colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2024-02-24 06:03:30 +00:00 committed by GitHub
commit 3affb60f96
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
44 changed files with 1430 additions and 1015 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/programs/steam.nix
View File

@ -82,6 +82,14 @@ in {
'';
};
localNetworkGameTransfers.openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open ports in the firewall for Steam Local Network Game Transfers.
'';
};
gamescopeSession = mkOption {
description = mdDoc "Run a GameScope driven Steam session from your display-manager";
default = {};
@ -139,15 +147,23 @@ in {
] ++ lib.optional cfg.gamescopeSession.enable steam-gamescope;
networking.firewall = lib.mkMerge [
(mkIf (cfg.remotePlay.openFirewall || cfg.localNetworkGameTransfers.openFirewall) {
allowedUDPPorts = [ 27036 ]; # Peer discovery
})
(mkIf cfg.remotePlay.openFirewall {
allowedTCPPorts = [ 27036 ];
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedUDPPortRanges = [ { from = 27031; to = 27035; } ];
})
(mkIf cfg.dedicatedServer.openFirewall {
allowedTCPPorts = [ 27015 ]; # SRCDS Rcon port
allowedUDPPorts = [ 27015 ]; # Gameplay traffic
})
(mkIf cfg.localNetworkGameTransfers.openFirewall {
allowedTCPPorts = [ 27040 ]; # Data transfers
})
];
};

9
nixos/modules/services/hardware/pcscd.nix
View File

@ -3,6 +3,7 @@
with lib;
let
cfg = config.services.pcscd;
cfgFile = pkgs.writeText "reader.conf" config.services.pcscd.readerConfig;
package = if config.security.polkit.enable
@ -41,6 +42,12 @@ in
See {manpage}`reader.conf(5)` for valid options.
'';
};
extraArgs = mkOption {
type = types.listOf types.str;
default = [ ];
description = lib.mdDoc "Extra command line arguments to be passed to the PCSC daemon.";
};
};
config = mkIf config.services.pcscd.enable {
@ -64,7 +71,7 @@ in
# around it, we force the path to the cfgFile.
#
# https://github.com/NixOS/nixpkgs/issues/121088
serviceConfig.ExecStart = [ "" "${package}/bin/pcscd -f -x -c ${cfgFile}" ];
serviceConfig.ExecStart = [ "" "${lib.getExe package} -f -x -c ${cfgFile} ${lib.escapeShellArgs cfg.extraArgs}" ];
};
};
}

10
pkgs/applications/blockchains/wownero/default.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, cmake
, boost
, libsodium
@ -45,6 +46,15 @@ stdenv.mkDerivation rec {
hash = "sha256-zmGsSbPpVwL0AhCQkdMKORruM5kYrrLe/BYfMphph8c=";
};
patches = [
# Fix gcc-13 build due to missing <cstdint> neaders
(fetchpatch {
name = "gcc-13.patch";
url = "https://git.wownero.com/wownero/wownero/commit/f983ac77805a494ea4a05a00398c553e1359aefd.patch";
hash = "sha256-9acQ4bHAKFR+lMgrpQyBmb+9YZYi1ywHoo1jBcIgmGs=";
})
];
nativeBuildInputs = [
cmake
];

3
pkgs/applications/misc/clipit/default.nix
View File

@ -28,8 +28,9 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Lightweight GTK Clipboard Manager";
inherit (src.meta) homepage;
license = licenses.gpl3;
license = licenses.gpl3Plus;
platforms = platforms.linux;
mainProgram = "clipit";
maintainers = with maintainers; [ kamilchm ];
};
}

3
pkgs/applications/misc/xmr-stak/default.nix
View File

@ -38,6 +38,9 @@ stdenv.mkDerivation rec {
'';
meta = with lib; {
# Does not build against gcc-13. No development activity upstream
# for past few years.
broken = true;
description = "Unified All-in-one Monero miner";
homepage = "https://github.com/fireice-uk/xmr-stak";
license = licenses.gpl3Plus;

21
pkgs/applications/misc/xmrig/moneroocean.nix
View File

@ -1,16 +1,31 @@
{ stdenv, fetchFromGitHub, lib, xmrig }:
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, xmrig
}:
xmrig.overrideAttrs (oldAttrs: rec {
pname = "xmrig-mo";
version = "6.20.0-mo1";
version = "6.21.0-mo2";
src = fetchFromGitHub {
owner = "MoneroOcean";
repo = "xmrig";
rev = "v${version}";
sha256 = "sha256-yHAipyZJXwH21u4YwjUqDCsXHVrI+eSnp4Iqt3AZC9A=";
hash = "sha256-OKyJcmhlY8gfDKyBf83KHhokp4qA8EDyessTwKReaD8=";
};
patches = [
# Fix build against gcc-13 due to missing <stdexcept> include
# https://github.com/MoneroOcean/xmrig/pull/123
(fetchpatch {
name = "gcc-13.patch";
url = "https://github.com/MoneroOcean/xmrig/commit/7d3ea51d68049c35e9d4c75732c751eefbc5ab29.patch";
hash = "sha256-iNrtZ8LxNJMzn8kXLhYGEFAy0ughfOZobDVRImpVPC0=";
})
];
meta = with lib; {
description = "A fork of the XMRig CPU miner with support for algorithm switching";
homepage = "https://github.com/MoneroOcean/xmrig";

16
pkgs/applications/networking/irc/bip/default.nix
View File

@ -1,9 +1,8 @@
{ lib
, stdenv
, fetchurl
, autoreconfHook
, pkg-config
, autoconf
, automake
, bison
, flex
, openssl
@ -21,12 +20,17 @@ stdenv.mkDerivation {
outputs = [ "out" "man" "doc" ];
nativeBuildInputs = [ pkg-config autoconf automake ];
postPatch = ''
# Drop blanket -Werror to avoid build failure on fresh toolchains
# and libraries. Without the cnage build fails on gcc-13 and on
# openssl-3.
substituteInPlace src/Makefile.am --replace-fail ' -Werror ' ' '
'';
nativeBuildInputs = [ autoreconfHook pkg-config ];
buildInputs = [ bison flex openssl ];
# FIXME: Openssl3 deprecated PEM_read_DHparams and DH_free
# https://projects.duckcorp.org/issues/780
env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations";
enableParallelBuilding = true;
meta = {
description = "An IRC proxy (bouncer)";

1
pkgs/development/tools/api-linter/default.nix → pkgs/by-name/ap/api-linter/package.nix
View File

@ -29,5 +29,6 @@ buildGoModule rec {
changelog = "https://github.com/googleapis/api-linter/releases/tag/${src.rev}";
license = licenses.asl20;
maintainers = with maintainers; [ xrelkd ];
mainProgram = "api-linter";
};
}

6
pkgs/by-name/fi/files-cli/package.nix
View File

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "files-cli";
version = "2.12.37";
version = "2.12.38";
src = fetchFromGitHub {
repo = "files-cli";
owner = "files-com";
rev = "v${version}";
hash = "sha256-2vXztx294fOAZ1Vp0z4sGfoUYZch9aZffyz/Z9vzEnQ=";
hash = "sha256-DjNnD852VOcIHrVtzf2fXm7PRpvrQIF51xqfA5BrJxI=";
};
vendorHash = "sha256-AEBpt8qg6UvHlx4iS8fXCdzQ0GgEf2ALKR00ThqXctc=";
vendorHash = "sha256-EUPaPihTDHRh0Y4HEPhpgl1Qa3rfhOdJHO/uRD8KzT4=";
ldflags = [
"-s"

4
pkgs/by-name/gr/graphite-cli/package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "@withgraphite/graphite-cli",
"version": "1.1.5",
"version": "1.2.3",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@withgraphite/graphite-cli",
"version": "1.1.5",
"version": "1.2.3",
"license": "None",
"dependencies": {
"chalk": "^4.1.2",

6
pkgs/by-name/gr/graphite-cli/package.nix
View File

@ -7,14 +7,14 @@
buildNpmPackage rec {
pname = "graphite-cli";
version = "1.1.5";
version = "1.2.3";
src = fetchurl {
url = "https://registry.npmjs.org/@withgraphite/graphite-cli/-/graphite-cli-${version}.tgz";
hash = "sha256-/JnhUjrZq1iiXwqCSXZH250gu3yh6gJt6JjZRJ2OQd8=";
hash = "sha256-T18D4JkH9B0BcJt5rgfKJsiTRhgNBBu70l6MDtPMoHQ=";
};
npmDepsHash = "sha256-oQLombXIZRyjnKA04xuDZoZf2NO/0/xFfuXXmp46OaI=";
npmDepsHash = "sha256-AouEmq4wCzDxk34cjRv2vL+Me+LgeSH8S/sAAvw0Fks=";
postPatch = ''
ln -s ${./package-lock.json} package-lock.json

4
pkgs/by-name/na/namespace-cli/package.nix
View File

@ -5,13 +5,13 @@
buildGoModule rec {
pname = "namespace-cli";
version = "0.0.341";
version = "0.0.345";
src = fetchFromGitHub {
owner = "namespacelabs";
repo = "foundation";
rev = "v${version}";
hash = "sha256-NslWnWYJpGbCOUnAyPhGqC2CNPifl5j9lBQ1YzS1UsQ=";
hash = "sha256-PDc907qr7fPfvR990UHIOnS2I4f7DveGAK8P8SsXS+g=";
};
vendorHash = "sha256-a/e+xPOD9BDSlKknmfcX2tTMyIUrzKxqtUpFXcFIDSE=";

101
pkgs/by-name/no/nosql-workbench/package.nix Normal file
View File

@ -0,0 +1,101 @@
{
appimageTools,
lib,
fetchurl,
jdk21,
stdenv,
undmg
}:
let
pname = "nosql-workbench";
version = "3.11.0";
src = fetchurl {
x86_64-darwin = {
url = "https://s3.amazonaws.com/nosql-workbench/NoSQL%20Workbench-mac-x64-${version}.dmg";
hash = "sha256-KM3aDDsQGZwUKU/or0eOoP8okAOPH7q8KL46RwfqhzM=";
};
aarch64-darwin = {
url = "https://s3.amazonaws.com/nosql-workbench/NoSQL%20Workbench-mac-arm64-${version}.dmg";
hash = "sha256-LzHiCMrDOWDuMNkkojLgKn+UG7x76wSAz0BapyWkAzU=";
};
x86_64-linux = {
url = "https://s3.amazonaws.com/nosql-workbench/NoSQL%20Workbench-linux-${version}.AppImage";
hash = "sha256-cDOSbhAEFBHvAluxTxqVpva1GJSlFhiozzRfuM4MK5c=";
};
}.${stdenv.system} or (throw "Unsupported system: ${stdenv.system}");
meta = {
description = "Visual tool that provides data modeling, data visualization, and query development features to help you design, create, query, and manage DynamoDB tables";
homepage = "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/workbench.html";
changelog = "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkbenchDocumentHistory.html";
license = lib.licenses.unfree;
maintainers = with lib.maintainers; [ DataHearth ];
platforms = [ "aarch64-darwin" "x86_64-darwin" "x86_64-linux" ];
};
in
if stdenv.isDarwin then stdenv.mkDerivation {
inherit pname version src meta;
sourceRoot = ".";
buildInputs = [ jdk21 ];
# DMG file is using APFS which is unsupported by "undmg".
# Fix found: https://discourse.nixos.org/t/help-with-error-only-hfs-file-systems-are-supported-on-ventura/25873/8
# "undmg" issue: https://github.com/matthewbauer/undmg/issues/4
unpackCmd = ''
echo "Creating temp directory"
mnt=$(TMPDIR=/tmp mktemp -d -t nix-XXXXXXXXXX)
function finish {
echo "Ejecting temp directory"
/usr/bin/hdiutil detach $mnt -force
rm -rf $mnt
}
# Detach volume when receiving SIG "0"
trap finish EXIT
# Mount DMG file
echo "Mounting DMG file into \"$mnt\""
/usr/bin/hdiutil attach -nobrowse -mountpoint $mnt $curSrc
# Copy content to local dir for later use
echo 'Copying extracted content into "sourceRoot"'
cp -a $mnt/NoSQL\ Workbench.app $PWD/
'';
installPhase = ''
runHook preInstall
mkdir -p "$out/Applications"
mv NoSQL\ Workbench.app $out/Applications/
runHook postInstall
'';
} else appimageTools.wrapType2 {
inherit pname version src meta;
extraPkgs = ps: (appimageTools.defaultFhsEnvArgs.multiPkgs ps) ++ [
# Required to run DynamoDB locally
ps.jdk21
];
extraInstallCommands = let
appimageContents = appimageTools.extract {
inherit pname version src;
};
in ''
# Replace version from binary name
mv $out/bin/${pname}-${version} $out/bin/${pname}
# Install XDG Desktop file and its icon
install -Dm444 ${appimageContents}/nosql-workbench.desktop -t $out/share/applications
install -Dm444 ${appimageContents}/nosql-workbench.png -t $out/share/pixmaps
# Replace wrong exec statement in XDG Desktop file
substituteInPlace $out/share/applications/nosql-workbench.desktop \
--replace 'Exec=AppRun --no-sandbox %U' 'Exec=nosql-workbench'
'';
}

0
pkgs/development/tools/database/pgagroal/do-not-search-libatomic.patch → pkgs/by-name/pg/pgagroal/do-not-search-libatomic.patch
View File

29
pkgs/by-name/pg/pgagroal/package.nix Normal file
View File

@ -0,0 +1,29 @@
{ lib, stdenv, fetchFromGitHub, cjson, cmake, docutils, libev, openssl, systemd }:
stdenv.mkDerivation (finalAttrs: {
pname = "pgagroal";
version = "1.6.0";
src = fetchFromGitHub {
owner = "agroal";
repo = "pgagroal";
rev = finalAttrs.version;
hash = "sha256-bgJvGJ35RdFopW88o+H1DLpG70anP197y6xrpRRrxUA=";
};
patches = [ ./do-not-search-libatomic.patch ];
nativeBuildInputs = [ cmake docutils ];
buildInputs = [ cjson libev openssl ]
++ lib.optionals stdenv.isLinux [ systemd ];
meta = with lib; {
description = "High-performance connection pool for PostgreSQL";
homepage = "https://agroal.github.io/pgagroal/";
changelog = "https://github.com/agroal/pgagroal/releases/tag/${finalAttrs.version}";
license = licenses.bsd3;
maintainers = [ maintainers.marsam ];
platforms = platforms.unix;
};
})

58
pkgs/by-name/rw/rwpspread/Cargo.lock generated
View File

@ -10,9 +10,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
[[package]]
name = "anstream"
version = "0.6.11"
version = "0.6.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5"
checksum = "96b09b5178381e0874812a9b157f7fe84982617e48f71f4e3235482775e5b540"
dependencies = [
"anstyle",
"anstyle-parse",
@ -135,9 +135,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "clap"
version = "4.5.0"
version = "4.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "80c21025abd42669a92efc996ef13cfb2c5c627858421ea58d5c3b331a6c134f"
checksum = "c918d541ef2913577a0f9566e9ce27cb35b6df072075769e0b26cb5a554520da"
dependencies = [
"clap_builder",
"clap_derive",
@ -145,9 +145,9 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.5.0"
version = "4.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "458bf1f341769dfcf849846f65dffdf9146daa56bcd2a47cb4e1de9915567c99"
checksum = "9f3e7391dad68afb0c2ede1bf619f579a3dc9c2ec67f089baa397123a2f3d1eb"
dependencies = [
"anstream",
"anstyle",
@ -196,9 +196,9 @@ dependencies = [
[[package]]
name = "crc32fast"
version = "1.3.2"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
checksum = "b3855a8a784b474f333699ef2bbca9db2c4a1f6d9088a90a2d25b1eb53111eaa"
dependencies = [
"cfg-if",
]
@ -379,9 +379,9 @@ dependencies = [
[[package]]
name = "indexmap"
version = "2.2.2"
version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "824b2ae422412366ba479e8111fd301f7b5faece8149317bb81925979a53f520"
checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177"
dependencies = [
"equivalent",
"hashbrown",
@ -488,15 +488,15 @@ checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58"
[[package]]
name = "pkg-config"
version = "0.3.29"
version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb"
checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
[[package]]
name = "png"
version = "0.17.11"
version = "0.17.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f6c3c3e617595665b8ea2ff95a86066be38fb121ff920a9c0eb282abcd1da5a"
checksum = "06e4b0d3d1312775e782c86c91a111aa1f910cbb65e1337f9975b5f9a554b5e1"
dependencies = [
"bitflags 1.3.2",
"crc32fast",
@ -507,9 +507,9 @@ dependencies = [
[[package]]
name = "polling"
version = "3.4.0"
version = "3.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30054e72317ab98eddd8561db0f6524df3367636884b7b21b703e4b280a84a14"
checksum = "24f040dee2588b4963afb4e420540439d126f73fdacf4a9c486a96d840bac3c9"
dependencies = [
"cfg-if",
"concurrent-queue",
@ -590,7 +590,7 @@ dependencies = [
[[package]]
name = "rwpspread"
version = "0.1.9-1"
version = "0.2.1-1"
dependencies = [
"clap",
"glob",
@ -604,9 +604,9 @@ dependencies = [
[[package]]
name = "ryu"
version = "1.0.16"
version = "1.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c"
checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1"
[[package]]
name = "scoped-tls"
@ -722,9 +722,9 @@ checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01"
[[package]]
name = "syn"
version = "2.0.48"
version = "2.0.49"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f"
checksum = "915aea9e586f80826ee59f8453c1101f9d1c4b3964cd2460185ee8e299ada496"
dependencies = [
"proc-macro2",
"quote",
@ -733,18 +733,18 @@ dependencies = [
[[package]]
name = "thiserror"
version = "1.0.56"
version = "1.0.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad"
checksum = "1e45bcbe8ed29775f228095caf2cd67af7a4ccf756ebff23a306bf3e8b47b24b"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
version = "1.0.56"
version = "1.0.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471"
checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81"
dependencies = [
"proc-macro2",
"quote",
@ -785,9 +785,9 @@ dependencies = [
[[package]]
name = "toml_edit"
version = "0.22.4"
version = "0.22.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0c9ffdf896f8daaabf9b66ba8e77ea1ed5ed0f72821b398aba62352e95062951"
checksum = "2c1b5fd4128cc8d3e0cb74d4ed9a9cc7c7284becd4df68f5f940e1ad123606f6"
dependencies = [
"indexmap",
"serde",
@ -1059,9 +1059,9 @@ checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
[[package]]
name = "winnow"
version = "0.5.39"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5389a154b01683d28c77f8f68f49dea75f0a4da32557a58f68ee51ebba472d29"
checksum = "d90f4e0f530c4c69f62b80d839e9ef3855edc9cba471a160c4d692deed62b401"
dependencies = [
"memchr",
]

4
pkgs/by-name/rw/rwpspread/package.nix
View File

@ -8,13 +8,13 @@
rustPlatform.buildRustPackage rec {
pname = "rwpspread";
version = "0.1.9";
version = "0.2.1";
src = fetchFromGitHub {
owner = "0xk1f0";
repo = "rwpspread";
rev = "v${version}";
hash = "sha256-oZgHMklHMKUpVY3g7wS2rna+5+ePEbcvdVJc9jPTeoI=";
hash = "sha256-I9zZtk+Byn2DBMvhRVUBJ5O8fzzy1uSTniMUDXi07ho=";
};
cargoLock = {

70
pkgs/by-name/sa/samdump2/package.nix Normal file
View File

@ -0,0 +1,70 @@
{ lib
, stdenv
, fetchurl
, fetchpatch
, openssl
, pkg-config
, which
}:
stdenv.mkDerivation (finalAttrs: {
pname = "samdump2";
version = "3.0.0";
src = fetchurl {
url = "mirror://sourceforge/project/ophcrack/samdump2/${finalAttrs.version}/samdump2-${finalAttrs.version}.tar.bz2";
hash = "sha256-YCZZrzDFZXUPoBZQ4KIj0mNVtd+Y8vvDDjpsWT7U5SY=";
};
nativeBuildInputs = [ pkg-config which ];
buildInputs = [
openssl
];
patches = [
(fetchpatch {
# fixes a FTBFS linker bug
url = "https://salsa.debian.org/pkg-security-team/samdump2/-/raw/b4c9f14f5a1925106e7c62c9967d430c1104df0c/debian/patches/10_ftbfs_link.patch";
hash = "sha256-TGzxi44dDAispG+rK/kYYMzKjt10p+ZyfVDWKG+Gw/s=";
})
(fetchpatch {
# the makefile overrides flags so you can't set them via d/rules or the environment
url = "https://salsa.debian.org/pkg-security-team/samdump2/-/raw/b4c9f14f5a1925106e7c62c9967d430c1104df0c/debian/patches/20_compiler_flags.patch";
hash = "sha256-VdDiNAQhlauAB4Ws/pvWMJY2rMKr3qhyVGX2GoxaagI=";
})
(fetchpatch {
# the makefile has a infos dep, but no target
url = "https://salsa.debian.org/pkg-security-team/samdump2/-/raw/b4c9f14f5a1925106e7c62c9967d430c1104df0c/debian/patches/30_install_infos.patch";
hash = "sha256-Y7kdU+ywUYFm2VySGFa0QE1OvzoTa0eFSWp0VFmY5iM=";
})
(fetchpatch {
# change the formatting in the manpage to make it more readable
url = "https://salsa.debian.org/pkg-security-team/samdump2/-/raw/b4c9f14f5a1925106e7c62c9967d430c1104df0c/debian/patches/40_manpage_formatting.patch";
hash = "sha256-L4BjtiGk91nTKZdr0SXbaxkD2mzmkU3UJlc4TZfXS4Y=";
})
(fetchpatch {
# fix a FTBFS with OpenSSL 1.1.0. (Closes: #828537)
url = "https://salsa.debian.org/pkg-security-team/samdump2/-/raw/b4c9f14f5a1925106e7c62c9967d430c1104df0c/debian/patches/50_openssl.patch";
hash = "sha256-pdLOSt7kX9uPg4wDVstxh3NC/DboQCP+5/wCjuJmruY=";
})
];
postPatch = ''
substituteInPlace Makefile \
--replace " -o root -g root" ""
'';
makeFlags = [
"PREFIX=$(out)"
"CC=cc"
];
meta = with lib; {
description = "Dump password hashes from a Windows NT/2k/XP installation";
mainProgram = "samdump2";
homepage = "https://sourceforge.net/projects/ophcrack/files/samdump2";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ d3vil0p3r ];
platforms = platforms.unix;
};
})

87
pkgs/by-name/un/unix-privesc-check/package.nix Normal file
View File

@ -0,0 +1,87 @@
{ lib
, resholve
, fetchurl
, gawk
, bash
, binutils
, coreutils
, file
, findutils
, glibc
, gnugrep
, gnused
, nettools
, openssh
, postgresql
, ps
, util-linux
, which
}:
# resholve does not yet support `finalAttrs` call pattern hence `rec`
# https://github.com/abathur/resholve/issues/107
resholve.mkDerivation rec {
pname = "unix-privesc-check";
version = "1.4";
src = fetchurl {
url = "https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-${version}.tar.gz";
hash = "sha256-4fhef2n6ut0jdWo9dqDj2GSyHih2O2DOLmGBKQ0cGWk=";
};
patches = [
./unix-privesc-check.patch # https://github.com/NixOS/nixpkgs/pull/287629#issuecomment-1944428796
];
solutions = {
unix-privesc-check = {
scripts = [ "bin/unix-privesc-check" ];
interpreter = "${bash}/bin/bash";
inputs = [
gawk
bash
binutils # for strings command
coreutils
file
findutils # for xargs command
glibc # for ldd command
gnugrep
gnused
nettools
openssh
postgresql # for psql command
ps
util-linux # for swapon command
which
];
fake = {
external = [
"lanscan" # lanscan exists only for HP-UX OS
"mount" # Getting same error described in https://github.com/abathur/resholve/issues/29
"passwd" # Getting same error described in https://github.com/abathur/resholve/issues/29
];
};
execer = [
"cannot:${glibc.bin}/bin/ldd"
"cannot:${postgresql}/bin/psql"
"cannot:${openssh}/bin/ssh-add"
"cannot:${util-linux.bin}/bin/swapon"
];
};
};
installPhase = ''
runHook preInstall
install -Dm 755 unix-privesc-check $out/bin/unix-privesc-check
runHook postInstall
'';
meta = with lib; {
description = "Find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps";
mainProgram = "unix-privesc-check";
homepage = "https://pentestmonkey.net/tools/audit/unix-privesc-check";
maintainers = with maintainers; [ d3vil0p3r ];
platforms = platforms.unix;
license = licenses.gpl2Plus;
};
}

20
pkgs/by-name/un/unix-privesc-check/unix-privesc-check.patch Normal file
View File

@ -0,0 +1,20 @@
--- a/unix-privesc-check 2024-02-14 20:21:24.725453661 +0100
+++ b/unix-privesc-check 2024-02-14 20:21:46.577446690 +0100
@@ -484,17 +484,6 @@
# Set path so we can access usual directories. HPUX and some linuxes don't have sbin in the path.
PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin; export PATH
-# Check dependent programs are installed
-# Assume "which" is installed!
-PROGS="ls awk grep cat mount xargs file ldd strings"
-for PROG in $PROGS; do
- which $PROG 2>&1 > /dev/null
- if [ ! $? = "0" ]; then
- echo "ERROR: Dependend program '$PROG' is mising. Can't run. Sorry!"
- exit 1
- fi
-done
-
banner
section "Recording hostname"

4
pkgs/development/compilers/edk2/default.nix
View File

@ -33,7 +33,7 @@ buildType = if stdenv.isDarwin then
edk2 = stdenv.mkDerivation rec {
pname = "edk2";
version = "202311";
version = "202402";
patches = [
# pass targetPrefix as an env var
@ -48,7 +48,7 @@ edk2 = stdenv.mkDerivation rec {
repo = "edk2";
rev = "edk2-stable${edk2.version}";
fetchSubmodules = true;
hash = "sha256-gC/If8U9qo70rGvNl3ld/mmZszwY0w/5Ge/K21mhzYw=";
hash = "sha256-Nurm6QNKCyV6wvbj0ELdYAL7mbZ0yg/tTwnEJ+N18ng=";
};
# We don't want EDK2 to keep track of OpenSSL,

2
pkgs/development/compilers/llvm/17/default.nix
View File

@ -144,7 +144,7 @@ in let
inherit llvm_meta;
};
mlir = callPackage ./mlir {
mlir = callPackage ../common/mlir {
inherit llvm_meta;
};

0
pkgs/development/compilers/llvm/17/mlir/default.nix → pkgs/development/compilers/llvm/common/mlir/default.nix
View File

0
pkgs/development/compilers/llvm/17/mlir/gnu-install-dirs.patch → pkgs/development/compilers/llvm/common/mlir/gnu-install-dirs.patch
View File

4
pkgs/development/compilers/llvm/git/default.nix
View File

@ -144,6 +144,10 @@ in let
inherit llvm_meta;
};
mlir = callPackage ../common/mlir {
inherit llvm_meta;
};
lldb = callPackage ../common/lldb.nix {
src = callPackage ({ runCommand }: runCommand "lldb-src-${version}" {} ''
mkdir -p "$out"

27
pkgs/development/tools/database/pgagroal/default.nix
View File

@ -1,27 +0,0 @@
{ lib, stdenv, fetchFromGitHub, cmake, docutils, libev, openssl, systemd }:
stdenv.mkDerivation rec {
pname = "pgagroal";
version = "1.5.1";
src = fetchFromGitHub {
owner = "agroal";
repo = "pgagroal";
rev = version;
hash = "sha256-d6icEYlk0qnzmoP/mvSmTw16YfIYWc2WbY7sKguX7Ug=";
};
patches = [ ./do-not-search-libatomic.patch ];
nativeBuildInputs = [ cmake docutils ];
buildInputs = [ libev openssl systemd ];
meta = with lib; {
description = "High-performance connection pool for PostgreSQL";
homepage = "https://agroal.github.io/pgagroal/";
license = licenses.bsd3;
maintainers = [ maintainers.marsam ];
platforms = platforms.linux;
};
}

1492
pkgs/development/tools/database/surrealdb-migrations/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

4
pkgs/development/tools/database/surrealdb-migrations/default.nix
View File

@ -10,7 +10,7 @@
let
pname = "surrealdb-migrations";
version = "1.0.1";
version = "1.1.0";
in
rustPlatform.buildRustPackage rec {
inherit pname version;
@ -19,7 +19,7 @@ rustPlatform.buildRustPackage rec {
owner = "Odonno";
repo = pname;
rev = "v${version}";
hash = "sha256-yody0F8Wkizyq7SW9OjT4cV3O9HOUYlBc7+8GwJG2cs=";
hash = "sha256-UnRf9HdEcKH0cOWKJIjgjNBlSVjXyk27bwB+4ftzAcs=";
};
cargoLock = {

8
pkgs/development/tools/misc/dart-sass/default.nix
View File

@ -10,24 +10,24 @@
}:
let
embedded-protocol-version = "2.4.0";
embedded-protocol-version = "2.5.0";
embedded-protocol = fetchFromGitHub {
owner = "sass";
repo = "sass";
rev = "refs/tags/embedded-protocol-${embedded-protocol-version}";
hash = "sha256-19YQTda5su2PI2vLzVRCn7fQoH5vEg3539gXEeLLvV8=";
hash = "sha256-ue2yv6jy0J8207Nhc5i8jnBWlNeYmGqexS2f3LDwg18=";
};
in
buildDartApplication rec {
pname = "dart-sass";
version = "1.70.0";
version = "1.71.1";
src = fetchFromGitHub {
owner = "sass";
repo = pname;
rev = version;
hash = "sha256-JLVcoDAngP1y8EC4K6fIJdPu2Xm8LLAxUm8BTK5tSVk=";
hash = "sha256-MFBAc89Ib++Qve+SjkOOeZhdpH8Kwoic9U+d2ldt8W8=";
};
pubspecLock = lib.importJSON ./pubspec.lock.json;

66
pkgs/development/tools/misc/dart-sass/pubspec.lock.json
View File

@ -4,21 +4,21 @@
"dependency": "transitive",
"description": {
"name": "_fe_analyzer_shared",
"sha256": "36a321c3d2cbe01cbcb3540a87b8843846e0206df3e691fa7b23e19e78de6d49",
"sha256": "0b2f2bd91ba804e53a61d757b986f89f1f9eaed5b11e4b2f5a2468d86d6c9fc7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "65.0.0"
"version": "67.0.0"
},
"analyzer": {
"dependency": "direct dev",
"description": {
"name": "analyzer",
"sha256": "dfe03b90ec022450e22513b5e5ca1f01c0c01de9c3fba2f7fd233cb57a6b9a07",
"sha256": "37577842a27e4338429a1cbc32679d508836510b056f1eedf0c8d20e39c1383d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.3.0"
"version": "6.4.1"
},
"archive": {
"dependency": "direct dev",
@ -84,11 +84,11 @@
"dependency": "direct main",
"description": {
"name": "cli_pkg",
"sha256": "7b088621eb3d486c17a4122389d8b3f36658450d5a405fa229166b1a71a7ce4a",
"sha256": "b15d9558c6a44f20840198e385e3e4fe1fcb17d1a45e60e0657d9bd42e630a61",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.7.2"
"version": "2.9.0"
},
"cli_repl": {
"dependency": "direct main",
@ -174,11 +174,11 @@
"dependency": "direct dev",
"description": {
"name": "dartdoc",
"sha256": "cbc4520cf486395741209693c3e7ef70653b1879b5a73e010815bf50431d330c",
"sha256": "6b147cb40a72557749d7a6594eb4e065057be54b44000cd57273e4a450c3b84e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "8.0.3"
"version": "8.0.5"
},
"ffi": {
"dependency": "transitive",
@ -254,11 +254,11 @@
"dependency": "direct main",
"description": {
"name": "http",
"sha256": "759d1a329847dd0f39226c688d3e06a6b8679668e350e2891a6474f8b4bb8525",
"sha256": "a2bbf9d017fcced29139daa8ed2bba4ece450ab222871df93ca9eec6f80c34ba",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.1.0"
"version": "1.2.0"
},
"http_multi_server": {
"dependency": "transitive",
@ -354,21 +354,31 @@
"dependency": "direct main",
"description": {
"name": "meta",
"sha256": "d584fa6707a52763a52446f02cc621b077888fb63b93bbcb1143a7be5a0c0c04",
"sha256": "7687075e408b093f36e6bbf6c91878cc0d4cd10f409506f7bc996f68220b9136",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.11.0"
"version": "1.12.0"
},
"mime": {
"dependency": "transitive",
"description": {
"name": "mime",
"sha256": "e4ff8e8564c03f255408decd16e7899da1733852a9110a58fe6d1b817684a63e",
"sha256": "2e123074287cc9fd6c09de8336dae606d1ddb88d9ac47358826db698c176a1f2",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.0.4"
"version": "1.0.5"
},
"native_stack_traces": {
"dependency": "transitive",
"description": {
"name": "native_stack_traces",
"sha256": "c797830b9910d13b0f4e70ddef15cde034214fe3bdb8092c4ea5ffad2f74013f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.5.6"
},
"native_synchronization": {
"dependency": "direct main",
@ -434,11 +444,11 @@
"dependency": "transitive",
"description": {
"name": "petitparser",
"sha256": "eeb2d1428ee7f4170e2bd498827296a18d4e7fc462b71727d111c0ac7707cfa6",
"sha256": "c15605cd28af66339f8eb6fbe0e541bfe2d1b72d5825efc6598f3e0a31b9ad27",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.0.1"
"version": "6.0.2"
},
"pointycastle": {
"dependency": "transitive",
@ -664,11 +674,11 @@
"dependency": "direct dev",
"description": {
"name": "test",
"sha256": "694c108e13c6b35b15fcb0f8f03eddf8373f93b044c9497b5e81ce09f7381bda",
"sha256": "7ee446762c2c50b3bd4ea96fe13ffac69919352bd3b4b17bac3f3465edc58073",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.25.1"
"version": "1.25.2"
},
"test_api": {
"dependency": "transitive",
@ -750,15 +760,25 @@
"source": "hosted",
"version": "1.1.0"
},
"web": {
"dependency": "transitive",
"description": {
"name": "web",
"sha256": "4188706108906f002b3a293509234588823c8c979dc83304e229ff400c996b05",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.4.2"
},
"web_socket_channel": {
"dependency": "transitive",
"description": {
"name": "web_socket_channel",
"sha256": "d88238e5eac9a42bb43ca4e721edba3c08c6354d4a53063afaa568516217621b",
"sha256": "939ab60734a4f8fa95feacb55804fa278de28bdeef38e616dc08e44a84adea23",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.4.0"
"version": "2.4.3"
},
"webkit_inspection_protocol": {
"dependency": "transitive",
@ -774,11 +794,11 @@
"dependency": "transitive",
"description": {
"name": "xml",
"sha256": "af5e77e9b83f2f4adc5d3f0a4ece1c7f45a2467b695c2540381bac793e34e556",
"sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.4.2"
"version": "6.5.0"
},
"yaml": {
"dependency": "direct dev",
@ -792,6 +812,6 @@
}
},
"sdks": {
"dart": ">=3.1.0 <4.0.0"
"dart": ">=3.2.0 <4.0.0"
}
}

6
pkgs/development/tools/rust/cargo-deny/default.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-deny";
version = "0.14.11";
version = "0.14.12";
src = fetchFromGitHub {
owner = "EmbarkStudios";
repo = "cargo-deny";
rev = version;
hash = "sha256-xK6Q1p5SlpFGQ1ZtSHGFBwwL2z1LMcdM/jaC5RWglts=";
hash = "sha256-A1OoMmF1SVjOfrymenDxEgNE6K/0Tw3Gc9xBsW5jogU=";
};
cargoHash = "sha256-6HSdbyBBnvcbJzXBvtuqbauVqLoSuAzo73S+4vioo8I=";
cargoHash = "sha256-lNLNmKVx6BfsqRm21oCUcVdkzCLEyVDrJDHSLKotSPI=";
nativeBuildInputs = [
pkg-config

4
pkgs/development/web/postman/darwin.nix
View File

@ -11,12 +11,12 @@ let
dist = {
aarch64-darwin = {
arch = "arm64";
sha256 = "sha256-Dy37gqClpV/9GzlpX6FjF+grDN/txbZO7G5BpEA2sms=";
sha256 = "sha256-P7x06KKH0e1Yro93SCEJyiWS/Uv25tWU8A85vxv85hI=";
};
x86_64-darwin = {
arch = "64";
sha256 = "sha256-gYlgrq3IyQtcecv9kuh1bHP1TVTPM8Apx2ZU5JLSSkQ=";
sha256 = "sha256-/jlLU5NKF8sNZ49n90219b/oiVFT8EkFx2oYhIk8Tgw=";
};
}.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system: ${stdenvNoCC.hostPlatform.system}");

2
pkgs/development/web/postman/default.nix
View File

@ -2,7 +2,7 @@
let
pname = "postman";
version = "10.18.6";
version = "10.23.5";
meta = with lib; {
homepage = "https://www.getpostman.com";
description = "API Development Environment";

6
pkgs/development/web/postman/linux.nix
View File

@ -20,6 +20,7 @@
, nspr
, pango
, udev
, libsecret
, libuuid
, libX11
, libxcb
@ -53,12 +54,12 @@ let
dist = {
aarch64-linux = {
arch = "arm64";
sha256 = "sha256-shiUW7o6H0aaGCgHm3oVqjLZNsB4KIn7EIxWRVCAWi0=";
sha256 = "sha256-esboLFqCziTlCFHyK6GxFq9Rik9jHiqX6ED0D53P1K4=";
};
x86_64-linux = {
arch = "64";
sha256 = "sha256-R6mejxuxSZv37nyjnt/oGvgqCw1pULCHCWnlw+pq8iY=";
sha256 = "sha256-NH5bfz74/WIXbNdYs6Hoh/FF54v2+b4Ci5T7Y095Akw=";
};
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
@ -107,6 +108,7 @@ stdenv.mkDerivation rec {
pango
udev
libdrm
libsecret
libuuid
libX11
libxcb

4
pkgs/games/hyperrogue/default.nix
View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
pname = "hyperrogue";
version = "13.0a";
version = "13.0b";
src = fetchFromGitHub {
owner = "zenorogue";
repo = "hyperrogue";
rev = "v${version}";
sha256 = "sha256-ebUS5J2NXv6MRoVLg9Ymc5+h9Wn85fKd9N4ohxMxpq4=";
sha256 = "sha256-n3CD1p0weWW9P3WnS05bauFbtShocleSACk4VOXzEeY=";
};
CXXFLAGS = [

4
pkgs/os-specific/darwin/karabiner-elements/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "karabiner-elements";
version = "14.11.0";
version = "14.13.0";
src = fetchurl {
url = "https://github.com/pqrs-org/Karabiner-Elements/releases/download/v${version}/Karabiner-Elements-${version}.dmg";
sha256 = "sha256-InuSfXbaSYsncq8jVO15LbQmDTguRHlOiE/Pj5EfX5c=";
sha256 = "sha256-gmJwoht/Tfm5qMecmq1N6PSAIfWOqsvuHU8VDJY8bLw=";
};
outputs = [ "out" "driver" ];

28
pkgs/servers/invidious/default.nix
View File

@ -1,11 +1,11 @@
{ lib, stdenv, crystal, fetchFromGitea, librsvg, pkg-config, libxml2, openssl, shards, sqlite, lsquic, videojs, nixosTests }:
{ lib, stdenv, crystal, fetchFromGitea, librsvg, pkg-config, libxml2, openssl, shards, sqlite, videojs, nixosTests }:
let
# All versions, revisions, and checksums are stored in ./versions.json.
# The update process is the following:
# * pick the latest commit
# * update .invidious.rev, .invidious.version, and .invidious.sha256
# * update .invidious.rev, .invidious.version, and .invidious.hash
# * prefetch the videojs dependencies with scripts/fetch-player-dependencies.cr
# and update .videojs.sha256 (they are normally fetched during build
# and update .videojs.hash (they are normally fetched during build
# but nix's sandboxing does not allow that)
# * if shard.lock changed
# * recreate shards.nix by running crystal2nix
@ -23,7 +23,7 @@ crystal.buildCrystalPackage rec {
owner = "iv-org";
repo = pname;
fetchSubmodules = true;
inherit (versions.invidious) rev sha256;
inherit (versions.invidious) rev hash;
};
postPatch =
@ -45,7 +45,7 @@ crystal.buildCrystalPackage rec {
substituteInPlace src/invidious.cr \
--replace ${lib.escapeShellArg branchTemplate} '"master"' \
--replace ${lib.escapeShellArg commitTemplate} '"${lib.substring 0 7 versions.invidious.rev}"' \
--replace ${lib.escapeShellArg versionTemplate} '"${lib.replaceStrings ["-"] ["."] (lib.substring 9 10 version)}"' \
--replace ${lib.escapeShellArg versionTemplate} '"${lib.concatStringsSep "." (lib.drop 2 (lib.splitString "-" version))}"' \
--replace ${lib.escapeShellArg assetCommitTemplate} '"${lib.substring 0 7 versions.invidious.rev}"'
# Patch the assets and locales paths to be absolute
@ -75,20 +75,9 @@ crystal.buildCrystalPackage rec {
"--verbose"
"--no-debug"
"-Dskip_videojs_download"
"-Ddisable_quic"
];
};
postConfigure = ''
# lib includes nix store paths which cant be patched, so the links have to
# be dereferenced first.
cp -rL lib lib2
rm -r lib
mv lib2 lib
chmod +w -R lib
cp ${lsquic}/lib/liblsquic.a lib/lsquic/src/lsquic/ext
'';
postInstall = ''
mkdir -p $out/share/invidious/config
@ -102,15 +91,16 @@ crystal.buildCrystalPackage rec {
# environment variable. Even though the database and hmac_key are
# bogus, --help still works.
installCheckPhase = ''
INVIDIOUS_CONFIG="$(cat <<EOF
export INVIDIOUS_CONFIG="$(cat <<EOF
database_url: sqlite3:///dev/null
hmac_key: "this-is-required"
EOF
)" $out/bin/invidious --help
)"
$out/bin/invidious --help
$out/bin/invidious --version
'';
passthru = {
inherit lsquic;
tests = { inherit (nixosTests) invidious; };
updateScript = ./update.sh;
};

133
pkgs/servers/invidious/lsquic.nix
View File

@ -1,133 +0,0 @@
{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, fetchurl, cmake, zlib, perl, libevent }:
let
versions = lib.importJSON ./versions.json;
fetchGitilesPatch = { name, url, sha256 }:
fetchurl {
url = "${url}%5E%21?format=TEXT";
inherit name sha256;
downloadToTemp = true;
postFetch = ''
base64 -d < $downloadedFile > $out
'';
};
# lsquic requires a specific boringssl version (noted in its README)
boringssl' = boringssl.overrideAttrs ({ preBuild, ... }: {
version = versions.boringssl.rev;
src = fetchgit {
url = "https://boringssl.googlesource.com/boringssl";
inherit (versions.boringssl) rev sha256;
};
patches = [
# Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem
./use-etc-ssl-certs.patch
# because lsquic requires that specific boringssl version and that
# version does not yet include fixes for gcc11 build errors, they
# must be backported
(fetchGitilesPatch {
name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch";
url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920";
sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj";
})
(fetchGitilesPatch {
name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch";
url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2";
sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm";
})
/*
# the following patch is too complex, so we will modify the build flags
# of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild
# and turn off -Werror=stringop-overflow
(fetchGitilesPatch {
name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch";
url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc";
sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr";
})
*/
(fetchGitilesPatch {
name = "fix-array-parameter-warnings.patch";
url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804";
sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv";
})
];
preBuild = preBuild + lib.optionalString stdenv.isLinux ''
sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \
-i build.ninja
'' + lib.optionalString stdenv.cc.isGNU ''
# Silence warning that causes build failures with GCC.
sed -e '/^build ssl\/test\/CMakeFiles\/bssl_shim\.dir\/settings_writer\.cc\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=ignored-attributes/' \
-e '/^build ssl\/test\/CMakeFiles\/handshaker\.dir\/settings_writer\.cc\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=ignored-attributes/' \
-i build.ninja
'' + lib.optionalString stdenv.cc.isClang (
# Silence warnings that cause build failures with newer versions of clang.
let
clangVersion = lib.getVersion stdenv.cc;
in
lib.optionalString (lib.versionAtLeast clangVersion "13") ''
sed -e '/^build crypto\/CMakeFiles\/crypto\.dir\/x509\/t_x509\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=unused-but-set-variable/' \
-e '/^build tool\/CMakeFiles\/bssl\.dir\/digest\.cc\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=unused-but-set-variable/' \
-i build.ninja
'' + lib.optionalString (lib.versionAtLeast clangVersion "16") ''
sed -e '/^build crypto\/CMakeFiles\/crypto\.dir\/trust_token\/trust_token\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=single-bit-bitfield-constant-conversion/' \
-i build.ninja
''
);
});
in
stdenv.mkDerivation rec {
pname = "lsquic";
version = versions.lsquic.version;
src = fetchFromGitHub {
owner = "litespeedtech";
repo = pname;
rev = "v${version}";
inherit (versions.lsquic) sha256;
fetchSubmodules = true;
};
postPatch = ''
substituteInPlace CMakeLists.txt \
--replace ".so" "${stdenv.hostPlatform.extensions.sharedLibrary}"
'';
nativeBuildInputs = [ cmake perl ];
buildInputs = [ boringssl' libevent zlib ];
cmakeFlags = [
"-DBORINGSSL_DIR=${lib.getDev boringssl'}"
"-DBORINGSSL_LIB_crypto=${lib.getLib boringssl'}/lib/libcrypto.a"
"-DBORINGSSL_LIB_ssl=${lib.getLib boringssl'}/lib/libssl.a"
"-DZLIB_LIB=${zlib}/lib/libz.so"
];
# adapted from lsquic.crs Dockerfile
# (https://github.com/iv-org/lsquic.cr/blob/master/docker/Dockerfile)
installPhase = ''
runHook preInstall
mkdir combinedlib
cd combinedlib
ar -x ${lib.getLib boringssl'}/lib/libssl.a
ar -x ${lib.getLib boringssl'}/lib/libcrypto.a
ar -x ../src/liblsquic/liblsquic.a
ar rc liblsquic.a *.o
ranlib liblsquic.a
install -D liblsquic.a $out/lib/liblsquic.a
runHook postInstall
'';
passthru.boringssl = boringssl';
meta = with lib; {
description = "A library for QUIC and HTTP/3 (version for Invidious)";
homepage = "https://github.com/litespeedtech/lsquic";
maintainers = with maintainers; [ infinisil sbruder ];
license = with licenses; [ openssl isc mit bsd3 ]; # statically links against boringssl, so has to include its licenses
};
}

54
pkgs/servers/invidious/shards.nix
View File

@ -1,80 +1,62 @@
{
ameba = {
url = "https://github.com/crystal-ameba/ameba.git";
rev = "v1.5.0";
sha256 = "1idivsbpmi40aqvs82fsv37nrgikirprxrj3ls9chsb876fq9p2d";
};
athena-negotiation = {
owner = "athena-framework";
repo = "negotiation";
url = "https://github.com/athena-framework/negotiation.git";
rev = "v0.1.1";
sha256 = "1vkk59lqrxb0l8kyzs114i3c18zb2bdiah2xhazkk8q7x6fz4yzk";
};
backtracer = {
owner = "sija";
repo = "backtracer.cr";
url = "https://github.com/sija/backtracer.cr.git";
rev = "v1.2.1";
sha256 = "02r1l7rn2wsljkx495s5s7j04zgn73m2kx0hkzs7620camvlwbqq";
};
db = {
owner = "crystal-lang";
repo = "crystal-db";
url = "https://github.com/crystal-lang/crystal-db.git";
rev = "v0.10.1";
sha256 = "03c5h14z6h2mxnx949lihnyqjd19hcj38iasdwq9fp95h8cld376";
};
exception_page = {
owner = "crystal-loot";
repo = "exception_page";
url = "https://github.com/crystal-loot/exception_page.git";
rev = "v0.2.2";
sha256 = "1c8askb9b7621jjz5pjj6b8pdbhw3r1l3dym6swg1saspf5j3jwi";
};
kemal = {
owner = "kemalcr";
repo = "kemal";
url = "https://github.com/kemalcr/kemal.git";
rev = "v1.1.2";
sha256 = "1149q4qw0zrws5asqqr4snrdi67xsmisdcq58zcrbgqgsxgly9d0";
};
kilt = {
owner = "jeromegn";
repo = "kilt";
url = "https://github.com/jeromegn/kilt.git";
rev = "v0.6.1";
sha256 = "0dpc15y9m8c5l9zdfif6jlf7zmkrlm9w4m2igi5xa22fdjwamwfp";
};
lsquic = {
owner = "iv-org";
repo = "lsquic.cr";
rev = "v2.18.1-2";
sha256 = "0bljk0pwbjb813dfwrhgi00w2ai09k868xvak4hfzdkbmpc7id6y";
};
pg = {
owner = "will";
repo = "crystal-pg";
url = "https://github.com/will/crystal-pg.git";
rev = "v0.24.0";
sha256 = "07i5bqkv5j6y6f8v5cpqdxc5wzzrvgv3ds24znv4mzv6nc84csn4";
};
protodec = {
owner = "iv-org";
repo = "protodec";
rev = "v0.1.4";
sha256 = "15azh9izxqgwpgkpicmivfdz31wkibnwy09rwhxsg0lyc4wf8xj9";
url = "https://github.com/iv-org/protodec.git";
rev = "v0.1.5";
sha256 = "09cm36skv2mxqrlczp0j1g7cf8wsfdqr8q39nxyj3ggc3yadp8bc";
};
radix = {
owner = "luislavena";
repo = "radix";
url = "https://github.com/luislavena/radix.git";
rev = "v0.4.1";
sha256 = "1l08cydkdidq9yyil1wl240hvk41iycv04jrg6nx5mkvzw4z1bzg";
};
spectator = {
owner = "icy-arctic-fox";
repo = "spectator";
url = "https://github.com/icy-arctic-fox/spectator.git";
rev = "v0.10.4";
sha256 = "0rcxq2nbslvwrd8m9ajw6dzaw3hagxmkdy9s8p34cgnr4c9dijdq";
};
sqlite3 = {
owner = "crystal-lang";
repo = "crystal-sqlite3";
url = "https://github.com/crystal-lang/crystal-sqlite3.git";
rev = "v0.18.0";
sha256 = "03nnvpchhq9f9ywsm3pk2rrj4a3figw7xs96zdziwgr5znkz6x93";
};
ameba = {
owner = "crystal-ameba";
repo = "ameba";
rev = "v0.14.3";
sha256 = "1cfr95xi6hsyxw1wlrh571hc775xhwmssk3k14i8b7dgbwfmm5x1";
};
}

36
pkgs/servers/invidious/update.sh
View File

@ -35,13 +35,14 @@ if [ ! -d "$git_dir" ]; then
git init --initial-branch="$git_branch" "$git_dir"
git -C "$git_dir" remote add origin "$git_url"
fi
git -C "$git_dir" fetch origin "$git_branch"
git -C "$git_dir" fetch origin --tags "$git_branch"
# use latest commit before today, we should not call the version *today*
# because there might still be commits coming
# use the day of the latest commit we picked as version
new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch")
new_version="unstable-$(TZ=UTC git -C "$git_dir" log -n 1 --date='format-local:%Y-%m-%d' --format='%cd' "$new_rev")"
new_tag=$(git -C "$git_dir" describe --tags --abbrev=0 "$new_rev")
new_version="$new_tag-unstable-$(TZ=UTC git -C "$git_dir" log -n 1 --date='format-local:%Y-%m-%d' --format='%cd' "$new_rev")"
info "latest commit before $today: $new_rev"
if [ "$new_rev" = "$old_rev" ]; then
@ -51,8 +52,8 @@ fi
json_set '.invidious.version' "$new_version"
json_set '.invidious.rev' "$new_rev"
new_sha256=$(nix-prefetch -I 'nixpkgs=../../..' "$pkg")
json_set '.invidious.sha256' "$new_sha256"
new_hash=$(nix-prefetch -I 'nixpkgs=../../..' "$pkg")
json_set '.invidious.hash' "$new_hash"
commit_msg="$pkg: $old_version -> $new_version"
# fetch video.js dependencies
@ -60,37 +61,14 @@ info "Running scripts/fetch-player-dependencies.cr..."
git -C "$git_dir" reset --hard "$new_rev"
(cd "$git_dir" && crystal run scripts/fetch-player-dependencies.cr -- --minified)
rm -f "$git_dir/assets/videojs/.gitignore"
videojs_new_sha256=$(nix-hash --type sha256 --base32 "$git_dir/assets/videojs")
json_set '.videojs.sha256' "$videojs_new_sha256"
videojs_new_hash=$(nix-hash --type sha256 --sri "$git_dir/assets/videojs")
json_set '.videojs.hash' "$videojs_new_hash"
if git -C "$git_dir" diff-tree --quiet "${old_rev}..${new_rev}" -- 'shard.lock'; then
info "shard.lock did not change since $old_rev."
else
info "Updating shards.nix..."
crystal2nix -- "$git_dir/shard.lock" # argv's index seems broken
lsquic_old_version=$(json_get '.lsquic.version')
# lsquic.cr's version tracks lsquic's, so lsquic must be updated to the
# version in the shards file
lsquic_new_version=$(nix eval --raw -f 'shards.nix' lsquic.rev \
| sed -e 's/^v//' -e 's/-[0-9]*$//')
if [ "$lsquic_old_version" != "$lsquic_new_version" ]; then
info "Updating lsquic to $lsquic_new_version..."
json_set '.lsquic.version' "$lsquic_new_version"
lsquic_new_sha256=$(nix-prefetch -I 'nixpkgs=../../..' "${pkg}.lsquic")
json_set '.lsquic.sha256' "$lsquic_new_sha256"
info "Updating boringssl..."
# lsquic specifies the boringssl commit it requires in its README
boringssl_new_rev=$(curl -LSsf "https://github.com/litespeedtech/lsquic/raw/v${lsquic_new_version}/README.md" \
| grep -Pom1 '(?<=^git checkout ).*')
json_set '.boringssl.rev' "$boringssl_new_rev"
boringssl_new_sha256=$(nix-prefetch -I 'nixpkgs=../../..' "${pkg}.lsquic.boringssl")
json_set '.boringssl.sha256' "$boringssl_new_sha256"
commit_msg="$commit_msg
lsquic: $lsquic_old_version -> $lsquic_new_version"
fi
fi
git commit --verbose --message "$commit_msg" -- versions.json shards.nix

16
pkgs/servers/invidious/versions.json
View File

@ -1,18 +1,10 @@
{
"boringssl": {
"rev": "251b5169fd44345f455438312ec4e18ae07fd58c",
"sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A="
},
"invidious": {
"rev": "c005ada48723808e507d0a4d5a3363a1c14a4f07",
"sha256": "sha256-KbnBdAAjScwKV4uUzyBXAQx2C7MqCdCM3gSvgNIzKAU=",
"version": "unstable-2024-01-29"
},
"lsquic": {
"sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",
"version": "2.18.1"
"rev": "e8a36985aff1a5b33ddf9abea85dd2c23422c2f7",
"hash": "sha256-3nU6z1rd1oiNmIz3Ok02xBsT4oNSGX/n+3/WbRVCbhI=",
"version": "0.20.1-unstable-2024-02-18"
},
"videojs": {
"sha256": "0zj8fgxdg6jsllaxn795xipa6yxh4yf08hb8x0idyg74q37gfh4c"
"hash": "sha256-jED3zsDkPN8i6GhBBJwnsHujbuwlHdsVpVqa1/pzSH4="
}
}

2
pkgs/servers/invidious/videojs.nix
View File

@ -14,5 +14,5 @@ stdenvNoCC.mkDerivation {
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = versions.videojs.sha256;
outputHash = versions.videojs.hash;
}

67
pkgs/shells/zsh/zsh-fzf-tab/default.nix
View File

@ -1,16 +1,16 @@
{ stdenv, lib, fetchFromGitHub, ncurses, nix-update-script }:
{ stdenv, lib, fetchFromGitHub, zsh, ncurses, nix-update-script }:
let
INSTALL_PATH="${placeholder "out"}/share/fzf-tab";
in stdenv.mkDerivation rec {
pname = "zsh-fzf-tab";
version = "unstable-2024-02-01";
version = "1.0";
src = fetchFromGitHub {
owner = "Aloxaf";
repo = "fzf-tab";
rev = "b06e7574577cd729c629419a62029d31d0565a7a";
hash = "sha256-ilUavAIWmLiMh2PumtErMCpOcR71ZMlQkKhVOTDdHZw=";
rev = "v${version}";
hash = "sha256-o3R9dh9t8w/SVO3IUeJqP8kkQxwnRjNX8oZ4wSZxBYo=";
};
strictDeps = true;
@ -24,31 +24,62 @@ in stdenv.mkDerivation rec {
];
};
postConfigure = ''
# this script is modified according to fzf-tab/lib-ftb-build-module
configurePhase = ''
runHook preConfigure
pushd modules
./configure --disable-gdbm --without-tcsetpgrp
tar -xf ${zsh.src}
ln -s $(pwd)/src/fzftab.c zsh-${zsh.version}/Src/Modules/
ln -s $(pwd)/src/fzftab.mdd zsh-${zsh.version}/Src/Modules/
pushd zsh-${zsh.version}
if [[ ! -f ./configure ]]; then
./Util/preconfig
fi
if [[ ! -f ./Makefile ]]; then
./configure --disable-gdbm --without-tcsetpgrp
fi
popd
popd
runHook postConfigure
'';
postBuild = ''
pushd modules
buildPhase = ''
runHook preBuild
pushd modules/zsh-${zsh.version}
make -j$NIX_BUILD_CORES
popd
runHook postBuild
'';
installPhase = ''
mkdir -p ${INSTALL_PATH}
cp -r lib ${INSTALL_PATH}/lib
install -D fzf-tab.zsh ${INSTALL_PATH}/fzf-tab.zsh
install -D fzf-tab.plugin.zsh ${INSTALL_PATH}/fzf-tab.plugin.zsh
install -D modules/Src/aloxaf/fzftab.so ${INSTALL_PATH}/modules/Src/aloxaf/fzftab.so
runHook preInstall
mkdir -p ${INSTALL_PATH}
cp -r lib ${INSTALL_PATH}/lib
install -D fzf-tab.zsh ${INSTALL_PATH}/fzf-tab.zsh
install -D fzf-tab.plugin.zsh ${INSTALL_PATH}/fzf-tab.plugin.zsh
pushd modules/zsh-${zsh.version}/Src/Modules
if [[ -e "fzftab.so" ]]; then
install -D -t ${INSTALL_PATH}/modules/Src/aloxaf/ fzftab.so
fi
if [[ -e "fzftab.bundle" ]]; then
install -D -t ${INSTALL_PATH}/modules/Src/aloxaf/ fzftab.bundle
fi
popd
runHook postInstall
'';
passthru = {
updateScript = nix-update-script {
extraArgs = [ "--version" "branch=master" ];
};
};
passthru.updateScript = nix-update-script { };
meta = with lib; {
homepage = "https://github.com/Aloxaf/fzf-tab";

6
pkgs/top-level/all-packages.nix
View File

@ -3227,8 +3227,6 @@ with pkgs;
apfs-fuse = callPackage ../tools/filesystems/apfs-fuse { };
api-linter = callPackage ../development/tools/api-linter { };
apk-tools = callPackage ../tools/package-management/apk-tools {
lua = lua5_3;
};
@ -9400,8 +9398,6 @@ with pkgs;
internetarchive = with python3Packages; toPythonApplication internetarchive;
invidious = callPackage ../servers/invidious {
# needs a specific version of lsquic
lsquic = callPackage ../servers/invidious/lsquic.nix { };
# normally video.js is downloaded at build time
videojs = callPackage ../servers/invidious/videojs.nix { };
};
@ -11989,8 +11985,6 @@ with pkgs;
pg_top = callPackage ../tools/misc/pg_top { };
pgagroal = callPackage ../development/tools/database/pgagroal { };
pgcenter = callPackage ../tools/misc/pgcenter { };
pgmetrics = callPackage ../tools/misc/pgmetrics { };