Merge master into staging-next

nixos/doc/manual/release-notes/rl-2405.section.md

@@ -536,6 +536,17 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 - `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list.
   For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``;
 
+- `services.openssh` now has an option `authorizedKeysInHomedir`, controlling whether `~/.ssh/authorizedKeys` is
+  added to `authorizedKeysFiles`.
+  ::: {.note}
+  This option currently defaults to `true` for NixOS 24.05, preserving the previous behaviour.
+  This is expected to change in NixOS 24.11.
+  :::
+  ::: {.warning}
+  Users should check that their SSH keys are in `users.users.*.openssh`, or that they have another way to access
+  and administer the system, before setting this option to `false`.
+  :::
+
 - [`matrix-synapse`](https://element-hq.github.io/synapse/) homeserver module now supports configuring UNIX domain socket [`listeners`](#opt-services.matrix-synapse.settings.listeners) through the `path` option.
   The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets.
 

nixos/modules/services/networking/ssh/sshd.nix

@@ -296,6 +296,17 @@ in
         '';
       };
 
+      authorizedKeysInHomedir = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Enables the use of the `~/.ssh/authorized_keys` file.
+
+          Otherwise, the only files trusted by default are those in `/etc/ssh/authorized_keys.d`,
+          *i.e.* SSH keys from [](#opt-users.users._name_.openssh.authorizedKeys.keys).
+        '';
+      };
+
       authorizedKeysCommand = mkOption {
         type = types.str;
         default = "none";
@@ -635,7 +646,7 @@ in
     # https://github.com/NixOS/nixpkgs/pull/10155
     # https://github.com/NixOS/nixpkgs/pull/41745
     services.openssh.authorizedKeysFiles =
-      [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
+      lib.optional cfg.authorizedKeysInHomedir "%h/.ssh/authorized_keys" ++ [ "/etc/ssh/authorized_keys.d/%u" ];
 
     services.openssh.settings.AuthorizedPrincipalsFile = mkIf (authPrincipalsFiles != {}) "/etc/ssh/authorized_principals.d/%u";
 

pkgs/by-name/co/codux/package.nix

@@ -5,11 +5,11 @@
 
 let
   pname = "codux";
-  version = "15.25.0";
+  version = "15.25.1";
 
   src = fetchurl {
     url = "https://github.com/wixplosives/codux-versions/releases/download/${version}/Codux-${version}.x86_64.AppImage";
-    sha256 = "sha256-9hO0n+ARAqwYWCbDAKpna1zS3pjHykB3+c6wunWrc6o=";
+    sha256 = "sha256-MdA/NAlIRyKJNiqYvoxACc+WgS0ZAt+tbqaQRzTT/Xc=";
   };
 
   appimageContents = appimageTools.extractType2 { inherit pname version src; };

pkgs/by-name/fa/fastahack/package.nix

@@ -0,0 +1,43 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  runCommand,
+  fastahack,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "fastahack";
+  version = "1.0.0";
+
+  src = fetchFromGitHub {
+    owner = "ekg";
+    repo = "fastahack";
+    rev = "refs/tags/v${finalAttrs.version}";
+    hash = "sha256-SWu2iRwNgdhsn4sH9/3jPNG3+l1xFAHXPq5/ODVd4WY=";
+  };
+
+  installFlags = [ "PREFIX=${placeholder "out"}" ];
+
+  passthru.tests = {
+    simple = runCommand "${finalAttrs.pname}-test" { } ''
+      mkdir $out
+      cp ${fastahack.src}/tests/* $out
+      grep -v ERROR <(${lib.getExe fastahack} $out/correct.fasta 2>&1)
+      grep -v ERROR <(${lib.getExe fastahack} $out/crlf.fasta 2>&1)
+      grep "ERROR: embedded newline " <(${lib.getExe fastahack} $out/embedded_newline.fasta 2>&1)
+      grep "ERROR: mismatched line lengths" <(${lib.getExe fastahack} $out/mismatched_lines.fasta 2>&1)
+      grep -v ERROR <(${lib.getExe fastahack} $out/trailing_newlines.fasta 2>&1)
+    '';
+  };
+
+  meta = {
+    description = "Utilities for indexing and sequence extraction from FASTA files";
+    homepage = "https://github.com/ekg/fastahack";
+    changelog = "https://github.com/ekg/fastahack/releases/tag/v${finalAttrs.version}";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ natsukium ];
+    mainProgram = "fastahack";
+    platforms = lib.platforms.unix;
+  };
+})

pkgs/by-name/tt/tt/package.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  fetchFromGitHub,
+  buildGoModule,
+  installShellFiles,
+}:
+
+buildGoModule rec {
+  pname = "tt";
+  version = "0.4.2";
+
+  src = fetchFromGitHub {
+    owner = "lemnos";
+    repo = "tt";
+    rev = "v${version}";
+    hash = "sha256-vKh19xYBeNqvVFilvA7NeQ34RM5VnwDs+Hu/pe3J0y4=";
+  };
+
+  vendorHash = "sha256-edY2CcZXOIed0+7IA8kr4lAfuSJx/nHtmc734XzT4z4=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  postInstall = ''
+      mv $out/bin/src $out/bin/tt
+      installManPage tt.1.gz
+  '';
+
+  meta = {
+    description = "Typing test in the terminal written in Go";
+    homepage = "https://github.com/lemnos/tt";
+    license = lib.licenses.mit;
+    mainProgram = "tt";
+    maintainers = with lib.maintainers; [ vinetos ];
+  };
+}

pkgs/by-name/tw/twitch-dl/package.nix

@@ -7,14 +7,14 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "twitch-dl";
-  version = "2.2.2";
+  version = "2.3.0";
   pyproject = true;
 
   src = fetchFromGitHub {
     owner = "ihabunek";
     repo = "twitch-dl";
     rev = "refs/tags/${version}";
-    hash = "sha256-Os27uqH3MA3v9+8WzfL5KIEUewAzf8JUyRtsWSzw81o=";
+    hash = "sha256-0uOOc3ANXleQlENB+gdWheafBiOOcyZsFvYj7r+WMCY=";
   };
 
   pythonRelaxDeps = [
@@ -42,6 +42,7 @@ python3Packages.buildPythonApplication rec {
   disabledTestPaths = [
     # Requires network access
     "tests/test_api.py"
+    "tests/test_cli.py"
   ];
 
   pythonImportsCheck = [

pkgs/desktops/gnome/extensions/gsconnect/default.nix

@@ -23,7 +23,7 @@
 
 stdenv.mkDerivation rec {
   pname = "gnome-shell-extension-gsconnect";
-  version = "56";
+  version = "57";
 
   outputs = [ "out" "installedTests" ];
 
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
     owner = "GSConnect";
     repo = "gnome-shell-extension-gsconnect";
     rev = "v${version}";
-    hash = "sha256-V2L65Fz1WcJE2ENE8uNgIuVSXLDHokcgM4Caz1sOdZM=";
+    hash = "sha256-0o5CEkdFPL7bZkHIA/zFWB8sY1OYROl4P3rl24+lze0=";
   };
 
   patches = [

pkgs/development/libraries/ffmpeg/generic.nix

@@ -40,7 +40,7 @@
 , withAss ? withHeadlessDeps && stdenv.hostPlatform == stdenv.buildPlatform # (Advanced) SubStation Alpha subtitle rendering
 , withAudioToolbox ? withHeadlessDeps && stdenv.isDarwin # Apple AudioToolbox
 , withAvFoundation ? withHeadlessDeps && stdenv.isDarwin # Apple AVFoundation framework
-, withAvisynth ? withFullDeps # AviSynth script files reading
+, withAvisynth ? withFullDeps && !stdenv.isDarwin # AviSynth script files reading; Darwin currently broken because libdevil fails to build
 , withBluray ? withFullDeps # BluRay reading
 , withBs2b ? withFullDeps # bs2b DSP library
 , withBzlib ? withHeadlessDeps

pkgs/development/python-modules/attacut/default.nix

@@ -0,0 +1,73 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  fetchpatch,
+
+  setuptools,
+
+  pytestCheckHook,
+
+  docopt,
+  fire,
+  numpy,
+  python-crfsuite,
+  pyyaml,
+  six,
+  ssg,
+  torch,
+}:
+
+buildPythonPackage rec {
+  pname = "attacut";
+  version = "1.1.0-dev";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "PyThaiNLP";
+    repo = "attacut";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-x3JJC1Xd+tsOAHJEHGzIrhIrNGSvLSanAFc7+uXb2Kk=";
+  };
+
+  # no more need, see patch...
+  postPatch = ''
+    sed -i "/nptyping>=/d" setup.py
+  '';
+
+  patches = [
+    (fetchpatch {
+      name = "fix-nptyping-deprecated-array.patch";
+      url = "https://github.com/PyThaiNLP/attacut/commit/a707297b3f08a015d32d8ac241aa8cb11128cbd4.patch";
+      includes = [ "attacut/evaluation.py" ];
+      hash = "sha256-k2DJPwiH1Fyf5u6+zavx0bankCXsJVZrw1MGcf8ZL+M=";
+    })
+  ];
+
+  build-system = [ setuptools ];
+
+  dependencies = [
+    docopt
+    fire
+    numpy
+    python-crfsuite
+    pyyaml
+    six
+    ssg
+    torch
+  ];
+
+  nativeCheckInputs = [ pytestCheckHook ];
+
+  pytestFlagsArray = [ "tests/*" ];
+
+  pythonImportsCheck = [ "attacut" ];
+
+  meta = with lib; {
+    description = "A Fast and Accurate Neural Thai Word Segmenter";
+    homepage = "https://github.com/PyThaiNLP/attacut";
+    license = licenses.mit;
+    maintainers = with maintainers; [ vizid ];
+    mainProgram = "attacut-cli";
+  };
+}

pkgs/development/python-modules/clarifai/default.nix

@@ -25,7 +25,7 @@
 
 buildPythonPackage rec {
   pname = "clarifai";
-  version = "10.3.1";
+  version = "10.3.2";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -34,7 +34,7 @@ buildPythonPackage rec {
     owner = "Clarifai";
     repo = "clarifai-python";
     rev = "refs/tags/${version}";
-    hash = "sha256-KCJ1Ev0fgww0JU1tDp9X/A9EIcXQRaFKeA/MRNnp5ng=";
+    hash = "sha256-8FF3hMiF8a1jtXtzpw7V03h4Npyvg+QYIjhER6NeB2U=";
   };
 
   pythonRelaxDeps = [ "clarifai-grpc" ];

pkgs/development/python-modules/phunspell/default.nix

@@ -0,0 +1,53 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  fetchpatch,
+
+  setuptools,
+
+  spylls,
+}:
+
+buildPythonPackage rec {
+  pname = "phunspell";
+  version = "0.1.6";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "dvwright";
+    repo = "phunspell";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-TlO9Ccr2iRN+s3JV+3P36RF9oFY32fj+24sKslZZCVk=";
+  };
+
+  patches = [
+    (fetchpatch {
+      name = "fix-package-data-warning.patch";
+      url = "https://github.com/dvwright/phunspell/commit/70a0ee8af8442797e03916cea31637c21e6d32d9.patch";
+      hash = "sha256-kSaKHd7dVJM8+2dqxjs26Hv0feNXAXXymUE97DNVBFM=";
+    })
+    (fetchpatch {
+      name = "replace-description-file-deprecated-option.patch";
+      url = "https://github.com/dvwright/phunspell/commit/331c593b486cebe1a9b72befa568de9b51033f15.patch";
+      hash = "sha256-gdYfeG1vBtjnDDCjmg+ZSuToqVe0hrzB3RIqBLGNvBQ=";
+    })
+  ];
+
+  build-system = [ setuptools ];
+
+  dependencies = [ spylls ];
+
+  # for tests need lots of RAM, just skip...
+  doCheck = false;
+
+  pythonImportsCheck = [ "phunspell" ];
+
+  meta = with lib; {
+    description = "Pure Python spell checker, wrapping spylls a port of Hunspell";
+    homepage = "https://github.com/dvwright/phunspell";
+    changelog = "https://github.com/dvwright/phunspell/releases/tag/v${version}";
+    license = licenses.mit;
+    maintainers = with maintainers; [ vizid ];
+  };
+}

pkgs/development/python-modules/streamlit/default.nix

@@ -33,14 +33,14 @@
 
 buildPythonPackage rec {
   pname = "streamlit";
-  version = "1.33.0";
+  version = "1.34.0";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-qNqP9G9blIxW0tx6ynphz42ZX08hdEz4IliudeYwBLo=";
+    hash = "sha256-E1o7eaaGsxMrc/IERQrW6IneBPM0nWkpJeCfDiHnS1I=";
   };
 
   nativeBuildInputs = [

pkgs/top-level/python-packages.nix

@@ -931,6 +931,8 @@ self: super: with self; {
 
   atsim-potentials = callPackage ../development/python-modules/atsim-potentials { };
 
+  attacut = callPackage ../development/python-modules/attacut { };
+
   attrdict = callPackage ../development/python-modules/attrdict { };
 
   attrs = callPackage ../development/python-modules/attrs { };
@@ -9728,6 +9730,8 @@ self: super: with self; {
 
   phpserialize = callPackage ../development/python-modules/phpserialize { };
 
+  phunspell = callPackage ../development/python-modules/phunspell { };
+
   phx-class-registry = callPackage ../development/python-modules/phx-class-registry { };
 
   pi1wire = callPackage ../development/python-modules/pi1wire { };