diff --git a/doc/build-helpers/fetchers.chapter.md b/doc/build-helpers/fetchers.chapter.md index 5c7c3257e6d4..65177641a36e 100644 --- a/doc/build-helpers/fetchers.chapter.md +++ b/doc/build-helpers/fetchers.chapter.md @@ -1,66 +1,161 @@ # Fetchers {#chap-pkgs-fetchers} Building software with Nix often requires downloading source code and other files from the internet. -To this end, Nixpkgs provides *fetchers*: functions to obtain remote sources via various protocols and services. +To this end, we use functions that we call _fetchers_, which obtain remote sources via various protocols and services. + +Nix provides built-in fetchers such as [`builtins.fetchTarball`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchTarball). +Nixpkgs provides its own fetchers, which work differently: -Nixpkgs fetchers differ from built-in fetchers such as [`builtins.fetchTarball`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchTarball): - A built-in fetcher will download and cache files at evaluation time and produce a [store path](https://nixos.org/manual/nix/stable/glossary#gloss-store-path). - A Nixpkgs fetcher will create a ([fixed-output](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation)) [derivation](https://nixos.org/manual/nix/stable/language/derivations), and files are downloaded at build time. + A Nixpkgs fetcher will create a ([fixed-output](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation)) [derivation](https://nixos.org/manual/nix/stable/glossary#gloss-derivation), and files are downloaded at build time. - Built-in fetchers will invalidate their cache after [`tarball-ttl`](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-tarball-ttl) expires, and will require network activity to check if the cache entry is up to date. - Nixpkgs fetchers only re-download if the specified hash changes or the store object is not otherwise available. + Nixpkgs fetchers only re-download if the specified hash changes or the store object is not available. - Built-in fetchers do not use [substituters](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-substituters). Derivations produced by Nixpkgs fetchers will use any configured binary cache transparently. -This significantly reduces the time needed to evaluate the entirety of Nixpkgs, and allows [Hydra](https://nixos.org/hydra) to retain and re-distribute sources used by Nixpkgs in the [public binary cache](https://cache.nixos.org). -For these reasons, built-in fetchers are not allowed in Nixpkgs source code. +This significantly reduces the time needed to evaluate Nixpkgs, and allows [Hydra](https://nixos.org/hydra) to retain and re-distribute sources used by Nixpkgs in the [public binary cache](https://cache.nixos.org). +For these reasons, Nix's built-in fetchers are not allowed in Nixpkgs. -The following table shows an overview of the differences: +The following table summarises the differences: | Fetchers | Download | Output | Cache | Re-download when | |-|-|-|-|-| | `builtins.fetch*` | evaluation time | store path | `/nix/store`, `~/.cache/nix` | `tarball-ttl` expires, cache miss in `~/.cache/nix`, output store object not in local store | | `pkgs.fetch*` | build time | derivation | `/nix/store`, substituters | output store object not available | +:::{.tip} +`pkgs.fetchFrom*` helpers retrieve _snapshots_ of version-controlled sources, as opposed to the entire version history, which is more efficient. +`pkgs.fetchgit` by default also has the same behaviour, but can be changed through specific attributes given to it. +::: + ## Caveats {#chap-pkgs-fetchers-caveats} -The fact that the hash belongs to the Nix derivation output and not the file itself can lead to confusion. -For example, consider the following fetcher: +Because Nixpkgs fetchers are fixed-output derivations, an [output hash](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-outputHash) has to be specified, usually indirectly through a `hash` attribute. +This hash refers to the derivation output, which can be different from the remote source itself! -```nix -fetchurl { - url = "http://www.example.org/hello-1.0.tar.gz"; - hash = "sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww="; -} -``` +This has the following implications that you should be aware of: -A common mistake is to update a fetcher’s URL, or a version parameter, without updating the hash. +- Use Nix (or Nix-aware) tooling to produce the output hash. -```nix -fetchurl { - url = "http://www.example.org/hello-1.1.tar.gz"; - hash = "sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww="; -} -``` +- When changing any fetcher parameters, always update the output hash. + Use one of the methods from [](#sec-pkgs-fetchers-updating-source-hashes). + Otherwise, existing store objects that match the output hash will be re-used rather than fetching new content. -**This will reuse the old contents**. -Remember to invalidate the hash argument, in this case by setting the `hash` attribute to an empty string. + :::{.note} + A similar problem arises while testing changes to a fetcher's implementation. + If the output of the derivation already exists in the Nix store, test failures can go undetected. + The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations. + ::: -```nix -fetchurl { - url = "http://www.example.org/hello-1.1.tar.gz"; - hash = ""; -} -``` +## Updating source hashes {#sec-pkgs-fetchers-updating-source-hashes} -Use the resulting error message to determine the correct hash. +There are several ways to obtain the hash corresponding to a remote source. +Unless you understand how the fetcher you're using calculates the hash from the downloaded contents, you should use [the fake hash method](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method). -``` -error: hash mismatch in fixed-output derivation '/path/to/my.drv': - specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= - got: sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww= -``` +1. []{#sec-pkgs-fetchers-updating-source-hashes-fakehash-method} The fake hash method: In your package recipe, set the hash to one of -A similar problem arises while testing changes to a fetcher's implementation. If the output of the derivation already exists in the Nix store, test failures can go undetected. The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations. + - `""` + - `lib.fakeHash` + - `lib.fakeSha256` + - `lib.fakeSha512` + + Attempt to build, extract the calculated hashes from error messages, and put them into the recipe. + + :::{.warning} + You must use one of these four fake hashes and not some arbitrarily-chosen hash. + See [](#sec-pkgs-fetchers-secure-hashes) for details. + ::: + + :::{.example #ex-fetchers-update-fod-hash} + # Update source hash with the fake hash method + + Consider the following recipe that produces a plain file: + + ```nix + { fetchurl }: + fetchurl { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.05/.version"; + hash = "sha256-ZHl1emidXVojm83LCVrwULpwIzKE/mYwfztVkvpruOM="; + } + ``` + + A common mistake is to update a fetcher parameter, such as `url`, without updating the hash: + + ```nix + { fetchurl }: + fetchurl { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version"; + hash = "sha256-ZHl1emidXVojm83LCVrwULpwIzKE/mYwfztVkvpruOM="; + } + ``` + + **This will produce the same output as before!** + Set the hash to an empty string: + + ```nix + { fetchurl }: + fetchurl { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version"; + hash = ""; + } + ``` + + When building the package, use the error message to determine the correct hash: + + ```shell + $ nix-build + (some output removed for clarity) + error: hash mismatch in fixed-output derivation '/nix/store/7yynn53jpc93l76z9zdjj4xdxgynawcw-version.drv': + specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + got: sha256-BZqI7r0MNP29yGH5+yW2tjU9OOpOCEvwWKrWCv5CQ0I= + error: build of '/nix/store/bqdjcw5ij5ymfbm41dq230chk9hdhqff-version.drv' failed + ``` + ::: + +2. Prefetch the source with [`nix-prefetch- `](https://search.nixos.org/packages?buckets={%22package_attr_set%22%3A[%22No%20package%20set%22]%2C%22package_license_set%22%3A[]%2C%22package_maintainers_set%22%3A[]%2C%22package_platforms%22%3A[]}&query=nix-prefetch), where `` is one of + + - `url` + - `git` + - `hg` + - `cvs` + - `bzr` + - `svn` + + The hash is printed to stdout. + +3. Prefetch by package source (with `nix-prefetch-url '' -A .src`, where `` is package attribute name). + The hash is printed to stdout. + + This works well when you've upgraded the existing package version and want to find out new hash, but is useless if the package can't be accessed by attribute or the package has multiple sources (`.srcs`, architecture-dependent sources, etc). + +4. Upstream hash: use it when upstream provides `sha256` or `sha512`. + Don't use it when upstream provides `md5`, compute `sha256` instead. + + A little nuance is that `nix-prefetch-*` tools produce hashes with the `nix32` encoding (a Nix-specific base32 adaptation), but upstream usually provides hexadecimal (`base16`) encoding. + Fetchers understand both formats. + Nixpkgs does not standardise on any one format. + + You can convert between hash formats with [`nix-hash`](https://nixos.org/manual/nix/stable/command-ref/nix-hash). + +5. Extract the hash from a local source archive with `sha256sum`. + Use `nix-prefetch-url file:///path/to/archive` if you want the custom Nix `base32` hash. + +## Obtaining hashes securely {#sec-pkgs-fetchers-secure-hashes} + +It's always a good idea to avoid Man-in-the-Middle (MITM) attacks when downloading source contents. +Otherwise, you could unknowingly download malware instead of the intended source, and instead of the actual source hash, you'll end up using the hash of malware. +Here are security considerations for this scenario: + +- `http://` URLs are not secure to prefetch hashes. + +- Upstream hashes should be obtained via a secure protocol. + +- `https://` URLs give you more protections when using `nix-prefetch-*` or for upstream hashes. + +- `https://` URLs are secure when using the [fake hash method](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method) *only if* you use one of the listed fake hashes. + If you use any other hash, the download will be exposed to MITM attacks even if you use HTTPS URLs. + + In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content. ## `fetchurl` and `fetchzip` {#fetchurl} diff --git a/doc/manpage-urls.json b/doc/manpage-urls.json index 2cc03af4360f..e878caf042a4 100644 --- a/doc/manpage-urls.json +++ b/doc/manpage-urls.json @@ -320,5 +320,7 @@ "login.defs(5)": "https://man.archlinux.org/man/login.defs.5", "unshare(1)": "https://man.archlinux.org/man/unshare.1.en", "nix-shell(1)": "https://nixos.org/manual/nix/stable/command-ref/nix-shell.html", - "mksquashfs(1)": "https://man.archlinux.org/man/extra/squashfs-tools/mksquashfs.1.en" + "mksquashfs(1)": "https://man.archlinux.org/man/extra/squashfs-tools/mksquashfs.1.en", + "curl(1)": "https://curl.se/docs/manpage.html", + "netrc(5)": "https://man.cx/netrc" } diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 1834a569d320..ceba2d372272 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -18601,6 +18601,12 @@ githubId = 20756843; name = "Sofi"; }; + soyouzpanda = { + name = "soyouzpanda"; + email = "soyouzpanda@soyouzpanda.fr"; + github = "soyouzpanda"; + githubId = 23421201; + }; soywod = { name = "Clément DOUIN"; email = "clement.douin@posteo.net"; diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index 6db728e7aa5a..23bb92f09ab9 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -81,7 +81,6 @@ let zonesdir: "${stateDir}" # the list of dynamically added zones. - database: "${stateDir}/var/nsd.db" pidfile: "${pidFile}" xfrdfile: "${stateDir}/var/xfrd.state" xfrdir: "${stateDir}/tmp" @@ -112,6 +111,7 @@ let ${maybeString "version: " cfg.version} xfrd-reload-timeout: ${toString cfg.xfrdReloadTimeout} zonefiles-check: ${yesOrNo cfg.zonefilesCheck} + zonefiles-write: ${toString cfg.zonefilesWrite} ${maybeString "rrl-ipv4-prefix-length: " cfg.ratelimit.ipv4PrefixLength} ${maybeString "rrl-ipv6-prefix-length: " cfg.ratelimit.ipv6PrefixLength} @@ -173,6 +173,7 @@ let ${maybeToString "min-retry-time: " zone.minRetrySecs} allow-axfr-fallback: ${yesOrNo zone.allowAXFRFallback} + multi-master-check: ${yesOrNo zone.multiMasterCheck} ${forEach " allow-notify: " zone.allowNotify} ${forEach " request-xfr: " zone.requestXFR} @@ -201,7 +202,7 @@ let allowAXFRFallback = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR. ''; @@ -213,7 +214,7 @@ let example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]; - description = lib.mdDoc '' + description = '' Listed primary servers are allowed to notify this secondary server. Format: ` ` @@ -243,7 +244,7 @@ let # to default values, breaking the parent inheriting function. type = types.attrsOf types.anything; default = {}; - description = lib.mdDoc '' + description = '' Children zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to @@ -256,29 +257,29 @@ let data = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file. ''; }; - dnssec = mkEnableOption (lib.mdDoc "DNSSEC"); + dnssec = mkEnableOption "DNSSEC"; dnssecPolicy = { algorithm = mkOption { type = types.str; default = "RSASHA256"; - description = lib.mdDoc "Which algorithm to use for DNSSEC"; + description = "Which algorithm to use for DNSSEC"; }; keyttl = mkOption { type = types.str; default = "1h"; - description = lib.mdDoc "TTL for dnssec records"; + description = "TTL for dnssec records"; }; coverage = mkOption { type = types.str; default = "1y"; - description = lib.mdDoc '' + description = '' The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time. ''; }; @@ -289,7 +290,7 @@ let postPublish = "1w"; rollPeriod = "1mo"; }; - description = lib.mdDoc "Key policy for zone signing keys"; + description = "Key policy for zone signing keys"; }; ksk = mkOption { type = keyPolicy; @@ -298,14 +299,14 @@ let postPublish = "1mo"; rollPeriod = "0"; }; - description = lib.mdDoc "Key policy for key signing keys"; + description = "Key policy for key signing keys"; }; }; maxRefreshSecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit refresh time for secondary zones. This is the timer which checks to see if the zone has to be refetched when it expires. Normally the value from the SOA record is used, but this option @@ -316,7 +317,7 @@ let minRefreshSecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit refresh time for secondary zones. ''; }; @@ -324,7 +325,7 @@ let maxRetrySecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit retry time for secondary zones. This is the timeout after a failed fetch attempt for the zone. Normally the value from the SOA record is used, but this option restricts that value. @@ -334,17 +335,26 @@ let minRetrySecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit retry time for secondary zones. ''; }; + multiMasterCheck = mkOption { + type = types.bool; + default = false; + description = '' + If enabled, checks all masters for the last zone version. + It uses the higher version from all configured masters. + Useful if you have multiple masters that have different version numbers served. + ''; + }; notify = mkOption { type = types.listOf types.str; default = []; example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ]; - description = lib.mdDoc '' + description = '' This primary server will notify all given secondary servers about zone changes. @@ -361,7 +371,7 @@ let notifyRetry = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' Specifies the number of retries for failed notifies. Set this along with notify. ''; }; @@ -370,7 +380,7 @@ let type = types.nullOr types.str; default = null; example = "2000::1@1234"; - description = lib.mdDoc '' + description = '' This address will be used for zone-transfer requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port @@ -382,7 +392,7 @@ let type = types.listOf types.str; default = []; example = [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]; - description = lib.mdDoc '' + description = '' Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 ''; @@ -391,7 +401,7 @@ let requestXFR = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Format: `[AXFR|UDP] ` ''; }; @@ -399,7 +409,7 @@ let rrlWhitelist = mkOption { type = with types; listOf (enum [ "nxdomain" "error" "referral" "any" "rrsig" "wildcard" "nodata" "dnskey" "positive" "all" ]); default = []; - description = lib.mdDoc '' + description = '' Whitelists the given rrl-types. ''; }; @@ -408,7 +418,7 @@ let type = types.nullOr types.str; default = null; example = "%s"; - description = lib.mdDoc '' + description = '' When set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones @@ -423,19 +433,19 @@ let options = { keySize = mkOption { type = types.int; - description = lib.mdDoc "Key size in bits"; + description = "Key size in bits"; }; prePublish = mkOption { type = types.str; - description = lib.mdDoc "How long in advance to publish new keys"; + description = "How long in advance to publish new keys"; }; postPublish = mkOption { type = types.str; - description = lib.mdDoc "How long after deactivation to keep a key in the zone"; + description = "How long after deactivation to keep a key in the zone"; }; rollPeriod = mkOption { type = types.str; - description = lib.mdDoc "How frequently to change keys"; + description = "How frequently to change keys"; }; }; }; @@ -478,14 +488,14 @@ in # options are ordered alphanumerically options.services.nsd = { - enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server"); + enable = mkEnableOption "NSD authoritative DNS server"; - bind8Stats = mkEnableOption (lib.mdDoc "BIND8 like statistics"); + bind8Stats = mkEnableOption "BIND8 like statistics"; dnssecInterval = mkOption { type = types.str; default = "1h"; - description = lib.mdDoc '' + description = '' How often to check whether dnssec key rollover is required ''; }; @@ -493,7 +503,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra nsd config. ''; }; @@ -501,7 +511,7 @@ in hideVersion = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries. ''; }; @@ -509,7 +519,7 @@ in identity = mkOption { type = types.str; default = "unidentified server"; - description = lib.mdDoc '' + description = '' Identify the server (CH TXT ID.SERVER entry). ''; }; @@ -517,7 +527,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.0" "::1" ]; - description = lib.mdDoc '' + description = '' What addresses the server should listen to. ''; }; @@ -525,7 +535,7 @@ in ipFreebind = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to bind to nonlocal addresses and interfaces that are down. Similar to ip-transparent. ''; @@ -534,7 +544,7 @@ in ipTransparent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow binding to non local addresses. ''; }; @@ -542,7 +552,7 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to listen on IPv4 connections. ''; }; @@ -550,7 +560,7 @@ in ipv4EDNSSize = mkOption { type = types.int; default = 4096; - description = lib.mdDoc '' + description = '' Preferred EDNS buffer size for IPv4. ''; }; @@ -558,7 +568,7 @@ in ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to listen on IPv6 connections. ''; }; @@ -566,7 +576,7 @@ in ipv6EDNSSize = mkOption { type = types.int; default = 4096; - description = lib.mdDoc '' + description = '' Preferred EDNS buffer size for IPv6. ''; }; @@ -574,7 +584,7 @@ in logTimeAscii = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Log time in ascii, if false then in unix epoch seconds. ''; }; @@ -582,7 +592,7 @@ in nsid = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' NSID identity (hex string, or "ascii_somestring"). ''; }; @@ -590,7 +600,7 @@ in port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' Port the service should bind do. ''; }; @@ -599,7 +609,7 @@ in type = types.bool; default = pkgs.stdenv.isLinux; defaultText = literalExpression "pkgs.stdenv.isLinux"; - description = lib.mdDoc '' + description = '' Whether to enable SO_REUSEPORT on all used sockets. This lets multiple processes bind to the same port. This speeds up operation especially if the server count is greater than one and makes fast restarts less @@ -610,18 +620,18 @@ in rootServer = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this server will be a root server (a DNS root server, you usually don't want that). ''; }; - roundRobin = mkEnableOption (lib.mdDoc "round robin rotation of records"); + roundRobin = mkEnableOption "round robin rotation of records"; serverCount = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of NSD servers to fork. Put the number of CPUs to use here. ''; }; @@ -629,7 +639,7 @@ in statistics = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Statistics are produced every number of seconds. Prints to log. If null no statistics are logged. ''; @@ -638,7 +648,7 @@ in tcpCount = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Maximum number of concurrent TCP connections per server. ''; }; @@ -646,7 +656,7 @@ in tcpQueryCount = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of queries served on a single TCP connection. 0 means no maximum. ''; @@ -655,7 +665,7 @@ in tcpTimeout = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' TCP timeout in seconds. ''; }; @@ -663,7 +673,7 @@ in verbosity = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Verbosity level. ''; }; @@ -671,7 +681,7 @@ in version = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The version string replied for CH TXT version.server and version.bind queries. Will use the compiled package version on null. See hideVersion for enabling/disabling this responses. @@ -681,7 +691,7 @@ in xfrdReloadTimeout = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of seconds between reloads triggered by xfrd. ''; }; @@ -689,11 +699,22 @@ in zonefilesCheck = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to check mtime of all zone files on start and sighup. ''; }; + zonefilesWrite = mkOption { + type = types.int; + default = 0; + description = '' + Write changed secondary zones to their zonefile every N seconds. + If the zone (pattern) configuration has "" zonefile, it is not written. + Zones that have received zone transfer updates are written to their zonefile. + 0 disables writing to zone files. + ''; + }; + keys = mkOption { type = types.attrsOf (types.submodule { @@ -702,14 +723,14 @@ in algorithm = mkOption { type = types.str; default = "hmac-sha256"; - description = lib.mdDoc '' + description = '' Authentication algorithm for this key. ''; }; keyFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the file which contains the actual base64 encoded key. The key will be copied into "${stateDir}/private" before NSD starts. The copied file is only accessibly by the NSD @@ -727,7 +748,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Define your TSIG keys here. ''; }; @@ -735,12 +756,12 @@ in ratelimit = { - enable = mkEnableOption (lib.mdDoc "ratelimit capabilities"); + enable = mkEnableOption "ratelimit capabilities"; ipv4PrefixLength = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' IPv4 prefix length. Addresses are grouped by netblock. ''; }; @@ -748,7 +769,7 @@ in ipv6PrefixLength = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' IPv6 prefix length. Addresses are grouped by netblock. ''; }; @@ -756,7 +777,7 @@ in ratelimit = mkOption { type = types.int; default = 200; - description = lib.mdDoc '' + description = '' Max qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged. @@ -766,7 +787,7 @@ in slip = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Number of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response. ''; @@ -775,7 +796,7 @@ in size = mkOption { type = types.int; default = 1000000; - description = lib.mdDoc '' + description = '' Size of the hashtable. More buckets use more memory but lower the chance of hash hash collisions. ''; @@ -784,7 +805,7 @@ in whitelistRatelimit = mkOption { type = types.int; default = 2000; - description = lib.mdDoc '' + description = '' Max qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them. @@ -796,12 +817,12 @@ in remoteControl = { - enable = mkEnableOption (lib.mdDoc "remote control via nsd-control"); + enable = mkEnableOption "remote control via nsd-control"; controlCertFile = mkOption { type = types.path; default = "/etc/nsd/nsd_control.pem"; - description = lib.mdDoc '' + description = '' Path to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup. ''; @@ -810,7 +831,7 @@ in controlKeyFile = mkOption { type = types.path; default = "/etc/nsd/nsd_control.key"; - description = lib.mdDoc '' + description = '' Path to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup. ''; @@ -819,7 +840,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; - description = lib.mdDoc '' + description = '' Which interfaces NSD should bind to for remote control. ''; }; @@ -827,7 +848,7 @@ in port = mkOption { type = types.port; default = 8952; - description = lib.mdDoc '' + description = '' Port number for remote control operations (uses TLS over TCP). ''; }; @@ -835,7 +856,7 @@ in serverCertFile = mkOption { type = types.path; default = "/etc/nsd/nsd_server.pem"; - description = lib.mdDoc '' + description = '' Path to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup. ''; @@ -844,7 +865,7 @@ in serverKeyFile = mkOption { type = types.path; default = "/etc/nsd/nsd_server.key"; - description = lib.mdDoc '' + description = '' Path to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup. ''; @@ -886,7 +907,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Define your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. diff --git a/pkgs/README.md b/pkgs/README.md index 9529b7a2db2e..5439ad913d18 100644 --- a/pkgs/README.md +++ b/pkgs/README.md @@ -94,11 +94,7 @@ Now that this is out of the way. To add a package to Nixpkgs: - All other [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes are optional, but it’s still a good idea to provide at least the `description`, `homepage` and [`license`](https://nixos.org/manual/nixpkgs/stable/#sec-meta-license). - - You can use `nix-prefetch-url url` to get the SHA-256 hash of source distributions. There are similar commands as `nix-prefetch-git` and `nix-prefetch-hg` available in `nix-prefetch-scripts` package. - - - A list of schemes for `mirror://` URLs can be found in [`pkgs/build-support/fetchurl/mirrors.nix`](build-support/fetchurl/mirrors.nix). - - The exact syntax and semantics of the Nix expression language, including the built-in function, are [described in the Nix manual](https://nixos.org/manual/nix/stable/language/). + - The exact syntax and semantics of the Nix expression language, including the built-in functions, are [Nix language reference](https://nixos.org/manual/nix/stable/language/). 5. To test whether the package builds, run the following command from the root of the nixpkgs source tree: @@ -397,7 +393,7 @@ All versions of a package _must_ be included in `all-packages.nix` to make sure See the Nixpkgs manual for more details on [standard meta-attributes](https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes). -### Import From Derivation +## Import From Derivation [Import From Derivation](https://nixos.org/manual/nix/unstable/language/import-from-derivation) (IFD) is disallowed in Nixpkgs for performance reasons: [Hydra](https://github.com/NixOS/hydra) evaluates the entire package set, and sequential builds during evaluation would increase evaluation times to become impractical. @@ -406,13 +402,16 @@ Import From Derivation can be worked around in some cases by committing generate ## Sources -### Fetching Sources +Always fetch source files using [Nixpkgs fetchers](https://nixos.org/manual/nixpkgs/unstable/#chap-pkgs-fetchers). +Use reproducible sources with a high degree of availability. +Prefer protocols that support proxies. -There are multiple ways to fetch a package source in nixpkgs. The general guideline is that you should package reproducible sources with a high degree of availability. Right now there is only one fetcher which has mirroring support and that is `fetchurl`. Note that you should also prefer protocols which have a corresponding proxy environment variable. +A list of schemes for `mirror://` URLs can be found in [`pkgs/build-support/fetchurl/mirrors.nix`](build-support/fetchurl/mirrors.nix), and is supported by [`fetchurl`](https://nixos.org/manual/nixpkgs/unstable/#fetchurl). +Other fetchers which end up relying on `fetchurl` may also support mirroring. -You can find many source fetch helpers in `pkgs/build-support/fetch*`. +The preferred source hash type is `sha256`. -In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these have names on the form `fetchFrom*`. The intention of these are to provide snapshot fetches but using the same api as some of the version controlled fetchers from `pkgs/build-support/`. As an example going from bad to good: +Examples going from bad to best practices: - Bad: Uses `git://` which won't be proxied. @@ -438,7 +437,7 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these } ``` -- Best: Fetches a snapshot archive and you get the rev you want. +- Best: Fetches a snapshot archive for the given revision. ```nix { @@ -451,63 +450,14 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these } ``` -When fetching from GitHub, commits must always be referenced by their full commit hash. This is because GitHub shares commit hashes among all forks and returns `404 Not Found` when a short commit hash is ambiguous. It already happens for some short, 6-character commit hashes in `nixpkgs`. -It is a practical vector for a denial-of-service attack by pushing large amounts of auto generated commits into forks and was already [demonstrated against GitHub Actions Beta](https://blog.teddykatz.com/2019/11/12/github-actions-dos.html). +> [!Note] +> When fetching from GitHub, always reference revisions by their full commit hash. +> GitHub shares commit hashes among all forks and returns `404 Not Found` when a short commit hash is ambiguous. +> It already happened in Nixpkgs for short, 6-character commit hashes. +> +> Pushing large amounts of auto generated commits into forks is a practical vector for a denial-of-service attack, and was already [demonstrated against GitHub Actions Beta](https://blog.teddykatz.com/2019/11/12/github-actions-dos.html). -Find the value to put as `hash` by running `nix-shell -p nix-prefetch-github --run "nix-prefetch-github --rev 1f795f9f44607cc5bec70d1300150bfefcef2aae NixOS nix"`. - -#### Obtaining source hash - -Preferred source hash type is sha256. There are several ways to get it. - -1. Prefetch URL (with `nix-prefetch-XXX URL`, where `XXX` is one of `url`, `git`, `hg`, `cvs`, `bzr`, `svn`). Hash is printed to stdout. - -2. Prefetch by package source (with `nix-prefetch-url '' -A PACKAGE.src`, where `PACKAGE` is package attribute name). Hash is printed to stdout. - - This works well when you've upgraded existing package version and want to find out new hash, but is useless if package can't be accessed by attribute or package has multiple sources (`.srcs`, architecture-dependent sources, etc). - -3. Upstream provided hash: use it when upstream provides `sha256` or `sha512` (when upstream provides `md5`, don't use it, compute `sha256` instead). - - A little nuance is that `nix-prefetch-*` tools produce hash encoded with `base32`, but upstream usually provides hexadecimal (`base16`) encoding. Fetchers understand both formats. Nixpkgs does not standardize on any one format. - - You can convert between formats with nix-hash, for example: - - ```ShellSession - $ nix-hash --type sha256 --to-base32 HASH - ``` - -4. Extracting hash from local source tarball can be done with `sha256sum`. Use `nix-prefetch-url file:///path/to/tarball` if you want base32 hash. - -5. Fake hash: set the hash to one of - - - `""` - - `lib.fakeHash` - - `lib.fakeSha256` - - `lib.fakeSha512` - - in the package expression, attempt build and extract correct hash from error messages. - - > [!Warning] - > You must use one of these four fake hashes and not some arbitrarily-chosen hash. - > See [here][secure-hashes] - - This is last resort method when reconstructing source URL is non-trivial and `nix-prefetch-url -A` isn’t applicable (for example, [one of `kodi` dependencies](https://github.com/NixOS/nixpkgs/blob/d2ab091dd308b99e4912b805a5eb088dd536adb9/pkgs/applications/video/kodi/default.nix#L73)). The easiest way then would be replace hash with a fake one and rebuild. Nix build will fail and error message will contain desired hash. - - -#### Obtaining hashes securely -[secure-hashes]: #obtaining-hashes-securely - -Let's say Man-in-the-Middle (MITM) sits close to your network. Then instead of fetching source you can fetch malware, and instead of source hash you get hash of malware. Here are security considerations for this scenario: - -- `http://` URLs are not secure to prefetch hash from; - -- hashes from upstream (in method 3) should be obtained via secure protocol; - -- `https://` URLs are secure in methods 1, 2, 3; - -- `https://` URLs are secure in method 5 *only if* you use one of the listed fake hashes. If you use any other hash, `fetchurl` will pass `--insecure` to `curl` and may then degrade to HTTP in case of TLS certificate expiration. - -### Patches +## Patches Patches available online should be retrieved using `fetchpatch`. diff --git a/pkgs/applications/emulators/ripes/default.nix b/pkgs/applications/emulators/ripes/default.nix index 4717a1b0601d..e6451f89c5c3 100644 --- a/pkgs/applications/emulators/ripes/default.nix +++ b/pkgs/applications/emulators/ripes/default.nix @@ -14,14 +14,14 @@ stdenv.mkDerivation rec { pname = "ripes"; # Pulling unstable version as latest stable does not build against gcc-13. - version = "2.2.6-unstable-2024-03-03"; + version = "2.2.6-unstable-2024-04-02"; src = fetchFromGitHub { owner = "mortbopet"; repo = "Ripes"; - rev = "b71f0ddd5d2d346cb97b28fd3f70fef55bb9b6b7"; + rev = "027e678a44b7b9f3e81e5b6863b0d68af05fd69c"; fetchSubmodules = true; - hash = "sha256-zQrrWBHNIacRoAEIjR0dlgUTncBCiodcBeT/wbDClWg="; + hash = "sha256-u6JxXCX1BMdbHTF7EBGEnXOV+eF6rgoZZcHqB/1nVjE="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/misc/obsidian/default.nix b/pkgs/applications/misc/obsidian/default.nix index 0a3569e47305..1090941f8e39 100644 --- a/pkgs/applications/misc/obsidian/default.nix +++ b/pkgs/applications/misc/obsidian/default.nix @@ -12,7 +12,7 @@ let inherit (stdenv.hostPlatform) system; pname = "obsidian"; - version = "1.5.11"; + version = "1.5.12"; appname = "Obsidian"; meta = with lib; { description = "A powerful knowledge base that works on top of a local folder of plain text Markdown files"; @@ -25,7 +25,7 @@ let filename = if stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz"; src = fetchurl { url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}"; - hash = if stdenv.isDarwin then "sha256-RtIEjVaqYygylhZwFB9ObZPPhSSzvJTJniGVFzAa/VY=" else "sha256-QDxMgisyYc2lJ0OKn2hR0VA8OeAwysCq6Z4Q59qRvtU="; + hash = if stdenv.isDarwin then "sha256-MSJmF5WddxbC/S7w2nWjlDxt5HPUDCoRFwJ2MZMH9Ks=" else "sha256-UQLljP7eZELTuHwX+OylXY+Wy2YK1ZEJX1IQfIvBLe8="; }; icon = fetchurl { diff --git a/pkgs/applications/misc/syncthingtray/default.nix b/pkgs/applications/misc/syncthingtray/default.nix index 8029ff503119..3024cbc6aaf9 100644 --- a/pkgs/applications/misc/syncthingtray/default.nix +++ b/pkgs/applications/misc/syncthingtray/default.nix @@ -34,14 +34,14 @@ https://github.com/NixOS/nixpkgs/issues/199596#issuecomment-1310136382 */ }: stdenv.mkDerivation (finalAttrs: { - version = "1.5.0"; + version = "1.5.1"; pname = "syncthingtray"; src = fetchFromGitHub { owner = "Martchus"; repo = "syncthingtray"; rev = "v${finalAttrs.version}"; - hash = "sha256-O8FLjse2gY8KNWGXpUeZ83cNk0ZuRAZJJ3Am33/ABVw="; + hash = "sha256-6Q3nf6WjFgpBK7VR+ykmtIM68vwsmrYqmJPXsPpWjs4="; }; buildInputs = [ diff --git a/pkgs/applications/networking/cluster/k3s/1_27/versions.nix b/pkgs/applications/networking/cluster/k3s/1_27/versions.nix index de7fbe181351..928337553966 100644 --- a/pkgs/applications/networking/cluster/k3s/1_27/versions.nix +++ b/pkgs/applications/networking/cluster/k3s/1_27/versions.nix @@ -1,8 +1,8 @@ { - k3sVersion = "1.27.11+k3s1"; - k3sCommit = "06d6bc80b469a61e5e90438b1f2639cd136a89e7"; - k3sRepoSha256 = "0qkm8yqs9p34kb5k2q0j5wiykj78qc12n65n0clas5by23jrqcqa"; - k3sVendorHash = "sha256-+z8pr30+28puv7yjA7ZvW++I0ipNEmen2OhCxFMzYOY="; + k3sVersion = "1.27.12+k3s1"; + k3sCommit = "78ad57567c9eb1fd1831986f5fd7b4024add1767"; + k3sRepoSha256 = "1j6xb3af4ypqq5m6a8x2yc2515zvlgqzfsfindjm9cbmq5iisphq"; + k3sVendorHash = "sha256-65cmpRwD9C+fcbBSv1YpeukO7bfGngsLv/rk6sM59gU="; chartVersions = import ./chart-versions.nix; k3sRootVersion = "0.12.2"; k3sRootSha256 = "1gjynvr350qni5mskgm7pcc7alss4gms4jmkiv453vs8mmma9c9k"; diff --git a/pkgs/applications/networking/cluster/kns/default.nix b/pkgs/applications/networking/cluster/kns/default.nix index 522209d59183..d79eeef26692 100644 --- a/pkgs/applications/networking/cluster/kns/default.nix +++ b/pkgs/applications/networking/cluster/kns/default.nix @@ -33,6 +33,6 @@ stdenvNoCC.mkDerivation { homepage = "https://github.com/blendle/kns"; license = licenses.isc; maintainers = with maintainers; [ mmlb ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/applications/networking/cluster/kubergrunt/default.nix b/pkgs/applications/networking/cluster/kubergrunt/default.nix index c37fe18281c9..3c5cf3ee52d2 100644 --- a/pkgs/applications/networking/cluster/kubergrunt/default.nix +++ b/pkgs/applications/networking/cluster/kubergrunt/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kubergrunt"; - version = "0.14.2"; + version = "0.15.0"; src = fetchFromGitHub { owner = "gruntwork-io"; repo = "kubergrunt"; rev = "v${version}"; - sha256 = "sha256-r2lx+R/TQxD/miCJK3V//N3gKiCrg/mneT9BS+ZqRiU="; + sha256 = "sha256-yN5tpe3ayQPhTlBvxlt7CD6mSURCB4lxGatEK9OThzs="; }; - vendorHash = "sha256-K24y41qpuyBHqljUAtNQu3H8BNqznxYOsvEVo+57OtY="; + vendorHash = "sha256-VJkqg2cnpYHuEYOv5+spoyRWFAdFWE7YIVYaN9OmIZM="; # Disable tests since it requires network access and relies on the # presence of certain AWS infrastructure diff --git a/pkgs/applications/networking/cluster/kubevpn/default.nix b/pkgs/applications/networking/cluster/kubevpn/default.nix index 215492a73b1e..b2204b533f85 100644 --- a/pkgs/applications/networking/cluster/kubevpn/default.nix +++ b/pkgs/applications/networking/cluster/kubevpn/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kubevpn"; - version = "2.2.3"; + version = "2.2.4"; src = fetchFromGitHub { owner = "KubeNetworks"; repo = "kubevpn"; rev = "v${version}"; - hash = "sha256-C1Fw7E7lXy9BRj8bTVUMzPK6wBiL6A3VGDYUqdD2Rjs="; + hash = "sha256-taeCOmjZqULxQf4dgLzSYgN43fFYH04Ev4O/SHHG+xI="; }; vendorHash = null; diff --git a/pkgs/applications/networking/cluster/waagent/default.nix b/pkgs/applications/networking/cluster/waagent/default.nix index 65b6d780ffb2..94aba4b3b567 100644 --- a/pkgs/applications/networking/cluster/waagent/default.nix +++ b/pkgs/applications/networking/cluster/waagent/default.nix @@ -14,12 +14,12 @@ let in python.pkgs.buildPythonApplication rec { pname = "waagent"; - version = "2.9.1.1"; + version = "2.10.0.8"; src = fetchFromGitHub { owner = "Azure"; repo = "WALinuxAgent"; rev = "refs/tags/v${version}"; - sha256 = "sha256-lnCDGUhAPNP8RNfDi+oUTEJ4x3ln6COqTrgk9rZWWEM="; + sha256 = "sha256-Ilm29z+BJToVxdJTUAZO3Lr2DyOIvK6GW79GxAmfeM4="; }; patches = [ # Suppress the following error when waagent tries to configure sshd: diff --git a/pkgs/applications/networking/nextcloud-client/default.nix b/pkgs/applications/networking/nextcloud-client/default.nix index f97f96d74f14..a6d88fc686b0 100644 --- a/pkgs/applications/networking/nextcloud-client/default.nix +++ b/pkgs/applications/networking/nextcloud-client/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { pname = "nextcloud-client"; - version = "3.12.2"; + version = "3.12.3"; outputs = [ "out" "dev" ]; @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { owner = "nextcloud"; repo = "desktop"; rev = "v${version}"; - hash = "sha256-qVb0omSWzwkbqdtYXy8VWYyCM0CDCAW9L78pli9TbO4="; + hash = "sha256-ScWkEOx2tHoCQbFwBvJQgk2YoYOTPi3PrVsaDNJBEUI="; }; patches = [ diff --git a/pkgs/applications/networking/xpipe/default.nix b/pkgs/applications/networking/xpipe/default.nix index 002ab4319e98..9798ca228330 100644 --- a/pkgs/applications/networking/xpipe/default.nix +++ b/pkgs/applications/networking/xpipe/default.nix @@ -33,14 +33,14 @@ let }.${system} or throwSystem; hash = { - x86_64-linux = "sha256-GcFds6PCEuvZ7oIfWMEkRIWMWU/jmCsj4zCkMe3+QM0="; + x86_64-linux = "sha256-s/1XyEXOyvAQNf32ckKotQ4jYdlo/Y+O9PY3wIUs80A="; }.${system} or throwSystem; displayname = "XPipe"; in stdenvNoCC.mkDerivation rec { pname = "xpipe"; - version = "8.5"; + version = "8.6"; src = fetchzip { url = "https://github.com/xpipe-io/xpipe/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz"; diff --git a/pkgs/applications/office/qownnotes/default.nix b/pkgs/applications/office/qownnotes/default.nix index 4164e493bc8a..eb5fde0a3e0d 100644 --- a/pkgs/applications/office/qownnotes/default.nix +++ b/pkgs/applications/office/qownnotes/default.nix @@ -19,14 +19,14 @@ let pname = "qownnotes"; appname = "QOwnNotes"; - version = "24.3.5"; + version = "24.4.0"; in stdenv.mkDerivation { inherit pname version; src = fetchurl { url = "https://github.com/pbek/QOwnNotes/releases/download/v${version}/qownnotes-${version}.tar.xz"; - hash = "sha256-s3OeTK6XodIMrNTuImdljbQYX1Abj7SFOZmPJgm2teo="; + hash = "sha256-SxoZD5DYuPAJZwBiw38jZYI+e9FExj+TiUlczvbXkWA="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/terminal-emulators/foot/default.nix b/pkgs/applications/terminal-emulators/foot/default.nix index 9f6cba1d55f1..4c264b751e02 100644 --- a/pkgs/applications/terminal-emulators/foot/default.nix +++ b/pkgs/applications/terminal-emulators/foot/default.nix @@ -27,7 +27,7 @@ }: let - version = "1.16.2"; + version = "1.17.0"; # build stimuli file for PGO build and the script to generate it # independently of the foot's build, so we can cache the result @@ -40,7 +40,7 @@ let src = fetchurl { url = "https://codeberg.org/dnkl/foot/raw/tag/${version}/scripts/generate-alt-random-writes.py"; - hash = "sha256-NvkKJ75n/OzgEd2WHX1NQIXPn9R0Z+YI1rpFmNxaDhk="; + hash = "sha256-/KykHPqM0WQ1HO83bOrxJ88mvEAf0Ah3S8gSvKb3AJM="; }; dontUnpack = true; @@ -99,7 +99,7 @@ stdenv.mkDerivation { owner = "dnkl"; repo = "foot"; rev = version; - hash = "sha256-hT+btlfqfwGBDWTssYl8KN6SbR9/Y2ors4ipECliigM="; + hash = "sha256-H4a9WQox7vD5HsY9PP0nrNDZtyaRFpsphsv8/qstNH8="; }; separateDebugInfo = true; diff --git a/pkgs/applications/terminal-emulators/st/default.nix b/pkgs/applications/terminal-emulators/st/default.nix index 823777abe898..efa591bfde16 100644 --- a/pkgs/applications/terminal-emulators/st/default.nix +++ b/pkgs/applications/terminal-emulators/st/default.nix @@ -66,7 +66,7 @@ stdenv.mkDerivation (finalAttrs: { homepage = "https://st.suckless.org/"; description = "Simple Terminal for X from Suckless.org Community"; license = licenses.mit; - maintainers = with maintainers; [ andsild qusic ]; + maintainers = with maintainers; [ qusic ]; platforms = platforms.unix; mainProgram = "st"; }; diff --git a/pkgs/applications/video/qmplay2/default.nix b/pkgs/applications/video/qmplay2/default.nix index 4c31c97d5b1d..bc92499e75ea 100644 --- a/pkgs/applications/video/qmplay2/default.nix +++ b/pkgs/applications/video/qmplay2/default.nix @@ -26,14 +26,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "qmplay2"; - version = "24.03.16"; + version = "24.04.02"; src = fetchFromGitHub { owner = "zaps166"; repo = "QMPlay2"; rev = finalAttrs.version; fetchSubmodules = true; - hash = "sha256-yIBQBRdmaY7qaBirANxMqfm5vn3T4usokJUxwSYUHjQ="; + hash = "sha256-eJWXTcJU24QzPChFTKbvNcuL9UpIQD8rFzd5h591tjg="; }; nativeBuildInputs = [ diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 569f6875e1fb..23b3ce522ae3 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -53,10 +53,6 @@ , gccForLibs ? if useCcForLibs then cc else null , fortify-headers ? null , includeFortifyHeaders ? null - -# https://github.com/NixOS/nixpkgs/issues/295322 -# should -march flag be used -, disableMarch ? false }: assert nativeTools -> !propagateDoc && nativePrefix != ""; @@ -633,7 +629,7 @@ stdenv.mkDerivation { # TODO: aarch64-darwin has mcpu incompatible with gcc + optionalString ((targetPlatform ? gcc.arch) && !isClang && !(stdenv.isDarwin && stdenv.isAarch64) && - isGccArchSupported targetPlatform.gcc.arch && !disableMarch) '' + isGccArchSupported targetPlatform.gcc.arch) '' echo "-march=${targetPlatform.gcc.arch}" >> $out/nix-support/cc-cflags-before '' @@ -729,7 +725,7 @@ stdenv.mkDerivation { + optionalString isClang '' # Escape twice: once for this script, once for the one it gets substituted into. export march=${escapeShellArg - (optionalString (targetPlatform ? gcc.arch && !disableMarch) + (optionalString (targetPlatform ? gcc.arch) (escapeShellArg "-march=${targetPlatform.gcc.arch}"))} export defaultTarget=${targetPlatform.config} substituteAll ${./add-clang-cc-cflags-before.sh} $out/nix-support/add-local-cc-cflags-before.sh diff --git a/pkgs/by-name/ep/epub-thumbnailer/package.nix b/pkgs/by-name/ep/epub-thumbnailer/package.nix index b1e45ff99b37..4338e037f65e 100644 --- a/pkgs/by-name/ep/epub-thumbnailer/package.nix +++ b/pkgs/by-name/ep/epub-thumbnailer/package.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication { pname = "epub-thumbnailer"; - version = "0-unstable-2024-03-16"; + version = "0-unstable-2024-03-26"; pyproject = true; src = fetchFromGitHub { owner = "marianosimone"; repo = "epub-thumbnailer"; - rev = "035c31e9269bcb30dcc20fed31b6dc54e9bfed63"; - hash = "sha256-G/CeYmr+wgJidbavfvIuCbRLJGQzoxAnpo3t4YFJq0c="; + rev = "de4b5bf0fcd1817d560f180231f7bd22d330f1be"; + hash = "sha256-r0t2enybUEminXOHjx6uH6LvQtmzTRPZm/gY3Vi2c64="; }; nativeBuildInputs = with python3.pkgs; [ diff --git a/pkgs/by-name/fl/flatito/Gemfile b/pkgs/by-name/fl/flatito/Gemfile new file mode 100644 index 000000000000..5a0db4533d98 --- /dev/null +++ b/pkgs/by-name/fl/flatito/Gemfile @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +# Specify your gem's dependencies in flatito.gemspec +gemspec + +gem "minitest", "~> 5.22" +gem "rake", "~> 13.0" +gem "rubocop", "~> 1.62" +gem "rubocop-minitest", "~> 0.35" +gem "rubocop-performance", "~> 1.11" +gem "rubocop-rake", "~> 0.6" diff --git a/pkgs/by-name/fl/flatito/Gemfile.lock b/pkgs/by-name/fl/flatito/Gemfile.lock new file mode 100644 index 000000000000..cb32f25aeda6 --- /dev/null +++ b/pkgs/by-name/fl/flatito/Gemfile.lock @@ -0,0 +1,62 @@ +PATH + remote: . + specs: + flatito (0.1.1) + colorize + +GEM + remote: https://rubygems.org/ + specs: + ast (2.4.2) + colorize (1.1.0) + json (2.7.1) + language_server-protocol (3.17.0.3) + minitest (5.22.3) + parallel (1.24.0) + parser (3.3.0.5) + ast (~> 2.4.1) + racc + racc (1.7.3) + rainbow (3.1.1) + rake (13.1.0) + regexp_parser (2.9.0) + rexml (3.2.6) + rubocop (1.62.1) + json (~> 2.3) + language_server-protocol (>= 3.17.0) + parallel (~> 1.10) + parser (>= 3.3.0.2) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.31.1, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.31.2) + parser (>= 3.3.0.4) + rubocop-minitest (0.35.0) + rubocop (>= 1.61, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + rubocop-performance (1.20.2) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-rake (0.6.0) + rubocop (~> 1.0) + ruby-progressbar (1.13.0) + unicode-display_width (2.5.0) + +PLATFORMS + arm64-darwin-22 + ruby + +DEPENDENCIES + flatito! + minitest (~> 5.22) + rake (~> 13.0) + rubocop (~> 1.62) + rubocop-minitest (~> 0.35) + rubocop-performance (~> 1.11) + rubocop-rake (~> 0.6) + +BUNDLED WITH + 2.5.6 diff --git a/pkgs/by-name/fl/flatito/flatito.gemspec b/pkgs/by-name/fl/flatito/flatito.gemspec new file mode 100644 index 000000000000..83381c6a6b3e --- /dev/null +++ b/pkgs/by-name/fl/flatito/flatito.gemspec @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require_relative "lib/flatito/version" + +Gem::Specification.new do |spec| + spec.name = "flatito" + spec.version = Flatito::VERSION + spec.authors = ["José Galisteo"] + spec.email = ["ceritium@gmail.com"] + + spec.summary = "Grep for YAML and JSON files" + spec.description = "A kind of grep for YAML and JSON files. It allows you to search for a key and get the value and the line number where it is located." + + spec.homepage = "https://github.com/ceritium/flatito" + spec.license = "MIT" + spec.required_ruby_version = ">= 3.0.0" + + spec.metadata["homepage_uri"] = spec.homepage + spec.metadata["source_code_uri"] = spec.homepage + # spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here." + + # Specify which files should be added to the gem when it is released. + # The `git ls-files -z` loads the files in the RubyGem that have been added into git. + spec.files = Dir.chdir(__dir__) do + `git ls-files -z`.split("\x0").reject do |f| + (File.expand_path(f) == __FILE__) || + f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile]) + end + end + spec.bindir = "exe" + spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) } + spec.require_paths = ["lib"] + + # Uncomment to register a new dependency of your gem + spec.add_dependency "colorize" + + # For more information and examples about making a new gem, check out our + # guide at: https://bundler.io/guides/creating_gem.html + spec.metadata["rubygems_mfa_required"] = "true" +end diff --git a/pkgs/by-name/fl/flatito/gemset.nix b/pkgs/by-name/fl/flatito/gemset.nix new file mode 100644 index 000000000000..d21644795319 --- /dev/null +++ b/pkgs/by-name/fl/flatito/gemset.nix @@ -0,0 +1,208 @@ +{ + ast = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "04nc8x27hlzlrr5c2gn7mar4vdr0apw5xg22wp6m8dx3wqr04a0y"; + type = "gem"; + }; + version = "2.4.2"; + }; + colorize = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0dy8ryhcdzgmbvj7jpa1qq3bhhk1m7a2pz6ip0m6dxh30rzj7d9h"; + type = "gem"; + }; + version = "1.1.0"; + }; + flatito = { + dependencies = [ "colorize" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + path = ./.; + type = "path"; + }; + version = "0.1.1"; + }; + json = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0r9jmjhg2ly3l736flk7r2al47b5c8cayh0gqkq0yhjqzc9a6zhq"; + type = "gem"; + }; + version = "2.7.1"; + }; + language_server-protocol = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0gvb1j8xsqxms9mww01rmdl78zkd72zgxaap56bhv8j45z05hp1x"; + type = "gem"; + }; + version = "3.17.0.3"; + }; + minitest = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "07lq26b86giy3ha3fhrywk9r1ajhc2pm2mzj657jnpnbj1i6g17a"; + type = "gem"; + }; + version = "5.22.3"; + }; + parallel = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "15wkxrg1sj3n1h2g8jcrn7gcapwcgxr659ypjf75z1ipkgxqxwsv"; + type = "gem"; + }; + version = "1.24.0"; + }; + parser = { + dependencies = [ "ast" "racc" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "11r6kp8wam0nkfvnwyc1fmvky102r1vcfr84vi2p1a2wa0z32j3p"; + type = "gem"; + }; + version = "3.3.0.5"; + }; + racc = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp"; + type = "gem"; + }; + version = "1.7.3"; + }; + rainbow = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0smwg4mii0fm38pyb5fddbmrdpifwv22zv3d3px2xx497am93503"; + type = "gem"; + }; + version = "3.1.1"; + }; + rake = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "1ilr853hawi09626axx0mps4rkkmxcs54mapz9jnqvpnlwd3wsmy"; + type = "gem"; + }; + version = "13.1.0"; + }; + regexp_parser = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "1ndxm0xnv27p4gv6xynk6q41irckj76q1jsqpysd9h6f86hhp841"; + type = "gem"; + }; + version = "2.9.0"; + }; + rexml = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "05i8518ay14kjbma550mv0jm8a6di8yp5phzrd8rj44z9qnrlrp0"; + type = "gem"; + }; + version = "3.2.6"; + }; + rubocop = { + dependencies = [ "json" "language_server-protocol" "parallel" "parser" "rainbow" "regexp_parser" "rexml" "rubocop-ast" "ruby-progressbar" "unicode-display_width" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0daamn13fbm77rdwwa4w6j6221iq6091asivgdhk6n7g398frcdf"; + type = "gem"; + }; + version = "1.62.1"; + }; + rubocop-ast = { + dependencies = [ "parser" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "1v3q8n48w8h809rqbgzihkikr4g3xk72m1na7s97jdsmjjq6y83w"; + type = "gem"; + }; + version = "1.31.2"; + }; + rubocop-minitest = { + dependencies = [ "rubocop" "rubocop-ast" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "001f4xcs3p0g04cyqfdkb2i1lld0yjmnx1s11y9z2id4b2lg64c4"; + type = "gem"; + }; + version = "0.35.0"; + }; + rubocop-performance = { + dependencies = [ "rubocop" "rubocop-ast" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0cf7fn4dwf45r3nhnda0dhnwn8qghswyqbfxr2ippb3z8a6gmc8v"; + type = "gem"; + }; + version = "1.20.2"; + }; + rubocop-rake = { + dependencies = [ "rubocop" ]; + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "1nyq07sfb3vf3ykc6j2d5yq824lzq1asb474yka36jxgi4hz5djn"; + type = "gem"; + }; + version = "0.6.0"; + }; + ruby-progressbar = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "0cwvyb7j47m7wihpfaq7rc47zwwx9k4v7iqd9s1xch5nm53rrz40"; + type = "gem"; + }; + version = "1.13.0"; + }; + unicode-display_width = { + groups = [ "default" ]; + platforms = [ ]; + source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "1d0azx233nags5jx3fqyr23qa2rhgzbhv8pxp46dgbg1mpf82xky"; + type = "gem"; + }; + version = "2.5.0"; + }; +} diff --git a/pkgs/by-name/fl/flatito/package.nix b/pkgs/by-name/fl/flatito/package.nix new file mode 100644 index 000000000000..528a72390e1f --- /dev/null +++ b/pkgs/by-name/fl/flatito/package.nix @@ -0,0 +1,36 @@ +{ lib, fetchFromGitHub, ruby, buildRubyGem, bundlerEnv }: +let + deps = bundlerEnv rec { + inherit ruby; + name = "flatito-${version}"; + version = "0.1.1"; + gemdir = ./.; + gemset = lib.recursiveUpdate (import ./gemset.nix) { + flatito.source = { + remotes = [ "https://rubygems.org" ]; + sha256 = "9f5a8f899a14c1a0fe74cb89288f24ddc47bd5d83ac88ac8023d19b056ecb50f"; + type = "gem"; + }; + }; + }; +in + +buildRubyGem rec { + inherit ruby; + + gemName = "flatito"; + pname = gemName; + version = "0.1.1"; + + source.sha256 = "sha256-n1qPiZoUwaD+dMuJKI8k3cR71dg6yIrIAj0ZsFbstQ8="; + propagatedBuildInputs = [ deps ]; + + meta = with lib; { + description = "It allows you to search for a key and get the value and the line number where it is located in YAML and JSON files."; + homepage = "https://github.com/ceritium/flatito"; + license = licenses.mit; + maintainers = with maintainers; [ rucadi ]; + platforms = platforms.unix; + mainProgram = "flatito"; + }; +} diff --git a/pkgs/by-name/id/ida-free/package.nix b/pkgs/by-name/id/ida-free/package.nix new file mode 100644 index 000000000000..aac31480a08f --- /dev/null +++ b/pkgs/by-name/id/ida-free/package.nix @@ -0,0 +1,133 @@ +{ autoPatchelfHook +, cairo +, copyDesktopItems +, dbus +, fetchurl +, fontconfig +, freetype +, glib +, gtk3 +, lib +, libdrm +, libGL +, libkrb5 +, libsecret +, libsForQt5 +, libunwind +, libxkbcommon +, makeDesktopItem +, makeWrapper +, openssl +, stdenv +, xorg +, zlib +}: + +let + srcs = builtins.fromJSON (builtins.readFile ./srcs.json); +in +stdenv.mkDerivation rec { + pname = "ida-free"; + version = "8.4.240320"; + + src = fetchurl { + inherit (srcs.${stdenv.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}")) urls sha256; + }; + + icon = fetchurl { + urls = [ + "https://www.hex-rays.com/products/ida/news/8_1/images/icon_free.png" + "https://web.archive.org/web/20221105181231if_/https://hex-rays.com/products/ida/news/8_1/images/icon_free.png" + ]; + sha256 = "sha256-widkv2VGh+eOauUK/6Sz/e2auCNFAsc8n9z0fdrSnW0="; + }; + + desktopItem = makeDesktopItem { + name = "ida-free"; + exec = "ida64"; + icon = icon; + comment = meta.description; + desktopName = "IDA Free"; + genericName = "Interactive Disassembler"; + categories = [ "Development" ]; + }; + + nativeBuildInputs = [ makeWrapper copyDesktopItems autoPatchelfHook libsForQt5.wrapQtAppsHook ]; + + # We just get a runfile in $src, so no need to unpack it. + dontUnpack = true; + + # Add everything to the RPATH, in case IDA decides to dlopen things. + runtimeDependencies = [ + cairo + dbus + fontconfig + freetype + glib + gtk3 + libdrm + libGL + libkrb5 + libsecret + libsForQt5.qtbase + libunwind + libxkbcommon + openssl + stdenv.cc.cc + xorg.libICE + xorg.libSM + xorg.libX11 + xorg.libXau + xorg.libxcb + xorg.libXext + xorg.libXi + xorg.libXrender + xorg.xcbutilimage + xorg.xcbutilkeysyms + xorg.xcbutilrenderutil + xorg.xcbutilwm + zlib + ]; + buildInputs = runtimeDependencies; + + dontWrapQtApps = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out/lib $out/opt + + # IDA depends on quite some things extracted by the runfile, so first extract everything + # into $out/opt, then remove the unnecessary files and directories. + IDADIR=$out/opt + + # Invoke the installer with the dynamic loader directly, avoiding the need + # to copy it to fix permissions and patch the executable. + $(cat $NIX_CC/nix-support/dynamic-linker) $src \ + --mode unattended --prefix $IDADIR --installpassword "" + + # Copy the exported libraries to the output. + cp $IDADIR/libida64.so $out/lib + + # Some libraries come with the installer. + addAutoPatchelfSearchPath $IDADIR + + for bb in ida64 assistant; do + wrapProgram $IDADIR/$bb \ + --prefix QT_PLUGIN_PATH : $IDADIR/plugins/platforms + ln -s $IDADIR/$bb $out/bin/$bb + done + + runHook postInstall + ''; + + meta = with lib; { + description = "Freeware version of the world's smartest and most feature-full disassembler"; + homepage = "https://hex-rays.com/ida-free/"; + license = licenses.unfree; + mainProgram = "ida64"; + maintainers = with maintainers; [ msanft ]; + platforms = [ "x86_64-linux" ]; # Right now, the installation script only supports Linux. + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + }; +} diff --git a/pkgs/by-name/id/ida-free/srcs.json b/pkgs/by-name/id/ida-free/srcs.json new file mode 100644 index 000000000000..2087ed4381d9 --- /dev/null +++ b/pkgs/by-name/id/ida-free/srcs.json @@ -0,0 +1,20 @@ +{ + "x86_64-linux": { + "urls": [ + "https://web.archive.org/web/20240330140328/https://out7.hex-rays.com/files/idafree84_linux.run" + ], + "sha256": "1wg60afkhjj7my2la4x4qf6gdxzl2aqdbvd6zfnwf8n3bl7ckn2a" + }, + "x86_64-darwin": { + "urls": [ + "https://web.archive.org/web/20240330140623/https://out7.hex-rays.com/files/idafree84_mac.app.zip" + ], + "sha256": "0a97xb0ah6rcq69whs5xvkar43ci8r5nan9wa29ad19w8k25ryym" + }, + "aarch64-darwin": { + "urls": [ + "https://web.archive.org/web/20240330140634/https://out7.hex-rays.com/files/arm_idafree84_mac.app.zip" + ], + "sha256": "10wwq7ia1z1kxfigj4i7xr037bzv1cg3pyvrl27jdq9v7bghdf3m" + } +} diff --git a/pkgs/by-name/mi/minijinja/package.nix b/pkgs/by-name/mi/minijinja/package.nix index 50cc95e53366..4c08223458b8 100644 --- a/pkgs/by-name/mi/minijinja/package.nix +++ b/pkgs/by-name/mi/minijinja/package.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "minijinja"; - version = "1.0.15"; + version = "1.0.16"; src = fetchFromGitHub { owner = "mitsuhiko"; repo = "minijinja"; rev = version; - hash = "sha256-ync0MkLi+CV1g9eBDLcV1dnV101H5Gc6K0NrnVeh8Jw="; + hash = "sha256-/mWXtAu+4B0VTZsID7FOQkSnuTxOLUUrl+vubqPClCw="; }; - cargoHash = "sha256-j8GLpMU7xwc3BWkjcFmGODiKieedNIB8VbHjJcrq8z4="; + cargoHash = "sha256-iMRcQL7/Q/9UmwPwaQslMruyUQ2QSU+5y7VNeAFMzk8="; # The tests relies on the presence of network connection doCheck = false; diff --git a/pkgs/by-name/my/mystmd/package.nix b/pkgs/by-name/my/mystmd/package.nix index 540590ac25dc..64997d83dfc8 100644 --- a/pkgs/by-name/my/mystmd/package.nix +++ b/pkgs/by-name/my/mystmd/package.nix @@ -2,16 +2,16 @@ buildNpmPackage rec { pname = "mystmd"; - version = "1.1.48"; + version = "1.1.50"; src = fetchFromGitHub { owner = "executablebooks"; repo = "mystmd"; rev = "mystmd@${version}"; - hash = "sha256-Uw/00EzgnrQYunABx7O35V+YwFnDDW+EI5NqMEUV8zk="; + hash = "sha256-2KzvjKtI3TK0y1zNX33MAz/I7x+09XVcwKBWhBTD0+M="; }; - npmDepsHash = "sha256-JSVdHhzOgzIwB61ST6vYVENtohjU6Q3lrp+hVPye02g="; + npmDepsHash = "sha256-mJXLmq6KZiKjctvGCf7YG6ivF1ut6qynzyM147pzGwM="; dontNpmInstall = true; diff --git a/pkgs/by-name/ot/oterm/package.nix b/pkgs/by-name/ot/oterm/package.nix index 57d5c4f01035..5dbc79b712bb 100644 --- a/pkgs/by-name/ot/oterm/package.nix +++ b/pkgs/by-name/ot/oterm/package.nix @@ -5,14 +5,14 @@ python3Packages.buildPythonApplication rec { pname = "oterm"; - version = "0.2.4"; + version = "0.2.5"; pyproject = true; src = fetchFromGitHub { owner = "ggozad"; repo = "oterm"; rev = "refs/tags/${version}"; - hash = "sha256-p0ns+8qmcyX4gcg0CfYdDMn1Ie0atVBuQbVQoDRQ9+c="; + hash = "sha256-s+TqDrgy7sR0sli8BGKlF546TW1+vzF0k3IkAQV6TpM="; }; pythonRelaxDeps = [ diff --git a/pkgs/by-name/pl/plasticity/package.nix b/pkgs/by-name/pl/plasticity/package.nix index 0179494ac659..d624184c9695 100644 --- a/pkgs/by-name/pl/plasticity/package.nix +++ b/pkgs/by-name/pl/plasticity/package.nix @@ -33,11 +33,11 @@ }: stdenv.mkDerivation rec { pname = "plasticity"; - version = "1.4.18"; + version = "1.4.19"; src = fetchurl { url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm"; - hash = "sha256-iSGYc8Ms6Kk4JhR2q/yUq26q1adbrZe4Gnpw5YAN1L4="; + hash = "sha256-pbq00eMabouGP33d4wbjVvw+AZ+aBWg0e3lc3ZcAwmQ="; }; passthru.updateScript = ./update.sh; diff --git a/pkgs/by-name/pv/pvsneslib/package.nix b/pkgs/by-name/pv/pvsneslib/package.nix new file mode 100644 index 000000000000..80f8e333d370 --- /dev/null +++ b/pkgs/by-name/pv/pvsneslib/package.nix @@ -0,0 +1,73 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, gcc +}: + +stdenv.mkDerivation rec { + pname = "pvsneslib"; + version = "4.2.0"; + + src = fetchFromGitHub { + owner = "alekmaul"; + repo = "pvsneslib"; + rev = version; + hash = "sha256-Cl4+WvjKbq5IPqf7ivVYwBYwDDWWHGNeq4nWXPxsUHw="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ gcc cmake ]; + + dontConfigure = true; + + postPatch = '' + substituteInPlace tools/816-opt/Makefile \ + --replace-fail 'LDFLAGS := -lpthread' 'LDFLAGS :=' \ + --replace-fail 'LDFLAGS := -pthread' 'LDFLAGS += -pthread' \ + --replace-fail 'LDFLAGS += -lpthread -static' '# LDFLAGS += -lpthread -static' + + substituteInPlace tools/bin2txt/Makefile \ + tools/gfx2snes/Makefile \ + tools/gfx4snes/Makefile \ + tools/snestools/Makefile \ + tools/816-opt/Makefile \ + tools/tmx2snes/Makefile \ + --replace-fail '$(CFLAGS) $(OBJS)' '$(LDFLAGS) $(OBJS)' + + substituteInPlace tools/smconv/Makefile \ + --replace-fail '$(CFLAGS) $(LDFLAGS)' '$(LDFLAGS)' + + substituteInPlace tools/constify/Makefile \ + --replace-fail '$(CFLAGS) $(DEFINES) $(OBJS)' '$(LDFLAGS) $(DEFINES) $(OBJS)' + + substituteInPlace tools/snestools/Makefile \ + --replace-fail '-Wno-format' ' ' + + substituteInPlace tools/snesbrr/brr/Makefile \ + --replace-fail 'LDFLAGS ' 'LDFLAGS := + LDFLAGS ' + + substituteInPlace compiler/wla-dx/wlalink/write.c \ + --replace-fail 'sort_anonymous_labels()' 'sort_anonymous_labels(void)' + ''; + + preBuild = '' + export PVSNESLIB_HOME=$(pwd) + ''; + + installPhase = '' + runHook preInstall + cp -r . $out + runHook postInstall + ''; + + meta = { + description = "Free and open source development kit for the Nintendo SNES"; + homepage = "https://github.com/alekmaul/pvsneslib"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ soyouzpanda ]; + mainProgram = "pvsneslib"; + platforms = lib.platforms.all; + }; +} diff --git a/pkgs/by-name/sh/shopware-cli/package.nix b/pkgs/by-name/sh/shopware-cli/package.nix index 107e6ee1fc22..3f6f75758452 100644 --- a/pkgs/by-name/sh/shopware-cli/package.nix +++ b/pkgs/by-name/sh/shopware-cli/package.nix @@ -9,12 +9,12 @@ buildGoModule rec { pname = "shopware-cli"; - version = "0.4.30"; + version = "0.4.33"; src = fetchFromGitHub { repo = "shopware-cli"; owner = "FriendsOfShopware"; rev = version; - hash = "sha256-QfeQ73nTvLavUIpHlTBTkY1GGqZCednlXRBigwPCt48="; + hash = "sha256-BwoCp92tE/fsYIgez/BcU4f23IU5lMQ6jQKOCZ/oTEk="; }; nativeBuildInputs = [ installShellFiles makeWrapper ]; diff --git a/pkgs/by-name/ta/tabby/package.nix b/pkgs/by-name/ta/tabby/package.nix index e1d216f44b7b..1879a9f3354b 100644 --- a/pkgs/by-name/ta/tabby/package.nix +++ b/pkgs/by-name/ta/tabby/package.nix @@ -11,6 +11,7 @@ , llama-cpp +, autoAddDriverRunpath , cudaSupport ? config.cudaSupport , cudaPackages ? { } @@ -135,9 +136,7 @@ rustPlatform.buildRustPackage { protobuf git ] ++ optionals enableCuda [ - # TODO: Replace with autoAddDriverRunpath - # once https://github.com/NixOS/nixpkgs/pull/275241 has been merged - cudaPackages.autoAddDriverRunpath + autoAddDriverRunpath ]; buildInputs = [ openssl ] diff --git a/pkgs/by-name/wi/wireguard-vanity-keygen/package.nix b/pkgs/by-name/wi/wireguard-vanity-keygen/package.nix index 96e926f15008..9f910079eef1 100644 --- a/pkgs/by-name/wi/wireguard-vanity-keygen/package.nix +++ b/pkgs/by-name/wi/wireguard-vanity-keygen/package.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "wireguard-vanity-keygen"; - version = "0.0.7"; + version = "0.0.8"; src = fetchFromGitHub { owner = "axllent"; repo = "wireguard-vanity-keygen"; rev = version; - hash = "sha256-+q6l2531APm67JqvFNQb4Zj5pyWnHgncwxcgWNiBCJw="; + hash = "sha256-qTVPPr7lmjMvUqetDupZCo8RdoBHr++0V9CB4b6Bp4Y="; }; - vendorHash = "sha256-F3AoN8NgXjePy7MmI8jzLDxaIZBCfOPRbe0ZYmt6vm8="; + vendorHash = "sha256-9/waDAfHYgKh+FsGZEp7HbgI83urRDQPuvtuEKHOf58="; ldflags = [ "-s" "-w" "-X main.appVersion=${version}" ]; diff --git a/pkgs/development/compilers/aspectj/builder.sh b/pkgs/development/compilers/aspectj/builder.sh deleted file mode 100755 index 31ec97942e52..000000000000 --- a/pkgs/development/compilers/aspectj/builder.sh +++ /dev/null @@ -1,28 +0,0 @@ -if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi -source $stdenv/setup - -export JAVA_HOME=$jre - -cat >> props <> $out/bin/aj-runtime-env <> props <> $out/bin/aj-runtime-env <= 0.11.6"' \ - --replace 'dynamic = ["version", "readme"]' 'dynamic = ["readme"]' \ - --replace '#readme = "README.rst"' 'version = "${version}"' + --replace-fail '"tomlkit ~= 0.11.6"' '"tomlkit >= 0.11.6"' \ + --replace-fail 'dynamic = ["version", "readme"]' 'dynamic = ["readme"]' \ + --replace-fail '#readme = "README.rst"' 'version = "${version}"' ''; - nativeBuildInputs = [ + build-system = [ setuptools ]; - propagatedBuildInputs = [ + dependencies = [ pytz tomlkit ]; diff --git a/pkgs/development/python-modules/netdata/default.nix b/pkgs/development/python-modules/netdata/default.nix index efb92f2bdeb3..a585aa5975e9 100644 --- a/pkgs/development/python-modules/netdata/default.nix +++ b/pkgs/development/python-modules/netdata/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "netdata"; - version = "1.1.0"; + version = "1.2.0"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "home-assistant-ecosystem"; repo = "python-netdata"; rev = "refs/tags/${version}"; - hash = "sha256-XWlUSKGgndHtJjzA0mYvhCkJsRJ1SUbl8DGdmyFUmoo="; + hash = "sha256-ViiGh5CsRpMJ6zvPmje+eB5LuO6t47bjObaYh5a2Kw8="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/nuitka/default.nix b/pkgs/development/python-modules/nuitka/default.nix index fee04a0e40f4..936084c98399 100644 --- a/pkgs/development/python-modules/nuitka/default.nix +++ b/pkgs/development/python-modules/nuitka/default.nix @@ -7,27 +7,28 @@ , python3 , setuptools , zstandard +, wheel }: buildPythonPackage rec { pname = "nuitka"; - version = "1.8.4"; + version = "2.1.4"; pyproject = true; src = fetchFromGitHub { owner = "Nuitka"; repo = "Nuitka"; rev = version; - hash = "sha256-spa3V9KEjqmwnHSuxLLIu9hJk5PrRwNyOw72sfxBVKo="; + hash = "sha256-bV5zTYwhR/3dTM1Ij+aC6TbcPODZ5buwQi7xN8axZi0="; }; # default lto off for darwin patches = [ ./darwin-lto.patch ]; - nativeBuildInputs = [ setuptools ]; + build-system = [ setuptools wheel ]; nativeCheckInputs = [ ccache ]; - propagatedBuildInputs = [ + dependencies = [ ordered-set zstandard ]; diff --git a/pkgs/development/python-modules/orbax-checkpoint/default.nix b/pkgs/development/python-modules/orbax-checkpoint/default.nix index c1787fe86747..37ecfccc6d70 100644 --- a/pkgs/development/python-modules/orbax-checkpoint/default.nix +++ b/pkgs/development/python-modules/orbax-checkpoint/default.nix @@ -22,7 +22,7 @@ buildPythonPackage rec { pname = "orbax-checkpoint"; - version = "0.5.5"; + version = "0.5.7"; pyproject = true; disabled = pythonOlder "3.9"; @@ -30,7 +30,7 @@ buildPythonPackage rec { src = fetchPypi { pname = "orbax_checkpoint"; inherit version; - hash = "sha256-zry5byLxFzah+e52x4yIi6roU3Jox/9mY62cujB2xlU="; + hash = "sha256-3hRUm4mSIKT0RUU5Z8GsLXFluBUlM0JYd0YAXwOpgTs="; }; nativeBuildInputs = [ @@ -60,6 +60,7 @@ buildPythonPackage rec { pythonImportsCheck = [ "orbax" + "orbax.checkpoint" ]; disabledTestPaths = [ @@ -73,6 +74,6 @@ buildPythonPackage rec { homepage = "https://github.com/google/orbax/tree/main/checkpoint"; changelog = "https://github.com/google/orbax/blob/${version}/CHANGELOG.md"; license = licenses.asl20; - maintainers = with maintainers; [fab ]; + maintainers = with maintainers; [ fab ]; }; } diff --git a/pkgs/development/python-modules/oslo-log/default.nix b/pkgs/development/python-modules/oslo-log/default.nix index ab1084750996..bc4584bcee5a 100644 --- a/pkgs/development/python-modules/oslo-log/default.nix +++ b/pkgs/development/python-modules/oslo-log/default.nix @@ -17,7 +17,7 @@ buildPythonPackage rec { pname = "oslo-log"; - version = "5.5.0"; + version = "5.5.1"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -25,7 +25,7 @@ buildPythonPackage rec { src = fetchPypi { pname = "oslo.log"; inherit version; - hash = "sha256-TO3RZpx94o2OZrZ6X21sb+g5KFNfqHzWm/ZhG1n1Z+c="; + hash = "sha256-SEFIUSxdsqizXIPNmX6ZU3Vf2L+oqvbuDMjHrrdCkhA="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/peaqevcore/default.nix b/pkgs/development/python-modules/peaqevcore/default.nix index 16b73cb1792b..ecd64345e79c 100644 --- a/pkgs/development/python-modules/peaqevcore/default.nix +++ b/pkgs/development/python-modules/peaqevcore/default.nix @@ -7,21 +7,21 @@ buildPythonPackage rec { pname = "peaqevcore"; - version = "19.7.7"; + version = "19.7.12"; pyproject = true; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-HJ+8EpxcMhUPJILapNk9esA0iUm8PiHPDm3MmBQDny4="; + hash = "sha256-/oo24hOH2aIXZH0CwmgTNIvA2MJWvOR084rZEOdldGM="; }; postPatch = '' sed -i "/extras_require/d" setup.py ''; - nativeBuildInputs = [ + build-system = [ setuptools ]; diff --git a/pkgs/development/python-modules/piccolo-theme/default.nix b/pkgs/development/python-modules/piccolo-theme/default.nix index 51ed9b136f3f..b6406ca42269 100644 --- a/pkgs/development/python-modules/piccolo-theme/default.nix +++ b/pkgs/development/python-modules/piccolo-theme/default.nix @@ -2,13 +2,13 @@ buildPythonPackage rec { pname = "piccolo-theme"; - version = "0.20.0"; + version = "0.21.0"; format = "setuptools"; src = fetchPypi { pname = "piccolo_theme"; inherit version; - hash = "sha256-/I6Q///oZ1OlSQEOwQ4KtUuj73ra6poyDhfhiF5nJrE="; + hash = "sha256-mQqZ6Rwx0VoDBVQ0zbvCOmAMKAMv67Xd1ksYW6w2QPM="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pipenv-poetry-migrate/default.nix b/pkgs/development/python-modules/pipenv-poetry-migrate/default.nix index 31a182de17ad..9f04970f9680 100644 --- a/pkgs/development/python-modules/pipenv-poetry-migrate/default.nix +++ b/pkgs/development/python-modules/pipenv-poetry-migrate/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "pipenv-poetry-migrate"; - version = "0.5.4"; + version = "0.5.5"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "yhino"; repo = "pipenv-poetry-migrate"; rev = "refs/tags/v${version}"; - hash = "sha256-5qOOklwjTGrlvaPg7hVYLAAHvQ7633VAt3L2PHw2V9U="; + hash = "sha256-6K8rTfASpK7OvBwUy40X6xzgpfWL7lIJvpfRiGfBK6U="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/ring-doorbell/default.nix b/pkgs/development/python-modules/ring-doorbell/default.nix index 9949789c3c49..a52f6e0a9145 100644 --- a/pkgs/development/python-modules/ring-doorbell/default.nix +++ b/pkgs/development/python-modules/ring-doorbell/default.nix @@ -18,7 +18,7 @@ buildPythonPackage rec { pname = "ring-doorbell"; - version = "0.8.8"; + version = "0.8.9"; pyproject = true; disabled = pythonOlder "3.8"; @@ -26,14 +26,14 @@ buildPythonPackage rec { src = fetchPypi { pname = "ring_doorbell"; inherit version; - hash = "sha256-Rz12Qpawi4/u14ywJGt9Yw7IqjYP4bg6zNr9oN3iQxQ="; + hash = "sha256-FUPXia4lCDJDbzEzuewa5ShiIm0EvOrDE8GGZxYWvhk="; }; - nativeBuildInputs = [ + build-system = [ poetry-core ]; - propagatedBuildInputs = [ + dependencies = [ asyncclick oauthlib pytz diff --git a/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix b/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix index dbdc1523266f..610c20644aaa 100644 --- a/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix +++ b/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "tencentcloud-sdk-python"; - version = "3.0.1121"; + version = "3.0.1122"; pyproject = true; disabled = pythonOlder "3.9"; @@ -18,7 +18,7 @@ buildPythonPackage rec { owner = "TencentCloud"; repo = "tencentcloud-sdk-python"; rev = "refs/tags/${version}"; - hash = "sha256-McSF0s6ACEDSrfOBCBVT2yEoUmKKeYiPoQpLoc5hHDU="; + hash = "sha256-rJpgtyBVJn6jURSSEVlT4BadDTr9npeISgKtQdQdgnM="; }; build-system = [ diff --git a/pkgs/development/python-modules/volkszaehler/default.nix b/pkgs/development/python-modules/volkszaehler/default.nix index dcb153ba98ca..648447536e37 100644 --- a/pkgs/development/python-modules/volkszaehler/default.nix +++ b/pkgs/development/python-modules/volkszaehler/default.nix @@ -4,23 +4,28 @@ , buildPythonPackage , fetchFromGitHub , pythonOlder +, setuptools }: buildPythonPackage rec { pname = "volkszaehler"; - version = "0.4.0"; - format = "setuptools"; + version = "0.5.0"; + pyproject = true; - disabled = pythonOlder "3.9"; + disabled = pythonOlder "3.10"; src = fetchFromGitHub { owner = "home-assistant-ecosystem"; repo = "python-volkszaehler"; rev = "refs/tags/${version}"; - hash = "sha256-jX0nwBsBYU383LG8f08FVI7Lo9gnyPSQ0fiEF8dQc/M="; + hash = "sha256-7SB0x0BO9SMeMG1M/hH4fX7oDbtwPgCzyRrrUq1/WPo="; }; - propagatedBuildInputs = [ + nativeBuildInputs = [ + setuptools + ]; + + dependencies = [ aiohttp async-timeout ]; diff --git a/pkgs/development/python-modules/whenever/default.nix b/pkgs/development/python-modules/whenever/default.nix index 732c22d09575..d36baeefcba3 100644 --- a/pkgs/development/python-modules/whenever/default.nix +++ b/pkgs/development/python-modules/whenever/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "whenever"; - version = "0.5.0"; + version = "0.5.1"; pyproject = true; disabled = pythonOlder "3.8"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "ariebovenberg"; repo = "whenever"; rev = "refs/tags/${version}"; - hash = "sha256-5Ik9+i5T5ztb+2zqFZ+SBmrZFLDxji66e3lK0z2w92c="; + hash = "sha256-RH2614M91zYULNTQsr6JoKfxlnGyAJsCkB7oeiz7urs="; }; postPatch = '' @@ -31,18 +31,16 @@ buildPythonPackage rec { --replace-fail '--benchmark-disable' '#--benchmark-disable' ''; - nativeBuildInputs = [ + build-system = [ poetry-core ]; - propagatedBuildInputs = [ + dependencies = [ tzdata ] ++ lib.optionals (pythonOlder "3.9") [ backports-zoneinfo ]; - pythonImportsCheck = [ "whenever" ]; - nativeCheckInputs = [ pytestCheckHook pytest-mypy-plugins @@ -50,6 +48,10 @@ buildPythonPackage rec { freezegun ]; + pythonImportsCheck = [ + "whenever" + ]; + # early TDD, many tests are failing # TODO: try enabling on bump doCheck = false; diff --git a/pkgs/development/tools/algolia-cli/default.nix b/pkgs/development/tools/algolia-cli/default.nix index c00a01ac02f1..7ef189b67fe3 100644 --- a/pkgs/development/tools/algolia-cli/default.nix +++ b/pkgs/development/tools/algolia-cli/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "algolia-cli"; - version = "1.6.5"; + version = "1.6.6"; src = fetchFromGitHub { owner = "algolia"; repo = "cli"; rev = "v${version}"; - hash = "sha256-bS/xSrb1vCeYuDZj8NwEyclbYMXlejAxIoItEX8YnOs="; + hash = "sha256-yLsyby3u1oz5fnQ/zQ0sjy2w+Pv0KHySojsDc4vnFF0="; }; vendorHash = "sha256-cNuBTH7L2K4TgD0H9FZ9CjhE5AGXADaniGLD9Lhrtrk="; diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index b02f5cb58001..9bb6840f5241 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "checkov"; - version = "3.2.50"; + version = "3.2.51"; pyproject = true; src = fetchFromGitHub { owner = "bridgecrewio"; repo = "checkov"; rev = "refs/tags/${version}"; - hash = "sha256-XOH4RrkyjTZY1N5XSR71GEGofPgqI7XkE8c3/ojoHGI="; + hash = "sha256-aUu1sxP4YUuF2E4oPh8QJ/hpqLSvAz0aYei+QSj9qqQ="; }; patches = [ diff --git a/pkgs/development/tools/build-managers/gradle/default.nix b/pkgs/development/tools/build-managers/gradle/default.nix index 89cf92aaa569..e22779f6d9ca 100644 --- a/pkgs/development/tools/build-managers/gradle/default.nix +++ b/pkgs/development/tools/build-managers/gradle/default.nix @@ -160,9 +160,9 @@ rec { # https://docs.gradle.org/current/userguide/compatibility.html gradle_8 = gen { - version = "8.6"; + version = "8.7"; nativeVersion = "0.22-milestone-25"; - hash = "sha256-ljHVPPPnS/pyaJOu4fiZT+5OBgxAEzWUbbohVvRA8kw="; + hash = "sha256-VEw11r2Emuil7QvOo5umd9xA9J330YNVYVgtogCblh0="; defaultJava = jdk21; }; diff --git a/pkgs/development/tools/build-managers/rake/Gemfile.lock b/pkgs/development/tools/build-managers/rake/Gemfile.lock index 5082e8b0c44c..4a8c98473c7e 100644 --- a/pkgs/development/tools/build-managers/rake/Gemfile.lock +++ b/pkgs/development/tools/build-managers/rake/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - rake (13.1.0) + rake (13.2.0) PLATFORMS ruby @@ -10,4 +10,4 @@ DEPENDENCIES rake BUNDLED WITH - 2.5.3 + 2.5.6 diff --git a/pkgs/development/tools/build-managers/rake/default.nix b/pkgs/development/tools/build-managers/rake/default.nix index d2f0a264ba74..9efb8881ab79 100644 --- a/pkgs/development/tools/build-managers/rake/default.nix +++ b/pkgs/development/tools/build-managers/rake/default.nix @@ -13,5 +13,6 @@ bundlerApp { license = with licenses; mit; maintainers = with maintainers; [ manveru nicknovitski ]; platforms = platforms.unix; + mainProgram = "rake"; }; } diff --git a/pkgs/development/tools/build-managers/rake/gemset.nix b/pkgs/development/tools/build-managers/rake/gemset.nix index e384c801699c..ae6dbb122953 100644 --- a/pkgs/development/tools/build-managers/rake/gemset.nix +++ b/pkgs/development/tools/build-managers/rake/gemset.nix @@ -4,9 +4,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ilr853hawi09626axx0mps4rkkmxcs54mapz9jnqvpnlwd3wsmy"; + sha256 = "0lwv4rniry7k9dvz1n462d7j0dq9mrl6a95y6cvs6139h0ksxhgn"; type = "gem"; }; - version = "13.1.0"; + version = "13.2.0"; }; } diff --git a/pkgs/development/tools/phpactor/default.nix b/pkgs/development/tools/phpactor/default.nix index 157d293eec9a..554c23507184 100644 --- a/pkgs/development/tools/phpactor/default.nix +++ b/pkgs/development/tools/phpactor/default.nix @@ -6,16 +6,16 @@ php.buildComposerProject (finalAttrs: { pname = "phpactor"; - version = "2023.12.03.0"; + version = "2024.03.09.0"; src = fetchFromGitHub { owner = "phpactor"; repo = "phpactor"; rev = finalAttrs.version; - hash = "sha256-zLSGzaUzroWkvFNCj3uA9KdZ3K/EIQOZ7HzV6Ms5/BE="; + hash = "sha256-1QPBq8S3mOkSackXyCuFdoxfAdUQaRuUfoOfKOGuiR0="; }; - vendorHash = "sha256-0jvWbQubPXDhsXqEp8q5R0Y7rQX3UiccGDF3HDBeh7o="; + vendorHash = "sha256-9YN+fy+AvNnF0Astrirpewjmh/bSINAhW9fLvN5HGGI="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/development/tools/pscale/default.nix b/pkgs/development/tools/pscale/default.nix index 189d7eea042e..1255470fb714 100644 --- a/pkgs/development/tools/pscale/default.nix +++ b/pkgs/development/tools/pscale/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "pscale"; - version = "0.186.0"; + version = "0.191.0"; src = fetchFromGitHub { owner = "planetscale"; repo = "cli"; rev = "v${version}"; - sha256 = "sha256-LXUvVctOFreDlIozA17pfDblZ6QugVA/dJ+IKE3fBeY="; + sha256 = "sha256-+QGzLPJQbIql5Xomve/v3vGB5kdCDamxkRM6weIZMMw="; }; - vendorHash = "sha256-ubMr2gm4t0731niC2Mx1Lcmdl48SUVjfoIWbtgt3X+I="; + vendorHash = "sha256-dcMKi12YFTpQShGRm97Zptiw9JK55CAXm0r8UG+c1Dg="; ldflags = [ "-s" "-w" diff --git a/pkgs/development/tools/quilt/default.nix b/pkgs/development/tools/quilt/default.nix index fec73b264819..4b7cfb59cf7d 100644 --- a/pkgs/development/tools/quilt/default.nix +++ b/pkgs/development/tools/quilt/default.nix @@ -18,11 +18,11 @@ stdenv.mkDerivation rec { pname = "quilt"; - version = "0.67"; + version = "0.68"; src = fetchurl { url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz"; - sha256 = "sha256-O+O+CYfnKmw2Rni7gn4+H8wQMitWvF8CtXZpj1UBPMI="; + sha256 = "sha256-/owJ3gPBBuhbNzfI8DreFHyVa3ntevSFocijhY2zhCY="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/development/tools/rain/default.nix b/pkgs/development/tools/rain/default.nix index 3ad07c761b91..6d1d165bc81f 100644 --- a/pkgs/development/tools/rain/default.nix +++ b/pkgs/development/tools/rain/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "rain"; - version = "1.8.2"; + version = "1.8.3"; src = fetchFromGitHub { owner = "aws-cloudformation"; repo = pname; rev = "v${version}"; - sha256 = "sha256-QJAcIk+XPQF5iLlcK62t2htOVjne3K/74Am0pvLS1r8="; + sha256 = "sha256-l5Exm31pQlmYh9VizdrARFgtIxb48ALR1IYaNFfCMWk="; }; - vendorHash = "sha256-+UJyPwb4/KPeXyrsGQvX2SfYWfTeoR93WGyTTBf3Ya8="; + vendorHash = "sha256-PjdM52qCR7zVjQDRWwGXcJwqLYUt9LTi9SX85A4z2SA="; subPackages = [ "cmd/rain" ]; diff --git a/pkgs/development/tools/rust/cargo-public-api/default.nix b/pkgs/development/tools/rust/cargo-public-api/default.nix index cd8ccb0a9c2f..11e5ba601c3e 100644 --- a/pkgs/development/tools/rust/cargo-public-api/default.nix +++ b/pkgs/development/tools/rust/cargo-public-api/default.nix @@ -10,14 +10,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-public-api"; - version = "0.34.0"; + version = "0.34.1"; src = fetchCrate { inherit pname version; - hash = "sha256-xD+0eplrtrTlYYnfl1R6zIO259jP18OAp9p8eg1CqbI="; + hash = "sha256-fNQ4FfOaS38KGhI/hCRLdtYmb0FXkoXyJsbcT+1K6Ow="; }; - cargoHash = "sha256-EjMzOilTnPSC7FYxrNBxX+sugYvPIxiCzlwQcl3VMog="; + cargoHash = "sha256-DwhaVn6nuy2KbXaRcIUQN6iS85ONwAbCWX+vxfa0F7U="; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/development/tools/typos/default.nix b/pkgs/development/tools/typos/default.nix index 68e7bf041016..5ab986d2dc0c 100644 --- a/pkgs/development/tools/typos/default.nix +++ b/pkgs/development/tools/typos/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "typos"; - version = "1.20.1"; + version = "1.20.3"; src = fetchFromGitHub { owner = "crate-ci"; repo = pname; rev = "v${version}"; - hash = "sha256-X9m+2zJsHYbek/G9oyH3394/StolG3cDjVigTJZNzu0="; + hash = "sha256-0z00e8lRDA/KdAPGAwOGlRXgpXkag4htZ+ykXEAmtJE="; }; - cargoHash = "sha256-eCcuDfolsjv6Xt+sqo8VxWZhy5DLoukuI9rQiNXrUVs="; + cargoHash = "sha256-8XWU7/z1LhfB5rp9LKqdaoaORF68ZI5Pl8zkrxKSQQE="; meta = with lib; { description = "Source code spell checker"; diff --git a/pkgs/misc/fastly/default.nix b/pkgs/misc/fastly/default.nix index 447f582cb011..5658af6983a5 100644 --- a/pkgs/misc/fastly/default.nix +++ b/pkgs/misc/fastly/default.nix @@ -10,13 +10,13 @@ buildGoModule rec { pname = "fastly"; - version = "10.8.8"; + version = "10.8.9"; src = fetchFromGitHub { owner = "fastly"; repo = "cli"; rev = "refs/tags/v${version}"; - hash = "sha256-GdreswHR+avk5AYJwcoxqF/MlrcHX9NLNpgST5+0kVc="; + hash = "sha256-s3tsLCON8F1N7pK7xp8Fwmo8KNctmUnA7I1MxhQeDtA="; # The git commit is part of the `fastly version` original output; # leave that output the same in nixpkgs. Use the `.git` directory # to retrieve the commit SHA, and remove the directory afterwards, diff --git a/pkgs/os-specific/darwin/insert_dylib/default.nix b/pkgs/os-specific/darwin/insert_dylib/default.nix index 7ab9692f0d42..f3ea2c9a09eb 100644 --- a/pkgs/os-specific/darwin/insert_dylib/default.nix +++ b/pkgs/os-specific/darwin/insert_dylib/default.nix @@ -1,22 +1,43 @@ -{ lib, stdenv, fetchFromGitHub, xcbuildHook }: +{ + lib, + stdenv, + fetchFromGitHub, +}: stdenv.mkDerivation { - pname = "insert_dylib"; - version = "unstable-2016-08-28"; + pname = "insert-dylib"; + version = "0-unstable-2016-08-28"; src = fetchFromGitHub { owner = "Tyilo"; repo = "insert_dylib"; rev = "c8beef66a08688c2feeee2c9b6eaf1061c2e67a9"; - sha256 = "0az38y06pvvy9jf2wnzdwp9mp98lj6nr0ldv0cs1df5p9x2qvbya"; + hash = "sha256-yq+NRU+3uBY0A7tRkK2RFKVb0+XtWy6cTH7va4BH4ys="; }; - nativeBuildInputs = [ xcbuildHook ]; + buildPhase = '' + runHook preBuild - installPhase = '' - mkdir -p $out/bin - install -m755 Products/Release/insert_dylib $out/bin + mkdir -p Products/Release + $CC -o Products/Release/insert_dylib insert_dylib/main.c + + runHook postBuild ''; - meta.platforms = lib.platforms.darwin; + installPhase = '' + runHook preInstall + + install -Dm755 Products/Release/insert_dylib -t $out/bin + + runHook postInstall + ''; + + meta = { + description = "Command line utility for inserting a dylib load command into a Mach-O binary"; + homepage = "https://github.com/tyilo/insert_dylib"; + license = lib.licenses.unfree; # no license specified + mainProgram = "insert_dylib"; + maintainers = with lib.maintainers; [ wegank ]; + platforms = lib.platforms.darwin; + }; } diff --git a/pkgs/servers/http/unit/default.nix b/pkgs/servers/http/unit/default.nix index c77428688da5..d2d53df71352 100644 --- a/pkgs/servers/http/unit/default.nix +++ b/pkgs/servers/http/unit/default.nix @@ -28,14 +28,14 @@ let php82-unit = php82.override phpConfig; in stdenv.mkDerivation rec { - version = "1.32.0"; + version = "1.32.1"; pname = "unit"; src = fetchFromGitHub { owner = "nginx"; repo = pname; rev = version; - sha256 = "sha256-u693Q6Gp8lFm3DX1q5i6W021bxD962NGBGDRxUtvGrk="; + sha256 = "sha256-YqejETJTbnmXoPsYITJ6hSnd1fIWUc1p5FldYkw2HQI="; }; nativeBuildInputs = [ which ]; diff --git a/pkgs/servers/search/opensearch/default.nix b/pkgs/servers/search/opensearch/default.nix index 94207ec5665f..2c7d140ccce2 100644 --- a/pkgs/servers/search/opensearch/default.nix +++ b/pkgs/servers/search/opensearch/default.nix @@ -11,11 +11,11 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "opensearch"; - version = "2.12.0"; + version = "2.13.0"; src = fetchurl { url = "https://artifacts.opensearch.org/releases/bundle/opensearch/${finalAttrs.version}/opensearch-${finalAttrs.version}-linux-x64.tar.gz"; - hash = "sha256-t9s633qDzxvG1x+VVATpczzvD+ojnfTiwB/EambMKtA="; + hash = "sha256-cF2JZX5psuh7h8acazK9tcjNu6wralJtliwqaBnd/V8="; }; nativeBuildInputs = [ diff --git a/pkgs/servers/sql/postgresql/ext/pg_partman.nix b/pkgs/servers/sql/postgresql/ext/pg_partman.nix index 10e899f810d0..87ee50411b75 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_partman.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_partman.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "pg_partman"; - version = "5.0.1"; + version = "5.1.0"; buildInputs = [ postgresql ]; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "pgpartman"; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-sJODpyRgqpeg/Lb584wNgCCFRaH22ELcbof1bA612aw="; + sha256 = "sha256-GrVOJ5ywZMyqyDroYDLdKkXDdIJSDGhDfveO/ZvrmYs="; }; installPhase = '' diff --git a/pkgs/servers/ttyd/default.nix b/pkgs/servers/ttyd/default.nix index 23b782c540db..20e107ffc533 100644 --- a/pkgs/servers/ttyd/default.nix +++ b/pkgs/servers/ttyd/default.nix @@ -8,12 +8,12 @@ with builtins; stdenv.mkDerivation rec { pname = "ttyd"; - version = "1.7.4"; + version = "1.7.5"; src = fetchFromGitHub { owner = "tsl0922"; repo = pname; rev = "refs/tags/${version}"; - sha256 = "sha256-BNvJkDOSlcNXt5W9/3/4I+MhQYn0W37zrJRYpAoZWaA="; + sha256 = "sha256-ci6PLrFQa/aX48kjAqQfCtOOhS06ikfEtYoCgmGhGdU="; }; nativeBuildInputs = [ pkg-config cmake xxd ]; diff --git a/pkgs/servers/web-apps/changedetection-io/default.nix b/pkgs/servers/web-apps/changedetection-io/default.nix index 4d058e916ab7..1d45e156096c 100644 --- a/pkgs/servers/web-apps/changedetection-io/default.nix +++ b/pkgs/servers/web-apps/changedetection-io/default.nix @@ -5,19 +5,19 @@ python3.pkgs.buildPythonApplication rec { pname = "changedetection-io"; - version = "0.45.16"; + version = "0.45.17"; format = "setuptools"; src = fetchFromGitHub { owner = "dgtlmoon"; repo = "changedetection.io"; rev = version; - hash = "sha256-ln522U3XqZfhvLvMEzrqXV3SjhpgnrRk2MxQQRBL5VU="; + hash = "sha256-3LaNZourDjFjdSh5+hwc2l2DRMEI/rbfyksFD9uUebg="; }; postPatch = '' substituteInPlace requirements.txt \ - --replace "apprise~=1.7.1" "apprise" \ + --replace "apprise~=1.7.4" "apprise" \ --replace "cryptography~=3.4" "cryptography" \ --replace "dnspython~=2.4" "dnspython" \ --replace "pytest ~=7.2" "" \ diff --git a/pkgs/servers/xandikos/default.nix b/pkgs/servers/xandikos/default.nix index f61d5c1a02c5..c22db465b223 100644 --- a/pkgs/servers/xandikos/default.nix +++ b/pkgs/servers/xandikos/default.nix @@ -6,7 +6,7 @@ python3Packages.buildPythonApplication rec { pname = "xandikos"; - version = "0.2.10"; + version = "0.2.11"; format = "pyproject"; disabled = python3Packages.pythonOlder "3.9"; @@ -14,8 +14,8 @@ python3Packages.buildPythonApplication rec { src = fetchFromGitHub { owner = "jelmer"; repo = "xandikos"; - rev = "v${version}"; - hash = "sha256-SqU/K3b8OML3PvFmP7L5R3Ub9vbW66xRpf79mgFZPfc="; + rev = "refs/tags/v${version}"; + hash = "sha256-cBsceJ6tib8OYx5L2Hv2AqRS+ADRSLIuJGIULNpAmEI="; }; nativeBuildInputs = with python3Packages; [ diff --git a/pkgs/tools/admin/trinsic-cli/default.nix b/pkgs/tools/admin/trinsic-cli/default.nix index 264e04c71c77..547d3020620a 100644 --- a/pkgs/tools/admin/trinsic-cli/default.nix +++ b/pkgs/tools/admin/trinsic-cli/default.nix @@ -2,11 +2,11 @@ rustPlatform.buildRustPackage rec { pname = "trinsic-cli"; - version = "1.13.0"; + version = "1.14.0"; src = fetchurl { url = "https://github.com/trinsic-id/sdk/releases/download/v${version}/trinsic-cli-vendor-${version}.tar.gz"; - sha256 = "sha256-uW4PNlDfyxzec9PzfXr25gPrFZQGr8qm0jLMOeIazoE="; + sha256 = "sha256-lPw55QcGMvY2YRYJGq4WC0fPbKiika4NF55tlb+i6So="; }; cargoVendorDir = "vendor"; diff --git a/pkgs/tools/backup/zfs-replicate/default.nix b/pkgs/tools/backup/zfs-replicate/default.nix index 5a377d8cae28..c5a4d2f0317f 100644 --- a/pkgs/tools/backup/zfs-replicate/default.nix +++ b/pkgs/tools/backup/zfs-replicate/default.nix @@ -11,12 +11,12 @@ buildPythonApplication rec { pname = "zfs_replicate"; - version = "3.2.11"; + version = "3.2.12"; pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-8u65Ht7s2RqBYetKf/3erb6B2+/iZgnqHBogYa4J/rs="; + hash = "sha256-Pyn/ehXVb5knHS1A/MFTYE0t+IVgtBe1dAnYdaHutyk="; }; postPatch = '' diff --git a/pkgs/tools/misc/ollama/cmake-include.patch b/pkgs/tools/misc/ollama/cmake-include.patch deleted file mode 100644 index 013ed66bf91c..000000000000 --- a/pkgs/tools/misc/ollama/cmake-include.patch +++ /dev/null @@ -1,7 +0,0 @@ ---- a/llm/llama.cpp/examples/server/CMakeLists.txt -+++ b/llm/llama.cpp/examples/server/CMakeLists.txt -@@ -11,3 +11,4 @@ - TARGET_LINK_LIBRARIES(${TARGET} PRIVATE ws2_32) - endif() - target_compile_features(${TARGET} PRIVATE cxx_std_11) -+include (../../../ext_server/CMakeLists.txt) # ollama diff --git a/pkgs/tools/misc/ollama/default.nix b/pkgs/tools/misc/ollama/default.nix index fc3320d9e0a5..2b02cc3ff500 100644 --- a/pkgs/tools/misc/ollama/default.nix +++ b/pkgs/tools/misc/ollama/default.nix @@ -28,14 +28,32 @@ let pname = "ollama"; - version = "0.1.29"; + # don't forget to invalidate all hashes each update + version = "0.1.30"; + src = fetchFromGitHub { owner = "jmorganca"; repo = "ollama"; rev = "v${version}"; - hash = "sha256-M2G53DJF/22ZVCAb4jGjyErKO6q2argehHSV7AEef6w="; + hash = "sha256-+cdYT5NUf00Rx0fpCvWUNg4gi+PAOmZVDUdB3omibm0="; fetchSubmodules = true; }; + vendorHash = "sha256-Lj7CBvS51RqF63c01cOCgY7BCQeCKGu794qzb/S80C0="; + # ollama's patches of llama.cpp's example server + # `ollama/llm/generate/gen_common.sh` -> "apply temporary patches until fix is upstream" + # each update, these patches should be synchronized with the contents of `ollama/llm/patches/` + llamacppPatches = [ + (preparePatch "03-load_exception.diff" "sha256-1DfNahFYYxqlx4E4pwMKQpL+XR0bibYnDFGt6dCL4TM=") + (preparePatch "04-locale.diff" "sha256-r5nHiP6yN/rQObRu2FZIPBKpKP9yByyZ6sSI2SKj6Do=") + ]; + + preparePatch = patch: hash: fetchpatch { + url = "file://${src}/llm/patches/${patch}"; + inherit hash; + stripLen = 1; + extraPrefix = "llm/llama.cpp/"; + }; + validAccel = lib.assertOneOf "ollama.acceleration" acceleration [ null "rocm" "cuda" ]; @@ -45,6 +63,7 @@ let enableRocm = validAccel && (acceleration == "rocm") && (warnIfNotLinux "rocm"); enableCuda = validAccel && (acceleration == "cuda") && (warnIfNotLinux "cuda"); + rocmClang = linkFarm "rocm-clang" { llvm = rocmPackages.llvm.clang; }; @@ -94,12 +113,6 @@ let buildGo122Module.override { stdenv = overrideCC stdenv gcc12; } else buildGo122Module; - preparePatch = patch: hash: fetchpatch { - url = "file://${src}/llm/patches/${patch}"; - inherit hash; - stripLen = 1; - extraPrefix = "llm/llama.cpp/"; - }; inherit (lib) licenses platforms maintainers; in goBuild ((lib.optionalAttrs enableRocm { @@ -110,8 +123,7 @@ goBuild ((lib.optionalAttrs enableRocm { CUDACXX = "${cudaToolkit}/bin/nvcc"; CUDAToolkit_ROOT = cudaToolkit; }) // { - inherit pname version src; - vendorHash = "sha256-Lj7CBvS51RqF63c01cOCgY7BCQeCKGu794qzb/S80C0="; + inherit pname version src vendorHash; nativeBuildInputs = [ cmake @@ -133,31 +145,20 @@ goBuild ((lib.optionalAttrs enableRocm { metalFrameworks; patches = [ - # remove uses of `git` in the `go generate` script - # instead use `patch` where necessary - ./remove-git.patch - # replace a hardcoded use of `g++` with `$CXX` - ./replace-gcc.patch - - # ollama's patches of llama.cpp's example server - # `ollama/llm/generate/gen_common.sh` -> "apply temporary patches until fix is upstream" - (preparePatch "01-cache.diff" "sha256-VDwu/iK6taBCyscpndQiOJ3eGqonnLVwmS2rJNMBVGU=") - (preparePatch "02-cudaleaks.diff" "sha256-nxsWgrePUMsZBWWQAjqVHWMJPzr1owH1zSJvUU7Q5pA=") - (preparePatch "03-load_exception.diff" "sha256-1DfNahFYYxqlx4E4pwMKQpL+XR0bibYnDFGt6dCL4TM=") - (preparePatch "04-locale.diff" "sha256-r5nHiP6yN/rQObRu2FZIPBKpKP9yByyZ6sSI2SKj6Do=") - (preparePatch "05-fix-clip-free.diff" "sha256-EFZ+QTtZCvstVxYgVdFKHsQqdkL98T0eXOEBOqCrlL4=") - ]; + # disable uses of `git` in the `go generate` script + # ollama's build script assumes the source is a git repo, but nix removes the git directory + # this also disables necessary patches contained in `ollama/llm/patches/` + # those patches are added to `llamacppPatches`, and reapplied here in the patch phase + ./disable-git.patch + ] ++ llamacppPatches; postPatch = '' - # use a patch from the nix store in the `go generate` script - substituteInPlace llm/generate/gen_common.sh \ - --subst-var-by cmakeIncludePatch '${./cmake-include.patch}' - # `ollama/llm/generate/gen_common.sh` -> "avoid duplicate main symbols when we link into the cgo binary" - substituteInPlace llm/llama.cpp/examples/server/server.cpp \ - --replace-fail 'int main(' 'int __main(' + # replace a hardcoded use of `g++` with `$CXX` so clang can be used on darwin + substituteInPlace llm/generate/gen_common.sh --replace-fail 'g++' '$CXX' # replace inaccurate version number with actual release version substituteInPlace version/version.go --replace-fail 0.0.0 '${version}' ''; preBuild = '' + # disable uses of `git`, since nix removes the git directory export OLLAMA_SKIP_PATCHING=true # build llama.cpp libraries for ollama go generate ./... @@ -168,9 +169,10 @@ goBuild ((lib.optionalAttrs enableRocm { '' + lib.optionalString (enableRocm || enableCuda) '' # expose runtime libraries necessary to use the gpu mv "$out/bin/ollama" "$out/bin/.ollama-unwrapped" - makeWrapper "$out/bin/.ollama-unwrapped" "$out/bin/ollama" \ - --suffix LD_LIBRARY_PATH : '/run/opengl-driver/lib:${lib.makeLibraryPath runtimeLibs}' '' + lib.optionalString enableRocm ''\ - --set-default HIP_PATH ${rocmPath} + makeWrapper "$out/bin/.ollama-unwrapped" "$out/bin/ollama" ${ + lib.optionalString enableRocm + ''--set-default HIP_PATH '${rocmPath}' ''} \ + --suffix LD_LIBRARY_PATH : '/run/opengl-driver/lib:${lib.makeLibraryPath runtimeLibs}' ''; ldflags = [ @@ -191,9 +193,9 @@ goBuild ((lib.optionalAttrs enableRocm { }; meta = { - changelog = "https://github.com/ollama/ollama/releases/tag/v${version}"; description = "Get up and running with large language models locally"; - homepage = "https://github.com/jmorganca/ollama"; + homepage = "https://github.com/ollama/ollama"; + changelog = "https://github.com/ollama/ollama/releases/tag/v${version}"; license = licenses.mit; platforms = platforms.unix; mainProgram = "ollama"; diff --git a/pkgs/tools/misc/ollama/disable-git.patch b/pkgs/tools/misc/ollama/disable-git.patch new file mode 100644 index 000000000000..5f9b4b3323b6 --- /dev/null +++ b/pkgs/tools/misc/ollama/disable-git.patch @@ -0,0 +1,20 @@ +--- a/llm/generate/gen_common.sh ++++ b/llm/generate/gen_common.sh +@@ -65,6 +65,8 @@ + echo 'add_subdirectory(../ext_server ext_server) # ollama' >>${LLAMACPP_DIR}/CMakeLists.txt + fi + ++ return ++ + if [ -n "$(ls -A ../patches/*.diff)" ]; then + # apply temporary patches until fix is upstream + for patch in ../patches/*.diff; do +@@ -110,6 +112,8 @@ + + # Keep the local tree clean after we're done with the build + cleanup() { ++ return ++ + (cd ${LLAMACPP_DIR}/ && git checkout CMakeLists.txt) + + if [ -n "$(ls -A ../patches/*.diff)" ]; then diff --git a/pkgs/tools/misc/ollama/remove-git.patch b/pkgs/tools/misc/ollama/remove-git.patch deleted file mode 100644 index 9ef4487051ff..000000000000 --- a/pkgs/tools/misc/ollama/remove-git.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/llm/generate/gen_common.sh -+++ b/llm/generate/gen_common.sh -@@ -60,6 +60,9 @@ - } - - apply_patches() { -+ patch -i '@cmakeIncludePatch@' "${LLAMACPP_DIR}/examples/server/CMakeLists.txt" -+ return -+ - # Wire up our CMakefile - if ! grep ollama ${LLAMACPP_DIR}/examples/server/CMakeLists.txt; then - echo 'include (../../../ext_server/CMakeLists.txt) # ollama' >>${LLAMACPP_DIR}/examples/server/CMakeLists.txt -@@ -113,6 +116,8 @@ - - # Keep the local tree clean after we're done with the build - cleanup() { -+ return -+ - (cd ${LLAMACPP_DIR}/examples/server/ && git checkout CMakeLists.txt server.cpp) - - if [ -n "$(ls -A ../patches/*.diff)" ]; then diff --git a/pkgs/tools/misc/ollama/replace-gcc.patch b/pkgs/tools/misc/ollama/replace-gcc.patch deleted file mode 100644 index 2ebd24e1dc3f..000000000000 --- a/pkgs/tools/misc/ollama/replace-gcc.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/llm/generate/gen_common.sh -+++ b/llm/generate/gen_common.sh -@@ -86,7 +89,7 @@ - cmake -S ${LLAMACPP_DIR} -B ${BUILD_DIR} ${CMAKE_DEFS} - cmake --build ${BUILD_DIR} ${CMAKE_TARGETS} -j8 - mkdir -p ${BUILD_DIR}/lib/ -- g++ -fPIC -g -shared -o ${BUILD_DIR}/lib/libext_server.${LIB_EXT} \ -+ $CXX -fPIC -g -shared -o ${BUILD_DIR}/lib/libext_server.${LIB_EXT} \ - ${GCC_ARCH} \ - ${WHOLE_ARCHIVE} ${BUILD_DIR}/examples/server/libext_server.a ${NO_WHOLE_ARCHIVE} \ - ${BUILD_DIR}/common/libcommon.a \ diff --git a/pkgs/tools/misc/parquet-tools/default.nix b/pkgs/tools/misc/parquet-tools/default.nix index bd35304f3cf1..cc5d25b1538a 100644 --- a/pkgs/tools/misc/parquet-tools/default.nix +++ b/pkgs/tools/misc/parquet-tools/default.nix @@ -18,6 +18,12 @@ buildPythonApplication rec { hash = "sha256-2jIwDsxB+g37zV9hLc2VNC5YuZXTpTmr2aQ72AeHYJo="; }; + patches = [ + # support Moto 5.x + # https://github.com/ktrueda/parquet-tools/pull/55 + ./moto5.patch + ]; + postPatch = '' substituteInPlace tests/test_inspect.py \ --replace "parquet-cpp-arrow version 5.0.0" "parquet-cpp-arrow version ${pyarrow.version}" \ diff --git a/pkgs/tools/misc/parquet-tools/moto5.patch b/pkgs/tools/misc/parquet-tools/moto5.patch new file mode 100644 index 000000000000..5e79c1a204fc --- /dev/null +++ b/pkgs/tools/misc/parquet-tools/moto5.patch @@ -0,0 +1,28 @@ +diff --git a/tests/fixtures/aws.py b/tests/fixtures/aws.py +index 7eea4bd..9fb3345 100644 +--- a/tests/fixtures/aws.py ++++ b/tests/fixtures/aws.py +@@ -1,15 +1,17 @@ + import boto3 +-from moto import mock_s3 + import pytest + ++try: ++ # Moto 4.x ++ from moto import mock_s3 ++except ImportError: ++ # Moto 5.x ++ from moto import mock_aws as mock_s3 + + @pytest.fixture + def aws_session(): +- mock_s3_server = mock_s3() +- mock_s3_server.start() +- yield boto3.Session() +- mock_s3_server.stop() +- ++ with mock_s3(): ++ yield boto3.Session() + + @pytest.fixture + def aws_s3_bucket(aws_session): diff --git a/pkgs/tools/networking/nzbget/default.nix b/pkgs/tools/networking/nzbget/default.nix index 9a57a2e8a3b5..574045aaa10b 100644 --- a/pkgs/tools/networking/nzbget/default.nix +++ b/pkgs/tools/networking/nzbget/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , autoreconfHook , boost , pkg-config @@ -17,7 +18,7 @@ }: stdenv.mkDerivation (finalAttrs: { - pname = "nzbget-ng"; + pname = "nzbget"; version = "23.0"; src = fetchFromGitHub { @@ -27,6 +28,14 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-JqC82zpsIqRYB7128gTSOQMWJFR/t63NJXlPgGqP0jE="; }; + patches = [ + # add nzbget-ng patch not in nzbgetcom for buffer overflow issue -- see https://github.com/nzbget-ng/nzbget/pull/43 + (fetchpatch { + url = "https://github.com/nzbget-ng/nzbget/commit/8fbbbfb40003c6f32379a562ce1d12515e61e93e.patch"; + hash = "sha256-mgI/twEoMTFMFGfH1/Jm6mE9u9/CE6RwELCSGx5erUo="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; buildInputs = [ diff --git a/pkgs/tools/networking/oapi-codegen/default.nix b/pkgs/tools/networking/oapi-codegen/default.nix index 05098a828a11..00be12a82d8c 100644 --- a/pkgs/tools/networking/oapi-codegen/default.nix +++ b/pkgs/tools/networking/oapi-codegen/default.nix @@ -5,20 +5,24 @@ buildGoModule rec { pname = "oapi-codegen"; - version = "1.13.4"; + version = "2.1.0"; src = fetchFromGitHub { owner = "deepmap"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-9uHgc2q3ZNM0hQsAY+1RLAH3NfcV+dQo+WRk4OQ8q4Q="; - }; + hash = "sha256-5Bwe0THxwynuUuw7jI7KBDNC1Q4sHlnWwO2Kx5F/7PA="; + } ; - vendorHash = "sha256-VsZcdbOGRbHfjKPU+Y01xZCBq4fiVi7qoRBY9AqS0PM="; + vendorHash = "sha256-SqnFfx9bWneVEIyJS8fKe9NNcbPF4wI3qP5QvENqBrI="; # Tests use network doCheck = false; + subPackages = [ "cmd/oapi-codegen" ]; + + ldflags = [ "-X main.noVCSVersionOverride=${version}" ] ; + meta = with lib; { description = "Go client and server OpenAPI 3 generator"; homepage = "https://github.com/deepmap/oapi-codegen"; diff --git a/pkgs/tools/package-management/pkg/default.nix b/pkgs/tools/package-management/pkg/default.nix index b100b9984915..83ae30ee22a3 100644 --- a/pkgs/tools/package-management/pkg/default.nix +++ b/pkgs/tools/package-management/pkg/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "pkg"; - version = "1.20.8"; + version = "1.21.0"; src = fetchFromGitHub { owner = "freebsd"; repo = "pkg"; rev = finalAttrs.version; - sha256 = "sha256-pQgZMCd4PEjNZKm9V35Rca7Miblv1EgkH+CxaiKvhpY="; + sha256 = "sha256-5Yoe0Y2WTBc19OzB1QvJCX8FXtBlgxORyUppX6ZWnAM="; }; setOutputFlags = false; diff --git a/pkgs/tools/security/arti/default.nix b/pkgs/tools/security/arti/default.nix index c1e1ae120f97..c58ccce99aec 100644 --- a/pkgs/tools/security/arti/default.nix +++ b/pkgs/tools/security/arti/default.nix @@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec { pname = "arti"; - version = "1.2.0"; + version = "1.2.1"; src = fetchFromGitLab { domain = "gitlab.torproject.org"; @@ -18,10 +18,10 @@ rustPlatform.buildRustPackage rec { owner = "core"; repo = "arti"; rev = "arti-v${version}"; - hash = "sha256-ba07btx3eorFiocRk1YbkkGcblgsWaMI14r1SaPNr9g="; + hash = "sha256-Ps1AIvL6hOnSYtvi4wbgJQiuv2eb1XIEPul/WypM9bo="; }; - cargoHash = "sha256-+TVmmyjAFLDlnXMED0+S0M3VbGBRHds4C1GNyTGD4wI="; + cargoHash = "sha256-2u/8nn/9tz+hlNDz6I/g2cMPWXZSMVNV7FPsKFP8jqo="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/pkgs/tools/security/cnspec/default.nix b/pkgs/tools/security/cnspec/default.nix index 91fb3a554fd7..e143b4b9bc77 100644 --- a/pkgs/tools/security/cnspec/default.nix +++ b/pkgs/tools/security/cnspec/default.nix @@ -5,18 +5,18 @@ buildGoModule rec { pname = "cnspec"; - version = "10.9.2"; + version = "10.10.0"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-2Vy2IFsq9vbNECnf873FYcWiitnzsbxP8v2IwjE5j1I="; + hash = "sha256-6nWyLWBrnvdmyUiuWon+Lqtn/FzQ1mJ4rvoHH7sCsQY="; }; proxyVendor = true; - vendorHash = "sha256-zGtvA1m6U55+0Toy5zvQeU0jkumQzPqle6rCfyg3aN0="; + vendorHash = "sha256-LaYpyKJPvB++4tbNV4OEtwtU4t+0DQUIM4lMlKGjgDk="; subPackages = [ "apps/cnspec" diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 333668fbfc9d..df5ff3e7b4cf 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2024-03-29"; + version = "2024-04-03"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-SNgC7gMedVpy07PQTt5MfyxZdb5bN3tTDx72l/rusvw="; + hash = "sha256-N6SF2BJltPfFqNA7YHDjuWLJw+PUk94pdl8mE9a1BiA="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/gotestwaf/default.nix b/pkgs/tools/security/gotestwaf/default.nix index 6198fc58ad73..a8a759dd1c77 100644 --- a/pkgs/tools/security/gotestwaf/default.nix +++ b/pkgs/tools/security/gotestwaf/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "gotestwaf"; - version = "0.4.17"; + version = "0.4.18"; src = fetchFromGitHub { owner = "wallarm"; repo = "gotestwaf"; rev = "refs/tags/v${version}"; - hash = "sha256-Ix2S+yJMAn7RCMuw5SkvnfVy7XH6yIuGwXP/EAnhyI0="; + hash = "sha256-+AM+x/jKkoXLeWOhrCALhCDuoGCl5jt0BiCit885K7I="; }; vendorHash = null; diff --git a/pkgs/tools/security/opencryptoki/default.nix b/pkgs/tools/security/opencryptoki/default.nix index 056c379ac68f..67acc540348b 100644 --- a/pkgs/tools/security/opencryptoki/default.nix +++ b/pkgs/tools/security/opencryptoki/default.nix @@ -7,17 +7,18 @@ , openldap , openssl , trousers +, libcap }: stdenv.mkDerivation rec { pname = "opencryptoki"; - version = "3.20.0"; + version = "3.23.0"; src = fetchFromGitHub { owner = "opencryptoki"; repo = "opencryptoki"; rev = "v${version}"; - hash = "sha256-Z11CDw9ykmJ7MI7I0H4Y/i+8/I+hRgC2frklYPP1di0="; + hash = "sha256-5FcvwGTzsL0lYrSYGlbSY89s6OKzg+2TRlwHlJjdzXo="; }; nativeBuildInputs = [ @@ -30,14 +31,17 @@ stdenv.mkDerivation rec { openldap openssl trousers + libcap ]; postPatch = '' substituteInPlace configure.ac \ - --replace "usermod" "true" \ - --replace "groupadd" "true" \ - --replace "chmod" "true" \ - --replace "chgrp" "true" + --replace-fail "usermod" "true" \ + --replace-fail "useradd" "true" \ + --replace-fail "groupadd" "true" \ + --replace-fail "chmod" "true" \ + --replace-fail "chown" "true" \ + --replace-fail "chgrp" "true" ''; configureFlags = [ diff --git a/pkgs/tools/security/vulnix/default.nix b/pkgs/tools/security/vulnix/default.nix index 305c3dc2f9a9..7388d8278ed0 100644 --- a/pkgs/tools/security/vulnix/default.nix +++ b/pkgs/tools/security/vulnix/default.nix @@ -1,17 +1,19 @@ { lib , python3Packages -, fetchPypi +, fetchFromGitHub , nix , ronn }: python3Packages.buildPythonApplication rec { pname = "vulnix"; - version = "1.10.1"; + version = "1.10.1-unstable-2024-04-02"; - src = fetchPypi { - inherit pname version; - sha256 = "07v3ddvvhi3bslwrlin45kz48i3va2lzd6ny0blj5i2z8z40qcfm"; + src = fetchFromGitHub { + owner = "nix-community"; + repo = "vulnix"; + rev = "ebd8ea84553c0fd95bc3042584b495560821500f"; + hash = "sha256-huC520cLPjcmnbh+qOamyVfiIJNrCUpwK+orEp+X2LQ="; }; postPatch = '' @@ -56,7 +58,7 @@ python3Packages.buildPythonApplication rec { meta = with lib; { description = "NixOS vulnerability scanner"; mainProgram = "vulnix"; - homepage = "https://github.com/flyingcircusio/vulnix"; + homepage = "https://github.com/nix-community/vulnix"; license = licenses.bsd3; maintainers = with maintainers; [ ckauhaus ]; }; diff --git a/pkgs/tools/text/diffutils/default.nix b/pkgs/tools/text/diffutils/default.nix index 040f363fa55d..8c4a160d4b1e 100644 --- a/pkgs/tools/text/diffutils/default.nix +++ b/pkgs/tools/text/diffutils/default.nix @@ -33,7 +33,8 @@ stdenv.mkDerivation rec { lib.optional (coreutils != null) "PR_PROGRAM=${coreutils}/bin/pr" ++ lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) "gl_cv_func_getopt_gnu=yes"; - doCheck = true; + # Test failure on QEMU only (#300550) + doCheck = !stdenv.buildPlatform.isRiscV64; meta = with lib; { homepage = "https://www.gnu.org/software/diffutils/diffutils.html"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9d8b09919537..1967309c1c16 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21001,10 +21001,7 @@ with pkgs; fortify-headers = callPackage ../development/libraries/fortify-headers { }; - makeFontsConf = let fontconfig_ = fontconfig; in {fontconfig ? fontconfig_, fontDirectories}: - callPackage ../development/libraries/fontconfig/make-fonts-conf.nix { - inherit fontconfig fontDirectories; - }; + makeFontsConf = callPackage ../development/libraries/fontconfig/make-fonts-conf.nix { }; makeFontsCache = let fontconfig_ = fontconfig; in {fontconfig ? fontconfig_, fontDirectories}: callPackage ../development/libraries/fontconfig/make-fonts-cache.nix {