diff options
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/applications/editors/jetbrains/default.nix | 2 | ||||
-rw-r--r-- | pkgs/applications/networking/mailreaders/notmuch-addrlookup/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/terminal-emulators/mlterm/default.nix | 3 | ||||
-rw-r--r-- | pkgs/desktops/gnome/apps/seahorse/default.nix | 15 | ||||
-rw-r--r-- | pkgs/development/libraries/gcr/4.nix | 4 | ||||
-rw-r--r-- | pkgs/development/libraries/osip/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/python-modules/haversine/default.nix | 12 | ||||
-rw-r--r-- | pkgs/development/python-modules/pywlroots/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/tools/oh-my-posh/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/backup/borgbackup/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/networking/gupnp-tools/default.nix | 17 | ||||
-rw-r--r-- | pkgs/tools/security/gitleaks/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/nsjail/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/please/default.nix | 50 | ||||
-rw-r--r-- | pkgs/tools/security/please/nixos-specific.patch | 13 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 6 |
16 files changed, 112 insertions, 36 deletions
diff --git a/pkgs/applications/editors/jetbrains/default.nix b/pkgs/applications/editors/jetbrains/default.nix index b2713def5bb8f..c795cc30b3901 100644 --- a/pkgs/applications/editors/jetbrains/default.nix +++ b/pkgs/applications/editors/jetbrains/default.nix @@ -183,7 +183,7 @@ let with on-the-fly code analysis, error prevention and automated refactorings for PHP and JavaScript code. ''; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ dritter ]; }; }); diff --git a/pkgs/applications/networking/mailreaders/notmuch-addrlookup/default.nix b/pkgs/applications/networking/mailreaders/notmuch-addrlookup/default.nix index 64ebb78a12d04..3ba78c7439281 100644 --- a/pkgs/applications/networking/mailreaders/notmuch-addrlookup/default.nix +++ b/pkgs/applications/networking/mailreaders/notmuch-addrlookup/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub, pkg-config, glib, notmuch }: let - version = "9"; + version = "10"; in stdenv.mkDerivation { pname = "notmuch-addrlookup"; @@ -11,7 +11,7 @@ stdenv.mkDerivation { owner = "aperezdc"; repo = "notmuch-addrlookup-c"; rev ="v${version}"; - sha256 = "1j3zdx161i1x4w0nic14ix5i8hd501rb31daf8api0k8855sx4rc"; + sha256 = "sha256-Z59MAptJw95azdK0auOuUyxBrX4PtXwnRNPkhjgI6Ro="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/applications/terminal-emulators/mlterm/default.nix b/pkgs/applications/terminal-emulators/mlterm/default.nix index 056a241384419..2783795f3e535 100644 --- a/pkgs/applications/terminal-emulators/mlterm/default.nix +++ b/pkgs/applications/terminal-emulators/mlterm/default.nix @@ -39,6 +39,8 @@ stdenv.mkDerivation rec { fcitx ibus + ] ++ lib.optionals (stdenv.system != "aarch64-linux") [ + # FIXME Currently broken on aarch64-linux uim ]; @@ -118,5 +120,6 @@ stdenv.mkDerivation rec { license = licenses.bsd3; maintainers = with maintainers; [ vrthra ramkromberg atemu ]; platforms = with platforms; linux ++ darwin; + broken = stdenv.system == "aarch64-darwin"; # https://github.com/arakiken/mlterm/issues/51 }; } diff --git a/pkgs/desktops/gnome/apps/seahorse/default.nix b/pkgs/desktops/gnome/apps/seahorse/default.nix index 07e39248bb70d..60de418f1e440 100644 --- a/pkgs/desktops/gnome/apps/seahorse/default.nix +++ b/pkgs/desktops/gnome/apps/seahorse/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv +{ stdenv +, lib , fetchurl , vala , meson @@ -11,7 +12,8 @@ , wrapGAppsHook , itstool , gnupg -, libsoup +, desktop-file-utils +, libsoup_3 , gnome , gpgme , python3 @@ -27,11 +29,11 @@ stdenv.mkDerivation rec { pname = "seahorse"; - version = "42.0"; + version = "43.0"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz"; - hash = "sha256-xQys6/jeen4uXx2uC5gjIRR0Epar6NVD45I9YqFT1jA="; + hash = "sha256-Wx0b+6dPNlgifzyC4pbzMN0PzR70Y2tqIYIo/uXqgy0="; }; nativeBuildInputs = [ @@ -44,6 +46,7 @@ stdenv.mkDerivation rec { python3 openssh gnupg + desktop-file-utils gcr # error: Package `...' not found in specified Vala API directories or GObject-Introspection GIR directories # TODO: the vala setuphook should look for vala filess in targetOffset instead of hostOffset @@ -60,7 +63,7 @@ stdenv.mkDerivation rec { gpgme libsecret avahi - libsoup + libsoup_3 p11-kit openldap libpwquality @@ -70,7 +73,7 @@ stdenv.mkDerivation rec { doCheck = true; postPatch = '' - patchShebangs build-aux/ + patchShebangs build-aux/gpg_check_version.py ''; preCheck = '' diff --git a/pkgs/development/libraries/gcr/4.nix b/pkgs/development/libraries/gcr/4.nix index f452d00b40d4c..a7f5b66a60e15 100644 --- a/pkgs/development/libraries/gcr/4.nix +++ b/pkgs/development/libraries/gcr/4.nix @@ -26,13 +26,13 @@ stdenv.mkDerivation rec { pname = "gcr"; - version = "3.92.0"; + version = "4.0.0"; outputs = [ "out" "bin" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "iWq/jh2w9A6ygHPzZPNqcjhayKv4zRNisQFul3If9Rg="; + sha256 = "xFhVkk8O57q0Pi3Ti/r9KsgVxumGQ0HAFh4XEXPc7Hw="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/osip/default.nix b/pkgs/development/libraries/osip/default.nix index 92da6bbdd4a1a..f7cedc96b7c72 100644 --- a/pkgs/development/libraries/osip/default.nix +++ b/pkgs/development/libraries/osip/default.nix @@ -1,9 +1,9 @@ {lib, stdenv, fetchurl}: stdenv.mkDerivation rec { - version = "5.3.0"; + version = "5.3.1"; src = fetchurl { url = "mirror://gnu/osip/libosip2-${version}.tar.gz"; - sha256 = "sha256-9HJZFsIs9RSWnvsVw8IHIz1kc5OD99QpVgOLePbK6Mg="; + sha256 = "sha256-/oL+hBYIJmrBWlwRGCFtoAxVTVAG4odaisN1Kx5q3Hk="; }; pname = "libosip2"; diff --git a/pkgs/development/python-modules/haversine/default.nix b/pkgs/development/python-modules/haversine/default.nix index d7fd299419ce1..690f5eb78846f 100644 --- a/pkgs/development/python-modules/haversine/default.nix +++ b/pkgs/development/python-modules/haversine/default.nix @@ -3,17 +3,21 @@ , fetchFromGitHub , numpy , pytestCheckHook +, pythonOlder }: buildPythonPackage rec { pname = "haversine"; - version = "2.6.0"; + version = "2.7.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "mapado"; repo = pname; rev = "v${version}"; - sha256 = "sha256-cFb2DsXIwaaJK3tiOTCc0k45FVJ4/Vudkq0rzqalGJs="; + hash = "sha256-iAGG1mjrt6oJ0IkmlJwrvb2Bpk4dNxV7ee9LYov03UY="; }; checkInputs = [ @@ -21,7 +25,9 @@ buildPythonPackage rec { pytestCheckHook ]; - pythonImportsCheck = [ "haversine" ]; + pythonImportsCheck = [ + "haversine" + ]; meta = with lib; { description = "Python module the distance between 2 points on earth"; diff --git a/pkgs/development/python-modules/pywlroots/default.nix b/pkgs/development/python-modules/pywlroots/default.nix index 6bc9c220ded44..8a3dec179c104 100644 --- a/pkgs/development/python-modules/pywlroots/default.nix +++ b/pkgs/development/python-modules/pywlroots/default.nix @@ -19,14 +19,14 @@ buildPythonPackage rec { pname = "pywlroots"; - version = "0.15.21"; + version = "0.15.22"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-1wHV1+xrGFJWLoMIaG5jc01FfC7mV0+ArhPmWS5yG04="; + sha256 = "sha256-KzpQk7ANinEVvOBeZ+8vPmuuu4LbatjHBKUL44bcAAI="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/development/tools/oh-my-posh/default.nix b/pkgs/development/tools/oh-my-posh/default.nix index 72d501935be0a..9cedd56da8d5d 100644 --- a/pkgs/development/tools/oh-my-posh/default.nix +++ b/pkgs/development/tools/oh-my-posh/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "oh-my-posh"; - version = "12.2.0"; + version = "12.3.0"; src = fetchFromGitHub { owner = "jandedobbeleer"; repo = pname; rev = "v${version}"; - sha256 = "sha256-zWoM9STdyJbgNqX5FQ70T+0dbENW7aOjHV+BShAHi8I="; + sha256 = "sha256-HTQ9WcplJndRD4MXB6jcfNgldWeez8hPtkO3H7NJuyI="; }; vendorSha256 = "sha256-zL5tkBkZa2Twc2FNNNUIycd/QvkpR1XEntpJ0j4z/xo="; diff --git a/pkgs/tools/backup/borgbackup/default.nix b/pkgs/tools/backup/borgbackup/default.nix index adfd0b42e399c..9bc3dfefd4ae3 100644 --- a/pkgs/tools/backup/borgbackup/default.nix +++ b/pkgs/tools/backup/borgbackup/default.nix @@ -122,6 +122,6 @@ python3.pkgs.buildPythonApplication rec { license = licenses.bsd3; platforms = platforms.unix; # Darwin and FreeBSD mentioned on homepage mainProgram = "borg"; - maintainers = with maintainers; [ flokli dotlambda globin ]; + maintainers = with maintainers; [ dotlambda globin ]; }; } diff --git a/pkgs/tools/networking/gupnp-tools/default.nix b/pkgs/tools/networking/gupnp-tools/default.nix index 967bb66256dca..95fea4dac0f91 100644 --- a/pkgs/tools/networking/gupnp-tools/default.nix +++ b/pkgs/tools/networking/gupnp-tools/default.nix @@ -3,11 +3,11 @@ , fetchurl , meson , ninja -, gupnp -, gssdp +, gupnp_1_6 +, libsoup_3 +, gssdp_1_6 , pkg-config , gtk3 -, libuuid , gettext , gupnp-av , gtksourceview4 @@ -17,11 +17,11 @@ stdenv.mkDerivation rec { pname = "gupnp-tools"; - version = "0.10.3"; + version = "0.12.0"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "RX9Nkjk1sHhBXNK6iNeNtgB5tyWSa37hBuRWXv4yBN4="; + sha256 = "XqdgfuNlZCxVWSf+3FteH+COdPBh0MPrCL2QG16yAII="; }; nativeBuildInputs = [ @@ -33,13 +33,12 @@ stdenv.mkDerivation rec { ]; buildInputs = [ - gupnp - libuuid - gssdp + gupnp_1_6 + libsoup_3 + gssdp_1_6 gtk3 gupnp-av gtksourceview4 - gnome.adwaita-icon-theme ]; passthru = { diff --git a/pkgs/tools/security/gitleaks/default.nix b/pkgs/tools/security/gitleaks/default.nix index 9850d317971c1..ed8ebf669c3df 100644 --- a/pkgs/tools/security/gitleaks/default.nix +++ b/pkgs/tools/security/gitleaks/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.14.1"; + version = "8.15.0"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UHl+bb7Szw+gB5oy0Wsc2fhEniXNnuIXFtV62kJy3f8="; + sha256 = "sha256-KqShYaUODClKkbLs3jaj55WXy9HyyBzvY5KdNOqEXPE="; }; vendorSha256 = "sha256-Ev0/CSpwJDmc+Dvu/bFDzsgsq80rWImJWXNAUqYHgoE="; diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix index c86fcb7ace57b..59f7a6667068e 100644 --- a/pkgs/tools/security/nsjail/default.nix +++ b/pkgs/tools/security/nsjail/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { pname = "nsjail"; - version = "3.1"; + version = "3.2"; src = fetchFromGitHub { owner = "google"; repo = "nsjail"; rev = version; fetchSubmodules = true; - sha256 = "sha256-ICJpD7iCT7tLRX+52XvayOUuO1g0L0jQgk60S2zLz6c="; + sha256 = "sha256-SFRnCEPawMKEIdmrOnJ45IIb17W1d4qCceuRdWTDTQU="; }; nativeBuildInputs = [ autoconf bison flex libtool pkg-config which installShellFiles ]; diff --git a/pkgs/tools/security/please/default.nix b/pkgs/tools/security/please/default.nix new file mode 100644 index 0000000000000..40640ba4ed87e --- /dev/null +++ b/pkgs/tools/security/please/default.nix @@ -0,0 +1,50 @@ +{ lib +, rustPlatform +, fetchFromGitLab +, installShellFiles +, pam +, nixosTests +}: + +rustPlatform.buildRustPackage rec { + pname = "please"; + version = "0.5.3"; + + src = fetchFromGitLab { + owner = "edneville"; + repo = "please"; + rev = "v${version}"; + hash = "sha256-YL0yKIDoFD6Q5gVXOjHiqH2ub7jlhlE/uDKLK1FlE74="; + }; + + cargoHash = "sha256-noZsnFL6G1KcxGY0sn0PvY5nIdx5aOAMErMViIY/7bE="; + + nativeBuildInputs = [ installShellFiles ]; + + buildInputs = [ pam ]; + + patches = [ ./nixos-specific.patch ]; + + postInstall = '' + installManPage man/* + ''; + + passthru.tests = { inherit (nixosTests) please; }; + + meta = with lib; { + description = "A polite regex-first sudo alternative"; + longDescription = '' + Delegate accurate least privilege access with ease. Express easily with a + regex and expose only what is needed and nothing more. Or validate file + edits with pleaseedit. + + Please is written with memory safe rust. Traditional C memory unsafety is + avoided, logic problems may exist but this codebase is relatively small. + ''; + homepage = "https://www.usenix.org.uk/content/please.html"; + changelog = "https://github.com/edneville/please/blob/${src.rev}/CHANGELOG.md"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ azahi ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/please/nixos-specific.patch b/pkgs/tools/security/please/nixos-specific.patch new file mode 100644 index 0000000000000..926f815cbfb4d --- /dev/null +++ b/pkgs/tools/security/please/nixos-specific.patch @@ -0,0 +1,13 @@ +diff --git i/src/lib.rs w/src/lib.rs +index fdd69f2..07c794e 100644 +--- i/src/lib.rs ++++ w/src/lib.rs +@@ -1667,7 +1667,7 @@ pub fn search_path(binary: &str) -> Option<String> { + } + } + +- for dir in "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin".split(':') { ++ for dir in "/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin".split(':') { + let path_name = format!("{}/{}", &dir, &binary); + let p = Path::new(&path_name); + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 37bd664ea144e..9d2a4fd18dabc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1869,10 +1869,10 @@ with pkgs; microcom = callPackage ../applications/terminal-emulators/microcom { }; - mlterm = callPackage ../applications/terminal-emulators/mlterm { + mlterm = darwin.apple_sdk_11_0.callPackage ../applications/terminal-emulators/mlterm { libssh2 = null; openssl = null; - inherit (darwin.apple_sdk.frameworks) Cocoa; + inherit (darwin.apple_sdk_11_0.frameworks) Cocoa; }; mrxvt = callPackage ../applications/terminal-emulators/mrxvt { }; @@ -10248,6 +10248,8 @@ with pkgs; playbar2 = libsForQt5.callPackage ../applications/audio/playbar2 { }; + please = callPackage ../tools/security/please { }; + plecost = callPackage ../tools/security/plecost { }; plujain-ramp = callPackage ../applications/audio/plujain-ramp { }; |