diff options
-rw-r--r-- | maintainers/maintainer-list.nix | 5 | ||||
-rw-r--r-- | nixos/modules/programs/zsh/zsh.nix | 4 | ||||
-rw-r--r-- | nixos/tests/hardened.nix | 8 | ||||
-rw-r--r-- | pkgs/applications/misc/pgmanage/default.nix | 7 | ||||
-rw-r--r-- | pkgs/applications/networking/instant-messengers/gomuks/default.nix | 23 | ||||
-rw-r--r-- | pkgs/applications/office/tryton/default.nix | 37 | ||||
-rw-r--r-- | pkgs/applications/office/trytond/default.nix | 15 | ||||
-rw-r--r-- | pkgs/development/compilers/iasl/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/coq-modules/stdpp/default.nix | 28 | ||||
-rw-r--r-- | pkgs/development/libraries/gdal/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/python-modules/cdecimal/default.nix | 25 | ||||
-rw-r--r-- | pkgs/development/python-modules/goocalendar/default.nix | 44 | ||||
-rw-r--r-- | pkgs/servers/http/nginx/modules.nix | 9 | ||||
-rw-r--r-- | pkgs/tools/misc/mongodb-compass/default.nix | 86 | ||||
-rw-r--r-- | pkgs/tools/networking/yrd/default.nix | 27 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 7 | ||||
-rw-r--r-- | pkgs/top-level/coq-packages.nix | 1 | ||||
-rw-r--r-- | pkgs/top-level/python-packages.nix | 4 |
18 files changed, 313 insertions, 25 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 790b72c039e3..9fa89838d164 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -3895,6 +3895,11 @@ github = "typetetris"; name = "Eric Wolf"; }; + udono = { + email = "udono@virtual-things.biz"; + github = "udono"; + name = "Udo Spallek"; + }; unode = { email = "alves.rjc@gmail.com"; github = "unode"; diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix index b88f54678ee1..f689250dc61f 100644 --- a/nixos/modules/programs/zsh/zsh.nix +++ b/nixos/modules/programs/zsh/zsh.nix @@ -108,6 +108,8 @@ in if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi export __ETC_ZSHENV_SOURCED=1 + ${config.system.build.setEnvironment.text} + ${cfge.shellInit} ${cfg.shellInit} @@ -127,8 +129,6 @@ in if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi __ETC_ZPROFILE_SOURCED=1 - ${config.system.build.setEnvironment.text} - ${cfge.loginShellInit} ${cfg.loginShellInit} diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index cb33b69e7199..0a0639d62796 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -25,16 +25,18 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = '' + $machine->waitForUnit("multi-user.target"); + # Test hidepid subtest "hidepid", sub { $machine->succeed("grep -Fq hidepid=2 /proc/mounts"); - $machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]"); - $machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]"); + # cannot use pgrep -u here, it segfaults when access to process info is denied + $machine->succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]"); + $machine->succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]"); }; # Test kernel module hardening subtest "lock-modules", sub { - $machine->waitForUnit("multi-user.target"); # note: this better a be module we normally wouldn't load ... $machine->fail("modprobe dccp"); }; diff --git a/pkgs/applications/misc/pgmanage/default.nix b/pkgs/applications/misc/pgmanage/default.nix index 7da71df7814c..d08b183d9d00 100644 --- a/pkgs/applications/misc/pgmanage/default.nix +++ b/pkgs/applications/misc/pgmanage/default.nix @@ -24,9 +24,10 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "A fast replacement for PGAdmin"; longDescription = '' - At the heart of Postage is a modern, fast, event-based C-binary, built in - the style of NGINX and Node.js. This heart makes Postage as fast as any - PostgreSQL interface can hope to be. + At the heart of pgManage is a modern, fast, event-based C-binary, built in + the style of NGINX and Node.js. This heart makes pgManage as fast as any + PostgreSQL interface can hope to be. (Note: pgManage replaces Postage, + which is no longer maintained.) ''; homepage = https://github.com/pgManage/pgManage; license = licenses.postgresql; diff --git a/pkgs/applications/networking/instant-messengers/gomuks/default.nix b/pkgs/applications/networking/instant-messengers/gomuks/default.nix new file mode 100644 index 000000000000..5246f8d3d1d6 --- /dev/null +++ b/pkgs/applications/networking/instant-messengers/gomuks/default.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGo110Package, fetchFromGitHub }: + +buildGo110Package rec { + name = "gomuks-${version}"; + version = "2018-05-16"; + + goPackagePath = "maunium.net/go/gomuks"; + + src = fetchFromGitHub { + owner = "tulir"; + repo = "gomuks"; + rev = "512ca88804268bf58a754e8a02be556f953db317"; + sha256 = "1bpgjkpvqqks3ljw9s0hm5pgscjs4rjy8rfpl2444m4rbpz1xvmr"; + }; + + meta = with stdenv.lib; { + homepage = https://maunium.net/go/gomuks/; + description = "A terminal based Matrix client written in Go"; + license = licenses.gpl3; + maintainers = with maintainers; [ tilpner ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/applications/office/tryton/default.nix b/pkgs/applications/office/tryton/default.nix index 51d5b083e6bd..0df9fd899dc5 100644 --- a/pkgs/applications/office/tryton/default.nix +++ b/pkgs/applications/office/tryton/default.nix @@ -1,22 +1,45 @@ -{ stdenv, fetchurl, python2Packages, librsvg }: +{ stdenv +, python2Packages +, pkgconfig +, librsvg +, gobjectIntrospection +, atk +, gtk3 +, gtkspell3 +, gnome3 +, goocanvas2 +}: with stdenv.lib; python2Packages.buildPythonApplication rec { - name = "tryton-${version}"; - version = "4.6.2"; - src = fetchurl { - url = "mirror://pypi/t/tryton/${name}.tar.gz"; - sha256 = "0bamr040np02gfjk8c734rw3mbgg75irfgpdcl2npgkdzyw1ksf9"; + pname = "tryton"; + version = "4.8.0"; + src = python2Packages.fetchPypi { + inherit pname version; + sha256 = "1ywgna4hhmji8pfrwhdfj1ns49vs9nwppqb7iy7jr27wrxk4bm6b"; }; + nativeBuildInputs = [ pkgconfig gobjectIntrospection ]; propagatedBuildInputs = with python2Packages; [ chardet dateutil pygtk librsvg + pygobject3 + goocalendar + cdecimal + ]; + buildInputs = [ + atk + gtk3 + gnome3.defaultIconTheme + gtkspell3 + goocanvas2 ]; makeWrapperArgs = [ ''--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE"'' + ''--set GI_TYPELIB_PATH "$GI_TYPELIB_PATH"'' + ''--suffix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"'' ]; meta = { description = "The client of the Tryton application platform"; @@ -30,6 +53,6 @@ python2Packages.buildPythonApplication rec { ''; homepage = http://www.tryton.org/; license = licenses.gpl3Plus; - maintainers = [ maintainers.johbo ]; + maintainers = with maintainers; [ johbo udono ]; }; } diff --git a/pkgs/applications/office/trytond/default.nix b/pkgs/applications/office/trytond/default.nix index efa7f2a410d7..31c6a7059fc0 100644 --- a/pkgs/applications/office/trytond/default.nix +++ b/pkgs/applications/office/trytond/default.nix @@ -4,11 +4,11 @@ with stdenv.lib; python2Packages.buildPythonApplication rec { - name = "trytond-${version}"; - version = "4.6.2"; - src = fetchurl { - url = "mirror://pypi/t/trytond/${name}.tar.gz"; - sha256 = "0asc3pd37h8ky8j66iqxr0fv0k6mpjcwxwm0xgm5hrdi32l5cdda"; + pname = "trytond"; + version = "4.8.0"; + src = python2Packages.fetchPypi { + inherit pname version; + sha256 = "114c0ea15b8395117bf8c669b7da8af4961001297fbd034c780a42a40e079e3a"; }; # Tells the tests which database to use @@ -25,12 +25,15 @@ python2Packages.buildPythonApplication rec { relatorio werkzeug wrapt + ipaddress # extra dependencies bcrypt pydot python-Levenshtein simplejson + cdecimal + html2text ] ++ stdenv.lib.optional withPostgresql psycopg2); meta = { description = "The server of the Tryton application platform"; @@ -44,6 +47,6 @@ python2Packages.buildPythonApplication rec { ''; homepage = http://www.tryton.org/; license = licenses.gpl3Plus; - maintainers = [ maintainers.johbo ]; + maintainers = with maintainers; [ udono johbo ]; }; } diff --git a/pkgs/development/compilers/iasl/default.nix b/pkgs/development/compilers/iasl/default.nix index 6cf4c85fb200..22f80ae559f7 100644 --- a/pkgs/development/compilers/iasl/default.nix +++ b/pkgs/development/compilers/iasl/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "iasl-${version}"; - version = "20180508"; + version = "20180313"; src = fetchurl { url = "https://acpica.org/sites/acpica/files/acpica-unix-${version}.tar.gz"; - sha256 = "1n7lqmv77kg28drahvxzybwl9v4hzwi8i7xkpgliclfcp5ff909b"; + sha256 = "05ab2xfv9wqwbzjaa9xqgrvvan87rxv29hw48h1gcckpc5smp2wm"; }; NIX_CFLAGS_COMPILE = "-O3"; diff --git a/pkgs/development/coq-modules/stdpp/default.nix b/pkgs/development/coq-modules/stdpp/default.nix new file mode 100644 index 000000000000..91801850ebfb --- /dev/null +++ b/pkgs/development/coq-modules/stdpp/default.nix @@ -0,0 +1,28 @@ +{ stdenv, fetchzip, coq }: + +stdenv.mkDerivation { + name = "coq${coq.coq-version}-stdpp-1.1"; + src = fetchzip { + url = "https://gitlab.mpi-sws.org/robbertkrebbers/coq-stdpp/-/archive/coq-stdpp-1.1.0/coq-stdpp-coq-stdpp-1.1.0.tar.gz"; + sha256 = "0z8zl288x9w32w06sjax01jcpy12wd5i3ygps58dl2hfy7r3lwg0"; + }; + + buildInputs = [ coq ]; + + enableParallelBuilding = true; + + installFlags = [ "COQLIB=$(out)/lib/coq/${coq.coq-version}/" ]; + + meta = { + homepage = "https://gitlab.mpi-sws.org/robbertkrebbers/coq-stdpp"; + description = "An extended “Standard Library” for Coq"; + inherit (coq.meta) platforms; + license = stdenv.lib.licenses.bsd3; + maintainers = [ stdenv.lib.maintainers.vbgl ]; + }; + + passthru = { + compatibleCoqVersions = v: stdenv.lib.versionAtLeast v "8.6"; + }; + +} diff --git a/pkgs/development/libraries/gdal/default.nix b/pkgs/development/libraries/gdal/default.nix index 562d79b00921..873d71d178bc 100644 --- a/pkgs/development/libraries/gdal/default.nix +++ b/pkgs/development/libraries/gdal/default.nix @@ -8,12 +8,12 @@ with stdenv.lib; stdenv.mkDerivation rec { - version = "2.2.4"; + version = "2.3.0"; name = "gdal-${version}"; src = fetchurl { url = "http://download.osgeo.org/gdal/${version}/${name}.tar.xz"; - sha256 = "0y1237m2wilxgrsd0cdjpbf1zj9z954sd8518g53hlmkmk8v27j4"; + sha256 = "18iaamzkn0lipizynvspf3bs5qzgcy36hn6bbi941q8dlfdf8xbg"; }; buildInputs = [ unzip libjpeg libtiff libpng proj openssl sqlite diff --git a/pkgs/development/python-modules/cdecimal/default.nix b/pkgs/development/python-modules/cdecimal/default.nix new file mode 100644 index 000000000000..2c0b0e623ca9 --- /dev/null +++ b/pkgs/development/python-modules/cdecimal/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchurl, wget, buildPythonPackage, isPy3k }: + +with stdenv.lib; + +buildPythonPackage rec { + pname = "cdecimal"; + version = "2.3"; + + disabled = isPy3k; + + src = fetchurl { + url="http://www.bytereef.org/software/mpdecimal/releases/${pname}-${version}.tar.gz"; + sha256 = "d737cbe43ed1f6ad9874fb86c3db1e9bbe20c0c750868fde5be3f379ade83d8b"; + }; + + # Upstream tests are not included s. a. http://www.bytereef.org/mpdecimal/testing.html + doCheck = false; + + meta = with stdenv.lib; { + description = "Fast drop-in replacement for decimal.py"; + homepage = http://www.bytereef.org/mpdecimal/; + license = licenses.bsd2; + maintainers = [ maintainers.udono ]; + }; +} diff --git a/pkgs/development/python-modules/goocalendar/default.nix b/pkgs/development/python-modules/goocalendar/default.nix new file mode 100644 index 000000000000..f6e67ad43923 --- /dev/null +++ b/pkgs/development/python-modules/goocalendar/default.nix @@ -0,0 +1,44 @@ +{ stdenv +, fetchPypi +, buildPythonPackage +, pkgconfig +, gtk3 +, gobjectIntrospection +, pygtk +, pygobject3 +, goocanvas2 +, isPy3k + }: + +with stdenv.lib; + +buildPythonPackage rec { + pname = "GooCalendar"; + version = "0.3"; + + disabled = isPy3k; + + src = fetchPypi { + inherit pname version; + sha256 = "1p7qbcv06xipg48sgpdlqf72ajl3n1qlypcc0giyi1a72zpyf823"; + }; + nativeBuildInputs = [ pkgconfig gobjectIntrospection ]; + propagatedBuildInputs = [ + pygtk + pygobject3 + ]; + buildInputs = [ + gtk3 + goocanvas2 + ]; + + # No upstream tests available + doCheck = false; + + meta = with stdenv.lib; { + description = "A calendar widget for GTK using PyGoocanvas."; + homepage = https://goocalendar.tryton.org/; + license = licenses.gpl2; + maintainers = [ maintainers.udono ]; + }; +} diff --git a/pkgs/servers/http/nginx/modules.nix b/pkgs/servers/http/nginx/modules.nix index 0e53b35e06d0..f482c92ed9f7 100644 --- a/pkgs/servers/http/nginx/modules.nix +++ b/pkgs/servers/http/nginx/modules.nix @@ -15,6 +15,15 @@ inputs = [ pkgs.brotli ]; }; + ipscrub = { + src = fetchFromGitHub { + owner = "masonicboom"; + repo = "ipscrub"; + rev = "99230f66d5afe1f929cf4ed217901acb6206f620"; + sha256 = "0mfrwkg4srql38w713pg6qxi0h4hgy8inkvgc9cm80bwlv2ng9s1"; + } + "/ipscrub"; + }; + rtmp ={ src = fetchFromGitHub { owner = "arut"; diff --git a/pkgs/tools/misc/mongodb-compass/default.nix b/pkgs/tools/misc/mongodb-compass/default.nix new file mode 100644 index 000000000000..f8475ee2e0e0 --- /dev/null +++ b/pkgs/tools/misc/mongodb-compass/default.nix @@ -0,0 +1,86 @@ +{ stdenv, fetchurl, dpkg +, alsaLib, atk, cairo, cups, curl, dbus, expat, fontconfig, freetype, glib +, gnome2, libnotify, libxcb, nspr, nss, systemd, xorg }: + +let + + version = "1.13.1"; + + rpath = stdenv.lib.makeLibraryPath [ + alsaLib + atk + cairo + cups + curl + dbus + expat + fontconfig + freetype + glib + gnome2.GConf + gnome2.gdk_pixbuf + gnome2.gtk + gnome2.pango + libnotify + libxcb + nspr + nss + stdenv.cc.cc + systemd + + xorg.libxkbfile + xorg.libX11 + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libXScrnSaver + ] + ":${stdenv.cc.cc.lib}/lib64"; + + src = + if stdenv.system == "x86_64-linux" then + fetchurl { + url = "https://downloads.mongodb.com/compass/mongodb-compass_${version}_amd64.deb"; + sha256 = "0x23jshnr0rafm5sn2vhq2y2gryg8mksahzyv5fszblgaxay234p"; + } + else + throw "MongoDB compass is not supported on ${stdenv.system}"; + +in stdenv.mkDerivation { + name = "mongodb-compass-${version}"; + + inherit src; + + buildInputs = [ dpkg ]; + unpackPhase = "true"; + + buildCommand = '' + IFS=$'\n' + dpkg -x $src $out + cp -av $out/usr/* $out + rm -rf $out/share/lintian + #The node_modules are bringing in non-linux files/dependencies + find $out -name "*.app" -exec rm -rf {} \; || true + find $out -name "*.dll" -delete + find $out -name "*.exe" -delete + # Otherwise it looks "suspicious" + chmod -R g-w $out + for file in `find $out -type f -perm /0111 -o -name \*.so\*`; do + echo "Manipulating file: $file" + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$file" || true + patchelf --set-rpath ${rpath}:$out/share/mongodb-compass "$file" || true + done + ''; + + meta = with stdenv.lib; { + description = "The GUI for MongoDB"; + homepage = https://www.mongodb.com/products/compass; + license = licenses.unfree; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/tools/networking/yrd/default.nix b/pkgs/tools/networking/yrd/default.nix new file mode 100644 index 000000000000..e5d260ef7d42 --- /dev/null +++ b/pkgs/tools/networking/yrd/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, pythonPackages }: + +let + pname = "yrd"; + version = "0.5.3"; + sha256 = "1yx1hr8z4cvlb3yi24dwafs0nxq41k4q477jc9q24w61a0g662ps"; + +in pythonPackages.buildPythonApplication { + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "kpcyrd"; + repo = "${pname}"; + rev = "v${version}"; + inherit sha256; + }; + + propagatedBuildInputs = with pythonPackages; [ argh ]; + + meta = with stdenv.lib; { + description = "Cjdns swiss army knife"; + maintainers = with maintainers; [ akru ]; + platforms = platforms.linux; + license = licenses.gpl3; + homepage = https://github.com/kpcyrd/yrd; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7290f39927d5..63e9be24226f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1445,6 +1445,8 @@ with pkgs; mcrypt = callPackage ../tools/misc/mcrypt { }; + mongodb-compass = callPackage ../tools/misc/mongodb-compass { }; + mongodb-tools = callPackage ../tools/misc/mongodb-tools { }; mozlz4a = callPackage ../tools/compression/mozlz4a { @@ -15781,6 +15783,8 @@ with pkgs; goldendict = libsForQt5.callPackage ../applications/misc/goldendict { }; + gomuks = callPackage ../applications/networking/instant-messengers/gomuks { }; + inherit (ocamlPackages) google-drive-ocamlfuse; google-musicmanager = callPackage ../applications/audio/google-musicmanager { }; @@ -21470,4 +21474,7 @@ with pkgs; inherit (recurseIntoAttrs (callPackages ../os-specific/bsd { })) netbsd; + + yrd = callPackage ../tools/networking/yrd { }; + } diff --git a/pkgs/top-level/coq-packages.nix b/pkgs/top-level/coq-packages.nix index e21445b423d0..519d1cb9ed46 100644 --- a/pkgs/top-level/coq-packages.nix +++ b/pkgs/top-level/coq-packages.nix @@ -36,6 +36,7 @@ let paco = callPackage ../development/coq-modules/paco {}; QuickChick = callPackage ../development/coq-modules/QuickChick {}; ssreflect = callPackage ../development/coq-modules/ssreflect { }; + stdpp = callPackage ../development/coq-modules/stdpp { }; tlc = callPackage ../development/coq-modules/tlc {}; }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index ca5cfb677a2e..998aac285c42 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -223,6 +223,8 @@ in { bugseverywhere = callPackage ../applications/version-management/bugseverywhere {}; + cdecimal = callPackage ../development/python-modules/cdecimal { }; + dendropy = callPackage ../development/python-modules/dendropy { }; dbf = callPackage ../development/python-modules/dbf { }; @@ -253,6 +255,8 @@ in { globus-sdk = callPackage ../development/python-modules/globus-sdk { }; + goocalendar = callPackage ../development/python-modules/goocalendar { }; + gssapi = callPackage ../development/python-modules/gssapi { }; h5py = callPackage ../development/python-modules/h5py { |