diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 7f0371d5aced..3ebd91d66f8f 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -8568,6 +8568,12 @@ github = "polygon"; githubId = 51489; }; + polykernel = { + email = "81340136+polykernel@users.noreply.github.com"; + github = "polykernel"; + githubId = 81340136; + name = "polykernel"; + }; polyrod = { email = "dc1mdp@gmail.com"; github = "polyrod"; diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 2be9da8f42a1..1e125eced2cb 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -179,28 +179,41 @@ in You cannot configure both an Intel iGPU and an AMD APU. Pick the one corresponding to your processor. ''; } + { assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != ""); message = '' When NVIDIA PRIME is enabled, the GPU bus IDs must configured. ''; } + { assertion = offloadCfg.enable -> versionAtLeast nvidia_x11.version "435.21"; message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21."; } + { assertion = !(syncCfg.enable && offloadCfg.enable); message = "Only one NVIDIA PRIME solution may be used at a time."; } + { assertion = !(syncCfg.enable && cfg.powerManagement.finegrained); message = "Sync precludes powering down the NVIDIA GPU."; } + { assertion = cfg.powerManagement.enable -> offloadCfg.enable; message = "Fine-grained power management requires offload to be enabled."; } + + { + assertion = cfg.powerManagement.enable -> ( + builtins.pathExists (cfg.package.out + "/bin/nvidia-sleep.sh") && + builtins.pathExists (cfg.package.out + "/lib/systemd/system-sleep/nvidia") + ); + message = "Required files for driver based power management don't exist."; + } ]; # If Optimus/PRIME is enabled, we: diff --git a/nixos/modules/services/databases/victoriametrics.nix b/nixos/modules/services/databases/victoriametrics.nix index 5b09115bb2fb..9e2c79e61a39 100644 --- a/nixos/modules/services/databases/victoriametrics.nix +++ b/nixos/modules/services/databases/victoriametrics.nix @@ -53,6 +53,14 @@ let cfg = config.services.victoriametrics; in -retentionPeriod ${toString cfg.retentionPeriod} \ ${lib.escapeShellArgs cfg.extraOptions} ''; + # victoriametrics 1.59 with ~7GB of data seems to eventually panic when merging files and then + # begins restart-looping forever. Set LimitNOFILE= to a large number to work around this issue. + # + # panic: FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": + # cannot open source part for merging: cannot open values file in stream mode: + # cannot open file "/var/lib/victoriametrics/data/small/2021_08/[...]/values.bin": + # open /var/lib/victoriametrics/data/small/2021_08/[...]/values.bin: too many open files + LimitNOFILE = 1048576; }; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json b/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json index 7c527b292158..cae9e1bdba06 100644 --- a/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json +++ b/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json @@ -27,6 +27,12 @@ "msbc-alt1-rtl" ] }, + { + "name": "BAA 100", + "no-features": [ + "hw-volume" + ] + }, { "name": "JBL Endurance RUN BT", "no-features": [ @@ -190,6 +196,35 @@ "msbc-alt1" ] }, + { + "sysname": "Linux", + "release": "~^5\\.12\\.(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)($|[^0-9])" + }, + { + "sysname": "Linux", + "release": "~^5\\.12\\.", + "no-features": [ + "msbc-alt1" + ] + }, + { + "sysname": "Linux", + "release": "~^5\\.13\\.(1|2)($|[^0-9])" + }, + { + "sysname": "Linux", + "release": "~^5\\.13\\.", + "no-features": [ + "msbc-alt1" + ] + }, + { + "sysname": "Linux", + "release": "~^5\\.14\\.", + "no-features": [ + "msbc-alt1" + ] + }, { "no-features": [] } diff --git a/nixos/modules/services/desktops/pipewire/jack.conf.json b/nixos/modules/services/desktops/pipewire/jack.conf.json index e36e04fffcf2..128178bfa027 100644 --- a/nixos/modules/services/desktops/pipewire/jack.conf.json +++ b/nixos/modules/services/desktops/pipewire/jack.conf.json @@ -24,5 +24,15 @@ "name": "libpipewire-module-metadata" } ], - "jack.properties": {} + "jack.properties": {}, + "jack.rules": [ + { + "matches": [ + {} + ], + "actions": { + "update-props": {} + } + } + ] } diff --git a/nixos/modules/services/desktops/pipewire/media-session.conf.json b/nixos/modules/services/desktops/pipewire/media-session.conf.json index 24906e767d6d..4b4e302af387 100644 --- a/nixos/modules/services/desktops/pipewire/media-session.conf.json +++ b/nixos/modules/services/desktops/pipewire/media-session.conf.json @@ -59,6 +59,7 @@ "with-pulseaudio": [ "with-audio", "bluez5", + "bluez5-autoswitch", "logind", "restore-stream", "streams-follow-default" diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix index 2eb06d88287f..a004b124dd6d 100644 --- a/nixos/tests/xmpp/prosody.nix +++ b/nixos/tests/xmpp/prosody.nix @@ -1,6 +1,6 @@ let cert = pkgs: pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' - openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500 mkdir -p $out cp key.pem cert.pem $out ''; diff --git a/pkgs/applications/graphics/imv/default.nix b/pkgs/applications/graphics/imv/default.nix index e9488b845f22..04150a1ceb81 100644 --- a/pkgs/applications/graphics/imv/default.nix +++ b/pkgs/applications/graphics/imv/default.nix @@ -56,13 +56,13 @@ assert builtins.all stdenv.mkDerivation rec { pname = "imv"; - version = "4.2.0"; + version = "4.3.0"; src = fetchFromGitHub { owner = "eXeC64"; repo = "imv"; rev = "v${version}"; - sha256 = "07pcpppmfvvj0czfvp1cyq03ha0jdj4whl13lzvw37q3vpxs5qqh"; + sha256 = "sha256-HP9W9US9e3YAXwCqiHV8NVqrO20SfQKcW3a6+r1XrIs="; }; mesonFlags = [ diff --git a/pkgs/applications/misc/fnott/default.nix b/pkgs/applications/misc/fnott/default.nix new file mode 100644 index 000000000000..8610f5411960 --- /dev/null +++ b/pkgs/applications/misc/fnott/default.nix @@ -0,0 +1,56 @@ +{ stdenv +, lib +, fetchgit +, pkg-config +, meson +, ninja +, scdoc +, wayland-protocols +, tllist +, fontconfig +, freetype +, pixman +, libpng +, wayland +, wlroots +, dbus +, fcft +}: + +stdenv.mkDerivation rec { + pname = "fnott"; + version = "1.1.0"; + + src = fetchgit { + url = "https://codeberg.org/dnkl/fnott.git"; + rev = version; + sha256 = "sha256-lePd36TFQKZd+B7puUbQhLVrbybeSPjMTFWfY0B82S4="; + }; + + nativeBuildInputs = [ + pkg-config + meson + ninja + scdoc + wayland-protocols + tllist + ]; + buildInputs = [ + fontconfig + freetype + pixman + libpng + wayland + wlroots + dbus + fcft + ]; + + meta = with lib; { + homepage = "https://codeberg.org/dnkl/fnott"; + description = "Keyboard driven and lightweight Wayland notification daemon for wlroots-based compositors."; + license = licenses.mit; + maintainers = with maintainers; [ polykernel ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/misc/tut/default.nix b/pkgs/applications/misc/tut/default.nix index 4901eda54aa6..2e811fa8843b 100644 --- a/pkgs/applications/misc/tut/default.nix +++ b/pkgs/applications/misc/tut/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "tut"; - version = "0.0.20"; + version = "0.0.26"; src = fetchFromGitHub { owner = "RasmusLindroth"; repo = pname; rev = version; - sha256 = "03jiv5m807z96796fbpi6ny22am3sq4jfni37fxbld05sxdzwcnd"; + sha256 = "1d4n55p9hl4c8i2yz3gq3r7kma7j32pr976dhd7xdwhxadvn3aal"; }; - vendorSha256 = "1in5b7ixnm5iizkzziqclvgaq87ccdh507amkgfhfy5sxsgbfb1g"; + vendorSha256 = "1zmwfgl1mayqcqk93368l94d6yah1qb0x11vf9b2x7zbzxzfshg9"; meta = with lib; { description = "A TUI for Mastodon with vim inspired keys"; diff --git a/pkgs/applications/misc/writefreely/default.nix b/pkgs/applications/misc/writefreely/default.nix index 5f38d405cb82..50faa50c0edf 100644 --- a/pkgs/applications/misc/writefreely/default.nix +++ b/pkgs/applications/misc/writefreely/default.nix @@ -17,12 +17,12 @@ buildGoModule rec { preBuild = '' make assets - export buildFlagsArray=( - "-ldflags=-s -w -X github.com/writeas/writefreely.softwareVer=${version}" - "-tags='sqlite'" - ) ''; + ldflags = [ "-s" "-w" "-X github.com/writeas/writefreely.softwareVer=${version}" ]; + + tags = [ "sqlite" ]; + subPackages = [ "cmd/writefreely" ]; meta = with lib; { diff --git a/pkgs/applications/networking/cluster/node-problem-detector/default.nix b/pkgs/applications/networking/cluster/node-problem-detector/default.nix index e53a9c39ea7e..0d23e94879a8 100644 --- a/pkgs/applications/networking/cluster/node-problem-detector/default.nix +++ b/pkgs/applications/networking/cluster/node-problem-detector/default.nix @@ -28,11 +28,9 @@ buildGoModule rec { buildInputs = lib.optionals stdenv.isLinux [ systemd ]; - buildFlags = "-mod vendor" + - lib.optionalString stdenv.isLinux " -tags journald"; + tags = lib.optionals stdenv.isLinux [ "journald" ]; - buildFlagsArray = [ - "-ldflags=" + ldflags = [ "-X k8s.io/${pname}/pkg/version.version=v${version}" ]; diff --git a/pkgs/applications/networking/sync/rclone/default.nix b/pkgs/applications/networking/sync/rclone/default.nix index 4b1a0bed048f..6e19fb60f8e5 100644 --- a/pkgs/applications/networking/sync/rclone/default.nix +++ b/pkgs/applications/networking/sync/rclone/default.nix @@ -23,8 +23,9 @@ buildGoModule rec { buildInputs = lib.optional enableCmount (if stdenv.isDarwin then macfuse-stubs else fuse); nativeBuildInputs = [ installShellFiles makeWrapper ]; - buildFlagsArray = lib.optionals enableCmount [ "-tags=cmount" ] - ++ [ "-ldflags=-s -w -X github.com/rclone/rclone/fs.Version=${version}" ]; + tags = lib.optionals enableCmount [ "cmount" ]; + + ldflags = [ "-s" "-w" "-X github.com/rclone/rclone/fs.Version=${version}" ]; postInstall = let diff --git a/pkgs/applications/science/electronics/lepton-eda/default.nix b/pkgs/applications/science/electronics/lepton-eda/default.nix index 060909bdcb40..3e701dc93c4f 100644 --- a/pkgs/applications/science/electronics/lepton-eda/default.nix +++ b/pkgs/applications/science/electronics/lepton-eda/default.nix @@ -19,11 +19,11 @@ stdenv.mkDerivation rec { pname = "lepton-eda"; - version = "1.9.13-20201211"; + version = "1.9.16-20210731"; src = fetchurl { url = "https://github.com/lepton-eda/lepton-eda/releases/download/${version}/lepton-eda-${builtins.head (lib.splitString "-" version)}.tar.gz"; - sha256 = "sha256-9Be3FBWnZU2M5aNQwi3N8M81e0S7n46mwWQh1mrK4Z8="; + sha256 = "sha256-xdJ11M4RXNF6ePZD6Y+/DUdO21AFLbydZcq9nWg0+Yk="; }; nativeBuildInputs = [ pkg-config makeWrapper texinfo autoreconfHook ]; diff --git a/pkgs/development/interpreters/clojure/babashka.nix b/pkgs/development/interpreters/clojure/babashka.nix index 145391229ed9..850a5f3d772e 100644 --- a/pkgs/development/interpreters/clojure/babashka.nix +++ b/pkgs/development/interpreters/clojure/babashka.nix @@ -35,6 +35,7 @@ stdenv.mkDerivation rec { "-J-Dclojure.spec.skip-macros=true" "-J-Dclojure.compiler.direct-linking=true" "-H:IncludeResources=BABASHKA_VERSION" + "-H:IncludeResources=META-INF/babashka/.*" "-H:IncludeResources=SCI_VERSION" "-H:ReflectionConfigurationFiles=${reflectionJson}" "--initialize-at-build-time" diff --git a/pkgs/development/libraries/intel-media-driver/default.nix b/pkgs/development/libraries/intel-media-driver/default.nix index b64d4d505380..7cc25ec3fac9 100644 --- a/pkgs/development/libraries/intel-media-driver/default.nix +++ b/pkgs/development/libraries/intel-media-driver/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "intel-media-driver"; - version = "21.3.0"; + version = "21.3.1"; src = fetchFromGitHub { owner = "intel"; repo = "media-driver"; rev = "intel-media-${version}"; - sha256 = "1byliq1c80xfklm3d2d910j1i7s7pfi3i3c6baigag1kzgc0apd0"; + sha256 = "0f6lgnca68aj9gdbxla2mwgap33ksdgiss0m7dk35r0slgf0hdxr"; }; cmakeFlags = [ diff --git a/pkgs/development/libraries/libfreeaptx/default.nix b/pkgs/development/libraries/libfreeaptx/default.nix new file mode 100644 index 000000000000..9e30973f199e --- /dev/null +++ b/pkgs/development/libraries/libfreeaptx/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "libfreeaptx"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "iamthehorker"; + repo = pname; + rev = version; + sha256 = "sha256-eEUhOrKqb2hHWanY+knpY9FBEnjkkFTB+x6BZgMBpbo="; + }; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + # disable static builds + "ANAME=" + "AOBJECTS=" + "STATIC_UTILITIES=" + ]; + + enableParallelBuilding = true; + + meta = with lib; { + description = "Free Implementation of Audio Processing Technology codec (aptX)"; + license = licenses.lgpl21Plus; + homepage = "https://github.com/iamthehorker/libfreeaptx"; + platforms = platforms.linux; + maintainers = with maintainers; [ kranzes ]; + }; +} diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 3fed43d2d041..d23a7b8e7f5d 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -29,7 +29,7 @@ , withMediaSession ? true , gstreamerSupport ? true, gst_all_1 ? null , ffmpegSupport ? true, ffmpeg ? null -, bluezSupport ? true, bluez ? null, sbc ? null, libopenaptx ? null, ldacbt ? null, fdk_aac ? null +, bluezSupport ? true, bluez ? null, sbc ? null, libfreeaptx ? null, ldacbt ? null, fdk_aac ? null , nativeHspSupport ? true , nativeHfpSupport ? true , ofonoSupport ? true @@ -48,7 +48,7 @@ let self = stdenv.mkDerivation rec { pname = "pipewire"; - version = "0.3.32"; + version = "0.3.33"; outputs = [ "out" @@ -66,7 +66,7 @@ let owner = "pipewire"; repo = "pipewire"; rev = version; - sha256 = "0f5hkypiy1qjqj3frzz128668hzbi0fqmj0j21z7rp51y62dapnp"; + sha256 = "sha256-HP2HcGjrLw0+8pO1upvJQk32v+bifYpi5Rtod0TbBis="; }; patches = [ @@ -110,7 +110,7 @@ let systemd ] ++ lib.optionals gstreamerSupport [ gst_all_1.gst-plugins-base gst_all_1.gstreamer ] ++ lib.optional ffmpegSupport ffmpeg - ++ lib.optionals bluezSupport [ bluez libopenaptx ldacbt sbc fdk_aac ] + ++ lib.optionals bluezSupport [ bluez libfreeaptx ldacbt sbc fdk_aac ] ++ lib.optional pulseTunnelSupport libpulseaudio ++ lib.optional zeroconfSupport avahi; @@ -209,7 +209,7 @@ let homepage = "https://pipewire.org/"; license = licenses.mit; platforms = platforms.linux; - maintainers = with maintainers; [ jtojnar ]; + maintainers = with maintainers; [ jtojnar kranzes ]; }; }; diff --git a/pkgs/development/libraries/tracker-miners/default.nix b/pkgs/development/libraries/tracker-miners/default.nix index c571e2238447..a5553dd0d00a 100644 --- a/pkgs/development/libraries/tracker-miners/default.nix +++ b/pkgs/development/libraries/tracker-miners/default.nix @@ -26,7 +26,6 @@ , json-glib , libcue , libexif -, libgrss , libgsf , libgxps , libiptcdata @@ -86,7 +85,6 @@ stdenv.mkDerivation rec { json-glib libcue libexif - libgrss libgsf libgxps libiptcdata @@ -108,6 +106,11 @@ stdenv.mkDerivation rec { mesonFlags = [ # TODO: tests do not like our sandbox "-Dfunctional_tests=false" + + # libgrss is unmaintained and has no new releases since 2015, and an open + # security issue since then. Despite a patch now being availab, we're opting + # to be safe due to the general state of the project + "-Dminer_rss=false" ]; patches = [ diff --git a/pkgs/development/python-modules/pytest-httpserver/default.nix b/pkgs/development/python-modules/pytest-httpserver/default.nix index aaca4174a2f2..79d10f8cf743 100644 --- a/pkgs/development/python-modules/pytest-httpserver/default.nix +++ b/pkgs/development/python-modules/pytest-httpserver/default.nix @@ -1,7 +1,6 @@ { lib , buildPythonPackage , fetchPypi -, pytest-asyncio , pytest-cov , pytestCheckHook , requests @@ -10,12 +9,12 @@ buildPythonPackage rec { pname = "pytest-httpserver"; - version = "1.0.0"; + version = "1.0.1"; src = fetchPypi { pname = "pytest_httpserver"; inherit version; - sha256 = "sha256-rjCV0TTUBgLpVyEUDiIhOdpKV5lWEjmQr4WCUyTQdG0="; + sha256 = "12b0028vp5rh9bg712klgjzm4vl4biyza1j6iyv3pgg25ircang3"; }; propagatedBuildInputs = [ werkzeug ]; diff --git a/pkgs/games/ballerburg/default.nix b/pkgs/games/ballerburg/default.nix new file mode 100644 index 000000000000..ceb95059eded --- /dev/null +++ b/pkgs/games/ballerburg/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchurl, cmake, SDL }: + +stdenv.mkDerivation rec { + pname = "ballerburg"; + version = "1.2.0"; + + src = fetchurl { + url = "https://download.tuxfamily.org/baller/ballerburg-${version}.tar.gz"; + sha256 = "sha256-BiX0shPBGA8sshee8rxs41x+mdsrJzBqhpDDic6sYwA="; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ SDL ]; + + meta = with lib; { + description = "Classic cannon combat game"; + longDescription = '' + Two castles, separated by a mountain, try to defeat each other with their cannonballs, + either by killing the opponent's king or by weakening the opponent enough so that the king capitulates.''; + homepage = "https://baller.tuxfamily.org/"; + license = licenses.gpl3Plus; + maintainers = [ maintainers.j0hax ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/games/freeciv/default.nix b/pkgs/games/freeciv/default.nix index 27731a3a008b..051266fa8007 100644 --- a/pkgs/games/freeciv/default.nix +++ b/pkgs/games/freeciv/default.nix @@ -7,17 +7,14 @@ , enableSqlite ? true, sqlite }: -let - inherit (lib) optional optionals; - -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { pname = "freeciv"; version = "2.6.5"; src = fetchFromGitHub { owner = "freeciv"; repo = "freeciv"; - rev = "R${builtins.replaceStrings [ "." ] [ "_" ] version}"; + rev = "R${lib.replaceStrings [ "." ] [ "_" ] version}"; sha256 = "sha256-7KVtBGihABpcbUm5ac2fuBVaDvbucEJSREPulGUdnUE="; }; @@ -29,43 +26,39 @@ in stdenv.mkDerivation rec { ''; nativeBuildInputs = [ autoreconfHook pkg-config ] - ++ optional qtClient [ qt5.wrapQtAppsHook ]; + ++ lib.optional qtClient [ qt5.wrapQtAppsHook ]; buildInputs = [ lua5_3 zlib bzip2 curl xz gettext libiconv ] - ++ optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype fluidsynth ] - ++ optionals gtkClient [ gtk3 ] - ++ optionals qtClient [ qt5.qtbase ] - ++ optional server readline - ++ optional enableSqlite sqlite; + ++ lib.optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype fluidsynth ] + ++ lib.optionals gtkClient [ gtk3 ] + ++ lib.optionals qtClient [ qt5.qtbase ] + ++ lib.optional server readline + ++ lib.optional enableSqlite sqlite; dontWrapQtApps = true; configureFlags = [ "--enable-shared" ] - ++ optional sdlClient "--enable-client=sdl" - ++ optionals qtClient [ + ++ lib.optional sdlClient "--enable-client=sdl" + ++ lib.optionals qtClient [ "--enable-client=qt" "--with-qt5-includes=${qt5.qtbase.dev}/include" - ] - ++ optionals gtkClient [ "--enable-client=gtk3.22" ] - ++ optional enableSqlite "--enable-fcdb=sqlite3" - ++ optional (!gtkClient) "--enable-fcmp=cli" - ++ optional (!server) "--disable-server"; + ] ++ lib.optionals gtkClient [ "--enable-client=gtk3.22" ] + ++ lib.optional enableSqlite "--enable-fcdb=sqlite3" + ++ lib.optional (!gtkClient) "--enable-fcmp=cli" + ++ lib.optional (!server) "--disable-server"; enableParallelBuilding = true; meta = with lib; { description = "Multiplayer (or single player), turn-based strategy game"; - longDescription = '' Freeciv is a Free and Open Source empire-building strategy game inspired by the history of human civilization. The game commences in prehistory and your mission is to lead your tribe from the stone age to the space age... ''; - homepage = "http://www.freeciv.org"; # http only license = licenses.gpl2; - maintainers = with maintainers; [ pierron ]; platforms = platforms.unix; hydraPlatforms = platforms.linux; # sdl-config times out on darwin diff --git a/pkgs/servers/mautrix-telegram/default.nix b/pkgs/servers/mautrix-telegram/default.nix index f54657db38f8..41d0d5b04671 100644 --- a/pkgs/servers/mautrix-telegram/default.nix +++ b/pkgs/servers/mautrix-telegram/default.nix @@ -1,4 +1,6 @@ -{ lib, python3, mautrix-telegram, fetchFromGitHub }: +{ lib, python3, mautrix-telegram, fetchFromGitHub +, withE2BE ? true +}: let python = python3.override { @@ -36,7 +38,7 @@ in python.pkgs.buildPythonPackage rec { sed -i -e '/alembic>/d' requirements.txt ''; - propagatedBuildInputs = with python.pkgs; [ + propagatedBuildInputs = with python.pkgs; ([ Mako aiohttp mautrix @@ -49,7 +51,12 @@ in python.pkgs.buildPythonPackage rec { pillow lxml setuptools - ] ++ dbDrivers; + ] ++ lib.optionals withE2BE [ + asyncpg + python-olm + pycryptodome + unpaddedbase64 + ]) ++ dbDrivers; # `alembic` (a database migration tool) is only needed for the initial setup, # and not needed during the actual runtime. However `alembic` requires `mautrix-telegram` diff --git a/pkgs/servers/minio/default.nix b/pkgs/servers/minio/default.nix index d244abf2e68c..1651835e30e3 100644 --- a/pkgs/servers/minio/default.nix +++ b/pkgs/servers/minio/default.nix @@ -30,11 +30,13 @@ buildGoModule rec { subPackages = [ "." ]; - preBuild = let t = "github.com/minio/minio/cmd"; in - '' - export CGO_ENABLED=0 - buildFlagsArray+=("-tags" "kqueue" "-ldflags" "-s -w -X ${t}.Version=${versionToTimestamp version} -X ${t}.ReleaseTag=RELEASE.${version} -X ${t}.CommitID=${src.rev}") - ''; + CGO_ENABLED = 0; + + tags = [ "kqueue" ]; + + ldflags = let t = "github.com/minio/minio/cmd"; in [ + "-s" "-w" "-X ${t}.Version=${versionToTimestamp version}" "-X ${t}.ReleaseTag=RELEASE.${version}" "-X ${t}.CommitID=${src.rev}" + ]; passthru.tests.minio = nixosTests.minio; diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix index 2c8ba20f6d41..226efe51f56e 100644 --- a/pkgs/servers/monitoring/grafana/default.nix +++ b/pkgs/servers/monitoring/grafana/default.nix @@ -2,23 +2,23 @@ buildGoModule rec { pname = "grafana"; - version = "8.0.6"; + version = "8.1.0"; - excludedPackages = "\\(alert_webhook_listener\\|clean-swagger\\|release_publisher\\|slow_proxy\\|slow_proxy_mac\\)"; + excludedPackages = "\\(alert_webhook_listener\\|clean-swagger\\|release_publisher\\|slow_proxy\\|slow_proxy_mac\\|macaron\\)"; src = fetchFromGitHub { rev = "v${version}"; owner = "grafana"; repo = "grafana"; - sha256 = "sha256-incw/Uv1Jeg/WAkWUgJGvdJ2OpZYfkCAvgLW/qXWXEo="; + sha256 = "sha256-l7tVsxyUJ+WEPA3q3pcW3W74/2YlSgz84Au1A9a7s/E="; }; srcStatic = fetchurl { url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz"; - sha256 = "sha256-JSpNAi9NvZpo0HzdDmdi1i+lNGLylHgctT6PPWHNhkk="; + sha256 = "sha256-OsjIK9NOU5XynzUOLyntTquH0UPwL/Eqw9XjaDsSO+g="; }; - vendorSha256 = "sha256-72i2NgulRpdBZ9dwx+0VlKDzzNnBJgEKKizrLPwzUY4="; + vendorSha256 = "sha256-cfErlr7YS+8TVy0+XWDiA3h1lMoV3efdsjuH+yEcwXs="; preBuild = '' # The testcase makes an API call against grafana.com: diff --git a/pkgs/servers/mpd/default.nix b/pkgs/servers/mpd/default.nix index eef79853b395..042772c95db8 100644 --- a/pkgs/servers/mpd/default.nix +++ b/pkgs/servers/mpd/default.nix @@ -116,13 +116,13 @@ let in stdenv.mkDerivation rec { pname = "mpd"; - version = "0.22.9"; + version = "0.22.10"; src = fetchFromGitHub { owner = "MusicPlayerDaemon"; repo = "MPD"; rev = "v${version}"; - sha256 = "sha256-Qw7qJqxcBKxshT/qbVUegE1Tpt4QV5WbUHT2+qLbr9o="; + sha256 = "sha256-h9dmi8AI8ZCjF4nlTi07uOWKs+8gly2HhSbPRB3Jl0g="; }; buildInputs = [ diff --git a/pkgs/servers/nosql/influxdb2/default.nix b/pkgs/servers/nosql/influxdb2/default.nix index 1e65689444fe..bba51c6a8031 100644 --- a/pkgs/servers/nosql/influxdb2/default.nix +++ b/pkgs/servers/nosql/influxdb2/default.nix @@ -102,12 +102,12 @@ in buildGoModule { go generate popd done - export buildFlagsArray=( - -tags="assets" - -ldflags="-X main.commit=${shorthash} -X main.version=${version}" - ) ''; + tags = [ "assets" ]; + + ldflags = [ "-X main.commit=${shorthash}" "-X main.version=${version}" ]; + meta = with lib; { description = "An open-source distributed time series database"; license = licenses.mit; diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix index 2e1f68f6b125..c642784af922 100644 --- a/pkgs/servers/tailscale/default.nix +++ b/pkgs/servers/tailscale/default.nix @@ -21,12 +21,9 @@ buildGoModule rec { subPackages = [ "cmd/tailscale" "cmd/tailscaled" ]; - preBuild = '' - export buildFlagsArray=( - -tags="xversion" - -ldflags="-X tailscale.com/version.Long=${version} -X tailscale.com/version.Short=${version}" - ) - ''; + tags = [ "xversion" ]; + + ldflags = [ "-X tailscale.com/version.Long=${version}" "-X tailscale.com/version.Short=${version}" ]; postInstall = '' wrapProgram $out/bin/tailscaled --prefix PATH : ${ diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index ac62ad30829a..ba3c8eef20e6 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -231,6 +231,7 @@ let timeout = int; # Weirder stuff that doesn't appear in the documentation? + maxSilent = int; knownVulnerabilities = listOf str; name = str; version = str; diff --git a/pkgs/tools/admin/clair/default.nix b/pkgs/tools/admin/clair/default.nix index 0298ca29a7c4..b0765d852ca0 100644 --- a/pkgs/tools/admin/clair/default.nix +++ b/pkgs/tools/admin/clair/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "clair"; - version = "4.1.1"; + version = "4.1.2"; src = fetchFromGitHub { owner = "quay"; repo = pname; rev = "v${version}"; - sha256 = "sha256-E04G3EJ0JrOVjtTd3nBHZehzuDrvt6t4hfFdGO92uuk="; + sha256 = "sha256-eeNJ6oQayPBOHKsFrr2JbdLSv3R7N1xW3lV4LgVpUI4="; }; - vendorSha256 = "sha256-xgP5IhB9eyKOIBlT5jKDJkUy8lz2UrWmGqqeDhqRawY="; + vendorSha256 = "sha256-79+j/+X9DQBpUvZuyQCSaoy1f4UnkERh54zmo4AhGwc="; doCheck = false; diff --git a/pkgs/tools/admin/eksctl/default.nix b/pkgs/tools/admin/eksctl/default.nix index 81585c924760..f7cc0cb8fcae 100644 --- a/pkgs/tools/admin/eksctl/default.nix +++ b/pkgs/tools/admin/eksctl/default.nix @@ -17,10 +17,10 @@ buildGoModule rec { subPackages = [ "cmd/eksctl" ]; - buildFlags = [ "-tags netgo" "-tags release" ]; + tags = [ "netgo" "release" ]; - buildFlagsArray = [ - "-ldflags=-s -w -X github.com/weaveworks/eksctl/pkg/version.gitCommit=${src.rev} -X github.com/weaveworks/eksctl/pkg/version.buildDate=19700101-00:00:00" + ldflags = [ + "-s" "-w" "-X github.com/weaveworks/eksctl/pkg/version.gitCommit=${src.rev}" "-X github.com/weaveworks/eksctl/pkg/version.buildDate=19700101-00:00:00" ]; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/backup/wal-g/default.nix b/pkgs/tools/backup/wal-g/default.nix index e9be1c83005e..e184810a29b9 100644 --- a/pkgs/tools/backup/wal-g/default.nix +++ b/pkgs/tools/backup/wal-g/default.nix @@ -17,10 +17,9 @@ buildGoModule rec { subPackages = [ "main/pg" ]; - buildFlagsArray = [ - "-tags=brotli libsodium" - "-ldflags=-s -w -X github.com/wal-g/wal-g/cmd/pg.WalgVersion=${version} -X github.com/wal-g/wal-g/cmd/pg.GitRevision=${src.rev}" - ]; + tags = [ "brotli" "libsodium" ]; + + ldflags = [ "-s" "-w" "-X github.com/wal-g/wal-g/cmd/pg.WalgVersion=${version}" "-X github.com/wal-g/wal-g/cmd/pg.GitRevision=${src.rev}" ]; postInstall = '' mv $out/bin/pg $out/bin/wal-g diff --git a/pkgs/tools/misc/diskonaut/default.nix b/pkgs/tools/misc/diskonaut/default.nix index 058a0d1ad6f4..1fd1d3422a0f 100644 --- a/pkgs/tools/misc/diskonaut/default.nix +++ b/pkgs/tools/misc/diskonaut/default.nix @@ -1,4 +1,4 @@ -{ lib, rustPlatform, fetchFromGitHub }: +{ lib, stdenv, rustPlatform, fetchFromGitHub }: rustPlatform.buildRustPackage rec { pname = "diskonaut"; @@ -13,10 +13,13 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "10jrcy8m9ll4136ghq3fhmnphd9g3rw863x708vm17n44kgdxyab"; + # 1 passed; 44 failed https://hydra.nixos.org/build/148943783/nixlog/1 + doCheck = !stdenv.isDarwin; + meta = with lib; { description = "Terminal disk space navigator"; homepage = "https://github.com/imsnif/diskonaut"; license = licenses.mit; - maintainers = with maintainers; [ evanjs ]; + maintainers = with maintainers; [ evanjs SuperSandro2000 ]; }; } diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix index cc56205243d5..108cc5b82fd6 100644 --- a/pkgs/tools/misc/file/default.nix +++ b/pkgs/tools/misc/file/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file; buildInputs = [ zlib ] - ++ lib.optional stdenv.hostPlatform.isWindows libgnurx; + ++ lib.optional stdenv.hostPlatform.isWindows libgnurx; doCheck = true; @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://darwinsys.com/file"; description = "A program that shows the type of files"; + maintainers = with maintainers; [ ]; license = licenses.bsd2; platforms = platforms.all; }; diff --git a/pkgs/tools/misc/graylog/default.nix b/pkgs/tools/misc/graylog/default.nix index 8d18d654c72f..729cfbc283f9 100644 --- a/pkgs/tools/misc/graylog/default.nix +++ b/pkgs/tools/misc/graylog/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "graylog"; - version = "4.0.7"; + version = "3.3.14"; src = fetchurl { url = "https://packages.graylog2.org/releases/graylog/graylog-${version}.tgz"; - sha256 = "sha256-sZn/ug4oh/SHbICbiQeAmtEIwT3++DBWbT2XBkYGYUc="; + sha256 = "04dslbvgrraacsw7wydbiv8jc753as2g54wn9sgh3lsryvzrfqfa"; }; dontBuild = true; diff --git a/pkgs/tools/misc/vector/default.nix b/pkgs/tools/misc/vector/default.nix index 71f2ad3e9553..392b03f21a37 100644 --- a/pkgs/tools/misc/vector/default.nix +++ b/pkgs/tools/misc/vector/default.nix @@ -40,7 +40,7 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "sha256-DFFA6t+ZgpGieq5kT80PW5ZSByIp54ia2UvcBYY2+Lg="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ oniguruma openssl protobuf rdkafka zstd ] - ++ lib.optional stdenv.isDarwin [ Security libiconv coreutils CoreServices ]; + ++ lib.optionals stdenv.isDarwin [ Security libiconv coreutils CoreServices ]; # needed for internal protobuf c wrapper library PROTOC = "${protobuf}/bin/protoc"; diff --git a/pkgs/tools/networking/bandwhich/default.nix b/pkgs/tools/networking/bandwhich/default.nix index 233c57bc635d..ebb816b1887a 100644 --- a/pkgs/tools/networking/bandwhich/default.nix +++ b/pkgs/tools/networking/bandwhich/default.nix @@ -15,6 +15,9 @@ rustPlatform.buildRustPackage rec { buildInputs = lib.optional stdenv.isDarwin Security; + # 10 passed; 47 failed https://hydra.nixos.org/build/148943783/nixlog/1 + doCheck = !stdenv.isDarwin; + meta = with lib; { description = "A CLI utility for displaying current network utilization"; longDescription = '' @@ -26,7 +29,7 @@ rustPlatform.buildRustPackage rec { ''; homepage = "https://github.com/imsnif/bandwhich"; license = licenses.mit; - maintainers = with maintainers; [ Br1ght0ne ma27 ]; + maintainers = with maintainers; [ Br1ght0ne ma27 SuperSandro2000 ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/networking/croc/default.nix b/pkgs/tools/networking/croc/default.nix index 001ee1c725a9..485ce66dbd7c 100644 --- a/pkgs/tools/networking/croc/default.nix +++ b/pkgs/tools/networking/croc/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "croc"; - version = "9.2.0"; + version = "9.2.1"; src = fetchFromGitHub { owner = "schollz"; repo = pname; rev = "v${version}"; - sha256 = "sha256-wEgR/4t2NRqdlAtHS41sACSNZpDY+4IEaeftCgRpEEk="; + sha256 = "sha256-pEW20IbPVywNq2udfdQ/U71aDEku73+JGiy2iRADJ8Y="; }; - vendorSha256 = "sha256-YwMqIbxj6ldYBjLb3Gs96oOHM2Li4Qq8PEMeYtrcSnE="; + vendorSha256 = "sha256-z5G56PiBisceNc4tfZJVKh9tZmUkyamQBYG2mQ6kuXg="; doCheck = false; diff --git a/pkgs/tools/networking/dnsproxy/default.nix b/pkgs/tools/networking/dnsproxy/default.nix index f42294974c29..7a49af85d39d 100644 --- a/pkgs/tools/networking/dnsproxy/default.nix +++ b/pkgs/tools/networking/dnsproxy/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "dnsproxy"; - version = "0.39.0"; + version = "0.39.1"; src = fetchFromGitHub { owner = "AdguardTeam"; repo = pname; rev = "v${version}"; - sha256 = "sha256-rHU07rh8wZPaaxZmXVBu4tpt02Jq7Yu//dwWeVDUpw4="; + sha256 = "sha256-3ixWiY7gJaavJw3WuK3aTYE6lb328VgWSPCuf5PN8Ds="; }; vendorSha256 = null; diff --git a/pkgs/tools/nix/nixos-option/default.nix b/pkgs/tools/nix/nixos-option/default.nix index 216e2678e2e2..9137e5a716c5 100644 --- a/pkgs/tools/nix/nixos-option/default.nix +++ b/pkgs/tools/nix/nixos-option/default.nix @@ -8,5 +8,6 @@ stdenv.mkDerivation rec { meta = with lib; { license = licenses.lgpl2Plus; maintainers = with maintainers; [ chkno ]; + platforms = platforms.all; }; } diff --git a/pkgs/tools/security/aws-okta/default.nix b/pkgs/tools/security/aws-okta/default.nix index 363abbd39507..88002fc1ce43 100644 --- a/pkgs/tools/security/aws-okta/default.nix +++ b/pkgs/tools/security/aws-okta/default.nix @@ -13,9 +13,9 @@ buildGoPackage rec { sha256 = "sha256-1cprKpIFgM3+lUEHNvda34nJTH4Ch3LtTRq/Dp6QBQ8="; }; - buildFlags = [ "--tags" "release" ]; + tags = [ "release" ]; - buildFlagsArray = [ "-ldflags=-X main.Version=${version}" ]; + ldflags = [ "-X main.Version=${version}" ]; nativeBuildInputs = [ pkg-config ]; buildInputs = [ libusb1 libiconv ]; diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix index 344c74d573c3..f5f60f3da2a7 100644 --- a/pkgs/tools/security/cosign/default.nix +++ b/pkgs/tools/security/cosign/default.nix @@ -21,9 +21,8 @@ buildGoModule rec { excludedPackages = "\\(copasetic\\)"; - preBuild = '' - buildFlagsArray+=(${lib.optionalString pivKeySupport "-tags=pivkey"}) - ''; + tags = lib.optionals pivKeySupport [ "pivkey" ]; + ldflags = [ "-s" "-w" "-X github.com/sigstore/cosign/cmd/cosign/cli.gitVersion=v${version}" ]; meta = with lib; { diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index d9ca1bb29a87..5af7eca13872 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.55" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.56" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index eb3c1b2ee0d2..6fd30d8d6a8c 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: bdf054bcc84e23bba81c387cc9247bf3c4052afb - ref: refs/tags/6.0.55 + revision: d818269c546bd165c29652768cd2058fcb56c4fa + ref: refs/tags/6.0.56 specs: - metasploit-framework (6.0.55) + metasploit-framework (6.0.56) actionpack (~> 5.2.2) activerecord (~> 5.2.2) activesupport (~> 5.2.2) @@ -31,7 +31,7 @@ GIT metasploit-concern (~> 3.0.0) metasploit-credential (~> 4.0.0) metasploit-model (~> 3.1.0) - metasploit-payloads (= 2.0.48) + metasploit-payloads (= 2.0.50) metasploit_data_models (~> 4.1.0) metasploit_payloads-mettle (= 1.0.10) mqtt @@ -127,7 +127,7 @@ GEM arel-helpers (2.12.0) activerecord (>= 3.1.0, < 7) aws-eventstream (1.1.1) - aws-partitions (1.482.0) + aws-partitions (1.484.0) aws-sdk-core (3.119.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -174,7 +174,7 @@ GEM eventmachine (1.2.7) faker (2.18.0) i18n (>= 1.6, < 2) - faraday (1.5.1) + faraday (1.6.0) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) @@ -182,6 +182,7 @@ GEM faraday-net_http (~> 1.0) faraday-net_http_persistent (~> 1.1) faraday-patron (~> 1.0) + faraday-rack (~> 1.0) multipart-post (>= 1.2, < 3) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) @@ -191,6 +192,7 @@ GEM faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) + faraday-rack (1.0.0) faye-websocket (0.11.1) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) @@ -210,7 +212,7 @@ GEM jsobfu (0.4.2) rkelly-remix json (2.5.1) - loofah (2.10.0) + loofah (2.11.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.5) @@ -232,7 +234,7 @@ GEM activemodel (~> 5.2.2) activesupport (~> 5.2.2) railties (~> 5.2.2) - metasploit-payloads (2.0.48) + metasploit-payloads (2.0.50) metasploit_data_models (4.1.4) activerecord (~> 5.2.2) activesupport (~> 5.2.2) @@ -245,7 +247,7 @@ GEM webrick metasploit_payloads-mettle (1.0.10) method_source (1.0.0) - mini_portile2 (2.5.3) + mini_portile2 (2.6.1) minitest (5.14.4) mqtt (0.5.0) msgpack (1.4.2) @@ -257,9 +259,9 @@ GEM net-ssh (6.1.0) network_interface (0.0.2) nexpose (7.3.0) - nio4r (2.5.7) - nokogiri (1.11.7) - mini_portile2 (~> 2.5.0) + nio4r (2.5.8) + nokogiri (1.12.2) + mini_portile2 (~> 2.6.1) racc (~> 1.4) octokit (4.21.0) faraday (>= 0.9) @@ -300,7 +302,7 @@ GEM thor (>= 0.19.0, < 2.0) rake (13.0.6) rb-readline (0.5.5) - recog (2.3.20) + recog (2.3.21) nokogiri redcarpet (3.5.1) reline (0.2.5) @@ -343,7 +345,7 @@ GEM metasm rex-core rex-text - rex-socket (0.1.29) + rex-socket (0.1.32) rex-core rex-sslscan (0.1.6) rex-core diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index c0a4d5857475..ee1031959233 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -8,13 +8,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.0.55"; + version = "6.0.56"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-Wf6Aj/mYHs7KdAYWjNzoD+Q5xK9DOsPiRTIEY7lac8M="; + sha256 = "sha256-FQxxQ4Lsoktl/Ld+nvBNHCTsZ3PFDQ4GEMrh/CMZrZ0="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index 0295e7a5c6fe..77b246888640 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -114,10 +114,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14l1w0ka4r54rx18c856dpn5dg1fnqlriiscjj89ap6vzg8r5pl4"; + sha256 = "012hf08bmzmk2sjynrgzfg0ssa26fkvjm47ixjnmb9byrqmh3mwr"; type = "gem"; }; - version = "1.482.0"; + version = "1.484.0"; }; aws-sdk-core = { groups = ["default"]; @@ -354,10 +354,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xpq9w46alagszx2mx82mqxxmsmyni2bpxd08gygzpl03zwbpr63"; + sha256 = "0xmi0yl9sniicvyh2k437dicvvzkryrc1ckr8dic84a98bbl32gy"; type = "gem"; }; - version = "1.5.1"; + version = "1.6.0"; }; faraday-em_http = { groups = ["default"]; @@ -429,6 +429,16 @@ }; version = "1.0.0"; }; + faraday-rack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1h184g4vqql5jv9s9im6igy00jp6mrah2h14py6mpf9bkabfqq7g"; + type = "gem"; + }; + version = "1.0.0"; + }; faye-websocket = { groups = ["default"]; platforms = []; @@ -554,10 +564,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19vkaazjqyq7yj5ah8rpr4vl9n4mg95scdr5im93akhd5bjvkkly"; + sha256 = "0pwik3x5fa92g6hbv4imz3n46nlkzgj69pkgql22ppmcr36knk6m"; type = "gem"; }; - version = "2.10.0"; + version = "2.11.0"; }; metasm = { groups = ["default"]; @@ -594,12 +604,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "bdf054bcc84e23bba81c387cc9247bf3c4052afb"; - sha256 = "1hvkbawn611j8pic6fj3mz23kr0gx3f8q5h6fk5cw7lqz67q1zjr"; + rev = "d818269c546bd165c29652768cd2058fcb56c4fa"; + sha256 = "17dd34izrqfa2030w3f5fdkyq90w9pq9wzmpzijlp8pch91p230m"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.0.55"; + version = "6.0.56"; }; metasploit-model = { groups = ["default"]; @@ -616,10 +626,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jg96v1a7q3ypq33jaflnfvpqm6cz0ihaiilag2y6qvd0ypv297d"; + sha256 = "1wn6whvisps6fxd5fqbf6rr6znc3miqn8dwk3x8a6aycffphc75j"; type = "gem"; }; - version = "2.0.48"; + version = "2.0.50"; }; metasploit_data_models = { groups = ["default"]; @@ -656,10 +666,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ad0mli9rc0f17zw4ibp24dbj1y39zkykijsjmnzl4gwpg5s0j6k"; + sha256 = "1lvxm91hi0pabnkkg47wh1siv56s6slm2mdq1idfm86dyfidfprq"; type = "gem"; }; - version = "2.5.3"; + version = "2.6.1"; }; minitest = { groups = ["default"]; @@ -766,20 +776,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00fwz0qq7agd2xkdz02i8li236qvwhma3p0jdn5bdvc21b7ydzd5"; + sha256 = "0xk64wghkscs6bv2n22853k2nh39d131c6rfpnlw12mbjnnv9v1v"; type = "gem"; }; - version = "2.5.7"; + version = "2.5.8"; }; nokogiri = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vrn31385ix5k9b0yalnlzv360isv6dincbcvi8psllnwz4sjxj9"; + sha256 = "1iav4jrklvm8938bxhby0khs36mdndhvwia4hc85zxcb0yl1k8ll"; type = "gem"; }; - version = "1.11.7"; + version = "1.12.2"; }; octokit = { groups = ["default"]; @@ -986,10 +996,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "11hc55mdl2d4kb8vrbazydxdnzr5l7dd4v5spqrrgnmp2d7rq3az"; + sha256 = "0ndzawr0rd3jdizxgjyrgipi3ccn9jpagvplxk91kb5spy9lnsy2"; type = "gem"; }; - version = "2.3.20"; + version = "2.3.21"; }; redcarpet = { groups = ["default"]; @@ -1146,10 +1156,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ar9vm8pwjz7c11kr3pjnxbgk68f2i5k1r9j3r34pfq9n26s79gr"; + sha256 = "03cvgmg0wswqcr70mhc6802vvgcg62f7vkbj0i7sskgy3cl9lryx"; type = "gem"; }; - version = "0.1.29"; + version = "0.1.32"; }; rex-sslscan = { groups = ["default"]; diff --git a/pkgs/tools/security/scorecard/default.nix b/pkgs/tools/security/scorecard/default.nix new file mode 100644 index 000000000000..e26491415734 --- /dev/null +++ b/pkgs/tools/security/scorecard/default.nix @@ -0,0 +1,53 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "scorecard"; + version = "2.1.2"; + + src = fetchFromGitHub { + owner = "ossf"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-OUQzgTQbeQfut/ATvUl9RTFZISiGaUhRjZi4Rh7BB2A="; + }; + vendorSha256 = "sha256-/Ltw0qZkLr1qaQixLy5pvWZiNRJucp+bDiY7yVlWmqA="; + + subPackages = [ "." ]; + + ldflags = [ "-s" "-w" "-X github.com/ossf/scorecard/v2/cmd.gitVersion=v${version}" ]; + + # Install completions post-install + nativeBuildInputs = [ installShellFiles ]; + + preCheck = '' + # Feed in all but the e2e tests for testing + # This is because subPackages above limits what is built to just what we + # want but also limits the tests + getGoDirs() { + go list ./... | grep -v e2e + } + ''; + + postInstall = '' + installShellCompletion --cmd scorecard \ + --bash <($out/bin/scorecard completion bash) \ + --fish <($out/bin/scorecard completion fish) \ + --zsh <($out/bin/scorecard completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/scorecard --help + $out/bin/scorecard version | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/ossf/scorecard"; + changelog = "https://github.com/ossf/scorecard/releases/tag/v${version}"; + description = "Security health metrics for Open Source"; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bfff2ba11e29..dd01657c52ae 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8732,6 +8732,8 @@ in scmpuff = callPackage ../applications/version-management/git-and-tools/scmpuff { }; + scorecard = callPackage ../tools/security/scorecard { }; + scream = callPackage ../applications/audio/scream { }; scimark = callPackage ../misc/scimark { }; @@ -16745,6 +16747,8 @@ in libffi = callPackage ../development/libraries/libffi { }; + libfreeaptx = callPackage ../development/libraries/libfreeaptx { }; + libfreefare = callPackage ../development/libraries/libfreefare { inherit (darwin) libobjc; }; @@ -23361,6 +23365,8 @@ in backintime = backintime-qt; + ballerburg = callPackage ../games/ballerburg { } ; + balsa = callPackage ../applications/networking/mailreaders/balsa { }; bandwidth = callPackage ../tools/misc/bandwidth { }; @@ -24039,6 +24045,8 @@ in expenses = callPackage ../applications/misc/expenses { }; + fnott = callPackage ../applications/misc/fnott { }; + go-libp2p-daemon = callPackage ../servers/go-libp2p-daemon { }; go-motion = callPackage ../development/tools/go-motion { };