diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix
index 7b3a6b4e60b8..5fa95828df69 100644
--- a/lib/tests/misc.nix
+++ b/lib/tests/misc.nix
@@ -496,7 +496,7 @@ runTests {
testToPretty =
let
- deriv = derivation { name = "test"; builder = "/bin/sh"; system = builtins.currentSystem; };
+ deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
in {
expr = mapAttrs (const (generators.toPretty { multiline = false; })) rec {
int = 42;
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index c84a3e3b0193..144b277438a5 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -19,8 +19,16 @@
New Services
-
-
+
+
+
+ aesmd,
+ the Intel SGX Architectural Enclave Service Manager. Available
+ as
+ services.aesmd.
+
+
+
Backward Incompatibilities
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 45ed69cf1b03..4418c8142a14 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -8,6 +8,8 @@ In addition to numerous new and upgraded packages, this release has the followin
## New Services {#sec-release-22.05-new-services}
+- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
+
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
diff --git a/nixos/modules/hardware/cpu/intel-sgx.nix b/nixos/modules/hardware/cpu/intel-sgx.nix
new file mode 100644
index 000000000000..046479400587
--- /dev/null
+++ b/nixos/modules/hardware/cpu/intel-sgx.nix
@@ -0,0 +1,47 @@
+{ config, lib, ... }:
+with lib;
+let
+ cfg = config.hardware.cpu.intel.sgx.provision;
+ defaultGroup = "sgx_prv";
+in
+{
+ options.hardware.cpu.intel.sgx.provision = {
+ enable = mkEnableOption "access to the Intel SGX provisioning device";
+ user = mkOption {
+ description = "Owner to assign to the SGX provisioning device.";
+ type = types.str;
+ default = "root";
+ };
+ group = mkOption {
+ description = "Group to assign to the SGX provisioning device.";
+ type = types.str;
+ default = defaultGroup;
+ };
+ mode = mkOption {
+ description = "Mode to set for the SGX provisioning device.";
+ type = types.str;
+ default = "0660";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ assertions = [
+ {
+ assertion = hasAttr cfg.user config.users.users;
+ message = "Given user does not exist";
+ }
+ {
+ assertion = (cfg.group == defaultGroup) || (hasAttr cfg.group config.users.groups);
+ message = "Given group does not exist";
+ }
+ ];
+
+ users.groups = optionalAttrs (cfg.group == defaultGroup) {
+ "${cfg.group}" = { };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="misc", KERNEL=="sgx_provision", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="${cfg.mode}"
+ '';
+ };
+}
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 3cc9ea88e17b..1f826220a0f3 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -45,6 +45,7 @@
./hardware/ckb-next.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
+ ./hardware/cpu/intel-sgx.nix
./hardware/corectrl.nix
./hardware/digitalbitbox.nix
./hardware/device-tree.nix
@@ -928,6 +929,7 @@
./services/search/kibana.nix
./services/search/meilisearch.nix
./services/search/solr.nix
+ ./services/security/aesmd.nix
./services/security/certmgr.nix
./services/security/cfssl.nix
./services/security/clamav.nix
diff --git a/nixos/modules/services/security/aesmd.nix b/nixos/modules/services/security/aesmd.nix
new file mode 100644
index 000000000000..bb53bc49e259
--- /dev/null
+++ b/nixos/modules/services/security/aesmd.nix
@@ -0,0 +1,227 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ cfg = config.services.aesmd;
+
+ sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
+
+ configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
+ concatStringsSep "\n" (
+ optional (whitelistUrl != null) "whitelist url = ${whitelistUrl}" ++
+ optional (proxy != null) "aesm proxy = ${proxy}" ++
+ optional (proxyType != null) "proxy type = ${proxyType}" ++
+ optional (defaultQuotingType != null) "default quoting type = ${defaultQuotingType}" ++
+ # Newline at end of file
+ [ "" ]
+ )
+ );
+in
+{
+ options.services.aesmd = {
+ enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
+ debug = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Whether to build the PSW package in debug mode.";
+ };
+ settings = mkOption {
+ description = "AESM configuration";
+ default = { };
+ type = types.submodule {
+ options.whitelistUrl = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin";
+ description = "URL to retrieve authorized Intel SGX enclave signers.";
+ };
+ options.proxy = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ example = "http://proxy_url:1234";
+ description = "HTTP network proxy.";
+ };
+ options.proxyType = mkOption {
+ type = with types; nullOr (enum [ "default" "direct" "manual" ]);
+ default = if (cfg.settings.proxy != null) then "manual" else null;
+ example = "default";
+ description = ''
+ Type of proxy to use. The default uses the system's default proxy.
+ If direct is given, uses no proxy.
+ A value of manual uses the proxy from
+ .
+ '';
+ };
+ options.defaultQuotingType = mkOption {
+ type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]);
+ default = null;
+ example = "ecdsa_256";
+ description = "Attestation quote type.";
+ };
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ assertions = [{
+ assertion = !(config.boot.specialFileSystems."/dev".options ? "noexec");
+ message = "SGX requires exec permission for /dev";
+ }];
+
+ hardware.cpu.intel.sgx.provision.enable = true;
+
+ systemd.services.aesmd =
+ let
+ storeAesmFolder = "${sgx-psw}/aesm";
+ # Hardcoded path AESM_DATA_FOLDER in psw/ae/aesm_service/source/oal/linux/aesm_util.cpp
+ aesmDataFolder = "/var/opt/aesmd/data";
+ aesmStateDirSystemd = "%S/aesmd";
+ in
+ {
+ description = "Intel Architectural Enclave Service Manager";
+ wantedBy = [ "multi-user.target" ];
+
+ after = [
+ "auditd.service"
+ "network.target"
+ "syslog.target"
+ ];
+
+ environment = {
+ NAME = "aesm_service";
+ AESM_PATH = storeAesmFolder;
+ LD_LIBRARY_PATH = storeAesmFolder;
+ };
+
+ # Make sure any of the SGX application enclave devices is available
+ unitConfig.AssertPathExists = [
+ # legacy out-of-tree driver
+ "|/dev/isgx"
+ # DCAP driver
+ "|/dev/sgx/enclave"
+ # in-tree driver
+ "|/dev/sgx_enclave"
+ ];
+
+ serviceConfig = rec {
+ ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
+ set -euo pipefail
+ whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
+ if [[ ! -f "$whiteListFile" ]]; then
+ ${pkgs.coreutils}/bin/install -m 644 -D \
+ "${storeAesmFolder}/data/white_list_cert_to_be_verify.bin" \
+ "$whiteListFile"
+ fi
+ '';
+ ExecStart = "${sgx-psw}/bin/aesm_service --no-daemon";
+ ExecReload = ''${pkgs.coreutils}/bin/kill -SIGHUP "$MAINPID"'';
+
+ Restart = "on-failure";
+ RestartSec = "15s";
+
+ DynamicUser = true;
+ Group = "sgx";
+ SupplementaryGroups = [
+ config.hardware.cpu.intel.sgx.provision.group
+ ];
+
+ Type = "simple";
+
+ WorkingDirectory = storeAesmFolder;
+ StateDirectory = "aesmd";
+ StateDirectoryMode = "0700";
+ RuntimeDirectory = "aesmd";
+ RuntimeDirectoryMode = "0750";
+
+ # Hardening
+
+ # chroot into the runtime directory
+ RootDirectory = "%t/aesmd";
+ BindReadOnlyPaths = [
+ builtins.storeDir
+ # Hardcoded path AESM_CONFIG_FILE in psw/ae/aesm_service/source/utils/aesm_config.cpp
+ "${configFile}:/etc/aesmd.conf"
+ ];
+ BindPaths = [
+ # Hardcoded path CONFIG_SOCKET_PATH in psw/ae/aesm_service/source/core/ipc/SocketConfig.h
+ "%t/aesmd:/var/run/aesmd"
+ "%S/aesmd:/var/opt/aesmd"
+ ];
+
+ # PrivateDevices=true will mount /dev noexec which breaks AESM
+ PrivateDevices = false;
+ DevicePolicy = "closed";
+ DeviceAllow = [
+ # legacy out-of-tree driver
+ "/dev/isgx rw"
+ # DCAP driver
+ "/dev/sgx rw"
+ # in-tree driver
+ "/dev/sgx_enclave rw"
+ "/dev/sgx_provision rw"
+ ];
+
+ # Requires Internet access for attestation
+ PrivateNetwork = false;
+
+ RestrictAddressFamilies = [
+ # Allocates the socket /var/run/aesmd/aesm.socket
+ "AF_UNIX"
+ # Uses the HTTP protocol to initialize some services
+ "AF_INET"
+ "AF_INET6"
+ ];
+
+ # True breaks stuff
+ MemoryDenyWriteExecute = false;
+
+ # needs the ipc syscall in order to run
+ SystemCallFilter = [
+ "@system-service"
+ "~@aio"
+ "~@chown"
+ "~@clock"
+ "~@cpu-emulation"
+ "~@debug"
+ "~@keyring"
+ "~@memlock"
+ "~@module"
+ "~@mount"
+ "~@privileged"
+ "~@raw-io"
+ "~@reboot"
+ "~@resources"
+ "~@setuid"
+ "~@swap"
+ "~@sync"
+ "~@timer"
+ ];
+ SystemCallArchitectures = "native";
+ SystemCallErrorNumber = "EPERM";
+
+ CapabilityBoundingSet = "";
+ KeyringMode = "private";
+ LockPersonality = true;
+ NoNewPrivileges = true;
+ NotifyAccess = "none";
+ PrivateMounts = true;
+ PrivateTmp = true;
+ PrivateUsers = true;
+ ProcSubset = "pid";
+ ProtectClock = true;
+ ProtectControlGroups = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectProc = "invisible";
+ ProtectSystem = "strict";
+ RemoveIPC = true;
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ UMask = "0066";
+ };
+ };
+ };
+}
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index b1a536e519db..8345fc10914e 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -526,8 +526,8 @@ in {
# FIXME(@Ma27) remove as soon as nextcloud properly supports
# mariadb >=10.6.
isUnsupportedMariadb =
- # All currently supported Nextcloud versions are affected.
- (versionOlder cfg.package.version "23")
+ # All currently supported Nextcloud versions are affected (https://github.com/nextcloud/server/issues/25436).
+ (versionOlder cfg.package.version "24")
# This module uses mysql
&& (cfg.config.dbtype == "mysql")
# MySQL is managed via NixOS
diff --git a/nixos/tests/aesmd.nix b/nixos/tests/aesmd.nix
new file mode 100644
index 000000000000..59c04fe7e96a
--- /dev/null
+++ b/nixos/tests/aesmd.nix
@@ -0,0 +1,62 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
+ name = "aesmd";
+ meta = {
+ maintainers = with lib.maintainers; [ veehaitch ];
+ };
+
+ machine = { lib, ... }: {
+ services.aesmd = {
+ enable = true;
+ settings = {
+ defaultQuotingType = "ecdsa_256";
+ proxyType = "direct";
+ whitelistUrl = "http://nixos.org";
+ };
+ };
+
+ # Should have access to the AESM socket
+ users.users."sgxtest" = {
+ isNormalUser = true;
+ extraGroups = [ "sgx" ];
+ };
+
+ # Should NOT have access to the AESM socket
+ users.users."nosgxtest".isNormalUser = true;
+
+ # We don't have a real SGX machine in NixOS tests
+ systemd.services.aesmd.unitConfig.AssertPathExists = lib.mkForce [ ];
+ };
+
+ testScript = ''
+ with subtest("aesmd.service starts"):
+ machine.wait_for_unit("aesmd.service")
+ status, main_pid = machine.systemctl("show --property MainPID --value aesmd.service")
+ assert status == 0, "Could not get MainPID of aesmd.service"
+ main_pid = main_pid.strip()
+
+ with subtest("aesmd.service runtime directory permissions"):
+ runtime_dir = "/run/aesmd";
+ res = machine.succeed(f"stat -c '%a %U %G' {runtime_dir}").strip()
+ assert "750 aesmd sgx" == res, f"{runtime_dir} does not have the expected permissions: {res}"
+
+ with subtest("aesm.socket available on host"):
+ socket_path = "/var/run/aesmd/aesm.socket"
+ machine.wait_until_succeeds(f"test -S {socket_path}")
+ machine.succeed(f"test 777 -eq $(stat -c '%a' {socket_path})")
+ for op in [ "-r", "-w", "-x" ]:
+ machine.succeed(f"sudo -u sgxtest test {op} {socket_path}")
+ machine.fail(f"sudo -u nosgxtest test {op} {socket_path}")
+
+ with subtest("Copies white_list_cert_to_be_verify.bin"):
+ whitelist_path = "/var/opt/aesmd/data/white_list_cert_to_be_verify.bin"
+ whitelist_perms = machine.succeed(
+ f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/stat -c '%a' {whitelist_path}"
+ ).strip()
+ assert "644" == whitelist_perms, f"white_list_cert_to_be_verify.bin has permissions {whitelist_perms}"
+
+ with subtest("Writes and binds aesm.conf in service namespace"):
+ aesmd_config = machine.succeed(f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/cat /etc/aesmd.conf")
+
+ assert aesmd_config == "whitelist url = http://nixos.org\nproxy type = direct\ndefault quoting type = ecdsa_256\n", "aesmd.conf differs"
+ '';
+})
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 06305460c6ac..f86cc2544dab 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -23,6 +23,7 @@ in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTest ./acme.nix {};
+ aesmd = handleTest ./aesmd.nix {};
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
diff --git a/pkgs/applications/blockchains/bisq-desktop/default.nix b/pkgs/applications/blockchains/bisq-desktop/default.nix
index 2781e69c56ad..a215e600bbd9 100644
--- a/pkgs/applications/blockchains/bisq-desktop/default.nix
+++ b/pkgs/applications/blockchains/bisq-desktop/default.nix
@@ -35,11 +35,11 @@ let
in
stdenv.mkDerivation rec {
pname = "bisq-desktop";
- version = "1.7.5";
+ version = "1.8.0";
src = fetchurl {
url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
- sha256 = "0mwlmya53xaps8x8c5cvk9zxy0ddijkrba8x3jp2glql34wac3ri";
+ sha256 = "1q6x6w8mp5ax852hlvi2p61xgckb2lpr2ml21a9mfs9421b6m8h2";
};
nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg gnutar zip xz ];
diff --git a/pkgs/applications/networking/cluster/terraform/default.nix b/pkgs/applications/networking/cluster/terraform/default.nix
index 0d2ebc6bdba4..da4fc449bed3 100644
--- a/pkgs/applications/networking/cluster/terraform/default.nix
+++ b/pkgs/applications/networking/cluster/terraform/default.nix
@@ -196,10 +196,10 @@ rec {
passthru = { inherit plugins; };
};
- terraform_1_0 = mkTerraform {
- version = "1.0.11";
- sha256 = "0k05s4zm16vksq21f1q00y2lzfgi5fhs1ygydm8jk0srs9x8ask7";
- vendorSha256 = "1brgghl7fb26va4adix443rl1dkjaqrr4jkknxjkcaps0knqp172";
+ terraform_1 = mkTerraform {
+ version = "1.1.0";
+ sha256 = "sha256-nnYMoQitqFbOjI8twDh9hWDb1qxMNNVy6wldxkyDKY0=";
+ vendorSha256 = "sha256-inPNvNUcil9X0VQ/pVgZdnnmn9UCfEz7qXiuKDj8RYM=";
patches = [ ./provider-path-0_15.patch ];
passthru = { inherit plugins; };
};
@@ -213,7 +213,7 @@ rec {
mainTf = writeText "main.tf" ''
resource "random_id" "test" {}
'';
- terraform = terraform_1_0.withPlugins (p: [ p.random ]);
+ terraform = terraform_1.withPlugins (p: [ p.random ]);
test =
runCommand "terraform-plugin-test" { buildInputs = [ terraform ]; } ''
set -e
diff --git a/pkgs/applications/networking/instant-messengers/element/element-desktop-package.json b/pkgs/applications/networking/instant-messengers/element/element-desktop-package.json
index c958137ab9f8..88ac40b4134f 100644
--- a/pkgs/applications/networking/instant-messengers/element/element-desktop-package.json
+++ b/pkgs/applications/networking/instant-messengers/element/element-desktop-package.json
@@ -2,7 +2,7 @@
"name": "element-desktop",
"productName": "Element",
"main": "lib/electron-main.js",
- "version": "1.9.6",
+ "version": "1.9.7",
"description": "A feature-rich client for Matrix.org",
"author": "Element",
"repository": {
@@ -83,7 +83,7 @@
},
"build": {
"appId": "im.riot.app",
- "electronVersion": "13.5.1",
+ "electronVersion": "13.5.2",
"files": [
"package.json",
{
diff --git a/pkgs/applications/networking/instant-messengers/element/pin.json b/pkgs/applications/networking/instant-messengers/element/pin.json
index 599f0a1754cf..c711956791ac 100644
--- a/pkgs/applications/networking/instant-messengers/element/pin.json
+++ b/pkgs/applications/networking/instant-messengers/element/pin.json
@@ -1,6 +1,6 @@
{
- "version": "1.9.6",
- "desktopSrcHash": "AJLKp9VbNF0XvcQe6t0/pw1hiVCgRiRb27KJooQ2NlQ=",
- "desktopYarnHash": "1xa8vrqj3g3hfhzrk8m7yr57my9ipyyhw8vsx4m86v8i1iqrpmnm",
- "webHash": "161w6i122i81jyb23mpxlf7k5wx2v4c6ai2liywn89q74hj3axr5"
+ "version": "1.9.7",
+ "desktopSrcHash": "bUzIIPNVgK2whQJoEZOaoa+jsJx4No+xji6hXK6wxFY=",
+ "desktopYarnHash": "1n9dqpvq31k94mx5s1dgqavaxdd0jrzcwdx106c5dnq6xnxs941p",
+ "webHash": "1fx1nznqbwvs84kpc239ms9kpzy9p72hrz3qqbzay8p9x4gc1ws3"
}
diff --git a/pkgs/applications/science/logic/z3/default.nix b/pkgs/applications/science/logic/z3/default.nix
index 4153ba5f66fc..0e500af6a595 100644
--- a/pkgs/applications/science/logic/z3/default.nix
+++ b/pkgs/applications/science/logic/z3/default.nix
@@ -49,6 +49,9 @@ stdenv.mkDerivation rec {
++ optional pythonBindings "--python --pypkgdir=$out/${python.sitePackages}"
) + "\n" + "cd build";
+ # ../src/ast/ast.h:183:39: error: 'get' is unavailable: introduced in macOS 10.13
+ NIX_CFLAGS_COMPILE = lib.optional (stdenv.hostPlatform.system == "x86_64-darwin") "-D_LIBCPP_DISABLE_AVAILABILITY";
+
postInstall = ''
mkdir -p $dev $lib
mv $out/lib $lib/lib
diff --git a/pkgs/applications/science/misc/rink/default.nix b/pkgs/applications/science/misc/rink/default.nix
index fcacaefca442..d319dbe3e704 100644
--- a/pkgs/applications/science/misc/rink/default.nix
+++ b/pkgs/applications/science/misc/rink/default.nix
@@ -2,17 +2,17 @@
, libiconv, Security }:
rustPlatform.buildRustPackage rec {
- version = "0.6.1";
+ version = "0.6.2";
pname = "rink";
src = fetchFromGitHub {
owner = "tiffany352";
repo = "rink-rs";
rev = "v${version}";
- sha256 = "1h93xlavcjvx588q8wkpbzph88yjjhhvzcfxr5nicdca0jnha5ch";
+ sha256 = "sha256-l2Rj15zaJm94EHwvOssfvYQNOoWj45Nq9M85n+A0vo4=";
};
- cargoSha256 = "0x4rvfnw3gl2aj6i006nkk3y1f8skyv8g0ss3z2v6qj9nhs7pyir";
+ cargoSha256 = "sha256-GhuvwVkDRFjC6BghaNMFZZG9hResTN1u0AuvIXlFmig=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ ncurses ]
diff --git a/pkgs/applications/version-management/git-and-tools/gitin/default.nix b/pkgs/applications/version-management/git-and-tools/gitin/default.nix
deleted file mode 100644
index 3d429b7c561c..000000000000
--- a/pkgs/applications/version-management/git-and-tools/gitin/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ lib
-, buildGoPackage
-, fetchFromGitHub
-, pkg-config
-, libgit2_0_27
-}:
-
-buildGoPackage rec {
- version = "0.2.3";
- pname = "gitin";
-
- goPackagePath = "github.com/isacikgoz/gitin";
-
- src = fetchFromGitHub {
- owner = "isacikgoz";
- repo = "gitin";
- rev = "v${version}";
- sha256 = "00z6i0bjk3hdxbc0cy12ss75b41yvzyl5pm6rdrvsjhzavry2fa3";
- };
-
- goDeps = ./deps.nix;
-
- nativeBuildInputs = [ pkg-config ];
- buildInputs = [ libgit2_0_27 ];
-
- meta = with lib; {
- homepage = "https://github.com/isacikgoz/gitin";
- description = "Text-based user interface for git";
- license = licenses.bsd3;
- maintainers = with maintainers; [ kimat ];
- };
-}
diff --git a/pkgs/applications/version-management/git-and-tools/gitin/deps.nix b/pkgs/applications/version-management/git-and-tools/gitin/deps.nix
deleted file mode 100644
index 908665693b81..000000000000
--- a/pkgs/applications/version-management/git-and-tools/gitin/deps.nix
+++ /dev/null
@@ -1,121 +0,0 @@
-# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
-[
- {
- goPackagePath = "github.com/alecthomas/template";
- fetch = {
- type = "git";
- url = "https://github.com/alecthomas/template";
- rev = "fb15b899a75114aa79cc930e33c46b577cc664b1";
- sha256 = "1vlasv4dgycydh5wx6jdcvz40zdv90zz1h7836z7lhsi2ymvii26";
- };
- }
- {
- goPackagePath = "github.com/alecthomas/units";
- fetch = {
- type = "git";
- url = "https://github.com/alecthomas/units";
- rev = "f65c72e2690dc4b403c8bd637baf4611cd4c069b";
- sha256 = "04jyqm7m3m01ppfy1f9xk4qvrwvs78q9zml6llyf2b3v5k6b2bbc";
- };
- }
- {
- goPackagePath = "github.com/fatih/color";
- fetch = {
- type = "git";
- url = "https://github.com/fatih/color";
- rev = "daf2830f2741ebb735b21709a520c5f37d642d85";
- sha256 = "086z8ssmr1fn9ba4mqnw7pnccfpys6l5yfhvycv1gdrsk7n27mvs";
- };
- }
- {
- goPackagePath = "github.com/isacikgoz/gia";
- fetch = {
- type = "git";
- url = "https://github.com/isacikgoz/gia";
- rev = "00556493579ec25f4e199b85ee1e2a73c98d15bb";
- sha256 = "16nqi4z1pgybcw05wbp3qnbbq407smcr56hq7npnhkirngc5j822";
- };
- }
- {
- goPackagePath = "github.com/jroimartin/gocui";
- fetch = {
- type = "git";
- url = "https://github.com/jroimartin/gocui";
- rev = "c055c87ae801372cd74a0839b972db4f7697ae5f";
- sha256 = "1b1cbjg925l1c5v3ls8amni9716190yzf847cqs9wjnj82z8qa47";
- };
- }
- {
- goPackagePath = "github.com/justincampbell/timeago";
- fetch = {
- type = "git";
- url = "https://github.com/justincampbell/timeago";
- rev = "027f40306f1dbe89d24087611680ef95543bf876";
- sha256 = "1p3va1cn9x5pyvq7k64mnvbxp5zy7h9z49syjyglixgg6avdbp1v";
- };
- }
- {
- goPackagePath = "github.com/kelseyhightower/envconfig";
- fetch = {
- type = "git";
- url = "https://github.com/kelseyhightower/envconfig";
- rev = "0b417c4ec4a8a82eecc22a1459a504aa55163d61";
- sha256 = "1a7b35njpqz94gbd7wvsl3wjzpd5y1fj1lrg2sdh00yq0nax1qj9";
- };
- }
- {
- goPackagePath = "github.com/mattn/go-runewidth";
- fetch = {
- type = "git";
- url = "https://github.com/mattn/go-runewidth";
- rev = "14e809f6d78fcf9f48ff9b70981472b64c05f754";
- sha256 = "1mvlxcdwr0vwp8b2wqs6y7hk72y28sqh03dz5x0xkg48d4y9cplj";
- };
- }
- {
- goPackagePath = "github.com/nsf/termbox-go";
- fetch = {
- type = "git";
- url = "https://github.com/nsf/termbox-go";
- rev = "38ba6e5628f1d70bac606cfd210b9ad1a16c3027";
- sha256 = "03xx5vbnavklsk6wykcc7qhmhvn2074sx0ql06b51vqsxwsa6zw2";
- };
- }
- {
- goPackagePath = "github.com/sahilm/fuzzy";
- fetch = {
- type = "git";
- url = "https://github.com/sahilm/fuzzy";
- rev = "d88f8cb825ddd46a2ce86b60382e11645220ee33";
- sha256 = "0nl4l02s3961p11aj1vgajfy28rqlya2z6af2xjncra59gfhqvlq";
- };
- }
- {
- goPackagePath = "github.com/waigani/diffparser";
- fetch = {
- type = "git";
- url = "https://github.com/waigani/diffparser";
- rev = "7391f219313d9175703f67561b222fd2a81bca30";
- sha256 = "0h3y3ivlghdvkyqsh5lcidqdajhc9g7m1xqm73j9a0ayby0sx1ql";
- };
- }
- {
- goPackagePath = "gopkg.in/alecthomas/kingpin.v2";
- fetch = {
- type = "git";
- url = "https://gopkg.in/alecthomas/kingpin.v2";
- rev = "947dcec5ba9c011838740e680966fd7087a71d0d";
- sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r";
- };
- }
- {
- goPackagePath = "gopkg.in/libgit2/git2go.v27";
- fetch = {
- type = "git";
- url = "https://gopkg.in/libgit2/git2go.v27";
- rev = "6cc7d3dc6aec2781fe0239315da215f49c76e2f8";
- sha256 = "0b2m4rjadngyd675bi1k21pyi9r91dsxngzd4mikacpd7yshgvaq";
- };
- }
-]
-
diff --git a/pkgs/data/themes/orchis-theme/default.nix b/pkgs/data/themes/orchis-theme/default.nix
index f019009db9f8..ef7f88e3e955 100644
--- a/pkgs/data/themes/orchis-theme/default.nix
+++ b/pkgs/data/themes/orchis-theme/default.nix
@@ -5,18 +5,28 @@
, gnome-themes-extra
, gtk-engine-murrine
, sassc
-, accentColor ? "default"
+, tweaks ? [ ] # can be "solid" "compact" "black" "primary"
}:
-stdenvNoCC.mkDerivation rec {
+let
+ validTweaks = [ "solid" "compact" "black" "primary" ];
+ unknownTweaks = lib.subtractLists validTweaks tweaks;
+in
+assert lib.assertMsg (unknownTweaks == [ ]) ''
+ You entered wrong tweaks: ${toString unknownTweaks}
+ Valid tweaks are: ${toString validTweaks}
+'';
+
+stdenvNoCC.mkDerivation
+rec {
pname = "orchis-theme";
- version = "2021-06-25";
+ version = "2021-12-13";
src = fetchFromGitHub {
repo = "Orchis-theme";
owner = "vinceliuice";
rev = version;
- sha256 = "sha256-j0nsw1yR1yOckXiIMtzhC3w6kvfzxQQHgwdY6l0OuXw=";
+ sha256 = "sha256-PN2ucGMDzRv4v86X1zVIs9+GkbMWuja2WaSQLFvJYd0=";
};
nativeBuildInputs = [ gtk3 sassc ];
@@ -31,7 +41,7 @@ stdenvNoCC.mkDerivation rec {
installPhase = ''
runHook preInstall
- bash install.sh -d $out/share/themes -t ${accentColor}
+ bash install.sh -d $out/share/themes -t all ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks}
runHook postInstall
'';
diff --git a/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix b/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix
index 25f7fb93ab30..437da36a7a3b 100644
--- a/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix
+++ b/pkgs/desktops/gnome/core/gnome-shell-extensions/default.nix
@@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
pname = "gnome-shell-extensions";
- version = "41.0";
+ version = "41.1";
src = fetchurl {
url = "mirror://gnome/sources/gnome-shell-extensions/${lib.versions.major version}/${pname}-${version}.tar.xz";
- sha256 = "2E+qwUSLOPl12cGUkMWSivxcWixJ3X5/ga9pD5Rm/Gg=";
+ sha256 = "0ObyJz8I1S2SX8K7ZrR7KOXvUNG4oUAgh3xmJCPVB9M=";
};
patches = [
diff --git a/pkgs/desktops/gnome/core/gnome-shell/default.nix b/pkgs/desktops/gnome/core/gnome-shell/default.nix
index d9eeb9a8d8b1..5e03551dceca 100644
--- a/pkgs/desktops/gnome/core/gnome-shell/default.nix
+++ b/pkgs/desktops/gnome/core/gnome-shell/default.nix
@@ -66,13 +66,13 @@ let
in
stdenv.mkDerivation rec {
pname = "gnome-shell";
- version = "41.1";
+ version = "41.2";
outputs = [ "out" "devdoc" ];
src = fetchurl {
url = "mirror://gnome/sources/gnome-shell/${lib.versions.major version}/${pname}-${version}.tar.xz";
- sha256 = "X3QkVt/gBgXA8JCjcoymJ5e8SeUK+FK71yhdoaBRf/Y=";
+ sha256 = "OEZR6wUTk9ur4AbRrQV78p1c1z67h7x3n/Xhwx6AqCc=";
};
patches = [
diff --git a/pkgs/desktops/gnome/core/mutter/default.nix b/pkgs/desktops/gnome/core/mutter/default.nix
index 678744f037c6..17145ccadfe4 100644
--- a/pkgs/desktops/gnome/core/mutter/default.nix
+++ b/pkgs/desktops/gnome/core/mutter/default.nix
@@ -46,13 +46,13 @@
let self = stdenv.mkDerivation rec {
pname = "mutter";
- version = "41.1";
+ version = "41.2";
outputs = [ "out" "dev" "man" ];
src = fetchurl {
url = "mirror://gnome/sources/mutter/${lib.versions.major version}/${pname}-${version}.tar.xz";
- sha256 = "WOY/0LxD81E08hMTr/Suv5LIKdbfTcmaBEoeN2aR4/M=";
+ sha256 = "AN+oEvHEhtdKK3P0IEWuEYL5JGx3lNZ9dLXlQ+pwBhc=";
};
patches = [
diff --git a/pkgs/desktops/gnome/extensions/freon/default.nix b/pkgs/desktops/gnome/extensions/freon/default.nix
index 39224e6245b6..90909608052b 100644
--- a/pkgs/desktops/gnome/extensions/freon/default.nix
+++ b/pkgs/desktops/gnome/extensions/freon/default.nix
@@ -1,8 +1,20 @@
-{ lib, stdenv, fetchFromGitHub, glib }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, glib
+, substituteAll
+, hddtemp
+, liquidctl
+, lm_sensors
+, netcat-gnu
+, nvme-cli
+, procps
+, smartmontools
+}:
stdenv.mkDerivation rec {
pname = "gnome-shell-extension-freon";
- version = "44";
+ version = "45";
passthru = {
extensionUuid = "freon@UshakovVasilii_Github.yahoo.com";
@@ -13,11 +25,20 @@ stdenv.mkDerivation rec {
owner = "UshakovVasilii";
repo = "gnome-shell-extension-freon";
rev = "EGO-${version}";
- sha256 = "sha256-4DYAIC9N5id3vQe0WaOFP+MymsrPK18hbYqO4DjG+2U=";
+ sha256 = "sha256-tPb7SzHSwvz7VV+kZTmcw1eAdtL1J7FJ3BOtg4Us8jc=";
};
nativeBuildInputs = [ glib ];
+ patches = [
+ (substituteAll {
+ src = ./fix_paths.patch;
+ inherit hddtemp liquidctl lm_sensors procps smartmontools;
+ netcat = netcat-gnu;
+ nvmecli = nvme-cli;
+ })
+ ];
+
buildPhase = ''
runHook preBuild
glib-compile-schemas --strict --targetdir="freon@UshakovVasilii_Github.yahoo.com/schemas" "freon@UshakovVasilii_Github.yahoo.com/schemas"
diff --git a/pkgs/desktops/gnome/extensions/freon/fix_paths.patch b/pkgs/desktops/gnome/extensions/freon/fix_paths.patch
new file mode 100644
index 000000000000..b1be13e8ff58
--- /dev/null
+++ b/pkgs/desktops/gnome/extensions/freon/fix_paths.patch
@@ -0,0 +1,85 @@
+diff --git a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
+index e5d1d6d..856654b 100644
+--- a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
++++ b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
+@@ -7,7 +7,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
+
+ constructor() {
+ super();
+- let hddtempArgv = GLib.find_program_in_path('hddtemp');
++ let hddtempArgv = GLib.find_program_in_path('@hddtemp@/bin/hddtemp');
+ if(hddtempArgv) {
+ // check if this user can run hddtemp directly.
+ if(!GLib.spawn_command_line_sync(hddtempArgv)[3]){
+@@ -19,8 +19,8 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
+ // doesn't seem to be the case… is it running as a daemon?
+ // Check first for systemd
+ let systemctl = GLib.find_program_in_path('systemctl');
+- let pidof = GLib.find_program_in_path('pidof');
+- let nc = GLib.find_program_in_path('nc');
++ let pidof = GLib.find_program_in_path('@procps@/bin/pidof');
++ let nc = GLib.find_program_in_path('@netcat@/bin/nc');
+ let pid = undefined;
+
+ if(systemctl) {
+@@ -35,7 +35,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
+
+ // systemd isn't used on this system, try sysvinit instead
+ if(!pid && pidof) {
+- let output = GLib.spawn_command_line_sync("pidof hddtemp")[1].toString().trim();
++ let output = GLib.spawn_command_line_sync("@procps@/bin/pidof hddtemp")[1].toString().trim();
+ if(output.length)
+ pid = Number(output.trim());
+ }
+diff --git a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
+index 766bf62..7cd4e94 100644
+--- a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
++++ b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
+@@ -8,7 +8,7 @@ const commandLineUtil = Me.imports.commandLineUtil;
+ var LiquidctlUtil = class extends commandLineUtil.CommandLineUtil {
+ constructor() {
+ super();
+- const path = GLib.find_program_in_path('liquidctl');
++ const path = GLib.find_program_in_path('@liquidctl@/bin/liquidctl');
+ this._argv = path ? [path, 'status', '--json'] : null;
+ }
+
+diff --git a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
+index ae2ea93..2349b9e 100644
+--- a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
++++ b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
+@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
+ const Me = imports.misc.extensionUtils.getCurrentExtension();
+
+ function getNvmeData (argv){
+- const nvme = GLib.find_program_in_path('nvme')
++ const nvme = GLib.find_program_in_path('@nvmecli@/bin/nvme')
+ return JSON.parse(GLib.spawn_command_line_sync(`${nvme} ${argv} -o json`)[1].toString())
+ }
+
+diff --git a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
+index 62fa580..c017748 100644
+--- a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
++++ b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
+@@ -7,7 +7,7 @@ var SensorsUtil = class extends CommandLineUtil.CommandLineUtil {
+
+ constructor() {
+ super();
+- let path = GLib.find_program_in_path('sensors');
++ let path = GLib.find_program_in_path('@lm_sensors@/bin/sensors');
+ // -A: Do not show adapter -j: JSON output
+ this._argv = path ? [path, '-A', '-j'] : null;
+ }
+diff --git a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
+index 03d469b..6057a3b 100644
+--- a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
++++ b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
+@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
+ const Me = imports.misc.extensionUtils.getCurrentExtension();
+ const ByteArray = imports.byteArray;
+ function getSmartData (argv){
+- const smartctl = GLib.find_program_in_path('smartctl')
++ const smartctl = GLib.find_program_in_path('@smartmontools@/bin/smartctl')
+ return JSON.parse(ByteArray.toString( GLib.spawn_command_line_sync(`${smartctl} ${argv} -j`)[1] ))
+ }
+
diff --git a/pkgs/development/compilers/koka/default.nix b/pkgs/development/compilers/koka/default.nix
index 9e4e446b1231..51d0a9ed7b90 100644
--- a/pkgs/development/compilers/koka/default.nix
+++ b/pkgs/development/compilers/koka/default.nix
@@ -4,12 +4,12 @@
, parsec, process, regex-compat, text, time }:
let
- version = "2.3.2";
+ version = "2.3.6";
src = fetchFromGitHub {
owner = "koka-lang";
repo = "koka";
rev = "v${version}";
- sha256 = "sha256-+w99Jvsd1tccUUYaP2TRgCNyGnMINWamuNRumHGzFWA=";
+ sha256 = "sha256-AibS/HudJKFQZlTxGD5LfwjBawIy1xwO2Hm8qzAUP2M=";
fetchSubmodules = true;
};
kklib = stdenv.mkDerivation {
diff --git a/pkgs/development/libraries/agda/cubical/default.nix b/pkgs/development/libraries/agda/cubical/default.nix
index 8e654444dd6a..4cbbf5305094 100644
--- a/pkgs/development/libraries/agda/cubical/default.nix
+++ b/pkgs/development/libraries/agda/cubical/default.nix
@@ -2,13 +2,13 @@
mkDerivation rec {
pname = "cubical";
- version = "0.3pred5030a9";
+ version = "0.4prec3e097a";
src = fetchFromGitHub {
repo = pname;
owner = "agda";
- rev = "d5030a9c89070255fc575add4e9f37b97e6a0c0c";
- sha256 = "18achbxap4ikydigmz3m3xjfn3i9dw4rn8yih82vrlc01j02nqpi";
+ rev = "c3e097a98c84083550fa31101346bd42a0501add";
+ sha256 = "101cni2a9xvia1mglb94z61jm8xk9r5kc1sn44cri0qsmk1zbqxs";
};
LC_ALL = "en_US.UTF-8";
diff --git a/pkgs/development/libraries/jemalloc/common.nix b/pkgs/development/libraries/jemalloc/common.nix
index d5fe07b00f2a..5abde13a2e6e 100644
--- a/pkgs/development/libraries/jemalloc/common.nix
+++ b/pkgs/development/libraries/jemalloc/common.nix
@@ -1,5 +1,6 @@
{ version, sha256 }:
{ lib, stdenv, fetchurl
+, fetchpatch
# By default, jemalloc puts a je_ prefix onto all its symbols on OSX, which
# then stops downstream builds (mariadb in particular) from detecting it. This
# option should remove the prefix and give us a working jemalloc.
@@ -20,6 +21,14 @@ stdenv.mkDerivation rec {
inherit sha256;
};
+ patches = [
+ # workaround https://github.com/jemalloc/jemalloc/issues/2091
+ (fetchpatch {
+ url = "https://github.com/jemalloc/jemalloc/commit/3b4a03b92b2e415415a08f0150fdb9eeb659cd52.diff";
+ sha256 = "sha256-6AYtADREhfj93ZLk9xnXtjc6vHDU0EKLLOvLd6YdJeI=";
+ })
+ ];
+
# see the comment on stripPrefix
configureFlags = []
++ optional stripPrefix "--with-jemalloc-prefix="
diff --git a/pkgs/development/python-modules/msoffcrypto-tool/default.nix b/pkgs/development/python-modules/msoffcrypto-tool/default.nix
new file mode 100644
index 000000000000..4f3dbc60d18a
--- /dev/null
+++ b/pkgs/development/python-modules/msoffcrypto-tool/default.nix
@@ -0,0 +1,55 @@
+{ lib
+, olefile
+, buildPythonPackage
+, fetchFromGitHub
+, poetry-core
+, cryptography
+, pytestCheckHook
+, pythonOlder
+, setuptools
+}:
+
+buildPythonPackage rec {
+ pname = "msoffcrypto-tool";
+ version = "4.12.0";
+ format = "pyproject";
+
+ disabled = pythonOlder "3.7";
+
+ src = fetchFromGitHub {
+ owner = "nolze";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-EBEwldh2Ct/4oxnAF1hWeW/uRrVsCYEi0cJaZubofFk=";
+ };
+
+ nativeBuildInputs = [
+ poetry-core
+ ];
+
+ propagatedBuildInputs = [
+ cryptography
+ olefile
+ setuptools
+ ];
+
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ disabledTests = [
+ # Test fails with AssertionError
+ "test_cli"
+ ];
+
+ pythonImportsCheck = [
+ "msoffcrypto"
+ ];
+
+ meta = with lib; {
+ description = "Python tool and library for decrypting MS Office files with passwords or other keys";
+ homepage = "https://github.com/nolze/msoffcrypto-tool";
+ license = with licenses; [ mit ];
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/oletools/default.nix b/pkgs/development/python-modules/oletools/default.nix
new file mode 100644
index 000000000000..54c5c6c165b2
--- /dev/null
+++ b/pkgs/development/python-modules/oletools/default.nix
@@ -0,0 +1,57 @@
+{ lib
+, buildPythonPackage
+, colorclass
+, easygui
+, fetchFromGitHub
+, msoffcrypto-tool
+, olefile
+, pcodedmp
+, pyparsing
+, pytestCheckHook
+, pythonOlder
+, setuptools
+}:
+
+buildPythonPackage rec {
+ pname = "oletools";
+ version = "0.60";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.8";
+
+ src = fetchFromGitHub {
+ owner = "decalage2";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-gatUVkf8iT1OGnahX1BzQLDypCqhS1EvkAgUHJ6myA4=";
+ };
+
+ propagatedBuildInputs = [
+ colorclass
+ easygui
+ msoffcrypto-tool
+ olefile
+ pcodedmp
+ pyparsing
+ ];
+
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ disabledTests = [
+ # Test fails with AssertionError: Tuples differ: ('MS Word 2007+...
+ "test_all"
+ ];
+
+ pythonImportsCheck = [
+ "oletools"
+ ];
+
+ meta = with lib; {
+ description = "Python tool to analyze MS OLE2 files and MS Office documents";
+ homepage = "https://github.com/decalage2/oletools";
+ license = with licenses; [ bsd2 /* and */ mit ];
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/pcodedmp/default.nix b/pkgs/development/python-modules/pcodedmp/default.nix
new file mode 100644
index 000000000000..84f230f5852f
--- /dev/null
+++ b/pkgs/development/python-modules/pcodedmp/default.nix
@@ -0,0 +1,41 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, pytestCheckHook
+, pythonOlder
+}:
+
+buildPythonPackage rec {
+ pname = "pcodedmp";
+ version = "1.2.6";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.8";
+
+ src = fetchFromGitHub {
+ owner = "bontchev";
+ repo = pname;
+ rev = version;
+ sha256 = "sha256-SYOFGMvrzxDPMACaCvqwU28Mh9LEuvFBGvAph4X+geo=";
+ };
+
+ postPatch = ''
+ # Circular dependency
+ substituteInPlace setup.py \
+ --replace "'oletools>=0.54'," ""
+ '';
+
+ # Module doesn't have tests
+ doCheck = false;
+
+ pythonImportsCheck = [
+ "pcodedmp"
+ ];
+
+ meta = with lib; {
+ description = "Python VBA p-code disassembler";
+ homepage = "https://github.com/bontchev/pcodedmp";
+ license = with licenses; [ gpl3Only ];
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/python-http-client/default.nix b/pkgs/development/python-modules/python-http-client/default.nix
index b69c478ef27d..db79870ad591 100644
--- a/pkgs/development/python-modules/python-http-client/default.nix
+++ b/pkgs/development/python-modules/python-http-client/default.nix
@@ -7,13 +7,14 @@
buildPythonPackage rec {
pname = "python_http_client";
- version = "3.3.3";
+ version = "3.3.4";
+ format = "setuptools";
src = fetchFromGitHub {
owner = "sendgrid";
repo = "python-http-client";
rev = version;
- sha256 = "sha256-cZqyu67xP0UIKYbhYYTNL5kLiPjjMjayde75sqkHZhg=";
+ sha256 = "sha256-wTXHq+tC+rfvmDZIWvcGhQZqm6DxOmx50BsX0c6asec=";
};
checkInputs = [
@@ -21,9 +22,9 @@ buildPythonPackage rec {
pytestCheckHook
];
- # Failure was fixed by https://github.com/sendgrid/python-http-client/commit/6d62911ab0d0645b499e14bb17c302b48f3c10e4
- disabledTests = [ "test__daterange" ];
- pythonImportsCheck = [ "python_http_client" ];
+ pythonImportsCheck = [
+ "python_http_client"
+ ];
meta = with lib; {
description = "Python HTTP library to call APIs";
diff --git a/pkgs/development/tools/rust/cargo-feature/default.nix b/pkgs/development/tools/rust/cargo-feature/default.nix
index facbf0299a52..938dfab2982e 100644
--- a/pkgs/development/tools/rust/cargo-feature/default.nix
+++ b/pkgs/development/tools/rust/cargo-feature/default.nix
@@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-feature";
- version = "0.5.5";
+ version = "0.6.0";
src = fetchFromGitHub {
owner = "Riey";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-0Ski+LytE636HHduisYJJq3khRsaJJ4YhpmaU5On348=";
+ sha256 = "sha256-9TP67YtvRtgLtsKACL5xjXq5kZtYpTWsTqQsbOKPwtY=";
};
- cargoSha256 = "sha256-PA/s/BrqUftdGc5Lvd0glL9Dr8GLX9pYMq6WRRUQwEk=";
+ cargoSha256 = "sha256-MkLsQebQdqfUuARIdQZg47kMPudstJUgRQgUuovoLes=";
buildInputs = lib.optional stdenv.isDarwin libiconv;
diff --git a/pkgs/development/tools/vultr-cli/default.nix b/pkgs/development/tools/vultr-cli/default.nix
index 0a4ebdb97014..253189c648a3 100644
--- a/pkgs/development/tools/vultr-cli/default.nix
+++ b/pkgs/development/tools/vultr-cli/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "vultr-cli";
- version = "2.9.0";
+ version = "2.11.2";
src = fetchFromGitHub {
owner = "vultr";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-xgp+hNNStyakfS8h72CqRTeJVTgA4p4CkoCoTFmFRyI=";
+ sha256 = "sha256-v5RbStmQX7D+i+oyekilLPsl6lta5rkJV4Uf0mjIF8Y=";
};
vendorSha256 = null;
diff --git a/pkgs/os-specific/linux/sgx/psw/default.nix b/pkgs/os-specific/linux/sgx/psw/default.nix
new file mode 100644
index 000000000000..e449c99b0776
--- /dev/null
+++ b/pkgs/os-specific/linux/sgx/psw/default.nix
@@ -0,0 +1,190 @@
+{ stdenv
+, lib
+, fetchurl
+, cmake
+, coreutils
+, curl
+, file
+, glibc
+, makeWrapper
+, nixosTests
+, protobuf
+, python3
+, sgx-sdk
+, shadow
+, systemd
+, util-linux
+, which
+, debug ? false
+}:
+stdenv.mkDerivation rec {
+ inherit (sgx-sdk) version versionTag src;
+ pname = "sgx-psw";
+
+ postUnpack =
+ let
+ ae.prebuilt = fetchurl {
+ url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
+ hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
+ };
+ dcap = rec {
+ version = "1.11";
+ filename = "prebuilt_dcap_${version}.tar.gz";
+ prebuilt = fetchurl {
+ url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
+ hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
+ };
+ };
+ in
+ sgx-sdk.postUnpack + ''
+ # Make sure we use the correct version of prebuilt DCAP
+ grep -q 'ae_file_name=${dcap.filename}' "$src/external/dcap_source/QuoteGeneration/download_prebuilt.sh" \
+ || (echo "Could not find expected prebuilt DCAP ${dcap.filename} in linux-sgx source" >&2 && exit 1)
+
+ tar -zxf ${ae.prebuilt} -C $sourceRoot/
+ tar -zxf ${dcap.prebuilt} -C $sourceRoot/external/dcap_source/QuoteGeneration/
+ '';
+
+ nativeBuildInputs = [
+ cmake
+ file
+ makeWrapper
+ python3
+ sgx-sdk
+ which
+ ];
+
+ buildInputs = [
+ curl
+ protobuf
+ ];
+
+ hardeningDisable = lib.optionals debug [
+ "fortify"
+ ];
+
+ postPatch = ''
+ # https://github.com/intel/linux-sgx/pull/730
+ substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
+ substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \
+ --replace '/usr/bin/getconf' 'getconf'
+
+ # https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/205
+ substituteInPlace ./external/dcap_source/QuoteGeneration/buildenv.mk \
+ --replace '/bin/cp' 'cp'
+ substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/Makefile \
+ --replace '/bin/cp' 'cp'
+ substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/buildenv.mk \
+ --replace '/bin/cp' 'cp'
+
+ patchShebangs \
+ linux/installer/bin/build-installpkg.sh \
+ linux/installer/common/psw/createTarball.sh \
+ linux/installer/common/psw/install.sh
+ '';
+
+ dontUseCmakeConfigure = true;
+
+ # Randomly fails if enabled
+ enableParallelBuilding = false;
+
+ buildFlags = [
+ "psw_install_pkg"
+ ] ++ lib.optionals debug [
+ "DEBUG=1"
+ ];
+
+ installFlags = [
+ "-C linux/installer/common/psw/output"
+ "DESTDIR=$(TMPDIR)/install"
+ ];
+
+ postInstall = ''
+ installDir=$TMPDIR/install
+ sgxPswDir=$installDir/opt/intel/sgxpsw
+
+ mv $installDir/usr/lib64/ $out/lib/
+ ln -sr $out/lib $out/lib64
+
+ # Install udev rules to lib/udev/rules.d
+ mv $sgxPswDir/udev/ $out/lib/
+
+ # Install example AESM config
+ mkdir $out/etc/
+ mv $sgxPswDir/aesm/conf/aesmd.conf $out/etc/
+ rmdir $sgxPswDir/aesm/conf/
+
+ # Delete init service
+ rm $sgxPswDir/aesm/aesmd.conf
+
+ # Move systemd services
+ mkdir -p $out/lib/systemd/system/
+ mv $sgxPswDir/aesm/aesmd.service $out/lib/systemd/system/
+ mv $sgxPswDir/remount-dev-exec.service $out/lib/systemd/system/
+
+ # Move misc files
+ mkdir $out/share/
+ mv $sgxPswDir/licenses $out/share/
+
+ # Remove unnecessary files
+ rm $sgxPswDir/{cleanup.sh,startup.sh}
+ rm -r $sgxPswDir/scripts
+
+ mv $sgxPswDir/aesm/ $out/
+
+ mkdir $out/bin
+ makeWrapper $out/aesm/aesm_service $out/bin/aesm_service \
+ --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ protobuf ]}:$out/aesm \
+ --run "cd $out/aesm"
+
+ # Make sure we didn't forget to handle any files
+ rmdir $sgxPswDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1)
+ '';
+
+ # Most—if not all—of those fixups are not relevant for NixOS as we have our own
+ # NixOS module which is based on those files without relying on them. Still, it
+ # is helpful to have properly patched versions for non-NixOS distributions.
+ postFixup = ''
+ header "Fixing aesmd.service"
+ substituteInPlace $out/lib/systemd/system/aesmd.service \
+ --replace '@aesm_folder@' \
+ "$out/aesm" \
+ --replace 'Type=forking' \
+ 'Type=simple' \
+ --replace "ExecStart=$out/aesm/aesm_service" \
+ "ExecStart=$out/bin/aesm_service --no-daemon"\
+ --replace "/bin/mkdir" \
+ "${coreutils}/bin/mkdir" \
+ --replace "/bin/chown" \
+ "${coreutils}/bin/chown" \
+ --replace "/bin/chmod" \
+ "${coreutils}/bin/chmod" \
+ --replace "/bin/kill" \
+ "${coreutils}/bin/kill"
+
+ header "Fixing remount-dev-exec.service"
+ substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \
+ --replace '/bin/mount' \
+ "${util-linux}/bin/mount"
+
+ header "Fixing linksgx.sh"
+ # https://github.com/intel/linux-sgx/pull/736
+ substituteInPlace $out/aesm/linksgx.sh \
+ --replace '/usr/bin/getent' \
+ '${glibc.bin}/bin/getent' \
+ --replace '/usr/sbin/usermod' \
+ '${shadow}/bin/usermod'
+ '';
+
+ passthru.tests = {
+ service = nixosTests.aesmd;
+ };
+
+ meta = with lib; {
+ description = "Intel SGX Architectural Enclave Service Manager";
+ homepage = "https://github.com/intel/linux-sgx";
+ maintainers = with maintainers; [ veehaitch citadelcore ];
+ platforms = [ "x86_64-linux" ];
+ license = with licenses; [ bsd3 ];
+ };
+}
diff --git a/pkgs/os-specific/linux/sgx-sdk/default.nix b/pkgs/os-specific/linux/sgx/sdk/default.nix
similarity index 97%
rename from pkgs/os-specific/linux/sgx-sdk/default.nix
rename to pkgs/os-specific/linux/sgx/sdk/default.nix
index cb9d140e4edd..e08511272af3 100644
--- a/pkgs/os-specific/linux/sgx-sdk/default.nix
+++ b/pkgs/os-specific/linux/sgx/sdk/default.nix
@@ -21,13 +21,13 @@
, validatePkgConfig
, writeShellScript
, writeText
+, debug ? false
}:
-with lib;
stdenv.mkDerivation rec {
pname = "sgx-sdk";
version = "2.14.100.2";
- versionTag = concatStringsSep "." (take 2 (splitVersion version));
+ versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
src = fetchFromGitHub {
owner = "intel";
@@ -140,6 +140,8 @@ stdenv.mkDerivation rec {
buildFlags = [
"sdk_install_pkg"
+ ] ++ lib.optionals debug [
+ "DEBUG=1"
];
enableParallelBuilding = true;
@@ -264,7 +266,7 @@ stdenv.mkDerivation rec {
passthru.tests = callPackage ./samples.nix { };
- meta = {
+ meta = with lib; {
description = "Intel SGX SDK for Linux built with IPP Crypto Library";
homepage = "https://github.com/intel/linux-sgx";
maintainers = with maintainers; [ sbellem arturcygan veehaitch ];
diff --git a/pkgs/os-specific/linux/sgx-sdk/ipp-crypto.nix b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
similarity index 100%
rename from pkgs/os-specific/linux/sgx-sdk/ipp-crypto.nix
rename to pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix
diff --git a/pkgs/os-specific/linux/sgx-sdk/samples.nix b/pkgs/os-specific/linux/sgx/sdk/samples.nix
similarity index 100%
rename from pkgs/os-specific/linux/sgx-sdk/samples.nix
rename to pkgs/os-specific/linux/sgx/sdk/samples.nix
diff --git a/pkgs/tools/admin/trivy/default.nix b/pkgs/tools/admin/trivy/default.nix
index 2768c16c5762..a7f57c088dab 100644
--- a/pkgs/tools/admin/trivy/default.nix
+++ b/pkgs/tools/admin/trivy/default.nix
@@ -5,16 +5,16 @@
buildGoModule rec {
pname = "trivy";
- version = "0.21.1";
+ version = "0.21.2";
src = fetchFromGitHub {
owner = "aquasecurity";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-KxGG59H5EzIcYigvbQlrwpZLP4zMqErO3vDKhBOPc3w=";
+ sha256 = "sha256-k8bjwKoAXt9XFQX7rHhdrcu3FoaU31Ra78PQHNVCfq0=";
};
- vendorSha256 = "sha256-lITzqPMsZk/G2nG4LcUdyTb3gE3rtlXET/c2UaYODvU=";
+ vendorSha256 = "sha256-rJvmY0557QOb8D1/LhN8w64ds3HwqolLmGdntS5CJPQ=";
excludedPackages = "misc";
diff --git a/pkgs/tools/audio/abcmidi/default.nix b/pkgs/tools/audio/abcmidi/default.nix
index 41805b2534d3..b929b6204a29 100644
--- a/pkgs/tools/audio/abcmidi/default.nix
+++ b/pkgs/tools/audio/abcmidi/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "abcMIDI";
- version = "2021.12.05";
+ version = "2021.12.10";
src = fetchzip {
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
- hash = "sha256-q3iyIheV7g6l2S6CSKqt9VQKa9i8xg5RKOO3JfFXuLI=";
+ hash = "sha256-Jvj7gOrIT0IXihPkPDH9n80bg4xllvPTKxIWA3wX5B0=";
};
meta = with lib; {
diff --git a/pkgs/tools/misc/zellij/default.nix b/pkgs/tools/misc/zellij/default.nix
index edb7f183e6ba..78ef8d3c29da 100644
--- a/pkgs/tools/misc/zellij/default.nix
+++ b/pkgs/tools/misc/zellij/default.nix
@@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "zellij";
- version = "0.21.0";
+ version = "0.22.0";
src = fetchFromGitHub {
owner = "zellij-org";
repo = "zellij";
rev = "v${version}";
- sha256 = "1n033qvidahpfsp4k3x30sav3asldhjlsbydb23vg0v7bxjl2c2q";
+ sha256 = "sha256-bia1q2IPrlVeSLsD/HGkWwAUW8THAuzXQR2Iw0v8TKM=";
};
- cargoSha256 = "1pjmlwx966pgri58xx2zqr84wili0bzpl9gzhjdkvcx0j1f66anb";
+ cargoSha256 = "sha256-ptM0QrrWFy9rb/CpLYuzRE48Wr429lcE9xnV8uA8mGs=";
nativeBuildInputs = [
installShellFiles
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 722ec3016792..3b4fb0cd6076 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -296,6 +296,7 @@ mapAliases ({
svn_all_fast_export = svn-all-fast-export;
topGit = top-git;
};
+ gitin = throw "gitin has been remove because it was unmaintained and depended on an insecure version of libgit2"; # added 2021-12-07
glib_networking = glib-networking; # added 2018-02-25
gmailieer = lieer; # added 2020-04-19
gmvault = throw "gmvault has been removed because it is unmaintained, mostly broken, and insecure"; # added 2021-03-08
@@ -929,7 +930,8 @@ mapAliases ({
telepathy_salut = telepathy-salut; # added 2018-02-25
telnet = inetutils; # added 2018-05-15
terminus = throw "terminus has been removed, it was unmaintained in nixpkgs"; # added 2021-08-21
- terraform_1_0_0 = terraform_1_0; # added 2021-06-15
+ terraform_1_0_0 = throw "terraform_1_0_0 has been renamed to terraform_1"; # added 2021-06-15
+ terraform_1_0 = throw "terraform_1_0 has been renamed to terraform_1"; # added 2021-12-08
terraform-provider-ibm = terraform-providers.ibm; # added 2018-09-28
terraform-provider-libvirt = terraform-providers.libvirt; # added 2018-09-28
terraform-provider-lxd = terraform-providers.lxd; # added 2020-03-16
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c2fdff664b40..7c121bbefdcf 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -373,6 +373,8 @@ with pkgs;
onesixtyone = callPackage ../tools/security/onesixtyone {};
+ oletools = with python3.pkgs; toPythonApplication oletools;
+
creddump = callPackage ../tools/security/creddump {};
credential-detector = callPackage ../tools/security/credential-detector { };
@@ -5797,8 +5799,6 @@ with pkgs;
github-runner = callPackage ../development/tools/continuous-integration/github-runner { };
- gitin = callPackage ../applications/version-management/git-and-tools/gitin { };
-
gitinspector = callPackage ../applications/version-management/gitinspector { };
gitkraken = callPackage ../applications/version-management/gitkraken { };
@@ -17193,7 +17193,11 @@ with pkgs;
jbigkit = callPackage ../development/libraries/jbigkit { };
- jemalloc = callPackage ../development/libraries/jemalloc { };
+ jemalloc = callPackage ../development/libraries/jemalloc {
+ # tests fail with LLVM 11+
+ # https://github.com/jemalloc/jemalloc/issues/2091
+ stdenv = if stdenv.cc.isClang then llvmPackages_10.stdenv else stdenv;
+ };
jemalloc450 = callPackage ../development/libraries/jemalloc/jemalloc450.nix { };
@@ -18795,6 +18799,8 @@ with pkgs;
msgpack = callPackage ../development/libraries/msgpack { };
+ msoffcrypto-tool = with python3.pkgs; toPythonApplication msoffcrypto-tool;
+
msilbc = callPackage ../development/libraries/msilbc { };
mp4v2 = callPackage ../development/libraries/mp4v2 { };
@@ -22761,7 +22767,9 @@ with pkgs;
seturgent = callPackage ../os-specific/linux/seturgent { };
- sgx-sdk = callPackage ../os-specific/linux/sgx-sdk { };
+ sgx-sdk = callPackage ../os-specific/linux/sgx/sdk { };
+
+ sgx-psw = callPackage ../os-specific/linux/sgx/psw { };
shadow = callPackage ../os-specific/linux/shadow { };
@@ -33226,11 +33234,11 @@ with pkgs;
terraform_0_13
terraform_0_14
terraform_0_15
- terraform_1_0
+ terraform_1
terraform_plugins_test
;
- terraform = terraform_1_0;
+ terraform = terraform_1;
# deprecated
terraform-full = terraform.full;
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index ed13b50fc0c0..535ab5955e17 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -5043,6 +5043,8 @@ in {
msldap = callPackage ../development/python-modules/msldap { };
+ msoffcrypto-tool = callPackage ../development/python-modules/msoffcrypto-tool { };
+
mss = callPackage ../development/python-modules/mss { };
msrestazure = callPackage ../development/python-modules/msrestazure { };
@@ -5422,6 +5424,8 @@ in {
olefile = callPackage ../development/python-modules/olefile { };
+ oletools = callPackage ../development/python-modules/oletools { };
+
omegaconf = callPackage ../development/python-modules/omegaconf { };
omnilogic = callPackage ../development/python-modules/omnilogic { };
@@ -5707,6 +5711,8 @@ in {
pc-ble-driver-py = toPythonModule (callPackage ../development/python-modules/pc-ble-driver-py { });
+ pcodedmp = callPackage ../development/python-modules/pcodedmp { };
+
pcpp = callPackage ../development/python-modules/pcpp { };
pdf2image = callPackage ../development/python-modules/pdf2image { };