From 44454a17b42dfeb50fe010975a60e6e13155594c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 26 Mar 2022 23:41:46 +0000 Subject: [PATCH 01/26] jruby: 9.3.3.0 -> 9.3.4.0 --- pkgs/development/interpreters/jruby/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/jruby/default.nix b/pkgs/development/interpreters/jruby/default.nix index 468f9fac64c1..fc49f2c73ff8 100644 --- a/pkgs/development/interpreters/jruby/default.nix +++ b/pkgs/development/interpreters/jruby/default.nix @@ -6,11 +6,11 @@ rubyVersion = callPackage ../ruby/ruby-version.nix {} "2" "5" "7" ""; jruby = stdenv.mkDerivation rec { pname = "jruby"; - version = "9.3.3.0"; + version = "9.3.4.0"; src = fetchurl { url = "https://s3.amazonaws.com/jruby.org/downloads/${version}/jruby-bin-${version}.tar.gz"; - sha256 = "sha256-Pagoy+KH1UaFB/HCxCvvbPNLxTYbzWpdmcIHshuf3Fw="; + sha256 = "sha256-UxVE0yeocVXYyATxU6LfPPBPAYJWHLLdLJNy9IYFtlw="; }; nativeBuildInputs = [ makeWrapper ]; From 47be0b370a9e4860eab2b91ea7ad022c33fda2bf Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 29 Mar 2022 09:48:54 +0000 Subject: [PATCH 02/26] black-hole-solver: 1.10.1 -> 1.12.0 --- pkgs/games/black-hole-solver/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/games/black-hole-solver/default.nix b/pkgs/games/black-hole-solver/default.nix index e859e72d96b1..601aaeb1d90d 100644 --- a/pkgs/games/black-hole-solver/default.nix +++ b/pkgs/games/black-hole-solver/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { pname = "black-hole-solver"; - version = "1.10.1"; + version = "1.12.0"; meta = with lib; { homepage = "https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/"; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://fc-solve.shlomifish.org/downloads/fc-solve/${pname}-${version}.tar.xz"; - sha256 = "1qhihmk4fwz6n16c7bnxnh3v7jhbb7xhkc9wk9484bp0k4x9bq9n"; + sha256 = "sha256-0y8yU291cykliPQbsNha5C1WE3bCGNxKtrrf5JBKN6c="; }; nativeBuildInputs = [ cmake perl pkg-config python3 ]; From 7661ce7cfbe3477f7accc87fda59303489ff923f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 29 Mar 2022 11:50:13 +0000 Subject: [PATCH 03/26] clifm: 1.4 -> 1.5.1 --- pkgs/applications/misc/clifm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/clifm/default.nix b/pkgs/applications/misc/clifm/default.nix index e6c71d527caa..981f05567906 100644 --- a/pkgs/applications/misc/clifm/default.nix +++ b/pkgs/applications/misc/clifm/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "clifm"; - version = "1.4"; + version = "1.5.1"; src = fetchFromGitHub { owner = "leo-arch"; repo = pname; rev = "v${version}"; - sha256 = "sha256-62WxvJsXkzvDqFGFpid9VDB1mARgllkKnb6mFC5pdl8="; + sha256 = "sha256-JdVRi5xHKpYjP8h7df4WdizSU1dy+CtPfOiPEK+MEOE="; }; buildInputs = [ libcap acl file readline ]; From 4c8fe91fb0bb87c8fe9edff91bb7f447ec56752e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= Date: Wed, 11 May 2022 14:29:30 +1000 Subject: [PATCH 04/26] go-camo: init at 2.4.0 --- pkgs/servers/http/go-camo/default.nix | 25 +++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 27 insertions(+) create mode 100644 pkgs/servers/http/go-camo/default.nix diff --git a/pkgs/servers/http/go-camo/default.nix b/pkgs/servers/http/go-camo/default.nix new file mode 100644 index 000000000000..2d1e09aa2775 --- /dev/null +++ b/pkgs/servers/http/go-camo/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "go-camo"; + version = "2.4.0"; + + src = fetchFromGitHub { + owner = "cactus"; + repo = pname; + rev = "v${version}"; + sha256 = "1Wzy5EHFJAPnxusUBvNoJnXyVAx/LiiTgIQZE9r01Lw="; + }; + + vendorSha256 = "31B6LXCutIdPwxqMFTMUfxAaCuYW14py8Vu1EycBydE="; + + ldflags = [ "-s" "-w" "-X=main.ServerVersion=${version}" ]; + + meta = with lib; { + description = "A camo server is a special type of image proxy that proxies non-secure images over SSL/TLS"; + homepage = "https://github.com/cactus/go-camo"; + changelog = "https://github.com/cactus/go-camo/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ viraptor ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7eedb84359bc..23b0bf1c9f9d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21745,6 +21745,8 @@ with pkgs; nats-server = callPackage ../servers/nats-server { }; + go-camo = callPackage ../servers/http/go-camo { }; + gofish = callPackage ../servers/gopher/gofish { }; grafana = callPackage ../servers/monitoring/grafana { }; From 1568b6c5fd8491e76d71deb316e094ed20cf5225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 19 May 2022 01:46:30 +0200 Subject: [PATCH 05/26] python310Packages.django-guardian: normalise attr, add pythonImportsCheck, adopt --- .../default.nix | 25 +++++++++++++++---- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 +- 3 files changed, 22 insertions(+), 6 deletions(-) rename pkgs/development/python-modules/{django_guardian => django-guardian}/default.nix (55%) diff --git a/pkgs/development/python-modules/django_guardian/default.nix b/pkgs/development/python-modules/django-guardian/default.nix similarity index 55% rename from pkgs/development/python-modules/django_guardian/default.nix rename to pkgs/development/python-modules/django-guardian/default.nix index c7bda13dd9ab..6dd9c669a3f1 100644 --- a/pkgs/development/python-modules/django_guardian/default.nix +++ b/pkgs/development/python-modules/django-guardian/default.nix @@ -1,7 +1,13 @@ -{ lib, buildPythonPackage, fetchPypi -, django-environ, mock, django -, pytest, pytest-runner, pytest-django +{ lib +, buildPythonPackage +, fetchPypi +, django-environ +, mock +, django +, pytestCheckHook +, pytest-django }: + buildPythonPackage rec { pname = "django-guardian"; version = "2.4.0"; @@ -11,12 +17,21 @@ buildPythonPackage rec { sha256 = "c58a68ae76922d33e6bdc0e69af1892097838de56e93e78a8361090bcd9f89a0"; }; - checkInputs = [ pytest pytest-runner pytest-django django-environ mock ]; propagatedBuildInputs = [ django ]; + checkInputs = [ + django-environ + mock + pytestCheckHook + pytest-django + ]; + + pythonImportsCheck = [ "guardian" ]; + meta = with lib; { description = "Per object permissions for Django"; homepage = "https://github.com/django-guardian/django-guardian"; - license = [ licenses.mit licenses.bsd2 ]; + license = with licenses; [ mit bsd2 ]; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index d76d079eab29..29827b54712c 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -57,6 +57,7 @@ mapAliases ({ django_appconf = django-appconf; # added 2022-03-03 django_environ = django-environ; # added 2021-12-25 django_extensions = django-extensions; # added 2022-01-09 + django_guardian = django-guardian; # added 2022-05-19 django_modelcluster = django-modelcluster; # added 2022-04-02 django_redis = django-redis; # added 2021-10-11 django_taggit = django-taggit; # added 2021-10-11 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e25e0968fa7d..cc55c40e2645 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2321,7 +2321,7 @@ in { django-gravatar2 = callPackage ../development/python-modules/django-gravatar2 { }; - django_guardian = callPackage ../development/python-modules/django_guardian { }; + django-guardian = callPackage ../development/python-modules/django-guardian { }; django-haystack = callPackage ../development/python-modules/django-haystack { }; From efe825af166cd36293934e0eb184871ce9c359be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 19 May 2022 10:28:34 +0200 Subject: [PATCH 06/26] python310Packages.djangorestframework: 3.12.4 -> 3.13.1, enable tests, adopt --- .../djangorestframework/default.nix | 42 +++++++++++++++---- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/pkgs/development/python-modules/djangorestframework/default.nix b/pkgs/development/python-modules/djangorestframework/default.nix index f8de884a24f0..7feb65620265 100644 --- a/pkgs/development/python-modules/djangorestframework/default.nix +++ b/pkgs/development/python-modules/djangorestframework/default.nix @@ -1,26 +1,52 @@ -{ lib, buildPythonPackage, fetchFromGitHub, django, pytz, isPy27 }: +{ lib +, buildPythonPackage +, fetchFromGitHub +, coreapi +, django +, django-guardian +, pythonOlder +, pytest-django +, pytestCheckHook +, pytz +, pyyaml +, uritemplate +}: buildPythonPackage rec { - version = "3.12.4"; pname = "djangorestframework"; - disabled = isPy27; + version = "3.13.1"; + disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "encode"; repo = "django-rest-framework"; rev = version; - sha256 = "sha256-FjMRfVyLmm5J9uOUTLZpO3Pvge3RoYnqIRvzMng7wZo="; + sha256 = "sha256-XmX6DZBZYzVCe72GERplAWt5jIjV/cYercZGb0pYjoc="; }; - # Test settings are missing - doCheck = false; - propagatedBuildInputs = [ django pytz ]; + propagatedBuildInputs = [ + django + pytz + ]; + + checkInputs = [ + pytest-django + pytestCheckHook + + # optional tests + coreapi + django-guardian + pyyaml + uritemplate + ]; + + pythonImportsCheck = [ "rest_framework" ]; meta = with lib; { description = "Web APIs for Django, made easy"; homepage = "https://www.django-rest-framework.org/"; - maintainers = with maintainers; [ desiderius ]; + maintainers = with maintainers; [ desiderius SuperSandro2000 ]; license = licenses.bsd2; }; } From 2fd6e6e264d033fa32582c32c717590f8f614541 Mon Sep 17 00:00:00 2001 From: Matthias Treydte Date: Fri, 20 May 2022 09:23:31 +0200 Subject: [PATCH 07/26] nginx: take care not to pull in module sources as runtime deps Nginx likes to print the "configured with ..." stuff on startup, containing the full configure command line. When built with modules (which it seems to be by default), this causes the module sources to appear as runtime dependencies. So just use the remove-references-to script to patch those out. For a default installation, the rtmp, dav and moreheaders module sources are gone, for special cases potentially more. --- pkgs/servers/http/nginx/generic.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index e189a7d2fdff..039139e9083c 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -2,7 +2,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt , nginx-doc , nixosTests -, substituteAll, gd, geoip, perl +, substituteAll, removeReferencesTo, gd, geoip, perl , withDebug ? false , withKTLS ? false , withStream ? true @@ -158,9 +158,16 @@ stdenv.mkDerivation { cp -r ${nginx-doc}/* $doc ''; - postInstall = if postInstall != null then postInstall else '' - mv $out/sbin $out/bin - ''; + nativeBuildInputs = [ removeReferencesTo ]; + + disallowedReferences = map (m: m.src) modules; + + postInstall = + let + noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules; + in noSourceRefs + (if postInstall != null then postInstall else '' + mv $out/sbin $out/bin + ''); passthru = { modules = modules; From 7c0dd3ff5bbe908bb1bbd86ef864625f6f47afee Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Fri, 20 May 2022 19:12:11 +0100 Subject: [PATCH 08/26] trivy: mark x86_64-darwin broken --- pkgs/tools/admin/trivy/default.nix | 10 ++++------ pkgs/top-level/all-packages.nix | 1 - 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/pkgs/tools/admin/trivy/default.nix b/pkgs/tools/admin/trivy/default.nix index f769850224b8..a3bd6bca4dc1 100644 --- a/pkgs/tools/admin/trivy/default.nix +++ b/pkgs/tools/admin/trivy/default.nix @@ -2,8 +2,6 @@ , stdenv , buildGoModule , fetchFromGitHub -, CoreFoundation -, Security }: buildGoModule rec { @@ -20,16 +18,13 @@ buildGoModule rec { excludedPackages = "misc"; - buildInputs = lib.optionals (stdenv.isDarwin && stdenv.isx86_64) - [ CoreFoundation Security ]; - ldflags = [ "-s" "-w" "-X main.version=v${version}" ]; - # Tests requires network access + # Tests require network access doCheck = false; doInstallCheck = true; @@ -54,5 +49,8 @@ buildGoModule rec { ''; license = licenses.asl20; maintainers = with maintainers; [ jk ]; + # Need updated macOS SDK + # https://github.com/NixOS/nixpkgs/issues/101229 + broken = (stdenv.isDarwin && stdenv.isx86_64); }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 98186dd4c455..dd758634f548 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5464,7 +5464,6 @@ with pkgs; trivy = callPackage ../tools/admin/trivy { buildGoModule = buildGo118Module; - inherit (darwin.apple_sdk.frameworks) CoreFoundation Security; }; trompeloeil = callPackage ../development/libraries/trompeloeil { }; From 3c627fc5d37c8c77d33bf097131ee4c0f3c53230 Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Sat, 21 May 2022 10:57:18 +0530 Subject: [PATCH 09/26] cni-flannel-plugin: 1.0.0 -> 1.1.0 --- pkgs/tools/networking/flannel/plugin.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/networking/flannel/plugin.nix b/pkgs/tools/networking/flannel/plugin.nix index db55a3dfd04c..957d5415164e 100644 --- a/pkgs/tools/networking/flannel/plugin.nix +++ b/pkgs/tools/networking/flannel/plugin.nix @@ -2,16 +2,23 @@ buildGoModule rec { pname = "cni-plugin-flannel"; - version = "1.0.0"; + version = "1.1.0"; src = fetchFromGitHub { owner = "flannel-io"; repo = "cni-plugin"; rev = "v${version}"; - sha256 = "sha256-zWxw4LZIlkT88yGTnxdupq7cUSacNRxPzzp01O9USDw="; + sha256 = "sha256-Rq1hVZazeF39YGiuuWC8adff3AhPsSLnnfVpGCaMqgc="; }; - vendorSha256 = "sha256-zteMlrvRTVxOFlBy+z/qfiSii8+c8PMapwIsdbN+Aig="; + vendorSha256 = "sha256-ddwNJZzdyO/wEdy0C7Z8IoOWXY4jggcgIHxmRUGGf9s="; + + ldflags = [ + "-s" "-w" + "-X main.Version=${version}" + "-X main.Commit=${version}" + "-X main.Program=flannel" + ]; postInstall = '' mv $out/bin/cni-plugin $out/bin/flannel @@ -22,7 +29,7 @@ buildGoModule rec { installCheckPhase = '' runHook preInstallCheck - $out/bin/flannel 2>&1 | fgrep -q v$version + $out/bin/flannel 2>&1 | fgrep -q $version runHook postInstallCheck ''; From 6f7f5bc8235a37214d92fb817a95d31af5f1e052 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sat, 21 May 2022 11:28:13 +0100 Subject: [PATCH 10/26] lastpass-cli: fix build for -fno-common toolchains Without the change build fails on upstream gcc-10: ld: CMakeFiles/lpass.dir/util.c.o:(.bss+0x8): multiple definition of `ARGC'; CMakeFiles/lpass.dir/agent.c.o:(.bss+0x8): first defined here --- pkgs/tools/security/lastpass-cli/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix index 3da3342e3794..14a6ef750e3a 100644 --- a/pkgs/tools/security/lastpass-cli/default.nix +++ b/pkgs/tools/security/lastpass-cli/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , fetchFromGitHub +, fetchpatch , asciidoc , cmake , docbook_xsl @@ -23,6 +24,16 @@ stdenv.mkDerivation rec { sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a"; }; + patches = [ + # Pull fix pending upstream inclusion for -fno-common toolchains: + # https://github.com/lastpass/lastpass-cli/pull/576 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/lastpass/lastpass-cli/commit/e3311cebdb29a3267843cf656a32f01c5062897e.patch"; + sha256 = "1yjx2p98nb3n8ywc9lhf2zal5fswawb5i6lgnicdin23zngff5l8"; + }) + ]; + nativeBuildInputs = [ asciidoc cmake docbook_xsl pkg-config ]; buildInputs = [ From e2917e019bd88d87581e381516fe9e6cb67bac91 Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Sat, 21 May 2022 13:39:32 +0100 Subject: [PATCH 11/26] tracee: init at 0.7.0 --- .../security/tracee/bpf-core-clang-bpf.patch | 13 ++ pkgs/tools/security/tracee/default.nix | 113 ++++++++++++++++++ .../tracee/disable-go-symbol-table.patch | 22 ++++ pkgs/top-level/all-packages.nix | 2 + 4 files changed, 150 insertions(+) create mode 100644 pkgs/tools/security/tracee/bpf-core-clang-bpf.patch create mode 100644 pkgs/tools/security/tracee/default.nix create mode 100644 pkgs/tools/security/tracee/disable-go-symbol-table.patch diff --git a/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch b/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch new file mode 100644 index 000000000000..f73e52841d3e --- /dev/null +++ b/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d5cd754..db1c1d3 100644 +--- a/Makefile ++++ b/Makefile +@@ -411,7 +411,7 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \ + $(TRACEE_EBPF_OBJ_CORE_HEADERS) + # + $(MAKE) $(OUTPUT_DIR)/tracee.bpf +- $(CMD_CLANG) \ ++ $(CMD_CLANG_BPF) \ + -D__TARGET_ARCH_$(LINUX_ARCH) \ + -D__BPF_TRACING__ \ + -DCORE \ diff --git a/pkgs/tools/security/tracee/default.nix b/pkgs/tools/security/tracee/default.nix new file mode 100644 index 000000000000..48d102e619d4 --- /dev/null +++ b/pkgs/tools/security/tracee/default.nix @@ -0,0 +1,113 @@ +{ lib +, buildGoModule +, fetchFromGitHub + +, llvmPackages_13 +, pkg-config + +, zlib +, libelf +}: + +let + inherit (llvmPackages_13) clang; + clang-with-bpf = + (clang.overrideAttrs (o: { pname = o.pname + "-with-bpf"; })).override (o: { + extraBuildCommands = o.extraBuildCommands + '' + # make a separate wrapped clang we can target at bpf + cp $out/bin/clang $out/bin/clang-bpf + # extra flags to append after the cc-cflags + echo '-target bpf -fno-stack-protector' > $out/nix-support/cc-cflags-bpf + # use sed to attach the cc-cflags-bpf after cc-cflags + sed -i -E "s@^(extraAfter=\(\\$\NIX_CFLAGS_COMPILE_.*)(\))\$@\1 $(cat $out/nix-support/cc-cflags-bpf)\2@" $out/bin/clang-bpf + ''; + }); +in +buildGoModule rec { + pname = "tracee"; + version = "0.7.0"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-Y++FWxADnj1W5S3VrAlJAnotFYb6biCPJ6dpQ0Nin8o="; + # Once libbpf hits 1.0 we will migrate to the nixpkgs libbpf rather than the + # pinned copy in submodules + fetchSubmodules = true; + }; + vendorSha256 = "sha256-C2RExp67qax8+zJIgyMJ18sBtn/xEYj4tAvGCCpBssQ="; + + patches = [ + # bpf-core can't be compiled with wrapped clang since it forces the target + # we need to be able to replace it with another wrapped clang that has + # it's target as bpf + ./bpf-core-clang-bpf.patch + # add -s to ldflags for smaller binaries + ./disable-go-symbol-table.patch + ]; + + + enableParallelBuilding = true; + + strictDeps = true; + nativeBuildInputs = [ pkg-config clang-with-bpf ]; + buildInputs = [ zlib libelf ]; + + makeFlags = [ + "VERSION=v${version}" + "CMD_CLANG_BPF=clang-bpf" + # don't actually need git but the Makefile checks for it + "CMD_GIT=echo" + ]; + + buildPhase = '' + runHook preBuild + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} + runHook postBuild + ''; + + doCheck = false; + + installPhase = '' + runHook preInstall + + mkdir -p $out/{bin,share/tracee} + + cp ./dist/tracee-ebpf $out/bin + cp ./dist/tracee-rules $out/bin + + cp -r ./dist/rules $out/share/tracee/ + cp -r ./cmd/tracee-rules/templates $out/share/tracee/ + + runHook postInstall + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/tracee-ebpf --help + $out/bin/tracee-ebpf --version | grep "v${version}" + + $out/bin/tracee-rules --help + + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://aquasecurity.github.io/tracee/latest/"; + changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}"; + description = "Linux Runtime Security and Forensics using eBPF"; + longDescription = '' + Tracee is a Runtime Security and forensics tool for Linux. It is using + Linux eBPF technology to trace your system and applications at runtime, + and analyze collected events to detect suspicious behavioral patterns. It + is delivered as a Docker image that monitors the OS and detects suspicious + behavior based on a pre-defined set of behavioral patterns. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/tools/security/tracee/disable-go-symbol-table.patch b/pkgs/tools/security/tracee/disable-go-symbol-table.patch new file mode 100644 index 000000000000..2aba5f5c338f --- /dev/null +++ b/pkgs/tools/security/tracee/disable-go-symbol-table.patch @@ -0,0 +1,22 @@ +diff --git a/Makefile b/Makefile +index d5cd754..0b74a79 100644 +--- a/Makefile ++++ b/Makefile +@@ -471,7 +471,7 @@ ifeq ($(BTFHUB), 1) + endif + $(GO_ENV_EBPF) $(CMD_GO) build \ + -tags $(GO_TAGS_EBPF) \ +- -ldflags="-w \ ++ -ldflags="-s -w \ + -extldflags \"$(CGO_EXT_LDFLAGS_EBPF)\" \ + -X main.version=\"$(VERSION)\" \ + " \ +@@ -552,7 +552,7 @@ $(OUTPUT_DIR)/tracee-rules: \ + # + $(GO_ENV_RULES) $(CMD_GO) build \ + -tags $(GO_TAGS_RULES) \ +- -ldflags="-w \ ++ -ldflags="-s -w \ + -extldflags \"$(CGO_EXT_LDFLAGS_RULES)\" \ + " \ + -v -o $@ \ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0fdd0865d0e8..6ea48247cffb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11033,6 +11033,8 @@ with pkgs; tracebox = callPackage ../tools/networking/tracebox { }; + tracee = callPackage ../tools/security/tracee { }; + tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { }; tracefilesim = callPackage ../development/tools/analysis/garcosim/tracefilesim { }; From c68803fe317ae500bf3c64d635ac24b50d7b21e8 Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Sat, 21 May 2022 13:41:10 +0100 Subject: [PATCH 12/26] tracee: add manual nixosTest for integration testing --- .../security/tracee/skip-init-test.patch | 12 ++++++ .../tracee/skip-magic_write-test.patch | 12 ++++++ pkgs/tools/security/tracee/test.nix | 41 +++++++++++++++++++ 3 files changed, 65 insertions(+) create mode 100644 pkgs/tools/security/tracee/skip-init-test.patch create mode 100644 pkgs/tools/security/tracee/skip-magic_write-test.patch create mode 100644 pkgs/tools/security/tracee/test.nix diff --git a/pkgs/tools/security/tracee/skip-init-test.patch b/pkgs/tools/security/tracee/skip-init-test.patch new file mode 100644 index 000000000000..612e56e4446f --- /dev/null +++ b/pkgs/tools/security/tracee/skip-init-test.patch @@ -0,0 +1,12 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index 8601eb9..57088d2 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -149,6 +149,7 @@ func checkUidzero(t *testing.T, gotOutput *bytes.Buffer) { + + // only capture pids of 1 + func checkPidOne(t *testing.T, gotOutput *bytes.Buffer) { ++ t.Skip("Not compatible with systemd init") + _, _ = exec.Command("init", "q").CombinedOutput() + + waitForTraceeOutput(gotOutput, time.Now()) diff --git a/pkgs/tools/security/tracee/skip-magic_write-test.patch b/pkgs/tools/security/tracee/skip-magic_write-test.patch new file mode 100644 index 000000000000..99869a18f0e8 --- /dev/null +++ b/pkgs/tools/security/tracee/skip-magic_write-test.patch @@ -0,0 +1,12 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index 8601eb9..a8a3eed 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -75,6 +75,7 @@ func waitForTraceeOutput(gotOutput *bytes.Buffer, now time.Time) { + + // small set of actions to trigger a magic write event + func checkMagicwrite(t *testing.T, gotOutput *bytes.Buffer) { ++ t.Skip() + // create a temp dir for testing + d, err := ioutil.TempDir("", "Test_MagicWrite-dir-*") + require.NoError(t, err) diff --git a/pkgs/tools/security/tracee/test.nix b/pkgs/tools/security/tracee/test.nix new file mode 100644 index 000000000000..cb639ed03173 --- /dev/null +++ b/pkgs/tools/security/tracee/test.nix @@ -0,0 +1,41 @@ +{ pkgs ? import ../../../../. { } }: + +# manually run `nix-build ./pkgs/tools/security/tracee/test.nix` to test +pkgs.nixosTest ({ + name = "tracee-test"; + nodes = { + machine = { config, pkgs, ... }: { + environment.systemPackages = [ + pkgs.tracee + # build the go integration tests as a binary + (pkgs.tracee.overrideAttrs (oa: { + pname = oa.pname + "-integration"; + patches = oa.patches or [] ++ [ + # skip test that runs `init -q` which is incompatible with systemd init + ./skip-init-test.patch + # skip magic_write test that currently fails + ./skip-magic_write-test.patch + ]; + # just build the static lib we need for the go test binary + makeFlags = oa.makeFlags ++ [ "./dist/libbpf/libbpf.a" ]; + postBuild = '' + # by default the tests are disabled and this is intended to be commented out + sed -i '/t.Skip("This test requires root privileges")/d' ./tests/integration/integration_test.go + CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags ebpf,integration -c -o $GOPATH/tracee-integration ./tests/integration + ''; + doCheck = false; + installPhase = '' + mkdir -p $out/bin + cp $GOPATH/tracee-integration $out/bin + ''; + doInstallCheck = false; + })) + ]; + }; + }; + + testScript = '' + with subtest("run integration tests"): + print(machine.succeed('TRC_BIN="$(which tracee-ebpf)" tracee-integration -test.v -test.run "Test_Events"')) + ''; +}) From fde16aefa7561bbc34d4e9f75581075bd69570d6 Mon Sep 17 00:00:00 2001 From: Ben Wolsieffer Date: Sat, 21 May 2022 20:51:32 -0400 Subject: [PATCH 13/26] qgroundcontrol: 4.2.0 -> 4.2.1 --- pkgs/applications/science/robotics/qgroundcontrol/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/robotics/qgroundcontrol/default.nix b/pkgs/applications/science/robotics/qgroundcontrol/default.nix index 7a75c8edb2b3..92f6ebe6ceb9 100644 --- a/pkgs/applications/science/robotics/qgroundcontrol/default.nix +++ b/pkgs/applications/science/robotics/qgroundcontrol/default.nix @@ -6,7 +6,7 @@ mkDerivation rec { pname = "qgroundcontrol"; - version = "4.2.0"; + version = "4.2.1"; qtInputs = [ qtbase qtcharts qtlocation qtserialport qtsvg qtquickcontrols2 @@ -64,7 +64,7 @@ mkDerivation rec { owner = "mavlink"; repo = pname; rev = "v${version}"; - sha256 = "sha256-TBnJQKO9cwxP9q+bIB1CaGnm9npymJ3iEAD9kPJi9JA="; + sha256 = "sha256-7POrc6RUm3GVx3KuPUBNbKRUvUmA2UkEL7ezQVQt/yo="; fetchSubmodules = true; }; From ecb166b3e3890504af0828bfd2e03edd6f720971 Mon Sep 17 00:00:00 2001 From: Matthias Treydte Date: Sun, 22 May 2022 10:35:48 +0200 Subject: [PATCH 14/26] nginx: simplify the postInstall phase Per suggestion from @ajs124, we can rely on the "move-sbin" setup hook to move the executable to $out/bin instead of doing it manually and simplify accoringly. --- pkgs/servers/http/nginx/generic.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index 039139e9083c..4e0572b10393 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -22,7 +22,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt , extraPatches ? [] , fixPatch ? p: p , preConfigure ? "" -, postInstall ? null +, postInstall ? "" , meta ? null , nginx-doc ? outer.nginx-doc , passthru ? { tests = {}; } @@ -165,9 +165,7 @@ stdenv.mkDerivation { postInstall = let noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules; - in noSourceRefs + (if postInstall != null then postInstall else '' - mv $out/sbin $out/bin - ''); + in noSourceRefs + postInstall; passthru = { modules = modules; From f7933e9fac9274cf4bacf7b2163a1df9108712c2 Mon Sep 17 00:00:00 2001 From: Francesco Gazzetta Date: Sun, 22 May 2022 18:16:40 +0200 Subject: [PATCH 15/26] pt2-clone: 1.46 -> 1.49 --- pkgs/applications/audio/pt2-clone/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/pt2-clone/default.nix b/pkgs/applications/audio/pt2-clone/default.nix index 8b586c455e3b..70c6dd12ed84 100644 --- a/pkgs/applications/audio/pt2-clone/default.nix +++ b/pkgs/applications/audio/pt2-clone/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "pt2-clone"; - version = "1.46"; + version = "1.49"; src = fetchFromGitHub { owner = "8bitbubsy"; repo = "pt2-clone"; rev = "v${version}"; - sha256 = "sha256-xRq37hjuMiGxsWRnZ/ryXYLvQpjbfQEjQkMjjuqL7r8="; + sha256 = "sha256-mE7mcaQCJlMzFTec9/faTyIZ7aoA4ygn60wS5QgVF7k="; }; nativeBuildInputs = [ cmake ]; From 7414d60e52ae06525e5605e202fabae213dd8afd Mon Sep 17 00:00:00 2001 From: Alex Martens Date: Sun, 22 May 2022 09:50:27 -0700 Subject: [PATCH 16/26] probe-run: 0.3.2 -> 0.3.3 --- pkgs/development/tools/rust/probe-run/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/rust/probe-run/default.nix b/pkgs/development/tools/rust/probe-run/default.nix index a668fdd11725..dea5d4be52ff 100644 --- a/pkgs/development/tools/rust/probe-run/default.nix +++ b/pkgs/development/tools/rust/probe-run/default.nix @@ -3,14 +3,14 @@ rustPlatform.buildRustPackage rec { pname = "probe-run"; - version = "0.3.2"; + version = "0.3.3"; src = fetchCrate { inherit pname version; - sha256 = "sha256-SXA77LXM1SuBJ8BH+ahwJl/3gWsCbdLXBiHZdJySWq0="; + sha256 = "sha256-7o0aRiCxWoDoMysXIPyiBqH/8TtFo87im6Y0OFL0cTA="; }; - cargoSha256 = "sha256-e9POSuA/I7IUKUOxMTfCWxNn0AicojpGQpxamzmHa7g="; + cargoSha256 = "sha256-vREz3FTZXMrc18LXIycJXX6SgW6IKGIgL/+79dMfNjk="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ libusb1 ] From 55b15504732af1856b2ac0c54f7fd413a9eb5ffa Mon Sep 17 00:00:00 2001 From: Rick van Schijndel Date: Sun, 22 May 2022 23:27:19 +0200 Subject: [PATCH 17/26] praat: fix cross-compilation --- pkgs/applications/audio/praat/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/applications/audio/praat/default.nix b/pkgs/applications/audio/praat/default.nix index 24da2efa907f..8c63212dc2a7 100644 --- a/pkgs/applications/audio/praat/default.nix +++ b/pkgs/applications/audio/praat/default.nix @@ -15,6 +15,10 @@ stdenv.mkDerivation rec { cp makefiles/makefile.defs.linux.pulse makefile.defs ''; + makeFlags = [ + "AR=${stdenv.cc.targetPrefix}ar" + ]; + installPhase = '' install -Dt $out/bin praat ''; From 6db12559ee51eca9ed9d1478beae451fca6a2876 Mon Sep 17 00:00:00 2001 From: Sandro Date: Mon, 23 May 2022 21:28:18 +0200 Subject: [PATCH 18/26] python310Packages.django-guardian: add me as Maintainer --- pkgs/development/python-modules/django-guardian/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/django-guardian/default.nix b/pkgs/development/python-modules/django-guardian/default.nix index 6dd9c669a3f1..c6636ee5eabb 100644 --- a/pkgs/development/python-modules/django-guardian/default.nix +++ b/pkgs/development/python-modules/django-guardian/default.nix @@ -32,6 +32,6 @@ buildPythonPackage rec { description = "Per object permissions for Django"; homepage = "https://github.com/django-guardian/django-guardian"; license = with licenses; [ mit bsd2 ]; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ SuperSandro2000 ]; }; } From e9be5fe419c945d0473b60f4072028e3160d0a8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 19 May 2022 19:40:34 +0200 Subject: [PATCH 19/26] linux-doc: init --- pkgs/os-specific/linux/kernel/htmldocs.nix | 84 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 86 insertions(+) create mode 100644 pkgs/os-specific/linux/kernel/htmldocs.nix diff --git a/pkgs/os-specific/linux/kernel/htmldocs.nix b/pkgs/os-specific/linux/kernel/htmldocs.nix new file mode 100644 index 000000000000..ce7ea63f0a6d --- /dev/null +++ b/pkgs/os-specific/linux/kernel/htmldocs.nix @@ -0,0 +1,84 @@ +{ lib +, stdenv +, graphviz +, imagemagick +, linux_latest +, makeFontsConf +, perl +, python3 +, sphinx +, which +}: + +let + py = python3.override { + packageOverrides = final: prev: rec { + docutils_old = prev.docutils.overridePythonAttrs (oldAttrs: rec { + version = "0.16"; + src = oldAttrs.src.override { + inherit version; + sha256 = "sha256-wt46YOnn0Hvia38rAMoDCcIH4GwQD5zCqUkx/HWkePw="; + }; + }); + + sphinx = (prev.sphinx.override rec { + alabaster = prev.alabaster.override { inherit pygments; }; + docutils = docutils_old; + pygments = prev.pygments.override { docutils = docutils_old; }; + }).overridePythonAttrs { + # fails due to duplicated packages + doCheck = false; + }; + + sphinx_rtd_theme = prev.sphinx_rtd_theme.override { + inherit sphinx; + docutils = docutils_old; + }; + }; + }; +in + +stdenv.mkDerivation { + pname = "linux-kernel-latest-htmldocs"; + + inherit (linux_latest) version src; + + postPatch = '' + patchShebangs \ + Documentation/sphinx/parse-headers.pl \ + scripts/{get_abi.pl,get_feat.pl,kernel-doc,sphinx-pre-install} + ''; + + FONTCONFIG_FILE = makeFontsConf { + fontDirectories = [ ]; + }; + + nativeBuildInputs = [ + graphviz + imagemagick + perl + py.pkgs.sphinx + py.pkgs.sphinx_rtd_theme + which + ]; + + preBuild = '' + export XDG_CACHE_HOME="$(mktemp -d)" + ''; + + makeFlags = [ "htmldocs" ]; + + installPhase = '' + mkdir -p $out/share/doc + mv Documentation/output $out/share/doc/linux-doc + cp -r Documentation/* $out/share/doc/linux-doc/ + ''; + + meta = with lib; { + description = "Linux kernel html documentation"; + homepage = "https://www.kernel.org/doc/htmldocs/"; + platforms = platforms.linux; + inherit (linux_latest.meta) license; + maintainers = with maintainers; [ SuperSandro2000 ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0d763d9f5d1e..3f4e9f03a0a3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23259,6 +23259,8 @@ with pkgs; linuxPackages_xanmod_latest = linuxKernel.packages.linux_xanmod_latest; linux_xanmod_latest = linuxKernel.kernels.linux_xanmod_latest; + linux-doc = callPackage ../os-specific/linux/kernel/htmldocs.nix { }; + cryptodev = linuxKernel.packages.linux_4_9.cryptodev; dpdk = callPackage ../os-specific/linux/dpdk { From fc4dc5ef8c7f89e6de57ed1be7060a91dafe6a2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 19 May 2022 19:40:55 +0200 Subject: [PATCH 20/26] systeroid: init at 0.1.1 --- pkgs/tools/system/systeroid/default.nix | 39 +++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 41 insertions(+) create mode 100644 pkgs/tools/system/systeroid/default.nix diff --git a/pkgs/tools/system/systeroid/default.nix b/pkgs/tools/system/systeroid/default.nix new file mode 100644 index 000000000000..25d1a5342773 --- /dev/null +++ b/pkgs/tools/system/systeroid/default.nix @@ -0,0 +1,39 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, linux-doc +, xorg +}: + +rustPlatform.buildRustPackage rec { + pname = "systeroid"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "orhun"; + repo = pname; + rev = "v${version}"; + sha256 = "0xf81wyp5qg67r0vyqg0209pcabx70vvxx4nrg2y7qa0mhvf6p94"; + }; + + postPatch = '' + substituteInPlace systeroid-core/src/parsers.rs \ + --replace '"/usr/share/doc/kernel-doc-*/Documentation/*",' '"${linux-doc}/share/doc/linux-doc/*",' + ''; + + cargoSha256 = "sha256-D/sSeMR1Zg3OH1fdSVKdxdIcoP4OLp3T8mwQ28O8rfk="; + + buildInputs = [ + xorg.libxcb + ]; + + # tries to access /sys/ + doCheck = false; + + meta = with lib; { + description = "More powerful alternative to sysctl(8) with a terminal user interface"; + homepage = "https://github.com/orhun/systeroid"; + license = licenses.asl20; + maintainers = with maintainers; [ SuperSandro2000 ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3f4e9f03a0a3..9b6c45796d48 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1188,6 +1188,8 @@ with pkgs; sx-go = callPackage ../tools/security/sx-go { }; + systeroid = callPackage ../tools/system/systeroid { }; + tauon = callPackage ../applications/audio/tauon { }; termusic = callPackage ../applications/audio/termusic { }; From cbbd0f77eae0702d02dbbf6f0d45ad34844c6c4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Mon, 23 May 2022 21:00:20 +0000 Subject: [PATCH 21/26] cutemaze: 1.3.0 -> 1.3.1 https://github.com/gottcode/cutemaze/blob/v1.3.1/ChangeLog --- pkgs/games/cutemaze/default.nix | 21 ++++++++++++++++----- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/pkgs/games/cutemaze/default.nix b/pkgs/games/cutemaze/default.nix index 44c48af5c29e..f33ad0c876e9 100644 --- a/pkgs/games/cutemaze/default.nix +++ b/pkgs/games/cutemaze/default.nix @@ -1,15 +1,26 @@ -{ lib, stdenv, fetchurl, qmake, qttools, qtsvg, mkDerivation }: +{ lib +, stdenv +, fetchurl +, cmake +, qttools +, wrapQtAppsHook +, qtsvg +}: -mkDerivation rec { +stdenv.mkDerivation rec { pname = "cutemaze"; - version = "1.3.0"; + version = "1.3.1"; src = fetchurl { url = "https://gottcode.org/cutemaze/${pname}-${version}-src.tar.bz2"; - sha256 = "sha256-h7+H2E37ZVSnlPa6ID+lNEvFtU5PfdMSlBjqBumojoU="; + sha256 = "6944931cd39e9ef202c11483b7b2b7409a068c52fa5fd4419ff938b1158c72ab"; }; - nativeBuildInputs = [ qmake qttools ]; + nativeBuildInputs = [ + cmake + qttools + wrapQtAppsHook + ]; buildInputs = [ qtsvg ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dc5b53ab2925..554256c91840 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31549,7 +31549,7 @@ with pkgs; curseofwar = callPackage ../games/curseofwar { SDL = null; }; curseofwar-sdl = callPackage ../games/curseofwar { ncurses = null; }; - cutemaze = libsForQt5.callPackage ../games/cutemaze { }; + cutemaze = qt6Packages.callPackage ../games/cutemaze { }; cuyo = callPackage ../games/cuyo { }; From c78acaecb415cc75b7a796ad76b2ccfc76517d92 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 24 May 2022 22:22:17 +1000 Subject: [PATCH 22/26] gh: 2.10.1 -> 2.11.0 https://github.com/cli/cli/releases/tag/v2.11.0 --- .../version-management/git-and-tools/gh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/version-management/git-and-tools/gh/default.nix b/pkgs/applications/version-management/git-and-tools/gh/default.nix index 78ec57b9059e..7d29a40e36e6 100644 --- a/pkgs/applications/version-management/git-and-tools/gh/default.nix +++ b/pkgs/applications/version-management/git-and-tools/gh/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gh"; - version = "2.10.1"; + version = "2.11.0"; src = fetchFromGitHub { owner = "cli"; repo = "cli"; rev = "v${version}"; - sha256 = "sha256-2lIHEO4+oW9+C7VSulmVwZJ1l6RYBbV6wlKMvdOGqi8="; + sha256 = "sha256-VWbkthOaq34tAiBkPlCXmz32RrJfO6dfVS+LLls39jA="; }; - vendorSha256 = "sha256-EFJfd6sUK5iquFW0kXaiH6tLiNqbZNe9awpIqmqhp7I="; + vendorSha256 = "sha256-soNQXtpQ217scP606UA05+r9WIrUAMOCDBsfLKrVD+Q="; nativeBuildInputs = [ installShellFiles ]; From 208a03de9303819907556e3ac0866a449af9dcbe Mon Sep 17 00:00:00 2001 From: Paul S Date: Tue, 17 May 2022 16:12:54 +0100 Subject: [PATCH 23/26] vivaldi-widevine: switch to fetchzip hopefully it makes the hash not change sometimes --- .../networking/browsers/vivaldi/widevine.nix | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/pkgs/applications/networking/browsers/vivaldi/widevine.nix b/pkgs/applications/networking/browsers/vivaldi/widevine.nix index 23205aa6846e..740e325fca4e 100644 --- a/pkgs/applications/networking/browsers/vivaldi/widevine.nix +++ b/pkgs/applications/networking/browsers/vivaldi/widevine.nix @@ -1,22 +1,16 @@ -{ lib, stdenv, fetchurl -, unzip +{ lib, stdenv, fetchzip }: stdenv.mkDerivation rec { pname = "widevine"; version = "4.10.2449.0"; - src = fetchurl { + src = fetchzip { url = "https://dl.google.com/widevine-cdm/${version}-linux-x64.zip"; - sha256 = "sha256-XZuXK3NCfqbaQ1tuMOXj/U4yJC18futqo1WjuMqMrRA="; + sha256 = "sha256-f2kAkP+s3fB+krEZsiujEoI4oznkzSyaIB/CRJZWlXE="; + stripRoot = false; }; - nativeBuildInputs = [ unzip ]; - - unpackPhase = '' - unzip $src - ''; - installPhase = '' install -vD manifest.json $out/share/google/chrome/WidevineCdm/manifest.json install -vD LICENSE.txt $out/share/google/chrome/WidevineCdm/LICENSE.txt From 1b27e162e537681b318b4610d0bffb2a74c47b70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Reu=C3=9Fe?= Date: Tue, 24 May 2022 16:39:19 +0200 Subject: [PATCH 24/26] zoom-us: 5.10.4.2845 -> 5.10.6.3192 on x86_64-linux Fixes #174147 --- .../networking/instant-messengers/zoom-us/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix index 1b15c2aa0cca..06f9a2d3e8ee 100644 --- a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix +++ b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix @@ -46,7 +46,7 @@ let version = { aarch64-darwin = "5.10.4.6592"; x86_64-darwin = "5.10.4.6592"; - x86_64-linux = "5.10.4.2845"; + x86_64-linux = "5.10.6.3192"; }.${system} or throwSystem; srcs = { @@ -60,7 +60,7 @@ let }; x86_64-linux = fetchurl { url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz"; - sha256 = "9gspydrGaEjzAM0nK1u0XNm07HTupJ2wnPxCFWy+Nts="; + sha256 = "8QIkF5+875VFoGK6T0CROsqML6bJDG934c1gkuz8Klk="; }; }; From b37e4c01b13e01f6a2ec87c55f5255e1efa03fdf Mon Sep 17 00:00:00 2001 From: Ulrik Strid Date: Thu, 24 Mar 2022 15:34:27 +0100 Subject: [PATCH 25/26] ocamlPackages.linenoise: 1.3.0 -> 1.3.1 --- pkgs/development/ocaml-modules/linenoise/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ocaml-modules/linenoise/default.nix b/pkgs/development/ocaml-modules/linenoise/default.nix index eaeb053239e8..32cbc268e76f 100644 --- a/pkgs/development/ocaml-modules/linenoise/default.nix +++ b/pkgs/development/ocaml-modules/linenoise/default.nix @@ -2,7 +2,7 @@ buildDunePackage rec { pname = "linenoise"; - version = "1.3.0"; + version = "1.3.1"; useDune2 = true; @@ -12,7 +12,7 @@ buildDunePackage rec { owner = "fxfactorial"; repo = "ocaml-${pname}"; rev = "v${version}"; - sha256 = "0m9mm1arsawi5w5aqm57z41sy1wfxvhfgbdiw7hzy631i391144g"; + sha256 = "sha256-5DlF56reh52Tvbi3wGK8ZrPBAYK0ZTBV3jz8qUsyKGk="; }; propagatedBuildInputs = [ result ]; From 4b8488f72ac9f6cd964c83c2b1a9d273dc645b5b Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Fri, 20 May 2022 15:39:43 -0700 Subject: [PATCH 26/26] ber-metaocaml: make useX11 be a parameter rather than a let-binding This allows callers to choose the value of useX11 themselves, for example in config.nix. --- pkgs/development/compilers/ocaml/ber-metaocaml.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/ocaml/ber-metaocaml.nix b/pkgs/development/compilers/ocaml/ber-metaocaml.nix index edb3c2e385f6..0825c2db6603 100644 --- a/pkgs/development/compilers/ocaml/ber-metaocaml.nix +++ b/pkgs/development/compilers/ocaml/ber-metaocaml.nix @@ -2,10 +2,10 @@ , ncurses , libX11, xorgproto, buildEnv , fetchpatch +, useX11 ? stdenv.hostPlatform.isx86 }: let - useX11 = stdenv.hostPlatform.isx86; x11deps = [ libX11 xorgproto ]; inherit (lib) optionals;