diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-02-17 12:01:58 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-17 12:01:58 +0000 |
| commit | 3b5c06282da574e691c28b9c9a71d1e712364e5d (patch) | |
| tree | 7cfb6b23071446c89e8e234324adbb1f92b212c8 | |
| parent | ab566b86563ffd3e793be53ca15aec2f2c808341 (diff) | |
| parent | 72bb5faaca512fc97fe5e629f964962faa34e95f (diff) | |
| download | nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.tar nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.tar.gz nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.tar.bz2 nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.tar.lz nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.tar.xz nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.tar.zst nixlib-3b5c06282da574e691c28b9c9a71d1e712364e5d.zip | |
Merge staging-next into staging
54 files changed, 1066 insertions, 273 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 6e9e3faf60e6..36762361d104 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -1417,6 +1417,12 @@ githubId = 12958979; name = "Mika Naylor"; }; + avakhrenev = { + email = "avakhrenev@gmail.com"; + github = "avakhrenev"; + githubId = 1060224; + name = "Alexey Vakhrenev"; + }; avaq = { email = "nixpkgs@account.avaq.it"; github = "Avaq"; diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index 9a83b2973b59..eb1e41a3d8dc 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -67,6 +67,7 @@ with lib; stoken = super.stoken.override { withGTK3 = false; }; # translateManpages -> perlPackages.po4a -> texlive-combined-basic -> texlive-core-big -> libX11 util-linux = super.util-linux.override { translateManpages = false; }; + vim-full = super.vim-full.override { guiSupport = false; }; zbar = super.zbar.override { enableVideo = false; withXorg = false; }; })); }; diff --git a/nixos/modules/system/boot/systemd/repart.nix b/nixos/modules/system/boot/systemd/repart.nix index 33f1b247c5ed..8f3a70023770 100644 --- a/nixos/modules/system/boot/systemd/repart.nix +++ b/nixos/modules/system/boot/systemd/repart.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: let - cfg = config.boot.initrd.systemd.repart; + cfg = config.systemd.repart; + initrdCfg = config.boot.initrd.systemd.repart; writeDefinition = name: partitionConfig: pkgs.writeText "${name}.conf" @@ -24,45 +25,59 @@ let ''; in { - options.boot.initrd.systemd.repart = { - enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { + options = { + boot.initrd.systemd.repart.enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { description = lib.mdDoc '' - Grow and add partitions to a partition table a boot time in the initrd. + Grow and add partitions to a partition table at boot time in the initrd. systemd-repart only works with GPT partition tables. + + To run systemd-repart after the initrd, see + `options.systemd.repart.enable`. ''; }; - partitions = lib.mkOption { - type = with lib.types; attrsOf (attrsOf (oneOf [ str int bool ])); - default = { }; - example = { - "10-root" = { - Type = "root"; - }; - "20-home" = { - Type = "home"; - SizeMinBytes = "512M"; - SizeMaxBytes = "2G"; + systemd.repart = { + enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { + description = lib.mdDoc '' + Grow and add partitions to a partition table. + systemd-repart only works with GPT partition tables. + + To run systemd-repart while in the initrd, see + `options.boot.initrd.systemd.repart.enable`. + ''; + }; + + partitions = lib.mkOption { + type = with lib.types; attrsOf (attrsOf (oneOf [ str int bool ])); + default = { }; + example = { + "10-root" = { + Type = "root"; + }; + "20-home" = { + Type = "home"; + SizeMinBytes = "512M"; + SizeMaxBytes = "2G"; + }; }; + description = lib.mdDoc '' + Specify partitions as a set of the names of the definition files as the + key and the partition configuration as its value. The partition + configuration can use all upstream options. See <link + xlink:href="https://www.freedesktop.org/software/systemd/man/repart.d.html"/> + for all available options. + ''; }; - description = lib.mdDoc '' - Specify partitions as a set of the names of the definition files as the - key and the partition configuration as its value. The partition - configuration can use all upstream options. See <link - xlink:href="https://www.freedesktop.org/software/systemd/man/repart.d.html"/> - for all available options. - ''; }; }; - config = lib.mkIf cfg.enable { - # Link the definitions into /etc so that they are included in the - # /nix/store of the sysroot. This also allows the user to run the - # systemd-repart binary after activation manually while automatically - # picking up the definition files. + config = lib.mkIf (cfg.enable || initrdCfg.enable) { + # Always link the definitions into /etc so that they are also included in + # the /nix/store of the sysroot during early userspace (i.e. while in the + # initrd). environment.etc."repart.d".source = definitionsDirectory; - boot.initrd.systemd = { + boot.initrd.systemd = lib.mkIf initrdCfg.enable { additionalUpstreamUnits = [ "systemd-repart.service" ]; @@ -73,7 +88,7 @@ in # Override defaults in upstream unit. services.systemd-repart = { - # Unset the coniditions as they cannot be met before activation because + # Unset the conditions as they cannot be met before activation because # the definition files are not stored in the expected locations. unitConfig.ConditionDirectoryNotEmpty = [ " " # required to unset the previous value. @@ -97,5 +112,12 @@ in after = [ "sysroot.mount" ]; }; }; + + systemd = lib.mkIf cfg.enable { + additionalUpstreamSystemUnits = [ + "systemd-repart.service" + ]; + }; }; + } diff --git a/nixos/modules/virtualisation/podman/default.nix b/nixos/modules/virtualisation/podman/default.nix index 2e2190e4188c..baca48305188 100644 --- a/nixos/modules/virtualisation/podman/default.nix +++ b/nixos/modules/virtualisation/podman/default.nix @@ -9,8 +9,7 @@ let extraPackages = cfg.extraPackages # setuid shadow ++ [ "/run/wrappers" ] - # include pkgs.zfs by default in the wrapped podman used by the module so it is cached - ++ (if (builtins.elem "zfs" config.boot.supportedFilesystems) then [ config.boot.zfs.package ] else [ pkgs.zfs ]); + ++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package; }); # Provides a fake "docker" binary mapping to podman @@ -184,6 +183,10 @@ in systemd.packages = [ cfg.package ]; + systemd.services.podman.serviceConfig = { + ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; + }; + systemd.services.podman-prune = { description = "Prune podman resources"; @@ -204,6 +207,10 @@ in systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.socketConfig.SocketGroup = "podman"; + systemd.user.services.podman.serviceConfig = { + ExecStart = [ "" "${cfg.package}/bin/podman $LOGGING system service" ]; + }; + systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.tmpfiles.packages = [ diff --git a/nixos/tests/systemd-repart.nix b/nixos/tests/systemd-repart.nix index 92cc1fb04edc..36de5d988fdb 100644 --- a/nixos/tests/systemd-repart.nix +++ b/nixos/tests/systemd-repart.nix @@ -52,9 +52,6 @@ let }; }; - boot.initrd.systemd.enable = true; - boot.initrd.systemd.repart.enable = true; - # systemd-repart operates on disks with a partition table. The qemu module, # however, creates separate filesystem images without a partition table, so # we have to create a disk image manually. @@ -88,7 +85,10 @@ in nodes.machine = { config, pkgs, ... }: { imports = [ common ]; - boot.initrd.systemd.repart.partitions = { + boot.initrd.systemd.enable = true; + + boot.initrd.systemd.repart.enable = true; + systemd.repart.partitions = { "10-root" = { Type = "linux-generic"; }; @@ -105,4 +105,30 @@ in assert "Growing existing partition 1." in systemd_repart_logs ''; }; + + after-initrd = makeTest { + name = "systemd-repart-after-initrd"; + meta.maintainers = with maintainers; [ nikstur ]; + + nodes.machine = { config, pkgs, ... }: { + imports = [ common ]; + + systemd.repart.enable = true; + systemd.repart.partitions = { + "10-root" = { + Type = "linux-generic"; + }; + }; + }; + + testScript = { nodes, ... }: '' + ${useDiskImage nodes.machine} + + machine.start() + machine.wait_for_unit("multi-user.target") + + systemd_repart_logs = machine.succeed("journalctl --unit systemd-repart.service") + assert "Growing existing partition 1." in systemd_repart_logs + ''; + }; } diff --git a/pkgs/applications/audio/eartag/default.nix b/pkgs/applications/audio/eartag/default.nix index 0db9da5d2161..8a4ffab5dc1f 100644 --- a/pkgs/applications/audio/eartag/default.nix +++ b/pkgs/applications/audio/eartag/default.nix @@ -1,6 +1,6 @@ { stdenv , lib -, fetchFromGitHub +, fetchFromGitLab , meson , ninja , pkg-config @@ -18,14 +18,15 @@ python3Packages.buildPythonApplication rec { pname = "eartag"; - version = "0.3.1"; + version = "0.3.2"; format = "other"; - src = fetchFromGitHub { + src = fetchFromGitLab { + domain = "gitlab.gnome.org"; owner = "knuxify"; repo = pname; - rev = "refs/tags/${version}"; - sha256 = "sha256-gN3V5ZHlhHp52Jg/i+hDLEDpSvP8yFngujyw5ZncQQg="; + rev = version; + sha256 = "sha256-XvbfQtE8LsztQ2VByG2jLYND3qVpH6owdAgh3b//lI4="; }; postPatch = '' @@ -67,7 +68,7 @@ python3Packages.buildPythonApplication rec { ''; meta = with lib; { - homepage = "https://github.com/knuxify/eartag"; + homepage = "https://gitlab.gnome.org/knuxify/eartag"; description = "Simple music tag editor"; # This seems to be using ICU license but we're flagging it to MIT license # since ICU license is a modified version of MIT and to prevent it from diff --git a/pkgs/applications/audio/pianotrans/default.nix b/pkgs/applications/audio/pianotrans/default.nix index 89e0716a0adc..e5848de03dac 100644 --- a/pkgs/applications/audio/pianotrans/default.nix +++ b/pkgs/applications/audio/pianotrans/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "pianotrans"; - version = "1.0"; + version = "1.0.1"; format = "setuptools"; src = fetchFromGitHub { owner = "azuwis"; repo = pname; rev = "v${version}"; - hash = "sha256-6Otup1Yat1dBZdSoR4lDfpytUQ2RbDXC6ieo835Nw+U="; + hash = "sha256-gRbyUQmPtGvx5QKAyrmeJl0stp7hwLBWwjSbJajihdE="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/applications/blockchains/ledger-live-desktop/default.nix b/pkgs/applications/blockchains/ledger-live-desktop/default.nix index d64376aae18d..5aee9eaee9fe 100644 --- a/pkgs/applications/blockchains/ledger-live-desktop/default.nix +++ b/pkgs/applications/blockchains/ledger-live-desktop/default.nix @@ -2,11 +2,11 @@ let pname = "ledger-live-desktop"; - version = "2.51.0"; + version = "2.53.2"; src = fetchurl { url = "https://download.live.ledger.com/${pname}-${version}-linux-x86_64.AppImage"; - hash = "sha256-qpgzGJsj7hrrK2i+xP0T+hcw7WMlGBILbHVJBHD5duo="; + hash = "sha256-RGeJWUMZagXM/8SHHOpTpcnsz+BShnGp2yvt31qo5lI="; }; appimageContents = appimageTools.extractType2 { diff --git a/pkgs/applications/emulators/flycast/default.nix b/pkgs/applications/emulators/flycast/default.nix index b597abc7b069..f1874d62fba4 100644 --- a/pkgs/applications/emulators/flycast/default.nix +++ b/pkgs/applications/emulators/flycast/default.nix @@ -5,25 +5,36 @@ , pkg-config , makeWrapper , alsa-lib -, libX11 +, curl +, egl-wayland +, libao +, libdecor , libevdev -, udev +, libffi +, libGL , libpulseaudio -, SDL2 +, libX11 +, libXext +, libxkbcommon , libzip +, mesa , miniupnpc +, udev +, vulkan-headers , vulkan-loader +, wayland +, zlib }: stdenv.mkDerivation rec { pname = "flycast"; - version = "2.0"; + version = "2.1"; src = fetchFromGitHub { owner = "flyinghead"; repo = "flycast"; - rev = "v${version}"; - sha256 = "sha256-vSyLg2lAJBV7crKVbGRbi1PUuCwHF9GB/8pjMTlaigA="; + rev = "V${version}"; + sha256 = "sha256-PRInOqg9OpaUVLwSj1lOxDtjpVaYehkRsp0jLrVKPyY="; fetchSubmodules = true; }; @@ -35,13 +46,24 @@ stdenv.mkDerivation rec { buildInputs = [ alsa-lib - libX11 + curl + egl-wayland + libao + libdecor libevdev - udev + libffi + libGL libpulseaudio - SDL2 + libX11 + libXext + libxkbcommon libzip + mesa # for libgbm miniupnpc + udev + vulkan-headers + wayland + zlib ]; postFixup = '' diff --git a/pkgs/applications/misc/usql/default.nix b/pkgs/applications/misc/usql/default.nix index 4911556086c7..839b100383f5 100644 --- a/pkgs/applications/misc/usql/default.nix +++ b/pkgs/applications/misc/usql/default.nix @@ -10,18 +10,18 @@ buildGoModule rec { pname = "usql"; - version = "0.13.8"; + version = "0.13.9"; src = fetchFromGitHub { owner = "xo"; repo = "usql"; rev = "v${version}"; - hash = "sha256-oNsA9VM6MN2czeZSTFGvmCWX0T3iVaAhQk1mVRyKgWw="; + hash = "sha256-hcAwwu1bp7QJLt+mrUZYK6YeX/uRmfRa8JnUfrTzf3k="; }; buildInputs = [ unixODBC icu ]; - vendorHash = "sha256-LG5gTHXB1ItDZFbTBHyZGHZLaSYb8wekIHkahTMXzkk="; + vendorHash = "sha256-BehI6O+WpCcgMGabTFMCpYHN3CIo3Zb5rBQuGLsWRc0="; proxyVendor = true; # Exclude broken impala & hive driver diff --git a/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.nix b/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.nix index bd2f9e4b3f5e..f627647e1efb 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.nix @@ -56,6 +56,10 @@ stdenv.mkDerivation { fetchSubmodules = true; }; + patches = [ + ./tg_owt.patch + ]; + postPatch = lib.optionalString stdenv.isLinux '' substituteInPlace src/modules/desktop_capture/linux/egl_dmabuf.cc \ --replace '"libEGL.so.1"' '"${libGL}/lib/libEGL.so.1"' \ diff --git a/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.patch b/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.patch new file mode 100644 index 000000000000..05332d51c047 --- /dev/null +++ b/pkgs/applications/networking/instant-messengers/telegram/kotatogram-desktop/tg_owt.patch @@ -0,0 +1,23 @@ +--- a/src/modules/include/module_common_types_public.h ++++ b/src/modules/include/module_common_types_public.h +@@ -11,6 +11,7 @@ + #ifndef MODULES_INCLUDE_MODULE_COMMON_TYPES_PUBLIC_H_ + #define MODULES_INCLUDE_MODULE_COMMON_TYPES_PUBLIC_H_ + ++#include <cstdint> + #include <limits> + + #include "absl/types/optional.h" +diff --git a/src/common_video/h265/h265_pps_parser.h b/src/common_video/h265/h265_pps_parser.h +index 28c95ea9..790b0b73 100644 +--- a/src/common_video/h265/h265_pps_parser.h ++++ b/src/common_video/h265/h265_pps_parser.h +@@ -13,6 +13,8 @@ + + #include "absl/types/optional.h" + ++#include <stdint.h> ++ + namespace rtc { + class BitBuffer; + } diff --git a/pkgs/applications/networking/syncthing/default.nix b/pkgs/applications/networking/syncthing/default.nix index 3b171070a573..d221324b205b 100644 --- a/pkgs/applications/networking/syncthing/default.nix +++ b/pkgs/applications/networking/syncthing/default.nix @@ -1,4 +1,4 @@ -{ buildGoModule, stdenv, lib, procps, fetchFromGitHub, nixosTests }: +{ pkgsBuildBuild, go, buildGoModule, stdenv, lib, procps, fetchFromGitHub, nixosTests }: let common = { stname, target, postInstall ? "" }: @@ -22,7 +22,12 @@ let buildPhase = '' runHook preBuild - go run build.go -no-upgrade -version v${version} build ${target} + ( + export GOOS="${pkgsBuildBuild.go.GOOS}" GOARCH="${pkgsBuildBuild.go.GOARCH}" CC=$CC_FOR_BUILD + go build build.go + go generate github.com/syncthing/syncthing/lib/api/auto github.com/syncthing/syncthing/cmd/strelaypoolsrv/auto + ) + ./build -goos ${go.GOOS} -goarch ${go.GOARCH} -no-upgrade -version v${version} build ${target} runHook postBuild ''; diff --git a/pkgs/applications/science/misc/cwltool/default.nix b/pkgs/applications/science/misc/cwltool/default.nix index 815ccc6cc249..7c28f65f3bf7 100644 --- a/pkgs/applications/science/misc/cwltool/default.nix +++ b/pkgs/applications/science/misc/cwltool/default.nix @@ -7,14 +7,14 @@ python3.pkgs.buildPythonApplication rec { pname = "cwltool"; - version = "3.1.20230209161050"; + version = "3.1.20230213100550"; format = "setuptools"; src = fetchFromGitHub { owner = "common-workflow-language"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-gc/KSJS3KcxXc3xDyJSXavaxtwhKBiihgdI7yc7d2I8="; + hash = "sha256-BtHkIVadcccnYYX8lRqiCzO+/qFeBaZfdUuu6qrjysk="; }; postPatch = '' diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix index 766a9fd1de50..d8bfa140fa87 100644 --- a/pkgs/applications/virtualization/podman/default.nix +++ b/pkgs/applications/virtualization/podman/default.nix @@ -14,52 +14,10 @@ , go-md2man , nixosTests , python3 -, makeWrapper -, symlinkJoin -, extraPackages ? [ ] -, runc -, crun -, conmon -, slirp4netns -, fuse-overlayfs -, util-linux -, iptables -, iproute2 -, catatonit -, gvproxy -, aardvark-dns -, netavark , testers , podman }: -let - # do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed - binPath = lib.makeBinPath ([ - ] ++ lib.optionals stdenv.isLinux [ - runc - crun - conmon - slirp4netns - fuse-overlayfs - util-linux - iptables - iproute2 - ] ++ extraPackages); - - helpersBin = symlinkJoin { - name = "podman-helper-binary-wrapper"; - - # this only works for some binaries, others may need to be be added to `binPath` or in the modules - paths = [ - gvproxy - ] ++ lib.optionals stdenv.isLinux [ - aardvark-dns - catatonit # added here for the pause image and also set in `containersConf` for `init_path` - netavark - ]; - }; -in buildGoModule rec { pname = "podman"; version = "4.4.1"; @@ -80,9 +38,9 @@ buildGoModule rec { doCheck = false; - outputs = [ "out" "man" ]; + outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ]; - nativeBuildInputs = [ pkg-config go-md2man installShellFiles makeWrapper python3 ]; + nativeBuildInputs = [ pkg-config go-md2man installShellFiles python3 ]; buildInputs = lib.optionals stdenv.isLinux [ btrfs-progs @@ -94,16 +52,13 @@ buildGoModule rec { systemd ]; - HELPER_BINARIES_DIR = "${helpersBin}/bin"; - PREFIX = "${placeholder "out"}"; - buildPhase = '' runHook preBuild patchShebangs . ${if stdenv.isDarwin then '' make podman-remote # podman-mac-helper uses FHS paths '' else '' - make bin/podman bin/rootlessport bin/quadlet + make bin/podman bin/rootlessport ''} make docs runHook postBuild @@ -111,20 +66,26 @@ buildGoModule rec { installPhase = '' runHook preInstall + mkdir -p {$out/{bin,etc,lib,share},$man} # ensure paths exist for the wrapper ${if stdenv.isDarwin then '' - install bin/darwin/podman -Dt $out/bin + mv bin/{darwin/podman,podman} '' else '' - make install.bin install.systemd + install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d + for s in contrib/systemd/**/*.in; do + substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary + done + PREFIX=$out make install.systemd + install -Dm555 bin/rootlessport -t $rootlessport/bin ''} - make install.completions install.man - wrapProgram $out/bin/podman \ - --prefix PATH : ${lib.escapeShellArg binPath} + install -Dm555 bin/podman -t $out/bin + PREFIX=$out make install.completions + MANDIR=$man/share/man make install.man runHook postInstall ''; postFixup = lib.optionalString stdenv.isLinux '' - RPATH=$(patchelf --print-rpath $out/bin/.podman-wrapped) - patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/.podman-wrapped + RPATH=$(patchelf --print-rpath $out/bin/podman) + patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman ''; passthru.tests = { diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix new file mode 100644 index 000000000000..7fe483a7079e --- /dev/null +++ b/pkgs/applications/virtualization/podman/wrapper.nix @@ -0,0 +1,78 @@ +{ podman-unwrapped +, runCommand +, makeWrapper +, symlinkJoin +, lib +, stdenv +, extraPackages ? [] +, runc # Default container runtime +, crun # Container runtime (default with cgroups v2 for podman/buildah) +, conmon # Container runtime monitor +, slirp4netns # User-mode networking for unprivileged namespaces +, fuse-overlayfs # CoW for images, much faster than default vfs +, util-linux # nsenter +, iptables +, iproute2 +, catatonit +, gvproxy +, aardvark-dns +, netavark +}: + +# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed + +let + binPath = lib.makeBinPath ([ + ] ++ lib.optionals stdenv.isLinux [ + runc + crun + conmon + slirp4netns + fuse-overlayfs + util-linux + iptables + iproute2 + ] ++ extraPackages); + + helpersBin = symlinkJoin { + name = "${podman-unwrapped.pname}-helper-binary-wrapper-${podman-unwrapped.version}"; + + # this only works for some binaries, others may need to be be added to `binPath` or in the modules + paths = [ + gvproxy + ] ++ lib.optionals stdenv.isLinux [ + aardvark-dns + catatonit # added here for the pause image and also set in `containersConf` for `init_path` + netavark + podman-unwrapped.rootlessport + ]; + }; + +in runCommand podman-unwrapped.name { + name = "${podman-unwrapped.pname}-wrapper-${podman-unwrapped.version}"; + inherit (podman-unwrapped) pname version passthru; + + preferLocalBuild = true; + + meta = builtins.removeAttrs podman-unwrapped.meta [ "outputsToInstall" ]; + + outputs = [ + "out" + "man" + ]; + + nativeBuildInputs = [ + makeWrapper + ]; + +} '' + ln -s ${podman-unwrapped.man} $man + + mkdir -p $out/bin + ln -s ${podman-unwrapped}/etc $out/etc + ln -s ${podman-unwrapped}/lib $out/lib + ln -s ${podman-unwrapped}/share $out/share + makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \ + --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \ + --prefix PATH : ${lib.escapeShellArg binPath} +'' diff --git a/pkgs/data/fonts/nasin-nanpa/default.nix b/pkgs/data/fonts/nasin-nanpa/default.nix new file mode 100644 index 000000000000..cd05c667a248 --- /dev/null +++ b/pkgs/data/fonts/nasin-nanpa/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenvNoCC, fetchurl }: + +stdenvNoCC.mkDerivation rec { + pname = "nasin-nanpa"; + version = "2.5.1"; + + srcs = [ + (fetchurl { + name = "nasin-nanpa.otf"; + url = "https://github.com/ETBCOR/nasin-nanpa/releases/download/n${version}/nasin-nanpa-${version}.otf"; + hash = "sha256-++uOrqFzQ6CB/OPEmBivpjMfAtFk3PSsCNpFBjOtGEg="; + }) + (fetchurl { + name = "nasin-nanpa-lasina-kin.otf"; + url = "https://github.com/ETBCOR/nasin-nanpa/releases/download/n${version}/nasin-nanpa-${version}-lasina-kin.otf"; + hash = "sha256-4WIX74y2O4NaKi/JQrgTbOxlKDQKJ/F9wkQuoOdWuTI="; + }) + ]; + + dontUnpack = true; + + installPhase = '' + mkdir -p $out/share/fonts/opentype + for src in $srcs; do + file=$(stripHash $src) + cp $src $out/share/fonts/opentype/$file + done + ''; + + meta = with lib; { + homepage = "https://github.com/ETBCOR/nasin-nanpa"; + description = "UCSUR OpenType monospaced font for the Toki Pona writing system, Sitelen Pona"; + longDescription = '' + ni li nasin pi sitelen pona. + sitelen ale pi nasin ni li sama mute weka. + sitelen pi nasin ni li lon nasin UCSUR kin. + ''; + license = licenses.mit; + platforms = platforms.all; + maintainers = with maintainers; [ somasis ]; + }; +} diff --git a/pkgs/data/icons/numix-icon-theme-square/default.nix b/pkgs/data/icons/numix-icon-theme-square/default.nix index b1a90ba1085f..f3503a9f5f07 100644 --- a/pkgs/data/icons/numix-icon-theme-square/default.nix +++ b/pkgs/data/icons/numix-icon-theme-square/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "numix-icon-theme-square"; - version = "23.02.05"; + version = "23.02.16"; src = fetchFromGitHub { owner = "numixproject"; repo = pname; rev = version; - sha256 = "sha256-FZt/3RugPHjanlxKjITSpaIb5RoKzI9mJvmPn7CNqS4="; + sha256 = "sha256-z9LHSfhCTeHsf4XtPJeOqOqfKHHz0B7n2hciIpCQ9H4="; }; nativeBuildInputs = [ gtk3 ]; diff --git a/pkgs/development/compilers/zig/0.10.nix b/pkgs/development/compilers/zig/0.10.nix index 6d41b63f03b2..966be329befc 100644 --- a/pkgs/development/compilers/zig/0.10.nix +++ b/pkgs/development/compilers/zig/0.10.nix @@ -47,6 +47,8 @@ stdenv.mkDerivation rec { cmakeFlags = [ # file RPATH_CHANGE could not write new RPATH "-DCMAKE_SKIP_BUILD_RPATH=ON" + + # ensure determinism in the compiler build "-DZIG_TARGET_MCPU=baseline" ]; diff --git a/pkgs/development/compilers/zig/0.9.1.nix b/pkgs/development/compilers/zig/0.9.1.nix index e7c62a4cf938..637186f686e9 100644 --- a/pkgs/development/compilers/zig/0.9.1.nix +++ b/pkgs/development/compilers/zig/0.9.1.nix @@ -62,6 +62,9 @@ stdenv.mkDerivation rec { cmakeFlags = [ # file RPATH_CHANGE could not write new RPATH "-DCMAKE_SKIP_BUILD_RPATH=ON" + + # ensure determinism in the compiler build + "-DZIG_TARGET_MCPU=baseline" ]; doCheck = true; diff --git a/pkgs/development/libraries/tl-expected/default.nix b/pkgs/development/libraries/tl-expected/default.nix index c7cb92440ee8..79af37f58e6f 100644 --- a/pkgs/development/libraries/tl-expected/default.nix +++ b/pkgs/development/libraries/tl-expected/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "tl-expected-unstable"; - version = "2019-11-11"; # 5 commits ahead of version 1.0.0 + version = "2023-02-15"; # 37 commits ahead of version 1.0.0 src = fetchFromGitHub { owner = "TartanLlama"; repo = "expected"; - rev = "1d9c5d8c0da84b8ddc54bd3d90d632eec95c1f13"; + rev = "9d812f5e3b5bc68023f6e31d29489cdcaacef606"; fetchSubmodules = true; - sha256 = "0rzfn9yyg70zwpxbmv22qy0015baymi2rdd65ixmcb31fgnap68i"; + hash = "sha256-ZokcGQgHH37nmTMLmxFcun4S1RjXuXb9NfWHet8Fbc4="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/python-modules/canonicaljson/default.nix b/pkgs/development/python-modules/canonicaljson/default.nix index 46ceee80c0f5..0787d4d09718 100644 --- a/pkgs/development/python-modules/canonicaljson/default.nix +++ b/pkgs/development/python-modules/canonicaljson/default.nix @@ -10,14 +10,14 @@ buildPythonPackage rec { pname = "canonicaljson"; - version = "1.6.4"; + version = "1.6.5"; format = "pyproject"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-bAmyEZUR8w6xEmz82XOhCCTiDxz9JQOc3j0SGN2cjY8="; + hash = "sha256-aN/BV7AR4H2Uv3S11MzAGVhYTtlC2d/V/dcGYJ6BzUs="; }; nativeBuildInputs = [ @@ -49,6 +49,7 @@ buildPythonPackage rec { meta = with lib; { description = "Encodes objects and arrays as RFC 7159 JSON"; homepage = "https://github.com/matrix-org/python-canonicaljson"; + changelog = "https://github.com/matrix-org/python-canonicaljson/blob/v${version}/CHANGES.md"; license = licenses.asl20; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/development/python-modules/gdtoolkit/default.nix b/pkgs/development/python-modules/gdtoolkit/default.nix deleted file mode 100644 index 5323e12e4c55..000000000000 --- a/pkgs/development/python-modules/gdtoolkit/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ lib, buildPythonPackage, fetchFromGitHub, pythonOlder, lark, docopt, pyyaml, setuptools }: - -let lark080 = lark.overrideAttrs (old: rec { - # gdtoolkit needs exactly this lark version - version = "0.8.0"; - src = fetchFromGitHub { - owner = "lark-parser"; - repo = "lark"; - rev = version; - sha256 = "su7kToZ05OESwRCMPG6Z+XlFUvbEb3d8DgsTEcPJMg4="; - }; -}); - -in -buildPythonPackage rec { - pname = "gdtoolkit"; - version = "3.3.1"; - - propagatedBuildInputs = [ - lark080 - docopt - pyyaml - setuptools - ]; - - # If we try to get using fetchPypi it requires GeoIP (but the package dont has that dep!?) - src = fetchFromGitHub { - owner = "Scony"; - repo = "godot-gdscript-toolkit"; - rev = version; - sha256 = "13nnpwy550jf5qnm9ixpxl1bwfnhhbiys8vqfd25g3aim4bm3gnn"; - }; - - disabled = pythonOlder "3.7"; - - # Tests cannot be run because they need network to install additional dependencies using pip and tox - doCheck = false; - pythonImportsCheck = [ "gdtoolkit" "gdtoolkit.formatter" "gdtoolkit.linter" "gdtoolkit.parser" ]; - - meta = with lib; { - description = "Independent set of tools for working with Godot's GDScript - parser, linter and formatter"; - homepage = "https://github.com/Scony/godot-gdscript-toolkit"; - license = licenses.mit; - maintainers = with maintainers; [ shiryel ]; - }; -} diff --git a/pkgs/development/python-modules/leb128/default.nix b/pkgs/development/python-modules/leb128/default.nix index 6ba2330eb56a..aada84c73654 100644 --- a/pkgs/development/python-modules/leb128/default.nix +++ b/pkgs/development/python-modules/leb128/default.nix @@ -2,14 +2,14 @@ buildPythonPackage rec { pname = "leb128"; - version = "1.0.4"; + version = "1.0.5"; # fetchPypi doesn't include files required for tests src = fetchFromGitHub { owner = "mohanson"; repo = "leb128"; - rev = "v${version}"; - sha256 = "040l6fxyzqal841kirf783kk1840gcy1gjd374jfr46v96qc8scm"; + rev = "refs/tags/v${version}"; + sha256 = "sha256-zK14LPziBkvXAMzuPbcg/47caO/5GEYA9txAzCGfpS8="; }; nativeCheckInputs = [ pytestCheckHook ]; diff --git a/pkgs/development/python-modules/playwright/default.nix b/pkgs/development/python-modules/playwright/default.nix index e57655c2227c..741b655df868 100644 --- a/pkgs/development/python-modules/playwright/default.nix +++ b/pkgs/development/python-modules/playwright/default.nix @@ -223,5 +223,6 @@ buildPythonPackage rec { homepage = "https://github.com/microsoft/playwright-python"; license = licenses.asl20; maintainers = with maintainers; [ techknowlogick yrd SuperSandro2000 ]; + platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; }; } diff --git a/pkgs/development/python-modules/pynobo/default.nix b/pkgs/development/python-modules/pynobo/default.nix index 97b3f2c5be59..1be7a78c44f3 100644 --- a/pkgs/development/python-modules/pynobo/default.nix +++ b/pkgs/development/python-modules/pynobo/default.nix @@ -6,7 +6,7 @@ buildPythonPackage rec { pname = "pynobo"; - version = "1.6.0"; + version = "1.6.1"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -15,7 +15,7 @@ buildPythonPackage rec { owner = "echoromeo"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-YbQfdOLO1gs7+oiwe4rDmmD1o7MG+vma5xPlrtNZ00M="; + hash = "sha256-T86d3HGu6hsc54+ocCbINsInH/qHL9+HhOXDQ0I8QGA="; }; # Project has no tests @@ -28,6 +28,7 @@ buildPythonPackage rec { meta = with lib; { description = "Python TCP/IP interface for Nobo Hub/Nobo Energy Control devices"; homepage = "https://github.com/echoromeo/pynobo"; + changelog = "https://github.com/echoromeo/pynobo/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/development/python-modules/requests-pkcs12/default.nix b/pkgs/development/python-modules/requests-pkcs12/default.nix index fcc4db1fbf0f..96b64a5be236 100644 --- a/pkgs/development/python-modules/requests-pkcs12/default.nix +++ b/pkgs/development/python-modules/requests-pkcs12/default.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "requests-pkcs12"; - version = "1.14"; + version = "1.15"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -17,7 +17,7 @@ buildPythonPackage rec { owner = "m-click"; repo = "requests_pkcs12"; rev = version; - hash = "sha256-LZgKjSas0KdJAf4leSVz8sEnRrlJ20Sm9Ka+S5zDOTM="; + hash = "sha256-xk8+oERonZWzxKEmZutfvovzVOz9ZP5O83cMDTz9i3Y="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/types-python-dateutil/default.nix b/pkgs/development/python-modules/types-python-dateutil/default.nix index e671b91bb979..81f56cd8040a 100644 --- a/pkgs/development/python-modules/types-python-dateutil/default.nix +++ b/pkgs/development/python-modules/types-python-dateutil/default.nix @@ -5,12 +5,12 @@ buildPythonPackage rec { pname = "types-python-dateutil"; - version = "2.8.19.6"; + version = "2.8.19.7"; format = "setuptools"; src = fetchPypi { inherit pname version; - hash = "sha256-Sm9MwZzkuhoIZwhx4pe/OAL1XU8SnmqiRD9UC2z4A9I="; + hash = "sha256-evWl0bgKsd+guk2Hn6yzgug2piwtQIwqUJvkaA/Yscg="; }; # Modules doesn't have tests diff --git a/pkgs/development/python-modules/types-requests/default.nix b/pkgs/development/python-modules/types-requests/default.nix index 1d22826b6eea..a3b6c33d9de3 100644 --- a/pkgs/development/python-modules/types-requests/default.nix +++ b/pkgs/development/python-modules/types-requests/default.nix @@ -6,12 +6,12 @@ buildPythonPackage rec { pname = "types-requests"; - version = "2.28.11.12"; + version = "2.28.11.13"; format = "setuptools"; src = fetchPypi { inherit pname version; - sha256 = "sha256-/VMKqz/E8F7jZAavFo8INubwDx7lGguWtzEfgstnUjA="; + sha256 = "sha256-P9MyhC6HWepffrd4nfiqdyuhVSFszxDvSqOw5bQuG0Y="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/tools/faas-cli/default.nix b/pkgs/development/tools/faas-cli/default.nix index 55fa760475d9..12eccd200ab6 100644 --- a/pkgs/development/tools/faas-cli/default.nix +++ b/pkgs/development/tools/faas-cli/default.nix @@ -18,13 +18,13 @@ let in buildGoModule rec { pname = "faas-cli"; - version = "0.15.4"; + version = "0.15.9"; src = fetchFromGitHub { owner = "openfaas"; repo = "faas-cli"; rev = version; - sha256 = "sha256-Dj4Wli1z4X8FgnthjPszC/h4EIeFiMO/YB5Rlkis5f8="; + sha256 = "sha256-DudZOIwpsa7VaOQMJ2P/mfWHWYwESNhDfIUbtMV5Es0="; }; vendorSha256 = null; diff --git a/pkgs/development/tools/gdtoolkit/default.nix b/pkgs/development/tools/gdtoolkit/default.nix new file mode 100644 index 000000000000..67d98e0aa36b --- /dev/null +++ b/pkgs/development/tools/gdtoolkit/default.nix @@ -0,0 +1,84 @@ +{ lib +, python3Packages +, fetchFromGitHub +, godot-server +}: + +let lark080 = python3Packages.lark.overrideAttrs (old: rec { + # gdtoolkit needs exactly this lark version + version = "0.8.0"; + src = fetchFromGitHub { + owner = "lark-parser"; + repo = "lark"; + rev = version; + hash = "sha256-KN9buVlH8hJ8t0ZP5yefeYM5vH5Gg7a7TEDGKJYpozs="; + fetchSubmodules = true; + }; +}); + +in +python3Packages.buildPythonApplication rec { + pname = "gdtoolkit"; + version = "3.3.1"; + + # If we try to get using fetchPypi it requires GeoIP (but the package dont has that dep!?) + src = fetchFromGitHub { + owner = "Scony"; + repo = "godot-gdscript-toolkit"; + rev = version; + sha256 = "13nnpwy550jf5qnm9ixpxl1bwfnhhbiys8vqfd25g3aim4bm3gnn"; + }; + + disabled = python3Packages.pythonOlder "3.7"; + + propagatedBuildInputs = [ lark080 + ] ++ (with python3Packages; [ + docopt + pyyaml + setuptools + ]); + + doCheck = true; + + nativeCheckInputs = with python3Packages; [ + pytestCheckHook + hypothesis + godot-server + ]; + + preCheck = + let + godotServerMajorVersion = lib.versions.major godot-server.version; + gdtoolkitMajorVersion = lib.versions.major version; + msg = '' + gdtoolkit major version ${gdtoolkitMajorVersion} does not match godot-server major version ${godotServerMajorVersion}! + gdtoolkit needs a matching godot-server for its tests. + If you see this error, you can either: + - disable doCheck for gdtoolkit, or + - provide a compatible godot-server version to gdtoolkit" + ''; + in lib.throwIf (godotServerMajorVersion != gdtoolkitMajorVersion) msg '' + # The tests want to run the installed executables + export PATH=$out/bin:$PATH + + # gdtoolkit tries to write cache variables to $HOME/.cache + export HOME=$TMP + + # Work around https://github.com/godotengine/godot/issues/20503 + # Without this, Godot will complain about a missing project file + touch project.godot + + # Remove broken test case + # (hard to skip via disabledTests since the test name contains an absolute path) + rm tests/potential-godot-bugs/multiline-subscription-expression.gd + ''; + + pythonImportsCheck = [ "gdtoolkit" "gdtoolkit.formatter" "gdtoolkit.linter" "gdtoolkit.parser" ]; + + meta = with lib; { + description = "Independent set of tools for working with Godot's GDScript - parser, linter and formatter"; + homepage = "https://github.com/Scony/godot-gdscript-toolkit"; + license = licenses.mit; + maintainers = with maintainers; [ shiryel tmarkus ]; + }; +} diff --git a/pkgs/development/tools/skopeo/default.nix b/pkgs/development/tools/skopeo/default.nix index 08bcde3ae510..f39f7510c1bf 100644 --- a/pkgs/development/tools/skopeo/default.nix +++ b/pkgs/development/tools/skopeo/default.nix @@ -12,17 +12,19 @@ , fuse-overlayfs , dockerTools , runCommand +, testers +, skopeo }: buildGoModule rec { pname = "skopeo"; - version = "1.11.0"; + version = "1.11.1"; src = fetchFromGitHub { rev = "v${version}"; owner = "containers"; repo = "skopeo"; - hash = "sha256-P556Is03BeC0Tf+kNv+Luy0KASgTXsyZ/MrPaPFUHE8="; + hash = "sha256-wTOcluPSguF6ZnKHlLelM5R2dIF9nd66qu7u/48uNyU="; }; outputs = [ "out" "man" ]; @@ -45,8 +47,7 @@ buildGoModule rec { installPhase = '' runHook preInstall - PREFIX=$out make install-binary install-completions - PREFIX=$man make install-docs + PREFIX=${placeholder "out"} make install-binary install-completions install-docs install ${passthru.policy}/default-policy.json -Dt $out/etc/containers '' + lib.optionalString stdenv.isLinux '' wrapProgram $out/bin/skopeo \ @@ -60,11 +61,15 @@ buildGoModule rec { install ${src}/default-policy.json -Dt $out ''; tests = { + version = testers.testVersion { + package = skopeo; + }; inherit (dockerTools.examples) testNixFromDockerHub; }; }; meta = with lib; { + changelog = "https://github.com/containers/skopeo/releases/tag/${src.rev}"; description = "A command line utility for various operations on container images and image repositories"; homepage = "https://github.com/containers/skopeo"; maintainers = with maintainers; [ lewo ] ++ teams.podman.members; diff --git a/pkgs/servers/prowlarr/default.nix b/pkgs/servers/prowlarr/default.nix index 31b342d833bc..12df9c02d071 100644 --- a/pkgs/servers/prowlarr/default.nix +++ b/pkgs/servers/prowlarr/default.nix @@ -16,17 +16,17 @@ let }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); hash = { - x64-linux_hash = "sha256-hKvme3saa3/GT0l6OlFjYI0RPClo5rWtVYFN/YuJSaw="; - arm64-linux_hash = "sha256-f7YIJRk1AhlfepmsQqlDFMA97QnbAAzrUtPFfbuV+QY="; - x64-osx_hash = "sha256-7nU12Y7f+fwjziUm6O+xO78IZf8EOfgmz+JibAP/xk8="; + x64-linux_hash = "sha256-Xx2z5aiIKRNbBxBMXCTfm1VacQOLyruC6sXB/+C7knk="; + arm64-linux_hash = "sha256-r6WuQhydSRZmsH1hp51gGcQ/7ZruxbEMrbrFps2nmcw="; + x64-osx_hash = "sha256-F8bE4lXcqyBVZhgYcQKPrza9cphCuC5j7968jL6qgxM="; }."${arch}-${os}_hash"; in stdenv.mkDerivation rec { pname = "prowlarr"; - version = "1.1.3.2521"; + version = "1.2.0.2583"; src = fetchurl { - url = "https://github.com/Prowlarr/Prowlarr/releases/download/v${version}/Prowlarr.master.${version}.${os}-core-${arch}.tar.gz"; + url = "https://github.com/Prowlarr/Prowlarr/releases/download/v${version}/Prowlarr.develop.${version}.${os}-core-${arch}.tar.gz"; sha256 = hash; }; diff --git a/pkgs/servers/prowlarr/update.sh b/pkgs/servers/prowlarr/update.sh index 2d21f724408d..d61edda5a0a3 100755 --- a/pkgs/servers/prowlarr/update.sh +++ b/pkgs/servers/prowlarr/update.sh @@ -13,7 +13,7 @@ updateHash() hashKey="${arch}-${os}_hash" - url="https://github.com/Prowlarr/Prowlarr/releases/download/v$version/Prowlarr.master.$version.$os-core-$arch.tar.gz" + url="https://github.com/Prowlarr/Prowlarr/releases/download/v$version/Prowlarr.develop.$version.$os-core-$arch.tar.gz" hash=$(nix-prefetch-url --type sha256 $url) sriHash="$(nix hash to-sri --type sha256 $hash)" diff --git a/pkgs/servers/redpanda/base64.nix b/pkgs/servers/redpanda/base64.nix new file mode 100644 index 000000000000..305456c55ccf --- /dev/null +++ b/pkgs/servers/redpanda/base64.nix @@ -0,0 +1,26 @@ +{ clangStdenv +, cmake +, fetchFromGitHub +, lib +}: +let + pname = "base64"; + version = "0.5.0"; +in +clangStdenv.mkDerivation { + inherit pname version; + src = fetchFromGitHub { + owner = "aklomp"; + repo = "base64"; + rev = "v${version}"; + sha256 = "sha256-2HNI9ycT9f+NLwLElEuR61qmTguOsI+kNxv01ipxSqQ="; + }; + nativeBuildInputs = [ cmake ]; + meta = with lib; { + description = "Fast Base64 stream encoder/decoder in C99, with SIMD acceleration"; + license = licenses.bsd2; + homepage = "https://github.com/aklomp/base64"; + maintainers = with maintainers; [ avakhrenev ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/servers/redpanda/default.nix b/pkgs/servers/redpanda/default.nix index e2a265c0f5ef..c59aa621cc4d 100644 --- a/pkgs/servers/redpanda/default.nix +++ b/pkgs/servers/redpanda/default.nix @@ -1,48 +1,52 @@ -{ lib, stdenv, fetchzip }: - +{ buildGoModule +, callPackage +, doCheck ? !stdenv.isDarwin # Can't start localhost test server in MacOS sandbox. +, fetchFromGitHub +, installShellFiles +, lib +, stdenv +}: let - version = "22.3.11"; - platform = if stdenv.isLinux then "linux" else "darwin"; - arch = if stdenv.isAarch64 then "arm" else "amd"; - sha256s = { - darwin.amd = "sha256-kwAKxFg7BSNInvsQvFqgtpq8EEwSnmDeDyaF5b8L8SQ="; - darwin.arm = "sha256-kH5Ii672SeAIiRcWuAO3oVJVSBWp+r78RmTiR3BaDbg="; - linux.amd = "sha256-EKgkRKBrM4+X2YGoP2LpWRHL+fdHu44LYwCZ+O+c5ZY="; - linux.arm = "sha256-9b4oerRXjUVUYoswJWtnMBJSQDoCKClf673VjDQFUAw="; - }; -in stdenv.mkDerivation rec { - pname = "redpanda"; - inherit version; - - src = fetchzip { - url = "https://github.com/redpanda-data/redpanda/releases/download/v${version}/rpk-${platform}-${arch}64.zip"; - sha256 = sha256s.${platform}.${arch}; + version = "22.3.13"; + src = fetchFromGitHub { + owner = "redpanda-data"; + repo = "redpanda"; + rev = "v${version}"; + sha256 = "sha256-cUQFDXWnQYSLcfKFYg6BLrxF77iX+Yx3hcul4tMxdoc="; }; - - installPhase = '' - runHook preInstall - - mkdir -p $out/bin - cp rpk $out/bin - - ${lib.optionalString stdenv.isLinux '' - patchelf \ - --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ - $out/bin/rpk - ''} - - runHook postInstall + server = callPackage ./server.nix { inherit src version; }; +in +buildGoModule rec { + pname = "redpanda-rpk"; + inherit doCheck src version; + modRoot = "./src/go/rpk"; + runVend = false; + vendorSha256 = "sha256-JVZuHRh3gavIGArxDkqUQsL5oBjz35EKGsC75Sy+cMo="; + + ldflags = [ + ''-X "github.com/redpanda-data/redpanda/src/go/rpk/pkg/cli/cmd/version.version=${version}"'' + ''-X "github.com/redpanda-data/redpanda/src/go/rpk/pkg/cli/cmd/version.rev=v${version}"'' + ''-X "github.com/redpanda-data/redpanda/src/go/rpk/pkg/cli/cmd/container/common.tag=v${version}"'' + ]; + + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + for shell in bash fish zsh; do + $out/bin/rpk generate shell-completion $shell > rpk.$shell + installShellCompletion rpk.$shell + done ''; - # stripping somehow completely breaks it - dontStrip = true; + passthru = { + inherit server; + }; meta = with lib; { - description = "Redpanda is a streaming data platform for developers. Kafka API compatible. 10x faster. No ZooKeeper. No JVM! "; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - license = licenses.bsl11; + description = "Redpanda client"; homepage = "https://redpanda.com/"; - maintainers = with maintainers; [ happysalada ]; + license = licenses.bsl11; + maintainers = with maintainers; [ avakhrenev happysalada ]; platforms = platforms.all; }; } diff --git a/pkgs/servers/redpanda/hdr-histogram.nix b/pkgs/servers/redpanda/hdr-histogram.nix new file mode 100644 index 000000000000..91000649e130 --- /dev/null +++ b/pkgs/servers/redpanda/hdr-histogram.nix @@ -0,0 +1,28 @@ +{ clangStdenv +, cmake +, fetchFromGitHub +, lib +, zlib +}: +let + pname = "HdrHistogram_c"; + version = "0.11.5"; +in +clangStdenv.mkDerivation { + inherit pname version; + src = fetchFromGitHub { + owner = "HdrHistogram"; + repo = "HdrHistogram_c"; + rev = version; + sha256 = "sha256-29if+0H8wdpQBN48lt0ylGgtUCv/tJYZnG5LzcIqXDs="; + }; + nativeBuildInputs = [ cmake ]; + buildInputs = [ zlib ]; + meta = with lib; { + description = "C port of the HdrHistogram"; + license = licenses.bsd2; + homepage = "https://github.com/HdrHistogram/HdrHistogram_c"; + maintainers = with maintainers; [ avakhrenev ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/servers/redpanda/rapidjson.nix b/pkgs/servers/redpanda/rapidjson.nix new file mode 100644 index 000000000000..99ada8c05f88 --- /dev/null +++ b/pkgs/servers/redpanda/rapidjson.nix @@ -0,0 +1,32 @@ +# rapidjson used in nixpkgs is too old. Although it is technically a latest release, it was made in 2016. +# Redpanda uses its own version +{ clangStdenv +, cmake +, fetchFromGitHub +, lib +, pkg-config +}: + +clangStdenv.mkDerivation rec { + pname = "rapidjson"; + version = "1.1.1"; + + src = fetchFromGitHub { + owner = "redpanda-data"; + repo = "rapidjson"; + rev = "27c3a8dc0e2c9218fe94986d249a12b5ed838f1d"; + sha256 = "sha256-wggyCL5uEsnJDxkYAUsXOjoO1MNQBGB05E6aSpsNcl0="; + }; + + nativeBuildInputs = [ pkg-config cmake ]; + + doCheck = false; + + meta = with lib; { + description = "Fast JSON parser/generator for C++ with both SAX/DOM style API"; + homepage = "http://rapidjson.org/"; + maintainers = with maintainers; [ avakhrenev ]; + license = licenses.mit; + platforms = platforms.unix; + }; +} diff --git a/pkgs/servers/redpanda/redpanda.patch b/pkgs/servers/redpanda/redpanda.patch new file mode 100644 index 000000000000..c3ee76d3c9ae --- /dev/null +++ b/pkgs/servers/redpanda/redpanda.patch @@ -0,0 +1,73 @@ +diff --git a/cmake/main.cmake b/cmake/main.cmake +index 8c60c4214..194f33a21 100644 +--- a/cmake/main.cmake ++++ b/cmake/main.cmake +@@ -15,15 +15,6 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON) + set(CMAKE_UNITY_BUILD_BATCH_SIZE 10) + set(CMAKE_CXX_EXTENSIONS OFF) + set(CMAKE_POSITION_INDEPENDENT_CODE ON) +-list(APPEND BASE_LD_FLAGS_LIST +- -L${REDPANDA_DEPS_INSTALL_DIR}/lib +- -L${REDPANDA_DEPS_INSTALL_DIR}/lib64 +- -fuse-ld=lld) +-set(PKG_CONFIG_PATH_LIST +- ${REDPANDA_DEPS_INSTALL_DIR}/lib64/pkgconfig +- ${REDPANDA_DEPS_INSTALL_DIR}/share/pkgconfig +- ${REDPANDA_DEPS_INSTALL_DIR}/lib/pkgconfig +- ) + + list(APPEND BASE_CXX_FLAGS_LIST -fPIC) + list(APPEND BASE_C_FLAGS_LIST -fPIC) +diff --git a/cmake/testing.cmake b/cmake/testing.cmake +index 7f149dc82..7c57aa3dd 100644 +--- a/cmake/testing.cmake ++++ b/cmake/testing.cmake +@@ -24,6 +24,7 @@ message(STATUS "RP_ENABLE_BENCHMARK_TESTS=${RP_ENABLE_BENCHMARK_TESTS}") + message(STATUS "RP_ENABLE_HONEY_BADGER_TESTS=${RP_ENABLE_HONEY_BADGER_TESTS}") + + function (rp_test) ++ return() + set(options + INTEGRATION_TEST UNIT_TEST BENCHMARK_TEST HBADGER_TEST) + set(oneValueArgs BINARY_NAME TIMEOUT PREPARE_COMMAND POST_COMMAND) +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index eecd145ed..b9efa89b5 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -5,4 +5,5 @@ find_package(Boost REQUIRED + unit_test_framework) + find_package(absl REQUIRED) + add_subdirectory(v) +-add_subdirectory(go/kreq-gen) ++# Don't build kafka-request-generator, it is needed only for tests ++# add_subdirectory(go/kreq-gen) +diff --git a/src/v/CMakeLists.txt b/src/v/CMakeLists.txt +index 075da485e..af7ede2bc 100644 +--- a/src/v/CMakeLists.txt ++++ b/src/v/CMakeLists.txt +@@ -58,7 +58,9 @@ else() + if(${ENABLE_GIT_HASH}) + message(FATAL_ERROR "ENABLE_GIT_HASH cannot be 'on' when ENABLE_GIT_VERSION is 'off'") + endif() +- set(GIT_VER "no_version") ++ if(NOT GIT_VER) ++ set(GIT_VER "no_version") ++ endif() + endif() + + if(${ENABLE_GIT_HASH}) +@@ -71,8 +73,12 @@ if(${ENABLE_GIT_HASH}) + set(GIT_CLEAN_DIRTY "") + endif() + else() +- set(GIT_SHA1 "000") +- set(GIT_CLEAN_DIRTY "-dev") ++ if(NOT GIT_SHA1) ++ set(GIT_SHA1 "000") ++ endif() ++ if(NOT GIT_CLEAN_DIRTY) ++ set(GIT_CLEAN_DIRTY "-dev") ++ endif() + endif() + + configure_file(version.h.in version.h @ONLY) diff --git a/pkgs/servers/redpanda/seastar-fixes.patch b/pkgs/servers/redpanda/seastar-fixes.patch new file mode 100644 index 000000000000..c6b12b88c149 --- /dev/null +++ b/pkgs/servers/redpanda/seastar-fixes.patch @@ -0,0 +1,13 @@ +diff --git a/include/seastar/core/std-coroutine.hh b/include/seastar/core/std-coroutine.hh +index ea364bee..57474529 100644 +--- a/include/seastar/core/std-coroutine.hh ++++ b/include/seastar/core/std-coroutine.hh +@@ -87,7 +87,7 @@ class coroutine_handle<void> { + + explicit operator bool() const noexcept { return _pointer; } + +- static coroutine_handle from_address(void* ptr) noexcept { ++ static constexpr coroutine_handle from_address(void* ptr) noexcept { + coroutine_handle hndl; + hndl._pointer = ptr; + return hndl; diff --git a/pkgs/servers/redpanda/seastar.nix b/pkgs/servers/redpanda/seastar.nix new file mode 100644 index 000000000000..3c7120e6c876 --- /dev/null +++ b/pkgs/servers/redpanda/seastar.nix @@ -0,0 +1,84 @@ +{ boost175 +, c-ares +, cmake +, cryptopp +, fetchFromGitHub +, fmt_8 +, gnutls +, hwloc +, lib +, libsystemtap +, libtasn1 +, liburing +, libxfs +, lksctp-tools +, llvmPackages_14 +, lz4 +, ninja +, numactl +, openssl +, pkg-config +, python3 +, ragel +, valgrind +, yaml-cpp +}: +let + pname = "seastar"; + version = "22.11.0"; +in +llvmPackages_14.stdenv.mkDerivation { + inherit pname version; + strictDeps = true; + src = fetchFromGitHub { + owner = "redpanda-data"; + repo = "seastar"; + rev = "30d3a28bde08d2228b4e560c173b89fdd94c3f05"; + sha256 = "sha256-Xzu7AJMkvE++BGEqluod3fwMEIpDnbCczmlEad0/4v4="; + }; + nativeBuildInputs = [ + cmake + ninja + openssl + pkg-config + python3 + ragel + ]; + buildInputs = [ + libsystemtap + libxfs + ]; + propagatedBuildInputs = [ + boost175 + c-ares + gnutls + cryptopp + fmt_8 + hwloc + libtasn1 + liburing + lksctp-tools + lz4 + numactl + valgrind + yaml-cpp + ]; + patches = [ + ./seastar-fixes.patch + ]; + postPatch = '' + patchShebangs ./scripts/seastar-json2code.py + ''; + cmakeFlags = [ + "-DSeastar_EXCLUDE_DEMOS_FROM_ALL=ON" + "-DSeastar_EXCLUDE_TESTS_FROM_ALL=ON" + ]; + doCheck = false; + meta = with lib; { + description = "High performance server-side application framework."; + license = licenses.asl20; + homepage = "https://seastar.io/"; + maintainers = with maintainers; [ avakhrenev ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/servers/redpanda/server.nix b/pkgs/servers/redpanda/server.nix new file mode 100644 index 000000000000..9cb050eb5f45 --- /dev/null +++ b/pkgs/servers/redpanda/server.nix @@ -0,0 +1,123 @@ +{ abseil-cpp +, avro-cpp +, callPackage +, ccache +, cmake +, crc32c +, croaring +, ctre +, curl +, dpdk +, git +, lib +, llvmPackages_14 +, llvm_14 +, ninja +, p11-kit +, pkg-config +, procps +, protobuf3_21 +, python3 +, snappy +, src +, unzip +, version +, writeShellScriptBin +, xxHash +, zip +, zstd +}: +let + pname = "redpanda"; + pythonPackages = p: with p; [ jinja2 ]; + seastar = callPackage ./seastar.nix { }; + base64 = callPackage ./base64.nix { }; + hdr-histogram = callPackage ./hdr-histogram.nix { }; + kafka-codegen-venv = python3.withPackages (ps: [ + ps.jinja2 + ps.jsonschema + ]); + rapidjson = callPackage ./rapidjson.nix { }; +in +llvmPackages_14.stdenv.mkDerivation rec { + inherit pname version src; + + preConfigure = '' + # setup sccache + export CCACHE_DIR=$TMPDIR/sccache-redpanda + mkdir -p $CCACHE_DIR + ''; + patches = [ + ./redpanda.patch + ]; + postPatch = '' + # Fix 'error: use of undeclared identifier 'roaring'; did you mean 'Roaring + # qualified reference to 'Roaring' is a constructor name rather than a type in this context' + substituteInPlace \ + ./src/v/storage/compacted_offset_list.h \ + ./src/v/storage/compaction_reducers.cc \ + ./src/v/storage/compaction_reducers.h \ + ./src/v/storage/segment_utils.h \ + ./src/v/storage/segment_utils.cc \ + --replace 'roaring::Roaring' 'Roaring' + + patchShebangs ./src/v/rpc/rpc_compiler.py + ''; + + doCheck = false; + + nativeBuildInputs = [ + (python3.withPackages pythonPackages) + (writeShellScriptBin "kafka-codegen-venv" "exec -a $0 ${kafka-codegen-venv}/bin/python3 $@") + ccache + cmake + curl + git + llvm_14 + ninja + pkg-config + procps + seastar + unzip + zip + ]; + + cmakeFlags = [ + "-DREDPANDA_DEPS_SKIP_BUILD=ON" + "-DRP_ENABLE_TESTS=OFF" + "-Wno-dev" + "-DGIT_VER=${version}" + "-DGIT_CLEAN_DIRTY=\"\"" + ]; + + buildInputs = [ + abseil-cpp + avro-cpp + base64 + crc32c + croaring + ctre + dpdk + hdr-histogram + p11-kit + protobuf3_21 + rapidjson + seastar + snappy + xxHash + zstd + ]; + + meta = with lib; { + description = "Kafka-compatible streaming platform."; + license = licenses.bsl11; + longDescription = '' + Redpanda is a Kafka-compatible streaming data platform that is + proven to be 10x faster and 6x lower in total costs. It is also JVM-free, + ZooKeeper-free, Jepsen-tested and source available. + ''; + homepage = "https://redpanda.com/"; + maintainers = with maintainers; [ avakhrenev happysalada ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/servers/teleport/default.nix b/pkgs/servers/teleport/default.nix index 9025c9151bb7..52c21cb63674 100644 --- a/pkgs/servers/teleport/default.nix +++ b/pkgs/servers/teleport/default.nix @@ -2,17 +2,21 @@ , buildGoModule , rustPlatform , fetchFromGitHub +, fetchYarnDeps , makeWrapper , symlinkJoin , CoreFoundation , AppKit , libfido2 +, nodejs , openssl , pkg-config , protobuf , Security , stdenv , xdg-utils +, yarn +, yarn2nix-moretea , nixosTests , withRdpClient ? true @@ -23,13 +27,13 @@ let owner = "gravitational"; repo = "teleport"; rev = "v${version}"; - hash = "sha256-dr+tmWVO7yXRLTvJZoFZzayRWETa8wC/aZ7S/vh8qyk="; + hash = "sha256-jJfOgcwKkNFO/5XHxMoapZxM8Tb0kEgKVA7SrMU7uW4="; }; - version = "11.2.3"; + version = "11.3.4"; rdpClient = rustPlatform.buildRustPackage rec { pname = "teleport-rdpclient"; - cargoHash = "sha256-8NTzX9HeGg9U3bmiZHXHTcKnbJk55YfY2bkjilEyg0g="; + cargoHash = "sha256-TSIwLCY01ygCWT73LR/Ch7NwPQA3a3r0PyL3hUzBNr4="; inherit version src; buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient"; @@ -50,19 +54,49 @@ let ''; }; - webassets = fetchFromGitHub { - owner = "gravitational"; - repo = "webassets"; - # Submodule rev from https://github.com/gravitational/teleport/tree/v11.2.3 - rev = "cbddcfda9d5ccba11f02ee61bd305c1f600ee6b0"; - hash = "sha256-XPcQaMyf6kEj5RDRKjNO5b+n1zj/TpBHcDnGhYVUbts="; + yarnOfflineCache = fetchYarnDeps { + yarnLock = "${src}/yarn.lock"; + hash = "sha256-MAGeWzA366yzpjdCY0+X6RV5MKcsHa/xD5CJu6ce1FU="; + }; + + webassets = stdenv.mkDerivation { + pname = "teleport-webassets"; + inherit src version; + + nativeBuildInputs = [ + nodejs + yarn + yarn2nix-moretea.fixup_yarn_lock + ]; + + configurePhase = '' + export HOME=$(mktemp -d) + ''; + + buildPhase = '' + yarn config --offline set yarn-offline-mirror ${yarnOfflineCache} + fixup_yarn_lock yarn.lock + + yarn install --offline \ + --frozen-lockfile \ + --ignore-engines --ignore-scripts + patchShebangs . + + yarn build-ui-oss + ''; + + installPhase = '' + mkdir -p $out + cp -R webassets/. $out + ''; }; in buildGoModule rec { pname = "teleport"; inherit src version; - vendorHash = "sha256-rWdRVOaPPK2oXK6fXka4FtuxEkaQf4igm7xlg0wauMs="; + vendorHash = "sha256-NkiFLEHBNjxUOSuAlVugAV14yCCo3z6yhX7LZQFKhvA="; + proxyVendor = true; subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ]; tags = [ "libfido2" "webassets_embed" ] @@ -85,10 +119,7 @@ buildGoModule rec { outputs = [ "out" "client" ]; preBuild = '' - mkdir -p build - echo "making webassets" - cp -r ${webassets}/* webassets/ - make -j$NIX_BUILD_CORES lib/web/build/webassets + cp -r ${webassets} webassets '' + lib.optionalString withRdpClient '' ln -s ${rdpClient}/lib/* lib/ ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/ diff --git a/pkgs/shells/nix-your-shell/default.nix b/pkgs/shells/nix-your-shell/default.nix index 98125cd4b41d..e957fdba7525 100644 --- a/pkgs/shells/nix-your-shell/default.nix +++ b/pkgs/shells/nix-your-shell/default.nix @@ -5,16 +5,16 @@ }: rustPlatform.buildRustPackage rec { pname = "nix-your-shell"; - version = "1.0.2"; + version = "1.1.0"; src = fetchFromGitHub { owner = "MercuryTechnologies"; repo = pname; rev = "v${version}"; - sha256 = "sha256-W3MeApvqO3hBaHWu6vyrR6pniEMMKiXTAQ0bhUPbpx8="; + sha256 = "sha256-MXshCRgGL2V51Pd1ms6D0Sn0mtRcxd0pWUz+zghBTdI="; }; - cargoSha256 = "sha256-M6yj4jTTWnembVX51/Xz+JtKhWJsmQ7SpipH8pHzids="; + cargoSha256 = "sha256-f1igCSdv6iMUDeCDGSxDIecjVcJQN2jbdALGMpDVepQ="; meta = with lib; { description = "A `nix` and `nix-shell` wrapper for shells other than `bash`"; diff --git a/pkgs/tools/misc/mpy-utils/default.nix b/pkgs/tools/misc/mpy-utils/default.nix new file mode 100644 index 000000000000..ea816126858b --- /dev/null +++ b/pkgs/tools/misc/mpy-utils/default.nix @@ -0,0 +1,21 @@ +{ stdenv, lib, python3, buildPythonApplication, fetchPypi, fusepy, pyserial }: + +buildPythonApplication rec { + pname = "mpy-utils"; + version = "0.1.13"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-die8hseaidhs9X7mfFvV8C8zn0uyw08gcHNqmjl+2Z4="; + }; + + propagatedBuildInputs = [ fusepy pyserial ]; + + meta = with lib; { + description = "MicroPython development utility programs"; + homepage = "https://github.com/nickzoic/mpy-utils"; + license = licenses.mit; + maintainers = with maintainers; [ aciceri ]; + broken = stdenv.isDarwin; + }; +} diff --git a/pkgs/tools/misc/mutagen-compose/default.nix b/pkgs/tools/misc/mutagen-compose/default.nix index 12bab29944b5..1cd914bec657 100644 --- a/pkgs/tools/misc/mutagen-compose/default.nix +++ b/pkgs/tools/misc/mutagen-compose/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "mutagen-compose"; - version = "0.16.4"; + version = "0.16.5"; src = fetchFromGitHub { owner = "mutagen-io"; repo = pname; rev = "v${version}"; - sha256 = "sha256-V+9TSzCwBITpG7j3mOyPMQN1VwYSPRFgOBPiF3LZVmk="; + sha256 = "sha256-Rn3aXwez/WUGpuRvA6lkuECchpYek8KDMh6xzZOV9v0="; }; - vendorHash = "sha256-m6XCXwns2if7Odhc2nFbXbGhif4vElrVjcBX0DULkCE="; + vendorHash = "sha256-EkLeB2zUJkKCWsJxMiYHSDgr0/8X24MT0Jp0nuYebds="; doCheck = false; diff --git a/pkgs/tools/misc/ntfy-sh/default.nix b/pkgs/tools/misc/ntfy-sh/default.nix index 232c913d4a77..0909e0059c9a 100644 --- a/pkgs/tools/misc/ntfy-sh/default.nix +++ b/pkgs/tools/misc/ntfy-sh/default.nix @@ -10,16 +10,16 @@ let in buildGoModule rec { pname = "ntfy-sh"; - version = "1.30.1"; + version = "1.31.0"; src = fetchFromGitHub { owner = "binwiederhier"; repo = "ntfy"; rev = "v${version}"; - sha256 = "sha256-MgjCfYYv4tBZHsoj9oXGKYOQb0Anp0zVD/vc+UpAiAc="; + sha256 = "sha256-SQOiVHhdwOmzWVPtr1hw9oz8G/xjz5HghYcNN/u3ITo="; }; - vendorSha256 = "sha256-8TQVpJ02EPve1OUP6RHbvwBug8larSO3BgBiCfL2614="; + vendorSha256 = "sha256-Ffmz7c/FMtXjmanZYp8vquxUu+eSTqtR5nesNdN/F0c="; doCheck = false; diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index e9e6314f2015..aa8c68382a39 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "1.0.0"; + version = "1.0.1"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - hash = "sha256-vaObuFaQLm3WB36jE6Pri+zNSH4AgqlZF4d/Kymc2G4="; + hash = "sha256-CHLcG4L/TNfo5DI/r17kGh9mroCGXQVCkIW5RjVdhu4="; }; patches = [ diff --git a/pkgs/tools/security/posteid-seed-extractor/default.nix b/pkgs/tools/security/posteid-seed-extractor/default.nix new file mode 100644 index 000000000000..176b210b3779 --- /dev/null +++ b/pkgs/tools/security/posteid-seed-extractor/default.nix @@ -0,0 +1,47 @@ +{ lib +, python3Packages +, fetchFromGitHub +}: + +python3Packages.buildPythonApplication { + pname = "posteid-seed-extractor"; + version = "unstable-2022-02-23"; + + src = fetchFromGitHub { + owner = "simone36050"; + repo = "PosteID-seed-extractor"; + rev = "667e2997a98aa3273a6bf6b4b34ca77715120e7f"; + hash = "sha256-smNwp67HYbZuMrl0uf2X2yox2JqeEV6WzIBp4dALwgw="; + }; + + format = "other"; + + pythonPath = with python3Packages; [ + certifi + cffi + charset-normalizer + cryptography + idna + jwcrypto + pycparser + pycryptodome + pyotp + qrcode + requests + urllib3 + wrapt + ]; + + installPhase = '' + runHook preInstall + install -Dm755 extractor.py $out/bin/posteid-seed-extractor + runHook postInstall + ''; + + meta = with lib; { + homepage = "https://github.com/simone36050/PosteID-seed-extractor"; + description = "Extract OTP seed instead of using PosteID app"; + license = licenses.mit; + maintainers = with maintainers; [ aciceri ]; + }; +} diff --git a/pkgs/tools/security/vaultwarden/update.nix b/pkgs/tools/security/vaultwarden/update.nix index 0fc4b45a1296..44af26ada0d8 100644 --- a/pkgs/tools/security/vaultwarden/update.nix +++ b/pkgs/tools/security/vaultwarden/update.nix @@ -1,5 +1,7 @@ { writeShellScript , lib +, nix +, nix-prefetch-git , nix-update , curl , git @@ -9,7 +11,7 @@ }: writeShellScript "update-vaultwarden" '' - PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]} + PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix nix-prefetch-git nix-update ]} set -euxo pipefail @@ -17,6 +19,11 @@ writeShellScript "update-vaultwarden" '' nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION" URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2" - WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/") + WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"v([^\"]+)\".*/\\1/") + old_hash_bw=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.src.outputHash) + old_hash_vw=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash) + new_hash_bw=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/bitwarden/clients.git --rev "web-v$WEBVAULT_VERSION" | jq --raw-output ".sha256")) + new_hash_vw=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")) + sed -e "s#$old_hash_bw#$new_hash_bw#" -e "s#$old_hash_vw#$new_hash_vw#" -i pkgs/tools/security/vaultwarden/webvault.nix nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION" '' diff --git a/pkgs/tools/security/vaultwarden/webvault.nix b/pkgs/tools/security/vaultwarden/webvault.nix index 74a75e24339c..28b60517ad65 100644 --- a/pkgs/tools/security/vaultwarden/webvault.nix +++ b/pkgs/tools/security/vaultwarden/webvault.nix @@ -1,28 +1,73 @@ -{ lib, stdenv, fetchurl, nixosTests }: +{ lib +, buildNpmPackage +, fetchFromGitHub +, git +, nixosTests +, nodejs-16_x +, python3 +}: + +let + buildNpmPackage' = buildNpmPackage.override { nodejs = nodejs-16_x; }; -stdenv.mkDerivation rec { - pname = "vaultwarden-webvault"; version = "2022.12.0"; - src = fetchurl { - url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - hash = "sha256-QC3/aqIF2NdJPHmwUbvJR62wsUGBrgsHJCyqBJ/0gMc="; + bw_web_builds = fetchFromGitHub { + owner = "dani-garcia"; + repo = "bw_web_builds"; + rev = "v${version}"; + hash = "sha256-4yUE0ySUCKmmbca+T8qjqSO0AHZEUAHZ4nheRjpDnZo="; }; +in buildNpmPackage' { + pname = "vaultwarden-webvault"; + inherit version; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "clients"; + rev = "web-v${version}"; + hash = "sha256-CsbnnP12P7JuGDOm5Ia73SzET/jCx3qRbz9vdUf7lCA="; + }; + + npmDepsHash = "sha256-wWOtVGNOzY2s82nfQDuWgA4ukpJxJr8Z7Y+rFPq2QdU="; + + postPatch = '' + ln -s ${bw_web_builds}/{patches,resources} .. + PATH="${git}/bin:$PATH" VAULT_VERSION=${bw_web_builds.rev} \ + bash ${bw_web_builds}/scripts/apply_patches.sh + ''; + + nativeBuildInputs = [ + python3 + ]; + + makeCacheWritable = true; + + ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; - buildCommand = '' - mkdir -p $out/share/vaultwarden/ - cd $out/share/vaultwarden/ - tar xf $src - mv web-vault vault + npmBuildScript = "dist:oss:selfhost"; + + npmBuildFlags = [ + "--workspace" "apps/web" + ]; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/vaultwarden + mv apps/web/build $out/share/vaultwarden/vault + runHook postInstall ''; - passthru.tests = nixosTests.vaultwarden; + passthru = { + inherit bw_web_builds; + tests = nixosTests.vaultwarden; + }; meta = with lib; { description = "Integrates the web vault into vaultwarden"; homepage = "https://github.com/dani-garcia/bw_web_builds"; platforms = platforms.all; license = licenses.gpl3Plus; - maintainers = with maintainers; [ msteen mic92 ]; + maintainers = with maintainers; [ dotlambda msteen mic92 ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 72a0484ac341..f8fae131e31f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1530,6 +1530,8 @@ with pkgs; mprocs = callPackage ../tools/misc/mprocs { }; + mpy-utils = python3Packages.callPackage ../tools/misc/mpy-utils { }; + nominatim = callPackage ../servers/nominatim { }; ocs-url = libsForQt5.callPackage ../tools/misc/ocs-url { }; @@ -7586,6 +7588,8 @@ with pkgs; gdmap = callPackage ../tools/system/gdmap { }; + gdtoolkit = callPackage ../development/tools/gdtoolkit { }; + gef = callPackage ../development/tools/misc/gef { }; gelasio = callPackage ../data/fonts/gelasio { }; @@ -11008,7 +11012,8 @@ with pkgs; pocketbase = callPackage ../servers/pocketbase { }; - podman = callPackage ../applications/virtualization/podman { }; + podman = callPackage ../applications/virtualization/podman/wrapper.nix { }; + podman-unwrapped = callPackage ../applications/virtualization/podman { }; podman-compose = python3Packages.callPackage ../applications/virtualization/podman-compose {}; @@ -11046,6 +11051,8 @@ with pkgs; libjpeg8 = libjpeg.override { enableJpeg8 = true; }; }; + posteid-seed-extractor = callPackage ../tools/security/posteid-seed-extractor {}; + postscript-lexmark = callPackage ../misc/drivers/postscript-lexmark { }; povray = callPackage ../tools/graphics/povray { @@ -11397,6 +11404,8 @@ with pkgs; redpanda = callPackage ../servers/redpanda { }; + redpanda-server = redpanda.server; + redsocks = callPackage ../tools/networking/redsocks { }; renpy = callPackage ../development/interpreters/renpy { }; @@ -27532,6 +27541,8 @@ with pkgs; nanum-gothic-coding = callPackage ../data/fonts/nanum-gothic-coding { }; + nasin-nanpa = callPackage ../data/fonts/nasin-nanpa {}; + national-park-typeface = callPackage ../data/fonts/national-park { }; netease-music-tui = callPackage ../applications/audio/netease-music-tui { }; diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index adf13052e996..b2e8033b97e4 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -91,6 +91,7 @@ mapAliases ({ functorch = throw "functorch is now part of the torch package and has therefore been removed. See https://github.com/pytorch/functorch/releases/tag/v1.13.0 for more info."; # added 2022-12-01 garages-amsterdam = throw "garages-amsterdam has been renamed odp-amsterdam."; # added 2023-01-04 garminconnect-ha = garminconnect; # added 2022-02-05 + gdtoolkit = throw "gdtoolkit has been promoted to a top-level attribute"; # added 2023-02-15 gigalixir = throw "gigalixir has been promoted to a top-level attribute"; # Added 2022-10-02 gitdb2 = throw "gitdb2 has been deprecated, use gitdb instead."; # added 2020-03-14 GitPython = gitpython; # added 2022-10-28 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 7b5a3e86dac2..2e98fb16c57c 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -3726,8 +3726,6 @@ self: super: with self; { gdown = callPackage ../development/python-modules/gdown { }; - gdtoolkit = callPackage ../development/python-modules/gdtoolkit { }; - ge25519 = callPackage ../development/python-modules/ge25519 { }; geant4 = toPythonModule (pkgs.geant4.override { |