From 6da32655688c4fee4c8b7c09b220030738bbb885 Mon Sep 17 00:00:00 2001 From: OPNA2608 Date: Fri, 6 Jan 2023 22:18:48 +0100 Subject: [PATCH 01/23] box64: More platforms, dynarec option, hello test, extra maintainer --- pkgs/applications/emulators/box64/default.nix | 57 ++++++++++++------- pkgs/top-level/all-packages.nix | 7 ++- 2 files changed, 42 insertions(+), 22 deletions(-) diff --git a/pkgs/applications/emulators/box64/default.nix b/pkgs/applications/emulators/box64/default.nix index 404ece153b1c..12c13bb9ae87 100644 --- a/pkgs/applications/emulators/box64/default.nix +++ b/pkgs/applications/emulators/box64/default.nix @@ -5,8 +5,15 @@ , gitUpdater , cmake , python3 +, withDynarec ? stdenv.hostPlatform.isAarch64 +, runCommand +, hello-x86_64 +, box64 }: +# Currently only supported on ARM +assert withDynarec -> stdenv.hostPlatform.isAarch64; + stdenv.mkDerivation rec { pname = "box64"; version = "0.2.0"; @@ -33,49 +40,57 @@ stdenv.mkDerivation rec { ]; cmakeFlags = [ - "-DNOGIT=1" - ] ++ ( - if stdenv.hostPlatform.system == "aarch64-linux" then - [ - "-DARM_DYNAREC=ON" - ] - else [ - "-DLD80BITS=1" - "-DNOALIGN=1" - ] - ); + "-DNOGIT=ON" + "-DARM_DYNAREC=${if withDynarec then "ON" else "OFF"}" + "-DRV64=${if stdenv.hostPlatform.isRiscV64 then "ON" else "OFF"}" + "-DPPC64LE=${if stdenv.hostPlatform.isPower64 && stdenv.hostPlatform.isLittleEndian then "ON" else "OFF"}" + ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [ + "-DLD80BITS=ON" + "-DNOALIGN=ON" + ]; installPhase = '' runHook preInstall + install -Dm 0755 box64 "$out/bin/box64" + runHook postInstall ''; doCheck = true; - checkPhase = '' - runHook preCheck - ctest - runHook postCheck - ''; - doInstallCheck = true; installCheckPhase = '' runHook preInstallCheck + + echo Checking if it works $out/bin/box64 -v + + echo Checking if Dynarec option was respected + $out/bin/box64 -v | grep ${lib.optionalString (!withDynarec) "-v"} Dynarec + runHook postInstallCheck ''; - passthru.updateScript = gitUpdater { - rev-prefix = "v"; + passthru = { + updateScript = gitUpdater { + rev-prefix = "v"; + }; + tests.hello = runCommand "box64-test-hello" { + nativeBuildInputs = [ box64 hello-x86_64 ]; + } '' + # There is no actual "Hello, world!" with any of the logging enabled, and with all logging disabled it's hard to + # tell what problems the emulator has run into. + BOX64_NOBANNER=0 BOX64_LOG=1 box64 ${hello-x86_64}/bin/hello --version | tee $out + ''; }; meta = with lib; { homepage = "https://box86.org/"; description = "Lets you run x86_64 Linux programs on non-x86_64 Linux systems"; license = licenses.mit; - maintainers = with maintainers; [ gador ]; - platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ gador OPNA2608 ]; + platforms = [ "x86_64-linux" "aarch64-linux" "riscv64-linux" "powerpc64le-linux" ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d51c3eb0723e..0a0d405cdf76 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1932,7 +1932,12 @@ with pkgs; wxGTK = wxGTK32; }; - box64 = callPackage ../applications/emulators/box64 { }; + box64 = callPackage ../applications/emulators/box64 { + hello-x86_64 = if stdenv.hostPlatform.isx86_64 then + hello + else + pkgsCross.gnu64.hello; + }; caprice32 = callPackage ../applications/emulators/caprice32 { }; From 1c5020b684b7f559b42194580f7eca1f88406cb8 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Sat, 14 Jan 2023 12:58:04 +0100 Subject: [PATCH 02/23] asterisk: 16.29.0 -> 16.30.0, 18.15.0 -> 18.16.0, 19.7.0 -> 19.8.0, 20.0.0 -> 20.1.0 Fixes CVE-2022-37325, CVE-2022-42705 and CVE-2022-42706. https://downloads.asterisk.org/pub/security/AST-2022-007.html https://downloads.asterisk.org/pub/security/AST-2022-008.html https://downloads.asterisk.org/pub/security/AST-2022-009.html Changelogs: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-20.1.0 https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-19.8.0 https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-18.16.0 https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-16.30.0 Patches for CVE-2022-31031 and CVE-2022-39244 in pjsip are already been applied by Asterik upstream so we drop them. pjsip patches for CVE-2022-23537 and CVE-2022-23547 have been added. --- pkgs/servers/asterisk/default.nix | 22 +++++++++++----------- pkgs/servers/asterisk/versions.json | 16 ++++++++-------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkgs/servers/asterisk/default.nix b/pkgs/servers/asterisk/default.nix index 36927f4f6d3a..3b345e994e30 100644 --- a/pkgs/servers/asterisk/default.nix +++ b/pkgs/servers/asterisk/default.nix @@ -9,23 +9,23 @@ }: let - # remove when upgrading to pjsip >2.12.1 + # remove when upgrading to pjsip >2.13 pjsip_patches = [ - (fetchpatch { - name = "0150-CVE-2022-31031.patch"; - url = "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202.patch"; - sha256 = "sha256-30kHrmB51UIw4x/J6/CD+vPKf/gBYDCcFoUpwEWkDMY="; - }) - (fetchpatch { - name = "0151-CVE-2022-39244.patch"; - url = "https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae.patch"; - sha256 = "sha256-hTUMh6bYAizn6GF+sRV1vjKVxSf9pnI+eQdPOqsdJI4="; - }) (fetchpatch { name = "0152-CVE-2022-39269.patch"; url = "https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc.patch"; sha256 = "sha256-bKE/MrRAqN1FqD2ubhxIOOf5MgvZluHHeVXPjbR12iQ="; }) + (fetchpatch { + name = "pjsip-2.12.1-CVE-2022-23537.patch"; + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/ca2b44568eb0ffbd0b5a22eb70feb6dbdcda8e9c/pkgs/applications/networking/pjsip/1.12.1-CVE-2022-23537.patch"; + sha256 = "sha256-KNSnHt0/o1qJk4r2z5bxbYxKAa7WBtzGOhRXkru3VK4="; + }) + (fetchpatch { + name = "pjsip-2.12.1-CVE-2022-23547.patch"; + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/ca2b44568eb0ffbd0b5a22eb70feb6dbdcda8e9c/pkgs/applications/networking/pjsip/1.12.1-CVE-2022-23547.patch"; + sha256 = "sha256-0iEr/Z4UQpWsTXYWVYzWWk7MQDOFnTQ1BBYpynGLTVQ="; + }) ]; common = {version, sha256, externals}: stdenv.mkDerivation { inherit version; diff --git a/pkgs/servers/asterisk/versions.json b/pkgs/servers/asterisk/versions.json index 7e6943a6822d..b1a6319a51d1 100644 --- a/pkgs/servers/asterisk/versions.json +++ b/pkgs/servers/asterisk/versions.json @@ -1,18 +1,18 @@ { "asterisk_16": { - "sha256": "406a91290e18d25a6fc23ae6b9c56b1fb2bd70216e336c74cf9c26b908c89c3d", - "version": "16.29.0" + "sha256": "f8448e8784df7fac019e459bf7c82529d80afe64ae97d73d40e6aa0e4fb39724", + "version": "16.30.0" }, "asterisk_18": { - "sha256": "a963dafeba0e7e1051a1ac56964999c111dbcdb25a47010bc1f772bf8edbed75", - "version": "18.15.0" + "sha256": "2d280794ae7505ed3dfc58b3190774cb491aa74c339fbde1a11740e6be79b466", + "version": "18.16.0" }, "asterisk_19": { - "sha256": "832a967c5a040b0768c0e8df1646762f7304019fcf7f2e065a8b4828fa4092b7", - "version": "19.7.0" + "sha256": "f0c56d1f8e39e0427455edfe25d24ff088c756bdc32dd1278c9f7a320815cbaa", + "version": "19.8.0" }, "asterisk_20": { - "sha256": "949022c20dc6da65b456e1b1b5b42a7901bb41fc9ce20920891739e7220d72eb", - "version": "20.0.0" + "sha256": "4364dc762652e2fd4d3e7dc8428c83550ebae090b8a0e9d4820583e081778883", + "version": "20.1.0" } } From 2c3e53a6cdcc92f0a2f9913c3363a1a42b871e41 Mon Sep 17 00:00:00 2001 From: OPNA2608 Date: Sun, 15 Jan 2023 13:34:14 +0100 Subject: [PATCH 03/23] eclipses.*: Enable on aarch64-linux --- .../editors/eclipse/build-eclipse.nix | 4 +- pkgs/applications/editors/eclipse/default.nix | 68 ++++++++++++++----- 2 files changed, 52 insertions(+), 20 deletions(-) diff --git a/pkgs/applications/editors/eclipse/build-eclipse.nix b/pkgs/applications/editors/eclipse/build-eclipse.nix index de5a961fd1de..3d79a23d354e 100644 --- a/pkgs/applications/editors/eclipse/build-eclipse.nix +++ b/pkgs/applications/editors/eclipse/build-eclipse.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { tar xfvz $src -C $out # Patch binaries. - interpreter=$(echo ${stdenv.cc.libc}/lib/ld-linux*.so.2) + interpreter="$(cat $NIX_BINTOOLS/nix-support/dynamic-linker)" libCairo=$out/eclipse/libcairo-swt.so patchelf --set-interpreter $interpreter $out/eclipse/eclipse [ -f $libCairo ] && patchelf --set-rpath ${lib.makeLibraryPath [ freetype fontconfig libX11 libXrender zlib ]} $libCairo @@ -61,7 +61,7 @@ stdenv.mkDerivation rec { homepage = "http://www.eclipse.org/"; inherit description; sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - platforms = [ "x86_64-linux" ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; }; } diff --git a/pkgs/applications/editors/eclipse/default.nix b/pkgs/applications/editors/eclipse/default.nix index eadd27124281..a57a3901f63a 100644 --- a/pkgs/applications/editors/eclipse/default.nix +++ b/pkgs/applications/editors/eclipse/default.nix @@ -20,6 +20,11 @@ let buildmonth = "11"; #sometimes differs from release month timestamp = "${year}${buildmonth}231800"; gtk = gtk3; + arch = if stdenv.hostPlatform.isx86_64 then + "x86_64" + else if stdenv.hostPlatform.isAarch64 then + "aarch64" + else throw "don't know what platform suffix for ${stdenv.hostPlatform.system} will be"; in rec { buildEclipse = callPackage ./build-eclipse.nix { @@ -35,8 +40,11 @@ in rec { description = "Eclipse IDE for C/C++ Developers"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-x86_64.tar.gz"; - hash = "sha512-nqqY4dewq1bjeNoZdWvOez+cBti+f9qXshx1eqJ2lB7sGJva5mcR9e+CZTVD0+EtVJ/U+8viJ+E1Veht1ZnqOw=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-nqqY4dewq1bjeNoZdWvOez+cBti+f9qXshx1eqJ2lB7sGJva5mcR9e+CZTVD0+EtVJ/U+8viJ+E1Veht1ZnqOw=="; + aarch64 = "sha512-kmeNH6F8oK72LtrYtiJVLKhy6Q1HwnU+Bh+mpXdXSrfj9KtqzHQkJ0kTnnJkGYLtpi+zyXDwsxzyjh6pPyDRJA=="; + }.${arch}; }; }; @@ -47,8 +55,11 @@ in rec { description = "Eclipse Modeling Tools"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-x86_64.tar.gz"; - hash = "sha512-WU2BJt6GL3ug3yOUOd5y6/AbGLcr2MkCg+QJiNIMkSXvoU9TF6R6oimoGVc3kPZmazRy6WYoes55T3bWrHnO8Q=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-WU2BJt6GL3ug3yOUOd5y6/AbGLcr2MkCg+QJiNIMkSXvoU9TF6R6oimoGVc3kPZmazRy6WYoes55T3bWrHnO8Q=="; + aarch64 = "sha512-F63f2o9u/p7hhrxI+Eu6NiL4sPccIYw876Nnj8mfSZ7bozs1OVNWftZj+xbdLLbr0bVz3WKnt4BHzcLUA6QG7g=="; + }.${arch}; }; }; @@ -59,15 +70,18 @@ in rec { description = "Eclipse Platform ${year}-${month}"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz"; - hash = "sha512-hmdWGteMDt4HhYq+k9twuftalpTzHtGnVVLphZcpJcw+6vJfersciDMaeLRqbCAeFbzJdgzjYo76bpP6FubySw=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-hmdWGteMDt4HhYq+k9twuftalpTzHtGnVVLphZcpJcw+6vJfersciDMaeLRqbCAeFbzJdgzjYo76bpP6FubySw=="; + aarch64 = "sha512-BvUkOdCsjwtscPeuBXG7ZpitOr8EQK5JL8nSGpw/RhhBEFz46nsc7W18l0aYjdzRHh2ie55RylS2PEQELkS/hQ=="; + }.${arch}; }; }; ### Eclipse Scala SDK eclipse-scala-sdk = - buildEclipse.override { jdk = jdk8; gtk = gtk2; } { + (buildEclipse.override { jdk = jdk8; gtk = gtk2; } { name = "eclipse-scala-sdk-4.7.0"; description = "Eclipse IDE for Scala Developers"; src = @@ -75,7 +89,10 @@ in rec { url = "https://downloads.typesafe.com/scalaide-pack/4.7.0-vfinal-oxygen-212-20170929/scala-SDK-4.7.0-vfinal-2.12-linux.gtk.x86_64.tar.gz"; sha256 = "1n5w2a7mh9ajv6fxcas1gpgwb04pdxbr9v5dzr67gsz5bhahq4ya"; }; - }; + }).overrideAttrs(oa: { + # Only download for x86_64 + meta.platforms = [ "x86_64-linux" ]; + }); ### Eclipse SDK @@ -84,8 +101,11 @@ in rec { description = "Eclipse ${year}-${month} Classic"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz"; - hash = "sha512-yH4/K9sBLCUc2EVYwPL0dLql/S3AfaV6fFh7ewAuIb7yHtcsOWMqy/h1hZUlFFg2ykfwDWDDHEK7qfTI0hM7BQ=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-hmdWGteMDt4HhYq+k9twuftalpTzHtGnVVLphZcpJcw+6vJfersciDMaeLRqbCAeFbzJdgzjYo76bpP6FubySw=="; + aarch64 = "sha512-UYp8t7r2RrN3rKN180cWpJyhyO5LVXL8LrTRKJzttUgB7kM1nroTEI3DesBu+Hw4Ynl7eLiBK397rqcpOAfxJw=="; + }.${arch}; }; }; @@ -96,8 +116,11 @@ in rec { description = "Eclipse IDE for Java Developers"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-x86_64.tar.gz"; - hash = "sha512-71mXYVLVnyDjYZbJGBKc0aDPq8sbTxlVZRQq7GlSUDv2fsoNYWYgqYfK7RSED5yoasCfs3HUYr7QowRAKJOnfQ=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-71mXYVLVnyDjYZbJGBKc0aDPq8sbTxlVZRQq7GlSUDv2fsoNYWYgqYfK7RSED5yoasCfs3HUYr7QowRAKJOnfQ=="; + aarch64 = "sha512-KOQ6BZuQJeVpbMQVxF67M3F/KXMmDhmZQBNq0yWM+/8+d0DiBRkwJtqPYsnTqrax8FSunn2yy+CzlfyHSoNvpg=="; + }.${arch}; }; }; @@ -108,8 +131,11 @@ in rec { description = "Eclipse IDE for Enterprise Java and Web Developers"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-jee-${year}-${month}-R-linux-gtk-x86_64.tar.gz"; - hash = "sha512-55i9YVOa+vKHt72vHIqy9BmKMkg1KaLqMStjTtfaLTH5yP0ei+NTP2XL8IBHOgu0hCEJqYXTq+3I3RQy476etQ=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-jee-${year}-${month}-R-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-55i9YVOa+vKHt72vHIqy9BmKMkg1KaLqMStjTtfaLTH5yP0ei+NTP2XL8IBHOgu0hCEJqYXTq+3I3RQy476etQ=="; + aarch64 = "sha512-iaoTB/Pinoj1weiGBBv0plQ4jGNdFs2JiBG7S/icUoAX5O6jTGAgJvOwh7Nzn+0N6YL6+HPWaV24a6lM43y8Og=="; + }.${arch}; }; }; @@ -120,8 +146,11 @@ in rec { description = "Eclipse IDE for Eclipse Committers and Eclipse Platform Plugin Developers"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-committers-${year}-${month}-R-linux-gtk-x86_64.tar.gz"; - hash = "sha512-zGeynifM0dn1214HEVS7OVtv7xa8asjLzOXh5riJK8c/DWvNrRduHn6o6PGnxYOYVIfC9BzNRAjG1STkWu9j+Q=="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-committers-${year}-${month}-R-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha512-zGeynifM0dn1214HEVS7OVtv7xa8asjLzOXh5riJK8c/DWvNrRduHn6o6PGnxYOYVIfC9BzNRAjG1STkWu9j+Q=="; + aarch64 = "sha512-B866dFJcsTkq+h0RZ61CxXE83TWvCf8ZAbGeIC385PpPR3i/gZnRjN2oRrDP22CNR5XXA+PfXKxqvERhJB5ebA=="; + }.${arch}; }; }; @@ -132,8 +161,11 @@ in rec { description = "Eclipse IDE for RCP and RAP Developers"; src = fetchurl { - url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-rcp-${year}-${month}-R-linux-gtk-x86_64.tar.gz"; - hash = "sha256-ml76ix0fHuR0KqYWQuTftEBAgq7iaOIyvr8V6WhuzeU="; + url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-rcp-${year}-${month}-R-linux-gtk-${arch}.tar.gz"; + hash = { + x86_64 = "sha256-ml76ix0fHuR0KqYWQuTftEBAgq7iaOIyvr8V6WhuzeU="; + aarch64 = "sha256-sMB6a3f0fiL6ZentIjJTMi59ZOh7dizXrkMQuIRbds0="; + }.${arch}; }; }; From 78f357f134f2184ff4583ba82fd51c19fc40297c Mon Sep 17 00:00:00 2001 From: Luflosi Date: Fri, 5 Aug 2022 20:56:15 +0200 Subject: [PATCH 04/23] nixos/kubo: make the configuration options idempotent Without this commit, unsetting any of the `services.kubo.settings` options does not reset the value back to the default. This commit gets rid of this statefulness. This is achieved by generating the default config, applying the user specified config options to it and then patching the `Identity` and `Pinning` config options from the old config back in. This new config is then applied using `ipfs config replace`. The only remaining stateful parts of the config are the `Identity` and `Pinning.RemoteServices` settings as those can't be changed with `ipfs config replace`. `Pinning.RemoteServices` also contains secrets that shouldn't be in the Nix store. Setting these options wasn't possible before as it would result in an error when the daemon tried to start. I added some assertions to guard against this case. --- .../from_md/release-notes/rl-2305.section.xml | 12 ++++ .../manual/release-notes/rl-2305.section.md | 2 + .../services/network-filesystems/kubo.nix | 57 +++++++++++++++---- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index bd53792b508b..55d61e0f5165 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -209,6 +209,18 @@ to upgrade existing repositories. + + + The services.kubo.settings option is now no + longer stateful. If you changed any of the options in + services.kubo.settings in the past and then + removed them from your NixOS configuration again, those + changes are still in your Kubo configuration file but will now + be reset to the default. If you’re unsure, you may want to + make a backup of your configuration file (probably + /var/lib/ipfs/config) and compare after the update. + + The EC2 image module no longer fetches instance metadata in diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 4a2ff1ff4e08..36d10d826d94 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -60,6 +60,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. +- The `services.kubo.settings` option is now no longer stateful. If you changed any of the options in `services.kubo.settings` in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update. + - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` diff --git a/nixos/modules/services/network-filesystems/kubo.nix b/nixos/modules/services/network-filesystems/kubo.nix index 13a062c32128..4d423c905986 100644 --- a/nixos/modules/services/network-filesystems/kubo.nix +++ b/nixos/modules/services/network-filesystems/kubo.nix @@ -5,6 +5,23 @@ let settingsFormat = pkgs.formats.json {}; + rawDefaultConfig = lib.importJSON (pkgs.runCommand "kubo-default-config" { + nativeBuildInputs = [ cfg.package ]; + } '' + export IPFS_PATH="$TMPDIR" + ipfs init --empty-repo --profile=${profile} + ipfs --offline config show > "$out" + ''); + + # Remove the PeerID (an attribute of "Identity") of the temporary Kubo repo. + # The "Pinning" section contains the "RemoteServices" section, which would prevent + # the daemon from starting as that setting can't be changed via ipfs config replace. + defaultConfig = builtins.removeAttrs rawDefaultConfig [ "Identity" "Pinning" ]; + + customizedConfig = lib.recursiveUpdate defaultConfig cfg.settings; + + configFile = settingsFormat.generate "kubo-config.json" customizedConfig; + kuboFlags = utils.escapeSystemdExecArgs ( optional cfg.autoMount "--mount" ++ optional cfg.enableGC "--enable-gc" ++ @@ -161,9 +178,9 @@ in }; }; description = lib.mdDoc '' - Attrset of daemon configuration to set using {command}`ipfs config`, every time the daemon starts. + Attrset of daemon configuration. See [https://github.com/ipfs/kubo/blob/master/docs/config.md](https://github.com/ipfs/kubo/blob/master/docs/config.md) for reference. - Keep in mind that this configuration is stateful; i.e., unsetting anything in here does not reset the value to the default! + You can't set `Identity` or `Pinning`. ''; default = { }; example = { @@ -211,6 +228,21 @@ in ###### implementation config = mkIf cfg.enable { + assertions = [ + { + assertion = !builtins.hasAttr "Identity" cfg.settings; + message = '' + You can't set services.kubo.settings.Identity because the ``config replace`` subcommand used at startup does not support modifying any of the Identity settings. + ''; + } + { + assertion = !((builtins.hasAttr "Pinning" cfg.settings) && (builtins.hasAttr "RemoteServices" cfg.settings.Pinning)); + message = '' + You can't set services.kubo.settings.Pinning.RemoteServices because the ``config replace`` subcommand used at startup does not work with it. + ''; + } + ]; + environment.systemPackages = [ cfg.package ]; environment.variables.IPFS_PATH = cfg.dataDir; @@ -262,21 +294,26 @@ in preStart = '' if [[ ! -f "$IPFS_PATH/config" ]]; then - ipfs init ${optionalString cfg.emptyRepo "-e"} --profile=${profile} + ipfs init ${optionalString cfg.emptyRepo "-e"} else # After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open. rm -vf "$IPFS_PATH/api" '' + optionalString cfg.autoMigrate '' ${pkgs.kubo-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y '' + '' - ipfs --offline config profile apply ${profile} >/dev/null fi - '' + '' - ipfs --offline config show \ - | ${pkgs.jq}/bin/jq '. * $settings' --argjson settings ${ - escapeShellArg (builtins.toJSON cfg.settings) - } \ - | ipfs --offline config replace - + ipfs --offline config show | + ${pkgs.jq}/bin/jq -s '.[0].Pinning as $Pinning | .[0].Identity as $Identity | .[1] + {$Identity,$Pinning}' - '${configFile}' | + + # This command automatically injects the private key and other secrets from + # the old config file back into the new config file. + # Unfortunately, it doesn't keep the original `Identity.PeerID`, + # so we need `ipfs config show` and jq above. + # See https://github.com/ipfs/kubo/issues/8993 for progress on fixing this problem. + # Kubo also wants a specific version of the original "Pinning.RemoteServices" + # section (redacted by `ipfs config show`), such that that section doesn't + # change when the changes are applied. Whyyyyyy..... + ipfs --offline config replace - ''; serviceConfig = { ExecStart = [ "" "${cfg.package}/bin/ipfs daemon ${kuboFlags}" ]; From d32b1cbc6cfd1a6947901cfd3a680a33e40d1863 Mon Sep 17 00:00:00 2001 From: OPNA2608 Date: Sun, 18 Dec 2022 01:43:35 +0100 Subject: [PATCH 05/23] open-watcom-v2-unwrapped: unstable-2022-10-03 -> unstable-2023-01-30 Enable on more platforms --- pkgs/development/compilers/open-watcom/v2.nix | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/pkgs/development/compilers/open-watcom/v2.nix b/pkgs/development/compilers/open-watcom/v2.nix index 9d8a2367b934..a61a66ada934 100644 --- a/pkgs/development/compilers/open-watcom/v2.nix +++ b/pkgs/development/compilers/open-watcom/v2.nix @@ -13,19 +13,19 @@ stdenv.mkDerivation rec { pname = "${passthru.prettyName}-unwrapped"; # nixpkgs-update: no auto update - version = "unstable-2022-10-03"; + version = "unstable-2023-01-30"; src = fetchFromGitHub { owner = "open-watcom"; repo = "open-watcom-v2"; - rev = "61538429a501a09f369366d832799f2e3b196a02"; - sha256 = "sha256-YvqRw0klSqOxIuO5QFKjcUp6aRWlO2j3L+T1ekx8SfA="; + rev = "996740acdbb173499ec1bf2ba6c8942f2a374220"; + sha256 = "sha256-9m+0e2v1Hk8jYZHqJwb1mN02WgGDArsWbF7Ut3Z5OIg="; }; postPatch = '' patchShebangs *.sh - for dateSource in cmnvars.sh bld/wipfc/configure; do + for dateSource in bld/wipfc/configure; do substituteInPlace $dateSource \ --replace '`date ' '`date -ud "@$SOURCE_DATE_EPOCH" ' done @@ -35,14 +35,17 @@ stdenv.mkDerivation rec { --replace '__TIME__' "\"$(date -ud "@$SOURCE_DATE_EPOCH" +'%T')\"" substituteInPlace build/makeinit \ - --replace '%__CYEAR__' '%OWCYEAR' + --replace '$+$(%__CYEAR__)$-' "$(date -ud "@$SOURCE_DATE_EPOCH" +'%Y')" '' + lib.optionalString (!stdenv.hostPlatform.isDarwin) '' substituteInPlace build/mif/local.mif \ --replace '-static' "" ''; - nativeBuildInputs = [ dosbox ] - ++ lib.optional withDocs ghostscript; + nativeBuildInputs = [ + dosbox + ] ++ lib.optionals withDocs [ + ghostscript + ]; configurePhase = '' runHook preConfigure @@ -120,7 +123,8 @@ stdenv.mkDerivation rec { ''; homepage = "https://open-watcom.github.io"; license = licenses.watcom; - platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "x86_64-windows" "i686-windows" ]; + platforms = with platforms; windows ++ unix; + badPlatforms = platforms.riscv ++ [ "powerpc64-linux" "powerpc64le-linux" "mips64el-linux" ]; maintainers = with maintainers; [ OPNA2608 ]; }; } From a6ae9718fb9640c8c85ac68d2e0bd12f1628f22d Mon Sep 17 00:00:00 2001 From: OPNA2608 Date: Sun, 18 Dec 2022 01:43:55 +0100 Subject: [PATCH 06/23] wrapWatcom: Handle ARM-based hostPlatform --- .../compilers/open-watcom/wrapper.nix | 35 +++++++++++++------ 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/pkgs/development/compilers/open-watcom/wrapper.nix b/pkgs/development/compilers/open-watcom/wrapper.nix index 0677d32e6ea9..95752b2c2fe4 100644 --- a/pkgs/development/compilers/open-watcom/wrapper.nix +++ b/pkgs/development/compilers/open-watcom/wrapper.nix @@ -13,16 +13,29 @@ let wrapper = {}: let + archToBindir = with stdenv.hostPlatform; if isx86 then + "bin" + else if isAarch then + "arm" + # we don't support running on AXP + # don't know what MIPS, PPC bindirs are called + else throw "Don't know where ${system} binaries are located!"; + binDirs = with stdenv.hostPlatform; if isWindows then [ - (lib.optionalString is64bit "binnt64") - "binnt" - (lib.optionalString is32bit "binw") - ] else if (isDarwin && is64bit) then [ - "bino64" + (lib.optionalString is64bit "${archToBindir}nt64") + "${archToBindir}nt" + (lib.optionalString is32bit "${archToBindir}w") + ] else if (isDarwin) then [ + (lib.optionalString is64bit "${archToBindir}o64") + # modern Darwin cannot execute 32-bit code anymore + (lib.optionalString is32bit "${archToBindir}o") ] else [ - (lib.optionalString is64bit "binl64") - "binl" + (lib.optionalString is64bit "${archToBindir}l64") + "${archToBindir}l" ]; + # TODO + # This works good enough as-is, but should really only be targetPlatform-specific + # but we don't support targeting DOS, OS/2, 16-bit Windows etc Nixpkgs-wide so this needs extra logic includeDirs = with stdenv.hostPlatform; [ "h" ] @@ -71,9 +84,9 @@ let } EOF cat test.c - # Darwin target not supported, only host wcl386 -fe=test_c test.c - ${lib.optionalString (!stdenv.hostPlatform.isDarwin) "./test_c"} + # Only test execution if hostPlatform is targetable + ${lib.optionalString (!stdenv.hostPlatform.isDarwin && !stdenv.hostPlatform.isAarch) "./test_c"} cat <test.cpp #include @@ -91,9 +104,9 @@ let } EOF cat test.cpp - # Darwin target not supported, only host wcl386 -fe=test_cpp test.cpp - ${lib.optionalString (!stdenv.hostPlatform.isDarwin) "./test_cpp"} + # Only test execution if hostPlatform is targetable + ${lib.optionalString (!stdenv.hostPlatform.isDarwin && !stdenv.hostPlatform.isAarch) "./test_cpp"} touch $out ''; cross = runCommand "${name}-test-cross" { nativeBuildInputs = [ wrapped file ]; } '' From ee7e096c488cca19f3bceb98339ea00da7329498 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Tue, 23 Aug 2022 12:21:32 +0300 Subject: [PATCH 07/23] nixos/nginx: update recommended gzip settings --- .../from_md/release-notes/rl-2305.section.xml | 30 +++++++++++++++++++ .../manual/release-notes/rl-2305.section.md | 6 ++++ .../services/web-servers/nginx/default.nix | 19 ++++-------- 3 files changed, 42 insertions(+), 13 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index 2ce4ce189cb4..527c7e50f3a3 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -680,6 +680,36 @@ here. + + + Updated recommended settings in + services.nginx.recommendedGzipSettings: + + + + + Enables gzip compression for only certain proxied + requests. + + + + + Allow checking and loading of precompressed files. + + + + + Updated gzip mime-types. + + + + + Increased the minimum length of a response that will be + gzipped. + + + + Garage diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 148b317ba283..295446137096 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -172,6 +172,12 @@ In addition to numerous new and upgraded packages, this release has the followin - A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md). +- Updated recommended settings in `services.nginx.recommendedGzipSettings`: + - Enables gzip compression for only certain proxied requests. + - Allow checking and loading of precompressed files. + - Updated gzip mime-types. + - Increased the minimum length of a response that will be gzipped. + - [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion). - `hip` has been separated into `hip`, `hip-common` and `hipcc`. diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index c723b962c847..298c85108c3d 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -187,22 +187,15 @@ let brotli_buffers 32 8k; ''} + # https://docs.nginx.com/nginx/admin-guide/web-server/compression/ ${optionalString cfg.recommendedGzipSettings '' gzip on; - gzip_proxied any; - gzip_comp_level 5; - gzip_types - application/atom+xml - application/javascript - application/json - application/xml - application/xml+rss - image/svg+xml - text/css - text/javascript - text/plain - text/xml; + gzip_static on; gzip_vary on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private auth; + gzip_types ${lib.concatStringsSep " " compressMimeTypes}; ''} ${optionalString cfg.recommendedProxySettings '' From d178a1d7a13696376d9439b04571983551221d13 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Mon, 30 Jan 2023 23:13:12 +0300 Subject: [PATCH 08/23] nixos/nginx: update recommended brotli settings --- nixos/modules/services/web-servers/nginx/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 298c85108c3d..4ea0a64aba84 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -184,7 +184,6 @@ let brotli_window 512k; brotli_min_length 256; brotli_types ${lib.concatStringsSep " " compressMimeTypes}; - brotli_buffers 32 8k; ''} # https://docs.nginx.com/nginx/admin-guide/web-server/compression/ From 284c674525dc7e114590d4397643c35dd4793aec Mon Sep 17 00:00:00 2001 From: Mostly Void <7rat13@gmail.com> Date: Tue, 31 Jan 2023 19:18:12 +0530 Subject: [PATCH 09/23] spotify-player: add meta.mainProgram --- pkgs/applications/audio/spotify-player/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/audio/spotify-player/default.nix b/pkgs/applications/audio/spotify-player/default.nix index 9fa3a5336b9f..b15031a52914 100644 --- a/pkgs/applications/audio/spotify-player/default.nix +++ b/pkgs/applications/audio/spotify-player/default.nix @@ -46,6 +46,7 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "A command driven spotify player"; homepage = "https://github.com/aome510/spotify-player"; + mainProgram = "spotify_player"; license = licenses.mit; maintainers = with maintainers; [ dit7ya ]; }; From a2774652aab6c8efb2caba5acccbc0f7d65a075d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 31 Jan 2023 15:49:47 +0000 Subject: [PATCH 10/23] ustreamer: 5.20 -> 5.36 --- pkgs/applications/video/ustreamer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/video/ustreamer/default.nix b/pkgs/applications/video/ustreamer/default.nix index 023f37de287d..70e335192d9d 100644 --- a/pkgs/applications/video/ustreamer/default.nix +++ b/pkgs/applications/video/ustreamer/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "ustreamer"; - version = "5.20"; + version = "5.36"; src = fetchFromGitHub { owner = "pikvm"; repo = "ustreamer"; rev = "v${version}"; - sha256 = "sha256-ZJebLsmoaIxfM8Eenv/r351Kr8XM+wyZUc2TI+oGDxU="; + sha256 = "sha256-VnqCiEPaBzGN2TL7oXO4T7dcNdGneac/5nFPwRPiJ9c="; }; buildInputs = [ libbsd libevent libjpeg ]; From 10e2cd97b5917d1cb959ee88760ea3cf97d0a3d9 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 31 Jan 2023 16:52:42 +0000 Subject: [PATCH 11/23] panoply: 5.2.2 -> 5.2.3 --- pkgs/tools/misc/panoply/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/panoply/default.nix b/pkgs/tools/misc/panoply/default.nix index acb66e3dca63..e1fa8cc0b730 100644 --- a/pkgs/tools/misc/panoply/default.nix +++ b/pkgs/tools/misc/panoply/default.nix @@ -2,11 +2,11 @@ stdenvNoCC.mkDerivation rec { pname = "panoply"; - version = "5.2.2"; + version = "5.2.3"; src = fetchurl { url = "https://www.giss.nasa.gov/tools/panoply/download/PanoplyJ-${version}.tgz"; - sha256 = "sha256-RIjdNfX4jsMwpgbE1aTzT6bysIFGUi33o5m030fF6mg="; + sha256 = "sha256-bbePMbI1YF0YvakO5vlURdE7UG3pLiuByImYvDq9cRY="; }; nativeBuildInputs = [ makeWrapper ]; From 75247b3ab4b120b83437b0a57fc90777bf80bef2 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 31 Jan 2023 17:32:32 +0000 Subject: [PATCH 12/23] arangodb: 3.10.0 -> 3.10.3 --- pkgs/servers/nosql/arangodb/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/nosql/arangodb/default.nix b/pkgs/servers/nosql/arangodb/default.nix index 9b2ac7a5567f..68d3ce9f101d 100644 --- a/pkgs/servers/nosql/arangodb/default.nix +++ b/pkgs/servers/nosql/arangodb/default.nix @@ -1,5 +1,5 @@ { - # gcc 11.2 suggested on 3.10.0. + # gcc 11.2 suggested on 3.10.3. # gcc 11.3.0 unsupported yet, investigate gcc support when upgrading # See https://github.com/arangodb/arangodb/issues/17454 gcc10Stdenv @@ -32,13 +32,13 @@ in gcc10Stdenv.mkDerivation rec { pname = "arangodb"; - version = "3.10.0"; + version = "3.10.3"; src = fetchFromGitHub { repo = "arangodb"; owner = "arangodb"; rev = "v${version}"; - sha256 = "0vjdiarfnvpfl4hnqgr7jigxgq3b3zhx88n8liv1zqa1nlvykfrb"; + sha256 = "sha256-Jp2rvapTe0CtyYfh1YLJ5eUngh8V+BCUQ/OgH3nE2Ro="; fetchSubmodules = true; }; From 96e7d9fa2a066ed374f138cffaa0591859d48fda Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Tue, 31 Jan 2023 10:43:22 -0700 Subject: [PATCH 13/23] matrix-synapse: 1.75.0 -> 1.76.0 Signed-off-by: Sumner Evans --- pkgs/servers/matrix-synapse/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index 9fc2c676b946..0c42373dd288 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -12,20 +12,20 @@ in with python3.pkgs; buildPythonApplication rec { pname = "matrix-synapse"; - version = "1.75.0"; + version = "1.76.0"; format = "pyproject"; src = fetchFromGitHub { owner = "matrix-org"; repo = "synapse"; rev = "v${version}"; - hash = "sha256-cfvekrZRLbdsUqkkPF8hz9B4qsum1kpIL0aCnJf3HYg="; + hash = "sha256-kPc6T8yLe1TDxPKLnK/TcU+RUxAVIq8qsr5JQXCXyjM="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-oyXgHqOrMKs+mYGAI4Wn+fuVQWsQJIkPwCY4t+cUlQ4="; + hash = "sha256-tXtnVYH9uWu0nHHx53PgML92NWl3qcAcnFKhiijvQBc="; }; postPatch = '' From e5a691df5493cd552179346853755e0be038dbfb Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 31 Jan 2023 18:42:11 +0000 Subject: [PATCH 14/23] dinghy: 1.1.0 -> 1.2.0 --- pkgs/development/python-modules/dinghy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/dinghy/default.nix b/pkgs/development/python-modules/dinghy/default.nix index 124fb1b690a6..fa62731071b6 100644 --- a/pkgs/development/python-modules/dinghy/default.nix +++ b/pkgs/development/python-modules/dinghy/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "dinghy"; - version = "1.1.0"; + version = "1.2.0"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "nedbat"; repo = pname; rev = version; - hash = "sha256-3qj3CU0A7oyPcUMEoqe4lUK5Jl1tlnCaqXMtDnn9+bw="; + hash = "sha256-xtcNcykfgcWvifso0xaeMT31+G5x4HCp+tLAIEEq4cw="; }; propagatedBuildInputs = [ From 678e32701bdddd5fec45b6eab7fe317ca8f5bf24 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 31 Jan 2023 18:52:49 +0000 Subject: [PATCH 15/23] wayvnc: 0.6.1 -> 0.6.2 --- pkgs/applications/networking/remote/wayvnc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/remote/wayvnc/default.nix b/pkgs/applications/networking/remote/wayvnc/default.nix index 18c0c3e73de6..c5095d8fd43e 100644 --- a/pkgs/applications/networking/remote/wayvnc/default.nix +++ b/pkgs/applications/networking/remote/wayvnc/default.nix @@ -18,13 +18,13 @@ stdenv.mkDerivation rec { pname = "wayvnc"; - version = "0.6.1"; + version = "0.6.2"; src = fetchFromGitHub { owner = "any1"; repo = pname; rev = "v${version}"; - sha256 = "sha256-WKtflN6DyzumOMEx+iX0AoIyGRN4nXUckmW/9Z2EW+Q="; + sha256 = "sha256-yNWTTjlmMCMTed1SiRep3iUxchQya1GnTVoub1cpR14="; }; strictDeps = true; From 6e1b43747afb6fbdc3cf6d03c0cd67a195e92fe9 Mon Sep 17 00:00:00 2001 From: Christoph Neidahl Date: Tue, 31 Jan 2023 20:59:19 +0100 Subject: [PATCH 16/23] punes: 0.109 -> 0.110, add Qt6 variant (#209485) --- pkgs/applications/emulators/punes/default.nix | 77 +++++++++++-------- pkgs/top-level/all-packages.nix | 2 + 2 files changed, 49 insertions(+), 30 deletions(-) diff --git a/pkgs/applications/emulators/punes/default.nix b/pkgs/applications/emulators/punes/default.nix index b68b70c0ac44..529dce536430 100644 --- a/pkgs/applications/emulators/punes/default.nix +++ b/pkgs/applications/emulators/punes/default.nix @@ -1,13 +1,8 @@ -{ mkDerivation -, stdenv +{ stdenv , lib , fetchFromGitHub , fetchpatch -, nix-update-script -, qtbase -, qtsvg -, qttools -, autoreconfHook +, gitUpdater , cmake , pkg-config , ffmpeg @@ -16,41 +11,63 @@ , libX11 , libXrandr , sndio +, qtbase +, qtsvg +, qttools +, wrapQtAppsHook }: -mkDerivation rec { +stdenv.mkDerivation rec { pname = "punes"; - version = "0.109"; + version = "0.110"; src = fetchFromGitHub { owner = "punesemu"; repo = "puNES"; rev = "v${version}"; - sha256 = "sha256-6aRtR/d8nhzmpN9QKSZ62jye7qjfO+FpRMCXkX4Yubk="; + sha256 = "sha256-+hL168r40aYUjyLbWFXWk9G2srrrG1TH1gLYMliHftU="; }; - postPatch = '' - substituteInPlace configure.ac \ - --replace '`$PKG_CONFIG --variable=host_bins Qt5Core`/lrelease' '${qttools.dev}/bin/lrelease' - ''; - - nativeBuildInputs = [ autoreconfHook cmake pkg-config qttools ]; - - buildInputs = [ ffmpeg qtbase qtsvg libGLU ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ alsa-lib libX11 libXrandr ] - ++ lib.optionals stdenv.hostPlatform.isBSD [ sndio ]; - - dontUseCmakeConfigure = true; - - enableParallelBuilding = true; - - configureFlags = [ - "--prefix=${placeholder "out"}" - "--without-opengl-nvidia-cg" - "--with-ffmpeg" + patches = [ + # Fixes compilation on aarch64 + # Remove when version > 0.110 + (fetchpatch { + url = "https://github.com/punesemu/puNES/commit/90dd5bc90412bbd199c2716f67a24aa88b24d80f.patch"; + hash = "sha256-/KNpTds4qjwyaTUebWWPlVXfuxVh6M4zOInxUfYztJg="; + }) ]; - passthru.updateScript = nix-update-script { }; + nativeBuildInputs = [ + cmake + pkg-config + qttools + wrapQtAppsHook + ]; + + buildInputs = [ + ffmpeg + libGLU + qtbase + qtsvg + ] ++ lib.optionals stdenv.hostPlatform.isLinux [ + alsa-lib + libX11 + libXrandr + ] ++ lib.optionals stdenv.hostPlatform.isBSD [ + sndio + ]; + + cmakeFlags = [ + "-DENABLE_GIT_INFO=OFF" + "-DENABLE_RELEASE=ON" + "-DENABLE_FFMPEG=ON" + "-DENABLE_OPENGL=ON" + "-DENABLE_QT6_LIBS=${if lib.versionAtLeast qtbase.version "6.0" then "ON" else "OFF"}" + ]; + + passthru.updateScript = gitUpdater { + rev-prefix = "v"; + }; meta = with lib; { description = "Qt-based Nintendo Entertainment System emulator and NSF/NSFe Music Player"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 05606f94a7cf..763a6e0e62dd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2189,6 +2189,8 @@ with pkgs; punes = libsForQt5.callPackage ../applications/emulators/punes { }; + punes-qt6 = qt6Packages.callPackage ../applications/emulators/punes { }; + py65 = python3Packages.callPackage ../applications/emulators/py65 { }; resim = callPackage ../applications/emulators/resim {}; From a997c219d8e64d8c9a6d77011c959004029ecb82 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 25 Jan 2023 00:58:53 +0000 Subject: [PATCH 17/23] libsmbios: add musl patch Upstream seems pretty dead, so I think a patch is the best we're going to get here. But on the other hand, that means the package isn't likely to require a lot of maintenance that could be made more difficult by having a patch around. --- pkgs/os-specific/linux/libsmbios/default.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/libsmbios/default.nix b/pkgs/os-specific/linux/libsmbios/default.nix index 46d0e94bb14c..2049b7cf0e70 100644 --- a/pkgs/os-specific/linux/libsmbios/default.nix +++ b/pkgs/os-specific/linux/libsmbios/default.nix @@ -1,6 +1,6 @@ -{ lib, stdenv, fetchFromGitHub, pkg-config, autoreconfHook, help2man, gettext -, libxml2, perl, python3, doxygen }: - +{ lib, stdenv, fetchFromGitHub, fetchurl +, pkg-config, autoreconfHook, help2man, gettext, libxml2, perl, python3, doxygen +}: stdenv.mkDerivation rec { pname = "libsmbios"; @@ -13,6 +13,14 @@ stdenv.mkDerivation rec { sha256 = "0krwwydyvb9224r884y1mlmzyxhlfrcqw73vi1j8787rl0gl5a2i"; }; + patches = [ + (fetchurl { + name = "musl.patch"; + url = "https://git.alpinelinux.org/aports/plain/community/libsmbios/fixes.patch?id=bdc4f67889c958c1266fa5d0cab71c3cd639122f"; + sha256 = "aVVc52OovDYvqWRyKcRAi62daa9AalkKvnVOGvrTmRk="; + }) + ]; + nativeBuildInputs = [ autoreconfHook doxygen gettext libxml2 help2man perl pkg-config ]; buildInputs = [ python3 ]; From ff7cb26327c201050325ef015a7cfb1ec1e0a035 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 31 Jan 2023 11:35:33 +0000 Subject: [PATCH 18/23] efivar: add musl patch --- pkgs/tools/system/efivar/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix index 37e8d664f23f..8507c7c7cec0 100644 --- a/pkgs/tools/system/efivar/default.nix +++ b/pkgs/tools/system/efivar/default.nix @@ -24,6 +24,11 @@ stdenv.mkDerivation rec { url = "https://github.com/rhboot/efivar/commit/ca48d3964d26f5e3b38d73655f19b1836b16bd2d.patch"; hash = "sha256-DkNFIK4i7Eypyf2UeK7qHW36N2FSVRJ2rnOVLriWi5c="; }) + (fetchpatch { + name = "musl-backport.patch"; + url = "https://github.com/rhboot/efivar/commit/cece3ffd5be2f8641eb694513f2b73e5eb97ffd3.patch"; + sha256 = "7/E0gboU0A45/BY6jGPLuvds6qKtNjzpgKgdNTaVaZQ="; + }) ]; nativeBuildInputs = [ pkg-config mandoc ]; From 6998035ed567d0b5f332199e4ca1fb96cbf42e62 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Tue, 31 Jan 2023 22:01:14 +0100 Subject: [PATCH 19/23] bundler: 2.4.5 -> 2.4.6 --- pkgs/development/ruby-modules/bundler/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index 9be3f909ca59..0483feccb6ef 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -4,8 +4,8 @@ buildRubyGem rec { inherit ruby; name = "${gemName}-${version}"; gemName = "bundler"; - version = "2.4.5"; - source.sha256 = "sha256-Wvj6rwlmbVnM3xqORh8Xu8XE5Jutstyu4XRln4yH1Eo="; + version = "2.4.6"; + source.sha256 = "sha256-MI/g13w5NMoHQ78AJ11BlKhulroUI6xNPqQ19iH51P8="; dontPatchShebangs = true; postFixup = '' From a08e4457b76d8279e5865325cc82ba02ad78549a Mon Sep 17 00:00:00 2001 From: figsoda Date: Tue, 31 Jan 2023 16:01:34 -0500 Subject: [PATCH 20/23] felix-fm: 2.2.3 -> 2.2.4 Diff: https://github.com/kyoheiu/felix/compare/v2.2.3...v2.2.4 Changelog: https://github.com/kyoheiu/felix/blob/v2.2.4/CHANGELOG.md --- pkgs/applications/file-managers/felix-fm/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/file-managers/felix-fm/default.nix b/pkgs/applications/file-managers/felix-fm/default.nix index 3a20726b9b42..f299d9fe3fa1 100644 --- a/pkgs/applications/file-managers/felix-fm/default.nix +++ b/pkgs/applications/file-managers/felix-fm/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "felix"; - version = "2.2.3"; + version = "2.2.4"; src = fetchFromGitHub { owner = "kyoheiu"; repo = pname; rev = "v${version}"; - sha256 = "sha256-VQTZj2BCdV2TnXrYRaJqrf9sR35zsojmeoe7t+I3kyQ="; + sha256 = "sha256-KuEuWZSxh04NefkkJBYClnKs+UP7VwlyPElACjNZ5k8="; }; - cargoSha256 = "sha256-jH2BaPiGanBOlOU7JQZ0c0ObCaVURpjvmx2m92Fbdm4="; + cargoSha256 = "sha256-jYDe/3PDGCweNgHb+8i9az7J7BATlRjd3yha0nOc/gc="; nativeBuildInputs = [ pkg-config ]; From fc7f9a1039648f064aa33705266c5a7d638e2615 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 31 Jan 2023 21:04:03 +0000 Subject: [PATCH 21/23] home-assistant.intents: 2023.1.25 -> 2023.1.31 Diff: https://github.com/home-assistant/intents/compare/refs/tags/2023.1.25...2023.1.31 --- pkgs/servers/home-assistant/intents.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/home-assistant/intents.nix b/pkgs/servers/home-assistant/intents.nix index d7ed384e8d53..97c6b8bd23e2 100644 --- a/pkgs/servers/home-assistant/intents.nix +++ b/pkgs/servers/home-assistant/intents.nix @@ -19,7 +19,7 @@ buildPythonPackage rec { pname = "home-assistant-intents"; - version = "2023.1.25"; + version = "2023.1.31"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -28,7 +28,7 @@ buildPythonPackage rec { owner = "home-assistant"; repo = "intents"; rev = "refs/tags/${version}"; - hash = "sha256-nMEcN2b0XHF4yRRsHKMplxqcMLl+gJcPAdvwnySN+ug="; + hash = "sha256-buq/SLXDFP0xvIb2yGiHQzuL7HKvc7bxxdkhq4KHpvM="; }; sourceRoot = "source/package"; From 48c973b2e470dee4c3b7738ff5434711afaa3d00 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 1 Feb 2023 06:50:42 +1000 Subject: [PATCH 22/23] clusterctl: 1.3.2 -> 1.3.3 https://github.com/kubernetes-sigs/cluster-api/releases/tag/v1.3.3 --- pkgs/applications/networking/cluster/clusterctl/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/clusterctl/default.nix b/pkgs/applications/networking/cluster/clusterctl/default.nix index fb755ac67937..69862bd51559 100644 --- a/pkgs/applications/networking/cluster/clusterctl/default.nix +++ b/pkgs/applications/networking/cluster/clusterctl/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "clusterctl"; - version = "1.3.2"; + version = "1.3.3"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = "cluster-api"; rev = "v${version}"; - sha256 = "sha256-NmTMpTaekUTSMnIFn5e1DnuHehJLM5YToY+QK0hnvXk="; + hash = "sha256-O/InVEWSqdcfqchVMYetZ3RCOxgEjQ9XvnKpOIjV2zE="; }; - vendorSha256 = "sha256-0C3tQgmu7YQgHyXh8lIYTrLFksCvFQp0uvIhQRuqbYM="; + vendorHash = "sha256-0C3tQgmu7YQgHyXh8lIYTrLFksCvFQp0uvIhQRuqbYM="; subPackages = [ "cmd/clusterctl" ]; From 26aadca7c61d5a9a49ee1e6f1c705516e21bc06d Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 31 Jan 2023 23:34:28 +0100 Subject: [PATCH 23/23] chromiumBeta: Fix the patch phase Upstream dropped use_system_libwayland and related build arguments [0]. The deprecation is tracked in [1]. As a result, we must now build with third_party/wayland instead of wayland from the system (or complex patches would be required). This fixes [2]. [0]: https://source.chromium.org/chromium/chromium/src/+/1c3c8db518f78cb2d08a3990e5280e324c4a6e99 [1]: https://bugs.chromium.org/p/chromium/issues/detail?id=1385736 [2]: https://github.com/NixOS/nixpkgs/issues/213862#issuecomment-1411153401 --- pkgs/applications/networking/browsers/chromium/common.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 413db2cf985c..aea178a3afc5 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -258,8 +258,6 @@ let host_toolchain = "//build/toolchain/linux/unbundle:default"; # Don't build against a sysroot image downloaded from Cloud Storage: use_sysroot = false; - # The default value is hardcoded instead of using pkg-config: - system_wayland_scanner_path = "${wayland.bin}/bin/wayland-scanner"; # Because we use a different toolchain / compiler version: treat_warnings_as_errors = false; # We aren't compiling with Chrome's Clang (would enable Chrome-specific @@ -293,11 +291,14 @@ let chrome_pgo_phase = 0; clang_base_path = "${llvmPackages.clang}"; use_qt = false; + } // lib.optionalAttrs (!chromiumVersionAtLeast "110") { # The default has changed to false. We'll build with libwayland from # Nixpkgs for now but might want to eventually use the bundled libwayland # as well to avoid incompatibilities (if this continues to be a problem # from time to time): use_system_libwayland = true; + # The default value is hardcoded instead of using pkg-config: + system_wayland_scanner_path = "${wayland.bin}/bin/wayland-scanner"; } // lib.optionalAttrs proprietaryCodecs { # enable support for the H.264 codec proprietary_codecs = true;