From 9537ce326e3555ed223a1dfe8f5453777f304b94 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Wed, 11 Oct 2023 09:49:14 -0400 Subject: river-bnf: init at unstable-2023-10-10 --- pkgs/by-name/ri/river-bnf/package.nix | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 pkgs/by-name/ri/river-bnf/package.nix diff --git a/pkgs/by-name/ri/river-bnf/package.nix b/pkgs/by-name/ri/river-bnf/package.nix new file mode 100644 index 000000000000..f869a6e2ff0c --- /dev/null +++ b/pkgs/by-name/ri/river-bnf/package.nix @@ -0,0 +1,42 @@ +{ lib +, stdenv +, fetchFromSourcehut +, wayland +, wayland-scanner +, unstableGitUpdater +}: + +stdenv.mkDerivation rec { + pname = "river-bnf"; + version = "unstable-2023-10-10"; + + src = fetchFromSourcehut { + owner = "~leon_plickat"; + repo = pname; + rev = "bb8ded380ed5d539777533065b4fd33646ad5603"; + hash = "sha256-rm9Nt3WLgq9QOXzrkYBGp45EALNYFTQGInxfYIN0XcU="; + }; + + nativeBuildInputs = [ + wayland-scanner + ]; + + buildInputs = [ + wayland.dev + ]; + + postPatch = '' + substituteInPlace Makefile --replace '/usr/local' $out + ''; + + passthru.updateScript = unstableGitUpdater { }; + + meta = { + description = "Switch back'n'forth between river tags"; + homepage = "https://git.sr.ht/~leon_plickat/river-bnf"; + license = lib.licenses.gpl3Only; + maintainers = with lib.maintainers; [ adamcstephens ]; + mainProgram = "river-bnf"; + platforms = lib.platforms.linux; + }; +} -- cgit 1.4.1 From 7f45cd96e9a38e90fa8ef2ea3febff1b1f920cf4 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 19 Oct 2023 10:09:57 -0400 Subject: nqptp: add adamcstephens as maintainer --- pkgs/tools/networking/nqptp/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/networking/nqptp/default.nix b/pkgs/tools/networking/nqptp/default.nix index 5261a6afb58f..58594f848ac2 100644 --- a/pkgs/tools/networking/nqptp/default.nix +++ b/pkgs/tools/networking/nqptp/default.nix @@ -18,11 +18,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook pkg-config ]; - meta = with lib; { + meta = { homepage = "https://github.com/mikebrady/nqptp"; description = "Daemon and companion application to Shairport Sync that monitors timing data from any PTP clocks"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ jordanisaacs ]; - platforms = platforms.linux ++ platforms.freebsd; + license = lib.licenses.gpl2Only; + maintainers = with lib.maintainers; [ jordanisaacs adamcstephens ]; + platforms = lib.platforms.linux ++ lib.platforms.freebsd; }; } -- cgit 1.4.1 From 68829e6b035e0cfba3e65f3ab2b73fc18de684f2 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 19 Oct 2023 10:10:28 -0400 Subject: nqptp: 1.2.3 -> 1.2.4 --- pkgs/tools/networking/nqptp/default.nix | 14 ++++++++++++-- pkgs/tools/networking/nqptp/remove-setcap.patch | 13 +++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 pkgs/tools/networking/nqptp/remove-setcap.patch diff --git a/pkgs/tools/networking/nqptp/default.nix b/pkgs/tools/networking/nqptp/default.nix index 58594f848ac2..2db121e2d189 100644 --- a/pkgs/tools/networking/nqptp/default.nix +++ b/pkgs/tools/networking/nqptp/default.nix @@ -3,21 +3,31 @@ , fetchFromGitHub , autoreconfHook , pkg-config +, gitUpdater }: stdenv.mkDerivation rec { - version = "1.2.3"; + version = "1.2.4"; pname = "nqptp"; src = fetchFromGitHub { owner = "mikebrady"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-Ppsz3hDG6sEf6LJ2WdbTdJ8Gi53f0YmvaUU8TOfVMz4="; + hash = "sha256-roTNcr3v2kzE6vQ5plAVtlw1+2yJplltOYsGGibtoZo="; }; + patches = [ + # this patch should be removed when > 1.2.4 + ./remove-setcap.patch + ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; + passthru.updateScript = gitUpdater { + ignoredVersions = ".*(-dev|d0)"; + }; + meta = { homepage = "https://github.com/mikebrady/nqptp"; description = "Daemon and companion application to Shairport Sync that monitors timing data from any PTP clocks"; diff --git a/pkgs/tools/networking/nqptp/remove-setcap.patch b/pkgs/tools/networking/nqptp/remove-setcap.patch new file mode 100644 index 000000000000..2fa56ac0150a --- /dev/null +++ b/pkgs/tools/networking/nqptp/remove-setcap.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile.am b/Makefile.am +index 78f36d7..8dc4e4f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -19,8 +19,6 @@ endif + + install-exec-hook: + if BUILD_FOR_LINUX +-# NQPTP runs as user/group nqptp/nqptp on Linux and uses setcap to access ports 319 and 320 +- setcap 'cap_net_bind_service=+ep' $(bindir)/nqptp + # no installer for System V + if INSTALL_SYSTEMD_STARTUP + getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null -- cgit 1.4.1 From e2e4463a976d8e8c96a20b504322cf06673f4ba7 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Fri, 20 Oct 2023 13:35:00 +0200 Subject: rpi-imager: 1.7.5 -> 1.8.1 https://github.com/raspberrypi/rpi-imager/releases/tag/v1.8.1 https://github.com/raspberrypi/rpi-imager/compare/v1.7.5...v1.8.1 --- pkgs/tools/misc/rpi-imager/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/rpi-imager/default.nix b/pkgs/tools/misc/rpi-imager/default.nix index 61ca001563f5..f34161567ee6 100644 --- a/pkgs/tools/misc/rpi-imager/default.nix +++ b/pkgs/tools/misc/rpi-imager/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , wrapQtAppsHook , cmake +, pkg-config , util-linux , curl , libarchive @@ -12,23 +13,25 @@ , qttools , qtquickcontrols2 , qtgraphicaleffects +, xz , nix-update-script , enableTelemetry ? false }: stdenv.mkDerivation rec { pname = "rpi-imager"; - version = "1.7.5"; + version = "1.8.1"; src = fetchFromGitHub { owner = "raspberrypi"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-yB+H1zWL40KzxOrBuvg7nBC3zmWilsOgOW7ndiDWuDA="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-drHiZ0eYYvJg6/v3oEozGAbBKm1KLpec+kYZWwpT9yM="; }; nativeBuildInputs = [ cmake + pkg-config util-linux wrapQtAppsHook ]; @@ -48,6 +51,7 @@ stdenv.mkDerivation rec { qttools qtquickcontrols2 qtgraphicaleffects + xz ]; sourceRoot = "${src.name}/src"; -- cgit 1.4.1 From 0c578d114661ac40f7a717925d8ada43371ed57a Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Fri, 20 Oct 2023 13:42:01 +0200 Subject: rpi-imager: add passthru.tests.version --- pkgs/tools/misc/rpi-imager/default.nix | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/pkgs/tools/misc/rpi-imager/default.nix b/pkgs/tools/misc/rpi-imager/default.nix index f34161567ee6..832d9575b342 100644 --- a/pkgs/tools/misc/rpi-imager/default.nix +++ b/pkgs/tools/misc/rpi-imager/default.nix @@ -14,18 +14,19 @@ , qtquickcontrols2 , qtgraphicaleffects , xz +, testers , nix-update-script , enableTelemetry ? false }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "rpi-imager"; version = "1.8.1"; src = fetchFromGitHub { owner = "raspberrypi"; - repo = pname; - rev = "refs/tags/v${version}"; + repo = finalAttrs.pname; + rev = "refs/tags/v${finalAttrs.version}"; sha256 = "sha256-drHiZ0eYYvJg6/v3oEozGAbBKm1KLpec+kYZWwpT9yM="; }; @@ -54,33 +55,25 @@ stdenv.mkDerivation rec { xz ]; - sourceRoot = "${src.name}/src"; + sourceRoot = "${finalAttrs.src.name}/src"; /* By default, the builder checks for JSON support in lsblk by running "lsblk --json", but that throws an error, as /sys/dev doesn't exist in the sandbox. This patch removes the check. */ patches = [ ./lsblkCheckFix.patch ]; - doInstallCheck = true; - - installCheckPhase = '' - runHook preInstallCheck - - # Without this, the tests fail because they cannot create the QT Window - export QT_QPA_PLATFORM=offscreen - $out/bin/rpi-imager --version - - runHook postInstallCheck - ''; - passthru = { + tests.version = testers.testVersion { + package = finalAttrs.finalPackage; + command = "QT_QPA_PLATFORM=offscreen rpi-imager --version"; + }; updateScript = nix-update-script { }; }; meta = with lib; { description = "Raspberry Pi Imaging Utility"; homepage = "https://www.raspberrypi.com/software/"; - changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${version}"; + changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${finalAttrs.version}"; downloadPage = "https://github.com/raspberrypi/rpi-imager/"; license = licenses.asl20; maintainers = with maintainers; [ ymarkus anthonyroussel ]; @@ -88,4 +81,4 @@ stdenv.mkDerivation rec { # does not build on darwin broken = stdenv.isDarwin; }; -} +}) -- cgit 1.4.1 From 24e4bc0eb3845a5b466d200b18d62042104f4952 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Fri, 20 Oct 2023 13:42:11 +0200 Subject: rpi-imager: add meta.mainProgram --- pkgs/tools/misc/rpi-imager/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/tools/misc/rpi-imager/default.nix b/pkgs/tools/misc/rpi-imager/default.nix index 832d9575b342..579aa7fcc5e9 100644 --- a/pkgs/tools/misc/rpi-imager/default.nix +++ b/pkgs/tools/misc/rpi-imager/default.nix @@ -76,6 +76,7 @@ stdenv.mkDerivation (finalAttrs: { changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${finalAttrs.version}"; downloadPage = "https://github.com/raspberrypi/rpi-imager/"; license = licenses.asl20; + mainProgram = "rpi-imager"; maintainers = with maintainers; [ ymarkus anthonyroussel ]; platforms = platforms.all; # does not build on darwin -- cgit 1.4.1 From 5885a5453aa07c3991c274176050cc182bd5bec1 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 21 Oct 2023 06:24:08 +0000 Subject: ttyplot: 1.4 -> 1.5 --- pkgs/tools/misc/ttyplot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/ttyplot/default.nix b/pkgs/tools/misc/ttyplot/default.nix index 7becc090a83b..a136031dfc13 100644 --- a/pkgs/tools/misc/ttyplot/default.nix +++ b/pkgs/tools/misc/ttyplot/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "ttyplot"; - version = "1.4"; + version = "1.5"; src = fetchFromGitHub { owner = "tenox7"; repo = "ttyplot"; rev = version; - sha256 = "19qm0hx9ljdw9qg78lydn3c627xy7xnx3knq5f7caw9lf0cdp7kf"; + sha256 = "sha256-COnqzWqah1J/q64XrOBhMOsrafAs/BptqNvrjHJ9edQ="; }; buildInputs = [ ncurses ]; -- cgit 1.4.1 From 1121cec61595e1e825ef79e4517f6231fd827668 Mon Sep 17 00:00:00 2001 From: Claudio Bley Date: Sat, 21 Oct 2023 09:57:19 +0200 Subject: mediathekview: Set `mainProgram` to "mediathek" --- pkgs/applications/video/mediathekview/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/video/mediathekview/default.nix b/pkgs/applications/video/mediathekview/default.nix index 36d941ec94f4..6db16f1aec06 100644 --- a/pkgs/applications/video/mediathekview/default.nix +++ b/pkgs/applications/video/mediathekview/default.nix @@ -42,6 +42,7 @@ stdenv.mkDerivation rec { homepage = "https://mediathekview.de/"; sourceProvenance = with sourceTypes; [ binaryBytecode ]; license = licenses.gpl3Plus; + mainProgram = "mediathek"; maintainers = with maintainers; [ moredread ]; platforms = platforms.all; }; -- cgit 1.4.1 From 219e235433d51b682f8a34760aa6661f86609344 Mon Sep 17 00:00:00 2001 From: Daniel Hill Date: Sun, 22 Oct 2023 20:50:30 +1300 Subject: mpd: add soxr resampler support --- pkgs/servers/mpd/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/mpd/default.nix b/pkgs/servers/mpd/default.nix index 0f92847a2378..aa781f7e26fb 100644 --- a/pkgs/servers/mpd/default.nix +++ b/pkgs/servers/mpd/default.nix @@ -9,7 +9,7 @@ , audiofile, faad2, ffmpeg, flac, fluidsynth, game-music-emu , libmad, libmikmod, mpg123, libopus, libvorbis, lame # Filters -, libsamplerate +, libsamplerate, soxr # Outputs , alsa-lib, libjack2, libpulseaudio, libshout, pipewire # Misc @@ -62,6 +62,7 @@ let lame = [ lame ]; # Filter plugins libsamplerate = [ libsamplerate ]; + soxr = [ soxr ]; # Output plugins alsa = [ alsa-lib ]; jack = [ libjack2 ]; -- cgit 1.4.1 From d57791c29f5447ae72ddc9f97d0cfdb8f9e4c459 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 22 Oct 2023 11:33:06 +0000 Subject: python311Packages.aiowithings: 0.4.4 -> 1.0.0 --- pkgs/development/python-modules/aiowithings/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/aiowithings/default.nix b/pkgs/development/python-modules/aiowithings/default.nix index bc6e69534342..19d9997ed8d7 100644 --- a/pkgs/development/python-modules/aiowithings/default.nix +++ b/pkgs/development/python-modules/aiowithings/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "aiowithings"; - version = "0.4.4"; + version = "1.0.0"; pyproject = true; disabled = pythonOlder "3.11"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "joostlek"; repo = "python-withings"; rev = "refs/tags/v${version}"; - hash = "sha256-YmTYwj3Udo1Pev25LLvY7757BR0h44aefqIe8b8FlTc="; + hash = "sha256-3necwO/EpjWD1fAItqsZJKgv0CIBklxcM1jNRPxhSVY="; }; postPatch = '' -- cgit 1.4.1 From e07d5326fa0d54e057af2295321dcbf692979031 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 21 Oct 2023 15:14:28 +0200 Subject: matrix-synapse: remove opentracing optional dependencies Fixes eval failure 'opentracing-2.4.0 not supported for interpreter python3.11' opentracing and jaeger-client libraries are unmaintained --- pkgs/servers/matrix-synapse/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index 04077ad2c261..9de7a7e093f1 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -113,10 +113,6 @@ python3.pkgs.buildPythonApplication rec { sentry = [ sentry-sdk ]; - opentracing = [ - jaeger-client - opentracing - ]; jwt = [ authlib ]; -- cgit 1.4.1 From 0288685a4ddd1176f0dc0db99c9bb3ac24a7a752 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 22 Oct 2023 14:15:39 +0200 Subject: nixos/matrix-synapse: remove opentracing options --- nixos/modules/services/matrix/synapse.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index b38b35361cf0..12e27ef26ff3 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -60,7 +60,6 @@ let ++ lib.optional (cfg.settings ? oidc_providers) "oidc" ++ lib.optional (cfg.settings ? jwt_config) "jwt" ++ lib.optional (cfg.settings ? saml2_config) "saml2" - ++ lib.optional (cfg.settings ? opentracing) "opentracing" ++ lib.optional (cfg.settings ? redis) "redis" ++ lib.optional (cfg.settings ? sentry) "sentry" ++ lib.optional (cfg.settings ? user_directory) "user-search" @@ -334,7 +333,6 @@ in { [ "cache-memory" # Provide statistics about caching memory consumption "jwt" # JSON Web Token authentication - "opentracing" # End-to-end tracing support using Jaeger "oidc" # OpenID Connect authentication "postgres" # PostgreSQL database backend "redis" # Redis support for the replication stream between worker processes -- cgit 1.4.1 From 25872524f0ed0e16c382754d8d10ddb44c23c50c Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 30 Apr 2023 04:02:15 +0200 Subject: nixos/qemu-vm: add `virtualisation.tpm` for running TPM in QEMU infrastructure --- nixos/modules/virtualisation/qemu-vm.nix | 44 +++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index d0a5ddd87ccf..a1606839b6ce 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -198,6 +198,16 @@ let fi ''} + ${lib.optionalString cfg.tpm.enable '' + NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}") + mkdir -p "$NIX_SWTPM_DIR" + ${lib.getExe cfg.tpm.package} \ + socket \ + --tpmstate dir="$NIX_SWTPM_DIR" \ + --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket \ + "--tpm2" 1>"$NIX_SWTPM_DIR"/stdout 2>"$NIX_SWTPM_DIR"/stderr & + ''} + cd "$TMPDIR" ${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"} @@ -862,6 +872,32 @@ in }; }; + virtualisation.tpm = { + enable = mkEnableOption "a TPM device in the virtual machine with a driver, using swtpm."; + + package = mkPackageOptionMD cfg.host.pkgs "swtpm" { }; + + deviceModel = mkOption { + type = types.str; + default = ({ + "i686-linux" = "tpm-tis"; + "x86_64-linux" = "tpm-tis"; + "ppc64-linux" = "tpm-spapr"; + "armv7-linux" = "tpm-tis-device"; + "aarch64-linux" = "tpm-tis-device"; + }.${pkgs.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU")); + defaultText = '' + Based on the guest platform Linux system: + + - `tpm-tis` for (i686, x86_64) + - `tpm-spapr` for ppc64 + - `tpm-tis-device` for (armv7, aarch64) + ''; + example = "tpm-tis-device"; + description = lib.mdDoc "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed."; + }; + }; + virtualisation.useDefaultFilesystems = mkOption { type = types.bool; @@ -1027,7 +1063,8 @@ in boot.initrd.availableKernelModules = optional cfg.writableStore "overlay" - ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx"; + ++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx" + ++ optional (cfg.tpm.enable) "tpm_tis"; virtualisation.additionalPaths = [ config.system.build.toplevel ]; @@ -1098,6 +1135,11 @@ in (mkIf (!cfg.graphics) [ "-nographic" ]) + (mkIf (cfg.tpm.enable) [ + "-chardev socket,id=chrtpm,path=\"$NIX_SWTPM_DIR\"/socket" + "-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm" + "-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0" + ]) ]; virtualisation.qemu.drives = mkMerge [ -- cgit 1.4.1 From 83b131bb55bde0511a17d3beb52145d778dd4105 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sun, 30 Apr 2023 04:02:51 +0200 Subject: nixos/tests: adopt newest TPM support in test infra --- nixos/tests/systemd-credentials-tpm2.nix | 59 ++---------------------------- nixos/tests/systemd-cryptenroll.nix | 61 +++++++++++++------------------- nixos/tests/systemd-initrd-luks-tpm2.nix | 27 +------------- 3 files changed, 27 insertions(+), 120 deletions(-) diff --git a/nixos/tests/systemd-credentials-tpm2.nix b/nixos/tests/systemd-credentials-tpm2.nix index d2dc1fd7b615..bf7418312236 100644 --- a/nixos/tests/systemd-credentials-tpm2.nix +++ b/nixos/tests/systemd-credentials-tpm2.nix @@ -1,13 +1,4 @@ -import ./make-test-python.nix ({ lib, pkgs, system, ... }: - -let - tpmSocketPath = "/tmp/swtpm-sock"; - tpmDeviceModels = { - x86_64-linux = "tpm-tis"; - aarch64-linux = "tpm-tis-device"; - }; -in - +import ./make-test-python.nix ({ lib, pkgs, ... }: { name = "systemd-credentials-tpm2"; @@ -16,51 +7,11 @@ in }; nodes.machine = { pkgs, ... }: { - virtualisation = { - qemu.options = [ - "-chardev socket,id=chrtpm,path=${tpmSocketPath}" - "-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm" - "-device ${tpmDeviceModels.${system}},tpmdev=tpm_dev_0" - ]; - }; - - boot.initrd.availableKernelModules = [ "tpm_tis" ]; - + virtualisation.tpm.enable = true; environment.systemPackages = with pkgs; [ diffutils ]; }; testScript = '' - import subprocess - from tempfile import TemporaryDirectory - - # From systemd-initrd-luks-tpm2.nix - class Tpm: - def __init__(self): - self.state_dir = TemporaryDirectory() - self.start() - - def start(self): - self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", - "socket", - "--tpmstate", f"dir={self.state_dir.name}", - "--ctrl", "type=unixio,path=${tpmSocketPath}", - "--tpm2", - ]) - - # Check whether starting swtpm failed - try: - exit_code = self.proc.wait(timeout=0.2) - if exit_code is not None and exit_code != 0: - raise Exception("failed to start swtpm") - except subprocess.TimeoutExpired: - pass - - """Check whether the swtpm process exited due to an error""" - def check(self): - exit_code = self.proc.poll() - if exit_code is not None and exit_code != 0: - raise Exception("swtpm process died") - CRED_NAME = "testkey" CRED_RAW_FILE = f"/root/{CRED_NAME}" CRED_FILE = f"/root/{CRED_NAME}.cred" @@ -85,12 +36,6 @@ in machine.log("systemd-run finished successfully") - tpm = Tpm() - - @polling_condition - def swtpm_running(): - tpm.check() - machine.wait_for_unit("multi-user.target") with subtest("Check whether TPM device exists"): diff --git a/nixos/tests/systemd-cryptenroll.nix b/nixos/tests/systemd-cryptenroll.nix index 055ae7d1681f..034aae1d5e95 100644 --- a/nixos/tests/systemd-cryptenroll.nix +++ b/nixos/tests/systemd-cryptenroll.nix @@ -8,47 +8,34 @@ import ./make-test-python.nix ({ pkgs, ... }: { environment.systemPackages = [ pkgs.cryptsetup ]; virtualisation = { emptyDiskImages = [ 512 ]; - qemu.options = [ - "-chardev socket,id=chrtpm,path=/tmp/swtpm-sock" - "-tpmdev emulator,id=tpm0,chardev=chrtpm" - "-device tpm-tis,tpmdev=tpm0" - ]; + tpm.enable = true; }; }; testScript = '' - import subprocess - import tempfile - - def start_swtpm(tpmstate): - subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir="+tpmstate, "--ctrl", "type=unixio,path=/tmp/swtpm-sock", "--log", "level=0", "--tpm2"]) - - with tempfile.TemporaryDirectory() as tpmstate: - start_swtpm(tpmstate) - machine.start() - - # Verify the TPM device is available and accessible by systemd-cryptenroll - machine.succeed("test -e /dev/tpm0") - machine.succeed("test -e /dev/tpmrm0") - machine.succeed("systemd-cryptenroll --tpm2-device=list") - - # Create LUKS partition - machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -") - # Enroll new LUKS key and bind it to Secure Boot state - # For more details on PASSWORD variable, check the following issue: - # https://github.com/systemd/systemd/issues/20955 - machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb") - # Add LUKS partition to /etc/crypttab to test auto unlock - machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab") - machine.shutdown() - - start_swtpm(tpmstate) - machine.start() - - # Test LUKS partition automatic unlock on boot - machine.wait_for_unit("systemd-cryptsetup@luks.service") - # Wipe TPM2 slot - machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb") + machine.start() + + # Verify the TPM device is available and accessible by systemd-cryptenroll + machine.succeed("test -e /dev/tpm0") + machine.succeed("test -e /dev/tpmrm0") + machine.succeed("systemd-cryptenroll --tpm2-device=list") + + # Create LUKS partition + machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -") + # Enroll new LUKS key and bind it to Secure Boot state + # For more details on PASSWORD variable, check the following issue: + # https://github.com/systemd/systemd/issues/20955 + machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb") + # Add LUKS partition to /etc/crypttab to test auto unlock + machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab") + + machine.shutdown() + machine.start() + + # Test LUKS partition automatic unlock on boot + machine.wait_for_unit("systemd-cryptsetup@luks.service") + # Wipe TPM2 slot + machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb") ''; }) diff --git a/nixos/tests/systemd-initrd-luks-tpm2.nix b/nixos/tests/systemd-initrd-luks-tpm2.nix index d9dd9118a3a2..e292acfd1c5f 100644 --- a/nixos/tests/systemd-initrd-luks-tpm2.nix +++ b/nixos/tests/systemd-initrd-luks-tpm2.nix @@ -9,7 +9,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { # Booting off the TPM2-encrypted device requires an available init script mountHostNixStore = true; useEFIBoot = true; - qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"]; + tpm.enable = true; }; boot.loader.systemd-boot.enable = true; @@ -33,29 +33,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { }; testScript = '' - import subprocess - import os - import time - - - class Tpm: - def __init__(self): - os.mkdir("/tmp/mytpm1") - self.start() - - def start(self): - self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir=/tmp/mytpm1", "--ctrl", "type=unixio,path=/tmp/mytpm1/swtpm-sock", "--log", "level=20", "--tpm2"]) - - def wait_for_death_then_restart(self): - while self.proc.poll() is None: - print("waiting for tpm to die") - time.sleep(1) - assert self.proc.returncode == 0 - self.start() - - tpm = Tpm() - - # Create encrypted volume machine.wait_for_unit("multi-user.target") machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") @@ -66,8 +43,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { machine.succeed("sync") machine.crash() - tpm.wait_for_death_then_restart() - # Boot and decrypt the disk machine.wait_for_unit("multi-user.target") assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") -- cgit 1.4.1 From 60421a1622ac05433afcf0179ff46f937e10096c Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 22 Oct 2023 01:30:48 +0300 Subject: firefox: start killing all the per-extension options --- nixos/modules/programs/browserpass.nix | 2 +- nixos/modules/programs/firefox.nix | 103 +++++++++++++-------- .../desktops/gnome/gnome-browser-connector.nix | 2 +- .../services/x11/desktop-managers/plasma5.nix | 2 +- .../networking/browsers/firefox/wrapper.nix | 37 +++++--- 5 files changed, 92 insertions(+), 54 deletions(-) diff --git a/nixos/modules/programs/browserpass.nix b/nixos/modules/programs/browserpass.nix index abd99056ff3b..a9670a37e618 100644 --- a/nixos/modules/programs/browserpass.nix +++ b/nixos/modules/programs/browserpass.nix @@ -27,6 +27,6 @@ with lib; "opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium"; "opt/brave/policies/managed/${appId}".source = source "policies/chromium"; }; - programs.firefox.wrapperConfig.enableBrowserpass = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.browserpass ]; }; } diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix index 813e0e0105f6..85f47530cf5a 100644 --- a/nixos/modules/programs/firefox.nix +++ b/nixos/modules/programs/firefox.nix @@ -5,8 +5,6 @@ with lib; let cfg = config.programs.firefox; - nmh = cfg.nativeMessagingHosts; - policyFormat = pkgs.formats.json { }; organisationInfo = '' @@ -17,6 +15,50 @@ let given control of your browser, unless of course they also control your NixOS configuration. ''; + + # deprecated per-native-messaging-host options + nmhOptions = { + browserpass = { + name = "Browserpass"; + package = pkgs.browserpass; + }; + bukubrow = { + name = "Bukubrow"; + package = pkgs.bukubrow; + }; + euwebid = { + name = "Web eID"; + package = pkgs.web-eid-app; + }; + ff2mpv = { + name = "ff2mpv"; + package = pkgs.ff2mpv; + }; + fxCast = { + name = "fx_cast"; + package = pkgs.fx-cast-bridge; + }; + gsconnect = { + name = "GSConnect"; + package = pkgs.gnomeExtensions.gsconnect; + }; + jabref = { + name = "JabRef"; + package = pkgs.jabref; + }; + passff = { + name = "PassFF"; + package = pkgs.passff-host; + }; + tridactyl = { + name = "Tridactyl"; + package = pkgs.tridactyl-native; + }; + ugetIntegrator = { + name = "Uget Integrator"; + package = pkgs.uget-integrator; + }; + }; in { options.programs.firefox = { @@ -204,46 +246,31 @@ in ''; }; - nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) { - browserpass = "Browserpass support"; - bukubrow = "Bukubrow support"; - euwebid = "Web eID support"; - ff2mpv = "ff2mpv support"; - fxCast = "fx_cast support"; - gsconnect = "GSConnect support"; - jabref = "JabRef support"; - passff = "PassFF support"; - tridactyl = "Tridactyl support"; - ugetIntegrator = "Uget Integrator support"; - }; + nativeMessagingHosts = ({ + packages = mkOption { + type = types.listOf types.package; + default = []; + description = mdDoc '' + Additional packages containing native messaging hosts that should be made available to Firefox extensions. + ''; + }; + }) // (mapAttrs (k: v: mkEnableOption (mdDoc "${v.name} support")) nmhOptions); }; - config = mkIf cfg.enable { + config = let + forEachEnabledNmh = fn: flatten (mapAttrsToList (k: v: lib.optional cfg.nativeMessagingHosts.${k} (fn k v)) nmhOptions); + in mkIf cfg.enable { + warnings = forEachEnabledNmh (k: v: + "The `programs.firefox.nativeMessagingHosts.${k}` option is deprecated, " + + "please add `${v.package.pname}` to `programs.firefox.nativeMessagingHosts.packages` instead." + ); + programs.firefox.nativeMessagingHosts.packages = forEachEnabledNmh (_: v: v.package); + environment.systemPackages = [ (cfg.package.override (old: { - extraPrefs = cfg.autoConfig; - extraNativeMessagingHosts = - old.extraNativeMessagingHosts or [] - ++ optional nmh.ff2mpv pkgs.ff2mpv - ++ optional nmh.euwebid pkgs.web-eid-app - ++ optional nmh.gsconnect pkgs.gnomeExtensions.gsconnect - ++ optional nmh.jabref pkgs.jabref - ++ optional nmh.passff pkgs.passff-host; - cfg = let - # copy-pasted from the wrapper; TODO: figure out fix - applicationName = cfg.package.binaryName or (lib.getName cfg.package); - - oldCfg = old.cfg or {}; - nixpkgsConfig = pkgs.config.${applicationName} or {}; - optionConfig = cfg.wrapperConfig; - nmhConfig = { - enableBrowserpass = nmh.browserpass; - enableBukubrow = nmh.bukubrow; - enableTridactylNative = nmh.tridactyl; - enableUgetIntegrator = nmh.ugetIntegrator; - enableFXCastBridge = nmh.fxCast; - }; - in oldCfg // nixpkgsConfig // optionConfig // nmhConfig; + extraPrefsFiles = old.extraPrefsFiles or [] ++ [(pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig)]; + nativeMessagingHosts = old.nativeMessagingHosts or [] ++ cfg.nativeMessagingHosts.packages; + cfg = (old.cfg or {}) // cfg.wrapperConfig; })) ]; diff --git a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix index d18e303891e4..4f680eabbe15 100644 --- a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix +++ b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix @@ -42,6 +42,6 @@ in services.dbus.packages = [ pkgs.gnome-browser-connector ]; - programs.firefox.wrapperConfig.enableGnomeExtensions = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnome-browser-connector ]; }; } diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 285d0a181931..fc3287045710 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -379,7 +379,7 @@ in # Update the start menu for each user that is currently logged in system.userActivationScripts.plasmaSetup = activationScript; - programs.firefox.wrapperConfig.enablePlasmaBrowserIntegration = true; + programs.firefox.nativeMessagingHosts.packages = [ pkgs.plasma5Packages.plasma-browser-integration ]; }) (mkIf (cfg.kwinrc != {}) { diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 28e97bcaa41e..ed1ec5692a0c 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -34,6 +34,7 @@ let , nameSuffix ? "" , icon ? applicationName , wmClass ? applicationName + , nativeMessagingHosts ? [] , extraNativeMessagingHosts ? [] , pkcs11Modules ? [] , useGlvnd ? true @@ -62,18 +63,28 @@ let # PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards smartcardSupport = cfg.smartcardSupport or false; - nativeMessagingHosts = - [ ] - ++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass) - ++ lib.optional (cfg.enableBukubrow or false) bukubrow - ++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native - ++ lib.optional (cfg.enableGnomeExtensions or false) gnome-browser-connector - ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator - ++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration - ++ lib.optional (cfg.enableFXCastBridge or false) fx-cast-bridge - ++ lib.optional (cfg.enableKeePassXC or false) keepassxc - ++ extraNativeMessagingHosts - ; + deprecatedNativeMessagingHost = option: pkg: + if (cfg.${option} or false) + then + lib.warn "The cfg.${option} argument for `firefox.override` is deprecated, please add `pkgs.${pkg.pname}` to `nativeMessagingHosts` instead" + [pkg] + else []; + + allNativeMessagingHosts = builtins.map lib.getBin ( + nativeMessagingHosts + ++ deprecatedNativeMessagingHost "enableBrowserpass" browserpass + ++ deprecatedNativeMessagingHost "enableBukubrow" bukubrow + ++ deprecatedNativeMessagingHost "enableTridactylNative" tridactyl-native + ++ deprecatedNativeMessagingHost "enableGnomeExtensions" gnome-browser-connector + ++ deprecatedNativeMessagingHost "enableUgetIntegrator" uget-integrator + ++ deprecatedNativeMessagingHost "enablePlasmaBrowserIntegration" plasma5Packages.plasma-browser-integration + ++ deprecatedNativeMessagingHost "enableFXCastBridge" fx-cast-bridge + ++ deprecatedNativeMessagingHost "enableKeePassXC" keepassxc + ++ (if extraNativeMessagingHosts != [] + then lib.warn "The extraNativeMessagingHosts argument for the Firefox wrapper is deprecated, please use `nativeMessagingHosts`" extraNativeMessagingHosts + else []) + ); + libs = lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups pciutils ] ++ lib.optional pipewireSupport pipewire ++ lib.optional ffmpegSupport ffmpeg_5 @@ -338,7 +349,7 @@ let install -D -t $out/share/applications $desktopItem/share/applications/* mkdir -p $out/lib/mozilla/native-messaging-hosts - for ext in ${toString nativeMessagingHosts}; do + for ext in ${toString allNativeMessagingHosts}; do ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/* done -- cgit 1.4.1 From e6f5980d87a28fda3e61e6c5916e72b509b623d6 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 22 Oct 2023 17:13:50 +0300 Subject: nixos/tests/firefox: use the module This should exercise the module a bit in the test, and also removes an awkward override. --- nixos/tests/firefox.nix | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index 3f9cea6662fb..fbea95dc7523 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -1,14 +1,7 @@ import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }: -let firefoxPackage' = firefoxPackage.override (args: { - extraPrefsFiles = (args.extraPrefsFiles or []) ++ [ - # make sure that autoplay is enabled by default for the audio test - (builtins.toString (builtins.toFile "autoplay-pref.js" ''defaultPref("media.autoplay.default",0);'')) - ]; - }); - -in { - name = firefoxPackage'.unwrapped.pname; + name = firefoxPackage.pname; + meta = with pkgs.lib.maintainers; { maintainers = [ eelco shlevy ]; }; @@ -17,10 +10,13 @@ in { pkgs, ... }: { imports = [ ./common/x11.nix ]; - environment.systemPackages = [ - firefoxPackage' - pkgs.xdotool - ]; + environment.systemPackages = [ pkgs.xdotool ]; + + programs.firefox = { + enable = true; + preferences."media.autoplay.default" = 0; + package = firefoxPackage; + }; # Create a virtual sound device, with mixing # and all, for recording audio. @@ -58,7 +54,9 @@ in }; - testScript = '' + testScript = let + exe = firefoxPackage.unwrapped.binaryName; + in '' from contextlib import contextmanager @@ -97,7 +95,7 @@ in with subtest("Wait until Firefox has finished loading the Valgrind docs page"): machine.execute( - "xterm -e '${firefoxPackage'.unwrapped.binaryName} file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' >&2 &" + "xterm -e '${exe} file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' >&2 &" ) machine.wait_for_window("Valgrind") machine.sleep(40) @@ -105,7 +103,7 @@ in with subtest("Check whether Firefox can play sound"): with record_audio(machine): machine.succeed( - "${firefoxPackage'.unwrapped.binaryName} file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga >&2 &" + "${exe} file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga >&2 &" ) wait_for_sound(machine) machine.copy_from_vm("/tmp/record.wav") -- cgit 1.4.1 From f4d631c3d1d1102cedc8cb27c634aa5853ed1ecd Mon Sep 17 00:00:00 2001 From: Sandro Date: Sun, 22 Oct 2023 21:32:50 +0200 Subject: nixos/nginx: document implicit default port 80 --- nixos/modules/services/web-servers/nginx/vhost-options.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index c82f02ecefec..9db4c8e23025 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -35,7 +35,10 @@ with lib; }; port = mkOption { type = types.nullOr port; - description = lib.mdDoc "Port number."; + description = lib.mdDoc '' + Port number to listen on. + If unset and the listen address is not a socket then nginx defaults to 80. + ''; default = null; }; ssl = mkOption { -- cgit 1.4.1 From 007d92d830b2ca82f518a3c1f69fbfea2db8f771 Mon Sep 17 00:00:00 2001 From: Majiir Paktu Date: Mon, 21 Aug 2023 23:10:36 -0400 Subject: zfs: add armv7 to supported platforms --- pkgs/os-specific/linux/zfs/generic.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/zfs/generic.nix b/pkgs/os-specific/linux/zfs/generic.nix index 7bb4a1b7496e..8adbb8cab8f9 100644 --- a/pkgs/os-specific/linux/zfs/generic.nix +++ b/pkgs/os-specific/linux/zfs/generic.nix @@ -202,15 +202,15 @@ stdenv'.mkDerivation { changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}"; license = lib.licenses.cddl; - # The case-block for TARGET_CPU has branches for only five CPU families, + # The case-block for TARGET_CPU has branches for only some CPU families, # which prevents ZFS from building on any other platform. Since the NixOS # `boot.zfs.enabled` property is `readOnly`, excluding platforms where ZFS # does not build is the only way to produce a NixOS installer on such # platforms. - # https://github.com/openzfs/zfs/blob/6a6bd493988c75331deab06e5352a9bed035a87d/config/always-arch.m4#L16 + # https://github.com/openzfs/zfs/blob/6723d1110f6daf93be93db74d5ea9f6b64c9bce5/config/always-arch.m4#L12 platforms = with lib.systems.inspect.patterns; - map (p: p // isLinux) [ isx86_32 isx86_64 isPower isAarch64 isSparc ]; + map (p: p // isLinux) ([ isx86_32 isx86_64 isPower isAarch64 isSparc ] ++ isArmv7); maintainers = with lib.maintainers; [ jcumming jonringer globin raitobezarius ]; mainProgram = "zfs"; -- cgit 1.4.1 From 28fd5df299ade45d536e13b2fe10135e615205a4 Mon Sep 17 00:00:00 2001 From: André Vitor de Lima Matos Date: Sun, 22 Oct 2023 19:20:49 -0300 Subject: trezord: build with go_1_20 Build failing due to trezor/trezord-go#297 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 407008b848cb..362cc95888ff 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14059,6 +14059,7 @@ with pkgs; trezord = callPackage ../servers/trezord { inherit (darwin.apple_sdk.frameworks) AppKit; + buildGoModule = buildGo120Module; }; trezor_agent = with python3Packages; toPythonApplication trezor_agent; -- cgit 1.4.1 From ca9b6ed32d93edece15db525f006941096e6e50b Mon Sep 17 00:00:00 2001 From: Randy Eckenrode Date: Sun, 22 Oct 2023 18:59:58 -0400 Subject: gtk2: fix build with clang 16 * Resolve incompatible function pointer conversion error; and * Fix signature of `create_menu` in `tests/testmenubars.c`. --- pkgs/development/libraries/gtk/2.x.nix | 2 + .../libraries/gtk/patches/2.0-clang.patch | 49 ++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 pkgs/development/libraries/gtk/patches/2.0-clang.patch diff --git a/pkgs/development/libraries/gtk/2.x.nix b/pkgs/development/libraries/gtk/2.x.nix index 539cfc37051b..b2afb21b6214 100644 --- a/pkgs/development/libraries/gtk/2.x.nix +++ b/pkgs/development/libraries/gtk/2.x.nix @@ -66,6 +66,8 @@ stdenv.mkDerivation (finalAttrs: { ] ++ lib.optionals stdenv.isDarwin [ ./patches/2.0-gnome_bugzilla_557780_306776_freeciv_darwin.patch ./patches/2.0-darwin-x11.patch + # Fixes an incompatible function pointer conversion and implicit int errors with clang 16. + ./patches/2.0-clang.patch ]; propagatedBuildInputs = [ diff --git a/pkgs/development/libraries/gtk/patches/2.0-clang.patch b/pkgs/development/libraries/gtk/patches/2.0-clang.patch new file mode 100644 index 000000000000..1e2e73b9833d --- /dev/null +++ b/pkgs/development/libraries/gtk/patches/2.0-clang.patch @@ -0,0 +1,49 @@ +diff --git a/gtk/gtkscale.c b/gtk/gtkscale.c +index 4317523fb8..3c09cd3ae8 100644 +--- a/gtk/gtkscale.c ++++ b/gtk/gtkscale.c +@@ -1471,7 +1471,7 @@ gtk_scale_add_mark (GtkScale *scale, + mark->position = position; + + priv->marks = g_slist_insert_sorted_with_data (priv->marks, mark, +- (GCompareFunc) compare_marks, ++ (GCompareDataFunc) compare_marks, + GINT_TO_POINTER ( + gtk_range_get_inverted (GTK_RANGE (scale)) + )); +diff --git a/tests/testmenubars.c b/tests/testmenubars.c +index 416a939861..c65e82be26 100644 +--- a/tests/testmenubars.c ++++ b/tests/testmenubars.c +@@ -21,7 +21,7 @@ + #include + + static GtkWidget * +-create_menu (depth) ++create_menu (int depth, gboolean _unused) + { + GtkWidget *menu; + GtkWidget *menuitem; +@@ -35,19 +35,19 @@ create_menu (depth) + gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem); + gtk_widget_show (menuitem); + gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), +- create_menu (depth - 1)); ++ create_menu (depth - 1, _unused)); + + menuitem = gtk_menu_item_new_with_mnemonic ("Two"); + gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem); + gtk_widget_show (menuitem); + gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), +- create_menu (depth - 1)); ++ create_menu (depth - 1, _unused)); + + menuitem = gtk_menu_item_new_with_mnemonic ("Three"); + gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem); + gtk_widget_show (menuitem); + gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), +- create_menu (depth - 1)); ++ create_menu (depth - 1, _unused)); + + return menu; + } -- cgit 1.4.1 From 08f4fe20874ea19c55849138fb3af734cb72a5a1 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 1 Aug 2023 07:05:58 +0000 Subject: qemu-vm: stop the swtpm once qemu stops MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The idea is to run an async process waiting for swtpm and we have to ensure that `FD_CLOEXEC` is cleared on this process' stdin file descriptor, we use `fdflags` for this, a loadable builtin in Bash ≥ 5. The async process when exited will terminate `swtpm`, we bind the termination of the async process to the termination of QEMU by virtue of having `qemu` exec in that Bash script. Signed-off-by: Arthur Gautier Co-authored-by: Raito Bezarius --- nixos/modules/virtualisation/qemu-vm.nix | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index a1606839b6ce..3bf8bbd9dab0 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -204,8 +204,31 @@ let ${lib.getExe cfg.tpm.package} \ socket \ --tpmstate dir="$NIX_SWTPM_DIR" \ - --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket \ - "--tpm2" 1>"$NIX_SWTPM_DIR"/stdout 2>"$NIX_SWTPM_DIR"/stderr & + --ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket,terminate \ + --pid file="$NIX_SWTPM_DIR"/pid --daemon \ + --tpm2 \ + --log file="$NIX_SWTPM_DIR"/stdout,level=6 + + # Enable `fdflags` builtin in Bash + # We will need it to perform surgical modification of the file descriptor + # passed in the coprocess to remove `FD_CLOEXEC`, i.e. close the file descriptor + # on exec. + # If let alone, it will trigger the coprocess to read EOF when QEMU is `exec` + # at the end of this script. To work around that, we will just clear + # the `FD_CLOEXEC` bits as a first step. + enable -f ${hostPkgs.bash}/lib/bash/fdflags fdflags + # leave a dangling subprocess because the swtpm ctrl socket has + # "terminate" when the last connection disconnects, it stops swtpm. + # When qemu stops, or if the main shell process ends, the coproc will + # get signaled by virtue of the pipe between main and coproc ending. + # Which in turns triggers a socat connect-disconnect to swtpm which + # will stop it. + coproc waitingswtpm { + read || : + echo "" | ${lib.getExe hostPkgs.socat} STDIO UNIX-CONNECT:"$NIX_SWTPM_DIR"/socket + } + # Clear `FD_CLOEXEC` on the coprocess' file descriptor stdin. + fdflags -s-cloexec ''${waitingswtpm[1]} ''} cd "$TMPDIR" -- cgit 1.4.1 From 1642fd5f029df3f02acc1a84fb6dde84a62fb9ba Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 23 Oct 2023 01:58:57 +0200 Subject: python311Packages.rotary-embedding-torch: 0.3.2 -> 0.3.3 https://github.com/lucidrains/rotary-embedding-torch/compare/0.3.2...0.3.3 --- pkgs/development/python-modules/rotary-embedding-torch/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/rotary-embedding-torch/default.nix b/pkgs/development/python-modules/rotary-embedding-torch/default.nix index 1c93184a36e6..450fa9c8bee2 100644 --- a/pkgs/development/python-modules/rotary-embedding-torch/default.nix +++ b/pkgs/development/python-modules/rotary-embedding-torch/default.nix @@ -13,14 +13,14 @@ buildPythonPackage rec { pname = "rotary-embedding-torch"; - version = "0.3.2"; + version = "0.3.3"; pyproject = true; src = fetchFromGitHub { owner = "lucidrains"; repo = "rotary-embedding-torch"; rev = version; - hash = "sha256-EozW8J1i/2ym1hwUMciaWVtp7kSWfG+mC5RkWLJdK3g="; + hash = "sha256-uTOKdxqbSLRJl0gnz3TvpVwhrfqflAp0wfn6d13+YrM="; }; nativeBuildInputs = [ -- cgit 1.4.1 From 0e4b63f7132894594978d9bf12e604aeaec8ccea Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 23 Oct 2023 03:38:13 +0200 Subject: Revert "nixos/systemd-boot: Avoid remote mypy executions" This reverts commit ea0dcd0ae14b99c5740acc7a1b874ea4446cb5be. --- nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index 64c8ab74bba6..6f0a62d0ea89 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -49,7 +49,7 @@ let ''; }; - checkedSystemdBootBuilder = pkgs.runCommandLocal "systemd-boot" { + checkedSystemdBootBuilder = pkgs.runCommand "systemd-boot" { nativeBuildInputs = [ pkgs.mypy ]; } '' install -m755 ${systemdBootBuilder} $out -- cgit 1.4.1 From 1994a8651b0ecca5ac2dd0c8340e2b43c8aea551 Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 16 Oct 2023 07:10:45 +0200 Subject: ocamlPackages.carton: 0.6.0 → 0.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/ocaml-modules/carton/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/development/ocaml-modules/carton/default.nix b/pkgs/development/ocaml-modules/carton/default.nix index 727d407ac542..7ba02d68ff5f 100644 --- a/pkgs/development/ocaml-modules/carton/default.nix +++ b/pkgs/development/ocaml-modules/carton/default.nix @@ -8,14 +8,13 @@ buildDunePackage rec { pname = "carton"; - version = "0.6.0"; + version = "0.7.0"; minimalOCamlVersion = "4.08"; - duneVersion = "3"; src = fetchurl { url = "https://github.com/mirage/ocaml-git/releases/download/${pname}-v${version}/git-${pname}-v${version}.tbz"; - hash = "sha256-NAm4Xq7L0Dgynr8cKZQ356M4GR6D19LbCRxvnSlIf1U="; + hash = "sha256-vWkBJdP4ZpRCEwzrFMzsdHay4VyiXix/+1qzk+7yDvk="; }; patches = [ -- cgit 1.4.1 From 931de27682fe969fdc2b6842fb0fcd52a1f37213 Mon Sep 17 00:00:00 2001 From: K900 Date: Mon, 23 Oct 2023 11:20:20 +0300 Subject: tempo: backport fix for crashes after Go 1.21 update --- pkgs/servers/tracing/tempo/default.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/tracing/tempo/default.nix b/pkgs/servers/tracing/tempo/default.nix index 2a992d01ad6a..d837b6b26427 100644 --- a/pkgs/servers/tracing/tempo/default.nix +++ b/pkgs/servers/tracing/tempo/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, fetchpatch }: buildGoModule rec { pname = "tempo"; @@ -12,6 +12,15 @@ buildGoModule rec { hash = "sha256-23wjD8HTSEGonIMAWCoKORMLIISASxlN4FeY+Bmt/+I="; }; + patches = [ + # Backport patch for Go 1.21 compatibility + # FIXME: remove after 2.3.0 + (fetchpatch { + url = "https://github.com/grafana/tempo/commit/0d37e8f0edd8a96876b0a5f5ab97ef79ff04608f.patch"; + hash = "sha256-YC59g5pdcrwJeQ4raS0Oq+fZvRBKFj4johZtGTAYpEs="; + }) + ]; + vendorHash = null; subPackages = [ -- cgit 1.4.1 From 9c61d0ff06d4e3da1f981e67713eefc34095f151 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 23 Oct 2023 08:36:58 +0000 Subject: python311Packages.pyfibaro: 0.7.5 -> 0.7.6 --- pkgs/development/python-modules/pyfibaro/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pyfibaro/default.nix b/pkgs/development/python-modules/pyfibaro/default.nix index b1a38f11f6ac..2f059d19a1b9 100644 --- a/pkgs/development/python-modules/pyfibaro/default.nix +++ b/pkgs/development/python-modules/pyfibaro/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "pyfibaro"; - version = "0.7.5"; + version = "0.7.6"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "rappenze"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-hllYxPPbLu3dpjHwXfIvTMW0LWtcglTVfN7youZaXTw="; + hash = "sha256-yE9HkAlGj1t90FwmwHDsk3ea2UOl0bG3UtYXxz/SWbI="; }; nativeBuildInputs = [ -- cgit 1.4.1 From 3bd3809d0e5cb8ada73d0ee856b6ad9121cc907e Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Mon, 24 Jul 2023 21:41:22 -0700 Subject: buildRustCrate: add isMips64n32 to badPlatforms Rust is not yet able to target the n32 ABI on mips64. Let's add `isMips64n32` to the `meta.badPlatforms` of all derivations created by buildRustCrate. I use this to automatically detect which packages on my system can be built for n32 (almost all of them) and build those using n32, and the few packages (mainly those that depend on boost or rust) that can't for n64. --- pkgs/build-support/rust/build-rust-crate/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/build-support/rust/build-rust-crate/default.nix b/pkgs/build-support/rust/build-rust-crate/default.nix index 4e3e2045e8ec..d977fb9f7c27 100644 --- a/pkgs/build-support/rust/build-rust-crate/default.nix +++ b/pkgs/build-support/rust/build-rust-crate/default.nix @@ -366,6 +366,10 @@ crate_: lib.makeOverridable meta = { mainProgram = crateName; + badPlatforms = [ + # Rust is currently unable to target the n32 ABI + lib.systems.inspect.patterns.isMips64n32 + ]; }; } // extraDerivationAttrs ) -- cgit 1.4.1 From 4fc0e3369810899279f0423699e2604e7088ff76 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Mon, 24 Jul 2023 21:48:48 -0700 Subject: buildRustPackage: add isMips64n32 to badPlatforms Rust is not yet able to target the n32 ABI on mips64. Let's add `isMips64n32` to the `meta.badPlatforms` of all derivations created by buildRustPackage. I use this to automatically detect which packages on my system can be built for n32 (almost all of them) and build those using n32, and the few packages (mainly those that depend on boost or rust) that can't for n64. --- pkgs/build-support/rust/build-rust-package/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/build-support/rust/build-rust-package/default.nix b/pkgs/build-support/rust/build-rust-package/default.nix index da868861e2ca..18d8ca56fd1f 100644 --- a/pkgs/build-support/rust/build-rust-package/default.nix +++ b/pkgs/build-support/rust/build-rust-package/default.nix @@ -161,5 +161,9 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg "x86_64-redox" "wasm32-wasi" ]; + badPlatforms = [ + # Rust is currently unable to target the n32 ABI + lib.systems.inspect.patterns.isMips64n32 + ]; } // meta; }) -- cgit 1.4.1 From 7b9fa5f6c36e91b3ea6b2e97c647a062af951c46 Mon Sep 17 00:00:00 2001 From: Peter Kolloch Date: Sun, 22 Oct 2023 18:57:07 +0200 Subject: crate2nix: 0.10.0 -> 0.11.0 ...and add shell completions for bash/zsh --- pkgs/development/tools/rust/crate2nix/default.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/pkgs/development/tools/rust/crate2nix/default.nix b/pkgs/development/tools/rust/crate2nix/default.nix index cba3b4b3dd7d..5f8b3d2cdc6e 100644 --- a/pkgs/development/tools/rust/crate2nix/default.nix +++ b/pkgs/development/tools/rust/crate2nix/default.nix @@ -10,18 +10,18 @@ rustPlatform.buildRustPackage rec { pname = "crate2nix"; - version = "0.10.0"; + version = "0.11.0"; src = fetchFromGitHub { - owner = "kolloch"; + owner = "nix-community"; repo = pname; rev = version; - sha256 = "sha256-JaF9/H3m4Wrc5MtXcONkOAgKVkswLVw0yZe0dBr2e4Y="; + sha256 = "sha256-nyX1lfaA0eBSB/BaxPzCsyD8p/hxCwNIvr4Ru3i/YX0="; }; sourceRoot = "${src.name}/crate2nix"; - cargoSha256 = "sha256-PD7R1vcb3FKd4hfpViKyvfCExJ5H1Xo2HPYden5zpxQ="; + cargoSha256 = "sha256-3+emOr3hh+DDkboJbYyJFZgkzmcdA9jdronz7wM4x28="; nativeBuildInputs = [ makeWrapper ]; @@ -32,6 +32,13 @@ rustPlatform.buildRustPackage rec { postFixup = '' wrapProgram $out/bin/crate2nix \ --suffix PATH ":" ${lib.makeBinPath [ cargo nix nix-prefetch-git ]} + + rm -rf $out/lib $out/bin/crate2nix.d + mkdir -p \ + $out/share/bash-completion/completions \ + $out/share/zsh/vendor-completions + $out/bin/crate2nix completions -s 'bash' -o $out/share/bash-completion/completions + $out/bin/crate2nix completions -s 'zsh' -o $out/share/zsh/vendor-completions ''; meta = with lib; { @@ -40,9 +47,10 @@ rustPlatform.buildRustPackage rec { Crate2nix generates Nix files from Cargo.toml/lock files so that you can build every crate individually in a Nix sandbox. ''; - homepage = "https://github.com/kolloch/crate2nix"; + homepage = "https://github.com/nix-community/crate2nix"; license = licenses.asl20; maintainers = with maintainers; [ kolloch cole-h ]; platforms = platforms.all; }; } + -- cgit 1.4.1 From 69919a28af1c181dc84523b100a8ed45d4071304 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 23 Oct 2023 04:36:38 +0000 Subject: verilator: 5.012 -> 5.016 --- pkgs/applications/science/electronics/verilator/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/electronics/verilator/default.nix b/pkgs/applications/science/electronics/verilator/default.nix index 90601651e510..86d6716eaeb7 100644 --- a/pkgs/applications/science/electronics/verilator/default.nix +++ b/pkgs/applications/science/electronics/verilator/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "verilator"; - version = "5.012"; + version = "5.016"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - hash = "sha256-Y6GkIgkauayJmGhOQg2kWjbcxYVIob6InMopv555Lb8="; + hash = "sha256-MVQbAZXSIdzX7+yKbSrFLLd0j6dfLSXpES3uu6bcPt8="; }; enableParallelBuilding = true; -- cgit 1.4.1 From 4c5976077891c9fe8a78adeaa83f0b0db77d1361 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 23 Oct 2023 09:03:26 +0000 Subject: python311Packages.pywemo: 1.3.0 -> 1.3.1 --- pkgs/development/python-modules/pywemo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pywemo/default.nix b/pkgs/development/python-modules/pywemo/default.nix index 277de7a83170..69b8114a95e5 100644 --- a/pkgs/development/python-modules/pywemo/default.nix +++ b/pkgs/development/python-modules/pywemo/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "pywemo"; - version = "1.3.0"; + version = "1.3.1"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = pname; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-+AdNT7ClT8JkYLkwk+IVNWgXGS04WNtENOtqmbjv7nQ="; + hash = "sha256-RZeg6/xAGRumd4aM/mQQnIrIXB/rUrdeQQxk2c1mJNI="; }; nativeBuildInputs = [ -- cgit 1.4.1 From 90b4574eafe92caddd634fe9e9a41a38c338a5b8 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 23 Oct 2023 09:04:37 +0000 Subject: python311Packages.qbittorrent-api: 2023.9.53 -> 2023.10.54 --- pkgs/development/python-modules/qbittorrent-api/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/qbittorrent-api/default.nix b/pkgs/development/python-modules/qbittorrent-api/default.nix index a31438335ef8..16ad74dd2469 100644 --- a/pkgs/development/python-modules/qbittorrent-api/default.nix +++ b/pkgs/development/python-modules/qbittorrent-api/default.nix @@ -11,12 +11,12 @@ buildPythonPackage rec { pname = "qbittorrent-api"; - version = "2023.9.53"; + version = "2023.10.54"; format = "pyproject"; src = fetchPypi { inherit pname version; - hash = "sha256-/q0bL1WxIn6giOp9kLUCLZRpS/2d2Rdr61rRwZXQRP8="; + hash = "sha256-xCHB/pPURc1+vje6IhBHZ6HogUsmYfBE9977Qtwoc2w="; }; propagatedBuildInputs = [ -- cgit 1.4.1 From c8ae9117bf2d47fdb5bff1c27b3b5b4e8ab14d1e Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Sun, 22 Oct 2023 01:41:54 +0200 Subject: lzlib: fix cross --- pkgs/development/libraries/lzlib/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/lzlib/default.nix b/pkgs/development/libraries/lzlib/default.nix index 4e28fc3a5b0d..b8c86221b489 100644 --- a/pkgs/development/libraries/lzlib/default.nix +++ b/pkgs/development/libraries/lzlib/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { substituteInPlace Makefile.in --replace '-Wl,--soname=' '-Wl,-install_name,$(out)/lib/' ''; - makeFlags = [ "CC:=$(CC)" ]; + makeFlags = [ "CC:=$(CC)" "AR:=$(AR)" ]; doCheck = true; configureFlags = [ "--enable-shared" ]; -- cgit 1.4.1