diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 07e9d72cdcf3..064c81c6836d 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -536,6 +536,17 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list. For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``; +- `services.openssh` now has an option `authorizedKeysInHomedir`, controlling whether `~/.ssh/authorizedKeys` is + added to `authorizedKeysFiles`. + ::: {.note} + This option currently defaults to `true` for NixOS 24.05, preserving the previous behaviour. + This is expected to change in NixOS 24.11. + ::: + ::: {.warning} + Users should check that their SSH keys are in `users.users.*.openssh`, or that they have another way to access + and administer the system, before setting this option to `false`. + ::: + - [`matrix-synapse`](https://element-hq.github.io/synapse/) homeserver module now supports configuring UNIX domain socket [`listeners`](#opt-services.matrix-synapse.settings.listeners) through the `path` option. The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets. diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index c62bccd462d3..0fdb708bf052 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -296,6 +296,17 @@ in ''; }; + authorizedKeysInHomedir = mkOption { + type = types.bool; + default = true; + description = '' + Enables the use of the `~/.ssh/authorized_keys` file. + + Otherwise, the only files trusted by default are those in `/etc/ssh/authorized_keys.d`, + *i.e.* SSH keys from [](#opt-users.users._name_.openssh.authorizedKeys.keys). + ''; + }; + authorizedKeysCommand = mkOption { type = types.str; default = "none"; @@ -635,7 +646,7 @@ in # https://github.com/NixOS/nixpkgs/pull/10155 # https://github.com/NixOS/nixpkgs/pull/41745 services.openssh.authorizedKeysFiles = - [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ]; + lib.optional cfg.authorizedKeysInHomedir "%h/.ssh/authorized_keys" ++ [ "/etc/ssh/authorized_keys.d/%u" ]; services.openssh.settings.AuthorizedPrincipalsFile = mkIf (authPrincipalsFiles != {}) "/etc/ssh/authorized_principals.d/%u"; diff --git a/pkgs/by-name/co/codux/package.nix b/pkgs/by-name/co/codux/package.nix index e364aa5c7b01..bd95a9334d0b 100644 --- a/pkgs/by-name/co/codux/package.nix +++ b/pkgs/by-name/co/codux/package.nix @@ -5,11 +5,11 @@ let pname = "codux"; - version = "15.25.0"; + version = "15.25.1"; src = fetchurl { url = "https://github.com/wixplosives/codux-versions/releases/download/${version}/Codux-${version}.x86_64.AppImage"; - sha256 = "sha256-9hO0n+ARAqwYWCbDAKpna1zS3pjHykB3+c6wunWrc6o="; + sha256 = "sha256-MdA/NAlIRyKJNiqYvoxACc+WgS0ZAt+tbqaQRzTT/Xc="; }; appimageContents = appimageTools.extractType2 { inherit pname version src; }; diff --git a/pkgs/by-name/fa/fastahack/package.nix b/pkgs/by-name/fa/fastahack/package.nix new file mode 100644 index 000000000000..ed8f342007ba --- /dev/null +++ b/pkgs/by-name/fa/fastahack/package.nix @@ -0,0 +1,43 @@ +{ + lib, + stdenv, + fetchFromGitHub, + runCommand, + fastahack, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "fastahack"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "ekg"; + repo = "fastahack"; + rev = "refs/tags/v${finalAttrs.version}"; + hash = "sha256-SWu2iRwNgdhsn4sH9/3jPNG3+l1xFAHXPq5/ODVd4WY="; + }; + + installFlags = [ "PREFIX=${placeholder "out"}" ]; + + passthru.tests = { + simple = runCommand "${finalAttrs.pname}-test" { } '' + mkdir $out + cp ${fastahack.src}/tests/* $out + grep -v ERROR <(${lib.getExe fastahack} $out/correct.fasta 2>&1) + grep -v ERROR <(${lib.getExe fastahack} $out/crlf.fasta 2>&1) + grep "ERROR: embedded newline " <(${lib.getExe fastahack} $out/embedded_newline.fasta 2>&1) + grep "ERROR: mismatched line lengths" <(${lib.getExe fastahack} $out/mismatched_lines.fasta 2>&1) + grep -v ERROR <(${lib.getExe fastahack} $out/trailing_newlines.fasta 2>&1) + ''; + }; + + meta = { + description = "Utilities for indexing and sequence extraction from FASTA files"; + homepage = "https://github.com/ekg/fastahack"; + changelog = "https://github.com/ekg/fastahack/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ natsukium ]; + mainProgram = "fastahack"; + platforms = lib.platforms.unix; + }; +}) diff --git a/pkgs/by-name/tt/tt/package.nix b/pkgs/by-name/tt/tt/package.nix new file mode 100644 index 000000000000..f45376aa4caa --- /dev/null +++ b/pkgs/by-name/tt/tt/package.nix @@ -0,0 +1,35 @@ +{ + lib, + fetchFromGitHub, + buildGoModule, + installShellFiles, +}: + +buildGoModule rec { + pname = "tt"; + version = "0.4.2"; + + src = fetchFromGitHub { + owner = "lemnos"; + repo = "tt"; + rev = "v${version}"; + hash = "sha256-vKh19xYBeNqvVFilvA7NeQ34RM5VnwDs+Hu/pe3J0y4="; + }; + + vendorHash = "sha256-edY2CcZXOIed0+7IA8kr4lAfuSJx/nHtmc734XzT4z4="; + + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + mv $out/bin/src $out/bin/tt + installManPage tt.1.gz + ''; + + meta = { + description = "Typing test in the terminal written in Go"; + homepage = "https://github.com/lemnos/tt"; + license = lib.licenses.mit; + mainProgram = "tt"; + maintainers = with lib.maintainers; [ vinetos ]; + }; +} diff --git a/pkgs/by-name/tw/twitch-dl/package.nix b/pkgs/by-name/tw/twitch-dl/package.nix index 6a7a89d17fe1..fa78dc273c75 100644 --- a/pkgs/by-name/tw/twitch-dl/package.nix +++ b/pkgs/by-name/tw/twitch-dl/package.nix @@ -7,14 +7,14 @@ python3Packages.buildPythonApplication rec { pname = "twitch-dl"; - version = "2.2.2"; + version = "2.3.0"; pyproject = true; src = fetchFromGitHub { owner = "ihabunek"; repo = "twitch-dl"; rev = "refs/tags/${version}"; - hash = "sha256-Os27uqH3MA3v9+8WzfL5KIEUewAzf8JUyRtsWSzw81o="; + hash = "sha256-0uOOc3ANXleQlENB+gdWheafBiOOcyZsFvYj7r+WMCY="; }; pythonRelaxDeps = [ @@ -42,6 +42,7 @@ python3Packages.buildPythonApplication rec { disabledTestPaths = [ # Requires network access "tests/test_api.py" + "tests/test_cli.py" ]; pythonImportsCheck = [ diff --git a/pkgs/desktops/gnome/extensions/gsconnect/default.nix b/pkgs/desktops/gnome/extensions/gsconnect/default.nix index d8a04e306028..3401db037eda 100644 --- a/pkgs/desktops/gnome/extensions/gsconnect/default.nix +++ b/pkgs/desktops/gnome/extensions/gsconnect/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { pname = "gnome-shell-extension-gsconnect"; - version = "56"; + version = "57"; outputs = [ "out" "installedTests" ]; @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { owner = "GSConnect"; repo = "gnome-shell-extension-gsconnect"; rev = "v${version}"; - hash = "sha256-V2L65Fz1WcJE2ENE8uNgIuVSXLDHokcgM4Caz1sOdZM="; + hash = "sha256-0o5CEkdFPL7bZkHIA/zFWB8sY1OYROl4P3rl24+lze0="; }; patches = [ diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index 92a28d8a7705..c8d62f2917dc 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -40,7 +40,7 @@ , withAss ? withHeadlessDeps && stdenv.hostPlatform == stdenv.buildPlatform # (Advanced) SubStation Alpha subtitle rendering , withAudioToolbox ? withHeadlessDeps && stdenv.isDarwin # Apple AudioToolbox , withAvFoundation ? withHeadlessDeps && stdenv.isDarwin # Apple AVFoundation framework -, withAvisynth ? withFullDeps # AviSynth script files reading +, withAvisynth ? withFullDeps && !stdenv.isDarwin # AviSynth script files reading; Darwin currently broken because libdevil fails to build , withBluray ? withFullDeps # BluRay reading , withBs2b ? withFullDeps # bs2b DSP library , withBzlib ? withHeadlessDeps diff --git a/pkgs/development/python-modules/attacut/default.nix b/pkgs/development/python-modules/attacut/default.nix new file mode 100644 index 000000000000..70e8a98ccfd4 --- /dev/null +++ b/pkgs/development/python-modules/attacut/default.nix @@ -0,0 +1,73 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + fetchpatch, + + setuptools, + + pytestCheckHook, + + docopt, + fire, + numpy, + python-crfsuite, + pyyaml, + six, + ssg, + torch, +}: + +buildPythonPackage rec { + pname = "attacut"; + version = "1.1.0-dev"; + pyproject = true; + + src = fetchFromGitHub { + owner = "PyThaiNLP"; + repo = "attacut"; + rev = "refs/tags/v${version}"; + hash = "sha256-x3JJC1Xd+tsOAHJEHGzIrhIrNGSvLSanAFc7+uXb2Kk="; + }; + + # no more need, see patch... + postPatch = '' + sed -i "/nptyping>=/d" setup.py + ''; + + patches = [ + (fetchpatch { + name = "fix-nptyping-deprecated-array.patch"; + url = "https://github.com/PyThaiNLP/attacut/commit/a707297b3f08a015d32d8ac241aa8cb11128cbd4.patch"; + includes = [ "attacut/evaluation.py" ]; + hash = "sha256-k2DJPwiH1Fyf5u6+zavx0bankCXsJVZrw1MGcf8ZL+M="; + }) + ]; + + build-system = [ setuptools ]; + + dependencies = [ + docopt + fire + numpy + python-crfsuite + pyyaml + six + ssg + torch + ]; + + nativeCheckInputs = [ pytestCheckHook ]; + + pytestFlagsArray = [ "tests/*" ]; + + pythonImportsCheck = [ "attacut" ]; + + meta = with lib; { + description = "A Fast and Accurate Neural Thai Word Segmenter"; + homepage = "https://github.com/PyThaiNLP/attacut"; + license = licenses.mit; + maintainers = with maintainers; [ vizid ]; + mainProgram = "attacut-cli"; + }; +} diff --git a/pkgs/development/python-modules/clarifai/default.nix b/pkgs/development/python-modules/clarifai/default.nix index b1085bdc5b99..c3f60ae5103a 100644 --- a/pkgs/development/python-modules/clarifai/default.nix +++ b/pkgs/development/python-modules/clarifai/default.nix @@ -25,7 +25,7 @@ buildPythonPackage rec { pname = "clarifai"; - version = "10.3.1"; + version = "10.3.2"; pyproject = true; disabled = pythonOlder "3.8"; @@ -34,7 +34,7 @@ buildPythonPackage rec { owner = "Clarifai"; repo = "clarifai-python"; rev = "refs/tags/${version}"; - hash = "sha256-KCJ1Ev0fgww0JU1tDp9X/A9EIcXQRaFKeA/MRNnp5ng="; + hash = "sha256-8FF3hMiF8a1jtXtzpw7V03h4Npyvg+QYIjhER6NeB2U="; }; pythonRelaxDeps = [ "clarifai-grpc" ]; diff --git a/pkgs/development/python-modules/phunspell/default.nix b/pkgs/development/python-modules/phunspell/default.nix new file mode 100644 index 000000000000..c4d8cf4ddc16 --- /dev/null +++ b/pkgs/development/python-modules/phunspell/default.nix @@ -0,0 +1,53 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + fetchpatch, + + setuptools, + + spylls, +}: + +buildPythonPackage rec { + pname = "phunspell"; + version = "0.1.6"; + pyproject = true; + + src = fetchFromGitHub { + owner = "dvwright"; + repo = "phunspell"; + rev = "refs/tags/v${version}"; + hash = "sha256-TlO9Ccr2iRN+s3JV+3P36RF9oFY32fj+24sKslZZCVk="; + }; + + patches = [ + (fetchpatch { + name = "fix-package-data-warning.patch"; + url = "https://github.com/dvwright/phunspell/commit/70a0ee8af8442797e03916cea31637c21e6d32d9.patch"; + hash = "sha256-kSaKHd7dVJM8+2dqxjs26Hv0feNXAXXymUE97DNVBFM="; + }) + (fetchpatch { + name = "replace-description-file-deprecated-option.patch"; + url = "https://github.com/dvwright/phunspell/commit/331c593b486cebe1a9b72befa568de9b51033f15.patch"; + hash = "sha256-gdYfeG1vBtjnDDCjmg+ZSuToqVe0hrzB3RIqBLGNvBQ="; + }) + ]; + + build-system = [ setuptools ]; + + dependencies = [ spylls ]; + + # for tests need lots of RAM, just skip... + doCheck = false; + + pythonImportsCheck = [ "phunspell" ]; + + meta = with lib; { + description = "Pure Python spell checker, wrapping spylls a port of Hunspell"; + homepage = "https://github.com/dvwright/phunspell"; + changelog = "https://github.com/dvwright/phunspell/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ vizid ]; + }; +} diff --git a/pkgs/development/python-modules/streamlit/default.nix b/pkgs/development/python-modules/streamlit/default.nix index 7dc7395749b3..4b36ad61faa0 100644 --- a/pkgs/development/python-modules/streamlit/default.nix +++ b/pkgs/development/python-modules/streamlit/default.nix @@ -33,14 +33,14 @@ buildPythonPackage rec { pname = "streamlit"; - version = "1.33.0"; + version = "1.34.0"; pyproject = true; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-qNqP9G9blIxW0tx6ynphz42ZX08hdEz4IliudeYwBLo="; + hash = "sha256-E1o7eaaGsxMrc/IERQrW6IneBPM0nWkpJeCfDiHnS1I="; }; nativeBuildInputs = [ diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 134206df9163..0739c5f50c90 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -931,6 +931,8 @@ self: super: with self; { atsim-potentials = callPackage ../development/python-modules/atsim-potentials { }; + attacut = callPackage ../development/python-modules/attacut { }; + attrdict = callPackage ../development/python-modules/attrdict { }; attrs = callPackage ../development/python-modules/attrs { }; @@ -9728,6 +9730,8 @@ self: super: with self; { phpserialize = callPackage ../development/python-modules/phpserialize { }; + phunspell = callPackage ../development/python-modules/phunspell { }; + phx-class-registry = callPackage ../development/python-modules/phx-class-registry { }; pi1wire = callPackage ../development/python-modules/pi1wire { };