cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2024-04-22 00:03:22 +00:00 committed by GitHub
commit 9c035c4419
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
49 changed files with 584 additions and 391 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/doc/manual/release-notes/rl-2405.section.md
View file

@ -155,6 +155,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks]($opt-services-microsocks.enable).
- [inadyn](https://github.com/troglobit/inadyn), a Dynamic DNS client with built-in support for multiple providers. Available as [services.inadyn](#opt-services.inadyn.enable).
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
- [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](#opt-services.prometheus.exporters.fritz.enable).
@ -349,6 +351,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version.
- Paths provided as `restartTriggers` and `reloadTriggers` for systemd units will now be copied into the nix store to make the behavior consistent.
Previously, `restartTriggers = [ ./config.txt ]`, if defined in a flake, would trigger a restart when any part of the flake changed; and if not defined in a flake, would never trigger a restart even if the contents of `config.txt` changed.
- `spark2014` has been renamed to `gnatprove`. A version of `gnatprove` matching different GNAT versions is available from the different `gnatPackages` sets.
- `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead.

15
nixos/lib/systemd-lib.nix
View file

@ -14,10 +14,12 @@ let
elem
filter
filterAttrs
flatten
flip
head
isInt
isList
isPath
length
makeBinPath
makeSearchPathOutput
@ -28,6 +30,7 @@ let
optional
optionalAttrs
optionalString
pipe
range
replaceStrings
reverseList
@ -366,9 +369,17 @@ in rec {
// optionalAttrs (config.requisite != [])
{ Requisite = toString config.requisite; }
// optionalAttrs (config ? restartTriggers && config.restartTriggers != [])
{ X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (toString config.restartTriggers)}"; }
{ X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (pipe config.restartTriggers [
flatten
(map (x: if isPath x then "${x}" else x))
toString
])}"; }
// optionalAttrs (config ? reloadTriggers && config.reloadTriggers != [])
{ X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (toString config.reloadTriggers)}"; }
{ X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (pipe config.reloadTriggers [
flatten
(map (x: if isPath x then "${x}" else x))
toString
])}"; }
// optionalAttrs (config.description != "") {
Description = config.description; }
// optionalAttrs (config.documentation != []) {

1
nixos/modules/module-list.nix
View file

@ -1012,6 +1012,7 @@
./services/networking/icecream/daemon.nix
./services/networking/icecream/scheduler.nix
./services/networking/imaginary.nix
./services/networking/inadyn.nix
./services/networking/inspircd.nix
./services/networking/iodine.nix
./services/networking/iperf3.nix

5
nixos/modules/programs/fzf.nix
View file

@ -15,11 +15,12 @@ in
environment.systemPackages = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) [ pkgs.fzf ];
programs = {
bash.interactiveShellInit = lib.optionalString cfg.fuzzyCompletion ''
# load after programs.bash.enableCompletion
bash.promptPluginInit = lib.mkAfter (lib.optionalString cfg.fuzzyCompletion ''
source ${pkgs.fzf}/share/fzf/completion.bash
'' + lib.optionalString cfg.keybindings ''
source ${pkgs.fzf}/share/fzf/key-bindings.bash
'';
'');
zsh = {
interactiveShellInit = lib.optionalString (!config.programs.zsh.ohMyZsh.enable)

18
nixos/modules/services/networking/firewall-nftables.nix
View file

@ -45,6 +45,18 @@ in
This option only works with the nftables based firewall.
'';
};
extraReversePathFilterRules = mkOption {
type = types.lines;
default = "";
example = "fib daddr . mark . iif type local accept";
description = ''
Additional nftables rules to be appended to the rpfilter-allow
chain.
This option only works with the nftables based firewall.
'';
};
};
};
@ -79,6 +91,8 @@ in
meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server"
fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept
jump rpfilter-allow
${optionalString cfg.logReversePathDrops ''
log level info prefix "rpfilter drop: "
''}
@ -86,6 +100,10 @@ in
}
''}
chain rpfilter-allow {
${cfg.extraReversePathFilterRules}
}
chain input {
type filter hook input priority filter; policy drop;

250
nixos/modules/services/networking/inadyn.nix Normal file
View file

@ -0,0 +1,250 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.inadyn;
# check if a value of an attrset is not null or an empty collection
nonEmptyValue = _: v: v != null && v != [ ] && v != { };
renderOption = k: v:
if builtins.elem k [ "provider" "custom" ] then
lib.concatStringsSep "\n"
(mapAttrsToList
(name: config: ''
${k} ${name} {
${lib.concatStringsSep "\n " (mapAttrsToList renderOption (filterAttrs nonEmptyValue config))}
}'')
v)
else if k == "include" then
"${k}(\"${v}\")"
else if k == "hostname" && builtins.isList v then
"${k} = { ${builtins.concatStringsSep ", " (map (s: "\"${s}\"") v)} }"
else if builtins.isBool v then
"${k} = ${boolToString v}"
else if builtins.isString v then
"${k} = \"${v}\""
else
"${k} = ${toString v}";
configFile' = pkgs.writeText "inadyn.conf"
''
# This file was generated by nix
# do not edit
${(lib.concatStringsSep "\n" (mapAttrsToList renderOption (filterAttrs nonEmptyValue cfg.settings)))}
'';
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
in
{
options.services.inadyn = with types;
let
providerOptions =
{
include = mkOption {
default = null;
description = "File to include additional settings for this provider from.";
type = nullOr path;
};
ssl = mkOption {
default = true;
description = "Whether to use HTTPS for this DDNS provider.";
type = bool;
};
username = mkOption {
default = null;
description = "Username for this DDNS provider.";
type = nullOr str;
};
password = mkOption {
default = null;
description = ''
Password for this DDNS provider.
WARNING: This will be world-readable in the nix store.
To store credentials securely, use the `include` or `configFile` options.
'';
type = nullOr str;
};
hostname = mkOption {
default = "*";
example = "your.cool-domain.com";
description = "Hostname alias(es).";
type = either str (listOf str);
};
};
in
{
enable = mkEnableOption (''
synchronise your machine's IP address with a dynamic DNS provider using inadyn
'');
user = mkOption {
default = "inadyn";
type = types.str;
description = ''
User account under which inadyn runs.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the inadyn service starts.
:::
'';
};
group = mkOption {
default = "inadyn";
type = types.str;
description = ''
Group account under which inadyn runs.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the inadyn service starts.
:::
'';
};
interval = mkOption {
default = "*-*-* *:*:00";
description = ''
How often to check the current IP.
Uses the format described in {manpage}`systemd.time(7)`";
'';
type = str;
};
logLevel = lib.mkOption {
type = lib.types.enum [ "none" "err" "warning" "info" "notice" "debug" ];
default = "notice";
description = "Set inadyn's log level.";
};
settings = mkOption {
default = { };
description = "See `inadyn.conf (5)`";
type = submodule {
freeformType = attrs;
options = {
allow-ipv6 = mkOption {
default = config.networking.enableIPv6;
defaultText = "`config.networking.enableIPv6`";
description = "Whether to get IPv6 addresses from interfaces.";
type = bool;
};
forced-update = mkOption {
default = 2592000;
description = "Duration (in seconds) after which an update is forced.";
type = ints.positive;
};
provider = mkOption {
default = { };
description = ''
Settings for DDNS providers built-in to inadyn.
For a list of built-in providers, see `inadyn.conf (5)`.
'';
type = attrsOf (submodule {
freeformType = attrs;
options = providerOptions;
});
};
custom = mkOption {
default = { };
description = ''
Settings for custom DNS providers.
'';
type = attrsOf (submodule {
freeformType = attrs;
options = providerOptions // {
ddns-server = mkOption {
description = "DDNS server name.";
type = str;
};
ddns-path = mkOption {
description = ''
DDNS server path.
See `inadnyn.conf (5)` for a list for format specifiers that can be used.
'';
example = "/update?user=%u&password=%p&domain=%h&myip=%i";
type = str;
};
};
});
};
};
};
};
configFile = mkOption {
default = null;
description = ''
Configuration file for inadyn.
Setting this will override all other configuration options.
Passed to the inadyn service using LoadCredential.
'';
type = nullOr path;
};
};
config = lib.mkIf cfg.enable {
systemd = {
services.inadyn = {
description = "Update nameservers using inadyn";
documentation = [
"man:inadyn"
"man:inadyn.conf"
"file:${pkgs.inadyn}/share/doc/inadyn/README.md"
];
requires = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
startAt = cfg.interval;
serviceConfig = {
Type = "oneshot";
ExecStart = ''${lib.getExe pkgs.inadyn} -f ${configFile} --cache-dir ''${CACHE_DIRECTORY}/inadyn -1 --foreground -l ${cfg.logLevel}'';
LoadCredential = "config:${configFile}";
CacheDirectory = "inadyn";
User = cfg.user;
Group = cfg.group;
UMask = "0177";
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectSystem = "strict";
ProtectProc = "invisible";
ProtectHome = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = "@system-service";
CapabilityBoundingSet = "";
};
};
timers.inadyn.timerConfig.Persistent = true;
};
users.users.inadyn = mkIf (cfg.user == "inadyn") {
group = cfg.group;
isSystemUser = true;
};
users.groups = mkIf (cfg.group == "inadyn") {
inadyn = { };
};
};
}

8
nixos/modules/services/web-apps/pretalx.nix
View file

@ -286,16 +286,16 @@ in
virtualHosts.${cfg.nginx.domain} = {
# https://docs.pretalx.org/administrator/installation.html#step-7-ssl
extraConfig = ''
more_set_headers Referrer-Policy same-origin;
more_set_headers X-Content-Type-Options nosniff;
more_set_headers "Referrer-Policy: same-origin";
more_set_headers "X-Content-Type-Options: nosniff";
'';
locations = {
"/".proxyPass = "http://pretalx";
"/media/" = {
alias = "${cfg.settings.filesystem.data}/data/media/";
alias = "${cfg.settings.filesystem.data}/media/";
extraConfig = ''
access_log off;
more_set_headers Content-Disposition 'attachment; filename="$1"';
more_set_headers 'Content-Disposition: attachment; filename="$1"';
expires 7d;
'';
};

2
nixos/modules/virtualisation/digital-ocean-config.nix
View file

@ -41,7 +41,7 @@ with lib;
kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
initrd.kernelModules = [ "virtio_scsi" ];
kernelModules = [ "virtio_pci" "virtio_net" ];
loader.grub.devices = lib.mkDefault ["/dev/vda"];
loader.grub.devices = ["/dev/vda"];
};
services.openssh = {
enable = mkDefault true;

13
pkgs/applications/display-managers/greetd/wlgreet.nix
View file

@ -1,6 +1,10 @@
{ lib
, rustPlatform
, fetchFromSourcehut
, autoPatchelfHook
, gcc-unwrapped
, wayland
, libxkbcommon
}:
rustPlatform.buildRustPackage rec {
@ -16,6 +20,15 @@ rustPlatform.buildRustPackage rec {
cargoHash = "sha256-1ugExUtrzqyd9dTlBHcc44UrtEfYrfUryuG79IkTv2Y=";
nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = [ gcc-unwrapped ];
runtimeDependencies = map lib.getLib [
gcc-unwrapped
wayland
libxkbcommon
];
meta = with lib; {
description = "Raw wayland greeter for greetd, to be run under sway or similar";
mainProgram = "wlgreet";

83
pkgs/applications/misc/freemind/default.nix
View file

@ -1,43 +1,76 @@
{ lib, stdenv, fetchurl, jdk, jre, ant }:
{
lib,
stdenv,
fetchurl,
ant,
jdk,
jre,
makeWrapper,
stripJavaArchivesHook,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "freemind";
version = "1.0.1";
src = fetchurl {
url = "mirror://sourceforge/freemind/freemind-src-${version}.tar.gz";
sha256 = "06c6pm7hpwh9hbmyah3lj2wp1g957x8znfwc5cwygsi7dc98b0h1";
url = "mirror://sourceforge/freemind/freemind-src-${finalAttrs.version}.tar.gz";
hash = "sha256-AYKFEmsn6uc5K4w7+1E/Jb1wuZB0QOXrggnyC0+9hhk=";
};
buildInputs = [ jdk ant ];
nativeBuildInputs = [
ant
jdk
makeWrapper
stripJavaArchivesHook
];
postPatch = ''
# disable the <buildnumer> task because it would edit version.properties
# and add a "last edited" header to it, which is non-deterministic
sed -i '/<buildnumber/d' build.xml
# replace dependency on `which`
substituteInPlace freemind.sh \
--replace-fail "which" "type -p"
'';
preConfigure = ''
chmod +x check_for_duplicate_resources.sh
sed 's,/bin/bash,${stdenv.shell},' -i check_for_duplicate_resources.sh
## work around javac encoding errors
export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8"
chmod +x *.sh
patchShebangs *.sh
'';
buildPhase = "ant dist";
# Workaround for javac encoding errors
# Note: not sure if this is still needed
env.JAVA_TOOL_OPTIONS = "-Dfile.encoding=UTF8";
buildPhase = ''
runHook preBuild
ant build
runHook postBuild
'';
installPhase = ''
mkdir -p $out/{bin,nix-support}
cp -r ../bin/dist $out/nix-support
sed -i 's/which/type -p/' $out/nix-support/dist/freemind.sh
cat >$out/bin/freemind <<EOF
#! ${stdenv.shell}
JAVA_HOME=${jre} $out/nix-support/dist/freemind.sh
EOF
chmod +x $out/{bin/freemind,nix-support/dist/freemind.sh}
runHook preInstall
ant dist -Ddist=$out/share/freemind
runHook postInstall
'';
meta = with lib; {
postFixup = ''
makeWrapper $out/share/freemind/freemind.sh $out/bin/freemind \
--set JAVA_HOME ${jre}
'';
meta = {
description = "Mind-mapping software";
mainProgram = "freemind";
homepage = "https://freemind.sourceforge.net/wiki/index.php/Main_Page";
license = licenses.gpl2Plus;
platforms = platforms.linux;
mainProgram = "freemind";
maintainers = with lib.maintainers; [ tomasajt ];
license = lib.licenses.gpl2Plus;
platforms = lib.platforms.linux;
sourceProvenance = with lib.sourceTypes; [
fromSource
binaryBytecode # source bundles dependencies as jars
];
};
}
})

5
pkgs/applications/version-management/delta/default.nix
View file

@ -44,6 +44,11 @@ rustPlatform.buildRustPackage rec {
etc/completion/completion.{bash,fish,zsh}
'';
# test_env_parsing_with_pager_set_to_bat sets environment variables,
# which can be flaky with multiple threads:
# https://github.com/dandavison/delta/issues/1660
dontUseCargoParallelTests = true;
checkFlags = lib.optionals stdenv.isDarwin [
"--skip=test_diff_same_non_empty_file"
];

7
pkgs/applications/version-management/git-interactive-rebase-tool/default.nix
View file

@ -12,10 +12,9 @@ rustPlatform.buildRustPackage rec {
};
postPatch = ''
# unknown lint: `ffi_unwind_calls`
# note: the `ffi_unwind_calls` lint is unstable
substituteInPlace src/main.rs src/{config,core,display,input,git,runtime,todo_file,testutils,view}/src/lib.rs \
--replace "ffi_unwind_calls," ""
# error: lint `unused_tuple_struct_fields` has been renamed to `dead_code`
substituteInPlace scripts/data/lints.rs src/main.rs src/{config,core,display,git,input,runtime,testutils,todo_file,view}/src/lib.rs \
--replace-fail "unused_tuple_struct_fields," ""
'';
cargoLock = {

4
pkgs/by-name/et/etlegacy-unwrapped/package.nix
View file

@ -22,7 +22,7 @@
, zlib
}:
let
version = "2.82.0";
version = "2.82.1";
fakeGit = writeShellApplication {
name = "git";
@ -41,7 +41,7 @@ stdenv.mkDerivation {
owner = "etlegacy";
repo = "etlegacy";
rev = "refs/tags/v${version}";
hash = "sha256-yNVVEa+3+Swm3hgwm9cSLV0K88E37TgVVjh1uUl8O2o=";
hash = "sha256-DA5tudbehXIU+4hX3ggcxWZ7AAOa8LUkIvUHbgMgDY8=";
};
nativeBuildInputs = [

2
pkgs/by-name/et/etlegacy/package.nix
View file

@ -7,7 +7,7 @@
symlinkJoin {
name = "etlegacy";
version = "2.82.0";
version = "2.82.1";
paths = [
etlegacy-assets
etlegacy-unwrapped

1
pkgs/games/find-billy/default.nix → pkgs/by-name/fi/find-billy/package.nix
View file

@ -65,5 +65,6 @@ stdenv.mkDerivation rec {
homepage = "https://codeberg.org/annaaurora/Find-Billy";
license = licenses.gpl3Plus;
platforms = [ "x86_64-linux" ];
maintainers = [ maintainers.annaaurora ];
};
}

4
pkgs/by-name/ga/gamescope/package.nix
View file

@ -43,14 +43,14 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "gamescope";
version = "3.14.3";
version = "3.14.4";
src = fetchFromGitHub {
owner = "ValveSoftware";
repo = "gamescope";
rev = "refs/tags/${finalAttrs.version}";
fetchSubmodules = true;
hash = "sha256-+6RyrdHRDk9aeM52wcgLo966jP70EAiXSMR3sffNeZM=";
hash = "sha256-kmi+3EH5h5kQeyTB3RnnndPn+akHFAF0N7Gt/aCOdcs=";
};
patches = [

5
pkgs/by-name/in/incus/client.nix
View file

@ -16,7 +16,6 @@ in
buildGoModule {
inherit
meta
patches
pname
src
@ -39,4 +38,8 @@ buildGoModule {
# don't run the full incus test suite
doCheck = false;
meta = meta // {
platforms = lib.platforms.linux ++ lib.platforms.darwin;
};
}

7
pkgs/by-name/kt/ktfmt/package.nix
View file

@ -11,14 +11,17 @@ maven.buildMavenPackage rec {
hash = "sha256-vdvKHTTD84OAQacv/VE/5BxYdW4n3bxPUHF2MdH+sQQ=";
};
mvnHash = "sha256-Cl7P2i4VFJ/yk7700u62YPcacfKkhBztFvcDkYBfZEA=";
patches = [ ./pin-default-maven-plugin-versions.patch ];
mvnHash = "sha256-iw28HS0WMFC9BKQKr0v33D77rMQeIMKjXduqPcYU1XA=";
mvnParameters = "-Dproject.build.outputTimestamp=1980-01-01T00:00:02Z";
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
runHook preInstall
mkdir -p $out/bin
install -Dm644 core/target/ktfmt-*-jar-with-dependencies.jar $out/share/ktfmt/ktfmt.jar
makeWrapper ${jre_headless}/bin/java $out/bin/ktfmt \

60
pkgs/by-name/kt/ktfmt/pin-default-maven-plugin-versions.patch Normal file
View file

@ -0,0 +1,60 @@
diff --git a/core/pom.xml b/core/pom.xml
index 267689e..6b6e04d 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -34,6 +34,55 @@
<sourceDirectory>${project.basedir}/src/main/java</sourceDirectory>
<testSourceDirectory>${project.basedir}/src/test/java</testSourceDirectory>
<plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.4.1</version>
+ <executions>
+ <execution>
+ <id>require-all-plugin-versions-to-be-set</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requirePluginVersions />
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>3.2.5</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-clean-plugin</artifactId>
+ <version>3.3.2</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-install-plugin</artifactId>
+ <version>3.1.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>4.0.0-M13</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>3.3.1</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <version>3.1.1</version>
+ </plugin>
<plugin>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-maven-plugin</artifactId>

2
pkgs/by-name/lx/lxd-lts/package.nix
View file

@ -141,7 +141,7 @@ symlinkJoin {
'';
passthru = {
inherit (lxd-unwrapped-lts) tests ui;
inherit (lxd-unwrapped-lts) tests;
};
inherit (lxd-unwrapped-lts) meta pname version;

50
pkgs/by-name/po/pokemon-cursor/package.nix Normal file
View file

@ -0,0 +1,50 @@
{ fetchFromGitHub
, lib
, stdenvNoCC
, # build deps
clickgen
, python3Packages
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "pokemon-cursor";
version = "2.0.0";
src = fetchFromGitHub {
owner = "ful1e5";
repo = "pokemon-cursor";
rev = "v${finalAttrs.version}";
sha256 = "sha256-EL6Ztbzjm1YuQP+8ZbrhbuBXn+GFiJGG0iGNWzU/rBY=";
};
nativeBuildInputs = [
clickgen
python3Packages.attrs
];
buildPhase = ''
runHook preBuild
ctgen build.toml -p x11 -o $out
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/share/icons
mv $out/Pokemon $out/share/icons
runHook postInstall
'';
meta = with lib; {
description = "An unofficial open-source Pokemon cursor theme";
homepage = "https://github.com/ful1e5/pokemon-cursor";
license = licenses.gpl3Plus;
maintainers = [ maintainers.getpsyched ];
platforms = platforms.linux;
};
})

4
pkgs/by-name/wt/wtfis/package.nix
View file

@ -5,12 +5,12 @@
let
pname = "wtfis";
version = "0.8.0";
version = "0.9.0";
src = fetchFromGitHub {
owner = "pirxthepilot";
repo = "wtfis";
rev = "refs/tags/v${version}";
hash = "sha256-eSmvyDr8PbB15UWIl67Qp2qHeOq+dmnP8eMsvcGypVw=";
hash = "sha256-LeIb2MLxulDsgQepNr7I81u8gG4HQC6PsszKZKVjFkw=";
};
in python3.pkgs.buildPythonApplication {
inherit pname version src;

4
pkgs/development/ocaml-modules/ocaml-protoc-plugin/default.nix
View file

@ -49,5 +49,9 @@ buildDunePackage rec {
and de-serialization function from a .proto file.
'';
maintainers = [ lib.maintainers.GirardR1006 ];
# Broken with Dune 3.15.1:
# Error: Dependency cycle between:
# %{read:config/support_proto3_optional.conf} at test/dune:16
broken = true;
};
}

2
pkgs/development/python-modules/backports_shutil_get_terminal_size/default.nix → pkgs/development/python-modules/backports-shutil-get-terminal-size/default.nix
View file

@ -6,7 +6,7 @@
}:
if !(pythonOlder "3.3") then null else buildPythonPackage {
pname = "backports.shutil_get_terminal_size";
pname = "backports-shutil-get-terminal-size";
version = "unstable-2016-02-21";
# there have been numerous fixes committed since the initial release.

4
pkgs/development/python-modules/cachelib/default.nix
View file

@ -8,7 +8,7 @@
buildPythonPackage rec {
pname = "cachelib";
version = "0.12.0";
version = "0.13.0";
format = "setuptools";
disabled = pythonOlder "3.6";
@ -16,7 +16,7 @@ buildPythonPackage rec {
owner = "pallets";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-gSBY8zMGVn5Ndu4OexMP1v7bhXAAdl2UcEjjKFa21rE=";
hash = "sha256-8jg+zfdIATvu/GSFvqHl4cNMu+s2IFWC22vPZ7Q3WYI=";
};
nativeCheckInputs = [

40
pkgs/development/python-modules/etelemetry/default.nix
View file

@ -1,20 +1,37 @@
{ lib, buildPythonPackage, fetchPypi, isPy27, ci-info, ci-py, requests }:
{ lib
, buildPythonPackage
, fetchFromGitHub
, pythonOlder
, pytestCheckHook
, ci-info
, ci-py
, requests
, setuptools
}:
buildPythonPackage rec {
version = "0.2.1";
format = "setuptools";
pname = "etelemetry";
disabled = isPy27;
version = "0.3.1";
pyproject = true;
src = fetchPypi {
inherit pname version;
sha256 = "1rw8im09ppnb7z7p7rx658rp5ib8zca8byxg1kiflqwgx5c8zddz";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "sensein";
repo = "etelemetry-client";
rev = "refs/tags/v${version}";
hash = "sha256-UaE5JQhv2AtzXKY7YD2/g6Kj1igKhmnY3zlf1P9B/iQ=";
};
propagatedBuildInputs = [ ci-info ci-py requests ];
nativeBuildInputs = [ setuptools ];
# all 2 of the tests both try to pull down from a url
doCheck = false;
propagatedBuildInputs = [
ci-info
ci-py
requests
];
nativeCheckInputs = [ pytestCheckHook ];
pythonImportsCheck = [
"etelemetry"
@ -24,7 +41,8 @@ buildPythonPackage rec {
meta = with lib; {
description = "Lightweight python client to communicate with the etelemetry server";
homepage = "https://github.com/mgxd/etelemetry-client";
homepage = "https://github.com/sensein/etelemetry-client";
changelog = "https://github.com/sensein/etelemetry-client/releases/tag/v${version}";
license = licenses.asl20;
maintainers = with maintainers; [ ];
};

10
pkgs/development/python-modules/nvchecker/default.nix
View file

@ -21,7 +21,7 @@
buildPythonPackage rec {
pname = "nvchecker";
version = "2.14";
version = "2.14.1";
pyproject = true;
disabled = pythonOlder "3.8";
@ -30,15 +30,9 @@ buildPythonPackage rec {
owner = "lilydjwg";
repo = "nvchecker";
rev = "v${version}";
hash = "sha256-QqfF8PGY8sULv1x0blu21ucWxqhOpQ7jyLuRCzDIpco=";
hash = "sha256-V2lTGeaiwUsh8IONbZ5GQrqevJMhjeuFLTDF8UdWg8Q=";
};
postPatch = ''
# Fix try/except syntax. Remove with the next release
substituteInPlace tests/test_jq.py \
--replace-warn "except jq" "except ImportError"
'';
nativeBuildInputs = [
setuptools
docutils

6
pkgs/development/tools/misc/one_gadget/Gemfile.lock
View file

@ -1,10 +1,10 @@
GEM
remote: https://rubygems.org/
specs:
bindata (2.4.15)
bindata (2.5.0)
elftools (1.1.3)
bindata (~> 2)
one_gadget (1.8.1)
one_gadget (1.9.0)
elftools (>= 1.0.2, < 1.2.0)
PLATFORMS
@ -14,4 +14,4 @@ DEPENDENCIES
one_gadget
BUNDLED WITH
2.4.19
2.5.7

1
pkgs/development/tools/misc/one_gadget/default.nix
View file

@ -18,6 +18,7 @@ bundlerApp {
homepage = "https://github.com/david942j/one_gadget";
license = licenses.mit;
maintainers = with maintainers; [ artemist nicknovitski ];
mainProgram = "one_gadget";
platforms = platforms.unix;
};
}

8
pkgs/development/tools/misc/one_gadget/gemset.nix
View file

@ -4,10 +4,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "04y4zgh4bbcb8wmkxwfqg4saky1d1f3xw8z6yk543q13h8ky8rz5";
sha256 = "08r67nglsqnxrbn803szf5bdnqhchhq8kf2by94f37fcl65wpp19";
type = "gem";
};
version = "2.4.15";
version = "2.5.0";
};
elftools = {
dependencies = ["bindata"];
@ -26,9 +26,9 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0dwsmjhr9i8gwwbbpiyddbhcx74cvqqk90a5l8zbsjhjfs679irc";
sha256 = "1j9478h929jm5hq2fs3v8y37a7y2hhpli90mbps7yvka4ykci7mw";
type = "gem";
};
version = "1.8.1";
version = "1.9.0";
};
}

6
pkgs/development/tools/misc/sccache/default.nix
View file

@ -8,17 +8,17 @@
}:
rustPlatform.buildRustPackage rec {
version = "0.7.7";
version = "0.8.0";
pname = "sccache";
src = fetchFromGitHub {
owner = "mozilla";
repo = "sccache";
rev = "v${version}";
sha256 = "sha256-nWSMWaz1UvjsA2V7q7WKx44G45VVaoQxteZqrKAlxY8=";
sha256 = "sha256-GKJKesvOtnZsLcYQjSsnUcolBIqqiYSX0VSZru416mk=";
};
cargoHash = "sha256-ezub+pOqNjCfH7QgjLBrYtsyYbPM3/SADLpNgPtlG+I=";
cargoHash = "sha256-GacjuBLlVawNRFutsjfywYHo34QKJHCPgi/QCPjcaAA=";
nativeBuildInputs = [
pkg-config

4
pkgs/development/tools/ocaml/dune/3.nix
View file

@ -6,11 +6,11 @@ else
stdenv.mkDerivation rec {
pname = "dune";
version = "3.15.0";
version = "3.15.1";
src = fetchurl {
url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz";
hash = "sha256-tcPRD29gSL+vVvxPCULVY4G1WvQofK+CUUh9TE55INc=";
hash = "sha256-tbeKSgLU3QiUI02/cYv/R3/Nheff3/6OzgC5oM89VHs=";
};
nativeBuildInputs = [ ocaml findlib ];

2
pkgs/kde/frameworks/extra-cmake-modules/ecm-hook.sh
View file

@ -41,7 +41,7 @@ ecmPostHook() {
cmakeFlags+=" -DKDE_INSTALL_KCONFUPDATEDIR=${!outputBin}/share/kconf_update"
cmakeFlags+=" -DKDE_INSTALL_KAPPTEMPLATESDIR=${!outputDev}/share/kdevappwizard/templates"
cmakeFlags+=" -DKDE_INSTALL_KFILETEMPLATESDIR=${!outputDev}/share/kdevfiletemplates/templates"
cmakeFlags+=" -DKDE_INSTALL_KXMLGUIDIR=${!outputBin}/share/kxmlgui6"
cmakeFlags+=" -DKDE_INSTALL_KXMLGUIDIR=${!outputBin}/share/kxmlgui5" # Yes, this needs to be 5 and not 6. Don't ask.
cmakeFlags+=" -DKDE_INSTALL_KNOTIFYRCDIR=${!outputBin}/share/knotifications6"
cmakeFlags+=" -DKDE_INSTALL_ICONDIR=${!outputBin}/share/icons"
cmakeFlags+=" -DKDE_INSTALL_LOCALEDIR=${!outputLib}/share/locale"

4
pkgs/os-specific/linux/dbus-broker/default.nix
View file

@ -40,13 +40,13 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "dbus-broker";
version = "35";
version = "36";
src = fetchFromGitHub {
owner = "bus1";
repo = "dbus-broker";
rev = "v${finalAttrs.version}";
hash = "sha256-Qwi9X5jXHiQ3TOWefzv/p7x8/JkQW1QgdYji5SpLej0=";
hash = "sha256-5dAMKjybqrHG57vArbtWEPR/svSj2ION75JrjvnnpVM=";
};
patches = [

23
pkgs/os-specific/linux/dbus-broker/disable-test.patch
View file

@ -1,11 +1,14 @@
--- b/src/meson.build
+++ a/src/meson.build
@@ -196,9 +195,6 @@
test_fdlist = executable('test-fdlist', ['util/test-fdlist.c'], dependencies: dep_bus)
test('Utility File-Desciptor Lists', test_fdlist)
-test_fs = executable('test-fs', ['util/test-fs.c'], dependencies: dep_bus)
-test('File System Helpers', test_fs)
diff --git a/src/meson.build b/src/meson.build
index 4b9bc71..221ed5c 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -202,9 +202,6 @@ test('Error Handling', test_error, suite: 'unit')
test_fdlist = executable('test-fdlist', sources: ['util/test-fdlist.c'], kwargs: test_kwargs)
test('Utility File-Desciptor Lists', test_fdlist, suite: 'unit')
-test_fs = executable('test-fs', sources: ['util/test-fs.c'], kwargs: test_kwargs)
-test('File System Helpers', test_fs, suite: 'unit')
-
test_match = executable('test-match', ['bus/test-match.c'], dependencies: dep_bus)
test('D-Bus Match Handling', test_match)
test_match = executable('test-match', sources: ['bus/test-match.c'], kwargs: test_kwargs)
test('D-Bus Match Handling', test_match, suite: 'unit')

3
pkgs/servers/misc/irrd/default.nix
View file

@ -16,7 +16,7 @@ let
sqlalchemy = prev.sqlalchemy.overridePythonAttrs (oldAttrs: rec {
version = "1.3.24";
src = fetchPypi {
inherit (oldAttrs) pname;
pname = "SQLAlchemy";
inherit version;
hash = "sha256-67t3fL+TEjWbiXv4G6ANrg9ctp+6KhgmXcwYpvXvdRk=";
};
@ -157,6 +157,7 @@ py.pkgs.buildPythonPackage rec {
license = licenses.mit;
homepage = "https://github.com/irrdnet/irrd";
maintainers = teams.wdz.members;
broken = true; # last successful build 2023-10-21
};
}

6
pkgs/tools/admin/balena-cli/default.nix
View file

@ -18,16 +18,16 @@ let
};
in buildNpmPackage' rec {
pname = "balena-cli";
version = "18.1.9";
version = "18.2.0";
src = fetchFromGitHub {
owner = "balena-io";
repo = "balena-cli";
rev = "v${version}";
hash = "sha256-yf4QkuFt5Fpegyru05S79Q3hFaLc45unxrk+SJzwWg0=";
hash = "sha256-8T+6j2wIsCn27I7V6u5bXIjjbkU2soGI3rBfIzb4IxY=";
};
npmDepsHash = "sha256-lTaKW5Tsw9df0bd/chr8nSL2PROp1sSs+fuMr3Cz+a4=";
npmDepsHash = "sha256-XTCdrb5qwyaSnxjJOGOvpn22YsoS4WNXRwFTjPXzf5U=";
postPatch = ''
ln -s npm-shrinkwrap.json package-lock.json

6
pkgs/tools/networking/shadowsocks-rust/default.nix
View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "shadowsocks-rust";
version = "1.18.2";
version = "1.18.3";
src = fetchFromGitHub {
rev = "v${version}";
owner = "shadowsocks";
repo = pname;
hash = "sha256-wbbh4IpAla3I/xgmiuzy9E9npS/PUtRFCZS4dl7JYRQ=";
hash = "sha256-eqN6Qwq+ofQ9Ed7Viz+DoJQkVTvUTo1U5rVqO1YDp2w=";
};
cargoHash = "sha256-TPW+dic9KdtGXGlcEi7YAmt442ZJRifumnrmcX8+unM=";
cargoHash = "sha256-yJ2Ql6Fo2KaZRmvRB0C14fEcVwbBbsUlcqT3vFKHn58=";
nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ];

19
pkgs/tools/security/afl/README.md
View file

@ -1,19 +0,0 @@
Updating the QEMU patches
=========================
When updating to the latest American Fuzzy Lop, make sure to check for
any new patches to qemu for binary fuzzing support:
https://github.com/google/AFL/tree/master/qemu_mode
Be sure to check the build script and make sure it's also using the
right QEMU version and options in `qemu.nix`:
https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh
`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of
the afl source code, and copied from `config.h`, `types.h` and
`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches
need to be slightly adjusted to fix their `#include`s (the patches
try to otherwise include files like `../../config.h` which causes the
build to fail).

82
pkgs/tools/security/afl/default.nix
View file

@ -1,82 +0,0 @@
{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper
, clang, llvm, which, libcgroup
}:
let
afl-qemu = callPackage ./qemu.nix { inherit afl; };
qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64"
else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386"
else throw "afl: no support for ${stdenv.hostPlatform.system}!";
afl = stdenv.mkDerivation rec {
pname = "afl";
version = "2.57b";
src = fetchFromGitHub {
owner = "google";
repo = pname;
rev = "v${version}";
sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6";
};
enableParallelBuilding = true;
# Note: libcgroup isn't needed for building, just for the afl-cgroup
# script.
nativeBuildInputs = [ makeWrapper which llvm.dev ];
buildInputs = [ llvm ];
makeFlags = [ "PREFIX=$(out)" ];
postBuild = ''
make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES
'';
postInstall = ''
# Install the custom QEMU emulator for binary blob fuzzing.
cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
# Install the cgroups wrapper for asan-based fuzzing.
cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace "cgexec" "${libcgroup}/bin/cgexec" \
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
# Patch shebangs before wrapping
patchShebangs $out/bin
# Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
# has totally different semantics in that case(?) - and also set a
# proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
# of $PATH.
# first though we need to replace the afl-clang-fast++ symlink with
# a real copy to prevent wrapProgram skipping the symlink and confusing
# nix's cc wrapper
rm $out/bin/afl-clang-fast++
cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++
for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
wrapProgram $x \
--prefix AFL_PATH : "$out/lib/afl" \
--run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}'
done
'';
passthru.qemu = afl-qemu;
meta = {
description = "Powerful fuzzer via genetic algorithms and instrumentation";
longDescription = ''
American fuzzy lop is a fuzzer that employs a novel type of
compile-time instrumentation and genetic algorithms to
automatically discover clean, interesting test cases that
trigger new internal states in the targeted binary. This
substantially improves the functional coverage for the fuzzed
code. The compact synthesized corpora produced by the tool are
also useful for seeding other, more labor or resource-intensive
testing regimes down the road.
'';
homepage = "https://lcamtuf.coredump.cx/afl/";
license = lib.licenses.asl20;
platforms = ["x86_64-linux" "i686-linux"];
maintainers = with lib.maintainers; [ thoughtpolice ris ];
};
};
in afl

35
pkgs/tools/security/afl/libdislocator.nix
View file

@ -1,35 +0,0 @@
{ lib, stdenv, afl}:
stdenv.mkDerivation {
version = lib.getVersion afl;
pname = "libdislocator";
src = afl.src;
sourceRoot = "${afl.src.name}/libdislocator";
makeFlags = [ "PREFIX=$(out)" ];
preInstall = ''
mkdir -p $out/lib/afl
'';
postInstall = ''
mkdir $out/bin
cat > $out/bin/get-libdislocator-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libdislocator.so
END
chmod +x $out/bin/get-libdislocator-so
'';
meta = with lib; {
homepage = "https://lcamtuf.coredump.cx/afl/";
description = ''
Drop-in replacement for the libc allocator which improves
the odds of bumping into heap-related security bugs in
several ways.
'';
mainProgram = "get-libdislocator-so";
license = lib.licenses.asl20;
maintainers = with maintainers; [ ris ];
};
}

13
pkgs/tools/security/afl/qemu-patches/no-etc-install.patch
View file

@ -1,13 +0,0 @@
diff --git a/Makefile b/Makefile
index d6b9dc1..ce7c493 100644
--- a/Makefile
+++ b/Makefile
@@ -601,7 +601,7 @@ install-localstatedir:
endif
-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
+install: all $(if $(BUILD_DOCS),install-doc) install-datadir
ifneq ($(TOOLS),)
$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
endif

51
pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff
View file

@ -1,51 +0,0 @@
--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100
+++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100
@@ -34,6 +34,7 @@
#include <sys/resource.h>
#include <sys/swap.h>
#include <linux/capability.h>
+#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988
#include <sched.h>
#include <sys/timex.h>
#ifdef __ia64__
@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2,
#endif
#ifdef __NR_gettid
-_syscall0(int, gettid)
+// taken from https://patchwork.kernel.org/patch/10862231/
+#define __NR_sys_gettid __NR_gettid
+_syscall0(int, sys_gettid)
#else
/* This is a replacement for the host gettid() and must return a host
errno. */
@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg)
cpu = ENV_GET_CPU(env);
thread_cpu = cpu;
ts = (TaskState *)cpu->opaque;
- info->tid = gettid();
+ info->tid = sys_gettid();
task_settid(ts);
if (info->child_tidptr)
put_user_u32(info->tid, info->child_tidptr);
@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un
mapping. We can't repeat the spinlock hack used above because
the child process gets its own copy of the lock. */
if (flags & CLONE_CHILD_SETTID)
- put_user_u32(gettid(), child_tidptr);
+ put_user_u32(sys_gettid(), child_tidptr);
if (flags & CLONE_PARENT_SETTID)
- put_user_u32(gettid(), parent_tidptr);
+ put_user_u32(sys_gettid(), parent_tidptr);
ts = (TaskState *)cpu->opaque;
if (flags & CLONE_SETTLS)
cpu_set_tls (env, newtls);
@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n
break;
#endif
case TARGET_NR_gettid:
- ret = get_errno(gettid());
+ ret = get_errno(sys_gettid());
break;
#ifdef TARGET_NR_readahead
case TARGET_NR_readahead:

77
pkgs/tools/security/afl/qemu.nix
View file

@ -1,77 +0,0 @@
{ lib, stdenv, fetchurl, afl, python2, zlib, pkg-config, glib, perl
, texinfo, libuuid, flex, bison, pixman, autoconf
}:
let
cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user"
else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user"
else throw "afl: no support for ${stdenv.hostPlatform.system}!";
in
stdenv.mkDerivation rec {
pname = "afl-qemu";
version = "2.10.0";
srcs = [
(fetchurl {
url = "https://download.qemu.org/qemu-${version}.tar.bz2";
sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy";
})
afl.src
];
sourceRoot = "qemu-${version}";
postUnpack = ''
cp ${afl.src.name}/types.h $sourceRoot/afl-types.h
substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \
--replace "types.h" "afl-types.h"
substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \
--replace "../../config.h" "afl-config.h"
substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \
--replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h"
'';
nativeBuildInputs = [
python2 perl pkg-config flex bison autoconf texinfo
];
buildInputs = [
zlib glib pixman libuuid
];
enableParallelBuilding = true;
patches = [
# patches extracted from afl source
"../${afl.src.name}/qemu_mode/patches/cpu-exec.diff"
"../${afl.src.name}/qemu_mode/patches/elfload.diff"
"../${afl.src.name}/qemu_mode/patches/syscall.diff"
"../${afl.src.name}/qemu_mode/patches/configure.diff"
"../${afl.src.name}/qemu_mode/patches/memfd.diff"
# nix-specific patches to make installation more well-behaved
./qemu-patches/no-etc-install.patch
# patch for fixing qemu build on glibc >= 2.30
./qemu-patches/syscall-glibc2_30.diff
];
configureFlags =
[ "--disable-system"
"--enable-linux-user"
"--disable-gtk"
"--disable-sdl"
"--disable-vnc"
"--disable-kvm"
"--target-list=${cpuTarget}"
"--enable-pie"
"--sysconfdir=/etc"
"--localstatedir=/var"
];
meta = with lib; {
homepage = "https://www.qemu.org/";
description = "Fork of QEMU with AFL instrumentation support";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ thoughtpolice ];
platforms = platforms.linux;
};
}

6
pkgs/tools/security/rbw/default.nix
View file

@ -25,14 +25,14 @@
rustPlatform.buildRustPackage rec {
pname = "rbw";
version = "1.9.0";
version = "1.10.0";
src = fetchzip {
url = "https://git.tozt.net/rbw/snapshot/rbw-${version}.tar.gz";
sha256 = "sha256-NjMH99rmJYbCxDdc7e0iOFoslSrIuwIBxuHxADp0Ks4=";
hash = "sha256-uJ1QLEaab/Vb5GiAmbwjve3Y/3SM2XbNTRTvl2vPDYc=";
};
cargoHash = "sha256-AH35v61FgUQe9BwDgVnXwoVTSQduxeMbXWy4ga3WU3k=";
cargoHash = "sha256-tDgkANbUmNLe3us+05gD9IS0f+RTQBXTGvuz2cr2zYY=";
nativeBuildInputs = [
installShellFiles

1
pkgs/top-level/aliases.nix
View file

@ -61,6 +61,7 @@ mapAliases ({
adtool = throw "'adtool' has been removed, as it was broken and unmaintained";
advcpmv = throw "'advcpmv' has been removed, as it is not being actively maintained and break recent coreutils."; # Added 2024-03-29
aether = throw "aether has been removed from nixpkgs; upstream unmaintained, security issues"; # Added 2023-10-03
afl = throw "afl has been removed as the upstream project was archived. Consider using 'aflplusplus'"; # Added 2024-04-21
airfield = throw "airfield has been removed due to being unmaintained"; # Added 2023-05-19
alertmanager-bot = throw "alertmanager-bot is broken and has been archived by upstream"; # Added 2023-07-28
alsa-project = throw "alsa-project was removed and its sub-attributes were promoted to top-level."; # Added 2023-11-12

8
pkgs/top-level/all-packages.nix
View file

@ -1028,8 +1028,6 @@ with pkgs;
prefetch-yarn-deps
fetchYarnDeps;
find-billy = callPackage ../games/find-billy { };
find-cursor = callPackage ../tools/X11/find-cursor { };
flare-floss = callPackage ../tools/security/flare-floss { };
@ -1614,10 +1612,6 @@ with pkgs;
afio = callPackage ../tools/archivers/afio { };
afl = callPackage ../tools/security/afl {
stdenv = clangStdenv;
};
honggfuzz = callPackage ../tools/security/honggfuzz {
clang = clang_16;
llvm = llvm_16;
@ -1632,7 +1626,7 @@ with pkgs;
ledfx = callPackage ../applications/audio/ledfx { };
libdislocator = callPackage ../tools/security/afl/libdislocator.nix { };
libdislocator = callPackage ../tools/security/aflplusplus/libdislocator.nix { };
afpfs-ng = callPackage ../tools/filesystems/afpfs-ng { };

1
pkgs/top-level/python-aliases.nix
View file

@ -57,6 +57,7 @@ mapAliases ({
Babel = babel; # added 2022-05-06
backports_csv = throw "backports_csv has been removed, since we no longer need to backport to python2"; # added 2023-07-28
backports_functools_lru_cache = throw "backports_functools_lru_cache has been removed, since we no longer need to backport to python3.2"; # added 2023-07-28
backports_shutil_get_terminal_size = backports-shutil-get-terminal-size; # added 2024-04-21
backports_tempfile = throw "backports_tempfile has been removed, since we no longer need to backport to python3.3"; # added 2023-07-28
backports_unittest-mock = throw "backports_unittest-mock has been removed, since we no longer need to backport to python3.2"; # added 2023-07-28
backports_weakref = throw "backports_weakref has been removed, since we no longer need to backport to python3.3"; # added 2023-07-28

2
pkgs/top-level/python-packages.nix
View file

@ -1352,7 +1352,7 @@ self: super: with self; {
backports-entry-points-selectable = callPackage ../development/python-modules/backports-entry-points-selectable { };
backports_shutil_get_terminal_size = callPackage ../development/python-modules/backports_shutil_get_terminal_size { };
backports-shutil-get-terminal-size = callPackage ../development/python-modules/backports-shutil-get-terminal-size { };
backports-shutil-which = callPackage ../development/python-modules/backports-shutil-which { };