colin
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge staging-next into staging

This commit is contained in:
github-actions[bot] 2024-04-03 12:01:49 +00:00 committed by GitHub
parent 25e80255bf e74231f370
commit bcc77e0272
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
116 changed files with 1335 additions and 581 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
doc/build-helpers/fetchers.chapter.md
View File

@ -1,66 +1,161 @@
# Fetchers {#chap-pkgs-fetchers}
Building software with Nix often requires downloading source code and other files from the internet.
To this end, Nixpkgs provides *fetchers*: functions to obtain remote sources via various protocols and services.
To this end, we use functions that we call _fetchers_, which obtain remote sources via various protocols and services.
Nix provides built-in fetchers such as [`builtins.fetchTarball`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchTarball).
Nixpkgs provides its own fetchers, which work differently:
Nixpkgs fetchers differ from built-in fetchers such as [`builtins.fetchTarball`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchTarball):
- A built-in fetcher will download and cache files at evaluation time and produce a [store path](https://nixos.org/manual/nix/stable/glossary#gloss-store-path).
A Nixpkgs fetcher will create a ([fixed-output](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation)) [derivation](https://nixos.org/manual/nix/stable/language/derivations), and files are downloaded at build time.
A Nixpkgs fetcher will create a ([fixed-output](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation)) [derivation](https://nixos.org/manual/nix/stable/glossary#gloss-derivation), and files are downloaded at build time.
- Built-in fetchers will invalidate their cache after [`tarball-ttl`](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-tarball-ttl) expires, and will require network activity to check if the cache entry is up to date.
Nixpkgs fetchers only re-download if the specified hash changes or the store object is not otherwise available.
Nixpkgs fetchers only re-download if the specified hash changes or the store object is not available.
- Built-in fetchers do not use [substituters](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-substituters).
Derivations produced by Nixpkgs fetchers will use any configured binary cache transparently.
This significantly reduces the time needed to evaluate the entirety of Nixpkgs, and allows [Hydra](https://nixos.org/hydra) to retain and re-distribute sources used by Nixpkgs in the [public binary cache](https://cache.nixos.org).
For these reasons, built-in fetchers are not allowed in Nixpkgs source code.
This significantly reduces the time needed to evaluate Nixpkgs, and allows [Hydra](https://nixos.org/hydra) to retain and re-distribute sources used by Nixpkgs in the [public binary cache](https://cache.nixos.org).
For these reasons, Nix's built-in fetchers are not allowed in Nixpkgs.
The following table shows an overview of the differences:
The following table summarises the differences:
| Fetchers | Download | Output | Cache | Re-download when |
|-|-|-|-|-|
| `builtins.fetch*` | evaluation time | store path | `/nix/store`, `~/.cache/nix` | `tarball-ttl` expires, cache miss in `~/.cache/nix`, output store object not in local store |
| `pkgs.fetch*` | build time | derivation | `/nix/store`, substituters | output store object not available |
:::{.tip}
`pkgs.fetchFrom*` helpers retrieve _snapshots_ of version-controlled sources, as opposed to the entire version history, which is more efficient.
`pkgs.fetchgit` by default also has the same behaviour, but can be changed through specific attributes given to it.
:::
## Caveats {#chap-pkgs-fetchers-caveats}
The fact that the hash belongs to the Nix derivation output and not the file itself can lead to confusion.
For example, consider the following fetcher:
Because Nixpkgs fetchers are fixed-output derivations, an [output hash](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-outputHash) has to be specified, usually indirectly through a `hash` attribute.
This hash refers to the derivation output, which can be different from the remote source itself!
```nix
fetchurl {
url = "http://www.example.org/hello-1.0.tar.gz";
hash = "sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww=";
}
```
This has the following implications that you should be aware of:
A common mistake is to update a fetchers URL, or a version parameter, without updating the hash.
- Use Nix (or Nix-aware) tooling to produce the output hash.
```nix
fetchurl {
url = "http://www.example.org/hello-1.1.tar.gz";
hash = "sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww=";
}
```
- When changing any fetcher parameters, always update the output hash.
Use one of the methods from [](#sec-pkgs-fetchers-updating-source-hashes).
Otherwise, existing store objects that match the output hash will be re-used rather than fetching new content.
**This will reuse the old contents**.
Remember to invalidate the hash argument, in this case by setting the `hash` attribute to an empty string.
:::{.note}
A similar problem arises while testing changes to a fetcher's implementation.
If the output of the derivation already exists in the Nix store, test failures can go undetected.
The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations.
:::
```nix
fetchurl {
url = "http://www.example.org/hello-1.1.tar.gz";
hash = "";
}
```
## Updating source hashes {#sec-pkgs-fetchers-updating-source-hashes}
Use the resulting error message to determine the correct hash.
There are several ways to obtain the hash corresponding to a remote source.
Unless you understand how the fetcher you're using calculates the hash from the downloaded contents, you should use [the fake hash method](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method).
```
error: hash mismatch in fixed-output derivation '/path/to/my.drv':
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
got: sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww=
```
1. []{#sec-pkgs-fetchers-updating-source-hashes-fakehash-method} The fake hash method: In your package recipe, set the hash to one of
A similar problem arises while testing changes to a fetcher's implementation. If the output of the derivation already exists in the Nix store, test failures can go undetected. The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations.
- `""`
- `lib.fakeHash`
- `lib.fakeSha256`
- `lib.fakeSha512`
Attempt to build, extract the calculated hashes from error messages, and put them into the recipe.
:::{.warning}
You must use one of these four fake hashes and not some arbitrarily-chosen hash.
See [](#sec-pkgs-fetchers-secure-hashes) for details.
:::
:::{.example #ex-fetchers-update-fod-hash}
# Update source hash with the fake hash method
Consider the following recipe that produces a plain file:
```nix
{ fetchurl }:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.05/.version";
hash = "sha256-ZHl1emidXVojm83LCVrwULpwIzKE/mYwfztVkvpruOM=";
}
```
A common mistake is to update a fetcher parameter, such as `url`, without updating the hash:
```nix
{ fetchurl }:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version";
hash = "sha256-ZHl1emidXVojm83LCVrwULpwIzKE/mYwfztVkvpruOM=";
}
```
**This will produce the same output as before!**
Set the hash to an empty string:
```nix
{ fetchurl }:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version";
hash = "";
}
```
When building the package, use the error message to determine the correct hash:
```shell
$ nix-build
(some output removed for clarity)
error: hash mismatch in fixed-output derivation '/nix/store/7yynn53jpc93l76z9zdjj4xdxgynawcw-version.drv':
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
got: sha256-BZqI7r0MNP29yGH5+yW2tjU9OOpOCEvwWKrWCv5CQ0I=
error: build of '/nix/store/bqdjcw5ij5ymfbm41dq230chk9hdhqff-version.drv' failed
```
:::
2. Prefetch the source with [`nix-prefetch-<type> <URL>`](https://search.nixos.org/packages?buckets={%22package_attr_set%22%3A[%22No%20package%20set%22]%2C%22package_license_set%22%3A[]%2C%22package_maintainers_set%22%3A[]%2C%22package_platforms%22%3A[]}&query=nix-prefetch), where `<type>` is one of
- `url`
- `git`
- `hg`
- `cvs`
- `bzr`
- `svn`
The hash is printed to stdout.
3. Prefetch by package source (with `nix-prefetch-url '<nixpkgs>' -A <package>.src`, where `<package>` is package attribute name).
The hash is printed to stdout.
This works well when you've upgraded the existing package version and want to find out new hash, but is useless if the package can't be accessed by attribute or the package has multiple sources (`.srcs`, architecture-dependent sources, etc).
4. Upstream hash: use it when upstream provides `sha256` or `sha512`.
Don't use it when upstream provides `md5`, compute `sha256` instead.
A little nuance is that `nix-prefetch-*` tools produce hashes with the `nix32` encoding (a Nix-specific base32 adaptation), but upstream usually provides hexadecimal (`base16`) encoding.
Fetchers understand both formats.
Nixpkgs does not standardise on any one format.
You can convert between hash formats with [`nix-hash`](https://nixos.org/manual/nix/stable/command-ref/nix-hash).
5. Extract the hash from a local source archive with `sha256sum`.
Use `nix-prefetch-url file:///path/to/archive` if you want the custom Nix `base32` hash.
## Obtaining hashes securely {#sec-pkgs-fetchers-secure-hashes}
It's always a good idea to avoid Man-in-the-Middle (MITM) attacks when downloading source contents.
Otherwise, you could unknowingly download malware instead of the intended source, and instead of the actual source hash, you'll end up using the hash of malware.
Here are security considerations for this scenario:
- `http://` URLs are not secure to prefetch hashes.
- Upstream hashes should be obtained via a secure protocol.
- `https://` URLs give you more protections when using `nix-prefetch-*` or for upstream hashes.
- `https://` URLs are secure when using the [fake hash method](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method) *only if* you use one of the listed fake hashes.
If you use any other hash, the download will be exposed to MITM attacks even if you use HTTPS URLs.
In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content.
## `fetchurl` and `fetchzip` {#fetchurl}

4
doc/manpage-urls.json
View File

@ -320,5 +320,7 @@
"login.defs(5)": "https://man.archlinux.org/man/login.defs.5",
"unshare(1)": "https://man.archlinux.org/man/unshare.1.en",
"nix-shell(1)": "https://nixos.org/manual/nix/stable/command-ref/nix-shell.html",
"mksquashfs(1)": "https://man.archlinux.org/man/extra/squashfs-tools/mksquashfs.1.en"
"mksquashfs(1)": "https://man.archlinux.org/man/extra/squashfs-tools/mksquashfs.1.en",
"curl(1)": "https://curl.se/docs/manpage.html",
"netrc(5)": "https://man.cx/netrc"
}

6
maintainers/maintainer-list.nix
View File

@ -18601,6 +18601,12 @@
githubId = 20756843;
name = "Sofi";
};
soyouzpanda = {
name = "soyouzpanda";
email = "soyouzpanda@soyouzpanda.fr";
github = "soyouzpanda";
githubId = 23421201;
};
soywod = {
name = "Clément DOUIN";
email = "clement.douin@posteo.net";

165
nixos/modules/services/networking/nsd.nix
View File

@ -81,7 +81,6 @@ let
zonesdir: "${stateDir}"
# the list of dynamically added zones.
database: "${stateDir}/var/nsd.db"
pidfile: "${pidFile}"
xfrdfile: "${stateDir}/var/xfrd.state"
xfrdir: "${stateDir}/tmp"
@ -112,6 +111,7 @@ let
${maybeString "version: " cfg.version}
xfrd-reload-timeout: ${toString cfg.xfrdReloadTimeout}
zonefiles-check: ${yesOrNo cfg.zonefilesCheck}
zonefiles-write: ${toString cfg.zonefilesWrite}
${maybeString "rrl-ipv4-prefix-length: " cfg.ratelimit.ipv4PrefixLength}
${maybeString "rrl-ipv6-prefix-length: " cfg.ratelimit.ipv6PrefixLength}
@ -173,6 +173,7 @@ let
${maybeToString "min-retry-time: " zone.minRetrySecs}
allow-axfr-fallback: ${yesOrNo zone.allowAXFRFallback}
multi-master-check: ${yesOrNo zone.multiMasterCheck}
${forEach " allow-notify: " zone.allowNotify}
${forEach " request-xfr: " zone.requestXFR}
@ -201,7 +202,7 @@ let
allowAXFRFallback = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
'';
@ -213,7 +214,7 @@ let
example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name"
"10.0.3.4&255.255.0.0 BLOCKED"
];
description = lib.mdDoc ''
description = ''
Listed primary servers are allowed to notify this secondary server.
Format: `<ip> <key-name | NOKEY | BLOCKED>`
@ -243,7 +244,7 @@ let
# to default values, breaking the parent inheriting function.
type = types.attrsOf types.anything;
default = {};
description = lib.mdDoc ''
description = ''
Children zones inherit all options of their parents. Attributes
defined in a child will overwrite the ones of its parent. Only
leaf zones will be actually served. This way it's possible to
@ -256,29 +257,29 @@ let
data = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc ''
description = ''
The actual zone data. This is the content of your zone file.
Use imports or pkgs.lib.readFile if you don't want this data in your config file.
'';
};
dnssec = mkEnableOption (lib.mdDoc "DNSSEC");
dnssec = mkEnableOption "DNSSEC";
dnssecPolicy = {
algorithm = mkOption {
type = types.str;
default = "RSASHA256";
description = lib.mdDoc "Which algorithm to use for DNSSEC";
description = "Which algorithm to use for DNSSEC";
};
keyttl = mkOption {
type = types.str;
default = "1h";
description = lib.mdDoc "TTL for dnssec records";
description = "TTL for dnssec records";
};
coverage = mkOption {
type = types.str;
default = "1y";
description = lib.mdDoc ''
description = ''
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
'';
};
@ -289,7 +290,7 @@ let
postPublish = "1w";
rollPeriod = "1mo";
};
description = lib.mdDoc "Key policy for zone signing keys";
description = "Key policy for zone signing keys";
};
ksk = mkOption {
type = keyPolicy;
@ -298,14 +299,14 @@ let
postPublish = "1mo";
rollPeriod = "0";
};
description = lib.mdDoc "Key policy for key signing keys";
description = "Key policy for key signing keys";
};
};
maxRefreshSecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit refresh time for secondary zones. This is the timer which
checks to see if the zone has to be refetched when it expires.
Normally the value from the SOA record is used, but this option
@ -316,7 +317,7 @@ let
minRefreshSecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit refresh time for secondary zones.
'';
};
@ -324,7 +325,7 @@ let
maxRetrySecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit retry time for secondary zones. This is the timeout after
a failed fetch attempt for the zone. Normally the value from
the SOA record is used, but this option restricts that value.
@ -334,17 +335,26 @@ let
minRetrySecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit retry time for secondary zones.
'';
};
multiMasterCheck = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, checks all masters for the last zone version.
It uses the higher version from all configured masters.
Useful if you have multiple masters that have different version numbers served.
'';
};
notify = mkOption {
type = types.listOf types.str;
default = [];
example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ];
description = lib.mdDoc ''
description = ''
This primary server will notify all given secondary servers about
zone changes.
@ -361,7 +371,7 @@ let
notifyRetry = mkOption {
type = types.int;
default = 5;
description = lib.mdDoc ''
description = ''
Specifies the number of retries for failed notifies. Set this along with notify.
'';
};
@ -370,7 +380,7 @@ let
type = types.nullOr types.str;
default = null;
example = "2000::1@1234";
description = lib.mdDoc ''
description = ''
This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server.
Supply either a plain IPv4 or IPv6 address with an optional port
@ -382,7 +392,7 @@ let
type = types.listOf types.str;
default = [];
example = [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ];
description = lib.mdDoc ''
description = ''
Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
'';
@ -391,7 +401,7 @@ let
requestXFR = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
description = ''
Format: `[AXFR|UDP] <ip-address> <key-name | NOKEY>`
'';
};
@ -399,7 +409,7 @@ let
rrlWhitelist = mkOption {
type = with types; listOf (enum [ "nxdomain" "error" "referral" "any" "rrsig" "wildcard" "nodata" "dnskey" "positive" "all" ]);
default = [];
description = lib.mdDoc ''
description = ''
Whitelists the given rrl-types.
'';
};
@ -408,7 +418,7 @@ let
type = types.nullOr types.str;
default = null;
example = "%s";
description = lib.mdDoc ''
description = ''
When set to something distinct to null NSD is able to collect
statistics per zone. All statistics of this zone(s) will be added
to the group specified by this given name. Use "%s" to use the zones
@ -423,19 +433,19 @@ let
options = {
keySize = mkOption {
type = types.int;
description = lib.mdDoc "Key size in bits";
description = "Key size in bits";
};
prePublish = mkOption {
type = types.str;
description = lib.mdDoc "How long in advance to publish new keys";
description = "How long in advance to publish new keys";
};
postPublish = mkOption {
type = types.str;
description = lib.mdDoc "How long after deactivation to keep a key in the zone";
description = "How long after deactivation to keep a key in the zone";
};
rollPeriod = mkOption {
type = types.str;
description = lib.mdDoc "How frequently to change keys";
description = "How frequently to change keys";
};
};
};
@ -478,14 +488,14 @@ in
# options are ordered alphanumerically
options.services.nsd = {
enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server");
enable = mkEnableOption "NSD authoritative DNS server";
bind8Stats = mkEnableOption (lib.mdDoc "BIND8 like statistics");
bind8Stats = mkEnableOption "BIND8 like statistics";
dnssecInterval = mkOption {
type = types.str;
default = "1h";
description = lib.mdDoc ''
description = ''
How often to check whether dnssec key rollover is required
'';
};
@ -493,7 +503,7 @@ in
extraConfig = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc ''
description = ''
Extra nsd config.
'';
};
@ -501,7 +511,7 @@ in
hideVersion = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.
'';
};
@ -509,7 +519,7 @@ in
identity = mkOption {
type = types.str;
default = "unidentified server";
description = lib.mdDoc ''
description = ''
Identify the server (CH TXT ID.SERVER entry).
'';
};
@ -517,7 +527,7 @@ in
interfaces = mkOption {
type = types.listOf types.str;
default = [ "127.0.0.0" "::1" ];
description = lib.mdDoc ''
description = ''
What addresses the server should listen to.
'';
};
@ -525,7 +535,7 @@ in
ipFreebind = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Whether to bind to nonlocal addresses and interfaces that are down.
Similar to ip-transparent.
'';
@ -534,7 +544,7 @@ in
ipTransparent = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Allow binding to non local addresses.
'';
};
@ -542,7 +552,7 @@ in
ipv4 = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether to listen on IPv4 connections.
'';
};
@ -550,7 +560,7 @@ in
ipv4EDNSSize = mkOption {
type = types.int;
default = 4096;
description = lib.mdDoc ''
description = ''
Preferred EDNS buffer size for IPv4.
'';
};
@ -558,7 +568,7 @@ in
ipv6 = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether to listen on IPv6 connections.
'';
};
@ -566,7 +576,7 @@ in
ipv6EDNSSize = mkOption {
type = types.int;
default = 4096;
description = lib.mdDoc ''
description = ''
Preferred EDNS buffer size for IPv6.
'';
};
@ -574,7 +584,7 @@ in
logTimeAscii = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Log time in ascii, if false then in unix epoch seconds.
'';
};
@ -582,7 +592,7 @@ in
nsid = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
description = ''
NSID identity (hex string, or "ascii_somestring").
'';
};
@ -590,7 +600,7 @@ in
port = mkOption {
type = types.port;
default = 53;
description = lib.mdDoc ''
description = ''
Port the service should bind do.
'';
};
@ -599,7 +609,7 @@ in
type = types.bool;
default = pkgs.stdenv.isLinux;
defaultText = literalExpression "pkgs.stdenv.isLinux";
description = lib.mdDoc ''
description = ''
Whether to enable SO_REUSEPORT on all used sockets. This lets multiple
processes bind to the same port. This speeds up operation especially
if the server count is greater than one and makes fast restarts less
@ -610,18 +620,18 @@ in
rootServer = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Whether this server will be a root server (a DNS root server, you
usually don't want that).
'';
};
roundRobin = mkEnableOption (lib.mdDoc "round robin rotation of records");
roundRobin = mkEnableOption "round robin rotation of records";
serverCount = mkOption {
type = types.int;
default = 1;
description = lib.mdDoc ''
description = ''
Number of NSD servers to fork. Put the number of CPUs to use here.
'';
};
@ -629,7 +639,7 @@ in
statistics = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Statistics are produced every number of seconds. Prints to log.
If null no statistics are logged.
'';
@ -638,7 +648,7 @@ in
tcpCount = mkOption {
type = types.int;
default = 100;
description = lib.mdDoc ''
description = ''
Maximum number of concurrent TCP connections per server.
'';
};
@ -646,7 +656,7 @@ in
tcpQueryCount = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc ''
description = ''
Maximum number of queries served on a single TCP connection.
0 means no maximum.
'';
@ -655,7 +665,7 @@ in
tcpTimeout = mkOption {
type = types.int;
default = 120;
description = lib.mdDoc ''
description = ''
TCP timeout in seconds.
'';
};
@ -663,7 +673,7 @@ in
verbosity = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc ''
description = ''
Verbosity level.
'';
};
@ -671,7 +681,7 @@ in
version = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
description = ''
The version string replied for CH TXT version.server and version.bind
queries. Will use the compiled package version on null.
See hideVersion for enabling/disabling this responses.
@ -681,7 +691,7 @@ in
xfrdReloadTimeout = mkOption {
type = types.int;
default = 1;
description = lib.mdDoc ''
description = ''
Number of seconds between reloads triggered by xfrd.
'';
};
@ -689,11 +699,22 @@ in
zonefilesCheck = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether to check mtime of all zone files on start and sighup.
'';
};
zonefilesWrite = mkOption {
type = types.int;
default = 0;
description = ''
Write changed secondary zones to their zonefile every N seconds.
If the zone (pattern) configuration has "" zonefile, it is not written.
Zones that have received zone transfer updates are written to their zonefile.
0 disables writing to zone files.
'';
};
keys = mkOption {
type = types.attrsOf (types.submodule {
@ -702,14 +723,14 @@ in
algorithm = mkOption {
type = types.str;
default = "hmac-sha256";
description = lib.mdDoc ''
description = ''
Authentication algorithm for this key.
'';
};
keyFile = mkOption {
type = types.path;
description = lib.mdDoc ''
description = ''
Path to the file which contains the actual base64 encoded
key. The key will be copied into "${stateDir}/private" before
NSD starts. The copied file is only accessibly by the NSD
@ -727,7 +748,7 @@ in
};
}
'';
description = lib.mdDoc ''
description = ''
Define your TSIG keys here.
'';
};
@ -735,12 +756,12 @@ in
ratelimit = {
enable = mkEnableOption (lib.mdDoc "ratelimit capabilities");
enable = mkEnableOption "ratelimit capabilities";
ipv4PrefixLength = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
IPv4 prefix length. Addresses are grouped by netblock.
'';
};
@ -748,7 +769,7 @@ in
ipv6PrefixLength = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
IPv6 prefix length. Addresses are grouped by netblock.
'';
};
@ -756,7 +777,7 @@ in
ratelimit = mkOption {
type = types.int;
default = 200;
description = lib.mdDoc ''
description = ''
Max qps allowed from any query source.
0 means unlimited. With an verbosity of 2 blocked and
unblocked subnets will be logged.
@ -766,7 +787,7 @@ in
slip = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Number of packets that get discarded before replying a SLIP response.
0 disables SLIP responses. 1 will make every response a SLIP response.
'';
@ -775,7 +796,7 @@ in
size = mkOption {
type = types.int;
default = 1000000;
description = lib.mdDoc ''
description = ''
Size of the hashtable. More buckets use more memory but lower
the chance of hash hash collisions.
'';
@ -784,7 +805,7 @@ in
whitelistRatelimit = mkOption {
type = types.int;
default = 2000;
description = lib.mdDoc ''
description = ''
Max qps allowed from whitelisted sources.
0 means unlimited. Set the rrl-whitelist option for specific
queries to apply this limit instead of the default to them.
@ -796,12 +817,12 @@ in
remoteControl = {
enable = mkEnableOption (lib.mdDoc "remote control via nsd-control");
enable = mkEnableOption "remote control via nsd-control";
controlCertFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_control.pem";
description = lib.mdDoc ''
description = ''
Path to the client certificate signed with the server certificate.
This file is used by nsd-control and generated by nsd-control-setup.
'';
@ -810,7 +831,7 @@ in
controlKeyFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_control.key";
description = lib.mdDoc ''
description = ''
Path to the client private key, which is used by nsd-control
but not by the server. This file is generated by nsd-control-setup.
'';
@ -819,7 +840,7 @@ in
interfaces = mkOption {
type = types.listOf types.str;
default = [ "127.0.0.1" "::1" ];
description = lib.mdDoc ''
description = ''
Which interfaces NSD should bind to for remote control.
'';
};
@ -827,7 +848,7 @@ in
port = mkOption {
type = types.port;
default = 8952;
description = lib.mdDoc ''
description = ''
Port number for remote control operations (uses TLS over TCP).
'';
};
@ -835,7 +856,7 @@ in
serverCertFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_server.pem";
description = lib.mdDoc ''
description = ''
Path to the server self signed certificate, which is used by the server
but and by nsd-control. This file is generated by nsd-control-setup.
'';
@ -844,7 +865,7 @@ in
serverKeyFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_server.key";
description = lib.mdDoc ''
description = ''
Path to the server private key, which is used by the server
but not by nsd-control. This file is generated by nsd-control-setup.
'';
@ -886,7 +907,7 @@ in
};
}
'';
description = lib.mdDoc ''
description = ''
Define your zones here. Zones can cascade other zones and therefore
inherit settings from parent zones. Look at the definition of
children to learn about inheritance and child zones.

84
pkgs/README.md
View File

@ -94,11 +94,7 @@ Now that this is out of the way. To add a package to Nixpkgs:
- All other [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes are optional, but its still a good idea to provide at least the `description`, `homepage` and [`license`](https://nixos.org/manual/nixpkgs/stable/#sec-meta-license).
- You can use `nix-prefetch-url url` to get the SHA-256 hash of source distributions. There are similar commands as `nix-prefetch-git` and `nix-prefetch-hg` available in `nix-prefetch-scripts` package.
- A list of schemes for `mirror://` URLs can be found in [`pkgs/build-support/fetchurl/mirrors.nix`](build-support/fetchurl/mirrors.nix).
The exact syntax and semantics of the Nix expression language, including the built-in function, are [described in the Nix manual](https://nixos.org/manual/nix/stable/language/).
- The exact syntax and semantics of the Nix expression language, including the built-in functions, are [Nix language reference](https://nixos.org/manual/nix/stable/language/).
5. To test whether the package builds, run the following command from the root of the nixpkgs source tree:
@ -397,7 +393,7 @@ All versions of a package _must_ be included in `all-packages.nix` to make sure
See the Nixpkgs manual for more details on [standard meta-attributes](https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes).
### Import From Derivation
## Import From Derivation
[Import From Derivation](https://nixos.org/manual/nix/unstable/language/import-from-derivation) (IFD) is disallowed in Nixpkgs for performance reasons:
[Hydra](https://github.com/NixOS/hydra) evaluates the entire package set, and sequential builds during evaluation would increase evaluation times to become impractical.
@ -406,13 +402,16 @@ Import From Derivation can be worked around in some cases by committing generate
## Sources
### Fetching Sources
Always fetch source files using [Nixpkgs fetchers](https://nixos.org/manual/nixpkgs/unstable/#chap-pkgs-fetchers).
Use reproducible sources with a high degree of availability.
Prefer protocols that support proxies.
There are multiple ways to fetch a package source in nixpkgs. The general guideline is that you should package reproducible sources with a high degree of availability. Right now there is only one fetcher which has mirroring support and that is `fetchurl`. Note that you should also prefer protocols which have a corresponding proxy environment variable.
A list of schemes for `mirror://` URLs can be found in [`pkgs/build-support/fetchurl/mirrors.nix`](build-support/fetchurl/mirrors.nix), and is supported by [`fetchurl`](https://nixos.org/manual/nixpkgs/unstable/#fetchurl).
Other fetchers which end up relying on `fetchurl` may also support mirroring.
You can find many source fetch helpers in `pkgs/build-support/fetch*`.
The preferred source hash type is `sha256`.
In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these have names on the form `fetchFrom*`. The intention of these are to provide snapshot fetches but using the same api as some of the version controlled fetchers from `pkgs/build-support/`. As an example going from bad to good:
Examples going from bad to best practices:
- Bad: Uses `git://` which won't be proxied.
@ -438,7 +437,7 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these
}
```
- Best: Fetches a snapshot archive and you get the rev you want.
- Best: Fetches a snapshot archive for the given revision.
```nix
{
@ -451,63 +450,14 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these
}
```
When fetching from GitHub, commits must always be referenced by their full commit hash. This is because GitHub shares commit hashes among all forks and returns `404 Not Found` when a short commit hash is ambiguous. It already happens for some short, 6-character commit hashes in `nixpkgs`.
It is a practical vector for a denial-of-service attack by pushing large amounts of auto generated commits into forks and was already [demonstrated against GitHub Actions Beta](https://blog.teddykatz.com/2019/11/12/github-actions-dos.html).
> [!Note]
> When fetching from GitHub, always reference revisions by their full commit hash.
> GitHub shares commit hashes among all forks and returns `404 Not Found` when a short commit hash is ambiguous.
> It already happened in Nixpkgs for short, 6-character commit hashes.
>
> Pushing large amounts of auto generated commits into forks is a practical vector for a denial-of-service attack, and was already [demonstrated against GitHub Actions Beta](https://blog.teddykatz.com/2019/11/12/github-actions-dos.html).
Find the value to put as `hash` by running `nix-shell -p nix-prefetch-github --run "nix-prefetch-github --rev 1f795f9f44607cc5bec70d1300150bfefcef2aae NixOS nix"`.
#### Obtaining source hash
Preferred source hash type is sha256. There are several ways to get it.
1. Prefetch URL (with `nix-prefetch-XXX URL`, where `XXX` is one of `url`, `git`, `hg`, `cvs`, `bzr`, `svn`). Hash is printed to stdout.
2. Prefetch by package source (with `nix-prefetch-url '<nixpkgs>' -A PACKAGE.src`, where `PACKAGE` is package attribute name). Hash is printed to stdout.
This works well when you've upgraded existing package version and want to find out new hash, but is useless if package can't be accessed by attribute or package has multiple sources (`.srcs`, architecture-dependent sources, etc).
3. Upstream provided hash: use it when upstream provides `sha256` or `sha512` (when upstream provides `md5`, don't use it, compute `sha256` instead).
A little nuance is that `nix-prefetch-*` tools produce hash encoded with `base32`, but upstream usually provides hexadecimal (`base16`) encoding. Fetchers understand both formats. Nixpkgs does not standardize on any one format.
You can convert between formats with nix-hash, for example:
```ShellSession
$ nix-hash --type sha256 --to-base32 HASH
```
4. Extracting hash from local source tarball can be done with `sha256sum`. Use `nix-prefetch-url file:///path/to/tarball` if you want base32 hash.
5. Fake hash: set the hash to one of
- `""`
- `lib.fakeHash`
- `lib.fakeSha256`
- `lib.fakeSha512`
in the package expression, attempt build and extract correct hash from error messages.
> [!Warning]
> You must use one of these four fake hashes and not some arbitrarily-chosen hash.
> See [here][secure-hashes]
This is last resort method when reconstructing source URL is non-trivial and `nix-prefetch-url -A` isnt applicable (for example, [one of `kodi` dependencies](https://github.com/NixOS/nixpkgs/blob/d2ab091dd308b99e4912b805a5eb088dd536adb9/pkgs/applications/video/kodi/default.nix#L73)). The easiest way then would be replace hash with a fake one and rebuild. Nix build will fail and error message will contain desired hash.
#### Obtaining hashes securely
[secure-hashes]: #obtaining-hashes-securely
Let's say Man-in-the-Middle (MITM) sits close to your network. Then instead of fetching source you can fetch malware, and instead of source hash you get hash of malware. Here are security considerations for this scenario:
- `http://` URLs are not secure to prefetch hash from;
- hashes from upstream (in method 3) should be obtained via secure protocol;
- `https://` URLs are secure in methods 1, 2, 3;
- `https://` URLs are secure in method 5 *only if* you use one of the listed fake hashes. If you use any other hash, `fetchurl` will pass `--insecure` to `curl` and may then degrade to HTTP in case of TLS certificate expiration.
### Patches
## Patches
Patches available online should be retrieved using `fetchpatch`.

6
pkgs/applications/emulators/ripes/default.nix
View File

@ -14,14 +14,14 @@
stdenv.mkDerivation rec {
pname = "ripes";
# Pulling unstable version as latest stable does not build against gcc-13.
version = "2.2.6-unstable-2024-03-03";
version = "2.2.6-unstable-2024-04-02";
src = fetchFromGitHub {
owner = "mortbopet";
repo = "Ripes";
rev = "b71f0ddd5d2d346cb97b28fd3f70fef55bb9b6b7";
rev = "027e678a44b7b9f3e81e5b6863b0d68af05fd69c";
fetchSubmodules = true;
hash = "sha256-zQrrWBHNIacRoAEIjR0dlgUTncBCiodcBeT/wbDClWg=";
hash = "sha256-u6JxXCX1BMdbHTF7EBGEnXOV+eF6rgoZZcHqB/1nVjE=";
};
nativeBuildInputs = [

4
pkgs/applications/misc/obsidian/default.nix
View File

@ -12,7 +12,7 @@
let
inherit (stdenv.hostPlatform) system;
pname = "obsidian";
version = "1.5.11";
version = "1.5.12";
appname = "Obsidian";
meta = with lib; {
description = "A powerful knowledge base that works on top of a local folder of plain text Markdown files";
@ -25,7 +25,7 @@ let
filename = if stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
src = fetchurl {
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
hash = if stdenv.isDarwin then "sha256-RtIEjVaqYygylhZwFB9ObZPPhSSzvJTJniGVFzAa/VY=" else "sha256-QDxMgisyYc2lJ0OKn2hR0VA8OeAwysCq6Z4Q59qRvtU=";
hash = if stdenv.isDarwin then "sha256-MSJmF5WddxbC/S7w2nWjlDxt5HPUDCoRFwJ2MZMH9Ks=" else "sha256-UQLljP7eZELTuHwX+OylXY+Wy2YK1ZEJX1IQfIvBLe8=";
};
icon = fetchurl {

4
pkgs/applications/misc/syncthingtray/default.nix
View File

@ -34,14 +34,14 @@ https://github.com/NixOS/nixpkgs/issues/199596#issuecomment-1310136382 */
}:
stdenv.mkDerivation (finalAttrs: {
version = "1.5.0";
version = "1.5.1";
pname = "syncthingtray";
src = fetchFromGitHub {
owner = "Martchus";
repo = "syncthingtray";
rev = "v${finalAttrs.version}";
hash = "sha256-O8FLjse2gY8KNWGXpUeZ83cNk0ZuRAZJJ3Am33/ABVw=";
hash = "sha256-6Q3nf6WjFgpBK7VR+ykmtIM68vwsmrYqmJPXsPpWjs4=";
};
buildInputs = [

8
pkgs/applications/networking/cluster/k3s/1_27/versions.nix
View File

@ -1,8 +1,8 @@
{
k3sVersion = "1.27.11+k3s1";
k3sCommit = "06d6bc80b469a61e5e90438b1f2639cd136a89e7";
k3sRepoSha256 = "0qkm8yqs9p34kb5k2q0j5wiykj78qc12n65n0clas5by23jrqcqa";
k3sVendorHash = "sha256-+z8pr30+28puv7yjA7ZvW++I0ipNEmen2OhCxFMzYOY=";
k3sVersion = "1.27.12+k3s1";
k3sCommit = "78ad57567c9eb1fd1831986f5fd7b4024add1767";
k3sRepoSha256 = "1j6xb3af4ypqq5m6a8x2yc2515zvlgqzfsfindjm9cbmq5iisphq";
k3sVendorHash = "sha256-65cmpRwD9C+fcbBSv1YpeukO7bfGngsLv/rk6sM59gU=";
chartVersions = import ./chart-versions.nix;
k3sRootVersion = "0.12.2";
k3sRootSha256 = "1gjynvr350qni5mskgm7pcc7alss4gms4jmkiv453vs8mmma9c9k";

2
pkgs/applications/networking/cluster/kns/default.nix
View File

@ -33,6 +33,6 @@ stdenvNoCC.mkDerivation {
homepage = "https://github.com/blendle/kns";
license = licenses.isc;
maintainers = with maintainers; [ mmlb ];
platforms = platforms.linux;
platforms = platforms.unix;
};
}

6
pkgs/applications/networking/cluster/kubergrunt/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubergrunt";
version = "0.14.2";
version = "0.15.0";
src = fetchFromGitHub {
owner = "gruntwork-io";
repo = "kubergrunt";
rev = "v${version}";
sha256 = "sha256-r2lx+R/TQxD/miCJK3V//N3gKiCrg/mneT9BS+ZqRiU=";
sha256 = "sha256-yN5tpe3ayQPhTlBvxlt7CD6mSURCB4lxGatEK9OThzs=";
};
vendorHash = "sha256-K24y41qpuyBHqljUAtNQu3H8BNqznxYOsvEVo+57OtY=";
vendorHash = "sha256-VJkqg2cnpYHuEYOv5+spoyRWFAdFWE7YIVYaN9OmIZM=";
# Disable tests since it requires network access and relies on the
# presence of certain AWS infrastructure

4
pkgs/applications/networking/cluster/kubevpn/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubevpn";
version = "2.2.3";
version = "2.2.4";
src = fetchFromGitHub {
owner = "KubeNetworks";
repo = "kubevpn";
rev = "v${version}";
hash = "sha256-C1Fw7E7lXy9BRj8bTVUMzPK6wBiL6A3VGDYUqdD2Rjs=";
hash = "sha256-taeCOmjZqULxQf4dgLzSYgN43fFYH04Ev4O/SHHG+xI=";
};
vendorHash = null;

4
pkgs/applications/networking/cluster/waagent/default.nix
View File

@ -14,12 +14,12 @@ let
in
python.pkgs.buildPythonApplication rec {
pname = "waagent";
version = "2.9.1.1";
version = "2.10.0.8";
src = fetchFromGitHub {
owner = "Azure";
repo = "WALinuxAgent";
rev = "refs/tags/v${version}";
sha256 = "sha256-lnCDGUhAPNP8RNfDi+oUTEJ4x3ln6COqTrgk9rZWWEM=";
sha256 = "sha256-Ilm29z+BJToVxdJTUAZO3Lr2DyOIvK6GW79GxAmfeM4=";
};
patches = [
# Suppress the following error when waagent tries to configure sshd:

4
pkgs/applications/networking/nextcloud-client/default.nix
View File

@ -26,7 +26,7 @@
stdenv.mkDerivation rec {
pname = "nextcloud-client";
version = "3.12.2";
version = "3.12.3";
outputs = [ "out" "dev" ];
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
hash = "sha256-qVb0omSWzwkbqdtYXy8VWYyCM0CDCAW9L78pli9TbO4=";
hash = "sha256-ScWkEOx2tHoCQbFwBvJQgk2YoYOTPi3PrVsaDNJBEUI=";
};
patches = [

4
pkgs/applications/networking/xpipe/default.nix
View File

@ -33,14 +33,14 @@ let
}.${system} or throwSystem;
hash = {
x86_64-linux = "sha256-GcFds6PCEuvZ7oIfWMEkRIWMWU/jmCsj4zCkMe3+QM0=";
x86_64-linux = "sha256-s/1XyEXOyvAQNf32ckKotQ4jYdlo/Y+O9PY3wIUs80A=";
}.${system} or throwSystem;
displayname = "XPipe";
in stdenvNoCC.mkDerivation rec {
pname = "xpipe";
version = "8.5";
version = "8.6";
src = fetchzip {
url = "https://github.com/xpipe-io/xpipe/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";

4
pkgs/applications/office/qownnotes/default.nix
View File

@ -19,14 +19,14 @@
let
pname = "qownnotes";
appname = "QOwnNotes";
version = "24.3.5";
version = "24.4.0";
in
stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://github.com/pbek/QOwnNotes/releases/download/v${version}/qownnotes-${version}.tar.xz";
hash = "sha256-s3OeTK6XodIMrNTuImdljbQYX1Abj7SFOZmPJgm2teo=";
hash = "sha256-SxoZD5DYuPAJZwBiw38jZYI+e9FExj+TiUlczvbXkWA=";
};
nativeBuildInputs = [

6
pkgs/applications/terminal-emulators/foot/default.nix
View File

@ -27,7 +27,7 @@
}:
let
version = "1.16.2";
version = "1.17.0";
# build stimuli file for PGO build and the script to generate it
# independently of the foot's build, so we can cache the result
@ -40,7 +40,7 @@ let
src = fetchurl {
url = "https://codeberg.org/dnkl/foot/raw/tag/${version}/scripts/generate-alt-random-writes.py";
hash = "sha256-NvkKJ75n/OzgEd2WHX1NQIXPn9R0Z+YI1rpFmNxaDhk=";
hash = "sha256-/KykHPqM0WQ1HO83bOrxJ88mvEAf0Ah3S8gSvKb3AJM=";
};
dontUnpack = true;
@ -99,7 +99,7 @@ stdenv.mkDerivation {
owner = "dnkl";
repo = "foot";
rev = version;
hash = "sha256-hT+btlfqfwGBDWTssYl8KN6SbR9/Y2ors4ipECliigM=";
hash = "sha256-H4a9WQox7vD5HsY9PP0nrNDZtyaRFpsphsv8/qstNH8=";
};
separateDebugInfo = true;

2
pkgs/applications/terminal-emulators/st/default.nix
View File

@ -66,7 +66,7 @@ stdenv.mkDerivation (finalAttrs: {
homepage = "https://st.suckless.org/";
description = "Simple Terminal for X from Suckless.org Community";
license = licenses.mit;
maintainers = with maintainers; [ andsild qusic ];
maintainers = with maintainers; [ qusic ];
platforms = platforms.unix;
mainProgram = "st";
};

4
pkgs/applications/video/qmplay2/default.nix
View File

@ -26,14 +26,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "qmplay2";
version = "24.03.16";
version = "24.04.02";
src = fetchFromGitHub {
owner = "zaps166";
repo = "QMPlay2";
rev = finalAttrs.version;
fetchSubmodules = true;
hash = "sha256-yIBQBRdmaY7qaBirANxMqfm5vn3T4usokJUxwSYUHjQ=";
hash = "sha256-eJWXTcJU24QzPChFTKbvNcuL9UpIQD8rFzd5h591tjg=";
};
nativeBuildInputs = [

8
pkgs/build-support/cc-wrapper/default.nix
View File

@ -53,10 +53,6 @@
, gccForLibs ? if useCcForLibs then cc else null
, fortify-headers ? null
, includeFortifyHeaders ? null
# https://github.com/NixOS/nixpkgs/issues/295322
# should -march flag be used
, disableMarch ? false
}:
assert nativeTools -> !propagateDoc && nativePrefix != "";
@ -633,7 +629,7 @@ stdenv.mkDerivation {
# TODO: aarch64-darwin has mcpu incompatible with gcc
+ optionalString ((targetPlatform ? gcc.arch) && !isClang && !(stdenv.isDarwin && stdenv.isAarch64) &&
isGccArchSupported targetPlatform.gcc.arch && !disableMarch) ''
isGccArchSupported targetPlatform.gcc.arch) ''
echo "-march=${targetPlatform.gcc.arch}" >> $out/nix-support/cc-cflags-before
''
@ -729,7 +725,7 @@ stdenv.mkDerivation {
+ optionalString isClang ''
# Escape twice: once for this script, once for the one it gets substituted into.
export march=${escapeShellArg
(optionalString (targetPlatform ? gcc.arch && !disableMarch)
(optionalString (targetPlatform ? gcc.arch)
(escapeShellArg "-march=${targetPlatform.gcc.arch}"))}
export defaultTarget=${targetPlatform.config}
substituteAll ${./add-clang-cc-cflags-before.sh} $out/nix-support/add-local-cc-cflags-before.sh

6
pkgs/by-name/ep/epub-thumbnailer/package.nix
View File

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication {
pname = "epub-thumbnailer";
version = "0-unstable-2024-03-16";
version = "0-unstable-2024-03-26";
pyproject = true;
src = fetchFromGitHub {
owner = "marianosimone";
repo = "epub-thumbnailer";
rev = "035c31e9269bcb30dcc20fed31b6dc54e9bfed63";
hash = "sha256-G/CeYmr+wgJidbavfvIuCbRLJGQzoxAnpo3t4YFJq0c=";
rev = "de4b5bf0fcd1817d560f180231f7bd22d330f1be";
hash = "sha256-r0t2enybUEminXOHjx6uH6LvQtmzTRPZm/gY3Vi2c64=";
};
nativeBuildInputs = with python3.pkgs; [

13
pkgs/by-name/fl/flatito/Gemfile Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
source "https://rubygems.org"
# Specify your gem's dependencies in flatito.gemspec
gemspec
gem "minitest", "~> 5.22"
gem "rake", "~> 13.0"
gem "rubocop", "~> 1.62"
gem "rubocop-minitest", "~> 0.35"
gem "rubocop-performance", "~> 1.11"
gem "rubocop-rake", "~> 0.6"

62
pkgs/by-name/fl/flatito/Gemfile.lock Normal file
View File

@ -0,0 +1,62 @@
PATH
remote: .
specs:
flatito (0.1.1)
colorize
GEM
remote: https://rubygems.org/
specs:
ast (2.4.2)
colorize (1.1.0)
json (2.7.1)
language_server-protocol (3.17.0.3)
minitest (5.22.3)
parallel (1.24.0)
parser (3.3.0.5)
ast (~> 2.4.1)
racc
racc (1.7.3)
rainbow (3.1.1)
rake (13.1.0)
regexp_parser (2.9.0)
rexml (3.2.6)
rubocop (1.62.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.31.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.31.2)
parser (>= 3.3.0.4)
rubocop-minitest (0.35.0)
rubocop (>= 1.61, < 2.0)
rubocop-ast (>= 1.31.1, < 2.0)
rubocop-performance (1.20.2)
rubocop (>= 1.48.1, < 2.0)
rubocop-ast (>= 1.30.0, < 2.0)
rubocop-rake (0.6.0)
rubocop (~> 1.0)
ruby-progressbar (1.13.0)
unicode-display_width (2.5.0)
PLATFORMS
arm64-darwin-22
ruby
DEPENDENCIES
flatito!
minitest (~> 5.22)
rake (~> 13.0)
rubocop (~> 1.62)
rubocop-minitest (~> 0.35)
rubocop-performance (~> 1.11)
rubocop-rake (~> 0.6)
BUNDLED WITH
2.5.6

40
pkgs/by-name/fl/flatito/flatito.gemspec Normal file
View File

@ -0,0 +1,40 @@
# frozen_string_literal: true
require_relative "lib/flatito/version"
Gem::Specification.new do |spec|
spec.name = "flatito"
spec.version = Flatito::VERSION
spec.authors = ["José Galisteo"]
spec.email = ["ceritium@gmail.com"]
spec.summary = "Grep for YAML and JSON files"
spec.description = "A kind of grep for YAML and JSON files. It allows you to search for a key and get the value and the line number where it is located."
spec.homepage = "https://github.com/ceritium/flatito"
spec.license = "MIT"
spec.required_ruby_version = ">= 3.0.0"
spec.metadata["homepage_uri"] = spec.homepage
spec.metadata["source_code_uri"] = spec.homepage
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
# Specify which files should be added to the gem when it is released.
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
spec.files = Dir.chdir(__dir__) do
`git ls-files -z`.split("\x0").reject do |f|
(File.expand_path(f) == __FILE__) ||
f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
end
end
spec.bindir = "exe"
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
spec.require_paths = ["lib"]
# Uncomment to register a new dependency of your gem
spec.add_dependency "colorize"
# For more information and examples about making a new gem, check out our
# guide at: https://bundler.io/guides/creating_gem.html
spec.metadata["rubygems_mfa_required"] = "true"
end

208
pkgs/by-name/fl/flatito/gemset.nix Normal file
View File

@ -0,0 +1,208 @@
{
ast = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "04nc8x27hlzlrr5c2gn7mar4vdr0apw5xg22wp6m8dx3wqr04a0y";
type = "gem";
};
version = "2.4.2";
};
colorize = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0dy8ryhcdzgmbvj7jpa1qq3bhhk1m7a2pz6ip0m6dxh30rzj7d9h";
type = "gem";
};
version = "1.1.0";
};
flatito = {
dependencies = [ "colorize" ];
groups = [ "default" ];
platforms = [ ];
source = {
path = ./.;
type = "path";
};
version = "0.1.1";
};
json = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0r9jmjhg2ly3l736flk7r2al47b5c8cayh0gqkq0yhjqzc9a6zhq";
type = "gem";
};
version = "2.7.1";
};
language_server-protocol = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0gvb1j8xsqxms9mww01rmdl78zkd72zgxaap56bhv8j45z05hp1x";
type = "gem";
};
version = "3.17.0.3";
};
minitest = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "07lq26b86giy3ha3fhrywk9r1ajhc2pm2mzj657jnpnbj1i6g17a";
type = "gem";
};
version = "5.22.3";
};
parallel = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "15wkxrg1sj3n1h2g8jcrn7gcapwcgxr659ypjf75z1ipkgxqxwsv";
type = "gem";
};
version = "1.24.0";
};
parser = {
dependencies = [ "ast" "racc" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "11r6kp8wam0nkfvnwyc1fmvky102r1vcfr84vi2p1a2wa0z32j3p";
type = "gem";
};
version = "3.3.0.5";
};
racc = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp";
type = "gem";
};
version = "1.7.3";
};
rainbow = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0smwg4mii0fm38pyb5fddbmrdpifwv22zv3d3px2xx497am93503";
type = "gem";
};
version = "3.1.1";
};
rake = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1ilr853hawi09626axx0mps4rkkmxcs54mapz9jnqvpnlwd3wsmy";
type = "gem";
};
version = "13.1.0";
};
regexp_parser = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1ndxm0xnv27p4gv6xynk6q41irckj76q1jsqpysd9h6f86hhp841";
type = "gem";
};
version = "2.9.0";
};
rexml = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "05i8518ay14kjbma550mv0jm8a6di8yp5phzrd8rj44z9qnrlrp0";
type = "gem";
};
version = "3.2.6";
};
rubocop = {
dependencies = [ "json" "language_server-protocol" "parallel" "parser" "rainbow" "regexp_parser" "rexml" "rubocop-ast" "ruby-progressbar" "unicode-display_width" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0daamn13fbm77rdwwa4w6j6221iq6091asivgdhk6n7g398frcdf";
type = "gem";
};
version = "1.62.1";
};
rubocop-ast = {
dependencies = [ "parser" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1v3q8n48w8h809rqbgzihkikr4g3xk72m1na7s97jdsmjjq6y83w";
type = "gem";
};
version = "1.31.2";
};
rubocop-minitest = {
dependencies = [ "rubocop" "rubocop-ast" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "001f4xcs3p0g04cyqfdkb2i1lld0yjmnx1s11y9z2id4b2lg64c4";
type = "gem";
};
version = "0.35.0";
};
rubocop-performance = {
dependencies = [ "rubocop" "rubocop-ast" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0cf7fn4dwf45r3nhnda0dhnwn8qghswyqbfxr2ippb3z8a6gmc8v";
type = "gem";
};
version = "1.20.2";
};
rubocop-rake = {
dependencies = [ "rubocop" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1nyq07sfb3vf3ykc6j2d5yq824lzq1asb474yka36jxgi4hz5djn";
type = "gem";
};
version = "0.6.0";
};
ruby-progressbar = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0cwvyb7j47m7wihpfaq7rc47zwwx9k4v7iqd9s1xch5nm53rrz40";
type = "gem";
};
version = "1.13.0";
};
unicode-display_width = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1d0azx233nags5jx3fqyr23qa2rhgzbhv8pxp46dgbg1mpf82xky";
type = "gem";
};
version = "2.5.0";
};
}

36
pkgs/by-name/fl/flatito/package.nix Normal file
View File

@ -0,0 +1,36 @@
{ lib, fetchFromGitHub, ruby, buildRubyGem, bundlerEnv }:
let
deps = bundlerEnv rec {
inherit ruby;
name = "flatito-${version}";
version = "0.1.1";
gemdir = ./.;
gemset = lib.recursiveUpdate (import ./gemset.nix) {
flatito.source = {
remotes = [ "https://rubygems.org" ];
sha256 = "9f5a8f899a14c1a0fe74cb89288f24ddc47bd5d83ac88ac8023d19b056ecb50f";
type = "gem";
};
};
};
in
buildRubyGem rec {
inherit ruby;
gemName = "flatito";
pname = gemName;
version = "0.1.1";
source.sha256 = "sha256-n1qPiZoUwaD+dMuJKI8k3cR71dg6yIrIAj0ZsFbstQ8=";
propagatedBuildInputs = [ deps ];
meta = with lib; {
description = "It allows you to search for a key and get the value and the line number where it is located in YAML and JSON files.";
homepage = "https://github.com/ceritium/flatito";
license = licenses.mit;
maintainers = with maintainers; [ rucadi ];
platforms = platforms.unix;
mainProgram = "flatito";
};
}

133
pkgs/by-name/id/ida-free/package.nix Normal file
View File

@ -0,0 +1,133 @@
{ autoPatchelfHook
, cairo
, copyDesktopItems
, dbus
, fetchurl
, fontconfig
, freetype
, glib
, gtk3
, lib
, libdrm
, libGL
, libkrb5
, libsecret
, libsForQt5
, libunwind
, libxkbcommon
, makeDesktopItem
, makeWrapper
, openssl
, stdenv
, xorg
, zlib
}:
let
srcs = builtins.fromJSON (builtins.readFile ./srcs.json);
in
stdenv.mkDerivation rec {
pname = "ida-free";
version = "8.4.240320";
src = fetchurl {
inherit (srcs.${stdenv.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}")) urls sha256;
};
icon = fetchurl {
urls = [
"https://www.hex-rays.com/products/ida/news/8_1/images/icon_free.png"
"https://web.archive.org/web/20221105181231if_/https://hex-rays.com/products/ida/news/8_1/images/icon_free.png"
];
sha256 = "sha256-widkv2VGh+eOauUK/6Sz/e2auCNFAsc8n9z0fdrSnW0=";
};
desktopItem = makeDesktopItem {
name = "ida-free";
exec = "ida64";
icon = icon;
comment = meta.description;
desktopName = "IDA Free";
genericName = "Interactive Disassembler";
categories = [ "Development" ];
};
nativeBuildInputs = [ makeWrapper copyDesktopItems autoPatchelfHook libsForQt5.wrapQtAppsHook ];
# We just get a runfile in $src, so no need to unpack it.
dontUnpack = true;
# Add everything to the RPATH, in case IDA decides to dlopen things.
runtimeDependencies = [
cairo
dbus
fontconfig
freetype
glib
gtk3
libdrm
libGL
libkrb5
libsecret
libsForQt5.qtbase
libunwind
libxkbcommon
openssl
stdenv.cc.cc
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXau
xorg.libxcb
xorg.libXext
xorg.libXi
xorg.libXrender
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
zlib
];
buildInputs = runtimeDependencies;
dontWrapQtApps = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/lib $out/opt
# IDA depends on quite some things extracted by the runfile, so first extract everything
# into $out/opt, then remove the unnecessary files and directories.
IDADIR=$out/opt
# Invoke the installer with the dynamic loader directly, avoiding the need
# to copy it to fix permissions and patch the executable.
$(cat $NIX_CC/nix-support/dynamic-linker) $src \
--mode unattended --prefix $IDADIR --installpassword ""
# Copy the exported libraries to the output.
cp $IDADIR/libida64.so $out/lib
# Some libraries come with the installer.
addAutoPatchelfSearchPath $IDADIR
for bb in ida64 assistant; do
wrapProgram $IDADIR/$bb \
--prefix QT_PLUGIN_PATH : $IDADIR/plugins/platforms
ln -s $IDADIR/$bb $out/bin/$bb
done
runHook postInstall
'';
meta = with lib; {
description = "Freeware version of the world's smartest and most feature-full disassembler";
homepage = "https://hex-rays.com/ida-free/";
license = licenses.unfree;
mainProgram = "ida64";
maintainers = with maintainers; [ msanft ];
platforms = [ "x86_64-linux" ]; # Right now, the installation script only supports Linux.
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
}

20
pkgs/by-name/id/ida-free/srcs.json Normal file
View File

@ -0,0 +1,20 @@
{
"x86_64-linux": {
"urls": [
"https://web.archive.org/web/20240330140328/https://out7.hex-rays.com/files/idafree84_linux.run"
],
"sha256": "1wg60afkhjj7my2la4x4qf6gdxzl2aqdbvd6zfnwf8n3bl7ckn2a"
},
"x86_64-darwin": {
"urls": [
"https://web.archive.org/web/20240330140623/https://out7.hex-rays.com/files/idafree84_mac.app.zip"
],
"sha256": "0a97xb0ah6rcq69whs5xvkar43ci8r5nan9wa29ad19w8k25ryym"
},
"aarch64-darwin": {
"urls": [
"https://web.archive.org/web/20240330140634/https://out7.hex-rays.com/files/arm_idafree84_mac.app.zip"
],
"sha256": "10wwq7ia1z1kxfigj4i7xr037bzv1cg3pyvrl27jdq9v7bghdf3m"
}
}

6
pkgs/by-name/mi/minijinja/package.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "minijinja";
version = "1.0.15";
version = "1.0.16";
src = fetchFromGitHub {
owner = "mitsuhiko";
repo = "minijinja";
rev = version;
hash = "sha256-ync0MkLi+CV1g9eBDLcV1dnV101H5Gc6K0NrnVeh8Jw=";
hash = "sha256-/mWXtAu+4B0VTZsID7FOQkSnuTxOLUUrl+vubqPClCw=";
};
cargoHash = "sha256-j8GLpMU7xwc3BWkjcFmGODiKieedNIB8VbHjJcrq8z4=";
cargoHash = "sha256-iMRcQL7/Q/9UmwPwaQslMruyUQ2QSU+5y7VNeAFMzk8=";
# The tests relies on the presence of network connection
doCheck = false;

6
pkgs/by-name/my/mystmd/package.nix
View File

@ -2,16 +2,16 @@
buildNpmPackage rec {
pname = "mystmd";
version = "1.1.48";
version = "1.1.50";
src = fetchFromGitHub {
owner = "executablebooks";
repo = "mystmd";
rev = "mystmd@${version}";
hash = "sha256-Uw/00EzgnrQYunABx7O35V+YwFnDDW+EI5NqMEUV8zk=";
hash = "sha256-2KzvjKtI3TK0y1zNX33MAz/I7x+09XVcwKBWhBTD0+M=";
};
npmDepsHash = "sha256-JSVdHhzOgzIwB61ST6vYVENtohjU6Q3lrp+hVPye02g=";
npmDepsHash = "sha256-mJXLmq6KZiKjctvGCf7YG6ivF1ut6qynzyM147pzGwM=";
dontNpmInstall = true;

4
pkgs/by-name/ot/oterm/package.nix
View File

@ -5,14 +5,14 @@
python3Packages.buildPythonApplication rec {
pname = "oterm";
version = "0.2.4";
version = "0.2.5";
pyproject = true;
src = fetchFromGitHub {
owner = "ggozad";
repo = "oterm";
rev = "refs/tags/${version}";
hash = "sha256-p0ns+8qmcyX4gcg0CfYdDMn1Ie0atVBuQbVQoDRQ9+c=";
hash = "sha256-s+TqDrgy7sR0sli8BGKlF546TW1+vzF0k3IkAQV6TpM=";
};
pythonRelaxDeps = [

4
pkgs/by-name/pl/plasticity/package.nix
View File

@ -33,11 +33,11 @@
}:
stdenv.mkDerivation rec {
pname = "plasticity";
version = "1.4.18";
version = "1.4.19";
src = fetchurl {
url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm";
hash = "sha256-iSGYc8Ms6Kk4JhR2q/yUq26q1adbrZe4Gnpw5YAN1L4=";
hash = "sha256-pbq00eMabouGP33d4wbjVvw+AZ+aBWg0e3lc3ZcAwmQ=";
};
passthru.updateScript = ./update.sh;

73
pkgs/by-name/pv/pvsneslib/package.nix Normal file
View File

@ -0,0 +1,73 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
, gcc
}:
stdenv.mkDerivation rec {
pname = "pvsneslib";
version = "4.2.0";
src = fetchFromGitHub {
owner = "alekmaul";
repo = "pvsneslib";
rev = version;
hash = "sha256-Cl4+WvjKbq5IPqf7ivVYwBYwDDWWHGNeq4nWXPxsUHw=";
fetchSubmodules = true;
};
nativeBuildInputs = [ gcc cmake ];
dontConfigure = true;
postPatch = ''
substituteInPlace tools/816-opt/Makefile \
--replace-fail 'LDFLAGS := -lpthread' 'LDFLAGS :=' \
--replace-fail 'LDFLAGS := -pthread' 'LDFLAGS += -pthread' \
--replace-fail 'LDFLAGS += -lpthread -static' '# LDFLAGS += -lpthread -static'
substituteInPlace tools/bin2txt/Makefile \
tools/gfx2snes/Makefile \
tools/gfx4snes/Makefile \
tools/snestools/Makefile \
tools/816-opt/Makefile \
tools/tmx2snes/Makefile \
--replace-fail '$(CFLAGS) $(OBJS)' '$(LDFLAGS) $(OBJS)'
substituteInPlace tools/smconv/Makefile \
--replace-fail '$(CFLAGS) $(LDFLAGS)' '$(LDFLAGS)'
substituteInPlace tools/constify/Makefile \
--replace-fail '$(CFLAGS) $(DEFINES) $(OBJS)' '$(LDFLAGS) $(DEFINES) $(OBJS)'
substituteInPlace tools/snestools/Makefile \
--replace-fail '-Wno-format' ' '
substituteInPlace tools/snesbrr/brr/Makefile \
--replace-fail 'LDFLAGS ' 'LDFLAGS :=
LDFLAGS '
substituteInPlace compiler/wla-dx/wlalink/write.c \
--replace-fail 'sort_anonymous_labels()' 'sort_anonymous_labels(void)'
'';
preBuild = ''
export PVSNESLIB_HOME=$(pwd)
'';
installPhase = ''
runHook preInstall
cp -r . $out
runHook postInstall
'';
meta = {
description = "Free and open source development kit for the Nintendo SNES";
homepage = "https://github.com/alekmaul/pvsneslib";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ soyouzpanda ];
mainProgram = "pvsneslib";
platforms = lib.platforms.all;
};
}

4
pkgs/by-name/sh/shopware-cli/package.nix
View File

@ -9,12 +9,12 @@
buildGoModule rec {
pname = "shopware-cli";
version = "0.4.30";
version = "0.4.33";
src = fetchFromGitHub {
repo = "shopware-cli";
owner = "FriendsOfShopware";
rev = version;
hash = "sha256-QfeQ73nTvLavUIpHlTBTkY1GGqZCednlXRBigwPCt48=";
hash = "sha256-BwoCp92tE/fsYIgez/BcU4f23IU5lMQ6jQKOCZ/oTEk=";
};
nativeBuildInputs = [ installShellFiles makeWrapper ];

5
pkgs/by-name/ta/tabby/package.nix
View File

@ -11,6 +11,7 @@
, llama-cpp
, autoAddDriverRunpath
, cudaSupport ? config.cudaSupport
, cudaPackages ? { }
@ -135,9 +136,7 @@ rustPlatform.buildRustPackage {
protobuf
git
] ++ optionals enableCuda [
# TODO: Replace with autoAddDriverRunpath
# once https://github.com/NixOS/nixpkgs/pull/275241 has been merged
cudaPackages.autoAddDriverRunpath
autoAddDriverRunpath
];
buildInputs = [ openssl ]

6
pkgs/by-name/wi/wireguard-vanity-keygen/package.nix
View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "wireguard-vanity-keygen";
version = "0.0.7";
version = "0.0.8";
src = fetchFromGitHub {
owner = "axllent";
repo = "wireguard-vanity-keygen";
rev = version;
hash = "sha256-+q6l2531APm67JqvFNQb4Zj5pyWnHgncwxcgWNiBCJw=";
hash = "sha256-qTVPPr7lmjMvUqetDupZCo8RdoBHr++0V9CB4b6Bp4Y=";
};
vendorHash = "sha256-F3AoN8NgXjePy7MmI8jzLDxaIZBCfOPRbe0ZYmt6vm8=";
vendorHash = "sha256-9/waDAfHYgKh+FsGZEp7HbgI83urRDQPuvtuEKHOf58=";
ldflags = [ "-s" "-w" "-X main.appVersion=${version}" ];

28
pkgs/development/compilers/aspectj/builder.sh
View File

@ -1,28 +0,0 @@
if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi
source $stdenv/setup
export JAVA_HOME=$jre
cat >> props <<EOF
output.dir=$out
context.javaPath=$jre
EOF
mkdir -p $out
$jre/bin/java -jar $src -text props
echo "Removing files at top level"
for file in $out/*
do
if test -f $file ; then
rm $file
fi
done
cat >> $out/bin/aj-runtime-env <<EOF
#! $SHELL
export CLASSPATH=$CLASSPATH:.:$out/lib/aspectjrt.jar
EOF
chmod u+x $out/bin/aj-runtime-env

55
pkgs/development/compilers/aspectj/default.nix
View File

@ -1,25 +1,56 @@
{lib, stdenv, fetchurl, jre}:
{
lib,
stdenvNoCC,
fetchurl,
jre,
}:
stdenv.mkDerivation rec {
pname = "aspectj";
let
version = "1.9.21.2";
builder = ./builder.sh;
versionSnakeCase = builtins.replaceStrings [ "." ] [ "_" ] version;
in
stdenvNoCC.mkDerivation {
pname = "aspectj";
inherit version;
src = let
versionSnakeCase = builtins.replaceStrings ["."] ["_"] version;
in fetchurl {
__structuredAttrs = true;
src = fetchurl {
url = "https://github.com/eclipse/org.aspectj/releases/download/V${versionSnakeCase}/aspectj-${version}.jar";
sha256 = "sha256-wqQtyopS03zX+GJme5YZwWiACqO4GAYFr3XAjzqSFnQ=";
hash = "sha256-wqQtyopS03zX+GJme5YZwWiACqO4GAYFr3XAjzqSFnQ=";
};
inherit jre;
buildInputs = [jre];
dontUnpack = true;
nativeBuildInputs = [ jre ];
installPhase = ''
runHook preInstall
cat >> props <<EOF
output.dir=$out
context.javaPath=${jre}
EOF
mkdir -p $out
java -jar $src -text props
cat >> $out/bin/aj-runtime-env <<EOF
#! ${stdenvNoCC.shell}
export CLASSPATH=$CLASSPATH:.:$out/lib/aspectjrt.jar
EOF
chmod u+x $out/bin/aj-runtime-env
runHook postInstall
'';
meta = {
homepage = "https://www.eclipse.org/aspectj/";
description = "A seamless aspect-oriented extension to the Java programming language";
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
platforms = lib.platforms.unix;
license = lib.licenses.epl10;
platforms = lib.platforms.unix;
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
};
}

4
pkgs/development/compilers/circt/default.nix
View File

@ -17,12 +17,12 @@ let
in
stdenv.mkDerivation rec {
pname = "circt";
version = "1.70.0";
version = "1.71.0";
src = fetchFromGitHub {
owner = "llvm";
repo = "circt";
rev = "firtool-${version}";
hash = "sha256-OELkfyN0fxnQIGQxfwuRM/+DYdb+8m5wlT/H+eQNjq0=";
hash = "sha256-Y6SkMpF5Gpi1Jm3OrWaMkr3uP/vTzawJ9UsxsuOsvpo=";
fetchSubmodules = true;
};

10
pkgs/development/compilers/swift/default.nix
View File

@ -25,13 +25,9 @@ let
#
# The following selects the correct Clang version, matching the version
# used in Swift, and applies the same libc overrides as `apple_sdk.stdenv`.
clang = let
# https://github.com/NixOS/nixpkgs/issues/295322
clangNoMarch = swiftLlvmPackages.clang.override { disableMarch = true; };
in
if pkgs.stdenv.isDarwin
clang = if pkgs.stdenv.isDarwin
then
clangNoMarch.override rec {
swiftLlvmPackages.clang.override rec {
libc = apple_sdk.Libsystem;
bintools = pkgs.bintools.override { inherit libc; };
# Ensure that Swifts internal clang uses the same libc++ and libc++abi as the
@ -41,7 +37,7 @@ let
inherit (llvmPackages) libcxx;
}
else
clangNoMarch;
swiftLlvmPackages.clang;
# Overrides that create a useful environment for swift packages, allowing
# packaging with `swiftPackages.callPackage`. These are similar to

19
pkgs/development/compilers/swift/wrapper/wrapper.sh
View File

@ -242,17 +242,26 @@ if [[ -e $cc_wrapper/nix-support/add-local-cc-cflags-before.sh ]]; then
source $cc_wrapper/nix-support/add-local-cc-cflags-before.sh
fi
# May need to transform the triple injected by the above.
for ((i = 1; i < ${#extraBefore[@]}; i++)); do
if [[ "${extraBefore[i]}" = -target ]]; then
for ((i=0; i < ${#extraBefore[@]}; i++));do
case "${extraBefore[i]}" in
-target)
i=$((i + 1))
# On Darwin only, need to change 'aarch64' to 'arm64'.
extraBefore[i]="${extraBefore[i]/aarch64-apple-/arm64-apple-}"
# On Darwin, Swift requires the triple to be annotated with a version.
# TODO: Assumes macOS.
extraBefore[i]="${extraBefore[i]/-apple-darwin/-apple-macosx${MACOSX_DEPLOYMENT_TARGET:-11.0}}"
break
fi
;;
-march=*)
[[ i -gt 0 && ${extraBefore[i-1]} == -Xcc ]] && continue
extraBefore=(
"${extraBefore[@]:0:i}"
-Xcc
"${extraBefore[@]:i:${#extraBefore[@]}}"
)
i=$((i + 1))
;;
esac
done
# As a very special hack, if the arguments are just `-v', then don't

8
pkgs/development/gnuradio-modules/osmosdr/default.nix
View File

@ -29,8 +29,8 @@ let
version = {
"3.7" = "0.1.5";
"3.8" = "0.2.3";
"3.9" = "0.2.4";
"3.10" = "0.2.4";
"3.9" = "0.2.5";
"3.10" = "0.2.5";
}.${gnuradio.versionAttr.major};
src = fetchgit {
url = "https://gitea.osmocom.org/sdr/gr-osmosdr";
@ -38,8 +38,8 @@ let
sha256 = {
"3.7" = "0bf9bnc1c3c4yqqqgmg3nhygj6rcfmyk6pybi27f7461d2cw1drv";
"3.8" = "sha256-ZfI8MshhZOdJ1U5FlnZKXsg2Rsvb6oKg943ZVYd/IWo=";
"3.9" = "sha256-d0hbiJ44lEu8V4XX7JpZVSTQwwykwKPUfiqetRBI6uI=";
"3.10" = "sha256-d0hbiJ44lEu8V4XX7JpZVSTQwwykwKPUfiqetRBI6uI=";
"3.9" = "sha256-pYPDkSnBzccZ/Tbs5x3bwk34FQewkG42y/vlaVkr2YE=";
"3.10" = "sha256-pYPDkSnBzccZ/Tbs5x3bwk34FQewkG42y/vlaVkr2YE=";
}.${gnuradio.versionAttr.major};
};
in mkDerivation {

6
pkgs/development/interpreters/wasmtime/default.nix
View File

@ -2,19 +2,19 @@
rustPlatform.buildRustPackage rec {
pname = "wasmtime";
version = "18.0.3";
version = "19.0.1";
src = fetchFromGitHub {
owner = "bytecodealliance";
repo = pname;
rev = "v${version}";
hash = "sha256-qG6WRac4n/hFa4aMSmHIMf1OXcsK9ZoNtm/dgN4NZ3M=";
hash = "sha256-MHoIVJ+x8GFzbO2YaknnzS/qSMyODvel88IHif9L97A=";
fetchSubmodules = true;
};
# Disable cargo-auditable until https://github.com/rust-secure-code/cargo-auditable/issues/124 is solved.
auditable = false;
cargoHash = "sha256-cf1oUylROlbgWcKTrCR12CfVVxNuQqaoo1dr5NfiDQQ=";
cargoHash = "sha256-r07neWK7d4407U941XtyUOlRcjQVNUsXJKavSNHvYZM=";
cargoBuildFlags = [ "--package" "wasmtime-cli" "--package" "wasmtime-c-api" ];
outputs = [ "out" "dev" ];

13
pkgs/development/libraries/fontconfig/make-fonts-conf.nix
View File

@ -1,5 +1,11 @@
{ runCommand, stdenv, lib, libxslt, fontconfig, dejavu_fonts, fontDirectories
, impureFontDirectories ? [
{ runCommand, stdenv, lib, libxslt, fontconfig, dejavu_fonts }:
let fontconfig_ = fontconfig; in
{
fontconfig ? fontconfig_
# an array of fonts, e.g. `[ pkgs.dejavu_fonts.minimal ]`
, fontDirectories
, impureFontDirectories ? [
# nix user profile
"~/.nix-profile/lib/X11/fonts" "~/.nix-profile/share/fonts"
]
@ -11,7 +17,8 @@
# darwin paths
++ lib.optionals stdenv.isDarwin [ "/Library/Fonts" "/System/Library/Fonts" ]
# nix default profile
++ [ "/nix/var/nix/profiles/default/lib/X11/fonts" "/nix/var/nix/profiles/default/share/fonts" ] }:
++ [ "/nix/var/nix/profiles/default/lib/X11/fonts" "/nix/var/nix/profiles/default/share/fonts" ]
}:
runCommand "fonts.conf"
{

8
pkgs/development/libraries/libint/default.nix
View File

@ -109,7 +109,7 @@ assert (builtins.elem shellSet [ "standard" "orca" ]);
let
pname = "libint";
version = "2.8.1";
version = "2.9.0";
meta = with lib; {
description = "Library for the evaluation of molecular integrals of many-body operators over Gaussian functions";
@ -126,7 +126,7 @@ let
owner = "evaleev";
repo = pname;
rev = "v${version}";
hash = "sha256-0QWOJUjK7Jq4KCk77vNIrBNKOzPcc/1+Ji13IN5xUKM=";
hash = "sha256-y+Mo8J/UWDrkkNEDAoostb/k6jrhYYeU0u9Incrd2cE=";
};
# Replace hardcoded "/bin/rm" with normal "rm"
@ -139,7 +139,7 @@ let
tests/eri/Makefile \
tests/hartree-fock/Makefile \
tests/unit/Makefile; do
substituteInPlace $f --replace "/bin/rm" "rm"
substituteInPlace $f --replace-warn "/bin/rm" "rm"
done
'';
@ -211,7 +211,7 @@ let
buildInputs = [ boost eigen ];
# Default is just "double", but SSE2 is available on all x86_64 CPUs.
# AVX support is advertised, but does not work in 2.6 (possibly in 2.7).
# AVX support is advertised, but does not work.
# Fortran interface is incompatible with changing the LIBINT2_REALTYPE.
cmakeFlags = [
"-DLIBINT2_SHGAUSS_ORDERING=${shGaussOrd}"

2
pkgs/development/libraries/libvirt/default.nix
View File

@ -271,7 +271,7 @@ stdenv.mkDerivation rec {
"--sysconfdir=/var/lib"
(cfg "install_prefix" (placeholder "out"))
(cfg "localstatedir" "/var")
(cfg "runstatedir" "/run")
(cfg "runstatedir" (if isDarwin then "/var/run" else "/run"))
(cfg "init_script" (if isDarwin then "none" else "systemd"))
(cfg "qemu_datadir" (lib.optionalString isDarwin "${qemu}/share/qemu"))

4
pkgs/development/libraries/mongoc/default.nix
View File

@ -14,13 +14,13 @@
stdenv.mkDerivation rec {
pname = "mongoc";
version = "1.26.1";
version = "1.26.2";
src = fetchFromGitHub {
owner = "mongodb";
repo = "mongo-c-driver";
rev = "refs/tags/${version}";
hash = "sha256-LUtKOAlQVpN5Y+mHsNTlgDSeCjodG4RDleO1eXzTdMg=";
hash = "sha256-4+PXvWYEy4Bi+qpyp7PvqtsOxJuYhjiHrmwmdn5RiX8=";
};
nativeBuildInputs = [

4
pkgs/development/libraries/qtutilities/default.nix
View File

@ -9,13 +9,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "qtutilities";
version = "6.13.5";
version = "6.14.0";
src = fetchFromGitHub {
owner = "Martchus";
repo = "qtutilities";
rev = "v${finalAttrs.version}";
hash = "sha256-ZPfyJAQHtE5ae/X9f8s/69UNiB4CnyACPLvYp8RgpKg=";
hash = "sha256-pg2SaFfFkP2v1qHo8CRCn7b9B4XKX+R4UqRNzNG4to4=";
};
nativeBuildInputs = [

3
pkgs/development/libraries/xgboost/default.nix
View File

@ -5,6 +5,7 @@
, cmake
, gtest
, doCheck ? true
, autoAddDriverRunpath
, cudaSupport ? config.cudaSupport
, ncclSupport ? false
, rLibrary ? false
@ -57,7 +58,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake ]
++ lib.optionals stdenv.isDarwin [ llvmPackages.openmp ]
++ lib.optionals cudaSupport [ cudaPackages.autoAddDriverRunpath ]
++ lib.optionals cudaSupport [ autoAddDriverRunpath ]
++ lib.optionals rLibrary [ R ];
buildInputs = [ gtest ] ++ lib.optional cudaSupport cudaPackages.cudatoolkit

12
pkgs/development/lua-modules/aliases.nix
View File

@ -7,31 +7,31 @@ lib: self: super:
### Use `./remove-attr.py [attrname]` in this directory to remove your alias
### from the `luaPackages` set without regenerating the entire file.
with self;
let
inherit (lib) dontDistribute hasAttr isDerivation mapAttrs;
# Removing recurseForDerivation prevents derivations of aliased attribute
# set to appear while listing all the packages available.
removeRecurseForDerivations = alias: with lib;
removeRecurseForDerivations = alias:
if alias.recurseForDerivations or false
then removeAttrs alias ["recurseForDerivations"]
else alias;
# Disabling distribution prevents top-level aliases for non-recursed package
# sets from building on Hydra.
removeDistribute = alias: with lib;
removeDistribute = alias:
if isDerivation alias then
dontDistribute alias
else alias;
# Make sure that we are not shadowing something from node-packages.nix.
checkInPkgs = n: alias:
if builtins.hasAttr n super
if hasAttr n super
then throw "Alias ${n} is still in generated.nix"
else alias;
mapAliases = aliases:
lib.mapAttrs (n: alias:
mapAttrs (n: alias:
removeDistribute
(removeRecurseForDerivations
(checkInPkgs n alias)))

22
pkgs/development/lua-modules/overrides.nix
View File

@ -56,7 +56,9 @@
}:
final: prev:
with prev;
let
inherit (prev) luaOlder luaAtLeast lua isLuaJIT;
in
{
argparse = prev.argparse.overrideAttrs(oa: {
@ -176,10 +178,12 @@ with prev;
});
ldbus = prev.ldbus.overrideAttrs (oa: {
luarocksConfig.variables = {
DBUS_DIR = "${dbus.lib}";
DBUS_ARCH_INCDIR = "${dbus.lib}/lib/dbus-1.0/include";
DBUS_INCDIR = "${dbus.dev}/include/dbus-1.0";
luarocksConfig = oa.luarocksConfig // {
variables = {
DBUS_DIR = "${dbus.lib}";
DBUS_ARCH_INCDIR = "${dbus.lib}/lib/dbus-1.0/include";
DBUS_INCDIR = "${dbus.dev}/include/dbus-1.0";
};
};
buildInputs = [
dbus
@ -202,7 +206,7 @@ with prev;
'';
meta.broken = luaOlder "5.1" || luaAtLeast "5.3";
propagatedBuildInputs = with lib; oa.propagatedBuildInputs ++ optional (!isLuaJIT) luaffi;
propagatedBuildInputs = with lib; oa.propagatedBuildInputs ++ optional (!isLuaJIT) final.luaffi;
});
lgi = prev.lgi.overrideAttrs (oa: {
@ -349,7 +353,7 @@ with prev;
luaevent = prev.luaevent.overrideAttrs (oa: {
propagatedBuildInputs = oa.propagatedBuildInputs ++ [
luasocket
final.luasocket
];
externalDeps = [
{ name = "EVENT"; dep = libevent; }
@ -535,8 +539,8 @@ with prev;
buildInputs = [ libuv ];
# Use system libuv instead of building local and statically linking
luarocksConfig.variables = {
WITH_SHARED_LIBUV = "ON";
luarocksConfig = lib.recursiveUpdate oa.luarocksConfig {
variables = { WITH_SHARED_LIBUV = "ON"; };
};
# we unset the LUA_PATH since the hook erases the interpreter defaults (To fix)

4
pkgs/development/octave-modules/instrument-control/default.nix
View File

@ -5,11 +5,11 @@
buildOctavePackage rec {
pname = "instrument-control";
version = "0.9.2";
version = "0.9.3";
src = fetchurl {
url = "mirror://sourceforge/octave/${pname}-${version}.tar.gz";
sha256 = "sha256-N7lSJBA+DRex2jHWhSG7nUpJaFoSz26HhTtoc5/rdA0=";
sha256 = "sha256-5ZufEs761qz0nKt0YYikJccqEtK+Qs9UcnJlRsW8VCM=";
};
meta = with lib; {

4
pkgs/development/python-modules/aiounifi/default.nix
View File

@ -15,7 +15,7 @@
buildPythonPackage rec {
pname = "aiounifi";
version = "73";
version = "74";
pyproject = true;
disabled = pythonOlder "3.11";
@ -24,7 +24,7 @@ buildPythonPackage rec {
owner = "Kane610";
repo = "aiounifi";
rev = "refs/tags/v${version}";
hash = "sha256-xs3+2f/CNabdXm8g2V+sEIR5kQguxi3nMeJLb8TVrck=";
hash = "sha256-5xxgpbnTqR8AWUvRQJiXGJECn0neV8QQyjYKw09sqZg=";
};
postPatch = ''

8
pkgs/development/python-modules/aws-secretsmanager-caching/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "aws-secretsmanager-caching";
version = "1.1.1.5";
version = "1.1.2";
pyprject = true;
disabled = pythonOlder "3.7";
@ -19,7 +19,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "aws_secretsmanager_caching";
inherit version;
hash = "sha256-XO4nYruJty8+USP+7o5F++RP/hY7/KCLKPJ7Lit3cuE=";
hash = "sha256-hhdo+I1yA/pLA+YFDFi8Ekrv27xQLpxiqXh1+4XqteA=";
};
patches = [
@ -32,11 +32,11 @@ buildPythonPackage rec {
--replace-fail "'pytest-runner'," ""
'';
nativeBuildInputs = [
build-system = [
setuptools-scm
];
propagatedBuildInputs = [
dependencies = [
botocore
setuptools # Needs pkg_resources at runtime.
];

42
pkgs/development/python-modules/dploot/default.nix
View File

@ -1,49 +1,61 @@
{ lib
, buildPythonPackage
, poetry-core
, pythonRelaxDepsHook
, cryptography
, fetchPypi
, impacket
, cryptography
, pyasn1
, lxml
, poetry-core
, pyasn1
, pythonOlder
, pythonRelaxDepsHook
}:
buildPythonPackage rec {
pname = "dploot";
version = "2.6.2";
version = "2.7.0";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-Fko8zsIjVG1Cmeiect239HGCStJ8VccGTE102cTIr58=";
hash = "sha256-76+cTukQOXE8tjaBrWVJY56+zVO5yqB5BT9q7+TBpnA=";
};
pythonRelaxDeps = true;
pythonRelaxDeps = [
"cryptography"
"lxml"
"pyasn1"
];
nativeBuildInputs = [
poetry-core
pythonRelaxDepsHook
];
propagatedBuildInputs = [
build-system = [
poetry-core
];
dependencies = [
impacket
cryptography
pyasn1
lxml
];
pythonImportsCheck = [ "dploot" ];
pythonImportsCheck = [
"dploot"
];
# No tests
doCheck = false;
meta = {
homepage = "https://github.com/zblurx/dploot";
meta = with lib; {
description = "DPAPI looting remotely in Python";
mainProgram = "dploot";
homepage = "https://github.com/zblurx/dploot";
changelog = "https://github.com/zblurx/dploot/releases/tag/${version}";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ vncsb ];
license = licenses.mit;
maintainers = with maintainers; [ vncsb ];
mainProgram = "dploot";
};
}

12
pkgs/development/python-modules/edk2-pytool-library/default.nix
View File

@ -16,7 +16,7 @@
buildPythonPackage rec {
pname = "edk2-pytool-library";
version = "0.21.4";
version = "0.21.5";
pyproject = true;
disabled = pythonOlder "3.10";
@ -25,15 +25,15 @@ buildPythonPackage rec {
owner = "tianocore";
repo = "edk2-pytool-library";
rev = "refs/tags/v${version}";
hash = "sha256-LzIK4GGVWAp4JXlKE7Mo0cPIH2srnJIlu36bzovNkwE=";
hash = "sha256-4Sb8Lu/nYUXgGt9gVv+j32cwW7TjXfH8z+fwzKaOeM8=";
};
nativeBuildInputs = [
build-system = [
setuptools
setuptools-scm
];
propagatedBuildInputs = [
dependencies = [
pyasn1
pyasn1-modules
cryptography
@ -52,7 +52,9 @@ buildPythonPackage rec {
"test_basic_parse"
];
pythonImportsCheck = [ "edk2toollib" ];
pythonImportsCheck = [
"edk2toollib"
];
meta = with lib; {
description = "Python library package that supports UEFI development";

8
pkgs/development/python-modules/google-cloud-firestore/default.nix
View File

@ -17,21 +17,21 @@
buildPythonPackage rec {
pname = "google-cloud-firestore";
version = "2.15.0";
version = "2.16.0";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-WJzknGuNcxWiSDJ+ShJKRBQ/WlMU6naPfIUWYMIeYyE=";
hash = "sha256-5hrnAimm5TLkOcjRZEejICREfy7kojA/xNBUwljWh38=";
};
nativeBuildInputs = [
build-system = [
setuptools
];
propagatedBuildInputs = [
dependencies = [
google-api-core
google-cloud-core
proto-plus

8
pkgs/development/python-modules/iceportal/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "iceportal";
version = "1.1.2";
version = "1.2.0";
pyproject = true;
disabled = pythonOlder "3.9";
@ -20,14 +20,14 @@ buildPythonPackage rec {
owner = "home-assistant-ecosystem";
repo = "python-iceportal";
rev = "refs/tags/${version}";
hash = "sha256-s+jEpxKsa3eIV4a/Ltso51jqZC4jzsvPLTjDFMV9FIA=";
hash = "sha256-kpAUgGi2fAHzQYuZAaQW9wdrYjwbduRsoTwSuzcjJa8=";
};
nativeBuildInputs = [
build-system = [
poetry-core
];
propagatedBuildInputs = [
dependencies = [
httpx
];

4
pkgs/development/python-modules/ignite/default.nix
View File

@ -15,14 +15,14 @@
buildPythonPackage rec {
pname = "ignite";
version = "0.4.13";
version = "0.5.0.post2";
format = "setuptools";
src = fetchFromGitHub {
owner = "pytorch";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-+olp+zphcHMvcGKHt0JhxXza1wd7UiydwVFnSQ310Vg=";
hash = "sha256-Lg7ASODYwWWhC45X4+Bk50gSlSWwgn2tM4atLXWbQLI=";
};
nativeCheckInputs = [ pytestCheckHook matplotlib mock pytest-xdist torchvision ];

3
pkgs/development/python-modules/jaxlib/default.nix
View File

@ -4,6 +4,7 @@
# Build-time dependencies:
, addOpenGLRunpath
, autoAddDriverRunpath
, bazel_6
, binutils
, buildBazelPackage
@ -51,7 +52,7 @@
}@inputs:
let
inherit (cudaPackagesGoogle) autoAddDriverRunpath cudaFlags cudaVersion cudnn nccl;
inherit (cudaPackagesGoogle) cudaFlags cudaVersion cudnn nccl;
pname = "jaxlib";
version = "0.4.24";

4
pkgs/development/python-modules/llama-index-core/default.nix
View File

@ -30,7 +30,7 @@
buildPythonPackage rec {
pname = "llama-index-core";
version = "0.10.25";
version = "0.10.26";
pyproject = true;
disabled = pythonOlder "3.8";
@ -39,7 +39,7 @@ buildPythonPackage rec {
owner = "run-llama";
repo = "llama_index";
rev = "refs/tags/v${version}";
hash = "sha256-E06Fxj6dD0BVYpme107IdgGg0Y7vhNR9zFvyKL0Yqws=";
hash = "sha256-X/g+/+MxYCPJM2z0eUT/O6uziPUORX9yy2gLr8E3rCA=";
};
sourceRoot = "${src.name}/${pname}";

4
pkgs/development/python-modules/marimo/default.nix
View File

@ -19,14 +19,14 @@
buildPythonPackage rec {
pname = "marimo";
version = "0.3.5";
version = "0.3.8";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-XBOffkPJaGeyuK/mesN1nXXARRpoZpmiu5WVYS1tFvI=";
hash = "sha256-xl8hN1Bg3uGbAMaKNLPAgw06vkqZkJaNRe5lmOY8fPA=";
};
build-system = [

10
pkgs/development/python-modules/mkdocstrings/default.nix
View File

@ -16,7 +16,7 @@
buildPythonPackage rec {
pname = "mkdocstrings";
version = "0.24.1";
version = "0.24.2";
pyproject = true;
disabled = pythonOlder "3.8";
@ -25,19 +25,19 @@ buildPythonPackage rec {
owner = "mkdocstrings";
repo = "mkdocstrings";
rev = "refs/tags/${version}";
hash = "sha256-6Th/HckxcCIupQWQglK+4ReXB6sdIDE8/nWgP42iqIQ=";
hash = "sha256-RlEr9NA6GV/XXjGvX/Yipu6FQAi7HuE9SvIH/snQJRM=";
};
postPatch = ''
substituteInPlace pyproject.toml \
--replace 'dynamic = ["version"]' 'version = "${version}"'
--replace-fail 'dynamic = ["version"]' 'version = "${version}"'
'';
nativeBuildInputs = [
build-system = [
pdm-backend
];
propagatedBuildInputs = [
dependencies = [
jinja2
markdown
markupsafe

6
pkgs/development/python-modules/mypy-boto3/default.nix
View File

@ -157,7 +157,7 @@ rec {
mypy-boto3-cloudtrail-data = buildMypyBoto3Package "cloudtrail-data" "1.34.0" "sha256-ACiJrI+VTHr06i8PKgDY/K8houFUZQNS1lluouadCTQ=";
mypy-boto3-cloudwatch = buildMypyBoto3Package "cloudwatch" "1.34.40" "sha256-M/C3Rzie5dcv6TGVl7ilI5WiT1uYFrCGL+7Fga+xSLw=";
mypy-boto3-cloudwatch = buildMypyBoto3Package "cloudwatch" "1.34.75" "sha256-Q0Qz809o6FcN5OVotLLF3fgebt+2mbFnhfBCKTZO0aU=";
mypy-boto3-codeartifact = buildMypyBoto3Package "codeartifact" "1.34.68" "sha256-Ey0cmx0OxN1/VXIyvn0EOBP9qYIuc/XyFVZniHLaNEY=";
@ -277,7 +277,7 @@ rec {
mypy-boto3-elbv2 = buildMypyBoto3Package "elbv2" "1.34.63" "sha256-snXMLMHLEpJjfX1GJp6FfYgIjkS8vkbf/hESBdhxIfk=";
mypy-boto3-emr = buildMypyBoto3Package "emr" "1.34.44" "sha256-zM1VpAaBSxqdZiSrNiaAKfvliNRXMLEmvFvXcFmkZO0=";
mypy-boto3-emr = buildMypyBoto3Package "emr" "1.34.75" "sha256-Irxd4i5b1bbZuWBhXfLOuvoS1X5SoZH8GsgbQyy3UrY=";
mypy-boto3-emr-containers = buildMypyBoto3Package "emr-containers" "1.34.70" "sha256-uZADsQWfrkoVrQZosfqogcKERWsykIqdk+tJpgmcai4=";
@ -435,7 +435,7 @@ rec {
mypy-boto3-license-manager-user-subscriptions = buildMypyBoto3Package "license-manager-user-subscriptions" "1.34.0" "sha256-PR+u+i5zSHFTN6+GuOcWBcON1E2SNABbPavByXz3unE=";
mypy-boto3-lightsail = buildMypyBoto3Package "lightsail" "1.34.41" "sha256-Y7Zg/eorUegxh+Br+ULbedzGskkHKR2opnEEDpfBVk0=";
mypy-boto3-lightsail = buildMypyBoto3Package "lightsail" "1.34.75" "sha256-ICBUixptVS5sWBHgYms9GgrY2XQblTZkq3Qr614qZMc=";
mypy-boto3-location = buildMypyBoto3Package "location" "1.34.18" "sha256-rsjIGenXgdEdgxvilA3IKJkYkpDDQNDfjDQRoj/mxSU=";

14
pkgs/development/python-modules/neo4j/default.nix
View File

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "neo4j";
version = "5.18.0";
version = "5.19.0";
pyproject = true;
disabled = pythonOlder "3.7";
@ -21,22 +21,22 @@ buildPythonPackage rec {
owner = "neo4j";
repo = "neo4j-python-driver";
rev = "refs/tags/${version}";
hash = "sha256-rp0N2k23WZ86hqqz4ByW5gdyU2eYLVppyEJEdY/Yk8w=";
hash = "sha256-bI6LIzh2+Kf6IIWEt1vT0E821lAPy/Nj2hkeAnRfV4M=";
};
postPatch = ''
# The dynamic versioning adds a postfix (.dev0) to the version
substituteInPlace pyproject.toml \
--replace '"tomlkit ~= 0.11.6"' '"tomlkit >= 0.11.6"' \
--replace 'dynamic = ["version", "readme"]' 'dynamic = ["readme"]' \
--replace '#readme = "README.rst"' 'version = "${version}"'
--replace-fail '"tomlkit ~= 0.11.6"' '"tomlkit >= 0.11.6"' \
--replace-fail 'dynamic = ["version", "readme"]' 'dynamic = ["readme"]' \
--replace-fail '#readme = "README.rst"' 'version = "${version}"'
'';
nativeBuildInputs = [
build-system = [
setuptools
];
propagatedBuildInputs = [
dependencies = [
pytz
tomlkit
];

4
pkgs/development/python-modules/netdata/default.nix
View File

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "netdata";
version = "1.1.0";
version = "1.2.0";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "home-assistant-ecosystem";
repo = "python-netdata";
rev = "refs/tags/${version}";
hash = "sha256-XWlUSKGgndHtJjzA0mYvhCkJsRJ1SUbl8DGdmyFUmoo=";
hash = "sha256-ViiGh5CsRpMJ6zvPmje+eB5LuO6t47bjObaYh5a2Kw8=";
};
nativeBuildInputs = [

9
pkgs/development/python-modules/nuitka/default.nix
View File

@ -7,27 +7,28 @@
, python3
, setuptools
, zstandard
, wheel
}:
buildPythonPackage rec {
pname = "nuitka";
version = "1.8.4";
version = "2.1.4";
pyproject = true;
src = fetchFromGitHub {
owner = "Nuitka";
repo = "Nuitka";
rev = version;
hash = "sha256-spa3V9KEjqmwnHSuxLLIu9hJk5PrRwNyOw72sfxBVKo=";
hash = "sha256-bV5zTYwhR/3dTM1Ij+aC6TbcPODZ5buwQi7xN8axZi0=";
};
# default lto off for darwin
patches = [ ./darwin-lto.patch ];
nativeBuildInputs = [ setuptools ];
build-system = [ setuptools wheel ];
nativeCheckInputs = [ ccache ];
propagatedBuildInputs = [
dependencies = [
ordered-set
zstandard
];

7
pkgs/development/python-modules/orbax-checkpoint/default.nix
View File

@ -22,7 +22,7 @@
buildPythonPackage rec {
pname = "orbax-checkpoint";
version = "0.5.5";
version = "0.5.7";
pyproject = true;
disabled = pythonOlder "3.9";
@ -30,7 +30,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "orbax_checkpoint";
inherit version;
hash = "sha256-zry5byLxFzah+e52x4yIi6roU3Jox/9mY62cujB2xlU=";
hash = "sha256-3hRUm4mSIKT0RUU5Z8GsLXFluBUlM0JYd0YAXwOpgTs=";
};
nativeBuildInputs = [
@ -60,6 +60,7 @@ buildPythonPackage rec {
pythonImportsCheck = [
"orbax"
"orbax.checkpoint"
];
disabledTestPaths = [
@ -73,6 +74,6 @@ buildPythonPackage rec {
homepage = "https://github.com/google/orbax/tree/main/checkpoint";
changelog = "https://github.com/google/orbax/blob/${version}/CHANGELOG.md";
license = licenses.asl20;
maintainers = with maintainers; [fab ];
maintainers = with maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/oslo-log/default.nix
View File

@ -17,7 +17,7 @@
buildPythonPackage rec {
pname = "oslo-log";
version = "5.5.0";
version = "5.5.1";
format = "setuptools";
disabled = pythonOlder "3.8";
@ -25,7 +25,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "oslo.log";
inherit version;
hash = "sha256-TO3RZpx94o2OZrZ6X21sb+g5KFNfqHzWm/ZhG1n1Z+c=";
hash = "sha256-SEFIUSxdsqizXIPNmX6ZU3Vf2L+oqvbuDMjHrrdCkhA=";
};
propagatedBuildInputs = [

6
pkgs/development/python-modules/peaqevcore/default.nix
View File

@ -7,21 +7,21 @@
buildPythonPackage rec {
pname = "peaqevcore";
version = "19.7.7";
version = "19.7.12";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-HJ+8EpxcMhUPJILapNk9esA0iUm8PiHPDm3MmBQDny4=";
hash = "sha256-/oo24hOH2aIXZH0CwmgTNIvA2MJWvOR084rZEOdldGM=";
};
postPatch = ''
sed -i "/extras_require/d" setup.py
'';
nativeBuildInputs = [
build-system = [
setuptools
];

4
pkgs/development/python-modules/piccolo-theme/default.nix
View File

@ -2,13 +2,13 @@
buildPythonPackage rec {
pname = "piccolo-theme";
version = "0.20.0";
version = "0.21.0";
format = "setuptools";
src = fetchPypi {
pname = "piccolo_theme";
inherit version;
hash = "sha256-/I6Q///oZ1OlSQEOwQ4KtUuj73ra6poyDhfhiF5nJrE=";
hash = "sha256-mQqZ6Rwx0VoDBVQ0zbvCOmAMKAMv67Xd1ksYW6w2QPM=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/pipenv-poetry-migrate/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "pipenv-poetry-migrate";
version = "0.5.4";
version = "0.5.5";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "yhino";
repo = "pipenv-poetry-migrate";
rev = "refs/tags/v${version}";
hash = "sha256-5qOOklwjTGrlvaPg7hVYLAAHvQ7633VAt3L2PHw2V9U=";
hash = "sha256-6K8rTfASpK7OvBwUy40X6xzgpfWL7lIJvpfRiGfBK6U=";
};
nativeBuildInputs = [

8
pkgs/development/python-modules/ring-doorbell/default.nix
View File

@ -18,7 +18,7 @@
buildPythonPackage rec {
pname = "ring-doorbell";
version = "0.8.8";
version = "0.8.9";
pyproject = true;
disabled = pythonOlder "3.8";
@ -26,14 +26,14 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "ring_doorbell";
inherit version;
hash = "sha256-Rz12Qpawi4/u14ywJGt9Yw7IqjYP4bg6zNr9oN3iQxQ=";
hash = "sha256-FUPXia4lCDJDbzEzuewa5ShiIm0EvOrDE8GGZxYWvhk=";
};
nativeBuildInputs = [
build-system = [
poetry-core
];
propagatedBuildInputs = [
dependencies = [
asyncclick
oauthlib
pytz

4
pkgs/development/python-modules/tencentcloud-sdk-python/default.nix
View File

@ -9,7 +9,7 @@
buildPythonPackage rec {
pname = "tencentcloud-sdk-python";
version = "3.0.1121";
version = "3.0.1122";
pyproject = true;
disabled = pythonOlder "3.9";
@ -18,7 +18,7 @@ buildPythonPackage rec {
owner = "TencentCloud";
repo = "tencentcloud-sdk-python";
rev = "refs/tags/${version}";
hash = "sha256-McSF0s6ACEDSrfOBCBVT2yEoUmKKeYiPoQpLoc5hHDU=";
hash = "sha256-rJpgtyBVJn6jURSSEVlT4BadDTr9npeISgKtQdQdgnM=";
};
build-system = [

15
pkgs/development/python-modules/volkszaehler/default.nix
View File

@ -4,23 +4,28 @@
, buildPythonPackage
, fetchFromGitHub
, pythonOlder
, setuptools
}:
buildPythonPackage rec {
pname = "volkszaehler";
version = "0.4.0";
format = "setuptools";
version = "0.5.0";
pyproject = true;
disabled = pythonOlder "3.9";
disabled = pythonOlder "3.10";
src = fetchFromGitHub {
owner = "home-assistant-ecosystem";
repo = "python-volkszaehler";
rev = "refs/tags/${version}";
hash = "sha256-jX0nwBsBYU383LG8f08FVI7Lo9gnyPSQ0fiEF8dQc/M=";
hash = "sha256-7SB0x0BO9SMeMG1M/hH4fX7oDbtwPgCzyRrrUq1/WPo=";
};
propagatedBuildInputs = [
nativeBuildInputs = [
setuptools
];
dependencies = [
aiohttp
async-timeout
];

14
pkgs/development/python-modules/whenever/default.nix
View File

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "whenever";
version = "0.5.0";
version = "0.5.1";
pyproject = true;
disabled = pythonOlder "3.8";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "ariebovenberg";
repo = "whenever";
rev = "refs/tags/${version}";
hash = "sha256-5Ik9+i5T5ztb+2zqFZ+SBmrZFLDxji66e3lK0z2w92c=";
hash = "sha256-RH2614M91zYULNTQsr6JoKfxlnGyAJsCkB7oeiz7urs=";
};
postPatch = ''
@ -31,18 +31,16 @@ buildPythonPackage rec {
--replace-fail '--benchmark-disable' '#--benchmark-disable'
'';
nativeBuildInputs = [
build-system = [
poetry-core
];
propagatedBuildInputs = [
dependencies = [
tzdata
] ++ lib.optionals (pythonOlder "3.9") [
backports-zoneinfo
];
pythonImportsCheck = [ "whenever" ];
nativeCheckInputs = [
pytestCheckHook
pytest-mypy-plugins
@ -50,6 +48,10 @@ buildPythonPackage rec {
freezegun
];
pythonImportsCheck = [
"whenever"
];
# early TDD, many tests are failing
# TODO: try enabling on bump
doCheck = false;

4
pkgs/development/tools/algolia-cli/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "algolia-cli";
version = "1.6.5";
version = "1.6.6";
src = fetchFromGitHub {
owner = "algolia";
repo = "cli";
rev = "v${version}";
hash = "sha256-bS/xSrb1vCeYuDZj8NwEyclbYMXlejAxIoItEX8YnOs=";
hash = "sha256-yLsyby3u1oz5fnQ/zQ0sjy2w+Pv0KHySojsDc4vnFF0=";
};
vendorHash = "sha256-cNuBTH7L2K4TgD0H9FZ9CjhE5AGXADaniGLD9Lhrtrk=";

4
pkgs/development/tools/analysis/checkov/default.nix
View File

@ -5,14 +5,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "checkov";
version = "3.2.50";
version = "3.2.51";
pyproject = true;
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = "checkov";
rev = "refs/tags/${version}";
hash = "sha256-XOH4RrkyjTZY1N5XSR71GEGofPgqI7XkE8c3/ojoHGI=";
hash = "sha256-aUu1sxP4YUuF2E4oPh8QJ/hpqLSvAz0aYei+QSj9qqQ=";
};
patches = [

4
pkgs/development/tools/build-managers/gradle/default.nix
View File

@ -160,9 +160,9 @@ rec {
# https://docs.gradle.org/current/userguide/compatibility.html
gradle_8 = gen {
version = "8.6";
version = "8.7";
nativeVersion = "0.22-milestone-25";
hash = "sha256-ljHVPPPnS/pyaJOu4fiZT+5OBgxAEzWUbbohVvRA8kw=";
hash = "sha256-VEw11r2Emuil7QvOo5umd9xA9J330YNVYVgtogCblh0=";
defaultJava = jdk21;
};

4
pkgs/development/tools/build-managers/rake/Gemfile.lock
View File

@ -1,7 +1,7 @@
GEM
remote: https://rubygems.org/
specs:
rake (13.1.0)
rake (13.2.0)
PLATFORMS
ruby
@ -10,4 +10,4 @@ DEPENDENCIES
rake
BUNDLED WITH
2.5.3
2.5.6

1
pkgs/development/tools/build-managers/rake/default.nix
View File

@ -13,5 +13,6 @@ bundlerApp {
license = with licenses; mit;
maintainers = with maintainers; [ manveru nicknovitski ];
platforms = platforms.unix;
mainProgram = "rake";
};
}

4
pkgs/development/tools/build-managers/rake/gemset.nix
View File

@ -4,9 +4,9 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1ilr853hawi09626axx0mps4rkkmxcs54mapz9jnqvpnlwd3wsmy";
sha256 = "0lwv4rniry7k9dvz1n462d7j0dq9mrl6a95y6cvs6139h0ksxhgn";
type = "gem";
};
version = "13.1.0";
version = "13.2.0";
};
}

6
pkgs/development/tools/phpactor/default.nix
View File

@ -6,16 +6,16 @@
php.buildComposerProject (finalAttrs: {
pname = "phpactor";
version = "2023.12.03.0";
version = "2024.03.09.0";
src = fetchFromGitHub {
owner = "phpactor";
repo = "phpactor";
rev = finalAttrs.version;
hash = "sha256-zLSGzaUzroWkvFNCj3uA9KdZ3K/EIQOZ7HzV6Ms5/BE=";
hash = "sha256-1QPBq8S3mOkSackXyCuFdoxfAdUQaRuUfoOfKOGuiR0=";
};
vendorHash = "sha256-0jvWbQubPXDhsXqEp8q5R0Y7rQX3UiccGDF3HDBeh7o=";
vendorHash = "sha256-9YN+fy+AvNnF0Astrirpewjmh/bSINAhW9fLvN5HGGI=";
nativeBuildInputs = [ installShellFiles ];

6
pkgs/development/tools/pscale/default.nix
View File

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "pscale";
version = "0.186.0";
version = "0.191.0";
src = fetchFromGitHub {
owner = "planetscale";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-LXUvVctOFreDlIozA17pfDblZ6QugVA/dJ+IKE3fBeY=";
sha256 = "sha256-+QGzLPJQbIql5Xomve/v3vGB5kdCDamxkRM6weIZMMw=";
};
vendorHash = "sha256-ubMr2gm4t0731niC2Mx1Lcmdl48SUVjfoIWbtgt3X+I=";
vendorHash = "sha256-dcMKi12YFTpQShGRm97Zptiw9JK55CAXm0r8UG+c1Dg=";
ldflags = [
"-s" "-w"

4
pkgs/development/tools/quilt/default.nix
View File

@ -18,11 +18,11 @@
stdenv.mkDerivation rec {
pname = "quilt";
version = "0.67";
version = "0.68";
src = fetchurl {
url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz";
sha256 = "sha256-O+O+CYfnKmw2Rni7gn4+H8wQMitWvF8CtXZpj1UBPMI=";
sha256 = "sha256-/owJ3gPBBuhbNzfI8DreFHyVa3ntevSFocijhY2zhCY=";
};
nativeBuildInputs = [ makeWrapper ];

6
pkgs/development/tools/rain/default.nix
View File

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "rain";
version = "1.8.2";
version = "1.8.3";
src = fetchFromGitHub {
owner = "aws-cloudformation";
repo = pname;
rev = "v${version}";
sha256 = "sha256-QJAcIk+XPQF5iLlcK62t2htOVjne3K/74Am0pvLS1r8=";
sha256 = "sha256-l5Exm31pQlmYh9VizdrARFgtIxb48ALR1IYaNFfCMWk=";
};
vendorHash = "sha256-+UJyPwb4/KPeXyrsGQvX2SfYWfTeoR93WGyTTBf3Ya8=";
vendorHash = "sha256-PjdM52qCR7zVjQDRWwGXcJwqLYUt9LTi9SX85A4z2SA=";
subPackages = [ "cmd/rain" ];

6
pkgs/development/tools/rust/cargo-public-api/default.nix
View File

@ -10,14 +10,14 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-public-api";
version = "0.34.0";
version = "0.34.1";
src = fetchCrate {
inherit pname version;
hash = "sha256-xD+0eplrtrTlYYnfl1R6zIO259jP18OAp9p8eg1CqbI=";
hash = "sha256-fNQ4FfOaS38KGhI/hCRLdtYmb0FXkoXyJsbcT+1K6Ow=";
};
cargoHash = "sha256-EjMzOilTnPSC7FYxrNBxX+sugYvPIxiCzlwQcl3VMog=";
cargoHash = "sha256-DwhaVn6nuy2KbXaRcIUQN6iS85ONwAbCWX+vxfa0F7U=";
nativeBuildInputs = [ pkg-config ];

6
pkgs/development/tools/typos/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "typos";
version = "1.20.1";
version = "1.20.3";
src = fetchFromGitHub {
owner = "crate-ci";
repo = pname;
rev = "v${version}";
hash = "sha256-X9m+2zJsHYbek/G9oyH3394/StolG3cDjVigTJZNzu0=";
hash = "sha256-0z00e8lRDA/KdAPGAwOGlRXgpXkag4htZ+ykXEAmtJE=";
};
cargoHash = "sha256-eCcuDfolsjv6Xt+sqo8VxWZhy5DLoukuI9rQiNXrUVs=";
cargoHash = "sha256-8XWU7/z1LhfB5rp9LKqdaoaORF68ZI5Pl8zkrxKSQQE=";
meta = with lib; {
description = "Source code spell checker";

4
pkgs/misc/fastly/default.nix
View File

@ -10,13 +10,13 @@
buildGoModule rec {
pname = "fastly";
version = "10.8.8";
version = "10.8.9";
src = fetchFromGitHub {
owner = "fastly";
repo = "cli";
rev = "refs/tags/v${version}";
hash = "sha256-GdreswHR+avk5AYJwcoxqF/MlrcHX9NLNpgST5+0kVc=";
hash = "sha256-s3tsLCON8F1N7pK7xp8Fwmo8KNctmUnA7I1MxhQeDtA=";
# The git commit is part of the `fastly version` original output;
# leave that output the same in nixpkgs. Use the `.git` directory
# to retrieve the commit SHA, and remove the directory afterwards,

39
pkgs/os-specific/darwin/insert_dylib/default.nix
View File

@ -1,22 +1,43 @@
{ lib, stdenv, fetchFromGitHub, xcbuildHook }:
{
lib,
stdenv,
fetchFromGitHub,
}:
stdenv.mkDerivation {
pname = "insert_dylib";
version = "unstable-2016-08-28";
pname = "insert-dylib";
version = "0-unstable-2016-08-28";
src = fetchFromGitHub {
owner = "Tyilo";
repo = "insert_dylib";
rev = "c8beef66a08688c2feeee2c9b6eaf1061c2e67a9";
sha256 = "0az38y06pvvy9jf2wnzdwp9mp98lj6nr0ldv0cs1df5p9x2qvbya";
hash = "sha256-yq+NRU+3uBY0A7tRkK2RFKVb0+XtWy6cTH7va4BH4ys=";
};
nativeBuildInputs = [ xcbuildHook ];
buildPhase = ''
runHook preBuild
installPhase = ''
mkdir -p $out/bin
install -m755 Products/Release/insert_dylib $out/bin
mkdir -p Products/Release
$CC -o Products/Release/insert_dylib insert_dylib/main.c
runHook postBuild
'';
meta.platforms = lib.platforms.darwin;
installPhase = ''
runHook preInstall
install -Dm755 Products/Release/insert_dylib -t $out/bin
runHook postInstall
'';
meta = {
description = "Command line utility for inserting a dylib load command into a Mach-O binary";
homepage = "https://github.com/tyilo/insert_dylib";
license = lib.licenses.unfree; # no license specified
mainProgram = "insert_dylib";
maintainers = with lib.maintainers; [ wegank ];
platforms = lib.platforms.darwin;
};
}

4
pkgs/servers/http/unit/default.nix
View File

@ -28,14 +28,14 @@ let
php82-unit = php82.override phpConfig;
in stdenv.mkDerivation rec {
version = "1.32.0";
version = "1.32.1";
pname = "unit";
src = fetchFromGitHub {
owner = "nginx";
repo = pname;
rev = version;
sha256 = "sha256-u693Q6Gp8lFm3DX1q5i6W021bxD962NGBGDRxUtvGrk=";
sha256 = "sha256-YqejETJTbnmXoPsYITJ6hSnd1fIWUc1p5FldYkw2HQI=";
};
nativeBuildInputs = [ which ];

4
pkgs/servers/search/opensearch/default.nix
View File

@ -11,11 +11,11 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "opensearch";
version = "2.12.0";
version = "2.13.0";
src = fetchurl {
url = "https://artifacts.opensearch.org/releases/bundle/opensearch/${finalAttrs.version}/opensearch-${finalAttrs.version}-linux-x64.tar.gz";
hash = "sha256-t9s633qDzxvG1x+VVATpczzvD+ojnfTiwB/EambMKtA=";
hash = "sha256-cF2JZX5psuh7h8acazK9tcjNu6wralJtliwqaBnd/V8=";
};
nativeBuildInputs = [

4
pkgs/servers/sql/postgresql/ext/pg_partman.nix
View File

@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "pg_partman";
version = "5.0.1";
version = "5.1.0";
buildInputs = [ postgresql ];
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
owner = "pgpartman";
repo = pname;
rev = "refs/tags/v${version}";
sha256 = "sha256-sJODpyRgqpeg/Lb584wNgCCFRaH22ELcbof1bA612aw=";
sha256 = "sha256-GrVOJ5ywZMyqyDroYDLdKkXDdIJSDGhDfveO/ZvrmYs=";
};
installPhase = ''

4
pkgs/servers/ttyd/default.nix
View File

@ -8,12 +8,12 @@ with builtins;
stdenv.mkDerivation rec {
pname = "ttyd";
version = "1.7.4";
version = "1.7.5";
src = fetchFromGitHub {
owner = "tsl0922";
repo = pname;
rev = "refs/tags/${version}";
sha256 = "sha256-BNvJkDOSlcNXt5W9/3/4I+MhQYn0W37zrJRYpAoZWaA=";
sha256 = "sha256-ci6PLrFQa/aX48kjAqQfCtOOhS06ikfEtYoCgmGhGdU=";
};
nativeBuildInputs = [ pkg-config cmake xxd ];

6
pkgs/servers/web-apps/changedetection-io/default.nix
View File

@ -5,19 +5,19 @@
python3.pkgs.buildPythonApplication rec {
pname = "changedetection-io";
version = "0.45.16";
version = "0.45.17";
format = "setuptools";
src = fetchFromGitHub {
owner = "dgtlmoon";
repo = "changedetection.io";
rev = version;
hash = "sha256-ln522U3XqZfhvLvMEzrqXV3SjhpgnrRk2MxQQRBL5VU=";
hash = "sha256-3LaNZourDjFjdSh5+hwc2l2DRMEI/rbfyksFD9uUebg=";
};
postPatch = ''
substituteInPlace requirements.txt \
--replace "apprise~=1.7.1" "apprise" \
--replace "apprise~=1.7.4" "apprise" \
--replace "cryptography~=3.4" "cryptography" \
--replace "dnspython~=2.4" "dnspython" \
--replace "pytest ~=7.2" "" \

6
pkgs/servers/xandikos/default.nix
View File

@ -6,7 +6,7 @@
python3Packages.buildPythonApplication rec {
pname = "xandikos";
version = "0.2.10";
version = "0.2.11";
format = "pyproject";
disabled = python3Packages.pythonOlder "3.9";
@ -14,8 +14,8 @@ python3Packages.buildPythonApplication rec {
src = fetchFromGitHub {
owner = "jelmer";
repo = "xandikos";
rev = "v${version}";
hash = "sha256-SqU/K3b8OML3PvFmP7L5R3Ub9vbW66xRpf79mgFZPfc=";
rev = "refs/tags/v${version}";
hash = "sha256-cBsceJ6tib8OYx5L2Hv2AqRS+ADRSLIuJGIULNpAmEI=";
};
nativeBuildInputs = with python3Packages; [

4
pkgs/tools/admin/trinsic-cli/default.nix
View File

@ -2,11 +2,11 @@
rustPlatform.buildRustPackage rec {
pname = "trinsic-cli";
version = "1.13.0";
version = "1.14.0";
src = fetchurl {
url = "https://github.com/trinsic-id/sdk/releases/download/v${version}/trinsic-cli-vendor-${version}.tar.gz";
sha256 = "sha256-uW4PNlDfyxzec9PzfXr25gPrFZQGr8qm0jLMOeIazoE=";
sha256 = "sha256-lPw55QcGMvY2YRYJGq4WC0fPbKiika4NF55tlb+i6So=";
};
cargoVendorDir = "vendor";

4
pkgs/tools/backup/zfs-replicate/default.nix
View File

@ -11,12 +11,12 @@
buildPythonApplication rec {
pname = "zfs_replicate";
version = "3.2.11";
version = "3.2.12";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-8u65Ht7s2RqBYetKf/3erb6B2+/iZgnqHBogYa4J/rs=";
hash = "sha256-Pyn/ehXVb5knHS1A/MFTYE0t+IVgtBe1dAnYdaHutyk=";
};
postPatch = ''

7
pkgs/tools/misc/ollama/cmake-include.patch
View File

@ -1,7 +0,0 @@
--- a/llm/llama.cpp/examples/server/CMakeLists.txt
+++ b/llm/llama.cpp/examples/server/CMakeLists.txt
@@ -11,3 +11,4 @@
TARGET_LINK_LIBRARIES(${TARGET} PRIVATE ws2_32)
endif()
target_compile_features(${TARGET} PRIVATE cxx_std_11)
+include (../../../ext_server/CMakeLists.txt) # ollama

72
pkgs/tools/misc/ollama/default.nix
View File

@ -28,14 +28,32 @@
let
pname = "ollama";
version = "0.1.29";
# don't forget to invalidate all hashes each update
version = "0.1.30";
src = fetchFromGitHub {
owner = "jmorganca";
repo = "ollama";
rev = "v${version}";
hash = "sha256-M2G53DJF/22ZVCAb4jGjyErKO6q2argehHSV7AEef6w=";
hash = "sha256-+cdYT5NUf00Rx0fpCvWUNg4gi+PAOmZVDUdB3omibm0=";
fetchSubmodules = true;
};
vendorHash = "sha256-Lj7CBvS51RqF63c01cOCgY7BCQeCKGu794qzb/S80C0=";
# ollama's patches of llama.cpp's example server
# `ollama/llm/generate/gen_common.sh` -> "apply temporary patches until fix is upstream"
# each update, these patches should be synchronized with the contents of `ollama/llm/patches/`
llamacppPatches = [
(preparePatch "03-load_exception.diff" "sha256-1DfNahFYYxqlx4E4pwMKQpL+XR0bibYnDFGt6dCL4TM=")
(preparePatch "04-locale.diff" "sha256-r5nHiP6yN/rQObRu2FZIPBKpKP9yByyZ6sSI2SKj6Do=")
];
preparePatch = patch: hash: fetchpatch {
url = "file://${src}/llm/patches/${patch}";
inherit hash;
stripLen = 1;
extraPrefix = "llm/llama.cpp/";
};
validAccel = lib.assertOneOf "ollama.acceleration" acceleration [ null "rocm" "cuda" ];
@ -45,6 +63,7 @@ let
enableRocm = validAccel && (acceleration == "rocm") && (warnIfNotLinux "rocm");
enableCuda = validAccel && (acceleration == "cuda") && (warnIfNotLinux "cuda");
rocmClang = linkFarm "rocm-clang" {
llvm = rocmPackages.llvm.clang;
};
@ -94,12 +113,6 @@ let
buildGo122Module.override { stdenv = overrideCC stdenv gcc12; }
else
buildGo122Module;
preparePatch = patch: hash: fetchpatch {
url = "file://${src}/llm/patches/${patch}";
inherit hash;
stripLen = 1;
extraPrefix = "llm/llama.cpp/";
};
inherit (lib) licenses platforms maintainers;
in
goBuild ((lib.optionalAttrs enableRocm {
@ -110,8 +123,7 @@ goBuild ((lib.optionalAttrs enableRocm {
CUDACXX = "${cudaToolkit}/bin/nvcc";
CUDAToolkit_ROOT = cudaToolkit;
}) // {
inherit pname version src;
vendorHash = "sha256-Lj7CBvS51RqF63c01cOCgY7BCQeCKGu794qzb/S80C0=";
inherit pname version src vendorHash;
nativeBuildInputs = [
cmake
@ -133,31 +145,20 @@ goBuild ((lib.optionalAttrs enableRocm {
metalFrameworks;
patches = [
# remove uses of `git` in the `go generate` script
# instead use `patch` where necessary
./remove-git.patch
# replace a hardcoded use of `g++` with `$CXX`
./replace-gcc.patch
# ollama's patches of llama.cpp's example server
# `ollama/llm/generate/gen_common.sh` -> "apply temporary patches until fix is upstream"
(preparePatch "01-cache.diff" "sha256-VDwu/iK6taBCyscpndQiOJ3eGqonnLVwmS2rJNMBVGU=")
(preparePatch "02-cudaleaks.diff" "sha256-nxsWgrePUMsZBWWQAjqVHWMJPzr1owH1zSJvUU7Q5pA=")
(preparePatch "03-load_exception.diff" "sha256-1DfNahFYYxqlx4E4pwMKQpL+XR0bibYnDFGt6dCL4TM=")
(preparePatch "04-locale.diff" "sha256-r5nHiP6yN/rQObRu2FZIPBKpKP9yByyZ6sSI2SKj6Do=")
(preparePatch "05-fix-clip-free.diff" "sha256-EFZ+QTtZCvstVxYgVdFKHsQqdkL98T0eXOEBOqCrlL4=")
];
# disable uses of `git` in the `go generate` script
# ollama's build script assumes the source is a git repo, but nix removes the git directory
# this also disables necessary patches contained in `ollama/llm/patches/`
# those patches are added to `llamacppPatches`, and reapplied here in the patch phase
./disable-git.patch
] ++ llamacppPatches;
postPatch = ''
# use a patch from the nix store in the `go generate` script
substituteInPlace llm/generate/gen_common.sh \
--subst-var-by cmakeIncludePatch '${./cmake-include.patch}'
# `ollama/llm/generate/gen_common.sh` -> "avoid duplicate main symbols when we link into the cgo binary"
substituteInPlace llm/llama.cpp/examples/server/server.cpp \
--replace-fail 'int main(' 'int __main('
# replace a hardcoded use of `g++` with `$CXX` so clang can be used on darwin
substituteInPlace llm/generate/gen_common.sh --replace-fail 'g++' '$CXX'
# replace inaccurate version number with actual release version
substituteInPlace version/version.go --replace-fail 0.0.0 '${version}'
'';
preBuild = ''
# disable uses of `git`, since nix removes the git directory
export OLLAMA_SKIP_PATCHING=true
# build llama.cpp libraries for ollama
go generate ./...
@ -168,9 +169,10 @@ goBuild ((lib.optionalAttrs enableRocm {
'' + lib.optionalString (enableRocm || enableCuda) ''
# expose runtime libraries necessary to use the gpu
mv "$out/bin/ollama" "$out/bin/.ollama-unwrapped"
makeWrapper "$out/bin/.ollama-unwrapped" "$out/bin/ollama" \
--suffix LD_LIBRARY_PATH : '/run/opengl-driver/lib:${lib.makeLibraryPath runtimeLibs}' '' + lib.optionalString enableRocm ''\
--set-default HIP_PATH ${rocmPath}
makeWrapper "$out/bin/.ollama-unwrapped" "$out/bin/ollama" ${
lib.optionalString enableRocm
''--set-default HIP_PATH '${rocmPath}' ''} \
--suffix LD_LIBRARY_PATH : '/run/opengl-driver/lib:${lib.makeLibraryPath runtimeLibs}'
'';
ldflags = [
@ -191,9 +193,9 @@ goBuild ((lib.optionalAttrs enableRocm {
};
meta = {
changelog = "https://github.com/ollama/ollama/releases/tag/v${version}";
description = "Get up and running with large language models locally";
homepage = "https://github.com/jmorganca/ollama";
homepage = "https://github.com/ollama/ollama";
changelog = "https://github.com/ollama/ollama/releases/tag/v${version}";
license = licenses.mit;
platforms = platforms.unix;
mainProgram = "ollama";

Some files were not shown because too many files have changed in this diff Show More