From 71b4acaa4af37ec14244e56d2a54e18e1f03eefb Mon Sep 17 00:00:00 2001 From: Austin Butler Date: Wed, 19 Jan 2022 22:35:05 -0800 Subject: [PATCH 01/37] python3Packages.entrypoint2: 0.2.4 -> 1.0 --- .../python-modules/entrypoint2/default.nix | 22 ++++--------------- 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/pkgs/development/python-modules/entrypoint2/default.nix b/pkgs/development/python-modules/entrypoint2/default.nix index d1325f6f0e10..73ede85fb886 100644 --- a/pkgs/development/python-modules/entrypoint2/default.nix +++ b/pkgs/development/python-modules/entrypoint2/default.nix @@ -1,31 +1,17 @@ -{ lib, buildPythonPackage, fetchPypi, EasyProcess, pathpy, pytest }: +{ lib, buildPythonPackage, fetchPypi, EasyProcess, pathpy, pytestCheckHook }: buildPythonPackage rec { pname = "entrypoint2"; - version = "0.2.4"; + version = "1.0"; src = fetchPypi { inherit pname version; - sha256 = "4770c3afcf3865c606a6e5f7cfcc5c59212f555fcee9b2540270399149c1dde3"; + sha256 = "sha256-Z+kG9q2VjYP0i07ewo192CZw6SYZiPa0prY6vJ+zvlY="; }; - propagatedBuildInputs = [ ]; - pythonImportsCheck = [ "entrypoint2" ]; - # argparse is part of the standardlib - prePatch = '' - substituteInPlace setup.py --replace "argparse" "" - ''; - - checkInputs = [ EasyProcess pathpy pytest ]; - - # 0.2.1 has incompatible pycache files included - # https://github.com/ponty/entrypoint2/issues/8 - checkPhase = '' - rm -rf tests/__pycache__ - pytest tests - ''; + checkInputs = [ EasyProcess pathpy pytestCheckHook ]; meta = with lib; { description = "Easy to use command-line interface for python modules"; From 479ca09609e7210b73df28f869bfbdddc9551519 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 21 Jan 2022 03:38:24 +0100 Subject: [PATCH 02/37] tulip: 5.2.1 -> 5.6.1 --- pkgs/applications/science/misc/tulip/default.nix | 15 ++++++++------- pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/pkgs/applications/science/misc/tulip/default.nix b/pkgs/applications/science/misc/tulip/default.nix index 1dfd47a3d381..87a05f146e9e 100644 --- a/pkgs/applications/science/misc/tulip/default.nix +++ b/pkgs/applications/science/misc/tulip/default.nix @@ -1,19 +1,20 @@ -{ fetchurl, lib, stdenv, libxml2, freetype, libGLU, libGL, glew, qt4 -, cmake, makeWrapper, libjpeg, python2 }: +{ fetchurl, lib, stdenv, libxml2, freetype, libGLU, libGL, glew +, qtbase, wrapQtAppsHook, python3 +, cmake, libjpeg }: -let version = "5.2.1"; in stdenv.mkDerivation rec { pname = "tulip"; - inherit version; + version = "5.6.1"; src = fetchurl { url = "mirror://sourceforge/auber/${pname}-${version}_src.tar.gz"; - sha256 = "0bqmqy6sri87a8xv5xf7ffaq5zin4hiaa13g0l64b84i7yckfwky"; + sha256 = "1fy3nvgxv3igwc1d23zailcgigj1d0f2kkh7a5j24c0dyqz5zxmw"; }; - buildInputs = [ libxml2 freetype glew libGLU libGL qt4 libjpeg python2 ]; + buildInputs = [ libxml2 freetype glew libGLU libGL libjpeg qtbase python3 ]; + nativeBuildInputs = [ cmake wrapQtAppsHook ]; - nativeBuildInputs = [ cmake makeWrapper ]; + qtWrapperArgs = [ ''--prefix PATH : ${lib.makeBinPath [ python3 ]}'' ]; # FIXME: "make check" needs Docbook's DTD 4.4, among other things. doCheck = false; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e9853a6702b..3edef50f4248 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -32517,9 +32517,7 @@ with pkgs; astrolabe-generator = callPackage ../applications/science/astronomy/astrolabe-generator { }; - tulip = callPackage ../applications/science/misc/tulip { - cmake = cmake_2_8; - }; + tulip = libsForQt5.callPackage ../applications/science/misc/tulip { }; vite = callPackage ../applications/science/misc/vite { }; From 5161de0a1ec43a7bd7f5c3af7428f99b4f0905f3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 21 Jan 2022 03:38:53 +0100 Subject: [PATCH 03/37] cmake_2_8: drop --- .../tools/build-managers/cmake/2.8.nix | 88 ------------------ .../cmake/search-path-2.8.patch | 92 ------------------- pkgs/top-level/all-packages.nix | 2 - 3 files changed, 182 deletions(-) delete mode 100644 pkgs/development/tools/build-managers/cmake/2.8.nix delete mode 100644 pkgs/development/tools/build-managers/cmake/search-path-2.8.patch diff --git a/pkgs/development/tools/build-managers/cmake/2.8.nix b/pkgs/development/tools/build-managers/cmake/2.8.nix deleted file mode 100644 index ec03e285603f..000000000000 --- a/pkgs/development/tools/build-managers/cmake/2.8.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ lib, stdenv, fetchurl, fetchpatch, curl, expat, zlib, bzip2 -, useNcurses ? false, ncurses, useQt4 ? false, qt4, ps -}: - -with lib; - -assert stdenv ? cc; -assert stdenv.cc ? libc; - -let - os = lib.optionalString; - majorVersion = "2.8"; - minorVersion = "12.2"; - version = "${majorVersion}.${minorVersion}"; -in - -stdenv.mkDerivation rec { - pname = "cmake${os useNcurses "-cursesUI"}${os useQt4 "-qt4UI"}"; - inherit version; - - inherit majorVersion; - - src = fetchurl { - url = "${meta.homepage}files/v${majorVersion}/cmake-${version}.tar.gz"; - sha256 = "0phf295a9cby0v7zqdswr238v5aiy3rb2fs6dz39zjxbmzlp8rcc"; - }; - - enableParallelBuilding = true; - - patches = - [(fetchpatch { # see https://www.cmake.org/Bug/view.php?id=13959 - name = "FindFreetype-2.5.patch"; - url = "https://public.kitware.com/Bug/file/4660/0001-Support-finding-freetype2-using-pkg-config.patch"; - sha256 = "136z63ff83hnwd247cq4m8m8164pklzyl5i2csf5h6wd8p01pdkj"; - })] ++ - # Don't search in non-Nix locations such as /usr, but do search in our libc. - [ ./search-path-2.8.patch ] ++ - optional (stdenv.hostPlatform != stdenv.buildPlatform) (fetchurl { - name = "fix-darwin-cross-compile.patch"; - url = "https://public.kitware.com/Bug/file_download.php?" - + "file_id=4981&type=bug"; - sha256 = "16acmdr27adma7gs9rs0dxdiqppm15vl3vv3agy7y8s94wyh4ybv"; - }); - - postPatch = '' - substituteInPlace Utilities/cmlibarchive/CMakeLists.txt \ - --replace '"-framework CoreServices"' '""' - ''; - - buildInputs = [ setupHook curl expat zlib bzip2 ] - ++ optional useNcurses ncurses - ++ optional useQt4 qt4; - - propagatedBuildInputs = [ ps ]; - - CMAKE_PREFIX_PATH = concatStringsSep ":" - (concatMap (p: [ (p.dev or p) (p.out or p) ]) buildInputs); - - configureFlags = [ - "--docdir=/share/doc/${pname}-${version}" - "--mandir=/share/man" - "--system-libs" - "--no-system-libarchive" - ] ++ lib.optional useQt4 "--qt-gui"; - - setupHook = ./setup-hook.sh; - - dontUseCmakeConfigure = true; - - preConfigure = with stdenv; '' - fixCmakeFiles . - substituteInPlace Modules/Platform/UnixPaths.cmake \ - --subst-var-by libc_bin ${getBin cc.libc} \ - --subst-var-by libc_dev ${getDev cc.libc} \ - --subst-var-by libc_lib ${getLib cc.libc} - configureFlags="--parallel=''${NIX_BUILD_CORES:-1} $configureFlags" - ''; - - hardeningDisable = [ "format" ]; - - meta = { - homepage = "https://cmake.org"; - description = "Cross-Platform Makefile Generator"; - platforms = if useQt4 then qt4.meta.platforms else lib.platforms.unix; - maintainers = with lib.maintainers; [ xfix ]; - license = lib.licenses.bsd3; - }; -} diff --git a/pkgs/development/tools/build-managers/cmake/search-path-2.8.patch b/pkgs/development/tools/build-managers/cmake/search-path-2.8.patch deleted file mode 100644 index 9fc949661686..000000000000 --- a/pkgs/development/tools/build-managers/cmake/search-path-2.8.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff -ru3 cmake-2.8.12.2/Modules/Platform/Linux.cmake cmake-2.8.12.2-new/Modules/Platform/Linux.cmake ---- cmake-2.8.12.2/Modules/Platform/Linux.cmake 2014-01-16 21:15:08.000000000 +0400 -+++ cmake-2.8.12.2-new/Modules/Platform/Linux.cmake 2016-04-13 22:00:32.928575740 +0300 -@@ -36,22 +36,11 @@ - # checking the platform every time. This option is advanced enough - # that only package maintainers should need to adjust it. They are - # capable of providing a setting on the command line. -- if(EXISTS "/etc/debian_version") -- set(CMAKE_INSTALL_SO_NO_EXE 1 CACHE INTERNAL -- "Install .so files without execute permission.") -- else() -- set(CMAKE_INSTALL_SO_NO_EXE 0 CACHE INTERNAL -- "Install .so files without execute permission.") -- endif() -+ set(CMAKE_INSTALL_SO_NO_EXE 0 CACHE INTERNAL -+ "Install .so files without execute permission.") - endif() - - # Match multiarch library directory names. - set(CMAKE_LIBRARY_ARCHITECTURE_REGEX "[a-z0-9_]+(-[a-z0-9_]+)?-linux-gnu[a-z0-9_]*") - - include(Platform/UnixPaths) -- --# Debian has lib64 paths only for compatibility so they should not be --# searched. --if(EXISTS "/etc/debian_version") -- set_property(GLOBAL PROPERTY FIND_LIBRARY_USE_LIB64_PATHS FALSE) --endif() -diff -ru3 cmake-2.8.12.2/Modules/Platform/UnixPaths.cmake cmake-2.8.12.2-new/Modules/Platform/UnixPaths.cmake ---- cmake-2.8.12.2/Modules/Platform/UnixPaths.cmake 2014-01-16 21:15:08.000000000 +0400 -+++ cmake-2.8.12.2-new/Modules/Platform/UnixPaths.cmake 2016-04-14 00:09:10.106362636 +0300 -@@ -32,9 +32,6 @@ - # List common installation prefixes. These will be used for all - # search types. - list(APPEND CMAKE_SYSTEM_PREFIX_PATH -- # Standard -- /usr/local /usr / -- - # CMake install location - "${_CMAKE_INSTALL_DIR}" - -@@ -44,44 +41,26 @@ - - # List common include file locations not under the common prefixes. - list(APPEND CMAKE_SYSTEM_INCLUDE_PATH -- # Windows API on Cygwin -- /usr/include/w32api -- -- # X11 -- /usr/X11R6/include /usr/include/X11 -- -- # Other -- /usr/pkg/include -- /opt/csw/include /opt/include -- /usr/openwin/include -+ @libc_dev@/include - ) - - list(APPEND CMAKE_SYSTEM_LIBRARY_PATH -- # Windows API on Cygwin -- /usr/lib/w32api -- -- # X11 -- /usr/X11R6/lib /usr/lib/X11 -- -- # Other -- /usr/pkg/lib -- /opt/csw/lib /opt/lib -- /usr/openwin/lib -+ @libc_lib@/lib - ) - - list(APPEND CMAKE_SYSTEM_PROGRAM_PATH -- /usr/pkg/bin -+ @libc_bin@/bin - ) - - list(APPEND CMAKE_PLATFORM_IMPLICIT_LINK_DIRECTORIES -- /lib /usr/lib /usr/lib32 /usr/lib64 -+ @libc_lib@/lib - ) - - list(APPEND CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES -- /usr/include -+ @libc_dev@/include - ) - list(APPEND CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES -- /usr/include -+ @libc_dev@/include - ) - - # Enable use of lib64 search path variants by default. diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3edef50f4248..667d794a6508 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14433,8 +14433,6 @@ with pkgs; ctmg = callPackage ../tools/security/ctmg { }; - cmake_2_8 = callPackage ../development/tools/build-managers/cmake/2.8.nix { }; - cmake = libsForQt5.callPackage ../development/tools/build-managers/cmake { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; }; From 4b08c14b4ba9e3270a3b740fedbff9761eb1e875 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 21 Jan 2022 03:13:38 +0000 Subject: [PATCH 04/37] volatility3: 1.0.1 -> 2.0.0 --- pkgs/tools/security/volatility3/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/volatility3/default.nix b/pkgs/tools/security/volatility3/default.nix index d6a99dd71072..393ac90d3164 100644 --- a/pkgs/tools/security/volatility3/default.nix +++ b/pkgs/tools/security/volatility3/default.nix @@ -5,7 +5,7 @@ python3.pkgs.buildPythonApplication rec { pname = "volatility3"; - version = "1.0.1"; + version = "2.0.0"; disabled = python3.pythonOlder "3.6"; @@ -13,7 +13,7 @@ python3.pkgs.buildPythonApplication rec { owner = "volatilityfoundation"; repo = pname; rev = "v${version}"; - sha256 = "1k56izgkla9mrjrkp1saavajdx9x1wkqpwmbpvxv9rw5k80m5a4a"; + sha256 = "141n09cdc17pfdhs01aw8l4cvsqpcz8ji5l4gi7r88cyf4ix2lnz"; }; propagatedBuildInputs = with python3.pkgs; [ From 28b3e689bfcbce2d5fb033870c67b532075963be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20M=C3=B6ller?= Date: Fri, 21 Jan 2022 12:05:58 +0100 Subject: [PATCH 05/37] nixos/tests/teeworlds: fix blocking execute calls --- nixos/tests/teeworlds.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/tests/teeworlds.nix b/nixos/tests/teeworlds.nix index 17e9eeb869b0..ac2c996955c8 100644 --- a/nixos/tests/teeworlds.nix +++ b/nixos/tests/teeworlds.nix @@ -36,12 +36,12 @@ in { client1.wait_for_x() client2.wait_for_x() - client1.execute("teeworlds 'player_name Alice;connect server'&") + client1.execute("teeworlds 'player_name Alice;connect server' >&2 &") server.wait_until_succeeds( 'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Alice"' ) - client2.execute("teeworlds 'player_name Bob;connect server'&") + client2.execute("teeworlds 'player_name Bob;connect server' >&2 &") server.wait_until_succeeds( 'journalctl -u teeworlds -e | grep --extended-regexp -q "team_join player=\'[0-9]:Bob"' ) From 76c35ec8391401d83bc41a515f1199ce6ab04c1d Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Sun, 23 Jan 2022 21:23:52 -0800 Subject: [PATCH 06/37] mullvad-vpn: use makeWrapper instead of env hack --- pkgs/applications/networking/mullvad-vpn/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/mullvad-vpn/default.nix b/pkgs/applications/networking/mullvad-vpn/default.nix index fd08817f026d..c196f6bdbda9 100644 --- a/pkgs/applications/networking/mullvad-vpn/default.nix +++ b/pkgs/applications/networking/mullvad-vpn/default.nix @@ -2,6 +2,7 @@ , alsa-lib, atk, cairo, cups, dbus, expat, fontconfig, freetype , gdk-pixbuf, glib, gnome2, pango, nspr, nss, gtk3, mesa , xorg, autoPatchelfHook, systemd, libnotify, libappindicator +, makeWrapper }: let deps = [ @@ -53,6 +54,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoPatchelfHook dpkg + makeWrapper ]; buildInputs = deps; @@ -73,12 +75,14 @@ stdenv.mkDerivation rec { mv usr/bin/* $out/bin mv opt/Mullvad\ VPN/* $out/share/mullvad - sed -i 's|"\/opt\/Mullvad.*VPN|env MULLVAD_DISABLE_UPDATE_NOTIFICATION=1 "'$out'/bin|g' $out/share/applications/mullvad-vpn.desktop - ln -s $out/share/mullvad/mullvad-{gui,vpn} $out/bin/ ln -s $out/share/mullvad/resources/mullvad-daemon $out/bin/mullvad-daemon ln -sf $out/share/mullvad/resources/mullvad-problem-report $out/bin/mullvad-problem-report + wrapProgram $out/bin/mullvad-vpn --set MULLVAD_DISABLE_UPDATE_NOTIFICATION 1 + + sed -i "s|Exec.*$|Exec=$out/bin/mullvad-vpn $U|" $out/share/applications/mullvad-vpn.desktop + runHook postInstall ''; From 9761d254912dde6f3eca0abe6bfb0574c9b4e3ab Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 24 Jan 2022 13:33:39 +0000 Subject: [PATCH 07/37] imath: 3.1.3 -> 3.1.4 --- pkgs/development/libraries/imath/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/imath/default.nix b/pkgs/development/libraries/imath/default.nix index 15bd5907af9e..b0a98f7b2638 100644 --- a/pkgs/development/libraries/imath/default.nix +++ b/pkgs/development/libraries/imath/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "imath"; - version = "3.1.3"; + version = "3.1.4"; src = fetchFromGitHub { owner = "AcademySoftwareFoundation"; repo = "imath"; rev = "v${version}"; - sha256 = "sha256-LoyV1Wtugva6MTpREstP2rYMrHW2xR0qfEAIV1Fo1Ns="; + sha256 = "sha256-FZXIIzAxhd0QlJAV0q7spEa1pNFXutI0WFZbT3izN4M="; }; nativeBuildInputs = [ cmake ]; From 1f52c3736ff8f1b3272bd08cf36a2caee37ba606 Mon Sep 17 00:00:00 2001 From: Tyler O'Connell <9032279+tyleroconnell@users.noreply.github.com> Date: Sat, 22 Jan 2022 15:26:52 -0500 Subject: [PATCH 08/37] urlwatch: add jq --- pkgs/tools/networking/urlwatch/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/tools/networking/urlwatch/default.nix b/pkgs/tools/networking/urlwatch/default.nix index 705b2397c6ac..46093f2c5b94 100644 --- a/pkgs/tools/networking/urlwatch/default.nix +++ b/pkgs/tools/networking/urlwatch/default.nix @@ -17,6 +17,7 @@ python3Packages.buildPythonApplication rec { propagatedBuildInputs = with python3Packages; [ appdirs cssselect + jq keyring lxml markdown2 From 7fa8e89f4ca58a87ab4d5d8c19b7cfdf6b326c24 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 24 Jan 2022 19:05:20 +0000 Subject: [PATCH 09/37] metal-cli: 0.7.0 -> 0.7.1 --- pkgs/development/tools/metal-cli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/metal-cli/default.nix b/pkgs/development/tools/metal-cli/default.nix index f88fcd9f4290..0163b616f14b 100644 --- a/pkgs/development/tools/metal-cli/default.nix +++ b/pkgs/development/tools/metal-cli/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "metal-cli"; - version = "0.7.0"; + version = "0.7.1"; src = fetchFromGitHub { owner = "equinix"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Zl0OuyqF+bNsp1AqnS8jhQlY7l4U6OjHHgth7pRPwEc="; + sha256 = "sha256-Ekwucff12FIjaZ8qDvonhTdz7+DRpPLMGz2yqaCy+Bc="; }; vendorSha256 = "sha256-F8d5i9jvjY11Pv6w0ZXI3jr0Wix++B/w9oRTuJGpQfE="; From 3d5e949f613df54f559e1965d26d7f96d865ab5e Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 24 Jan 2022 21:48:43 +0100 Subject: [PATCH 10/37] esphome: 2022.1.1 -> 2022.1.2 --- pkgs/tools/misc/esphome/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/esphome/default.nix b/pkgs/tools/misc/esphome/default.nix index d79030f0f429..537b964f6f0b 100644 --- a/pkgs/tools/misc/esphome/default.nix +++ b/pkgs/tools/misc/esphome/default.nix @@ -17,14 +17,14 @@ let in with python.pkgs; buildPythonApplication rec { pname = "esphome"; - version = "2022.1.1"; + version = "2022.1.2"; format = "setuptools"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "sha256-cqL+54Hjqql1YpsXEFLTD5UhxoEizFSr//4TZm7QEVU="; + sha256 = "sha256-hq+gYhDkEzIqgP4CcHRuA5A9694L3LeW9bditejfjm8="; }; patches = [ From 39341ed38be4695623893222b4b82873b348bb61 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 25 Jan 2022 13:46:22 +0100 Subject: [PATCH 11/37] xen: mark unsupported versions as vulnerable Our support for Xen lacks maintenance and since Xen has monthly security advisories it is reasonable to assume our version is affected by a multitude of security problems that are fixed upstream. How many advisories? Browsing oss-security shows the following number of advisories in each of the following years: 2022: 3 2021: 53 2020: 54 2019: 46 <-- we are *here* https://xenbits.xen.org/docs/unstable/support-matrix.html --- pkgs/applications/virtualization/xen/generic.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 8299304045d0..0a2febd0589f 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -254,5 +254,9 @@ stdenv.mkDerivation (rec { platforms = [ "x86_64-linux" ]; maintainers = with lib.maintainers; [ eelco tstrobel oxij ]; license = lib.licenses.gpl2; + # https://xenbits.xen.org/docs/unstable/support-matrix.html + knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [ + "This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html" + ]; } // (config.meta or {}); } // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) From d5071b8ffa8598d7ea701f29dcf56f01f36254a3 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 25 Jan 2022 16:06:57 +0100 Subject: [PATCH 12/37] python3Packages.aiogithubapi: 22.1.0 -> 22.1.2 --- pkgs/development/python-modules/aiogithubapi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/aiogithubapi/default.nix b/pkgs/development/python-modules/aiogithubapi/default.nix index 92e87e1ab1a3..664d523f94f0 100644 --- a/pkgs/development/python-modules/aiogithubapi/default.nix +++ b/pkgs/development/python-modules/aiogithubapi/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "aiogithubapi"; - version = "22.1.0"; + version = "22.1.2"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "ludeeus"; repo = pname; rev = version; - sha256 = "sha256-rzZtf3xrbNg9VaOAOM6ux1A9S1WqUKBMKxWfHDo7/VM="; + sha256 = "sha256-n6OkyMh3HxsFY2zXqbpdvbv5NdFC+J30tW/tLEEaSeU="; }; propagatedBuildInputs = [ From 3f39eb8bf5e25b2c84f66b41ee8c01b063a109e1 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 25 Jan 2022 19:02:13 +0100 Subject: [PATCH 13/37] python3Packages.regenmaschine: 2021.10.0 -> 2022.01.0 --- .../python-modules/regenmaschine/default.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/regenmaschine/default.nix b/pkgs/development/python-modules/regenmaschine/default.nix index 18e9e9e6c1a5..50d29c1923d2 100644 --- a/pkgs/development/python-modules/regenmaschine/default.nix +++ b/pkgs/development/python-modules/regenmaschine/default.nix @@ -14,15 +14,16 @@ buildPythonPackage rec { pname = "regenmaschine"; - version = "2021.10.0"; + version = "2022.01.0"; format = "pyproject"; - disabled = pythonOlder "3.6"; + + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "bachya"; repo = pname; rev = version; - sha256 = "sha256-vMXDnnIQiRuyLvem1JKop6FJ0fhwR8xP0276PdZi/QI="; + sha256 = "sha256-TPiz3d1GbcIWCKRz3Hq4JU9+df/Fw4dUXQkIM6QO1Fs="; }; nativeBuildInputs = [ @@ -42,7 +43,14 @@ buildPythonPackage rec { pytestCheckHook ]; - pythonImportsCheck = [ "regenmaschine" ]; + disabledTestPaths = [ + # Examples are prefix with test_ + "examples/" + ]; + + pythonImportsCheck = [ + "regenmaschine" + ]; __darwinAllowLocalNetworking = true; From aea084ad9833de4c163b1da4648e114b5af76398 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 25 Jan 2022 19:08:17 +0100 Subject: [PATCH 14/37] python3Packages.pydeconz: 85 -> 86 --- pkgs/development/python-modules/pydeconz/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/pydeconz/default.nix b/pkgs/development/python-modules/pydeconz/default.nix index 44c33a2d2e2e..fe418be71adb 100644 --- a/pkgs/development/python-modules/pydeconz/default.nix +++ b/pkgs/development/python-modules/pydeconz/default.nix @@ -10,14 +10,16 @@ buildPythonPackage rec { pname = "pydeconz"; - version = "85"; + version = "86"; + format = "setuptools"; + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "Kane610"; repo = "deconz"; rev = "v${version}"; - sha256 = "sha256-6GTMG3BfHcfLMoyabFbhsJFVDHmEICuzf32603+jyZ4="; + sha256 = "sha256-NqNXbF5rGMCbugzZY+AQPPHYmQx/RrSwqtnoF1shSSU="; }; propagatedBuildInputs = [ @@ -30,7 +32,9 @@ buildPythonPackage rec { pytestCheckHook ]; - pythonImportsCheck = [ "pydeconz" ]; + pythonImportsCheck = [ + "pydeconz" + ]; meta = with lib; { description = "Python library wrapping the Deconz REST API"; From e8b0af1b58c141f81a582f28d6daaf1e5ad9a080 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 25 Jan 2022 18:54:36 +0000 Subject: [PATCH 15/37] unrar: 6.1.3 -> 6.1.4 --- pkgs/tools/archivers/unrar/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/archivers/unrar/default.nix b/pkgs/tools/archivers/unrar/default.nix index b0c8a5b9ef6d..8c886b0e2dc7 100644 --- a/pkgs/tools/archivers/unrar/default.nix +++ b/pkgs/tools/archivers/unrar/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "unrar"; - version = "6.1.3"; + version = "6.1.4"; src = fetchurl { url = "https://www.rarlab.com/rar/unrarsrc-${version}.tar.gz"; - sha256 = "sha256-0FAiRCAJICp5LliL7FiSHBI/8Eb8dV9/InKHGlvXljY="; + sha256 = "sha256-wO1YYpJDlhw/HskMCLEf+TJh5Wjb/c4r87dZ7npKO3w="; }; postPatch = '' From 1d589accbe0a35d4f7d021a5c5fc32cdbde8e021 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 25 Jan 2022 23:19:22 +0100 Subject: [PATCH 16/37] python3Packages.rokuecp: 0.8.4 -> 0.11.0 --- pkgs/development/python-modules/rokuecp/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/rokuecp/default.nix b/pkgs/development/python-modules/rokuecp/default.nix index e1ee42b08157..30bf2a43b78e 100644 --- a/pkgs/development/python-modules/rokuecp/default.nix +++ b/pkgs/development/python-modules/rokuecp/default.nix @@ -2,6 +2,7 @@ , aiohttp , aresponses , buildPythonPackage +, cachetools , fetchFromGitHub , pytest-asyncio , pytestCheckHook @@ -12,20 +13,21 @@ buildPythonPackage rec { pname = "rokuecp"; - version = "0.8.4"; + version = "0.11.0"; format = "setuptools"; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "ctalkington"; repo = "python-rokuecp"; rev = version; - sha256 = "sha256-vwXBYwiDQZBxEZDwLX9if6dt7tKQQOLyKL5m0q/3eUw="; + sha256 = "sha256-Y4Ge7IOR7//MJ0w7kdOgchLWFGR1qJbY0PSpJrjucaQ="; }; propagatedBuildInputs = [ aiohttp + cachetools xmltodict yarl ]; From 210b3ba8984b6ac3627ff666ba6e5995786354db Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 25 Jan 2022 23:40:24 +0100 Subject: [PATCH 17/37] python3Packages.pubnub: 5.5.0 -> 6.0.0 --- .../python-modules/pubnub/default.nix | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/pkgs/development/python-modules/pubnub/default.nix b/pkgs/development/python-modules/pubnub/default.nix index 40a4bf497f46..6464b376d60e 100644 --- a/pkgs/development/python-modules/pubnub/default.nix +++ b/pkgs/development/python-modules/pubnub/default.nix @@ -8,18 +8,21 @@ , pytest-vcr , pytest-asyncio , requests -, six +, pythonOlder }: buildPythonPackage rec { pname = "pubnub"; - version = "5.5.0"; + version = "6.0.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = pname; repo = "python"; rev = "v${version}"; - sha256 = "133sis24jd40yq4sgp8lmg2kac5wiiccisjpkhm50rb9wdbpn6kh"; + hash = "sha256-ktwPut4FBkPMukUk00I1xNOuTvSJkbskPOjoYDJN5Eg="; }; propagatedBuildInputs = [ @@ -27,22 +30,24 @@ buildPythonPackage rec { cbor2 pycryptodomex requests - six ]; checkInputs = [ pytest-asyncio - pytestCheckHook pytest-vcr + pytestCheckHook ]; - # Some tests don't pass with recent releases of twisted disabledTestPaths = [ + # Tests require network access "tests/integrational" - "tests/manual/asyncio" + "tests/manual" + "tests/functional/push" ]; - pythonImportsCheck = [ "pubnub" ]; + pythonImportsCheck = [ + "pubnub" + ]; meta = with lib; { description = "Python-based APIs for PubNub"; From 9d74005cc1040a478ab8971d4ae63146cef3064d Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 26 Jan 2022 00:09:49 +0100 Subject: [PATCH 18/37] zeek: 4.1.1 -> 4.2.0 --- .../networking/ids/zeek/default.nix | 29 +++++++++++++++---- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix index 20623ac31827..e91b517e8158 100644 --- a/pkgs/applications/networking/ids/zeek/default.nix +++ b/pkgs/applications/networking/ids/zeek/default.nix @@ -21,16 +21,33 @@ stdenv.mkDerivation rec { pname = "zeek"; - version = "4.1.1"; + version = "4.2.0"; src = fetchurl { url = "https://download.zeek.org/zeek-${version}.tar.gz"; - sha256 = "0wq3kjc3zc5ikzwix7k7gr92v75rg6283kx5fzvc3lcdkaczq2lc"; + sha256 = "sha256-jZoCjKn+x61KnkinY+KWBSOEz0AupM03FXe/8YPCdFE="; }; - nativeBuildInputs = [ cmake flex bison file ]; - buildInputs = [ openssl libpcap zlib curl libmaxminddb gperftools python3 swig ncurses ] - ++ lib.optionals stdenv.isDarwin [ gettext ]; + nativeBuildInputs = [ + bison + cmake + file + flex + ]; + + buildInputs = [ + curl + gperftools + libmaxminddb + libpcap + ncurses + openssl + python3 + swig + zlib + ] ++ lib.optionals stdenv.isDarwin [ + gettext + ]; outputs = [ "out" "lib" "py" ]; @@ -54,7 +71,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "Powerful network analysis framework much different from a typical IDS"; + description = "Network analysis framework much different from a typical IDS"; homepage = "https://www.zeek.org"; changelog = "https://github.com/zeek/zeek/blob/v${version}/CHANGES"; license = licenses.bsd3; From b5f5cc6d4417391394c7b513bf45a171a1b99c9b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Dec 2021 17:52:58 +0000 Subject: [PATCH 19/37] ipsecTools: drop --- .../linux/ipsec-tools/CVE-2015-4047.patch | 16 -- .../linux/ipsec-tools/CVE-2016-10396.patch | 193 ------------------ .../os-specific/linux/ipsec-tools/default.nix | 49 ----- ...-create-localstatedir-during-install.patch | 13 -- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 5 - 6 files changed, 1 insertion(+), 276 deletions(-) delete mode 100644 pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch delete mode 100644 pkgs/os-specific/linux/ipsec-tools/CVE-2016-10396.patch delete mode 100644 pkgs/os-specific/linux/ipsec-tools/default.nix delete mode 100644 pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch diff --git a/pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch b/pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch deleted file mode 100644 index 00c23c6cac14..000000000000 --- a/pkgs/os-specific/linux/ipsec-tools/CVE-2015-4047.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: pkg-ipsec-tools/src/racoon/gssapi.c -=================================================================== ---- pkg-ipsec-tools.orig/src/racoon/gssapi.c -+++ pkg-ipsec-tools/src/racoon/gssapi.c -@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) - gss_name_t princ, canon_princ; - OM_uint32 maj_stat, min_stat; - -+ if (iph1->rmconf == NULL) { -+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); -+ return -1; -+ } -+ - gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); - if (gps == NULL) { - plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); diff --git a/pkgs/os-specific/linux/ipsec-tools/CVE-2016-10396.patch b/pkgs/os-specific/linux/ipsec-tools/CVE-2016-10396.patch deleted file mode 100644 index b644d46f8c9d..000000000000 --- a/pkgs/os-specific/linux/ipsec-tools/CVE-2016-10396.patch +++ /dev/null @@ -1,193 +0,0 @@ -From: Antoine_Beaupre -Acked-by: Jiri Bohac -Subject: PR/51682: Avoid DoS with fragment out of order insertion; keep fragments sorted in the list. -References: bsc#1047443, CVE-2016-10396 - - - -Index: a/src/racoon/handler.h -=================================================================== ---- a/src/racoon/handler.h.orig 2018-01-26 18:05:21.114764376 +0100 -+++ a/src/racoon/handler.h 2018-01-26 18:05:33.986741103 +0100 -@@ -141,6 +141,7 @@ struct ph1handle { - #endif - #ifdef ENABLE_FRAG - int frag; /* IKE phase 1 fragmentation */ -+ int frag_last_index; - struct isakmp_frag_item *frag_chain; /* Received fragments */ - #endif - -Index: a/src/racoon/isakmp.c -=================================================================== ---- a/src/racoon/isakmp.c.orig 2018-01-26 18:05:21.118764369 +0100 -+++ a/src/racoon/isakmp.c 2018-01-26 18:05:33.986741103 +0100 -@@ -1069,6 +1069,7 @@ isakmp_ph1begin_i(rmconf, remote, local) - iph1->frag = 1; - else - iph1->frag = 0; -+ iph1->frag_last_index = 0; - iph1->frag_chain = NULL; - #endif - iph1->approval = NULL; -@@ -1173,6 +1174,7 @@ isakmp_ph1begin_r(msg, remote, local, et - #endif - #ifdef ENABLE_FRAG - iph1->frag = 0; -+ iph1->frag_last_index = 0; - iph1->frag_chain = NULL; - #endif - iph1->approval = NULL; -Index: a/src/racoon/isakmp_frag.c -=================================================================== ---- a/src/racoon/isakmp_frag.c.orig 2018-01-26 18:05:21.118764369 +0100 -+++ a/src/racoon/isakmp_frag.c 2018-01-26 18:05:33.986741103 +0100 -@@ -173,6 +173,43 @@ vendorid_frag_cap(gen) - return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]); - } - -+static int -+isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item) -+{ -+ struct isakmp_frag_item *pitem = NULL; -+ struct isakmp_frag_item *citem = iph1->frag_chain; -+ -+ /* no frag yet, just insert at beginning of list */ -+ if (iph1->frag_chain == NULL) { -+ iph1->frag_chain = item; -+ return 0; -+ } -+ -+ do { -+ /* duplicate fragment number, abort (CVE-2016-10396) */ -+ if (citem->frag_num == item->frag_num) -+ return -1; -+ -+ /* need to insert before current item */ -+ if (citem->frag_num > item->frag_num) { -+ if (pitem != NULL) -+ pitem->frag_next = item; -+ else -+ /* insert at the beginning of the list */ -+ iph1->frag_chain = item; -+ item->frag_next = citem; -+ return 0; -+ } -+ -+ pitem = citem; -+ citem = citem->frag_next; -+ } while (citem != NULL); -+ -+ /* we reached the end of the list, insert */ -+ pitem->frag_next = item; -+ return 0; -+} -+ - int - isakmp_frag_extract(iph1, msg) - struct ph1handle *iph1; -@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg) - item->frag_next = NULL; - item->frag_packet = buf; - -- /* Look for the last frag while inserting the new item in the chain */ -- if (item->frag_last) -- last_frag = item->frag_num; -+ /* Check for the last frag before inserting the new item in the chain */ -+ if (item->frag_last) { -+ /* if we have the last fragment, indices must match */ -+ if (iph1->frag_last_index != 0 && -+ item->frag_last != iph1->frag_last_index) { -+ plog(LLV_ERROR, LOCATION, NULL, -+ "Repeated last fragment index mismatch\n"); -+ racoon_free(item); -+ vfree(buf); -+ return -1; -+ } - -- if (iph1->frag_chain == NULL) { -- iph1->frag_chain = item; -- } else { -- struct isakmp_frag_item *current; -+ last_frag = iph1->frag_last_index = item->frag_num; -+ } - -- current = iph1->frag_chain; -- while (current->frag_next) { -- if (current->frag_last) -- last_frag = item->frag_num; -- current = current->frag_next; -- } -- current->frag_next = item; -+ /* insert fragment into chain */ -+ if (isakmp_frag_insert(iph1, item) == -1) { -+ plog(LLV_ERROR, LOCATION, NULL, -+ "Repeated fragment index mismatch\n"); -+ racoon_free(item); -+ vfree(buf); -+ return -1; - } - -- /* If we saw the last frag, check if the chain is complete */ -+ /* If we saw the last frag, check if the chain is complete -+ * we have a sorted list now, so just walk through */ - if (last_frag != 0) { -+ item = iph1->frag_chain; - for (i = 1; i <= last_frag; i++) { -- item = iph1->frag_chain; -- do { -- if (item->frag_num == i) -- break; -- item = item->frag_next; -- } while (item != NULL); -- -+ if (item->frag_num != i) -+ break; -+ item = item->frag_next; - if (item == NULL) /* Not found */ - break; - } - -- if (item != NULL) /* It is complete */ -+ if (i > last_frag) /* It is complete */ - return 1; - } - -@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1) - } - data = buf->v; - -+ item = iph1->frag_chain; - for (i = 1; i <= frag_count; i++) { -- item = iph1->frag_chain; -- do { -- if (item->frag_num == i) -- break; -- item = item->frag_next; -- } while (item != NULL); -- -- if (item == NULL) { -+ if (item->frag_num != i) { - plog(LLV_ERROR, LOCATION, NULL, - "Missing fragment #%d\n", i); - vfree(buf); -@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1) - } - memcpy(data, item->frag_packet->v, item->frag_packet->l); - data += item->frag_packet->l; -+ item = item->frag_next; - } - - out: - - -diff -u -p -r1.50 -r1.51 ---- a/src/racoon/isakmp_inf.c 2013/04/12 09:53:10 1.50 -+++ a/src/racoon/isakmp_inf.c 2017/01/24 19:23:56 1.51 -@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca - #endif - #ifdef ENABLE_FRAG - iph1->frag = 0; -+ iph1->frag_last_index = 0; - iph1->frag_chain = NULL; - #endif - diff --git a/pkgs/os-specific/linux/ipsec-tools/default.nix b/pkgs/os-specific/linux/ipsec-tools/default.nix deleted file mode 100644 index f10364121a46..000000000000 --- a/pkgs/os-specific/linux/ipsec-tools/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ lib, stdenv, fetchurl, fetchpatch, linuxHeaders, readline, openssl, flex, libkrb5, pam }: - -# TODO: These tools are supposed to work under NetBSD and FreeBSD as -# well, so I guess it's not appropriate to place this expression in -# "os-specific/linux/ipsec-tools". Since I cannot verify that the -# expression actually builds on those platforms, I'll leave it here for -# the time being. - -stdenv.mkDerivation rec { - pname = "ipsec-tools"; - version = "0.8.2"; - - src = fetchurl { - url = "mirror://sourceforge/ipsec-tools/ipsec-tools-${version}.tar.bz2"; - sha256 = "0b9gfbz78k2nj0k7jdlm5kajig628ja9qm0z5yksiwz22s3v7dlf"; - }; - - buildInputs = [ readline openssl flex libkrb5 pam ]; - - patches = [ - ./dont-create-localstatedir-during-install.patch - ./CVE-2015-4047.patch - ./CVE-2016-10396.patch - ]; - - # fix build with newer gcc versions - preConfigure = ''substituteInPlace configure --replace "-Werror" "" ''; - - configureFlags = [ - "--sysconfdir=/etc --localstatedir=/var" - "--with-kernel-headers=${linuxHeaders}/include" - "--disable-security-context" - "--enable-adminport" - "--enable-dpd" - "--enable-frag" - "--enable-gssapi" - "--enable-hybrid" - "--enable-natt" - "--enable-shared" - "--enable-stats" - ]; - - meta = with lib; { - homepage = "http://ipsec-tools.sourceforge.net/"; - description = "Port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation"; - license = licenses.bsd3; - platforms = platforms.linux; - }; -} diff --git a/pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch b/pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch deleted file mode 100644 index 16b80c36d6a5..000000000000 --- a/pkgs/os-specific/linux/ipsec-tools/dont-create-localstatedir-during-install.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -ubr ipsec-tools-0.8.0-orig/src/racoon/Makefile.in ipsec-tools-0.8.0/src/racoon/Makefile.in ---- ipsec-tools-0.8.0-orig/src/racoon/Makefile.in 2012-10-20 13:01:07.700903316 +0200 -+++ ipsec-tools-0.8.0/src/racoon/Makefile.in 2012-10-20 13:01:13.177832616 +0200 -@@ -1085,9 +1085,6 @@ - uninstall-sbinPROGRAMS - - --install-exec-local: -- ${mkinstalldirs} $(DESTDIR)${adminsockdir} -- - # special object rules - crypto_openssl_test.o: crypto_openssl.c - $(COMPILE) -DEAYDEBUG -o crypto_openssl_test.o -c $(srcdir)/crypto_openssl.c diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 060f2c068750..e899b3c67b27 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -412,6 +412,7 @@ mapAliases ({ inotifyTools = inotify-tools; inter-ui = inter; # added 2021-03-27 iproute = iproute2; # moved from top-level 2021-03-14 + ipsecTools = throw "ipsecTools has benn removed, because it was no longer maintained upstream"; # added 2021-12-15 i-score = throw "i-score has been removed: abandoned upstream."; # added 2020-11-21 jack2Full = jack2; # moved from top-level 2021-03-14 jamomacore = throw "jamomacore has been removed: abandoned upstream."; # added 2020-11-21 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 759870ec571a..264e1cede9e2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8641,11 +8641,6 @@ with pkgs; pngout = callPackage ../tools/graphics/pngout { }; - ipsecTools = callPackage ../os-specific/linux/ipsec-tools { - flex = flex_2_5_35; - openssl = openssl_1_0_2; - }; - patch = gnupatch; patchage = callPackage ../applications/audio/patchage { }; From 737de29e11d8fcf329e46879d4d0d0c33cdc6ac8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Dec 2021 17:56:08 +0000 Subject: [PATCH 20/37] nixos/racoon: drop --- nixos/modules/module-list.nix | 1 - nixos/modules/rename.nix | 3 ++ nixos/modules/services/networking/racoon.nix | 45 -------------------- 3 files changed, 3 insertions(+), 46 deletions(-) delete mode 100644 nixos/modules/services/networking/racoon.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 4b2cb803e20e..c2b1e8866863 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -852,7 +852,6 @@ ./services/networking/quassel.nix ./services/networking/quorum.nix ./services/networking/quicktun.nix - ./services/networking/racoon.nix ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index b9a2f47f3f5a..81843dc0f90a 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -80,6 +80,9 @@ with lib; libinput and synaptics. '') (mkRemovedOptionModule [ "virtualisation" "rkt" ] "The rkt module has been removed, it was archived by upstream") + (mkRemovedOptionModule [ "services" "racoon" ] '' + The racoon module has been removed, because the software project was abandoned upstream. + '') # Do NOT add any option renames here, see top of the file ]; diff --git a/nixos/modules/services/networking/racoon.nix b/nixos/modules/services/networking/racoon.nix deleted file mode 100644 index 328f4cb1497f..000000000000 --- a/nixos/modules/services/networking/racoon.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.racoon; -in { - options.services.racoon = { - enable = mkEnableOption "racoon"; - - config = mkOption { - description = "Contents of racoon configuration file."; - default = ""; - type = types.str; - }; - - configPath = mkOption { - description = "Location of racoon config if config is not provided."; - default = "/etc/racoon/racoon.conf"; - type = types.path; - }; - }; - - config = mkIf cfg.enable { - systemd.services.racoon = { - description = "Racoon Daemon"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.ipsecTools}/bin/racoon -f ${ - if (cfg.config != "") then pkgs.writeText "racoon.conf" cfg.config - else cfg.configPath - }"; - ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config"; - PIDFile = "/run/racoon.pid"; - Type = "forking"; - Restart = "always"; - }; - preStart = '' - rm /run/racoon.pid || true - mkdir -p /var/racoon - ''; - }; - }; -} From ef8280914f6e2ce5d5760d287abd7baee9baba20 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Dec 2021 18:00:30 +0000 Subject: [PATCH 21/37] nixos/openvswitch: remove ipsec --- nixos/modules/virtualisation/openvswitch.nix | 61 +++----------------- 1 file changed, 8 insertions(+), 53 deletions(-) diff --git a/nixos/modules/virtualisation/openvswitch.nix b/nixos/modules/virtualisation/openvswitch.nix index 325f6f5b43f4..436a375fb5eb 100644 --- a/nixos/modules/virtualisation/openvswitch.nix +++ b/nixos/modules/virtualisation/openvswitch.nix @@ -36,17 +36,6 @@ in { Open vSwitch package to use. ''; }; - - ipsec = mkOption { - type = types.bool; - default = false; - description = '' - Whether to start racoon service for openvswitch. - Supported only if openvswitch version is less than 2.6.0. - Use virtualisation.vswitch.package = pkgs.openvswitch-lts - for a version that supports ipsec over GRE. - ''; - }; }; config = mkIf cfg.enable (let @@ -65,7 +54,7 @@ in { installPhase = "mkdir -p $out"; }; - in (mkMerge [{ + in { environment.systemPackages = [ cfg.package ]; boot.kernelModules = [ "tun" "openvswitch" ]; @@ -142,48 +131,14 @@ in { }; }; - } - (mkIf (cfg.ipsec && (versionOlder cfg.package.version "2.6.0")) { - environment.systemPackages = [ pkgs.ipsecTools ]; + }); - services.racoon.enable = true; - services.racoon.configPath = "${runDir}/ipsec/etc/racoon/racoon.conf"; - - networking.firewall.extraCommands = '' - iptables -I INPUT -t mangle -p esp -j MARK --set-mark 1/1 - iptables -I INPUT -t mangle -p udp --dport 4500 -j MARK --set-mark 1/1 - ''; - - systemd.services.ovs-monitor-ipsec = { - description = "Open_vSwitch Ipsec Daemon"; - wantedBy = [ "multi-user.target" ]; - requires = [ "ovsdb.service" ]; - before = [ "vswitchd.service" "racoon.service" ]; - environment.UNIXCTLPATH = "/tmp/ovsdb.ctl.sock"; - serviceConfig = { - ExecStart = '' - ${cfg.package}/bin/ovs-monitor-ipsec \ - --root-prefix ${runDir}/ipsec \ - --pidfile /run/openvswitch/ovs-monitor-ipsec.pid \ - --monitor --detach \ - unix:/run/openvswitch/db.sock - ''; - PIDFile = "/run/openvswitch/ovs-monitor-ipsec.pid"; - # Use service type 'forking' to correctly determine when ovs-monitor-ipsec is ready. - Type = "forking"; - }; - - preStart = '' - rm -r ${runDir}/ipsec/etc/racoon/certs || true - mkdir -p ${runDir}/ipsec/{etc/racoon,etc/init.d/,usr/sbin/} - ln -fs ${pkgs.ipsecTools}/bin/setkey ${runDir}/ipsec/usr/sbin/setkey - ln -fs ${pkgs.writeScript "racoon-restart" '' - #!${pkgs.runtimeShell} - /run/current-system/sw/bin/systemctl $1 racoon - ''} ${runDir}/ipsec/etc/init.d/racoon - ''; - }; - })])); + imports = [ + (mkRemovedOptionModule [ "virtualisation" "vswitch" "ipsec" ] '' + OpenVSwitch IPSec functionality has been removed, because it depended on racoon, + which was removed from nixpkgs, because it was abanoded upstream. + '') + ]; meta.maintainers = with maintainers; [ netixx ]; From 4aeff465cac510217978268300a34cbe5e3dfa1d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 26 Jan 2022 03:44:00 +0000 Subject: [PATCH 22/37] python310Packages.zha-quirks: 0.0.65 -> 0.0.66 --- pkgs/development/python-modules/zha-quirks/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/zha-quirks/default.nix b/pkgs/development/python-modules/zha-quirks/default.nix index c1d4328106ae..d8398ac40235 100644 --- a/pkgs/development/python-modules/zha-quirks/default.nix +++ b/pkgs/development/python-modules/zha-quirks/default.nix @@ -9,13 +9,13 @@ buildPythonPackage rec { pname = "zha-quirks"; - version = "0.0.65"; + version = "0.0.66"; src = fetchFromGitHub { owner = "zigpy"; repo = "zha-device-handlers"; rev = version; - sha256 = "sha256-3Lcmc95KotFMlL44zDugIQkHtplMMlyWjSb+SLehaqs="; + sha256 = "18g0i6b60ndfmbvdsx5pniq56fyc5k39ylp3sjhrfjcj434wvbvc"; }; propagatedBuildInputs = [ From 421a2216957707ba49dd72d109a9db0e45e349c3 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 26 Jan 2022 08:37:51 +0100 Subject: [PATCH 23/37] python3Packages.hahomematic: 0.27.0 -> 0.27.2 --- pkgs/development/python-modules/hahomematic/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/hahomematic/default.nix b/pkgs/development/python-modules/hahomematic/default.nix index 58f3224e70a2..3f8b2c1f814e 100644 --- a/pkgs/development/python-modules/hahomematic/default.nix +++ b/pkgs/development/python-modules/hahomematic/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "hahomematic"; - version = "0.27.0"; + version = "0.27.2"; format = "setuptools"; disabled = pythonOlder "3.9"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "danielperna84"; repo = pname; rev = version; - sha256 = "sha256-RPUj0We1nsKgAl1DTpa3pCD7gMm590N00+xwOVFIOaw="; + sha256 = "sha256-XBGA3wRZdl8rJ1hLLPPLK7E87Ggoly+kePbLY4x9/ZE="; }; propagatedBuildInputs = [ From 75de3397fd9b4e93752ecc6123deec8521aa0532 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marijan=20Petri=C4=8Devi=C4=87?= Date: Tue, 25 Jan 2022 13:23:37 +0100 Subject: [PATCH 24/37] nixos/tests: fix #146169 --- nixos/lib/testing-python.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/lib/testing-python.nix b/nixos/lib/testing-python.nix index a67040468136..885783b1d0b1 100644 --- a/nixos/lib/testing-python.nix +++ b/nixos/lib/testing-python.nix @@ -51,6 +51,7 @@ rec { , enableOCR ? false , skipLint ? false , passthru ? {} + , interactive ? false }: let # Reifies and correctly wraps the python test driver for @@ -139,7 +140,8 @@ rec { wrapProgram $out/bin/nixos-test-driver \ --set startScripts "''${vmStartScripts[*]}" \ --set testScript "$out/test-script" \ - --set vlans '${toString vlans}' + --set vlans '${toString vlans}' \ + ${if interactive then "--add-flags --interactive" else ""} ''); # Make a full-blown test @@ -217,6 +219,7 @@ rec { testName = name; qemu_pkg = pkgs.qemu; nodes = nodes pkgs.qemu; + interactive = true; }; test = From 44830dc0482b0325b384203b79a7f1bf4ce5e5fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marijan=20Petri=C4=8Devi=C4=87?= Date: Tue, 25 Jan 2022 13:43:56 +0100 Subject: [PATCH 25/37] use lib.optionalString --- nixos/lib/testing-python.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/lib/testing-python.nix b/nixos/lib/testing-python.nix index 885783b1d0b1..3d89e5484d16 100644 --- a/nixos/lib/testing-python.nix +++ b/nixos/lib/testing-python.nix @@ -141,7 +141,7 @@ rec { --set startScripts "''${vmStartScripts[*]}" \ --set testScript "$out/test-script" \ --set vlans '${toString vlans}' \ - ${if interactive then "--add-flags --interactive" else ""} + ${lib.optionalString (interactive) "--add-flags --interactive"} ''); # Make a full-blown test From d590556d5cd2d3b80e9ef6ba73cfa740fed895cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marijan=20Petri=C4=8Devi=C4=87?= Date: Tue, 25 Jan 2022 13:45:49 +0100 Subject: [PATCH 26/37] update docs --- .../development/running-nixos-tests-interactively.section.md | 4 ++-- .../development/running-nixos-tests-interactively.section.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.section.md b/nixos/doc/manual/development/running-nixos-tests-interactively.section.md index 4c399586eb52..a1431859ff59 100644 --- a/nixos/doc/manual/development/running-nixos-tests-interactively.section.md +++ b/nixos/doc/manual/development/running-nixos-tests-interactively.section.md @@ -5,7 +5,7 @@ when developing or debugging a test: ```ShellSession $ nix-build . -A nixosTests.login.driverInteractive -$ ./result/bin/nixos-test-driver --interactive +$ ./result/bin/nixos-test-driver [...] >>> ``` @@ -28,7 +28,7 @@ You can re-use the VM states coming from a previous run by setting the `--keep-vm-state` flag. ```ShellSession -$ ./result/bin/nixos-test-driver --interactive --keep-vm-state +$ ./result/bin/nixos-test-driver --keep-vm-state ``` The machine state is stored in the `$TMPDIR/vm-state-machinename` diff --git a/nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml b/nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml index 8348ab56deb3..0e47350a0d24 100644 --- a/nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml +++ b/nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml @@ -6,7 +6,7 @@ $ nix-build . -A nixosTests.login.driverInteractive -$ ./result/bin/nixos-test-driver --interactive +$ ./result/bin/nixos-test-driver [...] >>> @@ -30,7 +30,7 @@ $ ./result/bin/nixos-test-driver --interactive the --keep-vm-state flag. -$ ./result/bin/nixos-test-driver --interactive --keep-vm-state +$ ./result/bin/nixos-test-driver --keep-vm-state The machine state is stored in the From 411bb3c35f729ea88f84c35150e7b67727d8d075 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marijan=20Petri=C4=8Devi=C4=87?= Date: Wed, 26 Jan 2022 11:27:01 +0100 Subject: [PATCH 27/37] add --no-interactive flag --- nixos/lib/test-driver/test_driver/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/lib/test-driver/test_driver/__init__.py b/nixos/lib/test-driver/test_driver/__init__.py index 498a4f56c55b..61d91c9ed654 100755 --- a/nixos/lib/test-driver/test_driver/__init__.py +++ b/nixos/lib/test-driver/test_driver/__init__.py @@ -61,7 +61,7 @@ def main() -> None: "-I", "--interactive", help="drop into a python repl and run the tests interactively", - action="store_true", + action=argparse.BooleanOptionalAction, ) arg_parser.add_argument( "--start-scripts", From a83ad33b153f0d871e9581ecfad91ce5945f1d25 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 26 Jan 2022 12:01:53 +0000 Subject: [PATCH 28/37] openai: 0.12.0 -> 0.13.0 --- pkgs/development/python-modules/openai/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/openai/default.nix b/pkgs/development/python-modules/openai/default.nix index 223cf80604c4..8c922413cace 100644 --- a/pkgs/development/python-modules/openai/default.nix +++ b/pkgs/development/python-modules/openai/default.nix @@ -17,7 +17,7 @@ buildPythonPackage rec { pname = "openai"; - version = "0.12.0"; + version = "0.13.0"; disabled = pythonOlder "3.7.1"; @@ -26,7 +26,7 @@ buildPythonPackage rec { owner = "openai"; repo = "openai-python"; rev = "v${version}"; - sha256 = "12qkbaw1gyqhs6qwyj65g6l8v5xxnilwgk0gxlwnlzrr82q458ia"; + sha256 = "sha256-y1ewaVwCcJGACwupGoh7zcKxE9qVXRjMf7k3q/hFhDE="; }; propagatedBuildInputs = [ From 55c4eced2cdb10a6b3669eb18c93f6c6efb4a745 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 26 Jan 2022 15:05:34 +0000 Subject: [PATCH 29/37] python39Packages.dask-ml: 2021.11.30 -> 2022.1.22 --- pkgs/development/python-modules/dask-ml/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/dask-ml/default.nix b/pkgs/development/python-modules/dask-ml/default.nix index 60df07076827..31be98f45912 100644 --- a/pkgs/development/python-modules/dask-ml/default.nix +++ b/pkgs/development/python-modules/dask-ml/default.nix @@ -17,13 +17,13 @@ }: buildPythonPackage rec { - version = "2021.11.30"; + version = "2022.1.22"; pname = "dask-ml"; disabled = pythonOlder "3.6"; # >= 3.6 src = fetchPypi { inherit pname version; - sha256 = "4f73306b5ee56e9b41b133697062d0028d30b1ece883ac6b56532fea5bd3e94a"; + sha256 = "21a128e9f4f10e3b39cf82b36266eae28b17d16f2f6aa351bd73eb361e49326a"; }; nativeBuildInputs = [ From a86365b05576776e279d823ffcc72f3511b2d9b8 Mon Sep 17 00:00:00 2001 From: Gregor Pogacnik <1640719+fiksn@users.noreply.github.com> Date: Wed, 26 Jan 2022 16:20:37 +0000 Subject: [PATCH 30/37] linux: upgrade hardened kernel (CVE-2022-0185) 5.4.172 -> 5.4.173, 5.10.92 -> 5.10.93, 5.15.15 -> 5.15.16 --- .../linux/kernel/hardened/patches.json | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 9d90c0cf02b3..43bc291ede2f 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -22,31 +22,31 @@ "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.92-hardened1.patch", - "sha256": "08vhk7vzwd9r76mphyphc5n718kdpg3l2i0smrr92w5mx19pvs8g", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.92-hardened1/linux-hardened-5.10.92-hardened1.patch" + "name": "linux-hardened-5.10.93-hardened1.patch", + "sha256": "0ka3vnd1pwdjkz10hpn4jpxbg6s00kf5jj47847vhbi7fmbgvbg5", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.93-hardened1/linux-hardened-5.10.93-hardened1.patch" }, - "sha256": "0lmvdskxk1r18p6rn2dhw23wj8g3a8blar6xn5x1sgqxln006xfm", - "version": "5.10.92" + "sha256": "1jxv7can60rc5i2yjgj8frcjvwi1jnba1jl8i3070xmb1d1qqy56", + "version": "5.10.93" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.15-hardened1.patch", - "sha256": "0js9fz2xx8gshxb5dc6ycmgycmcfqpxdkbpbmx92d397qdnj0460", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.15-hardened1/linux-hardened-5.15.15-hardened1.patch" + "name": "linux-hardened-5.15.16-hardened1.patch", + "sha256": "0a8cdxw2s0jr39j072pn7xr5j8zfdmrbsfl5rbvcjqrfnj4ijc15", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.16-hardened1/linux-hardened-5.15.16-hardened1.patch" }, - "sha256": "0nisr3i9sxpp0s25wg6sb45287l0v9vmsgnz6d4igbvih37mfg0x", - "version": "5.15.15" + "sha256": "150pzxra564z9xaaclmbbd29x4x9il8y78zz7szi50lzx0a0l2ms", + "version": "5.15.16" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.172-hardened1.patch", - "sha256": "124l2b3km1278dc4lgm35f50jfxnbdia1127j27w3b3dhs37baw9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.172-hardened1/linux-hardened-5.4.172-hardened1.patch" + "name": "linux-hardened-5.4.173-hardened1.patch", + "sha256": "1zpczgxyh76lazsjgf7n1872aayaxg660x6phyr6db667wa8x3r4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.173-hardened1/linux-hardened-5.4.173-hardened1.patch" }, - "sha256": "1r3ci123dmijk0n3z91xqri89rbvnk51hd9d4q430ag8cw5qk7mi", - "version": "5.4.172" + "sha256": "0ff2jvwxj55547wvwp94a8bsd610s72906d4nsyhiirrn9sy5s4r", + "version": "5.4.173" } } From 59539a3d3e7a5e263747bdf03ca8e41318fcd5f5 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 26 Jan 2022 18:12:00 +0100 Subject: [PATCH 31/37] libvlc: fix build --- pkgs/applications/video/vlc/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix index df7f2fff5ea4..7aa780f8a7f2 100644 --- a/pkgs/applications/video/vlc/default.nix +++ b/pkgs/applications/video/vlc/default.nix @@ -155,7 +155,7 @@ stdenv.mkDerivation rec { xcbutilkeysyms xlibsWrapper ]) - ++ optional (!hostIsAarch) live555 + ++ optional (!hostIsAarch && !onlyLibVLC) live555 ++ optional jackSupport libjack2 ++ optionals chromecastSupport [ libmicrodns protobuf ] ++ optionals skins2Support (with xorg; [ From e9c491052479cfa4479748eaedd33cc56e59eb19 Mon Sep 17 00:00:00 2001 From: Pasquale Date: Thu, 2 Dec 2021 23:10:08 +0100 Subject: [PATCH 32/37] nixos/xdg-portals: add portals' desktop files to XDG_DATA_DIRS --- nixos/modules/config/xdg/portal.nix | 35 +++++++++++++++++++---------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/nixos/modules/config/xdg/portal.nix b/nixos/modules/config/xdg/portal.nix index 80ec3126ca54..088f2af59e22 100644 --- a/nixos/modules/config/xdg/portal.nix +++ b/nixos/modules/config/xdg/portal.nix @@ -1,4 +1,4 @@ -{ config, pkgs ,lib ,... }: +{ config, pkgs, lib, ... }: with lib; @@ -13,13 +13,13 @@ with lib; options.xdg.portal = { enable = - mkEnableOption "xdg desktop integration"//{ + mkEnableOption "xdg desktop integration" // { default = false; }; extraPortals = mkOption { type = types.listOf types.package; - default = []; + default = [ ]; description = '' List of additional portals to add to path. Portals allow interaction with system, like choosing files or taking screenshots. At minimum, @@ -46,25 +46,36 @@ with lib; let cfg = config.xdg.portal; packages = [ pkgs.xdg-desktop-portal ] ++ cfg.extraPortals; - joinedPortals = pkgs.symlinkJoin { + joinedPortals = pkgs.buildEnv { name = "xdg-portals"; - paths = cfg.extraPortals; + paths = packages; + pathsToLink = [ "/share/xdg-desktop-portal/portals" "/share/applications" ]; }; - in mkIf cfg.enable { + in + mkIf cfg.enable { assertions = [ - { assertion = (cfg.gtkUsePortal -> cfg.extraPortals != []); - message = "Setting xdg.portal.gtkUsePortal to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde."; + { + assertion = cfg.extraPortals != [ ]; + message = "Setting xdg.portal.enable to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde."; } ]; - services.dbus.packages = packages; + services.dbus.packages = packages; systemd.packages = packages; - environment.sessionVariables = { - GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1"; - XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals"; + environment = { + # fixes screen sharing on plasmawayland on non-chromium apps by linking + # share/applications/*.desktop files + # see https://github.com/NixOS/nixpkgs/issues/145174 + systemPackages = [ joinedPortals ]; + pathsToLink = [ "/share/applications" ]; + + sessionVariables = { + GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1"; + XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals"; + }; }; }; } From 05ecd1702530a50522bd535fd1fe714b86fe14c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 26 Jan 2022 17:32:17 +0000 Subject: [PATCH 33/37] python3Packages.pykrakenapi: 0.2.3 -> 0.2.4 --- pkgs/development/python-modules/pykrakenapi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pykrakenapi/default.nix b/pkgs/development/python-modules/pykrakenapi/default.nix index 6c91b0c95dc0..41efa9a54d24 100644 --- a/pkgs/development/python-modules/pykrakenapi/default.nix +++ b/pkgs/development/python-modules/pykrakenapi/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "pykrakenapi"; - version = "0.2.3"; + version = "0.2.4"; src = fetchFromGitHub { owner = "dominiktraxl"; repo = "pykrakenapi"; rev = "v${version}"; - sha256 = "0yvhgk5wyklwqd67hfajnd7ims79h4h89pp65xb3x5mcmdcfz4ss"; + hash = "sha256-i2r6t+JcL6INI8Y26gvVvNjv6XxMj4G+pF9Xf/hsx1A="; }; propagatedBuildInputs = [ From 96e055fba48de677035da731594a38faa7a9e277 Mon Sep 17 00:00:00 2001 From: Renaud Date: Wed, 26 Jan 2022 19:35:15 +0100 Subject: [PATCH 34/37] rng-tools: fix path to opensc-pkcs11.so Changes upstream made the patching on rngd.c irrelevant --- pkgs/tools/security/rng-tools/default.nix | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index 76aea2bbd514..47bf2c8297f8 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -23,13 +23,6 @@ stdenv.mkDerivation rec { sha256 = "sha256-qheJaeVX2zuv0mvKEd6wcbSHFjiJE0t5hVCJiRSKm3M="; }; - postPatch = '' - ${optionalString withPkcs11 '' - substituteInPlace rngd.c \ - --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so - ''} - ''; - nativeBuildInputs = [ autoreconfHook libtool pkg-config ]; configureFlags = [ @@ -49,8 +42,11 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - # For cross-compilation - makeFlags = [ "AR:=$(AR)" ]; + makeFlags = [ + "AR:=$(AR)" # For cross-compilation + ] ++ optionals (withPkcs11) [ + "PKCS11_ENGINE=${opensc}/lib/opensc-pkcs11.so" # Overrides configure script paths + ]; doCheck = true; preCheck = "patchShebangs tests/*.sh"; From 0b2d7180bdf3648adef83bc64c70064cd492de6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 16 Jan 2022 01:40:41 +0000 Subject: [PATCH 35/37] postfix: 3.6.3 -> 3.6.4 http://www.postfix.org/announcements/postfix-3.6.4.html --- pkgs/servers/mail/postfix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 92fe6e0403a2..064d138d3985 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -24,11 +24,11 @@ let in stdenv.mkDerivation rec { pname = "postfix"; - version = "3.6.3"; + version = "3.6.4"; src = fetchurl { url = "http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/${pname}-${version}.tar.gz"; - sha256 = "1g5ii5vvcr87qkabsbyg3n7kzy1g5k2n5gwa8468w5d0ava424hg"; + hash = "sha256-jeBhnc8vp8IVqAz4S4KrcWMdTUciy6CUlyXOPhgDHU4="; }; nativeBuildInputs = [ makeWrapper m4 ]; From d1d974caea9678df94c578063cd64d85ba6ba63a Mon Sep 17 00:00:00 2001 From: Ruben Fonseca Date: Wed, 26 Jan 2022 17:28:47 +0100 Subject: [PATCH 36/37] crun: 1.4.1 -> 1.4.2 --- pkgs/applications/virtualization/crun/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/crun/default.nix b/pkgs/applications/virtualization/crun/default.nix index 2164f16bd3ec..4a2ec178be2e 100644 --- a/pkgs/applications/virtualization/crun/default.nix +++ b/pkgs/applications/virtualization/crun/default.nix @@ -37,13 +37,13 @@ let in stdenv.mkDerivation rec { pname = "crun"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "containers"; repo = pname; rev = version; - sha256 = "sha256-j2+ga+jnKnjnFGmrOOym99keLALg7wR7Jk+jjesiMc4="; + sha256 = "sha256-zGtHO8CgpbXTh8nZ6WA0ocakzLjL/PW2IULI5QSEPVI="; fetchSubmodules = true; }; From 23c87e799185769b8706f95a1d5c992fd63a77da Mon Sep 17 00:00:00 2001 From: Patrick Hilhorst Date: Wed, 26 Jan 2022 22:26:19 +0100 Subject: [PATCH 37/37] nixos/testing-python: actually copy build artefacts This broke in #156858. --- nixos/lib/testing-python.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/lib/testing-python.nix b/nixos/lib/testing-python.nix index 3d89e5484d16..0d3c3a89e783 100644 --- a/nixos/lib/testing-python.nix +++ b/nixos/lib/testing-python.nix @@ -30,7 +30,7 @@ rec { # effectively mute the XMLLogger export LOGFILE=/dev/null - ${driver}/bin/nixos-test-driver + ${driver}/bin/nixos-test-driver -o $out ''; passthru = driver.passthru // {