Merge #275620: staging-next 2023-12-20
This commit is contained in:
commit
bae093a327
|
@ -7,7 +7,7 @@ binaryheap,,,,,,vcunat
|
|||
busted,,,,,,
|
||||
cassowary,,,,,,marsam alerque
|
||||
cldr,,,,,,alerque
|
||||
compat53,,,,0.7-1,,vcunat
|
||||
compat53,,,,,,vcunat
|
||||
cosmo,,,,,,marsam
|
||||
coxpcall,,,,1.17.0-1,,
|
||||
cqueues,,,,,,vcunat
|
||||
|
@ -15,6 +15,7 @@ cyan,,,,,,
|
|||
digestif,https://github.com/astoff/digestif.git,,,,5.3,
|
||||
dkjson,,,,,,
|
||||
fennel,,,,,,misterio77
|
||||
fidget.nvim,,,,,,mrcjkb
|
||||
fifo,,,,,,
|
||||
fluent,,,,,,alerque
|
||||
fzy,,,,,,mrcjkb
|
||||
|
@ -55,7 +56,7 @@ lua-subprocess,https://github.com/0x0ade/lua-subprocess,,,,5.1,scoder12
|
|||
lua-term,,,,,,
|
||||
lua-toml,,,,,,
|
||||
lua-zlib,,,,,,koral
|
||||
lua_cliargs,https://github.com/amireh/lua_cliargs.git,,,,,
|
||||
lua_cliargs,,,,,,
|
||||
luabitop,https://github.com/teto/luabitop.git,,,,,
|
||||
luacheck,,,,,,
|
||||
luacov,,,,,,
|
||||
|
@ -86,7 +87,7 @@ luautf8,,,,,,pstn
|
|||
luazip,,,,,,
|
||||
lua-yajl,,,,,,pstn
|
||||
lua-iconv,,,,7.0.0,,
|
||||
luuid,,,,,,
|
||||
luuid,,,,20120509-2,,
|
||||
luv,,,,1.44.2-1,,
|
||||
lush.nvim,https://github.com/rktjmp/lush.nvim,,,,,teto
|
||||
lyaml,,,,,,lblasc
|
||||
|
|
|
|
@ -26,6 +26,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
|
||||
|
||||
- systemd's gateway, upload, and remote services, which provides ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable).
|
||||
|
||||
- [GNS3](https://www.gns3.com/), a network software emulator. Available as [services.gns3-server](#opt-services.gns3-server.enable).
|
||||
|
||||
- [rspamd-trainer](https://gitlab.com/onlime/rspamd-trainer), script triggered by a helper which reads mails from a specific mail inbox and feeds them into rspamd for spam/ham training.
|
||||
|
|
|
@ -120,7 +120,7 @@ in rec {
|
|||
{ meta.description = "List of NixOS options in JSON format";
|
||||
nativeBuildInputs = [
|
||||
pkgs.brotli
|
||||
pkgs.python3Minimal
|
||||
pkgs.python3
|
||||
];
|
||||
options = builtins.toFile "options.json"
|
||||
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));
|
||||
|
|
|
@ -18,7 +18,7 @@ python3Packages.buildPythonApplication {
|
|||
pname = "nixos-test-driver";
|
||||
version = "1.1";
|
||||
src = ./.;
|
||||
format = "pyproject";
|
||||
pyproject = true;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
coreutils
|
||||
|
@ -32,6 +32,10 @@ python3Packages.buildPythonApplication {
|
|||
++ (lib.optionals enableOCR [ imagemagick_light tesseract4 ])
|
||||
++ extraPythonPackages python3Packages;
|
||||
|
||||
nativeBuildInputs = [
|
||||
python3Packages.setuptools
|
||||
];
|
||||
|
||||
passthru.tests = {
|
||||
inherit (nixosTests.nixos-test-driver) driver-timeout;
|
||||
};
|
||||
|
|
|
@ -13,11 +13,12 @@ in
|
|||
enable = mkEnableOption (lib.mdDoc "support for Intel IPU6/MIPI cameras");
|
||||
|
||||
platform = mkOption {
|
||||
type = types.enum [ "ipu6" "ipu6ep" ];
|
||||
type = types.enum [ "ipu6" "ipu6ep" "ipu6epmtl" ];
|
||||
description = lib.mdDoc ''
|
||||
Choose the version for your hardware platform.
|
||||
|
||||
Use `ipu6` for Tiger Lake and `ipu6ep` for Alder Lake respectively.
|
||||
Use `ipu6` for Tiger Lake, `ipu6ep` for Alder Lake or Raptor Lake,
|
||||
and `ipu6epmtl` for Meteor Lake.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -29,9 +30,7 @@ in
|
|||
ipu6-drivers
|
||||
];
|
||||
|
||||
hardware.firmware = with pkgs; [ ]
|
||||
++ optional (cfg.platform == "ipu6") ipu6-camera-bin
|
||||
++ optional (cfg.platform == "ipu6ep") ipu6ep-camera-bin;
|
||||
hardware.firmware = [ pkgs.ipu6-camera-bins ];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="intel-ipu6-psys", MODE="0660", GROUP="video"
|
||||
|
@ -44,14 +43,13 @@ in
|
|||
|
||||
extraPackages = with pkgs.gst_all_1; [ ]
|
||||
++ optional (cfg.platform == "ipu6") icamerasrc-ipu6
|
||||
++ optional (cfg.platform == "ipu6ep") icamerasrc-ipu6ep;
|
||||
++ optional (cfg.platform == "ipu6ep") icamerasrc-ipu6ep
|
||||
++ optional (cfg.platform == "ipu6epmtl") icamerasrc-ipu6epmtl;
|
||||
|
||||
input = {
|
||||
pipeline = "icamerasrc";
|
||||
format = mkIf (cfg.platform == "ipu6ep") (mkDefault "NV12");
|
||||
format = mkIf (cfg.platform != "ipu6") (mkDefault "NV12");
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1476,6 +1476,9 @@
|
|||
./system/boot/systemd/initrd-secrets.nix
|
||||
./system/boot/systemd/initrd.nix
|
||||
./system/boot/systemd/journald.nix
|
||||
./system/boot/systemd/journald-gateway.nix
|
||||
./system/boot/systemd/journald-remote.nix
|
||||
./system/boot/systemd/journald-upload.nix
|
||||
./system/boot/systemd/logind.nix
|
||||
./system/boot/systemd/nspawn.nix
|
||||
./system/boot/systemd/oomd.nix
|
||||
|
|
135
nixos/modules/system/boot/systemd/journald-gateway.nix
Normal file
135
nixos/modules/system/boot/systemd/journald-gateway.nix
Normal file
|
@ -0,0 +1,135 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.journald.gateway;
|
||||
|
||||
cliArgs = lib.cli.toGNUCommandLineShell { } {
|
||||
# If either of these are null / false, they are not passed in the command-line
|
||||
inherit (cfg) cert key trust system user merge;
|
||||
};
|
||||
in
|
||||
{
|
||||
meta.maintainers = [ lib.maintainers.raitobezarius ];
|
||||
options.services.journald.gateway = {
|
||||
enable = lib.mkEnableOption "the HTTP gateway to the journal";
|
||||
|
||||
port = lib.mkOption {
|
||||
default = 19531;
|
||||
type = lib.types.port;
|
||||
description = ''
|
||||
The port to listen to.
|
||||
'';
|
||||
};
|
||||
|
||||
cert = lib.mkOption {
|
||||
default = null;
|
||||
type = with lib.types; nullOr str;
|
||||
description = lib.mdDoc ''
|
||||
The path to a file or `AF_UNIX` stream socket to read the server
|
||||
certificate from.
|
||||
|
||||
The certificate must be in PEM format. This option switches
|
||||
`systemd-journal-gatewayd` into HTTPS mode and must be used together
|
||||
with {option}`services.journald.gateway.key`.
|
||||
'';
|
||||
};
|
||||
|
||||
key = lib.mkOption {
|
||||
default = null;
|
||||
type = with lib.types; nullOr str;
|
||||
description = lib.mdDoc ''
|
||||
Specify the path to a file or `AF_UNIX` stream socket to read the
|
||||
secret server key corresponding to the certificate specified with
|
||||
{option}`services.journald.gateway.cert` from.
|
||||
|
||||
The key must be in PEM format.
|
||||
|
||||
This key should not be world-readable, and must be readably by the
|
||||
`systemd-journal-gateway` user.
|
||||
'';
|
||||
};
|
||||
|
||||
trust = lib.mkOption {
|
||||
default = null;
|
||||
type = with lib.types; nullOr str;
|
||||
description = lib.mdDoc ''
|
||||
Specify the path to a file or `AF_UNIX` stream socket to read a CA
|
||||
certificate from.
|
||||
|
||||
The certificate must be in PEM format.
|
||||
|
||||
Setting this option enforces client certificate checking.
|
||||
'';
|
||||
};
|
||||
|
||||
system = lib.mkOption {
|
||||
default = true;
|
||||
type = lib.types.bool;
|
||||
description = lib.mdDoc ''
|
||||
Serve entries from system services and the kernel.
|
||||
|
||||
This has the same meaning as `--system` for {manpage}`journalctl(1)`.
|
||||
'';
|
||||
};
|
||||
|
||||
user = lib.mkOption {
|
||||
default = true;
|
||||
type = lib.types.bool;
|
||||
description = lib.mdDoc ''
|
||||
Serve entries from services for the current user.
|
||||
|
||||
This has the same meaning as `--user` for {manpage}`journalctl(1)`.
|
||||
'';
|
||||
};
|
||||
|
||||
merge = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = lib.mdDoc ''
|
||||
Serve entries interleaved from all available journals, including other
|
||||
machines.
|
||||
|
||||
This has the same meaning as `--merge` option for
|
||||
{manpage}`journalctl(1)`.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
# This prevents the weird case were disabling "system" and "user"
|
||||
# actually enables both because the cli flags are not present.
|
||||
assertion = cfg.system || cfg.user;
|
||||
message = ''
|
||||
systemd-journal-gatewayd cannot serve neither "system" nor "user"
|
||||
journals.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
systemd.additionalUpstreamSystemUnits = [
|
||||
"systemd-journal-gatewayd.socket"
|
||||
"systemd-journal-gatewayd.service"
|
||||
];
|
||||
|
||||
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
|
||||
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
|
||||
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
|
||||
|
||||
systemd.services.systemd-journal-gatewayd.serviceConfig.ExecStart = [
|
||||
# Clear the default command line
|
||||
""
|
||||
"${pkgs.systemd}/lib/systemd/systemd-journal-gatewayd ${cliArgs}"
|
||||
];
|
||||
|
||||
systemd.sockets.systemd-journal-gatewayd = {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
listenStreams = [
|
||||
# Clear the default port
|
||||
""
|
||||
(toString cfg.port)
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
163
nixos/modules/system/boot/systemd/journald-remote.nix
Normal file
163
nixos/modules/system/boot/systemd/journald-remote.nix
Normal file
|
@ -0,0 +1,163 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.journald.remote;
|
||||
format = pkgs.formats.systemd;
|
||||
|
||||
cliArgs = lib.cli.toGNUCommandLineShell { } {
|
||||
inherit (cfg) output;
|
||||
# "-3" specifies the file descriptor from the .socket unit.
|
||||
"listen-${cfg.listen}" = "-3";
|
||||
};
|
||||
in
|
||||
{
|
||||
meta.maintainers = [ lib.maintainers.raitobezarius ];
|
||||
options.services.journald.remote = {
|
||||
enable = lib.mkEnableOption "receiving systemd journals from the network";
|
||||
|
||||
listen = lib.mkOption {
|
||||
default = "https";
|
||||
type = lib.types.enum [ "https" "http" ];
|
||||
description = lib.mdDoc ''
|
||||
Which protocol to listen to.
|
||||
'';
|
||||
};
|
||||
|
||||
output = lib.mkOption {
|
||||
default = "/var/log/journal/remote/";
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
The location of the output journal.
|
||||
|
||||
In case the output file is not specified, journal files will be created
|
||||
underneath the selected directory. Files will be called
|
||||
{file}`remote-hostname.journal`, where the `hostname` part is the
|
||||
escaped hostname of the source endpoint of the connection, or the
|
||||
numerical address if the hostname cannot be determined.
|
||||
'';
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
default = 19532;
|
||||
type = lib.types.port;
|
||||
description = ''
|
||||
The port to listen to.
|
||||
|
||||
Note that this option is used only if
|
||||
{option}`services.journald.upload.listen` is configured to be either
|
||||
"https" or "http".
|
||||
'';
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
default = { };
|
||||
|
||||
description = lib.mdDoc ''
|
||||
Configuration in the journal-remote configuration file. See
|
||||
{manpage}`journal-remote.conf(5)` for available options.
|
||||
'';
|
||||
|
||||
type = lib.types.submodule {
|
||||
freeformType = format.type;
|
||||
|
||||
options.Remote = {
|
||||
Seal = lib.mkOption {
|
||||
default = false;
|
||||
example = true;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Periodically sign the data in the journal using Forward Secure
|
||||
Sealing.
|
||||
'';
|
||||
};
|
||||
|
||||
SplitMode = lib.mkOption {
|
||||
default = "host";
|
||||
example = "none";
|
||||
type = lib.types.enum [ "host" "none" ];
|
||||
description = lib.mdDoc ''
|
||||
With "host", a separate output file is used, based on the
|
||||
hostname of the other endpoint of a connection. With "none", only
|
||||
one output journal file is used.
|
||||
'';
|
||||
};
|
||||
|
||||
ServerKeyFile = lib.mkOption {
|
||||
default = "/etc/ssl/private/journal-remote.pem";
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
A path to a SSL secret key file in PEM format.
|
||||
|
||||
Note that due to security reasons, `systemd-journal-remote` will
|
||||
refuse files from the world-readable `/nix/store`. This file
|
||||
should be readable by the "" user.
|
||||
|
||||
This option can be used with `listen = "https"`. If the path
|
||||
refers to an `AF_UNIX` stream socket in the file system a
|
||||
connection is made to it and the key read from it.
|
||||
'';
|
||||
};
|
||||
|
||||
ServerCertificateFile = lib.mkOption {
|
||||
default = "/etc/ssl/certs/journal-remote.pem";
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
A path to a SSL certificate file in PEM format.
|
||||
|
||||
This option can be used with `listen = "https"`. If the path
|
||||
refers to an `AF_UNIX` stream socket in the file system a
|
||||
connection is made to it and the certificate read from it.
|
||||
'';
|
||||
};
|
||||
|
||||
TrustedCertificateFile = lib.mkOption {
|
||||
default = "/etc/ssl/ca/trusted.pem";
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc ''
|
||||
A path to a SSL CA certificate file in PEM format, or `all`.
|
||||
|
||||
If `all` is set, then client certificate checking will be
|
||||
disabled.
|
||||
|
||||
This option can be used with `listen = "https"`. If the path
|
||||
refers to an `AF_UNIX` stream socket in the file system a
|
||||
connection is made to it and the certificate read from it.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.additionalUpstreamSystemUnits = [
|
||||
"systemd-journal-remote.service"
|
||||
"systemd-journal-remote.socket"
|
||||
];
|
||||
|
||||
systemd.services.systemd-journal-remote.serviceConfig.ExecStart = [
|
||||
# Clear the default command line
|
||||
""
|
||||
"${pkgs.systemd}/lib/systemd/systemd-journal-remote ${cliArgs}"
|
||||
];
|
||||
|
||||
systemd.sockets.systemd-journal-remote = {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
listenStreams = [
|
||||
# Clear the default port
|
||||
""
|
||||
(toString cfg.port)
|
||||
];
|
||||
};
|
||||
|
||||
# User and group used by systemd-journal-remote.service
|
||||
users.groups.systemd-journal-remote = { };
|
||||
users.users.systemd-journal-remote = {
|
||||
isSystemUser = true;
|
||||
group = "systemd-journal-remote";
|
||||
};
|
||||
|
||||
environment.etc."systemd/journal-remote.conf".source =
|
||||
format.generate "journal-remote.conf" cfg.settings;
|
||||
};
|
||||
}
|
111
nixos/modules/system/boot/systemd/journald-upload.nix
Normal file
111
nixos/modules/system/boot/systemd/journald-upload.nix
Normal file
|
@ -0,0 +1,111 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.journald.upload;
|
||||
format = pkgs.formats.systemd;
|
||||
in
|
||||
{
|
||||
meta.maintainers = [ lib.maintainers.raitobezarius ];
|
||||
options.services.journald.upload = {
|
||||
enable = lib.mkEnableOption "uploading the systemd journal to a remote server";
|
||||
|
||||
settings = lib.mkOption {
|
||||
default = { };
|
||||
|
||||
description = lib.mdDoc ''
|
||||
Configuration for journal-upload. See {manpage}`journal-upload.conf(5)`
|
||||
for available options.
|
||||
'';
|
||||
|
||||
type = lib.types.submodule {
|
||||
freeformType = format.type;
|
||||
|
||||
options.Upload = {
|
||||
URL = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "https://192.168.1.1";
|
||||
description = ''
|
||||
The URL to upload the journal entries to.
|
||||
|
||||
See the description of `--url=` option in
|
||||
{manpage}`systemd-journal-upload(8)` for the description of
|
||||
possible values.
|
||||
'';
|
||||
};
|
||||
|
||||
ServerKeyFile = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
example = lib.literalExpression "./server-key.pem";
|
||||
# Since systemd-journal-upload uses a DynamicUser, permissions must
|
||||
# be done using groups
|
||||
description = ''
|
||||
SSL key in PEM format.
|
||||
|
||||
In contrary to what the name suggests, this option configures the
|
||||
client private key sent to the remote journal server.
|
||||
|
||||
This key should not be world-readable, and must be readably by
|
||||
the `systemd-journal` group.
|
||||
'';
|
||||
default = null;
|
||||
};
|
||||
|
||||
ServerCertificateFile = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
example = lib.literalExpression "./server-ca.pem";
|
||||
description = ''
|
||||
SSL CA certificate in PEM format.
|
||||
|
||||
In contrary to what the name suggests, this option configures the
|
||||
client certificate sent to the remote journal server.
|
||||
'';
|
||||
default = null;
|
||||
};
|
||||
|
||||
TrustedCertificateFile = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
example = lib.literalExpression "./ca";
|
||||
description = ''
|
||||
SSL CA certificate.
|
||||
|
||||
This certificate will be used to check the remote journal HTTPS
|
||||
server certificate.
|
||||
'';
|
||||
default = null;
|
||||
};
|
||||
|
||||
NetworkTimeoutSec = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
example = "1s";
|
||||
description = ''
|
||||
When network connectivity to the server is lost, this option
|
||||
configures the time to wait for the connectivity to get restored.
|
||||
|
||||
If the server is not reachable over the network for the
|
||||
configured time, `systemd-journal-upload` exits. Takes a value in
|
||||
seconds (or in other time units if suffixed with "ms", "min",
|
||||
"h", etc). For details, see {manpage}`systemd.time(5)`.
|
||||
'';
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.additionalUpstreamSystemUnits = [ "systemd-journal-upload.service" ];
|
||||
|
||||
systemd.services."systemd-journal-upload" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
# To prevent flooding the server in case the server is struggling
|
||||
RestartSec = "3sec";
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."systemd/journal-upload.conf".source =
|
||||
format.generate "journal-upload.conf" cfg.settings;
|
||||
};
|
||||
}
|
|
@ -5,6 +5,10 @@ with lib;
|
|||
let
|
||||
cfg = config.services.journald;
|
||||
in {
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "journald" "enableHttpGateway" ] [ "services" "journald" "gateway" "enable" ])
|
||||
];
|
||||
|
||||
options = {
|
||||
services.journald.console = mkOption {
|
||||
default = "";
|
||||
|
@ -71,14 +75,6 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
services.journald.enableHttpGateway = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable the HTTP gateway to the journal.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.forwardToSyslog = mkOption {
|
||||
default = config.services.rsyslogd.enable || config.services.syslog-ng.enable;
|
||||
defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable";
|
||||
|
@ -101,9 +97,6 @@ in {
|
|||
] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [
|
||||
"systemd-journald-dev-log.socket"
|
||||
"syslog.socket"
|
||||
] ++ optionals cfg.enableHttpGateway [
|
||||
"systemd-journal-gatewayd.socket"
|
||||
"systemd-journal-gatewayd.service"
|
||||
];
|
||||
|
||||
environment.etc = {
|
||||
|
@ -124,12 +117,6 @@ in {
|
|||
};
|
||||
|
||||
users.groups.systemd-journal.gid = config.ids.gids.systemd-journal;
|
||||
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
|
||||
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
|
||||
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
|
||||
|
||||
systemd.sockets.systemd-journal-gatewayd.wantedBy =
|
||||
optional cfg.enableHttpGateway "sockets.target";
|
||||
|
||||
systemd.services.systemd-journal-flush.restartIfChanged = false;
|
||||
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
||||
|
|
|
@ -46,6 +46,13 @@ with lib;
|
|||
wantedBy = [ "sysinit.target" ];
|
||||
aliases = [ "dbus-org.freedesktop.timesync1.service" ];
|
||||
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
|
||||
# systemd-timesyncd disables DNSSEC validation in the nss-resolve module by setting SYSTEMD_NSS_RESOLVE_VALIDATE to 0 in the unit file.
|
||||
# This is required in order to solve the chicken-and-egg problem when DNSSEC validation needs the correct time to work, but to set the
|
||||
# correct time, we need to connect to an NTP server, which usually requires resolving its hostname.
|
||||
# In order for nss-resolve to be able to read this environment variable we patch systemd-timesyncd to disable NSCD and use NSS modules directly.
|
||||
# This means that systemd-timesyncd needs to have NSS modules path in LD_LIBRARY_PATH. When systemd-resolved is disabled we still need to set
|
||||
# NSS module path so that systemd-timesyncd keeps using other NSS modules that are configured in the system.
|
||||
environment.LD_LIBRARY_PATH = config.system.nssModules.path;
|
||||
|
||||
preStart = (
|
||||
# Ensure that we have some stored time to prevent
|
||||
|
|
|
@ -843,6 +843,8 @@ in {
|
|||
systemd-initrd-networkd-openvpn = handleTestOn [ "x86_64-linux" "i686-linux" ] ./initrd-network-openvpn { systemdStage1 = true; };
|
||||
systemd-initrd-vlan = handleTest ./systemd-initrd-vlan.nix {};
|
||||
systemd-journal = handleTest ./systemd-journal.nix {};
|
||||
systemd-journal-gateway = handleTest ./systemd-journal-gateway.nix {};
|
||||
systemd-journal-upload = handleTest ./systemd-journal-upload.nix {};
|
||||
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
|
||||
systemd-networkd = handleTest ./systemd-networkd.nix {};
|
||||
systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {};
|
||||
|
@ -858,6 +860,7 @@ in {
|
|||
systemd-shutdown = handleTest ./systemd-shutdown.nix {};
|
||||
systemd-sysupdate = runTest ./systemd-sysupdate.nix;
|
||||
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
|
||||
systemd-timesyncd-nscd-dnssec = handleTest ./systemd-timesyncd-nscd-dnssec.nix {};
|
||||
systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {};
|
||||
systemd-misc = handleTest ./systemd-misc.nix {};
|
||||
systemd-userdbd = handleTest ./systemd-userdbd.nix {};
|
||||
|
|
|
@ -510,14 +510,8 @@ let
|
|||
ntp
|
||||
perlPackages.ListCompare
|
||||
perlPackages.XMLLibXML
|
||||
python3Minimal
|
||||
# make-options-doc/default.nix
|
||||
(let
|
||||
self = (pkgs.python3Minimal.override {
|
||||
inherit self;
|
||||
includeSiteCustomize = true;
|
||||
});
|
||||
in self.withPackages (p: [ p.mistune ]))
|
||||
python3.withPackages (p: [ p.mistune ])
|
||||
shared-mime-info
|
||||
sudo
|
||||
texinfo
|
||||
|
|
|
@ -95,7 +95,7 @@ in {
|
|||
ntp
|
||||
perlPackages.ListCompare
|
||||
perlPackages.XMLLibXML
|
||||
python3Minimal
|
||||
python3
|
||||
shared-mime-info
|
||||
stdenv
|
||||
sudo
|
||||
|
|
90
nixos/tests/systemd-journal-gateway.nix
Normal file
90
nixos/tests/systemd-journal-gateway.nix
Normal file
|
@ -0,0 +1,90 @@
|
|||
import ./make-test-python.nix ({ lib, pkgs, ... }:
|
||||
{
|
||||
name = "systemd-journal-gateway";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ minijackson raitobezarius ];
|
||||
};
|
||||
|
||||
# Named client for coherence with the systemd-journal-upload test, and for
|
||||
# certificate validation
|
||||
nodes.client = {
|
||||
services.journald.gateway = {
|
||||
enable = true;
|
||||
cert = "/run/secrets/client/cert.pem";
|
||||
key = "/run/secrets/client/key.pem";
|
||||
trust = "/run/secrets/ca.cert.pem";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
import json
|
||||
import subprocess
|
||||
import tempfile
|
||||
|
||||
tmpdir_o = tempfile.TemporaryDirectory()
|
||||
tmpdir = tmpdir_o.name
|
||||
|
||||
def generate_pems(domain: str):
|
||||
subprocess.run(
|
||||
[
|
||||
"${pkgs.minica}/bin/minica",
|
||||
"--ca-key=ca.key.pem",
|
||||
"--ca-cert=ca.cert.pem",
|
||||
f"--domains={domain}",
|
||||
],
|
||||
cwd=str(tmpdir),
|
||||
)
|
||||
|
||||
with subtest("Creating keys and certificates"):
|
||||
generate_pems("server")
|
||||
generate_pems("client")
|
||||
|
||||
client.wait_for_unit("multi-user.target")
|
||||
|
||||
def copy_pem(file: str):
|
||||
machine.copy_from_host(source=f"{tmpdir}/{file}", target=f"/run/secrets/{file}")
|
||||
machine.succeed(f"chmod 644 /run/secrets/{file}")
|
||||
|
||||
with subtest("Copying keys and certificates"):
|
||||
machine.succeed("mkdir -p /run/secrets/{client,server}")
|
||||
copy_pem("server/cert.pem")
|
||||
copy_pem("server/key.pem")
|
||||
copy_pem("client/cert.pem")
|
||||
copy_pem("client/key.pem")
|
||||
copy_pem("ca.cert.pem")
|
||||
|
||||
client.wait_for_unit("multi-user.target")
|
||||
|
||||
curl = '${pkgs.curl}/bin/curl'
|
||||
accept_json = '--header "Accept: application/json"'
|
||||
cacert = '--cacert /run/secrets/ca.cert.pem'
|
||||
cert = '--cert /run/secrets/server/cert.pem'
|
||||
key = '--key /run/secrets/server/key.pem'
|
||||
base_url = 'https://client:19531'
|
||||
|
||||
curl_cli = f"{curl} {accept_json} {cacert} {cert} {key} --fail"
|
||||
|
||||
machine_info = client.succeed(f"{curl_cli} {base_url}/machine")
|
||||
assert json.loads(machine_info)["hostname"] == "client", "wrong machine name"
|
||||
|
||||
# The HTTP request should have started the gateway service, triggered by
|
||||
# the .socket unit
|
||||
client.wait_for_unit("systemd-journal-gatewayd.service")
|
||||
|
||||
identifier = "nixos-test"
|
||||
message = "Hello from NixOS test infrastructure"
|
||||
|
||||
client.succeed(f"systemd-cat --identifier={identifier} <<< '{message}'")
|
||||
|
||||
# max-time is a workaround against a bug in systemd-journal-gatewayd where
|
||||
# if TLS is enabled, the connection is never closed. Since it will timeout,
|
||||
# we ignore the return code.
|
||||
entries = client.succeed(
|
||||
f"{curl_cli} --max-time 5 {base_url}/entries?SYSLOG_IDENTIFIER={identifier} || true"
|
||||
)
|
||||
|
||||
# Number of entries should be only 1
|
||||
added_entry = json.loads(entries)
|
||||
assert added_entry["SYSLOG_IDENTIFIER"] == identifier and added_entry["MESSAGE"] == message, "journal entry does not correspond"
|
||||
'';
|
||||
})
|
101
nixos/tests/systemd-journal-upload.nix
Normal file
101
nixos/tests/systemd-journal-upload.nix
Normal file
|
@ -0,0 +1,101 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
{
|
||||
name = "systemd-journal-upload";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ minijackson raitobezarius ];
|
||||
};
|
||||
|
||||
nodes.server = { nodes, ... }: {
|
||||
services.journald.remote = {
|
||||
enable = true;
|
||||
listen = "http";
|
||||
settings.Remote = {
|
||||
ServerCertificateFile = "/run/secrets/sever.cert.pem";
|
||||
ServerKeyFile = "/run/secrets/sever.key.pem";
|
||||
TrustedCertificateFile = "/run/secrets/ca.cert.pem";
|
||||
Seal = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ nodes.server.services.journald.remote.port ];
|
||||
};
|
||||
|
||||
nodes.client = { lib, nodes, ... }: {
|
||||
services.journald.upload = {
|
||||
enable = true;
|
||||
settings.Upload = {
|
||||
URL = "http://server:${toString nodes.server.services.journald.remote.port}";
|
||||
ServerCertificateFile = "/run/secrets/client.cert.pem";
|
||||
ServerKeyFile = "/run/secrets/client.key.pem";
|
||||
TrustedCertificateFile = "/run/secrets/ca.cert.pem";
|
||||
};
|
||||
};
|
||||
|
||||
# Wait for the PEMs to arrive
|
||||
systemd.services.systemd-journal-upload.wantedBy = lib.mkForce [];
|
||||
systemd.paths.systemd-journal-upload = {
|
||||
wantedBy = [ "default.target" ];
|
||||
# This file must be copied last
|
||||
pathConfig.PathExists = [ "/run/secrets/ca.cert.pem" ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
import subprocess
|
||||
import tempfile
|
||||
|
||||
tmpdir_o = tempfile.TemporaryDirectory()
|
||||
tmpdir = tmpdir_o.name
|
||||
|
||||
def generate_pems(domain: str):
|
||||
subprocess.run(
|
||||
[
|
||||
"${pkgs.minica}/bin/minica",
|
||||
"--ca-key=ca.key.pem",
|
||||
"--ca-cert=ca.cert.pem",
|
||||
f"--domains={domain}",
|
||||
],
|
||||
cwd=str(tmpdir),
|
||||
)
|
||||
|
||||
with subtest("Creating keys and certificates"):
|
||||
generate_pems("server")
|
||||
generate_pems("client")
|
||||
|
||||
server.wait_for_unit("multi-user.target")
|
||||
client.wait_for_unit("multi-user.target")
|
||||
|
||||
def copy_pems(machine: Machine, domain: str):
|
||||
machine.succeed("mkdir /run/secrets")
|
||||
machine.copy_from_host(
|
||||
source=f"{tmpdir}/{domain}/cert.pem",
|
||||
target=f"/run/secrets/{domain}.cert.pem",
|
||||
)
|
||||
machine.copy_from_host(
|
||||
source=f"{tmpdir}/{domain}/key.pem",
|
||||
target=f"/run/secrets/{domain}.key.pem",
|
||||
)
|
||||
# Should be last
|
||||
machine.copy_from_host(
|
||||
source=f"{tmpdir}/ca.cert.pem",
|
||||
target="/run/secrets/ca.cert.pem",
|
||||
)
|
||||
|
||||
with subtest("Copying keys and certificates"):
|
||||
copy_pems(server, "server")
|
||||
copy_pems(client, "client")
|
||||
|
||||
client.wait_for_unit("systemd-journal-upload.service")
|
||||
# The journal upload should have started the remote service, triggered by
|
||||
# the .socket unit
|
||||
server.wait_for_unit("systemd-journal-remote.service")
|
||||
|
||||
identifier = "nixos-test"
|
||||
message = "Hello from NixOS test infrastructure"
|
||||
|
||||
client.succeed(f"systemd-cat --identifier={identifier} <<< '{message}'")
|
||||
server.wait_until_succeeds(
|
||||
f"journalctl --file /var/log/journal/remote/remote-*.journal --identifier={identifier} | grep -F '{message}'"
|
||||
)
|
||||
'';
|
||||
})
|
|
@ -6,17 +6,11 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
|||
maintainers = [ lewo ];
|
||||
};
|
||||
|
||||
nodes.machine = { pkgs, lib, ... }: {
|
||||
services.journald.enableHttpGateway = true;
|
||||
};
|
||||
nodes.machine = { };
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
machine.succeed("journalctl --grep=systemd")
|
||||
|
||||
machine.succeed(
|
||||
"${pkgs.curl}/bin/curl -s localhost:19531/machine | ${pkgs.jq}/bin/jq -e '.hostname == \"machine\"'"
|
||||
)
|
||||
'';
|
||||
})
|
||||
|
|
61
nixos/tests/systemd-timesyncd-nscd-dnssec.nix
Normal file
61
nixos/tests/systemd-timesyncd-nscd-dnssec.nix
Normal file
|
@ -0,0 +1,61 @@
|
|||
# This test verifies that systemd-timesyncd can resolve the NTP server hostname when DNSSEC validation
|
||||
# fails even though it is enforced in the systemd-resolved settings. It is required in order to solve
|
||||
# the chicken-and-egg problem when DNSSEC validation needs the correct time to work, but to set the
|
||||
# correct time, we need to connect to an NTP server, which usually requires resolving its hostname.
|
||||
#
|
||||
# This test does the following:
|
||||
# - Sets up a DNS server (tinydns) listening on the eth1 ip addess, serving .ntp and fake.ntp records.
|
||||
# - Configures that DNS server as a resolver and enables DNSSEC in systemd-resolved settings.
|
||||
# - Configures systemd-timesyncd to use fake.ntp hostname as an NTP server.
|
||||
# - Performs a regular DNS lookup, to ensure it fails due to broken DNSSEC.
|
||||
# - Waits until systemd-timesyncd resolves fake.ntp by checking its debug output.
|
||||
# Here, we don't expect systemd-timesyncd to connect and synchronize time because there is no NTP
|
||||
# server running. For this test to succeed, we only need to ensure that systemd-timesyncd
|
||||
# resolves the IP address of the fake.ntp host.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
|
||||
let
|
||||
ntpHostname = "fake.ntp";
|
||||
ntpIP = "192.0.2.1";
|
||||
in
|
||||
{
|
||||
name = "systemd-timesyncd";
|
||||
nodes.machine = { pkgs, lib, config, ... }:
|
||||
let
|
||||
eth1IP = (lib.head config.networking.interfaces.eth1.ipv4.addresses).address;
|
||||
in
|
||||
{
|
||||
# Setup a local DNS server for the NTP domain on the eth1 IP address
|
||||
services.tinydns = {
|
||||
enable = true;
|
||||
ip = eth1IP;
|
||||
data = ''
|
||||
.ntp:${eth1IP}
|
||||
+.${ntpHostname}:${ntpIP}
|
||||
'';
|
||||
};
|
||||
|
||||
# Enable systemd-resolved with DNSSEC and use the local DNS as a name server
|
||||
services.resolved.enable = true;
|
||||
services.resolved.dnssec = "true";
|
||||
networking.nameservers = [ eth1IP ];
|
||||
|
||||
# Configure systemd-timesyncd to use our NTP hostname
|
||||
services.timesyncd.enable = lib.mkForce true;
|
||||
services.timesyncd.servers = [ ntpHostname ];
|
||||
services.timesyncd.extraConfig = ''
|
||||
FallbackNTP=${ntpHostname}
|
||||
'';
|
||||
|
||||
# The debug output is necessary to determine whether systemd-timesyncd successfully resolves our NTP hostname or not
|
||||
systemd.services.systemd-timesyncd.environment.SYSTEMD_LOG_LEVEL = "debug";
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("tinydns.service")
|
||||
machine.wait_for_unit("systemd-timesyncd.service")
|
||||
machine.fail("resolvectl query ${ntpHostname}")
|
||||
machine.wait_until_succeeds("journalctl -u systemd-timesyncd.service --grep='Resolved address ${ntpIP}:123 for ${ntpHostname}'")
|
||||
'';
|
||||
})
|
|
@ -2,6 +2,7 @@
|
|||
, stdenv
|
||||
, fetchgit
|
||||
, fetchzip
|
||||
, fetchpatch
|
||||
, alsa-lib
|
||||
, aubio
|
||||
, boost
|
||||
|
@ -79,6 +80,12 @@ stdenv.mkDerivation rec {
|
|||
# AS=as in the environment causes build failure https://tracker.ardour.org/view.php?id=8096
|
||||
./as-flags.patch
|
||||
./default-plugin-search-paths.patch
|
||||
|
||||
# Fix build with libxml2 2.12.
|
||||
(fetchpatch {
|
||||
url = "https://github.com/Ardour/ardour/commit/e995daa37529715214c6c4a2587e4134aaaba02f.patch";
|
||||
hash = "sha256-EpXOIIObOwwcNgNma0E3nvaBad3930sagDjBpa+78WI=";
|
||||
})
|
||||
];
|
||||
|
||||
# Ardour's wscript requires git revision and date to be available.
|
||||
|
|
|
@ -66,6 +66,7 @@ python3.pkgs.buildPythonApplication rec {
|
|||
] ++ (with python3.pkgs; [
|
||||
sphinx-rtd-theme
|
||||
sphinxHook
|
||||
setuptools
|
||||
]);
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -64,10 +64,6 @@ in python3.pkgs.buildPythonApplication rec {
|
|||
"--prefix" "PATH" ":" (lib.makeBinPath bins)
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
export SETUPTOOLS_SCM_PRETEND_VERSION="${version}"
|
||||
'';
|
||||
|
||||
outputs = [ "out" "man" ];
|
||||
postBuild = ''
|
||||
make -C man
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
, rocksdb
|
||||
, rust-jemalloc-sys-unprefixed
|
||||
, rustPlatform
|
||||
, rustc-wasm32
|
||||
, rustc
|
||||
, stdenv
|
||||
, Security
|
||||
, SystemConfiguration
|
||||
|
@ -63,8 +63,8 @@ rustPlatform.buildRustPackage rec {
|
|||
|
||||
nativeBuildInputs = [
|
||||
rustPlatform.bindgenHook
|
||||
rustc-wasm32
|
||||
rustc-wasm32.llvmPackages.lld
|
||||
rustc
|
||||
rustc.llvmPackages.lld
|
||||
];
|
||||
|
||||
# NOTE: jemalloc is used by default on Linux with unprefixed enabled
|
||||
|
|
|
@ -13,6 +13,12 @@ stdenv.mkDerivation {
|
|||
buildInputs = [ gtk2 ];
|
||||
sourceRoot = "scintilla/gtk";
|
||||
|
||||
CXXFLAGS = [
|
||||
# GCC 13: error: 'intptr_t' does not name a type
|
||||
"-include cstdint"
|
||||
"-include system_error"
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
make
|
||||
cd ../../lexilla/src
|
||||
|
|
|
@ -37,6 +37,11 @@ mkDerivation rec {
|
|||
"-DALGLIB_DIR:PATH=${alglib}"
|
||||
];
|
||||
|
||||
CXXFLAGS = [
|
||||
# GCC 13: error: 'uint32_t' does not name a type
|
||||
"-include cstdint"
|
||||
];
|
||||
|
||||
patches = [
|
||||
# https://github.com/jcelaya/hdrmerge/pull/222
|
||||
(fetchpatch {
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
, cmake
|
||||
, desktopToDarwinBundle
|
||||
, fetchurl
|
||||
, fetchpatch
|
||||
, gettext
|
||||
, ghostscript
|
||||
, glib
|
||||
|
@ -92,6 +93,13 @@ stdenv.mkDerivation rec {
|
|||
src = ./fix-ps2pdf-path.patch;
|
||||
inherit ghostscript;
|
||||
})
|
||||
|
||||
# Fix build with libxml2 2.12
|
||||
# https://gitlab.com/inkscape/inkscape/-/merge_requests/6089
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.com/inkscape/inkscape/-/commit/694d8ae43d06efff21adebf377ce614d660b24cd.patch";
|
||||
hash = "sha256-9IXJzpZbNU5fnt7XKgqCzUDrwr08qxGwo8TqnL+xc6E=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
|
|
@ -21,6 +21,15 @@ mkDerivation rec {
|
|||
inherit hash;
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fixes build with SIP 6.8
|
||||
(fetchpatch {
|
||||
name = "bump-SIP-ABI-version-to-12.8.patch";
|
||||
url = "https://invent.kde.org/graphics/krita/-/commit/2d71c47661d43a4e3c1ab0c27803de980bdf2bb2.diff";
|
||||
hash = "sha256-U3E44nj4vra++PJV20h4YHjES78kgrJtr4ktNeQfOdA=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ cmake extra-cmake-modules pkg-config python3Packages.sip makeWrapper ];
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -75,6 +75,11 @@ mkDerivation rec {
|
|||
"-DALLOW_BUNDLED_LEVMAR=ON"
|
||||
];
|
||||
|
||||
CXXFLAGS = [
|
||||
# GCC 13: error: 'int16_t' has not been declared in 'std'
|
||||
"-include cstdint"
|
||||
];
|
||||
|
||||
postFixup = ''
|
||||
patchelf --add-needed $out/lib/meshlab/libmeshlab-common.so $out/bin/.meshlab-wrapped
|
||||
'';
|
||||
|
|
|
@ -16,6 +16,14 @@ stdenv.mkDerivation rec {
|
|||
# great, but tesseract4's days are numbered anyway
|
||||
postPatch = ''
|
||||
sed -i '/allheaders.h/a#include "pix_internal.h"' src/textord/devanagari_processing.cpp
|
||||
|
||||
# gcc-13 compat fix, simulate this upstream patch:
|
||||
# https://github.com/tesseract-ocr/tesseract/commit/17e795aaae7d40dbcb7d3365835c2f55ecc6355d.patch
|
||||
# https://github.com/tesseract-ocr/tesseract/commit/c0db7b7e930322826e09981360e39fdbd16cc9b0.patch
|
||||
|
||||
sed -i src/ccutil/helpers.h -e '1i #include <climits>'
|
||||
sed -i src/ccutil/helpers.h -e '1i #include <cstdint>'
|
||||
sed -i src/dict/matchdefs.h -e '1i #include <cstdint>'
|
||||
'';
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
|
@ -34,6 +34,7 @@ python3.pkgs.buildPythonApplication rec {
|
|||
];
|
||||
|
||||
pytestFlagsArray = [
|
||||
"-W" "ignore::sphinx.deprecation.RemovedInSphinx90Warning"
|
||||
"--rootdir" "src/ablog"
|
||||
];
|
||||
|
||||
|
|
|
@ -6,15 +6,21 @@
|
|||
python3Packages.buildPythonApplication rec {
|
||||
pname = "acpic";
|
||||
version = "1.0.0";
|
||||
format = "setuptools";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchPypi {
|
||||
inherit version pname;
|
||||
hash = "sha256-vQ9VxCNbOmqHIY3e1wq1wNJl5ywfU2tm62gDg3vKvcg=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
python3Packages.pbr
|
||||
postPatch = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "pbr>=5.8.1,<6" "pbr"
|
||||
'';
|
||||
|
||||
nativeBuildInputs = with python3Packages; [
|
||||
pbr
|
||||
setuptools
|
||||
];
|
||||
|
||||
# no tests
|
||||
|
|
|
@ -79,6 +79,8 @@ stdenv.mkDerivation rec {
|
|||
++ lib.optional enableLibpulseaudio libpulseaudio
|
||||
++ lib.optional stdenv.isDarwin CoreAudio;
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Sample Rate Converter for audio";
|
||||
homepage = "https://sox.sourceforge.net/";
|
||||
|
|
|
@ -26,6 +26,11 @@ mkDerivation rec {
|
|||
})
|
||||
];
|
||||
|
||||
CXXFLAGS = [
|
||||
# error: 'uint8_t' is not a member of 'std'; did you mean 'wint_t'?
|
||||
"-include cstdint"
|
||||
];
|
||||
|
||||
buildInputs = [ curl xorg.libX11 xorg.libXext xorg.libXtst avahiWithLibdnssdCompat qtbase ];
|
||||
nativeBuildInputs = [ cmake wrapGAppsHook ];
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ in
|
|||
with python3.pkgs; buildPythonApplication rec {
|
||||
version = "4.8";
|
||||
pname = "buku";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jarun";
|
||||
|
@ -27,6 +28,10 @@ with python3.pkgs; buildPythonApplication rec {
|
|||
sha256 = "sha256-kPVlfTYUusf5CZnKB53WZcCHo3MEnA2bLUHTRPGPn+8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
setuptools
|
||||
];
|
||||
|
||||
nativeCheckInputs = [
|
||||
hypothesis
|
||||
pytest
|
||||
|
|
|
@ -17,8 +17,6 @@ python3Packages.buildPythonApplication rec {
|
|||
hatch-vcs
|
||||
];
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
pykeepass
|
||||
pynput
|
||||
|
|
|
@ -17,8 +17,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
hash = "sha256-yI33pB/t+UISvSbLUzmsZqBxLF6r8R3j9iPNeosKcYw=";
|
||||
};
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
nativeBuildInputs = [
|
||||
glibcLocales
|
||||
installShellFiles
|
||||
|
|
|
@ -9,7 +9,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
sha256 = "sha256-WfMKDaPD2j6wT02+GO5HY5E7aF2Z7IQY/VdKiMSRxJA=";
|
||||
};
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
setuptools-scm
|
||||
sphinxHook
|
||||
|
|
|
@ -30,8 +30,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
setuptools-scm
|
||||
];
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
colorama
|
||||
distro
|
||||
|
|
|
@ -165,10 +165,14 @@ stdenv.mkDerivation rec {
|
|||
EOF
|
||||
|
||||
moveToOutput "bin" "$bin"
|
||||
'' + lib.optionalString (enableX11 || enableGL) ''
|
||||
'' + (lib.optionalString (stdenv.isDarwin) ''
|
||||
for exe in $bin/bin/*; do
|
||||
install_name_tool -change build/shared-release/libmupdf.dylib $out/lib/libmupdf.dylib "$exe"
|
||||
done
|
||||
'') + (lib.optionalString (enableX11 || enableGL) ''
|
||||
mkdir -p $bin/share/icons/hicolor/48x48/apps
|
||||
cp docs/logo/mupdf.png $bin/share/icons/hicolor/48x48/apps
|
||||
'' + (if enableGL then ''
|
||||
'') + (if enableGL then ''
|
||||
ln -s "$bin/bin/mupdf-gl" "$bin/bin/mupdf"
|
||||
'' else lib.optionalString (enableX11) ''
|
||||
ln -s "$bin/bin/mupdf-x11" "$bin/bin/mupdf"
|
||||
|
|
|
@ -163,7 +163,7 @@ let
|
|||
zeroconf
|
||||
zipstream-ng
|
||||
class-doc
|
||||
pydantic
|
||||
pydantic_1
|
||||
] ++ lib.optionals stdenv.isDarwin [
|
||||
py.pkgs.appdirs
|
||||
] ++ lib.optionals (!stdenv.isDarwin) [
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
, binaryen
|
||||
, gzip
|
||||
, nodejs
|
||||
, rustc-wasm32
|
||||
, rustc
|
||||
, wasm-bindgen-cli
|
||||
, wasm-pack
|
||||
}:
|
||||
|
@ -66,8 +66,8 @@ rustPlatform.buildRustPackage rec {
|
|||
binaryen
|
||||
gzip
|
||||
nodejs
|
||||
rustc-wasm32
|
||||
rustc-wasm32.llvmPackages.lld
|
||||
rustc
|
||||
rustc.llvmPackages.lld
|
||||
wasm-bindgen-84
|
||||
wasm-pack
|
||||
];
|
||||
|
|
|
@ -15,9 +15,14 @@ python3.pkgs.buildPythonApplication rec {
|
|||
hash = "sha256-TwHDXWgGWuQVgatBDc1iympnb6dy4xYThLR5MouEZHA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
python3.pkgs.setuptools
|
||||
python3.pkgs.wheel
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
setuptools
|
||||
pythonRelaxDepsHook
|
||||
];
|
||||
|
||||
pythonRelaxDeps = [
|
||||
"click"
|
||||
"rich"
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
|
|
|
@ -15,8 +15,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
hash = "sha256-OzcoOIgEiadWrsUPIxBJTuZQYjScJBYKyqCu1or6fz8=";
|
||||
};
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
hatchling
|
||||
hatch-vcs
|
||||
|
|
|
@ -82,6 +82,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
mesonBuildType = "release";
|
||||
|
||||
mesonFlags = [
|
||||
(lib.mesonBool "werror" false)
|
||||
(lib.mesonEnable "backend-x11" x11Support)
|
||||
(lib.mesonEnable "backend-wayland" waylandSupport)
|
||||
];
|
||||
|
|
|
@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec {
|
|||
attrs
|
||||
click
|
||||
cloudflare
|
||||
pydantic
|
||||
pydantic_1
|
||||
requests
|
||||
];
|
||||
|
||||
|
|
|
@ -23,8 +23,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
setuptools-scm
|
||||
];
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
appdirs
|
||||
deltachat
|
||||
|
|
|
@ -85,19 +85,26 @@ stdenv.mkDerivation rec {
|
|||
patchShebangs notmuch-git
|
||||
'';
|
||||
|
||||
preCheck = let
|
||||
test-database = fetchurl {
|
||||
url = "https://notmuchmail.org/releases/test-databases/database-v1.tar.xz";
|
||||
sha256 = "1lk91s00y4qy4pjh8638b5lfkgwyl282g1m27srsf7qfn58y16a2";
|
||||
};
|
||||
in ''
|
||||
mkdir -p test/test-databases
|
||||
ln -s ${test-database} test/test-databases/database-v1.tar.xz
|
||||
''
|
||||
# Issues since gnupg: 2.4.0 -> 2.4.1
|
||||
+ ''
|
||||
rm test/{T350-crypto,T357-index-decryption}.sh
|
||||
'';
|
||||
preCheck =
|
||||
let
|
||||
test-database = fetchurl {
|
||||
url = "https://notmuchmail.org/releases/test-databases/database-v1.tar.xz";
|
||||
sha256 = "1lk91s00y4qy4pjh8638b5lfkgwyl282g1m27srsf7qfn58y16a2";
|
||||
};
|
||||
in
|
||||
''
|
||||
mkdir -p test/test-databases
|
||||
ln -s ${test-database} test/test-databases/database-v1.tar.xz
|
||||
''
|
||||
+ ''
|
||||
# Issues since gnupg: 2.4.0 -> 2.4.1
|
||||
rm test/{T350-crypto,T357-index-decryption}.sh
|
||||
# Issues since pbr 6.0.0 bump (ModuleNotFoundError: No module named 'notmuch2')
|
||||
rm test/T055-path-config.sh
|
||||
# Flaky, seems to get its paths wrong sometimes (?)
|
||||
# *ERROR*: Opening output file: Permission denied, /nix/store/bzy21v2cd5sq1djzwa9b19q08wpp9mm0-emacs-29.1/bin/OUTPUT
|
||||
rm test/T460-emacs-tree.sh
|
||||
'';
|
||||
|
||||
doCheck = !stdenv.hostPlatform.isDarwin && (lib.versionAtLeast gmime3.version "3.0.3");
|
||||
checkTarget = "test";
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ lib, stdenv
|
||||
, fetchurl
|
||||
, fetchpatch
|
||||
, pkg-config
|
||||
, intltool
|
||||
, python3Packages
|
||||
|
@ -31,6 +32,16 @@ stdenv.mkDerivation rec {
|
|||
hash = "sha256-7lanrs63N6ZnqxvjcW/+cUZVDqUbML2gftQUc/sLr3Q=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Pull upstream fix for libxml2-2.12 compatibility:
|
||||
# https://github.com/lwindolf/liferea/pull/1329
|
||||
(fetchpatch {
|
||||
name = "libxml2-2.12.patch";
|
||||
url = "https://github.com/lwindolf/liferea/commit/be8ef494586d9ef73c04ec4ca058a9a158ae3562.patch";
|
||||
hash = "sha256-K1R7dJMm7ui6QKQqAHCo/ZrLCW3PhPU1EKRPEICtCsQ=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
wrapGAppsHook
|
||||
python3Packages.wrapPython
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, fetchpatch
|
||||
, pkg-config
|
||||
, gtk3
|
||||
, fribidi
|
||||
|
@ -28,6 +29,14 @@ stdenv.mkDerivation rec {
|
|||
hash = "sha256-ElckfplwUI1tFFbT4zDNGQnEtCsl4PChvDJSbW86IbQ=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fix build with libxml2 2.12
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.gnome.org/World/AbiWord/-/commit/2a06be6a10a0718f8a3d8e00c317f5042c99a467.patch";
|
||||
hash = "sha256-vfh81tGXe9dgnjcAtoWHOK8CtW7MZ75FFjnfKTkiKkk=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
wrapGAppsHook
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
, IOCompress
|
||||
, zlib
|
||||
, libjpeg
|
||||
, liblangtag
|
||||
, expat
|
||||
, freetype
|
||||
, libwpd
|
||||
|
@ -225,6 +226,17 @@ in stdenv.mkDerivation (finalAttrs: {
|
|||
url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=ececb678b8362e3be8e02768ddd5e4197d87dc2a";
|
||||
hash = "sha256-TUfKlwNxUTOJ95VLqwVD+ez1xhu7bW6xZlgIaCyIiNg=";
|
||||
})
|
||||
|
||||
# Backport libxml 2.12 build fixes
|
||||
# FIXME: remove in next release
|
||||
(fetchpatch {
|
||||
url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=c8f7408db73d2f2ccacb25a2b4fef8dfebdfc6cb";
|
||||
hash = "sha256-uEgRx1eyS3Wx2ZDWEsUmpIbuKezVrIbO++qSL2QI8Lk=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=cbb17a548b5cc6a99b6ed7735479bb4f2bc40f26";
|
||||
hash = "sha256-ofhif37uvQI+gidaUpyr6XlyBc3gTJUDBRb3ootrzz0=";
|
||||
})
|
||||
];
|
||||
|
||||
# libreoffice tries to reference the BUILDCONFIG (e.g. PKG_CONFIG_PATH)
|
||||
|
@ -436,6 +448,7 @@ in stdenv.mkDerivation (finalAttrs: {
|
|||
"--with-system-headers"
|
||||
"--with-system-openssl"
|
||||
"--with-system-libabw"
|
||||
"--with-system-liblangtag"
|
||||
"--without-system-libcmis"
|
||||
"--with-system-libwps"
|
||||
"--with-system-openldap"
|
||||
|
@ -466,7 +479,6 @@ in stdenv.mkDerivation (finalAttrs: {
|
|||
"--without-system-lpsolve"
|
||||
"--without-system-libetonyek"
|
||||
"--without-system-libfreehand"
|
||||
"--without-system-liblangtag"
|
||||
"--without-system-libmspub"
|
||||
"--without-system-libnumbertext"
|
||||
"--without-system-libpagemaker"
|
||||
|
@ -566,6 +578,7 @@ in stdenv.mkDerivation (finalAttrs: {
|
|||
libepoxy
|
||||
libexttextcat
|
||||
libjpeg
|
||||
liblangtag
|
||||
libmspack
|
||||
libmwaw
|
||||
libmysqlclient
|
||||
|
|
|
@ -29,8 +29,6 @@ buildPythonPackage rec {
|
|||
patchShebangs ../tools
|
||||
'';
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
distro
|
||||
setuptools
|
||||
|
|
|
@ -29,8 +29,6 @@ buildPythonPackage rec {
|
|||
patchShebangs ../tools
|
||||
'';
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkgs.gettext
|
||||
pkgs.which
|
||||
|
|
|
@ -44,8 +44,6 @@ buildPythonPackage rec {
|
|||
patchShebangs ../tools
|
||||
'';
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
distro
|
||||
gtk3
|
||||
|
|
|
@ -42,8 +42,6 @@ python3Packages.buildPythonApplication rec {
|
|||
|
||||
sourceRoot = "${src.name}/paperwork-gtk";
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
postPatch = ''
|
||||
chmod a+w -R ..
|
||||
patchShebangs ../tools
|
||||
|
|
|
@ -32,8 +32,6 @@ buildPythonPackage rec {
|
|||
chmod a+w -R ..
|
||||
patchShebangs ../tools
|
||||
'';
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
openpaperwork-core
|
||||
paperwork-backend
|
||||
|
|
|
@ -19,8 +19,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
hash = "sha256-5tQaNT6QVN9mxa9t6OvMux4ZGy4flUqszTAwet2QL0w=";
|
||||
};
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
nativeBuildInputs = [
|
||||
installShellFiles
|
||||
] ++ (with python3.pkgs; [
|
||||
|
|
|
@ -31,8 +31,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
setuptools-scm
|
||||
];
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
doCheck = false;
|
||||
|
||||
dontWrapGApps = true;
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "fasttext";
|
||||
version = "0.9.2";
|
||||
version = "0.9.2-unstable-2023-11-28";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "facebookresearch";
|
||||
repo = "fastText";
|
||||
rev = "v${version}";
|
||||
sha256 = "07cz2ghfq6amcljaxpdr5chbd64ph513y8zqmibfx2xwfp74xkhn";
|
||||
rev = "6c2204ba66776b700095ff73e3e599a908ffd9c3";
|
||||
hash = "sha256-lSIah4T+QqZwCRpeI3mxJ7PZT6pSHBO26rcEFfK8DSk=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchurl, cmake, blas, lapack, gfortran, gmm, fltk, libjpeg
|
||||
{ lib, stdenv, fetchurl, fetchpatch, cmake, blas, lapack, gfortran, gmm, fltk, libjpeg
|
||||
, zlib, libGL, libGLU, xorg, opencascade-occt
|
||||
, python ? null, enablePython ? false }:
|
||||
|
||||
|
@ -24,7 +24,22 @@ stdenv.mkDerivation rec {
|
|||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
patches = [ ./fix-python.patch ];
|
||||
patches = [
|
||||
./fix-python.patch
|
||||
|
||||
# Pull upstream fix git gcc-13:
|
||||
# https://gitlab.onelab.info/gmsh/gmsh/-/issues/2416
|
||||
(fetchpatch {
|
||||
name = "gcc-13-p1.patch";
|
||||
url = "https://gitlab.onelab.info/gmsh/gmsh/-/commit/fb81a9c9026700e078de947b4522cb39e543a86b.patch";
|
||||
hash = "sha256-1GInFqQZvOgflC3eQTjmZ9uBGFASRNCpCwDACN3yTQ4=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "gcc-13-p2.patch";
|
||||
url = "https://gitlab.onelab.info/gmsh/gmsh/-/commit/aceb09c807b78ea26555f99fcb16c4f87c31fb5a.patch";
|
||||
hash = "sha256-6FI0hIvj8hglCvxoKV0GzT2/F/Wz+ddkxV/TLzzJBLU=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace api/gmsh.py --subst-var-by LIBPATH ${placeholder "out"}/lib/libgmsh.so
|
||||
|
|
|
@ -97,7 +97,10 @@ mkDerivation rec {
|
|||
(lib.withFeature stdenv.isLinux "inotify")
|
||||
];
|
||||
|
||||
env.NIX_CFLAGS_COMPILE = toString [ "-DNIXPKGS" ];
|
||||
env.NIX_CFLAGS_COMPILE = toString [
|
||||
"-DNIXPKGS"
|
||||
"-fpermissive" # libxml2-2.12 changed const qualifiers
|
||||
];
|
||||
|
||||
patches = [
|
||||
# fix "No/bad main configuration file" error
|
||||
|
|
|
@ -52,8 +52,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
pyyaml
|
||||
];
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
makeFlags = [
|
||||
"PREFIX=${placeholder "out"}"
|
||||
];
|
||||
|
|
|
@ -11,8 +11,6 @@ python3Packages.buildPythonApplication rec {
|
|||
hash = "sha256-PtV2mzxOfZ88THiFD4K+qtOi41GeLF1GcdiFFhUR8Ak=";
|
||||
};
|
||||
|
||||
env.SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
buildInputs = lib.optionals stdenv.isLinux [ qt5.qtwayland ];
|
||||
propagatedBuildInputs = with python3Packages; [ git pyqt5 qtpy send2trash ];
|
||||
nativeBuildInputs = with python3Packages; [ setuptools-scm gettext qt5.wrapQtAppsHook ];
|
||||
|
|
|
@ -29,7 +29,7 @@ assert sendEmailSupport -> perlSupport;
|
|||
assert svnSupport -> perlSupport;
|
||||
|
||||
let
|
||||
version = "2.42.0";
|
||||
version = "2.43.0";
|
||||
svn = subversionClient.override { perlBindings = perlSupport; };
|
||||
gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
|
||||
in
|
||||
|
@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
|
||||
hash = "sha256-MnghDp/SmUuEhN1+Pd2eqLlA71IXDNtgbaqU2IfJOw0=";
|
||||
hash = "sha256-VEZgPnPZEXgdJZ5WV1Dc0nekKDbI45LKyRzxN6qbduw=";
|
||||
};
|
||||
|
||||
outputs = [ "out" ] ++ lib.optional withManual "doc";
|
||||
|
|
|
@ -17,8 +17,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
hash = "sha256-4SGkkC4LjZXTDXwK6jMOIKXR1qX76CasOwSqv8XUrjs=";
|
||||
};
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
# Upstream splitted the project into gitlint and gitlint-core to
|
||||
# simplify the dependency handling
|
||||
sourceRoot = "${src.name}/gitlint-core";
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ lib, stdenv, fetchurl, fetchpatch, python3Packages, makeWrapper, gettext, installShellFiles
|
||||
, re2Support ? true
|
||||
, rustSupport ? stdenv.hostPlatform.isLinux, cargo, rustPlatform, rustc
|
||||
# depends on rust-cpython which won't support python312
|
||||
# https://github.com/dgrunwald/rust-cpython/commit/e815555629e557be084813045ca1ddebc2f76ef9
|
||||
, rustSupport ? (stdenv.hostPlatform.isLinux && python3Packages.pythonOlder "3.12"), cargo, rustPlatform, rustc
|
||||
, fullBuild ? false
|
||||
, gitSupport ? fullBuild
|
||||
, guiSupport ? fullBuild, tk
|
||||
|
@ -21,11 +23,11 @@ let
|
|||
|
||||
self = python3Packages.buildPythonApplication rec {
|
||||
pname = "mercurial${lib.optionalString fullBuild "-full"}";
|
||||
version = "6.5.3";
|
||||
version = "6.6.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
|
||||
sha256 = "sha256-LNyB+t4SnPVrEoQXUn8ZC6cv13ZWc5TOVO7XZOZn59U=";
|
||||
sha256 = "sha256-opRlo/5Ao+jUm6g0MTSsKrooa2g//rg42gz25FIflpU=";
|
||||
};
|
||||
|
||||
format = "other";
|
||||
|
@ -35,7 +37,7 @@ let
|
|||
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "mercurial-${version}";
|
||||
sha256 = "sha256-ob81zMUY4AVNIbkFKyImnj7QhHTh7LVOCcGeZDtTAXc=";
|
||||
sha256 = "sha256-wLV0qdCfMgGpZRxnZik/lRwZHm/66p0sJn/mYVRvRkQ=";
|
||||
sourceRoot = "mercurial-${version}/rust";
|
||||
} else null;
|
||||
cargoRoot = if rustSupport then "rust" else null;
|
||||
|
@ -43,7 +45,7 @@ let
|
|||
propagatedBuildInputs = lib.optional re2Support fb-re2
|
||||
++ lib.optional gitSupport pygit2
|
||||
++ lib.optional highlightSupport pygments;
|
||||
nativeBuildInputs = [ makeWrapper gettext installShellFiles ]
|
||||
nativeBuildInputs = [ makeWrapper gettext installShellFiles python3Packages.setuptools ]
|
||||
++ lib.optionals rustSupport [
|
||||
rustPlatform.cargoSetupHook
|
||||
cargo
|
||||
|
|
|
@ -42,9 +42,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
substituteInPlace pyproject.toml requirements.txt --replace "opencv-python" "opencv"
|
||||
'';
|
||||
|
||||
# Let setuptools know deface version
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = "v${version}";
|
||||
|
||||
pythonImportsCheck = [ "deface" "onnx" "onnxruntime" ];
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -25,6 +25,12 @@ let
|
|||
|
||||
python = python3.override {
|
||||
packageOverrides = self: super: {
|
||||
pydantic = super.pydantic_1;
|
||||
|
||||
versioningit = super.versioningit.overridePythonAttrs {
|
||||
# checkPhase requires pydantic>=2
|
||||
doCheck = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
{ stdenv
|
||||
, lib
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
# For tests
|
||||
, testers
|
||||
, runCommand
|
||||
|
@ -135,6 +136,11 @@ let
|
|||
"${src}/contrib/ffmpeg/A28-avcodec-amfenc-HDR-metadata.patch"
|
||||
# This patch is not applying since ffmpeg 5.1.1, probably it was backported by upstream
|
||||
# "${src}/contrib/ffmpeg/A30-svt-av1-backports.patch"
|
||||
(fetchpatch {
|
||||
name = "vulkan-remove-extensions.patch";
|
||||
url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/eb0455d64690";
|
||||
hash = "sha256-qvLrb7b+9/bel8A2lZuSmBiJtHXsABw0Lvgn1ggnmCU=";
|
||||
})
|
||||
];
|
||||
});
|
||||
|
||||
|
|
|
@ -2,10 +2,11 @@
|
|||
, lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, addOpenGLRunpath
|
||||
, cmake
|
||||
, fdk_aac
|
||||
, ffmpeg_4
|
||||
, ffmpeg
|
||||
, jansson
|
||||
, libjack2
|
||||
, libxkbcommon
|
||||
|
@ -74,6 +75,25 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
# Lets obs-browser build against CEF 90.1.0+
|
||||
./Enable-file-access-and-universal-access-for-file-URL.patch
|
||||
./fix-nix-plugin-path.patch
|
||||
|
||||
# Backport ffmpeg 6.1 / GCC 13 build fixes
|
||||
# FIXME: remove in next release
|
||||
(fetchpatch {
|
||||
url = "https://github.com/obsproject/obs-studio/commit/cd784644f5e82b9988043f229c19603289c6d32c.patch";
|
||||
hash = "sha256-S4JE5kgr4x3uMHY2GRh0GBJpb7o/wYZb/v0CDITFNnQ=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/obsproject/obs-studio/commit/758b47d4ed9a25b8d64ad481d8d039990b9e57c9.patch";
|
||||
hash = "sha256-jYpjwhx6e+dhN3kzbd6FcdjQ+WhIX0/BOu9PSkt+2yI=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/obsproject/obs-studio/commit/4b5be75c7e4b8cee908ed4a02fe0078285b4e8c9.patch";
|
||||
hash = "sha256-tuOevhyxchwG42ilrplbiWoiDAKaY4HgzShlvp4VSQI=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/obsproject/obs-studio/commit/6e080a68067b27fe5463f0f4eee7df690451f3d7.patch";
|
||||
hash = "sha256-nbn/q3uszoHaDvaW8Et1MS1sgQzMsJRmjGSMHzUxV70=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -87,7 +107,7 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
|
||||
buildInputs = [
|
||||
curl
|
||||
ffmpeg_4
|
||||
ffmpeg
|
||||
jansson
|
||||
libcef
|
||||
libjack2
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
{ stdenv, fetchgit, lib, dtc }:
|
||||
{ stdenv, fetchzip, lib, dtc }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "kvmtool";
|
||||
version = "unstable-2023-07-12";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git";
|
||||
rev = "106e2ea7756d980454d68631b87d5e25ba4e4881";
|
||||
sha256 = "sha256-wpc5DfHnui0lBVH4uOq6a7pXVUZStjNLRvauu6QpRvE=";
|
||||
src = fetchzip {
|
||||
url = "https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/snapshot/kvmtool-106e2ea7756d980454d68631b87d5e25ba4e4881.tar.gz";
|
||||
hash = "sha256-wpc5DfHnui0lBVH4uOq6a7pXVUZStjNLRvauu6QpRvE=";
|
||||
};
|
||||
|
||||
patches = [ ./strlcpy-glibc-2.38-fix.patch ];
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{ lib
|
||||
, fetchFromGitHub
|
||||
, hostPlatform
|
||||
, cargo
|
||||
, rustc
|
||||
, lld
|
||||
}:
|
||||
|
||||
|
@ -24,12 +22,7 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
# inherit (cross) rustPlatform;
|
||||
# ^ breaks because we are doing a no_std embedded build with a custom sysroot,
|
||||
# but the fast_cross rustc wrapper already passes a sysroot argument
|
||||
rustPlatform = cross.makeRustPlatform {
|
||||
inherit rustc cargo;
|
||||
};
|
||||
inherit (cross) rustPlatform;
|
||||
|
||||
in
|
||||
|
||||
|
|
|
@ -33,6 +33,28 @@
|
|||
, useMacosReexportHack ? false
|
||||
, wrapGas ? false
|
||||
|
||||
# Note: the hardening flags are part of the bintools-wrapper, rather than
|
||||
# the cc-wrapper, because a few of them are handled by the linker.
|
||||
, defaultHardeningFlags ? with stdenvNoCC; [
|
||||
"bindnow"
|
||||
"format"
|
||||
"fortify"
|
||||
"fortify3"
|
||||
"pic"
|
||||
"relro"
|
||||
"stackprotector"
|
||||
"strictoverflow"
|
||||
] ++ lib.optional (
|
||||
# Musl-based platforms will keep "pie", other platforms will not.
|
||||
# If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}`
|
||||
# in the nixpkgs manual to inform users about the defaults.
|
||||
targetPlatform.libc == "musl"
|
||||
# Except when:
|
||||
# - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries.
|
||||
# - static armv7l, where compilation fails.
|
||||
&& !(targetPlatform.isAarch && targetPlatform.isStatic)
|
||||
) "pie"
|
||||
|
||||
# Darwin code signing support utilities
|
||||
, postLinkSignHook ? null, signingUtils ? null
|
||||
}:
|
||||
|
@ -124,6 +146,8 @@ stdenv.mkDerivation {
|
|||
(setenv "NIX_LDFLAGS_${suffixSalt}" (concat (getenv "NIX_LDFLAGS_${suffixSalt}") " -L" arg "/lib64"))))
|
||||
'(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)}))
|
||||
'';
|
||||
|
||||
inherit defaultHardeningFlags;
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
@ -380,6 +404,7 @@ stdenv.mkDerivation {
|
|||
wrapperName = "BINTOOLS_WRAPPER";
|
||||
inherit dynamicLinker targetPrefix suffixSalt coreutils_bin;
|
||||
inherit bintools_bin libc_bin libc_dev libc_lib;
|
||||
default_hardening_flags_str = builtins.toString defaultHardeningFlags;
|
||||
};
|
||||
|
||||
meta =
|
||||
|
|
|
@ -65,7 +65,7 @@ do
|
|||
done
|
||||
|
||||
# If unset, assume the default hardening flags.
|
||||
: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
|
||||
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
|
||||
export NIX_HARDENING_ENABLE
|
||||
|
||||
# No local scope in sourced file
|
||||
|
|
|
@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
|
|||
fi
|
||||
|
||||
if (( "${NIX_DEBUG:-0}" >= 1 )); then
|
||||
declare -a allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
|
||||
declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format)
|
||||
declare -A hardeningDisableMap=()
|
||||
|
||||
# Determine which flags were effectively disabled so we can report below.
|
||||
|
|
|
@ -218,6 +218,8 @@ let
|
|||
then guess
|
||||
else null;
|
||||
|
||||
defaultHardeningFlags = bintools.defaultHardeningFlags or [];
|
||||
|
||||
darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin (
|
||||
if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx"
|
||||
else targetPlatform.darwinPlatform
|
||||
|
@ -271,6 +273,8 @@ stdenv.mkDerivation {
|
|||
inherit expand-response-params;
|
||||
|
||||
inherit nixSupport;
|
||||
|
||||
inherit defaultHardeningFlags;
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
@ -706,6 +710,7 @@ stdenv.mkDerivation {
|
|||
inherit suffixSalt coreutils_bin bintools;
|
||||
inherit libc_bin libc_dev libc_lib;
|
||||
inherit darwinPlatformForCC darwinMinVersion darwinMinVersionVariable;
|
||||
default_hardening_flags_str = builtins.toString defaultHardeningFlags;
|
||||
};
|
||||
|
||||
meta =
|
||||
|
|
|
@ -4,8 +4,7 @@ getTargetRoleWrapper
|
|||
export FC${role_post}=@named_fc@
|
||||
|
||||
# If unset, assume the default hardening flags.
|
||||
# These are different for fortran.
|
||||
: ${NIX_HARDENING_ENABLE="stackprotector pic strictoverflow relro bindnow"}
|
||||
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
|
||||
export NIX_HARDENING_ENABLE
|
||||
|
||||
unset -v role_post
|
||||
|
|
|
@ -111,7 +111,7 @@ export CC${role_post}=@named_cc@
|
|||
export CXX${role_post}=@named_cxx@
|
||||
|
||||
# If unset, assume the default hardening flags.
|
||||
: ${NIX_HARDENING_ENABLE="fortify fortify3 stackprotector pic strictoverflow format relro bindnow"}
|
||||
: ${NIX_HARDENING_ENABLE="@default_hardening_flags_str@"}
|
||||
export NIX_HARDENING_ENABLE
|
||||
|
||||
# No local scope in sourced file
|
||||
|
|
|
@ -11,8 +11,8 @@ let
|
|||
src = fetchFromGitHub {
|
||||
owner = "melpa";
|
||||
repo = "package-build";
|
||||
rev = "c3c535e93d9dc92acd21ebc4b15016b5c3b90e7d";
|
||||
sha256 = "17z0wbqdd6fspbj43yq8biff6wfggk74xgnaf1xx6ynsp1i74is5";
|
||||
rev = "c48aa078c01b4f07b804270c4583a0a58ffea1c0";
|
||||
sha256 = "sha256-MzPj375upIiYXdQR+wWXv3A1zMqbSrZlH0taLuxx/1M=";
|
||||
};
|
||||
|
||||
patches = [ ./package-build-dont-use-mtime.patch ];
|
||||
|
|
|
@ -11,22 +11,22 @@
|
|||
;; Allow installing package tarfiles larger than 10MB
|
||||
(setq large-file-warning-threshold nil)
|
||||
|
||||
(defun melpa2nix-build-package-1 (rcp version commit)
|
||||
(let ((source-dir (package-recipe--working-tree rcp)))
|
||||
(defun melpa2nix-build-package-1 (rcp)
|
||||
(let* ((default-directory (package-recipe--working-tree rcp)))
|
||||
(unwind-protect
|
||||
(let ((files (package-build-expand-files-spec rcp t)))
|
||||
(cond
|
||||
((= (length files) 1)
|
||||
(package-build--build-single-file-package
|
||||
rcp version commit files source-dir))
|
||||
((> (length files) 1)
|
||||
(package-build--build-multi-file-package
|
||||
rcp version commit files source-dir))
|
||||
(t (error "Unable to find files matching recipe patterns")))))))
|
||||
(unless files
|
||||
(error "Unable to find files matching recipe patterns"))
|
||||
(if (> (length files) 1)
|
||||
(package-build--build-multi-file-package rcp files)
|
||||
(package-build--build-single-file-package rcp files))))))
|
||||
|
||||
(defun melpa2nix-build-package ()
|
||||
(if (not noninteractive)
|
||||
(error "`melpa2nix-build-package' is to be used only with -batch"))
|
||||
(unless noninteractive
|
||||
(error "`melpa2nix-build-package' is to be used only with -batch"))
|
||||
(pcase command-line-args-left
|
||||
(`(,package ,version ,commit)
|
||||
(melpa2nix-build-package-1 (package-recipe-lookup package) version commit))))
|
||||
(let ((recipe (package-recipe-lookup package)))
|
||||
(setf (oref recipe commit) commit)
|
||||
(setf (oref recipe version) version)
|
||||
(melpa2nix-build-package-1 recipe)))))
|
||||
|
|
|
@ -1,40 +1,21 @@
|
|||
diff --git a/package-build.el b/package-build.el
|
||||
index e572045..9eb0f82 100644
|
||||
index 29cdb61..c19be1b 100644
|
||||
--- a/package-build.el
|
||||
+++ b/package-build.el
|
||||
@@ -415,7 +415,7 @@ (defun package-build--write-pkg-file (desc dir)
|
||||
(princ ";; Local Variables:\n;; no-byte-compile: t\n;; End:\n"
|
||||
(current-buffer)))))
|
||||
|
||||
-(defun package-build--create-tar (name version directory mtime)
|
||||
+(defun package-build--create-tar (name version directory)
|
||||
"Create a tar file containing the contents of VERSION of package NAME.
|
||||
DIRECTORY is a temporary directory that contains the directory
|
||||
that is put in the tarball. MTIME is used as the modification
|
||||
@@ -434,7 +434,7 @@ (defun package-build--create-tar (name version directory mtime)
|
||||
;; prevent a reproducable tarball as described at
|
||||
@@ -923,7 +923,6 @@ DIRECTORY is a temporary directory that contains the directory
|
||||
that is put in the tarball."
|
||||
(let* ((name (oref rcp name))
|
||||
(version (oref rcp version))
|
||||
- (time (oref rcp time))
|
||||
(tar (expand-file-name (concat name "-" version ".tar")
|
||||
package-build-archive-dir))
|
||||
(dir (concat name "-" version)))
|
||||
@@ -939,7 +938,7 @@ that is put in the tarball."
|
||||
;; prevent a reproducible tarball as described at
|
||||
;; https://reproducible-builds.org/docs/archives.
|
||||
"--sort=name"
|
||||
- (format "--mtime=@%d" mtime)
|
||||
- (format "--mtime=@%d" time)
|
||||
+ "--mtime=@0"
|
||||
"--owner=0" "--group=0" "--numeric-owner"
|
||||
"--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"))
|
||||
(when (and package-build-verbose noninteractive)
|
||||
@@ -848,12 +848,11 @@ (defun package-build--build-multi-file-package (rcp version commit files source-
|
||||
(package-build--desc-from-library
|
||||
name version commit files 'tar)
|
||||
(error "%s[-pkg].el matching package name is missing"
|
||||
- name))))
|
||||
- (mtime (package-build--get-commit-time rcp commit)))
|
||||
+ name)))))
|
||||
(package-build--copy-package-files files source-dir target)
|
||||
(package-build--write-pkg-file desc target)
|
||||
(package-build--generate-info-files files source-dir target)
|
||||
- (package-build--create-tar name version tmp-dir mtime)
|
||||
+ (package-build--create-tar name version tmp-dir)
|
||||
(package-build--write-pkg-readme name files source-dir)
|
||||
(package-build--write-archive-entry desc))
|
||||
(delete-directory tmp-dir t nil))))
|
||||
--
|
||||
2.37.2
|
||||
|
||||
|
|
|
@ -125,6 +125,7 @@
|
|||
|
||||
# Mirrors from https://download.kde.org/ls-lR.mirrorlist
|
||||
kde = [
|
||||
"https://cdn.download.kde.org/"
|
||||
"https://download.kde.org/download.php?url="
|
||||
"https://ftp.gwdg.de/pub/linux/kde/"
|
||||
"https://mirrors.ocf.berkeley.edu/kde/"
|
||||
|
|
|
@ -25,7 +25,7 @@ maturinBuildHook() {
|
|||
|
||||
# Move the wheel to dist/ so that regular Python tooling can find it.
|
||||
mkdir -p dist
|
||||
mv target/wheels/*.whl dist/
|
||||
mv ${cargoRoot:+$cargoRoot/}target/wheels/*.whl dist/
|
||||
|
||||
# These are python build hooks and may depend on ./dist
|
||||
runHook postBuild
|
||||
|
|
|
@ -1,6 +1,19 @@
|
|||
#!@shell@
|
||||
|
||||
extraBefore=(@sysroot@)
|
||||
defaultSysroot=(@sysroot@)
|
||||
|
||||
for arg; do
|
||||
case "$arg" in
|
||||
--sysroot)
|
||||
defaultSysroot=()
|
||||
;;
|
||||
--)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
extraBefore=("${defaultSysroot[@]}")
|
||||
extraAfter=($NIX_RUSTFLAGS)
|
||||
|
||||
# Optionally print debug info.
|
||||
|
|
|
@ -53,17 +53,30 @@ autoPatchelf() {
|
|||
esac
|
||||
done
|
||||
|
||||
readarray -td' ' ignoreMissingDepsArray < <(echo -n "$autoPatchelfIgnoreMissingDeps")
|
||||
if [ "$autoPatchelfIgnoreMissingDeps" == "1" ]; then
|
||||
echo "autoPatchelf: WARNING: setting 'autoPatchelfIgnoreMissingDeps" \
|
||||
"= true;' is deprecated and will be removed in a future release." \
|
||||
"Use 'autoPatchelfIgnoreMissingDeps = [ \"*\" ];' instead." >&2
|
||||
ignoreMissingDepsArray=( "*" )
|
||||
if [ -n "$__structuredAttrs" ]; then
|
||||
local ignoreMissingDepsArray=( "${autoPatchelfIgnoreMissingDeps[@]}" )
|
||||
local appendRunpathsArray=( "${appendRunpaths[@]}" )
|
||||
local runtimeDependenciesArray=( "${runtimeDependencies[@]}" )
|
||||
local patchelfFlagsArray=( "${patchelfFlags[@]}" )
|
||||
else
|
||||
readarray -td' ' ignoreMissingDepsArray < <(echo -n "$autoPatchelfIgnoreMissingDeps")
|
||||
local appendRunpathsArray=($appendRunpaths)
|
||||
local runtimeDependenciesArray=($runtimeDependencies)
|
||||
local patchelfFlagsArray=($patchelfFlags)
|
||||
fi
|
||||
|
||||
local appendRunpathsArray=($appendRunpaths)
|
||||
local runtimeDependenciesArray=($runtimeDependencies)
|
||||
local patchelfFlagsArray=($patchelfFlags)
|
||||
# Check if ignoreMissingDepsArray contains "1" and if so, replace it with
|
||||
# "*", printing a deprecation warning.
|
||||
for dep in "${ignoreMissingDepsArray[@]}"; do
|
||||
if [ "$dep" == "1" ]; then
|
||||
echo "autoPatchelf: WARNING: setting 'autoPatchelfIgnoreMissingDeps" \
|
||||
"= true;' is deprecated and will be removed in a future release." \
|
||||
"Use 'autoPatchelfIgnoreMissingDeps = [ \"*\" ];' instead." >&2
|
||||
ignoreMissingDepsArray=( "*" )
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
@pythonInterpreter@ @autoPatchelfScript@ \
|
||||
${norecurse:+--no-recurse} \
|
||||
--ignore-missing "${ignoreMissingDepsArray[@]}" \
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ lib
|
||||
, python3
|
||||
, fetchPypi
|
||||
, argparse
|
||||
, kubernetes-helm
|
||||
, kind
|
||||
, docker
|
||||
|
@ -17,16 +16,22 @@ python3.pkgs.buildPythonApplication rec {
|
|||
inherit pname version;
|
||||
hash = "sha256-1LE3fpfX4NExJdUdSjt4BXvxQTLJ8zrRkGHkxo/6Pb8=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
sed -i '/argparse/d' pyproject.toml
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
python3.pkgs.poetry-core
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
kubernetes-helm
|
||||
kind
|
||||
docker
|
||||
];
|
||||
nativeBuildInputs = [
|
||||
python3.pkgs.poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
argparse
|
||||
halo
|
||||
pyyaml
|
||||
hiyapyco
|
||||
|
|
|
@ -26,8 +26,6 @@ python3.pkgs.buildPythonApplication rec {
|
|||
pygls
|
||||
];
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
passthru.updateScript = nix-update-script { };
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -138,8 +138,6 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
"CFLAGS=-D_FILE_OFFSET_BITS=64"
|
||||
"CXXFLAGS=-D_FILE_OFFSET_BITS=64"
|
||||
]
|
||||
# Workaround missing atomic ops with gcc <13
|
||||
++ lib.optional stdenv.hostPlatform.isRiscV "LDFLAGS=-latomic"
|
||||
++ [
|
||||
"--"
|
||||
# We should set the proper `CMAKE_SYSTEM_NAME`.
|
||||
|
|
|
@ -16,8 +16,12 @@ python3.pkgs.buildPythonApplication rec {
|
|||
};
|
||||
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
pythonRelaxDepsHook
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
pythonRelaxDeps = [
|
||||
"aiohttp"
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
|
|
27
pkgs/by-name/me/meson/007-darwin-case-sensitivity.patch
Normal file
27
pkgs/by-name/me/meson/007-darwin-case-sensitivity.patch
Normal file
|
@ -0,0 +1,27 @@
|
|||
From a908a574daf8bac10bb2a0ee3771052d2167a85f Mon Sep 17 00:00:00 2001
|
||||
From: Randy Eckenrode <randy@largeandhighquality.com>
|
||||
Date: Sun, 3 Dec 2023 15:41:20 -0500
|
||||
Subject: [PATCH] Fix test failure on Darwin on a case-sensitive fs
|
||||
|
||||
This was encountered while looking into an issue with
|
||||
https://github.com/NixOS/nixpkgs/pull/268583.
|
||||
|
||||
I run my Nix store on case-sensitive APFS, so the test fails due to
|
||||
trying to link `-framework ldap` instead of `-framework LDAP`.
|
||||
---
|
||||
test cases/osx/5 extra frameworks/meson.build | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test cases/osx/5 extra frameworks/meson.build b/test cases/osx/5 extra frameworks/meson.build
|
||||
index f6c01e63a1bd..96532846c632 100644
|
||||
--- a/test cases/osx/5 extra frameworks/meson.build
|
||||
+++ b/test cases/osx/5 extra frameworks/meson.build
|
||||
@@ -7,7 +7,7 @@ dep_main = dependency('Foundation')
|
||||
assert(dep_main.type_name() == 'extraframeworks', 'type_name is ' + dep_main.type_name())
|
||||
|
||||
# https://github.com/mesonbuild/meson/issues/10002
|
||||
-ldap_dep = dependency('ldap', method : 'extraframework')
|
||||
+ldap_dep = dependency('LDAP', method : 'extraframework')
|
||||
assert(ldap_dep.type_name() == 'extraframeworks', 'type_name is ' + ldap_dep.type_name())
|
||||
|
||||
stlib = static_library('stat', 'stat.c', install : true, dependencies: [opengl_dep, ldap_dep])
|
|
@ -1,11 +1,11 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, installShellFiles
|
||||
, coreutils
|
||||
, darwin
|
||||
, libxcrypt
|
||||
, openldap
|
||||
, ninja
|
||||
, pkg-config
|
||||
, python3
|
||||
|
@ -14,17 +14,17 @@
|
|||
}:
|
||||
|
||||
let
|
||||
inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Foundation OpenGL;
|
||||
inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Foundation LDAP OpenGL;
|
||||
in
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "meson";
|
||||
version = "1.2.3";
|
||||
version = "1.3.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mesonbuild";
|
||||
repo = "meson";
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-dgYYz3tQDG6Z4eE77WO2dXdardxVzzGaFLQ5znPcTlw=";
|
||||
hash = "sha256-Jt3PWnbv/8P6Rvf3E/Yli2vdtfgx3CmsW+jlc9CK5KA=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -66,15 +66,8 @@ python3.pkgs.buildPythonApplication rec {
|
|||
# Nixpkgs cctools does not have bitcode support.
|
||||
./006-disable-bitcode.patch
|
||||
|
||||
# Fix passing multiple --define-variable arguments to pkg-config.
|
||||
# https://github.com/mesonbuild/meson/pull/10670
|
||||
(fetchpatch {
|
||||
url = "https://github.com/mesonbuild/meson/commit/d5252c5d4cf1c1931fef0c1c98dd66c000891d21.patch";
|
||||
hash = "sha256-GiUNVul1N5Fl8mfqM7vA/r1FdKqImiDYLXMVDt77gvw=";
|
||||
excludes = [
|
||||
"docs/yaml/objects/dep.yaml"
|
||||
];
|
||||
})
|
||||
# https://github.com/mesonbuild/meson/pull/12587
|
||||
./007-darwin-case-sensitivity.patch
|
||||
];
|
||||
|
||||
buildInputs = lib.optionals (python3.pythonOlder "3.9") [
|
||||
|
@ -95,7 +88,9 @@ python3.pkgs.buildPythonApplication rec {
|
|||
AppKit
|
||||
Cocoa
|
||||
Foundation
|
||||
LDAP
|
||||
OpenGL
|
||||
openldap
|
||||
];
|
||||
|
||||
checkPhase = lib.concatStringsSep "\n" ([
|
||||
|
|
|
@ -85,6 +85,11 @@ stdenv.mkDerivation rec {
|
|||
|
||||
propagatedBuildInputs = [ mpi ];
|
||||
|
||||
CXXFLAGS = [
|
||||
# GCC 13: error: 'uintptr_t' in namespace 'std' does not name a type
|
||||
"-include cstdint"
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DUSE_SCALAPACK=ON"
|
||||
"-DBUILD_TESTING=ON"
|
||||
|
|
36
pkgs/by-name/uc/ucode/package.nix
Normal file
36
pkgs/by-name/uc/ucode/package.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, cmake
|
||||
, pkg-config
|
||||
, json_c
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ucode";
|
||||
version = "0.0.20231102";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jow-";
|
||||
repo = "ucode";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-dJjlwuQLS73D6W/bmhWLPPaT7himQyO1RvD+MXVxBMw=";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
json_c
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
pkg-config
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "JavaScript-like language with optional templating";
|
||||
homepage = "https://github.com/jow-/ucode";
|
||||
license = licenses.isc;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ mkg20001 ];
|
||||
};
|
||||
}
|
41
pkgs/by-name/ud/udebug/package.nix
Normal file
41
pkgs/by-name/ud/udebug/package.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, cmake
|
||||
, fetchgit
|
||||
, pkg-config
|
||||
, ubus
|
||||
, libubox
|
||||
, ucode
|
||||
, json_c
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "udebug";
|
||||
version = "unstable-2023-11-28";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.openwrt.org/project/udebug.git";
|
||||
rev = "d49aadabb7a147b99a3e6299a77d7fda4e266091";
|
||||
hash = "sha256-5I50q+oUQ5f82ngKl7bX50J+3pBviNk3iVEChNjt5wY=";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
ubus
|
||||
libubox
|
||||
ucode
|
||||
json_c
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
pkg-config
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "OpenWrt debugging helper library/service";
|
||||
homepage = "https://git.openwrt.org/?p=project/udebug.git;a=summary";
|
||||
license = licenses.free;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ mkg20001 ];
|
||||
};
|
||||
}
|
|
@ -5,18 +5,17 @@
|
|||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "websecprobe";
|
||||
version = "0.0.10";
|
||||
version = "0.0.11";
|
||||
pyproject = true;
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "WebSecProbe";
|
||||
inherit version;
|
||||
hash = "sha256-QvXOyQUptMyim/bgvhihjgGs7vX0qX8MqK2ol8q9ePc=";
|
||||
hash = "sha256-OKbKz3HSTtwyx/JNUtLJBTaHQcxkUWroMg9/msVWgk4=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = with python3.pkgs; [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tzdata";
|
||||
version = "2023c";
|
||||
version = "2023d";
|
||||
|
||||
srcs = [
|
||||
(fetchurl {
|
||||
url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz";
|
||||
hash = "sha256-P1ELXRtK6bs45IWqMCp3azF/s2N722QExK33tsrdllw=";
|
||||
hash = "sha256-28ohlwsKi4wM7O7B17kfqQO+D27KWucytTKWciMqCPM=";
|
||||
})
|
||||
(fetchurl {
|
||||
url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz";
|
||||
hash = "sha256-RtF/K7Ga1zKQ8DogMAYVLg+g17EeW3FGfEqCOBGyFOc=";
|
||||
hash = "sha256-6aX54RiIbS3pK2K7BVEKKMxsBY15HJO9a4TTKSw8Fh4=";
|
||||
})
|
||||
];
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
, itstool
|
||||
, desktop-file-utils
|
||||
, vala
|
||||
, gobject-introspection
|
||||
, libxml2
|
||||
, gtk4
|
||||
, glib
|
||||
|
@ -43,7 +42,6 @@ stdenv.mkDerivation rec {
|
|||
wrapGAppsHook4
|
||||
desktop-file-utils
|
||||
libxml2
|
||||
gobject-introspection # for finding vapi files
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -57,10 +57,6 @@ stdenv.mkDerivation rec {
|
|||
gnupg
|
||||
desktop-file-utils
|
||||
gcr
|
||||
# error: Package `...' not found in specified Vala API directories or GObject-Introspection GIR directories
|
||||
# TODO: the vala setuphook should look for vala filess in targetOffset instead of hostOffset
|
||||
libhandy
|
||||
libsecret
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -36,10 +36,6 @@ stdenv.mkDerivation rec {
|
|||
pkg-config
|
||||
vala
|
||||
wrapGAppsHook4
|
||||
# Prevents “error: Package `libadwaita-1' not found in specified Vala API
|
||||
# directories or GObject-Introspection GIR directories” with strictDeps,
|
||||
# even though it should only be a runtime dependency.
|
||||
libadwaita
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -12,7 +12,6 @@
|
|||
, glib
|
||||
, gtksourceview5
|
||||
, wrapGAppsHook4
|
||||
, gobject-introspection
|
||||
, gnome
|
||||
, mpfr
|
||||
, gmp
|
||||
|
@ -40,7 +39,6 @@ stdenv.mkDerivation rec {
|
|||
gettext
|
||||
itstool
|
||||
wrapGAppsHook4
|
||||
gobject-introspection # for finding vapi files
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchurl, meson, ninja, vala, gobject-introspection, pkg-config, gnome, gtk3, wrapGAppsHook
|
||||
{ lib, stdenv, fetchurl, meson, ninja, vala, pkg-config, gnome, gtk3, wrapGAppsHook
|
||||
, librsvg, gettext, itstool, python3, libxml2, libgnome-games-support, libgee, desktop-file-utils }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -10,9 +10,8 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "NQLps/ccs7LnEcDmAZGH/rzCvKh349RW3KtwD3vjEnI=";
|
||||
};
|
||||
|
||||
# gobject-introspection for finding vapi files
|
||||
nativeBuildInputs = [
|
||||
meson ninja vala gobject-introspection pkg-config gettext itstool python3
|
||||
meson ninja vala pkg-config gettext itstool python3
|
||||
libxml2 wrapGAppsHook desktop-file-utils
|
||||
];
|
||||
buildInputs = [ gtk3 librsvg gnome.adwaita-icon-theme libgnome-games-support libgee ];
|
||||
|
|
|
@ -13,13 +13,20 @@ stdenv.mkDerivation rec {
|
|||
hash = "sha256-gMwbWiP+YDCVafQMBWhTuJGWmkYtnhEdn/oofKaUT08=";
|
||||
};
|
||||
|
||||
# Fix build with Node 20
|
||||
# FIXME: remove for next release
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "nodejs-20.patch";
|
||||
url = "https://github.com/WebAssembly/binaryen/commit/889422e0c92552ff484659f9b41e777ba7ab35c1.patch";
|
||||
hash = "sha256-acM8mytL9nhm4np9tpUbd1X0wJ7y308HV2fvgcAW1lY=";
|
||||
})
|
||||
|
||||
# Fix fmin tests on gcc-13: https://github.com/WebAssembly/binaryen/pull/5994
|
||||
(fetchpatch {
|
||||
name = "gcc-13.patch";
|
||||
url = "https://github.com/WebAssembly/binaryen/commit/1e17dfb695a19d5d41f1f88411fbcbc5f2408c8f.patch";
|
||||
hash = "sha256-5JZh15CXkg5XdTG8eRJXPwO+zmymYeFjKbHutRPTmlU=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ cmake python3 ];
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user