colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2022-11-19 18:01:18 +00:00 committed by GitHub
commit 749f60adef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
55 changed files with 397 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
maintainers/maintainer-list.nix
View File

@ -11330,6 +11330,13 @@
githubId = 35086;
name = "Jonathan Wright";
};
quantenzitrone = {
email = "quantenzitrone@protonmail.com";
github = "Quantenzitrone";
githubId = 74491719;
matrix = "@quantenzitrone:matrix.org";
name = "quantenzitrone";
};
queezle = {
email = "git@queezle.net";
github = "queezle42";

3
nixos/doc/manual/configuration/user-mgmt.chapter.md
View File

@ -32,8 +32,7 @@ account will cease to exist. Also, imperative commands for managing users and
groups, such as useradd, are no longer available. Passwords may still be
assigned by setting the user\'s
[hashedPassword](#opt-users.users._name_.hashedPassword) option. A
hashed password can be generated using `mkpasswd -m
sha-512`.
hashed password can be generated using `mkpasswd`.
A user ID (uid) is assigned automatically. You can also specify a uid
manually by adding

2
nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml
View File

@ -39,7 +39,7 @@ users.users.alice = {
Passwords may still be assigned by setting the user's
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
option. A hashed password can be generated using
<literal>mkpasswd -m sha-512</literal>.
<literal>mkpasswd</literal>.
</para>
<para>
A user ID (uid) is assigned automatically. You can also specify a

22
nixos/modules/config/users-groups.nix
View File

@ -35,7 +35,7 @@ let
'';
hashedPasswordDescription = ''
To generate a hashed password run `mkpasswd -m sha-512`.
To generate a hashed password run `mkpasswd`.
If set to an empty string (`""`), this user will
be able to log in without being asked for a password (but not via remote
@ -592,6 +592,26 @@ in {
'';
};
# Warn about user accounts with deprecated password hashing schemes
system.activationScripts.hashes = {
deps = [ "users" ];
text = ''
users=()
while IFS=: read -r user hash tail; do
if [[ "$hash" = "$"* && ! "$hash" =~ ^\$(y|gy|7|2b|2y|2a|6)\$ ]]; then
users+=("$user")
fi
done </etc/shadow
if (( "''${#users[@]}" )); then
echo "
WARNING: The following user accounts rely on password hashes that will
be removed in NixOS 23.05. They should be renewed as soon as possible."
printf ' - %s\n' "''${users[@]}"
fi
'';
};
# for backwards compatibility
system.activationScripts.groups = stringAfter [ "users" ] "";

1
nixos/modules/module-list.nix
View File

@ -718,6 +718,7 @@
./services/monitoring/teamviewer.nix
./services/monitoring/telegraf.nix
./services/monitoring/thanos.nix
./services/monitoring/tremor-rs.nix
./services/monitoring/tuptime.nix
./services/monitoring/unifi-poller.nix
./services/monitoring/ups.nix

129
nixos/modules/services/monitoring/tremor-rs.nix Normal file
View File

@ -0,0 +1,129 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tremor-rs;
loggerSettingsFormat = pkgs.formats.yaml { };
loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings;
in {
options = {
services.tremor-rs = {
enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system");
troyFileList = mkOption {
type = types.listOf types.path;
default = [];
description = lib.mdDoc "List of troy files to load.";
};
tremorLibDir = mkOption {
type = types.path;
default = "";
description = lib.mdDoc "Directory where to find /lib containing tremor script files";
};
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc "The host tremor should be listening on";
};
port = mkOption {
type = types.port;
default = 9898;
description = lib.mdDoc "the port tremor should be listening on";
};
loggerSettings = mkOption {
description = lib.mdDoc "Tremor logger configuration";
default = {};
type = loggerSettingsFormat.type;
example = {
refresh_rate = "30 seconds";
appenders.stdout.kind = "console";
root = {
level = "warn";
appenders = [ "stdout" ];
};
loggers = {
tremor_runtime = {
level = "debug";
appenders = [ "stdout" ];
additive = false;
};
tremor = {
level = "debug";
appenders = [ "stdout" ];
additive = false;
};
};
};
defaultText = literalExpression ''
{
refresh_rate = "30 seconds";
appenders.stdout.kind = "console";
root = {
level = "warn";
appenders = [ "stdout" ];
};
loggers = {
tremor_runtime = {
level = "debug";
appenders = [ "stdout" ];
additive = false;
};
tremor = {
level = "debug";
appenders = [ "stdout" ];
additive = false;
};
};
}
'';
};
};
};
config = mkIf (cfg.enable) {
environment.systemPackages = [ pkgs.tremor-rs ] ;
systemd.services.tremor-rs = {
description = "Tremor event- or stream-processing system";
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}";
serviceConfig = {
ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}";
DynamicUser = true;
Restart = "always";
NoNewPrivileges = true;
PrivateTmp = true;
ProtectHome = true;
ProtectClock = true;
ProtectProc = "noaccess";
ProcSubset = "pid";
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHostname = true;
RestrictSUIDSGID = true;
RestrictRealtime = true;
RestrictNamespaces = true;
LockPersonality = true;
RemoveIPC = true;
SystemCallFilter = [ "@system-service" "~@privileged" ];
};
};
};
}

27
nixos/modules/services/web-apps/keycloak.nix
View File

@ -482,6 +482,10 @@ in
assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
message = "A CA certificate must be specified (in 'services.keycloak.database.caCert') when PostgreSQL is used with SSL";
}
{
assertion = createLocalPostgreSQL -> config.services.postgresql.settings.standard_conforming_strings or true;
message = "Setting up a local PostgreSQL db for Keycloak requires `standard_conforming_strings` turned on to work reliably";
}
];
environment.systemPackages = [ keycloakBuild ];
@ -544,7 +548,13 @@ in
create_role="$(mktemp)"
trap 'rm -f "$create_role"' EXIT
# Read the password from the credentials directory and
# escape any single quotes by adding additional single
# quotes after them, following the rules laid out here:
# https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
db_password="''${db_password//\'/\'\'}"
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role"
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
@ -566,8 +576,16 @@ in
script = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
# Read the password from the credentials directory and
# escape any single quotes by adding additional single
# quotes after them, following the rules laid out here:
# https://dev.mysql.com/doc/refman/8.0/en/string-literals.html
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
db_password="''${db_password//\'/\'\'}"
( echo "SET sql_mode = 'NO_BACKSLASH_ESCAPES';"
echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
) | mysql -N
@ -632,12 +650,17 @@ in
${secretReplacements}
# Escape any backslashes in the db parameters, since
# they're otherwise unexpectedly read as escape
# sequences.
sed -i '/db-/ s|\\|\\\\|g' /run/keycloak/conf/keycloak.conf
'' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
mkdir -p /run/keycloak/ssl
cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/
'' + ''
export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=${cfg.initialAdminPassword}
export KEYCLOAK_ADMIN_PASSWORD=${escapeShellArg cfg.initialAdminPassword}
kc.sh start --optimized
'';
};

10
nixos/modules/system/boot/stage-1-init.sh
View File

@ -342,6 +342,14 @@ checkFS() {
return 0
}
escapeFstab() {
local original="$1"
# Replace space
local escaped="${original// /\\040}"
# Replace tab
echo "${escaped//$'\t'/\\011}"
}
# Function for mounting a file system.
mountFS() {
@ -569,7 +577,7 @@ while read -u 3 mountPoint; do
continue
fi
mountFS "$device" "$mountPoint" "$options" "$fsType"
mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
done
exec 3>&-

2
nixos/modules/tasks/filesystems.nix
View File

@ -167,7 +167,7 @@ let
else throw "No device specified for mount point ${fs.mountPoint}.")
+ " " + escape (rootPrefix + fs.mountPoint)
+ " " + fs.fsType
+ " " + builtins.concatStringsSep "," (fs.options ++ (extraOpts fs))
+ " " + escape (builtins.concatStringsSep "," (fs.options ++ (extraOpts fs)))
+ " " + (optionalString (!excludeChecks)
("0 " + (if skipCheck fs then "0" else if fs.mountPoint == "/" then "1" else "2")))
+ "\n"

1
nixos/release-combined.nix
View File

@ -77,6 +77,7 @@ in rec {
(onFullSupported "nixos.tests.i3wm")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolDefault")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolEscape")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvols")
(onSystems ["x86_64-linux"] "nixos.tests.installer.luksroot")
(onSystems ["x86_64-linux"] "nixos.tests.installer.lvm")

2
nixos/tests/all-tests.nix
View File

@ -252,8 +252,8 @@ in {
haproxy = handleTest ./haproxy.nix {};
hardened = handleTest ./hardened.nix {};
healthchecks = handleTest ./web-apps/healthchecks.nix {};
hbase1 = handleTest ./hbase.nix { package=pkgs.hbase1; };
hbase2 = handleTest ./hbase.nix { package=pkgs.hbase2; };
hbase_2_4 = handleTest ./hbase.nix { package=pkgs.hbase_2_4; };
hbase3 = handleTest ./hbase.nix { package=pkgs.hbase3; };
hedgedoc = handleTest ./hedgedoc.nix {};
herbstluftwm = handleTest ./herbstluftwm.nix {};

7
nixos/tests/installer-systemd-stage-1.nix
View File

@ -8,9 +8,10 @@
# them when fixed.
inherit (import ./installer.nix { inherit system config pkgs; systemdStage1 = true; })
# bcache
# btrfsSimple
# btrfsSubvolDefault
# btrfsSubvols
btrfsSimple
btrfsSubvolDefault
btrfsSubvolEscape
btrfsSubvols
# encryptedFSWithKeyfile
# grub1
# luksroot

21
nixos/tests/installer.nix
View File

@ -911,4 +911,25 @@ in {
)
'';
};
# Test to see if we can deal with subvols that need to be escaped in fstab
btrfsSubvolEscape = makeInstallerTest "btrfsSubvolEscape" {
createPartitions = ''
machine.succeed(
"sgdisk -Z /dev/vda",
"sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"mkfs.btrfs -L root /dev/vda3",
"btrfs device scan",
"mount LABEL=root /mnt",
"btrfs subvol create '/mnt/nixos in space'",
"btrfs subvol create /mnt/boot",
"umount /mnt",
"mount -o 'defaults,subvol=nixos in space' LABEL=root /mnt",
"mkdir /mnt/boot",
"mount -o defaults,subvol=boot LABEL=root /mnt/boot",
)
'';
};
}

17
nixos/tests/keycloak.nix
View File

@ -5,10 +5,13 @@
let
certs = import ./common/acme/server/snakeoil-certs.nix;
frontendUrl = "https://${certs.domain}";
initialAdminPassword = "h4IhoJFnt2iQIR9";
keycloakTest = import ./make-test-python.nix (
{ pkgs, databaseType, ... }:
let
initialAdminPassword = "h4Iho\"JFn't2>iQIR9";
adminPasswordFile = pkgs.writeText "admin-password" "${initialAdminPassword}";
in
{
name = "keycloak";
meta = with pkgs.lib.maintainers; {
@ -37,7 +40,7 @@ let
type = databaseType;
username = "bogus";
name = "also bogus";
passwordFile = "${pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"}";
passwordFile = "${pkgs.writeText "dbPassword" ''wzf6\"vO"Cb\nP>p#6;c&o?eu=q'THE'''H''''E''}";
};
plugins = with config.services.keycloak.package.plugins; [
keycloak-discord
@ -111,7 +114,7 @@ let
keycloak.succeed("""
curl -sSf -d 'client_id=admin-cli' \
-d 'username=admin' \
-d 'password=${initialAdminPassword}' \
-d "password=$(<${adminPasswordFile})" \
-d 'grant_type=password' \
'${frontendUrl}/realms/master/protocol/openid-connect/token' \
| jq -r '"Authorization: bearer " + .access_token' >admin_auth_header
@ -119,10 +122,10 @@ let
# Register the metrics SPI
keycloak.succeed(
"${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt",
"KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'",
"KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'",
"curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'"
"""${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt""",
"""KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password "$(<${adminPasswordFile})" """,
"""KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'""",
"""curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'"""
)
# Publish the realm, including a test OIDC client and user

4
pkgs/applications/audio/lollypop/default.nix
View File

@ -25,7 +25,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.4.36";
version = "1.4.35";
format = "other";
doCheck = false;
@ -34,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "sha256-Ka/rYgWGuCQTzguJiyQpY5SPC1iB5XOVy/Gezj+DYpk=";
sha256 = "sha256-Rdp0gZjdj2tXOWarsTpqgvSZVXAQsCLfk5oUyalE/ZA=";
};
nativeBuildInputs = [

6
pkgs/applications/blockchains/nearcore/default.nix
View File

@ -4,7 +4,7 @@
}:
rustPlatform.buildRustPackage rec {
pname = "nearcore";
version = "1.29.0";
version = "1.29.1";
# https://github.com/near/nearcore/tags
src = fetchFromGitHub {
@ -13,10 +13,10 @@ rustPlatform.buildRustPackage rec {
# there is also a branch for this version number, so we need to be explicit
rev = "refs/tags/${version}";
sha256 = "sha256-TOZ6j4CaiOXmNn8kgVGP27SjvLDlGvabAA+PAEyFXIk=";
sha256 = "sha256-TmmGLrDpNOfadOIwmG7XRgI89XQjaqIavxCEE2plumc=";
};
cargoSha256 = "sha256-LjBgsQynHIfrQP4Z7j1J8+PLqRZWGAOQ5dJaGOqabVk=";
cargoSha256 = "sha256-4suoHP6AXhXlt7+sHMX5RW/LGZrbMhNNmzYvFBcnMTs=";
cargoPatches = [ ./0001-make-near-test-contracts-optional.patch ];
postPatch = ''

4
pkgs/applications/emulators/basiliskii/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2 }:
{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2, mpfr }:
stdenv.mkDerivation {
pname = "basiliskii";
version = "unstable-2022-09-30";
@ -12,7 +12,7 @@ stdenv.mkDerivation {
sourceRoot = "source/BasiliskII/src/Unix";
patches = [ ./remove-redhat-6-workaround-for-scsi-sg.h.patch ];
nativeBuildInputs = [ autoconf automake pkg-config ];
buildInputs = [ SDL2 gtk2 ];
buildInputs = [ SDL2 gtk2 mpfr ];
preConfigure = ''
NO_CONFIGURE=1 ./autogen.sh
'';

4
pkgs/applications/emulators/sameboy/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "sameboy";
version = "0.15.6";
version = "0.15.8";
src = fetchFromGitHub {
owner = "LIJI32";
repo = "SameBoy";
rev = "v${version}";
sha256 = "sha256-WsZuOKq/Dfk2zgYFXSwZPUuPrJQJ3y3mJHL6s61mTig=";
sha256 = "sha256-SBK+aYekEJreD0XBvYaU12eIKmm9JNYIpPt1XhUtH4c=";
};
enableParallelBuilding = true;

3
pkgs/applications/networking/instant-messengers/go-neb/default.nix
View File

@ -1,4 +1,4 @@
{ lib, buildGoModule, fetchFromGitHub, nixosTests, olm }:
{ lib, stdenv, buildGoModule, fetchFromGitHub, nixosTests, olm }:
buildGoModule {
pname = "go-neb";
@ -21,6 +21,7 @@ buildGoModule {
passthru.tests.go-neb = nixosTests.go-neb;
meta = with lib; {
broken = stdenv.isDarwin;
description = "Extensible matrix bot written in Go";
homepage = "https://github.com/matrix-org/go-neb";
license = licenses.asl20;

6
pkgs/applications/networking/twtxt/default.nix
View File

@ -2,13 +2,13 @@
buildPythonApplication rec {
pname = "twtxt";
version = "1.2.3";
version = "1.3.1";
src = fetchFromGitHub {
owner = "buckket";
repo = pname;
rev = "v${version}";
sha256 = "sha256-AdM95G2Vz3UbVPI7fs8/D78BMxscbTGrCpIyyHzSmho=";
rev = "refs/tags/v${version}";
sha256 = "sha256-CbFh1o2Ijinfb8X+h1GP3Tp+8D0D3/Czt/Uatd1B4cw=";
};
# Relax some dependencies

4
pkgs/applications/version-management/fossil/default.nix
View File

@ -16,11 +16,11 @@
stdenv.mkDerivation rec {
pname = "fossil";
version = "2.19";
version = "2.20";
src = fetchurl {
url = "https://www.fossil-scm.org/home/tarball/version-${version}/fossil-${version}.tar.gz";
sha256 = "sha256-RZ9/7b4lRJqFVyfXwzutO8C/Pa6XPyxtvpp7gmEGoj4=";
sha256 = "1knff50rr8f39myxj50fprb9ya87cslmwz7zzfya56l33r7i7jh3";
};
nativeBuildInputs = [ installShellFiles tcl tcllib ];

1
pkgs/applications/video/kooha/default.nix
View File

@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
buildInputs = [
glib
gst_all_1.gstreamer
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-ugly
gtk4

6
pkgs/applications/window-managers/gamescope/default.nix
View File

@ -26,7 +26,7 @@
}:
let
pname = "gamescope";
version = "3.11.48";
version = "3.11.49";
in
stdenv.mkDerivation {
inherit pname version;
@ -35,7 +35,7 @@ stdenv.mkDerivation {
owner = "Plagman";
repo = "gamescope";
rev = "refs/tags/${version}";
hash = "sha256-/a0fW0NVIrg9tuK+mg+D+IOcq3rJJxKdFwspM1ZRR9M=";
hash = "sha256-GRq/b013wFRHzFz2YCulJRtcwzX/dhJKd8dkATSLug0=";
};
patches = [ ./use-pkgconfig.patch ];
@ -85,7 +85,7 @@ stdenv.mkDerivation {
description = "SteamOS session compositing window manager";
homepage = "https://github.com/Plagman/gamescope";
license = licenses.bsd2;
maintainers = with maintainers; [ nrdxp ];
maintainers = with maintainers; [ nrdxp zhaofengli ];
platforms = platforms.linux;
};
}

4
pkgs/development/libraries/wxwidgets/wxGTK30.nix
View File

@ -41,13 +41,13 @@ let
in
stdenv.mkDerivation rec {
pname = "wxwidgets";
version = "3.0.5";
version = "3.0.5.1";
src = fetchFromGitHub {
owner = "wxWidgets";
repo = "wxWidgets";
rev = "v${version}";
hash = "sha256-p69nNCg552j+nldGY0oL65uFRVu4xXCkoE10F5MwY9A=";
hash = "sha256-I91douzXDAfDgm4Pplf17iepv4vIRhXZDRFl9keJJq0=";
};
nativeBuildInputs = [ pkg-config ];

4
pkgs/development/python-modules/aws-lambda-builders/default.nix
View File

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "aws-lambda-builders";
version = "1.20.0";
version = "1.23.0";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "awslabs";
repo = "aws-lambda-builders";
rev = "refs/tags/v${version}";
hash = "sha256-+XOxz3xWIYacfUizztd4mH5kvBw/dkN9WiS38dONs7Y=";
hash = "sha256-3jzUowSeO6j7DzIlOkeU3KUFFIUi7cEyvjbIL8uRGcU=";
};
propagatedBuildInputs = [

30
pkgs/development/python-modules/filemagic/default.nix
View File

@ -1,30 +0,0 @@
{ stdenv, lib, buildPythonPackage, fetchFromGitHub, file
, isPy3k, mock, unittest2 }:
buildPythonPackage {
pname = "filemagic";
version = "1.6";
disabled = !isPy3k; # asserts on ResourceWarning
# Don't use the PyPI source because it's missing files required for testing
src = fetchFromGitHub {
owner = "aliles";
repo = "filemagic";
rev = "138649062f769fb10c256e454a3e94ecfbf3017b";
sha256 = "1jxf928jjl2v6zv8kdnfqvywdwql1zqkm1v5xn1d5w0qjcg38d4n";
};
postPatch = ''
substituteInPlace magic/api.py --replace "ctypes.util.find_library('magic')" \
"'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'"
'';
checkInputs = [ mock ] ++ lib.optionals (!isPy3k) [ unittest2 ];
meta = with lib; {
description = "File type identification using libmagic";
homepage = "https://github.com/aliles/filemagic";
license = licenses.asl20;
maintainers = with maintainers; [ erikarvstedt ];
};
}

14
pkgs/development/python-modules/geopy/default.nix
View File

@ -11,21 +11,17 @@
buildPythonPackage rec {
pname = "geopy";
version = "2.2.0";
disabled = pythonOlder "3.5";
version = "2.3.0";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "sha256-zFz0T/M/CABKkChuiKsFkWj2pphZuFeE5gz0HxZYaz8=";
rev = "refs/tags/${version}";
sha256 = "sha256-bHfjUfuiEH3AxRDTLmbm67bKOw6fBuMQDUQA2NLg800=";
};
postPatch = ''
substituteInPlace setup.py \
--replace "geographiclib<2,>=1.49" "geographiclib"
'';
propagatedBuildInputs = [
geographiclib
];

4
pkgs/development/python-modules/name-that-hash/default.nix
View File

@ -8,14 +8,14 @@
buildPythonPackage rec {
pname = "name-that-hash";
version = "1.10";
version = "1.11.0";
format = "pyproject";
src = fetchFromGitHub {
owner = "HashPals";
repo = pname;
rev = version;
hash = "sha256-3sddUPoC3NfKQzmNgqPf/uHaYN9VZBqsmV712uz1Phg=";
hash = "sha256-zOb4BS3zG1x8GLXAooqqvMOw0fNbw35JuRWOdGP26/8=";
};
# TODO remove on next update which bumps rich

35
pkgs/development/python-modules/prodict/default.nix Normal file
View File

@ -0,0 +1,35 @@
{ buildPythonPackage
, fetchFromGitHub
, pythonOlder
, pytestCheckHook
, lib
}:
buildPythonPackage rec {
pname = "prodict";
version = "0.8.6";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "ramazanpolat";
repo = pname;
rev = version;
hash = "sha256-c46JEQFg4KRwerqpMSgh6+tYRpKTOX02Lzsq4/meS3o=";
};
# make setuptools happy on case-sensitive filesystems
postPatch = ''if [[ ! -f README.md ]]; then mv README.MD README.md; fi'';
checkInputs = [
pytestCheckHook
];
pythonImportsCheck = [ "prodict" ];
meta = {
description = "Access Python dictionary as a class with type hinting and autocompletion";
homepage = "https://github.com/ramazanpolat/prodict";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ bcdarwin ];
};
}

4
pkgs/development/python-modules/pyrogram/default.nix
View File

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "pyrogram";
version = "2.0.59";
version = "2.0.62";
disabled = pythonOlder "3.7";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "pyrogram";
repo = "pyrogram";
rev = "v${version}";
hash = "sha256-vGgtVXvi/zvbU8f+LBQJN8GSxyVqdv/fBYfsBR4BKf4=";
hash = "sha256-Kex9xIjcAYCzHeqWoDAIgTMuih0s42/O2zfTYxWEqbM=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/pysma/default.nix
View File

@ -9,14 +9,14 @@
buildPythonPackage rec {
pname = "pysma";
version = "0.7.2";
version = "0.7.3";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-hIrdT0b9XKw1UoPZtQQ7IaW+HV8wuA9Rwoo8XYdGyw8=";
sha256 = "sha256-8LwxRiYUhKYZkrjDNcnOkssvfw/tZ6dj1GKZQ6UkqsQ=";
};
propagatedBuildInputs = [

2
pkgs/development/python-modules/qiskit-terra/default.nix
View File

@ -193,7 +193,7 @@ buildPythonPackage rec {
meta = with lib; {
broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin;
broken = true; # tests segfault python
description = "Provides the foundations for Qiskit.";
longDescription = ''
Allows the user to write quantum circuits easily, and takes care of the constraints of real hardware.

2
pkgs/development/python-modules/scikit-learn/default.nix
View File

@ -65,6 +65,8 @@ buildPythonPackage rec {
"check_regressors_train"
"check_classifiers_train"
"xfail_ignored_in_check_estimator"
] ++ lib.optionals (stdenv.isDarwin) [
"test_graphical_lasso"
];
pytestFlagsArray = [

3
pkgs/development/python-modules/token-bucket/default.nix
View File

@ -1,4 +1,5 @@
{ lib
, stdenv
, buildPythonPackage
, fetchFromGitHub
, pytest-runner
@ -25,6 +26,8 @@ buildPythonPackage rec {
pytestCheckHook
];
doCheck = !stdenv.isDarwin;
meta = with lib; {
description = "Token Bucket Implementation for Python Web Apps";
homepage = "https://github.com/falconry/token-bucket";

1
pkgs/development/python-modules/watchdog/default.nix
View File

@ -55,6 +55,7 @@ buildPythonPackage rec {
"test_create_wrong_encoding"
] ++ lib.optionals (stdenv.isDarwin && !stdenv.isAarch64) [
"test_delete"
"test_separate_consecutive_moves"
];
disabledTestPaths = [

4
pkgs/development/tools/build-managers/bob/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "bob";
version = "0.6.3";
version = "0.7.0";
src = fetchFromGitHub {
owner = "benchkram";
repo = pname;
rev = version;
hash = "sha256-jZDyZVjo4Purt2tabJew5N4MZmLXli6gqBTejv5FGJM=";
hash = "sha256-37VhzYxVrt+w1XTDXzKAkJT43TQSyCmX9SAoNnk+o3w=";
};
ldflags = [ "-s" "-w" "-X main.Version=${version}" ];

6
pkgs/development/tools/millet/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "millet";
version = "0.5.16";
version = "0.6.0";
src = fetchFromGitHub {
owner = "azdavis";
repo = pname;
rev = "v${version}";
hash = "sha256-YdCdB72f7IQsi8WKVmGlqAybcewisK1J7jfR5Irp6VE=";
hash = "sha256-tP1ccUtHfj+JPUYGo+QFYjbz56uNl3p53QNeE/xaCt4=";
};
cargoHash = "sha256-2WEptDHo2t6p8nzd00fPu/XQqq0gUlLAyuSraMfbHL0=";
cargoHash = "sha256-umOlvHDA8AtoAeB1i8nNgbjvzTmzwZfdjF+TCTKzqAU=";
postPatch = ''
rm .cargo/config.toml

4
pkgs/development/tools/oh-my-posh/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "oh-my-posh";
version = "12.13.3";
version = "12.16.0";
src = fetchFromGitHub {
owner = "jandedobbeleer";
repo = pname;
rev = "v${version}";
sha256 = "sha256-1H3BlKxTthyVXEaLISruZDFIeXEAaeZjGp597clPeLs=";
sha256 = "sha256-YrrOwTLVgxoriVgVDmn99ORSh04os0q/QnfBXtTtl5g=";
};
vendorSha256 = "sha256-OrtKFkWXqVoXKmN6BT8YbCNjR1gRTT4gPNwmirn7fjU=";

3
pkgs/development/tools/poetry2nix/poetry2nix/overrides/build-systems.json
View File

@ -4816,9 +4816,6 @@
"setuptools",
"setuptools-scm"
],
"filemagic": [
"setuptools"
],
"filetype": [
"setuptools"
],

19
pkgs/servers/hbase/default.nix
View File

@ -38,20 +38,19 @@ let common = { version, hash, jdk ? jdk11_headless, tests }:
};
in
{
hbase_1_7 = common {
version = "1.7.1";
hash = "sha256-DrH2G79QLT8L0YTTmAGC9pUWU8semSaTOsrsQRCI2rY=";
jdk = jdk8_headless;
tests.standalone = nixosTests.hbase1;
};
hbase_2_4 = common {
version = "2.4.11";
hash = "sha256-m0vjUtPaj8czHHh+rQNJJgrFAM744cHd06KE0ut7QeU=";
version = "2.4.15";
hash = "sha256-KJXpfQ91POVd7ZnKQyIX5qzX4JIZqh3Zn2Pz0chW48g=";
tests.standalone = nixosTests.hbase_2_4;
};
hbase_2_5 = common {
version = "2.5.1";
hash = "sha256-ddSa4q43PSJv1W4lzzaXfv4LIThs4n8g8wYufHgsZVE=";
tests.standalone = nixosTests.hbase2;
};
hbase_3_0 = common {
version = "3.0.0-alpha-2";
hash = "sha256-QPvgO1BeFWvMT5PdUm/SL92ZgvSvYIuJbzolbBTenz4=";
version = "3.0.0-alpha-3";
hash = "sha256-TxuiUHc2pTb9nBth1H2XrDRLla2vqM+e1uBU+yY2/EM=";
tests.standalone = nixosTests.hbase3;
};
}

10
pkgs/servers/home-assistant/default.nix
View File

@ -31,6 +31,16 @@ let
# Override the version of some packages pinned in Home Assistant's setup.py and requirements_all.txt
(self: super: {
# https://github.com/postlund/pyatv/issues/1879
aiohttp = super.aiohttp.overridePythonAttrs (oldAttrs: rec {
pname = "aiohttp";
version = "3.8.1";
src = self.fetchPypi {
inherit pname version;
hash = "sha256-/FRx4aVN4V73HBvG6+gNTcaB6mAOaL/Ry85AQn8LdXg=";
};
});
backoff = super.backoff.overridePythonAttrs (oldAttrs: rec {
version = "1.11.1";
src = fetchFromGitHub {

4
pkgs/servers/kubemq-community/default.nix
View File

@ -2,12 +2,12 @@
buildGoModule rec {
pname = "kubemq-community";
version = "2.3.4";
version = "2.3.5";
src = fetchFromGitHub {
owner = "kubemq-io";
repo = pname;
rev = "v${version}";
sha256 = "sha256-+HJpjKMSndcV+xQJM+FesdtoUSGHnpILQFuf3sbxBY0=";
sha256 = "sha256-kR2/Is1fQqpRyQ8yKSEvXV5xzXcHldCqgnCRNRZ+Ekg=";
};
CGO_ENABLED=0;

3
pkgs/servers/matrix-synapse/tools/rust-synapse-compress-state.nix
View File

@ -1,4 +1,4 @@
{ lib, rustPlatform, python3, fetchFromGitHub, pkg-config, openssl }:
{ lib, stdenv, rustPlatform, python3, fetchFromGitHub, pkg-config, openssl }:
rustPlatform.buildRustPackage rec {
pname = "rust-synapse-compress-state";
@ -22,6 +22,7 @@ rustPlatform.buildRustPackage rec {
buildInputs = [ openssl ];
meta = with lib; {
broken = stdenv.isDarwin;
description = "A tool to compress some state in a Synapse instance's database";
homepage = "https://github.com/matrix-org/rust-synapse-compress-state";
license = licenses.asl20;

4
pkgs/servers/photoprism/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg, libheif, exiftool, nixosTests, makeWrapper }:
{ pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg, libheif, exiftool, makeWrapper, testers }:
let
version = "221102-905925b4d";
@ -74,7 +74,7 @@ stdenv.mkDerivation {
runHook postInstall
'';
passthru.tests.photoprism = nixosTests.photoprism;
passthru.tests.version = testers.testVersion { package = pkgs.photoprism; };
meta = with lib; {
homepage = "https://photoprism.app";

30
pkgs/servers/photoprism/libtensorflow.nix
View File

@ -15,12 +15,14 @@ stdenv.mkDerivation rec {
aarch64-linux = "sha256-qnj4vhSWgrk8SIjzIH1/4waMxMsxMUvqdYZPaSaUJRk=";
}.${system};
url = let
systemName = {
x86_64-linux = "amd64";
aarch64-linux = "arm64";
}.${system};
in "https://dl.photoprism.app/tensorflow/${systemName}/libtensorflow-${systemName}-${version}.tar.gz";
url =
let
systemName = {
x86_64-linux = "amd64";
aarch64-linux = "arm64";
}.${system};
in
"https://dl.photoprism.app/tensorflow/${systemName}/libtensorflow-${systemName}-${version}.tar.gz";
})
# Upstream tensorflow tarball (with .h's photoprism's tarball is missing)
(fetchurl {
@ -49,13 +51,15 @@ stdenv.mkDerivation rec {
'';
# Patch library to use our libc, libstdc++ and others
patchPhase = let
rpath = lib.makeLibraryPath [ stdenv.cc.libc stdenv.cc.cc.lib ];
in ''
chmod -R +w lib
patchelf --set-rpath "${rpath}:$out/lib" lib/libtensorflow.so
patchelf --set-rpath "${rpath}" lib/libtensorflow_framework.so
'';
patchPhase =
let
rpath = lib.makeLibraryPath [ stdenv.cc.libc stdenv.cc.cc.lib ];
in
''
chmod -R +w lib
patchelf --set-rpath "${rpath}:$out/lib" lib/libtensorflow.so
patchelf --set-rpath "${rpath}" lib/libtensorflow_framework.so
'';
buildPhase = ''
# Write pkg-config file.

2
pkgs/shells/fish/plugins/default.nix
View File

@ -31,4 +31,6 @@ lib.makeScope newScope (self: with self; {
pure = callPackage ./pure.nix { };
sponge = callPackage ./sponge.nix { };
})

20
pkgs/shells/fish/plugins/sponge.nix Normal file
View File

@ -0,0 +1,20 @@
{ lib, buildFishPlugin, fetchFromGitHub }:
buildFishPlugin rec {
pname = "sponge";
version = "1.1.0";
src = fetchFromGitHub {
owner = "meaningful-ooo";
repo = pname;
rev = "${version}";
sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w=";
};
meta = with lib; {
description = "keeps your fish shell history clean from typos, incorrectly used commands and everything you don't want to store due to privacy reasons";
homepage = "https://github.com/meaningful-ooo/sponge";
license = licenses.mit;
maintainers = with maintainers; [ quantenzitrone ];
};
}

4
pkgs/tools/admin/lxd/default.nix
View File

@ -32,14 +32,14 @@
buildGoModule rec {
pname = "lxd";
version = "5.7";
version = "5.8";
src = fetchurl {
urls = [
"https://linuxcontainers.org/downloads/lxd/lxd-${version}.tar.gz"
"https://github.com/lxc/lxd/releases/download/lxd-${version}/lxd-${version}.tar.gz"
];
sha256 = "sha256-TZeF/VPrP4qRAVezJwQWtfypsxBJpnTrST0uDdw3WVI=";
sha256 = "sha256-mYyDYO8k4MVoNa8xfp1vH2nyuhNsDJ93s9F5hjaMftk=";
};
vendorSha256 = null;

6
pkgs/tools/admin/pulumi/default.nix
View File

@ -14,16 +14,16 @@
buildGoModule rec {
pname = "pulumi";
version = "3.46.1";
version = "3.47.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-bEAggHGMhSSwEiYj+DdJRajR4DLunpidbd4DflkBrQ8=";
hash = "sha256-r0VPWVyyWGZ2v2yKKiJGJV+ah77zxFm7Zwm9yag3fxc=";
};
vendorSha256 = "sha256-+JKCCNkByqWuvAv8qUL3L9DlDhvIbMsDbsfn3KYolUo=";
vendorSha256 = "sha256-eipxqX2m425FnPkf+ao/k1dYwDHDmJf+eS3S0sEiXkk=";
sourceRoot = "source/pkg";

4
pkgs/tools/package-management/nfpm/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "nfpm";
version = "2.22.0";
version = "2.22.1";
src = fetchFromGitHub {
owner = "goreleaser";
repo = pname;
rev = "v${version}";
sha256 = "sha256-Qb4jzn1UM/0B4ryk3cPVuhqVtJML+Vv5KtebBjirSuI=";
sha256 = "sha256-BdPY1DzF2zunhEp7Z13X3jOxhTPHHUejAe7HZSoexYk=";
};
vendorSha256 = "sha256-fvSA0BQQKhXxyNu0/ilNcMmTBtLm/piA4rJu6p5+8GU=";

4
pkgs/tools/security/ghidra/build.nix
View File

@ -19,13 +19,13 @@
let
pkg_path = "$out/lib/ghidra";
pname = "ghidra";
version = "10.2.1";
version = "10.2.2";
src = fetchFromGitHub {
owner = "NationalSecurityAgency";
repo = "Ghidra";
rev = "Ghidra_${version}_build";
sha256 = "sha256-xK6rSvI3L5wVcTBxJJndAVQMxjpsA5jMq0GeWNmCodI=";
sha256 = "sha256-AiyY6mGM+jHu9n39t/cYj+I5CE+a3vA4P0THNEFoZrk=";
};
desktopItem = makeDesktopItem {

4
pkgs/tools/typesetting/sile/default.nix
View File

@ -43,11 +43,11 @@ in
stdenv.mkDerivation rec {
pname = "sile";
version = "0.14.4";
version = "0.14.5";
src = fetchurl {
url = "https://github.com/sile-typesetter/sile/releases/download/v${version}/${pname}-${version}.tar.xz";
sha256 = "091sy3k29q15ksqr650qmf9lz8j9lqbabfph4cf63plg4dnf9m98";
sha256 = "01wf0rihksk2ldxgci5vzl3j575vnp6wgk12yd28mwzxkss6n39g";
};
configureFlags = [

6
pkgs/top-level/all-packages.nix
View File

@ -15256,6 +15256,7 @@ with pkgs;
};
rustup-toolchain-install-master = callPackage ../development/tools/rust/rustup-toolchain-install-master {
inherit (darwin.apple_sdk.frameworks) Security;
openssl = openssl_1_1;
};
rusty-man = callPackage ../development/tools/rust/rusty-man { };
@ -23706,9 +23707,8 @@ with pkgs;
hasura-cli = callPackage ../servers/hasura/cli.nix { };
inherit (callPackage ../servers/hbase {}) hbase_1_7 hbase_2_4 hbase_3_0;
hbase1 = hbase_1_7;
hbase2 = hbase_2_4;
inherit (callPackage ../servers/hbase {}) hbase_2_4 hbase_2_5 hbase_3_0;
hbase2 = hbase_2_5;
hbase3 = hbase_3_0;
hbase = hbase2; # when updating, point to the latest stable release

1
pkgs/top-level/python-aliases.nix
View File

@ -77,6 +77,7 @@ mapAliases ({
face_recognition_models = face-recognition-models; # added 2022-10-15
fake_factory = throw "fake_factory has been removed because it is unused and deprecated by upstream since 2016."; # added 2022-05-30
faulthandler = throw "faulthandler is built into ${python.executable}"; # added 2021-07-12
filemagic = throw "inactive since 2014, so use python-magic instead"; # added 2022-11-19
flask_login = flask-login; # added 2022-10-17
flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20
flask_testing = flask-testing; # added 2022-04-25

4
pkgs/top-level/python-packages.nix
View File

@ -3228,8 +3228,6 @@ self: super: with self; {
filelock = callPackage ../development/python-modules/filelock { };
filemagic = callPackage ../development/python-modules/filemagic { };
filetype = callPackage ../development/python-modules/filetype { };
filterpy = callPackage ../development/python-modules/filterpy { };
@ -6971,6 +6969,8 @@ self: super: with self; {
ppdeep = callPackage ../development/python-modules/ppdeep { };
prodict = callPackage ../development/python-modules/prodict { };
proxy_tools = callPackage ../development/python-modules/proxy_tools { };
py-nextbusnext = callPackage ../development/python-modules/py-nextbusnext { };