diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index a05c01bc9df9..4994c79f73a4 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -14620,6 +14620,12 @@ githubId = 111265; name = "Ozan Sener"; }; + osnyx = { + email = "os@flyingcircus.io"; + github = "osnyx"; + githubId = 104593071; + name = "Oliver Schmidt"; + }; ostrolucky = { email = "gabriel.ostrolucky@gmail.com"; github = "ostrolucky"; @@ -19945,6 +19951,12 @@ fingerprint = "E631 8869 586F 99B4 F6E6 D785 5942 58F0 389D 2802"; }]; }; + twitchy0 = { + email = "code@nitinpassa.com"; + github = "twitchy0"; + githubId = 131159000; + name = "Nitin Passa"; + }; twitchyliquid64 = { name = "Tom"; email = "twitchyliquid64@ciphersink.net"; diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index 8e9194fd6371..0138338379c2 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -311,6 +311,8 @@ with lib.maintainers; { dpausp frlan leona + osnyx + ma27 ]; scope = "Team for Flying Circus employees who collectively maintain packages."; shortName = "Flying Circus employees"; diff --git a/nixos/modules/services/x11/desktop-managers/budgie.nix b/nixos/modules/services/x11/desktop-managers/budgie.nix index fe39097a22e8..7d8bb1963d78 100644 --- a/nixos/modules/services/x11/desktop-managers/budgie.nix +++ b/nixos/modules/services/x11/desktop-managers/budgie.nix @@ -159,7 +159,7 @@ in { ++ cfg.sessionPath; # Fonts. - fonts.packages = mkDefault [ + fonts.packages = [ pkgs.noto-fonts pkgs.hack-font ]; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ac64b85dd486..b2e824642092 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -683,6 +683,7 @@ in { peering-manager = handleTest ./web-apps/peering-manager.nix {}; peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; peroxide = handleTest ./peroxide.nix {}; + pg_anonymizer = handleTest ./pg_anonymizer.nix {}; pgadmin4 = handleTest ./pgadmin4.nix {}; pgbouncer = handleTest ./pgbouncer.nix {}; pgjwt = handleTest ./pgjwt.nix {}; diff --git a/nixos/tests/pg_anonymizer.nix b/nixos/tests/pg_anonymizer.nix new file mode 100644 index 000000000000..2960108e37c3 --- /dev/null +++ b/nixos/tests/pg_anonymizer.nix @@ -0,0 +1,94 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "pg_anonymizer"; + meta.maintainers = lib.teams.flyingcircus.members; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = [ pkgs.pg-dump-anon ]; + services.postgresql = { + enable = true; + extraPlugins = ps: [ ps.anonymizer ]; + settings.shared_preload_libraries = "anon"; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("multi-user.target") + machine.wait_for_unit("postgresql.service") + + with subtest("Setup"): + machine.succeed("sudo -u postgres psql --command 'create database demo'") + machine.succeed( + "sudo -u postgres psql -d demo -f ${pkgs.writeText "init.sql" '' + create extension anon cascade; + select anon.init(); + create table player(id serial, name text, points int); + insert into player(id,name,points) values (1,'Foo', 23); + insert into player(id,name,points) values (2,'Bar',42); + security label for anon on column player.name is 'MASKED WITH FUNCTION anon.fake_last_name();'; + security label for anon on column player.points is 'MASKED WITH VALUE NULL'; + ''}" + ) + + def get_player_table_contents(): + return [ + x.split(',') for x in machine.succeed("sudo -u postgres psql -d demo --csv --command 'select * from player'").splitlines()[1:] + ] + + def check_anonymized_row(row, id, original_name): + assert row[0] == id, f"Expected first row to have ID {id}, but got {row[0]}" + assert row[1] != original_name, f"Expected first row to have a name other than {original_name}" + assert not bool(row[2]), "Expected points to be NULL in first row" + + def find_xsv_in_dump(dump, sep=','): + """ + Expecting to find a CSV (for pg_dump_anon) or TSV (for pg_dump) structure, looking like + + COPY public.player ... + 1,Shields, + 2,Salazar, + \. + + in the given dump (the commas are tabs in case of pg_dump). + Extract the CSV lines and split by `sep`. + """ + + try: + from itertools import dropwhile, takewhile + return [x.split(sep) for x in list(takewhile( + lambda x: x != "\\.", + dropwhile( + lambda x: not x.startswith("COPY public.player"), + dump.splitlines() + ) + ))[1:]] + except: + print(f"Dump to process: {dump}") + raise + + def check_original_data(output): + assert output[0] == ['1','Foo','23'], f"Expected first row from player table to be 1,Foo,23; got {output[0]}" + assert output[1] == ['2','Bar','42'], f"Expected first row from player table to be 2,Bar,42; got {output[1]}" + + def check_anonymized_rows(output): + check_anonymized_row(output[0], '1', 'Foo') + check_anonymized_row(output[1], '2', 'Bar') + + with subtest("Check initial state"): + check_original_data(get_player_table_contents()) + + with subtest("Anonymous dumps"): + check_original_data(find_xsv_in_dump( + machine.succeed("sudo -u postgres pg_dump demo"), + sep='\t' + )) + check_anonymized_rows(find_xsv_in_dump( + machine.succeed("sudo -u postgres pg_dump_anon -U postgres -h /run/postgresql -d demo"), + sep=',' + )) + + with subtest("Anonymize"): + machine.succeed("sudo -u postgres psql -d demo --command 'select anon.anonymize_database();'") + check_anonymized_rows(get_player_table_contents()) + ''; +}) diff --git a/pkgs/applications/audio/spotifyd/default.nix b/pkgs/applications/audio/spotifyd/default.nix index 0e41bedb2650..6de9493ab8e8 100644 --- a/pkgs/applications/audio/spotifyd/default.nix +++ b/pkgs/applications/audio/spotifyd/default.nix @@ -9,16 +9,16 @@ rustPackages.rustPlatform.buildRustPackage rec { pname = "spotifyd"; - version = "0.3.5"; + version = "0.3.5-unstable-2024-02-18"; src = fetchFromGitHub { owner = "Spotifyd"; repo = "spotifyd"; - rev = "v${version}"; - hash = "sha256-+P85FWJIsfAv8/DnQFxfoWvNY8NpbZ2xUidfwN8tiA8="; + rev = "ff2f7a06e54bf05afd57a0243dc9f67abc15f040"; + hash = "sha256-nebAd4a+ht+blRP52OF830/Dm15ZPwRL4IPWmmT9ViM="; }; - cargoHash = "sha256-j+2yEtn3D+vNRcY4+NnqSX4xRQIE5Sq7bentxTh6kMI="; + cargoHash = "sha256-6BRIMTrWTwvX3yIGEYEvigMT+n4EtaruMdrej2Dd49w="; nativeBuildInputs = [ pkg-config ]; @@ -40,7 +40,7 @@ rustPackages.rustPlatform.buildRustPackage rec { meta = with lib; { description = "An open source Spotify client running as a UNIX daemon"; homepage = "https://spotifyd.rs/"; - changelog = "https://github.com/Spotifyd/spotifyd/raw/v${version}/CHANGELOG.md"; + changelog = "https://github.com/Spotifyd/spotifyd/blob/${src.rev}/CHANGELOG.md"; license = licenses.gpl3Plus; maintainers = with maintainers; [ anderslundstedt Br1ght0ne marsam ]; platforms = platforms.unix; diff --git a/pkgs/applications/virtualization/singularity/packages.nix b/pkgs/applications/virtualization/singularity/packages.nix index 933bc4efa424..efa77b4209f3 100644 --- a/pkgs/applications/virtualization/singularity/packages.nix +++ b/pkgs/applications/virtualization/singularity/packages.nix @@ -7,20 +7,20 @@ let apptainer = callPackage (import ./generic.nix rec { pname = "apptainer"; - version = "1.2.5"; + version = "1.3.0"; projectName = "apptainer"; src = fetchFromGitHub { owner = "apptainer"; repo = "apptainer"; rev = "refs/tags/v${version}"; - hash = "sha256-1XuqyNXyYrmIfqp8450z8+qET15hKVfj2v2iN9QPmDk="; + hash = "sha256-YqPPTs7cIiMbOc8jOwr8KgUBVu2pTPlSL0Vvw/1n4co="; }; # Update by running # nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).goModules" # at the root directory of the Nixpkgs repository - vendorHash = "sha256-Y0gOqg+WGgssXGEYHc9IFwiIpkb3hetlQI89vseAQPc="; + vendorHash = "sha256-lWo6ic3Tdv1UInA5MtEaAgiheCin2JSh4nmheUooENY="; extraDescription = " (previously known as Singularity)"; extraMeta.homepage = "https://apptainer.org"; diff --git a/pkgs/by-name/pg/pg-dump-anon/package.nix b/pkgs/by-name/pg/pg-dump-anon/package.nix new file mode 100644 index 000000000000..fedcf9f40b6a --- /dev/null +++ b/pkgs/by-name/pg/pg-dump-anon/package.nix @@ -0,0 +1,32 @@ +{ lib, fetchFromGitLab, buildGoModule, nixosTests, postgresql, makeWrapper }: + +buildGoModule rec { + pname = "pg-dump-anon"; + version = "1.3.1"; + src = fetchFromGitLab { + owner = "dalibo"; + repo = "postgresql_anonymizer"; + rev = version; + hash = "sha256-Z5Oz/cIYDxFUZwQijRk4xAOUdOK0LWR+px8WOcs+Rs0="; + }; + + sourceRoot = "${src.name}/pg_dump_anon"; + + vendorHash = "sha256-CwU1zoIayxvfnGL9kPdummPJiV+ECfSz4+q6gZGb8pw="; + + passthru.tests = { inherit (nixosTests) pg_anonymizer; }; + + nativeBuildInputs = [ makeWrapper ]; + postInstall = '' + wrapProgram $out/bin/pg_dump_anon \ + --prefix PATH : ${lib.makeBinPath [ postgresql ]} + ''; + + meta = with lib; { + description = "Export databases with data being anonymized with the anonymizer extension"; + homepage = "https://postgresql-anonymizer.readthedocs.io/en/stable/"; + maintainers = teams.flyingcircus.members; + license = licenses.postgresql; + mainProgram = "pg_dump_anon"; + }; +} diff --git a/pkgs/by-name/tc/tcsh/package.nix b/pkgs/by-name/tc/tcsh/package.nix index 4fa358fbb7c3..7d60050b0a93 100644 --- a/pkgs/by-name/tc/tcsh/package.nix +++ b/pkgs/by-name/tc/tcsh/package.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "tcsh"; - version = "6.24.10"; + version = "6.24.11"; src = fetchurl { url = "mirror://tcsh/tcsh-${finalAttrs.version}.tar.gz"; - hash = "sha256-E0dcD763QTnTPteTvwD/u7KsLcn7HURGekEHYKujZmQ="; + hash = "sha256-tae2J6uz7y6NOoabtnXQ6SfYUHBER6Gyx3lGwNMkeZ0="; }; strictDeps = true; diff --git a/pkgs/desktops/xfce/applications/xfce4-terminal/default.nix b/pkgs/desktops/xfce/applications/xfce4-terminal/default.nix index ac1d8f96ea39..a9d87d4f6847 100644 --- a/pkgs/desktops/xfce/applications/xfce4-terminal/default.nix +++ b/pkgs/desktops/xfce/applications/xfce4-terminal/default.nix @@ -44,5 +44,6 @@ mkXfceDerivation { meta = with lib; { description = "A modern terminal emulator"; maintainers = with maintainers; [ ] ++ teams.xfce.members; + mainProgram = "xfce4-terminal"; }; } diff --git a/pkgs/development/compilers/erg/default.nix b/pkgs/development/compilers/erg/default.nix index ab5458855423..c2ecc635e05c 100644 --- a/pkgs/development/compilers/erg/default.nix +++ b/pkgs/development/compilers/erg/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "erg"; - version = "0.6.30"; + version = "0.6.32"; src = fetchFromGitHub { owner = "erg-lang"; repo = "erg"; rev = "v${version}"; - hash = "sha256-lStTLDXgdaaqyzdzU1V2JnKX8jt27Z1A23fkuZU8dt0="; + hash = "sha256-l+I6ue824dvZ1AmSS/y+Sh43OstJ5c+8xIXvoVpMFws="; }; - cargoHash = "sha256-MsDan3wL9RhH0uhAuq0Lg8IRBXR8a3ooEBx6n2CMAVk="; + cargoHash = "sha256-SRltpqTviC+Dq9pPBuLjctOXOKTYw+zVlvA9wi0iFWg="; nativeBuildInputs = [ makeWrapper diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix index ee2bf413a426..4af1662b3694 100644 --- a/pkgs/development/interpreters/php/8.3.nix +++ b/pkgs/development/interpreters/php/8.3.nix @@ -2,8 +2,8 @@ let base = callPackage ./generic.nix (_args // { - version = "8.3.3"; - hash = "sha256-qvthO6eVlKI/5yL46QrUczAGEL+A50uKpS2pysLcTio="; + version = "8.3.4"; + hash = "sha256-PFyvGODAokOq7JE6OeywkgQxla3eTD/ELpRdpbkndpU="; }); in base.withExtensions ({ all, ... }: with all; ([ diff --git a/pkgs/development/php-packages/phalcon/default.nix b/pkgs/development/php-packages/phalcon/default.nix index 57affde8d4e2..07854fdf3b11 100644 --- a/pkgs/development/php-packages/phalcon/default.nix +++ b/pkgs/development/php-packages/phalcon/default.nix @@ -2,13 +2,13 @@ buildPecl rec { pname = "phalcon"; - version = "5.6.1"; + version = "5.6.2"; src = fetchFromGitHub { owner = "phalcon"; repo = "cphalcon"; rev = "v${version}"; - hash = "sha256-1dCtj3pJGOY7sRe6xx8JgPPLSj/6qMemUnqrt9guPIk="; + hash = "sha256-AgyV9pxyXcXuhrRgozN2p67u8xZMepbWrzYaBZMFn6k="; }; internalDeps = [ php.extensions.session php.extensions.pdo ]; diff --git a/pkgs/development/python-modules/orgparse/default.nix b/pkgs/development/python-modules/orgparse/default.nix new file mode 100644 index 000000000000..67988d5529ff --- /dev/null +++ b/pkgs/development/python-modules/orgparse/default.nix @@ -0,0 +1,22 @@ +{ lib, python3Packages, fetchPypi }: + +python3Packages.buildPythonPackage rec { + pname = "orgparse"; + version = "0.4.20231004"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-pOOK6tq/mYiw9npmrNCCedGCILy8QioSkGDCiQu6kaA="; + }; + + nativeBuildInputs = [ python3Packages.setuptools-scm ]; + + pyproject = true; + + meta = with lib; { + homepage = "https://github.com/karlicoss/orgparse"; + description = "orgparse - Emacs org-mode parser in Python"; + license = licenses.bsd2; + maintainers = with maintainers; [ twitchy0 ]; + }; +} diff --git a/pkgs/development/tools/ruff/default.nix b/pkgs/development/tools/ruff/default.nix index 81cffa4c721d..25ef6c14921d 100644 --- a/pkgs/development/tools/ruff/default.nix +++ b/pkgs/development/tools/ruff/default.nix @@ -10,16 +10,16 @@ rustPlatform.buildRustPackage rec { pname = "ruff"; - version = "0.3.1"; + version = "0.3.2"; src = fetchFromGitHub { owner = "astral-sh"; repo = "ruff"; rev = "refs/tags/v${version}"; - hash = "sha256-MuvVpMBEQSOz6vSEhw7fmvAwgUu/7hrbtP8/MsIL57c="; + hash = "sha256-2Pt2HuDB9JLD9E1q0JH7jyVoc0II5uVL1l8pAod+9V4="; }; - cargoHash = "sha256-zC4rXgqT0nw22adtoe51wN8XVbr6drXvqWqyJeqSGYc="; + cargoHash = "sha256-njHpqWXFNdwenV58+VGznnqbaNK1GoGtHSTfKU2MRbs="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/servers/http/tomcat/default.nix b/pkgs/servers/http/tomcat/default.nix index fdbafa313dc7..710caedc094e 100644 --- a/pkgs/servers/http/tomcat/default.nix +++ b/pkgs/servers/http/tomcat/default.nix @@ -39,12 +39,12 @@ let in { tomcat9 = common { - version = "9.0.85"; - hash = "sha256-oYdNXi5yADqBJ25alSAASsoRPxNfyEEzQim2j20luh4="; + version = "9.0.87"; + hash = "sha256-2kgvuSIAhtvzceGAqgnGQCr48EhYZzTN7dSgjEjUzgI="; }; tomcat10 = common { - version = "10.1.18"; - hash = "sha256-baC0y9MUDmSocZot4ZwgvzkC0mShQqgWrFUq4hat4xE="; + version = "10.1.19"; + hash = "sha256-w+pp2SvPw+15Ko2AeUrNuFbxwF2KBF4XpxoliKDHULc="; }; } diff --git a/pkgs/servers/sql/postgresql/ext/anonymizer.nix b/pkgs/servers/sql/postgresql/ext/anonymizer.nix new file mode 100644 index 000000000000..430911d40108 --- /dev/null +++ b/pkgs/servers/sql/postgresql/ext/anonymizer.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, pg-dump-anon, postgresql, runtimeShell }: + +stdenv.mkDerivation (finalAttrs: { + pname = "postgresql_anonymizer"; + + inherit (pg-dump-anon) version src passthru; + + buildInputs = [ postgresql ]; + nativeBuildInputs = [ postgresql ] ++ lib.optional postgresql.jitSupport postgresql.llvm; + + strictDeps = true; + + makeFlags = [ + "BINDIR=${placeholder "out"}/bin" + "datadir=${placeholder "out"}/share/postgresql" + "pkglibdir=${placeholder "out"}/lib" + "DESTDIR=" + ]; + + postInstall = '' + cat >$out/bin/pg_dump_anon.sh <<'EOF' + #!${runtimeShell} + echo "This script is deprecated by upstream. To use the new script," + echo "please install pkgs.pg-dump-anon." + exit 1 + EOF + ''; + + meta = pg-dump-anon.meta // { + description = "Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database"; + }; +}) diff --git a/pkgs/servers/sql/postgresql/packages.nix b/pkgs/servers/sql/postgresql/packages.nix index 9cc83118c526..eabcb0613c0d 100644 --- a/pkgs/servers/sql/postgresql/packages.nix +++ b/pkgs/servers/sql/postgresql/packages.nix @@ -2,6 +2,8 @@ self: super: { age = super.callPackage ./ext/age.nix { }; + anonymizer = super.callPackage ./ext/anonymizer.nix { }; + apache_datasketches = super.callPackage ./ext/apache_datasketches.nix { }; citus = super.callPackage ./ext/citus.nix { }; diff --git a/pkgs/tools/X11/xdragon/default.nix b/pkgs/tools/X11/xdragon/default.nix index 7061a8f0a1cf..9f12a78e2936 100644 --- a/pkgs/tools/X11/xdragon/default.nix +++ b/pkgs/tools/X11/xdragon/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, fetchFromGitHub, pkg-config, gtk3 }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "xdragon"; version = "1.2.0"; src = fetchFromGitHub { owner = "mwh"; repo = "dragon"; - rev = "v${version}"; - sha256 = "sha256-wqG6idlVvdN+sPwYgWu3UL0la5ssvymZibiak3KeV7M="; + rev = "v${finalAttrs.version}"; + hash = "sha256-wqG6idlVvdN+sPwYgWu3UL0la5ssvymZibiak3KeV7M="; }; nativeBuildInputs = [ pkg-config ]; @@ -24,5 +24,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/mwh/dragon"; license = licenses.gpl3; maintainers = with maintainers; [ das_j ]; + mainProgram = "xdragon"; }; -} +}) diff --git a/pkgs/tools/text/hck/default.nix b/pkgs/tools/text/hck/default.nix index 0467894b116a..782d746398a1 100644 --- a/pkgs/tools/text/hck/default.nix +++ b/pkgs/tools/text/hck/default.nix @@ -12,10 +12,10 @@ rustPlatform.buildRustPackage rec { owner = "sstadick"; repo = pname; rev = "v${version}"; - sha256 = "sha256-KPpvai7+El2JA97EXDCstZ66FeyVCe7w+ERDDNRZ/h8="; + hash = "sha256-KPpvai7+El2JA97EXDCstZ66FeyVCe7w+ERDDNRZ/h8="; }; - cargoSha256 = "sha256-TpwUO0BL8kambnxAUE9+l6YYkNL1WzmkTYn1YxjufdY="; + cargoHash = "sha256-TpwUO0BL8kambnxAUE9+l6YYkNL1WzmkTYn1YxjufdY="; nativeBuildInputs = [ cmake ]; @@ -25,5 +25,6 @@ rustPlatform.buildRustPackage rec { changelog = "https://github.com/sstadick/hck/blob/v${version}/CHANGELOG.md"; license = with licenses; [ mit /* or */ unlicense ]; maintainers = with maintainers; [ figsoda ]; + mainProgram = "hck"; }; } diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 9a5c7cd5e667..870f45b8709a 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -9060,6 +9060,8 @@ self: super: with self; { orderedset = callPackage ../development/python-modules/orderedset { }; + orgparse = callPackage ../development/python-modules/orgparse { }; + orjson = callPackage ../development/python-modules/orjson { }; orm = callPackage ../development/python-modules/orm { };