diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 3a93eb4fd624..d4e91e6a2a0c 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -24,7 +24,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs - uses: korthout/backport-action@e8161d6a0dbfa2651b7daa76cbb75bc7c925bbf3 # v2.4.1 + uses: korthout/backport-action@ef20d86abccbac3ee3a73cb2efbdc06344c390e5 # v2.5.0 with: # Config README: https://github.com/korthout/backport-action#backport-action copy_labels_pattern: 'severity:\ssecurity' diff --git a/doc/build-helpers/fetchers.chapter.md b/doc/build-helpers/fetchers.chapter.md index 65177641a36e..6efe64281e82 100644 --- a/doc/build-helpers/fetchers.chapter.md +++ b/doc/build-helpers/fetchers.chapter.md @@ -157,27 +157,385 @@ Here are security considerations for this scenario: In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content. -## `fetchurl` and `fetchzip` {#fetchurl} +[]{#fetchurl} +## `fetchurl` {#sec-pkgs-fetchers-fetchurl} -Two basic fetchers are `fetchurl` and `fetchzip`. Both of these have two required arguments, a URL and a hash. The hash is typically `hash`, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use `hash`. This hash will be used by Nix to identify your source. A typical usage of `fetchurl` is provided below. +`fetchurl` returns a [fixed-output derivation](https://nixos.org/manual/nix/stable/glossary.html#gloss-fixed-output-derivation) which downloads content from a given URL and stores the unaltered contents within the Nix store. + +It uses {manpage}`curl(1)` internally, and allows its behaviour to be modified by specifying a few attributes in the argument to `fetchurl` (see the documentation for attributes `curlOpts`, `curlOptsList`, and `netrcPhase`). + +The resulting [store path](https://nixos.org/manual/nix/stable/store/store-path) is determined by the hash given to `fetchurl`, and also the `name` (or `pname` and `version`) values. + +If neither `name` nor `pname` and `version` are specified when calling `fetchurl`, it will default to using the [basename](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-baseNameOf) of `url` or the first element of `urls`. +If `pname` and `version` are specified, `fetchurl` will use those values and will ignore `name`, even if it is also specified. + +### Inputs {#sec-pkgs-fetchers-fetchurl-inputs} + +`fetchurl` requires an attribute set with the following attributes: + +`url` (String; _optional_) +: The URL to download from. + + :::{.note} + Either `url` or `urls` must be specified, but not both. + ::: + + All URLs of the format [specified here](https://curl.se/docs/url-syntax.html#rfc-3986-plus) are supported. + + _Default value:_ `""`. + +`urls` (List of String; _optional_) +: A list of URLs, specifying download locations for the same content. + Each URL will be tried in order until one of them succeeds with some content or all of them fail. + See [](#ex-fetchers-fetchurl-nixpkgs-version-multiple-urls) to understand how this attribute affects the behaviour of `fetchurl`. + + :::{.note} + Either `url` or `urls` must be specified, but not both. + ::: + + _Default value:_ `[]`. + +`hash` (String; _optional_) +: Hash of the derivation output of `fetchurl`, following the format for integrity metadata as defined by [SRI](https://www.w3.org/TR/SRI/). + For more information, see [](#chap-pkgs-fetchers-caveats). + + :::{.note} + It is recommended that you use the `hash` attribute instead of the other hash-specific attributes that exist for backwards compatibility. + + If `hash` is not specified, you must specify `outputHash` and `outputHashAlgo`, or one of `sha512`, `sha256`, or `sha1`. + ::: + + _Default value:_ `""`. + +`outputHash` (String; _optional_) +: Hash of the derivation output of `fetchurl` in the format expected by Nix. + See [the documentation on the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-outputHash) for more information about its format. + + :::{.note} + It is recommended that you use the `hash` attribute instead. + + If `outputHash` is specified, you must also specify `outputHashAlgo`. + ::: + + _Default value:_ `""`. + +`outputHashAlgo` (String; _optional_) +: Algorithm used to generate the value specified in `outputHash`. + See [the documentation on the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-outputHashAlgo) for more information about the values it supports. + + :::{.note} + It is recommended that you use the `hash` attribute instead. + + The value specified in `outputHashAlgo` will be ignored if `outputHash` isn't also specified. + ::: + + _Default value:_ `""`. + +`sha1` (String; _optional_) +: SHA-1 hash of the derivation output of `fetchurl` in the format expected by Nix. + See [the documentation on the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-outputHash) for more information about its format. + + :::{.note} + It is recommended that you use the `hash` attribute instead. + ::: + + _Default value:_ `""`. + +`sha256` (String; _optional_) +: SHA-256 hash of the derivation output of `fetchurl` in the format expected by Nix. + See [the documentation on the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-outputHash) for more information about its format. + + :::{.note} + It is recommended that you use the `hash` attribute instead. + ::: + + _Default value:_ `""`. + +`sha512` (String; _optional_) +: SHA-512 hash of the derivation output of `fetchurl` in the format expected by Nix. + See [the documentation on the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-outputHash) for more information about its format. + + :::{.note} + It is recommended that you use the `hash` attribute instead. + ::: + + _Default value:_ `""`. + +`name` (String; _optional_) +: The symbolic name of the downloaded file when saved in the Nix store. + See [the `fetchurl` overview](#sec-pkgs-fetchers-fetchurl) for details on how the name of the file is decided. + + _Default value:_ `""`. + +`pname` (String; _optional_) +: A base name, which will be combined with `version` to form the symbolic name of the downloaded file when saved in the Nix store. + See [the `fetchurl` overview](#sec-pkgs-fetchers-fetchurl) for details on how the name of the file is decided. + + :::{.note} + If `pname` is specified, you must also specify `version`, otherwise `fetchurl` will ignore the value of `pname`. + ::: + + _Default value:_ `""`. + +`version` (String; _optional_) +: A version, which will be combined with `pname` to form the symbolic name of the downloaded file when saved in the Nix store. + See [the `fetchurl` overview](#sec-pkgs-fetchers-fetchurl) for details on how the name of the file is decided. + + _Default value:_ `""`. + +`recursiveHash` (Boolean; _optional_) +: If set to `true`, will signal to Nix that the hash given to `fetchurl` was calculated using the `"recursive"` mode. + See [the documentation on the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-outputHashMode) for more information about the existing modes. + + By default, `fetchurl` uses `"recursive"` mode when the `executable` attribute is set to `true`, so you don't need to specify `recursiveHash` in this case. + + _Default value:_ `false`. + +`executable` (Boolean; _optional_) +: If `true`, sets the executable bit on the downloaded file. + + _Default value_: `false`. + +`downloadToTemp` (Boolean; _optional_) +: If `true`, saves the downloaded file to a temporary location instead of the expected Nix store location. + This is useful when used in conjunction with `postFetch` attribute, otherwise `fetchurl` will not produce any meaningful output. + + The location of the downloaded file will be set in the `$downloadedFile` variable, which should be used by the script in the `postFetch` attribute. + See [](#ex-fetchers-fetchurl-nixpkgs-version-postfetch) to understand how to work with this attribute. + + _Default value:_ `false`. + +`postFetch` (String; _optional_) +: Script executed after the file has been downloaded successfully, and before `fetchurl` finishes running. + Useful for post-processing, to check or transform the file in some way. + See [](#ex-fetchers-fetchurl-nixpkgs-version-postfetch) to understand how to work with this attribute. + + _Default value:_ `""`. + +`netrcPhase` (String or Null; _optional_) +: Script executed to create a {manpage}`netrc(5)` file to be used with {manpage}`curl(1)`. + The script should create the `netrc` file (note that it does not begin with a ".") in the directory it's currently running in (`$PWD`). + + The script is executed during the setup done by `fetchurl` before it runs any of its code to download the specified content. + + :::{.note} + If specified, `fetchurl` will automatically alter its invocation of {manpage}`curl(1)` to use the `netrc` file, so you don't need to add anything to `curlOpts` or `curlOptsList`. + ::: + + :::{.caution} + Since `netrcPhase` needs to be specified in your source Nix code, any secrets that you put directly in it will be world-readable by design (both in your source code, and when the derivation gets created in the Nix store). + + If you want to avoid this behaviour, see the documentation of `netrcImpureEnvVars` for an alternative way of dealing with these secrets. + ::: + + _Default value_: `null`. + +`netrcImpureEnvVars` (List of String; _optional_) +: If specified, `fetchurl` will add these environment variable names to the list of [impure environment variables](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-impureEnvVars), which will be passed from the environment of the calling user to the builder running the `fetchurl` code. + + This is useful when used with `netrcPhase` to hide any secrets that are used in it, because the script in `netrcPhase` only needs to reference the environment variables with the secrets in them instead. + However, note that these are called _impure_ variables for a reason: + the environment that starts the build needs to have these variables declared for everything to work properly, which means that additional setup is required outside what Nix controls. + + _Default value:_ `[]`. + +`curlOpts` (String; _optional_) +: If specified, this value will be appended to the invocation of {manpage}`curl(1)` when downloading the URL(s) given to `fetchurl`. + Multiple arguments can be separated by spaces normally, but values with whitespaces will be interpreted as multiple arguments (instead of a single value), even if the value is escaped. + See `curlOptsList` for a way to pass values with whitespaces in them. + + _Default value:_ `""`. + +`curlOptsList` (List of String; _optional_) +: If specified, each element of this list will be passed as an argument to the invocation of {manpage}`curl(1)` when downloading the URL(s) given to `fetchurl`. + This allows passing values that contain spaces, with no escaping needed. + + _Default value:_ `[]`. + +`showURLs` (Boolean; _optional_) +: If set to `true`, this will stop `fetchurl` from downloading anything at all. + Instead, it will output a list of all the URLs it would've used to download the content (after resolving `mirror://` URLs, for example). + This is useful for debugging. + + _Default value:_ `false`. + +`meta` (Attribute Set; _optional_) +: Specifies any [meta-attributes](#chap-meta) for the derivation returned by `fetchurl`. + + _Default value:_ `{}`. + +`passthru` (Attribute Set; _optional_) +: Specifies any extra [passthru](#var-stdenv-passthru) attributes for the derivation returned by `fetchurl`. + Note that `fetchurl` defines [passthru attributes of its own](#ssec-pkgs-fetchers-fetchurl-passthru-outputs). + Attributes specified in `passthru` can override the default attributes returned by `fetchurl`. + + _Default value:_ `{}`. + +`preferLocalBuild` (Boolean; _optional_) +: This is the same attribute as [defined in the Nix manual](https://nixos.org/manual/nix/stable/language/advanced-attributes.html#adv-attr-preferLocalBuild). + It is `true` by default because making a remote machine download the content just duplicates network traffic (since the local machine might download the results from the derivation anyway), but this could be useful in cases where network access is restricted on local machines. + + _Default value:_ `true`. + +`nativeBuildInputs` (List of Attribute Set; _optional_) +: Additional packages needed to download the content. + This is useful if you need extra packages for `postFetch` or `netrcPhase`, for example. + Has the same semantics as in [](#var-stdenv-nativeBuildInputs). + See [](#ex-fetchers-fetchurl-nixpkgs-version-postfetch) to understand how this can be used with `postFetch`. + + _Default value:_ `[]`. + +### Passthru outputs {#ssec-pkgs-fetchers-fetchurl-passthru-outputs} + +`fetchurl` also defines its own [`passthru`](#var-stdenv-passthru) attributes: + +`url` (String) + +: The same `url` attribute passed in the argument to `fetchurl`. + +### Examples {#ssec-pkgs-fetchers-fetchurl-examples} + +:::{.example #ex-fetchers-fetchurl-nixpkgs-version} +# Using `fetchurl` to download a file + +The following package downloads a small file from a URL and shows the most common way to use `fetchurl`: ```nix -{ stdenv, fetchurl }: - -stdenv.mkDerivation { - name = "hello"; - src = fetchurl { - url = "http://www.example.org/hello.tar.gz"; - hash = "sha256-BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB="; - }; +{ fetchurl }: +fetchurl { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version"; + hash = "sha256-BZqI7r0MNP29yGH5+yW2tjU9OOpOCEvwWKrWCv5CQ0I="; } ``` -The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand, will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball. +After building the package, the file will be downloaded and place into the Nix store: -Additional parameters to `fetchurl`: -- `downloadToTemp`: Defaults to `false`. If `true`, saves the source to `$downloadedFile`, to be used in conjunction with `postFetch` -- `postFetch`: Shell code executed after the file has been fetched successfully. Use it for postprocessing, to check or transform the file. +```shell +$ nix-build +(output removed for clarity) +/nix/store/4g9y3x851wqrvim4zcz5x2v3zivmsq8n-version + +$ cat /nix/store/4g9y3x851wqrvim4zcz5x2v3zivmsq8n-version +23.11 +``` +::: + +:::{.example #ex-fetchers-fetchurl-nixpkgs-version-multiple-urls} +# Using `fetchurl` to download a file with multiple possible URLs + +The following package adapts [](#ex-fetchers-fetchurl-nixpkgs-version) to use multiple URLs. +The first URL was crafted to intentionally return an error to illustrate how `fetchurl` will try multiple URLs until it finds one that works (or all URLs fail). + +```nix +{ fetchurl }: +fetchurl { + urls = [ + "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/does-not-exist" + "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version" + ]; + hash = "sha256-BZqI7r0MNP29yGH5+yW2tjU9OOpOCEvwWKrWCv5CQ0I="; +} +``` + +After building the package, both URLs will be used to download the file: + +```shell +$ nix-build +(some output removed for clarity) +trying https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/does-not-exist +(some output removed for clarity) +curl: (22) The requested URL returned error: 404 + +trying https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version +(some output removed for clarity) +/nix/store/n9asny31z32q7sdw6a8r1gllrsfy53kl-does-not-exist + +$ cat /nix/store/n9asny31z32q7sdw6a8r1gllrsfy53kl-does-not-exist +23.11 +``` + +However, note that the name of the file was derived from the first URL (this is further explained in [the `fetchurl` overview](#sec-pkgs-fetchers-fetchurl)). +To ensure the result will have the same name regardless of which URLs are used, we can modify the package: + +```nix +{ fetchurl }: +fetchurl { + name = "nixpkgs-version"; + urls = [ + "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/does-not-exist" + "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version" + ]; + hash = "sha256-BZqI7r0MNP29yGH5+yW2tjU9OOpOCEvwWKrWCv5CQ0I="; +} +``` + +After building the package, the result will have the name we specified: + +```shell +$ nix-build +(output removed for clarity) +/nix/store/zczb6wl3al6jm9sm5h3pr6nqn0i5ji9z-nixpkgs-version +``` +::: + +:::{.example #ex-fetchers-fetchurl-nixpkgs-version-postfetch} +# Manipulating the content downloaded by `fetchurl` + +It might be useful to manipulate the content downloaded by `fetchurl` directly in its derivation. +In this example, we'll adapt [](#ex-fetchers-fetchurl-nixpkgs-version) to append the result of running the `hello` package to the contents we download, purely to illustrate how to manipulate the content. + +```nix +{ fetchurl, hello, lib }: +fetchurl { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version"; + + nativeBuildInputs = [ hello ]; + + downloadToTemp = true; + postFetch = '' + ${lib.getExe hello} >> $downloadedFile + mv $downloadedFile $out + ''; + + hash = "sha256-ceooQQYmDx5+0nfg40uU3NNI2yKrixP7HZ/xLZUNv+w="; +} +``` + +After building the package, the resulting file will have "Hello, world!" appended to it: + +```shell +$ nix-build +(output removed for clarity) +/nix/store/ifi6pp7q0ag5h7c5v9h1c1c7bhd10c7f-version + +$ cat /nix/store/ifi6pp7q0ag5h7c5v9h1c1c7bhd10c7f-version +23.11 +Hello, world! +``` + +Note that the `hash` specified in the package is different than the hash specified in [](#ex-fetchers-fetchurl-nixpkgs-version), because the contents of the output have changed (even though the actual file that was downloaded is the same). +See [](#chap-pkgs-fetchers-caveats) for more details on how to work with the `hash` attribute when the output changes. +::: + +## `fetchzip` {#sec-pkgs-fetchers-fetchzip} + +Downloads content from a given URL (which is assumed to be an archive), and decompresses the archive for you, making files and directories directly accessible. +`fetchzip` can only be used with archives. +Despite its name, `fetchzip` is not limited to `.zip` files and can also be used with any tarball. + +It has two required arguments, a URL and a hash. +The hash is typically `hash`, although many more hash algorithms are supported. +Nixpkgs contributors are currently recommended to use `hash`. +This hash will be used by Nix to identify your source. +A typical usage of `fetchzip` is provided below. + +```nix +{ fetchzip }: +fetchzip { + url = "https://github.com/NixOS/patchelf/releases/download/0.18.0/patchelf-0.18.0.tar.gz"; + hash = "sha256-3ABYlME9R8klcpJ7MQpyFEFwHmxDDEzIYBqu/CpDYmg="; +} +``` ## `fetchpatch` {#fetchpatch} diff --git a/doc/style.css b/doc/style.css index fddf4f4823c7..5bc587a6ee30 100644 --- a/doc/style.css +++ b/doc/style.css @@ -347,6 +347,22 @@ div.appendix div.example { margin-top: 1.5em; } +div.book div.example details, +div.appendix div.example details { + padding: 5px; +} + +div.book div.example details[open], +div.appendix div.example details[open] { + border: 1px solid #aaa; + border-radius: 4px; +} + +div.book div.example details>summary, +div.appendix div.example details>summary { + cursor: pointer; +} + div.book br.example-break, div.appendix br.example-break { display: none; @@ -414,3 +430,12 @@ div.appendix .informaltable th, div.appendix .informaltable td { padding: 0.5rem; } + +/* + This relies on highlight.js applying certain classes on the prompts. + For more details, see https://highlightjs.readthedocs.io/en/latest/css-classes-reference.html#stylable-scopes +*/ +.hljs-meta.prompt_ { + user-select: none; + -webkit-user-select: none; +} diff --git a/lib/deprecated.nix b/lib/deprecated.nix index b76622b5d842..d556bccbec0b 100644 --- a/lib/deprecated.nix +++ b/lib/deprecated.nix @@ -314,12 +314,13 @@ let else if isInt x then "int" else "string"; - /* deprecated: + /** + # Deprecated - For historical reasons, imap has an index starting at 1. + For historical reasons, imap has an index starting at 1. - But for consistency with the rest of the library we want an index - starting at zero. + But for consistency with the rest of the library we want an index + starting at zero. */ imap = imap1; diff --git a/lib/kernel.nix b/lib/kernel.nix index 7391f9e5d079..d03d0103a678 100644 --- a/lib/kernel.nix +++ b/lib/kernel.nix @@ -16,9 +16,8 @@ in unset = { tristate = null; optional = false; }; freeform = x: { freeform = x; optional = false; }; - /* - Common patterns/legacy used in common-config/hardened/config.nix - */ + + # Common patterns/legacy used in common-config/hardened/config.nix whenHelpers = version: { whenAtLeast = ver: mkIf (versionAtLeast version ver); whenOlder = ver: mkIf (versionOlder version ver); diff --git a/lib/systems/default.nix b/lib/systems/default.nix index 83ed32ed3275..7e9aadeef72e 100644 --- a/lib/systems/default.nix +++ b/lib/systems/default.nix @@ -27,7 +27,7 @@ let examples = import ./examples.nix { inherit lib; }; architectures = import ./architectures.nix { inherit lib; }; - /* + /** Elaborated systems contain functions, which means that they don't satisfy `==` for a lack of reflexivity. @@ -45,10 +45,13 @@ let let removeFunctions = a: filterAttrs (_: v: !isFunction v) a; in a: b: removeFunctions a == removeFunctions b; - /* List of all Nix system doubles the nixpkgs flake will expose the package set - for. All systems listed here must be supported by nixpkgs as `localSystem`. + /** + List of all Nix system doubles the nixpkgs flake will expose the package set + for. All systems listed here must be supported by nixpkgs as `localSystem`. - **Warning**: This attribute is considered experimental and is subject to change. + :::{.warning} + This attribute is considered experimental and is subject to change. + ::: */ flakeExposed = import ./flake-systems.nix { }; diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix index 3cb96c1b68bc..da5e32297509 100644 --- a/lib/tests/misc.nix +++ b/lib/tests/misc.nix @@ -1,17 +1,21 @@ -/* -Nix evaluation tests for various lib functions. +/** + Nix evaluation tests for various lib functions. -Since these tests are implemented with Nix evaluation, error checking is limited to what `builtins.tryEval` can detect, which is `throw`'s and `abort`'s, without error messages. -If you need to test error messages or more complex evaluations, see ./modules.sh, ./sources.sh or ./filesystem.sh as examples. + Since these tests are implemented with Nix evaluation, + error checking is limited to what `builtins.tryEval` can detect, + which is `throw`'s and `abort`'s, without error messages. -To run these tests: + If you need to test error messages or more complex evaluations, see + `lib/tests/modules.sh`, `lib/tests/sources.sh` or `lib/tests/filesystem.sh` as examples. - [nixpkgs]$ nix-instantiate --eval --strict lib/tests/misc.nix + To run these tests: -If the resulting list is empty, all tests passed. -Alternatively, to run all `lib` tests: + [nixpkgs]$ nix-instantiate --eval --strict lib/tests/misc.nix - [nixpkgs]$ nix-build lib/tests/release.nix + If the resulting list is empty, all tests passed. + Alternatively, to run all `lib` tests: + + [nixpkgs]$ nix-build lib/tests/release.nix */ let @@ -199,10 +203,10 @@ runTests { }; /* - testOr = { - expr = or true false; - expected = true; - }; + testOr = { + expr = or true false; + expected = true; + }; */ testAnd = { @@ -1297,7 +1301,7 @@ runTests { ''; }; - /* right now only invocation check */ + # right now only invocation check testToJSONSimple = let val = { foobar = [ "baz" 1 2 3 ]; @@ -1308,7 +1312,7 @@ runTests { expected = builtins.toJSON val; }; - /* right now only invocation check */ + # right now only invocation check testToYAMLSimple = let val = { list = [ { one = 1; } { two = 2; } ]; diff --git a/lib/tests/modules/doRename-condition.nix b/lib/tests/modules/doRename-condition.nix index c08b3035be6f..176c21a01a17 100644 --- a/lib/tests/modules/doRename-condition.nix +++ b/lib/tests/modules/doRename-condition.nix @@ -1,4 +1,4 @@ -/* +/** Simulate a migration from a single-instance `services.foo` to a multi instance `services.foos.` module, where `name = ""` serves as the legacy / compatibility instance. @@ -10,7 +10,7 @@ The relevant scenarios are tested in separate files: - ./doRename-condition-enable.nix - ./doRename-condition-no-enable.nix - */ +*/ { config, lib, ... }: let inherit (lib) mkOption mkEnableOption types doRename; diff --git a/lib/types.nix b/lib/types.nix index 12bf18633e3a..e9bc939478c5 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -328,15 +328,24 @@ rec { "signedInt${toString bit}" "${toString bit} bit signed integer"; in { - /* An int with a fixed range. - * - * Example: - * (ints.between 0 100).check (-1) - * => false - * (ints.between 0 100).check (101) - * => false - * (ints.between 0 0).check 0 - * => true + # TODO: Deduplicate with docs in nixos/doc/manual/development/option-types.section.md + /** + An int with a fixed range. + + # Example + :::{.example} + ## `lib.types.ints.between` usage example + + ```nix + (ints.between 0 100).check (-1) + => false + (ints.between 0 100).check (101) + => false + (ints.between 0 0).check 0 + => true + ``` + + ::: */ inherit between; diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 3685f696ee86..c669273ef8de 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -208,6 +208,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` where the file `secret_file` contains the string `mysecret`. +- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading + to another signature algorithm. It is however possible, for the time being, to restore the DSA keys support using `override` to set `dsaKeysSupport = true`. + - `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias. - Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 6aa9445eab65..e2e0a981ca92 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -163,9 +163,9 @@ in }; options = mkOption { - type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" ]); + type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" "MAIL" "NOMAIL" "FOLLOW" "NOFLLOW" "INTERCEPT" "NOINTERCEPT"]); description = mdDoc '' - Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/man/1.7.10/sudoers.man.html). + Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/docs/man/1.9.15/sudoers.man/#Tag_Spec). ''; default = []; }; diff --git a/nixos/modules/services/misc/mbpfan.nix b/nixos/modules/services/misc/mbpfan.nix index ef56ea49d1a9..69f6331169f7 100644 --- a/nixos/modules/services/misc/mbpfan.nix +++ b/nixos/modules/services/misc/mbpfan.nix @@ -4,14 +4,13 @@ with lib; let cfg = config.services.mbpfan; verbose = optionalString cfg.verbose "v"; - settingsFormat = pkgs.formats.ini {}; - settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings; + format = pkgs.formats.ini {}; + cfgfile = format.generate "mbpfan.ini" cfg.settings; in { options.services.mbpfan = { enable = mkEnableOption (lib.mdDoc "mbpfan, fan controller daemon for Apple Macs and MacBooks"); - - package = mkPackageOption pkgs "mbpfan" { }; + package = mkPackageOption pkgs "mbpfan" {}; verbose = mkOption { type = types.bool; @@ -29,7 +28,7 @@ in { default = {}; description = lib.mdDoc "INI configuration for Mbpfan."; type = types.submodule { - freeformType = settingsFormat.type; + freeformType = format.type; options.general.low_temp = mkOption { type = types.int; @@ -70,12 +69,12 @@ in { config = mkIf cfg.enable { boot.kernelModules = [ "coretemp" "applesmc" ]; environment.systemPackages = [ cfg.package ]; - environment.etc."mbpfan.conf".source = settingsFile; + environment.etc."mbpfan.conf".source = cfgfile; systemd.services.mbpfan = { description = "A fan manager daemon for MacBook Pro"; wantedBy = [ "sysinit.target" ]; - after = [ "syslog.target" "sysinit.target" ]; + after = [ "sysinit.target" ]; restartTriggers = [ config.environment.etc."mbpfan.conf".source ]; serviceConfig = { diff --git a/pkgs/applications/editors/android-studio/default.nix b/pkgs/applications/editors/android-studio/default.nix index 86a93df500b1..209ed4003fc8 100644 --- a/pkgs/applications/editors/android-studio/default.nix +++ b/pkgs/applications/editors/android-studio/default.nix @@ -14,12 +14,12 @@ let sha256Hash = "sha256-ACZCdXKEnJy7DJTW+XGOoIvDRdzP47NytUEAqV//mbU="; }; betaVersion = { - version = "2023.3.1.14"; # "Android Studio Jellyfish | 2023.3.1.1 Beta 1" - sha256Hash = "sha256-2p/WwH6yPAMwUSJ5NrWvJBZG395eS9UgApFr/CB1fUo="; + version = "2023.3.1.15"; # "Android Studio Jellyfish | 2023.3.1.1 Beta 2" + sha256Hash = "sha256-ImXHda8Xbayuk+OMZVtAFsGNnaqm2PvI3lko2gUpIeU="; }; latestVersion = { - version = "2023.3.2.2"; # "Android Studio Koala | 2023.3.2 Canary 2" - sha256Hash = "sha256-KrCNkKFyOUE2q2b1wjvmn3E5IedAp1kFKII+70i1Wwk="; + version = "2024.1.1.1"; # "Android Studio Koala | 2024.1.1 Canary 3" + sha256Hash = "sha256-QNAudFlM+1QAZg+EYgiIknllai4N1wj55ZnkUWho7ps="; }; in { # Attributes are named by their corresponding release channels diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index bfbe731d000e..d2ad3d2c9e1d 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -4260,8 +4260,8 @@ let mktplcRef = { name = "shellcheck"; publisher = "timonwong"; - version = "0.26.3"; - sha256 = "GlyOLc2VrRnA50MkaG83qa0yLUyJYwueqEO+ZeAStYs="; + version = "0.37.0"; + sha256 = "1d0blynn6c2hz4y9fk7b5wsa3x168gxyycr5d05zqp0rx520m5wc"; }; nativeBuildInputs = [ jq moreutils ]; postInstall = '' @@ -4269,7 +4269,11 @@ let jq '.contributes.configuration.properties."shellcheck.executablePath".default = "${shellcheck}/bin/shellcheck"' package.json | sponge package.json ''; meta = { + description = "Integrates ShellCheck into VS Code, a linter for Shell scripts"; + downloadPage = "https://marketplace.visualstudio.com/items?itemName=timonwong.shellcheck"; + homepage = "https://github.com/vscode-shellcheck/vscode-shellcheck"; license = lib.licenses.mit; + maintainers = [ lib.maintainers.raroh73 ]; }; }; diff --git a/pkgs/applications/misc/typioca/default.nix b/pkgs/applications/misc/typioca/default.nix index 70becdc143bd..cb7f92d08f36 100644 --- a/pkgs/applications/misc/typioca/default.nix +++ b/pkgs/applications/misc/typioca/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "typioca"; - version = "2.10.0"; + version = "2.11.2"; src = fetchFromGitHub { owner = "bloznelis"; repo = "typioca"; rev = version; - hash = "sha256-D6I1r+8cvUerqXR2VyBL33lapWAs5Cl5yvYOsmUBnHo="; + hash = "sha256-LpQHdqvqAj3gqyvsD58Jhu4GkeJ/R7EjKo7YG7/mmJk="; }; - vendorHash = "sha256-j/nyAHNwUoNkcdNJqcaUuhQk5a2VHQw/XgYIoTR9ctQ="; + vendorHash = "sha256-lpeceY6ErcxCGKrwVuW19ofsXyfXsJgKGThWKswRTis="; ldflags = [ "-s" diff --git a/pkgs/applications/office/planify/default.nix b/pkgs/applications/office/planify/default.nix index d01e0c45c948..ff8138525328 100644 --- a/pkgs/applications/office/planify/default.nix +++ b/pkgs/applications/office/planify/default.nix @@ -27,13 +27,13 @@ stdenv.mkDerivation rec { pname = "planify"; - version = "4.5.11"; + version = "4.5.12"; src = fetchFromGitHub { owner = "alainm23"; repo = "planify"; rev = version; - hash = "sha256-LMN+1ORp44uWVqzw1sjiZzx81s9l2msPFM3+sJ7qw8U="; + hash = "sha256-Aj2kvffLl8vEqzirAy45E+jGB9iRp2mSYq0YWJ3nrj8="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/version-management/jujutsu/default.nix b/pkgs/applications/version-management/jujutsu/default.nix index b6b4bd8e8e41..8b5580650b32 100644 --- a/pkgs/applications/version-management/jujutsu/default.nix +++ b/pkgs/applications/version-management/jujutsu/default.nix @@ -19,16 +19,16 @@ rustPlatform.buildRustPackage rec { pname = "jujutsu"; - version = "0.15.1"; + version = "0.16.0"; src = fetchFromGitHub { owner = "martinvonz"; repo = "jj"; rev = "v${version}"; - hash = "sha256-yppQIffjpyQ2nqhiZbV2pSMQJx8srmHjAk+UClCQfRw="; + hash = "sha256-7bMyboF1JG/roFgo3cusYTi7qd2a6W+u1RJHgoBXNL0="; }; - cargoHash = "sha256-2BmKC8DaOdD/THchImmGqplhDrHQHEMyWORWnE2ygSM="; + cargoHash = "sha256-nPBHIUBm4bQLuj93kE8CUfzA34uUyapVjswz9FFCiTk="; cargoBuildFlags = [ "--bin" "jj" ]; # don't install the fake editors useNextest = false; # nextest is the upstream integration framework, but is problematic for test skipping diff --git a/pkgs/by-name/_6/_64gram/package.nix b/pkgs/by-name/_6/_64gram/package.nix index 235281f269b0..58f6816bc027 100644 --- a/pkgs/by-name/_6/_64gram/package.nix +++ b/pkgs/by-name/_6/_64gram/package.nix @@ -6,7 +6,7 @@ telegram-desktop.overrideAttrs (old: rec { pname = "64gram"; - version = "1.1.15"; + version = "1.1.16"; src = fetchFromGitHub { owner = "TDesktop-x64"; @@ -14,7 +14,7 @@ telegram-desktop.overrideAttrs (old: rec { rev = "v${version}"; fetchSubmodules = true; - hash = "sha256-3HLRv8RTyyfnjMF7w+euSOj6SbxlxOuczap5Nlizsvg="; + hash = "sha256-2IuNJleHtlkELcTHDwRT4pcDcDXSqM5YlLPGYiGT2TE="; }; meta = with lib; { diff --git a/pkgs/by-name/an/anyrun/package.nix b/pkgs/by-name/an/anyrun/package.nix new file mode 100644 index 000000000000..8d0ee80d7e8a --- /dev/null +++ b/pkgs/by-name/an/anyrun/package.nix @@ -0,0 +1,74 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, pkg-config +, wrapGAppsHook +, atk +, cairo +, gdk-pixbuf +, glib +, gtk3 +, pango +, stdenv +, darwin +, wayland +, gtk-layer-shell +, unstableGitUpdater +}: + +rustPlatform.buildRustPackage rec { + pname = "anyrun"; + version = "0-unstable-2023-12-01"; + + src = fetchFromGitHub { + owner = "kirottu"; + repo = "anyrun"; + rev = "e14da6c37337ffa3ee1bc66965d58ef64c1590e5"; + hash = "sha256-hI9+KBShsSfvWX7bmRa/1VI20WGat3lDXmbceMZzMS4="; + }; + + cargoHash = "sha256-apOQc9Z6YANoaeKcbNxBfAv7mmGFB+CagrYRPgC5wLY="; + + strictDeps = true; + enableParallelBuilding = true; + doCheck = true; + + nativeBuildInputs = [ + pkg-config + wrapGAppsHook + ]; + + buildInputs = [ + atk + cairo + gdk-pixbuf + glib + gtk3 + gtk-layer-shell + pango + ] ++ lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.Security + ] ++ lib.optionals stdenv.isLinux [ + wayland + ]; + + preFixup = '' + gappsWrapperArgs+=( + --prefix ANYRUN_PLUGINS : $out/lib + ) + ''; + + postInstall = '' + install -Dm444 anyrun/res/style.css examples/config.ron -t $out/share/doc/${pname}/examples/ + ''; + + passthru.updateScript = unstableGitUpdater { }; + + meta = { + description = "A wayland-native, highly customizable runner"; + homepage = "https://github.com/kirottu/anyrun"; + license = lib.licenses.gpl3Only; + maintainers = with lib.maintainers; [ eclairevoyant NotAShelf ]; + mainProgram = "anyrun"; + }; +} diff --git a/pkgs/by-name/ce/cero/package.nix b/pkgs/by-name/ce/cero/package.nix new file mode 100644 index 000000000000..4784df65e839 --- /dev/null +++ b/pkgs/by-name/ce/cero/package.nix @@ -0,0 +1,33 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, +}: + +buildGoModule rec { + pname = "cero"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "glebarez"; + repo = "cero"; + rev = "v${version}"; + hash = "sha256-t2u6Q8CatUIQKk146uor367vr85O6KU8Gf8LZFZTESU="; + }; + + vendorHash = "sha256-VwzjkZLKovmPjvEmANMgZTtkwiM+dyjfTqftvK+muPM="; + + ldflags = [ + "-s" + "-w" + ]; + + meta = with lib; { + description = "Scrape domain names from SSL certificates of arbitrary hosts"; + homepage = "https://github.com/glebarez/cero"; + changelog = "https://github.com/glebarez/cero/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + mainProgram = "cero"; + }; +} diff --git a/pkgs/by-name/gi/git-gr/package.nix b/pkgs/by-name/gi/git-gr/package.nix new file mode 100644 index 000000000000..4bb7e82d2002 --- /dev/null +++ b/pkgs/by-name/gi/git-gr/package.nix @@ -0,0 +1,61 @@ +{ + lib, + stdenv, + buildPackages, + fetchFromGitHub, + rustPlatform, + installShellFiles, + libiconv, + darwin, + nix-update-script, +}: +let + canRunGitGr = stdenv.hostPlatform.emulatorAvailable buildPackages; + gitGr = "${stdenv.hostPlatform.emulator buildPackages} $out/bin/git-gr"; + pname = "git-gr"; + version = "1.0.3"; +in +rustPlatform.buildRustPackage { + inherit pname version; + + src = fetchFromGitHub { + owner = "9999years"; + repo = pname; + rev = "refs/tags/v${version}"; + hash = "sha256-hvK4reFR60q9mw3EdNLav9VMr4H6Zabv1N1D/5AAKuQ="; + }; + + buildFeatures = [ "clap_mangen" ]; + + cargoHash = "sha256-efoRiPWugz955MflIS81Nie7Oq5Y4u5CI+/el8fJVl0="; + + nativeBuildInputs = + [ installShellFiles ] + ++ lib.optionals stdenv.isDarwin [ + libiconv + darwin.apple_sdk.frameworks.CoreServices + ]; + + postInstall = lib.optionalString canRunGitGr '' + manpages=$(mktemp -d) + ${gitGr} manpages "$manpages" + for manpage in "$manpages"/*; do + installManPage "$manpage" + done + + installShellCompletion --cmd git-gr \ + --bash <(${gitGr} completions bash) \ + --fish <(${gitGr} completions fish) \ + --zsh <(${gitGr} completions zsh) + ''; + + meta = with lib; { + homepage = "https://github.com/9999years/git-gr"; + description = "A Gerrit CLI client"; + license = [ licenses.mit ]; + maintainers = [ maintainers._9999years ]; + mainProgram = "git-gr"; + }; + + passthru.updateScript = nix-update-script { }; +} diff --git a/pkgs/by-name/go/go-camo/package.nix b/pkgs/by-name/go/go-camo/package.nix index 4080f17577df..42cc8b7ba5da 100644 --- a/pkgs/by-name/go/go-camo/package.nix +++ b/pkgs/by-name/go/go-camo/package.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "go-camo"; - version = "2.4.10"; + version = "2.4.11"; src = fetchFromGitHub { owner = "cactus"; repo = pname; rev = "v${version}"; - sha256 = "sha256-cWML306a4mI1O99Mf58reGBNEqot9lG+i3mgU9jVhuk="; + sha256 = "sha256-wgneDCBiHg9M1PtLHFxEXRhK9fBNKPWQwV0fwUFxEgQ="; }; - vendorHash = "sha256-Xj9bPxv3/GarNdNSCiMbZo2/brSkLQ1nlZtFMxlpWT4="; + vendorHash = "sha256-duTW42UL8EtnxUvPr2GXHKcaGQ3d0u2maMzSIOHIxxI="; ldflags = [ "-s" "-w" "-X=main.ServerVersion=${version}" ]; diff --git a/pkgs/by-name/mo/monophony/package.nix b/pkgs/by-name/mo/monophony/package.nix index 64b86b292171..f0f268ca14a5 100644 --- a/pkgs/by-name/mo/monophony/package.nix +++ b/pkgs/by-name/mo/monophony/package.nix @@ -11,7 +11,7 @@ }: python3Packages.buildPythonApplication rec { pname = "monophony"; - version = "2.7.0"; + version = "2.8.2"; format = "other"; sourceRoot = "${src.name}/source"; @@ -19,7 +19,7 @@ python3Packages.buildPythonApplication rec { owner = "zehkira"; repo = "monophony"; rev = "v${version}"; - hash = "sha256-uOmaTkjlfrct8CPqKcTTTqmURVncPZm4fXZYW+yZUf8="; + hash = "sha256-sCJVcf/VAW5UVMwrpri+PPJjQF0s7f2KpmaytuH0jN4="; }; pythonPath = with python3Packages; [ diff --git a/pkgs/by-name/te/tenv/package.nix b/pkgs/by-name/te/tenv/package.nix index 6e280f7be69b..4b94d3dedb22 100644 --- a/pkgs/by-name/te/tenv/package.nix +++ b/pkgs/by-name/te/tenv/package.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "tenv"; - version = "1.3.0"; + version = "1.4.0"; src = fetchFromGitHub { owner = "tofuutils"; repo = "tenv"; rev = "v${version}"; - hash = "sha256-v8Llk9TpTXg8yddNfNc3yh476adokdllOPdPGQDcrMs="; + hash = "sha256-QWIwy995Y1QC2GbWxkRVZ3oaRv6+WhHNPeU9CUNCpA8="; }; - vendorHash = "sha256-3R6UW0jCIcHY1weX8PTFU3nEKTS7VbRD0l78tycIXaE="; + vendorHash = "sha256-62bMFzVI6mQLC8TNvwQMEMdkPVjDa6/ElwT/41t4Cqw="; # Tests disabled for requiring network access to release.hashicorp.com doCheck = false; diff --git a/pkgs/by-name/ti/tippecanoe/package.nix b/pkgs/by-name/ti/tippecanoe/package.nix index 07fd64f96831..89740de334fa 100644 --- a/pkgs/by-name/ti/tippecanoe/package.nix +++ b/pkgs/by-name/ti/tippecanoe/package.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "tippecanoe"; - version = "2.52.0"; + version = "2.53.0"; src = fetchFromGitHub { owner = "felt"; repo = "tippecanoe"; rev = finalAttrs.version; - hash = "sha256-EXutd+uaMtvs+fWmDIIzuVC8Q+Eo439TEYiMfo+Inco="; + hash = "sha256-0GBrGLE0owhGTc/+D1W6X+hkpuX2GPu6gXQ7J2pHK9o="; }; buildInputs = [ sqlite zlib ]; diff --git a/pkgs/development/compilers/intel-graphics-compiler/default.nix b/pkgs/development/compilers/intel-graphics-compiler/default.nix index 599fe53a74a6..d2075d79543c 100644 --- a/pkgs/development/compilers/intel-graphics-compiler/default.nix +++ b/pkgs/development/compilers/intel-graphics-compiler/default.nix @@ -31,13 +31,13 @@ in stdenv.mkDerivation rec { pname = "intel-graphics-compiler"; - version = "1.0.15985.7"; + version = "1.0.16238.4"; src = fetchFromGitHub { owner = "intel"; repo = "intel-graphics-compiler"; rev = "igc-${version}"; - hash = "sha256-NXShD6M5OeKi0+Jszvoos+wjHZ9lWh/LIUFLFq8dzFM="; + hash = "sha256-XgQ2Gk3HDKBpsfomlpRUt8WybEIoHfKlyuWJCwCnmDA="; }; nativeBuildInputs = [ bison cmake flex (python3.withPackages (ps : with ps; [ mako ])) ]; diff --git a/pkgs/development/compilers/spirv-llvm-translator/default.nix b/pkgs/development/compilers/spirv-llvm-translator/default.nix index 9dde7e475171..777e819b453d 100644 --- a/pkgs/development/compilers/spirv-llvm-translator/default.nix +++ b/pkgs/development/compilers/spirv-llvm-translator/default.nix @@ -32,9 +32,9 @@ let rev = "v${version}"; hash = "sha256-OsDohXRxovtEXaWiRGp8gJ0dXmoALyO+ZimeSO8aPVI="; } else if llvmMajor == "14" then { - version = "14.0.0+unstable-2024-01-23"; - rev = "582a3024c0c2d624a40fa2731d74b2c9ca3b94ab"; - hash = "sha256-1IRX+5Xh8Fj+/1DIZQrN8ijb2y7H39Y3u+IdbqjQgCc="; + version = "14.0.0+unstable-2024-02-14"; + rev = "2221771c28dc224d5d560faf6a2cd73f8ecf713d"; + hash = "sha256-J4qOgDdcsPRU1AXXXWN+qe4c47uMCrjmtM8MSrl9NjE="; } else if llvmMajor == "11" then { version = "11.0.0+unstable-2022-05-04"; rev = "4ef524240833abfeee1c5b9fff6b1bd53f4806b3"; # 267 commits ahead of v11.0.0 diff --git a/pkgs/development/interpreters/yaegi/default.nix b/pkgs/development/interpreters/yaegi/default.nix index b3453e564efb..1bc94848313b 100644 --- a/pkgs/development/interpreters/yaegi/default.nix +++ b/pkgs/development/interpreters/yaegi/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "yaegi"; - version = "0.16.0"; + version = "0.16.1"; src = fetchFromGitHub { owner = "traefik"; repo = "yaegi"; rev = "v${version}"; - hash = "sha256-AplNd9+Z+bVC4/2aFKwhabMvumF9IPcSX8X8H0z/ADA="; + hash = "sha256-jpLx2z65KeCPC4AQgFmUUphmmiT4EeHwrYn3/rD4Rzg="; }; vendorHash = null; diff --git a/pkgs/development/libraries/level-zero/default.nix b/pkgs/development/libraries/level-zero/default.nix index fb5c3ba283b6..74dc4a09f389 100644 --- a/pkgs/development/libraries/level-zero/default.nix +++ b/pkgs/development/libraries/level-zero/default.nix @@ -1,23 +1,35 @@ { lib -, stdenv -, fetchFromGitHub , addOpenGLRunpath , cmake +, fetchFromGitHub +, fmt_9 +, spdlog +, stdenv +, substituteAll }: stdenv.mkDerivation rec { pname = "level-zero"; - version = "1.16.1"; + version = "1.16.11"; src = fetchFromGitHub { owner = "oneapi-src"; repo = "level-zero"; rev = "refs/tags/v${version}"; - hash = "sha256-iPWEZ9aJ3uI4cAKRgur78zdVwGtD6q1TqwNpK+mg5hw="; + hash = "sha256-ER7ceIC7d00uH8NTBgwtKgQ/YMPr9ardAE8+D+RVHmY="; }; + patches = [ + (substituteAll { + src = ./system-spdlog.diff; + spdlog = lib.getDev spdlog; + }) + ]; + nativeBuildInputs = [ cmake addOpenGLRunpath ]; + buildInputs = [ fmt_9 ]; + postFixup = '' addOpenGLRunpath $out/lib/libze_loader.so ''; diff --git a/pkgs/development/libraries/level-zero/system-spdlog.diff b/pkgs/development/libraries/level-zero/system-spdlog.diff new file mode 100644 index 000000000000..dee5432d0f7f --- /dev/null +++ b/pkgs/development/libraries/level-zero/system-spdlog.diff @@ -0,0 +1,66 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 5e4af80..a54eecb 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -1,6 +1,9 @@ + # Copyright (C) 2020-2024 Intel Corporation + # SPDX-License-Identifier: MIT + ++add_compile_definitions(SPDLOG_FMT_EXTERNAL) ++add_compile_definitions(FMT_HEADER_ONLY) ++ + cmake_minimum_required(VERSION 3.2.0 FATAL_ERROR) + set(CMAKE_CXX_STANDARD 14) + set(CMAKE_CXX_STANDARD_REQUIRED ON) +@@ -58,7 +60,7 @@ elseif(Git_FOUND) + endif() + + include(FetchContent) +-set(SPDLOG_ROOT "${FETCHCONTENT_BASE_DIR}/spdlog-src") ++set(SPDLOG_ROOT "@spdlog@") + + # Update other relevant variables to include the patch + set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}") +diff --git a/source/utils/CMakeLists.txt b/source/utils/CMakeLists.txt +index cb6cfb1..599338a 100644 +--- a/source/utils/CMakeLists.txt ++++ b/source/utils/CMakeLists.txt +@@ -1,16 +1,6 @@ + # Copyright (C) 2024 Intel Corporation + # SPDX-License-Identifier: MIT + +-include(FetchContent) +-set(SPDLOG_REPO https://github.com/gabime/spdlog) +-set(SPDLOG_TAG v1.13.0) +-FetchContent_Declare( +- spdlog +- GIT_REPOSITORY ${SPDLOG_REPO} +- GIT_TAG ${SPDLOG_TAG} +-) +-FetchContent_makeAvailable(spdlog) +- + add_library(utils + STATIC + "logging.h" +@@ -19,5 +9,5 @@ add_library(utils + + target_include_directories(utils + PUBLIC +- ${FETCHCONTENT_BASE_DIR}/spdlog-src/include ++ @spdlog@/include + ) +diff --git a/source/utils/logging.h b/source/utils/logging.h +index 4aad451..c8c4cc3 100644 +--- a/source/utils/logging.h ++++ b/source/utils/logging.h +@@ -16,8 +16,8 @@ + #include + #include + +-#include "spdlog/sinks/basic_file_sink.h" +-#include "spdlog/spdlog.h" ++#include ++#include + + namespace loader { + diff --git a/pkgs/development/libraries/libwpe/default.nix b/pkgs/development/libraries/libwpe/default.nix index 9978082fc60e..a29dd6b2627b 100644 --- a/pkgs/development/libraries/libwpe/default.nix +++ b/pkgs/development/libraries/libwpe/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { pname = "libwpe"; - version = "1.14.2"; + version = "1.16.0"; src = fetchurl { url = "https://wpewebkit.org/releases/libwpe-${version}.tar.xz"; - sha256 = "sha256-iuOAIsUMs0DJb9vuEhfx5Gq1f7wci6mBQlZau+2+Iu8="; + sha256 = "sha256-x/OjxrPQBnkNSG3HzO2ittLjKd4H8zvEffxT8A8zSyo="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/quarto/default.nix b/pkgs/development/libraries/quarto/default.nix index 99b9ebf79ae8..b021b1d930f0 100644 --- a/pkgs/development/libraries/quarto/default.nix +++ b/pkgs/development/libraries/quarto/default.nix @@ -19,10 +19,10 @@ stdenv.mkDerivation (final: { pname = "quarto"; - version = "1.4.552"; + version = "1.4.553"; src = fetchurl { url = "https://github.com/quarto-dev/quarto-cli/releases/download/v${final.version}/quarto-${final.version}-linux-amd64.tar.gz"; - sha256 = "sha256-I6uRqKgwb+VnbghA20BXEGrrLKOERc/IfF1TIDoymBw="; + sha256 = "sha256-IrdUGx4b6XRmV6RHODeWukIObwy8XnsxyCKd3rwljJA="; }; nativeBuildInputs = [ diff --git a/pkgs/development/ocaml-modules/ocaml-lua/default.nix b/pkgs/development/ocaml-modules/ocaml-lua/default.nix new file mode 100644 index 000000000000..8a09b1d9387e --- /dev/null +++ b/pkgs/development/ocaml-modules/ocaml-lua/default.nix @@ -0,0 +1,37 @@ +{ lib, fetchFromGitHub, buildDunePackage, lua5_1, pkg-config }: + +buildDunePackage { + pname = "ocaml-lua"; + version = "1.8"; + + minimalOCamlVersion = "4.08"; + + src = fetchFromGitHub { + owner = "pdonadeo"; + repo = "ocaml-lua"; + # Take the latest commit, as some warnings have been fixed/suppressed + rev = "f44ad50c88bf999f48a13af663051493c89d7d02"; + hash = "sha256-AXtKrty8JdI+yc+Y9EiufBbySlr49OyXW6wKwmDb0xo="; + }; + + # ocaml-lua vendors and builds Lua: replace that with the one from nixpkgs + postPatch = '' + rm -r src/lua_c + substituteInPlace src/dune \ + --replace "-Ilua_c/lua515/src" "" \ + --replace "(libraries unix threads lua_c)" \ + "(libraries unix threads) (c_library_flags -llua)" + ''; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ lua5_1 ]; + + doCheck = true; + + meta = { + description = "Lua bindings for OCaml"; + homepage = "https://pdonadeo.github.io/ocaml-lua"; + license = lib.licenses.mit; + maintainers = [ lib.maintainers.kenran ]; + }; +} diff --git a/pkgs/development/python-modules/arsenic/default.nix b/pkgs/development/python-modules/arsenic/default.nix index e2c929b25147..2d742f943f79 100644 --- a/pkgs/development/python-modules/arsenic/default.nix +++ b/pkgs/development/python-modules/arsenic/default.nix @@ -1,26 +1,27 @@ -{ lib -, aiohttp -, attrs -, buildPythonPackage -, fetchFromGitHub -, fetchpatch -, poetry-core -, pytestCheckHook -, pythonRelaxDepsHook -, pythonOlder -, structlog +{ + lib, + aiohttp, + attrs, + buildPythonPackage, + fetchFromGitHub, + fetchpatch, + packaging, + poetry-core, + pythonRelaxDepsHook, + pythonOlder, + structlog, }: buildPythonPackage rec { pname = "arsenic"; version = "21.8"; - format = "pyproject"; + pyproject = true; disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "HENNGE"; - repo = pname; + repo = "arsenic"; rev = "refs/tags/${version}"; hash = "sha256-fsLo22PR9WdX2FazPgr8B8dFq6EM1LLTpRFGEm/ymCE="; }; @@ -32,33 +33,31 @@ buildPythonPackage rec { url = "https://github.com/HENNGE/arsenic/commit/ca82894a5f1e832ab9283a245258b334bdd48855.patch"; hash = "sha256-ECCUaJF4MRmFOKH1C6HowJ+zmbEPPiS7h9DlKw5otZc="; }) + # Replace distutils with packaging, https://github.com/HENNGE/arsenic/pull/166 + (fetchpatch { + name = "replace-distutils.patch"; + url = "https://github.com/HENNGE/arsenic/commit/440faed7d2a8fbd635a135c007051ea494e72873.patch"; + hash = "sha256-QbOH6EdFKZxm1VaXRiTbJ3zIzEKVet9GUQDaJnmSNQw="; + }) ]; - pythonRelaxDeps = [ - "structlog" - ]; + pythonRelaxDeps = [ "structlog" ]; - nativeBuildInputs = [ - poetry-core - pythonRelaxDepsHook - ]; + nativeBuildInputs = [ pythonRelaxDepsHook ]; - propagatedBuildInputs = [ + build-system = [ poetry-core ]; + + dependencies = [ aiohttp attrs + packaging structlog ]; - nativeCheckInputs = [ - pytestCheckHook - ]; - - # Depends on asyncio_extras which is not longer maintained + # Test depends on asyncio_extras which is not longer maintained doCheck = false; - pythonImportsCheck = [ - "arsenic" - ]; + pythonImportsCheck = [ "arsenic" ]; meta = with lib; { description = "WebDriver implementation for asyncio and asyncio-compatible frameworks"; diff --git a/pkgs/development/python-modules/asn1crypto/default.nix b/pkgs/development/python-modules/asn1crypto/default.nix index 426116f5775a..a10ad81c1823 100644 --- a/pkgs/development/python-modules/asn1crypto/default.nix +++ b/pkgs/development/python-modules/asn1crypto/default.nix @@ -13,8 +13,8 @@ # Switch version based on python version, as the situation isn't easy: # https://github.com/wbond/asn1crypto/issues/269 # https://github.com/MatthiasValvekens/certomancer/issues/12 -with ( - if lib.versionOlder python.version "3.12" then rec { +let + provenance = if lib.versionOlder python.version "3.12" then rec { version = "1.5.1"; rev = version; hash = "sha256-M8vASxhaJPgkiTrAckxz7gk/QHkrFlNz7fFbnLEBT+M="; @@ -22,19 +22,19 @@ with ( version = "1.5.1-unstable-2023-11-03"; rev = "b763a757bb2bef2ab63620611ddd8006d5e9e4a2"; hash = "sha256-11WajEDtisiJsKQjZMSd5sDog3DuuBzf1PcgSY+uuXY="; - } -); + }; +in buildPythonPackage rec { pname = "asn1crypto"; pyproject = true; - inherit version; + inherit (provenance) version; # Pulling from Github to run tests src = fetchFromGitHub { owner = "wbond"; repo = "asn1crypto"; - inherit rev hash; + inherit (provenance) rev hash; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/extract-msg/default.nix b/pkgs/development/python-modules/extract-msg/default.nix index 6c6e23370261..c687ef3272f7 100644 --- a/pkgs/development/python-modules/extract-msg/default.nix +++ b/pkgs/development/python-modules/extract-msg/default.nix @@ -1,22 +1,23 @@ -{ lib -, beautifulsoup4 -, buildPythonPackage -, compressed-rtf -, ebcdic -, fetchFromGitHub -, olefile -, pytestCheckHook -, pythonOlder -, pythonRelaxDepsHook -, red-black-tree-mod -, rtfde -, setuptools -, tzlocal +{ + lib, + beautifulsoup4, + buildPythonPackage, + compressed-rtf, + ebcdic, + fetchFromGitHub, + olefile, + pytestCheckHook, + pythonOlder, + pythonRelaxDepsHook, + red-black-tree-mod, + rtfde, + setuptools, + tzlocal, }: buildPythonPackage rec { pname = "extract-msg"; - version = "0.48.4"; + version = "0.48.5"; pyproject = true; disabled = pythonOlder "3.7"; @@ -25,7 +26,7 @@ buildPythonPackage rec { owner = "TeamMsgExtractor"; repo = "msg-extractor"; rev = "refs/tags/v${version}"; - hash = "sha256-xX25RVtkUFn+j9rALOHQOTRzqJXiEMn7i9pxCJ8so4U="; + hash = "sha256-GBX6VRXXja18azyiJZJ3niKPhAKZxDR8kcFbiC2XgeU="; }; pythonRelaxDeps = [ @@ -48,17 +49,11 @@ buildPythonPackage rec { tzlocal ]; - nativeCheckInputs = [ - pytestCheckHook - ]; + nativeCheckInputs = [ pytestCheckHook ]; - pythonImportsCheck = [ - "extract_msg" - ]; + pythonImportsCheck = [ "extract_msg" ]; - pytestFlagsArray = [ - "extract_msg_tests/*.py" - ]; + pytestFlagsArray = [ "extract_msg_tests/*.py" ]; meta = with lib; { description = "Extracts emails and attachments saved in Microsoft Outlook's .msg files"; diff --git a/pkgs/development/python-modules/flask-session-captcha/default.nix b/pkgs/development/python-modules/flask-session-captcha/default.nix index 539fd49c613b..115867f1c63c 100644 --- a/pkgs/development/python-modules/flask-session-captcha/default.nix +++ b/pkgs/development/python-modules/flask-session-captcha/default.nix @@ -1,57 +1,51 @@ -{ lib -, fetchFromGitHub -, buildPythonPackage - -# build-system -, setuptools - -# dependencies -, captcha -, flask -, markupsafe - -# tests -, flask-sqlalchemy -, pytestCheckHook +{ + lib, + buildPythonPackage, + captcha, + fetchFromGitHub, + flask, + flask-session, + flask-sqlalchemy, + markupsafe, + pytestCheckHook, + pythonOlder, + setuptools, }: buildPythonPackage rec { pname = "flask-session-captcha"; - version = "1.4.1"; + version = "1.4.2"; pyproject = true; + disabled = pythonOlder "3.8"; + src = fetchFromGitHub { owner = "Tethik"; - repo = pname; + repo = "flask-session-captcha"; rev = "refs/tags/v${version}"; - hash = "sha256-0g8nnnmTfcb9VqrtJ6kkfCFm+AYVrPZNWUPNQSjVTgQ="; + hash = "sha256-hf6ifTrsWvgvUHFAPdS8ns8aKN02zquLGCq5ouQF0ck="; }; - nativeBuildInputs = [ - setuptools - ]; + build-system = [ setuptools ]; - propagatedBuildInputs = [ + dependencies = [ captcha flask markupsafe ]; - pythonImportsCheck = [ - "flask_session_captcha" - ]; - - # RuntimeError: Working outside of application context. - doCheck = false; - nativeCheckInputs = [ + flask-session flask-sqlalchemy pytestCheckHook ]; + pythonImportsCheck = [ "flask_session_captcha" ]; + meta = with lib; { description = "A captcha implemention for flask"; homepage = "https://github.com/Tethik/flask-session-captcha"; + changelog = "https://github.com/Tethik/flask-session-captcha/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ Flakebi ]; }; diff --git a/pkgs/development/python-modules/glances-api/default.nix b/pkgs/development/python-modules/glances-api/default.nix index 416dc4e36c17..40c8d0698f18 100644 --- a/pkgs/development/python-modules/glances-api/default.nix +++ b/pkgs/development/python-modules/glances-api/default.nix @@ -1,35 +1,32 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, httpx -, poetry-core -, pytest-asyncio -, pytest-httpx -, pytestCheckHook -, pythonOlder +{ + lib, + buildPythonPackage, + fetchFromGitHub, + httpx, + poetry-core, + pytest-asyncio, + pytest-httpx, + pytestCheckHook, + pythonOlder, }: buildPythonPackage rec { pname = "glances-api"; - version = "0.5.1"; + version = "0.6.0"; pyproject = true; - disabled = pythonOlder "3.9"; + disabled = pythonOlder "3.11"; src = fetchFromGitHub { owner = "home-assistant-ecosystem"; repo = "python-glances-api"; rev = "refs/tags/${version}"; - hash = "sha256-hRzSNpmyZ91Ca45o0A3rnvsrGPFQRBcWBjryYXqZPH4="; + hash = "sha256-k/F4q1+bO6p/PW8iEiiCX6yXKbS8SHXVR8mEGezOrRE="; }; - nativeBuildInputs = [ - poetry-core - ]; + build-system = [ poetry-core ]; - propagatedBuildInputs = [ - httpx - ]; + dependencies = [ httpx ]; nativeCheckInputs = [ pytest-asyncio @@ -37,9 +34,7 @@ buildPythonPackage rec { pytestCheckHook ]; - pythonImportsCheck = [ - "glances_api" - ]; + pythonImportsCheck = [ "glances_api" ]; meta = with lib; { description = "Python API for interacting with Glances"; diff --git a/pkgs/development/python-modules/opower/default.nix b/pkgs/development/python-modules/opower/default.nix index 1747389cc972..fcae2a557c64 100644 --- a/pkgs/development/python-modules/opower/default.nix +++ b/pkgs/development/python-modules/opower/default.nix @@ -1,18 +1,19 @@ -{ lib -, aiohttp -, arrow -, buildPythonPackage -, fetchFromGitHub -, pyotp -, pytestCheckHook -, python-dotenv -, pythonOlder -, setuptools +{ + lib, + aiohttp, + arrow, + buildPythonPackage, + fetchFromGitHub, + pyotp, + pytestCheckHook, + python-dotenv, + pythonOlder, + setuptools, }: buildPythonPackage rec { pname = "opower"; - version = "0.4.2"; + version = "0.4.3"; pyproject = true; disabled = pythonOlder "3.9"; @@ -21,12 +22,10 @@ buildPythonPackage rec { owner = "tronikos"; repo = "opower"; rev = "refs/tags/v${version}"; - hash = "sha256-mQE3WypB//OPilx4vA8b8V+eO0MJ/cSa3wILLW+Jk4Y="; + hash = "sha256-qJMQoc0Bpo1X2jQ23XlmCLE7h8F5IsniQ+Hx9iJ0h6A="; }; - build-system = [ - setuptools - ]; + build-system = [ setuptools ]; dependencies = [ aiohttp @@ -35,13 +34,9 @@ buildPythonPackage rec { python-dotenv ]; - nativeCheckInputs = [ - pytestCheckHook - ]; + nativeCheckInputs = [ pytestCheckHook ]; - pythonImportsCheck = [ - "opower" - ]; + pythonImportsCheck = [ "opower" ]; meta = with lib; { description = "Module for getting historical and forecasted usage/cost from utilities that use opower.com"; diff --git a/pkgs/development/python-modules/psygnal/default.nix b/pkgs/development/python-modules/psygnal/default.nix index 701834561673..a4b07f761243 100644 --- a/pkgs/development/python-modules/psygnal/default.nix +++ b/pkgs/development/python-modules/psygnal/default.nix @@ -16,7 +16,7 @@ buildPythonPackage rec { pname = "psygnal"; - version = "0.10.0"; + version = "0.11.0"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -25,7 +25,7 @@ buildPythonPackage rec { owner = "pyapp-kit"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-RckzvOclV2UUZLYq3buLeLLBN/Q/CmCAqmGmjzYPqbM="; + hash = "sha256-LZkYlqplapV2jD5yV5Co8zhGdHP0dqkIAoIj1AFETbA="; }; buildInputs = [ diff --git a/pkgs/development/python-modules/pygobject-stubs/default.nix b/pkgs/development/python-modules/pygobject-stubs/default.nix index 9dde5d012225..38208b28ad30 100644 --- a/pkgs/development/python-modules/pygobject-stubs/default.nix +++ b/pkgs/development/python-modules/pygobject-stubs/default.nix @@ -1,14 +1,15 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, pygobject3 -, pythonOlder -, setuptools +{ + lib, + buildPythonPackage, + fetchFromGitHub, + pygobject3, + pythonOlder, + setuptools, }: buildPythonPackage rec { pname = "pygobject-stubs"; - version = "2.10.0"; + version = "2.11.0"; pyproject = true; disabled = pythonOlder "3.7"; @@ -17,12 +18,10 @@ buildPythonPackage rec { owner = "pygobject"; repo = "pygobject-stubs"; rev = "refs/tags/v${version}"; - hash = "sha256-fz+qzFWl9JJu9CEVkeiV6XUIPDvwWgrfhTo/nj1EH5c="; + hash = "sha256-HOAG5c0fjF6RzULc1IDk7hRSlKTqtdXEM6acyJeV0DE="; }; - nativeBuildInputs = [ - setuptools - ]; + build-system = [ setuptools ]; # This package does not include any tests. doCheck = false; diff --git a/pkgs/development/python-modules/python-lsp-server/default.nix b/pkgs/development/python-modules/python-lsp-server/default.nix index 881e7e33d91b..c79e3f7e8d7b 100644 --- a/pkgs/development/python-modules/python-lsp-server/default.nix +++ b/pkgs/development/python-modules/python-lsp-server/default.nix @@ -1,56 +1,56 @@ -{ lib -, stdenv -, autopep8 -, buildPythonPackage -, docstring-to-markdown -, fetchFromGitHub -, flake8 -, flaky -, importlib-metadata -, jedi -, matplotlib -, mccabe -, numpy -, pandas -, pluggy -, pycodestyle -, pydocstyle -, pyflakes -, pylint -, pyqt5 -, pytestCheckHook -, python-lsp-jsonrpc -, pythonOlder -, pythonRelaxDepsHook -, rope -, setuptools -, setuptools-scm -, toml -, ujson -, websockets -, whatthepatch -, wheel -, yapf +{ + lib, + stdenv, + autopep8, + buildPythonPackage, + docstring-to-markdown, + fetchFromGitHub, + flake8, + flaky, + importlib-metadata, + jedi, + matplotlib, + mccabe, + numpy, + pandas, + pluggy, + pycodestyle, + pydocstyle, + pyflakes, + pylint, + pyqt5, + pytestCheckHook, + python-lsp-jsonrpc, + pythonOlder, + pythonRelaxDepsHook, + rope, + setuptools, + setuptools-scm, + toml, + ujson, + websockets, + whatthepatch, + yapf, }: buildPythonPackage rec { pname = "python-lsp-server"; - version = "1.10.1"; + version = "1.11.0"; format = "pyproject"; disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "python-lsp"; - repo = pname; + repo = "python-lsp-server"; rev = "refs/tags/v${version}"; - hash = "sha256-tY+BE8DAajZKwlZ2D7uCr9LC7D61ULkhV8Z9EpRu6j0="; + hash = "sha256-0DFcnGlyDOK0Lxpr++xV6klhFF9b1fihH5FY/tblr+E="; }; postPatch = '' substituteInPlace pyproject.toml \ - --replace "--cov-report html --cov-report term --junitxml=pytest.xml" "" \ - --replace "--cov pylsp --cov test" "" + --replace-fail "--cov-report html --cov-report term --junitxml=pytest.xml" "" \ + --replace-fail "--cov pylsp --cov test" "" ''; pythonRelaxDeps = [ @@ -62,22 +62,18 @@ buildPythonPackage rec { "pyflakes" ]; - nativeBuildInputs = [ - pythonRelaxDepsHook - setuptools-scm - wheel - ]; + nativeBuildInputs = [ setuptools-scm ]; - propagatedBuildInputs = [ + build-system = [ setuptools-scm ]; + + dependencies = [ docstring-to-markdown jedi pluggy python-lsp-jsonrpc setuptools # `pkg_resources`imported in pylsp/config/config.py ujson - ] ++ lib.optionals (pythonOlder "3.10") [ - importlib-metadata - ]; + ] ++ lib.optionals (pythonOlder "3.10") [ importlib-metadata ]; passthru.optional-dependencies = { all = [ @@ -93,62 +89,46 @@ buildPythonPackage rec { whatthepatch yapf ]; - autopep8 = [ - autopep8 - ]; - flake8 = [ - flake8 - ]; - mccabe = [ - mccabe - ]; - pycodestyle = [ - pycodestyle - ]; - pydocstyle = [ - pydocstyle - ]; - pyflakes = [ - pyflakes - ]; - pylint = [ - pylint - ]; - rope = [ - rope - ]; + autopep8 = [ autopep8 ]; + flake8 = [ flake8 ]; + mccabe = [ mccabe ]; + pycodestyle = [ pycodestyle ]; + pydocstyle = [ pydocstyle ]; + pyflakes = [ pyflakes ]; + pylint = [ pylint ]; + rope = [ rope ]; yapf = [ whatthepatch yapf ]; - websockets = [ - websockets - ]; + websockets = [ websockets ]; }; - nativeCheckInputs = [ - flaky - matplotlib - numpy - pandas - pytestCheckHook - ] ++ passthru.optional-dependencies.all - # pyqt5 is broken on aarch64-darwin - ++ lib.optionals (!stdenv.isDarwin || !stdenv.isAarch64) [ - pyqt5 - ]; - - disabledTests = [ - # Don't run lint tests - "test_pydocstyle" - # https://github.com/python-lsp/python-lsp-server/issues/243 - "test_numpy_completions" - "test_workspace_loads_pycodestyle_config" - "test_autoimport_code_actions_and_completions_for_notebook_document" - ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ + nativeCheckInputs = + [ + flaky + matplotlib + numpy + pandas + pytestCheckHook + ] + ++ passthru.optional-dependencies.all # pyqt5 is broken on aarch64-darwin - "test_pyqt_completion" - ]; + ++ lib.optionals (!stdenv.isDarwin || !stdenv.isAarch64) [ pyqt5 ]; + + disabledTests = + [ + # Don't run lint tests + "test_pydocstyle" + # https://github.com/python-lsp/python-lsp-server/issues/243 + "test_numpy_completions" + "test_workspace_loads_pycodestyle_config" + "test_autoimport_code_actions_and_completions_for_notebook_document" + ] + ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ + # pyqt5 is broken on aarch64-darwin + "test_pyqt_completion" + ]; preCheck = '' export HOME=$(mktemp -d); diff --git a/pkgs/development/python-modules/pyvista/default.nix b/pkgs/development/python-modules/pyvista/default.nix index 3c1d7d2982e2..c961904a0c5b 100644 --- a/pkgs/development/python-modules/pyvista/default.nix +++ b/pkgs/development/python-modules/pyvista/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "pyvista"; - version = "0.43.4"; + version = "0.43.5"; pyproject = true; disabled = pythonOlder "3.8"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-nesI3rYGPCih+rckT6E6pyy6kZdfxBOjpfwvzKt8c6I="; + hash = "sha256-twcsOG/iHZGMBrGcpF5jEJB8CoKIBcO711t7sXJT214="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/romy/default.nix b/pkgs/development/python-modules/romy/default.nix index 9492bab6ce0e..32b8e9fbebc4 100644 --- a/pkgs/development/python-modules/romy/default.nix +++ b/pkgs/development/python-modules/romy/default.nix @@ -1,14 +1,15 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, setuptools -, pythonOlder -, aiohttp +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + pythonOlder, + aiohttp, }: buildPythonPackage rec { pname = "romy"; - version = "0.0.9"; + version = "0.0.10"; pyproject = true; disabled = pythonOlder "3.11"; @@ -17,23 +18,17 @@ buildPythonPackage rec { owner = "xeniter"; repo = "romy"; rev = "refs/tags/${version}"; - hash = "sha256-r7g8DE8eBFHkMHzGfNlYi+XxrRIvH8IDxGOSEiJKKqM="; + hash = "sha256-pQI+/1xt1YE+L5CHsurkBr2dKMGR/dV5vrGHYM8wNGs="; }; - build-system = [ - setuptools - ]; + build-system = [ setuptools ]; - dependencies = [ - aiohttp - ]; + dependencies = [ aiohttp ]; # Module has no tests doCheck = false; - pythonImportsCheck = [ - "romy" - ]; + pythonImportsCheck = [ "romy" ]; meta = with lib; { description = "Library to control Wi-Fi enabled ROMY vacuum cleaners"; diff --git a/pkgs/development/python-modules/rstcheck-core/default.nix b/pkgs/development/python-modules/rstcheck-core/default.nix index 74a1dd2dbff2..971e0b12cfd1 100644 --- a/pkgs/development/python-modules/rstcheck-core/default.nix +++ b/pkgs/development/python-modules/rstcheck-core/default.nix @@ -1,23 +1,23 @@ -{ stdenv -, lib -, buildPythonPackage -, docutils -, fetchFromGitHub -, importlib-metadata -, mock -, pydantic -, pytest-mock -, pytestCheckHook -, pythonOlder -, setuptools -, setuptools-scm -, typing-extensions -, wheel +{ + lib, + stdenv, + buildPythonPackage, + docutils, + fetchFromGitHub, + importlib-metadata, + mock, + pydantic, + pytest-mock, + pytestCheckHook, + pythonOlder, + setuptools, + setuptools-scm, + typing-extensions, }: buildPythonPackage rec { pname = "rstcheck-core"; - version = "1.2.0"; + version = "1.2.1"; pyproject = true; disabled = pythonOlder "3.8"; @@ -26,26 +26,27 @@ buildPythonPackage rec { owner = "rstcheck"; repo = "rstcheck-core"; rev = "refs/tags/v${version}"; - hash = "sha256-cKJNktIB4vXt1MPRgYrJQ0aksmrVu7Y2uTyUjdx5YdA="; + hash = "sha256-PiQMk0lIv24S6qXMYIQR+SkSji+WA30ivWs2uPQwf2A="; }; - nativeBuildInputs = [ + build-system = [ setuptools setuptools-scm - wheel ]; env = { NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-strict-prototypes"; }; - propagatedBuildInputs = [ - docutils - pydantic - ] ++ lib.optionals (pythonOlder "3.9") [ - importlib-metadata - typing-extensions - ]; + dependencies = + [ + docutils + pydantic + ] + ++ lib.optionals (pythonOlder "3.9") [ + importlib-metadata + typing-extensions + ]; nativeCheckInputs = [ mock @@ -58,9 +59,7 @@ buildPythonPackage rec { "test_check_yaml_returns_error_on_bad_code_block" ]; - pythonImportsCheck = [ - "rstcheck_core" - ]; + pythonImportsCheck = [ "rstcheck_core" ]; meta = with lib; { description = "Library for checking syntax of reStructuredText"; diff --git a/pkgs/development/python-modules/rstcheck/default.nix b/pkgs/development/python-modules/rstcheck/default.nix index 3e648e792b20..91f58f134710 100644 --- a/pkgs/development/python-modules/rstcheck/default.nix +++ b/pkgs/development/python-modules/rstcheck/default.nix @@ -1,58 +1,47 @@ -{ stdenv -, lib -, buildPythonPackage -, docutils -, fetchFromGitHub -, importlib-metadata -, poetry-core -, pydantic -, pytestCheckHook -, pythonOlder -, pythonRelaxDepsHook -, rstcheck-core -, typer -, types-docutils -, typing-extensions +{ + lib, + stdenv, + buildPythonPackage, + docutils, + fetchFromGitHub, + setuptools, + setuptools-scm, + pydantic, + pytestCheckHook, + pythonOlder, + rstcheck-core, + typer, + types-docutils, }: buildPythonPackage rec { pname = "rstcheck"; - version = "6.1.2"; - format = "pyproject"; + version = "6.2.1"; + pyproject = true; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "rstcheck"; - repo = pname; + repo = "rstcheck"; rev = "refs/tags/v${version}"; - hash = "sha256-UMByfnnP1va3v1IgyQL0f3kC+W6HoiWScb7U2FAvWkU="; + hash = "sha256-S04l+x/rIc/XSvq2lSKCQp6KK5mmKI2mOgPgJ3WKe5M="; }; - pythonRelaxDeps = [ - "typer" + build-system = [ + setuptools + setuptools-scm ]; - nativeBuildInputs = [ - poetry-core - pythonRelaxDepsHook - ]; - - propagatedBuildInputs = [ + dependencies = [ docutils rstcheck-core types-docutils - typing-extensions pydantic typer - ] ++ lib.optionals (pythonOlder "3.8") [ - typing-extensions - importlib-metadata ] ++ typer.optional-dependencies.all; - nativeCheckInputs = [ - pytestCheckHook - ]; + nativeCheckInputs = [ pytestCheckHook ]; disabledTests = lib.optionals stdenv.isDarwin [ # Disabled until https://github.com/rstcheck/rstcheck-core/issues/19 is resolved. @@ -60,9 +49,7 @@ buildPythonPackage rec { "test_file_1_is_bad_without_config_macos" ]; - pythonImportsCheck = [ - "rstcheck" - ]; + pythonImportsCheck = [ "rstcheck" ]; preCheck = '' # The tests need to find and call the rstcheck executable @@ -71,10 +58,10 @@ buildPythonPackage rec { meta = with lib; { description = "Checks syntax of reStructuredText and code blocks nested within it"; - mainProgram = "rstcheck"; homepage = "https://github.com/myint/rstcheck"; changelog = "https://github.com/rstcheck/rstcheck/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ staccato ]; + mainProgram = "rstcheck"; }; } diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index 571a91c78131..75452c45820c 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "flow"; - version = "0.232.0"; + version = "0.233.0"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; rev = "v${version}"; - hash = "sha256-hYFVfkkJFAg5Ij7kwLiMeIHYjPLElHhzDPET6kBQCSg="; + hash = "sha256-FMSwCou8J8gpuZ6lPKp+qO58iZWxBDOv8vcZvSdFWWE="; }; postPatch = '' diff --git a/pkgs/development/tools/earthly/default.nix b/pkgs/development/tools/earthly/default.nix index 0e3413043b54..89c47c2a238c 100644 --- a/pkgs/development/tools/earthly/default.nix +++ b/pkgs/development/tools/earthly/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "earthly"; - version = "0.8.6"; + version = "0.8.7"; src = fetchFromGitHub { owner = "earthly"; repo = "earthly"; rev = "v${version}"; - hash = "sha256-APmWF3RrUvXqfvs8MpOMeV3Q6N6GRJXd/sTd9EmIGnQ="; + hash = "sha256-sLOH17OCdA5eOI4KuoVpUrKtLoOVGIzoBeWIOXt2L8k="; }; - vendorHash = "sha256-cdq0gbaTY7IXSoqZcxqkN5in5xtZZTaP0MQRypqJoCU="; + vendorHash = "sha256-896P+KGaoWs0f8LvZMeeJhdtrhti9kMYuNL39/NUWWE="; subPackages = [ "cmd/earthly" "cmd/debugger" ]; CGO_ENABLED = 0; diff --git a/pkgs/development/tools/semantic-release/default.nix b/pkgs/development/tools/semantic-release/default.nix index 9aa371c07e32..ba42839d55e8 100644 --- a/pkgs/development/tools/semantic-release/default.nix +++ b/pkgs/development/tools/semantic-release/default.nix @@ -8,16 +8,16 @@ buildNpmPackage rec { pname = "semantic-release"; - version = "23.0.6"; + version = "23.0.7"; src = fetchFromGitHub { owner = "semantic-release"; repo = "semantic-release"; rev = "v${version}"; - hash = "sha256-saWKx7OnKRT1zonaSRaLXUoL7XI6YaeKogdTuxDN6eo="; + hash = "sha256-4NhTVp/E9yM7rtOQa03PMhQ/TfOL23XQiixXct9uies="; }; - npmDepsHash = "sha256-OvH568kJP0tdK6y2TmMRAyVZ4LgY9+Y4AF39jXk4dq4="; + npmDepsHash = "sha256-2Ne+jgCo7H0dgLSsStuMWqd1aplQClf3GbDYZhIy014="; dontNpmBuild = true; diff --git a/pkgs/os-specific/linux/intel-compute-runtime/default.nix b/pkgs/os-specific/linux/intel-compute-runtime/default.nix index c175916b9008..f4a250d4a84c 100644 --- a/pkgs/os-specific/linux/intel-compute-runtime/default.nix +++ b/pkgs/os-specific/linux/intel-compute-runtime/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "intel-compute-runtime"; - version = "24.05.28454.6"; + version = "24.09.28717.12"; src = fetchFromGitHub { owner = "intel"; repo = "compute-runtime"; rev = version; - hash = "sha256-gX6zvZcwZXcSj3ch/eIWqIefccKuab0voh2vHHJTTso="; + hash = "sha256-RzXV6icenMcQxmOfKA8Tpb6FigLXz3ZyoL0n16+jFRc="; }; nativeBuildInputs = [ cmake pkg-config ]; diff --git a/pkgs/servers/misc/gobgpd/default.nix b/pkgs/servers/misc/gobgpd/default.nix index 48003cae4693..cd0f6bbd4ac4 100644 --- a/pkgs/servers/misc/gobgpd/default.nix +++ b/pkgs/servers/misc/gobgpd/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "gobgpd"; - version = "3.24.0"; + version = "3.25.0"; src = fetchFromGitHub { owner = "osrg"; repo = "gobgp"; rev = "refs/tags/v${version}"; - hash = "sha256-JGgkhNSKprqaUBaW+m/5vYnuDri1Ibyf2Y6SMlscnIU="; + hash = "sha256-cb4FYsYMkrna/1IjPlEglAmeQ/vfbUiaTb5OjrWiYR4="; }; - vendorHash = "sha256-5eB3vFOo3LCsjMnWYFH0yq5+IunwKXp5C34x6NvpFZ8="; + vendorHash = "sha256-fB/PjOO3+/RVQ5DGAHx4O8wAb9p+RdDC9+xkTCefP8A="; postConfigure = '' export CGO_ENABLED=0 diff --git a/pkgs/servers/monitoring/prometheus/pushgateway.nix b/pkgs/servers/monitoring/prometheus/pushgateway.nix index 0354cb258594..9fbdd6c0a94d 100644 --- a/pkgs/servers/monitoring/prometheus/pushgateway.nix +++ b/pkgs/servers/monitoring/prometheus/pushgateway.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "pushgateway"; - version = "1.7.0"; + version = "1.8.0"; src = fetchFromGitHub { owner = "prometheus"; repo = "pushgateway"; rev = "v${version}"; - sha256 = "sha256-yiLVLt1+Klr34rF+rj+T9SWNCiYi//g/e/kfJJokkYk="; + sha256 = "sha256-WZ7Gi7jiHoH6ZL0TdB7Z3C9sAzxL/iJtOAm/MsZVRI8="; }; - vendorHash = "sha256-cbwTjjh4g5ISMuump6By0xmF3wKrdA3kToG7j8ZgHNs="; + vendorHash = "sha256-W2gGp36f1OZonXVkoBvWOaeGnnF5Xi5Kv8JE+iDm+fg="; ldflags = [ "-s" diff --git a/pkgs/servers/monitoring/unpoller/default.nix b/pkgs/servers/monitoring/unpoller/default.nix index c2e0f6c9f7ed..4362feb1b91e 100644 --- a/pkgs/servers/monitoring/unpoller/default.nix +++ b/pkgs/servers/monitoring/unpoller/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "unpoller"; - version = "2.10.0"; + version = "2.11.0"; src = fetchFromGitHub { owner = "unpoller"; repo = "unpoller"; rev = "v${version}"; - hash = "sha256-aJbK1Fhlfm0CrI1O7sWh1xjk+OR8gLa1goSnQ4wfrI0="; + hash = "sha256-VRABezPSppkVouOb6Oz4SpZLwOWhvNKQ+v4ss8wCDFg="; }; - vendorHash = "sha256-iOfjjRjN07iD+B7GjWKbmQu/xNm5wjFQOTA4jBxMh/E="; + vendorHash = "sha256-JF+DwPjtDfFFN9DbEqY9Up8CjDqOsD4IYrMitUd/5Pg="; ldflags = [ "-w" "-s" diff --git a/pkgs/servers/wsdd/default.nix b/pkgs/servers/wsdd/default.nix index 6b99e6c59373..65aae2be2ce5 100644 --- a/pkgs/servers/wsdd/default.nix +++ b/pkgs/servers/wsdd/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "wsdd"; - version = "0.7.1"; + version = "0.8"; src = fetchFromGitHub { owner = "christgau"; repo = pname; rev = "v${version}"; - hash = "sha256-xfZVGi3OxuRI+Zh6L3Ru4J4j5BB1EAN3fllRCVA/c5o="; + hash = "sha256-T8/XlQpx4CtNy8LuLwOQBG9muFe9pp5583tDaCT4ReI="; }; outputs = [ "out" "man" ]; @@ -17,12 +17,6 @@ stdenv.mkDerivation rec { buildInputs = [ python3 ]; - patches = [ - # Increase timeout to socket urlopen - # See https://github.com/christgau/wsdd/issues/80#issuecomment-76848906 - ./increase_timeout.patch - ]; - installPhase = '' install -Dm0555 src/wsdd.py $out/bin/wsdd installManPage man/wsdd.8 diff --git a/pkgs/servers/wsdd/increase_timeout.patch b/pkgs/servers/wsdd/increase_timeout.patch deleted file mode 100644 index ac619f705d8e..000000000000 --- a/pkgs/servers/wsdd/increase_timeout.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/wsdd.py b/src/wsdd.py -index 88a7a2a..360e4f7 100755 ---- a/src/wsdd.py -+++ b/src/wsdd.py -@@ -699,7 +699,7 @@ class WSDClient(WSDUDPMessageHandler): - request.add_header('Host', host) - - try: -- with urllib.request.urlopen(request, None, 2.0) as stream: -+ with urllib.request.urlopen(request, None, 5.0) as stream: - self.handle_metadata(stream.read(), endpoint, xaddr) - except urllib.error.URLError as e: - logger.warning('could not fetch metadata from: {} {}'.format(url, e)) diff --git a/pkgs/tools/admin/stripe-cli/default.nix b/pkgs/tools/admin/stripe-cli/default.nix index c42d4f348c0c..d8e2251bb13b 100644 --- a/pkgs/tools/admin/stripe-cli/default.nix +++ b/pkgs/tools/admin/stripe-cli/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "stripe-cli"; - version = "1.19.3"; + version = "1.19.4"; src = fetchFromGitHub { owner = "stripe"; repo = pname; rev = "v${version}"; - hash = "sha256-VHTr/+sc34Z9WazURXNq7EXKPbpf08cQ0FI98OV7CAA="; + hash = "sha256-pcDlZQCVy1xy8LZ+S5JcGNoiw1Px7C4U6Pn1pe31DoI="; }; vendorHash = "sha256-DYA6cu2KzEBZ4wsT7wjcdY1endQQOZlj2aOwu6iGLew="; diff --git a/pkgs/tools/graphics/deqp-runner/default.nix b/pkgs/tools/graphics/deqp-runner/default.nix index 88fa06d36b3c..93ca48daaf68 100644 --- a/pkgs/tools/graphics/deqp-runner/default.nix +++ b/pkgs/tools/graphics/deqp-runner/default.nix @@ -2,17 +2,17 @@ rustPlatform.buildRustPackage rec { pname = "deqp-runner"; - version = "0.16.1"; + version = "0.18.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "anholt"; repo = "deqp-runner"; rev = "v${version}"; - hash = "sha256-Spx7Y0es+s3k2dod/kdEgypncED8mNR23uRdOOcLxJc="; + hash = "sha256-5ngyONV7X3JyU0Kd7VE8XGgsAMb9OCSrZuAuFIbQjgs="; }; - cargoHash = "sha256-G4fxtpIhwAVleJ+0rN1+ZhKWw7QbWTB5aLUa3EdFyvA="; + cargoHash = "sha256-xLtKrzjDwBxsg9YNlLQdteAkhuS1rpUbyMWdMwFTrf4="; meta = with lib; { description = "A VK-GL-CTS/dEQP wrapper program to parallelize it across CPUs and report results against a baseline"; diff --git a/pkgs/tools/networking/gobgp/default.nix b/pkgs/tools/networking/gobgp/default.nix index ed04e7f57b0a..295791556f2a 100644 --- a/pkgs/tools/networking/gobgp/default.nix +++ b/pkgs/tools/networking/gobgp/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gobgp"; - version = "3.24.0"; + version = "3.25.0"; src = fetchFromGitHub { owner = "osrg"; repo = "gobgp"; rev = "v${version}"; - sha256 = "sha256-JGgkhNSKprqaUBaW+m/5vYnuDri1Ibyf2Y6SMlscnIU="; + sha256 = "sha256-cb4FYsYMkrna/1IjPlEglAmeQ/vfbUiaTb5OjrWiYR4="; }; - vendorHash = "sha256-5eB3vFOo3LCsjMnWYFH0yq5+IunwKXp5C34x6NvpFZ8="; + vendorHash = "sha256-fB/PjOO3+/RVQ5DGAHx4O8wAb9p+RdDC9+xkTCefP8A="; postConfigure = '' export CGO_ENABLED=0 diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix index 5bae2050fbfc..dc43f6dd36b8 100644 --- a/pkgs/tools/networking/openssh/common.nix +++ b/pkgs/tools/networking/openssh/common.nix @@ -30,6 +30,7 @@ , nixosTests , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl , withPAM ? stdenv.hostPlatform.isLinux +, dsaKeysSupport ? false , linkOpenssl ? true }: @@ -84,6 +85,7 @@ stdenv.mkDerivation { "--with-libedit=yes" "--disable-strip" (lib.withFeature withPAM "pam") + (lib.enableFeature dsaKeysSupport "dsa-keys") ] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}" ++ lib.optional withFIDO "--with-security-key-builtin=yes" ++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}") diff --git a/pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs/html.py b/pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs/html.py index 2e43a6a2be87..1de511c7ce31 100644 --- a/pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs/html.py +++ b/pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs/html.py @@ -219,13 +219,13 @@ class HTMLRenderer(Renderer): def example_open(self, token: Token, tokens: Sequence[Token], i: int) -> str: if id := cast(str, token.attrs.get('id', '')): id = f'id="{escape(id, True)}"' if id else '' - return f'
' + return f'
' def example_close(self, token: Token, tokens: Sequence[Token], i: int) -> str: - return '

' + return '
' def example_title_open(self, token: Token, tokens: Sequence[Token], i: int) -> str: - return '

' + return '

' def example_title_close(self, token: Token, tokens: Sequence[Token], i: int) -> str: - return '

' + return '
' def image(self, token: Token, tokens: Sequence[Token], i: int) -> str: src = self._pull_image(cast(str, token.attrs['src'])) alt = f'alt="{escape(token.content, True)}"' if token.content else "" diff --git a/pkgs/tools/security/quark-engine/default.nix b/pkgs/tools/security/quark-engine/default.nix index 1e9cf9168aed..43e9413d125c 100644 --- a/pkgs/tools/security/quark-engine/default.nix +++ b/pkgs/tools/security/quark-engine/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "quark-engine"; - version = "24.2.1"; + version = "24.4.1"; pyproject = true; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-77yfysmFEneVOiejoCooi1buqEM/Ljv5xqjKv17DFWE="; + sha256 = "sha256-cWO/avMz9nT9yo10b1ugC0C8NsEp2jAlcR0/+86gFKc="; }; nativeBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 996baca2567f..a2501cb34f58 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation (finalAttrs: { pname = "sudo"; + # be sure to check if nixos/modules/security/sudo.nix needs updating when bumping + # e.g. links to man pages, value constraints etc. version = "1.9.15p5"; src = fetchurl { diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 9513160a476c..2feeb0cade56 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -1233,6 +1233,8 @@ let ocaml-lsp = callPackage ../development/ocaml-modules/ocaml-lsp { }; + ocaml-lua = callPackage ../development/ocaml-modules/ocaml-lua { }; + ocaml_lwt = lwt; ocaml-migrate-parsetree = ocaml-migrate-parsetree-1-8;