3
0
Fork 0
forked from mirrors/nixpkgs

Merge master into staging-next

This commit is contained in:
github-actions[bot] 2023-02-07 00:02:12 +00:00 committed by GitHub
commit b30088fc3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
96 changed files with 2809 additions and 1242 deletions

View file

@ -114,6 +114,16 @@ in mkLicense lset) ({
fullName = "Bitstream Vera Font License";
};
bitTorrent10 = {
spdxId = "BitTorrent-1.0";
fullName = " BitTorrent Open Source License v1.0";
};
bitTorrent11 = {
spdxId = "BitTorrent-1.1";
fullName = " BitTorrent Open Source License v1.1";
};
bola11 = {
url = "https://blitiri.com.ar/p/bola/";
fullName = "Buena Onda License Agreement 1.1";

View file

@ -13684,6 +13684,12 @@
githubId = 57048005;
name = "snicket2100";
};
sno2wman = {
name = "SnO2WMaN";
email = "me@sno2wman.net";
github = "sno2wman";
githubId = 15155608;
};
snpschaaf = {
email = "philipe.schaaf@secunet.com";
name = "Philippe Schaaf";
@ -15303,6 +15309,12 @@
githubId = 27813;
name = "Vincent Breitmoser";
};
vamega = {
email = "github@madiathv.com";
github = "vamega";
githubId = 223408;
name = "Varun Madiath";
};
vandenoever = {
email = "jos@vandenoever.info";
github = "vandenoever";

View file

@ -421,6 +421,16 @@
attribute name.
</para>
</listitem>
<listitem>
<para>
Nebula now runs as a system user and group created for each
nebula network, using the <literal>CAP_NET_ADMIN</literal>
ambient capability on launch rather than starting as root.
Ensure that any files each Nebula instance needs to access are
owned by the correct user and group, by default
<literal>nebula-${networkName}</literal>.
</para>
</listitem>
<listitem>
<para>
In <literal>mastodon</literal> it is now necessary to specify
@ -512,19 +522,72 @@
<para>
A few openssh options have been moved from extraConfig to the
new freeform option <literal>settings</literal> and renamed as
follow:
<literal>services.openssh.kbdInteractiveAuthentication</literal>
to
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>,
<literal>services.openssh.passwordAuthentication</literal> to
<literal>services.openssh.settings.PasswordAuthentication</literal>,
<literal>services.openssh.useDns</literal> to
<literal>services.openssh.settings.UseDns</literal>,
<literal>services.openssh.permitRootLogin</literal> to
<literal>services.openssh.settings.PermitRootLogin</literal>,
<literal>services.openssh.logLevel</literal> to
<literal>services.openssh.settings.LogLevel</literal>.
follows:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>services.openssh.forwardX11</literal> to
<literal>services.openssh.settings.X11Forwarding</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.kbdInteractiveAuthentication</literal>
-&gt;
<literal>services.openssh.settings.KbdInteractiveAuthentication</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.passwordAuthentication</literal>
to
<literal>services.openssh.settings.PasswordAuthentication</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.useDns</literal> to
<literal>services.openssh.settings.UseDns</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.permitRootLogin</literal> to
<literal>services.openssh.settings.PermitRootLogin</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.logLevel</literal> to
<literal>services.openssh.settings.LogLevel</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.kexAlgorithms</literal> to
<literal>services.openssh.settings.KexAlgorithms</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.macs</literal> to
<literal>services.openssh.settings.Macs</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.cyphers</literal> to
<literal>services.openssh.settings.Cyphers</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services.openssh.gatewayPorts</literal> to
<literal>services.openssh.settings.GatewayPorts</literal>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
@ -803,6 +866,18 @@
<link xlink:href="options.html#opt-system.stateVersion">system.stateVersion</link>.
</para>
</listitem>
<listitem>
<para>
Nebula now supports the
<literal>services.nebula.networks.&lt;name&gt;.isRelay</literal>
and
<literal>services.nebula.networks.&lt;name&gt;.relays</literal>
configuration options for setting up or allowing traffic
relaying. See the
<link xlink:href="https://www.defined.net/blog/announcing-relay-support-in-nebula/">announcement</link>
for more details about relays.
</para>
</listitem>
<listitem>
<para>
<literal>hip</literal> has been separated into

View file

@ -101,6 +101,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name.
- Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`.
- In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`.
- The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially to build on/deploy to local machine, omit the relevant flag.
@ -126,7 +128,17 @@ In addition to numerous new and upgraded packages, this release has the followin
- The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package)
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follow: `services.openssh.kbdInteractiveAuthentication` to `services.openssh.settings.KbdInteractiveAuthentication`, `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`, `services.openssh.useDns` to `services.openssh.settings.UseDns`, `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`, `services.openssh.logLevel` to `services.openssh.settings.LogLevel`.
- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows:
- `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding`
- `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication`
- `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication`
- `services.openssh.useDns` to `services.openssh.settings.UseDns`
- `services.openssh.permitRootLogin` to `services.openssh.settings.PermitRootLogin`
- `services.openssh.logLevel` to `services.openssh.settings.LogLevel`
- `services.openssh.kexAlgorithms` to `services.openssh.settings.KexAlgorithms`
- `services.openssh.macs` to `services.openssh.settings.Macs`
- `services.openssh.cyphers` to `services.openssh.settings.Cyphers`
- `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts`
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
@ -199,6 +211,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion).
- Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays.
- `hip` has been separated into `hip`, `hip-common` and `hipcc`.
- `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections.

View file

@ -698,6 +698,7 @@
./services/monitoring/arbtt.nix
./services/monitoring/bosun.nix
./services/monitoring/cadvisor.nix
./services/monitoring/cockpit.nix
./services/monitoring/collectd.nix
./services/monitoring/das_watchdog.nix
./services/monitoring/datadog-agent.nix

View file

@ -282,7 +282,7 @@ in
config = {
programs.ssh.setXAuthLocation =
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.forwardX11);
mkDefault (config.services.xserver.enable || config.programs.ssh.forwardX11 || config.services.openssh.settings.X11Forwarding);
assertions =
[ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;

View file

@ -383,7 +383,7 @@ in
"d /var/spool/slurmd 755 root root -"
];
services.openssh.forwardX11 = mkIf cfg.client.enable (mkDefault true);
services.openssh.settings.X11Forwarding = mkIf cfg.client.enable (mkDefault true);
systemd.services.slurmctld = mkIf (cfg.server.enable) {
path = with pkgs; [ wrappedSlurm munge coreutils ]

View file

@ -0,0 +1,231 @@
{ pkgs, config, lib, ... }:
let
cfg = config.services.cockpit;
inherit (lib) types mkEnableOption mkOption mkIf mdDoc literalMD mkPackageOptionMD;
settingsFormat = pkgs.formats.ini {};
in {
options = {
services.cockpit = {
enable = mkEnableOption (mdDoc "Cockpit");
package = mkPackageOptionMD pkgs "Cockpit" {
default = [ "cockpit" ];
};
settings = lib.mkOption {
type = settingsFormat.type;
default = {};
description = mdDoc ''
Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.
See the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details.
'';
};
port = mkOption {
description = mdDoc "Port where cockpit will listen.";
type = types.port;
default = 9090;
};
openFirewall = mkOption {
description = mdDoc "Open port for cockpit.";
type = types.bool;
default = false;
};
};
};
config = mkIf cfg.enable {
# expose cockpit-bridge system-wide
environment.systemPackages = [ cfg.package ];
# allow cockpit to find its plugins
environment.pathsToLink = [ "/share/cockpit" ];
# generate cockpit settings
environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings;
security.pam.services.cockpit = {};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
# units are in reverse sort order if you ls $out/lib/systemd/system
# all these units are basically verbatim translated from upstream
# Translation from $out/lib/systemd/system/systemd-cockpithttps.slice
systemd.slices.system-cockpithttps = {
description = "Resource limits for all cockpit-ws-https@.service instances";
sliceConfig = {
TasksMax = 200;
MemoryHigh = "75%";
MemoryMax = "90%";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.socket
systemd.sockets."cockpit-wsinstance-https@" = {
unitConfig = {
Description = "Socket for Cockpit Web Service https instance %I";
BindsTo = [ "cockpit.service" "cockpit-wsinstance-https@%i.service" ];
# clean up the socket after the service exits, to prevent fd leak
# this also effectively prevents a DoS by starting arbitrarily many sockets, as
# the services are resource-limited by system-cockpithttps.slice
Documentation = "man:cockpit-ws(8)";
};
socketConfig = {
ListenStream = "/run/cockpit/wsinstance/https@%i.sock";
SocketUser = "root";
SocketMode = "0600";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https@.service
systemd.services."cockpit-wsinstance-https@" = {
description = "Cockpit Web Service https instance %I";
bindsTo = [ "cockpit.service"];
path = [ cfg.package ];
documentation = [ "man:cockpit-ws(8)" ];
serviceConfig = {
Slice = "system-cockpithttps.slice";
ExecStart = "${cfg.package}/libexec/cockpit-ws --for-tls-proxy --port=0";
User = "root";
Group = "";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.socket
systemd.sockets.cockpit-wsinstance-http = {
unitConfig = {
Description = "Socket for Cockpit Web Service http instance";
BindsTo = "cockpit.service";
Documentation = "man:cockpit-ws(8)";
};
socketConfig = {
ListenStream = "/run/cockpit/wsinstance/http.sock";
SocketUser = "root";
SocketMode = "0600";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory.socket
systemd.sockets.cockpit-wsinstance-https-factory = {
unitConfig = {
Description = "Socket for Cockpit Web Service https instance factory";
BindsTo = "cockpit.service";
Documentation = "man:cockpit-ws(8)";
};
socketConfig = {
ListenStream = "/run/cockpit/wsinstance/https-factory.sock";
Accept = true;
SocketUser = "root";
SocketMode = "0600";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-https-factory@.service
systemd.services."cockpit-wsinstance-https-factory@" = {
description = "Cockpit Web Service https instance factory";
documentation = [ "man:cockpit-ws(8)" ];
path = [ cfg.package ];
serviceConfig = {
ExecStart = "${cfg.package}/libexec/cockpit-wsinstance-factory";
User = "root";
};
};
# Translation from $out/lib/systemd/system/cockpit-wsinstance-http.service
systemd.services."cockpit-wsinstance-http" = {
description = "Cockpit Web Service http instance";
bindsTo = [ "cockpit.service" ];
path = [ cfg.package ];
documentation = [ "man:cockpit-ws(8)" ];
serviceConfig = {
ExecStart = "${cfg.package}/libexec/cockpit-ws --no-tls --port=0";
User = "root";
Group = "";
};
};
# Translation from $out/lib/systemd/system/cockpit.socket
systemd.sockets."cockpit" = {
unitConfig = {
Description = "Cockpit Web Service Socket";
Documentation = "man:cockpit-ws(8)";
Wants = "cockpit-motd.service";
};
socketConfig = {
ListenStream = cfg.port;
ExecStartPost = [
"-${cfg.package}/share/cockpit/motd/update-motd \"\" localhost"
"-${pkgs.coreutils}/bin/ln -snf active.motd /run/cockpit/motd"
];
ExecStopPost = "-${pkgs.coreutils}/bin/ln -snf inactive.motd /run/cockpit/motd";
};
wantedBy = [ "sockets.target" ];
};
# Translation from $out/lib/systemd/system/cockpit.service
systemd.services."cockpit" = {
description = "Cockpit Web Service";
documentation = [ "man:cockpit-ws(8)" ];
restartIfChanged = true;
path = with pkgs; [ coreutils cfg.package ];
requires = [ "cockpit.socket" "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
after = [ "cockpit-wsinstance-http.socket" "cockpit-wsinstance-https-factory.socket" ];
environment = {
G_MESSAGES_DEBUG = "cockpit-ws,cockpit-bridge";
};
serviceConfig = {
RuntimeDirectory="cockpit/tls";
ExecStartPre = [
# cockpit-tls runs in a more constrained environment, these + means that these commands
# will run with full privilege instead of inside that constrained environment
# See https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= for details
"+${cfg.package}/libexec/cockpit-certificate-ensure --for-cockpit-tls"
];
ExecStart = "${cfg.package}/libexec/cockpit-tls";
User = "root";
Group = "";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
MemoryDenyWriteExecute = true;
};
};
# Translation from $out/lib/systemd/system/cockpit-motd.service
# This part basically implements a motd state machine:
# - If cockpit.socket is enabled then /run/cockpit/motd points to /run/cockpit/active.motd
# - If cockpit.socket is disabled then /run/cockpit/motd points to /run/cockpit/inactive.motd
# - As cockpit.socket is disabled by default, /run/cockpit/motd points to /run/cockpit/inactive.motd
# /run/cockpit/active.motd is generated dynamically by cockpit-motd.service
systemd.services."cockpit-motd" = {
path = with pkgs; [ nettools ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/share/cockpit/motd/update-motd";
};
description = "Cockpit motd updater service";
documentation = [ "man:cockpit-ws(8)" ];
wants = [ "network.target" ];
after = [ "network.target" "cockpit.socket" ];
};
systemd.tmpfiles.rules = [ # From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf
"C /run/cockpit/inactive.motd 0640 root root - ${cfg.package}/share/cockpit/motd/inactive.motd"
"f /run/cockpit/active.motd 0640 root root -"
"L+ /run/cockpit/motd - - - - inactive.motd"
"d /etc/cockpit/ws-certs.d 0600 root root 0"
];
};
meta.maintainers = pkgs.cockpit.meta.maintainers;
}

View file

@ -68,6 +68,12 @@ in
description = lib.mdDoc "Whether this node is a lighthouse.";
};
isRelay = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether this node is a relay.";
};
lighthouses = mkOption {
type = types.listOf types.str;
default = [];
@ -78,6 +84,15 @@ in
example = [ "192.168.100.1" ];
};
relays = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
List of IPs of relays that this node should allow traffic from.
'';
example = [ "192.168.100.1" ];
};
listen.host = mkOption {
type = types.str;
default = "0.0.0.0";
@ -157,6 +172,11 @@ in
am_lighthouse = netCfg.isLighthouse;
hosts = netCfg.lighthouses;
};
relay = {
am_relay = netCfg.isRelay;
relays = netCfg.relays;
use_relays = true;
};
listen = {
host = netCfg.listen.host;
port = netCfg.listen.port;
@ -173,25 +193,41 @@ in
configFile = format.generate "nebula-config-${netName}.yml" settings;
in
{
# Create systemd service for Nebula.
# Create the systemd service for Nebula.
"nebula@${netName}" = {
description = "Nebula VPN service for ${netName}";
wants = [ "basic.target" ];
after = [ "basic.target" "network.target" ];
before = [ "sshd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = mkMerge [
{
Type = "simple";
Restart = "always";
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
}
# The service needs to launch as root to access the tun device, if it's enabled.
(mkIf netCfg.tun.disable {
User = networkId;
Group = networkId;
})
];
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = "${netCfg.package}/bin/nebula -config ${configFile}";
UMask = "0027";
CapabilityBoundingSet = "CAP_NET_ADMIN";
AmbientCapabilities = "CAP_NET_ADMIN";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = false; # needs access to /dev/net/tun (below)
DeviceAllow = "/dev/net/tun rw";
DevicePolicy = "closed";
PrivateTmp = true;
PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictSUIDSGID = true;
User = networkId;
Group = networkId;
};
unitConfig.StartLimitIntervalSec = 0; # ensure Restart=always is always honoured (networks can go down for arbitrarily long)
};
}) enabledNetworks);
@ -202,7 +238,7 @@ in
# Create the service users and groups.
users.users = mkMerge (mapAttrsToList (netName: netCfg:
mkIf netCfg.tun.disable {
{
${nameToId netName} = {
group = nameToId netName;
description = "Nebula service user for network ${netName}";
@ -210,9 +246,8 @@ in
};
}) enabledNetworks);
users.groups = mkMerge (mapAttrsToList (netName: netCfg:
mkIf netCfg.tun.disable {
${nameToId netName} = {};
}) enabledNetworks);
users.groups = mkMerge (mapAttrsToList (netName: netCfg: {
${nameToId netName} = {};
}) enabledNetworks);
};
}

View file

@ -13,11 +13,12 @@ let
else pkgs.buildPackages.openssh;
# reports boolean as yes / no
mkValueStringSshd = v:
mkValueStringSshd = with lib; v:
if isInt v then toString v
else if isString v then v
else if true == v then "yes"
else if false == v then "no"
else if isList v then concatStringsSep "," v
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
# dont use the "=" operator
@ -104,6 +105,11 @@ in
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
(mkRenamedOptionModule [ "services" "openssh" "logLevel" ] [ "services" "openssh" "settings" "LogLevel" ])
(mkRenamedOptionModule [ "services" "openssh" "macs" ] [ "services" "openssh" "settings" "Macs" ])
(mkRenamedOptionModule [ "services" "openssh" "cyphers" ] [ "services" "openssh" "settings" "Cyphers" ])
(mkRenamedOptionModule [ "services" "openssh" "kexAlgorithms" ] [ "services" "openssh" "settings" "KexAlgorithms" ])
(mkRenamedOptionModule [ "services" "openssh" "gatewayPorts" ] [ "services" "openssh" "settings" "GatewayPorts" ])
(mkRenamedOptionModule [ "services" "openssh" "forwardX11" ] [ "services" "openssh" "settings" "X11Forwarding" ])
];
###### interface
@ -131,14 +137,6 @@ in
'';
};
forwardX11 = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to allow X11 connections to be forwarded.
'';
};
allowSFTP = mkOption {
type = types.bool;
default = true;
@ -167,16 +165,6 @@ in
'';
};
gatewayPorts = mkOption {
type = types.str;
default = "no";
description = lib.mdDoc ''
Specifies whether remote hosts are allowed to connect to
ports forwarded for the client. See
{manpage}`sshd_config(5)`.
'';
};
ports = mkOption {
type = types.listOf types.port;
default = [22];
@ -286,63 +274,6 @@ in
'';
};
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = lib.mdDoc ''
Allowed key exchange algorithms
Uses the lower bound recommended in both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = lib.mdDoc ''
Allowed ciphers
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = lib.mdDoc ''
Allowed MACs
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
settings = mkOption {
@ -374,7 +305,13 @@ in
~/.ssh/authorized_keys from and sshd_config Match Host directives.
'';
};
X11Forwarding = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to allow X11 connections to be forwarded.
'';
};
PasswordAuthentication = mkOption {
type = types.bool;
default = true;
@ -396,6 +333,70 @@ in
Specifies whether keyboard-interactive authentication is allowed.
'';
};
GatewayPorts = mkOption {
type = types.str;
default = "no";
description = lib.mdDoc ''
Specifies whether remote hosts are allowed to connect to
ports forwarded for the client. See
{manpage}`sshd_config(5)`.
'';
};
KexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = lib.mdDoc ''
Allowed key exchange algorithms
Uses the lower bound recommended in both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
Macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = lib.mdDoc ''
Allowed MACs
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
Ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = lib.mdDoc ''
Allowed ciphers
Defaults to recommended settings from both
<https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and
<https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
'';
};
};
});
};
@ -555,17 +556,10 @@ in
${optionalString cfgc.setXAuthLocation ''
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
''}
X11Forwarding ${if cfg.forwardX11 then "yes" else "no"}
${optionalString cfg.allowSFTP ''
Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags}
''}
GatewayPorts ${cfg.gatewayPorts}
PrintMotd no # handled by pam_motd
AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
${optionalString (cfg.authorizedKeysCommand != "none") ''
AuthorizedKeysCommand ${cfg.authorizedKeysCommand}
@ -575,13 +569,9 @@ in
${flip concatMapStrings cfg.hostKeys (k: ''
HostKey ${k.path}
'')}
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
Ciphers ${concatStringsSep "," cfg.ciphers}
MACs ${concatStringsSep "," cfg.macs}
'';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
assertions = [{ assertion = if cfg.settings.X11Forwarding then cfgc.setXAuthLocation else true;
message = "cannot enable X11 forwarding without setting xauth location";}]
++ forEach cfg.listenAddresses ({ addr, ... }: {
assertion = addr != null;

View file

@ -115,7 +115,7 @@ in
MEILI_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.listenPort}";
MEILI_NO_ANALYTICS = toString cfg.noAnalytics;
MEILI_ENV = cfg.environment;
MEILI_DUMPS_DIR = "/var/lib/meilisearch/dumps";
MEILI_DUMP_DIR = "/var/lib/meilisearch/dumps";
MEILI_LOG_LEVEL = cfg.logLevel;
MEILI_MAX_INDEX_SIZE = cfg.maxIndexSize;
};

View file

@ -6,7 +6,7 @@ let
cfg = config.services.privacyidea;
opt = options.services.privacyidea;
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python39; };
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python310; };
python = uwsgi.python3;
penv = python.withPackages (const [ pkgs.privacyidea ]);
logCfg = pkgs.writeText "privacyidea-log.cfg" ''
@ -41,7 +41,7 @@ let
piCfgFile = pkgs.writeText "privacyidea.cfg" ''
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
SQLALCHEMY_DATABASE_URI = 'postgresql:///privacyidea'
SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2:///privacyidea'
SECRET_KEY = '${cfg.secretKey}'
PI_PEPPER = '${cfg.pepper}'
PI_ENCFILE = '${cfg.encFile}'

View file

@ -203,7 +203,8 @@ let
proxy_send_timeout ${cfg.proxyTimeout};
proxy_read_timeout ${cfg.proxyTimeout};
proxy_http_version 1.1;
# don't let clients close the keep-alive connection to upstream
# don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
# https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
proxy_set_header "Connection" "";
include ${recommendedProxyConfig};
''}

View file

@ -134,6 +134,7 @@ in {
cloud-init-hostname = handleTest ./cloud-init-hostname.nix {};
cloudlog = handleTest ./cloudlog.nix {};
cntr = handleTestOn ["aarch64-linux" "x86_64-linux"] ./cntr.nix {};
cockpit = handleTest ./cockpit.nix {};
cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {};
collectd = handleTest ./collectd.nix {};
connman = handleTest ./connman.nix {};

135
nixos/tests/cockpit.nix Normal file
View file

@ -0,0 +1,135 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let
user = "alice"; # from ./common/user-account.nix
password = "foobar"; # from ./common/user-account.nix
in {
name = "cockpit";
meta = {
maintainers = with lib.maintainers; [ lucasew ];
};
nodes = {
server = { config, ... }: {
imports = [ ./common/user-account.nix ];
security.polkit.enable = true;
users.users.${user} = {
extraGroups = [ "wheel" ];
};
services.cockpit = {
enable = true;
openFirewall = true;
settings = {
WebService = {
Origins = "https://server:9090";
};
};
};
};
client = { config, ... }: {
imports = [ ./common/user-account.nix ];
environment.systemPackages = let
seleniumScript = pkgs.writers.writePython3Bin "selenium-script" {
libraries = with pkgs.python3Packages; [ selenium ];
} ''
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.firefox.options import Options
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from time import sleep
def log(msg):
from sys import stderr
print(f"[*] {msg}", file=stderr)
log("Initializing")
options = Options()
options.add_argument("--headless")
driver = webdriver.Firefox(options=options)
driver.implicitly_wait(10)
log("Opening homepage")
driver.get("https://server:9090")
wait = WebDriverWait(driver, 60)
def wait_elem(by, query):
wait.until(EC.presence_of_element_located((by, query)))
def wait_title_contains(title):
wait.until(EC.title_contains(title))
def find_element(by, query):
return driver.find_element(by, query)
def set_value(elem, value):
script = 'arguments[0].value = arguments[1]'
return driver.execute_script(script, elem, value)
log("Waiting for the homepage to load")
# cockpit sets initial title as hostname
wait_title_contains("server")
wait_elem(By.CSS_SELECTOR, 'input#login-user-input')
log("Homepage loaded!")
log("Filling out username")
login_input = find_element(By.CSS_SELECTOR, 'input#login-user-input')
set_value(login_input, "${user}")
log("Filling out password")
password_input = find_element(By.CSS_SELECTOR, 'input#login-password-input')
set_value(password_input, "${password}")
log("Submiting credentials for login")
driver.find_element(By.CSS_SELECTOR, 'button#login-button').click()
# driver.implicitly_wait(1)
# driver.get("https://server:9090/system")
log("Waiting dashboard to load")
wait_title_contains("${user}@server")
log("Waiting for the frontend to initalize")
sleep(1)
log("Looking for that banner that tells about limited access")
container_iframe = find_element(By.CSS_SELECTOR, 'iframe.container-frame')
driver.switch_to.frame(container_iframe)
assert "Web console is running in limited access mode" in driver.page_source
driver.close()
'';
in with pkgs; [ firefox-unwrapped geckodriver seleniumScript ];
};
};
testScript = ''
start_all()
server.wait_for_open_port(9090)
server.wait_for_unit("network.target")
server.wait_for_unit("multi-user.target")
server.systemctl("start", "polkit")
client.wait_for_unit("multi-user.target")
client.succeed("curl -k https://server:9090 -o /dev/stderr")
print(client.succeed("whoami"))
client.succeed('PYTHONUNBUFFERED=1 selenium-script')
'';
}
)

View file

@ -23,7 +23,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
testScript = ''
from subprocess import run
machine.wait_for_unit("cups.service")
machine.wait_for_unit("multi-user.target")
for name in ("opt", "noopt"):
text = f"test text {name}".upper()
machine.wait_until_succeeds(f"lpstat -v {name}")

View file

@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let
environment.systemPackages = [ pkgs.nebula ];
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
services.openssh.enable = true;
networking.interfaces.eth1.useDHCP = false;
services.nebula.networks.smoke = {
# Note that these paths won't exist when the machine is first booted.
@ -30,13 +31,14 @@ in
lighthouse = { ... } @ args:
makeNebulaNode args "lighthouse" {
networking.interfaces.eth1.ipv4.addresses = [{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [{
address = "192.168.1.1";
prefixLength = 24;
}];
services.nebula.networks.smoke = {
isLighthouse = true;
isRelay = true;
firewall = {
outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
@ -44,9 +46,9 @@ in
};
};
node2 = { ... } @ args:
makeNebulaNode args "node2" {
networking.interfaces.eth1.ipv4.addresses = [{
allowAny = { ... } @ args:
makeNebulaNode args "allowAny" {
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [{
address = "192.168.1.2";
prefixLength = 24;
}];
@ -55,6 +57,7 @@ in
staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; };
isLighthouse = false;
lighthouses = [ "10.0.100.1" ];
relays = [ "10.0.100.1" ];
firewall = {
outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
@ -62,9 +65,9 @@ in
};
};
node3 = { ... } @ args:
makeNebulaNode args "node3" {
networking.interfaces.eth1.ipv4.addresses = [{
allowFromLighthouse = { ... } @ args:
makeNebulaNode args "allowFromLighthouse" {
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [{
address = "192.168.1.3";
prefixLength = 24;
}];
@ -73,6 +76,7 @@ in
staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; };
isLighthouse = false;
lighthouses = [ "10.0.100.1" ];
relays = [ "10.0.100.1" ];
firewall = {
outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
inbound = [ { port = "any"; proto = "any"; host = "lighthouse"; } ];
@ -80,9 +84,9 @@ in
};
};
node4 = { ... } @ args:
makeNebulaNode args "node4" {
networking.interfaces.eth1.ipv4.addresses = [{
allowToLighthouse = { ... } @ args:
makeNebulaNode args "allowToLighthouse" {
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [{
address = "192.168.1.4";
prefixLength = 24;
}];
@ -92,6 +96,7 @@ in
staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; };
isLighthouse = false;
lighthouses = [ "10.0.100.1" ];
relays = [ "10.0.100.1" ];
firewall = {
outbound = [ { port = "any"; proto = "any"; host = "lighthouse"; } ];
inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
@ -99,9 +104,9 @@ in
};
};
node5 = { ... } @ args:
makeNebulaNode args "node5" {
networking.interfaces.eth1.ipv4.addresses = [{
disabled = { ... } @ args:
makeNebulaNode args "disabled" {
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [{
address = "192.168.1.5";
prefixLength = 24;
}];
@ -111,6 +116,7 @@ in
staticHostMap = { "10.0.100.1" = [ "192.168.1.1:4242" ]; };
isLighthouse = false;
lighthouses = [ "10.0.100.1" ];
relays = [ "10.0.100.1" ];
firewall = {
outbound = [ { port = "any"; proto = "any"; host = "lighthouse"; } ];
inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
@ -123,12 +129,14 @@ in
testScript = let
setUpPrivateKey = name: ''
${name}.succeed(
"mkdir -p /root/.ssh",
"chown 700 /root/.ssh",
"cat '${snakeOilPrivateKey}' > /root/.ssh/id_snakeoil",
"chown 600 /root/.ssh/id_snakeoil",
)
${name}.start()
${name}.succeed(
"mkdir -p /root/.ssh",
"chown 700 /root/.ssh",
"cat '${snakeOilPrivateKey}' > /root/.ssh/id_snakeoil",
"chown 600 /root/.ssh/id_snakeoil",
"mkdir -p /root"
)
'';
# From what I can tell, StrictHostKeyChecking=no is necessary for ssh to work between machines.
@ -146,26 +154,48 @@ in
${name}.succeed(
"mkdir -p /etc/nebula",
"nebula-cert keygen -out-key /etc/nebula/${name}.key -out-pub /etc/nebula/${name}.pub",
"scp ${sshOpts} /etc/nebula/${name}.pub 192.168.1.1:/tmp/${name}.pub",
"scp ${sshOpts} /etc/nebula/${name}.pub root@192.168.1.1:/root/${name}.pub",
)
lighthouse.succeed(
'nebula-cert sign -ca-crt /etc/nebula/ca.crt -ca-key /etc/nebula/ca.key -name "${name}" -groups "${name}" -ip "${ip}" -in-pub /tmp/${name}.pub -out-crt /tmp/${name}.crt',
'nebula-cert sign -ca-crt /etc/nebula/ca.crt -ca-key /etc/nebula/ca.key -name "${name}" -groups "${name}" -ip "${ip}" -in-pub /root/${name}.pub -out-crt /root/${name}.crt'
)
${name}.succeed(
"scp ${sshOpts} 192.168.1.1:/tmp/${name}.crt /etc/nebula/${name}.crt",
"scp ${sshOpts} 192.168.1.1:/etc/nebula/ca.crt /etc/nebula/ca.crt",
"scp ${sshOpts} root@192.168.1.1:/root/${name}.crt /etc/nebula/${name}.crt",
"scp ${sshOpts} root@192.168.1.1:/etc/nebula/ca.crt /etc/nebula/ca.crt",
'(id nebula-smoke >/dev/null && chown -R nebula-smoke:nebula-smoke /etc/nebula) || true'
)
'';
in ''
start_all()
getPublicIp = node: ''
${node}.succeed("ip --brief addr show eth1 | awk '{print $3}' | tail -n1 | cut -d/ -f1").strip()
'';
# Never do this for anything security critical! (Thankfully it's just a test.)
# Restart Nebula right after the mutual block and/or restore so the state is fresh.
blockTrafficBetween = nodeA: nodeB: ''
node_a = ${getPublicIp nodeA}
node_b = ${getPublicIp nodeB}
${nodeA}.succeed("iptables -I INPUT -s " + node_b + " -j DROP")
${nodeB}.succeed("iptables -I INPUT -s " + node_a + " -j DROP")
${nodeA}.systemctl("restart nebula@smoke.service")
${nodeB}.systemctl("restart nebula@smoke.service")
'';
allowTrafficBetween = nodeA: nodeB: ''
node_a = ${getPublicIp nodeA}
node_b = ${getPublicIp nodeB}
${nodeA}.succeed("iptables -D INPUT -s " + node_b + " -j DROP")
${nodeB}.succeed("iptables -D INPUT -s " + node_a + " -j DROP")
${nodeA}.systemctl("restart nebula@smoke.service")
${nodeB}.systemctl("restart nebula@smoke.service")
'';
in ''
# Create the certificate and sign the lighthouse's keys.
${setUpPrivateKey "lighthouse"}
lighthouse.succeed(
"mkdir -p /etc/nebula",
'nebula-cert ca -name "Smoke Test" -out-crt /etc/nebula/ca.crt -out-key /etc/nebula/ca.key',
'nebula-cert sign -ca-crt /etc/nebula/ca.crt -ca-key /etc/nebula/ca.key -name "lighthouse" -groups "lighthouse" -ip "10.0.100.1/24" -out-crt /etc/nebula/lighthouse.crt -out-key /etc/nebula/lighthouse.key',
'chown -R nebula-smoke:nebula-smoke /etc/nebula'
)
# Reboot the lighthouse and verify that the nebula service comes up on boot.
@ -175,49 +205,104 @@ in
lighthouse.wait_for_unit("nebula@smoke.service")
lighthouse.succeed("ping -c5 10.0.100.1")
# Create keys for node2's nebula service and test that it comes up.
${setUpPrivateKey "node2"}
${signKeysFor "node2" "10.0.100.2/24"}
${restartAndCheckNebula "node2" "10.0.100.2"}
# Create keys for allowAny's nebula service and test that it comes up.
${setUpPrivateKey "allowAny"}
${signKeysFor "allowAny" "10.0.100.2/24"}
${restartAndCheckNebula "allowAny" "10.0.100.2"}
# Create keys for node3's nebula service and test that it comes up.
${setUpPrivateKey "node3"}
${signKeysFor "node3" "10.0.100.3/24"}
${restartAndCheckNebula "node3" "10.0.100.3"}
# Create keys for allowFromLighthouse's nebula service and test that it comes up.
${setUpPrivateKey "allowFromLighthouse"}
${signKeysFor "allowFromLighthouse" "10.0.100.3/24"}
${restartAndCheckNebula "allowFromLighthouse" "10.0.100.3"}
# Create keys for node4's nebula service and test that it comes up.
${setUpPrivateKey "node4"}
${signKeysFor "node4" "10.0.100.4/24"}
${restartAndCheckNebula "node4" "10.0.100.4"}
# Create keys for allowToLighthouse's nebula service and test that it comes up.
${setUpPrivateKey "allowToLighthouse"}
${signKeysFor "allowToLighthouse" "10.0.100.4/24"}
${restartAndCheckNebula "allowToLighthouse" "10.0.100.4"}
# Create keys for node4's nebula service and test that it does not come up.
${setUpPrivateKey "node5"}
${signKeysFor "node5" "10.0.100.5/24"}
node5.fail("systemctl status nebula@smoke.service")
node5.fail("ping -c5 10.0.100.5")
# Create keys for disabled's nebula service and test that it does not come up.
${setUpPrivateKey "disabled"}
${signKeysFor "disabled" "10.0.100.5/24"}
disabled.fail("systemctl status nebula@smoke.service")
disabled.fail("ping -c5 10.0.100.5")
# The lighthouse can ping node2 and node3 but not node5
# The lighthouse can ping allowAny and allowFromLighthouse but not disabled
lighthouse.succeed("ping -c3 10.0.100.2")
lighthouse.succeed("ping -c3 10.0.100.3")
lighthouse.fail("ping -c3 10.0.100.5")
# node2 can ping the lighthouse, but not node3 because of its inbound firewall
node2.succeed("ping -c3 10.0.100.1")
node2.fail("ping -c3 10.0.100.3")
# allowAny can ping the lighthouse, but not allowFromLighthouse because of its inbound firewall
allowAny.succeed("ping -c3 10.0.100.1")
allowAny.fail("ping -c3 10.0.100.3")
# node3 can ping the lighthouse and node2
node3.succeed("ping -c3 10.0.100.1")
node3.succeed("ping -c3 10.0.100.2")
# allowFromLighthouse can ping the lighthouse and allowAny
allowFromLighthouse.succeed("ping -c3 10.0.100.1")
allowFromLighthouse.succeed("ping -c3 10.0.100.2")
# node4 can ping the lighthouse but not node2 or node3
node4.succeed("ping -c3 10.0.100.1")
node4.fail("ping -c3 10.0.100.2")
node4.fail("ping -c3 10.0.100.3")
# block allowFromLighthouse <-> allowAny, and allowFromLighthouse -> allowAny should still work.
${blockTrafficBetween "allowFromLighthouse" "allowAny"}
allowFromLighthouse.succeed("ping -c10 10.0.100.2")
${allowTrafficBetween "allowFromLighthouse" "allowAny"}
allowFromLighthouse.succeed("ping -c10 10.0.100.2")
# node2 can ping node3 now that node3 pinged it first
node2.succeed("ping -c3 10.0.100.3")
# node4 can ping node2 if node2 pings it first
node2.succeed("ping -c3 10.0.100.4")
node4.succeed("ping -c3 10.0.100.2")
# allowToLighthouse can ping the lighthouse but not allowAny or allowFromLighthouse
allowToLighthouse.succeed("ping -c3 10.0.100.1")
allowToLighthouse.fail("ping -c3 10.0.100.2")
allowToLighthouse.fail("ping -c3 10.0.100.3")
# allowAny can ping allowFromLighthouse now that allowFromLighthouse pinged it first
allowAny.succeed("ping -c3 10.0.100.3")
# block allowAny <-> allowFromLighthouse, and allowAny -> allowFromLighthouse should still work.
${blockTrafficBetween "allowAny" "allowFromLighthouse"}
allowFromLighthouse.succeed("ping -c10 10.0.100.2")
allowAny.succeed("ping -c10 10.0.100.3")
${allowTrafficBetween "allowAny" "allowFromLighthouse"}
allowFromLighthouse.succeed("ping -c10 10.0.100.2")
allowAny.succeed("ping -c10 10.0.100.3")
# allowToLighthouse can ping allowAny if allowAny pings it first
allowAny.succeed("ping -c3 10.0.100.4")
allowToLighthouse.succeed("ping -c3 10.0.100.2")
# block allowToLighthouse <-> allowAny, and allowAny <-> allowToLighthouse should still work.
${blockTrafficBetween "allowAny" "allowToLighthouse"}
allowAny.succeed("ping -c10 10.0.100.4")
allowToLighthouse.succeed("ping -c10 10.0.100.2")
${allowTrafficBetween "allowAny" "allowToLighthouse"}
allowAny.succeed("ping -c10 10.0.100.4")
allowToLighthouse.succeed("ping -c10 10.0.100.2")
# block lighthouse <-> allowFromLighthouse and allowAny <-> allowFromLighthouse; allowFromLighthouse won't get to allowAny
${blockTrafficBetween "allowFromLighthouse" "lighthouse"}
${blockTrafficBetween "allowFromLighthouse" "allowAny"}
allowFromLighthouse.fail("ping -c3 10.0.100.2")
${allowTrafficBetween "allowFromLighthouse" "lighthouse"}
${allowTrafficBetween "allowFromLighthouse" "allowAny"}
allowFromLighthouse.succeed("ping -c3 10.0.100.2")
# block lighthouse <-> allowAny, allowAny <-> allowFromLighthouse, and allowAny <-> allowToLighthouse; it won't get to allowFromLighthouse or allowToLighthouse
${blockTrafficBetween "allowAny" "lighthouse"}
${blockTrafficBetween "allowAny" "allowFromLighthouse"}
${blockTrafficBetween "allowAny" "allowToLighthouse"}
allowFromLighthouse.fail("ping -c3 10.0.100.2")
allowAny.fail("ping -c3 10.0.100.3")
allowAny.fail("ping -c3 10.0.100.4")
${allowTrafficBetween "allowAny" "lighthouse"}
${allowTrafficBetween "allowAny" "allowFromLighthouse"}
${allowTrafficBetween "allowAny" "allowToLighthouse"}
allowFromLighthouse.succeed("ping -c3 10.0.100.2")
allowAny.succeed("ping -c3 10.0.100.3")
allowAny.succeed("ping -c3 10.0.100.4")
# block lighthouse <-> allowToLighthouse and allowToLighthouse <-> allowAny; it won't get to allowAny
${blockTrafficBetween "allowToLighthouse" "lighthouse"}
${blockTrafficBetween "allowToLighthouse" "allowAny"}
allowAny.fail("ping -c3 10.0.100.4")
allowToLighthouse.fail("ping -c3 10.0.100.2")
${allowTrafficBetween "allowToLighthouse" "lighthouse"}
${allowTrafficBetween "allowToLighthouse" "allowAny"}
allowAny.succeed("ping -c3 10.0.100.4")
allowToLighthouse.succeed("ping -c3 10.0.100.2")
'';
})

View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, lib, buildDeps ? [ ], pythonEnv ? [ ], ... }:
/*
/*
This test suite replaces the typical pytestCheckHook function in python
packages. Pgadmin4 test suite needs a running and configured postgresql
server. This is why this test exists.
@ -17,117 +17,123 @@ import ./make-test-python.nix ({ pkgs, lib, buildDeps ? [ ], pythonEnv ? [ ], ..
*/
let
pgadmin4SrcDir = "/pgadmin";
pgadmin4Dir = "/var/lib/pgadmin";
pgadmin4LogDir = "/var/log/pgadmin";
let
pgadmin4SrcDir = "/pgadmin";
pgadmin4Dir = "/var/lib/pgadmin";
pgadmin4LogDir = "/var/log/pgadmin";
in
{
name = "pgadmin4";
meta.maintainers = with lib.maintainers; [ gador ];
in
{
name = "pgadmin4";
meta.maintainers = with lib.maintainers; [ gador ];
nodes.machine = { pkgs, ... }: {
imports = [ ./common/x11.nix ];
# needed because pgadmin 6.8 will fail, if those dependencies get updated
nixpkgs.overlays = [
(self: super: {
pythonPackages = pythonEnv;
})
nodes.machine = { pkgs, ... }: {
imports = [ ./common/x11.nix ];
# needed because pgadmin 6.8 will fail, if those dependencies get updated
nixpkgs.overlays = [
(self: super: {
pythonPackages = pythonEnv;
})
];
environment.systemPackages = with pkgs; [
pgadmin4
postgresql
chromedriver
chromium
# include the same packages as in pgadmin minus speaklater3
(python3.withPackages
(ps: buildDeps ++
[
# test suite package requirements
pythonPackages.testscenarios
pythonPackages.selenium
])
)
];
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
ensureUsers = [
{
name = "postgres";
ensurePermissions = {
"DATABASE \"postgres\"" = "ALL PRIVILEGES";
};
}
];
environment.systemPackages = with pkgs; [
pgadmin4
postgresql
chromedriver
chromium
# include the same packages as in pgadmin minus speaklater3
(python3.withPackages
(ps: buildDeps ++
[
# test suite package requirements
pythonPackages.testscenarios
pythonPackages.selenium
])
)
];
services.postgresql = {
enable = true;
authentication = ''
host all all localhost trust
'';
ensureUsers = [
{
name = "postgres";
ensurePermissions = {
"DATABASE \"postgres\"" = "ALL PRIVILEGES";
};
}
];
};
};
};
testScript = ''
machine.wait_for_unit("postgresql")
testScript = ''
machine.wait_for_unit("postgresql")
# pgadmin4 needs its data and log directories
# pgadmin4 needs its data and log directories
machine.succeed(
"mkdir -p ${pgadmin4Dir} \
&& mkdir -p ${pgadmin4LogDir} \
&& mkdir -p ${pgadmin4SrcDir}"
)
machine.succeed(
"tar xvzf ${pkgs.pgadmin4.src} -C ${pgadmin4SrcDir}"
)
machine.wait_for_file("${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/README.md")
# set paths and config for tests
# also ensure Server Mode is set to false, which will automatically exclude some unnecessary tests.
# see https://github.com/pgadmin-org/pgadmin4/blob/fd1c26408bbf154fa455a49ee5c12895933833a3/web/regression/runtests.py#L217-L226
machine.succeed(
"cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \
&& cp -v web/regression/test_config.json.in web/regression/test_config.json \
&& sed -i 's|PostgreSQL 9.4|PostgreSQL|' web/regression/test_config.json \
&& sed -i 's|/opt/PostgreSQL/9.4/bin/|${pkgs.postgresql}/bin|' web/regression/test_config.json \
&& sed -i 's|\"headless_chrome\": false|\"headless_chrome\": true|' web/regression/test_config.json \
&& sed -i 's|builtins.SERVER_MODE = None|builtins.SERVER_MODE = False|' web/regression/runtests.py"
)
# adapt chrome config to run within a sandbox without GUI
# see https://stackoverflow.com/questions/50642308/webdriverexception-unknown-error-devtoolsactiveport-file-doesnt-exist-while-t#50642913
# add chrome binary path. use spaces to satisfy python indention (tabs throw an error)
machine.succeed(
"cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \
&& sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.binary_location = \"${pkgs.chromium}/bin/chromium\"' web/regression/runtests.py \
&& sed -i '\|options.add_argument(\"--no-sandbox\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--headless\")' web/regression/runtests.py \
&& sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--disable-dev-shm-usage\")' web/regression/runtests.py \
&& sed -i 's|(chrome_options=options)|(executable_path=\"${pkgs.chromedriver}/bin/chromedriver\", chrome_options=options)|' web/regression/runtests.py \
&& sed -i 's|driver_local.maximize_window()||' web/regression/runtests.py"
)
# don't bother to test kerberos authentication
excluded_tests = [ "browser.tests.test_kerberos_with_mocking",
]
with subtest("run browser test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& python regression/runtests.py \
--pkg browser \
--exclude ' + ','.join(excluded_tests)
)
with subtest("run resql test"):
machine.succeed(
"mkdir -p ${pgadmin4Dir} \
&& mkdir -p ${pgadmin4LogDir} \
&& mkdir -p ${pgadmin4SrcDir}"
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& python regression/runtests.py --pkg resql'
)
machine.succeed(
"tar xvzf ${pkgs.pgadmin4.src} -C ${pgadmin4SrcDir}"
)
machine.wait_for_file("${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/README.md")
# set paths and config for tests
machine.succeed(
"cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \
&& cp -v web/regression/test_config.json.in web/regression/test_config.json \
&& sed -i 's|PostgreSQL 9.4|PostgreSQL|' web/regression/test_config.json \
&& sed -i 's|/opt/PostgreSQL/9.4/bin/|${pkgs.postgresql}/bin|' web/regression/test_config.json \
&& sed -i 's|\"headless_chrome\": false|\"headless_chrome\": true|' web/regression/test_config.json"
)
# adapt chrome config to run within a sandbox without GUI
# see https://stackoverflow.com/questions/50642308/webdriverexception-unknown-error-devtoolsactiveport-file-doesnt-exist-while-t#50642913
# add chrome binary path. use spaces to satisfy python indention (tabs throw an error)
# this works for selenium 3 (currently used), but will need to be updated
# to work with "from selenium.webdriver.chrome.service import Service" in selenium 4
machine.succeed(
"cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \
&& sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.binary_location = \"${pkgs.chromium}/bin/chromium\"' web/regression/runtests.py \
&& sed -i '\|options.add_argument(\"--no-sandbox\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--headless\")' web/regression/runtests.py \
&& sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--disable-dev-shm-usage\")' web/regression/runtests.py \
&& sed -i 's|(chrome_options=options)|(executable_path=\"${pkgs.chromedriver}/bin/chromedriver\", chrome_options=options)|' web/regression/runtests.py \
&& sed -i 's|driver_local.maximize_window()||' web/regression/runtests.py"
)
# Don't bother to test LDAP or kerberos authentication
with subtest("run browser test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& python regression/runtests.py \
--pkg browser \
--exclude browser.tests.test_ldap_login.LDAPLoginTestCase,browser.tests.test_ldap_login,browser.tests.test_kerberos_with_mocking'
)
# fontconfig is necessary for chromium to run
# https://github.com/NixOS/nixpkgs/issues/136207
with subtest("run feature test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& export FONTCONFIG_FILE=${pkgs.makeFontsConf { fontDirectories = [];}} \
&& python regression/runtests.py --pkg feature_tests'
)
with subtest("run resql test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& python regression/runtests.py --pkg resql'
)
'';
})
# fontconfig is necessary for chromium to run
# https://github.com/NixOS/nixpkgs/issues/136207
# also, the feature_tests require Server Mode = True
with subtest("run feature test"):
machine.succeed(
'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \
&& export FONTCONFIG_FILE=${pkgs.makeFontsConf { fontDirectories = [];}} \
&& sed -i \'s|builtins.SERVER_MODE = False|builtins.SERVER_MODE = True|\' regression/runtests.py \
&& python regression/runtests.py --pkg feature_tests'
)
'';
})

View file

@ -4,7 +4,6 @@
, karchive, kcmutils, kconfig, kdnssd, kguiaddons, kinit, kirigami2, knewstuff, knotifyconfig, ktexteditor, kwindowsystem
, fftw, phonon, plasma-framework, threadweaver, breeze-icons
, curl, ffmpeg, gdk-pixbuf, libaio, liblastfm, libmtp, loudmouth, lzo, lz4, mariadb-embedded, pcre, snappy, taglib, taglib_extras
, pmdk, numactl
}:
mkDerivation rec {

View file

@ -1198,7 +1198,7 @@ self: super: {
hexokinase = buildGoModule {
name = "hexokinase";
src = old.src + "/hexokinase";
vendorSha256 = "pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=";
vendorSha256 = null;
};
in
''

View file

@ -15,13 +15,13 @@
stdenv.mkDerivation rec {
pname = "iptsd";
version = "1.0.0";
version = "1.0.1";
src = fetchFromGitHub {
owner = "linux-surface";
repo = pname;
rev = "v${version}";
hash = "sha256-fd/WZXRvJb6XCATNmPj2xi1UseoZqBT9IN21iwxHGLs=";
hash = "sha256-B5d1OjrRB164BYtFzZoZ3I4elZSKpHg0PCBiwXPnqLs=";
};
nativeBuildInputs = [
@ -45,8 +45,10 @@ stdenv.mkDerivation rec {
# Original installs udev rules and service config into global paths
postPatch = ''
substituteInPlace etc/meson.build \
--replace "install_dir: unitdir" "install_dir: datadir" \
--replace "install_dir: rulesdir" "install_dir: datadir" \
--replace "install_dir: unitdir" "install_dir: '$out/etc/systemd/system'" \
--replace "install_dir: rulesdir" "install_dir: '$out/etc/udev/rules.d'"
substituteInPlace etc/udev/50-ipts.rules \
--replace "/bin/systemd-escape" "${systemd}/bin/systemd-escape"
'';
mesonFlags = [

View file

@ -1,12 +1,12 @@
{ lib, stdenv, makeDesktopItem, fetchurl, jdk11, wrapGAppsHook, glib }:
{ lib, stdenv, makeDesktopItem, fetchurl, jdk19, wrapGAppsHook, glib }:
stdenv.mkDerivation rec {
pname = "pdfsam-basic";
version = "4.3.4";
version = "5.0.2";
src = fetchurl {
url = "https://github.com/torakiki/pdfsam/releases/download/v${version}/pdfsam_${version}-1_amd64.deb";
sha256 = "sha256-DYCiK5DgWTu1cm4TRsGDCB3LzVCGVkVzSlG3Jeo2WVI=";
hash = "sha256-+nBLmbu1aRnfWYNhTBUJdRmdlud8FK7LZFvDNFDrhiI=";
};
unpackPhase = ''
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
buildInputs = [ glib ];
preFixup = ''
gappsWrapperArgs+=(--set JAVA_HOME "${jdk11}" --set PDFSAM_JAVA_PATH "${jdk11}")
gappsWrapperArgs+=(--set JAVA_HOME "${jdk19}" --set PDFSAM_JAVA_PATH "${jdk19}")
'';
installPhase = ''
@ -40,14 +40,14 @@ stdenv.mkDerivation rec {
};
meta = with lib; {
homepage = "https://github.com/torakiki/pdfsam";
description = "Multi-platform software designed to extract pages, split, merge, mix and rotate PDF files";
sourceProvenance = with sourceTypes; [
binaryBytecode
binaryNativeCode
];
license = licenses.agpl3;
platforms = platforms.all;
maintainers = with maintainers; [ _1000101 ];
homepage = "https://github.com/torakiki/pdfsam";
description = "Multi-platform software designed to extract pages, split, merge, mix and rotate PDF files";
sourceProvenance = with sourceTypes; [
binaryBytecode
binaryNativeCode
];
license = licenses.agpl3Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ _1000101 ];
};
}

View file

@ -1,9 +1,13 @@
{ lib, fetchFromGitHub, cacert, openssl, nixosTests
, python39, fetchpatch
, python310, fetchpatch
}:
let
python3' = python39.override {
dropDevOutput = { outputs, ... }: {
outputs = lib.filter (x: x != "doc") outputs;
};
python3' = python310.override {
packageOverrides = self: super: {
sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec {
version = "1.3.24";
@ -25,6 +29,15 @@ let
sha256 = "ae2f05671588762dd83a21d8b18c51fe355e86783e24594995ff8d7380dffe38";
};
});
flask-sqlalchemy = super.flask-sqlalchemy.overridePythonAttrs (old: rec {
version = "2.5.1";
format = "setuptools";
src = self.fetchPypi {
pname = "Flask-SQLAlchemy";
inherit version;
hash = "sha256:2bda44b43e7cacb15d4e05ff3cc1f8bc97936cc464623424102bfc2c35e95912";
};
});
# Taken from by https://github.com/NixOS/nixpkgs/pull/173090/commits/d2c0c7eb4cc91beb0a1adbaf13abc0a526a21708
werkzeug = super.werkzeug.overridePythonAttrs (old: rec {
version = "1.0.1";
@ -44,6 +57,19 @@ let
inherit version;
sha256 = "sha256-ptWEM94K6AA0fKsfowQ867q+i6qdKeZo8cdoy4ejM8Y=";
};
patches = [
# python 3.10 compat fixes. In later upstream releases, but these
# are not compatible with flask 1 which we need here :(
(fetchpatch {
url = "https://github.com/thmo/jinja/commit/1efb4cc918b4f3d097c376596da101de9f76585a.patch";
sha256 = "sha256-GFaSvYxgzOEFmnnDIfcf0ImScNTh1lR4lxt2Uz1DYdU=";
})
(fetchpatch {
url = "https://github.com/mkrizek/jinja/commit/bd8bad37d1c0e2d8995a44fd88e234f5340afec5.patch";
sha256 = "sha256-Uow+gaO+/dH6zavC0X/SsuMAfhTLRWpamVlL87DXDRA=";
excludes = [ "CHANGES.rst" ];
})
];
});
# Required by jinja2-2.11.3
markupsafe = super.markupsafe.overridePythonAttrs (old: rec {
@ -84,18 +110,62 @@ let
nativeCheckInputs = [];
doCheck = false;
});
# Requires pytest-httpserver as checkInput now which requires Werkzeug>=2 which is not
# supported by current privacyIDEA.
responses = super.responses.overridePythonAttrs (lib.const {
doCheck = false;
});
flask-babel = (super.flask-babel.override {
sphinxHook = null;
furo = null;
}).overridePythonAttrs (old: (dropDevOutput old) // rec {
pname = "Flask-Babel";
version = "2.0.0";
format = "setuptools";
src = self.fetchPypi {
inherit pname;
inherit version;
hash = "sha256:f9faf45cdb2e1a32ea2ec14403587d4295108f35017a7821a2b1acb8cfd9257d";
};
});
psycopg2 = (super.psycopg2.override {
sphinxHook = null;
sphinx-better-theme = null;
}).overridePythonAttrs dropDevOutput;
hypothesis = super.hypothesis.override {
enableDocumentation = false;
};
pyjwt = (super.pyjwt.override {
sphinxHook = null;
sphinx-rtd-theme = null;
}).overridePythonAttrs (old: (dropDevOutput old) // { format = "setuptools"; });
beautifulsoup4 = (super.beautifulsoup4.override {
sphinxHook = null;
}).overridePythonAttrs dropDevOutput;
pydash = (super.pydash.override {
sphinx-rtd-theme = null;
}).overridePythonAttrs (old: rec {
version = "5.1.0";
src = self.fetchPypi {
inherit (old) pname;
inherit version;
hash = "sha256-GysFCsG64EnNB/WSCxT6u+UmOPSF2a2h6xFanuv/aDU=";
};
format = "setuptools";
doCheck = false;
});
};
};
in
python3'.pkgs.buildPythonPackage rec {
pname = "privacyIDEA";
version = "3.7.4";
version = "3.8";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-QoVL6WJjX6+sN5S/iqV3kcfQ5fWTXkTnf6NpZcw3bGo=";
sha256 = "sha256-FCvuWXon8c9LnX1FnCxcSTfBR5/6zijD6ld0iAEVFkU=";
fetchSubmodules = true;
};
@ -104,17 +174,7 @@ python3'.pkgs.buildPythonPackage rec {
defusedxml croniter flask_migrate pyjwt configobj sqlsoup pillow
python-gnupg passlib pyopenssl beautifulsoup4 smpplib flask-babel
ldap3 huey pyyaml qrcode oauth2client requests lxml cbor2 psycopg2
pydash ecdsa google-auth importlib-metadata argon2-cffi bcrypt
];
patches = [
# Apply https://github.com/privacyidea/privacyidea/pull/3304, fixes
# `Exceeds the limit (4300) for integer string conversion` in the tests,
# see https://hydra.nixos.org/build/192932057
(fetchpatch {
url = "https://github.com/privacyidea/privacyidea/commit/0e28f36c0b3291a361669f4a3a77c294f4564475.patch";
sha256 = "sha256-QqcO8bkt+I2JKce/xk2ZhzEaLZ3E4uZ4x5W9Kk0pMQQ=";
})
pydash ecdsa google-auth importlib-metadata argon2-cffi bcrypt segno
];
passthru.tests = { inherit (nixosTests) privacyidea; };
@ -128,6 +188,7 @@ python3'.pkgs.buildPythonPackage rec {
# Tries to connect to `fcm.googleapis.com`.
"test_02_api_push_poll"
"test_04_decline_auth_request"
# Timezone info not available in build sandbox
"test_14_convert_timestamp_to_utc"

View file

@ -1,6 +1,6 @@
{ lib
, rustPlatform
, fetchFromGitLab
, fetchFromGitHub
, pkg-config
, gtk4
, libadwaita
@ -13,16 +13,16 @@
rustPlatform.buildRustPackage rec {
pname = "watchmate";
version = "0.3.0";
version = "0.4.0";
src = fetchFromGitLab {
src = fetchFromGitHub {
owner = "azymohliad";
repo = "watchmate";
rev = "v${version}";
sha256 = "sha256-HyH+9KMbdiJSmjo2NsAvz8rN3JhYKz1nNqfuZufKjQA=";
hash = "sha256-WRoAQDOsCi9VbshGzdw+qrVFKQhOQwPgxOfWXYJ3nhg=";
};
cargoSha256 = "sha256-HvuxKPIVwVrcsTKgPwNosF/ar8QL9Jlldq7SBe2nh6o=";
cargoHash = "sha256-pEXC5IVcMhqYM+bGyTh/vaSS9LxYE2YbtIaPplc4Al8=";
nativeBuildInputs = [
pkg-config
@ -46,7 +46,8 @@ rustPlatform.buildRustPackage rec {
meta = with lib; {
description = "PineTime smart watch companion app for Linux phone and desktop";
homepage = "https://gitlab.com/azymohliad/watchmate";
homepage = "https://github.com/azymohliad/watchmate";
changelog = "https://github.com/azymohliad/watchmate/raw/v${version}/CHANGELOG.md";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ chuangzhu ];
platforms = platforms.linux;

View file

@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "xchm";
version = "1.33";
version = "1.35";
src = fetchFromGitHub {
owner = "rzvncj";
repo = "xCHM";
rev = version;
sha256 = "sha256-8HQaXxZQwfBaWc22GivKri1vZEnZ23anSfriCvmLHHw=";
sha256 = "sha256-ZJvlllhF7KPz+v6KEVPyJjiz+4LHM2Br/oqI54a2Ews=";
};
nativeBuildInputs = [

View file

@ -34,6 +34,7 @@
, libva
, libdrm, wayland, libxkbcommon # Ozone
, curl
, libffi
, libepoxy
# postPatch:
, glibc # gconv + locale
@ -151,7 +152,8 @@ let
libepoxy
] ++ lib.optional systemdSupport systemd
++ lib.optionals cupsSupport [ libgcrypt cups ]
++ lib.optional pulseSupport libpulseaudio;
++ lib.optional pulseSupport libpulseaudio
++ lib.optional (chromiumVersionAtLeast "110") libffi;
patches = [
# Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed):
@ -299,6 +301,10 @@ let
use_system_libwayland = true;
# The default value is hardcoded instead of using pkg-config:
system_wayland_scanner_path = "${wayland.bin}/bin/wayland-scanner";
} // lib.optionalAttrs (chromiumVersionAtLeast "110") {
# To fix the build as we don't provide libffi_pic.a
# (ld.lld: error: unable to find library -l:libffi_pic.a):
use_system_libffi = true;
} // lib.optionalAttrs proprietaryCodecs {
# enable support for the H.264 codec
proprietary_codecs = true;

View file

@ -19,9 +19,9 @@
}
},
"beta": {
"version": "110.0.5481.52",
"sha256": "09khb67xl1b2caw0j9lmv6a9iyms9sprn2r7wsgqzjn9dzd9wwcq",
"sha256bin64": "0dv9fxwqn50hl06y7zfqby8hd9lwqwk2q3856fygbn82qppkbl4r",
"version": "110.0.5481.77",
"sha256": "1kl1k29sr5qw8pg7shvizw4b37fxjlgah56p57kq641iqhnsnj73",
"sha256bin64": "0wnzgvwbpmb5ja4ba5mjk4bk0aaxzbw4zi509vw96q6mbqmr4iwr",
"deps": {
"gn": {
"version": "2022-12-12",
@ -32,9 +32,9 @@
}
},
"dev": {
"version": "111.0.5562.0",
"sha256": "0aviz1cjm00lya530n0wyqn85d3idzn3bbp8065ygvfawqcf163j",
"sha256bin64": "0azkcvbl645c9ph4vn4502qbgfcb7zbs4ycy3q73nj5al642absm",
"version": "111.0.5563.8",
"sha256": "0gflrk5i6dr5vrywhxab73044gryxj49px59blgl6nyphw7swpwy",
"sha256bin64": "1dgfjz9pnziy1zymk7g15i5zdb002g77q8kqhkwgi4m0fndknpmj",
"deps": {
"gn": {
"version": "2022-12-12",

View file

@ -17,13 +17,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "lagrange";
version = "1.14.2";
version = "1.15.2";
src = fetchFromGitHub {
owner = "skyjake";
repo = "lagrange";
rev = "v${finalAttrs.version}";
hash = "sha256-9onjQ7fRLlL5/1vMtNHjBBcB7Fyk1ERaHg5IwtwbJQg=";
hash = "sha256-NUgDaBRcgYGLKJhSJLT17VZj/mU0w6ySahIYnud5M6Y=";
};
nativeBuildInputs = [ cmake pkg-config zip ];

View file

@ -1,11 +1,11 @@
{
"packageVersion": "109.0-1",
"packageVersion": "109.0.1-2",
"source": {
"rev": "109.0-1",
"sha256": "18nd0shx1r2y2gn42sa2jlckcymmnx3fkm4fp58c80gcppslh1fs"
"rev": "109.0.1-2",
"sha256": "1b5572i7aqad0pmjw88d3mhmhhhacp505z0d9l4l89r7gadssbwb"
},
"firefox": {
"version": "109.0",
"sha512": "9e2b6e20353e414da3d2eb9dcd3d77757664a98a4438a8e84f19a1c7c203e40136b08bf96a458fac05ddc627347217d32f1f6337980c5ca918874993657a58e7"
"version": "109.0.1",
"sha512": "58b21449a16a794152888f50e7fe9488c28739a7e067729acdc1de9f2e8384e6316cffdfe89f690f0d211189668d940825b4f8a26b8100468ae120772df99d72"
}
}

View file

@ -0,0 +1,33 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "pv-migrate";
version = "1.0.1";
src = fetchFromGitHub {
owner = "utkuozdemir";
repo = pname;
rev = "v${version}";
sha256 = "sha256-I66J1/N8Ln7KBQfzg39wdZuM6PeJGn1HiNK2YVzDySw";
};
subPackages = [ "cmd/pv-migrate" ];
vendorSha256 = "sha256-/klqOfM0ZhbzZWOLm0pA0/RB84kvfEzFJN1OQUVSNEA";
ldflags = [
"-s"
"-w"
"-X main.version=v${version}"
"-X main.commit=${src.rev}"
"-X main.date=1970-01-01-00:00:01"
];
meta = with lib; {
description = "CLI tool to easily migrate Kubernetes persistent volumes ";
homepage = "https://github.com/utkuozdemir/pv-migrate";
changelog = "https://github.com/utkuozdemir/pv-migrate/releases/tag/${version}";
license = licenses.afl20;
maintainers = [ maintainers.ivankovnatsky ];
};
}

View file

@ -412,11 +412,11 @@
"vendorHash": "sha256-ZgVA2+2tu17dnAc51Aw3k6v8k7QosNTmFjFhmeknxa8="
},
"gandi": {
"hash": "sha256-mQ4L2XCudyPGDw21jihF7nkSct7/KWAe/txnbtuJ8Lk=",
"hash": "sha256-eVSMjXSYRedig93Tm2ZLpbuJhG3wKSBwfLli7OWs3dU=",
"homepage": "https://registry.terraform.io/providers/go-gandi/gandi",
"owner": "go-gandi",
"repo": "terraform-provider-gandi",
"rev": "v2.2.2",
"rev": "v2.2.3",
"spdx": "MPL-2.0",
"vendorHash": "sha256-uWTY8cFztXFrQQ7GW6/R+x9M6vHmsb934ldq+oeW5vk="
},

View file

@ -27,11 +27,11 @@ let
in
stdenv.mkDerivation rec {
pname = "PortfolioPerformance";
version = "0.60.2";
version = "0.61.0";
src = fetchurl {
url = "https://github.com/buchen/portfolio/releases/download/${version}/PortfolioPerformance-${version}-linux.gtk.x86_64.tar.gz";
hash = "sha256-jSRZZufGi1wmdT7LeNutkO74bqln8uJ5TSEDCJyfPB4=";
hash = "sha256-lpKnhAF/VsbLOHkIy1TFqjT0yKlFMNsN+yMUmpBAZKY=";
};
nativeBuildInputs = [

View file

@ -0,0 +1,23 @@
{ buildGoModule, fetchFromGitHub, lib }:
buildGoModule rec {
pname = "rime-cli";
version = "0.0.3";
src = fetchFromGitHub {
owner = "puddinging";
repo = pname;
rev = "v${version}";
hash = "sha256-CI0Jva7oA/zUGatv+wCdByqbTBNQRw+4clr8IDKX6HQ=";
};
vendorHash = null;
meta = with lib; {
homepage = "https://github.com/puddinging/rime-cli";
changelog = "https://github.com/puddinging/rime-cli/releases/tag/v${version}";
description = "A command line tool to add customized vocabulary for Rime IME";
license = licenses.asl20;
maintainers = with maintainers; [ urandom ];
};
}

View file

@ -2,10 +2,10 @@
stdenv.mkDerivation rec {
pname = "stacks";
version = "2.60";
version = "2.62";
src = fetchurl {
url = "http://catchenlab.life.illinois.edu/stacks/source/${pname}-${version}.tar.gz";
sha256 = "sha256-ppKG7Z1TyLwUyqRnGYk3QWPJqKeNcW04GMW7myPFSNM=";
sha256 = "sha256-7uhQVLC/AEPAPUdm3+vABoIwG4uhNy/EngjsrZjT0Ts=";
};
buildInputs = [ zlib ];

View file

@ -0,0 +1,43 @@
{ stdenv
, lib
, gfortran
, fetchFromGitHub
, cmake
, blas
, lapack
, python3Packages
}:
assert blas.isILP64 == lapack.isILP64;
stdenv.mkDerivation rec {
pname = "mopac";
version = "22.0.6";
src = fetchFromGitHub {
owner = "openmopac";
repo = pname;
rev = "v${version}";
hash = "sha256-j4AP3tki+Ep9Pv+pDg8TwCiJvpF2j5npW3Kpat+7gGg=";
};
nativeBuildInputs = [ gfortran cmake ];
buildInputs = [ blas lapack ];
checkInputs = with python3Packages; [ python numpy ];
doCheck = true;
preCheck = ''
export OMP_NUM_THREADS=2
'';
meta = with lib; {
description = "Semiempirical quantum chemistry";
homepage = "https://github.com/openmopac/mopac";
license = licenses.lgpl3Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ sheepforce markuskowa ];
};
}

View file

@ -0,0 +1,41 @@
{ stdenv
, lib
, fetchFromGitHub
, wxGTK32
, libGL
, libGLU
, pkg-config
, xorg
, autoreconfHook
}:
stdenv.mkDerivation rec {
pname = "wxmacmolplt";
version = "7.7.2";
src = fetchFromGitHub {
owner = "brettbode";
repo = pname;
rev = "v${version}";
hash = "sha256-sNxCjIEJUrDWtcUqBQqvanNfgNQ7T4cabYy+x9D1U+Q=";
};
nativeBuildInputs = [ pkg-config autoreconfHook ];
buildInputs = [
wxGTK32
libGL
libGLU
xorg.libX11
xorg.libX11.dev
];
enableParallelBuilding = true;
meta = with lib; {
description = "Graphical user inteface for GAMESS-US";
homepage = "https://brettbode.github.io/wxmacmolplt/";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ sheepforce markuskowa ];
};
}

View file

@ -91,7 +91,7 @@ self = stdenv.mkDerivation {
passthru = {
inherit coq-version;
inherit ocamlPackages ocamlNativeBuildInputs;
inherit ocamlPropagatedBuildInputs ocamlPropagatedNativeBuildInputs;
inherit ocamlPropagatedBuildInputs;
# For compatibility
inherit (ocamlPackages) ocaml camlp5 findlib num ;
emacsBufferSetup = pkgs: ''

View file

@ -11,13 +11,13 @@
stdenv.mkDerivation rec {
pname = "conmon";
version = "2.1.5";
version = "2.1.6";
src = fetchFromGitHub {
owner = "containers";
repo = pname;
rev = "v${version}";
sha256 = "sha256-zpZ3hVgnh8gkrSghSvhSZnG9uaN+GTKFGHv+MMcs73Q=";
hash = "sha256-vmZSt0k6h4Zpbf+/Nq19QIkG3Fzjj3K031XnivFDA2s=";
};
nativeBuildInputs = [ pkg-config ];

View file

@ -145,6 +145,11 @@ let
cp -r --reflink=auto vendor $out
''}
if ! [ "$(ls -A $out)" ]; then
echo "vendor folder is empty, please set 'vendorHash = null;' or 'vendorSha256 = null;' in your expression"
exit 10
fi
runHook postInstall
'';

View file

@ -11,7 +11,7 @@ let
(builtins.attrNames (builtins.removeAttrs variantHashes [ "iosevka" ]));
in stdenv.mkDerivation rec {
pname = "${name}-bin";
version = "17.1.0";
version = "18.0.0";
src = fetchurl {
url = "https://github.com/be5invis/Iosevka/releases/download/v${version}/ttc-${name}-${version}.zip";

View file

@ -1,95 +1,95 @@
# This file was autogenerated. DO NOT EDIT!
{
iosevka = "0lxcyg93max17fqm6yvxwvr79jz9bggxcmv6qx8sknvjmq89l0pf";
iosevka-aile = "0pljy65m5zaxbajfmhc3gayz73rbp8vzaqzqcrlm2ir9yxaz21qc";
iosevka-curly = "0svf6hm0cspydgzjg39f5rp7mrcabb0vc2088r1msipaw8naajqf";
iosevka-curly-slab = "1afk0ijfciwh9pjy2qsawxw7gq7jxr52li2nwggcq04c9ybh62pg";
iosevka-etoile = "07zihk9q1ff93ms9gj92hbf2fzw7h4fl28szhrfll3p96y9f81q7";
iosevka-slab = "18hrv0kc82hfb6ivbdg5k9179k37anjigm8ddh5waiq2is6gmh8l";
iosevka-ss01 = "127zki1wcd2wjpqr1n2zf57iq44pwcrg2vlrspi3b9lhmxw0rlz9";
iosevka-ss02 = "0ig7y86c2d9y4bg5cqibbn0wqwwzm5d5qxd8vwhvd323mg3gh6bg";
iosevka-ss03 = "0zp2nkrl39pvidn846706dp8l12ac66kd9wsyh4cnn08mmm6gl4i";
iosevka-ss04 = "0r0ylsxj2j9akpxchnldwyddm7vrlpn82sxkgmjhr81hn3q08bgc";
iosevka-ss05 = "0r9mdhdjndxgm68fg59dbd810ggrpmpkvgcypyqf92l8sf1h55hj";
iosevka-ss06 = "1c6ga4jaglfp5mx980qy1alkifr1d1lq4qj69xfq6sx4146xn20f";
iosevka-ss07 = "0h1x2p9finl4482vx6lvs45x5258bpw5avkpgmg66wn16kd95zfq";
iosevka-ss08 = "1n5m11dlv49jj63s771ny77qpiz178iyvn7pfnhv2mzqwimz5sl2";
iosevka-ss09 = "1rbs15xsk7fajrm81nacixf18jjx08bpg26fw7pmxjv727zafv05";
iosevka-ss10 = "1rdpiq5pyzrnxhnsvf08zg0vjhln25vqkyknnv4xf34wr8r9xcc0";
iosevka-ss11 = "0l9454vx90pj0yva864qfj06ggplia0qdkv3nr14s3wmv5khh9gw";
iosevka-ss12 = "0cafszj0c7nkcxpbqsrqy5l2v0nzfph6i22w1iayg8bqvpip3x5m";
iosevka-ss13 = "1mlxh6qikrl0g82difr85lpkxdr83z5iymf0brmgdxkmyig3psr7";
iosevka-ss14 = "1330p52h94fgr76gll396hb0qalamm8z79hw73ci4ph22dpsd4ni";
iosevka-ss15 = "0cc5a1187i9idgvz7zhs0byya8c69f0g4pkqlivh37ffj07yv47v";
iosevka-ss16 = "052nypjppbrbkhjq85nwmx8469prfsbc9f05kw0vi30c8mpcjqwf";
iosevka-ss17 = "0k5p1qvx8vi8ic7yayky7zdi1hrkwli698ydlfhnk4yx10l0xq8j";
iosevka-ss18 = "16diyrfpz1kp9vcyq61pbdrrv4pl96kzn8ckv7wb5cnwxwa336c7";
sgr-iosevka = "0b92jmai9cgxdah74jmks7fwbyb1m722ablf3qaiizc597y031wv";
sgr-iosevka-aile = "1z5jg74aspkvhw41ihwzbfs4f075gs8ny76m30adp0n3v877nhjz";
sgr-iosevka-curly = "06bm6jg16sgvxnqbayqa92lvr0bc5vdjybbi467yx57hi83w860q";
sgr-iosevka-curly-slab = "08kg8imp29sww57mdpfmi86046vqwd4a2ayijcvs511v8nhl478r";
sgr-iosevka-etoile = "0gybfn95n2b8kn3bvi8pjkps5bmndnbbq9jbfbm81fims0s0496b";
sgr-iosevka-fixed = "15q4y8cm8cwxcbmjzknc19gyqmd4nb928b26nswm8m17p85zlcq0";
sgr-iosevka-fixed-curly = "1faci2m7w8cf65mjkigqlyh838r5mqvg7ai4nfdidms6ilhhsf37";
sgr-iosevka-fixed-curly-slab = "019m3nvsy6vwgf6f0z2l0wxxkqbl30y55jfgi2bsmxhizwzl3csc";
sgr-iosevka-fixed-slab = "1ps1xi334h7by3nihn3n6d76sbzcvv03dwy4iy5wixlz0lr8id5i";
sgr-iosevka-fixed-ss01 = "18qdd6qbk8dy6z36lsy89a7g6l1asdzqvlc82j9vk437yjm59vwi";
sgr-iosevka-fixed-ss02 = "0xm1k1f5hbhjbksshlv7bcdigdrxxhfpc8pgv7dvz7zpy7cx2y4y";
sgr-iosevka-fixed-ss03 = "1741k3p2mncq9kp1wshpl6dkwqvvg2bpakl91k6ssvj1z63r2zhq";
sgr-iosevka-fixed-ss04 = "0sw65088yihk2sk2mcdr4cd8rl9l954l2sc3y7dil3jkgw6kf0wq";
sgr-iosevka-fixed-ss05 = "1cc71vidcljh6k6pw6z5yygi0kir7n235l19as8y1qazmc8kh0ip";
sgr-iosevka-fixed-ss06 = "0s2f0j0z4dyd23z5mldih03cg8vqwvpqrmagbpx02v2krzn2vb27";
sgr-iosevka-fixed-ss07 = "07nfdx7bdbsxrmylsja8bvr1n2a116qyfg8pk1wpcax3vf56jamh";
sgr-iosevka-fixed-ss08 = "0ys6gw2p7vpdv8csxzxjx09m8k0h4s28w7i98iq27ak47xcm8xd7";
sgr-iosevka-fixed-ss09 = "0vn6vc0byakggyrd6d9mv1l9d4h5g7wcbkkmxzqfjr6xp3k96r88";
sgr-iosevka-fixed-ss10 = "0llqjvv7m1imvqw41xvmcw9y9c9wsnv2i8swnszr9r5khx3kbp6h";
sgr-iosevka-fixed-ss11 = "1wwjp1fgl2gxhjkmsz6k0a59kjcapby9y8j5m763ap4ig5djbv8r";
sgr-iosevka-fixed-ss12 = "1k9ak5dc3s024iz6rp4yz9b73752v93n0kldcnwi0lvbh4hp358k";
sgr-iosevka-fixed-ss13 = "0rgj38jkj6d7g44wn02k6ycixkwq6lwy756vp9w01aqqn5flw6s1";
sgr-iosevka-fixed-ss14 = "0lbpwnc40lswlmfwqziz7n3kn95kc5rn4fbq5nxa1z8cxz9dkhvh";
sgr-iosevka-fixed-ss15 = "034h7af7876q0ni8idj5dhkq1cpl91gvxhwxyw17pgnz8i51a261";
sgr-iosevka-fixed-ss16 = "0i00nxj0j7yr57b4ccd2yc4x7k8zw1xxpdwfwlm0n38c05iqbvj9";
sgr-iosevka-fixed-ss17 = "1z21han7l7nwz0qfi6fzvwdiadd9brpna51p24drdi8y3915b8n9";
sgr-iosevka-fixed-ss18 = "0fjdsx66al0h3spgdivryiw5d871s93s2lbmh7nxwf19lylrkv19";
sgr-iosevka-slab = "0j42hxgcwy5abf5jv5aqjri6h21k2nkgjj7527f68rgcnl9d980b";
sgr-iosevka-ss01 = "1m7c8zb3rhxnf9h4v55jv7ns6x74bwfsl6f4sl2b1gkfl50ibwqg";
sgr-iosevka-ss02 = "05cc3p8lkxl1s27wmgspk93fz8f51daqcfid8vpsvnqw75abivc9";
sgr-iosevka-ss03 = "0bmh1ijdalss96lkji0dcyl00wc2yw7a3lx0nqbbjl4m0l2mz4yp";
sgr-iosevka-ss04 = "1jc1y9rgw8hnd7zqrn98b35r01kmr2nykqip63h6qal7l456m4s2";
sgr-iosevka-ss05 = "06acxqhzfxlhqd083s57b15sx2vgq0r6pl9myp8syh1d9azbk899";
sgr-iosevka-ss06 = "0g3zaxy9363p28kcv6a52dqb1swnrn3rwl6pfvanz92vrrjspr7n";
sgr-iosevka-ss07 = "1bmdparw1hg3i8lnx8vwd467pwf4q94q80a62fcy87hppy3afryg";
sgr-iosevka-ss08 = "16kgj158nhmlql0gkkfya04dy1gp9an4gk691f28n0mqhi7hygcr";
sgr-iosevka-ss09 = "144x84qmh9pycn9v36q4z074vmnngn0chlyb8a8hyhgsyfqf7q7h";
sgr-iosevka-ss10 = "0i9hsmw78yg75a3m80jlmdn2rn72snz69m0abvz7z94b7c99ffsb";
sgr-iosevka-ss11 = "05a9azf7f64jdr5wwiy7djlmarl01mg6rfmzvrdd8a1a0nfcz1iz";
sgr-iosevka-ss12 = "1nqa88csh170gs3bggs6v5ssaqljvpw1zxaclhmzdvyhcphrwd19";
sgr-iosevka-ss13 = "1klhp2w99znj9qyz95z8jq3g23fs8jznya9dfzfy2i4hivw2gxv0";
sgr-iosevka-ss14 = "1w84mqg0x46fbr8v72ccxc9a7sp52g4qb0x6l84wr8cm1fn7n21f";
sgr-iosevka-ss15 = "05kdxmghhdyvlnc3wxzc5yyp00ybrq63fzh2kz3s4rwh11hhf0lq";
sgr-iosevka-ss16 = "0a9i7plsfy8fawip70p5w3dkmjh4sy61iwi9pnl0ara7z23783dq";
sgr-iosevka-ss17 = "1xmaqs54jhag7s18gfll94g0ixjqp2z5s69kwk48nznzpbfbpdsb";
sgr-iosevka-ss18 = "09nq0a7b4hkiyi1prxpf6vwms9cnmby2dzn9k4y0xcax7m464531";
sgr-iosevka-term = "1zr8cyq6578n8f3y9yyc0phs26hda1bf0bsd417wqcwsn88wfmx8";
sgr-iosevka-term-curly = "0xlwljc2gmwh119x83p2pic5zwjqdymg7pbl2ginzilsrgjl2k0q";
sgr-iosevka-term-curly-slab = "1vmpdws71sf1pf8nz3w7y0a64a5c3mp8f9w57bqmcn9vr22ymcl7";
sgr-iosevka-term-slab = "1wkqdgy9nd4mvy4rsssvpis1r17ikpbl8mfx6bp80fh0lai97mxw";
sgr-iosevka-term-ss01 = "1ly5ic5ihj00apb87am3kl38mywns8jizc7f4hniyrd9xhy1186z";
sgr-iosevka-term-ss02 = "09lisy461dvppfv6sdk4i6vfrqhxyx558zdaflv9vskmfq8iq66d";
sgr-iosevka-term-ss03 = "0nm84l4xk53l1q96hx8q63nbflgmivj3cq7z5mysv1z8jdp7isx3";
sgr-iosevka-term-ss04 = "1y9kkasxmpm4n1vs5plsa25cgwvdi4jahn3ggdlxpl35yi4kxnr3";
sgr-iosevka-term-ss05 = "1drngqgcibv6kfwjn3s2bik286ypj613q4p3fz0b7incniaz372j";
sgr-iosevka-term-ss06 = "1rkqnj59hv1lzsplss3jk0jgz6q68qkg4a3200hv10rs9i2w2qxk";
sgr-iosevka-term-ss07 = "1z6jh8qmc2063zgwbd00xi258grdillkc1nja69awdxiamv6hgf9";
sgr-iosevka-term-ss08 = "022qw6frmmmpwbq6af8rysm8pbq713fiw92hkqi5k3j4v8dwl9v2";
sgr-iosevka-term-ss09 = "1c32p4d46q3izif68ka6gr1hmq10snrlga5d7ypphmm8yxvavd9c";
sgr-iosevka-term-ss10 = "1p497kqa386q5rvsfigzxdr0009agiw4bv4xxmb83pg3sl8bf7z9";
sgr-iosevka-term-ss11 = "19kfvmwijd1kyw4bln0m5z7wpch9h44ny13ccxx0qmiv5y7wwm94";
sgr-iosevka-term-ss12 = "1pnr7yd431xnym12vnlww6rxm1vfd9x24kqpx0323q3n61yjqzd6";
sgr-iosevka-term-ss13 = "04nhps95s360vv4qr1pbzs1aj8zdalzv4ajdkawdssxaz1xs57c7";
sgr-iosevka-term-ss14 = "1xvdpx8sa4ifgy9a3y65qcxj8cavisw4h7hjfivq4y0il79sl7nw";
sgr-iosevka-term-ss15 = "03rs8b8yb7n1f7cp6zffgr7x20vx6hiag7a22ysx0zr2i4zp37i6";
sgr-iosevka-term-ss16 = "1s86hmr7a6qwyf5m9q0npzzd25nvh9k1nlja1b8fnnlgchycwfbw";
sgr-iosevka-term-ss17 = "0y5i99iy7r3z4cv87s3v3mxbadp3np16a3c65w41pjv86llkc30g";
sgr-iosevka-term-ss18 = "0s5hdh61y5v17jrdpajgkzzrg0cqgcad6gvs9m8v55xi2zlqfxip";
iosevka = "03f2rabj2w2l7jwqyl2awj42jhh0l3picqgyfcv3q067i34abfyn";
iosevka-aile = "0p1r5sysy6djfd1sx0pfxf42bv7ayqgk1nvil33jr925w96i2dp6";
iosevka-curly = "0r33wcgvh315avgkkic27qpf3bavrqwbig1kj4wm5rdr957ldk40";
iosevka-curly-slab = "0yd7grhnx7z27xmd3wr8x2xx2002hmfi1y3ndmqq1sc9gab5gcb7";
iosevka-etoile = "0jhd49vxxxaqi1rxfkmpc3v1q96ak1b5wyggchngqi3739pjgqy3";
iosevka-slab = "00wk15kj9b1nr3b0bmarx6gqx3jg8z1pm9qqf9x09s72b3ng8adm";
iosevka-ss01 = "1kp6zv8zyx50la7zrfz4fis68s41kplibagny61w5v3w36xpm3cs";
iosevka-ss02 = "1c0dl28a3wwa5g4793jyb4n4c8p5vjlyh1b8j2i5da31dqrqm9gj";
iosevka-ss03 = "0vs8x6l8gwqi47g1c5ainsk5fb2i6j4wv7mgdyw5j5l3blnba5yh";
iosevka-ss04 = "1caf4xqd1dywzbq06ip042rw88833yk9ws7y3vjvsp93g7a2r675";
iosevka-ss05 = "008aphj4w6ri3fgnydrxavvpm3bfywv4cym10fqi9xgd84jhm9m1";
iosevka-ss06 = "00dkagqiwzwzvv75zss82yx0gdcbmh9xvr8swhi5zk0y0bc3xk2y";
iosevka-ss07 = "1acnva081awp76xyspksq9jkvlyswh3q1jy9gnsc6kh4vyn17vjs";
iosevka-ss08 = "0lmkglcjlppvfd7k2pz57r476fa4c0q5l4gqzfy1mlklh0mc5hqb";
iosevka-ss09 = "04r2k2z54iszwfnif872p5br0dm4fvc5341cpbxv4almpzxjyqnr";
iosevka-ss10 = "1c6gs9g8dhywpd2ha7kx2l7g7bwj7i5a78645ipx8126f749y0y9";
iosevka-ss11 = "0286k56r12a2yjylxynvzd0idrcv4ykrmpkn3b5xv9f74qq6irmf";
iosevka-ss12 = "0ab4x5lh8spbg0djb092vcq1cnvjhazwkia8byq1q47iwiyh756l";
iosevka-ss13 = "0kva71mfkl9xzz8khjzgrj47zg2505rg0hv5hxflawxsqwi4iwvl";
iosevka-ss14 = "1gk7m3xh4v3jm6s5g2prd27w4p0r1blbxsxdy3b020bdwikxcaga";
iosevka-ss15 = "0frxjc3hhay8izsx4ywff4j39qxp9ljz6hvw0rjcya3vny515jq5";
iosevka-ss16 = "1g299yhn0kfc7vn8vbgwq4798w5lcl72j6hj91k90i1yq11lg13i";
iosevka-ss17 = "02z83x73bhpgf44kq0gw46bdnpqzr4vm37h78bh19vydzqaj8hg0";
iosevka-ss18 = "1b7vhhbspi98xzmk4hpiw08jmscm7f7nibqxhkfmppl6y0ymbm9d";
sgr-iosevka = "1n60dgprl2p22wwfhxpwy9v9xf6vyv3qwm2jdc0m9m0q9jwjashr";
sgr-iosevka-aile = "1k195vqv2wajhmyma43xgda3s2z86kl2gksgdrm95s9sx7ijns2s";
sgr-iosevka-curly = "15yq1fs7knp9gxgqjxslpmlx85c6kvpm31sf81llpf4k5f9dmlcp";
sgr-iosevka-curly-slab = "0fa68lm6iwlf2s5k8388dwgk015c55zg1wkhhhjmixwn7p8gifxz";
sgr-iosevka-etoile = "1ry1zc7cdx6g927d1752ipz39v4wsnfrnn8n9cfwamz8v458wld1";
sgr-iosevka-fixed = "173v09dx5pwsbh9jac5qxi7nk95dqyryg747hl58bchby6kmnc3k";
sgr-iosevka-fixed-curly = "11y8bj9vmdq48n370f1r4zsk72ci3cq7c9ff6y40hn5w40s8k379";
sgr-iosevka-fixed-curly-slab = "1a4gmz6sl67l23awkfl8f3xdr8hbb2mi1lsc0ain1wvvyx1bi56m";
sgr-iosevka-fixed-slab = "11xv18ykrfg2fdvbrlcx7k3qvp5yqbm278ks3gm0gbck1awvfckg";
sgr-iosevka-fixed-ss01 = "1yb96x53wjks537vs0gd7rss6piszs139k1kgb1swrpq7519awaz";
sgr-iosevka-fixed-ss02 = "10yy0yg2i9nm00lzpmrfbdh7jjcll37wql3fcsaxha57gcxf9nf0";
sgr-iosevka-fixed-ss03 = "1fpjfqlqq6lz3gya1q24nzy2xls6nxn567lhglj0ykjnh3prkll8";
sgr-iosevka-fixed-ss04 = "1kwa5mwd6ihsyj2y70hrrvgy41cs19i0f7nvl4khs3i69a1l58ag";
sgr-iosevka-fixed-ss05 = "08v8in8s8p2nayazq60w1kc1jpq48nwdwh6wbxv7ij7lfwii8xws";
sgr-iosevka-fixed-ss06 = "03jzylw99xa3b6hpy6bpwhyii6d9fggy9synfl54sn7smwqk08wr";
sgr-iosevka-fixed-ss07 = "13yzd6r51gka03fcl3bvx6d97b4m4px2cnsd724maqkqrcxkbxgb";
sgr-iosevka-fixed-ss08 = "1xghlj7drx9328jr1cb051nkwv47r5ykkyy6ydff1c4amc1xabsq";
sgr-iosevka-fixed-ss09 = "12l6lbz4m1lwyqqmv583777r9ymssy9x34rz72y3dch0mqhmjjzg";
sgr-iosevka-fixed-ss10 = "1flrh6a7m0dw7na30nhbxjld54517z77ff3s9fjrpmgyb9wz7i2j";
sgr-iosevka-fixed-ss11 = "1j4v4h6k505gkxyswcjf61kj9cfgkalxjg1arms9zb351p8rrkda";
sgr-iosevka-fixed-ss12 = "00qwnsxc08bm5cq3ljz2pjqsiw019ah4z0crqcwaysijicxmbckc";
sgr-iosevka-fixed-ss13 = "0jrw0amhfi28mc4i7a74qvgjamvymijlf3akskaw9qrmzvks8wn1";
sgr-iosevka-fixed-ss14 = "0rvh842zkxdrna9nh2ylsjs3q90sq39658l0mafi85b8z5asdwai";
sgr-iosevka-fixed-ss15 = "0j5yrr1biqfhgj6qg6359xg9rfv6qzqiqdqjgfjwbhijs6xfn8f1";
sgr-iosevka-fixed-ss16 = "06jrfhb257nmldnxxyc5rh869r5y62v2y034c0r9j7354s7gcq7a";
sgr-iosevka-fixed-ss17 = "0cgmsh0478963k1dgpkhy6j1b383gx2q09z3shr6j87knjjwqgp0";
sgr-iosevka-fixed-ss18 = "0r4nyd459aqgna7dyzvxnznclqihxdb888g949kdzhxykfchq53s";
sgr-iosevka-slab = "1bv8asz66hn80xvjxa7b0vgywha1bpmhd8q95cssc3085dprz1r6";
sgr-iosevka-ss01 = "0sv19w0adnddzarf8dlz0n73jzqnp0xfb2lgh4xcpjkhm66j3fhh";
sgr-iosevka-ss02 = "1ih10a666r77pvj57crdgyn7ll15giwxj0nis501r1fkp1bzkscn";
sgr-iosevka-ss03 = "180hkjzzgasf9a58vi0n0cishnbyjgbjmkh60awcpxwvh85qd4hf";
sgr-iosevka-ss04 = "1i4rpg9j967xaxg8h9dmachd3896f4jgwxa0mfjlizls2hfvnbsi";
sgr-iosevka-ss05 = "1ca2z4dincjk7jl16pa6d7dnnzq3w3il7fr2lphvrjvdrxbci615";
sgr-iosevka-ss06 = "08dj9dcq58grnp6lh16yvvzjqhzlm765v4ci1rys0wbjnp72xxda";
sgr-iosevka-ss07 = "13k6plhdgxhp5gjs8z98wb480hh5wy6p2zmc4xvhp88y93fy8kk7";
sgr-iosevka-ss08 = "1zfxamanq6a06fazn1jkaswh5g6iw22qnycg5dnxn4flk8nas1db";
sgr-iosevka-ss09 = "0qaxp4fsvl26il16h78y2l8013m49cbk2nzxcs1k9g5if11a49d3";
sgr-iosevka-ss10 = "1qvvm6rvhrbp83qjfb3dfsbam20f6aw52kg1i5ggfrqj35niv0hd";
sgr-iosevka-ss11 = "1v2b456qj8kyacm7308gsim5p25wnyg8qabyrfvdj00h81s31akl";
sgr-iosevka-ss12 = "1rsi6ir5vccar0n3ychisc40axiyhqj5yvcx450ppd33f3sd5rc7";
sgr-iosevka-ss13 = "12x4q5l1pdxi065zs913dqd7zb8qpi4bbgd43h3k5azsrwxwvixr";
sgr-iosevka-ss14 = "1snzdv23jqmbz25k9i2zl7px7yysk5hn74q1x251s07ghdx3nfdj";
sgr-iosevka-ss15 = "0hbmj6wij6cv9yh76npp4xrl7fdm8jjx03398anfcsa02gkvg8zz";
sgr-iosevka-ss16 = "0v6vhg0vp5ig6ngs96q5mxa2snfp08nk68a9772sm1ny61q3chrq";
sgr-iosevka-ss17 = "0268b85yhdfsbjyhi0vlxwrpwxa8h919np53s060z94094h6jd9x";
sgr-iosevka-ss18 = "13vnhh8181h36y6iz2p2x6rjgjv5w3d0gqbcdkwhgmvx7s03k122";
sgr-iosevka-term = "05c2sxb4aris90mhjxyfkw1b0ga0hplfas669076h7yjsimw647l";
sgr-iosevka-term-curly = "1j0b4fhcivkdgka9zyqf732hcxj8rchqxkwv2bwxib1a17fmwn6c";
sgr-iosevka-term-curly-slab = "0dvv2n3plfxm8z2xi1ihzn4rncyk1kz8xbgyprnb0lvqiyf18igy";
sgr-iosevka-term-slab = "0i7wrvq6c96q8v6zw9iym42b6sbm0vc04ysljghpblnnfymq5yv9";
sgr-iosevka-term-ss01 = "1n23qp50pr466blpn2h9dhjbn0wnbbxyzb0sz751bk8db41lpyqb";
sgr-iosevka-term-ss02 = "0ghvfhkdsfsjb8yjwvwlwhn66lmy8dx34126ccnvj0g77ww2nwa9";
sgr-iosevka-term-ss03 = "03hnmy9wijqwsc36cg5b3pxj7mb1cbyacii00pcvrpcns2w1ssbw";
sgr-iosevka-term-ss04 = "0fv9xhhii0h5ii4yxsdnywn45254494mgq1n5aajasq494cgxhp4";
sgr-iosevka-term-ss05 = "0qa4l77sjpxd9l4nb555bhgzm0f1c74w6014md2rpljjvyy2mzwg";
sgr-iosevka-term-ss06 = "05y7rmghvhmzw3spn7b3v6hmpcqg5p32flm437a1aljdr46sbxli";
sgr-iosevka-term-ss07 = "1lzqgpr1vchi4ricqp1v49nv62rl3anbdvzpvddby81wr5jcyd1y";
sgr-iosevka-term-ss08 = "1sxicv2gspc39fyja370dpiq12xd1bgndiw5r6cqfkkd8x8dgpdv";
sgr-iosevka-term-ss09 = "0ax9pgm3d171kksrqd2z8xpr68kdxkqg9h344an55gjk01q7dzay";
sgr-iosevka-term-ss10 = "1rgvadmvdldcaqa0r76kzmrck814qwksdqficaxcd7wk8bx64n81";
sgr-iosevka-term-ss11 = "02if14ff5kax4p1aa2wkbidhwlzgyxi7lxir2ildahwfkvkp971y";
sgr-iosevka-term-ss12 = "0sj8n12is4094nbj67wkk88953jp9235kvvr4230abql1g6s263r";
sgr-iosevka-term-ss13 = "006sdcj8qw247b63d647ykm8razyb0apsfd0cjmlikj9hdmyzrr2";
sgr-iosevka-term-ss14 = "0i7d3ldp9rj1f4kwdk8hkxq0s38df6i25qfx6hwfjj1c5bl3a843";
sgr-iosevka-term-ss15 = "15gjqz7zc6wwy1l61pgpnz7wwyyaij43dcrwcwyi6h10jhm8b3ia";
sgr-iosevka-term-ss16 = "1c1i1iyqzgh3pz4fzjp26d71lphmcgqbjp2s91yyqg3nfhwbzvyc";
sgr-iosevka-term-ss17 = "0kr58576vlx81nb2ia5z9226m6h0ybd5vzfj5li9b721l4q0rpky";
sgr-iosevka-term-ss18 = "1zjs40i4dmw2l45k8wydngl4g3a88nhbmmjwd5lsz8a40pq4bw15";
}

View file

@ -0,0 +1,44 @@
{ lib
, stdenv
, fetchFromGitLab
, cmake
, extra-cmake-modules
, kdecoration
, plasma-workspace
, qtbase
}:
stdenv.mkDerivation {
pname = "breath-theme";
version = "unstable-2022-12-22";
src = fetchFromGitLab {
domain = "gitlab.manjaro.org";
owner = "themes";
group = "artwork";
repo = "breath";
rev = "98822e7d903f16116bfb02ff9921824c139d7bbc";
sha256 = "sha256-gvzhHOuOhxV3TC3UZeVpxeSDLpCJV+SaapcJ5mbHskY=";
};
nativeBuildInputs = [
cmake
extra-cmake-modules
kdecoration
plasma-workspace
qtbase
];
dontWrapQtApps = true;
cmakeFlags = [ "-DBUILD_PLASMA_THEMES=ON" "-DBUILD_SDDM_THEME=ON" ];
meta = with lib; {
description = "Manjaro KDE default theme";
homepage = "https://gitlab.manjaro.org/artwork/themes/breath";
license = licenses.cc-by-sa-40;
maintainers = with maintainers; [ huantian ];
platforms = platforms.linux;
};
}

View file

@ -2,17 +2,17 @@
rustPlatform.buildRustPackage rec {
pname = "wasmtime";
version = "4.0.0";
version = "5.0.0";
src = fetchFromGitHub {
owner = "bytecodealliance";
repo = pname;
rev = "v${version}";
hash = "sha256-Vw3+KlAuCQiyBfPOZrUotgrdkG+FRjXg8AxAanfbwJQ=";
hash = "sha256-tHGzXjOOOWgYBMA0skLRNFkVgXc3hcs3F1XNsHxDRhk=";
fetchSubmodules = true;
};
cargoHash = "sha256-gV3Yf7YL3D3hrymYW1b80uOlp7RYRWFC7GtxAot5Ut0=";
cargoHash = "sha256-92BZdbNz22cZMJkHJwE3lUik6hAhRLCBwYzm2RAvRGo=";
cargoBuildFlags = [
"--package wasmtime-cli"
@ -28,14 +28,8 @@ rustPlatform.buildRustPackage rec {
# false positives of this package being broken due to failed runs on
# Hydra (e.g. https://hydra.nixos.org/build/187667794/)
doCheck = (stdenv.system != "x86_64-darwin");
checkFlags = [
"--skip=cli_tests::run_cwasm"
"--skip=commands::compile::test::test_unsupported_flags_compile"
"--skip=commands::compile::test::test_aarch64_flags_compile"
"--skip=commands::compile::test::test_successful_compile"
"--skip=commands::compile::test::test_x64_flags_compile"
"--skip=commands::compile::test::test_x64_presets_compile"
"--skip=traps::parse_dwarf_info"
cargoTestFlags = [
"--package wasmtime-runtime"
];
postInstall = ''

View file

@ -0,0 +1,14 @@
based onhttps://830833.bugs.gentoo.org/attachment.cgi?id=761676,
adjusted for 1.7.2
--- a/configure.in 2022-01-09 00:31:05.552582255 -0800
+++ b/configure.in 2022-01-09 00:31:19.824582533 -0800
@@ -1329,7 +1329,7 @@
return 3;
}
return 0;
- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])])
+ }], [], [ac_cv_file__dev_zero=no], [:])])
fi
# Now we determine which one is our anonymous shmem preference.

View file

@ -2,38 +2,15 @@
stdenv.mkDerivation rec {
pname = "apr";
version = "1.7.0";
version = "1.7.2";
src = fetchurl {
url = "mirror://apache/apr/${pname}-${version}.tar.bz2";
sha256 = "1spp6r2a3xcl5yajm9safhzyilsdzgagc2dadif8x6z9nbq4iqg2";
sha256 = "sha256-ded8yGd2wDDApcQI370L8qC3Xu1TUeUtVDn6HlUJpD4=";
};
patches = [
(fetchpatch {
name = "CVE-2021-35940.patch";
url = "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch";
sha256 = "1qd511dyqa1b7bj89iihrlbaavbzl6yyblqginghmcnhw8adymbs";
# convince fetchpatch to restore missing `a/`, `b/` to paths
extraPrefix = "";
})
# Fix cross.
(fetchpatch {
url = "https://github.com/apache/apr/commit/374210c50ee9f4dbf265f0172dcf2d45b97d0550.patch";
sha256 = "04k62c5dh043jhkgs5qma6yqkq4q7nh0zswr81il4l7q1zil581y";
})
(fetchpatch {
url = "https://github.com/apache/apr/commit/866e1df66be6704a584feaf5c3d241e3d631d03a.patch";
sha256 = "0hhm5v5wx985c28dq6d9ngnyqihpsphq4mw7rwylk39k2p90ppcm";
})
# Cross fix. Patch the /dev/zero mmapable detection logic. https://bugs.gentoo.org/show_bug.cgi?id=830833
(fetchpatch {
url = "https://830833.bugs.gentoo.org/attachment.cgi?id=761676";
name = "cross-assume-dev-zero-mmappable.patch";
sha256 = "sha256-rsouJp1o7p0d+AJ5KvyhUU79vAJOcVHEuwSEKaCEGa8=";
})
./cross-assume-dev-zero-mmappable.patch
];
# This test needs the net

View file

@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
pname = "sealcurses";
version = "unstable-2022-05-18"; # No release yet
version = "unstable-2023-02-06"; # No release yet
src = fetchFromGitea {
domain = "git.skyjake.fi";
owner = "skyjake";
repo = pname;
rev = "417d77d790ede990b4c149f21c58fd13b8f273cc";
hash = "sha256-yOrJYy9vBv5n8yK6u7tfMq56LBBw5rmhUjORINW8gxo=";
rev = "e11026ca34b03c5ab546512f82a6f705d0c29e95";
hash = "sha256-N+Tvg2oIcfa68FC7rKuLxGgEKz1oBEEb8NGCiBuZ8y4=";
};
nativeBuildInputs = [ cmake pkg-config ];

View file

@ -12,14 +12,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "the-foundation";
version = "1.5.0";
version = "1.6.0";
src = fetchFromGitea {
domain = "git.skyjake.fi";
owner = "skyjake";
repo = "the_Foundation";
rev = "v${finalAttrs.version}";
hash = "sha256-wPFBKc20/ED58RFpDhmPnlSHCf3FG5sD2ubQOl5NF+o=";
hash = "sha256-+V2WJYEmIZWpioNvvZMiw7Vt9ogEnEcjq+vR7UiBTO0=";
};
nativeBuildInputs = [ cmake pkg-config ];

View file

@ -0,0 +1,56 @@
{ lib
, buildPythonPackage
, pythonOlder
, fetchFromGitHub
, pytestCheckHook
, arviz
, formulae
, graphviz
, numpy
, pandas
, pymc
, scipy
}:
buildPythonPackage rec {
pname = "bambi";
version = "0.9.3";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "bambinos";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-f/4CrFmma+Lc6wZm+YyDupDWfPAtuRsZdRf28sYUWTk=";
};
propagatedBuildInputs = [
arviz
formulae
numpy
pandas
pymc
scipy
];
preCheck = ''export HOME=$(mktemp -d)'';
nativeCheckInputs = [ graphviz pytestCheckHook ];
disabledTests = [
# attempt to fetch data:
"test_data_is_copied"
"test_predict_offset"
# require blackjax (not in Nixpkgs), numpyro, and jax:
"test_logistic_regression_categoric_alternative_samplers"
"test_regression_alternative_samplers"
];
pythonImportsCheck = [ "bambi" ];
meta = with lib; {
homepage = "https://bambinos.github.io/bambi";
description = "High-level Bayesian model-building interface";
license = licenses.mit;
maintainers = with maintainers; [ bcdarwin ];
};
}

View file

@ -0,0 +1,38 @@
{
lib,
buildPythonPackage,
fetchPypi,
python,
pbr,
pytestCheckHook,
}:
buildPythonPackage rec {
pname = "beconde-py";
version = "4.0.0";
format = "setuptools";
src = fetchPypi {
inherit version;
pname = "bencode.py";
sha256 = "sha256-KiTM2hclpRplCJPQtjJgE4NZ6qKZu256CZYTUKKm4Fw=";
};
pythonImportsCheck = [
"bencodepy"
];
nativeBuildInputs = [
pbr
];
nativeCheckInputs = [
pytestCheckHook
];
meta = with lib; {
description = "Simple bencode parser (for Python 2, Python 3 and PyPy)";
homepage = "https://github.com/fuzeman/bencode.py";
license = licenses.bitTorrent11;
maintainers = with maintainers; [vamega];
};
}

View file

@ -16,12 +16,11 @@
}:
let
pname = "cmsis-pack-manager";
version = "0.5.1";
version = "0.4.0";
src = fetchPypi {
pname = "cmsis_pack_manager";
inherit version;
sha256 = "sha256-2pKGJlPubR+C4UhdCuMDR9GG2wQOaP6YkMXxeAcaRkk=";
inherit pname version;
hash = "sha256-NeUG6PFI2eTwq5SNtAB6ZMA1M3z1JmMND29V9/O5sgw=";
};
native = rustPlatform.buildRustPackage {
@ -74,5 +73,6 @@ buildPythonPackage rec {
homepage = "https://github.com/pyocd/cmsis-pack-manager";
license = licenses.asl20;
maintainers = with maintainers; [ frogamic sbruder ];
broken = stdenv.isDarwin;
};
}

View file

@ -0,0 +1,43 @@
{ lib
, buildPythonPackage
, pythonOlder
, fetchFromGitHub
, pytestCheckHook
, numpy
, pandas
, scipy
}:
buildPythonPackage rec {
pname = "formulae";
version = "0.3.4";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "bambinos";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-6IGTn3griooslN6+qRYLJiWaJhvsxa1xj1+1kQ57yN0=";
};
propagatedBuildInputs = [
numpy
pandas
scipy
];
nativeCheckInputs = [ pytestCheckHook ];
# use assertions of form `assert pytest.approx(...)`, which is now disallowed:
disabledTests = [ "test_basic" "test_degree" ];
pythonImportsCheck = [
"formulae"
"formulae.matrices"
];
meta = with lib; {
homepage = "https://bambinos.github.io/formulae";
description = "Formulas for mixed-effects models in Python";
license = licenses.mit;
maintainers = with maintainers; [ bcdarwin ];
};
}

View file

@ -6,13 +6,13 @@
, importlib-metadata
, pytestCheckHook
, pythonOlder
, setuptools
, setuptools-scm
, hatch-vcs
, hatchling
}:
buildPythonPackage rec {
pname = "humanize";
version = "4.5.0";
version = "4.6.0";
format = "pyproject";
disabled = pythonOlder "3.7";
@ -21,19 +21,18 @@ buildPythonPackage rec {
owner = "python-humanize";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-vTfK45sZ9m7TUQJwZpQWhOXgZzO46CwCsnNP+PI1YfA=";
hash = "sha256-sI773uzh+yMiyu1ebsk6zutfyt+tfx/zT/X2AdH5Fyg=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = [
setuptools-scm
hatch-vcs
hatchling
gettext
];
propagatedBuildInputs = [
setuptools
] ++ lib.optionals (pythonOlder "3.8") [
propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [
importlib-metadata
];

View file

@ -7,15 +7,15 @@
buildPythonPackage rec {
pname = "piccata";
version = "2.0.0";
version = "2.0.2";
disabled = isPy27;
src = fetchFromGitHub {
owner = "NordicSemiconductor";
repo = pname;
rev = version;
sha256 = "0pn842jcf2czjks5dphivgp1s7wiifqiv93s0a89h0wxafd6pbsr";
rev = "refs/tags/${version}";
sha256 = "sha256-Vuhwt+esTkvyEIRVYaRGvNMTAXVWBBv/6lpaxN5RrBA=";
};
nativeCheckInputs = [

View file

@ -0,0 +1,36 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, sphinx
, requests
, flit-core
}:
buildPythonPackage rec {
pname = "sphinxcontrib-youtube";
version = "1.2.0";
format = "pyproject";
nativeBuildInputs = [ flit-core ];
src = fetchFromGitHub {
owner = "sphinx-contrib";
repo = "youtube";
rev = "v${version}";
hash = "sha256-SUnnrzYJ6cOktE0IdnRWTvPGcL/eVS9obtHBMpS2s4A=";
};
propagatedBuildInputs = [ sphinx requests ];
# tests require internet access
doCheck = false;
pythonImportsCheck = [ "sphinxcontrib.youtube" ];
meta = with lib; {
description = "Youtube extension for Sphinx";
homepage = "https://github.com/sphinx-contrib/youtube";
maintainers = with maintainers; [ gador ];
license = licenses.bsd3;
};
}

View file

@ -11,7 +11,7 @@ buildGoModule {
hash = "sha256-jfbjXoGT8RtwLlqX13kcKdiFlhrVwA7Ems6abGJVRbA=";
};
vendorHash = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=";
vendorHash = null;
preBuild = ''
# Add go modules support

View file

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "include-what-you-use";
# Also bump llvmPackages in all-packages.nix to the supported version!
version = "0.18";
version = "0.19";
src = fetchurl {
sha256 = "sha256-kQL8hBkpR1ffhqic5uwwX42QqBjR8lmKE50V6xiUuPM=";
url = "${meta.homepage}/downloads/${pname}-${version}.src.tar.gz";
hash = "sha256-KxAVe2DqCK3AjjiWtJIcc/yt1exOtlKymjQSnVAeXuA=";
};
postPatch = ''

View file

@ -15,18 +15,18 @@
buildGoModule rec {
pname = "buildah";
version = "1.28.2";
version = "1.29.0";
src = fetchFromGitHub {
owner = "containers";
repo = "buildah";
rev = "v${version}";
sha256 = "sha256-1WB+lm2k7q4xViCUBhvCSuMCIlCMlAJ9etRajwGyOQs=";
hash = "sha256-g8Y4ZmQvDbzM7rG1otTxm+SRl/sK3sLM2SOWrBseOPQ=";
};
outputs = [ "out" "man" ];
vendorSha256 = null;
vendorHash = null;
doCheck = false;

View file

@ -7,17 +7,17 @@
}:
rustPlatform.buildRustPackage rec {
version = "0.32.0";
version = "0.32.1";
pname = "geckodriver";
src = fetchFromGitHub {
owner = "mozilla";
repo = "geckodriver";
rev = "refs/tags/v${version}";
sha256 = "sha256-gYDfCPA2zsscZ4r4FcNgCvIMMm13/HACTvNoiK/c+LA=";
sha256 = "sha256-ts2OGRdz1ajJ36XXUC48Jkygr3LDdZfHJ88peJkjqbg=";
};
cargoSha256 = "sha256-FlttmNHh0UVQ6xbo1eID+Ys34xp6zvKab4eoKIGujCU=";
cargoHash = "sha256-b54/65xYZ9a04dPm90R9tzhdjTwTaXvi4NnQe9k+qvE=";
buildInputs = lib.optionals stdenv.isDarwin [ libiconv Security ];

View file

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "ruff";
version = "0.0.241";
version = "0.0.242";
src = fetchFromGitHub {
owner = "charliermarsh";
repo = pname;
rev = "v${version}";
sha256 = "sha256-yrwrkU19LBM3gac70Y1UamZTdamuJdrMX4U88zGgJJs=";
sha256 = "sha256-TdaFo1U37W0UtGWtRchwdtTvyfljDOvtBJ7vCym1FX4=";
};
cargoSha256 = "sha256-RzGYh0zspP+sG7k+XwDy9kaTIGIEoOEV3ZoqVf0X0GA=";
cargoSha256 = "sha256-3gW9wV6aYVnKNxW79mJCy/lkQUD67G6U47JiOQriT40=";
nativeBuildInputs = [
installShellFiles

View file

@ -11,7 +11,7 @@ buildGoModule rec {
sha256 = "ahsNiac/3I2+PUqc90E73Brb99M68ewh9nWXoupfE3g=";
};
vendorSha256 = "pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=";
vendorSha256 = null;
# Avoid building example
subPackages = [ "." "fs" ];

View file

@ -0,0 +1,24 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "yamlfmt";
version = "0.7.1";
src = fetchFromGitHub {
owner = "google";
repo = pname;
rev = "v${version}";
sha256 = "sha256-oTdBFWISOfaz4ZDbJmyxtaKrjo9DVNJ5N7Qxnu7SwZA=";
};
vendorSha256 = "sha256-QRY6mYtrMvjUqXJOOvHL0b0OQ28320UwV8HL4fXpcNQ=";
doCheck = false;
meta = with lib; {
description = "An extensible command line tool or library to format yaml files.";
homepage = "https://github.com/google/yamlfmt";
license = licenses.asl20;
maintainers = with maintainers; [ sno2wman ];
};
}

View file

@ -2,18 +2,23 @@
buildPythonApplication rec {
pname = "frescobaldi";
version = "3.1.3";
version = "3.2";
src = fetchFromGitHub {
owner = "wbsoft";
repo = "frescobaldi";
rev = "v${version}";
sha256 = "1p8f4vn2dpqndw1dylmg7wms6vi69zcfj544c908s4r8rrmbycyf";
sha256 = "sha256-q340ChF7VZcbLMW/nd1so7WScsPfbdeJUjTzsY5dkec=";
};
propagatedBuildInputs = with python3Packages; [
lilypond pygame python-ly sip_4
pyqt5 poppler-qt5
qpageview
lilypond
pygame
python-ly
sip_4
pyqt5
poppler-qt5
pyqtwebengine
];
@ -30,7 +35,7 @@ buildPythonApplication rec {
dontWrapQtApps = true;
makeWrapperArgs = [
"\${qtWrapperArgs[@]}"
"\${qtWrapperArgs[@]}"
];
meta = with lib; {

View file

@ -1,4 +1,4 @@
{ lib, fetchFromGitHub, elk7Version, buildGoModule, libpcap, nixosTests, systemd }:
{ lib, fetchFromGitHub, elk7Version, buildGoModule, libpcap, nixosTests, systemd, config }:
let beat = package: extraArgs: buildGoModule (rec {
pname = package;
@ -36,10 +36,12 @@ rec {
metricbeat7 = beat "metricbeat" {
meta.description = "Lightweight shipper for metrics";
passthru.tests =
assert metricbeat7.drvPath == nixosTests.elk.ELK-7.elkPackages.metricbeat.drvPath;
{
elk = nixosTests.elk.ELK-7;
};
lib.optionalAttrs config.allowUnfree (
assert metricbeat7.drvPath == nixosTests.elk.unfree.ELK-7.elkPackages.metricbeat.drvPath;
{
elk = nixosTests.elk.unfree.ELK-7;
}
);
};
packetbeat7 = beat "packetbeat" {
buildInputs = [ libpcap ];

View file

@ -0,0 +1,36 @@
{ lib, stdenv, fetchFromGitHub, swift, AppKit, Foundation, UniformTypeIdentifiers }:
let
arch = if stdenv.isAarch64 then "arm64" else "x86_64";
in
stdenv.mkDerivation rec {
pname = "openwith";
version = "unstable-2022-10-28";
src = fetchFromGitHub {
owner = "jdek";
repo = "openwith";
rev = "a8a99ba0d1cabee7cb470994a1e2507385c30b6e";
hash = "sha256-lysleg3qM2MndXeKjNk+Y9Tkk40urXA2ZdxY5KZNANo=";
};
nativeBuildInputs = [ swift ];
buildInputs = [ AppKit Foundation UniformTypeIdentifiers ];
makeFlags = [ "openwith_${arch}" ];
installPhase = ''
runHook preInstall
install openwith_${arch} -D $out/bin/openwith
runHook postInstall
'';
meta = with lib; {
description = "Utility to specify which application bundle should open specific file extensions";
homepage = "https://github.com/jdek/openwith";
license = licenses.unlicense;
maintainers = with maintainers; [ zowoq ];
platforms = [ "aarch64-darwin" "x86_64-darwin" ];
};
}

View file

@ -4,16 +4,16 @@ let
# comments with variant added for update script
# ./update-zen.py zen
zenVariant = {
version = "6.1.9"; #zen
version = "6.1.10"; #zen
suffix = "zen1"; #zen
sha256 = "0fsmcjsawxr32fxhpp6sgwfwwj8kqymy0rc6vh4qli42fqmwdjgv"; #zen
sha256 = "0dfn449v3lzz1clxbsypakd0sfii9iycy1hq9x52fr9xf8wy3cxk"; #zen
isLqx = false;
};
# ./update-zen.py lqx
lqxVariant = {
version = "6.1.9"; #lqx
version = "6.1.10"; #lqx
suffix = "lqx1"; #lqx
sha256 = "167qr1mxsr5llmzixsijsn72d8jyphhgg2k8qsf369m7y58sz0s9"; #lqx
sha256 = "1ka94z0wvq90vfzd4ncjrzk5xcb5gvaldaph7mc25jxgh6pal822"; #lqx
isLqx = true;
};
zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {

View file

@ -5,12 +5,12 @@
mkDerivation rec {
pname = "kernelshark";
version = "2.1.1";
version = "2.2.0";
src = fetchgit {
url = "https://git.kernel.org/pub/scm/utils/trace-cmd/kernel-shark.git/";
rev = "kernelshark-v${version}";
sha256 = "sha256-1M35y3EkMHbGkVv93Xwo4zApvy9usIcz1spm5Z+1iUs=";
sha256 = "sha256-VkUah8qAlOck9245f/zngtVpHmJdx6eQXqwzLwK2xjU=";
};
outputs = [ "out" ];

View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
pname = "mapcache";
version = "1.12.1";
version = "1.14.0";
src = fetchFromGitHub {
owner = "MapServer";
repo = pname;
rev = "rel-${lib.replaceStrings [ "." ] [ "-" ] version}";
sha256 = "sha256-NuiZMWcmsN5wDCd37Hvj3cazwT3Ea+OknV/YR3urZB0=";
sha256 = "sha256-+QP4xXhP+MNqnhMUtMdtKrcuJ0M2BXWu3mbxXzj5ybc=";
};
nativeBuildInputs = [
@ -48,6 +48,8 @@ stdenv.mkDerivation rec {
"-DAPACHE_MODULE_DIR=${placeholder "out"}/modules"
];
NIX_CFLAGS_COMPILE = "-std=c99";
meta = with lib; {
description = "A server that implements tile caching to speed up access to WMS layers";
homepage = "https://mapserver.org/mapcache/";

View file

@ -0,0 +1,226 @@
{ lib
, stdenv
, fetchzip
, fetchurl
, fetchFromGitHub
, autoreconfHook
, bashInteractive
, cacert
, coreutils
, dbus
, docbook_xml_dtd_43
, docbook_xsl
, findutils
, gettext
, git
, glib
, glibc
, glib-networking
, gnused
, gnutls
, json-glib
, krb5
, libssh
, libxcrypt
, libxslt
, makeWrapper
, nodejs
, nixosTests
, openssh
, openssl
, pam
, pkg-config
, polkit
, python3Packages
, ripgrep
, runtimeShell
, systemd
, udev
, xmlto
}:
let
pythonWithGobject = python3Packages.python.withPackages (p: with p; [
pygobject3
]);
in
stdenv.mkDerivation rec {
pname = "cockpit";
version = "284";
src = fetchFromGitHub {
owner = "cockpit-project";
repo = "cockpit";
rev = "80a7c7cfed9157915067666fe95b298896f2aea8";
sha256 = "sha256-iAIW6nVUk1FJD2dQvDMREPVqrq0JkExJ7lVio//ALts=";
fetchSubmodules = true;
};
nativeBuildInputs = [
autoreconfHook
makeWrapper
docbook_xml_dtd_43
docbook_xsl
findutils
gettext
git
(lib.getBin libxslt)
nodejs
openssl
pam
pkg-config
pythonWithGobject.python
python3Packages.setuptools
systemd
ripgrep
xmlto
];
buildInputs = [
(lib.getDev glib)
libxcrypt
gnutls
json-glib
krb5
libssh
polkit
udev
];
patches = [
# Instead of requiring Internet access to do an npm install to generate the package-lock.json
# it copies the package-lock.json already present in the node_modules folder fetched as a git
# submodule.
./nerf-node-modules.patch
# sysconfdir is $(prefix)/etc by default and it breaks the configuration file loading feature
# changing sysconfdir to /etc breaks the build in this part of the makefile because it tries
# to write to /etc inside the sandbox
# this patch redirects it to write to $out/etc instead of /etc
./fix-makefiles.patch
];
postPatch = ''
# instruct users with problems to create a nixpkgs issue instead of nagging upstream directly
substituteInPlace configure.ac \
--replace 'devel@lists.cockpit-project.org' 'https://github.com/NixOS/nixpkgs/issues/new?assignees=&labels=0.kind%3A+bug&template=bug_report.md&title=cockpit%25'
patchShebangs \
test/common/pixel-tests \
test/common/run-tests \
test/common/tap-cdp \
test/static-code \
tools/escape-to-c \
tools/make-compile-commands \
tools/node-modules \
tools/termschutz \
tools/webpack-make
for f in node_modules/.bin/*; do
patchShebangs $(realpath $f)
done
export HOME=$(mktemp -d)
cp node_modules/.package-lock.json package-lock.json
substituteInPlace src/systemd_ctypes/libsystemd.py \
--replace libsystemd.so.0 ${systemd}/lib/libsystemd.so.0
for f in pkg/**/*.js pkg/**/*.jsx test/**/* src/**/*; do
# some files substituteInPlace report as missing and it's safe to ignore them
substituteInPlace "$(realpath "$f")" \
--replace '"/usr/bin/' '"' \
--replace '"/bin/' '"' || true
done
substituteInPlace src/common/Makefile-common.am \
--replace 'TEST_PROGRAM += test-pipe' "" # skip test-pipe because it hangs the build
substituteInPlace test/pytest/*.py \
--replace "'bash" "'${bashInteractive}/bin/bash"
echo "m4_define(VERSION_NUMBER, [${version}])" > version.m4
'';
configureFlags = [
"--enable-prefix-only=yes"
"--sysconfdir=/etc"
"--disable-pcp" # TODO: figure out how to package its dependency
"--with-default-session-path=/run/wrappers/bin:/run/current-system/sw/bin"
];
enableParallelBuilding = true;
preBuild = ''
patchShebangs \
tools/test-driver
'';
postBuild = ''
find | grep cockpit-bridge
chmod +x \
src/systemd/update-motd \
src/tls/cockpit-certificate-helper \
src/ws/cockpit-desktop
patchShebangs \
src/systemd/update-motd \
src/tls/cockpit-certificate-helper \
src/ws/cockpit-desktop
PATH=${pythonWithGobject}/bin patchShebangs src/client/cockpit-client
substituteInPlace src/ws/cockpit-desktop \
--replace ' /bin/bash' ' ${runtimeShell}'
'';
fixupPhase = ''
runHook preFixup
wrapProgram $out/libexec/cockpit-certificate-helper \
--prefix PATH : ${lib.makeBinPath [ coreutils openssl ]} \
--run 'cd $(mktemp -d)'
wrapProgram $out/share/cockpit/motd/update-motd \
--prefix PATH : ${lib.makeBinPath [ gnused ]}
substituteInPlace $out/share/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy \
--replace /usr $out
runHook postFixup
'';
doCheck = true;
checkInputs = [
bashInteractive
cacert
dbus
glib-networking
openssh
python3Packages.pytest
python3Packages.vulture
];
checkPhase = ''
export GIO_EXTRA_MODULES=$GIO_EXTRA_MODULES:${glib-networking}/lib/gio/modules
export G_DEBUG=fatal-criticals
export G_MESSAGES_DEBUG=cockpit-ws,cockpit-wrapper,cockpit-bridge
export PATH=$PATH:$(pwd)
cockpit-bridge --version
make pytest -j$NIX_BUILD_CORES || true
make check -j$NIX_BUILD_CORES || true
test/static-code
npm run eslint
npm run stylelint
'';
passthru.tests = { inherit (nixosTests) cockpit; };
meta = with lib; {
description = "Web-based graphical interface for servers";
homepage = "https://cockpit-project.org/";
license = licenses.lgpl21;
maintainers = with maintainers; [ lucasew ];
};
}

View file

@ -0,0 +1,34 @@
diff --git a/src/systemd/Makefile.am b/src/systemd/Makefile.am
index f28ea41df..684b82006 100644
--- a/src/systemd/Makefile.am
+++ b/src/systemd/Makefile.am
@@ -23,10 +23,10 @@ dist_motd_SCRIPTS = src/systemd/update-motd
# Automake: 'Variables using ... sysconf ... are installed by install-exec.'
install-exec-hook::
- mkdir -p $(DESTDIR)$(sysconfdir)/motd.d
- ln -sTfr $(DESTDIR)/run/cockpit/motd $(DESTDIR)$(sysconfdir)/motd.d/cockpit
- mkdir -p $(DESTDIR)$(sysconfdir)/issue.d
- ln -sTfr $(DESTDIR)/run/cockpit/motd $(DESTDIR)$(sysconfdir)/issue.d/cockpit.issue
+ mkdir -p $(DESTDIR)$(prefix)$(sysconfdir)/motd.d
+ ln -sTfr $(DESTDIR)$(prefix)/run/cockpit/motd $(DESTDIR)$(prefix)$(sysconfdir)/motd.d/cockpit
+ mkdir -p $(DESTDIR)$(prefix)$(sysconfdir)/issue.d
+ ln -sTfr $(DESTDIR)$(prefix)/run/cockpit/motd $(DESTDIR)$(prefix)$(sysconfdir)/issue.d/cockpit.issue
tempconfdir = $(prefix)/lib/tmpfiles.d
nodist_tempconf_DATA = src/systemd/cockpit-tempfiles.conf
diff --git a/src/ws/Makefile-ws.am b/src/ws/Makefile-ws.am
index ed4e4363e..77a35b0e5 100644
--- a/src/ws/Makefile-ws.am
+++ b/src/ws/Makefile-ws.am
@@ -169,8 +169,8 @@ install-tests::
$(INSTALL_DATA) mock-pam-conv-mod.so $(DESTDIR)$(pamdir)/
install-exec-hook::
- mkdir -p $(DESTDIR)$(sysconfdir)/cockpit/ws-certs.d $(DESTDIR)$(sysconfdir)/cockpit/machines.d
- chmod 755 $(DESTDIR)$(sysconfdir)/cockpit/ws-certs.d $(DESTDIR)$(sysconfdir)/cockpit/machines.d
+ mkdir -p $(DESTDIR)$(prefix)$(sysconfdir)/cockpit/ws-certs.d $(DESTDIR)$(prefix)$(sysconfdir)/cockpit/machines.d
+ chmod 755 $(DESTDIR)$(prefix)$(sysconfdir)/cockpit/ws-certs.d $(DESTDIR)$(prefix)$(sysconfdir)/cockpit/machines.d
dist_check_DATA += \
src/ws/mock-combined.crt \

View file

@ -0,0 +1,12 @@
diff --git a/tools/node-modules b/tools/node-modules
index 518875d..72b51e0 100755
--- a/tools/node-modules
+++ b/tools/node-modules
@@ -7,6 +7,7 @@ V="${V-0}" # default to friendly messages
set -eu
cd "${0%/*}/.."
+exit 0
. tools/git-utils.sh
cmd_remove() {

View file

@ -8,7 +8,7 @@
, nixosTests
}:
let version = "0.30.5";
let version = "1.0.0";
in
rustPlatform.buildRustPackage {
pname = "meilisearch";
@ -18,10 +18,10 @@ rustPlatform.buildRustPackage {
owner = "meilisearch";
repo = "MeiliSearch";
rev = "v${version}";
hash = "sha256-DvMMBF5Z2VdV3ObuD/gquZeimglyzFFVzgUq+/ra+Hc=";
hash = "sha256-XWPJldWxe8iply7XtmDem1gfbNuuaWuFdMfuCbcU6tc=";
};
cargoHash = "sha256-vA3DhGc0EuSdUeXYyG5iuuy7yK+22xPJjI67+/ctUFA=";
cargoHash = "sha256-v8P4pbTJ/t9TgB07tyhn3y8q65xILFTbBgziw5kuxUQ=";
# Default features include mini dashboard which downloads something from the internet.
buildNoDefaultFeatures = true;

View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "sftpgo";
version = "2.4.3";
version = "2.4.4";
src = fetchFromGitHub {
owner = "drakkan";
repo = "sftpgo";
rev = "refs/tags/v${version}";
hash = "sha256-cSA7ndpIV3VvIZTBa9NCIlJn57EtT1qxrB0UsMENUS0=";
hash = "sha256-gB3r7Q4M4pXHB9cfCRU8hMccWaJ170es0CJfbo/7lsg=";
};
vendorHash = "sha256-C45KA+9tdj+fR3DUBLdG2dGzT59zuAJczpKVoiAZ7lg=";
vendorHash = "sha256-og3mn0iYl6aubcSAUohqG4ZSqdBB4AQYZtpKfbp7kcQ=";
ldflags = [
"-s"

View file

@ -10,12 +10,12 @@
stdenv.mkDerivation rec {
pname = "pgpool-II";
version = "4.4.1";
version = "4.4.2";
src = fetchurl {
url = "https://www.pgpool.net/mediawiki/download.php?f=pgpool-II-${version}.tar.gz";
name = "pgpool-II-${version}.tar.gz";
sha256 = "sha256-Szebu6jheBKKHO5KW9GuEW3ts9phIbcowY8PVMiB8yg=";
sha256 = "sha256-Pmx4jnDwZyx7OMiKbKdvMfN4axJWiZgMwGOrdSylgjQ=";
};
buildInputs = [

View file

@ -13,7 +13,7 @@
stdenv.mkDerivation rec {
pname = "timescaledb";
version = "2.9.2";
version = "2.9.3";
nativeBuildInputs = [ cmake ];
buildInputs = [ postgresql openssl libkrb5 ];
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
owner = "timescale";
repo = "timescaledb";
rev = version;
sha256 = "sha256-3n3nqAVow8nIocXPsgCZcNkV+jr/G5/CmnSUfj2WMWo=";
sha256 = "sha256-eUn/sk2l/2aEGXupRPNDrbrIpUA3aNPo3tBJhmBoeXk=";
};
cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" ]

View file

@ -17,7 +17,9 @@ stdenvNoCC.mkDerivation rec {
hash = "sha256-l1SOaQA4C8yXbrfi7pEE1PpUO4DVmLTTDUSACCSQ5LE=";
};
passthru.tests = nixosTests.freshrss;
passthru.tests = {
inherit (nixosTests) freshrss-sqlite freshrss-pgsql;
};
buildInputs = [ php ];

View file

@ -11,7 +11,7 @@ buildGoModule rec {
hash = "sha256-HQN6wJ/4YeuQaDcNgdHj0RgYnn2NxXGRfxybmv60EdQ=";
};
vendorHash = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=";
vendorHash = null;
preBuild = ''
cp ${./go.mod} go.mod

View file

@ -11,11 +11,11 @@
let
pname = "pgadmin";
version = "6.18";
version = "6.19";
src = fetchurl {
url = "https://ftp.postgresql.org/pub/pgadmin/pgadmin4/v${version}/source/pgadmin4-${version}.tar.gz";
sha256 = "sha256-qqilmJLpJ3XNd8dwk7bDAAPxt8sou5zydFMPcJGcGoo=";
sha256 = "sha256-xHvdqVpNU9ZzTA6Xl2Bv044l6Tbvf4fjqyz4TmS9gmI=";
};
yarnDeps = mkYarnModules {
@ -70,6 +70,9 @@ let
azure-mgmt-rdbms
azure-mgmt-resource
azure-identity
sphinxcontrib-youtube
dnspython
greenlet
];
# keep the scope, as it is used throughout the derivation and tests
@ -104,7 +107,7 @@ let
hash = "sha256-K9pEtD58rLFdTgX/PMH4vJeTbMRkYjQkECv8LDXpWRI=";
};
});
# pgadmin 6.18 is incompatible with the major flask-security-too update to 5.0.x
# pgadmin 6.19 is incompatible with the major flask-security-too update to 5.0.x
flask-security-too = prev.flask-security-too.overridePythonAttrs (oldAttrs: rec {
version = "4.1.5";
src = oldAttrs.src.override {

View file

@ -112,7 +112,6 @@
"classnames": "^2.2.6",
"closest": "^0.0.1",
"codemirror": "^5.59.2",
"context-menu": "^2.0.0",
"convert-units": "^2.3.4",
"cssnano": "^5.0.2",
"dagre": "^0.8.4",
@ -123,8 +122,6 @@
"insert-if": "^1.1.0",
"ip-address": "^7.1.0",
"jquery": "^3.6.0",
"jquery-contextmenu": "^2.9.2",
"jquery-ui": "^1.13.2",
"json-bignumber": "^1.0.1",
"jsoneditor": "^9.5.4",
"jsoneditor-react": "^3.1.1",
@ -140,14 +137,13 @@
"path-fx": "^2.0.0",
"pathfinding": "^0.4.18",
"paths-js": "^0.4.9",
"pgadmin4-tree": "git+https://github.com/EnterpriseDB/pgadmin4-treeview/#96ceb7f27f43660a804e61d23a76aeb9aa188bb6",
"postcss": "^8.2.15",
"raf": "^3.4.1",
"rc-dock": "^3.2.9",
"react": "^17.0.1",
"react-aspen": "^1.1.0",
"react-checkbox-tree": "^1.7.2",
"react-data-grid": "git+https://github.com/EnterpriseDB/react-data-grid.git/#200d2f5e02de694e3e9ffbe177c279bc40240fb8",
"react-data-grid": "git+https://github.com/pgadmin-org/react-data-grid.git/#200d2f5e02de694e3e9ffbe177c279bc40240fb8",
"react-dnd": "^16.0.1",
"react-dnd-html5-backend": "^16.0.1",
"react-dom": "^17.0.1",
@ -169,7 +165,7 @@
"tempusdominus-bootstrap-4": "^5.1.2",
"tempusdominus-core": "^5.19.3",
"valid-filename": "^2.0.1",
"webcabin-docker": "git+https://github.com/EnterpriseDB/wcDocker/#3df8aac825ee2892f4d824de273b779cc6dbcad8",
"webcabin-docker": "git+https://github.com/pgadmin-org/wcdocker/#3df8aac825ee2892f4d824de273b779cc6dbcad8",
"wkx": "^0.5.0",
"xterm": "^4.11.0",
"xterm-addon-fit": "^0.5.0",

View file

@ -2340,7 +2340,7 @@ aspen-core@^1.0.4:
p-series "^1.1.0"
path-fx "^2.1.1"
aspen-decorations@^1.0.2, aspen-decorations@^1.1.1:
aspen-decorations@^1.0.2:
version "1.1.1"
resolved "https://registry.yarnpkg.com/aspen-decorations/-/aspen-decorations-1.1.1.tgz#7d0ca740efab1aa4fd91a1f3db81ac29186607a3"
integrity sha512-Ej2tv0Gz3bnhkNCyzzjDeG2V5vd49T30ca0SKywHuLA5RKrZ1NutEyZnUYku4WmUV1/TdpHRiSJ759nbZK4xtQ==
@ -3385,13 +3385,6 @@ content-type@~1.0.4:
resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz#e138cc75e040c727b1966fe5e5f8c9aee256fe3b"
integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==
context-menu@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/context-menu/-/context-menu-2.0.0.tgz#565f13210248e3442700e6b1a2d63406f2b08552"
integrity sha512-VQrkvcJDevuq+sde0QADRLOdIRpa4a1ti4knstrPILDLfWU/RB4ZIGpj32Chh/mURjrbi0CoLT1eonr3X86Khg==
dependencies:
tiny-emitter "^2.0.2"
convert-source-map@^1.5.0, convert-source-map@^1.7.0, convert-source-map@^1.8.0:
version "1.9.0"
resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-1.9.0.tgz#7faae62353fb4213366d0ca98358d22e8368b05f"
@ -6133,21 +6126,14 @@ jmespath@^0.16.0:
resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.16.0.tgz#b15b0a85dfd4d930d43e69ed605943c802785076"
integrity sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==
jquery-contextmenu@^2.6.4, jquery-contextmenu@^2.9.2:
jquery-contextmenu@^2.6.4:
version "2.9.2"
resolved "https://registry.yarnpkg.com/jquery-contextmenu/-/jquery-contextmenu-2.9.2.tgz#f9dc362e45871dda2e50fa45de2243e917446ced"
integrity sha512-6S6sH/08owDStC/7zNwcN366yR0ydX6PmMB0RnjLRQOp7Nc/rqwEHglshfHrrw2kdTev97GXwRXrayDUmToIOw==
dependencies:
jquery "^3.5.0"
jquery-ui@^1.13.2:
version "1.13.2"
resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.13.2.tgz#de03580ae6604773602f8d786ad1abfb75232034"
integrity sha512-wBZPnqWs5GaYJmo1Jj0k/mrSkzdQzKDwhXNtHKcBdAcKVxMM3KNYFq+iJ2i1rwiG53Z8M4mTn3Qxrm17uH1D4Q==
dependencies:
jquery ">=1.8.0 <4.0.0"
"jquery@>=1.7.1 <4.0.0", "jquery@>=1.8.0 <4.0.0", jquery@^3.3.1, jquery@^3.5.0, jquery@^3.6.0:
"jquery@>=1.7.1 <4.0.0", jquery@^3.3.1, jquery@^3.5.0, jquery@^3.6.0:
version "3.6.1"
resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.1.tgz#fab0408f8b45fc19f956205773b62b292c147a16"
integrity sha512-opJeO4nCucVnsjiXOE+/PcCgYw9Gwpvs/a6B1LL/lQhwWwpbVEVYDZ1FokFr8PRc7ghYlrFPuyHuiiDNTQxmcw==
@ -6238,16 +6224,16 @@ json-stable-stringify-without-jsonify@^1.0.1:
integrity sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==
json5@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.1.tgz#779fb0018604fa854eacbf6252180d83543e3dbe"
integrity sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==
version "1.0.2"
resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.2.tgz#63d98d60f21b313b77c4d6da18bfa69d80e1d593"
integrity sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==
dependencies:
minimist "^1.2.0"
json5@^2.1.2, json5@^2.2.1:
version "2.2.1"
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
version "2.2.3"
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
integrity "sha1-eM1vGhm9wStz21rQxh79ZsHikoM= sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="
jsoneditor-react@^3.1.1:
version "3.1.2"
@ -7831,27 +7817,6 @@ performance-now@^2.1.0:
resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
integrity sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==
"pgadmin4-tree@git+https://github.com/EnterpriseDB/pgadmin4-treeview/#96ceb7f27f43660a804e61d23a76aeb9aa188bb6":
version "1.0.0"
resolved "git+https://github.com/EnterpriseDB/pgadmin4-treeview/#96ceb7f27f43660a804e61d23a76aeb9aa188bb6"
dependencies:
"@types/classnames" "^2.2.6"
"@types/react" "^16.7.18"
"@types/react-dom" "^16.0.11"
aspen-decorations "^1.1.1"
browserfs "^1.4.3"
classnames "^2.2.6"
context-menu "^2.0.0"
insert-if "^1.1.0"
lodash "4.*"
notificar "^1.0.1"
path-fx "^2.0.0"
react "^16.6.3"
react-aspen "^1.2.0"
react-dom "^16.6.3"
react-virtualized-auto-sizer "^1.0.6"
valid-filename "^2.0.1"
picocolors@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c"
@ -8531,7 +8496,7 @@ re-resizable@6.9.6:
dependencies:
fast-memoize "^2.5.1"
react-aspen@^1.1.0, react-aspen@^1.2.0:
react-aspen@^1.1.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/react-aspen/-/react-aspen-1.2.0.tgz#375fa82a8db627542fc8b9e6e421baa49a65ab95"
integrity sha512-w+vUn4ScCzcxDB5xEsKIuIkUnySEQXlp/zqPFChWEpYG12mPO7h7z/LWuK2QXUoDbIP96Fcf1+UAI9I/cstPqg==
@ -8552,9 +8517,9 @@ react-checkbox-tree@^1.7.2:
nanoid "^3.0.0"
prop-types "^15.5.8"
"react-data-grid@git+https://github.com/EnterpriseDB/react-data-grid.git/#200d2f5e02de694e3e9ffbe177c279bc40240fb8":
"react-data-grid@git+https://github.com/pgadmin-org/react-data-grid.git/#200d2f5e02de694e3e9ffbe177c279bc40240fb8":
version "7.0.0-beta.14"
resolved "git+https://github.com/EnterpriseDB/react-data-grid.git/#200d2f5e02de694e3e9ffbe177c279bc40240fb8"
resolved "git+https://github.com/pgadmin-org/react-data-grid.git/#200d2f5e02de694e3e9ffbe177c279bc40240fb8"
dependencies:
clsx "^1.1.1"
@ -8576,16 +8541,6 @@ react-dnd@^16.0.1:
fast-deep-equal "^3.1.3"
hoist-non-react-statics "^3.3.2"
react-dom@^16.6.3:
version "16.14.0"
resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-16.14.0.tgz#7ad838ec29a777fb3c75c3a190f661cf92ab8b89"
integrity sha512-1gCeQXDLoIqMgqD3IO2Ah9bnf0w9kzhwN5q4FGnHZ67hBm9yePzB5JJAIQCc8x3pFnNlwFq4RidZggNAAkzWWw==
dependencies:
loose-envify "^1.1.0"
object-assign "^4.1.1"
prop-types "^15.6.2"
scheduler "^0.19.1"
react-dom@^17.0.1:
version "17.0.2"
resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-17.0.2.tgz#ecffb6845e3ad8dbfcdc498f0d0a939736502c23"
@ -8747,15 +8702,6 @@ react-window@^1.3.1, react-window@^1.8.5:
"@babel/runtime" "^7.0.0"
memoize-one ">=3.1.1 <6"
react@^16.6.3:
version "16.14.0"
resolved "https://registry.yarnpkg.com/react/-/react-16.14.0.tgz#94d776ddd0aaa37da3eda8fc5b6b18a4c9a3114d"
integrity sha512-0X2CImDkJGApiAlcf0ODKIneSwBPhqJawOa5wCtKbu7ZECrmS26NvtSILynQ66cgkT/RJ4LidJOc3bUESwmU8g==
dependencies:
loose-envify "^1.1.0"
object-assign "^4.1.1"
prop-types "^15.6.2"
react@^17.0.1:
version "17.0.2"
resolved "https://registry.yarnpkg.com/react/-/react-17.0.2.tgz#d0b5cc516d29eb3eee383f75b62864cfb6800037"
@ -9117,14 +9063,6 @@ sax@^1.2.4:
resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
scheduler@^0.19.1:
version "0.19.1"
resolved "https://registry.yarnpkg.com/scheduler/-/scheduler-0.19.1.tgz#4f3e2ed2c1a7d65681f4c854fa8c5a1ccb40f196"
integrity sha512-n/zwRWRYSUj0/3g/otKDRPMh6qv2SYMWNq85IEa8iZyAv8od9zDYpGSnpBEjNgcMNq6Scbu5KfIPxNF72R/2EA==
dependencies:
loose-envify "^1.1.0"
object-assign "^4.1.1"
scheduler@^0.20.2:
version "0.20.2"
resolved "https://registry.yarnpkg.com/scheduler/-/scheduler-0.20.2.tgz#4baee39436e34aa93b4874bddcbf0fe8b8b50e91"
@ -9997,11 +9935,6 @@ timers-browserify@^1.0.1:
dependencies:
process "~0.11.0"
tiny-emitter@^2.0.2:
version "2.1.0"
resolved "https://registry.yarnpkg.com/tiny-emitter/-/tiny-emitter-2.1.0.tgz#1d1a56edfc51c43e863cbb5382a72330e3555423"
integrity sha512-NB6Dk1A9xgQPMoGqC5CVXn123gWyte215ONT5Pp5a0yt4nlEoO1ZWeCwpncaekPHXO60i47ihFnZPiRPjRMq4Q==
tiny-warning@^1.0.2:
version "1.0.3"
resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754"
@ -10404,9 +10337,9 @@ watchpack@^2.4.0:
glob-to-regexp "^0.4.1"
graceful-fs "^4.1.2"
"webcabin-docker@git+https://github.com/EnterpriseDB/wcDocker/#3df8aac825ee2892f4d824de273b779cc6dbcad8":
"webcabin-docker@git+https://github.com/pgadmin-org/wcdocker/#3df8aac825ee2892f4d824de273b779cc6dbcad8":
version "2.2.5"
resolved "git+https://github.com/EnterpriseDB/wcDocker/#3df8aac825ee2892f4d824de273b779cc6dbcad8"
resolved "git+https://github.com/pgadmin-org/wcdocker/#3df8aac825ee2892f4d824de273b779cc6dbcad8"
dependencies:
"@fortawesome/fontawesome-free" "^5.14.0"
FileSaver "^0.10.0"

View file

@ -3433,14 +3433,6 @@
sha512 = "hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==";
};
}
{
name = "context_menu___context_menu_2.0.0.tgz";
path = fetchurl {
name = "context_menu___context_menu_2.0.0.tgz";
url = "https://registry.yarnpkg.com/context-menu/-/context-menu-2.0.0.tgz";
sha512 = "VQrkvcJDevuq+sde0QADRLOdIRpa4a1ti4knstrPILDLfWU/RB4ZIGpj32Chh/mURjrbi0CoLT1eonr3X86Khg==";
};
}
{
name = "convert_source_map___convert_source_map_1.9.0.tgz";
path = fetchurl {
@ -6385,14 +6377,6 @@
sha512 = "6S6sH/08owDStC/7zNwcN366yR0ydX6PmMB0RnjLRQOp7Nc/rqwEHglshfHrrw2kdTev97GXwRXrayDUmToIOw==";
};
}
{
name = "jquery_ui___jquery_ui_1.13.2.tgz";
path = fetchurl {
name = "jquery_ui___jquery_ui_1.13.2.tgz";
url = "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.13.2.tgz";
sha512 = "wBZPnqWs5GaYJmo1Jj0k/mrSkzdQzKDwhXNtHKcBdAcKVxMM3KNYFq+iJ2i1rwiG53Z8M4mTn3Qxrm17uH1D4Q==";
};
}
{
name = "jquery___jquery_3.6.1.tgz";
path = fetchurl {
@ -6530,19 +6514,19 @@
};
}
{
name = "json5___json5_1.0.1.tgz";
name = "json5___json5_1.0.2.tgz";
path = fetchurl {
name = "json5___json5_1.0.1.tgz";
url = "https://registry.yarnpkg.com/json5/-/json5-1.0.1.tgz";
sha512 = "aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==";
name = "json5___json5_1.0.2.tgz";
url = "https://registry.yarnpkg.com/json5/-/json5-1.0.2.tgz";
sha512 = "g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==";
};
}
{
name = "json5___json5_2.2.1.tgz";
name = "json5___json5_2.2.3.tgz";
path = fetchurl {
name = "json5___json5_2.2.1.tgz";
url = "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz";
sha512 = "1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==";
name = "json5___json5_2.2.3.tgz";
url = "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz";
sha512 = "XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==";
};
}
{
@ -8361,22 +8345,6 @@
sha512 = "7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==";
};
}
{
name = "pgadmin4-treeview";
path =
let
repo = fetchgit {
url = "https://github.com/EnterpriseDB/pgadmin4-treeview/";
rev = "96ceb7f27f43660a804e61d23a76aeb9aa188bb6";
sha256 = "1hvr7arywz8rql19ma6w6lj5hrfn8xr4cyiia4bw5l8d061ak1gj";
};
in
runCommand "pgadmin4-treeview" { buildInputs = [gnutar]; } ''
# Set u+w because tar-fs can't unpack archives with read-only dirs
# https://github.com/mafintosh/tar-fs/issues/79
tar cf $out --mode u+w -C ${repo} .
'';
}
{
name = "picocolors___picocolors_1.0.0.tgz";
path = fetchurl {
@ -9148,18 +9116,16 @@
{
name = "react-data-grid.git";
path =
let
repo = fetchgit {
url = "https://github.com/EnterpriseDB/react-data-grid.git/";
rev = "200d2f5e02de694e3e9ffbe177c279bc40240fb8";
sha256 = "0s4k8s8ackr5lrvhv7ljbhd90679wh34p2wv71xqn8yy1ykjwm15";
};
in
runCommand "react-data-grid.git" { buildInputs = [gnutar]; } ''
# Set u+w because tar-fs can't unpack archives with read-only dirs
# https://github.com/mafintosh/tar-fs/issues/79
tar cf $out --mode u+w -C ${repo} .
'';
let repo = fetchgit {
url = "https://github.com/pgadmin-org/react-data-grid.git/";
rev = "200d2f5e02de694e3e9ffbe177c279bc40240fb8";
sha256 = "0s4k8s8ackr5lrvhv7ljbhd90679wh34p2wv71xqn8yy1ykjwm15";
};
in runCommand "react-data-grid.git" { buildInputs = [gnutar]; } ''
# Set u+w because tar-fs can't unpack archives with read-only dirs
# https://github.com/mafintosh/tar-fs/issues/79
tar cf $out --mode u+w -C ${repo} .
'';
}
{
name = "react_dnd_html5_backend___react_dnd_html5_backend_16.0.1.tgz";
@ -9177,14 +9143,6 @@
sha512 = "QeoM/i73HHu2XF9aKksIUuamHPDvRglEwdHL4jsp784BgUuWcg6mzfxT0QDdQz8Wj0qyRKx2eMg8iZtWvU4E2Q==";
};
}
{
name = "react_dom___react_dom_16.14.0.tgz";
path = fetchurl {
name = "react_dom___react_dom_16.14.0.tgz";
url = "https://registry.yarnpkg.com/react-dom/-/react-dom-16.14.0.tgz";
sha512 = "1gCeQXDLoIqMgqD3IO2Ah9bnf0w9kzhwN5q4FGnHZ67hBm9yePzB5JJAIQCc8x3pFnNlwFq4RidZggNAAkzWWw==";
};
}
{
name = "react_dom___react_dom_17.0.2.tgz";
path = fetchurl {
@ -9361,14 +9319,6 @@
sha512 = "D4IiBeRtGXziZ1n0XklnFGu7h9gU684zepqyKzgPNzrsrk7xOCxni+TCckjg2Nr/DiaEEGVVmnhYSlT2rB47dQ==";
};
}
{
name = "react___react_16.14.0.tgz";
path = fetchurl {
name = "react___react_16.14.0.tgz";
url = "https://registry.yarnpkg.com/react/-/react-16.14.0.tgz";
sha512 = "0X2CImDkJGApiAlcf0ODKIneSwBPhqJawOa5wCtKbu7ZECrmS26NvtSILynQ66cgkT/RJ4LidJOc3bUESwmU8g==";
};
}
{
name = "react___react_17.0.2.tgz";
path = fetchurl {
@ -9785,14 +9735,6 @@
sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==";
};
}
{
name = "scheduler___scheduler_0.19.1.tgz";
path = fetchurl {
name = "scheduler___scheduler_0.19.1.tgz";
url = "https://registry.yarnpkg.com/scheduler/-/scheduler-0.19.1.tgz";
sha512 = "n/zwRWRYSUj0/3g/otKDRPMh6qv2SYMWNq85IEa8iZyAv8od9zDYpGSnpBEjNgcMNq6Scbu5KfIPxNF72R/2EA==";
};
}
{
name = "scheduler___scheduler_0.20.2.tgz";
path = fetchurl {
@ -10769,14 +10711,6 @@
sha512 = "PIxwAupJZiYU4JmVZYwXp9FKsHMXb5h0ZEFyuXTAn8WLHOlcij+FEcbrvDsom1o5dr1YggEtFbECvGCW2sT53Q==";
};
}
{
name = "tiny_emitter___tiny_emitter_2.1.0.tgz";
path = fetchurl {
name = "tiny_emitter___tiny_emitter_2.1.0.tgz";
url = "https://registry.yarnpkg.com/tiny-emitter/-/tiny-emitter-2.1.0.tgz";
sha512 = "NB6Dk1A9xgQPMoGqC5CVXn123gWyte215ONT5Pp5a0yt4nlEoO1ZWeCwpncaekPHXO60i47ihFnZPiRPjRMq4Q==";
};
}
{
name = "tiny_warning___tiny_warning_1.0.3.tgz";
path = fetchurl {
@ -11290,20 +11224,18 @@
};
}
{
name = "wcDocker";
name = "wcdocker";
path =
let
repo = fetchgit {
url = "https://github.com/EnterpriseDB/wcDocker/";
rev = "3df8aac825ee2892f4d824de273b779cc6dbcad8";
sha256 = "1dihm56s7a34s132a6rh69lri93avz9bwja8bjd9hvpds20phmsg";
};
in
runCommand "wcDocker" { buildInputs = [gnutar]; } ''
# Set u+w because tar-fs can't unpack archives with read-only dirs
# https://github.com/mafintosh/tar-fs/issues/79
tar cf $out --mode u+w -C ${repo} .
'';
let repo = fetchgit {
url = "https://github.com/pgadmin-org/wcdocker/";
rev = "3df8aac825ee2892f4d824de273b779cc6dbcad8";
sha256 = "1dihm56s7a34s132a6rh69lri93avz9bwja8bjd9hvpds20phmsg";
};
in runCommand "wcdocker" { buildInputs = [gnutar]; } ''
# Set u+w because tar-fs can't unpack archives with read-only dirs
# https://github.com/mafintosh/tar-fs/issues/79
tar cf $out --mode u+w -C ${repo} .
'';
}
{
name = "webfonts_loader___webfonts_loader_7.5.2.tgz";

View file

@ -2,7 +2,7 @@
rustPlatform.buildRustPackage rec {
pname = "dua";
version = "2.19.0";
version = "2.19.1";
buildInputs = lib.optionals stdenv.isDarwin [ libiconv Foundation ];
@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec {
owner = "Byron";
repo = "dua-cli";
rev = "v${version}";
sha256 = "sha256-cb2WW0FpY5GMzll7sgbDRcgiKYSVZjJ8e8BabywF9wg=";
sha256 = "sha256-GNVmrFY/qWInP0qT9Y+UurIyK3rBhj2OyAcH+Sw3smo=";
# Remove unicode file names which leads to different checksums on HFS+
# vs. other filesystems because of unicode normalisation.
postFetch = ''
@ -18,7 +18,7 @@ rustPlatform.buildRustPackage rec {
'';
};
cargoSha256 = "sha256-79dUeQOf6hiSRzz5mLWcSP5bLXMOU5YcE9ecd/t9VaI=";
cargoHash = "sha256-xhNHvTVOBwAkMn/lLUShhZkBih1zX5b/udeJaEcZGgs=";
doCheck = false;

View file

@ -2,11 +2,12 @@
stdenv.mkDerivation {
pname = "ldapvi";
version = "0lz1sb5r0y9ypy8d7hm0l2wfa8l69f8ll0i5c78c0apz40nyjqkg";
version = "unstable-2012-04-28";
# use latest git, it includes some important patches since 2007 release
src = fetchgit {
url = "http://www.lichteblau.com/git/ldapvi.git";
rev = "f1d42bad66cc4623d1ff21fbd5dddbf5009d3e40";
sha256 = "3ef3103030ecb04d7fe80180e3fd490377cf81fb2af96782323fddabc3225030";
};

View file

@ -11,7 +11,7 @@ buildGoModule rec {
sha256 = "sha256-Iro/FjPFMqulcK90MbludnOXkMEHW0QSCoQRL01/LDE";
};
vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo";
vendorSha256 = null;
ldflags = [ "-s" "-w" ];

View file

@ -25,6 +25,6 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/hanslub42/rlwrap";
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ SuperSandro2000 srapenne ];
maintainers = with maintainers; [ srapenne ];
};
}

View file

@ -17,13 +17,13 @@
stdenvNoCC.mkDerivation rec {
pname = "Sharedown";
version = "5.1.0";
version = "5.2.2";
src = fetchFromGitHub {
owner = "kylon";
repo = pname;
rev = version;
sha256 = "sha256-cD+xq2LVaTZGjFj+SleQlNT3sAV6N4nG4RVbH015OOA=";
sha256 = "sha256-kdntnzGpu1NUP6rrBaH7ASwE7XT18vHcgf39bp5A4ds=";
};
nativeBuildInputs = [

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "tbls";
version = "1.60.0";
version = "1.61.0";
src = fetchFromGitHub {
owner = "k1LoW";
repo = "tbls";
rev = "v${version}";
hash = "sha256-5/YAJl01ARralsBEV6ZJqcYfMMudCmcQcdQD1jn1I+M=";
hash = "sha256-yXD/LILWaXtjd3etdWINglZtvIYE6i6qmCSR3FUUQeM=";
};
vendorHash = "sha256-AeaTAjo1wRl7Ymg/fyoijaa9UXf9SiNR447WJtZeN5o=";

View file

@ -1,9 +1,9 @@
{ buildGoModule
, cmake
, fetchFromGitHub
, fetchpatch
, go
, lib
, libsecret
, pkg-config
, polkit
, python3
@ -15,28 +15,20 @@
, qtwebsockets
, rustPlatform
, stdenv
, which
, wireguard-tools
, wrapQtAppsHook
}:
let
pname = "mozillavpn";
version = "2.12.0";
version = "2.13.0";
src = fetchFromGitHub {
owner = "mozilla-mobile";
repo = "mozilla-vpn-client";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-T8dPM90X4soVG/plKsf7DM9XgdX5Vcp0i6zTE60gbq0=";
hash = "sha256-EwHuNJZpTb7oFOKKDv0zWgklUe95Th97KP9G5DqRokA=";
};
patches = [
# vpnglean: Add Cargo.lock file
(fetchpatch {
url = "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/5236/commits/6fdc689001619a06b752fa629647642ea66f4e26.patch";
hash = "sha256-j666Z31D29WIL3EXbek2aLzA4Fui/9VZvupubMDG24Q=";
})
];
netfilter-go-modules = (buildGoModule {
inherit pname version src;
@ -48,26 +40,27 @@ let
inherit src;
name = "${pname}-${version}-extension-bridge";
preBuild = "cd extension/bridge";
hash = "sha256-/DmKSV0IKxZV0Drh6dTsiqgZhuxt6CoegXpYdqN4UzQ=";
hash = "sha256-q6Wf+jrGjGMiDEmnErnDau6Li64Dyq8t2SN1I4rspBY=";
};
signatureDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}-signature";
preBuild = "cd signature";
hash = "sha256-6qyMARhPPgTryEtaBNrIPN9ja/fe7Fyx38iGuTd+Dk8=";
hash = "sha256-Dbu4WX2u3uDDUuZzS/hczypSFkQNnvuj2Su2X0QvSN4=";
};
vpngleanDeps = rustPlatform.fetchCargoTarball {
inherit src patches;
inherit src;
name = "${pname}-${version}-vpnglean";
preBuild = "cd vpnglean";
hash = "sha256-8OLTQmRvy6pATEBX2za6f9vMEqwkf9L5VyERtAN2BDQ=";
hash = "sha256-FDkziDDup+D7Bh+Wclqxn8Dhm/T2DanhjKXIAEFDhzc=";
};
in
stdenv.mkDerivation {
inherit pname version src patches;
inherit pname version src;
buildInputs = [
libsecret
polkit
qt5compat
qtbase
@ -81,13 +74,11 @@ stdenv.mkDerivation {
pkg-config
python3
python3.pkgs.glean-parser
python3.pkgs.lxml
python3.pkgs.pyyaml
python3.pkgs.setuptools
rustPlatform.cargoSetupHook
rustPlatform.rust.cargo
rustPlatform.rust.rustc
which
wrapQtAppsHook
];
@ -110,15 +101,13 @@ stdenv.mkDerivation {
dontCargoSetupPostUnpack = true;
postPatch = ''
for file in linux/*.service linux/extra/*.desktop src/platforms/linux/daemon/*.service; do
substituteInPlace "$file" --replace /usr/bin/mozillavpn "$out/bin/mozillavpn"
done
substituteInPlace src/apps/vpn/platforms/linux/daemon/org.mozilla.vpn.dbus.service --replace /usr/bin/mozillavpn "$out/bin/mozillavpn"
substituteInPlace scripts/addon/build.py \
--replace 'qtbinpath = args.qtpath' 'qtbinpath = "${qttools.dev}/bin"' \
--replace 'rcc = os.path.join(qtbinpath, rcc_bin)' 'rcc = "${qtbase.dev}/libexec/rcc"'
substituteInPlace src/cmake/linux.cmake \
substituteInPlace src/apps/vpn/cmake/linux.cmake \
--replace '/etc/xdg/autostart' "$out/etc/xdg/autostart" \
--replace '${"$"}{POLKIT_POLICY_DIR}' "$out/share/polkit-1/actions" \
--replace '/usr/share/dbus-1' "$out/share/dbus-1" \

View file

@ -1,4 +1,4 @@
{ lib, buildGoModule, fetchFromGitHub }:
{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
buildGoModule rec {
pname = "nebula";
@ -17,6 +17,10 @@ buildGoModule rec {
ldflags = [ "-X main.Build=${version}" ];
passthru.tests = {
inherit (nixosTests) nebula;
};
meta = with lib; {
description = "A scalable overlay networking tool with a focus on performance, simplicity and security";
longDescription = ''

View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "ssldump";
version = "1.5";
version = "1.6";
src = fetchFromGitHub {
owner = "adulau";
repo = "ssldump";
rev = "v${version}";
sha256 = "sha256-nk1sXQN9cPIZD7Xlg8CHmKySfvfWl2j0CGxmIyvA6z4=";
sha256 = "sha256-mK8n+Dn7fUzmclUzlIqGjO2zzIVKQEhSRvYeuFwVJx8=";
};
nativeBuildInputs = [

View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "stress-ng";
version = "0.15.01";
version = "0.15.03";
src = fetchFromGitHub {
owner = "ColinIanKing";
repo = pname;
rev = "V${version}";
hash = "sha256-reHO426jUI0/jGhVFfurQ5dsRol4e9YlcE7p7nZyBCU=";
hash = "sha256-ryZoW2N93f1jDNF+qZ8y9brPGrTLiOFi2ciIEh1Lt1c=";
};
postPatch = ''

View file

@ -0,0 +1,64 @@
{ fetchurl
, lib
, makeWrapper
, writeShellScriptBin
, ghostscriptX
, ocamlPackages
, texlive
, which
}:
let
# simplified fake-opam edited from tweag's opam-nix
fake-opam = writeShellScriptBin "opam" ''
case "$1 $2" in
"config var")
case "$3" in
man) echo "$out/share/man";;
etc) echo "$out/etc";;
doc) echo "$out/share/doc";;
share) echo "$out/share";;
prefix) echo "$out";;
*) echo "fake-opam does not understand arguments: $@" ; exit 1 ;;
esac;;
*) echo "fake-opam does not understand arguments: $@" ; exit 1 ;;
esac
'';
# texlive currently does not symlink kpsexpand
kpsexpand = writeShellScriptBin "kpsexpand" ''
exec kpsetool -v
'';
in
ocamlPackages.buildDunePackage rec {
pname = "advi";
version = "2.0.0";
useDune2 = true;
minimalOCamlVersion = "4.11";
src = fetchurl {
url = "http://advi.inria.fr/advi-${version}.tar.gz";
hash = "sha256-c0DQHlvdekJyXCxmR4+Ut/njtoCzmqX6hNazNv8PpBQ=";
};
nativeBuildInputs = [ fake-opam kpsexpand makeWrapper texlive.combined.scheme-medium which ];
buildInputs = with ocamlPackages; [ camlimages ghostscriptX graphics ];
# TODO: ghostscript linked from texlive.combine will override ghostscriptX and break advi
preInstall = ''
make install
wrapProgram "$out/bin/advi" --prefix PATH : "${lib.makeBinPath [ ghostscriptX ]}"
'';
# TODO: redirect /share/advi/tex/latex to tex output compatible with texlive.combine
# (requires patching check() in advi-latex-files)
meta = with lib; {
homepage = "http://advi.inria.fr/";
description = "Active-DVI is a Unix-platform DVI previewer and a programmable presenter for slides written in LaTeX.";
license = licenses.lgpl21Only;
maintainers = [ maintainers.xworld21 ];
};
}

View file

@ -4640,6 +4640,8 @@ with pkgs;
### TOOLS/TYPESETTING/TEX
advi = callPackage ../tools/typesetting/tex/advi { };
auctex = callPackage ../tools/typesetting/tex/auctex { };
blahtexml = callPackage ../tools/typesetting/tex/blahtexml { };
@ -13606,6 +13608,8 @@ with pkgs;
yamlfix = with python3Packages; toPythonApplication yamlfix;
yamlfmt = callPackage ../development/tools/yamlfmt {};
yamllint = with python3Packages; toPythonApplication yamllint;
yamlpath = callPackage ../development/tools/yamlpath { };
@ -17891,7 +17895,7 @@ with pkgs;
img = callPackage ../development/tools/img { };
include-what-you-use = callPackage ../development/tools/analysis/include-what-you-use {
llvmPackages = llvmPackages_14;
llvmPackages = llvmPackages_15;
};
indent = callPackage ../development/tools/misc/indent { };
@ -24227,6 +24231,8 @@ with pkgs;
clickhouse-backup = callPackage ../development/tools/database/clickhouse-backup { };
cockpit = callPackage ../servers/monitoring/cockpit { };
codeowners = callPackage ../development/tools/codeowners { };
couchdb3 = callPackage ../servers/http/couchdb/3.nix { };
@ -25648,9 +25654,7 @@ with pkgs;
fwupd-efi = callPackage ../os-specific/linux/firmware/fwupd-efi { };
firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager {
openssl = openssl_1_1;
};
firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { };
firmware-updater = callPackage ../os-specific/linux/firmware/firmware-updater { };
@ -26873,6 +26877,8 @@ with pkgs;
blackout = callPackage ../data/fonts/blackout { };
breath-theme = libsForQt5.callPackage ../data/themes/breath-theme { };
brise = callPackage ../data/misc/brise { };
cacert = callPackage ../data/misc/cacert { };
@ -31610,7 +31616,7 @@ with pkgs;
polyphone = libsForQt5.callPackage ../applications/audio/polyphone { };
portfolio = callPackage ../applications/office/portfolio {
jre = openjdk11;
jre = openjdk17;
};
prevo = callPackage ../applications/misc/prevo { };
@ -31627,6 +31633,8 @@ with pkgs;
qemacs = callPackage ../applications/editors/qemacs { };
rime-cli = callPackage ../applications/office/rime-cli {};
roxctl = callPackage ../applications/networking/cluster/roxctl {
};
@ -35999,6 +36007,8 @@ with pkgs;
molden = callPackage ../applications/science/chemistry/molden { };
mopac = callPackage ../applications/science/chemistry/mopac { };
octopus = callPackage ../applications/science/chemistry/octopus { };
openlp = libsForQt5.callPackage ../applications/misc/openlp { };
@ -36023,6 +36033,8 @@ with pkgs;
siesta-mpi = callPackage ../applications/science/chemistry/siesta { useMpi = true; };
wxmacmolplt = callPackage ../applications/science/chemistry/wxmacmolplt { };
### SCIENCE/GEOMETRY
antiprism = callPackage ../applications/science/geometry/antiprism { };
@ -38184,6 +38196,8 @@ with pkgs;
prow = callPackage ../applications/networking/cluster/prow { };
pv-migrate = callPackage ../applications/networking/cluster/pv-migrate { };
tagref = callPackage ../tools/misc/tagref { };
tcat = callPackage ../tools/misc/tcat { };

View file

@ -170,6 +170,10 @@ impure-cmds // appleSourcePackages // chooseLibs // {
opencflite = callPackage ../os-specific/darwin/opencflite { };
openwith = pkgs.darwin.apple_sdk_11_0.callPackage ../os-specific/darwin/openwith {
inherit (apple_sdk_11_0.frameworks) AppKit Foundation UniformTypeIdentifiers;
};
stubs = pkgs.callPackages ../os-specific/darwin/stubs { };
trash = callPackage ../os-specific/darwin/trash { };

View file

@ -1101,6 +1101,8 @@ self: super: with self; {
babelgladeextractor = callPackage ../development/python-modules/babelgladeextractor { };
bambi = callPackage ../development/python-modules/bambi { };
pad4pi = callPackage ../development/python-modules/pad4pi { };
pulumi = callPackage ../development/python-modules/pulumi { inherit (pkgs) pulumi; };
@ -1218,6 +1220,8 @@ self: super: with self; {
bellows = callPackage ../development/python-modules/bellows { };
bencode-py = callPackage ../development/python-modules/bencode-py { };
bencoder = callPackage ../development/python-modules/bencoder { };
beniget = callPackage ../development/python-modules/beniget { };
@ -3569,6 +3573,8 @@ self: super: with self; {
formbox = callPackage ../development/python-modules/formbox { };
formulae = callPackage ../development/python-modules/formulae { };
fortiosapi = callPackage ../development/python-modules/fortiosapi { };
FormEncode = callPackage ../development/python-modules/FormEncode { };
@ -10880,6 +10886,8 @@ self: super: with self; {
sphinxcontrib-websupport = callPackage ../development/python-modules/sphinxcontrib-websupport { };
sphinxcontrib-youtube = callPackage ../development/python-modules/sphinxcontrib-youtube { };
sphinx = callPackage ../development/python-modules/sphinx { };
sphinx-argparse = callPackage ../development/python-modules/sphinx-argparse { };