From 7e2aec079c099f55b991b80356239076705d1bff Mon Sep 17 00:00:00 2001 From: Atemu Date: Sat, 22 Oct 2022 19:52:10 +0200 Subject: [PATCH 01/50] nixos/filesystems: escape mount options in fstab Some mount options might include path names and those often contain spaces and therefore must be escaped. An example which prompted me to make this change is the path of a btrfs subvolume. --- nixos/modules/tasks/filesystems.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index 994747601309..ea825667c34f 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -167,7 +167,7 @@ let else throw "No device specified for mount point ‘${fs.mountPoint}’.") + " " + escape (rootPrefix + fs.mountPoint) + " " + fs.fsType - + " " + builtins.concatStringsSep "," (fs.options ++ (extraOpts fs)) + + " " + escape (builtins.concatStringsSep "," (fs.options ++ (extraOpts fs))) + " " + (optionalString (!excludeChecks) ("0 " + (if skipCheck fs then "0" else if fs.mountPoint == "/" then "1" else "2"))) + "\n" From b82316bc919c1baed0563598adc5346fb05cbc4c Mon Sep 17 00:00:00 2001 From: talyz Date: Sat, 29 Oct 2022 13:17:23 +0200 Subject: [PATCH 02/50] nixos/keycloak: Escape admin password properly --- nixos/modules/services/web-apps/keycloak.nix | 2 +- nixos/tests/keycloak.nix | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 521cf778a36b..2dfb73bd04dc 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -637,7 +637,7 @@ in cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/ '' + '' export KEYCLOAK_ADMIN=admin - export KEYCLOAK_ADMIN_PASSWORD=${cfg.initialAdminPassword} + export KEYCLOAK_ADMIN_PASSWORD=${escapeShellArg cfg.initialAdminPassword} kc.sh start --optimized ''; }; diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index 6ce136330d43..2ade9e9c74ee 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -5,10 +5,13 @@ let certs = import ./common/acme/server/snakeoil-certs.nix; frontendUrl = "https://${certs.domain}"; - initialAdminPassword = "h4IhoJFnt2iQIR9"; keycloakTest = import ./make-test-python.nix ( { pkgs, databaseType, ... }: + let + initialAdminPassword = "h4Iho\"JFn't2>iQIR9"; + adminPasswordFile = pkgs.writeText "admin-password" "${initialAdminPassword}"; + in { name = "keycloak"; meta = with pkgs.lib.maintainers; { @@ -111,7 +114,7 @@ let keycloak.succeed(""" curl -sSf -d 'client_id=admin-cli' \ -d 'username=admin' \ - -d 'password=${initialAdminPassword}' \ + -d "password=$(<${adminPasswordFile})" \ -d 'grant_type=password' \ '${frontendUrl}/realms/master/protocol/openid-connect/token' \ | jq -r '"Authorization: bearer " + .access_token' >admin_auth_header @@ -119,10 +122,10 @@ let # Register the metrics SPI keycloak.succeed( - "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt", - "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", - "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", - "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'" + """${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt""", + """KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password "$(<${adminPasswordFile})" """, + """KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'""", + """curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'""" ) # Publish the realm, including a test OIDC client and user From d65910761c9dc0b842977b7b31d86721513b88dc Mon Sep 17 00:00:00 2001 From: talyz Date: Mon, 31 Oct 2022 18:55:22 +0100 Subject: [PATCH 03/50] nixos/keycloak: Escape database password properly --- nixos/modules/services/web-apps/keycloak.nix | 25 +++++++++++++++++++- nixos/tests/keycloak.nix | 2 +- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 2dfb73bd04dc..d52190a28648 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -482,6 +482,10 @@ in assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null); message = "A CA certificate must be specified (in 'services.keycloak.database.caCert') when PostgreSQL is used with SSL"; } + { + assertion = createLocalPostgreSQL -> config.services.postgresql.settings.standard_conforming_strings or true; + message = "Setting up a local PostgreSQL db for Keycloak requires `standard_conforming_strings` turned on to work reliably"; + } ]; environment.systemPackages = [ keycloakBuild ]; @@ -544,7 +548,13 @@ in create_role="$(mktemp)" trap 'rm -f "$create_role"' EXIT + # Read the password from the credentials directory and + # escape any single quotes by adding additional single + # quotes after them, following the rules laid out here: + # https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")" + db_password="''${db_password//\'/\'\'}" + echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role" psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role" psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"' @@ -566,8 +576,16 @@ in script = '' set -o errexit -o pipefail -o nounset -o errtrace shopt -s inherit_errexit + + # Read the password from the credentials directory and + # escape any single quotes by adding additional single + # quotes after them, following the rules laid out here: + # https://dev.mysql.com/doc/refman/8.0/en/string-literals.html db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")" - ( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" + db_password="''${db_password//\'/\'\'}" + + ( echo "SET sql_mode = 'NO_BACKSLASH_ESCAPES';" + echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';" echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;" echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';" ) | mysql -N @@ -632,6 +650,11 @@ in ${secretReplacements} + # Escape any backslashes in the db parameters, since + # they're otherwise unexpectedly read as escape + # sequences. + sed -i '/db-/ s|\\|\\\\|g' /run/keycloak/conf/keycloak.conf + '' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' mkdir -p /run/keycloak/ssl cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/ diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index 2ade9e9c74ee..228e57d1cdd6 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -40,7 +40,7 @@ let type = databaseType; username = "bogus"; name = "also bogus"; - passwordFile = "${pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"}"; + passwordFile = "${pkgs.writeText "dbPassword" ''wzf6\"vO"Cb\nP>p#6;c&o?eu=q'THE'''H''''E''}"; }; plugins = with config.services.keycloak.package.plugins; [ keycloak-discord From 753f883c35d0bd52002ce2d049a26bb1ae37c122 Mon Sep 17 00:00:00 2001 From: Atemu Date: Sat, 22 Oct 2022 23:55:04 +0200 Subject: [PATCH 04/50] stage-1: escape mount points and options mountFS adds these strings to fstab and then relies on `mount` parsing fstab. If they have spaces or tabs in them, that would break fstab and therefore not mount with the unhelpful error: No such file or directory. Co-authored-by: Lily Foster Co-authored-by: Luflosi --- nixos/modules/system/boot/stage-1-init.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 994aa0e33cbf..4596c160a957 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -342,6 +342,14 @@ checkFS() { return 0 } +escapeFstab() { + local original="$1" + + # Replace space + local escaped="${original// /\\040}" + # Replace tab + echo "${escaped//$'\t'/\\011}" +} # Function for mounting a file system. mountFS() { @@ -569,7 +577,7 @@ while read -u 3 mountPoint; do continue fi - mountFS "$device" "$mountPoint" "$options" "$fsType" + mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" done exec 3>&- From c2b3c9794dfb5a9ec4aa643fca07c1ac8ad3f644 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Mon, 31 Oct 2022 15:31:10 +0100 Subject: [PATCH 05/50] nixosTests: test spaces in mount options via btrfs subvols Also enabled the btrfs tests for installer-systemd-stage-1 again --- nixos/release-combined.nix | 1 + nixos/tests/installer-systemd-stage-1.nix | 7 ++++--- nixos/tests/installer.nix | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index a11ee31ab8d0..1d25806a323b 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -76,6 +76,7 @@ in rec { (onFullSupported "nixos.tests.i3wm") (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple") (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolDefault") + (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolEscape") (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvols") (onSystems ["x86_64-linux"] "nixos.tests.installer.luksroot") (onSystems ["x86_64-linux"] "nixos.tests.installer.lvm") diff --git a/nixos/tests/installer-systemd-stage-1.nix b/nixos/tests/installer-systemd-stage-1.nix index d02387ee80e0..03f0ec8d746b 100644 --- a/nixos/tests/installer-systemd-stage-1.nix +++ b/nixos/tests/installer-systemd-stage-1.nix @@ -8,9 +8,10 @@ # them when fixed. inherit (import ./installer.nix { inherit system config pkgs; systemdStage1 = true; }) # bcache - # btrfsSimple - # btrfsSubvolDefault - # btrfsSubvols + btrfsSimple + btrfsSubvolDefault + btrfsSubvolEscape + btrfsSubvols # encryptedFSWithKeyfile # grub1 # luksroot diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index d9f64a781c57..9b3c8a762991 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -911,4 +911,25 @@ in { ) ''; }; + + # Test to see if we can deal with subvols that need to be escaped in fstab + btrfsSubvolEscape = makeInstallerTest "btrfsSubvolEscape" { + createPartitions = '' + machine.succeed( + "sgdisk -Z /dev/vda", + "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", + "mkswap /dev/vda2 -L swap", + "swapon -L swap", + "mkfs.btrfs -L root /dev/vda3", + "btrfs device scan", + "mount LABEL=root /mnt", + "btrfs subvol create '/mnt/nixos in space'", + "btrfs subvol create /mnt/boot", + "umount /mnt", + "mount -o 'defaults,subvol=nixos in space' LABEL=root /mnt", + "mkdir /mnt/boot", + "mount -o defaults,subvol=boot LABEL=root /mnt/boot", + ) + ''; + }; } From 140bd1aef4e7a71ef0c5e1380d14ed81e6a92e52 Mon Sep 17 00:00:00 2001 From: illustris Date: Fri, 30 Sep 2022 22:13:14 +0530 Subject: [PATCH 06/50] hbase: update versions and remove EoL version - remove 1.7 - 2.4.11 -> 2.4.15 - init 2.5.1 - 3.0.0-alpha-2 -> 3.0.0-alpha-3 --- nixos/tests/all-tests.nix | 2 +- pkgs/servers/hbase/default.nix | 19 +++++++++---------- pkgs/top-level/all-packages.nix | 5 ++--- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 011d7b11b4f8..ea526a5ecd78 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -245,8 +245,8 @@ in { haproxy = handleTest ./haproxy.nix {}; hardened = handleTest ./hardened.nix {}; healthchecks = handleTest ./web-apps/healthchecks.nix {}; - hbase1 = handleTest ./hbase.nix { package=pkgs.hbase1; }; hbase2 = handleTest ./hbase.nix { package=pkgs.hbase2; }; + hbase_2_4 = handleTest ./hbase.nix { package=pkgs.hbase_2_4; }; hbase3 = handleTest ./hbase.nix { package=pkgs.hbase3; }; hedgedoc = handleTest ./hedgedoc.nix {}; herbstluftwm = handleTest ./herbstluftwm.nix {}; diff --git a/pkgs/servers/hbase/default.nix b/pkgs/servers/hbase/default.nix index 40b5dc7e0b65..aa00fe80743a 100644 --- a/pkgs/servers/hbase/default.nix +++ b/pkgs/servers/hbase/default.nix @@ -38,20 +38,19 @@ let common = { version, hash, jdk ? jdk11_headless, tests }: }; in { - hbase_1_7 = common { - version = "1.7.1"; - hash = "sha256-DrH2G79QLT8L0YTTmAGC9pUWU8semSaTOsrsQRCI2rY="; - jdk = jdk8_headless; - tests.standalone = nixosTests.hbase1; - }; hbase_2_4 = common { - version = "2.4.11"; - hash = "sha256-m0vjUtPaj8czHHh+rQNJJgrFAM744cHd06KE0ut7QeU="; + version = "2.4.15"; + hash = "sha256-KJXpfQ91POVd7ZnKQyIX5qzX4JIZqh3Zn2Pz0chW48g="; + tests.standalone = nixosTests.hbase_2_4; + }; + hbase_2_5 = common { + version = "2.5.1"; + hash = "sha256-ddSa4q43PSJv1W4lzzaXfv4LIThs4n8g8wYufHgsZVE="; tests.standalone = nixosTests.hbase2; }; hbase_3_0 = common { - version = "3.0.0-alpha-2"; - hash = "sha256-QPvgO1BeFWvMT5PdUm/SL92ZgvSvYIuJbzolbBTenz4="; + version = "3.0.0-alpha-3"; + hash = "sha256-TxuiUHc2pTb9nBth1H2XrDRLla2vqM+e1uBU+yY2/EM="; tests.standalone = nixosTests.hbase3; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b95a9bb2f5b1..93170054a041 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23121,9 +23121,8 @@ with pkgs; hasura-cli = callPackage ../servers/hasura/cli.nix { }; - inherit (callPackage ../servers/hbase {}) hbase_1_7 hbase_2_4 hbase_3_0; - hbase1 = hbase_1_7; - hbase2 = hbase_2_4; + inherit (callPackage ../servers/hbase {}) hbase_2_4 hbase_2_5 hbase_3_0; + hbase2 = hbase_2_5; hbase3 = hbase_3_0; hbase = hbase2; # when updating, point to the latest stable release From a42a85fd42c474080a3163eefe480a1f2231767f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 14 Nov 2022 16:46:43 +0000 Subject: [PATCH 07/50] twtxt: 1.2.3 -> 1.3.1 --- pkgs/applications/networking/twtxt/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/twtxt/default.nix b/pkgs/applications/networking/twtxt/default.nix index 792c13aa23fa..574540862562 100644 --- a/pkgs/applications/networking/twtxt/default.nix +++ b/pkgs/applications/networking/twtxt/default.nix @@ -2,13 +2,13 @@ buildPythonApplication rec { pname = "twtxt"; - version = "1.2.3"; + version = "1.3.1"; src = fetchFromGitHub { owner = "buckket"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-AdM95G2Vz3UbVPI7fs8/D78BMxscbTGrCpIyyHzSmho="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-CbFh1o2Ijinfb8X+h1GP3Tp+8D0D3/Czt/Uatd1B4cw="; }; # Relax some dependencies From c0da0ab05bc7bf823370e206dea267f6b5faa2ff Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Tue, 15 Nov 2022 08:21:46 +0100 Subject: [PATCH 08/50] wxGTK30: 3.0.5 -> 3.0.5.1 --- pkgs/development/libraries/wxwidgets/wxGTK30.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/wxwidgets/wxGTK30.nix b/pkgs/development/libraries/wxwidgets/wxGTK30.nix index 89b7ae1f94c4..3b848f788c10 100644 --- a/pkgs/development/libraries/wxwidgets/wxGTK30.nix +++ b/pkgs/development/libraries/wxwidgets/wxGTK30.nix @@ -41,13 +41,13 @@ let in stdenv.mkDerivation rec { pname = "wxwidgets"; - version = "3.0.5"; + version = "3.0.5.1"; src = fetchFromGitHub { owner = "wxWidgets"; repo = "wxWidgets"; rev = "v${version}"; - hash = "sha256-p69nNCg552j+nldGY0oL65uFRVu4xXCkoE10F5MwY9A="; + hash = "sha256-I91douzXDAfDgm4Pplf17iepv4vIRhXZDRFl9keJJq0="; }; nativeBuildInputs = [ pkg-config ]; From a71ccfabf660ef4da7920a9ce7ffb6cdf5c02654 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 15 Nov 2022 22:12:36 +0000 Subject: [PATCH 09/50] python310Packages.geopy: 2.2.0 -> 2.3.0 --- pkgs/development/python-modules/geopy/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/geopy/default.nix b/pkgs/development/python-modules/geopy/default.nix index 3ef58b9ec470..c22f86fc43ef 100644 --- a/pkgs/development/python-modules/geopy/default.nix +++ b/pkgs/development/python-modules/geopy/default.nix @@ -11,14 +11,14 @@ buildPythonPackage rec { pname = "geopy"; - version = "2.2.0"; + version = "2.3.0"; disabled = pythonOlder "3.5"; src = fetchFromGitHub { owner = pname; repo = pname; - rev = version; - sha256 = "sha256-zFz0T/M/CABKkChuiKsFkWj2pphZuFeE5gz0HxZYaz8="; + rev = "refs/tags/${version}"; + sha256 = "sha256-bHfjUfuiEH3AxRDTLmbm67bKOw6fBuMQDUQA2NLg800="; }; postPatch = '' From 54d139174aa121e53595ea99580bc7724352cd95 Mon Sep 17 00:00:00 2001 From: Dmitry Ivankov Date: Tue, 15 Nov 2022 23:51:29 +0100 Subject: [PATCH 10/50] rustup-toolchain-install-master: fix build by using openssl 1.x Upstream package didn't have recent releases. Currently build fails with something like ``` running: "/nix/store/dq0xwmsk1g0i2ayg6pb7y87na2knzylh-gcc-wrapper-11.3.0/bin/cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/nix/store/f95kxwhnr2bazy7nl6wzwjiak02dlp9v-openssl-3.0.7-dev/include" "-Wall" "-Wextra" "-E" "build/expando.c" cargo:warning=build/expando.c:4:24: error: pasting "RUST_VERSION_OPENSSL_" and "(" does not give a valid preprocessing token cargo:warning= 4 | #define VERSION2(n, v) RUST_VERSION_##n##_##v cargo:warning= | ^~~~~~~~~~~~~ cargo:warning=build/expando.c:5:23: note: in expansion of macro 'VERSION2' cargo:warning= 5 | #define VERSION(n, v) VERSION2(n, v) cargo:warning= | ^~~~~~~~ cargo:warning=build/expando.c:10:1: note: in expansion of macro 'VERSION' cargo:warning= 10 | VERSION(OPENSSL, OPENSSL_VERSION_NUMBER) cargo:warning= | ^~~~~~~ exit status: 1 ``` which looks like https://github.com/sfackler/rust-openssl/issues/1030 and should be fixed in a transitive dependency by https://github.com/sfackler/rust-openssl/pull/1264 But rather than trying to bump transitive dependency let's downgrade openssl used by this package. ZHF: #199919 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6f3d7a3dde6d..7affdba11ca1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15246,6 +15246,7 @@ with pkgs; }; rustup-toolchain-install-master = callPackage ../development/tools/rust/rustup-toolchain-install-master { inherit (darwin.apple_sdk.frameworks) Security; + openssl = openssl_1_1; }; rusty-man = callPackage ../development/tools/rust/rusty-man { }; From bd3976941db474c16e8b54be1d05fb866e53317a Mon Sep 17 00:00:00 2001 From: zendo Date: Wed, 16 Nov 2022 22:23:34 +0800 Subject: [PATCH 11/50] kooha: add gst-plugins-good --- pkgs/applications/video/kooha/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/video/kooha/default.nix b/pkgs/applications/video/kooha/default.nix index 37644b10252b..ba959ec5717e 100644 --- a/pkgs/applications/video/kooha/default.nix +++ b/pkgs/applications/video/kooha/default.nix @@ -50,6 +50,7 @@ stdenv.mkDerivation rec { buildInputs = [ glib gst_all_1.gstreamer + gst_all_1.gst-plugins-good gst_all_1.gst-plugins-base gst_all_1.gst-plugins-ugly gtk4 From 34b696a172047b8fbea0bb9c285cfe9d7038aea7 Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Thu, 17 Nov 2022 01:22:04 +0530 Subject: [PATCH 12/50] fossil: 2.19 -> 2.20 --- pkgs/applications/version-management/fossil/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/fossil/default.nix b/pkgs/applications/version-management/fossil/default.nix index ab610624f371..ea06107ed7ca 100644 --- a/pkgs/applications/version-management/fossil/default.nix +++ b/pkgs/applications/version-management/fossil/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { pname = "fossil"; - version = "2.19"; + version = "2.20"; src = fetchurl { url = "https://www.fossil-scm.org/home/tarball/version-${version}/fossil-${version}.tar.gz"; - sha256 = "sha256-RZ9/7b4lRJqFVyfXwzutO8C/Pa6XPyxtvpp7gmEGoj4="; + sha256 = "1knff50rr8f39myxj50fprb9ya87cslmwz7zzfya56l33r7i7jh3"; }; nativeBuildInputs = [ installShellFiles tcl tcllib ]; From 53424cfb8ab94987e2a2dc086e770b70fdf8d5e5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 17 Nov 2022 09:50:07 +0000 Subject: [PATCH 13/50] python310Packages.aws-lambda-builders: 1.20.0 -> 1.23.0 --- .../python-modules/aws-lambda-builders/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/aws-lambda-builders/default.nix b/pkgs/development/python-modules/aws-lambda-builders/default.nix index b5198752ad82..b7c2cf8994d4 100644 --- a/pkgs/development/python-modules/aws-lambda-builders/default.nix +++ b/pkgs/development/python-modules/aws-lambda-builders/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "aws-lambda-builders"; - version = "1.20.0"; + version = "1.23.0"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "awslabs"; repo = "aws-lambda-builders"; rev = "refs/tags/v${version}"; - hash = "sha256-+XOxz3xWIYacfUizztd4mH5kvBw/dkN9WiS38dONs7Y="; + hash = "sha256-3jzUowSeO6j7DzIlOkeU3KUFFIUi7cEyvjbIL8uRGcU="; }; propagatedBuildInputs = [ From e5fbcfb9743881b19a841f4d89c797f82c46680e Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Thu, 17 Nov 2022 14:54:52 -0700 Subject: [PATCH 14/50] gamescope: 3.11.48 -> 3.11.49 --- pkgs/applications/window-managers/gamescope/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/window-managers/gamescope/default.nix b/pkgs/applications/window-managers/gamescope/default.nix index 7e4003c68046..7b951fcfa55b 100644 --- a/pkgs/applications/window-managers/gamescope/default.nix +++ b/pkgs/applications/window-managers/gamescope/default.nix @@ -26,7 +26,7 @@ }: let pname = "gamescope"; - version = "3.11.48"; + version = "3.11.49"; in stdenv.mkDerivation { inherit pname version; @@ -35,7 +35,7 @@ stdenv.mkDerivation { owner = "Plagman"; repo = "gamescope"; rev = "refs/tags/${version}"; - hash = "sha256-/a0fW0NVIrg9tuK+mg+D+IOcq3rJJxKdFwspM1ZRR9M="; + hash = "sha256-GRq/b013wFRHzFz2YCulJRtcwzX/dhJKd8dkATSLug0="; }; patches = [ ./use-pkgconfig.patch ]; From 85af835f5454ef5219de1f0903e06a41bd4ab128 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Thu, 17 Nov 2022 14:59:19 -0700 Subject: [PATCH 15/50] gamescope: Add zhaofengli as maintainer --- pkgs/applications/window-managers/gamescope/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/window-managers/gamescope/default.nix b/pkgs/applications/window-managers/gamescope/default.nix index 7b951fcfa55b..7fdffc27f652 100644 --- a/pkgs/applications/window-managers/gamescope/default.nix +++ b/pkgs/applications/window-managers/gamescope/default.nix @@ -85,7 +85,7 @@ stdenv.mkDerivation { description = "SteamOS session compositing window manager"; homepage = "https://github.com/Plagman/gamescope"; license = licenses.bsd2; - maintainers = with maintainers; [ nrdxp ]; + maintainers = with maintainers; [ nrdxp zhaofengli ]; platforms = platforms.linux; }; } From 1ea076247f765ce1df6e4e7a220932873cde1ebd Mon Sep 17 00:00:00 2001 From: Ben Darwin Date: Sun, 4 Sep 2022 13:18:47 -0400 Subject: [PATCH 16/50] python3Packages.prodict: init at 0.8.6 --- .../python-modules/prodict/default.nix | 35 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/development/python-modules/prodict/default.nix diff --git a/pkgs/development/python-modules/prodict/default.nix b/pkgs/development/python-modules/prodict/default.nix new file mode 100644 index 000000000000..a6fdc61658dd --- /dev/null +++ b/pkgs/development/python-modules/prodict/default.nix @@ -0,0 +1,35 @@ +{ buildPythonPackage +, fetchFromGitHub +, pythonOlder +, pytestCheckHook +, lib +}: + +buildPythonPackage rec { + pname = "prodict"; + version = "0.8.6"; + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "ramazanpolat"; + repo = pname; + rev = version; + hash = "sha256-c46JEQFg4KRwerqpMSgh6+tYRpKTOX02Lzsq4/meS3o="; + }; + + # make setuptools happy on case-sensitive filesystems + postPatch = ''if [[ ! -f README.md ]]; then mv README.MD README.md; fi''; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ "prodict" ]; + + meta = { + description = "Access Python dictionary as a class with type hinting and autocompletion"; + homepage = "https://github.com/ramazanpolat/prodict"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ bcdarwin ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 8e01b0f15281..4a5f5c630b20 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -6825,6 +6825,8 @@ in { ppdeep = callPackage ../development/python-modules/ppdeep { }; + prodict = callPackage ../development/python-modules/prodict { }; + proxy_tools = callPackage ../development/python-modules/proxy_tools { }; py-nextbusnext = callPackage ../development/python-modules/py-nextbusnext { }; From c92e3b8b3800a299c57c91e06c0318b0ff0461e6 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 18 Nov 2022 04:20:00 +0000 Subject: [PATCH 17/50] python310Packages.geopy: add format attribute --- pkgs/development/python-modules/geopy/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/geopy/default.nix b/pkgs/development/python-modules/geopy/default.nix index c22f86fc43ef..22428ecacc17 100644 --- a/pkgs/development/python-modules/geopy/default.nix +++ b/pkgs/development/python-modules/geopy/default.nix @@ -12,6 +12,7 @@ buildPythonPackage rec { pname = "geopy"; version = "2.3.0"; + format = "setuptools"; disabled = pythonOlder "3.5"; src = fetchFromGitHub { From 763fdd330fbc5bbabf2aabae27a1875d89e60a59 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 18 Nov 2022 04:20:00 +0000 Subject: [PATCH 18/50] python310Packages.geopy: remove outdated postPatch --- pkgs/development/python-modules/geopy/default.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/geopy/default.nix b/pkgs/development/python-modules/geopy/default.nix index 22428ecacc17..965411fe4af8 100644 --- a/pkgs/development/python-modules/geopy/default.nix +++ b/pkgs/development/python-modules/geopy/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "geopy"; version = "2.3.0"; format = "setuptools"; - disabled = pythonOlder "3.5"; + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = pname; @@ -22,11 +22,6 @@ buildPythonPackage rec { sha256 = "sha256-bHfjUfuiEH3AxRDTLmbm67bKOw6fBuMQDUQA2NLg800="; }; - postPatch = '' - substituteInPlace setup.py \ - --replace "geographiclib<2,>=1.49" "geographiclib" - ''; - propagatedBuildInputs = [ geographiclib ]; From 1ebd2d6b60c795090573bf1498bdf8d22472b4c0 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 18 Nov 2022 04:20:00 +0000 Subject: [PATCH 19/50] millet: 0.5.16 -> 0.6.0 --- pkgs/development/tools/millet/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/millet/default.nix b/pkgs/development/tools/millet/default.nix index 3046df98839c..ccc895b89569 100644 --- a/pkgs/development/tools/millet/default.nix +++ b/pkgs/development/tools/millet/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "millet"; - version = "0.5.16"; + version = "0.6.0"; src = fetchFromGitHub { owner = "azdavis"; repo = pname; rev = "v${version}"; - hash = "sha256-YdCdB72f7IQsi8WKVmGlqAybcewisK1J7jfR5Irp6VE="; + hash = "sha256-tP1ccUtHfj+JPUYGo+QFYjbz56uNl3p53QNeE/xaCt4="; }; - cargoHash = "sha256-2WEptDHo2t6p8nzd00fPu/XQqq0gUlLAyuSraMfbHL0="; + cargoHash = "sha256-umOlvHDA8AtoAeB1i8nNgbjvzTmzwZfdjF+TCTKzqAU="; postPatch = '' rm .cargo/config.toml From bf9ffaa8b6af3d6a57810b96559a12d6b4a2c9a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 17 Nov 2022 20:36:43 -0800 Subject: [PATCH 20/50] python310Packages.pyrogram: 2.0.59 -> 2.0.62 --- pkgs/development/python-modules/pyrogram/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pyrogram/default.nix b/pkgs/development/python-modules/pyrogram/default.nix index a0ce4ea814d3..bd5433c7a5fb 100644 --- a/pkgs/development/python-modules/pyrogram/default.nix +++ b/pkgs/development/python-modules/pyrogram/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "pyrogram"; - version = "2.0.59"; + version = "2.0.62"; disabled = pythonOlder "3.7"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "pyrogram"; repo = "pyrogram"; rev = "v${version}"; - hash = "sha256-vGgtVXvi/zvbU8f+LBQJN8GSxyVqdv/fBYfsBR4BKf4="; + hash = "sha256-Kex9xIjcAYCzHeqWoDAIgTMuih0s42/O2zfTYxWEqbM="; }; propagatedBuildInputs = [ From ea8595a22dee1621ca7c3044fb19c8f86cdf1f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20St=C3=BChrk?= Date: Fri, 18 Nov 2022 21:55:38 +0100 Subject: [PATCH 21/50] pulumi: 3.46.1 -> 3.47.0 --- pkgs/tools/admin/pulumi/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/admin/pulumi/default.nix b/pkgs/tools/admin/pulumi/default.nix index 42daa857c163..027e4eac013c 100644 --- a/pkgs/tools/admin/pulumi/default.nix +++ b/pkgs/tools/admin/pulumi/default.nix @@ -14,16 +14,16 @@ buildGoModule rec { pname = "pulumi"; - version = "3.46.1"; + version = "3.47.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - hash = "sha256-bEAggHGMhSSwEiYj+DdJRajR4DLunpidbd4DflkBrQ8="; + hash = "sha256-r0VPWVyyWGZ2v2yKKiJGJV+ah77zxFm7Zwm9yag3fxc="; }; - vendorSha256 = "sha256-+JKCCNkByqWuvAv8qUL3L9DlDhvIbMsDbsfn3KYolUo="; + vendorSha256 = "sha256-eipxqX2m425FnPkf+ao/k1dYwDHDmJf+eS3S0sEiXkk="; sourceRoot = "source/pkg"; From 1cb6ce9869c13c52147a4569030c053d323dc811 Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Fri, 18 Nov 2022 18:03:08 -0500 Subject: [PATCH 22/50] lollypop: 1.4.36 -> 1.4.35 The 1.4.36 release is broken for us: ``` Traceback (most recent call last): File "/nix/store/yqy14z7qhgr728k9myq7dilvk87nmsar-lollypop-1.4.36/bin/.lollypop-wrapped", line 46, in from lollypop.application import Application File "/nix/store/yqy14z7qhgr728k9myq7dilvk87nmsar-lollypop-1.4.36/lib/python3.10/site-packages/lollypop/application.py", line 33, in from lollypop.database import Database File "/nix/store/yqy14z7qhgr728k9myq7dilvk87nmsar-lollypop-1.4.36/lib/python3.10/site-packages/lollypop/database.py", line 21, in from lollypop.database_upgrade import DatabaseAlbumsUpgrade File "/nix/store/yqy14z7qhgr728k9myq7dilvk87nmsar-lollypop-1.4.36/lib/python3.10/site-packages/lollypop/database_upgrade.py", line 24, in from lollypop.helper_task import TaskHelper File "/nix/store/yqy14z7qhgr728k9myq7dilvk87nmsar-lollypop-1.4.36/lib/python3.10/site-packages/lollypop/helper_task.py", line 14, in gi.require_version("Soup", "3.0") File "/nix/store/i9g6imnzqrnysfqj54jrdqb4ds3jh1kh-python3.10-pygobject-3.42.2/lib/python3.10/site-packages/gi/__init__.py", line 129, in require_version raise ValueError('Namespace %s not available for version %s' % ValueError: Namespace Soup not available for version 3.0 ``` This doesn't revert #201181, but it does move the version to 1.4.35, up from the original 1.4.34, but dowgrading from 1.4.36. --- pkgs/applications/audio/lollypop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/lollypop/default.nix b/pkgs/applications/audio/lollypop/default.nix index 019196d74eb7..0da23254aa81 100644 --- a/pkgs/applications/audio/lollypop/default.nix +++ b/pkgs/applications/audio/lollypop/default.nix @@ -25,7 +25,7 @@ python3.pkgs.buildPythonApplication rec { pname = "lollypop"; - version = "1.4.36"; + version = "1.4.35"; format = "other"; doCheck = false; @@ -34,7 +34,7 @@ python3.pkgs.buildPythonApplication rec { url = "https://gitlab.gnome.org/World/lollypop"; rev = "refs/tags/${version}"; fetchSubmodules = true; - sha256 = "sha256-Ka/rYgWGuCQTzguJiyQpY5SPC1iB5XOVy/Gezj+DYpk="; + sha256 = "sha256-Rdp0gZjdj2tXOWarsTpqgvSZVXAQsCLfk5oUyalE/ZA="; }; nativeBuildInputs = [ From 192f97496feb976ddbaa635fbe80c1c471ec88dc Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 19 Nov 2022 11:22:01 +0000 Subject: [PATCH 23/50] lxd: 5.7 -> 5.8 --- pkgs/tools/admin/lxd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/admin/lxd/default.nix b/pkgs/tools/admin/lxd/default.nix index c15861ed69d4..348760fb3e88 100644 --- a/pkgs/tools/admin/lxd/default.nix +++ b/pkgs/tools/admin/lxd/default.nix @@ -32,14 +32,14 @@ buildGoModule rec { pname = "lxd"; - version = "5.7"; + version = "5.8"; src = fetchurl { urls = [ "https://linuxcontainers.org/downloads/lxd/lxd-${version}.tar.gz" "https://github.com/lxc/lxd/releases/download/lxd-${version}/lxd-${version}.tar.gz" ]; - sha256 = "sha256-TZeF/VPrP4qRAVezJwQWtfypsxBJpnTrST0uDdw3WVI="; + sha256 = "sha256-mYyDYO8k4MVoNa8xfp1vH2nyuhNsDJ93s9F5hjaMftk="; }; vendorSha256 = null; From 50e33fac9d72a680f00d81cfc9d1c14800ae9618 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 13:21:38 +0100 Subject: [PATCH 24/50] home-assistant: pin aiohttp at 3.8.1 Newer versions break the pyatv and thereby the apple tv integration. --- pkgs/servers/home-assistant/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index a91323534397..790f7a012570 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -31,6 +31,16 @@ let # Override the version of some packages pinned in Home Assistant's setup.py and requirements_all.txt (self: super: { + # https://github.com/postlund/pyatv/issues/1879 + aiohttp = super.aiohttp.overridePythonAttrs (oldAttrs: rec { + pname = "aiohttp"; + version = "3.8.1"; + src = self.fetchPypi { + inherit pname version; + hash = "sha256-/FRx4aVN4V73HBvG6+gNTcaB6mAOaL/Ry85AQn8LdXg="; + }; + }); + backoff = super.backoff.overridePythonAttrs (oldAttrs: rec { version = "1.11.1"; src = fetchFromGitHub { From 19408d3093668e871e7d533a2480c0172ec56870 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 13:32:18 +0100 Subject: [PATCH 25/50] python3Packages.scikit-learn: disable failing test on darwin The darwin build of sklearn has been failing for a while on this error. --- pkgs/development/python-modules/scikit-learn/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/scikit-learn/default.nix b/pkgs/development/python-modules/scikit-learn/default.nix index d9c4f07ccb8d..9739163cea50 100644 --- a/pkgs/development/python-modules/scikit-learn/default.nix +++ b/pkgs/development/python-modules/scikit-learn/default.nix @@ -65,6 +65,8 @@ buildPythonPackage rec { "check_regressors_train" "check_classifiers_train" "xfail_ignored_in_check_estimator" + ] ++ lib.optionals (stdenv.isDarwin) [ + "test_graphical_lasso" ]; pytestFlagsArray = [ From bdee2b94efd312c0b0ced874b21524c7b71a1443 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 13:35:32 +0100 Subject: [PATCH 26/50] python3Packages.watchdog: Disable failing test on x86_64-darwin --- pkgs/development/python-modules/watchdog/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/watchdog/default.nix b/pkgs/development/python-modules/watchdog/default.nix index f38b732f9ebb..f42645940aac 100644 --- a/pkgs/development/python-modules/watchdog/default.nix +++ b/pkgs/development/python-modules/watchdog/default.nix @@ -55,6 +55,7 @@ buildPythonPackage rec { "test_create_wrong_encoding" ] ++ lib.optionals (stdenv.isDarwin && !stdenv.isAarch64) [ "test_delete" + "test_separate_consecutive_moves" ]; disabledTestPaths = [ From 0e1acfc749f63eb875ead9a67d3d8e5a93ec1556 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 13:40:03 +0100 Subject: [PATCH 27/50] python3Packages.qiskit-terra: mark broken The test suite segfaults the python interpreter. https://hydra.nixos.org/build/199001077 --- pkgs/development/python-modules/qiskit-terra/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/qiskit-terra/default.nix b/pkgs/development/python-modules/qiskit-terra/default.nix index 71486b30bc8e..aa9ce69fa1a5 100644 --- a/pkgs/development/python-modules/qiskit-terra/default.nix +++ b/pkgs/development/python-modules/qiskit-terra/default.nix @@ -193,7 +193,7 @@ buildPythonPackage rec { meta = with lib; { - broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin; + broken = true; # tests segfault python description = "Provides the foundations for Qiskit."; longDescription = '' Allows the user to write quantum circuits easily, and takes care of the constraints of real hardware. From a2972fca8cd5828771ccead2a94a12c6ca6906cd Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Sat, 19 Nov 2022 04:52:17 -0800 Subject: [PATCH 28/50] python310Packages.filemagic: remove This package is inactive: the last PyPI release was in 2013 and the last GitHub activity was in 2014. It was introduced in 2019 for paperless, but it's no longer used after paperless was replaced by paperless-ngx. There is an actively maintained alternative called python-magic that is already available in nixpkgs. --- .../python-modules/filemagic/default.nix | 30 ------------------- .../poetry2nix/overrides/build-systems.json | 3 -- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 -- 4 files changed, 1 insertion(+), 35 deletions(-) delete mode 100644 pkgs/development/python-modules/filemagic/default.nix diff --git a/pkgs/development/python-modules/filemagic/default.nix b/pkgs/development/python-modules/filemagic/default.nix deleted file mode 100644 index 96ee0a95b283..000000000000 --- a/pkgs/development/python-modules/filemagic/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ stdenv, lib, buildPythonPackage, fetchFromGitHub, file -, isPy3k, mock, unittest2 }: - -buildPythonPackage { - pname = "filemagic"; - version = "1.6"; - disabled = !isPy3k; # asserts on ResourceWarning - - # Don't use the PyPI source because it's missing files required for testing - src = fetchFromGitHub { - owner = "aliles"; - repo = "filemagic"; - rev = "138649062f769fb10c256e454a3e94ecfbf3017b"; - sha256 = "1jxf928jjl2v6zv8kdnfqvywdwql1zqkm1v5xn1d5w0qjcg38d4n"; - }; - - postPatch = '' - substituteInPlace magic/api.py --replace "ctypes.util.find_library('magic')" \ - "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'" - ''; - - checkInputs = [ mock ] ++ lib.optionals (!isPy3k) [ unittest2 ]; - - meta = with lib; { - description = "File type identification using libmagic"; - homepage = "https://github.com/aliles/filemagic"; - license = licenses.asl20; - maintainers = with maintainers; [ erikarvstedt ]; - }; -} diff --git a/pkgs/development/tools/poetry2nix/poetry2nix/overrides/build-systems.json b/pkgs/development/tools/poetry2nix/poetry2nix/overrides/build-systems.json index e2e674d967bd..e5d5c946a403 100644 --- a/pkgs/development/tools/poetry2nix/poetry2nix/overrides/build-systems.json +++ b/pkgs/development/tools/poetry2nix/poetry2nix/overrides/build-systems.json @@ -4816,9 +4816,6 @@ "setuptools", "setuptools-scm" ], - "filemagic": [ - "setuptools" - ], "filetype": [ "setuptools" ], diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index eb85a22c71e2..fd1f7cb50bf9 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -77,6 +77,7 @@ mapAliases ({ face_recognition_models = face-recognition-models; # added 2022-10-15 fake_factory = throw "fake_factory has been removed because it is unused and deprecated by upstream since 2016."; # added 2022-05-30 faulthandler = throw "faulthandler is built into ${python.executable}"; # added 2021-07-12 + filemagic = throw "inactive since 2014, so use python-magic instead"; # added 2022-11-19 flask_login = flask-login; # added 2022-10-17 flask_sqlalchemy = flask-sqlalchemy; # added 2022-07-20 flask_testing = flask-testing; # added 2022-04-25 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 431d9a46cba7..18ebf402c3c6 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -3228,8 +3228,6 @@ self: super: with self; { filelock = callPackage ../development/python-modules/filelock { }; - filemagic = callPackage ../development/python-modules/filemagic { }; - filetype = callPackage ../development/python-modules/filetype { }; filterpy = callPackage ../development/python-modules/filterpy { }; From 55ab131ee2a1099e7a41a76570365eba72b45159 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 9 Oct 2022 20:33:19 +0200 Subject: [PATCH 29/50] nixos/manual: Don't recommend mkpasswd methods Instead rely on the default, which at this time is yescrypt. --- nixos/doc/manual/configuration/user-mgmt.chapter.md | 3 +-- nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/doc/manual/configuration/user-mgmt.chapter.md b/nixos/doc/manual/configuration/user-mgmt.chapter.md index 37990664a8f1..5c3aca3ef9e9 100644 --- a/nixos/doc/manual/configuration/user-mgmt.chapter.md +++ b/nixos/doc/manual/configuration/user-mgmt.chapter.md @@ -32,8 +32,7 @@ account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. Passwords may still be assigned by setting the user\'s [hashedPassword](#opt-users.users._name_.hashedPassword) option. A -hashed password can be generated using `mkpasswd -m - sha-512`. +hashed password can be generated using `mkpasswd`. A user ID (uid) is assigned automatically. You can also specify a uid manually by adding diff --git a/nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml b/nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml index 06492d5c2512..a2d7d2a9f115 100644 --- a/nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml +++ b/nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml @@ -39,7 +39,7 @@ users.users.alice = { Passwords may still be assigned by setting the user's hashedPassword option. A hashed password can be generated using - mkpasswd -m sha-512. + mkpasswd. A user ID (uid) is assigned automatically. You can also specify a From f391e6dbccfb8289930a139f2afcfd032c60d89f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 9 Oct 2022 20:35:01 +0200 Subject: [PATCH 30/50] nixos/user: Don't recommend mkpasswd methods Instead rely on the default, which at this time is yescrypt. --- nixos/modules/config/users-groups.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index b538a0119c06..de5e398dc46a 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -35,7 +35,7 @@ let ''; hashedPasswordDescription = '' - To generate a hashed password run `mkpasswd -m sha-512`. + To generate a hashed password run `mkpasswd`. If set to an empty string (`""`), this user will be able to log in without being asked for a password (but not via remote From 78155df21dbdb8bd4c471df69e9352ec3471bf45 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 10 Oct 2022 04:19:06 +0200 Subject: [PATCH 31/50] nixos/users-groups: Warn about deprecated hashes at activation To allow for a reasonably fast deprecation of weak password hashing schemes we provide an activation script that checks existing hashes in /etc/shadow and issues a warning for user accounts that still rely on deprecated hashes. Co-Authored-By: oxalica --- nixos/modules/config/users-groups.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index de5e398dc46a..2660b0e6c938 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -592,6 +592,26 @@ in { ''; }; + # Warn about user accounts with deprecated password hashing schemes + system.activationScripts.hashes = { + deps = [ "users" ]; + text = '' + users=() + while IFS=: read -r user hash tail; do + if [[ "$hash" = "$"* && ! "$hash" =~ ^\$(y|gy|7|2b|2y|2a|6)\$ ]]; then + users+=("$user") + fi + done Date: Sat, 19 Nov 2022 13:17:22 +0100 Subject: [PATCH 32/50] photoprism: add valid passthru test --- pkgs/servers/photoprism/default.nix | 4 +-- pkgs/servers/photoprism/libtensorflow.nix | 30 +++++++++++++---------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/pkgs/servers/photoprism/default.nix b/pkgs/servers/photoprism/default.nix index 4c5fb08c30df..678f30c372d0 100644 --- a/pkgs/servers/photoprism/default.nix +++ b/pkgs/servers/photoprism/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg, libheif, exiftool, nixosTests, makeWrapper }: +{ pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg, libheif, exiftool, makeWrapper, testers }: let version = "221102-905925b4d"; @@ -74,7 +74,7 @@ stdenv.mkDerivation { runHook postInstall ''; - passthru.tests.photoprism = nixosTests.photoprism; + passthru.tests.version = testers.testVersion { package = pkgs.photoprism; }; meta = with lib; { homepage = "https://photoprism.app"; diff --git a/pkgs/servers/photoprism/libtensorflow.nix b/pkgs/servers/photoprism/libtensorflow.nix index 869f9fc8da1c..e1c8f9338cc8 100644 --- a/pkgs/servers/photoprism/libtensorflow.nix +++ b/pkgs/servers/photoprism/libtensorflow.nix @@ -15,12 +15,14 @@ stdenv.mkDerivation rec { aarch64-linux = "sha256-qnj4vhSWgrk8SIjzIH1/4waMxMsxMUvqdYZPaSaUJRk="; }.${system}; - url = let - systemName = { - x86_64-linux = "amd64"; - aarch64-linux = "arm64"; - }.${system}; - in "https://dl.photoprism.app/tensorflow/${systemName}/libtensorflow-${systemName}-${version}.tar.gz"; + url = + let + systemName = { + x86_64-linux = "amd64"; + aarch64-linux = "arm64"; + }.${system}; + in + "https://dl.photoprism.app/tensorflow/${systemName}/libtensorflow-${systemName}-${version}.tar.gz"; }) # Upstream tensorflow tarball (with .h's photoprism's tarball is missing) (fetchurl { @@ -49,13 +51,15 @@ stdenv.mkDerivation rec { ''; # Patch library to use our libc, libstdc++ and others - patchPhase = let - rpath = lib.makeLibraryPath [ stdenv.cc.libc stdenv.cc.cc.lib ]; - in '' - chmod -R +w lib - patchelf --set-rpath "${rpath}:$out/lib" lib/libtensorflow.so - patchelf --set-rpath "${rpath}" lib/libtensorflow_framework.so - ''; + patchPhase = + let + rpath = lib.makeLibraryPath [ stdenv.cc.libc stdenv.cc.cc.lib ]; + in + '' + chmod -R +w lib + patchelf --set-rpath "${rpath}:$out/lib" lib/libtensorflow.so + patchelf --set-rpath "${rpath}" lib/libtensorflow_framework.so + ''; buildPhase = '' # Write pkg-config file. From c3f9bd947228fab3ac0d87a431f8dadb492bee02 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 14:02:16 +0100 Subject: [PATCH 33/50] go-neb: Mark broken on darwin --- .../networking/instant-messengers/go-neb/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/instant-messengers/go-neb/default.nix b/pkgs/applications/networking/instant-messengers/go-neb/default.nix index e554f631920b..4dc24073f5b5 100644 --- a/pkgs/applications/networking/instant-messengers/go-neb/default.nix +++ b/pkgs/applications/networking/instant-messengers/go-neb/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub, nixosTests, olm }: +{ lib, stdenv, buildGoModule, fetchFromGitHub, nixosTests, olm }: buildGoModule { pname = "go-neb"; @@ -21,6 +21,7 @@ buildGoModule { passthru.tests.go-neb = nixosTests.go-neb; meta = with lib; { + broken = stdenv.isDarwin; description = "Extensible matrix bot written in Go"; homepage = "https://github.com/matrix-org/go-neb"; license = licenses.asl20; From 80a96e18c6cce88ab00d3fb1c66fc0e18a49aa6a Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 19 Nov 2022 15:22:38 +0100 Subject: [PATCH 34/50] python310Packages.pysma: 0.7.2 -> 0.7.3 --- pkgs/development/python-modules/pysma/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pysma/default.nix b/pkgs/development/python-modules/pysma/default.nix index 96864141e054..de1bba50740c 100644 --- a/pkgs/development/python-modules/pysma/default.nix +++ b/pkgs/development/python-modules/pysma/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "pysma"; - version = "0.7.2"; + version = "0.7.3"; format = "setuptools"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - sha256 = "sha256-hIrdT0b9XKw1UoPZtQQ7IaW+HV8wuA9Rwoo8XYdGyw8="; + sha256 = "sha256-8LwxRiYUhKYZkrjDNcnOkssvfw/tZ6dj1GKZQ6UkqsQ="; }; propagatedBuildInputs = [ From 3ecd3175456abeade5c73b5eb9ac618efa4c32b1 Mon Sep 17 00:00:00 2001 From: Caleb Maclennan Date: Sat, 19 Nov 2022 17:42:56 +0300 Subject: [PATCH 35/50] =?UTF-8?q?sile:=200.14.4=20=E2=86=92=200.14.5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/sile-typesetter/sile/releases/tag/v0.14.5 --- pkgs/tools/typesetting/sile/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/typesetting/sile/default.nix b/pkgs/tools/typesetting/sile/default.nix index 92baf044d3cc..9cc4941853d5 100644 --- a/pkgs/tools/typesetting/sile/default.nix +++ b/pkgs/tools/typesetting/sile/default.nix @@ -43,11 +43,11 @@ in stdenv.mkDerivation rec { pname = "sile"; - version = "0.14.4"; + version = "0.14.5"; src = fetchurl { url = "https://github.com/sile-typesetter/sile/releases/download/v${version}/${pname}-${version}.tar.xz"; - sha256 = "091sy3k29q15ksqr650qmf9lz8j9lqbabfph4cf63plg4dnf9m98"; + sha256 = "01wf0rihksk2ldxgci5vzl3j575vnp6wgk12yd28mwzxkss6n39g"; }; configureFlags = [ From 6957c60714625794fa0ca8e3ba80738944807b48 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 15:55:12 +0100 Subject: [PATCH 36/50] basiliskii: fix build on aarch64-linux --- pkgs/applications/emulators/basiliskii/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/emulators/basiliskii/default.nix b/pkgs/applications/emulators/basiliskii/default.nix index f32abac9a6b8..8a58dd24555f 100644 --- a/pkgs/applications/emulators/basiliskii/default.nix +++ b/pkgs/applications/emulators/basiliskii/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2 }: +{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2, mpfr }: stdenv.mkDerivation { pname = "basiliskii"; version = "unstable-2022-09-30"; @@ -12,7 +12,7 @@ stdenv.mkDerivation { sourceRoot = "source/BasiliskII/src/Unix"; patches = [ ./remove-redhat-6-workaround-for-scsi-sg.h.patch ]; nativeBuildInputs = [ autoconf automake pkg-config ]; - buildInputs = [ SDL2 gtk2 ]; + buildInputs = [ SDL2 gtk2 mpfr ]; preConfigure = '' NO_CONFIGURE=1 ./autogen.sh ''; From b967e3289a71ce831d8cd6d9ee5dfb99ceb6e9fe Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 19 Nov 2022 07:22:55 +0000 Subject: [PATCH 37/50] kubemq-community: 2.3.4 -> 2.3.5 --- pkgs/servers/kubemq-community/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/kubemq-community/default.nix b/pkgs/servers/kubemq-community/default.nix index 81e9e1b671fa..a3428a8db8a3 100644 --- a/pkgs/servers/kubemq-community/default.nix +++ b/pkgs/servers/kubemq-community/default.nix @@ -2,12 +2,12 @@ buildGoModule rec { pname = "kubemq-community"; - version = "2.3.4"; + version = "2.3.5"; src = fetchFromGitHub { owner = "kubemq-io"; repo = pname; rev = "v${version}"; - sha256 = "sha256-+HJpjKMSndcV+xQJM+FesdtoUSGHnpILQFuf3sbxBY0="; + sha256 = "sha256-kR2/Is1fQqpRyQ8yKSEvXV5xzXcHldCqgnCRNRZ+Ekg="; }; CGO_ENABLED=0; From 764195c60f0e022af767f82143706ab3152e7ef7 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 18 Nov 2022 16:45:59 +0000 Subject: [PATCH 38/50] bob: 0.6.3 -> 0.7.0 --- pkgs/development/tools/build-managers/bob/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/bob/default.nix b/pkgs/development/tools/build-managers/bob/default.nix index d5b86139cb16..a647621d77d3 100644 --- a/pkgs/development/tools/build-managers/bob/default.nix +++ b/pkgs/development/tools/build-managers/bob/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "bob"; - version = "0.6.3"; + version = "0.7.0"; src = fetchFromGitHub { owner = "benchkram"; repo = pname; rev = version; - hash = "sha256-jZDyZVjo4Purt2tabJew5N4MZmLXli6gqBTejv5FGJM="; + hash = "sha256-37VhzYxVrt+w1XTDXzKAkJT43TQSyCmX9SAoNnk+o3w="; }; ldflags = [ "-s" "-w" "-X main.Version=${version}" ]; From e78d5f642619e660c54d30f5548a71b18b3ee5d0 Mon Sep 17 00:00:00 2001 From: roblabla Date: Sat, 19 Nov 2022 16:10:17 +0100 Subject: [PATCH 39/50] ghidra: 10.2.1 -> 10.2.2 --- pkgs/tools/security/ghidra/build.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix index 9f97e3ece315..2857019612d5 100644 --- a/pkgs/tools/security/ghidra/build.nix +++ b/pkgs/tools/security/ghidra/build.nix @@ -19,13 +19,13 @@ let pkg_path = "$out/lib/ghidra"; pname = "ghidra"; - version = "10.2.1"; + version = "10.2.2"; src = fetchFromGitHub { owner = "NationalSecurityAgency"; repo = "Ghidra"; rev = "Ghidra_${version}_build"; - sha256 = "sha256-xK6rSvI3L5wVcTBxJJndAVQMxjpsA5jMq0GeWNmCodI="; + sha256 = "sha256-AiyY6mGM+jHu9n39t/cYj+I5CE+a3vA4P0THNEFoZrk="; }; desktopItem = makeDesktopItem { From 77393e800b3535158d43d63d79e7a22432f1db98 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 19 Nov 2022 15:14:19 +0000 Subject: [PATCH 40/50] nearcore: 1.29.0 -> 1.29.1 --- pkgs/applications/blockchains/nearcore/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/blockchains/nearcore/default.nix b/pkgs/applications/blockchains/nearcore/default.nix index a5c475308b32..058888d965da 100644 --- a/pkgs/applications/blockchains/nearcore/default.nix +++ b/pkgs/applications/blockchains/nearcore/default.nix @@ -4,7 +4,7 @@ }: rustPlatform.buildRustPackage rec { pname = "nearcore"; - version = "1.29.0"; + version = "1.29.1"; # https://github.com/near/nearcore/tags src = fetchFromGitHub { @@ -13,10 +13,10 @@ rustPlatform.buildRustPackage rec { # there is also a branch for this version number, so we need to be explicit rev = "refs/tags/${version}"; - sha256 = "sha256-TOZ6j4CaiOXmNn8kgVGP27SjvLDlGvabAA+PAEyFXIk="; + sha256 = "sha256-TmmGLrDpNOfadOIwmG7XRgI89XQjaqIavxCEE2plumc="; }; - cargoSha256 = "sha256-LjBgsQynHIfrQP4Z7j1J8+PLqRZWGAOQ5dJaGOqabVk="; + cargoSha256 = "sha256-4suoHP6AXhXlt7+sHMX5RW/LGZrbMhNNmzYvFBcnMTs="; cargoPatches = [ ./0001-make-near-test-contracts-optional.patch ]; postPatch = '' From b10c95f3c4ae83c3ffde49f4ea1aa1763156c415 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 19 Nov 2022 15:28:06 +0000 Subject: [PATCH 41/50] nfpm: 2.22.0 -> 2.22.1 --- pkgs/tools/package-management/nfpm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/package-management/nfpm/default.nix b/pkgs/tools/package-management/nfpm/default.nix index 11a192bbd318..c38f32fc997c 100644 --- a/pkgs/tools/package-management/nfpm/default.nix +++ b/pkgs/tools/package-management/nfpm/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "nfpm"; - version = "2.22.0"; + version = "2.22.1"; src = fetchFromGitHub { owner = "goreleaser"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Qb4jzn1UM/0B4ryk3cPVuhqVtJML+Vv5KtebBjirSuI="; + sha256 = "sha256-BdPY1DzF2zunhEp7Z13X3jOxhTPHHUejAe7HZSoexYk="; }; vendorSha256 = "sha256-fvSA0BQQKhXxyNu0/ilNcMmTBtLm/piA4rJu6p5+8GU="; From 56db2b08aeded6d10548c686f0977f4e9cbd05c4 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 19 Nov 2022 15:40:18 +0000 Subject: [PATCH 42/50] nth: 1.10 -> 1.11.0 --- pkgs/development/python-modules/name-that-hash/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/name-that-hash/default.nix b/pkgs/development/python-modules/name-that-hash/default.nix index de073e502dc8..e68764b13ff7 100644 --- a/pkgs/development/python-modules/name-that-hash/default.nix +++ b/pkgs/development/python-modules/name-that-hash/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "name-that-hash"; - version = "1.10"; + version = "1.11.0"; format = "pyproject"; src = fetchFromGitHub { owner = "HashPals"; repo = pname; rev = version; - hash = "sha256-3sddUPoC3NfKQzmNgqPf/uHaYN9VZBqsmV712uz1Phg="; + hash = "sha256-zOb4BS3zG1x8GLXAooqqvMOw0fNbw35JuRWOdGP26/8="; }; # TODO remove on next update which bumps rich From 2613b5f867b5e8945cdb67c0b7eca10f1ea337fb Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 13:59:08 +0100 Subject: [PATCH 43/50] python3Packages.token-bucket: Disable tests on darwin --- pkgs/development/python-modules/token-bucket/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/python-modules/token-bucket/default.nix b/pkgs/development/python-modules/token-bucket/default.nix index 508e38da4500..072b084db6dd 100644 --- a/pkgs/development/python-modules/token-bucket/default.nix +++ b/pkgs/development/python-modules/token-bucket/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , buildPythonPackage , fetchFromGitHub , pytest-runner @@ -25,6 +26,8 @@ buildPythonPackage rec { pytestCheckHook ]; + doCheck = !stdenv.isDarwin; + meta = with lib; { description = "Token Bucket Implementation for Python Web Apps"; homepage = "https://github.com/falconry/token-bucket"; From 0d10c31f2d8d4d0054d1f32e2bca31ceb642f70f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 14:12:40 +0100 Subject: [PATCH 44/50] matrix-synapse.tools.rust-synapse-compress-state: Mark broken on darwin --- .../matrix-synapse/tools/rust-synapse-compress-state.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/matrix-synapse/tools/rust-synapse-compress-state.nix b/pkgs/servers/matrix-synapse/tools/rust-synapse-compress-state.nix index fcf123d6e1db..fe1dc5f6b207 100644 --- a/pkgs/servers/matrix-synapse/tools/rust-synapse-compress-state.nix +++ b/pkgs/servers/matrix-synapse/tools/rust-synapse-compress-state.nix @@ -1,4 +1,4 @@ -{ lib, rustPlatform, python3, fetchFromGitHub, pkg-config, openssl }: +{ lib, stdenv, rustPlatform, python3, fetchFromGitHub, pkg-config, openssl }: rustPlatform.buildRustPackage rec { pname = "rust-synapse-compress-state"; @@ -22,6 +22,7 @@ rustPlatform.buildRustPackage rec { buildInputs = [ openssl ]; meta = with lib; { + broken = stdenv.isDarwin; description = "A tool to compress some state in a Synapse instance's database"; homepage = "https://github.com/matrix-org/rust-synapse-compress-state"; license = licenses.asl20; From 96f6844718bf0e7177341a9eecbdd1de27f60f6f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 19 Nov 2022 17:27:30 +0100 Subject: [PATCH 45/50] python3Packages.ctfime: fix platform-dependant test failure --- .../python-modules/cftime/default.nix | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/cftime/default.nix b/pkgs/development/python-modules/cftime/default.nix index 865282cfa650..c925381d00f1 100644 --- a/pkgs/development/python-modules/cftime/default.nix +++ b/pkgs/development/python-modules/cftime/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , cython , fetchPypi +, fetchpatch , numpy , pytestCheckHook , pythonOlder @@ -16,9 +17,22 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "sha256-hhTAD7ilBG3jBP3Ybb0iT5lAgYXXskWsZijQJ2WW5tI="; + hash = "sha256-hhTAD7ilBG3jBP3Ybb0iT5lAgYXXskWsZijQJ2WW5tI="; }; + patches = [ + (fetchpatch { + # Fix test_num2date_precision by checking per platform precision + url = "https://github.com/Unidata/cftime/commit/221ff2195d588a43a7984597033b678f330fbc41.patch"; + hash = "sha256-3XTJuET20g9QElM/8WGnNzJBFZ0oUN4ikhWKppwcyNM="; + }) + ]; + + postPatch = '' + sed -i "/--cov/d" setup.cfg + ''; + + nativeBuildInputs = [ cython numpy @@ -32,10 +46,6 @@ buildPythonPackage rec { pytestCheckHook ]; - postPatch = '' - sed -i "/--cov/d" setup.cfg - ''; - pythonImportsCheck = [ "cftime" ]; From 71a161dbb78f6eef470a63729819c99a68755556 Mon Sep 17 00:00:00 2001 From: Quantenzitrone Date: Thu, 18 Aug 2022 11:22:48 +0200 Subject: [PATCH 46/50] maintainers: add quantenzitrone --- maintainers/maintainer-list.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 7a28c2527642..33d6bcd382f3 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -11330,6 +11330,13 @@ githubId = 35086; name = "Jonathan Wright"; }; + quantenzitrone = { + email = "quantenzitrone@protonmail.com"; + github = "Quantenzitrone"; + githubId = 74491719; + matrix = "@quantenzitrone:matrix.org"; + name = "quantenzitrone"; + }; queezle = { email = "git@queezle.net"; github = "queezle42"; From c0d10e2d1eab91e6258170825b6a0852afb45e11 Mon Sep 17 00:00:00 2001 From: Quantenzitrone Date: Thu, 10 Nov 2022 02:13:00 +0100 Subject: [PATCH 47/50] fishPlugins.sponge: init at 1.1.0 --- pkgs/shells/fish/plugins/default.nix | 2 ++ pkgs/shells/fish/plugins/sponge.nix | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 pkgs/shells/fish/plugins/sponge.nix diff --git a/pkgs/shells/fish/plugins/default.nix b/pkgs/shells/fish/plugins/default.nix index cb2d73dacc5a..c67639a85a2f 100644 --- a/pkgs/shells/fish/plugins/default.nix +++ b/pkgs/shells/fish/plugins/default.nix @@ -31,4 +31,6 @@ lib.makeScope newScope (self: with self; { pure = callPackage ./pure.nix { }; + sponge = callPackage ./sponge.nix { }; + }) diff --git a/pkgs/shells/fish/plugins/sponge.nix b/pkgs/shells/fish/plugins/sponge.nix new file mode 100644 index 000000000000..2afc3ec61585 --- /dev/null +++ b/pkgs/shells/fish/plugins/sponge.nix @@ -0,0 +1,20 @@ +{ lib, buildFishPlugin, fetchFromGitHub }: + +buildFishPlugin rec { + pname = "sponge"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "meaningful-ooo"; + repo = pname; + rev = "${version}"; + sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; + }; + + meta = with lib; { + description = "keeps your fish shell history clean from typos, incorrectly used commands and everything you don't want to store due to privacy reasons"; + homepage = "https://github.com/meaningful-ooo/sponge"; + license = licenses.mit; + maintainers = with maintainers; [ quantenzitrone ]; + }; +} From ef945c5e88b435cdab34a9cbea7bdedfb92f5fd7 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Nov 2022 10:23:20 +0000 Subject: [PATCH 48/50] sameboy: 0.15.6 -> 0.15.8 --- pkgs/applications/emulators/sameboy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/emulators/sameboy/default.nix b/pkgs/applications/emulators/sameboy/default.nix index 26555acb61cb..035351885568 100644 --- a/pkgs/applications/emulators/sameboy/default.nix +++ b/pkgs/applications/emulators/sameboy/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "sameboy"; - version = "0.15.6"; + version = "0.15.8"; src = fetchFromGitHub { owner = "LIJI32"; repo = "SameBoy"; rev = "v${version}"; - sha256 = "sha256-WsZuOKq/Dfk2zgYFXSwZPUuPrJQJ3y3mJHL6s61mTig="; + sha256 = "sha256-SBK+aYekEJreD0XBvYaU12eIKmm9JNYIpPt1XhUtH4c="; }; enableParallelBuilding = true; From 4a3aa6ff98a08971135819d6ee145a63e1882840 Mon Sep 17 00:00:00 2001 From: happysalada Date: Fri, 18 Nov 2022 17:20:05 -0500 Subject: [PATCH 49/50] tremor-rs: module init --- nixos/modules/module-list.nix | 1 + .../modules/services/monitoring/tremor-rs.nix | 129 ++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 nixos/modules/services/monitoring/tremor-rs.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a886332e90b7..8fdf1f09cd18 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -718,6 +718,7 @@ ./services/monitoring/teamviewer.nix ./services/monitoring/telegraf.nix ./services/monitoring/thanos.nix + ./services/monitoring/tremor-rs.nix ./services/monitoring/tuptime.nix ./services/monitoring/unifi-poller.nix ./services/monitoring/ups.nix diff --git a/nixos/modules/services/monitoring/tremor-rs.nix b/nixos/modules/services/monitoring/tremor-rs.nix new file mode 100644 index 000000000000..213e8a474868 --- /dev/null +++ b/nixos/modules/services/monitoring/tremor-rs.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cfg = config.services.tremor-rs; + + loggerSettingsFormat = pkgs.formats.yaml { }; + loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings; +in { + + options = { + services.tremor-rs = { + enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system"); + + troyFileList = mkOption { + type = types.listOf types.path; + default = []; + description = lib.mdDoc "List of troy files to load."; + }; + + tremorLibDir = mkOption { + type = types.path; + default = ""; + description = lib.mdDoc "Directory where to find /lib containing tremor script files"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = lib.mdDoc "The host tremor should be listening on"; + }; + + port = mkOption { + type = types.port; + default = 9898; + description = lib.mdDoc "the port tremor should be listening on"; + }; + + loggerSettings = mkOption { + description = lib.mdDoc "Tremor logger configuration"; + default = {}; + type = loggerSettingsFormat.type; + + example = { + refresh_rate = "30 seconds"; + appenders.stdout.kind = "console"; + root = { + level = "warn"; + appenders = [ "stdout" ]; + }; + loggers = { + tremor_runtime = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + tremor = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + }; + }; + + defaultText = literalExpression '' + { + refresh_rate = "30 seconds"; + appenders.stdout.kind = "console"; + root = { + level = "warn"; + appenders = [ "stdout" ]; + }; + loggers = { + tremor_runtime = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + tremor = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + }; + } + ''; + + }; + }; + }; + + config = mkIf (cfg.enable) { + + environment.systemPackages = [ pkgs.tremor-rs ] ; + + systemd.services.tremor-rs = { + description = "Tremor event- or stream-processing system"; + wantedBy = [ "multi-user.target" ]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}"; + + serviceConfig = { + ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}"; + DynamicUser = true; + Restart = "always"; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectHome = true; + ProtectClock = true; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectHostname = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + RemoveIPC = true; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + }; + }; + }; +} From fe7290fc4b2c0496dde324ad1929d4b6dcb6468b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 19 Nov 2022 16:41:54 +0000 Subject: [PATCH 50/50] oh-my-posh: 12.13.3 -> 12.16.0 --- pkgs/development/tools/oh-my-posh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/oh-my-posh/default.nix b/pkgs/development/tools/oh-my-posh/default.nix index bd7d3effe1e9..7493176e3ac6 100644 --- a/pkgs/development/tools/oh-my-posh/default.nix +++ b/pkgs/development/tools/oh-my-posh/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "oh-my-posh"; - version = "12.13.3"; + version = "12.16.0"; src = fetchFromGitHub { owner = "jandedobbeleer"; repo = pname; rev = "v${version}"; - sha256 = "sha256-1H3BlKxTthyVXEaLISruZDFIeXEAaeZjGp597clPeLs="; + sha256 = "sha256-YrrOwTLVgxoriVgVDmn99ORSh04os0q/QnfBXtTtl5g="; }; vendorSha256 = "sha256-OrtKFkWXqVoXKmN6BT8YbCNjR1gRTT4gPNwmirn7fjU=";