colin
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into staging-next

This commit is contained in:
github-actions[bot] 2024-04-11 00:02:18 +00:00 committed by GitHub
parent 925fbfdac4 e9332c9fbd
commit df61e678f2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
36 changed files with 418 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
maintainers/scripts/check-cherry-picks.sh
View File

@ -12,6 +12,9 @@ PICKABLE_BRANCHES=${PICKABLE_BRANCHES:-master staging release-??.?? staging-??.?
problem=0
while read new_commit_sha ; do
if [ -z "$new_commit_sha" ] ; then
continue # skip empty lines
fi
if [ "$GITHUB_ACTIONS" = 'true' ] ; then
echo "::group::Commit $new_commit_sha"
else
@ -57,6 +60,8 @@ while read new_commit_sha ; do
$range_diff_common --color
echo "Note this should not necessarily be treated as a hard fail, but a reviewer's attention should" \
"be drawn to it and github actions have no way of doing that but to raise a 'failure'"
problem=1
else
echo "$original_commit_sha highly similar to $new_commit_sha"

2
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -163,6 +163,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable)
- [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable).
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

2
nixos/lib/testing/meta.nix
View File

@ -36,7 +36,7 @@ in
};
platforms = lib.mkOption {
type = types.listOf types.raw;
default = lib.platforms.linux ++ lib.platforms.darwin;
default = lib.platforms.linux;
description = ''
Sets the [`meta.platforms`](https://nixos.org/manual/nixpkgs/stable/#var-meta-platforms) attribute on the [{option}`test`](#test-opt-test) derivation.
'';

37
nixos/modules/services/backup/restic-rest-server.nix
View File

@ -12,7 +12,7 @@ in
enable = mkEnableOption (lib.mdDoc "Restic REST Server");
listenAddress = mkOption {
default = ":8000";
default = "8000";
example = "127.0.0.1:8080";
type = types.str;
description = lib.mdDoc "Listen on a specific IP address and port.";
@ -61,14 +61,19 @@ in
};
config = mkIf cfg.enable {
assertions = [{
assertion = lib.substring 0 1 cfg.listenAddress != ":";
message = "The restic-rest-server now uses systemd socket activation, which expects only the Port number: services.restic.server.listenAddress = \"${lib.substring 1 6 cfg.listenAddress}\";";
}];
systemd.services.restic-rest-server = {
description = "Restic REST Server";
after = [ "network.target" ];
after = [ "network.target" "restic-rest-server.socket" ];
requires = [ "restic-rest-server.socket" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/rest-server \
--listen ${cfg.listenAddress} \
--path ${cfg.dataDir} \
${optionalString cfg.appendOnly "--append-only"} \
${optionalString cfg.privateRepos "--private-repos"} \
@ -80,16 +85,40 @@ in
Group = "restic";
# Security hardening
ReadWritePaths = [ cfg.dataDir ];
CapabilityBoundingSet = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateNetwork = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateDevices = true;
ReadWritePaths = [ cfg.dataDir ];
RemoveIPC = true;
RestrictAddressFamilies = "none";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
UMask = 027;
};
};
systemd.sockets.restic-rest-server = {
listenStreams = [ cfg.listenAddress ];
wantedBy = [ "sockets.target" ];
};
systemd.tmpfiles.rules = mkIf cfg.privateRepos [
"f ${cfg.dataDir}/.htpasswd 0700 restic restic -"
];

2
nixos/modules/services/display-managers/sddm.nix
View File

@ -66,7 +66,7 @@ let
HideShells = "/run/current-system/sw/bin/nologin";
};
X11 = {
X11 = optionalAttrs xcfg.enable {
MinimumVT = if xcfg.tty != null then xcfg.tty else 7;
ServerPath = toString xserverWrapper;
XephyrPath = "${pkgs.xorg.xorgserver.out}/bin/Xephyr";

1
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -55,6 +55,7 @@ let
"modemmanager"
"mongodb"
"mysqld"
"nats"
"nextcloud"
"nginx"
"nginxlog"

34
nixos/modules/services/monitoring/prometheus/exporters/nats.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.prometheus.exporters.nats;
in
{
port = 7777;
extraOpts = {
url = mkOption {
type = types.str;
default = "http://127.0.0.1:8222";
description = ''
NATS monitor endpoint to query.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-nats-exporter}/bin/prometheus-nats-exporter \
-addr ${cfg.listenAddress} \
-port ${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags} \
${cfg.url}
'';
};
};
}

1
nixos/tests/all-tests.nix
View File

@ -777,6 +777,7 @@ in {
redis = handleTest ./redis.nix {};
redmine = handleTest ./redmine.nix {};
restartByActivationScript = handleTest ./restart-by-activation-script.nix {};
restic-rest-server = handleTest ./restic-rest-server.nix {};
restic = handleTest ./restic.nix {};
retroarch = handleTest ./retroarch.nix {};
rkvm = handleTest ./rkvm {};

122
nixos/tests/restic-rest-server.nix Normal file
View File

@ -0,0 +1,122 @@
import ./make-test-python.nix (
{ pkgs, ... }:
let
remoteRepository = "rest:http://restic_rest_server:8001/";
backupPrepareCommand = ''
touch /root/backupPrepareCommand
test ! -e /root/backupCleanupCommand
'';
backupCleanupCommand = ''
rm /root/backupPrepareCommand
touch /root/backupCleanupCommand
'';
testDir = pkgs.stdenvNoCC.mkDerivation {
name = "test-files-to-backup";
unpackPhase = "true";
installPhase = ''
mkdir $out
echo some_file > $out/some_file
echo some_other_file > $out/some_other_file
mkdir $out/a_dir
echo a_file > $out/a_dir/a_file
'';
};
passwordFile = "${pkgs.writeText "password" "correcthorsebatterystaple"}";
paths = [ "/opt" ];
exclude = [ "/opt/excluded_file_*" ];
pruneOpts = [
"--keep-daily 2"
"--keep-weekly 1"
"--keep-monthly 1"
"--keep-yearly 99"
];
in
{
name = "restic-rest-server";
nodes = {
restic_rest_server = {
services.restic.server = {
enable = true;
extraFlags = [ "--no-auth" ];
listenAddress = "8001";
};
networking.firewall.allowedTCPPorts = [ 8001 ];
};
server = {
services.restic.backups = {
remotebackup = {
inherit passwordFile paths exclude pruneOpts backupPrepareCommand backupCleanupCommand;
repository = remoteRepository;
initialize = true;
timerConfig = null; # has no effect here, just checking that it doesn't break the service
};
remoteprune = {
inherit passwordFile;
repository = remoteRepository;
pruneOpts = [ "--keep-last 1" ];
};
};
};
};
testScript = ''
restic_rest_server.start()
server.start()
restic_rest_server.wait_for_unit("restic-rest-server.socket")
restic_rest_server.wait_for_open_port(8001)
server.wait_for_unit("dbus.socket")
server.fail(
"restic-remotebackup snapshots",
)
server.succeed(
# set up
"cp -rT ${testDir} /opt",
"touch /opt/excluded_file_1 /opt/excluded_file_2",
# test that remotebackup runs custom commands and produces a snapshot
"timedatectl set-time '2016-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service",
"rm /root/backupCleanupCommand",
'restic-remotebackup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 1"',
# test that restoring that snapshot produces the same directory
"mkdir /tmp/restore-1",
"restic-remotebackup restore latest -t /tmp/restore-1",
"diff -ru ${testDir} /tmp/restore-1/opt",
# test that we can create four snapshots in remotebackup and rclonebackup
"timedatectl set-time '2017-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service",
"rm /root/backupCleanupCommand",
"timedatectl set-time '2018-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service",
"rm /root/backupCleanupCommand",
"timedatectl set-time '2018-12-14 13:45'",
"systemctl start restic-backups-remotebackup.service",
"rm /root/backupCleanupCommand",
"timedatectl set-time '2018-12-15 13:45'",
"systemctl start restic-backups-remotebackup.service",
"rm /root/backupCleanupCommand",
"timedatectl set-time '2018-12-16 13:45'",
"systemctl start restic-backups-remotebackup.service",
"rm /root/backupCleanupCommand",
'restic-remotebackup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 4"',
# test that remoteprune brings us back to 1 snapshot in remotebackup
"systemctl start restic-backups-remoteprune.service",
'restic-remotebackup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 1"',
)
'';
}
)

10
pkgs/applications/graphics/potreeconverter/default.nix
View File

@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
cmake
];
patchPhase = ''
postPatch = ''
runHook prePatch
substituteInPlace ./CMakeLists.txt \
@ -37,12 +37,12 @@ stdenv.mkDerivation rec {
# prevent inheriting permissions from /nix/store when copying
substituteInPlace Converter/src/main.cpp --replace \
'fs::copy(templateDir, pagedir, fs::copy_options::overwrite_existing | fs::copy_options::recursive)' 'string cmd = "cp --no-preserve=mode -r " + templateDir + " " + pagedir; system(cmd.c_str());'
runHook postPatch
'';
# The upstream build system does not provide an install target.
installPhase = ''
runHook preInstall
mkdir -p $out/{bin,lib}
mv liblaszip.so $out/lib
mv PotreeConverter $out/bin
@ -56,10 +56,8 @@ stdenv.mkDerivation rec {
runHook postInstall
'';
fixupPhase = ''
runHook preFixup
postFixup = ''
ln -s $src/resources $out/bin/resources
runHook postFixup
'';
meta = with lib; {

6
pkgs/by-name/bp/bpftop/package.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "bpftop";
version = "0.4.0";
version = "0.4.1";
src = fetchFromGitHub {
owner = "Netflix";
repo = "bpftop";
rev = "v${version}";
hash = "sha256-N5sszFVU1nMS6QQENa9JcgFKSSWs07bWn6usvV/QmX4=";
hash = "sha256-OLPebPzb2FKiV1Gc8HTK3sXU2UDMyhFA/XLix/lWxgU=";
};
cargoHash = "sha256-yVNql4fSU1HhLKy8HYUbNnMnxgr/gPuqKol5O0ZDQlY=";
cargoHash = "sha256-UYCbNECsos71cwwE5avtaijPaPGhLEU7J9i84wPkObI=";
buildInputs = [
elfutils

1
pkgs/by-name/ch/changelog-d/package.nix
View File

@ -13,6 +13,7 @@ let
haskellModifications =
lib.flip lib.pipe [
addCompletions
haskell.lib.doJailbreak
haskell.lib.justStaticExecutables
];

22
pkgs/by-name/de/dep-scan/package.nix
View File

@ -1,31 +1,27 @@
{ lib
, python3
, fetchFromGitHub
{
lib,
fetchFromGitHub,
python3,
}:
python3.pkgs.buildPythonApplication rec {
pname = "dep-scan";
version = "5.2.14";
version = "5.3.2";
pyproject = true;
src = fetchFromGitHub {
owner = "owasp-dep-scan";
repo = "dep-scan";
rev = "refs/tags/v${version}";
hash = "sha256-G8i/tGEDgjPnIP04nrbx4HseiaU6N1GJGSg78yhaqII=";
hash = "sha256-2WV4f9vHdfnzoQWvwK/+lT9IS0v0sGBqnwDFHWG48G4=";
};
postPatch = ''
substituteInPlace pytest.ini \
--replace-fail " --cov-append --cov-report term --cov depscan" ""
# Already fixed by upstream
substituteInPlace pyproject.toml \
--replace-fail "==5.6.4" ">=5.6.4"
'';
build-system = with python3.pkgs; [
setuptools
];
build-system = with python3.pkgs; [ setuptools ];
dependencies = with python3.pkgs; [
appthreat-vulnerability-db
@ -47,9 +43,7 @@ python3.pkgs.buildPythonApplication rec {
pytestCheckHook
];
pythonImportsCheck = [
"depscan"
];
pythonImportsCheck = [ "depscan" ];
preCheck = ''
export HOME=$(mktemp -d)

14
pkgs/by-name/gu/guix/package.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, fetchpatch
, autoreconfHook
, disarchive
, git
@ -43,6 +44,19 @@ stdenv.mkDerivation rec {
hash = "sha256-Q8dpy/Yy7wVEmsH6SMG6FSwzSUxqvH5HE3u6eyFJ+KQ=";
};
patches = [
(fetchpatch {
name = "CVE-2024-27297_1.patch";
url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143";
hash = "sha256-xKo1h2uckC2pYHt+memekagfL6dWcF8gOnTOOW/wJUU=";
})
(fetchpatch {
name = "CVE-2024-27297_2.patch";
url = "https://git.savannah.gnu.org/cgit/guix.git/patch/?id=ff1251de0bc327ec478fc66a562430fbf35aef42";
hash = "sha256-f4KWDVrvO/oI+4SCUHU5GandkGtHrlaM1BWygM/Qlao=";
})
];
postPatch = ''
sed nix/local.mk -i -E \
-e "s|^sysvinitservicedir = .*$|sysvinitservicedir = $out/etc/init.d|" \

1
pkgs/development/cuda-modules/cudatoolkit/default.nix
View File

@ -237,6 +237,7 @@ backendStdenv.mkDerivation rec {
${lib.optionalString (lib.versionAtLeast version "10.1" && lib.versionOlder version "11") ''
cd pkg/builds/cuda-toolkit
mv * $out/
rm -f $out/nsight-systems-*/host-linux-x64/libstdc++.so*
''}
${lib.optionalString (lib.versionAtLeast version "11") ''
mkdir -p $out/bin $out/lib64 $out/include $doc

4
pkgs/development/interpreters/erlang/24.nix
View File

@ -1,6 +1,6 @@
{ mkDerivation }:
mkDerivation {
version = "24.3.4.16";
sha256 = "sha256-oLfidJPgWTz7AsJz+C4adXnxcow8C/M828os6aB4Z/c=";
version = "24.3.4.17";
sha256 = "sha256-V26pZEyFo+c+ztDDkjDNFK6LTw5xzF8gQYepWGNlGKg=";
}

4
pkgs/development/libraries/ctranslate2/default.nix
View File

@ -24,13 +24,13 @@ let
in
stdenv.mkDerivation rec {
pname = "ctranslate2";
version = "4.1.1";
version = "4.2.0";
src = fetchFromGitHub {
owner = "OpenNMT";
repo = "CTranslate2";
rev = "v${version}";
hash = "sha256-vA1KnHRxIX0lYUfwXTbxjnrrBjFmqp2kwpxBNorVf0Y=";
hash = "sha256-P/aXrzaCF6Rz99Pz9CkpR/FlWXCj04q/4swiAddcwKk=";
fetchSubmodules = true;
};

22
pkgs/development/python-modules/ajsonrpc/default.nix
View File

@ -1,26 +1,36 @@
{ lib, pythonOlder, buildPythonPackage, fetchPypi, pytestCheckHook }:
{
lib,
pythonOlder,
buildPythonPackage,
fetchPypi,
pytestCheckHook,
setuptools,
}:
buildPythonPackage rec {
pname = "ajsonrpc";
version = "1.2.0";
format = "setuptools";
pyproject = true;
disabled = pythonOlder "3.5";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
sha256 = "791bac18f0bf0dee109194644f151cf8b7ff529c4b8d6239ac48104a3251a19f";
hash = "sha256-eRusGPC/De4QkZRkTxUc+Lf/UpxLjWI5rEgQSjJRoZ8=";
};
build-system = [ setuptools ];
nativeCheckInputs = [ pytestCheckHook ];
pythonImportsCheck = [ "ajsonrpc" ];
meta = with lib; {
description = "Async JSON-RPC 2.0 protocol + asyncio server";
mainProgram = "async-json-rpc-server";
description = "Async JSON-RPC 2.0 protocol and asyncio server";
homepage = "https://github.com/pavlov99/ajsonrpc";
changelog = "https://github.com/pavlov99/ajsonrpc/releases/tag/${version}";
license = licenses.mit;
maintainers = with maintainers; [ oxzi ];
mainProgram = "async-json-rpc-server";
};
}

51
pkgs/development/python-modules/appthreat-vulnerability-db/default.nix
View File

@ -1,23 +1,24 @@
{ lib
, appdirs
, buildPythonPackage
, cvss
, fetchFromGitHub
, httpx
, msgpack
, orjson
, packageurl-python
, pytestCheckHook
, pythonOlder
, pythonRelaxDepsHook
, semver
, setuptools
, tabulate
{
lib,
appdirs,
buildPythonPackage,
cvss,
fetchFromGitHub,
httpx,
msgpack,
orjson,
packageurl-python,
pytestCheckHook,
pythonOlder,
pythonRelaxDepsHook,
semver,
setuptools,
tabulate,
}:
buildPythonPackage rec {
pname = "appthreat-vulnerability-db";
version = "5.6.6";
version = "5.6.7";
pyproject = true;
disabled = pythonOlder "3.10";
@ -26,7 +27,7 @@ buildPythonPackage rec {
owner = "AppThreat";
repo = "vulnerability-db";
rev = "refs/tags/v${version}";
hash = "sha256-wVl2C1AG9LbSh/p95fstJyJr6JnhZFIhNvq8mhpg13Q=";
hash = "sha256-/QzK+su+g2ESZ81C0coxKf13WOUVz1GyfJbOrO7fS98=";
};
postPatch = ''
@ -39,13 +40,9 @@ buildPythonPackage rec {
"semver"
];
build-system = [
setuptools
];
build-system = [ setuptools ];
nativeBuildInputs = [
pythonRelaxDepsHook
];
nativeBuildInputs = [ pythonRelaxDepsHook ];
dependencies = [
appdirs
@ -58,9 +55,7 @@ buildPythonPackage rec {
tabulate
] ++ httpx.optional-dependencies.http2;
nativeCheckInputs = [
pytestCheckHook
];
nativeCheckInputs = [ pytestCheckHook ];
preCheck = ''
export HOME=$(mktemp -d);
@ -72,9 +67,7 @@ buildPythonPackage rec {
"test_download_recent"
];
pythonImportsCheck = [
"vdb"
];
pythonImportsCheck = [ "vdb" ];
meta = with lib; {
description = "Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm";

29
pkgs/development/python-modules/apsw/default.nix
View File

@ -1,17 +1,19 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, sqlite
, isPyPy
, python
{
lib,
buildPythonPackage,
fetchFromGitHub,
python,
pythonOlder,
setuptools,
sqlite,
}:
buildPythonPackage rec {
pname = "apsw";
version = "3.45.2.0";
format = "setuptools";
pyproject = true;
disabled = isPyPy;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "rogerbinns";
@ -20,9 +22,9 @@ buildPythonPackage rec {
hash = "sha256-tTi3/10W4OoGH6PQVhvPWc5o09on5BZrWoAvrfh4C/E=";
};
buildInputs = [
sqlite
];
build-system = [ setuptools ];
buildInputs = [ sqlite ];
# Project uses custom test setup to exclude some tests by default, so using pytest
# requires more maintenance
@ -31,13 +33,12 @@ buildPythonPackage rec {
${python.interpreter} setup.py test
'';
pythonImportsCheck = [
"apsw"
];
pythonImportsCheck = [ "apsw" ];
meta = with lib; {
description = "A Python wrapper for the SQLite embedded relational database engine";
homepage = "https://github.com/rogerbinns/apsw";
changelog = "https://github.com/rogerbinns/apsw/releases/tag/${version}";
license = licenses.zlib;
maintainers = with maintainers; [ gador ];
};

4
pkgs/development/python-modules/boto3-stubs/default.nix
View File

@ -365,14 +365,14 @@
buildPythonPackage rec {
pname = "boto3-stubs";
version = "1.34.79";
version = "1.34.81";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-UP1wsnsoa/ennFbbdOdFR5tN8YalggjCFAsyWITOQ+A=";
hash = "sha256-ajcieN11ogwfWJgk4CcshHmuVay6KbRWMfG1h9pkoiM=";
};
nativeBuildInputs = [

51
pkgs/development/python-modules/credstash/default.nix
View File

@ -1,19 +1,36 @@
{ lib, buildPythonPackage, fetchPypi, cryptography, boto3, pyyaml, docutils, pytest, fetchpatch }:
{
lib,
boto3,
buildPythonPackage,
cryptography,
docutils,
fetchFromGitHub,
fetchpatch,
pytestCheckHook,
pythonOlder,
pyyaml,
setuptools,
}:
buildPythonPackage rec {
pname = "credstash";
version = "1.17.1";
format = "setuptools";
pyproject = true;
src = fetchPypi {
inherit pname version;
sha256 = "6c04e8734ef556ab459018da142dd0b244093ef176b3be5583e582e9a797a120";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "fugue";
repo = "credstash";
rev = "refs/tags/v${version}";
hash = "sha256-a6OzffGt5piHgi0AWEXJED0R/+8RETh/9hYJi/lUVu0=";
};
patches = [
# setup_requires -> tests_requires for pytest
(fetchpatch {
url = "https://github.com/fugue/credstash/commit/9c02ee43ed6e37596cafbca2fe80c532ec19d2d8.patch";
sha256 = "dlybrpfLK+PqwWWhH9iXgXHYysZGmcZAFGWNOwsG0xA=";
hash = "sha256-dlybrpfLK+PqwWWhH9iXgXHYysZGmcZAFGWNOwsG0xA=";
})
];
# The install phase puts an executable and a copy of the library it imports in
@ -24,17 +41,29 @@ buildPythonPackage rec {
# file ensures that Python imports the module from site-packages library.
postInstall = "rm $out/bin/credstash.py";
nativeBuildInputs = [ pytest ];
build-system = [ setuptools ];
propagatedBuildInputs = [ cryptography boto3 pyyaml docutils ];
dependencies = [
boto3
cryptography
docutils
pyyaml
];
# No tests in archive
doCheck = false;
nativeBuildInputs = [ pytestCheckHook ];
disabledTestPaths = [
# Tests require a region
"integration_tests/test_credstash_lib.py"
"tests/key_service_test.py"
];
meta = with lib; {
description = "A utility for managing secrets in the cloud using AWS KMS and DynamoDB";
mainProgram = "credstash";
homepage = "https://github.com/LuminalOSS/credstash";
changelog = "https://github.com/fugue/credstash/releases/tag/v${version}";
license = licenses.asl20;
maintainers = with maintainers; [ ];
mainProgram = "credstash";
};
}

37
pkgs/development/python-modules/labelbox/default.nix
View File

@ -15,9 +15,11 @@
, pytestCheckHook
, python-dateutil
, pythonOlder
, pythonRelaxDepsHook
, requests
, setuptools
, shapely
, strenum
, tqdm
, typeguard
, typing-extensions
@ -25,36 +27,49 @@
buildPythonPackage rec {
pname = "labelbox";
version = "3.65";
version = "3.67.0";
pyproject = true;
disabled = pythonOlder "3.7";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "Labelbox";
repo = "labelbox-python";
rev = "refs/tags/v${version}";
hash = "sha256-i0hbVxGrb2C/bMcVPNzaPBxhKm+5r3o1GlToZvIS35k=";
rev = "refs/tags/v.${version}";
hash = "sha256-JQTjmYxPBS8JC4HQTtbQ7hb80LPLYE4OEj1lFA6cZ1Y=";
};
postPatch = ''
substituteInPlace pytest.ini \
--replace "--reruns 5 --reruns-delay 10" ""
--replace-fail "--reruns 2 --reruns-delay 10 --durations=20 -n 10" ""
# disable pytest_plugins which requires `pygeotile`
substituteInPlace tests/conftest.py \
--replace-fail "pytest_plugins" "_pytest_plugins"
'';
nativeBuildInputs = [
pythonRelaxDepsHook
];
pythonRelaxDeps = [
"python-dateutil"
];
build-system = [
setuptools
];
propagatedBuildInputs = [
dependencies = [
google-api-core
pydantic
python-dateutil
requests
strenum
tqdm
];
passthru.optional-dependencies = {
optional-dependencies = {
data = [
shapely
geojson
@ -74,13 +89,7 @@ buildPythonPackage rec {
nbconvert
nbformat
pytestCheckHook
] ++ passthru.optional-dependencies.data;
# disable pytest_plugins which requires `pygeotile`
preCheck = ''
substituteInPlace tests/conftest.py \
--replace "pytest_plugins" "_pytest_plugins"
'';
] ++ optional-dependencies.data;
disabledTestPaths = [
# Requires network access

4
pkgs/development/python-modules/llama-index-vector-stores-qdrant/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "llama-index-vector-stores-qdrant";
version = "0.1.6";
version = "0.2.0";
pyproject = true;
disabled = pythonOlder "3.8";
@ -19,7 +19,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "llama_index_vector_stores_qdrant";
inherit version;
hash = "sha256-MKmtxcHUqF3CzakGNXxvXy3jemoJNbdkCaqrgZ5Rtyo=";
hash = "sha256-eYgp2S4KubjyL0bgaL7nRCyFhvTuLU7c7vjw4tJ+9wA=";
};
build-system = [ poetry-core ];

2
pkgs/development/r-modules/default.nix
View File

@ -563,6 +563,7 @@ let
apsimx = [ pkgs.which ];
cairoDevice = [ pkgs.pkg-config ];
chebpol = [ pkgs.pkg-config ];
eds = [ pkgs.zlib.dev ];
fftw = [ pkgs.pkg-config ];
gdtools = [ pkgs.pkg-config ];
archive = [ pkgs.libarchive];
@ -976,6 +977,7 @@ let
"DuoClustering2018"
"FieldEffectCrc"
"GenomicDistributionsData"
"hpar"
"HDCytoData"
"HMP16SData"
"PANTHER_db"

53
pkgs/development/tools/appthreat-depscan/default.nix
View File

@ -1,53 +0,0 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "appthreat-depscan";
version = "3.6.0";
src = fetchFromGitHub {
owner = "AppThreat";
repo = "dep-scan";
rev = "refs/tags/v${version}";
hash = "sha256-U8vHwdL1O54X0jPhcjTN/J1U7dKQgFEMfc6lbXe2Ff0=";
};
propagatedBuildInputs = with python3.pkgs; [
appthreat-vulnerability-db
defusedxml
pyyaml
rich
];
nativeCheckInputs = with python3.pkgs; [
pytestCheckHook
];
postPatch = ''
substituteInPlace pytest.ini \
--replace " --cov-append --cov-report term --cov depscan" ""
'';
preCheck = ''
export HOME=$(mktemp -d);
'';
disabledTests = [
# Assertion Error
"test_query_metadata2"
];
pythonImportsCheck = [
"depscan"
];
meta = with lib; {
description = "Tool to audit dependencies based on known vulnerabilities and advisories";
homepage = "https://github.com/AppThreat/dep-scan";
changelog = "https://github.com/AppThreat/dep-scan/releases/tag/v${version}";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

19
pkgs/tools/admin/pgadmin/default.nix
View File

@ -9,6 +9,7 @@
, yarn
, prefetch-yarn-deps
, nodejs
, stdenv
, server-mode ? true
}:
@ -44,6 +45,17 @@ let
hash = yarnHash;
};
# don't bother to test kerberos authentication
# skip tests on macOS which fail due to an error in keyring, see https://github.com/NixOS/nixpkgs/issues/281214
skippedTests = builtins.concatStringsSep "," (
[ "browser.tests.test_kerberos_with_mocking" ]
++ lib.optionals stdenv.isDarwin [
"browser.server_groups.servers.tests.test_all_server_get"
"browser.server_groups.servers.tests.test_check_connect"
"browser.server_groups.servers.tests.test_check_ssh_mock_connect"
"browser.server_groups.servers.tests.test_is_password_saved"
]
);
in
pythonPackages.buildPythonApplication rec {
@ -228,9 +240,7 @@ pythonPackages.buildPythonApplication rec {
substituteInPlace regression/runtests.py --replace-fail "builtins.SERVER_MODE = None" "builtins.SERVER_MODE = False"
## Browser test ##
# don't bother to test kerberos authentication
python regression/runtests.py --pkg browser --exclude browser.tests.test_kerberos_with_mocking
python regression/runtests.py --pkg browser --exclude ${skippedTests}
## Reverse engineered SQL test ##
@ -250,7 +260,7 @@ pythonPackages.buildPythonApplication rec {
This should NOT be used in combination with the `pgadmin4-desktopmode` package as they will interfere.
'' else ''
This version is build with SERVER_MODE set to False. It will require access to `~/.pgadmin/`. This version is suitable
for single-user deployment or where access to `/var/lib/pgadmin` cannot be granted or the NixOS module cannot be used.
for single-user deployment or where access to `/var/lib/pgadmin` cannot be granted or the NixOS module cannot be used (e.g. on MacOS).
This should NOT be used in combination with the NixOS module `pgadmin` as they will interfere.
''}
'';
@ -259,5 +269,6 @@ pythonPackages.buildPythonApplication rec {
changelog = "https://www.pgadmin.org/docs/pgadmin4/latest/release_notes_${lib.versions.major version}_${lib.versions.minor version}.html";
maintainers = with maintainers; [ gador ];
mainProgram = "pgadmin4";
platforms = platforms.unix;
};
}

21
pkgs/tools/admin/qovery-cli/default.nix
View File

@ -1,27 +1,26 @@
{ lib
, buildGoModule
, fetchFromGitHub
, installShellFiles
, qovery-cli
, testers
{
lib,
buildGoModule,
fetchFromGitHub,
installShellFiles,
qovery-cli,
testers,
}:
buildGoModule rec {
pname = "qovery-cli";
version = "0.86.2";
version = "0.87.0";
src = fetchFromGitHub {
owner = "Qovery";
repo = "qovery-cli";
rev = "refs/tags/v${version}";
hash = "sha256-AUrN5T6Z4T0WLsBwv/zXb9CSrwGCAV5nh+42MktRxvo=";
hash = "sha256-JUyhVq3xMPV9s4OCfkKgCnSMjztYDPJgS4A+jJOZofE=";
};
vendorHash = "sha256-Lwg3PFmSipaaYtu88c1qI/Ws50TQOqEu4mSuxcpx3zI=";
nativeBuildInputs = [
installShellFiles
];
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
installShellCompletion --cmd ${pname} \

4
pkgs/tools/backup/restic/rest-server.nix
View File

@ -1,4 +1,4 @@
{ lib, buildGoModule, fetchFromGitHub }:
{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
buildGoModule rec {
pname = "restic-rest-server";
@ -13,6 +13,8 @@ buildGoModule rec {
vendorHash = "sha256-tD5ffIYULMBqu99l1xCL0RnLB9zNpwNPs1qVFqezUc8=";
passthru.tests.restic = nixosTests.restic-rest-server;
meta = with lib; {
changelog = "https://github.com/restic/rest-server/blob/${src.rev}/CHANGELOG.md";
description = "A high performance HTTP server that implements restic's REST backend API";

22
pkgs/tools/misc/vector/Cargo.lock generated
View File

@ -1145,7 +1145,7 @@ dependencies = [
"aws-smithy-types",
"bytes 1.5.0",
"fastrand 2.0.1",
"h2 0.3.24",
"h2 0.3.26",
"http 0.2.9",
"http-body 0.4.5",
"hyper 0.14.28",
@ -3747,9 +3747,9 @@ dependencies = [
[[package]]
name = "h2"
version = "0.3.24"
version = "0.3.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9"
checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8"
dependencies = [
"bytes 1.5.0",
"fnv",
@ -3766,9 +3766,9 @@ dependencies = [
[[package]]
name = "h2"
version = "0.4.3"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51ee2dd2e4f378392eeff5d51618cd9a63166a2513846bbc55f21cfacd9199d4"
checksum = "816ec7294445779408f36fe57bc5b7fc1cf59664059096c65f905c1c61f58069"
dependencies = [
"bytes 1.5.0",
"fnv",
@ -4210,14 +4210,14 @@ dependencies = [
"futures-channel",
"futures-core",
"futures-util",
"h2 0.3.24",
"h2 0.3.26",
"http 0.2.9",
"http-body 0.4.5",
"httparse",
"httpdate",
"itoa",
"pin-project-lite",
"socket2 0.5.6",
"socket2 0.4.10",
"tokio",
"tower-service",
"tracing 0.1.40",
@ -7515,7 +7515,7 @@ dependencies = [
"encoding_rs",
"futures-core",
"futures-util",
"h2 0.3.24",
"h2 0.3.26",
"http 0.2.9",
"http-body 0.4.5",
"hyper 0.14.28",
@ -9371,7 +9371,7 @@ dependencies = [
"base64 0.21.7",
"bytes 1.5.0",
"flate2",
"h2 0.3.24",
"h2 0.3.26",
"http 0.2.9",
"http-body 0.4.5",
"hyper 0.14.28",
@ -10017,7 +10017,7 @@ checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
[[package]]
name = "vector"
version = "0.37.0"
version = "0.37.1"
dependencies = [
"apache-avro",
"approx",
@ -10083,7 +10083,7 @@ dependencies = [
"governor",
"greptimedb-client",
"grok",
"h2 0.4.3",
"h2 0.4.4",
"hash_hasher",
"hashbrown 0.14.3",
"headers",

11
pkgs/tools/misc/vector/default.nix
View File

@ -37,7 +37,7 @@
let
pname = "vector";
version = "0.37.0";
version = "0.37.1";
in
rustPlatform.buildRustPackage {
inherit pname version;
@ -46,16 +46,13 @@ rustPlatform.buildRustPackage {
owner = "vectordotdev";
repo = pname;
rev = "v${version}";
hash = "sha256-v93ZsNGoswPpey409V7qKqsBsfRt5pgY5PxGti4MlDg=";
hash = "sha256-wRXwgy+UY2z5fIWpQbDxRti54GE357WMGWXM/xKjz18=";
};
patches = [
# Enable LTO to bring down binary size
(fetchpatch {
name = "vector-20034-lto.patch";
url = "https://patch-diff.githubusercontent.com/raw/vectordotdev/vector/pull/20034.diff";
hash = "sha256-X6YWnW0x5WpKAgyqIaLjKF1F1/G4JgvmNhAHtozXrPQ=";
})
# Adapted from https://github.com/vectordotdev/vector/pull/20034
./vector-lto.patch
];
cargoLock = {

12
pkgs/tools/misc/vector/vector-lto.patch Normal file
View File

@ -0,0 +1,12 @@
--- ./Cargo.toml 2024-04-10 00:01:12.033806583 +0100
+++ ./Cargo.toml 2024-04-10 00:01:48.324228125 +0100
@@ -45,7 +45,8 @@ path = "tests/e2e/mod.rs"
# This results in roughly a 5% reduction in performance when compiling locally vs when
# compiled via the CI pipeline.
[profile.release]
-debug = false # Do not include debug symbols in the executable.
+lto = true
+codegen-units = 1
[profile.bench]
debug = true

4
pkgs/tools/misc/vtm/default.nix
View File

@ -6,13 +6,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "vtm";
version = "0.9.76";
version = "0.9.77";
src = fetchFromGitHub {
owner = "netxs-group";
repo = "vtm";
rev = "v${finalAttrs.version}";
hash = "sha256-F1ia1xyg2/Jnm/lsSn7bKNJ7cXIJuvEhNTEZWiYxGAo=";
hash = "sha256-usY8JvoTtGfA8nnl6w7r1sft8F/19fHeSl9kMWM60i4=";
};
nativeBuildInputs = [

6
pkgs/tools/nix/nixdoc/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "nixdoc";
version = "3.0.2";
version = "3.0.3";
src = fetchFromGitHub {
owner = "nix-community";
repo = "nixdoc";
rev = "v${version}";
sha256 = "sha256-V3MAvbdYk3DL064UYcJE9HmwfQBwpMxVXWiAKX6honA=";
sha256 = "sha256-K4esnYD/fc4i2To9lccoZ5GUgRI75vjzNLMrFSdZzik=";
};
cargoHash = "sha256-RFxTjLiJCEc42Mb8rcayOFHkYk2GfpgsO3+hAaRwHgs=";
cargoHash = "sha256-Ag6n0inWpBJ9U49fJ1JmwpnZdokJ0WS5fnlVBMN7VXM=";
buildInputs = lib.optionals stdenv.isDarwin [ darwin.Security ];

1
pkgs/top-level/aliases.nix
View File

@ -76,6 +76,7 @@ mapAliases ({
ansible_2_13 = throw "Ansible 2.13 goes end of life in 2023/11"; # Added 2023-12-30
apacheAnt_1_9 = throw "Ant 1.9 has been removed since it's not used in nixpkgs anymore"; # Added 2023-11-12
antimicroX = antimicrox; # Added 2021-10-31
appthreat-depscan = dep-scan; # Added 2024-04-10
arcanPackages = throw "arcanPackages was removed and its sub-attributes were promoted to top-level"; # Added 2023-11-26
archiveopteryx = throw "archiveopteryx depended on an unsupported version of OpenSSL and was unmaintained"; # Added 2024-01-03
ardour_6 = throw "ardour_6 has been removed in favor of newer versions"; # Added 2023-10-13

2
pkgs/top-level/all-packages.nix
View File

@ -299,8 +299,6 @@ with pkgs;
melange = callPackage ../development/tools/melange { };
appthreat-depscan = callPackage ../development/tools/appthreat-depscan { };
activate-linux = callPackage ../applications/misc/activate-linux { };
ansi = callPackage ../development/tools/ansi { };