Merge staging-next into staging

nixos/tests/xmpp/prosody.nix

@@ -42,7 +42,7 @@ in import ../make-test-python.nix {
         ${nodes.server.config.networking.primaryIPAddress} uploads.example.com
       '';
       environment.systemPackages = [
-        (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; })
+        (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = "example.com"; })
       ];
     };
     server = { config, pkgs, ... }: {
@@ -82,6 +82,7 @@ in import ../make-test-python.nix {
 
   testScript = { nodes, ... }: ''
     # Check with sqlite storage
+    start_all()
     server.wait_for_unit("prosody.service")
     server.succeed('prosodyctl status | grep "Prosody is running"')
 

nixos/tests/xmpp/xmpp-sendmessage.nix

@@ -12,6 +12,7 @@ in writeScriptBin "send-message" ''
 #!${(python3.withPackages (ps: [ ps.slixmpp ])).interpreter}
 import logging
 import sys
+import signal
 from types import MethodType
 
 from slixmpp import ClientXMPP
@@ -64,8 +65,13 @@ class CthonTest(ClientXMPP):
         log.info('MUC join success!')
         log.info('XMPP SCRIPT TEST SUCCESS')
 
+def timeout_handler(signalnum, stackframe):
+    print('ERROR: xmpp-sendmessage timed out')
+    sys.exit(1)
 
 if __name__ == '__main__':
+    signal.signal(signal.SIGALRM, timeout_handler)
+    signal.alarm(120)
     logging.basicConfig(level=logging.DEBUG,
                         format='%(levelname)-8s %(message)s')
 
@@ -76,7 +82,7 @@ if __name__ == '__main__':
     ct.register_plugin('xep_0363')
     # MUC
     ct.register_plugin('xep_0045')
-    ct.connect(("server", 5222))
+    ct.connect(("${connectTo}", 5222))
     ct.process(forever=False)
 
     if not ct.test_succeeded:

pkgs/applications/graphics/antimony/default.nix

@@ -5,19 +5,19 @@
 }:
 
 let
-  gitRev    = "8fb4b0929ce84cf375bfb83a9d522ccd80681eaf";
+  gitRev    = "8b805c674adad536f9dd552b4be75fadcb3c7db6";
   gitBranch = "develop";
   gitTag    = "0.9.3";
 in
   stdenv.mkDerivation {
     pname = "antimony";
-    version = "2020-03-28";
+    version = "2022-11-23";
 
     src = fetchFromGitHub {
       owner  = "mkeeter";
       repo   = "antimony";
       rev    = gitRev;
-      sha256 = "1s0zmq5jmhmb1wcsyaxfmii448g6x8b41mzvb1awlljj85qj0k2s";
+      sha256 = "NmOuBewfHqtAim2cNP62LXgRjVWuVUGweV46sY1qjGk=";
     };
 
     patches = [ ./paths-fix.patch ];

pkgs/applications/office/qownnotes/default.nix

@@ -5,13 +5,13 @@
 
 mkDerivation rec {
   pname = "qownnotes";
-  version = "22.11.5";
+  version = "22.11.7";
 
   src = fetchurl {
     url = "https://download.tuxfamily.org/${pname}/src/${pname}-${version}.tar.xz";
     # Fetch the checksum of current version with curl:
     # curl https://download.tuxfamily.org/qownnotes/src/qownnotes-<version>.tar.xz.sha256
-    sha256 = "451c7bed728710d1ff7ddc5bcc5a32b829dfac3ed2bbfdb6f7c2c328e6676a8c";
+    sha256 = "2fbc20f17422bc44c35dd3e78feb710ca275ecb34c550b2a9c743939531f7878";
   };
 
   nativeBuildInputs = [ qmake qttools ];

pkgs/build-support/make-impure-test.nix

@@ -0,0 +1,96 @@
+/* Create tests that run in the nix sandbox with additional access to selected host paths
+
+  This is for example useful for testing hardware where a tests needs access to
+  /sys and optionally more.
+
+  The following example shows a test that accesses the GPU:
+
+  Example:
+    makeImpureTest {
+      name = "opencl";
+      testedPackage = "mypackage"; # Or testPath = "mypackage.impureTests.opencl.testDerivation"
+
+      sandboxPaths = [ "/sys" "/dev/dri" ]; # Defaults to ["/sys"]
+      prepareRunCommands = ""; # (Optional) Setup for the runScript
+      nixFlags = []; # (Optional) nix-build options for the runScript
+
+      testScript = "...";
+    }
+
+  Save as `test.nix` next to a package and reference it from the package:
+    passthru.impureTests = { opencl = callPackage ./test.nix {}; };
+
+  `makeImpureTest` will return here a script that contains the actual nix-build command including all necessary sandbox flags.
+
+  It can be executed like this:
+    $(nix-build -A mypackage.impureTests)
+
+  Rerun an already cached test:
+    $(nix-build -A mypackage.impureTests) --check
+*/
+{ lib
+, stdenv
+, writeShellScript
+
+, name
+, testedPackage ? null
+, testPath ? "${testedPackage}.impureTests.${name}.testDerivation"
+, sandboxPaths ? [ "/sys" ]
+, prepareRunCommands ? ""
+, nixFlags ? [ ]
+, testScript
+, ...
+} @ args:
+
+let
+  sandboxPathsTests = builtins.map (path: "[[ ! -e '${path}' ]]") sandboxPaths;
+  sandboxPathsTest = lib.concatStringsSep " || " sandboxPathsTests;
+  sandboxPathsList = lib.concatStringsSep " " sandboxPaths;
+
+  testDerivation = stdenv.mkDerivation (lib.recursiveUpdate
+    {
+      name = "test-run-${name}";
+
+      requiredSystemFeatures = [ "nixos-test" ];
+
+      buildCommand = ''
+        mkdir -p $out
+
+        if ${sandboxPathsTest}; then
+          echo 'Run this test as *root* with `--option extra-sandbox-paths '"'${sandboxPathsList}'"'`'
+          exit 1
+        fi
+
+        # Run test
+        ${testScript}
+      '';
+
+      passthru.runScript = runScript;
+    }
+    (builtins.removeAttrs args [
+      "lib"
+      "stdenv"
+      "writeShellScript"
+
+      "name"
+      "testedPackage"
+      "testPath"
+      "sandboxPaths"
+      "prepareRunCommands"
+      "nixFlags"
+      "testScript"
+    ])
+  );
+
+  runScript = writeShellScript "run-script-${name}" ''
+    set -euo pipefail
+
+    ${prepareRunCommands}
+
+    sudo nix-build --option extra-sandbox-paths '${sandboxPathsList}' ${lib.escapeShellArgs nixFlags} -A ${testPath} "$@"
+  '';
+in
+# The main output is the run script, inject the derivation for the actual test
+runScript.overrideAttrs (old: {
+  passthru = { inherit testDerivation; };
+})

pkgs/development/libraries/amdvlk/default.nix

@@ -1,4 +1,5 @@
 { stdenv
+, callPackage
 , lib
 , fetchRepoProject
 , writeScript
@@ -102,6 +103,8 @@ in stdenv.mkDerivation rec {
     setHash "$hash"
   '';
 
+  passthru.impureTests = { amdvlk = callPackage ./test.nix {}; };
+
   meta = with lib; {
     description = "AMD Open Source Driver For Vulkan";
     homepage = "https://github.com/GPUOpen-Drivers/AMDVLK";

pkgs/development/libraries/amdvlk/test.nix

@@ -0,0 +1,49 @@
+{ lib, makeImpureTest, coreutils, amdvlk, vulkan-tools }:
+makeImpureTest {
+  name = "amdvlk";
+  testedPackage = "amdvlk";
+
+  sandboxPaths = [ "/sys" "/dev/dri" ];
+
+  nativeBuildInputs = [ vulkan-tools ];
+
+  VK_ICD_FILENAMES = "${amdvlk}/share/vulkan/icd.d/amd_icd64.json";
+  XDG_RUNTIME_DIR = "/tmp";
+
+  # AMDVLK needs access to /dev/dri/card0 (or another card), but normally it is rw-rw----
+  # Change the permissions to be rw for everyone
+  prepareRunCommands = ''
+    function reset_perms()
+    {
+      # Reset permissions to previous state
+      for card in /dev/dri/card*; do
+        sudo ${coreutils}/bin/chmod "0''${cardPerms[$card]}" $card
+      done
+    }
+
+    # Save permissions on /dev/dri/card*
+    declare -A cardPerms
+    for card in /dev/dri/card*; do
+      cardPerms[$card]=$(stat -c "%a" $card)
+    done
+
+    sudo ${coreutils}/bin/chmod o+rw /dev/dri/card*
+    trap reset_perms EXIT
+  '';
+
+  testScript = ''
+    # Check that there is at least one card with write-access
+    if ! ls -l /dev/dri/card* | cut -b8-9 | grep -q rw; then
+      echo 'AMDVLK needs rw access to /dev/dri/card0 or a fitting card, please run `sudo chmod o+rw /dev/dri/card*`'
+      exit 1
+    fi
+
+    vulkaninfo --summary
+    echo "Checking version"
+    vulkaninfo --summary | grep '= ${amdvlk.version}'
+  '';
+
+  meta = with lib.maintainers; {
+    maintainers = [ Flakebi ];
+  };
+}

pkgs/development/libraries/rocm-opencl-icd/default.nix

@@ -1,4 +1,4 @@
-{ lib, stdenv, rocm-opencl-runtime }:
+{ lib, callPackage, stdenv, rocm-opencl-runtime }:
 
 stdenv.mkDerivation rec {
   pname = "rocm-opencl-icd";
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
     echo "${rocm-opencl-runtime}/lib/libamdocl64.so" > $out/etc/OpenCL/vendors/amdocl64.icd
   '';
 
+  passthru.impureTests = { rocm-opencl = callPackage ./test.nix {}; };
+
   meta = with lib; {
     description = "OpenCL ICD definition for AMD GPUs using the ROCm stack";
     license = licenses.mit;

pkgs/development/libraries/rocm-opencl-icd/test.nix

@@ -0,0 +1,19 @@
+{ lib, makeImpureTest, clinfo, rocm-opencl-icd, rocm-smi }:
+makeImpureTest {
+  name = "rocm-opencl";
+  testedPackage = "rocm-opencl-icd";
+
+  nativeBuildInputs = [ clinfo rocm-smi ];
+
+  OCL_ICD_VENDORS = "${rocm-opencl-icd}/etc/OpenCL/vendors/";
+
+  testScript = ''
+    # Test fails if the number of platforms is 0
+    clinfo | grep -E 'Number of platforms * [1-9]'
+    rocm-smi | grep -A1 GPU
+  '';
+
+  meta = with lib; {
+    maintainers = teams.rocm.members;
+  };
+}

pkgs/development/ocaml-modules/reactivedata/default.nix

@@ -1,34 +1,26 @@
-{ lib, stdenv, fetchFromGitHub, ocaml, findlib, ocamlbuild, react, opaline }:
+{ lib, fetchFromGitHub, buildDunePackage, react }:
 
-if lib.versionOlder ocaml.version "4.04"
-then throw "reactiveData is not available for OCaml ${ocaml.version}"
-else
-
-stdenv.mkDerivation rec {
-  pname = "ocaml${ocaml.version}-reactiveData";
-  version = "0.2.2";
+buildDunePackage rec {
+  pname = "reactiveData";
+  version = "0.3";
+  duneVersion = "3";
+  minimalOCamlVersion = "4.08";
 
   src = fetchFromGitHub {
     owner = "ocsigen";
     repo = "reactiveData";
     rev = version;
-    sha256 = "sha256-YLkacIbjxZQ/ThgSxjTqviBYih6eW2GX5H7iybQDv1A=";
+    sha256 = "sha256-imUphE1vMe3bYqHhgTuGT+B7uLn75acX6fAwBLh1tz4=";
   };
 
-  nativeBuildInputs = [ ocaml findlib ocamlbuild opaline ];
   propagatedBuildInputs = [ react ];
 
   strictDeps = true;
 
-  buildPhase = "ocaml pkg/build.ml native=true native-dynlink=true";
-
-  installPhase = "opaline -prefix $out -libdir $OCAMLFIND_DESTDIR";
-
   meta = with lib; {
     description = "An OCaml module for functional reactive programming (FRP) based on React";
     homepage = "https://github.com/ocsigen/reactiveData";
     license = licenses.lgpl21;
-    platforms = ocaml.meta.platforms or [ ];
     maintainers = with maintainers; [ vbgl ];
   };
 }

pkgs/development/python-modules/autopep8/default.nix

@@ -3,20 +3,20 @@
 , buildPythonPackage
 , pycodestyle
 , glibcLocales
-, toml
+, tomli
 , pytestCheckHook
 }:
 
 buildPythonPackage rec {
   pname = "autopep8";
-  version = "1.7.1";
+  version = "2.0.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-8AWCIOTMDvYSGZb8jsHDLwc15Ea+I8Th9pLeC/IxdN0=";
+    sha256 = "sha256-ixZZx/AD5pMZn1LK/9wGWFuwcWkAu8anRC/ZMdZYwHc=";
   };
 
-  propagatedBuildInputs = [ pycodestyle toml ];
+  propagatedBuildInputs = [ pycodestyle tomli ];
 
   checkInputs = [
     glibcLocales

pkgs/development/python-modules/monero/default.nix

@@ -14,13 +14,13 @@
 
 buildPythonPackage rec {
   pname = "monero";
-  version = "1.0.1";
+  version = "1.1.1";
 
   src = fetchFromGitHub {
     owner = "monero-ecosystem";
     repo = "monero-python";
     rev = "v${version}";
-    sha256 = "sha256-ZjAShIeGVVIKlwgSNPVSN7eaqhKu3wEpDP9wgBMOyZU=";
+    sha256 = "sha256-WIF3pFBOLgozYTrQHLzIRgSlT3dTZTe+7sF/dVjVdTo=";
   };
 
   postPatch = ''

pkgs/development/python-modules/python-lsp-server/default.nix

@@ -23,6 +23,7 @@
 , rope
 , setuptools
 , setuptools-scm
+, toml
 , ujson
 , websockets
 , whatthepatch
@@ -79,6 +80,7 @@ buildPythonPackage rec {
       pyflakes
       pylint
       rope
+      toml
       whatthepatch
       yapf
     ];

pkgs/development/tools/ocaml/js_of_ocaml/tyxml.nix

@@ -6,7 +6,8 @@
 buildDunePackage {
   pname = "js_of_ocaml-tyxml";
 
-  inherit (js_of_ocaml-compiler) version src useDune2;
+  inherit (js_of_ocaml-compiler) version src;
+  duneVersion = "3";
 
   buildInputs = [ js_of_ocaml-ppx ];
 

pkgs/development/tools/rust/cargo-public-api/default.nix

@@ -8,14 +8,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-public-api";
-  version = "0.23.0";
+  version = "0.24.0";
 
   src = fetchCrate {
     inherit pname version;
-    sha256 = "sha256-yllfkhf0Xy8D6tL08QYPnz7Cj/JOvMG7E53elRx11EE=";
+    sha256 = "sha256-6PAOyZmaqsHHyzS9sI591tnAi3/kwRlQR4K4iZJmR5Q=";
   };
 
-  cargoSha256 = "sha256-UwrhgMmZ9PnIsxsWxQskaMHl03g54VeoZRo9ZPkSM28=";
+  cargoSha256 = "sha256-wWSVpWmD1ZItXgH5q0u16oBQ+d4wKjg+pvt/ZlgiWBg=";
 
   nativeBuildInputs = [ pkg-config ];
 

pkgs/development/web/twitter-bootstrap/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bootstrap";
-  version = "5.2.2";
+  version = "5.2.3";
 
   src = fetchurl {
     url = "https://github.com/twbs/bootstrap/releases/download/v${version}/${pname}-${version}-dist.zip";
-    sha256 = "sha256-3zAnCKd+btQFd9aSwfESNz7HNapm2bgQOkf5m1zyMf8=";
+    sha256 = "sha256-j6IBaj3uHiBL0WI+BQ3PR36dKME7uYofWPV+D9QM3Tg=";
   };
 
   nativeBuildInputs = [ unzip ];

pkgs/servers/snappymail/default.nix

@@ -2,11 +2,11 @@
 , dataPath ? "/var/lib/snappymail" }:
 stdenv.mkDerivation rec {
   pname = "snappymail";
-  version = "2.21.3";
+  version = "2.21.4";
 
   src = fetchurl {
     url = "https://github.com/the-djmaze/snappymail/releases/download/v${version}/snappymail-${version}.tar.gz";
-    sha256 = "sha256-lDtbbovgPuXOgNKkHN2EiDltgzSQCVNvN/Qw4FOUVwo=";
+    sha256 = "sha256-NxE3weZRI06scDZHSL5QjL+boc0GVffHCTzBxncBIuU=";
   };
 
   sourceRoot = "snappymail";

pkgs/servers/unifi/default.nix

@@ -66,7 +66,7 @@ in rec {
   };
 
   unifi7 = generic {
-    version = "7.2.92";
-    sha256 = "sha256-TB9fJAYnH09YSNAEdbMHsVJjil+ovBu8F/oVtxqhvIM=";
+    version = "7.2.95";
+    sha256 = "sha256-lZrOB8Xrl2/LvDJhtGsQ7Cn5YJ+/hnHuq8ODlOg3R6s=";
   };
 }

pkgs/tools/admin/syft/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "syft";
-  version = "0.62.0";
+  version = "0.62.1";
 
   src = fetchFromGitHub {
     owner = "anchore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-hed2ikV9xVDSSpLedAVcCJx/cQI5EPsb+fG2h63ij98=";
+    sha256 = "sha256-mzDowDWnIxQCbCxqPun6oCqMeke4KE+kaVDH/V5TFC4=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;

pkgs/tools/misc/plantuml/default.nix

@@ -1,12 +1,12 @@
 { lib, stdenv, fetchurl, makeWrapper, jre, graphviz }:
 
 stdenv.mkDerivation rec {
-  version = "1.2022.12";
+  version = "1.2022.13";
   pname = "plantuml";
 
   src = fetchurl {
     url = "https://github.com/plantuml/plantuml/releases/download/v${version}/plantuml-pdf-${version}.jar";
-    sha256 = "sha256-smxdHluEVJxga03aAu4WmTtbPsAKTckHsHn+aUNrtcg=";
+    sha256 = "sha256-iKENVr3JfsnjunwTJbPrFgLLLOZ65Oj5Ub01G45w8Vc=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/tools/networking/ghostunnel/default.nix

@@ -7,13 +7,13 @@
 
 buildGoModule rec {
   pname = "ghostunnel";
-  version = "1.7.0";
+  version = "1.7.1";
 
   src = fetchFromGitHub {
     owner = "ghostunnel";
     repo = "ghostunnel";
     rev = "v${version}";
-    sha256 = "sha256-vODSjTpo2oTY42fONhUU8Xn119cTYUGQ6RJaLnS9q3k=";
+    hash = "sha256-yG9PfpYqW95X7EfbAhKEDmqBue7SjFULXUO73V4s3t4=";
   };
 
   vendorSha256 = null;
@@ -34,8 +34,9 @@ buildGoModule rec {
 
   meta = with lib; {
     broken = stdenv.isDarwin;
-    description = "A simple TLS proxy with mutual authentication support for securing non-TLS backend applications";
+    description = "TLS proxy with mutual authentication support for securing non-TLS backend applications";
     homepage = "https://github.com/ghostunnel/ghostunnel#readme";
+    changelog = "https://github.com/ghostunnel/ghostunnel/releases/tag/v${version}";
     license = licenses.asl20;
     maintainers = with maintainers; [ roberth ];
   };

pkgs/top-level/all-packages.nix

@@ -950,6 +950,8 @@ with pkgs;
 
   makeAutostartItem = callPackage ../build-support/make-startupitem { };
 
+  makeImpureTest = callPackage ../build-support/make-impure-test.nix;
+
   makeInitrd = callPackage ../build-support/kernel/make-initrd.nix; # Args intentionally left out
 
   makeInitrdNG = callPackage ../build-support/kernel/make-initrd-ng.nix;
@@ -27325,7 +27327,7 @@ with pkgs;
 
   antfs-cli = callPackage ../applications/misc/antfs-cli {};
 
-  antimony = libsForQt514.callPackage ../applications/graphics/antimony {};
+  antimony = libsForQt5.callPackage ../applications/graphics/antimony {};
 
   antiword = callPackage ../applications/office/antiword {};