cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2024-02-28 06:01:43 +00:00 committed by GitHub
commit 6de655cb49
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
45 changed files with 933 additions and 587 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
doc/build-helpers/images/dockertools.section.md
View file

@ -507,6 +507,16 @@ This allows the function to produce reproducible images.
_Default value:_ `"1970-01-01T00:00:01Z"`.
`uid` (Number; _optional_) []{#dockerTools-buildLayeredImage-arg-uid}
`gid` (Number; _optional_) []{#dockerTools-buildLayeredImage-arg-gid}
`uname` (String; _optional_) []{#dockerTools-buildLayeredImage-arg-uname}
`gname` (String; _optional_) []{#dockerTools-buildLayeredImage-arg-gname}
: Credentials for Nix store ownership.
Can be overridden to e.g. `1000` / `1000` / `"user"` / `"user"` to enable building a container where Nix can be used as an unprivileged user in single-user mode.
_Default value:_ `0` / `0` / `"root"` / `"root"`
`maxLayers` (Number; _optional_) []{#dockerTools-buildLayeredImage-arg-maxLayers}
: The maximum number of layers that will be used by the generated image.

100
lib/fileset/tests.sh
View file

@ -345,13 +345,17 @@ checkFileset() {
#### Error messages #####
# We're using [[:blank:]] here instead of \s, because only the former is POSIX
# (see https://pubs.opengroup.org/onlinepubs/007908799/xbd/re.html#tag_007_003_005).
# And indeed, Darwin's bash only supports the former
# Absolute paths in strings cannot be passed as `root`
expectFailure 'toSource { root = "/nix/store/foobar"; fileset = ./.; }' 'lib.fileset.toSource: `root` \(/nix/store/foobar\) is a string-like value, but it should be a path instead.
\s*Paths in strings are not supported by `lib.fileset`, use `lib.sources` or derivations instead.'
[[:blank:]]*Paths in strings are not supported by `lib.fileset`, use `lib.sources` or derivations instead.'
expectFailure 'toSource { root = cleanSourceWith { src = ./.; }; fileset = ./.; }' 'lib.fileset.toSource: `root` is a `lib.sources`-based value, but it should be a path instead.
\s*To use a `lib.sources`-based value, convert it to a file set using `lib.fileset.fromSource` and pass it as `fileset`.
\s*Note that this only works for sources created from paths.'
[[:blank:]]*To use a `lib.sources`-based value, convert it to a file set using `lib.fileset.fromSource` and pass it as `fileset`.
[[:blank:]]*Note that this only works for sources created from paths.'
# Only paths are accepted as `root`
expectFailure 'toSource { root = 10; fileset = ./.; }' 'lib.fileset.toSource: `root` is of type int, but it should be a path instead.'
@ -361,9 +365,9 @@ mkdir -p {foo,bar}/mock-root
expectFailure 'with ((import <nixpkgs/lib>).extend (import <nixpkgs/lib/fileset/mock-splitRoot.nix>)).fileset;
toSource { root = ./foo/mock-root; fileset = ./bar/mock-root; }
' 'lib.fileset.toSource: Filesystem roots are not the same for `fileset` and `root` \('"$work"'/foo/mock-root\):
\s*`root`: Filesystem root is "'"$work"'/foo/mock-root"
\s*`fileset`: Filesystem root is "'"$work"'/bar/mock-root"
\s*Different filesystem roots are not supported.'
[[:blank:]]*`root`: Filesystem root is "'"$work"'/foo/mock-root"
[[:blank:]]*`fileset`: Filesystem root is "'"$work"'/bar/mock-root"
[[:blank:]]*Different filesystem roots are not supported.'
rm -rf -- *
# `root` needs to exist
@ -372,8 +376,8 @@ expectFailure 'toSource { root = ./a; fileset = ./.; }' 'lib.fileset.toSource: `
# `root` needs to be a file
touch a
expectFailure 'toSource { root = ./a; fileset = ./a; }' 'lib.fileset.toSource: `root` \('"$work"'/a\) is a file, but it should be a directory instead. Potential solutions:
\s*- If you want to import the file into the store _without_ a containing directory, use string interpolation or `builtins.path` instead of this function.
\s*- If you want to import the file into the store _with_ a containing directory, set `root` to the containing directory, such as '"$work"', and set `fileset` to the file path.'
[[:blank:]]*- If you want to import the file into the store _without_ a containing directory, use string interpolation or `builtins.path` instead of this function.
[[:blank:]]*- If you want to import the file into the store _with_ a containing directory, set `root` to the containing directory, such as '"$work"', and set `fileset` to the file path.'
rm -rf -- *
# The fileset argument should be evaluated, even if the directory is empty
@ -382,36 +386,36 @@ expectFailure 'toSource { root = ./.; fileset = abort "This should be evaluated"
# Only paths under `root` should be able to influence the result
mkdir a
expectFailure 'toSource { root = ./a; fileset = ./.; }' 'lib.fileset.toSource: `fileset` could contain files in '"$work"', which is not under the `root` \('"$work"'/a\). Potential solutions:
\s*- Set `root` to '"$work"' or any directory higher up. This changes the layout of the resulting store path.
\s*- Set `fileset` to a file set that cannot contain files outside the `root` \('"$work"'/a\). This could change the files included in the result.'
[[:blank:]]*- Set `root` to '"$work"' or any directory higher up. This changes the layout of the resulting store path.
[[:blank:]]*- Set `fileset` to a file set that cannot contain files outside the `root` \('"$work"'/a\). This could change the files included in the result.'
rm -rf -- *
# non-regular and non-symlink files cannot be added to the Nix store
mkfifo a
expectFailure 'toSource { root = ./.; fileset = ./a; }' 'lib.fileset.toSource: `fileset` contains a file that cannot be added to the store: '"$work"'/a
\s*This file is neither a regular file nor a symlink, the only file types supported by the Nix store.
\s*Therefore the file set cannot be added to the Nix store as is. Make sure to not include that file to avoid this error.'
[[:blank:]]*This file is neither a regular file nor a symlink, the only file types supported by the Nix store.
[[:blank:]]*Therefore the file set cannot be added to the Nix store as is. Make sure to not include that file to avoid this error.'
rm -rf -- *
# Path coercion only works for paths
expectFailure 'toSource { root = ./.; fileset = 10; }' 'lib.fileset.toSource: `fileset` is of type int, but it should be a file set or a path instead.'
expectFailure 'toSource { root = ./.; fileset = "/some/path"; }' 'lib.fileset.toSource: `fileset` \("/some/path"\) is a string-like value, but it should be a file set or a path instead.
\s*Paths represented as strings are not supported by `lib.fileset`, use `lib.sources` or derivations instead.'
[[:blank:]]*Paths represented as strings are not supported by `lib.fileset`, use `lib.sources` or derivations instead.'
expectFailure 'toSource { root = ./.; fileset = cleanSourceWith { src = ./.; }; }' 'lib.fileset.toSource: `fileset` is a `lib.sources`-based value, but it should be a file set or a path instead.
\s*To convert a `lib.sources`-based value to a file set you can use `lib.fileset.fromSource`.
\s*Note that this only works for sources created from paths.'
[[:blank:]]*To convert a `lib.sources`-based value to a file set you can use `lib.fileset.fromSource`.
[[:blank:]]*Note that this only works for sources created from paths.'
# Path coercion errors for non-existent paths
expectFailure 'toSource { root = ./.; fileset = ./a; }' 'lib.fileset.toSource: `fileset` \('"$work"'/a\) is a path that does not exist.
\s*To create a file set from a path that may not exist, use `lib.fileset.maybeMissing`.'
[[:blank:]]*To create a file set from a path that may not exist, use `lib.fileset.maybeMissing`.'
# File sets cannot be evaluated directly
expectFailure 'union ./. ./.' 'lib.fileset: Directly evaluating a file set is not supported.
\s*To turn it into a usable source, use `lib.fileset.toSource`.
\s*To pretty-print the contents, use `lib.fileset.trace` or `lib.fileset.traceVal`.'
[[:blank:]]*To turn it into a usable source, use `lib.fileset.toSource`.
[[:blank:]]*To pretty-print the contents, use `lib.fileset.trace` or `lib.fileset.traceVal`.'
expectFailure '_emptyWithoutBase' 'lib.fileset: Directly evaluating a file set is not supported.
\s*To turn it into a usable source, use `lib.fileset.toSource`.
\s*To pretty-print the contents, use `lib.fileset.trace` or `lib.fileset.traceVal`.'
[[:blank:]]*To turn it into a usable source, use `lib.fileset.toSource`.
[[:blank:]]*To pretty-print the contents, use `lib.fileset.trace` or `lib.fileset.traceVal`.'
# Past versions of the internal representation are supported
expectEqual '_coerce "<tests>: value" { _type = "fileset"; _internalVersion = 0; _internalBase = ./.; }' \
@ -423,9 +427,9 @@ expectEqual '_coerce "<tests>: value" { _type = "fileset"; _internalVersion = 2;
# Future versions of the internal representation are unsupported
expectFailure '_coerce "<tests>: value" { _type = "fileset"; _internalVersion = 4; }' '<tests>: value is a file set created from a future version of the file set library with a different internal representation:
\s*- Internal version of the file set: 4
\s*- Internal version of the library: 3
\s*Make sure to update your Nixpkgs to have a newer version of `lib.fileset`.'
[[:blank:]]*- Internal version of the file set: 4
[[:blank:]]*- Internal version of the library: 3
[[:blank:]]*Make sure to update your Nixpkgs to have a newer version of `lib.fileset`.'
# _create followed by _coerce should give the inputs back without any validation
expectEqual '{
@ -539,16 +543,16 @@ mkdir -p {foo,bar}/mock-root
expectFailure 'with ((import <nixpkgs/lib>).extend (import <nixpkgs/lib/fileset/mock-splitRoot.nix>)).fileset;
toSource { root = ./.; fileset = union ./foo/mock-root ./bar/mock-root; }
' 'lib.fileset.union: Filesystem roots are not the same:
\s*First argument: Filesystem root is "'"$work"'/foo/mock-root"
\s*Second argument: Filesystem root is "'"$work"'/bar/mock-root"
\s*Different filesystem roots are not supported.'
[[:blank:]]*First argument: Filesystem root is "'"$work"'/foo/mock-root"
[[:blank:]]*Second argument: Filesystem root is "'"$work"'/bar/mock-root"
[[:blank:]]*Different filesystem roots are not supported.'
expectFailure 'with ((import <nixpkgs/lib>).extend (import <nixpkgs/lib/fileset/mock-splitRoot.nix>)).fileset;
toSource { root = ./.; fileset = unions [ ./foo/mock-root ./bar/mock-root ]; }
' 'lib.fileset.unions: Filesystem roots are not the same:
\s*Element 0: Filesystem root is "'"$work"'/foo/mock-root"
\s*Element 1: Filesystem root is "'"$work"'/bar/mock-root"
\s*Different filesystem roots are not supported.'
[[:blank:]]*Element 0: Filesystem root is "'"$work"'/foo/mock-root"
[[:blank:]]*Element 1: Filesystem root is "'"$work"'/bar/mock-root"
[[:blank:]]*Different filesystem roots are not supported.'
rm -rf -- *
# Coercion errors show the correct context
@ -652,9 +656,9 @@ mkdir -p {foo,bar}/mock-root
expectFailure 'with ((import <nixpkgs/lib>).extend (import <nixpkgs/lib/fileset/mock-splitRoot.nix>)).fileset;
toSource { root = ./.; fileset = intersection ./foo/mock-root ./bar/mock-root; }
' 'lib.fileset.intersection: Filesystem roots are not the same:
\s*First argument: Filesystem root is "'"$work"'/foo/mock-root"
\s*Second argument: Filesystem root is "'"$work"'/bar/mock-root"
\s*Different filesystem roots are not supported.'
[[:blank:]]*First argument: Filesystem root is "'"$work"'/foo/mock-root"
[[:blank:]]*Second argument: Filesystem root is "'"$work"'/bar/mock-root"
[[:blank:]]*Different filesystem roots are not supported.'
rm -rf -- *
# Coercion errors show the correct context
@ -761,8 +765,8 @@ rm -rf -- *
# Also not the other way around
mkdir a
expectFailure 'toSource { root = ./a; fileset = difference ./. ./a; }' 'lib.fileset.toSource: `fileset` could contain files in '"$work"', which is not under the `root` \('"$work"'/a\). Potential solutions:
\s*- Set `root` to '"$work"' or any directory higher up. This changes the layout of the resulting store path.
\s*- Set `fileset` to a file set that cannot contain files outside the `root` \('"$work"'/a\). This could change the files included in the result.'
[[:blank:]]*- Set `root` to '"$work"' or any directory higher up. This changes the layout of the resulting store path.
[[:blank:]]*- Set `fileset` to a file set that cannot contain files outside the `root` \('"$work"'/a\). This could change the files included in the result.'
rm -rf -- *
# Difference actually works
@ -839,7 +843,7 @@ expectFailure 'fileFilter null (abort "this is not needed")' 'lib.fileset.fileFi
# The second argument needs to be an existing path
expectFailure 'fileFilter (file: abort "this is not needed") _emptyWithoutBase' 'lib.fileset.fileFilter: Second argument is a file set, but it should be a path instead.
\s*If you need to filter files in a file set, use `intersection fileset \(fileFilter pred \./\.\)` instead.'
[[:blank:]]*If you need to filter files in a file set, use `intersection fileset \(fileFilter pred \./\.\)` instead.'
expectFailure 'fileFilter (file: abort "this is not needed") null' 'lib.fileset.fileFilter: Second argument is of type null, but it should be a path instead.'
expectFailure 'fileFilter (file: abort "this is not needed") ./a' 'lib.fileset.fileFilter: Second argument \('"$work"'/a\) is a path that does not exist.'
@ -1103,7 +1107,7 @@ rm -rf -- *
# String-like values are not supported
expectFailure 'fromSource (lib.cleanSource "")' 'lib.fileset.fromSource: The source origin of the argument is a string-like value \(""\), but it should be a path instead.
\s*Sources created from paths in strings cannot be turned into file sets, use `lib.sources` or derivations instead.'
[[:blank:]]*Sources created from paths in strings cannot be turned into file sets, use `lib.sources` or derivations instead.'
# Wrong type
expectFailure 'fromSource null' 'lib.fileset.fromSource: The source origin of the argument is of type null, but it should be a path instead.'
@ -1420,10 +1424,10 @@ expectEqual '(import '"$storePath"' { fs = lib.fileset; }).outPath' \""$storePat
## But it fails if the path is imported with a fetcher that doesn't remove .git (like just using "${./.}")
expectFailure 'import "${./.}" { fs = lib.fileset; }' 'lib.fileset.gitTracked: The argument \(.*\) is a store path within a working tree of a Git repository.
\s*This indicates that a source directory was imported into the store using a method such as `import "\$\{./.\}"` or `path:.`.
\s*This function currently does not support such a use case, since it currently relies on `builtins.fetchGit`.
\s*You could make this work by using a fetcher such as `fetchGit` instead of copying the whole repository.
\s*If you can'\''t avoid copying the repo to the store, see https://github.com/NixOS/nix/issues/9292.'
[[:blank:]]*This indicates that a source directory was imported into the store using a method such as `import "\$\{./.\}"` or `path:.`.
[[:blank:]]*This function currently does not support such a use case, since it currently relies on `builtins.fetchGit`.
[[:blank:]]*You could make this work by using a fetcher such as `fetchGit` instead of copying the whole repository.
[[:blank:]]*If you can'\''t avoid copying the repo to the store, see https://github.com/NixOS/nix/issues/9292.'
## Even with submodules
if [[ -n "$fetchGitSupportsSubmodules" ]]; then
@ -1447,15 +1451,15 @@ if [[ -n "$fetchGitSupportsSubmodules" ]]; then
## But it fails if the path is imported with a fetcher that doesn't remove .git (like just using "${./.}")
expectFailure 'import "${./.}" { fs = lib.fileset; }' 'lib.fileset.gitTrackedWith: The second argument \(.*\) is a store path within a working tree of a Git repository.
\s*This indicates that a source directory was imported into the store using a method such as `import "\$\{./.\}"` or `path:.`.
\s*This function currently does not support such a use case, since it currently relies on `builtins.fetchGit`.
\s*You could make this work by using a fetcher such as `fetchGit` instead of copying the whole repository.
\s*If you can'\''t avoid copying the repo to the store, see https://github.com/NixOS/nix/issues/9292.'
[[:blank:]]*This indicates that a source directory was imported into the store using a method such as `import "\$\{./.\}"` or `path:.`.
[[:blank:]]*This function currently does not support such a use case, since it currently relies on `builtins.fetchGit`.
[[:blank:]]*You could make this work by using a fetcher such as `fetchGit` instead of copying the whole repository.
[[:blank:]]*If you can'\''t avoid copying the repo to the store, see https://github.com/NixOS/nix/issues/9292.'
expectFailure 'import "${./.}/sub" { fs = lib.fileset; }' 'lib.fileset.gitTracked: The argument \(.*/sub\) is a store path within a working tree of a Git repository.
\s*This indicates that a source directory was imported into the store using a method such as `import "\$\{./.\}"` or `path:.`.
\s*This function currently does not support such a use case, since it currently relies on `builtins.fetchGit`.
\s*You could make this work by using a fetcher such as `fetchGit` instead of copying the whole repository.
\s*If you can'\''t avoid copying the repo to the store, see https://github.com/NixOS/nix/issues/9292.'
[[:blank:]]*This indicates that a source directory was imported into the store using a method such as `import "\$\{./.\}"` or `path:.`.
[[:blank:]]*This function currently does not support such a use case, since it currently relies on `builtins.fetchGit`.
[[:blank:]]*You could make this work by using a fetcher such as `fetchGit` instead of copying the whole repository.
[[:blank:]]*If you can'\''t avoid copying the repo to the store, see https://github.com/NixOS/nix/issues/9292.'
fi
rm -rf -- *

6
maintainers/maintainer-list.nix
View file

@ -17174,6 +17174,12 @@
fingerprint = "E173 237A C782 296D 98F5 ADAC E13D FD4B 4712 7951";
}];
};
sdht0 = {
email = "nixpkgs@sdht.in";
github = "sdht0";
githubId = 867424;
name = "Siddhartha Sahu";
};
sdier = {
email = "scott@dier.name";
matrix = "@sdier:matrix.org";

9
nixos/doc/manual/release-notes/rl-2405.section.md
View file

@ -283,6 +283,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release.
- New `boot.loader.systemd-boot.xbootldrMountPoint` allows setting up a separate [XBOOTLDR partition](https://uapi-group.org/specifications/specs/boot_loader_specification/) to store boot files. Useful on systems with a small EFI System partition that cannot be easily repartitioned.
- `boot.loader.systemd-boot` will now verify that `efiSysMountPoint` (and `xbootldrMountPoint` if configured) are mounted partitions.
- `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list.
For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``;
@ -386,6 +390,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- The `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`.
- When merging systemd unit options (of type `unitOption`),
if at least one definition is a list, all those which aren't are now lifted into a list,
making it possible to accumulate definitions without resorting to `mkForce`,
hence to retain the definitions not anticipating that need.
- YouTrack is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details.
- QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS).

55
nixos/lib/make-disk-image.nix
View file

@ -56,6 +56,14 @@ This partition table type uses GPT and:
- creates an FAT32 ESP partition from 8MiB to specified `bootSize` parameter (256MiB by default), set it bootable ;
- creates an primary ext4 partition starting after the boot partition and extending to the full disk image
#### `efixbootldr`
This partition table type uses GPT and:
- creates an FAT32 ESP partition from 8MiB to 100MiB, set it bootable ;
- creates an FAT32 BOOT partition from 100MiB to specified `bootSize` parameter (256MiB by default), set `bls_boot` flag ;
- creates an primary ext4 partition starting after the boot partition and extending to the full disk image
#### `hybrid`
This partition table type uses GPT and:
@ -111,19 +119,7 @@ To solve this, you can run `fdisk -l $image` and generate `dd if=$image of=$imag
# When setting one of `user' or `group', the other needs to be set too.
contents ? []
, # Type of partition table to use; either "legacy", "efi", or "none".
# For "efi" images, the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition.
# For "legacy", the msdos partition table is used and a single large root
# partition is created.
# For "legacy+gpt", the GPT partition table is used, a 1MiB no-fs partition for
# use by the bootloader is created, and a single large root partition is
# created.
# For "hybrid", the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition.
# Also a legacy MBR will be present.
# For "none", no partition table is created. Enabling `installBootLoader`
# most likely fails as GRUB will probably refuse to install.
, # Type of partition table to use; described in the `Image Partitioning` section above.
partitionTableType ? "legacy"
, # Whether to invoke `switch-to-configuration boot` during image creation
@ -193,11 +189,11 @@ To solve this, you can run `fdisk -l $image` and generate `dd if=$image of=$imag
additionalPaths ? []
}:
assert (lib.assertOneOf "partitionTableType" partitionTableType [ "legacy" "legacy+gpt" "efi" "hybrid" "none" ]);
assert (lib.assertOneOf "partitionTableType" partitionTableType [ "legacy" "legacy+gpt" "efi" "efixbootldr" "hybrid" "none" ]);
assert (lib.assertMsg (fsType == "ext4" && deterministic -> rootFSUID != null) "In deterministic mode with a ext4 partition, rootFSUID must be non-null, by default, it is equal to rootGPUID.");
# We use -E offset=X below, which is only supported by e2fsprogs
assert (lib.assertMsg (partitionTableType != "none" -> fsType == "ext4") "to produce a partition table, we need to use -E offset flag which is support only for fsType = ext4");
assert (lib.assertMsg (touchEFIVars -> partitionTableType == "hybrid" || partitionTableType == "efi" || partitionTableType == "legacy+gpt") "EFI variables can be used only with a partition table of type: hybrid, efi or legacy+gpt.");
assert (lib.assertMsg (touchEFIVars -> partitionTableType == "hybrid" || partitionTableType == "efi" || partitionTableType == "efixbootldr" || partitionTableType == "legacy+gpt") "EFI variables can be used only with a partition table of type: hybrid, efi, efixbootldr, or legacy+gpt.");
# If only Nix store image, then: contents must be empty, configFile must be unset, and we should no install bootloader.
assert (lib.assertMsg (onlyNixStore -> contents == [] && configFile == null && !installBootLoader) "In a only Nix store image, the contents must be empty, no configuration must be provided and no bootloader should be installed.");
# Either both or none of {user,group} need to be set
@ -225,6 +221,7 @@ let format' = format; in let
legacy = "1";
"legacy+gpt" = "2";
efi = "2";
efixbootldr = "3";
hybrid = "3";
}.${partitionTableType};
@ -266,6 +263,23 @@ let format' = format; in let
$diskImage
''}
'';
efixbootldr = ''
parted --script $diskImage -- \
mklabel gpt \
mkpart ESP fat32 8MiB 100MiB \
set 1 boot on \
mkpart BOOT fat32 100MiB ${bootSize} \
set 2 bls_boot on \
mkpart ROOT ext4 ${bootSize} -1
${optionalString deterministic ''
sgdisk \
--disk-guid=97FD5997-D90B-4AA3-8D16-C1723AEA73C \
--partition-guid=1:1C06F03B-704E-4657-B9CD-681A087A2FDC \
--partition-guid=2:970C694F-AFD0-4B99-B750-CDB7A329AB6F \
--partition-guid=3:${rootGPUID} \
$diskImage
''}
'';
hybrid = ''
parted --script $diskImage -- \
mklabel gpt \
@ -436,7 +450,7 @@ let format' = format; in let
diskImage=nixos.raw
${if diskSize == "auto" then ''
${if partitionTableType == "efi" || partitionTableType == "hybrid" then ''
${if partitionTableType == "efi" || partitionTableType == "efixbootldr" || partitionTableType == "hybrid" then ''
# Add the GPT at the end
gptSpace=$(( 512 * 34 * 1 ))
# Normally we'd need to account for alignment and things, if bootSize
@ -570,6 +584,15 @@ let format' = format; in let
${optionalString touchEFIVars "mount -t efivarfs efivarfs /sys/firmware/efi/efivars"}
''}
${optionalString (partitionTableType == "efixbootldr") ''
mkdir -p /mnt/{boot,efi}
mkfs.vfat -n ESP /dev/vda1
mkfs.vfat -n BOOT /dev/vda2
mount /dev/vda1 /mnt/efi
mount /dev/vda2 /mnt/boot
${optionalString touchEFIVars "mount -t efivarfs efivarfs /sys/firmware/efi/efivars"}
''}
# Install a configuration.nix
mkdir -p /mnt/etc/nixos

10
nixos/lib/systemd-unit-options.nix
View file

@ -21,14 +21,8 @@ in rec {
let
defs' = filterOverrides defs;
in
if isList (head defs').value
then concatMap (def:
if builtins.typeOf def.value == "list"
then def.value
else
throw "The definitions for systemd unit options should be either all lists, representing repeatable options, or all non-lists, but for the option ${showOption loc}, the definitions are a mix of list and non-list ${lib.options.showDefs defs'}"
) defs'
if any (def: isList def.value) defs'
then concatMap (def: toList def.value) defs'
else mergeEqualOption loc defs';
};

4
nixos/modules/services/networking/mosquitto.nix
View file

@ -331,7 +331,7 @@ let
formatListener = idx: listener:
[
"listener ${toString listener.port} ${toString listener.address}"
"acl_file /etc/mosquitto/mosquitto-acl-${toString idx}.conf"
"acl_file /etc/mosquitto/acl-${toString idx}.conf"
]
++ optional (! listener.omitPasswordAuth) "password_file ${cfg.dataDir}/passwd-${toString idx}"
++ formatFreeform {} listener.settings
@ -690,7 +690,7 @@ in
environment.etc = listToAttrs (
imap0
(idx: listener: {
name = "mosquitto/mosquitto-acl-${toString idx}.conf";
name = "mosquitto/acl-${toString idx}.conf";
value = {
user = config.users.users.mosquitto.name;
group = config.users.users.mosquitto.group;

69
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
View file

@ -17,6 +17,9 @@ from dataclasses import dataclass
# These values will be replaced with actual values during the package build
EFI_SYS_MOUNT_POINT = "@efiSysMountPoint@"
BOOT_MOUNT_POINT = "@bootMountPoint@"
LOADER_CONF = f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf" # Always stored on the ESP
NIXOS_DIR = "@nixosDir@"
TIMEOUT = "@timeout@"
EDITOR = "@editor@" == "1"
CONSOLE_MODE = "@consoleMode@"
@ -28,6 +31,7 @@ CONFIGURATION_LIMIT = int("@configurationLimit@")
CAN_TOUCH_EFI_VARIABLES = "@canTouchEfiVariables@"
GRACEFUL = "@graceful@"
COPY_EXTRA_FILES = "@copyExtraFiles@"
CHECK_MOUNTPOINTS = "@checkMountpoints@"
@dataclass
class BootSpec:
@ -87,7 +91,7 @@ def generation_conf_filename(profile: str | None, generation: int, specialisatio
def write_loader_conf(profile: str | None, generation: int, specialisation: str | None) -> None:
with open(f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf.tmp", 'w') as f:
with open(f"{LOADER_CONF}.tmp", 'w') as f:
if TIMEOUT != "":
f.write(f"timeout {TIMEOUT}\n")
f.write("default %s\n" % generation_conf_filename(profile, generation, specialisation))
@ -96,7 +100,7 @@ def write_loader_conf(profile: str | None, generation: int, specialisation: str
f.write(f"console-mode {CONSOLE_MODE}\n")
f.flush()
os.fsync(f.fileno())
os.rename(f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf.tmp", f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf")
os.rename(f"{LOADER_CONF}.tmp", LOADER_CONF)
def get_bootspec(profile: str | None, generation: int) -> BootSpec:
@ -126,9 +130,9 @@ def copy_from_file(file: str, dry_run: bool = False) -> str:
store_file_path = os.path.realpath(file)
suffix = os.path.basename(store_file_path)
store_dir = os.path.basename(os.path.dirname(store_file_path))
efi_file_path = "/efi/nixos/%s-%s.efi" % (store_dir, suffix)
efi_file_path = f"{NIXOS_DIR}/{store_dir}-{suffix}.efi"
if not dry_run:
copy_if_not_exists(store_file_path, f"{EFI_SYS_MOUNT_POINT}%s" % (efi_file_path))
copy_if_not_exists(store_file_path, f"{BOOT_MOUNT_POINT}{efi_file_path}")
return efi_file_path
def write_entry(profile: str | None, generation: int, specialisation: str | None,
@ -145,7 +149,7 @@ def write_entry(profile: str | None, generation: int, specialisation: str | None
try:
if bootspec.initrdSecrets is not None:
subprocess.check_call([bootspec.initrdSecrets, f"{EFI_SYS_MOUNT_POINT}%s" % (initrd)])
subprocess.check_call([bootspec.initrdSecrets, f"{BOOT_MOUNT_POINT}%s" % (initrd)])
except subprocess.CalledProcessError:
if current:
print("failed to create initrd secrets!", file=sys.stderr)
@ -155,7 +159,7 @@ def write_entry(profile: str | None, generation: int, specialisation: str | None
f'for "{title} - Configuration {generation}", an older generation', file=sys.stderr)
print("note: this is normal after having removed "
"or renamed a file in `boot.initrd.secrets`", file=sys.stderr)
entry_file = f"{EFI_SYS_MOUNT_POINT}/loader/entries/%s" % (
entry_file = f"{BOOT_MOUNT_POINT}/loader/entries/%s" % (
generation_conf_filename(profile, generation, specialisation))
tmp_path = "%s.tmp" % (entry_file)
kernel_params = "init=%s " % bootspec.init
@ -202,14 +206,14 @@ def get_generations(profile: str | None = None) -> list[SystemIdentifier]:
def remove_old_entries(gens: list[SystemIdentifier]) -> None:
rex_profile = re.compile(r"^" + re.escape(EFI_SYS_MOUNT_POINT) + "/loader/entries/nixos-(.*)-generation-.*\.conf$")
rex_generation = re.compile(r"^" + re.escape(EFI_SYS_MOUNT_POINT) + "/loader/entries/nixos.*-generation-([0-9]+)(-specialisation-.*)?\.conf$")
rex_profile = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + "/loader/entries/nixos-(.*)-generation-.*\.conf$")
rex_generation = re.compile(r"^" + re.escape(BOOT_MOUNT_POINT) + "/loader/entries/nixos.*-generation-([0-9]+)(-specialisation-.*)?\.conf$")
known_paths = []
for gen in gens:
bootspec = get_bootspec(gen.profile, gen.generation)
known_paths.append(copy_from_file(bootspec.kernel, True))
known_paths.append(copy_from_file(bootspec.initrd, True))
for path in glob.iglob(f"{EFI_SYS_MOUNT_POINT}/loader/entries/nixos*-generation-[1-9]*.conf"):
for path in glob.iglob(f"{BOOT_MOUNT_POINT}/loader/entries/nixos*-generation-[1-9]*.conf"):
if rex_profile.match(path):
prof = rex_profile.sub(r"\1", path)
else:
@ -220,11 +224,18 @@ def remove_old_entries(gens: list[SystemIdentifier]) -> None:
continue
if not (prof, gen_number, None) in gens:
os.unlink(path)
for path in glob.iglob(f"{EFI_SYS_MOUNT_POINT}/efi/nixos/*"):
for path in glob.iglob(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/*"):
if not path in known_paths and not os.path.isdir(path):
os.unlink(path)
def cleanup_esp() -> None:
for path in glob.iglob(f"{EFI_SYS_MOUNT_POINT}/loader/entries/nixos*"):
os.unlink(path)
if os.path.isdir(f"{EFI_SYS_MOUNT_POINT}/{NIXOS_DIR}"):
shutil.rmtree(f"{EFI_SYS_MOUNT_POINT}/{NIXOS_DIR}")
def get_profiles() -> list[str]:
if os.path.isdir("/nix/var/nix/profiles/system-profiles/"):
return [x
@ -255,6 +266,9 @@ def install_bootloader(args: argparse.Namespace) -> None:
# flags to pass to bootctl install/update
bootctl_flags = []
if BOOT_MOUNT_POINT != EFI_SYS_MOUNT_POINT:
bootctl_flags.append(f"--boot-path={BOOT_MOUNT_POINT}")
if CAN_TOUCH_EFI_VARIABLES != "1":
bootctl_flags.append("--no-variables")
@ -263,8 +277,8 @@ def install_bootloader(args: argparse.Namespace) -> None:
if os.getenv("NIXOS_INSTALL_BOOTLOADER") == "1":
# bootctl uses fopen() with modes "wxe" and fails if the file exists.
if os.path.exists(f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf"):
os.unlink(f"{EFI_SYS_MOUNT_POINT}/loader/loader.conf")
if os.path.exists(LOADER_CONF):
os.unlink(LOADER_CONF)
subprocess.check_call([f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"] + bootctl_flags + ["install"])
else:
@ -291,13 +305,15 @@ def install_bootloader(args: argparse.Namespace) -> None:
print("updating systemd-boot from %s to %s" % (installed_version, available_version))
subprocess.check_call([f"{SYSTEMD}/bin/bootctl", f"--esp-path={EFI_SYS_MOUNT_POINT}"] + bootctl_flags + ["update"])
os.makedirs(f"{EFI_SYS_MOUNT_POINT}/efi/nixos", exist_ok=True)
os.makedirs(f"{EFI_SYS_MOUNT_POINT}/loader/entries", exist_ok=True)
os.makedirs(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}", exist_ok=True)
os.makedirs(f"{BOOT_MOUNT_POINT}/loader/entries", exist_ok=True)
gens = get_generations()
for profile in get_profiles():
gens += get_generations(profile)
remove_old_entries(gens)
for gen in gens:
try:
bootspec = get_bootspec(gen.profile, gen.generation)
@ -315,9 +331,15 @@ def install_bootloader(args: argparse.Namespace) -> None:
else:
raise e
for root, _, files in os.walk(f"{EFI_SYS_MOUNT_POINT}/efi/nixos/.extra-files", topdown=False):
relative_root = root.removeprefix(f"{EFI_SYS_MOUNT_POINT}/efi/nixos/.extra-files").removeprefix("/")
actual_root = os.path.join(f"{EFI_SYS_MOUNT_POINT}", relative_root)
if BOOT_MOUNT_POINT != EFI_SYS_MOUNT_POINT:
# Cleanup any entries in ESP if xbootldrMountPoint is set.
# If the user later unsets xbootldrMountPoint, entries in XBOOTLDR will not be cleaned up
# automatically, as we don't have information about the mount point anymore.
cleanup_esp()
for root, _, files in os.walk(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/.extra-files", topdown=False):
relative_root = root.removeprefix(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/.extra-files").removeprefix("/")
actual_root = os.path.join(f"{BOOT_MOUNT_POINT}", relative_root)
for file in files:
actual_file = os.path.join(actual_root, file)
@ -330,7 +352,7 @@ def install_bootloader(args: argparse.Namespace) -> None:
os.rmdir(actual_root)
os.rmdir(root)
os.makedirs(f"{EFI_SYS_MOUNT_POINT}/efi/nixos/.extra-files", exist_ok=True)
os.makedirs(f"{BOOT_MOUNT_POINT}/{NIXOS_DIR}/.extra-files", exist_ok=True)
subprocess.check_call(COPY_EXTRA_FILES)
@ -340,6 +362,8 @@ def main() -> None:
parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help=f"The default {DISTRO_NAME} config to boot")
args = parser.parse_args()
subprocess.check_call(CHECK_MOUNTPOINTS)
try:
install_bootloader(args)
finally:
@ -347,9 +371,14 @@ def main() -> None:
# it can leave the system in an unbootable state, when a crash/outage
# happens shortly after an update. To decrease the likelihood of this
# event sync the efi filesystem after each update.
rc = libc.syncfs(os.open(f"{EFI_SYS_MOUNT_POINT}", os.O_RDONLY))
rc = libc.syncfs(os.open(f"{BOOT_MOUNT_POINT}", os.O_RDONLY))
if rc != 0:
print(f"could not sync {EFI_SYS_MOUNT_POINT}: {os.strerror(rc)}", file=sys.stderr)
print(f"could not sync {BOOT_MOUNT_POINT}: {os.strerror(rc)}", file=sys.stderr)
if BOOT_MOUNT_POINT != EFI_SYS_MOUNT_POINT:
rc = libc.syncfs(os.open(EFI_SYS_MOUNT_POINT, os.O_RDONLY))
if rc != 0:
print(f"could not sync {EFI_SYS_MOUNT_POINT}: {os.strerror(rc)}", file=sys.stderr)
if __name__ == '__main__':

59
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View file

@ -7,7 +7,7 @@ let
efi = config.boot.loader.efi;
systemdBootBuilder = pkgs.substituteAll {
systemdBootBuilder = pkgs.substituteAll rec {
src = ./systemd-boot-builder.py;
isExecutable = true;
@ -28,23 +28,40 @@ let
inherit (efi) efiSysMountPoint canTouchEfiVariables;
bootMountPoint = if cfg.xbootldrMountPoint != null
then cfg.xbootldrMountPoint
else efi.efiSysMountPoint;
nixosDir = "/EFI/nixos";
inherit (config.system.nixos) distroName;
memtest86 = optionalString cfg.memtest86.enable pkgs.memtest86plus;
netbootxyz = optionalString cfg.netbootxyz.enable pkgs.netbootxyz-efi;
checkMountpoints = pkgs.writeShellScript "check-mountpoints" ''
fail() {
echo "$1 = '$2' is not a mounted partition. Is the path configured correctly?" >&2
exit 1
}
${pkgs.util-linuxMinimal}/bin/findmnt ${efiSysMountPoint} > /dev/null || fail efiSysMountPoint ${efiSysMountPoint}
${lib.optionalString
(cfg.xbootldrMountPoint != null)
"${pkgs.util-linuxMinimal}/bin/findmnt ${cfg.xbootldrMountPoint} > /dev/null || fail xbootldrMountPoint ${cfg.xbootldrMountPoint}"}
'';
copyExtraFiles = pkgs.writeShellScript "copy-extra-files" ''
empty_file=$(${pkgs.coreutils}/bin/mktemp)
${concatStrings (mapAttrsToList (n: v: ''
${pkgs.coreutils}/bin/install -Dp "${v}" "${efi.efiSysMountPoint}/"${escapeShellArg n}
${pkgs.coreutils}/bin/install -D $empty_file "${efi.efiSysMountPoint}/efi/nixos/.extra-files/"${escapeShellArg n}
${pkgs.coreutils}/bin/install -Dp "${v}" "${bootMountPoint}/"${escapeShellArg n}
${pkgs.coreutils}/bin/install -D $empty_file "${bootMountPoint}/${nixosDir}/.extra-files/"${escapeShellArg n}
'') cfg.extraFiles)}
${concatStrings (mapAttrsToList (n: v: ''
${pkgs.coreutils}/bin/install -Dp "${pkgs.writeText n v}" "${efi.efiSysMountPoint}/loader/entries/"${escapeShellArg n}
${pkgs.coreutils}/bin/install -D $empty_file "${efi.efiSysMountPoint}/efi/nixos/.extra-files/loader/entries/"${escapeShellArg n}
${pkgs.coreutils}/bin/install -Dp "${pkgs.writeText n v}" "${bootMountPoint}/loader/entries/"${escapeShellArg n}
${pkgs.coreutils}/bin/install -D $empty_file "${bootMountPoint}/${nixosDir}/.extra-files/loader/entries/"${escapeShellArg n}
'') cfg.extraEntries)}
'';
};
@ -99,6 +116,18 @@ in {
'';
};
xbootldrMountPoint = mkOption {
default = null;
type = types.nullOr types.str;
description = lib.mdDoc ''
Where the XBOOTLDR partition is mounted.
If set, this partition will be used as $BOOT to store boot loader entries and extra files
instead of the EFI partition. As per the bootloader specification, it is recommended that
the EFI and XBOOTLDR partitions be mounted at `/efi` and `/boot`, respectively.
'';
};
configurationLimit = mkOption {
default = null;
example = 120;
@ -108,7 +137,7 @@ in {
Useful to prevent boot partition running out of disk space.
`null` means no limit i.e. all generations
that were not garbage collected yet.
that have not been garbage collected yet.
'';
};
@ -200,7 +229,7 @@ in {
'';
description = lib.mdDoc ''
Any additional entries you want added to the `systemd-boot` menu.
These entries will be copied to {file}`/boot/loader/entries`.
These entries will be copied to {file}`$BOOT/loader/entries`.
Each attribute name denotes the destination file name,
and the corresponding attribute value is the contents of the entry.
@ -217,9 +246,9 @@ in {
{ "efi/memtest86/memtest.efi" = "''${pkgs.memtest86plus}/memtest.efi"; }
'';
description = lib.mdDoc ''
A set of files to be copied to {file}`/boot`.
A set of files to be copied to {file}`$BOOT`.
Each attribute name denotes the destination file name in
{file}`/boot`, while the corresponding
{file}`$BOOT`, while the corresponding
attribute value specifies the source file.
'';
};
@ -243,6 +272,18 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = (hasPrefix "/" efi.efiSysMountPoint);
message = "The ESP mount point '${efi.efiSysMountPoint}' must be an absolute path";
}
{
assertion = cfg.xbootldrMountPoint == null || (hasPrefix "/" cfg.xbootldrMountPoint);
message = "The XBOOTLDR mount point '${cfg.xbootldrMountPoint}' must be an absolute path";
}
{
assertion = cfg.xbootldrMountPoint != efi.efiSysMountPoint;
message = "The XBOOTLDR mount point '${cfg.xbootldrMountPoint}' cannot be the same as the ESP mount point '${efi.efiSysMountPoint}'";
}
{
assertion = (config.boot.kernelPackages.kernel.features or { efiBootStub = true; }) ? efiBootStub;
message = "This kernel does not support the EFI boot stub";

4
nixos/modules/system/boot/networkd.nix
View file

@ -647,9 +647,9 @@ let
"BatmanAdvanced"
])
# Note: For DHCP the values both, none, v4, v6 are deprecated
(assertValueOneOf "DHCP" ["yes" "no" "ipv4" "ipv6"])
(assertValueOneOf "DHCP" (boolValues ++ ["ipv4" "ipv6"]))
(assertValueOneOf "DHCPServer" boolValues)
(assertValueOneOf "LinkLocalAddressing" ["yes" "no" "ipv4" "ipv6" "fallback" "ipv4-fallback"])
(assertValueOneOf "LinkLocalAddressing" (boolValues ++ ["ipv4" "ipv6" "fallback" "ipv4-fallback"]))
(assertValueOneOf "IPv6LinkLocalAddressGenerationMode" ["eui64" "none" "stable-privacy" "random"])
(assertValueOneOf "IPv4LLRoute" boolValues)
(assertValueOneOf "DefaultRouteOnDevice" boolValues)

16
nixos/modules/system/boot/systemd/repart.nix
View file

@ -10,6 +10,20 @@ let
"repart.d"
format
(lib.mapAttrs (_n: v: { Partition = v; }) cfg.partitions);
partitionAssertions = lib.mapAttrsToList (fileName: definition:
let
maxLabelLength = 36; # GPT_LABEL_MAX defined in systemd's gpt.h
labelLength = builtins.stringLength definition.Label;
in
{
assertion = definition ? Label -> maxLabelLength >= labelLength;
message = ''
The partition label '${definition.Label}' defined for '${fileName}' is ${toString labelLength}
characters long, but the maximum label length supported by systemd is ${toString maxLabelLength}.
'';
}
) cfg.partitions;
in
{
options = {
@ -81,7 +95,7 @@ in
'boot.initrd.systemd.repart.enable' requires 'boot.initrd.systemd.enable' to be enabled.
'';
}
];
] ++ partitionAssertions;
# systemd-repart uses loopback devices for partition creation
boot.initrd.availableKernelModules = lib.optional initrdCfg.enable "loop";

41
nixos/modules/tasks/filesystems/zfs.nix
View file

@ -347,24 +347,12 @@ in
removeLinuxDRM = lib.mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Linux 6.2 dropped some kernel symbols required on aarch64 required by zfs.
Enabling this option will bring them back to allow this kernel version.
Note that in some jurisdictions this may be illegal as it might be considered
removing copyright protection from the code.
See https://www.ifross.org/?q=en/artikel/ongoing-dispute-over-value-exportsymbolgpl-function for further information.
description = ''
Patch the kernel to change symbols needed by ZFS from
EXPORT_SYMBOL_GPL to EXPORT_SYMBOL.
If configure your kernel package with `zfs.latestCompatibleLinuxPackages`, you will need to also pass removeLinuxDRM to that package like this:
```
{ pkgs, ... }: {
boot.kernelPackages = (pkgs.zfs.override {
removeLinuxDRM = pkgs.hostPlatform.isAarch64;
}).latestCompatibleLinuxPackages;
boot.zfs.removeLinuxDRM = true;
}
```
Currently has no effect, but may again in future if a kernel
update breaks ZFS due to symbols being newly changed to GPL.
'';
};
};
@ -588,9 +576,7 @@ in
kernelParams = lib.optionals (!config.boot.zfs.allowHibernation) [ "nohibernate" ];
extraModulePackages = [
(cfgZfs.modulePackage.override
(lib.optionalAttrs (lib.versionOlder cfgZfs.package.version "2.2.3")
{ inherit (cfgZfs) removeLinuxDRM; }))
cfgZfs.modulePackage
];
};
@ -727,21 +713,6 @@ in
services.udev.packages = [ cfgZfs.package ]; # to hook zvol naming, etc.
systemd.packages = [ cfgZfs.package ];
# Export kernel_neon_* symbols again.
# This change is necessary until ZFS figures out a solution
# with upstream or in their build system to fill the gap for
# this symbol.
# In the meantime, we restore what was once a working piece of code
# in the kernel.
boot.kernelPatches = lib.optional (lib.versionOlder cfgZfs.package.version "2.2.3" && cfgZfs.removeLinuxDRM && pkgs.stdenv.hostPlatform.system == "aarch64-linux") {
name = "export-neon-symbols-as-gpl";
patch = pkgs.fetchpatch {
url = "https://github.com/torvalds/linux/commit/aaeca98456431a8d9382ecf48ac4843e252c07b3.patch";
hash = "sha256-L2g4G1tlWPIi/QRckMuHDcdWBcKpObSWSRTvbHRIwIk=";
revert = true;
};
};
systemd.services = let
createImportService' = pool: createImportService {
inherit pool;

22
nixos/tests/docker-tools.nix
View file

@ -58,6 +58,20 @@ let
'';
config.Cmd = [ "${pkgs.coreutils}/bin/stat" "-c" "%u:%g" "/testfile" ];
};
nonRootTestImage =
pkgs.dockerTools.streamLayeredImage rec {
name = "non-root-test";
tag = "latest";
uid = 1000;
gid = 1000;
uname = "user";
gname = "user";
config = {
User = "user";
Cmd = [ "${pkgs.coreutils}/bin/stat" "-c" "%u:%g" "${pkgs.coreutils}/bin/stat" ];
};
};
in {
name = "docker-tools";
meta = with pkgs.lib.maintainers; {
@ -181,7 +195,7 @@ in {
):
docker.succeed(
"docker load --input='${examples.bashLayeredWithUser}'",
"docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'",
"docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 755 == $(stat --format=%a /nix) && test 755 == $(stat --format=%a /nix/store)'",
"docker rmi ${examples.bashLayeredWithUser.imageName}",
)
@ -604,5 +618,11 @@ in {
"${chownTestImage} | docker load",
"docker run --rm ${chownTestImage.imageName} | diff /dev/stdin <(echo 12345:12345)"
)
with subtest("streamLayeredImage: with non-root user"):
docker.succeed(
"${nonRootTestImage} | docker load",
"docker run --rm ${chownTestImage.imageName} | diff /dev/stdin <(echo 12345:12345)"
)
'';
})

115
nixos/tests/systemd-boot.nix
View file

@ -14,6 +14,72 @@ let
boot.loader.efi.canTouchEfiVariables = true;
environment.systemPackages = [ pkgs.efibootmgr ];
};
commonXbootldr = { config, lib, pkgs, ... }:
let
diskImage = import ../lib/make-disk-image.nix {
inherit config lib pkgs;
label = "nixos";
format = "qcow2";
partitionTableType = "efixbootldr";
touchEFIVars = true;
installBootLoader = true;
};
in
{
imports = [ common ];
virtualisation.useBootLoader = lib.mkForce false; # Only way to tell qemu-vm not to create the default system image
virtualisation.directBoot.enable = false; # But don't direct boot either because we're testing systemd-boot
system.build.diskImage = diskImage; # Use custom disk image with an XBOOTLDR partition
virtualisation.efi.variables = "${diskImage}/efi-vars.fd";
virtualisation.useDefaultFilesystems = false; # Needs custom setup for `diskImage`
virtualisation.bootPartition = null;
virtualisation.fileSystems = {
"/" = {
device = "/dev/vda3";
fsType = "ext4";
};
"/boot" = {
device = "/dev/vda2";
fsType = "vfat";
noCheck = true;
};
"/efi" = {
device = "/dev/vda1";
fsType = "vfat";
noCheck = true;
};
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.efiSysMountPoint = "/efi";
boot.loader.systemd-boot.xbootldrMountPoint = "/boot";
};
customDiskImage = nodes: ''
import os
import subprocess
import tempfile
tmp_disk_image = tempfile.NamedTemporaryFile()
subprocess.run([
"${nodes.machine.virtualisation.qemu.package}/bin/qemu-img",
"create",
"-f",
"qcow2",
"-b",
"${nodes.machine.system.build.diskImage}/nixos.qcow2",
"-F",
"qcow2",
tmp_disk_image.name,
])
# Set NIX_DISK_IMAGE so that the qemu script finds the right disk image.
os.environ['NIX_DISK_IMAGE'] = tmp_disk_image.name
'';
in
{
basic = makeTest {
@ -65,6 +131,32 @@ in
'';
};
basicXbootldr = makeTest {
name = "systemd-boot-xbootldr";
meta.maintainers = with pkgs.lib.maintainers; [ sdht0 ];
nodes.machine = commonXbootldr;
testScript = { nodes, ... }: ''
${customDiskImage nodes}
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /efi/EFI/systemd/systemd-bootx64.efi")
machine.succeed("test -e /boot/loader/entries/nixos-generation-1.conf")
# Ensure we actually booted using systemd-boot
# Magic number is the vendor UUID used by systemd-boot.
machine.succeed(
"test -e /sys/firmware/efi/efivars/LoaderEntrySelected-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
)
# "bootctl install" should have created an EFI entry
machine.succeed('efibootmgr | grep "Linux Boot Manager"')
'';
};
# Check that specialisations create corresponding boot entries.
specialisation = makeTest {
name = "systemd-boot-specialisation";
@ -184,6 +276,29 @@ in
'';
};
entryFilenameXbootldr = makeTest {
name = "systemd-boot-entry-filename-xbootldr";
meta.maintainers = with pkgs.lib.maintainers; [ sdht0 ];
nodes.machine = { pkgs, lib, ... }: {
imports = [ commonXbootldr ];
boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.systemd-boot.memtest86.entryFilename = "apple.conf";
};
testScript = { nodes, ... }: ''
${customDiskImage nodes}
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /efi/EFI/systemd/systemd-bootx64.efi")
machine.fail("test -e /boot/loader/entries/memtest86.conf")
machine.succeed("test -e /boot/loader/entries/apple.conf")
machine.succeed("test -e /boot/EFI/memtest86/memtest.efi")
'';
};
extraEntries = makeTest {
name = "systemd-boot-extra-entries";
meta.maintainers = with pkgs.lib.maintainers; [ Enzime julienmalka ];

4
pkgs/applications/graphics/ImageMagick/default.nix
View file

@ -49,13 +49,13 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "imagemagick";
version = "7.1.1-28";
version = "7.1.1-29";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
rev = finalAttrs.version;
hash = "sha256-WT058DZzMrNKn9E56dH476iCgeOi7QQ3jNBxKAqT6h4=";
hash = "sha256-W9WbHzmTa0dA9+mOxXu88qmN1mO9ORaH0Nj6r2s1Q+E=";
};
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big

386
pkgs/applications/networking/instant-messengers/flare-signal/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

8
pkgs/applications/networking/instant-messengers/flare-signal/default.nix
View file

@ -21,14 +21,14 @@
stdenv.mkDerivation rec {
pname = "flare";
version = "0.12.0";
version = "0.13.0";
src = fetchFromGitLab {
domain = "gitlab.com";
owner = "schmiddi-on-mobile";
repo = "flare";
rev = version;
hash = "sha256-Dg5UhVTmxiwPIbU8fG/ehX9Zp8WI2V+JoOEI7P1Way4=";
hash = "sha256-WfW2xUlF1vCaYFVP6ds06+niULKZgMMxgAOm66LK2xQ=";
};
cargoDeps = rustPlatform.importCargoLock {
@ -36,8 +36,8 @@ stdenv.mkDerivation rec {
outputHashes = {
"curve25519-dalek-4.0.0" = "sha256-KUXvYXeVvJEQ/+dydKzXWCZmA2bFa2IosDzaBL6/Si0=";
"libsignal-protocol-0.1.0" = "sha256-FCrJO7porlY5FrwZ2c67UPd4tgN7cH2/3DTwfPjihwM=";
"libsignal-service-0.1.0" = "sha256-lzyUUP1mhxxIU+xCr+5VAoeEO6FlDgeEJtWhm9avJb8=";
"presage-0.6.0-dev" = "sha256-PqMz6jJuL/4LVY3kNFQ9NmKt3D6cwQkGiPs2QJsL01A=";
"libsignal-service-0.1.0" = "sha256-XkCb83IvlnmvhHD8Vi9D5fNuBOoR9yX0/Vlb+YhrDz8=";
"presage-0.6.0-dev" = "sha256-zot92dlGtB7B423BU74oqpPzQKvLm2Dw9P8lCWkbsoE=";
};
};

4
pkgs/applications/networking/instant-messengers/signal-desktop/signal-desktop-beta.nix
View file

@ -2,7 +2,7 @@
callPackage ./generic.nix {} rec {
pname = "signal-desktop-beta";
dir = "Signal Beta";
version = "7.0.0-beta.1";
version = "7.0.0-beta.2";
url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop-beta/signal-desktop-beta_${version}_amd64.deb";
hash = "sha256-mMwOQVPihko/+ukEsaSu8l2u7obuY6gkTLAhSoWAVLo=";
hash = "sha256-yfa82JI/CKyQNT+oq0laupLyMIrq9Xs99M/xxgM9eQs=";
}

6
pkgs/applications/virtualization/lima/default.nix
View file

@ -11,16 +11,16 @@
buildGoModule rec {
pname = "lima";
version = "0.19.1";
version = "0.20.1";
src = fetchFromGitHub {
owner = "lima-vm";
repo = pname;
rev = "v${version}";
sha256 = "sha256-0EKVWXNxOnz7j+f1ExkwQW69khhazj2Uz7RBAvwSjmQ=";
sha256 = "sha256-MeTFATaAGRSaUXmC1fv9/gMFWafvkteKVJS6MHaqt8A=";
};
vendorHash = "sha256-SfN4gj5nC9TEVD7aogsUv1um5w5Hvdy1eOSSNjGmnEw=";
vendorHash = "sha256-wd7YiEo4Gy2kHF7aCRoNGlbOQUxqQnKqP3znzMqS2PI=";
nativeBuildInputs = [ makeWrapper installShellFiles ]
++ lib.optionals stdenv.isDarwin [ xcbuild.xcrun sigtool ];

63
pkgs/build-support/docker/default.nix
View file

@ -890,41 +890,26 @@ rec {
})
);
# Arguments are documented in ../../../doc/build-helpers/images/dockertools.section.md
streamLayeredImage = lib.makeOverridable (
{
# Image Name
name
, # Image tag, the Nix's output hash will be used if null
tag ? null
, # Parent image, to append to.
fromImage ? null
, # Files to put on the image (a nix store path or list of paths).
contents ? [ ]
, # Docker config; e.g. what command to run on the container.
config ? { }
, # Image architecture, defaults to the architecture of the `hostPlatform` when unset
architecture ? defaultArchitecture
, # Time of creation of the image. Passing "now" will make the
# created date be the time of building.
created ? "1970-01-01T00:00:01Z"
, # Optional bash script to run on the files prior to fixturizing the layer.
extraCommands ? ""
, # Optional bash script to run inside fakeroot environment.
# Could be used for changing ownership of files in customisation layer.
fakeRootCommands ? ""
, # Whether to run fakeRootCommands in fakechroot as well, so that they
# appear to run inside the image, but have access to the normal Nix store.
# Perhaps this could be enabled on by default on pkgs.stdenv.buildPlatform.isLinux
enableFakechroot ? false
, # We pick 100 to ensure there is plenty of room for extension. I
# believe the actual maximum is 128.
maxLayers ? 100
, # Whether to include store paths in the image. You generally want to leave
# this on, but tooling may disable this to insert the store paths more
# efficiently via other means, such as bind mounting the host store.
includeStorePaths ? true
, # Passthru arguments for the underlying derivation.
passthru ? {}
, tag ? null
, fromImage ? null
, contents ? [ ]
, config ? { }
, architecture ? defaultArchitecture
, created ? "1970-01-01T00:00:01Z"
, uid ? 0
, gid ? 0
, uname ? "root"
, gname ? "root"
, maxLayers ? 100
, extraCommands ? ""
, fakeRootCommands ? ""
, enableFakechroot ? false
, includeStorePaths ? true
, passthru ? {}
,
}:
assert
@ -1007,7 +992,7 @@ rec {
conf = runCommand "${baseName}-conf.json"
{
inherit fromImage maxLayers created;
inherit fromImage maxLayers created uid gid uname gname;
imageName = lib.toLower name;
preferLocalBuild = true;
passthru.imageTag =
@ -1086,14 +1071,22 @@ rec {
"store_layers": $store_layers[0],
"customisation_layer", $customisation_layer,
"repo_tag": $repo_tag,
"created": $created
"created": $created,
"uid": $uid,
"gid": $gid,
"uname": $uname,
"gname": $gname
}
' --arg store_dir "${storeDir}" \
--argjson from_image ${if fromImage == null then "null" else "'\"${fromImage}\"'"} \
--slurpfile store_layers store_layers.json \
--arg customisation_layer ${customisationLayer} \
--arg repo_tag "$imageName:$imageTag" \
--arg created "$created" |
--arg created "$created" \
--arg uid "$uid" \
--arg gid "$gid" \
--arg uname "$uname" \
--arg gname "$gname" |
tee $out
'';

27
pkgs/build-support/docker/stream_layered_image.py
View file

@ -9,6 +9,8 @@ image as an uncompressed tarball to stdout:
the fields with the same name on the image spec [2].
* "created" can be "now".
* "created" is also used as mtime for files added to the image.
* "uid", "gid", "uname", "gname" is the file ownership, for example,
0, 0, "root", "root".
* "store_layers" is a list of layers in ascending order, where each
layer is the list of store paths to include in that layer.
@ -45,7 +47,7 @@ from datetime import datetime, timezone
from collections import namedtuple
def archive_paths_to(obj, paths, mtime):
def archive_paths_to(obj, paths, mtime, uid, gid, uname, gname):
"""
Writes the given store paths as a tar file to the given stream.
@ -61,14 +63,14 @@ def archive_paths_to(obj, paths, mtime):
def apply_filters(ti):
ti.mtime = mtime
ti.uid = 0
ti.gid = 0
ti.uname = "root"
ti.gname = "root"
ti.uid = uid
ti.gid = gid
ti.uname = uname
ti.gname = gname
return ti
def nix_root(ti):
ti.mode = 0o0555 # r-xr-xr-x
ti.mode = 0o0755 # rwxr-xr-x
return ti
def dir(path):
@ -208,7 +210,7 @@ def overlay_base_config(from_image, final_config):
return final_config
def add_layer_dir(tar, paths, store_dir, mtime):
def add_layer_dir(tar, paths, store_dir, mtime, uid, gid, uname, gname):
"""
Appends given store paths to a TarFile object as a new layer.
@ -231,7 +233,7 @@ def add_layer_dir(tar, paths, store_dir, mtime):
archive_paths_to(
extract_checksum,
paths,
mtime=mtime,
mtime, uid, gid, uname, gname
)
(checksum, size) = extract_checksum.extract()
@ -247,7 +249,7 @@ def add_layer_dir(tar, paths, store_dir, mtime):
archive_paths_to(
write,
paths,
mtime=mtime,
mtime, uid, gid, uname, gname
)
write.close()
@ -324,6 +326,10 @@ def main():
else datetime.fromisoformat(conf["created"])
)
mtime = int(created.timestamp())
uid = int(conf["uid"])
gid = int(conf["gid"])
uname = conf["uname"]
gname = conf["gname"]
store_dir = conf["store_dir"]
from_image = load_from_image(conf["from_image"])
@ -336,7 +342,8 @@ def main():
for num, store_layer in enumerate(conf["store_layers"], start=start):
print("Creating layer", num, "from paths:", store_layer,
file=sys.stderr)
info = add_layer_dir(tar, store_layer, store_dir, mtime=mtime)
info = add_layer_dir(tar, store_layer, store_dir,
mtime, uid, gid, uname, gname)
layers.append(info)
print("Creating layer", len(layers) + 1, "with customisation...",

6
pkgs/by-name/bi/bitmagnet/package.nix
View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "bitmagnet";
version = "0.6.2";
version = "0.7.0";
src = fetchFromGitHub {
owner = "bitmagnet-io";
repo = "bitmagnet";
rev = "v${version}";
hash = "sha256-17jRktEqBCAXiddx8FnqHg3+c/03nqKHC8BQc9AhQA0=";
hash = "sha256-lomTfG6Fo4IywI8VMRvv4mBNRxLCq6IQGIuaR61UwOE=";
};
vendorHash = "sha256-YfsSz72CeHdrh5610Ilo1NYxlCT993hxWRWh0OsvEQc=";
vendorHash = "sha256-tKU4GoaEwwdbpWjojx+Z/mWxXKjceJPYRg5UTpYzad4=";
ldflags = [ "-s" "-w" ];

0
pkgs/tools/security/bitwarden/cli.nix → pkgs/by-name/bi/bitwarden-cli/package.nix
View file

7
pkgs/tools/security/bitwarden/default.nix → pkgs/by-name/bi/bitwarden-desktop/package.nix
View file

@ -29,7 +29,7 @@ let
icon = "bitwarden";
electron = electron_28;
in buildNpmPackage rec {
pname = "bitwarden";
pname = "bitwarden-desktop";
version = "2024.2.0";
src = fetchFromGitHub {
@ -41,8 +41,7 @@ in buildNpmPackage rec {
patches = [
(fetchpatch2 {
# https://github.com/bitwarden/clients/pull/7508
url = "https://github.com/amarshall/bitwarden-clients/commit/e85fa4ef610d9dd05bd22a9b93d54b0c7901776d.patch";
url = "https://github.com/bitwarden/clients/commit/746bf0a4745423b9e70c2c54dcf76a95ffb62e11.patch";
hash = "sha256-P9MTsiNbAb2kKo/PasIm9kGm0lQjuVUxAJ3Fh1DfpzY=";
})
];
@ -68,7 +67,7 @@ in buildNpmPackage rec {
patches;
patchFlags = [ "-p4" ];
sourceRoot = "${src.name}/${cargoRoot}";
hash = "sha256-KJUz5hvdsurnohUWRZedXvuWMnLtR0dcdTeHtJGrZBs=";
hash = "sha256-LjwtOmIJlwtOiy36Y0pP+jJEwfmCGTN4RhqgmD3Yj6E=";
};
cargoRoot = "apps/desktop/desktop_native";

6
pkgs/by-name/dc/dc3dd/package.nix
View file

@ -23,10 +23,9 @@ stdenv.mkDerivation (finalAttrs: {
makeFlags = [
"PREFIX=$out"
"CC=${stdenv.cc.targetPrefix}cc"
];
configureFlags = lib.optionals (stdenv.hostPlatform.isAarch32 || stdenv.hostPlatform.isAarch64) [ "--build=arm" ];
enableParallelBuilding = true;
meta = with lib; {
@ -34,8 +33,7 @@ stdenv.mkDerivation (finalAttrs: {
mainProgram = "dc3dd";
homepage = "https://sourceforge.net/projects/dc3dd/";
maintainers = with maintainers; [ d3vil0p3r ];
platforms = platforms.unix;
platforms = platforms.linux;
license = licenses.gpl3Plus; # Refer to https://sourceforge.net/p/dc3dd/code/HEAD/tree/COPYING
broken = stdenv.isDarwin;
};
})

90
pkgs/by-name/wa/warp-terminal/package.nix
View file

@ -1,15 +1,74 @@
{ lib
, stdenvNoCC
, stdenv
, fetchurl
, autoPatchelfHook
, undmg
, zstd
, curl
, fontconfig
, libglvnd
, libxkbcommon
, vulkan-loader
, xdg-utils
, xorg
, zlib
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "warp-terminal";
version = "0.2023.12.05.08.02.stable_00";
let
pname = "warp-terminal";
version = "0.2024.02.20.08.01.stable_01";
linux = stdenv.mkDerivation (finalAttrs: {
inherit pname version meta;
src = fetchurl {
url = "https://releases.warp.dev/stable/v${finalAttrs.version}/warp-terminal-v${finalAttrs.version}-1-x86_64.pkg.tar.zst";
hash = "sha256-L8alnqSE4crrDozRfPaAAMkLc+5+8d9XBKd5ddsxmD0=";
};
sourceRoot = ".";
postPatch = ''
substituteInPlace usr/bin/warp-terminal \
--replace-fail /opt/ $out/opt/
'';
nativeBuildInputs = [ autoPatchelfHook zstd ];
buildInputs = [
curl
fontconfig
stdenv.cc.cc.lib # libstdc++.so libgcc_s.so
zlib
];
runtimeDependencies = [
libglvnd # for libegl
libxkbcommon
stdenv.cc.libc
vulkan-loader
xdg-utils
xorg.libX11
xorg.libxcb
xorg.libXcursor
xorg.libXi
];
installPhase = ''
runHook preInstall
mkdir $out
cp -r opt usr/* $out
runHook postInstall
'';
});
darwin = stdenvNoCC.mkDerivation (finalAttrs: {
inherit pname version meta;
src = fetchurl {
url = "https://releases.warp.dev/stable/v${finalAttrs.version}/Warp.dmg";
hash = "sha256-9olAmczIPRXV15NYCOYmwuEmJ7lMeaQRTTfukaYXMR0=";
hash = "sha256-tFtoD8URMFfJ3HRkyKStuDStFkoRIV97y9kV4pbDPro=";
};
sourceRoot = ".";
@ -24,13 +83,18 @@ stdenvNoCC.mkDerivation (finalAttrs: {
runHook postInstall
'';
});
meta = with lib; {
description = "Rust-based terminal";
homepage = "https://www.warp.dev";
license = licenses.unfree;
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
maintainers = with maintainers; [ emilytrau Enzime ];
platforms = platforms.darwin;
};
})
meta = with lib; {
description = "Rust-based terminal";
homepage = "https://www.warp.dev";
license = licenses.unfree;
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
maintainers = with maintainers; [ emilytrau Enzime ];
platforms = platforms.darwin ++ [ "x86_64-linux" ];
};
in
if stdenvNoCC.isDarwin
then darwin
else linux

4
pkgs/development/python-modules/cohere/default.nix
View file

@ -14,14 +14,14 @@
buildPythonPackage rec {
pname = "cohere";
version = "4.49";
version = "4.51";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-UJ6BxE+OG06zGyfY6jiOeeBMW+6DCKwaM3pgU90/Woc=";
hash = "sha256-AfsJLqkDjdT7Ng77NQb60kUe0jHLZ3TjJLmTyTdKVQo=";
};
nativeBuildInputs = [

4
pkgs/development/python-modules/graphviz/default.nix
View file

@ -5,7 +5,7 @@
, fetchFromGitHub
, fetchpatch
, substituteAll
, graphviz
, graphviz-nox
, xdg-utils
, makeFontsConf
, freefont_ttf
@ -34,7 +34,7 @@ buildPythonPackage rec {
patches = [
(substituteAll {
src = ./paths.patch;
inherit graphviz;
graphviz = graphviz-nox;
xdgutils = xdg-utils;
})
# https://github.com/xflr6/graphviz/issues/209

79
pkgs/development/python-modules/ibis-framework/default.nix
View file

@ -17,7 +17,7 @@
, geopandas
, google-cloud-bigquery
, google-cloud-bigquery-storage
, graphviz-nox
, graphviz
, hypothesis
, multipledispatch
, numpy
@ -25,15 +25,17 @@
, packaging
, pandas
, parsy
, pins
, poetry-core
, poetry-dynamic-versioning
, polars
, pooch
, psycopg2
, pyarrow
, pyarrow-hotfix
, pydata-google-auth
, pydruid
, pymysql
, pyodbc
, pyspark
, pytest-benchmark
, pytest-httpserver
@ -63,7 +65,7 @@ let
name = "ibis-testing-data";
owner = "ibis-project";
repo = "testing-data";
# https://github.com/ibis-project/ibis/blob/7.1.0/nix/overlay.nix#L20-L26
# https://github.com/ibis-project/ibis/blob/8.0.0/nix/overlay.nix#L20-L26
rev = "2c6a4bb5d5d525058d8d5b2312a9fee5dafc5476";
hash = "sha256-Lq503bqh9ESZJSk6yVq/uZwkAubzmSmoTBZSsqMm0DY=";
};
@ -71,8 +73,8 @@ in
buildPythonPackage rec {
pname = "ibis-framework";
version = "7.1.0";
format = "pyproject";
version = "8.0.0";
pyproject = true;
disabled = pythonOlder "3.9";
@ -81,7 +83,7 @@ buildPythonPackage rec {
repo = "ibis";
owner = "ibis-project";
rev = "refs/tags/${version}";
hash = "sha256-E7jryoidw6+CjTIex4wcTXcU+8Kg8LDwg7wJvcwj+7Q=";
hash = "sha256-KcNZslqmSbu8uPYKpkyvd7d8Fsf0nQt80y0auXsI8fs=";
};
nativeBuildInputs = [
@ -94,25 +96,24 @@ buildPythonPackage rec {
propagatedBuildInputs = [
atpublic
bidict
filelock
multipledispatch
numpy
pandas
parsy
pooch
pyarrow
pyarrow-hotfix
python-dateutil
pytz
rich
sqlglot
toolz
typing-extensions
]
++ pooch.optional-dependencies.progress
++ pooch.optional-dependencies.xxhash;
];
nativeCheckInputs = [
pytestCheckHook
black
filelock
hypothesis
pytest-benchmark
pytest-httpserver
@ -126,35 +127,28 @@ buildPythonPackage rec {
"--dist=loadgroup"
"-m"
"'${lib.concatStringsSep " or " testBackends} or core'"
];
disabledTests = [
# breakage from sqlalchemy2 truediv changes
"--deselect=ibis/tests/sql/test_sqlalchemy.py::test_tpc_h17"
"test_tpc_h17"
# tries to download duckdb extensions
"--deselect=ibis/backends/duckdb/tests/test_register.py::test_register_sqlite"
"--deselect=ibis/backends/duckdb/tests/test_register.py::test_read_sqlite"
"test_register_sqlite"
"test_read_sqlite"
# duckdb does not respect sample_size=2 (reads 3 lines of csv).
"--deselect=ibis/backends/tests/test_register.py::test_csv_reregister_schema"
"test_csv_reregister_schema"
# duckdb fails with:
# "This function can not be called with an active transaction!, commit or abort the existing one first"
"--deselect=ibis/backends/tests/test_udf.py::test_vectorized_udf"
"--deselect=ibis/backends/tests/test_udf.py::test_map_merge_udf"
"--deselect=ibis/backends/tests/test_udf.py::test_udf"
"--deselect=ibis/backends/tests/test_udf.py::test_map_udf"
# pyarrow13 is not supported yet.
"--deselect=ibis/backends/tests/test_temporal.py::test_date_truncate"
"--deselect=ibis/backends/tests/test_temporal.py::test_integer_to_interval_timestamp"
"--deselect=ibis/backends/tests/test_temporal.py::test_integer_to_interval_timestamp"
"--deselect=ibis/backends/tests/test_temporal.py::test_interval_add_cast_column"
"--deselect=ibis/backends/tests/test_temporal.py::test_integer_to_interval_timestamp"
"--deselect=ibis/backends/tests/test_temporal.py::test_integer_to_interval_timestamp"
"--deselect=ibis/backends/tests/test_temporal.py::test_integer_to_interval_timestamp"
"--deselect=ibis/backends/tests/test_temporal.py::test_integer_to_interval_timestamp"
"--deselect=ibis/backends/tests/test_timecontext.py::test_context_adjustment_filter_before_window"
"--deselect=ibis/backends/tests/test_timecontext.py::test_context_adjustment_window_udf"
"--deselect=ibis/backends/tests/test_timecontext.py::test_context_adjustment_window_udf"
"--deselect=ibis/backends/tests/test_aggregation.py::test_aggregate_grouped"
"test_vectorized_udf"
"test_s3_403_fallback"
"test_map_merge_udf"
"test_udf"
"test_map_udf"
# DataFusion error
"datafusion"
# pluggy.PluggyTeardownRaisedWarning
"test_repr_png_is_not_none_in_not_interactive"
"test_interval_arithmetic"
];
# patch out tests that check formatting with black
@ -162,7 +156,6 @@ buildPythonPackage rec {
find ibis/tests -type f -name '*.py' -exec sed -i \
-e '/^ *assert_decompile_roundtrip/d' \
-e 's/^\( *\)code = ibis.decompile(expr, format=True)/\1code = ibis.decompile(expr)/g' {} +
substituteInPlace pyproject.toml --replace 'sqlglot = ">=10.4.3,<12"' 'sqlglot = "*"'
'';
preCheck = ''
@ -188,20 +181,22 @@ buildPythonPackage rec {
dask = [ dask regex ];
datafusion = [ datafusion ];
druid = [ pydruid sqlalchemy ];
duckdb = [ duckdb duckdb-engine packaging sqlalchemy sqlalchemy-views ];
duckdb = [ duckdb duckdb-engine sqlalchemy sqlalchemy-views ];
flink = [ ];
geospatial = [ geoalchemy2 geopandas shapely ];
mssql = [ sqlalchemy pyodbc sqlalchemy-views ];
mysql = [ sqlalchemy pymysql sqlalchemy-views ];
oracle = [ sqlalchemy oracledb packaging sqlalchemy-views ];
pandas = [ regex ];
polars = [ polars ];
polars = [ polars packaging ];
postgres = [ psycopg2 sqlalchemy sqlalchemy-views ];
pyspark = [ pyspark sqlalchemy ];
snowflake = [ snowflake-connector-python snowflake-sqlalchemy sqlalchemy-views ];
sqlite = [ regex sqlalchemy sqlite sqlalchemy-views ];
pyspark = [ pyspark sqlalchemy packaging ];
snowflake = [ snowflake-connector-python snowflake-sqlalchemy sqlalchemy-views packaging ];
sqlite = [ regex sqlalchemy sqlalchemy-views ];
trino = [ trino-python-client sqlalchemy sqlalchemy-views ];
visualization = [ graphviz-nox ];
visualization = [ graphviz ];
decompiler = [ black ];
examples = [ pins ] ++ pins.optional-dependencies.gcs;
};
};

18
pkgs/development/python-modules/jax/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, blas
, buildPythonPackage
, callPackage
, setuptools
, importlib-metadata
, fetchFromGitHub
@ -126,6 +127,23 @@ buildPythonPackage rec {
pythonImportsCheck = [ "jax" ];
# Test CUDA-enabled jax and jaxlib. Running CUDA-enabled tests is not
# currently feasible within the nix build environment so we have to maintain
# this script separately. See https://github.com/NixOS/nixpkgs/pull/256230
# for a possible remedy to this situation.
#
# Run these tests with eg
#
# NIXPKGS_ALLOW_UNFREE=1 nixglhost -- nix run --impure .#python3Packages.jax.passthru.tests.test_cuda_jaxlibBin
passthru.tests = {
test_cuda_jaxlibSource = callPackage ./test-cuda.nix {
jaxlib = jaxlib.override { cudaSupport = true; };
};
test_cuda_jaxlibBin = callPackage ./test-cuda.nix {
jaxlib = jaxlib-bin.override { cudaSupport = true; };
};
};
meta = with lib; {
description = "Differentiate, compile, and transform Numpy code";
homepage = "https://github.com/google/jax";

17
pkgs/development/python-modules/jax/test-cuda.nix Normal file
View file

@ -0,0 +1,17 @@
{ jax
, jaxlib
, pkgs
}:
pkgs.writers.writePython3Bin "jax-test-cuda" { libraries = [ jax jaxlib ]; } ''
import jax
from jax import random
assert jax.devices()[0].platform == "gpu"
rng = random.PRNGKey(0)
x = random.normal(rng, (100, 100))
x @ x
print("success!")
''

48
pkgs/development/python-modules/jaxlib/bin.nix
View file

@ -2,16 +2,7 @@
# backend will require some additional work. Those wheels are located here:
# https://storage.googleapis.com/jax-releases/libtpu_releases.html.
# For future reference, the easiest way to test the GPU backend is to run
# NIX_PATH=.. nix-shell -p python3 python3Packages.jax "python3Packages.jaxlib-bin.override { cudaSupport = true; }"
# export XLA_FLAGS=--xla_gpu_force_compilation_parallelism=1
# python -c "from jax.lib import xla_bridge; assert xla_bridge.get_backend().platform == 'gpu'"
# python -c "from jax import random; random.PRNGKey(0)"
# python -c "from jax import random; x = random.normal(random.PRNGKey(0), (100, 100)); x @ x"
# There's no convenient way to test the GPU backend in the derivation since the
# nix build environment blocks access to the GPU. See also:
# * https://github.com/google/jax/issues/971#issuecomment-508216439
# * https://github.com/google/jax/issues/5723#issuecomment-913038780
# See `python3Packages.jax.passthru` for CUDA tests.
{ absl-py
, autoPatchelfHook
@ -32,12 +23,21 @@
}:
let
inherit (cudaPackagesGoogle) autoAddOpenGLRunpathHook cudatoolkit cudnn cudaVersion;
inherit (cudaPackagesGoogle) autoAddOpenGLRunpathHook cudaVersion;
version = "0.4.24";
inherit (python) pythonVersion;
cudaLibPath = lib.makeLibraryPath (with cudaPackagesGoogle; [
cuda_cudart.lib # libcudart.so
cuda_cupti.lib # libcupti.so
cudnn.lib # libcudnn.so
libcufft.lib # libcufft.so
libcusolver.lib # libcusolver.so
libcusparse.lib # libcusparse.so
]);
# As of 2023-06-06, google/jax upstream is no longer publishing CPU-only wheels to their GCS bucket. Instead the
# official instructions recommend installing CPU-only versions via PyPI.
cpuSrcs =
@ -189,18 +189,12 @@ buildPythonPackage {
# autoPatchelfHook. That means we need to sneak them into rpath. This step
# must be done after autoPatchelfHook and the automatic stripping of
# artifacts. autoPatchelfHook runs in postFixup and auto-stripping runs in the
# patchPhase. Dependencies:
# * libcudart.so.11.0 -> cudatoolkit_11.lib
# * libcublas.so.11 -> cudatoolkit_11
# * libcuda.so.1 -> opengl driver in /run/opengl-driver/lib
# patchPhase.
preInstallCheck = lib.optional cudaSupport ''
shopt -s globstar
for file in $out/**/*.so; do
rpath=$(patchelf --print-rpath $file)
# For some reason `makeLibraryPath` on `cudatoolkit_11` maps to
# <cudatoolkit_11.lib>/lib which is different from <cudatoolkit_11>/lib.
patchelf --set-rpath "$rpath:${cudatoolkit}/lib:${lib.makeLibraryPath [ cudatoolkit.lib cudnn ]}" $file
patchelf --add-rpath "${cudaLibPath}" "$file"
done
'';
@ -211,12 +205,14 @@ buildPythonPackage {
scipy
];
# Note that cudatoolkit is snecessary since jaxlib looks for "ptxas" in $PATH.
# See https://github.com/NixOS/nixpkgs/pull/164176#discussion_r828801621 for
# more info.
# jaxlib looks for ptxas at runtime, eg when running `jax.random.PRNGKey(0)`.
# Linking into $out is the least bad solution. See
# * https://github.com/NixOS/nixpkgs/pull/164176#discussion_r828801621
# * https://github.com/NixOS/nixpkgs/pull/288829#discussion_r1493852211
# for more info.
postInstall = lib.optional cudaSupport ''
mkdir -p $out/bin
ln -s ${cudatoolkit}/bin/ptxas $out/bin/ptxas
mkdir -p $out/${python.sitePackages}/jaxlib/cuda/bin
ln -s ${lib.getExe' cudaPackagesGoogle.cuda_nvcc "ptxas"} $out/${python.sitePackages}/jaxlib/cuda/bin/ptxas
'';
inherit (jaxlib-build) pythonImportsCheck;
@ -229,8 +225,8 @@ buildPythonPackage {
maintainers = with maintainers; [ samuela ];
platforms = [ "aarch64-darwin" "x86_64-linux" "x86_64-darwin" ];
broken =
!(cudaSupport -> (cudaPackagesGoogle ? cudatoolkit) && lib.versionAtLeast cudatoolkit.version "11.1")
|| !(cudaSupport -> (cudaPackagesGoogle ? cudnn) && lib.versionAtLeast cudnn.version "8.2")
!(cudaSupport -> lib.versionAtLeast cudaVersion "11.1")
|| !(cudaSupport -> lib.versionAtLeast cudaPackagesGoogle.cudnn.version "8.2")
|| !(cudaSupport -> stdenv.isLinux)
|| !(cudaSupport -> (gpuSrcs ? "cuda${cudaVersion}-${pythonVersion}"));
};

47
pkgs/development/python-modules/pyexiftool/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib
, buildPythonPackage
, pythonOlder
, fetchFromGitHub
, exiftool
, setuptools
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "pyexiftool";
version = "0.5.6";
pyproject = true;
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = "sylikc";
repo = "pyexiftool";
rev = "refs/tags/v${version}";
hash = "sha256-dgQkbpCbdq2JbupY0DyQbHPR9Bg+bwDo7yN03o3sX+A=";
};
postPatch = ''
substituteInPlace exiftool/constants.py \
--replace-fail 'DEFAULT_EXECUTABLE = "exiftool"' \
'DEFAULT_EXECUTABLE = "${lib.getExe exiftool}"'
'';
nativeBuildInputs = [
setuptools
];
pythonImportsCheck = [ "exiftool" ];
nativeCheckInputs = [
pytestCheckHook
];
meta = {
changelog = "https://github.com/sylikc/pyexiftool/blob/${src.rev}/CHANGELOG.md";
description = "Python wrapper for exiftool";
homepage = "https://github.com/sylikc/pyexiftool";
license = with lib.licenses; [ bsd3 /* or */ gpl3Plus ];
maintainers = with lib.maintainers; [ dotlambda ];
};
}

24
pkgs/development/python-modules/urwid-readline/default.nix
View file

@ -1,26 +1,34 @@
{ lib
, buildPythonPackage
, fetchPypi
, fetchFromGitHub
, setuptools
, urwid
, glibcLocales
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "urwid_readline";
version = "0.13";
pname = "urwid-readline";
version = "0.14";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-AYAgy8hku17Ye+F9wmsGnq4nVcsp86nFaarDve0e+vQ=";
src = fetchFromGitHub {
owner = "rr-";
repo = "urwid_readline";
rev = "refs/tags/${version}";
hash = "sha256-ZTg+GZnu7R6Jf2+SIwVo57yHnjwuY92DElTJs8oRErE=";
};
nativeBuildInputs = [
setuptools
];
propagatedBuildInputs = [
urwid
];
pythonImportsCheck = [ "urwid_readline" ];
nativeCheckInputs = [
glibcLocales
pytestCheckHook
];

4
pkgs/misc/autotiling/default.nix
View file

@ -2,13 +2,13 @@
buildPythonApplication rec {
pname = "autotiling";
version = "1.9";
version = "1.9.1";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = pname;
rev = "refs/tags/v${version}";
sha256 = "sha256-0wZg4FvBo2AyVRexY3ZJhBTqUwElqyIHD5bLJ84WynE=";
hash = "sha256-PTMF9w4PMkKuhjLAP7856lOOiuyj5YZOoax0K9bgGgQ=";
};
propagatedBuildInputs = [ i3ipc importlib-metadata ];

14
pkgs/os-specific/linux/zfs/2_1.nix
View file

@ -2,7 +2,6 @@
, kernel ? null
, stdenv
, linuxKernel
, removeLinuxDRM ? false
, lib
, nixosTests
, ...
@ -16,20 +15,15 @@ callPackage ./generic.nix args {
# this attribute is the correct one for this package.
kernelModuleAttribute = "zfs_2_1";
# check the release notes for compatible kernels
kernelCompatible =
if stdenv'.isx86_64 || removeLinuxDRM
then kernel.kernelOlder "6.6"
else kernel.kernelOlder "6.2";
kernelCompatible = kernel.kernelOlder "6.8";
latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM
then linuxKernel.packages.linux_6_5
else linuxKernel.packages.linux_6_1;
latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_7;
# This is a fixed version to the 2.1.x series, move only
# if the 2.1.x series moves.
version = "2.1.14";
version = "2.1.15";
hash = "sha256-RVAoZbV9yclGuN+D37SB6UCRFbbLEpBoyrQOQCVsQwE=";
hash = "sha256-zFO8fMbirEOrn5W57rAN7IWY6EIXG8jDXqhP7BWJyiY=";
tests = [
nixosTests.zfs.series_2_1

2
pkgs/test/default.nix
View file

@ -175,4 +175,6 @@ with pkgs;
nixpkgs-check-by-name = callPackage ./nixpkgs-check-by-name { };
auto-patchelf-hook = callPackage ./auto-patchelf-hook { };
systemd = callPackage ./systemd { };
}

5
pkgs/test/systemd/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ lib, callPackage }:
lib.recurseIntoAttrs {
nixos = callPackage ./nixos { };
}

37
pkgs/test/systemd/nixos/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ pkgs, lib, stdenv, ... }:
lib.runTests {
# Merging two non-list definitions must still result in an error
# about a conflicting definition.
test-unitOption-merging-non-lists-conflict =
let nixos = pkgs.nixos {
system.stateVersion = lib.trivial.release;
systemd.services.systemd-test-nixos = {
serviceConfig = lib.mkMerge [
{ StateDirectory = "foo"; }
{ StateDirectory = "bar"; }
];
};
};
in {
expr = (builtins.tryEval (nixos.config.systemd.services.systemd-test-nixos.serviceConfig.StateDirectory)).success;
expected = false;
};
# Merging must lift non-list definitions to a list
# if at least one of them is a list.
test-unitOption-merging-list-non-list-append =
let nixos = pkgs.nixos {
system.stateVersion = lib.trivial.release;
systemd.services.systemd-test-nixos = {
serviceConfig = lib.mkMerge [
{ StateDirectory = "foo"; }
{ StateDirectory = ["bar"]; }
];
};
};
in {
expr = nixos.config.systemd.services.systemd-test-nixos.serviceConfig.StateDirectory;
expected = [ "foo" "bar" ];
};
}

4
pkgs/tools/audio/abcmidi/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "abcMIDI";
version = "2024.02.19";
version = "2024.02.25";
src = fetchzip {
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
hash = "sha256-mby2GAOcjSDgF21ZUOoPbyVV0RNMjIBvS5hg+15G75U=";
hash = "sha256-xaVmK7q10gxN69bGsFEIc01izSbu1m6IyMJWBN6kSzA=";
};
meta = with lib; {

69
pkgs/tools/security/bitwarden/electron-27.patch
View file

@ -1,69 +0,0 @@
From e2c15e826fe9d4d2d12868ef5409e423e3191b58 Mon Sep 17 00:00:00 2001
From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Date: Fri, 8 Dec 2023 13:07:46 +0100
Subject: [PATCH] Bump electron to v27.1.3 (#7134)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
(cherry picked from commit d76602343f36d8e17a9b0204e0290488456c96d5)
---
apps/desktop/electron-builder.json | 2 +-
package-lock.json | 8 ++++----
package.json | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json
index 69d1c0074f..a12870bd96 100644
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -19,7 +19,7 @@
"**/node_modules/@bitwarden/desktop-native/index.js",
"**/node_modules/@bitwarden/desktop-native/desktop_native.${platform}-${arch}*.node"
],
- "electronVersion": "25.9.1",
+ "electronVersion": "27.1.3",
"generateUpdatesFilesForAllChannels": true,
"publish": {
"provider": "generic",
diff --git a/package-lock.json b/package-lock.json
index 3f0afde95b..9b7b2dbcd9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -125,7 +125,7 @@
"cross-env": "7.0.3",
"css-loader": "6.8.1",
"del": "6.1.1",
- "electron": "25.9.1",
+ "electron": "27.1.3",
"electron-builder": "23.6.0",
"electron-log": "5.0.0",
"electron-reload": "2.0.0-alpha.1",
@@ -20173,9 +20173,9 @@
}
},
"node_modules/electron": {
- "version": "25.9.1",
- "resolved": "https://registry.npmjs.org/electron/-/electron-25.9.1.tgz",
- "integrity": "sha512-Uo/Fh7igjoUXA/f90iTATZJesQEArVL1uLA672JefNWTLymdKSZkJKiCciu/Xnd0TS6qvdIOUGuJFSTQnKskXQ==",
+ "version": "27.1.3",
+ "resolved": "https://registry.npmjs.org/electron/-/electron-27.1.3.tgz",
+ "integrity": "sha512-7eD8VMhhlL5J531OOawn00eMthUkX1e3qN5Nqd7eMK8bg5HxQBrn8bdPlvUEnCano9KhrVwaDnGeuzWoDOGpjQ==",
"dev": true,
"hasInstallScript": true,
"dependencies": {
diff --git a/package.json b/package.json
index 9ee884b31d..4a5c3513fd 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
"cross-env": "7.0.3",
"css-loader": "6.8.1",
"del": "6.1.1",
- "electron": "25.9.1",
+ "electron": "27.1.3",
"electron-builder": "23.6.0",
"electron-log": "5.0.0",
"electron-reload": "2.0.0-alpha.1",
--
2.42.0

1
pkgs/top-level/aliases.nix
View file

@ -102,6 +102,7 @@ mapAliases ({
beignet = throw "beignet was removed as it was never ported from old llvmPackages_6 upstream"; # added 2024-01-08
binance = throw "binance has been removed, because it depends on a very outdated and insecure version of electron"; # Added 2023-11-09
bird2 = bird; # Added 2022-02-21
bitwarden = bitwarden-desktop; # Added 2024-02-25
bitwig-studio1 = throw "bitwig-studio1 has been removed, you can upgrade to 'bitwig-studio'"; # Added 2023-01-03
bitwig-studio2 = throw "bitwig-studio2 has been removed, you can upgrade to 'bitwig-studio'"; # Added 2023-01-03
blender-with-packages = args:

4
pkgs/top-level/all-packages.nix
View file

@ -3552,10 +3552,6 @@ with pkgs;
biscuit-cli = callPackage ../tools/security/biscuit-cli { };
bitwarden = callPackage ../tools/security/bitwarden { };
bitwarden-cli = callPackage ../tools/security/bitwarden/cli.nix { };
inherit (callPackages ../tools/security/bitwarden-directory-connector { }) bitwarden-directory-connector-cli bitwarden-directory-connector;
bitwarden-menu = python3Packages.callPackage ../applications/misc/bitwarden-menu { };

6
pkgs/top-level/perl-packages.nix
View file

@ -13563,10 +13563,10 @@ with self; {
LaTeXML = buildPerlPackage rec {
pname = "LaTeXML";
version = "0.8.7";
version = "0.8.8";
src = fetchurl {
url = "mirror://cpan/authors/id/B/BR/BRMILLER/${pname}-${version}.tar.gz";
hash = "sha256-JdqdlEB3newNrdTMLUIn6Oq4dDfAcZh3J03PuQakzHk=";
hash = "sha256-fSu+LOJSuvhro/OIzQ3sOqSDj0nWErnsfMT/iBBbrcw=";
};
outputs = [ "out" "tex" ];
propagatedBuildInputs = [ ArchiveZip DBFile FileWhich IOString ImageMagick ImageSize JSONXS LWP ParseRecDescent PodParser TextUnidecode XMLLibXSLT ];
@ -13595,7 +13595,7 @@ with self; {
homepage = "https://dlmf.nist.gov/LaTeXML/";
license = with lib.licenses; [ publicDomain ];
maintainers = with maintainers; [ xworld21 ];
mainProgram = "latexml";
mainProgram = "latexmlc";
};
};

6
pkgs/top-level/python-packages.nix
View file

@ -4965,9 +4965,7 @@ self: super: with self; {
graphtage = callPackage ../development/python-modules/graphtage { };
graphviz = callPackage ../development/python-modules/graphviz {
inherit (pkgs) graphviz;
};
graphviz = callPackage ../development/python-modules/graphviz { };
grappelli-safe = callPackage ../development/python-modules/grappelli-safe { };
@ -10567,6 +10565,8 @@ self: super: with self; {
pyexcel-xls = callPackage ../development/python-modules/pyexcel-xls { };
pyexiftool = callPackage ../development/python-modules/pyexiftool { };
pyexploitdb = callPackage ../development/python-modules/pyexploitdb { };
pyezviz = callPackage ../development/python-modules/pyezviz { };