diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index c4247443f566..c3dac5d13841 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -9926,6 +9926,15 @@ githubId = 1168435; name = "Ludovic Courtès"; }; + ludovicopiero = { + email = "ludovicopiero@pm.me"; + github = "ludovicopiero"; + githubId = 44255157; + name = "Ludovico Piero"; + keys = [{ + fingerprint = "72CA 4F61 46C6 0DAB 6193 4D35 3911 DD27 6CFE 779C"; + }]; + }; lufia = { email = "lufia@lufia.org"; github = "lufia"; diff --git a/nixos/modules/security/apparmor/includes.nix b/nixos/modules/security/apparmor/includes.nix index adfca04426ca..88051de484c5 100644 --- a/nixos/modules/security/apparmor/includes.nix +++ b/nixos/modules/security/apparmor/includes.nix @@ -62,7 +62,7 @@ config.security.apparmor.includes = { include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/base" r ${pkgs.stdenv.cc.libc}/share/locale/**, r ${pkgs.stdenv.cc.libc}/share/locale.alias, - ${lib.optionalString (pkgs.glibcLocales != null) "r ${pkgs.glibcLocales}/lib/locale/locale-archive,"} + r ${config.i18n.glibcLocales}/lib/locale/locale-archive, ${etcRule "localtime"} r ${pkgs.tzdata}/share/zoneinfo/**, r ${pkgs.stdenv.cc.libc}/share/i18n/**, @@ -72,7 +72,7 @@ config.security.apparmor.includes = { # bash inspects filesystems at startup # and /etc/mtab is linked to /proc/mounts - @{PROC}/mounts + r @{PROC}/mounts, # system-wide bash configuration '' + lib.concatMapStringsSep "\n" etcRule [ @@ -211,6 +211,9 @@ config.security.apparmor.includes = { "abstractions/nis" = '' include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/nis" ''; + "abstractions/nss-systemd" = '' + include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/nss-systemd" + ''; "abstractions/nvidia" = '' include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/nvidia" ${etcRule "vdpau_wrapper.cfg"} @@ -279,6 +282,8 @@ config.security.apparmor.includes = { r /var/lib/acme/*/chain.pem, r /var/lib/acme/*/fullchain.pem, + r /etc/pki/tls/certs/, + '' + lib.concatMapStringsSep "\n" etcRule [ "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix index 37a1ff8b2d34..20c2eff11e62 100644 --- a/nixos/modules/services/networking/murmur.nix +++ b/nixos/modules/services/networking/murmur.nix @@ -355,5 +355,37 @@ in ''; destination = "/share/dbus-1/system.d/murmur.conf"; })]; + + security.apparmor.policies."bin.mumble-server".profile = '' + include + + ${cfg.package}/bin/{mumble-server,.mumble-server-wrapped} { + include + include + include + include "${pkgs.apparmorRulesFromClosure { name = "mumble-server"; } cfg.package}" + pix ${cfg.package}/bin/.mumble-server-wrapped, + + r ${config.environment.etc."os-release".source}, + r ${config.environment.etc."lsb-release".source}, + owner rwk /var/lib/murmur/murmur.sqlite, + owner rw /var/lib/murmur/murmur.sqlite-journal, + owner r /var/lib/murmur/, + r /run/murmur/murmurd.pid, + r /run/murmur/murmurd.ini, + r ${configFile}, + '' + optionalString (cfg.logFile != null) '' + rw ${cfg.logFile}, + '' + optionalString (cfg.sslCert != "") '' + r ${cfg.sslCert}, + '' + optionalString (cfg.sslKey != "") '' + r ${cfg.sslKey}, + '' + optionalString (cfg.sslCa != "") '' + r ${cfg.sslCa}, + '' + optionalString (cfg.dbus != null) '' + dbus bus=${cfg.dbus} + '' + '' + } + ''; }; } diff --git a/nixos/modules/services/web-apps/miniflux.nix b/nixos/modules/services/web-apps/miniflux.nix index 7cc8ce10ffe0..3374c746ad3d 100644 --- a/nixos/modules/services/web-apps/miniflux.nix +++ b/nixos/modules/services/web-apps/miniflux.nix @@ -130,5 +130,17 @@ in environment = cfg.config; }; environment.systemPackages = [ cfg.package ]; + + security.apparmor.policies."bin.miniflux".profile = '' + include + ${cfg.package}/bin/miniflux { + include + include + include + include "${pkgs.apparmorRulesFromClosure { name = "miniflux"; } cfg.package}" + r ${cfg.package}/bin/miniflux, + r @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size, + } + ''; }; } diff --git a/nixos/tests/miniflux.nix b/nixos/tests/miniflux.nix index be3e7abb6abd..a3af53db0e7a 100644 --- a/nixos/tests/miniflux.nix +++ b/nixos/tests/miniflux.nix @@ -25,6 +25,7 @@ in default = { ... }: { + security.apparmor.enable = true; services.miniflux = { enable = true; inherit adminCredentialsFile; @@ -34,6 +35,7 @@ in withoutSudo = { ... }: { + security.apparmor.enable = true; services.miniflux = { enable = true; inherit adminCredentialsFile; @@ -44,6 +46,7 @@ in customized = { ... }: { + security.apparmor.enable = true; services.miniflux = { enable = true; config = { @@ -63,6 +66,7 @@ in default.succeed( "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) + default.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') withoutSudo.wait_for_unit("miniflux.service") withoutSudo.wait_for_open_port(${toString defaultPort}) @@ -70,6 +74,7 @@ in withoutSudo.succeed( "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) + withoutSudo.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') customized.wait_for_unit("miniflux.service") customized.wait_for_open_port(${toString port}) @@ -77,5 +82,6 @@ in customized.succeed( "curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) + customized.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') ''; }) diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index 2b5cc20163bc..8eee454721a1 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -20,6 +20,7 @@ in nodes = { server = { config, ... }: { + security.apparmor.enable = true; services.murmur.enable = true; services.murmur.registerName = "NixOS tests"; services.murmur.password = "$MURMURD_PASSWORD"; @@ -81,5 +82,8 @@ in server.sleep(5) # wait to get screenshot client1.screenshot("screen1") client2.screenshot("screen2") + + # check if apparmor denied anything + server.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') ''; }) diff --git a/pkgs/applications/audio/whipper/default.nix b/pkgs/applications/audio/whipper/default.nix index e92b2f13187e..eb179bfa5496 100644 --- a/pkgs/applications/audio/whipper/default.nix +++ b/pkgs/applications/audio/whipper/default.nix @@ -95,6 +95,6 @@ in python3.pkgs.buildPythonApplication rec { description = "A CD ripper aiming for accuracy over speed"; maintainers = with maintainers; [ emily ]; license = licenses.gpl3Plus; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/applications/editors/openvi/default.nix b/pkgs/applications/editors/openvi/default.nix index e104c4dd7591..19da3daf78fc 100644 --- a/pkgs/applications/editors/openvi/default.nix +++ b/pkgs/applications/editors/openvi/default.nix @@ -1,30 +1,22 @@ { lib , stdenv , fetchFromGitHub -, fetchpatch , ncurses +, perl }: stdenv.mkDerivation rec { pname = "openvi"; - version = "7.3.22"; + version = "7.4.23"; src = fetchFromGitHub { owner = "johnsonjh"; repo = "OpenVi"; rev = version; - hash = "sha256-yXYiH2FCT7ffRPmb28V54+KO1RLs8L9KHk3remkMWmA="; + hash = "sha256-DwecSnByRkjBFqy3gWJ0+1srF2YsNACqKrAITn6wXJw="; }; - patches = [ - # do not attempt to install to /var/tmp/vi.recover - (fetchpatch { - url = "https://github.com/johnsonjh/OpenVi/commit/5205f0234369963c443e83ca5028ca63feaaac91.patch"; - hash = "sha256-hoKzQLnpdRbc48wffWbzFtivr20VqEPs4WRPXuDa/88="; - }) - ]; - - buildInputs = [ ncurses ]; + buildInputs = [ ncurses perl ]; makeFlags = [ "PREFIX=$(out)" diff --git a/pkgs/applications/misc/safeeyes/default.nix b/pkgs/applications/misc/safeeyes/default.nix index f5cd73e03137..4b845737e7c8 100644 --- a/pkgs/applications/misc/safeeyes/default.nix +++ b/pkgs/applications/misc/safeeyes/default.nix @@ -7,6 +7,8 @@ , libnotify , wlrctl , gtk3 +, safeeyes +, testers , xprintidle , xprop , wrapGAppsHook @@ -61,6 +63,8 @@ buildPythonApplication rec { doCheck = false; # no tests + passthru.tests.version = testers.testVersion { package = safeeyes; }; + meta = with lib; { homepage = "http://slgobinath.github.io/SafeEyes"; description = "Protect your eyes from eye strain using this simple and beautiful, yet extensible break reminder. A Free and Open Source Linux alternative to EyeLeo"; diff --git a/pkgs/applications/networking/mailreaders/mailspring/default.nix b/pkgs/applications/networking/mailreaders/mailspring/default.nix index 6e694d01b466..9b5adb3a9772 100644 --- a/pkgs/applications/networking/mailreaders/mailspring/default.nix +++ b/pkgs/applications/networking/mailreaders/mailspring/default.nix @@ -22,11 +22,11 @@ stdenv.mkDerivation rec { pname = "mailspring"; - version = "1.10.8"; + version = "1.11.0"; src = fetchurl { url = "https://github.com/Foundry376/Mailspring/releases/download/${version}/mailspring-${version}-amd64.deb"; - sha256 = "sha256-aXpPn6tpSOwWL/34qlpJ+on/H+X7303J1jwvwcVOTNs="; + hash = "sha256-aAqkltVxIlGwRVGM+1QkrVgfnitl+D3Xb0qi0o8ow+Q="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/nload/default.nix b/pkgs/applications/networking/nload/default.nix index 8b97bbf4635a..e46a95d71e49 100644 --- a/pkgs/applications/networking/nload/default.nix +++ b/pkgs/applications/networking/nload/default.nix @@ -36,5 +36,6 @@ stdenv.mkDerivation rec { license = lib.licenses.gpl2; platforms = lib.platforms.linux; maintainers = [ lib.maintainers.devhell ]; + mainProgram = "nload"; }; } diff --git a/pkgs/applications/science/chemistry/openmolcas/default.nix b/pkgs/applications/science/chemistry/openmolcas/default.nix index c99c5da06f37..695d5502b5eb 100644 --- a/pkgs/applications/science/chemistry/openmolcas/default.nix +++ b/pkgs/applications/science/chemistry/openmolcas/default.nix @@ -1,19 +1,47 @@ -{ lib, stdenv, fetchFromGitLab, cmake, gfortran, perl -, blas-ilp64, hdf5-cpp, python3, texlive -, armadillo, libxc, makeWrapper -# Note that the CASPT2 module is broken with MPI -# See https://gitlab.com/Molcas/OpenMolcas/-/issues/169 +{ lib +, stdenv +, fetchFromGitLab +, fetchFromGitHub +, cmake +, gfortran +, perl +, blas-ilp64 +, hdf5-cpp +, python3 +, texlive +, armadillo +, libxc +, makeWrapper +, gsl +, boost175 +, autoPatchelfHook + # Note that the CASPT2 module is broken with MPI + # See https://gitlab.com/Molcas/OpenMolcas/-/issues/169 , enableMpi ? false -, mpi, globalarrays -} : +, mpi +, globalarrays +}: assert blas-ilp64.isILP64; assert lib.elem blas-ilp64.passthru.implementation [ "openblas" "mkl" ]; let - python = python3.withPackages (ps : with ps; [ six pyparsing numpy h5py ]); + python = python3.withPackages (ps: with ps; [ six pyparsing numpy h5py ]); + qcmaquisSrc = fetchFromGitHub { + owner = "qcscine"; + repo = "qcmaquis"; + rev = "release-3.1.1"; # Must match tag in cmake/custom/qcmaquis.cmake + hash = "sha256-diLDWj/Om6EHrVp+Hd24jsN6R9vV2vRl0y9gqyRWhkI="; + }; + nevtp2Src = fetchFromGitHub { + owner = "qcscine"; + repo = "nevpt2"; + rev = "e1484fd"; # Must match tag in cmake/custom/nevpt2.cmake + hash = "sha256-Vl+FhwhJBbD/7U2CwsYE9BClSQYLJ8DKXV9EXxQUmz0="; + }; -in stdenv.mkDerivation { +in +stdenv.mkDerivation { pname = "openmolcas"; version = "23.06"; @@ -28,12 +56,22 @@ in stdenv.mkDerivation { patches = [ # Required to handle openblas multiple outputs ./openblasPath.patch + + # Required for a local QCMaquis build + ./qcmaquis.patch ]; postPatch = '' # Using env fails in the sandbox substituteInPlace Tools/pymolcas/export.py --replace \ "/usr/bin/env','python3" "python3" + + # Pointing CMake to local QCMaquis and NEVPT2 archives + substituteInPlace cmake/custom/qcmaquis.cmake \ + --subst-var-by "qcmaquis_src_url" "file://${qcmaquisSrc}" + + substituteInPlace cmake/custom/nevpt2.cmake \ + --subst-var-by "nevpt2_src_url" "file://${nevtp2Src}" ''; nativeBuildInputs = [ @@ -42,6 +80,7 @@ in stdenv.mkDerivation { cmake texlive.combined.scheme-minimal makeWrapper + autoPatchelfHook ]; buildInputs = [ @@ -50,6 +89,8 @@ in stdenv.mkDerivation { python armadillo libxc + gsl.dev + boost175 ] ++ lib.optionals enableMpi [ mpi globalarrays @@ -64,10 +105,15 @@ in stdenv.mkDerivation { "-DHDF5=ON" "-DFDE=ON" "-DEXTERNAL_LIBXC=${libxc}" + "-DDMRG=ON" + "-DNEVPT2=ON" + "-DCMAKE_SKIP_BUILD_RPATH=ON" ] ++ lib.optionals (blas-ilp64.passthru.implementation == "openblas") [ - "-DOPENBLASROOT=${blas-ilp64.passthru.provider.dev}" "-DLINALG=OpenBLAS" + "-DOPENBLASROOT=${blas-ilp64.passthru.provider.dev}" + "-DLINALG=OpenBLAS" ] ++ lib.optionals (blas-ilp64.passthru.implementation == "mkl") [ - "-DMKLROOT=${blas-ilp64.passthru.provider}" "-DLINALG=MKL" + "-DMKLROOT=${blas-ilp64.passthru.provider}" + "-DLINALG=MKL" ] ++ lib.optionals enableMpi [ "-DGA=ON" "-DMPI=ON" @@ -89,6 +135,10 @@ in stdenv.mkDerivation { rm -r $out/Tools ''; + # DMRG executables contain references to /build, however, they are properly + # removed by autopatchelf + noAuditTmpdir = true; + postFixup = '' # Wrong store path in shebang (no Python pkgs), force re-patching sed -i "1s:/.*:/usr/bin/env python:" $out/bin/pymolcas @@ -101,7 +151,7 @@ in stdenv.mkDerivation { description = "Advanced quantum chemistry software package"; homepage = "https://gitlab.com/Molcas/OpenMolcas"; maintainers = [ maintainers.markuskowa ]; - license = licenses.lgpl21Only; + license = with licenses; [ lgpl21Only bsd3 ]; platforms = [ "x86_64-linux" ]; mainProgram = "pymolcas"; }; diff --git a/pkgs/applications/science/chemistry/openmolcas/qcmaquis.patch b/pkgs/applications/science/chemistry/openmolcas/qcmaquis.patch new file mode 100644 index 000000000000..ca276bb3fb58 --- /dev/null +++ b/pkgs/applications/science/chemistry/openmolcas/qcmaquis.patch @@ -0,0 +1,46 @@ +diff --git a/cmake/custom/nevpt2.cmake b/cmake/custom/nevpt2.cmake +index 789739ec8..6c86a7b8c 100644 +--- a/cmake/custom/nevpt2.cmake ++++ b/cmake/custom/nevpt2.cmake +@@ -67,6 +67,7 @@ list(APPEND NEVPT2CMakeArgs + "-DMOLCAS_BUILD_DIR=${PROJECT_BINARY_DIR}" + "-DCMAKE_Fortran_MODULE_DIRECTORY=${mod_dir}" + "-DDMRG_INCLUDE=${HDF5_QCM_INCLUDE}" ++ "-DCMAKE_SKIP_BUILD_RPATH=ON" + ) + + if(HDF5_ROOT) +@@ -118,9 +119,7 @@ endif () + + ExternalProject_Add(${EP_PROJECT} + PREFIX ${CUSTOM_NEVPT2_LOCATION} +- GIT_REPOSITORY ${reference_git_repo} +- GIT_TAG ${reference_git_commit} +- UPDATE_DISCONNECTED ${EP_SkipUpdate} ++ URL @nevpt2_src_url@ + CMAKE_ARGS "${NEVPT2CMakeArgs}" + INSTALL_DIR "${PROJECT_BINARY_DIR}/qcmaquis" + ) +diff --git a/cmake/custom/qcmaquis.cmake b/cmake/custom/qcmaquis.cmake +index 176d02761..e160b7bc8 100644 +--- a/cmake/custom/qcmaquis.cmake ++++ b/cmake/custom/qcmaquis.cmake +@@ -78,6 +78,7 @@ list(APPEND QCMaquisCMakeArgs + -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} + -DCMAKE_CXX_FLAGS=${QCM_CMake_CXX_FLAGS} + -DCMAKE_INSTALL_PREFIX:PATH= ++ -DCMAKE_SKIP_BUILD_RPATH=ON + ) + if(HDF5_ROOT) + list(APPEND QCMaquisCMakeArgs +@@ -278,9 +279,7 @@ set (CMAKE_DISABLE_SOURCE_CHANGES OFF) + + ExternalProject_Add(${EP_PROJECT} + PREFIX ${extprojpath} +- GIT_REPOSITORY ${reference_git_repo} +- GIT_TAG ${reference_git_commit} +- UPDATE_DISCONNECTED ${EP_SkipUpdate} ++ URL @qcmaquis_src_url@ + + SOURCE_SUBDIR dmrg + CMAKE_ARGS ${EP_CMAKE_ARGS} diff --git a/pkgs/development/compilers/gleam/default.nix b/pkgs/development/compilers/gleam/default.nix index c7e6669dd14e..ea82d72a481a 100644 --- a/pkgs/development/compilers/gleam/default.nix +++ b/pkgs/development/compilers/gleam/default.nix @@ -1,14 +1,24 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, git, pkg-config, openssl, Security, libiconv }: +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, git +, pkg-config +, openssl +, Security +, libiconv +, nix-update-script +}: rustPlatform.buildRustPackage rec { pname = "gleam"; - version = "0.30.2"; + version = "0.30.5"; src = fetchFromGitHub { owner = "gleam-lang"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-XrXN+HZlCPzywFo10/vLHbz/zjglSZnNQKfYvLvx35I="; + hash = "sha256-DOQhuSNIyP6K+M9a/uM8Cn6gyzpaH23+n4fux8otPWQ="; }; nativeBuildInputs = [ git pkg-config ]; @@ -16,7 +26,9 @@ rustPlatform.buildRustPackage rec { buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security libiconv ]; - cargoHash = "sha256-K7MrrnupH1BS8KEIgVdlnGF91J5ND5umgdeLVCg7DbQ="; + cargoHash = "sha256-CkMUconCw94Jvy7FhrOZvBbA8DAi91Ae5GFxGFBcEew="; + + passthru.updateScript = nix-update-script { }; meta = with lib; { description = "A statically typed language for the Erlang VM"; diff --git a/pkgs/development/tools/language-servers/millet/Cargo.lock b/pkgs/development/tools/language-servers/millet/Cargo.lock index 96f0e67abb30..e9208f2e315b 100644 --- a/pkgs/development/tools/language-servers/millet/Cargo.lock +++ b/pkgs/development/tools/language-servers/millet/Cargo.lock @@ -28,7 +28,7 @@ dependencies = [ [[package]] name = "analysis" -version = "0.12.8" +version = "0.12.9" dependencies = [ "config", "diagnostic", @@ -115,7 +115,7 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chain-map" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "str-util", @@ -128,7 +128,7 @@ source = "git+https://github.com/azdavis/language-util.git#f2c149459f0544fb6a8e1 [[package]] name = "cm-syntax" -version = "0.12.8" +version = "0.12.9" dependencies = [ "lex-util", "paths", @@ -157,7 +157,7 @@ dependencies = [ [[package]] name = "config" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "serde", @@ -185,7 +185,7 @@ checksum = "7704b5fdd17b18ae31c4c1da5a2e0305a2bf17b5249300a9ee9ed7b72114c636" [[package]] name = "cov-mark" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "once_cell", @@ -412,7 +412,7 @@ dependencies = [ [[package]] name = "input" -version = "0.12.8" +version = "0.12.9" dependencies = [ "cm-syntax", "config", @@ -460,7 +460,7 @@ checksum = "3752f229dcc5a481d60f385fa479ff46818033d881d2d801aa27dffcfb5e8306" [[package]] name = "lang-srv" -version = "0.12.8" +version = "0.12.9" dependencies = [ "analysis", "anyhow", @@ -488,7 +488,7 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "lex-util" -version = "0.12.8" +version = "0.12.9" [[package]] name = "libc" @@ -560,7 +560,7 @@ dependencies = [ [[package]] name = "millet-cli" -version = "0.12.8" +version = "0.12.9" dependencies = [ "analysis", "codespan-reporting", @@ -578,7 +578,7 @@ dependencies = [ [[package]] name = "millet-ls" -version = "0.12.8" +version = "0.12.9" dependencies = [ "anyhow", "env_logger", @@ -598,7 +598,7 @@ dependencies = [ [[package]] name = "mlb-hir" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "paths", @@ -609,7 +609,7 @@ dependencies = [ [[package]] name = "mlb-statics" -version = "0.12.8" +version = "0.12.9" dependencies = [ "config", "diagnostic", @@ -633,7 +633,7 @@ dependencies = [ [[package]] name = "mlb-syntax" -version = "0.12.8" +version = "0.12.9" dependencies = [ "lex-util", "paths", @@ -696,7 +696,7 @@ checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" [[package]] name = "panic-hook" -version = "0.12.8" +version = "0.12.9" dependencies = [ "better-panic", ] @@ -899,7 +899,7 @@ dependencies = [ [[package]] name = "slash-var-path" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "str-util", @@ -907,14 +907,14 @@ dependencies = [ [[package]] name = "sml-comment" -version = "0.12.8" +version = "0.12.9" dependencies = [ "sml-syntax", ] [[package]] name = "sml-dynamics" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "fmt-util", @@ -925,7 +925,7 @@ dependencies = [ [[package]] name = "sml-dynamics-tests" -version = "0.12.8" +version = "0.12.9" dependencies = [ "config", "pretty_assertions", @@ -941,7 +941,7 @@ dependencies = [ [[package]] name = "sml-file-syntax" -version = "0.12.8" +version = "0.12.9" dependencies = [ "config", "elapsed", @@ -955,7 +955,7 @@ dependencies = [ [[package]] name = "sml-fixity" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "once_cell", @@ -964,7 +964,7 @@ dependencies = [ [[package]] name = "sml-hir" -version = "0.12.8" +version = "0.12.9" dependencies = [ "la-arena", "sml-lab", @@ -975,7 +975,7 @@ dependencies = [ [[package]] name = "sml-hir-lower" -version = "0.12.8" +version = "0.12.9" dependencies = [ "config", "cov-mark", @@ -990,14 +990,14 @@ dependencies = [ [[package]] name = "sml-lab" -version = "0.12.8" +version = "0.12.9" dependencies = [ "str-util", ] [[package]] name = "sml-lex" -version = "0.12.8" +version = "0.12.9" dependencies = [ "cov-mark", "diagnostic", @@ -1012,7 +1012,7 @@ source = "git+https://github.com/azdavis/sml-libs.git#3948485e5bf5649e50271caf3e [[package]] name = "sml-naive-fmt" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "sml-comment", @@ -1021,11 +1021,11 @@ dependencies = [ [[package]] name = "sml-namespace" -version = "0.12.8" +version = "0.12.9" [[package]] name = "sml-parse" -version = "0.12.8" +version = "0.12.9" dependencies = [ "diagnostic", "event-parse", @@ -1037,14 +1037,14 @@ dependencies = [ [[package]] name = "sml-path" -version = "0.12.8" +version = "0.12.9" dependencies = [ "str-util", ] [[package]] name = "sml-scon" -version = "0.12.8" +version = "0.12.9" dependencies = [ "num-bigint", "num-traits", @@ -1053,7 +1053,7 @@ dependencies = [ [[package]] name = "sml-statics" -version = "0.12.8" +version = "0.12.9" dependencies = [ "chain-map", "config", @@ -1076,7 +1076,7 @@ dependencies = [ [[package]] name = "sml-statics-types" -version = "0.12.8" +version = "0.12.9" dependencies = [ "chain-map", "code-h2-md-map", @@ -1095,7 +1095,7 @@ dependencies = [ [[package]] name = "sml-symbol-kind" -version = "0.12.8" +version = "0.12.9" dependencies = [ "sml-namespace", "sml-statics-types", @@ -1103,7 +1103,7 @@ dependencies = [ [[package]] name = "sml-syntax" -version = "0.12.8" +version = "0.12.9" dependencies = [ "code-h2-md-map", "fast-hash", @@ -1114,7 +1114,7 @@ dependencies = [ [[package]] name = "sml-ty-var-scope" -version = "0.12.8" +version = "0.12.9" dependencies = [ "fast-hash", "sml-hir", @@ -1172,7 +1172,7 @@ dependencies = [ [[package]] name = "tests" -version = "0.12.8" +version = "0.12.9" dependencies = [ "analysis", "cm-syntax", @@ -1516,7 +1516,7 @@ dependencies = [ [[package]] name = "xtask" -version = "0.12.8" +version = "0.12.9" dependencies = [ "anyhow", "flate2", diff --git a/pkgs/development/tools/language-servers/millet/default.nix b/pkgs/development/tools/language-servers/millet/default.nix index d28677fc3a8f..8b1fc8c47745 100644 --- a/pkgs/development/tools/language-servers/millet/default.nix +++ b/pkgs/development/tools/language-servers/millet/default.nix @@ -2,13 +2,13 @@ rustPlatform.buildRustPackage rec { pname = "millet"; - version = "0.12.8"; + version = "0.12.9"; src = fetchFromGitHub { owner = "azdavis"; repo = pname; rev = "v${version}"; - hash = "sha256-H44aQGrLv/A1yo44DaR9FJ0ReXiHU4SQ3zLoEkxF9M8="; + hash = "sha256-PGB5sgYxiXYTj6O9SY/druDpNCf4O8HsivT8zhJM62M="; }; cargoLock = { diff --git a/pkgs/development/tools/wasm-bindgen-cli/default.nix b/pkgs/development/tools/wasm-bindgen-cli/default.nix index ec336d422ab1..d7b6aba2a2a3 100644 --- a/pkgs/development/tools/wasm-bindgen-cli/default.nix +++ b/pkgs/development/tools/wasm-bindgen-cli/default.nix @@ -7,28 +7,27 @@ , stdenv , curl , Security -, runCommand +, version ? "0.2.87" +, hash ? "sha256-0u9bl+FkXEK2b54n7/l9JOCtKo+pb42GF9E1EnAUQa0=" +, cargoHash ? "sha256-AsZBtE2qHJqQtuCt/wCAgOoxYMfvDh8IzBPAOkYSYko=" }: rustPlatform.buildRustPackage rec { pname = "wasm-bindgen-cli"; - version = "0.2.84"; + inherit version hash cargoHash; src = fetchCrate { - inherit pname version; - sha256 = "sha256-0rK+Yx4/Jy44Fw5VwJ3tG243ZsyOIBBehYU54XP/JGk="; + inherit pname version hash; }; - cargoSha256 = "sha256-vcpxcRlW1OKoD64owFF6mkxSqmNrvY+y3Ckn5UwEQ50="; - nativeBuildInputs = [ pkg-config ]; buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ curl Security ]; nativeCheckInputs = [ nodejs ]; - # other tests require it to be ran in the wasm-bindgen monorepo - cargoTestFlags = [ "--test=interface-types" ]; + # tests require it to be ran in the wasm-bindgen monorepo + doCheck = false; meta = with lib; { homepage = "https://rustwasm.github.io/docs/wasm-bindgen/"; diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 1a2aa2943055..b85392977c46 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -128,9 +128,10 @@ let meta = apparmor-meta "library"; }; - apparmor-utils = stdenv.mkDerivation { + apparmor-utils = python.pkgs.buildPythonApplication { pname = "apparmor-utils"; version = apparmor-version; + format = "other"; src = apparmor-sources; @@ -146,14 +147,25 @@ let libapparmor.python ]; + propagatedBuildInputs = [ + libapparmor.python + + # Used by aa-notify + python.pkgs.notify2 + python.pkgs.psutil + ]; + prePatch = prePatchCommon + # Do not build vim file lib.optionalString stdenv.hostPlatform.isMusl '' sed -i ./utils/Makefile -e "/\/d" '' + '' - for file in utils/apparmor/easyprof.py utils/apparmor/aa.py utils/logprof.conf; do - substituteInPlace $file --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser" - done + sed -i -E 's/^(DESTDIR|BINDIR|PYPREFIX)=.*//g' ./utils/Makefile + + sed -i utils/aa-unconfined -e "/my_env\['PATH'\]/d" + + substituteInPlace utils/aa-remove-unknown \ + --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions" ''; inherit patches; postPatch = "cd ./utils"; @@ -161,17 +173,6 @@ let installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "VIM_INSTALL_PATH=$(out)/share" "PYPREFIX=" ]; postInstall = '' - sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d" - for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do - wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.sitePackages}:$PYTHONPATH" - done - - substituteInPlace $out/bin/aa-notify \ - --replace /usr/bin/notify-send ${libnotify}/bin/notify-send \ - --replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}" - - substituteInPlace $out/bin/aa-remove-unknown \ - --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions" wrapProgram $out/bin/aa-remove-unknown \ --prefix PATH : ${lib.makeBinPath [ gawk ]} diff --git a/pkgs/servers/ldap/lldap/default.nix b/pkgs/servers/ldap/lldap/default.nix index 3c83fe037a0d..44678a71db1e 100644 --- a/pkgs/servers/ldap/lldap/default.nix +++ b/pkgs/servers/ldap/lldap/default.nix @@ -32,6 +32,12 @@ let configureFlags = attrs.configureFlags ++ ["--set=build.docs=false"]; }); + wasm-bindgen-84 = wasm-bindgen-cli.override { + version = "0.2.84"; + hash = "sha256-0rK+Yx4/Jy44Fw5VwJ3tG243ZsyOIBBehYU54XP/JGk="; + cargoHash = "sha256-vcpxcRlW1OKoD64owFF6mkxSqmNrvY+y3Ckn5UwEQ50="; + }; + commonDerivationAttrs = rec { pname = "lldap"; version = "0.4.3"; @@ -65,7 +71,7 @@ let pname = commonDerivationAttrs.pname + "-frontend"; nativeBuildInputs = [ - wasm-pack wasm-bindgen-cli binaryen which rustc-wasm rustc-wasm.llvmPackages.lld + wasm-pack wasm-bindgen-84 binaryen which rustc-wasm rustc-wasm.llvmPackages.lld ]; buildPhase = '' diff --git a/pkgs/shells/any-nix-shell/default.nix b/pkgs/shells/any-nix-shell/default.nix index 095347a3ca99..fd4807e6d675 100644 --- a/pkgs/shells/any-nix-shell/default.nix +++ b/pkgs/shells/any-nix-shell/default.nix @@ -25,5 +25,6 @@ stdenv.mkDerivation rec { license = licenses.mit; homepage = "https://github.com/haslersn/any-nix-shell"; maintainers = with maintainers; [ haslersn ]; + mainProgram = "any-nix-shell"; }; } diff --git a/pkgs/shells/zsh/default.nix b/pkgs/shells/zsh/default.nix index 1297e622269f..d2bdd5d34d22 100644 --- a/pkgs/shells/zsh/default.nix +++ b/pkgs/shells/zsh/default.nix @@ -131,6 +131,7 @@ EOF homepage = "https://www.zsh.org/"; maintainers = with lib.maintainers; [ pSub artturin ]; platforms = lib.platforms.unix; + mainProgram = "zsh"; }; passthru = { diff --git a/pkgs/tools/admin/procs/default.nix b/pkgs/tools/admin/procs/default.nix index 03d26fd64988..b9c2a463909b 100644 --- a/pkgs/tools/admin/procs/default.nix +++ b/pkgs/tools/admin/procs/default.nix @@ -31,5 +31,6 @@ rustPlatform.buildRustPackage rec { changelog = "https://github.com/dalance/procs/raw/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ Br1ght0ne sciencentistguy ]; + mainProgram = "procs"; }; } diff --git a/pkgs/tools/cd-dvd/cdrdao/default.nix b/pkgs/tools/cd-dvd/cdrdao/default.nix index 527d70e7a90d..959899d3b3f3 100644 --- a/pkgs/tools/cd-dvd/cdrdao/default.nix +++ b/pkgs/tools/cd-dvd/cdrdao/default.nix @@ -1,21 +1,60 @@ -{lib, stdenv, fetchurl, libvorbis, libmad, pkg-config, libao}: +{ + lib, + stdenv, + fetchurl, + fetchpatch, + pkg-config, + libiconv, + libvorbis, + libmad, + libao, + CoreServices, + IOKit, +}: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "cdrdao"; version = "1.2.5"; src = fetchurl { - url = "mirror://sourceforge/cdrdao/cdrdao-${version}.tar.bz2"; + url = "mirror://sourceforge/cdrdao/cdrdao-${finalAttrs.version}.tar.bz2"; hash = "sha256-0ZtnyFPF26JAavqrbNeI53817r5jTKxGeVKEd8e+AbY="; }; makeFlags = [ "RM=rm" "LN=ln" "MV=mv" ]; - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libvorbis libmad libao ]; + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libiconv + libvorbis + libmad + libao + ] ++ lib.optionals stdenv.isDarwin [ + CoreServices + IOKit + ]; hardeningDisable = [ "format" ]; + patches = [ + # Fix build on macOS SDK < 12 + # https://github.com/cdrdao/cdrdao/pull/19 + (fetchpatch { + url = "https://github.com/cdrdao/cdrdao/commit/105d72a61f510e3c47626476f9bbc9516f824ede.patch"; + hash = "sha256-NVIw59CSrc/HcslhfbYQNK/qSmD4QbfuV8hWYhWelX4="; + }) + + # Fix undefined behaviour caused by uninitialized variable + # https://github.com/cdrdao/cdrdao/pull/21 + (fetchpatch { + url = "https://github.com/cdrdao/cdrdao/commit/251a40ab42305c412674c7c2d391374d91e91c95.patch"; + hash = "sha256-+nGlWw5rgc5Ns2l+6fQ4Hp2LbhO4R/I95h9WGIh/Ebw="; + }) + ]; + # we have glibc/include/linux as a symlink to the kernel headers, # and the magic '..' points to kernelheaders, and not back to the glibc/include postPatch = '' @@ -25,10 +64,10 @@ stdenv.mkDerivation rec { # Needed on gcc >= 6. env.NIX_CFLAGS_COMPILE = "-Wno-narrowing"; - meta = with lib; { + meta = { description = "A tool for recording audio or data CD-Rs in disk-at-once (DAO) mode"; homepage = "https://cdrdao.sourceforge.net/"; - platforms = platforms.linux; - license = licenses.gpl2; + platforms = lib.platforms.unix; + license = lib.licenses.gpl2; }; -} +}) diff --git a/pkgs/tools/cd-dvd/srt-to-vtt-cl/default.nix b/pkgs/tools/cd-dvd/srt-to-vtt-cl/default.nix index 70fcedde858a..80e456d072ce 100644 --- a/pkgs/tools/cd-dvd/srt-to-vtt-cl/default.nix +++ b/pkgs/tools/cd-dvd/srt-to-vtt-cl/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, substituteAll }: +{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { pname = "srt-to-vtt-cl"; @@ -12,14 +12,13 @@ stdenv.mkDerivation rec { }; patches = [ - (substituteAll { - src = ./fix-validation.patch; - }) + ./fix-validation.patch + ./simplify-macOS-builds.patch ]; installPhase = '' mkdir -p $out/bin - cp bin/$(uname -s)/$(uname -m)/srt-vtt $out/bin + cp bin/srt-vtt $out/bin ''; meta = with lib; { @@ -27,6 +26,6 @@ stdenv.mkDerivation rec { license = licenses.mit; maintainers = with maintainers; [ ericdallo ]; homepage = "https://github.com/nwoltman/srt-to-vtt-cl"; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/tools/cd-dvd/srt-to-vtt-cl/simplify-macOS-builds.patch b/pkgs/tools/cd-dvd/srt-to-vtt-cl/simplify-macOS-builds.patch new file mode 100644 index 000000000000..71497f23beef --- /dev/null +++ b/pkgs/tools/cd-dvd/srt-to-vtt-cl/simplify-macOS-builds.patch @@ -0,0 +1,31 @@ +From be08356f421825d3d2dd7ab687f86d9981a31f9a Mon Sep 17 00:00:00 2001 +From: "Travis A. Everett" +Date: Thu, 3 Aug 2023 20:15:40 -0500 +Subject: [PATCH] simplify macOS builds + +--- + Makefile | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/Makefile b/Makefile +index 6dfd829..19c3ae3 100644 +--- a/Makefile ++++ b/Makefile +@@ -8,13 +8,7 @@ CXXFLAGS = -std=c++11 -O2 -MMD -I ./deps + OBJECTS := src/text_encoding_detect.o src/Utils.o src/Converter.o src/main.o + DEPENDS := $(OBJECTS:.o=.d) + EXEC = srt-vtt +-UNAME_S := $(shell uname -s) +-ifeq ($(UNAME_S), Darwin) +- BIN_DIR = bin/Mac-OSX +-else +- UNAME_M := $(shell uname -m) +- BIN_DIR = bin/$(UNAME_S)/$(UNAME_M) +-endif ++BIN_DIR = bin + EXEC_PATH = $(BIN_DIR)/$(EXEC) + + .PHONY: test +-- +2.39.0 + diff --git a/pkgs/tools/misc/exa/default.nix b/pkgs/tools/misc/exa/default.nix index 91d0b1c49d09..d22303e150c9 100644 --- a/pkgs/tools/misc/exa/default.nix +++ b/pkgs/tools/misc/exa/default.nix @@ -58,5 +58,6 @@ rustPlatform.buildRustPackage { homepage = "https://the.exa.website"; license = licenses.mit; maintainers = with maintainers; [ ehegnes lilyball globin fortuneteller2k ]; + mainProgram = "exa"; }; } diff --git a/pkgs/tools/misc/eza/default.nix b/pkgs/tools/misc/eza/default.nix new file mode 100644 index 000000000000..f3b2fa0e52b8 --- /dev/null +++ b/pkgs/tools/misc/eza/default.nix @@ -0,0 +1,61 @@ +{ lib +, gitSupport ? true +, stdenv +, fetchFromGitHub +, rustPlatform +, cmake +, pandoc +, pkg-config +, zlib +, Security +, libiconv +, installShellFiles +}: + +rustPlatform.buildRustPackage rec { + pname = "eza"; + version = "0.10.4"; + + src = fetchFromGitHub { + owner = "cafkafk"; + repo = "eza"; + rev = "v${version}"; + hash = "sha256-9Pw7DQ/QTRHNsCPen+Nn5HdvjX1ju08q+KyitPF9+xQ="; + }; + + cargoHash = "sha256-KveRmlgyree77ZDOB4hQA35F/u/ARKiAHRgHpjCXOow="; + + nativeBuildInputs = [ cmake pkg-config installShellFiles pandoc ]; + buildInputs = [ zlib ] + ++ lib.optionals stdenv.isDarwin [ libiconv Security ]; + + buildNoDefaultFeatures = true; + buildFeatures = lib.optional gitSupport "git"; + + outputs = [ "out" "man" ]; + + postInstall = '' + pandoc --standalone -f markdown -t man man/eza.1.md > man/eza.1 + pandoc --standalone -f markdown -t man man/eza_colors.5.md > man/eza_colors.5 + installManPage man/eza.1 man/eza_colors.5 + installShellCompletion \ + --bash completions/bash/eza \ + --fish completions/fish/eza.fish \ + --zsh completions/zsh/_eza + ''; + + meta = with lib; { + description = "A modern, maintained replacement for ls"; + longDescription = '' + eza is a modern replacement for ls. It uses colours for information by + default, helping you distinguish between many types of files, such as + whether you are the owner, or in the owning group. It also has extra + features not present in the original ls, such as viewing the Git status + for a directory, or recursing into directories with a tree view. eza is + written in Rust, so it’s small, fast, and portable. + ''; + homepage = "https://github.com/cafkafk/eza"; + license = licenses.mit; + maintainers = with maintainers; [ cafkafk ]; + }; +} diff --git a/pkgs/tools/misc/zoxide/default.nix b/pkgs/tools/misc/zoxide/default.nix index 8d311223be75..cba030c8a653 100644 --- a/pkgs/tools/misc/zoxide/default.nix +++ b/pkgs/tools/misc/zoxide/default.nix @@ -10,13 +10,13 @@ rustPlatform.buildRustPackage rec { pname = "zoxide"; - version = "0.9.1"; + version = "0.9.2"; src = fetchFromGitHub { owner = "ajeetdsouza"; repo = "zoxide"; rev = "v${version}"; - sha256 = "sha256-qmT/gTkizZpyYN/YdobBq2vunGM5SpNpCHIFmg8nPhk="; + sha256 = "sha256-h/T3McaKKASwQt+0SBBxFXMnYyt+0Xl+5i8IulUAdnU="; }; nativeBuildInputs = [ installShellFiles ]; @@ -28,7 +28,7 @@ rustPlatform.buildRustPackage rec { --replace '"fzf"' '"${fzf}/bin/fzf"' ''; - cargoSha256 = "sha256-1sW6bvRJJp+qT5A9+l8wN3TQuzFDiBoeLyY5JvAA7dQ="; + cargoSha256 = "sha256-uu7zi6prnfbi4EQ0+0QcTEo/t5CIwNEQgJkIgxSk5u4="; postInstall = '' installManPage man/man*/* diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 95b146a51c4c..2b832872ece1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6563,7 +6563,9 @@ with pkgs; cdpr = callPackage ../tools/networking/cdpr { }; - cdrdao = callPackage ../tools/cd-dvd/cdrdao { }; + cdrdao = callPackage ../tools/cd-dvd/cdrdao { + inherit (darwin.apple_sdk.frameworks) CoreServices IOKit; + }; cdrkit = callPackage ../tools/cd-dvd/cdrkit { }; @@ -7810,6 +7812,10 @@ with pkgs; expliot = callPackage ../tools/security/expliot { }; + eza = callPackage ../tools/misc/eza { + inherit (darwin.apple_sdk.frameworks) Security; + }; + f2fs-tools = callPackage ../tools/filesystems/f2fs-tools { }; Fabric = with python3Packages; toPythonApplication fabric;