Merge staging-next into staging
This commit is contained in:
commit
afe3fd192f
19 changed files with 264 additions and 66 deletions
|
@ -330,7 +330,7 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>vim</literal> switched to Python 3, dropping all Python 2 support.
|
||||
<literal>vim</literal> and <literal>neovim</literal> switched to Python 3, dropping all Python 2 support.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
|
|
@ -245,22 +245,85 @@ in {
|
|||
rm -f "${cfg.configDir}/ui-lovelace.yaml"
|
||||
ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
|
||||
'');
|
||||
serviceConfig = {
|
||||
ExecStart = "${package}/bin/hass --config '${cfg.configDir}'";
|
||||
serviceConfig = let
|
||||
# List of capabilities to equip home-assistant with, depending on configured components
|
||||
capabilities = [
|
||||
# Empty string first, so we will never accidentally have an empty capability bounding set
|
||||
# https://github.com/NixOS/nixpkgs/issues/120617#issuecomment-830685115
|
||||
""
|
||||
] ++ (unique (optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [
|
||||
# Required for interaction with hci devices and bluetooth sockets
|
||||
# https://www.home-assistant.io/integrations/bluetooth_le_tracker/#rootless-setup-on-core-installs
|
||||
"CAP_NET_ADMIN"
|
||||
"CAP_NET_RAW"
|
||||
] ++ lib.optionals (useComponent "emulated_hue") [
|
||||
# Alexa looks for the service on port 80
|
||||
# https://www.home-assistant.io/integrations/emulated_hue
|
||||
"CAP_NET_BIND_SERVICE"
|
||||
] ++ lib.optionals (useComponent "nmap_tracker") [
|
||||
# https://www.home-assistant.io/integrations/nmap_tracker#linux-capabilities
|
||||
"CAP_NET_ADMIN"
|
||||
"CAP_NET_BIND_SERVICE"
|
||||
"CAP_NET_RAW"
|
||||
]));
|
||||
in {
|
||||
ExecStart = "${package}/bin/hass --runner --config '${cfg.configDir}'";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
User = "hass";
|
||||
Group = "hass";
|
||||
Restart = "on-failure";
|
||||
RestartForceExitStatus = "100";
|
||||
SuccessExitStatus = "100";
|
||||
KillSignal = "SIGINT";
|
||||
|
||||
# Hardening
|
||||
AmbientCapabilities = capabilities;
|
||||
CapabilityBoundingSet = capabilities;
|
||||
DeviceAllow = [
|
||||
"char-ttyACM rw"
|
||||
"char-ttyAMA rw"
|
||||
"char-ttyUSB rw"
|
||||
];
|
||||
DevicePolicy = "closed";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = false; # prevents gaining capabilities in the host namespace
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
ReadWritePaths = let
|
||||
# Allow rw access to explicitly configured paths
|
||||
cfgPath = [ "config" "homeassistant" "allowlist_external_dirs" ];
|
||||
value = attrByPath cfgPath [] cfg;
|
||||
allowPaths = if isList value then value else singleton value;
|
||||
in [ "${cfg.configDir}" ] ++ allowPaths;
|
||||
KillSignal = "SIGINT";
|
||||
PrivateTmp = true;
|
||||
RemoveIPC = true;
|
||||
AmbientCapabilities = "cap_net_raw,cap_net_admin+eip";
|
||||
RestrictAddressFamilies = [
|
||||
"AF_UNIX"
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
] ++ optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [
|
||||
"AF_BLUETOOTH"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SupplementaryGroups = [ "dialout" ];
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
];
|
||||
UMask = "0077";
|
||||
};
|
||||
path = [
|
||||
"/run/wrappers" # needed for ping
|
||||
|
@ -278,7 +341,6 @@ in {
|
|||
home = cfg.configDir;
|
||||
createHome = true;
|
||||
group = "hass";
|
||||
extraGroups = [ "dialout" ];
|
||||
uid = config.ids.uids.hass;
|
||||
};
|
||||
|
||||
|
|
|
@ -20,8 +20,7 @@ let
|
|||
acl_file ${aclFile}
|
||||
persistence true
|
||||
allow_anonymous ${boolToString cfg.allowAnonymous}
|
||||
bind_address ${cfg.host}
|
||||
port ${toString cfg.port}
|
||||
listener ${toString cfg.port} ${cfg.host}
|
||||
${passwordConf}
|
||||
${listenerConf}
|
||||
${cfg.extraConf}
|
||||
|
@ -233,15 +232,50 @@ in
|
|||
ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
# Hardening
|
||||
CapabilityBoundingSet = "";
|
||||
DevicePolicy = "closed";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
PrivateUsers = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
NoNewPrivileges = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
ProtectSystem = "strict";
|
||||
ReadWritePaths = [
|
||||
cfg.dataDir
|
||||
"/tmp" # mosquitto_passwd creates files in /tmp before moving them
|
||||
];
|
||||
ReadOnlyPaths = with cfg.ssl; lib.optionals (enable) [
|
||||
certfile
|
||||
keyfile
|
||||
cafile
|
||||
];
|
||||
RemoveIPC = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_UNIX" # for sd_notify() call
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
"~@resources"
|
||||
];
|
||||
UMask = "0077";
|
||||
};
|
||||
preStart = ''
|
||||
rm -f ${cfg.dataDir}/passwd
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
configDir = "/var/lib/foobar";
|
||||
|
@ -6,9 +6,7 @@ let
|
|||
mqttPassword = "secret";
|
||||
in {
|
||||
name = "home-assistant";
|
||||
meta = with pkgs.lib; {
|
||||
maintainers = with maintainers; [ dotlambda ];
|
||||
};
|
||||
meta.maintainers = lib.teams.home-assistant.members;
|
||||
|
||||
nodes.hass = { pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ mosquitto ];
|
||||
|
@ -47,6 +45,10 @@ in {
|
|||
payload_on = "let_there_be_light";
|
||||
payload_off = "off";
|
||||
}];
|
||||
emulated_hue = {
|
||||
host_ip = "127.0.0.1";
|
||||
listen_port = 80;
|
||||
};
|
||||
logger = {
|
||||
default = "info";
|
||||
logs."homeassistant.components.mqtt" = "debug";
|
||||
|
@ -82,6 +84,9 @@ in {
|
|||
hass.succeed(
|
||||
"mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"
|
||||
)
|
||||
with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
|
||||
hass.wait_for_open_port(80)
|
||||
hass.succeed("curl --fail http://localhost:80/description.xml")
|
||||
with subtest("Print log to ease debugging"):
|
||||
output_log = hass.succeed("cat ${configDir}/home-assistant.log")
|
||||
print("\n### home-assistant.log ###\n")
|
||||
|
@ -93,5 +98,8 @@ in {
|
|||
# example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light'
|
||||
with subtest("Check we received the mosquitto message"):
|
||||
assert "let_there_be_light" in output_log
|
||||
|
||||
with subtest("Check systemd unit hardening"):
|
||||
hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
port = 1888;
|
||||
|
@ -30,6 +30,9 @@ in {
|
|||
];
|
||||
};
|
||||
};
|
||||
|
||||
# disable private /tmp for this test
|
||||
systemd.services.mosquitto.serviceConfig.PrivateTmp = lib.mkForce false;
|
||||
};
|
||||
|
||||
client1 = client;
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
# now defaults to false because some tests can be flaky (clipboard etc)
|
||||
, doCheck ? false
|
||||
, nodejs ? null, fish ? null, python ? null
|
||||
, nodejs ? null, fish ? null, python3 ? null
|
||||
}:
|
||||
|
||||
with lib;
|
||||
|
@ -19,7 +19,7 @@ let
|
|||
]
|
||||
));
|
||||
|
||||
pyEnv = python.withPackages(ps: [ ps.pynvim ps.msgpack ]);
|
||||
pyEnv = python3.withPackages(ps: with ps; [ pynvim msgpack ]);
|
||||
|
||||
# FIXME: this is verry messy and strange.
|
||||
# see https://github.com/NixOS/nixpkgs/pull/80528
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ lib, mkDerivation, fetchFromGitHub, cmake, doxygen, makeWrapper
|
||||
, msgpack, neovim, pythonPackages, qtbase }:
|
||||
, msgpack, neovim, python3Packages, qtbase }:
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "neovim-qt-unwrapped";
|
||||
|
@ -20,7 +20,7 @@ mkDerivation rec {
|
|||
buildInputs = [
|
||||
neovim.unwrapped # only used to generate help tags at build time
|
||||
qtbase
|
||||
] ++ (with pythonPackages; [
|
||||
] ++ (with python3Packages; [
|
||||
jinja2 python msgpack
|
||||
]);
|
||||
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
{ lib, fetchFromGitHub, pythonPackages }:
|
||||
{ lib
|
||||
, fetchFromGitHub
|
||||
, python3
|
||||
, neovim
|
||||
}:
|
||||
|
||||
with lib;
|
||||
|
||||
pythonPackages.buildPythonApplication rec {
|
||||
with python3.pkgs; buildPythonApplication rec {
|
||||
pname = "neovim-remote";
|
||||
version = "2.4.0";
|
||||
disabled = !pythonPackages.isPy3k;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mhinz";
|
||||
|
@ -14,12 +17,24 @@ pythonPackages.buildPythonApplication rec {
|
|||
sha256 = "0jlw0qksak4bdzddpsj74pm2f2bgpj3cwrlspdjjy0j9qzg0mpl9";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with pythonPackages; [
|
||||
propagatedBuildInputs = [
|
||||
pynvim
|
||||
psutil
|
||||
setuptools
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
neovim
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# these tests get stuck and never return
|
||||
"test_escape_filenames_properly"
|
||||
"test_escape_single_quotes_in_filenames"
|
||||
"test_escape_double_quotes_in_filenames"
|
||||
];
|
||||
|
||||
meta = {
|
||||
description = "A tool that helps controlling nvim processes from a terminal";
|
||||
homepage = "https://github.com/mhinz/neovim-remote/";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ lib, stdenv, mkDerivation, fetchFromGitHub, cmake, doxygen, makeWrapper
|
||||
, msgpack, neovim, pythonPackages, qtbase, neovim-qt-unwrapped }:
|
||||
{ stdenv, makeWrapper, neovim, neovim-qt-unwrapped }:
|
||||
|
||||
let
|
||||
unwrapped = neovim-qt-unwrapped;
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
, neovim-unwrapped
|
||||
, bundlerEnv
|
||||
, ruby
|
||||
, pythonPackages
|
||||
, python3Packages
|
||||
, writeText
|
||||
, wrapNeovimUnstable
|
||||
|
@ -48,12 +47,6 @@ let
|
|||
requiredPlugins = vimUtils.requiredPlugins configure;
|
||||
getDeps = attrname: map (plugin: plugin.${attrname} or (_: [ ]));
|
||||
|
||||
pluginPython2Packages = getDeps "pythonDependencies" requiredPlugins;
|
||||
python2Env = pythonPackages.python.withPackages (ps:
|
||||
[ ps.pynvim ]
|
||||
++ (extraPython2Packages ps)
|
||||
++ (lib.concatMap (f: f ps) pluginPython2Packages));
|
||||
|
||||
pluginPython3Packages = getDeps "python3Dependencies" requiredPlugins;
|
||||
python3Env = python3Packages.python.withPackages (ps:
|
||||
[ ps.pynvim ]
|
||||
|
@ -69,7 +62,6 @@ let
|
|||
# While the latter tells nvim that this provider is not available
|
||||
hostprog_check_table = {
|
||||
node = withNodeJs;
|
||||
python = withPython2;
|
||||
python3 = withPython3;
|
||||
ruby = withRuby;
|
||||
};
|
||||
|
@ -99,11 +91,12 @@ let
|
|||
manifestRc = vimUtils.vimrcContent (configure // { customRC = ""; });
|
||||
neovimRcContent = vimUtils.vimrcContent configure;
|
||||
in
|
||||
assert withPython2 -> throw "Python2 support has been removed from neovim, please remove withPython2 and extraPython2Packages.";
|
||||
|
||||
args // {
|
||||
wrapperArgs = makeWrapperArgs;
|
||||
inherit neovimRcContent;
|
||||
inherit manifestRc;
|
||||
inherit python2Env;
|
||||
inherit python3Env;
|
||||
inherit withNodeJs;
|
||||
} // lib.optionalAttrs withRuby {
|
||||
|
@ -120,7 +113,7 @@ let
|
|||
# to keep backwards compatibility
|
||||
legacyWrapper = neovim: {
|
||||
extraMakeWrapperArgs ? ""
|
||||
, withPython ? true
|
||||
, withPython ? false
|
||||
/* the function you would have passed to python.withPackages */
|
||||
, extraPythonPackages ? (_: [])
|
||||
/* the function you would have passed to python.withPackages */
|
||||
|
@ -138,14 +131,14 @@ let
|
|||
else funOrList);
|
||||
|
||||
res = makeNeovimConfig {
|
||||
withPython2 = withPython;
|
||||
extraPythonPackages = compatFun extraPythonPackages;
|
||||
inherit withPython3;
|
||||
extraPython3Packages = compatFun extraPython3Packages;
|
||||
inherit withNodeJs withRuby viAlias vimAlias;
|
||||
inherit configure;
|
||||
};
|
||||
in
|
||||
assert withPython -> throw "Python2 support has been removed from neovim, please remove withPython and extraPythonPackages.";
|
||||
|
||||
wrapNeovimUnstable neovim (res // {
|
||||
wrapperArgs = lib.escapeShellArgs (
|
||||
res.wrapperArgs ++ lib.optionals (configure != {}) [
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
, bundlerEnv, ruby
|
||||
, nodejs
|
||||
, nodePackages
|
||||
, pythonPackages
|
||||
, python3Packages
|
||||
}:
|
||||
with lib;
|
||||
|
@ -15,7 +14,7 @@ let
|
|||
# should contain all args but the binary
|
||||
wrapperArgs ? ""
|
||||
, manifestRc ? null
|
||||
, withPython2 ? true, python2Env ? null
|
||||
, withPython2 ? false
|
||||
, withPython3 ? true, python3Env ? null
|
||||
, withNodeJs ? false
|
||||
, rubyEnv ? null
|
||||
|
@ -35,6 +34,8 @@ let
|
|||
[ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim" ] ++
|
||||
[ "--set" "NVIM_SYSTEM_RPLUGIN_MANIFEST" "${placeholder "out"}/rplugin.vim" ];
|
||||
in
|
||||
assert withPython2 -> throw "Python2 support has been removed from the neovim wrapper, please remove withPython2 and python2Env.";
|
||||
|
||||
symlinkJoin {
|
||||
name = "neovim-${lib.getVersion neovim}";
|
||||
# Remove the symlinks created by symlinkJoin which we need to perform
|
||||
|
@ -44,9 +45,6 @@ let
|
|||
substitute ${neovim}/share/applications/nvim.desktop $out/share/applications/nvim.desktop \
|
||||
--replace 'Name=Neovim' 'Name=WrappedNeovim'
|
||||
''
|
||||
+ optionalString withPython2 ''
|
||||
makeWrapper ${python2Env}/bin/python $out/bin/nvim-python --unset PYTHONPATH
|
||||
''
|
||||
+ optionalString withPython3 ''
|
||||
makeWrapper ${python3Env}/bin/python3 $out/bin/nvim-python3 --unset PYTHONPATH
|
||||
''
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{ stdenv, lib, makeDesktopItem
|
||||
, unzip, libsecret, libXScrnSaver, libxshmfence, wrapGAppsHook
|
||||
, gtk2, atomEnv, at-spi2-atk, autoPatchelfHook
|
||||
, systemd, fontconfig, libdbusmenu
|
||||
, systemd, fontconfig, libdbusmenu, buildFHSUserEnvBubblewrap
|
||||
, writeShellScriptBin
|
||||
|
||||
# Populate passthru.tests
|
||||
, tests
|
||||
|
@ -13,13 +14,14 @@
|
|||
|
||||
let
|
||||
inherit (stdenv.hostPlatform) system;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
unwrapped = stdenv.mkDerivation {
|
||||
|
||||
inherit pname version src sourceRoot;
|
||||
|
||||
passthru = {
|
||||
inherit executableName tests;
|
||||
fhs = fhs {};
|
||||
fhsWithPackages = f: fhs { additionalPkgs = f; };
|
||||
};
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
|
@ -97,4 +99,64 @@ in
|
|||
'';
|
||||
|
||||
inherit meta;
|
||||
}
|
||||
};
|
||||
|
||||
# Vscode and variants allow for users to download and use extensions
|
||||
# which often include the usage of pre-built binaries.
|
||||
# This has been an on-going painpoint for many users, as
|
||||
# a full extension update cycle has to be done through nixpkgs
|
||||
# in order to create or update extensions.
|
||||
# See: #83288 #91179 #73810 #41189
|
||||
#
|
||||
# buildFHSUserEnv allows for users to use the existing vscode
|
||||
# extension tooling without significant pain.
|
||||
fhs = { additionalPkgs ? pkgs: [] }: buildFHSUserEnvBubblewrap {
|
||||
# also determines the name of the wrapped command
|
||||
name = executableName;
|
||||
|
||||
# additional libraries which are commonly needed for extensions
|
||||
targetPkgs = pkgs: (with pkgs; [
|
||||
# ld-linux-x86-64-linux.so.2 and others
|
||||
glibc
|
||||
|
||||
# dotnet
|
||||
curl
|
||||
icu
|
||||
libunwind
|
||||
libuuid
|
||||
openssl
|
||||
zlib
|
||||
|
||||
# mono
|
||||
krb5
|
||||
]) ++ additionalPkgs pkgs;
|
||||
|
||||
# restore desktop item icons
|
||||
extraInstallCommands = ''
|
||||
mkdir -p $out/share/applications
|
||||
for item in ${unwrapped}/share/applications/*.desktop; do
|
||||
ln -s $item $out/share/applications/
|
||||
done
|
||||
'';
|
||||
|
||||
runScript = "${unwrapped}/bin/${executableName}";
|
||||
|
||||
# vscode likes to kill the parent so that the
|
||||
# gui application isn't attached to the terminal session
|
||||
dieWithParent = false;
|
||||
|
||||
passthru = {
|
||||
inherit executableName;
|
||||
inherit (unwrapped) pname version; # for home-manager module
|
||||
};
|
||||
|
||||
meta = meta // {
|
||||
description = ''
|
||||
Wrapped variant of ${pname} which launches in a FHS compatible envrionment.
|
||||
Should allow for easy usage of extensions without nix-specific modifications.
|
||||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
unwrapped
|
||||
|
||||
|
|
|
@ -2,18 +2,18 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "kubelogin";
|
||||
version = "1.23.0";
|
||||
version = "1.23.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "int128";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0n94nx17c6ln2nd6d9yr93vc251y1xphq1wj2vzs4j2l8dqfyjpn";
|
||||
sha256 = "sha256-YK/QGx6QzSeyeZ61KgdYO3POJQFK1F6yJayd2gcRWS4=";
|
||||
};
|
||||
|
||||
subPackages = ["."];
|
||||
|
||||
vendorSha256 = "1dvrk6z6k66wawgb50n8hbgdd8fly399mlbgnvxi671vfi7lkz09";
|
||||
vendorSha256 = "sha256-tnjgs8Ziqdo1ciVOWtL0D8puv2SZGqSHgo2SV7N8F0M=";
|
||||
|
||||
# Rename the binary instead of symlinking to avoid conflict with the
|
||||
# Azure version of kubelogin
|
||||
|
|
|
@ -14,6 +14,7 @@ args @ {
|
|||
, unshareNet ? false
|
||||
, unshareUts ? true
|
||||
, unshareCgroup ? true
|
||||
, dieWithParent ? true
|
||||
, ...
|
||||
}:
|
||||
|
||||
|
@ -22,7 +23,7 @@ let
|
|||
buildFHSEnv = callPackage ./env.nix { };
|
||||
|
||||
env = buildFHSEnv (removeAttrs args [
|
||||
"runScript" "extraInstallCommands" "meta" "passthru"
|
||||
"runScript" "extraInstallCommands" "meta" "passthru" "dieWithParent"
|
||||
"unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"
|
||||
]);
|
||||
|
||||
|
@ -30,6 +31,13 @@ let
|
|||
files = [
|
||||
# NixOS Compatibility
|
||||
"static"
|
||||
"nix" # mainly for nixUnstable users, but also for access to nix/netrc
|
||||
# Shells
|
||||
"bashrc"
|
||||
"zshenv"
|
||||
"zshrc"
|
||||
"zinputrc"
|
||||
"zprofile"
|
||||
# Users, Groups, NSS
|
||||
"passwd"
|
||||
"group"
|
||||
|
@ -136,7 +144,7 @@ let
|
|||
${lib.optionalString unshareNet "--unshare-net"}
|
||||
${lib.optionalString unshareUts "--unshare-uts"}
|
||||
${lib.optionalString unshareCgroup "--unshare-cgroup"}
|
||||
--die-with-parent
|
||||
${lib.optionalString dieWithParent "--die-with-parent"}
|
||||
--ro-bind /nix /nix
|
||||
# Our glibc will look for the cache in its own path in `/nix/store`.
|
||||
# As such, we need a cache to exist there, because pressure-vessel
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ fetchFromGitHub, gtk3, hicolor-icon-theme, jdupes, lib, stdenv }:
|
||||
{ fetchFromGitHub, gtk3, hicolor-icon-theme, jdupes, lib, stdenvNoCC }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "tela-icon-theme";
|
||||
version = "2021-01-21";
|
||||
|
||||
|
@ -17,6 +17,10 @@ stdenv.mkDerivation rec {
|
|||
|
||||
dontDropIconThemeCache = true;
|
||||
|
||||
# These fixup steps are slow and unnecessary.
|
||||
dontPatchELF = true;
|
||||
dontRewriteSymlinks = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
|
@ -31,7 +35,7 @@ stdenv.mkDerivation rec {
|
|||
meta = with lib; {
|
||||
description = "A flat colorful Design icon theme";
|
||||
homepage = "https://github.com/vinceliuice/tela-icon-theme";
|
||||
license = licenses.gpl3Plus;
|
||||
license = licenses.gpl3Only;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ figsoda ];
|
||||
};
|
||||
|
|
|
@ -11,6 +11,11 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "04i2z7hrig78clc59q3i1z2hh24g7z1bfvxznlzxv00d4s57nhpi";
|
||||
};
|
||||
|
||||
postPatch = lib.optionalString stdenv.cc.isClang ''
|
||||
substituteInPlace test/setup.py \
|
||||
--replace "'-Werror', " ""
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"prefix=${placeholder "out"}"
|
||||
];
|
||||
|
@ -26,6 +31,6 @@ stdenv.mkDerivation rec {
|
|||
homepage = "https://github.com/encukou/py3c";
|
||||
description = "Python 2/3 compatibility layer for C extensions";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ ajs124 ];
|
||||
maintainers = with maintainers; [ ajs124 dotlambda ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -14,14 +14,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "csvw";
|
||||
version = "1.10.1";
|
||||
version = "1.10.2";
|
||||
disabled = isPy27;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cldf";
|
||||
repo = "csvw";
|
||||
rev = "v${version}";
|
||||
sha256 = "1764nfa4frjdd7v6wj35y7prnciaqz57wwygy5zfavl4laxn4nxd";
|
||||
sha256 = "0z0qxlsfxwz1qapxb4d0mz3wkj99d7zi9yrg1cbd2xp7giagb6d4";
|
||||
};
|
||||
|
||||
patchPhase = ''
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pngquant";
|
||||
version = "2.12.5";
|
||||
version = "2.14.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "pornel";
|
||||
owner = "kornelski";
|
||||
repo = "pngquant";
|
||||
rev = version;
|
||||
sha256 = "0sq398iv5cacblz6pb4j2hn16cnszsbkahikdpfq84rb9bj0ya40";
|
||||
sha256 = "054hi33qp3jc7hv0141wi8drwdg24v5zfp8znwjmz4mcdls8vxbb";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -17,11 +17,14 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ libpng zlib lcms2 ];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://pngquant.org/";
|
||||
description = "A tool to convert 24/32-bit RGBA PNGs to 8-bit palette with alpha channel preserved";
|
||||
changelog = "https://github.com/kornelski/pngquant/raw/${version}/CHANGELOG";
|
||||
platforms = platforms.unix;
|
||||
license = licenses.gpl3;
|
||||
license = with licenses; [ gpl3Plus hpnd bsd2 ];
|
||||
maintainers = [ maintainers.volth ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -26636,7 +26636,7 @@ in
|
|||
|
||||
gnvim = callPackage ../applications/editors/neovim/gnvim/wrapper.nix { };
|
||||
|
||||
neovim-remote = callPackage ../applications/editors/neovim/neovim-remote.nix { pythonPackages = python3Packages; };
|
||||
neovim-remote = callPackage ../applications/editors/neovim/neovim-remote.nix { };
|
||||
|
||||
vis = callPackage ../applications/editors/vis {
|
||||
inherit (lua52Packages) lpeg;
|
||||
|
@ -26754,6 +26754,8 @@ in
|
|||
};
|
||||
|
||||
vscode = callPackage ../applications/editors/vscode/vscode.nix { };
|
||||
vscode-fhs = vscode.fhs;
|
||||
vscode-fhsWithPackages = vscode.fhsWithPackages;
|
||||
|
||||
vscode-with-extensions = callPackage ../applications/editors/vscode/with-extensions.nix {};
|
||||
|
||||
|
@ -26762,6 +26764,8 @@ in
|
|||
vscode-extensions = recurseIntoAttrs (callPackage ../misc/vscode-extensions {});
|
||||
|
||||
vscodium = callPackage ../applications/editors/vscode/vscodium.nix { };
|
||||
vscodium-fhs = vscodium.fhs;
|
||||
vscodium-fhsWithPackages = vscodium.fhsWithPackages;
|
||||
|
||||
code-server = callPackage ../servers/code-server {
|
||||
inherit (darwin.apple_sdk.frameworks) AppKit Cocoa Security;
|
||||
|
|
Loading…
Reference in a new issue