Merge staging-next into staging

This commit is contained in:
github-actions[bot] 2021-12-13 18:01:54 +00:00 committed by GitHub
commit 1a2b61419f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
42 changed files with 907 additions and 221 deletions

View File

@ -496,7 +496,7 @@ runTests {
testToPretty =
let
deriv = derivation { name = "test"; builder = "/bin/sh"; system = builtins.currentSystem; };
deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
in {
expr = mapAttrs (const (generators.toPretty { multiline = false; })) rec {
int = 42;

View File

@ -19,8 +19,16 @@
</section>
<section xml:id="sec-release-22.05-new-services">
<title>New Services</title>
<itemizedlist spacing="compact">
<listitem>
<para>
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
the Intel SGX Architectural Enclave Service Manager. Available
as
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
<title>Backward Incompatibilities</title>

View File

@ -8,6 +8,8 @@ In addition to numerous new and upgraded packages, this release has the followin
## New Services {#sec-release-22.05-new-services}
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.

View File

@ -0,0 +1,47 @@
{ config, lib, ... }:
with lib;
let
cfg = config.hardware.cpu.intel.sgx.provision;
defaultGroup = "sgx_prv";
in
{
options.hardware.cpu.intel.sgx.provision = {
enable = mkEnableOption "access to the Intel SGX provisioning device";
user = mkOption {
description = "Owner to assign to the SGX provisioning device.";
type = types.str;
default = "root";
};
group = mkOption {
description = "Group to assign to the SGX provisioning device.";
type = types.str;
default = defaultGroup;
};
mode = mkOption {
description = "Mode to set for the SGX provisioning device.";
type = types.str;
default = "0660";
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = hasAttr cfg.user config.users.users;
message = "Given user does not exist";
}
{
assertion = (cfg.group == defaultGroup) || (hasAttr cfg.group config.users.groups);
message = "Given group does not exist";
}
];
users.groups = optionalAttrs (cfg.group == defaultGroup) {
"${cfg.group}" = { };
};
services.udev.extraRules = ''
SUBSYSTEM=="misc", KERNEL=="sgx_provision", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="${cfg.mode}"
'';
};
}

View File

@ -45,6 +45,7 @@
./hardware/ckb-next.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/cpu/intel-sgx.nix
./hardware/corectrl.nix
./hardware/digitalbitbox.nix
./hardware/device-tree.nix
@ -928,6 +929,7 @@
./services/search/kibana.nix
./services/search/meilisearch.nix
./services/search/solr.nix
./services/security/aesmd.nix
./services/security/certmgr.nix
./services/security/cfssl.nix
./services/security/clamav.nix

View File

@ -0,0 +1,227 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.aesmd;
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
concatStringsSep "\n" (
optional (whitelistUrl != null) "whitelist url = ${whitelistUrl}" ++
optional (proxy != null) "aesm proxy = ${proxy}" ++
optional (proxyType != null) "proxy type = ${proxyType}" ++
optional (defaultQuotingType != null) "default quoting type = ${defaultQuotingType}" ++
# Newline at end of file
[ "" ]
)
);
in
{
options.services.aesmd = {
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to build the PSW package in debug mode.";
};
settings = mkOption {
description = "AESM configuration";
default = { };
type = types.submodule {
options.whitelistUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin";
description = "URL to retrieve authorized Intel SGX enclave signers.";
};
options.proxy = mkOption {
type = with types; nullOr str;
default = null;
example = "http://proxy_url:1234";
description = "HTTP network proxy.";
};
options.proxyType = mkOption {
type = with types; nullOr (enum [ "default" "direct" "manual" ]);
default = if (cfg.settings.proxy != null) then "manual" else null;
example = "default";
description = ''
Type of proxy to use. The <literal>default</literal> uses the system's default proxy.
If <literal>direct</literal> is given, uses no proxy.
A value of <literal>manual</literal> uses the proxy from
<option>services.aesmd.settings.proxy</option>.
'';
};
options.defaultQuotingType = mkOption {
type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]);
default = null;
example = "ecdsa_256";
description = "Attestation quote type.";
};
};
};
};
config = mkIf cfg.enable {
assertions = [{
assertion = !(config.boot.specialFileSystems."/dev".options ? "noexec");
message = "SGX requires exec permission for /dev";
}];
hardware.cpu.intel.sgx.provision.enable = true;
systemd.services.aesmd =
let
storeAesmFolder = "${sgx-psw}/aesm";
# Hardcoded path AESM_DATA_FOLDER in psw/ae/aesm_service/source/oal/linux/aesm_util.cpp
aesmDataFolder = "/var/opt/aesmd/data";
aesmStateDirSystemd = "%S/aesmd";
in
{
description = "Intel Architectural Enclave Service Manager";
wantedBy = [ "multi-user.target" ];
after = [
"auditd.service"
"network.target"
"syslog.target"
];
environment = {
NAME = "aesm_service";
AESM_PATH = storeAesmFolder;
LD_LIBRARY_PATH = storeAesmFolder;
};
# Make sure any of the SGX application enclave devices is available
unitConfig.AssertPathExists = [
# legacy out-of-tree driver
"|/dev/isgx"
# DCAP driver
"|/dev/sgx/enclave"
# in-tree driver
"|/dev/sgx_enclave"
];
serviceConfig = rec {
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
set -euo pipefail
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
if [[ ! -f "$whiteListFile" ]]; then
${pkgs.coreutils}/bin/install -m 644 -D \
"${storeAesmFolder}/data/white_list_cert_to_be_verify.bin" \
"$whiteListFile"
fi
'';
ExecStart = "${sgx-psw}/bin/aesm_service --no-daemon";
ExecReload = ''${pkgs.coreutils}/bin/kill -SIGHUP "$MAINPID"'';
Restart = "on-failure";
RestartSec = "15s";
DynamicUser = true;
Group = "sgx";
SupplementaryGroups = [
config.hardware.cpu.intel.sgx.provision.group
];
Type = "simple";
WorkingDirectory = storeAesmFolder;
StateDirectory = "aesmd";
StateDirectoryMode = "0700";
RuntimeDirectory = "aesmd";
RuntimeDirectoryMode = "0750";
# Hardening
# chroot into the runtime directory
RootDirectory = "%t/aesmd";
BindReadOnlyPaths = [
builtins.storeDir
# Hardcoded path AESM_CONFIG_FILE in psw/ae/aesm_service/source/utils/aesm_config.cpp
"${configFile}:/etc/aesmd.conf"
];
BindPaths = [
# Hardcoded path CONFIG_SOCKET_PATH in psw/ae/aesm_service/source/core/ipc/SocketConfig.h
"%t/aesmd:/var/run/aesmd"
"%S/aesmd:/var/opt/aesmd"
];
# PrivateDevices=true will mount /dev noexec which breaks AESM
PrivateDevices = false;
DevicePolicy = "closed";
DeviceAllow = [
# legacy out-of-tree driver
"/dev/isgx rw"
# DCAP driver
"/dev/sgx rw"
# in-tree driver
"/dev/sgx_enclave rw"
"/dev/sgx_provision rw"
];
# Requires Internet access for attestation
PrivateNetwork = false;
RestrictAddressFamilies = [
# Allocates the socket /var/run/aesmd/aesm.socket
"AF_UNIX"
# Uses the HTTP protocol to initialize some services
"AF_INET"
"AF_INET6"
];
# True breaks stuff
MemoryDenyWriteExecute = false;
# needs the ipc syscall in order to run
SystemCallFilter = [
"@system-service"
"~@aio"
"~@chown"
"~@clock"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@module"
"~@mount"
"~@privileged"
"~@raw-io"
"~@reboot"
"~@resources"
"~@setuid"
"~@swap"
"~@sync"
"~@timer"
];
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
CapabilityBoundingSet = "";
KeyringMode = "private";
LockPersonality = true;
NoNewPrivileges = true;
NotifyAccess = "none";
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
UMask = "0066";
};
};
};
}

View File

@ -526,8 +526,8 @@ in {
# FIXME(@Ma27) remove as soon as nextcloud properly supports
# mariadb >=10.6.
isUnsupportedMariadb =
# All currently supported Nextcloud versions are affected.
(versionOlder cfg.package.version "23")
# All currently supported Nextcloud versions are affected (https://github.com/nextcloud/server/issues/25436).
(versionOlder cfg.package.version "24")
# This module uses mysql
&& (cfg.config.dbtype == "mysql")
# MySQL is managed via NixOS

62
nixos/tests/aesmd.nix Normal file
View File

@ -0,0 +1,62 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "aesmd";
meta = {
maintainers = with lib.maintainers; [ veehaitch ];
};
machine = { lib, ... }: {
services.aesmd = {
enable = true;
settings = {
defaultQuotingType = "ecdsa_256";
proxyType = "direct";
whitelistUrl = "http://nixos.org";
};
};
# Should have access to the AESM socket
users.users."sgxtest" = {
isNormalUser = true;
extraGroups = [ "sgx" ];
};
# Should NOT have access to the AESM socket
users.users."nosgxtest".isNormalUser = true;
# We don't have a real SGX machine in NixOS tests
systemd.services.aesmd.unitConfig.AssertPathExists = lib.mkForce [ ];
};
testScript = ''
with subtest("aesmd.service starts"):
machine.wait_for_unit("aesmd.service")
status, main_pid = machine.systemctl("show --property MainPID --value aesmd.service")
assert status == 0, "Could not get MainPID of aesmd.service"
main_pid = main_pid.strip()
with subtest("aesmd.service runtime directory permissions"):
runtime_dir = "/run/aesmd";
res = machine.succeed(f"stat -c '%a %U %G' {runtime_dir}").strip()
assert "750 aesmd sgx" == res, f"{runtime_dir} does not have the expected permissions: {res}"
with subtest("aesm.socket available on host"):
socket_path = "/var/run/aesmd/aesm.socket"
machine.wait_until_succeeds(f"test -S {socket_path}")
machine.succeed(f"test 777 -eq $(stat -c '%a' {socket_path})")
for op in [ "-r", "-w", "-x" ]:
machine.succeed(f"sudo -u sgxtest test {op} {socket_path}")
machine.fail(f"sudo -u nosgxtest test {op} {socket_path}")
with subtest("Copies white_list_cert_to_be_verify.bin"):
whitelist_path = "/var/opt/aesmd/data/white_list_cert_to_be_verify.bin"
whitelist_perms = machine.succeed(
f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/stat -c '%a' {whitelist_path}"
).strip()
assert "644" == whitelist_perms, f"white_list_cert_to_be_verify.bin has permissions {whitelist_perms}"
with subtest("Writes and binds aesm.conf in service namespace"):
aesmd_config = machine.succeed(f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/cat /etc/aesmd.conf")
assert aesmd_config == "whitelist url = http://nixos.org\nproxy type = direct\ndefault quoting type = ecdsa_256\n", "aesmd.conf differs"
'';
})

View File

@ -23,6 +23,7 @@ in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTest ./acme.nix {};
aesmd = handleTest ./aesmd.nix {};
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
amazon-init-shell = handleTest ./amazon-init-shell.nix {};

View File

@ -35,11 +35,11 @@ let
in
stdenv.mkDerivation rec {
pname = "bisq-desktop";
version = "1.7.5";
version = "1.8.0";
src = fetchurl {
url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
sha256 = "0mwlmya53xaps8x8c5cvk9zxy0ddijkrba8x3jp2glql34wac3ri";
sha256 = "1q6x6w8mp5ax852hlvi2p61xgckb2lpr2ml21a9mfs9421b6m8h2";
};
nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg gnutar zip xz ];

View File

@ -196,10 +196,10 @@ rec {
passthru = { inherit plugins; };
};
terraform_1_0 = mkTerraform {
version = "1.0.11";
sha256 = "0k05s4zm16vksq21f1q00y2lzfgi5fhs1ygydm8jk0srs9x8ask7";
vendorSha256 = "1brgghl7fb26va4adix443rl1dkjaqrr4jkknxjkcaps0knqp172";
terraform_1 = mkTerraform {
version = "1.1.0";
sha256 = "sha256-nnYMoQitqFbOjI8twDh9hWDb1qxMNNVy6wldxkyDKY0=";
vendorSha256 = "sha256-inPNvNUcil9X0VQ/pVgZdnnmn9UCfEz7qXiuKDj8RYM=";
patches = [ ./provider-path-0_15.patch ];
passthru = { inherit plugins; };
};
@ -213,7 +213,7 @@ rec {
mainTf = writeText "main.tf" ''
resource "random_id" "test" {}
'';
terraform = terraform_1_0.withPlugins (p: [ p.random ]);
terraform = terraform_1.withPlugins (p: [ p.random ]);
test =
runCommand "terraform-plugin-test" { buildInputs = [ terraform ]; } ''
set -e

View File

@ -2,7 +2,7 @@
"name": "element-desktop",
"productName": "Element",
"main": "lib/electron-main.js",
"version": "1.9.6",
"version": "1.9.7",
"description": "A feature-rich client for Matrix.org",
"author": "Element",
"repository": {
@ -83,7 +83,7 @@
},
"build": {
"appId": "im.riot.app",
"electronVersion": "13.5.1",
"electronVersion": "13.5.2",
"files": [
"package.json",
{

View File

@ -1,6 +1,6 @@
{
"version": "1.9.6",
"desktopSrcHash": "AJLKp9VbNF0XvcQe6t0/pw1hiVCgRiRb27KJooQ2NlQ=",
"desktopYarnHash": "1xa8vrqj3g3hfhzrk8m7yr57my9ipyyhw8vsx4m86v8i1iqrpmnm",
"webHash": "161w6i122i81jyb23mpxlf7k5wx2v4c6ai2liywn89q74hj3axr5"
"version": "1.9.7",
"desktopSrcHash": "bUzIIPNVgK2whQJoEZOaoa+jsJx4No+xji6hXK6wxFY=",
"desktopYarnHash": "1n9dqpvq31k94mx5s1dgqavaxdd0jrzcwdx106c5dnq6xnxs941p",
"webHash": "1fx1nznqbwvs84kpc239ms9kpzy9p72hrz3qqbzay8p9x4gc1ws3"
}

View File

@ -49,6 +49,9 @@ stdenv.mkDerivation rec {
++ optional pythonBindings "--python --pypkgdir=$out/${python.sitePackages}"
) + "\n" + "cd build";
# ../src/ast/ast.h:183:39: error: 'get<int, int, ast *, symbol, zstring *, rational *, double, unsigned int>' is unavailable: introduced in macOS 10.13
NIX_CFLAGS_COMPILE = lib.optional (stdenv.hostPlatform.system == "x86_64-darwin") "-D_LIBCPP_DISABLE_AVAILABILITY";
postInstall = ''
mkdir -p $dev $lib
mv $out/lib $lib/lib

View File

@ -2,17 +2,17 @@
, libiconv, Security }:
rustPlatform.buildRustPackage rec {
version = "0.6.1";
version = "0.6.2";
pname = "rink";
src = fetchFromGitHub {
owner = "tiffany352";
repo = "rink-rs";
rev = "v${version}";
sha256 = "1h93xlavcjvx588q8wkpbzph88yjjhhvzcfxr5nicdca0jnha5ch";
sha256 = "sha256-l2Rj15zaJm94EHwvOssfvYQNOoWj45Nq9M85n+A0vo4=";
};
cargoSha256 = "0x4rvfnw3gl2aj6i006nkk3y1f8skyv8g0ss3z2v6qj9nhs7pyir";
cargoSha256 = "sha256-GhuvwVkDRFjC6BghaNMFZZG9hResTN1u0AuvIXlFmig=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ ncurses ]

View File

@ -1,32 +0,0 @@
{ lib
, buildGoPackage
, fetchFromGitHub
, pkg-config
, libgit2_0_27
}:
buildGoPackage rec {
version = "0.2.3";
pname = "gitin";
goPackagePath = "github.com/isacikgoz/gitin";
src = fetchFromGitHub {
owner = "isacikgoz";
repo = "gitin";
rev = "v${version}";
sha256 = "00z6i0bjk3hdxbc0cy12ss75b41yvzyl5pm6rdrvsjhzavry2fa3";
};
goDeps = ./deps.nix;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libgit2_0_27 ];
meta = with lib; {
homepage = "https://github.com/isacikgoz/gitin";
description = "Text-based user interface for git";
license = licenses.bsd3;
maintainers = with maintainers; [ kimat ];
};
}

View File

@ -1,121 +0,0 @@
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
[
{
goPackagePath = "github.com/alecthomas/template";
fetch = {
type = "git";
url = "https://github.com/alecthomas/template";
rev = "fb15b899a75114aa79cc930e33c46b577cc664b1";
sha256 = "1vlasv4dgycydh5wx6jdcvz40zdv90zz1h7836z7lhsi2ymvii26";
};
}
{
goPackagePath = "github.com/alecthomas/units";
fetch = {
type = "git";
url = "https://github.com/alecthomas/units";
rev = "f65c72e2690dc4b403c8bd637baf4611cd4c069b";
sha256 = "04jyqm7m3m01ppfy1f9xk4qvrwvs78q9zml6llyf2b3v5k6b2bbc";
};
}
{
goPackagePath = "github.com/fatih/color";
fetch = {
type = "git";
url = "https://github.com/fatih/color";
rev = "daf2830f2741ebb735b21709a520c5f37d642d85";
sha256 = "086z8ssmr1fn9ba4mqnw7pnccfpys6l5yfhvycv1gdrsk7n27mvs";
};
}
{
goPackagePath = "github.com/isacikgoz/gia";
fetch = {
type = "git";
url = "https://github.com/isacikgoz/gia";
rev = "00556493579ec25f4e199b85ee1e2a73c98d15bb";
sha256 = "16nqi4z1pgybcw05wbp3qnbbq407smcr56hq7npnhkirngc5j822";
};
}
{
goPackagePath = "github.com/jroimartin/gocui";
fetch = {
type = "git";
url = "https://github.com/jroimartin/gocui";
rev = "c055c87ae801372cd74a0839b972db4f7697ae5f";
sha256 = "1b1cbjg925l1c5v3ls8amni9716190yzf847cqs9wjnj82z8qa47";
};
}
{
goPackagePath = "github.com/justincampbell/timeago";
fetch = {
type = "git";
url = "https://github.com/justincampbell/timeago";
rev = "027f40306f1dbe89d24087611680ef95543bf876";
sha256 = "1p3va1cn9x5pyvq7k64mnvbxp5zy7h9z49syjyglixgg6avdbp1v";
};
}
{
goPackagePath = "github.com/kelseyhightower/envconfig";
fetch = {
type = "git";
url = "https://github.com/kelseyhightower/envconfig";
rev = "0b417c4ec4a8a82eecc22a1459a504aa55163d61";
sha256 = "1a7b35njpqz94gbd7wvsl3wjzpd5y1fj1lrg2sdh00yq0nax1qj9";
};
}
{
goPackagePath = "github.com/mattn/go-runewidth";
fetch = {
type = "git";
url = "https://github.com/mattn/go-runewidth";
rev = "14e809f6d78fcf9f48ff9b70981472b64c05f754";
sha256 = "1mvlxcdwr0vwp8b2wqs6y7hk72y28sqh03dz5x0xkg48d4y9cplj";
};
}
{
goPackagePath = "github.com/nsf/termbox-go";
fetch = {
type = "git";
url = "https://github.com/nsf/termbox-go";
rev = "38ba6e5628f1d70bac606cfd210b9ad1a16c3027";
sha256 = "03xx5vbnavklsk6wykcc7qhmhvn2074sx0ql06b51vqsxwsa6zw2";
};
}
{
goPackagePath = "github.com/sahilm/fuzzy";
fetch = {
type = "git";
url = "https://github.com/sahilm/fuzzy";
rev = "d88f8cb825ddd46a2ce86b60382e11645220ee33";
sha256 = "0nl4l02s3961p11aj1vgajfy28rqlya2z6af2xjncra59gfhqvlq";
};
}
{
goPackagePath = "github.com/waigani/diffparser";
fetch = {
type = "git";
url = "https://github.com/waigani/diffparser";
rev = "7391f219313d9175703f67561b222fd2a81bca30";
sha256 = "0h3y3ivlghdvkyqsh5lcidqdajhc9g7m1xqm73j9a0ayby0sx1ql";
};
}
{
goPackagePath = "gopkg.in/alecthomas/kingpin.v2";
fetch = {
type = "git";
url = "https://gopkg.in/alecthomas/kingpin.v2";
rev = "947dcec5ba9c011838740e680966fd7087a71d0d";
sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r";
};
}
{
goPackagePath = "gopkg.in/libgit2/git2go.v27";
fetch = {
type = "git";
url = "https://gopkg.in/libgit2/git2go.v27";
rev = "6cc7d3dc6aec2781fe0239315da215f49c76e2f8";
sha256 = "0b2m4rjadngyd675bi1k21pyi9r91dsxngzd4mikacpd7yshgvaq";
};
}
]

View File

@ -5,18 +5,28 @@
, gnome-themes-extra
, gtk-engine-murrine
, sassc
, accentColor ? "default"
, tweaks ? [ ] # can be "solid" "compact" "black" "primary"
}:
stdenvNoCC.mkDerivation rec {
let
validTweaks = [ "solid" "compact" "black" "primary" ];
unknownTweaks = lib.subtractLists validTweaks tweaks;
in
assert lib.assertMsg (unknownTweaks == [ ]) ''
You entered wrong tweaks: ${toString unknownTweaks}
Valid tweaks are: ${toString validTweaks}
'';
stdenvNoCC.mkDerivation
rec {
pname = "orchis-theme";
version = "2021-06-25";
version = "2021-12-13";
src = fetchFromGitHub {
repo = "Orchis-theme";
owner = "vinceliuice";
rev = version;
sha256 = "sha256-j0nsw1yR1yOckXiIMtzhC3w6kvfzxQQHgwdY6l0OuXw=";
sha256 = "sha256-PN2ucGMDzRv4v86X1zVIs9+GkbMWuja2WaSQLFvJYd0=";
};
nativeBuildInputs = [ gtk3 sassc ];
@ -31,7 +41,7 @@ stdenvNoCC.mkDerivation rec {
installPhase = ''
runHook preInstall
bash install.sh -d $out/share/themes -t ${accentColor}
bash install.sh -d $out/share/themes -t all ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks}
runHook postInstall
'';

View File

@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
pname = "gnome-shell-extensions";
version = "41.0";
version = "41.1";
src = fetchurl {
url = "mirror://gnome/sources/gnome-shell-extensions/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "2E+qwUSLOPl12cGUkMWSivxcWixJ3X5/ga9pD5Rm/Gg=";
sha256 = "0ObyJz8I1S2SX8K7ZrR7KOXvUNG4oUAgh3xmJCPVB9M=";
};
patches = [

View File

@ -66,13 +66,13 @@ let
in
stdenv.mkDerivation rec {
pname = "gnome-shell";
version = "41.1";
version = "41.2";
outputs = [ "out" "devdoc" ];
src = fetchurl {
url = "mirror://gnome/sources/gnome-shell/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "X3QkVt/gBgXA8JCjcoymJ5e8SeUK+FK71yhdoaBRf/Y=";
sha256 = "OEZR6wUTk9ur4AbRrQV78p1c1z67h7x3n/Xhwx6AqCc=";
};
patches = [

View File

@ -46,13 +46,13 @@
let self = stdenv.mkDerivation rec {
pname = "mutter";
version = "41.1";
version = "41.2";
outputs = [ "out" "dev" "man" ];
src = fetchurl {
url = "mirror://gnome/sources/mutter/${lib.versions.major version}/${pname}-${version}.tar.xz";
sha256 = "WOY/0LxD81E08hMTr/Suv5LIKdbfTcmaBEoeN2aR4/M=";
sha256 = "AN+oEvHEhtdKK3P0IEWuEYL5JGx3lNZ9dLXlQ+pwBhc=";
};
patches = [

View File

@ -1,8 +1,20 @@
{ lib, stdenv, fetchFromGitHub, glib }:
{ lib
, stdenv
, fetchFromGitHub
, glib
, substituteAll
, hddtemp
, liquidctl
, lm_sensors
, netcat-gnu
, nvme-cli
, procps
, smartmontools
}:
stdenv.mkDerivation rec {
pname = "gnome-shell-extension-freon";
version = "44";
version = "45";
passthru = {
extensionUuid = "freon@UshakovVasilii_Github.yahoo.com";
@ -13,11 +25,20 @@ stdenv.mkDerivation rec {
owner = "UshakovVasilii";
repo = "gnome-shell-extension-freon";
rev = "EGO-${version}";
sha256 = "sha256-4DYAIC9N5id3vQe0WaOFP+MymsrPK18hbYqO4DjG+2U=";
sha256 = "sha256-tPb7SzHSwvz7VV+kZTmcw1eAdtL1J7FJ3BOtg4Us8jc=";
};
nativeBuildInputs = [ glib ];
patches = [
(substituteAll {
src = ./fix_paths.patch;
inherit hddtemp liquidctl lm_sensors procps smartmontools;
netcat = netcat-gnu;
nvmecli = nvme-cli;
})
];
buildPhase = ''
runHook preBuild
glib-compile-schemas --strict --targetdir="freon@UshakovVasilii_Github.yahoo.com/schemas" "freon@UshakovVasilii_Github.yahoo.com/schemas"

View File

@ -0,0 +1,85 @@
diff --git a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
index e5d1d6d..856654b 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
@@ -7,7 +7,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
constructor() {
super();
- let hddtempArgv = GLib.find_program_in_path('hddtemp');
+ let hddtempArgv = GLib.find_program_in_path('@hddtemp@/bin/hddtemp');
if(hddtempArgv) {
// check if this user can run hddtemp directly.
if(!GLib.spawn_command_line_sync(hddtempArgv)[3]){
@@ -19,8 +19,8 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
// doesn't seem to be the case… is it running as a daemon?
// Check first for systemd
let systemctl = GLib.find_program_in_path('systemctl');
- let pidof = GLib.find_program_in_path('pidof');
- let nc = GLib.find_program_in_path('nc');
+ let pidof = GLib.find_program_in_path('@procps@/bin/pidof');
+ let nc = GLib.find_program_in_path('@netcat@/bin/nc');
let pid = undefined;
if(systemctl) {
@@ -35,7 +35,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
// systemd isn't used on this system, try sysvinit instead
if(!pid && pidof) {
- let output = GLib.spawn_command_line_sync("pidof hddtemp")[1].toString().trim();
+ let output = GLib.spawn_command_line_sync("@procps@/bin/pidof hddtemp")[1].toString().trim();
if(output.length)
pid = Number(output.trim());
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
index 766bf62..7cd4e94 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
@@ -8,7 +8,7 @@ const commandLineUtil = Me.imports.commandLineUtil;
var LiquidctlUtil = class extends commandLineUtil.CommandLineUtil {
constructor() {
super();
- const path = GLib.find_program_in_path('liquidctl');
+ const path = GLib.find_program_in_path('@liquidctl@/bin/liquidctl');
this._argv = path ? [path, 'status', '--json'] : null;
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
index ae2ea93..2349b9e 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
const Me = imports.misc.extensionUtils.getCurrentExtension();
function getNvmeData (argv){
- const nvme = GLib.find_program_in_path('nvme')
+ const nvme = GLib.find_program_in_path('@nvmecli@/bin/nvme')
return JSON.parse(GLib.spawn_command_line_sync(`${nvme} ${argv} -o json`)[1].toString())
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
index 62fa580..c017748 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
@@ -7,7 +7,7 @@ var SensorsUtil = class extends CommandLineUtil.CommandLineUtil {
constructor() {
super();
- let path = GLib.find_program_in_path('sensors');
+ let path = GLib.find_program_in_path('@lm_sensors@/bin/sensors');
// -A: Do not show adapter -j: JSON output
this._argv = path ? [path, '-A', '-j'] : null;
}
diff --git a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
index 03d469b..6057a3b 100644
--- a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
+++ b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
const Me = imports.misc.extensionUtils.getCurrentExtension();
const ByteArray = imports.byteArray;
function getSmartData (argv){
- const smartctl = GLib.find_program_in_path('smartctl')
+ const smartctl = GLib.find_program_in_path('@smartmontools@/bin/smartctl')
return JSON.parse(ByteArray.toString( GLib.spawn_command_line_sync(`${smartctl} ${argv} -j`)[1] ))
}

View File

@ -4,12 +4,12 @@
, parsec, process, regex-compat, text, time }:
let
version = "2.3.2";
version = "2.3.6";
src = fetchFromGitHub {
owner = "koka-lang";
repo = "koka";
rev = "v${version}";
sha256 = "sha256-+w99Jvsd1tccUUYaP2TRgCNyGnMINWamuNRumHGzFWA=";
sha256 = "sha256-AibS/HudJKFQZlTxGD5LfwjBawIy1xwO2Hm8qzAUP2M=";
fetchSubmodules = true;
};
kklib = stdenv.mkDerivation {

View File

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "cubical";
version = "0.3pred5030a9";
version = "0.4prec3e097a";
src = fetchFromGitHub {
repo = pname;
owner = "agda";
rev = "d5030a9c89070255fc575add4e9f37b97e6a0c0c";
sha256 = "18achbxap4ikydigmz3m3xjfn3i9dw4rn8yih82vrlc01j02nqpi";
rev = "c3e097a98c84083550fa31101346bd42a0501add";
sha256 = "101cni2a9xvia1mglb94z61jm8xk9r5kc1sn44cri0qsmk1zbqxs";
};
LC_ALL = "en_US.UTF-8";

View File

@ -1,5 +1,6 @@
{ version, sha256 }:
{ lib, stdenv, fetchurl
, fetchpatch
# By default, jemalloc puts a je_ prefix onto all its symbols on OSX, which
# then stops downstream builds (mariadb in particular) from detecting it. This
# option should remove the prefix and give us a working jemalloc.
@ -20,6 +21,14 @@ stdenv.mkDerivation rec {
inherit sha256;
};
patches = [
# workaround https://github.com/jemalloc/jemalloc/issues/2091
(fetchpatch {
url = "https://github.com/jemalloc/jemalloc/commit/3b4a03b92b2e415415a08f0150fdb9eeb659cd52.diff";
sha256 = "sha256-6AYtADREhfj93ZLk9xnXtjc6vHDU0EKLLOvLd6YdJeI=";
})
];
# see the comment on stripPrefix
configureFlags = []
++ optional stripPrefix "--with-jemalloc-prefix="

View File

@ -0,0 +1,55 @@
{ lib
, olefile
, buildPythonPackage
, fetchFromGitHub
, poetry-core
, cryptography
, pytestCheckHook
, pythonOlder
, setuptools
}:
buildPythonPackage rec {
pname = "msoffcrypto-tool";
version = "4.12.0";
format = "pyproject";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "nolze";
repo = pname;
rev = "v${version}";
sha256 = "sha256-EBEwldh2Ct/4oxnAF1hWeW/uRrVsCYEi0cJaZubofFk=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
cryptography
olefile
setuptools
];
checkInputs = [
pytestCheckHook
];
disabledTests = [
# Test fails with AssertionError
"test_cli"
];
pythonImportsCheck = [
"msoffcrypto"
];
meta = with lib; {
description = "Python tool and library for decrypting MS Office files with passwords or other keys";
homepage = "https://github.com/nolze/msoffcrypto-tool";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

View File

@ -0,0 +1,57 @@
{ lib
, buildPythonPackage
, colorclass
, easygui
, fetchFromGitHub
, msoffcrypto-tool
, olefile
, pcodedmp
, pyparsing
, pytestCheckHook
, pythonOlder
, setuptools
}:
buildPythonPackage rec {
pname = "oletools";
version = "0.60";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "decalage2";
repo = pname;
rev = "v${version}";
sha256 = "sha256-gatUVkf8iT1OGnahX1BzQLDypCqhS1EvkAgUHJ6myA4=";
};
propagatedBuildInputs = [
colorclass
easygui
msoffcrypto-tool
olefile
pcodedmp
pyparsing
];
checkInputs = [
pytestCheckHook
];
disabledTests = [
# Test fails with AssertionError: Tuples differ: ('MS Word 2007+...
"test_all"
];
pythonImportsCheck = [
"oletools"
];
meta = with lib; {
description = "Python tool to analyze MS OLE2 files and MS Office documents";
homepage = "https://github.com/decalage2/oletools";
license = with licenses; [ bsd2 /* and */ mit ];
maintainers = with maintainers; [ fab ];
};
}

View File

@ -0,0 +1,41 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "pcodedmp";
version = "1.2.6";
format = "setuptools";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "bontchev";
repo = pname;
rev = version;
sha256 = "sha256-SYOFGMvrzxDPMACaCvqwU28Mh9LEuvFBGvAph4X+geo=";
};
postPatch = ''
# Circular dependency
substituteInPlace setup.py \
--replace "'oletools>=0.54'," ""
'';
# Module doesn't have tests
doCheck = false;
pythonImportsCheck = [
"pcodedmp"
];
meta = with lib; {
description = "Python VBA p-code disassembler";
homepage = "https://github.com/bontchev/pcodedmp";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
};
}

View File

@ -7,13 +7,14 @@
buildPythonPackage rec {
pname = "python_http_client";
version = "3.3.3";
version = "3.3.4";
format = "setuptools";
src = fetchFromGitHub {
owner = "sendgrid";
repo = "python-http-client";
rev = version;
sha256 = "sha256-cZqyu67xP0UIKYbhYYTNL5kLiPjjMjayde75sqkHZhg=";
sha256 = "sha256-wTXHq+tC+rfvmDZIWvcGhQZqm6DxOmx50BsX0c6asec=";
};
checkInputs = [
@ -21,9 +22,9 @@ buildPythonPackage rec {
pytestCheckHook
];
# Failure was fixed by https://github.com/sendgrid/python-http-client/commit/6d62911ab0d0645b499e14bb17c302b48f3c10e4
disabledTests = [ "test__daterange" ];
pythonImportsCheck = [ "python_http_client" ];
pythonImportsCheck = [
"python_http_client"
];
meta = with lib; {
description = "Python HTTP library to call APIs";

View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-feature";
version = "0.5.5";
version = "0.6.0";
src = fetchFromGitHub {
owner = "Riey";
repo = pname;
rev = "v${version}";
sha256 = "sha256-0Ski+LytE636HHduisYJJq3khRsaJJ4YhpmaU5On348=";
sha256 = "sha256-9TP67YtvRtgLtsKACL5xjXq5kZtYpTWsTqQsbOKPwtY=";
};
cargoSha256 = "sha256-PA/s/BrqUftdGc5Lvd0glL9Dr8GLX9pYMq6WRRUQwEk=";
cargoSha256 = "sha256-MkLsQebQdqfUuARIdQZg47kMPudstJUgRQgUuovoLes=";
buildInputs = lib.optional stdenv.isDarwin libiconv;

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "vultr-cli";
version = "2.9.0";
version = "2.11.2";
src = fetchFromGitHub {
owner = "vultr";
repo = pname;
rev = "v${version}";
sha256 = "sha256-xgp+hNNStyakfS8h72CqRTeJVTgA4p4CkoCoTFmFRyI=";
sha256 = "sha256-v5RbStmQX7D+i+oyekilLPsl6lta5rkJV4Uf0mjIF8Y=";
};
vendorSha256 = null;

View File

@ -0,0 +1,190 @@
{ stdenv
, lib
, fetchurl
, cmake
, coreutils
, curl
, file
, glibc
, makeWrapper
, nixosTests
, protobuf
, python3
, sgx-sdk
, shadow
, systemd
, util-linux
, which
, debug ? false
}:
stdenv.mkDerivation rec {
inherit (sgx-sdk) version versionTag src;
pname = "sgx-psw";
postUnpack =
let
ae.prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
};
dcap = rec {
version = "1.11";
filename = "prebuilt_dcap_${version}.tar.gz";
prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
};
};
in
sgx-sdk.postUnpack + ''
# Make sure we use the correct version of prebuilt DCAP
grep -q 'ae_file_name=${dcap.filename}' "$src/external/dcap_source/QuoteGeneration/download_prebuilt.sh" \
|| (echo "Could not find expected prebuilt DCAP ${dcap.filename} in linux-sgx source" >&2 && exit 1)
tar -zxf ${ae.prebuilt} -C $sourceRoot/
tar -zxf ${dcap.prebuilt} -C $sourceRoot/external/dcap_source/QuoteGeneration/
'';
nativeBuildInputs = [
cmake
file
makeWrapper
python3
sgx-sdk
which
];
buildInputs = [
curl
protobuf
];
hardeningDisable = lib.optionals debug [
"fortify"
];
postPatch = ''
# https://github.com/intel/linux-sgx/pull/730
substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \
--replace '/usr/bin/getconf' 'getconf'
# https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/205
substituteInPlace ./external/dcap_source/QuoteGeneration/buildenv.mk \
--replace '/bin/cp' 'cp'
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/Makefile \
--replace '/bin/cp' 'cp'
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/buildenv.mk \
--replace '/bin/cp' 'cp'
patchShebangs \
linux/installer/bin/build-installpkg.sh \
linux/installer/common/psw/createTarball.sh \
linux/installer/common/psw/install.sh
'';
dontUseCmakeConfigure = true;
# Randomly fails if enabled
enableParallelBuilding = false;
buildFlags = [
"psw_install_pkg"
] ++ lib.optionals debug [
"DEBUG=1"
];
installFlags = [
"-C linux/installer/common/psw/output"
"DESTDIR=$(TMPDIR)/install"
];
postInstall = ''
installDir=$TMPDIR/install
sgxPswDir=$installDir/opt/intel/sgxpsw
mv $installDir/usr/lib64/ $out/lib/
ln -sr $out/lib $out/lib64
# Install udev rules to lib/udev/rules.d
mv $sgxPswDir/udev/ $out/lib/
# Install example AESM config
mkdir $out/etc/
mv $sgxPswDir/aesm/conf/aesmd.conf $out/etc/
rmdir $sgxPswDir/aesm/conf/
# Delete init service
rm $sgxPswDir/aesm/aesmd.conf
# Move systemd services
mkdir -p $out/lib/systemd/system/
mv $sgxPswDir/aesm/aesmd.service $out/lib/systemd/system/
mv $sgxPswDir/remount-dev-exec.service $out/lib/systemd/system/
# Move misc files
mkdir $out/share/
mv $sgxPswDir/licenses $out/share/
# Remove unnecessary files
rm $sgxPswDir/{cleanup.sh,startup.sh}
rm -r $sgxPswDir/scripts
mv $sgxPswDir/aesm/ $out/
mkdir $out/bin
makeWrapper $out/aesm/aesm_service $out/bin/aesm_service \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ protobuf ]}:$out/aesm \
--run "cd $out/aesm"
# Make sure we didn't forget to handle any files
rmdir $sgxPswDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1)
'';
# Most—if not all—of those fixups are not relevant for NixOS as we have our own
# NixOS module which is based on those files without relying on them. Still, it
# is helpful to have properly patched versions for non-NixOS distributions.
postFixup = ''
header "Fixing aesmd.service"
substituteInPlace $out/lib/systemd/system/aesmd.service \
--replace '@aesm_folder@' \
"$out/aesm" \
--replace 'Type=forking' \
'Type=simple' \
--replace "ExecStart=$out/aesm/aesm_service" \
"ExecStart=$out/bin/aesm_service --no-daemon"\
--replace "/bin/mkdir" \
"${coreutils}/bin/mkdir" \
--replace "/bin/chown" \
"${coreutils}/bin/chown" \
--replace "/bin/chmod" \
"${coreutils}/bin/chmod" \
--replace "/bin/kill" \
"${coreutils}/bin/kill"
header "Fixing remount-dev-exec.service"
substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \
--replace '/bin/mount' \
"${util-linux}/bin/mount"
header "Fixing linksgx.sh"
# https://github.com/intel/linux-sgx/pull/736
substituteInPlace $out/aesm/linksgx.sh \
--replace '/usr/bin/getent' \
'${glibc.bin}/bin/getent' \
--replace '/usr/sbin/usermod' \
'${shadow}/bin/usermod'
'';
passthru.tests = {
service = nixosTests.aesmd;
};
meta = with lib; {
description = "Intel SGX Architectural Enclave Service Manager";
homepage = "https://github.com/intel/linux-sgx";
maintainers = with maintainers; [ veehaitch citadelcore ];
platforms = [ "x86_64-linux" ];
license = with licenses; [ bsd3 ];
};
}

View File

@ -21,13 +21,13 @@
, validatePkgConfig
, writeShellScript
, writeText
, debug ? false
}:
with lib;
stdenv.mkDerivation rec {
pname = "sgx-sdk";
version = "2.14.100.2";
versionTag = concatStringsSep "." (take 2 (splitVersion version));
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
src = fetchFromGitHub {
owner = "intel";
@ -140,6 +140,8 @@ stdenv.mkDerivation rec {
buildFlags = [
"sdk_install_pkg"
] ++ lib.optionals debug [
"DEBUG=1"
];
enableParallelBuilding = true;
@ -264,7 +266,7 @@ stdenv.mkDerivation rec {
passthru.tests = callPackage ./samples.nix { };
meta = {
meta = with lib; {
description = "Intel SGX SDK for Linux built with IPP Crypto Library";
homepage = "https://github.com/intel/linux-sgx";
maintainers = with maintainers; [ sbellem arturcygan veehaitch ];

View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "trivy";
version = "0.21.1";
version = "0.21.2";
src = fetchFromGitHub {
owner = "aquasecurity";
repo = pname;
rev = "v${version}";
sha256 = "sha256-KxGG59H5EzIcYigvbQlrwpZLP4zMqErO3vDKhBOPc3w=";
sha256 = "sha256-k8bjwKoAXt9XFQX7rHhdrcu3FoaU31Ra78PQHNVCfq0=";
};
vendorSha256 = "sha256-lITzqPMsZk/G2nG4LcUdyTb3gE3rtlXET/c2UaYODvU=";
vendorSha256 = "sha256-rJvmY0557QOb8D1/LhN8w64ds3HwqolLmGdntS5CJPQ=";
excludedPackages = "misc";

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "abcMIDI";
version = "2021.12.05";
version = "2021.12.10";
src = fetchzip {
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
hash = "sha256-q3iyIheV7g6l2S6CSKqt9VQKa9i8xg5RKOO3JfFXuLI=";
hash = "sha256-Jvj7gOrIT0IXihPkPDH9n80bg4xllvPTKxIWA3wX5B0=";
};
meta = with lib; {

View File

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "zellij";
version = "0.21.0";
version = "0.22.0";
src = fetchFromGitHub {
owner = "zellij-org";
repo = "zellij";
rev = "v${version}";
sha256 = "1n033qvidahpfsp4k3x30sav3asldhjlsbydb23vg0v7bxjl2c2q";
sha256 = "sha256-bia1q2IPrlVeSLsD/HGkWwAUW8THAuzXQR2Iw0v8TKM=";
};
cargoSha256 = "1pjmlwx966pgri58xx2zqr84wili0bzpl9gzhjdkvcx0j1f66anb";
cargoSha256 = "sha256-ptM0QrrWFy9rb/CpLYuzRE48Wr429lcE9xnV8uA8mGs=";
nativeBuildInputs = [
installShellFiles

View File

@ -296,6 +296,7 @@ mapAliases ({
svn_all_fast_export = svn-all-fast-export;
topGit = top-git;
};
gitin = throw "gitin has been remove because it was unmaintained and depended on an insecure version of libgit2"; # added 2021-12-07
glib_networking = glib-networking; # added 2018-02-25
gmailieer = lieer; # added 2020-04-19
gmvault = throw "gmvault has been removed because it is unmaintained, mostly broken, and insecure"; # added 2021-03-08
@ -929,7 +930,8 @@ mapAliases ({
telepathy_salut = telepathy-salut; # added 2018-02-25
telnet = inetutils; # added 2018-05-15
terminus = throw "terminus has been removed, it was unmaintained in nixpkgs"; # added 2021-08-21
terraform_1_0_0 = terraform_1_0; # added 2021-06-15
terraform_1_0_0 = throw "terraform_1_0_0 has been renamed to terraform_1"; # added 2021-06-15
terraform_1_0 = throw "terraform_1_0 has been renamed to terraform_1"; # added 2021-12-08
terraform-provider-ibm = terraform-providers.ibm; # added 2018-09-28
terraform-provider-libvirt = terraform-providers.libvirt; # added 2018-09-28
terraform-provider-lxd = terraform-providers.lxd; # added 2020-03-16

View File

@ -373,6 +373,8 @@ with pkgs;
onesixtyone = callPackage ../tools/security/onesixtyone {};
oletools = with python3.pkgs; toPythonApplication oletools;
creddump = callPackage ../tools/security/creddump {};
credential-detector = callPackage ../tools/security/credential-detector { };
@ -5797,8 +5799,6 @@ with pkgs;
github-runner = callPackage ../development/tools/continuous-integration/github-runner { };
gitin = callPackage ../applications/version-management/git-and-tools/gitin { };
gitinspector = callPackage ../applications/version-management/gitinspector { };
gitkraken = callPackage ../applications/version-management/gitkraken { };
@ -17193,7 +17193,11 @@ with pkgs;
jbigkit = callPackage ../development/libraries/jbigkit { };
jemalloc = callPackage ../development/libraries/jemalloc { };
jemalloc = callPackage ../development/libraries/jemalloc {
# tests fail with LLVM 11+
# https://github.com/jemalloc/jemalloc/issues/2091
stdenv = if stdenv.cc.isClang then llvmPackages_10.stdenv else stdenv;
};
jemalloc450 = callPackage ../development/libraries/jemalloc/jemalloc450.nix { };
@ -18795,6 +18799,8 @@ with pkgs;
msgpack = callPackage ../development/libraries/msgpack { };
msoffcrypto-tool = with python3.pkgs; toPythonApplication msoffcrypto-tool;
msilbc = callPackage ../development/libraries/msilbc { };
mp4v2 = callPackage ../development/libraries/mp4v2 { };
@ -22761,7 +22767,9 @@ with pkgs;
seturgent = callPackage ../os-specific/linux/seturgent { };
sgx-sdk = callPackage ../os-specific/linux/sgx-sdk { };
sgx-sdk = callPackage ../os-specific/linux/sgx/sdk { };
sgx-psw = callPackage ../os-specific/linux/sgx/psw { };
shadow = callPackage ../os-specific/linux/shadow { };
@ -33226,11 +33234,11 @@ with pkgs;
terraform_0_13
terraform_0_14
terraform_0_15
terraform_1_0
terraform_1
terraform_plugins_test
;
terraform = terraform_1_0;
terraform = terraform_1;
# deprecated
terraform-full = terraform.full;

View File

@ -5043,6 +5043,8 @@ in {
msldap = callPackage ../development/python-modules/msldap { };
msoffcrypto-tool = callPackage ../development/python-modules/msoffcrypto-tool { };
mss = callPackage ../development/python-modules/mss { };
msrestazure = callPackage ../development/python-modules/msrestazure { };
@ -5422,6 +5424,8 @@ in {
olefile = callPackage ../development/python-modules/olefile { };
oletools = callPackage ../development/python-modules/oletools { };
omegaconf = callPackage ../development/python-modules/omegaconf { };
omnilogic = callPackage ../development/python-modules/omnilogic { };
@ -5707,6 +5711,8 @@ in {
pc-ble-driver-py = toPythonModule (callPackage ../development/python-modules/pc-ble-driver-py { });
pcodedmp = callPackage ../development/python-modules/pcodedmp { };
pcpp = callPackage ../development/python-modules/pcpp { };
pdf2image = callPackage ../development/python-modules/pdf2image { };