Merge staging-next into staging

nixos/modules/hardware/all-firmware.nix

@@ -48,10 +48,7 @@ in {
         alsa-firmware
         sof-firmware
         libreelec-dvb-firmware
-      ] ++ optional pkgs.stdenv.hostPlatform.isAarch raspberrypiWirelessFirmware
-        ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
-        rtl8723bs-firmware
-      ];
+      ] ++ optional pkgs.stdenv.hostPlatform.isAarch raspberrypiWirelessFirmware;
     })
     (mkIf cfg.enableAllFirmware {
       assertions = [{

nixos/modules/system/boot/luksroot.nix

@@ -513,7 +513,7 @@ let
   postLVM = filterAttrs (n: v: !v.preLVM) luks.devices;
 
 
-  stage1Crypttab = pkgs.writeText "initrd-crypttab" (lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: let
+  stage1Crypttab = pkgs.writeText "initrd-crypttab" (lib.concatLines (lib.mapAttrsToList (n: v: let
     opts = v.crypttabExtraOpts
       ++ optional v.allowDiscards "discard"
       ++ optionals v.bypassWorkqueues [ "no-read-workqueue" "no-write-workqueue" ]

pkgs/applications/misc/gcfflasher/default.nix

@@ -8,13 +8,13 @@
 
 stdenv.mkDerivation rec {
   pname = "gcfflasher";
-  version = "4.0.3-beta";
+  version = "4.3.0-beta";
 
   src = fetchFromGitHub {
     owner = "dresden-elektronik";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-m+iDBfsHo+PLYd3K8JaKwhIXcnj+Q8w7gIgmHp+0plk=";
+    hash = "sha256-H1CZ7rAM1QpdmSnUpvg6ytln/0MQKju/C4aIk3xl0PA=";
   };
 
   nativeBuildInputs = [
@@ -22,11 +22,6 @@ stdenv.mkDerivation rec {
     cmake
   ];
 
-  postPatch = ''
-    substituteInPlace CMakeLists.txt \
-      --replace 'main_windows.c' 'main_posix.c'
-    '';
-
   buildInputs = lib.optionals stdenv.isLinux [
     libgpiod
   ];
@@ -42,5 +37,6 @@ stdenv.mkDerivation rec {
     license = licenses.bsd3;
     homepage = "https://github.com/dresden-elektronik/gcfflasher";
     maintainers = with maintainers; [ fleaz ];
+    platforms = platforms.all;
   };
 }

pkgs/applications/misc/ns-usbloader/default.nix

@@ -4,6 +4,8 @@
 , copyDesktopItems
 , makeDesktopItem
 , makeWrapper
+, wrapGAppsHook
+, gvfs
 , maven
 , jre
 }:
@@ -40,18 +42,25 @@ maven.buildMavenPackage rec {
   nativeBuildInputs = [
     copyDesktopItems
     makeWrapper
+    wrapGAppsHook
+    gvfs
   ];
 
+  # Don't wrap binaries twice.
+  dontWrapGApps = true;
+
+  ### Issues:
+  # * Set us to only use software rendering with `-Dprism.order=sw`, had a hard time
+  #   getting `prism_es2` happy with NixOS's GL/GLES.
+  # * Currently, there's also a lot of `Failed to build parent project for org.openjfx:javafx-*`
+  #   at build, but jar runs fine when using `jreWithJavaFX`.
+
   installPhase = ''
     runHook preInstall
 
     mkdir -p $out/share/java
     install -Dm644 target/ns-usbloader-${version}.jar $out/share/java/ns-usbloader.jar
 
-    mkdir -p $out/bin
-    makeWrapper ${jreWithJavaFX}/bin/java $out/bin/ns-usbloader \
-      --append-flags "-jar $out/share/java/ns-usbloader.jar"
-
     mkdir -p $out/lib/udev/rules.d
     install -Dm644 ${./99-ns-usbloader.rules} $out/lib/udev/rules.d/99-ns-usbloader.rules
 
@@ -64,6 +73,13 @@ maven.buildMavenPackage rec {
     runHook postInstall
   '';
 
+  preFixup = ''
+    mkdir -p $out/bin
+    makeWrapper ${jreWithJavaFX}/bin/java $out/bin/ns-usbloader \
+      --append-flags "-Dprism.order=sw -jar $out/share/java/ns-usbloader.jar" \
+      "''${gappsWrapperArgs[@]}"
+  '';
+
   desktopItems = [
     (makeDesktopItem {
       type = "Application";

pkgs/by-name/kt/ktls-utils/package.nix

@@ -0,0 +1,54 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, autoreconfHook
+, pkg-config
+, gnutls
+, keyutils
+, glib
+, libnl
+, systemd
+, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd
+}:
+
+stdenv.mkDerivation rec {
+  pname = "ktls-utils";
+  version = "0.10";
+
+  src = fetchFromGitHub {
+    owner = "oracle";
+    repo = "ktls-utils";
+    rev = "ktls-utils-${version}";
+    hash = "sha256-1HceFajSSq1D3IMeGQF+i/iW1lL2opLLWFfsRHW9atg=";
+  };
+
+  nativeBuildInputs = [
+    autoreconfHook
+    pkg-config
+  ];
+
+  buildInputs = [
+    gnutls
+    keyutils
+    glib
+    libnl
+  ];
+
+  outputs = [ "out" "man" ];
+
+  configureFlags = lib.optional withSystemd [ "--with-systemd" ];
+
+  makeFlags = lib.optional withSystemd [ "unitdir=$(out)/lib/systemd/system" ];
+
+  doCheck = true;
+
+  meta = with lib; {
+    description = "TLS handshake utilities for in-kernel TLS consumers";
+    homepage = "https://github.com/oracle/ktls-utils";
+    changelog = "https://github.com/oracle/ktls-utils/blob/${src.rev}/NEWS";
+    license = licenses.gpl2Only;
+    maintainers = with maintainers; [ ];
+    mainProgram = "ktls-utils";
+    platforms = platforms.linux;
+  };
+}

pkgs/by-name/pr/prr/package.nix

@@ -0,0 +1,38 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, stdenv
+, openssl
+, pkg-config
+, darwin
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "prr";
+  version = "0.11.0";
+
+  src = fetchFromGitHub {
+    owner = "danobi";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-mPFnMoYlOU0oJcasrCEHO+Ze1YuwJ0ap7+p2Fs75pcY=";
+  };
+
+  cargoHash = "sha256-HDNJ17SB9XdqDAAmEBJz/P52/QJcuV6sVsgxBVWKIRg=";
+
+  buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [
+    darwin.apple_sdk.frameworks.Security
+    darwin.apple_sdk.frameworks.SystemConfiguration
+  ];
+
+  nativeBuildInputs = [ pkg-config ];
+
+  meta = with lib; {
+    description = "A tool that brings mailing list style code reviews to Github PRs";
+    homepage = "https://github.com/danobi/prr";
+    license = licenses.gpl2Only;
+    mainProgram = "prr";
+    maintainers = with maintainers; [ evalexpr ];
+  };
+}
+

pkgs/by-name/sy/syn2mas/package.nix

@@ -0,0 +1,30 @@
+{ lib
+, buildNpmPackage
+, fetchFromGitHub
+}:
+
+buildNpmPackage rec {
+  pname = "syn2mas";
+  version = "0.7.0";
+
+  src = fetchFromGitHub {
+    owner = "matrix-org";
+    repo = "matrix-authentication-service";
+    rev = "v${version}";
+    hash = "sha256-foipChunzRKIbeO+O+XYx0luzaA0G9LKrH59luQl9R0=";
+  };
+
+  sourceRoot = "source/tools/syn2mas";
+
+  npmDepsHash = "sha256-CdEjfT4rXINv0Fzy56T//XftuAzrn03lQd76/PC2QR8=";
+
+  dontBuild = true;
+
+  meta = with lib; {
+    description = "Tool to help with the migration of a Matrix Synapse installation to the Matrix Authentication Service";
+    homepage = "https://github.com/matrix-org/matrix-authentication-service/tree/main/tools/syn2mas";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ teutat3s ];
+    mainProgram = "syn2mas";
+  };
+}

pkgs/by-name/za/zapzap/package.nix

@@ -48,7 +48,12 @@ python3Packages.buildPythonApplication rec {
 
   postInstall = ''
     install -Dm555 share/applications/com.rtosta.zapzap.desktop -t $out/share/applications/
-    install -Dm555 share/icons/com.rtosta.zapzap.svg -t $out/share/icons/hicolor/scalable/
+    install -Dm555 share/icons/com.rtosta.zapzap.svg -t $out/share/icons/hicolor/scalable/apps/
+  '';
+
+  dontWrapQtApps = true;
+  preFixup = ''
+    makeWrapperArgs+=("''${qtWrapperArgs[@]}")
   '';
 
   # has no tests

pkgs/desktops/lomiri/default.nix

@@ -25,12 +25,14 @@ let
     lomiri-action-api = callPackage ./qml/lomiri-action-api { };
     lomiri-notifications = callPackage ./qml/lomiri-notifications { };
     lomiri-settings-components = callPackage ./qml/lomiri-settings-components { };
+    lomiri-ui-extras = callPackage ./qml/lomiri-ui-extras { };
     lomiri-ui-toolkit = callPackage ./qml/lomiri-ui-toolkit { };
 
     #### Services
     biometryd = callPackage ./services/biometryd { };
     hfd-service = callPackage ./services/hfd-service { };
     lomiri-app-launch = callPackage ./development/lomiri-app-launch { };
+    lomiri-download-manager = callPackage ./services/lomiri-download-manager { };
     mediascanner2 = callPackage ./services/mediascanner2 { };
   };
 in

pkgs/desktops/lomiri/qml/lomiri-ui-extras/default.nix

@@ -0,0 +1,125 @@
+{ stdenv
+, lib
+, fetchFromGitLab
+, fetchpatch
+, gitUpdater
+, cmake
+, cmake-extras
+, cups
+, exiv2
+, lomiri-ui-toolkit
+, pam
+, pkg-config
+, qtbase
+, qtdeclarative
+, xvfb-run
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "lomiri-ui-extras";
+  version = "0.6.2";
+
+  src = fetchFromGitLab {
+    owner = "ubports";
+    repo = "development/core/lomiri-ui-extras";
+    rev = finalAttrs.version;
+    hash = "sha256-RZTGTe18ebqKz8kWOpRgFJO2sR97sVbdPQMW/XLHs68=";
+  };
+
+  patches = [
+    # Fix compatibility with Exiv2 0.28.0
+    # Remove when version > 0.6.2
+    (fetchpatch {
+      name = "0001-lomiri-ui-extras-Fix-for-exiv2-0.28.0.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-ui-extras/-/commit/f337ceefa7c4f8f39dc7c75d51df8b86f148891a.patch";
+      hash = "sha256-dm50un46eTeBZsyHJF1npGBqOAF1BopJZ1Uln1PqSOE=";
+    })
+
+    # Remove deprecated qt5_use_modules usage
+    # Remove when version > 0.6.2
+    (fetchpatch {
+      name = "0002-lomiri-ui-extras-Stop-using-qt5_use_modules.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-ui-extras/-/commit/df506e7ebe7107dd0465d7d65727753f07abd122.patch";
+      hash = "sha256-VmOhJaUgjp9BHoYAO780uxI5tE7F0Gtp9gRNe0QCrhs=";
+    })
+
+    # Find qmltestrunner via PATH instead of hardcoded path
+    # https://gitlab.com/ubports/development/core/lomiri-ui-extras/-/merge_requests/84
+    (fetchpatch {
+      name = "0003-lomiri-ui-extras-Dont-insist-on-finding-qmltestrunner-only-at-hardcoded-guess.patch";
+      url = "https://gitlab.com/OPNA2608/lomiri-ui-extras/-/commit/b0c4901818761b516a45b7f0524ac713ddf33cfe.patch";
+      hash = "sha256-oFeaGiYEDr9XHRlCpXX+0ALlVdfb0FmGBFF1RzIXSBE=";
+    })
+  ];
+
+  postPatch = ''
+    substituteInPlace modules/Lomiri/Components/Extras{,/{plugin,PamAuthentication}}/CMakeLists.txt \
+      --replace "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" "\''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}"
+
+    # tst_busy_indicator runs into a codepath in lomiri-ui-toolkit that expects a working GL context
+    sed -i tests/qml/CMakeLists.txt \
+      -e '/declare_qml_test("tst_busy_indicator"/d'
+  '';
+
+  strictDeps = true;
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+
+  buildInputs = [
+    cmake-extras
+    cups
+    exiv2
+    pam
+    qtbase
+    qtdeclarative
+  ];
+
+  nativeCheckInputs = [
+    qtdeclarative # qmltestrunner
+    xvfb-run
+  ];
+
+  checkInputs = [
+    lomiri-ui-toolkit
+  ];
+
+  dontWrapQtApps = true;
+
+  cmakeFlags = [
+    "-DENABLE_TESTS=${lib.boolToString finalAttrs.finalPackage.doCheck}"
+  ];
+
+  # tst_PhotoEditorPhoto and tst_PhotoEditorPhotoImageProvider randomly fail, haven't had time to debug
+  doCheck = false;
+
+  # Parallelism breaks xvfb-run-launched script for QML tests
+  enableParallelChecking = false;
+
+  preCheck = let
+    listToQtVar = suffix: lib.makeSearchPathOutput "bin" suffix;
+  in ''
+    export QT_PLUGIN_PATH=${listToQtVar qtbase.qtPluginPrefix [ qtbase ]}
+    export QML2_IMPORT_PATH=${listToQtVar qtbase.qtQmlPrefix ([ qtdeclarative lomiri-ui-toolkit ] ++ lomiri-ui-toolkit.propagatedBuildInputs)}
+    export XDG_RUNTIME_DIR=$PWD
+  '';
+
+  passthru = {
+    updateScript = gitUpdater { };
+  };
+
+  meta = with lib; {
+    description = "Lomiri UI Extra Components";
+    longDescription = ''
+      A collection of UI components that for various reasons can't be included in
+      the main Lomiri UI toolkit - mostly because of the level of quality, lack of
+      documentation and/or lack of automated tests.
+    '';
+    homepage = "https://gitlab.com/ubports/development/core/lomiri-ui-extras";
+    license = licenses.gpl3Only;
+    maintainers = teams.lomiri.members;
+    platforms = platforms.linux;
+  };
+})

pkgs/desktops/lomiri/services/lomiri-download-manager/default.nix

@@ -0,0 +1,159 @@
+{ stdenv
+, lib
+, fetchFromGitLab
+, fetchpatch
+, gitUpdater
+, testers
+, boost
+, cmake
+, cmake-extras
+, dbus
+, dbus-test-runner
+, withDocumentation ? true
+, doxygen
+, glog
+, graphviz
+, gtest
+, lomiri-api
+, pkg-config
+, python3
+, qtbase
+, qtdeclarative
+, wrapQtAppsHook
+, xvfb-run
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "lomiri-download-manager";
+  version = "0.1.2";
+
+  src = fetchFromGitLab {
+    owner = "ubports";
+    repo = "development/core/lomiri-download-manager";
+    rev = finalAttrs.version;
+    hash = "sha256-a9C+hactBMHMr31E+ImKDPgpzxajy1klkjDcSEkPHqI=";
+  };
+
+  outputs = [
+    "out"
+    "dev"
+  ] ++ lib.optionals withDocumentation [
+    "doc"
+  ];
+
+  patches = [
+    # Remove when version > 0.1.2
+    (fetchpatch {
+      name = "0001-lomiri-download-manager-Make-documentation-build-optional.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-download-manager/-/commit/32d7369714c01bd425af9c6de5bdc04399a12e0a.patch";
+      hash = "sha256-UztcBAAFXDX2j0X5D3kMp9q0vFm3/PblUAKPJ5nZyiY=";
+    })
+
+    # Remove when version > 0.1.2
+    (fetchpatch {
+      name = "0002-lomiri-download-manager-Upgrade-C++-standard-to-C++17.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-download-manager/-/commit/a6bc7ae80f2ff4c4743978c6c694149707d9d2e2.patch";
+      hash = "sha256-iA1sZhHI8Osgo1ofL5RTqgVzUG32zx0dU/28qcEqmQc=";
+    })
+
+    # Remove when version > 0.1.2
+    (fetchpatch {
+      name = "0003-lomiri-download-manager-Bump-version-make-Werror-and-tests-optional.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-download-manager/-/commit/73ec04c429e5285f05dd72d5bb9720ba6ff31be2.patch";
+      hash = "sha256-0BrJSKCvUhITwfln05OrHgHEpldbgBoh4rivAvw+qrc=";
+    })
+
+    # Remove when version > 0.1.2
+    (fetchpatch {
+      name = "0004-lomiri-download-manager-Use-GNUInstallDirs-variables-for-more-install-destinations.patch";
+      url = "https://gitlab.com/ubports/development/core/lomiri-download-manager/-/commit/5d40daf053de62150aa5ee618285e415d7d3f1c8.patch";
+      hash = "sha256-r5fpiJkZkDsYX9fcX5JuPsE/qli9z5/DatmGJ9/QauU=";
+    })
+  ];
+
+  postPatch = ''
+    # fetchpatch strips renames
+    # Remove when version > 0.1.2
+    for service in src/{uploads,downloads}/daemon/{lomiri-*-manager,lomiri-*-manager-systemd,com.lomiri.*}.service; do
+      mv "$service" "$service".in
+    done
+
+    # pkg_get_variable doesn't let us substitute prefix pkg-config variable from systemd
+    substituteInPlace CMakeLists.txt \
+      --replace 'pkg_get_variable(SYSTEMD_USER_DIR systemd systemduserunitdir)' 'set(SYSTEMD_USER_DIR "${placeholder "out"}/lib/systemd/user")' \
+      --replace "\''${CMAKE_INSTALL_LIBDIR}/qt5/qml" "\''${CMAKE_INSTALL_PREFIX}/${qtbase.qtQmlPrefix}"
+  '';
+
+  strictDeps = true;
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+    wrapQtAppsHook
+  ] ++ lib.optionals withDocumentation [
+    doxygen
+    graphviz
+  ];
+
+  buildInputs = [
+    boost
+    cmake-extras
+    glog
+    lomiri-api
+    qtbase
+    qtdeclarative
+  ];
+
+  nativeCheckInputs = [
+    dbus
+    dbus-test-runner
+    python3
+    xvfb-run
+  ];
+
+  checkInputs = [
+    gtest
+  ];
+
+  cmakeFlags = [
+    "-DENABLE_DOC=${lib.boolToString withDocumentation}"
+    # Deprecation warnings on Qt 5.15
+    # https://gitlab.com/ubports/development/core/lomiri-download-manager/-/issues/1
+    "-DENABLE_WERROR=OFF"
+  ];
+
+  makeTargets = [
+    "all"
+  ] ++ lib.optionals withDocumentation [
+    "doc"
+  ];
+
+  doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
+
+  # xvfb tests are flaky on xvfb shutdown when parallelised
+  enableParallelChecking = false;
+
+  preCheck = ''
+    export HOME=$TMPDIR # temp files in home
+    export QT_PLUGIN_PATH=${lib.getBin qtbase}/${qtbase.qtPluginPrefix} # xcb platform & sqlite driver
+  '';
+
+  passthru = {
+    tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
+    updateScript = gitUpdater { };
+  };
+
+  meta = with lib; {
+    description = "Performs uploads and downloads from a centralized location";
+    homepage = "https://gitlab.com/ubports/development/core/lomiri-download-manager";
+    license = licenses.lgpl3Only;
+    maintainers = teams.lomiri.members;
+    platforms = platforms.linux;
+    pkgConfigModules = [
+      "ldm-common"
+      "lomiri-download-manager-client"
+      "lomiri-download-manager-common"
+      "lomiri-upload-manager-common"
+    ];
+  };
+})

pkgs/development/python-modules/aiovodafone/default.nix

@@ -10,8 +10,8 @@
 
 buildPythonPackage rec {
   pname = "aiovodafone";
-  version = "0.4.3";
-  format = "pyproject";
+  version = "0.5.1";
+  pyproject = true;
 
   disabled = pythonOlder "3.10";
 
@@ -19,7 +19,7 @@ buildPythonPackage rec {
     owner = "chemelli74";
     repo = "aiovodafone";
     rev = "refs/tags/v${version}";
-    hash = "sha256-nYMruxEqLvkcspz0damh9tBYYROz5gleLiyhjco+rsQ=";
+    hash = "sha256-4Pcdf5yAzjXbmWehon9DdZfaIdEjPLcdzf/EjYKEamk=";
   };
 
   postPatch = ''

pkgs/development/python-modules/botorch/default.nix

@@ -15,14 +15,14 @@
 
 buildPythonPackage rec {
   pname = "botorch";
-  version = "0.9.4";
+  version = "0.9.5";
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "pytorch";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-MSbGjv+5/znoUeveePuTrTOMTQMQvsc064G7WoHfBMI=";
+    hash = "sha256-M/VOt0p7io0K+VHrAmBJQ71VigH0Ll1D5it6+/o/3jg=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/polars/default.nix

@@ -13,7 +13,7 @@
 }:
 let
   pname = "polars";
-  version = "0.19.12";
+  version = "0.20.0";
   rootSource = fetchFromGitHub {
     owner = "pola-rs";
     repo = "polars";
@@ -28,8 +28,10 @@ let
 in
 buildPythonPackage {
   inherit pname version;
-  format = "pyproject";
-  disabled = pythonOlder "3.6";
+  pyproject = true;
+
+  disabled = pythonOlder "3.8";
+
   src = rootSource;
 
   # Cargo.lock file is sometimes behind actual release which throws an error,
@@ -46,12 +48,15 @@ buildPythonPackage {
       "jsonpath_lib-0.3.0" = "sha256-NKszYpDGG8VxfZSMbsTlzcMGFHBOUeFojNw4P2wM3qk=";
     };
   };
+
   cargoRoot = "py-polars";
 
   # Revisit this whenever package or Rust is upgraded
   RUSTC_BOOTSTRAP = 1;
 
-  propagatedBuildInputs = lib.optionals (pythonOlder "3.11") [ typing-extensions ];
+  propagatedBuildInputs = lib.optionals (pythonOlder "3.11") [
+    typing-extensions
+  ];
 
   dontUseCmakeConfigure = true;
 
@@ -71,7 +76,6 @@ buildPythonPackage {
     darwin.apple_sdk.frameworks.Security
   ];
 
-  pythonImportsCheck = [ "polars" ];
   # nativeCheckInputs = [
   #   pytestCheckHook
   #   fixtures
@@ -82,9 +86,14 @@ buildPythonPackage {
   #   pydot
   # ];
 
+  pythonImportsCheck = [
+    "polars"
+  ];
+
   meta = with lib; {
-    description = "Fast multi-threaded DataFrame library in Rust | Python | Node.js ";
+    description = "Fast multi-threaded DataFrame library";
     homepage = "https://github.com/pola-rs/polars";
+    changelog = "https://github.com/pola-rs/polars/releases/tag/py-${version}";
     license = licenses.asl20;
     maintainers = with maintainers; [ happysalada ];
   };

pkgs/development/tools/language-servers/metals/default.nix

@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "metals";
-  version = "1.1.0";
+  version = "1.2.0";
 
   deps = stdenv.mkDerivation {
     name = "${pname}-deps-${version}";
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     '';
     outputHashMode = "recursive";
     outputHashAlgo = "sha256";
-    outputHash = "sha256-9zigJM0xEJSYgohbjc9ZLBKbPa/WGVSv3KVFE3QUzWE=";
+    outputHash = "sha256-nikQ/GFRWmYYzboc9TWIi9gd5kwgCxOLhvIEQWusFik=";
   };
 
   nativeBuildInputs = [ makeWrapper setJavaClassPath ];

pkgs/servers/matrix-synapse/matrix-hookshot/package.json

@@ -1,6 +1,6 @@
 {
   "name": "matrix-hookshot",
-  "version": "4.5.1",
+  "version": "4.7.0",
   "description": "A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.",
   "main": "lib/app.js",
   "repository": "https://github.com/matrix-org/matrix-hookshot",
@@ -48,7 +48,7 @@
     "@octokit/webhooks": "^9.1.2",
     "@sentry/node": "^7.52.1",
     "ajv": "^8.11.0",
-    "axios": "^0.24.0",
+    "axios": "^1.6.2",
     "cors": "^2.8.5",
     "express": "^4.17.3",
     "figma-js": "^1.14.0",

pkgs/servers/matrix-synapse/matrix-hookshot/pin.json

@@ -1,6 +1,6 @@
 {
-  "version": "4.5.1",
-  "srcHash": "sha256-uqLpwgVEfwcMTeGMDn3lDUD91GHPNyWHmCSPxuV/VC0=",
-  "yarnHash": "08dw9vbhlmqwj2nah6fv1b2sf15ibl5kg38ghkxkbccs4j7adans",
-  "cargoHash": "sha256-bIpsQni3kaoYCGLz01YdauYM8ybpx+BvVTiB6N72rIA="
+  "version": "4.7.0",
+  "srcHash": "sha256-27PBuLyk/1ER26pus5tbe9CxeYEZgZrYBYy5l3B/19c=",
+  "yarnHash": "05mh3q5zw1aiznvbkhp7spb1bgcv32ncdb4zpyvhhv74pyhjnsn2",
+  "cargoHash": "sha256-cAjsNVQfXfZbM1/MoiEh/Qp0uW/iXsxBVx7cRZY3tN0="
 }

pkgs/tools/security/step-ca/default.nix

@@ -12,20 +12,24 @@
 
 buildGoModule rec {
   pname = "step-ca";
-  version = "0.25.0";
+  version = "0.25.2";
 
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "certificates";
     rev = "refs/tags/v${version}";
-    hash = "sha256-CO9Qjx4D6qNGjOdva88KRCJOQq85r5U5nwmXC1G94dY=";
+    hash = "sha256-cP3QypBNWGbr7R7lJLfaoBh6C37ubGuaxnxWlZ1Z000=";
   };
 
-  vendorHash = "sha256-Weq8sS+8gsfdoVSBDm8E2DCrngfNsolqQR2/yd9etPo=";
+  vendorHash = "sha256-AXMMpzXEhdKSGeVg/KK2NEgalxIXP6DUTcoxOQVqow4=";
 
-  ldflags = [ "-buildid=" ];
+  ldflags = [
+    "-buildid="
+  ];
 
-  nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ];
+  nativeBuildInputs = lib.optionals hsmSupport [
+    pkg-config
+  ];
 
   buildInputs =
     lib.optionals (hsmSupport && stdenv.isLinux) [ pcsclite ]
@@ -43,9 +47,14 @@ buildGoModule rec {
     install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service
   '';
 
+  preCheck = ''
+    export HOME=$(mktemp -d)
+  '';
+
   # Tests start http servers which need to bind to local addresses:
   # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted
   __darwinAllowLocalNetworking = true;
+
   # Tests need to run in a reproducible order, otherwise they run unreliably on
   # (at least) x86_64-linux.
   checkFlags = [ "-p 1" ];