From 8f3a541a3d096e5b8cd70112632bd8a6af283010 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Sun, 13 May 2018 16:59:51 -0400
Subject: [PATCH 001/102] nixos/grub: Updates `splashImage` description to
 match reality.

Fixes #4911
---
 nixos/modules/system/boot/loader/grub/grub.nix | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix
index e2cff1c1bd94..67daaa333e5e 100644
--- a/nixos/modules/system/boot/loader/grub/grub.nix
+++ b/nixos/modules/system/boot/loader/grub/grub.nix
@@ -308,10 +308,22 @@ in
         type = types.nullOr types.path;
         example = literalExample "./my-background.png";
         description = ''
-          Background image used for GRUB.  It must be a 640x480,
+          Background image used for GRUB.
+          Set to <literal>null</literal> to run GRUB in text mode.
+
+          <note><para>
+          For grub 1:
+          It must be a 640x480,
           14-colour image in XPM format, optionally compressed with
-          <command>gzip</command> or <command>bzip2</command>.  Set to
-          <literal>null</literal> to run GRUB in text mode.
+          <command>gzip</command> or <command>bzip2</command>.
+          </para></note>
+
+          <note><para>
+          For grub 2:
+          File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must
+          not be progressive.
+          The image will be scaled if necessary to fit the screen.
+          </para></note>
         '';
       };
 

From 0ccfe14e25771d83460305ee09d99cb449eea15a Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Sun, 13 May 2018 19:51:50 -0400
Subject: [PATCH 002/102] nixos/grub: Implements use of file format for
 splashImage.

GRUB 2.0 supports png, jpeg and tga. This will use the image's suffix to
load the right module.

As jpeg module is named jpeg, jpg is renamed jpeg.

If the user uses wrong image suffix for an image, it wouldn't work anyway.

This will leave up to two additional left-over files in /boot/ if user switches
through all the supported file formats. The module already left the png
image if the user disabled the splash image.
---
 .../system/boot/loader/grub/install-grub.pl        | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl
index 8bd203106f55..1aa14729a75c 100644
--- a/nixos/modules/system/boot/loader/grub/install-grub.pl
+++ b/nixos/modules/system/boot/loader/grub/install-grub.pl
@@ -299,12 +299,16 @@ else {
         copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath\n";
     }
     if ($splashImage) {
-        # FIXME: GRUB 1.97 doesn't resize the background image if it
-        # doesn't match the video resolution.
-        copy $splashImage, "$bootPath/background.png" or die "cannot copy $splashImage to $bootPath\n";
+        # Keeps the image's extension.
+        my ($filename, $dirs, $suffix) = fileparse($splashImage, qr"\..[^.]*$");
+        # The module for jpg is jpeg.
+        if ($suffix eq ".jpg") {
+            $suffix = ".jpeg";
+        }
+        copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath\n";
         $conf .= "
-            insmod png
-            if background_image " . $grubBoot->path . "/background.png; then
+            insmod " . substr($suffix, 1) . "
+            if background_image " . $grubBoot->path . "/background$suffix; then
               set color_normal=white/black
               set color_highlight=black/white
             else

From 1edc7ae63917ee28de05a0ec43ae550652e2af93 Mon Sep 17 00:00:00 2001
From: worldofpeace <worldofpeace@users.noreply.github.com>
Date: Wed, 16 May 2018 07:57:17 -0400
Subject: [PATCH 003/102] xbmcPlugins.osmc-skin: init at 17.0.4

---
 pkgs/applications/video/kodi/plugins.nix | 22 ++++++++++++++++++++++
 pkgs/top-level/all-packages.nix          |  1 +
 2 files changed, 23 insertions(+)

diff --git a/pkgs/applications/video/kodi/plugins.nix b/pkgs/applications/video/kodi/plugins.nix
index 01e134afee6f..f263182c6fc1 100644
--- a/pkgs/applications/video/kodi/plugins.nix
+++ b/pkgs/applications/video/kodi/plugins.nix
@@ -338,4 +338,26 @@ rec {
 
     extraBuildInputs = [ zlib ];
   };
+
+  osmc-skin = mkKodiPlugin rec {
+
+    plugin = "osmc-skin";
+    namespace = "skin.osmc";
+    version = "17.0.4";
+
+    src = fetchFromGitHub {
+      owner = "osmc";
+      repo = namespace;
+      rev = "a9268937f49286bab9fb49de430b8aafd7a60a9e";
+      sha256 = "1b3fm02annsq58pcfc985glrmh21rmqksdj3q8wn6gyza06jdf3v";
+    };
+
+    meta = with stdenv.lib; {
+      homepage = https://github.com/omsc/skin.osmc;
+      description = "The default skin for OSMC";
+      platforms = platforms.all;
+      maintainers = with maintainers; [ worldofpeace ];
+      license = licenses.cc-by-nc-sa-30;
+    };
+  };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e269cbb956ac..ff810774b27b 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18620,6 +18620,7 @@ with pkgs;
       ++ optionals (config.kodi.enableHyperLauncher or false)
            (with hyper-launcher; [ plugin service pdfreader ])
       ++ optional (config.kodi.enableJoystick or false) joystick
+      ++ optional (config.kodi.enableOSMCskin or false) osmc-skin
       ++ optional (config.kodi.enableSVTPlay or false) svtplay
       ++ optional (config.kodi.enableSteamController or false) steam-controller
       ++ optional (config.kodi.enableSteamLauncher or false) steam-launcher

From b4b3892bd11d81d4bd17f21b9a5153f30a774f56 Mon Sep 17 00:00:00 2001
From: Sebastian Jordan <sebastian.jordan.mail@googlemail.com>
Date: Wed, 16 May 2018 12:46:36 +0200
Subject: [PATCH 004/102] nixos/kubernetes: Update kube-dns and
 kube-dashbashboard docker image derivations to new pullImage function
 signature

---
 nixos/modules/services/cluster/kubernetes/dashboard.nix | 3 ++-
 nixos/modules/services/cluster/kubernetes/dns.nix       | 9 ++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/services/cluster/kubernetes/dashboard.nix b/nixos/modules/services/cluster/kubernetes/dashboard.nix
index e331889b9dd5..41655895c00d 100644
--- a/nixos/modules/services/cluster/kubernetes/dashboard.nix
+++ b/nixos/modules/services/cluster/kubernetes/dashboard.nix
@@ -10,8 +10,9 @@ let
 
   image = pkgs.dockerTools.pullImage {
     imageName = name;
-    imageTag = version;
+    finalImageTag = version;
     sha256 = "11h0fz3wxp0f10fsyqaxjm7l2qg7xws50dv5iwlck5gb1fjmajad";
+    imageDigest = "sha256:e7984d10351601080bbc146635d51f0cfbea31ca6f0df323cf7a58cf2f6a68df";
   };
 in {
   options.services.kubernetes.addons.dashboard = {
diff --git a/nixos/modules/services/cluster/kubernetes/dns.nix b/nixos/modules/services/cluster/kubernetes/dns.nix
index 226fdadffd1a..939f58fc41b7 100644
--- a/nixos/modules/services/cluster/kubernetes/dns.nix
+++ b/nixos/modules/services/cluster/kubernetes/dns.nix
@@ -7,20 +7,23 @@ let
 
   k8s-dns-kube-dns = pkgs.dockerTools.pullImage {
     imageName = "gcr.io/google_containers/k8s-dns-kube-dns-amd64";
-    imageTag = version;
+    finalImageTag = version;
     sha256 = "0q97xfqrigrfjl2a9cxl5in619py0zv44gch09jm8gqjkxl80imp";
+    imageDigest = "sha256:40790881bbe9ef4ae4ff7fe8b892498eecb7fe6dcc22661402f271e03f7de344";
   };
 
   k8s-dns-dnsmasq-nanny = pkgs.dockerTools.pullImage {
     imageName = "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64";
-    imageTag = version;
+    finalImageTag = version;
     sha256 = "051w5ca4qb88mwva4hbnh9xzlsvv7k1mbk3wz50lmig2mqrqqx6c";
+    imageDigest = "sha256:aeeb994acbc505eabc7415187cd9edb38cbb5364dc1c2fc748154576464b3dc2";
   };
 
   k8s-dns-sidecar = pkgs.dockerTools.pullImage {
     imageName = "gcr.io/google_containers/k8s-dns-sidecar-amd64";
-    imageTag = version;
+    finalImageTag = version;
     sha256 = "1z0d129bcm8i2cqq36x5jhnrv9hirj8c6kjrmdav8vgf7py78vsm";
+    imageDigest = "sha256:97074c951046e37d3cbb98b82ae85ed15704a290cce66a8314e7f846404edde9";
   };
 
   cfg = config.services.kubernetes.addons.dns;

From 1bf798b8cb1da83ebedf408115590d3d002e3609 Mon Sep 17 00:00:00 2001
From: Sebastian Jordan <sebastian.jordan.mail@googlemail.com>
Date: Mon, 21 May 2018 14:15:58 +0200
Subject: [PATCH 005/102] nixos/ipfs: Add option to disable local port scanning
 for ipfs daemon

---
 nixos/modules/services/network-filesystems/ipfs.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix
index e2122ddb8ede..b5903d113c57 100644
--- a/nixos/modules/services/network-filesystems/ipfs.nix
+++ b/nixos/modules/services/network-filesystems/ipfs.nix
@@ -186,6 +186,16 @@ in {
         default = [];
       };
 
+      localDiscovery = mkOption {
+        type = types.bool;
+        description = ''Whether to enable local discovery for the ipfs daemon.
+          This will prevent ipfs to scan ports on your local network. Some hosting services will ban you if you do.
+
+          This option only has an effect before you initialized ipfs your machine.
+        '';
+        default = true;
+      };
+
       serviceFdlimit = mkOption {
         type = types.nullOr types.int;
         default = null;
@@ -232,7 +242,8 @@ in {
       '';
       script = ''
         if [[ ! -f ${cfg.dataDir}/config ]]; then
-          ipfs init ${optionalString cfg.emptyRepo "-e"}
+          ipfs init ${optionalString cfg.emptyRepo "-e"} \
+            ${optionalString (! cfg.localDiscovery) "--profile=server"}
         fi
       '';
 

From 19f768a97808da4c8700ae24513ab557801be12c Mon Sep 17 00:00:00 2001
From: Vincent Laporte <Vincent.Laporte@gmail.com>
Date: Mon, 21 May 2018 16:10:03 +0000
Subject: [PATCH 006/102] ocamlPackages.earley_ocaml: init at 1.0.2

---
 .../ocaml-modules/earley_ocaml/default.nix    | 30 +++++++++++++++++++
 pkgs/top-level/ocaml-packages.nix             |  2 ++
 2 files changed, 32 insertions(+)
 create mode 100644 pkgs/development/ocaml-modules/earley_ocaml/default.nix

diff --git a/pkgs/development/ocaml-modules/earley_ocaml/default.nix b/pkgs/development/ocaml-modules/earley_ocaml/default.nix
new file mode 100644
index 000000000000..92a1eb1e5c8e
--- /dev/null
+++ b/pkgs/development/ocaml-modules/earley_ocaml/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub, which, ocaml, findlib, ocamlbuild, earley }:
+
+stdenv.mkDerivation rec {
+  version = "1.0.2";
+  name = "ocaml${ocaml.version}-earley_ocaml-${version}";
+  src = fetchFromGitHub {
+    owner = "rlepigre";
+    repo = "ocaml-earley-ocaml";
+    rev = "ocaml-earley-ocaml_${version}";
+    sha256 = "0f8kr49r2xfs7cbzps4r9i92ckhwssaiydam846jrky3z5djn2jc";
+  };
+
+  buildInputs = [ which ocaml findlib ocamlbuild ];
+
+  propagatedBuildInputs = [ earley ];
+
+  preBuild = "make";
+
+  createFindlibDestdir = true;
+
+  installFlags = [ "BINDIR=$(out)/bin" ];
+
+  meta = {
+    description = "Extensible OCaml parser to be used with Earley";
+    license = stdenv.lib.licenses.cecill-b;
+    maintainers = [ stdenv.lib.maintainers.vbgl ];
+    inherit (ocaml.meta) platforms;
+    inherit (src.meta) homepage;
+  };
+}
diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix
index e46888992f77..01a5b224d1e5 100644
--- a/pkgs/top-level/ocaml-packages.nix
+++ b/pkgs/top-level/ocaml-packages.nix
@@ -217,6 +217,8 @@ let
 
     earley = callPackage ../development/ocaml-modules/earley { };
 
+    earley_ocaml = callPackage ../development/ocaml-modules/earley_ocaml { };
+
     easy-format = callPackage ../development/ocaml-modules/easy-format { };
 
     eliom = callPackage ../development/ocaml-modules/eliom { };

From c2361d632dffc7dc33bf25ff9e3d9615db27b338 Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Tue, 22 May 2018 15:20:53 +0200
Subject: [PATCH 007/102] rust-cbindgen: init at 0.6.0

---
 .../tools/rust/cbindgen/default.nix           | 22 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  1 +
 2 files changed, 23 insertions(+)
 create mode 100644 pkgs/development/tools/rust/cbindgen/default.nix

diff --git a/pkgs/development/tools/rust/cbindgen/default.nix b/pkgs/development/tools/rust/cbindgen/default.nix
new file mode 100644
index 000000000000..ef74842da1c0
--- /dev/null
+++ b/pkgs/development/tools/rust/cbindgen/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, fetchFromGitHub, rustPlatform }:
+
+rustPlatform.buildRustPackage rec {
+  name = "rust-cbindgen-${version}";
+  version = "0.6.0";
+
+  src = fetchFromGitHub {
+    owner = "eqrion";
+    repo = "cbindgen";
+    rev = "v${version}";
+    sha256 = "0yzjbmdhhwbg551bm06xwwdjdm5kdqw37pgd7hals8qxb0dzmmh8";
+  };
+
+  cargoSha256 = "1ml4a7xp40l3bhfhpwdrwj3k99zhan9dzpkw71fa689xmv6pdj62";
+
+  meta = with stdenv.lib; {
+    description = "A project for generating C bindings from Rust code";
+    homepage = https://github.com/eqrion/cbindgen;
+    license = licenses.mpl20;
+    maintainers = with maintainers; [ jtojnar ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index d2b566ab5f62..d0191ec5c59f 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6922,6 +6922,7 @@ with pkgs;
   rustracer = callPackage ../development/tools/rust/racer { };
   rustracerd = callPackage ../development/tools/rust/racerd { };
   rust-bindgen = callPackage ../development/tools/rust/bindgen { };
+  rust-cbindgen = callPackage ../development/tools/rust/cbindgen { };
   rustup = callPackage ../development/tools/rust/rustup {
     inherit (darwin.apple_sdk.frameworks) Security;
   };

From 6b5dc5cda09d00a33acf4f4abf5e0fbfb711d0e9 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm+bot@ryantm.com>
Date: Tue, 22 May 2018 20:01:49 -0700
Subject: [PATCH 008/102] qjackctl: 0.5.0 -> 0.5.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/qjackctl/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/8v1gipr8vnyf6kx68xlxrfkdk226r65q-qjackctl-0.5.1/bin/qjackctl had a zero exit code or showed the expected version
- 0 of 1 passed binary check by having a zero exit code.
- 0 of 1 passed binary check by having the new version present in output.
- found 0.5.1 with grep in /nix/store/8v1gipr8vnyf6kx68xlxrfkdk226r65q-qjackctl-0.5.1
- directory tree listing: https://gist.github.com/b33811366209a2de394b82f4c7cec003
- du listing: https://gist.github.com/5cef67561cc5293a1f1a78504bda18c1
---
 pkgs/applications/audio/qjackctl/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/audio/qjackctl/default.nix b/pkgs/applications/audio/qjackctl/default.nix
index 925078fb3a15..aabd73430100 100644
--- a/pkgs/applications/audio/qjackctl/default.nix
+++ b/pkgs/applications/audio/qjackctl/default.nix
@@ -1,14 +1,14 @@
 { stdenv, fetchurl, pkgconfig, alsaLib, libjack2, dbus, qtbase, qttools, qtx11extras }:
 
 stdenv.mkDerivation rec {
-  version = "0.5.0";
+  version = "0.5.1";
   name = "qjackctl-${version}";
 
   # some dependencies such as killall have to be installed additionally
 
   src = fetchurl {
     url = "mirror://sourceforge/qjackctl/${name}.tar.gz";
-    sha256 = "0lx81dfwanc10vrny1vzi0wx73ph82dlz99ffjzsigj3cqzz6x4s";
+    sha256 = "0jw1s4qh4qjxnysddjv3j2lchwlslj9p4iisv9i89d3m7pf1svs4";
   };
 
   buildInputs = [

From 513cd3de0e05fa25b08b4bf52e6389e406916190 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Sun, 13 May 2018 10:53:09 -0400
Subject: [PATCH 009/102] haskell-generic-builder: Add extra framework dirs

Just like with the other `--extra-*` flags, cc/ld-wrapper already handles
this, but we need to make Cabal aware so that the haskell builds have
the correct metadata.
---
 pkgs/development/haskell-modules/generic-builder.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index f08130a3157a..80d3bec38e7d 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -248,6 +248,9 @@ stdenv.mkDerivation ({
       if [ -d "$p/lib" ]; then
         configureFlags+=" --extra-lib-dirs=$p/lib"
       fi
+      if [[ -d "$p/Library/Frameworks" ]]; then
+        configureFlags+=" --extra-framework-dirs=$p/Library/Frameworks"
+      fi
     done
   ''
   # only use the links hack if we're actually building dylibs. otherwise, the

From e1b9419dec7fa09a4d08482ed8156b4bba90bd51 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Mon, 21 May 2018 14:44:46 -0400
Subject: [PATCH 010/102] haskell generic builder: `setupHaskellDepends` should
 be `nativeBuildInputs

This is because they are just for Setup.hs, so they are just used at build time
and completely isolated from the normal components' dependencies.

This was previous implemented in 8a8f0408cd9b7fdda1095718107c800057658c44, but
reverted in e69c7f56419589c0d3296e81f47032fa813cca4b because it broken
setup-depends non-cross in haskell shell environments (custom Setup.hs in cross
shell environments has never worked). This version adds a special native
exception to avoid that breakage.
---
 pkgs/development/haskell-modules/generic-builder.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index 80d3bec38e7d..0a668fd38ca7 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -169,18 +169,22 @@ let
                         optionals doCheck testPkgconfigDepends ++ optionals doBenchmark benchmarkPkgconfigDepends;
 
   nativeBuildInputs = [ ghc nativeGhc removeReferencesTo ] ++ optional (allPkgconfigDepends != []) pkgconfig ++
+                      setupHaskellDepends ++
                       buildTools ++ libraryToolDepends ++ executableToolDepends;
   propagatedBuildInputs = buildDepends ++ libraryHaskellDepends ++ executableHaskellDepends;
-  otherBuildInputs = setupHaskellDepends ++ extraLibraries ++ librarySystemDepends ++ executableSystemDepends ++
+  otherBuildInputs = extraLibraries ++ librarySystemDepends ++ executableSystemDepends ++
                      allPkgconfigDepends ++
                      optionals doCheck (testDepends ++ testHaskellDepends ++ testSystemDepends ++ testToolDepends) ++
                      optionals doBenchmark (benchmarkDepends ++ benchmarkHaskellDepends ++ benchmarkSystemDepends ++ benchmarkToolDepends);
+
   allBuildInputs = propagatedBuildInputs ++ otherBuildInputs;
 
   haskellBuildInputs = stdenv.lib.filter isHaskellPkg allBuildInputs;
   systemBuildInputs = stdenv.lib.filter isSystemPkg allBuildInputs;
 
-  ghcEnv = ghc.withPackages (p: haskellBuildInputs);
+  # When not cross compiling, also include Setup.hs dependencies.
+  ghcEnv = ghc.withPackages (p:
+    haskellBuildInputs ++ stdenv.lib.optional (!isCross) setupHaskellDepends);
 
   setupCommand = "./Setup";
 

From 38fbdcc7267d84aa224a8711038caa2b8ef8a418 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Thu, 1 Mar 2018 13:35:48 +0800
Subject: [PATCH 011/102] haskell generic builder: Use setup package database
 for setup-depends

Adapted from https://github.com/obsidiansystems/nixpkgs/commit/b69f420121120433220c568e4b35ade539ef60f2 by @Ericson2314
---
 .../haskell-modules/generic-builder.nix       | 54 +++++++++++++------
 1 file changed, 39 insertions(+), 15 deletions(-)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index 0a668fd38ca7..b0cf228f8c76 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -194,6 +194,22 @@ let
 
   nativeGhcCommand = "${nativeGhc.targetPrefix}ghc";
 
+  buildPkgDb = ghcName: ''
+    if [ -d "$p/lib/${ghcName}/package.conf.d" ]; then
+      cp -f "$p/lib/${ghcName}/package.conf.d/"*.conf $packageConfDir/
+      continue
+    fi
+    if [ -d "$p/include" ]; then
+      configureFlags+=" --extra-include-dirs=$p/include"
+    fi
+    if [ -d "$p/lib" ]; then
+      configureFlags+=" --extra-lib-dirs=$p/lib"
+    fi
+    if [[ -d "$p/Library/Frameworks" ]]; then
+      configureFlags+=" --extra-framework-dirs=$p/Library/Frameworks"
+    fi
+  '';
+
 in
 
 assert allPkgconfigDepends != [] -> pkgconfig != null;
@@ -234,27 +250,31 @@ stdenv.mkDerivation ({
     echo "Build with ${ghc}."
     ${optionalString (hasActiveLibrary && hyperlinkSource) "export PATH=${hscolour}/bin:$PATH"}
 
+  '' + (optionalString (setupHaskellDepends != []) ''
+    setupPackageConfDir="$TMPDIR/setup-package.conf.d"
+    mkdir -p $setupPackageConfDir
+  '') + ''
     packageConfDir="$TMPDIR/package.conf.d"
     mkdir -p $packageConfDir
 
     setupCompileFlags="${concatStringsSep " " setupCompileFlags}"
     configureFlags="${concatStringsSep " " defaultConfigureFlags} $configureFlags"
+  ''
+  # We build the Setup.hs on the *build* machine, and as such should only add
+  # dependencies for the build machine.
+  #
+  # pkgs* arrays defined in stdenv/setup.hs
+  + (optionalString (setupHaskellDepends != []) ''
+    for p in "''${pkgsBuildBuild[@]}" "''${pkgsBuildHost[@]}" "''${pkgsBuildTarget[@]}"; do
+      ${buildPkgDb nativeGhc.name}
+    done
+    ${nativeGhcCommand}-pkg --${nativePackageDbFlag}="$setupPackageConfDir" recache
+  '')
 
-    # host.*Pkgs defined in stdenv/setup.hs
+    # For normal components
+  + ''
     for p in "''${pkgsHostHost[@]}" "''${pkgsHostTarget[@]}"; do
-      if [ -d "$p/lib/${ghc.name}/package.conf.d" ]; then
-        cp -f "$p/lib/${ghc.name}/package.conf.d/"*.conf $packageConfDir/
-        continue
-      fi
-      if [ -d "$p/include" ]; then
-        configureFlags+=" --extra-include-dirs=$p/include"
-      fi
-      if [ -d "$p/lib" ]; then
-        configureFlags+=" --extra-lib-dirs=$p/lib"
-      fi
-      if [[ -d "$p/Library/Frameworks" ]]; then
-        configureFlags+=" --extra-framework-dirs=$p/Library/Frameworks"
-      fi
+      ${buildPkgDb ghc.name}
     done
   ''
   # only use the links hack if we're actually building dylibs. otherwise, the
@@ -289,7 +309,11 @@ stdenv.mkDerivation ({
     done
 
     echo setupCompileFlags: $setupCompileFlags
-    ${nativeGhcCommand} $setupCompileFlags --make -o Setup -odir $TMPDIR -hidir $TMPDIR $i
+    ${optionalString (setupHaskellDepends != [])
+       ''
+       echo GHC_PACKAGE_PATH="$setupPackageConfDir:"
+       GHC_PACKAGE_PATH="$setupPackageConfDir:" ''
+    }${nativeGhcCommand} $setupCompileFlags --make -o Setup -odir $TMPDIR -hidir $TMPDIR $i
 
     runHook postCompileBuildDriver
   '';

From a4d5dbd45dfe35ca93b32daedba1c25167701cb0 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Sun, 11 Mar 2018 17:13:25 +0800
Subject: [PATCH 012/102] haskell generic builder: Disable static libs on
 Windows because no -staticlib

The reason why this does not work is not that we can't built static
objects, we can, but we can't use `-staticlib` on GHC on windows.
`-staticlib` rolls all dependencies into a combined archive. While this
would work on windows if we used gnu ar and MRI script, GHC can't rely
on GNU ar, and as such has a quick archive concatenation module for GNU
and BSD archives only.
---
 pkgs/development/haskell-modules/generic-builder.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index b0cf228f8c76..66c8c1fd3753 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -31,7 +31,7 @@ in
 , enableSharedExecutables ? false
 , enableSharedLibraries ? ((ghc.isGhcjs or false) || stdenv.lib.versionOlder "7.7" ghc.version)
 , enableDeadCodeElimination ? (!stdenv.isDarwin)  # TODO: use -dead_strip for darwin
-, enableStaticLibraries ? true
+, enableStaticLibraries ? !hostPlatform.isWindows
 , enableHsc2hsViaAsm ? hostPlatform.isWindows && stdenv.lib.versionAtLeast ghc.version "8.4"
 , extraLibraries ? [], librarySystemDepends ? [], executableSystemDepends ? []
 , homepage ? "http://hackage.haskell.org/package/${pname}"
@@ -68,6 +68,10 @@ in
 
 assert editedCabalFile != null -> revision != null;
 
+# --enable-static does not work on windows. This is a bug in GHC.
+# --enable-static will pass -staticlib to ghc, which only works for mach-o and elf.
+assert hostPlatform.isWindows -> enableStaticLibraries == false;
+
 let
 
   inherit (stdenv.lib) optional optionals optionalString versionOlder versionAtLeast

From affeb0cb805f82bcc51e192a4c3bfe00f5f63fc9 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Sat, 17 Mar 2018 14:42:28 +0800
Subject: [PATCH 013/102] haskell generic builder: Do the `links` dance only if
 shared is enabled.

---
 pkgs/development/haskell-modules/generic-builder.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index 66c8c1fd3753..ef4cccdd820e 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -284,7 +284,7 @@ stdenv.mkDerivation ({
   # only use the links hack if we're actually building dylibs. otherwise, the
   # "dynamic-library-dirs" point to nonexistent paths, and the ln command becomes
   # "ln -s $out/lib/links", which tries to recreate the links dir and fails
-  + (optionalString (stdenv.isDarwin && enableSharedLibraries) ''
+  + (optionalString (stdenv.isDarwin && (enableSharedLibraries || enableSharedExecutables)) ''
     # Work around a limit in the macOS Sierra linker on the number of paths
     # referenced by any one dynamic library:
     #

From 87afa66a63eff046b5da7605909bae956b26e585 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Sat, 17 Mar 2018 16:55:39 +0800
Subject: [PATCH 014/102] haskell infra: Adds buildFlags logic

---
 pkgs/development/haskell-modules/generic-builder.nix | 5 ++++-
 pkgs/development/haskell-modules/lib.nix             | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index ef4cccdd820e..8d9b596276c3 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -19,6 +19,7 @@ in
 , buildTarget ? ""
 , buildTools ? [], libraryToolDepends ? [], executableToolDepends ? [], testToolDepends ? [], benchmarkToolDepends ? []
 , configureFlags ? []
+, buildFlags ? []
 , description ? ""
 , doCheck ? !isCross && stdenv.lib.versionOlder "7.4" ghc.version
 , doBenchmark ? false
@@ -130,6 +131,8 @@ let
   crossCabalFlagsString =
     stdenv.lib.optionalString isCross (" " + stdenv.lib.concatStringsSep " " crossCabalFlags);
 
+  buildFlagsString = optionalString (buildFlags != []) (" " + concatStringsSep " " buildFlags);
+
   defaultConfigureFlags = [
     "--verbose" "--prefix=$out" "--libdir=\\$prefix/lib/\\$compiler" "--libsubdir=\\$pkgid"
     (optionalString enableSeparateDataOutput "--datadir=$data/share/${ghc.name}")
@@ -345,7 +348,7 @@ stdenv.mkDerivation ({
 
   buildPhase = ''
     runHook preBuild
-    ${setupCommand} build ${buildTarget}${crossCabalFlagsString}
+    ${setupCommand} build ${buildTarget}${crossCabalFlagsString}${buildFlagsString}
     runHook postBuild
   '';
 
diff --git a/pkgs/development/haskell-modules/lib.nix b/pkgs/development/haskell-modules/lib.nix
index 55e45bd6559d..fb1302f60ea5 100644
--- a/pkgs/development/haskell-modules/lib.nix
+++ b/pkgs/development/haskell-modules/lib.nix
@@ -131,6 +131,8 @@ rec {
    */
   appendConfigureFlag = drv: x: overrideCabal drv (drv: { configureFlags = (drv.configureFlags or []) ++ [x]; });
 
+  appendBuildFlag = drv: x: overrideCabal drv (drv: { buildFlags = (drv.buildFlags or []) ++ [x]; });
+  appendBuildFlags = drv: xs: overrideCabal drv (drv: { buildFlags = (drv.buildFlags or []) ++ xs; });
   /* removeConfigureFlag drv x is a Haskell package like drv, but with
      all cabal configure arguments that are equal to x removed.
 

From 63e5b3ce716c9d10f024cc4aafca82146d76258e Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Mon, 26 Mar 2018 14:57:56 +0800
Subject: [PATCH 015/102] used stdenv.targetPlatform.isDarwin and not
 stdenv.isDarwin.

---
 pkgs/development/haskell-modules/configuration-nix.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/haskell-modules/configuration-nix.nix b/pkgs/development/haskell-modules/configuration-nix.nix
index 469b249010fa..2f1eb1ad97a8 100644
--- a/pkgs/development/haskell-modules/configuration-nix.nix
+++ b/pkgs/development/haskell-modules/configuration-nix.nix
@@ -128,7 +128,7 @@ self: super: builtins.intersectAttrs super {
 
   # Prevents needing to add security_tool as a build tool to all of x509-system's
   # dependencies.
-  x509-system = if pkgs.stdenv.isDarwin && !pkgs.stdenv.cc.nativeLibc
+  x509-system = if pkgs.stdenv.targetPlatform.isDarwin && !pkgs.stdenv.cc.nativeLibc
     then let inherit (pkgs.darwin) security_tool;
       in pkgs.lib.overrideDerivation (addBuildDepend super.x509-system security_tool) (drv: {
         postPatch = (drv.postPatch or "") + ''

From 9ce15ea60c8a93753d20a06d7f3dae6c867f7d10 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Fri, 18 May 2018 19:33:05 -0400
Subject: [PATCH 016/102] ghc: Normalize derivations

---
 pkgs/development/compilers/ghc/7.10.3.nix |  7 +++++--
 pkgs/development/compilers/ghc/8.0.2.nix  |  8 +++++++-
 pkgs/development/compilers/ghc/8.2.2.nix  | 11 ++++++-----
 pkgs/development/compilers/ghc/8.4.2.nix  | 12 +++++++-----
 pkgs/development/compilers/ghc/head.nix   |  7 +++++--
 5 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/pkgs/development/compilers/ghc/7.10.3.nix b/pkgs/development/compilers/ghc/7.10.3.nix
index e4bf23c6e9e2..150d14e1db46 100644
--- a/pkgs/development/compilers/ghc/7.10.3.nix
+++ b/pkgs/development/compilers/ghc/7.10.3.nix
@@ -68,7 +68,6 @@ let
   targetCC = builtins.head toolsForTarget;
 
 in
-
 stdenv.mkDerivation rec {
   version = "7.10.3";
   name = "${targetPrefix}ghc-${version}";
@@ -87,6 +86,8 @@ stdenv.mkDerivation rec {
     ./relocation.patch
   ];
 
+  postPatch = "patchShebangs .";
+
   # GHC is a bit confused on its cross terminology.
   preConfigure = ''
     for env in $(env | grep '^TARGET_' | sed -E 's|\+?=.*||'); do
@@ -103,6 +104,7 @@ stdenv.mkDerivation rec {
     export RANLIB="${targetCC.bintools.bintools}/bin/${targetCC.bintools.targetPrefix}ranlib"
     export READELF="${targetCC.bintools.bintools}/bin/${targetCC.bintools.targetPrefix}readelf"
     export STRIP="${targetCC.bintools.bintools}/bin/${targetCC.bintools.targetPrefix}strip"
+
     echo -n "${buildMK}" > mk/build.mk
     sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure
   '' + stdenv.lib.optionalString (!stdenv.isDarwin) ''
@@ -135,7 +137,8 @@ stdenv.mkDerivation rec {
   crossConfig = true;
 
   nativeBuildInputs = [
-    ghc perl libxml2 libxslt docbook_xsl docbook_xml_dtd_45 docbook_xml_dtd_42 hscolour
+    perl libxml2 libxslt docbook_xsl docbook_xml_dtd_45 docbook_xml_dtd_42
+    ghc hscolour
   ];
 
   # For building runtime libs
diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix
index 4017a01e7027..c3c7690b09f9 100644
--- a/pkgs/development/compilers/ghc/8.0.2.nix
+++ b/pkgs/development/compilers/ghc/8.0.2.nix
@@ -87,6 +87,8 @@ stdenv.mkDerivation rec {
     ++ stdenv.lib.optional stdenv.isDarwin ./ghc-8.0.2-no-cpp-warnings.patch
     ++ stdenv.lib.optional stdenv.isDarwin ./backport-dylib-command-size-limit.patch;
 
+  postPatch = "patchShebangs .";
+
   # GHC is a bit confused on its cross terminology.
   preConfigure = ''
     for env in $(env | grep '^TARGET_' | sed -E 's|\+?=.*||'); do
@@ -103,6 +105,7 @@ stdenv.mkDerivation rec {
     export RANLIB="${targetCC.bintools.bintools}/bin/${targetCC.bintools.targetPrefix}ranlib"
     export READELF="${targetCC.bintools.bintools}/bin/${targetCC.bintools.targetPrefix}readelf"
     export STRIP="${targetCC.bintools.bintools}/bin/${targetCC.bintools.targetPrefix}strip"
+
     echo -n "${buildMK}" > mk/build.mk
     sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure
   '' + stdenv.lib.optionalString (!stdenv.isDarwin) ''
@@ -134,7 +137,10 @@ stdenv.mkDerivation rec {
   # masss-rebuild.
   crossConfig = true;
 
-  nativeBuildInputs = [ ghc perl hscolour sphinx ];
+  nativeBuildInputs = [
+    perl sphinx
+    ghc hscolour
+  ];
 
   # For building runtime libs
   depsBuildTarget = toolsForTarget;
diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix
index dcc2852a3413..2b876552a014 100644
--- a/pkgs/development/compilers/ghc/8.2.2.nix
+++ b/pkgs/development/compilers/ghc/8.2.2.nix
@@ -23,10 +23,8 @@
 
 , # Whether to build dynamic libs for the standard library (on the target
   # platform). Static libs are always built.
-  enableShared ?
-    !(targetPlatform.isDarwin
-      # On iOS, dynamic linking is not supported
-      && (targetPlatform.isAarch64 || targetPlatform.isAarch32))
+  enableShared ? true
+
 , # Whether to backport https://phabricator.haskell.org/D4388 for
   # deterministic profiling symbol names, at the cost of a slightly
   # non-standard GHC API
@@ -153,7 +151,10 @@ stdenv.mkDerivation rec {
   # masss-rebuild.
   crossConfig = true;
 
-  nativeBuildInputs = [ alex autoconf autoreconfHook automake ghc happy hscolour perl python3 sphinx ];
+  nativeBuildInputs = [
+    autoconf autoreconfHook automake perl python3 sphinx
+    ghc alex happy hscolour
+  ];
 
   # For building runtime libs
   depsBuildTarget = toolsForTarget;
diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix
index 5d8adafa9a7f..6cb6930f3aa5 100644
--- a/pkgs/development/compilers/ghc/8.4.2.nix
+++ b/pkgs/development/compilers/ghc/8.4.2.nix
@@ -3,7 +3,7 @@
 
 # build-tools
 , bootPkgs, alex, happy
-, autoconf, automake, coreutils, fetchurl, fetchpatch, perl, python3
+, autoconf, automake, coreutils, fetchurl, fetchpatch, perl, python3, m4
 
 , libffi, libiconv ? null, ncurses
 
@@ -15,7 +15,7 @@
 
 , # If enabled, GHC will be built with the GPL-free but slower integer-simple
   # library instead of the faster but GPLed integer-gmp library.
-  enableIntegerSimple ? false, gmp ? null, m4
+  enableIntegerSimple ? false, gmp ? null
 
 , # If enabled, use -fPIC when compiling static libs.
   enableRelocatedStaticLibs ? targetPlatform != hostPlatform
@@ -24,7 +24,6 @@
   # platform). Static libs are always built.
   enableShared ? !targetPlatform.useAndroidPrebuilt
 
-, version ? "8.4.2"
 }:
 
 assert !enableIntegerSimple -> gmp != null;
@@ -69,7 +68,7 @@ let
 
 in
 stdenv.mkDerivation rec {
-  inherit version;
+  version = "8.4.2";
   name = "${targetPrefix}ghc-${version}";
 
   src = fetchurl {
@@ -144,7 +143,10 @@ stdenv.mkDerivation rec {
   # masss-rebuild.
   crossConfig = true;
 
-  nativeBuildInputs = [ ghc perl autoconf automake m4 happy alex python3 ];
+  nativeBuildInputs = [
+    perl autoconf automake m4 python3
+    ghc alex happy
+  ];
 
   # For building runtime libs
   depsBuildTarget = toolsForTarget;
diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix
index 7e1c73d166a2..e0de4e7e60e6 100644
--- a/pkgs/development/compilers/ghc/head.nix
+++ b/pkgs/development/compilers/ghc/head.nix
@@ -3,7 +3,7 @@
 
 # build-tools
 , bootPkgs, alex, happy
-, autoconf, automake, coreutils, fetchgit, perl, python3
+, autoconf, automake, coreutils, fetchgit, perl, python3, m4
 
 , libffi, libiconv ? null, ncurses
 
@@ -141,7 +141,10 @@ stdenv.mkDerivation rec {
   # masss-rebuild.
   crossConfig = true;
 
-  nativeBuildInputs = [ ghc perl autoconf automake happy alex python3 ];
+  nativeBuildInputs = [
+    perl autoconf automake m4 python3
+    ghc alex happy
+  ];
 
   # For building runtime libs
   depsBuildTarget = toolsForTarget;

From 1978115c3b2dfcb33f78673677a0ef3ffa6a0565 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Sun, 20 May 2018 02:16:07 -0400
Subject: [PATCH 017/102] ghc: Handle flavors better

---
 pkgs/development/compilers/ghc/7.10.3.nix | 9 ++++++++-
 pkgs/development/compilers/ghc/8.0.2.nix  | 9 ++++++++-
 pkgs/development/compilers/ghc/8.2.2.nix  | 8 +++++++-
 pkgs/development/compilers/ghc/8.4.2.nix  | 8 +++++++-
 pkgs/development/compilers/ghc/head.nix   | 8 +++++++-
 5 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/pkgs/development/compilers/ghc/7.10.3.nix b/pkgs/development/compilers/ghc/7.10.3.nix
index 150d14e1db46..7d2f37916323 100644
--- a/pkgs/development/compilers/ghc/7.10.3.nix
+++ b/pkgs/development/compilers/ghc/7.10.3.nix
@@ -24,6 +24,10 @@
 , # Whether to build dynamic libs for the standard library (on the target
   # platform). Static libs are always built.
   enableShared ? true
+
+, # What flavour to build. An empty string indicates no
+  # specific flavour and falls back to ghc default values.
+  ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross"
 }:
 
 assert !enableIntegerSimple -> gmp != null;
@@ -42,11 +46,14 @@ let
   };
 
   buildMK = ''
+    BuildFlavour = ${ghcFlavour}
+    ifneq \"\$(BuildFlavour)\" \"\"
+    include mk/flavours/\$(BuildFlavour).mk
+    endif
     DYNAMIC_GHC_PROGRAMS = ${if enableShared then "YES" else "NO"}
   '' + stdenv.lib.optionalString enableIntegerSimple ''
     INTEGER_LIBRARY = integer-simple
   '' + stdenv.lib.optionalString (targetPlatform != hostPlatform) ''
-    BuildFlavour = perf-cross
     Stage1Only = YES
     HADDOCK_DOCS = NO
   '' + stdenv.lib.optionalString enableRelocatedStaticLibs ''
diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix
index c3c7690b09f9..2e627473fc21 100644
--- a/pkgs/development/compilers/ghc/8.0.2.nix
+++ b/pkgs/development/compilers/ghc/8.0.2.nix
@@ -23,6 +23,10 @@
 , # Whether to build dynamic libs for the standard library (on the target
   # platform). Static libs are always built.
   enableShared ? true
+
+, # What flavour to build. An empty string indicates no
+  # specific flavour and falls back to ghc default values.
+  ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross"
 }:
 
 assert !enableIntegerSimple -> gmp != null;
@@ -36,11 +40,14 @@ let
     "${targetPlatform.config}-";
 
   buildMK = ''
+    BuildFlavour = ${ghcFlavour}
+    ifneq \"\$(BuildFlavour)\" \"\"
+    include mk/flavours/\$(BuildFlavour).mk
+    endif
     DYNAMIC_GHC_PROGRAMS = ${if enableShared then "YES" else "NO"}
   '' + stdenv.lib.optionalString enableIntegerSimple ''
     INTEGER_LIBRARY = integer-simple
   '' + stdenv.lib.optionalString (targetPlatform != hostPlatform) ''
-    BuildFlavour = perf-cross
     Stage1Only = YES
     HADDOCK_DOCS = NO
   '' + stdenv.lib.optionalString enableRelocatedStaticLibs ''
diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix
index 2b876552a014..beaf761bd426 100644
--- a/pkgs/development/compilers/ghc/8.2.2.nix
+++ b/pkgs/development/compilers/ghc/8.2.2.nix
@@ -25,6 +25,9 @@
   # platform). Static libs are always built.
   enableShared ? true
 
+, # What flavour to build. An empty string indicates no
+  # specific flavour and falls back to ghc default values.
+  ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross"
 , # Whether to backport https://phabricator.haskell.org/D4388 for
   # deterministic profiling symbol names, at the cost of a slightly
   # non-standard GHC API
@@ -42,11 +45,14 @@ let
     "${targetPlatform.config}-";
 
   buildMK = ''
+    BuildFlavour = ${ghcFlavour}
+    ifneq \"\$(BuildFlavour)\" \"\"
+    include mk/flavours/\$(BuildFlavour).mk
+    endif
     DYNAMIC_GHC_PROGRAMS = ${if enableShared then "YES" else "NO"}
   '' + stdenv.lib.optionalString enableIntegerSimple ''
     INTEGER_LIBRARY = integer-simple
   '' + stdenv.lib.optionalString (targetPlatform != hostPlatform) ''
-    BuildFlavour = perf-cross
     Stage1Only = YES
     HADDOCK_DOCS = NO
     BUILD_SPHINX_HTML = NO
diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix
index 6cb6930f3aa5..449edef662d9 100644
--- a/pkgs/development/compilers/ghc/8.4.2.nix
+++ b/pkgs/development/compilers/ghc/8.4.2.nix
@@ -24,6 +24,9 @@
   # platform). Static libs are always built.
   enableShared ? !targetPlatform.useAndroidPrebuilt
 
+, # What flavour to build. An empty string indicates no
+  # specific flavour and falls back to ghc default values.
+  ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross"
 }:
 
 assert !enableIntegerSimple -> gmp != null;
@@ -37,11 +40,14 @@ let
     "${targetPlatform.config}-";
 
   buildMK = ''
+    BuildFlavour = ${ghcFlavour}
+    ifneq \"\$(BuildFlavour)\" \"\"
+    include mk/flavours/\$(BuildFlavour).mk
+    endif
     DYNAMIC_GHC_PROGRAMS = ${if enableShared then "YES" else "NO"}
   '' + stdenv.lib.optionalString enableIntegerSimple ''
     INTEGER_LIBRARY = integer-simple
   '' + stdenv.lib.optionalString (targetPlatform != hostPlatform) ''
-    BuildFlavour = perf-cross
     Stage1Only = YES
     HADDOCK_DOCS = NO
     BUILD_SPHINX_HTML = NO
diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix
index e0de4e7e60e6..f5a7be5156d7 100644
--- a/pkgs/development/compilers/ghc/head.nix
+++ b/pkgs/development/compilers/ghc/head.nix
@@ -25,6 +25,9 @@
   enableShared ? !targetPlatform.useAndroidPrebuilt
 
 , version ? "8.5.20180118"
+, # What flavour to build. An empty string indicates no
+  # specific flavour and falls back to ghc default values.
+  ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross"
 }:
 
 assert !enableIntegerSimple -> gmp != null;
@@ -38,11 +41,14 @@ let
     "${targetPlatform.config}-";
 
   buildMK = ''
+    BuildFlavour = ${ghcFlavour}
+    ifneq \"\$(BuildFlavour)\" \"\"
+    include mk/flavours/\$(BuildFlavour).mk
+    endif
     DYNAMIC_GHC_PROGRAMS = ${if enableShared then "YES" else "NO"}
   '' + stdenv.lib.optionalString enableIntegerSimple ''
     INTEGER_LIBRARY = integer-simple
   '' + stdenv.lib.optionalString (targetPlatform != hostPlatform) ''
-    BuildFlavour = perf-cross
     Stage1Only = YES
     HADDOCK_DOCS = NO
     BUILD_SPHINX_HTML = NO

From 10b76a4caba015a5252cc88172d3b7d23b14d8f6 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Mon, 5 Mar 2018 21:34:31 +0800
Subject: [PATCH 018/102] ghc: paxmark all unwraped executables across the
 board

Shell glob works even as the exact set of executable (filenames) varries
beween configuations. Need to skip non ELFs (e.g. shell scripts),
however.
---
 pkgs/development/compilers/ghc/8.0.2.nix | 7 ++++---
 pkgs/development/compilers/ghc/8.2.2.nix | 7 ++++---
 pkgs/development/compilers/ghc/8.4.2.nix | 7 ++++---
 pkgs/development/compilers/ghc/head.nix  | 7 ++++---
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix
index 2e627473fc21..2957846cd59d 100644
--- a/pkgs/development/compilers/ghc/8.0.2.nix
+++ b/pkgs/development/compilers/ghc/8.0.2.nix
@@ -164,10 +164,11 @@ stdenv.mkDerivation rec {
   # that in turn causes GHCi to abort
   stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols";
 
-  # zsh and other shells are smart about `{ghc}` but bash isn't, and doesn't
-  # treat that as a unary `{x,y,z,..}` repetition.
   postInstall = ''
-    paxmark m $out/lib/${name}/bin/${if targetPlatform != hostPlatform then "ghc" else "{ghc,haddock}"}
+    for bin in "$out"/lib/${name}/bin/*; do
+      isELF "$bin" || continue
+      paxmark m "$bin"
+    done
 
     # Install the bash completion file.
     install -D -m 444 utils/completion/ghc.bash $out/share/bash-completion/completions/${targetPrefix}ghc
diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix
index beaf761bd426..c21fd3353c74 100644
--- a/pkgs/development/compilers/ghc/8.2.2.nix
+++ b/pkgs/development/compilers/ghc/8.2.2.nix
@@ -179,10 +179,11 @@ stdenv.mkDerivation rec {
 
   checkTarget = "test";
 
-  # zsh and other shells are smart about `{ghc}` but bash isn't, and doesn't
-  # treat that as a unary `{x,y,z,..}` repetition.
   postInstall = ''
-    paxmark m $out/lib/${name}/bin/${if targetPlatform != hostPlatform then "ghc" else "{ghc,haddock}"}
+    for bin in "$out"/lib/${name}/bin/*; do
+      isELF "$bin" || continue
+      paxmark m "$bin"
+    done
 
     # Install the bash completion file.
     install -D -m 444 utils/completion/ghc.bash $out/share/bash-completion/completions/${targetPrefix}ghc
diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix
index 449edef662d9..7cdf746c5820 100644
--- a/pkgs/development/compilers/ghc/8.4.2.nix
+++ b/pkgs/development/compilers/ghc/8.4.2.nix
@@ -171,10 +171,11 @@ stdenv.mkDerivation rec {
 
   checkTarget = "test";
 
-  # zsh and other shells are smart about `{ghc}` but bash isn't, and doesn't
-  # treat that as a unary `{x,y,z,..}` repetition.
   postInstall = ''
-    paxmark m $out/lib/${name}/bin/${if targetPlatform != hostPlatform then "ghc" else "{ghc,haddock}"}
+    for bin in "$out"/lib/${name}/bin/*; do
+      isELF "$bin" || continue
+      paxmark m "$bin"
+    done
 
     # Install the bash completion file.
     install -D -m 444 utils/completion/ghc.bash $out/share/bash-completion/completions/${targetPrefix}ghc
diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix
index f5a7be5156d7..1fe6271033f4 100644
--- a/pkgs/development/compilers/ghc/head.nix
+++ b/pkgs/development/compilers/ghc/head.nix
@@ -169,10 +169,11 @@ stdenv.mkDerivation rec {
 
   checkTarget = "test";
 
-  # zsh and other shells are smart about `{ghc}` but bash isn't, and doesn't
-  # treat that as a unary `{x,y,z,..}` repetition.
   postInstall = ''
-    paxmark m $out/lib/${name}/bin/${if targetPlatform != hostPlatform then "ghc" else "{ghc,haddock}"}
+    for bin in "$out"/lib/${name}/bin/*; do
+      isELF "$bin" || continue
+      paxmark m "$bin"
+    done
 
     # Install the bash completion file.
     install -D -m 444 utils/completion/ghc.bash $out/share/bash-completion/completions/${targetPrefix}ghc

From c7458ded5c34161a33773f872ab10f0dd0af4b2c Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Sun, 20 May 2018 02:21:37 -0400
Subject: [PATCH 019/102] ghc 8.4.2, head: Adjust enableShared enableTerminfo
 for windows

---
 pkgs/development/compilers/ghc/8.4.2.nix | 7 +++++--
 pkgs/development/compilers/ghc/head.nix  | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix
index 7cdf746c5820..18b229f95cc4 100644
--- a/pkgs/development/compilers/ghc/8.4.2.nix
+++ b/pkgs/development/compilers/ghc/8.4.2.nix
@@ -22,7 +22,10 @@
 
 , # Whether to build dynamic libs for the standard library (on the target
   # platform). Static libs are always built.
-  enableShared ? !targetPlatform.useAndroidPrebuilt
+  enableShared ? !targetPlatform.isWindows && !targetPlatform.useAndroidPrebuilt
+
+, # Whetherto build terminfo.
+  enableTerminfo ? !targetPlatform.isWindows
 
 , # What flavour to build. An empty string indicates no
   # specific flavour and falls back to ghc default values.
@@ -60,7 +63,7 @@ let
   '';
 
   # Splicer will pull out correct variations
-  libDeps = platform: [ ncurses ]
+  libDeps = platform: stdenv.lib.optional enableTerminfo [ ncurses ]
     ++ stdenv.lib.optional (!enableIntegerSimple) gmp
     ++ stdenv.lib.optional (platform.libc != "glibc") libiconv;
 
diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix
index 1fe6271033f4..7e4b26cda25e 100644
--- a/pkgs/development/compilers/ghc/head.nix
+++ b/pkgs/development/compilers/ghc/head.nix
@@ -22,7 +22,10 @@
 
 , # Whether to build dynamic libs for the standard library (on the target
   # platform). Static libs are always built.
-  enableShared ? !targetPlatform.useAndroidPrebuilt
+  enableShared ? !targetPlatform.isWindows && !targetPlatform.useAndroidPrebuilt
+
+, # Whetherto build terminfo.
+  enableTerminfo ? !targetPlatform.isWindows
 
 , version ? "8.5.20180118"
 , # What flavour to build. An empty string indicates no
@@ -61,7 +64,7 @@ let
   '';
 
   # Splicer will pull out correct variations
-  libDeps = platform: [ ncurses ]
+  libDeps = platform: stdenv.lib.optional enableTerminfo [ ncurses ]
     ++ stdenv.lib.optional (!enableIntegerSimple) gmp
     ++ stdenv.lib.optional (platform.libc != "glibc") libiconv;
 

From fe1eec9e24ba24f468649c14529be9d7a7c720d4 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Thu, 3 May 2018 13:54:00 +0800
Subject: [PATCH 020/102] ghc 8.4.2, head: Drop `libiconv` on windows.

nixpkgs#37012 and  nixpkgs#37707 introduces the setup-hooks for libiconv, which inject `-liconv` into the `NIX_LDFLAGS`. This breaks horribly on windows where the linker end up having no idea how to linke `-liconv`. The configure.ac file specifically ignores libiconv on windows.
---
 pkgs/development/compilers/ghc/8.4.2.nix | 4 ++--
 pkgs/development/compilers/ghc/head.nix  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix
index 18b229f95cc4..0eaf64cad812 100644
--- a/pkgs/development/compilers/ghc/8.4.2.nix
+++ b/pkgs/development/compilers/ghc/8.4.2.nix
@@ -65,7 +65,7 @@ let
   # Splicer will pull out correct variations
   libDeps = platform: stdenv.lib.optional enableTerminfo [ ncurses ]
     ++ stdenv.lib.optional (!enableIntegerSimple) gmp
-    ++ stdenv.lib.optional (platform.libc != "glibc") libiconv;
+    ++ stdenv.lib.optional (platform.libc != "glibc" && !targetPlatform.isWindows) libiconv;
 
   toolsForTarget =
     if hostPlatform == buildPlatform then
@@ -134,7 +134,7 @@ stdenv.mkDerivation rec {
     "--with-curses-includes=${ncurses.dev}/include" "--with-curses-libraries=${ncurses.out}/lib"
   ] ++ stdenv.lib.optional (targetPlatform == hostPlatform && ! enableIntegerSimple) [
     "--with-gmp-includes=${gmp.dev}/include" "--with-gmp-libraries=${gmp.out}/lib"
-  ] ++ stdenv.lib.optional (targetPlatform == hostPlatform && hostPlatform.libc != "glibc") [
+  ] ++ stdenv.lib.optional (targetPlatform == hostPlatform && hostPlatform.libc != "glibc" && !targetPlatform.isWindows) [
     "--with-iconv-includes=${libiconv}/include" "--with-iconv-libraries=${libiconv}/lib"
   ] ++ stdenv.lib.optionals (targetPlatform != hostPlatform) [
     "--enable-bootstrap-with-devel-snapshot"
diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix
index 7e4b26cda25e..88cfcf725792 100644
--- a/pkgs/development/compilers/ghc/head.nix
+++ b/pkgs/development/compilers/ghc/head.nix
@@ -66,7 +66,7 @@ let
   # Splicer will pull out correct variations
   libDeps = platform: stdenv.lib.optional enableTerminfo [ ncurses ]
     ++ stdenv.lib.optional (!enableIntegerSimple) gmp
-    ++ stdenv.lib.optional (platform.libc != "glibc") libiconv;
+    ++ stdenv.lib.optional (platform.libc != "glibc" && !targetPlatform.isWindows) libiconv;
 
   toolsForTarget =
     if hostPlatform == buildPlatform then
@@ -132,7 +132,7 @@ stdenv.mkDerivation rec {
     "--with-curses-includes=${ncurses.dev}/include" "--with-curses-libraries=${ncurses.out}/lib"
   ] ++ stdenv.lib.optional (targetPlatform == hostPlatform && ! enableIntegerSimple) [
     "--with-gmp-includes=${gmp.dev}/include" "--with-gmp-libraries=${gmp.out}/lib"
-  ] ++ stdenv.lib.optional (targetPlatform == hostPlatform && hostPlatform.libc != "glibc") [
+  ] ++ stdenv.lib.optional (targetPlatform == hostPlatform && hostPlatform.libc != "glibc" && !targetPlatform.isWindows) [
     "--with-iconv-includes=${libiconv}/include" "--with-iconv-libraries=${libiconv}/lib"
   ] ++ stdenv.lib.optionals (targetPlatform != hostPlatform) [
     "--enable-bootstrap-with-devel-snapshot"

From 2009c76a665435f706a27768d8dba69736ae1282 Mon Sep 17 00:00:00 2001
From: Sebastian Jordan <sebastian.jordan.mail@googlemail.com>
Date: Wed, 23 May 2018 16:44:31 +0200
Subject: [PATCH 021/102] nixos/ipfs: Improve behavior of localDiscovery option

It is no longer required to change the config your ipfs repo manually if you change
localDiscovery option in nixos configuration after ipfs repository initialization.
---
 nixos/modules/services/network-filesystems/ipfs.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix
index b5903d113c57..ab6d3a3d2fa4 100644
--- a/nixos/modules/services/network-filesystems/ipfs.nix
+++ b/nixos/modules/services/network-filesystems/ipfs.nix
@@ -189,9 +189,7 @@ in {
       localDiscovery = mkOption {
         type = types.bool;
         description = ''Whether to enable local discovery for the ipfs daemon.
-          This will prevent ipfs to scan ports on your local network. Some hosting services will ban you if you do.
-
-          This option only has an effect before you initialized ipfs your machine.
+          This will allow ipfs to scan ports on your local network. Some hosting services will ban you if you do this.
         '';
         default = true;
       };
@@ -244,6 +242,11 @@ in {
         if [[ ! -f ${cfg.dataDir}/config ]]; then
           ipfs init ${optionalString cfg.emptyRepo "-e"} \
             ${optionalString (! cfg.localDiscovery) "--profile=server"}
+        else
+          ${if cfg.localDiscovery
+            then "ipfs config profile apply local-discovery"
+            else "ipfs config profile apply server"
+          }
         fi
       '';
 

From 3ab9caa3faf7655fe1c4a861799de4da21d20de5 Mon Sep 17 00:00:00 2001
From: Alexandre Esteves <alexandre.fmp.esteves@gmail.com>
Date: Wed, 23 May 2018 20:32:15 +0100
Subject: [PATCH 022/102] Use requireFile for impure Xcode dependency

---
 .../darwin/ios-sdk-pkgs/default.nix           |  4 +-
 pkgs/os-specific/darwin/xcode/default.nix     | 90 +++++++++----------
 pkgs/top-level/darwin-packages.nix            |  3 +-
 3 files changed, 47 insertions(+), 50 deletions(-)

diff --git a/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix b/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix
index f336b14ee37b..ebca738431c3 100644
--- a/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix
+++ b/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix
@@ -6,6 +6,7 @@
 , wrapBintoolsWith
 , wrapCCWith
 , buildIosSdk, targetIosSdkPkgs
+, xcode
 }:
 
 let
@@ -21,11 +22,10 @@ iosPlatformArch = { parsed, ... }: {
 in
 
 rec {
-  # TODO(kmicklas): Make a pure version of this for each supported SDK version.
   sdk = rec {
     name = "ios-sdk";
     type = "derivation";
-    outPath = "/Applications/Xcode.app/Contents/Developer/Platforms/iPhone${sdkType}.platform/Developer/SDKs/iPhone${sdkType}${version}.sdk";
+    outPath = xcode + "/Contents/Developer/Platforms/iPhone${sdkType}.platform/Developer/SDKs/iPhone${sdkType}${version}.sdk";
 
     sdkType = if targetPlatform.isiPhoneSimulator then "Simulator" else "OS";
     version = targetPlatform.sdkVer;
diff --git a/pkgs/os-specific/darwin/xcode/default.nix b/pkgs/os-specific/darwin/xcode/default.nix
index d3a9ec012ebf..bed4cd6490d1 100644
--- a/pkgs/os-specific/darwin/xcode/default.nix
+++ b/pkgs/os-specific/darwin/xcode/default.nix
@@ -1,52 +1,48 @@
-{ stdenv, requireFile, xpwn }:
+{ stdenv, requireFile }:
 
-with stdenv.lib;
+let requireXcode = version: sha256:
+  let
+    xip = "Xcode_" + version +  ".xip";
+    # TODO(alexfmpe): Find out how to validate the .xip signature in Linux
+    unxip = if stdenv.isDarwin
+            then ''
+              open -W ${xip}
+              rm -rf ${xip}
+            ''
+            else ''
+              xar -xf ${xip}
+              rm -rf ${xip}
+              pbzx -n Content | cpio -i
+              rm Content Metadata
+            '';
+    app = requireFile rec {
+      name     = "Xcode.app";
+      url      = "https://download.developer.apple.com/Developer_Tools/Xcode_" + version + "/" + xip;
+      hashMode = "recursive";
+      inherit sha256;
+      message  = ''
+        Unfortunately, we cannot download ${name} automatically.
+        Please go to ${url}
+        to download it yourself, and add it to the Nix store by running the following commands."
+        Note: download (~ 5GB), extraction and storing of Xcode will take a while
 
-let
-  osxVersion = "10.9";
-in stdenv.mkDerivation rec {
-  name = "xcode-${version}";
-  version = "5.1";
+        ${unxip}
+        nix-store --add-fixed --recursive sha256 Xcode.app
+        rm -rf Xcode.app
+      '';
+    };
+    meta = with stdenv.lib; {
+      homepage = https://developer.apple.com/downloads/;
+      description = "Apple's XCode SDK";
+      license = licenses.unfree;
+      platforms = platforms.darwin ++ platforms.linux;
+    };
 
-  src = requireFile {
-    name = "xcode_${version}.dmg";
-    url = meta.homepage;
-    sha256 = "70bb550cc14eca80b9825f4ae9bfbf7f076bb75777311be428bc30a7eb7a6f7e";
-  };
+  in app.overrideAttrs ( oldAttrs: oldAttrs // { inherit meta; });
 
-  phases = [ "unpackPhase" "patchPhase" "installPhase" "fixupPhase" ];
-  outputs = [ "out" "toolchain" ];
-
-
-  unpackCmd = let
-    basePath = "Xcode.app/Contents/Developer/Platforms/MacOSX.platform";
-    sdkPath = "${basePath}/Developer/SDKs";
-  in ''
-    ${xpwn}/bin/dmg extract "$curSrc" main.hfs > /dev/null
-    ${xpwn}/bin/hfsplus main.hfs extractall "${sdkPath}" > /dev/null
-  '';
-
-  setSourceRoot = "sourceRoot=MacOSX${osxVersion}.sdk";
-
-  patches = optional (osxVersion == "10.9") ./gcc-fix-enum-attributes.patch;
-
-  installPhase = ''
-    mkdir -p "$out/share/sysroot"
-    cp -a * "$out/share/sysroot/"
-    ln -s "$out/share/sysroot/usr/lib" "$out/lib"
-    ln -s "$out/share/sysroot/usr/include" "$out/include"
-
-    mkdir -p "$toolchain"
-    pushd "$toolchain"
-    ${xpwn}/bin/hfsplus "$(dirs +1)/../main.hfs" extractall \
-      Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr \
-      > /dev/null
-    popd
-  '';
-
-  meta = {
-    homepage = https://developer.apple.com/downloads/;
-    description = "Apple's XCode SDK";
-    license = stdenv.lib.licenses.unfree;
-  };
+in {
+  xcode_8_1 = requireXcode "8.1" "18xjvfipwzia66gm3r9p770xdd4r375vak7chw5vgqnv9yyjiq2n";
+  xcode_8_2 = requireXcode "8.2" "13nd1zsfqcp9hwp15hndr0rsbb8rgprrz7zr2ablj4697qca06m2";
+  xcode_9_1 = requireXcode "9.1" "0ab1403wy84ys3yn26fj78cazhpnslmh3nzzp1wxib3mr1afjvic";
+  xcode_9_2 = requireXcode "9.2" "1bgfgdp266cbbqf2axcflz92frzvhi0qw0jdkcw6r85kdpc8dj4c";
 }
diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix
index 907ec0c75924..a53b16919ee3 100644
--- a/pkgs/top-level/darwin-packages.nix
+++ b/pkgs/top-level/darwin-packages.nix
@@ -47,6 +47,7 @@ in
   iosSdkPkgs = darwin.callPackage ../os-specific/darwin/ios-sdk-pkgs {
     buildIosSdk = buildPackages.darwin.iosSdkPkgs.sdk;
     targetIosSdkPkgs = targetPackages.darwin.iosSdkPkgs;
+    xcode = darwin.xcode_8_2;
     inherit (pkgs.llvmPackages) clang-unwrapped;
   };
 
@@ -68,7 +69,7 @@ in
 
   usr-include = callPackage ../os-specific/darwin/usr-include { };
 
-  xcode = callPackage ../os-specific/darwin/xcode { };
+  inherit (callPackages ../os-specific/darwin/xcode { } ) xcode_8_1 xcode_8_2 xcode_9_1 xcode_9_2;
 
   CoreSymbolication = callPackage ../os-specific/darwin/CoreSymbolication { };
 

From 6f65b7a93642953fe7c545395cc824f0b00b1812 Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Wed, 23 May 2018 21:51:58 +0200
Subject: [PATCH 023/102] pythonPackages.raven: 6.7.0 -> 6.8.0

---
 pkgs/development/python-modules/raven/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/raven/default.nix b/pkgs/development/python-modules/raven/default.nix
index 2052d4421e5e..9ec3f7c156ed 100644
--- a/pkgs/development/python-modules/raven/default.nix
+++ b/pkgs/development/python-modules/raven/default.nix
@@ -4,13 +4,13 @@
 
 buildPythonPackage rec {
   pname = "raven";
-  version = "6.7.0";
+  version = "6.8.0";
 
   src = fetchFromGitHub {
     owner = "getsentry";
     repo = "raven-python";
     rev = version;
-    sha256 = "0vb6zczfgrrh0qw5wlbvk703r11y091k6r53fbbhpbwh4hva30nx";
+    sha256 = "0d052nns0pf1bsazapnnrylvair37vhnjaifsdldddqv05ccfc57";
   };
 
   # way too many dependencies to run tests

From ca2f49d1f0ce38a6d167160628a021635cc5f566 Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Wed, 23 May 2018 22:01:45 +0200
Subject: [PATCH 024/102] gns3Packages.{server,gui}{Stable,Preview}: 2.1.5 ->
 2.1.6

---
 pkgs/applications/networking/gns3/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/gns3/default.nix b/pkgs/applications/networking/gns3/default.nix
index 74287dc6af4e..91bcfc73f2c7 100644
--- a/pkgs/applications/networking/gns3/default.nix
+++ b/pkgs/applications/networking/gns3/default.nix
@@ -1,7 +1,7 @@
 { callPackage, stdenv }:
 
 let
-  stableVersion = "2.1.5";
+  stableVersion = "2.1.6";
   # Currently there is no preview version.
   previewVersion = stableVersion;
   addVersion = args:
@@ -10,8 +10,8 @@ let
     in args // { inherit version branch; };
   mkGui = args: callPackage (import ./gui.nix (addVersion args)) { };
   mkServer = args: callPackage (import ./server.nix (addVersion args)) { };
-  guiSrcHash = "1d7pwm36bqjm0d021z5qnx49v8zf4yi9jn5hn6zlbiqbz53l1x7l";
-  serverSrcHash = "002pqm4jcm5qbbw1vnhjdrgysh7d6xmdl66605wz1vbp7xn5s961";
+  guiSrcHash = "0wrh0x5ig2x2pxyyf99z4bfiyxn19akyjic5kgf0pv2snifw2481";
+  serverSrcHash = "0jy5700bshz54mdsh5qpcb2qrczg9isxhr4y0bmglrl23pywvisc";
 in {
   guiStable = mkGui {
     stable = true;

From 7d40f48c867339aa95ef89c8718250e20c3c6715 Mon Sep 17 00:00:00 2001
From: Matthew Justin Bauer <mjbauer95@gmail.com>
Date: Wed, 23 May 2018 16:20:24 -0500
Subject: [PATCH 025/102] kodi.plugins: fix homepage typo

---
 pkgs/applications/video/kodi/plugins.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/video/kodi/plugins.nix b/pkgs/applications/video/kodi/plugins.nix
index f263182c6fc1..4d6b18854549 100644
--- a/pkgs/applications/video/kodi/plugins.nix
+++ b/pkgs/applications/video/kodi/plugins.nix
@@ -353,7 +353,7 @@ rec {
     };
 
     meta = with stdenv.lib; {
-      homepage = https://github.com/omsc/skin.osmc;
+      homepage = https://github.com/osmc/skin.osmc;
       description = "The default skin for OSMC";
       platforms = platforms.all;
       maintainers = with maintainers; [ worldofpeace ];

From 6d31c68e1995c62c1c4ea46214ca45e8361c423d Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Wed, 23 May 2018 17:45:21 -0400
Subject: [PATCH 026/102] linux: 4.9.101 -> 4.9.102

---
 pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 15a8d63651d5..e550f4d44f8f 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.101";
+  version = "4.9.102";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "005awyjylyp7di8cy269923j7wsvv74s42k7955fq0790wmx15dg";
+    sha256 = "1icx253l8s158d1ccn594ddkqdxch8jr0w6kbj00jn1dlmms6mfi";
   };
 } // (args.argsOverride or {}))

From 8758c001602b564aa5118868a3dc7e162b752832 Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Wed, 23 May 2018 17:45:38 -0400
Subject: [PATCH 027/102] linux: 4.14.42 -> 4.14.43

---
 pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index 16d597e1640d..a9e2cd7c5c1e 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,13 +3,13 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.14.42";
+  version = "4.14.43";
 
   # branchVersion needs to be x.y
   extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version)));
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "00wh8ydawy6j18as28albzid88cm2aanzr8vz367jjp2k5pi00rb";
+    sha256 = "0jkikvjsrz7wk1zx57brzhhs15gbx022f1as4mn0017az7wc0gqk";
   };
 } // (args.argsOverride or {}))

From 69dad57049ff4cabdd2cf283b81c08a1e0eb149d Mon Sep 17 00:00:00 2001
From: Tim Steinbach <tim@nequissimus.com>
Date: Wed, 23 May 2018 17:45:58 -0400
Subject: [PATCH 028/102] linux: 4.16.10 -> 4.16.11

---
 pkgs/os-specific/linux/kernel/linux-4.16.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-4.16.nix b/pkgs/os-specific/linux/kernel/linux-4.16.nix
index 7039c460c5c4..5aebbd6c1e1b 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.16.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.16.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.16.10";
+  version = "4.16.11";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1gnf16p4rmibcn3wn5zp4pl2zmhgk4dg6718gvdr8vcffd87ksc0";
+    sha256 = "088931hgi5acm8nz19nd09skmamr3hhfb958374j30br6f94pfkd";
   };
 } // (args.argsOverride or {}))

From b656e03aae96dc135296a2336ea3bc056e212762 Mon Sep 17 00:00:00 2001
From: Alvar <geistesk@users.noreply.github.com>
Date: Thu, 24 May 2018 01:08:37 +0200
Subject: [PATCH 029/102] pythonPackages.pynmea2: init at 1.12.0 (#40757)

---
 .../python-modules/pynmea2/default.nix        | 21 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 23 insertions(+)
 create mode 100644 pkgs/development/python-modules/pynmea2/default.nix

diff --git a/pkgs/development/python-modules/pynmea2/default.nix b/pkgs/development/python-modules/pynmea2/default.nix
new file mode 100644
index 000000000000..c217e8406e12
--- /dev/null
+++ b/pkgs/development/python-modules/pynmea2/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildPythonPackage, fetchPypi, pytest }:
+
+buildPythonPackage rec {
+  pname = "pynmea2";
+  version = "1.12.0";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "185wxn8gag9whxmysspbh8s7wn3sh1glgf508w2zzwi4lklryl7i";
+  };
+
+  checkInputs = [ pytest ];
+  checkPhase = "pytest";
+
+  meta = {
+    homepage = https://github.com/Knio/pynmea2;
+    description = "Python library for the NMEA 0183 protcol";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ geistesk ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 9349cc3711ae..6f595f27bffd 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -11262,6 +11262,8 @@ in {
     inherit (pkgs) fetchurl systemd;
   };
 
+  pynmea2 = callPackage ../development/python-modules/pynmea2 {};
+
   pynzb = buildPythonPackage (rec {
     name = "pynzb-0.1.0";
 

From 16728fa4ee8ded39da1ae2d2437396e406f0cd0e Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Thu, 24 May 2018 01:32:20 +0200
Subject: [PATCH 030/102] zziplib: gdraheim/zziplib#27 is not an issue anymore

fix included in 0.13.69, which was bumped in
3f36f6095fef0b83b9e8f5fc9d0b8ad42dfccaa6.
---
 pkgs/development/libraries/zziplib/default.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkgs/development/libraries/zziplib/default.nix b/pkgs/development/libraries/zziplib/default.nix
index b59cb47eae57..6aede4e9653f 100644
--- a/pkgs/development/libraries/zziplib/default.nix
+++ b/pkgs/development/libraries/zziplib/default.nix
@@ -13,8 +13,6 @@ stdenv.mkDerivation rec {
     sed -i -e s,--export-dynamic,, configure
   '';
 
-  # TODO: still an issue: https://github.com/gdraheim/zziplib/issues/27
-
   buildInputs = [ docbook_xml_dtd_412 perl python2 zip xmlto zlib ];
 
   # tests are broken (https://github.com/gdraheim/zziplib/issues/20),

From 6980edf2ba7135a855d12479b25fa4686b5adc25 Mon Sep 17 00:00:00 2001
From: Austin Seipp <aseipp@pobox.com>
Date: Wed, 23 May 2018 04:05:39 -0500
Subject: [PATCH 031/102] pythonPackages.torchvision: 0.1.9 -> 0.2.1

Signed-off-by: Austin Seipp <aseipp@pobox.com>
---
 pkgs/development/python-modules/torchvision/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/torchvision/default.nix b/pkgs/development/python-modules/torchvision/default.nix
index ebda3a92fc45..5dace76c9b2c 100644
--- a/pkgs/development/python-modules/torchvision/default.nix
+++ b/pkgs/development/python-modules/torchvision/default.nix
@@ -4,10 +4,11 @@
 , numpy
 , pillow
 , pytorch
-, lib }:
+, lib
+}:
 
 buildPythonPackage rec {
-  version = "0.1.9";
+  version = "0.2.1";
   pname   = "torchvision";
   name    = "${pname}-${version}";
 
@@ -16,7 +17,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     inherit pname version;
     format = "wheel";
-    sha256 = "016rjfh9w1x4xpw15ryxsvq3j2li17nd3a7qslnf3241hc6vdcwf";
+    sha256 = "18gvdabkmzfjg47ns0lw38mf85ry28nq1mas5rzlwvb4l5zmw2ms";
   };
 
   propagatedBuildInputs = [ six numpy pillow pytorch ];

From 7adae10a8632213428d5b6e49d5829974b6a0102 Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Date: Sun, 20 May 2018 16:46:11 +0300
Subject: [PATCH 032/102] nixos/programs/shell.nix: Quote variables

In practice $HOME doesn't contain spaces, but let's stick to best
shell scripting practices anyway.
---
 nixos/modules/programs/shell.nix | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix
index 3504a8a924b0..d2928a0e6b17 100644
--- a/nixos/modules/programs/shell.nix
+++ b/nixos/modules/programs/shell.nix
@@ -23,39 +23,39 @@ in
     environment.shellInit =
       ''
         # Set up the per-user profile.
-        mkdir -m 0755 -p $NIX_USER_PROFILE_DIR
-        if test "$(stat --printf '%u' $NIX_USER_PROFILE_DIR)" != "$(id -u)"; then
+        mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
+        if test "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)"; then
             echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
         fi
 
-        if test -w $HOME; then
-          if ! test -L $HOME/.nix-profile; then
+        if test -w "$HOME"; then
+          if ! test -L "$HOME/.nix-profile"; then
               if test "$USER" != root; then
-                  ln -s $NIX_USER_PROFILE_DIR/profile $HOME/.nix-profile
+                  ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile"
               else
                   # Root installs in the system-wide profile by default.
-                  ln -s /nix/var/nix/profiles/default $HOME/.nix-profile
+                  ln -s /nix/var/nix/profiles/default "$HOME/.nix-profile"
               fi
           fi
 
           # Subscribe the root user to the NixOS channel by default.
-          if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then
-              echo "${config.system.nixos.defaultChannel} nixos" > $HOME/.nix-channels
+          if [ "$USER" = root -a ! -e "$HOME/.nix-channels" ]; then
+              echo "${config.system.nixos.defaultChannel} nixos" > "$HOME/.nix-channels"
           fi
 
           # Create the per-user garbage collector roots directory.
-          NIX_USER_GCROOTS_DIR=/nix/var/nix/gcroots/per-user/$USER
-          mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR
-          if test "$(stat --printf '%u' $NIX_USER_GCROOTS_DIR)" != "$(id -u)"; then
+          NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
+          mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
+          if test "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)"; then
               echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
           fi
 
           # Set up a default Nix expression from which to install stuff.
-          if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
-              rm -f $HOME/.nix-defexpr
-              mkdir -p $HOME/.nix-defexpr
+          if [ ! -e "$HOME/.nix-defexpr" -o -L "$HOME/.nix-defexpr" ]; then
+              rm -f "$HOME/.nix-defexpr"
+              mkdir -p "$HOME/.nix-defexpr"
               if [ "$USER" != root ]; then
-                  ln -s /nix/var/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
+                  ln -s /nix/var/nix/profiles/per-user/root/channels "$HOME/.nix-defexpr/channels_root"
               fi
           fi
         fi

From 3cfb492c630ef51967f9c5066a806f318cc2b06b Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Date: Sun, 20 May 2018 16:48:13 +0300
Subject: [PATCH 033/102] nixos/programs/shell.nix: Use [ ] instead of test

Half of the script is using 'test' and other half '[ ]'. Let's stick to
'[ ]' everywhere as it seems more conventional in nixpkgs.
---
 nixos/modules/programs/shell.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix
index d2928a0e6b17..579631c425cd 100644
--- a/nixos/modules/programs/shell.nix
+++ b/nixos/modules/programs/shell.nix
@@ -24,13 +24,13 @@ in
       ''
         # Set up the per-user profile.
         mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
-        if test "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)"; then
+        if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
             echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
         fi
 
-        if test -w "$HOME"; then
-          if ! test -L "$HOME/.nix-profile"; then
-              if test "$USER" != root; then
+        if [ -w "$HOME" ]; then
+          if ! [ -L "$HOME/.nix-profile" ]; then
+              if [ "$USER" != root ]; then
                   ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile"
               else
                   # Root installs in the system-wide profile by default.
@@ -46,7 +46,7 @@ in
           # Create the per-user garbage collector roots directory.
           NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
           mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
-          if test "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)"; then
+          if [ "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
               echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
           fi
 

From 6f1f11af4c382c73667e522b47045beab939812b Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Date: Sun, 20 May 2018 16:48:32 +0300
Subject: [PATCH 034/102] nixos/programs/shell.nix: Enhance bad ownership error
 message

Steal this from scripts/nix-profile.sh.in in Nix to keep things more
consistent.
---
 nixos/modules/programs/shell.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix
index 579631c425cd..56fe347528bd 100644
--- a/nixos/modules/programs/shell.nix
+++ b/nixos/modules/programs/shell.nix
@@ -25,7 +25,7 @@ in
         # Set up the per-user profile.
         mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
         if [ "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
-            echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
+            echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR, should be $(id -u)" >&2
         fi
 
         if [ -w "$HOME" ]; then
@@ -47,7 +47,7 @@ in
           NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
           mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
           if [ "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
-              echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
+              echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR, should be $(id -u)" >&2
           fi
 
           # Set up a default Nix expression from which to install stuff.

From e91d3c91798b8e2e5746185650418bc328536dd3 Mon Sep 17 00:00:00 2001
From: WilliButz <wbutz@cyberfnord.de>
Date: Thu, 19 Apr 2018 12:23:00 +0200
Subject: [PATCH 035/102] nixos/oxidized: add module

---
 nixos/modules/module-list.nix             |   1 +
 nixos/modules/services/admin/oxidized.nix | 116 ++++++++++++++++++++++
 2 files changed, 117 insertions(+)
 create mode 100644 nixos/modules/services/admin/oxidized.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index d5cfd87520c5..65b4cfd7e0b5 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -150,6 +150,7 @@
   ./security/rtkit.nix
   ./security/wrappers/default.nix
   ./security/sudo.nix
+  ./services/admin/oxidized.nix
   ./services/admin/salt/master.nix
   ./services/admin/salt/minion.nix
   ./services/amqp/activemq/default.nix
diff --git a/nixos/modules/services/admin/oxidized.nix b/nixos/modules/services/admin/oxidized.nix
new file mode 100644
index 000000000000..891ca6323c3c
--- /dev/null
+++ b/nixos/modules/services/admin/oxidized.nix
@@ -0,0 +1,116 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.oxidized;
+in
+{
+  options.services.oxidized = {
+    enable = mkEnableOption "the oxidized configuation backup service.";
+
+    user = mkOption {
+      type = types.str;
+      default = "oxidized";
+      description = ''
+        User under which the oxidized service runs.
+      '';
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "oxidized";
+      description = ''
+        Group under which the oxidized service runs.
+      '';
+    };
+
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/oxidized";
+      description = "State directory for the oxidized service.";
+    };
+
+    configFile = mkOption {
+      type = types.path;
+      example = literalExample ''
+        pkgs.writeText "oxidized-config.yml" '''
+          ---
+          debug: true
+          use_syslog: true
+          input:
+            default: ssh
+            ssh:
+              secure: true
+          interval: 3600
+          model_map:
+            dell: powerconnect
+            hp: procurve
+          source:
+            default: csv
+            csv:
+              delimiter: !ruby/regexp /:/
+              file: "/var/lib/oxidized/.config/oxidized/router.db"
+              map:
+                name: 0
+                model: 1
+                username: 2
+                password: 3
+          pid: "/var/lib/oxidized/.config/oxidized/pid"
+          rest: 127.0.0.1:8888
+          retries: 3
+          # ... additional config
+        ''';
+      '';
+      description = ''
+        Path to the oxidized configuration file.
+      '';
+    };
+
+    routerDB = mkOption {
+      type = types.path;
+      example = literalExample ''
+        pkgs.writeText "oxidized-router.db" '''
+          hostname-sw1:powerconnect:username1:password2
+          hostname-sw2:procurve:username2:password2
+          # ... additional hosts
+        '''
+      '';
+      description = ''
+        Path to the file/database which contains the targets for oxidized.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.extraGroups.${cfg.group} = { };
+    users.extraUsers.${cfg.user} = {
+      description = "Oxidized service user";
+      group = cfg.group;
+      home = cfg.dataDir;
+      createHome = true;
+    };
+
+    systemd.services.oxidized = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      preStart = ''
+        mkdir -p ${cfg.dataDir}/.config/oxidized
+        cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
+        cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
+      '';
+
+      serviceConfig = {
+        ExecStart = "${pkgs.oxidized}/bin/oxidized";
+        User = cfg.user;
+        Group = cfg.group;
+        UMask = "0077";
+        NoNewPrivileges = true;
+        Restart  = "always";
+        WorkingDirectory = cfg.dataDir;
+        KillSignal = "SIGKILL";
+      };
+    };
+  };
+}

From dc433b476eb72db89c990676e8f64e21b91c1807 Mon Sep 17 00:00:00 2001
From: WilliButz <wbutz@cyberfnord.de>
Date: Thu, 19 Apr 2018 12:18:49 +0200
Subject: [PATCH 036/102] oxidized: init at 0.21.0

---
 .../ruby-modules/gem-config/default.nix       |   7 +
 pkgs/tools/admin/oxidized/Gemfile             |   5 +
 pkgs/tools/admin/oxidized/Gemfile.lock        |  69 ++++++
 pkgs/tools/admin/oxidized/default.nix         |  18 ++
 pkgs/tools/admin/oxidized/gemset.nix          | 206 ++++++++++++++++++
 .../admin/oxidized/temporary-x-series.patch   |  13 ++
 pkgs/top-level/all-packages.nix               |   2 +
 7 files changed, 320 insertions(+)
 create mode 100644 pkgs/tools/admin/oxidized/Gemfile
 create mode 100644 pkgs/tools/admin/oxidized/Gemfile.lock
 create mode 100644 pkgs/tools/admin/oxidized/default.nix
 create mode 100644 pkgs/tools/admin/oxidized/gemset.nix
 create mode 100644 pkgs/tools/admin/oxidized/temporary-x-series.patch

diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix
index 83ab5e0d86ff..60697e72d724 100644
--- a/pkgs/development/ruby-modules/gem-config/default.nix
+++ b/pkgs/development/ruby-modules/gem-config/default.nix
@@ -208,6 +208,13 @@ in
     ] ++ lib.optional stdenv.isDarwin "--with-iconv-dir=${libiconv}";
   };
 
+  oxidized = attrs: {
+    postInstall = ''
+      cd "$(cat "$out/nix-support/gem-meta/install-path")"
+      patch -p1 < ${../../../tools/admin/oxidized/temporary-x-series.patch}
+    '';
+  };
+
   pango = attrs: {
   nativeBuildInputs = [ pkgconfig ];
     buildInputs = [ gtk2 xorg.libXdmcp pcre xorg.libpthreadstubs ];
diff --git a/pkgs/tools/admin/oxidized/Gemfile b/pkgs/tools/admin/oxidized/Gemfile
new file mode 100644
index 000000000000..6a9a4254b11b
--- /dev/null
+++ b/pkgs/tools/admin/oxidized/Gemfile
@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gem 'oxidized'
+gem 'oxidized-web'
+gem 'oxidized-script'
diff --git a/pkgs/tools/admin/oxidized/Gemfile.lock b/pkgs/tools/admin/oxidized/Gemfile.lock
new file mode 100644
index 000000000000..1570adbcf089
--- /dev/null
+++ b/pkgs/tools/admin/oxidized/Gemfile.lock
@@ -0,0 +1,69 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    asetus (0.3.0)
+    backports (3.11.2)
+    emk-sinatra-url-for (0.2.1)
+      sinatra (>= 0.9.1.1)
+    ffi (1.9.23)
+    haml (4.0.7)
+      tilt
+    htmlentities (4.3.4)
+    multi_json (1.13.1)
+    net-ssh (4.1.0)
+    oxidized (0.21.0)
+      asetus (~> 0.1)
+      net-ssh (~> 4.1.0)
+      rugged (~> 0.21, >= 0.21.4)
+      slop (~> 3.5)
+    oxidized-script (0.5.0)
+      oxidized (~> 0.21.0)
+      slop (~> 3.5)
+    oxidized-web (0.9.3)
+      emk-sinatra-url-for (~> 0.2)
+      haml (~> 4.0)
+      htmlentities (~> 4.3)
+      oxidized (~> 0.21.0)
+      puma (~> 3)
+      sass (~> 3.3)
+      sinatra (~> 1.4, >= 1.4.6)
+      sinatra-contrib (~> 1.4, >= 1.4.6)
+    puma (3.11.3)
+    rack (1.6.9)
+    rack-protection (1.5.5)
+      rack
+    rack-test (1.0.0)
+      rack (>= 1.0, < 3)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rugged (0.27.0)
+    sass (3.5.6)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sinatra (1.4.8)
+      rack (~> 1.5)
+      rack-protection (~> 1.4)
+      tilt (>= 1.3, < 3)
+    sinatra-contrib (1.4.7)
+      backports (>= 2.0)
+      multi_json
+      rack-protection
+      rack-test
+      sinatra (~> 1.4.0)
+      tilt (>= 1.3, < 3)
+    slop (3.6.0)
+    tilt (2.0.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  oxidized
+  oxidized-script
+  oxidized-web
+
+BUNDLED WITH
+   1.14.6
diff --git a/pkgs/tools/admin/oxidized/default.nix b/pkgs/tools/admin/oxidized/default.nix
new file mode 100644
index 000000000000..590f6ea55ca7
--- /dev/null
+++ b/pkgs/tools/admin/oxidized/default.nix
@@ -0,0 +1,18 @@
+{ lib, fetchFromGitHub, ruby, git, bundlerApp }:
+
+bundlerApp rec {
+  pname = "oxidized";
+  gemdir = ./.;
+
+  inherit ruby;
+
+  exes = [ "oxidized" "oxidized-web" "oxidized-script" ];
+
+  meta = with lib; {
+    description = "Oxidized is a network device configuration backup tool. It's a RANCID replacement!";
+    homepage    = https://github.com/ytti/oxidized;
+    license     = licenses.asl20;
+    maintainers = [ maintainers.willibutz ];
+    platforms   = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/admin/oxidized/gemset.nix b/pkgs/tools/admin/oxidized/gemset.nix
new file mode 100644
index 000000000000..f472b14e7967
--- /dev/null
+++ b/pkgs/tools/admin/oxidized/gemset.nix
@@ -0,0 +1,206 @@
+{
+  asetus = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1zkr8cbp8klanqmhzz7qmimzlxh6zmsy98zb3s75af34l7znq790";
+      type = "gem";
+    };
+    version = "0.3.0";
+  };
+  backports = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0sw58rsz1hl821ia1jj3nnl3jr7xwfkcljgs56kpq3fakzcljcdz";
+      type = "gem";
+    };
+    version = "3.11.2";
+  };
+  emk-sinatra-url-for = {
+    dependencies = ["sinatra"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0rd5b1lraklv0hblzdnmw2z3dragfg0qqk7wxbpn58f8y7jxzjgj";
+      type = "gem";
+    };
+    version = "0.2.1";
+  };
+  ffi = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0zw6pbyvmj8wafdc7l5h7w20zkp1vbr2805ql5d941g2b20pk4zr";
+      type = "gem";
+    };
+    version = "1.9.23";
+  };
+  haml = {
+    dependencies = ["tilt"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0mrzjgkygvfii66bbylj2j93na8i89998yi01fin3whwqbvx0m1p";
+      type = "gem";
+    };
+    version = "4.0.7";
+  };
+  htmlentities = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1nkklqsn8ir8wizzlakncfv42i32wc0w9hxp00hvdlgjr7376nhj";
+      type = "gem";
+    };
+    version = "4.3.4";
+  };
+  multi_json = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1rl0qy4inf1mp8mybfk56dfga0mvx97zwpmq5xmiwl5r770171nv";
+      type = "gem";
+    };
+    version = "1.13.1";
+  };
+  net-ssh = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "013p5jb4wy0cq7x7036piw2a3s1i9p752ki1srx2m289mpz4ml3q";
+      type = "gem";
+    };
+    version = "4.1.0";
+  };
+  oxidized = {
+    dependencies = ["asetus" "net-ssh" "rugged" "slop"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0xqx0iawj2cm6083a61y43d6a76xaypiw0nkyirx02lhynq07yz0";
+      type = "gem";
+    };
+    version = "0.21.0";
+  };
+  oxidized-script = {
+    dependencies = ["oxidized" "slop"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "12c15gksrrar9kradcv6mx2d4a8ixa4lykszb4pcapiw5mi35mxp";
+      type = "gem";
+    };
+    version = "0.5.0";
+  };
+  oxidized-web = {
+    dependencies = ["emk-sinatra-url-for" "haml" "htmlentities" "oxidized" "puma" "sass" "sinatra" "sinatra-contrib"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "14s10pr8qaq6g19zi753igngp02li46k3nm5ap537r3743v1l4f9";
+      type = "gem";
+    };
+    version = "0.9.3";
+  };
+  puma = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "03313mnx8n6g9qs9l5zafqq90grrhq2nqrmjs8lsffi28mgd3cfd";
+      type = "gem";
+    };
+    version = "3.11.3";
+  };
+  rack = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "03w1ri5l91q800f1bdcdl5rbagy7s4kml136b42s2lmxmznxhr07";
+      type = "gem";
+    };
+    version = "1.6.9";
+  };
+  rack-protection = {
+    dependencies = ["rack"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0my0wlw4a5l3hs79jkx2xzv7djhajgf8d28k8ai1ddlnxxb0v7ss";
+      type = "gem";
+    };
+    version = "1.5.5";
+  };
+  rack-test = {
+    dependencies = ["rack"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1l799s5qr2qrshvrggq5ch3v235y491zfww07b39w4pj4vpa65l1";
+      type = "gem";
+    };
+    version = "1.0.0";
+  };
+  rb-fsevent = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1lm1k7wpz69jx7jrc92w3ggczkjyjbfziq5mg62vjnxmzs383xx8";
+      type = "gem";
+    };
+    version = "0.10.3";
+  };
+  rb-inotify = {
+    dependencies = ["ffi"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0yfsgw5n7pkpyky6a9wkf1g9jafxb0ja7gz0qw0y14fd2jnzfh71";
+      type = "gem";
+    };
+    version = "0.9.10";
+  };
+  rugged = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0q1krxgd0ql03x8m9m05x5sxizw5sc7lms7rkp44qf45grpdk3v3";
+      type = "gem";
+    };
+    version = "0.27.0";
+  };
+  sass = {
+    dependencies = ["sass-listen"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "19wyzp9qsg8hdkkxlsv713w0qmy66qrdp0shj42587ssx4qhrlag";
+      type = "gem";
+    };
+    version = "3.5.6";
+  };
+  sass-listen = {
+    dependencies = ["rb-fsevent" "rb-inotify"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0xw3q46cmahkgyldid5hwyiwacp590zj2vmswlll68ryvmvcp7df";
+      type = "gem";
+    };
+    version = "4.0.0";
+  };
+  sinatra = {
+    dependencies = ["rack" "rack-protection" "tilt"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0byxzl7rx3ki0xd7aiv1x8mbah7hzd8f81l65nq8857kmgzj1jqq";
+      type = "gem";
+    };
+    version = "1.4.8";
+  };
+  sinatra-contrib = {
+    dependencies = ["backports" "multi_json" "rack-protection" "rack-test" "sinatra" "tilt"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0vi3i0icbi2figiayxpvxbqpbn1syma7w4p4zw5mav1ln4c7jnfr";
+      type = "gem";
+    };
+    version = "1.4.7";
+  };
+  slop = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "00w8g3j7k7kl8ri2cf1m58ckxk8rn350gp4chfscmgv6pq1spk3n";
+      type = "gem";
+    };
+    version = "3.6.0";
+  };
+  tilt = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0020mrgdf11q23hm1ddd6fv691l51vi10af00f137ilcdb2ycfra";
+      type = "gem";
+    };
+    version = "2.0.8";
+  };
+}
diff --git a/pkgs/tools/admin/oxidized/temporary-x-series.patch b/pkgs/tools/admin/oxidized/temporary-x-series.patch
new file mode 100644
index 000000000000..ef6234dc40b9
--- /dev/null
+++ b/pkgs/tools/admin/oxidized/temporary-x-series.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/oxidized/model/powerconnect.rb b/lib/oxidized/model/powerconnect.rb
+index f602a36..3f3a0f9 100644
+--- a/lib/oxidized/model/powerconnect.rb
++++ b/lib/oxidized/model/powerconnect.rb
+@@ -4,7 +4,7 @@ class PowerConnect < Oxidized::Model
+ 
+   comment  '! '
+ 
+-  expect /^\s*--More--\s+.*$/ do |data, re|
++  expect /^([[:cntrl:]]...More:|\s*--More--\s+).*$/ do |data, re|
+      send ' '
+      data.sub re, ''
+   end
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0778f73d4eef..84311e2559e1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4231,6 +4231,8 @@ with pkgs;
 
   owncloud-client = libsForQt5.callPackage ../applications/networking/owncloud-client { };
 
+  oxidized = callPackage ../tools/admin/oxidized { };
+
   oxipng = callPackage ../tools/graphics/oxipng { };
 
   p2pvc = callPackage ../applications/video/p2pvc {};

From 400484008c4e95eac3244d7fb8fb24f25be14df9 Mon Sep 17 00:00:00 2001
From: WilliButz <wbutz@cyberfnord.de>
Date: Thu, 26 Apr 2018 19:13:35 +0200
Subject: [PATCH 037/102] oxidized: temperature patch for x-series

---
 pkgs/tools/admin/oxidized/temporary-x-series.patch | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/admin/oxidized/temporary-x-series.patch b/pkgs/tools/admin/oxidized/temporary-x-series.patch
index ef6234dc40b9..bf7ee992db18 100644
--- a/pkgs/tools/admin/oxidized/temporary-x-series.patch
+++ b/pkgs/tools/admin/oxidized/temporary-x-series.patch
@@ -1,5 +1,5 @@
 diff --git a/lib/oxidized/model/powerconnect.rb b/lib/oxidized/model/powerconnect.rb
-index f602a36..3f3a0f9 100644
+index f602a36..3bac2d1 100644
 --- a/lib/oxidized/model/powerconnect.rb
 +++ b/lib/oxidized/model/powerconnect.rb
 @@ -4,7 +4,7 @@ class PowerConnect < Oxidized::Model
@@ -11,3 +11,12 @@ index f602a36..3f3a0f9 100644
       send ' '
       data.sub re, ''
    end
+@@ -60,7 +60,7 @@ class PowerConnect < Oxidized::Model
+     skip_blocks = 0
+     cfg.each_line do |line|
+       # If this is a stackable switch we should skip this block of information
+-      if (line.match /Up\sTime|Temperature|Power Suppl(ies|y)|Fans/i and @stackable == true)
++      if (line.match /Up\sTime|Temperature|Power Suppl(ies|y)|Fans/i)
+         skip_blocks = 1
+         # Some switches have another empty line. This is identified by this line having a colon
+         skip_blocks = 2 if line.match /:/

From 1433ec60afd44fa4daa0805e0d9f689997392848 Mon Sep 17 00:00:00 2001
From: Simon Lackerbauer <simon@lackerbauer.com>
Date: Thu, 3 May 2018 16:18:56 +0200
Subject: [PATCH 038/102] nixos/borgbackup: let borg write to disk and see
 /tmp, add extraArgs

---
 nixos/modules/services/backup/borgbackup.nix | 48 +++++++++++++++++---
 1 file changed, 42 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix
index 1b730e0c2b76..1e019827dfea 100644
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@@ -35,25 +35,26 @@ let
     ${cfg.preHook}
   '' + optionalString cfg.doInit ''
     # Run borg init if the repo doesn't exist yet
-    if ! borg list > /dev/null; then
-      borg init \
+    if ! borg list ${cfg.extraArgs} > /dev/null; then
+      borg init ${cfg.extraArgs} \
         --encryption ${cfg.encryption.mode} \
         $extraInitArgs
       ${cfg.postInit}
     fi
   '' + ''
-    borg create \
+    borg create ${cfg.extraArgs} \
       --compression ${cfg.compression} \
       --exclude-from ${mkExcludeFile cfg} \
       $extraCreateArgs \
       "::$archiveName$archiveSuffix" \
       ${escapeShellArgs cfg.paths}
   '' + optionalString cfg.appendFailedSuffix ''
-    borg rename "::$archiveName$archiveSuffix" "$archiveName"
+    borg rename ${cfg.extraArgs} \
+      "::$archiveName$archiveSuffix" "$archiveName"
   '' + ''
     ${cfg.postCreate}
   '' + optionalString (cfg.prune.keep != { }) ''
-    borg prune \
+    borg prune ${cfg.extraArgs} \
       ${mkKeepArgs cfg} \
       --prefix ${escapeShellArg cfg.prune.prefix} \
       $extraPruneArgs
@@ -85,9 +86,10 @@ let
         ProtectSystem = "strict";
         ReadWritePaths =
           [ "${userHome}/.config/borg" "${userHome}/.cache/borg" ]
+          ++ cfg.readWritePaths
           # Borg needs write access to repo if it is not remote
           ++ optional (isLocalPath cfg.repo) cfg.repo;
-        PrivateTmp = true;
+        PrivateTmp = cfg.privateTmp;
       };
       environment = {
         BORG_REPO = cfg.repo;
@@ -318,6 +320,30 @@ in {
             ];
           };
 
+          readWritePaths = mkOption {
+            type = with types; listOf path;
+            description = ''
+              By default, borg cannot write anywhere on the system but
+              <literal>$HOME/.config/borg</literal> and <literal>$HOME/.cache/borg</literal>.
+              If, for example, your preHook script needs to dump files
+              somewhere, put those directories here.
+            '';
+            default = [ ];
+            example = [
+              "/var/backup/mysqldump"
+            ];
+          };
+
+          privateTmp = mkOption {
+            type = types.bool;
+            description = ''
+              Set the <literal>PrivateTmp</literal> option for
+              the systemd-service. Set to false if you need sockets
+              or other files from global /tmp.
+            '';
+            default = true;
+          };
+
           doInit = mkOption {
             type = types.bool;
             description = ''
@@ -430,6 +456,16 @@ in {
             default = "";
           };
 
+          extraArgs = mkOption {
+            type = types.str;
+            description = ''
+              Additional arguments for all <command>borg</command> calls the
+              service has. Handle with care.
+            '';
+            default = "";
+            example = "--remote-path=borg1";
+          };
+
           extraInitArgs = mkOption {
             type = types.str;
             description = ''

From abf36cfaed57111ff9b5fe997c468c90e8fb31f7 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Wed, 23 May 2018 19:49:42 +0200
Subject: [PATCH 039/102] atlassian-jira: 7.9.0 -> 7.9.2

---
 pkgs/servers/atlassian/jira.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/atlassian/jira.nix b/pkgs/servers/atlassian/jira.nix
index fd34c1f43859..01eb808c1082 100644
--- a/pkgs/servers/atlassian/jira.nix
+++ b/pkgs/servers/atlassian/jira.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   name = "atlassian-jira-${version}";
-  version = "7.9.0";
+  version = "7.9.2";
 
   src = fetchurl {
     url = "https://downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-${version}.tar.gz";
-    sha256 = "1xj04a78dhjzb2ms875lfg5s3qc8rw31fws92yhmbs0k1866g33b";
+    sha256 = "05976h6033v2w7d05qnigxmsrm33bg7gmgyzpvis8910fkxrhvhh";
   };
 
   phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];

From 6d941dfd85dc35e44547e0d59a5c7420eb8fdae7 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Wed, 23 May 2018 22:22:32 +0200
Subject: [PATCH 040/102] gitaly: 0.95.0 -> 0.100.0

---
 .../version-management/gitaly/Gemfile         |  8 +--
 .../version-management/gitaly/Gemfile.lock    | 40 ++++++-------
 .../version-management/gitaly/default.nix     |  4 +-
 .../version-management/gitaly/gemset.nix      | 56 +++++++++----------
 4 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/pkgs/applications/version-management/gitaly/Gemfile b/pkgs/applications/version-management/gitaly/Gemfile
index b300f27918c5..fd8e6b40225b 100644
--- a/pkgs/applications/version-management/gitaly/Gemfile
+++ b/pkgs/applications/version-management/gitaly/Gemfile
@@ -3,17 +3,17 @@ source 'https://rubygems.org'
 gem 'rugged', '~> 0.27.0'
 gem 'github-linguist', '~> 5.3.3', require: 'linguist'
 gem 'gitlab-markup', '~> 1.6.2'
-gem 'gitaly-proto', '~> 0.95.0', require: 'gitaly'
+gem 'gitaly-proto', '~> 0.99.0', require: 'gitaly'
 gem 'activesupport', '~> 5.0.2'
 gem 'rdoc', '~> 4.2'
-gem 'gollum-lib', '~> 4.2', require: false
-gem 'gollum-rugged_adapter', '~> 0.4.4', require: false
+gem 'gitlab-gollum-lib', '~> 4.2', require: false
+gem 'gitlab-gollum-rugged_adapter', '~> 0.4.4', require: false
 gem 'grpc', '~> 1.10.0'
 gem 'sentry-raven', '~> 2.7.2', require: false
 
 # Detects the open source license the repository includes
 # This version needs to be in sync with GitLab CE/EE
-gem 'licensee', '~> 8.7.0'
+gem 'licensee', '~> 8.9.0'
 
 # Locked until https://github.com/google/protobuf/issues/4210 is closed
 gem 'google-protobuf', '= 3.5.1'
diff --git a/pkgs/applications/version-management/gitaly/Gemfile.lock b/pkgs/applications/version-management/gitaly/Gemfile.lock
index 2687952c805b..fb63553221dc 100644
--- a/pkgs/applications/version-management/gitaly/Gemfile.lock
+++ b/pkgs/applications/version-management/gitaly/Gemfile.lock
@@ -17,7 +17,7 @@ GEM
       multipart-post (>= 1.2, < 3)
     gemojione (3.3.0)
       json
-    gitaly-proto (0.95.0)
+    gitaly-proto (0.99.0)
       google-protobuf (~> 3.1)
       grpc (~> 1.10)
     github-linguist (5.3.3)
@@ -25,7 +25,18 @@ GEM
       escape_utils (~> 1.1.0)
       mime-types (>= 1.19)
       rugged (>= 0.25.1)
-    github-markup (1.6.1)
+    github-markup (1.7.0)
+    gitlab-gollum-lib (4.2.7.1)
+      gemojione (~> 3.2)
+      github-markup (~> 1.6)
+      gollum-grit_adapter (~> 1.0)
+      nokogiri (>= 1.6.1, < 2.0)
+      rouge (~> 2.1)
+      sanitize (~> 2.1)
+      stringex (~> 2.6)
+    gitlab-gollum-rugged_adapter (0.4.4)
+      mime-types (>= 1.15)
+      rugged (~> 0.25)
     gitlab-grit (2.8.2)
       charlock_holmes (~> 0.6)
       diff-lcs (~> 1.1)
@@ -38,17 +49,6 @@ GEM
       rubocop-rspec (~> 1.15)
     gollum-grit_adapter (1.0.1)
       gitlab-grit (~> 2.7, >= 2.7.1)
-    gollum-lib (4.2.7)
-      gemojione (~> 3.2)
-      github-markup (~> 1.6)
-      gollum-grit_adapter (~> 1.0)
-      nokogiri (>= 1.6.1, < 2.0)
-      rouge (~> 2.1)
-      sanitize (~> 2.1)
-      stringex (~> 2.6)
-    gollum-rugged_adapter (0.4.4)
-      mime-types (>= 1.15)
-      rugged (~> 0.25)
     google-protobuf (3.5.1)
     googleapis-common-protos-types (1.0.1)
       google-protobuf (~> 3.0)
@@ -67,7 +67,7 @@ GEM
     i18n (0.8.1)
     json (2.1.0)
     jwt (2.1.0)
-    licensee (8.7.0)
+    licensee (8.9.2)
       rugged (~> 0.24)
     little-plugger (1.1.4)
     logging (2.2.2)
@@ -81,7 +81,7 @@ GEM
     minitest (5.9.1)
     multi_json (1.13.1)
     multipart-post (2.0.0)
-    nokogiri (1.8.1)
+    nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
     os (0.9.6)
     parallel (1.12.0)
@@ -130,7 +130,7 @@ GEM
       faraday (~> 0.9)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
-    stringex (2.7.1)
+    stringex (2.8.4)
     thread_safe (0.3.6)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
@@ -141,15 +141,15 @@ PLATFORMS
 
 DEPENDENCIES
   activesupport (~> 5.0.2)
-  gitaly-proto (~> 0.95.0)
+  gitaly-proto (~> 0.99.0)
   github-linguist (~> 5.3.3)
+  gitlab-gollum-lib (~> 4.2)
+  gitlab-gollum-rugged_adapter (~> 0.4.4)
   gitlab-markup (~> 1.6.2)
   gitlab-styles (~> 2.0.0)
-  gollum-lib (~> 4.2)
-  gollum-rugged_adapter (~> 0.4.4)
   google-protobuf (= 3.5.1)
   grpc (~> 1.10.0)
-  licensee (~> 8.7.0)
+  licensee (~> 8.9.0)
   rdoc (~> 4.2)
   rspec
   rugged (~> 0.27.0)
diff --git a/pkgs/applications/version-management/gitaly/default.nix b/pkgs/applications/version-management/gitaly/default.nix
index 32884d0a1cc5..375e7ad001d1 100644
--- a/pkgs/applications/version-management/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitaly/default.nix
@@ -7,14 +7,14 @@ let
     gemdir = ./.;
   };
 in buildGoPackage rec {
-  version = "0.95.0";
+  version = "0.100.0";
   name = "gitaly-${version}";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitaly";
     rev = "v${version}";
-    sha256 = "0kadld8372vj0nm692mcn8j4ngph5gzzrzp8dmb4g26h10nq9k6a";
+    sha256 = "0lnyk3abk1jxhii4cx009w11fm082c3va0nnnnycghrmfkv2r1rs";
   };
 
   goPackagePath = "gitlab.com/gitlab-org/gitaly";
diff --git a/pkgs/applications/version-management/gitaly/gemset.nix b/pkgs/applications/version-management/gitaly/gemset.nix
index 9e6f01e3679d..bd192d0b2e43 100644
--- a/pkgs/applications/version-management/gitaly/gemset.nix
+++ b/pkgs/applications/version-management/gitaly/gemset.nix
@@ -79,10 +79,10 @@
     dependencies = ["google-protobuf" "grpc"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0xwgi3902c89kx0fa176wz289nh67qm9bmx0yykrg5xx1lwk8a2j";
+      sha256 = "1y5sn60h71ssxmc8br32fqhgmfqxgrmdlg4vya8dyy37ai20f85z";
       type = "gem";
     };
-    version = "0.95.0";
+    version = "0.99.0";
   };
   github-linguist = {
     dependencies = ["charlock_holmes" "escape_utils" "mime-types" "rugged"];
@@ -96,10 +96,28 @@
   github-markup = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1nyb9ck2c9z5qi86n7r52w0m126qpnvc93yh35cn8bwsnkjqx0iq";
+      sha256 = "17g6g18gdjg63k75sfwiskjzl9i0hfcnrkcpb4fwrnb20v3jgswp";
       type = "gem";
     };
-    version = "1.6.1";
+    version = "1.7.0";
+  };
+  gitlab-gollum-lib = {
+    dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0lk5ly17a40xjz8b7l05b4hkrlnq8vawjy4szxl5w0hkaa24m97s";
+      type = "gem";
+    };
+    version = "4.2.7.1";
+  };
+  gitlab-gollum-rugged_adapter = {
+    dependencies = ["mime-types" "rugged"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0zk89c2ljv9skcxzwnr84rqxv3iam30n5liv5r8hgl0l67qbg1mg";
+      type = "gem";
+    };
+    version = "0.4.4";
   };
   gitlab-grit = {
     dependencies = ["charlock_holmes" "diff-lcs" "mime-types" "posix-spawn"];
@@ -136,24 +154,6 @@
     };
     version = "1.0.1";
   };
-  gollum-lib = {
-    dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1filwvjfj5q2m6w4q274ai36d6f0mrsv2l2khhk4bv1q6pqby2fq";
-      type = "gem";
-    };
-    version = "4.2.7";
-  };
-  gollum-rugged_adapter = {
-    dependencies = ["mime-types" "rugged"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0khfmakp65frlaj7ajs6ihqg4xi7yc9z96kpsf1b7giqi3fqhhv4";
-      type = "gem";
-    };
-    version = "0.4.4";
-  };
   google-protobuf = {
     source = {
       remotes = ["https://rubygems.org"];
@@ -217,10 +217,10 @@
     dependencies = ["rugged"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1nhj0vx30llqyb7q52bwmrgy9xpjk3q48k98h0dvq83ym4v216a2";
+      sha256 = "0w6d2smhg3kzcx4m2ii06akakypwhiglansk51bpx290hhc8h3pc";
       type = "gem";
     };
-    version = "8.7.0";
+    version = "8.9.2";
   };
   little-plugger = {
     source = {
@@ -300,10 +300,10 @@
     dependencies = ["mini_portile2"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "105xh2zkr8nsyfaj2izaisarpnkrrl9000y3nyflg9cbzrfxv021";
+      sha256 = "05fm3xh462glvs0rwnfmc1spmgl4ljg2giifynbmwwqvl42zaaiq";
       type = "gem";
     };
-    version = "1.8.1";
+    version = "1.8.2";
   };
   os = {
     source = {
@@ -504,10 +504,10 @@
   stringex = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1zc93v00av643lc6njl09wwki7h5yqayhh1din8zqfylw814l1dv";
+      sha256 = "0c5dfrjzkskzfsdvwsviq4111rwwpbk9022nxwdidz014mky5vi1";
       type = "gem";
     };
-    version = "2.7.1";
+    version = "2.8.4";
   };
   thread_safe = {
     source = {

From 9a54f2a9b3743df1a184a6f0f518fb23e7a01505 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Wed, 23 May 2018 22:23:10 +0200
Subject: [PATCH 041/102] gitlab-workhorse: 4.1.0 -> 4.2.0

---
 .../version-management/gitlab-workhorse/default.nix           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/version-management/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab-workhorse/default.nix
index 05cf33d408a5..723d2faeb267 100644
--- a/pkgs/applications/version-management/gitlab-workhorse/default.nix
+++ b/pkgs/applications/version-management/gitlab-workhorse/default.nix
@@ -1,14 +1,14 @@
 { stdenv, fetchFromGitLab, git, go }:
 
 stdenv.mkDerivation rec {
-  version = "4.1.0";
+  version = "4.2.0";
   name = "gitlab-workhorse-${version}";
 
   srcs = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitlab-workhorse";
     rev = "v${version}";
-    sha256 = "1yqmkpszcan5cawkl9cxjngcyqlqg061ihk31isar9ifbhpv9yfv";
+    sha256 = "11n43mfp7a59iq8k7sh9bnww3bq56ml2p6752csclg77xii6dzyy";
   };
 
   buildInputs = [ git go ];

From f21ac1bf693ebbd5d630407cbcb398a72c1c132a Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Wed, 23 May 2018 22:23:48 +0200
Subject: [PATCH 042/102] gitlab: 10.7.0 -> 10.8.0

---
 .../version-management/gitlab/Gemfile         |  31 ++--
 .../version-management/gitlab/Gemfile.lock    | 105 +++++++------
 .../version-management/gitlab/default.nix     |   6 +-
 .../version-management/gitlab/gemset.nix      | 138 ++++++++----------
 4 files changed, 131 insertions(+), 149 deletions(-)

diff --git a/pkgs/applications/version-management/gitlab/Gemfile b/pkgs/applications/version-management/gitlab/Gemfile
index d85ee9886443..89febc9bc0c2 100644
--- a/pkgs/applications/version-management/gitlab/Gemfile
+++ b/pkgs/applications/version-management/gitlab/Gemfile
@@ -33,7 +33,7 @@ gem 'grape-route-helpers', '~> 2.1.0'
 gem 'faraday', '~> 0.12'
 
 # Authentication libraries
-gem 'devise', '~> 4.2'
+gem 'devise', '~> 4.4'
 gem 'doorkeeper', '~> 4.3'
 gem 'doorkeeper-openid_connect', '~> 1.3'
 gem 'omniauth', '~> 1.8'
@@ -41,7 +41,7 @@ gem 'omniauth-auth0', '~> 2.0.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'
 gem 'omniauth-cas3', '~> 1.1.4'
 gem 'omniauth-facebook', '~> 4.0.0'
-gem 'omniauth-github', '~> 1.1.1'
+gem 'omniauth-github', '~> 1.3'
 gem 'omniauth-gitlab', '~> 1.0.2'
 gem 'omniauth-google-oauth2', '~> 0.5.3'
 gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
@@ -51,7 +51,6 @@ gem 'omniauth-shibboleth', '~> 1.2.0'
 gem 'omniauth-twitter', '~> 1.4'
 gem 'omniauth_crowd', '~> 2.2.0'
 gem 'omniauth-authentiq', '~> 0.3.1'
-gem 'omniauth-jwt', '~> 0.0.2'
 gem 'rack-oauth2', '~> 1.2.1'
 gem 'jwt', '~> 1.5.6'
 
@@ -62,7 +61,7 @@ gem 'akismet', '~> 2.0'
 # Two-factor authentication
 gem 'devise-two-factor', '~> 3.0.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
-gem 'attr_encrypted', '~> 3.0.0'
+gem 'attr_encrypted', '~> 3.1.0'
 gem 'u2f', '~> 0.2.1'
 
 # GitLab Pages
@@ -82,23 +81,16 @@ gem 'net-ldap'
 
 # Git Wiki
 # Required manually in config/initializers/gollum.rb to control load order
-# Before updating this gem, check if
-# https://github.com/gollum/gollum-lib/pull/292 has been merged.
-# If it has, then remove the monkey patch for update_page, rename_page and raw_data_in_committer
-# in config/initializers/gollum.rb
-gem 'gollum-lib', '~> 4.2', require: false
+gem 'gitlab-gollum-lib', '~> 4.2', require: false
 
-# Before updating this gem, check if
-# https://github.com/gollum/rugged_adapter/pull/28 has been merged.
-# If it has, then remove the monkey patch for tree_entry in config/initializers/gollum.rb
-gem 'gollum-rugged_adapter', '~> 0.4.4', require: false
+gem 'gitlab-gollum-rugged_adapter', '~> 0.4.4', require: false
 
 # Language detection
 gem 'github-linguist', '~> 5.3.3', require: 'linguist'
 
 # API
 gem 'grape', '~> 1.0'
-gem 'grape-entity', '~> 0.6.0'
+gem 'grape-entity', '~> 0.7.1'
 gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
 
 # Disable strong_params so that Mash does not respond to :permitted?
@@ -147,7 +139,7 @@ gem 'creole', '~> 0.5.0'
 gem 'wikicloth', '0.8.1'
 gem 'asciidoctor', '~> 1.5.6'
 gem 'asciidoctor-plantuml', '0.0.8'
-gem 'rouge', '~> 2.0'
+gem 'rouge', '~> 3.1'
 gem 'truncato', '~> 0.7.9'
 gem 'bootstrap_form', '~> 2.7.0'
 gem 'nokogiri', '~> 1.8.2'
@@ -192,6 +184,9 @@ gem 're2', '~> 1.1.1'
 
 gem 'version_sorter', '~> 2.1.0'
 
+# User agent parsing
+gem 'device_detector'
+
 # Cache
 gem 'redis-rails', '~> 5.0.2'
 
@@ -290,7 +285,6 @@ gem 'batch-loader', '~> 1.2.1'
 gem 'peek', '~> 1.0.1'
 gem 'peek-gc', '~> 0.0.2'
 gem 'peek-mysql2', '~> 1.1.0', group: :mysql
-gem 'peek-performance_bar', '~> 1.3.0'
 gem 'peek-pg', '~> 1.3.0', group: :postgres
 gem 'peek-rblineprof', '~> 0.2.0'
 gem 'peek-redis', '~> 1.2.0'
@@ -384,6 +378,7 @@ group :test do
   gem 'email_spec', '~> 1.6.0'
   gem 'json-schema', '~> 2.8.0'
   gem 'webmock', '~> 2.3.2'
+  gem 'rails-controller-testing' if rails5? # Rails5 only gem.
   gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0.
   gem 'sham_rack', '~> 1.3.6'
   gem 'concurrent-ruby', '~> 1.0.5'
@@ -421,8 +416,8 @@ group :ed25519 do
 end
 
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 0.94.0', require: 'gitaly'
-gem 'grpc', '~> 1.10.0'
+gem 'gitaly-proto', '~> 0.99.0', require: 'gitaly'
+gem 'grpc', '~> 1.11.0'
 
 # Locked until https://github.com/google/protobuf/issues/4210 is closed
 gem 'google-protobuf', '= 3.5.1'
diff --git a/pkgs/applications/version-management/gitlab/Gemfile.lock b/pkgs/applications/version-management/gitlab/Gemfile.lock
index a1150dfccdd2..2a63ee6a5328 100644
--- a/pkgs/applications/version-management/gitlab/Gemfile.lock
+++ b/pkgs/applications/version-management/gitlab/Gemfile.lock
@@ -66,7 +66,7 @@ GEM
       unf
     ast (2.4.0)
     atomic (1.1.99)
-    attr_encrypted (3.0.3)
+    attr_encrypted (3.1.0)
       encryptor (~> 3.0.0)
     attr_required (1.0.0)
     autoprefixer-rails (6.2.3)
@@ -143,7 +143,7 @@ GEM
     connection_pool (2.2.1)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.3)
+    crass (1.0.4)
     creole (0.5.0)
     css_parser (1.5.0)
       addressable
@@ -161,10 +161,11 @@ GEM
       activerecord (>= 3.2.0, < 5.1)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.2.0)
+    device_detector (1.0.0)
+    devise (4.4.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 5.1)
+      railties (>= 4.1.0, < 6.0)
       responders
       warden (~> 1.2.3)
     devise-two-factor (3.0.0)
@@ -178,7 +179,7 @@ GEM
     docile (1.1.5)
     domain_name (0.5.20170404)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (4.3.1)
+    doorkeeper (4.3.2)
       railties (>= 4.2)
     doorkeeper-openid_connect (1.3.0)
       doorkeeper (~> 4.3)
@@ -206,7 +207,7 @@ GEM
       railties (>= 3.0.0)
     faraday (0.12.2)
       multipart-post (>= 1.2, < 3)
-    faraday_middleware (0.11.0.1)
+    faraday_middleware (0.12.2)
       faraday (>= 0.7.4, < 1.0)
     faraday_middleware-multi_json (0.0.6)
       faraday_middleware
@@ -290,19 +291,30 @@ GEM
       po_to_json (>= 1.0.0)
       rails (>= 3.2.0)
     gherkin-ruby (0.3.2)
-    gitaly-proto (0.94.0)
+    gitaly-proto (0.99.0)
       google-protobuf (~> 3.1)
-      grpc (~> 1.0)
+      grpc (~> 1.10)
     github-linguist (5.3.3)
       charlock_holmes (~> 0.7.5)
       escape_utils (~> 1.1.0)
       mime-types (>= 1.19)
       rugged (>= 0.25.1)
-    github-markup (1.6.1)
+    github-markup (1.7.0)
     gitlab-flowdock-git-hook (1.0.1)
       flowdock (~> 0.7)
       gitlab-grit (>= 2.4.1)
       multi_json
+    gitlab-gollum-lib (4.2.7.2)
+      gemojione (~> 3.2)
+      github-markup (~> 1.6)
+      gollum-grit_adapter (~> 1.0)
+      nokogiri (>= 1.6.1, < 2.0)
+      rouge (~> 3.1)
+      sanitize (~> 2.1)
+      stringex (~> 2.6)
+    gitlab-gollum-rugged_adapter (0.4.4)
+      mime-types (>= 1.15)
+      rugged (~> 0.25)
     gitlab-grit (2.8.2)
       charlock_holmes (~> 0.6)
       diff-lcs (~> 1.1)
@@ -322,17 +334,6 @@ GEM
       activesupport (>= 4.2.0)
     gollum-grit_adapter (1.0.1)
       gitlab-grit (~> 2.7, >= 2.7.1)
-    gollum-lib (4.2.7)
-      gemojione (~> 3.2)
-      github-markup (~> 1.6)
-      gollum-grit_adapter (~> 1.0)
-      nokogiri (>= 1.6.1, < 2.0)
-      rouge (~> 2.1)
-      sanitize (~> 2.1)
-      stringex (~> 2.6)
-    gollum-rugged_adapter (0.4.4)
-      mime-types (>= 1.15)
-      rugged (~> 0.25)
     gon (6.1.0)
       actionpack (>= 3.0)
       json
@@ -365,8 +366,8 @@ GEM
       rack (>= 1.3.0)
       rack-accept
       virtus (>= 1.0.0)
-    grape-entity (0.6.0)
-      activesupport
+    grape-entity (0.7.1)
+      activesupport (>= 4.0)
       multi_json (>= 1.3.2)
     grape-route-helpers (2.1.0)
       activesupport
@@ -374,7 +375,7 @@ GEM
       rake
     grape_logging (1.7.0)
       grape
-    grpc (1.10.0)
+    grpc (1.11.0)
       google-protobuf (~> 3.1)
       googleapis-common-protos-types (~> 1.0.0)
       googleauth (>= 0.5.1, < 0.7)
@@ -483,10 +484,11 @@ GEM
     logging (2.2.2)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
-    lograge (0.5.1)
-      actionpack (>= 4, < 5.2)
-      activesupport (>= 4, < 5.2)
-      railties (>= 4, < 5.2)
+    lograge (0.10.0)
+      actionpack (>= 4)
+      activesupport (>= 4)
+      railties (>= 4)
+      request_store (~> 1.0)
     loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -544,9 +546,9 @@ GEM
       omniauth (~> 1.2)
     omniauth-facebook (4.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-github (1.1.2)
-      omniauth (~> 1.0)
-      omniauth-oauth2 (~> 1.1)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
     omniauth-gitlab (1.0.2)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.0)
@@ -554,9 +556,6 @@ GEM
       jwt (>= 1.5)
       omniauth (>= 1.1.1)
       omniauth-oauth2 (>= 1.5)
-    omniauth-jwt (0.0.2)
-      jwt
-      omniauth (~> 1.1)
     omniauth-kerberos (0.3.0)
       omniauth-multipassword
       timfel-krb5-auth (~> 0.8)
@@ -587,7 +586,7 @@ GEM
     orm_adapter (0.5.0)
     os (0.9.6)
     parallel (1.12.1)
-    parser (2.5.0.5)
+    parser (2.5.1.0)
       ast (~> 2.4.0)
     parslet (1.5.0)
       blankslate (~> 2.0)
@@ -602,8 +601,6 @@ GEM
       atomic (>= 1.0.0)
       mysql2
       peek
-    peek-performance_bar (1.3.1)
-      peek (>= 0.1.0)
     peek-pg (1.3.0)
       concurrent-ruby
       concurrent-ruby-ext
@@ -649,7 +646,7 @@ GEM
       pry (>= 0.9.10)
     public_suffix (3.0.2)
     pyu-ruby-sasl (0.0.3.3)
-    rack (1.6.9)
+    rack (1.6.10)
     rack-accept (0.4.5)
       rack (>= 0.4)
     rack-attack (4.4.1)
@@ -697,7 +694,7 @@ GEM
     rainbow (2.2.2)
       rake
     raindrops (0.18.0)
-    rake (12.3.0)
+    rake (12.3.1)
     rb-fsevent (0.10.2)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
@@ -738,8 +735,9 @@ GEM
       declarative-option (< 0.2.0)
       uber (< 0.2.0)
     request_store (1.3.1)
-    responders (2.3.0)
-      railties (>= 4.2.0, < 5.1)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
     rest-client (2.0.2)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
@@ -747,7 +745,7 @@ GEM
     retriable (3.1.1)
     rinku (2.0.0)
     rotp (2.1.2)
-    rouge (2.2.1)
+    rouge (3.1.1)
     rqrcode (0.7.0)
       chunky_png
     rqrcode-rails3 (0.1.7)
@@ -907,7 +905,7 @@ GEM
     state_machines-activerecord (0.5.1)
       activerecord (>= 4.1, < 6.0)
       state_machines-activemodel (>= 0.5.0)
-    stringex (2.7.1)
+    stringex (2.8.4)
     sys-filesystem (1.1.6)
       ffi
     sysexits (1.2.0)
@@ -969,7 +967,7 @@ GEM
       descendants_tracker (~> 0.0, >= 0.0.3)
       equalizer (~> 0.0, >= 0.0.9)
     vmstat (2.3.0)
-    warden (1.2.6)
+    warden (1.2.7)
       rack (>= 1.0)
     webmock (2.3.2)
       addressable (>= 2.3.6)
@@ -1001,7 +999,7 @@ DEPENDENCIES
   asciidoctor (~> 1.5.6)
   asciidoctor-plantuml (= 0.0.8)
   asset_sync (~> 2.2.0)
-  attr_encrypted (~> 3.0.0)
+  attr_encrypted (~> 3.1.0)
   awesome_print (~> 1.2.0)
   babosa (~> 1.0.2)
   base32 (~> 0.3.0)
@@ -1030,7 +1028,8 @@ DEPENDENCIES
   database_cleaner (~> 1.5.0)
   deckar01-task_list (= 2.0.0)
   default_value_for (~> 3.0.0)
-  devise (~> 4.2)
+  device_detector
+  devise (~> 4.4)
   devise-two-factor (~> 3.0.0)
   diffy (~> 3.1.0)
   doorkeeper (~> 4.3)
@@ -1061,23 +1060,23 @@ DEPENDENCIES
   gettext (~> 3.2.2)
   gettext_i18n_rails (~> 1.8.0)
   gettext_i18n_rails_js (~> 1.3)
-  gitaly-proto (~> 0.94.0)
+  gitaly-proto (~> 0.99.0)
   github-linguist (~> 5.3.3)
   gitlab-flowdock-git-hook (~> 1.0.1)
+  gitlab-gollum-lib (~> 4.2)
+  gitlab-gollum-rugged_adapter (~> 0.4.4)
   gitlab-markup (~> 1.6.2)
   gitlab-styles (~> 2.3)
   gitlab_omniauth-ldap (~> 2.0.4)
-  gollum-lib (~> 4.2)
-  gollum-rugged_adapter (~> 0.4.4)
   gon (~> 6.1.0)
   google-api-client (~> 0.19.8)
   google-protobuf (= 3.5.1)
   gpgme
   grape (~> 1.0)
-  grape-entity (~> 0.6.0)
+  grape-entity (~> 0.7.1)
   grape-route-helpers (~> 2.1.0)
   grape_logging (~> 1.7)
-  grpc (~> 1.10.0)
+  grpc (~> 1.11.0)
   haml_lint (~> 0.26.0)
   hamlit (~> 2.6.1)
   hashie-forbidden_attributes
@@ -1115,10 +1114,9 @@ DEPENDENCIES
   omniauth-azure-oauth2 (~> 0.0.9)
   omniauth-cas3 (~> 1.1.4)
   omniauth-facebook (~> 4.0.0)
-  omniauth-github (~> 1.1.1)
+  omniauth-github (~> 1.3)
   omniauth-gitlab (~> 1.0.2)
   omniauth-google-oauth2 (~> 0.5.3)
-  omniauth-jwt (~> 0.0.2)
   omniauth-kerberos (~> 0.3.0)
   omniauth-oauth2-generic (~> 0.2.2)
   omniauth-saml (~> 1.10)
@@ -1129,7 +1127,6 @@ DEPENDENCIES
   peek (~> 1.0.1)
   peek-gc (~> 0.0.2)
   peek-mysql2 (~> 1.1.0)
-  peek-performance_bar (~> 1.3.0)
   peek-pg (~> 1.3.0)
   peek-rblineprof (~> 0.2.0)
   peek-redis (~> 1.2.0)
@@ -1160,7 +1157,7 @@ DEPENDENCIES
   redis-rails (~> 5.0.2)
   request_store (~> 1.3)
   responders (~> 2.0)
-  rouge (~> 2.0)
+  rouge (~> 3.1)
   rqrcode-rails3 (~> 0.1.7)
   rspec-parameterized
   rspec-rails (~> 3.6.0)
diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix
index 8564e4af91b1..87e4aff28c37 100644
--- a/pkgs/applications/version-management/gitlab/default.nix
+++ b/pkgs/applications/version-management/gitlab/default.nix
@@ -16,11 +16,11 @@ let
     };
   };
 
-  version = "10.7.0";
+  version = "10.8.0";
 
   gitlabDeb = fetchurl {
     url = "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/jessie/gitlab-ce_${version}-ce.0_amd64.deb/download";
-    sha256 = "0dngh6gj8kkfcxn6ki9i96jg4x1x0vq3zzdimxz31g3j2zpd0ryz";
+    sha256 = "0j5jrlwfpgwfirjnqb9w4snl9w213kdxb1ajyrla211q603d4j34";
   };
 
 in
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
     owner = "gitlabhq";
     repo = "gitlabhq";
     rev = "v${version}";
-    sha256 = "010xhzrp6svp2a4xzmzwl4x3hk9wc1frqr66lp8x58nfmvr8hdrg";
+    sha256 = "1idvi27xpghvvb3sv62afhcnnswvjlrbg5lld79a761kd4187cym";
   };
 
   buildInputs = [
diff --git a/pkgs/applications/version-management/gitlab/gemset.nix b/pkgs/applications/version-management/gitlab/gemset.nix
index d14a963a8c07..57c274566166 100644
--- a/pkgs/applications/version-management/gitlab/gemset.nix
+++ b/pkgs/applications/version-management/gitlab/gemset.nix
@@ -201,10 +201,10 @@
     dependencies = ["encryptor"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1dikbf55wjqyzfb9p4xjkkkajwan569pmzljdf9c1fy4a94cd13d";
+      sha256 = "0ncv2az1zlj33bsllr6q1qdvbw42gv91lxq0ryclbv8l8xh841jg";
       type = "gem";
     };
-    version = "3.0.3";
+    version = "3.1.0";
   };
   attr_required = {
     source = {
@@ -554,10 +554,10 @@
   crass = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1czijxlagzpzwchr2ldrgfi7kywg08idjpq37ndcmwh4fmz72c4l";
+      sha256 = "0bpxzy6gjw9ggjynlxschbfsgmx8lv3zw1azkjvnb8b9i895dqfi";
       type = "gem";
     };
-    version = "1.0.3";
+    version = "1.0.4";
   };
   creole = {
     source = {
@@ -660,14 +660,22 @@
     };
     version = "0.0.4";
   };
+  device_detector = {
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0zbsjj1bgwmsiqiw6x5fzbzp25xc10c02s37ggl2635ha0qzn05q";
+      type = "gem";
+    };
+    version = "1.0.0";
+  };
   devise = {
     dependencies = ["bcrypt" "orm_adapter" "railties" "responders" "warden"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "045qw3186gkcm38wjbjhb7w2zycbqj85wfb1cdwvkqk8hf1a7dp0";
+      sha256 = "1xmxfhym0yxwb0zwmmzhdiykbpyqqm3id02g7rf3vcgbc1lqvdnj";
       type = "gem";
     };
-    version = "4.2.0";
+    version = "4.4.3";
   };
   devise-two-factor = {
     dependencies = ["activesupport" "attr_encrypted" "devise" "railties" "rotp"];
@@ -715,10 +723,10 @@
     dependencies = ["railties"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1yjbmkhpj25h6n5hi382gxna1303crr4v57w1ic23n0w8ll6jh0z";
+      sha256 = "022r03i830b2lvmr0xzlj6ivlvc1zr64hy4a4bsy3flv94da77rz";
       type = "gem";
     };
-    version = "4.3.1";
+    version = "4.3.2";
   };
   doorkeeper-openid_connect = {
     dependencies = ["doorkeeper" "json-jwt"];
@@ -859,10 +867,10 @@
     dependencies = ["faraday"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0bcarc90brm1y68bl957w483bddsy9idj2gghqnysk6bbxpsvm00";
+      sha256 = "1p7icfl28nvl8qqdsngryz1snqic9l8x6bk0dxd7ygn230y0k41d";
       type = "gem";
     };
-    version = "0.11.0.1";
+    version = "0.12.2";
   };
   faraday_middleware-multi_json = {
     dependencies = ["faraday_middleware" "multi_json"];
@@ -1130,10 +1138,10 @@
     dependencies = ["google-protobuf" "grpc"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1rnfswh0jpsiyzvsac7kwk9rpbpf4fcz9p2i8pamqamm3skgd4i6";
+      sha256 = "1y5sn60h71ssxmc8br32fqhgmfqxgrmdlg4vya8dyy37ai20f85z";
       type = "gem";
     };
-    version = "0.94.0";
+    version = "0.99.0";
   };
   github-linguist = {
     dependencies = ["charlock_holmes" "escape_utils" "mime-types" "rugged"];
@@ -1147,10 +1155,10 @@
   github-markup = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1nyb9ck2c9z5qi86n7r52w0m126qpnvc93yh35cn8bwsnkjqx0iq";
+      sha256 = "17g6g18gdjg63k75sfwiskjzl9i0hfcnrkcpb4fwrnb20v3jgswp";
       type = "gem";
     };
-    version = "1.6.1";
+    version = "1.7.0";
   };
   gitlab-flowdock-git-hook = {
     dependencies = ["flowdock" "gitlab-grit" "multi_json"];
@@ -1161,6 +1169,24 @@
     };
     version = "1.0.1";
   };
+  gitlab-gollum-lib = {
+    dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "1a1dv8n33pj2il07c8z7gz5542iby0z2qwymv8yj1kcn4avs4dxv";
+      type = "gem";
+    };
+    version = "4.2.7.2";
+  };
+  gitlab-gollum-rugged_adapter = {
+    dependencies = ["mime-types" "rugged"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0zk89c2ljv9skcxzwnr84rqxv3iam30n5liv5r8hgl0l67qbg1mg";
+      type = "gem";
+    };
+    version = "0.4.4";
+  };
   gitlab-grit = {
     dependencies = ["charlock_holmes" "diff-lcs" "mime-types" "posix-spawn"];
     source = {
@@ -1214,24 +1240,6 @@
     };
     version = "1.0.1";
   };
-  gollum-lib = {
-    dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1filwvjfj5q2m6w4q274ai36d6f0mrsv2l2khhk4bv1q6pqby2fq";
-      type = "gem";
-    };
-    version = "4.2.7";
-  };
-  gollum-rugged_adapter = {
-    dependencies = ["mime-types" "rugged"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0khfmakp65frlaj7ajs6ihqg4xi7yc9z96kpsf1b7giqi3fqhhv4";
-      type = "gem";
-    };
-    version = "0.4.4";
-  };
   gon = {
     dependencies = ["actionpack" "json" "multi_json" "request_store"];
     source = {
@@ -1298,10 +1306,10 @@
     dependencies = ["activesupport" "multi_json"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "18jhjn1164z68xrjz23wf3qha3x9az086dr7p6405jv6rszyxihq";
+      sha256 = "1w78wylkhdkc0s6n6d20hggbb3pl3ladzzd5lx6ack2iswybx7b9";
       type = "gem";
     };
-    version = "0.6.0";
+    version = "0.7.1";
   };
   grape-route-helpers = {
     dependencies = ["activesupport" "grape" "rake"];
@@ -1325,10 +1333,10 @@
     dependencies = ["google-protobuf" "googleapis-common-protos-types" "googleauth"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "17wvqhjmldxph4li402rvfbyzi5455lzmfr2y19kq9ghrzjyad82";
+      sha256 = "1is4czi3i7y6zyxzyrpsma1z91axmc0jz2ngr6ckixqd3629npkz";
       type = "gem";
     };
-    version = "1.10.0";
+    version = "1.11.0";
   };
   haml = {
     dependencies = ["tilt"];
@@ -1694,13 +1702,13 @@
     version = "2.2.2";
   };
   lograge = {
-    dependencies = ["actionpack" "activesupport" "railties"];
+    dependencies = ["actionpack" "activesupport" "railties" "request_store"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1n08i1m4bn28vrc6gd642wzbyk2cdwahgcysd7pc2c7zd1ipqh0p";
+      sha256 = "00lcn7s3slfn32di4qwlx2yj5f9r2pcnd0naxrvqqwypcg1z2sdd";
       type = "gem";
     };
-    version = "0.5.1";
+    version = "0.10.0";
   };
   loofah = {
     dependencies = ["crass" "nokogiri"];
@@ -1984,10 +1992,10 @@
     dependencies = ["omniauth" "omniauth-oauth2"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1mbx3c8m1llhdxrqdciq8jh428bxj1nvf4yhziv2xqmqpjcqz617";
+      sha256 = "0yg7k4p95ybcsii17spqarl8rpfzkq0kb19ab6wl4lc922zgfbqc";
       type = "gem";
     };
-    version = "1.1.2";
+    version = "1.3.0";
   };
   omniauth-gitlab = {
     dependencies = ["omniauth" "omniauth-oauth2"];
@@ -2007,15 +2015,6 @@
     };
     version = "0.5.3";
   };
-  omniauth-jwt = {
-    dependencies = ["jwt" "omniauth"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0qxr95z5p7fs13mg04zp76ldplgk6n8fkwbn17mlzlry1ihcrgxr";
-      type = "gem";
-    };
-    version = "0.0.2";
-  };
   omniauth-kerberos = {
     dependencies = ["omniauth-multipassword" "timfel-krb5-auth"];
     source = {
@@ -2134,10 +2133,10 @@
     dependencies = ["ast"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1sj8dlqs5l2pa5y2412r4d5fi7qvf26n8vpciz7k9fy0ch327gdc";
+      sha256 = "1af7aa1c2npi8dkshgm3f8qyacabm94ckrdz7b8vd3f8zzswqzp9";
       type = "gem";
     };
-    version = "2.5.0.5";
+    version = "2.5.1.0";
   };
   parslet = {
     dependencies = ["blankslate"];
@@ -2183,15 +2182,6 @@
     };
     version = "1.1.0";
   };
-  peek-performance_bar = {
-    dependencies = ["peek"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1a0ly4p8xnrb3pnf273qq2d5bm2w19p829n4n2730rijd42pa2n4";
-      type = "gem";
-    };
-    version = "1.3.1";
-  };
   peek-pg = {
     dependencies = ["concurrent-ruby" "concurrent-ruby-ext" "peek" "pg"];
     source = {
@@ -2350,10 +2340,10 @@
   rack = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "03w1ri5l91q800f1bdcdl5rbagy7s4kml136b42s2lmxmznxhr07";
+      sha256 = "0in0amn0kwvzmi8h5zg6ijrx5wpsf8h96zrfmnk1kwh2ql4sxs2q";
       type = "gem";
     };
-    version = "1.6.9";
+    version = "1.6.10";
   };
   rack-accept = {
     dependencies = ["rack"];
@@ -2491,10 +2481,10 @@
   rake = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "190p7cs8zdn07mjj6xwwsdna3g0r98zs4crz7jh2j2q5b0nbxgjf";
+      sha256 = "1idi53jay34ba9j68c3mfr9wwkg3cd9qh0fn9cg42hv72c6q8dyg";
       type = "gem";
     };
-    version = "12.3.0";
+    version = "12.3.1";
   };
   rb-fsevent = {
     source = {
@@ -2670,13 +2660,13 @@
     version = "1.3.1";
   };
   responders = {
-    dependencies = ["railties"];
+    dependencies = ["actionpack" "railties"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "16h343srb6msivc2mpm1dbihsmniwvyc9jk3g4ip08g9fpmxfc2i";
+      sha256 = "1rhdyyvvm26f2l3fgwdp6xasfl2y0whwgy766bhdwz697mf78zfn";
       type = "gem";
     };
-    version = "2.3.0";
+    version = "2.4.0";
   };
   rest-client = {
     dependencies = ["http-cookie" "mime-types" "netrc"];
@@ -2714,10 +2704,10 @@
   rouge = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "02kpahk5nkc33yxnn75649kzxaz073wvazr2zyg491nndykgnvcs";
+      sha256 = "1sfhy0xxqjnzqa7qxmpz1bmy0mzcr55qyvi410gsb6d6i4ialbw3";
       type = "gem";
     };
-    version = "2.2.1";
+    version = "3.1.1";
   };
   rqrcode = {
     dependencies = ["chunky_png"];
@@ -3287,10 +3277,10 @@
   stringex = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1zc93v00av643lc6njl09wwki7h5yqayhh1din8zqfylw814l1dv";
+      sha256 = "0c5dfrjzkskzfsdvwsviq4111rwwpbk9022nxwdidz014mky5vi1";
       type = "gem";
     };
-    version = "2.7.1";
+    version = "2.8.4";
   };
   sys-filesystem = {
     dependencies = ["ffi"];
@@ -3558,10 +3548,10 @@
     dependencies = ["rack"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "04gpmnvkp312wxmsvvbq834iyab58vjmh6w4x4qpgh4p1lzkiq1l";
+      sha256 = "0va966lhpylcwbqb9n151kkihx30agh0a57mwjwdxyanll4s1q12";
       type = "gem";
     };
-    version = "1.2.6";
+    version = "1.2.7";
   };
   webmock = {
     dependencies = ["addressable" "crack" "hashdiff"];

From 53475653a50db721f7b131320eca52f94b5fd543 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Wed, 23 May 2018 22:24:24 +0200
Subject: [PATCH 043/102] gitlab module: update for 10.8

---
 nixos/modules/services/misc/gitlab.nix | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix
index be13fed860bd..e80abf96da48 100644
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@@ -129,6 +129,7 @@ let
         };
       };
       extra = {};
+      uploads.storage_path = cfg.statePath;
     };
   };
 
@@ -565,13 +566,9 @@ in {
 
         ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/config/gitlab_shell_secret
 
-        # The uploads directory is hardcoded somewhere deep in rails. It is
-        # symlinked in the gitlab package to /run/gitlab/uploads to make it
-        # configurable
         mkdir -p /run/gitlab
-        mkdir -p ${cfg.statePath}/{log,uploads}
+        mkdir -p ${cfg.statePath}/log
         ln -sf ${cfg.statePath}/log /run/gitlab/log
-        ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
         ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
         ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml
         chown -R ${cfg.user}:${cfg.group} /run/gitlab
@@ -587,6 +584,8 @@ in {
           ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
         ''}
         ln -sf ${cfg.statePath}/config /run/gitlab/config
+        rm ${cfg.statePath}/lib
+        ln -sf ${pkgs.gitlab}/share/gitlab/lib ${cfg.statePath}/lib
         cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
 
         # JSON is a subset of YAML
@@ -638,10 +637,6 @@ in {
         chmod -R ug+rwX,o-rwx ${cfg.statePath}/repositories
         chmod -R ug-s ${cfg.statePath}/repositories
         find ${cfg.statePath}/repositories -type d -print0 | xargs -0 chmod g+s
-        chmod 770 ${cfg.statePath}/uploads
-        chown -R ${cfg.user} ${cfg.statePath}/uploads
-        find ${cfg.statePath}/uploads -type f -exec chmod 0644 {} \;
-        find ${cfg.statePath}/uploads -type d -not -path ${cfg.statePath}/uploads -exec chmod 0770 {} \;
       '';
 
       serviceConfig = {

From de5205ae2dd7688a5a80c289bd5fac5f831ad585 Mon Sep 17 00:00:00 2001
From: WilliButz <wbutz@cyberfnord.de>
Date: Tue, 20 Mar 2018 19:42:00 +0100
Subject: [PATCH 044/102] nixos/prometheus-node-exporter: fix file collector

---
 nixos/modules/services/monitoring/prometheus/exporters/node.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix
index c85f5f9cfb2d..ee7bf39f199a 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix
@@ -27,6 +27,7 @@ in
   };
   serviceOpts = {
     serviceConfig = {
+      RuntimeDirectory = "prometheus-node-exporter";
       ExecStart = ''
         ${pkgs.prometheus-node-exporter}/bin/node_exporter \
           ${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \

From 120e93928f1071a5589e520a7542577a70dc736f Mon Sep 17 00:00:00 2001
From: Simon Lackerbauer <simon@lackerbauer.com>
Date: Wed, 21 Mar 2018 20:02:07 +0100
Subject: [PATCH 045/102] crowd: 3.0.1 -> 3.1.2

---
 nixos/modules/services/web-apps/atlassian/crowd.nix | 5 +++--
 pkgs/servers/atlassian/crowd.nix                    | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/services/web-apps/atlassian/crowd.nix b/nixos/modules/services/web-apps/atlassian/crowd.nix
index 0ac941b6ec99..778e4afa1e0b 100644
--- a/nixos/modules/services/web-apps/atlassian/crowd.nix
+++ b/nixos/modules/services/web-apps/atlassian/crowd.nix
@@ -126,12 +126,13 @@ in
       };
 
       preStart = ''
-        mkdir -p ${cfg.home}/{logs,work,database}
+        rm -rf ${cfg.home}/work
+        mkdir -p ${cfg.home}/{logs,database,work}
 
         mkdir -p /run/atlassian-crowd
         ln -sf ${cfg.home}/{database,work,server.xml} /run/atlassian-crowd
 
-        chown -R ${cfg.user} ${cfg.home}
+        chown -R ${cfg.user}:${cfg.group} ${cfg.home}
 
         sed -e 's,port="8095",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \
         '' + (lib.optionalString cfg.proxy.enable ''
diff --git a/pkgs/servers/atlassian/crowd.nix b/pkgs/servers/atlassian/crowd.nix
index 6d7b332da135..4989c3a417a2 100644
--- a/pkgs/servers/atlassian/crowd.nix
+++ b/pkgs/servers/atlassian/crowd.nix
@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   name = "atlassian-crowd-${version}";
-  version = "3.0.1";
+  version = "3.1.2";
 
   src = fetchurl {
     url = "https://www.atlassian.com/software/crowd/downloads/binary/${name}.tar.gz";
-    sha256 = "17pz0rgzdv40sbvzb9w6xmdg598m6gs7gsznfnxcy1j011cgg1wr";
+    sha256 = "0pnl0zl38827ckgxh4y1mnq3lr7bvd7v3ysdxxv3nfr5zya4xgki";
   };
 
   phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];

From 03e9d75a8dd457b1d6c5947307507df4b47519aa Mon Sep 17 00:00:00 2001
From: Matthew Justin Bauer <mjbauer95@gmail.com>
Date: Wed, 23 May 2018 22:05:53 -0500
Subject: [PATCH 046/102] 9pfs: add version

---
 pkgs/tools/filesystems/9pfs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/tools/filesystems/9pfs/default.nix b/pkgs/tools/filesystems/9pfs/default.nix
index 5ad54adc08ad..37ec4105472b 100644
--- a/pkgs/tools/filesystems/9pfs/default.nix
+++ b/pkgs/tools/filesystems/9pfs/default.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, fetchFromGitHub, fuse }:
 
 stdenv.mkDerivation rec {
-  name = "9pfs";
+  name = "9pfs-20150918";
 
   src = fetchFromGitHub {
     owner = "mischief";

From 828d932fefbbe89850948ba54fb14b903eb0b32e Mon Sep 17 00:00:00 2001
From: Matthew Justin Bauer <mjbauer95@gmail.com>
Date: Wed, 23 May 2018 22:08:31 -0500
Subject: [PATCH 047/102] zookeeper_mt: add version

---
 pkgs/development/libraries/zookeeper_mt/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/zookeeper_mt/default.nix b/pkgs/development/libraries/zookeeper_mt/default.nix
index 0ec24c828a6f..58e1940a3ef4 100644
--- a/pkgs/development/libraries/zookeeper_mt/default.nix
+++ b/pkgs/development/libraries/zookeeper_mt/default.nix
@@ -1,7 +1,7 @@
 { stdenv, zookeeper, bash }:
 
 stdenv.mkDerivation rec {
-   name = "zookeeper_mt";
+   name = "zookeeper_mt-${stdenv.lib.getVersion zookeeper}";
    
    src = zookeeper.src;
    

From 06e750ccc9477376d400fb5209192526360afed0 Mon Sep 17 00:00:00 2001
From: Vladyslav Mykhailichenko <dywedir@pm.me>
Date: Thu, 24 May 2018 09:25:05 +0300
Subject: [PATCH 048/102] yarn: 1.6.0 -> 1.7.0

---
 pkgs/development/tools/yarn/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/yarn/default.nix b/pkgs/development/tools/yarn/default.nix
index eefe7dcfa74a..535ab7b45fa3 100644
--- a/pkgs/development/tools/yarn/default.nix
+++ b/pkgs/development/tools/yarn/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "yarn-${version}";
-  version = "1.6.0";
+  version = "1.7.0";
 
   src = fetchzip {
     url = "https://github.com/yarnpkg/yarn/releases/download/v${version}/yarn-v${version}.tar.gz";
-    sha256 = "0bblp1jy4s9y5rpcqn40w61qwsmxr342xkcn7ykk88i7sng2cgfw";
+    sha256 = "00fxihv9ih40k6f21a7hb6vkx4h4m6ks0fbai5h9ssi0p4m5j3by";
   };
 
   buildInputs = [makeWrapper nodejs];

From ab500439cd7d305fbb9e2011ff5073accaf2673f Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 24 May 2018 10:56:33 +0200
Subject: [PATCH 049/102] gohai: init at 2018-05-23

This project does not have a default versioning scheme. go2nix
suggests using the date of the most recent change.
---
 pkgs/tools/system/gohai/default.nix | 32 +++++++++++++++++++++++++++++
 pkgs/tools/system/gohai/deps.nix    | 30 +++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix     |  2 ++
 3 files changed, 64 insertions(+)
 create mode 100644 pkgs/tools/system/gohai/default.nix
 create mode 100644 pkgs/tools/system/gohai/deps.nix

diff --git a/pkgs/tools/system/gohai/default.nix b/pkgs/tools/system/gohai/default.nix
new file mode 100644
index 000000000000..77f65de9a8d0
--- /dev/null
+++ b/pkgs/tools/system/gohai/default.nix
@@ -0,0 +1,32 @@
+{ lib, stdenv, buildGoPackage, fetchgit, fetchhg, fetchbzr, fetchsvn }:
+
+buildGoPackage rec {
+  name = "gohai-${version}";
+  version = "2018-05-23";
+  rev = "60e13eaed98afa238ad6dfc98224c04fbb7b19b1";
+
+  goPackagePath = "github.com/DataDog/gohai";
+
+  src = fetchgit {
+    inherit rev;
+    url    = "https://github.com/DataDog/gohai";
+    sha256 = "15hdw195f6ayrmj1nbyfpfswdai1r1z3qjw927mbma7rwql24dkr";
+  };
+
+  goDeps = ./deps.nix;
+
+  meta = with lib; {
+    description      = "System information collector";
+    homepage         = "https://github.com/DataDog/gohai";
+    license          = licenses.mit;
+    maintainers      = [ maintainers.tazjin ];
+    platforms        = platforms.unix;
+    repositories.git = git://github.com/DataDog/gohai.git;
+
+    longDescription = ''
+      Gohai is a tool which collects an inventory of system
+      information. It is used by the Datadog agent to provide detailed
+      system metrics.
+    '';
+  };
+}
diff --git a/pkgs/tools/system/gohai/deps.nix b/pkgs/tools/system/gohai/deps.nix
new file mode 100644
index 000000000000..f6d63e460246
--- /dev/null
+++ b/pkgs/tools/system/gohai/deps.nix
@@ -0,0 +1,30 @@
+# This file was generated by https://github.com/kamilchm/go2nix v1.2.1
+[
+  {
+    goPackagePath = "github.com/cihub/seelog";
+    fetch = {
+      type = "git";
+      url = "https://github.com/cihub/seelog";
+      rev = "f561c5e57575bb1e0a2167028b7339b3a8d16fb4";
+      sha256 = "0r3228hvgljgpaggj6b9mvxfsizfw25q2c1761wsvcif8gz49cvl";
+    };
+  }
+  {
+    goPackagePath = "github.com/shirou/gopsutil";
+    fetch = {
+      type = "git";
+      url = "https://github.com/shirou/gopsutil";
+      rev = "eeb1d38d69593f121e060d24d17f7b1f0936b203";
+      sha256 = "01qsznk599225gf4pld7p2m30p61y77mvzhrs6raxpk6wf7icp4w";
+    };
+  }
+  {
+    goPackagePath = "golang.org/x/sys";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/sys";
+      rev = "77b0e4315053a57ed2962443614bdb28db152054";
+      sha256 = "1024gcv1b40i2rgvpgyw2hgy1k5g7473pn29yavwysj37m1rrplp";
+    };
+  }
+]
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 84311e2559e1..9c8acb7cff0e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1289,6 +1289,8 @@ with pkgs;
 
   goa = callPackage ../development/tools/goa { };
 
+  gohai = callPackage ../tools/system/gohai { };
+
   gorilla-bin = callPackage ../tools/security/gorilla-bin { };
 
   gosu = callPackage ../tools/misc/gosu { };

From f4c87183df72a71d3d12c20bb2d99f68207dce8f Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 24 May 2018 10:58:28 +0200
Subject: [PATCH 050/102] nixos/dd-agent: fix runtime errors by adding gohai to
 $PATH

The Datadog agent requires `gohai` to be available on its `$PATH` in
order to collect certain metrics.

It would previously start up and collect certain types of metrics, but
log errors related to the missing gohai binary.

This commit configures the systemd-unit to make gohai available at
runtime.

This fixes #39810.
---
 .../services/monitoring/dd-agent/dd-agent.nix        | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix
index beaa2c01b298..6367c8245f71 100644
--- a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix
+++ b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix
@@ -57,7 +57,7 @@ let
     instances:
       - use_mount: no
   '';
-  
+
   networkConfig = pkgs.writeText "network.yaml" ''
     init_config:
 
@@ -68,13 +68,13 @@ let
           - lo
           - lo0
   '';
-  
+
   postgresqlConfig = pkgs.writeText "postgres.yaml" cfg.postgresqlConfig;
   nginxConfig = pkgs.writeText "nginx.yaml" cfg.nginxConfig;
   mongoConfig = pkgs.writeText "mongo.yaml" cfg.mongoConfig;
   jmxConfig = pkgs.writeText "jmx.yaml" cfg.jmxConfig;
   processConfig = pkgs.writeText "process.yaml" cfg.processConfig;
-  
+
   etcfiles =
     let
       defaultConfd = import ./dd-agent-defaults.nix;
@@ -150,7 +150,7 @@ in {
       default = null;
       type = types.uniq (types.nullOr types.string);
     };
-    
+
     mongoConfig = mkOption {
       description = "MongoDB integration configuration";
       default = null;
@@ -166,7 +166,7 @@ in {
     processConfig = mkOption {
       description = ''
         Process integration configuration
- 
+
         See http://docs.datadoghq.com/integrations/process/
       '';
       default = null;
@@ -190,7 +190,7 @@ in {
 
     systemd.services.dd-agent = {
       description = "Datadog agent monitor";
-      path = [ pkgs."dd-agent" pkgs.python pkgs.sysstat pkgs.procps ];
+      path = [ pkgs."dd-agent" pkgs.python pkgs.sysstat pkgs.procps pkgs.gohai ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig = {
         ExecStart = "${pkgs.dd-agent}/bin/dd-agent foreground";

From 2a14e898bcf5ed9e6647f3b60c0444adba18a9ce Mon Sep 17 00:00:00 2001
From: Markus Kowalewski <markus.kowalewski@fysik.su.se>
Date: Tue, 22 May 2018 13:55:13 +0200
Subject: [PATCH 051/102] slurm/module: add ProcTrackType option to unbreak
 default setup

---
 nixos/modules/services/computing/slurm/slurm.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index 45d34f5b76f5..314cc3f61ecc 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -13,6 +13,7 @@ let
       ${optionalString (cfg.nodeName != null) ''nodeName=${cfg.nodeName}''}
       ${optionalString (cfg.partitionName != null) ''partitionName=${cfg.partitionName}''}
       PlugStackConfig=${plugStackConfig}
+      ProctrackType=${cfg.procTrackType}
       ${cfg.extraConfig}
     '';
 
@@ -103,6 +104,16 @@ in
         '';
       };
 
+      procTrackType = mkOption {
+        type = types.string;
+        default = "proctrack/linuxproc";
+        description = ''
+          Plugin to be used for process tracking on a job step basis.
+          The slurmd daemon uses this mechanism to identify all processes
+          which are children of processes it spawns for a user job step.
+        '';
+      };
+
       extraConfig = mkOption {
         default = "";
         type = types.lines;

From 60737bd31985116b7cce47f221e8568e66ab73e0 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Tue, 22 May 2018 19:53:28 -0400
Subject: [PATCH 052/102] dockerTools: fixes extraCommands for mkRootLayer.

The extraCommands was, previously, simply put in the body of the script
using nix expansion `${extraCommands}` (which looks exactly like bash
expansion!).

This causes issues like in #34779 where scripts will eventually create
invalid bash.

The solution is to use a script like `run-as-root`.

 * * *

Fixes #34779
---
 pkgs/build-support/docker/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 374b71d42a39..34af6ad65b9f 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -360,7 +360,9 @@ rec {
     extraCommands ? ""
   }:
     # Generate an executable script from the `runAsRoot` text.
-    let runAsRootScript = shellScript "run-as-root.sh" runAsRoot;
+    let
+      runAsRootScript = shellScript "run-as-root.sh" runAsRoot;
+      extraCommandsScript = shellScript "extra-commands.sh" extraCommands;
     in runWithOverlay {
       name = "docker-layer-${name}";
 
@@ -398,7 +400,7 @@ rec {
       '';
 
       postUmount = ''
-        (cd layer; eval "${extraCommands}")
+        (cd layer; ${extraCommandsScript})
 
         echo "Packing layer..."
         mkdir $out

From d32e2e30639eb23c027ccf9e6b0caaf33d58d00d Mon Sep 17 00:00:00 2001
From: symphorien <symphorien@users.noreply.github.com>
Date: Thu, 24 May 2018 11:27:06 +0000
Subject: [PATCH 053/102] nix-du: 0.1.1 -> 0.1.2 (#41002)

---
 pkgs/tools/package-management/nix-du/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/tools/package-management/nix-du/default.nix b/pkgs/tools/package-management/nix-du/default.nix
index 2e68666b7fa3..212b61f62f06 100644
--- a/pkgs/tools/package-management/nix-du/default.nix
+++ b/pkgs/tools/package-management/nix-du/default.nix
@@ -1,17 +1,17 @@
 { stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz }:
 rustPlatform.buildRustPackage rec {
   name = "nix-du-${version}";
-  version = "0.1.1";
+  version = "0.1.2";
 
   src = fetchFromGitHub {
     owner = "symphorien";
     repo = "nix-du";
     rev = "v${version}";
-    sha256 = "0kxacn5qw21pp4zl6wr9wyb2mm2nlnp6mla3m5p9dm7vrm1fd1x9";
+    sha256 = "1y7ifr4c3v1494swh6akvna0d0rxjy9jw3mw2wdd6vj1xphvmimq";
   };
-  cargoSha256 = "04c48lzi7hny3nq4ffdpvsr4dxbi32faka163fp1yc9953zdw9az";
+  cargoSha256 = "0qq7a6ncxnbjvnmly99awqrk9f3z9b55ifil7b0bn5yhk4h9sa6y";
 
-  doCheck = !stdenv.isDarwin;
+  doCheck = true;
   checkInputs = [ graphviz ];
   nativeBuildInputs = [] ++ stdenv.lib.optionals doCheck checkInputs;
 

From 3c0daa19e2d61d167325cbf558c15931bfd531b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?=
 <robert.schuetz@stud.uni-heidelberg.de>
Date: Thu, 24 May 2018 10:25:52 +0200
Subject: [PATCH 054/102] nixos/borgbackup: make extraArgs a shell variable

in line with the other extra*Args variables
---
 nixos/modules/services/backup/borgbackup.nix | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix
index 1e019827dfea..0c3fc9af6f88 100644
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@@ -35,26 +35,26 @@ let
     ${cfg.preHook}
   '' + optionalString cfg.doInit ''
     # Run borg init if the repo doesn't exist yet
-    if ! borg list ${cfg.extraArgs} > /dev/null; then
-      borg init ${cfg.extraArgs} \
+    if ! borg list $extraArgs > /dev/null; then
+      borg init $extraArgs \
         --encryption ${cfg.encryption.mode} \
         $extraInitArgs
       ${cfg.postInit}
     fi
   '' + ''
-    borg create ${cfg.extraArgs} \
+    borg create $extraArgs \
       --compression ${cfg.compression} \
       --exclude-from ${mkExcludeFile cfg} \
       $extraCreateArgs \
       "::$archiveName$archiveSuffix" \
       ${escapeShellArgs cfg.paths}
   '' + optionalString cfg.appendFailedSuffix ''
-    borg rename ${cfg.extraArgs} \
+    borg rename $extraArgs \
       "::$archiveName$archiveSuffix" "$archiveName"
   '' + ''
     ${cfg.postCreate}
   '' + optionalString (cfg.prune.keep != { }) ''
-    borg prune ${cfg.extraArgs} \
+    borg prune $extraArgs \
       ${mkKeepArgs cfg} \
       --prefix ${escapeShellArg cfg.prune.prefix} \
       $extraPruneArgs
@@ -93,7 +93,7 @@ let
       };
       environment = {
         BORG_REPO = cfg.repo;
-        inherit (cfg) extraInitArgs extraCreateArgs extraPruneArgs;
+        inherit (cfg) extraArgs extraInitArgs extraCreateArgs extraPruneArgs;
       } // (mkPassEnv cfg) // cfg.environment;
       inherit (cfg) startAt;
     };
@@ -463,7 +463,7 @@ in {
               service has. Handle with care.
             '';
             default = "";
-            example = "--remote-path=borg1";
+            example = "--remote-path=/path/to/borg";
           };
 
           extraInitArgs = mkOption {

From e22d072c641bdd4f615932b8afb06aed518867d5 Mon Sep 17 00:00:00 2001
From: Geoffrey Huntley <ghuntley@ghuntley.com>
Date: Thu, 24 May 2018 22:16:08 +1000
Subject: [PATCH 055/102] kubernetes: fix 404 links to documentation

---
 nixos/modules/services/cluster/kubernetes/default.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index aeb0a0d2432d..d0309ebd5b8a 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -279,7 +279,7 @@ in {
       tokenAuthFile = mkOption {
         description = ''
           Kubernetes apiserver token authentication file. See
-          <link xlink:href="https://kubernetes.io/docs/admin/authentication.html"/>
+          <link xlink:href="https://kubernetes.io/docs/reference/access-authn-authz/authentication"/>
         '';
         default = null;
         type = types.nullOr types.path;
@@ -288,7 +288,7 @@ in {
       basicAuthFile = mkOption {
         description = ''
           Kubernetes apiserver basic authentication file. See
-          <link xlink:href="https://kubernetes.io/docs/admin/authentication.html"/>
+          <link xlink:href="https://kubernetes.io/docs/reference/access-authn-authz/authentication"/>
         '';
         default = pkgs.writeText "users" ''
           kubernetes,admin,0
@@ -299,7 +299,7 @@ in {
       authorizationMode = mkOption {
         description = ''
           Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/RBAC). See
-          <link xlink:href="https://kubernetes.io/docs/admin/authorization.html"/>
+          <link xlink:href="https://kubernetes.io/docs/reference/access-authn-authz/authorization/"/>
         '';
         default = ["RBAC" "Node"];
         type = types.listOf (types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC" "RBAC" "Node"]);
@@ -308,7 +308,7 @@ in {
       authorizationPolicy = mkOption {
         description = ''
           Kubernetes apiserver authorization policy file. See
-          <link xlink:href="https://kubernetes.io/docs/admin/authorization.html"/>
+          <link xlink:href="https://kubernetes.io/docs/reference/access-authn-authz/authorization/"/>
         '';
         default = [];
         type = types.listOf types.attrs;
@@ -332,7 +332,7 @@ in {
       runtimeConfig = mkOption {
         description = ''
           Api runtime configuration. See
-          <link xlink:href="https://kubernetes.io/docs/admin/cluster-management.html"/>
+          <link xlink:href="https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/"/>
         '';
         default = "authentication.k8s.io/v1beta1=true";
         example = "api/all=false,api/v1=true";

From 8f71ce7e80caad32bfd4e85fb67c4e9fbca5a82d Mon Sep 17 00:00:00 2001
From: Antoine Eiche <lewo@abesis.fr>
Date: Thu, 24 May 2018 10:33:18 +0200
Subject: [PATCH 056/102] skopeo: 0.1.29 -> 0.1.30

Skopeo used by our docker tools was patched to work in the build
sandbox (it used /var/tmp which is not available in the sandbox).
Since this temporary directory can now be set at build time, we remove
the patch from our docker tools.
---
 pkgs/build-support/docker/default.nix     | 10 +---------
 pkgs/development/tools/skopeo/default.nix | 10 +++++++---
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 374b71d42a39..0aded149dd2d 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -52,15 +52,7 @@ rec {
       outputHashAlgo = "sha256";
       outputHash = sha256;
 
-      # One of the dependencies of Skopeo uses a hardcoded /var/tmp for storing
-      # big image files, which is not available in sandboxed builds.
-      nativeBuildInputs = lib.singleton (pkgs.skopeo.overrideAttrs (drv: {
-        postPatch = (drv.postPatch or "") + ''
-          sed -i -e 's!/var/tmp!/tmp!g' \
-            vendor/github.com/containers/image/storage/storage_image.go \
-            vendor/github.com/containers/image/internal/tmpdir/tmpdir.go
-        '';
-      }));
+      nativeBuildInputs = lib.singleton (pkgs.skopeo);
       SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt";
 
       sourceURL = "docker://${imageName}@${imageDigest}";
diff --git a/pkgs/development/tools/skopeo/default.nix b/pkgs/development/tools/skopeo/default.nix
index bb99e887ac6f..0535a11e0ceb 100644
--- a/pkgs/development/tools/skopeo/default.nix
+++ b/pkgs/development/tools/skopeo/default.nix
@@ -5,13 +5,13 @@
 with stdenv.lib;
 
 let
-  version = "0.1.29";
+  version = "0.1.30";
 
   src = fetchFromGitHub {
     rev = "v${version}";
     owner = "projectatomic";
     repo = "skopeo";
-    sha256 = "1lhzbyj2mm25x12s7g2jx4v8w19izjwlgx4lml13r5yy1spn65k2";
+    sha256 = "10lpiiki7mlhrp4bid40wys3lch7fars1whxsa5gy0frfgp89ghn";
   };
 
   defaultPolicyFile = runCommand "skopeo-default-policy.json" {} "cp ${src}/default-policy.json $out";
@@ -30,7 +30,11 @@ buildGoPackage rec {
   nativeBuildInputs = [ pkgconfig (lib.getBin go-md2man) ];
   buildInputs = [ gpgme libgpgerror devicemapper btrfs-progs ostree libselinux ];
 
-  buildFlagsArray = "-ldflags= -X github.com/projectatomic/skopeo/vendor/github.com/containers/image/signature.systemDefaultPolicyPath=${defaultPolicyFile}";
+  buildFlagsArray = ''
+    -ldflags=
+    -X github.com/projectatomic/skopeo/vendor/github.com/containers/image/signature.systemDefaultPolicyPath=${defaultPolicyFile}
+    -X github.com/projectatomic/skopeo/vendor/github.com/containers/image/internal/tmpdir.unixTempDirForBigFiles=/tmp
+  '';
 
   preBuild = ''
     export CGO_CFLAGS="-I${getDev gpgme}/include -I${getDev libgpgerror}/include -I${getDev devicemapper}/include -I${getDev btrfs-progs}/include"

From c0e0c7046d1d1fdbb70f49376b7fb98f8a787920 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm+bot@ryantm.com>
Date: Wed, 23 May 2018 00:52:52 -0700
Subject: [PATCH 057/102] criu: 3.8.1 -> 3.9

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/criu/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/31grlhm7igrgi29fhmndki41a8f87cvs-criu-3.9/bin/crit had a zero exit code or showed the expected version
- /nix/store/31grlhm7igrgi29fhmndki41a8f87cvs-criu-3.9/bin/compel passed the binary check.
- /nix/store/31grlhm7igrgi29fhmndki41a8f87cvs-criu-3.9/bin/criu passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 0 of 3 passed binary check by having the new version present in output.
- found 3.9 with grep in /nix/store/31grlhm7igrgi29fhmndki41a8f87cvs-criu-3.9
- directory tree listing: https://gist.github.com/5db13cedfd351a5d1fd8ed3d70ccbac3
- du listing: https://gist.github.com/3a064c8b51705c90c1093a81ab9495ee
---
 pkgs/os-specific/linux/criu/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/criu/default.nix b/pkgs/os-specific/linux/criu/default.nix
index fc7a66dcf1b6..dba495d0dee5 100644
--- a/pkgs/os-specific/linux/criu/default.nix
+++ b/pkgs/os-specific/linux/criu/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name    = "criu-${version}";
-  version = "3.8.1";
+  version = "3.9";
 
   src = fetchurl {
     url    = "http://download.openvz.org/criu/${name}.tar.bz2";
-    sha256 = "0csyhsc5d6wkcjyvsp6h9x8zxn3zk574s84gfmy3gjagv3nwqd51";
+    sha256 = "0l71lmklr42pc2bj37pkp7y8va8bx42n9f6i4q4idsx4wrdd75fx";
   };
 
   enableParallelBuilding = true;

From c8987a72e4f346917f197443512c3810ecb9a8a2 Mon Sep 17 00:00:00 2001
From: Timo Kaufmann <eisfreak7@gmail.com>
Date: Thu, 24 May 2018 16:36:18 +0200
Subject: [PATCH 058/102] fplll: 5.2.0 -> 5.2.1, pythonPackages.fpylll:
 0.3.0dev -> 0.4.0dev (#40995)

---
 pkgs/development/libraries/fplll/default.nix       |  4 ++--
 pkgs/development/python-modules/fpylll/default.nix | 12 +++++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/pkgs/development/libraries/fplll/default.nix b/pkgs/development/libraries/fplll/default.nix
index 2dd757bf8216..063217a45047 100644
--- a/pkgs/development/libraries/fplll/default.nix
+++ b/pkgs/development/libraries/fplll/default.nix
@@ -4,12 +4,12 @@
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
   pname = "fplll";
-  version = "5.2.0";
+  version = "5.2.1";
   src = fetchFromGitHub {
     owner = "${pname}";
     repo = "${pname}";
     rev = "${version}";
-    sha256 = "0931i4q49lzlifsg9zd8a2yzj626i1s2bqhkfxvcxv94c38s0nh1";
+    sha256 = "015qmrd7nfaysbv1hbwiprz9g6hnww1y1z1xw8f43ysb7k1b5nbg";
   };
   nativeBuildInputs = [autoconf automake libtool gettext autoreconfHook];
   buildInputs = [gmp mpfr];
diff --git a/pkgs/development/python-modules/fpylll/default.nix b/pkgs/development/python-modules/fpylll/default.nix
index 6ce069b31910..a27e9494911c 100644
--- a/pkgs/development/python-modules/fpylll/default.nix
+++ b/pkgs/development/python-modules/fpylll/default.nix
@@ -1,5 +1,5 @@
 { lib
-, fetchPypi
+, fetchFromGitHub
 , buildPythonPackage
 , pkgconfig
 , gmp
@@ -14,11 +14,13 @@
 
 buildPythonPackage rec {
   pname = "fpylll";
-  version = "0.3.0dev";
+  version = "0.4.1dev";
 
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "0bjkh02fnxsrxwjzai8ij12zl2wq319z8y25sn9pvvzla5izgnp9";
+  src = fetchFromGitHub {
+    owner = "fplll";
+    repo = "fpylll";
+    rev = version;
+    sha256 = "01x2sqdv0sbjj4g4waj0hj4rcn4bq7h17442xaqwbznym9azmn9w";
   };
 
   buildInputs = [

From 2e41891e6d595b9acf484d7d349b17a7b35b6923 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Thu, 24 May 2018 16:02:08 +0200
Subject: [PATCH 059/102] python.pkgs.openid: init at 2.2.5/3.1.0

---
 .../python-modules/python-openid/default.nix  | 20 +++++++++++++++++
 .../python-modules/python3-openid/default.nix | 22 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  4 ++++
 3 files changed, 46 insertions(+)
 create mode 100644 pkgs/development/python-modules/python-openid/default.nix
 create mode 100644 pkgs/development/python-modules/python3-openid/default.nix

diff --git a/pkgs/development/python-modules/python-openid/default.nix b/pkgs/development/python-modules/python-openid/default.nix
new file mode 100644
index 000000000000..f25a89c65d44
--- /dev/null
+++ b/pkgs/development/python-modules/python-openid/default.nix
@@ -0,0 +1,20 @@
+{ stdenv, buildPythonPackage, fetchPypi }:
+
+buildPythonPackage rec {
+  pname = "python-openid";
+  name = "${pname}-${version}";
+  version = "2.2.5";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1vvhxlghjan01snfdc4k7ykd80vkyjgizwgg9bncnin8rqz1ricj";
+  };
+
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "OpenID support for modern servers and consumers";
+    homepage = http://github.com/openid/python-openid;
+    license = licenses.asl20;
+  };
+}
diff --git a/pkgs/development/python-modules/python3-openid/default.nix b/pkgs/development/python-modules/python3-openid/default.nix
new file mode 100644
index 000000000000..2365918c7e48
--- /dev/null
+++ b/pkgs/development/python-modules/python3-openid/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, buildPythonPackage, fetchPypi, defusedxml }:
+
+buildPythonPackage rec {
+  pname = "python3-openid";
+  name = "${pname}-${version}";
+  version = "3.1.0";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "00l5hrjh19740w00b3fnsqldnla41wbr2rics09dl4kyd1fkd3b2";
+  };
+
+  propagatedBuildInputs = [ defusedxml ];
+
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "OpenID support for modern servers and consumers";
+    homepage = http://github.com/necaris/python3-openid;
+    license = licenses.asl20;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 6f595f27bffd..955831627a1f 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -408,6 +408,10 @@ in {
 
   pytest-tornado = callPackage ../development/python-modules/pytest-tornado { };
 
+  python-openid = callPackage (if isPy3k
+    then ../development/python-modules/python3-openid
+    else ../development/python-modules/python-openid) { };
+
   python-sql = callPackage ../development/python-modules/python-sql { };
 
   python-stdnum = callPackage ../development/python-modules/python-stdnum { };

From 6b29b2c3aa7408129147aee7040daf74435476e2 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Thu, 24 May 2018 16:03:03 +0200
Subject: [PATCH 060/102] python.pkgs.django-allauth: init at 0.36.0

---
 .../python-modules/django-allauth/default.nix | 32 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 34 insertions(+)
 create mode 100644 pkgs/development/python-modules/django-allauth/default.nix

diff --git a/pkgs/development/python-modules/django-allauth/default.nix b/pkgs/development/python-modules/django-allauth/default.nix
new file mode 100644
index 000000000000..a1968550afcc
--- /dev/null
+++ b/pkgs/development/python-modules/django-allauth/default.nix
@@ -0,0 +1,32 @@
+{ stdenv, buildPythonPackage, fetchFromGitHub, requests, requests_oauthlib
+, django, python-openid, mock, coverage }:
+
+buildPythonPackage rec {
+  pname = "django-allauth";
+  name = "${pname}-${version}";
+  version = "0.36.0";
+
+  # no tests on PyPI
+  src = fetchFromGitHub {
+    owner = "pennersr";
+    repo = pname;
+    rev = version;
+    sha256 = "1c863cmd521j6cwpyd50jxz5y62fdschrhm15jfqihicyr9imjan";
+  };
+
+  propagatedBuildInputs = [ requests requests_oauthlib django python-openid ];
+
+  checkInputs = [ coverage mock ];
+
+  doCheck = false;
+  checkPhase = ''
+    cd $NIX_BUILD_TOP/$sourceRoot
+    coverage run manage.py test allauth
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication";
+    homepage = https://www.intenct.nl/projects/django-allauth;
+    license = licenses.mit;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 955831627a1f..9fbb6a85ce7c 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -4713,6 +4713,8 @@ in {
     };
   };
 
+  django-allauth = callPackage ../development/python-modules/django-allauth { };
+
   django_appconf = callPackage ../development/python-modules/django_appconf { };
 
   django_colorful = buildPythonPackage rec {

From e24399325535c0b0b7c19ea8e73ff61409d79ff4 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Thu, 24 May 2018 16:37:35 +0200
Subject: [PATCH 061/102] python.pkgs.django-gravatar2: init at 1.4.2

---
 .../django-gravatar2/default.nix              | 20 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 22 insertions(+)
 create mode 100644 pkgs/development/python-modules/django-gravatar2/default.nix

diff --git a/pkgs/development/python-modules/django-gravatar2/default.nix b/pkgs/development/python-modules/django-gravatar2/default.nix
new file mode 100644
index 000000000000..5712ed4193fe
--- /dev/null
+++ b/pkgs/development/python-modules/django-gravatar2/default.nix
@@ -0,0 +1,20 @@
+{ stdenv, buildPythonPackage, fetchPypi }:
+
+buildPythonPackage rec {
+  pname = "django-gravatar2";
+  name = "${pname}-${version}";
+  version = "1.4.2";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1qsv40xywbqsf4mkrmsswrpzqd7nfljxpfiim9an2z3dykn5rka6";
+  };
+
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "Essential Gravatar support for Django";
+    homepage = https://github.com/twaddington/django-gravatar;
+    license = licenses.mit;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 9fbb6a85ce7c..739c40b2d630 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -4782,6 +4782,8 @@ in {
 
   django_extensions = callPackage ../development/python-modules/django-extensions { };
 
+  django-gravatar2 = callPackage ../development/python-modules/django-gravatar2 { };
+
   django_guardian = callPackage ../development/python-modules/django_guardian { };
 
   django-ipware = callPackage ../development/python-modules/django-ipware { };

From 5b468ea6b1d8d243847a05bdf5603e8abdfd7b4e Mon Sep 17 00:00:00 2001
From: Peter Hoeg <peter@hoeg.com>
Date: Thu, 24 May 2018 22:42:16 +0800
Subject: [PATCH 062/102] nixos mysql: make start-up more robust (#41010)

1) Change start-type to ```notify``` when running MariaDB so that we don't have to busy-wait for the
socket to appear.

2) Do not manually create the directory under /run as we can get systemd to do
that for us. This opens up the possibility later for not having to launch as root.
---
 nixos/modules/services/databases/mysql.nix | 22 ++++++++++++----------
 nixos/tests/mysql.nix                      |  1 -
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix
index 66c9330c3550..15b9c788e872 100644
--- a/nixos/modules/services/databases/mysql.nix
+++ b/nixos/modules/services/databases/mysql.nix
@@ -231,8 +231,10 @@ in
 
     environment.systemPackages = [mysql];
 
-    systemd.services.mysql =
-      { description = "MySQL Server";
+    systemd.services.mysql = let
+      hasNotify = (cfg.package == pkgs.mariadb);
+    in {
+        description = "MySQL Server";
 
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];
@@ -256,17 +258,16 @@ in
 
             mkdir -m 0755 -p ${cfg.pidDir}
             chown -R ${cfg.user} ${cfg.pidDir}
-
-            # Make the socket directory
-            mkdir -p /run/mysqld
-            chmod 0755 /run/mysqld
-            chown -R ${cfg.user} /run/mysqld
           '';
 
-        serviceConfig.ExecStart = "${mysql}/bin/mysqld --defaults-extra-file=${myCnf} ${mysqldOptions}";
+        serviceConfig = {
+          Type = if hasNotify then "notify" else "simple";
+          RuntimeDirectory = "mysqld";
+          ExecStart = "${mysql}/bin/mysqld --defaults-extra-file=${myCnf} ${mysqldOptions}";
+        };
 
-        postStart =
-          ''
+        postStart = ''
+          ${lib.optionalString (!hasNotify) ''
             # Wait until the MySQL server is available for use
             count=0
             while [ ! -e /run/mysqld/mysqld.sock ]
@@ -281,6 +282,7 @@ in
                 count=$((count++))
                 sleep 1
             done
+          ''}
 
             if [ -f /tmp/mysql_init ]
             then
diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix
index baaebf9f10db..c18fee6c7495 100644
--- a/nixos/tests/mysql.nix
+++ b/nixos/tests/mysql.nix
@@ -19,7 +19,6 @@ import ./make-test.nix ({ pkgs, ...} : {
     startAll;
 
     $master->waitForUnit("mysql");
-    $master->sleep(10); # Hopefully this is long enough!!
     $master->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
   '';
 })

From d437f2c365a12fb3894eb87f52decf53c745f475 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Thu, 24 May 2018 10:43:14 -0400
Subject: [PATCH 063/102] lib: Fix `nix-env -qaP -f . --xml --meta`

The function value cannot be serialized so nix-env was mad. Turns out we can
just remove it like we do in `lib/systems/inspect.nix`.
---
 lib/systems/for-meta.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/systems/for-meta.nix b/lib/systems/for-meta.nix
index 9e85cea3ad11..88cb0101410b 100644
--- a/lib/systems/for-meta.nix
+++ b/lib/systems/for-meta.nix
@@ -3,6 +3,8 @@ let
   inherit (lib.systems) parse;
   inherit (lib.systems.inspect) patterns;
 
+  abis = lib.mapAttrs (_: abi: builtins.removeAttrs abi [ "assertions" ]) parse.abis;
+
 in rec {
   all     = [ {} ]; # `{}` matches anything
   none    = [];
@@ -19,7 +21,7 @@ in rec {
   darwin  = [ patterns.isDarwin ];
   freebsd = [ patterns.isFreeBSD ];
   # Should be better, but MinGW is unclear, and HURD is bit-rotted.
-  gnu     = [ { kernel = parse.kernels.linux; abi = parse.abis.gnu; } ];
+  gnu     = [ { kernel = parse.kernels.linux; abi = abis.gnu; } ];
   illumos = [ patterns.isSunOS ];
   linux   = [ patterns.isLinux ];
   netbsd  = [ patterns.isNetBSD ];

From fb7428c50613a0f9e0d8ebc714abebee4e5d5cd2 Mon Sep 17 00:00:00 2001
From: Markus Kowalewski <markus.kowalewski@fysik.su.se>
Date: Thu, 24 May 2018 11:10:20 +0200
Subject: [PATCH 064/102] nixos/slurm: enable munge by default, added note to
 slurm description

---
 nixos/modules/services/computing/slurm/slurm.nix | 16 +++++++++++++---
 nixos/tests/slurm.nix                            |  2 --
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index 314cc3f61ecc..25df5030162c 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -32,12 +32,20 @@ in
     services.slurm = {
 
       server = {
-        enable = mkEnableOption "slurm control daemon";
-
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Wether to enable the slurm control daemon.
+            Note that the standard authentication method is "munge".
+            The "munge" service needs to be provided with a password file in order for
+            slurm to work properly (see <literal>services.munge.password<literal>).
+          '';
+        };
       };
 
       client = {
-        enable = mkEnableOption "slurm rlient daemon";
+        enable = mkEnableOption "slurm client daemon";
 
       };
 
@@ -161,6 +169,8 @@ in
 
     environment.systemPackages = [ wrappedSlurm ];
 
+    services.munge.enable = mkDefault true;
+
     systemd.services.slurmd = mkIf (cfg.client.enable) {
       path = with pkgs; [ wrappedSlurm coreutils ]
         ++ lib.optional cfg.enableSrunX11 slurm-spank-x11;
diff --git a/nixos/tests/slurm.nix b/nixos/tests/slurm.nix
index 0dd00dfb04c2..dc4f62af5640 100644
--- a/nixos/tests/slurm.nix
+++ b/nixos/tests/slurm.nix
@@ -20,7 +20,6 @@ in {
         # TODO slrumd port and slurmctld port should be configurations and
         # automatically allowed by the  firewall.
         networking.firewall.enable = false;
-        services.munge.enable = true;
         services.slurm = slurmconfig;
       };
     in {
@@ -28,7 +27,6 @@ in {
       { config, pkgs, ...}:
       {
         networking.firewall.enable = false;
-        services.munge.enable = true;
         services.slurm = {
           server.enable = true;
         } // slurmconfig;

From 96e5a8bce27c87d9a9e7999368d5c843d7a19049 Mon Sep 17 00:00:00 2001
From: Markus Kowalewski <markus.kowalewski@fysik.su.se>
Date: Thu, 24 May 2018 14:46:56 +0200
Subject: [PATCH 065/102] nixos/slurm: add slurm test to release.nix

---
 nixos/release.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/release.nix b/nixos/release.nix
index f7c2943b96fa..8d9202e87b08 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -383,6 +383,7 @@ in rec {
   tests.sddm = callSubTests tests/sddm.nix {};
   tests.simple = callTest tests/simple.nix {};
   tests.slim = callTest tests/slim.nix {};
+  tests.slurm = callTest tests/slurm.nix {};
   tests.smokeping = callTest tests/smokeping.nix {};
   tests.snapper = callTest tests/snapper.nix {};
   tests.statsd = callTest tests/statsd.nix {};

From 291808359b354ee6931e7cf8cb1eaa295458e0d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Gaspard?= <leo@gaspard.io>
Date: Thu, 24 May 2018 17:09:15 +0200
Subject: [PATCH 066/102] nheko: 0.4.0 -> 0.4.1

---
 .../networking/instant-messengers/nheko/default.nix       | 8 ++++----
 .../instant-messengers/nheko/external-deps.patch          | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/nheko/default.nix b/pkgs/applications/networking/instant-messengers/nheko/default.nix
index 688ac6d10d6f..4d002a4a7531 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/default.nix
+++ b/pkgs/applications/networking/instant-messengers/nheko/default.nix
@@ -17,8 +17,8 @@ let
     src = fetchFromGitHub {
       owner = "mujx";
       repo = "matrix-structs";
-      rev = "690080daa3bc1984297c4d7103cde9ea07e2e0b7";
-      sha256 = "0l6mncpdbjmrzp5a3q1jv0sxf7bwl5ljslrcjca1j2bjjbqb61bz";
+      rev = "5e57c2385a79b6629d1998fec4a7c0baee23555e";
+      sha256 = "112b7gnvr04g1ak7fnc7ch7w2n825j4qkw0jb49xx06ag93nb6m6";
     };
 
     postUnpack = ''
@@ -47,13 +47,13 @@ let
 in
 stdenv.mkDerivation rec {
   name = "nheko-${version}";
-  version = "0.4.0";
+  version = "0.4.1";
 
   src = fetchFromGitHub {
     owner = "mujx";
     repo = "nheko";
     rev = "v${version}";
-    sha256 = "1yg6bk193mqj99x3sy0f20x3ggpl0ahrp36w6hhx7pyw5qm17342";
+    sha256 = "14667a3d4y63wxcs2y49kly48k9nis365zzdk8yp6dn8fn5frqdx";
   };
 
   # This patch is likely not strictly speaking needed, but will help detect when
diff --git a/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch b/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch
index a3425a780454..fa388edfb75a 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch
+++ b/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch
@@ -54,7 +54,7 @@ index cef00f6..e69de29 100644
 -  MatrixStructs
 -
 -  GIT_REPOSITORY https://github.com/mujx/matrix-structs
--  GIT_TAG 690080daa3bc1984297c4d7103cde9ea07e2e0b7
+-  GIT_TAG 5e57c2385a79b6629d1998fec4a7c0baee23555e
 -
 -  BUILD_IN_SOURCE 1
 -  SOURCE_DIR ${MATRIX_STRUCTS_ROOT}

From ede496284176927269abd3ee7b6eb7093a8ce6ad Mon Sep 17 00:00:00 2001
From: Simon Lackerbauer <simon@lackerbauer.com>
Date: Wed, 21 Mar 2018 20:57:10 +0100
Subject: [PATCH 067/102] confluence: 6.6.1 -> 6.8.0

(cherry picked from commit a43d47121d33240e124f02cfe6b3124b28bfcf62)
---
 pkgs/servers/atlassian/confluence.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/atlassian/confluence.nix b/pkgs/servers/atlassian/confluence.nix
index a5d89b493e82..c3427b8029e5 100644
--- a/pkgs/servers/atlassian/confluence.nix
+++ b/pkgs/servers/atlassian/confluence.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   name = "atlassian-confluence-${version}";
-  version = "6.6.1";
+  version = "6.8.0";
 
   src = fetchurl {
     url = "https://www.atlassian.com/software/confluence/downloads/binary/${name}.tar.gz";
-    sha256 = "0nb8rjzfd0fqd9k1yxa3dj7kxgh84dgbg9l8jyj59g74ym77qmw0";
+    sha256 = "07awdbkjxkk4rbnpbb5xfjp4125c33bwxncmydlgzgk5fzy6dg2w";
   };
 
   phases = [ "unpackPhase" "buildPhase" "installPhase" ];

From bd3489e04ab67104c5f9b13d4b2aa64bcdff520d Mon Sep 17 00:00:00 2001
From: Kamil Chmielewski <kamil.chm@gmail.com>
Date: Thu, 24 May 2018 17:23:47 +0200
Subject: [PATCH 068/102] qtile: 0.10.7 -> 0.11.1

---
 .../0001-Substitution-vars-for-absolute-paths.patch  |  4 ++--
 .../qtile/0002-Restore-PATH-and-PYTHONPATH.patch     | 10 +++++-----
 .../qtile/0003-Restart-executable.patch              | 12 ++++++------
 pkgs/applications/window-managers/qtile/default.nix  |  4 ++--
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/pkgs/applications/window-managers/qtile/0001-Substitution-vars-for-absolute-paths.patch b/pkgs/applications/window-managers/qtile/0001-Substitution-vars-for-absolute-paths.patch
index 71d3d9cafaa3..219d6dcbe207 100644
--- a/pkgs/applications/window-managers/qtile/0001-Substitution-vars-for-absolute-paths.patch
+++ b/pkgs/applications/window-managers/qtile/0001-Substitution-vars-for-absolute-paths.patch
@@ -23,8 +23,8 @@ index f1133555..3e61204a 100644
  
      def _setup_xcursor_binding(self):
          try:
--            xcursor = ffi.dlopen('libxcb-cursor.so')
-+            xcursor = ffi.dlopen('@xcb-cursor@/lib/libxcb-cursor.so')
+-            xcursor = ffi.dlopen('libxcb-cursor.so.0')
++            xcursor = ffi.dlopen('@xcb-cursor@/lib/libxcb-cursor.so.0')
          except OSError:
              logger.warning("xcb-cursor not found, fallback to font pointer")
              return False
diff --git a/pkgs/applications/window-managers/qtile/0002-Restore-PATH-and-PYTHONPATH.patch b/pkgs/applications/window-managers/qtile/0002-Restore-PATH-and-PYTHONPATH.patch
index 7d184838fbaa..a01f14062f1d 100644
--- a/pkgs/applications/window-managers/qtile/0002-Restore-PATH-and-PYTHONPATH.patch
+++ b/pkgs/applications/window-managers/qtile/0002-Restore-PATH-and-PYTHONPATH.patch
@@ -43,13 +43,13 @@ index 5316e0e7..272c6430 100755
      from libqtile.scripts import qtile_top
      qtile_top.main()
 diff --git a/libqtile/utils.py b/libqtile/utils.py
-index 36ed0a58..bca9eab3 100644
+index 550ed02677e..1358a66f3df 100644
 --- a/libqtile/utils.py
 +++ b/libqtile/utils.py
-@@ -240,3 +240,11 @@ def describe_attributes(obj, attrs, func=None):
-             pairs.append('%s=%s' % (attr, value))
- 
-     return ', '.join(pairs)
+@@ -272,3 +272,11 @@ def safe_import(module_names, class_name, globals_, fallback=None):
+         logger.debug("%s", traceback.format_exc())
+         if fallback:
+             globals_[class_name] = fallback(module_path, class_name, error)
 +
 +
 +def restore_os_environment():
diff --git a/pkgs/applications/window-managers/qtile/0003-Restart-executable.patch b/pkgs/applications/window-managers/qtile/0003-Restart-executable.patch
index c9ae57c8615c..87fd19773794 100644
--- a/pkgs/applications/window-managers/qtile/0003-Restart-executable.patch
+++ b/pkgs/applications/window-managers/qtile/0003-Restart-executable.patch
@@ -1,13 +1,13 @@
 diff --git a/libqtile/manager.py b/libqtile/manager.py
-index 36518a74..9b6bdd02 100644
+index fc198e9bae7..860b97d8db1 100644
 --- a/libqtile/manager.py
 +++ b/libqtile/manager.py
-@@ -1386,7 +1386,7 @@ class Qtile(command.CommandObject):
+@@ -1402,7 +1402,7 @@ class Qtile(command.CommandObject):
+             logger.error("Unable to pickle qtile state")
          argv = [s for s in argv if not s.startswith('--with-state')]
          argv.append('--with-state=' + buf.getvalue().decode())
- 
--        self.cmd_execute(sys.executable, argv)
-+        self.cmd_execute(os.environ.get("QTILE_WRAPPER", "@out@/bin/qtile"), argv[1:])
+-        self._restart = (sys.executable, argv)
++        self._restart = (os.environ.get("QTILE_WRAPPER", "@out@/bin/qtile"), argv[1:])
+         self.stop()
  
      def cmd_spawn(self, cmd):
-         """Run cmd in a shell.
diff --git a/pkgs/applications/window-managers/qtile/default.nix b/pkgs/applications/window-managers/qtile/default.nix
index f889bf29f71a..ba304ad0c817 100644
--- a/pkgs/applications/window-managers/qtile/default.nix
+++ b/pkgs/applications/window-managers/qtile/default.nix
@@ -7,13 +7,13 @@ in
 
 python27Packages.buildPythonApplication rec {
   name = "qtile-${version}";
-  version = "0.10.7";
+  version = "0.11.1";
 
   src = fetchFromGitHub {
     owner = "qtile";
     repo = "qtile";
     rev = "v${version}";
-    sha256 = "18szgplyym0b65vnaa8nqzadq6q0mhsiky9g5hqhn7xzf4kykmj8";
+    sha256 = "1jw6mh9m5yrijhm218lc51sc89lc2ihvyx30jhrkxy2mzllhjgrs";
   };
 
   patches = [

From 429d81db2b10dc641ec1a79e260ecc1effdc3842 Mon Sep 17 00:00:00 2001
From: Florian Jacob <projects+git@florianjacob.de>
Date: Thu, 24 May 2018 00:06:51 +0200
Subject: [PATCH 069/102] matrix-synapse: 0.28.1 -> 0.30.0

---
 pkgs/servers/matrix-synapse/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index 77bcc98da04e..423fbf027fb5 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -26,13 +26,13 @@ let
   };
 in pythonPackages.buildPythonApplication rec {
   name = "matrix-synapse-${version}";
-  version = "0.28.1";
+  version = "0.30.0";
 
   src = fetchFromGitHub {
     owner = "matrix-org";
     repo = "synapse";
     rev = "v${version}";
-    sha256 = "1xgiprnhp893zc0g3i7wpwzgjy6q5nb858p0s6kcsca60vr9j6h0";
+    sha256 = "10ggv7669ngxs8py82k8z24874ga0ldcxvpp7xhjpbr1s0gw8zv8";
   };
 
   patches = [

From 42af0d6ef9972b53c432eafec136fba431addfdc Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Thu, 24 May 2018 18:19:45 +0200
Subject: [PATCH 070/102] libqalculate: 2.3.0 -> 2.5.0

---
 pkgs/development/libraries/libqalculate/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libqalculate/default.nix b/pkgs/development/libraries/libqalculate/default.nix
index 1b15769465e1..a74095bce297 100644
--- a/pkgs/development/libraries/libqalculate/default.nix
+++ b/pkgs/development/libraries/libqalculate/default.nix
@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   name = "libqalculate-${version}";
-  version = "2.3.0";
+  version = "2.5.0";
 
   src = fetchurl {
     url = "https://github.com/Qalculate/libqalculate/archive/v${version}.tar.gz";
-    sha256 = "1wrd9ajf00h1ja56r25vljjsgklg0qlzmziax7x26wjqkigc28iq";
+    sha256 = "0xs2qjr93k43p6j126xj20fgb1n2jv56rhgc211yv1l46crbqxfv";
   };
 
   outputs = [ "out" "dev" "doc" ];

From d96cc05a6008b5cd7e6cf97f347def7ca9cce0db Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Thu, 24 May 2018 18:19:55 +0200
Subject: [PATCH 071/102] qalculate-gtk: 2.3.0 -> 2.5.0

---
 pkgs/applications/science/math/qalculate-gtk/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/science/math/qalculate-gtk/default.nix b/pkgs/applications/science/math/qalculate-gtk/default.nix
index ce3f975b85b8..11ae3852f067 100644
--- a/pkgs/applications/science/math/qalculate-gtk/default.nix
+++ b/pkgs/applications/science/math/qalculate-gtk/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "qalculate-gtk-${version}";
-  version = "2.3.0";
+  version = "2.5.0";
 
   src = fetchurl {
     url = "https://github.com/Qalculate/qalculate-gtk/archive/v${version}.tar.gz";
-    sha256 = "0j5wp6bmnwkyxlvqci6ddg478a0ms93gicvycw0c6bkvs2gd77az";
+    sha256 = "1hwwsdk3mlzvg9fsnv0hpj0s1lfkhycwv3sx2yrjwffzphhmxs7a";
   };
 
   patchPhase = ''

From 902b0593be857e4f19b9875638af6e854aa99a9b Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Tue, 22 May 2018 20:25:04 -0400
Subject: [PATCH 072/102] tests/docker-tools: Adds regression test for #34779

---
 nixos/tests/docker-tools.nix           |  6 ++++++
 pkgs/build-support/docker/examples.nix | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix
index 4466081d01e9..e2bcfbbd1f96 100644
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@@ -45,5 +45,11 @@ import ./make-test.nix ({ pkgs, ... }: {
       $docker->succeed("docker load --input='${pkgs.dockerTools.examples.onTopOfPulledImage}'");
       $docker->succeed("docker run --rm ontopofpulledimage hello");
       $docker->succeed("docker rmi ontopofpulledimage");
+
+      # Regression test for issue #34779
+      $docker->succeed("docker load --input='${pkgs.dockerTools.examples.runAsRootExtraCommands}'");
+      $docker->succeed("docker run --rm runasrootextracommands cat extraCommands");
+      $docker->succeed("docker run --rm runasrootextracommands cat runAsRoot");
+      $docker->succeed("docker rmi '${pkgs.dockerTools.examples.runAsRootExtraCommands.imageName}'");
     '';
 })
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index eb5b9fe36e41..ca7f78093794 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -124,4 +124,16 @@ rec {
     fromImage = nixFromDockerHub;
     contents = [ pkgs.hello ];
   };
+
+  # 8. regression test for erroneous use of eval and string expansion.
+  # See issue #34779 and PR #40947 for details.
+  runAsRootExtraCommands = pkgs.dockerTools.buildImage {
+    name = "runAsRootExtraCommands";
+    contents = [ pkgs.coreutils ];
+    # The parens here are to create problematic bash to embed and eval. In case
+    # this is *embedded* into the script (with nix expansion) the initial quotes
+    # will close the string and the following parens are unexpected
+    runAsRoot = ''echo "(runAsRoot)" > runAsRoot'';
+    extraCommands = ''echo "(extraCommand)" > extraCommands'';
+  };
 }

From 0e84af17727a8355920057e81cb12bf3f6ee7a2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Gaspard?= <leo@gaspard.io>
Date: Thu, 24 May 2018 19:00:40 +0200
Subject: [PATCH 073/102] nheko: make darwin build fail later

---
 .../instant-messengers/nheko/default.nix      | 23 +++++++++++++++++--
 pkgs/top-level/all-packages.nix               |  2 +-
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/nheko/default.nix b/pkgs/applications/networking/instant-messengers/nheko/default.nix
index 4d002a4a7531..d3c0a6f8eca2 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/default.nix
+++ b/pkgs/applications/networking/instant-messengers/nheko/default.nix
@@ -1,4 +1,7 @@
-{ stdenv, fetchFromGitHub, fetchurl, cmake, doxygen, lmdb, qt5 }:
+{
+  lib, stdenv, fetchFromGitHub, fetchurl,
+  cmake, doxygen, lmdb, qt5, qtmacextras
+}:
 
 let
   json_hpp = fetchurl {
@@ -60,6 +63,22 @@ stdenv.mkDerivation rec {
   # a dependency is updated, so that the fetches up there can be updated too
   patches = [ ./external-deps.patch ];
 
+  # If, on Darwin, you encounter the error
+  #   error: must specify at least one argument for '...' parameter of variadic
+  #   macro [-Werror,-Wgnu-zero-variadic-macro-arguments]
+  # Then adding this parameter is likely the fix you want.
+  #
+  # However, it looks like either cmake doesn't honor this CFLAGS variable, or
+  # darwin's compiler doesn't have the same syntax as gcc for turning off
+  # -Werror selectively.
+  #
+  # Anyway, this is something that will have to be debugged with access to a
+  # darwin-based OS. Sorry about that!
+  #
+  #preConfigure = lib.optionalString stdenv.isDarwin ''
+  #  export CFLAGS=-Wno-error=gnu-zero-variadic-macro-arguments
+  #'';
+
   cmakeFlags = [
     "-DMATRIX_STRUCTS_LIBRARY=${matrix-structs}/lib/static/libmatrix_structs.a"
     "-DMATRIX_STRUCTS_INCLUDE_DIR=${matrix-structs}/include/matrix_structs"
@@ -71,7 +90,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [
     lmdb lmdbxx matrix-structs qt5.qtbase qt5.qtmultimedia qt5.qttools tweeny
-  ];
+  ] ++ lib.optional stdenv.isDarwin qtmacextras;
 
   enableParallelBuilding = true;
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c19e956e7a76..4287bf5afeef 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -17247,7 +17247,7 @@ with pkgs;
 
   nedit = callPackage ../applications/editors/nedit { };
 
-  nheko = callPackage ../applications/networking/instant-messengers/nheko { };
+  nheko = libsForQt5.callPackage ../applications/networking/instant-messengers/nheko { };
 
   nomacs = libsForQt5.callPackage ../applications/graphics/nomacs { };
 

From 736d6e3b790de795bb24546b6a4423b7cb9eaf67 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Thu, 24 May 2018 12:47:48 -0700
Subject: [PATCH 074/102] smplayer: 18.4.0 -> 18.5.0 (#41040)

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/smplayer/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/mll3p02g4sfglbg8d7z54y748z16rhwr-smplayer-18.5.0/bin/smplayer had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/mll3p02g4sfglbg8d7z54y748z16rhwr-smplayer-18.5.0/bin/simple_web_server had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 18.5.0 with grep in /nix/store/mll3p02g4sfglbg8d7z54y748z16rhwr-smplayer-18.5.0
- directory tree listing: https://gist.github.com/68e3b40c30899a9dbba0225f52760bda
- du listing: https://gist.github.com/e7152199c8f96f4ba4fdcc614d54f3d8
---
 pkgs/applications/video/smplayer/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/video/smplayer/default.nix b/pkgs/applications/video/smplayer/default.nix
index 49444e350de4..75dbb06235b9 100644
--- a/pkgs/applications/video/smplayer/default.nix
+++ b/pkgs/applications/video/smplayer/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, qmake, qtscript }:
 
 stdenv.mkDerivation rec {
-  name = "smplayer-18.4.0";
+  name = "smplayer-18.5.0";
 
   src = fetchurl {
     url = "mirror://sourceforge/smplayer/${name}.tar.bz2";
-    sha256 = "0q2fbg41djyxsy6jinlnidpcqxvs9bi91ga3fwlgnfh6kxsw2ldd";
+    sha256 = "0fxd8zmp5dyk7y9yymjhj2i5218nfvfqb4830pgzzjqz1zdax8rn";
   };
 
   buildInputs = [ qtscript ];

From 99e0fb044fd5c49bad4dc746a4bc666d2c7e2b68 Mon Sep 17 00:00:00 2001
From: Pascal Wittmann <mail@pascal-wittmann.de>
Date: Thu, 24 May 2018 22:10:58 +0200
Subject: [PATCH 075/102] colm: 0.13.0.5 -> 0.13.0.6

---
 pkgs/development/compilers/colm/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/compilers/colm/default.nix b/pkgs/development/compilers/colm/default.nix
index 06c4b62e2946..ffbe3c5a62f4 100644
--- a/pkgs/development/compilers/colm/default.nix
+++ b/pkgs/development/compilers/colm/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "colm-${version}";
-  version = "0.13.0.5";
+  version = "0.13.0.6";
 
   src = fetchurl {
     url = "http://www.colm.net/files/colm/${name}.tar.gz";
-    sha256 = "1320bx96ycd1xwww137cixrb983838wnrgkfsym8x5bnf5kj9rik";
+    sha256 = "0jd3qmqdm8yszy0yysbp3syk7pcbxvwzv9mibdwz7v9bv1nrai26";
   };
 
   nativeBuildInputs = [ makeWrapper asciidoc ];

From 9dc009926fa5b5b245f4672931e84ede966aaa55 Mon Sep 17 00:00:00 2001
From: Pascal Wittmann <mail@pascal-wittmann.de>
Date: Thu, 24 May 2018 22:16:00 +0200
Subject: [PATCH 076/102] ragel: 7.0.0.10 -> 7.0.0.11

---
 pkgs/development/tools/parsing/ragel/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/parsing/ragel/default.nix b/pkgs/development/tools/parsing/ragel/default.nix
index 6b497e456300..cd1cb0efd123 100644
--- a/pkgs/development/tools/parsing/ragel/default.nix
+++ b/pkgs/development/tools/parsing/ragel/default.nix
@@ -43,8 +43,8 @@ in
   };
 
   ragelDev = generic {
-    version = "7.0.0.10";
-    sha256 = "1v4ddzxal4gf8l8nkn32qabba6nbpd2mg8sphgmdn8kaqv52nmj0";
+    version = "7.0.0.11";
+    sha256 = "0h2k9bfz9i7x9mvr9rbsrzz8fk17756zwwrkf3fppvm9ivzwdfh8";
     license = stdenv.lib.licenses.mit;
   };
 }

From 3b336d0c180f8d6615c92695d446de59804baf47 Mon Sep 17 00:00:00 2001
From: Uli Baum <xeji@cat3.de>
Date: Thu, 24 May 2018 22:28:57 +0200
Subject: [PATCH 077/102] perlPackages.DateManip: disable tests on i686

Build froze and timed out during tests on i686.
---
 pkgs/top-level/perl-packages.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 6f4b0649a126..4a0f258bb2da 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -3632,6 +3632,7 @@ let self = _self // overrides; _self = with self; {
     patchPhase = ''
       sed -i "s#/bin/date#${pkgs.coreutils}/bin/date#" lib/Date/Manip/TZ.pm
     '';
+    doCheck = !stdenv.isi686; # build freezes during tests on i686
     meta = {
       description = "Date manipulation routines";
     };

From 7ba417aecae9c193f698995909df8a89c901320d Mon Sep 17 00:00:00 2001
From: Uli Baum <xeji@cat3.de>
Date: Thu, 24 May 2018 22:56:57 +0200
Subject: [PATCH 078/102] nixos/slurm: fix xml tag mismatch in manual

build of nixos manual broke because of mismatched xml tags
in an option description introduced in #41016.
---
 nixos/modules/services/computing/slurm/slurm.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index 25df5030162c..3e513ab15717 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -39,7 +39,7 @@ in
             Wether to enable the slurm control daemon.
             Note that the standard authentication method is "munge".
             The "munge" service needs to be provided with a password file in order for
-            slurm to work properly (see <literal>services.munge.password<literal>).
+            slurm to work properly (see <literal>services.munge.password</literal>).
           '';
         };
       };

From c42cb40291f6d9a004b073741cd730a363f600e9 Mon Sep 17 00:00:00 2001
From: Daniel Frank <github-523@danielfrank.net>
Date: Fri, 25 May 2018 00:44:04 +0200
Subject: [PATCH 079/102] nixos/systemd-timesyncd: use the correct server list
 (#40919)

---
 nixos/modules/system/boot/timesyncd.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix
index f643723ab141..57853c5698d0 100644
--- a/nixos/modules/system/boot/timesyncd.nix
+++ b/nixos/modules/system/boot/timesyncd.nix
@@ -34,7 +34,7 @@ with lib;
 
     environment.etc."systemd/timesyncd.conf".text = ''
       [Time]
-      NTP=${concatStringsSep " " config.services.ntp.servers}
+      NTP=${concatStringsSep " " config.services.timesyncd.servers}
     '';
 
     users.extraUsers.systemd-timesync.uid = config.ids.uids.systemd-timesync;

From 0527b325a4ba1f28d00abbf89b15cc1a208b452f Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Thu, 24 May 2018 15:49:32 -0700
Subject: [PATCH 080/102] pdfgrep: 2.1.0 -> 2.1.1 (#41048)

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/pdfgrep/versions.

These checks were done:

- built on NixOS
- /nix/store/x24n7dayjdzkr7spig1qvhq9vadgswyh-pdfgrep-2.1.1/bin/pdfgrep passed the binary check.
- 1 of 1 passed binary check by having a zero exit code.
- 0 of 1 passed binary check by having the new version present in output.
- found 2.1.1 with grep in /nix/store/x24n7dayjdzkr7spig1qvhq9vadgswyh-pdfgrep-2.1.1
- directory tree listing: https://gist.github.com/f441dd82cfb9701f3e9ae1fc9653b4f0
- du listing: https://gist.github.com/23df51a35a4e7e35c11787490219aea1
---
 pkgs/tools/typesetting/pdfgrep/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/typesetting/pdfgrep/default.nix b/pkgs/tools/typesetting/pdfgrep/default.nix
index 3509eb569b1c..59da3c1ccda2 100644
--- a/pkgs/tools/typesetting/pdfgrep/default.nix
+++ b/pkgs/tools/typesetting/pdfgrep/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "pdfgrep-${version}";
-  version = "2.1.0";
+  version = "2.1.1";
 
   src = fetchurl {
     url = "https://pdfgrep.org/download/${name}.tar.gz";
-    sha256 = "13al23c2wlpsha6c1z1h6gh5lxzphsnzpd7b78qj16rq2r46phf9";
+    sha256 = "02qcl5kmr5qzjfc99qpbpfb1890bxlrq3r208gnding51zrmb09c";
   };
 
   postPatch = ''

From 0541762f069a994befed6df06958326135f9af3b Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas@tuxera.com>
Date: Wed, 23 May 2018 19:28:14 +0300
Subject: [PATCH 081/102] efivar: Split into multiple outputs

---
 pkgs/tools/system/efivar/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix
index 458820440947..6c0bcb406218 100644
--- a/pkgs/tools/system/efivar/default.nix
+++ b/pkgs/tools/system/efivar/default.nix
@@ -4,6 +4,8 @@ stdenv.mkDerivation rec {
   name = "efivar-${version}";
   version = "35";
 
+  outputs = [ "bin" "out" "dev" "man" ];
+
   src = fetchFromGitHub {
     owner = "rhinstaller";
     repo = "efivar";
@@ -17,6 +19,10 @@ stdenv.mkDerivation rec {
   makeFlags = [
     "prefix=$(out)"
     "libdir=$(out)/lib"
+    "bindir=$(bin)/bin"
+    "mandir=$(man)/share/man"
+    "includedir=$(dev)/include"
+    "PCDIR=$(dev)/lib/pkgconfig"
   ];
 
   meta = with stdenv.lib; {

From 402ab2134f732ee25b2cd747cbe824ca8f38c20d Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas@tuxera.com>
Date: Wed, 23 May 2018 19:33:22 +0300
Subject: [PATCH 082/102] ntfs-3g: Split into multiple outputs

---
 pkgs/tools/filesystems/ntfs-3g/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/tools/filesystems/ntfs-3g/default.nix b/pkgs/tools/filesystems/ntfs-3g/default.nix
index 4bcef5a83f04..7ee54a63fbb8 100644
--- a/pkgs/tools/filesystems/ntfs-3g/default.nix
+++ b/pkgs/tools/filesystems/ntfs-3g/default.nix
@@ -6,6 +6,8 @@ stdenv.mkDerivation rec {
   version = "2017.3.23";
   name = "${pname}-${version}";
 
+  outputs = [ "out" "dev" "man" "doc" ];
+
   buildInputs = [ libuuid ] ++ stdenv.lib.optionals crypto [ gnutls libgcrypt ];
   nativeBuildInputs = stdenv.lib.optional crypto pkgconfig;
 

From 91117f0d1d335d850da2450adee06a5ff4c6ea4c Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas@tuxera.com>
Date: Wed, 23 May 2018 19:38:26 +0300
Subject: [PATCH 083/102] nixos/installer: Drop dmraid

This seems some obsolete software RAID configuration program that hasn't
been updated since 2010.
---
 nixos/modules/profiles/base.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 52481d90eab9..406a69722de6 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -29,7 +29,6 @@
     # Hardware-related tools.
     pkgs.sdparm
     pkgs.hdparm
-    pkgs.dmraid
     pkgs.smartmontools # for diagnosing hard disks
     pkgs.pciutils
     pkgs.usbutils

From 26432f3e535a8e11727f58f02c9161723bf326ec Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas@tuxera.com>
Date: Wed, 23 May 2018 20:59:42 +0300
Subject: [PATCH 084/102] syslinux: Slim down closure size

---
 pkgs/os-specific/linux/syslinux/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix
index f1e5cc6e2625..8a87d3fce580 100644
--- a/pkgs/os-specific/linux/syslinux/default.nix
+++ b/pkgs/os-specific/linux/syslinux/default.nix
@@ -50,6 +50,9 @@ stdenv.mkDerivation rec {
   postInstall = ''
     wrapProgram $out/bin/syslinux \
       --prefix PATH : "${mtools}/bin"
+
+    # Delete com32 headers to save space, nobody seems to be using them
+    rm -rf $out/share/syslinux/com32
   '';
 
   meta = with stdenv.lib; {

From f8dc087c71be3ffe1d9d5dd19b65b10f9963af14 Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas@tuxera.com>
Date: Wed, 23 May 2018 21:05:42 +0300
Subject: [PATCH 085/102] parted: Split into multiple outputs

---
 pkgs/tools/misc/parted/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/tools/misc/parted/default.nix b/pkgs/tools/misc/parted/default.nix
index 3a05a1927dbc..0a0cece4fce6 100644
--- a/pkgs/tools/misc/parted/default.nix
+++ b/pkgs/tools/misc/parted/default.nix
@@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
     sha256 = "1r3qpg3bhz37mgvp9chsaa3k0csby3vayfvz8ggsqz194af5i2w5";
   };
 
+  outputs = [ "out" "dev" "man" "info" ];
+
   patches = stdenv.lib.optional doCheck ./gpt-unicode-test-fix.patch
     ++ stdenv.lib.optional stdenv.hostPlatform.isMusl
     (fetchpatch {

From 696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f Mon Sep 17 00:00:00 2001
From: Tuomas Tynkkynen <tuomas@tuxera.com>
Date: Thu, 24 May 2018 00:55:05 +0300
Subject: [PATCH 086/102] w3m: Add a variant without graphics support and use
 for NixOS manual

This gets rid of various graphics libraries from the minimal installer.
---
 nixos/modules/services/misc/nixos-manual.nix | 2 +-
 pkgs/top-level/all-packages.nix              | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix
index 4bd1c20edf71..3916c3052e8b 100644
--- a/nixos/modules/services/misc/nixos-manual.nix
+++ b/nixos/modules/services/misc/nixos-manual.nix
@@ -99,7 +99,7 @@ in
 
     services.nixosManual.browser = mkOption {
       type = types.path;
-      default = "${pkgs.w3m-nox}/bin/w3m";
+      default = "${pkgs.w3m-nographics}/bin/w3m";
       description = ''
         Browser used to show the manual.
       '';
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 712fe6f6386a..ae5da9a8a622 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18552,6 +18552,12 @@ with pkgs;
     imlib2 = imlib2-nox;
   };
 
+  # Version without X11 or graphics
+  w3m-nographics = w3m.override {
+    x11Support = false;
+    graphicsSupport = false;
+  };
+
   # Version for batch text processing, not a good browser
   w3m-batch = w3m.override {
     graphicsSupport = false;

From 7f04fd825d465de0e41c761482e4846b06a4cce5 Mon Sep 17 00:00:00 2001
From: Vladyslav Mykhailichenko <dywedir@pm.me>
Date: Fri, 25 May 2018 10:38:09 +0300
Subject: [PATCH 087/102] zathura: 0.3.9 -> 0.4.0

---
 pkgs/applications/misc/zathura/core/default.nix | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/pkgs/applications/misc/zathura/core/default.nix b/pkgs/applications/misc/zathura/core/default.nix
index 84dc14451532..415995a828d6 100644
--- a/pkgs/applications/misc/zathura/core/default.nix
+++ b/pkgs/applications/misc/zathura/core/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchpatch, meson, ninja, makeWrapper, pkgconfig
+{ stdenv, fetchurl, meson, ninja, makeWrapper, pkgconfig
 , appstream-glib, desktop-file-utils, python3
 , gtk, girara, ncurses, gettext, libxml2
 , file, sqlite, glib, texlive, libintl, libseccomp
@@ -11,20 +11,13 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   name = "zathura-core-${version}";
-  version = "0.3.9";
+  version = "0.4.0";
 
   src = fetchurl {
     url = "https://pwmt.org/projects/zathura/download/zathura-${version}.tar.xz";
-    sha256 = "0z09kz92a2n8qqv3cy8bx5j5k612g2f9mmh4szqlc7yvi39aax1g";
+    sha256 = "1j0yah09adv3bsjhhbqra5lambal32svk8fxmf89wwmcqrcr4qma";
   };
 
-  patches = [
-    (fetchpatch {
-      url = https://git.pwmt.org/pwmt/zathura/commit/4223464db68529f9a2064ed760fb7746b3c0df6b.patch;
-      sha256 = "004j68b7c8alxzyx0d80lr5i43cgh7lbqm5fx3d77ihci7hdmxnw";
-    })
-  ];
-
   nativeBuildInputs = [
     meson ninja pkgconfig appstream-glib desktop-file-utils python3.pkgs.sphinx
     gettext makeWrapper libxml2

From 8033f52a12980518a416dd5e240cac980d0ddeb9 Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Fri, 25 May 2018 10:27:02 +0200
Subject: [PATCH 088/102] fstar: 0.9.5.0 -> 0.9.6.0

---
 pkgs/development/compilers/fstar/default.nix | 9 ++++++---
 pkgs/top-level/all-packages.nix              | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/compilers/fstar/default.nix b/pkgs/development/compilers/fstar/default.nix
index 6df09b402f7c..94836e84fd68 100644
--- a/pkgs/development/compilers/fstar/default.nix
+++ b/pkgs/development/compilers/fstar/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "fstar-${version}";
-  version = "0.9.5.0";
+  version = "0.9.6.0";
 
   src = fetchFromGitHub {
     owner = "FStarLang";
     repo = "FStar";
     rev = "v${version}";
-    sha256 = "1pi2ny3kpmvm85x8w98anhjf0hp0wccc51m7v697qypn5cl4ydqk";
+    sha256 = "0wix7l229afkn6c6sk4nwkfq0nznsiqdkds4ixi2yyf72immwmmb";
   };
 
   nativeBuildInputs = [ makeWrapper ];
@@ -16,6 +16,7 @@ stdenv.mkDerivation rec {
   buildInputs = with ocamlPackages; [
     z3 ocaml findlib batteries menhir stdint
     zarith camlp4 yojson pprint
+    ulex ocaml-migrate-parsetree process ppx_deriving ppx_deriving_yojson ocamlbuild
   ];
 
   makeFlags = [ "PREFIX=$(out)" ];
@@ -26,8 +27,10 @@ stdenv.mkDerivation rec {
   '';
   buildFlags = "-C src/ocaml-output";
 
+  preInstall = ''
+    mkdir -p $out/lib/ocaml/${ocamlPackages.ocaml.version}/site-lib/fstarlib
+  '';
   installFlags = "-C src/ocaml-output";
-
   postInstall = ''
     wrapProgram $out/bin/fstar.exe --prefix PATH ":" "${z3}/bin"
   '';
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index ae5da9a8a622..8954f091594d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6469,7 +6469,7 @@ with pkgs;
   };
 
   fstar = callPackage ../development/compilers/fstar {
-    ocamlPackages = ocaml-ng.ocamlPackages_4_02;
+    ocamlPackages = ocaml-ng.ocamlPackages_4_06;
   };
 
   dotnetPackages = recurseIntoAttrs (callPackage ./dotnet-packages.nix {});

From 0ea8a4b6680ff1089fa72629c06eea36b5860a55 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Fri, 25 May 2018 01:57:01 -0700
Subject: [PATCH 089/102] abcm2ps: 8.13.21 -> 8.13.22 (#41066)

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/abcm2ps/versions.

These checks were done:

- built on NixOS
- /nix/store/p5sx9sz4nxcijlz57dmys7gxhwqglmhg-abcm2ps-8.13.22/bin/abcm2ps passed the binary check.
- 1 of 1 passed binary check by having a zero exit code.
- 0 of 1 passed binary check by having the new version present in output.
- found 8.13.22 with grep in /nix/store/p5sx9sz4nxcijlz57dmys7gxhwqglmhg-abcm2ps-8.13.22
- directory tree listing: https://gist.github.com/5a223ca34ee0df856ba6919ac9a3f929
- du listing: https://gist.github.com/8a98226e349bfc9d005c36768be801c8
---
 pkgs/tools/audio/abcm2ps/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/audio/abcm2ps/default.nix b/pkgs/tools/audio/abcm2ps/default.nix
index 6d782fdba35c..e9eec597384c 100644
--- a/pkgs/tools/audio/abcm2ps/default.nix
+++ b/pkgs/tools/audio/abcm2ps/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "abcm2ps-${version}";
-  version = "8.13.21";
+  version = "8.13.22";
 
   src = fetchFromGitHub {
     owner = "leesavide";
     repo = "abcm2ps";
     rev = "v${version}";
-    sha256 = "03r98xdw2vdwsi726i0zb7p0ljp3fpzjl1nhzfwz57m3zmqvz6r1";
+    sha256 = "0csfg7aj9zg369q3c3bg18f24lk1j0356a90zlbrz7y5p668g3pv";
   };
 
   prePatch = ''

From 53d7fe773aeedd4e4ba03ae6d124459fe9e22ba9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 24 May 2018 11:19:19 +0100
Subject: [PATCH 090/102] python.pkgs.parso: 0.1.1 -> 0.2.0

---
 pkgs/development/python-modules/parso/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/parso/default.nix b/pkgs/development/python-modules/parso/default.nix
index 17e3f9fcf3e5..f47a2acf200c 100644
--- a/pkgs/development/python-modules/parso/default.nix
+++ b/pkgs/development/python-modules/parso/default.nix
@@ -6,12 +6,12 @@
 
 buildPythonPackage rec {
   pname = "parso";
-  version = "0.1.1";
+  version = "0.2.0";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "5815f3fe254e5665f3c5d6f54f086c2502035cb631a91341591b5a564203cffb";
+    sha256 = "0lamywk6dm5xshlkdvxxf5j6fa2k2zpi7xagf0bwidaay3vnpgb2";
   };
 
   checkInputs = [ pytest ];
@@ -22,4 +22,4 @@ buildPythonPackage rec {
     license = lib.licenses.mit;
   };
 
-}
\ No newline at end of file
+}

From 1a1799b6f45b58067d4806dbe65f21814f8a9461 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 24 May 2018 11:19:56 +0100
Subject: [PATCH 091/102] python.pkgs.jedi: 0.11.1 -> 0.12.0

---
 pkgs/development/python-modules/jedi/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/jedi/default.nix b/pkgs/development/python-modules/jedi/default.nix
index df8a287ea093..7d652b2943a9 100644
--- a/pkgs/development/python-modules/jedi/default.nix
+++ b/pkgs/development/python-modules/jedi/default.nix
@@ -2,12 +2,12 @@
 
 buildPythonPackage rec {
   pname = "jedi";
-  version = "0.11.1";
+  version = "0.12.0";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "d6e799d04d1ade9459ed0f20de47c32f2285438956a677d083d3c98def59fa97";
+    sha256 = "1bcr7csx4xil1iwmk03d79jis0bkmgi9k0kir3xa4rmwqsagcwhr";
   };
 
   postPatch = ''

From b76177a625e589bd44df28a5fef4cc5a58f10326 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 25 May 2018 10:42:34 +0100
Subject: [PATCH 092/102] mypy: make it usuable as a library

---
 pkgs/development/{tools => python-modules}/mypy/default.nix | 6 ++++--
 pkgs/top-level/all-packages.nix                             | 2 +-
 pkgs/top-level/python-packages.nix                          | 2 ++
 3 files changed, 7 insertions(+), 3 deletions(-)
 rename pkgs/development/{tools => python-modules}/mypy/default.nix (80%)

diff --git a/pkgs/development/tools/mypy/default.nix b/pkgs/development/python-modules/mypy/default.nix
similarity index 80%
rename from pkgs/development/tools/mypy/default.nix
rename to pkgs/development/python-modules/mypy/default.nix
index d021f994e491..5ce05b7938f5 100644
--- a/pkgs/development/tools/mypy/default.nix
+++ b/pkgs/development/python-modules/mypy/default.nix
@@ -1,6 +1,6 @@
-{ stdenv, fetchPypi, buildPythonApplication, lxml, typed-ast, psutil }:
+{ stdenv, fetchPypi, buildPythonPackage, lxml, typed-ast, psutil, isPy3k }:
 
-buildPythonApplication rec {
+buildPythonPackage rec {
   pname = "mypy";
   version = "0.600";
 
@@ -12,6 +12,8 @@ buildPythonApplication rec {
     sha256 = "1pd3kkz435wlvi9fwqbi3xag5zs59jcjqi6c9gzdjdn23friq9dw";
   };
 
+  disabled = !isPy3k;
+
   propagatedBuildInputs = [ lxml typed-ast psutil ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2f729c0942fb..2791e379e8a8 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -8492,7 +8492,7 @@ with pkgs;
 
   grabserial = callPackage ../development/tools/grabserial { };
 
-  mypy = python3Packages.callPackage ../development/tools/mypy { };
+  mypy = python3Packages.mypy;
 
   ### DEVELOPMENT / LIBRARIES
 
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 739c40b2d630..27195dc68696 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -8088,6 +8088,8 @@ in {
 
   mysqlclient = callPackage ../development/python-modules/mysqlclient { };
 
+  mypy = callPackage ../development/python-modules/mypy { };
+
   mwclient = buildPythonPackage rec {
     version = "0.8.3";
     pname = "mwclient";

From d4153a6fb8d6c02322fb25526346b53f99688691 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 24 May 2018 12:41:42 +0100
Subject: [PATCH 093/102] python.pkgs.pyls-mypy: init at 0.1.2

---
 .../python-modules/pyls-mypy/default.nix      | 43 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  4 ++
 2 files changed, 47 insertions(+)
 create mode 100644 pkgs/development/python-modules/pyls-mypy/default.nix

diff --git a/pkgs/development/python-modules/pyls-mypy/default.nix b/pkgs/development/python-modules/pyls-mypy/default.nix
new file mode 100644
index 000000000000..985d1937d3fb
--- /dev/null
+++ b/pkgs/development/python-modules/pyls-mypy/default.nix
@@ -0,0 +1,43 @@
+{ lib, buildPythonPackage, fetchFromGitHub, fetchpatch
+, future, python-language-server, mypy, configparser
+, pytest, mock, isPy3k, pytestcov, coverage
+}:
+
+buildPythonPackage rec {
+  pname = "pyls-mypy";
+  version = "0.1.2";
+
+  src = fetchFromGitHub {
+    owner = "tomv564";
+    repo = "pyls-mypy";
+    rev = version;
+    sha256 = "0wa038a8a8yj3wmrc7q909nj4b5d3lq70ysbw7rpsnyb0x06m826";
+  };
+
+  disabled = !isPy3k;
+
+  patches = [
+    # also part of https://github.com/tomv564/pyls-mypy/pull/10
+    (fetchpatch {
+      url = "https://github.com/Mic92/pyls-mypy/commit/4c727120d2cbd8bf2825e1491cd55175f03266d2.patch";
+      sha256 = "1dgn5z742swpxwknmgvm65jpxq9zwzhggw4nl6ys7yw8r49kqgrl";
+    })
+  ];
+
+  checkPhase = ''
+    HOME=$TEMPDIR pytest
+  '';
+
+  checkInputs = [ pytest mock pytestcov coverage ];
+
+  propagatedBuildInputs = [
+    mypy python-language-server future configparser
+  ];
+
+  meta = with lib; {
+    homepage = https://github.com/palantir/python-language-server;
+    description = "An implementation of the Language Server Protocol for Python";
+    license = licenses.mit;
+    maintainers = [ maintainers.mic92 ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 27195dc68696..99438cfca6ce 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -11268,6 +11268,10 @@ in {
     buildInputs = with self; [ pyasn1 pycrypto ];
   };
 
+  python-language-server = callPackage ../development/python-modules/python-language-server {};
+
+  pyls-mypy = callPackage ../development/python-modules/pyls-mypy {};
+
   pyudev = callPackage ../development/python-modules/pyudev {
     inherit (pkgs) fetchurl systemd;
   };

From 5432e4d0ad247f30df60f06ae8177229b6b0d92b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 24 May 2018 12:52:59 +0100
Subject: [PATCH 094/102] python.pkgs.pyls-isort: init at 0.1.2

---
 .../python-modules/pyls-isort/default.nix     | 29 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 31 insertions(+)
 create mode 100644 pkgs/development/python-modules/pyls-isort/default.nix

diff --git a/pkgs/development/python-modules/pyls-isort/default.nix b/pkgs/development/python-modules/pyls-isort/default.nix
new file mode 100644
index 000000000000..fce7999a7569
--- /dev/null
+++ b/pkgs/development/python-modules/pyls-isort/default.nix
@@ -0,0 +1,29 @@
+{ lib, buildPythonPackage, fetchFromGitHub
+, python-language-server, isort
+}:
+
+buildPythonPackage rec {
+  pname = "pyls-isort";
+  version = "0.1.1";
+
+  src = fetchFromGitHub {
+    owner = "paradoxxxzero";
+    repo = "pyls-isort";
+    rev = version;
+    sha256 = "0mf8c6dw5lsj9np20p0vrhr1yfycq2awjk2pil28l579xj9nr0dc";
+  };
+
+  # no tests
+  doCheck = false;
+
+  propagatedBuildInputs = [
+    isort python-language-server
+  ];
+
+  meta = with lib; {
+    homepage = https://github.com/palantir/python-language-server;
+    description = "An implementation of the Language Server Protocol for Python";
+    license = licenses.mit;
+    maintainers = [ maintainers.mic92 ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 99438cfca6ce..8ea969f142b8 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -11272,6 +11272,8 @@ in {
 
   pyls-mypy = callPackage ../development/python-modules/pyls-mypy {};
 
+  pyls-isort = callPackage ../development/python-modules/pyls-isort {};
+
   pyudev = callPackage ../development/python-modules/pyudev {
     inherit (pkgs) fetchurl systemd;
   };

From f7650ebd5fb1085a6e4ad13d2c0b7782e2dfe9c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 25 May 2018 01:02:05 +0100
Subject: [PATCH 095/102] python.pkgs.spyder: fix setup.py patch

---
 pkgs/applications/science/spyder/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/science/spyder/default.nix b/pkgs/applications/science/spyder/default.nix
index 4b3ef167d532..4411d78cec21 100644
--- a/pkgs/applications/science/spyder/default.nix
+++ b/pkgs/applications/science/spyder/default.nix
@@ -19,7 +19,7 @@ buildPythonApplication rec {
 
   # Somehow setuptools can't find pyqt5. Maybe because the dist-info folder is missing?
   postPatch = ''
-    substituteInPlace setup.py --replace 'pyqt5;python_version>="3"' ' '
+    sed -i -e '/pyqt5/d' setup.py
   '';
 
   propagatedBuildInputs = [

From 88b94b78829322e1a1393c17f2e68d037bd81219 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 24 May 2018 11:22:09 +0100
Subject: [PATCH 096/102] python.pkgs.python-language-server: init at 0.18.0

---
 .../python-language-server/default.nix        | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 pkgs/development/python-modules/python-language-server/default.nix

diff --git a/pkgs/development/python-modules/python-language-server/default.nix b/pkgs/development/python-modules/python-language-server/default.nix
new file mode 100644
index 000000000000..c2df1f85325c
--- /dev/null
+++ b/pkgs/development/python-modules/python-language-server/default.nix
@@ -0,0 +1,48 @@
+{ lib, buildPythonPackage, fetchFromGitHub, pythonOlder, isPy27
+, configparser, futures, future, jedi, pluggy
+, pytest, mock, pytestcov, coverage
+# The following packages are optional and
+# can be overwritten with null as your liking.
+# This also requires to disable tests.
+, rope ? null
+, mccabe ? null
+, pyflakes ? null
+, pycodestyle ? null
+, autopep8 ? null
+, yapf ? null
+, pydocstyle ? null
+}:
+
+buildPythonPackage rec {
+  pname = "python-language-server";
+  version = "0.18.0";
+
+  src = fetchFromGitHub {
+    owner = "palantir";
+    repo = "python-language-server";
+    rev = version;
+    sha256 = "0ig34bc0qm6gdj8xakmm3877lmf8ms7qg0xj8hay9gpgf8cz894s";
+  };
+
+  checkInputs = [
+    pytest mock pytestcov coverage
+    # rope is technically a dependency, but we don't add it by default since we
+    # already have jedi, which is the preferred option
+    rope
+  ];
+  checkPhase = ''
+    HOME=$TEMPDIR pytest
+  '';
+
+  propagatedBuildInputs = [
+    jedi pluggy mccabe pyflakes pycodestyle yapf pydocstyle future autopep8
+  ] ++ lib.optional (isPy27) [ configparser ]
+    ++ lib.optional (pythonOlder "3.2") [ futures ];
+
+  meta = with lib; {
+    homepage = https://github.com/palantir/python-language-server;
+    description = "An implementation of the Language Server Protocol for Python";
+    license = licenses.mit;
+    maintainers = [ maintainers.mic92 ];
+  };
+}

From 6040ceb92e1650c82e4dd10039ad39d43c66c5fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Luis=20Lafuente?= <jl@lafuente.me>
Date: Fri, 25 May 2018 12:30:31 +0200
Subject: [PATCH 097/102] kitty: 0.9.1 -> 0.10.1

---
 pkgs/applications/misc/kitty/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/misc/kitty/default.nix b/pkgs/applications/misc/kitty/default.nix
index e9c860f0b901..99c8b87bf4f5 100644
--- a/pkgs/applications/misc/kitty/default.nix
+++ b/pkgs/applications/misc/kitty/default.nix
@@ -5,7 +5,7 @@
 
 with python3Packages;
 buildPythonApplication rec {
-  version = "0.9.1";
+  version = "0.10.1";
   name = "kitty-${version}";
   format = "other";
 
@@ -13,7 +13,7 @@ buildPythonApplication rec {
     owner = "kovidgoyal";
     repo = "kitty";
     rev = "v${version}";
-    sha256 = "08j2k3852c64z4mgh1j0dgdj6c2alkckpav67lzg1lxsz3w2izh2";
+    sha256 = "1xwrrj0g70hh8zsjbd05x0js776xlf7c6mdsmrqlw4y7jfnlgl45";
   };
 
   buildInputs = [

From 8b6ddc89dd280fa1324627f29c5623706aadc9ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Gaspard?= <github@leo.gaspard.ninja>
Date: Fri, 25 May 2018 13:47:18 +0200
Subject: [PATCH 098/102] nheko: 0.4.1 -> 0.4.2 (#41077)

---
 .../networking/instant-messengers/nheko/default.nix           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/nheko/default.nix b/pkgs/applications/networking/instant-messengers/nheko/default.nix
index d3c0a6f8eca2..707e78459efe 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/default.nix
+++ b/pkgs/applications/networking/instant-messengers/nheko/default.nix
@@ -50,13 +50,13 @@ let
 in
 stdenv.mkDerivation rec {
   name = "nheko-${version}";
-  version = "0.4.1";
+  version = "0.4.2";
 
   src = fetchFromGitHub {
     owner = "mujx";
     repo = "nheko";
     rev = "v${version}";
-    sha256 = "14667a3d4y63wxcs2y49kly48k9nis365zzdk8yp6dn8fn5frqdx";
+    sha256 = "1z9dbvcgwafxr131a8447qkx97x8l93k32xa8xvajgvjlimqphqk";
   };
 
   # This patch is likely not strictly speaking needed, but will help detect when

From 6f193b4f903d00e05815504c9590fa2f6897b615 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Fri, 25 May 2018 14:22:23 +0200
Subject: [PATCH 099/102] memo: 0.2 -> 0.4 (#40697)

---
 pkgs/applications/misc/memo/default.nix | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/misc/memo/default.nix b/pkgs/applications/misc/memo/default.nix
index fc1c08dc2b2c..56cbb338a403 100644
--- a/pkgs/applications/misc/memo/default.nix
+++ b/pkgs/applications/misc/memo/default.nix
@@ -1,23 +1,34 @@
-{ fetchFromGitHub, ag, tree, stdenv, ... }:
+{ fetchFromGitHub, ag, tree, man, stdenv, 
+  pandocSupport ? true, pandoc ? null
+  , ... }:
+
+assert pandocSupport -> pandoc != null;
 
 stdenv.mkDerivation rec {
 
   name = "memo-${version}";
 
-  version = "0.2";
+  version = "0.4";
 
   src = fetchFromGitHub {
     owner  = "mrVanDalo";
     repo   = "memo";
     rev    = "${version}";
-    sha256 = "0mww4w5m6jv4s0krm74cccrz0vlr8rrwiv122jk67l1v9r80pchs";
+    sha256 = "06999nps46dxrjakvpin1d2zvfpjil69hb3bxagq29icalag3y2z";
   };
 
-  installPhase = ''
+  installPhase = let
+    pandocReplacement = if pandocSupport then
+      "pandoc_cmd=${pandoc}/bin/pandoc"
+    else
+      "#pandoc_cmd=pandoc";
+  in ''
     mkdir -p $out/{bin,share/man/man1,share/bash-completion/completions}
     substituteInPlace memo \
-      --replace "ack "  "${ag}/bin/ag " \
-      --replace "tree " "${tree}/bin/tree "
+      --replace "ack_cmd=ack"       "ack_cmd=${ag}/bin/ag" \
+      --replace "tree_cmd=tree"     "tree_cmd=${tree}/bin/tree" \
+      --replace "man_cmd=man"       "man_cmd=${man}/bin/man" \
+      --replace "pandoc_cmd=pandoc" "${pandocReplacement}"
     mv memo $out/bin/
     mv doc/memo.1 $out/share/man/man1/memo.1
     mv completion/memo.bash $out/share/bash-completion/completions/memo.sh

From a0c480ab1ff65aee2b817ed5c480553bb6ef95c1 Mon Sep 17 00:00:00 2001
From: Vladyslav M <dywedir@pm.me>
Date: Fri, 25 May 2018 16:43:41 +0300
Subject: [PATCH 100/102] gopass: 1.6.11 -> 1.7.1 (#41078)

---
 pkgs/tools/security/gopass/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix
index 1bbd4169f2eb..fe7d50602628 100644
--- a/pkgs/tools/security/gopass/default.nix
+++ b/pkgs/tools/security/gopass/default.nix
@@ -1,7 +1,7 @@
 { stdenv, buildGoPackage, fetchFromGitHub, git, gnupg, xclip, makeWrapper }:
 
 buildGoPackage rec {
-  version = "1.6.11";
+  version = "1.7.1";
   name = "gopass-${version}";
 
   goPackagePath = "github.com/justwatchcom/gopass";
@@ -12,7 +12,7 @@ buildGoPackage rec {
     owner = "justwatchcom";
     repo = "gopass";
     rev = "v${version}";
-    sha256 = "12pih414232bsdj1qqc04vck2p9254wjy044n5kbbdqbmfgap7sj";
+    sha256 = "01cif6a2xa3c8nki0pas9mywdxs8d9niv8z13mii5hcfqvm0s7aw";
   };
 
   wrapperPath = with stdenv.lib; makeBinPath ([
@@ -38,7 +38,7 @@ buildGoPackage rec {
 
   meta = with stdenv.lib; {
     description     = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go.";
-    homepage        = https://github.com/justwatchcom/gopass;
+    homepage        = https://www.justwatch.com/gopass/;
     license         = licenses.mit;
     maintainers     = with maintainers; [ andir ];
     platforms       = platforms.unix;

From 2e70a75b12eb6a092557852a22ab3cb05cfa4006 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Fri, 25 May 2018 14:21:52 -0400
Subject: [PATCH 101/102] haskell generic-builder: Limit usage of
 --extra-framework-dirs for compat

---
 pkgs/development/haskell-modules/generic-builder.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index 8d9b596276c3..1a39fa6b2338 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -212,6 +212,9 @@ let
     if [ -d "$p/lib" ]; then
       configureFlags+=" --extra-lib-dirs=$p/lib"
     fi
+  ''
+  # It is not clear why --extra-framework-dirs does work fine on Linux
+  + optionalString (!buildPlatform.isDarwin || versionAtLeast nativeGhc.version "8.0") ''
     if [[ -d "$p/Library/Frameworks" ]]; then
       configureFlags+=" --extra-framework-dirs=$p/Library/Frameworks"
     fi

From 0fd98c689759866e27019cfc544fbb74483deb4b Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Fri, 25 May 2018 20:41:17 +0200
Subject: [PATCH 102/102] tdesktopPackages.preview: 1.2.21 -> 1.2.22

---
 .../instant-messengers/telegram/tdesktop/default.nix          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
index 2799f50e584c..0eef45973ff9 100644
--- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
@@ -14,7 +14,7 @@ in {
   stable = mkTelegram stableVersion;
   preview = mkTelegram (stableVersion // {
     stable = false;
-    version = "1.2.21";
-    sha256Hash = "0s7dywyz8p626741m32l4a90l1x01564xg2g10gvdb25s2phdfdl";
+    version = "1.2.22";
+    sha256Hash = "0kni4gb6z1c22bhx8z27q4934bg3dngk69xcwykbidm32ijmmsc5";
   });
 }