diff --git a/lib/customisation.nix b/lib/customisation.nix index cb3a4b561151..fe32e890f357 100644 --- a/lib/customisation.nix +++ b/lib/customisation.nix @@ -176,7 +176,7 @@ rec { # Only show the error for the first missing argument error = errorForArg (lib.head missingArgs); - in if missingArgs == [] then makeOverridable f allArgs else throw error; + in if missingArgs == [] then makeOverridable f allArgs else abort error; /* Like callPackage, but for a function that returns an attribute diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 3a6a9fffe587..f2ba00ef74dd 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -85,7 +85,7 @@ In addition to numerous new and upgraded packages, this release has the followin - [nimdow](https://github.com/avahe-kellenberger/nimdow), a window manager written in Nim, inspired by dwm. -- [woodpecker-agent](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agent](#opt-services.woodpecker-agent.enable). +- [woodpecker-agents](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable). - [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ed45650f748c..23ffb81b6a4e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -376,7 +376,7 @@ ./services/continuous-integration/jenkins/default.nix ./services/continuous-integration/jenkins/job-builder.nix ./services/continuous-integration/jenkins/slave.nix - ./services/continuous-integration/woodpecker/agent.nix + ./services/continuous-integration/woodpecker/agents.nix ./services/continuous-integration/woodpecker/server.nix ./services/databases/aerospike.nix ./services/databases/cassandra.nix diff --git a/nixos/modules/services/continuous-integration/woodpecker/agent.nix b/nixos/modules/services/continuous-integration/woodpecker/agent.nix deleted file mode 100644 index 1aedec81c965..000000000000 --- a/nixos/modules/services/continuous-integration/woodpecker/agent.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: - -let - cfg = config.services.woodpecker-agent; -in -{ - meta.maintainers = [ lib.maintainers.janik ]; - - options = { - services.woodpecker-agent = { - enable = lib.mkEnableOption (lib.mdDoc "the Woodpecker-Agent, Agents execute tasks generated by a Server, every install will need one server and at least one agent"); - package = lib.mkPackageOptionMD pkgs "woodpecker-agent" { }; - - environment = lib.mkOption { - default = { }; - type = lib.types.attrsOf lib.types.str; - example = lib.literalExpression '' - { - WOODPECKER_SERVER = "localhost:9000"; - WOODPECKER_BACKEND = "docker"; - DOCKER_HOST = "unix:///run/podman/podman.sock"; - } - ''; - description = lib.mdDoc "woodpecker-agent config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; - }; - - extraGroups = lib.mkOption { - default = null; - type = lib.types.nullOr (lib.types.listOf lib.types.str); - example = [ "podman" ]; - description = lib.mdDoc '' - Additional groups for the systemd service. - ''; - }; - - environmentFile = lib.mkOption { - type = lib.types.nullOr lib.types.path; - default = null; - example = "/root/woodpecker-agent.env"; - description = lib.mdDoc '' - File to load environment variables - from. This is helpful for specifying secrets. - Example content of environmentFile: - ``` - WOODPECKER_AGENT_SECRET=your-shared-secret-goes-here - ``` - ''; - }; - }; - }; - - config = lib.mkIf cfg.enable { - systemd.services = { - woodpecker-agent = { - description = "Woodpecker-Agent Service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - serviceConfig = { - DynamicUser = true; - SupplementaryGroups = lib.optionals (cfg.extraGroups != null) cfg.extraGroups; - EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; - ExecStart = "${cfg.package}/bin/woodpecker-agent"; - Restart = "on-failure"; - RestartSec = 15; - CapabilityBoundingSet = ""; - # Security - NoNewPrivileges = true; - # Sandboxing - ProtectSystem = "strict"; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - PrivateMounts = true; - # System Call Filtering - SystemCallArchitectures = "native"; - SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; - }; - inherit (cfg) environment; - }; - }; - }; -} - diff --git a/nixos/modules/services/continuous-integration/woodpecker/agents.nix b/nixos/modules/services/continuous-integration/woodpecker/agents.nix new file mode 100644 index 000000000000..caf6c8509342 --- /dev/null +++ b/nixos/modules/services/continuous-integration/woodpecker/agents.nix @@ -0,0 +1,144 @@ +{ config +, lib +, pkgs +, ... +}: + +let + cfg = config.services.woodpecker-agents; + + agentModule = lib.types.submodule { + options = { + enable = lib.mkEnableOption (lib.mdDoc "this Woodpecker-Agent. Agents execute tasks generated by a Server, every install will need one server and at least one agent"); + + package = lib.mkPackageOptionMD pkgs "woodpecker-agent" { }; + + environment = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression '' + { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_BACKEND = "docker"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + } + ''; + description = lib.mdDoc "woodpecker-agent config envrionment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; + }; + + extraGroups = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + example = [ "podman" ]; + description = lib.mdDoc '' + Additional groups for the systemd service. + ''; + }; + + environmentFile = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = [ ]; + example = [ "/var/secrets/woodpecker-agent.env" ]; + description = lib.mdDoc '' + File to load environment variables + from. This is helpful for specifying secrets. + Example content of environmentFile: + ``` + WOODPECKER_AGENT_SECRET=your-shared-secret-goes-here + ``` + ''; + }; + }; + }; + + mkAgentService = name: agentCfg: { + name = "woodpecker-agent-${name}"; + value = { + description = "Woodpecker-Agent Service - ${name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + DynamicUser = true; + SupplementaryGroups = agentCfg.extraGroups; + EnvironmentFile = agentCfg.environmentFile; + ExecStart = lib.getExe agentCfg.package; + Restart = "on-failure"; + RestartSec = 15; + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + BindReadOnlyPaths = [ + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + inherit (agentCfg) environment; + }; + }; +in +{ + meta.maintainers = with lib.maintainers; [ janik ambroisie ]; + + options = { + services.woodpecker-agents = { + agents = lib.mkOption { + default = { }; + type = lib.types.attrsOf agentModule; + example = { + docker = { + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_BACKEND = "docker"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + }; + + extraGroups = [ "docker" ]; + + environmentFile = "/run/secrets/woodpecker/agent-secret.txt"; + }; + + exec = { + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_BACKEND = "exec"; + }; + + environmentFile = "/run/secrets/woodpecker/agent-secret.txt"; + }; + }; + description = lib.mdDoc "woodpecker-agents configurations"; + }; + }; + }; + + config = { + systemd.services = + let + mkServices = lib.mapAttrs' mkAgentService; + enabledAgents = lib.filterAttrs (_: agent: agent.enable) cfg.agents; + in + mkServices enabledAgents; + }; +} diff --git a/nixos/modules/services/continuous-integration/woodpecker/server.nix b/nixos/modules/services/continuous-integration/woodpecker/server.nix index 6b4e4732465c..be7786da8505 100644 --- a/nixos/modules/services/continuous-integration/woodpecker/server.nix +++ b/nixos/modules/services/continuous-integration/woodpecker/server.nix @@ -8,7 +8,7 @@ let cfg = config.services.woodpecker-server; in { - meta.maintainers = [ lib.maintainers.janik ]; + meta.maintainers = with lib.maintainers; [ janik ambroisie ]; options = { diff --git a/pkgs/applications/audio/jackmix/default.nix b/pkgs/applications/audio/jackmix/default.nix index ed2d2a499303..b34c7fbc1801 100644 --- a/pkgs/applications/audio/jackmix/default.nix +++ b/pkgs/applications/audio/jackmix/default.nix @@ -1,4 +1,4 @@ -{ mkDerivation, lib, fetchFromGitHub, pkg-config, sconsPackages, qtbase, lash, libjack2, jack ? libjack2, alsa-lib +{ mkDerivation, lib, fetchFromGitHub, pkg-config, scons, qtbase, lash, libjack2, jack ? libjack2, alsa-lib , fetchpatch }: @@ -22,7 +22,7 @@ mkDerivation rec { }) ]; - nativeBuildInputs = [ sconsPackages.scons_latest pkg-config ]; + nativeBuildInputs = [ scons pkg-config ]; buildInputs = [ qtbase lash diff --git a/pkgs/applications/audio/klick/default.nix b/pkgs/applications/audio/klick/default.nix index 7c762adf371f..8faa7410a539 100644 --- a/pkgs/applications/audio/klick/default.nix +++ b/pkgs/applications/audio/klick/default.nix @@ -2,7 +2,7 @@ , stdenv , fetchFromGitHub , pkg-config -, sconsPackages +, scons , rubberband , boost , libjack2 @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config rubberband - sconsPackages.scons_latest + scons ]; buildInputs = [ libsamplerate libsndfile liblo libjack2 boost ]; prefixKey = "PREFIX="; diff --git a/pkgs/applications/audio/nova-filters/default.nix b/pkgs/applications/audio/nova-filters/default.nix index f8e5f4abcc13..4400535a931b 100644 --- a/pkgs/applications/audio/nova-filters/default.nix +++ b/pkgs/applications/audio/nova-filters/default.nix @@ -1,4 +1,4 @@ -{lib, stdenv, fetchurl, sconsPackages, boost, ladspaH, pkg-config }: +{lib, stdenv, fetchurl, scons, boost, ladspaH, pkg-config }: stdenv.mkDerivation { version = "0.2-2"; @@ -9,7 +9,7 @@ stdenv.mkDerivation { sha256 = "16064vvl2w5lz4xi3lyjk4xx7fphwsxc14ajykvndiz170q32s6i"; }; - nativeBuildInputs = [ pkg-config sconsPackages.scons_latest ]; + nativeBuildInputs = [ pkg-config scons ]; buildInputs = [ boost ladspaH ]; patchPhase = '' diff --git a/pkgs/applications/emulators/snes9x/default.nix b/pkgs/applications/emulators/snes9x/default.nix index 779e4dab3b3d..b8ba518350a7 100644 --- a/pkgs/applications/emulators/snes9x/default.nix +++ b/pkgs/applications/emulators/snes9x/default.nix @@ -1,23 +1,28 @@ { lib , stdenv , alsa-lib -, autoreconfHook +, cmake , fetchFromGitHub , fetchpatch , gtkmm3 , libepoxy , libpng +, libselinux , libX11 -, libXv +, libXdmcp , libXext , libXinerama -, meson +, libXrandr +, libXv , minizip , ninja +, pcre2 , pkg-config , portaudio , pulseaudio +, python3 , SDL2 +, util-linuxMinimal , wrapGAppsHook , zlib , withGtk ? false @@ -29,40 +34,37 @@ stdenv.mkDerivation rec { "snes9x-gtk" else "snes9x"; - version = "1.61"; + version = "1.62"; src = fetchFromGitHub { owner = "snes9xgit"; repo = "snes9x"; rev = version; fetchSubmodules = true; - sha256 = "1kay7aj30x0vn8rkylspdycydrzsc0aidjbs0dd238hr5hid723b"; + hash = "sha256-RcxFNmUbJp0rUugWOqQa3Sy/Hh18ZPOeDTxC0JY5GJQ="; }; patches = [ # Fix cross-compilation, otherwise it fails to detect host compiler features # Doesn't affect non CC builds (fetchpatch { - url = "https://mirror.its.dal.ca/gentoo-portage/games-emulation/snes9x/files/snes9x-1.53-cross-compile.patch"; - sha256 = "sha256-ZCmnprimz8PtDIXkB1dYD0oura9icW81yKvJ4coKaDg="; + url = "https://github.com/snes9xgit/snes9x/commit/f39ab408f4151c16d44e45470cc0736ffb2803f8.patch"; + hash = "sha256-GMlHBsADEF+rycmEVgpWy220hZwld5D2e8fsYA7HblM="; }) ]; nativeBuildInputs = [ pkg-config - ] - ++ lib.optionals (!withGtk) [ - autoreconfHook + python3 ] ++ lib.optionals withGtk [ - meson + cmake ninja wrapGAppsHook ]; buildInputs = [ libX11 - libXext libXv minizip zlib @@ -74,13 +76,19 @@ stdenv.mkDerivation rec { ] ++ lib.optionals (!withGtk) [ libpng + libXext libXinerama ] ++ lib.optionals withGtk [ gtkmm3 libepoxy + libselinux + libXdmcp + libXrandr + pcre2 portaudio SDL2 + util-linuxMinimal # provides libmount ]; configureFlags = @@ -98,8 +106,7 @@ stdenv.mkDerivation rec { runHook postInstall ''; - preAutoreconf = lib.optionalString (!withGtk) "cd unix"; - preConfigure = lib.optionalString withGtk "cd gtk"; + preConfigure = if withGtk then "cd gtk" else "cd unix"; enableParallelBuilding = true; diff --git a/pkgs/applications/graphics/fluxus/default.nix b/pkgs/applications/graphics/fluxus/default.nix index b51fe8284780..1ac1666f8f40 100644 --- a/pkgs/applications/graphics/fluxus/default.nix +++ b/pkgs/applications/graphics/fluxus/default.nix @@ -18,7 +18,7 @@ , openal , openssl , racket_7_9 -, sconsPackages +, scons , zlib }: let @@ -50,7 +50,7 @@ stdenv.mkDerivation rec { openssl.dev racket_7_9 ]; - nativeBuildInputs = [ sconsPackages.scons_latest ]; + nativeBuildInputs = [ scons ]; patches = [ ./fix-build.patch ]; sconsFlags = [ diff --git a/pkgs/applications/misc/1password/default.nix b/pkgs/applications/misc/1password/default.nix index 438bd15e1a49..c42ab4a25483 100644 --- a/pkgs/applications/misc/1password/default.nix +++ b/pkgs/applications/misc/1password/default.nix @@ -12,12 +12,12 @@ let if extension == "zip" then fetchzip args else fetchurl args; pname = "1password-cli"; - version = "2.15.0"; + version = "2.16.0"; sources = rec { - aarch64-linux = fetch "linux_arm64" "sha256-D+i+RrPBwFHDL7ExiZUL/xc7vBcfHI7C6z0gNIs/Brs=" "zip"; - i686-linux = fetch "linux_386" "sha256-Y19dbv9eQJF3V+94bByfWLUeDuJ78fUM9vJf1/Nd3rI=" "zip"; - x86_64-linux = fetch "linux_amd64" "sha256-Mxp6wCwBUNNucN0W0awghUzg2OQTkrwXsZgS/nVP41M=" "zip"; - aarch64-darwin = fetch "apple_universal" "sha256-KJVXW2Ze1AmDWNeTEfr7SsZMBmLyMfBv/FgC+XAds0A=" "pkg"; + aarch64-linux = fetch "linux_arm64" "sha256-G0kn3BsgC8En4wNNr0aUSa52is+xmx3Ho+l3aMxKcKs=" "zip"; + i686-linux = fetch "linux_386" "sha256-b5v8BGf7QkEU61TrLhCWprxcpUJp5BmUwrB9Oi+qyDI=" "zip"; + x86_64-linux = fetch "linux_amd64" "sha256-ctHNRESQp+l7s1uXCv6AgNBARFQJydA/rLfdYDNyDXU=" "zip"; + aarch64-darwin = fetch "apple_universal" "sha256-j+BiFJawqAhZHJhYDQx51G/aEgwAqq7mXedP65HyaGo=" "pkg"; x86_64-darwin = aarch64-darwin; }; platforms = builtins.attrNames sources; diff --git a/pkgs/applications/misc/logseq/default.nix b/pkgs/applications/misc/logseq/default.nix index 7aa12ee730e1..afd7c1309cef 100644 --- a/pkgs/applications/misc/logseq/default.nix +++ b/pkgs/applications/misc/logseq/default.nix @@ -2,8 +2,8 @@ , stdenv , fetchurl , appimageTools -, appimage-run , makeWrapper +, electron , git }: @@ -30,23 +30,30 @@ stdenv.mkDerivation rec { installPhase = '' runHook preInstall - mkdir -p $out/bin $out/share/${pname} $out/share/applications $out/share/${pname}/resources/app/icons - cp -a ${appimageContents}/resources/app/icons/logseq.png $out/share/${pname}/resources/app/icons/logseq.png + mkdir -p $out/bin $out/share/${pname} $out/share/applications + cp -a ${appimageContents}/{locales,resources} $out/share/${pname} cp -a ${appimageContents}/Logseq.desktop $out/share/applications/${pname}.desktop - # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs - makeWrapper ${appimage-run}/bin/appimage-run $out/bin/logseq \ - --set "LOCAL_GIT_DIRECTORY" ${git} \ - --add-flags ${src} + # remove the `git` in `dugite` because we want the `git` in `nixpkgs` + chmod +w -R $out/share/${pname}/resources/app/node_modules/dugite/git + chmod +w $out/share/${pname}/resources/app/node_modules/dugite + rm -rf $out/share/${pname}/resources/app/node_modules/dugite/git + chmod -w $out/share/${pname}/resources/app/node_modules/dugite - # Make the desktop entry run the app using appimage-run substituteInPlace $out/share/applications/${pname}.desktop \ - --replace Exec=Logseq "Exec=$out/bin/logseq" \ + --replace Exec=Logseq Exec=${pname} \ --replace Icon=Logseq Icon=$out/share/${pname}/resources/app/icons/logseq.png runHook postInstall ''; + postFixup = '' + # set the env "LOCAL_GIT_DIRECTORY" for dugite so that we can use the git in nixpkgs + makeWrapper ${electron}/bin/electron $out/bin/${pname} \ + --set "LOCAL_GIT_DIRECTORY" ${git} \ + --add-flags $out/share/${pname}/resources/app + ''; + passthru.updateScript = ./update.sh; meta = with lib; { diff --git a/pkgs/applications/misc/yewtube/default.nix b/pkgs/applications/misc/yewtube/default.nix index c7dc0b6071b0..13dabe296b3d 100644 --- a/pkgs/applications/misc/yewtube/default.nix +++ b/pkgs/applications/misc/yewtube/default.nix @@ -2,13 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "yewtube"; - version = "2.9.2"; + version = "2.10.1"; src = fetchFromGitHub { - owner = "iamtalhaasghar"; + owner = "mps-youtube"; repo = "yewtube"; rev = "refs/tags/v${version}"; - hash = "sha256-5+0OaoUan9IFEqtMvpvtkfpd7IbFJhG52oROER5TY20="; + hash = "sha256-1qYHgMp9OZQuKDycvVwp0ADvF8xNY668JvRMVIE/dko="; }; postPatch = '' @@ -16,8 +16,6 @@ python3Packages.buildPythonApplication rec { substituteInPlace mps_youtube/__init__.py \ --replace "from pip._vendor import pkg_resources" "" \ --replace "__version__ =" "__version__ = '${version}' #" - # https://github.com/iamtalhaasghar/yewtube/pull/105 - sed -ie '/pyreadline/d' requirements.txt ''; propagatedBuildInputs = with python3Packages; [ @@ -25,6 +23,7 @@ python3Packages.buildPythonApplication rec { requests youtube-search-python yt-dlp + pylast ]; checkInputs = with python3Packages; [ @@ -41,7 +40,7 @@ python3Packages.buildPythonApplication rec { meta = with lib; { description = "Terminal based YouTube player and downloader, forked from mps-youtube"; - homepage = "https://github.com/iamtalhaasghar/yewtube"; + homepage = "https://github.com/mps-youtube/yewtube"; license = licenses.gpl3Plus; maintainers = with maintainers; [ fgaz koral ]; }; diff --git a/pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix b/pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix index 11a95f554fc0..81a66a93e3f1 100644 --- a/pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix +++ b/pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix @@ -1,6 +1,6 @@ -{ lib, stdenv, clang14Stdenv, fetchFromGitHub, openssl, sqlite }: +{ lib, stdenv, llvmPackages_14, fetchFromGitHub, openssl, sqlite }: -(if stdenv.isDarwin then clang14Stdenv else stdenv).mkDerivation rec { +(if stdenv.isDarwin then llvmPackages_14.stdenv else stdenv).mkDerivation rec { pname = "signalbackup-tools"; version = "20230316"; diff --git a/pkgs/applications/networking/remote/aws-workspaces/default.nix b/pkgs/applications/networking/remote/aws-workspaces/default.nix index 984dd3e90958..a5933d105f47 100644 --- a/pkgs/applications/networking/remote/aws-workspaces/default.nix +++ b/pkgs/applications/networking/remote/aws-workspaces/default.nix @@ -1,6 +1,6 @@ { stdenv, lib , makeWrapper, dpkg, fetchurl, autoPatchelfHook -, curl, libkrb5, lttng-ust, libpulseaudio, gtk3, openssl_1_1, icu70, webkitgtk, librsvg, gdk-pixbuf, libsoup, glib-networking, graphicsmagick_q16, libva, libusb, hiredis +, curl, libkrb5, lttng-ust, libpulseaudio, gtk3, openssl_1_1, icu70, webkitgtk, librsvg, gdk-pixbuf, libsoup, glib-networking, graphicsmagick_q16, libva, libusb1, hiredis }: stdenv.mkDerivation rec { @@ -41,7 +41,7 @@ stdenv.mkDerivation rec { glib-networking graphicsmagick_q16 hiredis - libusb + libusb1 libva ]; diff --git a/pkgs/applications/office/gnucash/default.nix b/pkgs/applications/office/gnucash/default.nix index 65a2d579d3f7..e22cd17cefa3 100644 --- a/pkgs/applications/office/gnucash/default.nix +++ b/pkgs/applications/office/gnucash/default.nix @@ -1,5 +1,6 @@ { lib , stdenv +, fetchpatch2 , fetchurl , aqbanking , boost @@ -74,6 +75,34 @@ stdenv.mkDerivation rec { ./0003-remove-valgrind.patch # this patch makes gnucash exec the Finance::Quote helpers directly ./0004-exec-fq-helpers.patch + # the following patches fix compilation with gcc 13 and glib > 2.76 + # "Build fails with gcc 13 and glib > 2.76" + (fetchpatch2 { + url = "https://github.com/Gnucash/gnucash/commit/184669f517744ac7be6e420e5e1f359384f676d5.patch"; + sha256 = "sha256-X5HCK//n+V5k/pEUNL6xwZY5NTeGnBt+7GhooqOXQ2I="; + }) + # "Build fails with gcc 13 and glib > 2.76, bis" + (fetchpatch2 { + url = "https://github.com/Gnucash/gnucash/commit/abcce5000ca72bf943ca8951867729942388848e.patch"; + sha256 = "sha256-WiMkozqMAYl5wrRhAQMNVDY77aRBa3E5/a0gvYyc9Zk="; + }) + # "Build fails with gcc 13 and glib > 2.76, ter" + (fetchpatch2 { + url = "https://github.com/Gnucash/gnucash/commit/89e63ef67235d231d242f018894295a6cb38cfc3.patch"; + sha256 = "sha256-xCkY8RlZPVDaRLbVn+QT28s4qIUgtMgjmuB0axSrNpw="; + }) + # "Build fails with gcc 13" + # "Protect against passing an lseek failure rv to read()." + (fetchpatch2 { + url = "https://github.com/Gnucash/gnucash/commit/ce3447e6ea8b2f734b24a2502e865ebbbc21aaaa.patch"; + sha256 = "sha256-mfPs/5rkCamihE0z1SRoX0tV4FNPkKUGd1T6iaCwy7E="; + }) + # "Fix crashes in test-engine on Arch Linux." + # Also fixes the same crashes in nixpkgs. + (fetchpatch2 { + url = "https://github.com/Gnucash/gnucash/commit/1020bde89c77f70cee6cc8181ead96e8fade47aa.patch"; + sha256 = "sha256-JCWm3M8hdgAwjuhLbFRN4Vk3BQqpn0FUwHk6Kg5Qa7Q="; + }) ]; # this needs to be an environment variable and not a cmake flag to suppress diff --git a/pkgs/development/libraries/ffmpeg/6.nix b/pkgs/development/libraries/ffmpeg/6.nix new file mode 100644 index 000000000000..cf29526fbcb5 --- /dev/null +++ b/pkgs/development/libraries/ffmpeg/6.nix @@ -0,0 +1,4 @@ +import ./generic.nix rec { + version = "6.0"; + sha256 = "sha256-RVbgsafIbeUUNXmUbDQ03ZN42oaUo0njqROo7KOQgv0="; +} diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index de78e8b75c41..0ece46f32668 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -227,6 +227,7 @@ , libxml2 , xz , nv-codec-headers +, nv-codec-headers-11 , openal , ocl-icd # OpenCL ICD , opencl-headers # OpenCL headers @@ -348,7 +349,14 @@ stdenv.mkDerivation (finalAttrs: { --replace VK_EXT_VIDEO_DECODE VK_KHR_VIDEO_DECODE ''; - patches = map (patch: fetchpatch patch) extraPatches; + patches = map (patch: fetchpatch patch) (extraPatches + ++ (lib.optional (lib.versionAtLeast version "6" && lib.versionOlder version "6.1") + { # this can be removed post 6.1 + name = "fix_aacps_tablegen"; + url = "https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/814178f92647be2411516bbb82f48532373d2554"; + hash = "sha256-FQV9/PiarPXCm45ldtCsxGHjlrriL8DKpn1LaKJ8owI="; + } + )); configurePlatforms = []; setOutputFlags = false; # Only accepts some of them @@ -539,7 +547,7 @@ stdenv.mkDerivation (finalAttrs: { # TODO This was always in buildInputs before, why? buildInputs = optionals withFullDeps [ libdc1394 ] ++ optionals (withFullDeps && !stdenv.isDarwin) [ libraw1394 ] # TODO where does this belong to - ++ optionals (withNvdec || withNvenc) [ nv-codec-headers ] + ++ optionals (withNvdec || withNvenc) [ (if (lib.versionAtLeast version "6") then nv-codec-headers-11 else nv-codec-headers) ] ++ optionals withAlsa [ alsa-lib ] ++ optionals withAom [ libaom ] ++ optionals withAss [ libass ] diff --git a/pkgs/development/libraries/rocm-comgr/default.nix b/pkgs/development/libraries/rocm-comgr/default.nix index d475a9f9dce2..6dc7b87934f1 100644 --- a/pkgs/development/libraries/rocm-comgr/default.nix +++ b/pkgs/development/libraries/rocm-comgr/default.nix @@ -15,7 +15,7 @@ let else throw "Unsupported ROCm LLVM platform"; in stdenv.mkDerivation (finalAttrs: { pname = "rocm-comgr"; - version = "5.4.3"; + version = "5.4.4"; src = fetchFromGitHub { owner = "RadeonOpenCompute"; diff --git a/pkgs/development/libraries/swiften/default.nix b/pkgs/development/libraries/swiften/default.nix index c779e16cbbb3..f839021c949e 100644 --- a/pkgs/development/libraries/swiften/default.nix +++ b/pkgs/development/libraries/swiften/default.nix @@ -9,7 +9,7 @@ , fetchpatch , openssl , boost -, sconsPackages +, scons }: stdenv.mkDerivation rec { @@ -35,7 +35,7 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ - sconsPackages.scons_latest + scons ]; buildInputs = [ diff --git a/pkgs/development/lua-modules/generated-packages.nix b/pkgs/development/lua-modules/generated-packages.nix index 4ce37ca0c15d..542c14d751d6 100644 --- a/pkgs/development/lua-modules/generated-packages.nix +++ b/pkgs/development/lua-modules/generated-packages.nix @@ -1352,7 +1352,7 @@ buildLuarocksPackage { }; }) {}; -lua-resty-session = callPackage({ lua_pack, buildLuarocksPackage, fetchgit, luaOlder, lua, lua-ffi-zlib, lua-resty-openssl }: +lua-resty-session = callPackage({ buildLuarocksPackage, fetchgit, luaOlder, lua, lua-resty-openssl /*, lua_pack, lua-ffi-zlib */ }: buildLuarocksPackage { pname = "lua-resty-session"; version = "4.0.3-1"; @@ -1374,12 +1374,13 @@ buildLuarocksPackage { '') ["date" "path"]) ; disabled = (luaOlder "5.1"); - propagatedBuildInputs = [ lua lua-ffi-zlib lua-resty-openssl lua_pack ]; + propagatedBuildInputs = [ lua lua-resty-openssl /* lua_pack lua-ffi-zlib */ ]; meta = { homepage = "https://github.com/bungle/lua-resty-session"; description = "Session Library for OpenResty - Flexible and Secure"; license.fullName = "BSD"; + broken = true; # lua_pack and lua-ffi-zlib are unpackaged, causing this package to not evaluate }; }) {}; diff --git a/pkgs/development/python-modules/mypy-boto3-builder/default.nix b/pkgs/development/python-modules/mypy-boto3-builder/default.nix index 8ec6e1e384b0..f159508f90e8 100644 --- a/pkgs/development/python-modules/mypy-boto3-builder/default.nix +++ b/pkgs/development/python-modules/mypy-boto3-builder/default.nix @@ -17,7 +17,7 @@ buildPythonPackage rec { pname = "mypy-boto3-builder"; - version = "7.13.0"; + version = "7.14.2"; format = "pyproject"; disabled = pythonOlder "3.10"; @@ -26,7 +26,7 @@ buildPythonPackage rec { owner = "youtype"; repo = "mypy_boto3_builder"; rev = "refs/tags/${version}"; - hash = "sha256-9D2w1rnYf7aKOABXmePghR695dlq37bci+bVOWrQCYw="; + hash = "sha256-dcVEIeDsVX9bdi6IgBPHM/aVrRujmd/BHmCUCuD0v8k="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/godot/4/default.nix b/pkgs/development/tools/godot/4/default.nix index e3cc35ef90a5..4805399b5914 100644 --- a/pkgs/development/tools/godot/4/default.nix +++ b/pkgs/development/tools/godot/4/default.nix @@ -53,13 +53,13 @@ let in stdenv.mkDerivation rec { pname = "godot"; - version = "4.0-stable"; + version = "4.0.1-stable"; src = fetchFromGitHub { owner = "godotengine"; repo = "godot"; rev = version; - hash = "sha256-BaSIHTV7LFV5VqjW+q7u/t/DR6JS6vxfREab6EdKYPU="; + hash = "sha256-0PDKZ92PJo9N5oP56/Z8bzhVhfO7IHdtQ5rMj5Difto="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/misc/grpc-client-cli/default.nix b/pkgs/development/tools/misc/grpc-client-cli/default.nix index 308b2cb7cecc..85f0f08aebcc 100644 --- a/pkgs/development/tools/misc/grpc-client-cli/default.nix +++ b/pkgs/development/tools/misc/grpc-client-cli/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "grpc-client-cli"; - version = "1.17.0"; + version = "1.18.0"; src = fetchFromGitHub { owner = "vadimi"; repo = "grpc-client-cli"; rev = "v${version}"; - sha256 = "sha256-iIF/CzNWY8XQiXQ4WFDU2mHDuNeWmAOXP16irik83FU="; + sha256 = "sha256-gpTJObgLbH+4fBnBrI6YA3Y4ENuGHV6xP7oHbSFQyEw="; }; - vendorHash = "sha256-6oJuyW3Yc/m7GnE2WipTUQk9eymK6xd+dT7mOVn2/vM="; + vendorHash = "sha256-FuUxCm/p8ke55kMjsmHwZTJMWO4cQZZ/B1RDpdxUr8U="; meta = with lib; { description = "generic gRPC command line client"; diff --git a/pkgs/development/tools/nsis/default.nix b/pkgs/development/tools/nsis/default.nix index b9fb3aa711c2..e27c43135bad 100644 --- a/pkgs/development/tools/nsis/default.nix +++ b/pkgs/development/tools/nsis/default.nix @@ -3,7 +3,7 @@ , symlinkJoin , fetchurl , fetchzip -, sconsPackages +, scons , zlib , libiconv }: @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { chmod -R u+w $out/share/nsis ''; - nativeBuildInputs = [ sconsPackages.scons_latest ]; + nativeBuildInputs = [ scons ]; buildInputs = [ zlib ] ++ lib.optionals stdenv.isDarwin [ libiconv ]; CPPPATH = symlinkJoin { diff --git a/pkgs/games/globulation/default.nix b/pkgs/games/globulation/default.nix index 226e04aa1b73..039098f87da5 100644 --- a/pkgs/games/globulation/default.nix +++ b/pkgs/games/globulation/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, libGLU, libGL, SDL, sconsPackages, SDL_ttf, SDL_image, zlib, SDL_net +{ lib, stdenv, fetchurl, libGLU, libGL, SDL, scons, SDL_ttf, SDL_image, zlib, SDL_net , speex, libvorbis, libogg, boost, fribidi, bsdiff , fetchpatch }: @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { sed -i -e "s@env = Environment()@env = Environment( ENV = os.environ )@" SConstruct ''; - nativeBuildInputs = [ sconsPackages.scons_latest ]; + nativeBuildInputs = [ scons ]; buildInputs = [ libGLU libGL SDL SDL_ttf SDL_image zlib SDL_net speex libvorbis libogg boost fribidi bsdiff ]; postConfigure = '' diff --git a/pkgs/games/vdrift/default.nix b/pkgs/games/vdrift/default.nix index d965faab4db2..50fb4af1416a 100644 --- a/pkgs/games/vdrift/default.nix +++ b/pkgs/games/vdrift/default.nix @@ -3,7 +3,7 @@ , fetchFromGitHub , fetchsvn , pkg-config -, sconsPackages +, scons , libGLU , libGL , SDL2 @@ -33,7 +33,7 @@ let sha256 = "sha256-DrzRF4WzwEXCNALq0jz8nHWZ1oYTEsdrvSYVYI1WkTI="; }; - nativeBuildInputs = [ pkg-config sconsPackages.scons_latest ]; + nativeBuildInputs = [ pkg-config scons ]; buildInputs = [ libGLU libGL SDL2 SDL2_image libvorbis bullet curl gettext ]; patches = [ diff --git a/pkgs/tools/audio/stt/default.nix b/pkgs/tools/audio/stt/default.nix index 31256c191ecc..8697cb62f5b7 100644 --- a/pkgs/tools/audio/stt/default.nix +++ b/pkgs/tools/audio/stt/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, autoPatchelfHook, bzip2, lzma }: +{ stdenv, lib, fetchurl, autoPatchelfHook, bzip2, xz }: stdenv.mkDerivation rec { pname = "stt"; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ bzip2 - lzma + xz stdenv.cc.cc.lib ]; diff --git a/pkgs/tools/backup/borgmatic/default.nix b/pkgs/tools/backup/borgmatic/default.nix index 18b0f7507961..53cb506992ab 100644 --- a/pkgs/tools/backup/borgmatic/default.nix +++ b/pkgs/tools/backup/borgmatic/default.nix @@ -2,11 +2,11 @@ python3Packages.buildPythonApplication rec { pname = "borgmatic"; - version = "1.7.8"; + version = "1.7.9"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "sha256-+lYyCPKgaWZPUkIGjgmBES6vg1ZbgZ5b6WKmpqAcyhM="; + sha256 = "sha256-v3Qxwy7V6rqX90G4/Xp6mVTUkrqDXmudgh3th0GCjuk="; }; nativeCheckInputs = with python3Packages; [ flexmock pytestCheckHook pytest-cov ]; diff --git a/pkgs/tools/misc/bat/default.nix b/pkgs/tools/misc/bat/default.nix index 81870cd492f1..31f86098a0b3 100644 --- a/pkgs/tools/misc/bat/default.nix +++ b/pkgs/tools/misc/bat/default.nix @@ -8,30 +8,19 @@ , libiconv , installShellFiles , makeWrapper -, fetchpatch }: rustPlatform.buildRustPackage rec { pname = "bat"; - version = "0.22.1"; + version = "0.23.0"; src = fetchFromGitHub { owner = "sharkdp"; repo = pname; rev = "v${version}"; - sha256 = "sha256-xkGGnWjuZ5ZR4Ll+JwgWyKZFboFZ6HKA8GviR3YBAnM="; + hash = "sha256-cGHxB3Wp8yEcJBMtSOec6l7iBsMLhUtJ7nh5fijnWZs="; }; - cargoSha256 = "sha256-ye6GH4pcI9h1CNpobUzfJ+2WlqJ98saCdD77AtSGafg="; - - cargoPatches = [ - # merged upstream in https://github.com/sharkdp/bat/pull/2399 - (fetchpatch { - name = "disable-completion-of-cache-subcommand.patch"; - url = "https://github.com/sharkdp/bat/commit/b6b9d3a629bd9b08725df2a4e7b92c3023584a89.patch"; - hash = "sha256-G4LajO09+qfhpr+HRvAHCuE9EETit2e16ZEyAtz26B4="; - excludes = [ "CHANGELOG.md" ]; - }) - ]; + cargoHash = "sha256-wZNdYGCLKD80gV1QUTgKsFSNYkbDubknPB3e6dsyEgs="; nativeBuildInputs = [ pkg-config installShellFiles makeWrapper ]; diff --git a/pkgs/tools/misc/chezmoi/default.nix b/pkgs/tools/misc/chezmoi/default.nix index 834110a6aaa2..c9b99f07b1d4 100644 --- a/pkgs/tools/misc/chezmoi/default.nix +++ b/pkgs/tools/misc/chezmoi/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "chezmoi"; - version = "2.32.0"; + version = "2.33.0"; src = fetchFromGitHub { owner = "twpayne"; repo = "chezmoi"; rev = "v${version}"; - hash = "sha256-ljzcB48AeYMbo3GjsegJS7eyIRnd+prHBtK4dAICOCY="; + hash = "sha256-6oxpC7o9PyfP/pfPOzhPXIxvNCO6/nnIJG+4m1iYA9Y="; }; - vendorHash = "sha256-Ugp3jvtV12Ss7HdhLkBSdENyOTSb573iho1u2UX5Img="; + vendorHash = "sha256-a7V50zf7XZy/CTwdkud0whrFqx6LwpOIHdUWbiT7MRw="; doCheck = false; diff --git a/pkgs/tools/security/jwx/default.nix b/pkgs/tools/security/jwx/default.nix index 46a011c4cdb6..a290bd9e17eb 100644 --- a/pkgs/tools/security/jwx/default.nix +++ b/pkgs/tools/security/jwx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "jwx"; - version = "2.0.8"; + version = "2.0.9"; src = fetchFromGitHub { owner = "lestrrat-go"; repo = pname; rev = "v${version}"; - hash = "sha256-eoXSSXh9NxWLgogrE2hDjsPxqeUmH54TnYXwhm7kpz4="; + hash = "sha256-0Ha16moHpPt7IwSmSLSf3ExKlp2TDkssPppNIPHrsJw="; }; - vendorSha256 = "sha256-fbNnSjUOHnm/zxEGdhHQEKHgYp+nW1rgvMGJBm4b9IM="; + vendorHash = "sha256-RyAQh1uXw3bEZ6vuh8+mEf8T4l3ZIFAaFJ6dGMoANys="; sourceRoot = "source/cmd/jwx"; diff --git a/pkgs/tools/security/rage/default.nix b/pkgs/tools/security/rage/default.nix index 897c990d6fed..95ffb1c23388 100644 --- a/pkgs/tools/security/rage/default.nix +++ b/pkgs/tools/security/rage/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "rage"; - version = "0.9.0"; + version = "0.9.1"; src = fetchFromGitHub { owner = "str4d"; repo = pname; rev = "v${version}"; - sha256 = "sha256-/qrhD7AqVGMBi6PyvYww5PxukUU//KrttKqnPS0OYPc="; + hash = "sha256-df+ch0JfPgmf/qKMV3sBSmfCvRTazVnAa1SRRvhrteQ="; }; - cargoSha256 = "sha256-hVjtjeaIyySAHm3v0kFQ387THqYU1s+nGdBUwzIzBjg="; + cargoHash = "sha256-GW3u3LyUJqu4AMnb/2M7mYa45qbRtG2IDuCJoEVOfn0="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 79468281c7d5..1e56ad575b74 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -494,7 +494,7 @@ with pkgs; dinghy = with python3Packages; toPythonApplication dinghy; - djhtml = callPackage ../development/tools/djhtml { }; + djhtml = python3Packages.callPackage ../development/tools/djhtml { }; deadcode = callPackage ../development/tools/deadcode { }; @@ -7900,9 +7900,13 @@ with pkgs; gocryptfs = callPackage ../tools/filesystems/gocryptfs { }; - godot_4 = callPackage ../development/tools/godot/4 { }; + godot_4 = callPackage ../development/tools/godot/4 { + scons = sconsPackages.scons_4_1_0; + }; - godot = callPackage ../development/tools/godot/3 { }; + godot = callPackage ../development/tools/godot/3 { + scons = sconsPackages.scons_4_1_0; + }; godot-export-templates = callPackage ../development/tools/godot/3/export-templates.nix { }; @@ -11741,7 +11745,9 @@ with pkgs; rmtrash = callPackage ../tools/misc/rmtrash { }; - roc-toolkit = callPackage ../development/libraries/audio/roc-toolkit { }; + roc-toolkit = callPackage ../development/libraries/audio/roc-toolkit { + scons = sconsPackages.scons_4_1_0; + }; rockbox-utility = libsForQt5.callPackage ../tools/misc/rockbox-utility { }; @@ -18758,7 +18764,7 @@ with pkgs; semantik = libsForQt5.callPackage ../applications/office/semantik { }; sconsPackages = dontRecurseIntoAttrs (callPackage ../development/tools/build-managers/scons { }); - scons = sconsPackages.scons_4_1_0; + scons = sconsPackages.scons_latest; mill = callPackage ../development/tools/build-managers/mill { }; @@ -19872,6 +19878,18 @@ with pkgs; ffmpegVariant = "full"; }; + ffmpeg_6 = callPackage ../development/libraries/ffmpeg/6.nix { + inherit (darwin.apple_sdk.frameworks) + Cocoa CoreServices CoreAudio CoreMedia AVFoundation MediaToolbox + VideoDecodeAcceleration VideoToolbox; + }; + ffmpeg_6-headless = ffmpeg_6.override { + ffmpegVariant = "headless"; + }; + ffmpeg_6-full = ffmpeg_6.override { + ffmpegVariant = "full"; + }; + # Aliases # Please make sure this is updated to the latest version on the next major # update to ffmpeg @@ -28886,7 +28904,9 @@ with pkgs; bombadillo = callPackage ../applications/networking/browsers/bombadillo { }; - bombono = callPackage ../applications/video/bombono { }; + bombono = callPackage ../applications/video/bombono { + scons = sconsPackages.scons_4_1_0; + }; bonzomatic = callPackage ../applications/editors/bonzomatic { }; @@ -35516,7 +35536,9 @@ with pkgs; dwarf-therapist = dwarf-fortress-packages.dwarf-therapist; - dxx-rebirth = callPackage ../games/dxx-rebirth { }; + dxx-rebirth = callPackage ../games/dxx-rebirth { + scons = sconsPackages.scons_4_1_0; + }; inherit (callPackages ../games/dxx-rebirth/assets.nix { }) descent1-assets