cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2023-10-23 12:02:04 +00:00 committed by GitHub
commit 2c2c0379b7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 395 additions and 249 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/programs/browserpass.nix
View file

@ -27,6 +27,6 @@ with lib;
"opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/brave/policies/managed/${appId}".source = source "policies/chromium";
};
programs.firefox.wrapperConfig.enableBrowserpass = true;
programs.firefox.nativeMessagingHosts.packages = [ pkgs.browserpass ];
};
}

103
nixos/modules/programs/firefox.nix
View file

@ -5,8 +5,6 @@ with lib;
let
cfg = config.programs.firefox;
nmh = cfg.nativeMessagingHosts;
policyFormat = pkgs.formats.json { };
organisationInfo = ''
@ -17,6 +15,50 @@ let
given control of your browser, unless of course they also control your
NixOS configuration.
'';
# deprecated per-native-messaging-host options
nmhOptions = {
browserpass = {
name = "Browserpass";
package = pkgs.browserpass;
};
bukubrow = {
name = "Bukubrow";
package = pkgs.bukubrow;
};
euwebid = {
name = "Web eID";
package = pkgs.web-eid-app;
};
ff2mpv = {
name = "ff2mpv";
package = pkgs.ff2mpv;
};
fxCast = {
name = "fx_cast";
package = pkgs.fx-cast-bridge;
};
gsconnect = {
name = "GSConnect";
package = pkgs.gnomeExtensions.gsconnect;
};
jabref = {
name = "JabRef";
package = pkgs.jabref;
};
passff = {
name = "PassFF";
package = pkgs.passff-host;
};
tridactyl = {
name = "Tridactyl";
package = pkgs.tridactyl-native;
};
ugetIntegrator = {
name = "Uget Integrator";
package = pkgs.uget-integrator;
};
};
in
{
options.programs.firefox = {
@ -204,46 +246,31 @@ in
'';
};
nativeMessagingHosts = mapAttrs (_: v: mkEnableOption (mdDoc v)) {
browserpass = "Browserpass support";
bukubrow = "Bukubrow support";
euwebid = "Web eID support";
ff2mpv = "ff2mpv support";
fxCast = "fx_cast support";
gsconnect = "GSConnect support";
jabref = "JabRef support";
passff = "PassFF support";
tridactyl = "Tridactyl support";
ugetIntegrator = "Uget Integrator support";
};
nativeMessagingHosts = ({
packages = mkOption {
type = types.listOf types.package;
default = [];
description = mdDoc ''
Additional packages containing native messaging hosts that should be made available to Firefox extensions.
'';
};
}) // (mapAttrs (k: v: mkEnableOption (mdDoc "${v.name} support")) nmhOptions);
};
config = mkIf cfg.enable {
config = let
forEachEnabledNmh = fn: flatten (mapAttrsToList (k: v: lib.optional cfg.nativeMessagingHosts.${k} (fn k v)) nmhOptions);
in mkIf cfg.enable {
warnings = forEachEnabledNmh (k: v:
"The `programs.firefox.nativeMessagingHosts.${k}` option is deprecated, " +
"please add `${v.package.pname}` to `programs.firefox.nativeMessagingHosts.packages` instead."
);
programs.firefox.nativeMessagingHosts.packages = forEachEnabledNmh (_: v: v.package);
environment.systemPackages = [
(cfg.package.override (old: {
extraPrefs = cfg.autoConfig;
extraNativeMessagingHosts =
old.extraNativeMessagingHosts or []
++ optional nmh.ff2mpv pkgs.ff2mpv
++ optional nmh.euwebid pkgs.web-eid-app
++ optional nmh.gsconnect pkgs.gnomeExtensions.gsconnect
++ optional nmh.jabref pkgs.jabref
++ optional nmh.passff pkgs.passff-host;
cfg = let
# copy-pasted from the wrapper; TODO: figure out fix
applicationName = cfg.package.binaryName or (lib.getName cfg.package);
oldCfg = old.cfg or {};
nixpkgsConfig = pkgs.config.${applicationName} or {};
optionConfig = cfg.wrapperConfig;
nmhConfig = {
enableBrowserpass = nmh.browserpass;
enableBukubrow = nmh.bukubrow;
enableTridactylNative = nmh.tridactyl;
enableUgetIntegrator = nmh.ugetIntegrator;
enableFXCastBridge = nmh.fxCast;
};
in oldCfg // nixpkgsConfig // optionConfig // nmhConfig;
extraPrefsFiles = old.extraPrefsFiles or [] ++ [(pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig)];
nativeMessagingHosts = old.nativeMessagingHosts or [] ++ cfg.nativeMessagingHosts.packages;
cfg = (old.cfg or {}) // cfg.wrapperConfig;
}))
];

2
nixos/modules/services/desktops/gnome/gnome-browser-connector.nix
View file

@ -42,6 +42,6 @@ in
services.dbus.packages = [ pkgs.gnome-browser-connector ];
programs.firefox.wrapperConfig.enableGnomeExtensions = true;
programs.firefox.nativeMessagingHosts.packages = [ pkgs.gnome-browser-connector ];
};
}

2
nixos/modules/services/matrix/synapse.nix
View file

@ -60,7 +60,6 @@ let
++ lib.optional (cfg.settings ? oidc_providers) "oidc"
++ lib.optional (cfg.settings ? jwt_config) "jwt"
++ lib.optional (cfg.settings ? saml2_config) "saml2"
++ lib.optional (cfg.settings ? opentracing) "opentracing"
++ lib.optional (cfg.settings ? redis) "redis"
++ lib.optional (cfg.settings ? sentry) "sentry"
++ lib.optional (cfg.settings ? user_directory) "user-search"
@ -334,7 +333,6 @@ in {
[
"cache-memory" # Provide statistics about caching memory consumption
"jwt" # JSON Web Token authentication
"opentracing" # End-to-end tracing support using Jaeger
"oidc" # OpenID Connect authentication
"postgres" # PostgreSQL database backend
"redis" # Redis support for the replication stream between worker processes

5
nixos/modules/services/web-servers/nginx/vhost-options.nix
View file

@ -35,7 +35,10 @@ with lib;
};
port = mkOption {
type = types.nullOr port;
description = lib.mdDoc "Port number.";
description = lib.mdDoc ''
Port number to listen on.
If unset and the listen address is not a socket then nginx defaults to 80.
'';
default = null;
};
ssl = mkOption {

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View file

@ -379,7 +379,7 @@ in
# Update the start menu for each user that is currently logged in
system.userActivationScripts.plasmaSetup = activationScript;
programs.firefox.wrapperConfig.enablePlasmaBrowserIntegration = true;
programs.firefox.nativeMessagingHosts.packages = [ pkgs.plasma5Packages.plasma-browser-integration ];
})
(mkIf (cfg.kwinrc != {}) {

2
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View file

@ -49,7 +49,7 @@ let
'';
};
checkedSystemdBootBuilder = pkgs.runCommandLocal "systemd-boot" {
checkedSystemdBootBuilder = pkgs.runCommand "systemd-boot" {
nativeBuildInputs = [ pkgs.mypy ];
} ''
install -m755 ${systemdBootBuilder} $out

67
nixos/modules/virtualisation/qemu-vm.nix
View file

@ -198,6 +198,39 @@ let
fi
''}
${lib.optionalString cfg.tpm.enable ''
NIX_SWTPM_DIR=$(readlink -f "''${NIX_SWTPM_DIR:-${config.system.name}-swtpm}")
mkdir -p "$NIX_SWTPM_DIR"
${lib.getExe cfg.tpm.package} \
socket \
--tpmstate dir="$NIX_SWTPM_DIR" \
--ctrl type=unixio,path="$NIX_SWTPM_DIR"/socket,terminate \
--pid file="$NIX_SWTPM_DIR"/pid --daemon \
--tpm2 \
--log file="$NIX_SWTPM_DIR"/stdout,level=6
# Enable `fdflags` builtin in Bash
# We will need it to perform surgical modification of the file descriptor
# passed in the coprocess to remove `FD_CLOEXEC`, i.e. close the file descriptor
# on exec.
# If let alone, it will trigger the coprocess to read EOF when QEMU is `exec`
# at the end of this script. To work around that, we will just clear
# the `FD_CLOEXEC` bits as a first step.
enable -f ${hostPkgs.bash}/lib/bash/fdflags fdflags
# leave a dangling subprocess because the swtpm ctrl socket has
# "terminate" when the last connection disconnects, it stops swtpm.
# When qemu stops, or if the main shell process ends, the coproc will
# get signaled by virtue of the pipe between main and coproc ending.
# Which in turns triggers a socat connect-disconnect to swtpm which
# will stop it.
coproc waitingswtpm {
read || :
echo "" | ${lib.getExe hostPkgs.socat} STDIO UNIX-CONNECT:"$NIX_SWTPM_DIR"/socket
}
# Clear `FD_CLOEXEC` on the coprocess' file descriptor stdin.
fdflags -s-cloexec ''${waitingswtpm[1]}
''}
cd "$TMPDIR"
${lib.optionalString (cfg.emptyDiskImages != []) "idx=0"}
@ -863,6 +896,32 @@ in
};
};
virtualisation.tpm = {
enable = mkEnableOption "a TPM device in the virtual machine with a driver, using swtpm.";
package = mkPackageOptionMD cfg.host.pkgs "swtpm" { };
deviceModel = mkOption {
type = types.str;
default = ({
"i686-linux" = "tpm-tis";
"x86_64-linux" = "tpm-tis";
"ppc64-linux" = "tpm-spapr";
"armv7-linux" = "tpm-tis-device";
"aarch64-linux" = "tpm-tis-device";
}.${pkgs.hostPlatform.system} or (throw "Unsupported system for TPM2 emulation in QEMU"));
defaultText = ''
Based on the guest platform Linux system:
- `tpm-tis` for (i686, x86_64)
- `tpm-spapr` for ppc64
- `tpm-tis-device` for (armv7, aarch64)
'';
example = "tpm-tis-device";
description = lib.mdDoc "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.";
};
};
virtualisation.useDefaultFilesystems =
mkOption {
type = types.bool;
@ -1028,7 +1087,8 @@ in
boot.initrd.availableKernelModules =
optional cfg.writableStore "overlay"
++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx";
++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx"
++ optional (cfg.tpm.enable) "tpm_tis";
virtualisation.additionalPaths = [ config.system.build.toplevel ];
@ -1099,6 +1159,11 @@ in
(mkIf (!cfg.graphics) [
"-nographic"
])
(mkIf (cfg.tpm.enable) [
"-chardev socket,id=chrtpm,path=\"$NIX_SWTPM_DIR\"/socket"
"-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm"
"-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0"
])
];
virtualisation.qemu.drives = mkMerge [

30
nixos/tests/firefox.nix
View file

@ -1,14 +1,7 @@
import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }:
let firefoxPackage' = firefoxPackage.override (args: {
extraPrefsFiles = (args.extraPrefsFiles or []) ++ [
# make sure that autoplay is enabled by default for the audio test
(builtins.toString (builtins.toFile "autoplay-pref.js" ''defaultPref("media.autoplay.default",0);''))
];
});
in
{
name = firefoxPackage'.unwrapped.pname;
name = firefoxPackage.pname;
meta = with pkgs.lib.maintainers; {
maintainers = [ eelco shlevy ];
};
@ -17,10 +10,13 @@ in
{ pkgs, ... }:
{ imports = [ ./common/x11.nix ];
environment.systemPackages = [
firefoxPackage'
pkgs.xdotool
];
environment.systemPackages = [ pkgs.xdotool ];
programs.firefox = {
enable = true;
preferences."media.autoplay.default" = 0;
package = firefoxPackage;
};
# Create a virtual sound device, with mixing
# and all, for recording audio.
@ -58,7 +54,9 @@ in
};
testScript = ''
testScript = let
exe = firefoxPackage.unwrapped.binaryName;
in ''
from contextlib import contextmanager
@ -97,7 +95,7 @@ in
with subtest("Wait until Firefox has finished loading the Valgrind docs page"):
machine.execute(
"xterm -e '${firefoxPackage'.unwrapped.binaryName} file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' >&2 &"
"xterm -e '${exe} file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' >&2 &"
)
machine.wait_for_window("Valgrind")
machine.sleep(40)
@ -105,7 +103,7 @@ in
with subtest("Check whether Firefox can play sound"):
with record_audio(machine):
machine.succeed(
"${firefoxPackage'.unwrapped.binaryName} file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga >&2 &"
"${exe} file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga >&2 &"
)
wait_for_sound(machine)
machine.copy_from_vm("/tmp/record.wav")

59
nixos/tests/systemd-credentials-tpm2.nix
View file

@ -1,13 +1,4 @@
import ./make-test-python.nix ({ lib, pkgs, system, ... }:
let
tpmSocketPath = "/tmp/swtpm-sock";
tpmDeviceModels = {
x86_64-linux = "tpm-tis";
aarch64-linux = "tpm-tis-device";
};
in
import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "systemd-credentials-tpm2";
@ -16,51 +7,11 @@ in
};
nodes.machine = { pkgs, ... }: {
virtualisation = {
qemu.options = [
"-chardev socket,id=chrtpm,path=${tpmSocketPath}"
"-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm"
"-device ${tpmDeviceModels.${system}},tpmdev=tpm_dev_0"
];
};
boot.initrd.availableKernelModules = [ "tpm_tis" ];
virtualisation.tpm.enable = true;
environment.systemPackages = with pkgs; [ diffutils ];
};
testScript = ''
import subprocess
from tempfile import TemporaryDirectory
# From systemd-initrd-luks-tpm2.nix
class Tpm:
def __init__(self):
self.state_dir = TemporaryDirectory()
self.start()
def start(self):
self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm",
"socket",
"--tpmstate", f"dir={self.state_dir.name}",
"--ctrl", "type=unixio,path=${tpmSocketPath}",
"--tpm2",
])
# Check whether starting swtpm failed
try:
exit_code = self.proc.wait(timeout=0.2)
if exit_code is not None and exit_code != 0:
raise Exception("failed to start swtpm")
except subprocess.TimeoutExpired:
pass
"""Check whether the swtpm process exited due to an error"""
def check(self):
exit_code = self.proc.poll()
if exit_code is not None and exit_code != 0:
raise Exception("swtpm process died")
CRED_NAME = "testkey"
CRED_RAW_FILE = f"/root/{CRED_NAME}"
CRED_FILE = f"/root/{CRED_NAME}.cred"
@ -85,12 +36,6 @@ in
machine.log("systemd-run finished successfully")
tpm = Tpm()
@polling_condition
def swtpm_running():
tpm.check()
machine.wait_for_unit("multi-user.target")
with subtest("Check whether TPM device exists"):

53
nixos/tests/systemd-cryptenroll.nix
View file

@ -8,47 +8,34 @@ import ./make-test-python.nix ({ pkgs, ... }: {
environment.systemPackages = [ pkgs.cryptsetup ];
virtualisation = {
emptyDiskImages = [ 512 ];
qemu.options = [
"-chardev socket,id=chrtpm,path=/tmp/swtpm-sock"
"-tpmdev emulator,id=tpm0,chardev=chrtpm"
"-device tpm-tis,tpmdev=tpm0"
];
tpm.enable = true;
};
};
testScript = ''
import subprocess
import tempfile
machine.start()
def start_swtpm(tpmstate):
subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir="+tpmstate, "--ctrl", "type=unixio,path=/tmp/swtpm-sock", "--log", "level=0", "--tpm2"])
# Verify the TPM device is available and accessible by systemd-cryptenroll
machine.succeed("test -e /dev/tpm0")
machine.succeed("test -e /dev/tpmrm0")
machine.succeed("systemd-cryptenroll --tpm2-device=list")
with tempfile.TemporaryDirectory() as tpmstate:
start_swtpm(tpmstate)
machine.start()
# Create LUKS partition
machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -")
# Enroll new LUKS key and bind it to Secure Boot state
# For more details on PASSWORD variable, check the following issue:
# https://github.com/systemd/systemd/issues/20955
machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb")
# Add LUKS partition to /etc/crypttab to test auto unlock
machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab")
# Verify the TPM device is available and accessible by systemd-cryptenroll
machine.succeed("test -e /dev/tpm0")
machine.succeed("test -e /dev/tpmrm0")
machine.succeed("systemd-cryptenroll --tpm2-device=list")
machine.shutdown()
machine.start()
# Create LUKS partition
machine.succeed("echo -n lukspass | cryptsetup luksFormat -q /dev/vdb -")
# Enroll new LUKS key and bind it to Secure Boot state
# For more details on PASSWORD variable, check the following issue:
# https://github.com/systemd/systemd/issues/20955
machine.succeed("PASSWORD=lukspass systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/vdb")
# Add LUKS partition to /etc/crypttab to test auto unlock
machine.succeed("echo 'luks /dev/vdb - tpm2-device=auto' >> /etc/crypttab")
machine.shutdown()
start_swtpm(tpmstate)
machine.start()
# Test LUKS partition automatic unlock on boot
machine.wait_for_unit("systemd-cryptsetup@luks.service")
# Wipe TPM2 slot
machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb")
# Test LUKS partition automatic unlock on boot
machine.wait_for_unit("systemd-cryptsetup@luks.service")
# Wipe TPM2 slot
machine.succeed("systemd-cryptenroll --wipe-slot=tpm2 /dev/vdb")
'';
})

27
nixos/tests/systemd-initrd-luks-tpm2.nix
View file

@ -9,7 +9,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
# Booting off the TPM2-encrypted device requires an available init script
mountHostNixStore = true;
useEFIBoot = true;
qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"];
tpm.enable = true;
};
boot.loader.systemd-boot.enable = true;
@ -33,29 +33,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
};
testScript = ''
import subprocess
import os
import time
class Tpm:
def __init__(self):
os.mkdir("/tmp/mytpm1")
self.start()
def start(self):
self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", "dir=/tmp/mytpm1", "--ctrl", "type=unixio,path=/tmp/mytpm1/swtpm-sock", "--log", "level=20", "--tpm2"])
def wait_for_death_then_restart(self):
while self.proc.poll() is None:
print("waiting for tpm to die")
time.sleep(1)
assert self.proc.returncode == 0
self.start()
tpm = Tpm()
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
@ -66,8 +43,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
machine.succeed("sync")
machine.crash()
tpm.wait_for_death_then_restart()
# Boot and decrypt the disk
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")

37
pkgs/applications/networking/browsers/firefox/wrapper.nix
View file

@ -34,6 +34,7 @@ let
, nameSuffix ? ""
, icon ? applicationName
, wmClass ? applicationName
, nativeMessagingHosts ? []
, extraNativeMessagingHosts ? []
, pkcs11Modules ? []
, useGlvnd ? true
@ -62,18 +63,28 @@ let
# PCSC-Lite daemon (services.pcscd) also must be enabled for firefox to access smartcards
smartcardSupport = cfg.smartcardSupport or false;
nativeMessagingHosts =
[ ]
++ lib.optional (cfg.enableBrowserpass or false) (lib.getBin browserpass)
++ lib.optional (cfg.enableBukubrow or false) bukubrow
++ lib.optional (cfg.enableTridactylNative or false) tridactyl-native
++ lib.optional (cfg.enableGnomeExtensions or false) gnome-browser-connector
++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
++ lib.optional (cfg.enablePlasmaBrowserIntegration or false) plasma5Packages.plasma-browser-integration
++ lib.optional (cfg.enableFXCastBridge or false) fx-cast-bridge
++ lib.optional (cfg.enableKeePassXC or false) keepassxc
++ extraNativeMessagingHosts
;
deprecatedNativeMessagingHost = option: pkg:
if (cfg.${option} or false)
then
lib.warn "The cfg.${option} argument for `firefox.override` is deprecated, please add `pkgs.${pkg.pname}` to `nativeMessagingHosts` instead"
[pkg]
else [];
allNativeMessagingHosts = builtins.map lib.getBin (
nativeMessagingHosts
++ deprecatedNativeMessagingHost "enableBrowserpass" browserpass
++ deprecatedNativeMessagingHost "enableBukubrow" bukubrow
++ deprecatedNativeMessagingHost "enableTridactylNative" tridactyl-native
++ deprecatedNativeMessagingHost "enableGnomeExtensions" gnome-browser-connector
++ deprecatedNativeMessagingHost "enableUgetIntegrator" uget-integrator
++ deprecatedNativeMessagingHost "enablePlasmaBrowserIntegration" plasma5Packages.plasma-browser-integration
++ deprecatedNativeMessagingHost "enableFXCastBridge" fx-cast-bridge
++ deprecatedNativeMessagingHost "enableKeePassXC" keepassxc
++ (if extraNativeMessagingHosts != []
then lib.warn "The extraNativeMessagingHosts argument for the Firefox wrapper is deprecated, please use `nativeMessagingHosts`" extraNativeMessagingHosts
else [])
);
libs = lib.optionals stdenv.isLinux [ udev libva mesa libnotify xorg.libXScrnSaver cups pciutils ]
++ lib.optional pipewireSupport pipewire
++ lib.optional ffmpegSupport ffmpeg_5
@ -338,7 +349,7 @@ let
install -D -t $out/share/applications $desktopItem/share/applications/*
mkdir -p $out/lib/mozilla/native-messaging-hosts
for ext in ${toString nativeMessagingHosts}; do
for ext in ${toString allNativeMessagingHosts}; do
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
done

4
pkgs/applications/science/electronics/verilator/default.nix
View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "verilator";
version = "5.012";
version = "5.016";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-Y6GkIgkauayJmGhOQg2kWjbcxYVIob6InMopv555Lb8=";
hash = "sha256-MVQbAZXSIdzX7+yKbSrFLLd0j6dfLSXpES3uu6bcPt8=";
};
enableParallelBuilding = true;

1
pkgs/applications/video/mediathekview/default.nix
View file

@ -42,6 +42,7 @@ stdenv.mkDerivation rec {
homepage = "https://mediathekview.de/";
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.gpl3Plus;
mainProgram = "mediathek";
maintainers = with maintainers; [ moredread ];
platforms = platforms.all;
};

4
pkgs/build-support/rust/build-rust-crate/default.nix
View file

@ -366,6 +366,10 @@ crate_: lib.makeOverridable
meta = {
mainProgram = crateName;
badPlatforms = [
# Rust is currently unable to target the n32 ABI
lib.systems.inspect.patterns.isMips64n32
];
};
} // extraDerivationAttrs
)

4
pkgs/build-support/rust/build-rust-package/default.nix
View file

@ -162,5 +162,9 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg
"x86_64-redox"
"wasm32-wasi"
];
badPlatforms = [
# Rust is currently unable to target the n32 ABI
lib.systems.inspect.patterns.isMips64n32
];
} // meta;
})

42
pkgs/by-name/ri/river-bnf/package.nix Normal file
View file

@ -0,0 +1,42 @@
{ lib
, stdenv
, fetchFromSourcehut
, wayland
, wayland-scanner
, unstableGitUpdater
}:
stdenv.mkDerivation rec {
pname = "river-bnf";
version = "unstable-2023-10-10";
src = fetchFromSourcehut {
owner = "~leon_plickat";
repo = pname;
rev = "bb8ded380ed5d539777533065b4fd33646ad5603";
hash = "sha256-rm9Nt3WLgq9QOXzrkYBGp45EALNYFTQGInxfYIN0XcU=";
};
nativeBuildInputs = [
wayland-scanner
];
buildInputs = [
wayland.dev
];
postPatch = ''
substituteInPlace Makefile --replace '/usr/local' $out
'';
passthru.updateScript = unstableGitUpdater { };
meta = {
description = "Switch back'n'forth between river tags";
homepage = "https://git.sr.ht/~leon_plickat/river-bnf";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [ adamcstephens ];
mainProgram = "river-bnf";
platforms = lib.platforms.linux;
};
}

2
pkgs/development/libraries/gtk/2.x.nix
View file

@ -66,6 +66,8 @@ stdenv.mkDerivation (finalAttrs: {
] ++ lib.optionals stdenv.isDarwin [
./patches/2.0-gnome_bugzilla_557780_306776_freeciv_darwin.patch
./patches/2.0-darwin-x11.patch
# Fixes an incompatible function pointer conversion and implicit int errors with clang 16.
./patches/2.0-clang.patch
];
propagatedBuildInputs = [

49
pkgs/development/libraries/gtk/patches/2.0-clang.patch Normal file
View file

@ -0,0 +1,49 @@
diff --git a/gtk/gtkscale.c b/gtk/gtkscale.c
index 4317523fb8..3c09cd3ae8 100644
--- a/gtk/gtkscale.c
+++ b/gtk/gtkscale.c
@@ -1471,7 +1471,7 @@ gtk_scale_add_mark (GtkScale *scale,
mark->position = position;
priv->marks = g_slist_insert_sorted_with_data (priv->marks, mark,
- (GCompareFunc) compare_marks,
+ (GCompareDataFunc) compare_marks,
GINT_TO_POINTER (
gtk_range_get_inverted (GTK_RANGE (scale))
));
diff --git a/tests/testmenubars.c b/tests/testmenubars.c
index 416a939861..c65e82be26 100644
--- a/tests/testmenubars.c
+++ b/tests/testmenubars.c
@@ -21,7 +21,7 @@
#include <gtk/gtk.h>
static GtkWidget *
-create_menu (depth)
+create_menu (int depth, gboolean _unused)
{
GtkWidget *menu;
GtkWidget *menuitem;
@@ -35,19 +35,19 @@ create_menu (depth)
gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem);
gtk_widget_show (menuitem);
gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem),
- create_menu (depth - 1));
+ create_menu (depth - 1, _unused));
menuitem = gtk_menu_item_new_with_mnemonic ("Two");
gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem);
gtk_widget_show (menuitem);
gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem),
- create_menu (depth - 1));
+ create_menu (depth - 1, _unused));
menuitem = gtk_menu_item_new_with_mnemonic ("Three");
gtk_menu_shell_append (GTK_MENU_SHELL (menu), menuitem);
gtk_widget_show (menuitem);
gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem),
- create_menu (depth - 1));
+ create_menu (depth - 1, _unused));
return menu;
}

2
pkgs/development/libraries/lzlib/default.nix
View file

@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
substituteInPlace Makefile.in --replace '-Wl,--soname=' '-Wl,-install_name,$(out)/lib/'
'';
makeFlags = [ "CC:=$(CC)" ];
makeFlags = [ "CC:=$(CC)" "AR:=$(AR)" ];
doCheck = true;
configureFlags = [ "--enable-shared" ];

5
pkgs/development/ocaml-modules/carton/default.nix
View file

@ -8,14 +8,13 @@
buildDunePackage rec {
pname = "carton";
version = "0.6.0";
version = "0.7.0";
minimalOCamlVersion = "4.08";
duneVersion = "3";
src = fetchurl {
url = "https://github.com/mirage/ocaml-git/releases/download/${pname}-v${version}/git-${pname}-v${version}.tbz";
hash = "sha256-NAm4Xq7L0Dgynr8cKZQ356M4GR6D19LbCRxvnSlIf1U=";
hash = "sha256-vWkBJdP4ZpRCEwzrFMzsdHay4VyiXix/+1qzk+7yDvk=";
};
patches = [

4
pkgs/development/python-modules/aiowithings/default.nix
View file

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "aiowithings";
version = "0.4.4";
version = "1.0.0";
pyproject = true;
disabled = pythonOlder "3.11";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "joostlek";
repo = "python-withings";
rev = "refs/tags/v${version}";
hash = "sha256-YmTYwj3Udo1Pev25LLvY7757BR0h44aefqIe8b8FlTc=";
hash = "sha256-3necwO/EpjWD1fAItqsZJKgv0CIBklxcM1jNRPxhSVY=";
};
postPatch = ''

4
pkgs/development/python-modules/pyfibaro/default.nix
View file

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "pyfibaro";
version = "0.7.5";
version = "0.7.6";
format = "pyproject";
disabled = pythonOlder "3.9";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "rappenze";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-hllYxPPbLu3dpjHwXfIvTMW0LWtcglTVfN7youZaXTw=";
hash = "sha256-yE9HkAlGj1t90FwmwHDsk3ea2UOl0bG3UtYXxz/SWbI=";
};
nativeBuildInputs = [

4
pkgs/development/python-modules/pywemo/default.nix
View file

@ -14,7 +14,7 @@
buildPythonPackage rec {
pname = "pywemo";
version = "1.3.0";
version = "1.3.1";
format = "pyproject";
disabled = pythonOlder "3.7";
@ -23,7 +23,7 @@ buildPythonPackage rec {
owner = pname;
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-+AdNT7ClT8JkYLkwk+IVNWgXGS04WNtENOtqmbjv7nQ=";
hash = "sha256-RZeg6/xAGRumd4aM/mQQnIrIXB/rUrdeQQxk2c1mJNI=";
};
nativeBuildInputs = [

4
pkgs/development/python-modules/qbittorrent-api/default.nix
View file

@ -11,12 +11,12 @@
buildPythonPackage rec {
pname = "qbittorrent-api";
version = "2023.9.53";
version = "2023.10.54";
format = "pyproject";
src = fetchPypi {
inherit pname version;
hash = "sha256-/q0bL1WxIn6giOp9kLUCLZRpS/2d2Rdr61rRwZXQRP8=";
hash = "sha256-xCHB/pPURc1+vje6IhBHZ6HogUsmYfBE9977Qtwoc2w=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/rotary-embedding-torch/default.nix
View file

@ -13,14 +13,14 @@
buildPythonPackage rec {
pname = "rotary-embedding-torch";
version = "0.3.2";
version = "0.3.3";
pyproject = true;
src = fetchFromGitHub {
owner = "lucidrains";
repo = "rotary-embedding-torch";
rev = version;
hash = "sha256-EozW8J1i/2ym1hwUMciaWVtp7kSWfG+mC5RkWLJdK3g=";
hash = "sha256-uTOKdxqbSLRJl0gnz3TvpVwhrfqflAp0wfn6d13+YrM=";
};
nativeBuildInputs = [

18
pkgs/development/tools/rust/crate2nix/default.nix
View file

@ -10,18 +10,18 @@
rustPlatform.buildRustPackage rec {
pname = "crate2nix";
version = "0.10.0";
version = "0.11.0";
src = fetchFromGitHub {
owner = "kolloch";
owner = "nix-community";
repo = pname;
rev = version;
sha256 = "sha256-JaF9/H3m4Wrc5MtXcONkOAgKVkswLVw0yZe0dBr2e4Y=";
sha256 = "sha256-nyX1lfaA0eBSB/BaxPzCsyD8p/hxCwNIvr4Ru3i/YX0=";
};
sourceRoot = "${src.name}/crate2nix";
cargoSha256 = "sha256-PD7R1vcb3FKd4hfpViKyvfCExJ5H1Xo2HPYden5zpxQ=";
cargoSha256 = "sha256-3+emOr3hh+DDkboJbYyJFZgkzmcdA9jdronz7wM4x28=";
nativeBuildInputs = [ makeWrapper ];
@ -32,6 +32,13 @@ rustPlatform.buildRustPackage rec {
postFixup = ''
wrapProgram $out/bin/crate2nix \
--suffix PATH ":" ${lib.makeBinPath [ cargo nix nix-prefetch-git ]}
rm -rf $out/lib $out/bin/crate2nix.d
mkdir -p \
$out/share/bash-completion/completions \
$out/share/zsh/vendor-completions
$out/bin/crate2nix completions -s 'bash' -o $out/share/bash-completion/completions
$out/bin/crate2nix completions -s 'zsh' -o $out/share/zsh/vendor-completions
'';
meta = with lib; {
@ -40,9 +47,10 @@ rustPlatform.buildRustPackage rec {
Crate2nix generates Nix files from Cargo.toml/lock files
so that you can build every crate individually in a Nix sandbox.
'';
homepage = "https://github.com/kolloch/crate2nix";
homepage = "https://github.com/nix-community/crate2nix";
license = licenses.asl20;
maintainers = with maintainers; [ kolloch cole-h ];
platforms = platforms.all;
};
}

6
pkgs/os-specific/linux/zfs/generic.nix
View file

@ -202,15 +202,15 @@ stdenv'.mkDerivation {
changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}";
license = lib.licenses.cddl;
# The case-block for TARGET_CPU has branches for only five CPU families,
# The case-block for TARGET_CPU has branches for only some CPU families,
# which prevents ZFS from building on any other platform. Since the NixOS
# `boot.zfs.enabled` property is `readOnly`, excluding platforms where ZFS
# does not build is the only way to produce a NixOS installer on such
# platforms.
# https://github.com/openzfs/zfs/blob/6a6bd493988c75331deab06e5352a9bed035a87d/config/always-arch.m4#L16
# https://github.com/openzfs/zfs/blob/6723d1110f6daf93be93db74d5ea9f6b64c9bce5/config/always-arch.m4#L12
platforms =
with lib.systems.inspect.patterns;
map (p: p // isLinux) [ isx86_32 isx86_64 isPower isAarch64 isSparc ];
map (p: p // isLinux) ([ isx86_32 isx86_64 isPower isAarch64 isSparc ] ++ isArmv7);
maintainers = with lib.maintainers; [ jcumming jonringer globin raitobezarius ];
mainProgram = "zfs";

4
pkgs/servers/matrix-synapse/default.nix
View file

@ -113,10 +113,6 @@ python3.pkgs.buildPythonApplication rec {
sentry = [
sentry-sdk
];
opentracing = [
jaeger-client
opentracing
];
jwt = [
authlib
];

3
pkgs/servers/mpd/default.nix
View file

@ -9,7 +9,7 @@
, audiofile, faad2, ffmpeg, flac, fluidsynth, game-music-emu
, libmad, libmikmod, mpg123, libopus, libvorbis, lame
# Filters
, libsamplerate
, libsamplerate, soxr
# Outputs
, alsa-lib, libjack2, libpulseaudio, libshout, pipewire
# Misc
@ -62,6 +62,7 @@ let
lame = [ lame ];
# Filter plugins
libsamplerate = [ libsamplerate ];
soxr = [ soxr ];
# Output plugins
alsa = [ alsa-lib ];
jack = [ libjack2 ];

11
pkgs/servers/tracing/tempo/default.nix
View file

@ -1,4 +1,4 @@
{ lib, buildGoModule, fetchFromGitHub }:
{ lib, buildGoModule, fetchFromGitHub, fetchpatch }:
buildGoModule rec {
pname = "tempo";
@ -12,6 +12,15 @@ buildGoModule rec {
hash = "sha256-23wjD8HTSEGonIMAWCoKORMLIISASxlN4FeY+Bmt/+I=";
};
patches = [
# Backport patch for Go 1.21 compatibility
# FIXME: remove after 2.3.0
(fetchpatch {
url = "https://github.com/grafana/tempo/commit/0d37e8f0edd8a96876b0a5f5ab97ef79ff04608f.patch";
hash = "sha256-YC59g5pdcrwJeQ4raS0Oq+fZvRBKFj4johZtGTAYpEs=";
})
];
vendorHash = null;
subPackages = [

38
pkgs/tools/misc/rpi-imager/default.nix
View file

@ -3,6 +3,7 @@
, fetchFromGitHub
, wrapQtAppsHook
, cmake
, pkg-config
, util-linux
, curl
, libarchive
@ -12,23 +13,26 @@
, qttools
, qtquickcontrols2
, qtgraphicaleffects
, xz
, testers
, nix-update-script
, enableTelemetry ? false
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "rpi-imager";
version = "1.7.5";
version = "1.8.1";
src = fetchFromGitHub {
owner = "raspberrypi";
repo = pname;
rev = "v${version}";
sha256 = "sha256-yB+H1zWL40KzxOrBuvg7nBC3zmWilsOgOW7ndiDWuDA=";
repo = finalAttrs.pname;
rev = "refs/tags/v${finalAttrs.version}";
sha256 = "sha256-drHiZ0eYYvJg6/v3oEozGAbBKm1KLpec+kYZWwpT9yM=";
};
nativeBuildInputs = [
cmake
pkg-config
util-linux
wrapQtAppsHook
];
@ -48,40 +52,34 @@ stdenv.mkDerivation rec {
qttools
qtquickcontrols2
qtgraphicaleffects
xz
];
sourceRoot = "${src.name}/src";
sourceRoot = "${finalAttrs.src.name}/src";
/* By default, the builder checks for JSON support in lsblk by running "lsblk --json",
but that throws an error, as /sys/dev doesn't exist in the sandbox.
This patch removes the check. */
patches = [ ./lsblkCheckFix.patch ];
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
# Without this, the tests fail because they cannot create the QT Window
export QT_QPA_PLATFORM=offscreen
$out/bin/rpi-imager --version
runHook postInstallCheck
'';
passthru = {
tests.version = testers.testVersion {
package = finalAttrs.finalPackage;
command = "QT_QPA_PLATFORM=offscreen rpi-imager --version";
};
updateScript = nix-update-script { };
};
meta = with lib; {
description = "Raspberry Pi Imaging Utility";
homepage = "https://www.raspberrypi.com/software/";
changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${version}";
changelog = "https://github.com/raspberrypi/rpi-imager/releases/tag/v${finalAttrs.version}";
downloadPage = "https://github.com/raspberrypi/rpi-imager/";
license = licenses.asl20;
mainProgram = "rpi-imager";
maintainers = with maintainers; [ ymarkus anthonyroussel ];
platforms = platforms.all;
# does not build on darwin
broken = stdenv.isDarwin;
};
}
})

4
pkgs/tools/misc/ttyplot/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "ttyplot";
version = "1.4";
version = "1.5";
src = fetchFromGitHub {
owner = "tenox7";
repo = "ttyplot";
rev = version;
sha256 = "19qm0hx9ljdw9qg78lydn3c627xy7xnx3knq5f7caw9lf0cdp7kf";
sha256 = "sha256-COnqzWqah1J/q64XrOBhMOsrafAs/BptqNvrjHJ9edQ=";
};
buildInputs = [ ncurses ];

22
pkgs/tools/networking/nqptp/default.nix
View file

@ -3,26 +3,36 @@
, fetchFromGitHub
, autoreconfHook
, pkg-config
, gitUpdater
}:
stdenv.mkDerivation rec {
version = "1.2.3";
version = "1.2.4";
pname = "nqptp";
src = fetchFromGitHub {
owner = "mikebrady";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-Ppsz3hDG6sEf6LJ2WdbTdJ8Gi53f0YmvaUU8TOfVMz4=";
hash = "sha256-roTNcr3v2kzE6vQ5plAVtlw1+2yJplltOYsGGibtoZo=";
};
patches = [
# this patch should be removed when > 1.2.4
./remove-setcap.patch
];
nativeBuildInputs = [ autoreconfHook pkg-config ];
meta = with lib; {
passthru.updateScript = gitUpdater {
ignoredVersions = ".*(-dev|d0)";
};
meta = {
homepage = "https://github.com/mikebrady/nqptp";
description = "Daemon and companion application to Shairport Sync that monitors timing data from any PTP clocks";
license = licenses.gpl2Only;
maintainers = with maintainers; [ jordanisaacs ];
platforms = platforms.linux ++ platforms.freebsd;
license = lib.licenses.gpl2Only;
maintainers = with lib.maintainers; [ jordanisaacs adamcstephens ];
platforms = lib.platforms.linux ++ lib.platforms.freebsd;
};
}

13
pkgs/tools/networking/nqptp/remove-setcap.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/Makefile.am b/Makefile.am
index 78f36d7..8dc4e4f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,8 +19,6 @@ endif
install-exec-hook:
if BUILD_FOR_LINUX
-# NQPTP runs as user/group nqptp/nqptp on Linux and uses setcap to access ports 319 and 320
- setcap 'cap_net_bind_service=+ep' $(bindir)/nqptp
# no installer for System V
if INSTALL_SYSTEMD_STARTUP
getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null

1
pkgs/top-level/all-packages.nix
View file

@ -14039,6 +14039,7 @@ with pkgs;
trezord = callPackage ../servers/trezord {
inherit (darwin.apple_sdk.frameworks) AppKit;
buildGoModule = buildGo120Module;
};
trezor_agent = with python3Packages; toPythonApplication trezor_agent;