nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-29 18:33:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
github-actions[bot] 2024-08-24 18:04:13 +00:00 committed by GitHub
commit 0791c070ee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
54 changed files with 930 additions and 537 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
maintainers/maintainer-list.nix
View File

@ -9887,12 +9887,6 @@
githubId = 310981;
name = "Joel Burget";
};
joelkoen = {
email = "mail@joelkoen.com";
github = "joelkoen";
githubId = 122502655;
name = "Joel Koen";
};
joelmo = {
email = "joel.moberg@gmail.com";
github = "joelmo";

719
nixos/modules/services/security/kanidm.nix
View File

@ -1,4 +1,10 @@
{ config, lib, options, pkgs, ... }:
{
config,
lib,
options,
pkgs,
...
}:
let
cfg = config.services.kanidm;
settingsFormat = pkgs.formats.toml { };
@ -7,18 +13,29 @@ let
serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings);
clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings);
unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings);
certPaths = builtins.map builtins.dirOf [ cfg.serverSettings.tls_chain cfg.serverSettings.tls_key ];
certPaths = builtins.map builtins.dirOf [
cfg.serverSettings.tls_chain
cfg.serverSettings.tls_key
];
# Merge bind mount paths and remove paths where a prefix is already mounted.
# This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is already in the mount
# paths, no new bind mount is added. Adding subpaths caused problems on ofborg.
hasPrefixInList = list: newPath: lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list;
mergePaths = lib.foldl' (merged: newPath: let
hasPrefixInList =
list: newPath:
lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list;
mergePaths = lib.foldl' (
merged: newPath:
let
# If the new path is a prefix to some existing path, we need to filter it out
filteredPaths = lib.filter (p: !lib.hasPrefix (builtins.toString newPath) (builtins.toString p)) merged;
filteredPaths = lib.filter (
p: !lib.hasPrefix (builtins.toString newPath) (builtins.toString p)
) merged;
# If a prefix of the new path is already in the list, do not add it
filteredNew = lib.optional (!hasPrefixInList filteredPaths newPath) newPath;
in filteredPaths ++ filteredNew) [];
in
filteredPaths ++ filteredNew
) [ ];
defaultServiceConfig = {
BindReadOnlyPaths = [
@ -28,7 +45,7 @@ let
"-/etc/hosts"
"-/etc/localtime"
];
CapabilityBoundingSet = [];
CapabilityBoundingSet = [ ];
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
# Implies ProtectSystem=strict, which re-mounts all paths
@ -57,12 +74,16 @@ let
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
SystemCallFilter = [
"@system-service"
"~@privileged @resources @setuid @keyring"
];
# Does not work well with the temporary root
#UMask = "0066";
};
mkPresentOption = what:
mkPresentOption =
what:
lib.mkOption {
description = "Whether to ensure that this ${what} is present or absent.";
type = lib.types.bool;
@ -71,9 +92,9 @@ let
filterPresent = lib.filterAttrs (_: v: v.present);
provisionStateJson = pkgs.writeText "provision-state.json" (builtins.toJSON {
inherit (cfg.provision) groups persons systems;
});
provisionStateJson = pkgs.writeText "provision-state.json" (
builtins.toJSON { inherit (cfg.provision) groups persons systems; }
);
# Only recover the admin account if a password should explicitly be provisioned
# for the account. Otherwise it is not needed for provisioning.
@ -89,28 +110,30 @@ let
# Recover the idm_admin account. If a password should explicitly be provisioned
# for the account we set it, otherwise we generate a new one because it is required
# for provisioning.
recoverIdmAdmin = if cfg.provision.idmAdminPasswordFile != null
then ''
KANIDM_IDM_ADMIN_PASSWORD=$(< ${cfg.provision.idmAdminPasswordFile})
# We always reset the idm_admin account password if a desired password was specified.
if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_IDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin --from-environment >/dev/null; then
echo "Failed to recover idm_admin account" >&2
exit 1
fi
''
else ''
# Recover idm_admin account
if ! recover_out=$(${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin -o json); then
echo "$recover_out" >&2
echo "kanidm provision: Failed to recover admin account" >&2
exit 1
fi
if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${lib.getExe pkgs.jq} -r .password); then
echo "$recover_out" >&2
echo "kanidm provision: Failed to parse password for idm_admin account" >&2
exit 1
fi
'';
recoverIdmAdmin =
if cfg.provision.idmAdminPasswordFile != null then
''
KANIDM_IDM_ADMIN_PASSWORD=$(< ${cfg.provision.idmAdminPasswordFile})
# We always reset the idm_admin account password if a desired password was specified.
if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_IDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin --from-environment >/dev/null; then
echo "Failed to recover idm_admin account" >&2
exit 1
fi
''
else
''
# Recover idm_admin account
if ! recover_out=$(${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin -o json); then
echo "$recover_out" >&2
echo "kanidm provision: Failed to recover admin account" >&2
exit 1
fi
if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${lib.getExe pkgs.jq} -r .password); then
echo "$recover_out" >&2
echo "kanidm provision: Failed to parse password for idm_admin account" >&2
exit 1
fi
'';
postStartScript = pkgs.writeShellScript "post-start" ''
set -euo pipefail
@ -142,14 +165,15 @@ let
serverPort =
# ipv6:
if lib.hasInfix "]:" cfg.serverSettings.bindaddress
then lib.last (lib.splitString "]:" cfg.serverSettings.bindaddress)
if lib.hasInfix "]:" cfg.serverSettings.bindaddress then
lib.last (lib.splitString "]:" cfg.serverSettings.bindaddress)
else
# ipv4:
if lib.hasInfix "." cfg.serverSettings.bindaddress
then lib.last (lib.splitString ":" cfg.serverSettings.bindaddress)
# default is 8443
else "8443";
# ipv4:
if lib.hasInfix "." cfg.serverSettings.bindaddress then
lib.last (lib.splitString ":" cfg.serverSettings.bindaddress)
# default is 8443
else
"8443";
in
{
options.services.kanidm = {
@ -157,7 +181,7 @@ in
enableServer = lib.mkEnableOption "the Kanidm server";
enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration";
package = lib.mkPackageOption pkgs "kanidm" {};
package = lib.mkPackageOption pkgs "kanidm" { };
serverSettings = lib.mkOption {
type = lib.types.submodule {
@ -213,12 +237,20 @@ in
log_level = lib.mkOption {
description = "Log level of the server.";
default = "info";
type = lib.types.enum [ "info" "debug" "trace" ];
type = lib.types.enum [
"info"
"debug"
"trace"
];
};
role = lib.mkOption {
description = "The role of this server. This affects the replication relationship and thereby available features.";
default = "WriteReplica";
type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ];
type = lib.types.enum [
"WriteReplica"
"WriteReplicaNoUI"
"ReadOnlyReplica"
];
};
online_backup = {
path = lib.mkOption {
@ -347,218 +379,248 @@ in
groups = lib.mkOption {
description = "Provisioning of kanidm groups";
default = {};
type = lib.types.attrsOf (lib.types.submodule (groupSubmod: {
options = {
present = mkPresentOption "group";
default = { };
type = lib.types.attrsOf (
lib.types.submodule (groupSubmod: {
options = {
present = mkPresentOption "group";
members = lib.mkOption {
description = "List of kanidm entities (persons, groups, ...) which are part of this group.";
type = lib.types.listOf lib.types.str;
apply = lib.unique;
default = [];
members = lib.mkOption {
description = "List of kanidm entities (persons, groups, ...) which are part of this group.";
type = lib.types.listOf lib.types.str;
apply = lib.unique;
default = [ ];
};
};
};
config.members = lib.concatLists (lib.flip lib.mapAttrsToList cfg.provision.persons (person: personCfg:
lib.optional (personCfg.present && builtins.elem groupSubmod.config._module.args.name personCfg.groups) person
));
}));
config.members = lib.concatLists (
lib.flip lib.mapAttrsToList cfg.provision.persons (
person: personCfg:
lib.optional (
personCfg.present && builtins.elem groupSubmod.config._module.args.name personCfg.groups
) person
)
);
})
);
};
persons = lib.mkOption {
description = "Provisioning of kanidm persons";
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
present = mkPresentOption "person";
default = { };
type = lib.types.attrsOf (
lib.types.submodule {
options = {
present = mkPresentOption "person";
displayName = lib.mkOption {
description = "Display name";
type = lib.types.str;
example = "My User";
};
displayName = lib.mkOption {
description = "Display name";
type = lib.types.str;
example = "My User";
};
legalName = lib.mkOption {
description = "Full legal name";
type = lib.types.nullOr lib.types.str;
example = "Jane Doe";
default = null;
};
legalName = lib.mkOption {
description = "Full legal name";
type = lib.types.nullOr lib.types.str;
example = "Jane Doe";
default = null;
};
mailAddresses = lib.mkOption {
description = "Mail addresses. First given address is considered the primary address.";
type = lib.types.listOf lib.types.str;
example = ["jane.doe@example.com"];
default = [];
};
mailAddresses = lib.mkOption {
description = "Mail addresses. First given address is considered the primary address.";
type = lib.types.listOf lib.types.str;
example = [ "jane.doe@example.com" ];
default = [ ];
};
groups = lib.mkOption {
description = "List of groups this person should belong to.";
type = lib.types.listOf lib.types.str;
apply = lib.unique;
default = [];
groups = lib.mkOption {
description = "List of groups this person should belong to.";
type = lib.types.listOf lib.types.str;
apply = lib.unique;
default = [ ];
};
};
};
});
}
);
};
systems.oauth2 = lib.mkOption {
description = "Provisioning of oauth2 resource servers";
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
present = mkPresentOption "oauth2 resource server";
default = { };
type = lib.types.attrsOf (
lib.types.submodule {
options = {
present = mkPresentOption "oauth2 resource server";
public = lib.mkOption {
description = "Whether this is a public client (enforces PKCE, doesn't use a basic secret)";
type = lib.types.bool;
default = false;
public = lib.mkOption {
description = "Whether this is a public client (enforces PKCE, doesn't use a basic secret)";
type = lib.types.bool;
default = false;
};
displayName = lib.mkOption {
description = "Display name";
type = lib.types.str;
example = "Some Service";
};
originUrl = lib.mkOption {
description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
type =
let
originStrType = lib.types.strMatching ".*://.*/$";
in
lib.types.either originStrType (lib.types.nonEmptyListOf originStrType);
example = "https://someservice.example.com/";
};
originLanding = lib.mkOption {
description = "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.";
type = lib.types.str;
example = "https://someservice.example.com/home";
};
basicSecretFile = lib.mkOption {
description = ''
The basic secret to use for this service. If null, the random secret generated
by kanidm will not be touched. Do NOT use a path from the nix store here!
'';
type = lib.types.nullOr lib.types.path;
example = "/run/secrets/some-oauth2-basic-secret";
default = null;
};
enableLocalhostRedirects = lib.mkOption {
description = "Allow localhost redirects. Only for public clients.";
type = lib.types.bool;
default = false;
};
enableLegacyCrypto = lib.mkOption {
description = "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256.";
type = lib.types.bool;
default = false;
};
allowInsecureClientDisablePkce = lib.mkOption {
description = ''
Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it. You should request the client to enable PKCE!
Only for non-public clients.
'';
type = lib.types.bool;
default = false;
};
preferShortUsername = lib.mkOption {
description = "Use 'name' instead of 'spn' in the preferred_username claim";
type = lib.types.bool;
default = false;
};
scopeMaps = lib.mkOption {
description = ''
Maps kanidm groups to returned oauth scopes.
See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
'';
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = { };
};
supplementaryScopeMaps = lib.mkOption {
description = ''
Maps kanidm groups to additionally returned oauth scopes.
See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
'';
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = { };
};
removeOrphanedClaimMaps = lib.mkOption {
description = "Whether claim maps not specified here but present in kanidm should be removed from kanidm.";
type = lib.types.bool;
default = true;
};
claimMaps = lib.mkOption {
description = ''
Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to.
See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
'';
default = { };
type = lib.types.attrsOf (
lib.types.submodule {
options = {
joinType = lib.mkOption {
description = ''
Determines how multiple values are joined to create the claim value.
See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
'';
type = lib.types.enum [
"array"
"csv"
"ssv"
];
default = "array";
};
valuesByGroup = lib.mkOption {
description = "Maps kanidm groups to values for the claim.";
default = { };
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
}
);
};
};
displayName = lib.mkOption {
description = "Display name";
type = lib.types.str;
example = "Some Service";
};
originUrl = lib.mkOption {
description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
type = lib.types.strMatching ".*://.*/$";
example = "https://someservice.example.com/";
};
originLanding = lib.mkOption {
description = "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.";
type = lib.types.str;
example = "https://someservice.example.com/home";
};
basicSecretFile = lib.mkOption {
description = ''
The basic secret to use for this service. If null, the random secret generated
by kanidm will not be touched. Do NOT use a path from the nix store here!
'';
type = lib.types.nullOr lib.types.path;
example = "/run/secrets/some-oauth2-basic-secret";
default = null;
};
enableLocalhostRedirects = lib.mkOption {
description = "Allow localhost redirects. Only for public clients.";
type = lib.types.bool;
default = false;
};
enableLegacyCrypto = lib.mkOption {
description = "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256.";
type = lib.types.bool;
default = false;
};
allowInsecureClientDisablePkce = lib.mkOption {
description = ''
Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it. You should request the client to enable PKCE!
Only for non-public clients.
'';
type = lib.types.bool;
default = false;
};
preferShortUsername = lib.mkOption {
description = "Use 'name' instead of 'spn' in the preferred_username claim";
type = lib.types.bool;
default = false;
};
scopeMaps = lib.mkOption {
description = ''
Maps kanidm groups to returned oauth scopes.
See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
'';
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = {};
};
supplementaryScopeMaps = lib.mkOption {
description = ''
Maps kanidm groups to additionally returned oauth scopes.
See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
'';
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = {};
};
removeOrphanedClaimMaps = lib.mkOption {
description = "Whether claim maps not specified here but present in kanidm should be removed from kanidm.";
type = lib.types.bool;
default = true;
};
claimMaps = lib.mkOption {
description = ''
Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to.
See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
'';
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
joinType = lib.mkOption {
description = ''
Determines how multiple values are joined to create the claim value.
See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
'';
type = lib.types.enum ["array" "csv" "ssv"];
default = "array";
};
valuesByGroup = lib.mkOption {
description = "Maps kanidm groups to values for the claim.";
default = {};
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
});
};
};
});
}
);
};
};
};
config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {
assertions = let
entityList = type: attrs: lib.flip lib.mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; });
entities =
entityList "group" cfg.provision.groups
++ entityList "person" cfg.provision.persons
++ entityList "oauth2" cfg.provision.systems.oauth2;
assertions =
let
entityList =
type: attrs: lib.flip lib.mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; });
entities =
entityList "group" cfg.provision.groups
++ entityList "person" cfg.provision.persons
++ entityList "oauth2" cfg.provision.systems.oauth2;
# Accumulate entities by name. Track corresponding entity types for later duplicate check.
entitiesByName = lib.foldl' (acc: { type, name }:
acc // {
${name} = (acc.${name} or []) ++ [type];
}
) {} entities;
# Accumulate entities by name. Track corresponding entity types for later duplicate check.
entitiesByName = lib.foldl' (
acc: { type, name }: acc // { ${name} = (acc.${name} or [ ]) ++ [ type ]; }
) { } entities;
assertGroupsKnown = opt: groups: let
knownGroups = lib.attrNames (filterPresent cfg.provision.groups);
unknownGroups = lib.subtractLists knownGroups groups;
in {
assertion = (cfg.enableServer && cfg.provision.enable) -> unknownGroups == [];
message = "${opt} refers to unknown groups: ${toString unknownGroups}";
};
assertGroupsKnown =
opt: groups:
let
knownGroups = lib.attrNames (filterPresent cfg.provision.groups);
unknownGroups = lib.subtractLists knownGroups groups;
in
{
assertion = (cfg.enableServer && cfg.provision.enable) -> unknownGroups == [ ];
message = "${opt} refers to unknown groups: ${toString unknownGroups}";
};
assertEntitiesKnown = opt: entities: let
unknownEntities = lib.subtractLists (lib.attrNames entitiesByName) entities;
in {
assertion = (cfg.enableServer && cfg.provision.enable) -> unknownEntities == [];
message = "${opt} refers to unknown entities: ${toString unknownEntities}";
};
in
assertEntitiesKnown =
opt: entities:
let
unknownEntities = lib.subtractLists (lib.attrNames entitiesByName) entities;
in
{
assertion = (cfg.enableServer && cfg.provision.enable) -> unknownEntities == [ ];
message = "${opt} refers to unknown entities: ${toString unknownEntities}";
};
in
[
{
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain);
assertion =
!cfg.enableServer
|| ((cfg.serverSettings.tls_chain or null) == null)
|| (!lib.isStorePath cfg.serverSettings.tls_chain);
message = ''
<option>services.kanidm.serverSettings.tls_chain</option> points to
a file in the Nix store. You should use a quoted absolute path to
@ -566,7 +628,10 @@ in
'';
}
{
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_key);
assertion =
!cfg.enableServer
|| ((cfg.serverSettings.tls_key or null) == null)
|| (!lib.isStorePath cfg.serverSettings.tls_key);
message = ''
<option>services.kanidm.serverSettings.tls_key</option> points to
a file in the Nix store. You should use a quoted absolute path to
@ -588,8 +653,12 @@ in
'';
}
{
assertion = !cfg.enableServer || (cfg.serverSettings.domain == null
-> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI");
assertion =
!cfg.enableServer
|| (
cfg.serverSettings.domain == null
-> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI"
);
message = ''
<option>services.kanidm.serverSettings.domain</option> can only be set if this instance
is not a ReadOnlyReplica. Otherwise the db would inherit it from
@ -602,63 +671,96 @@ in
}
# If any secret is provisioned, the kanidm package must have some required patches applied to it
{
assertion = (cfg.provision.enable &&
(cfg.provision.adminPasswordFile != null
|| cfg.provision.idmAdminPasswordFile != null
|| lib.any (x: x.basicSecretFile != null) (lib.attrValues (filterPresent cfg.provision.systems.oauth2))
)) -> cfg.package.enableSecretProvisioning;
assertion =
(
cfg.provision.enable
&& (
cfg.provision.adminPasswordFile != null
|| cfg.provision.idmAdminPasswordFile != null
|| lib.any (x: x.basicSecretFile != null) (
lib.attrValues (filterPresent cfg.provision.systems.oauth2)
)
)
)
-> cfg.package.enableSecretProvisioning;
message = ''
Specifying an admin account password or oauth2 basicSecretFile requires kanidm to be built with the secret provisioning patches.
You may want to set `services.kanidm.package = pkgs.kanidm.withSecretProvisioning;`.
'';
}
# Entity names must be globally unique:
(let
# Filter all names that occurred in more than one entity type.
duplicateNames = lib.filterAttrs (_: v: builtins.length v > 1) entitiesByName;
in {
assertion = cfg.provision.enable -> duplicateNames == {};
message = ''
services.kanidm.provision requires all entity names (group, person, oauth2, ...) to be unique!
${lib.concatLines (lib.mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames)}'';
})
(
let
# Filter all names that occurred in more than one entity type.
duplicateNames = lib.filterAttrs (_: v: builtins.length v > 1) entitiesByName;
in
{
assertion = cfg.provision.enable -> duplicateNames == { };
message = ''
services.kanidm.provision requires all entity names (group, person, oauth2, ...) to be unique!
${lib.concatLines (
lib.mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames
)}'';
}
)
]
++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.persons) (person: personCfg:
++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.persons) (
person: personCfg:
assertGroupsKnown "services.kanidm.provision.persons.${person}.groups" personCfg.groups
)
++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.groups) (group: groupCfg:
++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.groups) (
group: groupCfg:
assertEntitiesKnown "services.kanidm.provision.groups.${group}.members" groupCfg.members
)
++ lib.concatLists (lib.flip lib.mapAttrsToList (filterPresent cfg.provision.systems.oauth2) (
oauth2: oauth2Cfg:
++ lib.concatLists (
lib.flip lib.mapAttrsToList (filterPresent cfg.provision.systems.oauth2) (
oauth2: oauth2Cfg:
[
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.scopeMaps" (lib.attrNames oauth2Cfg.scopeMaps))
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.supplementaryScopeMaps" (lib.attrNames oauth2Cfg.supplementaryScopeMaps))
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.scopeMaps" (
lib.attrNames oauth2Cfg.scopeMaps
))
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.supplementaryScopeMaps" (
lib.attrNames oauth2Cfg.supplementaryScopeMaps
))
]
++ lib.concatLists (lib.flip lib.mapAttrsToList oauth2Cfg.claimMaps (claim: claimCfg: [
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim}.valuesByGroup" (lib.attrNames claimCfg.valuesByGroup))
# At least one group must map to a value in each claim map
{
assertion = (cfg.provision.enable && cfg.enableServer) -> lib.any (xs: xs != []) (lib.attrValues claimCfg.valuesByGroup);
message = "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim} does not specify any values for any group";
}
# Public clients cannot define a basic secret
{
assertion = (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> oauth2Cfg.basicSecretFile == null;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot specify a basic secret";
}
# Public clients cannot disable PKCE
{
assertion = (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> !oauth2Cfg.allowInsecureClientDisablePkce;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot disable PKCE";
}
# Non-public clients cannot enable localhost redirects
{
assertion = (cfg.provision.enable && cfg.enableServer && !oauth2Cfg.public) -> !oauth2Cfg.enableLocalhostRedirects;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a non-public client and thus cannot enable localhost redirects";
}
]))
));
++ lib.concatLists (
lib.flip lib.mapAttrsToList oauth2Cfg.claimMaps (
claim: claimCfg: [
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim}.valuesByGroup" (
lib.attrNames claimCfg.valuesByGroup
))
# At least one group must map to a value in each claim map
{
assertion =
(cfg.provision.enable && cfg.enableServer)
-> lib.any (xs: xs != [ ]) (lib.attrValues claimCfg.valuesByGroup);
message = "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim} does not specify any values for any group";
}
# Public clients cannot define a basic secret
{
assertion =
(cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> oauth2Cfg.basicSecretFile == null;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot specify a basic secret";
}
# Public clients cannot disable PKCE
{
assertion =
(cfg.provision.enable && cfg.enableServer && oauth2Cfg.public)
-> !oauth2Cfg.allowInsecureClientDisablePkce;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot disable PKCE";
}
# Non-public clients cannot enable localhost redirects
{
assertion =
(cfg.provision.enable && cfg.enableServer && !oauth2Cfg.public)
-> !oauth2Cfg.enableLocalhostRedirects;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a non-public client and thus cannot enable localhost redirects";
}
]
)
)
)
);
environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];
@ -676,9 +778,12 @@ in
after = [ "network.target" ];
serviceConfig = lib.mkMerge [
# Merge paths and ignore existing prefixes needs to sidestep mkMerge
(defaultServiceConfig // {
BindReadOnlyPaths = mergePaths (defaultServiceConfig.BindReadOnlyPaths ++ certPaths);
})
(
defaultServiceConfig
// {
BindReadOnlyPaths = mergePaths (defaultServiceConfig.BindReadOnlyPaths ++ certPaths);
}
)
{
StateDirectory = "kanidm";
StateDirectoryMode = "0700";
@ -701,7 +806,11 @@ in
PrivateUsers = lib.mkForce false;
# Port needs to be exposed to the host network
PrivateNetwork = lib.mkForce false;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
TemporaryFileSystem = "/:ro";
}
];
@ -712,7 +821,10 @@ in
description = "Kanidm PAM daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = [ unixConfigFile clientConfigFile ];
restartTriggers = [
unixConfigFile
clientConfigFile
];
serviceConfig = lib.mkMerge [
defaultServiceConfig
{
@ -737,7 +849,11 @@ in
];
# Needs to connect to kanidmd
PrivateNetwork = lib.mkForce false;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
TemporaryFileSystem = "/:ro";
}
];
@ -747,9 +863,15 @@ in
systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam {
description = "Kanidm PAM home management daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "kanidm-unixd.service" ];
after = [
"network.target"
"kanidm-unixd.service"
];
partOf = [ "kanidm-unixd.service" ];
restartTriggers = [ unixConfigFile clientConfigFile ];
restartTriggers = [
unixConfigFile
clientConfigFile
];
serviceConfig = {
ExecStart = "${cfg.package}/bin/kanidm_unixd_tasks";
@ -769,7 +891,12 @@ in
"/run/kanidm-unixd:/var/run/kanidm-unixd"
];
# CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket
CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH" ];
CapabilityBoundingSet = [
"CAP_CHOWN"
"CAP_FOWNER"
"CAP_DAC_OVERRIDE"
"CAP_DAC_READ_SEARCH"
];
IPAddressDeny = "any";
# Need access to users
PrivateUsers = false;
@ -784,15 +911,11 @@ in
# These paths are hardcoded
environment.etc = lib.mkMerge [
(lib.mkIf cfg.enableServer {
"kanidm/server.toml".source = serverConfigFile;
})
(lib.mkIf cfg.enableServer { "kanidm/server.toml".source = serverConfigFile; })
(lib.mkIf options.services.kanidm.clientSettings.isDefined {
"kanidm/config".source = clientConfigFile;
})
(lib.mkIf cfg.enablePam {
"kanidm/unixd".source = unixConfigFile;
})
(lib.mkIf cfg.enablePam { "kanidm/unixd".source = unixConfigFile; })
];
system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ];
@ -801,12 +924,8 @@ in
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
users.groups = lib.mkMerge [
(lib.mkIf cfg.enableServer {
kanidm = { };
})
(lib.mkIf cfg.enablePam {
kanidm-unixd = { };
})
(lib.mkIf cfg.enableServer { kanidm = { }; })
(lib.mkIf cfg.enablePam { kanidm-unixd = { }; })
];
users.users = lib.mkMerge [
(lib.mkIf cfg.enableServer {
@ -827,6 +946,10 @@ in
];
};
meta.maintainers = with lib.maintainers; [ erictapen Flakebi oddlama ];
meta.maintainers = with lib.maintainers; [
erictapen
Flakebi
oddlama
];
meta.buildDocsInSandbox = false;
}

8
nixos/tests/kanidm-provisioning.nix
View File

@ -158,7 +158,11 @@ import ./make-test-python.nix (
groups.service1-admin = { };
systems.oauth2.service1 = {
displayName = "Service One (changed)";
originUrl = "https://changed-one.example.com/";
# multiple origin urls
originUrl = [
"https://changed-one.example.com/"
"https://changed-one.example.org/"
];
originLanding = "https://changed-one.example.com/landing-changed";
basicSecretFile = pkgs.writeText "bs-service1" "changed-very-strong-secret-for-service1";
scopeMaps.service1-access = [
@ -405,6 +409,7 @@ import ./make-test-python.nix (
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.org/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_matches(out, 'oauth2_rs_scope_map: service1-access.*{"email", "openid"}')
assert_matches(out, 'oauth2_rs_sup_scope_map: service1-admin.*{"adminchanged"}')
@ -460,6 +465,7 @@ import ./make-test-python.nix (
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
assert_lacks(out, "oauth2_rs_origin: https://changed-one.example.org/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_lacks(out, "oauth2_rs_scope_map")
assert_lacks(out, "oauth2_rs_sup_scope_map")

6
pkgs/applications/blockchains/trezor-suite/default.nix
View File

@ -8,7 +8,7 @@
let
pname = "trezor-suite";
version = "24.7.2";
version = "24.8.3";
suffix = {
aarch64-linux = "linux-arm64";
@ -18,8 +18,8 @@ let
src = fetchurl {
url = "https://github.com/trezor/trezor-suite/releases/download/v${version}/Trezor-Suite-${version}-${suffix}.AppImage";
hash = { # curl -Lfs https://github.com/trezor/trezor-suite/releases/download/v${version}/latest-linux{-arm64,}.yml | grep ^sha512 | sed 's/: /-/'
aarch64-linux = "sha512-RYkRav7U7WUbZuSvwuWf+IvKgkpUYrclW5vzINcVp/Wzqj3Brl0Cb1fC4dFe7c/UyE/K1oQ4++zd2dHJu6gxEQ==";
x86_64-linux = "sha512-WmdH3IC+9tbSLtQirmawi6vgtR7GoFceN2FdZ94rGtCkrvhi9STz5RHfZAljyQfRZ9Xx+DlTChZrsWA6DNqBpg==";
aarch64-linux = "sha512-od/OmYbPd3mmmyz131nQCVrhuSMU9znV8REHwbJLWVRoATMc21LSwCuAGZGRE1ijowJ1DI+TkLiLEq9rLldRmw=";
x86_64-linux = "sha512-IeEbscMGGaCaDQbNqmHYiKqdVm/QfyNDludiLWpcfnbN7udcxWIQG6tB9C9UY2BrimyNFvZgq1z9mZMfGScEYQ==";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};

13
pkgs/applications/misc/azuredatastudio/default.nix
View File

@ -72,14 +72,19 @@ in
stdenv.mkDerivation rec {
pname = "azuredatastudio";
version = "1.48.1";
version = "1.49.1";
desktopItems = [ desktopItem urlHandlerDesktopItem ];
src = fetchurl {
name = "${pname}-${version}.tar.gz";
url = "https://azuredatastudio-update.azurewebsites.net/${version}/linux-x64/stable";
sha256 = "sha256-JDNdMy0Wk6v2pMKS+NzSbsrffaEG2IneZO+K9pBFX48=";
# Url can be found at: https://github.com/microsoft/azuredatastudio/releases
# In the downloads table for Linux .tar.gz
# This will give a go.microsoft redirect link, I think it's better to use the direct link to which the redirect points.
# You can do so by using curl: curl -I <go.microsoft link>
url = "https://download.microsoft.com/download/7/8/3/783c2037-8607-43c4-a593-0936e965d38b/azuredatastudio-linux-1.49.1.tar.gz";
sha256 = "sha256-0LCrRUTTe8UEDgtGLvxVQL8pA5dwA6SvZEZSDILr7jo=";
};
nativeBuildInputs = [
@ -122,7 +127,7 @@ stdenv.mkDerivation rec {
];
# this will most likely need to be updated when azuredatastudio's version changes
sqltoolsservicePath = "${targetPath}/resources/app/extensions/mssql/sqltoolsservice/Linux/4.11.1.1";
sqltoolsservicePath = "${targetPath}/resources/app/extensions/mssql/sqltoolsservice/Linux/5.0.20240724.1";
rpath = lib.concatStringsSep ":" [
(lib.makeLibraryPath [

36
pkgs/applications/misc/coursera-dl/default.nix
View File

@ -1,15 +1,15 @@
{ lib
, fetchFromGitHub
, fetchpatch
, glibcLocales
, pandoc
, python3
{
fetchFromGitHub,
fetchpatch,
lib,
pandoc,
python3,
}:
python3.pkgs.buildPythonApplication rec {
pname = "coursera-dl";
version = "0.11.5";
format = "setuptools";
pyproject = true;
src = fetchFromGitHub {
owner = "coursera-dl";
@ -35,27 +35,17 @@ python3.pkgs.buildPythonApplication rec {
})
];
postPatch = ''
substituteInPlace requirements.txt \
--replace '==' '>='
'';
build-system = with python3.pkgs; [ setuptools ];
preConfigure = ''
export LC_ALL=en_US.utf-8
'';
nativeBuildInputs = [ pandoc ];
nativeBuildInputs = with python3.pkgs; [
pandoc
];
pythonRelaxDeps = true;
buildInputs = with python3.pkgs; [
glibcLocales
];
propagatedBuildInputs = with python3.pkgs; [
dependencies = with python3.pkgs; [
attrs
beautifulsoup4
configargparse
distutils
keyring
pyasn1
requests
@ -77,7 +67,7 @@ python3.pkgs.buildPythonApplication rec {
description = "CLI for downloading Coursera.org videos and naming them";
mainProgram = "coursera-dl";
homepage = "https://github.com/coursera-dl/coursera-dl";
changelog = "https://github.com/coursera-dl/coursera-dl/blob/0.11.5/CHANGELOG.md";
changelog = "https://github.com/coursera-dl/coursera-dl/blob/${src.rev}/CHANGELOG.md";
license = licenses.lgpl3Plus;
maintainers = with maintainers; [ alexfmpe ];
platforms = platforms.darwin ++ platforms.linux;

4
pkgs/applications/misc/nwg-dock-hyprland/default.nix
View File

@ -8,13 +8,13 @@
buildGoModule rec {
pname = "nwg-dock-hyprland";
version = "0.2.1";
version = "0.2.2";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-dock-hyprland";
rev = "v${version}";
hash = "sha256-rR0UkRKdIHcrLd4IpBUGxd6toPlohJfbvCBG/GkuQnY=";
hash = "sha256-iamDOQcQJRdFVnwffWPIXHlY0J4orfrEbfLzaoeV+KM=";
};
vendorHash = "sha256-cZ5w7B8bi0faOVWoQ6eeW5ejCZJgnNB91DQalC75mPo=";

6
pkgs/applications/misc/skate/default.nix
View File

@ -2,17 +2,17 @@
buildGoModule rec {
pname = "skate";
version = "0.2.2";
version = "1.0.0";
src = fetchFromGitHub {
owner = "charmbracelet";
repo = "skate";
rev = "v${version}";
hash = "sha256-Kum8IdgvRC75RLafCac0fkNn/VKvWFW48IK5tqLH/ME=";
hash = "sha256-HwtBY4rtqyY+DMNq2Fu30/CsTlhhGOuJRrdM5zHUAIg=";
};
proxyVendor = true;
vendorHash = "sha256-/qZB/GGEkoqRoNhEmZw9Q2lsUPZRg5/xVxWgdBZTMLk=";
vendorHash = "sha256-nCT9PsRPxefjC4q4cr5UigTITUkx0JmQtdv7/ZXbXVI=";
ldflags = [ "-s" "-w" "-X=main.Version=${version}" ];

4
pkgs/applications/networking/cluster/kubeshark/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubeshark";
version = "52.3.74";
version = "52.3.78";
src = fetchFromGitHub {
owner = "kubeshark";
repo = "kubeshark";
rev = "v${version}";
hash = "sha256-MlYyTo30v9i1puSadbQRHCmUW7Kf9UV8X5Y7LQtRWaE=";
hash = "sha256-tv0yBm10bUCepa03GUQlok6cP0bIuG7sgunX8iAUjO4=";
};
vendorHash = "sha256-b3Aq3970E19jOJPjw/e0ly1W9x9HiDN+bfuB4uP09BY=";

4
pkgs/applications/networking/remote/freerdp/3.nix
View File

@ -68,13 +68,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "freerdp";
version = "3.6.3";
version = "3.7.0";
src = fetchFromGitHub {
owner = "FreeRDP";
repo = "FreeRDP";
rev = finalAttrs.version;
hash = "sha256-LdgHQ2lb3cde4cX4aIwHvSo0q9iwpLzaWDHbv1/rneE=";
hash = "sha256-o/Sp9mMEIxtXa0oIpxYG9Fm8YejStUYcW/jkdPwyE5I=";
};
postPatch = ''

5
pkgs/applications/science/math/getdp/default.nix
View File

@ -1,6 +1,8 @@
{ lib, stdenv, fetchurl, cmake, gfortran, blas, lapack, mpi, petsc, python3 }:
stdenv.mkDerivation rec {
let
mpiSupport = petsc.passthru.mpiSupport;
in stdenv.mkDerivation rec {
pname = "getdp";
version = "3.6.0";
src = fetchurl {
@ -8,7 +10,6 @@ stdenv.mkDerivation rec {
hash = "sha256-nzefwCV+Z9BHDofuTfhR+vhqm3cCSiUT+7cbtn601N8=";
};
inherit (petsc) mpiSupport;
nativeBuildInputs = [ cmake python3 ];
buildInputs = [ gfortran blas lapack petsc ]
++ lib.optional mpiSupport mpi

6
pkgs/applications/version-management/gql/default.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "gql";
version = "0.25.0";
version = "0.26.0";
src = fetchFromGitHub {
owner = "AmrDeveloper";
repo = "GQL";
rev = version;
hash = "sha256-Jys6pdHGIrgBrXnHm3P2PbTPBPiclQErEaUUQSRm1a0=";
hash = "sha256-qVO+kqsmVFDsO9fJGLyqxBzlBc8DZmX1ZQ7UjI3T0Fw=";
};
cargoHash = "sha256-JT/Di4HEcXm03/1gVuaX+6JKn0aHAudwpf+gzXgRFfA=";
cargoHash = "sha256-sq8hxI1MOOE97OwrUEkwrEkpQWeCTzA8r6x5abTxCl0=";
nativeBuildInputs = [
pkg-config

6
pkgs/applications/video/mpv/scripts/videoclip.nix
View File

@ -10,13 +10,13 @@
}:
buildLua {
pname = "videoclip";
version = "0-unstable-2024-07-18";
version = "0-unstable-2024-08-20";
src = fetchFromGitHub {
owner = "Ajatt-Tools";
repo = "videoclip";
rev = "fe731767ca481678b4a166fbce6b30d3eaf8a6ce";
hash = "sha256-Z63kccjl8jd6C0dvpK7SQnPpmDCgH3/Kzm1oRXJ0NqI=";
rev = "249122d245bc5ec2a0687346af730b1cc2273b21";
hash = "sha256-VSMFddi8Lvmipo8Un79v+LXGNiKeaSxHQ44HddJgTkE=";
};
patchPhase =

78
pkgs/by-name/de/densify/package.nix Executable file
View File

@ -0,0 +1,78 @@
{
fetchFromGitHub,
lib,
python3Packages,
python3,
gtk3,
gobject-introspection,
wrapGAppsHook3,
xorg,
gnugrep,
ghostscript,
}:
python3Packages.buildPythonApplication rec {
pname = "densify";
version = "0.3.2";
format = "other";
src = fetchFromGitHub {
owner = "hkdb";
repo = "Densify";
rev = "refs/tags/v${version}";
hash = "sha256-giFFy8HiSmnOqFKLyrPD1kTry8hMQxotEgD/u2FEMRY=";
};
postPatch = ''
# Fix fail loading program icon from runtime path
substituteInPlace densify \
--replace-fail "/icon.png" "/../share/densify/icon.png"
'';
dependencies = with python3Packages; [ pygobject3 ];
nativeBuildInputs = [
gobject-introspection
wrapGAppsHook3
];
buildInputs = [ gtk3 ];
preFixup = ''
gappsWrapperArgs+=(
--prefix PATH : "${
lib.makeBinPath [
ghostscript
gnugrep
xorg.xrandr
]
}"
)
'';
installPhase = ''
runHook preInstall
install -Dm755 -t $out/bin densify
install -Dm644 -t $out/share/applications densify.desktop
install -Dm644 -t $out/share/densify desktop-icon.png icon.png
runHook postInstall
'';
postFixup = ''
substituteInPlace $out/share/applications/densify.desktop \
--replace-fail "/opt/Densify/densify" "densify" \
--replace-fail "Path=/opt/Densify/" "Path=$out/bin/" \
--replace-fail "/opt/Densify/desktop-icon.png" "$out/share/densify/desktop-icon.png"
'';
meta = {
description = "Compress PDF files with Ghostscript";
homepage = "https://github.com/hkdb/Densify";
changelog = "https://github.com/hkdb/Densify/blob/${src.rev}/README.md";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ onny ];
platforms = lib.platforms.all;
};
}

6
pkgs/by-name/fw/fwupd/package.nix
View File

@ -49,6 +49,7 @@
, libmbim
, libcbor
, xz
, nix-update-script
, enableFlashrom ? false
, enablePassim ? false
}:
@ -120,7 +121,7 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "fwupd";
version = "1.9.23";
version = "1.9.24";
# libfwupd goes to lib
# daemon, plug-ins and libfwupdplugin go to out
@ -131,7 +132,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "fwupd";
repo = "fwupd";
rev = finalAttrs.version;
hash = "sha256-SLwRATYUSnHN6r5KyVGXbdAFjHCfykItbBTsl5/s8fA=";
hash = "sha256-jAR/c8hedprteCj5wrjST4yo8TxJ4JmLbPXSwBO3gJs=";
};
patches = [
@ -325,6 +326,7 @@ stdenv.mkDerivation (finalAttrs: {
separateDebugInfo = true;
passthru = {
updateScript = nix-update-script { };
filesInstalledToEtc = [
"fwupd/bios-settings.d/README.md"
"fwupd/fwupd.conf"

4
pkgs/by-name/go/gotree/package.nix
View File

@ -6,13 +6,13 @@
buildGoModule rec {
pname = "gotree";
version = "1.2.0";
version = "1.4.1";
src = fetchFromGitHub {
owner = "elbachir-one";
repo = "gt";
rev = "v${version}";
hash = "sha256-gyhnSx253EUx8WUIJES8rCAOI/rY7H7dwRdahkR6TBg=";
hash = "sha256-sWKqfDWwMfj4shg/MxHu7Zr4WE5pxAzHHmsjU3jQY10=";
};
vendorHash = null;

6
pkgs/by-name/im/immich-go/package.nix
View File

@ -1,13 +1,13 @@
{ lib, buildGoModule, fetchFromGitHub, nix-update-script, testers, immich-go }:
buildGoModule rec {
pname = "immich-go";
version = "0.21.1";
version = "1.21.3";
src = fetchFromGitHub {
owner = "simulot";
repo = "immich-go";
rev = "${version}";
hash = "sha256-mN/3ctEX5R7UepJUs3Ble0s2c0gRxHe5CDey9MoE4YA=";
hash = "sha256-DgTEkiT9D+8wa6mzWWnsh98f7hEEK5r3QiH2e1yarCU=";
# Inspired by: https://github.com/NixOS/nixpkgs/blob/f2d7a289c5a5ece8521dd082b81ac7e4a57c2c5c/pkgs/applications/graphics/pdfcpu/default.nix#L20-L32
# The intention here is to write the information into files in the `src`'s
@ -24,7 +24,7 @@ buildGoModule rec {
'';
};
vendorHash = "sha256-Y6awfvbKV0G3VFXCUHLSwUkGaMkTaacruSz8KVi6NoQ=";
vendorHash = "sha256-jED1K2zHv60zxMY4P7Z739uzf7PtlsnvZyStOSLKi4M=";
# options used by upstream:
# https://github.com/simulot/immich-go/blob/0.13.2/.goreleaser.yaml

6
pkgs/by-name/ka/kanidm-provision/package.nix
View File

@ -5,16 +5,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "kanidm-provision";
version = "1.1.1";
version = "1.1.2";
src = fetchFromGitHub {
owner = "oddlama";
repo = "kanidm-provision";
rev = "v${version}";
hash = "sha256-tX24cszmWu7kB5Eoa3OrPqU1bayD62OpAV12U0ayoEo=";
hash = "sha256-pgPjkj0nMb5j3EvyJTTDpfmh0WigAcMzoleF5EOqBAM=";
};
cargoHash = "sha256-Ok8A47z5Z3QW4teql/4RyDlox/nrhkdA6IN/qJm13bM=";
cargoHash = "sha256-tQ3uVsy5Dw4c4CbSeASv1TWkqxVYjl/Cjkr00OQEo9c=";
meta = with lib; {
description = "A small utility to help with kanidm provisioning";

7
pkgs/by-name/ko/koboldcpp/package.nix
View File

@ -53,13 +53,13 @@ let
in
effectiveStdenv.mkDerivation (finalAttrs: {
pname = "koboldcpp";
version = "1.72";
version = "1.73";
src = fetchFromGitHub {
owner = "LostRuins";
repo = "koboldcpp";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-DePcBVNXIWIlOXyNeNMUFFIQxQuwqG8KBUh2/X7R6X8=";
hash = "sha256-S0MonY2rIAkbJnTaDVc2YiGPjOaevgp82mt6JwWdN1U=";
};
enableParallelBuilding = true;
@ -164,13 +164,14 @@ effectiveStdenv.mkDerivation (finalAttrs: {
passthru.updateScript = gitUpdater { rev-prefix = "v"; };
meta = {
changelog = "https://github.com/LostRuins/koboldcpp/releases/tag/v${finalAttrs.version}";
description = "Way to run various GGML and GGUF models";
license = lib.licenses.agpl3Only;
mainProgram = "koboldcpp";
maintainers = with lib.maintainers; [
maxstrid
donteatoreo
];
mainProgram = "koboldcpp";
platforms = lib.platforms.unix;
};
})

36
pkgs/development/libraries/libs3/default.nix → pkgs/by-name/li/libs3/package.nix
View File

@ -1,4 +1,12 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, curl, libxml2 }:
{
curl,
fetchFromGitHub,
fetchpatch,
lib,
libxml2,
pkg-config,
stdenv,
}:
stdenv.mkDerivation {
pname = "libs3";
@ -12,21 +20,35 @@ stdenv.mkDerivation {
};
patches = [
(fetchpatch { # Fix compilation with openssl 3.0
(fetchpatch {
# Fix compilation with openssl 3.0
url = "https://github.com/bji/libs3/pull/112/commits/3c3a1cf915e62b730db854d8007ba835cb38677c.patch";
hash = "sha256-+rWRh8dOznHlamc/T9qbgN0E2Rww3Hn94UeErxNDccs=";
})
];
buildInputs = [ curl libxml2 ];
postPatch = ''
substituteInPlace GNUmakefile \
--replace-fail curl-config "$PKG_CONFIG libcurl" \
--replace-fail xml2-config "$PKG_CONFIG libxml-2.0"
'';
makeFlags = [ "DESTDIR=${placeholder "out"}" ];
meta = with lib; {
homepage = "https://github.com/bji/libs3";
strictDeps = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [
curl
libxml2
];
meta = {
description = "Library for interfacing with amazon s3";
homepage = "https://github.com/bji/libs3";
license = lib.licenses.lgpl3Plus;
mainProgram = "s3";
license = licenses.lgpl3Plus;
platforms = platforms.linux;
platforms = lib.platforms.linux;
};
}

85
pkgs/by-name/pe/petsc/package.nix
View File

@ -15,6 +15,7 @@
hdf5,
metis,
parmetis,
withParmetis ? false,
pkg-config,
p4est,
zlib, # propagated by p4est but required by petsc
@ -35,9 +36,6 @@ stdenv.mkDerivation rec {
hash = "sha256-dxHa8JUJCN4zRIXMCx7gcvbzFH2SPtkJ377ssIevjgU=";
};
inherit mpiSupport;
withp4est = petsc-withp4est;
strictDeps = true;
nativeBuildInputs = [
python3
@ -47,7 +45,7 @@ stdenv.mkDerivation rec {
buildInputs = [
blas
lapack
] ++ lib.optional hdf5-support hdf5 ++ lib.optional withp4est p4est;
] ++ lib.optional hdf5-support hdf5 ++ lib.optional petsc-withp4est p4est ++ lib.optionals withParmetis [ metis parmetis ];
prePatch = lib.optionalString stdenv.isDarwin ''
substituteInPlace config/install.py \
@ -60,49 +58,42 @@ stdenv.mkDerivation rec {
# These messages contaminate test output, which makes the quicktest suite to fail. The patch adds filtering for these messages.
patches = [ ./filter_mpi_warnings.patch ];
configureFlags = [
"--with-blas=1"
"--with-lapack=1"
"--with-scalar-type=${petsc-scalar-type}"
"--with-precision=${petsc-precision}"
"--with-mpi=${if mpiSupport then "1" else "0"}"
] ++ lib.optionals mpiSupport [
"--CC=mpicc"
"--with-cxx=mpicxx"
"--with-fc=mpif90"
] ++ lib.optionals (mpiSupport && withParmetis) [
"--with-metis=1"
"--with-metis-dir=${metis}"
"--with-parmetis=1"
"--with-parmetis-dir=${parmetis}"
] ++ lib.optionals petsc-optimized [
"--with-debugging=0"
"COPTFLAGS=-O3"
"FOPTFLAGS=-O3"
"CXXOPTFLAGS=-O3"
"CXXFLAGS=-O3"
];
preConfigure = ''
patchShebangs ./lib/petsc/bin
configureFlagsArray=(
$configureFlagsArray
${
if !mpiSupport then
''
"--with-mpi=0"
''
else
''
"--CC=mpicc"
"--with-cxx=mpicxx"
"--with-fc=mpif90"
"--with-mpi=1"
"--with-metis=1"
"--with-metis-dir=${metis}"
"--with-parmetis=1"
"--with-parmetis-dir=${parmetis}"
''
}
${lib.optionalString withp4est ''
"--with-p4est=1"
"--with-zlib-include=${zlib.dev}/include"
"--with-zlib-lib=-L${zlib}/lib -lz"
''}
${lib.optionalString hdf5-support ''
"--with-hdf5=1"
"--with-hdf5-fortran-bindings=1"
"--with-hdf5-lib=-L${hdf5}/lib -lhdf5"
"--with-hdf5-include=${hdf5.dev}/include"
''}
"--with-blas=1"
"--with-lapack=1"
"--with-scalar-type=${petsc-scalar-type}"
"--with-precision=${petsc-precision}"
${lib.optionalString petsc-optimized ''
"--with-debugging=0"
COPTFLAGS='-O3'
FOPTFLAGS='-O3'
CXXOPTFLAGS='-O3'
CXXFLAGS='-O3'
''}
'' + lib.optionalString petsc-withp4est ''
configureFlagsArray+=(
"--with-p4est=1"
"--with-zlib-include=${zlib.dev}/include"
"--with-zlib-lib=-L${zlib}/lib -lz"
)
'' + lib.optionalString hdf5-support ''
configureFlagsArray+=(
"--with-hdf5=1"
"--with-hdf5-fortran-bindings=1"
"--with-hdf5-include=${hdf5.dev}/include"
"--with-hdf5-lib=-L${hdf5}/lib -lhdf5"
)
'';
@ -122,6 +113,10 @@ stdenv.mkDerivation rec {
doInstallCheck = true;
installCheckTarget = "check_install";
passthru = {
inherit mpiSupport;
};
meta = with lib; {
description = "Portable Extensible Toolkit for Scientific computation";
homepage = "https://petsc.org/release/";

6
pkgs/by-name/re/resources/package.nix
View File

@ -20,19 +20,19 @@
stdenv.mkDerivation (finalAttrs: {
pname = "resources";
version = "1.5.1";
version = "1.6.0";
src = fetchFromGitHub {
owner = "nokyan";
repo = "resources";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-uzZCczayJ5C0TZznA2wjGNYF3nB6fh/rrBKvv9s3J5g=";
hash = "sha256-RYpPg9dEasHkXF2eHpeCze5j0FC1+9/J0e2lRw8AdKc=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit (finalAttrs) src;
name = "resources-${finalAttrs.version}";
hash = "sha256-a0VdSNy8E7qen+6yFXuQBmYnDD/DMUgrZqJK6BJja60=";
hash = "sha256-zliLpmunlxRsWv9N8AswVoRqcNy5PuI5NzNjaXyTiGk=";
};
nativeBuildInputs = [

6
pkgs/by-name/ro/robotframework-tidy/package.nix
View File

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "robotframework-tidy";
version = "4.13.0";
version = "4.14.0";
pyproject = true;
src = fetchFromGitHub {
owner = "MarketSquare";
repo = "robotframework-tidy";
rev = version;
hash = "sha256-MCx0J+uZ2LI0K1TrIwJbLVTUTJnLxTvYXUJNtIMsnQU=";
rev = "refs/tags/${version}";
hash = "sha256-FsZraD0Kn9e6J0XzJsm4m0dIXHi86AWGad13ggqm3h4=";
};
build-system = with python3.pkgs; [ setuptools ];

6
pkgs/by-name/rt/rtorrent/package.nix
View File

@ -20,13 +20,13 @@
stdenv.mkDerivation {
pname = "rakshasa-rtorrent";
version = "0.9.8-unstable-2024-08-09";
version = "0.9.8-unstable-2024-08-20";
src = fetchFromGitHub {
owner = "rakshasa";
repo = "rtorrent";
rev = "892e595015404c125df4a836b2a4fa18c01b4586";
hash = "sha256-y7VlpviWT4kq4sfeWq00qM40tBAyGFBAplwrji45dOc=";
rev = "eacf9798e2787df7dd4d5c800a46bac7931ac41c";
hash = "sha256-VJ2QJfBRUgk0KcCZTHtlyBIMVhs0UfYWAPlTeA98VZU=";
};
outputs = [ "out" "man" ];

6
pkgs/by-name/s0/s0ix-selftest-tool/package.nix
View File

@ -36,13 +36,13 @@ let
in
stdenv.mkDerivation {
pname = "s0ix-selftest-tool";
version = "0-unstable-2024-08-13";
version = "0-unstable-2024-08-20";
src = fetchFromGitHub {
owner = "intel";
repo = "S0ixSelftestTool";
rev = "a9fcb3117ff733e7c307bb579c612065b64bf4b7";
hash = "sha256-DcXefQPI4VpkeFH/YM899WEZHIs5IfWOWoUuZV6Ew7M=";
rev = "73b540d0b15d874ebb462eb3296399d4556aff64";
hash = "sha256-p0IxhG0P0G+DQ5UykC+uVlMZUZQwrWG/iiJprdmsLm0=";
};
# don't use the bundled turbostat binary

4
pkgs/by-name/sc/screego/package.nix
View File

@ -10,13 +10,13 @@
}:
let
version = "1.10.4";
version = "1.10.5";
src = fetchFromGitHub {
owner = "screego";
repo = "server";
rev = "v${version}";
hash = "sha256-/GtlMLm2swmLV6bC7OWkcQUeB6WauRm7IOs0UhyocO0=";
hash = "sha256-4WF9PfG6W1BLBqgWkKhTFEzed0+jDpRFMTsHw/1lPnQ=";
};
ui = stdenv.mkDerivation {

6
pkgs/by-name/sw/sway-overfocus/package.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "sway-overfocus";
version = "0.2.3-fix";
version = "0.2.4";
src = fetchFromGitHub {
owner = "korreman";
repo = pname;
rev = "v${version}";
hash = "sha256-KHbYlxgrrZdNKJ7R9iVflbbP1c6qohM/NHBSYuzxEt4=";
hash = "sha256-trpjKA0TV8InSfViIXKnMDeZeFXZfavpiU7/R3JDQkQ=";
};
cargoHash = "sha256-zp6PSu8P+ZUhrqi5Vxpe+z9zBaSkdVQBMGNP0FVOviQ=";
cargoHash = "sha256-uAzD4x7pSyem2juQi/4223Cbt6pVt4gynhn2lWMSKSQ=";
# Crate without tests.
doCheck = false;

68
pkgs/by-name/uv/uv/Cargo.lock generated
View File

@ -1847,7 +1847,7 @@ dependencies = [
"pypi-types",
"reflink-copy",
"regex",
"rustc-hash 2.0.0",
"rustc-hash",
"schemars",
"serde",
"serde_json",
@ -2511,7 +2511,7 @@ dependencies = [
"pyo3",
"pyo3-log",
"regex",
"rustc-hash 2.0.0",
"rustc-hash",
"schemars",
"serde",
"serde_json",
@ -2652,7 +2652,7 @@ name = "platform-tags"
version = "0.0.1"
dependencies = [
"insta",
"rustc-hash 2.0.0",
"rustc-hash",
"serde",
"thiserror",
]
@ -2777,12 +2777,12 @@ dependencies = [
[[package]]
name = "pubgrub"
version = "0.2.1"
source = "git+https://github.com/astral-sh/pubgrub?rev=aaef464c1b0d8eea4ff9ffaee4f3458c236d10da#aaef464c1b0d8eea4ff9ffaee4f3458c236d10da"
source = "git+https://github.com/astral-sh/pubgrub?rev=388685a8711092971930986644cfed152d1a1f6c#388685a8711092971930986644cfed152d1a1f6c"
dependencies = [
"indexmap",
"log",
"priority-queue",
"rustc-hash 2.0.0",
"rustc-hash",
"thiserror",
]
@ -2796,7 +2796,7 @@ dependencies = [
"indoc",
"libc",
"memoffset 0.9.1",
"parking_lot 0.11.2",
"parking_lot 0.12.3",
"portable-atomic",
"pyo3-build-config",
"pyo3-ffi",
@ -2894,7 +2894,7 @@ dependencies = [
"pin-project-lite",
"quinn-proto",
"quinn-udp",
"rustc-hash 2.0.0",
"rustc-hash",
"rustls",
"socket2",
"thiserror",
@ -2911,7 +2911,7 @@ dependencies = [
"bytes",
"rand",
"ring",
"rustc-hash 2.0.0",
"rustc-hash",
"rustls",
"slab",
"thiserror",
@ -3369,12 +3369,6 @@ version = "0.1.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
[[package]]
name = "rustc-hash"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
[[package]]
name = "rustc-hash"
version = "2.0.0"
@ -3767,9 +3761,9 @@ checksum = "b7401a30af6cb5818bb64852270bb722533397edcfc7344954a38f420819ece2"
[[package]]
name = "svg"
version = "0.15.1"
version = "0.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "683eed9bd9a2b078f92f87d166db38292e8114ab16d4cf23787ad4eecd1bb6e5"
checksum = "700efb40f3f559c23c18b446e8ed62b08b56b2bb3197b36d57e0470b4102779e"
[[package]]
name = "svgfilters"
@ -4252,15 +4246,15 @@ dependencies = [
[[package]]
name = "tracing-durations-export"
version = "0.2.0"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "35b910b25a6c8e0fefcfff912bad6c4f4849d37e5945c3861d15e550d819da53"
checksum = "382e025ef8e0db646343dd2cf56af9d7fe6f5eabce5f388f8e5ec7234f555a0f"
dependencies = [
"anyhow",
"fs-err",
"itertools 0.12.1",
"itertools 0.13.0",
"once_cell",
"rustc-hash 1.1.0",
"rustc-hash",
"serde",
"serde_json",
"svg",
@ -4498,7 +4492,7 @@ checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
[[package]]
name = "uv"
version = "0.3.1"
version = "0.3.3"
dependencies = [
"anstream",
"anyhow",
@ -4533,7 +4527,7 @@ dependencies = [
"rayon",
"regex",
"reqwest",
"rustc-hash 2.0.0",
"rustc-hash",
"serde",
"serde_json",
"similar",
@ -4588,7 +4582,7 @@ dependencies = [
"reqwest",
"reqwest-middleware",
"rust-netrc",
"rustc-hash 2.0.0",
"rustc-hash",
"tempfile",
"test-log",
"tokio",
@ -4612,7 +4606,7 @@ dependencies = [
"pep508_rs",
"pypi-types",
"regex",
"rustc-hash 2.0.0",
"rustc-hash",
"serde",
"serde_json",
"tempfile",
@ -4640,7 +4634,7 @@ dependencies = [
"nanoid",
"pypi-types",
"rmp-serde",
"rustc-hash 2.0.0",
"rustc-hash",
"serde",
"tempfile",
"tracing",
@ -4736,7 +4730,7 @@ dependencies = [
"pep508_rs",
"platform-tags",
"pypi-types",
"rustc-hash 2.0.0",
"rustc-hash",
"schemars",
"serde",
"serde_json",
@ -4766,7 +4760,7 @@ dependencies = [
"pretty_assertions",
"pypi-types",
"resvg",
"rustc-hash 2.0.0",
"rustc-hash",
"schemars",
"serde",
"serde_json",
@ -4805,7 +4799,7 @@ dependencies = [
"install-wheel-rs",
"itertools 0.13.0",
"pypi-types",
"rustc-hash 2.0.0",
"rustc-hash",
"tracing",
"uv-build",
"uv-cache",
@ -4840,7 +4834,7 @@ dependencies = [
"reqwest",
"reqwest-middleware",
"rmp-serde",
"rustc-hash 2.0.0",
"rustc-hash",
"serde",
"tempfile",
"thiserror",
@ -4874,7 +4868,7 @@ dependencies = [
"pypi-types",
"rayon",
"reqwest",
"rustc-hash 2.0.0",
"rustc-hash",
"sha2",
"thiserror",
"tokio",
@ -4943,7 +4937,7 @@ dependencies = [
"platform-tags",
"pypi-types",
"rayon",
"rustc-hash 2.0.0",
"rustc-hash",
"same-file",
"tempfile",
"thiserror",
@ -5064,7 +5058,7 @@ dependencies = [
"pep508_rs",
"pypi-types",
"requirements-txt",
"rustc-hash 2.0.0",
"rustc-hash",
"serde",
"thiserror",
"toml",
@ -5110,7 +5104,7 @@ dependencies = [
"pypi-types",
"requirements-txt",
"rkyv",
"rustc-hash 2.0.0",
"rustc-hash",
"same-file",
"schemars",
"serde",
@ -5236,7 +5230,7 @@ dependencies = [
"pep440_rs",
"pep508_rs",
"pypi-types",
"rustc-hash 2.0.0",
"rustc-hash",
"thiserror",
"url",
"uv-cache",
@ -5248,7 +5242,7 @@ dependencies = [
[[package]]
name = "uv-version"
version = "0.3.1"
version = "0.3.3"
[[package]]
name = "uv-virtualenv"
@ -5272,7 +5266,7 @@ version = "0.0.1"
dependencies = [
"anstream",
"owo-colors",
"rustc-hash 2.0.0",
"rustc-hash",
]
[[package]]
@ -5287,7 +5281,7 @@ dependencies = [
"pep508_rs",
"pypi-types",
"regex",
"rustc-hash 2.0.0",
"rustc-hash",
"schemars",
"serde",
"thiserror",

6
pkgs/by-name/uv/uv/package.nix
View File

@ -16,21 +16,21 @@
python3Packages.buildPythonApplication rec {
pname = "uv";
version = "0.3.1";
version = "0.3.3";
pyproject = true;
src = fetchFromGitHub {
owner = "astral-sh";
repo = "uv";
rev = "refs/tags/${version}";
hash = "sha256-mBkPoYbixrY+2dHLfkF0xJow5UIl/MNkC0dNc4ZNnlU=";
hash = "sha256-l/62nnHQaA0dOpGO5svQOQukYnFyTM+c080+/WdVXg4=";
};
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"async_zip-0.0.17" = "sha256-3k9rc4yHWhqsCUJ17K55F8aQoCKdVamrWAn6IDWo3Ss=";
"pubgrub-0.2.1" = "sha256-OVR4ioUSbraMZYglIGzBA0KQ+XZY0P0+fw68v8/e9sQ=";
"pubgrub-0.2.1" = "sha256-pU+F6hwqy+r6tz5OBoB6gU0+vdH6F3ikUaPrcvYRX2c=";
"reqwest-middleware-0.3.3" = "sha256-csQN7jZTifliSTsOm6YrjPVgsXBOfelY7LkHD1HkNGQ=";
};
};

4
pkgs/by-name/ya/yamlscript/package.nix
View File

@ -2,11 +2,11 @@
buildGraalvmNativeImage rec {
pname = "yamlscript";
version = "0.1.71";
version = "0.1.72";
src = fetchurl {
url = "https://github.com/yaml/yamlscript/releases/download/${version}/yamlscript.cli-${version}-standalone.jar";
hash = "sha256-ko34trxTZmEkh/rltHLeweUg0deH7yiN6ME5igJiHHY=";
hash = "sha256-Qp2/Bifh+KXUjpcW/Lct6nGBv50TUEOGTjVPkXGbD54=";
};
executable = "ys";

1
pkgs/development/libraries/ffmpeg/default.nix
View File

@ -6,6 +6,7 @@ let
callPackage ./generic.nix (
{
inherit (darwin.apple_sdk.frameworks)
Accelerate
AppKit
AudioToolbox
AVFoundation

3
pkgs/development/libraries/ffmpeg/generic.nix
View File

@ -328,6 +328,7 @@
/*
* Darwin frameworks
*/
, Accelerate
, AppKit
, AudioToolbox
, AVFoundation
@ -778,7 +779,7 @@ stdenv.mkDerivation (finalAttrs: {
++ optionals withQuirc [ quirc ]
++ optionals withRav1e [ rav1e ]
++ optionals withRtmp [ rtmpdump ]
++ optionals withRubberband [ rubberband ]
++ optionals withRubberband ([ rubberband ] ++ lib.optional stdenv.hostPlatform.isDarwin Accelerate)
++ optionals withSamba [ samba ]
++ optionals withSdl2 [ SDL2 ]
++ optionals withShaderc [ shaderc ]

4
pkgs/development/libraries/ngtcp2/gnutls.nix
View File

@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "ngtcp2";
version = "1.6.0";
version = "1.7.0";
src = fetchFromGitHub {
owner = "ngtcp2";
repo = "ngtcp2";
rev = "v${version}";
hash = "sha256-Oaz5LX4R0vriURueQNklZ1dx1r8SWDaeK8oaUadlGtI=";
hash = "sha256-7DesCT8swwk9E1ckYrj3mGsdx37HrJxd+svKpJRrhoI=";
};
outputs = [ "out" "dev" ];

4
pkgs/development/python-modules/aiomisc/default.nix
View File

@ -22,14 +22,14 @@
buildPythonPackage rec {
pname = "aiomisc";
version = "17.5.25";
version = "17.5.26";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-qxvisqvsDdhdFut9kvbmcjXAcTw7QpYruGk8zyQcg9M=";
hash = "sha256-78N8SBzgUB0Lnbj79r3jfhx6ZwlsP9Eq7gTIPkZSPzM=";
};
build-system = [ poetry-core ];

4
pkgs/development/python-modules/model-bakery/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "model-bakery";
version = "1.19.2";
version = "1.19.4";
pyproject = true;
disabled = pythonOlder "3.8";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "model-bakers";
repo = "model_bakery";
rev = "refs/tags/${version}";
hash = "sha256-Y1cv4AykDUkO5z1ejKuBphPGijnjpbgGcmwGBxeebcY=";
hash = "sha256-Jok5fQ8z9/v6n482yYA06ugC+4SSMuV7fmt1cdv3/dg=";
};
build-system = [ hatchling ];

8
pkgs/development/python-modules/reptor/default.nix
View File

@ -30,16 +30,16 @@
buildPythonPackage rec {
pname = "reptor";
version = "0.21";
version = "0.22";
pyproject = true;
disabled = pythonOlder "3.8";
disabled = pythonOlder "3.9";
src = fetchFromGitHub {
owner = "Syslifters";
repo = "reptor";
rev = "refs/tags/${version}";
hash = "sha256-XJCysRGCg5V3ftSsu611mS8btbdebs1EOPTp1Z/6PJ0=";
hash = "sha256-OAHhpVQIAT3+f/+Oo2MNcS+xP7KB/LVvXLpOyY1rumM=";
};
pythonRelaxDeps = true;
@ -98,10 +98,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Module to do automated pentest reporting with SysReptor";
mainProgram = "reptor";
homepage = "https://github.com/Syslifters/reptor";
changelog = "https://github.com/Syslifters/reptor/releases/tag/${version}";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
mainProgram = "reptor";
};
}

2
pkgs/development/python-modules/rich-rst/default.nix
View File

@ -35,6 +35,6 @@ buildPythonPackage rec {
description = "Beautiful reStructuredText renderer for rich";
homepage = "https://github.com/wasi-master/rich-rst";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
};
}

5
pkgs/development/python-modules/rich/default.nix
View File

@ -88,9 +88,6 @@ buildPythonPackage rec {
homepage = "https://github.com/Textualize/rich";
changelog = "https://github.com/Textualize/rich/blob/v${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [
ris
joelkoen
];
maintainers = with maintainers; [ ris ];
};
}

2
pkgs/development/python-modules/textual/default.nix
View File

@ -77,6 +77,6 @@ buildPythonPackage rec {
homepage = "https://github.com/Textualize/textual";
changelog = "https://github.com/Textualize/textual/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
};
}

15
pkgs/development/python-modules/towncrier/default.nix
View File

@ -17,24 +17,19 @@
buildPythonPackage rec {
pname = "towncrier";
version = "24.7.1";
version = "24.8.0";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
hash = "sha256-V6BX+u2ryt8aYvb5utcmrlZsHzGkETON24MWmT9YOz0=";
hash = "sha256-ATQj7n7tECsvOTwofSLZX2bxo+oQpLqoLSmAAafxivM=";
};
postPatch = ''
substituteInPlace pyproject.toml \
--replace "hatchling ~= 1.17.1" "hatchling"
'';
build-system = [ hatchling ];
nativeBuildInputs = [ hatchling ];
propagatedBuildInputs =
dependencies =
[
click
incremental
@ -58,10 +53,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Utility to produce useful, summarised news files";
mainProgram = "towncrier";
homepage = "https://github.com/twisted/towncrier/";
changelog = "https://github.com/twisted/towncrier/blob/${version}/NEWS.rst";
license = licenses.mit;
maintainers = [ ];
mainProgram = "towncrier";
};
}

2
pkgs/development/python-modules/whatthepatch/default.nix
View File

@ -32,6 +32,6 @@ buildPythonPackage rec {
homepage = "https://github.com/cscorley/whatthepatch";
changelog = "https://github.com/cscorley/whatthepatch/blob/${version}/HISTORY.md";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
};
}

4
pkgs/development/tools/mix2nix/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "mix2nix";
version = "0.1.9";
version = "0.2.0";
src = fetchFromGitHub {
owner = "ydlr";
repo = "mix2nix";
rev = version;
hash = "sha256-Wh3KFp1gNDOKOG/DZdftmgy/M+67ZGfdj6W3ETQpX/8=";
hash = "sha256-hD4lpP8GPkNXuMMDOOTEmy+rOwOSCxQwR0Mjq8i4oDM=";
};
nativeBuildInputs = [ elixir ];

4
pkgs/development/tools/turso-cli/default.nix
View File

@ -8,13 +8,13 @@
}:
buildGoModule rec {
pname = "turso-cli";
version = "0.96.3";
version = "0.97.0";
src = fetchFromGitHub {
owner = "tursodatabase";
repo = "turso-cli";
rev = "v${version}";
hash = "sha256-3noPhWS5Sh6KZs4u310HbNybL58yIcdM7jD0R+UvZ0s=";
hash = "sha256-m/0LfUs9oMWSjRPkVSPyHsFw8U1Fk2SXjqfOrLYsZlI=";
};
vendorHash = "sha256-c8dX60GPZSNMoCaF51jLWJK+aNDmw6TdzlBYS+vSuEY=";

2
pkgs/games/minecraft-servers/derivation.nix
View File

@ -34,6 +34,6 @@ stdenv.mkDerivation {
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.unfreeRedistributable;
platforms = platforms.unix;
maintainers = with maintainers; [ thoughtpolice tomberek costrouc joelkoen ];
maintainers = with maintainers; [ thoughtpolice tomberek costrouc ];
};
}

2
pkgs/games/purpur/default.nix
View File

@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
mainProgram = "minecraft-server";
};
}

2
pkgs/misc/rich-cli/default.nix
View File

@ -58,7 +58,7 @@ python3.pkgs.buildPythonApplication rec {
homepage = "https://github.com/Textualize/rich-cli";
changelog = "https://github.com/Textualize/rich-cli/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
mainProgram = "rich";
};
}

2
pkgs/tools/misc/apkeep/default.nix
View File

@ -39,7 +39,7 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/EFForg/apkeep";
changelog = "https://github.com/EFForg/apkeep/blob/${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
mainProgram = "apkeep";
};
}

2
pkgs/tools/misc/melody/default.nix
View File

@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec {
description = "Language that compiles to regular expressions";
homepage = "https://github.com/yoav-lavi/melody";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
mainProgram = "melody";
};
}

2
pkgs/tools/misc/octofetch/default.nix
View File

@ -29,7 +29,7 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/azur1s/octofetch";
description = "Github user information on terminal";
license = licenses.mit;
maintainers = with maintainers; [ joelkoen ];
maintainers = [ ];
mainProgram = "octofetch";
};
}

218
pkgs/tools/nix/nix-melt/0001-fix-build-for-rust-1.80.patch
View File

@ -1,17 +1,58 @@
From 472d60ff5d0f7e1cbfe4ec92cf7e985eefb68a92 Mon Sep 17 00:00:00 2001
From b85cef7cd9a3d7367c41b7deca8264652e88014a Mon Sep 17 00:00:00 2001
From: Bryan Lai <bryanlais@gmail.com>
Date: Wed, 14 Aug 2024 14:23:10 +0800
Date: Fri, 16 Aug 2024 20:14:28 +0800
Subject: [PATCH] deps: bump `time`, fix build for rust 1.80
With: cargo update time --recursive
Note that `cargo update` without the `--recursive` flag would be
executed "conservatively". Basically, `cargo update time` will try
its best to _not_ bump the dependencies of `time`. This restricts
the amount that `time` itself can be updated.
To really get the latest version, one has to add a `--recursive` flag.
Only by doing this can we ensure that time is updated to the latest
semver compatible version. In our case,
- without `--recursive`, time only gets updated to 0.3.26
- with `--recursive`, time gets updated to the latest 0.3.36,
with a couple of other dependencies updated
---
Cargo.lock | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
Cargo.lock | 84 +++++++++++++++++++++++++++++++++++-------------------
1 file changed, 55 insertions(+), 29 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 5bd0f35..dabe0d1 100644
index 5bd0f35..a7c7cf8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -372,6 +372,15 @@ dependencies = [
@@ -200,7 +200,7 @@ dependencies = [
"heck",
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.74",
]
[[package]]
@@ -317,7 +317,7 @@ dependencies = [
"proc-macro2",
"quote",
"scratch",
- "syn 2.0.15",
+ "syn 2.0.74",
]
[[package]]
@@ -334,7 +334,7 @@ checksum = "2345488264226bf682893e25de0769f3360aac9957980ec49361b083ddaa5bc5"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.74",
]
[[package]]
@@ -372,6 +372,16 @@ dependencies = [
"syn 1.0.109",
]
@ -21,46 +62,195 @@ index 5bd0f35..dabe0d1 100644
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
+dependencies = [
+ "powerfmt",
+ "serde",
+]
+
[[package]]
name = "errno"
version = "0.3.1"
@@ -1041,10 +1050,11 @@ dependencies = [
@@ -511,9 +521,9 @@ dependencies = [
[[package]]
name = "itoa"
-version = "1.0.6"
+version = "1.0.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
+checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
[[package]]
name = "js-sys"
@@ -532,9 +542,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "libc"
-version = "0.2.142"
+version = "0.2.156"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317"
+checksum = "a5f43f184355eefb8d17fc948dbecf6c13be3c141f20d834ae842193a448c72a"
[[package]]
name = "link-cplusplus"
@@ -618,6 +628,12 @@ dependencies = [
"time",
]
+[[package]]
+name = "num-conv"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+
[[package]]
name = "num-integer"
version = "0.1.45"
@@ -639,9 +655,9 @@ dependencies = [
[[package]]
name = "num_threads"
-version = "0.1.6"
+version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44"
+checksum = "5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9"
dependencies = [
"libc",
]
@@ -722,20 +738,26 @@ version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
+[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
[[package]]
name = "proc-macro2"
-version = "1.0.56"
+version = "1.0.86"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435"
+checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
-version = "1.0.26"
+version = "1.0.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
dependencies = [
"proc-macro2",
]
@@ -837,22 +859,22 @@ checksum = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1"
[[package]]
name = "serde"
-version = "1.0.160"
+version = "1.0.208"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c"
+checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
-version = "1.0.160"
+version = "1.0.208"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
+checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.74",
]
[[package]]
@@ -981,9 +1003,9 @@ dependencies = [
[[package]]
name = "syn"
-version = "2.0.15"
+version = "2.0.74"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822"
+checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7"
dependencies = [
"proc-macro2",
"quote",
@@ -1026,7 +1048,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.74",
]
[[package]]
@@ -1041,13 +1063,16 @@ dependencies = [
[[package]]
name = "time"
-version = "0.3.20"
+version = "0.3.26"
+version = "0.3.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890"
+checksum = "a79d09ac6b08c1ab3906a2f7cc2e81a0e27c7ae89c63812df75e52bef0751e07"
+checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
dependencies = [
+ "deranged",
"itoa",
"libc",
+ "num-conv",
"num_threads",
@@ -1055,15 +1065,15 @@ dependencies = [
+ "powerfmt",
"serde",
"time-core",
"time-macros",
@@ -1055,16 +1080,17 @@ dependencies = [
[[package]]
name = "time-core"
-version = "0.1.0"
+version = "0.1.1"
+version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd"
+checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
+checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
[[package]]
name = "time-macros"
-version = "0.2.8"
+version = "0.2.12"
+version = "0.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36"
+checksum = "75c65469ed6b3a4809d987a41eb1dc918e9bc1d92211cbad7ae82931846f7451"
+checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
dependencies = [
+ "num-conv",
"time-core",
]
@@ -1121,9 +1147,9 @@ dependencies = [
[[package]]
name = "unicode-ident"
-version = "1.0.8"
+version = "1.0.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
[[package]]
name = "unicode-segmentation"
--
2.45.2

2
pkgs/tools/nix/nix-melt/default.nix
View File

@ -19,7 +19,7 @@ rustPlatform.buildRustPackage rec {
./0001-fix-build-for-rust-1.80.patch
];
cargoHash = "sha256-SzBsSr8bpzhc0GIcTkm9LZgJ66LEBe3QA8I7NdaJ0T8=";
cargoHash = "sha256-oEZTBb9dwnZvByULtgCm17KbWc9hjURLB0KDkqRRCr0=";
nativeBuildInputs = [
installShellFiles

8
pkgs/tools/system/nsc/default.nix
View File

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "nsc";
version = "2.8.6";
version = "2.8.7";
src = fetchFromGitHub {
owner = "nats-io";
repo = pname;
rev = "v${version}";
hash = "sha256-t8THHXv1/u5qf0QcLQAu4fMMRiGJ+gG9Huu2NkfMIyQ=";
hash = "sha256-uJR4AdXGSL3vKUABpBBteND7EUocKz+mLRqt5XPdREk=";
};
ldflags = [
@ -23,7 +23,7 @@ buildGoModule rec {
"-X main.builtBy=nixpkgs"
];
vendorHash = "sha256-M/wM03SumQUAVmBM+oyQ0KpqyB741Zl5LuSmNnJ9bxg=";
vendorHash = "sha256-+XSG5vDEGUYlORF9a15QnE2pueU8GN+UF7w7EtRArG8=";
nativeBuildInputs = [ installShellFiles ];
@ -44,7 +44,7 @@ buildGoModule rec {
# the test strips table formatting from the command output in a naive way
# that removes all the table characters, including '-'.
# The nix build directory looks something like:
# /private/tmp/nix-build-nsc-2.8.6.drv-0/nsc_test2000598938/keys
# /private/tmp/nix-build-nsc-2.8.7.drv-0/nsc_test2000598938/keys
# Then the `-` are removed from the path unintentionally and the test fails.
# This should be fixed upstream to avoid mangling the path when
# removing the table decorations from the command output.

4
pkgs/tools/text/ugrep/default.nix
View File

@ -15,13 +15,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "ugrep";
version = "6.4.1";
version = "6.5.0";
src = fetchFromGitHub {
owner = "Genivia";
repo = "ugrep";
rev = "v${finalAttrs.version}";
hash = "sha256-0T/fX+ZzxfJD3CmoYLWSe3LE6B4HWkCC2bqXNwzUVpk=";
hash = "sha256-IG1HH/mducD6VyQHAvO2xHT+rMFAT1cqAO06TGeIFik=";
};
buildInputs = [

2
pkgs/top-level/all-packages.nix
View File

@ -22136,8 +22136,6 @@ with pkgs;
librttopo = callPackage ../development/libraries/librttopo { };
libs3 = callPackage ../development/libraries/libs3 { };
libschrift = callPackage ../development/libraries/libschrift { };
libsciter = callPackage ../development/libraries/libsciter { };