From f8f0db26fc897ca06bb9d13dead476983e50a6f9 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 7 Dec 2020 09:04:55 +0000 Subject: [PATCH 01/32] python37Packages.uproot{,3}-methods: 0.9.1 -> 0.10.0 --- .../python-modules/uproot-methods/default.nix | 28 ----------------- .../uproot3-methods/default.nix | 30 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 +- 3 files changed, 31 insertions(+), 29 deletions(-) delete mode 100644 pkgs/development/python-modules/uproot-methods/default.nix create mode 100644 pkgs/development/python-modules/uproot3-methods/default.nix diff --git a/pkgs/development/python-modules/uproot-methods/default.nix b/pkgs/development/python-modules/uproot-methods/default.nix deleted file mode 100644 index 3c268ed7ed4f..000000000000 --- a/pkgs/development/python-modules/uproot-methods/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ stdenv -, buildPythonPackage -, fetchPypi -, numpy -, awkward -}: - -buildPythonPackage rec { - version = "0.9.1"; - pname = "uproot-methods"; - - src = fetchPypi { - inherit pname version; - sha256 = "accb4392c59a1485ce3ee6d78a6fd163731ade8b9b5208e7bde8fa1767aef097"; - }; - - propagatedBuildInputs = [ numpy awkward ]; - - # No tests on PyPi - doCheck = false; - - meta = with stdenv.lib; { - homepage = "https://github.com/scikit-hep/uproot-methods"; - description = "Pythonic mix-ins for ROOT classes"; - license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; - }; -} diff --git a/pkgs/development/python-modules/uproot3-methods/default.nix b/pkgs/development/python-modules/uproot3-methods/default.nix new file mode 100644 index 000000000000..3a9457a574ba --- /dev/null +++ b/pkgs/development/python-modules/uproot3-methods/default.nix @@ -0,0 +1,30 @@ +{ stdenv +, buildPythonPackage +, fetchPypi +, numpy +, awkward0 +}: + +buildPythonPackage rec { + version = "0.10.0"; + pname = "uproot3-methods"; + + src = fetchPypi { + inherit pname version; + sha256 = "1rk9i1ra3panli96ghz80ddpqk77xb1kpxs3wf8rw0jy5d88pc26"; + }; + + nativeBuildInputs = [ awkward0 ]; + + propagatedBuildInputs = [ numpy awkward0 ]; + + # No tests on PyPi + doCheck = false; + + meta = with stdenv.lib; { + homepage = "https://github.com/scikit-hep/uproot3-methods"; + description = "Pythonic mix-ins for ROOT classes"; + license = licenses.bsd3; + maintainers = with maintainers; [ costrouc SuperSandro2000 ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 93f09234a459..61b12ebb4267 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7580,7 +7580,7 @@ in { uproot = callPackage ../development/python-modules/uproot { }; - uproot-methods = callPackage ../development/python-modules/uproot-methods { }; + uproot3-methods = callPackage ../development/python-modules/uproot3-methods { }; uptime = callPackage ../development/python-modules/uptime { }; From 7e9c3ff8bae88eb1e3ce3d6989a9c443bf969088 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 7 Dec 2020 14:03:15 +0100 Subject: [PATCH 02/32] pythonPackages.awkward{,0}: 0.14.0 -> 0.15.1 --- .../python-modules/awkward/default.nix | 34 ---------------- .../python-modules/awkward0/default.nix | 39 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 +- 3 files changed, 40 insertions(+), 35 deletions(-) delete mode 100644 pkgs/development/python-modules/awkward/default.nix create mode 100644 pkgs/development/python-modules/awkward0/default.nix diff --git a/pkgs/development/python-modules/awkward/default.nix b/pkgs/development/python-modules/awkward/default.nix deleted file mode 100644 index 6a919c768c70..000000000000 --- a/pkgs/development/python-modules/awkward/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, numpy -, pandas -, pytestrunner -, pytest -, h5py -}: - -buildPythonPackage rec { - pname = "awkward"; - version = "0.14.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "6a3878f46e8bc2acf28a0b9feb69d354ad2fee2a2a0f65c48c115aa74f245204"; - }; - - nativeBuildInputs = [ pytestrunner ]; - checkInputs = [ pandas pytest h5py ]; - propagatedBuildInputs = [ numpy ]; - - checkPhase = '' - py.test - ''; - - meta = with lib; { - description = "Manipulate jagged, chunky, and/or bitmasked arrays as easily as Numpy"; - homepage = "https://github.com/scikit-hep/awkward-array"; - license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; - }; -} diff --git a/pkgs/development/python-modules/awkward0/default.nix b/pkgs/development/python-modules/awkward0/default.nix new file mode 100644 index 000000000000..4441d131e637 --- /dev/null +++ b/pkgs/development/python-modules/awkward0/default.nix @@ -0,0 +1,39 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, numpy +, pandas +, pytestrunner +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "awkward0"; + version = "0.15.1"; + + src = fetchFromGitHub { + owner = "scikit-hep"; + repo = "awkward-0.x"; + rev = version; + sha256 = "17zrw25h6g5m4ik1c5piqb7q2bxrshfm4hm3lzfz4s8gi0xjm5gz"; + }; + + nativeBuildInputs = [ pytestrunner ]; + + propagatedBuildInputs = [ numpy ]; + + checkInputs = [ pandas pytestCheckHook ]; + + checkPhase = '' + # Almost all tests in this file fail + rm tests/test_persist.py + py.test + ''; + + meta = with lib; { + description = "Manipulate jagged, chunky, and/or bitmasked arrays as easily as Numpy"; + homepage = "https://github.com/scikit-hep/awkward-array"; + license = licenses.bsd3; + maintainers = with maintainers; [ costrouc SuperSandro2000 ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 61b12ebb4267..d965529fa71a 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -504,7 +504,7 @@ in { awesome-slugify = callPackage ../development/python-modules/awesome-slugify { }; - awkward = callPackage ../development/python-modules/awkward { }; + awkward0 = callPackage ../development/python-modules/awkward0 { }; awkward1 = callPackage ../development/python-modules/awkward1 { }; aws-adfs = callPackage ../development/python-modules/aws-adfs { }; From 9bd0caf66b9e807bd82836a56e89a45ba101ba67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 7 Dec 2020 14:04:28 +0100 Subject: [PATCH 03/32] pythonPackages.uproot{,3}: 3.13.1 -> 3.14.1 --- .../python-modules/uproot/default.nix | 59 ------------------- .../python-modules/uproot3/default.nix | 44 ++++++++++++++ pkgs/top-level/python-packages.nix | 2 +- 3 files changed, 45 insertions(+), 60 deletions(-) delete mode 100644 pkgs/development/python-modules/uproot/default.nix create mode 100644 pkgs/development/python-modules/uproot3/default.nix diff --git a/pkgs/development/python-modules/uproot/default.nix b/pkgs/development/python-modules/uproot/default.nix deleted file mode 100644 index eadd6c36de1a..000000000000 --- a/pkgs/development/python-modules/uproot/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib, fetchPypi, buildPythonPackage, isPy27 -, awkward -, backports_lzma -, cachetools -, lz4 -, pandas -, pytestrunner -, pytest -, pkgconfig -, mock -, numpy -, requests -, uproot-methods -, xxhash -}: - -buildPythonPackage rec { - pname = "uproot"; - version = "3.13.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "099b0b274dc000faf724df835579c76306e60200a5ba7b600a0c4b76dabbf344"; - }; - - nativeBuildInputs = [ pytestrunner ]; - - checkInputs = [ - lz4 - mock - pandas - pkgconfig - pytest - requests - xxhash - ] ++ lib.optional isPy27 backports_lzma; - - propagatedBuildInputs = [ - numpy - cachetools - uproot-methods - awkward - ]; - - # skip tests which do network calls - # test_compression.py is missing zstandard package - checkPhase = '' - pytest tests -k 'not hist_in_tree \ - and not branch_auto_interpretation' \ - --ignore=tests/test_compression.py - ''; - - meta = with lib; { - homepage = "https://github.com/scikit-hep/uproot"; - description = "ROOT I/O in pure Python and Numpy"; - license = licenses.bsd3; - maintainers = with maintainers; [ ktf ]; - }; -} diff --git a/pkgs/development/python-modules/uproot3/default.nix b/pkgs/development/python-modules/uproot3/default.nix new file mode 100644 index 000000000000..0d0c2365b637 --- /dev/null +++ b/pkgs/development/python-modules/uproot3/default.nix @@ -0,0 +1,44 @@ +{ lib, fetchFromGitHub, buildPythonPackage, isPy27 +, awkward0, backports_lzma, cachetools, lz4, pandas +, pytestCheckHook, pytestrunner, pkgconfig, mock +, numpy, requests, uproot3-methods, xxhash, zstandard +}: + +buildPythonPackage rec { + pname = "uproot3"; + version = "3.14.1"; + + src = fetchFromGitHub { + owner = "scikit-hep"; + repo = "uproot3"; + rev = version; + sha256 = "1npwh4l96wg3m24jhfc8i84nfwfc18flrmymf80fx101wmpi2qz8"; + }; + + nativeBuildInputs = [ pytestrunner ]; + + propagatedBuildInputs = [ + awkward0 + cachetools + lz4 + numpy + uproot3-methods + xxhash + zstandard + ] ++ lib.optional isPy27 backports_lzma; + + checkInputs = [ + mock + pandas + pkgconfig + pytestCheckHook + requests + ] ++ lib.optional isPy27 backports_lzma; + + meta = with lib; { + homepage = "https://github.com/scikit-hep/uproot3"; + description = "ROOT I/O in pure Python and Numpy"; + license = licenses.bsd3; + maintainers = with maintainers; [ ktf SuperSandro2000 ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index d965529fa71a..5ccf4eaadaa3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -7578,7 +7578,7 @@ in { update-dotdee = callPackage ../development/python-modules/update-dotdee { }; - uproot = callPackage ../development/python-modules/uproot { }; + uproot3 = callPackage ../development/python-modules/uproot3 { }; uproot3-methods = callPackage ../development/python-modules/uproot3-methods { }; From 2722142fbe1e82e8c91ab94b54877b09472a5326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 7 Dec 2020 14:16:35 +0100 Subject: [PATCH 04/32] pythonPackages.pyrsistent: Disable on Python 2 --- pkgs/development/python-modules/pyrsistent/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/python-modules/pyrsistent/default.nix b/pkgs/development/python-modules/pyrsistent/default.nix index a343db4f5540..7da3239f3e74 100644 --- a/pkgs/development/python-modules/pyrsistent/default.nix +++ b/pkgs/development/python-modules/pyrsistent/default.nix @@ -1,6 +1,7 @@ { stdenv , buildPythonPackage , fetchPypi +, isPy27 , six , pytest_4 , hypothesis_4 @@ -11,6 +12,8 @@ buildPythonPackage rec { pname = "pyrsistent"; version = "0.17.3"; + disabled = isPy27; + src = fetchPypi { inherit pname version; sha256 = "2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e"; From 2b6b43447784cff29d639ae5f9a86bf768cffe52 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 9 Dec 2020 19:13:26 +0100 Subject: [PATCH 05/32] ungoogled-chromium: Merge back into chromium I used nix-instantiate to verify that the derivations for chromium and ungoogled-chromium remain unchanged (only the meta attributes change slightly as I added myself as ungoogled-chromium to receive notifications for PRs/issues). --- .../networking/browsers/chromium/browser.nix | 13 +- .../networking/browsers/chromium/common.nix | 28 ++ .../networking/browsers/chromium/default.nix | 10 +- .../ungoogled-src.nix | 0 .../ungoogled.nix | 1 + .../browsers/ungoogled-chromium/browser.nix | 86 ----- .../browsers/ungoogled-chromium/common.nix | 345 ------------------ .../browsers/ungoogled-chromium/default.nix | 214 ----------- .../patches/no-build-timestamps.patch | 17 - .../patches/widevine-79.patch | 13 - .../browsers/ungoogled-chromium/plugins.nix | 92 ----- .../browsers/ungoogled-chromium/update.py | 121 ------ .../ungoogled-chromium/upstream-info.json | 46 --- pkgs/top-level/all-packages.nix | 4 +- 14 files changed, 48 insertions(+), 942 deletions(-) rename pkgs/applications/networking/browsers/{ungoogled-chromium => chromium}/ungoogled-src.nix (100%) rename pkgs/applications/networking/browsers/{ungoogled-chromium => chromium}/ungoogled.nix (99%) delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/common.nix delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/default.nix delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix delete mode 100755 pkgs/applications/networking/browsers/ungoogled-chromium/update.py delete mode 100644 pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index d3953da71d28..eab88297e68d 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -1,4 +1,4 @@ -{ stdenv, mkChromiumDerivation, channel, enableWideVine }: +{ stdenv, mkChromiumDerivation, channel, enableWideVine, ungoogled }: with stdenv.lib; @@ -69,15 +69,20 @@ mkChromiumDerivation (base: rec { requiredSystemFeatures = [ "big-parallel" ]; meta = { - description = "An open source web browser from Google"; + description = "An open source web browser from Google" + + optionalString ungoogled ", with dependencies on Google web services removed"; longDescription = '' Chromium is an open source web browser from Google that aims to build a safer, faster, and more stable way for all Internet users to experience the web. It has a minimalist user interface and provides the vast majority of source code for Google Chrome (which has some additional features). ''; - homepage = "https://www.chromium.org/"; - maintainers = with maintainers; [ primeos thefloweringash bendlas ]; # See README.md + homepage = if ungoogled + then "https://github.com/Eloston/ungoogled-chromium" + else "https://www.chromium.org/"; + maintainers = with maintainers; if ungoogled + then [ squalus primeos ] + else [ primeos thefloweringash bendlas ]; license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 0c16d0c9ec60..c396e5996de7 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -31,6 +31,7 @@ , proprietaryCodecs ? true , cupsSupport ? true , pulseSupport ? false, libpulseaudio ? null +, ungoogled ? false, ungoogled-chromium , channel , upstream-info @@ -109,6 +110,11 @@ let result else result; + ungoogler = + let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; + in ungoogled-chromium { + inherit (versionEntry) rev sha256; + }; base = rec { name = "${packageName}-unwrapped-${version}"; inherit (upstream-info) version; @@ -208,6 +214,10 @@ let '' + optionalString stdenv.isAarch64 '' substituteInPlace build/toolchain/linux/BUILD.gn \ --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' + '' + optionalString ungoogled '' + ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" + ${ungoogler}/utils/patches.py . ${ungoogler}/patches + ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . ''; gnFlags = mkGnFlags ({ @@ -260,6 +270,24 @@ let use_system_minigbm = true; use_system_libdrm = true; system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; + } // optionalAttrs ungoogled { + chrome_pgo_phase = 0; + enable_hangout_services_extension = false; + enable_js_type_check = false; + enable_mdns = false; + enable_nacl_nonsfi = false; + enable_one_click_signin = false; + enable_reading_list = false; + enable_remoting = false; + enable_reporting = false; + enable_service_discovery = false; + exclude_unwind_tables = true; + google_api_key = ""; + google_default_client_id = ""; + google_default_client_secret = ""; + safe_browsing_mode = 0; + use_official_google_api_keys = false; + use_unofficial_version_number = false; } // (extraAttrs.gnFlags or {})); configurePhase = '' diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index e35e4d945dde..adf967251f29 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -15,6 +15,7 @@ , enablePepperFlash ? false , enableWideVine ? false , enableVaapi ? false # Disabled by default due to unofficial support +, ungoogled ? false # Whether to build chromium or ungoogled-chromium , cupsSupport ? true , pulseSupport ? config.pulseaudio or stdenv.isLinux , commandLineArgs ? "" @@ -33,7 +34,7 @@ let mkChromiumDerivation = callPackage ./common.nix ({ inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs - cupsSupport pulseSupport; + cupsSupport pulseSupport ungoogled; gnChromium = gn.overrideAttrs (oldAttrs: { inherit (upstream-info.deps.gn) version; src = fetchgit { @@ -42,11 +43,13 @@ let }); }); - browser = callPackage ./browser.nix { inherit channel enableWideVine; }; + browser = callPackage ./browser.nix { inherit channel enableWideVine ungoogled; }; plugins = callPackage ./plugins.nix { inherit enablePepperFlash; }; + + ungoogled-chromium = callPackage ./ungoogled.nix {}; }; pkgSuffix = if channel == "dev" then "unstable" else channel; @@ -133,7 +136,8 @@ let else browser; in stdenv.mkDerivation { - name = "chromium${suffix}-${version}"; + name = lib.optionalString ungoogled "ungoogled-" + + "chromium${suffix}-${version}"; inherit version; buildInputs = [ diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix b/pkgs/applications/networking/browsers/chromium/ungoogled-src.nix similarity index 100% rename from pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix rename to pkgs/applications/networking/browsers/chromium/ungoogled-src.nix diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix b/pkgs/applications/networking/browsers/chromium/ungoogled.nix similarity index 99% rename from pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix rename to pkgs/applications/networking/browsers/chromium/ungoogled.nix index 17418c90af49..299b19f2f4f6 100644 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled.nix +++ b/pkgs/applications/networking/browsers/chromium/ungoogled.nix @@ -4,6 +4,7 @@ , makeWrapper , patch }: + { rev , sha256 }: diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix deleted file mode 100644 index c23a8cead3a7..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, mkChromiumDerivation, channel, enableWideVine }: - -with stdenv.lib; - -mkChromiumDerivation (base: rec { - name = "chromium-browser"; - packageName = "chromium"; - buildTargets = [ "mksnapshot" "chrome_sandbox" "chrome" ]; - - outputs = ["out" "sandbox"]; - - sandboxExecutableName = "__chromium-suid-sandbox"; - - installPhase = '' - mkdir -p "$libExecPath" - cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/" - cp -v "$buildPath/icudtl.dat" "$libExecPath/" - cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/" - cp -v "$buildPath/chrome" "$libExecPath/$packageName" - - # Swiftshader - # See https://stackoverflow.com/a/4264351/263061 for the find invocation. - if [ -n "$(find "$buildPath/swiftshader/" -maxdepth 1 -name '*.so' -print -quit)" ]; then - echo "Swiftshader files found; installing" - mkdir -p "$libExecPath/swiftshader" - cp -v "$buildPath/swiftshader/"*.so "$libExecPath/swiftshader/" - else - echo "Swiftshader files not found" - fi - - mkdir -p "$sandbox/bin" - cp -v "$buildPath/chrome_sandbox" "$sandbox/bin/${sandboxExecutableName}" - - mkdir -vp "$out/share/man/man1" - cp -v "$buildPath/chrome.1" "$out/share/man/man1/$packageName.1" - - for icon_file in chrome/app/theme/chromium/product_logo_*[0-9].png; do - num_and_suffix="''${icon_file##*logo_}" - icon_size="''${num_and_suffix%.*}" - expr "$icon_size" : "^[0-9][0-9]*$" || continue - logo_output_prefix="$out/share/icons/hicolor" - logo_output_path="$logo_output_prefix/''${icon_size}x''${icon_size}/apps" - mkdir -vp "$logo_output_path" - cp -v "$icon_file" "$logo_output_path/$packageName.png" - done - - # Install Desktop Entry - install -D chrome/installer/linux/common/desktop.template \ - $out/share/applications/chromium-browser.desktop - - substituteInPlace $out/share/applications/chromium-browser.desktop \ - --replace "@@MENUNAME@@" "Chromium" \ - --replace "@@PACKAGE@@" "chromium" \ - --replace "Exec=/usr/bin/@@USR_BIN_SYMLINK_NAME@@" "Exec=chromium" - - # Append more mime types to the end - sed -i '/^MimeType=/ s,$,x-scheme-handler/webcal;x-scheme-handler/mailto;x-scheme-handler/about;x-scheme-handler/unknown,' \ - $out/share/applications/chromium-browser.desktop - - # See https://github.com/NixOS/nixpkgs/issues/12433 - sed -i \ - -e '/\[Desktop Entry\]/a\' \ - -e 'StartupWMClass=chromium-browser' \ - $out/share/applications/chromium-browser.desktop - ''; - - passthru = { inherit sandboxExecutableName; }; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = "An open source web browser from Google, with dependencies on Google web services removed"; - longDescription = '' - Chromium is an open source web browser from Google that aims to build a - safer, faster, and more stable way for all Internet users to experience - the web. It has a minimalist user interface and provides the vast majority - of source code for Google Chrome (which has some additional features). - ''; - homepage = "https://github.com/Eloston/ungoogled-chromium"; - maintainers = with maintainers; [ squalus ]; - license = if enableWideVine then licenses.unfree else licenses.bsd3; - platforms = platforms.linux; - hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; - timeout = 172800; # 48 hours (increased from the Hydra default of 10h) - }; -}) diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix deleted file mode 100644 index 17814c26caa4..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/common.nix +++ /dev/null @@ -1,345 +0,0 @@ -{ stdenv, lib, llvmPackages, gnChromium, ninja, which, nodejs, fetchpatch, fetchurl - -# default dependencies -, gnutar, bzip2, flac, speex, libopus -, libevent, expat, libjpeg, snappy -, libpng, libcap -, xdg_utils, yasm, nasm, minizip, libwebp -, libusb1, pciutils, nss, re2 - -, python2Packages, perl, pkgconfig -, nspr, systemd, kerberos -, util-linux, alsaLib -, bison, gperf -, glib, gtk3, dbus-glib -, glibc -, libXScrnSaver, libXcursor, libXtst, libGLU, libGL -, protobuf, speechd, libXdamage, cups -, ffmpeg, libxslt, libxml2, at-spi2-core -, jre8 -, pipewire_0_2 -, libva - -# optional dependencies -, libgcrypt ? null # gnomeSupport || cupsSupport -, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone - -# package customization -, useOzone ? true -, gnomeSupport ? false, gnome ? null -, gnomeKeyringSupport ? false, libgnome-keyring3 ? null -, proprietaryCodecs ? true -, cupsSupport ? true -, pulseSupport ? false, libpulseaudio ? null -, ungoogled-chromium -, ungoogled ? false - -, channel -, upstream-info -}: - -buildFun: - -with stdenv.lib; - -let - jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 - - # The additional attributes for creating derivations based on the chromium - # source tree. - extraAttrs = buildFun base; - - githubPatch = commit: sha256: fetchpatch { - url = "https://github.com/chromium/chromium/commit/${commit}.patch"; - inherit sha256; - }; - - mkGnFlags = - let - # Serialize Nix types into GN types according to this document: - # https://source.chromium.org/gn/gn/+/master:docs/language.md - mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\""; - sanitize = value: - if value == true then "true" - else if value == false then "false" - else if isList value then "[${concatMapStringsSep ", " sanitize value}]" - else if isInt value then toString value - else if isString value then mkGnString value - else throw "Unsupported type for GN value `${value}'."; - toFlag = key: value: "${key}=${sanitize value}"; - in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs)); - - # https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py - gnSystemLibraries = [ - "ffmpeg" - "flac" - "libjpeg" - "libpng" - "libwebp" - "libxslt" - "opus" - "snappy" - "zlib" - ]; - - opusWithCustomModes = libopus.override { - withCustomModes = true; - }; - - defaultDependencies = [ - bzip2 flac speex opusWithCustomModes - libevent expat libjpeg snappy - libpng libcap - xdg_utils minizip libwebp - libusb1 re2 - ffmpeg libxslt libxml2 - nasm - ]; - - # build paths and release info - packageName = extraAttrs.packageName or extraAttrs.name; - buildType = "Release"; - buildPath = "out/${buildType}"; - libExecPath = "$out/libexec/${packageName}"; - - versionRange = min-version: upto-version: - let inherit (upstream-info) version; - result = versionAtLeast version min-version && versionOlder version upto-version; - stable-version = (importJSON ./upstream-info.json).stable.version; - in if versionAtLeast stable-version upto-version - then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it." - result - else result; - - ungoogler = - let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; - in ungoogled-chromium { - inherit (versionEntry) rev sha256; - }; - base = rec { - name = "${packageName}-unwrapped-${version}"; - inherit (upstream-info) version; - inherit channel packageName buildType buildPath; - - src = fetchurl { - url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; - inherit (upstream-info) sha256; - }; - - nativeBuildInputs = [ - llvmPackages.lldClang.bintools - ninja which python2Packages.python perl pkgconfig - python2Packages.ply python2Packages.jinja2 nodejs - gnutar python2Packages.setuptools - ]; - - buildInputs = defaultDependencies ++ [ - nspr nss systemd - util-linux alsaLib - bison gperf kerberos - glib gtk3 dbus-glib - libXScrnSaver libXcursor libXtst libGLU libGL - pciutils protobuf speechd libXdamage at-spi2-core - jre - pipewire_0_2 - libva - ] ++ optional gnomeKeyringSupport libgnome-keyring3 - ++ optionals gnomeSupport [ gnome.GConf libgcrypt ] - ++ optionals cupsSupport [ libgcrypt cups ] - ++ optional pulseSupport libpulseaudio - ++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ]; - - patches = [ - ./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed) - ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags - # ++ optional (versionRange "68" "72") ( githubPatch "" "0000000000000000000000000000000000000000000000000000000000000000" ) - ]; - - postPatch = '' - # remove unused third-party - for lib in ${toString gnSystemLibraries}; do - if [ -d "third_party/$lib" ]; then - find "third_party/$lib" -type f \ - \! -path "third_party/$lib/chromium/*" \ - \! -path "third_party/$lib/google/*" \ - \! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \ - \! -regex '.*\.\(gn\|gni\|isolate\)' \ - -delete - fi - done - - # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): - substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" - if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then - substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ - --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" - fi - - # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX - substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ - --replace \ - 'return sandbox_binary;' \ - 'return base::FilePath(GetDevelSandboxPath());' - - substituteInPlace services/audio/audio_sandbox_hook_linux.cc \ - --replace \ - '/usr/share/alsa/' \ - '${alsaLib}/share/alsa/' \ - --replace \ - '/usr/lib/x86_64-linux-gnu/gconv/' \ - '${glibc}/lib/gconv/' \ - --replace \ - '/usr/share/locale/' \ - '${glibc}/share/locale/' - - sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \ - chrome/browser/shell_integration_linux.cc - - sed -i -e '/lib_loader.*Load/s!"\(libudev\.so\)!"${lib.getLib systemd}/lib/\1!' \ - device/udev_linux/udev?_loader.cc - - sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \ - gpu/config/gpu_info_collector_linux.cc - - # Allow to put extensions into the system-path. - sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc - - patchShebangs . - # use our own nodejs - mkdir -p third_party/node/linux/node-linux-x64/bin - ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node - - # Allow building against system libraries in official builds - sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py - - '' + optionalString stdenv.isAarch64 '' - substituteInPlace build/toolchain/linux/BUILD.gn \ - --replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' - '' + optionalString ungoogled '' - ${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors" - ${ungoogler}/utils/patches.py . ${ungoogler}/patches - ${ungoogler}/utils/domain_substitution.py apply -r ${ungoogler}/domain_regex.list -f ${ungoogler}/domain_substitution.list -c ./ungoogled-domsubcache.tar.gz . - ''; - - gnFlags = mkGnFlags ({ - custom_toolchain = "//build/toolchain/linux/unbundle:default"; - host_toolchain = "//build/toolchain/linux/unbundle:default"; - is_official_build = true; - - use_vaapi = !stdenv.isAarch64; # TODO: Remove once M88 is released - use_sysroot = false; - use_gnome_keyring = gnomeKeyringSupport; - use_gio = gnomeSupport; - # ninja: error: '../../native_client/toolchain/linux_x86/pnacl_newlib/bin/x86_64-nacl-objcopy', - # needed by 'nacl_irt_x86_64.nexe', missing and no known rule to make it - enable_nacl = false; - # Enabling the Widevine component here doesn't affect whether we can - # redistribute the chromium package; the Widevine component is either - # added later in the wrapped -wv build or downloaded from Google. - enable_widevine = true; - use_cups = cupsSupport; - # Provides the enable-webrtc-pipewire-capturer flag to support Wayland screen capture. - rtc_use_pipewire = true; - - treat_warnings_as_errors = false; - clang_use_chrome_plugins = false; - blink_symbol_level = 0; - symbol_level = 0; - fieldtrial_testing_like_official_build = true; - - # Google API keys, see: - # http://www.chromium.org/developers/how-tos/api-keys - # Note: These are for NixOS/nixpkgs use ONLY. For your own distribution, - # please get your own set of keys. - google_api_key = "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI"; - google_default_client_id = "404761575300.apps.googleusercontent.com"; - google_default_client_secret = "9rIFQjfnkykEmqb6FfjJQD1D"; - } // optionalAttrs proprietaryCodecs { - # enable support for the H.264 codec - proprietary_codecs = true; - enable_hangout_services_extension = true; - ffmpeg_branding = "Chrome"; - } // optionalAttrs pulseSupport { - use_pulseaudio = true; - link_pulseaudio = true; - } // optionalAttrs useOzone { - use_ozone = true; - use_xkbcommon = true; - use_glib = true; - use_gtk = true; - use_system_libwayland = true; - use_system_minigbm = true; - use_system_libdrm = true; - system_wayland_scanner_path = "${wayland}/bin/wayland-scanner"; - } // optionalAttrs ungoogled { - chrome_pgo_phase = 0; - enable_hangout_services_extension = false; - enable_js_type_check = false; - enable_mdns = false; - enable_nacl_nonsfi = false; - enable_one_click_signin = false; - enable_reading_list = false; - enable_remoting = false; - enable_reporting = false; - enable_service_discovery = false; - exclude_unwind_tables = true; - google_api_key = ""; - google_default_client_id = ""; - google_default_client_secret = ""; - safe_browsing_mode = 0; - use_official_google_api_keys = false; - use_unofficial_version_number = false; - } // (extraAttrs.gnFlags or {})); - - configurePhase = '' - runHook preConfigure - - # This is to ensure expansion of $out. - libExecPath="${libExecPath}" - python build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries} - ${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt - - # Fail if `gn gen` contains a WARNING. - grep -o WARNING gn-gen-outputs.txt && echo "Found gn WARNING, exiting nix build" && exit 1 - - runHook postConfigure - ''; - - # Don't spam warnings about unknown warning options. This is useful because - # our Clang is always older than Chromium's and the build logs have a size - # of approx. 25 MB without this option (and this saves e.g. 66 %). - NIX_CFLAGS_COMPILE = "-Wno-unknown-warning-option"; - - buildPhase = let - buildCommand = target: '' - ninja -C "${buildPath}" -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES "${target}" - ( - source chrome/installer/linux/common/installer.include - PACKAGE=$packageName - MENUNAME="Chromium" - process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1" - ) - ''; - targets = extraAttrs.buildTargets or []; - commands = map buildCommand targets; - in concatStringsSep "\n" commands; - - postFixup = '' - # Make sure that libGLESv2 is found by dlopen (if using EGL). - chromiumBinary="$libExecPath/$packageName" - origRpath="$(patchelf --print-rpath "$chromiumBinary")" - patchelf --set-rpath "${libGL}/lib:$origRpath" "$chromiumBinary" - ''; - - passthru = { - updateScript = ./update.py; - chromiumDeps = { - gn = gnChromium; - }; - }; - }; - -# Remove some extraAttrs we supplied to the base attributes already. -in stdenv.mkDerivation (base // removeAttrs extraAttrs [ - "name" "gnFlags" "buildTargets" -] // { passthru = base.passthru // (extraAttrs.passthru or {}); }) diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix deleted file mode 100644 index b75d271ace55..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/default.nix +++ /dev/null @@ -1,214 +0,0 @@ -{ newScope, config, stdenv, fetchurl, makeWrapper -, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils -, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit -, libva ? null -, pipewire_0_2 -, gcc, nspr, nss, runCommand -, lib - -# package customization -# Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) -, channel ? "stable" -, gnomeSupport ? false, gnome ? null -, gnomeKeyringSupport ? false -, proprietaryCodecs ? true -, enablePepperFlash ? false -, enableWideVine ? false -, enableVaapi ? false # Disabled by default due to unofficial support -, ungoogled ? true -, cupsSupport ? true -, pulseSupport ? config.pulseaudio or stdenv.isLinux -, commandLineArgs ? "" -}: - -let - llvmPackages = llvmPackages_11; - stdenv = llvmPackages.stdenv; - - callPackage = newScope chromium; - - chromium = rec { - inherit stdenv llvmPackages; - - upstream-info = (lib.importJSON ./upstream-info.json).${channel}; - - mkChromiumDerivation = callPackage ./common.nix ({ - inherit channel gnome gnomeSupport gnomeKeyringSupport proprietaryCodecs - cupsSupport pulseSupport; - inherit ungoogled; - gnChromium = gn.overrideAttrs (oldAttrs: { - inherit (upstream-info.deps.gn) version; - src = fetchgit { - inherit (upstream-info.deps.gn) url rev sha256; - }; - }); - }); - - browser = callPackage ./browser.nix { inherit channel enableWideVine; }; - - plugins = callPackage ./plugins.nix { - inherit enablePepperFlash; - }; - - ungoogled-chromium = callPackage ./ungoogled.nix {}; - }; - - pkgSuffix = if channel == "dev" then "unstable" else channel; - pkgName = "google-chrome-${pkgSuffix}"; - chromeSrc = fetchurl { - urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [ - "https://dl.google.com/linux/chrome/deb/pool/main/g" - "http://95.31.35.30/chrome/pool/main/g" - "http://mirror.pcbeta.com/google/chrome/deb/pool/main/g" - "http://repo.fdzh.org/chrome/deb/pool/main/g" - ]; - sha256 = chromium.upstream-info.sha256bin64; - }; - - mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}"; - widevineCdm = stdenv.mkDerivation { - name = "chrome-widevine-cdm"; - - src = chromeSrc; - - phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ]; - - unpackCmd = let - widevineCdmPath = - if channel == "stable" then - "./opt/google/chrome/WidevineCdm" - else if channel == "beta" then - "./opt/google/chrome-beta/WidevineCdm" - else if channel == "dev" then - "./opt/google/chrome-unstable/WidevineCdm" - else - throw "Unknown chromium channel."; - in '' - # Extract just WidevineCdm from upstream's .deb file - ar p "$src" data.tar.xz | tar xJ "${widevineCdmPath}" - - # Move things around so that we don't have to reference a particular - # chrome-* directory later. - mv "${widevineCdmPath}" ./ - - # unpackCmd wants a single output directory; let it take WidevineCdm/ - rm -rf opt - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - PATCH_RPATH = mkrpath [ gcc.cc glib nspr nss ]; - - patchPhase = '' - patchelf --set-rpath "$PATCH_RPATH" _platform_specific/linux_x64/libwidevinecdm.so - ''; - - installPhase = '' - mkdir -p $out/WidevineCdm - cp -a * $out/WidevineCdm/ - ''; - - meta = { - platforms = [ "x86_64-linux" ]; - license = lib.licenses.unfree; - }; - }; - - suffix = if channel != "stable" then "-" + channel else ""; - - sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; - - version = chromium.browser.version; - - # We want users to be able to enableWideVine without rebuilding all of - # chromium, so we have a separate derivation here that copies chromium - # and adds the unfree WidevineCdm. - chromiumWV = let browser = chromium.browser; in if enableWideVine then - runCommand (browser.name + "-wv") { version = browser.version; } - '' - mkdir -p $out - cp -a ${browser}/* $out/ - chmod u+w $out/libexec/chromium - cp -a ${widevineCdm}/WidevineCdm $out/libexec/chromium/ - '' - else browser; - -in stdenv.mkDerivation { - name = "ungoogled-chromium${suffix}-${version}"; - inherit version; - - buildInputs = [ - makeWrapper ed - - # needed for GSETTINGS_SCHEMAS_PATH - gsettings-desktop-schemas glib gtk3 - - # needed for XDG_ICON_DIRS - gnome3.adwaita-icon-theme - ]; - - outputs = ["out" "sandbox"]; - - buildCommand = let - browserBinary = "${chromiumWV}/libexec/chromium/chromium"; - getWrapperFlags = plugin: "$(< \"${plugin}/nix-support/wrapper-flags\")"; - libPath = stdenv.lib.makeLibraryPath [ libva pipewire_0_2 ]; - - in with stdenv.lib; '' - mkdir -p "$out/bin" - - eval makeWrapper "${browserBinary}" "$out/bin/chromium" \ - --add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \ - ${lib.optionalString enableVaapi "--add-flags --enable-accelerated-video-decode"} \ - ${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled} - - ed -v -s "$out/bin/chromium" << EOF - 2i - - if [ -x "/run/wrappers/bin/${sandboxExecutableName}" ] - then - export CHROME_DEVEL_SANDBOX="/run/wrappers/bin/${sandboxExecutableName}" - else - export CHROME_DEVEL_SANDBOX="$sandbox/bin/${sandboxExecutableName}" - fi - - '' + lib.optionalString (libPath != "") '' - # To avoid loading .so files from cwd, LD_LIBRARY_PATH here must not - # contain an empty section before or after a colon. - export LD_LIBRARY_PATH="\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}${libPath}" - '' + '' - - # libredirect causes chromium to deadlock on startup - export LD_PRELOAD="\$(echo -n "\$LD_PRELOAD" | ${coreutils}/bin/tr ':' '\n' | ${gnugrep}/bin/grep -v /lib/libredirect\\\\.so$ | ${coreutils}/bin/tr '\n' ':')" - - export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS - - # Mainly for xdg-open but also other xdg-* tools: - export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH" - - . - w - EOF - - ln -sv "${chromium.browser.sandbox}" "$sandbox" - - ln -s "$out/bin/chromium" "$out/bin/chromium-browser" - - mkdir -p "$out/share" - for f in '${chromium.browser}'/share/*; do # hello emacs */ - ln -s -t "$out/share/" "$f" - done - ''; - - inherit (chromium.browser) packageName; - meta = chromium.browser.meta; - passthru = { - inherit (chromium) upstream-info browser; - mkDerivation = chromium.mkChromiumDerivation; - inherit chromeSrc sandboxExecutableName; - updateScript = ./update.py; - }; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch b/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch deleted file mode 100644 index 6b788f43d29c..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/no-build-timestamps.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- chromium-70.0.3538.67/build/compute_build_timestamp.py.orig 2018-11-02 16:00:34.368933077 +0200 -+++ chromium-70.0.3538.67/build/compute_build_timestamp.py 2018-11-08 04:06:21.658105129 +0200 -@@ -94,6 +94,14 @@ - 'build_type', help='The type of build', choices=('official', 'default')) - args = argument_parser.parse_args() - -+ # I don't trust LASTCHANGE magic, and I definelly want something deterministic here -+ SOURCE_DATE_EPOCH = os.getenv("SOURCE_DATE_EPOCH", None) -+ if SOURCE_DATE_EPOCH is not None: -+ print(SOURCE_DATE_EPOCH) -+ return 0 -+ else: -+ raise RuntimeError("SOURCE_DATE_EPOCH not set") -+ - # The mtime of the revision in build/util/LASTCHANGE is stored in a file - # next to it. Read it, to get a deterministic time close to "now". - # That date is then modified as described at the top of the file so that diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch b/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch deleted file mode 100644 index 32f0ae2fb5e6..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/patches/widevine-79.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/third_party/widevine/cdm/BUILD.gn b/third_party/widevine/cdm/BUILD.gn -index ed0e2f5208b..5b431a030d5 100644 ---- a/third_party/widevine/cdm/BUILD.gn -+++ b/third_party/widevine/cdm/BUILD.gn -@@ -14,7 +14,7 @@ buildflag_header("buildflags") { - - flags = [ - "ENABLE_WIDEVINE=$enable_widevine", -- "BUNDLE_WIDEVINE_CDM=$bundle_widevine_cdm", -+ "BUNDLE_WIDEVINE_CDM=true", - "ENABLE_WIDEVINE_CDM_COMPONENT=$enable_widevine_cdm_component", - ] - } diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix b/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix deleted file mode 100644 index eef1c5ef38c2..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/plugins.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ stdenv, gcc -, jshon -, glib -, nspr -, nss -, fetchzip -, enablePepperFlash ? false - -, upstream-info -}: - -with stdenv.lib; - -let - mkrpath = p: "${makeSearchPathOutput "lib" "lib64" p}:${makeLibraryPath p}"; - - # Generate a shell fragment that emits flags appended to the - # final makeWrapper call for wrapping the browser's main binary. - # - # Note that this is shell-escaped so that only the variable specified - # by the "output" attribute is substituted. - mkPluginInfo = { output ? "out", allowedVars ? [ output ] - , flags ? [], envVars ? {} - }: let - shSearch = ["'"] ++ map (var: "@${var}@") allowedVars; - shReplace = ["'\\''"] ++ map (var: "'\"\${${var}}\"'") allowedVars; - # We need to triple-escape "val": - # * First because makeWrapper doesn't do any quoting of its arguments by - # itself. - # * Second because it's passed to the makeWrapper call separated by IFS but - # not by the _real_ arguments, for example the Widevine plugin flags - # contain spaces, so they would end up as separate arguments. - # * Third in order to be correctly quoted for the "echo" call below. - shEsc = val: "'${replaceStrings ["'"] ["'\\''"] val}'"; - mkSh = val: "'${replaceStrings shSearch shReplace (shEsc val)}'"; - mkFlag = flag: ["--add-flags" (shEsc flag)]; - mkEnvVar = key: val: ["--set" (shEsc key) (shEsc val)]; - envList = mapAttrsToList mkEnvVar envVars; - quoted = map mkSh (flatten ((map mkFlag flags) ++ envList)); - in '' - mkdir -p "''$${output}/nix-support" - echo ${toString quoted} > "''$${output}/nix-support/wrapper-flags" - ''; - - flash = stdenv.mkDerivation rec { - pname = "flashplayer-ppapi"; - version = "32.0.0.465"; - - src = fetchzip { - url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/${version}/flash_player_ppapi_linux.x86_64.tar.gz"; - sha256 = "16qbc2s8dg2rwggphf8f5665iccc6lrvgz45bdwskg9pwg87hlj1"; - stripRoot = false; - }; - - patchPhase = '' - chmod +x libpepflashplayer.so - patchelf --set-rpath "${mkrpath [ gcc.cc ]}" libpepflashplayer.so - ''; - - doCheck = true; - checkPhase = '' - ! find -iname '*.so' -exec ldd {} + | grep 'not found' - ''; - - installPhase = '' - flashVersion="$( - "${jshon}/bin/jshon" -F manifest.json -e version -u - )" - - install -vD libpepflashplayer.so "$out/lib/libpepflashplayer.so" - - ${mkPluginInfo { - allowedVars = [ "out" "flashVersion" ]; - flags = [ - "--ppapi-flash-path=@out@/lib/libpepflashplayer.so" - "--ppapi-flash-version=@flashVersion@" - ]; - }} - ''; - - dontStrip = true; - - meta = { - license = stdenv.lib.licenses.unfree; - maintainers = with stdenv.lib.maintainers; [ taku0 ]; - platforms = platforms.x86_64; - }; - }; - -in { - enabled = optional enablePepperFlash flash; -} diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/update.py b/pkgs/applications/networking/browsers/ungoogled-chromium/update.py deleted file mode 100755 index 9e1f0aec598d..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/update.py +++ /dev/null @@ -1,121 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python -p python3 nix nix-prefetch-git - -import csv -import json -import re -import subprocess -import sys - -from codecs import iterdecode -from collections import OrderedDict -from datetime import datetime -from os.path import abspath, dirname -from urllib.request import urlopen - -HISTORY_URL = 'https://omahaproxy.appspot.com/history?os=linux' -DEB_URL = 'https://dl.google.com/linux/chrome/deb/pool/main/g' -BUCKET_URL = 'https://commondatastorage.googleapis.com/chromium-browser-official' - -JSON_PATH = dirname(abspath(__file__)) + '/upstream-info.json' - -def load_json(path): - with open(path, 'r') as f: - return json.load(f) - -def nix_prefetch_url(url, algo='sha256'): - print(f'nix-prefetch-url {url}') - out = subprocess.check_output(['nix-prefetch-url', '--type', algo, url]) - return out.decode('utf-8').rstrip() - -def nix_prefetch_git(url, rev): - print(f'nix-prefetch-git {url} {rev}') - out = subprocess.check_output(['nix-prefetch-git', '--quiet', '--url', url, '--rev', rev]) - return json.loads(out) - -def get_file_revision(revision, file_path): - url = f'https://raw.githubusercontent.com/chromium/chromium/{revision}/{file_path}' - with urlopen(url) as http_response: - return http_response.read() - -def get_matching_chromedriver(version): - # See https://chromedriver.chromium.org/downloads/version-selection - build = re.sub('.[0-9]+$', '', version) - chromedriver_version_url = f'https://chromedriver.storage.googleapis.com/LATEST_RELEASE_{build}' - with urlopen(chromedriver_version_url) as http_response: - chromedriver_version = http_response.read().decode() - def get_chromedriver_url(system): - return f'https://chromedriver.storage.googleapis.com/{chromedriver_version}/chromedriver_{system}.zip' - return { - 'version': chromedriver_version, - 'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')), - 'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64')) - } - -def get_channel_dependencies(channel): - deps = get_file_revision(channel['version'], 'DEPS') - gn_pattern = b"'gn_version': 'git_revision:([0-9a-f]{40})'" - gn_commit = re.search(gn_pattern, deps).group(1).decode() - gn = nix_prefetch_git('https://gn.googlesource.com/gn', gn_commit) - return { - 'gn': { - 'version': datetime.fromisoformat(gn['date']).date().isoformat(), - 'url': gn['url'], - 'rev': gn['rev'], - 'sha256': gn['sha256'] - } - } - -channels = {} -last_channels = load_json(JSON_PATH) - -print(f'GET {HISTORY_URL}', file=sys.stderr) -with urlopen(HISTORY_URL) as resp: - builds = csv.DictReader(iterdecode(resp, 'utf-8')) - for build in builds: - channel_name = build['channel'] - - # If we've already found a newer build for this channel, we're - # no longer interested in it. - if channel_name in channels: - continue - - # If we're back at the last build we used, we don't need to - # keep going -- there's no new version available, and we can - # just reuse the info from last time. - if build['version'] == last_channels[channel_name]['version']: - channels[channel_name] = last_channels[channel_name] - continue - - channel = {'version': build['version']} - suffix = 'unstable' if channel_name == 'dev' else channel_name - - try: - channel['sha256'] = nix_prefetch_url(f'{BUCKET_URL}/chromium-{build["version"]}.tar.xz') - channel['sha256bin64'] = nix_prefetch_url(f'{DEB_URL}/google-chrome-{suffix}/google-chrome-{suffix}_{build["version"]}-1_amd64.deb') - except subprocess.CalledProcessError: - # This build isn't actually available yet. Continue to - # the next one. - continue - - channel['deps'] = get_channel_dependencies(channel) - if channel_name == 'stable': - channel['chromedriver'] = get_matching_chromedriver(channel['version']) - - channels[channel_name] = channel - -with open(JSON_PATH, 'w') as out: - def get_channel_key(item): - channel_name = item[0] - if channel_name == 'stable': - return 0 - elif channel_name == 'beta': - return 1 - elif channel_name == 'dev': - return 2 - else: - print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) - sys.exit(1) - sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) - json.dump(sorted_channels, out, indent=2) - out.write('\n') diff --git a/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json b/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json deleted file mode 100644 index 6343dd4b2468..000000000000 --- a/pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "stable": { - "version": "87.0.4280.88", - "sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy", - "sha256bin64": "0n3fm6wf8zfkv135d50xl8xxrnng3q55vyxkck1da8jyvh18bijb", - "deps": { - "gn": { - "version": "2020-09-09", - "url": "https://gn.googlesource.com/gn", - "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", - "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" - } - }, - "chromedriver": { - "version": "87.0.4280.88", - "sha256_linux": "141mr2jiy3nslwd3s43m4i6plkv9wv5fgi78cn7mz0ac9x6fpcgx", - "sha256_darwin": "048hsqp6575r980m769lzznvxypmfcwn89f1d3ik751ymzmb5r78" - } - }, - "beta": { - "version": "88.0.4324.27", - "sha256": "0mciiyh3sn2zrl8g6znylc2pm9sb0wzsclgavf7mmlknri5sjblc", - "sha256bin64": "0qf2j1j3p94s724rwh8fydpjn88cs9yxxhjf5axvqwi7q3h35cfx", - "deps": { - "gn": { - "version": "2020-11-05", - "url": "https://gn.googlesource.com/gn", - "rev": "53d92014bf94c3893886470a1c7c1289f8818db0", - "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" - } - } - }, - "dev": { - "version": "89.0.4343.0", - "sha256": "0jmc1l0lysl5zax98fjhzsfq3c1sqh3n3xscidafflx362wcfpwa", - "sha256bin64": "1v6xik8kf531y0g5xj0c8szjmak0qvh77kwkw7p7hqxqmnwwp06d", - "deps": { - "gn": { - "version": "2020-11-05", - "url": "https://gn.googlesource.com/gn", - "rev": "53d92014bf94c3893886470a1c7c1289f8818db0", - "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" - } - } - } -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 816a4657a252..6623af0e4594 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24414,7 +24414,9 @@ in uefitoolPackages = recurseIntoAttrs (callPackage ../tools/system/uefitool/variants.nix {}); uefitool = uefitoolPackages.new-engine; - ungoogled-chromium = callPackage ../applications/networking/browsers/ungoogled-chromium (config.chromium or {}); + ungoogled-chromium = callPackage ../applications/networking/browsers/chromium ((config.chromium or {}) // { + ungoogled = true; + }); unigine-valley = callPackage ../applications/graphics/unigine-valley { }; From 240a8f746e0e3e698fc87cb9934ffaef7e09e5bf Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 9 Dec 2020 19:29:31 +0100 Subject: [PATCH 06/32] ungoogled-chromium: Move ungoogled-src.nix into upstream-info.json This also adds a dedicated channel for ungoogled-chromium that enables us to update ungoogled-chromium independently of chromium. TODO: Automate ungoogled-chromium updates via update.py (currently it needs to be updated manually). Note: Unfortunately this changes the ungoogled-chromium derivation because common.nix passes the channel as an argument to stdenv.mkDerivation (this makes it more difficult to verify this commit but the result should remain the same). --- .../networking/browsers/chromium/browser.nix | 4 +++- .../networking/browsers/chromium/common.nix | 9 ++++----- .../networking/browsers/chromium/default.nix | 4 +++- .../browsers/chromium/ungoogled-src.nix | 6 ------ .../networking/browsers/chromium/update.py | 3 +++ .../browsers/chromium/upstream-info.json | 16 ++++++++++++++++ pkgs/top-level/all-packages.nix | 1 + 7 files changed, 30 insertions(+), 13 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/chromium/ungoogled-src.nix diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index eab88297e68d..b9a42e825f31 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -85,7 +85,9 @@ mkChromiumDerivation (base: rec { else [ primeos thefloweringash bendlas ]; license = if enableWideVine then licenses.unfree else licenses.bsd3; platforms = platforms.linux; - hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else []; + hydraPlatforms = if (channel == "stable" || channel == "ungoogled-chromium") + then ["aarch64-linux" "x86_64-linux"] + else []; timeout = 172800; # 48 hours (increased from the Hydra default of 10h) }; }) diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index c396e5996de7..d754c2769c90 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -110,11 +110,10 @@ let result else result; - ungoogler = - let versionEntry = (import ./ungoogled-src.nix)."${upstream-info.version}"; - in ungoogled-chromium { - inherit (versionEntry) rev sha256; - }; + ungoogler = ungoogled-chromium { + inherit (upstream-info.deps.ungoogled-patches) rev sha256; + }; + base = rec { name = "${packageName}-unwrapped-${version}"; inherit (upstream-info) version; diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index adf967251f29..0cbfbc332706 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -116,7 +116,9 @@ let }; }; - suffix = if channel != "stable" then "-" + channel else ""; + suffix = if (channel == "stable" || channel == "ungoogled-chromium") + then "" + else "-" + channel; sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; diff --git a/pkgs/applications/networking/browsers/chromium/ungoogled-src.nix b/pkgs/applications/networking/browsers/chromium/ungoogled-src.nix deleted file mode 100644 index 26f2f730a41d..000000000000 --- a/pkgs/applications/networking/browsers/chromium/ungoogled-src.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - "87.0.4280.88" = { - rev = "87.0.4280.88-1"; - sha256 = "0w2137w8hfcgl6f938hqnb4ffp33v5r8vdzxrvs814w7dszkiqgg"; - }; -} diff --git a/pkgs/applications/networking/browsers/chromium/update.py b/pkgs/applications/networking/browsers/chromium/update.py index 9e1f0aec598d..57fe268e72fe 100755 --- a/pkgs/applications/networking/browsers/chromium/update.py +++ b/pkgs/applications/networking/browsers/chromium/update.py @@ -113,9 +113,12 @@ with open(JSON_PATH, 'w') as out: return 1 elif channel_name == 'dev': return 2 + elif channel_name == 'ungoogled-chromium': + return 3 else: print(f'Error: Unexpected channel: {channel_name}', file=sys.stderr) sys.exit(1) + channels['ungoogled-chromium'] = last_channels['ungoogled-chromium'] # Keep ungoogled-chromium unchanged sorted_channels = OrderedDict(sorted(channels.items(), key=get_channel_key)) json.dump(sorted_channels, out, indent=2) out.write('\n') diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 15899d31e726..5c824391341f 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -42,5 +42,21 @@ "sha256": "1xcm07qjk6m2czi150fiqqxql067i832adck6zxrishm70c9jbr9" } } + }, + "ungoogled-chromium": { + "version": "87.0.4280.88", + "sha256": "1h09g9b2zxad85vd146ymvg3w2kpngpi78yig3dn1vrmhwr4aiiy", + "deps": { + "ungoogled-patches": { + "rev": "87.0.4280.88-1", + "sha256": "0w2137w8hfcgl6f938hqnb4ffp33v5r8vdzxrvs814w7dszkiqgg" + }, + "gn": { + "version": "2020-09-09", + "url": "https://gn.googlesource.com/gn", + "rev": "e002e68a48d1c82648eadde2f6aafa20d08c36f2", + "sha256": "0x4c7amxwzxs39grqs3dnnz0531mpf1p75niq7zhinyfqm86i4dk" + } + } } } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6623af0e4594..c8952b85c2c3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24416,6 +24416,7 @@ in ungoogled-chromium = callPackage ../applications/networking/browsers/chromium ((config.chromium or {}) // { ungoogled = true; + channel = "ungoogled-chromium"; }); unigine-valley = callPackage ../applications/graphics/unigine-valley { }; From 18c386ead1187efd91e147f5f1739f8425e56d0e Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Tue, 8 Dec 2020 13:09:41 -0300 Subject: [PATCH 07/32] dgen-sdl: init at 1.33 --- pkgs/misc/emulators/dgen-sdl/default.nix | 70 ++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 72 insertions(+) create mode 100644 pkgs/misc/emulators/dgen-sdl/default.nix diff --git a/pkgs/misc/emulators/dgen-sdl/default.nix b/pkgs/misc/emulators/dgen-sdl/default.nix new file mode 100644 index 000000000000..1eabf5b53b01 --- /dev/null +++ b/pkgs/misc/emulators/dgen-sdl/default.nix @@ -0,0 +1,70 @@ +{ stdenv +, fetchurl +, libarchive +, doxygen +, SDL +}: + +let + pname = "dgen-sdl"; + version = "1.33"; +in stdenv.mkDerivation { + inherit pname version; + + src = fetchurl { + url = "https://sourceforge.net/projects/dgen/files/dgen/${version}/${pname}-${version}.tar.gz"; + hash = "sha256-meLAYBfCKHPHf4gYbrzAmGckTrbgQsdjuwlLArje9h4="; + }; + + buildInputs = [ SDL libarchive ]; + + configureFlags = [ + "--enable-joystick" + "--enable-debugger" + "--enable-debug-vdp" + "--enable-pico" # experimental + "--enable-vgmdump" + "--with-star=no" # Needs ASM support + "--with-musa" + "--with-cyclone=no" # Needs ASM support + "--with-mz80" + "--with-cz80" + "--with-drz80=no" # Needs ASM support + "--with-dz80" + ]; + + meta = with stdenv.lib; { + homepage = "https://dgen.sourceforge.net/"; + description = "Sega Genesis/Mega Drive emulator"; + longDescription = '' + DGen/SDL is a free, open source emulator for Sega Genesis/Mega Drive + systems. DGen was originally written by Dave, then ported to SDL by Joe + Groff and Phil K. Hornung in 1998. + + It features: + + - Game Genie/Hex codes support + - PAL/NTSC, fullscreen modes + - Joypad/joystick support + - Mouse support + - Highly configurable controls + - OpenGL textured video output + - Portable (64‐bit, endian safe), runs in Windows using MinGW + - Screenshots, demos recording and playback + - Musashi (generic) and StarScream (x86‐only) CPU cores + - Cyclone 68000 and DrZ80 (both ARM‐only) CPU cores + - CZ80 (generic) and MZ80 (generic and x86‐only versions) + - 16‐bit, 8000 to 48000Hz sound output + - Support for 8, 15, 16, 24 and 32 bpp modes + - Archived/compressed ROMs support + - M68K debugger (contributed by Edd Barrett) + - Z80 debugger + - hqx and scale2x upscaling filters + - VGM dumping + ''; + license = licenses.mit; + maintainers = with maintainers; [ AndersonTorres ]; + platforms = with platforms; unix; + }; +} +# TODO: implement configure options diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8505664d1a80..f505766ea33b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2000,6 +2000,8 @@ in dlx = callPackage ../misc/emulators/dlx { }; + dgen-sdl = callPackage ../misc/emulators/dgen-sdl { }; + doitlive = callPackage ../tools/misc/doitlive { }; dokuwiki = callPackage ../servers/web-apps/dokuwiki { }; From 8833983f261c6afa0361465f31c4dbc39c45b386 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Sun, 22 Nov 2020 23:42:02 +0100 Subject: [PATCH 08/32] nixos/users-groups: createHome: Ensure HOME permissions, fix description configuration.nix(1) states users.extraUsers..createHome [...] If [...] the home directory already exists but is not owned by the user, directory owner and group will be changed to match the user. i.e. ownership would change only if the user mismatched; the code however ignores the owner, it is sufficient to enable `createHome`: if ($u->{createHome}) { make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; } Furthermore, permissions are ignored on already existing directories and therefore may allow others to read private data eventually. Given that createHome already acts as switch to not only create but effectively own the home directory, manage permissions in the same manner to ensure the intended default and cover all primary attributes. Avoid yet another configuration option to have administrators make a clear and simple choice between securely managing home directories and optionally defering management to own code (taking care of custom location, ownership, mode, extended attributes, etc.). While here, simplify and thereby fix misleading documentation. --- nixos/doc/manual/release-notes/rl-2103.xml | 7 +++++++ nixos/modules/config/update-users-groups.pl | 3 ++- nixos/modules/config/users-groups.nix | 6 ++---- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 35c10d3e5939..a8f961a06dc7 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -409,6 +409,13 @@ been dropped from upstream releases. + + + now always ensures home directory permissions to be 0700. + Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. + The option's description was incorrect regarding ownership management and has been simplified greatly. + + diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index fd3affae899c..758237152932 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -209,10 +209,11 @@ foreach my $u (@{$spec->{users}}) { } } - # Create a home directory. + # Ensure home directory incl. ownership and permissions. if ($u->{createHome}) { make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; + chmod 0700, $u->{home}; } if (defined $u->{passwordFile}) { diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 72285fe631da..a95763380986 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -198,10 +198,8 @@ let type = types.bool; default = false; description = '' - If true, the home directory will be created automatically. If this - option is true and the home directory already exists but is not - owned by the user, directory owner and group will be changed to - match the user. + Whether to create the home directory and ensure ownership as well as + permissions to match the user. ''; }; From 551ff760ce8d367d20af4de0456b6a3ac4bef46a Mon Sep 17 00:00:00 2001 From: Samuel Ainsworth Date: Tue, 15 Dec 2020 18:55:47 -0800 Subject: [PATCH 09/32] vscodium: update script artifact names have changed The vscodium project is now releasing artifacts with slightly different naming: `VSCodium-darwin-${VSCODIUM_VER}.zip` is now `VSCodium-darwin-x64-${VSCODIUM_VER}.zip`. This is likely due to arrival of the new ARM-based macs. In any case, it does mean that we need to update `update-vscodium.sh` to pull the correct artifact down. --- pkgs/applications/editors/vscode/update-vscodium.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/editors/vscode/update-vscodium.sh b/pkgs/applications/editors/vscode/update-vscodium.sh index 0ddab6063cad..5df4cafdee94 100755 --- a/pkgs/applications/editors/vscode/update-vscodium.sh +++ b/pkgs/applications/editors/vscode/update-vscodium.sh @@ -23,6 +23,6 @@ VSCODIUM_LINUX_URL="https://github.com/VSCodium/vscodium/releases/download/${VSC VSCODIUM_LINUX_SHA256=$(nix-prefetch-url ${VSCODIUM_LINUX_URL}) sed -i "s/x86_64-linux = \".\{52\}\"/x86_64-linux = \"${VSCODIUM_LINUX_SHA256}\"/" "$ROOT/vscodium.nix" -VSCODIUM_DARWIN_URL="https://github.com/VSCodium/vscodium/releases/download/${VSCODIUM_VER}/VSCodium-darwin-${VSCODIUM_VER}.zip" +VSCODIUM_DARWIN_URL="https://github.com/VSCodium/vscodium/releases/download/${VSCODIUM_VER}/VSCodium-darwin-x64-${VSCODIUM_VER}.zip" VSCODIUM_DARWIN_SHA256=$(nix-prefetch-url ${VSCODIUM_DARWIN_URL}) sed -i "s/x86_64-darwin = \".\{52\}\"/x86_64-darwin = \"${VSCODIUM_DARWIN_SHA256}\"/" "$ROOT/vscodium.nix" From 95f30fea56f0081a9342e69309855437e912229f Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Wed, 16 Dec 2020 04:20:00 +0000 Subject: [PATCH 10/32] nushell: 0.23.0 -> 0.24.1 --- pkgs/shells/nushell/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/shells/nushell/default.nix b/pkgs/shells/nushell/default.nix index 44961696195f..1774a1c66772 100644 --- a/pkgs/shells/nushell/default.nix +++ b/pkgs/shells/nushell/default.nix @@ -15,16 +15,16 @@ rustPlatform.buildRustPackage rec { pname = "nushell"; - version = "0.23.0"; + version = "0.24.1"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "0rbg0jchg59x0g4h0xahdm9qah8l8g4i2s8lkaqzdkm4yv29gqx4"; + sha256 = "0nza860gg9lnkld9c7is93fmfxl9yay8yf2f18h16cgjk3n686kd"; }; - cargoSha256 = "1sbgn68n0rqh1m98dm3r2a3pqqqx4v7axw5djw8qlx4gv7xw1ql0"; + cargoSha256 = "1mb6ws2zw089cx475c1vpvvxkzi8by6wmw4frans5lbl3a2lldl0"; nativeBuildInputs = [ pkg-config ] ++ lib.optionals (withStableFeatures && stdenv.isLinux) [ python3 ]; From 23d578477077834b56e64d084353bfe48d09adf8 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sun, 13 Dec 2020 15:47:22 -0300 Subject: [PATCH 11/32] Convert mkShell from DocBook to CommonMark --- doc/builders/special.xml | 2 +- doc/builders/special/mkshell.section.md | 15 +++++++++++++++ doc/builders/special/mkshell.xml | 24 ------------------------ 3 files changed, 16 insertions(+), 25 deletions(-) create mode 100644 doc/builders/special/mkshell.section.md delete mode 100644 doc/builders/special/mkshell.xml diff --git a/doc/builders/special.xml b/doc/builders/special.xml index 15fdba9a0419..09115751d6a7 100644 --- a/doc/builders/special.xml +++ b/doc/builders/special.xml @@ -6,5 +6,5 @@ This chapter describes several special builders. - + diff --git a/doc/builders/special/mkshell.section.md b/doc/builders/special/mkshell.section.md new file mode 100644 index 000000000000..1feb75cbd6f7 --- /dev/null +++ b/doc/builders/special/mkshell.section.md @@ -0,0 +1,15 @@ +# pkgs.mkShell {#sec-pkgs-mkShell} + +`pkgs.mkShell` is a special kind of derivation that is only useful when using it combined with `nix-shell`. It will in fact fail to instantiate when invoked with `nix-build`. + +## Usage {#sec-pkgs-mkShell-usage} + +```nix +{ pkgs ? import {} }: +pkgs.mkShell { + # this will make all the build inputs from hello and gnutar + # available to the shell environment + inputsFrom = with pkgs; [ hello gnutar ]; + buildInputs = [ pkgs.gnumake ]; +} +``` diff --git a/doc/builders/special/mkshell.xml b/doc/builders/special/mkshell.xml deleted file mode 100644 index cef65d06b882..000000000000 --- a/doc/builders/special/mkshell.xml +++ /dev/null @@ -1,24 +0,0 @@ -
- pkgs.mkShell - - - pkgs.mkShell is a special kind of derivation that is only useful when using it combined with nix-shell. It will in fact fail to instantiate when invoked with nix-build. - - -
- Usage - - {} }: -pkgs.mkShell { - # this will make all the build inputs from hello and gnutar - # available to the shell environment - inputsFrom = with pkgs; [ hello gnutar ]; - buildInputs = [ pkgs.gnumake ]; -} -]]> -
-
From 7113b40fb35e4073df2e84d30e59eadcb95cd3de Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sun, 13 Dec 2020 16:19:44 -0300 Subject: [PATCH 12/32] Convert fhs-environments from DocBook to CommonMark --- doc/builders/special.xml | 2 +- .../special/fhs-environments.section.md | 45 +++++++ doc/builders/special/fhs-environments.xml | 122 ------------------ 3 files changed, 46 insertions(+), 123 deletions(-) create mode 100644 doc/builders/special/fhs-environments.section.md delete mode 100644 doc/builders/special/fhs-environments.xml diff --git a/doc/builders/special.xml b/doc/builders/special.xml index 09115751d6a7..8902ce5c8132 100644 --- a/doc/builders/special.xml +++ b/doc/builders/special.xml @@ -5,6 +5,6 @@ This chapter describes several special builders. - + diff --git a/doc/builders/special/fhs-environments.section.md b/doc/builders/special/fhs-environments.section.md new file mode 100644 index 000000000000..512a31cae0f1 --- /dev/null +++ b/doc/builders/special/fhs-environments.section.md @@ -0,0 +1,45 @@ +# buildFHSUserEnv {#sec-fhs-environments} + +`buildFHSUserEnv` provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound `/nix/store`, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are: + +- `name` + Environment name. +- `targetPkgs` + Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed. +- `multiPkgs` + Packages to be installed for all architectures supported by a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are installed by default. +- `extraBuildCommands` + Additional commands to be executed for finalizing the directory structure. +- `extraBuildCommandsMulti` + Like `extraBuildCommands`, but executed only on multilib architectures. +- `extraOutputsToInstall` + Additional derivation outputs to be linked for both target and multi-architecture packages. +- `extraInstallCommands` + Additional commands to be executed for finalizing the derivation with runner script. +- `runScript` + A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to `bash`. + +One can create a simple environment using a `shell.nix` like that: + +```nix +{ pkgs ? import {} }: + +(pkgs.buildFHSUserEnv { + name = "simple-x11-env"; + targetPkgs = pkgs: (with pkgs; + [ udev + alsaLib + ]) ++ (with pkgs.xorg; + [ libX11 + libXcursor + libXrandr + ]); + multiPkgs = pkgs: (with pkgs; + [ udev + alsaLib + ]); + runScript = "bash"; +}).env +``` + +Running `nix-shell` would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change `runScript` to the application path, e.g. `./bin/start.sh` -- relative paths are supported. diff --git a/doc/builders/special/fhs-environments.xml b/doc/builders/special/fhs-environments.xml deleted file mode 100644 index e7b81e97a23f..000000000000 --- a/doc/builders/special/fhs-environments.xml +++ /dev/null @@ -1,122 +0,0 @@ -
- buildFHSUserEnv - - - buildFHSUserEnv provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound /nix/store, so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement. Accepted arguments are: - - - - - - name - - - - Environment name. - - - - - - targetPkgs - - - - Packages to be installed for the main host's architecture (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also installed. - - - - - - multiPkgs - - - - Packages to be installed for all architectures supported by a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are installed by default. - - - - - - extraBuildCommands - - - - Additional commands to be executed for finalizing the directory structure. - - - - - - extraBuildCommandsMulti - - - - Like extraBuildCommands, but executed only on multilib architectures. - - - - - - extraOutputsToInstall - - - - Additional derivation outputs to be linked for both target and multi-architecture packages. - - - - - - extraInstallCommands - - - - Additional commands to be executed for finalizing the derivation with runner script. - - - - - - runScript - - - - A command that would be executed inside the sandbox and passed all the command line arguments. It defaults to bash. - - - - - - - One can create a simple environment using a shell.nix like that: - - - {} }: - -(pkgs.buildFHSUserEnv { - name = "simple-x11-env"; - targetPkgs = pkgs: (with pkgs; - [ udev - alsaLib - ]) ++ (with pkgs.xorg; - [ libX11 - libXcursor - libXrandr - ]); - multiPkgs = pkgs: (with pkgs; - [ udev - alsaLib - ]); - runScript = "bash"; -}).env -]]> - - - Running nix-shell would then drop you into a shell with these libraries and binaries available. You can use this to run closed-source applications which expect FHS structure without hassles: simply change runScript to the application path, e.g. ./bin/start.sh -- relative paths are supported. - -
From 4526fe98044e760390f253c146d8e9790ef285f7 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sun, 13 Dec 2020 16:23:59 -0300 Subject: [PATCH 13/32] Convert locales from DocBook to CommonMark --- doc/builders/packages/index.xml | 2 +- doc/builders/packages/locales.section.md | 5 +++++ doc/builders/packages/locales.xml | 13 ------------- 3 files changed, 6 insertions(+), 14 deletions(-) create mode 100644 doc/builders/packages/locales.section.md delete mode 100644 doc/builders/packages/locales.xml diff --git a/doc/builders/packages/index.xml b/doc/builders/packages/index.xml index c7a4aa9f47dc..e1ddfd276e20 100644 --- a/doc/builders/packages/index.xml +++ b/doc/builders/packages/index.xml @@ -14,7 +14,7 @@ - + diff --git a/doc/builders/packages/locales.section.md b/doc/builders/packages/locales.section.md new file mode 100644 index 000000000000..e5a037004818 --- /dev/null +++ b/doc/builders/packages/locales.section.md @@ -0,0 +1,5 @@ +# Locales {#locales} + +To allow simultaneous use of packages linked against different versions of `glibc` with different locale archive formats Nixpkgs patches `glibc` to rely on `LOCALE_ARCHIVE` environment variable. + +On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the `LOCALE_ARCHIVE` variable pointing to `${glibcLocales}/lib/locale/locale-archive`. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters `allLocales` and `locales` of the package. diff --git a/doc/builders/packages/locales.xml b/doc/builders/packages/locales.xml deleted file mode 100644 index 44fdef034e77..000000000000 --- a/doc/builders/packages/locales.xml +++ /dev/null @@ -1,13 +0,0 @@ -
- Locales - - - To allow simultaneous use of packages linked against different versions of glibc with different locale archive formats Nixpkgs patches glibc to rely on LOCALE_ARCHIVE environment variable. - - - - On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the LOCALE_ARCHIVE variable pointing to ${glibcLocales}/lib/locale/locale-archive. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters allLocales and locales of the package. - -
From e47b3c0e23b34d2f8eeb6e656cd7c48b772551cb Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Wed, 16 Dec 2020 15:40:55 -0800 Subject: [PATCH 14/32] arduino-ci: 0.1.0 -> 0.2.0 --- pkgs/development/arduino/arduino-ci/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/development/arduino/arduino-ci/default.nix b/pkgs/development/arduino/arduino-ci/default.nix index cdc6cb8ccb61..b6b1fc9c89d1 100644 --- a/pkgs/development/arduino/arduino-ci/default.nix +++ b/pkgs/development/arduino/arduino-ci/default.nix @@ -1,23 +1,22 @@ -{ stdenv, fetchFromGitHub, makeWrapper, arduino-cli, ruby, python3, patchelf }: +{ stdenv, fetchFromGitHub, makeWrapper, arduino-cli, ruby, python3 }: let runtimePath = stdenv.lib.makeBinPath [ arduino-cli - (python3.withPackages (ps: [ ps.pyserial ])) # required by esp32 core - patchelf # required by esp32 core + python3 # required by the esp8266 core ]; in stdenv.mkDerivation rec { pname = "arduino-ci"; - version = "0.1.0"; + version = "0.2.0"; src = fetchFromGitHub { owner = "pololu"; repo = "arduino-ci"; rev = "v${version}"; - sha256 = "sha256-uLCLupzJ446WcxXZtzJk1wnae+k1NTSy0cGHLqW7MZU="; + sha256 = "sha256-9RbBxgwsSQ7oGGKr1Vsn9Ug9AsacoRgvQgd9jbRQ034="; }; nativeBuildInputs = [ makeWrapper ]; From b6c4c3db11d9ad953ee30befbefa73de7128ee1c Mon Sep 17 00:00:00 2001 From: Bruno Bigras Date: Thu, 17 Dec 2020 03:34:43 -0500 Subject: [PATCH 15/32] wrangler: 1.12.2 -> 1.12.3 --- pkgs/development/tools/wrangler/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/wrangler/default.nix b/pkgs/development/tools/wrangler/default.nix index b7020eacdc32..6b85e20612bf 100644 --- a/pkgs/development/tools/wrangler/default.nix +++ b/pkgs/development/tools/wrangler/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "wrangler"; - version = "1.12.2"; + version = "1.12.3"; src = fetchFromGitHub { owner = "cloudflare"; repo = pname; rev = "v${version}"; - sha256 = "1w0j6if1fnih1036hlb9a3c6wgjw4p057llhjf0f3d568ah1244a"; + sha256 = "1h9020yf5jsbilzn94h7qyxw9qnz3vw43g8a2415wvjqq6ihzfvm"; }; - cargoSha256 = "0d9wvdjjakznz8dnqx4gqxh0xkxrh4229460hg6dr9qn492p7nfx"; + cargoSha256 = "12azc41y2yx936ax9b1yylc0gy91k0m7ih6p0bkw7m928f762hpx"; nativeBuildInputs = [ perl ] ++ stdenv.lib.optionals stdenv.isLinux [ pkg-config ]; From 7d8d8c1bcb9c5f148fef8c5581f3e055b60de315 Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Thu, 17 Dec 2020 13:07:57 +0100 Subject: [PATCH 16/32] sequoia: 0.20.0 -> 1.0.0 --- pkgs/tools/security/sequoia/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/security/sequoia/default.nix b/pkgs/tools/security/sequoia/default.nix index aa2a12fc351e..201b4c56f2b9 100644 --- a/pkgs/tools/security/sequoia/default.nix +++ b/pkgs/tools/security/sequoia/default.nix @@ -23,16 +23,16 @@ assert pythonSupport -> pythonPackages != null; rustPlatform.buildRustPackage rec { pname = "sequoia"; - version = "0.20.0"; + version = "1.0.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = "sequoia"; rev = "v${version}"; - sha256 = "sha256-br5GRzWprQTixNrE0WpNIB7Ayj5oEfyCg5JY4MnX5rA="; + sha256 = "0y80bl786m29ww3272qsl1ql0xc3pwd6iiqlkv3nmhnjsmygbn0d"; }; - cargoSha256 = "sha256-SpCdoLCtvU9jpG/ivB/+4KhRdKZxN3/+7P/RlR6n9/c="; + cargoSha256 = "03ngywa5z0c7qmdmhynk13xcivhg8gpivvpzg2gxp34gfr7j438l"; nativeBuildInputs = [ pkg-config From de94bb432f0d9ae4bdd45ab334bf8cb86243c97d Mon Sep 17 00:00:00 2001 From: Maxine Aubrey Date: Sun, 13 Dec 2020 15:06:19 +0100 Subject: [PATCH 17/32] nomad_0_11: 0.11.7 -> 0.11.8 --- pkgs/applications/networking/cluster/nomad/0.11.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/cluster/nomad/0.11.nix b/pkgs/applications/networking/cluster/nomad/0.11.nix index 6487a2edd7f6..2fd7c0403a3c 100644 --- a/pkgs/applications/networking/cluster/nomad/0.11.nix +++ b/pkgs/applications/networking/cluster/nomad/0.11.nix @@ -2,6 +2,6 @@ callPackage ./generic.nix { inherit buildGoPackage; - version = "0.11.7"; - sha256 = "sha256-wp1Je+I3iijD/pHHQtylMQhOiVhS6AT/y2/pUiLr0M4="; + version = "0.11.8"; + sha256 = "1dhh07bifr02jh2lls8fv1d9ra67ymgh8qxqvpvm0cd0qdd469z1"; } From 582abe1d6d0a0a9890e8e9f75215b91beb9a3f85 Mon Sep 17 00:00:00 2001 From: Maxine Aubrey Date: Sun, 13 Dec 2020 15:06:39 +0100 Subject: [PATCH 18/32] nomad_0_12: 0.12.7 -> 0.12.9 --- pkgs/applications/networking/cluster/nomad/0.12.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/cluster/nomad/0.12.nix b/pkgs/applications/networking/cluster/nomad/0.12.nix index 863f7cbed2f9..0120887957a8 100644 --- a/pkgs/applications/networking/cluster/nomad/0.12.nix +++ b/pkgs/applications/networking/cluster/nomad/0.12.nix @@ -2,6 +2,6 @@ callPackage ./generic.nix { inherit buildGoPackage; - version = "0.12.7"; - sha256 = "0y1nwmpc4fqgjyb19n1f2w4y5k7fy4p68v2vnnry11nj3im7ia14"; + version = "0.12.9"; + sha256 = "1a0ig6pb0z3qp7zk4jgz3h241bifmjlyqsfikyy3sxdnzj7yha27"; } From 24929523690c2a5fdacb89c7b9bdab7c4fe2013c Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 08:56:04 -0500 Subject: [PATCH 19/32] python3Packages.botocore: 1.19.37 -> 1.19.38 --- pkgs/development/python-modules/botocore/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix index eabb8873fd2a..1b953ab6fc49 100644 --- a/pkgs/development/python-modules/botocore/default.nix +++ b/pkgs/development/python-modules/botocore/default.nix @@ -12,11 +12,11 @@ buildPythonPackage rec { pname = "botocore"; - version = "1.19.37"; # N.B: if you change this, change boto3 and awscli to a matching version + version = "1.19.38"; # N.B: if you change this, change boto3 and awscli to a matching version src = fetchPypi { inherit pname version; - sha256 = "14bl9sklilrz0fsch4zw1rx8zdq6h9va2786wxn36yax8n2i5gv7"; + sha256 = "12ipyrm5180lf00q6v669mrfkpw6x4rhzd7fsp6qzz3g1hdwn7hz"; }; propagatedBuildInputs = [ From 312d836e4543981162d027bc57189a6807fc79a5 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 08:56:14 -0500 Subject: [PATCH 20/32] python3Packages.boto3: 1.16.37 -> 1.16.38 --- pkgs/development/python-modules/boto3/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix index 8af7b6b04c50..2814e6ffb649 100644 --- a/pkgs/development/python-modules/boto3/default.nix +++ b/pkgs/development/python-modules/boto3/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "boto3"; - version = "1.16.37"; # N.B: if you change this, change botocore too + version = "1.16.38"; # N.B: if you change this, change botocore too src = fetchPypi { inherit pname version; - sha256 = "01d4mk1q37dc5l5jmsxm7fijmhq7678ka1bd4p8a8yj57mmw51pf"; + sha256 = "1xxvpf0q8xiz1cr5q1m4pdpzbhjriw3j6afi5dwvrrq9sh3x7pqx"; }; propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ]; From 6a42069f9c1be3efccda59677d3397c8e054b21f Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 08:57:03 -0500 Subject: [PATCH 21/32] awscli: 1.18.197 -> 1.18.198 --- pkgs/tools/admin/awscli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix index 56e2dfa7e8ec..9e0a165b051d 100644 --- a/pkgs/tools/admin/awscli/default.nix +++ b/pkgs/tools/admin/awscli/default.nix @@ -28,11 +28,11 @@ let in with py.pkgs; buildPythonApplication rec { pname = "awscli"; - version = "1.18.197"; # N.B: if you change this, change botocore to a matching version too + version = "1.18.198"; # N.B: if you change this, change botocore to a matching version too src = fetchPypi { inherit pname version; - sha256 = "0m73ks5ans135vrwmbd4fpbmi7mgiqj0dmlx4ximk0jh7hbl7rcb"; + sha256 = "0zcjx2gh9s1mak9cc9bmydg0f68id4rwhhpcaqqkcd3p37swyr2b"; }; postPatch = '' From 528cdd3ec5ee6190acefeeffc1109dca632b1dad Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 13:59:02 +0000 Subject: [PATCH 22/32] =?UTF-8?q?oh-my-zsh:=202020-12-14=20=E2=86=92=20202?= =?UTF-8?q?0-12-16?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/shells/zsh/oh-my-zsh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/shells/zsh/oh-my-zsh/default.nix b/pkgs/shells/zsh/oh-my-zsh/default.nix index 8264626b36de..38236c117e80 100644 --- a/pkgs/shells/zsh/oh-my-zsh/default.nix +++ b/pkgs/shells/zsh/oh-my-zsh/default.nix @@ -5,15 +5,15 @@ , nix, nixfmt, jq, coreutils, gnused, curl, cacert }: stdenv.mkDerivation rec { - version = "2020-12-14"; + version = "2020-12-16"; pname = "oh-my-zsh"; - rev = "f2a4b2b17bbf9103dd90d23a73163e9b4e0e47f1"; + rev = "b28665aebb4c1b07a57890eb59551bc51d0acf37"; src = fetchFromGitHub { inherit rev; owner = "ohmyzsh"; repo = "ohmyzsh"; - sha256 = "1kcrdvasphlrxcx5yzhlb5nmnzbbybl9lzp85r6bscsjsmgi7ssc"; + sha256 = "00m8d992jhbkd8mhm6zhirk9ga3dfzhh8idn2yp40yk7wdbzrd74"; }; installPhase = '' From 061ef26cb417d0b0f2cc0add9194496c708f4164 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 13:59:25 +0000 Subject: [PATCH 23/32] =?UTF-8?q?sbt-extras:=202020-11-23=20=E2=86=92=2020?= =?UTF-8?q?20-12-17?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../development/tools/build-managers/sbt-extras/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/build-managers/sbt-extras/default.nix b/pkgs/development/tools/build-managers/sbt-extras/default.nix index 3b433ea5e77a..cf85d894a377 100644 --- a/pkgs/development/tools/build-managers/sbt-extras/default.nix +++ b/pkgs/development/tools/build-managers/sbt-extras/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { pname = "sbt-extras"; - rev = "be2f5d98f13884a18eaf5205458f985575dbe13a"; - version = "2020-11-23"; + rev = "32cf43b58f91bd3b7063baa9f2d75d4af45d9c4b"; + version = "2020-12-17"; src = fetchFromGitHub { owner = "paulp"; repo = "sbt-extras"; inherit rev; - sha256 = "00acnj357fcwx7w25axaj0l5ync97ixsixg8s55r7hwibkxn0fa7"; + sha256 = "046xr3x73p63xnfakq981gvl299l5fahxgnn0bacvp7pa8g99dv2"; }; dontBuild = true; From bc949bb67e3920f3e06be3e6e36689520549781b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 09:05:53 -0500 Subject: [PATCH 24/32] minecraft: Fix test --- nixos/tests/minecraft.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/minecraft.nix b/nixos/tests/minecraft.nix index e0c35f2d2769..3225ebac392a 100644 --- a/nixos/tests/minecraft.nix +++ b/nixos/tests/minecraft.nix @@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { in '' client.wait_for_x() client.execute("su - alice -c minecraft-launcher &") - client.wait_for_text("CONTINUE WITHOUT LOGIN") + client.wait_for_text("Create a new Microsoft account") client.sleep(10) client.screenshot("launcher") ''; From 08d67bbd0dc8d8fe70cc373d3c4e2b686e36f342 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 09:16:17 -0500 Subject: [PATCH 25/32] linux-rt_5_10: 5.10-rt17 -> 5.10.1-rt19 --- pkgs/os-specific/linux/kernel/linux-rt-5.10.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 4eec6c431b6c..dfb4cb9cc86a 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10-rt17"; # updated by ./update-rt.sh + version = "5.10.1-rt19"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0hyav21vzz5v1kgb455pcz9ncg5qqzxmp60na290scwq7vj9kpyw"; + sha256 = "0p2fl7kl4ckphq17xir7n7vgrzlhbdqmyd2yyp4yilwvih9625pd"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0baf7363f6h3smr4lgw88dbpf4977j6c1asifyhc8zhd7100ckhn"; + sha256 = "0hihi7p866alh03ziz8q1l0p3sxi437h4a45c5dlv9lrg6f177qb"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; From 1eb7cd9572842fcf75b850fcc0fba18eb1cba9f7 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 09:16:27 -0500 Subject: [PATCH 26/32] linux/hardened/patches/5.4: 5.4.83.a -> 5.4.84.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index c1f870e3d81e..ddce2b4ed1fb 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -10,9 +10,9 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.163.a/linux-hardened-4.19.163.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.83.a.patch", - "sha256": "08srahgfzynv2bfd0ym6vgl1c0xjfqg6qvgzlq85y9pb7fain5yp", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.83.a/linux-hardened-5.4.83.a.patch" + "name": "linux-hardened-5.4.84.a.patch", + "sha256": "1pwij0bxgf61ahi6fa8qwrr85yhx92z4sif71kdgxkbwcw9qwyzs", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.84.a/linux-hardened-5.4.84.a.patch" }, "5.9": { "name": "linux-hardened-5.9.14.a.patch", From 62f5b921c5d9a653d497e46f266eccca252d0fdc Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Thu, 17 Dec 2020 09:16:29 -0500 Subject: [PATCH 27/32] linux/hardened/patches/5.9: 5.9.14.a -> 5.9.15.a --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index ddce2b4ed1fb..ea7ed2076428 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -15,8 +15,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.84.a/linux-hardened-5.4.84.a.patch" }, "5.9": { - "name": "linux-hardened-5.9.14.a.patch", - "sha256": "1rr61s9k7nmr27r4vkgpvvra7r8ksi6h6axf5kcbx7krbgdmwmfv", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.14.a/linux-hardened-5.9.14.a.patch" + "name": "linux-hardened-5.9.15.a.patch", + "sha256": "1iqkw4mnr1p9wzfmjy5lawc6cn9wvg05xsak24fzbp1i22h4dfz4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.15.a/linux-hardened-5.9.15.a.patch" } } From 59f9db8b090cb3a2a3529339ec9a9101de9a3bb9 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sun, 13 Dec 2020 15:44:53 -0300 Subject: [PATCH 28/32] Convert trivial-builders from DocBook to CommonMark --- doc/builders/trivial-builders.chapter.md | 52 ++++++++++++++ doc/builders/trivial-builders.xml | 90 ------------------------ doc/manual.xml | 2 +- 3 files changed, 53 insertions(+), 91 deletions(-) create mode 100644 doc/builders/trivial-builders.chapter.md delete mode 100644 doc/builders/trivial-builders.xml diff --git a/doc/builders/trivial-builders.chapter.md b/doc/builders/trivial-builders.chapter.md new file mode 100644 index 000000000000..c39803fbe339 --- /dev/null +++ b/doc/builders/trivial-builders.chapter.md @@ -0,0 +1,52 @@ +# Trivial builders {#chap-trivial-builders} + +Nixpkgs provides a couple of functions that help with building derivations. The most important one, `stdenv.mkDerivation`, has already been documented above. The following functions wrap `stdenv.mkDerivation`, making it easier to use in certain cases. + +## `runCommand` {#trivial-builder-runCommand} + +This takes three arguments, `name`, `env`, and `buildCommand`. `name` is just the name that Nix will append to the store path in the same way that `stdenv.mkDerivation` uses its `name` attribute. `env` is an attribute set specifying environment variables that will be set for this derivation. These attributes are then passed to the wrapped `stdenv.mkDerivation`. `buildCommand` specifies the commands that will be run to create this derivation. Note that you will need to create `$out` for Nix to register the command as successful. + +An example of using `runCommand` is provided below. + +```nix +(import {}).runCommand "my-example" {} '' + echo My example command is running + + mkdir $out + + echo I can write data to the Nix store > $out/message + + echo I can also run basic commands like: + + echo ls + ls + + echo whoami + whoami + + echo date + date +'' +``` + +## `runCommandCC` {#trivial-builder-runCommandCC} + +This works just like `runCommand`. The only difference is that it also provides a C compiler in `buildCommand`'s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command. + +## `runCommandLocal` {#trivial-builder-runCommandLocal} + +Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build. + +::: {.note} +This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the `system` is usually the same as `builtins.currentSystem`. +::: + +## `writeTextFile`, `writeText`, `writeTextDir`, `writeScript`, `writeScriptBin` {#trivial-builder-writeText} + +These functions write `text` to the Nix store. This is useful for creating scripts from Nix expressions. `writeTextFile` takes an attribute set and expects two arguments, `name` and `text`. `name` corresponds to the name used in the Nix store path. `text` will be the contents of the file. You can also set `executable` to true to make this file have the executable bit set. + +Many more commands wrap `writeTextFile` including `writeText`, `writeTextDir`, `writeScript`, and `writeScriptBin`. These are convenience functions over `writeTextFile`. + +## `symlinkJoin` {#trivial-builder-symlinkJoin} + +This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, `name`, and `paths`. `name` is the name used in the Nix store path for the created derivation. `paths` is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within. diff --git a/doc/builders/trivial-builders.xml b/doc/builders/trivial-builders.xml deleted file mode 100644 index 94948c57b91f..000000000000 --- a/doc/builders/trivial-builders.xml +++ /dev/null @@ -1,90 +0,0 @@ - - Trivial builders - - Nixpkgs provides a couple of functions that help with building derivations. The most important one, stdenv.mkDerivation, has already been documented above. The following functions wrap stdenv.mkDerivation, making it easier to use in certain cases. - - - - - runCommand - - - - This takes three arguments, name, env, and buildCommand. name is just the name that Nix will append to the store path in the same way that stdenv.mkDerivation uses its name attribute. env is an attribute set specifying environment variables that will be set for this derivation. These attributes are then passed to the wrapped stdenv.mkDerivation. buildCommand specifies the commands that will be run to create this derivation. Note that you will need to create $out for Nix to register the command as successful. - - - An example of using runCommand is provided below. - - -(import <nixpkgs> {}).runCommand "my-example" {} '' - echo My example command is running - - mkdir $out - - echo I can write data to the Nix store > $out/message - - echo I can also run basic commands like: - - echo ls - ls - - echo whoami - whoami - - echo date - date -'' - - - - - - runCommandCC - - - - This works just like runCommand. The only difference is that it also provides a C compiler in buildCommand’s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command. - - - - - - runCommandLocal - - - - Variant of runCommand that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build. - - - This sets allowSubstitutes to false, so only use runCommandLocal if you are certain the user will always have a builder for the system of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the system is usually the same as builtins.currentSystem. - - - - - - writeTextFile, writeText, writeTextDir, writeScript, writeScriptBin - - - - These functions write text to the Nix store. This is useful for creating scripts from Nix expressions. writeTextFile takes an attribute set and expects two arguments, name and text. name corresponds to the name used in the Nix store path. text will be the contents of the file. You can also set executable to true to make this file have the executable bit set. - - - Many more commands wrap writeTextFile including writeText, writeTextDir, writeScript, and writeScriptBin. These are convenience functions over writeTextFile. - - - - - - symlinkJoin - - - - This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, name, and paths. name is the name used in the Nix store path for the created derivation. paths is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within. - - - - - diff --git a/doc/manual.xml b/doc/manual.xml index 4367c023b402..eb14dbb440d1 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -24,7 +24,7 @@ Builders - + From 30bfb2f5d0a410bd61044f1b66b2c9f3d7589b9d Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Wed, 16 Dec 2020 14:36:46 -0300 Subject: [PATCH 29/32] Convert fetchers from DocBook to CommonMark --- doc/builders/fetchers.chapter.md | 70 +++++++++++++++ doc/builders/fetchers.xml | 150 ------------------------------- doc/manual.xml | 2 +- 3 files changed, 71 insertions(+), 151 deletions(-) create mode 100644 doc/builders/fetchers.chapter.md delete mode 100644 doc/builders/fetchers.xml diff --git a/doc/builders/fetchers.chapter.md b/doc/builders/fetchers.chapter.md new file mode 100644 index 000000000000..d4cab056c70b --- /dev/null +++ b/doc/builders/fetchers.chapter.md @@ -0,0 +1,70 @@ +# Fetchers {#chap-pkgs-fetchers} + +When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way. + +The two fetcher primitives are `fetchurl` and `fetchzip`. Both of these have two required arguments, a URL and a hash. The hash is typically `sha256`, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use `sha256`. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below. + +```nix +{ stdenv, fetchurl }: + +stdenv.mkDerivation { + name = "hello"; + src = fetchurl { + url = "http://www.example.org/hello.tar.gz"; + sha256 = "1111111111111111111111111111111111111111111111111111"; + }; +} +``` + +The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball. + +`fetchpatch` works very similarly to `fetchurl` with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time. + + +Other fetcher functions allow you to add source code directly from a VCS such as subversion or git. These are mostly straightforward nambes based on the name of the command used with the VCS system. Because they give you a working repository, they act most like `fetchzip`. + +## `fetchsvn` + +Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `sha256`. + +## `fetchgit` + +Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`. + +## `fetchfossil` + +Used with Fossil. Expects `url` to a Fossil archive, `rev`, and `sha256`. + +## `fetchcvs` + +Used with CVS. Expects `cvsRoot`, `tag`, and `sha256`. + +## `fetchhg` + +Used with Mercurial. Expects `url`, `rev`, and `sha256`. + +A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are mainly convenience functions intended for commonly used destinations of source code in Nixpkgs. These wrapper fetchers are listed below. + +## `fetchFromGitHub` + +`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `sha256` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but `sha256` is currently preferred. + +## `fetchFromGitLab` + +This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above. + +## `fetchFromGitiles` + +This is used with Gitiles repositories. The arguments expected are similar to fetchgit. + +## `fetchFromBitbucket` + +This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above. + +## `fetchFromSavannah` + +This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above. + +## `fetchFromRepoOrCz` + +This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above. diff --git a/doc/builders/fetchers.xml b/doc/builders/fetchers.xml deleted file mode 100644 index f07c310dcdf1..000000000000 --- a/doc/builders/fetchers.xml +++ /dev/null @@ -1,150 +0,0 @@ - - Fetchers - - When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way. - - - The two fetcher primitives are fetchurl and fetchzip. Both of these have two required arguments, a URL and a hash. The hash is typically sha256, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use sha256. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below. - - - - The main difference between fetchurl and fetchzip is in how they store the contents. fetchurl will store the unaltered contents of the URL within the Nix store. fetchzip on the other hand will decompress the archive for you, making files and directories directly accessible in the future. fetchzip can only be used with archives. Despite the name, fetchzip is not limited to .zip files and can also be used with any tarball. - - - fetchpatch works very similarly to fetchurl with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time. - - - Other fetcher functions allow you to add source code directly from a VCS such as subversion or git. These are mostly straightforward names based on the name of the command used with the VCS system. Because they give you a working repository, they act most like fetchzip. - - - - - fetchsvn - - - - Used with Subversion. Expects url to a Subversion directory, rev, and sha256. - - - - - - fetchgit - - - - Used with Git. Expects url to a Git repo, rev, and sha256. rev in this case can be full the git commit id (SHA1 hash) or a tag name like refs/tags/v1.0. - - - - - - fetchfossil - - - - Used with Fossil. Expects url to a Fossil archive, rev, and sha256. - - - - - - fetchcvs - - - - Used with CVS. Expects cvsRoot, tag, and sha256. - - - - - - fetchhg - - - - Used with Mercurial. Expects url, rev, and sha256. - - - - - - A number of fetcher functions wrap part of fetchurl and fetchzip. They are mainly convenience functions intended for commonly used destinations of source code in Nixpkgs. These wrapper fetchers are listed below. - - - - - fetchFromGitHub - - - - fetchFromGitHub expects four arguments. owner is a string corresponding to the GitHub user or organization that controls this repository. repo corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as owner/repo. rev corresponds to the Git commit hash or tag (e.g v1.0) that will be downloaded from Git. Finally, sha256 corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but sha256 is currently preferred. - - - - - - fetchFromGitLab - - - - This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above. - - - - - - fetchFromGitiles - - - - This is used with Gitiles repositories. The arguments expected - are similar to fetchgit. - - - - - - fetchFromBitbucket - - - - This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above. - - - - - - fetchFromSavannah - - - - This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above. - - - - - - fetchFromRepoOrCz - - - - This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above. - - - - - diff --git a/doc/manual.xml b/doc/manual.xml index eb14dbb440d1..8cecb01fc227 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -23,7 +23,7 @@ Builders - + From c54358f39112884ba65afbee5205babd52a35fd8 Mon Sep 17 00:00:00 2001 From: wucke13 Date: Mon, 14 Dec 2020 23:57:26 +0100 Subject: [PATCH 30/32] simgear: 2020.1.3 -> 2020.3.4 --- pkgs/development/libraries/simgear/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/simgear/default.nix b/pkgs/development/libraries/simgear/default.nix index 3a7c0b3c410b..e6fb1d7caf75 100644 --- a/pkgs/development/libraries/simgear/default.nix +++ b/pkgs/development/libraries/simgear/default.nix @@ -4,7 +4,7 @@ , curl }: let - version = "2020.1.3"; + version = "2020.3.4"; shortVersion = builtins.substring 0 6 version; in stdenv.mkDerivation rec { @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://sourceforge/flightgear/release-${shortVersion}/${pname}-${version}.tar.bz2"; - sha256 = "1l8kiicm0klbx0b05994vqd8a8wj7k0djbbg41a6i3q5d17jrnk6"; + sha256 = "1laa8dllpvf2z0cjxx22ravdf1d7a18bm708gd2ny35fhjfibm0h"; }; nativeBuildInputs = [ cmake ]; From 2bb504e1f5ccb8abba70e234e74b22fd0b4bf7bc Mon Sep 17 00:00:00 2001 From: wucke13 Date: Mon, 14 Dec 2020 23:57:44 +0100 Subject: [PATCH 31/32] flightgear: 2020.1.3 -> 2020.3.4 --- pkgs/games/flightgear/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/games/flightgear/default.nix b/pkgs/games/flightgear/default.nix index e32f2e96d4fa..a8aef81523d8 100644 --- a/pkgs/games/flightgear/default.nix +++ b/pkgs/games/flightgear/default.nix @@ -6,7 +6,7 @@ }: let - version = "2020.1.2"; + version = "2020.3.4"; shortVersion = builtins.substring 0 6 version; data = stdenv.mkDerivation rec { pname = "flightgear-data"; @@ -14,7 +14,7 @@ let src = fetchurl { url = "mirror://sourceforge/flightgear/release-${shortVersion}/FlightGear-${version}-data.tar.bz2"; - sha256 = "0ldsjb54k8nb99h6n4f4x20nawd2pa0a8skkwkrgckdpmdv0zwyk"; + sha256 = "1cqikbqvidfaynml9bhqfr9yw5ga35gpqrbz62z94a1skdijkpkg"; }; phases = [ "installPhase" ]; @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://sourceforge/flightgear/release-${shortVersion}/${pname}-${version}.tar.bz2"; - sha256 = "1770kgwa7z70sx6da9x1q9cszpd3ywz6nn8jrb6xv8ldjqcpqpvb"; + sha256 = "02d9h10p8hyn0a25csragj6pbwmrir1z8zb92023s9vi21j7bwy8"; }; # Of all the files in the source and data archives, there doesn't seem to be From 94334e4150757138c3b391e784367187d2cbc379 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 17 Dec 2020 15:25:36 +0000 Subject: [PATCH 32/32] gnome3.gdm: 3.38.2 -> 3.38.2.1 --- pkgs/desktops/gnome-3/core/gdm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/gnome-3/core/gdm/default.nix b/pkgs/desktops/gnome-3/core/gdm/default.nix index 026e0d2fae61..10130be57da0 100644 --- a/pkgs/desktops/gnome-3/core/gdm/default.nix +++ b/pkgs/desktops/gnome-3/core/gdm/default.nix @@ -47,13 +47,13 @@ in stdenv.mkDerivation rec { pname = "gdm"; - version = "3.38.2"; + version = "3.38.2.1"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/gdm/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1k2k3rv10y9dppp6ffz6gqi2p6s3g03bxjyy8njvcjyxqdk6d8i5"; + sha256 = "yliiBdXr/L2rVqEXFriY4Wrl3/Ia7nnQdgRkRGKOxNo="; }; mesonFlags = [