in +{ + options = { + services.galene = { + enable = mkEnableOption "Galene Service."; + + stateDir = mkOption { + default = defaultstateDir; + type = types.str; + description = '' + The directory where Galene stores its internal state. If left as the default + value this directory will automatically be created before the Galene server + starts, otherwise the sysadmin is responsible for ensuring the directory + exists with appropriate ownership and permissions. + ''; + }; + + user = mkOption { + type = types.str; + default = "galene"; + description = "User account under which galene runs."; + }; + + group = mkOption { + type = types.str; + default = "galene"; + description = "Group under which galene runs."; + }; + + insecure = mkOption { + type = types.bool; + default = false; + description = '' + Whether Galene should listen in http or in https. If left as the default + value (false), Galene needs to be fed a private key and a certificate. + ''; + }; + + certFile = mkOption { + type = types.nullOr types.str; + default = null; + example = "/path/to/your/cert.pem"; + description = '' + Path to the server's certificate. The file is copied at runtime to + Galene's data directory where it needs to reside. + ''; + }; + + keyFile = mkOption { + type = types.nullOr types.str; + default = null; + example = "/path/to/your/key.pem"; + description = '' + Path to the server's private key. The file is copied at runtime to + Galene's data directory where it needs to reside. + ''; + }; + + httpAddress = mkOption { + type = types.str; + default = ""; + description = "HTTP listen address for galene."; + }; + + httpPort = mkOption { + type = types.port; + default = 8443; + description = "HTTP listen port."; + }; + + staticDir = mkOption { + type = types.str; + default = "${cfg.package.static}/static"; + example = "/var/lib/galene/static"; + description = "Web server directory."; + }; + + recordingsDir = mkOption { + type = types.str; + default = defaultrecordingsDir; + example = "/var/lib/galene/recordings"; + description = "Recordings directory."; + }; + + dataDir = mkOption { + type = types.str; + default = defaultdataDir; + example = "/var/lib/galene/data"; + description = "Data directory."; + }; + + groupsDir = mkOption { + type = types.str; + default = defaultgroupsDir; + example = "/var/lib/galene/groups"; + description = "Web server directory."; + }; + + package = mkOption { + default = pkgs.galene; + defaultText = "pkgs.galene"; + type = types.package; + description = '' + Package for running Galene. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.insecure || (cfg.certFile != null && cfg.keyFile != null); + message = '' + Galene needs both certFile and keyFile defined for encryption, or + the insecure flag. + ''; + } + ]; + + systemd.services.galene = { + description = "galene"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.certFile} ${cfg.dataDir}/cert.pem + install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.keyFile} ${cfg.dataDir}/key.pem + ''; + + serviceConfig = mkMerge [ + { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.stateDir; + ExecStart = ''${cfg.package}/bin/galene \ + ${optionalString (cfg.insecure) "-insecure"} \ + -data ${cfg.dataDir} \ + -groups ${cfg.groupsDir} \ + -recordings ${cfg.recordingsDir} \ + -static ${cfg.staticDir}''; + Restart = "always"; + # Upstream Requirements + LimitNOFILE = 65536; + StateDirectory = [ ] ++ + optional (cfg.stateDir == defaultstateDir) "galene" ++ + optional (cfg.dataDir == defaultdataDir) "galene/data" ++ + optional (cfg.groupsDir == defaultgroupsDir) "galene/groups" ++ + optional (cfg.recordingsDir == defaultrecordingsDir) "galene/recordings"; + } + ]; + }; + + users.users = mkIf (cfg.user == "galene") + { + galene = { + description = "galene Service"; + group = cfg.group; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "galene") { + galene = { }; + }; + }; + meta.maintainers = with lib.maintainers; [ rgrunbla ]; +} diff --git a/pkgs/applications/backup/deja-dup/default.nix b/pkgs/applications/backup/deja-dup/default.nix index b9533973ad53a..4ab491cb9a9d4 100644 --- a/pkgs/applications/backup/deja-dup/default.nix +++ b/pkgs/applications/backup/deja-dup/default.nix @@ -17,7 +17,6 @@ , libgpgerror , json-glib , duplicity -, dconf }: stdenv.mkDerivation rec { @@ -57,7 +56,6 @@ stdenv.mkDerivation rec { libhandy_0 libgpgerror json-glib - dconf ]; mesonFlags = [ diff --git a/pkgs/applications/misc/masterpdfeditor/default.nix b/pkgs/applications/misc/masterpdfeditor/default.nix index a743a9fbc27d5..2fd217e3cd6a5 100644 --- a/pkgs/applications/misc/masterpdfeditor/default.nix +++ b/pkgs/applications/misc/masterpdfeditor/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "masterpdfeditor"; - version = "5.6.09"; + version = "5.7.20"; src = fetchurl { - url = "https://code-industry.net/public/master-pdf-editor-${version}-qt5.amd64.tar.gz"; - sha256 = "0v9j6fwr0xl03kr77vf4wdb06zlplmn4mr3jyzxhvs8a77scmfzb"; + url = "https://code-industry.net/public/master-pdf-editor-${version}-qt5.x86_64.tar.gz"; + sha256 = "0lyfss0r0dc6skhdlkslcdagdp9k1mi0w8n5pbrskwcd09c9mxym"; }; nativeBuildInputs = [ autoPatchelfHook wrapQtAppsHook ]; diff --git a/pkgs/applications/networking/cluster/fluxcd/default.nix b/pkgs/applications/networking/cluster/fluxcd/default.nix index f9dd63c1d811d..ec69b349076ec 100644 --- a/pkgs/applications/networking/cluster/fluxcd/default.nix +++ b/pkgs/applications/networking/cluster/fluxcd/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "fluxcd"; - version = "0.7.5"; + version = "0.7.6"; src = fetchFromGitHub { owner = "fluxcd"; repo = "flux2"; rev = "v${version}"; - sha256 = "1drbfjigrabiqy9mlgbipm8x3mf2hvz7gwgndqky3f3y3h5whvbd"; + sha256 = "1bngsm2z02w9chbd65dvd1k21y16rapx6i84ac2icmc9wwpsfnls"; }; - vendorSha256 = "144dkynr4wkykdbh39q8m2nhkxfq15h0vj7ga58lli8gxrs5mwln"; + vendorSha256 = "0pl1llj4bfxxxp49v3190vpvplv0wbw5ahj6l2045pic5yyxwrma"; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/applications/networking/cluster/terragrunt/default.nix b/pkgs/applications/networking/cluster/terragrunt/default.nix index 822f33c6c7202..95772e997e50b 100644 --- a/pkgs/applications/networking/cluster/terragrunt/default.nix +++ b/pkgs/applications/networking/cluster/terragrunt/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "terragrunt"; - version = "0.27.4"; + version = "0.28.1"; src = fetchFromGitHub { owner = "gruntwork-io"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ReLPQIxuSTzMOZAYArN1dj6T/aojusKdKZ0YytmF1uc="; + sha256 = "sha256-uY0J/w7uIVMd+0N0IeWKWWzQENI6oaLCD4+YUz9BOVA="; }; - vendorSha256 = "sha256-UX0HXD4o0QVRffDuH8N+1FeJNyHHnb+A9Kw7aAM5j/w="; + vendorSha256 = "sha256-lRJerUYafpkXAGf8MEM8SeG3aB86mlMo7iLpeHFAnd4="; doCheck = false; diff --git a/pkgs/desktops/cinnamon/default.nix b/pkgs/desktops/cinnamon/default.nix index 68ccd76211d25..2a52b83f04657 100644 --- a/pkgs/desktops/cinnamon/default.nix +++ b/pkgs/desktops/cinnamon/default.nix @@ -31,4 +31,5 @@ lib.makeScope pkgs.newScope (self: with self; { muffin = callPackage ./muffin { }; xapps = callPackage ./xapps { }; warpinator = callPackage ./warpinator { }; + xviewer = callPackage ./xviewer { }; }) diff --git a/pkgs/desktops/cinnamon/xviewer/default.nix b/pkgs/desktops/cinnamon/xviewer/default.nix new file mode 100644 index 0000000000000..53e88ddb947d1 --- /dev/null +++ b/pkgs/desktops/cinnamon/xviewer/default.nix @@ -0,0 +1,70 @@ +{ stdenv +, lib +, fetchFromGitHub +, autoreconfHook +, cinnamon-desktop +, file +, gdk-pixbuf +, glib +, gobject-introspection +, gtk-doc +, gtk3 +, intltool +, itstool +, lcms2 +, libexif +, libjpeg +, libpeas +, libtool +, libxml2 +, pkg-config +, shared-mime-info +, wrapGAppsHook +, xapps +, yelp-tools }: + +stdenv.mkDerivation rec { + pname = "xviewer"; + version = "2.8.3"; + + src = fetchFromGitHub { + owner = "linuxmint"; + repo = pname; + rev = version; + sha256 = "0h3qgqaiz5swy09fr6z3ag2952hgzsk5d2fpwmwb78yjrzrhnzpy"; + }; + + nativeBuildInputs = [ + wrapGAppsHook + autoreconfHook + cinnamon-desktop + gdk-pixbuf + gobject-introspection + gtk-doc + intltool + itstool + libtool + pkg-config + yelp-tools + ]; + + buildInputs = [ + glib + gtk3 + libexif + libjpeg + libpeas + libxml2 + shared-mime-info + xapps + lcms2 + ]; + + meta = with lib; { + description = "A generic image viewer from Linux Mint"; + homepage = "https://github.com/linuxmint/xviewer"; + license = licenses.gpl2Only; + platforms = platforms.linux; + maintainers = with maintainers; [ tu-maurice ]; + }; +} diff --git a/pkgs/desktops/gnome-3/core/gnome-software/default.nix b/pkgs/desktops/gnome-3/core/gnome-software/default.nix index 215e95d9ad2d1..ff80efaa4de4d 100644 --- a/pkgs/desktops/gnome-3/core/gnome-software/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-software/default.nix @@ -1,13 +1,43 @@ -{ lib, stdenv, fetchurl, substituteAll, pkg-config, meson, ninja, gettext, gnome3, wrapGAppsHook, packagekit, ostree -, glib, appstream-glib, libsoup, polkit, isocodes, gspell, libxslt, gobject-introspection, flatpak, fwupd -, gtk3, gsettings-desktop-schemas, gnome-desktop, libxmlb, gnome-online-accounts -, json-glib, libsecret, valgrind-light, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_43, gtk-doc, desktop-file-utils -, libsysprof-capture }: +{ lib +, stdenv +, fetchurl +, substituteAll +, pkg-config +, meson +, ninja +, gettext +, gnome3 +, wrapGAppsHook +, packagekit +, ostree +, glib +, appstream-glib +, libsoup +, polkit +, isocodes +, gspell +, libxslt +, gobject-introspection +, flatpak +, fwupd +, gtk3 +, gsettings-desktop-schemas +, gnome-desktop +, libxmlb +, gnome-online-accounts +, json-glib +, libsecret +, valgrind-light +, docbook-xsl-nons +, docbook_xml_dtd_42 +, docbook_xml_dtd_43 +, gtk-doc +, desktop-file-utils +, libsysprof-capture +}: let - withFwupd = stdenv.isx86_64 || stdenv.isi686; - in stdenv.mkDerivation rec { @@ -27,15 +57,38 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ - meson ninja pkg-config gettext wrapGAppsHook libxslt docbook_xml_dtd_42 docbook_xml_dtd_43 - valgrind-light docbook_xsl gtk-doc desktop-file-utils gobject-introspection + meson + ninja + pkg-config + gettext + wrapGAppsHook + libxslt + docbook_xml_dtd_42 + docbook_xml_dtd_43 + valgrind-light + docbook-xsl-nons + gtk-doc + desktop-file-utils + gobject-introspection ]; buildInputs = [ - gtk3 glib packagekit appstream-glib libsoup - gsettings-desktop-schemas gnome-desktop - gspell json-glib libsecret ostree - polkit flatpak libxmlb gnome-online-accounts libsysprof-capture + gtk3 + glib + packagekit + appstream-glib + libsoup + gsettings-desktop-schemas + gnome-desktop + gspell + json-glib + libsecret + ostree + polkit + flatpak + libxmlb + gnome-online-accounts + libsysprof-capture ] ++ lib.optionals withFwupd [ fwupd ]; @@ -51,7 +104,7 @@ stdenv.mkDerivation rec { passthru = { updateScript = gnome3.updateScript { - packageName = "gnome-software"; + packageName = pname; attrPath = "gnome3.gnome-software"; }; }; @@ -59,7 +112,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Software store that lets you install and update applications and system extensions"; homepage = "https://wiki.gnome.org/Apps/Software"; - license = licenses.gpl2; + license = licenses.gpl2Plus; maintainers = teams.gnome.members; platforms = platforms.linux; }; diff --git a/pkgs/development/compilers/graalvm/community-edition.nix b/pkgs/development/compilers/graalvm/community-edition.nix index 76245a4408170..f3a03b3647435 100644 --- a/pkgs/development/compilers/graalvm/community-edition.nix +++ b/pkgs/development/compilers/graalvm/community-edition.nix @@ -1,48 +1,60 @@ -{ lib, stdenv, fetchurl, perl, unzip, glibc, zlib, setJavaClassPath }: +{ lib, stdenv, fetchurl, perl, unzip, glibc, zlib, setJavaClassPath, Foundation, openssl }: let + platform = if stdenv.isDarwin then "darwin-amd64" else "linux-amd64"; common = javaVersion: let + javaVersionPlatform = "${javaVersion}-${platform}"; graalvmXXX-ce = stdenv.mkDerivation rec { pname = "graalvm${javaVersion}-ce"; - version = "20.2.0"; + version = "20.3.0"; srcs = [ (fetchurl { - sha256 = { "8" = "1s64zkkrns1ykh6dwpjrqy0hs9m1bb08cf7ss7msx33h9ivir5b0"; - "11" = "0aaf0sjsnlckhgsh3j4lph0shahw6slf4yndqcm2swc8i1dlpdsx"; - }.${javaVersion}; - url = "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${version}/graalvm-ce-java${javaVersion}-linux-amd64-${version}.tar.gz"; + sha256 = { "8-linux-amd64" = "195b20ivvv8ipjn3qq2313j8qf96ji93pqm99nvn20bq23wasp25"; + "11-linux-amd64" = "1mdk1zhazvvh1fa01bzi5v5fxhvx592xmbakx0y1137vykbayyjm"; + "8-darwin-amd64" = "1rrs471204p71knyxpjxymdi8ws98ph2kf5j0knk529g0d24rs01"; + "11-darwin-amd64" = "008dl8dbf37mv4wahb9hbd6jp8svvmpy1rgsiqkn3i4hypxnkf12"; + }.${javaVersionPlatform}; + url = "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${version}/graalvm-ce-java${javaVersionPlatform}-${version}.tar.gz"; }) (fetchurl { - sha256 = { "8" = "1cisyyzab4pdvzavnivhy9w6dwn36ybaxw40w767m142fbi06m3b"; - "11" = "0p4j6mxajmb0xl41c79154pk4vb8bffgg1nmwislahqjky9jkd4j"; - }.${javaVersion}; - url = "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${version}/native-image-installable-svm-java${javaVersion}-linux-amd64-${version}.jar"; + sha256 = { "8-linux-amd64" = "1rzbhllz28x5ps8n304v998hykr4m8z1gfg53ybi6laxhkbx3i13"; + "11-linux-amd64" = "09ipdl1489xnbckwl6sl9y7zy7kp5qf5fgf3kgz5d69jrk2z6rvf"; + "8-darwin-amd64" = "1iy2943jbrarh8bm9wy15xk7prnskqwik2ham07a6ybp4j4b81xi"; + "11-darwin-amd64" = "0vk2grlirghzc78kvwg66w0xriy5p8qkcp7qx83i62d7sj0kvwnf"; + }.${javaVersionPlatform}; + url = "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${version}/native-image-installable-svm-java${javaVersionPlatform}-${version}.jar"; }) (fetchurl { - sha256 = { "8" = "0rwwvk1mkfnl0b50xg7kh6015kjmsw2ra0ckrzmabl88z4bnzh2y"; - "11" = "0lc9as2a00j74lp7jby4p10vn5bbkiydzvzk28zfcbsp28p4wvwn"; - }.${javaVersion}; - url = "https://github.com/oracle/truffleruby/releases/download/vm-${version}/ruby-installable-svm-java${javaVersion}-linux-amd64-${version}.jar"; + sha256 = { "8-linux-amd64" = "0v98v44vblhyi3jhrngmvrkb3a6d607x4fpmrb4mrrsg75vbvc6d"; + "11-linux-amd64" = "0kb9472ilwqg40gyw1c4lmzkd9s763raw560sw80ljm3p75k4sc7"; + "8-darwin-amd64" = "192n9ckr4p8qirpxr67ji3wzxpng33yfr7kxynlrcp7b3ghfic6p"; + "11-darwin-amd64" = "1wqdk8wphywa00kl3xikiskclb84rx3nw5a4vi5y2n060kclcp22"; + }.${javaVersionPlatform}; + url = "https://github.com/oracle/truffleruby/releases/download/vm-${version}/ruby-installable-svm-java${javaVersionPlatform}-${version}.jar"; }) (fetchurl { - sha256 = { "8" = "0mj8p72qgvvrwpsbk0bsqldynlz1wq07icf951wq5xdbr0whj1gz"; - "11" = "1lkszqn4islsza011iabayv6riym0dwnkv83pkmk06b230qjfhzb"; - }.${javaVersion}; - url = "https://github.com/graalvm/graalpython/releases/download/vm-${version}/python-installable-svm-java${javaVersion}-linux-amd64-${version}.jar"; + sha256 = { "8-linux-amd64" = "1iskmkhrrwlhcq92g1ljvsfi9q403xxkwgzn9m282z5llh2fxv74"; + "11-linux-amd64" = "13bg2gs22rzbngnbw8j68jqgcknbiw30kpxac5jjcn55rf2ymvkz"; + "8-darwin-amd64" = "08pib13q7s5wymnbykkyif66ll146vznxw4yz12qwhb419882jc7"; + "11-darwin-amd64" = "0cb9lhc21yr2dnrm4kwa68laaczvsdnzpcbl2qix50d0v84xl602"; + }.${javaVersionPlatform}; + url = "https://github.com/graalvm/graalpython/releases/download/vm-${version}/python-installable-svm-java${javaVersionPlatform}-${version}.jar"; }) (fetchurl { - sha256 = { "8" = "1br7camk7y8ych43ws57096100f9kzjvqznh2flmws78ipcrrb66"; - "11" = "10swxspjvzh0j82lbpy38dckk69lw1pawqkhnj1hxd05ls36fwq5"; - }.${javaVersion}; - url = "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${version}/wasm-installable-svm-java${javaVersion}-linux-amd64-${version}.jar"; + sha256 = { "8-linux-amd64" = "12lvcl1vmc35wh3xw5dqca7yiijsd432x4lim3knzppipy7fmflq"; + "11-linux-amd64" = "1s8zfgjyyw6w53974h9a2ig8a1bvc97aplyrdziywfrijgp6zkqk"; + "8-darwin-amd64" = "06i1n42hkhcf1pfb2bly22ws4a09xgydsgh8b0kvjmb1fapd4paq"; + "11-darwin-amd64" = "1r2bqhfxnw09izxlsc562znlp3m9c1isqzhlki083h3vp548vv9s"; + }.${javaVersionPlatform}; + url = "https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${version}/wasm-installable-svm-java${javaVersionPlatform}-${version}.jar"; }) ]; nativeBuildInputs = [ unzip perl ]; unpackPhase = '' unpack_jar() { jar=$1 - unzip -o $jar -d $out + unzip -q -o $jar -d $out perl -ne 'use File::Path qw(make_path); use File::Basename qw(dirname); if (/^(.+) = (.+)$/) { @@ -60,7 +72,27 @@ let mkdir -p $out arr=($srcs) - tar xf ''${arr[0]} -C $out --strip-components=1 + + # The tarball on Linux has the following directory structure: + # + # graalvm-ce-java11-20.3.0/* + # + # while on Darwin it looks like this: + # + # graalvm-ce-java11-20.3.0/Contents/Home/* + # + # We therefor use --strip-components=1 vs 3 depending on the platform. + tar xf ''${arr[0]} -C $out --strip-components=${if stdenv.isLinux then "1" else "3"} + + # Sanity check + if [ ! -d $out/bin ]; then + echo "The `bin` is directory missing after extracting the graalvm" + echo "tarball, please compare the directory structure of the" + echo "tarball with what happens in the unpackPhase (in particular" + echo "with regards to the `--strip-components` flag)." + exit 1 + fi + unpack_jar ''${arr[1]} unpack_jar ''${arr[2]} unpack_jar ''${arr[3]} @@ -68,7 +100,7 @@ let ''; installPhase = { - "8" = '' + "8-linux-amd64" = '' # BUG workaround http://mail.openjdk.java.net/pipermail/graal-dev/2017-December/005141.html substituteInPlace $out/jre/lib/security/java.security \ --replace file:/dev/random file:/dev/./urandom \ @@ -76,13 +108,13 @@ let # provide libraries needed for static compilation for f in ${glibc}/lib/* ${glibc.static}/lib/* ${zlib.static}/lib/*; do - ln -s $f $out/jre/lib/svm/clibraries/linux-amd64/$(basename $f) + ln -s $f $out/jre/lib/svm/clibraries/${platform}/$(basename $f) done # allow using external truffle-api.jar and languages not included in the distrubution rm $out/jre/lib/jvmci/parentClassLoader.classpath ''; - "11" = '' + "11-linux-amd64" = '' # BUG workaround http://mail.openjdk.java.net/pipermail/graal-dev/2017-December/005141.html substituteInPlace $out/conf/security/java.security \ --replace file:/dev/random file:/dev/./urandom \ @@ -90,10 +122,17 @@ let # provide libraries needed for static compilation for f in ${glibc}/lib/* ${glibc.static}/lib/* ${zlib.static}/lib/*; do - ln -s $f $out/lib/svm/clibraries/linux-amd64/$(basename $f) + ln -s $f $out/lib/svm/clibraries/${platform}/$(basename $f) done - ''; - }.${javaVersion}; + ''; + "8-darwin-amd64" = '' + # allow using external truffle-api.jar and languages not included in the distrubution + rm $out/jre/lib/jvmci/parentClassLoader.classpath + ''; + "11-darwin-amd64" = '' + echo "" + ''; + }.${javaVersionPlatform}; dontStrip = true; @@ -116,15 +155,22 @@ let zlib # libz.so.1 ]}" + ${lib.optionalString stdenv.isLinux '' for f in $(find $out -type f -perm -0100); do patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$f" || true patchelf --set-rpath "$rpath" "$f" || true - if ldd "$f" | fgrep 'not found'; then echo "in file $f"; fi done + ''} ''; - propagatedBuildInputs = [ setJavaClassPath zlib ]; # $out/bin/native-image needs zlib to build native executables + # $out/bin/native-image needs zlib to build native executables. + propagatedBuildInputs = [ setJavaClassPath zlib ] ++ + # On Darwin native-image calls clang and it + # tries to include <Foundation/Foundation.h>, + # and Interactive Ruby (irb) requires OpenSSL + # headers. + lib.optionals stdenv.hostPlatform.isDarwin [ Foundation openssl ]; doInstallCheck = true; installCheckPhase = '' @@ -141,13 +187,33 @@ let $out/bin/java -XX:+UnlockExperimentalVMOptions -XX:+EnableJVMCI -XX:+UseJVMCICompiler HelloWorld | fgrep 'Hello World' # Ahead-Of-Time compilation - $out/bin/native-image --no-server HelloWorld + $out/bin/native-image -H:-CheckToolchain -H:+ReportExceptionStackTraces --no-server HelloWorld ./helloworld | fgrep 'Hello World' - # Ahead-Of-Time compilation with --static - $out/bin/native-image --no-server --static HelloWorld - ./helloworld | fgrep 'Hello World' - ''; + ${lib.optionalString stdenv.isLinux '' + # Ahead-Of-Time compilation with --static + # --static flag doesn't work for darwin + $out/bin/native-image --no-server --static HelloWorld + ./helloworld | fgrep 'Hello World' + ''} + + echo "Testing interpreted languages" + $out/bin/graalpython -c 'print(1 + 1)' + $out/bin/ruby -e 'puts(1 + 1)' + $out/bin/node -e 'console.log(1 + 1)' + + echo '1 + 1' | $out/bin/graalpython + + # TODO: `irb` on MacOS gives an error saying "Could not find OpenSSL + # headers, install via Homebrew or MacPorts or set OPENSSL_PREFIX", even + # though `openssl` is in `propagatedBuildInputs`. For more details see: + # https://github.com/NixOS/nixpkgs/pull/105815 + # echo '1 + 1' | $out/bin/irb + + echo '1 + 1' | $out/bin/node -i + ${lib.optionalString (javaVersion == "11") '' + echo '1 + 1' | $out/bin/jshell + ''}''; passthru.home = graalvmXXX-ce; @@ -156,7 +222,7 @@ let description = "High-Performance Polyglot VM"; license = with licenses; [ upl gpl2Classpath bsd3 ]; maintainers = with maintainers; [ bandresen volth hlolli glittershark ]; - platforms = [ "x86_64-linux" ]; + platforms = [ "x86_64-linux" "x86_64-darwin" ]; }; }; in diff --git a/pkgs/development/interpreters/clojure/babashka.nix b/pkgs/development/interpreters/clojure/babashka.nix index e10236fe1eeea..790f8d1ef81b6 100644 --- a/pkgs/development/interpreters/clojure/babashka.nix +++ b/pkgs/development/interpreters/clojure/babashka.nix @@ -25,13 +25,13 @@ stdenv.mkDerivation rec { native-image \ -jar ${src} \ -H:Name=bb \ + ${optionalString stdenv.isDarwin ''-H:-CheckToolchain''} \ -H:+ReportExceptionStackTraces \ -J-Dclojure.spec.skip-macros=true \ -J-Dclojure.compiler.direct-linking=true \ "-H:IncludeResources=BABASHKA_VERSION" \ "-H:IncludeResources=SCI_VERSION" \ -H:ReflectionConfigurationFiles=${reflectionJson} \ - --initialize-at-run-time=java.lang.Math\$RandomNumberGeneratorHolder \ --initialize-at-build-time \ -H:Log=registerResource: \ -H:EnableURLProtocols=http,https \ diff --git a/pkgs/development/libraries/openslp/CVE-2019-5544.patch b/pkgs/development/libraries/openslp/CVE-2019-5544.patch new file mode 100644 index 0000000000000..2afc0aed33026 --- /dev/null +++ b/pkgs/development/libraries/openslp/CVE-2019-5544.patch @@ -0,0 +1,165 @@ +diff -ur openslp-2.0.0.orig/common/slp_buffer.c openslp-2.0.0/common/slp_buffer.c +--- openslp-2.0.0.orig/common/slp_buffer.c 2012-12-10 15:31:53.000000000 -0800 ++++ openslp-2.0.0/common/slp_buffer.c 2019-11-26 21:54:20.000000000 -0800 +@@ -30,6 +30,13 @@ + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + *-------------------------------------------------------------------------*/ + ++/* Copyright (c) 2019 VMware, Inc. ++ * SPDX-License-Identifier: BSD-3-Clause ++ * This file is provided under the BSD-3-Clause license. ++ * See COPYING file for more details and other copyrights ++ * that may apply. ++ */ ++ + /** Functions for managing SLP message buffers. + * + * This file provides a higher level abstraction over malloc and free that +@@ -153,4 +160,20 @@ + xfree(buf); + } + ++/** Report remaining free buffer size in bytes. ++ * ++ * Check if buffer is allocated and if so return bytes left in a ++ * @c SLPBuffer object. ++ * ++ * @param[in] buf The SLPBuffer to be freed. ++ */ ++size_t ++RemainingBufferSpace(SLPBuffer buf) ++{ ++ if (buf->allocated == 0) { ++ return 0; ++ } ++ return buf->end - buf->curpos; ++} ++ + /*=========================================================================*/ +diff -ur openslp-2.0.0.orig/common/slp_buffer.h openslp-2.0.0/common/slp_buffer.h +--- openslp-2.0.0.orig/common/slp_buffer.h 2012-11-28 09:07:04.000000000 -0800 ++++ openslp-2.0.0/common/slp_buffer.h 2019-11-26 21:54:32.000000000 -0800 +@@ -30,6 +30,13 @@ + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + *-------------------------------------------------------------------------*/ + ++/* Copyright (c) 2019 VMware, Inc. ++ * SPDX-License-Identifier: BSD-3-Clause ++ * This file is provided under the BSD-3-Clause license. ++ * See COPYING file for more details and other copyrights ++ * that may apply. ++ */ ++ + /** Header file that defines SLP message buffer management routines. + * + * Includes structures, constants and functions that used to handle memory +@@ -78,6 +85,8 @@ + + SLPBuffer SLPBufferListAdd(SLPBuffer * list, SLPBuffer buf); + ++size_t RemainingBufferSpace(SLPBuffer buf); ++ + /*! @} */ + + #endif /* SLP_BUFFER_H_INCLUDED */ +diff -ur openslp-2.0.0.orig/slpd/slpd_process.c openslp-2.0.0/slpd/slpd_process.c +--- openslp-2.0.0.orig/slpd/slpd_process.c 2012-12-12 09:38:54.000000000 -0800 ++++ openslp-2.0.0/slpd/slpd_process.c 2019-11-26 21:55:10.000000000 -0800 +@@ -30,6 +30,13 @@ + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + *-------------------------------------------------------------------------*/ + ++/* Copyright (c) 2019 VMware, Inc. ++ * SPDX-License-Identifier: BSD-3-Clause ++ * This file is provided under the BSD-3-Clause license. ++ * See COPYING file for more details and other copyrights ++ * that may apply. ++ */ ++ + /** Processes incoming SLP messages. + * + * @file slpd_process.c +@@ -514,13 +521,27 @@ + { + for (i = 0; i < db->urlcount; i++) + { +- /* urlentry is the url from the db result */ + urlentry = db->urlarray[i]; ++ if (urlentry->opaque != NULL) { ++ const int64_t newsize = size + urlentry->opaquelen; ++ if (urlentry->opaquelen <= 0 || newsize > INT_MAX) ++ { ++ SLPDLog("Invalid opaquelen %d or sizeo of opaque url is too big, size=%d\n", ++ urlentry->opaquelen, size); ++ errorcode = SLP_ERROR_PARSE_ERROR; ++ goto FINISHED; ++ } ++ size += urlentry->opaquelen; ++ } ++ else ++ { ++ /* urlentry is the url from the db result */ ++ size += urlentry->urllen + 6; /* 1 byte for reserved */ ++ /* 2 bytes for lifetime */ ++ /* 2 bytes for urllen */ ++ /* 1 byte for authcount */ ++ } + +- size += urlentry->urllen + 6; /* 1 byte for reserved */ +- /* 2 bytes for lifetime */ +- /* 2 bytes for urllen */ +- /* 1 byte for authcount */ + #ifdef ENABLE_SLPv2_SECURITY + /* make room to include the authblock that was asked for */ + if (G_SlpdProperty.securityEnabled +@@ -594,7 +615,7 @@ + urlentry = db->urlarray[i]; + + #ifdef ENABLE_SLPv1 +- if (urlentry->opaque == 0) ++ if (urlentry->opaque == NULL) + { + /* url-entry reserved */ + *result->curpos++ = 0; +@@ -606,8 +627,18 @@ + PutUINT16(&result->curpos, urlentry->urllen); + + /* url-entry url */ +- memcpy(result->curpos, urlentry->url, urlentry->urllen); +- result->curpos += urlentry->urllen; ++ if (RemainingBufferSpace(result) >= urlentry->urllen) ++ { ++ memcpy(result->curpos, urlentry->url, urlentry->urllen); ++ result->curpos = result->curpos + urlentry->urllen; ++ } ++ else ++ { ++ SLPDLog("Url too big (ask: %d have %" PRId64 "), failing request\n", ++ urlentry->opaquelen, (int64_t) RemainingBufferSpace(result)); ++ errorcode = SLP_ERROR_PARSE_ERROR; ++ goto FINISHED; ++ } + + /* url-entry auths */ + *result->curpos++ = 0; +@@ -621,8 +652,18 @@ + + /* TRICKY: Fix up the lifetime. */ + TO_UINT16(urlentry->opaque + 1, urlentry->lifetime); +- memcpy(result->curpos, urlentry->opaque, urlentry->opaquelen); +- result->curpos += urlentry->opaquelen; ++ if (RemainingBufferSpace(result) >= urlentry->opaquelen) ++ { ++ memcpy(result->curpos, urlentry->opaque, urlentry->opaquelen); ++ result->curpos = result->curpos + urlentry->opaquelen; ++ } ++ else ++ { ++ SLPDLog("Opaque Url too big (ask: %d have %" PRId64 "), failing request\n", ++ urlentry->opaquelen, (int64_t) RemainingBufferSpace(result)); ++ errorcode = SLP_ERROR_PARSE_ERROR; ++ goto FINISHED; ++ } + } + } + } diff --git a/pkgs/development/libraries/openslp/default.nix b/pkgs/development/libraries/openslp/default.nix index ddc0e893596fd..4fa03c5e7c1ba 100644 --- a/pkgs/development/libraries/openslp/default.nix +++ b/pkgs/development/libraries/openslp/default.nix @@ -20,6 +20,7 @@ stdenv.mkDerivation { sha256 = "0zp61axx93b7nrbsyhn2x4dnw7n9y6g4rys21hyqxk4khrnc2yr9"; }) ./CVE-2016-4912.patch + ./CVE-2019-5544.patch ]; meta = with lib; { diff --git a/pkgs/development/libraries/qt-5/5.15/default.nix b/pkgs/development/libraries/qt-5/5.15/default.nix index eacf43c50ec35..e72335f1d2418 100644 --- a/pkgs/development/libraries/qt-5/5.15/default.nix +++ b/pkgs/development/libraries/qt-5/5.15/default.nix @@ -84,7 +84,10 @@ let qtscript = [ ./qtscript.patch ]; qtserialport = [ ./qtserialport.patch ]; qtwebengine = [ ] - ++ optional stdenv.isDarwin ./qtwebengine-darwin-no-platform-check.patch; + ++ optionals stdenv.isDarwin [ + ./qtwebengine-darwin-no-platform-check.patch + ./qtwebengine-mac-dont-set-dsymutil-path.patch + ]; qtwebkit = [ (fetchpatch { name = "qtwebkit-bison-3.7-build.patch"; diff --git a/pkgs/development/libraries/qt-5/5.15/qtwebengine-darwin-no-platform-check.patch b/pkgs/development/libraries/qt-5/5.15/qtwebengine-darwin-no-platform-check.patch index 546e753144d06..44df092992514 100644 --- a/pkgs/development/libraries/qt-5/5.15/qtwebengine-darwin-no-platform-check.patch +++ b/pkgs/development/libraries/qt-5/5.15/qtwebengine-darwin-no-platform-check.patch @@ -1,27 +1,31 @@ -diff --git a/mkspecs/features/platform.prf b/mkspecs/features/platform.prf ---- a/mkspecs/features/platform.prf -+++ b/mkspecs/features/platform.prf -@@ -40,8 +40,6 @@ defineTest(isPlatformSupported) { - } else:osx { - # FIXME: Try to get it back down to 8.2 for building on OS X 10.11 - !isMinXcodeVersion(8, 3, 3) { -- skipBuild("Using Xcode version $$QMAKE_XCODE_VERSION, but at least version 8.3.3 is required to build Qt WebEngine.") -- return(false) +diff a/configure.pri b/configure.pri +--- a/configure.pri ++++ b/configure.pri +@@ -439,8 +439,6 @@ defineTest(qtwebengine_isWindowsPlatformSupported) { + + defineTest(qtwebengine_isMacOsPlatformSupported) { + !qtwebengine_isMinXcodeVersion(10, 0, 0) { +- qtwebengine_platformError("requires at least version 10.0.0, but using Xcode version $${QMAKE_XCODE_VERSION}.") +- return(false) } !clang|intel_icc { - skipBuild("Qt WebEngine on macOS requires Clang.") -@@ -54,8 +52,6 @@ defineTest(isPlatformSupported) { - return(false) + qtwebengine_platformError("requires Clang.") +@@ -449,12 +447,6 @@ defineTest(qtwebengine_isMacOsPlatformSupported) { + # We require macOS 10.13 (darwin version 17.0.0) or newer. + darwin_major_version = $$section(QMAKE_HOST.version, ., 0, 0) + lessThan(darwin_major_version, 17) { +- qtwebengine_platformError("requires macOS version 10.13 or newer.") +- return(false) +- } +- !qtwebengine_isMinOSXSDKVersion(10, 13): { +- qtwebengine_platformError("requires a macOS SDK version of 10.13 or newer. Current version is $${WEBENGINE_OSX_SDK_PRODUCT_VERSION}.") +- return(false) } - !isMinOSXSDKVersion(10, 12): { -- skipBuild("Building Qt WebEngine requires a macOS SDK version of 10.12 or newer. Current version is $${WEBENGINE_OSX_SDK_PRODUCT_VERSION}.") -- return(false) - } - } else { - skipBuild("Unknown platform. Qt WebEngine only supports Linux, Windows, and macOS.") -diff --git a/src/core/config/mac_osx.pri b/src/core/config/mac_osx.pri ---- a/src/core/config/mac_osx.pri -+++ b/src/core/config/mac_osx.pri + return(true) + } +diff a/src/buildtools/config/mac_osx.pri b/src/buildtools/config/mac_osx.pri +--- a/src/buildtools/config/mac_osx.pri ++++ b/src/buildtools/config/mac_osx.pri @@ -5,8 +5,6 @@ load(functions) # otherwise query for it. QMAKE_MAC_SDK_VERSION = $$eval(QMAKE_MAC_SDK.$${QMAKE_MAC_SDK}.SDKVersion) @@ -29,5 +33,5 @@ diff --git a/src/core/config/mac_osx.pri b/src/core/config/mac_osx.pri - QMAKE_MAC_SDK_VERSION = $$system("/usr/bin/xcodebuild -sdk $${QMAKE_MAC_SDK} -version SDKVersion 2>/dev/null") - isEmpty(QMAKE_MAC_SDK_VERSION): error("Could not resolve SDK version for \'$${QMAKE_MAC_SDK}\'") } - - QMAKE_CLANG_DIR = "/usr" + + # chromium/build/mac/find_sdk.py expects the SDK version (mac_sdk_min) in Major.Minor format. diff --git a/pkgs/development/libraries/qt-5/5.15/qtwebengine-mac-dont-set-dsymutil-path.patch b/pkgs/development/libraries/qt-5/5.15/qtwebengine-mac-dont-set-dsymutil-path.patch new file mode 100644 index 0000000000000..dcdf5f57ffdc4 --- /dev/null +++ b/pkgs/development/libraries/qt-5/5.15/qtwebengine-mac-dont-set-dsymutil-path.patch @@ -0,0 +1,12 @@ +diff a/src/3rdparty/chromium/build/toolchain/mac/BUILD.gn b/src/3rdparty/chromium/build/toolchain/mac/BUILD.gn +--- a/src/3rdparty/chromium/build/toolchain/mac/BUILD.gn ++++ b/src/3rdparty/chromium/build/toolchain/mac/BUILD.gn +@@ -184,8 +184,6 @@ template("mac_toolchain") { + # If dSYMs are enabled, this flag will be added to the link tools. + if (_enable_dsyms) { + dsym_switch = " -Wcrl,dsym,{{root_out_dir}} " +- dsym_switch += "-Wcrl,dsymutilpath," + +- "${prefix}dsymutil" + " " + + dsym_output_dir = + "{{root_out_dir}}/{{target_output_name}}{{output_extension}}.dSYM" diff --git a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix index b79479e5dbab3..7e5582cca4817 100644 --- a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix +++ b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix @@ -16,6 +16,7 @@ , cups, darwin, openbsm, runCommand, xcbuild, writeScriptBin , ffmpeg_3 ? null , lib, stdenv, fetchpatch +, qtCompatVersion }: with lib; @@ -66,21 +67,31 @@ qtModule { sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \ src/3rdparty/chromium/gpu/config/gpu_info_collector_linux.cc '' - + optionalString stdenv.isDarwin ('' + + optionalString stdenv.isDarwin ( + (if (lib.versionAtLeast qtCompatVersion "5.14") then '' + substituteInPlace src/buildtools/config/mac_osx.pri \ + --replace 'QMAKE_CLANG_DIR = "/usr"' 'QMAKE_CLANG_DIR = "${stdenv.cc}"' + '' else '' substituteInPlace src/core/config/mac_osx.pri \ --replace 'QMAKE_CLANG_DIR = "/usr"' 'QMAKE_CLANG_DIR = "${stdenv.cc}"' - '' + '') # Following is required to prevent a build error: # ninja: error: '/nix/store/z8z04p0ph48w22rqzx7ql67gy8cyvidi-SDKs/MacOSX10.12.sdk/usr/include/mach/exc.defs', needed by 'gen/third_party/crashpad/crashpad/util/mach/excUser.c', missing and no known rule to make it + '' substituteInPlace src/3rdparty/chromium/third_party/crashpad/crashpad/util/BUILD.gn \ --replace '$sysroot/usr' "${darwin.xnu}" '' - + '' # Apple has some secret stuff they don't share with OpenBSM + + (if (lib.versionAtLeast qtCompatVersion "5.14") then '' + substituteInPlace src/3rdparty/chromium/base/mac/mach_port_rendezvous.cc \ + --replace "audit_token_to_pid(request.trailer.msgh_audit)" "request.trailer.msgh_audit.val[5]" + substituteInPlace src/3rdparty/chromium/third_party/crashpad/crashpad/util/mach/mach_message.cc \ + --replace "audit_token_to_pid(audit_trailer->msgh_audit)" "audit_trailer->msgh_audit.val[5]" + '' else '' substituteInPlace src/3rdparty/chromium/base/mac/mach_port_broker.mm \ --replace "audit_token_to_pid(msg.trailer.msgh_audit)" "msg.trailer.msgh_audit.val[5]" - + '') + + '' substituteInPlace src/3rdparty/chromium/sandbox/mac/BUILD.gn \ --replace 'libs = [ "sandbox" ]' 'libs = [ "/usr/lib/libsandbox.1.dylib" ]' ''); diff --git a/pkgs/development/python-modules/cmsis-svd/default.nix b/pkgs/development/python-modules/cmsis-svd/default.nix new file mode 100644 index 0000000000000..cdfdd05e52170 --- /dev/null +++ b/pkgs/development/python-modules/cmsis-svd/default.nix @@ -0,0 +1,28 @@ +{ lib, buildPythonPackage, fetchFromGitHub, six }: + +buildPythonPackage rec { + pname = "cmsis-svd"; + version = "0.4"; + + src = fetchFromGitHub { + owner = "posborne"; + repo = pname; + rev = "python-${version}"; + sha256 = "01f2z01gqgx0risqnbrlaqj49fmly30zbwsf7rr465ggnl2c04r0"; + }; + + preConfigure = '' + cd python + ''; + + propagatedBuildInputs = [ six ]; + + pythonImportsCheck = [ "cmsis_svd" ]; + + meta = with lib; { + description = "CMSIS SVD parser"; + homepage = "https://github.com/posborne/cmsis-svd"; + maintainers = with maintainers; [ dump_stack ]; + license = licenses.asl20; + }; +} diff --git a/pkgs/development/tools/clj-kondo/default.nix b/pkgs/development/tools/clj-kondo/default.nix index 702e5935689de..0cc386b657c70 100644 --- a/pkgs/development/tools/clj-kondo/default.nix +++ b/pkgs/development/tools/clj-kondo/default.nix @@ -2,17 +2,17 @@ stdenv.mkDerivation rec { pname = "clj-kondo"; - version = "2020.11.07"; + version = "2020.12.12"; reflectionJson = fetchurl { name = "reflection.json"; url = "https://raw.githubusercontent.com/borkdude/${pname}/v${version}/reflection.json"; - sha256 = "0mwclqjh38alkddr5r7bfqn5lplx06h9gladi89kp06qdxc1hp7a"; + sha256 = "ea5c18586fd8803b138a4dd197a0019d5e5a2c76ebe4925b9b54a10125a68c57"; }; src = fetchurl { url = "https://github.com/borkdude/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar"; - sha256 = "1xqryfcn82bp8wasqnllfgvhl5w9zm63yw8c2kgxz18dayhq4i31"; + sha256 = "27b8a82fb613803ab9c712866b7cc89c40fcafc4ac3af178c11b4ed7549934dc"; }; dontUnpack = true; @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { native-image \ -jar ${src} \ -H:Name=clj-kondo \ + ${lib.optionalString stdenv.isDarwin ''-H:-CheckToolchain''} \ -H:+ReportExceptionStackTraces \ -J-Dclojure.spec.skip-macros=true \ -J-Dclojure.compiler.direct-linking=true \ diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index 6c0b5117e9d8d..979f55cc35166 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -1,25 +1,18 @@ -{lib, stdenv, fetchurl, fetchpatch, which, xdg-dbus-proxy, nixosTests}: -let - s = # Generated upstream information - rec { - baseName="firejail"; - version="0.9.64"; - name="${baseName}-${version}"; - url="mirror://sourceforge/firejail/firejail/firejail-${version}.tar.xz"; - sha256="1zgjwy2k57nx0r63fzr15gijah098ig0bll66jd615vc9q3snfz5"; - }; - buildInputs = [ - which - ]; -in -stdenv.mkDerivation { - inherit (s) name version; - inherit buildInputs; - src = fetchurl { - inherit (s) url sha256; - name = "${s.name}.tar.bz2"; +{ lib, stdenv, fetchFromGitHub, fetchpatch, which, xdg-dbus-proxy, nixosTests }: + +stdenv.mkDerivation rec { + pname = "firejail"; + version = "0.9.64.2"; + + src = fetchFromGitHub { + owner = "netblue30"; + repo = "firejail"; + rev = version; + sha256 = "1adizsb7pxr101bvvd359hxympnv36rnikp78npdr5dcvwddv3dv"; }; + buildInputs = [ which ]; + patches = [ # Adds the /nix directory when using an overlay. # Required to run any programs under this mode. @@ -79,12 +72,10 @@ stdenv.mkDerivation { passthru.tests = nixosTests.firejail; meta = { - inherit (s) version; description = "Namespace-based sandboxing tool for Linux"; - license = lib.licenses.gpl2Plus ; - maintainers = [lib.maintainers.raskin]; + license = lib.licenses.gpl2Plus; + maintainers = [ lib.maintainers.raskin ]; platforms = lib.platforms.linux; homepage = "https://firejail.wordpress.com/"; - downloadPage = "https://sourceforge.net/projects/firejail/files/firejail/"; }; } diff --git a/pkgs/os-specific/linux/firejail/default.upstream b/pkgs/os-specific/linux/firejail/default.upstream deleted file mode 100644 index 0e6576c44a809..0000000000000 --- a/pkgs/os-specific/linux/firejail/default.upstream +++ /dev/null @@ -1,3 +0,0 @@ -url https://sourceforge.net/projects/firejail/files/firejail/ -version_link '[-][0-9.]+[.]tar[.][a-z0-9]+/download$' -SF_redirect diff --git a/pkgs/os-specific/linux/open-isns/default.nix b/pkgs/os-specific/linux/open-isns/default.nix index db35804611bdf..3f939024a48ff 100644 --- a/pkgs/os-specific/linux/open-isns/default.nix +++ b/pkgs/os-specific/linux/open-isns/default.nix @@ -1,29 +1,16 @@ -{ lib, stdenv, openssl, fetchFromGitHub, fetchpatch }: +{ lib, stdenv, openssl, fetchFromGitHub }: stdenv.mkDerivation rec { pname = "open-isns"; - version = "0.100"; + version = "0.101"; src = fetchFromGitHub { owner = "open-iscsi"; repo = "open-isns"; rev = "v${version}"; - sha256 = "0d0dz965azsisvfl5wpp1b7m0q0fmaz5r7x5dfybkry551sbcydr"; + sha256 = "1g7kp1j2f8afsach6sbl4k05ybz1yz2s8yg073bv4gnv48gyxb2p"; }; - patches = [ - (fetchpatch { - name = "deprecated-sighold-sigrelease"; - url = "https://github.com/open-iscsi/open-isns/commit/e7dac76ce61039fefa58985c955afccb60dabe87.patch"; - sha256 = "15v106xn3ns7z4nlpby7kkm55rm9qncsmy2iqc4ifli0h67g34id"; - }) - (fetchpatch { - name = "warn_unused_result"; - url = "https://github.com/open-iscsi/open-isns/commit/4c39cb09735a494099fba0474d25ff26800de952.patch"; - sha256 = "1jlydrh9rgkky698jv0mp2wbbizn90q5wjbay086l0h6iqp8ibc3"; - }) - ]; - propagatedBuildInputs = [ openssl ]; outputs = [ "out" "lib" ]; outputInclude = "lib"; diff --git a/pkgs/servers/fishnet/assets.nix b/pkgs/servers/fishnet/assets.nix new file mode 100644 index 0000000000000..6844db1b810c1 --- /dev/null +++ b/pkgs/servers/fishnet/assets.nix @@ -0,0 +1,57 @@ +{ lib +, stdenv +, fetchFromGitHub +, xz +, autoPatchelfHook }: + +# Assets for fishnet: A collection of pre-built compressed stockfish binaries. +# We have to decompress them, patch them using auto-patchelf and compress them +# again so that a selection of them can be embedded into the fishnet binary. +stdenv.mkDerivation rec { + pname = "fishnet-assets"; + version = "unstable-2020-01-30"; + + src = fetchFromGitHub { + owner = "niklasf"; + repo = pname; + rev = "b4fa30e57ec8976fb1c10bd36737bc784351b93e"; + sha256 = "0gfs9lm4ih3h3fmgqylw05ii1h0d6mpjfxadnw3wymnjsspfb0m4"; + }; + + relAssetsPath = "share/${pname}"; + + nativeBuildInputs = [ xz autoPatchelfHook ]; + + postPatch = '' + # Delete packed .exe files and all non .xz files (documentation and readme) + rm *.exe.xz + find \! -name "*.xz" -delete + # Extract .xz files, except *.nnue.xz + # We don't have to unpack the latter and it takes ages to repack + find -name "*.xz" \! -name "*.nnue.xz" | xargs unxz -v + ''; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/${relAssetsPath} + cp ./* $out/${relAssetsPath} + ''; + + preFixup = '' + gatherLibraries '${stdenv.cc.cc.lib}' + ''; + + doDist = true; + distPhase = '' + # repack assets + find $out/${relAssetsPath} -type f \! -name "*.xz" | xargs xz -v + ''; + + meta = with lib; { + description = "Assets for fishnet, only required during build"; + homepage = "https://github.com/niklasf/fishnet-assets"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ tu-maurice ]; + }; +} diff --git a/pkgs/servers/fishnet/default.nix b/pkgs/servers/fishnet/default.nix new file mode 100644 index 0000000000000..2aa46b7d825ce --- /dev/null +++ b/pkgs/servers/fishnet/default.nix @@ -0,0 +1,37 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, xz +, autoPatchelfHook }: + +let + assets = import ./assets.nix { + inherit lib stdenv fetchFromGitHub xz autoPatchelfHook; + }; +in +rustPlatform.buildRustPackage rec { + pname = "fishnet"; + version = "2.2.3"; + + src = fetchFromGitHub { + owner = "niklasf"; + repo = pname; + rev = "v${version}"; + sha256 = "159fwjy70n6lvnhdwv65azgi03r5qcc2m2zpzgz0k3r6cy06faxj"; + }; + + cargoSha256 = "1bfs8dy08799r6d63sb33zwcxas3gzp7jvcxv3w8n64gffan8f2n"; + + preBuild = '' + rmdir ./assets + ln -snf ${assets}/${assets.relAssetsPath} ./assets + ''; + + meta = with lib; { + description = "Distributed Stockfish analysis for lichess.org"; + homepage = "https://github.com/niklasf/fishnet"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ tu-maurice ]; + }; +} diff --git a/pkgs/servers/web-apps/galene/default.nix b/pkgs/servers/web-apps/galene/default.nix new file mode 100644 index 0000000000000..1c2e16f76fc64 --- /dev/null +++ b/pkgs/servers/web-apps/galene/default.nix @@ -0,0 +1,30 @@ +{ lib, fetchFromGitHub, buildGoModule }: + +buildGoModule rec { + pname = "galene"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "jech"; + repo = "galene"; + rev = "galene-${version}"; + sha256 = "0hpgqqv8mp1d3sk7dk49m3yv0cv4afa0v3vdd4w8mdnx6pcqdgy1"; + }; + + vendorSha256 = "12b7andpzsgzmd56gg4gc5ilkxvjrpwpmwbdmygfzgkd5jncmcgp"; + + outputs = [ "out" "static" ]; + + postInstall = '' + mkdir $static + cp -r ./static $static + ''; + + meta = with lib; { + description = "Videoconferencing server that is easy to deploy, written in Go"; + homepage = "https://github.com/jech/galene"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ rgrunbla ]; + }; +} diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix index a1e9fad454051..4e8a3a991f51c 100644 --- a/pkgs/tools/filesystems/glusterfs/default.nix +++ b/pkgs/tools/filesystems/glusterfs/default.nix @@ -54,13 +54,13 @@ let ]; in stdenv.mkDerivation rec { pname = "glusterfs"; - version = "8.3"; + version = "9.0"; src = fetchFromGitHub { owner = "gluster"; repo = pname; rev = "v${version}"; - sha256 = "09vvbymiacz2pzwnq6f2dd7g2zszzsivdncz45sh977v3z0n84az"; + sha256 = "sha256-pjJQAFEb44yNqvNAOclZsiEDZBgcfIxliD3La1IsKPs="; }; inherit buildInputs propagatedBuildInputs; diff --git a/pkgs/tools/games/ajour/default.nix b/pkgs/tools/games/ajour/default.nix index 82bb6c54aa7af..291c783c91485 100644 --- a/pkgs/tools/games/ajour/default.nix +++ b/pkgs/tools/games/ajour/default.nix @@ -34,16 +34,16 @@ let in rustPlatform.buildRustPackage rec { pname = "Ajour"; - version = "0.6.3"; + version = "0.7.0"; src = fetchFromGitHub { owner = "casperstorm"; repo = "ajour"; rev = version; - sha256 = "080759j18pws5c8bmqn1bwvmlaq8k01kzj7bnwncwinl5j35mi2j"; + sha256 = "1lwwj16q24k3d3vaj64zkai4cb15hxp6bzicp004q5az4gbriwih"; }; - cargoSha256 = "1614lln5zh2j2np68pllwcqmywvzzmkj71b158fw2d98ijbi9lmw"; + cargoSha256 = "17j6v796ahfn07yjj9xd9kygy0sllz93ac4gky8w0hcixdwjp3i5"; nativeBuildInputs = [ autoPatchelfHook diff --git a/pkgs/tools/misc/tmux-mem-cpu-load/default.nix b/pkgs/tools/misc/tmux-mem-cpu-load/default.nix new file mode 100644 index 0000000000000..2f9f436a14990 --- /dev/null +++ b/pkgs/tools/misc/tmux-mem-cpu-load/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, fetchFromGitHub, cmake }: + +stdenv.mkDerivation rec { + pname = "tmux-mem-cpu-load"; + version = "3.4.0"; + + src = fetchFromGitHub { + owner = "thewtex"; + repo = "tmux-mem-cpu-load"; + rev = "v${version}"; + sha256 = "1ybj513l4953jhayrzb47dlh4yv9bkvs0q1lfvky17v9fdkxgn2j"; + }; + + nativeBuildInputs = [ cmake ]; + + meta = with lib; { + description = "CPU, RAM, and load monitor for use with tmux"; + homepage = https://github.com/thewtex/tmux-mem-cpu-load; + license = licenses.asl20; + maintainers = with maintainers; [ thomasjm ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/networking/autossh/default.nix b/pkgs/tools/networking/autossh/default.nix index 49fb4d52e0b49..9b8e7f712fd04 100644 --- a/pkgs/tools/networking/autossh/default.nix +++ b/pkgs/tools/networking/autossh/default.nix @@ -1,10 +1,11 @@ {lib, stdenv, fetchurl, openssh}: stdenv.mkDerivation rec { - name = "autossh-1.4g"; + pname = "autossh"; + version = "1.4g"; src = fetchurl { - url = "http://www.harding.motd.ca/autossh/${name}.tgz"; + url = "http://www.harding.motd.ca/autossh/${pname}-${version}.tgz"; sha256 = "0xqjw8df68f4kzkns5gcah61s5wk0m44qdk2z1d6388w6viwxhsz"; }; @@ -15,8 +16,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ openssh ]; - installPhase = - '' + installPhase = '' install -D -m755 autossh $out/bin/autossh || return 1 install -D -m644 CHANGES $out/share/doc/autossh/CHANGES || return 1 install -D -m644 README $out/share/doc/autossh/README || return 1 @@ -28,6 +28,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://www.harding.motd.ca/autossh/"; description = "Automatically restart SSH sessions and tunnels"; + license = licenses.bsd1; platforms = platforms.unix; maintainers = with maintainers; [ pSub ]; }; diff --git a/pkgs/tools/networking/boundary/default.nix b/pkgs/tools/networking/boundary/default.nix index 878b1ed65c1c7..6c653125c33a6 100644 --- a/pkgs/tools/networking/boundary/default.nix +++ b/pkgs/tools/networking/boundary/default.nix @@ -14,12 +14,12 @@ let in stdenv.mkDerivation rec { pname = "boundary"; - version = "0.1.4"; + version = "0.1.5"; src = fetchsrc version { - x86_64-linux = "sha256-+YGXSyaGhfNk+T5P7wCqsNEYwpV/Oet7kOM8OPC1A6I="; - aarch64-linux = "sha256-tikxRBF2Y+urv7S1EUu2d60twZWox1pI96yYX357r8o="; - x86_64-darwin = "sha256-N+6iiybnWZkruhUe9TRcGaq5xES/iHzlEVGcghT4EUc="; + x86_64-linux = "sha256-A8dfmFjvOHDwotCyRq9QQ9uHJIkq1JkIwtHsqDqTSNo="; + aarch64-linux = "sha256-i2qc4bmoSzUwNCQmnXLFQ+W4VZjVwXzEBSF3NeTju3M="; + x86_64-darwin = "sha256-lKGTpS2TmgxFdjUsBXKg8Mu6oJA0VidHc/noWWEuUVo="; }; dontConfigure = true; @@ -32,6 +32,8 @@ stdenv.mkDerivation rec { dontPatchELF = true; dontPatchShebangs = true; + passthru.updateScript = ./update.sh; + meta = with lib; { homepage = "https://boundaryproject.io/"; changelog = "https://github.com/hashicorp/boundary/blob/v${version}/CHANGELOG.md"; diff --git a/pkgs/tools/security/1password-gui/default.nix b/pkgs/tools/security/1password-gui/default.nix index 8decd9781ac41..7c3495e608eea 100644 --- a/pkgs/tools/security/1password-gui/default.nix +++ b/pkgs/tools/security/1password-gui/default.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { pname = "1password"; - version = "0.9.10-5"; + version = "0.9.11-3"; src = fetchurl { url = "https://onepassword.s3.amazonaws.com/linux/appimage/${pname}-${version}.AppImage"; - hash = "sha256-eHQZjR3KUQ6SuacKwtV/5hAB0WxoJYulKU4LRn8hlmk="; + hash = "sha256-vkW0LphgJsIVsdI7CjA2hOvxnjO77GA5eEKElIR4PkU="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6412952291cd0..534055d07bd1d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -156,6 +156,8 @@ in fiche = callPackage ../servers/fiche { }; + fishnet = callPackage ../servers/fishnet { }; + avro-tools = callPackage ../development/tools/avro-tools { }; bacnet-stack = callPackage ../tools/networking/bacnet-stack {}; @@ -1269,6 +1271,8 @@ in gaia = callPackage ../development/libraries/gaia { }; + galene = callPackage ../servers/web-apps/galene {}; + gamecube-tools = callPackage ../development/tools/gamecube-tools { }; gammy = qt5.callPackage ../tools/misc/gammy { }; @@ -8335,6 +8339,8 @@ in tmuxinator = callPackage ../tools/misc/tmuxinator { }; + tmux-mem-cpu-load = callPackage ../tools/misc/tmux-mem-cpu-load { }; + tmux-xpanes = callPackage ../tools/misc/tmux-xpanes { }; tmuxPlugins = recurseIntoAttrs (callPackage ../misc/tmux-plugins { }); @@ -10279,9 +10285,9 @@ in inherit (darwin) libiconv libobjc libresolv; }) mx jvmci8 graalvm8; - inherit (callPackages ../development/compilers/graalvm/community-edition.nix { }) - graalvm8-ce - graalvm11-ce; + inherit (callPackages ../development/compilers/graalvm/community-edition.nix { + inherit (darwin.apple_sdk.frameworks) Foundation; + }) graalvm8-ce graalvm11-ce; inherit (callPackages ../development/compilers/graalvm/enterprise-edition.nix { }) graalvm8-ee diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index fac61e71863f1..6f1a18ee0ec6e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1349,6 +1349,8 @@ in { cmdtest = callPackage ../development/python-modules/cmdtest { }; + cmsis-svd = callPackage ../development/python-modules/cmsis-svd { }; + cntk = callPackage ../development/python-modules/cntk { }; cnvkit = callPackage ../development/python-modules/cnvkit { }; |