Merge staging-next into staging

maintainers/scripts/README.md

@@ -56,3 +56,16 @@ The maintainer is designated by a `selector` which must be one of:
   see [`maintainer-list.nix`] for the fields' definition.
 
 [`maintainer-list.nix`]: ../maintainer-list.nix
+
+
+## Conventions
+
+### `sha-to-sri.py`
+
+`sha-to-sri.py path ...` (atomically) rewrites hash attributes (named `hash` or `sha(1|256|512)`)
+into the SRI format: `hash = "{hash name}-{base64 encoded value}"`.
+
+`path` must point to either a nix file, or a directory which will be automatically traversed.
+
+`sha-to-sri.py` automatically skips files whose first non-empty line contains `generated by` or `do not edit`.
+Moreover, when walking a directory tree, the script will skip files whose name is `yarn.nix` or contains `generated`.

maintainers/scripts/sha-to-sri.py

@@ -1,13 +1,13 @@
 #!/usr/bin/env nix-shell
 #! nix-shell -i "python3 -I" -p "python3.withPackages(p: with p; [ rich structlog ])"
 
-from abc import ABC, abstractclassmethod, abstractmethod
+from abc import ABC, abstractmethod
 from contextlib import contextmanager
 from pathlib import Path
 from structlog.contextvars import bound_contextvars as log_context
 from typing import ClassVar, List, Tuple
 
-import hashlib, re, structlog
+import hashlib, logging, re, structlog
 
 
 logger = structlog.getLogger("sha-to-SRI")
@@ -26,11 +26,12 @@ class Encoding(ABC):
         assert len(digest) == self.n
 
         from base64 import b64encode
+
         return f"{self.hashName}-{b64encode(digest).decode()}"
 
     @classmethod
-    def all(cls, h) -> 'List[Encoding]':
-        return [ c(h) for c in cls.__subclasses__() ]
+    def all(cls, h) -> "List[Encoding]":
+        return [c(h) for c in cls.__subclasses__()]
 
     def __init__(self, h):
         self.n = h.digest_size
@@ -38,54 +39,56 @@ class Encoding(ABC):
 
     @property
     @abstractmethod
-    def length(self) -> int:
-        ...
+    def length(self) -> int: ...
 
     @property
     def regex(self) -> str:
         return f"[{self.alphabet}]{{{self.length}}}"
 
     @abstractmethod
-    def decode(self, s: str) -> bytes:
-        ...
+    def decode(self, s: str) -> bytes: ...
 
 
 class Nix32(Encoding):
     alphabet = "0123456789abcdfghijklmnpqrsvwxyz"
-    inverted  = { c: i for i, c in enumerate(alphabet) }
+    inverted = {c: i for i, c in enumerate(alphabet)}
 
     @property
     def length(self):
         return 1 + (8 * self.n) // 5
+
     def decode(self, s: str):
         assert len(s) == self.length
-        out = [ 0 for _ in range(self.n) ]
-        # TODO: Do better than a list of byte-sized ints
+        out = bytearray(self.n)
 
         for n, c in enumerate(reversed(s)):
             digit = self.inverted[c]
             i, j = divmod(5 * n, 8)
-            out[i] = out[i] | (digit << j) & 0xff
+            out[i] = out[i] | (digit << j) & 0xFF
             rem = digit >> (8 - j)
             if rem == 0:
                 continue
             elif i < self.n:
-                out[i+1] = rem
+                out[i + 1] = rem
             else:
                 raise ValueError(f"Invalid nix32 hash: '{s}'")
 
         return bytes(out)
 
+
 class Hex(Encoding):
     alphabet = "0-9A-Fa-f"
 
     @property
     def length(self):
         return 2 * self.n
+
     def decode(self, s: str):
         from binascii import unhexlify
+
         return unhexlify(s)
 
+
 class Base64(Encoding):
     alphabet = "A-Za-z0-9+/"
 
@@ -94,36 +97,39 @@ class Base64(Encoding):
         """Number of characters in data and padding."""
         i, k = divmod(self.n, 3)
         return 4 * i + (0 if k == 0 else k + 1), (3 - k) % 3
+
     @property
     def length(self):
         return sum(self.format)
+
     @property
     def regex(self):
         data, padding = self.format
         return f"[{self.alphabet}]{{{data}}}={{{padding}}}"
+
     def decode(self, s):
         from base64 import b64decode
+
         return b64decode(s, validate = True)
 
 
-_HASHES = (hashlib.new(n) for n in ('SHA-256', 'SHA-512'))
-ENCODINGS = {
-    h.name: Encoding.all(h)
-    for h in _HASHES
-}
+_HASHES = (hashlib.new(n) for n in ("SHA-256", "SHA-512"))
+ENCODINGS = {h.name: Encoding.all(h) for h in _HASHES}
 
 RE = {
     h: "|".join(
-        (f"({h}-)?" if e.name == 'base64' else '') +
-        f"(?P<{h}_{e.name}>{e.regex})"
+        (f"({h}-)?" if e.name == "base64" else "") + f"(?P<{h}_{e.name}>{e.regex})"
         for e in encodings
-    ) for h, encodings in ENCODINGS.items()
+    )
+    for h, encodings in ENCODINGS.items()
 }
 
-_DEF_RE = re.compile("|".join(
-    f"(?P<{h}>{h} = (?P<{h}_quote>['\"])({re})(?P={h}_quote);)"
-    for h, re in RE.items()
-))
+_DEF_RE = re.compile(
+    "|".join(
+        f"(?P<{h}>{h} = (?P<{h}_quote>['\"])({re})(?P={h}_quote);)"
+        for h, re in RE.items()
+    )
+)
 
 
 def defToSRI(s: str) -> str:
@@ -153,7 +159,7 @@ def defToSRI(s: str) -> str:
 
 @contextmanager
 def atomicFileUpdate(target: Path):
-    '''Atomically replace the contents of a file.
+    """Atomically replace the contents of a file.
 
     Guarantees that no temporary files are left behind, and `target` is either
     left untouched, or overwritten with new content if no exception was raised.
@@ -164,18 +170,20 @@ def atomicFileUpdate(target: Path):
 
     Upon exiting the context, the files are closed; if no exception was
     raised, `new` (atomically) replaces the `target`, otherwise it is deleted.
-    '''
+    """
     # That's mostly copied from noto-emoji.py, should DRY it out
-    from tempfile import mkstemp
-    fd, _p = mkstemp(
-        dir = target.parent,
-        prefix = target.name,
-    )
-    tmpPath = Path(_p)
+    from tempfile import NamedTemporaryFile
 
     try:
         with target.open() as original:
-            with tmpPath.open('w') as new:
+            with NamedTemporaryFile(
+                dir = target.parent,
+                prefix = target.stem,
+                suffix = target.suffix,
+                delete = False,
+                mode="w",  # otherwise the file would be opened in binary mode by default
+            ) as new:
+                tmpPath = Path(new.name)
                 yield (original, new)
 
         tmpPath.replace(target)
@@ -188,37 +196,31 @@ def atomicFileUpdate(target: Path):
 def fileToSRI(p: Path):
     with atomicFileUpdate(p) as (og, new):
         for i, line in enumerate(og):
-            with log_context(line=i):
+            with log_context(line = i):
                 new.write(defToSRI(line))
 
 
-_SKIP_RE = re.compile(
-    "(generated by)|(do not edit)",
-    re.IGNORECASE
-)
+_SKIP_RE = re.compile("(generated by)|(do not edit)", re.IGNORECASE)
 
 if __name__ == "__main__":
-    from sys import argv, stderr
+    from sys import argv
+
     logger.info("Starting!")
 
-    for arg in argv[1:]:
-        p = Path(arg)
-        with log_context(path=str(p)):
+    def handleFile(p: Path, skipLevel = logging.INFO):
+        with log_context(file = str(p)):
             try:
-                if p.name == "yarn.nix" or p.name.find("generated") != -1:
-                    logger.warning("File looks autogenerated, skipping!")
-                    continue
-
                 with p.open() as f:
                     for line in f:
                         if line.strip():
                             break
 
                     if _SKIP_RE.search(line):
-                        logger.warning("File looks autogenerated, skipping!")
-                        continue
+                        logger.log(skipLevel, "File looks autogenerated, skipping!")
+                        return
 
                 fileToSRI(p)
+
             except Exception as exn:
                 logger.error(
                     "Unhandled exception, skipping file!",
@@ -226,3 +228,19 @@ if __name__ == "__main__":
                 )
             else:
                 logger.info("Finished processing file")
+
+    for arg in argv[1:]:
+        p = Path(arg)
+        with log_context(arg = arg):
+            if p.is_file():
+                handleFile(p, skipLevel = logging.WARNING)
+
+            elif p.is_dir():
+                logger.info("Recursing into directory")
+                for q in p.glob("**/*.nix"):
+                    if q.is_file():
+                        if q.name == "yarn.nix" or q.name.find("generated") != -1:
+                            logger.info("File looks autogenerated, skipping!")
+                            continue
+
+                        handleFile(q)

nixos/modules/services/system/nix-daemon.nix

@@ -198,6 +198,7 @@ in
             IOSchedulingClass = cfg.daemonIOSchedClass;
             IOSchedulingPriority = cfg.daemonIOSchedPriority;
             LimitNOFILE = 1048576;
+            Delegate = "yes";
           };
 
         restartTriggers = [ config.environment.etc."nix/nix.conf".source ];

nixos/tests/gitdaemon.nix

@@ -20,7 +20,7 @@ in {
 
         systemd.tmpfiles.rules = [
           # type path mode user group age arg
-          " d    /git 0755 root root  -   -"
+          " d    /git 0755 git  git   -   -"
         ];
 
         services.gitDaemon = {
@@ -56,6 +56,10 @@ in {
             "rm -r /project",
         )
 
+    # Change user/group to default daemon user/group from module
+    # to avoid "fatal: detected dubious ownership in repository at '/git/project.git'"
+    server.succeed("chown git:git -R /git/project.git")
+
     with subtest("git daemon starts"):
         server.wait_for_unit("git-daemon.service")
 

pkgs/applications/misc/etesync-dav/default.nix

@@ -1,29 +1,22 @@
 { lib
 , stdenv
-, fetchpatch
 , nixosTests
 , python3
-, fetchPypi
+, fetchFromGitHub
 , radicale3
 }:
 
-python3.pkgs.buildPythonApplication rec {
+python3.pkgs.buildPythonApplication {
   pname = "etesync-dav";
-  version = "0.32.1";
+  version = "0.32.1-unstable-2024-09-02";
 
-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-pOLug5MnVdKaw5wedABewomID9LU0hZPCf4kZKKU1yA=";
+  src = fetchFromGitHub {
+    owner = "etesync";
+    repo = "etesync-dav";
+    rev = "b9b23bf6fba60d42012008ba06023bccd9109c08";
+    hash = "sha256-wWhwnOlwE1rFgROTSj90hlSw4k48fIEdk5CJOXoecuQ=";
   };
 
-  patches = [
-    (fetchpatch {
-      name = "add-missing-comma-in-setup.py.patch";
-      url = "https://github.com/etesync/etesync-dav/commit/040cb7b57205e70515019fb356e508a6414da11e.patch";
-      hash = "sha256-87IpIQ87rgpinvbRwUlWd0xeegn0zfVSiDFYNUqPerg=";
-    })
-  ];
-
   propagatedBuildInputs = with python3.pkgs; [
     appdirs
     etebase

pkgs/applications/science/logic/nusmv/default.nix

@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
 
   meta = with lib; {
     description = "New symbolic model checker for the analysis of synchronous finite-state and infinite-state systems";
-    homepage = "https://nuxmv.fbk.eu/pmwiki.php";
+    homepage = "https://nusmv.fbk.eu/";
     maintainers = with maintainers; [ mgttlinger ];
     sourceProvenance = with sourceTypes; [ binaryNativeCode ];
     platforms = platforms.linux;

pkgs/by-name/fa/fastfetch/package.nix

@@ -167,7 +167,7 @@ stdenv'.mkDerivation (finalAttrs: {
   };
 
   meta = {
-    description = "Like neofetch, but much faster because written in C";
+    description = "An actively maintained, feature-rich and performance oriented, neofetch like system information tool";
     homepage = "https://github.com/fastfetch-cli/fastfetch";
     changelog = "https://github.com/fastfetch-cli/fastfetch/releases/tag/${finalAttrs.version}";
     license = lib.licenses.mit;

pkgs/by-name/gl/glance/package.nix

@@ -8,16 +8,16 @@
 
 buildGoModule rec {
   pname = "glance";
-  version = "0.5.1";
+  version = "0.6.0";
 
   src = fetchFromGitHub {
     owner = "glanceapp";
     repo = "glance";
     rev = "v${version}";
-    hash = "sha256-ebHSnzTRmWw2YBnVIR4h2zdZvbUHbKVzmQYPHDTvZDQ=";
+    hash = "sha256-0P1f7IDEPSlVHtrygIsD502lIHqLISsSAi9pqB/gFdA=";
   };
 
-  vendorHash = "sha256-Okme73vLc3Pe9+rNlmG8Bj1msKaVb5PaIBsAAeTer6s=";
+  vendorHash = "sha256-BLWaYiWcLX+/DW7Zzp6/Mtw5uVxIVtfubB895hrZ+08=";
 
   excludedPackages = [ "scripts/build-and-ship" ];
 

pkgs/by-name/ma/marwaita-teal/package.nix

@@ -10,13 +10,13 @@
 
 stdenv.mkDerivation rec {
   pname = "marwaita-teal";
-  version = "20.3.1";
+  version = "21";
 
   src = fetchFromGitHub {
     owner = "darkomarko42";
     repo = pname;
     rev = version;
-    hash = "sha256-0OKG7JOpPiYbofiHWtLfkqHsZZIeGJPhl/tW1CIO3co=";
+    hash = "sha256-9WH/mbnLLLAf8B5Fwd7PMRAX2psWVJn7gGO4C5KkLjM=";
   };
 
   buildInputs = [

pkgs/by-name/te/telegraf/package.nix

@@ -1,5 +1,5 @@
 { lib
-, buildGoModule
+, buildGo123Module
 , fetchFromGitHub
 , nixosTests
 , stdenv
@@ -7,9 +7,9 @@
 , telegraf
 }:
 
-buildGoModule rec {
+buildGo123Module rec {
   pname = "telegraf";
-  version = "1.31.3";
+  version = "1.32.0";
 
   subPackages = [ "cmd/telegraf" ];
 
@@ -17,10 +17,10 @@ buildGoModule rec {
     owner = "influxdata";
     repo = "telegraf";
     rev = "v${version}";
-    hash = "sha256-J5jIyrxG2cLEu909/fcPQCo+xUlW6VAoge5atCrW4HY=";
+    hash = "sha256-ITTlHsoWPXHbGtmNOE0x1sCbeADWi4liOEqXXKQUeGU=";
   };
 
-  vendorHash = "sha256-lxLFUKOFg7HAjgZIVACW6VlWLgCeZX38SNRsjxc9D7g=";
+  vendorHash = "sha256-wKl6Rutt2QrF4nLxB5Ic6QlekrPUfHwdFZyTTdbK0HU=";
   proxyVendor = true;
 
   ldflags = [

pkgs/by-name/zo/zoekt/package.nix

@@ -2,19 +2,21 @@
 , buildGoModule
 , fetchFromGitHub
 , git
+, nix-update-script
 }:
+
 buildGoModule {
   pname = "zoekt";
-  version = "unstable-2022-11-09";
+  version = "0-unstable-2024-09-05";
 
   src = fetchFromGitHub {
     owner = "sourcegraph";
     repo = "zoekt";
-    rev = "c4b18d3b44da94b3e7c9c94467d68c029666bb86";
-    hash = "sha256-QtwOiBxBeFkhRfH3R2fP72b05Hc4+zt9njqCNVcprZ4=";
+    rev = "35dda3e212b7d7fb0df43dcbd88eb7a7b49ad9d8";
+    hash = "sha256-YdInCAq7h7iC1sfMekLgxqu3plUHr5Ku6FxyPKluQzw=";
   };
 
-  vendorHash = "sha256-DiAqFJ8E5V0/eHztm92WVrf1XGPXmmOaVXaWHfQMn2k=";
+  vendorHash = "sha256-GPeMRL5zWVjJVYpFPnB211Gfm/IaqisP1s6RNaLvN6M=";
 
   nativeCheckInputs = [
     git
@@ -25,6 +27,10 @@ buildGoModule {
     git config --global --replace-all protocol.file.allow always
   '';
 
+  passthru.updateScript = nix-update-script {
+    extraArgs = [ "--version" "branch" ];
+  };
+
   meta = {
     description = "Fast trigram based code search";
     homepage = "https://github.com/sourcegraph/zoekt";

pkgs/development/compilers/flutter/default.nix

@@ -56,7 +56,7 @@ let
     (mkCustomFlutter args).overrideAttrs (prev: next: {
       passthru = next.passthru // rec {
         inherit wrapFlutter mkCustomFlutter mkFlutter;
-        buildFlutterApplication = callPackage ../../../build-support/flutter { flutter = wrapFlutter (mkCustomFlutter args); };
+        buildFlutterApplication = callPackage ./build-support/build-flutter-application.nix { flutter = wrapFlutter (mkCustomFlutter args); };
       };
     });
 

pkgs/development/libraries/openmpi/default.nix

@@ -175,7 +175,9 @@ stdenv.mkDerivation (finalAttrs: {
         // lib.optionalAttrs fortranSupport {
           "fort" = [
             "gfortran"
-            "${targetPackages.gfortran}/bin/${targetPackages.gfortran.targetPrefix}gfortran"
+            "${targetPackages.gfortran or gfortran}/bin/${
+              targetPackages.gfortran.targetPrefix or gfortran.targetPrefix
+            }gfortran"
           ];
         };
       # The -wrapper-data.txt files that are not symlinks, need to be iterated as
@@ -238,11 +240,11 @@ stdenv.mkDerivation (finalAttrs: {
 
   postFixup =
     lib.optionalString (lib.elem "man" finalAttrs.outputs) ''
-      remove-references-to -t "''${!outputMan}" $(readlink -f $out/lib/libopen-pal${stdenv.hostPlatform.extensions.sharedLibrary})
+      remove-references-to -t "''${!outputMan}" $(readlink -f $out/lib/libopen-pal${stdenv.hostPlatform.extensions.library})
     ''
     + lib.optionalString (lib.elem "dev" finalAttrs.outputs) ''
       remove-references-to -t "''${!outputDev}" $out/bin/mpirun
-      remove-references-to -t "''${!outputDev}" $(readlink -f $out/lib/libopen-pal${stdenv.hostPlatform.extensions.sharedLibrary})
+      remove-references-to -t "''${!outputDev}" $(readlink -f $out/lib/libopen-pal${stdenv.hostPlatform.extensions.library})
 
       # The path to the wrapper is hard coded in libopen-pal.so, which we just cleared.
       wrapProgram "''${!outputDev}/bin/opal_wrapper" \

pkgs/development/mobile/xcodeenv/compose-xcodewrapper.nix

@@ -1,19 +1,41 @@
-{ stdenv, lib }:
-{ version ? "11.1"
-, allowHigher ? false
-, xcodeBaseDir ? "/Applications/Xcode.app" }:
+{ lib,
+  stdenv,
+  writeShellScriptBin }:
+{ versions ? [ ] , xcodeBaseDir ? "/Applications/Xcode.app" }:
 
 assert stdenv.isDarwin;
+let
+  xcodebuildPath = "${xcodeBaseDir}/Contents/Developer/usr/bin/xcodebuild";
 
+  xcodebuildWrapper = writeShellScriptBin "xcodebuild" ''
+    currentVer="$(${xcodebuildPath} -version | awk 'NR==1{print $2}')"
+    wrapperVers=(${lib.concatStringsSep " " versions})
+
+    for ver in "''${wrapperVers[@]}"; do
+      if [[ "$currentVer" == "$ver" ]]; then
+        # here exec replaces the shell without creating a new process
+        # https://www.gnu.org/software/bash/manual/bash.html#index-exec
+        exec "${xcodebuildPath}" "$@"
+      fi
+    done
+
+    echo "The installed Xcode version ($currentVer) does not match any of the allowed versions: ${lib.concatStringsSep ", " versions}"
+    echo "Please update your local Xcode installation to match one of the allowed versions"
+    exit 1
+  '';
+in
 stdenv.mkDerivation {
-  pname = "xcode-wrapper${lib.optionalString allowHigher "-plus"}";
-  inherit version;
+  name = "xcode-wrapper-impure";
   # Fails in sandbox. Use `--option sandbox relaxed` or `--option sandbox false`.
   __noChroot = true;
   buildCommand = ''
     mkdir -p $out/bin
     cd $out/bin
-    ln -s /usr/bin/xcode-select
+    ${if versions == [ ] then ''
+    ln -s "${xcodebuildPath}"
+    '' else ''
+    ln -s "${xcodebuildWrapper}/bin/xcode-select"
+    ''}
     ln -s /usr/bin/security
     ln -s /usr/bin/codesign
     ln -s /usr/bin/xcrun
@@ -22,23 +44,9 @@ stdenv.mkDerivation {
     ln -s /usr/bin/lipo
     ln -s /usr/bin/file
     ln -s /usr/bin/rev
-    ln -s "${xcodeBaseDir}/Contents/Developer/usr/bin/xcodebuild"
     ln -s "${xcodeBaseDir}/Contents/Developer/Applications/Simulator.app/Contents/MacOS/Simulator"
 
     cd ..
     ln -s "${xcodeBaseDir}/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs"
-
-    # Check if we have the xcodebuild version that we want
-    currVer=$($out/bin/xcodebuild -version | head -n1)
-    ${if allowHigher then ''
-    if [ -z "$(printf '%s\n' "${version}" "$currVer" | sort -V | head -n1)""" != "${version}" ]
-    '' else ''
-    if [ -z "$(echo $currVer | grep -x 'Xcode ${version}')" ]
-    ''}
-    then
-        echo "We require xcodebuild version${if allowHigher then " or higher" else ""}: ${version}"
-        echo "Instead what was found: $currVer"
-        exit 1
-    fi
   '';
 }

pkgs/development/ocaml-modules/eliom/default.nix

@@ -17,13 +17,13 @@
 
 buildDunePackage rec {
   pname = "eliom";
-  version = "10.4.1";
+  version = "11.0.0";
 
   src = fetchFromGitHub {
     owner = "ocsigen";
     repo = "eliom";
     rev = version;
-    hash = "sha256-j4t6GEd8hYyM87b9XvgcnaV9XMkouz6+v0SYW22/bqg=";
+    hash = "sha256-RgIK3xkKdX+zOurhML4370rsO4blJrWoEla09Nfe9Mw=";
   };
 
   nativeBuildInputs = [

pkgs/development/ocaml-modules/ocsigen-server/default.nix

@@ -1,6 +1,6 @@
 { lib, buildDunePackage, fetchFromGitHub, which, ocaml, lwt_react, ssl, lwt_ssl, findlib
 , bigstringaf, lwt, cstruct, mirage-crypto, zarith, mirage-crypto-ec, ptime, mirage-crypto-rng, mtime, ca-certs
-, cohttp, cohttp-lwt-unix, hmap
+, cohttp, cohttp-lwt-unix
 , lwt_log, re, cryptokit, xml-light, ipaddr
 , camlzip
 , makeWrapper
@@ -17,7 +17,7 @@ let caml_ld_library_path =
 ; in
 
 buildDunePackage rec {
-  version = "5.1.2";
+  version = "6.0.0";
   pname = "ocsigenserver";
 
   minimalOCamlVersion = "4.08";
@@ -26,13 +26,13 @@ buildDunePackage rec {
     owner = "ocsigen";
     repo = "ocsigenserver";
     rev = "refs/tags/${version}";
-    hash = "sha256-piWHA4RMO370TETC9FtISyBvS1Uhk5CAGAtZleJTpjU=";
+    hash = "sha256-T3bgPZpDO6plgebLJDBtBuR2eR/bN3o24UAUv1VwgtI=";
   };
 
   nativeBuildInputs = [ makeWrapper which ];
   buildInputs = [ lwt_react camlzip findlib ];
 
-  propagatedBuildInputs = [ cohttp cohttp-lwt-unix cryptokit hmap ipaddr lwt_log lwt_ssl
+  propagatedBuildInputs = [ cohttp cohttp-lwt-unix cryptokit ipaddr lwt_log lwt_ssl
     re xml-light
   ];
 

pkgs/development/python-modules/pynetbox/default.nix

@@ -2,34 +2,38 @@
   lib,
   buildPythonPackage,
   fetchFromGitHub,
+  setuptools,
   setuptools-scm,
   packaging,
   requests,
-  six,
   pytestCheckHook,
   pyyaml,
 }:
 
 buildPythonPackage rec {
   pname = "pynetbox";
-  version = "7.3.4";
-  format = "setuptools";
+  version = "7.4.0";
+  pyproject = true;
 
   src = fetchFromGitHub {
     owner = "netbox-community";
-    repo = pname;
+    repo = "pynetbox";
     rev = "refs/tags/v${version}";
-    hash = "sha256-Ie309I19BhzASrmc3Ws1zV/BySc49AhFPNrNKQhTD0U=";
+    hash = "sha256-JOUgQvOtvXRDM79Sp472OHPh1YEoA82T3R9aZFes8SI=";
   };
 
-  nativeBuildInputs = [ setuptools-scm ];
+  build-system = [
+    setuptools
+    setuptools-scm
+  ];
 
-  propagatedBuildInputs = [
+  dependencies = [
     packaging
     requests
-    six
   ];
 
+  pythonImportsCheck = [ "pynetbox" ];
+
   nativeCheckInputs = [
     pytestCheckHook
     pyyaml

pkgs/development/python-modules/pyreadstat/default.nix

@@ -9,13 +9,14 @@
   python,
   pythonOlder,
   readstat,
+  setuptools,
   zlib,
 }:
 
 buildPythonPackage rec {
   pname = "pyreadstat";
-  version = "1.2.6";
-  format = "setuptools";
+  version = "1.2.7";
+  pyproject = true;
 
   disabled = pythonOlder "3.7";
 
@@ -23,14 +24,17 @@ buildPythonPackage rec {
     owner = "Roche";
     repo = "pyreadstat";
     rev = "refs/tags/v${version}";
-    hash = "sha256-VcPpGRrE/5udNijodO88Lw69JPOm6ZN7BZb4xD34srQ=";
+    hash = "sha256-XuLFLpZbaCj/MHq0+l6GoNqR5nAldAlEJhoO5ioWYTA=";
   };
 
-  nativeBuildInputs = [ cython ];
+  build-system = [
+    cython
+    setuptools
+  ];
 
   buildInputs = [ zlib ] ++ lib.optionals stdenv.isDarwin [ libiconv ];
 
-  propagatedBuildInputs = [
+  dependencies = [
     readstat
     pandas
   ];

pkgs/development/web/bun/default.nix

@@ -12,7 +12,7 @@
 }:
 
 stdenvNoCC.mkDerivation rec {
-  version = "1.1.20";
+  version = "1.1.27";
   pname = "bun";
 
   src = passthru.sources.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system: ${stdenvNoCC.hostPlatform.system}");
@@ -51,19 +51,19 @@ stdenvNoCC.mkDerivation rec {
     sources = {
       "aarch64-darwin" = fetchurl {
         url = "https://github.com/oven-sh/bun/releases/download/bun-v${version}/bun-darwin-aarch64.zip";
-        hash = "sha256-ErutjiXBjC9GDvb0F39AgbbsSo6zhRzpDEvDor/xRbI=";
+        hash = "sha256-I/axYOXXLU5V+82jfNwsmhjwGOMkK+e5Sx7pKqQlvBE=";
       };
       "aarch64-linux" = fetchurl {
         url = "https://github.com/oven-sh/bun/releases/download/bun-v${version}/bun-linux-aarch64.zip";
-        hash = "sha256-vqL/H5t0elgT9fSk0Op7Td69eP9WPY2XVo1a8sraTwM=";
+        hash = "sha256-LvIjCWx7fd0EOLEY9qy26SS5/5ztAvEPKdv8mUG+TCA=";
       };
       "x86_64-darwin" = fetchurl {
         url = "https://github.com/oven-sh/bun/releases/download/bun-v${version}/bun-darwin-x64-baseline.zip";
-        hash = "sha256-5PLk8q3di5TW8HUfo7P3xrPWLhleAiSv9jp2XeL47Kk=";
+        hash = "sha256-/YgDnB8m0ZhkKpqPvFL8Hd6IBitySD+jMOJCn/7xxG8=";
       };
       "x86_64-linux" = fetchurl {
         url = "https://github.com/oven-sh/bun/releases/download/bun-v${version}/bun-linux-x64.zip";
-        hash = "sha256-bLcK0DSaLOzJSrIRPNHQeld5qud8ccqxzyDIgawMB3U=";
+        hash = "sha256-Ir0EQH+bnHPwOTakrO/ZQ6pyeOWvhu5bK5j+YLN8Myc=";
       };
     };
     updateScript = writeShellScript "update-bun" ''

pkgs/top-level/all-packages.nix

@@ -7436,10 +7436,6 @@ with pkgs;
 
   zeekscript = callPackage ../tools/security/zeekscript { };
 
-  zoekt = callPackage ../tools/text/zoekt {
-    buildGoModule = buildGo121Module;
-  };
-
   zonemaster-cli = perlPackages.ZonemasterCLI;
 
   zotero-translation-server = callPackage ../tools/misc/zotero-translation-server { };
@@ -13029,8 +13025,6 @@ with pkgs;
 
   teip = callPackage ../tools/text/teip { };
 
-  telegraf = callPackage ../servers/monitoring/telegraf { };
-
   inherit (callPackages ../servers/teleport {
     inherit (darwin.apple_sdk.frameworks) CoreFoundation Security AppKit;
   }) teleport_14 teleport_15 teleport_16 teleport;