From a35e1694a8970f82ff4fcbd9142cb4960350c0e0 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Sat, 1 Jul 2023 16:29:13 -0700 Subject: [PATCH 01/18] gcc: if isM68k, look for libgcc_s.so.2 (instead of .so.1) Closes #243613 --- pkgs/development/compilers/gcc/common/libgcc.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/gcc/common/libgcc.nix b/pkgs/development/compilers/gcc/common/libgcc.nix index 626b14835c9a..b14d111e361f 100644 --- a/pkgs/development/compilers/gcc/common/libgcc.nix +++ b/pkgs/development/compilers/gcc/common/libgcc.nix @@ -46,6 +46,13 @@ lib.optional (lib.versionAtLeast version "11.0") enableShared ; + # For some reason libgcc_s.so has major-version "2" on m68k but + # "1" everywhere else. Might be worth changing this to "*". + libgcc_s-version-major = + if targetPlatform.isM68k + then "2" + else "1"; + in (pkg: pkg.overrideAttrs (previousAttrs: lib.optionalAttrs ((!langC) || langJit || enableLibGccOutput) { outputs = previousAttrs.outputs ++ lib.optionals enableLibGccOutput [ "libgcc" ]; @@ -75,9 +82,9 @@ in # move libgcc from lib to its own output (libgcc) mkdir -p $libgcc/lib mv $lib/${targetPlatformSlash}lib/libgcc_s.so $libgcc/lib/ - mv $lib/${targetPlatformSlash}lib/libgcc_s.so.1 $libgcc/lib/ + mv $lib/${targetPlatformSlash}lib/libgcc_s.so.${libgcc_s-version-major} $libgcc/lib/ ln -s $libgcc/lib/libgcc_s.so $lib/${targetPlatformSlash}lib/ - ln -s $libgcc/lib/libgcc_s.so.1 $lib/${targetPlatformSlash}lib/ + ln -s $libgcc/lib/libgcc_s.so.${libgcc_s-version-major} $lib/${targetPlatformSlash}lib/ '' # # Nixpkgs ordinarily turns dynamic linking into pseudo-static linking: @@ -134,7 +141,7 @@ in # another eliminates the ability to make these queries. # + '' - patchelf --set-rpath "" $libgcc/lib/libgcc_s.so.1 + patchelf --set-rpath "" $libgcc/lib/libgcc_s.so.${libgcc_s-version-major} ''); })))) From 895c24349c7e715bca41d6718e10fdd782cc0dcc Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Sat, 1 Jul 2023 16:34:00 -0700 Subject: [PATCH 02/18] test.cross.sanity: add pkgs.pkgsCross.m68k.stdenv --- pkgs/test/cross/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/test/cross/default.nix b/pkgs/test/cross/default.nix index f31d6aefbdda..ad2689d5d217 100644 --- a/pkgs/test/cross/default.nix +++ b/pkgs/test/cross/default.nix @@ -134,6 +134,7 @@ let pkgs.pkgsLLVM.stdenv pkgs.pkgsStatic.bash pkgs.pkgsCross.arm-embedded.stdenv + pkgs.pkgsCross.m68k.stdenv pkgs.pkgsCross.aarch64-multiplatform.pkgsBuildTarget.gcc #pkgs.pkgsCross.powernv.pkgsBuildTarget.gcc pkgs.pkgsCross.mips64el-linux-gnuabi64.stdenv From 4d38fa043b5e9d3b5ffd541ac96c5627f92d6ae0 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Tue, 4 Jul 2023 01:21:35 +0200 Subject: [PATCH 03/18] nixos/networkd: support netdev MAC addresses According to systemd.netdev manpage: ``` MACAddress= Specifies the MAC address to use for the device, or takes the special value "none". When "none", systemd-networkd does not request the MAC address for the device, and the kernel will assign a random MAC address. For "tun", "tap", or "l2tp" devices, the MACAddress= setting in the [NetDev] section is not supported and will be ignored. Please specify it in the [Link] section of the corresponding systemd.network(5) file. If this option is not set, "vlan" device inherits the MAC address of the master interface. For other kind of netdevs, if this option is not set, then the MAC address is generated based on the interface name and the machine-id(5). Note, even if "none" is specified, systemd-udevd will assign the persistent MAC address for the device, as 99-default.link has MACAddressPolicy=persistent. So, it is also necessary to create a custom .link file for the device, if the MAC address assignment is not desired. ``` Therefore, `none` is an acceptable value. --- nixos/lib/systemd-lib.nix | 7 ++++++- nixos/modules/system/boot/networkd.nix | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix index eb2bcb9d3b98..61ac04eff288 100644 --- a/nixos/lib/systemd-lib.nix +++ b/nixos/lib/systemd-lib.nix @@ -63,7 +63,12 @@ in rec { assertMacAddress = name: group: attr: optional (attr ? ${name} && ! isMacAddress attr.${name}) - "Systemd ${group} field `${name}' must be a valid mac address."; + "Systemd ${group} field `${name}' must be a valid MAC address."; + + assertNetdevMacAddress = name: group: attr: + optional (attr ? ${name} && (! isMacAddress attr.${name} || attr.${name} != "none")) + "Systemd ${group} field `${name}` must be a valid MAC address or the special value `none`."; + isPort = i: i >= 0 && i <= 65535; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index a7183daf5e0a..9cc3541c9dcf 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -170,7 +170,7 @@ let "batadv" ]) (assertByteFormat "MTUBytes") - (assertMacAddress "MACAddress") + (assertNetdevMacAddress "MACAddress") ]; sectionVLAN = checkUnitConfig "VLAN" [ From faba775beb2f009e6d9fe5bf0861310b569d7ba1 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Tue, 4 Jul 2023 01:53:34 +0200 Subject: [PATCH 04/18] nixos/networkd: support `Independent` flag for VXLAN netdevs According to networkd netdev's manpage: ``` Independent= Takes a boolean. When true, the vxlan interface is created without any underlying network interface. Defaults to false, which means that a .network file that requests this VXLAN interface using VXLAN= is required for the VXLAN to be created. ``` is a valid option for [VXLAN] section. --- nixos/modules/system/boot/networkd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index a7183daf5e0a..d5c17f7a1bb0 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -222,6 +222,7 @@ let "PortRange" "FlowLabel" "IPDoNotFragment" + "Independent" ]) (assertInt "VNI") (assertRange "VNI" 1 16777215) @@ -241,6 +242,7 @@ let (assertInt "FlowLabel") (assertRange "FlowLabel" 0 1048575) (assertValueOneOf "IPDoNotFragment" (boolValues + ["inherit"])) + (assertValueOneOf "Independent" boolValues) ]; sectionTunnel = checkUnitConfig "Tunnel" [ From f4079a45d31bac551b5853ad6f229e27f99a3ad6 Mon Sep 17 00:00:00 2001 From: Euan Kemp Date: Wed, 21 Jun 2023 23:41:56 +0900 Subject: [PATCH 05/18] k3s_1_26: 1.26.5+k3s1 -> 1.26.6+k3s1 --- .../applications/networking/cluster/k3s/1_26/versions.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/cluster/k3s/1_26/versions.nix b/pkgs/applications/networking/cluster/k3s/1_26/versions.nix index 330afe6b092f..799fd3f9b1db 100644 --- a/pkgs/applications/networking/cluster/k3s/1_26/versions.nix +++ b/pkgs/applications/networking/cluster/k3s/1_26/versions.nix @@ -1,8 +1,8 @@ { - k3sVersion = "1.26.5+k3s1"; - k3sCommit = "7cefebeaac7dbdd0bfec131ea7a43a45cb125354"; - k3sRepoSha256 = "0iz8w24lhb3mgwnks79ky4nypdqbjn91zm4nrj1ar3abkb5i8bg3"; - k3sVendorSha256 = "sha256-yPzpt9OZfW7qY9gFgrRVgmk2l9OSMMF85OY79MDCKTs="; + k3sVersion = "1.26.6+k3s1"; + k3sCommit = "3b1919b0d55811707bd1168f0abf11cccc656c26"; + k3sRepoSha256 = "1g82bkq4w0jpfn1fanj1d24bj46rw908wk50p3cm47rqiqlys72y"; + k3sVendorSha256 = "sha256-+a9/q5a28zA9SmAdp2IItHR1MdJvlbMW5796bHTfKBw="; chartVersions = import ./chart-versions.nix; k3sRootVersion = "0.12.2"; k3sRootSha256 = "1gjynvr350qni5mskgm7pcc7alss4gms4jmkiv453vs8mmma9c9k"; From 15259fffeb0cee7e67c3cd87185fc4c24a13d3c0 Mon Sep 17 00:00:00 2001 From: seth Date: Sat, 27 May 2023 15:50:03 -0400 Subject: [PATCH 06/18] cartridges: init at 2.0.4 --- pkgs/applications/misc/cartridges/default.nix | 56 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 58 insertions(+) create mode 100644 pkgs/applications/misc/cartridges/default.nix diff --git a/pkgs/applications/misc/cartridges/default.nix b/pkgs/applications/misc/cartridges/default.nix new file mode 100644 index 000000000000..1c7afb548319 --- /dev/null +++ b/pkgs/applications/misc/cartridges/default.nix @@ -0,0 +1,56 @@ +{ blueprint-compiler +, desktop-file-utils +, fetchFromGitHub +, gobject-introspection +, lib +, libadwaita +, meson +, ninja +, python3 +, stdenv +, wrapGAppsHook4 +}: +stdenv.mkDerivation (finalAttrs: { + pname = "cartridges"; + version = "2.0.4"; + + src = fetchFromGitHub { + owner = "kra-mo"; + repo = "cartridges"; + rev = "v${finalAttrs.version}"; + sha256 = "sha256-DaeAdxgp6/a3H2ppgVxRjYUbHGZcyIeREVPX6FxE7bc="; + }; + + buildInputs = [ + libadwaita + (python3.withPackages (p: with p; [ + pillow + pygobject3 + pyyaml + requests + ])) + ]; + + nativeBuildInputs = [ + blueprint-compiler + desktop-file-utils + gobject-introspection + meson + ninja + wrapGAppsHook4 + ]; + + meta = with lib; { + description = "A GTK4 + Libadwaita game launcher"; + longDescription = '' + A simple game launcher for all of your games. + It has support for importing games from Steam, Lutris, Heroic + and more with no login necessary. + You can sort and hide games or download cover art from SteamGridDB. + ''; + homepage = "https://apps.gnome.org/app/hu.kramo.Cartridges/"; + license = licenses.gpl3Plus; + maintainers = [ maintainers.getchoo ]; + platforms = platforms.linux; + }; +}) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 96bfabf69acf..65d1a4b99b7d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -395,6 +395,8 @@ with pkgs; caroline = callPackage ../development/libraries/caroline { }; + cartridges = callPackage ../applications/misc/cartridges { }; + castget = callPackage ../applications/networking/feedreaders/castget { }; castxml = callPackage ../development/tools/castxml { }; From 28c85e041706f6bbed3b689a4cf7e2eb3022ef61 Mon Sep 17 00:00:00 2001 From: wackbyte Date: Mon, 17 Jul 2023 17:35:21 -0400 Subject: [PATCH 07/18] vscode-extensions.astro-build.astro-vscode: 1.0.6 -> 2.1.1 --- pkgs/applications/editors/vscode/extensions/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index 40ad5f5cdf85..999f27d2bad5 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -326,8 +326,8 @@ let mktplcRef = { name = "astro-vscode"; publisher = "astro-build"; - version = "1.0.6"; - sha256 = "sha256-/gpZtOO8MA/MJ1o9eG4qmPqhWRZ5E+elA9Rr/kpOprI="; + version = "2.1.1"; + sha256 = "sha256-UVZOpkOHbLiwA4VfTgXxuIU8EtJLnqRa5zUVha6xQJY="; }; meta = { changelog = "https://marketplace.visualstudio.com/items/astro-build.astro-vscode/changelog"; From c701855a9b23f09f9c5353305222e86011b068c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 18 Jul 2023 13:43:40 +0200 Subject: [PATCH 08/18] graphite-cli: fix build --- pkgs/development/node-packages/overrides.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/node-packages/overrides.nix b/pkgs/development/node-packages/overrides.nix index c8013fb412a9..c3077c362555 100644 --- a/pkgs/development/node-packages/overrides.nix +++ b/pkgs/development/node-packages/overrides.nix @@ -188,7 +188,8 @@ final: prev: { graphite-cli = prev."@withgraphite/graphite-cli".override { name = "graphite-cli"; - nativeBuildInputs = [ pkgs.installShellFiles ]; + nativeBuildInputs = with pkgs; [ installShellFiles pkg-config ]; + buildInputs = with pkgs; [ cairo pango pixman ]; # 'gt completion' auto-detects zshell from environment variables: # https://github.com/yargs/yargs/blob/2b6ba3139396b2e623aed404293f467f16590039/lib/completion.ts#L45 postInstall = '' From c8a7edcee18af4f98c945e55ff43b5900d88c18a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 18 Jul 2023 18:34:58 +0200 Subject: [PATCH 09/18] nixos/engelsystem: pin php at 8.1 Upstream supports php 8.0/8.1 for the 3.3.0 release. The upgrade to 8.2 caused a type mismatch in carbon. > PHP message: Exception: Code: 0, Message: Carbon\Carbon::setLastErrors(): Argument #1 ($lastErrors) must be of type array, bool given, called in /nix/store/2prnw9qya9kaks2rwvd6fkrz0c7l5ygd-engelsystem-3.3.0/share/engelsystem/vendor/nesbot/carbon/src/Carbon/Traits/Creator.php on line 98, File: vendor/nesbot/carbon/src/Carbon/Traits/Creator.php:928 --- nixos/modules/services/web-apps/engelsystem.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/web-apps/engelsystem.nix b/nixos/modules/services/web-apps/engelsystem.nix index f1d71f174471..138e2f3f1b90 100644 --- a/nixos/modules/services/web-apps/engelsystem.nix +++ b/nixos/modules/services/web-apps/engelsystem.nix @@ -104,6 +104,7 @@ in { ''; services.phpfpm.pools.engelsystem = { + phpPackage = pkgs.php81; user = "engelsystem"; settings = { "listen.owner" = config.services.nginx.user; From 29d53c75294a51b9441cf43dd0a7ef0123e50ba8 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Tue, 18 Jul 2023 22:03:08 +0200 Subject: [PATCH 10/18] botan3: init at 3.1.1 Use the existing generic botan file and add specialization for botan 3. Botan 3 most importantly adds support for TLS 1.3 and PQC algorithms. Introduce Botan 3 in parallel to Botan 2, as it is a major release and e.g. now uses C++20 in contrast to C++11 of Botan 2.9. Signed-off-by: Markus Theil --- pkgs/development/libraries/botan/3.0.nix | 7 +++++++ pkgs/top-level/all-packages.nix | 4 ++++ 2 files changed, 11 insertions(+) create mode 100644 pkgs/development/libraries/botan/3.0.nix diff --git a/pkgs/development/libraries/botan/3.0.nix b/pkgs/development/libraries/botan/3.0.nix new file mode 100644 index 000000000000..bd996d002d80 --- /dev/null +++ b/pkgs/development/libraries/botan/3.0.nix @@ -0,0 +1,7 @@ +{ callPackage, fetchpatch, ... } @ args: + +callPackage ./generic.nix (args // { + baseVersion = "3.1"; + revision = "1"; + sha256 = "sha256-MMhP6RmTapj+9TMfJGxiqiwOTSCFstRREgf2ogr6Oms="; +}) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b38eed7e6f2a..85601972fe81 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20292,6 +20292,10 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) CoreServices Security; }; + botan3 = callPackage ../development/libraries/botan/3.0.nix { + inherit (darwin.apple_sdk.frameworks) CoreServices Security; + }; + box2d = callPackage ../development/libraries/box2d { }; boxfort = callPackage ../development/libraries/boxfort { }; From 45497da716dd3fd431dea6f29ad4cc3fbd064707 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Tue, 18 Jul 2023 22:03:40 +0200 Subject: [PATCH 11/18] botan2: small cleanup The explicit setting of the C++ standard to C++11 was introduced with botan 2.0.1 and is no longer needed. Signed-off-by: Markus Theil --- pkgs/development/libraries/botan/2.0.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix index 52f29287f8ea..e2b4aa880415 100644 --- a/pkgs/development/libraries/botan/2.0.nix +++ b/pkgs/development/libraries/botan/2.0.nix @@ -4,7 +4,4 @@ callPackage ./generic.nix (args // { baseVersion = "2.19"; revision = "3"; sha256 = "sha256-2uBH85nFpH8IfbXT2dno8RrkmF0UySjXHaGv+AGALVU="; - postPatch = '' - sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt - ''; }) From dc7750f637911166f6ca5f03b5ee461c3b11499c Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Wed, 19 Jul 2023 13:10:59 +0200 Subject: [PATCH 12/18] botan3: flag macos as bad platform for now Default clang 11 on MacOS is too old for botan 3, which requires at least clang 14. Signed-off-by: Markus Theil --- pkgs/development/libraries/botan/3.0.nix | 4 +++- pkgs/development/libraries/botan/generic.nix | 6 ++++-- pkgs/top-level/all-packages.nix | 5 ++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/botan/3.0.nix b/pkgs/development/libraries/botan/3.0.nix index bd996d002d80..139c002bb3be 100644 --- a/pkgs/development/libraries/botan/3.0.nix +++ b/pkgs/development/libraries/botan/3.0.nix @@ -1,7 +1,9 @@ -{ callPackage, fetchpatch, ... } @ args: +{ callPackage, fetchpatch, lib, ... } @ args: callPackage ./generic.nix (args // { baseVersion = "3.1"; revision = "1"; sha256 = "sha256-MMhP6RmTapj+9TMfJGxiqiwOTSCFstRREgf2ogr6Oms="; + # reconsider removing this platform marking, when MacOS uses Clang 14.0+ by default. + badPlatforms = lib.platforms.darwin; }) diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix index 8c9c1a88a8b6..239f94c2052f 100644 --- a/pkgs/development/libraries/botan/generic.nix +++ b/pkgs/development/libraries/botan/generic.nix @@ -4,10 +4,11 @@ , sourceExtension ? "tar.xz" , extraConfigureFlags ? "" , extraPatches ? [ ] +, badPlatforms ? [ ] , postPatch ? null , knownVulnerabilities ? [ ] -, CoreServices -, Security +, CoreServices ? null +, Security ? null , ... }: @@ -57,6 +58,7 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ raskin ]; platforms = platforms.unix; license = licenses.bsd2; + inherit badPlatforms; inherit knownVulnerabilities; }; passthru.updateInfo.downloadPage = "http://files.randombit.net/botan/"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 85601972fe81..a70f33a9bb2b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20292,9 +20292,8 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) CoreServices Security; }; - botan3 = callPackage ../development/libraries/botan/3.0.nix { - inherit (darwin.apple_sdk.frameworks) CoreServices Security; - }; + # may add CoreServices and Security again, when MacOS uses Clang 14.0+ by default. + botan3 = callPackage ../development/libraries/botan/3.0.nix { }; box2d = callPackage ../development/libraries/box2d { }; From 8c8ab9ee573d63c7276ea2369d937b39a4f87bc2 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Wed, 19 Jul 2023 13:28:19 +0200 Subject: [PATCH 13/18] botan: add thillux as maintainer Signed-off-by: Markus Theil --- pkgs/development/libraries/botan/generic.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/botan/generic.nix b/pkgs/development/libraries/botan/generic.nix index 239f94c2052f..567f570f71d5 100644 --- a/pkgs/development/libraries/botan/generic.nix +++ b/pkgs/development/libraries/botan/generic.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Cryptographic algorithms library"; - maintainers = with maintainers; [ raskin ]; + maintainers = with maintainers; [ raskin thillux ]; platforms = platforms.unix; license = licenses.bsd2; inherit badPlatforms; From c64b6656722a74467f5d6c53369e2a163b0ad765 Mon Sep 17 00:00:00 2001 From: rewine Date: Wed, 19 Jul 2023 22:05:14 +0800 Subject: [PATCH 14/18] opensbi: 1.3 -> 1.3.1 https://github.com/riscv-software-src/opensbi/compare/v1.3...v1.3.1 --- pkgs/misc/opensbi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/misc/opensbi/default.nix b/pkgs/misc/opensbi/default.nix index dfd5ee9469ed..9178676edc19 100644 --- a/pkgs/misc/opensbi/default.nix +++ b/pkgs/misc/opensbi/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "opensbi"; - version = "1.3"; + version = "1.3.1"; src = fetchFromGitHub { owner = "riscv-software-src"; repo = "opensbi"; rev = "v${version}"; - sha256 = "sha256-Dr16fVUGLYGnGYHkjAyqpJxt8p95F0CJIU9ESGWKGWo="; + hash = "sha256-JNkPvmKYd5xbGB2lsZKWrpI6rBIckWbkLYu98bw7+QY="; }; postPatch = '' From 5fb1e1c3fa0d673f181cd8cac4d8b387f3d208cc Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Wed, 19 Jul 2023 01:14:09 -0500 Subject: [PATCH 15/18] buck2: add generated tag in update.sh script output Signed-off-by: Austin Seipp --- pkgs/development/tools/build-managers/buck2/hashes.json | 3 ++- pkgs/development/tools/build-managers/buck2/update.sh | 7 ++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/pkgs/development/tools/build-managers/buck2/hashes.json b/pkgs/development/tools/build-managers/buck2/hashes.json index 2ac572b0e46f..2f5bf40356f9 100644 --- a/pkgs/development/tools/build-managers/buck2/hashes.json +++ b/pkgs/development/tools/build-managers/buck2/hashes.json @@ -1,4 +1,5 @@ -{ "x86_64-linux": "sha256-xd8MZF1xpVYqEDoL3nUBptiFMn9UkgC+zIgfDkDxwfM=" +{ "_comment": "@generated by pkgs/development/tools/build-managers/buck2/update.sh" +, "x86_64-linux": "sha256-xd8MZF1xpVYqEDoL3nUBptiFMn9UkgC+zIgfDkDxwfM=" , "x86_64-darwin": "sha256-d8GD7SwCM1gcWILkmSLRY7nq2w9+AMxgbGiWwAK0BAo=" , "aarch64-linux": "sha256-zBVgIgQ+tlBUuHwsZB5JmQJtWZ5soKP6//NxkU96xmo=" , "aarch64-darwin": "sha256-jswrwf37/0Rec551mORXYf+s45Nx16OeaRjRS9ROR4E=" diff --git a/pkgs/development/tools/build-managers/buck2/update.sh b/pkgs/development/tools/build-managers/buck2/update.sh index f43d2f5517a7..c10774c15ec0 100755 --- a/pkgs/development/tools/build-managers/buck2/update.sh +++ b/pkgs/development/tools/build-managers/buck2/update.sh @@ -22,16 +22,13 @@ NFILE=pkgs/development/tools/build-managers/buck2/default.nix HFILE=pkgs/development/tools/build-managers/buck2/hashes.json rm -f "$HFILE" && touch "$HFILE" -marker="{" +printf "{ \"_comment\": \"@generated by pkgs/development/tools/build-managers/buck2/update.sh\"\n" >> "$HFILE" for arch in "${ARCHS[@]}"; do IFS=: read -r arch_name arch_target <<< "$arch" sha256hash="$(nix-prefetch-url --type sha256 "https://github.com/facebook/buck2/releases/download/${VERSION}/buck2-${arch_target}.zst")" srihash="$(nix hash to-sri --type sha256 "$sha256hash")" - - echo "${marker} \"$arch_name\": \"$srihash\"" >> "$HFILE" - marker="," + echo ", \"$arch_name\": \"$srihash\"" >> "$HFILE" done - echo "}" >> "$HFILE" sed -i \ From 3ec081d54ebed5f8f308efbc0644f9e65ef297d9 Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Wed, 19 Jul 2023 06:14:35 +0000 Subject: [PATCH 16/18] buck2: unstable-2023-07-15 -> unstable-2023-07-18 Signed-off-by: Austin Seipp --- pkgs/development/tools/build-managers/buck2/default.nix | 2 +- pkgs/development/tools/build-managers/buck2/hashes.json | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/development/tools/build-managers/buck2/default.nix b/pkgs/development/tools/build-managers/buck2/default.nix index 8bbf3d234e32..9a743beb2be1 100644 --- a/pkgs/development/tools/build-managers/buck2/default.nix +++ b/pkgs/development/tools/build-managers/buck2/default.nix @@ -30,7 +30,7 @@ let aarch64-linux = "aarch64-unknown-linux-musl"; }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); - buck2-version = "2023-07-15"; + buck2-version = "2023-07-18"; src = let hashes = builtins.fromJSON (builtins.readFile ./hashes.json); diff --git a/pkgs/development/tools/build-managers/buck2/hashes.json b/pkgs/development/tools/build-managers/buck2/hashes.json index 2f5bf40356f9..3f44cb318aa2 100644 --- a/pkgs/development/tools/build-managers/buck2/hashes.json +++ b/pkgs/development/tools/build-managers/buck2/hashes.json @@ -1,6 +1,6 @@ { "_comment": "@generated by pkgs/development/tools/build-managers/buck2/update.sh" -, "x86_64-linux": "sha256-xd8MZF1xpVYqEDoL3nUBptiFMn9UkgC+zIgfDkDxwfM=" -, "x86_64-darwin": "sha256-d8GD7SwCM1gcWILkmSLRY7nq2w9+AMxgbGiWwAK0BAo=" -, "aarch64-linux": "sha256-zBVgIgQ+tlBUuHwsZB5JmQJtWZ5soKP6//NxkU96xmo=" -, "aarch64-darwin": "sha256-jswrwf37/0Rec551mORXYf+s45Nx16OeaRjRS9ROR4E=" +, "x86_64-linux": "sha256-vYEE1VXzT9qT2ImYYuWPCw/1mTrzngrUzxMBNldaUEo=" +, "x86_64-darwin": "sha256-0S82F2m6CX7ra/uByBuaGMVXP1ECN7Ydi9VEyrxYdTs=" +, "aarch64-linux": "sha256-zghI4zvm/MN8plIB+nuv/tfd8DJ7mEXMc39PW55ieds=" +, "aarch64-darwin": "sha256-euzixGUDb3W9B86HYPAgcNiTu3jxUVULAfNMKkFz5gU=" } From ccb9641855ab3321fbc04a11fb9381acb5e4b479 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 19 Jul 2023 11:51:56 +0200 Subject: [PATCH 17/18] docker: 20.10.23 -> 20.10.25 Fixes CVE-2023-28841, CVE-2023-28840 and CVE-2023-28842. Release notes: https://github.com/moby/moby/releases/tag/v20.10.24 https://github.com/moby/moby/releases/tag/v20.10.25 --- .../applications/virtualization/docker/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 2e62537e21ae..ce5bc9793805 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -272,15 +272,15 @@ rec { # Get revisions from # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/* docker_20_10 = callPackage dockerGen rec { - version = "20.10.23"; + version = "20.10.25"; cliRev = "v${version}"; - cliHash = "sha256-fNaRpstyG90Jzq3+U2A42Jj+ixb+m7tXLioIcsegPbQ="; + cliHash = "sha256-Wi/NHn8erqvKEVEJqkc99cO/sfPHptwMT44Savcuw2M="; mobyRev = "v${version}"; - mobyHash = "sha256-nBPw/M4VC9XeZ9S33HWdWSjY2J2mYpI/TPOzvLjSmJM="; - runcRev = "v1.1.4"; - runcHash = "sha256-ougJHW1Z+qZ324P8WpZqawY1QofKnn8WezP7orzRTdA="; - containerdRev = "v1.6.15"; - containerdHash = "sha256-Vlftq//mLYZPoT2R/lHJA6wLnqiuC+Cpy4lGQC8jCPA="; + mobyHash = "sha256-trJjQMYF/Uog7nvUlELyUYbsTPGz8Rn21v1/V5xhu+A="; + runcRev = "v1.1.5"; + runcHash = "sha256-r5as3hb0zt+XPfxAPeH+YIc/n6IRlscPOZMGfhVE5C4="; + containerdRev = "v1.6.20"; + containerdHash = "sha256-Nd3S6hmvA8LBFUN4XaQJMApbmwGIp6GTnFQimnYagZg="; tiniRev = "v0.19.0"; tiniHash = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI="; }; From c6244cdd0cba75e1aa98e33089baac39bd85cee4 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Thu, 20 Jul 2023 01:34:43 +0200 Subject: [PATCH 18/18] iperf: 3.13 -> 3.14 (#244367) Fixes CVE-2023-38403. https://github.com/esnet/iperf/blob/3.14/RELNOTES.md --- pkgs/tools/networking/iperf/3.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/iperf/3.nix b/pkgs/tools/networking/iperf/3.nix index f201d863b7a3..41323b55d2f5 100644 --- a/pkgs/tools/networking/iperf/3.nix +++ b/pkgs/tools/networking/iperf/3.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "iperf"; - version = "3.13"; + version = "3.14"; src = fetchurl { url = "https://downloads.es.net/pub/iperf/iperf-${version}.tar.gz"; - sha256 = "sha256-vuQnrrE9ai7iIHPyMmH2NxLYK++qg6yMtNtdpMK9yGU="; + hash = "sha256-cj/MQwoCe8aVJij6KjrHdYSh0L0ygnXlc/ybIGwVUAQ="; }; buildInputs = [ openssl ] ++ lib.optionals stdenv.isLinux [ lksctp-tools ]; @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://software.es.net/iperf/"; + homepage = "https://software.es.net/iperf/"; description = "Tool to measure IP bandwidth using UDP or TCP"; platforms = platforms.unix; license = licenses.bsd3;