mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 19:21:04 +00:00
Code Issues Wiki Activity

Merge master into haskell-updates

Browse source
This commit is contained in:
github-actions[bot] 2024-08-15 00:14:20 +00:00 committed by GitHub
parent 7364d718e1 5683884913
commit e8a5804e3c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
620 changed files with 18974 additions and 13072 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.git-blame-ignore-revs
View file

@ -159,3 +159,6 @@ fbdcdde04a7caa007e825a8b822c75fab9adb2d6
# step-cli: format package.nix with nixfmt (#331629)
fc7a83f8b62e90de5679e993d4d49ca014ea013d
# darwin.stdenv: format with nixfmt-rfc-style (#333962)
93c10ac9e561c6594d3baaeaff2341907390d9b8

1
doc/languages-frameworks/python.section.md
View file

@ -477,7 +477,6 @@ are used in [`buildPythonPackage`](#buildpythonpackage-function).
See [example usage](#using-pythonrelaxdepshook).
- `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder.
- `setuptoolsBuildHook` to build a wheel using `setuptools`.
- `setuptoolsCheckHook` to run tests with `python setup.py test`.
- `sphinxHook` to build documentation and manpages using Sphinx.
- `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A
`venv` is created if it does not yet exist. `postVenvCreation` can be used to

18
doc/stdenv/stdenv.chapter.md
View file

@ -1538,6 +1538,16 @@ Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Execut
Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
#### `shadowstack` {#shadowstack}
Adds the `-fcf-protection=return` compiler option. This enables the Shadow Stack feature supported by some newer processors, which maintains a user-inaccessible copy of the program's stack containing only return-addresses. When returning from a function, the processor compares the return-address value on the two stacks and throws an error if they do not match, considering it a sign of corruption and possible tampering. This should significantly increase the difficulty of ROP attacks.
For the Shadow Stack to be enabled at runtime, all code linked into a process must be built with Shadow Stack enabled, so this is probably only useful to enable on a wide scale, so that all of a packages dependencies also have the feature enabled.
This is currently only supported on some newer Intel and AMD processors as part of the Intel CET set of features. However, the generated code should continue to work on older processors which will simply omit any of this checking.
This breaks some code that does advanced stack management or exception handling. If enabling this hardening flag it is important to test the result on a system that has known working and enabled CET support, so that any such breakage can be discovered.
#### `trivialautovarinit` {#trivialautovarinit}
Adds the `-ftrivial-auto-var-init=pattern` compiler option. This causes "trivially-initializable" uninitialized stack variables to be forcibly initialized with a nonzero value that is likely to cause a crash (and therefore be noticed). Uninitialized variables generally take on their values based on fragments of previous program state, and attackers can carefully manipulate that state to craft malicious initial values for these variables.
@ -1554,6 +1564,14 @@ sorry, unimplemented: __builtin_clear_padding not supported for variable length
This flag adds the `-fstack-clash-protection` compiler option, which causes growth of a program's stack to access each successive page in order. This should force the guard page to be accessed and cause an attempt to "jump over" this guard page to crash.
#### `pacret` {#pacret}
This flag adds the `-mbranch-protection=pac-ret` compiler option on aarch64-linux targets. This uses ARM v8.3's Pointer Authentication feature to sign function return pointers before adding them to the stack. The pointer's authenticity is then validated before returning to its destination. This dramatically increases the difficulty of ROP exploitation techniques.
This may cause problems with code that does advanced stack manipulation, and debugging/stack-unwinding tools need to be pac-ret aware to work correctly when these features are in operation.
Pre-ARM v8.3 processors will ignore Pointer Authentication instructions, so code built with this flag will continue to work on older processors, though without any of the intended protections. If enabling this flag, it is recommended to ensure the resultant packages are tested against an ARM v8.3+ linux system with known-working Pointer Authentication support so that any breakage caused by this feature is actually detected.
[^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
[^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a packages transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.

24
maintainers/maintainer-list.nix
View file

@ -2225,6 +2225,12 @@
githubId = 18467667;
name = "Alexander Bantyev";
};
bananad3v = {
email = "banana@banana.is-cool.dev";
github = "BANanaD3V";
githubId = 68944906;
name = "Nikita";
};
bandresen = {
email = "bandresen@gmail.com";
github = "bennyandresen";
@ -5083,6 +5089,12 @@
githubId = 265220;
name = "David Leung";
};
diadatp = {
email = "nixpkgs@diadatp.com";
github = "diadatp";
githubId = 4490283;
name = "diadatp";
};
DianaOlympos = {
github = "DianaOlympos";
githubId = 15774340;
@ -7388,6 +7400,12 @@
{ fingerprint = "MP2UpIRtJpbFFqyucP431H/FPCfn58UhEUTro4lXtRs"; }
];
};
geraldog = {
email = "geraldogabriel@gmail.com";
github = "geraldog";
githubId = 14135816;
name = "Geraldo Nascimento";
};
gerg-l = {
email = "gregleyda@proton.me";
github = "Gerg-L";
@ -20008,6 +20026,12 @@
githubId = 6457015;
name = "Taha Gharib";
};
taha-yassine = {
email = "taha.yssne@gmail.com";
github = "taha-yassine";
githubId = 40228615;
name = "Taha Yassine";
};
taikx4 = {
email = "taikx4@taikx4szlaj2rsdupcwabg35inbny4jk322ngeb7qwbbhd5i55nf5yyd.onion";
github = "taikx4";

13
nixos/doc/manual/release-notes/rl-2411.section.md
View file

@ -10,6 +10,8 @@
This also allows configuring runtime settings of AMDVLK and enabling experimental features.
- The `moonlight-qt` package ([Moonlight game streaming](https://moonlight-stream.org/)) now has HDR support on Linux systems.
- PostgreSQL now defaults to major version 16.
- `authelia` has been upgraded to version 4.38. This version brings several features and improvements which are detailed in the [release blog post](https://www.authelia.com/blog/4.38-release-notes/).
This release also deprecates some configuration keys, which are likely to be removed in future version 5.0, but they are still supported and expected to be working in the current version.
@ -18,8 +20,6 @@
- `hardware.display` is a new module implementing workarounds for misbehaving monitors
through setting up custom EDID files and forcing kernel/framebuffer modes.
- NixOS now has support for *automatic boot assessment* (see [here](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT/)) for detailed description of the feature) for `systemd-boot` users. Available as [boot.loader.systemd-boot.bootCounting](#opt-boot.loader.systemd-boot.bootCounting.enable).
- A new display-manager `services.displayManager.ly` was added.
It is a tui based replacement of sddm and lightdm for window manager users.
Users can use it by `services.displayManager.ly.enable` and config it by
@ -27,6 +27,8 @@
## New Services {#sec-release-24.11-new-services}
- [TaskChampion Sync-Server](https://github.com/GothenburgBitFactory/taskchampion-sync-server), a [Taskwariror 3](https://taskwarrior.org/docs/upgrade-3/) sync server, replacing Taskwarrior 2's sync server named [`taskserver`](https://github.com/GothenburgBitFactory/taskserver).
- [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr), proxy server to bypass Cloudflare protection. Available as [services.flaresolverr](#opt-services.flaresolverr.enable) service.
- [Goatcounter](https://www.goatcounter.com/), Easy web analytics. No tracking of personal data. Available as [services.goatcounter](options.html#opt-services.goatcocunter.enable).
@ -319,6 +321,8 @@
- The `stackclashprotection` hardening flag has been added, though disabled by default.
- The `pacret` hardening flag has been added, though disabled by default.
- `cargoSha256` in `rustPlatform.buildRustPackage` has been deprecated in favor
of `cargoHash` which supports SRI hashes. See
[buildRustPackage: Compiling Rust applications with Cargo](https://nixos.org/manual/nixpkgs/unstable/#compiling-rust-applications-with-cargo)
@ -338,6 +342,9 @@
The derivation now installs "impl" headers selectively instead of by a wildcard.
Use `imgui.src` if you just want to access the unpacked sources.
- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an
unrestricted access to it can set `boot.kernel.sysctl."kernel.dmesg_restrict" = false`.
- The `i18n.inputMethod` module introduces two new properties:
`enable` and `type`, for declaring whether to enable an alternative input method and defining which input method respectfully. The options available in `type` are the same as the existing `enabled` option. `enabled` is now deprecated, and will be removed in a future release.
@ -353,6 +360,8 @@
- Nemo is now built with gtk-layer-shell support, note that for now it will be expected to see nemo-desktop
listed as a regular entry in Cinnamon Wayland session's window list applet.
- The `shadowstack` hardening flag has been added, though disabled by default.
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
- Support for *runner registration tokens* has been [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872)

2
nixos/modules/module-list.nix
View file

@ -664,6 +664,7 @@
./services/mail/mailcatcher.nix
./services/mail/mailhog.nix
./services/mail/mailman.nix
./services/mail/mailpit.nix
./services/mail/mlmmj.nix
./services/mail/nullmailer.nix
./services/mail/offlineimap.nix
@ -845,6 +846,7 @@
./services/misc/tabby.nix
./services/misc/tandoor-recipes.nix
./services/misc/taskserver
./services/misc/taskchampion-sync-server.nix
./services/misc/tautulli.nix
./services/misc/tiddlywiki.nix
./services/misc/tp-auto-kbbl.nix

3
nixos/modules/services/databases/postgresql.nix
View file

@ -483,7 +483,8 @@ in
services.postgresql.package = let
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
base = if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
base = if versionAtLeast config.system.stateVersion "24.11" then pkgs.postgresql_16
else if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"

106
nixos/modules/services/mail/mailpit.nix Normal file
View file

@ -0,0 +1,106 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (config.services.mailpit) instances;
inherit (lib)
cli
concatStringsSep
const
filterAttrs
getExe
mapAttrs'
mkIf
mkOption
nameValuePair
types
;
isNonNull = v: v != null;
genCliFlags =
settings: concatStringsSep " " (cli.toGNUCommandLine { } (filterAttrs (const isNonNull) settings));
in
{
options.services.mailpit.instances = mkOption {
default = { };
type = types.attrsOf (
types.submodule {
freeformType = types.attrsOf (
types.oneOf [
types.str
types.int
types.bool
]
);
options = {
database = mkOption {
type = types.nullOr types.str;
default = null;
example = "mailpit.db";
description = ''
Specify the local database filename to store persistent data.
If `null`, a temporary file will be created that will be removed when the application stops.
It's recommended to specify a relative path. The database will be written into the service's
state directory then.
'';
};
max = mkOption {
type = types.ints.unsigned;
default = 500;
description = ''
Maximum number of emails to keep. If the number is exceeded, old emails
will be deleted.
Set to `0` to never prune old emails.
'';
};
listen = mkOption {
default = "127.0.0.1:8025";
type = types.str;
description = ''
HTTP bind interface and port for UI.
'';
};
smtp = mkOption {
default = "127.0.0.1:1025";
type = types.str;
description = ''
SMTP bind interface and port.
'';
};
};
}
);
description = ''
Configure mailpit instances. The attribute-set values are
CLI flags passed to the `mailpit` CLI.
See [upstream docs](https://mailpit.axllent.org/docs/configuration/runtime-options/)
for all available options.
'';
};
config = mkIf (instances != { }) {
systemd.services = mapAttrs' (
name: cfg:
nameValuePair "mailpit-${name}" {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = "mailpit";
WorkingDirectory = "%S/mailpit";
ExecStart = "${getExe pkgs.mailpit} ${genCliFlags cfg}";
Restart = "on-failure";
};
}
) instances;
};
meta.maintainers = lib.teams.flyingcircus.members;
}

5
nixos/modules/services/misc/open-webui.nix
View file

@ -54,7 +54,10 @@ in
WEBUI_AUTH = "False";
}
'';
description = "Extra environment variables for Open-WebUI";
description = ''
Extra environment variables for Open-WebUI.
For more details see https://docs.openwebui.com/getting-started/env-configuration/
'';
};
openFirewall = lib.mkOption {

85
nixos/modules/services/misc/taskchampion-sync-server.nix Normal file
View file

@ -0,0 +1,85 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) types;
cfg = config.services.taskchampion-sync-server;
in
{
options.services.taskchampion-sync-server = {
enable = lib.mkEnableOption "TaskChampion Sync Server for Taskwarrior 3";
package = lib.mkPackageOption pkgs "taskchampion-sync-server" { };
user = lib.mkOption {
description = "Unix User to run the server under";
type = types.str;
default = "taskchampion";
};
group = lib.mkOption {
description = "Unix Group to run the server under";
type = types.str;
default = "taskchampion";
};
port = lib.mkOption {
description = "Port on which to serve";
type = types.port;
default = 10222;
};
openFirewall = lib.mkEnableOption "Open firewall port for taskchampion-sync-server";
dataDir = lib.mkOption {
description = "Directory in which to store data";
type = types.path;
default = "/var/lib/taskchampion-sync-server";
};
snapshot = {
versions = lib.mkOption {
description = "Target number of versions between snapshots";
type = types.ints.positive;
default = 100;
};
days = lib.mkOption {
description = "Target number of days between snapshots";
type = types.ints.positive;
default = 14;
};
};
};
config = lib.mkIf cfg.enable {
users.users.${cfg.user} = {
isSystemUser = true;
inherit (cfg) group;
};
users.groups.${cfg.group} = { };
networking.firewall.allowedTCPPorts = lib.mkIf (cfg.openFirewall) [ cfg.port ];
systemd.tmpfiles.settings = {
"10-taskchampion-sync-server" = {
"${cfg.dataDir}" = {
d = {
inherit (cfg) group user;
mode = "0750";
};
};
};
};
systemd.services.taskchampion-sync-server = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
DynamicUser = false;
ExecStart = ''
${lib.getExe cfg.package} \
--port ${builtins.toString cfg.port} \
--data-dir ${cfg.dataDir} \
--snapshot-versions ${builtins.toString cfg.snapshot.versions} \
--snapshot-days ${builtins.toString cfg.snapshot.days}
'';
};
};
};
}

16
nixos/modules/services/misc/taskserver/default.md
View file

@ -1,10 +1,18 @@
# Taskserver {#module-services-taskserver}
Taskserver is the server component of
Taskserver is the server component of the now deprecated version 2 of
[Taskwarrior](https://taskwarrior.org/), a free and
open source todo list application.
*Upstream documentation:* <https://taskwarrior.org/docs/#taskd>
[Taskwarrior 3.0.0 was released in March
2024](https://github.com/GothenburgBitFactory/taskwarrior/releases/tag/v3.0.0),
and the sync functionality was rewritten entirely. With it, a NixOS module
named
[`taskchampion-sync-server`](options.html#opt-services.taskchampion-sync-server.enable)
was added to Nixpkgs. Many people still want to use the old [Taskwarrior
2.6.x](https://github.com/GothenburgBitFactory/taskwarrior/releases/tag/v2.6.2),
and Taskserver along with it. Hence this module and this documentation will
stay here for the near future.
## Configuration {#module-services-taskserver-configuration}
@ -23,7 +31,7 @@ entity.
With {command}`nixos-taskserver` the client certificate is created
along with the UUID of the user, so it handles all of the credentials needed
in order to setup the Taskwarrior client to work with a Taskserver.
in order to setup the Taskwarrior 2 client to work with a Taskserver.
## The nixos-taskserver tool {#module-services-taskserver-nixos-taskserver-tool}
@ -49,7 +57,7 @@ command, documentation for each subcommand can be shown by using the
## Declarative/automatic CA management {#module-services-taskserver-declarative-ca-management}
Everything is done according to what you specify in the module options,
however in order to set up a Taskwarrior client for synchronisation with a
however in order to set up a Taskwarrior 2 client for synchronisation with a
Taskserver instance, you have to transfer the keys and certificates to the
client machine.

6
nixos/modules/services/misc/taskserver/default.nix
View file

@ -143,7 +143,7 @@ in {
description = let
url = "https://nixos.org/manual/nixos/stable/index.html#module-services-taskserver";
in ''
Whether to enable the Taskwarrior server.
Whether to enable the Taskwarrior 2 server.
More instructions about NixOS in conjunction with Taskserver can be
found [in the NixOS manual](${url}).
@ -327,7 +327,7 @@ in {
Configuration options to pass to Taskserver.
The options here are the same as described in
{manpage}`taskdrc(5)`, but with one difference:
{manpage}`taskdrc(5)` from the `taskwarrior2` package, but with one difference:
The `server` option is
`server.listen` here, because the
@ -449,7 +449,7 @@ in {
};
systemd.services.taskserver = {
description = "Taskwarrior Server";
description = "Taskwarrior 2 Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];

4
nixos/modules/services/networking/unbound.nix
View file

@ -33,7 +33,7 @@ let
confFile = if cfg.checkconf then pkgs.runCommandLocal "unbound-checkconf" { } ''
cp ${confFileUnchecked} unbound.conf
# fake stateDir which is not accesible in the sandbox
# fake stateDir which is not accessible in the sandbox
mkdir -p $PWD/state
sed -i unbound.conf \
-e '/auto-trust-anchor-file/d' \
@ -79,7 +79,7 @@ in {
default = !cfg.settings ? include && !cfg.settings ? remote-control;
defaultText = "!services.unbound.settings ? include && !services.unbound.settings ? remote-control";
description = ''
Wether to check the resulting config file with unbound checkconf for syntax errors.
Whether to check the resulting config file with unbound checkconf for syntax errors.
If settings.include is used, this options is disabled, as the import can likely not be accessed at build time.
If settings.remote-control is used, this option is disabled, too as the control-key-file, server-cert-file and server-key-file cannot be accessed at build time.

12
nixos/modules/services/web-apps/miniflux.nix
View file

@ -49,7 +49,8 @@ in
};
adminCredentialsFile = mkOption {
type = types.path;
type = types.nullOr types.path;
default = null;
description = ''
File containing the ADMIN_USERNAME and
ADMIN_PASSWORD (length >= 6) in the format of
@ -61,11 +62,16 @@ in
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.config.CREATE_ADMIN == 0 || cfg.adminCredentialsFile != null;
message = "services.miniflux.adminCredentialsFile must be set if services.miniflux.config.CREATE_ADMIN is 1";
}
];
services.miniflux.config = {
LISTEN_ADDR = mkDefault defaultAddress;
DATABASE_URL = lib.mkIf cfg.createDatabaseLocally "user=miniflux host=/run/postgresql dbname=miniflux";
RUN_MIGRATIONS = 1;
CREATE_ADMIN = 1;
CREATE_ADMIN = lib.mkDefault 1;
WATCHDOG = 1;
};
@ -103,7 +109,7 @@ in
DynamicUser = true;
RuntimeDirectory = "miniflux";
RuntimeDirectoryMode = "0750";
EnvironmentFile = cfg.adminCredentialsFile;
EnvironmentFile = lib.mkIf (cfg.adminCredentialsFile != null) cfg.adminCredentialsFile;
WatchdogSec = 60;
WatchdogSignal = "SIGKILL";
Restart = "always";

47
nixos/modules/services/x11/display-managers/sx.nix
View file

@ -1,13 +1,18 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.xserver.displayManager.sx;
let cfg = config.services.xserver.displayManager.sx;
in {
in
{
options = {
services.xserver.displayManager.sx = {
enable = mkEnableOption "sx pseudo-display manager" // {
enable = lib.mkEnableOption "" // {
description = ''
Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell. The X server
@ -19,16 +24,34 @@ in {
dependency.
'';
};
addAsSession = lib.mkEnableOption "" // {
description = ''
Whether to add sx as a display manager session. Keep in mind that sx
expects to be run from a TTY, so it may not work in your display
manager.
'';
};
package = lib.mkPackageOption pkgs "sx" { };
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.sx ];
services.xserver = {
exportConfiguration = true;
logFile = mkDefault null;
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
services = {
displayManager.sessionPackages = lib.optionals cfg.addAsSession [ cfg.package ];
xserver = {
exportConfiguration = true;
logFile = lib.mkDefault null;
};
};
};
meta.maintainers = with maintainers; [ figsoda ];
meta.maintainers = with lib.maintainers; [
figsoda
thiagokokada
];
}

19
nixos/modules/system/activation/specialisation.nix
View file

@ -1,14 +1,10 @@
{ config, lib, extendModules, noUserModules, ... }:
{ config, lib, pkgs, extendModules, noUserModules, ... }:
let
inherit (lib)
attrNames
concatStringsSep
filter
length
mapAttrs
mapAttrsToList
match
mkOption
types
;
@ -77,19 +73,6 @@ in
};
config = {
assertions = [(
let
invalidNames = filter (name: match "[[:alnum:]_]+" name == null) (attrNames config.specialisation);
in
{
assertion = length invalidNames == 0;
message = ''
Specialisation names can only contain alphanumeric characters and underscores
Invalid specialisation names: ${concatStringsSep ", " invalidNames}
'';
}
)];
system.systemBuilderCommands = ''
mkdir $out/specialisation
${concatStringsSep "\n"

38
nixos/modules/system/boot/loader/systemd-boot/boot-counting.md
View file

@ -1,38 +0,0 @@
# Automatic boot assessment with systemd-boot {#sec-automatic-boot-assessment}
## Overview {#sec-automatic-boot-assessment-overview}
Automatic boot assessment (or boot-counting) is a feature of `systemd-boot` that allows for automatically detecting invalid boot entries.
When the feature is active, each boot entry has an associated counter with a user defined number of trials. Whenever `systemd-boot` boots an entry, its counter is decreased by one, ultimately being marked as *bad* if the counter ever reaches zero. However, if an entry is successfully booted, systemd will permanently mark it as *good* and remove the counter altogether. Whenever an entry is marked as *bad*, it is sorted last in the `systemd-boot` menu.
A complete explanation of how that feature works can be found [here](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT/).
## Enabling the feature {#sec-automatic-boot-assessment-enable}
The feature can be enabled by toogling the [boot.loader.systemd-boot.bootCounting](#opt-boot.loader.systemd-boot.bootCounting.enable) option.
## The boot-complete.target unit {#sec-automatic-boot-assessment-boot-complete-target}
A *successful boot* for an entry is defined in terms of the `boot-complete.target` synchronisation point. It is up to the user to schedule all necessary units for the machine to be considered successfully booted before that synchronisation point.
For example, if you are running `docker` on a machine and you want to be sure that a *good* entry is an entry where docker is started successfully.
A configuration for that NixOS machine could look like that:
```
boot.loader.systemd-boot.bootCounting.enable = true;
services.docker.enable = true;
systemd.services.docker = {
before = [ "boot-complete.target" ];
wantedBy = [ "boot-complete.target" ];
unitConfig.FailureAction = "reboot";
};
```
The systemd service type must be of type `notify` or `oneshot` for systemd to dectect the startup error properly.
## Interaction with specialisations {#sec-automatic-boot-assessment-specialisations}
When the boot-counting feature is enabled, `systemd-boot` will still try the boot entries in the same order as they are displayed in the boot menu. This means that the specialisations of a given generation will be tried directly after that generation, but that behavior is customizable with the [boot.loader.systemd-boot.sortKey](#opt-boot.loader.systemd-boot.sortKey) option.
## Limitations {#sec-automatic-boot-assessment-limitations}
This feature has to be used wisely to not risk any data integrity issues. Rollbacking into past generations can sometimes be dangerous, for example if some of the services may have undefined behaviors in the presence of unrecognized data migrations from future versions of themselves.

247
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
View file

@ -12,9 +12,8 @@ import subprocess
import sys
import warnings
import json
from typing import NamedTuple, Any, Type
from typing import NamedTuple, Any
from dataclasses import dataclass
from pathlib import Path
# These values will be replaced with actual values during the package build
EFI_SYS_MOUNT_POINT = "@efiSysMountPoint@"
@ -34,8 +33,6 @@ CAN_TOUCH_EFI_VARIABLES = "@canTouchEfiVariables@"
GRACEFUL = "@graceful@"
COPY_EXTRA_FILES = "@copyExtraFiles@"
CHECK_MOUNTPOINTS = "@checkMountpoints@"
BOOT_COUNTING_TRIES = "@bootCountingTries@"
BOOT_COUNTING = "@bootCounting@" == "True"
@dataclass
class BootSpec:
@ -51,108 +48,6 @@ class BootSpec:
devicetree: str | None = None # noqa: N815
initrdSecrets: str | None = None # noqa: N815
@dataclass
class Entry:
profile: str | None
generation_number: int
specialisation: str | None
@classmethod
def from_path(cls: Type["Entry"], path: Path) -> "Entry":
filename = path.name
# Matching nixos-$profile-generation-*.conf
rex_profile = re.compile(r"^nixos-(.*)-generation-.*\.conf$")
# Matching nixos*-generation-$number*.conf
rex_generation = re.compile(r"^nixos.*-generation-([0-9]+).*\.conf$")
# Matching nixos*-generation-$number-specialisation-$specialisation_name*.conf
rex_specialisation = re.compile(r"^nixos.*-generation-([0-9]+)-specialisation-([a-zA-Z0-9_]+).*\.conf$")
profile = rex_profile.sub(r"\1", filename) if rex_profile.match(filename) else None
specialisation = rex_specialisation.sub(r"\2", filename) if rex_specialisation.match(filename) else None
try:
generation_number = int(rex_generation.sub(r"\1", filename))
except ValueError:
raise
return cls(profile, generation_number, specialisation)
@dataclass
class DiskEntry:
entry: Entry
default: bool
counters: str | None
title: str | None
description: str | None
kernel: str
initrd: str
kernel_params: str | None
machine_id: str | None
sort_key: str
devicetree: str | None
@classmethod
def from_path(cls: Type["DiskEntry"], path: Path) -> "DiskEntry":
entry = Entry.from_path(path)
data = path.read_text().splitlines()
if '' in data:
data.remove('')
entry_map = dict(lines.split(' ', 1) for lines in data)
assert "linux" in entry_map
assert "initrd" in entry_map
filename = path.name
# Matching nixos*-generation-*$counters.conf
rex_counters = re.compile(r"^nixos.*-generation-.*(\+\d(-\d)?)\.conf$")
counters = rex_counters.sub(r"\1", filename) if rex_counters.match(filename) else None
disk_entry = cls(
entry=entry,
default=(entry_map.get("sort-key") == "default"),
counters=counters,
title=entry_map.get("title"),
description=entry_map.get("version"),
kernel=entry_map["linux"],
initrd=entry_map["initrd"],
kernel_params=entry_map.get("options"),
machine_id=entry_map.get("machine-id"),
sort_key=entry_map.get("sort_key", "nixos"),
devicetree=entry_map.get("devicetree"),
)
return disk_entry
def write(self, sorted_first: str) -> None:
# Compute a sort-key sorted before sorted_first
# This will compute something like: nixos -> nixor-default to make sure we come before other nixos entries,
# while allowing users users can pre-pend their own entries before.
default_sort_key = sorted_first[:-1] + chr(ord(sorted_first[-1])-1) + "-default"
tmp_path = self.path.with_suffix(".tmp")
with tmp_path.open('w') as f:
# We use "sort-key" to sort the default generation first.
# The "default" string is sorted before "non-default" (alphabetically)
boot_entry = [
f"title {self.title}" if self.title is not None else None,
f"version {self.description}" if self.description is not None else None,
f"linux {self.kernel}",
f"initrd {self.initrd}",
f"options {self.kernel_params}" if self.kernel_params is not None else None,
f"machine-id {self.machine_id}" if self.machine_id is not None else None,
f"sort-key {default_sort_key if self.default else self.sort_key}",
f"devicetree {self.devicetree}" if self.devicetree is not None else None,
]
f.write("\n".join(filter(None, boot_entry)))
f.flush()
os.fsync(f.fileno())
tmp_path.rename(self.path)
@property
def path(self) -> Path:
pieces = [
"nixos",
self.entry.profile or None,
"generation",
str(self.entry.generation_number),
f"specialisation-{self.entry.specialisation}" if self.entry.specialisation else None,
]
prefix = "-".join(p for p in pieces if p)
return Path(f"{BOOT_MOUNT_POINT}/loader/entries/{prefix}{self.counters if self.counters else ''}.conf")
libc = ctypes.CDLL("libc.so.6")
@ -185,13 +80,29 @@ def system_dir(profile: str | None, generation: int, specialisation: str | None)
else:
return d
def write_loader_conf(profile: str | None) -> None:
with open(f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf.tmp", 'w') as f:
BOOT_ENTRY = """title {title}
sort-key {sort_key}
version Generation {generation} {description}
linux {kernel}
initrd {initrd}
options {kernel_params}
"""
def generation_conf_filename(profile: str | None, generation: int, specialisation: str | None) -> str:
pieces = [
"nixos",
profile or None,
"generation",
str(generation),
f"specialisation-{specialisation}" if specialisation else None,
]
return "-".join(p for p in pieces if p) + ".conf"
def write_loader_conf(profile: str | None, generation: int, specialisation: str | None) -> None:
with open(f"{LOADER_CONF}.tmp", 'w') as f:
f.write(f"timeout {TIMEOUT}\n")
if profile:
f.write("default nixos-%s-generation-*\n" % profile)
else:
f.write("default nixos-generation-*\n")
f.write("default %s\n" % generation_conf_filename(profile, generation, specialisation))
if not EDITOR:
f.write("editor 0\n")
if REBOOT_FOR_BITLOCKER:
@ -201,19 +112,6 @@ def write_loader_conf(profile: str | None) -> None:
os.fsync(f.fileno())
os.rename(f"{LOADER_CONF}.tmp", LOADER_CONF)
def scan_entries() -> list[DiskEntry]:
"""
Scan all entries in $ESP/loader/entries/*
Does not support Type 2 entries as we do not support them for now.
Returns a generator of Entry.
"""
entries = []
for path in Path(f"{EFI_SYS_MOUNT_POINT}/loader/entries/").glob("nixos*-generation-[1-9]*.conf"):
try:
entries.append(DiskEntry.from_path(path))
except ValueError:
continue
return entries
def get_bootspec(profile: str | None, generation: int) -> BootSpec:
system_directory = system_dir(profile, generation, None)
@ -258,14 +156,8 @@ def copy_from_file(file: str, dry_run: bool = False) -> str:
copy_if_not_exists(store_file_path, f"{BOOT_MOUNT_POINT}{efi_file_path}")
return efi_file_path
def write_entry(profile: str | None,
generation: int,
specialisation: str | None,
machine_id: str,
bootspec: BootSpec,
entries: list[DiskEntry],
sorted_first: str,
current: bool) -> None:
def write_entry(profile: str | None, generation: int, specialisation: str | None,
machine_id: str, bootspec: BootSpec, current: bool) -> None:
if specialisation:
bootspec = bootspec.specialisations[specialisation]
kernel = copy_from_file(bootspec.kernel)
@ -289,33 +181,31 @@ def write_entry(profile: str | None,
f'for "{title} - Configuration {generation}", an older generation', file=sys.stderr)
print("note: this is normal after having removed "
"or renamed a file in `boot.initrd.secrets`", file=sys.stderr)
entry_file = f"{BOOT_MOUNT_POINT}/loader/entries/%s" % (
generation_conf_filename(profile, generation, specialisation))
tmp_path = "%s.tmp" % (entry_file)
kernel_params = "init=%s " % bootspec.init
kernel_params = kernel_params + " ".join(bootspec.kernelParams)
build_time = int(os.path.getctime(system_dir(profile, generation, specialisation)))
build_date = datetime.datetime.fromtimestamp(build_time).strftime('%F')
counters = f"+{BOOT_COUNTING_TRIES}" if BOOT_COUNTING else ""
entry = Entry(profile, generation, specialisation)
# We check if the entry we are writing is already on disk
# and we update its "default entry" status
for entry_on_disk in entries:
if entry == entry_on_disk.entry:
entry_on_disk.default = current
entry_on_disk.write(sorted_first)
return
DiskEntry(
entry=entry,
title=title,
kernel=kernel,
initrd=initrd,
counters=counters,
kernel_params=kernel_params,
machine_id=machine_id,
description=f"Generation {generation} {bootspec.label}, built on {build_date}",
sort_key=bootspec.sortKey,
devicetree=devicetree,
default=current
).write(sorted_first)
with open(tmp_path, 'w') as f:
f.write(BOOT_ENTRY.format(title=title,
sort_key=bootspec.sortKey,
generation=generation,
kernel=kernel,
initrd=initrd,
kernel_params=kernel_params,
description=f"{bootspec.label}, built on {build_date}"))
if machine_id is not None:
f.write("machine-id %s\n" % machine_id)
if devicetree is not None:
f.write("devicetree %s\n" % devicetree)
f.flush()
os.fsync(f.fileno())
os.rename(tmp_path, entry_file)
def get_generations(profile: str | None = None) -> list[SystemIdentifier]:
gen_list = run(
@ -343,19 +233,30 @@ def get_generations(profile: str | None = None) -> list[SystemIdentifier]:
return configurations[-configurationLimit:]
def remove_old_entries(gens: list[SystemIdentifier], disk_entries: list[DiskEntry]) -> None:
def remove_old_entries(gens: list[SystemIdentifier]) -> None:
rex_profile = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + r"/loader/entries/nixos-(.*)-generation-.*\.conf$")
rex_generation = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + r"/loader/entries/nixos.*-generation-([0-9]+)(-specialisation-.*)?\.conf$")
known_paths = []
for gen in gens:
bootspec = get_bootspec(gen.profile, gen.generation)
known_paths.append(copy_from_file(bootspec.kernel, True))
known_paths.append(copy_from_file(bootspec.initrd, True))
for disk_entry in disk_entries:
if (disk_entry.entry.profile, disk_entry.entry.generation_number, None) not in gens:
os.unlink(disk_entry.path)
for path in glob.iglob(f"{EFI_SYS_MOUNT_POINT}/efi/nixos/*"):
for path in glob.iglob(f"{BOOT_MOUNT_POINT}/loader/entries/nixos*-generation-[1-9]*.conf"):
if rex_profile.match(path):
prof = rex_profile.sub(r"\1", path)
else:
prof = None
try:
gen_number = int(rex_generation.sub(r"\1", path))
except ValueError:
continue
if (prof, gen_number, None) not in gens:
os.unlink(path)
for path in glob.iglob(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/*"):
if path not in known_paths and not os.path.isdir(path):
os.unlink(path)
def cleanup_esp() -> None:
for path in glob.iglob(f"{EFI_SYS_MOUNT_POINT}/loader/entries/nixos*"):
os.unlink(path)
@ -374,7 +275,7 @@ def get_profiles() -> list[str]:
def install_bootloader(args: argparse.Namespace) -> None:
try:
with open("/etc/machine-id") as machine_file:
machine_id = machine_file.readlines()[0].strip()
machine_id = machine_file.readlines()[0]
except IOError as e:
if e.errno != errno.ENOENT:
raise
@ -458,32 +359,18 @@ def install_bootloader(args: argparse.Namespace) -> None:
gens = get_generations()
for profile in get_profiles():
gens += get_generations(profile)
entries = scan_entries()
remove_old_entries(gens, entries)
# Compute the sort-key that will be sorted first.
sorted_first = ""
for gen in gens:
try:
bootspec = get_bootspec(gen.profile, gen.generation)
if bootspec.sortKey < sorted_first or sorted_first == "":
sorted_first = bootspec.sortKey
except OSError as e:
# See https://github.com/NixOS/nixpkgs/issues/114552
if e.errno == errno.EINVAL:
profile = f"profile '{gen.profile}'" if gen.profile else "default profile"
print("ignoring {} in the list of boot entries because of the following error:\n{}".format(profile, e), file=sys.stderr)
else:
raise e
remove_old_entries(gens)
for gen in gens:
try:
bootspec = get_bootspec(gen.profile, gen.generation)
is_default = os.path.dirname(bootspec.init) == args.default_config
write_entry(*gen, machine_id, bootspec, entries, sorted_first, current=is_default)
write_entry(*gen, machine_id, bootspec, current=is_default)
for specialisation in bootspec.specialisations.keys():
write_entry(gen.profile, gen.generation, specialisation, machine_id, bootspec, entries, sorted_first, current=(is_default and bootspec.specialisations[specialisation].sortKey == bootspec.sortKey))
write_entry(gen.profile, gen.generation, specialisation, machine_id, bootspec, current=is_default)
if is_default:
write_loader_conf(gen.profile)
write_loader_conf(*gen)
except OSError as e:
# See https://github.com/NixOS/nixpkgs/issues/114552
if e.errno == errno.EINVAL:

16
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View file

@ -80,8 +80,6 @@ let
${pkgs.coreutils}/bin/install -D $empty_file "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/"${escapeShellArg n}
'') cfg.extraEntries)}
'';
bootCountingTries = cfg.bootCounting.tries;
bootCounting = if cfg.bootCounting.enable then "True" else "False";
};
finalSystemdBootBuilder = pkgs.writeScript "install-systemd-boot.sh" ''
@ -91,10 +89,7 @@ let
'';
in {
meta = {
maintainers = with lib.maintainers; [ julienmalka ];
doc = ./boot-counting.md;
};
meta.maintainers = with lib.maintainers; [ julienmalka ];
imports =
[ (mkRenamedOptionModule [ "boot" "loader" "gummiboot" "enable" ] [ "boot" "loader" "systemd-boot" "enable" ])
@ -333,15 +328,6 @@ in {
'';
};
bootCounting = {
enable = mkEnableOption "automatic boot assessment";
tries = mkOption {
default = 3;
type = types.int;
description = "number of tries each entry should start with";
};
};
rebootForBitlocker = mkOption {
default = false;

4
nixos/modules/system/boot/systemd.nix
View file

@ -107,10 +107,6 @@ let
"systemd-rfkill.service"
"systemd-rfkill.socket"
# Boot counting
"boot-complete.target"
] ++ lib.optional config.boot.loader.systemd-boot.bootCounting.enable "systemd-bless-boot.service" ++ [
# Hibernate / suspend.
"hibernate.target"
"suspend.target"

4
nixos/tests/all-tests.nix
View file

@ -552,6 +552,7 @@ in {
magnetico = handleTest ./magnetico.nix {};
mailcatcher = handleTest ./mailcatcher.nix {};
mailhog = handleTest ./mailhog.nix {};
mailpit = handleTest ./mailpit.nix {};
mailman = handleTest ./mailman.nix {};
man = handleTest ./man.nix {};
mariadb-galera = handleTest ./mysql/mariadb-galera.nix {};
@ -764,6 +765,7 @@ in {
php81 = handleTest ./php { php = pkgs.php81; };
php82 = handleTest ./php { php = pkgs.php82; };
php83 = handleTest ./php { php = pkgs.php83; };
php84 = handleTest ./php { php = pkgs.php84; };
phylactery = handleTest ./web-apps/phylactery.nix {};
pict-rs = handleTest ./pict-rs.nix {};
pinnwand = handleTest ./pinnwand.nix {};
@ -926,6 +928,7 @@ in {
swayfx = handleTest ./swayfx.nix {};
switchTest = handleTest ./switch-test.nix { ng = false; };
switchTestNg = handleTest ./switch-test.nix { ng = true; };
sx = handleTest ./sx.nix {};
sympa = handleTest ./sympa.nix {};
syncthing = handleTest ./syncthing.nix {};
syncthing-no-settings = handleTest ./syncthing-no-settings.nix {};
@ -994,6 +997,7 @@ in {
tandoor-recipes-script-name = handleTest ./tandoor-recipes-script-name.nix {};
tang = handleTest ./tang.nix {};
taskserver = handleTest ./taskserver.nix {};
taskchampion-sync-server = handleTest ./taskchampion-sync-server.nix {};
tayga = handleTest ./tayga.nix {};
technitium-dns-server = handleTest ./technitium-dns-server.nix {};
teeworlds = handleTest ./teeworlds.nix {};

2
nixos/tests/k3s/airgap-images.nix
View file

@ -31,7 +31,7 @@ import ../make-test-python.nix (
start_all()
machine.wait_for_unit("k3s")
machine.wait_until_succeeds("journalctl -r --no-pager -u k3s | grep \"Imported images from /var/lib/rancher/k3s/agent/images/\"", timeout=60)
machine.wait_until_succeeds("journalctl -r --no-pager -u k3s | grep \"Imported images from /var/lib/rancher/k3s/agent/images/\"", timeout=120)
images = json.loads(machine.succeed("crictl img -o json"))
image_names = [i["repoTags"][0] for i in images["images"]]
with open("${k3s.imagesList}") as expected_images:

2
nixos/tests/kernel-generic.nix
View file

@ -31,8 +31,6 @@ let
linux_5_15_hardened
linux_6_1_hardened
linux_6_6_hardened
linux_6_8_hardened
linux_6_9_hardened
linux_rt_5_4
linux_rt_5_10
linux_rt_5_15

35
nixos/tests/mailpit.nix Normal file
View file

@ -0,0 +1,35 @@
import ./make-test-python.nix (
{ lib, ... }:
{
name = "mailpit";
meta.maintainers = lib.teams.flyingcircus.members;
nodes.machine =
{ pkgs, ... }:
{
services.mailpit.instances.default = { };
environment.systemPackages = with pkgs; [ swaks ];
};
testScript = ''
start_all()
from json import loads
machine.wait_for_unit("mailpit-default.service")
machine.wait_for_open_port(1025)
machine.wait_for_open_port(8025)
machine.succeed(
'echo "this is the body of the email" | swaks --to root@example.org --body - --server localhost:1025'
)
received = loads(machine.succeed("curl http://localhost:8025/api/v1/messages"))
assert received['total'] == 1
message = received["messages"][0]
assert len(message['To']) == 1
assert message['To'][0]['Address'] == 'root@example.org'
assert "this is the body of the email" in message['Snippet']
'';
}
)

33
nixos/tests/nixos-rebuild-specialisations.nix
View file

@ -71,32 +71,6 @@ import ./make-test-python.nix ({ pkgs, ... }: {
}
'';
wrongConfigFile = pkgs.writeText "configuration.nix" ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
boot.loader.grub = {
enable = true;
device = "/dev/vda";
forceInstall = true;
};
documentation.enable = false;
environment.systemPackages = [
(pkgs.writeShellScriptBin "parent" "")
];
specialisation.foo-bar = {
inheritParentConfig = true;
configuration = { ... }: { };
};
}
'';
in
''
machine.start()
@ -142,12 +116,5 @@ import ./make-test-python.nix ({ pkgs, ... }: {
with subtest("Make sure nonsense command combinations are forbidden"):
machine.fail("nixos-rebuild boot --specialisation foo")
machine.fail("nixos-rebuild boot -c foo")
machine.copy_from_host(
"${wrongConfigFile}",
"/etc/nixos/configuration.nix",
)
with subtest("Make sure that invalid specialisation names are rejected"):
machine.fail("nixos-rebuild switch")
'';
})

63
nixos/tests/sx.nix Normal file
View file

@ -0,0 +1,63 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
name = "sx";
meta.maintainers = with lib.maintainers; [
figsoda
thiagokokada
];
nodes.machine =
{ ... }:
{
imports = [ ./common/user-account.nix ];
environment.systemPackages = with pkgs; [ icewm ];
services.getty.autologinUser = "alice";
services.xserver = {
enable = true;
displayManager.sx.enable = true;
};
# Create sxrc file on login and start sx
programs.bash.loginShellInit =
# bash
''
mkdir -p "$HOME/.config/sx"
echo 'exec icewm' > "$HOME/.config/sx/sxrc"
chmod +x "$HOME/.config/sx/sxrc"
sx
'';
};
testScript =
{ nodes, ... }:
let
user = nodes.machine.users.users.alice;
in
# python
''
start_all()
machine.wait_for_unit("multi-user.target")
xauthority = "${user.home}/.local/share/sx/xauthority"
machine.wait_for_file(xauthority)
machine.succeed(f"xauth merge {xauthority}")
def icewm_is_visible(_last_try: bool) -> bool:
# sx will set DISPLAY as the TTY number we started, in this case
# TTY1:
# https://github.com/Earnestly/sx/blob/master/sx#L41.
# We can't use `machine.wait_for_window` here since we are running
# X as alice and not root.
return "IceWM" in machine.succeed("DISPLAY=:1 xwininfo -root -tree")
# Adding a retry logic to increase reliability
retry(icewm_is_visible)
'';
}
)

182
nixos/tests/systemd-boot.nix
View file

@ -13,8 +13,6 @@ let
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
environment.systemPackages = [ pkgs.efibootmgr ];
# Needed for machine-id to be persisted between reboots
environment.etc."machine-id".text = "00000000000000000000000000000000";
};
commonXbootldr = { config, lib, pkgs, ... }:
@ -83,7 +81,7 @@ let
os.environ['NIX_DISK_IMAGE'] = tmp_disk_image.name
'';
in
rec {
{
basic = makeTest {
name = "systemd-boot";
meta.maintainers = with pkgs.lib.maintainers; [ danielfullmer julienmalka ];
@ -95,8 +93,7 @@ rec {
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
# our sort-key will uses r to sort before nixos
machine.succeed("grep 'sort-key nixor-default' /boot/loader/entries/nixos-generation-1.conf")
machine.succeed("grep 'sort-key nixos' /boot/loader/entries/nixos-generation-1.conf")
# Ensure we actually booted using systemd-boot
# Magic number is the vendor UUID used by systemd-boot.
@ -244,18 +241,31 @@ rec {
testScript = ''
machine.succeed("mount -o remount,rw /boot")
# Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c
machine.succeed(
"""
find /boot -iname '*boot*.efi' -print0 | \
xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 000.0-1-notnixos ####/' '{}'
"""
)
def switch():
# Replace version inside sd-boot with something older. See magic[] string in systemd src/boot/efi/boot.c
machine.succeed(
"""
find /boot -iname '*boot*.efi' -print0 | \
xargs -0 -I '{}' sed -i 's/#### LoaderInfo: systemd-boot .* ####/#### LoaderInfo: systemd-boot 000.0-1-notnixos ####/' '{}'
"""
)
return machine.succeed("/run/current-system/bin/switch-to-configuration boot 2>&1")
output = machine.succeed("/run/current-system/bin/switch-to-configuration boot 2>&1")
output = switch()
assert "updating systemd-boot from 000.0-1-notnixos to " in output, "Couldn't find systemd-boot update message"
assert 'to "/boot/EFI/systemd/systemd-bootx64.efi"' in output, "systemd-boot not copied to to /boot/EFI/systemd/systemd-bootx64.efi"
assert 'to "/boot/EFI/BOOT/BOOTX64.EFI"' in output, "systemd-boot not copied to to /boot/EFI/BOOT/BOOTX64.EFI"
with subtest("Test that updating works with lowercase bootx64.efi"):
machine.succeed(
# Move to tmp file name first, otherwise mv complains the new location is the same
"mv /boot/EFI/BOOT/BOOTX64.EFI /boot/EFI/BOOT/bootx64.efi.new",
"mv /boot/EFI/BOOT/bootx64.efi.new /boot/EFI/BOOT/bootx64.efi",
)
output = switch()
assert "updating systemd-boot from 000.0-1-notnixos to " in output, "Couldn't find systemd-boot update message"
assert 'to "/boot/EFI/systemd/systemd-bootx64.efi"' in output, "systemd-boot not copied to to /boot/EFI/systemd/systemd-bootx64.efi"
assert 'to "/boot/EFI/BOOT/BOOTX64.EFI"' in output, "systemd-boot not copied to to /boot/EFI/BOOT/BOOTX64.EFI"
'';
};
@ -421,15 +431,15 @@ rec {
'';
};
garbage-collect-entry = { withBootCounting ? false, ... }: makeTest {
name = "systemd-boot-garbage-collect-entry" + optionalString withBootCounting "-with-boot-counting";
garbage-collect-entry = makeTest {
name = "systemd-boot-garbage-collect-entry";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
nodes = {
inherit common;
machine = { pkgs, nodes, ... }: {
imports = [ common ];
boot.loader.systemd-boot.bootCounting.enable = withBootCounting;
# These are configs for different nodes, but we'll use them here in `machine`
system.extraDependencies = [
nodes.common.system.build.toplevel
@ -444,12 +454,8 @@ rec {
''
machine.succeed("nix-env -p /nix/var/nix/profiles/system --set ${baseSystem}")
machine.succeed("nix-env -p /nix/var/nix/profiles/system --delete-generations 1")
# At this point generation 1 has already been marked as good so we reintroduce counters artificially
${optionalString withBootCounting ''
machine.succeed("mv /boot/loader/entries/nixos-generation-1.conf /boot/loader/entries/nixos-generation-1+3.conf")
''}
machine.succeed("${baseSystem}/bin/switch-to-configuration boot")
machine.fail("test -e /boot/loader/entries/nixos-generation-1*")
machine.fail("test -e /boot/loader/entries/nixos-generation-1.conf")
machine.succeed("test -e /boot/loader/entries/nixos-generation-2.conf")
'';
};
@ -469,138 +475,4 @@ rec {
machine.wait_for_unit("multi-user.target")
'';
};
# Check that we are booting the default entry and not the generation with largest version number
defaultEntry = { withBootCounting ? false, ... }: makeTest {
name = "systemd-boot-default-entry" + optionalString withBootCounting "-with-boot-counting";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
nodes = {
machine = { pkgs, lib, nodes, ... }: {
imports = [ common ];
system.extraDependencies = [ nodes.other_machine.system.build.toplevel ];
boot.loader.systemd-boot.bootCounting.enable = withBootCounting;
};
other_machine = { pkgs, lib, ... }: {
imports = [ common ];
boot.loader.systemd-boot.bootCounting.enable = withBootCounting;
environment.systemPackages = [ pkgs.hello ];
};
};
testScript = { nodes, ... }:
let
orig = nodes.machine.system.build.toplevel;
other = nodes.other_machine.system.build.toplevel;
in
''
orig = "${orig}"
other = "${other}"
def check_current_system(system_path):
machine.succeed(f'test $(readlink -f /run/current-system) = "{system_path}"')
check_current_system(orig)
# Switch to other configuration
machine.succeed("nix-env -p /nix/var/nix/profiles/system --set ${other}")
machine.succeed(f"{other}/bin/switch-to-configuration boot")
# Rollback, default entry is now generation 1
machine.succeed("nix-env -p /nix/var/nix/profiles/system --rollback")
machine.succeed(f"{orig}/bin/switch-to-configuration boot")
machine.shutdown()
machine.start()
machine.wait_for_unit("multi-user.target")
# Check that we booted generation 1 (default)
# even though generation 2 comes first in alphabetical order
check_current_system(orig)
'';
};
bootCounting =
let
baseConfig = { pkgs, lib, ... }: {
imports = [ common ];
boot.loader.systemd-boot.bootCounting.enable = true;
boot.loader.systemd-boot.bootCounting.tries = 2;
};
in
makeTest {
name = "systemd-boot-counting";
meta.maintainers = with pkgs.lib.maintainers; [ julienmalka ];
nodes = {
machine = { pkgs, lib, nodes, ... }: {
imports = [ baseConfig ];
system.extraDependencies = [ nodes.bad_machine.system.build.toplevel ];
};
bad_machine = { pkgs, lib, ... }: {
imports = [ baseConfig ];
systemd.services."failing" = {
script = "exit 1";
requiredBy = [ "boot-complete.target" ];
before = [ "boot-complete.target" ];
serviceConfig.Type = "oneshot";
};
};
};
testScript = { nodes, ... }:
let
orig = nodes.machine.system.build.toplevel;
bad = nodes.bad_machine.system.build.toplevel;
in
''
orig = "${orig}"
bad = "${bad}"
def check_current_system(system_path):
machine.succeed(f'test $(readlink -f /run/current-system) = "{system_path}"')
# Ensure we booted using an entry with counters enabled
machine.succeed(
"test -e /sys/firmware/efi/efivars/LoaderBootCountPath-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
)
# systemd-bless-boot should have already removed the "+2" suffix from the boot entry
machine.wait_for_unit("systemd-bless-boot.service")
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
check_current_system(orig)
# Switch to bad configuration
machine.succeed("nix-env -p /nix/var/nix/profiles/system --set ${bad}")
machine.succeed(f"{bad}/bin/switch-to-configuration boot")
# Ensure new bootloader entry has initialized counter
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
machine.succeed("test -e /boot/loader/entries/nixos-generation-2+2.conf")
machine.shutdown()
machine.start()
machine.wait_for_unit("multi-user.target")
check_current_system(bad)
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
machine.succeed("test -e /boot/loader/entries/nixos-generation-2+1-1.conf")
machine.shutdown()
machine.start()
machine.wait_for_unit("multi-user.target")
check_current_system(bad)
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
machine.succeed("test -e /boot/loader/entries/nixos-generation-2+0-2.conf")
machine.shutdown()
# Should boot back into original configuration
machine.start()
check_current_system(orig)
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
machine.succeed("test -e /boot/loader/entries/nixos-generation-2+0-2.conf")
machine.shutdown()
'';
};
defaultEntryWithBootCounting = defaultEntry { withBootCounting = true; };
garbageCollectEntryWithBootCounting = garbage-collect-entry { withBootCounting = true; };
}

48
nixos/tests/taskchampion-sync-server.nix Normal file
View file

@ -0,0 +1,48 @@
import ./make-test-python.nix (
{ ... }:
{
name = "taskchampion-sync-server";
nodes = {
server = {
services.taskchampion-sync-server.enable = true;
services.taskchampion-sync-server.openFirewall = true;
};
client =
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.taskwarrior3 ];
};
};
testScript =
{ nodes, ... }:
let
cfg = nodes.server.services.taskchampion-sync-server;
port = builtins.toString cfg.port;
# Generated with uuidgen
uuid = "bf01376e-04a4-435a-9263-608567531af3";
password = "nixos-test";
in
''
# Explicitly start the VMs so that we don't accidentally start newServer
server.start()
client.start()
server.wait_for_unit("taskchampion-sync-server.service")
server.wait_for_open_port(${port})
# See man task-sync(5)
client.succeed("mkdir ~/.task")
client.succeed("touch ~/.taskrc")
client.succeed("echo sync.server.origin=http://server:${port} >> ~/.taskrc")
client.succeed("echo sync.server.client_id=${uuid} >> ~/.taskrc")
client.succeed("echo sync.encryption_secret=${password} >> ~/.taskrc")
client.succeed("task add hello world")
client.succeed("task sync")
# Useful for debugging
client.copy_from_vm("/root/.task", "client")
server.copy_from_vm("${cfg.dataDir}", "server")
'';
}
)

2
nixos/tests/taskserver.nix
View file

@ -81,7 +81,7 @@ in {
};
client1 = { pkgs, ... }: {
environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ];
environment.systemPackages = [ pkgs.taskwarrior2 pkgs.gnutls ];
users.users.alice.isNormalUser = true;
users.users.bob.isNormalUser = true;
users.users.foo.isNormalUser = true;

9
pkgs/applications/audio/whipper/default.nix
View file

@ -21,6 +21,7 @@ let
in python3.pkgs.buildPythonApplication rec {
pname = "whipper";
version = "0.10.0";
pyproject = true;
src = fetchFromGitHub {
owner = "whipper-team";
@ -38,14 +39,15 @@ in python3.pkgs.buildPythonApplication rec {
})
];
nativeBuildInputs = with python3.pkgs; [
nativeBuildInputs = [
installShellFiles
wrapGAppsNoGuiHook
gobject-introspection
];
setuptools-scm
build-system = with python3.pkgs; [
docutils
setuptoolsCheckHook
setuptools-scm
];
propagatedBuildInputs = with python3.pkgs; [
@ -63,6 +65,7 @@ in python3.pkgs.buildPythonApplication rec {
nativeCheckInputs = with python3.pkgs; [
twisted
pytestCheckHook
] ++ bins;
makeWrapperArgs = [

908
pkgs/applications/blockchains/lighthouse/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

8
pkgs/applications/blockchains/lighthouse/default.nix
View file

@ -21,7 +21,7 @@
rustPlatform.buildRustPackage rec {
pname = "lighthouse";
version = "5.2.0";
version = "5.3.0";
# lighthouse/common/deposit_contract/build.rs
depositContractSpecVersion = "0.12.1";
@ -31,7 +31,7 @@ rustPlatform.buildRustPackage rec {
owner = "sigp";
repo = "lighthouse";
rev = "v${version}";
hash = "sha256-kruHYFPQ9H9HtEjzscQOyghPSpx++wNbHDYOVo0qtjY=";
hash = "sha256-wIj+YabyUrgLjWCfjCAH/Xb8jUG6ss+5SwnE2M82a+4=";
};
patches = [
@ -46,9 +46,9 @@ rustPlatform.buildRustPackage rec {
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"alloy-consensus-0.1.0" = "sha256-y5AIZN4d7Vm2dVa3jd0e6zXwC8hzPyOv0h5+W/Az3rs=";
"libmdbx-0.1.4" = "sha256-NMsR/Wl1JIj+YFPyeMMkrJFfoS07iEAKEQawO89a+/Q=";
"libmdbx-0.1.4" = "sha256-ONp4uPkVCN84MObjXorCZuSjnM6uFSMXK1vdJiX074o=";
"lmdb-rkv-0.14.0" = "sha256-sxmguwqqcyOlfXOZogVz1OLxfJPo+Q0+UjkROkbbOCk=";
"quick-protobuf-0.8.1" = "sha256-dgePLYCeoEZz5DGaLifhf3gEIPaL7XB0QT9wRKY8LJg=";
};
};

34
pkgs/applications/blockchains/polkadot/Cargo.lock generated
View file

@ -4660,9 +4660,12 @@ dependencies = [
[[package]]
name = "deranged"
version = "0.3.8"
version = "0.3.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946"
checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
dependencies = [
"powerfmt",
]
[[package]]
name = "derivative"
@ -9244,6 +9247,12 @@ dependencies = [
"num-traits",
]
[[package]]
name = "num-conv"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
[[package]]
name = "num-derive"
version = "0.4.2"
@ -14996,6 +15005,12 @@ dependencies = [
"rand",
]
[[package]]
name = "powerfmt"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
[[package]]
name = "pprof"
version = "0.12.1"
@ -21682,14 +21697,16 @@ dependencies = [
[[package]]
name = "time"
version = "0.3.27"
version = "0.3.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0bb39ee79a6d8de55f48f2293a830e040392f1c5f16e336bdd1788cd0aadce07"
checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
dependencies = [
"deranged",
"itoa",
"libc",
"num-conv",
"num_threads",
"powerfmt",
"serde",
"time-core",
"time-macros",
@ -21697,16 +21714,17 @@ dependencies = [
[[package]]
name = "time-core"
version = "0.1.1"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
[[package]]
name = "time-macros"
version = "0.2.13"
version = "0.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "733d258752e9303d392b94b75230d07b0b9c489350c69b851fc6c065fde3e8f9"
checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
dependencies = [
"num-conv",
"time-core",
]

10
pkgs/applications/blockchains/polkadot/default.nix
View file

@ -1,4 +1,5 @@
{ fetchFromGitHub
, fetchpatch
, lib
, openssl
, pkg-config
@ -51,6 +52,15 @@ rustPlatform.buildRustPackage rec {
};
};
cargoPatches = [
# NOTE: bump `time` dependency to be able to build with rust 1.80
# should be removed on the next release
(fetchpatch {
url = "https://github.com/paritytech/polkadot-sdk/pull/5149.patch";
hash = "sha256-FNG9XLeMRJOT6k7mcs6GemtQ3oUrH/hOYG0JNQP0akU=";
})
];
buildType = "production";
cargoBuildFlags = [ "-p" "polkadot" ];

4
pkgs/applications/editors/emacs/build-support/elpa.nix
View file

@ -1,10 +1,10 @@
# builder for Emacs packages built for packages.el
{ lib, stdenv, emacs, texinfo, writeText, gcc }:
{ lib, stdenv, emacs, texinfo, writeText }:
let
handledArgs = [ "meta" ];
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText gcc; };
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText; };
in

15
pkgs/applications/editors/emacs/build-support/generic.nix
View file

@ -1,11 +1,11 @@
# generic builder for Emacs packages
{ lib, stdenv, emacs, texinfo, writeText, gcc, ... }:
{ lib, stdenv, emacs, texinfo, writeText, ... }:
let
inherit (lib) optionalAttrs getLib;
handledArgs = [ "buildInputs" "packageRequires" "propagatedUserEnvPkgs" "meta" ]
++ lib.optionals (emacs.withNativeCompilation or false) [ "nativeBuildInputs" "postInstall" ];
inherit (lib) optionalAttrs;
handledArgs = [ "buildInputs" "nativeBuildInputs" "packageRequires" "propagatedUserEnvPkgs" "meta" ]
++ lib.optionals (emacs.withNativeCompilation or false) [ "postInstall" ];
setupHook = writeText "setup-hook.sh" ''
source ${./emacs-funcs.sh}
@ -55,7 +55,8 @@ stdenv.mkDerivation (finalAttrs: ({
esac
'';
buildInputs = [emacs texinfo] ++ packageRequires ++ buildInputs;
buildInputs = packageRequires ++ buildInputs;
nativeBuildInputs = [ emacs texinfo ] ++ nativeBuildInputs;
propagatedBuildInputs = packageRequires;
propagatedUserEnvPkgs = packageRequires ++ propagatedUserEnvPkgs;
@ -73,10 +74,6 @@ stdenv.mkDerivation (finalAttrs: ({
// optionalAttrs (emacs.withNativeCompilation or false) {
LIBRARY_PATH = "${getLib stdenv.cc.libc}/lib";
nativeBuildInputs = [ gcc ] ++ nativeBuildInputs;
addEmacsNativeLoadPath = true;
inherit turnCompilationWarningToError ignoreCompilationError;

4
pkgs/applications/editors/emacs/build-support/melpa.nix
View file

@ -1,11 +1,11 @@
# builder for Emacs packages built for packages.el
# using MELPA package-build.el
{ lib, stdenv, fetchFromGitHub, emacs, texinfo, writeText, gcc }:
{ lib, stdenv, fetchFromGitHub, emacs, texinfo, writeText }:
let
handledArgs = [ "meta" "preUnpack" "postUnpack" ];
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText gcc; };
genericBuild = import ./generic.nix { inherit lib stdenv emacs texinfo writeText; };
packageBuild = stdenv.mkDerivation {
name = "package-build";

3
pkgs/applications/editors/emacs/build-support/wrapper.nix
View file

@ -32,7 +32,7 @@ in customEmacsPackages.withPackages (epkgs: [ epkgs.evil epkgs.magit ])
*/
{ lib, lndir, makeBinaryWrapper, runCommand, gcc }:
{ lib, lndir, makeBinaryWrapper, runCommand }:
self:
let
inherit (self) emacs;
@ -60,7 +60,6 @@ runCommand
deps = runCommand "emacs-packages-deps"
({
inherit explicitRequires lndir emacs;
nativeBuildInputs = lib.optional withNativeCompilation gcc;
} // lib.optionalAttrs withNativeCompilation {
inherit (emacs) LIBRARY_PATH;
})

59
pkgs/applications/editors/emacs/elisp-packages/manual-packages/notdeft/package.nix
View file

@ -16,7 +16,7 @@
withIvy ? false,
}:
let
melpaBuild {
pname = "notdeft";
version = "0-unstable-2021-12-04";
@ -27,47 +27,12 @@ let
hash = "sha256-LMMLJFVpmoE/y3MqrgY2fmsehmzk6TkLsVoHmFUxiSw=";
};
# Xapian bindings for NotDeft
notdeft-xapian = stdenv.mkDerivation {
pname = "notdeft-xapian";
inherit version src;
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [
tclap
xapian
];
buildPhase = ''
runHook preBuild
$CXX -std=c++11 -o notdeft-xapian xapian/notdeft-xapian.cc -lxapian
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp notdeft-xapian $out/bin
runHook postInstall
'';
};
in
melpaBuild {
inherit pname version src;
packageRequires = lib.optional withHydra hydra ++ lib.optional withIvy ivy;
postPatch = ''
substituteInPlace notdeft-xapian.el \
--replace 'defcustom notdeft-xapian-program nil' \
"defcustom notdeft-xapian-program \"${notdeft-xapian}/bin/notdeft-xapian\""
--replace-fail 'defcustom notdeft-xapian-program nil' \
"defcustom notdeft-xapian-program \"$out/bin/notdeft-xapian\""
'';
files = ''
@ -77,8 +42,24 @@ melpaBuild {
${lib.optionalString withIvy ''"extras/notdeft-ivy.el"''})
'';
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [
tclap
xapian
];
preBuild = ''
$CXX -std=c++11 -o notdeft-xapian xapian/notdeft-xapian.cc -lxapian
'';
preInstall = ''
install -D --target-directory=$out/bin source/notdeft-xapian
'';
passthru = {
inherit notdeft-xapian;
updateScript = unstableGitUpdater { hardcodeZeroVersion = true; };
};

4
pkgs/applications/editors/vim/plugins/deprecated.json
View file

@ -7,6 +7,10 @@
"date": "2021-12-21",
"new": "cmp-tmux"
},
"taskwarrior": {
"date": "2024-08-13",
"new": "taskwarrior3 or taskwarrior2"
},
"fern-vim": {
"date": "2024-05-28",
"new": "vim-fern"

14
pkgs/applications/editors/vim/plugins/overrides.nix
View file

@ -46,7 +46,8 @@
, statix
, stylish-haskell
, tabnine
, taskwarrior
, taskwarrior2
, taskwarrior3
, tmux
, tup
, vim
@ -1581,9 +1582,14 @@
};
};
taskwarrior = buildVimPlugin {
inherit (taskwarrior) version pname;
src = "${taskwarrior.src}/scripts/vim";
taskwarrior3 = buildVimPlugin {
inherit (taskwarrior3) version pname;
src = "${taskwarrior3.src}/scripts/vim";
};
taskwarrior2 = buildVimPlugin {
inherit (taskwarrior2) version pname;
src = "${taskwarrior2.src}/scripts/vim";
};
telescope-cheat-nvim = super.telescope-cheat-nvim.overrideAttrs {

8
pkgs/applications/editors/vim/plugins/vim-clap/Cargo.lock generated
View file

@ -2843,9 +2843,9 @@ dependencies = [
[[package]]
name = "time"
version = "0.3.34"
version = "0.3.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749"
checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
dependencies = [
"deranged",
"itoa",
@ -2864,9 +2864,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
[[package]]
name = "time-macros"
version = "0.2.17"
version = "0.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774"
checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
dependencies = [
"num-conv",
"time-core",

6
pkgs/applications/editors/vim/plugins/vim-clap/default.nix
View file

@ -11,13 +11,13 @@
}:
let
version = "0.54";
version = "0.54-unstable-2024-08-11";
src = fetchFromGitHub {
owner = "liuchengxu";
repo = "vim-clap";
rev = "v${version}";
hash = "sha256-rhCum59GCIAwdi5QgSaPfrALelAIMncNetu81i53Q8c=";
rev = "3e8d001f5c9be10e4bb680a1d409326902c96c10";
hash = "sha256-7bgbKYjJX2Tfprb69/imyvhsCsurrmPWBXVVLX+ZMnM=";
};
meta = with lib; {

4
pkgs/applications/graphics/darktable/default.nix
View file

@ -53,8 +53,6 @@
, libaom
, portmidi
, lua
, dav1d
, libyuv
}:
stdenv.mkDerivation rec {
@ -108,8 +106,6 @@ stdenv.mkDerivation rec {
libaom
portmidi
lua
dav1d
libyuv
] ++ lib.optionals stdenv.isLinux [
colord
colord-gtk

61
pkgs/applications/graphics/paraview/default.nix
View file

@ -1,12 +1,32 @@
{ lib, stdenv, fetchFromGitLab, fetchurl
, boost, cmake, ffmpeg, wrapQtAppsHook, qtbase, qtx11extras
, qttools, qtxmlpatterns, qtsvg, gdal, gfortran, libXt, makeWrapper
, ninja, mpi, python3, tbb, libGLU, libGL
, withDocs ? true
{
lib,
stdenv,
fetchFromGitLab,
fetchurl,
boost,
cmake,
ffmpeg,
wrapQtAppsHook,
qtbase,
qtx11extras,
qttools,
qtxmlpatterns,
qtsvg,
gdal,
gfortran,
libXt,
makeWrapper,
ninja,
mpi,
python3,
tbb,
libGLU,
libGL,
withDocs ? true,
}:
let
version = "5.12.0";
version = "5.12.1";
docFiles = [
(fetchurl {
@ -26,7 +46,8 @@ let
})
];
in stdenv.mkDerivation rec {
in
stdenv.mkDerivation rec {
pname = "paraview";
inherit version;
@ -35,7 +56,7 @@ in stdenv.mkDerivation rec {
owner = "paraview";
repo = "paraview";
rev = "v${version}";
hash = "sha256-PAD48IlOU39TosjfTiDz7IjEeYEP/7F75M+8dYBIUxI=";
hash = "sha256-jbqMqj3D7LTwQ+hHIPscCHw4TfY/BR2HuVmMYom2+dA=";
fetchSubmodules = true;
};
@ -86,7 +107,10 @@ in stdenv.mkDerivation rec {
qtsvg
];
postInstall = let docDir = "$out/share/paraview-${lib.versions.majorMinor version}/doc"; in
postInstall =
let
docDir = "$out/share/paraview-${lib.versions.majorMinor version}/doc";
in
lib.optionalString withDocs ''
mkdir -p ${docDir};
for docFile in ${lib.concatStringsSep " " docFiles}; do
@ -95,14 +119,21 @@ in stdenv.mkDerivation rec {
'';
propagatedBuildInputs = [
(python3.withPackages (ps: with ps; [ numpy matplotlib mpi4py ]))
(python3.withPackages (
ps: with ps; [
numpy
matplotlib
mpi4py
]
))
];
meta = with lib; {
homepage = "https://www.paraview.org/";
meta = {
homepage = "https://www.paraview.org";
description = "3D Data analysis and visualization application";
license = licenses.bsd3;
maintainers = with maintainers; [ guibert ];
platforms = platforms.linux;
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ guibert ];
changelog = "https://www.kitware.com/paraview-${lib.concatStringsSep "-" (lib.versions.splitVersion version)}-release-notes";
platforms = lib.platforms.linux;
};
}

4
pkgs/applications/misc/camunda-modeler/default.nix
View file

@ -9,11 +9,11 @@
stdenvNoCC.mkDerivation rec {
pname = "camunda-modeler";
version = "5.25.0";
version = "5.26.0";
src = fetchurl {
url = "https://github.com/camunda/camunda-modeler/releases/download/v${version}/camunda-modeler-${version}-linux-x64.tar.gz";
hash = "sha256-4YeeeIC37s/cXZ4TjIxn/yvDVKP92f9uSBajLCj7NZw=";
hash = "sha256-jtTlqVsd+EGBkh05O+fRn6e6Q+Gw68uGruQqaTfsolM=";
};
sourceRoot = "camunda-modeler-${version}-linux-x64";

5
pkgs/applications/misc/electrum/ltc.nix
View file

@ -138,6 +138,11 @@ python3.pkgs.buildPythonApplication {
disabledTests = [
"test_loop" # test tries to bind 127.0.0.1 causing permission error
"test_is_ip_address" # fails spuriously https://github.com/spesmilo/electrum/issues/7307
# electrum_ltc.lnutil.RemoteMisbehaving: received commitment_signed without pending changes
"test_reestablish_replay_messages_rev_then_sig"
"test_reestablish_replay_messages_sig_then_rev"
# stuck on hydra
"test_reestablish_with_old_state"
];
postCheck = ''

31
pkgs/applications/misc/mbutil/default.nix
View file

@ -1,25 +1,36 @@
{ lib, buildPythonApplication, fetchFromGitHub, nose }:
{
lib,
buildPythonApplication,
fetchFromGitHub,
setuptools,
pytestCheckHook,
}:
buildPythonApplication rec {
pname = "mbutil";
version = "0.3.0";
pyproject = true;
src = fetchFromGitHub {
owner = "mapbox";
repo = pname;
rev = "v${version}";
sha256 = "06d62r89h026asaa4ryzb23m86j0cmbvy54kf4zl5f35sgiha45z";
repo = "mbutil";
rev = "refs/tags/v${version}";
hash = "sha256-vxAF49NluEI/cZMUv1dlQBpUh1jfZ6KUVkYAmFAWphk=";
};
nativeCheckInputs = [ nose ];
checkPhase = "nosetests";
patches = [ ./migrate_to_pytest.patch ];
meta = with lib; {
build-system = [ setuptools ];
nativeCheckInputs = [ pytestCheckHook ];
pytestFlagsArray = [ "test/test.py" ];
meta = {
description = "Importer and exporter for MBTiles";
mainProgram = "mb-util";
homepage = "https://github.com/mapbox/mbutil";
license = licenses.bsd3;
platforms = platforms.unix;
maintainers = with maintainers; [ sikmir ];
license = lib.licenses.bsd3;
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [ sikmir ];
};
}

30
pkgs/applications/misc/mbutil/migrate_to_pytest.patch Normal file
View file

@ -0,0 +1,30 @@
diff --git a/test/test.py b/test/test.py
index e02e259..1452fda 100644
--- a/test/test.py
+++ b/test/test.py
@@ -1,13 +1,24 @@
import os, shutil
import sys
import json
-from nose import with_setup
from mbutil import mbtiles_to_disk, disk_to_mbtiles
def clear_data():
try: shutil.rmtree('test/output')
except Exception: pass
+
+def with_setup(setup_func, teardown_func):
+ def wrapper(func):
+ def wrapped(*args, **kwargs):
+ setup_func()
+ func(*args, **kwargs)
+ teardown_func()
+
+ return wrapped
+ return wrapper
+
+
@with_setup(clear_data, clear_data)
def test_mbtiles_to_disk():
mbtiles_to_disk('test/data/one_tile.mbtiles', 'test/output')

4
pkgs/applications/misc/ptask/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, pkg-config, makeWrapper, gtk3, json_c, taskwarrior }:
{ lib, stdenv, fetchurl, pkg-config, makeWrapper, gtk3, json_c, taskwarrior2 }:
stdenv.mkDerivation rec {
pname = "ptask";
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
preFixup = ''
wrapProgram "$out/bin/ptask" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--prefix PATH : "${taskwarrior}/bin"
--prefix PATH : "${taskwarrior2}/bin"
'';
meta = with lib; {

4
pkgs/applications/misc/scli/default.nix
View file

@ -10,13 +10,13 @@
python3.pkgs.buildPythonApplication rec {
pname = "scli";
version = "0.7.4";
version = "0.7.5";
src = fetchFromGitHub {
owner = "isamert";
repo = pname;
rev = "refs/tags/v${version}";
sha256 = "sha256-GC19iJYdNUdC4UEBWWdlzl0Ha6Y3knB1dG+6spwdYQ0=";
sha256 = "sha256-pp3uVABsncXXL2PZvTymHPKGAFvB24tnX+3K+C0VW8g=";
};
propagatedBuildInputs = with python3.pkgs; [

4
pkgs/applications/misc/tasknc/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, makeWrapper, perl, ncurses5, taskwarrior }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, makeWrapper, perl, ncurses5, taskwarrior2 }:
stdenv.mkDerivation rec {
version = "2020-12-17";
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
DESTDIR=$out PREFIX= MANPREFIX=/share/man make install
wrapProgram $out/bin/tasknc --prefix PATH : ${taskwarrior}/bin
wrapProgram $out/bin/tasknc --prefix PATH : ${taskwarrior2}/bin
'';

6
pkgs/applications/misc/tuckr/default.nix
View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "tuckr";
version = "0.9.0";
version = "0.9.1";
src = fetchFromGitHub {
owner = "RaphGL";
repo = "Tuckr";
rev = version;
hash = "sha256-cIyqka/+CrO9RuKr7tI79QvpPA0mDL/YzWWWrcwin8E=";
hash = "sha256-5KDBtbovs3tPuLNJqHyMM9mGV8cNgJFv3QqAtLVOhns=";
};
cargoHash = "sha256-5Z7UpkLlNMW8prtdJO+Xr45fpacjhDBoD/RFv/H44t0=";
cargoHash = "sha256-LvvC60CNl/y1rx4UTKVLFeiaJBNpou5JrCdsmZvTccU=";
doCheck = false; # test result: FAILED. 5 passed; 3 failed;

4
pkgs/applications/misc/vit/default.nix
View file

@ -1,7 +1,7 @@
{ lib
, python3Packages
, fetchPypi
, taskwarrior
, taskwarrior2
, glibcLocales
}:
@ -24,7 +24,7 @@ buildPythonApplication rec {
nativeCheckInputs = [ glibcLocales ];
makeWrapperArgs = [ "--suffix" "PATH" ":" "${taskwarrior}/bin" ];
makeWrapperArgs = [ "--suffix" "PATH" ":" "${taskwarrior2}/bin" ];
preCheck = ''
export TERM=''${TERM-linux}

8
pkgs/applications/networking/browsers/ladybird/default.nix
View file

@ -8,16 +8,13 @@
, unicode-emoji
, unicode-character-database
, cmake
, dav1d
, ninja
, pkg-config
, libaom
, libavif
, libjxl
, libtiff
, libwebp
, libxcrypt
, libyuv
, python3
, qt6Packages
, woff2
@ -137,14 +134,11 @@ stdenv.mkDerivation (finalAttrs: {
];
buildInputs = with qt6Packages; [
dav1d
ffmpeg
libaom
libavif
libjxl
libwebp
libxcrypt
libyuv
qtbase
qtmultimedia
simdutf
@ -178,7 +172,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
# Only Ladybird and WebContent need wrapped, if Qt is enabled.
# On linux we end up wrapping some non-Qt apps, like headless-browser.
# On linux we end up wraping some non-Qt apps, like headless-browser.
dontWrapQtApps = stdenv.isDarwin;
passthru.tests = {

14
pkgs/applications/networking/browsers/librewolf/src.json
View file

@ -1,15 +1,15 @@
{
"packageVersion": "128.0.3-2",
"packageVersion": "129.0-1",
"source": {
"rev": "128.0.3-2",
"sha256": "1g1biavphqykj0zvi1brakrncj1h4gqhs1cy5mxlp4w4p7ahpv6d"
"rev": "129.0-1",
"sha256": "13wb54avaz2jsb5bz2jp3wn5bpraxfnvc2m93djzcacc8fd5fbwp"
},
"settings": {
"rev": "1debc2d30949baff2d1e7df23e87900f1987a8ae",
"sha256": "12xgjv40mihbyfsah26vvdyb4yirydc1a884v2chnca4f5q00lc2"
"rev": "0d126722d7e10bb7fa81f473450484c778928b39",
"sha256": "00i7j67nlfs8p9y2sylz4z4rylwhs98rd0idjpg0al0zga4jv7im"
},
"firefox": {
"version": "128.0.3",
"sha512": "52a0a1a6fa653f5a621a9e16e1937760c05a5ebc81a058ecc16b2c3d29d09d418dc5129deabed86ad2f82abdb3100969478a67f48b11616dc3b3e3698a1acf51"
"version": "129.0",
"sha512": "e406d00dc53c66a1ee6b56e7001efcdd8b323caa3676d66d874d39a99f44ac7cebf4c60d76b5d239ebcf834a75cecabf801a74a1d08a97a66ea5e8ec6c8f7c5b"
}
}

6
pkgs/applications/networking/browsers/w3m/default.nix
View file

@ -5,7 +5,7 @@
, x11Support ? graphicsSupport, libX11
, mouseSupport ? !stdenv.isDarwin, gpm-ncurses
, perl, man, pkg-config, buildPackages, w3m
, testers
, testers, updateAutotoolsGnuConfigScriptsHook
}:
let
@ -53,7 +53,9 @@ in stdenv.mkDerivation rec {
sed -ie 's!mktable.*:.*!mktable:!' Makefile.in
'';
nativeBuildInputs = [ pkg-config gettext ];
# updateAutotoolsGnuConfigScriptsHook necessary to build on FreeBSD native pending inclusion of
# https://git.savannah.gnu.org/cgit/config.git/commit/?id=e4786449e1c26716e3f9ea182caf472e4dbc96e0
nativeBuildInputs = [ pkg-config gettext updateAutotoolsGnuConfigScriptsHook ];
buildInputs = [ ncurses boehmgc zlib ]
++ lib.optional sslSupport openssl
++ lib.optional mouseSupport gpm-ncurses

4
pkgs/applications/networking/cluster/argo-rollouts/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "argo-rollouts";
version = "1.7.1";
version = "1.7.2";
src = fetchFromGitHub {
owner = "argoproj";
repo = "argo-rollouts";
rev = "v${version}";
sha256 = "sha256-5ly5VJSXIo9s2ilWYhf5FJij+tcITd+rmYEKFdFrq44=";
sha256 = "sha256-KljhBI7vNqQVV0UeFRXfdan1gEiwS1CwokgWnJ1RR5Q=";
};
vendorHash = "sha256-38BLPNc6en70+UxlldmrwtRTMRLh/fCPL6FtuA2ODGM=";

6
pkgs/applications/networking/cluster/roxctl/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "roxctl";
version = "4.5.0";
version = "4.5.1";
src = fetchFromGitHub {
owner = "stackrox";
repo = "stackrox";
rev = version;
sha256 = "sha256-DX7q8TgCJuM4G/gYnh+ZhbaGFO4BezRShZyNqZ2VRMg=";
sha256 = "sha256-EYhp07G4a3dhnNrWzz6BtFpcgoYHosGdY2sDUYcS9QA=";
};
vendorHash = "sha256-K1jtwrfzRpzMApDW0WPmIZaJ5hADlMjEkFDWFmzmDc0=";
vendorHash = "sha256-Z7EkKVrwTzoD1BwaPhLr6XVtq/dctPJwH+KgyN3ZbUU=";
nativeBuildInputs = [ installShellFiles ];

9
pkgs/applications/networking/cluster/terraform-providers/providers.json
View file

@ -1146,6 +1146,15 @@
"spdx": "MPL-2.0",
"vendorHash": "sha256-8W1PK4T98iK1N6EB6AVjvr1P9Ja51+kSOmYAEosxrh8="
},
"spacelift": {
"hash": "sha256-xDkOngj8wPsqZhyYh0oVA9YVwMY+bRnpXL2yjpkN38M=",
"homepage": "https://registry.terraform.io/providers/spacelift-io/spacelift",
"owner": "spacelift-io",
"repo": "terraform-provider-spacelift",
"rev": "v1.14.0",
"spdx": "MIT",
"vendorHash": "sha256-m/J390su2nUpYMXrrYcOfKSjZb5Y23+g24rroLRss4U="
},
"spotinst": {
"hash": "sha256-SOzaTZIBEC9se942ofYHURH8btw38upJtnlDDWmLcTM=",
"homepage": "https://registry.terraform.io/providers/spotinst/spotinst",

6
pkgs/applications/networking/instant-messengers/armcord/default.nix
View file

@ -10,20 +10,20 @@
}:
stdenv.mkDerivation rec {
pname = "armcord";
version = "3.2.7";
version = "3.2.8";
src = fetchFromGitHub {
owner = "ArmCord";
repo = "ArmCord";
rev = "v${version}";
hash = "sha256-+o/w3bYW3IR3APo7HppSMOTl+cU+01J+p1L0YrYgsUU=";
hash = "sha256-H/Y3xA7gE24UsUkrxmrRFSvs16qZCVxli9vdnt7ihi8=";
};
nativeBuildInputs = [ pnpm.configHook nodejs makeWrapper copyDesktopItems ];
pnpmDeps = pnpm.fetchDeps {
inherit pname version src;
hash = "sha256-UJ3E/2+MspgVbRT7s6K4lGDvTQbWD3bwyICbJjctwDI=";
hash = "sha256-hYp1XbWQL5NbIzzUSnZ7y7V+vYQmymRNo+EiSjn5d9E=";
};
ELECTRON_SKIP_BINARY_DOWNLOAD = "1";

10
pkgs/applications/networking/instant-messengers/element/pin.nix
View file

@ -1,9 +1,9 @@
{
"version" = "1.11.73";
"version" = "1.11.74";
"hashes" = {
"desktopSrcHash" = "sha256-o6uXn+ArwSneDMtS4AfVmSqQfAl0Gygvoj2suKI+VqU=";
"desktopYarnHash" = "10a409klzzvm6dm27803c2cgwpx1aj035ad1mdnsqyhnd4nsigpw";
"webSrcHash" = "sha256-/PS/hEuSKXKRwS2zmH7Q8IIE20kPnOKU3PHXGSLhZZE=";
"webYarnHash" = "1j43rbn3sc6bnnf81p8y0b1jcck57d6yh07zpxlkgni1qkly809d";
"desktopSrcHash" = "sha256-RKDwtoad8gP1fAjkg2+6BJj6z8SqYk1ddG7wQ9wI1XQ=";
"desktopYarnHash" = "0bl78yd7apd5qbsqyhxnwj7lwrjx5820zh22rzgn9jqkcv25jwgw";
"webSrcHash" = "sha256-5Tujhqias3+k4BgQbO8R0toHlKQcAywG2MWBZX1SVOM=";
"webYarnHash" = "06wmzxsc0iijrz017lb40nydb05n8ckmin2rrwiw25bl8ywfw0qr";
};
}

6
pkgs/applications/networking/mullvad-vpn/default.nix
View file

@ -64,7 +64,7 @@ let
systemd
];
version = "2024.3";
version = "2024.4";
selectSystem = attrs: attrs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
@ -74,8 +74,8 @@ let
};
hash = selectSystem {
x86_64-linux = "sha256-LfuLBYGHlVEcVpHSdRSAEf9D7QChRd/fhx8EoCBZbSc=";
aarch64-linux = "sha256-7uUgewZ9KVLyMUax6u0R6ZN1YS3L4c43meVqJQD77lA=";
x86_64-linux = "sha256-bsXlOzqGr37AZhEij68Fy2/3Lk50J7A3jHV0re5U6j0=";
aarch64-linux = "sha256-6OBCqOnSkXBntFGxXicPU7GSb9+a5WN4rYExgDa08/I=";
};
in

14
pkgs/applications/networking/warp/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchFromGitLab
, fetchpatch2
, appstream-glib
, cargo
, desktop-file-utils
@ -33,14 +34,23 @@ stdenv.mkDerivation rec {
hash = "sha256-GRxZ3y1PdJpBDnGCfmOmZgN8n1aaYf9IhyszRwo3MjQ=";
};
patches = [
# https://gitlab.gnome.org/World/warp/-/merge_requests/74
(fetchpatch2 {
name = "rust-1.80-compat.patch";
url = "https://gitlab.gnome.org/World/warp/-/commit/38747cc2dde79089df53fd8451ea2db13f9f3714.patch";
hash = "sha256-9P5LwCHaC6J5WR2OnjCaNE+4de/Jv6XGXS7bOfYrM7w=";
})
];
postPatch = ''
patchShebangs build-aux
'';
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
inherit src patches;
name = "${pname}-${version}";
hash = "sha256-v/MhVcQmMYD/n/8wmPCYUy4YpXhL0v4fq8h6cllo/pw=";
hash = "sha256-xF9AzcO2uawHu7XZay7Wwr2r+OVLbXhfSynnBYbVkZM=";
};
nativeBuildInputs = [

4
pkgs/applications/office/gnote/default.nix
View file

@ -19,11 +19,11 @@
stdenv.mkDerivation rec {
pname = "gnote";
version = "46.0";
version = "46.1";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.major version}/${pname}-${version}.tar.xz";
hash = "sha256-ht9YoVlbIVN0aRq0S/wWE7Sf28p3CEI6PVZY3NOgFe0=";
hash = "sha256-47v3A6WPgI3Fd9WiVsF3wYkHC5KPS9WSltDA3SXz2pk=";
};
buildInputs = [

13
pkgs/applications/office/qownnotes/default.nix
View file

@ -1,7 +1,7 @@
{ lib
, stdenv
, fetchurl
, qmake
, cmake
, qttools
, qtbase
, qtdeclarative
@ -20,18 +20,18 @@
let
pname = "qownnotes";
appname = "QOwnNotes";
version = "24.8.3";
version = "24.8.5";
in
stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://github.com/pbek/QOwnNotes/releases/download/v${version}/qownnotes-${version}.tar.xz";
hash = "sha256-lbNJT6IbIgTYLpsMWK6Nk0XXhw1De+wZgrH4DE1vDKg=";
hash = "sha256-2aXKb9epApscoxt9I2oL6pl1jnGu6sbHTr9+pz6QJu4=";
};
nativeBuildInputs = [
qmake
cmake
qttools
wrapQtAppsHook
pkg-config
@ -47,8 +47,9 @@ stdenv.mkDerivation {
botan2
] ++ lib.optionals stdenv.isLinux [ qtwayland ];
qmakeFlags = [
"USE_SYSTEM_BOTAN=1"
cmakeFlags = [
"-DQON_QT6_BUILD=ON"
"-DBUILD_WITH_SYSTEM_BOTAN=ON"
];
postInstall = ''

7
pkgs/applications/science/chemistry/pymol/default.nix
View file

@ -2,7 +2,6 @@
, lib
, fetchFromGitHub
, makeDesktopItem
, python3
, python3Packages
, netcdf
, glew
@ -50,7 +49,7 @@ python3Packages.buildPythonApplication rec {
postPatch = ''
substituteInPlace setup.py \
--replace-fail "self.install_libbase" '"${placeholder "out"}/${python3.sitePackages}"'
--replace-fail "self.install_libbase" '"${placeholder "out"}/${python3Packages.python.sitePackages}"'
'';
build-system = [
@ -63,10 +62,10 @@ python3Packages.buildPythonApplication rec {
postInstall = with python3Packages; ''
wrapProgram $out/bin/pymol \
--prefix PYTHONPATH : ${lib.makeSearchPathOutput "lib" python3.sitePackages [ pyqt5 pyqt5.pyqt5-sip ]}
--prefix PYTHONPATH : ${lib.makeSearchPathOutput "lib" python3Packages.python.sitePackages [ pyqt5 pyqt5.pyqt5-sip ]}
mkdir -p "$out/share/icons/"
ln -s $out/${python3.sitePackages}/pymol/pymol_path/data/pymol/icons/icon2.svg "$out/share/icons/pymol.svg"
ln -s $out/${python3Packages.python.sitePackages}/pymol/pymol_path/data/pymol/icons/icon2.svg "$out/share/icons/pymol.svg"
'' + lib.optionalString stdenv.hostPlatform.isLinux ''
cp -r "${desktopItem}/share/applications/" "$out/share/"
'';

6
pkgs/applications/terminal-emulators/foot/default.nix
View file

@ -26,7 +26,7 @@
}:
let
version = "1.17.2";
version = "1.18.1";
# build stimuli file for PGO build and the script to generate it
# independently of the foot's build, so we can cache the result
@ -98,7 +98,7 @@ stdenv.mkDerivation {
owner = "dnkl";
repo = "foot";
rev = version;
hash = "sha256-p+qaWHBrUn6YpNyAmQf6XoQyO3degHP5oMN53/9gIr4=";
hash = "sha256:15s7fbkibvq53flf5yy9ad37y53pl83rcnjwlnfh96a4s5mj6v5d";
};
separateDebugInfo = true;
@ -156,6 +156,8 @@ stdenv.mkDerivation {
"-Dcustom-terminfo-install-location=${terminfoDir}"
# Install systemd user units for foot-server
"-Dsystemd-units-dir=${placeholder "out"}/lib/systemd/user"
# Especially -Wunused-command-line-argument is a problem with clang
"-Dwerror=false"
];
# build and run binary generating PGO profiles,

6
pkgs/applications/version-management/git-mit/default.nix
View file

@ -10,7 +10,7 @@
}:
let
version = "5.12.205";
version = "5.13.11";
in
rustPlatform.buildRustPackage {
pname = "git-mit";
@ -20,10 +20,10 @@ rustPlatform.buildRustPackage {
owner = "PurpleBooth";
repo = "git-mit";
rev = "v${version}";
hash = "sha256-I9tIw7ZtQ85L1Pt0+/CxugtmnClbEbn4xKjSkBqBa0o=";
hash = "sha256-sLSPnr89AvosutY8jw0KiiXihVT+A+fuHs6AKvMEUF4=";
};
cargoHash = "sha256-GWoh//sHhIVxmFuyAHRot/JG5wL3Zn2yIeRncaPENN4=";
cargoHash = "sha256-iaAxwUtGKG3AG3mdiKveZekFSEqHBf4O9WLs23YeSPs=";
nativeBuildInputs = [ pkg-config ];

15
pkgs/applications/version-management/josh/default.nix
View file

@ -13,21 +13,21 @@
let
# josh-ui requires javascript dependencies, haven't tried to figure it out yet
cargoFlags = [ "--workspace" "--exclude" "josh-ui" ];
version = "24.08.14";
in
rustPlatform.buildRustPackage rec {
rustPlatform.buildRustPackage {
pname = "josh";
version = "23.12.04";
JOSH_VERSION = "r${version}";
inherit version;
src = fetchFromGitHub {
owner = "esrlabs";
repo = "josh";
rev = JOSH_VERSION;
sha256 = "10fspcafqnv6if5c1h8z9pf9140jvvlrch88w62wsg4w2vhaii0v";
rev = "v${version}";
hash = "sha256-6U1nhERpPQAVgQm6xwRlHIhslYBLd65DomuGn5yRiSs=";
};
cargoHash = "sha256-g4/Z3QUFBeWlqhnZ2VhmdAjya4A+vwXQa7QYZ+CgG8g=";
cargoHash = "sha256-s6+Bd4ucwUinrcbjNvlDsf9LhWc/U9SAvBRW7JAmxVA=";
nativeBuildInputs = [
pkg-config
@ -44,6 +44,9 @@ rustPlatform.buildRustPackage rec {
cargoBuildFlags = cargoFlags;
cargoTestFlags = cargoFlags;
# used to teach josh itself about its version number
env.JOSH_VERSION = "r${version}";
postInstall = ''
wrapProgram "$out/bin/josh-proxy" --prefix PATH : "${git}/bin"
'';

11
pkgs/applications/version-management/jujutsu/default.nix
View file

@ -1,6 +1,7 @@
{ stdenv
, lib
, fetchFromGitHub
, fetchpatch2
, rustPlatform
, Security
, SystemConfiguration
@ -28,7 +29,15 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-1lONtpataRi0yE6LpN6oNnC3OAW918v8GFCUwinYJWI=";
};
cargoHash = "sha256-dRbOTxlFXfmeHUKH2UeN84OwlQ1urCND/Nfk9vSeLwA=";
cargoPatches = [
# cargo: bump `git2` to 0.19.0
(fetchpatch2 {
url = "https://github.com/martinvonz/jj/commit/38f6ee89183d886e432472c5888908c9900c9c18.patch?full_index=1";
hash = "sha256-BVcak7uIEhwoO0f9hf0GVKKSVmp/ueKD5C9F8J0iL3w=";
})
];
cargoHash = "sha256-FxcvLT0YnXcjDCKxuyijYsVSMLjx1glDzmFH5ctSx6s=";
cargoBuildFlags = [ "--bin" "jj" ]; # don't install the fake editors
useNextest = false; # nextest is the upstream integration framework, but is problematic for test skipping

4
pkgs/applications/version-management/meld/default.nix
View file

@ -1,4 +1,5 @@
{ lib
, stdenv
, fetchurl
, gettext
, itstool
@ -15,6 +16,7 @@
, gnome
, adwaita-icon-theme
, gsettings-desktop-schemas
, desktopToDarwinBundle
}:
python3.pkgs.buildPythonApplication rec {
@ -39,7 +41,7 @@ python3.pkgs.buildPythonApplication rec {
gobject-introspection
wrapGAppsHook3
gtk3 # for gtk-update-icon-cache
];
] ++ lib.optionals stdenv.hostPlatform.isDarwin [ desktopToDarwinBundle ];
buildInputs = [
gtk3

6
pkgs/applications/version-management/mercurial/default.nix
View file

@ -21,11 +21,11 @@ let
self = python3Packages.buildPythonApplication rec {
pname = "mercurial${lib.optionalString fullBuild "-full"}";
version = "6.8";
version = "6.8.1";
src = fetchurl {
url = "https://mercurial-scm.org/release/mercurial-${version}.tar.gz";
hash = "sha256-COTQ5dqK8RMrUea8M1AYCtV63Nk18Je20LwRmiwsChA=";
hash = "sha256-Aw6Kem1ZDk6utAPuJWdWFc2A0jbzq4oLVtzIQYEViwU=";
};
format = "other";
@ -35,7 +35,7 @@ let
cargoDeps = if rustSupport then rustPlatform.fetchCargoTarball {
inherit src;
name = "mercurial-${version}";
hash = "sha256-mP82UtASD0Fh8ilDDCB6ubY7/MGPoRP6hg6/xRwzwAw=";
hash = "sha256-i5AVyi9m7qLLubhV8fBhhZ6/RYOjMdwmv9Bek9pT/xo=";
sourceRoot = "mercurial-${version}/rust";
} else null;
cargoRoot = if rustSupport then "rust" else null;

12
pkgs/applications/virtualization/cloud-hypervisor/default.nix
View file

@ -1,4 +1,6 @@
{ lib, stdenv, fetchFromGitHub, rustPlatform, pkg-config, dtc, openssl }:
{ lib, stdenv, fetchFromGitHub, fetchpatch
, rustPlatform, pkg-config, dtc, openssl
}:
rustPlatform.buildRustPackage rec {
pname = "cloud-hypervisor";
@ -11,6 +13,14 @@ rustPlatform.buildRustPackage rec {
hash = "sha256-zrMJGdbOukNbzmcTuIcHlwAbJvTzhz53dc4TO/Fplb4=";
};
patches = [
(fetchpatch {
name = "ub.patch";
url = "https://github.com/cloud-hypervisor/cloud-hypervisor/commit/02f146fef81c4aa4a7ef3555c176d3b533158d7a.patch";
hash = "sha256-g9WcGJy8Q+Bc0egDfoQVSVfKqyXa8vkIZk+aYQyFuy8=";
})
];
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {

4
pkgs/applications/virtualization/crun/default.nix
View file

@ -39,13 +39,13 @@ let
in
stdenv.mkDerivation rec {
pname = "crun";
version = "1.15";
version = "1.16";
src = fetchFromGitHub {
owner = "containers";
repo = pname;
rev = version;
hash = "sha256-ZLkpwNxhTssp5RZ041+/mveq7Sct8fVzsdt8X319V1Q=";
hash = "sha256-/dGnmZAFQ/e6EEfz8g75Eiefi2uz94moirWMLZRumdg=";
fetchSubmodules = true;
};

6
pkgs/build-support/bintools-wrapper/ld-wrapper.sh
View file

@ -226,12 +226,6 @@ if [[ "$NIX_DONT_SET_RPATH_@suffixSalt@" != 1 && "$linkType" != static-pie ]]; t
fi
# This is outside the DONT_SET_RPATH branch because it's more targeted and we
# usually want it (on Darwin) even if DONT_SET_RPATH is set.
if [ -n "${NIX_COREFOUNDATION_RPATH:-}" ]; then
extraAfter+=(-rpath $NIX_COREFOUNDATION_RPATH)
fi
# Only add --build-id if this is a final link. FIXME: should build gcc
# with --enable-linker-build-id instead?
#

2
pkgs/build-support/cc-wrapper/add-clang-cc-cflags-before.sh
View file

@ -6,6 +6,6 @@ for p in "${params[@]}"; do
esac
done
if $needsTarget; then
if $needsTarget && [[ $0 != *cpp ]]; then
extraBefore+=(-target @defaultTarget@ @machineFlags@)
fi

7
pkgs/build-support/cc-wrapper/add-flags.sh
View file

@ -27,8 +27,11 @@ for var in "${var_templates_bool[@]}"; do
mangleVarBool "$var" ${role_suffixes[@]+"${role_suffixes[@]}"}
done
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
NIX_CFLAGS_COMPILE_@suffixSalt@="-B@out@/bin/ $NIX_CFLAGS_COMPILE_@suffixSalt@"
# Arocc does not support "-B"
if [[ -z "@isArocc@" ]]; then
# `-B@bintools@/bin' forces cc to use ld-wrapper.sh when calling ld.
NIX_CFLAGS_COMPILE_@suffixSalt@="-B@bintools@/bin/ $NIX_CFLAGS_COMPILE_@suffixSalt@"
fi
# Export and assign separately in order that a failing $(..) will fail
# the script.

10
pkgs/build-support/cc-wrapper/add-hardening.sh
View file

@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
fi
if (( "${NIX_DEBUG:-0}" >= 1 )); then
declare -a allHardeningFlags=(fortify fortify3 stackprotector stackclashprotection pie pic strictoverflow format trivialautovarinit zerocallusedregs)
declare -a allHardeningFlags=(fortify fortify3 shadowstack stackprotector stackclashprotection pacret pie pic strictoverflow format trivialautovarinit zerocallusedregs)
declare -A hardeningDisableMap=()
# Determine which flags were effectively disabled so we can report below.
@ -75,6 +75,14 @@ for flag in "${!hardeningEnableMap[@]}"; do
;;
esac
;;
shadowstack)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling shadowstack >&2; fi
hardeningCFlagsBefore+=('-fcf-protection=return')
;;
pacret)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pacret >&2; fi
hardeningCFlagsBefore+=('-mbranch-protection=pac-ret')
;;
stackprotector)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
hardeningCFlagsBefore+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4')

5
pkgs/build-support/cc-wrapper/cc-wrapper.sh
View file

@ -79,6 +79,11 @@ if [ "$nonFlagArgs" = 0 ]; then
dontLink=1
fi
# Arocc does not link
if [ "@isArocc@" = 1 ]; then
dontLink=1
fi
# Optionally filter out paths not refering to the store.
if [[ "${NIX_ENFORCE_PURITY:-}" = 1 && -n "$NIX_STORE" ]]; then
kept=()

32
pkgs/build-support/cc-wrapper/default.nix
View file

@ -15,7 +15,9 @@
, propagateDoc ? cc != null && cc ? man
, extraTools ? [], extraPackages ? [], extraBuildCommands ? ""
, nixSupport ? {}
, isGNU ? false, isClang ? cc.isClang or false, isCcache ? cc.isCcache or false, gnugrep ? null
, isGNU ? false, isClang ? cc.isClang or false, isZig ? cc.isZig or false
, isArocc ? cc.isArocc or false, isCcache ? cc.isCcache or false
, gnugrep ? null
, expand-response-params
, libcxx ? null
@ -304,6 +306,9 @@ stdenvNoCC.mkDerivation {
outputs = [ "out" ] ++ optionals propagateDoc [ "man" "info" ];
# Cannot be in "passthru" due to "substituteAll"
inherit isArocc;
passthru = {
inherit targetPrefix suffixSalt;
# "cc" is the generic name for a C compiler, but there is no one for package
@ -311,7 +316,7 @@ stdenvNoCC.mkDerivation {
# Binutils, and Apple's "cctools"; "bintools" as an attempt to find an
# unused middle-ground name that evokes both.
inherit bintools;
inherit cc libc libcxx nativeTools nativeLibc nativePrefix isGNU isClang;
inherit cc libc libcxx nativeTools nativeLibc nativePrefix isGNU isClang isZig;
emacsBufferSetup = pkgs: ''
; We should handle propagation here too
@ -391,6 +396,10 @@ stdenvNoCC.mkDerivation {
ln -s ${targetPrefix}clang $out/bin/${targetPrefix}cc
export named_cc=${targetPrefix}clang
export named_cxx=${targetPrefix}clang++
elif [ -e $ccPath/arocc ]; then
wrap ${targetPrefix}arocc $wrapper $ccPath/arocc
ln -s ${targetPrefix}arocc $out/bin/${targetPrefix}cc
export named_cc=${targetPrefix}arocc
fi
if [ -e $ccPath/${targetPrefix}g++ ]; then
@ -475,7 +484,7 @@ stdenvNoCC.mkDerivation {
#
# TODO(@Ericson2314): Remove this after stable release and force
# everyone to refer to bintools-wrapper directly.
+ ''
+ optionalString (!isArocc) ''
if [[ -f "$bintools/nix-support/dynamic-linker" ]]; then
ln -s "$bintools/nix-support/dynamic-linker" "$out/nix-support"
fi
@ -491,7 +500,7 @@ stdenvNoCC.mkDerivation {
echo "-B${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-cflags
''
+ optionalString useGccForLibs ''
+ optionalString (useGccForLibs && !isArocc) ''
echo "-L${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-ldflags
echo "-L${gccForLibs_solib}/lib" >> $out/nix-support/cc-ldflags
''
@ -517,9 +526,9 @@ stdenvNoCC.mkDerivation {
''
# this ensures that when clang passes -lgcc_s to lld (as it does
# when building e.g. firefox), lld is able to find libgcc_s.so
+ concatMapStrings (libgcc: ''
+ optionals (!isArocc) (concatMapStrings (libgcc: ''
echo "-L${libgcc}/lib" >> $out/nix-support/cc-ldflags
'') (toList (gccForLibs.libgcc or [])))
'') (toList (gccForLibs.libgcc or []))))
##
## General libc support
@ -539,9 +548,10 @@ stdenvNoCC.mkDerivation {
+ optionalString (libc != null) (''
touch "$out/nix-support/libc-cflags"
touch "$out/nix-support/libc-ldflags"
'' + optionalString (!isArocc) ''
echo "-B${libc_lib}${libc.libdir or "/lib/"}" >> $out/nix-support/libc-crt1-cflags
'' + optionalString (!(cc.langD or false)) ''
echo "-idirafter ${libc_dev}${libc.incdir or "/include"}" >> $out/nix-support/libc-cflags
echo "-${if isArocc then "I" else "idirafter"} ${libc_dev}${libc.incdir or "/include"}" >> $out/nix-support/libc-cflags
'' + optionalString (isGNU && (!(cc.langD or false))) ''
for dir in "${cc}"/lib/gcc/*/*/include-fixed; do
echo '-idirafter' ''${dir} >> $out/nix-support/libc-cflags
@ -597,7 +607,7 @@ stdenvNoCC.mkDerivation {
# ${cc_solib}/lib64 (even though it does actually search there...)..
# This confuses libtool. So add it to the compiler tool search
# path explicitly.
+ optionalString (!nativeTools) ''
+ optionalString (!nativeTools && !isArocc) ''
if [ -e "${cc_solib}/lib64" -a ! -L "${cc_solib}/lib64" ]; then
ccLDFlags+=" -L${cc_solib}/lib64"
ccCFlags+=" -B${cc_solib}/lib64"
@ -605,7 +615,7 @@ stdenvNoCC.mkDerivation {
ccLDFlags+=" -L${cc_solib}/lib"
ccCFlags+=" -B${cc_solib}/lib"
'' + optionalString cc.langAda or false ''
'' + optionalString (cc.langAda or false && !isArocc) ''
touch "$out/nix-support/gnat-cflags"
touch "$out/nix-support/gnat-ldflags"
basePath=$(echo $cc/lib/*/*/*)
@ -626,7 +636,7 @@ stdenvNoCC.mkDerivation {
+ optionalString propagateDoc ''
ln -s ${cc.man} $man
ln -s ${cc.info} $info
'' + optionalString (cc.langD or cc.langJava or false) ''
'' + optionalString (cc.langD or cc.langJava or false && !isArocc) ''
echo "-B${zlib}${zlib.libdir or "/lib/"}" >> $out/nix-support/libc-cflags
''
@ -667,7 +677,7 @@ stdenvNoCC.mkDerivation {
hardening_unsupported_flags+=" stackprotector"
''
+ optionalString (libc != null && targetPlatform.isAvr) ''
+ optionalString (libc != null && targetPlatform.isAvr && !isArocc) ''
for isa in avr5 avr3 avr4 avr6 avr25 avr31 avr35 avr51 avrxmega2 avrxmega4 avrxmega5 avrxmega6 avrxmega7 tiny-stack; do
echo "-B${getLib libc}/avr/lib/$isa" >> $out/nix-support/libc-crt1-cflags
done

105
pkgs/build-support/fetchpypilegacy/default.nix
View file

@ -1,45 +1,70 @@
# Fetch from PyPi legacy API as documented in https://warehouse.pypa.io/api-reference/legacy.html
{ runCommand
, lib
, python3
}:
{
# package name
pname,
# Package index
url ? null,
# Multiple package indices to consider
urls ? [ ],
# filename including extension
file,
# SRI hash
hash,
# allow overriding the derivation name
name ? null,
}:
runCommand,
lib,
python3,
cacert,
}@pkgs:
let
urls' = urls ++ lib.optional (url != null) url;
pathParts = lib.filter ({ prefix, path }: "NETRC" == prefix) builtins.nixPath;
netrc_file =
if (pathParts != [ ])
then (lib.head pathParts).path
else "";
inherit (lib)
optionalAttrs
fetchers
optional
inPureEvalMode
filter
head
concatStringsSep
escapeShellArg
;
impureEnvVars = fetchers.proxyImpureEnvVars ++ optional inPureEvalMode "NETRC";
in
# Assert that we have at least one URL
assert urls' != [ ]; runCommand file
({
nativeBuildInputs = [ python3 ];
impureEnvVars = lib.fetchers.proxyImpureEnvVars;
outputHashMode = "flat";
# if hash is empty select a default algo to let nix propose the actual hash.
outputHashAlgo = if hash == "" then "sha256" else null;
outputHash = hash;
NETRC = netrc_file;
}
// (lib.optionalAttrs (name != null) {inherit name;}))
''
python ${./fetch-legacy.py} ${lib.concatStringsSep " " (map (url: "--url ${lib.escapeShellArg url}") urls')} --pname ${pname} --filename ${file}
mv ${file} $out
''
lib.makeOverridable (
{
# package name
pname,
# Package index
url ? null,
# Multiple package indices to consider
urls ? [ ],
# filename including extension
file,
# SRI hash
hash,
# allow overriding the derivation name
name ? null,
# allow overriding cacert using src.override { cacert = cacert.override { extraCertificateFiles = [ ./path/to/cert.pem ]; }; }
cacert ? pkgs.cacert,
}:
let
urls' = urls ++ optional (url != null) url;
pathParts = filter ({ prefix, path }: "NETRC" == prefix) builtins.nixPath;
netrc_file = if (pathParts != [ ]) then (head pathParts).path else "";
in
# Assert that we have at least one URL
assert urls' != [ ];
runCommand file
(
{
nativeBuildInputs = [
python3
cacert
];
inherit impureEnvVars;
outputHashMode = "flat";
# if hash is empty select a default algo to let nix propose the actual hash.
outputHashAlgo = if hash == "" then "sha256" else null;
outputHash = hash;
}
// optionalAttrs (name != null) { inherit name; }
// optionalAttrs (!inPureEvalMode) { env.NETRC = netrc_file; }
)
''
python ${./fetch-legacy.py} ${
concatStringsSep " " (map (url: "--url ${escapeShellArg url}") urls')
} --pname ${pname} --filename ${file}
mv ${file} $out
''
)

3
pkgs/build-support/fetchpypilegacy/tests.nix
View file

@ -1,4 +1,5 @@
{ testers, fetchPypiLegacy, ... }: {
{ testers, fetchPypiLegacy, ... }:
{
# Tests that we can send custom headers with spaces in them
fetchSimple = testers.invalidateFetcherByDrvHash fetchPypiLegacy {
pname = "requests";

4
pkgs/by-name/ab/ablog/package.nix
View file

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "ablog";
version = "0.11.10";
version = "0.11.11";
format = "pyproject";
src = fetchFromGitHub {
owner = "sunpy";
repo = "ablog";
rev = "v${version}";
hash = "sha256-8NyFLGtMJLUkojEhWpWNZz3zlfgGVgSvgk4dDEz1jzs=";
hash = "sha256-Hx4iLO+Of2o4tmIDS17SxyswbW2+KMoD4BjB4q1KU9M=";
};
nativeBuildInputs = with python3.pkgs; [

6
pkgs/by-name/ab/abpoa/package.nix
View file

@ -14,13 +14,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "${lib.optionalString enablePython "py"}abpoa";
version = "1.5.1";
version = "1.5.2";
src = fetchFromGitHub {
owner = "yangao07";
repo = "abPOA";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-nPMzkWkjUI+vZExNEvJa24KrR0pWGk89Mvp7TCyka/w=";
hash = "sha256-gS0PO7K4hN+3k2NF8enri1FzM80H2I+a3MNaKsm74xM=";
};
patches = [ ./simd-arch.patch ];
@ -34,7 +34,7 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs = lib.optionals enablePython (
with python3Packages;
[
cython
cython_0
pypaBuildHook
pypaInstallHook
pythonImportsCheckHook

16
pkgs/by-name/ab/abpoa/simd-arch.patch
View file

@ -1,25 +1,25 @@
diff --git a/setup.py b/setup.py
index 52c0e7e..f88ec08 100644
index c6fc019..49fb3c8 100644
--- a/setup.py
+++ b/setup.py
@@ -11,11 +11,12 @@ simde = ['-DUSE_SIMDE', '-DSIMDE_ENABLE_NATIVE_ALIASES']
@@ -14,11 +14,12 @@ machine_arch = os.popen("uname -m").readlines()[0].rsplit()[0]
if platform.system() == "Darwin":
if machine_system == "Darwin":
# note: see https://github.com/pypa/wheel/issues/406
- simd_flag = ['-march=native', '-D__AVX2__', '-mmacosx-version-min=10.9']
if platform.machine() in ["aarch64", "arm64"]:
if machine_arch in ["aarch64", "arm64"]:
+ simd_flag = ['-march=armv8-a+simd', '-D__AVX2__', '-mmacosx-version-min=10.9']
os.environ['_PYTHON_HOST_PLATFORM'] = "macosx-10.9-arm64"
os.environ['ARCHFLAGS'] = "-arch arm64"
else:
else: # x86_64
+ simd_flag = ['-msse2', '-mmacosx-version-min=10.9']
os.environ['_PYTHON_HOST_PLATFORM'] = "macosx-10.9-x86_64"
os.environ['ARCHFLAGS'] = "-arch x86_64"
else:
@@ -24,7 +25,7 @@ else:
elif platform.machine() in ["aarch32"]:
@@ -27,7 +28,7 @@ else:
elif machine_arch in ["aarch32"]:
simd_flag = ['-march=armv8-a+simd', '-mfpu=auto -D__AVX2__']
else:
else: # x86_64
- simd_flag=['-march=native']
+ simd_flag=[]
if os.getenv('SSE4', False):

114
pkgs/by-name/ai/aider-chat/package.nix Normal file
View file

@ -0,0 +1,114 @@
{
lib,
stdenv,
python311,
fetchFromGitHub,
gitMinimal,
portaudio,
}:
let
python3 = python311.override {
self = python3;
packageOverrides = _: super: { tree-sitter = super.tree-sitter_0_21; };
};
version = "0.50.0";
in
python3.pkgs.buildPythonApplication {
pname = "aider-chat";
inherit version;
pyproject = true;
src = fetchFromGitHub {
owner = "paul-gauthier";
repo = "aider";
rev = "v${version}";
hash = "sha256-hRUxzljtgLGEDwHf6UtQzGQM8CgiRtgNLlVoKa2jU3o=";
};
build-system = with python3.pkgs; [ setuptools ];
dependencies =
with python3.pkgs;
[
aiohappyeyeballs
backoff
beautifulsoup4
configargparse
diff-match-patch
diskcache
flake8
gitpython
grep-ast
importlib-resources
jsonschema
jiter
litellm
networkx
numpy
packaging
pathspec
pillow
playwright
prompt-toolkit
pypager
pypandoc
pyperclip
pyyaml
rich
scipy
sounddevice
soundfile
streamlit
tokenizers
watchdog
]
++ lib.optionals (!tensorflow.meta.broken) [
llama-index-core
llama-index-embeddings-huggingface
];
buildInputs = [ portaudio ];
pythonRelaxDeps = true;
nativeCheckInputs = (with python3.pkgs; [ pytestCheckHook ]) ++ [ gitMinimal ];
disabledTestPaths = [
# requires network
"tests/scrape/test_scrape.py"
# Expected 'mock' to have been called once
"tests/help/test_help.py"
];
disabledTests =
[
# requires network
"test_urls"
"test_get_commit_message_with_custom_prompt"
# FileNotFoundError
"test_get_commit_message"
# Expected 'launch_gui' to have been called once
"test_browser_flag_imports_streamlit"
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
# fails on darwin
"test_dark_mode_sets_code_theme"
"test_default_env_file_sets_automatic_variable"
];
preCheck = ''
export HOME=$(mktemp -d)
'';
meta = {
description = "AI pair programming in your terminal";
homepage = "https://github.com/paul-gauthier/aider";
license = lib.licenses.asl20;
mainProgram = "aider";
maintainers = with lib.maintainers; [ taha-yassine ];
};
}

4
pkgs/by-name/al/alpaca/package.nix
View file

@ -17,14 +17,14 @@
python3Packages.buildPythonApplication rec {
pname = "alpaca";
version = "1.0.6";
version = "1.1.1";
pyproject = false; # Built with meson
src = fetchFromGitHub {
owner = "Jeffser";
repo = "Alpaca";
rev = version;
hash = "sha256-3xsntOPkcCV8ZizRS6du8cG1ZZEekehjf+4m3pofZBs=";
hash = "sha256-FFMclm+IUEU4cQZ0+uJHDCHytgW8+fygooWw3Nc1jxM=";
};
nativeBuildInputs = [

8
pkgs/by-name/ar/arduino-cli/package.nix
View file

@ -12,13 +12,13 @@ let
pkg = buildGoModule rec {
pname = "arduino-cli";
version = "1.0.3";
version = "1.0.4";
src = fetchFromGitHub {
owner = "arduino";
repo = pname;
rev = "v${version}";
hash = "sha256-/2GtWiks/d8sTJ6slX2nQtFpGkqm4PSfgDd0uVG+qN8=";
rev = "refs/tags/v${version}";
hash = "sha256-0a2YlgswjiZT1aPO513IZTb/Pba0IydvB0je3e6rN9M=";
};
nativeBuildInputs = [ installShellFiles ];
@ -27,7 +27,7 @@ let
subPackages = [ "." ];
vendorHash = "sha256-OkilZMDTueHfn6T5Af8e+CVersSPDMcAUUB2o1ny6nc=";
vendorHash = "sha256-53gQrYgdQ/54+KAQwfUZWebz7Tb1cEt8jGd9PbhS87s=";
postPatch =
let

12
pkgs/by-name/ba/basedpyright/package.nix
View file

@ -11,13 +11,13 @@
}:
let
version = "1.15.2";
version = "1.16.0";
src = fetchFromGitHub {
owner = "detachhead";
repo = "basedpyright";
rev = "refs/tags/v${version}";
hash = "sha256-N51wZjhdoNbhHpMrgcEEzd9FIVwKwYs9sU7jyFV2b8g=";
hash = "sha256-sNSMVPPHSqy4sOpM3H07R3WL8OUrQ4//baxiWSOBXP8=";
};
patchedPackageJSON = runCommand "package.json" { } ''
@ -47,10 +47,10 @@ let
pname = "pyright-internal";
inherit version src;
sourceRoot = "${src.name}/packages/pyright-internal";
npmDepsHash = "sha256-RkMgCa7oAPFbTHC5WAcz6b8cUOEORR0sZr2VxhQki1k=";
npmDepsHash = "sha256-jNvV1+2qKGNr0LjSCORi3A2IxJspc7/PTazcCCjeMe4=";
dontNpmBuild = true;
# FIXME: Remove this flag when TypeScript 5.5 is released
npmFlags = [ "--legacy-peer-deps" ];
# Uncomment this flag when using unreleased peer dependencies
# npmFlags = [ "--legacy-peer-deps" ];
installPhase = ''
runHook preInstall
cp -r . "$out"
@ -94,7 +94,7 @@ buildNpmPackage rec {
inherit version src;
sourceRoot = "${src.name}/packages/pyright";
npmDepsHash = "sha256-6Zhd5IothE7RoetaITL5MmLIF6YDNk6IiHcfTzbbjLY=";
npmDepsHash = "sha256-n2UU1wNN+wbHsAv7pJHNJTDjEE5ZpjRxBGSVPF4ADm8=";
postPatch = ''
chmod +w ../../

6
pkgs/by-name/bl/bluetuith/package.nix
View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "bluetuith";
version = "0.2.2";
version = "0.2.3";
src = fetchFromGitHub {
owner = "darkhz";
repo = pname;
rev = "v${version}";
sha256 = "sha256-JwPTFMimGDZnESx6l72cK545rzyDWWTBU66t9bU49w0=";
sha256 = "sha256-yXH/koNT4ec/SOZhSU01iPNAfD1MdMjM2+wNmjXWsrk=";
};
vendorHash = "sha256-A0hUenuji3bfJghLRM2mvFbusrHm+tQ+LeRGzIETpbs=";
vendorHash = "sha256-tEVzuhE0Di7edGa5eJHLLqOecCuoj02h91TsZiZU1PM=";
CGO_ENABLED = 0;

78
pkgs/by-name/bu/bugstalker/package.nix
View file

@ -7,91 +7,23 @@
rustPlatform.buildRustPackage rec {
pname = "bugstalker";
version = "0.1.4";
version = "0.2.2";
src = fetchFromGitHub {
owner = "godzie44";
repo = "BugStalker";
rev = "v${version}";
hash = "sha256-16bmvz6/t8H8Sx/32l+fp3QqP5lwi0o1Q9KqDHqF22U=";
hash = "sha256-JacRt+zNwL7hdpdh5h9Mxztqi47f5eUbcZyx6ct/5Bc=";
};
cargoHash = "sha256-kp0GZ0cM57BMpH/8lhxevnBuJhUSH0rtxP4B/9fXYiU=";
cargoHash = "sha256-ljT7Dl9553sfZBqTe6gT3iYPH+D1Jp9ZsyGVQGOekxw=";
buildInputs = [ libunwind ];
nativeBuildInputs = [ pkg-config ];
# Tests which require access to example source code fail in the sandbox. I
# haven't managed to figure out how to fix this.
checkFlags = [
"--skip=breakpoints::test_breakpoint_at_fn_with_monomorphization"
"--skip=breakpoints::test_breakpoint_at_line_with_monomorphization"
"--skip=breakpoints::test_brkpt_on_function"
"--skip=breakpoints::test_brkpt_on_function_name_collision"
"--skip=breakpoints::test_brkpt_on_line"
"--skip=breakpoints::test_brkpt_on_line2"
"--skip=breakpoints::test_brkpt_on_line_collision"
"--skip=breakpoints::test_debugee_run"
"--skip=breakpoints::test_deferred_breakpoint"
"--skip=breakpoints::test_multiple_brkpt_on_addr"
"--skip=breakpoints::test_set_breakpoint_idempotence"
"--skip=io::test_backtrace"
"--skip=io::test_read_register_write"
"--skip=io::test_read_value_u64"
"--skip=multithreaded::test_multithreaded_app_running"
"--skip=multithreaded::test_multithreaded_backtrace"
"--skip=multithreaded::test_multithreaded_breakpoints"
"--skip=multithreaded::test_multithreaded_trace"
"--skip=signal::test_signal_stop_multi_thread"
"--skip=signal::test_signal_stop_multi_thread_multiple_signal"
"--skip=signal::test_signal_stop_single_thread"
"--skip=signal::test_transparent_signals"
"--skip=steps::test_step_into"
"--skip=steps::test_step_into_recursion"
"--skip=steps::test_step_out"
"--skip=steps::test_step_over"
"--skip=steps::test_step_over_inline_code"
"--skip=steps::test_step_over_on_fn_decl"
"--skip=symbol::test_symbol"
"--skip=test_debugger_disassembler"
"--skip=test_debugger_graceful_shutdown"
"--skip=test_debugger_graceful_shutdown_multithread"
"--skip=test_frame_cfa"
"--skip=test_registers"
"--skip=variables::test_arguments"
"--skip=variables::test_btree_map"
"--skip=variables::test_cast_pointers"
"--skip=variables::test_cell"
"--skip=variables::test_circular_ref_types"
"--skip=variables::test_lexical_blocks"
"--skip=variables::test_read_array"
"--skip=variables::test_read_atomic"
"--skip=variables::test_read_btree_set"
"--skip=variables::test_read_closures"
"--skip=variables::test_read_enum"
"--skip=variables::test_read_hashmap"
"--skip=variables::test_read_hashset"
"--skip=variables::test_read_only_local_variables"
"--skip=variables::test_read_pointers"
"--skip=variables::test_read_scalar_variables"
"--skip=variables::test_read_scalar_variables_at_place"
"--skip=variables::test_read_static_in_fn_variable"
"--skip=variables::test_read_static_variables"
"--skip=variables::test_read_static_variables_different_modules"
"--skip=variables::test_read_strings"
"--skip=variables::test_read_struct"
"--skip=variables::test_read_tls_variables"
"--skip=variables::test_read_type_alias"
"--skip=variables::test_read_union"
"--skip=variables::test_read_uuid"
"--skip=variables::test_read_vec_and_slice"
"--skip=variables::test_read_vec_deque"
"--skip=variables::test_shared_ptr"
"--skip=variables::test_slice_operator"
"--skip=variables::test_type_parameters"
"--skip=variables::test_zst_types"
];
# Tests require rustup.
doCheck = false;
meta = {
description = "Rust debugger for Linux x86-64";

27
pkgs/by-name/ca/casadi/package.nix
View file

@ -30,7 +30,7 @@
#sundials,
superscs,
spral,
swig,
swig4,
tinyxml-2,
withUnfree ? false,
}:
@ -96,6 +96,17 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace swig/python/CMakeLists.txt --replace-fail \
"if (SWIG_IMPORT)" \
"if (NOT SWIG_IMPORT)"
''
+ lib.optionalString stdenv.isDarwin ''
# this is only printing stuff, and is not defined on all CPU
substituteInPlace casadi/interfaces/hpipm/hpipm_runtime.hpp --replace-fail \
"d_print_exp_tran_mat" \
"//d_print_exp_tran_mat"
# fix missing symbols
substituteInPlace cmake/FindCLANG.cmake --replace-fail \
"clangBasic)" \
"clangBasic clangASTMatchers clangSupport)"
'';
nativeBuildInputs = [
@ -128,7 +139,7 @@ stdenv.mkDerivation (finalAttrs: {
#sundials
superscs
spral
swig
swig4
tinyxml-2
]
++ lib.optionals withUnfree [
@ -138,11 +149,15 @@ stdenv.mkDerivation (finalAttrs: {
++ lib.optionals pythonSupport [
python3Packages.numpy
python3Packages.python
];
]
++ lib.optionals stdenv.isDarwin [ llvmPackages_17.openmp ];
cmakeFlags = [
(lib.cmakeBool "WITH_PYTHON" pythonSupport)
(lib.cmakeBool "WITH_PYTHON3" pythonSupport)
# We don't mind always setting this cmake variable, it will be read only if
# pythonSupport is enabled.
"-DPYTHON_PREFIX=${placeholder "out"}/${python3Packages.python.sitePackages}"
(lib.cmakeBool "WITH_JSON" false)
(lib.cmakeBool "WITH_INSTALL_INTERNAL_HEADERS" true)
(lib.cmakeBool "INSTALL_INTERNAL_HEADERS" true)
@ -189,11 +204,6 @@ stdenv.mkDerivation (finalAttrs: {
#(lib.cmakeBool "WITH_ALPAQA" true) # this requires casadi...
];
# I don't know how to pass absolute $out path from cmakeFlags
postConfigure = lib.optionalString pythonSupport ''
cmake -DPYTHON_PREFIX=$out/${python3Packages.python.sitePackages} ..
'';
doCheck = true;
meta = {
@ -201,5 +211,6 @@ stdenv.mkDerivation (finalAttrs: {
homepage = "https://github.com/casadi/casadi";
license = lib.licenses.lgpl3Only;
maintainers = with lib.maintainers; [ nim65s ];
platforms = lib.platforms.all;
};
})

0
pkgs/development/tools/cbor-diag/Gemfile → pkgs/by-name/cb/cbor-diag/Gemfile
View file

6
pkgs/development/tools/cbor-diag/Gemfile.lock → pkgs/by-name/cb/cbor-diag/Gemfile.lock
View file

@ -3,7 +3,7 @@ GEM
specs:
cbor-canonical (0.1.2)
cbor-deterministic (0.1.3)
cbor-diag (0.8.7)
cbor-diag (0.8.8)
cbor-canonical
cbor-deterministic
cbor-packed
@ -11,7 +11,7 @@ GEM
neatjson
treetop (~> 1)
cbor-packed (0.1.5)
json_pure (2.6.3)
json_pure (2.7.2)
neatjson (0.10.5)
polyglot (0.3.5)
treetop (1.6.12)
@ -24,4 +24,4 @@ DEPENDENCIES
cbor-diag
BUNDLED WITH
2.4.20
2.5.16

8
pkgs/development/tools/cbor-diag/gemset.nix → pkgs/by-name/cb/cbor-diag/gemset.nix
View file

@ -25,10 +25,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0rwd88xngbjamgydj9rg3wvgl53pfzhal2n702s9afa1yp8mjm51";
sha256 = "12gicnz857iin9lhbrigyqz4v8fan9lq4sd56rfcb2c7a8azvmz9";
type = "gem";
};
version = "0.8.7";
version = "0.8.8";
};
cbor-packed = {
groups = ["default"];
@ -45,10 +45,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0kn736pb52j8b9xxq6l8wqp2chs74aa14vfnp0rijjn086m8b4f3";
sha256 = "13b4dminf6znfwvj8d61w6dar9zrxnndrmiig19adbliv0haxmlr";
type = "gem";
};
version = "2.6.3";
version = "2.7.2";
};
neatjson = {
groups = ["default"];

2
pkgs/development/tools/cbor-diag/default.nix → pkgs/by-name/cb/cbor-diag/package.nix
View file

@ -29,7 +29,7 @@ bundlerApp {
description = "CBOR diagnostic utilities";
homepage = "https://github.com/cabo/cbor-diag";
license = with licenses; asl20;
maintainers = with maintainers; [ fdns nicknovitski ];
maintainers = with maintainers; [ fdns nicknovitski amesgen ];
platforms = platforms.unix;
};
}

4
pkgs/by-name/ch/charmcraft/package.nix
View file

@ -31,7 +31,7 @@ let
in
python.pkgs.buildPythonApplication rec {
pname = "charmcraft";
version = "3.1.1";
version = "3.1.2";
pyproject = true;
@ -39,7 +39,7 @@ python.pkgs.buildPythonApplication rec {
owner = "canonical";
repo = "charmcraft";
rev = "refs/tags/${version}";
hash = "sha256-oxNbAIf7ltdDYkGJj29zvNDNXT6vt1jWaIqHJoMr7gU=";
hash = "sha256-Qi2ZtAYgQlKj77QPovcT3RrPwAlEwaFyoJ0MAq4EETE=";
};
postPatch = ''

6
pkgs/by-name/ci/cinny-unwrapped/package.nix
View file

@ -13,16 +13,16 @@
buildNpmPackage rec {
pname = "cinny-unwrapped";
version = "4.0.3";
version = "4.1.0";
src = fetchFromGitHub {
owner = "cinnyapp";
repo = "cinny";
rev = "v${version}";
hash = "sha256-5Tf1CgB/YAyGVpopHERQ8xNGwklB+f2l+yfgCKsR3I8=";
hash = "sha256-GC+TvTPfirov4GxkTp0N3tkDQEAEdmPB71NzOBZQiqs=";
};
npmDepsHash = "sha256-wtHFqnz5BtMUikdFZyTiLrw+e69WErowYBhu8cnEjkI=";
npmDepsHash = "sha256-dP+m/ocGn8szZuakrz8slSReNeepOF4Jf7L0/gnXWGU=";
# Fix error: no member named 'aligned_alloc' in the global namespace
env.NIX_CFLAGS_COMPILE = lib.optionalString (

36
pkgs/by-name/cl/cloak-pt/package.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
let
version = "2.9.0";
in
buildGoModule {
pname = "Cloak";
inherit version;
src = fetchFromGitHub {
owner = "cbeuw";
repo = "Cloak";
rev = "v${version}";
hash = "sha256-IclSnSJAUSWWAk8UZbUJLMVcnoZk5Yvsd1n3u67cM2g=";
};
vendorHash = "sha256-kkb/gPnDbJvfc5Qqc5HuM1c9OwOu1ijfO7nNNnY3mOo=";
doCheck = false;
ldflags = [ "-X main.version=${version}" ];
meta = {
homepage = "https://github.com/cbeuw/Cloak/";
description = "Pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination";
longDescription = ''
Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing activities.
To any third party observer, a host running Cloak server is indistinguishable from an innocent web server.
'';
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [ bananad3v ];
};
}

Some files were not shown because too many files have changed in this diff Show more