cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge branch 'staging-next' into staging

Browse source
This commit is contained in:
Jan Tojnar 2020-08-11 16:18:42 +02:00
commit 11da469fa5
No known key found for this signature in database
GPG key ID: 7FAB2A15F7A607A4
33 changed files with 187 additions and 212 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/doc/manual/release-notes/rl-2009.xml
View file

@ -634,6 +634,11 @@ services.postgresql.dataDir = "/var/db/postgresql";
</programlisting>
</para>
</listitem>
<listitem>
<para>
The USBGuard module now removes options and instead hardcodes values for <literal>IPCAccessControlFiles</literal>, <literal>ruleFiles</literal>, and <literal>auditFilePath</literal>. Audit logs can be found in the journal.
</para>
</listitem>
</itemizedlist>
</section>

120
nixos/modules/services/security/usbguard.nix
View file

@ -1,37 +1,39 @@
{config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.usbguard;
# valid policy options
policy = (types.enum [ "allow" "block" "reject" "keep" "apply-policy" ]);
defaultRuleFile = "/var/lib/usbguard/rules.conf";
# decide what file to use for rules
ruleFile = if cfg.rules != null then pkgs.writeText "usbguard-rules" cfg.rules else cfg.ruleFile;
ruleFile = if cfg.rules != null then pkgs.writeText "usbguard-rules" cfg.rules else defaultRuleFile;
daemonConf = ''
# generated by nixos/modules/services/security/usbguard.nix
RuleFile=${ruleFile}
ImplicitPolicyTarget=${cfg.implictPolicyTarget}
PresentDevicePolicy=${cfg.presentDevicePolicy}
PresentControllerPolicy=${cfg.presentControllerPolicy}
InsertedDevicePolicy=${cfg.insertedDevicePolicy}
RestoreControllerDeviceState=${if cfg.restoreControllerDeviceState then "true" else "false"}
# this does not seem useful for endusers to change
DeviceManagerBackend=uevent
IPCAllowedUsers=${concatStringsSep " " cfg.IPCAllowedUsers}
IPCAllowedGroups=${concatStringsSep " " cfg.IPCAllowedGroups}
IPCAccessControlFiles=${cfg.IPCAccessControlFiles}
DeviceRulesWithPort=${if cfg.deviceRulesWithPort then "true" else "false"}
AuditFilePath=${cfg.auditFilePath}
'';
# generated by nixos/modules/services/security/usbguard.nix
RuleFile=${ruleFile}
ImplicitPolicyTarget=${cfg.implictPolicyTarget}
PresentDevicePolicy=${cfg.presentDevicePolicy}
PresentControllerPolicy=${cfg.presentControllerPolicy}
InsertedDevicePolicy=${cfg.insertedDevicePolicy}
RestoreControllerDeviceState=${if cfg.restoreControllerDeviceState then "true" else "false"}
# this does not seem useful for endusers to change
DeviceManagerBackend=uevent
IPCAllowedUsers=${concatStringsSep " " cfg.IPCAllowedUsers}
IPCAllowedGroups=${concatStringsSep " " cfg.IPCAllowedGroups}
IPCAccessControlFiles=/var/lib/usbguard/IPCAccessControl.d/
DeviceRulesWithPort=${if cfg.deviceRulesWithPort then "true" else "false"}
# HACK: that way audit logs still land in the journal
AuditFilePath=/dev/null
'';
daemonConfFile = pkgs.writeText "usbguard-daemon-conf" daemonConf;
daemonConfFile = pkgs.writeText "usbguard-daemon-conf" daemonConf;
in {
in
{
###### interface
@ -49,22 +51,6 @@ in {
'';
};
ruleFile = mkOption {
type = types.path;
default = "/var/lib/usbguard/rules.conf";
description = ''
The USBGuard daemon will use this file to load the policy rule set
from it and to write new rules received via the IPC interface.
Running the command <literal>usbguard generate-policy</literal> as
root will generate a config for your currently plugged in devices.
For a in depth guide consult the official documentation.
Setting the <literal>rules</literal> option will ignore the
<literal>ruleFile</literal> option.
'';
};
rules = mkOption {
type = types.nullOr types.lines;
default = null;
@ -72,16 +58,20 @@ in {
allow with-interface equals { 08:*:* }
'';
description = ''
The USBGuard daemon will load this policy rule set. Modifying it via
the IPC interface won't work if you use this option, since the
contents of this option will be written into the nix-store it will be
read-only.
The USBGuard daemon will load this as the policy rule set.
As these rules are NixOS managed they are immutable and can't
be changed by the IPC interface.
You can still use <literal> usbguard generate-policy</literal> to
generate rules, but you would have to insert them here.
If you do not set this option, the USBGuard daemon will load
it's policy rule set from <literal>${defaultRuleFile}</literal>.
This file can be changed manually or via the IPC interface.
Setting the <literal>rules</literal> option will ignore the
<literal>ruleFile</literal> option.
Running <literal>usbguard generate-policy</literal> as root will
generate a config for your currently plugged in devices.
For more details see <citerefentry>
<refentrytitle>usbguard-rules.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.
'';
};
@ -155,17 +145,6 @@ in {
'';
};
IPCAccessControlFiles = mkOption {
type = types.path;
default = "/var/lib/usbguard/IPCAccessControl.d/";
description = ''
The files at this location will be interpreted by the daemon as IPC
access control definition files. See the IPC ACCESS CONTROL section
in <citerefentry><refentrytitle>usbguard-daemon.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for more details.
'';
};
deviceRulesWithPort = mkOption {
type = types.bool;
default = false;
@ -173,14 +152,6 @@ in {
Generate device specific rules including the "via-port" attribute.
'';
};
auditFilePath = mkOption {
type = types.path;
default = "/var/log/usbguard/usbguard-audit.log";
description = ''
USBGuard audit events log file path.
'';
};
};
};
@ -197,17 +168,19 @@ in {
wantedBy = [ "basic.target" ];
wants = [ "systemd-udevd.service" ];
# make sure an empty rule file and required directories exist
preStart = ''
mkdir -p $(dirname "${cfg.ruleFile}") $(dirname "${cfg.auditFilePath}") "${cfg.IPCAccessControlFiles}" \
&& ([ -f "${cfg.ruleFile}" ] || touch ${cfg.ruleFile})
'';
# make sure an empty rule file exists
preStart = ''[ -f "${ruleFile}" ] || touch ${ruleFile}'';
serviceConfig = {
Type = "simple";
ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
Restart = "on-failure";
StateDirectory = [
"usbguard"
"usbguard/IPCAccessControl.d"
];
AmbientCapabilities = "";
CapabilityBoundingSet = "CAP_CHOWN CAP_FOWNER";
DeviceAllow = "/dev/null rw";
@ -223,8 +196,8 @@ in {
ProtectKernelModules = true;
ProtectSystem = true;
ReadOnlyPaths = "-/";
ReadWritePaths = "-/dev/shm -${dirOf cfg.auditFilePath} -/tmp -${dirOf cfg.ruleFile}";
RestrictAddressFamilies = "AF_UNIX AF_NETLINK";
ReadWritePaths = "-/dev/shm -/tmp";
RestrictAddressFamilies = [ "AF_UNIX" "AF_NETLINK" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
@ -233,4 +206,9 @@ in {
};
};
};
imports = [
(mkRemovedOptionModule [ "services" "usbguard" "ruleFile" ] "The usbguard module now uses ${defaultRuleFile} as ruleFile. Alternatively, use services.usbguard.rules to configure rules.")
(mkRemovedOptionModule [ "services" "usbguard" "IPCAccessControlFiles" ] "The usbguard module now hardcodes IPCAccessControlFiles to /var/lib/usbguard/IPCAccessControl.d.")
(mkRemovedOptionModule [ "services" "usbguard" "auditFilePath" ] "Removed usbguard module audit log files. Audit logs can be found in the systemd journal.")
];
}

4
pkgs/applications/audio/bitwig-studio/bitwig-studio3.nix
View file

@ -2,11 +2,11 @@
bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}";
version = "3.2.2";
version = "3.2.6";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
sha256 = "10zb78n75nbriyjah0m3syv3rv7qwbmj590z24hss7lifa3rs784";
sha256 = "00hrbgnjns3s8lbjbabwwqvbwz4dlrg33cs3d1qlpzgi3y72h3nn";
};
buildInputs = oldAttrs.buildInputs ++ [ xorg.libXtst ];

4
pkgs/applications/blockchains/go-ethereum.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "go-ethereum";
version = "1.9.18";
version = "1.9.19";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "0nkzwmrzk0m9662cr18h5i54v07mw8v3fh0csvqx8n50z5fcvb7b";
sha256 = "08wf7qklk31dky2z0l2j9vbyr8721gkvy4dsc60afwrwihwd8lrp";
};
runVend = true;

15
pkgs/applications/editors/emacs/clean-env.patch
View file

@ -2,14 +2,15 @@ Dump temacs in an empty environment to prevent -dev paths from ending
up in the dumped image.
diff --git a/src/Makefile.in b/src/Makefile.in
index fd05a45df5..13f529c253 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -535,7 +535,7 @@ ifeq ($(CANNOT_DUMP),yes)
ln -f temacs$(EXEEXT) $@
else
unset EMACS_HEAP_EXEC; \
- LC_ALL=C $(RUN_TEMACS) -batch $(BUILD_DETAILS) -l loadup dump
+ env -i LC_ALL=C $(RUN_TEMACS) -batch $(BUILD_DETAILS) -l loadup dump
@@ -570,7 +570,7 @@ emacs$(EXEEXT): temacs$(EXEEXT) \
lisp.mk $(etc)/DOC $(lisp) \
$(lispsource)/international/charprop.el ${charsets}
ifeq ($(DUMPING),unexec)
- LC_ALL=C $(RUN_TEMACS) -batch $(BUILD_DETAILS) -l loadup --temacs=dump
+ env -i LC_ALL=C $(RUN_TEMACS) -batch $(BUILD_DETAILS) -l loadup --temacs=dump
ifneq ($(PAXCTL_dumped),)
$(PAXCTL_dumped) $@
$(PAXCTL_dumped) emacs$(EXEEXT)
endif

9
pkgs/applications/editors/emacs/default.nix
View file

@ -32,7 +32,7 @@ assert withXwidgets -> withGTK3 && webkitgtk != null;
let
version = "26.3";
version = "27.1";
versionModifier = "";
name = "emacs-${version}${versionModifier}";
@ -41,7 +41,7 @@ in stdenv.mkDerivation {
src = fetchurl {
url = "mirror://gnu/emacs/${name}.tar.xz";
sha256 = "119ldpk7sgn9jlpyngv5y4z3i7bb8q3xp4p0qqi7i5nq39syd42d";
sha256 = "0h9f2wpmp6rb5rfwvqwv1ia1nw86h74p7hnz3vb3gjazj67i4k2a";
};
enableParallelBuilding = true;
@ -49,11 +49,6 @@ in stdenv.mkDerivation {
patches = [
./clean-env.patch
./tramp-detect-wrapped-gvfsd.patch
# unbreak macOS unexec
(fetchpatch {
url = "https://github.com/emacs-mirror/emacs/commit/888ffd960c06d56a409a7ff15b1d930d25c56089.patch";
sha256 = "08q3ygdigqwky70r47rcgzlkc5jy82xiq8am5kwwy891wlpl7frw";
})
];
postPatch = lib.concatStringsSep "\n" [

10
pkgs/applications/editors/emacs/tramp-detect-wrapped-gvfsd.patch
View file

@ -1,14 +1,12 @@
diff --git a/lisp/net/tramp-gvfs.el b/lisp/net/tramp-gvfs.el
index f370abba31..f2806263a9 100644
index 34a234c..b5a471c 100644
--- a/lisp/net/tramp-gvfs.el
+++ b/lisp/net/tramp-gvfs.el
@@ -164,7 +164,8 @@ tramp-gvfs-enabled
(and (featurep 'dbusbind)
@@ -122,6 +122,7 @@
(tramp-compat-funcall 'dbus-get-unique-name :system)
(tramp-compat-funcall 'dbus-get-unique-name :session)
- (or (tramp-compat-process-running-p "gvfs-fuse-daemon")
+ (or (tramp-compat-process-running-p ".gvfsd-fuse-wrapped")
+ (tramp-compat-process-running-p "gvfs-fuse-daemon")
(or (tramp-compat-process-running-p "gvfs-fuse-daemon")
+ (tramp-compat-process-running-p ".gvfsd-fuse-wrapped")
(tramp-compat-process-running-p "gvfsd-fuse"))))
"Non-nil when GVFS is available.")

44
pkgs/applications/editors/jetbrains/default.nix
View file

@ -271,12 +271,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2020.1.2"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "0q5bnb0rmsgks7brrdpgah83s2ixa4pyhw8jvg9p2g48b582rmf7"; /* updated by script */
sha256 = "1j80k6r4nbr8abwkpx78sy3jzq3jsywn2k6g4mjx6h0adwxswymm"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -284,12 +284,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2020.1.5"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0605d772156lzlz5904px2spdijc92yz6rjvmpyg6vk5zv5k2wm9"; /* updated by script */
sha256 = "0d0m6v4lr6qhi79csdpcyiyd2hnhlsan9lpnjmhkdxd84i1dl15a"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -297,12 +297,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2020.1.4"; /* updated by script */
version = "2020.2.1"; /* updated by script */
description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "1wgcc1faqn0y9brxikh53s6ly7zvpdmpg7m5gvp5437isbllisbl"; /* updated by script */
sha256 = "15jd2yn4g3lya54ppcp8b0bvf2pp2khdvqba2g1aml16d5z8mkq6"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand RELEASE";
@ -310,12 +310,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "1aycsy2pg8nw5il8p2r6bhim9y47g5rfga63f0p435mpjmzpll0s"; /* updated by script */
sha256 = "0rymyyhgm42i487dhlxh78shyvq4hd56frgz7wrqf85hg2j5ha0y"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -323,12 +323,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "188wkqcv67kizq4w6v4vg9jpr3qfgbg9x5jc77s4ki4nafkbfxas"; /* updated by script */
sha256 = "00mbf8asxjdnfciz6bl8b83kqknqdnars5w5w5w38rmza53pzxsi"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -336,12 +336,12 @@ in
mps = buildMps rec {
name = "mps-${version}";
version = "2020.1.2"; /* updated by script */
version = "2020.1.3"; /* updated by script */
description = "Create your own domain-specific language";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/mps/2020.1/MPS-${version}.tar.gz";
sha256 = "0ygk31l44bxcv64h6lnqxssmx5prcb5b5xdm3qxmrv7xz1qv59c1"; /* updated by script */
sha256 = "1ncvq834vn47pmh3q875hgqi4m7h3inljp89w3jwwhjn3g985ysz"; /* updated by script */
};
wmClass = "jetbrains-mps";
update-channel = "MPS RELEASE";
@ -349,12 +349,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "0cw2rx68rl6mrnizpb69ahz4hrh8blry70cv4rjnkw19d4x877m8"; /* updated by script */
sha256 = "1zxhb2w7nivnx8habcf5vii6bwzaihs5x8smy0zf8ngv3xwr6vjc"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm RELEASE";
@ -362,12 +362,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "1290k17nihiih8ipxfqax1xlx320h1vkwbcc5hc50psvpsfgiall"; /* updated by script */
sha256 = "12pp3xp74dzgjrv2nz83dnqycb250kkgqlb3skjkdx9pabmfxck0"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE";
@ -375,12 +375,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "1ag8jrfs38f0q11pyil4pvddi8lv46b0jxd3mcbmidn3p1z29f9x"; /* updated by script */
sha256 = "0xq0nba31yc7cm1lbgkmgfbr5kp5fq5k7j2n6kampm2hyx5fa0ak"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE";
@ -401,12 +401,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "1z6z2c31aq29hzi1cifc77zz9vnw48h2jvw4w61lvgskcnzrw9vn"; /* updated by script */
sha256 = "1caxd5qcxwwrdy3ma87gnywr5czg3lam1n2gwbnc7hdxgfnvn3qz"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE";
@ -414,12 +414,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2020.1.3"; /* updated by script */
version = "2020.2"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "19zqac77fkw1czf86s39ggnd24r9ljr80gj422ch4fdkz4qy832q"; /* updated by script */
sha256 = "100j2q9hz0a50n3x3khk7hap7b496g6sx0y6q7n7vy2zayh5ibm5"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

4
pkgs/applications/misc/orca/default.nix
View file

@ -35,13 +35,13 @@
buildPythonApplication rec {
pname = "orca";
version = "3.36.3";
version = "3.36.4";
format = "other";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "1x0xrcyxlvcjlqp6wcsx5d951i500079wqs04scssjzwqggy330n";
sha256 = "1s6qrmbn3pywidwwfa24ly21c1cz6fnnsipi9vlp3sxswbdcwiwz";
};
patches = [

18
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View file

@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
sha256 = "06cl77yi7cb6r7n8mn38d61zmgwxi690qxrkd56hg2773hn06wq5";
sha256bin64 = "0a6c44qb0n2hdc42p5xqybnbhgdxd51lyygkqz42fmym6id65v88";
version = "85.0.4183.39";
sha256 = "0qvcp47m3mc1lw22sq1a4pvaxxi5wlmwzjz23ak01wj3v1xifsh6";
sha256bin64 = "1a06yhaifbjs88wskfb3mcx06klhvdvz2mnkzz6szhkypz8mi3dp";
version = "85.0.4183.59";
};
dev = {
sha256 = "1l2d3gk7si1djxn3901fjgykv7nzc8g970m3fb9pjflfrr8f17v6";
sha256bin64 = "0flsmy5blrc9gs6cikag7mdlvgkm6mzm745kcq0shfmhanvlkykn";
version = "86.0.4209.2";
sha256 = "0nirf72i3zdqsy201qzinfn9k40iy315i6z0a8xn3ciagh10p5j4";
sha256bin64 = "1ss36w8bsqfswnqddhn2aamjmsyh2vr0y9gjlzrh702mda8yraq1";
version = "86.0.4221.3";
};
stable = {
sha256 = "1b6cqnwx76pp4y5hvz3qm8lm1ayaxr5578k76164acr35bmypx6a";
sha256bin64 = "0znxq5ncyvyysx3p8xikzg8jm8jr51k478y29m985x6c5p5a4zyw";
version = "84.0.4147.105";
sha256 = "1xdg9pnnvbzasmra09rl7wdrir61rfcqml46jj7kv39drwk9chwq";
sha256bin64 = "1fbn9vkz4kf1dhivi1sfnfi8dady9qjmfr44hvfmb8aibh9kzc8w";
version = "84.0.4147.125";
};
}

4
pkgs/applications/networking/cluster/helmfile/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "helmfile";
version = "0.125.1";
version = "0.125.5";
src = fetchFromGitHub {
owner = "roboll";
repo = "helmfile";
rev = "v${version}";
sha256 = "0ym9q1rww3r54czkrckdd1ahlym6n61l2563nmj48hkn5d4qxqbm";
sha256 = "00c1sppvdnsqay8zk6fz5xz8yw74zv30hq54r4sf1a5rb84nd05h";
};
vendorSha256 = "04mga3jc2c01daygjcn245mv30lc2ibax0mpb1wjk3s8lkl4cxcz";

6
pkgs/applications/networking/cluster/jx/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "jx";
version = "2.1.121";
version = "2.1.127";
src = fetchFromGitHub {
owner = "jenkins-x";
repo = "jx";
rev = "v${version}";
sha256 = "0bjpnh962w5wz4gj5my9g52dawxj8zccvpkxlxy1n7c3dkzjxx5j";
sha256 = "01dfpnqgbrn8b6h2irq080xdm76b4jx6sd80f8x4zmyaz6hf5vlv";
};
vendorSha256 = "0l9djgvnrgdnw7nsf05yq7qpzzzm3gasgh9a7dyc16pp2kxvza6k";
vendorSha256 = "0la92a8720l8my5r4wsbgv74y6m19ikmm0wv3l4m4w5gjyplfsxb";
doCheck = false;

4
pkgs/applications/networking/cluster/terraform/default.nix
View file

@ -132,8 +132,8 @@ in rec {
});
terraform_0_13 = pluggable (generic {
version = "0.13.0-rc1";
sha256 = "1lja2s9viz5ja40qmlf49p6hk3rwdz6q0rw3ff1894b464zbsnk2";
version = "0.13.0";
sha256 = "0kangddd99ix50w67hi0pwa9js9c0hjxqvrc0lxaa6msjvjsxyyq";
patches = [ ./provider-path.patch ];
passthru = { inherit plugins; };
});

8
pkgs/applications/networking/ids/zeek/default.nix
View file

@ -20,11 +20,11 @@ let
in
stdenv.mkDerivation rec {
pname = "zeek";
version = "3.1.5";
version = "3.2.0";
src = fetchurl {
url = "https://download.zeek.org/zeek-${version}.tar.gz";
sha256 = "1rwrwdx0jf76pb11vpmv5z513ss9rrkgpjv1pa1vydf4gbafhi5r";
sha256 = "0ky4485z0gpaj1z75y7jr5bn9wr8x8w3v637aqq4v9a0a5iyagmg";
};
nativeBuildInputs = [ cmake flex bison file ];
@ -40,8 +40,8 @@ stdenv.mkDerivation rec {
# Fix pybind c++17 build with Clang. See: https://github.com/pybind/pybind11/issues/1604
(fetchpatch {
url = "https://github.com/pybind/pybind11/commit/759221f5c56939f59d8f342a41f8e2d2cacbc8cf.patch";
sha256 = "0l8z7d7chq1awd8dnfarj4c40wx36hkhcan0702p5l89x73wqk54";
extraPrefix = "aux/broker/bindings/python/3rdparty/pybind11/";
sha256 = "17qznp8yavnv84fjsbghv3d59z6k6rx74j49w0izakmgw5a95w84";
extraPrefix = "auxil/broker/bindings/python/3rdparty/pybind11/";
stripLen = 1;
})
];

10
pkgs/applications/version-management/gitlab/data.json
View file

@ -1,13 +1,13 @@
{
"version": "13.0.9",
"repo_hash": "0rzby1q4vy59cs9ghnx29f6gflmz9114yh5yia0kdikiyky95rsx",
"version": "13.0.12",
"repo_hash": "0m9pn1alxdib9ppf878wf186bvn0llik7vcpqijzcdzc18q9cldq",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v13.0.9-ee",
"rev": "v13.0.12-ee",
"passthru": {
"GITALY_SERVER_VERSION": "13.0.9",
"GITALY_SERVER_VERSION": "13.0.12",
"GITLAB_PAGES_VERSION": "1.18.0",
"GITLAB_SHELL_VERSION": "13.2.0",
"GITLAB_WORKHORSE_VERSION": "8.31.2"
}
}
}

4
pkgs/applications/version-management/gitlab/gitaly/default.nix
View file

@ -19,14 +19,14 @@ let
};
};
in buildGoPackage rec {
version = "13.0.9";
version = "13.0.12";
pname = "gitaly";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "0bw3g1c3ji78grh6fs4qq64hq1s4z2da5f18zbkac41hkkqbf1in";
sha256 = "00jzrib8f51b3wkl0zy9a9cr5j9kp6cmm49vxm27zgxpyz8k1axw";
};
# Fix a check which assumes that hook files are writeable by their

9
pkgs/development/coq-modules/coq-elpi/default.nix
View file

@ -2,9 +2,14 @@
let params = {
"8.11" = rec {
version = "1.4.1";
version = "1.5.0";
rev = "v${version}";
sha256 = "12jwldcianai62y9jnghsjfya5dj6fvc6ilf37c7w037kylx45sd";
sha256 = "0dlw869j6ib58i8fhbr7x3hq2cy088arihhfanv8i08djqml6g8x";
};
"8.12" = rec {
version = "1.5.1";
rev = "v${version}";
sha256 = "1znjc8c8rivsawmz5bgm9ddl69p62p2pwxphvpap1gfmi5cp8lwi";
};
};
param = params.${coq.coq-version};

9
pkgs/development/coq-modules/hierarchy-builder/default.nix
View file

@ -2,14 +2,15 @@
let
versions = {
"0.9.1" = {
rev = "v0.9.1";
sha256 = "00fibahkmvisr16ffaxfrc00gcijsv9rgk4v8ibmy1jv0iyk875b";
"0.10.0" = {
rev = "v0.10.0";
sha256 = "1a3vry9nzavrlrdlq3cys3f8kpq3bz447q8c4c7lh2qal61wb32h";
};
};
version = x: versions.${x} // {version = x;};
params = {
"8.11" = version "0.9.1";
"8.11" = version "0.10.0";
"8.12" = version "0.10.0";
};
param = params.${coq.coq-version};
in

18
pkgs/development/interpreters/python/default.nix
View file

@ -158,10 +158,10 @@ in {
self = pypy27;
sourceVersion = {
major = "7";
minor = "1";
minor = "3";
patch = "1";
};
sha256 = "0yq6ln1ic476sasp8zs4mg5i9524l1p96qwanp486rr1yza1grlg";
sha256 = "08ckkhd0ix6j9873a7gr507c72d4cmnv5lwvprlljdca9i8p2dzs";
pythonVersion = "2.7";
db = db.override { dbmSupport = !stdenv.isDarwin; };
python = python27;
@ -174,10 +174,10 @@ in {
self = pypy36;
sourceVersion = {
major = "7";
minor = "1";
minor = "3";
patch = "1";
};
sha256 = "1hqvnran7d2dzj5555n7q680dyzhmbklz04pvkxgb5j604v7kkx1";
sha256 = "10zsk8jby8j6visk5mzikpb1cidvz27qq4pfpa26jv53klic6b0c";
pythonVersion = "3.6";
db = db.override { dbmSupport = !stdenv.isDarwin; };
python = python27;
@ -191,13 +191,12 @@ in {
self = pythonInterpreters.pypy27_prebuilt;
sourceVersion = {
major = "7";
minor = "1";
minor = "3";
patch = "1";
};
sha256 = "0rlx4x9xy9h989w6sy4h7lknm00956r30c5gjxwsvf8fhvq9xc3k"; # linux64
sha256 = "18xc5kwidj5hjwbr0w8v1nfpg5l4lk01z8cn804zfyyz8xjqhx5y"; # linux64
pythonVersion = "2.7";
inherit passthruFun;
ncurses = ncurses5;
};
pypy36_prebuilt = callPackage ./pypy/prebuilt.nix {
@ -205,13 +204,12 @@ in {
self = pythonInterpreters.pypy36_prebuilt;
sourceVersion = {
major = "7";
minor = "1";
minor = "3";
patch = "1";
};
sha256 = "1c1xx6dm1n4xvh1vd3rcvyyixm5jm9rvzisji1a5bc9l38xzc540"; # linux64
sha256 = "04nv0mkalaliphbjw7y0pmb372bxwjzwmcsqkf9kwsik99kg2z7n"; # linux64
pythonVersion = "3.6";
inherit passthruFun;
ncurses = ncurses5;
};
graalpython37 = callPackage ./graalpython/default.nix {

11
pkgs/development/interpreters/python/pypy/default.nix
View file

@ -34,7 +34,7 @@ in with passthru; stdenv.mkDerivation rec {
inherit pname version;
src = fetchurl {
url = "https://bitbucket.org/pypy/pypy/get/release-pypy${pythonVersion}-v${version}.tar.bz2";
url = "https://bitbucket.org/pypy/pypy/downloads/pypy${pythonVersion}-v${version}-src.tar.bz2";
inherit sha256;
};
@ -75,13 +75,6 @@ in with passthru; stdenv.mkDerivation rec {
postPatch = ''
substituteInPlace "lib-python/${if isPy3k then "3/tkinter/tix.py" else "2.7/lib-tk/Tix.py"}" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
# hint pypy to find nix ncurses
substituteInPlace pypy/module/_minimal_curses/fficurses.py \
--replace "/usr/include/ncurses/curses.h" "${ncurses.dev}/include/curses.h" \
--replace "ncurses/curses.h" "${ncurses.dev}/include/curses.h" \
--replace "ncurses/term.h" "${ncurses.dev}/include/term.h" \
--replace "libraries=['curses']" "libraries=['ncurses']"
sed -i "s@libraries=\['sqlite3'\]\$@libraries=['sqlite3'], include_dirs=['${sqlite.dev}/include'], library_dirs=['${sqlite.out}/lib']@" lib_pypy/_sqlite3_build.py
'';
@ -137,7 +130,7 @@ in with passthru; stdenv.mkDerivation rec {
ln -s $out/${executable}-c/${executable}-c $out/bin/${executable}
# other packages expect to find stuff according to libPrefix
ln -s $out/${executable}/include $out/include/${libPrefix}
ln -s $out/${executable}-c/include $out/include/${libPrefix}
ln -s $out/${executable}-c/lib-python/${if isPy3k then "3" else pythonVersion} $out/lib/${libPrefix}
${stdenv.lib.optionalString stdenv.isDarwin ''

19
pkgs/development/interpreters/python/pypy/prebuilt.nix
View file

@ -8,10 +8,9 @@
, zlib
, openssl_1_0_2
, expat
, libffi
, ncurses
, tcl
, tk
, ncurses6
, tcl-8_5
, tk-8_5
# For the Python package set
, packageOverrides ? (self: super: {})
, sourceVersion
@ -46,10 +45,9 @@ let
zlib
openssl_1_0_2
expat
libffi
ncurses
tcl
tk
ncurses6
tcl-8_5
tk-8_5
];
in with passthru; stdenv.mkDerivation {
@ -66,6 +64,7 @@ in with passthru; stdenv.mkDerivation {
mkdir -p $out/lib
echo "Moving files to $out"
mv -t $out bin include lib-python lib_pypy site-packages
mv lib/libffi.so.6* $out/lib/
mv $out/bin/libpypy*-c.so $out/lib/
@ -78,8 +77,8 @@ in with passthru; stdenv.mkDerivation {
$out/bin/pypy*
pushd $out
find {lib,lib_pypy*} -name "*.so" -exec patchelf --replace-needed "libbz2.so.1.0" "libbz2.so.1" {} \;
find {lib,lib_pypy*} -name "*.so" -exec patchelf --set-rpath ${stdenv.lib.makeLibraryPath deps} {} \;
find {lib,lib_pypy*} -name "*.so" -exec patchelf --remove-needed libncursesw.so.6 --replace-needed libtinfow.so.6 libncursesw.so.6 {} \;
find {lib,lib_pypy*} -name "*.so" -exec patchelf --set-rpath ${stdenv.lib.makeLibraryPath deps}:$out/lib {} \;
echo "Removing bytecode"
find . -name "__pycache__" -type d -depth -exec rm -rf {} \;

7
pkgs/development/libraries/amdvlk/default.nix
View file

@ -18,13 +18,13 @@
stdenv.mkDerivation rec {
pname = "amdvlk";
version = "2020.Q3.2";
version = "2020.Q3.3";
src = fetchRepoProject {
name = "${pname}-src";
manifest = "https://github.com/GPUOpen-Drivers/AMDVLK.git";
rev = "refs/tags/v-${version}";
sha256 = "1mki4lxy981g1rz9d6w18dv1hf3ldch5gld2vb7injn5ipp6z2y3";
sha256 = "0s5a294gzcz438gmafirk3czrjcahv3imsg41k3vk83x4dbdlhxv";
};
buildInputs = [
@ -78,8 +78,9 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "AMD Open Source Driver For Vulkan";
homepage = "https://github.com/GPUOpen-Drivers/AMDVLK";
changelog = "https://github.com/GPUOpen-Drivers/AMDVLK/releases/tag/v-${version}";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ Flakebi ];
maintainers = with maintainers; [ danieldk Flakebi ];
};
}

4
pkgs/development/ocaml-modules/ppx_deriving_yojson/default.nix
View file

@ -4,7 +4,7 @@
buildDunePackage rec {
pname = "ppx_deriving_yojson";
version = "3.5.2";
version = "3.5.3";
minimumOCamlVersion = "4.04";
@ -12,7 +12,7 @@ buildDunePackage rec {
owner = "ocaml-ppx";
repo = "ppx_deriving_yojson";
rev = "v${version}";
sha256 = "1vbhmnhnj1aa4jrp8xqi52nggwj7vrml83z2j0r0qzvl65v02mc0";
sha256 = "030638gp39mr4hkilrjhd98q4s8gjqxifm6fy6bwqrg74hmrl2y5";
};
buildInputs = [ ppxfind ounit ];

6
pkgs/development/ocaml-modules/uunf/default.nix
View file

@ -4,15 +4,15 @@ let
webpage = "https://erratique.ch/software/${pname}";
in
assert stdenv.lib.versionAtLeast ocaml.version "4.01";
assert stdenv.lib.versionAtLeast ocaml.version "4.03";
stdenv.mkDerivation rec {
name = "ocaml-${pname}-${version}";
version = "12.0.0";
version = "13.0.0";
src = fetchurl {
url = "${webpage}/releases/${pname}-${version}.tbz";
sha256 = "031fxixp37hjv45mib87wxm865k82903w72x60hp6v36k7jn34a4";
sha256 = "1qci04nkp24kdls1z4s8kz5dzgky4nwd5r8345nwdrgwmxhw7ksm";
};
buildInputs = [ ocaml findlib ocamlbuild topkg uutf cmdliner ];

4
pkgs/development/tools/scalafmt/default.nix
View file

@ -2,7 +2,7 @@
let
baseName = "scalafmt";
version = "2.6.2";
version = "2.6.4";
deps = stdenv.mkDerivation {
name = "${baseName}-deps-${version}";
buildCommand = ''
@ -13,7 +13,7 @@ let
'';
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "1q2bsc6vqgbgzg8hcz8pn6vl3263ghjfbkn93vijvmz0ivc806j4";
outputHash = "1h19rsxsn2piifillv29nwks2k9l391jwygjbfy8pc0ha8yi63mw";
};
in
stdenv.mkDerivation {

5
pkgs/servers/home-assistant/relax-dependencies.patch
View file

@ -1,5 +1,5 @@
diff --git a/setup.py b/setup.py
index 7cf06942f3..bace4479fb 100755
index 7cf06942f3..b3dd1b3e1b 100755
--- a/setup.py
+++ b/setup.py
@@ -32,7 +32,7 @@ PROJECT_URLS = {
@ -18,7 +18,8 @@ index 7cf06942f3..bace4479fb 100755
- "cryptography==2.9.2",
+ "cryptography>=2.9.2",
"pip>=8.0.3",
"python-slugify==4.0.0",
- "python-slugify==4.0.0",
+ "python-slugify>=4.0.0",
"pytz>=2020.1",
"pyyaml==5.3.1",
- "requests==2.24.0",

4
pkgs/shells/xonsh/default.nix
View file

@ -8,14 +8,14 @@
python3Packages.buildPythonApplication rec {
pname = "xonsh";
version = "0.9.18";
version = "0.9.19";
# fetch from github because the pypi package ships incomplete tests
src = fetchFromGitHub {
owner = "xonsh";
repo = "xonsh";
rev = version;
sha256 = "1zg5dl9qdysbaw2djy9f7f1ydp7vzjv840cjwqxlmg9615lgg7xa";
sha256 = "1s7nb23zh4may4k3c9yfiizfdflm97hf5q2aww4j6ibykgcydv64";
};
LC_ALL = "en_US.UTF-8";

4
pkgs/tools/misc/graylog/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "graylog";
version = "3.3.3";
version = "3.3.4";
src = fetchurl {
url = "https://packages.graylog2.org/releases/graylog/graylog-${version}.tgz";
sha256 = "1yc2rirbdydirs1kph60acz06ciqnjbf115p3q4vhh15l84lg3sg";
sha256 = "0wynnb56plch61pzjl46jx5q94c5hclzyrr8567fc1jhnqycfngs";
};
dontBuild = true;

8
pkgs/tools/misc/graylog/plugins.nix
View file

@ -64,10 +64,10 @@ in {
enterprise-integrations = glPlugin rec {
name = "graylog-enterprise-integrations-${version}";
pluginName = "graylog-plugin-enterprise-integrations";
version = "3.3.3";
version = "3.3.4";
src = fetchurl {
url = "https://downloads.graylog.org/releases/graylog-enterprise-integrations/graylog-enterprise-integrations-plugins-${version}.tgz";
sha256 = "14b8whgvx8lzil09gjjxhps5syw3slwbh3gswrgc9kh1sqmdhl85";
sha256 = "0ln0vmnfgxg6hdq7sh58xdqn14bl86qrgy3923f3q3hx209v6vn9";
};
installPhase = ''
mkdir -p $out/bin
@ -96,10 +96,10 @@ in {
integrations = glPlugin rec {
name = "graylog-integrations-${version}";
pluginName = "graylog-plugin-integrations";
version = "3.3.3";
version = "3.3.4";
src = fetchurl {
url = "https://downloads.graylog.org/releases/graylog-integrations/graylog-integrations-plugins-${version}.tgz";
sha256 = "1zf97q8xm81z6q2s7c3nwvpl1m6pc6w7zjm4hmd7ds1br6pg4bdh";
sha256 = "14g6vdyibp3rva8bwss7vjbi9fpxvgp2gbk1r8divbhhpiwsjyxc";
};
installPhase = ''
mkdir -p $out/bin

4
pkgs/tools/misc/neofetch/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "neofetch";
version = "7.0.0";
version = "7.1.0";
src = fetchFromGitHub {
owner = "dylanaraps";
repo = "neofetch";
rev = version;
sha256 = "0xc0fdc7n5bhqirh83agqiy8r14l14zwca07czvj8vgnsnfybslr";
sha256 = "0i7wpisipwzk0j62pzaigbiq42y1mn4sbraz4my2jlz6ahwf00kv";
};
dontBuild = true;

6
pkgs/tools/package-management/nfpm/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "nfpm";
version = "1.5.0";
version = "1.6.0";
src = fetchFromGitHub {
owner = "goreleaser";
repo = pname;
rev = "v${version}";
sha256 = "075jrarvpvh4hll3zvrf65ar3a2ya63ma343hss11l1mr3gykb9d";
sha256 = "1q4fzjlaiwsm028cwcw7xgcbdkccw18f2mf1vh7lz42l1bxy8bk4";
};
vendorSha256 = "11ab1w89zn3m81swzsnyiw1x10v58phid4y68rralkp6bhisz25b";
vendorSha256 = "1bsb05qhr9zm8yar8mdi3mw0i5ak1s5x0i8qkz5fd6wcqnsw2jjw";
doCheck = false;

6
pkgs/tools/security/bitwarden_rs/default.nix
View file

@ -8,13 +8,13 @@ let
in rustPlatform.buildRustPackage rec {
pname = "bitwarden_rs";
version = "1.16.1";
version = "1.16.3";
src = fetchFromGitHub {
owner = "dani-garcia";
repo = pname;
rev = version;
sha256 = "18w6fan133ym8n01h2yfv84h1gh1vyib75ksd6c6a554b8ka864s";
sha256 = "1scy8abzy6j1jsms84cg2nqkn1zsxr5mjikp2xh0yl0ckkk13ffn";
};
nativeBuildInputs = [ pkgconfig ];
@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec {
RUSTC_BOOTSTRAP = 1;
cargoSha256 = "11a1a6q53n8gby7j2ghp8d2yi766fp9wklg48ap5i5afngj5lgzp";
cargoSha256 = "112mvgq581cms0war5dbni7f7yryjr5agryzn5qx835qkznzar8s";
cargoBuildFlags = [ featuresFlag ];
checkPhase = ''

6
pkgs/tools/system/kmon/default.nix
View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "kmon";
version = "1.3.5";
version = "1.4.0";
src = fetchFromGitHub {
owner = "orhun";
repo = pname;
rev = "v${version}";
sha256 = "1jbp1pd1xlbj5jzz7v2zmrzik45z91ddpvaxazjwcbqmw6hn732q";
sha256 = "1f9q4bc1kr1hgwf8byj13d6vsfs97wz7x10zwa82iv9b0wb1lr5w";
};
cargoSha256 = "17srf1krknabqprjilk76mmvjq284zf138gf15vybsbjd9dkpals";
cargoSha256 = "1xy8rkba9idd0w4bnczmv4ll9awvar99vb7s0jd25fjbzqqlz820";
nativeBuildInputs = [ python3 ];