nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-04-28 02:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'staging-next' into staging

Browse Source 
; Conflicts:
;	pkgs/development/python-modules/fakeredis/default.nix
This commit is contained in:
Jan Tojnar 2022-01-28 14:05:11 +01:00
commit 2da5ce4ab3
244 changed files with 2845 additions and 3098 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/contributing/coding-conventions.chapter.md
View File

@ -224,7 +224,7 @@ There are a few naming guidelines:
- Dashes in the package name _should_ be preserved in new variable names, rather than converted to underscores or camel cased — e.g., `http-parser` instead of `http_parser` or `httpParser`. The hyphenated style is preferred in all three package names.
- If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c-0-9` and `json-c-0-11`. If there is an obvious “default” version, make an attribute like `json-c = json-c-0-9;`. See also [](#sec-versioning)
- If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c_0_9` and `json-c_0_11`. If there is an obvious “default” version, make an attribute like `json-c = json-c_0_9;`. See also [](#sec-versioning)
## File naming and organisation {#sec-organisation}

4
doc/stdenv/meta.chapter.md
View File

@ -192,10 +192,6 @@ meta.hydraPlatforms = [];
If set to `true`, the package is marked as "broken", meaning that it wont show up in `nix-env -qa`, and cannot be built or installed. Such packages should be removed from Nixpkgs eventually unless they are fixed.
### `updateWalker` {#var-meta-updateWalker}
If set to `true`, the package is tested to be updated correctly by the `update-walker.sh` script without additional settings. Such packages have `meta.version` set and their homepage (or the page specified by `meta.downloadPage`) contains a direct link to the package tarball.
## Licenses {#sec-meta-license}
The `meta.license` attribute should preferably contain a value from `lib.licenses` defined in [`nixpkgs/lib/licenses.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix), or in-place license description of the same format if the license is unlikely to be useful in another expression.

6
flake.nix
View File

@ -48,10 +48,6 @@
system.nixos.versionSuffix =
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
# NOTE: This assumes that `nixpkgs.config` is _not_ used when
# nixpkgs.pkgs is set OR _module.args.pkgs is set.
nixpkgs.config.path = self.outPath;
}
];
});
@ -66,7 +62,7 @@
}).nixos.manual.x86_64-linux;
};
legacyPackages = forAllSystems (system: import ./. { inherit system; config.path = self.outPath; });
legacyPackages = forAllSystems (system: import ./. { inherit system; });
nixosModules = {
notDetected = import ./nixos/modules/installer/scan/not-detected.nix;

84
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View File

@ -442,13 +442,49 @@
</listitem>
<listitem>
<para>
The interface that allows activation scripts to restart units
has been reworked. Restarting and reloading is now done by a
single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
<literal>switch-to-configuration</literal> (the script that is
run when running <literal>nixos-rebuild switch</literal> for
example) has been reworked
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The interface that allows activation scripts to restart
units has been streamlined. Restarting and reloading is
now done by a single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
</listitem>
<listitem>
<para>
The script now uses a proper ini-file parser to parse
systemd units. Some values are now only searched in one
section instead of in the entire unit. This is only
relevant for units that dont use the NixOS systemd moule.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>RefuseManualStop</literal>,
<literal>X-OnlyManualStart</literal>,
<literal>X-StopOnRemoval</literal>,
<literal>X-StopOnReconfiguration</literal> are only
searched in the <literal>[Unit]</literal> section
</para>
</listitem>
<listitem>
<para>
<literal>X-ReloadIfChanged</literal>,
<literal>X-RestartIfChanged</literal>,
<literal>X-StopIfChanged</literal> are only searched
in the <literal>[Service]</literal> section
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
@ -531,6 +567,29 @@
was added.
</para>
</listitem>
<listitem>
<para>
The configuration portion of the <literal>nix-daemon</literal>
module has been reworked and exposed as
<link xlink:href="options.html#opt-nix-settings">nix.settings</link>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Legacy options have been mapped to the corresponding
options under under
<link xlink:href="options.html#opt-nix.settings">nix.settings</link>
but may be deprecated in the future.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="options.html#opt-nix.buildMachines.publicHostKey">nix.buildMachines.publicHostKey</link>
has been added.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The
@ -541,6 +600,19 @@
using the PyPy interpreter were added.
</para>
</listitem>
<listitem>
<para>
If you are using Wayland you can choose to use the Ozone
Wayland support in Chrome and several Electron apps by setting
the environment variable <literal>NIXOS_OZONE_WL=1</literal>
(for example via
<literal>environment.sessionVariables.NIXOS_OZONE_WL = &quot;1&quot;</literal>).
This is not enabled by default because Ozone Wayland is still
under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron
versions.
</para>
</listitem>
<listitem>
<para>
The <literal>influxdb2</literal> package was split into

2
nixos/doc/manual/man-nixos-rebuild.xml
View File

@ -453,7 +453,7 @@
Allow ad-hoc remote builders for building the new system. This requires
the user executing <command>nixos-rebuild</command> (usually root) to be
configured as a trusted user in the Nix daemon. This can be achieved by
using the <literal>nix.trustedUsers</literal> NixOS option. Examples
using the <literal>nix.settings.trusted-users</literal> NixOS option. Examples
values for that option are described in the <literal>Remote builds
chapter</literal> in the Nix manual, (i.e. <command>--builders
"ssh://bigbrother x86_64-linux"</command>). By specifying an empty string

27
nixos/doc/manual/release-notes/rl-2205.section.md
View File

@ -60,7 +60,7 @@ In addition to numerous new and upgraded packages, this release has the followin
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
This *only* makes a difference if you are cross-compiling and will
This _only_ makes a difference if you are cross-compiling and will
ensure that `pkgs.ghc` always runs on the host platform and compiles
for the target platform (similar to `pkgs.gcc` for example).
`haskellPackages.ghc` still behaves as before, running on the build
@ -141,7 +141,11 @@ In addition to numerous new and upgraded packages, this release has the followin
`pkgs.noto-fonts-cjk` is currently an alias of `pkgs.noto-fonts-cjk-sans` and
doesn't include serif fonts.
- The interface that allows activation scripts to restart units has been reworked. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
- `switch-to-configuration` (the script that is run when running `nixos-rebuild switch` for example) has been reworked
* The interface that allows activation scripts to restart units has been streamlined. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
* The script now uses a proper ini-file parser to parse systemd units. Some values are now only searched in one section instead of in the entire unit. This is only relevant for units that don't use the NixOS systemd moule.
* `RefuseManualStop`, `X-OnlyManualStart`, `X-StopOnRemoval`, `X-StopOnReconfiguration` are only searched in the `[Unit]` section
* `X-ReloadIfChanged`, `X-RestartIfChanged`, `X-StopIfChanged` are only searched in the `[Service]` section
- The `services.bookstack.cacheDir` option has been removed, since the
cache directory is now handled by systemd.
@ -177,14 +181,26 @@ In addition to numerous new and upgraded packages, this release has the followin
to allow users to make changes to the `nixos-rebuild build-vm` configuration
that do not apply to their normal system.
The `config.system.build.vm` attribute now always exists and defaults to the
The `config.system.build.vm` attribute now always exists and defaults to the
value from `vmVariant`. Configurations that import the `virtualisation/qemu-vm.nix`
module themselves will override this value, such that `vmVariant` is not used.
Similarly [virtualisation.vmVariantWithBootloader](#opt-virtualisation.vmVariantWithBootLoader) was added.
- The configuration portion of the `nix-daemon` module has been reworked and exposed as [nix.settings](options.html#opt-nix-settings):
* Legacy options have been mapped to the corresponding options under under [nix.settings](options.html#opt-nix.settings) but may be deprecated in the future.
* [nix.buildMachines.publicHostKey](options.html#opt-nix.buildMachines.publicHostKey) has been added.
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
- If you are using Wayland you can choose to use the Ozone Wayland support
in Chrome and several Electron apps by setting the environment variable
`NIXOS_OZONE_WL=1` (for example via
`environment.sessionVariables.NIXOS_OZONE_WL = "1"`).
This is not enabled by default because Ozone Wayland is
still under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron versions.
- The `influxdb2` package was split into `influxdb2-server` and
`influxdb2-cli`, matching the split that took place upstream. A
combined `influxdb2` package is still provided in this release for
@ -236,8 +252,9 @@ In addition to numerous new and upgraded packages, this release has the followin
Plugins are automatically repackaged using autoPatchelf.
- The `zrepl` package has been updated from 0.4.0 to 0.5:
* The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
* A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
- A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- Renamed option `services.openssh.challengeResponseAuthentication` to `services.openssh.kbdInteractiveAuthentication`.
Reason is that the old name has been deprecated upstream.

2
nixos/lib/systemd-unit-options.nix
View File

@ -98,7 +98,7 @@ in rec {
description = mkOption {
default = "";
type = types.str;
type = types.singleLineStr;
description = "Description of this unit used in systemd messages and progress indicators.";
};

2
nixos/maintainers/scripts/azure-new/examples/basic/system.nix
View File

@ -17,7 +17,7 @@ in
description = "Azure NixOS Test User";
openssh.authorizedKeys.keys = [ (builtins.readFile ~/.ssh/id_ed25519.pub) ];
};
nix.trustedUsers = [ username ];
nix.settings.trusted-users = [ username ];
virtualisation.azureImage.diskSize = 2500;

2
nixos/modules/installer/virtualbox-demo.nix
View File

@ -25,7 +25,7 @@ with lib;
installer.cloneConfigExtra = ''
# Let demo build as a trusted user.
# nix.trustedUsers = [ "demo" ];
# nix.settings.trusted-users = [ "demo" ];
# Mount a VirtualBox shared folder.
# This is configurable in the VirtualBox menu at

76
nixos/modules/misc/documentation.nix
View File

@ -61,85 +61,17 @@ let
in scrubbedEval.options;
baseOptionsJSON =
let
filterIntoStore =
filter =
builtins.filterSource
(n: t:
(t == "directory" -> baseNameOf n != "tests")
&& (t == "file" -> hasSuffix ".nix" n)
);
# Figure out if Nix runs in pure evaluation mode. May return true in
# impure mode, but this is highly unlikely.
# We need to know because of https://github.com/NixOS/nix/issues/1888
# and https://github.com/NixOS/nix/issues/5868
isPureEval = builtins.getEnv "PATH" == "" && builtins.getEnv "_" == "";
# Return a nixpkgs subpath with minimal copying.
#
# The sources for the base options json derivation can come in one of
# two forms:
# - single source: a store path with all of nixpkgs, postfix with
# subpaths to access various directories. This has the benefit of
# not creating copies of these subtrees in the Nix store, but
# can cause unnecessary rebuilds if you update the Nixpkgs `pkgs`
# tree often.
# - split sources: multiple store paths with subdirectories of
# nixpkgs that exclude the bulk of the pkgs directory.
# This requires more copying and hashing during evaluation but
# requires fewer files to be copied. This method produces fewer
# unnecessary rebuilds of the base options json.
#
# Flake
#
# Flakes always put a copy of the full nixpkgs sources in the store,
# so we can use the "single source" method. This method is ideal
# for using nixpkgs as a dependency, as the base options json will be
# substitutable from cache.nixos.org.
#
# This requires that the `self.outPath` is wired into `pkgs` correctly,
# which is done for you if `pkgs` comes from the `lib.nixosSystem` or
# `legacyPackages` flake attributes.
#
# Other Nixpkgs invocation
#
# If you do not use the known-correct flake attributes, but rather
# invoke Nixpkgs yourself, set `config.path` to the correct path value,
# e.g. `import nixpkgs { config.path = nixpkgs; }`.
#
# Choosing between single or split source paths
#
# We make assumptions based on the type and contents of `pkgs.path`.
# By passing a different `config.path` to Nixpkgs, you can influence
# how your documentation cache is evaluated and rebuilt.
#
# Single source
# - If pkgs.path is a string containing a store path, the code has no
# choice but to create this store path, if it hasn't already been.
# We assume that the "single source" method is most efficient.
# - If pkgs.path is a path value containing that is a store path,
# we try to convert it to a string with context without copying.
# This occurs for example when nixpkgs was fetched and using its
# default `config.path`, which is `./.`.
# Nix currently does not allow this conversion when evaluating in
# pure mode. If the conversion is not possible, we use the
# "split source" method.
#
# Split source
# - If pkgs.path is a path value that is not a store path, we assume
# that it's unlikely for all of nixpkgs to end up in the store for
# other reasons and try to keep both the copying and rebuilds low.
pull =
if builtins.typeOf pkgs.path == "string" && isStorePath pkgs.path then
dir: "${pkgs.path}/${dir}"
else if !isPureEval && isStorePath pkgs.path then
dir: "${builtins.storePath pkgs.path}/${dir}"
else
dir: filterIntoStore "${toString pkgs.path}/${dir}";
in
pkgs.runCommand "lazy-options.json" {
libPath = pull "lib";
pkgsLibPath = pull "pkgs/pkgs-lib";
nixosPath = pull "nixos";
libPath = filter "${toString pkgs.path}/lib";
pkgsLibPath = filter "${toString pkgs.path}/pkgs/pkgs-lib";
nixosPath = filter "${toString pkgs.path}/nixos";
modules = map (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy;
} ''
export NIX_STORE_DIR=$TMPDIR/store

2
nixos/modules/misc/nixpkgs.nix
View File

@ -59,8 +59,6 @@ let
inherit (cfg) config overlays localSystem crossSystem;
};
# NOTE: flake.nix assumes that nixpkgs.config is only used with ../../..
# as nixpkgs.config.path should be equivalent to ../../..
finalPkgs = if opt.pkgs.isDefined then cfg.pkgs.appendOverlays cfg.overlays else defaultPkgs;
in

2
nixos/modules/profiles/hardened.nix
View File

@ -17,7 +17,7 @@ with lib;
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
nix.allowedUsers = mkDefault [ "@users" ];
nix.settings.allowed-users = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "scudo";
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";

4
nixos/modules/security/misc.nix
View File

@ -123,8 +123,8 @@ with lib;
boot.kernel.sysctl."user.max_user_namespaces" = 0;
assertions = [
{ assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
{ assertion = config.nix.settings.sandbox -> config.security.allowUserNamespaces;
message = "`nix.settings.sandbox = true` conflicts with `!security.allowUserNamespaces`.";
}
];
})

2
nixos/modules/services/continuous-integration/gitlab-runner.nix
View File

@ -147,7 +147,7 @@ in
concurrent = mkOption {
type = types.int;
default = 1;
example = literalExpression "config.nix.maxJobs";
example = literalExpression "config.nix.settings.max-jobs";
description = ''
Limits how many jobs globally can be run concurrently.
The most upper limit of jobs using all defined runners.

2
nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
View File

@ -67,7 +67,7 @@ in
# Trusted user allows simplified configuration and better performance
# when operating in a cluster.
nix.trustedUsers = [ config.systemd.services.hercules-ci-agent.serviceConfig.User ];
nix.settings.trusted-users = [ config.systemd.services.hercules-ci-agent.serviceConfig.User ];
services.hercules-ci-agent = {
settings = {
nixUserIsTrusted = true;

25
nixos/modules/services/continuous-integration/hydra/default.nix
View File

@ -258,8 +258,6 @@ in
uid = config.ids.uids.hydra-www;
};
nix.trustedUsers = [ "hydra-queue-runner" ];
services.hydra.extraConfig =
''
using_frontend_proxy = 1
@ -277,16 +275,21 @@ in
environment.variables = hydraEnv;
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
nix.settings = mkMerge [
{
keep-outputs = true;
keep-derivations = true;
trusted-users = [ "hydra-queue-runner" ];
}
'' + optionalString (versionOlder (getVersion config.nix.package.out) "2.4pre") ''
# The default (`true') slows Nix down a lot since the build farm
# has so many GC roots.
gc-check-reachability = false
'';
(mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre")
{
# The default (`true') slows Nix down a lot since the build farm
# has so many GC roots.
gc-check-reachability = false;
}
)
];
systemd.services.hydra-init =
{ wantedBy = [ "multi-user.target" ];

5
nixos/modules/services/misc/mx-puppet-discord.nix
View File

@ -79,10 +79,7 @@ in {
config = mkIf cfg.enable {
systemd.services.mx-puppet-discord = {
description = ''
mx-puppet-discord is a discord puppeting bridge for matrix.
It handles bridging private and group DMs, as well as Guilds (servers).
'';
description = "Matrix to Discord puppeting bridge";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;

660
nixos/modules/services/misc/nix-daemon.nix
View File

@ -6,20 +6,20 @@ let
cfg = config.nix;
nix = cfg.package.out;
nixPackage = cfg.package.out;
nixVersion = getVersion nix;
isNix23 = versionAtLeast nixVersion "2.3pre";
isNixAtLeast = versionAtLeast (getVersion nixPackage);
makeNixBuildUser = nr: {
name = "nixbld${toString nr}";
name = "nixbld${toString nr}";
value = {
description = "Nix build user ${toString nr}";
/* For consistency with the setgid(2), setuid(2), and setgroups(2)
calls in `libstore/build.cc', don't add any supplementary group
here except "nixbld". */
/*
For consistency with the setgid(2), setuid(2), and setgroups(2)
calls in `libstore/build.cc', don't add any supplementary group
here except "nixbld".
*/
uid = builtins.add config.ids.uids.nixbld nr;
isSystemUser = true;
group = "nixbld";
@ -30,43 +30,82 @@ let
nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers));
nixConf =
assert versionAtLeast nixVersion "2.2";
pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } (
''
cat > $out <<END
assert isNixAtLeast "2.2";
let
mkValueString = v:
if v == null then ""
else if isInt v then toString v
else if isBool v then boolToString v
else if isFloat v then floatToString v
else if isList v then toString v
else if isDerivation v then toString v
else if builtins.isPath v then toString v
else if isString v then v
else if isCoercibleToString v then toString v
else abort "The nix conf value: ${toPretty {} v} can not be encoded";
mkKeyValue = k: v: "${escape [ "=" ] k} = ${mkValueString v}";
mkKeyValuePairs = attrs: concatStringsSep "\n" (mapAttrsToList mkKeyValue attrs);
in
pkgs.writeTextFile {
name = "nix.conf";
text = ''
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
max-jobs = ${toString (cfg.maxJobs)}
cores = ${toString (cfg.buildCores)}
sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
extra-sandbox-paths = ${toString cfg.sandboxPaths}
substituters = ${toString cfg.binaryCaches}
trusted-substituters = ${toString cfg.trustedBinaryCaches}
trusted-public-keys = ${toString cfg.binaryCachePublicKeys}
auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
require-sigs = ${boolToString cfg.requireSignedBinaryCaches}
trusted-users = ${toString cfg.trustedUsers}
allowed-users = ${toString cfg.allowedUsers}
${optionalString (!cfg.distributedBuilds) ''
builders =
''}
system-features = ${toString cfg.systemFeatures}
${optionalString isNix23 ''
sandbox-fallback = false
''}
$extraOptions
END
'' + optionalString cfg.checkConfig (
if pkgs.stdenv.hostPlatform != pkgs.stdenv.buildPlatform then ''
echo "Ignore nix.checkConfig when cross-compiling"
'' else ''
echo "Checking that Nix can read nix.conf..."
ln -s $out ./nix.conf
NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net --option experimental-features nix-command"} >/dev/null
'')
);
${mkKeyValuePairs cfg.settings}
${cfg.extraOptions}
'';
checkPhase =
if pkgs.stdenv.hostPlatform != pkgs.stdenv.buildPlatform then ''
echo "Ignoring validation for cross-compilation"
''
else ''
echo "Validating generated nix.conf"
ln -s $out ./nix.conf
set -e
set +o pipefail
NIX_CONF_DIR=$PWD \
${cfg.package}/bin/nix show-config ${optionalString (isNixAtLeast "2.3pre") "--no-net --option experimental-features nix-command"} \
|& sed -e 's/^warning:/error:/' \
| (! grep '${if cfg.checkConfig then "^error:" else "^error: unknown setting"}')
set -o pipefail
'';
};
legacyConfMappings = {
useSandbox = "sandbox";
buildCores = "cores";
maxJobs = "max-jobs";
sandboxPaths = "extra-sandbox-paths";
binaryCaches = "substituters";
trustedBinaryCaches = "trusted-substituters";
binaryCachePublicKeys = "trusted-public-keys";
autoOptimiseStore = "auto-optimise-store";
requireSignedBinaryCaches = "require-sigs";
trustedUsers = "trusted-users";
allowedUsers = "allowed-users";
systemFeatures = "system-feature";
};
semanticConfType = with types;
let
confAtom = nullOr
(oneOf [
bool
int
float
str
path
package
]) // {
description = "Nix config atom (null, bool, int, float, str, path or package)";
};
in
attrsOf (either confAtom (listOf confAtom));
in
@ -76,7 +115,7 @@ in
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
(mkRenamedOptionModule [ "nix" "daemonIONiceLevel" ] [ "nix" "daemonIOSchedPriority" ])
(mkRemovedOptionModule [ "nix" "daemonNiceLevel" ] "Consider nix.daemonCPUSchedPolicy instead.")
];
] ++ mapAttrsToList (oldConf: newConf: mkRenamedOptionModule [ "nix" oldConf ] [ "nix" "settings" newConf ]) legacyConfMappings;
###### interface
@ -102,81 +141,6 @@ in
'';
};
maxJobs = mkOption {
type = types.either types.int (types.enum ["auto"]);
default = "auto";
example = 64;
description = ''
This option defines the maximum number of jobs that Nix will try to
build in parallel. The default is auto, which means it will use all
available logical cores. It is recommend to set it to the total
number of logical cores in your system (e.g., 16 for two CPUs with 4
cores each and hyper-threading).
'';
};
autoOptimiseStore = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy.
This saves disk space. If set to false (the default), you can still run
nix-store --optimise to get rid of duplicate files.
'';
};
buildCores = mkOption {
type = types.int;
default = 0;
example = 64;
description = ''
This option defines the maximum number of concurrent tasks during
one build. It affects, e.g., -j option for make.
The special value 0 means that the builder should use all
available CPU cores in the system. Some builds may become
non-deterministic with this option; use with care! Packages will
only be affected if enableParallelBuilding is set for them.
'';
};
useSandbox = mkOption {
type = types.either types.bool (types.enum ["relaxed"]);
default = true;
description = "
If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents impurities
in builds by disallowing access to dependencies outside of the Nix
store by using network and mount namespaces in a chroot environment.
This is enabled by default even though it has a possible performance
impact due to the initial setup time of a sandbox for each build. It
doesn't affect derivation hashes, so changing this option will not
trigger a rebuild of packages.
";
};
sandboxPaths = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev" "/proc" ];
description =
''
Directories from the host filesystem to be included
in the sandbox.
'';
};
extraOptions = mkOption {
type = types.lines;
default = "";
example = ''
keep-outputs = true
keep-derivations = true
'';
description = "Additional text appended to <filename>nix.conf</filename>.";
};
distributedBuilds = mkOption {
type = types.bool;
default = false;
@ -187,7 +151,7 @@ in
};
daemonCPUSchedPolicy = mkOption {
type = types.enum ["other" "batch" "idle"];
type = types.enum [ "other" "batch" "idle" ];
default = "other";
example = "batch";
description = ''
@ -218,7 +182,7 @@ in
};
daemonIOSchedClass = mkOption {
type = types.enum ["best-effort" "idle"];
type = types.enum [ "best-effort" "idle" ];
default = "best-effort";
example = "idle";
description = ''
@ -250,11 +214,11 @@ in
scheduling policy: With idle, priorities are not used in scheduling
decisions. best-effort supports values in the range 0 (high) to 7
(low).
'';
'';
};
buildMachines = mkOption {
type = types.listOf (types.submodule ({
type = types.listOf (types.submodule {
options = {
hostName = mkOption {
type = types.str;
@ -276,7 +240,7 @@ in
};
systems = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
example = [ "x86_64-linux" "aarch64-linux" ];
description = ''
The system types the build machine can execute derivations on.
@ -293,7 +257,7 @@ in
The username to log in as on the remote host. This user must be
able to log in and run nix commands non-interactively. It must
also be privileged to build derivations, so must be included in
<option>nix.trustedUsers</option>.
<option>nix.settings.trusted-users</option>.
'';
};
sshKey = mkOption {
@ -331,7 +295,7 @@ in
};
mandatoryFeatures = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
example = [ "big-parallel" ];
description = ''
A list of features mandatory for this builder. The builder will
@ -342,7 +306,7 @@ in
};
supportedFeatures = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
example = [ "kvm" "big-parallel" ];
description = ''
A list of features supported by this builder. The builder will
@ -350,9 +314,18 @@ in
list.
'';
};
publicHostKey = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The (base64-encoded) public host key of this builder. The field
is calculated via <command>base64 -w0 /etc/ssh/ssh_host_type_key.pub</command>.
If null, SSH will use its regular known-hosts file when connecting.
'';
};
};
}));
default = [];
});
default = [ ];
description = ''
This option lists the machines to be used if distributed builds are
enabled (see <option>nix.distributedBuilds</option>).
@ -366,7 +339,7 @@ in
envVars = mkOption {
type = types.attrs;
internal = true;
default = {};
default = { };
description = "Environment variables used by Nix.";
};
@ -391,92 +364,13 @@ in
'';
};
binaryCaches = mkOption {
type = types.listOf types.str;
description = ''
List of binary cache URLs used to obtain pre-built binaries
of Nix packages.
By default https://cache.nixos.org/ is added,
to override it use <literal>lib.mkForce []</literal>.
'';
};
trustedBinaryCaches = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "https://hydra.nixos.org/" ];
description = ''
List of binary cache URLs that non-root users can use (in
addition to those specified using
<option>nix.binaryCaches</option>) by passing
<literal>--option binary-caches</literal> to Nix commands.
'';
};
requireSignedBinaryCaches = mkOption {
type = types.bool;
default = true;
description = ''
If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
<option>nix.binaryCachePublicKeys</option>. If disabled, signatures are neither
required nor checked, so it's strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
'';
};
binaryCachePublicKeys = mkOption {
type = types.listOf types.str;
example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ];
description = ''
List of public keys used to sign binary caches. If
<option>nix.requireSignedBinaryCaches</option> is enabled,
then Nix will use a binary from a binary cache if and only
if it is signed by <emphasis>any</emphasis> of the keys
listed here. By default, only the key for
<uri>cache.nixos.org</uri> is included.
'';
};
trustedUsers = mkOption {
type = types.listOf types.str;
default = [ "root" ];
example = [ "root" "alice" "@wheel" ];
description = ''
A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs. You
can also specify groups by prefixing them with
<literal>@</literal>; for instance,
<literal>@wheel</literal> means all users in the wheel
group.
'';
};
allowedUsers = mkOption {
type = types.listOf types.str;
default = [ "*" ];
example = [ "@wheel" "@builders" "alice" "bob" ];
description = ''
A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon. As with
<option>nix.trustedUsers</option>, you can specify groups by
prefixing them with <literal>@</literal>. Also, you can
allow all users by specifying <literal>*</literal>. The
default is <literal>*</literal>. Note that trusted users are
always allowed to connect.
'';
};
nixPath = mkOption {
type = types.listOf types.str;
default =
[
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
default = [
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
description = ''
The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
@ -484,45 +378,44 @@ in
'';
};
systemFeatures = mkOption {
type = types.listOf types.str;
example = [ "kvm" "big-parallel" "gccarch-skylake" ];
description = ''
The supported features of a machine
'';
};
checkConfig = mkOption {
type = types.bool;
default = true;
description = ''
If enabled (the default), checks that Nix can parse the generated nix.conf.
If enabled (the default), checks for data type mismatches and that Nix
can parse the generated nix.conf.
'';
};
registry = mkOption {
type = types.attrsOf (types.submodule (
let
inputAttrs = types.attrsOf (types.oneOf [types.str types.int types.bool types.package]);
referenceAttrs = with types; attrsOf (oneOf [
str
int
bool
package
]);
in
{ config, name, ... }:
{ options = {
{
options = {
from = mkOption {
type = inputAttrs;
type = referenceAttrs;
example = { type = "indirect"; id = "nixpkgs"; };
description = "The flake reference to be rewritten.";
};
to = mkOption {
type = inputAttrs;
type = referenceAttrs;
example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; };
description = "The flake reference to which <option>from></option> is to be rewritten.";
description = "The flake reference <option>from></option> is rewritten to.";
};
flake = mkOption {
type = types.nullOr types.attrs;
default = null;
example = literalExpression "nixpkgs";
description = ''
The flake input to which <option>from></option> is to be rewritten.
The flake input <option>from></option> is rewritten to.
'';
};
exact = mkOption {
@ -537,35 +430,232 @@ in
};
config = {
from = mkDefault { type = "indirect"; id = name; };
to = mkIf (config.flake != null)
({ type = "path";
path = config.flake.outPath;
} // lib.filterAttrs
(n: v: n == "lastModified" || n == "rev" || n == "revCount" || n == "narHash")
config.flake);
to = mkIf (config.flake != null) (mkDefault
{
type = "path";
path = config.flake.outPath;
} // filterAttrs
(n: _: n == "lastModified" || n == "rev" || n == "revCount" || n == "narHash")
config.flake);
};
}
));
default = {};
default = { };
description = ''
A system-wide flake registry.
'';
};
};
extraOptions = mkOption {
type = types.lines;
default = "";
example = ''
keep-outputs = true
keep-derivations = true
'';
description = "Additional text appended to <filename>nix.conf</filename>.";
};
settings = mkOption {
type = types.submodule {
freeformType = semanticConfType;
options = {
max-jobs = mkOption {
type = types.either types.int (types.enum [ "auto" ]);
default = "auto";
example = 64;
description = ''
This option defines the maximum number of jobs that Nix will try to
build in parallel. The default is auto, which means it will use all
available logical cores. It is recommend to set it to the total
number of logical cores in your system (e.g., 16 for two CPUs with 4
cores each and hyper-threading).
'';
};
auto-optimise-store = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy.
This saves disk space. If set to false (the default), you can still run
nix-store --optimise to get rid of duplicate files.
'';
};
cores = mkOption {
type = types.int;
default = 0;
example = 64;
description = ''
This option defines the maximum number of concurrent tasks during
one build. It affects, e.g., -j option for make.
The special value 0 means that the builder should use all
available CPU cores in the system. Some builds may become
non-deterministic with this option; use with care! Packages will
only be affected if enableParallelBuilding is set for them.
'';
};
sandbox = mkOption {
type = types.either types.bool (types.enum [ "relaxed" ]);
default = true;
description = ''
If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents impurities
in builds by disallowing access to dependencies outside of the Nix
store by using network and mount namespaces in a chroot environment.
This is enabled by default even though it has a possible performance
impact due to the initial setup time of a sandbox for each build. It
doesn't affect derivation hashes, so changing this option will not
trigger a rebuild of packages.
'';
};
extra-sandbox-paths = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "/dev" "/proc" ];
description = ''
Directories from the host filesystem to be included
in the sandbox.
'';
};
substituters = mkOption {
type = types.listOf types.str;
description = ''
List of binary cache URLs used to obtain pre-built binaries
of Nix packages.
By default https://cache.nixos.org/ is added.
'';
};
trusted-substituters = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "https://hydra.nixos.org/" ];
description = ''
List of binary cache URLs that non-root users can use (in
addition to those specified using
<option>nix.settings.substituters</option>) by passing
<literal>--option binary-caches</literal> to Nix commands.
'';
};
require-sigs = mkOption {
type = types.bool;
default = true;
description = ''
If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
<option>nix.settings.trusted-public-keys</option>. If disabled, signatures are neither
required nor checked, so it's strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
'';
};
trusted-public-keys = mkOption {
type = types.listOf types.str;
example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ];
description = ''
List of public keys used to sign binary caches. If
<option>nix.settings.trusted-public-keys</option> is enabled,
then Nix will use a binary from a binary cache if and only
if it is signed by <emphasis>any</emphasis> of the keys
listed here. By default, only the key for
<uri>cache.nixos.org</uri> is included.
'';
};
trusted-users = mkOption {
type = types.listOf types.str;
default = [ "root" ];
example = [ "root" "alice" "@wheel" ];
description = ''
A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs. You
can also specify groups by prefixing them with
<literal>@</literal>; for instance,
<literal>@wheel</literal> means all users in the wheel
group.
'';
};
system-features = mkOption {
type = types.listOf types.str;
example = [ "kvm" "big-parallel" "gccarch-skylake" ];
description = ''
The set of features supported by the machine. Derivations
can express dependencies on system features through the
<literal>requiredSystemFeatures</literal> attribute.
By default, pseudo-features <literal>nixos-test</literal>, <literal>benchmark</literal>,
and <literal>big-parallel</literal> used in Nixpkgs are set, <literal>kvm</literal>
is also included in it is avaliable.
'';
};
allowed-users = mkOption {
type = types.listOf types.str;
default = [ "*" ];
example = [ "@wheel" "@builders" "alice" "bob" ];
description = ''
A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon. As with
<option>nix.settings.trusted-users</option>, you can specify groups by
prefixing them with <literal>@</literal>. Also, you can
allow all users by specifying <literal>*</literal>. The
default is <literal>*</literal>. Note that trusted users are
always allowed to connect.
'';
};
};
};
default = { };
example = literalExpression ''
{
use-sandbox = true;
show-trace = true;
system-features = [ "big-parallel" "kvm" "recursive-nix" ];
sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };
}
'';
description = ''
Configuration for Nix, see
<link xlink:href="https://nixos.org/manual/nix/stable/#sec-conf-file"/> or
<citerefentry>
<refentrytitle>nix.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry> for avalaible options.
The value declared here will be translated directly to the key-value pairs Nix expects.
</para>
<para>
You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.nix.settings</command>
to view the current value. By default it is empty.
</para>
<para>
Nix configurations defined under <option>nix.*</option> will be translated and applied to this
option. In addition, configuration specified in <option>nix.extraOptions</option> which will be appended
verbatim to the resulting config file.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
nix.binaryCaches = [ "https://cache.nixos.org/" ];
environment.systemPackages =
[ nix
[
nixPackage
pkgs.nix-info
]
++ optional (config.programs.bash.enableCompletion) pkgs.nix-bash-completions;
@ -579,44 +669,49 @@ in
# List of machines for distributed Nix builds in the format
# expected by build-remote.pl.
environment.etc."nix/machines" =
{ enable = cfg.buildMachines != [];
text =
concatMapStrings (machine:
"${if machine.sshUser != null then "${machine.sshUser}@" else ""}${machine.hostName} "
+ (if machine.system != null then machine.system else concatStringsSep "," machine.systems)
+ " ${if machine.sshKey != null then machine.sshKey else "-"} ${toString machine.maxJobs} "
+ toString (machine.speedFactor)
+ " "
+ concatStringsSep "," (machine.mandatoryFeatures ++ machine.supportedFeatures)
+ " "
+ concatStringsSep "," machine.mandatoryFeatures
environment.etc."nix/machines" = mkIf (cfg.buildMachines != [ ]) {
text =
concatMapStrings
(machine:
(concatStringsSep " " ([
"${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}"
(if machine.system != null then machine.system else if machine.systems != [ ] then concatStringsSep "," machine.systems else "-")
(if machine.sshKey != null then machine.sshKey else "-")
(toString machine.maxJobs)
(toString machine.speedFactor)
(concatStringsSep "," machine.supportedFeatures)
(concatStringsSep "," machine.mandatoryFeatures)
]
++ optional (isNixAtLeast "2.4pre") (if machine.publicHostKey != null then machine.publicHostKey else "-")))
+ "\n"
) cfg.buildMachines;
};
)
cfg.buildMachines;
};
assertions =
let badMachine = m: m.system == null && m.systems == [];
in [
let badMachine = m: m.system == null && m.systems == [ ];
in
[
{
assertion = !(builtins.any badMachine cfg.buildMachines);
assertion = !(any badMachine cfg.buildMachines);
message = ''
At least one system type (via <varname>system</varname> or
<varname>systems</varname>) must be set for every build machine.
Invalid machine specifications:
'' + " " +
(builtins.concatStringsSep "\n "
(builtins.map (m: m.hostName)
(builtins.filter (badMachine) cfg.buildMachines)));
(concatStringsSep "\n "
(map (m: m.hostName)
(filter (badMachine) cfg.buildMachines)));
}
];
systemd.packages = [ nix ];
systemd.packages = [ nixPackage ];
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
systemd.services.nix-daemon =
{ path = [ nix pkgs.util-linux config.programs.ssh.package ]
{
path = [ nixPackage pkgs.util-linux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars
@ -626,7 +721,8 @@ in
unitConfig.RequiresMountsFor = "/nix/store";
serviceConfig =
{ CPUSchedulingPolicy = cfg.daemonCPUSchedPolicy;
{
CPUSchedulingPolicy = cfg.daemonCPUSchedPolicy;
IOSchedulingClass = cfg.daemonIOSchedClass;
IOSchedulingPriority = cfg.daemonIOSchedPriority;
LimitNOFILE = 4096;
@ -636,9 +732,7 @@ in
};
# Set up the environment variables for running Nix.
environment.sessionVariables = cfg.envVars //
{ NIX_PATH = cfg.nixPath;
};
environment.sessionVariables = cfg.envVars // { NIX_PATH = cfg.nixPath; };
environment.extraInit =
''
@ -647,7 +741,7 @@ in
fi
'';
nix.nrBuildUsers = mkDefault (lib.max 32 (if cfg.maxJobs == "auto" then 0 else cfg.maxJobs));
nix.nrBuildUsers = mkDefault (max 32 (if cfg.settings.max-jobs == "auto" then 0 else cfg.settings.max-jobs));
users.users = nixbldUsers;
@ -663,14 +757,26 @@ in
fi
'';
nix.systemFeatures = mkDefault (
[ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++
optionals (pkgs.hostPlatform ? gcc.arch) (
# a builder can run code for `gcc.arch` and inferior architectures
[ "gccarch-${pkgs.hostPlatform.gcc.arch}" ] ++
map (x: "gccarch-${x}") lib.systems.architectures.inferiors.${pkgs.hostPlatform.gcc.arch}
)
);
# Legacy configuration conversion.
nix.settings = mkMerge [
{
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
substituters = [ "https://cache.nixos.org/" ];
system-features = mkDefault (
[ "nixos-test" "benchmark" "big-parallel" "kvm" ] ++
optionals (pkgs.hostPlatform ? gcc.arch) (
# a builder can run code for `gcc.arch` and inferior architectures
[ "gccarch-${pkgs.hostPlatform.gcc.arch}" ] ++
map (x: "gccarch-${x}") systems.architectures.inferiors.${pkgs.hostPlatform.gcc.arch}
)
);
}
(mkIf (!cfg.distributedBuilds) { builders = null; })
(mkIf (isNixAtLeast "2.3pre") { sandbox-fallback = false; })
];
};

2
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -20,7 +20,7 @@ in {
write = mkOption {
type = types.bool;
default = false;
description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the nix.trustedUsers option in most use cases, such as allowing remote building of derivations.";
description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the <option>nix.settings.trusted-users</option> option in most use cases, such as allowing remote building of derivations.";
};
keys = mkOption {

15
nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix
View File

@ -25,7 +25,8 @@ in {
[ "/dev/sda", "/dev/nvme0n1" ];
'';
description = ''
Paths to disks that will be monitored.
Paths to the disks that will be monitored. Will autodiscover
all disks if none given.
'';
};
maxInterval = mkOption {
@ -41,13 +42,23 @@ in {
serviceOpts = {
serviceConfig = {
AmbientCapabilities = [
"CAP_RAW_SYSIO"
"CAP_SYS_ADMIN"
];
CapabilityBoundingSet = [
"CAP_RAW_SYSIO"
"CAP_SYS_ADMIN"
];
DevicePolicy = "closed";
DeviceAllow = lib.mkForce cfg.devices;
DeviceAllow = lib.mkOverride 100 (
if cfg.devices != [] then
cfg.devices
else [
"block-blkext rw"
"block-sd rw"
"char-nvme rw"
]
);
ExecStart = ''
${pkgs.prometheus-smartctl-exporter}/bin/smartctl_exporter -config ${configFile}
'';

5
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -599,6 +599,8 @@ in {
timerConfig.Unit = "nextcloud-cron.service";
};
systemd.tmpfiles.rules = ["d ${cfg.home} 0750 nextcloud nextcloud"];
systemd.services = {
# When upgrading the Nextcloud package, Nextcloud can report errors such as
# "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly"
@ -720,8 +722,6 @@ in {
before = [ "phpfpm-nextcloud.service" ];
path = [ occ ];
script = ''
chmod og+x ${cfg.home}
${optionalString (c.dbpassFile != null) ''
if [ ! -r "${c.dbpassFile}" ]; then
echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..."
@ -814,7 +814,6 @@ in {
users.users.nextcloud = {
home = "${cfg.home}";
group = "nextcloud";
createHome = true;
isSystemUser = true;
};
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];

135
nixos/modules/system/activation/switch-to-configuration.pl
View File

@ -2,6 +2,7 @@
use strict;
use warnings;
use Config::IniFiles;
use File::Path qw(make_path);
use File::Basename;
use File::Slurp;
@ -113,26 +114,77 @@ sub parseFstab {
return ($fss, $swaps);
}
sub parseUnit {
my ($filename) = @_;
my $info = {};
parseKeyValues($info, read_file($filename)) if -f $filename;
parseKeyValues($info, read_file("${filename}.d/overrides.conf")) if -f "${filename}.d/overrides.conf";
return $info;
}
# This subroutine takes a single ini file that specified systemd configuration
# like unit configuration and parses it into a hash where the keys are the sections
# of the unit file and the values are hashes themselves. These hashes have the unit file
# keys as their keys (left side of =) and an array of all values that were set as their
# values. If a value is empty (for example `ExecStart=`), then all current definitions are
# removed.
#
# Instead of returning the hash, this subroutine takes a hashref to return the data in. This
# allows calling the subroutine multiple times with the same hash to parse override files.
sub parseSystemdIni {
my ($unitContents, $path) = @_;
# Tie the ini file to a hash for easier access
my %fileContents;
tie %fileContents, "Config::IniFiles", (-file => $path, -allowempty => 1, -allowcontinue => 1);
sub parseKeyValues {
my $info = shift;
foreach my $line (@_) {
# FIXME: not quite correct.
$line =~ /^([^=]+)=(.*)$/ or next;
$info->{$1} = $2;
# Copy over all sections
foreach my $sectionName (keys %fileContents) {
# Copy over all keys
foreach my $iniKey (keys %{$fileContents{$sectionName}}) {
# Ensure the value is an array so it's easier to work with
my $iniValue = $fileContents{$sectionName}{$iniKey};
my @iniValues;
if (ref($iniValue) eq "ARRAY") {
@iniValues = @{$iniValue};
} else {
@iniValues = $iniValue;
}
# Go over all values
for my $iniValue (@iniValues) {
# If a value is empty, it's an override that tells us to clean the value
if ($iniValue eq "") {
delete $unitContents->{$sectionName}->{$iniKey};
next;
}
push(@{$unitContents->{$sectionName}->{$iniKey}}, $iniValue);
}
}
}
return;
}
sub boolIsTrue {
my ($s) = @_;
return $s eq "yes" || $s eq "true";
# This subroutine takes the path to a systemd configuration file (like a unit configuration),
# parses it, and returns a hash that contains the contents. The contents of this hash are
# explained in the `parseSystemdIni` subroutine. Neither the sections nor the keys inside
# the sections are consistently sorted.
#
# If a directory with the same basename ending in .d exists next to the unit file, it will be
# assumed to contain override files which will be parsed as well and handled properly.
sub parseUnit {
my ($unitPath) = @_;
# Parse the main unit and all overrides
my %unitData;
parseSystemdIni(\%unitData, $_) for glob("${unitPath}{,.d/*.conf}");
return %unitData;
}
# Checks whether a specified boolean in a systemd unit is true
# or false, with a default that is applied when the value is not set.
sub parseSystemdBool {
my ($unitConfig, $sectionName, $boolName, $default) = @_;
my @values = @{$unitConfig->{$sectionName}{$boolName} // []};
# Return default if value is not set
if (scalar @values lt 1 || not defined $values[-1]) {
return $default;
}
# If value is defined multiple times, use the last definition
my $last = $values[-1];
# These are valid values as of systemd.syntax(7)
return $last eq "1" || $last eq "yes" || $last eq "true" || $last eq "on";
}
sub recordUnit {
@ -167,17 +219,17 @@ sub handleModifiedUnit {
# Revert of the attempt: https://github.com/NixOS/nixpkgs/pull/147609
# More details: https://github.com/NixOS/nixpkgs/issues/74899#issuecomment-981142430
} else {
my $unitInfo = parseUnit($newUnitFile);
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
my %unitInfo = parseUnit($newUnitFile);
if (parseSystemdBool(\%unitInfo, "Service", "X-ReloadIfChanged", 0)) {
$unitsToReload->{$unit} = 1;
recordUnit($reloadListFile, $unit);
}
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
elsif (!parseSystemdBool(\%unitInfo, "Service", "X-RestartIfChanged", 1) || parseSystemdBool(\%unitInfo, "Unit", "RefuseManualStop", 0) || parseSystemdBool(\%unitInfo, "Unit", "X-OnlyManualStart", 0)) {
$unitsToSkip->{$unit} = 1;
} else {
# It doesn't make sense to stop and start non-services because
# they can't have ExecStop=
if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) {
if (!parseSystemdBool(\%unitInfo, "Service", "X-StopIfChanged", 1) || $unit !~ /\.service$/) {
# This unit should be restarted instead of
# stopped and started.
$unitsToRestart->{$unit} = 1;
@ -188,7 +240,7 @@ sub handleModifiedUnit {
# socket(s) instead of the service.
my $socketActivated = 0;
if ($unit =~ /\.service$/) {
my @sockets = split / /, ($unitInfo->{Sockets} // "");
my @sockets = split(/ /, join(" ", @{$unitInfo{Service}{Sockets} // []}));
if (scalar @sockets == 0) {
@sockets = ("$baseName.socket");
}
@ -254,12 +306,12 @@ while (my ($unit, $state) = each %{$activePrev}) {
if (-e $prevUnitFile && ($state->{state} eq "active" || $state->{state} eq "activating")) {
if (! -e $newUnitFile || abs_path($newUnitFile) eq "/dev/null") {
my $unitInfo = parseUnit($prevUnitFile);
$unitsToStop{$unit} = 1 if boolIsTrue($unitInfo->{'X-StopOnRemoval'} // "yes");
my %unitInfo = parseUnit($prevUnitFile);
$unitsToStop{$unit} = 1 if parseSystemdBool(\%unitInfo, "Unit", "X-StopOnRemoval", 1);
}
elsif ($unit =~ /\.target$/) {
my $unitInfo = parseUnit($newUnitFile);
my %unitInfo = parseUnit($newUnitFile);
# Cause all active target units to be restarted below.
# This should start most changed units we stop here as
@ -268,7 +320,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
# active after the system has resumed, which probably
# should not be the case. Just ignore it.
if ($unit ne "suspend.target" && $unit ne "hibernate.target" && $unit ne "hybrid-sleep.target") {
unless (boolIsTrue($unitInfo->{'RefuseManualStart'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
unless (parseSystemdBool(\%unitInfo, "Unit", "RefuseManualStart", 0) || parseSystemdBool(\%unitInfo, "Unit", "X-OnlyManualStart", 0)) {
$unitsToStart{$unit} = 1;
recordUnit($startListFile, $unit);
# Don't spam the user with target units that always get started.
@ -287,7 +339,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
# Stopping a target generally has no effect on other units
# (unless there is a PartOf dependency), so this is just a
# bookkeeping thing to get systemd to do the right thing.
if (boolIsTrue($unitInfo->{'X-StopOnReconfiguration'} // "no")) {
if (parseSystemdBool(\%unitInfo, "Unit", "X-StopOnReconfiguration", 0)) {
$unitsToStop{$unit} = 1;
}
}
@ -546,33 +598,36 @@ my $activeNew = getActiveUnits;
while (my ($unit, $state) = each %{$activeNew}) {
if ($state->{state} eq "failed") {
push @failed, $unit;
next;
}
elsif ($state->{state} eq "auto-restart") {
# A unit in auto-restart state is a failure *if* it previously failed to start
my $lines = `@systemd@/bin/systemctl show '$unit'`;
my $info = {};
parseKeyValues($info, split("\n", $lines));
if ($info->{ExecMainStatus} ne '0') {
if ($state->{substate} eq "auto-restart") {
# A unit in auto-restart substate is a failure *if* it previously failed to start
my $main_status = `@systemd@/bin/systemctl show --value --property=ExecMainStatus '$unit'`;
chomp($main_status);
if ($main_status ne "0") {
push @failed, $unit;
next;
}
}
# Ignore scopes since they are not managed by this script but rather
# created and managed by third-party services via the systemd dbus API.
elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/) {
# This only lists units that are not failed (including ones that are in auto-restart but have not failed previously)
if ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/msx) {
push @new, $unit;
}
}
print STDERR "the following new units were started: ", join(", ", sort(@new)), "\n"
if scalar @new > 0;
if (scalar @new > 0) {
print STDERR "the following new units were started: ", join(", ", sort(@new)), "\n"
}
if (scalar @failed > 0) {
print STDERR "warning: the following units failed: ", join(", ", sort(@failed)), "\n";
foreach my $unit (@failed) {
print STDERR "\n";
system("COLUMNS=1000 @systemd@/bin/systemctl status --no-pager '$unit' >&2");
}
my @failed_sorted = sort @failed;
print STDERR "warning: the following units failed: ", join(", ", @failed_sorted), "\n\n";
system "@systemd@/bin/systemctl status --no-pager --full '" . join("' '", @failed_sorted) . "' >&2";
$res = 4;
}

4
nixos/modules/system/activation/top-level.nix
View File

@ -117,7 +117,7 @@ let
configurationName = config.boot.loader.grub.configurationName;
# Needed by switch-to-configuration.
perl = pkgs.perl.withPackages (p: with p; [ FileSlurp NetDBus XMLParser XMLTwig ]);
perl = pkgs.perl.withPackages (p: with p; [ FileSlurp NetDBus XMLParser XMLTwig ConfigIniFiles ]);
};
# Handle assertions and warnings
@ -156,7 +156,7 @@ in
specialisation = mkOption {
default = {};
example = lib.literalExpression "{ fewJobsManyCores.configuration = { nix.buildCores = 0; nix.maxJobs = 1; }; }";
example = lib.literalExpression "{ fewJobsManyCores.configuration = { nix.settings = { core = 0; max-jobs = 1; }; }";
description = ''
Additional configurations to build. If
<literal>inheritParentConfig</literal> is true, the system

13
nixos/modules/system/boot/binfmt.nix
View File

@ -300,18 +300,15 @@ in {
interpreterSandboxPath = dirOf (dirOf interpreterReg);
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
}) cfg.emulatedSystems);
# TODO: add a nix.extraPlatforms option to NixOS!
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
'';
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != []) (
let
nix.settings = lib.mkIf (cfg.emulatedSystems != []) {
extra-platforms = cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux";
extra-sandbox-paths = let
ruleFor = system: cfg.registrations.${system};
hasWrappedRule = lib.any (system: (ruleFor system).wrapInterpreterInShell) cfg.emulatedSystems;
in [ "/run/binfmt" ]
++ lib.optional hasWrappedRule "${pkgs.bash}"
++ (map (system: (ruleFor system).interpreterSandboxPath) cfg.emulatedSystems)
);
++ (map (system: (ruleFor system).interpreterSandboxPath) cfg.emulatedSystems);
};
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));

1
nixos/tests/all-tests.nix
View File

@ -558,6 +558,7 @@ in
xrdp = handleTest ./xrdp.nix {};
xss-lock = handleTest ./xss-lock.nix {};
xterm = handleTest ./xterm.nix {};
xxh = handleTest ./xxh.nix {};
yabar = handleTest ./yabar.nix {};
yggdrasil = handleTest ./yggdrasil.nix {};
zfs = handleTest ./zfs.nix {};

4
nixos/tests/containers-imperative.nix
View File

@ -10,8 +10,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
# XXX: Sandbox setup fails while trying to hardlink files from the host's
# store file system into the prepared chroot directory.
nix.useSandbox = false;
nix.binaryCaches = []; # don't try to access cache.nixos.org
nix.settings.sandbox = false;
nix.settings.substituters = []; # don't try to access cache.nixos.org
virtualisation.writableStore = true;
# Make sure we always have all the required dependencies for creating a

2
nixos/tests/hardened.nix
View File

@ -11,7 +11,7 @@ import ./make-test-python.nix ({ pkgs, ... } : {
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
environment.memoryAllocator.provider = "graphene-hardened";
nix.useSandbox = false;
nix.settings.sandbox = false;
virtualisation.emptyDiskImages = [ 4096 ];
boot.initrd.postDeviceCommands = ''
${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb

10
nixos/tests/hibernate.nix
View File

@ -45,11 +45,11 @@ in makeTest {
../modules/profiles/base.nix
];
nix.binaryCaches = mkForce [ ];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
nix.settings = {
substituters = mkForce [];
hashed-mirrors = null;
connect-timeout = 1;
};
virtualisation.diskSize = 8 * 1024;
virtualisation.emptyDiskImages = [

2
nixos/tests/hydra/common.nix
View File

@ -42,7 +42,7 @@
hostName = "localhost";
systems = [ system ];
}];
binaryCaches = [];
settings.substituters = [];
};
};
}

1
nixos/tests/installed-tests/flatpak.nix
View File

@ -6,6 +6,7 @@ makeInstalledTest {
testConfig = {
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
services.flatpak.enable = true;
environment.systemPackages = with pkgs; [ gnupg ostree python3 ];
virtualisation.memorySize = 2047;

10
nixos/tests/installer.nix
View File

@ -334,11 +334,11 @@ let
(pkgs.grub2_efi.override { inherit zfsSupport; })
]);
nix.binaryCaches = mkForce [ ];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
nix.settings = {
substituters = mkForce [];
hashed-mirrors = null;
connect-timeout = 1;
};
};
};

10
nixos/tests/iscsi-multipath-root.nix
View File

@ -111,11 +111,11 @@ import ./make-test-python.nix (
environment.etc."initiator-root-disk-closure".source = nodes.initiatorRootDisk.config.system.build.toplevel;
nix.binaryCaches = lib.mkForce [ ];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
nix.settings = {
substituters = lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = 1;
};
};
initiatorRootDisk = { config, pkgs, modulesPath, lib, ... }: {

10
nixos/tests/iscsi-root.nix
View File

@ -95,11 +95,11 @@ import ./make-test-python.nix (
system.extraDependencies = [ nodes.initiatorRootDisk.config.system.build.toplevel ];
nix.binaryCaches = lib.mkForce [];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
nix.settings = {
substituters = lib.mkForce [];
hashed-mirrors = null;
connect-timeout = 1;
};
};
initiatorRootDisk = { config, pkgs, modulesPath, lib, ... }: {

2
nixos/tests/nixops/default.nix
View File

@ -23,7 +23,7 @@ let
deployer = { config, lib, nodes, pkgs, ... }: {
imports = [ ../../modules/installer/cd-dvd/channel.nix ];
environment.systemPackages = [ nixopsPkg ];
nix.binaryCaches = lib.mkForce [ ];
nix.settings.substituters = lib.mkForce [ ];
users.users.person.isNormalUser = true;
virtualisation.writableStore = true;
virtualisation.additionalPaths = [

2
nixos/tests/nixops/legacy/base-configuration.nix
View File

@ -16,7 +16,7 @@ in
(modulesPath + "/testing/test-instrumentation.nix")
];
virtualisation.writableStore = true;
nix.binaryCaches = lib.mkForce [ ];
nix.settings.substituters = lib.mkForce [ ];
virtualisation.graphics = false;
documentation.enable = false;
services.qemuGuest.enable = true;

10
nixos/tests/os-prober.nix
View File

@ -43,11 +43,11 @@ let
# vda is a filesystem without partition table
forceInstall = true;
};
nix.binaryCaches = lib.mkForce [ ];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
nix.settings = {
substituters = lib.mkForce [];
hashed-mirrors = null;
connect-timeout = 1;
};
# save some memory
documentation.enable = false;
};

79
nixos/tests/switch-test.nix
View File

@ -45,6 +45,31 @@ import ./make-test-python.nix ({ pkgs, ...} : {
systemd.services.test.restartIfChanged = false;
};
simpleServiceFailing.configuration = {
imports = [ simpleServiceModified.configuration ];
systemd.services.test.serviceConfig.ExecStart = lib.mkForce "${pkgs.coreutils}/bin/false";
};
autorestartService.configuration = {
# A service that immediately goes into restarting (but without failing)
systemd.services.autorestart = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "20y"; # Should be long enough
ExecStart = "${pkgs.coreutils}/bin/true";
};
};
};
autorestartServiceFailing.configuration = {
imports = [ autorestartService.configuration ];
systemd.services.autorestart.serviceConfig = {
ExecStart = lib.mkForce "${pkgs.coreutils}/bin/false";
};
};
restart-and-reload-by-activation-script.configuration = {
systemd.services = rec {
simple-service = {
@ -189,12 +214,13 @@ import ./make-test-python.nix ({ pkgs, ...} : {
exec env -i "$@" | tee /dev/stderr
'';
in /* python */ ''
def switch_to_specialisation(system, name, action="test"):
def switch_to_specialisation(system, name, action="test", fail=False):
if name == "":
stc = f"{system}/bin/switch-to-configuration"
else:
stc = f"{system}/specialisation/{name}/bin/switch-to-configuration"
out = machine.succeed(f"{stc} {action} 2>&1")
out = machine.fail(f"{stc} {action} 2>&1") if fail \
else machine.succeed(f"{stc} {action} 2>&1")
assert_lacks(out, "switch-to-configuration line") # Perl warnings
return out
@ -305,7 +331,56 @@ import ./make-test-python.nix ({ pkgs, ...} : {
assert_lacks(out, "as well:")
assert_contains(out, "would start the following units: test.service\n")
with subtest("failing units"):
# Let the simple service fail
switch_to_specialisation("${machine}", "simpleServiceModified")
out = switch_to_specialisation("${machine}", "simpleServiceFailing", fail=True)
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_contains(out, "\nstarting the following units: test.service\n")
assert_lacks(out, "the following new units were started:")
assert_contains(out, "warning: the following units failed: test.service\n")
assert_contains(out, "Main PID:") # output of systemctl
assert_lacks(out, "as well:")
# A unit that gets into autorestart without failing is not treated as failed
out = switch_to_specialisation("${machine}", "autorestartService")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_contains(out, "the following new units were started: autorestart.service\n")
assert_lacks(out, "as well:")
machine.systemctl('stop autorestart.service') # cancel the 20y timer
# Switching to the same system should do nothing (especially not treat the unit as failed)
out = switch_to_specialisation("${machine}", "autorestartService")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_contains(out, "the following new units were started: autorestart.service\n")
assert_lacks(out, "as well:")
machine.systemctl('stop autorestart.service') # cancel the 20y timer
# If systemd thinks the unit has failed and is in autorestart, we should show it as failed
out = switch_to_specialisation("${machine}", "autorestartServiceFailing", fail=True)
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "\nrestarting the following units:")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "the following new units were started:")
assert_contains(out, "warning: the following units failed: autorestart.service\n")
assert_contains(out, "Main PID:") # output of systemctl
assert_lacks(out, "as well:")
with subtest("restart and reload by activation script"):
switch_to_specialisation("${machine}", "simpleServiceNorestart")
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")

9
nixos/tests/vscodium.nix
View File

@ -3,11 +3,10 @@ let
wayland = { pkgs, ... }: {
imports = [ ./common/wayland-cage.nix ];
services.cage.program = ''
${pkgs.vscodium}/bin/codium \
--enable-features=UseOzonePlatform \
--ozone-platform=wayland
'';
services.cage.program = "${pkgs.vscodium}/bin/codium";
environment.variables.NIXOS_OZONE_WL = "1";
environment.variables.DISPLAY = "do not use";
fonts.fonts = with pkgs; [ dejavu_fonts ];
};

67
nixos/tests/xxh.nix Normal file
View File

@ -0,0 +1,67 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
xxh-shell-zsh = pkgs.stdenv.mkDerivation {
pname = "xxh-shell-zsh";
version = "";
src = pkgs.fetchFromGitHub {
owner = "xxh";
repo = "xxh-shell-zsh";
# gets rarely updated, we can then just replace the hash
rev = "91e1f84f8d6e0852c3235d4813f341230cac439f";
sha256 = "sha256-Y1FrIRxTd0yooK+ZzKcCd6bLSy5E2fRXYAzrIsm7rIc=";
};
postPatch = ''
substituteInPlace build.sh \
--replace "echo Install wget or curl" "cp ${zsh-portable-binary} zsh-5.8-linux-x86_64.tar.gz" \
--replace "command -v curl" "command -v this-should-not-trigger"
'';
installPhase = ''
mkdir -p $out
mv * $out/
'';
};
zsh-portable-binary = pkgs.fetchurl {
# kept in sync with https://github.com/xxh/xxh-shell-zsh/tree/master/build.sh#L27
url = "https://github.com/romkatv/zsh-bin/releases/download/v3.0.1/zsh-5.8-linux-x86_64.tar.gz";
sha256 = "sha256-i8flMd2Isc0uLoeYQNDnOGb/kK3oTFVqQgIx7aOAIIo=";
};
in
{
name = "xxh";
meta = with lib.maintainers; {
maintainers = [ lom ];
};
nodes = {
server = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
client = { ... }: {
programs.zsh.enable = true;
users.users.root.shell = pkgs.zsh;
environment.systemPackages = with pkgs; [ xxh git ];
};
};
testScript = ''
start_all()
client.succeed("mkdir -m 700 /root/.ssh")
client.succeed(
"cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa"
)
client.succeed("chmod 600 /root/.ssh/id_ecdsa")
server.wait_for_unit("sshd")
client.succeed("xxh server -i /root/.ssh/id_ecdsa +hc \'echo $0\' +i +s zsh +I xxh-shell-zsh+path+${xxh-shell-zsh} | grep -Fq '/root/.xxh/.xxh/shells/xxh-shell-zsh/build/zsh-bin/bin/zsh'")
'';
})

4
pkgs/applications/audio/ptcollab/default.nix
View File

@ -13,13 +13,13 @@
mkDerivation rec {
pname = "ptcollab";
version = "0.5.0.3";
version = "0.6.0.2";
src = fetchFromGitHub {
owner = "yuxshao";
repo = "ptcollab";
rev = "v${version}";
sha256 = "sha256-8bgi621psvUlhiLyZ15tKGmGOs6HTf5/6Ru2Z9l8QIo=";
sha256 = "sha256-9goELqV7GP2/8w3Tw4Gph0UBgR/2T+wo2g+lhrQG4tA=";
};
nativeBuildInputs = [ qmake pkg-config ];

6
pkgs/applications/audio/spot/default.nix
View File

@ -21,19 +21,19 @@
stdenv.mkDerivation rec {
pname = "spot";
version = "0.3.0";
version = "0.3.1";
src = fetchFromGitHub {
owner = "xou816";
repo = "spot";
rev = version;
hash = "sha256-An9PJsuXZkvJhP67cisWxFd2dpky53EY/xcR6StgWFY=";
hash = "sha256-uZzylK9imEazwC/ogsDO8ZBvByE5/SNSV+mIlp7Z9Ww=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-2qMmPIBoZS6WT06VzCmnYWaIfLzWN2HUvk7y9GKuuXg=";
hash = "sha256-v5xdlsI6OlEpCYOTFePTyI8BkIrAwT6FR2JwiRTGgOA=";
};
nativeBuildInputs = [

4
pkgs/applications/backup/vorta/default.nix
View File

@ -8,13 +8,13 @@
python3Packages.buildPythonApplication rec {
pname = "vorta";
version = "0.8.2";
version = "0.8.3";
src = fetchFromGitHub {
owner = "borgbase";
repo = "vorta";
rev = "v${version}";
sha256 = "sha256-ut4HCfLU/P22y5QbNakTV4d4CnFRxJvn+cnJ0ZGpTlw=";
sha256 = "06sb24pimq9ckdkp9hzp4r9d3i21kxacsx5b7x9q99qcwf7h6372";
};
nativeBuildInputs = [ wrapQtAppsHook ];

1
pkgs/applications/editors/vscode/generic.nix
View File

@ -108,6 +108,7 @@ let
gappsWrapperArgs+=(
# Add gio to PATH so that moving files to the trash works when not using a desktop environment
--prefix PATH : ${glib.bin}/bin
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
)
'';

23
pkgs/applications/gis/grass/default.nix
View File

@ -1,5 +1,5 @@
{ lib, stdenv, fetchFromGitHub, flex, bison, pkg-config, zlib, libtiff, libpng, fftw
, cairo, readline, ffmpeg, makeWrapper, wxGTK30, netcdf, blas
, cairo, readline, ffmpeg, makeWrapper, wxGTK30, wxmac, netcdf, blas
, proj, gdal, geos, sqlite, postgresql, libmysqlclient, python3Packages, libLAS, proj-datumgrid
, zstd, pdal, wrapGAppsHook
}:
@ -16,10 +16,14 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ flex bison zlib proj gdal libtiff libpng fftw sqlite cairo
readline ffmpeg makeWrapper wxGTK30 netcdf geos postgresql libmysqlclient blas
libLAS proj-datumgrid zstd pdal wrapGAppsHook ]
++ (with python3Packages; [ python python-dateutil wxPython_4_1 numpy ]);
buildInputs = [ flex bison zlib proj gdal libtiff libpng fftw sqlite
readline ffmpeg makeWrapper netcdf geos postgresql libmysqlclient blas
libLAS proj-datumgrid zstd wrapGAppsHook ]
++ lib.optionals stdenv.isLinux [ cairo pdal wxGTK30 ]
++ lib.optional stdenv.isDarwin wxmac
++ (with python3Packages; [ python python-dateutil numpy ]
++ lib.optional stdenv.isDarwin wxPython_4_0
++ lib.optional stdenv.isLinux wxPython_4_1);
# On Darwin the installer tries to symlink the help files into a system
# directory
@ -33,12 +37,11 @@ stdenv.mkDerivation rec {
configureFlags = [
"--with-proj-share=${proj}/share/proj"
"--with-proj-includes=${proj.dev}/include"
"--with-proj-lib=${proj}/lib"
"--with-proj-libs=${proj}/lib"
"--without-opengl"
"--with-readline"
"--with-wxwidgets"
"--with-netcdf"
"--with-pdal"
"--with-geos"
"--with-postgres"
"--with-postgres-libs=${postgresql.lib}/lib/"
@ -51,6 +54,12 @@ stdenv.mkDerivation rec {
"--with-zstd"
"--with-fftw"
"--with-pthread"
] ++ lib.optionals stdenv.isLinux [
"--with-pdal"
] ++ lib.optionals stdenv.isDarwin [
"--without-cairo"
"--without-freetype"
"--without-x"
];
# Otherwise a very confusing "Can't load GDAL library" error

10
pkgs/applications/graphics/ImageMagick/7.0.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, libtool
{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, libtool
, bzip2, zlib, libX11, libXext, libXt, fontconfig, freetype, ghostscript, libjpeg, djvulibre
, lcms2, openexr, libjxl, libpng, liblqr1, libraw, librsvg, libtiff, libxml2, openjpeg, libwebp, libheif
, ApplicationServices
@ -27,6 +27,14 @@ stdenv.mkDerivation rec {
sha256 = "0r8zmk2cfmf09l94hqzfz4aspnzn178ggdbgm7w4hr0p864cbvc3";
};
patches = [
# fix a type confusion bug introduced in 7.1.0-20 with commit 075565e93c71bcaaabf0ce70b7d1060bccdf0020
(fetchpatch {
url = "https://github.com/ImageMagick/ImageMagick/commit/62845d5672eca4446b952dd0ab2e3e0dab0309d4.patch";
sha256 = "1kni5i8b5hl69niypidm90mhir8cafi6r9i857fxdlv045h3dg4p";
})
];
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big
outputMan = "out"; # it's tiny

5
pkgs/applications/graphics/darktable/default.nix
View File

@ -52,8 +52,7 @@
, libaom
, portmidi
, fetchpatch
, lua5_4
, ...
, lua
}:
stdenv.mkDerivation rec {
@ -104,7 +103,7 @@ stdenv.mkDerivation rec {
libheif
libaom
portmidi
lua5_4
lua
] ++ lib.optionals stdenv.isLinux [
colord
colord-gtk

4
pkgs/applications/graphics/hydrus/default.nix
View File

@ -10,14 +10,14 @@
python3Packages.buildPythonPackage rec {
pname = "hydrus";
version = "470b";
version = "471";
format = "other";
src = fetchFromGitHub {
owner = "hydrusnetwork";
repo = "hydrus";
rev = "v${version}";
sha256 = "0v52krjcqykrm3zqj6idzvbpjv4fhbgvq2jr8k0g63f7db7p08h9";
sha256 = "sha256-KRAPnYjDWXZ56OctGvEticQs5wSMFS27kGdpxj0mk0g=";
};
nativeBuildInputs = [

8
pkgs/applications/graphics/inkscape/default.nix
View File

@ -81,6 +81,14 @@ stdenv.mkDerivation rec {
stripLen = 1;
extraPrefix = "share/extensions/";
})
# Fix build with Poppler 21.11.0.
# https://gitlab.com/inkscape/inkscape/-/merge_requests/3622
(fetchpatch {
url = "https://gitlab.com/inkscape/inkscape/-/commit/5724c21b9cb7b6176a7b36ca24068b148c817e82.patch";
sha256 = "/1p/Vkes1HuZN0v09Ey4kiT+4zrEaoSXyPAmc4O3sDg=";
})
# Remove mandatory break from end of paragraphs, added in Pango 1.49
# https://gitlab.com/inkscape/inkscape/-/merge_requests/3630
# TODO: Remove in Inkscape 1.1.2

3
pkgs/applications/graphics/qiv/default.upstream
View File

@ -1,3 +0,0 @@
url http://spiegl.de/qiv/download/
version_link '[.]tgz$'
do_overwrite() { do_overwrite_just_version; }

5
pkgs/applications/graphics/tev/default.nix
View File

@ -5,14 +5,14 @@
stdenv.mkDerivation rec {
pname = "tev";
version = "1.19";
version = "1.22";
src = fetchFromGitHub {
owner = "Tom94";
repo = pname;
rev = "v${version}";
fetchSubmodules = true;
sha256 = "sha256-laP47xOND6PMA6dwTcCupcTIW+9zCaxO6rHzvDSL9JU=";
sha256 = "sha256-WLDQaN6wHnadvp0JyUzlcZVNiSbFudmmBSNYRMaE6U4=";
};
nativeBuildInputs = [ cmake wrapGAppsHook ];
@ -53,6 +53,7 @@ stdenv.mkDerivation rec {
changelog = "https://github.com/Tom94/tev/releases/tag/v${version}";
license = licenses.bsd3;
platforms = platforms.unix;
badPlatforms = [ "aarch64-linux" ]; # fails on Hydra since forever
maintainers = with maintainers; [ ];
};
}

3
pkgs/applications/misc/auto-multiple-choice/default.nix
View File

@ -65,7 +65,7 @@ stdenv.mkDerivation rec {
postFixup = ''
wrapProgram $out/bin/auto-multiple-choice \
''${makeWrapperArgs[@]} \
--prefix PERL5LIB : "${with perlPackages; makePerlPath [
--prefix PERL5LIB : "${with perlPackages; makeFullPerlPath [
ArchiveZip
DBDSQLite
Cairo
@ -75,6 +75,7 @@ stdenv.mkDerivation rec {
GlibObjectIntrospection
Gtk3
LocaleGettext
OpenOfficeOODoc
PerlMagick
TextCSV
XMLParser

4
pkgs/applications/misc/gallery-dl/default.nix
View File

@ -2,11 +2,11 @@
buildPythonApplication rec {
pname = "gallery_dl";
version = "1.20.1";
version = "1.20.3";
src = fetchPypi {
inherit pname version;
sha256 = "a1c06625381485f82aa14a038a622d40ab9cc2c8d150dd65c66df96dbf427f62";
sha256 = "6d1d97bd08a2a0dcfb0578e759fb83c4902b395405b3e3238673f684973b0556";
};
propagatedBuildInputs = [ requests yt-dlp ];

7
pkgs/applications/misc/mupdf/default.upstream
View File

@ -1,7 +0,0 @@
url https://mupdf.com/downloads/archive/
do_overwrite(){
ensure_hash
ensure_version
set_var_value version $CURRENT_VERSION
set_var_value sha256 $CURRENT_HASH
}

43
pkgs/applications/misc/tomboy/default.nix
View File

@ -1,43 +0,0 @@
{ stdenv, fetchurl, itstool, intltool, pkg-config
, libxml2, gnome2, atk, gtk2, glib
, mono, mono-addins, dbus-sharp-2_0, dbus-sharp-glib-2_0, gnome-sharp, gtk-sharp-2_0
, makeWrapper, lib}:
let
version = "1.15.9";
in
stdenv.mkDerivation {
pname = "tomboy";
inherit version;
src = fetchurl {
url = "https://github.com/tomboy-notes/tomboy/releases/download/${version}/tomboy-${version}.tar.xz";
sha256 = "0j5jmd079bm2fydqaic5ymbfdxna3qlx6fkp2mqhgcdr7prsbl3q";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ itstool intltool
libxml2 gnome2.GConf atk gtk2
mono mono-addins dbus-sharp-2_0 dbus-sharp-glib-2_0 gnome-sharp gtk-sharp-2_0
makeWrapper ];
postInstall = ''
makeWrapper "${mono}/bin/mono" "$out/bin/tomboy" \
--add-flags "$out/lib/tomboy/Tomboy.exe" \
--prefix MONO_GAC_PREFIX : ${dbus-sharp-2_0} \
--prefix MONO_GAC_PREFIX : ${dbus-sharp-glib-2_0} \
--prefix MONO_GAC_PREFIX : ${gtk-sharp-2_0} \
--prefix MONO_GAC_PREFIX : ${gnome-sharp} \
--prefix MONO_GAC_PREFIX : ${mono-addins} \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ glib gtk-sharp-2_0 gtk-sharp-2_0.gtk gnome2.GConf ]}
'';
meta = with lib; {
homepage = "https://wiki.gnome.org/Apps/Tomboy";
description = "A simple note-taking application with synchronization";
platforms = platforms.linux;
license = lib.licenses.lgpl2;
maintainers = with maintainers; [ stesie ];
};
}

1
pkgs/applications/misc/vifm/default.nix
View File

@ -38,7 +38,6 @@ in stdenv.mkDerivation rec {
license = licenses.gpl2;
downloadPage = "https://vifm.info/downloads.shtml";
homepage = "https://vifm.info/";
updateWalker = true;
changelog = "https://github.com/vifm/vifm/blob/v${version}/ChangeLog";
};
}

3
pkgs/applications/networking/browsers/chromium/default.nix
View File

@ -183,7 +183,8 @@ in stdenv.mkDerivation {
mkdir -p "$out/bin"
eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)}
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
ed -v -s "$out/bin/chromium" << EOF
2i

786
pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
View File

File diff suppressed because it is too large Load Diff

8
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
version = "96.0.2";
version = "96.0.3";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "5ceb1f023a9217c6a9c08b6525882d4091f989859cf209cc1d0ea22c846d05a967e1c47102ae052f7a5029d18118a558dd96da00437ee2c6fbf2896caf99d9dd";
sha512 = "3dd5fbc96e369d5f4fb3eca778c2bd3e2313d089f867de9fac3556810a797e9b5629ef1b8840fb2f22a18df7de95ea1993eee052f691d861a555cea544b05966";
};
meta = {
@ -32,10 +32,10 @@ rec {
firefox-esr-91 = common rec {
pname = "firefox-esr";
version = "91.5.0esr";
version = "91.5.1esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "1712415b6b73c6a21edfefc39eaba5fcbbca54032f78627c0005d291501d16ef4daffb8b9a160d1d5361113ceba04eb5ddb21d903e3dd8d58838aa9596f2d781";
sha512 = "26239e7a94b79f1e24a6667d7cf1c398d75992e8850144affbc5d3f34f04b91f0c9b020cab662b2cd4927924839ff2ddd2f3605c537bb5494fd9ac0d951b14fa";
};
meta = {

5
pkgs/applications/networking/browsers/google-chrome/default.nix
View File

@ -142,8 +142,9 @@ in stdenv.mkDerivation {
makeWrapper "$out/share/google/$appname/google-$appname" "$exe" \
--prefix LD_LIBRARY_PATH : "$rpath" \
--prefix PATH : "$binpath" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH:${addOpenGLRunpath.driverLink}/share" \
--add-flags ${escapeShellArg commandLineArgs}
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--add-flags ${escapeShellArg commandLineArgs} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
for elf in $out/share/google/$appname/{chrome,chrome-sandbox,${crashpadHandlerBinary},nacl_helper}; do
patchelf --set-rpath $rpath $elf

1
pkgs/applications/networking/instant-messengers/discord/linux.nix
View File

@ -80,6 +80,7 @@ stdenv.mkDerivation rec {
wrapProgram $out/opt/${binaryName}/${binaryName} \
"''${gappsWrapperArgs[@]}" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" \
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \
--prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/${binaryName}

5
pkgs/applications/networking/instant-messengers/element/element-desktop.nix
View File

@ -12,8 +12,6 @@
, Security
, AppKit
, CoreServices
, useWayland ? false
}:
let
@ -82,7 +80,8 @@ mkYarnPackage rec {
# LD_PRELOAD workaround for sqlcipher not found: https://github.com/matrix-org/seshat/issues/102
makeWrapper '${electron_exec}' "$out/bin/${executableName}" \
--set LD_PRELOAD ${sqlcipher}/lib/libsqlcipher.so \
--add-flags "$out/share/element/electron${lib.optionalString useWayland " --enable-features=UseOzonePlatform --ozone-platform=wayland"}"
--add-flags "$out/share/element/electron" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
'';
# Do not attempt generating a tarball for element-web again.

1
pkgs/applications/networking/instant-messengers/gajim/default.nix
View File

@ -87,7 +87,6 @@ python3.pkgs.buildPythonApplication rec {
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ raskin abbradar ];
downloadPage = "http://gajim.org/downloads.php";
updateWalker = true;
platforms = lib.platforms.linux;
};
}

2
pkgs/applications/networking/instant-messengers/mcabber/default.nix
View File

@ -38,8 +38,6 @@ stdenv.mkDerivation rec {
license = licenses.gpl2;
maintainers = with maintainers; [ pSub ];
platforms = with platforms; linux;
updateWalker = true;
downloadPage = "http://mcabber.com/files/";
downloadURLRegexp = "mcabber-[0-9.]+[.]tar[.][a-z0-9]+$";
};
}

31
pkgs/applications/networking/instant-messengers/schildichat/schildichat-desktop.nix
View File

@ -7,13 +7,13 @@
, makeDesktopItem
, copyDesktopItems
, fetchYarnDeps
, yarn, nodejs, fixup_yarn_lock
, yarn
, nodejs
, fixup_yarn_lock
, electron
, Security
, AppKit
, CoreServices
, useWayland ? false
}:
let
@ -88,7 +88,8 @@ stdenv.mkDerivation rec {
# executable wrapper
makeWrapper '${electron_exec}' "$out/bin/${executableName}" \
--add-flags "$out/share/element/electron${lib.optionalString useWayland " --enable-features=UseOzonePlatform --ozone-platform=wayland"}"
--add-flags "$out/share/element/electron" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
runHook postInstall
'';
@ -101,17 +102,17 @@ stdenv.mkDerivation rec {
# https://github.com/schildichat/element-desktop/blob/sc/package.json
desktopItems = [
(makeDesktopItem {
name = "schildichat-desktop";
exec = "${executableName} %u";
icon = "schildichat";
desktopName = "SchildiChat";
genericName = "Matrix Client";
comment = meta.description;
categories = "Network;InstantMessaging;Chat;";
extraEntries = ''
StartupWMClass=schildichat
MimeType=x-scheme-handler/element;
'';
name = "schildichat-desktop";
exec = "${executableName} %u";
icon = "schildichat";
desktopName = "SchildiChat";
genericName = "Matrix Client";
comment = meta.description;
categories = "Network;InstantMessaging;Chat;";
extraEntries = ''
StartupWMClass=schildichat
MimeType=x-scheme-handler/element;
'';
})
];

5
pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
View File

@ -24,7 +24,7 @@ let
in stdenv.mkDerivation rec {
pname = "signal-desktop";
version = "5.27.1"; # Please backport all updates to the stable channel.
version = "5.29.1"; # Please backport all updates to the stable channel.
# All releases have a limited lifetime and "expire" 90 days after the release.
# When releases "expire" the application becomes unusable until an update is
# applied. The expiration date for the current release can be extracted with:
@ -34,7 +34,7 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb";
sha256 = "0z0v7q0rpxdx7ic78jv7wp1hq8nrfp51jjdr6d85x0hsfdj0z1mc";
sha256 = "1a56mnmv0lnizmd4dl8fya3mdsy0jy5qr5bqb72m9cipq0069alc";
};
nativeBuildInputs = [
@ -123,6 +123,7 @@ in stdenv.mkDerivation rec {
gappsWrapperArgs+=(
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc ] }"
${customLanguageWrapperArgs}
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
)
# Fix the desktop link

5
pkgs/applications/networking/instant-messengers/slack/default.nix
View File

@ -84,7 +84,7 @@ let
homepage = "https://slack.com";
license = licenses.unfree;
maintainers = with maintainers; [ mmahut ];
platforms = [ "x86_64-darwin" "x86_64-linux" "aarch64-darwin"];
platforms = [ "x86_64-darwin" "x86_64-linux" "aarch64-darwin" ];
};
linux = stdenv.mkDerivation rec {
@ -170,7 +170,8 @@ let
rm $out/bin/slack
makeWrapper $out/lib/slack/slack $out/bin/slack \
--prefix XDG_DATA_DIRS : $GSETTINGS_SCHEMAS_PATH \
--prefix PATH : ${lib.makeBinPath [xdg-utils]}
--prefix PATH : ${lib.makeBinPath [xdg-utils]} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
# Fix the desktop link
substituteInPlace $out/share/applications/slack.desktop \

4
pkgs/applications/networking/nextcloud-client/default.nix
View File

@ -21,13 +21,13 @@
mkDerivation rec {
pname = "nextcloud-client";
version = "3.4.1";
version = "3.4.2";
src = fetchFromGitHub {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
sha256 = "sha256-1fUk4PUFkWcLOvrYvM+K+ZarUSeq/JtDU2bHHPoAoC8=";
sha256 = "sha256-cqpdn2STxJtUTBRFrUh1lRIDaFZfrRkJMxcJuTKxgk8=";
};
patches = [

4
pkgs/applications/office/qownnotes/default.nix
View File

@ -5,13 +5,13 @@
mkDerivation rec {
pname = "qownnotes";
version = "22.1.9";
version = "22.1.10.1";
src = fetchurl {
url = "https://download.tuxfamily.org/${pname}/src/${pname}-${version}.tar.xz";
# Fetch the checksum of current version with curl:
# curl https://download.tuxfamily.org/qownnotes/src/qownnotes-<version>.tar.xz.sha256
sha256 = "sha256-vUYfZpqOe7cZJxrNPXN2gCyNRNqC2/NA83+UCL9+mq0=";
sha256 = "sha256-uXDkLDDIRGSxXCczG9TQxtcLFjjOjKtyl/LRMax7JX4=";
};
nativeBuildInputs = [ qmake qttools ];

5
pkgs/applications/office/scribus/unstable.nix
View File

@ -83,6 +83,11 @@ mkDerivation rec {
qttools
];
cmakeFlags = [
# poppler uses std::optional
"-DWANT_CPP17=ON"
];
meta = with lib; {
maintainers = with maintainers; [
erictapen

4
pkgs/applications/radio/soapyhackrf/default.nix
View File

@ -3,7 +3,7 @@
} :
let
version = "0.3.3";
version = "0.3.4";
in stdenv.mkDerivation {
pname = "soapyhackrf";
@ -13,7 +13,7 @@ in stdenv.mkDerivation {
owner = "pothosware";
repo = "SoapyHackRF";
rev = "soapy-hackrf-${version}";
sha256 = "1awn89z462500gb3fjb7x61b1znkjri9n1d39bqfip1qk4s11pxc";
sha256 = "sha256-fzPYHJAPX8FkFxPXpLlUagTd/NoamRX0YnxHwkbV1nI=";
};
nativeBuildInputs = [ cmake pkg-config ];

6
pkgs/applications/science/logic/leo2/default.upstream
View File

@ -1,6 +0,0 @@
url http://page.mi.fu-berlin.de/cbenzmueller/leo/download.html
version_link '[.]tgz'
version '.*_v([0-9.]+)[.][a-z0-9]+$' '\1'
do_overwrite () {
do_overwrite_just_version
}

6
pkgs/applications/science/logic/potassco/clingo.upstream
View File

@ -1,6 +0,0 @@
target clingo.nix
attribute_name clingo
url https://github.com/potassco/clingo/releases/
ensure_choice
version '.*/v([0-9.]+)[.]tar[.].*' '\1'
minimize_overwrite

1
pkgs/applications/science/logic/satallax/default.nix
View File

@ -66,6 +66,5 @@ stdenv.mkDerivation rec {
platforms = lib.platforms.linux;
downloadPage = "http://www.ps.uni-saarland.de/~cebrown/satallax/downloads.php";
homepage = "http://www.ps.uni-saarland.de/~cebrown/satallax/index.php";
updateWalker = true;
};
}

1
pkgs/applications/science/math/pari/default.nix
View File

@ -82,6 +82,5 @@ stdenv.mkDerivation rec {
license = licenses.gpl2Plus;
maintainers = with maintainers; [ ertes AndersonTorres ] ++ teams.sage.members;
platforms = platforms.linux ++ platforms.darwin;
updateWalker = true;
};
}

1
pkgs/applications/science/math/ratpoints/default.nix
View File

@ -31,6 +31,5 @@ stdenv.mkDerivation rec {
maintainers = [lib.maintainers.raskin];
platforms = lib.platforms.unix;
homepage = "http://www.mathe2.uni-bayreuth.de/stoll/programs/";
updateWalker = true;
};
}

5
pkgs/applications/science/misc/golly/default.upstream
View File

@ -1,5 +0,0 @@
url https://sourceforge.net/projects/golly/files/golly/
version_link '[-][0-9.]+/$'
SF_version_tarball 'src'
SF_redirect
minimize_overwrite

4
pkgs/applications/science/misc/root/default.nix
View File

@ -120,7 +120,6 @@ stdenv.mkDerivation rec {
cmakeFlags = [
"-Drpath=ON"
"-DCMAKE_CXX_STANDARD=17"
"-DCMAKE_INSTALL_BINDIR=bin"
"-DCMAKE_INSTALL_LIBDIR=lib"
"-DCMAKE_INSTALL_INCLUDEDIR=include"
@ -176,7 +175,8 @@ stdenv.mkDerivation rec {
postInstall = ''
for prog in rootbrowse rootcp rooteventselector rootls rootmkdir rootmv rootprint rootrm rootslimtree; do
wrapProgram "$out/bin/$prog" \
--prefix PYTHONPATH : "$out/lib"
--set PYTHONPATH "$out/lib" \
--set ${lib.optionalString stdenv.isDarwin "DY"}LD_LIBRARY_PATH "$out/lib"
done
'';

1
pkgs/applications/version-management/mercurial/default.nix
View File

@ -92,7 +92,6 @@ let
downloadPage = "https://www.mercurial-scm.org/release/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ eelco lukegb pacien ];
updateWalker = true;
platforms = platforms.unix;
};
};

8
pkgs/applications/version-management/monotone/default.upstream
View File

@ -1,8 +0,0 @@
url http://www.monotone.ca/downloads.php
do_overwrite(){
ensure_version
ensure_hash
set_var_value version $CURRENT_VERSION
set_var_value sha256 $CURRENT_HASH
}

35
pkgs/applications/video/kodi/addons/controller-topology-project/default.nix Normal file
View File

@ -0,0 +1,35 @@
{ lib, stdenv, fetchFromGitHub, toKodiAddon, addonDir }:
let
drv = stdenv.mkDerivation {
pname = "controller-topology-project";
version = "unstable-2022-01-22";
src = fetchFromGitHub {
owner = "kodi-game";
repo = "controller-topology-project";
rev = "e2a9bac903f21b2acfeee374070cfc97d03aba2d";
sha256 = "sha256-o6uKxOjEYNAK27drvNOokOFPdjkOEnr49mBre9ycM0w=";
};
postPatch = ''
# remove addons already included in the base kodi package
rm -r addons/game.controller.default
rm -r addons/game.controller.snes
'';
installPhase = ''
runHook preInstall
mkdir -p $out${addonDir}
cp -r addons/* $out${addonDir}
runHook postInstall
'';
meta = with lib; {
homepage = "https://github.com/kodi-game/controller-topology-project";
description = "Models how controllers connect to and map to each other for all gaming history";
license = with licenses; [ odbl ];
maintainers = teams.kodi.members;
};
};
in
toKodiAddon drv

22
pkgs/applications/video/kodi/addons/controllers/default.nix
View File

@ -1,22 +0,0 @@
{ lib, buildKodiAddon, fetchFromGitHub, controller }:
buildKodiAddon rec {
pname = "game-controller-${controller}";
namespace = "game.controller.${controller}";
version = "1.0.3";
sourceDir = "addons/" + namespace;
src = fetchFromGitHub {
owner = "kodi-game";
repo = "kodi-game-controllers";
rev = "01acb5b6e8b85392b3cb298b034aadb1b24ccf18";
sha256 = "0sbc0w0fwbp7rbmbgb6a1kglhnn5g85hijcbbvf5x6jdq9v3f1qb";
};
meta = with lib; {
description = "Add support for different gaming controllers.";
platforms = platforms.all;
license = licenses.odbl;
maintainers = teams.kodi.members;
};
}

2
pkgs/build-support/trivial-builders/test/references.nix
View File

@ -28,7 +28,7 @@ nixosTest {
virtualisation.writableStore = true;
# Test runs without network, so we don't substitute and prepare our deps
nix.binaryCaches = lib.mkForce [];
nix.settings.substituters = lib.mkForce [];
environment.etc."pre-built-paths".source = writeText "pre-built-paths" (
builtins.toJSON [hello figlet stdenvNoCC]
);

19
pkgs/build-support/upstream-updater/attrset-to-dir.nix
View File

@ -1,19 +0,0 @@
a :
a.stdenv.mkDerivation {
buildCommand = ''
mkdir -p "$out/attributes"
'' + (a.lib.concatStrings (map
(n: ''
ln -s "${a.writeTextFile {name=n; text=builtins.getAttr n a.theAttrSet;}}" $out/attributes/${n};
'')
(builtins.attrNames a.theAttrSet)
));
name = "attribute-set";
meta = {
description = "Contents of an attribute set";
maintainers = [
a.lib.maintainers.raskin
];
};
}

24
pkgs/build-support/upstream-updater/create-src-info-git.sh
View File

@ -1,24 +0,0 @@
#! /bin/sh
[ -z "$1" ] && {
echo "Use $0 expression-basename repo-url branch-name package-base-name"
echo "Like:"
echo "$0 default http://git.example.com/repo origin/master hello"
exit 1;
} >&2
own_dir="$(cd "$(dirname "$0")"; sh -c pwd)"
cp "$own_dir/../builder-defs/template-bdp-uud.nix" "$1.nix"
sed -e "s@src-for-default.nix@src-for-$1.nix@g;
s@fetchUrlFromSrcInfo@fetchGitFromSrcInfo@g" -i "$1.nix"
echo '{}' > "src-for-$1.nix"
cat << EOF > src-info-for-$1.nix
{
repoUrl = "$2";
rev = "$3";
baseName = "$4";
method = "fetchgit";
}
EOF

20
pkgs/build-support/upstream-updater/create-src-info.sh
View File

@ -1,20 +0,0 @@
#! /bin/sh
[ -z "$1" ] && {
echo "Use $0 expression-basename download-page package-base-name"
echo "Like:"
echo "$0 default http://example.com/downloads hello"
exit 1;
} >&2
own_dir="$(cd "$(dirname "$0")"; sh -c pwd)"
cp "$own_dir/../builder-defs/template-auto-callable.nix" "$1.nix"
sed -e "s@src-for-default.nix@src-for-$1.nix@g" -i "$1.nix"
echo '{}' > "src-for-$1.nix"
cat << EOF > src-info-for-$1.nix
{
downloadPage = "$2";
baseName = "$3";
}
EOF

29
pkgs/build-support/upstream-updater/design.txt
View File

@ -1,29 +0,0 @@
Next to file.nix we get src-for-file.nix
src-for-file.nix should evaluate to a flat attribute set with
string values.
It is supposed to be imported in the main expression.
In the ideal world it can export url, hash, version.
src-for-file.nix generation is directed by
src-info-for-file.nix.
Attributes:
src-info-for-file.nix:
downloadPage
rev (for repos)
baseName (default = unnamed-package)
sourceRegexp (default = '.*[.]tar[.].*')
choiceCommand (default = 'head -1')
versionExtractorSedScript (default = 's/.*-([0-9.]+)[.].*/\1/')
versionReferenceCreator (default = 's/-([0-9.]+)[.]/-${version}./')
mirrorSedScript (default = none)
src-for-file.nix:
advertisedUrl (its match is the check for update presence)
url
hash
version
name

14
pkgs/build-support/upstream-updater/snippets.sh
View File

@ -1,14 +0,0 @@
# sed scripts
#http://sourceforge.net/projects/webdruid/files/webdruid/0.6.0-alpha5/webdruid-0.6.0-alpha5.tar.gz/download
#http://downloads.sourceforge.net/webdruid/files/webdruid/0.6.0-alpha5/webdruid-0.6.0-alpha5.tar.gz
skipRedirectSF='s@sourceforge.net/projects@downloads.sourceforge.net/project@; s@/files@@; s@/download$@@;'
extractReleaseSF='s@.*/([^/]+)/[^/]+@\1@'
extractVersionSF='s@.*/[^/0-9]*([0-9].*)[.](tar|tgz|tbz2|zip).*@\1@'
apacheMirror='s@http://www.apache.org/dist/@mirror://apache/@'
skipRedirectApache='s@/dyn/closer.cgi[?]path=@/dist@'
replaceAllVersionOccurences() {
echo s/"$version"/\${version}/g
}
dashDelimitedVersion='s/.*-([0-9.]+)-.*/\1/'

13
pkgs/build-support/upstream-updater/test-case.nix
View File

@ -1,13 +0,0 @@
{
a=1;
b="text";
c=''
text
'';
d=''
Multi-line text with special characters -
like \ (backslash) and ''${} (dollar +
curly braces) and $ (dollar) and ' (quote)
and " (double quote).
'';
}

182
pkgs/build-support/upstream-updater/update-upstream-data.sh
View File

@ -1,182 +0,0 @@
#! /bin/sh
set -x
own_dir="$(cd "$(dirname "$0")"; sh -c pwd)"
source "$own_dir/snippets.sh"
[ -z "$1" ] && {
echo "Specify main expression filename."
exit 1;
}
main_file="$1"
main_dir="$(cd "$(dirname "$main_file")" ; sh -c pwd)"
file_name="$(basename "$main_file")"
defs_file="$main_dir"/src-info-for-"$file_name"
src_file="$main_dir"/src-for-"$file_name"
# OK, [vcs] revert is always possible
new_src_file="$main_dir"/src-for-"$file_name"
forcedUrl="$2"
defs_dir="$("$own_dir"/attrset-to-dir.sh "$defs_file")"
src_defs_dir="$("$own_dir"/attrset-to-dir.sh "$src_file")"
getAttr () {
file="$defs_dir"/"$1"
data="$( ( [ -f "$file" ] && cat "$file" ) || echo "$2" )"
echo "attribute $1 obtained as: [[$data]]" >&2
echo "$data"
}
method="$(getAttr method fetchurl)"
baseName="$(getAttr baseName 'unnamed-package')"
commonPrefetchVars=" version name hash"
prefetchClause=""
[ fetchSFdirs = "$method" ] && {
if [ -z "$forcedUrl" ]; then
freshUrl="$("$own_dir"/urls-from-page.sh "$(getAttr downloadPage)" |
eval "egrep '$(getAttr sourceRegexp '[-][0-9.]+/$')'" |
eval "egrep -v '$(getAttr blacklistRegexp '^$')'" |
eval "$(getAttr choiceCommand 'head -n 1')" |
eval "$(getAttr versionToFileCommand "sed -re 's@/([^/]*-[0-9.]+)/@/\1/\1$(getAttr fileSuffix .tar.gz)@'")"
)"
if ! egrep ':' <<< "$freshUrl" ; then
freshUrl="$(dirname "$(getAttr downloadPage).")/$freshUrl"
fi
echo "Found download link: $freshUrl" >&2
else
freshUrl="$forcedUrl"
fi
freshUrl="$(echo "$freshUrl" | sed -re "$skipRedirectSF")"
echo "Sourceforge-corrected URL: $freshUrl" >&2
version="$(echo "$freshUrl" |
sed -re "$(getAttr versionExtractorSedScript "$extractVersionSF")")"
baseName="$(getAttr baseName "$(echo "$freshUrl" | sed -re 's@.*/project/([^/]+)/.*@\1@')")"
url="$freshUrl"
name="$baseName-$version"
advertisedUrl="$freshUrl"
if [ x"$freshUrl" = x"$(cat "$src_defs_dir"/advertisedUrl)" ]; then
echo "Source link not changed" >&2
exit
fi
hash=$(nix-prefetch-url "$freshUrl")
prefetchVars="url advertisedUrl";
}
[ fetchSF = "$method" ] && {
if [ -z "$forcedUrl" ]; then
freshUrl="$("$own_dir"/urls-from-page.sh "$(getAttr downloadPage)" |
eval "egrep \"$(getAttr sourceRegexp '.*[.]tar[.].*|.*[.]tgz$|.*[.]tbz2$')\"" |
eval "egrep -v \"$(getAttr blacklistRegexp '^$')\"" |
eval "$(getAttr choiceCommand 'head -1')")"
if ! egrep ':' <<< "$freshUrl" ; then
freshUrl="$(dirname "$(getAttr downloadPage).")/$freshUrl"
fi
echo "Found download link: $freshUrl" >&2
else
freshUrl="$forcedUrl"
fi
freshUrl="$(echo "$freshUrl" | sed -re "$skipRedirectSF")"
echo "Sourceforge-corrected URL: $freshUrl" >&2
version="$(echo "$freshUrl" |
sed -re "$(getAttr versionExtractorSedScript "$extractVersionSF")")"
baseName="$(getAttr baseName "$(echo "$freshUrl" | sed -re 's@.*/project/([^/]+)/.*@\1@')")"
url="$freshUrl"
name="$baseName-$version"
advertisedUrl="$freshUrl"
if [ x"$freshUrl" = x"$(cat "$src_defs_dir"/advertisedUrl)" ]; then
echo "Source link not changed" >&2
exit
fi
hash=$(nix-prefetch-url "$freshUrl")
prefetchVars="url advertisedUrl";
}
[ fetchurl = "$method" ] && {
if [ -z "$forcedUrl" ] ; then
freshUrl="$("$own_dir"/urls-from-page.sh "$(getAttr downloadPage)" |
eval "egrep \"$(getAttr sourceRegexp '.*[.]tar[.].*|.*[.]tgz$|.*[.]tbz2$')\"" |
eval "egrep -v \"$(getAttr blacklistRegexp '^$')\"" |
eval "$(getAttr choiceCommand 'head -1')")"
if ! egrep ':' <<< "$freshUrl" ; then
freshUrl="$(dirname "$(getAttr downloadPage).")/$freshUrl"
fi
echo "Found download link: $freshUrl" >&2
else
freshUrl="$forcedUrl"
fi
version="$(echo "$freshUrl" |
eval "sed -re \"$(getAttr versionExtractorSedScript \
's/.*-([0-9.]+)[.].*/\1/')\"")"
mirrorUrl="$(echo "$freshUrl" |
eval "sed -r -e \"$(getAttr versionReferenceCreator \
's/-'"${version}"'[.]/-\${version}./')\"" |
eval "sed -r -e \"$(getAttr mirrorSedScript)\"")"
url="$mirrorUrl"
name="$baseName-$version"
advertisedUrl="$freshUrl"
url="$mirrorUrl"
if [ x"$freshUrl" = x"$(cat "$src_defs_dir"/advertisedUrl)" ]; then
echo "Source link not changed" >&2
exit
fi
hash=$(nix-prefetch-url "$freshUrl")
prefetchVars="url advertisedUrl";
}
[ "fetchgit" = "$method" ] && {
repoUrl="$(getAttr repoUrl)"
export NIX_PREFETCH_GIT_CHECKOUT_HOOK="
cat .git/HEAD
"
export NIX_HASH_ALGO=sha256
rev="$(getAttr rev '')";
rev_and_hash="$("$own_dir"/../fetchgit/nix-prefetch-git "$repoUrl" "$rev" | tee /dev/stderr | tail -2)"
rev="$(echo "$rev_and_hash" | head -1)"
url="$repoUrl";
hash="$(echo "$rev_and_hash" | tail -1)"
version="$rev"
name="$baseName-$version"
prefetchVars="rev url";
}
prefetchAssignments="";
for i in $commonPrefetchVars $prefetchVars; do
prefetchAssignments="$prefetchAssignments $i=\"$(eval echo \"\$$i\")\";$(echo -e '\n ')"
done;
extraAssignments=""
for i in $(getAttr extraVars ''); do
eval "$(getAttr "eval_$i" 'i=""')"
extraAssignments="$extraAssignments $i=\"$(eval echo \"\$$i\")\";$(echo -e '\n ')"
done
cat << EOF > "$new_src_file"
rec {
$prefetchAssignments
$extraAssignments
}
EOF

20
pkgs/build-support/upstream-updater/update-walker-service-specific.sh
View File

@ -1,20 +0,0 @@
SF_redirect () {
redirect 99
process 'http://[a-z]+[.]dl[.]sourceforge[.]net/' 'mirror://sourceforge/'
process '[?].*' ''
}
SF_version_dir () {
version_link 'http://sourceforge.net/.+/'"$1"'[0-9.]+/$'
}
SF_version_tarball () {
version_link "${1:-[.]tar[.]}.*/download\$"
}
GH_latest () {
prefetch_command_rel ../fetchgit/nix-prefetch-git
revision "$("$(dirname "$0")/urls-from-page.sh" "$CURRENT_URL/commits" | grep /commit/ | head -n 1 | xargs basename )"
version '.*' "git-$(date +%Y-%m-%d)"
NEED_TO_CHOOSE_URL=
}

320
pkgs/build-support/upstream-updater/update-walker.sh
View File

@ -1,320 +0,0 @@
#! /bin/sh
own_dir="$(cd "$(dirname "$0")"; pwd)"
URL_WAS_SET=
DL_URL_RE=
CURRENT_URL=
CURRENT_REV=
PREFETCH_COMMAND=
NEED_TO_CHOOSE_URL=1
url () {
URL_WAS_SET=1
CURRENT_URL="$1"
}
dl_url_re () {
DL_URL_RE="$1"
}
version_unpack () {
sed -re '
s/[.]/ /g;
s@/@ / @g
s/-(rc|pre)/ -1 \1 /g;
s/-(gamma)/ -2 \1 /g;
s/-(beta)/ -3 \1 /g;
s/-(alpha)/ -4 \1 /g;
s/[-]/ - /g;
'
}
version_repack () {
sed -re '
s/ - /-/g;
s/ -[0-9]+ ([a-z]+) /-\1/g;
s@ / @/@g
s/ /./g;
'
}
version_sort () {
version_unpack |
sort -t ' ' -n $(for i in $(seq 30); do echo " -k${i}n" ; done) | tac |
version_repack
}
position_choice () {
head -n "${1:-1}" | tail -n "${2:-1}"
}
matching_links () {
"$own_dir"/urls-from-page.sh "$CURRENT_URL" | grep -E "$1"
}
link () {
CURRENT_URL="$(matching_links "$1" | position_choice "$2" "$3")"
unset NEED_TO_CHOOSE_URL
echo "Linked by: $*"
echo "URL: $CURRENT_URL" >&2
}
version_link () {
CURRENT_URL="$(matching_links "$1" | version_sort | position_choice "$2" "$3")"
unset NEED_TO_CHOOSE_URL
echo "Linked version by: $*"
echo "URL: $CURRENT_URL" >&2
}
redirect () {
CURRENT_URL="$(curl -I -L --max-redirs "${1:-99}" "$CURRENT_URL" |
grep -E '^[Ll]ocation: ' | position_choice "${2:-999999}" "$3" |
sed -e 's/^[Ll]ocation: //; s/\r//')"
echo "Redirected: $*"
echo "URL: $CURRENT_URL" >&2
}
replace () {
sed -re "s $1 $2 g"
}
process () {
CURRENT_URL="$(echo "$CURRENT_URL" | replace "$1" "$2")"
echo "Processed: $*"
echo "URL: $CURRENT_URL" >&2
}
version () {
CURRENT_VERSION="$(echo "$CURRENT_URL" | replace "$1" "$2")"
echo "Version: $CURRENT_VERSION" >&2
}
ensure_version () {
echo "Ensuring version. CURRENT_VERSION: $CURRENT_VERSION" >&2
[ -z "$CURRENT_VERSION" ] && version '.*-([0-9.]+)[-._].*' '\1'
}
ensure_target () {
echo "Ensuring target. CURRENT_TARGET: $CURRENT_TARGET" >&2
[ -z "$CURRENT_TARGET" ] && target "$(basename "$CONFIG_NAME" .upstream).nix"
}
ensure_name () {
echo "Ensuring name. CURRENT_NAME: $CURRENT_NAME" >&2
[ -z "$CURRENT_NAME" ] && name "$(basename "$CONFIG_DIR")"
echo "Resulting name: $CURRENT_NAME"
}
ensure_attribute_name () {
echo "Ensuring attribute name. CURRENT_ATTRIBUTE_NAME: $CURRENT_ATTRIBUTE_NAME" >&2
ensure_name
[ -z "$CURRENT_ATTRIBUTE_NAME" ] && attribute_name "$CURRENT_NAME"
echo "Resulting attribute name: $CURRENT_ATTRIBUTE_NAME"
}
ensure_url () {
echo "Ensuring starting URL. CURRENT_URL: $CURRENT_URL" >&2
ensure_attribute_name
[ -z "$CURRENT_URL" ] && CURRENT_URL="$(retrieve_meta downloadPage)"
[ -z "$CURRENT_URL" ] && CURRENT_URL="$(retrieve_meta downloadpage)"
[ -z "$CURRENT_URL" ] && CURRENT_URL="$(retrieve_meta homepage)"
echo "Resulting URL: $CURRENT_URL"
}
ensure_choice () {
echo "Ensuring that choice is made." >&2
echo "NEED_TO_CHOOSE_URL: [$NEED_TO_CHOOSE_URL]." >&2
echo "CURRENT_URL: $CURRENT_URL" >&2
[ -z "$URL_WAS_SET" ] && [ -z "$CURRENT_URL" ] && ensure_url
[ -n "$NEED_TO_CHOOSE_URL" ] && {
version_link "${DL_URL_RE:-[.]tar[.]([^./])+\$}"
unset NEED_TO_CHOOSE_URL
}
[ -z "$CURRENT_URL" ] && {
echo "Error: empty CURRENT_URL"
echo "Error: empty CURRENT_URL" >&2
exit 1
}
}
revision () {
CURRENT_REV="$1"
echo "CURRENT_REV: $CURRENT_REV"
}
prefetch_command () {
PREFETCH_COMMAND="$1"
}
prefetch_command_rel () {
PREFETCH_COMMAND="$(dirname "$0")/$1"
}
ensure_hash () {
echo "Ensuring hash. CURRENT_HASH: $CURRENT_HASH" >&2
[ -z "$CURRENT_HASH" ] && hash
}
hash () {
CURRENT_HASH="$(${PREFETCH_COMMAND:-nix-prefetch-url} "$CURRENT_URL" $CURRENT_REV)"
echo "CURRENT_HASH: $CURRENT_HASH" >&2
}
name () {
CURRENT_NAME="$1"
echo "CURRENT_NAME: $CURRENT_NAME" >&2
}
attribute_name () {
CURRENT_ATTRIBUTE_NAME="$1"
echo "CURRENT_ATTRIBUTE_NAME: $CURRENT_ATTRIBUTE_NAME" >&2
}
retrieve_meta () {
nix-instantiate --eval-only '<nixpkgs>' -A "$CURRENT_ATTRIBUTE_NAME".meta."$1" | xargs
}
retrieve_version () {
PACKAGED_VERSION="$(retrieve_meta version)"
}
ensure_dl_url_re () {
echo "Ensuring DL_URL_RE. DL_URL_RE: $DL_URL_RE" >&2
[ -z "$DL_URL_RE" ] && dl_url_re "$(retrieve_meta downloadURLRegexp)"
echo "DL_URL_RE: $DL_URL_RE" >&2
}
directory_of () {
cd "$(dirname "$1")"; pwd
}
full_path () {
echo "$(directory_of "$1")/$(basename "$1")"
}
target () {
CURRENT_TARGET="$1"
{ [ "$CURRENT_TARGET" = "${CURRENT_TARGET#/}" ] && CURRENT_TARGET="$CONFIG_DIR/$CURRENT_TARGET"; }
echo "Target set to: $CURRENT_TARGET"
}
marker () {
BEGIN_EXPRESSION="$1"
}
update_found () {
echo "Compare: $CURRENT_VERSION vs $PACKAGED_VERSION"
[ "$CURRENT_VERSION" != "$PACKAGED_VERSION" ]
}
do_write_expression () {
echo "${1}rec {"
echo "${1} baseName=\"$CURRENT_NAME\";"
echo "${1} version=\"$CURRENT_VERSION\";"
echo "${1} name=\"\${baseName}-\${version}\";"
echo "${1} hash=\"$CURRENT_HASH\";"
echo "${1} url=\"$CURRENT_URL\";"
[ -n "$CURRENT_REV" ] && echo "${1} rev=\"$CURRENT_REV\";"
echo "${1} sha256=\"$CURRENT_HASH\";"
echo "$2"
}
line_position () {
file="$1"
regexp="$2"
count="${3:-1}"
grep -E "$regexp" -m "$count" -B 999999 "$file" | wc -l
}
replace_once () {
file="$1"
regexp="$2"
replacement="$3"
instance="${4:-1}"
echo "Replacing once:"
echo "file: [[$file]]"
echo "regexp: [[$regexp]]"
echo "replacement: [[$replacement]]"
echo "instance: [[$instance]]"
position="$(line_position "$file" "$regexp" "$instance")"
sed -re "${position}s $regexp $replacement " -i "$file"
}
set_var_value () {
var="${1}"
value="${2}"
instance="${3:-1}"
file="${4:-$CURRENT_TARGET}"
no_quotes="${5:-0}"
quote='"'
let "$no_quotes" && quote=""
replace_once "$file" "${var} *= *.*" "${var} = ${quote}${value}${quote};" "$instance"
}
do_regenerate () {
BEFORE="$(cat "$1" | grep -F "$BEGIN_EXPRESSION" -B 999999;)"
AFTER_EXPANDED="$(cat "$1" | grep -F "$BEGIN_EXPRESSION" -A 999999 | grep -E '^ *[}] *; *$' -A 999999;)"
AFTER="$(echo "$AFTER_EXPANDED" | tail -n +2)"
CLOSE_BRACE="$(echo "$AFTER_EXPANDED" | head -n 1)"
SPACING="$(echo "$CLOSE_BRACE" | sed -re 's/[^ ].*//')"
echo "$BEFORE"
do_write_expression "$SPACING" "$CLOSE_BRACE"
echo "$AFTER"
}
do_overwrite () {
ensure_hash
do_regenerate "$1" > "$1.new.tmp"
mv "$1.new.tmp" "$1"
}
do_overwrite_just_version () {
ensure_hash
set_var_value version $CURRENT_VERSION
set_var_value sha256 $CURRENT_HASH
}
minimize_overwrite() {
do_overwrite(){
do_overwrite_just_version
}
}
process_config () {
CONFIG_DIR="$(directory_of "$1")"
CONFIG_NAME="$(basename "$1")"
BEGIN_EXPRESSION='# Generated upstream information';
if [ -f "$CONFIG_DIR/$CONFIG_NAME" ] &&
[ "${CONFIG_NAME}" = "${CONFIG_NAME%.nix}" ]; then
source "$CONFIG_DIR/$CONFIG_NAME"
else
CONFIG_NAME="${CONFIG_NAME%.nix}"
ensure_attribute_name
[ -n "$(retrieve_meta updateWalker)" ] ||
[ -n "$FORCE_UPDATE_WALKER" ] || {
echo "Error: package not marked as safe for update-walker" >&2
echo "Set FORCE_UPDATE_WALKER=1 to override" >&2
exit 1;
}
[ -z "$(retrieve_meta fullRegenerate)" ] && eval "
minimize_overwrite
"
fi
ensure_attribute_name
retrieve_version
ensure_dl_url_re
ensure_choice
ensure_version
ensure_target
update_found && do_overwrite "$CURRENT_TARGET"
}
source "$own_dir/update-walker-service-specific.sh"
process_config "$1"

118
pkgs/build-support/upstream-updater/update-walker.txt
View File

@ -1,118 +0,0 @@
update-walker is an imperative semiautomated update helper.
It runs the X.upstream file to find the freshest version of the package in
the specified upstream source and updates the corresponding X.nix file.
The simplest available commands:
url: set the upstream source list URL equal to $1; the default is
meta.downloadPage with meta.homepage fallback
dl_url_re: set the regular expression used to select download links to $1; the
default is meta.downloadURLRegexp or '[.]tar[.]([^./])+\$' if it is not set
target: specify target expression; default is to replace .upstream extension
with .nix extension
name: specify the derivation name; default is the basename of the dirname
of the .upstream file
attribute_name: specify the attribute name to evaluate for getting the current
version from meta.version; default is to use the derivation name
minimize_overwrite: set config options that mean that only version= and
sha256= have to be replaced; the default is to regenerate a full upstream
description block with url, name, version, hash etc.
A lot of packages can be updated in a pseudo-declarative style using only
the commands from the previous paragraph.
Some packages do not need any non-default settings, in these case just setting
meta.updateWalker to true is enough, you can run update-walker directly on the
.nix file afterwards. In this case minimize_overwrite it implied unless
meta.fullRegenerate is set.
The packages that require more fine-grained control than the described options
allow, you need to take into account the default control flow of the tool.
First, the definitions from update-walker script and additional definitions
from update-walker-service-specific.sh are loaded. Then the config is executed
as a shell script. Some of the commands it can use do remember whether they
have been used. Afterwards the following steps happen:
attribute_name is set to name unless it has been already set
meta.version is read from the NixPkgs package called attribute_name
download URL regexp is set to default unless it has been already set in the
updater script
the download page URL gets set to default value unless it has been set
previously
if the action of getting the download page and choosing the freshest link by
version has not yet been taken, it happens
if the version has not yet been extracted from the URL, it gets extracted
target nix expression to update gets set to the default value unless it has
been set explicitly
if the URL version is fresher than the packaged version, the new file gets
downloaded and its hash is calculated
do_overwrite function is called; the default calculates a big upstream data
block and puts it after the '# Generated upstream information' marker (the
marker can be changed by the command marker)
If the update needs some special logic, it is put into the updater script and
the corresponding steps are skipped because the needed action has already been
performed.
For example:
minimize_overwrite is exactly the same as
do_overwrite() { do_overwrite_just_version; }
redefinition. You can do a more complex do_overwrite redifinition, if needed.
It can probably use ensure_hash to download the source and calculate the hash
and set_var_value.
set_var_value alters the $3-th instance of assigning the $1 name in the
expression to the value $2. $3 defaults to 1. It can modify $4 instead of the
current target, it can put the value without quotes if $5 is 1.
Typical steps include:
ensure_choice: download current URL and find the freshest version link on the
page, it is now the new URL
ensure_hash: download current URL and calculate the source package hash
ensure_version: extract version from the URL
SF_redirect: replace the current URL with a SourceForge.net mirror:// URL
SF_version_dir: assume SourceForge.net layout and choose the freshest
version-named subdirectory in the file catalog; you can optionally specify $1
as a directory name regexp (digits and periods will be required after it)
SF_version_tarball: assume SourceForge.net layout and choose the freshest
tarball download link
version: apply replacement of $1 with $2 (extended regexp format) to extract
the version from URL
version_link: choose the freshest versioned link, $1 is the regexp of
acceptable links

8
pkgs/data/misc/hackage/pin.json
View File

@ -1,6 +1,6 @@
{
"commit": "6f406277d7106375f7148466c985061d20cb028b",
"url": "https://github.com/commercialhaskell/all-cabal-hashes/archive/6f406277d7106375f7148466c985061d20cb028b.tar.gz",
"sha256": "0jvxybgv975lmk268x12dlp8xxv12vmpwc00k3nv6qqp0xd9bwla",
"msg": "Update from Hackage at 2022-01-18T22:54:05Z"
"commit": "3034b8f1052c41d5b3c571cb2bedb5f62bbede65",
"url": "https://github.com/commercialhaskell/all-cabal-hashes/archive/3034b8f1052c41d5b3c571cb2bedb5f62bbede65.tar.gz",
"sha256": "0kqga1mf7vr292jcaqw8qk4s1bjwc2z1wwjih5xwli3hkk584l20",
"msg": "Update from Hackage at 2022-01-24T10:21:35Z"
}

22
pkgs/data/misc/poppler-data/default.nix
View File

@ -1,20 +1,30 @@
{ fetchurl, lib, stdenv, cmake, ninja }:
{ fetchurl
, lib
, stdenv
, cmake
, ninja
, poppler
}:
stdenv.mkDerivation rec {
name = "poppler-data-0.4.11";
pname = "poppler-data";
version = "0.4.11";
src = fetchurl {
url = "https://poppler.freedesktop.org/${name}.tar.gz";
sha256 = "sha256-LOwFzRuwOvmKiwah4i9ubhplseLzgWyzBpuwh0gl8Iw=";
url = "https://poppler.freedesktop.org/${pname}-${version}.tar.gz";
sha256 = "LOwFzRuwOvmKiwah4i9ubhplseLzgWyzBpuwh0gl8Iw=";
};
nativeBuildInputs = [ cmake ninja ];
nativeBuildInputs = [
cmake
ninja
];
meta = with lib; {
homepage = "https://poppler.freedesktop.org/";
description = "Encoding files for Poppler, a PDF rendering library";
platforms = platforms.all;
license = licenses.free; # more free licenses combined
maintainers = with maintainers; [ ];
maintainers = poppler.meta.maintainers;
};
}

4
pkgs/desktops/pantheon/apps/switchboard-plugs/network/default.nix
View File

@ -18,13 +18,13 @@
stdenv.mkDerivation rec {
pname = "switchboard-plug-network";
version = "2.4.1";
version = "2.4.2";
src = fetchFromGitHub {
owner = "elementary";
repo = pname;
rev = version;
sha256 = "0nqihsbrpjw4nx1c50g854bqybniw38adi78vzg8nyl6ikj2r0z4";
sha256 = "sha256-CdSX4p98HQNC0VF5Ae/ZnDqm000+9KJ6JhQWhSHC4CI=";
};
patches = [

14
pkgs/desktops/pantheon/services/elementary-capnet-assist/default.nix
View File

@ -1,7 +1,6 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, nix-update-script
, pkg-config
, meson
@ -20,24 +19,15 @@
stdenv.mkDerivation rec {
pname = "elementary-capnet-assist";
version = "2.4.0";
version = "2.4.1";
src = fetchFromGitHub {
owner = "elementary";
repo = "capnet-assist";
rev = version;
sha256 = "sha256-UdkS+w61c8z2TCJyG7YsDb0n0b2LOpFyaHzMbdCJsZI=";
sha256 = "sha256-8hhp37EBzZxEVvPaRw9PohjaPWKQZ/AfqqvwLxQCBKk=";
};
patches = [
# Fix build with meson 0.61
# https://github.com/elementary/capnet-assist/pull/76
(fetchpatch {
url = "https://github.com/elementary/capnet-assist/commit/0e77bf8023ba1b35e3a5badb72c246cabf6552b9.patch";
sha256 = "sha256-B/KEs/TCxR+i3uQSRtWxTi2+cu0n6QLcfKCbMCvSsvs=";
})
];
nativeBuildInputs = [
desktop-file-utils
meson

4
pkgs/desktops/pantheon/services/xdg-desktop-portal-pantheon/default.nix
View File

@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "xdg-desktop-portal-pantheon";
version = "1.0.1";
version = "1.1.0";
src = fetchFromGitHub {
owner = "elementary";
repo = "portals";
rev = version;
sha256 = "sha256-8gBMjCMEzrFmKHhkXsgcIESC93EOT0ADkRUIJMmerjw=";
sha256 = "sha256-YICNOeNrpO2tJFyULjQEhZQCrrMyQau59EC7c5K9q40=";
};
nativeBuildInputs = [

6
pkgs/development/compilers/fpc/default.upstream
View File

@ -1,6 +0,0 @@
url https://sourceforge.net/projects/freepascal/files/Source/
SF_version_dir
version_link 'fpcbuild-[0-9.]+[.]tar[.]gz/download$'
SF_redirect
version '.*-([0-9.]+)[.]tar[.]gz' '\1'
do_overwrite () { do_overwrite_just_version; }

4
pkgs/development/compilers/sbcl/common.nix
View File

@ -119,7 +119,5 @@ stdenv.mkDerivation rec {
}
'');
meta = sbclBootstrap.meta // {
updateWalker = true;
};
meta = sbclBootstrap.meta;
}

2
pkgs/development/coq-modules/gaia/default.nix
View File

@ -10,7 +10,7 @@ with lib; mkCoqDerivation {
inherit version;
defaultVersion = with versions; switch [ coq.version mathcomp.version ] [
{ cases = [ (range "8.10" "8.14") (isGe "1.12.0") ]; out = "1.13"; }
{ cases = [ (range "8.10" "8.15") (isGe "1.12.0") ]; out = "1.13"; }
{ cases = [ (range "8.10" "8.12") "1.11.0" ]; out = "1.11"; }
] null;

Some files were not shown because too many files have changed in this diff Show More