colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2021-12-14 00:07:51 +00:00 committed by GitHub
commit b36624c080
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
105 changed files with 2565 additions and 673 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/tests/misc.nix
View File

@ -496,7 +496,7 @@ runTests {
testToPretty =
let
deriv = derivation { name = "test"; builder = "/bin/sh"; system = builtins.currentSystem; };
deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
in {
expr = mapAttrs (const (generators.toPretty { multiline = false; })) rec {
int = 42;

6
maintainers/maintainer-list.nix
View File

@ -357,10 +357,10 @@
name = "AmirHossein Roozbahani";
};
ahuzik = {
email = "ales.guzik@gmail.com";
github = "alesguzik";
email = "ah1990au@gmail.com";
github = "alesya-h";
githubId = 209175;
name = "Ales Huzik";
name = "Alesya Huzik";
};
aij = {
email = "aij+git@mrph.org";

41
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View File

@ -19,8 +19,16 @@
</section>
<section xml:id="sec-release-22.05-new-services">
<title>New Services</title>
<para>
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
the Intel SGX Architectural Enclave Service Manager. Available
as
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
<title>Backward Incompatibilities</title>
@ -79,7 +87,32 @@
</section>
<section xml:id="sec-release-22.05-notable-changes">
<title>Other Notable Changes</title>
<para>
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The option
<link linkend="opt-services.redis.servers">services.redis.servers</link>
was added to support per-application
<literal>redis-server</literal> which is more secure since
Redis databases are only mere key prefixes without any
configuration or ACL of their own. Backward-compatibility is
preserved by mapping old
<literal>services.redis.settings</literal> to
<literal>services.redis.servers.&quot;&quot;.settings</literal>,
but you are strongly encouraged to name each
<literal>redis-server</literal> instance after the application
using it, instead of keeping that nameless one. Except for the
nameless
<literal>services.redis.servers.&quot;&quot;</literal> still
accessible at <literal>127.0.0.1:6379</literal>, and to the
members of the Unix group <literal>redis</literal> through the
Unix socket <literal>/run/redis/redis.sock</literal>, all
other <literal>services.redis.servers.${serverName}</literal>
are only accessible by default to the members of the Unix
group <literal>redis-${serverName}</literal> through the Unix
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>

18
nixos/doc/manual/release-notes/rl-2205.section.md
View File

@ -8,6 +8,8 @@ In addition to numerous new and upgraded packages, this release has the followin
## New Services {#sec-release-22.05-new-services}
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
@ -33,3 +35,19 @@ In addition to numerous new and upgraded packages, this release has the followin
Please switch to `claws-mail`, which is Claws Mail's latest release based on GTK+3 and Python 3.
## Other Notable Changes {#sec-release-22.05-notable-changes}
- The option [services.redis.servers](#opt-services.redis.servers) was added
to support per-application `redis-server` which is more secure since Redis databases
are only mere key prefixes without any configuration or ACL of their own.
Backward-compatibility is preserved by mapping old `services.redis.settings`
to `services.redis.servers."".settings`, but you are strongly encouraged
to name each `redis-server` instance after the application using it,
instead of keeping that nameless one.
Except for the nameless `services.redis.servers.""`
still accessible at `127.0.0.1:6379`,
and to the members of the Unix group `redis`
through the Unix socket `/run/redis/redis.sock`,
all other `services.redis.servers.${serverName}`
are only accessible by default
to the members of the Unix group `redis-${serverName}`
through the Unix socket `/run/redis-${serverName}/redis.sock`.

47
nixos/modules/hardware/cpu/intel-sgx.nix Normal file
View File

@ -0,0 +1,47 @@
{ config, lib, ... }:
with lib;
let
cfg = config.hardware.cpu.intel.sgx.provision;
defaultGroup = "sgx_prv";
in
{
options.hardware.cpu.intel.sgx.provision = {
enable = mkEnableOption "access to the Intel SGX provisioning device";
user = mkOption {
description = "Owner to assign to the SGX provisioning device.";
type = types.str;
default = "root";
};
group = mkOption {
description = "Group to assign to the SGX provisioning device.";
type = types.str;
default = defaultGroup;
};
mode = mkOption {
description = "Mode to set for the SGX provisioning device.";
type = types.str;
default = "0660";
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = hasAttr cfg.user config.users.users;
message = "Given user does not exist";
}
{
assertion = (cfg.group == defaultGroup) || (hasAttr cfg.group config.users.groups);
message = "Given group does not exist";
}
];
users.groups = optionalAttrs (cfg.group == defaultGroup) {
"${cfg.group}" = { };
};
services.udev.extraRules = ''
SUBSYSTEM=="misc", KERNEL=="sgx_provision", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="${cfg.mode}"
'';
};
}

2
nixos/modules/module-list.nix
View File

@ -45,6 +45,7 @@
./hardware/ckb-next.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/cpu/intel-sgx.nix
./hardware/corectrl.nix
./hardware/digitalbitbox.nix
./hardware/device-tree.nix
@ -928,6 +929,7 @@
./services/search/kibana.nix
./services/search/meilisearch.nix
./services/search/solr.nix
./services/security/aesmd.nix
./services/security/certmgr.nix
./services/security/cfssl.nix
./services/security/clamav.nix

516
nixos/modules/services/databases/redis.nix
View File

@ -5,17 +5,18 @@ with lib;
let
cfg = config.services.redis;
ulimitNofile = cfg.maxclients + 32;
mkValueString = value:
if value == true then "yes"
else if value == false then "no"
else generators.mkValueStringDefault { } value;
redisConfig = pkgs.writeText "redis.conf" (generators.toKeyValue {
redisConfig = settings: pkgs.writeText "redis.conf" (generators.toKeyValue {
listsAsDuplicateKeys = true;
mkKeyValue = generators.mkKeyValueDefault { inherit mkValueString; } " ";
} cfg.settings);
} settings);
redisName = name: "redis" + optionalString (name != "") ("-"+name);
enabledServers = filterAttrs (name: conf: conf.enable) config.services.redis.servers;
in {
imports = [
@ -24,7 +25,28 @@ in {
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
(mkRemovedOptionModule [ "services" "redis" "extraConfig" ] "Use services.redis.settings instead.")
(mkRemovedOptionModule [ "services" "redis" "extraConfig" ] "Use services.redis.servers.*.settings instead.")
(mkRenamedOptionModule [ "services" "redis" "enable"] [ "services" "redis" "servers" "" "enable" ])
(mkRenamedOptionModule [ "services" "redis" "port"] [ "services" "redis" "servers" "" "port" ])
(mkRenamedOptionModule [ "services" "redis" "openFirewall"] [ "services" "redis" "servers" "" "openFirewall" ])
(mkRenamedOptionModule [ "services" "redis" "bind"] [ "services" "redis" "servers" "" "bind" ])
(mkRenamedOptionModule [ "services" "redis" "unixSocket"] [ "services" "redis" "servers" "" "unixSocket" ])
(mkRenamedOptionModule [ "services" "redis" "unixSocketPerm"] [ "services" "redis" "servers" "" "unixSocketPerm" ])
(mkRenamedOptionModule [ "services" "redis" "logLevel"] [ "services" "redis" "servers" "" "logLevel" ])
(mkRenamedOptionModule [ "services" "redis" "logfile"] [ "services" "redis" "servers" "" "logfile" ])
(mkRenamedOptionModule [ "services" "redis" "syslog"] [ "services" "redis" "servers" "" "syslog" ])
(mkRenamedOptionModule [ "services" "redis" "databases"] [ "services" "redis" "servers" "" "databases" ])
(mkRenamedOptionModule [ "services" "redis" "maxclients"] [ "services" "redis" "servers" "" "maxclients" ])
(mkRenamedOptionModule [ "services" "redis" "save"] [ "services" "redis" "servers" "" "save" ])
(mkRenamedOptionModule [ "services" "redis" "slaveOf"] [ "services" "redis" "servers" "" "slaveOf" ])
(mkRenamedOptionModule [ "services" "redis" "masterAuth"] [ "services" "redis" "servers" "" "masterAuth" ])
(mkRenamedOptionModule [ "services" "redis" "requirePass"] [ "services" "redis" "servers" "" "requirePass" ])
(mkRenamedOptionModule [ "services" "redis" "requirePassFile"] [ "services" "redis" "servers" "" "requirePassFile" ])
(mkRenamedOptionModule [ "services" "redis" "appendOnly"] [ "services" "redis" "servers" "" "appendOnly" ])
(mkRenamedOptionModule [ "services" "redis" "appendFsync"] [ "services" "redis" "servers" "" "appendFsync" ])
(mkRenamedOptionModule [ "services" "redis" "slowLogLogSlowerThan"] [ "services" "redis" "servers" "" "slowLogLogSlowerThan" ])
(mkRenamedOptionModule [ "services" "redis" "slowLogMaxLen"] [ "services" "redis" "servers" "" "slowLogMaxLen" ])
(mkRenamedOptionModule [ "services" "redis" "settings"] [ "services" "redis" "servers" "" "settings" ])
];
###### interface
@ -32,18 +54,6 @@ in {
options = {
services.redis = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Redis server. Note that the NixOS module for
Redis disables kernel support for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
'';
};
package = mkOption {
type = types.package;
default = pkgs.redis;
@ -51,176 +61,226 @@ in {
description = "Which Redis derivation to use.";
};
port = mkOption {
type = types.port;
default = 6379;
description = "The port for Redis to listen to.";
};
vmOverCommit = mkEnableOption ''
setting of vm.overcommit_memory to 1
(Suggested for Background Saving: http://redis.io/topics/faq)
'';
vmOverCommit = mkOption {
type = types.bool;
default = false;
description = ''
Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
bind = mkOption {
type = with types; nullOr str;
default = "127.0.0.1";
description = ''
The IP interface to bind to.
<literal>null</literal> means "all interfaces".
'';
example = "192.0.2.1";
};
unixSocket = mkOption {
type = with types; nullOr path;
default = null;
description = "The path to the socket to bind to.";
example = "/run/redis/redis.sock";
};
unixSocketPerm = mkOption {
type = types.int;
default = 750;
description = "Change permissions for the socket";
example = 700;
};
logLevel = mkOption {
type = types.str;
default = "notice"; # debug, verbose, notice, warning
example = "debug";
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
};
logfile = mkOption {
type = types.str;
default = "/dev/null";
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
example = "/var/log/redis.log";
};
syslog = mkOption {
type = types.bool;
default = true;
description = "Enable logging to the system logger.";
};
databases = mkOption {
type = types.int;
default = 16;
description = "Set the number of databases.";
};
maxclients = mkOption {
type = types.int;
default = 10000;
description = "Set the max number of connected clients at the same time.";
};
save = mkOption {
type = with types; listOf (listOf int);
default = [ [900 1] [300 10] [60 10000] ];
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
};
slaveOf = mkOption {
type = with types; nullOr (submodule ({ ... }: {
servers = mkOption {
type = with types; attrsOf (submodule ({config, name, ...}@args: {
options = {
ip = mkOption {
type = str;
description = "IP of the Redis master";
example = "192.168.1.100";
enable = mkEnableOption ''
Redis server.
Note that the NixOS module for Redis disables kernel support
for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
'';
user = mkOption {
type = types.str;
default = redisName name;
defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\"";
description = "The username and groupname for redis-server.";
};
port = mkOption {
type = port;
description = "port of the Redis master";
type = types.port;
default = 6379;
description = "The port for Redis to listen to.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
bind = mkOption {
type = with types; nullOr str;
default = if name == "" then "127.0.0.1" else null;
defaultText = "127.0.0.1 or null if name != \"\"";
description = ''
The IP interface to bind to.
<literal>null</literal> means "all interfaces".
'';
example = "192.0.2.1";
};
unixSocket = mkOption {
type = with types; nullOr path;
default = "/run/${redisName name}/redis.sock";
defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\"";
description = "The path to the socket to bind to.";
};
unixSocketPerm = mkOption {
type = types.int;
default = 660;
description = "Change permissions for the socket";
example = 600;
};
logLevel = mkOption {
type = types.str;
default = "notice"; # debug, verbose, notice, warning
example = "debug";
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
};
logfile = mkOption {
type = types.str;
default = "/dev/null";
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
example = "/var/log/redis.log";
};
syslog = mkOption {
type = types.bool;
default = true;
description = "Enable logging to the system logger.";
};
databases = mkOption {
type = types.int;
default = 16;
description = "Set the number of databases.";
};
maxclients = mkOption {
type = types.int;
default = 10000;
description = "Set the max number of connected clients at the same time.";
};
save = mkOption {
type = with types; listOf (listOf int);
default = [ [900 1] [300 10] [60 10000] ];
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
};
slaveOf = mkOption {
type = with types; nullOr (submodule ({ ... }: {
options = {
ip = mkOption {
type = str;
description = "IP of the Redis master";
example = "192.168.1.100";
};
port = mkOption {
type = port;
description = "port of the Redis master";
default = 6379;
};
};
}));
default = null;
description = "IP and port to which this redis instance acts as a slave.";
example = { ip = "192.168.1.100"; port = 6379; };
};
masterAuth = mkOption {
type = with types; nullOr str;
default = null;
description = ''If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
};
requirePass = mkOption {
type = with types; nullOr str;
default = null;
description = ''
Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).
Use requirePassFile to store it outside of the nix store in a dedicated file.
'';
example = "letmein!";
};
requirePassFile = mkOption {
type = with types; nullOr path;
default = null;
description = "File with password for the database.";
example = "/run/keys/redis-password";
};
appendOnly = mkOption {
type = types.bool;
default = false;
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
};
appendFsync = mkOption {
type = types.str;
default = "everysec"; # no, always, everysec
description = "How often to fsync the append-only log, options: no, always, everysec.";
};
slowLogLogSlowerThan = mkOption {
type = types.int;
default = 10000;
description = "Log queries whose execution take longer than X in milliseconds.";
example = 1000;
};
slowLogMaxLen = mkOption {
type = types.int;
default = 128;
description = "Maximum number of items to keep in slow log.";
};
settings = mkOption {
# TODO: this should be converted to freeformType
type = with types; attrsOf (oneOf [ bool int str (listOf str) ]);
default = {};
description = ''
Redis configuration. Refer to
<link xlink:href="https://redis.io/topics/config"/>
for details on supported values.
'';
example = literalExpression ''
{
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
}
'';
};
};
config.settings = mkMerge [
{
port = if config.bind == null then 0 else config.port;
daemonize = false;
supervised = "systemd";
loglevel = config.logLevel;
logfile = config.logfile;
syslog-enabled = config.syslog;
databases = config.databases;
maxclients = config.maxclients;
save = map (d: "${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}") config.save;
dbfilename = "dump.rdb";
dir = "/var/lib/${redisName name}";
appendOnly = config.appendOnly;
appendfsync = config.appendFsync;
slowlog-log-slower-than = config.slowLogLogSlowerThan;
slowlog-max-len = config.slowLogMaxLen;
}
(mkIf (config.bind != null) { bind = config.bind; })
(mkIf (config.unixSocket != null) {
unixsocket = config.unixSocket;
unixsocketperm = toString config.unixSocketPerm;
})
(mkIf (config.slaveOf != null) { slaveof = "${config.slaveOf.ip} ${toString config.slaveOf.port}"; })
(mkIf (config.masterAuth != null) { masterauth = config.masterAuth; })
(mkIf (config.requirePass != null) { requirepass = config.requirePass; })
];
}));
default = null;
description = "IP and port to which this redis instance acts as a slave.";
example = { ip = "192.168.1.100"; port = 6379; };
};
masterAuth = mkOption {
type = with types; nullOr str;
default = null;
description = ''If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
};
requirePass = mkOption {
type = with types; nullOr str;
default = null;
description = ''
Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).
Use requirePassFile to store it outside of the nix store in a dedicated file.
'';
example = "letmein!";
};
requirePassFile = mkOption {
type = with types; nullOr path;
default = null;
description = "File with password for the database.";
example = "/run/keys/redis-password";
};
appendOnly = mkOption {
type = types.bool;
default = false;
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
};
appendFsync = mkOption {
type = types.str;
default = "everysec"; # no, always, everysec
description = "How often to fsync the append-only log, options: no, always, everysec.";
};
slowLogLogSlowerThan = mkOption {
type = types.int;
default = 10000;
description = "Log queries whose execution take longer than X in milliseconds.";
example = 1000;
};
slowLogMaxLen = mkOption {
type = types.int;
default = 128;
description = "Maximum number of items to keep in slow log.";
};
settings = mkOption {
type = with types; attrsOf (oneOf [ bool int str (listOf str) ]);
description = "Configuration of multiple <literal>redis-server</literal> instances.";
default = {};
description = ''
Redis configuration. Refer to
<link xlink:href="https://redis.io/topics/config"/>
for details on supported values.
'';
example = literalExpression ''
{
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
}
'';
};
};
@ -229,78 +289,61 @@ in {
###### implementation
config = mkIf config.services.redis.enable {
assertions = [{
assertion = cfg.requirePass != null -> cfg.requirePassFile == null;
message = "You can only set one services.redis.requirePass or services.redis.requirePassFile";
}];
boot.kernel.sysctl = (mkMerge [
config = mkIf (enabledServers != {}) {
assertions = attrValues (mapAttrs (name: conf: {
assertion = conf.requirePass != null -> conf.requirePassFile == null;
message = ''
You can only set one services.redis.servers.${name}.requirePass
or services.redis.servers.${name}.requirePassFile
'';
}) enabledServers);
boot.kernel.sysctl = mkMerge [
{ "vm.nr_hugepages" = "0"; }
( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } )
]);
];
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
users.users.redis = {
description = "Redis database user";
group = "redis";
isSystemUser = true;
};
users.groups.redis = {};
networking.firewall.allowedTCPPorts = concatMap (conf:
optional conf.openFirewall conf.port
) (attrValues enabledServers);
environment.systemPackages = [ cfg.package ];
services.redis.settings = mkMerge [
{
port = cfg.port;
daemonize = false;
supervised = "systemd";
loglevel = cfg.logLevel;
logfile = cfg.logfile;
syslog-enabled = cfg.syslog;
databases = cfg.databases;
maxclients = cfg.maxclients;
save = map (d: "${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}") cfg.save;
dbfilename = "dump.rdb";
dir = "/var/lib/redis";
appendOnly = cfg.appendOnly;
appendfsync = cfg.appendFsync;
slowlog-log-slower-than = cfg.slowLogLogSlowerThan;
slowlog-max-len = cfg.slowLogMaxLen;
}
(mkIf (cfg.bind != null) { bind = cfg.bind; })
(mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; })
(mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}"; })
(mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; })
(mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; })
];
users.users = mapAttrs' (name: conf: nameValuePair (redisName name) {
description = "System user for the redis-server instance ${name}";
isSystemUser = true;
group = redisName name;
}) enabledServers;
users.groups = mapAttrs' (name: conf: nameValuePair (redisName name) {
}) enabledServers;
systemd.services.redis = {
description = "Redis Server";
systemd.services = mapAttrs' (name: conf: nameValuePair (redisName name) {
description = "Redis Server - ${redisName name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
install -m 600 ${redisConfig} /run/redis/redis.conf
'' + optionalString (cfg.requirePassFile != null) ''
password=$(cat ${escapeShellArg cfg.requirePassFile})
echo "requirePass $password" >> /run/redis/redis.conf
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
ExecStart = "${cfg.package}/bin/redis-server /run/${redisName name}/redis.conf";
ExecStartPre = [("+"+pkgs.writeShellScript "${redisName name}-credentials" (''
install -o '${conf.user}' -m 600 ${redisConfig conf.settings} /run/${redisName name}/redis.conf
'' + optionalString (conf.requirePassFile != null) ''
{
printf requirePass' '
cat ${escapeShellArg conf.requirePassFile}
} >>/run/${redisName name}/redis.conf
'')
)];
Type = "notify";
# User and group
User = "redis";
Group = "redis";
User = conf.user;
Group = conf.user;
# Runtime directory and mode
RuntimeDirectory = "redis";
RuntimeDirectory = redisName name;
RuntimeDirectoryMode = "0750";
# State directory and mode
StateDirectory = "redis";
StateDirectory = redisName name;
StateDirectoryMode = "0700";
# Access write directories
UMask = "0077";
@ -309,7 +352,7 @@ in {
# Security
NoNewPrivileges = true;
# Process Properties
LimitNOFILE = "${toString ulimitNofile}";
LimitNOFILE = mkDefault "${toString (conf.maxclients + 32)}";
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
@ -322,7 +365,9 @@ in {
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictAddressFamilies =
optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++
optional (conf.unixSocket != null) "AF_UNIX";
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
@ -333,6 +378,7 @@ in {
SystemCallArchitectures = "native";
SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid";
};
};
}) enabledServers;
};
}

227
nixos/modules/services/security/aesmd.nix Normal file
View File

@ -0,0 +1,227 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.aesmd;
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
concatStringsSep "\n" (
optional (whitelistUrl != null) "whitelist url = ${whitelistUrl}" ++
optional (proxy != null) "aesm proxy = ${proxy}" ++
optional (proxyType != null) "proxy type = ${proxyType}" ++
optional (defaultQuotingType != null) "default quoting type = ${defaultQuotingType}" ++
# Newline at end of file
[ "" ]
)
);
in
{
options.services.aesmd = {
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to build the PSW package in debug mode.";
};
settings = mkOption {
description = "AESM configuration";
default = { };
type = types.submodule {
options.whitelistUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin";
description = "URL to retrieve authorized Intel SGX enclave signers.";
};
options.proxy = mkOption {
type = with types; nullOr str;
default = null;
example = "http://proxy_url:1234";
description = "HTTP network proxy.";
};
options.proxyType = mkOption {
type = with types; nullOr (enum [ "default" "direct" "manual" ]);
default = if (cfg.settings.proxy != null) then "manual" else null;
example = "default";
description = ''
Type of proxy to use. The <literal>default</literal> uses the system's default proxy.
If <literal>direct</literal> is given, uses no proxy.
A value of <literal>manual</literal> uses the proxy from
<option>services.aesmd.settings.proxy</option>.
'';
};
options.defaultQuotingType = mkOption {
type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]);
default = null;
example = "ecdsa_256";
description = "Attestation quote type.";
};
};
};
};
config = mkIf cfg.enable {
assertions = [{
assertion = !(config.boot.specialFileSystems."/dev".options ? "noexec");
message = "SGX requires exec permission for /dev";
}];
hardware.cpu.intel.sgx.provision.enable = true;
systemd.services.aesmd =
let
storeAesmFolder = "${sgx-psw}/aesm";
# Hardcoded path AESM_DATA_FOLDER in psw/ae/aesm_service/source/oal/linux/aesm_util.cpp
aesmDataFolder = "/var/opt/aesmd/data";
aesmStateDirSystemd = "%S/aesmd";
in
{
description = "Intel Architectural Enclave Service Manager";
wantedBy = [ "multi-user.target" ];
after = [
"auditd.service"
"network.target"
"syslog.target"
];
environment = {
NAME = "aesm_service";
AESM_PATH = storeAesmFolder;
LD_LIBRARY_PATH = storeAesmFolder;
};
# Make sure any of the SGX application enclave devices is available
unitConfig.AssertPathExists = [
# legacy out-of-tree driver
"|/dev/isgx"
# DCAP driver
"|/dev/sgx/enclave"
# in-tree driver
"|/dev/sgx_enclave"
];
serviceConfig = rec {
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
set -euo pipefail
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
if [[ ! -f "$whiteListFile" ]]; then
${pkgs.coreutils}/bin/install -m 644 -D \
"${storeAesmFolder}/data/white_list_cert_to_be_verify.bin" \
"$whiteListFile"
fi
'';
ExecStart = "${sgx-psw}/bin/aesm_service --no-daemon";
ExecReload = ''${pkgs.coreutils}/bin/kill -SIGHUP "$MAINPID"'';
Restart = "on-failure";
RestartSec = "15s";
DynamicUser = true;
Group = "sgx";
SupplementaryGroups = [
config.hardware.cpu.intel.sgx.provision.group
];
Type = "simple";
WorkingDirectory = storeAesmFolder;
StateDirectory = "aesmd";
StateDirectoryMode = "0700";
RuntimeDirectory = "aesmd";
RuntimeDirectoryMode = "0750";
# Hardening
# chroot into the runtime directory
RootDirectory = "%t/aesmd";
BindReadOnlyPaths = [
builtins.storeDir
# Hardcoded path AESM_CONFIG_FILE in psw/ae/aesm_service/source/utils/aesm_config.cpp
"${configFile}:/etc/aesmd.conf"
];
BindPaths = [
# Hardcoded path CONFIG_SOCKET_PATH in psw/ae/aesm_service/source/core/ipc/SocketConfig.h
"%t/aesmd:/var/run/aesmd"
"%S/aesmd:/var/opt/aesmd"
];
# PrivateDevices=true will mount /dev noexec which breaks AESM
PrivateDevices = false;
DevicePolicy = "closed";
DeviceAllow = [
# legacy out-of-tree driver
"/dev/isgx rw"
# DCAP driver
"/dev/sgx rw"
# in-tree driver
"/dev/sgx_enclave rw"
"/dev/sgx_provision rw"
];
# Requires Internet access for attestation
PrivateNetwork = false;
RestrictAddressFamilies = [
# Allocates the socket /var/run/aesmd/aesm.socket
"AF_UNIX"
# Uses the HTTP protocol to initialize some services
"AF_INET"
"AF_INET6"
];
# True breaks stuff
MemoryDenyWriteExecute = false;
# needs the ipc syscall in order to run
SystemCallFilter = [
"@system-service"
"~@aio"
"~@chown"
"~@clock"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@module"
"~@mount"
"~@privileged"
"~@raw-io"
"~@reboot"
"~@resources"
"~@setuid"
"~@swap"
"~@sync"
"~@timer"
];
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
CapabilityBoundingSet = "";
KeyringMode = "private";
LockPersonality = true;
NoNewPrivileges = true;
NotifyAccess = "none";
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
UMask = "0066";
};
};
};
}

4
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -526,8 +526,8 @@ in {
# FIXME(@Ma27) remove as soon as nextcloud properly supports
# mariadb >=10.6.
isUnsupportedMariadb =
# All currently supported Nextcloud versions are affected.
(versionOlder cfg.package.version "23")
# All currently supported Nextcloud versions are affected (https://github.com/nextcloud/server/issues/25436).
(versionOlder cfg.package.version "24")
# This module uses mysql
&& (cfg.config.dbtype == "mysql")
# MySQL is managed via NixOS

137
nixos/modules/system/activation/switch-to-configuration.pl
View File

@ -146,6 +146,79 @@ sub fingerprintUnit {
return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : "");
}
sub handleModifiedUnit {
my ($unit, $baseName, $newUnitFile, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_;
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.path$/ || $unit =~ /\.slice$/) {
# Do nothing. These cannot be restarted directly.
# Slices and Paths don't have to be restarted since
# properties (resource limits and inotify watches)
# seem to get applied on daemon-reload.
} elsif ($unit =~ /\.mount$/) {
# Reload the changed mount unit to force a remount.
$unitsToReload->{$unit} = 1;
recordUnit($reloadListFile, $unit);
} elsif ($unit =~ /\.socket$/) {
# FIXME: do something?
# Attempt to fix this: https://github.com/NixOS/nixpkgs/pull/141192
# Revert of the attempt: https://github.com/NixOS/nixpkgs/pull/147609
# More details: https://github.com/NixOS/nixpkgs/issues/74899#issuecomment-981142430
} else {
my $unitInfo = parseUnit($newUnitFile);
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
$unitsToReload->{$unit} = 1;
recordUnit($reloadListFile, $unit);
}
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
$unitsToSkip->{$unit} = 1;
} else {
# It doesn't make sense to stop and start non-services because
# they can't have ExecStop=
if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) {
# This unit should be restarted instead of
# stopped and started.
$unitsToRestart->{$unit} = 1;
recordUnit($restartListFile, $unit);
} else {
# If this unit is socket-activated, then stop the
# socket unit(s) as well, and restart the
# socket(s) instead of the service.
my $socketActivated = 0;
if ($unit =~ /\.service$/) {
my @sockets = split / /, ($unitInfo->{Sockets} // "");
if (scalar @sockets == 0) {
@sockets = ("$baseName.socket");
}
foreach my $socket (@sockets) {
if (defined $activePrev->{$socket}) {
$unitsToStop->{$socket} = 1;
# Only restart sockets that actually
# exist in new configuration:
if (-e "$out/etc/systemd/system/$socket") {
$unitsToStart->{$socket} = 1;
recordUnit($startListFile, $socket);
$socketActivated = 1;
}
}
}
}
# If the unit is not socket-activated, record
# that this unit needs to be started below.
# We write this to a file to ensure that the
# service gets restarted if we're interrupted.
if (!$socketActivated) {
$unitsToStart->{$unit} = 1;
recordUnit($startListFile, $unit);
}
$unitsToStop->{$unit} = 1;
}
}
}
}
# Figure out what units need to be stopped, started, restarted or reloaded.
my (%unitsToStop, %unitsToSkip, %unitsToStart, %unitsToRestart, %unitsToReload);
@ -218,69 +291,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
}
elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) {
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.path$/ || $unit =~ /\.slice$/) {
# Do nothing. These cannot be restarted directly.
# Slices and Paths don't have to be restarted since
# properties (resource limits and inotify watches)
# seem to get applied on daemon-reload.
} elsif ($unit =~ /\.mount$/) {
# Reload the changed mount unit to force a remount.
$unitsToReload{$unit} = 1;
recordUnit($reloadListFile, $unit);
} elsif ($unit =~ /\.socket$/) {
# FIXME: do something?
} else {
my $unitInfo = parseUnit($newUnitFile);
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
$unitsToReload{$unit} = 1;
recordUnit($reloadListFile, $unit);
}
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
$unitsToSkip{$unit} = 1;
} else {
if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes")) {
# This unit should be restarted instead of
# stopped and started.
$unitsToRestart{$unit} = 1;
recordUnit($restartListFile, $unit);
} else {
# If this unit is socket-activated, then stop the
# socket unit(s) as well, and restart the
# socket(s) instead of the service.
my $socketActivated = 0;
if ($unit =~ /\.service$/) {
my @sockets = split / /, ($unitInfo->{Sockets} // "");
if (scalar @sockets == 0) {
@sockets = ("$baseName.socket");
}
foreach my $socket (@sockets) {
if (defined $activePrev->{$socket}) {
$unitsToStop{$socket} = 1;
# Only restart sockets that actually
# exist in new configuration:
if (-e "$out/etc/systemd/system/$socket") {
$unitsToStart{$socket} = 1;
recordUnit($startListFile, $socket);
$socketActivated = 1;
}
}
}
}
# If the unit is not socket-activated, record
# that this unit needs to be started below.
# We write this to a file to ensure that the
# service gets restarted if we're interrupted.
if (!$socketActivated) {
$unitsToStart{$unit} = 1;
recordUnit($startListFile, $unit);
}
$unitsToStop{$unit} = 1;
}
}
}
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
}
}
}

62
nixos/tests/aesmd.nix Normal file
View File

@ -0,0 +1,62 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "aesmd";
meta = {
maintainers = with lib.maintainers; [ veehaitch ];
};
machine = { lib, ... }: {
services.aesmd = {
enable = true;
settings = {
defaultQuotingType = "ecdsa_256";
proxyType = "direct";
whitelistUrl = "http://nixos.org";
};
};
# Should have access to the AESM socket
users.users."sgxtest" = {
isNormalUser = true;
extraGroups = [ "sgx" ];
};
# Should NOT have access to the AESM socket
users.users."nosgxtest".isNormalUser = true;
# We don't have a real SGX machine in NixOS tests
systemd.services.aesmd.unitConfig.AssertPathExists = lib.mkForce [ ];
};
testScript = ''
with subtest("aesmd.service starts"):
machine.wait_for_unit("aesmd.service")
status, main_pid = machine.systemctl("show --property MainPID --value aesmd.service")
assert status == 0, "Could not get MainPID of aesmd.service"
main_pid = main_pid.strip()
with subtest("aesmd.service runtime directory permissions"):
runtime_dir = "/run/aesmd";
res = machine.succeed(f"stat -c '%a %U %G' {runtime_dir}").strip()
assert "750 aesmd sgx" == res, f"{runtime_dir} does not have the expected permissions: {res}"
with subtest("aesm.socket available on host"):
socket_path = "/var/run/aesmd/aesm.socket"
machine.wait_until_succeeds(f"test -S {socket_path}")
machine.succeed(f"test 777 -eq $(stat -c '%a' {socket_path})")
for op in [ "-r", "-w", "-x" ]:
machine.succeed(f"sudo -u sgxtest test {op} {socket_path}")
machine.fail(f"sudo -u nosgxtest test {op} {socket_path}")
with subtest("Copies white_list_cert_to_be_verify.bin"):
whitelist_path = "/var/opt/aesmd/data/white_list_cert_to_be_verify.bin"
whitelist_perms = machine.succeed(
f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/stat -c '%a' {whitelist_path}"
).strip()
assert "644" == whitelist_perms, f"white_list_cert_to_be_verify.bin has permissions {whitelist_perms}"
with subtest("Writes and binds aesm.conf in service namespace"):
aesmd_config = machine.succeed(f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/cat /etc/aesmd.conf")
assert aesmd_config == "whitelist url = http://nixos.org\nproxy type = direct\ndefault quoting type = ecdsa_256\n", "aesmd.conf differs"
'';
})

1
nixos/tests/all-tests.nix
View File

@ -23,6 +23,7 @@ in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTest ./acme.nix {};
aesmd = handleTest ./aesmd.nix {};
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
amazon-init-shell = handleTest ./amazon-init-shell.nix {};

2
nixos/tests/prometheus-exporters.nix
View File

@ -939,7 +939,7 @@ let
exporterConfig = {
enable = true;
};
metricProvider.services.redis.enable = true;
metricProvider.services.redis.servers."".enable = true;
exporterTest = ''
wait_for_unit("redis.service")
wait_for_unit("prometheus-redis-exporter.service")

36
nixos/tests/redis.nix
View File

@ -1,7 +1,4 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
redisSocket = "/run/redis/redis.sock";
in
{
name = "redis";
meta = with pkgs.lib.maintainers; {
@ -10,35 +7,40 @@ in
nodes = {
machine =
{ pkgs, ... }:
{ pkgs, lib, ... }: with lib;
{
services.redis.enable = true;
services.redis.unixSocket = redisSocket;
services.redis.servers."".enable = true;
services.redis.servers."test".enable = true;
# Allow access to the unix socket for the "redis" group.
services.redis.unixSocketPerm = 770;
users.users."member" = {
users.users = listToAttrs (map (suffix: nameValuePair "member${suffix}" {
createHome = false;
description = "A member of the redis group";
description = "A member of the redis${suffix} group";
isNormalUser = true;
extraGroups = [
"redis"
];
};
extraGroups = [ "redis${suffix}" ];
}) ["" "-test"]);
};
};
testScript = ''
testScript = { nodes, ... }: let
inherit (nodes.machine.config.services) redis;
in ''
start_all()
machine.wait_for_unit("redis")
machine.wait_for_unit("redis-test")
# The unnamed Redis server still opens a port for backward-compatibility
machine.wait_for_open_port("6379")
machine.wait_for_file("${redis.servers."".unixSocket}")
machine.wait_for_file("${redis.servers."test".unixSocket}")
# The unix socket is accessible to the redis group
machine.succeed('su member -c "redis-cli ping | grep PONG"')
machine.succeed('su member-test -c "redis-cli ping | grep PONG"')
machine.succeed("redis-cli ping | grep PONG")
machine.succeed("redis-cli -s ${redisSocket} ping | grep PONG")
machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG")
machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG")
'';
})

301
nixos/tests/switch-test.nix
View File

@ -3,21 +3,138 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "switch-test";
meta = with pkgs.lib.maintainers; {
maintainers = [ gleber ];
maintainers = [ gleber das_j ];
};
nodes = {
machine = { ... }: {
machine = { pkgs, lib, ... }: {
users.mutableUsers = false;
specialisation = rec {
simpleService.configuration = {
systemd.services.test = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.coreutils}/bin/true";
};
};
};
simpleServiceModified.configuration = {
imports = [ simpleService.configuration ];
systemd.services.test.serviceConfig.X-Test = true;
};
simpleServiceNostop.configuration = {
imports = [ simpleService.configuration ];
systemd.services.test.stopIfChanged = false;
};
simpleServiceReload.configuration = {
imports = [ simpleService.configuration ];
systemd.services.test = {
reloadIfChanged = true;
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/true";
};
};
simpleServiceNorestart.configuration = {
imports = [ simpleService.configuration ];
systemd.services.test.restartIfChanged = false;
};
mount.configuration = {
systemd.mounts = [
{
description = "Testmount";
what = "tmpfs";
type = "tmpfs";
where = "/testmount";
options = "size=1M";
wantedBy = [ "local-fs.target" ];
}
];
};
mountModified.configuration = {
systemd.mounts = [
{
description = "Testmount";
what = "tmpfs";
type = "tmpfs";
where = "/testmount";
options = "size=10M";
wantedBy = [ "local-fs.target" ];
}
];
};
timer.configuration = {
systemd.timers.test-timer = {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "@1395716396"; # chosen by fair dice roll
};
systemd.services.test-timer = {
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.coreutils}/bin/true";
};
};
};
timerModified.configuration = {
imports = [ timer.configuration ];
systemd.timers.test-timer.timerConfig.OnCalendar = lib.mkForce "Fri 2012-11-23 16:00:00";
};
path.configuration = {
systemd.paths.test-watch = {
wantedBy = [ "paths.target" ];
pathConfig.PathExists = "/testpath";
};
systemd.services.test-watch = {
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.coreutils}/bin/touch /testpath-modified";
};
};
};
pathModified.configuration = {
imports = [ path.configuration ];
systemd.paths.test-watch.pathConfig.PathExists = lib.mkForce "/testpath2";
};
slice.configuration = {
systemd.slices.testslice.sliceConfig.MemoryMax = "1"; # don't allow memory allocation
systemd.services.testservice = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.coreutils}/bin/true";
Slice = "testslice.slice";
};
};
};
sliceModified.configuration = {
imports = [ slice.configuration ];
systemd.slices.testslice.sliceConfig.MemoryMax = lib.mkForce null;
};
};
};
other = { ... }: {
other = {
users.mutableUsers = true;
};
};
testScript = {nodes, ...}: let
testScript = { nodes, ... }: let
originalSystem = nodes.machine.config.system.build.toplevel;
otherSystem = nodes.other.config.system.build.toplevel;
machine = nodes.machine.config.system.build.toplevel;
# Ensures failures pass through using pipefail, otherwise failing to
# switch-to-configuration is hidden by the success of `tee`.
@ -27,12 +144,186 @@ import ./make-test-python.nix ({ pkgs, ...} : {
set -o pipefail
exec env -i "$@" | tee /dev/stderr
'';
in ''
in /* python */ ''
def switch_to_specialisation(system, name, action="test"):
if name == "":
stc = f"{system}/bin/switch-to-configuration"
else:
stc = f"{system}/specialisation/{name}/bin/switch-to-configuration"
out = machine.succeed(f"{stc} {action} 2>&1")
assert_lacks(out, "switch-to-configuration line") # Perl warnings
return out
def assert_contains(haystack, needle):
if needle not in haystack:
print("The haystack that will cause the following exception is:")
print("---")
print(haystack)
print("---")
raise Exception(f"Expected string '{needle}' was not found")
def assert_lacks(haystack, needle):
if needle in haystack:
print("The haystack that will cause the following exception is:")
print("---")
print(haystack, end="")
print("---")
raise Exception(f"Unexpected string '{needle}' was found")
machine.succeed(
"${stderrRunner} ${originalSystem}/bin/switch-to-configuration test"
)
machine.succeed(
"${stderrRunner} ${otherSystem}/bin/switch-to-configuration test"
)
with subtest("services"):
switch_to_specialisation("${machine}", "")
# Nothing happens when nothing is changed
out = switch_to_specialisation("${machine}", "")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# Start a simple service
out = switch_to_specialisation("${machine}", "simpleService")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_contains(out, "reloading the following units: dbus.service\n") # huh
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_contains(out, "the following new units were started: test.service\n")
assert_lacks(out, "as well:")
# Not changing anything doesn't do anything
out = switch_to_specialisation("${machine}", "simpleService")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# Restart the simple service
out = switch_to_specialisation("${machine}", "simpleServiceModified")
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_contains(out, "\nstarting the following units: test.service\n")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# Restart the service with stopIfChanged=false
out = switch_to_specialisation("${machine}", "simpleServiceNostop")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_contains(out, "\nrestarting the following units: test.service\n")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# Reload the service with reloadIfChanged=true
out = switch_to_specialisation("${machine}", "simpleServiceReload")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_contains(out, "reloading the following units: test.service\n")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# Nothing happens when restartIfChanged=false
out = switch_to_specialisation("${machine}", "simpleServiceNorestart")
assert_lacks(out, "stopping the following units:")
assert_contains(out, "NOT restarting the following changed units: test.service\n")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# Dry mode shows different messages
out = switch_to_specialisation("${machine}", "simpleService", action="dry-activate")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
assert_contains(out, "would start the following units: test.service\n")
with subtest("mounts"):
switch_to_specialisation("${machine}", "mount")
out = machine.succeed("mount | grep 'on /testmount'")
assert_contains(out, "size=1024k")
out = switch_to_specialisation("${machine}", "mountModified")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_contains(out, "reloading the following units: testmount.mount\n")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# It changed
out = machine.succeed("mount | grep 'on /testmount'")
assert_contains(out, "size=10240k")
with subtest("timers"):
switch_to_specialisation("${machine}", "timer")
out = machine.succeed("systemctl show test-timer.timer")
assert_contains(out, "OnCalendar=2014-03-25 02:59:56 UTC")
out = switch_to_specialisation("${machine}", "timerModified")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "reloading the following units:")
assert_contains(out, "restarting the following units: test-timer.timer\n")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_lacks(out, "as well:")
# It changed
out = machine.succeed("systemctl show test-timer.timer")
assert_contains(out, "OnCalendar=Fri 2012-11-23 16:00:00")
with subtest("paths"):
out = switch_to_specialisation("${machine}", "path")
assert_contains(out, "stopping the following units: test-timer.timer\n")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_contains(out, "the following new units were started: test-watch.path")
assert_lacks(out, "as well:")
machine.fail("test -f /testpath-modified")
# touch the file, unit should be triggered
machine.succeed("touch /testpath")
machine.wait_until_succeeds("test -f /testpath-modified")
machine.succeed("rm /testpath /testpath-modified")
switch_to_specialisation("${machine}", "pathModified")
machine.succeed("touch /testpath")
machine.fail("test -f /testpath-modified")
machine.succeed("touch /testpath2")
machine.wait_until_succeeds("test -f /testpath-modified")
# This test ensures that changes to slice configuration get applied.
# We test this by having a slice that allows no memory allocation at
# all and starting a service within it. If the service crashes, the slice
# is applied and if we modify the slice to allow memory allocation, the
# service should successfully start.
with subtest("slices"):
machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # allow OOMing
out = switch_to_specialisation("${machine}", "slice")
machine.fail("systemctl start testservice.service")
out = switch_to_specialisation("${machine}", "sliceModified")
machine.succeed("systemctl start testservice.service")
machine.succeed("echo 1 > /proc/sys/vm/panic_on_oom") # disallow OOMing
'';
})

10
nixos/tests/txredisapi.nix
View File

@ -10,17 +10,19 @@ import ./make-test-python.nix ({ pkgs, ... }:
{ pkgs, ... }:
{
services.redis.enable = true;
services.redis.unixSocket = "/run/redis/redis.sock";
services.redis.servers."".enable = true;
environment.systemPackages = with pkgs; [ (python38.withPackages (ps: [ ps.twisted ps.txredisapi ps.mock ]))];
};
};
testScript = ''
testScript = { nodes, ... }: let
inherit (nodes.machine.config.services) redis;
in ''
start_all()
machine.wait_for_unit("redis")
machine.wait_for_open_port("6379")
machine.wait_for_file("${redis.servers."".unixSocket}")
machine.succeed("ln -s ${redis.servers."".unixSocket} /tmp/redis.sock")
tests = machine.succeed("PYTHONPATH=\"${pkgs.python3Packages.txredisapi.src}\" python -m twisted.trial ${pkgs.python3Packages.txredisapi.src}/tests")
'';

4
pkgs/applications/blockchains/bisq-desktop/default.nix
View File

@ -35,11 +35,11 @@ let
in
stdenv.mkDerivation rec {
pname = "bisq-desktop";
version = "1.7.5";
version = "1.8.0";
src = fetchurl {
url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
sha256 = "0mwlmya53xaps8x8c5cvk9zxy0ddijkrba8x3jp2glql34wac3ri";
sha256 = "1q6x6w8mp5ax852hlvi2p61xgckb2lpr2ml21a9mfs9421b6m8h2";
};
nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg gnutar zip xz ];

4
pkgs/applications/editors/emacs/generic.nix
View File

@ -10,7 +10,7 @@
, Xaw3d, libXcursor, pkg-config, gettext, libXft, dbus, libpng, libjpeg, giflib
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
, alsa-lib, cairo, acl, gpm, AppKit, GSS, ImageIO, m17n_lib, libotf
, sigtool, jansson, harfbuzz
, sigtool, jansson, harfbuzz, sqlite
, dontRecurseIntoAttrs ,emacsPackagesFor
, libgccjit, targetPlatform, makeWrapper # native-comp params
, systemd ? null
@ -20,6 +20,7 @@
, withGTK3 ? true, gtk3-x11 ? null, gsettings-desktop-schemas ? null
, withXwidgets ? false, webkitgtk ? null, wrapGAppsHook ? null, glib-networking ? null
, withMotif ? false, motif ? null
, withSQLite3 ? false
, withCsrc ? true
, srcRepo ? false, autoreconfHook ? null, texinfo ? null
, siteStart ? ./site-start.el
@ -116,6 +117,7 @@ let emacs = stdenv.mkDerivation (lib.optionalAttrs nativeComp {
++ lib.optional (withX && withGTK2) gtk2-x11
++ lib.optionals (withX && withGTK3) [ gtk3-x11 gsettings-desktop-schemas ]
++ lib.optional (withX && withMotif) motif
++ lib.optional withSQLite3 sqlite
++ lib.optionals (withX && withXwidgets) [ webkitgtk glib-networking ]
++ lib.optionals withNS [ AppKit GSS ImageIO ]
++ lib.optionals stdenv.isDarwin [ sigtool ]

4
pkgs/applications/misc/auto-multiple-choice/default.nix
View File

@ -24,10 +24,10 @@
}:
stdenv.mkDerivation rec {
pname = "auto-multiple-choice";
version = "1.5.1";
version = "1.5.2";
src = fetchurl {
url = "https://download.auto-multiple-choice.net/${pname}_${version}_precomp.tar.gz";
sha256 = "71831122f7b43245d3289617064e0b561817c0130ee1773c1b957841b28b854c";
sha256 = "sha256-AjonJOooSe53Fww3QU6Dft95ojNqWrTuPul3nkIbctM=";
};
tlType = "run";

4
pkgs/applications/misc/latte-dock/default.nix
View File

@ -3,11 +3,11 @@
mkDerivation rec {
pname = "latte-dock";
version = "0.10.0";
version = "0.10.4";
src = fetchurl {
url = "https://download.kde.org/stable/${pname}/${pname}-${version}.tar.xz";
sha256 = "04kq86qmrjbzidrkknj000pv1b5z0r7nfidhy2zv67ks8fdi4zln";
sha256 = "XRop+MNcbeCcbnL2LM1i67QvMudW3CjWYEPLkT/qbGM=";
name = "${pname}-${version}.tar.xz";
};

8
pkgs/applications/misc/logseq/default.nix
View File

@ -1,12 +1,12 @@
{ lib, stdenv, fetchurl, appimageTools, makeWrapper, electron_15 }:
{ lib, stdenv, fetchurl, appimageTools, makeWrapper, electron }:
stdenv.mkDerivation rec {
pname = "logseq";
version = "0.5.1";
version = "0.5.2";
src = fetchurl {
url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage";
sha256 = "/ZI9kK/9bYRJL8jOyRKpdMcy4Cbau+a28AO+kTUl+SE=";
sha256 = "ZlyteVTwP5oM32G+yUzCOmu6b/b19RVLmlEvyOz5hu0=";
name = "${pname}-${version}.AppImage";
};
@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
'';
postFixup = ''
makeWrapper ${electron_15}/bin/electron $out/bin/${pname} \
makeWrapper ${electron}/bin/electron $out/bin/${pname} \
--add-flags $out/share/${pname}/resources/app
'';

6
pkgs/applications/networking/cluster/kubelogin-oidc/default.nix
View File

@ -2,18 +2,18 @@
buildGoModule rec {
pname = "kubelogin";
version = "1.23.3";
version = "1.25.0";
src = fetchFromGitHub {
owner = "int128";
repo = pname;
rev = "v${version}";
sha256 = "sha256-qhdt/j1yFlCr+CCM3VQHxRVMEelZDsjhDJW9CYNCx2U=";
sha256 = "sha256-orclZtmkdplTRvYkN7VotbynSQ9L2kvAPqP20j8QJ2s=";
};
subPackages = ["."];
vendorSha256 = "sha256-RxIrnwIHDi9umu9bqpz3lnpNFdIWoTP657Te9iBv4IA=";
vendorSha256 = "sha256-i46G0lsRvh/PmM+pMYuAjoLMHWF1Uzbd8+EkjIId8KE=";
# Rename the binary instead of symlinking to avoid conflict with the
# Azure version of kubelogin

10
pkgs/applications/networking/cluster/terraform/default.nix
View File

@ -196,10 +196,10 @@ rec {
passthru = { inherit plugins; };
};
terraform_1_0 = mkTerraform {
version = "1.0.11";
sha256 = "0k05s4zm16vksq21f1q00y2lzfgi5fhs1ygydm8jk0srs9x8ask7";
vendorSha256 = "1brgghl7fb26va4adix443rl1dkjaqrr4jkknxjkcaps0knqp172";
terraform_1 = mkTerraform {
version = "1.1.0";
sha256 = "sha256-nnYMoQitqFbOjI8twDh9hWDb1qxMNNVy6wldxkyDKY0=";
vendorSha256 = "sha256-inPNvNUcil9X0VQ/pVgZdnnmn9UCfEz7qXiuKDj8RYM=";
patches = [ ./provider-path-0_15.patch ];
passthru = { inherit plugins; };
};
@ -213,7 +213,7 @@ rec {
mainTf = writeText "main.tf" ''
resource "random_id" "test" {}
'';
terraform = terraform_1_0.withPlugins (p: [ p.random ]);
terraform = terraform_1.withPlugins (p: [ p.random ]);
test =
runCommand "terraform-plugin-test" { buildInputs = [ terraform ]; } ''
set -e

4
pkgs/applications/networking/instant-messengers/element/element-desktop-package.json
View File

@ -2,7 +2,7 @@
"name": "element-desktop",
"productName": "Element",
"main": "lib/electron-main.js",
"version": "1.9.6",
"version": "1.9.7",
"description": "A feature-rich client for Matrix.org",
"author": "Element",
"repository": {
@ -83,7 +83,7 @@
},
"build": {
"appId": "im.riot.app",
"electronVersion": "13.5.1",
"electronVersion": "13.5.2",
"files": [
"package.json",
{

8
pkgs/applications/networking/instant-messengers/element/pin.json
View File

@ -1,6 +1,6 @@
{
"version": "1.9.6",
"desktopSrcHash": "AJLKp9VbNF0XvcQe6t0/pw1hiVCgRiRb27KJooQ2NlQ=",
"desktopYarnHash": "1xa8vrqj3g3hfhzrk8m7yr57my9ipyyhw8vsx4m86v8i1iqrpmnm",
"webHash": "161w6i122i81jyb23mpxlf7k5wx2v4c6ai2liywn89q74hj3axr5"
"version": "1.9.7",
"desktopSrcHash": "bUzIIPNVgK2whQJoEZOaoa+jsJx4No+xji6hXK6wxFY=",
"desktopYarnHash": "1n9dqpvq31k94mx5s1dgqavaxdd0jrzcwdx106c5dnq6xnxs941p",
"webHash": "1fx1nznqbwvs84kpc239ms9kpzy9p72hrz3qqbzay8p9x4gc1ws3"
}

2
pkgs/applications/networking/instant-messengers/nheko/default.nix
View File

@ -12,6 +12,7 @@
, qtkeychain
, qtmacextras
, qtmultimedia
, qtimageformats
, qttools
, qtquickcontrols2
, qtgraphicaleffects
@ -57,6 +58,7 @@ mkDerivation rec {
cmark
qtbase
qtmultimedia
qtimageformats
qttools
qtquickcontrols2
qtgraphicaleffects

8
pkgs/applications/networking/instant-messengers/schildichat/pin.json
View File

@ -1,6 +1,6 @@
{
"version": "1.9.0-sc.1",
"srcHash": "10swz5gwz1izryzllmjm8mhhd0vqk2cp8qjcmmr5gbzspj7p3xgw",
"webYarnHash": "134llyh0197andpnbmfcxnidcgi3xxnb9v10bwfvrqysgnhb5z8v",
"desktopYarnHash": "150jc6p9kbdz599bdkinrhbhncpamhz35j6rcc008qxg2d9qfhwr"
"version": "1.9.7-sc.1",
"srcHash": "0qrjjwcxa141phsgdz325rrkfmjqdmxc3h917cs9c9kf6cblkxaq",
"webYarnHash": "19c594pql2yz1z15phfdlkwcvrcbm8k058fcq7p0k6840dhif5fd",
"desktopYarnHash": "058ihkljb1swjzvgf8gqci5ghvwapmpcf2bsab3yr66lhps7fhci"
}

6
pkgs/applications/networking/soulseek/nicotine-plus/default.nix
View File

@ -5,13 +5,13 @@ with lib;
python3Packages.buildPythonApplication rec {
pname = "nicotine-plus";
version = "3.0.6";
version = "3.1.1";
src = fetchFromGitHub {
owner = "Nicotine-Plus";
repo = "nicotine-plus";
rev = version;
sha256 = "sha256-NL6TXFRB7OeqNEfdANkEqh+MCOF1+ehR+6RO1XsIix8=";
hash = "sha256-NfI2RfxAYhA1qefml1ayfYWjbkrzUL4l9p2Rm/ROnzQ=";
};
nativeBuildInputs = [ gettext wrapGAppsHook ];
@ -21,8 +21,6 @@ python3Packages.buildPythonApplication rec {
postInstall = ''
mv $out/bin/nicotine $out/bin/nicotine-plus
substituteInPlace $out/share/applications/org.nicotine_plus.Nicotine.desktop \
--replace "Exec=nicotine" "Exec=$out/bin/nicotine-plus"
'';
doCheck = false;

43
pkgs/applications/office/gnucash/0001-changes.patch Normal file
View File

@ -0,0 +1,43 @@
diff --git a/libgnucash/engine/test/CMakeLists.txt b/libgnucash/engine/test/CMakeLists.txt
index 8e44172ff..c7289e4fd 100644
--- a/libgnucash/engine/test/CMakeLists.txt
+++ b/libgnucash/engine/test/CMakeLists.txt
@@ -167,22 +167,22 @@ set(test_gnc_numeric_SOURCES
gnc_add_test(test-gnc-numeric "${test_gnc_numeric_SOURCES}"
gtest_engine_INCLUDES gtest_qof_LIBS)
-set(test_gnc_timezone_SOURCES
- ${MODULEPATH}/gnc-timezone.cpp
- gtest-gnc-timezone.cpp)
-gnc_add_test(test-gnc-timezone "${test_gnc_timezone_SOURCES}"
- gtest_engine_INCLUDES gtest_old_engine_LIBS)
-
-set(test_gnc_datetime_SOURCES
- ${MODULEPATH}/gnc-datetime.cpp
- ${MODULEPATH}/gnc-timezone.cpp
- ${MODULEPATH}/gnc-date.cpp
- ${MODULEPATH}/qoflog.cpp
- ${CMAKE_SOURCE_DIR}/libgnucash/core-utils/gnc-locale-utils.cpp
- ${gtest_engine_win32_SOURCES}
- gtest-gnc-datetime.cpp)
-gnc_add_test(test-gnc-datetime "${test_gnc_datetime_SOURCES}"
- gtest_engine_INCLUDES gtest_qof_LIBS)
+#set(test_gnc_timezone_SOURCES
+# ${MODULEPATH}/gnc-timezone.cpp
+# gtest-gnc-timezone.cpp)
+#gnc_add_test(test-gnc-timezone "${test_gnc_timezone_SOURCES}"
+# gtest_engine_INCLUDES gtest_old_engine_LIBS)
+
+#set(test_gnc_datetime_SOURCES
+# ${MODULEPATH}/gnc-datetime.cpp
+# ${MODULEPATH}/gnc-timezone.cpp
+# ${MODULEPATH}/gnc-date.cpp
+# ${MODULEPATH}/qoflog.cpp
+# ${CMAKE_SOURCE_DIR}/libgnucash/core-utils/gnc-locale-utils.cpp
+# ${gtest_engine_win32_SOURCES}
+# gtest-gnc-datetime.cpp)
+#gnc_add_test(test-gnc-datetime "${test_gnc_datetime_SOURCES}"
+# gtest_engine_INCLUDES gtest_qof_LIBS)
set(test_import_map_SOURCES
gtest-import-map.cpp)

36
pkgs/applications/office/gnucash/default.nix
View File

@ -1,4 +1,4 @@
{ fetchurl, fetchpatch, lib, stdenv, pkg-config, makeWrapper, cmake, gtest
{ fetchurl, lib, stdenv, pkg-config, makeWrapper, cmake, gtest
, boost, icu, libxml2, libxslt, gettext, swig, isocodes, gtk3, glibcLocales
, webkitgtk, dconf, hicolor-icon-theme, libofx, aqbanking, gwenhywfar, libdbi
, libdbiDrivers, guile, perl, perlPackages
@ -26,22 +26,13 @@ in
stdenv.mkDerivation rec {
pname = "gnucash";
version = "4.6";
version = "4.8";
src = fetchurl {
url = "mirror://sourceforge/gnucash/${pname}-${version}.tar.bz2";
sha256 = "0csp8iddhc901vv09gl5lj970g6ili696vwj4vdpkiprp7gh26r5";
sha256 = "04pbgx08lfm3l46ndd28ivq5yp3y6zgalbzgi2x8w5inhgzy9f0m";
};
patches = [
# Fixes a warning about an initialized variable that kills enableDebugging gnucash builds on nix.
# This will most likely be part of the 4.7 release, it will be safe to remove then.
(fetchpatch {
url = "https://github.com/Gnucash/gnucash/commit/b42052464ba9701a3d1834fc58fa0deb32ab9afe.patch";
sha256 = "092957c8jqj4v70fv0ia1wpgl6x34hbwjrichxfbk5ja8l6535gc";
})
];
nativeBuildInputs = [ pkg-config makeWrapper cmake gtest swig ];
buildInputs = [
@ -56,6 +47,9 @@ stdenv.mkDerivation rec {
# glib-2.62 deprecations
NIX_CFLAGS_COMPILE = "-DGLIB_DISABLE_DEPRECATION_WARNINGS";
# this patch disables test-gnc-timezone and test-gnc-datetime which fail due to nix datetime challenges
patches = [ ./0001-changes.patch ];
postPatch = ''
patchShebangs .
'';
@ -77,20 +71,16 @@ stdenv.mkDerivation rec {
--prefix GIO_EXTRA_MODULES : "${lib.getLib dconf}/lib/gio/modules"
'';
# TODO: The following tests FAILED:
# 70 - test-load-c (Failed)
# 71 - test-modsysver (Failed)
# 72 - test-incompatdep (Failed)
# 73 - test-agedver (Failed)
# 77 - test-gnc-module-swigged-c (Failed)
# 78 - test-gnc-module-load-deps (Failed)
# 80 - test-gnc-module-scm-module (Failed)
# 81 - test-gnc-module-scm-multi (Failed)
/*
GNUcash's `make check` target does not define its prerequisites but expects them to have already been built.
The list of targets below was built through trial and error based on failing tests.
*/
preCheck = ''
export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test:$PWD/lib/gnucash/test/future''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
export NIX_CFLAGS_LINK="-lgtest -lgtest_main"
make test-scm-query test-split-register-copy-ops test-link-ofx test-import-backend test-import-account-matcher test-import-pending-matches test-qofquerycore test-import-map test-gnc-numeric test-gnc-rational test-gnc-int128 test-qofsession test-kvp-value test-gnc-guid test-numeric test-vendor test-job test-employee test-customer test-address test-business test-recurrence test-transaction-voiding test-transaction-reversal test-split-vs-account test-tokenizer test-aqb test-import-parse test-link-module-tax-us test-dynload test-agedver test-incompatdep test-modsysver test-load-c test-gnc-path-util test-xml2-is-file test-load-example-account test-query test-querynew test-lots test-group-vs-book test-account-object test-engine test-qof test-commodities test-object test-guid test-load-engine test-userdata-dir-invalid-home test-userdata-dir test-resolve-file-path test-gnc-glib-utils test-sqlbe test-column-types test-backend-dbi test-xml-transaction test-xml-pricedb test-xml-commodity test-xml-account test-string-converters test-load-backend test-kvp-frames test-dom-converters1 test-autoclear test-sx test-print-parse-amount gncmod-futuremodsys
'';
doCheck = false;
doCheck = true;
meta = {
description = "Personal and small-business financial-accounting application";

6
pkgs/applications/science/misc/rink/default.nix
View File

@ -2,17 +2,17 @@
, libiconv, Security }:
rustPlatform.buildRustPackage rec {
version = "0.6.1";
version = "0.6.2";
pname = "rink";
src = fetchFromGitHub {
owner = "tiffany352";
repo = "rink-rs";
rev = "v${version}";
sha256 = "1h93xlavcjvx588q8wkpbzph88yjjhhvzcfxr5nicdca0jnha5ch";
sha256 = "sha256-l2Rj15zaJm94EHwvOssfvYQNOoWj45Nq9M85n+A0vo4=";
};
cargoSha256 = "0x4rvfnw3gl2aj6i006nkk3y1f8skyv8g0ss3z2v6qj9nhs7pyir";
cargoSha256 = "sha256-GhuvwVkDRFjC6BghaNMFZZG9hResTN1u0AuvIXlFmig=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ ncurses ]

4
pkgs/applications/terminal-emulators/foot/default.nix
View File

@ -27,7 +27,7 @@
}:
let
version = "1.10.2";
version = "1.10.3";
# build stimuli file for PGO build and the script to generate it
# independently of the foot's build, so we can cache the result
@ -99,7 +99,7 @@ stdenv.mkDerivation rec {
owner = "dnkl";
repo = pname;
rev = version;
sha256 = "00096c2m8pn4gpafvmg9lhyprwgnsis62bq4qmagnbb49bj5kr9v";
sha256 = "13v6xqaw3xn1x84dn4gnkiimcsllb19mrbvcdj2fnm8klnrys3gs";
};
depsBuildBuild = [

32
pkgs/applications/version-management/git-and-tools/gitin/default.nix
View File

@ -1,32 +0,0 @@
{ lib
, buildGoPackage
, fetchFromGitHub
, pkg-config
, libgit2_0_27
}:
buildGoPackage rec {
version = "0.2.3";
pname = "gitin";
goPackagePath = "github.com/isacikgoz/gitin";
src = fetchFromGitHub {
owner = "isacikgoz";
repo = "gitin";
rev = "v${version}";
sha256 = "00z6i0bjk3hdxbc0cy12ss75b41yvzyl5pm6rdrvsjhzavry2fa3";
};
goDeps = ./deps.nix;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libgit2_0_27 ];
meta = with lib; {
homepage = "https://github.com/isacikgoz/gitin";
description = "Text-based user interface for git";
license = licenses.bsd3;
maintainers = with maintainers; [ kimat ];
};
}

121
pkgs/applications/version-management/git-and-tools/gitin/deps.nix generated
View File

@ -1,121 +0,0 @@
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
[
{
goPackagePath = "github.com/alecthomas/template";
fetch = {
type = "git";
url = "https://github.com/alecthomas/template";
rev = "fb15b899a75114aa79cc930e33c46b577cc664b1";
sha256 = "1vlasv4dgycydh5wx6jdcvz40zdv90zz1h7836z7lhsi2ymvii26";
};
}
{
goPackagePath = "github.com/alecthomas/units";
fetch = {
type = "git";
url = "https://github.com/alecthomas/units";
rev = "f65c72e2690dc4b403c8bd637baf4611cd4c069b";
sha256 = "04jyqm7m3m01ppfy1f9xk4qvrwvs78q9zml6llyf2b3v5k6b2bbc";
};
}
{
goPackagePath = "github.com/fatih/color";
fetch = {
type = "git";
url = "https://github.com/fatih/color";
rev = "daf2830f2741ebb735b21709a520c5f37d642d85";
sha256 = "086z8ssmr1fn9ba4mqnw7pnccfpys6l5yfhvycv1gdrsk7n27mvs";
};
}
{
goPackagePath = "github.com/isacikgoz/gia";
fetch = {
type = "git";
url = "https://github.com/isacikgoz/gia";
rev = "00556493579ec25f4e199b85ee1e2a73c98d15bb";
sha256 = "16nqi4z1pgybcw05wbp3qnbbq407smcr56hq7npnhkirngc5j822";
};
}
{
goPackagePath = "github.com/jroimartin/gocui";
fetch = {
type = "git";
url = "https://github.com/jroimartin/gocui";
rev = "c055c87ae801372cd74a0839b972db4f7697ae5f";
sha256 = "1b1cbjg925l1c5v3ls8amni9716190yzf847cqs9wjnj82z8qa47";
};
}
{
goPackagePath = "github.com/justincampbell/timeago";
fetch = {
type = "git";
url = "https://github.com/justincampbell/timeago";
rev = "027f40306f1dbe89d24087611680ef95543bf876";
sha256 = "1p3va1cn9x5pyvq7k64mnvbxp5zy7h9z49syjyglixgg6avdbp1v";
};
}
{
goPackagePath = "github.com/kelseyhightower/envconfig";
fetch = {
type = "git";
url = "https://github.com/kelseyhightower/envconfig";
rev = "0b417c4ec4a8a82eecc22a1459a504aa55163d61";
sha256 = "1a7b35njpqz94gbd7wvsl3wjzpd5y1fj1lrg2sdh00yq0nax1qj9";
};
}
{
goPackagePath = "github.com/mattn/go-runewidth";
fetch = {
type = "git";
url = "https://github.com/mattn/go-runewidth";
rev = "14e809f6d78fcf9f48ff9b70981472b64c05f754";
sha256 = "1mvlxcdwr0vwp8b2wqs6y7hk72y28sqh03dz5x0xkg48d4y9cplj";
};
}
{
goPackagePath = "github.com/nsf/termbox-go";
fetch = {
type = "git";
url = "https://github.com/nsf/termbox-go";
rev = "38ba6e5628f1d70bac606cfd210b9ad1a16c3027";
sha256 = "03xx5vbnavklsk6wykcc7qhmhvn2074sx0ql06b51vqsxwsa6zw2";
};
}
{
goPackagePath = "github.com/sahilm/fuzzy";
fetch = {
type = "git";
url = "https://github.com/sahilm/fuzzy";
rev = "d88f8cb825ddd46a2ce86b60382e11645220ee33";
sha256 = "0nl4l02s3961p11aj1vgajfy28rqlya2z6af2xjncra59gfhqvlq";
};
}
{
goPackagePath = "github.com/waigani/diffparser";
fetch = {
type = "git";
url = "https://github.com/waigani/diffparser";
rev = "7391f219313d9175703f67561b222fd2a81bca30";
sha256 = "0h3y3ivlghdvkyqsh5lcidqdajhc9g7m1xqm73j9a0ayby0sx1ql";
};
}
{
goPackagePath = "gopkg.in/alecthomas/kingpin.v2";
fetch = {
type = "git";
url = "https://gopkg.in/alecthomas/kingpin.v2";
rev = "947dcec5ba9c011838740e680966fd7087a71d0d";
sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r";
};
}
{
goPackagePath = "gopkg.in/libgit2/git2go.v27";
fetch = {
type = "git";
url = "https://gopkg.in/libgit2/git2go.v27";
rev = "6cc7d3dc6aec2781fe0239315da215f49c76e2f8";
sha256 = "0b2m4rjadngyd675bi1k21pyi9r91dsxngzd4mikacpd7yshgvaq";
};
}
]

1
pkgs/build-support/build-bazel-package/default.nix
View File

@ -214,6 +214,7 @@ in stdenv.mkDerivation (fBuildAttrs // {
--output_base="$bazelOut" \
--output_user_root="$bazelUserRoot" \
build \
--curses=no \
-j $NIX_BUILD_CORES \
"''${copts[@]}" \
"''${host_copts[@]}" \

20
pkgs/data/themes/orchis-theme/default.nix
View File

@ -5,18 +5,28 @@
, gnome-themes-extra
, gtk-engine-murrine
, sassc
, accentColor ? "default"
, tweaks ? [ ] # can be "solid" "compact" "black" "primary"
}:
stdenvNoCC.mkDerivation rec {
let
validTweaks = [ "solid" "compact" "black" "primary" ];
unknownTweaks = lib.subtractLists validTweaks tweaks;
in
assert lib.assertMsg (unknownTweaks == [ ]) ''
You entered wrong tweaks: ${toString unknownTweaks}
Valid tweaks are: ${toString validTweaks}
'';
stdenvNoCC.mkDerivation
rec {
pname = "orchis-theme";
version = "2021-06-25";
version = "2021-12-13";
src = fetchFromGitHub {
repo = "Orchis-theme";
owner = "vinceliuice";
rev = version;
sha256 = "sha256-j0nsw1yR1yOckXiIMtzhC3w6kvfzxQQHgwdY6l0OuXw=";
sha256 = "sha256-PN2ucGMDzRv4v86X1zVIs9+GkbMWuja2WaSQLFvJYd0=";
};
nativeBuildInputs = [ gtk3 sassc ];
@ -31,7 +41,7 @@ stdenvNoCC.mkDerivation rec {
installPhase = ''
runHook preInstall
bash install.sh -d $out/share/themes -t ${accentColor}
bash install.sh -d $out/share/themes -t all ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks}
runHook postInstall
'';

4
pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix
View File

@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
pname = "gnome-shell-extensions";
version = "41.0";
version = "41.1";
src = fetchurl {
url = "mirror://gnome/sources/gnome-shell-extensions/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "2E+qwUSLOPl12cGUkMWSivxcWixJ3X5/ga9pD5Rm/Gg=";
sha256 = "0ObyJz8I1S2SX8K7ZrR7KOXvUNG4oUAgh3xmJCPVB9M=";
};
patches = [

4
pkgs/desktops/gnome/core/gnome-shell/default.nix
View File

@ -66,13 +66,13 @@ let
in
stdenv.mkDerivation rec {
pname = "gnome-shell";
version = "41.1";
version = "41.2";
outputs = [ "out" "devdoc" ];
src = fetchurl {
url = "mirror://gnome/sources/gnome-shell/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "X3QkVt/gBgXA8JCjcoymJ5e8SeUK+FK71yhdoaBRf/Y=";
sha256 = "OEZR6wUTk9ur4AbRrQV78p1c1z67h7x3n/Xhwx6AqCc=";
};
patches = [

4
pkgs/desktops/gnome/core/mutter/default.nix
View File

@ -46,13 +46,13 @@
let self = stdenv.mkDerivation rec {
pname = "mutter";
version = "41.1";
version = "41.2";
outputs = [ "out" "dev" "man" ];
src = fetchurl {
url = "mirror://gnome/sources/mutter/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "WOY/0LxD81E08hMTr/Suv5LIKdbfTcmaBEoeN2aR4/M=";
sha256 = "AN+oEvHEhtdKK3P0IEWuEYL5JGx3lNZ9dLXlQ+pwBhc=";
};
patches = [

27
pkgs/desktops/gnome/extensions/freon/default.nix
View File

@ -1,8 +1,20 @@
{ lib, stdenv, fetchFromGitHub, glib }:
{ lib
, stdenv
, fetchFromGitHub
, glib
, substituteAll
, hddtemp
, liquidctl
, lm_sensors
, netcat-gnu
, nvme-cli
, procps
, smartmontools
}:
stdenv.mkDerivation rec {
pname = "gnome-shell-extension-freon";
version = "44";
version = "45";
passthru = {
extensionUuid = "freon@UshakovVasilii_Github.yahoo.com";
@ -13,11 +25,20 @@ stdenv.mkDerivation rec {
owner = "UshakovVasilii";
repo = "gnome-shell-extension-freon";
rev = "EGO-${version}";
sha256 = "sha256-4DYAIC9N5id3vQe0WaOFP+MymsrPK18hbYqO4DjG+2U=";
sha256 = "sha256-tPb7SzHSwvz7VV+kZTmcw1eAdtL1J7FJ3BOtg4Us8jc=";
};
nativeBuildInputs = [ glib ];
patches = [
(substituteAll {
src = ./fix_paths.patch;
inherit hddtemp liquidctl lm_sensors procps smartmontools;
netcat = netcat-gnu;
nvmecli = nvme-cli;
})
];
buildPhase = ''
runHook preBuild
glib-compile-schemas --strict --targetdir="freon@UshakovVasilii_Github.yahoo.com/schemas" "freon@UshakovVasilii_Github.yahoo.com/schemas"

85
pkgs/desktops/gnome/extensions/freon/fix_paths.patch Normal file
View File

@ -0,0 +1,85 @@
diff --git a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
index e5d1d6d..856654b 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
@@ -7,7 +7,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
constructor() {
super();
- let hddtempArgv = GLib.find_program_in_path('hddtemp');
+ let hddtempArgv = GLib.find_program_in_path('@hddtemp@/bin/hddtemp');
if(hddtempArgv) {
// check if this user can run hddtemp directly.
if(!GLib.spawn_command_line_sync(hddtempArgv)[3]){
@@ -19,8 +19,8 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
// doesn't seem to be the case… is it running as a daemon?
// Check first for systemd
let systemctl = GLib.find_program_in_path('systemctl');
- let pidof = GLib.find_program_in_path('pidof');
- let nc = GLib.find_program_in_path('nc');
+ let pidof = GLib.find_program_in_path('@procps@/bin/pidof');
+ let nc = GLib.find_program_in_path('@netcat@/bin/nc');
let pid = undefined;
if(systemctl) {
@@ -35,7 +35,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
// systemd isn't used on this system, try sysvinit instead
if(!pid && pidof) {
- let output = GLib.spawn_command_line_sync("pidof hddtemp")[1].toString().trim();
+ let output = GLib.spawn_command_line_sync("@procps@/bin/pidof hddtemp")[1].toString().trim();
if(output.length)
pid = Number(output.trim());
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
index 766bf62..7cd4e94 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
@@ -8,7 +8,7 @@ const commandLineUtil = Me.imports.commandLineUtil;
var LiquidctlUtil = class extends commandLineUtil.CommandLineUtil {
constructor() {
super();
- const path = GLib.find_program_in_path('liquidctl');
+ const path = GLib.find_program_in_path('@liquidctl@/bin/liquidctl');
this._argv = path ? [path, 'status', '--json'] : null;
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
index ae2ea93..2349b9e 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
const Me = imports.misc.extensionUtils.getCurrentExtension();
function getNvmeData (argv){
- const nvme = GLib.find_program_in_path('nvme')
+ const nvme = GLib.find_program_in_path('@nvmecli@/bin/nvme')
return JSON.parse(GLib.spawn_command_line_sync(`${nvme} ${argv} -o json`)[1].toString())
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
index 62fa580..c017748 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
@@ -7,7 +7,7 @@ var SensorsUtil = class extends CommandLineUtil.CommandLineUtil {
constructor() {
super();
- let path = GLib.find_program_in_path('sensors');
+ let path = GLib.find_program_in_path('@lm_sensors@/bin/sensors');
// -A: Do not show adapter -j: JSON output
this._argv = path ? [path, '-A', '-j'] : null;
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
index 03d469b..6057a3b 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
const Me = imports.misc.extensionUtils.getCurrentExtension();
const ByteArray = imports.byteArray;
function getSmartData (argv){
- const smartctl = GLib.find_program_in_path('smartctl')
+ const smartctl = GLib.find_program_in_path('@smartmontools@/bin/smartctl')
return JSON.parse(ByteArray.toString( GLib.spawn_command_line_sync(`${smartctl} ${argv} -j`)[1] ))
}

7
pkgs/development/libraries/agda/agda-categories/default.nix
View File

@ -11,6 +11,13 @@ mkDerivation rec {
sha256 = "1acb693ad2nrmnn6jxsyrlkc0di3kk2ksj2w9wnyfxrgvfsil7rn";
};
# Remove this once new version of agda-categories is released which
# directly references standard-library-1.7.1
postPatch = ''
substituteInPlace agda-categories.agda-lib \
--replace 'standard-library-1.7' 'standard-library-1.7.1'
'';
buildInputs = [ standard-library ];
meta = with lib; {

6
pkgs/development/libraries/agda/cubical/default.nix
View File

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "cubical";
version = "0.3pred5030a9";
version = "0.4prec3e097a";
src = fetchFromGitHub {
repo = pname;
owner = "agda";
rev = "d5030a9c89070255fc575add4e9f37b97e6a0c0c";
sha256 = "18achbxap4ikydigmz3m3xjfn3i9dw4rn8yih82vrlc01j02nqpi";
rev = "c3e097a98c84083550fa31101346bd42a0501add";
sha256 = "101cni2a9xvia1mglb94z61jm8xk9r5kc1sn44cri0qsmk1zbqxs";
};
LC_ALL = "en_US.UTF-8";

4
pkgs/development/libraries/agda/standard-library/default.nix
View File

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "standard-library";
version = "1.7";
version = "1.7.1";
src = fetchFromGitHub {
repo = "agda-stdlib";
owner = "agda";
rev = "v${version}";
sha256 = "14h3jprm6924g9576v25axn9v6xnip354hvpzlcqsc5qqyj7zzjs";
sha256 = "0khl12jvknsvjsq3l5cbp2b5qlw983qbymi1dcgfz9z0b92si3r0";
};
nativeBuildInputs = [ (ghcWithPackages (self : [ self.filemanip ])) ];

4
pkgs/development/libraries/bctoolbox/default.nix
View File

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
pname = "bctoolbox";
version = "5.0.0";
version = "5.0.55";
nativeBuildInputs = [ cmake bcunit ];
buildInputs = [ mbedtls ];
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
group = "BC";
repo = pname;
rev = version;
sha256 = "sha256-/jv59ZeELfP7PokzthvZNL4FS3tyzRmCHp4I/Lp8BJM=";
sha256 = "sha256-fZ+8XBTZ6/wNd8odzg20dAXtbjRudI6Nw0hKC9bopGo=";
};
# Do not build static libraries

4
pkgs/development/libraries/olm/default.nix
View File

@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
pname = "olm";
version = "3.2.6";
version = "3.2.8";
src = fetchFromGitLab {
domain = "gitlab.matrix.org";
owner = "matrix-org";
repo = pname;
rev = version;
sha256 = "1srmw36nxi0z2y5d9adks09p950qm0fscbnrq1fl37fdypvjl1sk";
sha256 = "1jfhydfcnqpksb2bhi960v3h10prf4v5gx42mm2rp6p0jfbqcy50";
};
nativeBuildInputs = [ cmake ];

4
pkgs/development/python-modules/aiohue/default.nix
View File

@ -6,11 +6,11 @@
buildPythonPackage rec {
pname = "aiohue";
version = "3.0.2";
version = "3.0.3";
src = fetchPypi {
inherit pname version;
sha256 = "8aaee7fef3fff4c9271728c645896226f3df1e00bfab8dcea2456edfb3395fd0";
sha256 = "sha256-ajDwA8zFBQdFeI3oUBBWQZA13PNust21BWxrsB7PcTQ=";
};
propagatedBuildInputs = [

13
pkgs/development/python-modules/aiopvapi/default.nix
View File

@ -2,21 +2,24 @@
, aiohttp
, async-timeout
, buildPythonPackage
, fetchPypi
, fetchFromGitHub
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "aiopvapi";
version = "1.6.14";
version = "1.6.19";
format = "setuptools";
disabled = pythonOlder "3.5";
src = fetchPypi {
inherit pname version;
sha256 = "02bl7q166j6rb8av9n1jz11xlwhrzmbkjq70mwr86qaj63pcxrak";
src = fetchFromGitHub {
owner = "sander76";
repo = "aio-powerview-api";
# no tags on git, no sdist on pypi: https://github.com/sander76/aio-powerview-api/issues/12
rev = "89711e2a0cb4640eb458767d289dcfa3acafb10f";
sha256 = "18gbz9rcf183syvxvvhhl62af3b7463rlqxxs49w4m805hkvirdp";
};
propagatedBuildInputs = [

28
pkgs/development/python-modules/asyncio-rlock/default.nix Normal file
View File

@ -0,0 +1,28 @@
{ lib
, buildPythonPackage
, fetchPypi
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "asyncio-rlock";
version = "0.1.0";
src = fetchPypi {
pname = "asyncio_rlock";
inherit version;
sha256 = "7e29824331619873e10d5d99dcc46d7b8f196c4a11b203f4eeccc0c091039d43";
};
# no tests on PyPI, no tags on GitLab
doCheck = false;
pythonImportsCheck = [ "asyncio_rlock" ];
meta = with lib; {
description = "Rlock like in threading module but for asyncio";
homepage = "https://gitlab.com/heckad/asyncio_rlock";
license = licenses.mit;
maintainers = with maintainers; [ dotlambda ];
};
}

47
pkgs/development/python-modules/cart/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ lib
, pycryptodome
, buildPythonPackage
, fetchFromGitHub
, pythonOlder
, pytestCheckHook
, unittest2
}:
buildPythonPackage rec {
pname = "cart";
version = "1.2.1";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "CybercentreCanada";
repo = pname;
rev = "v${version}";
sha256 = "sha256-PsdDlNhX0FbuwS5ZXk9P98DjnzDGdigfnRwrdwYa4qY=";
};
propagatedBuildInputs = [
pycryptodome
];
checkInputs = [
pytestCheckHook
unittest2
];
pytestFlagsArray = [
"unittests"
];
pythonImportsCheck = [
"cart"
];
meta = with lib; {
description = "Python module for the CaRT Neutering format";
homepage = "https://github.com/CybercentreCanada/cart";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

38
pkgs/development/python-modules/circuitbreaker/default.nix Normal file
View File

@ -0,0 +1,38 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, mock
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "circuitbreaker";
version = "1.3.2";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "fabfuel";
repo = pname;
rev = version;
sha256 = "sha256-3hFa8dwCso5tj26ek2jMdVBRzu5H3vkdjQlDYw2hSH0=";
};
checkInputs = [
mock
pytestCheckHook
];
pythonImportsCheck = [
"circuitbreaker"
];
meta = with lib; {
description = "Python Circuit Breaker implementation";
homepage = "https://github.com/fabfuel/circuitbreaker";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
}

47
pkgs/development/python-modules/dm-tree/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ autoPatchelfHook
, buildPythonPackage
, fetchPypi
, isPy39
, lib
, six
, stdenv
}:
buildPythonPackage rec {
pname = "dm-tree";
version = "0.1.6";
format = "wheel";
# At the time of writing (8/19/21), there are releases for 3.6-3.9. Supporting
# all of them is a pain, so we focus on 3.9, the current nixpkgs python3
# version.
disabled = !isPy39;
src = fetchPypi {
inherit version format;
sha256 = "1f71dy5xa5ywa5chbdhpdf8k0w1v9cvpn3qyk8nnjm79j90la9c4";
pname = "dm_tree";
dist = "cp39";
python = "cp39";
abi = "cp39";
platform = "manylinux_2_24_x86_64";
};
# Prebuilt wheels are dynamically linked against things that nix can't find.
# Run `autoPatchelfHook` to automagically fix them.
nativeBuildInputs = [ autoPatchelfHook ];
# Dynamic link dependencies
buildInputs = [ stdenv.cc.cc ];
propagatedBuildInputs = [ six ];
pythonImportsCheck = [ "tree" ];
meta = with lib; {
description = "Tree is a library for working with nested data structures.";
homepage = "https://github.com/deepmind/tree";
license = licenses.asl20;
maintainers = with maintainers; [ samuela ];
platforms = [ "x86_64-linux" ];
};
}

40
pkgs/development/python-modules/ecs-logging/default.nix Normal file
View File

@ -0,0 +1,40 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, flit-core
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "ecs-logging";
version = "1.1.0";
format = "flit";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "elastic";
repo = "ecs-logging-python";
rev = version;
sha256 = "sha256-UcQh/+K2d4tiMZaz4IAZ2w/B88vEkHoq2LCPMNZ95Mo=";
};
nativeBuildInputs = [
flit-core
];
# Circular dependency elastic-apm
doCheck = false;
pythonImportsCheck = [
"ecs_logging"
];
meta = with lib; {
description = "Logging formatters for the Elastic Common Schema (ECS) in Python";
homepage = "https://github.com/elastic/ecs-logging-python";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

90
pkgs/development/python-modules/elastic-apm/default.nix Normal file
View File

@ -0,0 +1,90 @@
{ lib
, asynctest
, aiohttp
, blinker
, buildPythonPackage
, certifi
, ecs-logging
, fetchFromGitHub
, httpx
, jinja2
, jsonschema
, Logbook
, mock
, pytest-asyncio
, pytest-bdd
, pytest-localserver
, pytest-mock
, pytestCheckHook
, pythonOlder
, sanic
, sanic-testing
, starlette
, structlog
, tornado
, urllib3
, webob
}:
buildPythonPackage rec {
pname = "elastic-apm";
version = "6.7.2";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "elastic";
repo = "apm-agent-python";
rev = "v${version}";
sha256 = "sha256-NyoFJ3HVxE3AdCCZCZrEk4dDiTIv9cGZYPHVre/PMO4=";
};
propagatedBuildInputs = [
aiohttp
blinker
certifi
sanic
starlette
tornado
urllib3
];
checkInputs = [
asynctest
ecs-logging
jinja2
jsonschema
Logbook
mock
httpx
pytest-asyncio
pytest-bdd
pytest-mock
pytest-localserver
sanic-testing
pytestCheckHook
structlog
webob
];
disabledTests = [
"elasticapm_client"
];
disabledTestPaths = [
# Exclude tornado tests
"tests/contrib/asyncio/tornado/tornado_tests.py"
];
pythonImportsCheck = [
"elasticapm"
];
meta = with lib; {
description = "Python agent for the Elastic APM";
homepage = "https://github.com/elastic/apm-agent-python";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/fastecdsa/default.nix
View File

@ -7,12 +7,12 @@
buildPythonPackage rec {
pname = "fastecdsa";
version = "2.2.2";
version = "2.2.3";
format = "setuptools";
src = fetchPypi {
inherit pname version;
sha256 = "1eb6f3ac86ec483a10df62fcda1fb9a9d5d895a436871a8aa935dd20ccd82c6f";
sha256 = "269bdb0f618b38f8f6aec9d23d23db518046c3cee01a954fa6aa7322a1a7db8f";
};
buildInputs = [ gmp ];

4
pkgs/development/python-modules/flux-led/default.nix
View File

@ -8,7 +8,7 @@
buildPythonPackage rec {
pname = "flux-led";
version = "0.25.13";
version = "0.26.11";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -17,7 +17,7 @@ buildPythonPackage rec {
owner = "Danielhiversen";
repo = "flux_led";
rev = version;
sha256 = "sha256-ZWaKk9496AKlQIni+VmnyIda9kn5zQfzmaD76DznQNU=";
sha256 = "sha256-1+LS9pAJQsXzt5vC4vR2SBzC21GbLj8nZ8oF5CfVWSg=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/google-nest-sdm/default.nix
View File

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "google-nest-sdm";
version = "0.4.5";
version = "0.4.6";
format = "setuptools";
disabled = pythonOlder "3.8";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "allenporter";
repo = "python-google-nest-sdm";
rev = version;
sha256 = "sha256-R1/PkWyMHrZmLp+6VqAkLVzycdT1uK5SySUqpOolJCY=";
sha256 = "sha256-oMYCBmqDTPcGHwP3LFYX3CdbHw2hg41EQQv8iiv+ljE=";
};
propagatedBuildInputs = [

8
pkgs/development/python-modules/ircrobots/default.nix
View File

@ -3,6 +3,7 @@
, fetchFromGitHub
, pythonOlder
, anyio
, asyncio-rlock
, asyncio-throttle
, dataclasses
, ircstates
@ -13,23 +14,26 @@
buildPythonPackage rec {
pname = "ircrobots";
version = "0.3.8";
version = "0.4.6";
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = "jesopo";
repo = pname;
rev = "v${version}";
sha256 = "06q86dqllxvi3nssfplmjk9yxaybighwh87lrxfpfhl8yy4z68jz";
sha256 = "sha256-+BrS1+ZkgwT/qvqD0PwRZi2LF+31biS738SzKH1dy7w=";
};
postPatch = ''
# too specific pins https://github.com/jesopo/ircrobots/issues/3
sed -iE 's/anyio.*/anyio/' requirements.txt
sed -iE 's/ircstates.*/ircstates/' requirements.txt
sed -iE 's/async_timeout.*/async_timeout/' requirements.txt
'';
propagatedBuildInputs = [
anyio
asyncio-rlock
asyncio-throttle
ircstates
async_stagger

59
pkgs/development/python-modules/jproperties/default.nix Normal file
View File

@ -0,0 +1,59 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pytestCheckHook
, six
, pytest-datadir
, setuptools-scm
}:
buildPythonPackage rec {
pname = "jproperties";
version = "2.1.1";
format = "setuptools";
src = fetchFromGitHub {
owner = "Tblue";
repo = "python-jproperties";
rev = "v${version}";
sha256 = "sha256-O+ALeGHMNjW1dc9IRyLzO81k8DW2vbGjuZqXxgrhYjo=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = [
setuptools-scm
];
propagatedBuildInputs = [
six
];
checkInputs = [
pytest-datadir
pytestCheckHook
];
postPatch = ''
substituteInPlace setup.py \
--replace "setuptools_scm ~= 3.3" "setuptools_scm"
substituteInPlace pytest.ini \
--replace "--cov=jproperties --cov-report=term --cov-report=html --cov-branch" ""
'';
disabledTestPaths = [
# TypeError: 'PosixPath' object...
"tests/test_simple_utf8.py"
];
pythonImportsCheck = [
"jproperties"
];
meta = with lib; {
description = "Java Property file parser and writer for Python";
homepage = "https://github.com/Tblue/python-jproperties";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/lsassy/default.nix
View File

@ -9,13 +9,13 @@
buildPythonPackage rec {
pname = "lsassy";
version = "3.1.0";
version = "3.1.1";
src = fetchFromGitHub {
owner = "Hackndo";
repo = pname;
rev = "v${version}";
sha256 = "0xycpyzjbzr7836hjzcbmf7sri0r2az65yc6yrgy6kay0v75j4p6";
sha256 = "0jd0kmp0mc8jn5qmgrspdx05vy6nyq773cj4yid1qyr8dmyx6a7n";
};
propagatedBuildInputs = [

36
pkgs/development/python-modules/luhn/default.nix Normal file
View File

@ -0,0 +1,36 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "luhn";
version = "0.2.0";
src = fetchFromGitHub {
owner = "mmcloughlin";
repo = pname;
rev = version;
sha256 = "sha256-ZifaCjOVhWdXuzi5n6V+6eVN5vrEHKgUdpSOXoMyR18=";
};
checkInputs = [
pytestCheckHook
];
pytestFlagsArray = [
"test.py"
];
pythonImportsCheck = [
"luhn"
];
meta = with lib; {
description = "Python module for generate and verify Luhn check digits";
homepage = "https://github.com/mmcloughlin/luhn";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

37
pkgs/development/python-modules/mizani/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ buildPythonPackage
, fetchFromGitHub
, lib
, matplotlib
, palettable
, pandas
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "mizani";
version = "0.7.3";
src = fetchFromGitHub {
owner = "has2k1";
repo = pname;
rev = "v${version}";
sha256 = "04r53dp5jbklv8l9ncgc5wiq0gx25y73h65gmmbbfkxwgsl3w78l";
};
postPatch = ''
substituteInPlace pytest.ini --replace " --cov=mizani --cov-report=xml" ""
'';
propagatedBuildInputs = [ matplotlib palettable pandas ];
checkInputs = [ pytestCheckHook ];
pythonImportsCheck = [ "mizani" ];
meta = with lib; {
description = "Scales for Python";
homepage = "https://github.com/has2k1/mizani";
license = licenses.bsd3;
maintainers = with maintainers; [ samuela ];
};
}

53
pkgs/development/python-modules/ml-collections/default.nix Normal file
View File

@ -0,0 +1,53 @@
{ absl-py
, buildPythonPackage
, contextlib2
, fetchPypi
, fetchurl
, lib
, pyyaml
}:
let
requirements = fetchurl {
url = "https://raw.githubusercontent.com/google/ml_collections/7f749a281c69f9d0b339c05ecb94b80d95029f25/requirements.txt";
sha256 = "1xb351hiscj4zmajfkql3swpacdp6lmz8iwdvwwdx2zqw9a62zps";
};
requirements-test = fetchurl {
url = "https://raw.githubusercontent.com/google/ml_collections/7f749a281c69f9d0b339c05ecb94b80d95029f25/requirements-test.txt";
sha256 = "0r457k2nrg5jkf093r0x29yf8xwy6l7jxi6al0fh7mmnfrhr9cb1";
};
in
buildPythonPackage rec {
pname = "ml-collections";
version = "0.1.0";
# ml-collections does not have any git release tags. See https://github.com/google/ml_collections/issues/8.
src = fetchPypi {
inherit version;
pname = "ml_collections";
sha256 = "0g6gxfz8g6fh1sghys869ylxgpda9hq7ylc8jw05608l3k6pz8ar";
};
# The pypi source archive does not include requirements.txt or
# requirements-test.txt. See https://github.com/google/ml_collections/issues/7.
postPatch = ''
cp ${requirements} requirements.txt
cp ${requirements-test} requirements-test.txt
'';
propagatedBuildInputs = [ absl-py contextlib2 pyyaml ];
# The official test suite uses bazel. With pytestCheckHook there are name
# conflicts between files and tests have assumptions that are broken by the
# nix-build environment, eg. re module names and __file__ attributes.
doCheck = false;
pythonImportsCheck = [ "ml_collections" ];
meta = with lib; {
description = "ML Collections is a library of Python collections designed for ML usecases.";
homepage = "https://github.com/google/ml_collections";
license = licenses.asl20;
maintainers = with maintainers; [ samuela ];
};
}

55
pkgs/development/python-modules/msoffcrypto-tool/default.nix Normal file
View File

@ -0,0 +1,55 @@
{ lib
, olefile
, buildPythonPackage
, fetchFromGitHub
, poetry-core
, cryptography
, pytestCheckHook
, pythonOlder
, setuptools
}:
buildPythonPackage rec {
pname = "msoffcrypto-tool";
version = "4.12.0";
format = "pyproject";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "nolze";
repo = pname;
rev = "v${version}";
sha256 = "sha256-EBEwldh2Ct/4oxnAF1hWeW/uRrVsCYEi0cJaZubofFk=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
cryptography
olefile
setuptools
];
checkInputs = [
pytestCheckHook
];
disabledTests = [
# Test fails with AssertionError
"test_cli"
];
pythonImportsCheck = [
"msoffcrypto"
];
meta = with lib; {
description = "Python tool and library for decrypting MS Office files with passwords or other keys";
homepage = "https://github.com/nolze/msoffcrypto-tool";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

58
pkgs/development/python-modules/notifications-python-client/default.nix Normal file
View File

@ -0,0 +1,58 @@
{ lib
, buildPythonPackage
, docopt
, fetchFromGitHub
, freezegun
, mock
, pyjwt
, pytest-mock
, pytestCheckHook
, pythonOlder
, requests
, requests-mock
}:
buildPythonPackage rec {
pname = "notifications-python-client";
version = "6.3.0";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "alphagov";
repo = pname;
rev = version;
sha256 = "sha256-pfOTVgsfXJQ9GIGowra3RAwxCri76RgnA9iyWbjomCk=";
};
propagatedBuildInputs = [
docopt
pyjwt
requests
];
checkInputs = [
freezegun
mock
pytest-mock
pytestCheckHook
requests-mock
];
postPatch = ''
substituteInPlace setup.py \
--replace "'pytest-runner'" ""
'';
pythonImportsCheck = [
"notifications_python_client"
];
meta = with lib; {
description = "Python client for the GOV.UK Notify API";
homepage = "https://github.com/alphagov/notifications-python-client";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

57
pkgs/development/python-modules/oletools/default.nix Normal file
View File

@ -0,0 +1,57 @@
{ lib
, buildPythonPackage
, colorclass
, easygui
, fetchFromGitHub
, msoffcrypto-tool
, olefile
, pcodedmp
, pyparsing
, pytestCheckHook
, pythonOlder
, setuptools
}:
buildPythonPackage rec {
pname = "oletools";
version = "0.60";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "decalage2";
repo = pname;
rev = "v${version}";
sha256 = "sha256-gatUVkf8iT1OGnahX1BzQLDypCqhS1EvkAgUHJ6myA4=";
};
propagatedBuildInputs = [
colorclass
easygui
msoffcrypto-tool
olefile
pcodedmp
pyparsing
];
checkInputs = [
pytestCheckHook
];
disabledTests = [
# Test fails with AssertionError: Tuples differ: ('MS Word 2007+...
"test_all"
];
pythonImportsCheck = [
"oletools"
];
meta = with lib; {
description = "Python tool to analyze MS OLE2 files and MS Office documents";
homepage = "https://github.com/decalage2/oletools";
license = with licenses; [ bsd2 /* and */ mit ];
maintainers = with maintainers; [ fab ];
};
}

41
pkgs/development/python-modules/pcodedmp/default.nix Normal file
View File

@ -0,0 +1,41 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "pcodedmp";
version = "1.2.6";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "bontchev";
repo = pname;
rev = version;
sha256 = "sha256-SYOFGMvrzxDPMACaCvqwU28Mh9LEuvFBGvAph4X+geo=";
};
postPatch = ''
# Circular dependency
substituteInPlace setup.py \
--replace "'oletools>=0.54'," ""
'';
# Module doesn't have tests
doCheck = false;
pythonImportsCheck = [
"pcodedmp"
];
meta = with lib; {
description = "Python VBA p-code disassembler";
homepage = "https://github.com/bontchev/pcodedmp";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/pyskyqremote/default.nix
View File

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "pyskyqremote";
version = "0.2.49";
version = "0.2.52";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -19,7 +19,7 @@ buildPythonPackage rec {
owner = "RogerSelwyn";
repo = "skyq_remote";
rev = version;
sha256 = "sha256-Xhr+p/kIp3Sm7swqCsjXHaECntwJnBLyGlcSg2lsxZc=";
sha256 = "sha256-iVXi9wopDjtZcqoEWYfg1oPx4RV3e3b9P07rC8ftz9U=";
};
propagatedBuildInputs = [

47
pkgs/development/python-modules/python-datemath/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ lib
, arrow
, buildPythonPackage
, fetchFromGitHub
, pythonOlder
, pytestCheckHook
, unittest2
}:
buildPythonPackage rec {
pname = "python-datemath";
version = "1.5.5";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "nickmaccarthy";
repo = pname;
rev = "v${version}";
sha256 = "sha256-WVWGhyBguE1+KEMQu0N5QxO7IC4rPEJ/2L3VWUCQNi4=";
};
propagatedBuildInputs = [
arrow
];
checkInputs = [
pytestCheckHook
unittest2
];
pytestFlagsArray = [
"tests.py"
];
pythonImportsCheck = [
"datemath"
];
meta = with lib; {
description = "Python module to emulate the date math used in SOLR and Elasticsearch";
homepage = "https://github.com/nickmaccarthy/python-datemath";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

11
pkgs/development/python-modules/python-http-client/default.nix
View File

@ -7,13 +7,14 @@
buildPythonPackage rec {
pname = "python_http_client";
version = "3.3.3";
version = "3.3.4";
format = "setuptools";
src = fetchFromGitHub {
owner = "sendgrid";
repo = "python-http-client";
rev = version;
sha256 = "sha256-cZqyu67xP0UIKYbhYYTNL5kLiPjjMjayde75sqkHZhg=";
sha256 = "sha256-wTXHq+tC+rfvmDZIWvcGhQZqm6DxOmx50BsX0c6asec=";
};
checkInputs = [
@ -21,9 +22,9 @@ buildPythonPackage rec {
pytestCheckHook
];
# Failure was fixed by https://github.com/sendgrid/python-http-client/commit/6d62911ab0d0645b499e14bb17c302b48f3c10e4
disabledTests = [ "test__daterange" ];
pythonImportsCheck = [ "python_http_client" ];
pythonImportsCheck = [
"python_http_client"
];
meta = with lib; {
description = "Python HTTP library to call APIs";

37
pkgs/development/python-modules/subzerod/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ lib
, aiohttp
, buildPythonPackage
, fetchPypi
, pythonOlder
}:
buildPythonPackage rec {
pname = "subzerod";
version = "1.0";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-/7g8Upj9Hb4m83JXLI3X2lqa9faCt42LVxh+V9WpI68=";
};
propagatedBuildInputs = [
aiohttp
];
# Module has no tests
doCheck = false;
pythonImportsCheck = [
"subzerod"
];
meta = with lib; {
description = "Python module to help with the enumeration of subdomains";
homepage = "https://github.com/sanderfoobar/subzerod";
license = with licenses; [ wtfpl ];
maintainers = with maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/youtube-transcript-api/default.nix
View File

@ -2,14 +2,14 @@
buildPythonPackage rec {
pname = "youtube-transcript-api";
version = "0.4.2";
version = "0.4.3";
# PyPI tarball is missing some test files
src = fetchFromGitHub {
owner = "jdepoix";
repo = "youtube-transcript-api";
rev = "v${version}";
sha256 = "04x7mfp4q17w3n8dnklbxblz22496g7g4879nz0wzgijg3m6cwlp";
sha256 = "1krak5j2faj6951cl13h7hg9i3kyp6nslcbi608k8hxlbd80hc5h";
};
propagatedBuildInputs = [ requests ];

30
pkgs/development/tools/continuous-integration/gitlab-runner/0001-gitlab-runner-don-t-checked-for-fixed-runtime.patch Normal file
View File

@ -0,0 +1,30 @@
From 13c633bf0075daa6ff973f368a25cf205caa017e Mon Sep 17 00:00:00 2001
From: Pascal Bach <pascal.bach@nextrem.ch>
Date: Sat, 11 Dec 2021 10:07:01 +0100
Subject: [PATCH] gitlab-runner: don't checked for fixed runtime
We already use 1.16.12 which has the proper fix
---
helpers/patches/issue_28732/syscall.go | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/helpers/patches/issue_28732/syscall.go b/helpers/patches/issue_28732/syscall.go
index 580513b57..fa9e4cc85 100644
--- a/helpers/patches/issue_28732/syscall.go
+++ b/helpers/patches/issue_28732/syscall.go
@@ -2,11 +2,6 @@
package issue_28732
-import (
- "syscall"
-)
-
func AssertFixPresent() {
- // Ensure that Issue28732Fix fixed runtime is used
- syscall.Issue28732Fix()
+ // Issue already fixed by using go 1.16.12
}
--
2.34.0

9
pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
View File

@ -1,7 +1,7 @@
{ lib, buildGoPackage, fetchFromGitLab, fetchurl }:
let
version = "14.5.0";
version = "14.5.2";
in
buildGoPackage rec {
inherit version;
@ -19,10 +19,13 @@ buildGoPackage rec {
owner = "gitlab-org";
repo = "gitlab-runner";
rev = "v${version}";
sha256 = "sha256-BxnIrjiEW61J6hl7mWNXc2Vb4ae1cWqOypTy9Xo7Hkc=";
sha256 = "07mr9w1rp3rnrlixmqziin1gw78s3gncg47b4z9h9zzpy3acy3xd";
};
patches = [ ./fix-shell-path.patch ];
patches = [
./fix-shell-path.patch
./0001-gitlab-runner-don-t-checked-for-fixed-runtime.patch
];
meta = with lib; {
description = "GitLab Runner the continuous integration executor of GitLab";

4
pkgs/development/tools/rocminfo/default.nix
View File

@ -7,13 +7,13 @@
# compilers to determine the desired target.
, defaultTargets ? []}:
stdenv.mkDerivation rec {
version = "4.3.1";
version = "4.5.2";
pname = "rocminfo";
src = fetchFromGitHub {
owner = "RadeonOpenCompute";
repo = "rocminfo";
rev = "rocm-${version}";
sha256 = "sha256-n80tiSVaPTFl4imZvoFENM4KhPLxgDKz5VlOvhEYlV0=";
sha256 = "sha256-VIlHYiGLen4xmdP7kpmObj5wKy6Qq7iupJFtPa4Zd98=";
};
enableParallelBuilding = true;

6
pkgs/development/tools/rust/cargo-feature/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-feature";
version = "0.5.5";
version = "0.6.0";
src = fetchFromGitHub {
owner = "Riey";
repo = pname;
rev = "v${version}";
sha256 = "sha256-0Ski+LytE636HHduisYJJq3khRsaJJ4YhpmaU5On348=";
sha256 = "sha256-9TP67YtvRtgLtsKACL5xjXq5kZtYpTWsTqQsbOKPwtY=";
};
cargoSha256 = "sha256-PA/s/BrqUftdGc5Lvd0glL9Dr8GLX9pYMq6WRRUQwEk=";
cargoSha256 = "sha256-MkLsQebQdqfUuARIdQZg47kMPudstJUgRQgUuovoLes=";
buildInputs = lib.optional stdenv.isDarwin libiconv;

4
pkgs/development/tools/vultr-cli/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "vultr-cli";
version = "2.9.0";
version = "2.11.2";
src = fetchFromGitHub {
owner = "vultr";
repo = pname;
rev = "v${version}";
sha256 = "sha256-xgp+hNNStyakfS8h72CqRTeJVTgA4p4CkoCoTFmFRyI=";
sha256 = "sha256-v5RbStmQX7D+i+oyekilLPsl6lta5rkJV4Uf0mjIF8Y=";
};
vendorSha256 = null;

5
pkgs/games/fheroes2/default.nix
View File

@ -4,20 +4,19 @@
stdenv.mkDerivation rec {
pname = "fheroes2";
version = "0.9.9";
version = "0.9.10";
src = fetchFromGitHub {
owner = "ihhub";
repo = "fheroes2";
rev = version;
sha256 = "sha256-vm9/jHRrG7qSP4GKksUrcK0qC3BW9LXlOnH4/pRyEww=";
sha256 = "sha256-8HXFt4SsQ+qXu/VJmdAdYX7XoNjA4AHItnwS/nyY6H8=";
};
buildInputs = [ gettext libpng SDL2 SDL2_image SDL2_mixer SDL2_ttf zlib ];
makeFlags = [
"FHEROES2_STRICT_COMPILATION=1"
"RELEASE=1"
];
enableParallelBuilding = true;

4
pkgs/os-specific/linux/cifs-utils/default.nix
View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "cifs-utils";
version = "6.13";
version = "6.14";
src = fetchurl {
url = "mirror://samba/pub/linux-cifs/cifs-utils/${pname}-${version}.tar.bz2";
sha256 = "sha256-Q9h4bIYTysz6hJEwgcHWK8JAlXWFTPiVsFtIrwhj0FY=";
sha256 = "sha256-ZgnoB0tUISlf8BKjHwLM2aBYQVxhnIE2Lrt4jb8HVrg=";
};
nativeBuildInputs = [ autoreconfHook docutils pkg-config ];

4
pkgs/os-specific/linux/cpuid/default.nix
View File

@ -6,11 +6,11 @@
stdenv.mkDerivation rec {
pname = "cpuid";
version = "20211129";
version = "20211210";
src = fetchurl {
url = "http://etallen.com/cpuid/${pname}-${version}.src.tar.gz";
sha256 = "sha256-Iwdyu4jERzLmikLS7/Q7z/RtiTv06m4EFR1MtujIji8=";
sha256 = "sha256-4CmJVwDeGm+DNgJSgEiSzVi1TR9f869Et7tq/kEOX0Q=";
};
# For pod2man during the build process.

190
pkgs/os-specific/linux/sgx/psw/default.nix Normal file
View File

@ -0,0 +1,190 @@
{ stdenv
, lib
, fetchurl
, cmake
, coreutils
, curl
, file
, glibc
, makeWrapper
, nixosTests
, protobuf
, python3
, sgx-sdk
, shadow
, systemd
, util-linux
, which
, debug ? false
}:
stdenv.mkDerivation rec {
inherit (sgx-sdk) version versionTag src;
pname = "sgx-psw";
postUnpack =
let
ae.prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
};
dcap = rec {
version = "1.11";
filename = "prebuilt_dcap_${version}.tar.gz";
prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
};
};
in
sgx-sdk.postUnpack + ''
# Make sure we use the correct version of prebuilt DCAP
grep -q 'ae_file_name=${dcap.filename}' "$src/external/dcap_source/QuoteGeneration/download_prebuilt.sh" \
|| (echo "Could not find expected prebuilt DCAP ${dcap.filename} in linux-sgx source" >&2 && exit 1)
tar -zxf ${ae.prebuilt} -C $sourceRoot/
tar -zxf ${dcap.prebuilt} -C $sourceRoot/external/dcap_source/QuoteGeneration/
'';
nativeBuildInputs = [
cmake
file
makeWrapper
python3
sgx-sdk
which
];
buildInputs = [
curl
protobuf
];
hardeningDisable = lib.optionals debug [
"fortify"
];
postPatch = ''
# https://github.com/intel/linux-sgx/pull/730
substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \
--replace '/usr/bin/getconf' 'getconf'
# https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/205
substituteInPlace ./external/dcap_source/QuoteGeneration/buildenv.mk \
--replace '/bin/cp' 'cp'
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/Makefile \
--replace '/bin/cp' 'cp'
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/buildenv.mk \
--replace '/bin/cp' 'cp'
patchShebangs \
linux/installer/bin/build-installpkg.sh \
linux/installer/common/psw/createTarball.sh \
linux/installer/common/psw/install.sh
'';
dontUseCmakeConfigure = true;
# Randomly fails if enabled
enableParallelBuilding = false;
buildFlags = [
"psw_install_pkg"
] ++ lib.optionals debug [
"DEBUG=1"
];
installFlags = [
"-C linux/installer/common/psw/output"
"DESTDIR=$(TMPDIR)/install"
];
postInstall = ''
installDir=$TMPDIR/install
sgxPswDir=$installDir/opt/intel/sgxpsw
mv $installDir/usr/lib64/ $out/lib/
ln -sr $out/lib $out/lib64
# Install udev rules to lib/udev/rules.d
mv $sgxPswDir/udev/ $out/lib/
# Install example AESM config
mkdir $out/etc/
mv $sgxPswDir/aesm/conf/aesmd.conf $out/etc/
rmdir $sgxPswDir/aesm/conf/
# Delete init service
rm $sgxPswDir/aesm/aesmd.conf
# Move systemd services
mkdir -p $out/lib/systemd/system/
mv $sgxPswDir/aesm/aesmd.service $out/lib/systemd/system/
mv $sgxPswDir/remount-dev-exec.service $out/lib/systemd/system/
# Move misc files
mkdir $out/share/
mv $sgxPswDir/licenses $out/share/
# Remove unnecessary files
rm $sgxPswDir/{cleanup.sh,startup.sh}
rm -r $sgxPswDir/scripts
mv $sgxPswDir/aesm/ $out/
mkdir $out/bin
makeWrapper $out/aesm/aesm_service $out/bin/aesm_service \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ protobuf ]}:$out/aesm \
--run "cd $out/aesm"
# Make sure we didn't forget to handle any files
rmdir $sgxPswDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1)
'';
# Most—if not all—of those fixups are not relevant for NixOS as we have our own
# NixOS module which is based on those files without relying on them. Still, it
# is helpful to have properly patched versions for non-NixOS distributions.
postFixup = ''
header "Fixing aesmd.service"
substituteInPlace $out/lib/systemd/system/aesmd.service \
--replace '@aesm_folder@' \
"$out/aesm" \
--replace 'Type=forking' \
'Type=simple' \
--replace "ExecStart=$out/aesm/aesm_service" \
"ExecStart=$out/bin/aesm_service --no-daemon"\
--replace "/bin/mkdir" \
"${coreutils}/bin/mkdir" \
--replace "/bin/chown" \
"${coreutils}/bin/chown" \
--replace "/bin/chmod" \
"${coreutils}/bin/chmod" \
--replace "/bin/kill" \
"${coreutils}/bin/kill"
header "Fixing remount-dev-exec.service"
substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \
--replace '/bin/mount' \
"${util-linux}/bin/mount"
header "Fixing linksgx.sh"
# https://github.com/intel/linux-sgx/pull/736
substituteInPlace $out/aesm/linksgx.sh \
--replace '/usr/bin/getent' \
'${glibc.bin}/bin/getent' \
--replace '/usr/sbin/usermod' \
'${shadow}/bin/usermod'
'';
passthru.tests = {
service = nixosTests.aesmd;
};
meta = with lib; {
description = "Intel SGX Architectural Enclave Service Manager";
homepage = "https://github.com/intel/linux-sgx";
maintainers = with maintainers; [ veehaitch citadelcore ];
platforms = [ "x86_64-linux" ];
license = with licenses; [ bsd3 ];
};
}

8
pkgs/os-specific/linux/sgx-sdk/default.nix → pkgs/os-specific/linux/sgx/sdk/default.nix
View File

@ -21,13 +21,13 @@
, validatePkgConfig
, writeShellScript
, writeText
, debug ? false
}:
with lib;
stdenv.mkDerivation rec {
pname = "sgx-sdk";
version = "2.14.100.2";
versionTag = concatStringsSep "." (take 2 (splitVersion version));
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
src = fetchFromGitHub {
owner = "intel";
@ -140,6 +140,8 @@ stdenv.mkDerivation rec {
buildFlags = [
"sdk_install_pkg"
] ++ lib.optionals debug [
"DEBUG=1"
];
enableParallelBuilding = true;
@ -264,7 +266,7 @@ stdenv.mkDerivation rec {
passthru.tests = callPackage ./samples.nix { };
meta = {
meta = with lib; {
description = "Intel SGX SDK for Linux built with IPP Crypto Library";
homepage = "https://github.com/intel/linux-sgx";
maintainers = with maintainers; [ sbellem arturcygan veehaitch ];

0
pkgs/os-specific/linux/sgx-sdk/ipp-crypto.nix → pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
View File

0
pkgs/os-specific/linux/sgx-sdk/samples.nix → pkgs/os-specific/linux/sgx/sdk/samples.nix
View File

5
pkgs/os-specific/linux/systemd/default.nix
View File

@ -2,6 +2,7 @@
{ stdenv
, lib
, nixosTests
, fetchFromGitHub
, fetchpatch
, fetchzip
@ -613,6 +614,10 @@ stdenv.mkDerivation {
# runtime; otherwise we can't and we need to reboot.
passthru.interfaceVersion = 2;
passthru.tests = {
inherit (nixosTests) switchTest;
};
meta = with lib; {
homepage = "https://www.freedesktop.org/wiki/Software/systemd/";
description = "A system and service manager for Linux";

7
pkgs/os-specific/solo5/default.nix
View File

@ -1,7 +1,7 @@
{ lib, stdenv, fetchurl, pkg-config, libseccomp, util-linux, qemu }:
let
version = "0.6.8";
version = "0.6.9";
# list of all theoretically available targets
targets = [
"genode"
@ -19,9 +19,8 @@ in stdenv.mkDerivation {
buildInputs = lib.optional (stdenv.hostPlatform.isLinux) libseccomp;
src = fetchurl {
url =
"https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz";
sha256 = "sha256-zrxNCXJIuEbtE3YNRK8Bxu2koHsQkcF+xItoIyhj9Uc=";
url = "https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz";
sha256 = "03lvk9mab3yxrmi73wrvvhykqcydjrsda0wj6aasnjm5lx9jycpr";
};
hardeningEnable = [ "pie" ];

2
pkgs/servers/home-assistant/component-packages.nix
View File

@ -2,7 +2,7 @@
# Do not edit!
{
version = "2021.12.0";
version = "2021.12.1";
components = {
"abode" = ps: with ps; [ abodepy ];
"accuweather" = ps: with ps; [ accuweather ];

4
pkgs/servers/home-assistant/default.nix
View File

@ -252,7 +252,7 @@ let
extraBuildInputs = extraPackages py.pkgs;
# Don't forget to run parse-requirements.py after updating
hassVersion = "2021.12.0";
hassVersion = "2021.12.1";
in with py.pkgs; buildPythonApplication rec {
pname = "homeassistant";
@ -269,7 +269,7 @@ in with py.pkgs; buildPythonApplication rec {
owner = "home-assistant";
repo = "core";
rev = version;
hash = "sha256:00hi709pb06c4ki0zb42my6g9cifrp2pn04ygrn5i7q7sr6min71";
hash = "sha256:11qlalfzykbq5ydn2cagkqcbvdjkmjcdpp6lgiys9lyrw1rxycnb";
};
# leave this in, so users don't have to constantly update their downstream patch handling

4
pkgs/servers/home-assistant/frontend.nix
View File

@ -4,11 +4,11 @@ buildPythonPackage rec {
# the frontend version corresponding to a specific home-assistant version can be found here
# https://github.com/home-assistant/home-assistant/blob/master/homeassistant/components/frontend/manifest.json
pname = "home-assistant-frontend";
version = "20211211.0";
version = "20211212.0";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-+rUrNCWf7CBzTPGuK7m88c1ouApelGla/L3SBwxYqdQ=";
sha256 = "sha256-cYh8xBUS8rb2koNAq8JwWtrOHSF1jC5v0lq+W1SwiXI=";
};
# there is nothing to strip in this package

6
pkgs/shells/zsh/oh-my-zsh/default.nix
View File

@ -5,15 +5,15 @@
, git, nix, nixfmt, jq, coreutils, gnused, curl, cacert }:
stdenv.mkDerivation rec {
version = "2021-12-07";
version = "2021-12-13";
pname = "oh-my-zsh";
rev = "5b987e59d0fce1a74bcfd51750c6f52d7c29c647";
rev = "9a3d853481645ae0f961e9cc8421fc5d84e2c3c3";
src = fetchFromGitHub {
inherit rev;
owner = "ohmyzsh";
repo = "ohmyzsh";
sha256 = "JNAuWsD03F8fbhHwwDnDh+2pPjJsyFnT/oboZIhk3rc=";
sha256 = "TFktV7xBm3KaRfW+cUGdwIZZD7TfU0gaq4J8cKBjtMM=";
};
installPhase = ''

6
pkgs/tools/admin/trivy/default.nix
View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "trivy";
version = "0.21.1";
version = "0.21.2";
src = fetchFromGitHub {
owner = "aquasecurity";
repo = pname;
rev = "v${version}";
sha256 = "sha256-KxGG59H5EzIcYigvbQlrwpZLP4zMqErO3vDKhBOPc3w=";
sha256 = "sha256-k8bjwKoAXt9XFQX7rHhdrcu3FoaU31Ra78PQHNVCfq0=";
};
vendorSha256 = "sha256-lITzqPMsZk/G2nG4LcUdyTb3gE3rtlXET/c2UaYODvU=";
vendorSha256 = "sha256-rJvmY0557QOb8D1/LhN8w64ds3HwqolLmGdntS5CJPQ=";
excludedPackages = "misc";

4
pkgs/tools/archivers/tarlz/default.nix
View File

@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "tarlz";
version = "0.11";
version = "0.21";
outputs = [ "out" "man" "info" ];
nativeBuildInputs = [ lzip texinfo ];
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://savannah/lzip/${pname}/${pname}-${version}.tar.lz";
sha256 = "sha256-PalRMerepfYDSaDs4irck+1v5Gy/vlB9CyU6omWUXlk=";
sha256 = "sha256-D5chEt0/Emo5TVoEEHaVzLu55gPnsZM2e9FxRgfgrfQ=";
};
enableParallelBuilding = true;

4
pkgs/tools/archivers/unrar/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "unrar";
version = "6.1.2";
version = "6.1.3";
src = fetchurl {
url = "https://www.rarlab.com/rar/unrarsrc-${version}.tar.gz";
sha256 = "sha256-PpZCH1aOQ4r23NrvcXxI65O4JdlwWOvLFzub/FeAe+M=";
sha256 = "sha256-0FAiRCAJICp5LliL7FiSHBI/8Eb8dV9/InKHGlvXljY=";
};
postPatch = ''

4
pkgs/tools/audio/abcmidi/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "abcMIDI";
version = "2021.12.05";
version = "2021.12.10";
src = fetchzip {
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
hash = "sha256-q3iyIheV7g6l2S6CSKqt9VQKa9i8xg5RKOO3JfFXuLI=";
hash = "sha256-Jvj7gOrIT0IXihPkPDH9n80bg4xllvPTKxIWA3wX5B0=";
};
meta = with lib; {

4
pkgs/tools/misc/graylog/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "graylog";
version = "3.3.14";
version = "3.3.15";
src = fetchurl {
url = "https://packages.graylog2.org/releases/graylog/graylog-${version}.tgz";
sha256 = "04dslbvgrraacsw7wydbiv8jc753as2g54wn9sgh3lsryvzrfqfa";
sha256 = "sha256-/ECHhgLhmLoZ9fjpwGQrGuOW5PBtkB3JUCC9Bgvxr30=";
};
dontBuild = true;

6
pkgs/tools/misc/zellij/default.nix
View File

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "zellij";
version = "0.21.0";
version = "0.22.0";
src = fetchFromGitHub {
owner = "zellij-org";
repo = "zellij";
rev = "v${version}";
sha256 = "1n033qvidahpfsp4k3x30sav3asldhjlsbydb23vg0v7bxjl2c2q";
sha256 = "sha256-bia1q2IPrlVeSLsD/HGkWwAUW8THAuzXQR2Iw0v8TKM=";
};
cargoSha256 = "1pjmlwx966pgri58xx2zqr84wili0bzpl9gzhjdkvcx0j1f66anb";
cargoSha256 = "sha256-ptM0QrrWFy9rb/CpLYuzRE48Wr429lcE9xnV8uA8mGs=";
nativeBuildInputs = [
installShellFiles

4
pkgs/tools/networking/bgpq4/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "bgpq4";
version = "1.2";
version = "1.4";
src = fetchFromGitHub {
owner = "bgp";
repo = pname;
rev = version;
sha256 = "sha256-8r70tetbTq8GxxtFe71gDYy+wg8yBwYpl1gsu5aAHTA=";
sha256 = "sha256-EFxINRFrcNXGtXpNqvBIN6pE1kG3OdeDIHYOsG2celI=";
};
nativeBuildInputs = [

10
pkgs/tools/networking/cjdns/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, nodejs, which, python27, util-linux, nixosTests }:
{ lib, stdenv, fetchFromGitHub, nodejs, which, python3, util-linux, nixosTests }:
stdenv.mkDerivation rec {
pname = "cjdns";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "NOmk+vMZ8i0E2MjrUzksk+tkJ9XVVNEXlE5OOTNa+Y0=";
};
buildInputs = [ which python27 nodejs ] ++
buildInputs = [ which python3 nodejs ] ++
# for flock
lib.optional stdenv.isLinux util-linux;
@ -21,12 +21,8 @@ stdenv.mkDerivation rec {
+ "bash do";
installPhase = ''
install -Dt "$out/bin/" cjdroute makekeys privatetopublic publictoip6
sed -i 's,/usr/bin/env node,'$(type -P node), \
$(find contrib -name "*.js")
sed -i 's,/usr/bin/env python,'$(type -P python), \
$(find contrib -type f)
mkdir -p $out/share/cjdns
cp -R contrib tools node_build node_modules $out/share/cjdns/
cp -R tools node_build node_modules $out/share/cjdns/
'';
passthru.tests.basic = nixosTests.cjdns;

37
pkgs/tools/security/arsenal/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "arsenal";
version = "1.0.2";
src = fetchFromGitHub {
owner = "Orange-Cyberdefense";
repo = "arsenal";
rev = version;
sha256 = "sha256-RZxGSrtEa3hAtowD2lUb9BgwpSWlYo90fU9nDvUfoAk=";
};
propagatedBuildInputs = with python3.pkgs; [
libtmux
docutils
pyperclip
];
# Project has no tests
doCheck = false;
pythonImportsCheck = [
"arsenal"
];
meta = with lib; {
description = "Tool to generate commands for security and network tools";
homepage = "https://github.com/Orange-Cyberdefense/arsenal";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
mainProgram = "arsenal";
};
}

29
pkgs/tools/security/fierce/default.nix
View File

@ -1,31 +1,40 @@
{ lib, fetchFromGitHub, python3 }:
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "fierce";
version = "1.4.0";
version = "1.5.0";
format = "setuptools";
src = fetchFromGitHub {
owner = "mschwager";
repo = pname;
rev = version;
sha256 = "11yaz8ap9swx95j3wpqh0b6jhw6spqgfnsyn1liw9zqi4jwgiax7";
sha256 = "sha256-9VTPD5i203BTl2nADjq131W9elgnaHNIWGIUuCiYlHg=";
};
postPatch = ''
substituteInPlace requirements.txt --replace 'dnspython==1.16.0' 'dnspython'
'';
propagatedBuildInputs = with python3.pkgs; [
dnspython
];
propagatedBuildInputs = [ python3.pkgs.dnspython ];
postPatch = ''
substituteInPlace requirements.txt \
--replace 'dnspython==1.16.0' 'dnspython'
'';
# tests require network access
doCheck = false;
pythonImportsCheck = [ "fierce" ];
pythonImportsCheck = [
"fierce"
];
meta = with lib; {
homepage = "https://github.com/mschwager/fierce";
description = "DNS reconnaissance tool for locating non-contiguous IP space";
homepage = "https://github.com/mschwager/fierce";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ c0bw3b ];
platforms = platforms.all;
};
}

Some files were not shown because too many files have changed in this diff Show More