diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 349b6d2a9f3f..25802a260cff 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -9887,12 +9887,6 @@
githubId = 310981;
name = "Joel Burget";
};
- joelkoen = {
- email = "mail@joelkoen.com";
- github = "joelkoen";
- githubId = 122502655;
- name = "Joel Koen";
- };
joelmo = {
email = "joel.moberg@gmail.com";
github = "joelmo";
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
index 8cc7e2774fd6..dd86fab09a17 100644
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@@ -1,4 +1,10 @@
-{ config, lib, options, pkgs, ... }:
+{
+ config,
+ lib,
+ options,
+ pkgs,
+ ...
+}:
let
cfg = config.services.kanidm;
settingsFormat = pkgs.formats.toml { };
@@ -7,18 +13,29 @@ let
serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings);
clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings);
unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings);
- certPaths = builtins.map builtins.dirOf [ cfg.serverSettings.tls_chain cfg.serverSettings.tls_key ];
+ certPaths = builtins.map builtins.dirOf [
+ cfg.serverSettings.tls_chain
+ cfg.serverSettings.tls_key
+ ];
# Merge bind mount paths and remove paths where a prefix is already mounted.
# This makes sure that if e.g. the tls_chain is in the nix store and /nix/store is already in the mount
# paths, no new bind mount is added. Adding subpaths caused problems on ofborg.
- hasPrefixInList = list: newPath: lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list;
- mergePaths = lib.foldl' (merged: newPath: let
+ hasPrefixInList =
+ list: newPath:
+ lib.any (path: lib.hasPrefix (builtins.toString path) (builtins.toString newPath)) list;
+ mergePaths = lib.foldl' (
+ merged: newPath:
+ let
# If the new path is a prefix to some existing path, we need to filter it out
- filteredPaths = lib.filter (p: !lib.hasPrefix (builtins.toString newPath) (builtins.toString p)) merged;
+ filteredPaths = lib.filter (
+ p: !lib.hasPrefix (builtins.toString newPath) (builtins.toString p)
+ ) merged;
# If a prefix of the new path is already in the list, do not add it
filteredNew = lib.optional (!hasPrefixInList filteredPaths newPath) newPath;
- in filteredPaths ++ filteredNew) [];
+ in
+ filteredPaths ++ filteredNew
+ ) [ ];
defaultServiceConfig = {
BindReadOnlyPaths = [
@@ -28,7 +45,7 @@ let
"-/etc/hosts"
"-/etc/localtime"
];
- CapabilityBoundingSet = [];
+ CapabilityBoundingSet = [ ];
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
# Implies ProtectSystem=strict, which re-mounts all paths
@@ -57,12 +74,16 @@ let
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
- SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
+ SystemCallFilter = [
+ "@system-service"
+ "~@privileged @resources @setuid @keyring"
+ ];
# Does not work well with the temporary root
#UMask = "0066";
};
- mkPresentOption = what:
+ mkPresentOption =
+ what:
lib.mkOption {
description = "Whether to ensure that this ${what} is present or absent.";
type = lib.types.bool;
@@ -71,9 +92,9 @@ let
filterPresent = lib.filterAttrs (_: v: v.present);
- provisionStateJson = pkgs.writeText "provision-state.json" (builtins.toJSON {
- inherit (cfg.provision) groups persons systems;
- });
+ provisionStateJson = pkgs.writeText "provision-state.json" (
+ builtins.toJSON { inherit (cfg.provision) groups persons systems; }
+ );
# Only recover the admin account if a password should explicitly be provisioned
# for the account. Otherwise it is not needed for provisioning.
@@ -89,28 +110,30 @@ let
# Recover the idm_admin account. If a password should explicitly be provisioned
# for the account we set it, otherwise we generate a new one because it is required
# for provisioning.
- recoverIdmAdmin = if cfg.provision.idmAdminPasswordFile != null
- then ''
- KANIDM_IDM_ADMIN_PASSWORD=$(< ${cfg.provision.idmAdminPasswordFile})
- # We always reset the idm_admin account password if a desired password was specified.
- if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_IDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin --from-environment >/dev/null; then
- echo "Failed to recover idm_admin account" >&2
- exit 1
- fi
- ''
- else ''
- # Recover idm_admin account
- if ! recover_out=$(${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin -o json); then
- echo "$recover_out" >&2
- echo "kanidm provision: Failed to recover admin account" >&2
- exit 1
- fi
- if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${lib.getExe pkgs.jq} -r .password); then
- echo "$recover_out" >&2
- echo "kanidm provision: Failed to parse password for idm_admin account" >&2
- exit 1
- fi
- '';
+ recoverIdmAdmin =
+ if cfg.provision.idmAdminPasswordFile != null then
+ ''
+ KANIDM_IDM_ADMIN_PASSWORD=$(< ${cfg.provision.idmAdminPasswordFile})
+ # We always reset the idm_admin account password if a desired password was specified.
+ if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_IDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin --from-environment >/dev/null; then
+ echo "Failed to recover idm_admin account" >&2
+ exit 1
+ fi
+ ''
+ else
+ ''
+ # Recover idm_admin account
+ if ! recover_out=$(${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin -o json); then
+ echo "$recover_out" >&2
+ echo "kanidm provision: Failed to recover admin account" >&2
+ exit 1
+ fi
+ if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${lib.getExe pkgs.jq} -r .password); then
+ echo "$recover_out" >&2
+ echo "kanidm provision: Failed to parse password for idm_admin account" >&2
+ exit 1
+ fi
+ '';
postStartScript = pkgs.writeShellScript "post-start" ''
set -euo pipefail
@@ -142,14 +165,15 @@ let
serverPort =
# ipv6:
- if lib.hasInfix "]:" cfg.serverSettings.bindaddress
- then lib.last (lib.splitString "]:" cfg.serverSettings.bindaddress)
+ if lib.hasInfix "]:" cfg.serverSettings.bindaddress then
+ lib.last (lib.splitString "]:" cfg.serverSettings.bindaddress)
else
- # ipv4:
- if lib.hasInfix "." cfg.serverSettings.bindaddress
- then lib.last (lib.splitString ":" cfg.serverSettings.bindaddress)
- # default is 8443
- else "8443";
+ # ipv4:
+ if lib.hasInfix "." cfg.serverSettings.bindaddress then
+ lib.last (lib.splitString ":" cfg.serverSettings.bindaddress)
+ # default is 8443
+ else
+ "8443";
in
{
options.services.kanidm = {
@@ -157,7 +181,7 @@ in
enableServer = lib.mkEnableOption "the Kanidm server";
enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration";
- package = lib.mkPackageOption pkgs "kanidm" {};
+ package = lib.mkPackageOption pkgs "kanidm" { };
serverSettings = lib.mkOption {
type = lib.types.submodule {
@@ -213,12 +237,20 @@ in
log_level = lib.mkOption {
description = "Log level of the server.";
default = "info";
- type = lib.types.enum [ "info" "debug" "trace" ];
+ type = lib.types.enum [
+ "info"
+ "debug"
+ "trace"
+ ];
};
role = lib.mkOption {
description = "The role of this server. This affects the replication relationship and thereby available features.";
default = "WriteReplica";
- type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ];
+ type = lib.types.enum [
+ "WriteReplica"
+ "WriteReplicaNoUI"
+ "ReadOnlyReplica"
+ ];
};
online_backup = {
path = lib.mkOption {
@@ -347,218 +379,248 @@ in
groups = lib.mkOption {
description = "Provisioning of kanidm groups";
- default = {};
- type = lib.types.attrsOf (lib.types.submodule (groupSubmod: {
- options = {
- present = mkPresentOption "group";
+ default = { };
+ type = lib.types.attrsOf (
+ lib.types.submodule (groupSubmod: {
+ options = {
+ present = mkPresentOption "group";
- members = lib.mkOption {
- description = "List of kanidm entities (persons, groups, ...) which are part of this group.";
- type = lib.types.listOf lib.types.str;
- apply = lib.unique;
- default = [];
+ members = lib.mkOption {
+ description = "List of kanidm entities (persons, groups, ...) which are part of this group.";
+ type = lib.types.listOf lib.types.str;
+ apply = lib.unique;
+ default = [ ];
+ };
};
- };
- config.members = lib.concatLists (lib.flip lib.mapAttrsToList cfg.provision.persons (person: personCfg:
- lib.optional (personCfg.present && builtins.elem groupSubmod.config._module.args.name personCfg.groups) person
- ));
- }));
+ config.members = lib.concatLists (
+ lib.flip lib.mapAttrsToList cfg.provision.persons (
+ person: personCfg:
+ lib.optional (
+ personCfg.present && builtins.elem groupSubmod.config._module.args.name personCfg.groups
+ ) person
+ )
+ );
+ })
+ );
};
persons = lib.mkOption {
description = "Provisioning of kanidm persons";
- default = {};
- type = lib.types.attrsOf (lib.types.submodule {
- options = {
- present = mkPresentOption "person";
+ default = { };
+ type = lib.types.attrsOf (
+ lib.types.submodule {
+ options = {
+ present = mkPresentOption "person";
- displayName = lib.mkOption {
- description = "Display name";
- type = lib.types.str;
- example = "My User";
- };
+ displayName = lib.mkOption {
+ description = "Display name";
+ type = lib.types.str;
+ example = "My User";
+ };
- legalName = lib.mkOption {
- description = "Full legal name";
- type = lib.types.nullOr lib.types.str;
- example = "Jane Doe";
- default = null;
- };
+ legalName = lib.mkOption {
+ description = "Full legal name";
+ type = lib.types.nullOr lib.types.str;
+ example = "Jane Doe";
+ default = null;
+ };
- mailAddresses = lib.mkOption {
- description = "Mail addresses. First given address is considered the primary address.";
- type = lib.types.listOf lib.types.str;
- example = ["jane.doe@example.com"];
- default = [];
- };
+ mailAddresses = lib.mkOption {
+ description = "Mail addresses. First given address is considered the primary address.";
+ type = lib.types.listOf lib.types.str;
+ example = [ "jane.doe@example.com" ];
+ default = [ ];
+ };
- groups = lib.mkOption {
- description = "List of groups this person should belong to.";
- type = lib.types.listOf lib.types.str;
- apply = lib.unique;
- default = [];
+ groups = lib.mkOption {
+ description = "List of groups this person should belong to.";
+ type = lib.types.listOf lib.types.str;
+ apply = lib.unique;
+ default = [ ];
+ };
};
- };
- });
+ }
+ );
};
systems.oauth2 = lib.mkOption {
description = "Provisioning of oauth2 resource servers";
- default = {};
- type = lib.types.attrsOf (lib.types.submodule {
- options = {
- present = mkPresentOption "oauth2 resource server";
+ default = { };
+ type = lib.types.attrsOf (
+ lib.types.submodule {
+ options = {
+ present = mkPresentOption "oauth2 resource server";
- public = lib.mkOption {
- description = "Whether this is a public client (enforces PKCE, doesn't use a basic secret)";
- type = lib.types.bool;
- default = false;
+ public = lib.mkOption {
+ description = "Whether this is a public client (enforces PKCE, doesn't use a basic secret)";
+ type = lib.types.bool;
+ default = false;
+ };
+
+ displayName = lib.mkOption {
+ description = "Display name";
+ type = lib.types.str;
+ example = "Some Service";
+ };
+
+ originUrl = lib.mkOption {
+ description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
+ type =
+ let
+ originStrType = lib.types.strMatching ".*://.*/$";
+ in
+ lib.types.either originStrType (lib.types.nonEmptyListOf originStrType);
+ example = "https://someservice.example.com/";
+ };
+
+ originLanding = lib.mkOption {
+ description = "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.";
+ type = lib.types.str;
+ example = "https://someservice.example.com/home";
+ };
+
+ basicSecretFile = lib.mkOption {
+ description = ''
+ The basic secret to use for this service. If null, the random secret generated
+ by kanidm will not be touched. Do NOT use a path from the nix store here!
+ '';
+ type = lib.types.nullOr lib.types.path;
+ example = "/run/secrets/some-oauth2-basic-secret";
+ default = null;
+ };
+
+ enableLocalhostRedirects = lib.mkOption {
+ description = "Allow localhost redirects. Only for public clients.";
+ type = lib.types.bool;
+ default = false;
+ };
+
+ enableLegacyCrypto = lib.mkOption {
+ description = "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256.";
+ type = lib.types.bool;
+ default = false;
+ };
+
+ allowInsecureClientDisablePkce = lib.mkOption {
+ description = ''
+ Disable PKCE on this oauth2 resource server to work around insecure clients
+ that may not support it. You should request the client to enable PKCE!
+ Only for non-public clients.
+ '';
+ type = lib.types.bool;
+ default = false;
+ };
+
+ preferShortUsername = lib.mkOption {
+ description = "Use 'name' instead of 'spn' in the preferred_username claim";
+ type = lib.types.bool;
+ default = false;
+ };
+
+ scopeMaps = lib.mkOption {
+ description = ''
+ Maps kanidm groups to returned oauth scopes.
+ See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
+ '';
+ type = lib.types.attrsOf (lib.types.listOf lib.types.str);
+ default = { };
+ };
+
+ supplementaryScopeMaps = lib.mkOption {
+ description = ''
+ Maps kanidm groups to additionally returned oauth scopes.
+ See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
+ '';
+ type = lib.types.attrsOf (lib.types.listOf lib.types.str);
+ default = { };
+ };
+
+ removeOrphanedClaimMaps = lib.mkOption {
+ description = "Whether claim maps not specified here but present in kanidm should be removed from kanidm.";
+ type = lib.types.bool;
+ default = true;
+ };
+
+ claimMaps = lib.mkOption {
+ description = ''
+ Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to.
+ See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
+ '';
+ default = { };
+ type = lib.types.attrsOf (
+ lib.types.submodule {
+ options = {
+ joinType = lib.mkOption {
+ description = ''
+ Determines how multiple values are joined to create the claim value.
+ See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
+ '';
+ type = lib.types.enum [
+ "array"
+ "csv"
+ "ssv"
+ ];
+ default = "array";
+ };
+
+ valuesByGroup = lib.mkOption {
+ description = "Maps kanidm groups to values for the claim.";
+ default = { };
+ type = lib.types.attrsOf (lib.types.listOf lib.types.str);
+ };
+ };
+ }
+ );
+ };
};
-
- displayName = lib.mkOption {
- description = "Display name";
- type = lib.types.str;
- example = "Some Service";
- };
-
- originUrl = lib.mkOption {
- description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
- type = lib.types.strMatching ".*://.*/$";
- example = "https://someservice.example.com/";
- };
-
- originLanding = lib.mkOption {
- description = "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.";
- type = lib.types.str;
- example = "https://someservice.example.com/home";
- };
-
- basicSecretFile = lib.mkOption {
- description = ''
- The basic secret to use for this service. If null, the random secret generated
- by kanidm will not be touched. Do NOT use a path from the nix store here!
- '';
- type = lib.types.nullOr lib.types.path;
- example = "/run/secrets/some-oauth2-basic-secret";
- default = null;
- };
-
- enableLocalhostRedirects = lib.mkOption {
- description = "Allow localhost redirects. Only for public clients.";
- type = lib.types.bool;
- default = false;
- };
-
- enableLegacyCrypto = lib.mkOption {
- description = "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256.";
- type = lib.types.bool;
- default = false;
- };
-
- allowInsecureClientDisablePkce = lib.mkOption {
- description = ''
- Disable PKCE on this oauth2 resource server to work around insecure clients
- that may not support it. You should request the client to enable PKCE!
- Only for non-public clients.
- '';
- type = lib.types.bool;
- default = false;
- };
-
- preferShortUsername = lib.mkOption {
- description = "Use 'name' instead of 'spn' in the preferred_username claim";
- type = lib.types.bool;
- default = false;
- };
-
- scopeMaps = lib.mkOption {
- description = ''
- Maps kanidm groups to returned oauth scopes.
- See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
- '';
- type = lib.types.attrsOf (lib.types.listOf lib.types.str);
- default = {};
- };
-
- supplementaryScopeMaps = lib.mkOption {
- description = ''
- Maps kanidm groups to additionally returned oauth scopes.
- See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
- '';
- type = lib.types.attrsOf (lib.types.listOf lib.types.str);
- default = {};
- };
-
- removeOrphanedClaimMaps = lib.mkOption {
- description = "Whether claim maps not specified here but present in kanidm should be removed from kanidm.";
- type = lib.types.bool;
- default = true;
- };
-
- claimMaps = lib.mkOption {
- description = ''
- Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to.
- See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
- '';
- default = {};
- type = lib.types.attrsOf (lib.types.submodule {
- options = {
- joinType = lib.mkOption {
- description = ''
- Determines how multiple values are joined to create the claim value.
- See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
- '';
- type = lib.types.enum ["array" "csv" "ssv"];
- default = "array";
- };
-
- valuesByGroup = lib.mkOption {
- description = "Maps kanidm groups to values for the claim.";
- default = {};
- type = lib.types.attrsOf (lib.types.listOf lib.types.str);
- };
- };
- });
- };
- };
- });
+ }
+ );
};
};
};
config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {
- assertions = let
- entityList = type: attrs: lib.flip lib.mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; });
- entities =
- entityList "group" cfg.provision.groups
- ++ entityList "person" cfg.provision.persons
- ++ entityList "oauth2" cfg.provision.systems.oauth2;
+ assertions =
+ let
+ entityList =
+ type: attrs: lib.flip lib.mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; });
+ entities =
+ entityList "group" cfg.provision.groups
+ ++ entityList "person" cfg.provision.persons
+ ++ entityList "oauth2" cfg.provision.systems.oauth2;
- # Accumulate entities by name. Track corresponding entity types for later duplicate check.
- entitiesByName = lib.foldl' (acc: { type, name }:
- acc // {
- ${name} = (acc.${name} or []) ++ [type];
- }
- ) {} entities;
+ # Accumulate entities by name. Track corresponding entity types for later duplicate check.
+ entitiesByName = lib.foldl' (
+ acc: { type, name }: acc // { ${name} = (acc.${name} or [ ]) ++ [ type ]; }
+ ) { } entities;
- assertGroupsKnown = opt: groups: let
- knownGroups = lib.attrNames (filterPresent cfg.provision.groups);
- unknownGroups = lib.subtractLists knownGroups groups;
- in {
- assertion = (cfg.enableServer && cfg.provision.enable) -> unknownGroups == [];
- message = "${opt} refers to unknown groups: ${toString unknownGroups}";
- };
+ assertGroupsKnown =
+ opt: groups:
+ let
+ knownGroups = lib.attrNames (filterPresent cfg.provision.groups);
+ unknownGroups = lib.subtractLists knownGroups groups;
+ in
+ {
+ assertion = (cfg.enableServer && cfg.provision.enable) -> unknownGroups == [ ];
+ message = "${opt} refers to unknown groups: ${toString unknownGroups}";
+ };
- assertEntitiesKnown = opt: entities: let
- unknownEntities = lib.subtractLists (lib.attrNames entitiesByName) entities;
- in {
- assertion = (cfg.enableServer && cfg.provision.enable) -> unknownEntities == [];
- message = "${opt} refers to unknown entities: ${toString unknownEntities}";
- };
- in
+ assertEntitiesKnown =
+ opt: entities:
+ let
+ unknownEntities = lib.subtractLists (lib.attrNames entitiesByName) entities;
+ in
+ {
+ assertion = (cfg.enableServer && cfg.provision.enable) -> unknownEntities == [ ];
+ message = "${opt} refers to unknown entities: ${toString unknownEntities}";
+ };
+ in
[
{
- assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain);
+ assertion =
+ !cfg.enableServer
+ || ((cfg.serverSettings.tls_chain or null) == null)
+ || (!lib.isStorePath cfg.serverSettings.tls_chain);
message = ''
points to
a file in the Nix store. You should use a quoted absolute path to
@@ -566,7 +628,10 @@ in
'';
}
{
- assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_key);
+ assertion =
+ !cfg.enableServer
+ || ((cfg.serverSettings.tls_key or null) == null)
+ || (!lib.isStorePath cfg.serverSettings.tls_key);
message = ''
points to
a file in the Nix store. You should use a quoted absolute path to
@@ -588,8 +653,12 @@ in
'';
}
{
- assertion = !cfg.enableServer || (cfg.serverSettings.domain == null
- -> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI");
+ assertion =
+ !cfg.enableServer
+ || (
+ cfg.serverSettings.domain == null
+ -> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI"
+ );
message = ''
can only be set if this instance
is not a ReadOnlyReplica. Otherwise the db would inherit it from
@@ -602,63 +671,96 @@ in
}
# If any secret is provisioned, the kanidm package must have some required patches applied to it
{
- assertion = (cfg.provision.enable &&
- (cfg.provision.adminPasswordFile != null
- || cfg.provision.idmAdminPasswordFile != null
- || lib.any (x: x.basicSecretFile != null) (lib.attrValues (filterPresent cfg.provision.systems.oauth2))
- )) -> cfg.package.enableSecretProvisioning;
+ assertion =
+ (
+ cfg.provision.enable
+ && (
+ cfg.provision.adminPasswordFile != null
+ || cfg.provision.idmAdminPasswordFile != null
+ || lib.any (x: x.basicSecretFile != null) (
+ lib.attrValues (filterPresent cfg.provision.systems.oauth2)
+ )
+ )
+ )
+ -> cfg.package.enableSecretProvisioning;
message = ''
Specifying an admin account password or oauth2 basicSecretFile requires kanidm to be built with the secret provisioning patches.
You may want to set `services.kanidm.package = pkgs.kanidm.withSecretProvisioning;`.
'';
}
# Entity names must be globally unique:
- (let
- # Filter all names that occurred in more than one entity type.
- duplicateNames = lib.filterAttrs (_: v: builtins.length v > 1) entitiesByName;
- in {
- assertion = cfg.provision.enable -> duplicateNames == {};
- message = ''
- services.kanidm.provision requires all entity names (group, person, oauth2, ...) to be unique!
- ${lib.concatLines (lib.mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames)}'';
- })
+ (
+ let
+ # Filter all names that occurred in more than one entity type.
+ duplicateNames = lib.filterAttrs (_: v: builtins.length v > 1) entitiesByName;
+ in
+ {
+ assertion = cfg.provision.enable -> duplicateNames == { };
+ message = ''
+ services.kanidm.provision requires all entity names (group, person, oauth2, ...) to be unique!
+ ${lib.concatLines (
+ lib.mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames
+ )}'';
+ }
+ )
]
- ++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.persons) (person: personCfg:
+ ++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.persons) (
+ person: personCfg:
assertGroupsKnown "services.kanidm.provision.persons.${person}.groups" personCfg.groups
)
- ++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.groups) (group: groupCfg:
+ ++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.groups) (
+ group: groupCfg:
assertEntitiesKnown "services.kanidm.provision.groups.${group}.members" groupCfg.members
)
- ++ lib.concatLists (lib.flip lib.mapAttrsToList (filterPresent cfg.provision.systems.oauth2) (
- oauth2: oauth2Cfg:
+ ++ lib.concatLists (
+ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.systems.oauth2) (
+ oauth2: oauth2Cfg:
[
- (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.scopeMaps" (lib.attrNames oauth2Cfg.scopeMaps))
- (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.supplementaryScopeMaps" (lib.attrNames oauth2Cfg.supplementaryScopeMaps))
+ (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.scopeMaps" (
+ lib.attrNames oauth2Cfg.scopeMaps
+ ))
+ (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.supplementaryScopeMaps" (
+ lib.attrNames oauth2Cfg.supplementaryScopeMaps
+ ))
]
- ++ lib.concatLists (lib.flip lib.mapAttrsToList oauth2Cfg.claimMaps (claim: claimCfg: [
- (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim}.valuesByGroup" (lib.attrNames claimCfg.valuesByGroup))
- # At least one group must map to a value in each claim map
- {
- assertion = (cfg.provision.enable && cfg.enableServer) -> lib.any (xs: xs != []) (lib.attrValues claimCfg.valuesByGroup);
- message = "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim} does not specify any values for any group";
- }
- # Public clients cannot define a basic secret
- {
- assertion = (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> oauth2Cfg.basicSecretFile == null;
- message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot specify a basic secret";
- }
- # Public clients cannot disable PKCE
- {
- assertion = (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> !oauth2Cfg.allowInsecureClientDisablePkce;
- message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot disable PKCE";
- }
- # Non-public clients cannot enable localhost redirects
- {
- assertion = (cfg.provision.enable && cfg.enableServer && !oauth2Cfg.public) -> !oauth2Cfg.enableLocalhostRedirects;
- message = "services.kanidm.provision.systems.oauth2.${oauth2} is a non-public client and thus cannot enable localhost redirects";
- }
- ]))
- ));
+ ++ lib.concatLists (
+ lib.flip lib.mapAttrsToList oauth2Cfg.claimMaps (
+ claim: claimCfg: [
+ (assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim}.valuesByGroup" (
+ lib.attrNames claimCfg.valuesByGroup
+ ))
+ # At least one group must map to a value in each claim map
+ {
+ assertion =
+ (cfg.provision.enable && cfg.enableServer)
+ -> lib.any (xs: xs != [ ]) (lib.attrValues claimCfg.valuesByGroup);
+ message = "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim} does not specify any values for any group";
+ }
+ # Public clients cannot define a basic secret
+ {
+ assertion =
+ (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> oauth2Cfg.basicSecretFile == null;
+ message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot specify a basic secret";
+ }
+ # Public clients cannot disable PKCE
+ {
+ assertion =
+ (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public)
+ -> !oauth2Cfg.allowInsecureClientDisablePkce;
+ message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot disable PKCE";
+ }
+ # Non-public clients cannot enable localhost redirects
+ {
+ assertion =
+ (cfg.provision.enable && cfg.enableServer && !oauth2Cfg.public)
+ -> !oauth2Cfg.enableLocalhostRedirects;
+ message = "services.kanidm.provision.systems.oauth2.${oauth2} is a non-public client and thus cannot enable localhost redirects";
+ }
+ ]
+ )
+ )
+ )
+ );
environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];
@@ -676,9 +778,12 @@ in
after = [ "network.target" ];
serviceConfig = lib.mkMerge [
# Merge paths and ignore existing prefixes needs to sidestep mkMerge
- (defaultServiceConfig // {
- BindReadOnlyPaths = mergePaths (defaultServiceConfig.BindReadOnlyPaths ++ certPaths);
- })
+ (
+ defaultServiceConfig
+ // {
+ BindReadOnlyPaths = mergePaths (defaultServiceConfig.BindReadOnlyPaths ++ certPaths);
+ }
+ )
{
StateDirectory = "kanidm";
StateDirectoryMode = "0700";
@@ -701,7 +806,11 @@ in
PrivateUsers = lib.mkForce false;
# Port needs to be exposed to the host network
PrivateNetwork = lib.mkForce false;
- RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+ RestrictAddressFamilies = [
+ "AF_INET"
+ "AF_INET6"
+ "AF_UNIX"
+ ];
TemporaryFileSystem = "/:ro";
}
];
@@ -712,7 +821,10 @@ in
description = "Kanidm PAM daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
- restartTriggers = [ unixConfigFile clientConfigFile ];
+ restartTriggers = [
+ unixConfigFile
+ clientConfigFile
+ ];
serviceConfig = lib.mkMerge [
defaultServiceConfig
{
@@ -737,7 +849,11 @@ in
];
# Needs to connect to kanidmd
PrivateNetwork = lib.mkForce false;
- RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+ RestrictAddressFamilies = [
+ "AF_INET"
+ "AF_INET6"
+ "AF_UNIX"
+ ];
TemporaryFileSystem = "/:ro";
}
];
@@ -747,9 +863,15 @@ in
systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam {
description = "Kanidm PAM home management daemon";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "kanidm-unixd.service" ];
+ after = [
+ "network.target"
+ "kanidm-unixd.service"
+ ];
partOf = [ "kanidm-unixd.service" ];
- restartTriggers = [ unixConfigFile clientConfigFile ];
+ restartTriggers = [
+ unixConfigFile
+ clientConfigFile
+ ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/kanidm_unixd_tasks";
@@ -769,7 +891,12 @@ in
"/run/kanidm-unixd:/var/run/kanidm-unixd"
];
# CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket
- CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH" ];
+ CapabilityBoundingSet = [
+ "CAP_CHOWN"
+ "CAP_FOWNER"
+ "CAP_DAC_OVERRIDE"
+ "CAP_DAC_READ_SEARCH"
+ ];
IPAddressDeny = "any";
# Need access to users
PrivateUsers = false;
@@ -784,15 +911,11 @@ in
# These paths are hardcoded
environment.etc = lib.mkMerge [
- (lib.mkIf cfg.enableServer {
- "kanidm/server.toml".source = serverConfigFile;
- })
+ (lib.mkIf cfg.enableServer { "kanidm/server.toml".source = serverConfigFile; })
(lib.mkIf options.services.kanidm.clientSettings.isDefined {
"kanidm/config".source = clientConfigFile;
})
- (lib.mkIf cfg.enablePam {
- "kanidm/unixd".source = unixConfigFile;
- })
+ (lib.mkIf cfg.enablePam { "kanidm/unixd".source = unixConfigFile; })
];
system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ];
@@ -801,12 +924,8 @@ in
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
users.groups = lib.mkMerge [
- (lib.mkIf cfg.enableServer {
- kanidm = { };
- })
- (lib.mkIf cfg.enablePam {
- kanidm-unixd = { };
- })
+ (lib.mkIf cfg.enableServer { kanidm = { }; })
+ (lib.mkIf cfg.enablePam { kanidm-unixd = { }; })
];
users.users = lib.mkMerge [
(lib.mkIf cfg.enableServer {
@@ -827,6 +946,10 @@ in
];
};
- meta.maintainers = with lib.maintainers; [ erictapen Flakebi oddlama ];
+ meta.maintainers = with lib.maintainers; [
+ erictapen
+ Flakebi
+ oddlama
+ ];
meta.buildDocsInSandbox = false;
}
diff --git a/nixos/tests/kanidm-provisioning.nix b/nixos/tests/kanidm-provisioning.nix
index 3bfdce6c912c..27176c2086fe 100644
--- a/nixos/tests/kanidm-provisioning.nix
+++ b/nixos/tests/kanidm-provisioning.nix
@@ -158,7 +158,11 @@ import ./make-test-python.nix (
groups.service1-admin = { };
systems.oauth2.service1 = {
displayName = "Service One (changed)";
- originUrl = "https://changed-one.example.com/";
+ # multiple origin urls
+ originUrl = [
+ "https://changed-one.example.com/"
+ "https://changed-one.example.org/"
+ ];
originLanding = "https://changed-one.example.com/landing-changed";
basicSecretFile = pkgs.writeText "bs-service1" "changed-very-strong-secret-for-service1";
scopeMaps.service1-access = [
@@ -405,6 +409,7 @@ import ./make-test-python.nix (
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
+ assert_contains(out, "oauth2_rs_origin: https://changed-one.example.org/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_matches(out, 'oauth2_rs_scope_map: service1-access.*{"email", "openid"}')
assert_matches(out, 'oauth2_rs_sup_scope_map: service1-admin.*{"adminchanged"}')
@@ -460,6 +465,7 @@ import ./make-test-python.nix (
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
+ assert_lacks(out, "oauth2_rs_origin: https://changed-one.example.org/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_lacks(out, "oauth2_rs_scope_map")
assert_lacks(out, "oauth2_rs_sup_scope_map")
diff --git a/pkgs/applications/blockchains/trezor-suite/default.nix b/pkgs/applications/blockchains/trezor-suite/default.nix
index 976c52288059..dae20c379d91 100644
--- a/pkgs/applications/blockchains/trezor-suite/default.nix
+++ b/pkgs/applications/blockchains/trezor-suite/default.nix
@@ -8,7 +8,7 @@
let
pname = "trezor-suite";
- version = "24.7.2";
+ version = "24.8.3";
suffix = {
aarch64-linux = "linux-arm64";
@@ -18,8 +18,8 @@ let
src = fetchurl {
url = "https://github.com/trezor/trezor-suite/releases/download/v${version}/Trezor-Suite-${version}-${suffix}.AppImage";
hash = { # curl -Lfs https://github.com/trezor/trezor-suite/releases/download/v${version}/latest-linux{-arm64,}.yml | grep ^sha512 | sed 's/: /-/'
- aarch64-linux = "sha512-RYkRav7U7WUbZuSvwuWf+IvKgkpUYrclW5vzINcVp/Wzqj3Brl0Cb1fC4dFe7c/UyE/K1oQ4++zd2dHJu6gxEQ==";
- x86_64-linux = "sha512-WmdH3IC+9tbSLtQirmawi6vgtR7GoFceN2FdZ94rGtCkrvhi9STz5RHfZAljyQfRZ9Xx+DlTChZrsWA6DNqBpg==";
+ aarch64-linux = "sha512-od/OmYbPd3mmmyz131nQCVrhuSMU9znV8REHwbJLWVRoATMc21LSwCuAGZGRE1ijowJ1DI+TkLiLEq9rLldRmw=";
+ x86_64-linux = "sha512-IeEbscMGGaCaDQbNqmHYiKqdVm/QfyNDludiLWpcfnbN7udcxWIQG6tB9C9UY2BrimyNFvZgq1z9mZMfGScEYQ==";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};
diff --git a/pkgs/applications/misc/azuredatastudio/default.nix b/pkgs/applications/misc/azuredatastudio/default.nix
index a72e2a390e1a..86d50c030e17 100644
--- a/pkgs/applications/misc/azuredatastudio/default.nix
+++ b/pkgs/applications/misc/azuredatastudio/default.nix
@@ -72,14 +72,19 @@ in
stdenv.mkDerivation rec {
pname = "azuredatastudio";
- version = "1.48.1";
+ version = "1.49.1";
desktopItems = [ desktopItem urlHandlerDesktopItem ];
src = fetchurl {
name = "${pname}-${version}.tar.gz";
- url = "https://azuredatastudio-update.azurewebsites.net/${version}/linux-x64/stable";
- sha256 = "sha256-JDNdMy0Wk6v2pMKS+NzSbsrffaEG2IneZO+K9pBFX48=";
+
+ # Url can be found at: https://github.com/microsoft/azuredatastudio/releases
+ # In the downloads table for Linux .tar.gz
+ # This will give a go.microsoft redirect link, I think it's better to use the direct link to which the redirect points.
+ # You can do so by using curl: curl -I
+ url = "https://download.microsoft.com/download/7/8/3/783c2037-8607-43c4-a593-0936e965d38b/azuredatastudio-linux-1.49.1.tar.gz";
+ sha256 = "sha256-0LCrRUTTe8UEDgtGLvxVQL8pA5dwA6SvZEZSDILr7jo=";
};
nativeBuildInputs = [
@@ -122,7 +127,7 @@ stdenv.mkDerivation rec {
];
# this will most likely need to be updated when azuredatastudio's version changes
- sqltoolsservicePath = "${targetPath}/resources/app/extensions/mssql/sqltoolsservice/Linux/4.11.1.1";
+ sqltoolsservicePath = "${targetPath}/resources/app/extensions/mssql/sqltoolsservice/Linux/5.0.20240724.1";
rpath = lib.concatStringsSep ":" [
(lib.makeLibraryPath [
diff --git a/pkgs/applications/misc/coursera-dl/default.nix b/pkgs/applications/misc/coursera-dl/default.nix
index 67848ea9354e..63aaf33f7f42 100644
--- a/pkgs/applications/misc/coursera-dl/default.nix
+++ b/pkgs/applications/misc/coursera-dl/default.nix
@@ -1,15 +1,15 @@
-{ lib
-, fetchFromGitHub
-, fetchpatch
-, glibcLocales
-, pandoc
-, python3
+{
+ fetchFromGitHub,
+ fetchpatch,
+ lib,
+ pandoc,
+ python3,
}:
python3.pkgs.buildPythonApplication rec {
pname = "coursera-dl";
version = "0.11.5";
- format = "setuptools";
+ pyproject = true;
src = fetchFromGitHub {
owner = "coursera-dl";
@@ -35,27 +35,17 @@ python3.pkgs.buildPythonApplication rec {
})
];
- postPatch = ''
- substituteInPlace requirements.txt \
- --replace '==' '>='
- '';
+ build-system = with python3.pkgs; [ setuptools ];
- preConfigure = ''
- export LC_ALL=en_US.utf-8
- '';
+ nativeBuildInputs = [ pandoc ];
- nativeBuildInputs = with python3.pkgs; [
- pandoc
- ];
+ pythonRelaxDeps = true;
- buildInputs = with python3.pkgs; [
- glibcLocales
- ];
-
- propagatedBuildInputs = with python3.pkgs; [
+ dependencies = with python3.pkgs; [
attrs
beautifulsoup4
configargparse
+ distutils
keyring
pyasn1
requests
@@ -77,7 +67,7 @@ python3.pkgs.buildPythonApplication rec {
description = "CLI for downloading Coursera.org videos and naming them";
mainProgram = "coursera-dl";
homepage = "https://github.com/coursera-dl/coursera-dl";
- changelog = "https://github.com/coursera-dl/coursera-dl/blob/0.11.5/CHANGELOG.md";
+ changelog = "https://github.com/coursera-dl/coursera-dl/blob/${src.rev}/CHANGELOG.md";
license = licenses.lgpl3Plus;
maintainers = with maintainers; [ alexfmpe ];
platforms = platforms.darwin ++ platforms.linux;
diff --git a/pkgs/applications/misc/nwg-dock-hyprland/default.nix b/pkgs/applications/misc/nwg-dock-hyprland/default.nix
index dd775db16332..34bbf45e8ebd 100644
--- a/pkgs/applications/misc/nwg-dock-hyprland/default.nix
+++ b/pkgs/applications/misc/nwg-dock-hyprland/default.nix
@@ -8,13 +8,13 @@
buildGoModule rec {
pname = "nwg-dock-hyprland";
- version = "0.2.1";
+ version = "0.2.2";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-dock-hyprland";
rev = "v${version}";
- hash = "sha256-rR0UkRKdIHcrLd4IpBUGxd6toPlohJfbvCBG/GkuQnY=";
+ hash = "sha256-iamDOQcQJRdFVnwffWPIXHlY0J4orfrEbfLzaoeV+KM=";
};
vendorHash = "sha256-cZ5w7B8bi0faOVWoQ6eeW5ejCZJgnNB91DQalC75mPo=";
diff --git a/pkgs/applications/misc/skate/default.nix b/pkgs/applications/misc/skate/default.nix
index 6ea198adc033..af420e27e21a 100644
--- a/pkgs/applications/misc/skate/default.nix
+++ b/pkgs/applications/misc/skate/default.nix
@@ -2,17 +2,17 @@
buildGoModule rec {
pname = "skate";
- version = "0.2.2";
+ version = "1.0.0";
src = fetchFromGitHub {
owner = "charmbracelet";
repo = "skate";
rev = "v${version}";
- hash = "sha256-Kum8IdgvRC75RLafCac0fkNn/VKvWFW48IK5tqLH/ME=";
+ hash = "sha256-HwtBY4rtqyY+DMNq2Fu30/CsTlhhGOuJRrdM5zHUAIg=";
};
proxyVendor = true;
- vendorHash = "sha256-/qZB/GGEkoqRoNhEmZw9Q2lsUPZRg5/xVxWgdBZTMLk=";
+ vendorHash = "sha256-nCT9PsRPxefjC4q4cr5UigTITUkx0JmQtdv7/ZXbXVI=";
ldflags = [ "-s" "-w" "-X=main.Version=${version}" ];
diff --git a/pkgs/applications/networking/cluster/kubeshark/default.nix b/pkgs/applications/networking/cluster/kubeshark/default.nix
index 42ead265b6ac..d5e4a9d4ca7e 100644
--- a/pkgs/applications/networking/cluster/kubeshark/default.nix
+++ b/pkgs/applications/networking/cluster/kubeshark/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubeshark";
- version = "52.3.74";
+ version = "52.3.78";
src = fetchFromGitHub {
owner = "kubeshark";
repo = "kubeshark";
rev = "v${version}";
- hash = "sha256-MlYyTo30v9i1puSadbQRHCmUW7Kf9UV8X5Y7LQtRWaE=";
+ hash = "sha256-tv0yBm10bUCepa03GUQlok6cP0bIuG7sgunX8iAUjO4=";
};
vendorHash = "sha256-b3Aq3970E19jOJPjw/e0ly1W9x9HiDN+bfuB4uP09BY=";
diff --git a/pkgs/applications/networking/remote/freerdp/3.nix b/pkgs/applications/networking/remote/freerdp/3.nix
index e7ce194119e6..9ec1d9e0c620 100644
--- a/pkgs/applications/networking/remote/freerdp/3.nix
+++ b/pkgs/applications/networking/remote/freerdp/3.nix
@@ -68,13 +68,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "freerdp";
- version = "3.6.3";
+ version = "3.7.0";
src = fetchFromGitHub {
owner = "FreeRDP";
repo = "FreeRDP";
rev = finalAttrs.version;
- hash = "sha256-LdgHQ2lb3cde4cX4aIwHvSo0q9iwpLzaWDHbv1/rneE=";
+ hash = "sha256-o/Sp9mMEIxtXa0oIpxYG9Fm8YejStUYcW/jkdPwyE5I=";
};
postPatch = ''
diff --git a/pkgs/applications/science/math/getdp/default.nix b/pkgs/applications/science/math/getdp/default.nix
index 18000c147d87..30a5837c3111 100644
--- a/pkgs/applications/science/math/getdp/default.nix
+++ b/pkgs/applications/science/math/getdp/default.nix
@@ -1,6 +1,8 @@
{ lib, stdenv, fetchurl, cmake, gfortran, blas, lapack, mpi, petsc, python3 }:
-stdenv.mkDerivation rec {
+let
+ mpiSupport = petsc.passthru.mpiSupport;
+in stdenv.mkDerivation rec {
pname = "getdp";
version = "3.6.0";
src = fetchurl {
@@ -8,7 +10,6 @@ stdenv.mkDerivation rec {
hash = "sha256-nzefwCV+Z9BHDofuTfhR+vhqm3cCSiUT+7cbtn601N8=";
};
- inherit (petsc) mpiSupport;
nativeBuildInputs = [ cmake python3 ];
buildInputs = [ gfortran blas lapack petsc ]
++ lib.optional mpiSupport mpi
diff --git a/pkgs/applications/version-management/gql/default.nix b/pkgs/applications/version-management/gql/default.nix
index 867f7a9b13a4..c8001682adc3 100644
--- a/pkgs/applications/version-management/gql/default.nix
+++ b/pkgs/applications/version-management/gql/default.nix
@@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "gql";
- version = "0.25.0";
+ version = "0.26.0";
src = fetchFromGitHub {
owner = "AmrDeveloper";
repo = "GQL";
rev = version;
- hash = "sha256-Jys6pdHGIrgBrXnHm3P2PbTPBPiclQErEaUUQSRm1a0=";
+ hash = "sha256-qVO+kqsmVFDsO9fJGLyqxBzlBc8DZmX1ZQ7UjI3T0Fw=";
};
- cargoHash = "sha256-JT/Di4HEcXm03/1gVuaX+6JKn0aHAudwpf+gzXgRFfA=";
+ cargoHash = "sha256-sq8hxI1MOOE97OwrUEkwrEkpQWeCTzA8r6x5abTxCl0=";
nativeBuildInputs = [
pkg-config
diff --git a/pkgs/applications/video/mpv/scripts/videoclip.nix b/pkgs/applications/video/mpv/scripts/videoclip.nix
index 4436dca265d1..bff265892eb1 100644
--- a/pkgs/applications/video/mpv/scripts/videoclip.nix
+++ b/pkgs/applications/video/mpv/scripts/videoclip.nix
@@ -10,13 +10,13 @@
}:
buildLua {
pname = "videoclip";
- version = "0-unstable-2024-07-18";
+ version = "0-unstable-2024-08-20";
src = fetchFromGitHub {
owner = "Ajatt-Tools";
repo = "videoclip";
- rev = "fe731767ca481678b4a166fbce6b30d3eaf8a6ce";
- hash = "sha256-Z63kccjl8jd6C0dvpK7SQnPpmDCgH3/Kzm1oRXJ0NqI=";
+ rev = "249122d245bc5ec2a0687346af730b1cc2273b21";
+ hash = "sha256-VSMFddi8Lvmipo8Un79v+LXGNiKeaSxHQ44HddJgTkE=";
};
patchPhase =
diff --git a/pkgs/by-name/de/densify/package.nix b/pkgs/by-name/de/densify/package.nix
new file mode 100755
index 000000000000..0b2e1c314371
--- /dev/null
+++ b/pkgs/by-name/de/densify/package.nix
@@ -0,0 +1,78 @@
+{
+ fetchFromGitHub,
+ lib,
+ python3Packages,
+ python3,
+ gtk3,
+ gobject-introspection,
+ wrapGAppsHook3,
+ xorg,
+ gnugrep,
+ ghostscript,
+}:
+
+python3Packages.buildPythonApplication rec {
+ pname = "densify";
+ version = "0.3.2";
+ format = "other";
+
+ src = fetchFromGitHub {
+ owner = "hkdb";
+ repo = "Densify";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-giFFy8HiSmnOqFKLyrPD1kTry8hMQxotEgD/u2FEMRY=";
+ };
+
+ postPatch = ''
+ # Fix fail loading program icon from runtime path
+ substituteInPlace densify \
+ --replace-fail "/icon.png" "/../share/densify/icon.png"
+ '';
+
+ dependencies = with python3Packages; [ pygobject3 ];
+
+ nativeBuildInputs = [
+ gobject-introspection
+ wrapGAppsHook3
+ ];
+
+ buildInputs = [ gtk3 ];
+
+ preFixup = ''
+ gappsWrapperArgs+=(
+ --prefix PATH : "${
+ lib.makeBinPath [
+ ghostscript
+ gnugrep
+ xorg.xrandr
+ ]
+ }"
+ )
+ '';
+
+ installPhase = ''
+ runHook preInstall
+
+ install -Dm755 -t $out/bin densify
+ install -Dm644 -t $out/share/applications densify.desktop
+ install -Dm644 -t $out/share/densify desktop-icon.png icon.png
+
+ runHook postInstall
+ '';
+
+ postFixup = ''
+ substituteInPlace $out/share/applications/densify.desktop \
+ --replace-fail "/opt/Densify/densify" "densify" \
+ --replace-fail "Path=/opt/Densify/" "Path=$out/bin/" \
+ --replace-fail "/opt/Densify/desktop-icon.png" "$out/share/densify/desktop-icon.png"
+ '';
+
+ meta = {
+ description = "Compress PDF files with Ghostscript";
+ homepage = "https://github.com/hkdb/Densify";
+ changelog = "https://github.com/hkdb/Densify/blob/${src.rev}/README.md";
+ license = lib.licenses.mit;
+ maintainers = with lib.maintainers; [ onny ];
+ platforms = lib.platforms.all;
+ };
+}
diff --git a/pkgs/by-name/fw/fwupd/package.nix b/pkgs/by-name/fw/fwupd/package.nix
index c18c9674be32..f366b9290a96 100644
--- a/pkgs/by-name/fw/fwupd/package.nix
+++ b/pkgs/by-name/fw/fwupd/package.nix
@@ -49,6 +49,7 @@
, libmbim
, libcbor
, xz
+, nix-update-script
, enableFlashrom ? false
, enablePassim ? false
}:
@@ -120,7 +121,7 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "fwupd";
- version = "1.9.23";
+ version = "1.9.24";
# libfwupd goes to lib
# daemon, plug-ins and libfwupdplugin go to out
@@ -131,7 +132,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "fwupd";
repo = "fwupd";
rev = finalAttrs.version;
- hash = "sha256-SLwRATYUSnHN6r5KyVGXbdAFjHCfykItbBTsl5/s8fA=";
+ hash = "sha256-jAR/c8hedprteCj5wrjST4yo8TxJ4JmLbPXSwBO3gJs=";
};
patches = [
@@ -325,6 +326,7 @@ stdenv.mkDerivation (finalAttrs: {
separateDebugInfo = true;
passthru = {
+ updateScript = nix-update-script { };
filesInstalledToEtc = [
"fwupd/bios-settings.d/README.md"
"fwupd/fwupd.conf"
diff --git a/pkgs/by-name/go/gotree/package.nix b/pkgs/by-name/go/gotree/package.nix
index 62b91044bcde..bdefbb5badb5 100644
--- a/pkgs/by-name/go/gotree/package.nix
+++ b/pkgs/by-name/go/gotree/package.nix
@@ -6,13 +6,13 @@
buildGoModule rec {
pname = "gotree";
- version = "1.2.0";
+ version = "1.4.1";
src = fetchFromGitHub {
owner = "elbachir-one";
repo = "gt";
rev = "v${version}";
- hash = "sha256-gyhnSx253EUx8WUIJES8rCAOI/rY7H7dwRdahkR6TBg=";
+ hash = "sha256-sWKqfDWwMfj4shg/MxHu7Zr4WE5pxAzHHmsjU3jQY10=";
};
vendorHash = null;
diff --git a/pkgs/by-name/im/immich-go/package.nix b/pkgs/by-name/im/immich-go/package.nix
index cb461954464f..456dc2b72d37 100644
--- a/pkgs/by-name/im/immich-go/package.nix
+++ b/pkgs/by-name/im/immich-go/package.nix
@@ -1,13 +1,13 @@
{ lib, buildGoModule, fetchFromGitHub, nix-update-script, testers, immich-go }:
buildGoModule rec {
pname = "immich-go";
- version = "0.21.1";
+ version = "1.21.3";
src = fetchFromGitHub {
owner = "simulot";
repo = "immich-go";
rev = "${version}";
- hash = "sha256-mN/3ctEX5R7UepJUs3Ble0s2c0gRxHe5CDey9MoE4YA=";
+ hash = "sha256-DgTEkiT9D+8wa6mzWWnsh98f7hEEK5r3QiH2e1yarCU=";
# Inspired by: https://github.com/NixOS/nixpkgs/blob/f2d7a289c5a5ece8521dd082b81ac7e4a57c2c5c/pkgs/applications/graphics/pdfcpu/default.nix#L20-L32
# The intention here is to write the information into files in the `src`'s
@@ -24,7 +24,7 @@ buildGoModule rec {
'';
};
- vendorHash = "sha256-Y6awfvbKV0G3VFXCUHLSwUkGaMkTaacruSz8KVi6NoQ=";
+ vendorHash = "sha256-jED1K2zHv60zxMY4P7Z739uzf7PtlsnvZyStOSLKi4M=";
# options used by upstream:
# https://github.com/simulot/immich-go/blob/0.13.2/.goreleaser.yaml
diff --git a/pkgs/by-name/ka/kanidm-provision/package.nix b/pkgs/by-name/ka/kanidm-provision/package.nix
index 47ccb70f86f6..63d7e85ba8a8 100644
--- a/pkgs/by-name/ka/kanidm-provision/package.nix
+++ b/pkgs/by-name/ka/kanidm-provision/package.nix
@@ -5,16 +5,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "kanidm-provision";
- version = "1.1.1";
+ version = "1.1.2";
src = fetchFromGitHub {
owner = "oddlama";
repo = "kanidm-provision";
rev = "v${version}";
- hash = "sha256-tX24cszmWu7kB5Eoa3OrPqU1bayD62OpAV12U0ayoEo=";
+ hash = "sha256-pgPjkj0nMb5j3EvyJTTDpfmh0WigAcMzoleF5EOqBAM=";
};
- cargoHash = "sha256-Ok8A47z5Z3QW4teql/4RyDlox/nrhkdA6IN/qJm13bM=";
+ cargoHash = "sha256-tQ3uVsy5Dw4c4CbSeASv1TWkqxVYjl/Cjkr00OQEo9c=";
meta = with lib; {
description = "A small utility to help with kanidm provisioning";
diff --git a/pkgs/by-name/ko/koboldcpp/package.nix b/pkgs/by-name/ko/koboldcpp/package.nix
index 1b3e89c11be4..c99fce56a214 100644
--- a/pkgs/by-name/ko/koboldcpp/package.nix
+++ b/pkgs/by-name/ko/koboldcpp/package.nix
@@ -53,13 +53,13 @@ let
in
effectiveStdenv.mkDerivation (finalAttrs: {
pname = "koboldcpp";
- version = "1.72";
+ version = "1.73";
src = fetchFromGitHub {
owner = "LostRuins";
repo = "koboldcpp";
rev = "refs/tags/v${finalAttrs.version}";
- hash = "sha256-DePcBVNXIWIlOXyNeNMUFFIQxQuwqG8KBUh2/X7R6X8=";
+ hash = "sha256-S0MonY2rIAkbJnTaDVc2YiGPjOaevgp82mt6JwWdN1U=";
};
enableParallelBuilding = true;
@@ -164,13 +164,14 @@ effectiveStdenv.mkDerivation (finalAttrs: {
passthru.updateScript = gitUpdater { rev-prefix = "v"; };
meta = {
+ changelog = "https://github.com/LostRuins/koboldcpp/releases/tag/v${finalAttrs.version}";
description = "Way to run various GGML and GGUF models";
license = lib.licenses.agpl3Only;
+ mainProgram = "koboldcpp";
maintainers = with lib.maintainers; [
maxstrid
donteatoreo
];
- mainProgram = "koboldcpp";
platforms = lib.platforms.unix;
};
})
diff --git a/pkgs/development/libraries/libs3/default.nix b/pkgs/by-name/li/libs3/package.nix
similarity index 56%
rename from pkgs/development/libraries/libs3/default.nix
rename to pkgs/by-name/li/libs3/package.nix
index 10b10529f7ba..03519d6c4f78 100644
--- a/pkgs/development/libraries/libs3/default.nix
+++ b/pkgs/by-name/li/libs3/package.nix
@@ -1,4 +1,12 @@
-{ lib, stdenv, fetchFromGitHub, fetchpatch, curl, libxml2 }:
+{
+ curl,
+ fetchFromGitHub,
+ fetchpatch,
+ lib,
+ libxml2,
+ pkg-config,
+ stdenv,
+}:
stdenv.mkDerivation {
pname = "libs3";
@@ -12,21 +20,35 @@ stdenv.mkDerivation {
};
patches = [
- (fetchpatch { # Fix compilation with openssl 3.0
+ (fetchpatch {
+ # Fix compilation with openssl 3.0
url = "https://github.com/bji/libs3/pull/112/commits/3c3a1cf915e62b730db854d8007ba835cb38677c.patch";
hash = "sha256-+rWRh8dOznHlamc/T9qbgN0E2Rww3Hn94UeErxNDccs=";
})
];
- buildInputs = [ curl libxml2 ];
+ postPatch = ''
+ substituteInPlace GNUmakefile \
+ --replace-fail curl-config "$PKG_CONFIG libcurl" \
+ --replace-fail xml2-config "$PKG_CONFIG libxml-2.0"
+ '';
makeFlags = [ "DESTDIR=${placeholder "out"}" ];
- meta = with lib; {
- homepage = "https://github.com/bji/libs3";
+ strictDeps = true;
+
+ nativeBuildInputs = [ pkg-config ];
+
+ buildInputs = [
+ curl
+ libxml2
+ ];
+
+ meta = {
description = "Library for interfacing with amazon s3";
+ homepage = "https://github.com/bji/libs3";
+ license = lib.licenses.lgpl3Plus;
mainProgram = "s3";
- license = licenses.lgpl3Plus;
- platforms = platforms.linux;
+ platforms = lib.platforms.linux;
};
}
diff --git a/pkgs/by-name/pe/petsc/package.nix b/pkgs/by-name/pe/petsc/package.nix
index a9cc4ace97a3..2ea48a54a793 100644
--- a/pkgs/by-name/pe/petsc/package.nix
+++ b/pkgs/by-name/pe/petsc/package.nix
@@ -15,6 +15,7 @@
hdf5,
metis,
parmetis,
+ withParmetis ? false,
pkg-config,
p4est,
zlib, # propagated by p4est but required by petsc
@@ -35,9 +36,6 @@ stdenv.mkDerivation rec {
hash = "sha256-dxHa8JUJCN4zRIXMCx7gcvbzFH2SPtkJ377ssIevjgU=";
};
- inherit mpiSupport;
- withp4est = petsc-withp4est;
-
strictDeps = true;
nativeBuildInputs = [
python3
@@ -47,7 +45,7 @@ stdenv.mkDerivation rec {
buildInputs = [
blas
lapack
- ] ++ lib.optional hdf5-support hdf5 ++ lib.optional withp4est p4est;
+ ] ++ lib.optional hdf5-support hdf5 ++ lib.optional petsc-withp4est p4est ++ lib.optionals withParmetis [ metis parmetis ];
prePatch = lib.optionalString stdenv.isDarwin ''
substituteInPlace config/install.py \
@@ -60,49 +58,42 @@ stdenv.mkDerivation rec {
# These messages contaminate test output, which makes the quicktest suite to fail. The patch adds filtering for these messages.
patches = [ ./filter_mpi_warnings.patch ];
+ configureFlags = [
+ "--with-blas=1"
+ "--with-lapack=1"
+ "--with-scalar-type=${petsc-scalar-type}"
+ "--with-precision=${petsc-precision}"
+ "--with-mpi=${if mpiSupport then "1" else "0"}"
+ ] ++ lib.optionals mpiSupport [
+ "--CC=mpicc"
+ "--with-cxx=mpicxx"
+ "--with-fc=mpif90"
+ ] ++ lib.optionals (mpiSupport && withParmetis) [
+ "--with-metis=1"
+ "--with-metis-dir=${metis}"
+ "--with-parmetis=1"
+ "--with-parmetis-dir=${parmetis}"
+ ] ++ lib.optionals petsc-optimized [
+ "--with-debugging=0"
+ "COPTFLAGS=-O3"
+ "FOPTFLAGS=-O3"
+ "CXXOPTFLAGS=-O3"
+ "CXXFLAGS=-O3"
+ ];
preConfigure = ''
patchShebangs ./lib/petsc/bin
- configureFlagsArray=(
- $configureFlagsArray
- ${
- if !mpiSupport then
- ''
- "--with-mpi=0"
- ''
- else
- ''
- "--CC=mpicc"
- "--with-cxx=mpicxx"
- "--with-fc=mpif90"
- "--with-mpi=1"
- "--with-metis=1"
- "--with-metis-dir=${metis}"
- "--with-parmetis=1"
- "--with-parmetis-dir=${parmetis}"
- ''
- }
- ${lib.optionalString withp4est ''
- "--with-p4est=1"
- "--with-zlib-include=${zlib.dev}/include"
- "--with-zlib-lib=-L${zlib}/lib -lz"
- ''}
- ${lib.optionalString hdf5-support ''
- "--with-hdf5=1"
- "--with-hdf5-fortran-bindings=1"
- "--with-hdf5-lib=-L${hdf5}/lib -lhdf5"
- "--with-hdf5-include=${hdf5.dev}/include"
- ''}
- "--with-blas=1"
- "--with-lapack=1"
- "--with-scalar-type=${petsc-scalar-type}"
- "--with-precision=${petsc-precision}"
- ${lib.optionalString petsc-optimized ''
- "--with-debugging=0"
- COPTFLAGS='-O3'
- FOPTFLAGS='-O3'
- CXXOPTFLAGS='-O3'
- CXXFLAGS='-O3'
- ''}
+ '' + lib.optionalString petsc-withp4est ''
+ configureFlagsArray+=(
+ "--with-p4est=1"
+ "--with-zlib-include=${zlib.dev}/include"
+ "--with-zlib-lib=-L${zlib}/lib -lz"
+ )
+ '' + lib.optionalString hdf5-support ''
+ configureFlagsArray+=(
+ "--with-hdf5=1"
+ "--with-hdf5-fortran-bindings=1"
+ "--with-hdf5-include=${hdf5.dev}/include"
+ "--with-hdf5-lib=-L${hdf5}/lib -lhdf5"
)
'';
@@ -122,6 +113,10 @@ stdenv.mkDerivation rec {
doInstallCheck = true;
installCheckTarget = "check_install";
+ passthru = {
+ inherit mpiSupport;
+ };
+
meta = with lib; {
description = "Portable Extensible Toolkit for Scientific computation";
homepage = "https://petsc.org/release/";
diff --git a/pkgs/by-name/re/resources/package.nix b/pkgs/by-name/re/resources/package.nix
index cf710d62fdf3..da4338e56e9b 100644
--- a/pkgs/by-name/re/resources/package.nix
+++ b/pkgs/by-name/re/resources/package.nix
@@ -20,19 +20,19 @@
stdenv.mkDerivation (finalAttrs: {
pname = "resources";
- version = "1.5.1";
+ version = "1.6.0";
src = fetchFromGitHub {
owner = "nokyan";
repo = "resources";
rev = "refs/tags/v${finalAttrs.version}";
- hash = "sha256-uzZCczayJ5C0TZznA2wjGNYF3nB6fh/rrBKvv9s3J5g=";
+ hash = "sha256-RYpPg9dEasHkXF2eHpeCze5j0FC1+9/J0e2lRw8AdKc=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit (finalAttrs) src;
name = "resources-${finalAttrs.version}";
- hash = "sha256-a0VdSNy8E7qen+6yFXuQBmYnDD/DMUgrZqJK6BJja60=";
+ hash = "sha256-zliLpmunlxRsWv9N8AswVoRqcNy5PuI5NzNjaXyTiGk=";
};
nativeBuildInputs = [
diff --git a/pkgs/by-name/ro/robotframework-tidy/package.nix b/pkgs/by-name/ro/robotframework-tidy/package.nix
index 8296dcaa3313..eeeaf1bbc986 100644
--- a/pkgs/by-name/ro/robotframework-tidy/package.nix
+++ b/pkgs/by-name/ro/robotframework-tidy/package.nix
@@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "robotframework-tidy";
- version = "4.13.0";
+ version = "4.14.0";
pyproject = true;
src = fetchFromGitHub {
owner = "MarketSquare";
repo = "robotframework-tidy";
- rev = version;
- hash = "sha256-MCx0J+uZ2LI0K1TrIwJbLVTUTJnLxTvYXUJNtIMsnQU=";
+ rev = "refs/tags/${version}";
+ hash = "sha256-FsZraD0Kn9e6J0XzJsm4m0dIXHi86AWGad13ggqm3h4=";
};
build-system = with python3.pkgs; [ setuptools ];
diff --git a/pkgs/by-name/rt/rtorrent/package.nix b/pkgs/by-name/rt/rtorrent/package.nix
index 4f99e5852f88..59b346116147 100644
--- a/pkgs/by-name/rt/rtorrent/package.nix
+++ b/pkgs/by-name/rt/rtorrent/package.nix
@@ -20,13 +20,13 @@
stdenv.mkDerivation {
pname = "rakshasa-rtorrent";
- version = "0.9.8-unstable-2024-08-09";
+ version = "0.9.8-unstable-2024-08-20";
src = fetchFromGitHub {
owner = "rakshasa";
repo = "rtorrent";
- rev = "892e595015404c125df4a836b2a4fa18c01b4586";
- hash = "sha256-y7VlpviWT4kq4sfeWq00qM40tBAyGFBAplwrji45dOc=";
+ rev = "eacf9798e2787df7dd4d5c800a46bac7931ac41c";
+ hash = "sha256-VJ2QJfBRUgk0KcCZTHtlyBIMVhs0UfYWAPlTeA98VZU=";
};
outputs = [ "out" "man" ];
diff --git a/pkgs/by-name/s0/s0ix-selftest-tool/package.nix b/pkgs/by-name/s0/s0ix-selftest-tool/package.nix
index bbb142d00e52..fb53e5247108 100644
--- a/pkgs/by-name/s0/s0ix-selftest-tool/package.nix
+++ b/pkgs/by-name/s0/s0ix-selftest-tool/package.nix
@@ -36,13 +36,13 @@ let
in
stdenv.mkDerivation {
pname = "s0ix-selftest-tool";
- version = "0-unstable-2024-08-13";
+ version = "0-unstable-2024-08-20";
src = fetchFromGitHub {
owner = "intel";
repo = "S0ixSelftestTool";
- rev = "a9fcb3117ff733e7c307bb579c612065b64bf4b7";
- hash = "sha256-DcXefQPI4VpkeFH/YM899WEZHIs5IfWOWoUuZV6Ew7M=";
+ rev = "73b540d0b15d874ebb462eb3296399d4556aff64";
+ hash = "sha256-p0IxhG0P0G+DQ5UykC+uVlMZUZQwrWG/iiJprdmsLm0=";
};
# don't use the bundled turbostat binary
diff --git a/pkgs/by-name/sc/screego/package.nix b/pkgs/by-name/sc/screego/package.nix
index 6b532cc2fe85..56783b74febd 100644
--- a/pkgs/by-name/sc/screego/package.nix
+++ b/pkgs/by-name/sc/screego/package.nix
@@ -10,13 +10,13 @@
}:
let
- version = "1.10.4";
+ version = "1.10.5";
src = fetchFromGitHub {
owner = "screego";
repo = "server";
rev = "v${version}";
- hash = "sha256-/GtlMLm2swmLV6bC7OWkcQUeB6WauRm7IOs0UhyocO0=";
+ hash = "sha256-4WF9PfG6W1BLBqgWkKhTFEzed0+jDpRFMTsHw/1lPnQ=";
};
ui = stdenv.mkDerivation {
diff --git a/pkgs/by-name/sw/sway-overfocus/package.nix b/pkgs/by-name/sw/sway-overfocus/package.nix
index 08b6158d4f11..9e968725d835 100644
--- a/pkgs/by-name/sw/sway-overfocus/package.nix
+++ b/pkgs/by-name/sw/sway-overfocus/package.nix
@@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "sway-overfocus";
- version = "0.2.3-fix";
+ version = "0.2.4";
src = fetchFromGitHub {
owner = "korreman";
repo = pname;
rev = "v${version}";
- hash = "sha256-KHbYlxgrrZdNKJ7R9iVflbbP1c6qohM/NHBSYuzxEt4=";
+ hash = "sha256-trpjKA0TV8InSfViIXKnMDeZeFXZfavpiU7/R3JDQkQ=";
};
- cargoHash = "sha256-zp6PSu8P+ZUhrqi5Vxpe+z9zBaSkdVQBMGNP0FVOviQ=";
+ cargoHash = "sha256-uAzD4x7pSyem2juQi/4223Cbt6pVt4gynhn2lWMSKSQ=";
# Crate without tests.
doCheck = false;
diff --git a/pkgs/by-name/uv/uv/Cargo.lock b/pkgs/by-name/uv/uv/Cargo.lock
index 1a51a8e083bb..d777232327d4 100644
--- a/pkgs/by-name/uv/uv/Cargo.lock
+++ b/pkgs/by-name/uv/uv/Cargo.lock
@@ -1847,7 +1847,7 @@ dependencies = [
"pypi-types",
"reflink-copy",
"regex",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"schemars",
"serde",
"serde_json",
@@ -2511,7 +2511,7 @@ dependencies = [
"pyo3",
"pyo3-log",
"regex",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"schemars",
"serde",
"serde_json",
@@ -2652,7 +2652,7 @@ name = "platform-tags"
version = "0.0.1"
dependencies = [
"insta",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"serde",
"thiserror",
]
@@ -2777,12 +2777,12 @@ dependencies = [
[[package]]
name = "pubgrub"
version = "0.2.1"
-source = "git+https://github.com/astral-sh/pubgrub?rev=aaef464c1b0d8eea4ff9ffaee4f3458c236d10da#aaef464c1b0d8eea4ff9ffaee4f3458c236d10da"
+source = "git+https://github.com/astral-sh/pubgrub?rev=388685a8711092971930986644cfed152d1a1f6c#388685a8711092971930986644cfed152d1a1f6c"
dependencies = [
"indexmap",
"log",
"priority-queue",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"thiserror",
]
@@ -2796,7 +2796,7 @@ dependencies = [
"indoc",
"libc",
"memoffset 0.9.1",
- "parking_lot 0.11.2",
+ "parking_lot 0.12.3",
"portable-atomic",
"pyo3-build-config",
"pyo3-ffi",
@@ -2894,7 +2894,7 @@ dependencies = [
"pin-project-lite",
"quinn-proto",
"quinn-udp",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"rustls",
"socket2",
"thiserror",
@@ -2911,7 +2911,7 @@ dependencies = [
"bytes",
"rand",
"ring",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"rustls",
"slab",
"thiserror",
@@ -3369,12 +3369,6 @@ version = "0.1.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
-[[package]]
-name = "rustc-hash"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
-
[[package]]
name = "rustc-hash"
version = "2.0.0"
@@ -3767,9 +3761,9 @@ checksum = "b7401a30af6cb5818bb64852270bb722533397edcfc7344954a38f420819ece2"
[[package]]
name = "svg"
-version = "0.15.1"
+version = "0.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "683eed9bd9a2b078f92f87d166db38292e8114ab16d4cf23787ad4eecd1bb6e5"
+checksum = "700efb40f3f559c23c18b446e8ed62b08b56b2bb3197b36d57e0470b4102779e"
[[package]]
name = "svgfilters"
@@ -4252,15 +4246,15 @@ dependencies = [
[[package]]
name = "tracing-durations-export"
-version = "0.2.0"
+version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35b910b25a6c8e0fefcfff912bad6c4f4849d37e5945c3861d15e550d819da53"
+checksum = "382e025ef8e0db646343dd2cf56af9d7fe6f5eabce5f388f8e5ec7234f555a0f"
dependencies = [
"anyhow",
"fs-err",
- "itertools 0.12.1",
+ "itertools 0.13.0",
"once_cell",
- "rustc-hash 1.1.0",
+ "rustc-hash",
"serde",
"serde_json",
"svg",
@@ -4498,7 +4492,7 @@ checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
[[package]]
name = "uv"
-version = "0.3.1"
+version = "0.3.3"
dependencies = [
"anstream",
"anyhow",
@@ -4533,7 +4527,7 @@ dependencies = [
"rayon",
"regex",
"reqwest",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"serde",
"serde_json",
"similar",
@@ -4588,7 +4582,7 @@ dependencies = [
"reqwest",
"reqwest-middleware",
"rust-netrc",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"tempfile",
"test-log",
"tokio",
@@ -4612,7 +4606,7 @@ dependencies = [
"pep508_rs",
"pypi-types",
"regex",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"serde",
"serde_json",
"tempfile",
@@ -4640,7 +4634,7 @@ dependencies = [
"nanoid",
"pypi-types",
"rmp-serde",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"serde",
"tempfile",
"tracing",
@@ -4736,7 +4730,7 @@ dependencies = [
"pep508_rs",
"platform-tags",
"pypi-types",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"schemars",
"serde",
"serde_json",
@@ -4766,7 +4760,7 @@ dependencies = [
"pretty_assertions",
"pypi-types",
"resvg",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"schemars",
"serde",
"serde_json",
@@ -4805,7 +4799,7 @@ dependencies = [
"install-wheel-rs",
"itertools 0.13.0",
"pypi-types",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"tracing",
"uv-build",
"uv-cache",
@@ -4840,7 +4834,7 @@ dependencies = [
"reqwest",
"reqwest-middleware",
"rmp-serde",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"serde",
"tempfile",
"thiserror",
@@ -4874,7 +4868,7 @@ dependencies = [
"pypi-types",
"rayon",
"reqwest",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"sha2",
"thiserror",
"tokio",
@@ -4943,7 +4937,7 @@ dependencies = [
"platform-tags",
"pypi-types",
"rayon",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"same-file",
"tempfile",
"thiserror",
@@ -5064,7 +5058,7 @@ dependencies = [
"pep508_rs",
"pypi-types",
"requirements-txt",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"serde",
"thiserror",
"toml",
@@ -5110,7 +5104,7 @@ dependencies = [
"pypi-types",
"requirements-txt",
"rkyv",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"same-file",
"schemars",
"serde",
@@ -5236,7 +5230,7 @@ dependencies = [
"pep440_rs",
"pep508_rs",
"pypi-types",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"thiserror",
"url",
"uv-cache",
@@ -5248,7 +5242,7 @@ dependencies = [
[[package]]
name = "uv-version"
-version = "0.3.1"
+version = "0.3.3"
[[package]]
name = "uv-virtualenv"
@@ -5272,7 +5266,7 @@ version = "0.0.1"
dependencies = [
"anstream",
"owo-colors",
- "rustc-hash 2.0.0",
+ "rustc-hash",
]
[[package]]
@@ -5287,7 +5281,7 @@ dependencies = [
"pep508_rs",
"pypi-types",
"regex",
- "rustc-hash 2.0.0",
+ "rustc-hash",
"schemars",
"serde",
"thiserror",
diff --git a/pkgs/by-name/uv/uv/package.nix b/pkgs/by-name/uv/uv/package.nix
index 160583c2b8ed..a22565475423 100644
--- a/pkgs/by-name/uv/uv/package.nix
+++ b/pkgs/by-name/uv/uv/package.nix
@@ -16,21 +16,21 @@
python3Packages.buildPythonApplication rec {
pname = "uv";
- version = "0.3.1";
+ version = "0.3.3";
pyproject = true;
src = fetchFromGitHub {
owner = "astral-sh";
repo = "uv";
rev = "refs/tags/${version}";
- hash = "sha256-mBkPoYbixrY+2dHLfkF0xJow5UIl/MNkC0dNc4ZNnlU=";
+ hash = "sha256-l/62nnHQaA0dOpGO5svQOQukYnFyTM+c080+/WdVXg4=";
};
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"async_zip-0.0.17" = "sha256-3k9rc4yHWhqsCUJ17K55F8aQoCKdVamrWAn6IDWo3Ss=";
- "pubgrub-0.2.1" = "sha256-OVR4ioUSbraMZYglIGzBA0KQ+XZY0P0+fw68v8/e9sQ=";
+ "pubgrub-0.2.1" = "sha256-pU+F6hwqy+r6tz5OBoB6gU0+vdH6F3ikUaPrcvYRX2c=";
"reqwest-middleware-0.3.3" = "sha256-csQN7jZTifliSTsOm6YrjPVgsXBOfelY7LkHD1HkNGQ=";
};
};
diff --git a/pkgs/by-name/ya/yamlscript/package.nix b/pkgs/by-name/ya/yamlscript/package.nix
index 13ca920d1e4a..e9e221b946e7 100644
--- a/pkgs/by-name/ya/yamlscript/package.nix
+++ b/pkgs/by-name/ya/yamlscript/package.nix
@@ -2,11 +2,11 @@
buildGraalvmNativeImage rec {
pname = "yamlscript";
- version = "0.1.71";
+ version = "0.1.72";
src = fetchurl {
url = "https://github.com/yaml/yamlscript/releases/download/${version}/yamlscript.cli-${version}-standalone.jar";
- hash = "sha256-ko34trxTZmEkh/rltHLeweUg0deH7yiN6ME5igJiHHY=";
+ hash = "sha256-Qp2/Bifh+KXUjpcW/Lct6nGBv50TUEOGTjVPkXGbD54=";
};
executable = "ys";
diff --git a/pkgs/development/libraries/ffmpeg/default.nix b/pkgs/development/libraries/ffmpeg/default.nix
index 15785d24b6aa..cc468ec1c206 100644
--- a/pkgs/development/libraries/ffmpeg/default.nix
+++ b/pkgs/development/libraries/ffmpeg/default.nix
@@ -6,6 +6,7 @@ let
callPackage ./generic.nix (
{
inherit (darwin.apple_sdk.frameworks)
+ Accelerate
AppKit
AudioToolbox
AVFoundation
diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix
index ccd1642c6caa..4e8226c1904a 100644
--- a/pkgs/development/libraries/ffmpeg/generic.nix
+++ b/pkgs/development/libraries/ffmpeg/generic.nix
@@ -328,6 +328,7 @@
/*
* Darwin frameworks
*/
+, Accelerate
, AppKit
, AudioToolbox
, AVFoundation
@@ -778,7 +779,7 @@ stdenv.mkDerivation (finalAttrs: {
++ optionals withQuirc [ quirc ]
++ optionals withRav1e [ rav1e ]
++ optionals withRtmp [ rtmpdump ]
- ++ optionals withRubberband [ rubberband ]
+ ++ optionals withRubberband ([ rubberband ] ++ lib.optional stdenv.hostPlatform.isDarwin Accelerate)
++ optionals withSamba [ samba ]
++ optionals withSdl2 [ SDL2 ]
++ optionals withShaderc [ shaderc ]
diff --git a/pkgs/development/libraries/ngtcp2/gnutls.nix b/pkgs/development/libraries/ngtcp2/gnutls.nix
index 5fd52b1f592a..1cf06ecb837f 100644
--- a/pkgs/development/libraries/ngtcp2/gnutls.nix
+++ b/pkgs/development/libraries/ngtcp2/gnutls.nix
@@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "ngtcp2";
- version = "1.6.0";
+ version = "1.7.0";
src = fetchFromGitHub {
owner = "ngtcp2";
repo = "ngtcp2";
rev = "v${version}";
- hash = "sha256-Oaz5LX4R0vriURueQNklZ1dx1r8SWDaeK8oaUadlGtI=";
+ hash = "sha256-7DesCT8swwk9E1ckYrj3mGsdx37HrJxd+svKpJRrhoI=";
};
outputs = [ "out" "dev" ];
diff --git a/pkgs/development/python-modules/aiomisc/default.nix b/pkgs/development/python-modules/aiomisc/default.nix
index 2b641a1af2e6..8f3050f3ed48 100644
--- a/pkgs/development/python-modules/aiomisc/default.nix
+++ b/pkgs/development/python-modules/aiomisc/default.nix
@@ -22,14 +22,14 @@
buildPythonPackage rec {
pname = "aiomisc";
- version = "17.5.25";
+ version = "17.5.26";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
- hash = "sha256-qxvisqvsDdhdFut9kvbmcjXAcTw7QpYruGk8zyQcg9M=";
+ hash = "sha256-78N8SBzgUB0Lnbj79r3jfhx6ZwlsP9Eq7gTIPkZSPzM=";
};
build-system = [ poetry-core ];
diff --git a/pkgs/development/python-modules/model-bakery/default.nix b/pkgs/development/python-modules/model-bakery/default.nix
index 17c1aeb3c45f..0b6c3f49443c 100644
--- a/pkgs/development/python-modules/model-bakery/default.nix
+++ b/pkgs/development/python-modules/model-bakery/default.nix
@@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "model-bakery";
- version = "1.19.2";
+ version = "1.19.4";
pyproject = true;
disabled = pythonOlder "3.8";
@@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "model-bakers";
repo = "model_bakery";
rev = "refs/tags/${version}";
- hash = "sha256-Y1cv4AykDUkO5z1ejKuBphPGijnjpbgGcmwGBxeebcY=";
+ hash = "sha256-Jok5fQ8z9/v6n482yYA06ugC+4SSMuV7fmt1cdv3/dg=";
};
build-system = [ hatchling ];
diff --git a/pkgs/development/python-modules/reptor/default.nix b/pkgs/development/python-modules/reptor/default.nix
index 6b4fe60c12e5..c1c8473c2658 100644
--- a/pkgs/development/python-modules/reptor/default.nix
+++ b/pkgs/development/python-modules/reptor/default.nix
@@ -30,16 +30,16 @@
buildPythonPackage rec {
pname = "reptor";
- version = "0.21";
+ version = "0.22";
pyproject = true;
- disabled = pythonOlder "3.8";
+ disabled = pythonOlder "3.9";
src = fetchFromGitHub {
owner = "Syslifters";
repo = "reptor";
rev = "refs/tags/${version}";
- hash = "sha256-XJCysRGCg5V3ftSsu611mS8btbdebs1EOPTp1Z/6PJ0=";
+ hash = "sha256-OAHhpVQIAT3+f/+Oo2MNcS+xP7KB/LVvXLpOyY1rumM=";
};
pythonRelaxDeps = true;
@@ -98,10 +98,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Module to do automated pentest reporting with SysReptor";
- mainProgram = "reptor";
homepage = "https://github.com/Syslifters/reptor";
changelog = "https://github.com/Syslifters/reptor/releases/tag/${version}";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
+ mainProgram = "reptor";
};
}
diff --git a/pkgs/development/python-modules/rich-rst/default.nix b/pkgs/development/python-modules/rich-rst/default.nix
index 067b7c39cbc0..277ba67562e8 100644
--- a/pkgs/development/python-modules/rich-rst/default.nix
+++ b/pkgs/development/python-modules/rich-rst/default.nix
@@ -35,6 +35,6 @@ buildPythonPackage rec {
description = "Beautiful reStructuredText renderer for rich";
homepage = "https://github.com/wasi-master/rich-rst";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
};
}
diff --git a/pkgs/development/python-modules/rich/default.nix b/pkgs/development/python-modules/rich/default.nix
index 3d14a05bfd50..e32427b7b1e4 100644
--- a/pkgs/development/python-modules/rich/default.nix
+++ b/pkgs/development/python-modules/rich/default.nix
@@ -88,9 +88,6 @@ buildPythonPackage rec {
homepage = "https://github.com/Textualize/rich";
changelog = "https://github.com/Textualize/rich/blob/v${version}/CHANGELOG.md";
license = licenses.mit;
- maintainers = with maintainers; [
- ris
- joelkoen
- ];
+ maintainers = with maintainers; [ ris ];
};
}
diff --git a/pkgs/development/python-modules/textual/default.nix b/pkgs/development/python-modules/textual/default.nix
index 37aa589b29ea..f0ee4ea3b872 100644
--- a/pkgs/development/python-modules/textual/default.nix
+++ b/pkgs/development/python-modules/textual/default.nix
@@ -77,6 +77,6 @@ buildPythonPackage rec {
homepage = "https://github.com/Textualize/textual";
changelog = "https://github.com/Textualize/textual/releases/tag/v${version}";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
};
}
diff --git a/pkgs/development/python-modules/towncrier/default.nix b/pkgs/development/python-modules/towncrier/default.nix
index 61fedf42b085..580d82133f2d 100644
--- a/pkgs/development/python-modules/towncrier/default.nix
+++ b/pkgs/development/python-modules/towncrier/default.nix
@@ -17,24 +17,19 @@
buildPythonPackage rec {
pname = "towncrier";
- version = "24.7.1";
+ version = "24.8.0";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchPypi {
inherit pname version;
- hash = "sha256-V6BX+u2ryt8aYvb5utcmrlZsHzGkETON24MWmT9YOz0=";
+ hash = "sha256-ATQj7n7tECsvOTwofSLZX2bxo+oQpLqoLSmAAafxivM=";
};
- postPatch = ''
- substituteInPlace pyproject.toml \
- --replace "hatchling ~= 1.17.1" "hatchling"
- '';
+ build-system = [ hatchling ];
- nativeBuildInputs = [ hatchling ];
-
- propagatedBuildInputs =
+ dependencies =
[
click
incremental
@@ -58,10 +53,10 @@ buildPythonPackage rec {
meta = with lib; {
description = "Utility to produce useful, summarised news files";
- mainProgram = "towncrier";
homepage = "https://github.com/twisted/towncrier/";
changelog = "https://github.com/twisted/towncrier/blob/${version}/NEWS.rst";
license = licenses.mit;
maintainers = [ ];
+ mainProgram = "towncrier";
};
}
diff --git a/pkgs/development/python-modules/whatthepatch/default.nix b/pkgs/development/python-modules/whatthepatch/default.nix
index c4ad9ca8d0ec..8ae261d1dbae 100644
--- a/pkgs/development/python-modules/whatthepatch/default.nix
+++ b/pkgs/development/python-modules/whatthepatch/default.nix
@@ -32,6 +32,6 @@ buildPythonPackage rec {
homepage = "https://github.com/cscorley/whatthepatch";
changelog = "https://github.com/cscorley/whatthepatch/blob/${version}/HISTORY.md";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
};
}
diff --git a/pkgs/development/tools/mix2nix/default.nix b/pkgs/development/tools/mix2nix/default.nix
index b0d3a8c8107c..a2420980d181 100644
--- a/pkgs/development/tools/mix2nix/default.nix
+++ b/pkgs/development/tools/mix2nix/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "mix2nix";
- version = "0.1.9";
+ version = "0.2.0";
src = fetchFromGitHub {
owner = "ydlr";
repo = "mix2nix";
rev = version;
- hash = "sha256-Wh3KFp1gNDOKOG/DZdftmgy/M+67ZGfdj6W3ETQpX/8=";
+ hash = "sha256-hD4lpP8GPkNXuMMDOOTEmy+rOwOSCxQwR0Mjq8i4oDM=";
};
nativeBuildInputs = [ elixir ];
diff --git a/pkgs/development/tools/turso-cli/default.nix b/pkgs/development/tools/turso-cli/default.nix
index db6b0d0e208d..d715b34661f7 100644
--- a/pkgs/development/tools/turso-cli/default.nix
+++ b/pkgs/development/tools/turso-cli/default.nix
@@ -8,13 +8,13 @@
}:
buildGoModule rec {
pname = "turso-cli";
- version = "0.96.3";
+ version = "0.97.0";
src = fetchFromGitHub {
owner = "tursodatabase";
repo = "turso-cli";
rev = "v${version}";
- hash = "sha256-3noPhWS5Sh6KZs4u310HbNybL58yIcdM7jD0R+UvZ0s=";
+ hash = "sha256-m/0LfUs9oMWSjRPkVSPyHsFw8U1Fk2SXjqfOrLYsZlI=";
};
vendorHash = "sha256-c8dX60GPZSNMoCaF51jLWJK+aNDmw6TdzlBYS+vSuEY=";
diff --git a/pkgs/games/minecraft-servers/derivation.nix b/pkgs/games/minecraft-servers/derivation.nix
index 68c9fd35f76a..a94a2daecac2 100644
--- a/pkgs/games/minecraft-servers/derivation.nix
+++ b/pkgs/games/minecraft-servers/derivation.nix
@@ -34,6 +34,6 @@ stdenv.mkDerivation {
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.unfreeRedistributable;
platforms = platforms.unix;
- maintainers = with maintainers; [ thoughtpolice tomberek costrouc joelkoen ];
+ maintainers = with maintainers; [ thoughtpolice tomberek costrouc ];
};
}
diff --git a/pkgs/games/purpur/default.nix b/pkgs/games/purpur/default.nix
index 7246c689c9bf..ad8f1b81097d 100644
--- a/pkgs/games/purpur/default.nix
+++ b/pkgs/games/purpur/default.nix
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.mit;
platforms = platforms.unix;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
mainProgram = "minecraft-server";
};
}
diff --git a/pkgs/misc/rich-cli/default.nix b/pkgs/misc/rich-cli/default.nix
index a76f921dcf99..8399cbb8d32b 100644
--- a/pkgs/misc/rich-cli/default.nix
+++ b/pkgs/misc/rich-cli/default.nix
@@ -58,7 +58,7 @@ python3.pkgs.buildPythonApplication rec {
homepage = "https://github.com/Textualize/rich-cli";
changelog = "https://github.com/Textualize/rich-cli/releases/tag/v${version}";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
mainProgram = "rich";
};
}
diff --git a/pkgs/tools/misc/apkeep/default.nix b/pkgs/tools/misc/apkeep/default.nix
index 5bc0aec88cb2..084997765868 100644
--- a/pkgs/tools/misc/apkeep/default.nix
+++ b/pkgs/tools/misc/apkeep/default.nix
@@ -39,7 +39,7 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/EFForg/apkeep";
changelog = "https://github.com/EFForg/apkeep/blob/${version}/CHANGELOG.md";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
mainProgram = "apkeep";
};
}
diff --git a/pkgs/tools/misc/melody/default.nix b/pkgs/tools/misc/melody/default.nix
index b7da7fe8a025..89316b183fdd 100644
--- a/pkgs/tools/misc/melody/default.nix
+++ b/pkgs/tools/misc/melody/default.nix
@@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec {
description = "Language that compiles to regular expressions";
homepage = "https://github.com/yoav-lavi/melody";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
mainProgram = "melody";
};
}
diff --git a/pkgs/tools/misc/octofetch/default.nix b/pkgs/tools/misc/octofetch/default.nix
index db73ba805f2d..f254e77ebdea 100644
--- a/pkgs/tools/misc/octofetch/default.nix
+++ b/pkgs/tools/misc/octofetch/default.nix
@@ -29,7 +29,7 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/azur1s/octofetch";
description = "Github user information on terminal";
license = licenses.mit;
- maintainers = with maintainers; [ joelkoen ];
+ maintainers = [ ];
mainProgram = "octofetch";
};
}
diff --git a/pkgs/tools/nix/nix-melt/0001-fix-build-for-rust-1.80.patch b/pkgs/tools/nix/nix-melt/0001-fix-build-for-rust-1.80.patch
index a88a5ef14a97..cfea37c75f74 100644
--- a/pkgs/tools/nix/nix-melt/0001-fix-build-for-rust-1.80.patch
+++ b/pkgs/tools/nix/nix-melt/0001-fix-build-for-rust-1.80.patch
@@ -1,17 +1,58 @@
-From 472d60ff5d0f7e1cbfe4ec92cf7e985eefb68a92 Mon Sep 17 00:00:00 2001
+From b85cef7cd9a3d7367c41b7deca8264652e88014a Mon Sep 17 00:00:00 2001
From: Bryan Lai
-Date: Wed, 14 Aug 2024 14:23:10 +0800
+Date: Fri, 16 Aug 2024 20:14:28 +0800
Subject: [PATCH] deps: bump `time`, fix build for rust 1.80
+With: cargo update time --recursive
+
+Note that `cargo update` without the `--recursive` flag would be
+executed "conservatively". Basically, `cargo update time` will try
+its best to _not_ bump the dependencies of `time`. This restricts
+the amount that `time` itself can be updated.
+
+To really get the latest version, one has to add a `--recursive` flag.
+Only by doing this can we ensure that time is updated to the latest
+semver compatible version. In our case,
+
+- without `--recursive`, time only gets updated to 0.3.26
+- with `--recursive`, time gets updated to the latest 0.3.36,
+ with a couple of other dependencies updated
---
- Cargo.lock | 22 ++++++++++++++++------
- 1 file changed, 16 insertions(+), 6 deletions(-)
+ Cargo.lock | 84 +++++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 55 insertions(+), 29 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
-index 5bd0f35..dabe0d1 100644
+index 5bd0f35..a7c7cf8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
-@@ -372,6 +372,15 @@ dependencies = [
+@@ -200,7 +200,7 @@ dependencies = [
+ "heck",
+ "proc-macro2",
+ "quote",
+- "syn 2.0.15",
++ "syn 2.0.74",
+ ]
+
+ [[package]]
+@@ -317,7 +317,7 @@ dependencies = [
+ "proc-macro2",
+ "quote",
+ "scratch",
+- "syn 2.0.15",
++ "syn 2.0.74",
+ ]
+
+ [[package]]
+@@ -334,7 +334,7 @@ checksum = "2345488264226bf682893e25de0769f3360aac9957980ec49361b083ddaa5bc5"
+ dependencies = [
+ "proc-macro2",
+ "quote",
+- "syn 2.0.15",
++ "syn 2.0.74",
+ ]
+
+ [[package]]
+@@ -372,6 +372,16 @@ dependencies = [
"syn 1.0.109",
]
@@ -21,46 +62,195 @@ index 5bd0f35..dabe0d1 100644
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
+dependencies = [
++ "powerfmt",
+ "serde",
+]
+
[[package]]
name = "errno"
version = "0.3.1"
-@@ -1041,10 +1050,11 @@ dependencies = [
+@@ -511,9 +521,9 @@ dependencies = [
+
+ [[package]]
+ name = "itoa"
+-version = "1.0.6"
++version = "1.0.11"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
++checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
+
+ [[package]]
+ name = "js-sys"
+@@ -532,9 +542,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+ [[package]]
+ name = "libc"
+-version = "0.2.142"
++version = "0.2.156"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317"
++checksum = "a5f43f184355eefb8d17fc948dbecf6c13be3c141f20d834ae842193a448c72a"
+
+ [[package]]
+ name = "link-cplusplus"
+@@ -618,6 +628,12 @@ dependencies = [
+ "time",
+ ]
+
++[[package]]
++name = "num-conv"
++version = "0.1.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
++
+ [[package]]
+ name = "num-integer"
+ version = "0.1.45"
+@@ -639,9 +655,9 @@ dependencies = [
+
+ [[package]]
+ name = "num_threads"
+-version = "0.1.6"
++version = "0.1.7"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44"
++checksum = "5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9"
+ dependencies = [
+ "libc",
+ ]
+@@ -722,20 +738,26 @@ version = "0.2.9"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
+
++[[package]]
++name = "powerfmt"
++version = "0.2.0"
++source = "registry+https://github.com/rust-lang/crates.io-index"
++checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
++
+ [[package]]
+ name = "proc-macro2"
+-version = "1.0.56"
++version = "1.0.86"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435"
++checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
+ dependencies = [
+ "unicode-ident",
+ ]
+
+ [[package]]
+ name = "quote"
+-version = "1.0.26"
++version = "1.0.36"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
++checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
+ dependencies = [
+ "proc-macro2",
+ ]
+@@ -837,22 +859,22 @@ checksum = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1"
+
+ [[package]]
+ name = "serde"
+-version = "1.0.160"
++version = "1.0.208"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c"
++checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2"
+ dependencies = [
+ "serde_derive",
+ ]
+
+ [[package]]
+ name = "serde_derive"
+-version = "1.0.160"
++version = "1.0.208"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
++checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf"
+ dependencies = [
+ "proc-macro2",
+ "quote",
+- "syn 2.0.15",
++ "syn 2.0.74",
+ ]
+
+ [[package]]
+@@ -981,9 +1003,9 @@ dependencies = [
+
+ [[package]]
+ name = "syn"
+-version = "2.0.15"
++version = "2.0.74"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822"
++checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7"
+ dependencies = [
+ "proc-macro2",
+ "quote",
+@@ -1026,7 +1048,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
+ dependencies = [
+ "proc-macro2",
+ "quote",
+- "syn 2.0.15",
++ "syn 2.0.74",
+ ]
+
+ [[package]]
+@@ -1041,13 +1063,16 @@ dependencies = [
[[package]]
name = "time"
-version = "0.3.20"
-+version = "0.3.26"
++version = "0.3.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890"
-+checksum = "a79d09ac6b08c1ab3906a2f7cc2e81a0e27c7ae89c63812df75e52bef0751e07"
++checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
dependencies = [
+ "deranged",
"itoa",
"libc",
++ "num-conv",
"num_threads",
-@@ -1055,15 +1065,15 @@ dependencies = [
++ "powerfmt",
+ "serde",
+ "time-core",
+ "time-macros",
+@@ -1055,16 +1080,17 @@ dependencies = [
[[package]]
name = "time-core"
-version = "0.1.0"
-+version = "0.1.1"
++version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd"
-+checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
++checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
[[package]]
name = "time-macros"
-version = "0.2.8"
-+version = "0.2.12"
++version = "0.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36"
-+checksum = "75c65469ed6b3a4809d987a41eb1dc918e9bc1d92211cbad7ae82931846f7451"
++checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
dependencies = [
++ "num-conv",
"time-core",
]
+
+@@ -1121,9 +1147,9 @@ dependencies = [
+
+ [[package]]
+ name = "unicode-ident"
+-version = "1.0.8"
++version = "1.0.12"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
++checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+
+ [[package]]
+ name = "unicode-segmentation"
--
2.45.2
diff --git a/pkgs/tools/nix/nix-melt/default.nix b/pkgs/tools/nix/nix-melt/default.nix
index b88246b4f304..239a3a156462 100644
--- a/pkgs/tools/nix/nix-melt/default.nix
+++ b/pkgs/tools/nix/nix-melt/default.nix
@@ -19,7 +19,7 @@ rustPlatform.buildRustPackage rec {
./0001-fix-build-for-rust-1.80.patch
];
- cargoHash = "sha256-SzBsSr8bpzhc0GIcTkm9LZgJ66LEBe3QA8I7NdaJ0T8=";
+ cargoHash = "sha256-oEZTBb9dwnZvByULtgCm17KbWc9hjURLB0KDkqRRCr0=";
nativeBuildInputs = [
installShellFiles
diff --git a/pkgs/tools/system/nsc/default.nix b/pkgs/tools/system/nsc/default.nix
index d7664f9e317b..4930484accb5 100644
--- a/pkgs/tools/system/nsc/default.nix
+++ b/pkgs/tools/system/nsc/default.nix
@@ -7,13 +7,13 @@
buildGoModule rec {
pname = "nsc";
- version = "2.8.6";
+ version = "2.8.7";
src = fetchFromGitHub {
owner = "nats-io";
repo = pname;
rev = "v${version}";
- hash = "sha256-t8THHXv1/u5qf0QcLQAu4fMMRiGJ+gG9Huu2NkfMIyQ=";
+ hash = "sha256-uJR4AdXGSL3vKUABpBBteND7EUocKz+mLRqt5XPdREk=";
};
ldflags = [
@@ -23,7 +23,7 @@ buildGoModule rec {
"-X main.builtBy=nixpkgs"
];
- vendorHash = "sha256-M/wM03SumQUAVmBM+oyQ0KpqyB741Zl5LuSmNnJ9bxg=";
+ vendorHash = "sha256-+XSG5vDEGUYlORF9a15QnE2pueU8GN+UF7w7EtRArG8=";
nativeBuildInputs = [ installShellFiles ];
@@ -44,7 +44,7 @@ buildGoModule rec {
# the test strips table formatting from the command output in a naive way
# that removes all the table characters, including '-'.
# The nix build directory looks something like:
- # /private/tmp/nix-build-nsc-2.8.6.drv-0/nsc_test2000598938/keys
+ # /private/tmp/nix-build-nsc-2.8.7.drv-0/nsc_test2000598938/keys
# Then the `-` are removed from the path unintentionally and the test fails.
# This should be fixed upstream to avoid mangling the path when
# removing the table decorations from the command output.
diff --git a/pkgs/tools/text/ugrep/default.nix b/pkgs/tools/text/ugrep/default.nix
index 219b2806c849..1384d0219466 100644
--- a/pkgs/tools/text/ugrep/default.nix
+++ b/pkgs/tools/text/ugrep/default.nix
@@ -15,13 +15,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "ugrep";
- version = "6.4.1";
+ version = "6.5.0";
src = fetchFromGitHub {
owner = "Genivia";
repo = "ugrep";
rev = "v${finalAttrs.version}";
- hash = "sha256-0T/fX+ZzxfJD3CmoYLWSe3LE6B4HWkCC2bqXNwzUVpk=";
+ hash = "sha256-IG1HH/mducD6VyQHAvO2xHT+rMFAT1cqAO06TGeIFik=";
};
buildInputs = [
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c4a0e8cfe825..6e1e8583be33 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -22136,8 +22136,6 @@ with pkgs;
librttopo = callPackage ../development/libraries/librttopo { };
- libs3 = callPackage ../development/libraries/libs3 { };
-
libschrift = callPackage ../development/libraries/libschrift { };
libsciter = callPackage ../development/libraries/libsciter { };