Project import generated by Copybara.

GitOrigin-RevId: 6ef4f522d63f22b40004319778761040d3197390
This commit is contained in:
Default email 2021-08-08 17:34:03 -06:00
parent 3ec2fa6bfd
commit 48d4c8cc3c
433 changed files with 6743 additions and 3783 deletions

View file

@ -772,7 +772,7 @@ nameValuePair "some" 6
<title>Modifying each value of an attribute set</title>
<programlisting><![CDATA[
lib.attrsets.mapAttrs
(name: value: name + "-" value)
(name: value: name + "-" + value)
{ x = "foo"; y = "bar"; }
=> { x = "x-foo"; y = "y-bar"; }
]]></programlisting>

View file

@ -390,6 +390,12 @@
githubId = 1318982;
name = "Anders Claesson";
};
akho = {
name = "Alexander Khodyrev";
email = "a@akho.name";
github = "akho";
githubId = 104951;
};
akru = {
email = "mail@akru.me";
github = "akru";
@ -2283,6 +2289,12 @@
fingerprint = "1C4E F4FE 7F8E D8B7 1E88 CCDF BAB1 D15F B7B4 D4CE";
}];
};
d-xo = {
email = "hi@d-xo.org";
github = "d-xo";
githubId = 6689924;
name = "David Terry";
};
dadada = {
name = "dadada";
email = "dadada@dadada.li";
@ -3237,6 +3249,12 @@
fingerprint = "2D37 1AD2 7E2B BC77 97E1 B759 6C79 278F 3FCD CC02";
}];
};
ereslibre = {
email = "ereslibre@ereslibre.es";
github = "ereslibre";
githubId = 8706;
name = "Rafael Fernández López";
};
ericbmerritt = {
email = "eric@afiniate.com";
github = "ericbmerritt";
@ -8562,6 +8580,12 @@
github = "polygon";
githubId = 51489;
};
polykernel = {
email = "81340136+polykernel@users.noreply.github.com";
github = "polykernel";
githubId = 81340136;
name = "polykernel";
};
polyrod = {
email = "dc1mdp@gmail.com";
github = "polyrod";
@ -11698,12 +11722,6 @@
githubId = 1962985;
name = "Vincenzo Mantova";
};
xwvvvvwx = {
email = "davidterry@posteo.de";
github = "xwvvvvwx";
githubId = 6689924;
name = "David Terry";
};
xzfc = {
email = "xzfcpw@gmail.com";
github = "xzfc";

View file

@ -5,7 +5,7 @@ when developing or debugging a test:
```ShellSession
$ nix-build nixos/tests/login.nix -A driverInteractive
$ ./result/bin/nixos-test-driver
$ ./result/bin/nixos-test-driver --interactive
starting VDE switch for network 1
>
```
@ -24,20 +24,11 @@ back into the test driver command line upon its completion. This allows
you to inspect the state of the VMs after the test (e.g. to debug the
test script).
To just start and experiment with the VMs, run:
```ShellSession
$ nix-build nixos/tests/login.nix -A driverInteractive
$ ./result/bin/nixos-run-vms
```
The script `nixos-run-vms` starts the virtual machines defined by test.
You can re-use the VM states coming from a previous run by setting the
`--keep-vm-state` flag.
```ShellSession
$ ./result/bin/nixos-run-vms --keep-vm-state
$ ./result/bin/nixos-test-driver --interactive --keep-vm-state
```
The machine state is stored in the `$TMPDIR/vm-state-machinename`

View file

@ -6,7 +6,7 @@
</para>
<programlisting>
$ nix-build nixos/tests/login.nix -A driverInteractive
$ ./result/bin/nixos-test-driver
$ ./result/bin/nixos-test-driver --interactive
starting VDE switch for network 1
&gt;
</programlisting>
@ -25,23 +25,12 @@ starting VDE switch for network 1
completion. This allows you to inspect the state of the VMs after
the test (e.g. to debug the test script).
</para>
<para>
To just start and experiment with the VMs, run:
</para>
<programlisting>
$ nix-build nixos/tests/login.nix -A driverInteractive
$ ./result/bin/nixos-run-vms
</programlisting>
<para>
The script <literal>nixos-run-vms</literal> starts the virtual
machines defined by test.
</para>
<para>
You can re-use the VM states coming from a previous run by setting
the <literal>--keep-vm-state</literal> flag.
</para>
<programlisting>
$ ./result/bin/nixos-run-vms --keep-vm-state
$ ./result/bin/nixos-test-driver --interactive --keep-vm-state
</programlisting>
<para>
The machine state is stored in the

View file

@ -646,6 +646,32 @@
to use wildcards in the <literal>source</literal> argument.
</para>
</listitem>
<listitem>
<para>
The <literal>openrazer</literal> and
<literal>openrazer-daemon</literal> packages as well as the
<literal>hardware.openrazer</literal> module now require users
to be members of the <literal>openrazer</literal> group
instead of <literal>plugdev</literal>. With this change, users
no longer need be granted the entire set of
<literal>plugdev</literal> group permissions, which can
include permissions other than those required by
<literal>openrazer</literal>. This is desirable from a
security point of view. The setting
<link xlink:href="options.html#opt-services.hardware.openrazer.users"><literal>harware.openrazer.users</literal></link>
can be used to add users to the <literal>openrazer</literal>
group.
</para>
</listitem>
<listitem>
<para>
The <literal>yambar</literal> package has been split into
<literal>yambar</literal> and
<literal>yambar-wayland</literal>, corresponding to the xorg
and wayland backend respectively. Please switch to
<literal>yambar-wayland</literal> if you are on wayland.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">
@ -815,6 +841,15 @@
version of zfs.
</para>
</listitem>
<listitem>
<para>
Nginx will use the value of
<literal>sslTrustedCertificate</literal> if provided for a
virtual host, even if <literal>enableACME</literal> is set.
This is useful for providers not using the same certificate to
sign OCSP responses and server certificates.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -164,6 +164,10 @@ pt-services.clipcat.enable).
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland.
## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
@ -209,3 +213,5 @@ pt-services.clipcat.enable).
- The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up.
- Zfs: `latestCompatibleLinuxPackages` is now exported on the zfs package. One can use `boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;` to always track the latest compatible kernel with a given version of zfs.
- Nginx will use the value of `sslTrustedCertificate` if provided for a virtual host, even if `enableACME` is set. This is useful for providers not using the same certificate to sign OCSP responses and server certificates.

101
third_party/nixpkgs/nixos/lib/test-driver/test-driver.py vendored Normal file → Executable file
View file

@ -24,7 +24,6 @@ import sys
import telnetlib
import tempfile
import time
import traceback
import unicodedata
CHAR_TO_KEY = {
@ -930,29 +929,16 @@ def join_all() -> None:
machine.wait_for_shutdown()
def test_script() -> None:
exec(os.environ["testScript"])
def run_tests() -> None:
def run_tests(interactive: bool = False) -> None:
global machines
tests = os.environ.get("tests", None)
if tests is not None:
with log.nested("running the VM test script"):
try:
exec(tests, globals())
except Exception as e:
eprint("error: ")
traceback.print_exc()
sys.exit(1)
if interactive:
ptpython.repl.embed(globals(), locals())
else:
ptpython.repl.embed(locals(), globals())
# TODO: Collect coverage data
for machine in machines:
if machine.is_up():
machine.execute("sync")
test_script()
# TODO: Collect coverage data
for machine in machines:
if machine.is_up():
machine.execute("sync")
def serial_stdout_on() -> None:
@ -965,6 +951,31 @@ def serial_stdout_off() -> None:
log._print_serial_logs = False
class EnvDefault(argparse.Action):
"""An argpars Action that takes values from the specified
environment variable as the flags default value.
"""
def __init__(self, envvar, required=False, default=None, nargs=None, **kwargs): # type: ignore
if not default and envvar:
if envvar in os.environ:
if nargs is not None and (nargs.isdigit() or nargs in ["*", "+"]):
default = os.environ[envvar].split()
else:
default = os.environ[envvar]
kwargs["help"] = (
kwargs["help"] + f" (default from environment: {default})"
)
if required and default:
required = False
super(EnvDefault, self).__init__(
default=default, required=required, nargs=nargs, **kwargs
)
def __call__(self, parser, namespace, values, option_string=None): # type: ignore
setattr(namespace, self.dest, values)
@contextmanager
def subtest(name: str) -> Iterator[None]:
with log.nested(name):
@ -986,18 +997,52 @@ if __name__ == "__main__":
help="re-use a VM state coming from a previous run",
action="store_true",
)
(cli_args, vm_scripts) = arg_parser.parse_known_args()
arg_parser.add_argument(
"-I",
"--interactive",
help="drop into a python repl and run the tests interactively",
action="store_true",
)
arg_parser.add_argument(
"--start-scripts",
metavar="START-SCRIPT",
action=EnvDefault,
envvar="startScripts",
nargs="*",
help="start scripts for participating virtual machines",
)
arg_parser.add_argument(
"--vlans",
metavar="VLAN",
action=EnvDefault,
envvar="vlans",
nargs="*",
help="vlans to span by the driver",
)
arg_parser.add_argument(
"testscript",
action=EnvDefault,
envvar="testScript",
help="the test script to run",
type=pathlib.Path,
)
args = arg_parser.parse_args()
global test_script
def test_script() -> None:
with log.nested("running the VM test script"):
exec(pathlib.Path(args.testscript).read_text(), globals())
log = Logger()
vlan_nrs = list(dict.fromkeys(os.environ.get("VLANS", "").split()))
vde_sockets = [create_vlan(v) for v in vlan_nrs]
vde_sockets = [create_vlan(v) for v in args.vlans]
for nr, vde_socket, _, _ in vde_sockets:
os.environ["QEMU_VDE_SOCKET_{}".format(nr)] = vde_socket
machines = [
create_machine({"startCommand": s, "keepVmState": cli_args.keep_vm_state})
for s in vm_scripts
create_machine({"startCommand": s, "keepVmState": args.keep_vm_state})
for s in args.start_scripts
]
machine_eval = [
"{0} = machines[{1}]".format(m.name, idx) for idx, m in enumerate(machines)
@ -1017,6 +1062,6 @@ if __name__ == "__main__":
log.close()
tic = time.time()
run_tests()
run_tests(args.interactive)
toc = time.time()
print("test script finished in {:.2f}s".format(toc - tic))

View file

@ -83,7 +83,10 @@ rec {
''
mkdir -p $out
LOGFILE=/dev/null tests='exec(os.environ["testScript"])' ${driver}/bin/nixos-test-driver
# effectively mute the XMLLogger
export LOGFILE=/dev/null
${driver}/bin/nixos-test-driver
'';
passthru = driver.passthru // {
@ -166,7 +169,10 @@ rec {
''
mkdir -p $out/bin
vmStartScripts=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
echo -n "$testScript" > $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-test-driver
${lib.optionalString (!skipLint) ''
PYFLAKES_BUILTINS="$(
echo -n ${lib.escapeShellArg (lib.concatStringsSep "," nodeHostNames)},
@ -174,17 +180,12 @@ rec {
)" ${python3Packages.pyflakes}/bin/pyflakes $out/test-script
''}
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
# set defaults through environment
# see: ./test-driver/test-driver.py argparse implementation
wrapProgram $out/bin/nixos-test-driver \
--add-flags "''${vms[*]}" \
--run "export testScript=\"\$(${coreutils}/bin/cat $out/test-script)\"" \
--set VLANS '${toString vlans}'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-run-vms \
--add-flags "''${vms[*]}" \
--set tests 'start_all(); join_all();' \
--set VLANS '${toString vlans}'
--set startScripts "''${vmStartScripts[*]}" \
--set testScript "$out/test-script" \
--set vlans '${toString vlans}'
'');
# Make a full-blown test

View file

@ -49,7 +49,9 @@ in
{
options = {
hardware.openrazer = {
enable = mkEnableOption "OpenRazer drivers and userspace daemon";
enable = mkEnableOption ''
OpenRazer drivers and userspace daemon.
'';
verboseLogging = mkOption {
type = types.bool;
@ -92,6 +94,15 @@ in
generate a heatmap.
'';
};
users = mkOption {
type = with types; listOf str;
default = [];
description = ''
Usernames to be added to the "openrazer" group, so that they
can start and interact with the OpenRazer userspace daemon.
'';
};
};
};
@ -106,10 +117,12 @@ in
services.udev.packages = [ kernelPackages.openrazer ];
services.dbus.packages = [ dbusServiceFile ];
# A user must be a member of the plugdev group in order to start
# the openrazer-daemon. Therefore we make sure that the plugdev
# group exists.
users.groups.plugdev = {};
# A user must be a member of the openrazer group in order to start
# the openrazer-daemon. Therefore we make sure that the group
# exists.
users.groups.openrazer = {
members = cfg.users;
};
systemd.user.services.openrazer-daemon = {
description = "Daemon to manage razer devices in userspace";

View file

@ -179,28 +179,41 @@ in
You cannot configure both an Intel iGPU and an AMD APU. Pick the one corresponding to your processor.
'';
}
{
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
message = ''
When NVIDIA PRIME is enabled, the GPU bus IDs must configured.
'';
}
{
assertion = offloadCfg.enable -> versionAtLeast nvidia_x11.version "435.21";
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
}
{
assertion = !(syncCfg.enable && offloadCfg.enable);
message = "Only one NVIDIA PRIME solution may be used at a time.";
}
{
assertion = !(syncCfg.enable && cfg.powerManagement.finegrained);
message = "Sync precludes powering down the NVIDIA GPU.";
}
{
assertion = cfg.powerManagement.enable -> offloadCfg.enable;
message = "Fine-grained power management requires offload to be enabled.";
}
{
assertion = cfg.powerManagement.enable -> (
builtins.pathExists (cfg.package.out + "/bin/nvidia-sleep.sh") &&
builtins.pathExists (cfg.package.out + "/lib/systemd/system-sleep/nvidia")
);
message = "Required files for driver based power management don't exist.";
}
];
# If Optimus/PRIME is enabled, we:

View file

@ -14,7 +14,7 @@ let
''
#! ${pkgs.runtimeShell} -e
export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')"
exec ${askPassword}
exec ${askPassword} "$@"
'';
knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);

View file

@ -10,8 +10,5 @@ in {
config = mkIf cfg.enable {
security.wrappers.udevil.source = "${lib.getBin pkgs.udevil}/bin/udevil";
systemd.packages = [ pkgs.udevil ];
systemd.services."devmon@".wantedBy = [ "multi-user.target" ];
};
}

View file

@ -21,15 +21,51 @@ let
# The Group can vary depending on what the user has specified in
# security.acme.certs.<cert>.group on some of the services.
commonServiceConfig = {
Type = "oneshot";
User = "acme";
Group = mkDefault "acme";
UMask = 0022;
StateDirectoryMode = 750;
ProtectSystem = "full";
PrivateTmp = true;
Type = "oneshot";
User = "acme";
Group = mkDefault "acme";
UMask = 0022;
StateDirectoryMode = 750;
ProtectSystem = "strict";
ReadWritePaths = [
"/var/lib/acme"
];
PrivateTmp = true;
WorkingDirectory = "/tmp";
WorkingDirectory = "/tmp";
CapabilityBoundingSet = [ "" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
# 1. allow a reasonable set of syscalls
"@system-service"
# 2. and deny unreasonable ones
"~@privileged @resources"
# 3. then allow the required subset within denied groups
"@chown"
];
};
# In order to avoid race conditions creating the CA for selfsigned certs,

View file

@ -96,8 +96,10 @@ in
users.users.polkituser = {
description = "PolKit daemon";
uid = config.ids.uids.polkituser;
group = "polkituser";
};
users.groups.polkituser = {};
};
}

View file

@ -53,6 +53,14 @@ let cfg = config.services.victoriametrics; in
-retentionPeriod ${toString cfg.retentionPeriod} \
${lib.escapeShellArgs cfg.extraOptions}
'';
# victoriametrics 1.59 with ~7GB of data seems to eventually panic when merging files and then
# begins restart-looping forever. Set LimitNOFILE= to a large number to work around this issue.
#
# panic: FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08":
# cannot open source part for merging: cannot open values file in stream mode:
# cannot open file "/var/lib/victoriametrics/data/small/2021_08/[...]/values.bin":
# open /var/lib/victoriametrics/data/small/2021_08/[...]/values.bin: too many open files
LimitNOFILE = 1048576;
};
wantedBy = [ "multi-user.target" ];

View file

@ -27,6 +27,12 @@
"msbc-alt1-rtl"
]
},
{
"name": "BAA 100",
"no-features": [
"hw-volume"
]
},
{
"name": "JBL Endurance RUN BT",
"no-features": [
@ -190,6 +196,35 @@
"msbc-alt1"
]
},
{
"sysname": "Linux",
"release": "~^5\\.12\\.(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)($|[^0-9])"
},
{
"sysname": "Linux",
"release": "~^5\\.12\\.",
"no-features": [
"msbc-alt1"
]
},
{
"sysname": "Linux",
"release": "~^5\\.13\\.(1|2)($|[^0-9])"
},
{
"sysname": "Linux",
"release": "~^5\\.13\\.",
"no-features": [
"msbc-alt1"
]
},
{
"sysname": "Linux",
"release": "~^5\\.14\\.",
"no-features": [
"msbc-alt1"
]
},
{
"no-features": []
}

View file

@ -24,5 +24,15 @@
"name": "libpipewire-module-metadata"
}
],
"jack.properties": {}
"jack.properties": {},
"jack.rules": [
{
"matches": [
{}
],
"actions": {
"update-props": {}
}
}
]
}

View file

@ -59,6 +59,7 @@
"with-pulseaudio": [
"with-audio",
"bluez5",
"bluez5-autoswitch",
"logind",
"restore-stream",
"streams-follow-default"

View file

@ -220,7 +220,7 @@ with lib;
after = [ "network.target" ];
preStart = ''
mkdir -p /var/spool/nullmailer/{queue,tmp}
mkdir -p /var/spool/nullmailer/{queue,tmp,failed}
rm -f /var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger
'';

View file

@ -522,6 +522,9 @@ in
(umask 027; gitea_setup)
''}
# run migrations/init the database
${gitea}/bin/gitea migrate
# update all hooks' binary paths
${gitea}/bin/gitea admin regenerate hooks

View file

@ -312,6 +312,31 @@ in
AmbientCapabilities = lib.mkIf (cfg.server.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
Restart = "on-failure";
RestartSec = "5s";
# Hardening
CapabilityBoundingSet = if (cfg.server.port < 1024) then [ "CAP_NET_BIND_SERVICE" ] else [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
# A private user cannot have process capabilities on the host's user
# namespace and thus CAP_NET_BIND_SERVICE has no effect.
PrivateUsers = (cfg.server.port >= 1024);
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
UMask = "0077";
};
};

View file

@ -9,6 +9,7 @@ with lib;
default = false;
description = ''
This option enables Mullvad VPN daemon.
This sets <option>networking.firewall.checkReversePath</option> to "loose", which might be undesirable for security.
'';
};
@ -18,6 +19,9 @@ with lib;
# mullvad-daemon writes to /etc/iproute2/rt_tables
networking.iproute2.enable = true;
# See https://github.com/NixOS/nixpkgs/issues/113589
networking.firewall.checkReversePath = "loose";
systemd.services.mullvad-daemon = {
description = "Mullvad VPN daemon";
wantedBy = [ "multi-user.target" ];
@ -42,5 +46,5 @@ with lib;
};
};
meta.maintainers = [ maintainers.xfix ];
meta.maintainers = with maintainers; [ ymarkus ];
}

View file

@ -81,17 +81,26 @@ in
'';
};
initstepslew = mkOption {
type = types.attrsOf (types.either types.bool types.int);
default = {
enabled = true;
threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s)
initstepslew = {
enabled = mkOption {
type = types.bool;
default = true;
description = ''
Allow chronyd to make a rapid measurement of the system clock error
at boot time, and to correct the system clock by stepping before
normal operation begins.
'';
};
threshold = mkOption {
type = types.either types.float types.int;
default = 1000; # by default, same threshold as 'ntpd -g' (1000s)
description = ''
The threshold of system clock error (in seconds) above which the
clock will be stepped. If the correction required is less than the
threshold, a slew is used instead.
'';
};
description = ''
Allow chronyd to make a rapid measurement of the system clock error at
boot time, and to correct the system clock by stepping before normal
operation begins.
'';
};
directory = mkOption {

View file

@ -427,9 +427,12 @@ in
nameValuePair ("tinc.${network}") ({
description = "Tinc daemon user for ${network}";
isSystemUser = true;
group = "tinc.${network}";
})
);
users.groups = flip mapAttrs' cfg.networks (network: _:
nameValuePair "tinc.${network}" {}
);
};
meta.maintainers = with maintainers; [ minijackson ];

View file

@ -173,6 +173,41 @@ in
User = "unifi";
UMask = "0077";
WorkingDirectory = "${stateDir}";
# Hardening
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
DevicePolicy = "closed";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
# Required for ProtectSystem=strict
BindPaths = [ stateDir ];
# Needs network access
PrivateNetwork = false;
# Cannot be true due to OpenJDK
MemoryDenyWriteExecute = false;
};
};

View file

@ -31,6 +31,20 @@ in
services.wakeonlan.interfaces = mkOption {
default = [ ];
type = types.listOf (types.submodule { options = {
interface = mkOption {
type = types.str;
description = "Interface to enable for Wake-On-Lan.";
};
method = mkOption {
type = types.enum [ "magicpacket" "password"];
description = "Wake-On-Lan method for this interface.";
};
password = mkOption {
type = types.strMatching "[a-fA-F0-9]{2}:([a-fA-F0-9]{2}:){4}[a-fA-F0-9]{2}";
description = "The password has the shape of six bytes in hexadecimal separated by a colon each.";
};
};});
example = [
{
interface = "eth0";

View file

@ -98,6 +98,29 @@ in
EnvironmentFile = if cfg.adminCredentialsFile == null
then defaultCredentials
else cfg.adminCredentialsFile;
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
UMask = "0077";
};
environment = cfg.config;

View file

@ -22,7 +22,9 @@ let
} // (optionalAttrs (vhostConfig.enableACME || vhostConfig.useACMEHost != null) {
sslCertificate = "${certs.${certName}.directory}/fullchain.pem";
sslCertificateKey = "${certs.${certName}.directory}/key.pem";
sslTrustedCertificate = "${certs.${certName}.directory}/chain.pem";
sslTrustedCertificate = if vhostConfig.sslTrustedCertificate != null
then vhostConfig.sslTrustedCertificate
else "${certs.${certName}.directory}/chain.pem";
})
) cfg.virtualHosts;
enableIPv6 = config.networking.enableIPv6;

View file

@ -145,7 +145,7 @@ with lib;
sslTrustedCertificate = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/root.cert";
example = "\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
description = "Path to root SSL certificate for stapling and client certificates.";
};

View file

@ -1128,6 +1128,7 @@ in
users.groups.systemd-journal.gid = config.ids.gids.systemd-journal;
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
# Generate timer units for all services that have a startAt value.

View file

@ -8,10 +8,7 @@ let
etc' = filter (f: f.enable) (attrValues config.environment.etc);
etc = pkgs.runCommand "etc" {
preferLocalBuild = true;
allowSubstitutes = false;
etc = pkgs.runCommandLocal "etc" {
# This is needed for the systemd module
passthru.targets = map (x: x.target) etc';
} /* sh */ ''

View file

@ -86,6 +86,7 @@ in
StateDirectory = "containerd";
RuntimeDirectory = "containerd";
RuntimeDirectoryPreserve = "yes";
};
unitConfig = {
StartLimitBurst = "16";

View file

@ -105,9 +105,9 @@ in import ./make-test-python.nix ({ lib, ... }: {
security.acme.certs."a.example.test".keyType = "ec384";
security.acme.certs."a.example.test".postRun = ''
set -euo pipefail
touch test
chown root:root test
echo testing > test
touch /home/test
chown root:root /home/test
echo testing > /home/test
'';
};
@ -383,7 +383,7 @@ in import ./make-test-python.nix ({ lib, ... }: {
switch_to(webserver, "cert-change")
webserver.wait_for_unit("acme-finished-a.example.test.target")
check_connection_key_bits(client, "a.example.test", "384")
webserver.succeed("grep testing /var/lib/acme/a.example.test/test")
webserver.succeed("grep testing /home/test")
# Clean to remove the testing file (and anything else messy we did)
webserver.succeed("systemctl clean acme-a.example.test.service --what=state")

View file

@ -7,7 +7,7 @@ let
in
{
name = "bazarr";
meta.maintainers = with maintainers; [ xwvvvvwx ];
meta.maintainers = with maintainers; [ d-xo ];
nodes.machine =
{ pkgs, ... }:

View file

@ -6,11 +6,13 @@ import ./make-test-python.nix ({ pkgs, ... }:
nodes.machine = {
services.nitter.enable = true;
# Test CAP_NET_BIND_SERVICE
services.nitter.server.port = 80;
};
testScript = ''
machine.wait_for_unit("nitter.service")
machine.wait_for_open_port("8080")
machine.succeed("curl --fail http://localhost:8080/")
machine.wait_for_open_port("80")
machine.succeed("curl --fail http://localhost:80/")
'';
})

View file

@ -8,7 +8,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
{
name = "wg-quick";
meta = with pkgs.lib.maintainers; {
maintainers = [ xwvvvvwx ];
maintainers = [ d-xo ];
};
nodes = {

View file

@ -1,6 +1,6 @@
let
cert = pkgs: pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com'
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500
mkdir -p $out
cp key.pem cert.pem $out
'';

View file

@ -2,7 +2,6 @@
, stdenv
, lib
, fetchFromGitHub
, fetchpatch
, qmake
, pkg-config
, qttools
@ -13,25 +12,16 @@
mkDerivation rec {
pname = "bambootracker";
version = "0.4.6";
version = "0.5.0";
src = fetchFromGitHub {
owner = "rerrahkr";
owner = "BambooTracker";
repo = "BambooTracker";
rev = "v${version}";
sha256 = "0iddqfw951dw9xpl4w7310sl4z544507ppb12i8g4fzvlxfw2ifc";
fetchSubmodules = true;
sha256 = "1mpbvhsmrn0wdmxfp3n5dwv4474qlhy47r3vwc2jwdslq6vgl1fa";
};
# TODO Remove when updating past 0.4.6
# Fixes build failure on darwin
patches = [
(fetchpatch {
name = "bambootracker-Add_braces_in_initialization_of_std-array.patch";
url = "https://github.com/rerrahkr/BambooTracker/commit/0fc96c60c7ae6c2504ee696bb7dec979ac19717d.patch";
sha256 = "1z28af46mqrgnyrr4i8883gp3wablkk8rijnj0jvpq01s4m2sfjn";
})
];
nativeBuildInputs = [ qmake qttools pkg-config ];
buildInputs = [ qtbase rtaudio rtmidi ];
@ -40,18 +30,20 @@ mkDerivation rec {
postConfigure = "make qmake_all";
# installs app bundle on darwin, re-extract the binary
# wrapQtAppsHook fails to wrap mach-o binaries, manually call wrapper (https://github.com/NixOS/nixpkgs/issues/102044)
# 1. installs app bundle on darwin, move to app bundle dir & link binary to bin
# 2. wrapQtAppsHook fails to wrap mach-o binaries automatically, manually call wrapper
# (see https://github.com/NixOS/nixpkgs/issues/102044)
postInstall = lib.optionalString stdenv.hostPlatform.isDarwin ''
mv $out/bin/BambooTracker{.app/Contents/MacOS/BambooTracker,}
rm -r $out/bin/BambooTracker.app
wrapQtApp $out/bin/BambooTracker
mkdir -p $out/Applications
mv $out/{bin,Applications}/BambooTracker.app
wrapQtApp $out/Applications/BambooTracker.app/Contents/MacOS/BambooTracker
ln -s $out/{Applications/BambooTracker.app/Contents/MacOS,bin}/BambooTracker
'';
meta = with lib; {
description = "A tracker for YM2608 (OPNA) which was used in NEC PC-8801/9801 series computers";
homepage = "https://rerrahkr.github.io/BambooTracker";
license = licenses.gpl2Only;
homepage = "https://bambootracker.github.io/BambooTracker/";
license = licenses.gpl2Plus;
platforms = platforms.all;
maintainers = with maintainers; [ OPNA2608 ];
};

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "boops";
version = "1.6.0";
version = "1.6.4";
src = fetchFromGitHub {
owner = "sjaehn";
repo = "BOops";
rev = version;
sha256 = "sha256-7eNvt8PxIZCp83Y5XX5fBolBon4j+HPtu8wrgG8Miok=";
sha256 = "sha256-rljUb0fj231MQh+7jTpjAsZm1QkNzfdSpcI1cS5fs/c=";
};
nativeBuildInputs = [ pkg-config ];

View file

@ -8,11 +8,13 @@
, gtk3
, gst_all_1
, gobject-introspection
, libhandy
, python3Packages
, file
, cairo
, gettext
, gnome
, pantheon
}:
python3Packages.buildPythonApplication rec {
@ -20,7 +22,7 @@ python3Packages.buildPythonApplication rec {
format = "other"; # no setup.py
pname = "cozy";
version = "0.7.2";
version = "1.0.3";
# Temporary fix
# See https://github.com/NixOS/nixpkgs/issues/57029
@ -31,7 +33,7 @@ python3Packages.buildPythonApplication rec {
owner = "geigi";
repo = pname;
rev = version;
sha256 = "0fmbddi4ga0bppwg3rm3yjmf7jgqc6zfslmavnr1pglbzkjhy9fs";
sha256 = "0m0xiqpb87pwr3fhy0a4qxg67yjhwchcxj3x2anyy0li4inryxag";
};
nativeBuildInputs = [
@ -47,6 +49,8 @@ python3Packages.buildPythonApplication rec {
cairo
gettext
gnome.adwaita-icon-theme
libhandy
pantheon.granite
] ++ (with gst_all_1; [
gstreamer
gst-plugins-good
@ -70,8 +74,7 @@ python3Packages.buildPythonApplication rec {
];
postPatch = ''
chmod +x meson/post_install.py
patchShebangs meson/post_install.py
patchShebangs meson/*.py
'';
postInstall = ''

View file

@ -13,17 +13,17 @@
rustPlatform.buildRustPackage rec {
pname = "helvum";
version = "0.2.1";
version = "0.3.0";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "ryuukyu";
repo = pname;
rev = version;
sha256 = "sha256-ZnpdGXK8N8c/s4qC2NXcn0Pdqrqr47iOWvVwXD9pn1A=";
sha256 = "sha256-AlHCK4pWaoNjR0eflxHBsuVaaily/RvCbgJv/ByQZK4=";
};
cargoSha256 = "sha256-2v2L20rUWftXdhhuE3wiRrDIuSg6VFxfpWYMRaMUyTU=";
cargoSha256 = "sha256-mAhh12rGvQjs2xtm+OrtVv0fgG6qni/QM/oRYoFR7U8=";
nativeBuildInputs = [ clang copyDesktopItems pkg-config ];
buildInputs = [ glib gtk4 pipewire ];

View file

@ -18,7 +18,7 @@ buildGoPackage rec {
description = "Generate QRCode to connect apps to lnd Resources";
license = licenses.mit;
homepage = "https://github.com/LN-Zap/lndconnect";
maintainers = [ maintainers.xwvvvvwx ];
maintainers = [ maintainers.d-xo ];
platforms = platforms.linux;
};
}

View file

@ -25,6 +25,6 @@ buildGoModule rec {
homepage = "https://github.com/ledgerwatch/turbo-geth/";
description = "Ethereum node and geth fork focused on scalability and modularity";
license = with licenses; [ lgpl3Plus gpl3Plus ];
maintainers = with maintainers; [ xwvvvvwx ];
maintainers = with maintainers; [ d-xo ];
};
}

View file

@ -10,11 +10,11 @@
mkDerivation rec {
pname = "kdevelop";
version = "5.6.1";
version = "5.6.2";
src = fetchurl {
url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
sha256 = "02ip5r67hjfpywkm3mz86n6wbqcr7996ifzfd2fyzsvm4998hi4y";
sha256 = "sha256-D4a8P+U/dhwePj91RFd6DEFDO+i/8xDPLnKfdvQ2O/Y=";
};
nativeBuildInputs = [

View file

@ -2,20 +2,20 @@
buildGoModule rec {
pname = "micro";
version = "2.0.9";
version = "2.0.10";
src = fetchFromGitHub {
owner = "zyedidia";
repo = pname;
rev = "v${version}";
sha256 = "sha256-8QtucdamxVwHuuhQhVQuvTNbqY5p97LKSB23617p4ow=";
sha256 = "sha256-hVFmViwGXuYVAKaCkzK/LHjCi8AtLu0tsPpT61glxys=";
};
nativeBuildInputs = [ installShellFiles ];
subPackages = [ "cmd/micro" ];
vendorSha256 = "sha256-bkD125ePdKcVgmNilOMZgUK6A8KWxaBOGKs8AvvIboI=";
vendorSha256 = "sha256-YcAKl4keizkbgQLAZGiCG3CGpNTNad8EvOJEXLX2s0s=";
buildFlagsArray = [ "-ldflags=-s -w -X github.com/zyedidia/micro/v2/internal/util.Version=${version} -X github.com/zyedidia/micro/v2/internal/util.CommitHash=${src.rev}" ];

View file

@ -24,7 +24,7 @@ let
six
];
in mkDerivation rec {
version = "3.16.7";
version = "3.16.9";
pname = "qgis";
name = "${pname}-unwrapped-${version}";
@ -32,7 +32,7 @@ in mkDerivation rec {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
sha256 = "0yvb2w83dplh0my72xljglq9a4a7qkfliwslav26lw4yqxr8mr0p";
sha256 = "sha256-Y9WVgKEMOSMaXxfC9EQ8yqBYEj4XNL7YdMp8vjV55d0=";
};
passthru = {

View file

@ -24,13 +24,13 @@
stdenv.mkDerivation rec {
pname = "akira";
version = "0.0.14";
version = "0.0.15";
src = fetchFromGitHub {
owner = "akiraux";
repo = "Akira";
rev = "v${version}";
sha256 = "1zbb2bsc6v2rwrbigbkgrzfjmlj96s3ri73zbdcyqg4p08v1w4l6";
sha256 = "sha256-2GhpxajymLVAl2P6vZ0+nuZK3ZRRktFswWkj7TP8eHI=";
};
nativeBuildInputs = [

View file

@ -56,13 +56,13 @@ assert builtins.all
stdenv.mkDerivation rec {
pname = "imv";
version = "4.2.0";
version = "4.3.0";
src = fetchFromGitHub {
owner = "eXeC64";
repo = "imv";
rev = "v${version}";
sha256 = "07pcpppmfvvj0czfvp1cyq03ha0jdj4whl13lzvw37q3vpxs5qqh";
sha256 = "sha256-HP9W9US9e3YAXwCqiHV8NVqrO20SfQKcW3a6+r1XrIs=";
};
mesonFlags = [

View file

@ -8,8 +8,6 @@ stdenv.mkDerivation {
sha256 = "15qlvdfwbiclljj7075ycm78yzqahzrgl4ky8pymix5179acm05h";
};
phases = [ "unpackPhase" "installPhase" ];
unpackPhase = ''
tar -zxf $src
'';

View file

@ -3,13 +3,13 @@
mkDerivation rec {
pname = "AusweisApp2";
version = "1.22.0";
version = "1.22.2";
src = fetchFromGitHub {
owner = "Governikus";
repo = "AusweisApp2";
rev = version;
sha256 = "00isb8xcbm419nvxx2ri0n8x5d403733h2whjqjcd3hmpx3x4q1h";
sha256 = "sha256-Oci1y6//45Gep4IS6Ym+v9MPCP5mOswAiWPkXqd+zR0=";
};
nativeBuildInputs = [ cmake pkg-config ];

View file

@ -10,7 +10,8 @@ stdenv.mkDerivation {
nativeBuildInputs = [ unzip ];
phases = [ "buildPhase" ];
dontUnpack = true;
dontInstall = true;
buildPhase = ''
mkdir -p "$out/avrdudess"

View file

@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
at-spi2-atk
];
phases = "unpackPhase fixupPhase";
dontInstall = true;
# change this to azuredatastudio-insiders for insiders releases
edition = "azuredatastudio";

View file

@ -19,13 +19,13 @@
stdenv.mkDerivation rec {
pname = "cherrytree";
version = "0.99.39";
version = "0.99.40";
src = fetchFromGitHub {
owner = "giuspen";
repo = "cherrytree";
rev = version;
sha256 = "sha256-QSRYtnZxLAaq42PvPd5+LxSzq/Hd/Cz5bquBTiGWnAE=";
sha256 = "sha256-K1rf8/7kEpfLOPYJGh5U2eTnr5XCDhuc+seoUAKW7aE=";
};
nativeBuildInputs = [

View file

@ -29,13 +29,13 @@ with lib;
stdenv.mkDerivation rec {
pname = "elogind";
version = "243.7";
version = "246.10";
src = fetchFromGitHub {
owner = "elogind";
repo = pname;
rev = "v${version}";
sha256 = "0cihdf7blhncm2359qxli24j9l3dkn15gjys5vpjwny80zlym5ma";
sha256 = "sha256-+Nv6FL9Yjmfxs24+2mUTP//wbjzGUq4ftgJLfuEqBJg=";
};
nativeBuildInputs = [

View file

@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "18x3s3jrph8k3pc75jgwkfqazygpsx93zjxx68zms58my17cybh1";
};
phases = [ "buildPhase" "installPhase" ];
dontUnpack = true;
buildPhase = ''
mkdir -p $out/bin $out/share/java

View file

@ -0,0 +1,58 @@
{ stdenv
, lib
, fetchFromGitea
, pkg-config
, meson
, ninja
, scdoc
, wayland-protocols
, tllist
, fontconfig
, freetype
, pixman
, libpng
, wayland
, wlroots
, dbus
, fcft
}:
stdenv.mkDerivation rec {
pname = "fnott";
version = "1.1.0";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "dnkl";
repo = "fnott";
rev = version;
sha256 = "sha256-gzU5AqjCIZlhLbnj/xuSGJ69ZhLv9zQxlM0Nn+MIX/U=";
};
nativeBuildInputs = [
pkg-config
meson
ninja
scdoc
wayland-protocols
tllist
];
buildInputs = [
fontconfig
freetype
pixman
libpng
wayland
wlroots
dbus
fcft
];
meta = with lib; {
homepage = "https://codeberg.org/dnkl/fnott";
description = "Keyboard driven and lightweight Wayland notification daemon for wlroots-based compositors.";
license = licenses.mit;
maintainers = with maintainers; [ polykernel ];
platforms = platforms.linux;
};
}

View file

@ -1,22 +1,75 @@
{ stdenv, lib, fetchzip, pkg-config, meson, ninja, wayland, pixman, cairo, librsvg, wayland-protocols, wlroots, libxkbcommon, scdoc, git, tllist, fcft}:
{ stdenv
, lib
, fetchFromGitea
, pkg-config
, meson
, ninja
, wayland-scanner
, wayland
, pixman
, wayland-protocols
, libxkbcommon
, scdoc
, tllist
, fcft
, enableCairo ? true
, enablePNG ? true
, enableSVG ? true
# Optional dependencies
, cairo
, librsvg
, libpng
}:
let
# Courtesy of sternenseemann and FRidh, commit c9a7fdfcfb420be8e0179214d0d91a34f5974c54
mesonFeatureFlag = opt: b: "-D${opt}=${if b then "enabled" else "disabled"}";
in
stdenv.mkDerivation rec {
pname = "fuzzel";
version = "1.6.1";
src = fetchzip {
url = "https://codeberg.org/dnkl/fuzzel/archive/${version}.tar.gz";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "dnkl";
repo = "fuzzel";
rev = version;
sha256 = "sha256-JW5sAlTprSRIdFbmSaUreGtNccERgQMGEW+WCSscYQk=";
};
nativeBuildInputs = [ pkg-config meson ninja scdoc git ];
buildInputs = [ wayland pixman cairo librsvg wayland-protocols wlroots libxkbcommon tllist fcft ];
nativeBuildInputs = [
pkg-config
wayland-scanner
meson
ninja
scdoc
];
buildInputs = [
wayland
pixman
wayland-protocols
libxkbcommon
tllist
fcft
] ++ lib.optional enableCairo cairo
++ lib.optional enablePNG libpng
++ lib.optional enableSVG librsvg;
mesonBuildType = "release";
mesonFlags = [
(mesonFeatureFlag "enable-cairo" enableCairo)
(mesonFeatureFlag "enable-png" enablePNG)
(mesonFeatureFlag "enable-svg" enableSVG)
];
meta = with lib; {
description = "Wayland-native application launcher, similar to rofis drun mode";
homepage = "https://codeberg.org/dnkl/fuzzel";
license = licenses.mit;
maintainers = with maintainers; [ fionera ];
maintainers = with maintainers; [ fionera polykernel ];
platforms = with platforms; linux;
changelog = "https://codeberg.org/dnkl/fuzzel/releases/tag/${version}";
};

View file

@ -15,8 +15,6 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ jre ];
phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
installPhase = let
desktopItem = makeDesktopItem {

View file

@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper ];
phases = [ "installPhase" ];
dontUnpack = true;
installPhase = let
env = bundlerEnv {

View file

@ -4,7 +4,7 @@ stdenv.mkDerivation {
pname = "example-unfree-package";
version = "1.0";
phases = [ "installPhase" "fixupPhase" ];
dontUnpack = true;
installPhase = ''
mkdir -p $out/bin

View file

@ -55,7 +55,8 @@ let
install -Dm444 ${appimageContents}/@joplinapp-desktop.desktop -t $out/share/applications
install -Dm444 ${appimageContents}/@joplinapp-desktop.png -t $out/share/pixmaps
substituteInPlace $out/share/applications/@joplinapp-desktop.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}'
--replace 'Exec=AppRun' 'Exec=${pname}' \
--replace 'Icon=joplin' "Icon=$out/share/pixmaps/@joplinapp-desktop.png"
'';
};

View file

@ -3,11 +3,11 @@
with builtins; buildDotnetPackage rec {
baseName = "keepass";
version = "2.46";
version = "2.48.1";
src = fetchurl {
url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip";
sha256 = "0zyclydgyg8nhwxrzw7x4f82975cqdmp12py33k6sballx6jhgiy";
sha256 = "sha256-HkAgKPvf8TUgUlgsGWVgjuYJaRPGi8obOFQEtmzDtLE=";
};
sourceRoot = ".";

View file

@ -3,11 +3,11 @@
mkDerivation rec {
pname = "latte-dock";
version = "0.9.12";
version = "0.10.0";
src = fetchurl {
url = "https://download.kde.org/stable/${pname}/${pname}-${version}.tar.xz";
sha256 = "sha256-srivjGnrEizLvph7AP/02dOsnMyTnL3a6f0xm8oGML4=";
sha256 = "04kq86qmrjbzidrkknj000pv1b5z0r7nfidhy2zv67ks8fdi4zln";
name = "${pname}-${version}.tar.xz";
};

View file

@ -6,13 +6,16 @@
mkDerivation rec {
pname = "opentx";
version = "2.3.13";
version = "2.3.14";
src = fetchFromGitHub {
owner = "opentx";
repo = "opentx";
rev = "release/${version}";
sha256 = "sha256-Bi/Cz2T2NdtnJZHav8qvo+gErPsR8Ym7K3KcD5APt6Y=";
# 2.3.14 release tag points to the commit before the one that updates the
# version number.
# rev = "release/${version}";
rev = "1e09791a1e2fe2a0ca9835019d634a4c6a4fa3bf";
sha256 = "0mhzp1j6nmqvkjxg8lv8xa637m1lavdsak30mdlq0g25dhwg6k92";
};
nativeBuildInputs = [ cmake gcc-arm-embedded python3Packages.pillow ];
@ -41,7 +44,7 @@ mkDerivation rec {
running radio simulators.
'';
homepage = "https://www.open-tx.org/";
license = licenses.gpl2;
license = licenses.gpl2Only;
platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ];
maintainers = with maintainers; [ elitak lopsided98 ];
};

View file

@ -1,46 +0,0 @@
{ lib, fetchFromGitHub, python3Packages }:
with python3Packages;
buildPythonApplication rec {
version = "1.27.0";
pname = "rtv";
src = fetchFromGitHub {
owner = "michael-lazar";
repo = "rtv";
rev = "v${version}";
sha256 = "1hw7xy2kjxq7y3wcibcz4l7zj8icvigialqr17l362xry0y17y5j";
};
# Tests try to access network
doCheck = false;
checkPhase = ''
py.test
'';
checkInputs = [
coverage
coveralls
docopt
mock
pylint
pytest
vcrpy
];
propagatedBuildInputs = [
beautifulsoup4
decorator
kitchen
requests
six
];
meta = with lib; {
homepage = "https://github.com/michael-lazar/rtv";
description = "Browse Reddit from your Terminal";
license = licenses.mit;
maintainers = with maintainers; [ matthiasbeyer wedens ];
};
}

View file

@ -4,7 +4,7 @@
}:
stdenv.mkDerivation rec {
name = "smos-${version}";
pname = "smos";
version = "0.1.0";
src = fetchurl {
@ -12,7 +12,8 @@ stdenv.mkDerivation rec {
sha256 = "sha256:07yavk7xl92yjwwjdig90yq421n8ldv4fjfw7izd4hfpzw849a12";
};
phases = [ "unpackPhase" ];
dontInstall = true;
unpackCmd = "${unzip}/bin/unzip -d $out $curSrc";
sourceRoot = ".";

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "tut";
version = "0.0.20";
version = "0.0.26";
src = fetchFromGitHub {
owner = "RasmusLindroth";
repo = pname;
rev = version;
sha256 = "03jiv5m807z96796fbpi6ny22am3sq4jfni37fxbld05sxdzwcnd";
sha256 = "1d4n55p9hl4c8i2yz3gq3r7kma7j32pr976dhd7xdwhxadvn3aal";
};
vendorSha256 = "1in5b7ixnm5iizkzziqclvgaq87ccdh507amkgfhfy5sxsgbfb1g";
vendorSha256 = "1zmwfgl1mayqcqk93368l94d6yah1qb0x11vf9b2x7zbzxzfshg9";
meta = with lib; {
description = "A TUI for Mastodon with vim inspired keys";

View file

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "usql";
version = "0.9.1";
version = "0.9.2";
src = fetchFromGitHub {
owner = "xo";
repo = "usql";
rev = "v${version}";
sha256 = "sha256-fcKn4kHIRvMdgGFKDNQg49YxLc0Y5j/8VwKoDLiXbEU=";
sha256 = "sha256-vLGoPttl7f4qCVM8e0F0llIODuNqJ7GxXqbUgokv7Qw=";
};
vendorSha256 = "sha256-uAV8NLnqXjIDILfnbbkVr2BOIucQ8vX89KI5yIkVtus=";
vendorSha256 = "sha256-sGECp1L6WzIPGbQbBoV1IrTgyy4/c95OLAmj9D0FjXs=";
buildInputs = [ unixODBC icu ];

View file

@ -1,50 +1,64 @@
{ stdenv
, lib
, fetchgit
, fetchFromGitea
, pkg-config
, meson
, ninja
, pkg-config
, git
, scdoc
, cairo
, fcft
, libpng
, librsvg
, libxkbcommon
, pixman
, tllist
, wayland
, wayland-scanner
, wayland-protocols
, wlroots
, enablePNG ? true
, enableJPEG ? true
# Optional dependencies
, libpng
, libjpeg
}:
let
# Courtesy of sternenseemann and FRidh, commit c9a7fdfcfb420be8e0179214d0d91a34f5974c54
mesonFeatureFlag = opt: b: "-D${opt}=${if b then "enabled" else "disabled"}";
in
stdenv.mkDerivation rec {
pname = "wbg";
version = "unstable-2020-08-01";
version = "1.0.2";
src = fetchgit {
url = "https://codeberg.org/dnkl/wbg";
rev = "1b05bd80d0f40e3ba1e977002d0653f532649269";
sha256 = "0i1j7aqvj0vl2ww5cvffqci1kjqjn0sw6sp2j0ljblaif6qk9asc";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "dnkl";
repo = "wbg";
rev = version;
sha256 = "sha256-PKEOWRcSAB4Uv5TfameQIEZh6s6xCGdyoZ13etL1TKA=";
};
nativeBuildInputs = [ pkg-config meson ninja scdoc git ];
nativeBuildInputs = [
pkg-config
meson
ninja
wayland-scanner
];
buildInputs = [
cairo
fcft
libpng
librsvg
libxkbcommon
pixman
tllist
wayland
wayland-protocols
wlroots
] ++ lib.optional enablePNG libpng
++ lib.optional enableJPEG libjpeg;
mesonBuildType = "release";
mesonFlags = [
(mesonFeatureFlag "png" enablePNG)
(mesonFeatureFlag "jpeg" enableJPEG)
];
meta = with lib; {
description = "Wallpaper application for Wayland compositors";
homepage = "https://codeberg.org/dnkl/wbg";
changelog = "https://codeberg.org/dnkl/wbg/releases/tag/${version}";
license = licenses.isc;
maintainers = with maintainers; [ AndersonTorres ];
platforms = with platforms; linux;

View file

@ -17,12 +17,12 @@ buildGoModule rec {
preBuild = ''
make assets
export buildFlagsArray=(
"-ldflags=-s -w -X github.com/writeas/writefreely.softwareVer=${version}"
"-tags='sqlite'"
)
'';
ldflags = [ "-s" "-w" "-X github.com/writeas/writefreely.softwareVer=${version}" ];
tags = [ "sqlite" ];
subPackages = [ "cmd/writefreely" ];
meta = with lib; {

View file

@ -1,6 +1,6 @@
{ stdenv
, lib
, fetchgit
, fetchFromGitea
, pkg-config
, meson
, ninja
@ -9,50 +9,75 @@
, fcft
, json_c
, libmpdclient
, libxcb
, libyaml
, pixman
, tllist
, udev
, wayland
, wayland-scanner
, wayland-protocols
, waylandSupport ? false
# Xorg backend
, libxcb
, xcbutil
, xcbutilcursor
, xcbutilerrors
, xcbutilwm
}:
let
# Courtesy of sternenseemann and FRidh, commit c9a7fdfcfb420be8e0179214d0d91a34f5974c54
mesonFeatureFlag = opt: b: "-D${opt}=${if b then "enabled" else "disabled"}";
in
stdenv.mkDerivation rec {
pname = "yambar";
version = "1.6.2";
src = fetchgit {
url = "https://codeberg.org/dnkl/yambar.git";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "dnkl";
repo = "yambar";
rev = version;
sha256 = "sha256-oUNkaWrYIcsK2u+aeRg6DHmH4M1VZ0leNSM0lV9Yy1Y=";
sha256 = "sha256-GPKR2BYl3ebxxXbVfH/oZLs7639EYwWU4ZsilJn0Ss8=";
};
nativeBuildInputs = [ pkg-config meson ninja scdoc ];
nativeBuildInputs = [
pkg-config
meson
ninja
scdoc
wayland-scanner
];
buildInputs = [
alsa-lib
fcft
json_c
libmpdclient
libxcb
libyaml
pixman
tllist
udev
wayland
wayland-protocols
] ++ lib.optionals (!waylandSupport) [
xcbutil
xcbutilcursor
xcbutilerrors
xcbutilwm
];
mesonBuildType = "release";
mesonFlags = [
(mesonFeatureFlag "backend-x11" (!waylandSupport))
(mesonFeatureFlag "backend-wayland" waylandSupport)
];
meta = with lib; {
homepage = "https://codeberg.org/dnkl/yambar";
changelog = "https://codeberg.org/dnkl/yambar/releases/tag/${version}";
description = "Modular status panel for X11 and Wayland";
longDescription = ''
yambar is a lightweight and configurable status panel (bar, for short) for

View file

@ -2,17 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "zola";
version = "unstable-2021-07-14";
version = "0.14.0";
src = fetchFromGitHub {
owner = "getzola";
repo = pname;
# unstable because the latest release fails to build
rev = "312ffcb04c06c5f157b9fd2b944b858703238592";
sha256 = "0i5zqs1gwxhvsynb540c3azfi4357igr4i5p0bi3h7ras2asas8w";
rev = "v${version}";
sha256 = "1mvin6pfqhsfhaifivbdi6qcn0dsa98w83m1n51q807gh4l1k2yj";
};
cargoSha256 = "0g5z0s837cfwzral2zz0avp0xywyaa3l1adxg520qrnga7z0kbh8";
cargoSha256 = "02bk399c7x15a5rkaz7ik65yihkfbjn1q46gx7l8hycqq7xb0xmg";
nativeBuildInputs = [ cmake pkg-config installShellFiles];
buildInputs = [ openssl oniguruma ]
@ -30,6 +29,7 @@ rustPlatform.buildRustPackage rec {
meta = with lib; {
description = "A fast static site generator with everything built-in";
homepage = "https://www.getzola.org/";
changelog = "https://github.com/getzola/zola/raw/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ dandellion dywedir _0x4A6F ];
# set because of unstable-* version

View file

@ -201,7 +201,6 @@ stdenv.mkDerivation {
url = "http://www.mozilla.org/en-US/foundation/trademarks/policy/";
};
platforms = builtins.attrNames mozillaPlatforms;
timeout = 86400; # 24 hours (increased from the Hydra default of 10h, c.f. #129115)
maintainers = with maintainers; [ taku0 lovesegfault ];
};
}

View file

@ -21,6 +21,7 @@ rec {
badPlatforms = lib.platforms.darwin;
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115)
license = lib.licenses.mpl20;
};
tests = [ nixosTests.firefox ];

View file

@ -2,7 +2,7 @@
, replace, fetchurl, zip, unzip, jq, xdg-utils, writeText
## various stuff that can be plugged in
, ffmpeg, xorg, alsa-lib, libpulseaudio, libcanberra-gtk3, libglvnd, libnotify
, ffmpeg, xorg, alsa-lib, libpulseaudio, libcanberra-gtk3, libglvnd, libnotify, opensc
, gnome/*.gnome-shell*/
, browserpass, chrome-gnome-shell, uget-integrator, plasma5Packages, bukubrow, pipewire
, tridactyl-native
@ -49,6 +49,8 @@ let
gssSupport = browser.gssSupport or false;
alsaSupport = browser.alsaSupport or false;
pipewireSupport = browser.pipewireSupport or false;
# PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards
smartcardSupport = cfg.smartcardSupport or false;
nativeMessagingHosts =
([ ]
@ -70,6 +72,7 @@ let
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsa-lib zlib ])
++ lib.optional (config.pulseaudio or true) libpulseaudio
++ lib.optional alsaSupport alsa-lib
++ lib.optional smartcardSupport opensc
++ pkcs11Modules;
gtk_modules = [ libcanberra-gtk3 ];
@ -120,6 +123,10 @@ let
ret ++ [ "${e.outPath}/${e.extid}.xpi" ]
) [] extensions;
};
} // lib.optionalAttrs smartcardSupport {
SecurityDevices = {
"OpenSC PKCS#11 Module" = "onepin-opensc-pkcs11.so";
};
}
// extraPolicies;
};

View file

@ -4,6 +4,8 @@
, nix-update-script
, cmake
, pkg-config
, fribidi
, harfbuzz
, libunistring
, mpg123
, openssl
@ -15,27 +17,36 @@
stdenv.mkDerivation rec {
pname = "lagrange";
version = "1.5.2";
version = "1.6.2";
src = fetchFromGitHub {
owner = "skyjake";
repo = "lagrange";
rev = "v${version}";
sha256 = "sha256-NjiTjY2YuxUs/Wny7aDqHGw/2ML1fenjHrl089rLXFI=";
sha256 = "sha256-YTWVBQt0X12UDFJv/rPBqlIBC4iXSvpdYi/HIl+BPxc=";
fetchSubmodules = true;
};
postPatch = ''
rm -r lib/fribidi lib/harfbuzz
'';
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ libunistring mpg123 openssl pcre SDL2 zlib ]
buildInputs = [ fribidi harfbuzz libunistring mpg123 openssl pcre SDL2 zlib ]
++ lib.optional stdenv.isDarwin AppKit;
hardeningDisable = lib.optional (!stdenv.cc.isClang) "format";
installPhase = if stdenv.isDarwin then ''
cmakeFlags = [
"-DENABLE_HARFBUZZ_MINIMAL:BOOL=OFF"
"-DENABLE_FRIBIDI_BUILD:BOOL=OFF"
];
installPhase = lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications
mv Lagrange.app $out/Applications
'' else null;
'';
passthru = {
updateScript = nix-update-script {

View file

@ -1,11 +1,16 @@
{ lib, stdenv, buildPackages
, fetchurl, pkg-config, ncurses, gzip
, sslSupport ? true, openssl ? null
{ lib
, stdenv
, buildPackages
, fetchurl
, pkg-config
, ncurses
, gzip
, sslSupport ? true
, openssl
, nukeReferences
, fetchpatch
}:
assert sslSupport -> openssl != null;
stdenv.mkDerivation rec {
pname = "lynx";
version = "2.8.9rel.1";
@ -22,6 +27,14 @@ stdenv.mkDerivation rec {
hardeningEnable = [ "pie" ];
patches = [
(fetchpatch {
name = "CVE-2021-38165.patch";
url = "https://git.alpinelinux.org/aports/plain/main/lynx/CVE-2021-38165.patch?id=3400945dbbb8a87065360963e4caa0e17d3dcc61";
sha256 = "1aykb9y2g2vdpbbpvjlm4r40x7py2yv6jbywwcqcxrlciqcw4x57";
})
];
configureFlags = [
"--enable-default-colors"
"--enable-widec"
@ -32,7 +45,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ nukeReferences ]
++ lib.optional sslSupport pkg-config;
buildInputs = [ ncurses gzip ] ++ lib.optional sslSupport openssl.dev;
buildInputs = [ ncurses gzip ]
++ lib.optional sslSupport openssl;
# cfg_defs.h captures lots of references to build-only dependencies, derived
# from config.cache.
@ -44,6 +58,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "A text-mode web browser";
homepage = "https://lynx.invisible-island.net/";
maintainers = with maintainers; [ ];
license = licenses.gpl2Plus;
platforms = platforms.unix;
};

View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "cloudflared";
version = "2021.7.4";
version = "2021.8.1";
src = fetchFromGitHub {
owner = "cloudflare";
repo = "cloudflared";
rev = version;
sha256 = "sha256-3HK7QLUhU6MUayRYec4LP2BfbwEsvtjtCf++o1cQsQw=";
sha256 = "sha256-92Uq7hSqfsiES6dSCw4cotfLJ8TLRRO6QPkwQ8iv124=";
};
vendorSha256 = null;

View file

@ -1,7 +1,7 @@
{ lib, buildGoModule, fetchFromGitHub, fetchzip, installShellFiles }:
let
version = "0.16.1";
version = "0.16.2";
manifests = fetchzip {
url = "https://github.com/fluxcd/flux2/releases/download/v${version}/manifests.tar.gz";
@ -19,10 +19,10 @@ buildGoModule rec {
owner = "fluxcd";
repo = "flux2";
rev = "v${version}";
sha256 = "sha256-OjbyDg+3dSJco162NubK12pbmwib6uGlJQxVaJOzSig=";
sha256 = "sha256-hP2HQI9Oc7IlzVS5r7yqGAgSgqECOSZVe2B3vO2sgKA=";
};
vendorSha256 = "sha256-GPbuHv/Xi9sWWZ6SIlW8cm5bY1gTO41vygx2C8dEt0k=";
vendorSha256 = "sha256-6ABnX0GV3HmhpUpPWS0bigubRqpXGoikEeQ/LqO6Ybs=";
nativeBuildInputs = [ installShellFiles ];

View file

@ -0,0 +1,40 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "chart-testing";
version = "3.4.0";
src = fetchFromGitHub {
owner = "helm";
repo = pname;
rev = "v${version}";
sha256 = "sha256-c7Rjk2YZaQXyFwrDVwYgOCnq/F2ooIUVETXVn5FVlZE=";
};
vendorSha256 = "sha256-1Py66ljDjJC38biJ25D8KnWEi3nXAVt9QSgyH1KkwHM=";
postPatch = ''
substituteInPlace pkg/config/config.go \
--replace "\"/etc/ct\"," "\"$out/etc/ct\","
'';
ldflags = [
"-w"
"-s"
"-X github.com/helm/chart-testing/v3/ct/cmd.Version=${version}"
"-X github.com/helm/chart-testing/v3/ct/cmd.GitCommit=${src.rev}"
"-X github.com/helm/chart-testing/v3/ct/cmd.BuildDate=19700101-00:00:00"
];
postInstall = ''
install -Dm644 -t $out/etc/ct etc/chart_schema.yaml
install -Dm644 -t $out/etc/ct etc/lintconf.yaml
'';
meta = with lib; {
description = "A tool for testing Helm charts";
homepage = "https://github.com/helm/chart-testing";
license = licenses.asl20;
maintainers = with maintainers; [ atkinschang ];
};
}

View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "k9s";
version = "0.24.14";
version = "0.24.15";
src = fetchFromGitHub {
owner = "derailed";
repo = "k9s";
rev = "v${version}";
sha256 = "sha256-Kw3TT8IeJT0y2vSd38/y7BRq7PxMH2tiXV4/lOn5INA=";
sha256 = "sha256-ws5JC2/WkgwxKwYtP9xtFELRhztzL6tNSvopyeC6H0Q=";
};
buildFlagsArray = ''
@ -18,7 +18,7 @@ buildGoModule rec {
-X github.com/derailed/k9s/cmd.commit=${src.rev}
'';
vendorSha256 = "sha256-JBWQxRaMvIbUiOD7sJiZH1SHNCdysgh5FeSmYf+FdG4=";
vendorSha256 = "sha256-T9khJeg5XPhVyUiu4gEEHZR6RgJF4P8LYFycqJglms8=";
doCheck = false;

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kpt";
version = "0.38.0";
version = "0.38.1";
src = fetchFromGitHub {
owner = "GoogleContainerTools";
repo = pname;
rev = "v${version}";
sha256 = "sha256-MBZa4LdpCZnVVbjzkYpPi9/CYGqVLeYy2N/AS1PSYBE=";
sha256 = "sha256-gJAdxg/evsQ+mKsNx/migDMK5lCZ2qSrksbsGDr4fmU=";
};
vendorSha256 = "sha256-P0cN8aw62nPD1OlUAw1E36YxptxtPqqruZfDDG4Ag2w=";
vendorSha256 = "sha256-GvkT51JudEdPz6zbqyf5qY6P2AbsaSMbirnxXmza5aI=";
subPackages = [ "." ];

View file

@ -1,7 +1,6 @@
{ lib
, buildGoModule
, fetchFromGitHub
, installShellFiles
, makeWrapper
, git
, go
@ -15,11 +14,11 @@ buildGoModule rec {
owner = "kubernetes-sigs";
repo = "kubebuilder";
rev = "v${version}";
sha256 = "1726j2b5jyvllvnk60g6px3g2jyyphd9pc4vgid45mis9b60sh8a";
sha256 = "0bl5ff2cplal6hg75800crhyviamk1ws85sq60h4zg21hzf21y68";
};
vendorSha256 = "0zxyd950ksjswja64rfri5v2yaalfg6qmq8215ildgrcavl9974n";
subPackages = ["cmd" "pkg/..."];
subPackages = ["cmd"];
preBuild = ''
export buildFlagsArray+=("-ldflags=-X main.kubeBuilderVersion=v${version} \

View file

@ -28,11 +28,9 @@ buildGoModule rec {
buildInputs = lib.optionals stdenv.isLinux [ systemd ];
buildFlags = "-mod vendor" +
lib.optionalString stdenv.isLinux " -tags journald";
tags = lib.optionals stdenv.isLinux [ "journald" ];
buildFlagsArray = [
"-ldflags="
ldflags = [
"-X k8s.io/${pname}/pkg/version.version=v${version}"
];

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "terragrunt";
version = "0.31.1";
version = "0.31.3";
src = fetchFromGitHub {
owner = "gruntwork-io";
repo = pname;
rev = "v${version}";
sha256 = "sha256-vc3DGYb3vp55LRguhg3nG5zH7w1lTFEI2bx7kNffvas=";
sha256 = "sha256-I7S7B+mQxLdMWiLAkUIW39kXGU9k647OOhHysYotkfU=";
};
vendorSha256 = "sha256-lBhLaYn8adgfCXQJBsIVuwnA0vY8+tgeqE+C669AV+A=";
vendorSha256 = "sha256-CVWg2SvRO//xye05G3svGeqgaTKdRcoERrR7Tp0JZUo=";
doCheck = false;

View file

@ -0,0 +1,56 @@
{ lib
, stdenv
, fetchFromGitHub
, autoconf
, automake
, gettext
, gtk
, intltool
, libtool
, ncurses
, openssl
, pkg-config
, readline
}:
stdenv.mkDerivation rec {
pname = "gftp";
version = "2.7.0b";
src = fetchFromGitHub {
owner = "masneyb";
repo = pname;
rev = version;
hash = "sha256-cIB3SneYKavgdI8eTtM1qsOrBJJ0c7/3CEvNPishNog=";
};
nativeBuildInputs = [
autoconf
automake
gettext
intltool
libtool
pkg-config
];
buildInputs = [
gtk
ncurses
openssl
readline
];
hardeningDisable = [ "format" ];
preConfigure = ''
./autogen.sh
'';
meta = with lib; {
homepage = "https://github.com/masneyb/gftp";
description = "GTK-based multithreaded FTP client for *nix-based machines";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ AndersonTorres ];
platforms = platforms.unix;
};
}
# TODO: report the hardeningDisable to upstream

View file

@ -15,6 +15,7 @@
, enableSpelling ? true, gspell
, enableUPnP ? true, gupnp-igd
, enableOmemoPluginDependencies ? true
, enableAppIndicator ? true, libappindicator-gtk3
, extraPythonPackages ? ps: []
}:
@ -33,7 +34,8 @@ python3.pkgs.buildPythonApplication rec {
] ++ lib.optionals enableJingle [ farstream gstreamer gst-plugins-base gst-libav gst-plugins-good libnice ]
++ lib.optional enableSecrets libsecret
++ lib.optional enableSpelling gspell
++ lib.optional enableUPnP gupnp-igd;
++ lib.optional enableUPnP gupnp-igd
++ lib.optional enableAppIndicator libappindicator-gtk3;
nativeBuildInputs = [
gettext wrapGAppsHook

View file

@ -22,11 +22,11 @@
stdenv.mkDerivation rec {
pname = "insync";
version = "3.2.4.40856";
version = "3.3.5.40925";
src = fetchurl {
url = "http://s.insynchq.com/builds/${pname}_${version}-focal_amd64.deb";
sha256 = "1bvqbbrfn5784nmb2qaflm1rzczqhvghhb6y5zaxrapyhygxbcis";
sha256 = "sha256-lYlG/8d7teX98F5eDxm4EdBfFs7Sz3Td4kKLC6KZqnQ=";
};
postPatch = ''

View file

@ -1,7 +1,6 @@
{ stdenv
, lib
, rustPlatform
, fetchpatch
, fetchFromGitHub
, pkg-config
, dbus
@ -11,23 +10,20 @@
rustPlatform.buildRustPackage rec {
pname = "tiny";
version = "0.8.0";
version = "0.9.0";
src = fetchFromGitHub {
owner = "osa1";
repo = pname;
rev = "v${version}";
sha256 = "07a50shv6k4fwl2gmv4j0maxaqqkjpwwmqkxkqs0gvx38lc5f7m7";
sha256 = "gKyHR3FZHDybaP38rqB8/gvr8T+mDO4QQxoTtWS+TlE=";
};
cargoSha256 = "0npkcprcqy2pn7k64jzwg41vk9id6yzw211xw203h80cc5444igr";
cargoSha256 = "0ChfW8vaqC2kCp4lpS0HOvhuihPw9G5TOmgwKzVDfws=";
# Fix Cargo.lock version. Remove with the next release.
cargoPatches = [
# Fix Cargo.lock version. Remove with the next release.
(fetchpatch {
url = "https://github.com/osa1/tiny/commit/b1caf48a6399dad8875de1d965d1ad445e49585d.patch";
sha256 = "1zkjhx94nwmd69cfwwwzg51ipcwq01wyvgsmn0vq7iaa2h0d286i";
})
./fix-Cargo.lock.patch
];
nativeBuildInputs = lib.optional stdenv.isLinux pkg-config;
@ -38,6 +34,6 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/osa1/tiny";
changelog = "https://github.com/osa1/tiny/blob/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ Br1ght0ne ];
maintainers = with maintainers; [ Br1ght0ne vyp ];
};
}

View file

@ -0,0 +1,13 @@
diff --git a/Cargo.lock b/Cargo.lock
index 3a184dc..0e58cb1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1023,7 +1023,7 @@ dependencies = [
[[package]]
name = "tiny"
-version = "0.8.0"
+version = "0.9.0"
dependencies = [
"clap",
"dirs 3.0.1",

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "juju";
version = "2.9.9";
version = "2.9.10";
src = fetchFromGitHub {
owner = "juju";
repo = "juju";
rev = "juju-${version}";
sha256 = "sha256-36/fatztop2eB1z9DfnseQXw0Di3Wss72IfgdnKpsNU=";
sha256 = "sha256-2gCJ6aN6uN0KtOVddLDry4pLhScSh4JHmdsFws59phk=";
};
vendorSha256 = "sha256-MH9lZNc9KevovZJCN2nClmqJbRSwYoQ4Jb0CXqBBUd0=";
vendorSha256 = "sha256-vFO3Rv+7CLIkl1qS4zp177GmerewfgmyjxEbzdt/RsE=";
# Disable tests because it attempts to use a mongodb instance
doCheck = false;

View file

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "evolution-ews";
version = "3.40.1";
version = "3.40.3";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "1kgxdacqqcq8yfkij6vyqlk5r4yqvw7gh7mxqii670hrn1mb2s50";
sha256 = "ZAIE5rpPOyZT3VSPYOR143bP8Na7Kv0NQRhQ+p2oxJY=";
};
nativeBuildInputs = [ cmake gettext intltool pkg-config ];

View file

@ -1,14 +1,12 @@
{ lib, stdenv, fetchurl, jre, makeWrapper }:
with lib;
stdenv.mkDerivation rec {
version = "6.8.9";
version = "6.9.4";
pname = "frostwire";
src = fetchurl {
url = "https://dl.frostwire.com/frostwire/${version}/frostwire-${version}.amd64.tar.gz";
sha256 = "0f5vyliwncryj6hj5xx0dycxycxddsn28n6zixjrn56jajijyl6q";
sha256 = "sha256-sWvQDUJGytKA9/UbC7fOk6WhDtTqdhyRmW9GvHFMZh4=";
};
nativeBuildInputs = [ makeWrapper ];

View file

@ -26,13 +26,13 @@
let
pname = "pcloud";
version = "1.9.3";
code = "XZh0QTXZIYkI66plpzLAJ4G2mwDvJFvKvEzy";
version = "1.9.5";
code = "XZy4VwXZjkvoMGM3x6kCTkIGLFYVKjqKbefX";
# Archive link's code thanks to: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=pcloud-drive
src = fetchzip {
url = "https://api.pcloud.com/getpubzip?code=${code}&filename=${pname}-${version}.zip";
hash = "sha256-NFbSYZRysRIg6q0aaDocpK7xJbiCWc1S0McXKlCRGjU=";
hash = "sha256-GuO4wsSRT6WMlqYs2X+5oA7CykHb/NmhZ7UGA1FA6y4=";
};
appimageContents = appimageTools.extractType2 {

View file

@ -23,8 +23,9 @@ buildGoModule rec {
buildInputs = lib.optional enableCmount (if stdenv.isDarwin then macfuse-stubs else fuse);
nativeBuildInputs = [ installShellFiles makeWrapper ];
buildFlagsArray = lib.optionals enableCmount [ "-tags=cmount" ]
++ [ "-ldflags=-s -w -X github.com/rclone/rclone/fs.Version=${version}" ];
tags = lib.optionals enableCmount [ "cmount" ];
ldflags = [ "-s" "-w" "-X github.com/rclone/rclone/fs.Version=${version}" ];
postInstall =
let

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "atlassian-cli";
version = "9.5.0";
version = "9.6.0";
src = fetchzip {
url = "https://bobswift.atlassian.net/wiki/download/attachments/16285777/${pname}-${version}-distribution.zip";
sha256 = "sha256-EAoydA2lg4K1gTgzn9patNw7pcCdU/OPfaEG1OfEJ18=";
sha256 = "sha256-55ydhprVC9NdDMUrKbpSAEQBb9zRYgwOc7k8aP4R89A=";
};
tools = [

View file

@ -1,7 +1,7 @@
{ lib, stdenv, fetchurl, makeWrapper, jre }:
let
version = "2020.2.6";
version = "2021.2.1";
majorVersion = builtins.substring 0 6 version;
in
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "http://download.flexibee.eu/download/${majorVersion}/${version}/${pname}-${version}.tar.gz";
sha256 = "0vscz24sabk9xafywnx41rqhq6300ddsw1x95ibc7ghsgbkq80ja";
sha256 = "sha256-WorRyfjWucV8UhAjvuW+22CRzPcz5tjXF7Has4wrLMI=";
};
nativeBuildInputs = [ makeWrapper ];

View file

@ -12,11 +12,11 @@
stdenv.mkDerivation rec {
pname = "grisbi";
version = "2.0.1";
version = "2.0.2";
src = fetchurl {
url = "mirror://sourceforge/grisbi/${pname}-${version}.tar.bz2";
sha256 = "sha256-hFLiVHyEekCP9btO75e5ni70ZcLhjbBGCBjF2gERIqs=";
sha256 = "sha256-bCO82EWAf/kiMDdojA5goWeWiKWZNOGYixmIJQwovGM=";
};
nativeBuildInputs = [ pkg-config wrapGAppsHook ];

View file

@ -1,21 +1,34 @@
{ lib
, stdenv
, fetchpatch
, python3Packages
, wrapGAppsHook
, gtk3
, gobject-introspection
, libcanberra-gtk3
, poppler_gi
, withGstreamer ? stdenv.isLinux
, withVLC ? stdenv.isLinux
}:
python3Packages.buildPythonApplication rec {
pname = "pympress";
version = "1.5.1";
version = "1.6.3";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "173d9scf2z29qg279jf33zcl7sgc3wp662fgpm943bn9667q18wf";
sha256 = "sha256-f+OjE0x/3yfJYHCLB+on7TT7MJ2vNu87SHRi67qFDCM=";
};
patches = [
# Should not be needed once v1.6.4 is released
(fetchpatch {
name = "fix-setuptools-version-parsing.patch";
url = "https://github.com/Cimbali/pympress/commit/474514d71396ac065e210fd846e07ed1139602d0.diff";
sha256 = "sha256-eiw54sjMrXrNrhtkAXxiSTatzoA0NDA03L+HpTDax58=";
})
];
nativeBuildInputs = [
wrapGAppsHook
];
@ -23,16 +36,15 @@ python3Packages.buildPythonApplication rec {
buildInputs = [
gtk3
gobject-introspection
libcanberra-gtk3
poppler_gi
];
] ++ lib.optional withGstreamer libcanberra-gtk3;
propagatedBuildInputs = with python3Packages; [
pycairo
pygobject3
python-vlc
setuptools
watchdog
];
] ++ lib.optional withVLC python-vlc;
doCheck = false; # there are no tests

View file

@ -18,11 +18,11 @@
stdenv.mkDerivation rec {
pname = "fldigi";
version = "4.1.19";
version = "4.1.20";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "0zvfkmvxi31ccbpxvimkcrqrkf3wzr1pgja2ny04srrakl8ff5c7";
sha256 = "0f64pqijl3jlfmv00hkdxvn1wy5yy3zl33p6vf3fn1b91w590c2h";
};
nativeBuildInputs = [ pkg-config ];

Some files were not shown because too many files have changed in this diff Show more