cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge master into haskell-updates

Browse source
This commit is contained in:
github-actions[bot] 2022-01-28 00:07:57 +00:00 committed by GitHub
commit a64bd12236
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
65 changed files with 1231 additions and 942 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/contributing/coding-conventions.chapter.md
View file

@ -224,7 +224,7 @@ There are a few naming guidelines:
- Dashes in the package name _should_ be preserved in new variable names, rather than converted to underscores or camel cased — e.g., `http-parser` instead of `http_parser` or `httpParser`. The hyphenated style is preferred in all three package names.
- If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c-0-9` and `json-c-0-11`. If there is an obvious “default” version, make an attribute like `json-c = json-c-0-9;`. See also [](#sec-versioning)
- If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c_0_9` and `json-c_0_11`. If there is an obvious “default” version, make an attribute like `json-c = json-c_0_9;`. See also [](#sec-versioning)
## File naming and organisation {#sec-organisation}

61
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -442,13 +442,49 @@
</listitem>
<listitem>
<para>
The interface that allows activation scripts to restart units
has been reworked. Restarting and reloading is now done by a
single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
<literal>switch-to-configuration</literal> (the script that is
run when running <literal>nixos-rebuild switch</literal> for
example) has been reworked
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The interface that allows activation scripts to restart
units has been streamlined. Restarting and reloading is
now done by a single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
</listitem>
<listitem>
<para>
The script now uses a proper ini-file parser to parse
systemd units. Some values are now only searched in one
section instead of in the entire unit. This is only
relevant for units that dont use the NixOS systemd moule.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>RefuseManualStop</literal>,
<literal>X-OnlyManualStart</literal>,
<literal>X-StopOnRemoval</literal>,
<literal>X-StopOnReconfiguration</literal> are only
searched in the <literal>[Unit]</literal> section
</para>
</listitem>
<listitem>
<para>
<literal>X-ReloadIfChanged</literal>,
<literal>X-RestartIfChanged</literal>,
<literal>X-StopIfChanged</literal> are only searched
in the <literal>[Service]</literal> section
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
@ -564,6 +600,19 @@
using the PyPy interpreter were added.
</para>
</listitem>
<listitem>
<para>
If you are using Wayland you can choose to use the Ozone
Wayland support in Chrome and several Electron apps by setting
the environment variable <literal>NIXOS_OZONE_WL=1</literal>
(for example via
<literal>environment.sessionVariables.NIXOS_OZONE_WL = &quot;1&quot;</literal>).
This is not enabled by default because Ozone Wayland is still
under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron
versions.
</para>
</listitem>
<listitem>
<para>
The <literal>influxdb2</literal> package was split into

23
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -60,7 +60,7 @@ In addition to numerous new and upgraded packages, this release has the followin
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
This *only* makes a difference if you are cross-compiling and will
This _only_ makes a difference if you are cross-compiling and will
ensure that `pkgs.ghc` always runs on the host platform and compiles
for the target platform (similar to `pkgs.gcc` for example).
`haskellPackages.ghc` still behaves as before, running on the build
@ -141,7 +141,11 @@ In addition to numerous new and upgraded packages, this release has the followin
`pkgs.noto-fonts-cjk` is currently an alias of `pkgs.noto-fonts-cjk-sans` and
doesn't include serif fonts.
- The interface that allows activation scripts to restart units has been reworked. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
- `switch-to-configuration` (the script that is run when running `nixos-rebuild switch` for example) has been reworked
* The interface that allows activation scripts to restart units has been streamlined. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
* The script now uses a proper ini-file parser to parse systemd units. Some values are now only searched in one section instead of in the entire unit. This is only relevant for units that don't use the NixOS systemd moule.
* `RefuseManualStop`, `X-OnlyManualStart`, `X-StopOnRemoval`, `X-StopOnReconfiguration` are only searched in the `[Unit]` section
* `X-ReloadIfChanged`, `X-RestartIfChanged`, `X-StopIfChanged` are only searched in the `[Service]` section
- The `services.bookstack.cacheDir` option has been removed, since the
cache directory is now handled by systemd.
@ -177,7 +181,7 @@ In addition to numerous new and upgraded packages, this release has the followin
to allow users to make changes to the `nixos-rebuild build-vm` configuration
that do not apply to their normal system.
The `config.system.build.vm` attribute now always exists and defaults to the
The `config.system.build.vm` attribute now always exists and defaults to the
value from `vmVariant`. Configurations that import the `virtualisation/qemu-vm.nix`
module themselves will override this value, such that `vmVariant` is not used.
@ -189,6 +193,14 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
- If you are using Wayland you can choose to use the Ozone Wayland support
in Chrome and several Electron apps by setting the environment variable
`NIXOS_OZONE_WL=1` (for example via
`environment.sessionVariables.NIXOS_OZONE_WL = "1"`).
This is not enabled by default because Ozone Wayland is
still under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron versions.
- The `influxdb2` package was split into `influxdb2-server` and
`influxdb2-cli`, matching the split that took place upstream. A
combined `influxdb2` package is still provided in this release for
@ -240,8 +252,9 @@ In addition to numerous new and upgraded packages, this release has the followin
Plugins are automatically repackaged using autoPatchelf.
- The `zrepl` package has been updated from 0.4.0 to 0.5:
* The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
* A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
- A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- Renamed option `services.openssh.challengeResponseAuthentication` to `services.openssh.kbdInteractiveAuthentication`.
Reason is that the old name has been deprecated upstream.

2
nixos/lib/systemd-unit-options.nix
View file

@ -98,7 +98,7 @@ in rec {
description = mkOption {
default = "";
type = types.str;
type = types.singleLineStr;
description = "Description of this unit used in systemd messages and progress indicators.";
};

5
nixos/modules/services/misc/mx-puppet-discord.nix
View file

@ -79,10 +79,7 @@ in {
config = mkIf cfg.enable {
systemd.services.mx-puppet-discord = {
description = ''
mx-puppet-discord is a discord puppeting bridge for matrix.
It handles bridging private and group DMs, as well as Guilds (servers).
'';
description = "Matrix to Discord puppeting bridge";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;

15
nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix
View file

@ -25,7 +25,8 @@ in {
[ "/dev/sda", "/dev/nvme0n1" ];
'';
description = ''
Paths to disks that will be monitored.
Paths to the disks that will be monitored. Will autodiscover
all disks if none given.
'';
};
maxInterval = mkOption {
@ -41,13 +42,23 @@ in {
serviceOpts = {
serviceConfig = {
AmbientCapabilities = [
"CAP_RAW_SYSIO"
"CAP_SYS_ADMIN"
];
CapabilityBoundingSet = [
"CAP_RAW_SYSIO"
"CAP_SYS_ADMIN"
];
DevicePolicy = "closed";
DeviceAllow = lib.mkForce cfg.devices;
DeviceAllow = lib.mkOverride 100 (
if cfg.devices != [] then
cfg.devices
else [
"block-blkext rw"
"block-sd rw"
"char-nvme rw"
]
);
ExecStart = ''
${pkgs.prometheus-smartctl-exporter}/bin/smartctl_exporter -config ${configFile}
'';

5
nixos/modules/services/web-apps/nextcloud.nix
View file

@ -599,6 +599,8 @@ in {
timerConfig.Unit = "nextcloud-cron.service";
};
systemd.tmpfiles.rules = ["d ${cfg.home} 0750 nextcloud nextcloud"];
systemd.services = {
# When upgrading the Nextcloud package, Nextcloud can report errors such as
# "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly"
@ -720,8 +722,6 @@ in {
before = [ "phpfpm-nextcloud.service" ];
path = [ occ ];
script = ''
chmod og+x ${cfg.home}
${optionalString (c.dbpassFile != null) ''
if [ ! -r "${c.dbpassFile}" ]; then
echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..."
@ -814,7 +814,6 @@ in {
users.users.nextcloud = {
home = "${cfg.home}";
group = "nextcloud";
createHome = true;
isSystemUser = true;
};
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];

135
nixos/modules/system/activation/switch-to-configuration.pl
View file

@ -2,6 +2,7 @@
use strict;
use warnings;
use Config::IniFiles;
use File::Path qw(make_path);
use File::Basename;
use File::Slurp;
@ -113,26 +114,77 @@ sub parseFstab {
return ($fss, $swaps);
}
sub parseUnit {
my ($filename) = @_;
my $info = {};
parseKeyValues($info, read_file($filename)) if -f $filename;
parseKeyValues($info, read_file("${filename}.d/overrides.conf")) if -f "${filename}.d/overrides.conf";
return $info;
}
# This subroutine takes a single ini file that specified systemd configuration
# like unit configuration and parses it into a hash where the keys are the sections
# of the unit file and the values are hashes themselves. These hashes have the unit file
# keys as their keys (left side of =) and an array of all values that were set as their
# values. If a value is empty (for example `ExecStart=`), then all current definitions are
# removed.
#
# Instead of returning the hash, this subroutine takes a hashref to return the data in. This
# allows calling the subroutine multiple times with the same hash to parse override files.
sub parseSystemdIni {
my ($unitContents, $path) = @_;
# Tie the ini file to a hash for easier access
my %fileContents;
tie %fileContents, "Config::IniFiles", (-file => $path, -allowempty => 1, -allowcontinue => 1);
sub parseKeyValues {
my $info = shift;
foreach my $line (@_) {
# FIXME: not quite correct.
$line =~ /^([^=]+)=(.*)$/ or next;
$info->{$1} = $2;
# Copy over all sections
foreach my $sectionName (keys %fileContents) {
# Copy over all keys
foreach my $iniKey (keys %{$fileContents{$sectionName}}) {
# Ensure the value is an array so it's easier to work with
my $iniValue = $fileContents{$sectionName}{$iniKey};
my @iniValues;
if (ref($iniValue) eq "ARRAY") {
@iniValues = @{$iniValue};
} else {
@iniValues = $iniValue;
}
# Go over all values
for my $iniValue (@iniValues) {
# If a value is empty, it's an override that tells us to clean the value
if ($iniValue eq "") {
delete $unitContents->{$sectionName}->{$iniKey};
next;
}
push(@{$unitContents->{$sectionName}->{$iniKey}}, $iniValue);
}
}
}
return;
}
sub boolIsTrue {
my ($s) = @_;
return $s eq "yes" || $s eq "true";
# This subroutine takes the path to a systemd configuration file (like a unit configuration),
# parses it, and returns a hash that contains the contents. The contents of this hash are
# explained in the `parseSystemdIni` subroutine. Neither the sections nor the keys inside
# the sections are consistently sorted.
#
# If a directory with the same basename ending in .d exists next to the unit file, it will be
# assumed to contain override files which will be parsed as well and handled properly.
sub parseUnit {
my ($unitPath) = @_;
# Parse the main unit and all overrides
my %unitData;
parseSystemdIni(\%unitData, $_) for glob("${unitPath}{,.d/*.conf}");
return %unitData;
}
# Checks whether a specified boolean in a systemd unit is true
# or false, with a default that is applied when the value is not set.
sub parseSystemdBool {
my ($unitConfig, $sectionName, $boolName, $default) = @_;
my @values = @{$unitConfig->{$sectionName}{$boolName} // []};
# Return default if value is not set
if (scalar @values lt 1 || not defined $values[-1]) {
return $default;
}
# If value is defined multiple times, use the last definition
my $last = $values[-1];
# These are valid values as of systemd.syntax(7)
return $last eq "1" || $last eq "yes" || $last eq "true" || $last eq "on";
}
sub recordUnit {
@ -167,17 +219,17 @@ sub handleModifiedUnit {
# Revert of the attempt: https://github.com/NixOS/nixpkgs/pull/147609
# More details: https://github.com/NixOS/nixpkgs/issues/74899#issuecomment-981142430
} else {
my $unitInfo = parseUnit($newUnitFile);
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
my %unitInfo = parseUnit($newUnitFile);
if (parseSystemdBool(\%unitInfo, "Service", "X-ReloadIfChanged", 0)) {
$unitsToReload->{$unit} = 1;
recordUnit($reloadListFile, $unit);
}
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
elsif (!parseSystemdBool(\%unitInfo, "Service", "X-RestartIfChanged", 1) || parseSystemdBool(\%unitInfo, "Unit", "RefuseManualStop", 0) || parseSystemdBool(\%unitInfo, "Unit", "X-OnlyManualStart", 0)) {
$unitsToSkip->{$unit} = 1;
} else {
# It doesn't make sense to stop and start non-services because
# they can't have ExecStop=
if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) {
if (!parseSystemdBool(\%unitInfo, "Service", "X-StopIfChanged", 1) || $unit !~ /\.service$/) {
# This unit should be restarted instead of
# stopped and started.
$unitsToRestart->{$unit} = 1;
@ -188,7 +240,7 @@ sub handleModifiedUnit {
# socket(s) instead of the service.
my $socketActivated = 0;
if ($unit =~ /\.service$/) {
my @sockets = split / /, ($unitInfo->{Sockets} // "");
my @sockets = split(/ /, join(" ", @{$unitInfo{Service}{Sockets} // []}));
if (scalar @sockets == 0) {
@sockets = ("$baseName.socket");
}
@ -254,12 +306,12 @@ while (my ($unit, $state) = each %{$activePrev}) {
if (-e $prevUnitFile && ($state->{state} eq "active" || $state->{state} eq "activating")) {
if (! -e $newUnitFile || abs_path($newUnitFile) eq "/dev/null") {
my $unitInfo = parseUnit($prevUnitFile);
$unitsToStop{$unit} = 1 if boolIsTrue($unitInfo->{'X-StopOnRemoval'} // "yes");
my %unitInfo = parseUnit($prevUnitFile);
$unitsToStop{$unit} = 1 if parseSystemdBool(\%unitInfo, "Unit", "X-StopOnRemoval", 1);
}
elsif ($unit =~ /\.target$/) {
my $unitInfo = parseUnit($newUnitFile);
my %unitInfo = parseUnit($newUnitFile);
# Cause all active target units to be restarted below.
# This should start most changed units we stop here as
@ -268,7 +320,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
# active after the system has resumed, which probably
# should not be the case. Just ignore it.
if ($unit ne "suspend.target" && $unit ne "hibernate.target" && $unit ne "hybrid-sleep.target") {
unless (boolIsTrue($unitInfo->{'RefuseManualStart'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
unless (parseSystemdBool(\%unitInfo, "Unit", "RefuseManualStart", 0) || parseSystemdBool(\%unitInfo, "Unit", "X-OnlyManualStart", 0)) {
$unitsToStart{$unit} = 1;
recordUnit($startListFile, $unit);
# Don't spam the user with target units that always get started.
@ -287,7 +339,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
# Stopping a target generally has no effect on other units
# (unless there is a PartOf dependency), so this is just a
# bookkeeping thing to get systemd to do the right thing.
if (boolIsTrue($unitInfo->{'X-StopOnReconfiguration'} // "no")) {
if (parseSystemdBool(\%unitInfo, "Unit", "X-StopOnReconfiguration", 0)) {
$unitsToStop{$unit} = 1;
}
}
@ -546,33 +598,36 @@ my $activeNew = getActiveUnits;
while (my ($unit, $state) = each %{$activeNew}) {
if ($state->{state} eq "failed") {
push @failed, $unit;
next;
}
elsif ($state->{state} eq "auto-restart") {
# A unit in auto-restart state is a failure *if* it previously failed to start
my $lines = `@systemd@/bin/systemctl show '$unit'`;
my $info = {};
parseKeyValues($info, split("\n", $lines));
if ($info->{ExecMainStatus} ne '0') {
if ($state->{substate} eq "auto-restart") {
# A unit in auto-restart substate is a failure *if* it previously failed to start
my $main_status = `@systemd@/bin/systemctl show --value --property=ExecMainStatus '$unit'`;
chomp($main_status);
if ($main_status ne "0") {
push @failed, $unit;
next;
}
}
# Ignore scopes since they are not managed by this script but rather
# created and managed by third-party services via the systemd dbus API.
elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/) {
# This only lists units that are not failed (including ones that are in auto-restart but have not failed previously)
if ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/msx) {
push @new, $unit;
}
}
print STDERR "the following new units were started: ", join(", ", sort(@new)), "\n"
if scalar @new > 0;
if (scalar @new > 0) {
print STDERR "the following new units were started: ", join(", ", sort(@new)), "\n"
}
if (scalar @failed > 0) {
print STDERR "warning: the following units failed: ", join(", ", sort(@failed)), "\n";
foreach my $unit (@failed) {
print STDERR "\n";
system("COLUMNS=1000 @systemd@/bin/systemctl status --no-pager '$unit' >&2");
}
my @failed_sorted = sort @failed;
print STDERR "warning: the following units failed: ", join(", ", @failed_sorted), "\n\n";
system "@systemd@/bin/systemctl status --no-pager --full '" . join("' '", @failed_sorted) . "' >&2";
$res = 4;
}

2
nixos/modules/system/activation/top-level.nix
View file

@ -117,7 +117,7 @@ let
configurationName = config.boot.loader.grub.configurationName;
# Needed by switch-to-configuration.
perl = pkgs.perl.withPackages (p: with p; [ FileSlurp NetDBus XMLParser XMLTwig ]);
perl = pkgs.perl.withPackages (p: with p; [ FileSlurp NetDBus XMLParser XMLTwig ConfigIniFiles ]);
};
# Handle assertions and warnings

1
nixos/tests/installed-tests/flatpak.nix
View file

@ -6,6 +6,7 @@ makeInstalledTest {
testConfig = {
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
services.flatpak.enable = true;
environment.systemPackages = with pkgs; [ gnupg ostree python3 ];
virtualisation.memorySize = 2047;

79
nixos/tests/switch-test.nix
View file

@ -45,6 +45,31 @@ import ./make-test-python.nix ({ pkgs, ...} : {
systemd.services.test.restartIfChanged = false;
};
simpleServiceFailing.configuration = {
imports = [ simpleServiceModified.configuration ];
systemd.services.test.serviceConfig.ExecStart = lib.mkForce "${pkgs.coreutils}/bin/false";
};
autorestartService.configuration = {
# A service that immediately goes into restarting (but without failing)
systemd.services.autorestart = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "20y"; # Should be long enough
ExecStart = "${pkgs.coreutils}/bin/true";
};
};
};
autorestartServiceFailing.configuration = {
imports = [ autorestartService.configuration ];
systemd.services.autorestart.serviceConfig = {
ExecStart = lib.mkForce "${pkgs.coreutils}/bin/false";
};
};
restart-and-reload-by-activation-script.configuration = {
systemd.services = rec {
simple-service = {
@ -189,12 +214,13 @@ import ./make-test-python.nix ({ pkgs, ...} : {
exec env -i "$@" | tee /dev/stderr
'';
in /* python */ ''
def switch_to_specialisation(system, name, action="test"):
def switch_to_specialisation(system, name, action="test", fail=False):
if name == "":
stc = f"{system}/bin/switch-to-configuration"
else:
stc = f"{system}/specialisation/{name}/bin/switch-to-configuration"
out = machine.succeed(f"{stc} {action} 2>&1")
out = machine.fail(f"{stc} {action} 2>&1") if fail \
else machine.succeed(f"{stc} {action} 2>&1")
assert_lacks(out, "switch-to-configuration line") # Perl warnings
return out
@ -305,7 +331,56 @@ import ./make-test-python.nix ({ pkgs, ...} : {
assert_lacks(out, "as well:")
assert_contains(out, "would start the following units: test.service\n")
with subtest("failing units"):
# Let the simple service fail
switch_to_specialisation("${machine}", "simpleServiceModified")
out = switch_to_specialisation("${machine}", "simpleServiceFailing", fail=True)
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_contains(out, "\nstarting the following units: test.service\n")
assert_lacks(out, "the following new units were started:")
assert_contains(out, "warning: the following units failed: test.service\n")
assert_contains(out, "Main PID:") # output of systemctl
assert_lacks(out, "as well:")
# A unit that gets into autorestart without failing is not treated as failed
out = switch_to_specialisation("${machine}", "autorestartService")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_contains(out, "the following new units were started: autorestart.service\n")
assert_lacks(out, "as well:")
machine.systemctl('stop autorestart.service') # cancel the 20y timer
# Switching to the same system should do nothing (especially not treat the unit as failed)
out = switch_to_specialisation("${machine}", "autorestartService")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_contains(out, "the following new units were started: autorestart.service\n")
assert_lacks(out, "as well:")
machine.systemctl('stop autorestart.service') # cancel the 20y timer
# If systemd thinks the unit has failed and is in autorestart, we should show it as failed
out = switch_to_specialisation("${machine}", "autorestartServiceFailing", fail=True)
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_contains(out, "warning: the following units failed: autorestart.service\n")
assert_contains(out, "Main PID:") # output of systemctl
assert_lacks(out, "as well:")
with subtest("restart and reload by activation script"):
switch_to_specialisation("${machine}", "simpleServiceNorestart")
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")

9
nixos/tests/vscodium.nix
View file

@ -3,11 +3,10 @@ let
wayland = { pkgs, ... }: {
imports = [ ./common/wayland-cage.nix ];
services.cage.program = ''
${pkgs.vscodium}/bin/codium \
--enable-features=UseOzonePlatform \
--ozone-platform=wayland
'';
services.cage.program = "${pkgs.vscodium}/bin/codium";
environment.variables.NIXOS_OZONE_WL = "1";
environment.variables.DISPLAY = "do not use";
fonts.fonts = with pkgs; [ dejavu_fonts ];
};

6
pkgs/applications/audio/spot/default.nix
View file

@ -21,19 +21,19 @@
stdenv.mkDerivation rec {
pname = "spot";
version = "0.3.0";
version = "0.3.1";
src = fetchFromGitHub {
owner = "xou816";
repo = "spot";
rev = version;
hash = "sha256-An9PJsuXZkvJhP67cisWxFd2dpky53EY/xcR6StgWFY=";
hash = "sha256-uZzylK9imEazwC/ogsDO8ZBvByE5/SNSV+mIlp7Z9Ww=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-2qMmPIBoZS6WT06VzCmnYWaIfLzWN2HUvk7y9GKuuXg=";
hash = "sha256-v5xdlsI6OlEpCYOTFePTyI8BkIrAwT6FR2JwiRTGgOA=";
};
nativeBuildInputs = [

1
pkgs/applications/editors/vscode/generic.nix
View file

@ -108,6 +108,7 @@ let
gappsWrapperArgs+=(
# Add gio to PATH so that moving files to the trash works when not using a desktop environment
--prefix PATH : ${glib.bin}/bin
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
)
'';

3
pkgs/applications/networking/browsers/chromium/default.nix
View file

@ -183,7 +183,8 @@ in stdenv.mkDerivation {
mkdir -p "$out/bin"
eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)}
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
ed -v -s "$out/bin/chromium" << EOF
2i

786
pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
View file

File diff suppressed because it is too large Load diff

8
pkgs/applications/networking/browsers/firefox/packages.nix
View file

@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
version = "96.0.2";
version = "96.0.3";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "5ceb1f023a9217c6a9c08b6525882d4091f989859cf209cc1d0ea22c846d05a967e1c47102ae052f7a5029d18118a558dd96da00437ee2c6fbf2896caf99d9dd";
sha512 = "3dd5fbc96e369d5f4fb3eca778c2bd3e2313d089f867de9fac3556810a797e9b5629ef1b8840fb2f22a18df7de95ea1993eee052f691d861a555cea544b05966";
};
meta = {
@ -32,10 +32,10 @@ rec {
firefox-esr-91 = common rec {
pname = "firefox-esr";
version = "91.5.0esr";
version = "91.5.1esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "1712415b6b73c6a21edfefc39eaba5fcbbca54032f78627c0005d291501d16ef4daffb8b9a160d1d5361113ceba04eb5ddb21d903e3dd8d58838aa9596f2d781";
sha512 = "26239e7a94b79f1e24a6667d7cf1c398d75992e8850144affbc5d3f34f04b91f0c9b020cab662b2cd4927924839ff2ddd2f3605c537bb5494fd9ac0d951b14fa";
};
meta = {

5
pkgs/applications/networking/browsers/google-chrome/default.nix
View file

@ -142,8 +142,9 @@ in stdenv.mkDerivation {
makeWrapper "$out/share/google/$appname/google-$appname" "$exe" \
--prefix LD_LIBRARY_PATH : "$rpath" \
--prefix PATH : "$binpath" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH:${addOpenGLRunpath.driverLink}/share" \
--add-flags ${escapeShellArg commandLineArgs}
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--add-flags ${escapeShellArg commandLineArgs} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
for elf in $out/share/google/$appname/{chrome,chrome-sandbox,${crashpadHandlerBinary},nacl_helper}; do
patchelf --set-rpath $rpath $elf

1
pkgs/applications/networking/instant-messengers/discord/linux.nix
View file

@ -80,6 +80,7 @@ stdenv.mkDerivation rec {
wrapProgram $out/opt/${binaryName}/${binaryName} \
"''${gappsWrapperArgs[@]}" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" \
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \
--prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/${binaryName}

5
pkgs/applications/networking/instant-messengers/element/element-desktop.nix
View file

@ -12,8 +12,6 @@
, Security
, AppKit
, CoreServices
, useWayland ? false
}:
let
@ -82,7 +80,8 @@ mkYarnPackage rec {
# LD_PRELOAD workaround for sqlcipher not found: https://github.com/matrix-org/seshat/issues/102
makeWrapper '${electron_exec}' "$out/bin/${executableName}" \
--set LD_PRELOAD ${sqlcipher}/lib/libsqlcipher.so \
--add-flags "$out/share/element/electron${lib.optionalString useWayland " --enable-features=UseOzonePlatform --ozone-platform=wayland"}"
--add-flags "$out/share/element/electron" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
'';
# Do not attempt generating a tarball for element-web again.

31
pkgs/applications/networking/instant-messengers/schildichat/schildichat-desktop.nix
View file

@ -7,13 +7,13 @@
, makeDesktopItem
, copyDesktopItems
, fetchYarnDeps
, yarn, nodejs, fixup_yarn_lock
, yarn
, nodejs
, fixup_yarn_lock
, electron
, Security
, AppKit
, CoreServices
, useWayland ? false
}:
let
@ -88,7 +88,8 @@ stdenv.mkDerivation rec {
# executable wrapper
makeWrapper '${electron_exec}' "$out/bin/${executableName}" \
--add-flags "$out/share/element/electron${lib.optionalString useWayland " --enable-features=UseOzonePlatform --ozone-platform=wayland"}"
--add-flags "$out/share/element/electron" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
runHook postInstall
'';
@ -101,17 +102,17 @@ stdenv.mkDerivation rec {
# https://github.com/schildichat/element-desktop/blob/sc/package.json
desktopItems = [
(makeDesktopItem {
name = "schildichat-desktop";
exec = "${executableName} %u";
icon = "schildichat";
desktopName = "SchildiChat";
genericName = "Matrix Client";
comment = meta.description;
categories = "Network;InstantMessaging;Chat;";
extraEntries = ''
StartupWMClass=schildichat
MimeType=x-scheme-handler/element;
'';
name = "schildichat-desktop";
exec = "${executableName} %u";
icon = "schildichat";
desktopName = "SchildiChat";
genericName = "Matrix Client";
comment = meta.description;
categories = "Network;InstantMessaging;Chat;";
extraEntries = ''
StartupWMClass=schildichat
MimeType=x-scheme-handler/element;
'';
})
];

5
pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
View file

@ -24,7 +24,7 @@ let
in stdenv.mkDerivation rec {
pname = "signal-desktop";
version = "5.27.1"; # Please backport all updates to the stable channel.
version = "5.29.1"; # Please backport all updates to the stable channel.
# All releases have a limited lifetime and "expire" 90 days after the release.
# When releases "expire" the application becomes unusable until an update is
# applied. The expiration date for the current release can be extracted with:
@ -34,7 +34,7 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb";
sha256 = "0z0v7q0rpxdx7ic78jv7wp1hq8nrfp51jjdr6d85x0hsfdj0z1mc";
sha256 = "1a56mnmv0lnizmd4dl8fya3mdsy0jy5qr5bqb72m9cipq0069alc";
};
nativeBuildInputs = [
@ -123,6 +123,7 @@ in stdenv.mkDerivation rec {
gappsWrapperArgs+=(
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc ] }"
${customLanguageWrapperArgs}
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
)
# Fix the desktop link

5
pkgs/applications/networking/instant-messengers/slack/default.nix
View file

@ -84,7 +84,7 @@ let
homepage = "https://slack.com";
license = licenses.unfree;
maintainers = with maintainers; [ mmahut ];
platforms = [ "x86_64-darwin" "x86_64-linux" "aarch64-darwin"];
platforms = [ "x86_64-darwin" "x86_64-linux" "aarch64-darwin" ];
};
linux = stdenv.mkDerivation rec {
@ -170,7 +170,8 @@ let
rm $out/bin/slack
makeWrapper $out/lib/slack/slack $out/bin/slack \
--prefix XDG_DATA_DIRS : $GSETTINGS_SCHEMAS_PATH \
--prefix PATH : ${lib.makeBinPath [xdg-utils]}
--prefix PATH : ${lib.makeBinPath [xdg-utils]} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
# Fix the desktop link
substituteInPlace $out/share/applications/slack.desktop \

8
pkgs/development/haskell-modules/configuration-nix.nix
View file

@ -972,11 +972,11 @@ self: super: builtins.intersectAttrs super {
rel8 = addTestToolDepend pkgs.postgresql super.rel8;
cachix = generateOptparseApplicativeCompletion "cachix" (super.cachix.override { nix = pkgs.nix_2_4; });
cachix = generateOptparseApplicativeCompletion "cachix" (super.cachix.override { nix = pkgs.nixVersions.nix_2_4; });
hercules-ci-agent = appendConfigureFlag "-fnix-2_4" (super.hercules-ci-agent.override { nix = pkgs.nix_2_4; });
hercules-ci-cnix-expr = appendConfigureFlag "-fnix-2_4" (super.hercules-ci-cnix-expr.override { nix = pkgs.nix_2_4; });
hercules-ci-cnix-store = appendConfigureFlag "-fnix-2_4" (super.hercules-ci-cnix-store.override { nix = pkgs.nix_2_4; });
hercules-ci-agent = appendConfigureFlag "-fnix-2_4" (super.hercules-ci-agent.override { nix = pkgs.nixVersions.nix_2_4; });
hercules-ci-cnix-expr = appendConfigureFlag "-fnix-2_4" (super.hercules-ci-cnix-expr.override { nix = pkgs.nixVersions.nix_2_4; });
hercules-ci-cnix-store = appendConfigureFlag "-fnix-2_4" (super.hercules-ci-cnix-store.override { nix = pkgs.nixVersions.nix_2_4; });
# Enable extra optimisations which increase build time, but also
# later compiler performance, so we should do this for user's benefit.

15
pkgs/development/libraries/boehm-gc/default.nix
View file

@ -1,9 +1,7 @@
{ lib, stdenv, fetchurl
, autoreconfHook
, enableLargeConfig ? false # doc: https://github.com/ivmai/bdwgc/blob/v8.0.6/doc/README.macros (LARGE_CONFIG)
, nix
, nix_2_3
, nixUnstable
, nixVersions
}:
stdenv.mkDerivation rec {
@ -39,16 +37,7 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
passthru = {
tests = {
# Assuming this package is picked up by these packages as expected.
inherit
nix
nixUnstable
nix_2_3
;
};
};
passthru.tests = nixVersions;
meta = {
description = "The Boehm-Demers-Weiser conservative garbage collector for C and C++";

12
pkgs/development/libraries/flatpak/default.nix
View file

@ -1,6 +1,5 @@
{ lib, stdenv
, fetchurl
, fetchpatch
, autoreconfHook
, docbook_xml_dtd_45
, docbook-xsl-nons
@ -54,14 +53,14 @@
stdenv.mkDerivation rec {
pname = "flatpak";
version = "1.12.2";
version = "1.12.4";
# TODO: split out lib once we figure out what to do with triggerdir
outputs = [ "out" "dev" "man" "doc" "devdoc" "installedTests" ];
src = fetchurl {
url = "https://github.com/flatpak/flatpak/releases/download/${version}/${pname}-${version}.tar.xz";
sha256 = "df1eb464f9142c11627f99f04f6a5c02c868bbb145489b8902cb6c105e774b75"; # Taken from https://github.com/flatpak/flatpak/releases/
sha256 = "792e6265f7f6d71b2a087028472a048287bed2587e43d2eec2c31d360c16211c"; # Taken from https://github.com/flatpak/flatpak/releases/
};
patches = [
@ -97,13 +96,6 @@ stdenv.mkDerivation rec {
# But we want the GDK_PIXBUF_MODULE_FILE from the wrapper affect the icon validator.
./validate-icon-pixbuf.patch
# Tests don't respect the FLATPAK_BINARY override that was added, this is a workaround.
# https://github.com/flatpak/flatpak/pull/4496 (Can be removed once included).
(fetchpatch {
url = "https://github.com/flatpak/flatpak/commit/96dbe28cfa96e80b23fa1d8072eb36edad41279c.patch";
sha256 = "1jczk06ymfs98h3nsg245g0jwxvml7wg2x6pb7mrfpsdmrpz2czd";
})
];
nativeBuildInputs = [

4
pkgs/development/libraries/libosmium/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "libosmium";
version = "2.17.2";
version = "2.17.3";
src = fetchFromGitHub {
owner = "osmcode";
repo = "libosmium";
rev = "v${version}";
sha256 = "sha256-+WeEK7rWoUPAiAsgd5qT2bwDf+5IlP4uuyh7+i2L/HU=";
sha256 = "sha256-XpC5gb19jPakYS3QSgOU6WnGad+VEoEtxyT38d9Beug=";
};
nativeBuildInputs = [ cmake ];

18
pkgs/development/libraries/mysocketw/default.nix
View file

@ -1,15 +1,17 @@
{ lib, stdenv, fetchurl, openssl }:
{ lib, stdenv, fetchFromGitHub, openssl, cmake }:
stdenv.mkDerivation rec {
pname = "mysocketw";
version = "031026";
src = fetchurl {
url = "https://www.digitalfanatics.org/cal/socketw/files/SocketW${version}.tar.gz";
sha256 = "0crinikhdl7xihzmc3k3k41pgxy16d5ci8m9sza1lbibns7pdwj4";
version = "3.10.27";
src = fetchFromGitHub {
owner = "RigsOfRods";
repo = "socketw";
rev = version;
sha256 = "0xqcgwb1lyc2d8834sq5adbmggyn6vvb26jw20862sxa15j0qfd4";
};
patches = [ ./gcc.patch ];
nativeBuildInputs = [ cmake ];
buildInputs = [ openssl ];
postPatch = lib.optionalString stdenv.isDarwin ''
@ -17,8 +19,6 @@ stdenv.mkDerivation rec {
--replace -Wl,-soname, -Wl,-install_name,$out/lib/
'';
makeFlags = [ "PREFIX=$(out)" "CXX=${stdenv.cc.targetPrefix}c++" ];
meta = {
description = "Cross platform (Linux/FreeBSD/Unix/Win32) streaming socket C++";
license = lib.licenses.lgpl21Plus;

10
pkgs/development/libraries/poco/default.nix
View file

@ -3,19 +3,19 @@
stdenv.mkDerivation rec {
pname = "poco";
version = "1.10.1";
version = "1.11.1";
src = fetchurl {
url = "https://pocoproject.org/releases/${pname}-${version}/${pname}-${version}-all.tar.gz";
sha256 = "1jilzh0h6ik5lr167nax7q6nrpzxl99p11pkl202ig06pgh32nbz";
sha256 = "sha256-MczOYCAEcnAAO/tbDafirUMohMI9PNUJyG9HzzpeXSo=";
};
patches = [
# Use GNUInstallDirs (https://github.com/pocoproject/poco/pull/3105)
# Use GNUInstallDirs (https://github.com/pocoproject/poco/pull/3503)
(fetchpatch {
name = "use-gnuinstalldirs.patch";
url = "https://github.com/pocoproject/poco/commit/9e8f84dff4575f01be02e0b07364efd1561ce66c.patch";
sha256 = "1bj4i93gxr7pwx33bfyhg20ad4ak1rbxkrlpsgzk7rm6mh0mld26";
url = "https://github.com/pocoproject/poco/commit/16a2a74f6c28c6e6baca2ba26b4964b51d8a1b74.patch";
sha256 = "sha256-mkemG8UemJEUQxae1trKakhnJFJW0AufDYFAbmnINbY=";
# Files not included in release tarball
excludes = [
"Encodings/Compiler/CMakeLists.txt"

5
pkgs/development/libraries/qt-5/5.12/default.nix
View file

@ -108,6 +108,11 @@ let
url = "https://github.com/qtwebkit/qtwebkit/pull/1058/commits/5b698ba3faffd4e198a45be9fe74f53307395e4b.patch";
sha256 = "0a3xv0h4lv8wggckgy8cg8xnpkg7n9h45312pdjdnnwy87xvzss0";
})
(fetchpatch {
name = "qtwebkit-darwin-handle.patch";
url = "https://github.com/qtwebkit/qtwebkit/commit/5c272a21e621a66862821d3ae680f27edcc64c19.patch";
sha256 = "9hjqLyABz372QDgoq7nXXXQ/3OXBGcYN1/92ekcC3WE=";
})
./qtwebkit.patch
./qtwebkit-icu68.patch

5
pkgs/development/libraries/qt-5/5.14/default.nix
View file

@ -108,6 +108,11 @@ let
url = "https://github.com/qtwebkit/qtwebkit/pull/1058/commits/5b698ba3faffd4e198a45be9fe74f53307395e4b.patch";
sha256 = "0a3xv0h4lv8wggckgy8cg8xnpkg7n9h45312pdjdnnwy87xvzss0";
})
(fetchpatch {
name = "qtwebkit-darwin-handle.patch";
url = "https://github.com/qtwebkit/qtwebkit/commit/5c272a21e621a66862821d3ae680f27edcc64c19.patch";
sha256 = "9hjqLyABz372QDgoq7nXXXQ/3OXBGcYN1/92ekcC3WE=";
})
./qtwebkit.patch
./qtwebkit-icu68.patch
] ++ lib.optionals stdenv.isDarwin [

5
pkgs/development/libraries/qt-5/5.15/default.nix
View file

@ -71,6 +71,11 @@ let
url = "https://github.com/qtwebkit/qtwebkit/pull/1058/commits/5b698ba3faffd4e198a45be9fe74f53307395e4b.patch";
sha256 = "0a3xv0h4lv8wggckgy8cg8xnpkg7n9h45312pdjdnnwy87xvzss0";
})
(fetchpatch {
name = "qtwebkit-darwin-handle.patch";
url = "https://github.com/qtwebkit/qtwebkit/commit/5c272a21e621a66862821d3ae680f27edcc64c19.patch";
sha256 = "9hjqLyABz372QDgoq7nXXXQ/3OXBGcYN1/92ekcC3WE=";
})
./qtwebkit.patch
./qtwebkit-icu68.patch
] ++ lib.optionals stdenv.isDarwin [

4
pkgs/development/libraries/smooth/default.nix
View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "smooth";
version = "0.9.8";
version = "0.9.9";
src = fetchFromGitHub {
owner = "enzo1982";
repo = "smooth";
rev = "v${version}";
sha256 = "sha256-4092Od/wCWe4br80Ry6mr8GpUIUeeF6sk3unELdfQJU=";
sha256 = "sha256-30qVXK54SDL2+ZPbTINZix4Ax1iOMg2WLeEDyAr77Og=";
};
nativeBuildInputs = [

19
pkgs/development/php-packages/ds/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ buildPecl, lib, pcre2, php }:
buildPecl {
pname = "ds";
version = "1.4.0";
sha256 = "1vwk5d27zd746767l8cvbcdr8r70v74vw0im38mlw1g85mc31fd9";
buildInputs = [ pcre2 ];
internalDeps = lib.optionals (lib.versionOlder php.version "8.0") [ php.extensions.json ];
meta = with lib; {
description = "An extension providing efficient data structures for PHP";
license = licenses.mit;
homepage = "https://github.com/php-ds/ext-ds";
maintainers = teams.php.members;
};
}

4
pkgs/development/python-modules/azure-mgmt-applicationinsights/default.nix
View file

@ -11,12 +11,12 @@
buildPythonPackage rec {
pname = "azure-mgmt-applicationinsights";
version = "2.0.0";
version = "2.1.0";
src = fetchPypi {
inherit pname version;
extension = "zip";
sha256 = "c5f831ff09573247579c0dabe7854324620d176143b28cc4ef2e71ca49791dcc";
sha256 = "68deed8ee884dd0b9631804e8b9c65fcd94e8e01c7218beae96a9fe557d7a0d7";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/mautrix/default.nix
View file

@ -4,11 +4,11 @@
buildPythonPackage rec {
pname = "mautrix";
version = "0.14.5";
version = "0.14.6";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-dh3uQUBEMqtlrOpnO5Aa7GC5gajwQ12rWyVPwX6xIsQ=";
sha256 = "46a87a8ee9e45e90c72e17ebb75190073e773f0890cfde7b81b0a36e15caec5d";
};
propagatedBuildInputs = [

13
pkgs/development/python-modules/objax/default.nix
View file

@ -7,7 +7,7 @@
, parameterized
, pillow
, scipy
, tensorflow-tensorboard_2 ? null
, tensorflow-tensorboard
}:
buildPythonPackage rec {
@ -21,14 +21,19 @@ buildPythonPackage rec {
sha256 = "09gm61ghn5mi92q5mhx22mcv6aa6z78jsrnfar1hd3nwwyn9dq42";
};
# Avoid propagating the dependency on `jaxlib`, see
# https://github.com/NixOS/nixpkgs/issues/156767
buildInputs = [
jaxlib
];
propagatedBuildInputs = [
jax
jaxlib
numpy
parameterized
pillow
scipy
tensorflow-tensorboard_2
tensorflow-tensorboard
];
pythonImportsCheck = [
@ -40,7 +45,5 @@ buildPythonPackage rec {
homepage = "https://github.com/google/objax";
license = licenses.asl20;
maintainers = with maintainers; [ ndl ];
# Darwin doesn't have `tensorflow-tensorboard_2` which is required by wheel deps.
platforms = [ "aarch64-linux" "x86_64-linux" ];
};
}

4
pkgs/development/python-modules/sagemaker/default.nix
View file

@ -17,14 +17,14 @@
buildPythonPackage rec {
pname = "sagemaker";
version = "2.73.0";
version = "2.74.0";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
sha256 = "6735874a29aefc1e989a132a2e24945e5b0d057d8b297a2da695cf8421a78810";
sha256 = "14215f5077151a7f32ca048ff7fad63c977d7cdeadc93d93c8957efbe3c89ba6";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/sqlite-utils/default.nix
View file

@ -14,12 +14,12 @@
buildPythonPackage rec {
pname = "sqlite-utils";
version = "3.22";
version = "3.22.1";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
sha256 = "24803ea4d63e2123d2040db2da43fea95fabada80e1af1fe1da69643ae376689";
sha256 = "35ebb4f7e2b09f1818b36e7da6dc62f1ca57e2c0d99a9cbc8151e634d75a7906";
};
propagatedBuildInputs = [

8
pkgs/development/tools/flatpak-builder/default.nix
View file

@ -47,13 +47,13 @@ let
installed_test_metadir = "${placeholder "installedTests"}/share/installed-tests/flatpak-builder";
in stdenv.mkDerivation rec {
pname = "flatpak-builder";
version = "1.2.0";
version = "1.2.2";
outputs = [ "out" "doc" "man" "installedTests" ];
src = fetchurl {
url = "https://github.com/flatpak/flatpak-builder/releases/download/${version}/${pname}-${version}.tar.xz";
sha256 = "sha256-38tqPKONYeB3W3CkaatQUoXhKTYUYt8JAE5tQlHCRqg=";
sha256 = "sha256-if2mjlN8Hp3gI1JpC9icMhenKRZFWNNfNbCPea2E4D4=";
};
patches = [
@ -87,10 +87,6 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [
autoreconfHook
# TODO: Remove older versions.
# https://github.com/flatpak/flatpak-builder/pull/437
docbook_xml_dtd_412
docbook_xml_dtd_42
docbook_xml_dtd_43
docbook_xsl
gettext

4
pkgs/development/tools/misc/hydra/default.nix
View file

@ -1,4 +1,4 @@
{ fetchFromGitHub, nixStable, callPackage, nixUnstable, nixosTests }:
{ fetchFromGitHub, callPackage, nixVersions, nixosTests }:
{
hydra-unstable = callPackage ./common.nix {
@ -9,7 +9,7 @@
rev = "9bce425c3304173548d8e822029644bb51d35263";
sha256 = "sha256-tGzwKNW/odtAYcazWA9bPVSmVXMGKfXsqCA1UYaaxmU=";
};
nix = nixUnstable;
nix = nixVersions.unstable;
tests = {
basic = nixosTests.hydra.hydra-unstable;

4
pkgs/os-specific/linux/kernel/linux-4.14.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.14.262";
version = "4.14.263";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "05yl51r5n3q9l8pq6azx3bbl69l79lk8vkdivy3cvgzdh59pizac";
sha256 = "0bn17p1mmkc37bqv7bvksli4xpyp660mbcjm6jmh6k348i1bfwqf";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.19.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.19.225";
version = "4.19.226";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "15k7b04zx5ggfjagp8sfrylr9xgwgz3hb2bygdml7ka1jnbv76jb";
sha256 = "1b9qvl994n09708sql3q3g5l3xq2hxam83fnws5asd8mdnk7i7wk";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.4.nix
View file

@ -1,12 +1,12 @@
{ buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
buildLinux (args // rec {
version = "4.4.299";
version = "4.4.300";
extraMeta.branch = "4.4";
extraMeta.broken = stdenv.isAarch64;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "019hmplv1zhghl840qky9awziba3gx7jm80khny44gjfbyzf7d4v";
sha256 = "19mpqg48yi7qm1a2mncqax7pj42accryj6yrkbywd7kj4q0b64kg";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.9.nix
View file

@ -1,12 +1,12 @@
{ buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
buildLinux (args // rec {
version = "4.9.297";
version = "4.9.298";
extraMeta.branch = "4.9";
extraMeta.broken = stdenv.isAarch64;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "17yqnr6p0prgcw8nikjmi49ll4s77ylaixcja5m15cq9x36shfz4";
sha256 = "0nrhjqn6bfp9h5dc7yacgkbfvfdhlks8ph4dzqyfjljmx9cf95ym";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.10.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.10.93";
version = "5.10.94";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1jxv7can60rc5i2yjgj8frcjvwi1jnba1jl8i3070xmb1d1qqy56";
sha256 = "023mrm8wjmxi6qp21p1d0kzs8k0pls6l8kp75ajix2ls9am49zr8";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.15.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.15.16";
version = "5.15.17";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "150pzxra564z9xaaclmbbd29x4x9il8y78zz7szi50lzx0a0l2ms";
sha256 = "1pmbf3xin533z4jpqj8p733ii5zk0k36v4cpzl14k62rrk0gb1r7";
};
} // (args.argsOverride or { }))

4
pkgs/os-specific/linux/kernel/linux-5.16.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.16.2";
version = "5.16.3";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0i1vcv2zi80ixmgjdcq6yk8qhwaqlbbmmrq0prxk41339lx87zh9";
sha256 = "1cdmp7k6qfm8gyr8zv589y6bgmyj7n6wyk36f98m0w2vq3ljyh5s";
};
} // (args.argsOverride or { }))

4
pkgs/os-specific/linux/kernel/linux-5.4.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.4.173";
version = "5.4.174";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0ff2jvwxj55547wvwp94a8bsd610s72906d4nsyhiirrn9sy5s4r";
sha256 = "1a88hfcskrcbz7gyh8pkcymka4djdhdy6fdh4i0b9ygsmvjipkg8";
};
} // (args.argsOverride or {}))

18
pkgs/servers/http/lighttpd/default.nix
View file

@ -1,4 +1,5 @@
{ lib, stdenv, buildPackages, fetchurl, pkg-config, pcre, libxml2, zlib, bzip2, which, file
{ lib, stdenv, buildPackages, fetchurl, pkg-config, pcre2, libxml2, zlib, bzip2, which, file
, fetchpatch
, openssl
, enableDbi ? false, libdbi
, enableMagnet ? false, lua5_1
@ -9,23 +10,22 @@
, enableWebDAV ? false, sqlite, libuuid
, enableExtendedAttrs ? false, attr
, perl
, fetchpatch
}:
stdenv.mkDerivation rec {
pname = "lighttpd";
version = "1.4.63";
version = "1.4.64";
src = fetchurl {
url = "https://download.lighttpd.net/lighttpd/releases-${lib.versions.majorMinor version}.x/${pname}-${version}.tar.xz";
sha256 = "1fgasvif13gvzz4rf5mjpy28cbw9fs4ymhx18494mxgb080pzvra";
sha256 = "sha256-4Uidn6dJb78uBxwzi1k7IwDTjCPx5ZZ+UsnvSC4bDiY=";
};
patches = [
(fetchpatch {
name = "CVE-2022-22707.patch";
url = "https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664.patch";
sha256 = "0zm2khgllsd1ivh9m7sisfsyrdfz45zsmiwl963wf0gn8m100gzk";
name = "macos-10.12-avoid-ccrandomgeneratebytes.patch";
url = "https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/6791f71b20a127b5b0091020dd065f4f9c7cafb6/diff?format=diff";
sha256 = "1x5ybkvxwinl7s1nv3rrc57m4mj38q0gbyjp1ijr4w5lhabw4vzs";
})
];
@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ pkg-config ];
buildInputs = [ pcre pcre.dev libxml2 zlib bzip2 which file openssl ]
buildInputs = [ pcre2 pcre2.dev libxml2 zlib bzip2 which file openssl ]
++ lib.optional enableDbi libdbi
++ lib.optional enableMagnet lua5_1
++ lib.optional enableMysql libmysqlclient
@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
++ lib.optional enableExtendedAttrs "--with-attr";
preConfigure = ''
export PATH=$PATH:${pcre.dev}/bin
export PATH=$PATH:${pcre2.dev}/bin
sed -i "s:/usr/bin/file:${file}/bin/file:g" configure
'';

53
pkgs/servers/softether/4.25.nix
View file

@ -1,53 +0,0 @@
{ lib, stdenv, fetchurl
, openssl, readline, ncurses, zlib
, dataDir ? "/var/lib/softether" }:
let
os = if stdenv.isLinux then "1"
else if stdenv.isFreeBSD then "2"
else if stdenv.isSunOS then "3"
else if stdenv.isDarwin then "4"
else if stdenv.isOpenBSD then "5"
else "";
cpuBits = if stdenv.is64bit then "2" else "1";
in
stdenv.mkDerivation rec {
pname = "softether";
version = "4.25";
build = "9656";
compiledDate = "2018.01.15";
src = fetchurl {
url = "http://www.softether-download.com/files/softether/v${version}-${build}-rtm-${compiledDate}-tree/Source_Code/softether-src-v${version}-${build}-rtm.tar.gz";
sha256 = "1y1m8lf0xfh7m70d15wj2jjf5a5qhi3j49ciwqmsscsqvb1xwimr";
};
buildInputs = [ openssl readline ncurses zlib ];
preConfigure = ''
echo "${os}
${cpuBits}
" | ./configure
rm configure
'';
buildPhase = ''
mkdir -p $out/bin
sed -i \
-e "/INSTALL_BINDIR=/s|/usr/bin|/bin|g" \
-e "/_DIR=/s|/usr|${dataDir}|g" \
-e "s|\$(INSTALL|$out/\$(INSTALL|g" \
-e "/echo/s|echo $out/|echo |g" \
Makefile
'';
meta = with lib; {
description = "An Open-Source Free Cross-platform Multi-protocol VPN Program";
homepage = "https://www.softether.org/";
license = licenses.gpl2;
maintainers = [ maintainers.rick68 ];
platforms = [ "x86_64-linux" ];
};
}

4
pkgs/tools/networking/keepalived/default.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
pname = "keepalived";
version = "2.2.4";
version = "2.2.7";
src = fetchFromGitHub {
owner = "acassen";
repo = "keepalived";
rev = "v${version}";
sha256 = "sha256-WXKu+cabMmXNHiLwXrQqS8GQHIWYkee7vPddyGURWic=";
sha256 = "sha256-erpYC4klkgvZ9D+4qM/qIHajsyOGKRbX7lhs6lfWFTQ=";
};
buildInputs = [

31
pkgs/tools/networking/twa/default.nix
View file

@ -1,25 +1,25 @@
{ stdenv
{ lib
, stdenv
, fetchFromGitHub
, makeWrapper
, bash
, curl
, fetchFromGitHub
, dnsutils
, gawk
, host
, jq
, lib
, makeWrapper
, ncurses
, netcat
}:
stdenv.mkDerivation rec {
pname = "twa";
version = "1.9.1";
version = "1.10.0";
src = fetchFromGitHub {
owner = "trailofbits";
repo = "twa";
rev = version;
sha256 = "1ab3bcyhfach9y15w8ffvqqan2qk8h62n6z8nqbgygi7n1mf6jzx";
rev = "v${version}";
hash = "sha256-8c1o03iwStmhjKHmEXIZGyaSOAJRlOuhu0ERjCO5SHg=";
};
dontBuild = true;
@ -28,12 +28,14 @@ stdenv.mkDerivation rec {
buildInputs = [ bash
curl
dnsutils
gawk
host.dnsutils
jq
netcat ];
installPhase = ''
runHook preInstall
install -Dm 0755 twa "$out/bin/twa"
install -Dm 0755 tscore "$out/bin/tscore"
install -Dm 0644 twa.1 "$out/share/man/man1/twa.1"
@ -41,10 +43,13 @@ stdenv.mkDerivation rec {
wrapProgram "$out/bin/twa" \
--prefix PATH : ${lib.makeBinPath [ curl
host.dnsutils
jq
ncurses
netcat ]}
dnsutils
gawk
jq
ncurses
netcat ]}
runHook postInstall
'';
meta = with lib; {

208
pkgs/tools/package-management/nix/common.nix Normal file
View file

@ -0,0 +1,208 @@
{ lib, fetchFromGitHub
, version
, suffix ? ""
, sha256 ? null
, src ? fetchFromGitHub { owner = "NixOS"; repo = "nix"; rev = version; inherit sha256; }
, patches ? [ ]
}:
assert (sha256 == null) -> (src != null);
let
atLeast24 = lib.versionAtLeast version "2.4pre";
atLeast25 = lib.versionAtLeast version "2.5pre";
in
{ stdenv
, autoconf-archive
, autoreconfHook
, bash
, bison
, boehmgc
, boost
, brotli
, busybox-sandbox-shell
, bzip2
, callPackage
, coreutils
, curl
, editline
, flex
, gnutar
, gtest
, gzip
, jq
, lib
, libarchive
, libcpuid
, libsodium
, lowdown
, mdbook
, nlohmann_json
, openssl
, perl
, pkg-config
, Security
, sqlite
, util-linuxMinimal
, xz
, enableDocumentation ? atLeast24 || stdenv.hostPlatform == stdenv.buildPlatform
, enableStatic ? stdenv.hostPlatform.isStatic
, withAWS ? !enableStatic && (stdenv.isLinux || stdenv.isDarwin), aws-sdk-cpp
, withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp, libseccomp
, confDir
, stateDir
, storeDir
}:
stdenv.mkDerivation {
pname = "nix";
version = "${version}${suffix}";
VERSION_SUFFIX = suffix;
inherit src patches;
outputs =
[ "out" "dev" ]
++ lib.optionals enableDocumentation [ "man" "doc" ];
hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ];
nativeBuildInputs = [
pkg-config
] ++ lib.optionals atLeast24 [
autoconf-archive
autoreconfHook
bison
flex
jq
] ++ lib.optionals (atLeast24 && enableDocumentation) [
(lib.getBin lowdown)
mdbook
] ++ lib.optionals stdenv.isLinux [
util-linuxMinimal
];
buildInputs = [
boost
brotli
bzip2
curl
editline
libsodium
openssl
sqlite
xz
] ++ lib.optionals stdenv.isDarwin [
Security
] ++ lib.optionals atLeast24 [
gtest
libarchive
lowdown
] ++ lib.optionals (atLeast24 && stdenv.isx86_64) [
libcpuid
] ++ lib.optionals withLibseccomp [
libseccomp
] ++ lib.optionals withAWS [
aws-sdk-cpp
];
propagatedBuildInputs = [ boehmgc ];
NIX_LDFLAGS = lib.optionals (!atLeast24) [
# https://github.com/NixOS/nix/commit/3e85c57a6cbf46d5f0fe8a89b368a43abd26daba
(lib.optionalString enableStatic "-lssl -lbrotlicommon -lssh2 -lz -lnghttp2 -lcrypto")
# https://github.com/NixOS/nix/commits/74b4737d8f0e1922ef5314a158271acf81cd79f8
(lib.optionalString (stdenv.hostPlatform.system == "armv5tel-linux" || stdenv.hostPlatform.system == "armv6l-linux") "-latomic")
];
preConfigure =
# Copy libboost_context so we don't get all of Boost in our closure.
# https://github.com/NixOS/nixpkgs/issues/45462
lib.optionalString (!enableStatic) ''
mkdir -p $out/lib
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
rm -f $out/lib/*.a
${lib.optionalString stdenv.isLinux ''
chmod u+w $out/lib/*.so.*
patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
''}
'' +
# On all versions before c9f51e87057652db0013289a95deffba495b35e7, which
# removes config.nix entirely and is not present in 2.3.x, we need to
# patch around an issue where the Nix configure step pulls in the build
# system's bash and other utilities when cross-compiling.
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && !atLeast24) ''
mkdir tmp/
substitute corepkgs/config.nix.in tmp/config.nix.in \
--subst-var-by bash ${bash}/bin/bash \
--subst-var-by coreutils ${coreutils}/bin \
--subst-var-by bzip2 ${bzip2}/bin/bzip2 \
--subst-var-by gzip ${gzip}/bin/gzip \
--subst-var-by xz ${xz}/bin/xz \
--subst-var-by tar ${gnutar}/bin/tar \
--subst-var-by tr ${coreutils}/bin/tr
mv tmp/config.nix.in corepkgs/config.nix.in
'';
configureFlags = [
"--with-store-dir=${storeDir}"
"--localstatedir=${stateDir}"
"--sysconfdir=${confDir}"
"--enable-gc"
] ++ lib.optionals (!enableDocumentation) [
"--disable-doc-gen"
] ++ lib.optionals (!atLeast24) [
# option was removed in 2.4
"--disable-init-state"
] ++ lib.optionals stdenv.isLinux [
"--with-sandbox-shell=${busybox-sandbox-shell}/bin/busybox"
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system) [
"--with-system=${stdenv.hostPlatform.nix.system}"
] ++ lib.optionals (!withLibseccomp) [
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
"--disable-seccomp-sandboxing"
];
makeFlags = [
"profiledir=$(out)/etc/profile.d"
] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "PRECOMPILE_HEADERS=0";
installFlags = [ "sysconfdir=$(out)/etc" ];
doInstallCheck = true;
# socket path becomes too long otherwise
preInstallCheck = lib.optionalString stdenv.isDarwin ''
export TMPDIR=$NIX_BUILD_TOP
''
# See https://github.com/NixOS/nix/issues/5687
+ lib.optionalString (atLeast25 && stdenv.isDarwin) ''
echo "exit 99" > tests/gc-non-blocking.sh
'';
separateDebugInfo = stdenv.isLinux && (atLeast24 -> !enableStatic);
enableParallelBuilding = true;
meta = with lib; {
description = "Powerful package manager that makes package management reliable and reproducible";
longDescription = ''
Nix is a powerful package manager for Linux and other Unix systems that
makes package management reliable and reproducible. It provides atomic
upgrades and rollbacks, side-by-side installation of multiple versions of
a package, multi-user package management and easy setup of build
environments.
'';
homepage = "https://nixos.org/";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ eelco lovesegfault ];
platforms = platforms.unix;
outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
};
passthru = {
inherit boehmgc;
perl-bindings = perl.pkgs.toPerlModule (callPackage ./nix-perl.nix { inherit src version; });
};
}

297
pkgs/tools/package-management/nix/default.nix
View file

@ -1,288 +1,71 @@
{ lib, fetchurl, fetchFromGitHub, fetchpatch, callPackage
{ lib
, aws-sdk-cpp
, boehmgc
, callPackage
, fetchFromGitHub
, fetchurl
, fetchpatch
, Security
, storeDir ? "/nix/store"
, stateDir ? "/nix/var"
, confDir ? "/etc"
, boehmgc
, Security
}:
let
boehmgc-nix_2_3 = boehmgc.override { enableLargeConfig = true; };
common =
{ lib, stdenv, perl, curl, bzip2, sqlite, openssl ? null, xz
, bash, coreutils, util-linuxMinimal, gzip, gnutar
, pkg-config, boehmgc, libsodium, brotli, boost, editline, nlohmann_json
, autoreconfHook, autoconf-archive, bison, flex
, jq, libarchive, libcpuid
, lowdown, mdbook
# Used by tests
, gtest
, busybox-sandbox-shell
, storeDir
, stateDir
, confDir
, withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp, libseccomp
, withAWS ? !enableStatic && (stdenv.isLinux || stdenv.isDarwin), aws-sdk-cpp
, enableStatic ? stdenv.hostPlatform.isStatic
, enableDocumentation ? lib.versionOlder version "2.4pre" ||
stdenv.hostPlatform == stdenv.buildPlatform
, pname, version, suffix ? "", src
, patches ? [ ]
}:
let
sh = busybox-sandbox-shell;
is24 = lib.versionAtLeast version "2.4pre";
is25 = lib.versionAtLeast version "2.5pre";
nix = stdenv.mkDerivation {
inherit pname version src patches;
VERSION_SUFFIX = suffix;
outputs =
[ "out" "dev" ]
++ lib.optionals enableDocumentation [ "man" "doc" ];
hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ];
nativeBuildInputs =
[ pkg-config ]
++ lib.optionals stdenv.isLinux [ util-linuxMinimal ]
++ lib.optionals (is24 && enableDocumentation) [
(lib.getBin lowdown) mdbook
]
++ lib.optionals is24
[ autoreconfHook
autoconf-archive
bison flex
jq
];
buildInputs =
[ curl libsodium openssl sqlite xz bzip2
brotli boost editline
]
++ lib.optionals stdenv.isDarwin [ Security ]
++ lib.optionals is24 [ libarchive gtest lowdown ]
++ lib.optional (is24 && stdenv.isx86_64) libcpuid
++ lib.optional withLibseccomp libseccomp
++ lib.optional withAWS
((aws-sdk-cpp.override {
apis = ["s3" "transfer"];
customMemoryManagement = false;
}).overrideDerivation (args: {
patches = args.patches or [] ++ [
./aws-sdk-cpp-TransferManager-ContentEncoding.patch
];
}));
propagatedBuildInputs = [ boehmgc ];
NIX_LDFLAGS = lib.optionals (!is24) [
# https://github.com/NixOS/nix/commit/3e85c57a6cbf46d5f0fe8a89b368a43abd26daba
(lib.optionalString enableStatic "-lssl -lbrotlicommon -lssh2 -lz -lnghttp2 -lcrypto")
# https://github.com/NixOS/nix/commits/74b4737d8f0e1922ef5314a158271acf81cd79f8
(lib.optionalString (stdenv.hostPlatform.system == "armv5tel-linux" || stdenv.hostPlatform.system == "armv6l-linux") "-latomic")
];
preConfigure =
# Copy libboost_context so we don't get all of Boost in our closure.
# https://github.com/NixOS/nixpkgs/issues/45462
lib.optionalString (!enableStatic) ''
mkdir -p $out/lib
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
rm -f $out/lib/*.a
${lib.optionalString stdenv.isLinux ''
chmod u+w $out/lib/*.so.*
patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
''}
'' +
# On all versions before c9f51e87057652db0013289a95deffba495b35e7, which
# removes config.nix entirely and is not present in 2.3.x, we need to
# patch around an issue where the Nix configure step pulls in the build
# system's bash and other utilities when cross-compiling.
lib.optionalString (
stdenv.buildPlatform != stdenv.hostPlatform && !is24
) ''
mkdir tmp/
substitute corepkgs/config.nix.in tmp/config.nix.in \
--subst-var-by bash ${bash}/bin/bash \
--subst-var-by coreutils ${coreutils}/bin \
--subst-var-by bzip2 ${bzip2}/bin/bzip2 \
--subst-var-by gzip ${gzip}/bin/gzip \
--subst-var-by xz ${xz}/bin/xz \
--subst-var-by tar ${gnutar}/bin/tar \
--subst-var-by tr ${coreutils}/bin/tr
mv tmp/config.nix.in corepkgs/config.nix.in
'';
configureFlags =
[ "--with-store-dir=${storeDir}"
"--localstatedir=${stateDir}"
"--sysconfdir=${confDir}"
"--enable-gc"
]
++ lib.optional (!enableDocumentation) "--disable-doc-gen"
++ lib.optionals (!is24) [
# option was removed in 2.4
"--disable-init-state"
]
++ lib.optionals stdenv.isLinux [
"--with-sandbox-shell=${sh}/bin/busybox"
]
++ lib.optional (
stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system
) "--with-system=${stdenv.hostPlatform.nix.system}"
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
++ lib.optional (!withLibseccomp) "--disable-seccomp-sandboxing";
makeFlags = [ "profiledir=$(out)/etc/profile.d" ]
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "PRECOMPILE_HEADERS=0";
installFlags = [ "sysconfdir=$(out)/etc" ];
doInstallCheck = true; # not cross
# socket path becomes too long otherwise
preInstallCheck = lib.optionalString stdenv.isDarwin ''
export TMPDIR=$NIX_BUILD_TOP
''
# See https://github.com/NixOS/nix/issues/5687
+ lib.optionalString (is25 && stdenv.isDarwin) ''
echo "exit 99" > tests/gc-non-blocking.sh
'';
separateDebugInfo = stdenv.isLinux && (is24 -> !enableStatic);
enableParallelBuilding = true;
meta = with lib; {
description = "Powerful package manager that makes package management reliable and reproducible";
longDescription = ''
Nix is a powerful package manager for Linux and other Unix systems that
makes package management reliable and reproducible. It provides atomic
upgrades and rollbacks, side-by-side installation of multiple versions of
a package, multi-user package management and easy setup of build
environments.
'';
homepage = "https://nixos.org/";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ eelco lovesegfault ];
platforms = platforms.unix;
outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
};
passthru = {
is24 = lib.warn ''nix package: attribute .is24 is deprecated. Please use lib.versionAtLeast X.version "2.4pre".'' is24;
is25 = lib.warn ''nix package: attribute .is25 is deprecated. Please use lib.versionAtLeast X.version "2.5pre".'' is25;
perl-bindings = perl.pkgs.toPerlModule (stdenv.mkDerivation {
pname = "nix-perl";
inherit version;
inherit src;
postUnpack = "sourceRoot=$sourceRoot/perl";
# This is not cross-compile safe, don't have time to fix right now
# but noting for future travellers.
nativeBuildInputs =
[ perl pkg-config curl nix libsodium boost autoreconfHook autoconf-archive nlohmann_json ];
configureFlags =
[ "--with-dbi=${perl.pkgs.DBI}/${perl.libPrefix}"
"--with-dbd-sqlite=${perl.pkgs.DBDSQLite}/${perl.libPrefix}"
];
preConfigure = "export NIX_STATE_DIR=$TMPDIR";
preBuild = "unset NIX_INDENT_MAKE";
});
inherit boehmgc;
};
};
in nix;
boehmgc_nix_2_3 = boehmgc.override {
enableLargeConfig = true;
};
boehmgc_nix = boehmgc_nix_2_3.overrideAttrs (drv: {
patches = (drv.patches or []) ++ [
# Part of the GC solution in https://github.com/NixOS/nix/pull/4944
(fetchpatch {
url = "https://github.com/hercules-ci/nix/raw/5c58d84a76d96f269e3ff1e72c9c9ba5f68576af/boehmgc-coroutine-sp-fallback.diff";
sha256 = "sha256-JvnWVTlkltmQUs/0qApv/LPZ690UX1/2hEP+LYRwKbI=";
})
];
boehmgc-nix = boehmgc-nix_2_3.overrideAttrs (drv: {
# Part of the GC solution in https://github.com/NixOS/nix/pull/4944
patches = (drv.patches or [ ]) ++ [ ./patches/boehmgc-coroutine-sp-fallback.patch ];
});
# master: https://github.com/NixOS/nix/pull/5536
# 2.4: https://github.com/NixOS/nix/pull/5537
installNlohmannJsonPatch = fetchpatch {
url = "https://github.com/NixOS/nix/pull/5536.diff";
sha256 = "sha256-SPnam4xNIjbMgnq6IP1AaM1V62X0yZNo4DEVmI8sHOo=";
};
buildNix =
{ version, suffix ? ""
, src ? null, sha256 ? null
, boehmgc ? boehmgc_nix, patches ? [ ]
}:
assert (src == null) -> (sha256 != null);
assert (sha256 == null) -> (src != null);
callPackage common {
pname = "nix";
version = "${version}${suffix}";
inherit suffix;
src =
if src != null
then src
else fetchFromGitHub {
owner = "NixOS";
repo = "nix";
rev = version;
inherit sha256;
};
inherit boehmgc patches;
inherit storeDir stateDir confDir;
};
aws-sdk-cpp-nix = (aws-sdk-cpp.override {
apis = [ "s3" "transfer" ];
customMemoryManagement = false;
}).overrideDerivation (args: {
patches = (args.patches or [ ]) ++ [ ./patches/aws-sdk-cpp-TransferManager-ContentEncoding.patch ];
});
common = args:
callPackage
(import ./common.nix ({ inherit lib fetchFromGitHub; } // args))
{
inherit Security storeDir stateDir confDir;
boehmgc = boehmgc-nix;
aws-sdk-cpp = aws-sdk-cpp-nix;
};
in rec {
nix = nixStable;
nixStable = nix_2_5;
nix_2_3 = buildNix rec {
nix_2_3 = (common rec {
version = "2.3.16";
src = fetchurl {
url = "https://nixos.org/releases/nix/nix-${version}/nix-${version}.tar.xz";
sha256 = "sha256-fuaBtp8FtSVJLSAsO+3Nne4ZYLuBj2JpD2xEk7fCqrw=";
};
boehmgc = boehmgc_nix_2_3;
};
}).override { boehmgc = boehmgc-nix_2_3; };
nix_2_4 = buildNix {
nix_2_4 = common {
version = "2.4";
sha256 = "sha256-op48CCDgLHK0qV1Batz4Ln5FqBiRjlE6qHTiZgt3b6k=";
patches = [ installNlohmannJsonPatch ];
# https://github.com/NixOS/nix/pull/5537
patches = [ ./patches/install-nlohmann_json-headers.patch ];
};
nix_2_5 = buildNix {
nix_2_5 = common {
version = "2.5.1";
sha256 = "sha256-GOsiqy9EaTwDn2PLZ4eFj1VkXcBUbqrqHehRE9GuGdU=";
patches = [ installNlohmannJsonPatch ];
# https://github.com/NixOS/nix/pull/5536
patches = [ ./patches/install-nlohmann_json-headers.patch ];
};
nix_2_6 = buildNix {
nix_2_6 = common {
version = "2.6.0";
sha256 = "sha256-xEPeMcNJVOeZtoN+d+aRwolpW8mFSEQx76HTRdlhPhg=";
};
nixUnstable = lib.lowPrio (buildNix rec {
# FIXME: nix_2_6 is broken on aarch64-darwin for now.
stable = nix_2_5;
unstable = lib.lowPrio (common rec {
version = "2.7";
suffix = "pre20220124_${lib.substring 0 7 src.rev}";
src = fetchFromGitHub {

44
pkgs/tools/package-management/nix/nix-perl.nix Normal file
View file

@ -0,0 +1,44 @@
{ stdenv
, perl
, pkg-config
, curl
, nix
, libsodium
, boost
, autoreconfHook
, autoconf-archive
, nlohmann_json
, version
, src
}:
stdenv.mkDerivation {
pname = "nix-perl";
inherit version src;
postUnpack = "sourceRoot=$sourceRoot/perl";
# This is not cross-compile safe, don't have time to fix right now
# but noting for future travellers.
nativeBuildInputs = [
autoconf-archive
autoreconfHook
boost
curl
libsodium
nix
nlohmann_json
perl
pkg-config
];
configureFlags = [
"--with-dbi=${perl.pkgs.DBI}/${perl.libPrefix}"
"--with-dbd-sqlite=${perl.pkgs.DBDSQLite}/${perl.libPrefix}"
];
preConfigure = "export NIX_STATE_DIR=$TMPDIR";
preBuild = "unset NIX_INDENT_MAKE";
}

0
pkgs/tools/package-management/nix/aws-sdk-cpp-TransferManager-ContentEncoding.patch → pkgs/tools/package-management/nix/patches/aws-sdk-cpp-TransferManager-ContentEncoding.patch
View file

45
pkgs/tools/package-management/nix/patches/boehmgc-coroutine-sp-fallback.patch Normal file
View file

@ -0,0 +1,45 @@
diff --git a/pthread_stop_world.c b/pthread_stop_world.c
index 4b2c429..1fb4c52 100644
--- a/pthread_stop_world.c
+++ b/pthread_stop_world.c
@@ -673,6 +673,8 @@ GC_INNER void GC_push_all_stacks(void)
struct GC_traced_stack_sect_s *traced_stack_sect;
pthread_t self = pthread_self();
word total_size = 0;
+ size_t stack_limit;
+ pthread_attr_t pattr;
if (!EXPECT(GC_thr_initialized, TRUE))
GC_thr_init();
@@ -722,6 +724,31 @@ GC_INNER void GC_push_all_stacks(void)
hi = p->altstack + p->altstack_size;
/* FIXME: Need to scan the normal stack too, but how ? */
/* FIXME: Assume stack grows down */
+ } else {
+ if (pthread_getattr_np(p->id, &pattr)) {
+ ABORT("GC_push_all_stacks: pthread_getattr_np failed!");
+ }
+ if (pthread_attr_getstacksize(&pattr, &stack_limit)) {
+ ABORT("GC_push_all_stacks: pthread_attr_getstacksize failed!");
+ }
+ if (pthread_attr_destroy(&pattr)) {
+ ABORT("GC_push_all_stacks: pthread_attr_destroy failed!");
+ }
+ // When a thread goes into a coroutine, we lose its original sp until
+ // control flow returns to the thread.
+ // While in the coroutine, the sp points outside the thread stack,
+ // so we can detect this and push the entire thread stack instead,
+ // as an approximation.
+ // We assume that the coroutine has similarly added its entire stack.
+ // This could be made accurate by cooperating with the application
+ // via new functions and/or callbacks.
+ #ifndef STACK_GROWS_UP
+ if (lo >= hi || lo < hi - stack_limit) { // sp outside stack
+ lo = hi - stack_limit;
+ }
+ #else
+ #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix."
+ #endif
}
GC_push_all_stack_sections(lo, hi, traced_stack_sect);
# ifdef STACK_GROWS_UP

36
pkgs/tools/package-management/nix/patches/install-nlohmann_json-headers.patch Normal file
View file

@ -0,0 +1,36 @@
From 3884f7a69a57d8ecfcbcaae476ec2ff53ffbd549 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 11 Nov 2021 11:03:21 +0100
Subject: [PATCH] Install nlohmann_json headers
These headers are included by the libexpr, libfetchers, libstore
and libutil headers.
Considering that these are vendored sources, Nix should expose them,
as it is not a good idea for reverse dependencies to rely on a
potentially different source that can go out of sync.
---
Makefile | 1 +
src/nlohmann/local.mk | 2 ++
2 files changed, 3 insertions(+)
create mode 100644 src/nlohmann/local.mk
diff --git a/Makefile b/Makefile
index 5040d288485..e6ce50cbdb7 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,7 @@ makefiles = \
src/libexpr/local.mk \
src/libcmd/local.mk \
src/nix/local.mk \
+ src/nlohmann/local.mk \
src/resolve-system-dependencies/local.mk \
scripts/local.mk \
misc/bash/local.mk \
diff --git a/src/nlohmann/local.mk b/src/nlohmann/local.mk
new file mode 100644
index 00000000000..63c427e000e
--- /dev/null
+++ b/src/nlohmann/local.mk
@@ -0,0 +1,2 @@
+$(foreach i, $(wildcard src/nlohmann/*.hpp), \
+ $(eval $(call install-file-in, $(i), $(includedir)/nlohmann, 0644)))

4
pkgs/tools/security/exploitdb/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "exploitdb";
version = "2022-01-25";
version = "2022-01-26";
src = fetchFromGitHub {
owner = "offensive-security";
repo = pname;
rev = version;
sha256 = "sha256-kqb5MhdKA6qvIdnTzPNUscksyz2GWaiPJg2JxA1C3p0=";
sha256 = "sha256-5WdAh4YFNLOF8h8f0pN6GHdoyASf/3fN345Mp9b1Cfg=";
};
nativeBuildInputs = [ makeWrapper ];

8
pkgs/tools/virtualization/linode-cli/default.nix
View file

@ -11,10 +11,10 @@
}:
let
sha256 = "10mlkkprky7qqjrkv43v1lzmlgdjpkzy3729k9xxdm5mpq5bjdwj";
sha256 = "0vyvmfrq3jnwqqjf2rsd5qnnwvvq71165ws7smnxk5jn8lqkq6z1";
# specVersion taken from: https://www.linode.com/docs/api/openapi.yaml at `info.version`.
specVersion = "4.112.3";
specSha256 = "15qlk0vd6l1gkxjbmvfwwdgjv7517y0kf0s3d32r3m2xqdsw9pc6";
specVersion = "4.113.0";
specSha256 = "0r02h6a75ad2yahff62ilmlcnp3w4j4djkx187zyh9kdvf1lzqb9";
spec = fetchurl {
url = "https://raw.githubusercontent.com/linode/linode-api-docs/v${specVersion}/openapi.yaml";
sha256 = specSha256;
@ -24,7 +24,7 @@ in
buildPythonApplication rec {
pname = "linode-cli";
version = "5.14.0";
version = "5.15.0";
src = fetchFromGitHub {
owner = "linode";

8
pkgs/top-level/aliases.nix
View file

@ -664,7 +664,13 @@ mapAliases ({
nilfs_utils = nilfs-utils; # added 2018-04-25
nix-direnv-flakes = nix-direnv;
nix-review = nixpkgs-review; # added 2019-12-22
nixFlakes = nixStable; # added 2021-05-21
nixFlakes = nixVersions.stable; # added 2021-05-21
nixStable = nixVersions.stable; # added 2022-01-24
nixUnstable = nixVersions.unstable; # added 2022-01-26
nix_2_3 = nixVersions.nix_2_3;
nix_2_4 = nixVersions.nix_2_4;
nix_2_5 = nixVersions.nix_2_5;
nix_2_6 = nixVersions.nix_2_6;
nmap_graphical = nmap-graphical; # added 2017-01-19
nmap-unfree = nmap; # added 2021-04-06
nologin = shadow; # added 2018-04-25

40
pkgs/top-level/all-packages.nix
View file

@ -2929,9 +2929,10 @@ with pkgs;
inherit (darwin.apple_sdk.frameworks) Security AppKit CoreServices;
electron = electron_13;
};
element-desktop-wayland = element-desktop.override {
useWayland = true;
};
element-desktop-wayland = writeScript "element-desktop-wayland" ''
#!/bin/sh
NIXOS_OZONE_WL=1 exec ${element-desktop}/bin/element-desktop "$@"
'';
element-web = callPackage ../applications/networking/instant-messengers/element/element-web.nix {
conf = config.element-web.conf or {};
@ -4923,9 +4924,10 @@ with pkgs;
inherit (darwin.apple_sdk.frameworks) Security AppKit CoreServices;
electron = electron_13;
};
schildichat-desktop-wayland = schildichat-desktop.override {
useWayland = true;
};
schildichat-desktop-wayland = writeScript "schildichat-desktop-wayland" ''
#!/bin/sh
NIXOS_OZONE_WL=1 exec ${schildichat-desktop}/bin/schildichat-desktop "$@"
'';
schildichat-web = callPackage ../applications/networking/instant-messengers/schildichat/schildichat-web.nix {
conf = config.schildichat-web.conf or {};
@ -19023,9 +19025,7 @@ with pkgs;
ogre = ogre1_9;
};
mysocketw = callPackage ../development/libraries/mysocketw {
openssl = openssl_1_0_2;
};
mysocketw = callPackage ../development/libraries/mysocketw { };
mythes = callPackage ../development/libraries/mythes { };
@ -21638,7 +21638,6 @@ with pkgs;
openfire = callPackage ../servers/xmpp/openfire { };
softether_4_25 = callPackage ../servers/softether/4.25.nix { openssl = openssl_1_0_2; };
softether_4_29 = callPackage ../servers/softether/4.29.nix { };
softether = softether_4_29;
@ -33122,18 +33121,13 @@ with pkgs;
neo = callPackage ../applications/misc/neo { };
inherit (callPackage ../tools/package-management/nix {
storeDir = config.nix.storeDir or "/nix/store";
stateDir = config.nix.stateDir or "/nix/var";
inherit (darwin.apple_sdk.frameworks) Security;
})
nix
nixStable
nix_2_3
nix_2_4
nix_2_5
nix_2_6
nixUnstable;
nixVersions = callPackage ../tools/package-management/nix {
storeDir = config.nix.storeDir or "/nix/store";
stateDir = config.nix.stateDir or "/nix/var";
inherit (darwin.apple_sdk.frameworks) Security;
};
nix = nixVersions.stable;
nixStatic = pkgsStatic.nix;
@ -33306,7 +33300,7 @@ with pkgs;
nix-linter = haskell.lib.compose.justStaticExecutables (haskellPackages.nix-linter);
nixos-option = callPackage ../tools/nix/nixos-option { nix = nix_2_3; };
nixos-option = callPackage ../tools/nix/nixos-option { nix = nixVersions.nix_2_3; };
nix-pin = callPackage ../tools/package-management/nix-pin { };

2
pkgs/top-level/php-packages.nix
View file

@ -175,6 +175,8 @@ lib.makeScope pkgs.newScope (self: with self; {
couchbase = callPackage ../development/php-packages/couchbase { };
ds = callPackage ../development/php-packages/ds { };
event = callPackage ../development/php-packages/event { };
gnupg = callPackage ../development/php-packages/gnupg { };

2
pkgs/top-level/python-packages.nix
View file

@ -7921,7 +7921,7 @@ in {
python-http-client = callPackage ../development/python-modules/python-http-client { };
pythonix = callPackage ../development/python-modules/pythonix {
nix = pkgs.nix_2_3;
nix = pkgs.nixVersions.nix_2_3;
meson = pkgs.meson.override { python3 = self.python; };
};