colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge #275620: staging-next 2023-12-20

Browse Source
This commit is contained in:
Vladimír Čunát 2024-01-12 15:02:23 +01:00
commit bae093a327
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
1384 changed files with 12444 additions and 7111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
maintainers/scripts/luarocks-packages.csv
View File

@ -7,7 +7,7 @@ binaryheap,,,,,,vcunat
busted,,,,,,
cassowary,,,,,,marsam alerque
cldr,,,,,,alerque
compat53,,,,0.7-1,,vcunat
compat53,,,,,,vcunat
cosmo,,,,,,marsam
coxpcall,,,,1.17.0-1,,
cqueues,,,,,,vcunat
@ -15,6 +15,7 @@ cyan,,,,,,
digestif,https://github.com/astoff/digestif.git,,,,5.3,
dkjson,,,,,,
fennel,,,,,,misterio77
fidget.nvim,,,,,,mrcjkb
fifo,,,,,,
fluent,,,,,,alerque
fzy,,,,,,mrcjkb
@ -55,7 +56,7 @@ lua-subprocess,https://github.com/0x0ade/lua-subprocess,,,,5.1,scoder12
lua-term,,,,,,
lua-toml,,,,,,
lua-zlib,,,,,,koral
lua_cliargs,https://github.com/amireh/lua_cliargs.git,,,,,
lua_cliargs,,,,,,
luabitop,https://github.com/teto/luabitop.git,,,,,
luacheck,,,,,,
luacov,,,,,,
@ -86,7 +87,7 @@ luautf8,,,,,,pstn
luazip,,,,,,
lua-yajl,,,,,,pstn
lua-iconv,,,,7.0.0,,
luuid,,,,,,
luuid,,,,20120509-2,,
luv,,,,1.44.2-1,,
lush.nvim,https://github.com/rktjmp/lush.nvim,,,,,teto
lyaml,,,,,,lblasc

1 name src ref server version luaversion maintainers
7 busted
8 cassowary marsam alerque
9 cldr alerque
10 compat53 0.7-1 vcunat
11 cosmo marsam
12 coxpcall 1.17.0-1
13 cqueues vcunat
15 digestif https://github.com/astoff/digestif.git 5.3
16 dkjson
17 fennel misterio77
18 fidget.nvim mrcjkb
19 fifo
20 fluent alerque
21 fzy mrcjkb
56 lua-term
57 lua-toml
58 lua-zlib koral
59 lua_cliargs https://github.com/amireh/lua_cliargs.git
60 luabitop https://github.com/teto/luabitop.git
61 luacheck
62 luacov
87 luazip
88 lua-yajl pstn
89 lua-iconv 7.0.0
90 luuid 20120509-2
91 luv 1.44.2-1
92 lush.nvim https://github.com/rktjmp/lush.nvim teto
93 lyaml lblasc

2
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -26,6 +26,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
- systemd's gateway, upload, and remote services, which provides ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable).
- [GNS3](https://www.gns3.com/), a network software emulator. Available as [services.gns3-server](#opt-services.gns3-server.enable).
- [rspamd-trainer](https://gitlab.com/onlime/rspamd-trainer), script triggered by a helper which reads mails from a specific mail inbox and feeds them into rspamd for spam/ham training.

2
nixos/lib/make-options-doc/default.nix
View File

@ -120,7 +120,7 @@ in rec {
{ meta.description = "List of NixOS options in JSON format";
nativeBuildInputs = [
pkgs.brotli
pkgs.python3Minimal
pkgs.python3
];
options = builtins.toFile "options.json"
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));

6
nixos/lib/test-driver/default.nix
View File

@ -18,7 +18,7 @@ python3Packages.buildPythonApplication {
pname = "nixos-test-driver";
version = "1.1";
src = ./.;
format = "pyproject";
pyproject = true;
propagatedBuildInputs = [
coreutils
@ -32,6 +32,10 @@ python3Packages.buildPythonApplication {
++ (lib.optionals enableOCR [ imagemagick_light tesseract4 ])
++ extraPythonPackages python3Packages;
nativeBuildInputs = [
python3Packages.setuptools
];
passthru.tests = {
inherit (nixosTests.nixos-test-driver) driver-timeout;
};

16
nixos/modules/hardware/video/webcam/ipu6.nix
View File

@ -13,11 +13,12 @@ in
enable = mkEnableOption (lib.mdDoc "support for Intel IPU6/MIPI cameras");
platform = mkOption {
type = types.enum [ "ipu6" "ipu6ep" ];
type = types.enum [ "ipu6" "ipu6ep" "ipu6epmtl" ];
description = lib.mdDoc ''
Choose the version for your hardware platform.
Use `ipu6` for Tiger Lake and `ipu6ep` for Alder Lake respectively.
Use `ipu6` for Tiger Lake, `ipu6ep` for Alder Lake or Raptor Lake,
and `ipu6epmtl` for Meteor Lake.
'';
};
@ -29,9 +30,7 @@ in
ipu6-drivers
];
hardware.firmware = with pkgs; [ ]
++ optional (cfg.platform == "ipu6") ipu6-camera-bin
++ optional (cfg.platform == "ipu6ep") ipu6ep-camera-bin;
hardware.firmware = [ pkgs.ipu6-camera-bins ];
services.udev.extraRules = ''
SUBSYSTEM=="intel-ipu6-psys", MODE="0660", GROUP="video"
@ -44,14 +43,13 @@ in
extraPackages = with pkgs.gst_all_1; [ ]
++ optional (cfg.platform == "ipu6") icamerasrc-ipu6
++ optional (cfg.platform == "ipu6ep") icamerasrc-ipu6ep;
++ optional (cfg.platform == "ipu6ep") icamerasrc-ipu6ep
++ optional (cfg.platform == "ipu6epmtl") icamerasrc-ipu6epmtl;
input = {
pipeline = "icamerasrc";
format = mkIf (cfg.platform == "ipu6ep") (mkDefault "NV12");
format = mkIf (cfg.platform != "ipu6") (mkDefault "NV12");
};
};
};
}

3
nixos/modules/module-list.nix
View File

@ -1476,6 +1476,9 @@
./system/boot/systemd/initrd-secrets.nix
./system/boot/systemd/initrd.nix
./system/boot/systemd/journald.nix
./system/boot/systemd/journald-gateway.nix
./system/boot/systemd/journald-remote.nix
./system/boot/systemd/journald-upload.nix
./system/boot/systemd/logind.nix
./system/boot/systemd/nspawn.nix
./system/boot/systemd/oomd.nix

135
nixos/modules/system/boot/systemd/journald-gateway.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.journald.gateway;
cliArgs = lib.cli.toGNUCommandLineShell { } {
# If either of these are null / false, they are not passed in the command-line
inherit (cfg) cert key trust system user merge;
};
in
{
meta.maintainers = [ lib.maintainers.raitobezarius ];
options.services.journald.gateway = {
enable = lib.mkEnableOption "the HTTP gateway to the journal";
port = lib.mkOption {
default = 19531;
type = lib.types.port;
description = ''
The port to listen to.
'';
};
cert = lib.mkOption {
default = null;
type = with lib.types; nullOr str;
description = lib.mdDoc ''
The path to a file or `AF_UNIX` stream socket to read the server
certificate from.
The certificate must be in PEM format. This option switches
`systemd-journal-gatewayd` into HTTPS mode and must be used together
with {option}`services.journald.gateway.key`.
'';
};
key = lib.mkOption {
default = null;
type = with lib.types; nullOr str;
description = lib.mdDoc ''
Specify the path to a file or `AF_UNIX` stream socket to read the
secret server key corresponding to the certificate specified with
{option}`services.journald.gateway.cert` from.
The key must be in PEM format.
This key should not be world-readable, and must be readably by the
`systemd-journal-gateway` user.
'';
};
trust = lib.mkOption {
default = null;
type = with lib.types; nullOr str;
description = lib.mdDoc ''
Specify the path to a file or `AF_UNIX` stream socket to read a CA
certificate from.
The certificate must be in PEM format.
Setting this option enforces client certificate checking.
'';
};
system = lib.mkOption {
default = true;
type = lib.types.bool;
description = lib.mdDoc ''
Serve entries from system services and the kernel.
This has the same meaning as `--system` for {manpage}`journalctl(1)`.
'';
};
user = lib.mkOption {
default = true;
type = lib.types.bool;
description = lib.mdDoc ''
Serve entries from services for the current user.
This has the same meaning as `--user` for {manpage}`journalctl(1)`.
'';
};
merge = lib.mkOption {
default = false;
type = lib.types.bool;
description = lib.mdDoc ''
Serve entries interleaved from all available journals, including other
machines.
This has the same meaning as `--merge` option for
{manpage}`journalctl(1)`.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
# This prevents the weird case were disabling "system" and "user"
# actually enables both because the cli flags are not present.
assertion = cfg.system || cfg.user;
message = ''
systemd-journal-gatewayd cannot serve neither "system" nor "user"
journals.
'';
}
];
systemd.additionalUpstreamSystemUnits = [
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
];
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
systemd.services.systemd-journal-gatewayd.serviceConfig.ExecStart = [
# Clear the default command line
""
"${pkgs.systemd}/lib/systemd/systemd-journal-gatewayd ${cliArgs}"
];
systemd.sockets.systemd-journal-gatewayd = {
wantedBy = [ "sockets.target" ];
listenStreams = [
# Clear the default port
""
(toString cfg.port)
];
};
};
}

163
nixos/modules/system/boot/systemd/journald-remote.nix Normal file
View File

@ -0,0 +1,163 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.journald.remote;
format = pkgs.formats.systemd;
cliArgs = lib.cli.toGNUCommandLineShell { } {
inherit (cfg) output;
# "-3" specifies the file descriptor from the .socket unit.
"listen-${cfg.listen}" = "-3";
};
in
{
meta.maintainers = [ lib.maintainers.raitobezarius ];
options.services.journald.remote = {
enable = lib.mkEnableOption "receiving systemd journals from the network";
listen = lib.mkOption {
default = "https";
type = lib.types.enum [ "https" "http" ];
description = lib.mdDoc ''
Which protocol to listen to.
'';
};
output = lib.mkOption {
default = "/var/log/journal/remote/";
type = lib.types.str;
description = lib.mdDoc ''
The location of the output journal.
In case the output file is not specified, journal files will be created
underneath the selected directory. Files will be called
{file}`remote-hostname.journal`, where the `hostname` part is the
escaped hostname of the source endpoint of the connection, or the
numerical address if the hostname cannot be determined.
'';
};
port = lib.mkOption {
default = 19532;
type = lib.types.port;
description = ''
The port to listen to.
Note that this option is used only if
{option}`services.journald.upload.listen` is configured to be either
"https" or "http".
'';
};
settings = lib.mkOption {
default = { };
description = lib.mdDoc ''
Configuration in the journal-remote configuration file. See
{manpage}`journal-remote.conf(5)` for available options.
'';
type = lib.types.submodule {
freeformType = format.type;
options.Remote = {
Seal = lib.mkOption {
default = false;
example = true;
type = lib.types.bool;
description = ''
Periodically sign the data in the journal using Forward Secure
Sealing.
'';
};
SplitMode = lib.mkOption {
default = "host";
example = "none";
type = lib.types.enum [ "host" "none" ];
description = lib.mdDoc ''
With "host", a separate output file is used, based on the
hostname of the other endpoint of a connection. With "none", only
one output journal file is used.
'';
};
ServerKeyFile = lib.mkOption {
default = "/etc/ssl/private/journal-remote.pem";
type = lib.types.str;
description = lib.mdDoc ''
A path to a SSL secret key file in PEM format.
Note that due to security reasons, `systemd-journal-remote` will
refuse files from the world-readable `/nix/store`. This file
should be readable by the "" user.
This option can be used with `listen = "https"`. If the path
refers to an `AF_UNIX` stream socket in the file system a
connection is made to it and the key read from it.
'';
};
ServerCertificateFile = lib.mkOption {
default = "/etc/ssl/certs/journal-remote.pem";
type = lib.types.str;
description = lib.mdDoc ''
A path to a SSL certificate file in PEM format.
This option can be used with `listen = "https"`. If the path
refers to an `AF_UNIX` stream socket in the file system a
connection is made to it and the certificate read from it.
'';
};
TrustedCertificateFile = lib.mkOption {
default = "/etc/ssl/ca/trusted.pem";
type = lib.types.str;
description = lib.mdDoc ''
A path to a SSL CA certificate file in PEM format, or `all`.
If `all` is set, then client certificate checking will be
disabled.
This option can be used with `listen = "https"`. If the path
refers to an `AF_UNIX` stream socket in the file system a
connection is made to it and the certificate read from it.
'';
};
};
};
};
};
config = lib.mkIf cfg.enable {
systemd.additionalUpstreamSystemUnits = [
"systemd-journal-remote.service"
"systemd-journal-remote.socket"
];
systemd.services.systemd-journal-remote.serviceConfig.ExecStart = [
# Clear the default command line
""
"${pkgs.systemd}/lib/systemd/systemd-journal-remote ${cliArgs}"
];
systemd.sockets.systemd-journal-remote = {
wantedBy = [ "sockets.target" ];
listenStreams = [
# Clear the default port
""
(toString cfg.port)
];
};
# User and group used by systemd-journal-remote.service
users.groups.systemd-journal-remote = { };
users.users.systemd-journal-remote = {
isSystemUser = true;
group = "systemd-journal-remote";
};
environment.etc."systemd/journal-remote.conf".source =
format.generate "journal-remote.conf" cfg.settings;
};
}

111
nixos/modules/system/boot/systemd/journald-upload.nix Normal file
View File

@ -0,0 +1,111 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.journald.upload;
format = pkgs.formats.systemd;
in
{
meta.maintainers = [ lib.maintainers.raitobezarius ];
options.services.journald.upload = {
enable = lib.mkEnableOption "uploading the systemd journal to a remote server";
settings = lib.mkOption {
default = { };
description = lib.mdDoc ''
Configuration for journal-upload. See {manpage}`journal-upload.conf(5)`
for available options.
'';
type = lib.types.submodule {
freeformType = format.type;
options.Upload = {
URL = lib.mkOption {
type = lib.types.str;
example = "https://192.168.1.1";
description = ''
The URL to upload the journal entries to.
See the description of `--url=` option in
{manpage}`systemd-journal-upload(8)` for the description of
possible values.
'';
};
ServerKeyFile = lib.mkOption {
type = with lib.types; nullOr str;
example = lib.literalExpression "./server-key.pem";
# Since systemd-journal-upload uses a DynamicUser, permissions must
# be done using groups
description = ''
SSL key in PEM format.
In contrary to what the name suggests, this option configures the
client private key sent to the remote journal server.
This key should not be world-readable, and must be readably by
the `systemd-journal` group.
'';
default = null;
};
ServerCertificateFile = lib.mkOption {
type = with lib.types; nullOr str;
example = lib.literalExpression "./server-ca.pem";
description = ''
SSL CA certificate in PEM format.
In contrary to what the name suggests, this option configures the
client certificate sent to the remote journal server.
'';
default = null;
};
TrustedCertificateFile = lib.mkOption {
type = with lib.types; nullOr str;
example = lib.literalExpression "./ca";
description = ''
SSL CA certificate.
This certificate will be used to check the remote journal HTTPS
server certificate.
'';
default = null;
};
NetworkTimeoutSec = lib.mkOption {
type = with lib.types; nullOr str;
example = "1s";
description = ''
When network connectivity to the server is lost, this option
configures the time to wait for the connectivity to get restored.
If the server is not reachable over the network for the
configured time, `systemd-journal-upload` exits. Takes a value in
seconds (or in other time units if suffixed with "ms", "min",
"h", etc). For details, see {manpage}`systemd.time(5)`.
'';
default = null;
};
};
};
};
};
config = lib.mkIf cfg.enable {
systemd.additionalUpstreamSystemUnits = [ "systemd-journal-upload.service" ];
systemd.services."systemd-journal-upload" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
# To prevent flooding the server in case the server is struggling
RestartSec = "3sec";
};
};
environment.etc."systemd/journal-upload.conf".source =
format.generate "journal-upload.conf" cfg.settings;
};
}

21
nixos/modules/system/boot/systemd/journald.nix
View File

@ -5,6 +5,10 @@ with lib;
let
cfg = config.services.journald;
in {
imports = [
(mkRenamedOptionModule [ "services" "journald" "enableHttpGateway" ] [ "services" "journald" "gateway" "enable" ])
];
options = {
services.journald.console = mkOption {
default = "";
@ -71,14 +75,6 @@ in {
'';
};
services.journald.enableHttpGateway = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc ''
Whether to enable the HTTP gateway to the journal.
'';
};
services.journald.forwardToSyslog = mkOption {
default = config.services.rsyslogd.enable || config.services.syslog-ng.enable;
defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable";
@ -101,9 +97,6 @@ in {
] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [
"systemd-journald-dev-log.socket"
"syslog.socket"
] ++ optionals cfg.enableHttpGateway [
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
];
environment.etc = {
@ -124,12 +117,6 @@ in {
};
users.groups.systemd-journal.gid = config.ids.gids.systemd-journal;
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
systemd.sockets.systemd-journal-gatewayd.wantedBy =
optional cfg.enableHttpGateway "sockets.target";
systemd.services.systemd-journal-flush.restartIfChanged = false;
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];

7
nixos/modules/system/boot/timesyncd.nix
View File

@ -46,6 +46,13 @@ with lib;
wantedBy = [ "sysinit.target" ];
aliases = [ "dbus-org.freedesktop.timesync1.service" ];
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
# systemd-timesyncd disables DNSSEC validation in the nss-resolve module by setting SYSTEMD_NSS_RESOLVE_VALIDATE to 0 in the unit file.
# This is required in order to solve the chicken-and-egg problem when DNSSEC validation needs the correct time to work, but to set the
# correct time, we need to connect to an NTP server, which usually requires resolving its hostname.
# In order for nss-resolve to be able to read this environment variable we patch systemd-timesyncd to disable NSCD and use NSS modules directly.
# This means that systemd-timesyncd needs to have NSS modules path in LD_LIBRARY_PATH. When systemd-resolved is disabled we still need to set
# NSS module path so that systemd-timesyncd keeps using other NSS modules that are configured in the system.
environment.LD_LIBRARY_PATH = config.system.nssModules.path;
preStart = (
# Ensure that we have some stored time to prevent

3
nixos/tests/all-tests.nix
View File

@ -843,6 +843,8 @@ in {
systemd-initrd-networkd-openvpn = handleTestOn [ "x86_64-linux" "i686-linux" ] ./initrd-network-openvpn { systemdStage1 = true; };
systemd-initrd-vlan = handleTest ./systemd-initrd-vlan.nix {};
systemd-journal = handleTest ./systemd-journal.nix {};
systemd-journal-gateway = handleTest ./systemd-journal-gateway.nix {};
systemd-journal-upload = handleTest ./systemd-journal-upload.nix {};
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
systemd-networkd = handleTest ./systemd-networkd.nix {};
systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {};
@ -858,6 +860,7 @@ in {
systemd-shutdown = handleTest ./systemd-shutdown.nix {};
systemd-sysupdate = runTest ./systemd-sysupdate.nix;
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-timesyncd-nscd-dnssec = handleTest ./systemd-timesyncd-nscd-dnssec.nix {};
systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {};
systemd-misc = handleTest ./systemd-misc.nix {};
systemd-userdbd = handleTest ./systemd-userdbd.nix {};

8
nixos/tests/installer.nix
View File

@ -510,14 +510,8 @@ let
ntp
perlPackages.ListCompare
perlPackages.XMLLibXML
python3Minimal
# make-options-doc/default.nix
(let
self = (pkgs.python3Minimal.override {
inherit self;
includeSiteCustomize = true;
});
in self.withPackages (p: [ p.mistune ]))
python3.withPackages (p: [ p.mistune ])
shared-mime-info
sudo
texinfo

2
nixos/tests/os-prober.nix
View File

@ -95,7 +95,7 @@ in {
ntp
perlPackages.ListCompare
perlPackages.XMLLibXML
python3Minimal
python3
shared-mime-info
stdenv
sudo

90
nixos/tests/systemd-journal-gateway.nix Normal file
View File

@ -0,0 +1,90 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "systemd-journal-gateway";
meta = with pkgs.lib.maintainers; {
maintainers = [ minijackson raitobezarius ];
};
# Named client for coherence with the systemd-journal-upload test, and for
# certificate validation
nodes.client = {
services.journald.gateway = {
enable = true;
cert = "/run/secrets/client/cert.pem";
key = "/run/secrets/client/key.pem";
trust = "/run/secrets/ca.cert.pem";
};
};
testScript = ''
import json
import subprocess
import tempfile
tmpdir_o = tempfile.TemporaryDirectory()
tmpdir = tmpdir_o.name
def generate_pems(domain: str):
subprocess.run(
[
"${pkgs.minica}/bin/minica",
"--ca-key=ca.key.pem",
"--ca-cert=ca.cert.pem",
f"--domains={domain}",
],
cwd=str(tmpdir),
)
with subtest("Creating keys and certificates"):
generate_pems("server")
generate_pems("client")
client.wait_for_unit("multi-user.target")
def copy_pem(file: str):
machine.copy_from_host(source=f"{tmpdir}/{file}", target=f"/run/secrets/{file}")
machine.succeed(f"chmod 644 /run/secrets/{file}")
with subtest("Copying keys and certificates"):
machine.succeed("mkdir -p /run/secrets/{client,server}")
copy_pem("server/cert.pem")
copy_pem("server/key.pem")
copy_pem("client/cert.pem")
copy_pem("client/key.pem")
copy_pem("ca.cert.pem")
client.wait_for_unit("multi-user.target")
curl = '${pkgs.curl}/bin/curl'
accept_json = '--header "Accept: application/json"'
cacert = '--cacert /run/secrets/ca.cert.pem'
cert = '--cert /run/secrets/server/cert.pem'
key = '--key /run/secrets/server/key.pem'
base_url = 'https://client:19531'
curl_cli = f"{curl} {accept_json} {cacert} {cert} {key} --fail"
machine_info = client.succeed(f"{curl_cli} {base_url}/machine")
assert json.loads(machine_info)["hostname"] == "client", "wrong machine name"
# The HTTP request should have started the gateway service, triggered by
# the .socket unit
client.wait_for_unit("systemd-journal-gatewayd.service")
identifier = "nixos-test"
message = "Hello from NixOS test infrastructure"
client.succeed(f"systemd-cat --identifier={identifier} <<< '{message}'")
# max-time is a workaround against a bug in systemd-journal-gatewayd where
# if TLS is enabled, the connection is never closed. Since it will timeout,
# we ignore the return code.
entries = client.succeed(
f"{curl_cli} --max-time 5 {base_url}/entries?SYSLOG_IDENTIFIER={identifier} || true"
)
# Number of entries should be only 1
added_entry = json.loads(entries)
assert added_entry["SYSLOG_IDENTIFIER"] == identifier and added_entry["MESSAGE"] == message, "journal entry does not correspond"
'';
})

101
nixos/tests/systemd-journal-upload.nix Normal file
View File

@ -0,0 +1,101 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "systemd-journal-upload";
meta = with pkgs.lib.maintainers; {
maintainers = [ minijackson raitobezarius ];
};
nodes.server = { nodes, ... }: {
services.journald.remote = {
enable = true;
listen = "http";
settings.Remote = {
ServerCertificateFile = "/run/secrets/sever.cert.pem";
ServerKeyFile = "/run/secrets/sever.key.pem";
TrustedCertificateFile = "/run/secrets/ca.cert.pem";
Seal = true;
};
};
networking.firewall.allowedTCPPorts = [ nodes.server.services.journald.remote.port ];
};
nodes.client = { lib, nodes, ... }: {
services.journald.upload = {
enable = true;
settings.Upload = {
URL = "http://server:${toString nodes.server.services.journald.remote.port}";
ServerCertificateFile = "/run/secrets/client.cert.pem";
ServerKeyFile = "/run/secrets/client.key.pem";
TrustedCertificateFile = "/run/secrets/ca.cert.pem";
};
};
# Wait for the PEMs to arrive
systemd.services.systemd-journal-upload.wantedBy = lib.mkForce [];
systemd.paths.systemd-journal-upload = {
wantedBy = [ "default.target" ];
# This file must be copied last
pathConfig.PathExists = [ "/run/secrets/ca.cert.pem" ];
};
};
testScript = ''
import subprocess
import tempfile
tmpdir_o = tempfile.TemporaryDirectory()
tmpdir = tmpdir_o.name
def generate_pems(domain: str):
subprocess.run(
[
"${pkgs.minica}/bin/minica",
"--ca-key=ca.key.pem",
"--ca-cert=ca.cert.pem",
f"--domains={domain}",
],
cwd=str(tmpdir),
)
with subtest("Creating keys and certificates"):
generate_pems("server")
generate_pems("client")
server.wait_for_unit("multi-user.target")
client.wait_for_unit("multi-user.target")
def copy_pems(machine: Machine, domain: str):
machine.succeed("mkdir /run/secrets")
machine.copy_from_host(
source=f"{tmpdir}/{domain}/cert.pem",
target=f"/run/secrets/{domain}.cert.pem",
)
machine.copy_from_host(
source=f"{tmpdir}/{domain}/key.pem",
target=f"/run/secrets/{domain}.key.pem",
)
# Should be last
machine.copy_from_host(
source=f"{tmpdir}/ca.cert.pem",
target="/run/secrets/ca.cert.pem",
)
with subtest("Copying keys and certificates"):
copy_pems(server, "server")
copy_pems(client, "client")
client.wait_for_unit("systemd-journal-upload.service")
# The journal upload should have started the remote service, triggered by
# the .socket unit
server.wait_for_unit("systemd-journal-remote.service")
identifier = "nixos-test"
message = "Hello from NixOS test infrastructure"
client.succeed(f"systemd-cat --identifier={identifier} <<< '{message}'")
server.wait_until_succeeds(
f"journalctl --file /var/log/journal/remote/remote-*.journal --identifier={identifier} | grep -F '{message}'"
)
'';
})

8
nixos/tests/systemd-journal.nix
View File

@ -6,17 +6,11 @@ import ./make-test-python.nix ({ pkgs, ... }:
maintainers = [ lewo ];
};
nodes.machine = { pkgs, lib, ... }: {
services.journald.enableHttpGateway = true;
};
nodes.machine = { };
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.succeed("journalctl --grep=systemd")
machine.succeed(
"${pkgs.curl}/bin/curl -s localhost:19531/machine | ${pkgs.jq}/bin/jq -e '.hostname == \"machine\"'"
)
'';
})

61
nixos/tests/systemd-timesyncd-nscd-dnssec.nix Normal file
View File

@ -0,0 +1,61 @@
# This test verifies that systemd-timesyncd can resolve the NTP server hostname when DNSSEC validation
# fails even though it is enforced in the systemd-resolved settings. It is required in order to solve
# the chicken-and-egg problem when DNSSEC validation needs the correct time to work, but to set the
# correct time, we need to connect to an NTP server, which usually requires resolving its hostname.
#
# This test does the following:
# - Sets up a DNS server (tinydns) listening on the eth1 ip addess, serving .ntp and fake.ntp records.
# - Configures that DNS server as a resolver and enables DNSSEC in systemd-resolved settings.
# - Configures systemd-timesyncd to use fake.ntp hostname as an NTP server.
# - Performs a regular DNS lookup, to ensure it fails due to broken DNSSEC.
# - Waits until systemd-timesyncd resolves fake.ntp by checking its debug output.
# Here, we don't expect systemd-timesyncd to connect and synchronize time because there is no NTP
# server running. For this test to succeed, we only need to ensure that systemd-timesyncd
# resolves the IP address of the fake.ntp host.
import ./make-test-python.nix ({ pkgs, ... }:
let
ntpHostname = "fake.ntp";
ntpIP = "192.0.2.1";
in
{
name = "systemd-timesyncd";
nodes.machine = { pkgs, lib, config, ... }:
let
eth1IP = (lib.head config.networking.interfaces.eth1.ipv4.addresses).address;
in
{
# Setup a local DNS server for the NTP domain on the eth1 IP address
services.tinydns = {
enable = true;
ip = eth1IP;
data = ''
.ntp:${eth1IP}
+.${ntpHostname}:${ntpIP}
'';
};
# Enable systemd-resolved with DNSSEC and use the local DNS as a name server
services.resolved.enable = true;
services.resolved.dnssec = "true";
networking.nameservers = [ eth1IP ];
# Configure systemd-timesyncd to use our NTP hostname
services.timesyncd.enable = lib.mkForce true;
services.timesyncd.servers = [ ntpHostname ];
services.timesyncd.extraConfig = ''
FallbackNTP=${ntpHostname}
'';
# The debug output is necessary to determine whether systemd-timesyncd successfully resolves our NTP hostname or not
systemd.services.systemd-timesyncd.environment.SYSTEMD_LOG_LEVEL = "debug";
};
testScript = ''
machine.wait_for_unit("tinydns.service")
machine.wait_for_unit("systemd-timesyncd.service")
machine.fail("resolvectl query ${ntpHostname}")
machine.wait_until_succeeds("journalctl -u systemd-timesyncd.service --grep='Resolved address ${ntpIP}:123 for ${ntpHostname}'")
'';
})

7
pkgs/applications/audio/ardour/7.nix
View File

@ -2,6 +2,7 @@
, stdenv
, fetchgit
, fetchzip
, fetchpatch
, alsa-lib
, aubio
, boost
@ -79,6 +80,12 @@ stdenv.mkDerivation rec {
# AS=as in the environment causes build failure https://tracker.ardour.org/view.php?id=8096
./as-flags.patch
./default-plugin-search-paths.patch
# Fix build with libxml2 2.12.
(fetchpatch {
url = "https://github.com/Ardour/ardour/commit/e995daa37529715214c6c4a2587e4134aaaba02f.patch";
hash = "sha256-EpXOIIObOwwcNgNma0E3nvaBad3930sagDjBpa+78WI=";
})
];
# Ardour's wscript requires git revision and date to be available.

1
pkgs/applications/audio/quodlibet/default.nix
View File

@ -66,6 +66,7 @@ python3.pkgs.buildPythonApplication rec {
] ++ (with python3.pkgs; [
sphinx-rtd-theme
sphinxHook
setuptools
]);
buildInputs = [

4
pkgs/applications/audio/whipper/default.nix
View File

@ -64,10 +64,6 @@ in python3.pkgs.buildPythonApplication rec {
"--prefix" "PATH" ":" (lib.makeBinPath bins)
];
preBuild = ''
export SETUPTOOLS_SCM_PRETEND_VERSION="${version}"
'';
outputs = [ "out" "man" ];
postBuild = ''
make -C man

6
pkgs/applications/blockchains/polkadot/default.nix
View File

@ -4,7 +4,7 @@
, rocksdb
, rust-jemalloc-sys-unprefixed
, rustPlatform
, rustc-wasm32
, rustc
, stdenv
, Security
, SystemConfiguration
@ -63,8 +63,8 @@ rustPlatform.buildRustPackage rec {
nativeBuildInputs = [
rustPlatform.bindgenHook
rustc-wasm32
rustc-wasm32.llvmPackages.lld
rustc
rustc.llvmPackages.lld
];
# NOTE: jemalloc is used by default on Linux with unprefixed enabled

6
pkgs/applications/editors/scite/default.nix
View File

@ -13,6 +13,12 @@ stdenv.mkDerivation {
buildInputs = [ gtk2 ];
sourceRoot = "scintilla/gtk";
CXXFLAGS = [
# GCC 13: error: 'intptr_t' does not name a type
"-include cstdint"
"-include system_error"
];
buildPhase = ''
make
cd ../../lexilla/src

5
pkgs/applications/graphics/hdrmerge/default.nix
View File

@ -37,6 +37,11 @@ mkDerivation rec {
"-DALGLIB_DIR:PATH=${alglib}"
];
CXXFLAGS = [
# GCC 13: error: 'uint32_t' does not name a type
"-include cstdint"
];
patches = [
# https://github.com/jcelaya/hdrmerge/pull/222
(fetchpatch {

8
pkgs/applications/graphics/inkscape/default.nix
View File

@ -6,6 +6,7 @@
, cmake
, desktopToDarwinBundle
, fetchurl
, fetchpatch
, gettext
, ghostscript
, glib
@ -92,6 +93,13 @@ stdenv.mkDerivation rec {
src = ./fix-ps2pdf-path.patch;
inherit ghostscript;
})
# Fix build with libxml2 2.12
# https://gitlab.com/inkscape/inkscape/-/merge_requests/6089
(fetchpatch {
url = "https://gitlab.com/inkscape/inkscape/-/commit/694d8ae43d06efff21adebf377ce614d660b24cd.patch";
hash = "sha256-9IXJzpZbNU5fnt7XKgqCzUDrwr08qxGwo8TqnL+xc6E=";
})
];
postPatch = ''

9
pkgs/applications/graphics/krita/generic.nix
View File

@ -21,6 +21,15 @@ mkDerivation rec {
inherit hash;
};
patches = [
# Fixes build with SIP 6.8
(fetchpatch {
name = "bump-SIP-ABI-version-to-12.8.patch";
url = "https://invent.kde.org/graphics/krita/-/commit/2d71c47661d43a4e3c1ab0c27803de980bdf2bb2.diff";
hash = "sha256-U3E44nj4vra++PJV20h4YHjES78kgrJtr4ktNeQfOdA=";
})
];
nativeBuildInputs = [ cmake extra-cmake-modules pkg-config python3Packages.sip makeWrapper ];
buildInputs = [

5
pkgs/applications/graphics/meshlab/default.nix
View File

@ -75,6 +75,11 @@ mkDerivation rec {
"-DALLOW_BUNDLED_LEVMAR=ON"
];
CXXFLAGS = [
# GCC 13: error: 'int16_t' has not been declared in 'std'
"-include cstdint"
];
postFixup = ''
patchelf --add-needed $out/lib/meshlab/libmeshlab-common.so $out/bin/.meshlab-wrapped
'';

8
pkgs/applications/graphics/tesseract/tesseract4.nix
View File

@ -16,6 +16,14 @@ stdenv.mkDerivation rec {
# great, but tesseract4's days are numbered anyway
postPatch = ''
sed -i '/allheaders.h/a#include "pix_internal.h"' src/textord/devanagari_processing.cpp
# gcc-13 compat fix, simulate this upstream patch:
# https://github.com/tesseract-ocr/tesseract/commit/17e795aaae7d40dbcb7d3365835c2f55ecc6355d.patch
# https://github.com/tesseract-ocr/tesseract/commit/c0db7b7e930322826e09981360e39fdbd16cc9b0.patch
sed -i src/ccutil/helpers.h -e '1i #include <climits>'
sed -i src/ccutil/helpers.h -e '1i #include <cstdint>'
sed -i src/dict/matchdefs.h -e '1i #include <cstdint>'
'';
enableParallelBuilding = true;

1
pkgs/applications/misc/ablog/default.nix
View File

@ -34,6 +34,7 @@ python3.pkgs.buildPythonApplication rec {
];
pytestFlagsArray = [
"-W" "ignore::sphinx.deprecation.RemovedInSphinx90Warning"
"--rootdir" "src/ablog"
];

12
pkgs/applications/misc/acpic/default.nix
View File

@ -6,15 +6,21 @@
python3Packages.buildPythonApplication rec {
pname = "acpic";
version = "1.0.0";
format = "setuptools";
pyproject = true;
src = fetchPypi {
inherit version pname;
hash = "sha256-vQ9VxCNbOmqHIY3e1wq1wNJl5ywfU2tm62gDg3vKvcg=";
};
nativeBuildInputs = [
python3Packages.pbr
postPatch = ''
substituteInPlace setup.py \
--replace "pbr>=5.8.1,<6" "pbr"
'';
nativeBuildInputs = with python3Packages; [
pbr
setuptools
];
# no tests

2
pkgs/applications/misc/audio/sox/default.nix
View File

@ -79,6 +79,8 @@ stdenv.mkDerivation rec {
++ lib.optional enableLibpulseaudio libpulseaudio
++ lib.optional stdenv.isDarwin CoreAudio;
enableParallelBuilding = true;
meta = with lib; {
description = "Sample Rate Converter for audio";
homepage = "https://sox.sourceforge.net/";

5
pkgs/applications/misc/barrier/default.nix
View File

@ -26,6 +26,11 @@ mkDerivation rec {
})
];
CXXFLAGS = [
# error: 'uint8_t' is not a member of 'std'; did you mean 'wint_t'?
"-include cstdint"
];
buildInputs = [ curl xorg.libX11 xorg.libXext xorg.libXtst avahiWithLibdnssdCompat qtbase ];
nativeBuildInputs = [ cmake wrapGAppsHook ];

5
pkgs/applications/misc/buku/default.nix
View File

@ -19,6 +19,7 @@ in
with python3.pkgs; buildPythonApplication rec {
version = "4.8";
pname = "buku";
pyproject = true;
src = fetchFromGitHub {
owner = "jarun";
@ -27,6 +28,10 @@ with python3.pkgs; buildPythonApplication rec {
sha256 = "sha256-kPVlfTYUusf5CZnKB53WZcCHo3MEnA2bLUHTRPGPn+8=";
};
nativeBuildInputs = [
setuptools
];
nativeCheckInputs = [
hypothesis
pytest

2
pkgs/applications/misc/keepmenu/default.nix
View File

@ -17,8 +17,6 @@ python3Packages.buildPythonApplication rec {
hatch-vcs
];
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
propagatedBuildInputs = with python3Packages; [
pykeepass
pynput

2
pkgs/applications/misc/khal/default.nix
View File

@ -17,8 +17,6 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-yI33pB/t+UISvSbLUzmsZqBxLF6r8R3j9iPNeosKcYw=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = [
glibcLocales
installShellFiles

1
pkgs/applications/misc/khard/default.nix
View File

@ -9,7 +9,6 @@ python3.pkgs.buildPythonApplication rec {
sha256 = "sha256-WfMKDaPD2j6wT02+GO5HY5E7aF2Z7IQY/VdKiMSRxJA=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = with python3.pkgs; [
setuptools-scm
sphinxHook

2
pkgs/applications/misc/mozphab/default.nix
View File

@ -30,8 +30,6 @@ python3.pkgs.buildPythonApplication rec {
setuptools-scm
];
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
propagatedBuildInputs = with python3.pkgs; [
colorama
distro

8
pkgs/applications/misc/mupdf/default.nix
View File

@ -165,10 +165,14 @@ stdenv.mkDerivation rec {
EOF
moveToOutput "bin" "$bin"
'' + lib.optionalString (enableX11 || enableGL) ''
'' + (lib.optionalString (stdenv.isDarwin) ''
for exe in $bin/bin/*; do
install_name_tool -change build/shared-release/libmupdf.dylib $out/lib/libmupdf.dylib "$exe"
done
'') + (lib.optionalString (enableX11 || enableGL) ''
mkdir -p $bin/share/icons/hicolor/48x48/apps
cp docs/logo/mupdf.png $bin/share/icons/hicolor/48x48/apps
'' + (if enableGL then ''
'') + (if enableGL then ''
ln -s "$bin/bin/mupdf-gl" "$bin/bin/mupdf"
'' else lib.optionalString (enableX11) ''
ln -s "$bin/bin/mupdf-x11" "$bin/bin/mupdf"

2
pkgs/applications/misc/octoprint/default.nix
View File

@ -163,7 +163,7 @@ let
zeroconf
zipstream-ng
class-doc
pydantic
pydantic_1
] ++ lib.optionals stdenv.isDarwin [
py.pkgs.appdirs
] ++ lib.optionals (!stdenv.isDarwin) [

6
pkgs/applications/misc/pagefind/default.nix
View File

@ -7,7 +7,7 @@
, binaryen
, gzip
, nodejs
, rustc-wasm32
, rustc
, wasm-bindgen-cli
, wasm-pack
}:
@ -66,8 +66,8 @@ rustPlatform.buildRustPackage rec {
binaryen
gzip
nodejs
rustc-wasm32
rustc-wasm32.llvmPackages.lld
rustc
rustc.llvmPackages.lld
wasm-bindgen-84
wasm-pack
];

11
pkgs/applications/misc/pysentation/default.nix
View File

@ -15,9 +15,14 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-TwHDXWgGWuQVgatBDc1iympnb6dy4xYThLR5MouEZHA=";
};
nativeBuildInputs = [
python3.pkgs.setuptools
python3.pkgs.wheel
nativeBuildInputs = with python3.pkgs; [
setuptools
pythonRelaxDepsHook
];
pythonRelaxDeps = [
"click"
"rich"
];
propagatedBuildInputs = with python3.pkgs; [

2
pkgs/applications/misc/urlscan/default.nix
View File

@ -15,8 +15,6 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-OzcoOIgEiadWrsUPIxBJTuZQYjScJBYKyqCu1or6fz8=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = with python3.pkgs; [
hatchling
hatch-vcs

1
pkgs/applications/misc/yambar/default.nix
View File

@ -82,6 +82,7 @@ stdenv.mkDerivation (finalAttrs: {
mesonBuildType = "release";
mesonFlags = [
(lib.mesonBool "werror" false)
(lib.mesonEnable "backend-x11" x11Support)
(lib.mesonEnable "backend-wayland" waylandSupport)
];

2
pkgs/applications/networking/cloudflare-dyndns/default.nix
View File

@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec {
attrs
click
cloudflare
pydantic
pydantic_1
requests
];

2
pkgs/applications/networking/instant-messengers/deltachat-cursed/default.nix
View File

@ -23,8 +23,6 @@ python3.pkgs.buildPythonApplication rec {
setuptools-scm
];
SETUPTOOLS_SCM_PRETEND_VERSION = version;
propagatedBuildInputs = with python3.pkgs; [
appdirs
deltachat

33
pkgs/applications/networking/mailreaders/notmuch/default.nix
View File

@ -85,19 +85,26 @@ stdenv.mkDerivation rec {
patchShebangs notmuch-git
'';
preCheck = let
test-database = fetchurl {
url = "https://notmuchmail.org/releases/test-databases/database-v1.tar.xz";
sha256 = "1lk91s00y4qy4pjh8638b5lfkgwyl282g1m27srsf7qfn58y16a2";
};
in ''
mkdir -p test/test-databases
ln -s ${test-database} test/test-databases/database-v1.tar.xz
''
# Issues since gnupg: 2.4.0 -> 2.4.1
+ ''
rm test/{T350-crypto,T357-index-decryption}.sh
'';
preCheck =
let
test-database = fetchurl {
url = "https://notmuchmail.org/releases/test-databases/database-v1.tar.xz";
sha256 = "1lk91s00y4qy4pjh8638b5lfkgwyl282g1m27srsf7qfn58y16a2";
};
in
''
mkdir -p test/test-databases
ln -s ${test-database} test/test-databases/database-v1.tar.xz
''
+ ''
# Issues since gnupg: 2.4.0 -> 2.4.1
rm test/{T350-crypto,T357-index-decryption}.sh
# Issues since pbr 6.0.0 bump (ModuleNotFoundError: No module named 'notmuch2')
rm test/T055-path-config.sh
# Flaky, seems to get its paths wrong sometimes (?)
# *ERROR*: Opening output file: Permission denied, /nix/store/bzy21v2cd5sq1djzwa9b19q08wpp9mm0-emacs-29.1/bin/OUTPUT
rm test/T460-emacs-tree.sh
'';
doCheck = !stdenv.hostPlatform.isDarwin && (lib.versionAtLeast gmime3.version "3.0.3");
checkTarget = "test";

11
pkgs/applications/networking/newsreaders/liferea/default.nix
View File

@ -1,5 +1,6 @@
{ lib, stdenv
, fetchurl
, fetchpatch
, pkg-config
, intltool
, python3Packages
@ -31,6 +32,16 @@ stdenv.mkDerivation rec {
hash = "sha256-7lanrs63N6ZnqxvjcW/+cUZVDqUbML2gftQUc/sLr3Q=";
};
patches = [
# Pull upstream fix for libxml2-2.12 compatibility:
# https://github.com/lwindolf/liferea/pull/1329
(fetchpatch {
name = "libxml2-2.12.patch";
url = "https://github.com/lwindolf/liferea/commit/be8ef494586d9ef73c04ec4ca058a9a158ae3562.patch";
hash = "sha256-K1R7dJMm7ui6QKQqAHCo/ZrLCW3PhPU1EKRPEICtCsQ=";
})
];
nativeBuildInputs = [
wrapGAppsHook
python3Packages.wrapPython

9
pkgs/applications/office/abiword/default.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, fetchpatch
, pkg-config
, gtk3
, fribidi
@ -28,6 +29,14 @@ stdenv.mkDerivation rec {
hash = "sha256-ElckfplwUI1tFFbT4zDNGQnEtCsl4PChvDJSbW86IbQ=";
};
patches = [
# Fix build with libxml2 2.12
(fetchpatch {
url = "https://gitlab.gnome.org/World/AbiWord/-/commit/2a06be6a10a0718f8a3d8e00c317f5042c99a467.patch";
hash = "sha256-vfh81tGXe9dgnjcAtoWHOK8CtW7MZ75FFjnfKTkiKkk=";
})
];
nativeBuildInputs = [
pkg-config
wrapGAppsHook

15
pkgs/applications/office/libreoffice/default.nix
View File

@ -13,6 +13,7 @@
, IOCompress
, zlib
, libjpeg
, liblangtag
, expat
, freetype
, libwpd
@ -225,6 +226,17 @@ in stdenv.mkDerivation (finalAttrs: {
url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=ececb678b8362e3be8e02768ddd5e4197d87dc2a";
hash = "sha256-TUfKlwNxUTOJ95VLqwVD+ez1xhu7bW6xZlgIaCyIiNg=";
})
# Backport libxml 2.12 build fixes
# FIXME: remove in next release
(fetchpatch {
url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=c8f7408db73d2f2ccacb25a2b4fef8dfebdfc6cb";
hash = "sha256-uEgRx1eyS3Wx2ZDWEsUmpIbuKezVrIbO++qSL2QI8Lk=";
})
(fetchpatch {
url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=cbb17a548b5cc6a99b6ed7735479bb4f2bc40f26";
hash = "sha256-ofhif37uvQI+gidaUpyr6XlyBc3gTJUDBRb3ootrzz0=";
})
];
# libreoffice tries to reference the BUILDCONFIG (e.g. PKG_CONFIG_PATH)
@ -436,6 +448,7 @@ in stdenv.mkDerivation (finalAttrs: {
"--with-system-headers"
"--with-system-openssl"
"--with-system-libabw"
"--with-system-liblangtag"
"--without-system-libcmis"
"--with-system-libwps"
"--with-system-openldap"
@ -466,7 +479,6 @@ in stdenv.mkDerivation (finalAttrs: {
"--without-system-lpsolve"
"--without-system-libetonyek"
"--without-system-libfreehand"
"--without-system-liblangtag"
"--without-system-libmspub"
"--without-system-libnumbertext"
"--without-system-libpagemaker"
@ -566,6 +578,7 @@ in stdenv.mkDerivation (finalAttrs: {
libepoxy
libexttextcat
libjpeg
liblangtag
libmspack
libmwaw
libmysqlclient

2
pkgs/applications/office/paperwork/openpaperwork-core.nix
View File

@ -29,8 +29,6 @@ buildPythonPackage rec {
patchShebangs ../tools
'';
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
propagatedBuildInputs = [
distro
setuptools

2
pkgs/applications/office/paperwork/openpaperwork-gtk.nix
View File

@ -29,8 +29,6 @@ buildPythonPackage rec {
patchShebangs ../tools
'';
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = [
pkgs.gettext
pkgs.which

2
pkgs/applications/office/paperwork/paperwork-backend.nix
View File

@ -44,8 +44,6 @@ buildPythonPackage rec {
patchShebangs ../tools
'';
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
propagatedBuildInputs = [
distro
gtk3

2
pkgs/applications/office/paperwork/paperwork-gtk.nix
View File

@ -42,8 +42,6 @@ python3Packages.buildPythonApplication rec {
sourceRoot = "${src.name}/paperwork-gtk";
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
postPatch = ''
chmod a+w -R ..
patchShebangs ../tools

2
pkgs/applications/office/paperwork/paperwork-shell.nix
View File

@ -32,8 +32,6 @@ buildPythonPackage rec {
chmod a+w -R ..
patchShebangs ../tools
'';
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
propagatedBuildInputs = [
openpaperwork-core
paperwork-backend

2
pkgs/applications/office/todoman/default.nix
View File

@ -19,8 +19,6 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-5tQaNT6QVN9mxa9t6OvMux4ZGy4flUqszTAwet2QL0w=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = [
installShellFiles
] ++ (with python3.pkgs; [

2
pkgs/applications/science/electronics/nanovna-saver/default.nix
View File

@ -31,8 +31,6 @@ python3.pkgs.buildPythonApplication rec {
setuptools-scm
];
SETUPTOOLS_SCM_PRETEND_VERSION = version;
doCheck = false;
dontWrapGApps = true;

6
pkgs/applications/science/machine-learning/fasttext/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "fasttext";
version = "0.9.2";
version = "0.9.2-unstable-2023-11-28";
src = fetchFromGitHub {
owner = "facebookresearch";
repo = "fastText";
rev = "v${version}";
sha256 = "07cz2ghfq6amcljaxpdr5chbd64ph513y8zqmibfx2xwfp74xkhn";
rev = "6c2204ba66776b700095ff73e3e599a908ffd9c3";
hash = "sha256-lSIah4T+QqZwCRpeI3mxJ7PZT6pSHBO26rcEFfK8DSk=";
};
nativeBuildInputs = [ cmake ];

19
pkgs/applications/science/math/gmsh/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, cmake, blas, lapack, gfortran, gmm, fltk, libjpeg
{ lib, stdenv, fetchurl, fetchpatch, cmake, blas, lapack, gfortran, gmm, fltk, libjpeg
, zlib, libGL, libGLU, xorg, opencascade-occt
, python ? null, enablePython ? false }:
@ -24,7 +24,22 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
patches = [ ./fix-python.patch ];
patches = [
./fix-python.patch
# Pull upstream fix git gcc-13:
# https://gitlab.onelab.info/gmsh/gmsh/-/issues/2416
(fetchpatch {
name = "gcc-13-p1.patch";
url = "https://gitlab.onelab.info/gmsh/gmsh/-/commit/fb81a9c9026700e078de947b4522cb39e543a86b.patch";
hash = "sha256-1GInFqQZvOgflC3eQTjmZ9uBGFASRNCpCwDACN3yTQ4=";
})
(fetchpatch {
name = "gcc-13-p2.patch";
url = "https://gitlab.onelab.info/gmsh/gmsh/-/commit/aceb09c807b78ea26555f99fcb16c4f87c31fb5a.patch";
hash = "sha256-6FI0hIvj8hglCvxoKV0GzT2/F/Wz+ddkxV/TLzzJBLU=";
})
];
postPatch = ''
substituteInPlace api/gmsh.py --subst-var-by LIBPATH ${placeholder "out"}/lib/libgmsh.so

5
pkgs/applications/search/recoll/default.nix
View File

@ -97,7 +97,10 @@ mkDerivation rec {
(lib.withFeature stdenv.isLinux "inotify")
];
env.NIX_CFLAGS_COMPILE = toString [ "-DNIXPKGS" ];
env.NIX_CFLAGS_COMPILE = toString [
"-DNIXPKGS"
"-fpermissive" # libxml2-2.12 changed const qualifiers
];
patches = [
# fix "No/bad main configuration file" error

2
pkgs/applications/terminal-emulators/guake/default.nix
View File

@ -52,8 +52,6 @@ python3.pkgs.buildPythonApplication rec {
pyyaml
];
SETUPTOOLS_SCM_PRETEND_VERSION = version;
makeFlags = [
"PREFIX=${placeholder "out"}"
];

2
pkgs/applications/version-management/git-cola/default.nix
View File

@ -11,8 +11,6 @@ python3Packages.buildPythonApplication rec {
hash = "sha256-PtV2mzxOfZ88THiFD4K+qtOi41GeLF1GcdiFFhUR8Ak=";
};
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
buildInputs = lib.optionals stdenv.isLinux [ qt5.qtwayland ];
propagatedBuildInputs = with python3Packages; [ git pyqt5 qtpy send2trash ];
nativeBuildInputs = with python3Packages; [ setuptools-scm gettext qt5.wrapQtAppsHook ];

4
pkgs/applications/version-management/git/default.nix
View File

@ -29,7 +29,7 @@ assert sendEmailSupport -> perlSupport;
assert svnSupport -> perlSupport;
let
version = "2.42.0";
version = "2.43.0";
svn = subversionClient.override { perlBindings = perlSupport; };
gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
in
@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
hash = "sha256-MnghDp/SmUuEhN1+Pd2eqLlA71IXDNtgbaqU2IfJOw0=";
hash = "sha256-VEZgPnPZEXgdJZ5WV1Dc0nekKDbI45LKyRzxN6qbduw=";
};
outputs = [ "out" ] ++ lib.optional withManual "doc";

2
pkgs/applications/version-management/gitlint/default.nix
View File

@ -17,8 +17,6 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-4SGkkC4LjZXTDXwK6jMOIKXR1qX76CasOwSqv8XUrjs=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
# Upstream splitted the project into gitlint and gitlint-core to
# simplify the dependency handling
sourceRoot = "${src.name}/gitlint-core";

12
pkgs/applications/version-management/mercurial/default.nix
View File

@ -1,6 +1,8 @@
{ lib, stdenv, fetchurl, fetchpatch, python3Packages, makeWrapper, gettext, installShellFiles
, re2Support ? true
, rustSupport ? stdenv.hostPlatform.isLinux, cargo, rustPlatform, rustc
# depends on rust-cpython which won't support python312
# https://github.com/dgrunwald/rust-cpython/commit/e815555629e557be084813045ca1ddebc2f76ef9
, rustSupport ? (stdenv.hostPlatform.isLinux && python3Packages.pythonOlder "3.12"), cargo, rustPlatform, rustc
, fullBuild ? false
, gitSupport ? fullBuild
, guiSupport ? fullBuild, tk
@ -21,11 +23,11 @@ let
self = python3Packages.buildPythonApplication rec {
pname = "mercurial${lib.optionalString fullBuild "-full"}";
version = "6.5.3";
version = "6.6.1";
src = fetchurl {
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
sha256 = "sha256-LNyB+t4SnPVrEoQXUn8ZC6cv13ZWc5TOVO7XZOZn59U=";
sha256 = "sha256-opRlo/5Ao+jUm6g0MTSsKrooa2g//rg42gz25FIflpU=";
};
format = "other";
@ -35,7 +37,7 @@ let
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
inherit src;
name = "mercurial-${version}";
sha256 = "sha256-ob81zMUY4AVNIbkFKyImnj7QhHTh7LVOCcGeZDtTAXc=";
sha256 = "sha256-wLV0qdCfMgGpZRxnZik/lRwZHm/66p0sJn/mYVRvRkQ=";
sourceRoot = "mercurial-${version}/rust";
} else null;
cargoRoot = if rustSupport then "rust" else null;
@ -43,7 +45,7 @@ let
propagatedBuildInputs = lib.optional re2Support fb-re2
++ lib.optional gitSupport pygit2
++ lib.optional highlightSupport pygments;
nativeBuildInputs = [ makeWrapper gettext installShellFiles ]
nativeBuildInputs = [ makeWrapper gettext installShellFiles python3Packages.setuptools ]
++ lib.optionals rustSupport [
rustPlatform.cargoSetupHook
cargo

3
pkgs/applications/video/deface/default.nix
View File

@ -42,9 +42,6 @@ python3.pkgs.buildPythonApplication rec {
substituteInPlace pyproject.toml requirements.txt --replace "opencv-python" "opencv"
'';
# Let setuptools know deface version
SETUPTOOLS_SCM_PRETEND_VERSION = "v${version}";
pythonImportsCheck = [ "deface" "onnx" "onnxruntime" ];
meta = with lib; {

6
pkgs/applications/video/frigate/default.nix
View File

@ -25,6 +25,12 @@ let
python = python3.override {
packageOverrides = self: super: {
pydantic = super.pydantic_1;
versioningit = super.versioningit.overridePythonAttrs {
# checkPhase requires pydantic>=2
doCheck = false;
};
};
};

6
pkgs/applications/video/handbrake/default.nix
View File

@ -10,6 +10,7 @@
{ stdenv
, lib
, fetchFromGitHub
, fetchpatch
# For tests
, testers
, runCommand
@ -135,6 +136,11 @@ let
"${src}/contrib/ffmpeg/A28-avcodec-amfenc-HDR-metadata.patch"
# This patch is not applying since ffmpeg 5.1.1, probably it was backported by upstream
# "${src}/contrib/ffmpeg/A30-svt-av1-backports.patch"
(fetchpatch {
name = "vulkan-remove-extensions.patch";
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690";
hash = "sha256-qvLrb7b+9/bel8A2lZuSmBiJtHXsABw0Lvgn1ggnmCU=";
})
];
});

24
pkgs/applications/video/obs-studio/default.nix
View File

@ -2,10 +2,11 @@
, lib
, stdenv
, fetchFromGitHub
, fetchpatch
, addOpenGLRunpath
, cmake
, fdk_aac
, ffmpeg_4
, ffmpeg
, jansson
, libjack2
, libxkbcommon
@ -74,6 +75,25 @@ stdenv.mkDerivation (finalAttrs: {
# Lets obs-browser build against CEF 90.1.0+
./Enable-file-access-and-universal-access-for-file-URL.patch
./fix-nix-plugin-path.patch
# Backport ffmpeg 6.1 / GCC 13 build fixes
# FIXME: remove in next release
(fetchpatch {
url = "https://github.com/obsproject/obs-studio/commit/cd784644f5e82b9988043f229c19603289c6d32c.patch";
hash = "sha256-S4JE5kgr4x3uMHY2GRh0GBJpb7o/wYZb/v0CDITFNnQ=";
})
(fetchpatch {
url = "https://github.com/obsproject/obs-studio/commit/758b47d4ed9a25b8d64ad481d8d039990b9e57c9.patch";
hash = "sha256-jYpjwhx6e+dhN3kzbd6FcdjQ+WhIX0/BOu9PSkt+2yI=";
})
(fetchpatch {
url = "https://github.com/obsproject/obs-studio/commit/4b5be75c7e4b8cee908ed4a02fe0078285b4e8c9.patch";
hash = "sha256-tuOevhyxchwG42ilrplbiWoiDAKaY4HgzShlvp4VSQI=";
})
(fetchpatch {
url = "https://github.com/obsproject/obs-studio/commit/6e080a68067b27fe5463f0f4eee7df690451f3d7.patch";
hash = "sha256-nbn/q3uszoHaDvaW8Et1MS1sgQzMsJRmjGSMHzUxV70=";
})
];
nativeBuildInputs = [
@ -87,7 +107,7 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [
curl
ffmpeg_4
ffmpeg
jansson
libcef
libjack2

9
pkgs/applications/virtualization/kvmtool/default.nix
View File

@ -1,13 +1,12 @@
{ stdenv, fetchgit, lib, dtc }:
{ stdenv, fetchzip, lib, dtc }:
stdenv.mkDerivation {
pname = "kvmtool";
version = "unstable-2023-07-12";
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git";
rev = "106e2ea7756d980454d68631b87d5e25ba4e4881";
sha256 = "sha256-wpc5DfHnui0lBVH4uOq6a7pXVUZStjNLRvauu6QpRvE=";
src = fetchzip {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/snapshot/kvmtool-106e2ea7756d980454d68631b87d5e25ba4e4881.tar.gz";
hash = "sha256-wpc5DfHnui0lBVH4uOq6a7pXVUZStjNLRvauu6QpRvE=";
};
patches = [ ./strlcpy-glibc-2.38-fix.patch ];

9
pkgs/applications/virtualization/rust-hypervisor-firmware/default.nix
View File

@ -1,8 +1,6 @@
{ lib
, fetchFromGitHub
, hostPlatform
, cargo
, rustc
, lld
}:
@ -24,12 +22,7 @@ let
};
};
# inherit (cross) rustPlatform;
# ^ breaks because we are doing a no_std embedded build with a custom sysroot,
# but the fast_cross rustc wrapper already passes a sysroot argument
rustPlatform = cross.makeRustPlatform {
inherit rustc cargo;
};
inherit (cross) rustPlatform;
in

25
pkgs/build-support/bintools-wrapper/default.nix
View File

@ -33,6 +33,28 @@
, useMacosReexportHack ? false
, wrapGas ? false
# Note: the hardening flags are part of the bintools-wrapper, rather than
# the cc-wrapper, because a few of them are handled by the linker.
, defaultHardeningFlags ? with stdenvNoCC; [
"bindnow"
"format"
"fortify"
"fortify3"
"pic"
"relro"
"stackprotector"
"strictoverflow"
] ++ lib.optional (
# Musl-based platforms will keep "pie", other platforms will not.
# If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}`
# in the nixpkgs manual to inform users about the defaults.
targetPlatform.libc == "musl"
# Except when:
# - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries.
# - static armv7l, where compilation fails.
&& !(targetPlatform.isAarch && targetPlatform.isStatic)
) "pie"
# Darwin code signing support utilities
, postLinkSignHook ? null, signingUtils ? null
}:
@ -124,6 +146,8 @@ stdenv.mkDerivation {
(setenv "NIX_LDFLAGS_${suffixSalt}" (concat (getenv "NIX_LDFLAGS_${suffixSalt}") " -L" arg "/lib64"))))
'(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)}))
'';
inherit defaultHardeningFlags;
};
dontBuild = true;
@ -380,6 +404,7 @@ stdenv.mkDerivation {
wrapperName = "BINTOOLS_WRAPPER";
inherit dynamicLinker targetPrefix suffixSalt coreutils_bin;
inherit bintools_bin libc_bin libc_dev libc_lib;
default_hardening_flags_str = builtins.toString defaultHardeningFlags;
};
meta =

2
pkgs/build-support/bintools-wrapper/setup-hook.sh
View File

@ -65,7 +65,7 @@ do
done
# If unset, assume the default hardening flags.
: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
export NIX_HARDENING_ENABLE
# No local scope in sourced file

2
pkgs/build-support/cc-wrapper/add-hardening.sh
View File

@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
fi
if (( "${NIX_DEBUG:-0}" >= 1 )); then
declare -a allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format)
declare -A hardeningDisableMap=()
# Determine which flags were effectively disabled so we can report below.

5
pkgs/build-support/cc-wrapper/default.nix
View File

@ -218,6 +218,8 @@ let
then guess
else null;
defaultHardeningFlags = bintools.defaultHardeningFlags or [];
darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin (
if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx"
else targetPlatform.darwinPlatform
@ -271,6 +273,8 @@ stdenv.mkDerivation {
inherit expand-response-params;
inherit nixSupport;
inherit defaultHardeningFlags;
};
dontBuild = true;
@ -706,6 +710,7 @@ stdenv.mkDerivation {
inherit suffixSalt coreutils_bin bintools;
inherit libc_bin libc_dev libc_lib;
inherit darwinPlatformForCC darwinMinVersion darwinMinVersionVariable;
default_hardening_flags_str = builtins.toString defaultHardeningFlags;
};
meta =

3
pkgs/build-support/cc-wrapper/fortran-hook.sh
View File

@ -4,8 +4,7 @@ getTargetRoleWrapper
export FC${role_post}=@named_fc@
# If unset, assume the default hardening flags.
# These are different for fortran.
: ${NIX_HARDENING_ENABLE="stackprotector pic strictoverflow relro bindnow"}
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
export NIX_HARDENING_ENABLE
unset -v role_post

2
pkgs/build-support/cc-wrapper/setup-hook.sh
View File

@ -111,7 +111,7 @@ export CC${role_post}=@named_cc@
export CXX${role_post}=@named_cxx@
# If unset, assume the default hardening flags.
: ${NIX_HARDENING_ENABLE="fortify fortify3 stackprotector pic strictoverflow format relro bindnow"}
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
export NIX_HARDENING_ENABLE
# No local scope in sourced file

4
pkgs/build-support/emacs/melpa.nix
View File

@ -11,8 +11,8 @@ let
src = fetchFromGitHub {
owner = "melpa";
repo = "package-build";
rev = "c3c535e93d9dc92acd21ebc4b15016b5c3b90e7d";
sha256 = "17z0wbqdd6fspbj43yq8biff6wfggk74xgnaf1xx6ynsp1i74is5";
rev = "c48aa078c01b4f07b804270c4583a0a58ffea1c0";
sha256 = "sha256-MzPj375upIiYXdQR+wWXv3A1zMqbSrZlH0taLuxx/1M=";
};
patches = [ ./package-build-dont-use-mtime.patch ];

26
pkgs/build-support/emacs/melpa2nix.el
View File

@ -11,22 +11,22 @@
;; Allow installing package tarfiles larger than 10MB
(setq large-file-warning-threshold nil)
(defun melpa2nix-build-package-1 (rcp version commit)
(let ((source-dir (package-recipe--working-tree rcp)))
(defun melpa2nix-build-package-1 (rcp)
(let* ((default-directory (package-recipe--working-tree rcp)))
(unwind-protect
(let ((files (package-build-expand-files-spec rcp t)))
(cond
((= (length files) 1)
(package-build--build-single-file-package
rcp version commit files source-dir))
((> (length files) 1)
(package-build--build-multi-file-package
rcp version commit files source-dir))
(t (error "Unable to find files matching recipe patterns")))))))
(unless files
(error "Unable to find files matching recipe patterns"))
(if (> (length files) 1)
(package-build--build-multi-file-package rcp files)
(package-build--build-single-file-package rcp files))))))
(defun melpa2nix-build-package ()
(if (not noninteractive)
(error "`melpa2nix-build-package' is to be used only with -batch"))
(unless noninteractive
(error "`melpa2nix-build-package' is to be used only with -batch"))
(pcase command-line-args-left
(`(,package ,version ,commit)
(melpa2nix-build-package-1 (package-recipe-lookup package) version commit))))
(let ((recipe (package-recipe-lookup package)))
(setf (oref recipe commit) commit)
(setf (oref recipe version) version)
(melpa2nix-build-package-1 recipe)))))

43
pkgs/build-support/emacs/package-build-dont-use-mtime.patch
View File

@ -1,40 +1,21 @@
diff --git a/package-build.el b/package-build.el
index e572045..9eb0f82 100644
index 29cdb61..c19be1b 100644
--- a/package-build.el
+++ b/package-build.el
@@ -415,7 +415,7 @@ (defun package-build--write-pkg-file (desc dir)
(princ ";; Local Variables:\n;; no-byte-compile: t\n;; End:\n"
(current-buffer)))))
-(defun package-build--create-tar (name version directory mtime)
+(defun package-build--create-tar (name version directory)
"Create a tar file containing the contents of VERSION of package NAME.
DIRECTORY is a temporary directory that contains the directory
that is put in the tarball. MTIME is used as the modification
@@ -434,7 +434,7 @@ (defun package-build--create-tar (name version directory mtime)
;; prevent a reproducable tarball as described at
@@ -923,7 +923,6 @@ DIRECTORY is a temporary directory that contains the directory
that is put in the tarball."
(let* ((name (oref rcp name))
(version (oref rcp version))
- (time (oref rcp time))
(tar (expand-file-name (concat name "-" version ".tar")
package-build-archive-dir))
(dir (concat name "-" version)))
@@ -939,7 +938,7 @@ that is put in the tarball."
;; prevent a reproducible tarball as described at
;; https://reproducible-builds.org/docs/archives.
"--sort=name"
- (format "--mtime=@%d" mtime)
- (format "--mtime=@%d" time)
+ "--mtime=@0"
"--owner=0" "--group=0" "--numeric-owner"
"--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"))
(when (and package-build-verbose noninteractive)
@@ -848,12 +848,11 @@ (defun package-build--build-multi-file-package (rcp version commit files source-
(package-build--desc-from-library
name version commit files 'tar)
(error "%s[-pkg].el matching package name is missing"
- name))))
- (mtime (package-build--get-commit-time rcp commit)))
+ name)))))
(package-build--copy-package-files files source-dir target)
(package-build--write-pkg-file desc target)
(package-build--generate-info-files files source-dir target)
- (package-build--create-tar name version tmp-dir mtime)
+ (package-build--create-tar name version tmp-dir)
(package-build--write-pkg-readme name files source-dir)
(package-build--write-archive-entry desc))
(delete-directory tmp-dir t nil))))
--
2.37.2

1
pkgs/build-support/fetchurl/mirrors.nix
View File

@ -125,6 +125,7 @@
# Mirrors from https://download.kde.org/ls-lR.mirrorlist
kde = [
"https://cdn.download.kde.org/"
"https://download.kde.org/download.php?url="
"https://ftp.gwdg.de/pub/linux/kde/"
"https://mirrors.ocf.berkeley.edu/kde/"

2
pkgs/build-support/rust/hooks/maturin-build-hook.sh
View File

@ -25,7 +25,7 @@ maturinBuildHook() {
# Move the wheel to dist/ so that regular Python tooling can find it.
mkdir -p dist
mv target/wheels/*.whl dist/
mv ${cargoRoot:+$cargoRoot/}target/wheels/*.whl dist/
# These are python build hooks and may depend on ./dist
runHook postBuild

15
pkgs/build-support/rust/rustc-wrapper/rustc-wrapper.sh
View File

@ -1,6 +1,19 @@
#!@shell@
extraBefore=(@sysroot@)
defaultSysroot=(@sysroot@)
for arg; do
case "$arg" in
--sysroot)
defaultSysroot=()
;;
--)
break
;;
esac
done
extraBefore=("${defaultSysroot[@]}")
extraAfter=($NIX_RUSTFLAGS)
# Optionally print debug info.

31
pkgs/build-support/setup-hooks/auto-patchelf.sh
View File

@ -53,17 +53,30 @@ autoPatchelf() {
esac
done
readarray -td' ' ignoreMissingDepsArray < <(echo -n "$autoPatchelfIgnoreMissingDeps")
if [ "$autoPatchelfIgnoreMissingDeps" == "1" ]; then
echo "autoPatchelf: WARNING: setting 'autoPatchelfIgnoreMissingDeps" \
"= true;' is deprecated and will be removed in a future release." \
"Use 'autoPatchelfIgnoreMissingDeps = [ \"*\" ];' instead." >&2
ignoreMissingDepsArray=( "*" )
if [ -n "$__structuredAttrs" ]; then
local ignoreMissingDepsArray=( "${autoPatchelfIgnoreMissingDeps[@]}" )
local appendRunpathsArray=( "${appendRunpaths[@]}" )
local runtimeDependenciesArray=( "${runtimeDependencies[@]}" )
local patchelfFlagsArray=( "${patchelfFlags[@]}" )
else
readarray -td' ' ignoreMissingDepsArray < <(echo -n "$autoPatchelfIgnoreMissingDeps")
local appendRunpathsArray=($appendRunpaths)
local runtimeDependenciesArray=($runtimeDependencies)
local patchelfFlagsArray=($patchelfFlags)
fi
local appendRunpathsArray=($appendRunpaths)
local runtimeDependenciesArray=($runtimeDependencies)
local patchelfFlagsArray=($patchelfFlags)
# Check if ignoreMissingDepsArray contains "1" and if so, replace it with
# "*", printing a deprecation warning.
for dep in "${ignoreMissingDepsArray[@]}"; do
if [ "$dep" == "1" ]; then
echo "autoPatchelf: WARNING: setting 'autoPatchelfIgnoreMissingDeps" \
"= true;' is deprecated and will be removed in a future release." \
"Use 'autoPatchelfIgnoreMissingDeps = [ \"*\" ];' instead." >&2
ignoreMissingDepsArray=( "*" )
break
fi
done
@pythonInterpreter@ @autoPatchelfScript@ \
${norecurse:+--no-recurse} \
--ignore-missing "${ignoreMissingDepsArray[@]}" \

15
pkgs/by-name/ai/airlift/package.nix
View File

@ -1,7 +1,6 @@
{ lib
, python3
, fetchPypi
, argparse
, kubernetes-helm
, kind
, docker
@ -17,16 +16,22 @@ python3.pkgs.buildPythonApplication rec {
inherit pname version;
hash = "sha256-1LE3fpfX4NExJdUdSjt4BXvxQTLJ8zrRkGHkxo/6Pb8=";
};
postPatch = ''
sed -i '/argparse/d' pyproject.toml
'';
nativeBuildInputs = [
python3.pkgs.poetry-core
];
buildInputs = [
kubernetes-helm
kind
docker
];
nativeBuildInputs = [
python3.pkgs.poetry-core
];
propagatedBuildInputs = with python3.pkgs; [
argparse
halo
pyyaml
hiyapyco

2
pkgs/by-name/bi/bitbake-language-server/package.nix
View File

@ -26,8 +26,6 @@ python3.pkgs.buildPythonApplication rec {
pygls
];
SETUPTOOLS_SCM_PRETEND_VERSION = version;
passthru.updateScript = nix-update-script { };
meta = with lib; {

2
pkgs/by-name/cm/cmake/package.nix
View File

@ -138,8 +138,6 @@ stdenv.mkDerivation (finalAttrs: {
"CFLAGS=-D_FILE_OFFSET_BITS=64"
"CXXFLAGS=-D_FILE_OFFSET_BITS=64"
]
# Workaround missing atomic ops with gcc <13
++ lib.optional stdenv.hostPlatform.isRiscV "LDFLAGS=-latomic"
++ [
"--"
# We should set the proper `CMAKE_SYSTEM_NAME`.

6
pkgs/by-name/ho/homeassistant-satellite/package.nix
View File

@ -16,8 +16,12 @@ python3.pkgs.buildPythonApplication rec {
};
nativeBuildInputs = with python3.pkgs; [
pythonRelaxDepsHook
setuptools
wheel
];
pythonRelaxDeps = [
"aiohttp"
];
propagatedBuildInputs = with python3.pkgs; [

27
pkgs/by-name/me/meson/007-darwin-case-sensitivity.patch Normal file
View File

@ -0,0 +1,27 @@
From a908a574daf8bac10bb2a0ee3771052d2167a85f Mon Sep 17 00:00:00 2001
From: Randy Eckenrode <randy@largeandhighquality.com>
Date: Sun, 3 Dec 2023 15:41:20 -0500
Subject: [PATCH] Fix test failure on Darwin on a case-sensitive fs
This was encountered while looking into an issue with
https://github.com/NixOS/nixpkgs/pull/268583.
I run my Nix store on case-sensitive APFS, so the test fails due to
trying to link `-framework ldap` instead of `-framework LDAP`.
---
test cases/osx/5 extra frameworks/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test cases/osx/5 extra frameworks/meson.build b/test cases/osx/5 extra frameworks/meson.build
index f6c01e63a1bd..96532846c632 100644
--- a/test cases/osx/5 extra frameworks/meson.build
+++ b/test cases/osx/5 extra frameworks/meson.build
@@ -7,7 +7,7 @@ dep_main = dependency('Foundation')
assert(dep_main.type_name() == 'extraframeworks', 'type_name is ' + dep_main.type_name())
# https://github.com/mesonbuild/meson/issues/10002
-ldap_dep = dependency('ldap', method : 'extraframework')
+ldap_dep = dependency('LDAP', method : 'extraframework')
assert(ldap_dep.type_name() == 'extraframeworks', 'type_name is ' + ldap_dep.type_name())
stlib = static_library('stat', 'stat.c', install : true, dependencies: [opengl_dep, ldap_dep])

21
pkgs/by-name/me/meson/package.nix
View File

@ -1,11 +1,11 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, installShellFiles
, coreutils
, darwin
, libxcrypt
, openldap
, ninja
, pkg-config
, python3
@ -14,17 +14,17 @@
}:
let
inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Foundation OpenGL;
inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Foundation LDAP OpenGL;
in
python3.pkgs.buildPythonApplication rec {
pname = "meson";
version = "1.2.3";
version = "1.3.0";
src = fetchFromGitHub {
owner = "mesonbuild";
repo = "meson";
rev = "refs/tags/${version}";
hash = "sha256-dgYYz3tQDG6Z4eE77WO2dXdardxVzzGaFLQ5znPcTlw=";
hash = "sha256-Jt3PWnbv/8P6Rvf3E/Yli2vdtfgx3CmsW+jlc9CK5KA=";
};
patches = [
@ -66,15 +66,8 @@ python3.pkgs.buildPythonApplication rec {
# Nixpkgs cctools does not have bitcode support.
./006-disable-bitcode.patch
# Fix passing multiple --define-variable arguments to pkg-config.
# https://github.com/mesonbuild/meson/pull/10670
(fetchpatch {
url = "https://github.com/mesonbuild/meson/commit/d5252c5d4cf1c1931fef0c1c98dd66c000891d21.patch";
hash = "sha256-GiUNVul1N5Fl8mfqM7vA/r1FdKqImiDYLXMVDt77gvw=";
excludes = [
"docs/yaml/objects/dep.yaml"
];
})
# https://github.com/mesonbuild/meson/pull/12587
./007-darwin-case-sensitivity.patch
];
buildInputs = lib.optionals (python3.pythonOlder "3.9") [
@ -95,7 +88,9 @@ python3.pkgs.buildPythonApplication rec {
AppKit
Cocoa
Foundation
LDAP
OpenGL
openldap
];
checkPhase = lib.concatStringsSep "\n" ([

5
pkgs/by-name/si/sirius/package.nix
View File

@ -85,6 +85,11 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ mpi ];
CXXFLAGS = [
# GCC 13: error: 'uintptr_t' in namespace 'std' does not name a type
"-include cstdint"
];
cmakeFlags = [
"-DUSE_SCALAPACK=ON"
"-DBUILD_TESTING=ON"

36
pkgs/by-name/uc/ucode/package.nix Normal file
View File

@ -0,0 +1,36 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
, pkg-config
, json_c
}:
stdenv.mkDerivation rec {
pname = "ucode";
version = "0.0.20231102";
src = fetchFromGitHub {
owner = "jow-";
repo = "ucode";
rev = "v${version}";
hash = "sha256-dJjlwuQLS73D6W/bmhWLPPaT7himQyO1RvD+MXVxBMw=";
};
buildInputs = [
json_c
];
nativeBuildInputs = [
cmake
pkg-config
];
meta = with lib; {
description = "JavaScript-like language with optional templating";
homepage = "https://github.com/jow-/ucode";
license = licenses.isc;
platforms = platforms.linux;
maintainers = with maintainers; [ mkg20001 ];
};
}

41
pkgs/by-name/ud/udebug/package.nix Normal file
View File

@ -0,0 +1,41 @@
{ lib
, stdenv
, cmake
, fetchgit
, pkg-config
, ubus
, libubox
, ucode
, json_c
}:
stdenv.mkDerivation {
pname = "udebug";
version = "unstable-2023-11-28";
src = fetchgit {
url = "https://git.openwrt.org/project/udebug.git";
rev = "d49aadabb7a147b99a3e6299a77d7fda4e266091";
hash = "sha256-5I50q+oUQ5f82ngKl7bX50J+3pBviNk3iVEChNjt5wY=";
};
buildInputs = [
ubus
libubox
ucode
json_c
];
nativeBuildInputs = [
cmake
pkg-config
];
meta = with lib; {
description = "OpenWrt debugging helper library/service";
homepage = "https://git.openwrt.org/?p=project/udebug.git;a=summary";
license = licenses.free;
platforms = platforms.linux;
maintainers = with maintainers; [ mkg20001 ];
};
}

5
pkgs/by-name/we/websecprobe/package.nix
View File

@ -5,18 +5,17 @@
python3.pkgs.buildPythonApplication rec {
pname = "websecprobe";
version = "0.0.10";
version = "0.0.11";
pyproject = true;
src = fetchPypi {
pname = "WebSecProbe";
inherit version;
hash = "sha256-QvXOyQUptMyim/bgvhihjgGs7vX0qX8MqK2ol8q9ePc=";
hash = "sha256-OKbKz3HSTtwyx/JNUtLJBTaHQcxkUWroMg9/msVWgk4=";
};
nativeBuildInputs = with python3.pkgs; [
setuptools
wheel
];
propagatedBuildInputs = with python3.pkgs; [

6
pkgs/data/misc/tzdata/default.nix
View File

@ -2,16 +2,16 @@
stdenv.mkDerivation rec {
pname = "tzdata";
version = "2023c";
version = "2023d";
srcs = [
(fetchurl {
url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz";
hash = "sha256-P1ELXRtK6bs45IWqMCp3azF/s2N722QExK33tsrdllw=";
hash = "sha256-28ohlwsKi4wM7O7B17kfqQO+D27KWucytTKWciMqCPM=";
})
(fetchurl {
url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz";
hash = "sha256-RtF/K7Ga1zKQ8DogMAYVLg+g17EeW3FGfEqCOBGyFOc=";
hash = "sha256-6aX54RiIbS3pK2K7BVEKKMxsBY15HJO9a4TTKSw8Fh4=";
})
];

2
pkgs/desktops/gnome/apps/gnome-clocks/default.nix
View File

@ -9,7 +9,6 @@
, itstool
, desktop-file-utils
, vala
, gobject-introspection
, libxml2
, gtk4
, glib
@ -43,7 +42,6 @@ stdenv.mkDerivation rec {
wrapGAppsHook4
desktop-file-utils
libxml2
gobject-introspection # for finding vapi files
];
buildInputs = [

4
pkgs/desktops/gnome/apps/seahorse/default.nix
View File

@ -57,10 +57,6 @@ stdenv.mkDerivation rec {
gnupg
desktop-file-utils
gcr
# error: Package `...' not found in specified Vala API directories or GObject-Introspection GIR directories
# TODO: the vala setuphook should look for vala filess in targetOffset instead of hostOffset
libhandy
libsecret
];
buildInputs = [

4
pkgs/desktops/gnome/core/baobab/default.nix
View File

@ -36,10 +36,6 @@ stdenv.mkDerivation rec {
pkg-config
vala
wrapGAppsHook4
# Prevents “error: Package `libadwaita-1' not found in specified Vala API
# directories or GObject-Introspection GIR directories” with strictDeps,
# even though it should only be a runtime dependency.
libadwaita
];
buildInputs = [

2
pkgs/desktops/gnome/core/gnome-calculator/default.nix
View File

@ -12,7 +12,6 @@
, glib
, gtksourceview5
, wrapGAppsHook4
, gobject-introspection
, gnome
, mpfr
, gmp
@ -40,7 +39,6 @@ stdenv.mkDerivation rec {
gettext
itstool
wrapGAppsHook4
gobject-introspection # for finding vapi files
];
buildInputs = [

5
pkgs/desktops/gnome/games/gnome-mines/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, meson, ninja, vala, gobject-introspection, pkg-config, gnome, gtk3, wrapGAppsHook
{ lib, stdenv, fetchurl, meson, ninja, vala, pkg-config, gnome, gtk3, wrapGAppsHook
, librsvg, gettext, itstool, python3, libxml2, libgnome-games-support, libgee, desktop-file-utils }:
stdenv.mkDerivation rec {
@ -10,9 +10,8 @@ stdenv.mkDerivation rec {
sha256 = "NQLps/ccs7LnEcDmAZGH/rzCvKh349RW3KtwD3vjEnI=";
};
# gobject-introspection for finding vapi files
nativeBuildInputs = [
meson ninja vala gobject-introspection pkg-config gettext itstool python3
meson ninja vala pkg-config gettext itstool python3
libxml2 wrapGAppsHook desktop-file-utils
];
buildInputs = [ gtk3 librsvg gnome.adwaita-icon-theme libgnome-games-support libgee ];

9
pkgs/development/compilers/binaryen/default.nix
View File

@ -13,13 +13,20 @@ stdenv.mkDerivation rec {
hash = "sha256-gMwbWiP+YDCVafQMBWhTuJGWmkYtnhEdn/oofKaUT08=";
};
# Fix build with Node 20
# FIXME: remove for next release
patches = [
(fetchpatch {
name = "nodejs-20.patch";
url = "https://github.com/WebAssembly/binaryen/commit/889422e0c92552ff484659f9b41e777ba7ab35c1.patch";
hash = "sha256-acM8mytL9nhm4np9tpUbd1X0wJ7y308HV2fvgcAW1lY=";
})
# Fix fmin tests on gcc-13: https://github.com/WebAssembly/binaryen/pull/5994
(fetchpatch {
name = "gcc-13.patch";
url = "https://github.com/WebAssembly/binaryen/commit/1e17dfb695a19d5d41f1f88411fbcbc5f2408c8f.patch";
hash = "sha256-5JZh15CXkg5XdTG8eRJXPwO+zmymYeFjKbHutRPTmlU=";
})
];
nativeBuildInputs = [ cmake python3 ];

Some files were not shown because too many files have changed in this diff Show More