forked from mirrors/nixpkgs
Merge staging-next into staging
This commit is contained in:
commit
f0a4305e0a
13
doc/meta.xml
13
doc/meta.xml
|
@ -150,6 +150,19 @@ hello-2.3 A program that produces a familiar, friendly greeting
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>changelog</varname>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A link or a list of links to the location of Changelog for a package.
|
||||
A link may use expansion to refer to the correct changelog version.
|
||||
Example:
|
||||
<literal>"https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}"</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>license</varname>
|
||||
|
|
|
@ -2643,9 +2643,7 @@ addEnvHooks "$hostOffset" myBashFunction
|
|||
At <filename>/var/lib/cntr</filename> the sandboxed filesystem is
|
||||
mounted. All commands and files of the system are still accessible
|
||||
within the shell. To execute commands from the sandbox use the cntr exec
|
||||
subcommand. Note that <command>cntr</command> also needs to be executed
|
||||
on the machine that is doing the build, which might not be the case when
|
||||
remote builders are enabled. <command>cntr</command> is only supported
|
||||
subcommand. <command>cntr</command> is only supported
|
||||
on Linux-based platforms. To use it first add <literal>cntr</literal> to
|
||||
your <literal>environment.systemPackages</literal> on NixOS or
|
||||
alternatively to the root user on non-NixOS systems. Then in the package
|
||||
|
@ -2657,6 +2655,16 @@ addEnvHooks "$hostOffset" myBashFunction
|
|||
When a build failure happens there will be an instruction printed that
|
||||
shows how to attach with <literal>cntr</literal> to the build sandbox.
|
||||
</para>
|
||||
<note>
|
||||
<title>Caution with remote builds</title>
|
||||
<para>
|
||||
This won't work with remote builds as the build environment is on
|
||||
a different machine and can't be accessed by <command>cntr</command>.
|
||||
Remote builds can be turned off by setting <literal>--option builders ''</literal>
|
||||
for <command>nix-build</command> or <literal>--builders ''</literal> for
|
||||
<command>nix build</command>.
|
||||
</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
|
@ -88,6 +88,9 @@ rec {
|
|||
config = "aarch64-unknown-linux-musl";
|
||||
};
|
||||
|
||||
gnu64 = { config = "x86_64-unknown-linux-gnu"; };
|
||||
gnu32 = { config = "i686-unknown-linux-gnu"; };
|
||||
|
||||
musl64 = { config = "x86_64-unknown-linux-musl"; };
|
||||
musl32 = { config = "i686-unknown-linux-musl"; };
|
||||
|
||||
|
|
|
@ -1100,6 +1100,11 @@
|
|||
github = "cwoac";
|
||||
name = "Oliver Matthews";
|
||||
};
|
||||
dalance = {
|
||||
email = "dalance@gmail.com";
|
||||
github = "dalance";
|
||||
name = "Naoya Hatta";
|
||||
};
|
||||
DamienCassou = {
|
||||
email = "damien@cassou.me";
|
||||
github = "DamienCassou";
|
||||
|
@ -1164,6 +1169,11 @@
|
|||
github = "davorb";
|
||||
name = "Davor Babic";
|
||||
};
|
||||
dawidsowa = {
|
||||
email = "dawid_sowa@posteo.net";
|
||||
github = "dawidsowa";
|
||||
name = "Dawid Sowa";
|
||||
};
|
||||
dbohdan = {
|
||||
email = "dbohdan@dbohdan.com";
|
||||
github = "dbohdan";
|
||||
|
@ -1531,6 +1541,11 @@
|
|||
github = "eqyiel";
|
||||
name = "Ruben Maher";
|
||||
};
|
||||
eraserhd = {
|
||||
email = "jason.m.felice@gmail.com";
|
||||
github = "eraserhd";
|
||||
name = "Jason Felice";
|
||||
};
|
||||
ericbmerritt = {
|
||||
email = "eric@afiniate.com";
|
||||
github = "ericbmerritt";
|
||||
|
@ -1732,6 +1747,11 @@
|
|||
github = "freepotion";
|
||||
name = "Free Potion";
|
||||
};
|
||||
freezeboy = {
|
||||
email = "freezeboy@users.noreply.github.com";
|
||||
github = "freezeboy";
|
||||
name = "freezeboy";
|
||||
};
|
||||
Fresheyeball = {
|
||||
email = "fresheyeball@gmail.com";
|
||||
github = "fresheyeball";
|
||||
|
@ -2588,6 +2608,11 @@
|
|||
github = "knl";
|
||||
name = "Nikola Knežević";
|
||||
};
|
||||
kolaente = {
|
||||
email = "k@knt.li";
|
||||
github = "kolaente";
|
||||
name = "Konrad Langenberg";
|
||||
};
|
||||
konimex = {
|
||||
email = "herdiansyah@netc.eu";
|
||||
github = "konimex";
|
||||
|
@ -3188,6 +3213,11 @@
|
|||
github = "mimadrid";
|
||||
name = "Miguel Madrid";
|
||||
};
|
||||
minijackson = {
|
||||
email = "minijackson@riseup.net";
|
||||
github = "minijackson";
|
||||
name = "Rémi Nicole";
|
||||
};
|
||||
mirdhyn = {
|
||||
email = "mirdhyn@gmail.com";
|
||||
github = "mirdhyn";
|
||||
|
@ -3318,6 +3348,11 @@
|
|||
github = "fstamour";
|
||||
name = "Francis St-Amour";
|
||||
};
|
||||
mredaelli = {
|
||||
email = "massimo@typish.io";
|
||||
github = "mredaelli";
|
||||
name = "Massimo Redaelli";
|
||||
};
|
||||
mrkkrp = {
|
||||
email = "markkarpov92@gmail.com";
|
||||
github = "mrkkrp";
|
||||
|
@ -4111,6 +4146,11 @@
|
|||
github = "retrry";
|
||||
name = "Tadas Barzdžius";
|
||||
};
|
||||
rexim = {
|
||||
email = "reximkut@gmail.com";
|
||||
github = "rexim";
|
||||
name = "Alexey Kutepov";
|
||||
};
|
||||
rht = {
|
||||
email = "rhtbot@protonmail.com";
|
||||
github = "rht";
|
||||
|
@ -4449,6 +4489,11 @@
|
|||
github = "shawndellysse";
|
||||
name = "Shawn Dellysse";
|
||||
};
|
||||
shazow = {
|
||||
email = "andrey.petrov@shazow.net";
|
||||
github = "shazow";
|
||||
name = "Andrey Petrov";
|
||||
};
|
||||
sheenobu = {
|
||||
email = "sheena.artrip@gmail.com";
|
||||
github = "sheenobu";
|
||||
|
@ -4469,6 +4514,11 @@
|
|||
github = "shlevy";
|
||||
name = "Shea Levy";
|
||||
};
|
||||
shmish111 = {
|
||||
email = "shmish111@gmail.com";
|
||||
github = "shmish111";
|
||||
name = "David Smith";
|
||||
};
|
||||
shou = {
|
||||
email = "x+g@shou.io";
|
||||
github = "Shou";
|
||||
|
@ -4634,6 +4684,11 @@
|
|||
github = "srghma";
|
||||
name = "Sergei Khoma";
|
||||
};
|
||||
srgom = {
|
||||
email = "srgom@users.noreply.github.com";
|
||||
github = "srgom";
|
||||
name = "SRGOM";
|
||||
};
|
||||
srhb = {
|
||||
email = "sbrofeldt@gmail.com";
|
||||
github = "srhb";
|
||||
|
@ -4858,6 +4913,11 @@
|
|||
github = "terlar";
|
||||
name = "Terje Larsen";
|
||||
};
|
||||
tesq0 = {
|
||||
email = "mikolaj.galkowski@gmail.com";
|
||||
github = "tesq0";
|
||||
name = "Mikolaj Galkowski";
|
||||
};
|
||||
teto = {
|
||||
email = "mcoudron@hotmail.com";
|
||||
github = "teto";
|
||||
|
@ -4907,6 +4967,11 @@
|
|||
github = "ctheune";
|
||||
name = "Christian Theune";
|
||||
};
|
||||
thiagokokada = {
|
||||
email = "thiagokokada@gmail.com";
|
||||
github = "thiagokokada";
|
||||
name = "Thiago K. Okada";
|
||||
};
|
||||
ThomasMader = {
|
||||
email = "thomas.mader@gmail.com";
|
||||
github = "ThomasMader";
|
||||
|
@ -5341,6 +5406,11 @@
|
|||
github = "xaverdh";
|
||||
name = "Dominik Xaver Hörl";
|
||||
};
|
||||
xbreak = {
|
||||
email = "xbreak@alphaware.se";
|
||||
github = "xbreak";
|
||||
name = "Calle Rosenquist";
|
||||
};
|
||||
xeji = {
|
||||
email = "xeji@cat3.de";
|
||||
github = "xeji";
|
||||
|
@ -5525,34 +5595,4 @@
|
|||
github = "zzamboni";
|
||||
name = "Diego Zamboni";
|
||||
};
|
||||
mredaelli = {
|
||||
email = "massimo@typish.io";
|
||||
github = "mredaelli";
|
||||
name = "Massimo Redaelli";
|
||||
};
|
||||
shmish111 = {
|
||||
email = "shmish111@gmail.com";
|
||||
github = "shmish111";
|
||||
name = "David Smith";
|
||||
};
|
||||
minijackson = {
|
||||
email = "minijackson@riseup.net";
|
||||
github = "minijackson";
|
||||
name = "Rémi Nicole";
|
||||
};
|
||||
shazow = {
|
||||
email = "andrey.petrov@shazow.net";
|
||||
github = "shazow";
|
||||
name = "Andrey Petrov";
|
||||
};
|
||||
freezeboy = {
|
||||
email = "freezeboy@users.noreply.github.com";
|
||||
github = "freezeboy";
|
||||
name = "freezeboy";
|
||||
};
|
||||
tesq0 = {
|
||||
email = "mikolaj.galkowski@gmail.com";
|
||||
github = "tesq0";
|
||||
name = "Mikolaj Galkowski";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,9 +2,12 @@
|
|||
ansicolors,
|
||||
argparse,
|
||||
basexx,
|
||||
binaryheap,
|
||||
dkjson
|
||||
fifo
|
||||
http
|
||||
inspect
|
||||
ldoc
|
||||
lgi
|
||||
lpeg_patterns
|
||||
lpty
|
||||
|
@ -22,6 +25,7 @@ luaevent,
|
|||
luacheck
|
||||
luaffi,,http://luarocks.org/dev,
|
||||
luuid,
|
||||
markdown,
|
||||
penlight,
|
||||
rapidjson,
|
||||
say,
|
||||
|
|
|
|
@ -76,11 +76,7 @@ FOOTER="
|
|||
function convert_pkg () {
|
||||
nix_pkg_name="$1"
|
||||
lua_pkg_name="$2"
|
||||
server=""
|
||||
if [ ! -z "$3" ]; then
|
||||
server=" --server=$3"
|
||||
fi
|
||||
|
||||
server="${3:+--server=$3}"
|
||||
version="${4:-}"
|
||||
|
||||
echo "looking at $lua_pkg_name (version $version) from server [$server]" >&2
|
||||
|
@ -101,15 +97,15 @@ echo "$HEADER" | tee "$TMP_FILE"
|
|||
# name,server,version
|
||||
while IFS=, read -r nix_pkg_name lua_pkg_name server version
|
||||
do
|
||||
if [ "${nix_pkg_name:0:1}" == "#" ]; then
|
||||
echo "Skipping comment ${nix_pkg_name}" >&2
|
||||
continue
|
||||
fi
|
||||
if [ -z "$lua_pkg_name" ]; then
|
||||
echo "Using nix_name as lua_pkg_name" >&2
|
||||
lua_pkg_name="$nix_pkg_name"
|
||||
fi
|
||||
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
|
||||
if [ "${nix_pkg_name:0:1}" == "#" ]; then
|
||||
echo "Skipping comment ${nix_pkg_name}" >&2
|
||||
continue
|
||||
fi
|
||||
if [ -z "$lua_pkg_name" ]; then
|
||||
echo "Using nix_name as lua_pkg_name" >&2
|
||||
lua_pkg_name="$nix_pkg_name"
|
||||
fi
|
||||
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
|
||||
done < "$CSV_FILE"
|
||||
|
||||
# close the set
|
||||
|
|
86
nixos/modules/config/malloc.nix
Normal file
86
nixos/modules/config/malloc.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.environment.memoryAllocator;
|
||||
|
||||
# The set of alternative malloc(3) providers.
|
||||
providers = {
|
||||
"graphene-hardened" = rec {
|
||||
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
||||
description = ''
|
||||
An allocator designed to mitigate memory corruption attacks, such as
|
||||
those caused by use-after-free bugs.
|
||||
'';
|
||||
};
|
||||
|
||||
"jemalloc" = {
|
||||
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
description = ''
|
||||
A general purpose allocator that emphasizes fragmentation avoidance
|
||||
and scalable concurrency support.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
providerConf = providers."${cfg.provider}";
|
||||
|
||||
# An output that contains only the shared library, to avoid
|
||||
# needlessly bloating the system closure
|
||||
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
|
||||
rec {
|
||||
preferLocalBuild = true;
|
||||
allowSubstitutes = false;
|
||||
origLibPath = providerConf.libPath;
|
||||
libName = baseNameOf origLibPath;
|
||||
}
|
||||
''
|
||||
mkdir -p $out/lib
|
||||
cp -L $origLibPath $out/lib/$libName
|
||||
'';
|
||||
|
||||
# The full path to the selected provider shlib.
|
||||
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
|
||||
in
|
||||
|
||||
{
|
||||
meta = {
|
||||
maintainers = [ maintainers.joachifm ];
|
||||
};
|
||||
|
||||
options = {
|
||||
environment.memoryAllocator.provider = mkOption {
|
||||
type = types.enum ([ "libc" ] ++ attrNames providers);
|
||||
default = "libc";
|
||||
description = ''
|
||||
The system-wide memory allocator.
|
||||
|
||||
Briefly, the system-wide memory allocator providers are:
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
|
||||
${toString (mapAttrsToList
|
||||
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
|
||||
providers)}
|
||||
</itemizedlist>
|
||||
|
||||
<warning>
|
||||
<para>
|
||||
Selecting an alternative allocator (i.e., anything other than
|
||||
<literal>libc</literal>) may result in instability, data loss,
|
||||
and/or service failure.
|
||||
</para>
|
||||
</warning>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
Changing this option does not affect the current session.
|
||||
</para>
|
||||
</note>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (cfg.provider != "libc") {
|
||||
environment.variables.LD_PRELOAD = providerLibPath;
|
||||
};
|
||||
}
|
|
@ -339,6 +339,7 @@
|
|||
rss2email = 312;
|
||||
cockroachdb = 313;
|
||||
zoneminder = 314;
|
||||
paperless = 315;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
|
@ -638,6 +639,7 @@
|
|||
rss2email = 312;
|
||||
cockroachdb = 313;
|
||||
zoneminder = 314;
|
||||
paperless = 315;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
./config/iproute2.nix
|
||||
./config/krb5/default.nix
|
||||
./config/ldap.nix
|
||||
./config/malloc.nix
|
||||
./config/networking.nix
|
||||
./config/no-x-libs.nix
|
||||
./config/nsswitch.nix
|
||||
|
@ -144,6 +145,7 @@
|
|||
./programs/xonsh.nix
|
||||
./programs/xss-lock.nix
|
||||
./programs/yabar.nix
|
||||
./programs/zmap.nix
|
||||
./programs/zsh/oh-my-zsh.nix
|
||||
./programs/zsh/zsh.nix
|
||||
./programs/zsh/zsh-autoenv.nix
|
||||
|
@ -435,6 +437,7 @@
|
|||
./services/misc/octoprint.nix
|
||||
./services/misc/osrm.nix
|
||||
./services/misc/packagekit.nix
|
||||
./services/misc/paperless.nix
|
||||
./services/misc/parsoid.nix
|
||||
./services/misc/phd.nix
|
||||
./services/misc/plex.nix
|
||||
|
|
|
@ -14,6 +14,8 @@ with lib;
|
|||
|
||||
nix.allowedUsers = mkDefault [ "@users" ];
|
||||
|
||||
environment.memoryAllocator.provider = mkDefault "graphene-hardened";
|
||||
|
||||
security.hideProcessInformation = mkDefault true;
|
||||
|
||||
security.lockKernelModules = mkDefault true;
|
||||
|
|
|
@ -8,12 +8,23 @@ in
|
|||
{
|
||||
options.programs.xss-lock = {
|
||||
enable = mkEnableOption "xss-lock";
|
||||
|
||||
lockerCommand = mkOption {
|
||||
default = "${pkgs.i3lock}/bin/i3lock";
|
||||
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
|
||||
type = types.string;
|
||||
description = "Locker to be used with xsslock";
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
default = [ ];
|
||||
example = [ "--ignore-sleep" ];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
Additional command-line arguments to pass to
|
||||
<command>xss-lock</command>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -21,7 +32,13 @@ in
|
|||
description = "XSS Lock Daemon";
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
partOf = [ "graphical-session.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.xss-lock}/bin/xss-lock ${cfg.lockerCommand}";
|
||||
serviceConfig.ExecStart = with lib;
|
||||
strings.concatStringsSep " " ([
|
||||
"${pkgs.xss-lock}/bin/xss-lock"
|
||||
] ++ (map escapeShellArg cfg.extraOptions) ++ [
|
||||
"--"
|
||||
cfg.lockerCommand
|
||||
]);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
18
nixos/modules/programs/zmap.nix
Normal file
18
nixos/modules/programs/zmap.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.zmap;
|
||||
in {
|
||||
options.programs.zmap = {
|
||||
enable = mkEnableOption "ZMap";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.zmap ];
|
||||
|
||||
environment.etc."zmap/blacklist.conf".source = "${pkgs.zmap}/etc/zmap/blacklist.conf";
|
||||
environment.etc."zmap/zmap.conf".source = "${pkgs.zmap}/etc/zmap.conf";
|
||||
};
|
||||
}
|
|
@ -234,6 +234,9 @@ with lib;
|
|||
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
|
||||
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
|
||||
|
||||
# binfmt
|
||||
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
|
||||
|
||||
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
|
||||
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
|
||||
"snmpExporter" "unifiExporter" "varnishExporter" ]
|
||||
|
|
|
@ -29,6 +29,8 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.apparmor-utils ];
|
||||
|
||||
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
|
||||
|
||||
systemd.services.apparmor = let
|
||||
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
|
||||
([ pkgs.apparmor-profiles ] ++ cfg.packages);
|
||||
|
|
|
@ -13,23 +13,17 @@ with lib;
|
|||
default = true;
|
||||
description = ''
|
||||
Whether to allow creation of user namespaces.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The motivation for disabling user namespaces is the potential
|
||||
presence of code paths where the kernel's permission checking
|
||||
logic fails to account for namespacing, instead permitting a
|
||||
namespaced process to act outside the namespace with the same
|
||||
privileges as it would have inside it. This is particularly
|
||||
damaging in the common case of running as root within the namespace.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When user namespace creation is disallowed, attempting to create a
|
||||
user namespace fails with "no space left on device" (ENOSPC).
|
||||
root may re-enable user namespace creation at runtime.
|
||||
</para>
|
||||
<para>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -48,21 +42,15 @@ with lib;
|
|||
Whether to allow SMT/hyperthreading. Disabling SMT means that only
|
||||
physical CPU cores will be usable at runtime, potentially at
|
||||
significant performance cost.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The primary motivation for disabling SMT is to mitigate the risk of
|
||||
leaking data between threads running on the same CPU core (due to
|
||||
e.g., shared caches). This attack vector is unproven.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Disabling SMT is a supplement to the L1 data cache flushing mitigation
|
||||
(see <xref linkend="opt-security.virtualization.flushL1DataCache"/>)
|
||||
versus malicious VM guests (SMT could "bring back" previously flushed
|
||||
data).
|
||||
</para>
|
||||
<para>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -73,10 +61,8 @@ with lib;
|
|||
Whether the hypervisor should flush the L1 data cache before
|
||||
entering guests.
|
||||
See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<variablelist>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>null</literal></term>
|
||||
<listitem><para>uses the kernel default</para></listitem>
|
||||
|
@ -98,7 +84,7 @@ with lib;
|
|||
enters the guest. May incur significant performance cost.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</variablelist>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,20 +2,30 @@
|
|||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.security.rngd;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
security.rngd.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to enable the rng daemon, which adds entropy from
|
||||
hardware sources of randomness to the kernel entropy pool when
|
||||
available.
|
||||
'';
|
||||
security.rngd = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to enable the rng daemon, which adds entropy from
|
||||
hardware sources of randomness to the kernel entropy pool when
|
||||
available.
|
||||
'';
|
||||
};
|
||||
debug = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable debug output (-d).";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.security.rngd.enable {
|
||||
config = mkIf cfg.enable {
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="random", TAG+="systemd"
|
||||
SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
|
||||
|
@ -29,7 +39,15 @@ with lib;
|
|||
|
||||
description = "Hardware RNG Entropy Gatherer Daemon";
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f";
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
|
||||
+ optionalString cfg.debug " -d";
|
||||
NoNewPrivileges = true;
|
||||
PrivateNetwork = true;
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,28 +7,23 @@ let
|
|||
|
||||
planDescription = ''
|
||||
The znapzend backup plan to use for the source.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
The plan specifies how often to backup and for how long to keep the
|
||||
backups. It consists of a series of retention periodes to interval
|
||||
associations:
|
||||
</para>
|
||||
<para>
|
||||
|
||||
<literal>
|
||||
retA=>intA,retB=>intB,...
|
||||
</literal>
|
||||
</para>
|
||||
<para>
|
||||
Both intervals and retention periods are expressed in standard units
|
||||
of time or multiples of them. You can use both the full name or a
|
||||
shortcut according to the following listing:
|
||||
</para>
|
||||
<para>
|
||||
|
||||
Both intervals and retention periods are expressed in standard units
|
||||
of time or multiples of them. You can use both the full name or a
|
||||
shortcut according to the following listing:
|
||||
|
||||
<literal>
|
||||
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
|
||||
</literal>
|
||||
</para>
|
||||
<para>
|
||||
|
||||
See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.
|
||||
'';
|
||||
planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";
|
||||
|
@ -139,12 +134,10 @@ let
|
|||
type = nullOr ints.u16;
|
||||
description = ''
|
||||
Port to use for <command>mbuffer</command>.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
If this is null, it will run <command>mbuffer</command> through
|
||||
ssh.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
If this is not null, it will run <command>mbuffer</command>
|
||||
directly through TCP, which is not encrypted but faster. In that
|
||||
case the given port needs to be open on the destination host.
|
||||
|
|
|
@ -5,11 +5,13 @@ with lib;
|
|||
let
|
||||
cfg = config.services.journalbeat;
|
||||
|
||||
lt6 = builtins.compareVersions cfg.package.version "6" < 0;
|
||||
|
||||
journalbeatYml = pkgs.writeText "journalbeat.yml" ''
|
||||
name: ${cfg.name}
|
||||
tags: ${builtins.toJSON cfg.tags}
|
||||
|
||||
journalbeat.cursor_state_file: ${cfg.stateDir}/cursor-state
|
||||
${optionalString lt6 "journalbeat.cursor_state_file: /var/lib/${cfg.stateDir}/cursor-state"}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
@ -22,6 +24,16 @@ in
|
|||
|
||||
enable = mkEnableOption "journalbeat";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.journalbeat;
|
||||
defaultText = "pkgs.journalbeat";
|
||||
example = literalExample "pkgs.journalbeat7";
|
||||
description = ''
|
||||
The journalbeat package to use
|
||||
'';
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "journalbeat";
|
||||
|
@ -36,13 +48,17 @@ in
|
|||
|
||||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/journalbeat";
|
||||
description = "The state directory. Journalbeat's own logs and other data are stored here.";
|
||||
default = "journalbeat";
|
||||
description = ''
|
||||
Directory below <literal>/var/lib/</literal> to store journalbeat's
|
||||
own logs and other data. This directory will be created automatically
|
||||
using systemd's StateDirectory mechanism.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = ''
|
||||
default = optionalString lt6 ''
|
||||
journalbeat:
|
||||
seek_position: cursor
|
||||
cursor_seek_fallback: tail
|
||||
|
@ -61,7 +77,16 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.services.journalbeat = with pkgs; {
|
||||
assertions = [
|
||||
{
|
||||
assertion = !hasPrefix "/" cfg.stateDir;
|
||||
message =
|
||||
"The option services.journalbeat.stateDir shouldn't be an absolute directory." +
|
||||
" It should be a directory relative to /var/lib/.";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.journalbeat = {
|
||||
description = "Journalbeat log shipper";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
|
@ -69,7 +94,13 @@ in
|
|||
mkdir -p ${cfg.stateDir}/logs
|
||||
'';
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.journalbeat}/bin/journalbeat -c ${journalbeatYml} -path.data ${cfg.stateDir}/data -path.logs ${cfg.stateDir}/logs";
|
||||
StateDirectory = cfg.stateDir;
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/journalbeat \
|
||||
-c ${journalbeatYml} \
|
||||
-path.data /var/lib/${cfg.stateDir}/data \
|
||||
-path.logs /var/lib/${cfg.stateDir}/logs'';
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
185
nixos/modules/services/misc/paperless.nix
Normal file
185
nixos/modules/services/misc/paperless.nix
Normal file
|
@ -0,0 +1,185 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.paperless;
|
||||
|
||||
defaultUser = "paperless";
|
||||
|
||||
manage = cfg.package.withConfig {
|
||||
config = {
|
||||
PAPERLESS_CONSUMPTION_DIR = cfg.consumptionDir;
|
||||
PAPERLESS_INLINE_DOC = "true";
|
||||
PAPERLESS_DISABLE_LOGIN = "true";
|
||||
} // cfg.extraConfig;
|
||||
inherit (cfg) dataDir ocrLanguages;
|
||||
paperlessPkg = cfg.package;
|
||||
};
|
||||
in
|
||||
{
|
||||
options.services.paperless = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable Paperless.
|
||||
|
||||
When started, the Paperless database is automatically created if it doesn't
|
||||
exist and updated if the Paperless package has changed.
|
||||
Both tasks are achieved by running a Django migration.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/paperless";
|
||||
description = "Directory to store the Paperless data.";
|
||||
};
|
||||
|
||||
consumptionDir = mkOption {
|
||||
type = types.str;
|
||||
default = "${cfg.dataDir}/consume";
|
||||
defaultText = "\${dataDir}/consume";
|
||||
description = "Directory from which new documents are imported.";
|
||||
};
|
||||
|
||||
consumptionDirIsPublic = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether all users can write to the consumption dir.";
|
||||
};
|
||||
|
||||
ocrLanguages = mkOption {
|
||||
type = with types; nullOr (listOf string);
|
||||
default = null;
|
||||
description = ''
|
||||
Languages available for OCR via Tesseract, specified as
|
||||
<literal>ISO 639-2/T</literal> language codes.
|
||||
If unset, defaults to all available languages.
|
||||
'';
|
||||
example = [ "eng" "spa" "jpn" ];
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Server listening address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 28981;
|
||||
description = "Server port to listen on.";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
description = ''
|
||||
Extra paperless config options.
|
||||
|
||||
The config values are evaluated as double-quoted Bash string literals.
|
||||
|
||||
See <literal>paperless-src/paperless.conf.example</literal> for available options.
|
||||
|
||||
To enable user authentication, set <literal>PAPERLESS_DISABLE_LOGIN = "false"</literal>
|
||||
and run the shell command <literal>$dataDir/paperless-manage createsuperuser</literal>.
|
||||
|
||||
To define secret options without storing them in /nix/store, use the following pattern:
|
||||
<literal>PAPERLESS_PASSPHRASE = "$(< /etc/my_passphrase_file)"</literal>
|
||||
'';
|
||||
example = literalExample ''
|
||||
{
|
||||
PAPERLESS_OCR_LANGUAGE = "deu";
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = defaultUser;
|
||||
description = "User under which Paperless runs.";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.paperless;
|
||||
defaultText = "pkgs.paperless";
|
||||
description = "The Paperless package to use.";
|
||||
};
|
||||
|
||||
manage = mkOption {
|
||||
type = types.package;
|
||||
readOnly = true;
|
||||
default = manage;
|
||||
description = ''
|
||||
A script to manage the Paperless instance.
|
||||
It wraps Django's manage.py and is also available at
|
||||
<literal>$dataDir/manage-paperless</literal>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.user} - -"
|
||||
] ++ (optional cfg.consumptionDirIsPublic
|
||||
"d '${cfg.consumptionDir}' 777 ${cfg.user} ${cfg.user} - -"
|
||||
# If the consumption dir is not created here, it's automatically created by
|
||||
# 'manage' with the default permissions.
|
||||
);
|
||||
|
||||
systemd.services.paperless-consumer = {
|
||||
description = "Paperless document consumer";
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
ExecStart = "${manage} document_consumer";
|
||||
Restart = "always";
|
||||
};
|
||||
after = [ "systemd-tmpfiles-setup.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
if [[ $(readlink ${cfg.dataDir}/paperless-manage) != ${manage} ]]; then
|
||||
ln -sf ${manage} ${cfg.dataDir}/paperless-manage
|
||||
fi
|
||||
|
||||
${manage.setupEnv}
|
||||
# Auto-migrate on first run or if the package has changed
|
||||
versionFile="$PAPERLESS_DBDIR/src-version"
|
||||
if [[ $(cat "$versionFile" 2>/dev/null) != ${cfg.package} ]]; then
|
||||
python $paperlessSrc/manage.py migrate
|
||||
echo ${cfg.package} > "$versionFile"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.paperless-server = {
|
||||
description = "Paperless document server";
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
ExecStart = "${manage} runserver --noreload ${cfg.address}:${toString cfg.port}";
|
||||
Restart = "always";
|
||||
};
|
||||
# Bind to `paperless-consumer` so that the server never runs
|
||||
# during migrations
|
||||
bindsTo = [ "paperless-consumer.service" ];
|
||||
after = [ "paperless-consumer.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
users = optionalAttrs (cfg.user == defaultUser) {
|
||||
users = [{
|
||||
name = defaultUser;
|
||||
group = defaultUser;
|
||||
uid = config.ids.uids.paperless;
|
||||
home = cfg.dataDir;
|
||||
}];
|
||||
|
||||
groups = [{
|
||||
name = defaultUser;
|
||||
gid = config.ids.gids.paperless;
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -28,14 +28,29 @@ in {
|
|||
path = [ pkgs.coreutils ];
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
unitConfig.documentation = "man:vnstatd(1) man:vnstat(1) man:vnstat.conf(5)";
|
||||
documentation = [
|
||||
"man:vnstatd(1)"
|
||||
"man:vnstat(1)"
|
||||
"man:vnstat.conf(5)"
|
||||
];
|
||||
preStart = "chmod 755 /var/lib/vnstat";
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.vnstat}/bin/vnstatd -n";
|
||||
ExecReload = "${pkgs.procps}/bin/kill -HUP $MAINPID";
|
||||
ProtectHome = true;
|
||||
|
||||
# Hardening (from upstream example service)
|
||||
ProtectSystem = "strict";
|
||||
StateDirectory = "vnstat";
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectKernelModules = true;
|
||||
PrivateTmp = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictNamespaces = true;
|
||||
|
||||
User = "vnstatd";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -26,28 +26,20 @@ in
|
|||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.dbus.packages = [ pkgs.fprintd ];
|
||||
|
||||
environment.systemPackages = [ pkgs.fprintd ];
|
||||
|
||||
systemd.services.fprintd = {
|
||||
description = "Fingerprint Authentication Daemon";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "dbus";
|
||||
BusName = "net.reactivated.Fprint";
|
||||
ExecStart = "${pkgs.fprintd}/libexec/fprintd";
|
||||
};
|
||||
};
|
||||
systemd.packages = [ pkgs.fprintd ];
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -189,6 +189,11 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = xcfg.enable;
|
||||
message = ''
|
||||
LightDM requires services.xserver.enable to be true
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null;
|
||||
message = ''
|
||||
LightDM auto-login requires services.xserver.displayManager.lightdm.autoLogin.user to be set
|
||||
|
|
|
@ -195,6 +195,11 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = xcfg.enable;
|
||||
message = ''
|
||||
SDDM requires services.xserver.enable to be true
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null;
|
||||
message = ''
|
||||
SDDM auto-login requires services.xserver.displayManager.sddm.autoLogin.user to be set
|
||||
|
@ -264,8 +269,8 @@ in
|
|||
};
|
||||
|
||||
environment.etc."sddm.conf".source = cfgFile;
|
||||
environment.pathsToLink = [
|
||||
"/share/sddm"
|
||||
environment.pathsToLink = [
|
||||
"/share/sddm"
|
||||
];
|
||||
|
||||
users.groups.sddm.gid = config.ids.gids.sddm;
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (lib) mkOption types optionalString;
|
||||
|
||||
cfg = config.boot.binfmtMiscRegistrations;
|
||||
cfg = config.boot.binfmt;
|
||||
|
||||
makeBinfmtLine = name: { recognitionType, offset, magicOrExtension
|
||||
, mask, preserveArgvZero, openBinary
|
||||
|
@ -13,125 +13,249 @@ let
|
|||
mask' = toString mask;
|
||||
interpreter = "/run/binfmt/${name}";
|
||||
flags = if !(matchCredentials -> openBinary)
|
||||
then throw "boot.binfmtMiscRegistrations.${name}: you can't specify openBinary = false when matchCredentials = true."
|
||||
then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."
|
||||
else optionalString preserveArgvZero "P" +
|
||||
optionalString (openBinary && !matchCredentials) "O" +
|
||||
optionalString matchCredentials "C" +
|
||||
optionalString fixBinary "F";
|
||||
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
|
||||
|
||||
binfmtFile = builtins.toFile "binfmt_nixos.conf"
|
||||
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine cfg));
|
||||
|
||||
activationSnippet = name: { interpreter, ... }:
|
||||
"ln -sf ${interpreter} /run/binfmt/${name}";
|
||||
activationScript = ''
|
||||
mkdir -p -m 0755 /run/binfmt
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet cfg)}
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
boot.binfmtMiscRegistrations = mkOption {
|
||||
default = {};
|
||||
|
||||
description = ''
|
||||
Extra binary formats to register with the kernel.
|
||||
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
|
||||
'';
|
||||
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
|
||||
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
recognitionType = mkOption {
|
||||
default = "magic";
|
||||
description = "Whether to recognize executables by magic number or extension.";
|
||||
type = types.enum [ "magic" "extension" ];
|
||||
};
|
||||
|
||||
offset = mkOption {
|
||||
default = null;
|
||||
description = "The byte offset of the magic number used for recognition.";
|
||||
type = types.nullOr types.int;
|
||||
};
|
||||
|
||||
magicOrExtension = mkOption {
|
||||
description = "The magic number or extension to match on.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
mask = mkOption {
|
||||
default = null;
|
||||
description =
|
||||
"A mask to be ANDed with the byte sequence of the file before matching";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
interpreter = mkOption {
|
||||
description = ''
|
||||
The interpreter to invoke to run the program.
|
||||
|
||||
Note that the actual registration will point to
|
||||
/run/binfmt/''${name}, so the kernel interpreter length
|
||||
limit doesn't apply.
|
||||
'';
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
preserveArgvZero = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to pass the original argv[0] to the interpreter.
|
||||
|
||||
See the description of the 'P' flag in the kernel docs
|
||||
for more details;
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
openBinary = mkOption {
|
||||
default = config.matchCredentials;
|
||||
description = ''
|
||||
Whether to pass the binary to the interpreter as an open
|
||||
file descriptor, instead of a path.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
matchCredentials = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to launch with the credentials and security
|
||||
token of the binary, not the interpreter (e.g. setuid
|
||||
bit).
|
||||
|
||||
See the description of the 'C' flag in the kernel docs
|
||||
for more details.
|
||||
|
||||
Implies/requires openBinary = true.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
fixBinary = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open the interpreter file as soon as the
|
||||
registration is loaded, rather than waiting for a
|
||||
relevant file to be invoked.
|
||||
|
||||
See the description of the 'F' flag in the kernel docs
|
||||
for more details.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
}));
|
||||
# Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
|
||||
# - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
|
||||
# and
|
||||
# - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
|
||||
# TODO: maybe put these in a JSON file?
|
||||
magics = {
|
||||
armv6l-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
armv7l-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
aarch64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
aarch64_be-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
i386-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
i486-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
i586-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
i686-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
x86_64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
alpha-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
sparc64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
sparc-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
powerpc-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
powerpc64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
powerpc64le-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';
|
||||
};
|
||||
mips-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
mipsel-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
mips64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
mips64el-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
riscv32-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
riscv64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
x86_64-windows = {
|
||||
magicOrExtension = ".exe";
|
||||
recognitionType = "extension";
|
||||
};
|
||||
i686-windows = {
|
||||
magicOrExtension = ".exe";
|
||||
recognitionType = "extension";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (cfg != {}) {
|
||||
environment.etc."binfmt.d/nixos.conf".source = binfmtFile;
|
||||
system.activationScripts.binfmt = activationScript;
|
||||
systemd.additionalUpstreamSystemUnits =
|
||||
in {
|
||||
options = {
|
||||
boot.binfmt = {
|
||||
registrations = mkOption {
|
||||
default = {};
|
||||
|
||||
description = ''
|
||||
Extra binary formats to register with the kernel.
|
||||
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
|
||||
'';
|
||||
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
recognitionType = mkOption {
|
||||
default = "magic";
|
||||
description = "Whether to recognize executables by magic number or extension.";
|
||||
type = types.enum [ "magic" "extension" ];
|
||||
};
|
||||
|
||||
offset = mkOption {
|
||||
default = null;
|
||||
description = "The byte offset of the magic number used for recognition.";
|
||||
type = types.nullOr types.int;
|
||||
};
|
||||
|
||||
magicOrExtension = mkOption {
|
||||
description = "The magic number or extension to match on.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
mask = mkOption {
|
||||
default = null;
|
||||
description =
|
||||
"A mask to be ANDed with the byte sequence of the file before matching";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
interpreter = mkOption {
|
||||
description = ''
|
||||
The interpreter to invoke to run the program.
|
||||
|
||||
Note that the actual registration will point to
|
||||
/run/binfmt/''${name}, so the kernel interpreter length
|
||||
limit doesn't apply.
|
||||
'';
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
preserveArgvZero = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to pass the original argv[0] to the interpreter.
|
||||
|
||||
See the description of the 'P' flag in the kernel docs
|
||||
for more details;
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
openBinary = mkOption {
|
||||
default = config.matchCredentials;
|
||||
description = ''
|
||||
Whether to pass the binary to the interpreter as an open
|
||||
file descriptor, instead of a path.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
matchCredentials = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to launch with the credentials and security
|
||||
token of the binary, not the interpreter (e.g. setuid
|
||||
bit).
|
||||
|
||||
See the description of the 'C' flag in the kernel docs
|
||||
for more details.
|
||||
|
||||
Implies/requires openBinary = true.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
fixBinary = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open the interpreter file as soon as the
|
||||
registration is loaded, rather than waiting for a
|
||||
relevant file to be invoked.
|
||||
|
||||
See the description of the 'F' flag in the kernel docs
|
||||
for more details.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
emulatedSystems = mkOption {
|
||||
default = [];
|
||||
description = ''
|
||||
List of systems to emulate. Will also configure Nix to
|
||||
support your new systems.
|
||||
'';
|
||||
type = types.listOf types.string;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
boot.binfmt.registrations = builtins.listToAttrs (map (system: {
|
||||
name = system;
|
||||
value = {
|
||||
interpreter = getEmulator system;
|
||||
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
|
||||
}) cfg.emulatedSystems);
|
||||
# TODO: add a nix.extraPlatforms option to NixOS!
|
||||
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
|
||||
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
|
||||
'';
|
||||
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
|
||||
([ "/run/binfmt" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
|
||||
|
||||
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
|
||||
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
|
||||
system.activationScripts.binfmt = ''
|
||||
mkdir -p -m 0755 /run/binfmt
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
|
||||
'';
|
||||
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {})
|
||||
[ "proc-sys-fs-binfmt_misc.automount"
|
||||
"proc-sys-fs-binfmt_misc.mount"
|
||||
];
|
||||
|
|
|
@ -62,8 +62,7 @@ in {
|
|||
|
||||
description = ''
|
||||
The resolution of the console. The following values are valid:
|
||||
</para>
|
||||
<para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<literal>"0"</literal>: Standard UEFI 80x25 mode
|
||||
|
|
|
@ -76,6 +76,33 @@ let
|
|||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
wait_gpgcard() {
|
||||
local secs="''${1:-10}"
|
||||
|
||||
gpg --card-status > /dev/null 2> /dev/null
|
||||
if [ $? != 0 ]; then
|
||||
echo -n "Waiting $secs seconds for GPG Card to appear"
|
||||
local success=false
|
||||
for try in $(seq $secs); do
|
||||
echo -n .
|
||||
sleep 1
|
||||
gpg --card-status > /dev/null 2> /dev/null
|
||||
if [ $? == 0 ]; then
|
||||
success=true
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ $success == true ]; then
|
||||
echo " - success";
|
||||
return 0
|
||||
else
|
||||
echo " - failure";
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
'';
|
||||
|
||||
preCommands = ''
|
||||
|
@ -93,6 +120,13 @@ let
|
|||
# For Yubikey salt storage
|
||||
mkdir -p /crypt-storage
|
||||
|
||||
${optionalString luks.gpgSupport ''
|
||||
export GPG_TTY=$(tty)
|
||||
export GNUPGHOME=/crypt-ramfs/.gnupg
|
||||
|
||||
gpg-agent --daemon --scdaemon-program $out/bin/scdaemon > /dev/null 2> /dev/null
|
||||
''}
|
||||
|
||||
# Disable all input echo for the whole stage. We could use read -s
|
||||
# instead but that would ocasionally leak characters between read
|
||||
# invocations.
|
||||
|
@ -105,7 +139,7 @@ let
|
|||
umount /crypt-ramfs 2>/dev/null
|
||||
'';
|
||||
|
||||
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name;
|
||||
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fallbackToPassword, ... }: assert name' == name;
|
||||
let
|
||||
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
|
||||
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
|
||||
|
@ -182,7 +216,7 @@ let
|
|||
''}
|
||||
}
|
||||
|
||||
${if luks.yubikeySupport && (yubikey != null) then ''
|
||||
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
|
||||
# Yubikey
|
||||
rbtohex() {
|
||||
( od -An -vtx1 | tr -d ' \n' )
|
||||
|
@ -278,7 +312,7 @@ let
|
|||
umount /crypt-storage
|
||||
}
|
||||
|
||||
open_yubikey() {
|
||||
open_with_hardware() {
|
||||
if wait_yubikey ${toString yubikey.gracePeriod}; then
|
||||
do_open_yubikey
|
||||
else
|
||||
|
@ -286,8 +320,75 @@ let
|
|||
open_normally
|
||||
fi
|
||||
}
|
||||
''}
|
||||
|
||||
open_yubikey
|
||||
${optionalString (luks.gpgSupport && (gpgCard != null)) ''
|
||||
|
||||
do_open_gpg_card() {
|
||||
# Make all of these local to this function
|
||||
# to prevent their values being leaked
|
||||
local pin
|
||||
local opened
|
||||
|
||||
gpg --import /gpg-keys/${device}/pubkey.asc > /dev/null 2> /dev/null
|
||||
|
||||
gpg --card-status > /dev/null 2> /dev/null
|
||||
|
||||
for try in $(seq 3); do
|
||||
echo -n "PIN for GPG Card associated with device ${device}: "
|
||||
pin=
|
||||
while true; do
|
||||
if [ -e /crypt-ramfs/passphrase ]; then
|
||||
echo "reused"
|
||||
pin=$(cat /crypt-ramfs/passphrase)
|
||||
break
|
||||
else
|
||||
# and try reading it from /dev/console with a timeout
|
||||
IFS= read -t 1 -r pin
|
||||
if [ -n "$pin" ]; then
|
||||
${if luks.reusePassphrases then ''
|
||||
# remember it for the next device
|
||||
echo -n "$pin" > /crypt-ramfs/passphrase
|
||||
'' else ''
|
||||
# Don't save it to ramfs. We are very paranoid
|
||||
''}
|
||||
echo
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
echo -n "Verifying passphrase for ${device}..."
|
||||
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
|
||||
if [ $? == 0 ]; then
|
||||
echo " - success"
|
||||
${if luks.reusePassphrases then ''
|
||||
# we don't rm here because we might reuse it for the next device
|
||||
'' else ''
|
||||
rm -f /crypt-ramfs/passphrase
|
||||
''}
|
||||
break
|
||||
else
|
||||
echo " - failure"
|
||||
# ask for a different one
|
||||
rm -f /crypt-ramfs/passphrase
|
||||
fi
|
||||
done
|
||||
|
||||
[ "$opened" == false ] && die "Maximum authentication errors reached"
|
||||
}
|
||||
|
||||
open_with_hardware() {
|
||||
if wait_gpgcard ${toString gpgCard.gracePeriod}; then
|
||||
do_open_gpg_card
|
||||
else
|
||||
echo "No GPG Card found, falling back to normal open procedure"
|
||||
open_normally
|
||||
fi
|
||||
}
|
||||
''}
|
||||
|
||||
${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) then ''
|
||||
open_with_hardware
|
||||
'' else ''
|
||||
open_normally
|
||||
''}
|
||||
|
@ -473,6 +574,36 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
gpgCard = mkOption {
|
||||
default = null;
|
||||
description = ''
|
||||
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.
|
||||
If null (the default), GPG-Smartcard will be disabled for this device.
|
||||
'';
|
||||
|
||||
type = with types; nullOr (submodule {
|
||||
options = {
|
||||
gracePeriod = mkOption {
|
||||
default = 10;
|
||||
type = types.int;
|
||||
description = "Time in seconds to wait for the GPG Smartcard.";
|
||||
};
|
||||
|
||||
encryptedPass = mkOption {
|
||||
default = "";
|
||||
type = types.path;
|
||||
description = "Path to the GPG encrypted passphrase.";
|
||||
};
|
||||
|
||||
publicKey = mkOption {
|
||||
default = "";
|
||||
type = types.path;
|
||||
description = "Path to the Public Key.";
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
yubikey = mkOption {
|
||||
default = null;
|
||||
description = ''
|
||||
|
@ -554,6 +685,14 @@ in
|
|||
}));
|
||||
};
|
||||
|
||||
boot.initrd.luks.gpgSupport = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enables support for authenticating with a GPG encrypted password.
|
||||
'';
|
||||
};
|
||||
|
||||
boot.initrd.luks.yubikeySupport = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
|
@ -567,6 +706,12 @@ in
|
|||
|
||||
config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) {
|
||||
|
||||
assertions =
|
||||
[ { assertion = !(luks.gpgSupport && luks.yubikeySupport);
|
||||
message = "Yubikey and GPG Card may not be used at the same time.";
|
||||
}
|
||||
];
|
||||
|
||||
# actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
|
||||
boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
|
||||
["firewire_ohci" "firewire_core" "firewire_sbp2"];
|
||||
|
@ -603,6 +748,23 @@ in
|
|||
EOF
|
||||
chmod +x $out/bin/openssl-wrap
|
||||
''}
|
||||
|
||||
${optionalString luks.gpgSupport ''
|
||||
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg
|
||||
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg-agent
|
||||
copy_bin_and_libs ${pkgs.gnupg}/libexec/scdaemon
|
||||
|
||||
${concatMapStringsSep "\n" (x:
|
||||
if x.gpgCard != null then
|
||||
''
|
||||
mkdir -p $out/secrets/gpg-keys/${x.device}
|
||||
cp -a ${x.gpgCard.encryptedPass} $out/secrets/gpg-keys/${x.device}/cryptkey.gpg
|
||||
cp -a ${x.gpgCard.publicKey} $out/secrets/gpg-keys/${x.device}/pubkey.asc
|
||||
''
|
||||
else ""
|
||||
) (attrValues luks.devices)
|
||||
}
|
||||
''}
|
||||
'';
|
||||
|
||||
boot.initrd.extraUtilsCommandsTest = ''
|
||||
|
@ -612,6 +774,11 @@ in
|
|||
$out/bin/ykinfo -V
|
||||
$out/bin/openssl-wrap version
|
||||
''}
|
||||
${optionalString luks.gpgSupport ''
|
||||
$out/bin/gpg --version
|
||||
$out/bin/gpg-agent --version
|
||||
$out/bin/scdaemon --version
|
||||
''}
|
||||
'';
|
||||
|
||||
boot.initrd.preFailCommands = postCommands;
|
||||
|
|
|
@ -35,7 +35,7 @@ in
|
|||
when resolving single-label host names (domain names which
|
||||
contain no dot), in order to qualify them into fully-qualified
|
||||
domain names (FQDNs).
|
||||
</para><para>
|
||||
|
||||
For compatibility reasons, if this setting is not specified,
|
||||
the search domains listed in
|
||||
<filename>/etc/resolv.conf</filename> are used instead, if
|
||||
|
@ -50,8 +50,9 @@ in
|
|||
description = ''
|
||||
Controls Link-Local Multicast Name Resolution support
|
||||
(RFC 4795) on the local host.
|
||||
</para><para>
|
||||
|
||||
If set to
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>"true"</literal></term>
|
||||
|
|
|
@ -65,10 +65,9 @@ let
|
|||
default = [];
|
||||
description = ''
|
||||
Network ports to publish from the container to the outer host.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
Valid formats:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -91,21 +90,19 @@ let
|
|||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para>
|
||||
|
||||
Both <literal>hostPort</literal> and
|
||||
<literal>containerPort</literal> can be specified as a range of
|
||||
ports. When specifying ranges for both, the number of container
|
||||
ports in the range must match the number of host ports in the
|
||||
range. Example: <literal>1234-1236:1234-1236/tcp</literal>
|
||||
</para>
|
||||
<para>
|
||||
|
||||
When specifying a range for <literal>hostPort</literal> only, the
|
||||
<literal>containerPort</literal> must <emphasis>not</emphasis> be a
|
||||
range. In this case, the container port is published somewhere
|
||||
within the specified <literal>hostPort</literal> range. Example:
|
||||
<literal>1234-1236:1234/tcp</literal>
|
||||
</para>
|
||||
<para>
|
||||
|
||||
Refer to the
|
||||
<link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports">
|
||||
Docker engine documentation</link> for full details.
|
||||
|
|
|
@ -104,7 +104,7 @@ in
|
|||
"VBoxNetNAT"
|
||||
"VBoxSDL"
|
||||
"VBoxVolInfo"
|
||||
"VirtualBox"
|
||||
"VirtualBoxVM"
|
||||
]));
|
||||
|
||||
users.groups.vboxusers.gid = config.ids.gids.vboxusers;
|
||||
|
|
|
@ -189,6 +189,7 @@ in
|
|||
pam-oath-login = handleTest ./pam-oath-login.nix {};
|
||||
pam-u2f = handleTest ./pam-u2f.nix {};
|
||||
pantheon = handleTest ./pantheon.nix {};
|
||||
paperless = handleTest ./paperless.nix {};
|
||||
peerflix = handleTest ./peerflix.nix {};
|
||||
pgjwt = handleTest ./pgjwt.nix {};
|
||||
pgmanage = handleTest ./pgmanage.nix {};
|
||||
|
|
|
@ -67,5 +67,12 @@ import ./make-test.nix ({ pkgs, ... }: {
|
|||
# Ensure building an image on top of a layered Docker images work
|
||||
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'");
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}");
|
||||
|
||||
# Ensure order of layers is correct
|
||||
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layersOrder}'");
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer1 | grep -q layer1");
|
||||
# This is to be sure the order of layers of the parent image is preserved
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer2 | grep -q layer2");
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer3 | grep -q layer3");
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -12,6 +12,11 @@ with pkgs.lib;
|
|||
let
|
||||
esUrl = "http://localhost:9200";
|
||||
|
||||
totalHits = message :
|
||||
"curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' " +
|
||||
''-d '{\"query\" : { \"match\" : { \"message\" : \"${message}\"}}}' '' +
|
||||
"| jq .hits.total";
|
||||
|
||||
mkElkTest = name : elk :
|
||||
let elasticsearchGe7 = builtins.compareVersions elk.elasticsearch.version "7" >= 0;
|
||||
in makeTest {
|
||||
|
@ -21,7 +26,7 @@ let
|
|||
};
|
||||
nodes = {
|
||||
one =
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, lib, ... }: {
|
||||
# Not giving the machine at least 2060MB results in elasticsearch failing with the following error:
|
||||
#
|
||||
# OpenJDK 64-Bit Server VM warning:
|
||||
|
@ -40,6 +45,26 @@ let
|
|||
environment.systemPackages = [ pkgs.jq ];
|
||||
|
||||
services = {
|
||||
|
||||
journalbeat = let lt6 = builtins.compareVersions
|
||||
elk.journalbeat.version "6" < 0; in {
|
||||
enable = true;
|
||||
package = elk.journalbeat;
|
||||
extraConfig = mkOptionDefault (''
|
||||
logging:
|
||||
to_syslog: true
|
||||
level: warning
|
||||
metrics.enabled: false
|
||||
output.elasticsearch:
|
||||
hosts: [ "127.0.0.1:9200" ]
|
||||
${optionalString lt6 "template.enabled: false"}
|
||||
'' + optionalString (!lt6) ''
|
||||
journalbeat.inputs:
|
||||
- paths: []
|
||||
seek: cursor
|
||||
'');
|
||||
};
|
||||
|
||||
logstash = {
|
||||
enable = true;
|
||||
package = elk.logstash;
|
||||
|
@ -107,14 +132,19 @@ let
|
|||
testScript = ''
|
||||
startAll;
|
||||
|
||||
# Wait until elasticsearch is listening for connections.
|
||||
$one->waitForUnit("elasticsearch.service");
|
||||
$one->waitForOpenPort(9200);
|
||||
|
||||
# Continue as long as the status is not "red". The status is probably
|
||||
# "yellow" instead of "green" because we are using a single elasticsearch
|
||||
# node which elasticsearch considers risky.
|
||||
#
|
||||
# TODO: extend this test with multiple elasticsearch nodes and see if the status turns "green".
|
||||
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_cluster/health' | jq .status | grep -v red");
|
||||
# TODO: extend this test with multiple elasticsearch nodes
|
||||
# and see if the status turns "green".
|
||||
$one->waitUntilSucceeds(
|
||||
"curl --silent --show-error '${esUrl}/_cluster/health' " .
|
||||
"| jq .status | grep -v red");
|
||||
|
||||
# Perform some simple logstash tests.
|
||||
$one->waitForUnit("logstash.service");
|
||||
|
@ -123,16 +153,28 @@ let
|
|||
|
||||
# See if kibana is healthy.
|
||||
$one->waitForUnit("kibana.service");
|
||||
$one->waitUntilSucceeds("curl --silent --show-error 'http://localhost:5601/api/status' | jq .status.overall.state | grep green");
|
||||
$one->waitUntilSucceeds(
|
||||
"curl --silent --show-error 'http://localhost:5601/api/status' " .
|
||||
"| jq .status.overall.state | grep green");
|
||||
|
||||
# See if logstash messages arive in elasticsearch.
|
||||
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"flowers\"}}}' | jq .hits.total | grep -v 0");
|
||||
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"dragons\"}}}' | jq .hits.total | grep 0");
|
||||
$one->waitUntilSucceeds("${totalHits "flowers"} | grep -v 0");
|
||||
$one->waitUntilSucceeds("${totalHits "dragons"} | grep 0");
|
||||
|
||||
# Test if a message logged to the journal
|
||||
# is ingested by elasticsearch via journalbeat.
|
||||
$one->waitForUnit("journalbeat.service");
|
||||
$one->execute("echo 'Supercalifragilisticexpialidocious' | systemd-cat");
|
||||
$one->waitUntilSucceeds(
|
||||
"${totalHits "Supercalifragilisticexpialidocious"} | grep -v 0");
|
||||
|
||||
'' + optionalString (!elasticsearchGe7) ''
|
||||
# Test elasticsearch-curator.
|
||||
$one->systemctl("stop logstash");
|
||||
$one->systemctl("start elasticsearch-curator");
|
||||
$one->waitUntilSucceeds("! curl --silent --show-error '${esUrl}/_cat/indices' | grep logstash | grep -q ^$1");
|
||||
$one->waitUntilSucceeds(
|
||||
"! curl --silent --show-error '${esUrl}/_cat/indices' " .
|
||||
"| grep logstash | grep -q ^$1");
|
||||
'';
|
||||
};
|
||||
in mapAttrs mkElkTest {
|
||||
|
@ -140,6 +182,7 @@ in mapAttrs mkElkTest {
|
|||
elasticsearch = pkgs.elasticsearch5;
|
||||
logstash = pkgs.logstash5;
|
||||
kibana = pkgs.kibana5;
|
||||
journalbeat = pkgs.journalbeat5;
|
||||
};
|
||||
"ELK-6" =
|
||||
if enableUnfree
|
||||
|
@ -147,11 +190,13 @@ in mapAttrs mkElkTest {
|
|||
elasticsearch = pkgs.elasticsearch6;
|
||||
logstash = pkgs.logstash6;
|
||||
kibana = pkgs.kibana6;
|
||||
journalbeat = pkgs.journalbeat6;
|
||||
}
|
||||
else {
|
||||
elasticsearch = pkgs.elasticsearch6-oss;
|
||||
logstash = pkgs.logstash6-oss;
|
||||
kibana = pkgs.kibana6-oss;
|
||||
journalbeat = pkgs.journalbeat6;
|
||||
};
|
||||
"ELK-7" =
|
||||
if enableUnfree
|
||||
|
@ -159,10 +204,12 @@ in mapAttrs mkElkTest {
|
|||
elasticsearch = pkgs.elasticsearch7;
|
||||
logstash = pkgs.logstash7;
|
||||
kibana = pkgs.kibana7;
|
||||
journalbeat = pkgs.journalbeat7;
|
||||
}
|
||||
else {
|
||||
elasticsearch = pkgs.elasticsearch7-oss;
|
||||
logstash = pkgs.logstash7-oss;
|
||||
kibana = pkgs.kibana7-oss;
|
||||
journalbeat = pkgs.journalbeat7;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ with pkgs.lib;
|
|||
{
|
||||
mysql = makeTest {
|
||||
name = "gitea-mysql";
|
||||
meta.maintainers = [ maintainers.aanderse ];
|
||||
meta.maintainers = with maintainers; [ aanderse kolaente ];
|
||||
|
||||
machine =
|
||||
{ config, pkgs, ... }:
|
||||
|
|
|
@ -27,9 +27,33 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
};
|
||||
|
||||
testScript =
|
||||
let
|
||||
hardened-malloc-tests = pkgs.stdenv.mkDerivation rec {
|
||||
name = "hardened-malloc-tests-${pkgs.graphene-hardened-malloc.version}";
|
||||
src = pkgs.graphene-hardened-malloc.src;
|
||||
buildPhase = ''
|
||||
cd test/simple-memory-corruption
|
||||
make -j4
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
find . -type f -executable -exec install -Dt $out/bin '{}' +
|
||||
'';
|
||||
};
|
||||
in
|
||||
''
|
||||
$machine->waitForUnit("multi-user.target");
|
||||
|
||||
subtest "apparmor-loaded", sub {
|
||||
$machine->succeed("systemctl status apparmor.service");
|
||||
};
|
||||
|
||||
# AppArmor securityfs
|
||||
subtest "apparmor-securityfs", sub {
|
||||
$machine->succeed("mountpoint -q /sys/kernel/security");
|
||||
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
|
||||
};
|
||||
|
||||
# Test loading out-of-tree modules
|
||||
subtest "extra-module-packages", sub {
|
||||
$machine->succeed("grep -Fq wireguard /proc/modules");
|
||||
|
@ -83,5 +107,18 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
$machine->fail("systemctl hibernate");
|
||||
$machine->fail("systemctl kexec");
|
||||
};
|
||||
|
||||
# Test hardened memory allocator
|
||||
sub runMallocTestProg {
|
||||
my ($progName, $errorText) = @_;
|
||||
my $text = "fatal allocator error: " . $errorText;
|
||||
$machine->fail("${hardened-malloc-tests}/bin/" . $progName) =~ $text;
|
||||
};
|
||||
|
||||
subtest "hardenedmalloc", sub {
|
||||
runMallocTestProg("double_free_large", "invalid free");
|
||||
runMallocTestProg("unaligned_free_small", "invalid unaligned free");
|
||||
runMallocTestProg("write_after_free_small", "detected write after free");
|
||||
};
|
||||
'';
|
||||
})
|
||||
|
|
29
nixos/tests/paperless.nix
Normal file
29
nixos/tests/paperless.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
import ./make-test.nix ({ lib, ... } : {
|
||||
name = "paperless";
|
||||
meta = with lib.maintainers; {
|
||||
maintainers = [ earvstedt ];
|
||||
};
|
||||
|
||||
machine = { pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ imagemagick jq ];
|
||||
services.paperless = {
|
||||
enable = true;
|
||||
ocrLanguages = [ "eng" ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
$machine->waitForUnit("paperless-consumer.service");
|
||||
# Create test doc
|
||||
$machine->succeed('convert -size 400x40 xc:white -font "DejaVu-Sans" -pointsize 20 -fill black \
|
||||
-annotate +5+20 "hello world 16-10-2005" /var/lib/paperless/consume/doc.png');
|
||||
|
||||
$machine->waitForUnit("paperless-server.service");
|
||||
# Wait until server accepts connections
|
||||
$machine->waitUntilSucceeds("curl -s localhost:28981");
|
||||
# Wait until document is consumed
|
||||
$machine->waitUntilSucceeds('(($(curl -s localhost:28981/api/documents/ | jq .count) == 1))');
|
||||
$machine->succeed("curl -s localhost:28981/api/documents/ | jq '.results | .[0] | .created'")
|
||||
=~ /2005-10-16/ or die;
|
||||
'';
|
||||
})
|
|
@ -2,9 +2,26 @@
|
|||
config ? {},
|
||||
pkgs ? import ../.. { inherit system config; },
|
||||
debug ? false,
|
||||
enableUnfree ? false
|
||||
enableUnfree ? false,
|
||||
# Nested KVM virtualization (https://www.linux-kvm.org/page/Nested_Guests)
|
||||
# requires a modprobe flag on the build machine: (kvm-amd for AMD CPUs)
|
||||
# boot.extraModprobeConfig = "options kvm-intel nested=Y";
|
||||
# Without this VirtualBox will use SW virtualization and will only be able
|
||||
# to run 32-bit guests.
|
||||
useKvmNestedVirt ? false,
|
||||
# Whether to run 64-bit guests instead of 32-bit. Requires nested KVM.
|
||||
use64bitGuest ? false,
|
||||
# Whether to enable the virtual UART in VirtualBox guests, allowing to see
|
||||
# the guest console. There is currently a bug in VirtualBox where this will
|
||||
# cause a crash if running with SW virtualization
|
||||
# (https://www.virtualbox.org/ticket/18632). If you need to debug the tests
|
||||
# then enable this and nested KVM to work around the crash (see above).
|
||||
enableVBoxUART ? false
|
||||
}:
|
||||
|
||||
assert use64bitGuest -> useKvmNestedVirt;
|
||||
assert enableVBoxUART -> useKvmNestedVirt; # VirtualBox bug, see above
|
||||
|
||||
with import ../lib/testing.nix { inherit system pkgs; };
|
||||
with pkgs.lib;
|
||||
|
||||
|
@ -94,7 +111,7 @@ let
|
|||
|
||||
testVM = vmName: vmScript: let
|
||||
cfg = (import ../lib/eval-config.nix {
|
||||
system = "i686-linux";
|
||||
system = if use64bitGuest then "x86_64-linux" else "i686-linux";
|
||||
modules = [
|
||||
../modules/profiles/minimal.nix
|
||||
(testVMConfig vmName vmScript)
|
||||
|
@ -141,13 +158,15 @@ let
|
|||
sharePath = "/home/alice/vboxshare-${name}";
|
||||
|
||||
createFlags = mkFlags [
|
||||
"--ostype Linux26"
|
||||
"--ostype ${if use64bitGuest then "Linux26_64" else "Linux26"}"
|
||||
"--register"
|
||||
];
|
||||
|
||||
vmFlags = mkFlags ([
|
||||
"--uart1 0x3F8 4"
|
||||
"--uartmode1 client /run/virtualbox-log-${name}.sock"
|
||||
vmFlags = mkFlags (
|
||||
(optionals enableVBoxUART [
|
||||
"--uart1 0x3F8 4"
|
||||
"--uartmode1 client /run/virtualbox-log-${name}.sock"
|
||||
]) ++ [
|
||||
"--memory 768"
|
||||
"--audio none"
|
||||
] ++ (attrs.vmFlags or []));
|
||||
|
@ -180,7 +199,7 @@ let
|
|||
];
|
||||
in {
|
||||
machine = {
|
||||
systemd.sockets."vboxtestlog-${name}" = {
|
||||
systemd.sockets."vboxtestlog-${name}" = mkIf enableVBoxUART {
|
||||
description = "VirtualBox Test Machine Log Socket For ${name}";
|
||||
wantedBy = [ "sockets.target" ];
|
||||
before = [ "multi-user.target" ];
|
||||
|
@ -188,7 +207,7 @@ let
|
|||
socketConfig.Accept = true;
|
||||
};
|
||||
|
||||
systemd.services."vboxtestlog-${name}@" = {
|
||||
systemd.services."vboxtestlog-${name}@" = mkIf enableVBoxUART {
|
||||
description = "VirtualBox Test Machine Log For ${name}";
|
||||
serviceConfig.StandardInput = "socket";
|
||||
serviceConfig.StandardOutput = "syslog";
|
||||
|
@ -346,6 +365,8 @@ let
|
|||
vmConfigs = mapAttrsToList mkVMConf vms;
|
||||
in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
|
||||
virtualisation.memorySize = 2048;
|
||||
virtualisation.qemu.options =
|
||||
if useKvmNestedVirt then ["-cpu" "kvm64,vmx=on"] else [];
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
users.users.alice.extraGroups = let
|
||||
|
@ -412,9 +433,14 @@ in mapAttrs (mkVBoxTest false vboxVMs) {
|
|||
);
|
||||
$machine->sleep(5);
|
||||
$machine->screenshot("gui_manager_started");
|
||||
# Home to select Tools, down to move to the VM, enter to start it.
|
||||
$machine->sendKeys("home");
|
||||
$machine->sendKeys("down");
|
||||
$machine->sendKeys("ret");
|
||||
$machine->screenshot("gui_manager_sent_startup");
|
||||
waitForStartup_simple (sub {
|
||||
$machine->sendKeys("home");
|
||||
$machine->sendKeys("down");
|
||||
$machine->sendKeys("ret");
|
||||
});
|
||||
$machine->screenshot("gui_started");
|
||||
|
|
|
@ -6,19 +6,35 @@ with lib;
|
|||
name = "xss-lock";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
|
||||
|
||||
machine = {
|
||||
imports = [ ./common/x11.nix ./common/user-account.nix ];
|
||||
programs.xss-lock.enable = true;
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
nodes = {
|
||||
simple = {
|
||||
imports = [ ./common/x11.nix ./common/user-account.nix ];
|
||||
programs.xss-lock.enable = true;
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
};
|
||||
|
||||
custom_lockcmd = { pkgs, ... }: {
|
||||
imports = [ ./common/x11.nix ./common/user-account.nix ];
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
|
||||
programs.xss-lock = {
|
||||
enable = true;
|
||||
extraOptions = [ "-n" "${pkgs.libnotify}/bin/notify-send 'About to sleep!'"];
|
||||
lockerCommand = "${pkgs.xlockmore}/bin/xlock -mode ant";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
$machine->start;
|
||||
$machine->waitForX;
|
||||
$machine->waitForUnit("xss-lock.service", "alice");
|
||||
startAll;
|
||||
|
||||
$machine->fail("pgrep xlock");
|
||||
$machine->succeed("su -l alice -c 'xset dpms force standby'");
|
||||
$machine->waitUntilSucceeds("pgrep i3lock");
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: lockCmd: ''
|
||||
${"$"+name}->start;
|
||||
${"$"+name}->waitForX;
|
||||
${"$"+name}->waitForUnit("xss-lock.service", "alice");
|
||||
${"$"+name}->fail("pgrep ${lockCmd}");
|
||||
${"$"+name}->succeed("su -l alice -c 'xset dpms force standby'");
|
||||
${"$"+name}->waitUntilSucceeds("pgrep ${lockCmd}");
|
||||
'') { simple = "i3lock"; custom_lockcmd = "xlock"; })}
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
--- code-r100/configure.ac 2014-09-25 23:44:41.059174904 +0200
|
||||
+++ code-r100.new/configure.ac 2014-09-26 01:37:18.507017390 +0200
|
||||
@@ -44,6 +44,8 @@
|
||||
[AC_MSG_ERROR(CONFIG: You need libxml2-dev installed.
|
||||
http://www.xmlsoft.org/)])
|
||||
|
||||
+PKG_CHECK_MODULES([libxml], [libxml-2.0])
|
||||
+
|
||||
AC_CHECK_LIB([m], [sqrt], , [AC_MSG_ERROR(CORE: You need libm installed)])
|
||||
AC_CHECK_LIB([pthread], [pthread_self], , [AC_MSG_ERROR(CORE: You need libpthread installed)])
|
||||
|
||||
@@ -79,12 +81,12 @@
|
||||
echo "--- Enabling USB LCD display --";
|
||||
fi
|
||||
|
||||
-#SDL_VERSION=1.2.4
|
||||
-#AM_PATH_SDL($SDL_VERSION,
|
||||
-# :,
|
||||
-# AC_MSG_ERROR([VIDEO: *** SDL version $SDL_VERSION not found!
|
||||
-# http://www.libsdl.org/])
|
||||
-#)
|
||||
+SDL_VERSION=1.2.4
|
||||
+AM_PATH_SDL($SDL_VERSION,
|
||||
+ :,
|
||||
+ AC_MSG_ERROR([VIDEO: *** SDL version $SDL_VERSION not found!
|
||||
+ http://www.libsdl.org/])
|
||||
+)
|
||||
|
||||
AC_CHECK_LIB([vorbis], [main], ,
|
||||
[AC_MSG_ERROR(AUDIO: You need libvorbis-dev installed.
|
||||
@@ -95,6 +97,9 @@
|
||||
AC_CHECK_LIB([vorbisenc], [main], ,
|
||||
[AC_MSG_ERROR(AUDIO: You need libvorbis-dev installed.
|
||||
http://www.xiph.org/ogg/vorbis/)])
|
||||
+AC_CHECK_LIB([ogg], [main], ,
|
||||
+ [AC_MSG_ERROR(AUDIO: You need libogg-dev installed.
|
||||
+ http://www.xiph.org/ogg/)])
|
||||
|
||||
AC_CHECK_LIB([sndfile], [main], ,
|
||||
[AC_MSG_ERROR(AUDIO: you need libsndfile installed.
|
|
@ -1,13 +0,0 @@
|
|||
--- code-r100/src/Makefile.am 2014-09-25 23:44:41.043174832 +0200
|
||||
+++ code-r100.new/src/Makefile.am 2014-09-26 01:21:03.750015888 +0200
|
||||
@@ -24,7 +24,8 @@
|
||||
|
||||
fweelindir = $(datadir)/fweelin
|
||||
|
||||
-FWEELIN_CFLAGS = -I. -g -Wall -Wno-write-strings -Wno-non-virtual-dtor -D_REENTRANT -DPTHREADS -DNDEBUG -DVERSION=\"$(VERSION)\" -DFWEELIN_DATADIR=\"$(fweelindir)\" -DADDON_DIR=\"/usr/local/lib/jack\" -I/usr/include/freetype2 -I/usr/include/libxml2 -funroll-loops -finline-functions -fomit-frame-pointer -ffast-math -fexpensive-optimizations -fstrict-aliasing -falign-loops=2 -falign-jumps=2 -falign-functions=2 -O9
|
||||
+XML_CFLAGS = `xml2-config --cflags`
|
||||
+FWEELIN_CFLAGS = -I. -g -Wall -Wno-write-strings -Wno-non-virtual-dtor -D_REENTRANT -DPTHREADS -DNDEBUG -DVERSION=\"$(VERSION)\" -DFWEELIN_DATADIR=\"$(fweelindir)\" -DADDON_DIR=\"/usr/local/lib/jack\" -I/usr/include/freetype2 $(XML_CFLAGS) -funroll-loops -finline-functions -fomit-frame-pointer -ffast-math -fexpensive-optimizations -fstrict-aliasing -falign-loops=2 -falign-jumps=2 -falign-functions=2 -O9
|
||||
|
||||
AM_CFLAGS = $(CFLAGS) $(FWEELIN_CFLAGS)
|
||||
-AM_CXXFLAGS = $(CFLAGS) $(CXXFLAGS) $(FWEELIN_CFLAGS)
|
||||
+AM_CXXFLAGS = $(CFLAGS) $(CXXFLAGS) $(FWEELIN_CFLAGS) ${libxml2_CFLAGS}
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
pythonPackages.buildPythonApplication rec {
|
||||
pname = "Mopidy-Iris";
|
||||
version = "3.37.0";
|
||||
version = "3.37.1";
|
||||
|
||||
src = pythonPackages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1fy802jx3817ldrm3g5inrfjbi7s8xcx96pnglbq54nvp41lzyh5";
|
||||
sha256 = "0qcg456k7av0anymmmnlcn0v4642gbgk0nhic6w9bg9v5m0nj9ll";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -29,17 +29,17 @@
|
|||
# handle that.
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "qmmp-1.3.1";
|
||||
name = "qmmp-1.3.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
|
||||
sha256 = "1dmybzibpr6hpr2iv1wvrjgww842mng2x0rh1mr8gs8j191xvlhw";
|
||||
sha256 = "1rh063kcyg7gs9yj2r4v5irpnq4pjaxaxsgrw30mdr21xhhc15cz";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
buildInputs =
|
||||
[ # basic requirements
|
||||
cmake pkgconfig xlibsWrapper
|
||||
qtbase qttools qtmultimedia qtx11extras
|
||||
qtbase qttools qtmultimedia qtx11extras xlibsWrapper
|
||||
# transports
|
||||
curl libmms
|
||||
# input plugins
|
||||
|
|
|
@ -72,8 +72,9 @@ with stdenv.lib; stdenv.mkDerivation rec {
|
|||
meta = with stdenv.lib; {
|
||||
description = "Open-source virtual modular synthesizer";
|
||||
homepage = http://vcvrack.com/;
|
||||
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or unfree
|
||||
license = [ licenses.bsd3 licenses.cc-by-nc-40 licenses.unfree ];
|
||||
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or under a
|
||||
# no-derivatives clause
|
||||
license = with licenses; [ bsd3 cc-by-nc-40 unfreeRedistributable ];
|
||||
maintainers = with maintainers; [ moredread ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
|
|
@ -12,11 +12,11 @@ let
|
|||
build = "183.5452501";
|
||||
sha256Hash = "0i8wz9v6nxzr27a07cv2330i84v94pcl13gjwvpglp55hyzd8axd";
|
||||
};
|
||||
betaVersion = stableVersion;
|
||||
betaVersion = latestVersion;
|
||||
latestVersion = { # canary & dev
|
||||
version = "3.5.0.12"; # "Android Studio 3.5 Canary 13"
|
||||
build = "191.5487692";
|
||||
sha256Hash = "0iwd2qa551rs9b0w4rs7wmzdbh3r4j76xvs815l6i5pilk0s47gz";
|
||||
version = "3.5.0.13"; # "Android Studio 3.5 Beta 1"
|
||||
build = "191.5529924";
|
||||
sha256Hash = "0i710n2wr0a8lvxf1mg6a5pmdh1l72wa0hwyricyixi0mylwwc6l";
|
||||
};
|
||||
in rec {
|
||||
# Attributes are named by their corresponding release channels
|
||||
|
|
|
@ -4,12 +4,12 @@ with stdenv.lib;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "howl-${version}";
|
||||
version = "0.5.3";
|
||||
version = "0.6";
|
||||
|
||||
# Use the release tarball containing pre-downloaded dependencies sources
|
||||
src = fetchurl {
|
||||
url = "https://github.com/howl-editor/howl/releases/download/0.5.3/howl-0.5.3.tgz";
|
||||
sha256 = "0gnc8vr5h8mwapbcqc1zr9la62rb633awyqgy8q7pwjpiy85a03v";
|
||||
url = "https://github.com/howl-editor/howl/releases/download/${version}/howl-${version}.tgz";
|
||||
sha256 = "1qc58l3rkr37cj6vhf8c7bnwbz93nscyraz7jxqwjq6k4gj0cjw3";
|
||||
};
|
||||
|
||||
sourceRoot = "./howl-${version}/src";
|
||||
|
|
|
@ -263,12 +263,12 @@ in
|
|||
|
||||
datagrip = buildDataGrip rec {
|
||||
name = "datagrip-${version}";
|
||||
version = "2019.1.1"; /* updated by script */
|
||||
version = "2019.1.2"; /* updated by script */
|
||||
description = "Your Swiss Army Knife for Databases and SQL";
|
||||
license = stdenv.lib.licenses.unfree;
|
||||
src = fetchurl {
|
||||
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
|
||||
sha256 = "0w6hasb8vcbxdqmb0pngwr2jg0w14prqb4v7blraa5jf1xyyiayd"; /* updated by script */
|
||||
sha256 = "0157ccc94pwk4a8r1pvvjzd0g4liqqns6b0cmimfjhxsh6bnarww"; /* updated by script */
|
||||
};
|
||||
wmClass = "jetbrains-datagrip";
|
||||
update-channel = "DataGrip RELEASE";
|
||||
|
@ -354,12 +354,12 @@ in
|
|||
|
||||
rider = buildRider rec {
|
||||
name = "rider-${version}";
|
||||
version = "2018.3.4"; /* updated by script */
|
||||
version = "2019.1.1"; /* updated by script */
|
||||
description = "A cross-platform .NET IDE based on the IntelliJ platform and ReSharper";
|
||||
license = stdenv.lib.licenses.unfree;
|
||||
src = fetchurl {
|
||||
url = "https://download.jetbrains.com/rider/JetBrains.Rider-${version}.tar.gz";
|
||||
sha256 = "1klmg8wgj3shp4s0n2nn7n39zsk1mch6g9ifhwn5cgywpbzgam4p"; /* updated by script */
|
||||
sha256 = "0441y92b3xqf7xh8k4vc0m7dfm91psnrwlv3mjzbsv09jrk1kbq7"; /* updated by script */
|
||||
};
|
||||
wmClass = "jetbrains-rider";
|
||||
update-channel = "Rider RELEASE";
|
||||
|
|
|
@ -21,13 +21,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "neovim-unwrapped-${version}";
|
||||
version = "0.3.4";
|
||||
version = "0.3.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "neovim";
|
||||
repo = "neovim";
|
||||
rev = "v${version}";
|
||||
sha256 = "07ncvgp6xfhiwc6hd7qf7zk28n3yj47p26qj1ji29vqkwnk28y3s";
|
||||
sha256 = "113lrr9gwimvvzlkwlishm4cjqcf30xq9jfxn7vh41ckgnbiwf3w";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
diff --git a/src/cpp/desktop/CMakeLists.txt b/src/cpp/desktop/CMakeLists.txt
|
||||
index f5701bf735..27af4148ff 100644
|
||||
--- a/src/cpp/desktop/CMakeLists.txt
|
||||
+++ b/src/cpp/desktop/CMakeLists.txt
|
||||
@@ -112,6 +112,7 @@ find_package(Qt5WebEngine REQUIRED)
|
||||
find_package(Qt5WebEngineWidgets REQUIRED)
|
||||
find_package(Qt5PrintSupport REQUIRED)
|
||||
find_package(Qt5Quick REQUIRED)
|
||||
+find_package(Qt5QuickWidgets REQUIRED)
|
||||
find_package(Qt5Positioning REQUIRED)
|
||||
find_package(Qt5Sensors REQUIRED)
|
||||
find_package(Qt5Svg REQUIRED)
|
||||
--
|
||||
2.17.1
|
||||
|
|
@ -8,6 +8,7 @@
|
|||
, qtsvg
|
||||
, qtwebengine
|
||||
|
||||
, akonadi-contacts
|
||||
, kcalcore
|
||||
, kconfigwidgets
|
||||
, kcoreaddons
|
||||
|
@ -50,14 +51,14 @@
|
|||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
name = "digikam-${version}";
|
||||
version = "6.0.0";
|
||||
pname = "digikam";
|
||||
version = "6.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "KDE";
|
||||
repo = "digikam";
|
||||
rev = "v${version}";
|
||||
sha256 = "1ifvrn0bm7fp07d059rl4dy146qzdxafl36ipxg1fg00dkv95hh4";
|
||||
sha256 = "0h0jqfgpanhxfi3r7cgip58ppypqx79z6c5jj7i7f19hp2zziip8";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake doxygen extra-cmake-modules kdoctools wrapGAppsHook ];
|
||||
|
@ -88,6 +89,7 @@ mkDerivation rec {
|
|||
qtsvg
|
||||
qtwebengine
|
||||
|
||||
akonadi-contacts
|
||||
kcalcore
|
||||
kconfigwidgets
|
||||
kcoreaddons
|
||||
|
@ -112,6 +114,7 @@ mkDerivation rec {
|
|||
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ gnumake hugin enblend-enfuse ]})
|
||||
gappsWrapperArgs+=(--suffix DK_PLUGIN_PATH : ${placeholder "out"}/${qtbase.qtPluginPrefix}/${pname})
|
||||
substituteInPlace $out/bin/digitaglinktree \
|
||||
--replace "/usr/bin/perl" "${perl}/bin/perl" \
|
||||
--replace "/usr/bin/sqlite3" "${sqlite}/bin/sqlite3"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, plugins ? null}:
|
||||
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, gnome3, plugins ? null}:
|
||||
|
||||
let
|
||||
allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation" && !pkg.meta.broken or false) (lib.attrValues gimpPlugins);
|
||||
|
@ -17,6 +17,7 @@ in symlinkJoin {
|
|||
for each in gimp-${versionBranch} gimp-console-${versionBranch}; do
|
||||
wrapProgram $out/bin/$each \
|
||||
--set GIMP2_PLUGINDIR "$out/lib/gimp/2.0" \
|
||||
--prefix GTK_PATH : "${gnome3.gnome-themes-extra}/lib/gtk-2.0" \
|
||||
${toString extraArgs}
|
||||
done
|
||||
set +x
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ipe-7.2.11";
|
||||
name = "ipe-7.2.12";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://dl.bintray.com/otfried/generic/ipe/7.2/${name}-src.tar.gz";
|
||||
sha256 = "09d71fdpiz359mcnb57460w2mcfizvlnidd6g1k4c3v6rglwlbd2";
|
||||
sha256 = "1qw1cmwzi3wxk4x916i9y4prhi9brnwl14i9a1cbw23x1sr7i6kw";
|
||||
};
|
||||
|
||||
sourceRoot = "${name}/src";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, fetchFromGitHub, qt5, libsForQt5
|
||||
, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
|
||||
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext
|
||||
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext, freetype, fontconfig
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -18,11 +18,13 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ bison flex pkgconfig ];
|
||||
|
||||
buildInputs = [
|
||||
bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib
|
||||
pkgconfig harfbuzz gettext
|
||||
]
|
||||
++ (with qt5; [qtbase qmake])
|
||||
eigen boost glew opencsg cgal mpfr gmp glib
|
||||
harfbuzz gettext freetype fontconfig
|
||||
] ++ stdenv.lib.optional stdenv.isLinux libGLU_combined
|
||||
++ (with qt5; [qtbase qmake] ++ stdenv.lib.optional stdenv.isDarwin qtmacextras)
|
||||
++ (with libsForQt5; [qscintilla])
|
||||
;
|
||||
|
||||
|
@ -33,6 +35,17 @@ stdenv.mkDerivation rec {
|
|||
|
||||
doCheck = false;
|
||||
|
||||
postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
|
||||
mkdir $out/Applications
|
||||
mv $out/bin/*.app $out/Applications
|
||||
rmdir $out/bin || true
|
||||
|
||||
mv --target-directory=$out/Applications/OpenSCAD.app/Contents/Resources \
|
||||
$out/share/openscad/{examples,color-schemes,locale,libraries,fonts}
|
||||
|
||||
rmdir $out/share/openscad
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "3D parametric model compiler";
|
||||
longDescription = ''
|
||||
|
@ -48,7 +61,7 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
homepage = http://openscad.org/;
|
||||
license = stdenv.lib.licenses.gpl2;
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
maintainers = with stdenv.lib.maintainers;
|
||||
[ bjornfor raskin the-kenny ];
|
||||
};
|
||||
|
|
|
@ -12,14 +12,14 @@ let
|
|||
};
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.2";
|
||||
version = "1.4";
|
||||
name = "renderdoc-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "baldurk";
|
||||
repo = "renderdoc";
|
||||
rev = "v${version}";
|
||||
sha256 = "0s1q5d58x18yz3nf94pv5i1qd2hc0a4gdj4qkpcn8s6ms2x05pz4";
|
||||
sha256 = "1iann73r4yzkwnm13h4zqipqrp5i5cnkv27yyap0axz6h3npw94r";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
mkDerivation, lib,
|
||||
extra-cmake-modules, kdoctools, ki18n, makeWrapper,
|
||||
akonadi-contacts, gnupg1, karchive, kcodecs, kcontacts, kcoreaddons,
|
||||
akonadi-contacts, gnupg, karchive, kcodecs, kcontacts, kcoreaddons,
|
||||
kcrash, kdbusaddons, kiconthemes, kjobwidgets, kio, knotifications, kservice,
|
||||
ktextwidgets, kxmlgui, kwidgetsaddons, kwindowsystem, qgpgme,
|
||||
}:
|
||||
|
@ -10,12 +10,12 @@ mkDerivation {
|
|||
name = "kgpg";
|
||||
nativeBuildInputs = [ extra-cmake-modules kdoctools makeWrapper ];
|
||||
buildInputs = [
|
||||
akonadi-contacts gnupg1 karchive kcodecs kcontacts kcoreaddons kcrash
|
||||
akonadi-contacts gnupg karchive kcodecs kcontacts kcoreaddons kcrash
|
||||
kdbusaddons ki18n kiconthemes kjobwidgets kio knotifications kservice
|
||||
ktextwidgets kxmlgui kwidgetsaddons kwindowsystem qgpgme
|
||||
];
|
||||
postFixup = ''
|
||||
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg1 ]}"
|
||||
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg ]}"
|
||||
'';
|
||||
meta = {
|
||||
license = [ lib.licenses.gpl2 ];
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, lib, stdenv, fetchurl, CoreAudio
|
||||
{ config, lib, stdenv, fetchurl, pkgconfig, CoreAudio
|
||||
, enableAlsa ? true, alsaLib ? null
|
||||
, enableLibao ? true, libao ? null
|
||||
, enableLame ? config.sox.enableLame or false, lame ? null
|
||||
, enableLibmad ? true, libmad ? null
|
||||
, enableLibogg ? true, libogg ? null, libvorbis ? null
|
||||
, enableOpusfile ? true, opusfile ? null
|
||||
, enableFLAC ? true, flac ? null
|
||||
, enablePNG ? true, libpng ? null
|
||||
, enableLibsndfile ? true, libsndfile ? null
|
||||
|
@ -22,12 +23,16 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";
|
||||
};
|
||||
|
||||
# configure.ac uses pkg-config only to locate libopusfile
|
||||
nativeBuildInputs = optional enableOpusfile pkgconfig;
|
||||
|
||||
buildInputs =
|
||||
optional (enableAlsa && stdenv.isLinux) alsaLib ++
|
||||
optional enableLibao libao ++
|
||||
optional enableLame lame ++
|
||||
optional enableLibmad libmad ++
|
||||
optionals enableLibogg [ libogg libvorbis ] ++
|
||||
optional enableOpusfile opusfile ++
|
||||
optional enableFLAC flac ++
|
||||
optional enablePNG libpng ++
|
||||
optional enableLibsndfile libsndfile ++
|
||||
|
|
45
pkgs/applications/misc/bemenu/default.nix
Normal file
45
pkgs/applications/misc/bemenu/default.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
|
||||
, pango, fribidi, harfbuzz, pcre, pkgconfig
|
||||
, ncursesSupport ? true, ncurses ? null
|
||||
, waylandSupport ? true, wayland ? null
|
||||
, x11Support ? true, xlibs ? null, xorg ? null
|
||||
}:
|
||||
|
||||
assert ncursesSupport -> ncurses != null;
|
||||
assert waylandSupport -> wayland != null;
|
||||
assert x11Support -> xlibs != null && xorg != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bemenu";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Cloudef";
|
||||
repo = "bemenu";
|
||||
rev = "33e540a2b04ce78f5c7ab4a60b899c67f586cc32";
|
||||
sha256 = "11h55m9dx6ai12pqij52ydjm36dvrcc856pa834njihrp626pl4w";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig pcre ];
|
||||
|
||||
buildInputs = with stdenv.lib; [
|
||||
cairo
|
||||
fribidi
|
||||
harfbuzz
|
||||
libxkbcommon
|
||||
pango
|
||||
] ++ optionals ncursesSupport [ ncurses ]
|
||||
++ optionals waylandSupport [ wayland ]
|
||||
++ optionals x11Support [
|
||||
xlibs.libX11 xlibs.libXinerama xlibs.libXft
|
||||
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/Cloudef/bemenu";
|
||||
description = "Dynamic menu library and client program inspired by dmenu";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ thiagokokada ];
|
||||
platforms = with platforms; linux;
|
||||
};
|
||||
}
|
|
@ -9,17 +9,13 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0vw2xi6a2lrhrb8n55zq9lv4mzxhby4xdf3hmi1vlfpyrpdwkjzd";
|
||||
};
|
||||
|
||||
buildInputs = [ ncurses gettext python3 ];
|
||||
buildInputs = [ ncurses gettext python3 python3Packages.wrapPython ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
# Build Python environment with httplib2 for calcurse-caldav
|
||||
pythonEnv = python3Packages.python.buildEnv.override {
|
||||
extraLibs = [ python3Packages.httplib2 ];
|
||||
};
|
||||
propagatedBuildInputs = [ pythonEnv ];
|
||||
|
||||
postInstall = ''
|
||||
substituteInPlace $out/bin/calcurse-caldav --replace /usr/bin/python3 ${pythonEnv}/bin/python3
|
||||
patchShebangs .
|
||||
buildPythonPath ${python3Packages.httplib2}
|
||||
patchPythonScript $out/bin/calcurse-caldav
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -1,28 +1,36 @@
|
|||
{ stdenv, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
|
||||
{ stdenv, fetchurl, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
|
||||
|
||||
let
|
||||
qdarkstyle = python3Packages.buildPythonPackage rec {
|
||||
pname = "QDarkStyle";
|
||||
version = "2.5.4";
|
||||
src = python3Packages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1w715m1i5pycfqcpkrggpn0rs9cakx6cm5v8rggcxnf4p0i0kdiy";
|
||||
};
|
||||
doCheck = false; # no tests
|
||||
version = "3.3.5";
|
||||
|
||||
# Not provided in official source releases, which are what upstream signs.
|
||||
tests = fetchFromGitHub {
|
||||
owner = "spesmilo";
|
||||
repo = "electrum";
|
||||
rev = version;
|
||||
sha256 = "11rzzrv5xxqazcb7q1ig93d6cisqmd1x0jrgvfgzysbzvi51gg11";
|
||||
|
||||
extraPostFetch = ''
|
||||
mv $out ./all
|
||||
mv ./all/electrum/tests $out
|
||||
'';
|
||||
};
|
||||
in
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "electrum";
|
||||
version = "3.3.4";
|
||||
inherit version;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "spesmilo";
|
||||
repo = "electrum";
|
||||
rev = version;
|
||||
sha256 = "0yxdpc602jnd14xz3px85ka0b6db98zwbgfi9a3vj8p1k3mmiwaj";
|
||||
src = fetchurl {
|
||||
url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
|
||||
sha256 = "1csj0n96zlajnrs39wsazfj5lmy7v7n77cdz56lr8nkmchh6k9z1";
|
||||
};
|
||||
|
||||
postUnpack = ''
|
||||
# can't symlink, tests get confused
|
||||
cp -ar ${tests} $sourceRoot/electrum/tests
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
aiorpcx
|
||||
aiohttp
|
||||
|
@ -64,7 +72,10 @@ python3Packages.buildPythonApplication rec {
|
|||
rm -rf $out/${python3.sitePackages}/nix
|
||||
|
||||
substituteInPlace $out/share/applications/electrum.desktop \
|
||||
--replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
|
||||
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum %u"' \
|
||||
"Exec=$out/bin/electrum %u" \
|
||||
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum --testnet %u"' \
|
||||
"Exec=$out/bin/electrum --testnet %u"
|
||||
'';
|
||||
|
||||
checkInputs = with python3Packages; [ pytest ];
|
||||
|
|
21
pkgs/applications/misc/gallery-dl/default.nix
Normal file
21
pkgs/applications/misc/gallery-dl/default.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ lib, python3Packages }:
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "gallery_dl";
|
||||
version = "1.8.3";
|
||||
|
||||
src = python3Packages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "671ee6ff7baa3d63393d9856686313b4e0146f875dd937326942dd2fff605a72";
|
||||
};
|
||||
|
||||
doCheck = false;
|
||||
propagatedBuildInputs = with python3Packages; [ requests ];
|
||||
|
||||
meta = {
|
||||
description = "Command-line program to download image-galleries and -collections from several image hosting sites";
|
||||
homepage = https://github.com/mikf/gallery-dl;
|
||||
license = lib.licenses.gpl2;
|
||||
maintainers = with lib.maintainers; [ dawidsowa ];
|
||||
};
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
diff --git a/bushnell.cc b/bushnell.cc
|
||||
index 8fa844d..40707c4 100644
|
||||
--- a/bushnell.cc
|
||||
+++ b/bushnell.cc
|
||||
@@ -135,7 +135,7 @@ bushnell_get_icon_from_name(QString name)
|
||||
name = "Waypoint";
|
||||
}
|
||||
|
||||
- for (t = bushnell_icons; t->icon > 0; t++) {
|
||||
+ for (t = bushnell_icons; t->icon != 0; t++) {
|
||||
if (0 == name.compare(t->icon, Qt::CaseInsensitive)) {
|
||||
return t->symbol;
|
||||
}
|
||||
@@ -147,7 +147,7 @@ static const char*
|
||||
bushnell_get_name_from_symbol(signed int s)
|
||||
{
|
||||
icon_mapping_t* t;
|
||||
- for (t = bushnell_icons; t->icon > 0; t++) {
|
||||
+ for (t = bushnell_icons; t->icon != 0; t++) {
|
||||
if (s == t->symbol) {
|
||||
return t->icon;
|
||||
}
|
|
@ -2,17 +2,16 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "gpsbabel-${version}";
|
||||
version = "1.5.4";
|
||||
version = "1.6.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "gpsbabel";
|
||||
repo = "gpsbabel";
|
||||
rev = "gpsbabel_${lib.replaceStrings ["."] ["_"] version}";
|
||||
sha256 = "0v6wpp14zkfbarmksf9dn3wmpj1araxd7xi5xp7gpl7kafb9aiwi";
|
||||
sha256 = "0q17jhmaf7z5lld2ff7h6jb3v1yz8hbwd2rmaq2dsamc53dls8iw";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./clang-4.patch
|
||||
(fetchpatch {
|
||||
url = https://sources.debian.net/data/main/g/gpsbabel/1.5.3-2/debian/patches/use_minizip;
|
||||
sha256 = "03fpsmlx1wc48d1j405zkzp8j64hcp0z72islf4mk1immql3ibcr";
|
||||
|
|
|
@ -18,6 +18,7 @@ stdenv.mkDerivation rec {
|
|||
It is fully customizable.
|
||||
'';
|
||||
homepage = https://www.gnu.org/software/hello/manual/;
|
||||
changelog = "https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = [ maintainers.eelco ];
|
||||
platforms = platforms.all;
|
||||
|
|
|
@ -5,7 +5,9 @@
|
|||
|
||||
let
|
||||
|
||||
version = "1.3.1-ff75f26";
|
||||
data = builtins.fromJSON (builtins.readFile ./revision.json);
|
||||
|
||||
inherit (data) version url sha256;
|
||||
|
||||
rpath = stdenv.lib.makeLibraryPath
|
||||
[ libX11 zlib libSM libICE libXext freetype libXrender fontconfig libXft
|
||||
|
@ -17,10 +19,7 @@ in
|
|||
stdenv.mkDerivation {
|
||||
name = "hubstaff-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/${version}/Hubstaff-${version}.sh";
|
||||
sha256 = "0jm5l34r6lkfkg8vsdfqbr0axngxznhagwcl9y184lnyji91fmdl";
|
||||
};
|
||||
src = fetchurl { inherit sha256 url; };
|
||||
|
||||
nativeBuildInputs = [ unzip makeWrapper ];
|
||||
|
||||
|
|
5
pkgs/applications/misc/hubstaff/revision.json
Normal file
5
pkgs/applications/misc/hubstaff/revision.json
Normal file
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"url": "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/1.4.5-c5b459ea/Hubstaff-1.4.5-c5b459ea.sh",
|
||||
"version": "1.4.5-c5b459ea",
|
||||
"sha256": "180qglbj175wln0kh8d5czhjvy7z503zxn4w6522hkz4ddz201nz"
|
||||
}
|
18
pkgs/applications/misc/hubstaff/update.sh
Executable file
18
pkgs/applications/misc/hubstaff/update.sh
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p nix-prefetch-git curl
|
||||
|
||||
SCRIPT_DIR=$(dirname "$(readlink -f "$BASH_SOURCE")")
|
||||
|
||||
installation_script_url=$(curl --fail --head --location --silent --output /dev/null --write-out %{url_effective} https://app.hubstaff.com/download/linux)
|
||||
|
||||
version=$(echo "$installation_script_url" | sed -r 's/^https:\/\/hubstaff\-production\.s3\.amazonaws\.com\/downloads\/HubstaffClient\/Builds\/Release\/([^\/]+)\/Hubstaff.+$/\1/')
|
||||
|
||||
sha256=$(nix-prefetch-url "$installation_script_url")
|
||||
|
||||
cat <<EOT > $SCRIPT_DIR/revision.json
|
||||
{
|
||||
"url": "$installation_script_url",
|
||||
"version": "$version",
|
||||
"sha256": "$sha256"
|
||||
}
|
||||
EOT
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "josm-${version}";
|
||||
version = "14945";
|
||||
version = "15031";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
|
||||
sha256 = "0kdfdn0i7gjfkkllb93598ywf0qlllzsia5q14szc5b5assl8qpb";
|
||||
sha256 = "19qw1s5v0dha329a7rfnhby0rq5d109b3f1ln2w1dfkmirbl75ir";
|
||||
};
|
||||
|
||||
buildInputs = [ jdk11 makeWrapper ];
|
||||
|
|
|
@ -57,7 +57,28 @@ stdenv.mkDerivation rec {
|
|||
prePatch = ''
|
||||
cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/
|
||||
'';
|
||||
patches = [];
|
||||
patches = [
|
||||
# stripped down copy of upstream commit b88c821f8d347bce0aea86d606c710303919f3d2
|
||||
./leptonica-CVE-2018-3836.patch
|
||||
(fetchpatch {
|
||||
# CVE-2018-7186
|
||||
url = "https://github.com/DanBloomberg/leptonica/commit/"
|
||||
+ "ee301cb2029db8a6289c5295daa42bba7715e99a.patch";
|
||||
sha256 = "0cgb7mvz2px1rg5i80wk1wxxjvzjga617d8q6j7qygkp7jm6495d";
|
||||
})
|
||||
(fetchpatch {
|
||||
# CVE-2018-7247
|
||||
url = "https://github.com/DanBloomberg/leptonica/commit/"
|
||||
+ "c1079bb8e77cdd426759e466729917ca37a3ed9f.patch";
|
||||
sha256 = "1z4iac5gwqggh7aa8cvyp6nl9fwd1v7wif26caxc9y5qr3jj34qf";
|
||||
})
|
||||
(fetchpatch {
|
||||
# CVE-2018-7440
|
||||
url = "https://github.com/DanBloomberg/leptonica/commit/"
|
||||
+ "49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b.patch";
|
||||
sha256 = "1hjmva98iaw9xj7prg7aimykyayikcwnk4hk0380007hqb35lqmy";
|
||||
})
|
||||
];
|
||||
});
|
||||
tesseract_modded = tesseract4.override {
|
||||
tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: {
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
--- a/src/allheaders.h
|
||||
+++ b/src/allheaders.h
|
||||
@@ -2600,6 +2600,7 @@
|
||||
LEPT_DLL extern char * stringReverse ( const char *src );
|
||||
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr );
|
||||
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail );
|
||||
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound );
|
||||
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars );
|
||||
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc );
|
||||
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc );
|
||||
--- a/src/gplot.c
|
||||
+++ b/src/gplot.c
|
||||
@@ -141,9 +141,10 @@
|
||||
const char *xlabel,
|
||||
const char *ylabel)
|
||||
{
|
||||
-char *newroot;
|
||||
-char buf[L_BUF_SIZE];
|
||||
-GPLOT *gplot;
|
||||
+char *newroot;
|
||||
+char buf[L_BUF_SIZE];
|
||||
+l_int32 badchar;
|
||||
+GPLOT *gplot;
|
||||
|
||||
PROCNAME("gplotCreate");
|
||||
|
||||
@@ -152,6 +153,9 @@
|
||||
if (outformat != GPLOT_PNG && outformat != GPLOT_PS &&
|
||||
outformat != GPLOT_EPS && outformat != GPLOT_LATEX)
|
||||
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL);
|
||||
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar);
|
||||
+ if (badchar) /* danger of command injection */
|
||||
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL);
|
||||
|
||||
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL)
|
||||
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL);
|
||||
--- a/src/utils2.c
|
||||
+++ b/src/utils2.c
|
||||
@@ -42,6 +42,7 @@
|
||||
* l_int32 stringSplitOnToken()
|
||||
*
|
||||
* Find and replace string and array procs
|
||||
+ * l_int32 stringCheckForChars()
|
||||
* char *stringRemoveChars()
|
||||
* l_int32 stringFindSubstr()
|
||||
* char *stringReplaceSubstr()
|
||||
@@ -701,6 +702,48 @@
|
||||
/*--------------------------------------------------------------------*
|
||||
* Find and replace procs *
|
||||
*--------------------------------------------------------------------*/
|
||||
+/*!
|
||||
+ * \brief stringCheckForChars()
|
||||
+ *
|
||||
+ * \param[in] src input string; can be of zero length
|
||||
+ * \param[in] chars string of chars to be searched for in %src
|
||||
+ * \param[out] pfound 1 if any characters are found; 0 otherwise
|
||||
+ * \return 0 if OK, 1 on error
|
||||
+ *
|
||||
+ * <pre>
|
||||
+ * Notes:
|
||||
+ * (1) This can be used to sanitize an operation by checking for
|
||||
+ * special characters that don't belong in a string.
|
||||
+ * </pre>
|
||||
+ */
|
||||
+l_int32
|
||||
+stringCheckForChars(const char *src,
|
||||
+ const char *chars,
|
||||
+ l_int32 *pfound)
|
||||
+{
|
||||
+char ch;
|
||||
+l_int32 i, n;
|
||||
+
|
||||
+ PROCNAME("stringCheckForChars");
|
||||
+
|
||||
+ if (!pfound)
|
||||
+ return ERROR_INT("&found not defined", procName, 1);
|
||||
+ *pfound = FALSE;
|
||||
+ if (!src || !chars)
|
||||
+ return ERROR_INT("src and chars not both defined", procName, 1);
|
||||
+
|
||||
+ n = strlen(src);
|
||||
+ for (i = 0; i < n; i++) {
|
||||
+ ch = src[i];
|
||||
+ if (strchr(chars, ch)) {
|
||||
+ *pfound = TRUE;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*!
|
||||
* \brief stringRemoveChars()
|
||||
*
|
|
@ -2,7 +2,7 @@
|
|||
harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel,
|
||||
libstartup_notification, libX11, libXrandr, libXinerama, libXcursor,
|
||||
libxkbcommon, libXi, libXext, wayland-protocols, wayland,
|
||||
which, dbus,
|
||||
which, dbus, fetchpatch,
|
||||
Cocoa,
|
||||
CoreGraphics,
|
||||
Foundation,
|
||||
|
@ -67,6 +67,17 @@ buildPythonApplication rec {
|
|||
libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so";
|
||||
})
|
||||
] ++ stdenv.lib.optionals stdenv.isDarwin [
|
||||
(fetchpatch {
|
||||
name = "macos-symlink-1";
|
||||
url = https://github.com/kovidgoyal/kitty/commit/bdeec612667f6976109247fe1750b10dda9c24c0.patch;
|
||||
sha256 = "1d18x260w059qag80kgb2cgi2h4rricvqhwpbrw79s8yxzs7jhxk";
|
||||
})
|
||||
(fetchpatch {
|
||||
# fixup of previous patch
|
||||
name = "macos-symlink-2";
|
||||
url = https://github.com/kovidgoyal/kitty/commit/af2c9a49b1ad31e94242295d88598591623fbf11.patch;
|
||||
sha256 = "0k3dmgbvmh66j8k3h8dw6la6ma6f20fng6jjypy982kxvracsnl5";
|
||||
})
|
||||
./macos-10.11.patch
|
||||
./no-lto.patch
|
||||
./no-werror.patch
|
||||
|
@ -84,7 +95,7 @@ buildPythonApplication rec {
|
|||
mkdir -p $out
|
||||
${if stdenv.isDarwin then ''
|
||||
mkdir "$out/bin"
|
||||
ln -s ../Applications/kitty.app/Contents/MacOS/kitty "$out/bin/kitty"
|
||||
ln -s ../Applications/kitty.app/Contents/MacOS/kitty-deref-symlink "$out/bin/kitty"
|
||||
mkdir "$out/Applications"
|
||||
cp -r kitty.app "$out/Applications/kitty.app"
|
||||
'' else ''
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
{ stdenv, fetchFromGitHub, cmake, perl
|
||||
, alsaLib, libevdev, libopus, udev, SDL2
|
||||
, ffmpeg, pkgconfig, xorg, libvdpau, libpulseaudio, libcec
|
||||
, curl, expat, avahi, enet, libuuid
|
||||
, curl, expat, avahi, enet, libuuid, libva
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "moonlight-embedded-${version}";
|
||||
version = "2.4.7";
|
||||
version = "2.4.9";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "irtimmer";
|
||||
repo = "moonlight-embedded";
|
||||
rev = "v${version}";
|
||||
sha256 = "0ihgb0kh4rhbgn55s25rfbs8063zqvcyqn137jn3nsc0is1595a9";
|
||||
sha256 = "1mzs0dr6bg57kjyxjh48hfmlsil7fvgqf9lhjzxxj3llvpxwws86";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [
|
||||
alsaLib libevdev libopus udev SDL2
|
||||
ffmpeg pkgconfig xorg.libxcb libvdpau libpulseaudio libcec
|
||||
xorg.libpthreadstubs curl expat avahi enet libuuid
|
||||
xorg.libpthreadstubs curl expat avahi enet libuuid libva
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -15,13 +15,26 @@ let
|
|||
packageOverrides = lib.foldr lib.composeExtensions (self: super: { }) ([
|
||||
(mkOverride "flask" "0.10.1" "0wrkavjdjndknhp8ya8j850jq7a1cli4g5a93mg8nh1xz2gq50sc")
|
||||
(mkOverride "flask_login" "0.2.11" "1rg3rsjs1gwi2pw6vr9jmhaqm9b3vc9c4hfcsvp4y8agbh7g3mc3")
|
||||
(mkOverride "jinja2" "2.8.1" "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m")
|
||||
(mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi")
|
||||
(mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar")
|
||||
(mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d")
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134
|
||||
(mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c")
|
||||
|
||||
# Octoprint holds back jinja2 to 2.8.1 due to breaking changes.
|
||||
# This old version does not have updated test config for pytest 4,
|
||||
# and pypi tarball doesn't contain tests dir anyways.
|
||||
(pself: psuper: {
|
||||
jinja2 = psuper.jinja2.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "2.8.1";
|
||||
src = oldAttrs.src.override {
|
||||
inherit version;
|
||||
sha256 = "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m";
|
||||
};
|
||||
doCheck = false;
|
||||
});
|
||||
})
|
||||
]);
|
||||
};
|
||||
|
||||
|
@ -69,7 +82,7 @@ in py.pkgs.buildPythonApplication rec {
|
|||
pylru pyyaml sarge feedparser netifaces click websocket_client
|
||||
scandir chainmap future dateutil futures wrapt monotonic emoji
|
||||
frozendict
|
||||
];
|
||||
] ++ lib.optionals stdenv.isDarwin [ py.pkgs.appdirs ];
|
||||
|
||||
checkInputs = with py.pkgs; [ nose mock ddt ];
|
||||
|
||||
|
@ -82,7 +95,7 @@ in py.pkgs.buildPythonApplication rec {
|
|||
'';
|
||||
|
||||
checkPhase = ''
|
||||
HOME=$(mktemp -d) nosetests
|
||||
HOME=$(mktemp -d) nosetests ${lib.optionalString stdenv.isDarwin "--exclude=test_set_external_modification"}
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
, cabextract
|
||||
, gettext
|
||||
, glxinfo
|
||||
, gnupg1compat
|
||||
, gnupg
|
||||
, icoutils
|
||||
, imagemagick
|
||||
, netcat-gnu
|
||||
|
@ -32,7 +32,7 @@ let
|
|||
python2Packages.python
|
||||
gettext
|
||||
glxinfo
|
||||
gnupg1compat
|
||||
gnupg
|
||||
icoutils
|
||||
imagemagick
|
||||
netcat-gnu
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
{ stdenv, fetchurl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "pstree-2.39";
|
||||
|
||||
src = fetchurl {
|
||||
urls = [
|
||||
"http://www.sfr-fresh.com/unix/misc/${name}.tar.gz"
|
||||
"https://distfiles.macports.org/pstree/${name}.tar.gz"
|
||||
];
|
||||
sha256 = "17s7v15c4gryjpi11y1xq75022nkg4ggzvjlq2dkmyg67ssc76vw";
|
||||
};
|
||||
|
||||
unpackPhase = "unpackFile \$src; sourceRoot=.";
|
||||
|
||||
buildPhase = "pwd; $CC -o pstree pstree.c";
|
||||
installPhase = "mkdir -p \$out/bin; cp pstree \$out/bin";
|
||||
|
||||
meta = {
|
||||
description = "Show the set of running processes as a tree";
|
||||
license = "GPL";
|
||||
maintainers = [ ];
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
};
|
||||
}
|
|
@ -1,8 +1,8 @@
|
|||
{ haskell, lib, haskellPackages, fetchFromGitHub }:
|
||||
|
||||
let
|
||||
version = "1.3.2";
|
||||
sha256 = "0cyysvkl8m1ldlprmw9mpvch3r244nl25yv74dwcykga3g5mw4aa";
|
||||
version = "1.4.2";
|
||||
sha256 = "1kpzjsbx2xbp43hd62nq03jcknp0dqvdlxjc9gc3fagaqfbfzny2";
|
||||
|
||||
in (haskellPackages.mkDerivation {
|
||||
pname = "taskell";
|
||||
|
@ -35,10 +35,12 @@ in (haskellPackages.mkDerivation {
|
|||
# containers
|
||||
# directory
|
||||
file-embed
|
||||
fold-debounce
|
||||
http-conduit
|
||||
http-client
|
||||
http-types
|
||||
lens
|
||||
raw-strings-qq
|
||||
# mtl
|
||||
# template-haskell
|
||||
# text
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tilix";
|
||||
version = "1.9.0";
|
||||
version = "1.9.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "gnunn1";
|
||||
repo = "tilix";
|
||||
rev = version;
|
||||
sha256 = "1k8hqpq6bzmn06b4s8c257n37ghgp3fl7l9g6fy0giwk1x0ix735";
|
||||
sha256 = "0mg9y4xd2pnv0smibg7dyy733jarvx6qpdqap3sj7fpyni0jvpph";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -5,11 +5,11 @@ let
|
|||
in
|
||||
buildPythonApplication rec {
|
||||
pname = "tzupdate";
|
||||
version = "1.3.1";
|
||||
version = "1.4.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "085kp4v9ijhkfvr0r5rzn4z7nrkb2qig05j0bajb0gkgynwf8wnz";
|
||||
sha256 = "1sc3z2bx2nhnxg82x0jy19pr8lw56chbr90c2lr11w495csqwhz7";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ requests ];
|
||||
|
|
|
@ -32,15 +32,15 @@ stdenv.mkDerivation rec {
|
|||
] ++ optional synctexSupport "-Dsynctex=enabled";
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson ninja pkgconfig appstream-glib desktop-file-utils python3.pkgs.sphinx
|
||||
meson ninja pkgconfig desktop-file-utils python3.pkgs.sphinx
|
||||
gettext makeWrapper libxml2
|
||||
];
|
||||
] ++ optional stdenv.isLinux appstream-glib;
|
||||
|
||||
buildInputs = [
|
||||
gtk girara libintl libseccomp
|
||||
sqlite glib file librsvg
|
||||
gtk girara libintl sqlite glib file librsvg
|
||||
] ++ optional synctexSupport texlive.bin.core
|
||||
++ optional stdenv.isDarwin [ gtk-mac-integration ];
|
||||
++ optional stdenv.isLinux libseccomp
|
||||
++ optional stdenv.isDarwin gtk-mac-integration;
|
||||
|
||||
meta = {
|
||||
homepage = https://pwmt.org/projects/zathura/;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ config, pkgs
|
||||
, useMupdf ? config.zathura.useMupdf or true
|
||||
# zathura_pdf_mupdf fails to load _opj_create_decompress at runtime on Darwin (https://github.com/NixOS/nixpkgs/pull/61295#issue-277982980)
|
||||
, useMupdf ? config.zathura.useMupdf or (!pkgs.stdenv.isDarwin)
|
||||
, synctexSupport ? true }:
|
||||
|
||||
let
|
||||
|
|
|
@ -21,9 +21,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
buildInputs = [
|
||||
zathura_core girara mupdf cairo
|
||||
] ++ stdenv.lib.optional stdenv.isDarwin [
|
||||
gtk-mac-integration
|
||||
];
|
||||
] ++ lib.optional stdenv.isDarwin gtk-mac-integration;
|
||||
|
||||
PKG_CONFIG_ZATHURA_PLUGINDIR= "lib/zathura";
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -1,77 +0,0 @@
|
|||
|
||||
# HG changeset patch
|
||||
# User Michelangelo De Simone <mdesimone@mozilla.com>
|
||||
# Date 1479198095 28800
|
||||
# Node ID fde6e9ccfc72fbc0fcd93af7a40436b216e7ea1a
|
||||
# Parent 687eac6845a77d2cac5505da9c8912885c2a9e57
|
||||
Bug 1013882 - TestInterfaceJS should be packaged only if it's available. r=glandium, a=jcristau
|
||||
|
||||
MozReview-Commit-ID: IEHesdoU4Sz
|
||||
|
||||
diff --git a/b2g/installer/package-manifest.in b/b2g/installer/package-manifest.in
|
||||
--- a/b2g/installer/package-manifest.in
|
||||
+++ b/b2g/installer/package-manifest.in
|
||||
@@ -570,17 +570,17 @@
|
||||
@RESPATH@/components/InputMethod.manifest
|
||||
#ifdef MOZ_B2G
|
||||
@RESPATH@/components/inputmethod.xpt
|
||||
#endif
|
||||
|
||||
@RESPATH@/components/SystemUpdate.manifest
|
||||
@RESPATH@/components/SystemUpdateManager.js
|
||||
|
||||
-#ifdef MOZ_DEBUG
|
||||
+#if defined(ENABLE_TESTS) && defined(MOZ_DEBUG)
|
||||
@RESPATH@/components/TestInterfaceJS.js
|
||||
@RESPATH@/components/TestInterfaceJS.manifest
|
||||
@RESPATH@/components/TestInterfaceJSMaplike.js
|
||||
#endif
|
||||
|
||||
; Modules
|
||||
@RESPATH@/modules/*
|
||||
|
||||
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
|
||||
--- a/browser/installer/package-manifest.in
|
||||
+++ b/browser/installer/package-manifest.in
|
||||
@@ -554,17 +554,17 @@
|
||||
@RESPATH@/components/PresentationControlService.js
|
||||
@RESPATH@/components/PresentationDataChannelSessionTransport.js
|
||||
@RESPATH@/components/PresentationDataChannelSessionTransport.manifest
|
||||
|
||||
; InputMethod API
|
||||
@RESPATH@/components/MozKeyboard.js
|
||||
@RESPATH@/components/InputMethod.manifest
|
||||
|
||||
-#ifdef MOZ_DEBUG
|
||||
+#if defined(ENABLE_TESTS) && defined(MOZ_DEBUG)
|
||||
@RESPATH@/components/TestInterfaceJS.js
|
||||
@RESPATH@/components/TestInterfaceJS.manifest
|
||||
@RESPATH@/components/TestInterfaceJSMaplike.js
|
||||
#endif
|
||||
|
||||
; [Extensions]
|
||||
@RESPATH@/components/extensions-toolkit.manifest
|
||||
@RESPATH@/browser/components/extensions-browser.manifest
|
||||
diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in
|
||||
--- a/mobile/android/installer/package-manifest.in
|
||||
+++ b/mobile/android/installer/package-manifest.in
|
||||
@@ -381,17 +381,17 @@
|
||||
|
||||
@BINPATH@/components/CaptivePortalDetectComponents.manifest
|
||||
@BINPATH@/components/captivedetect.js
|
||||
|
||||
#ifdef MOZ_WEBSPEECH
|
||||
@BINPATH@/components/dom_webspeechsynth.xpt
|
||||
#endif
|
||||
|
||||
-#ifdef MOZ_DEBUG
|
||||
+#if defined(ENABLE_TESTS) && defined(MOZ_DEBUG)
|
||||
@BINPATH@/components/TestInterfaceJS.js
|
||||
@BINPATH@/components/TestInterfaceJS.manifest
|
||||
@BINPATH@/components/TestInterfaceJSMaplike.js
|
||||
#endif
|
||||
|
||||
@BINPATH@/components/nsAsyncShutdown.manifest
|
||||
@BINPATH@/components/nsAsyncShutdown.js
|
||||
|
||||
|
|
@ -17,10 +17,10 @@ rec {
|
|||
|
||||
firefox = common rec {
|
||||
pname = "firefox";
|
||||
ffversion = "66.0.4";
|
||||
ffversion = "66.0.5";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
|
||||
sha512 = "0mz2xrznma3hwb2b36hlv4qmnzbfcfhrxbxqhc8yyqxnc0fm4vxbbzh1pzvghp4182n98l1dignw95v11pfgi3gss7sz1zkiywz47sw";
|
||||
sha512 = "18bcpbwzhc2fi6cqhxhh6jiw5akhzr7qqs6s8irjbvh7q8f3z2n046vrlvpblhbkc2kv1n0s14n49yzv432adqwa9qi8d57jnxyfqkf";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -72,10 +72,10 @@ rec {
|
|||
|
||||
firefox-esr-60 = common rec {
|
||||
pname = "firefox-esr";
|
||||
ffversion = "60.6.2esr";
|
||||
ffversion = "60.6.3esr";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
|
||||
sha512 = "2gk11kffwmyq3m8dsjc86f7zfagl15msb8byrb4db4w4ssn335wax2p8m221xi4qnzf20fl0p1b30g5z8ivrxx2n19yknnwalazcjzd";
|
||||
sha512 = "3zg75djd7mbr9alhkp7zqrky7g41apyf6ka0acv500dmpnhvn5v5i0wy9ks8v6vh7kcgw7bngf6msb7vbbps6whwdcqv3v4dqbg6yr2";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -246,15 +246,15 @@ in rec {
|
|||
|
||||
tor-browser-8-0 = tbcommon rec {
|
||||
ffversion = "60.6.1esr";
|
||||
tbversion = "8.0.8";
|
||||
tbversion = "8.0.9";
|
||||
|
||||
# FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb
|
||||
src = fetchFromGitHub {
|
||||
owner = "SLNOS";
|
||||
repo = "tor-browser";
|
||||
# branch "tor-browser-60.6.1esr-8.0-1-slnos"
|
||||
rev = "dda14213c550afc522ef0bb0bb1643289c298736";
|
||||
sha256 = "0lj79nczcix9mx6d0isbizg0f8apf6vgkp7r0q7id92691frj7fz";
|
||||
# branch "tor-browser-60.6.1esr-8.0-1-r2-slnos"
|
||||
rev = "d311540ce07f1f4f5e5789f9107f6e6ecc23988d";
|
||||
sha256 = "0nz8vxv53vnqyk3ahakrr5xg6sgapvlmsb6s1pwwsb86fxk6pm5f";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -21,12 +21,12 @@ let
|
|||
|
||||
in python3Packages.buildPythonApplication rec {
|
||||
pname = "qutebrowser";
|
||||
version = "1.6.1";
|
||||
version = "1.6.2";
|
||||
|
||||
# the release tarballs are different from the git checkout!
|
||||
src = fetchurl {
|
||||
url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz";
|
||||
sha256 = "1sckfp9l2jgg29p2p4vmd0g7yzbldimqy0a0jvf488yp47qj310p";
|
||||
sha256 = "1yzwrpqpghlpy2d7pbjgcb73dbngw835l4xbimz5aa90mvqkbwg1";
|
||||
};
|
||||
|
||||
# Needs tox
|
||||
|
|
|
@ -16,11 +16,11 @@ let
|
|||
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "vivaldi";
|
||||
version = "2.4.1488.40-1";
|
||||
version = "2.5.1525.40-1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}_amd64.deb";
|
||||
sha256 = "0w084mamy72v1kkfgg8nn2q3hmfj7v216kkvqb52f1nyycqqzb37";
|
||||
sha256 = "1samrhavjz21vynv1vz8qnv9bf30mcy0da0qkpa1vhbgkga5flgy";
|
||||
};
|
||||
|
||||
unpackPhase = ''
|
||||
|
|
|
@ -14,9 +14,9 @@ let
|
|||
in buildGoPackage rec {
|
||||
pname = "minikube";
|
||||
name = "${pname}-${version}";
|
||||
version = "1.0.0";
|
||||
version = "1.0.1";
|
||||
|
||||
kubernetesVersion = "1.14.0";
|
||||
kubernetesVersion = "1.14.1";
|
||||
|
||||
goPackagePath = "k8s.io/minikube";
|
||||
|
||||
|
@ -24,7 +24,7 @@ in buildGoPackage rec {
|
|||
owner = "kubernetes";
|
||||
repo = "minikube";
|
||||
rev = "v${version}";
|
||||
sha256 = "170iy0h27gkz2hg485rnawdw069gxwgkwsjmfj5yag2kkgl7gxa3";
|
||||
sha256 = "1fgyaq8789wc3h6xmn4iw6if2jxdv5my35yn6ipx3q6i4hagxl4b";
|
||||
};
|
||||
|
||||
buildInputs = [ go-bindata makeWrapper gpgme ] ++ stdenv.lib.optional stdenv.hostPlatform.isDarwin vmnet;
|
||||
|
|
|
@ -4,22 +4,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-acme";
|
||||
version = "1.1.1";
|
||||
sha256 = "0fva2kw82s94r4s4dpk38kcmssmcr71ia9jyg1rqmc00ifilfrzj";
|
||||
version = "1.1.2";
|
||||
sha256 = "1l77pckiwa72lwbwbqkjzy6m9xsgp13spmzc80gfl4q0gd3d46an";
|
||||
};
|
||||
alicloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-alicloud";
|
||||
version = "1.39.0";
|
||||
sha256 = "0m5fvqrvnb7v5iii67l743j3hq32rljrvnkgc7fcd46zrf38yl2h";
|
||||
version = "1.41.0";
|
||||
sha256 = "0bl24mgk0rangwwbz43ybymcivn3kjjg35rrvv7ashvhmx58qcf8";
|
||||
};
|
||||
archive =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-archive";
|
||||
version = "1.2.1";
|
||||
sha256 = "1avx3m0dkld0kmsi8ifqcla8254p1izh5wrziffr7r05s152r8qf";
|
||||
version = "1.2.2";
|
||||
sha256 = "1saprj2r74b63z03n80m3mfj3vhgvlm4gp2hzqzjbdgibxsz4jaw";
|
||||
};
|
||||
arukas =
|
||||
{
|
||||
|
@ -39,36 +39,36 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-aws";
|
||||
version = "2.6.0";
|
||||
sha256 = "0hpnyid5w33n8ypwcz3a43gazbvk6m60b57qll2qgx6bm1q75b19";
|
||||
version = "2.9.0";
|
||||
sha256 = "1gkw60ihc2b3qhb110m0mckfvb21lqgx4vc4x249mfxxk25i26s7";
|
||||
};
|
||||
azuread =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azuread";
|
||||
version = "0.2.0";
|
||||
sha256 = "01aiynw905gbn6dv23971yhwv0kfcbckcqp4f65sypn1l8szqyjg";
|
||||
version = "0.3.1";
|
||||
sha256 = "1bs4m9hwdag58by49zsjpys3xvxg98nq8qims17mc82pbsz6mpag";
|
||||
};
|
||||
azurerm =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azurerm";
|
||||
version = "1.25.0";
|
||||
sha256 = "1fhcljxz6cb5q1kd7aprxv1bga53x6fg65q5wkp985aaqnl42b8k";
|
||||
version = "1.27.1";
|
||||
sha256 = "0lxa84j9kzinblz7zp4gizizj0sy0vidkjvgnb99sr3861rak1x5";
|
||||
};
|
||||
azurestack =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azurestack";
|
||||
version = "0.5.0";
|
||||
sha256 = "0pi8hjl6350ibkiz5pi86p58gkj8jf0a27ar04npsrn2wcz90k8z";
|
||||
version = "0.6.0";
|
||||
sha256 = "0lh0an3bz3kh2s6ncadikivr08fj8cvq7zm20csmjbgwgicq4gl8";
|
||||
};
|
||||
bigip =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-bigip";
|
||||
version = "0.12.0";
|
||||
sha256 = "0fmmlx757hph45ffm19zafjfkldg41qkw83vz0jjmvxicza1afbd";
|
||||
version = "0.12.2";
|
||||
sha256 = "0pplv5hi1kjli0jpya12crb5dkc6bkzvm8094rwhjbxb4f65ca5d";
|
||||
};
|
||||
bitbucket =
|
||||
{
|
||||
|
@ -81,8 +81,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-brightbox";
|
||||
version = "1.1.1";
|
||||
sha256 = "03fh287fmbg9jxsiniwj3sn6nsjdm46qv82b5aaqny3qmhjddjvq";
|
||||
version = "1.1.2";
|
||||
sha256 = "0k9qs7kpjznascads5llajzx2xkm4hdil2n4wl0fqy43s6dkvbbf";
|
||||
};
|
||||
chef =
|
||||
{
|
||||
|
@ -144,15 +144,15 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-datadog";
|
||||
version = "1.8.0";
|
||||
sha256 = "1pmz4gxhfynj7mjcl07n2ggz00vccw4bv6cmp7na3ssbpnjiy1wx";
|
||||
version = "1.9.0";
|
||||
sha256 = "0c5s9ywd6p4qjd964y33rcqcgfqz225x5rp0jlsqxbv9i2r91fb0";
|
||||
};
|
||||
digitalocean =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-digitalocean";
|
||||
version = "1.1.0";
|
||||
sha256 = "1w5xslm8939rz13bsiv9hfcl8cyvi03gr0h24c0ybwj8alxmxhb4";
|
||||
version = "1.3.0";
|
||||
sha256 = "1bi482s6s3v7sqknwwchscwwncwrhr4jl4gl4l25bngp1kd7cp7i";
|
||||
};
|
||||
dme =
|
||||
{
|
||||
|
@ -165,8 +165,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-dns";
|
||||
version = "2.0.0";
|
||||
sha256 = "1km0pq1wp0bdccb612z9n0kj9w7hn1yvhk7xszwp2mzs8qmd7flv";
|
||||
version = "2.1.1";
|
||||
sha256 = "1iyfsx1fbpvp3zjrkq8c46nr6d80z40mzkfc4axfpqyrp9xqiy8j";
|
||||
};
|
||||
dnsimple =
|
||||
{
|
||||
|
@ -193,8 +193,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-external";
|
||||
version = "1.1.1";
|
||||
sha256 = "110kqp4gsag3l8h9hwjdq98s9rz9f5w31mrs50rygdc0yd43hq8z";
|
||||
version = "1.1.2";
|
||||
sha256 = "12wdzm3y0fd840bdf0dczvvmdmfwpfwfwnf0j4g6n9asdcvjaqlh";
|
||||
};
|
||||
fastly =
|
||||
{
|
||||
|
@ -207,36 +207,36 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-flexibleengine";
|
||||
version = "1.4.0";
|
||||
sha256 = "1gj3y9xw9zzh2fs2i6q0afw591lhy1lvcn80xac4da08r5l3si6g";
|
||||
version = "1.5.0";
|
||||
sha256 = "17dksrqkh35wf0clqcd4v6ggmzc7xmrw8q7q0qa9n9zqyg1zibqk";
|
||||
};
|
||||
github =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-github";
|
||||
version = "1.3.0";
|
||||
sha256 = "1k7816dbpsjjbm3pa6l0qlrxw5hh8z5iwdr8mp1mp5liidhl6bqs";
|
||||
version = "2.0.0";
|
||||
sha256 = "1lvizak27qxgggp5xb15s8f504cjgr633889cv2jsr2rn64z4jv5";
|
||||
};
|
||||
gitlab =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-gitlab";
|
||||
version = "1.2.0";
|
||||
sha256 = "11j84kyw2lsqsn6ya070hx0k6igb3hhjl8zlnr4q3gpmv51y23qc";
|
||||
version = "1.3.0";
|
||||
sha256 = "0lh1v20msahcfjc22v7yf1cwinaq0zy2m8f7sl5jfn294j9nbam8";
|
||||
};
|
||||
google =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-google";
|
||||
version = "2.4.0";
|
||||
sha256 = "153pr01m7clvdq9c09xhvlivagn12nlxhykh1x9yya9ixkg0zrrv";
|
||||
version = "2.6.0";
|
||||
sha256 = "0y93hfwhzbk7dl7cw5lw2gwf5hdbc7rs9gh10b39vxgv9jrj4kqv";
|
||||
};
|
||||
google-beta =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-google-beta";
|
||||
version = "2.4.0";
|
||||
sha256 = "08vbj9m6x0byf7x77a5b5isg0kmlxvc9gswgilzi6djgwg0j6wwd";
|
||||
version = "2.6.0";
|
||||
sha256 = "1bm3nrv2pa6mf6l4vn5b0hads7bhp67bnhc5y72yingfky7kva5h";
|
||||
};
|
||||
grafana =
|
||||
{
|
||||
|
@ -263,8 +263,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-helm";
|
||||
version = "0.9.0";
|
||||
sha256 = "1psqabifb1kabg268ca1x4l79z1xga1pr2sf8x9lrd7z856v18l9";
|
||||
version = "0.9.1";
|
||||
sha256 = "189w8zz2fv0qfggzxmppaw8814c7kylgb11m1r9mqii3phsgnlz1";
|
||||
};
|
||||
heroku =
|
||||
{
|
||||
|
@ -277,8 +277,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-http";
|
||||
version = "1.0.1";
|
||||
sha256 = "1bnqrx4xya3lm5wp4byy6npazll6w1g6bv4rawgncswsgx08zqng";
|
||||
version = "1.1.1";
|
||||
sha256 = "0ah4wi9gm5m7z0wyy6vn3baz2iw2sq7ah7q0lb9srwr887aai3x0";
|
||||
};
|
||||
huaweicloud =
|
||||
{
|
||||
|
@ -312,8 +312,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-kubernetes";
|
||||
version = "1.5.2";
|
||||
sha256 = "0g1f5cbmzrd46abwd0rdyrf8wj8w9bx1251gf4s9z41adrxjy2lp";
|
||||
version = "1.6.2";
|
||||
sha256 = "14jql78a1rw1wl97myry29lgmqkcdn44qgmzjrfky958afnkgiig";
|
||||
};
|
||||
librato =
|
||||
{
|
||||
|
@ -333,8 +333,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-local";
|
||||
version = "1.2.1";
|
||||
sha256 = "1hi2bxa79fbdf2n6z59xdfs7bx8cg7q2l84hrxdh3cqbnb8jvsbr";
|
||||
version = "1.2.2";
|
||||
sha256 = "0azrw62clki002nlv7ws3kzfsbqkadm713534i4xgvix2m08d1cx";
|
||||
};
|
||||
logentries =
|
||||
{
|
||||
|
@ -389,8 +389,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-ns1";
|
||||
version = "1.3.0";
|
||||
sha256 = "1h21a4z7js2iwg0gj217lq4d7wccxhjmi5k37asfj18ch0x37c7v";
|
||||
version = "1.3.1";
|
||||
sha256 = "04ibq5dgxqb5lpnvqxg4xkb498w77p2sbjfyy9zj7m5i62xrwg79";
|
||||
};
|
||||
nsxt =
|
||||
{
|
||||
|
@ -403,22 +403,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-null";
|
||||
version = "2.1.1";
|
||||
sha256 = "0sw7j2cz9d5207l1v32ahqahmsk1dzzsf83zqivaa5jk3w4bfnjz";
|
||||
version = "2.1.2";
|
||||
sha256 = "0di1hxmd3s80sz8hl5q2i425by8fbk15f0r4jmnm6vra0cq89jw2";
|
||||
};
|
||||
nutanix =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-nutanix";
|
||||
version = "1.0.0";
|
||||
sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541";
|
||||
version = "1.0.1";
|
||||
sha256 = "1g7p6qg32g75x8fgspgxcdsa086mz3yabdgv1k68rykhw3zbri5d";
|
||||
};
|
||||
oci =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-oci";
|
||||
version = "3.23.0-rc1";
|
||||
sha256 = "11h8na7czj4iqm9z3pd8im06qqp3mng62h8ha5afvz2phv1g096h";
|
||||
version = "3.24.1";
|
||||
sha256 = "1yhcxwg3ivrgzasdsf5yq8v6h4j1lprnm881xfm4h1rpq465y1mj";
|
||||
};
|
||||
oneandone =
|
||||
{
|
||||
|
@ -431,22 +431,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-opc";
|
||||
version = "1.3.3";
|
||||
sha256 = "1hwbwyhjrs16cy66przs44znni0x3nwfsx18glxbikb2zx1ph93n";
|
||||
version = "1.3.6";
|
||||
sha256 = "1b11837j0d8s59pjkankbm3p5l87aw1s17mn2q7nvy65kgzalsra";
|
||||
};
|
||||
openstack =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-openstack";
|
||||
version = "1.17.0";
|
||||
sha256 = "1a3asmkf3w1ndy5rpyn09msp5l1sm2cdm3ca7cx5v00pjvww9f52";
|
||||
version = "1.18.0";
|
||||
sha256 = "05sr6vra4fsrysrz7a77vaa5zklhxf4hl8g029y9l1fln7vdpssg";
|
||||
};
|
||||
opentelekomcloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-opentelekomcloud";
|
||||
version = "1.7.0";
|
||||
sha256 = "15p5xvl6ryj5silpd2yrmjjh0d4qf89v8x6zbq8x7j351a1fljak";
|
||||
version = "1.8.0";
|
||||
sha256 = "068ap0sw17xmrfvri1yx70qdi8i5h0qhsm9bakm532xjxlgmaxpv";
|
||||
};
|
||||
opsgenie =
|
||||
{
|
||||
|
@ -459,8 +459,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-oraclepaas";
|
||||
version = "1.5.1";
|
||||
sha256 = "0xyyhr2n1aw1qn90535llv72cdgdqpni9l4gn8sj0ligpjhba7qz";
|
||||
version = "1.5.2";
|
||||
sha256 = "0m886wfg5ski8s1zr7g1h1m6q5ai08jk35ymipxpb6ipx781qvvk";
|
||||
};
|
||||
ovh =
|
||||
{
|
||||
|
@ -473,8 +473,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-packet";
|
||||
version = "1.7.2";
|
||||
sha256 = "103r0k626ham8wh7rwlx1hald4rik17mv2mcfjz9za65v7z139vr";
|
||||
version = "2.1.0";
|
||||
sha256 = "0hj8av0yry0wsi8fwgs0z9x9jxcnxz8imsanbdsrhb8lsj70n25v";
|
||||
};
|
||||
pagerduty =
|
||||
{
|
||||
|
@ -529,8 +529,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-random";
|
||||
version = "2.1.1";
|
||||
sha256 = "0ivmxacb9pzz7av2rr6jal5vwdv24689a2806nqvvzdy2s8mlzd3";
|
||||
version = "2.1.2";
|
||||
sha256 = "102bgd8s9yhm2ny2akv04mhwf5mphqhsxx9vxjbg7ygqnz9ka5nw";
|
||||
};
|
||||
rightscale =
|
||||
{
|
||||
|
@ -585,8 +585,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-spotinst";
|
||||
version = "1.11.0";
|
||||
sha256 = "10q1w66gbx6863797n6n15xx4llflmavrz2qk23pb8qd5pbni9bk";
|
||||
version = "1.13.2";
|
||||
sha256 = "1v3vgnspg3g0hvwzfplyvl37jxpc9m6hcsnmw6lkfqr57dy4dhlc";
|
||||
};
|
||||
statuscake =
|
||||
{
|
||||
|
@ -606,15 +606,15 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-template";
|
||||
version = "2.1.1";
|
||||
sha256 = "182kdkbmnihpawvgfpxavg8vbczizw5mlkwp828ap0baqs09ai8i";
|
||||
version = "2.1.2";
|
||||
sha256 = "18w1mmma81m9j7yf6q500w8v9ss28w6sw2ynssl99pyw2gwmd04q";
|
||||
};
|
||||
tencentcloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-tencentcloud";
|
||||
version = "1.4.0";
|
||||
sha256 = "1gqxvd5ss2cg49856nj3srirny1298l3fla506r7v8xf9ybkzpb4";
|
||||
version = "1.5.0";
|
||||
sha256 = "04psgirl78klbpzllcvzl510j66jcavxmi9zxnwmmmw128a3dig2";
|
||||
};
|
||||
terraform =
|
||||
{
|
||||
|
@ -634,8 +634,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-tls";
|
||||
version = "1.2.0";
|
||||
sha256 = "0hvj00j8a820j18yi90xzhd635pkffivp1116d84wyqxya5acd4p";
|
||||
version = "2.0.1";
|
||||
sha256 = "08fh4k5fvkijl2ds8mxdc5fxlwhs11y5s48vvxdskklvkjhygzc7";
|
||||
};
|
||||
triton =
|
||||
{
|
||||
|
@ -662,8 +662,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-vault";
|
||||
version = "1.7.0";
|
||||
sha256 = "133ximk510kchr34zicpnp4da27nxvzab2nd8dqpf4sqg2z83i0y";
|
||||
version = "1.8.0";
|
||||
sha256 = "1g9cw14mzslb445yhj04dzs0s4cbhi4cxycd50vc3f9yyg6sz1rr";
|
||||
};
|
||||
vcd =
|
||||
{
|
||||
|
@ -683,8 +683,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-yandex";
|
||||
version = "0.4.1";
|
||||
sha256 = "0lvj7xlzqc6wfv1xpc4qc1gnk3wvcvnifbf4mqgjglz35cf697bb";
|
||||
version = "0.5.2";
|
||||
sha256 = "1fa1jicirww0zxg5kw4343ndzq86x0m7gkfj8yx7l6lb6gcrkbic";
|
||||
};
|
||||
matchbox =
|
||||
{
|
||||
|
|
|
@ -97,8 +97,8 @@ in rec {
|
|||
terraform_0_11-full = terraform_0_11.full;
|
||||
|
||||
terraform_0_12 = pluggable (generic {
|
||||
version = "0.12.0-beta1";
|
||||
sha256 = "0djakf2agbhpfqis4x0lf2i8s1ahvrdyfkcgr6lzp0nsks652rcm";
|
||||
version = "0.12.0-rc1";
|
||||
sha256 = "1ap1q5bixkzshnwy8xyfh768qwg3y4pcjzaiajzn2icjf4ay5nqm";
|
||||
patches = [ ./provider-path.patch ];
|
||||
passthru = { inherit plugins; };
|
||||
});
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
{ stdenv, pkgconfig, fetchFromGitHub, qtbase, qtsvg, qtmultimedia, qmake, boost, openssl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "chatterino2";
|
||||
version = "unstable-2019-05-11";
|
||||
src = fetchFromGitHub {
|
||||
owner = "fourtf";
|
||||
repo = pname;
|
||||
rev = "8c46cbf571dc8fd77287bf3186445ff52b1d1aaf";
|
||||
sha256 = "0i2385hamhd9i7jdy906cfrd81cybw524j92l87c8pzrkxphignk";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
nativeBuildInputs = [ qmake pkgconfig ];
|
||||
buildInputs = [ qtbase qtsvg qtmultimedia boost openssl ];
|
||||
meta = with stdenv.lib; {
|
||||
description = "A chat client for Twitch chat";
|
||||
longDescription = ''
|
||||
Chatterino is a chat client for Twitch chat. It aims to be an
|
||||
improved/extended version of the Twitch web chat. Chatterino 2 is
|
||||
the second installment of the Twitch chat client series
|
||||
"Chatterino".
|
||||
'';
|
||||
homepage = "https://github.com/fourtf/chatterino2";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ rexim ];
|
||||
};
|
||||
}
|
|
@ -3,13 +3,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "rambox-bare-${version}";
|
||||
version = "0.6.6";
|
||||
version = "0.6.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ramboxapp";
|
||||
repo = "community-edition";
|
||||
rev = version;
|
||||
sha256 = "15cy8krzl66b6sfazhff41adq4kf2857sj4h0qvzmadv85dy301v";
|
||||
sha256 = "1fsp4jxiypl6zkh5wgf9amyiyx9dqv6h8rsjn5xjp9bna27s0d3b";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ nodejs-8_x ruby sencha ];
|
||||
|
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
|
|||
inherit src;
|
||||
|
||||
nodejs = nodejs-8_x;
|
||||
sha256 = "0ifk0fzw4zhi4195jlmiq5k57bdmf912372r4bwa4z500wipikq3";
|
||||
sha256 = "0qsgr8cq81yismal5sqr02skakqpynwwzk5s98dr5bg91y361fgy";
|
||||
};
|
||||
|
||||
patches = [ ./isDev.patch ];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "riot-web",
|
||||
"productName": "Riot",
|
||||
"main": "src/electron-main.js",
|
||||
"version": "1.0.8",
|
||||
"version": "1.1.0",
|
||||
"description": "A feature-rich client for Matrix.org",
|
||||
"author": "New Vector Ltd.",
|
||||
"dependencies": {
|
||||
|
|
|
@ -7,12 +7,12 @@ with (import ./yarn2nix.nix { inherit pkgs; });
|
|||
|
||||
let
|
||||
executableName = "riot-desktop";
|
||||
version = "1.0.8";
|
||||
version = "1.1.0";
|
||||
riot-web-src = fetchFromGitHub {
|
||||
owner = "vector-im";
|
||||
repo = "riot-web";
|
||||
rev = "v${version}";
|
||||
sha256 = "1krp608wxff1siih8zknc425n0qb6qjzf854fnp7qyjp1cnfc9sb";
|
||||
sha256 = "0h1rr70jg64v824k31mvb93nfssr572xlyicc8yh91bl7hdh342x";
|
||||
};
|
||||
|
||||
in mkYarnPackage rec {
|
||||
|
|
|
@ -6,11 +6,11 @@
|
|||
let configFile = writeText "riot-config.json" conf; in
|
||||
stdenv.mkDerivation rec {
|
||||
name= "riot-web-${version}";
|
||||
version = "1.0.8";
|
||||
version = "1.1.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz";
|
||||
sha256 = "010m8b4lfnfi70d4v205wk3i4xhnsz7zkrdqrvw3si14xqy6192r";
|
||||
sha256 = "14ap57hv1c5nh17771l39inpa5yacpyckzqcmjlbrb57illakwrd";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper
|
||||
, alsaLib, atk, cairo, cups, curl, dbus, expat, fontconfig, freetype, glib
|
||||
, gnome2, gtk3, gdk_pixbuf, libnotify, libxcb, nspr, nss, pango
|
||||
, systemd, xorg, at-spi2-atk }:
|
||||
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper , alsaLib, atk, cairo,
|
||||
cups, curl, dbus, expat, fontconfig, freetype, glib , gnome2, gtk3, gdk_pixbuf,
|
||||
libappindicator-gtk3, libnotify, libxcb, nspr, nss, pango , systemd, xorg,
|
||||
at-spi2-atk }:
|
||||
|
||||
let
|
||||
|
||||
|
@ -25,6 +25,7 @@ let
|
|||
pango
|
||||
libnotify
|
||||
libxcb
|
||||
libappindicator-gtk3
|
||||
nspr
|
||||
nss
|
||||
stdenv.cc.cc
|
||||
|
|
|
@ -4,11 +4,11 @@ let
|
|||
mkTelegram = args: qt5.callPackage (import ./generic.nix args) { };
|
||||
stableVersion = {
|
||||
stable = true;
|
||||
version = "1.6.7";
|
||||
sha256Hash = "1537div6pky7wz3lansz67vsx2h6b653cx91xg9sswnxfsf8nrql";
|
||||
version = "1.7.0";
|
||||
sha256Hash = "1plfby243hf65wjmppq1qnqmp25pgi4x3awqd4h83ly9hn8qdwfk";
|
||||
# svn log svn://svn.archlinux.org/community/telegram-desktop/trunk
|
||||
archPatchesRevision = "429149";
|
||||
archPatchesHash = "1ylpi9kb6hk27x9wmna4ing8vzn9b7247iya91pyxxrpxrcrhpli";
|
||||
archPatchesRevision = "464796";
|
||||
archPatchesHash = "1bq7r69k3i9p1csdsca0w41jyz6fbyn4qriv3lg7s28j9s803kw8";
|
||||
};
|
||||
in {
|
||||
stable = mkTelegram stableVersion;
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
with stdenv.lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "0.28.3";
|
||||
version = "0.28.4"; # not really, git
|
||||
name = "notmuch-${version}";
|
||||
|
||||
passthru = {
|
||||
|
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://notmuchmail.org/releases/${name}.tar.gz";
|
||||
sha256 = "1v0ff6qqwj42p3n6qw30czzqi52nvgf3dn05vd7a03g39a5js8af";
|
||||
sha256 = "1jjnhs4xs4gksvg0a9qn68rxrj41im5bh58snka2pkj20nxwmcds";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
@ -52,13 +52,13 @@ stdenv.mkDerivation rec {
|
|||
--replace '-install_name $(libdir)' "-install_name $out/lib"
|
||||
'';
|
||||
|
||||
configureFlags = [ "--zshcompletiondir=$(out)/share/zsh/site-functions" ];
|
||||
configureFlags = [ "--zshcompletiondir=${placeholder "out"}/share/zsh/site-functions" ];
|
||||
|
||||
# Notmuch doesn't use autoconf and consequently doesn't tag --bindir and
|
||||
# friends
|
||||
setOutputFlags = false;
|
||||
enableParallelBuilding = true;
|
||||
makeFlags = "V=1";
|
||||
makeFlags = [ "V=1" ];
|
||||
|
||||
preCheck = let
|
||||
test-database = fetchurl {
|
||||
|
@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
|
|||
gdb man
|
||||
];
|
||||
|
||||
installTargets = "install install-man";
|
||||
installTargets = [ "install" "install-man" ];
|
||||
|
||||
dontGzipMan = true; # already compressed
|
||||
|
||||
|
|
|
@ -10,13 +10,13 @@ with stdenv.lib;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "qbittorrent-${version}";
|
||||
version = "4.1.5";
|
||||
version = "4.1.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "qbittorrent";
|
||||
repo = "qbittorrent";
|
||||
rev = "release-${version}";
|
||||
sha256 = "09zcygaxfv9g6av0vsvlyzv4v65wvj766xyfx31yz5ig3xan6ak1";
|
||||
sha256 = "1y9kv84sy5fg64wbl4xpm8qh0hjba7ibk045cazp0m736rjmxk8c";
|
||||
};
|
||||
|
||||
# NOTE: 2018-05-31: CMake is working but it is not officially supported
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "tixati-${version}";
|
||||
version = "2.59";
|
||||
version = "2.61";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download2.tixati.com/download/tixati-${version}-1.x86_64.manualinstall.tar.gz";
|
||||
sha256 = "0vf5y9kj2g7psgdzv2r46jdh5krdps838ca4wwwxi0dd1mwa65my";
|
||||
sha256 = "05f8lcsac2mr90bhk999qkj8wwd6igdl07389bqrd1ydjasacl2k";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -14,7 +14,8 @@ let
|
|||
variant = if withQt then "qt" else "cli";
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
name = "wireshark-${variant}-${version}";
|
||||
pname = "wireshark-${variant}";
|
||||
inherit version;
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
src = fetchurl {
|
||||
|
@ -24,7 +25,6 @@ in stdenv.mkDerivation {
|
|||
|
||||
cmakeFlags = [
|
||||
"-DBUILD_wireshark=${if withQt then "ON" else "OFF"}"
|
||||
"-DENABLE_QT5=${if withQt then "ON" else "OFF"}"
|
||||
"-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
|
||||
];
|
||||
|
||||
|
@ -95,6 +95,8 @@ in stdenv.mkDerivation {
|
|||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
dontFixCmake = true;
|
||||
|
||||
shellHook = ''
|
||||
# to be able to run the resulting binary
|
||||
export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
let
|
||||
common = { stname, target, postInstall ? "" }:
|
||||
buildGoPackage rec {
|
||||
version = "1.1.1";
|
||||
version = "1.1.3";
|
||||
name = "${stname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "syncthing";
|
||||
repo = "syncthing";
|
||||
rev = "v${version}";
|
||||
sha256 = "1nkc4ivc8mg9c1njqlkhb9i5f4c1via1rdqfbhwgkj86s6cnxrg7";
|
||||
sha256 = "00jshqa0nkwj06bfq16p359ss6nl6h49s31hag79wl9gwkca38va";
|
||||
};
|
||||
|
||||
goPackagePath = "github.com/syncthing/syncthing";
|
||||
|
|
|
@ -1,20 +1,25 @@
|
|||
{ stdenv, fetchurl, gd, ncurses, sqlite }:
|
||||
{ stdenv, fetchurl, pkgconfig, gd, ncurses, sqlite, check }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "vnstat-${version}";
|
||||
pname = "vnstat";
|
||||
version = "2.2";
|
||||
|
||||
src = fetchurl {
|
||||
sha256 = "0b7020rlc568pz6vkiy28kl8493z88wzrn18wv9b0iq2bv1pn2n6";
|
||||
url = "https://humdi.net/vnstat/${name}.tar.gz";
|
||||
url = "https://humdi.net/${pname}/${pname}-${version}.tar.gz";
|
||||
};
|
||||
|
||||
buildInputs = [ gd ncurses sqlite ];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace src/cfg.c --replace /usr/local $out
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [ gd ncurses sqlite ];
|
||||
|
||||
checkInputs = [ check ];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Console-based network statistics utility for Linux";
|
||||
longDescription = ''
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue