Merge master into staging-next

maintainers/maintainer-list.nix

@@ -15775,6 +15775,12 @@
     githubId = 1891350;
     name = "Michael Raskin";
   };
+  raspher = {
+    email = "raspher@protonmail.com";
+    github = "raspher";
+    githubId = 23345803;
+    name = "Szymon Scholz";
+  };
   ratcornu = {
     email = "ratcornu@skaven.org";
     github = "RatCornu";

nixos/modules/module-list.nix

@@ -317,7 +317,6 @@
   ./security/oath.nix
   ./security/pam.nix
   ./security/pam_mount.nix
-  ./security/pam_usb.nix
   ./security/please.nix
   ./security/polkit.nix
   ./security/rngd.nix

nixos/modules/security/pam.nix

@@ -205,17 +205,6 @@ let
         };
       };
 
-      usbAuth = mkOption {
-        default = config.security.pam.usb.enable;
-        defaultText = literalExpression "config.security.pam.usb.enable";
-        type = types.bool;
-        description = lib.mdDoc ''
-          If set, users listed in
-          {file}`/etc/pamusb.conf` are able to log in
-          with the associated USB key.
-        '';
-      };
-
       otpwAuth = mkOption {
         default = config.security.pam.enableOTPW;
         defaultText = literalExpression "config.security.pam.enableOTPW";
@@ -665,7 +654,6 @@ let
             authfile = u2f.authFile;
             appid = u2f.appId;
           }; })
-          { name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; }
           (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = {
             ca_file = ussh.caFile;
             authorized_principals = ussh.authorizedPrincipals;

nixos/modules/security/pam_usb.nix

@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.security.pam.usb;
-
-  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
-
-in
-
-{
-  options = {
-
-    security.pam.usb = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = lib.mdDoc ''
-          Enable USB login for all login systems that support it.  For
-          more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>.
-        '';
-      };
-
-    };
-
-  };
-
-  config = mkIf (cfg.enable || anyUsbAuth) {
-
-    # Make sure pmount and pumount are setuid wrapped.
-    security.wrappers = {
-      pmount =
-        { setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount.out}/bin/pmount";
-        };
-      pumount =
-        { setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount.out}/bin/pumount";
-        };
-    };
-
-    environment.systemPackages = [ pkgs.pmount ];
-
-  };
-}

pkgs/applications/networking/cluster/terraform/default.nix

@@ -167,8 +167,8 @@ rec {
   mkTerraform = attrs: pluggable (generic attrs);
 
   terraform_1 = mkTerraform {
-    version = "1.7.2";
-    hash = "sha256-jTzZWmYeKF87Er2i7XHquM8oQyF4q/qoBf4DdMqv7L8=";
+    version = "1.7.3";
+    hash = "sha256-/NnpmZLCEoSwJYsHmMxQ8HRxzsyCm91oc6T+mcsaNv0=";
     vendorHash = "sha256-DI4YTjdFFvfby8ExEY3KoK4J9YKK5LPpMbelzFMDVVs=";
     patches = [ ./provider-path-0_15.patch ];
     passthru = {

pkgs/by-name/gc/gcli/package.nix

@@ -29,5 +29,6 @@ stdenv.mkDerivation rec {
     license = licenses.bsd2;
     mainProgram = "gcli";
     maintainers = with maintainers; [ kenran ];
+    platforms = platforms.unix;
   };
 }

pkgs/by-name/pe/peergos/package.nix

@@ -0,0 +1,43 @@
+{ lib
+, stdenv
+, fetchurl
+, jre
+, makeWrapper
+}:
+
+let
+  version = "0.14.1";
+  peergos = fetchurl {
+    url = "https://github.com/Peergos/web-ui/releases/download/v${version}/Peergos.jar";
+    hash = "sha256-oCsUuFxTAL0vAabGggGhZHaF40A5TLfkT15HYPiKHlU=";
+  };
+in
+stdenv.mkDerivation rec {
+  pname = "peergos";
+  inherit version;
+
+  dontUnpack = true;
+  dontBuild = true;
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  installPhase = ''
+    runHook preInstall
+
+    install -D ${peergos} $out/share/java/peergos.jar
+    makeWrapper ${lib.getExe jre} $out/bin/${pname} \
+      --add-flags "-jar -Djava.library.path=native-lib $out/share/java/${pname}.jar"
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "A p2p, secure file storage, social network and application protocol";
+    homepage = "https://peergos.org/";
+    # peergos have agpt3 license, peergos-web-ui have gpl3, both are used
+    license = [ licenses.agpl3Only licenses.gpl3Only ];
+    platforms = platforms.all;
+    maintainers = with maintainers; [ raspher ];
+    sourceProvenance = with sourceTypes; [ binaryBytecode ];
+  };
+}

pkgs/development/python-modules/clldutils/default.nix

@@ -2,10 +2,8 @@
 , attrs
 , buildPythonPackage
 , colorlog
-, csvw
 , fetchFromGitHub
 , git
-, isPy27
 , lxml
 , markdown
 , markupsafe
@@ -15,30 +13,36 @@
 , pytest-mock
 , pytestCheckHook
 , python-dateutil
+, pythonOlder
+, setuptools
 , tabulate
 }:
 
 buildPythonPackage rec {
   pname = "clldutils";
-  version = "3.19.0";
-  format = "setuptools";
-  disabled = isPy27;
+  version = "3.21.0";
+  pyproject = true;
+  disabled = pythonOlder "3.8";
 
   src = fetchFromGitHub {
     owner = "clld";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-dva0lbbTxvETDPkACxpI3PPzWh5gz87Fv6W3lTjNv3Q=";
+    hash = "sha256-OD+WJ9JuYZb/oXDgVqL4i5YlcVEt0+swq0SB3cutyRo=";
   };
 
   patchPhase = ''
-    substituteInPlace setup.cfg --replace "--cov" ""
+    substituteInPlace setup.cfg \
+      --replace-fail "--cov" ""
   '';
 
+  nativeBuildInputs = [
+    setuptools
+  ];
+
   propagatedBuildInputs = [
     attrs
     colorlog
-    csvw
     lxml
     markdown
     markupsafe
@@ -55,13 +59,8 @@ buildPythonPackage rec {
     git
   ];
 
-  disabledTests = [
-    # uses pytest.approx which is not supported in a boolean context in pytest7
-    "test_to_dec"
-    "test_roundtrip"
-  ];
-
   meta = with lib; {
+    changelog = "https://github.com/clld/clldutils/blob/${src.rev}/CHANGES.md";
     description = "Utilities for clld apps without the overhead of requiring pyramid, rdflib et al";
     homepage = "https://github.com/clld/clldutils";
     license = licenses.asl20;

pkgs/development/python-modules/colorlog/default.nix

@@ -7,12 +7,12 @@
 
 buildPythonPackage rec {
   pname = "colorlog";
-  version = "6.8.0";
+  version = "6.8.2";
   pyproject = true;
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-+7b9+dVoXyUX84j7Kbsn1U6GVN0x9YvCo7IX6WepXKY=";
+    hash = "sha256-Pj4HmkH+taG2T5eLXqT0YECpTxHw6Lu4Jh49u+ymTUQ=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/posthog/default.nix

@@ -14,7 +14,7 @@
 }:
 let
   pname = "posthog";
-  version = "3.3.4";
+  version = "3.4.0";
 in
 buildPythonPackage {
   inherit pname version;
@@ -24,7 +24,7 @@ buildPythonPackage {
     owner = "PostHog";
     repo = "posthog-python";
     rev = "refs/tags/v${version}";
-    hash = "sha256-xw6mbcEuW3bt5XmJ7ADE34Pm7MEOqJM08NBde8yqeBg=";
+    hash = "sha256-ziqUXQdmzKdrwbk7iYwCbNg+jiXiB9l3QaosY5VA3YA=";
   };
 
   propagatedBuildInputs = [

pkgs/os-specific/linux/pam_usb/default.nix

@@ -1,81 +0,0 @@
-{ lib, stdenv, fetchurl, makeWrapper, dbus, libxml2, pam, pkg-config, pmount, python2Packages, writeScript, runtimeShell }:
-
-let
-
-  # Search in the environment if the same program exists with a set uid or
-  # set gid bit.  If it exists, run the first program found, otherwise run
-  # the default binary.
-  useSetUID = drv: path:
-    let
-      name = baseNameOf path;
-      bin = "${drv}${path}";
-    in assert name != "";
-      writeScript "setUID-${name}" ''
-        #!${runtimeShell}
-        inode=$(stat -Lc %i ${bin})
-        for file in $(type -ap ${name}); do
-          case $(stat -Lc %a $file) in
-            ([2-7][0-7][0-7][0-7])
-              if test -r "$file".real; then
-                orig=$(cat "$file".real)
-                if test $inode = $(stat -Lc %i "$orig"); then
-                  exec "$file" "$@"
-                fi
-              fi;;
-          esac
-        done
-        exec ${bin} "$@"
-      '';
-
-  pmountBin = useSetUID pmount "/bin/pmount";
-  pumountBin = useSetUID pmount "/bin/pumount";
-  inherit (python2Packages) python dbus-python;
-in
-
-stdenv.mkDerivation rec {
-  pname = "pam_usb";
-  version = "0.5.0";
-
-  src = fetchurl {
-    url = "mirror://sourceforge/pamusb/pam_usb-${version}.tar.gz";
-    sha256 = "1g1w0s9d8mfld8abrn405ll5grv3xgs0b0hsganrz6qafdq9j7q1";
-  };
-
-  nativeBuildInputs = [
-    makeWrapper
-    pkg-config
-  ];
-
-  buildInputs = [
-    # pam_usb dependencies
-    dbus libxml2 pam pmount
-    # pam_usb's tools dependencies
-    python
-    # cElementTree is included with python 2.5 and later.
-  ];
-
-  preBuild = ''
-    makeFlagsArray=(DESTDIR=$out)
-    substituteInPlace ./src/volume.c \
-      --replace 'pmount' '${pmountBin}' \
-      --replace 'pumount' '${pumountBin}'
-  '';
-
-  # pmount is append to the PATH because pmounts binaries should have a set uid bit.
-  postInstall = ''
-    mv $out/usr/* $out/. # fix color */
-    rm -rf $out/usr
-    for prog in $out/bin/pamusb-conf $out/bin/pamusb-agent; do
-      substituteInPlace $prog --replace '/usr/bin/env python' '/bin/python'
-      wrapProgram $prog \
-        --prefix PYTHONPATH : "$(toPythonPath ${dbus-python})"
-    done
-  '';
-
-  meta = {
-    homepage = "http://pamusb.org/";
-    description = "Authentication using USB Flash Drives";
-    license = lib.licenses.gpl2;
-    platforms = lib.platforms.linux;
-  };
-}

pkgs/servers/apache-airflow/default.nix

@@ -7,6 +7,48 @@
 let
   python = python3.override {
     packageOverrides = pySelf: pySuper: {
+      connexion = pySuper.connexion.overridePythonAttrs (o: rec {
+        version = "2.14.2";
+        src = fetchFromGitHub {
+          owner = "spec-first";
+          repo = "connexion";
+          rev = "refs/tags/${version}";
+          hash = "sha256-1v1xCHY3ZnZG/Vu9wN/it7rLKC/StoDefoMNs+hMjIs=";
+        };
+        nativeBuildInputs = with pySelf; [
+          setuptools
+          pythonRelaxDepsHook
+        ];
+        pythonRelaxDeps = [
+          "werkzeug"
+        ];
+        propagatedBuildInputs = with pySelf; [
+          aiohttp
+          aiohttp-jinja2
+          aiohttp-swagger
+          clickclick
+          flask
+          inflection
+          jsonschema
+          openapi-spec-validator
+          packaging
+          pyyaml
+          requests
+          swagger-ui-bundle
+        ];
+        nativeCheckInputs = with pySelf; [
+          aiohttp-remotes
+          decorator
+          pytest-aiohttp
+          pytestCheckHook
+          testfixtures
+        ];
+        disabledTests = [
+          "test_app"
+          "test_openapi_yaml_behind_proxy"
+          "test_swagger_ui"
+        ];
+      });
       flask = pySuper.flask.overridePythonAttrs (o: rec {
         version = "2.2.5";
         src = fetchPypi {

pkgs/servers/apache-airflow/python-package.nix

@@ -332,5 +332,9 @@ buildPythonPackage rec {
     homepage = "https://airflow.apache.org/";
     license = licenses.asl20;
     maintainers = with maintainers; [ bhipple gbpdt ingenieroariel ];
+    knownVulnerabilities = [
+      "CVE-2023-50943"
+      "CVE-2023-50944"
+    ];
   };
 }

pkgs/tools/misc/topicctl/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "topicctl";
-  version = "1.13.0";
+  version = "1.14.0";
 
   src = fetchFromGitHub {
     owner = "segmentio";
     repo = "topicctl";
     rev = "v${version}";
-    sha256 = "sha256-sCjlEG34j8+uDI/W1mzzcrXn0c/B3/ca5N4VL9gKEjc=";
+    sha256 = "sha256-Vmx+6UXNWCnVmLskk1J4Pug3+99cdk4WXjA2zO4agvU=";
   };
 
   vendorHash = "sha256-+mnnvdna1g6JE29weOJZmdO3jFp2a75dV9wK2XcWJ9s=";

pkgs/tools/system/zram-generator/Cargo.lock

@@ -238,15 +238,6 @@ dependencies = [
  "getrandom",
 ]
 
-[[package]]
-name = "redox_syscall"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
-dependencies = [
- "bitflags 1.3.2",
-]
-
 [[package]]
 name = "rust-ini"
 version = "0.17.0"
@@ -283,13 +274,12 @@ dependencies = [
 
 [[package]]
 name = "tempfile"
-version = "3.9.0"
+version = "3.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa"
+checksum = "a365e8cd18e44762ef95d87f284f4b5cd04107fec2ff3052bd6a3e6069669e67"
 dependencies = [
  "cfg-if",
  "fastrand",
- "redox_syscall",
  "rustix",
  "windows-sys",
 ]

pkgs/top-level/aliases.nix

@@ -799,12 +799,13 @@ mapAliases ({
 
   ### P ###
 
-  packet-cli = metal-cli; # Added 2021-10-25
   PageEdit = pageedit; # Added 2024-01-21
+  packet-cli = metal-cli; # Added 2021-10-25
   palemoon = throw "palemoon has been dropped due to python2 being EOL and marked insecure. Use 'palemoon-bin' instead"; # Added 2023-05-18
+  pam_usb = throw "'pam_usb' has been removed: abandoned by upstream since 2015."; # Added 2023-10-30
+  paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03
   paperless = paperless-ngx; # Added 2021-06-06
   paperless-ng = paperless-ngx; # Added 2022-04-11
-  paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03
   parity = openethereum; # Added 2020-08-01
   partition-manager = libsForQt5.partitionmanager; # Added 2024-01-08
   pash = throw "'pash' has been removed: abandoned by upstream. Use 'powershell' instead"; # Added 2023-09-16

pkgs/top-level/all-packages.nix

@@ -28381,8 +28381,6 @@ with pkgs;
 
   pam_u2f = callPackage ../os-specific/linux/pam_u2f { };
 
-  pam_usb = callPackage ../os-specific/linux/pam_usb { };
-
   pam_ussh = callPackage ../os-specific/linux/pam_ussh { };
 
   paxctl = callPackage ../os-specific/linux/paxctl { };