nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-17 09:34:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2023-04-22 00:12:21 +00:00 committed by GitHub
commit 7e5fb3ab47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
234 changed files with 7619 additions and 4419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/CODEOWNERS vendored
View File

@ -90,6 +90,9 @@
# NixOS integration test driver
/nixos/lib/test-driver @tfc
# NixOS QEMU virtualisation
/nixos/virtualisation/qemu-vm.nix @raitobezarius
# Systemd
/nixos/modules/system/boot/systemd.nix @NixOS/systemd
/nixos/modules/system/boot/systemd @NixOS/systemd
@ -139,7 +142,7 @@
# C compilers
/pkgs/development/compilers/gcc @matthewbauer
/pkgs/development/compilers/llvm @matthewbauer
/pkgs/development/compilers/llvm @matthewbauer @RaitoBezarius
# Compatibility stuff
/pkgs/top-level/unix-tools.nix @matthewbauer

33
maintainers/maintainer-list.nix
View File

@ -101,6 +101,13 @@
github = "0xd61";
githubId = 8351869;
};
_0xMRTT = {
email = "0xMRTT@proton.me";
name = "0xMRTT";
github = "0xMRTT";
githubId = 105598867;
matrix = "@0xmrtt:envs.net";
};
_1000101 = {
email = "b1000101@pm.me";
github = "1000101";
@ -3518,10 +3525,16 @@
};
davidcromp = {
email = "davidcrompton1192@gmail.com";
github = "DavidCromp";
github = "CyborgPotato";
githubId = 10701143;
name = "David Crompton";
};
david-hamelin = {
email = "david.hamelin@outlook.fr";
github = "HamelinDavid";
githubId = 118536343;
name = "David Hamelin";
};
davidrusu = {
email = "davidrusu.me@gmail.com";
github = "davidrusu";
@ -8411,7 +8424,7 @@
};
kristian-brucaj = {
email = "kbrucaj@gmail.com";
github = "Kristian-Brucaj";
github = "Flameslice";
githubId = 8893110;
name = "Kristian Brucaj";
};
@ -9584,7 +9597,7 @@
mateodd25 = {
email = "mateodd@icloud.com";
github = "mateodd25";
githubId = 854770;
githubId = 7878181;
name = "Mateo Diaz";
};
math-42 = {
@ -11900,6 +11913,16 @@
githubId = 26949935;
name = "Pierce Bartine";
};
pbek = {
email = "patrizio@bekerle.com";
matrix = "@patrizio:bekerle.com";
github = "pbek";
githubId = 1798101;
name = "Patrizio Bekerle";
keys = [{
fingerprint = "E005 48D5 D6AC 812C AAD2 AFFA 9C42 B05E 5913 60DC";
}];
};
pblkt = {
email = "pebblekite@gmail.com";
github = "pblkt";
@ -14361,7 +14384,7 @@
name = "Smitty van Bodegom";
email = "me@smitop.com";
matrix = "@smitop:kde.org";
github = "Smittyvb";
github = "syvb";
githubId = 10530973;
};
sna = {
@ -17333,7 +17356,7 @@
zseri = {
name = "zseri";
email = "zseri.devel@ytrizja.de";
github = "zseri";
github = "fogti";
githubId = 1618343;
keys = [{
fingerprint = "7AFB C595 0D3A 77BD B00F 947B 229E 63AE 5644 A96D";

92
nixos/modules/config/users-groups.nix
View File

@ -428,6 +428,8 @@ let
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid";
sdInitrdUidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) config.boot.initrd.systemd.users) "uid";
sdInitrdGidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) config.boot.initrd.systemd.groups) "gid";
spec = pkgs.writeText "users-groups.json" (builtins.toJSON {
inherit (cfg) mutableUsers;
@ -534,6 +536,54 @@ in {
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
'';
};
# systemd initrd
boot.initrd.systemd.users = mkOption {
visible = false;
description = ''
Users to include in initrd.
'';
default = {};
type = types.attrsOf (types.submodule ({ name, ... }: {
options.uid = mkOption {
visible = false;
type = types.int;
description = ''
ID of the user in initrd.
'';
defaultText = literalExpression "config.users.users.\${name}.uid";
default = cfg.users.${name}.uid;
};
options.group = mkOption {
visible = false;
type = types.singleLineStr;
description = ''
Group the user belongs to in initrd.
'';
defaultText = literalExpression "config.users.users.\${name}.group";
default = cfg.users.${name}.group;
};
}));
};
boot.initrd.systemd.groups = mkOption {
visible = false;
description = ''
Groups to include in initrd.
'';
default = {};
type = types.attrsOf (types.submodule ({ name, ... }: {
options.gid = mkOption {
visible = false;
type = types.int;
description = ''
ID of the group in initrd.
'';
defaultText = literalExpression "config.users.groups.\${name}.gid";
default = cfg.groups.${name}.gid;
};
}));
};
};
@ -639,10 +689,52 @@ in {
"/etc/profiles/per-user/$USER"
];
# systemd initrd
boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {
contents = {
"/etc/passwd".text = ''
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let
g = config.boot.initrd.systemd.groups.${group};
in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)}
'';
"/etc/group".text = ''
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}
'';
};
users = {
root = {};
nobody = {};
};
groups = {
root = {};
nogroup = {};
systemd-journal = {};
tty = {};
dialout = {};
kmem = {};
input = {};
video = {};
render = {};
sgx = {};
audio = {};
video = {};
lp = {};
disk = {};
cdrom = {};
tape = {};
kvm = {};
};
};
assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
message = "UIDs and GIDs must be unique!";
}
{ assertion = !cfg.enforceIdUniqueness || (sdInitrdUidsAreUnique && sdInitrdGidsAreUnique);
message = "systemd initrd UIDs and GIDs must be unique!";
}
{ # If mutableUsers is false, to prevent users creating a
# configuration that locks them out of the system, ensure that
# there is at least one "privileged" account that has a

11
nixos/modules/services/hardware/udev.nix
View File

@ -16,16 +16,6 @@ let
'';
# networkd link files are used early by udev to set up interfaces early.
# This must be done in stage 1 to avoid race conditions between udev and
# network daemons.
# TODO move this into the initrd-network module when it exists
initrdLinkUnits = pkgs.runCommand "initrd-link-units" {} ''
mkdir -p $out
ln -s ${udev}/lib/systemd/network/*.link $out/
${lib.concatMapStringsSep "\n" (file: "ln -s ${file} $out/") (lib.mapAttrsToList (n: v: "${v.unit}/${n}") (lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units))}
'';
extraUdevRules = pkgs.writeTextFile {
name = "extra-udev-rules";
text = cfg.extraRules;
@ -398,7 +388,6 @@ in
systemd = config.boot.initrd.systemd.package;
binPackages = config.boot.initrd.services.udev.binPackages ++ [ config.boot.initrd.systemd.contents."/bin".source ];
};
"/etc/systemd/network".source = initrdLinkUnits;
};
# Insert initrd rules
boot.initrd.services.udev.packages = [

5
nixos/modules/services/networking/netbird.nix
View File

@ -41,9 +41,10 @@ in {
documentation = [ "https://netbird.io/docs/" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
openresolv
];
serviceConfig = {
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
DynamicUser = true;
Environment = [
"NB_CONFIG=/var/lib/netbird/config.json"
"NB_LOG_FILE=console"

2
nixos/modules/services/security/authelia.nix
View File

@ -336,7 +336,7 @@ in
ProtectProc = "noaccess";
ProtectSystem = "strict";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;

21
nixos/modules/services/system/dbus.nix
View File

@ -14,13 +14,17 @@ let
serviceDirectories = cfg.packages;
};
inherit (lib) mkOption mkIf mkMerge types;
inherit (lib) mkOption mkEnableOption mkIf mkMerge types;
in
{
options = {
boot.initrd.systemd.dbus = {
enable = mkEnableOption (lib.mdDoc "dbus in stage 1") // { visible = false; };
};
services.dbus = {
enable = mkOption {
@ -111,6 +115,21 @@ in
];
}
(mkIf config.boot.initrd.systemd.dbus.enable {
boot.initrd.systemd = {
users.messagebus = { };
groups.messagebus = { };
contents."/etc/dbus-1".source = pkgs.makeDBusConf {
inherit (cfg) apparmor;
suidHelper = "/bin/false";
serviceDirectories = [ pkgs.dbus ];
};
packages = [ pkgs.dbus ];
storePaths = [ "${pkgs.dbus}/bin/dbus-daemon" ];
targets.sockets.wants = [ "dbus.socket" ];
};
})
(mkIf (cfg.implementation == "dbus") {
environment.systemPackages = [
pkgs.dbus

4
nixos/modules/services/web-apps/nextcloud.md
View File

@ -132,7 +132,9 @@ Auto updates for Nextcloud apps can be enabled using
Nextcloud supports [server-side encryption (SSE)](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html).
This is not an end-to-end encryption, but can be used to encrypt files that will be persisted
to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3
for PHP's openssl extension because this is implemented using the legacy cipher RC4.
for PHP's openssl extension and **Nextcloud 25 or older** because this is implemented using the
legacy cipher RC4. For Nextcloud26 this isn't relevant anymore, because Nextcloud has an RC4 implementation
written in native PHP and thus doesn't need `ext-openssl` for that anymore.
If [](#opt-system.stateVersion) is *above* `22.05`,
this is disabled by default. To turn it on again and for further information please refer to
[](#opt-services.nextcloud.enableBrokenCiphersForSSE).

6
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -204,7 +204,7 @@ in {
package = mkOption {
type = types.package;
description = lib.mdDoc "Which package to use for the Nextcloud instance.";
relatedPackages = [ "nextcloud24" "nextcloud25" "nextcloud26" ];
relatedPackages = [ "nextcloud25" "nextcloud26" ];
};
phpPackage = mkOption {
type = types.package;
@ -712,6 +712,10 @@ in {
See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470
'')
++ (optional (cfg.enableBrokenCiphersForSSE && versionAtLeast cfg.package.version "26") ''
Nextcloud26 supports RC4 without requiring legacy OpenSSL, so
`services.nextcloud.enableBrokenCiphersForSSE` can be set to `false`.
'');
services.nextcloud.package = with pkgs;

4
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -318,7 +318,7 @@ let
listenString = { addr, port, ssl, extraParameters ? [], ... }:
# UDP listener for QUIC transport protocol.
(optionalString (ssl && vhost.quic) "
(optionalString (ssl && vhost.quic) ("
listen ${addr}:${toString port} quic "
+ optionalString vhost.default "default_server "
+ optionalString vhost.reuseport "reuseport "
@ -326,7 +326,7 @@ let
let inCompatibleParameters = [ "ssl" "proxy_protocol" "http2" ];
isCompatibleParameter = param: !(any (p: p == param) inCompatibleParameters);
in filter isCompatibleParameter extraParameters))
+ ";")
+ ";"))
+ "
listen ${addr}:${toString port} "

6
nixos/modules/system/boot/initrd-network.nix
View File

@ -67,11 +67,15 @@ in
boot.initrd.network.flushBeforeStage2 = mkOption {
type = types.bool;
default = true;
default = !config.boot.initrd.systemd.enable;
defaultText = "!config.boot.initrd.systemd.enable";
description = lib.mdDoc ''
Whether to clear the configuration of the interfaces that were set up in
the initrd right before stage 2 takes over. Stage 2 will do the regular network
configuration based on the NixOS networking options.
The default is false when systemd is enabled in initrd,
because the systemd-networkd documentation suggests it.
'';
};

21
nixos/modules/system/boot/initrd-openvpn.nix
View File

@ -51,7 +51,7 @@ in
# Add openvpn and ip binaries to the initrd
# The shared libraries are required for DNS resolution
boot.initrd.extraUtilsCommands = ''
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${pkgs.openvpn}/bin/openvpn
copy_bin_and_libs ${pkgs.iproute2}/bin/ip
@ -59,18 +59,33 @@ in
cp -pv ${pkgs.glibc}/lib/libnss_dns.so.2 $out/lib
'';
boot.initrd.systemd.storePaths = [
"${pkgs.openvpn}/bin/openvpn"
"${pkgs.iproute2}/bin/ip"
"${pkgs.glibc}/lib/libresolv.so.2"
"${pkgs.glibc}/lib/libnss_dns.so.2"
];
boot.initrd.secrets = {
"/etc/initrd.ovpn" = cfg.configuration;
};
# openvpn --version would exit with 1 instead of 0
boot.initrd.extraUtilsCommandsTest = ''
boot.initrd.extraUtilsCommandsTest = mkIf (!config.boot.initrd.systemd.enable) ''
$out/bin/openvpn --show-gateway
'';
boot.initrd.network.postCommands = ''
boot.initrd.network.postCommands = mkIf (!config.boot.initrd.systemd.enable) ''
openvpn /etc/initrd.ovpn &
'';
boot.initrd.systemd.services.openvpn = {
wantedBy = [ "initrd.target" ];
path = [ pkgs.iproute2 ];
after = [ "network.target" "initrd-nixos-copy-secrets.service" ];
serviceConfig.ExecStart = "${pkgs.openvpn}/bin/openvpn /etc/initrd.ovpn";
serviceConfig.Type = "notify";
};
};
}

64
nixos/modules/system/boot/initrd-ssh.nix
View File

@ -5,6 +5,10 @@ with lib;
let
cfg = config.boot.initrd.network.ssh;
shell = if cfg.shell == null then "/bin/ash" else cfg.shell;
inherit (config.programs.ssh) package;
enabled = let initrd = config.boot.initrd; in (initrd.network.enable || initrd.systemd.network.enable) && cfg.enable;
in
@ -33,8 +37,9 @@ in
};
shell = mkOption {
type = types.str;
default = "/bin/ash";
type = types.nullOr types.str;
default = null;
defaultText = ''"/bin/ash"'';
description = lib.mdDoc ''
Login shell of the remote user. Can be used to limit actions user can do.
'';
@ -119,9 +124,11 @@ in
sshdCfg = config.services.openssh;
sshdConfig = ''
UsePAM no
Port ${toString cfg.port}
PasswordAuthentication no
AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u
ChallengeResponseAuthentication no
${flip concatMapStrings cfg.hostKeys (path: ''
@ -142,7 +149,7 @@ in
${cfg.extraConfig}
'';
in mkIf (config.boot.initrd.network.enable && cfg.enable) {
in mkIf enabled {
assertions = [
{
assertion = cfg.authorizedKeys != [];
@ -157,14 +164,19 @@ in
for instructions.
'';
}
{
assertion = config.boot.initrd.systemd.enable -> cfg.shell == null;
message = "systemd stage 1 does not support boot.initrd.network.ssh.shell";
}
];
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.openssh}/bin/sshd
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${package}/bin/sshd
cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib
'';
boot.initrd.extraUtilsCommandsTest = ''
boot.initrd.extraUtilsCommandsTest = mkIf (!config.boot.initrd.systemd.enable) ''
# sshd requires a host key to check config, so we pass in the test's
tmpkey="$(mktemp initrd-ssh-testkey.XXXXXXXXXX)"
cp "${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}" "$tmpkey"
@ -176,9 +188,9 @@ in
rm "$tmpkey"
'';
boot.initrd.network.postCommands = ''
echo '${cfg.shell}' > /etc/shells
echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd
boot.initrd.network.postCommands = mkIf (!config.boot.initrd.systemd.enable) ''
echo '${shell}' > /etc/shells
echo 'root:x:0:0:root:/root:${shell}' > /etc/passwd
echo 'sshd:x:1:1:sshd:/var/empty:/bin/nologin' >> /etc/passwd
echo 'passwd: files' > /etc/nsswitch.conf
@ -204,7 +216,7 @@ in
/bin/sshd -e
'';
boot.initrd.postMountCommands = ''
boot.initrd.postMountCommands = mkIf (!config.boot.initrd.systemd.enable) ''
# Stop sshd cleanly before stage 2.
#
# If you want to keep it around to debug post-mount SSH issues,
@ -217,6 +229,38 @@ in
boot.initrd.secrets = listToAttrs
(map (path: nameValuePair (initrdKeyPath path) path) cfg.hostKeys);
# Systemd initrd stuff
boot.initrd.systemd = mkIf config.boot.initrd.systemd.enable {
users.sshd = { uid = 1; group = "sshd"; };
groups.sshd = { gid = 1; };
contents."/etc/ssh/authorized_keys.d/root".text =
concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;
contents."/etc/ssh/sshd_config".text = sshdConfig;
storePaths = ["${package}/bin/sshd"];
services.sshd = {
description = "SSH Daemon";
wantedBy = ["initrd.target"];
after = ["network.target" "initrd-nixos-copy-secrets.service"];
# Keys from Nix store are world-readable, which sshd doesn't
# like. If this were a real nix store and not the initrd, we
# neither would nor could do this
preStart = flip concatMapStrings cfg.hostKeys (path: ''
/bin/chmod 0600 "${initrdKeyPath path}"
'');
unitConfig.DefaultDependencies = false;
serviceConfig = {
ExecStart = "${package}/bin/sshd -D -f /etc/ssh/sshd_config";
Type = "simple";
KillMode = "process";
Restart = "on-failure";
};
};
};
};
}

168
nixos/modules/system/boot/networkd.nix
View File

@ -6,8 +6,6 @@ with lib;
let
cfg = config.systemd.network;
check = {
global = {
@ -2941,14 +2939,12 @@ let
+ def.extraConfig;
};
unitFiles = listToAttrs (map (name: {
name = "systemd/network/${name}";
mkUnitFiles = prefix: cfg: listToAttrs (map (name: {
name = "${prefix}systemd/network/${name}";
value.source = "${cfg.units.${name}.unit}/${name}";
}) (attrNames cfg.units));
in
{
options = {
commonOptions = {
systemd.network.enable = mkOption {
default = false;
@ -3051,12 +3047,11 @@ in
};
config = mkMerge [
commonConfig = config: let cfg = config.systemd.network; in mkMerge [
# .link units are honored by udev, no matter if systemd-networkd is enabled or not.
{
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links;
environment.etc = unitFiles;
systemd.network.wait-online.extraArgs =
[ "--timeout=${toString cfg.wait-online.timeout}" ]
@ -3066,14 +3061,6 @@ in
(mkIf config.systemd.network.enable {
users.users.systemd-network.group = "systemd-network";
systemd.additionalUpstreamSystemUnits = [
"systemd-networkd-wait-online.service"
"systemd-networkd.service"
"systemd-networkd.socket"
];
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks;
@ -3082,14 +3069,6 @@ in
# networkd.
systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ];
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
aliases = [ "dbus-org.freedesktop.network1.service" ];
restartTriggers = map (x: x.source) (attrValues unitFiles) ++ [
config.environment.etc."systemd/networkd.conf".source
];
};
systemd.services.systemd-networkd-wait-online = {
inherit (cfg.wait-online) enable;
wantedBy = [ "network-online.target" ];
@ -3111,8 +3090,37 @@ in
};
};
})
];
stage2Config = let
cfg = config.systemd.network;
unitFiles = mkUnitFiles "" cfg;
in mkMerge [
(commonConfig config)
{ environment.etc = unitFiles; }
(mkIf config.systemd.network.enable {
users.users.systemd-network.group = "systemd-network";
systemd.additionalUpstreamSystemUnits = [
"systemd-networkd-wait-online.service"
"systemd-networkd.service"
"systemd-networkd.socket"
];
environment.etc."systemd/networkd.conf" = renderConfig cfg.config;
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
restartTriggers = map (x: x.source) (attrValues unitFiles) ++ [
config.environment.etc."systemd/networkd.conf".source
];
aliases = [ "dbus-org.freedesktop.network1.service" ];
};
networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) {
enable = mkDefault true;
rttablesExtraConfig = ''
@ -3123,6 +3131,116 @@ in
};
services.resolved.enable = mkDefault true;
})
];
stage1Config = let
cfg = config.boot.initrd.systemd.network;
in mkMerge [
(commonConfig config.boot.initrd)
{
systemd.network.enable = mkDefault config.boot.initrd.network.enable;
systemd.contents = mkUnitFiles "/etc/" cfg;
# Networkd link files are used early by udev to set up interfaces early.
# This must be done in stage 1 to avoid race conditions between udev and
# network daemons.
systemd.network.units = lib.filterAttrs (n: _: hasSuffix ".link" n) config.systemd.network.units;
systemd.storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/network/99-default.link"];
}
(mkIf cfg.enable {
systemd.package = pkgs.systemdStage1Network;
# For networkctl
systemd.dbus.enable = mkDefault true;
systemd.additionalUpstreamUnits = [
"systemd-networkd-wait-online.service"
"systemd-networkd.service"
"systemd-networkd.socket"
"systemd-network-generator.service"
"network-online.target"
"network-pre.target"
"network.target"
"nss-lookup.target"
"nss-user-lookup.target"
"remote-fs-pre.target"
"remote-fs.target"
];
systemd.users.systemd-network = {};
systemd.groups.systemd-network = {};
systemd.contents."/etc/systemd/networkd.conf" = renderConfig cfg.config;
systemd.services.systemd-networkd.wantedBy = [ "initrd.target" ];
systemd.services.systemd-network-generator.wantedBy = [ "sysinit.target" ];
systemd.storePaths = [
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd"
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-networkd-wait-online"
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-network-generator"
];
kernelModules = [ "af_packet" ];
systemd.services.nixos-flush-networkd = mkIf config.boot.initrd.network.flushBeforeStage2 {
description = "Flush Network Configuration";
wantedBy = ["initrd.target"];
after = ["systemd-networkd.service" "dbus.socket" "dbus.service"];
before = ["shutdown.target" "initrd-switch-root.target"];
conflicts = ["shutdown.target" "initrd-switch-root.target"];
unitConfig.DefaultDependencies = false;
serviceConfig = {
# This service does nothing when starting, but brings down
# interfaces when switching root. This is the easiest way to
# ensure proper ordering while stopping. See systemd.unit(5)
# section on Before= and After=. The important part is that
# we are stopped before units we need, like dbus.service,
# and that we are stopped before starting units like
# initrd-switch-root.target
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "/bin/true";
};
# systemd-networkd doesn't bring down interfaces on its own
# when it exits (see: systemd-networkd(8)), so we have to do
# it ourselves. The networkctl command doesn't have a way to
# bring all interfaces down, so we have to iterate over the
# list and filter out unmanaged interfaces to bring them down
# individually.
preStop = ''
networkctl list --full --no-legend | while read _idx link _type _operational setup _; do
[ "$setup" = unmanaged ] && continue
networkctl down "$link"
done
'';
};
})
];
in
{
options = commonOptions // {
boot.initrd = commonOptions;
};
config = mkMerge [
stage2Config
(mkIf config.boot.initrd.systemd.enable {
assertions = [{
assertion = config.boot.initrd.network.udhcpc.extraArgs == [];
message = ''
boot.initrd.network.udhcpc.extraArgs is not supported when
boot.initrd.systemd.enable is enabled
'';
}];
boot.initrd = stage1Config;
})
];
}

3
nixos/modules/system/boot/stage-1.nix
View File

@ -445,7 +445,8 @@ let
) config.boot.initrd.secrets)
}
(cd "$tmp" && find . -print0 | sort -z | bsdtar --uid 0 --gid 0 -cnf - -T - | bsdtar --null -cf - --format=newc @-) | \
# mindepth 1 so that we don't change the mode of /
(cd "$tmp" && find . -mindepth 1 -print0 | sort -z | bsdtar --uid 0 --gid 0 -cnf - -T - | bsdtar --null -cf - --format=newc @-) | \
${compressorExe} ${lib.escapeShellArgs initialRamdisk.compressorArgs} >> "$1"
'';

4
nixos/modules/system/boot/systemd/initrd-secrets.nix
View File

@ -19,13 +19,13 @@
# drop this service, we'd mount the /run tmpfs over the secret, making it
# invisible in stage 2.
script = ''
for secret in $(cd /.initrd-secrets; find . -type f); do
for secret in $(cd /.initrd-secrets; find . -type f -o -type l); do
mkdir -p "$(dirname "/$secret")"
cp "/.initrd-secrets/$secret" "/$secret"
done
'';
unitConfig = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};

17
nixos/modules/system/boot/systemd/initrd.nix
View File

@ -72,15 +72,6 @@ let
"systemd-tmpfiles-setup.service"
"timers.target"
"umount.target"
# TODO: Networking
# "network-online.target"
# "network-pre.target"
# "network.target"
# "nss-lookup.target"
# "nss-user-lookup.target"
# "remote-fs-pre.target"
# "remote-fs.target"
] ++ cfg.additionalUpstreamUnits;
upstreamWants = [
@ -378,7 +369,7 @@ in {
"/etc/systemd/system.conf".text = ''
[Manager]
DefaultEnvironment=PATH=/bin:/sbin ${optionalString (isBool cfg.emergencyAccess && cfg.emergencyAccess) "SYSTEMD_SULOGIN_FORCE=1"}
DefaultEnvironment=PATH=/bin:/sbin
${cfg.extraConfig}
ManagerEnvironment=${lib.concatStringsSep " " (lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment)}
'';
@ -388,8 +379,10 @@ in {
"/etc/modules-load.d/nixos.conf".text = concatStringsSep "\n" config.boot.initrd.kernelModules;
"/etc/passwd".source = "${pkgs.fakeNss}/etc/passwd";
"/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then "!" else cfg.emergencyAccess}:::::::";
# We can use either ! or * to lock the root account in the
# console, but some software like OpenSSH won't even allow you
# to log in with an SSH key if you use ! so we use * instead
"/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then optionalString (!cfg.emergencyAccess) "*" else cfg.emergencyAccess}:::::::";
"/bin".source = "${initrdBinEnv}/bin";
"/sbin".source = "${initrdBinEnv}/sbin";

302
nixos/modules/tasks/network-interfaces-systemd.nix
View File

@ -28,11 +28,164 @@ let
# TODO: warn the user that any address configured on those interfaces will be useless
++ concatMap (i: attrNames (filterAttrs (_: config: config.type != "internal") i.interfaces)) (attrValues cfg.vswitches);
domains = cfg.search ++ (optional (cfg.domain != null) cfg.domain);
genericNetwork = override:
let gateway = optional (cfg.defaultGateway != null && (cfg.defaultGateway.address or "") != "") cfg.defaultGateway.address
++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "") cfg.defaultGateway6.address;
makeGateway = gateway: {
routeConfig = {
Gateway = gateway;
GatewayOnLink = false;
};
};
in optionalAttrs (gateway != [ ]) {
routes = override (map makeGateway gateway);
} // optionalAttrs (domains != [ ]) {
domains = override domains;
};
genericDhcpNetworks = initrd: mkIf cfg.useDHCP {
networks."99-ethernet-default-dhcp" = {
# We want to match physical ethernet interfaces as commonly
# found on laptops, desktops and servers, to provide an
# "out-of-the-box" setup that works for common cases. This
# heuristic isn't perfect (it could match interfaces with
# custom names that _happen_ to start with en or eth), but
# should be good enough to make the common case easy and can
# be overridden on a case-by-case basis using
# higher-priority networks or by disabling useDHCP.
# Type=ether matches veth interfaces as well, and this is
# more likely to result in interfaces being configured to
# use DHCP when they shouldn't.
# When wait-online.anyInterface is enabled, RequiredForOnline really
# means "sufficient for online", so we can enable it.
# Otherwise, don't block the network coming online because of default networks.
matchConfig.Name = ["en*" "eth*"];
DHCP = "yes";
linkConfig.RequiredForOnline =
lib.mkDefault (if initrd
then config.boot.initrd.systemd.network.wait-online.anyInterface
else config.systemd.network.wait-online.anyInterface);
networkConfig.IPv6PrivacyExtensions = "kernel";
};
networks."99-wireless-client-dhcp" = {
# Like above, but this is much more likely to be correct.
matchConfig.WLANInterfaceType = "station";
DHCP = "yes";
linkConfig.RequiredForOnline =
lib.mkDefault config.systemd.network.wait-online.anyInterface;
networkConfig.IPv6PrivacyExtensions = "kernel";
# We also set the route metric to one more than the default
# of 1024, so that Ethernet is preferred if both are
# available.
dhcpV4Config.RouteMetric = 1025;
ipv6AcceptRAConfig.RouteMetric = 1025;
};
};
interfaceNetworks = mkMerge (forEach interfaces (i: {
netdevs = mkIf i.virtual ({
"40-${i.name}" = {
netdevConfig = {
Name = i.name;
Kind = i.virtualType;
};
"${i.virtualType}Config" = optionalAttrs (i.virtualOwner != null) {
User = i.virtualOwner;
};
};
});
networks."40-${i.name}" = mkMerge [ (genericNetwork id) {
name = mkDefault i.name;
DHCP = mkForce (dhcpStr
(if i.useDHCP != null then i.useDHCP else false));
address = forEach (interfaceIps i)
(ip: "${ip.address}/${toString ip.prefixLength}");
routes = forEach (interfaceRoutes i)
(route: {
# Most of these route options have not been tested.
# Please fix or report any mistakes you may find.
routeConfig =
optionalAttrs (route.address != null && route.prefixLength != null) {
Destination = "${route.address}/${toString route.prefixLength}";
} //
optionalAttrs (route.options ? fastopen_no_cookie) {
FastOpenNoCookie = route.options.fastopen_no_cookie;
} //
optionalAttrs (route.via != null) {
Gateway = route.via;
} //
optionalAttrs (route.type != null) {
Type = route.type;
} //
optionalAttrs (route.options ? onlink) {
GatewayOnLink = true;
} //
optionalAttrs (route.options ? initrwnd) {
InitialAdvertisedReceiveWindow = route.options.initrwnd;
} //
optionalAttrs (route.options ? initcwnd) {
InitialCongestionWindow = route.options.initcwnd;
} //
optionalAttrs (route.options ? pref) {
IPv6Preference = route.options.pref;
} //
optionalAttrs (route.options ? mtu) {
MTUBytes = route.options.mtu;
} //
optionalAttrs (route.options ? metric) {
Metric = route.options.metric;
} //
optionalAttrs (route.options ? src) {
PreferredSource = route.options.src;
} //
optionalAttrs (route.options ? protocol) {
Protocol = route.options.protocol;
} //
optionalAttrs (route.options ? quickack) {
QuickAck = route.options.quickack;
} //
optionalAttrs (route.options ? scope) {
Scope = route.options.scope;
} //
optionalAttrs (route.options ? from) {
Source = route.options.from;
} //
optionalAttrs (route.options ? table) {
Table = route.options.table;
} //
optionalAttrs (route.options ? advmss) {
TCPAdvertisedMaximumSegmentSize = route.options.advmss;
} //
optionalAttrs (route.options ? ttl-propagate) {
TTLPropagate = route.options.ttl-propagate == "enabled";
};
});
networkConfig.IPv6PrivacyExtensions = "kernel";
linkConfig = optionalAttrs (i.macAddress != null) {
MACAddress = i.macAddress;
} // optionalAttrs (i.mtu != null) {
MTUBytes = toString i.mtu;
};
}];
}));
in
{
config = mkMerge [
config = mkIf cfg.useNetworkd {
(mkIf config.boot.initrd.network.enable {
# Note this is if initrd.network.enable, not if
# initrd.systemd.network.enable. By setting the latter and not the
# former, the user retains full control over the configuration.
boot.initrd.systemd.network = mkMerge [(genericDhcpNetworks true) interfaceNetworks];
})
(mkIf cfg.useNetworkd {
assertions = [ {
assertion = cfg.defaultGatewayWindowSize == null;
@ -54,149 +207,11 @@ in
networking.dhcpcd.enable = mkDefault false;
systemd.network =
let
domains = cfg.search ++ (optional (cfg.domain != null) cfg.domain);
genericNetwork = override:
let gateway = optional (cfg.defaultGateway != null && (cfg.defaultGateway.address or "") != "") cfg.defaultGateway.address
++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "") cfg.defaultGateway6.address;
makeGateway = gateway: {
routeConfig = {
Gateway = gateway;
GatewayOnLink = false;
};
};
in optionalAttrs (gateway != [ ]) {
routes = override (map makeGateway gateway);
} // optionalAttrs (domains != [ ]) {
domains = override domains;
};
in mkMerge [ {
mkMerge [ {
enable = true;
}
(mkIf cfg.useDHCP {
networks."99-ethernet-default-dhcp" = lib.mkIf cfg.useDHCP {
# We want to match physical ethernet interfaces as commonly
# found on laptops, desktops and servers, to provide an
# "out-of-the-box" setup that works for common cases. This
# heuristic isn't perfect (it could match interfaces with
# custom names that _happen_ to start with en or eth), but
# should be good enough to make the common case easy and can
# be overridden on a case-by-case basis using
# higher-priority networks or by disabling useDHCP.
# Type=ether matches veth interfaces as well, and this is
# more likely to result in interfaces being configured to
# use DHCP when they shouldn't.
# When wait-online.anyInterface is enabled, RequiredForOnline really
# means "sufficient for online", so we can enable it.
# Otherwise, don't block the network coming online because of default networks.
matchConfig.Name = ["en*" "eth*"];
DHCP = "yes";
linkConfig.RequiredForOnline =
lib.mkDefault config.systemd.network.wait-online.anyInterface;
networkConfig.IPv6PrivacyExtensions = "kernel";
};
networks."99-wireless-client-dhcp" = lib.mkIf cfg.useDHCP {
# Like above, but this is much more likely to be correct.
matchConfig.WLANInterfaceType = "station";
DHCP = "yes";
linkConfig.RequiredForOnline =
lib.mkDefault config.systemd.network.wait-online.anyInterface;
networkConfig.IPv6PrivacyExtensions = "kernel";
# We also set the route metric to one more than the default
# of 1024, so that Ethernet is preferred if both are
# available.
dhcpV4Config.RouteMetric = 1025;
ipv6AcceptRAConfig.RouteMetric = 1025;
};
})
(mkMerge (forEach interfaces (i: {
netdevs = mkIf i.virtual ({
"40-${i.name}" = {
netdevConfig = {
Name = i.name;
Kind = i.virtualType;
};
"${i.virtualType}Config" = optionalAttrs (i.virtualOwner != null) {
User = i.virtualOwner;
};
};
});
networks."40-${i.name}" = mkMerge [ (genericNetwork id) {
name = mkDefault i.name;
DHCP = mkForce (dhcpStr
(if i.useDHCP != null then i.useDHCP else false));
address = forEach (interfaceIps i)
(ip: "${ip.address}/${toString ip.prefixLength}");
routes = forEach (interfaceRoutes i)
(route: {
# Most of these route options have not been tested.
# Please fix or report any mistakes you may find.
routeConfig =
optionalAttrs (route.address != null && route.prefixLength != null) {
Destination = "${route.address}/${toString route.prefixLength}";
} //
optionalAttrs (route.options ? fastopen_no_cookie) {
FastOpenNoCookie = route.options.fastopen_no_cookie;
} //
optionalAttrs (route.via != null) {
Gateway = route.via;
} //
optionalAttrs (route.type != null) {
Type = route.type;
} //
optionalAttrs (route.options ? onlink) {
GatewayOnLink = true;
} //
optionalAttrs (route.options ? initrwnd) {
InitialAdvertisedReceiveWindow = route.options.initrwnd;
} //
optionalAttrs (route.options ? initcwnd) {
InitialCongestionWindow = route.options.initcwnd;
} //
optionalAttrs (route.options ? pref) {
IPv6Preference = route.options.pref;
} //
optionalAttrs (route.options ? mtu) {
MTUBytes = route.options.mtu;
} //
optionalAttrs (route.options ? metric) {
Metric = route.options.metric;
} //
optionalAttrs (route.options ? src) {
PreferredSource = route.options.src;
} //
optionalAttrs (route.options ? protocol) {
Protocol = route.options.protocol;
} //
optionalAttrs (route.options ? quickack) {
QuickAck = route.options.quickack;
} //
optionalAttrs (route.options ? scope) {
Scope = route.options.scope;
} //
optionalAttrs (route.options ? from) {
Source = route.options.from;
} //
optionalAttrs (route.options ? table) {
Table = route.options.table;
} //
optionalAttrs (route.options ? advmss) {
TCPAdvertisedMaximumSegmentSize = route.options.advmss;
} //
optionalAttrs (route.options ? ttl-propagate) {
TTLPropagate = route.options.ttl-propagate == "enabled";
};
});
networkConfig.IPv6PrivacyExtensions = "kernel";
linkConfig = optionalAttrs (i.macAddress != null) {
MACAddress = i.macAddress;
} // optionalAttrs (i.mtu != null) {
MTUBytes = toString i.mtu;
};
}];
})))
(genericDhcpNetworks false)
interfaceNetworks
(mkMerge (flip mapAttrsToList cfg.bridges (name: bridge: {
netdevs."40-${name}" = {
netdevConfig = {
@ -437,6 +452,7 @@ in
bindsTo = [ "systemd-networkd.service" ];
};
};
};
})
];
}

1
nixos/modules/virtualisation/parallels-guest.nix
View File

@ -87,7 +87,6 @@ in
bindsTo = [ "cups.service" ];
path = [ prl-tools ];
serviceConfig = {
Type = "forking";
ExecStart = "${prl-tools}/bin/prlshprint";
WorkingDirectory = "${prl-tools}/bin";
};

303
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -55,6 +55,11 @@ let
};
selectPartitionTableLayout = { useEFIBoot, useDefaultFilesystems }:
if useDefaultFilesystems then
if useEFIBoot then "efi" else "legacy"
else "none";
driveCmdline = idx: { file, driveExtraOpts, deviceExtraOpts, ... }:
let
drvId = "drive${toString idx}";
@ -98,7 +103,6 @@ let
addDeviceNames =
imap1 (idx: drive: drive // { device = driveDeviceName idx; });
# Shell script to start the VM.
startVM =
''
@ -111,8 +115,23 @@ let
NIX_DISK_IMAGE=$(readlink -f "''${NIX_DISK_IMAGE:-${toString config.virtualisation.diskImage}}") || test -z "$NIX_DISK_IMAGE"
if test -n "$NIX_DISK_IMAGE" && ! test -e "$NIX_DISK_IMAGE"; then
${qemu}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
${toString config.virtualisation.diskSize}M
echo "Disk image do not exist, creating the virtualisation disk image..."
# If we are using a bootloader and default filesystems layout.
# We have to reuse the system image layout as a backing image format (CoW)
# So we can write on the top of it.
# If we are not using the default FS layout, potentially, we are interested into
# performing operations in postDeviceCommands or at early boot on the raw device.
# We can still boot through QEMU direct kernel boot feature.
# CoW prevent size to be attributed to an image.
# FIXME: raise this issue to upstream.
${qemu}/bin/qemu-img create \
${concatStringsSep " \\\n" ([ "-f qcow2" ]
++ optional (cfg.useBootLoader && cfg.useDefaultFilesystems) "-F qcow2 -b ${systemImage}/nixos.qcow2"
++ optional (!(cfg.useBootLoader && cfg.useDefaultFilesystems)) "-o size=${toString config.virtualisation.diskSize}M"
++ [ "$NIX_DISK_IMAGE" ])}
echo "Virtualisation disk image created."
fi
# Create a directory for storing temporary data of the running VM.
@ -152,19 +171,13 @@ let
${lib.optionalString cfg.useBootLoader
''
if ${if !cfg.persistBootDevice then "true" else "! test -e $TMPDIR/disk.img"}; then
# Create a writable copy/snapshot of the boot disk.
# A writable boot disk can be booted from automatically.
${qemu}/bin/qemu-img create -f qcow2 -F qcow2 -b ${bootDisk}/disk.img "$TMPDIR/disk.img"
fi
NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${cfg.efiVars}}")
NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${config.system.name}-efi-vars.fd}")
${lib.optionalString cfg.useEFIBoot
''
# VM needs writable EFI vars
if ! test -e "$NIX_EFI_VARS"; then
cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS"
cp ${systemImage}/efi-vars.fd "$NIX_EFI_VARS"
chmod 0644 "$NIX_EFI_VARS"
fi
''}
@ -200,95 +213,29 @@ let
regInfo = pkgs.closureInfo { rootPaths = config.virtualisation.additionalPaths; };
# Generate a hard disk image containing a /boot partition and GRUB
# in the MBR. Used when the `useBootLoader' option is set.
# Uses `runInLinuxVM` to create the image in a throwaway VM.
# See note [Disk layout with `useBootLoader`].
# FIXME: use nixos/lib/make-disk-image.nix.
bootDisk =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "nixos-boot-disk"
{ preVM =
''
mkdir $out
diskImage=$out/disk.img
${qemu}/bin/qemu-img create -f qcow2 $diskImage "120M"
${lib.optionalString cfg.useEFIBoot ''
efiVars=$out/efi-vars.fd
cp ${cfg.efi.variables} $efiVars
chmod 0644 $efiVars
''}
'';
buildInputs = [ pkgs.util-linux ];
QEMU_OPTS = "-nographic -serial stdio -monitor none"
+ lib.optionalString cfg.useEFIBoot (
" -drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}"
+ " -drive if=pflash,format=raw,unit=1,file=$efiVars");
}
''
# Create a /boot EFI partition with 120M and arbitrary but fixed GUIDs for reproducibility
${pkgs.gptfdisk}/bin/sgdisk \
--set-alignment=1 --new=1:34:2047 --change-name=1:BIOSBootPartition --typecode=1:ef02 \
--set-alignment=512 --largest-new=2 --change-name=2:EFISystem --typecode=2:ef00 \
--attributes=1:set:1 \
--attributes=2:set:2 \
--disk-guid=97FD5997-D90B-4AA3-8D16-C1723AEA73C1 \
--partition-guid=1:1C06F03B-704E-4657-B9CD-681A087A2FDC \
--partition-guid=2:970C694F-AFD0-4B99-B750-CDB7A329AB6F \
--hybrid 2 \
--recompute-chs /dev/vda
${optionalString (config.boot.loader.grub.device != "/dev/vda")
# In this throwaway VM, we only have the /dev/vda disk, but the
# actual VM described by `config` (used by `switch-to-configuration`
# below) may set `boot.loader.grub.device` to a different device
# that's nonexistent in the throwaway VM.
# Create a symlink for that device, so that the `grub-install`
# by `switch-to-configuration` will hit /dev/vda anyway.
''
ln -s /dev/vda ${config.boot.loader.grub.device}
''
}
${pkgs.dosfstools}/bin/mkfs.fat -F16 /dev/vda2
export MTOOLS_SKIP_CHECK=1
${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot
# Mount /boot; load necessary modules first.
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true
${pkgs.kmod}/bin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true
mkdir /boot
mount /dev/vda2 /boot
${optionalString config.boot.loader.efi.canTouchEfiVariables ''
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
''}
# This is needed for GRUB 0.97, which doesn't know about virtio devices.
mkdir /boot/grub
echo '(hd0) /dev/vda' > /boot/grub/device.map
# This is needed for systemd-boot to find ESP, and udev is not available here to create this
mkdir -p /dev/block
ln -s /dev/vda2 /dev/block/254:2
# Set up system profile (normally done by nixos-rebuild / nix-env --set)
mkdir -p /nix/var/nix/profiles
ln -s ${config.system.build.toplevel} /nix/var/nix/profiles/system-1-link
ln -s /nix/var/nix/profiles/system-1-link /nix/var/nix/profiles/system
# Install bootloader
touch /etc/NIXOS
export NIXOS_INSTALL_BOOTLOADER=1
${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /boot
'' # */
);
# System image is akin to a complete NixOS install with
# a boot partition and root partition.
systemImage = import ../../lib/make-disk-image.nix {
inherit pkgs config lib;
additionalPaths = [ regInfo ];
format = "qcow2";
onlyNixStore = false;
partitionTableType = selectPartitionTableLayout { inherit (cfg) useDefaultFilesystems useEFIBoot; };
# Bootloader should be installed on the system image only if we are booting through bootloaders.
# Though, if a user is not using our default filesystems, it is possible to not have any ESP
# or a strange partition table that's incompatible with GRUB configuration.
# As a consequence, this may lead to disk image creation failures.
# To avoid this, we prefer to let the user find out about how to install the bootloader on its ESP/disk.
# Usually, this can be through building your own disk image.
# TODO: If a user is interested into a more fine grained heuristic for `installBootLoader`
# by examining the actual contents of `cfg.fileSystems`, please send a PR.
installBootLoader = cfg.useBootLoader && cfg.useDefaultFilesystems;
touchEFIVars = cfg.useEFIBoot;
diskSize = "auto";
additionalSpace = "0M";
copyChannel = false;
OVMF = cfg.efi.OVMF;
};
storeImage = import ../../lib/make-disk-image.nix {
inherit pkgs config lib;
@ -297,17 +244,42 @@ let
onlyNixStore = true;
partitionTableType = "none";
installBootLoader = false;
touchEFIVars = false;
diskSize = "auto";
additionalSpace = "0M";
copyChannel = false;
};
bootConfiguration =
if cfg.useDefaultFilesystems
then
if cfg.useBootLoader
then
if cfg.useEFIBoot then "efi_bootloading_with_default_fs"
else "legacy_bootloading_with_default_fs"
else
"direct_boot_with_default_fs"
else
"custom";
suggestedRootDevice = {
"efi_bootloading_with_default_fs" = "${cfg.bootLoaderDevice}2";
"legacy_bootloading_with_default_fs" = "${cfg.bootLoaderDevice}1";
"direct_boot_with_default_fs" = cfg.bootLoaderDevice;
# This will enforce a NixOS module type checking error
# to ask explicitly the user to set a rootDevice.
# As it will look like `rootDevice = lib.mkDefault null;` after
# all "computations".
"custom" = null;
}.${bootConfiguration};
in
{
imports = [
../profiles/qemu-guest.nix
(mkRenamedOptionModule [ "virtualisation" "pathsInNixDB" ] [ "virtualisation" "additionalPaths" ])
(mkRemovedOptionModule [ "virtualisation" "bootDevice" ] "This option was renamed to `virtualisation.rootDevice`, as it was incorrectly named and misleading. Take the time to review what you want to do and look at the new options like `virtualisation.{bootLoaderDevice, bootPartition}`, open an issue in case of issues.")
(mkRemovedOptionModule [ "virtualisation" "efiVars" ] "This option was removed, it is possible to provide a template UEFI variable with `virtualisation.efi.variables` ; if this option is important to you, open an issue")
(mkRemovedOptionModule [ "virtualisation" "persistBootDevice" ] "Boot device is always persisted if you use a bootloader through the root disk image ; if this does not work for your usecase, please examine carefully what `virtualisation.{bootDevice, rootDevice, bootPartition}` options offer you and open an issue explaining your need.`")
];
options = {
@ -362,25 +334,48 @@ in
'';
};
virtualisation.bootDevice =
virtualisation.bootLoaderDevice =
mkOption {
type = types.path;
default = lookupDriveDeviceName "root" cfg.qemu.drives;
defaultText = literalExpression ''lookupDriveDeviceName "root" cfg.qemu.drives'';
example = "/dev/vda";
description =
lib.mdDoc ''
The disk to be used for the root filesystem.
The disk to be used for the boot filesystem.
By default, it is the same disk as the root filesystem.
'';
};
virtualisation.bootPartition =
mkOption {
type = types.nullOr types.path;
default = if cfg.useEFIBoot then "${cfg.bootLoaderDevice}1" else null;
defaultText = literalExpression ''if cfg.useEFIBoot then "''${cfg.bootLoaderDevice}1" else null'';
example = "/dev/vda1";
description =
lib.mdDoc ''
The boot partition to be used to mount /boot filesystem.
In legacy boots, this should be null.
By default, in EFI boot, it is the first partition of the boot device.
'';
};
virtualisation.persistBootDevice =
virtualisation.rootDevice =
mkOption {
type = types.bool;
default = false;
type = types.nullOr types.path;
example = "/dev/vda2";
description =
lib.mdDoc ''
If useBootLoader is specified, whether to recreate the boot device
on each instantiaton or allow it to persist.
'';
The disk or partition to be used for the root filesystem.
By default (read the source code for more details):
- under EFI with a bootloader: 2nd partition of the boot disk
- in legacy boot with a bootloader: 1st partition of the boot disk
- in direct boot (i.e. without a bootloader): whole disk
In case you are not using a default boot device or a default filesystem, you have to set explicitly your root device.
'';
};
virtualisation.emptyDiskImages =
@ -749,10 +744,22 @@ in
};
virtualisation.efi = {
OVMF = mkOption {
type = types.package;
default = (pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
}).fd;
defaultText = ''(pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
}).fd'';
description =
lib.mdDoc "OVMF firmware package, defaults to OVMF configured with secure boot if needed.";
};
firmware = mkOption {
type = types.path;
default = pkgs.OVMF.firmware;
defaultText = literalExpression "pkgs.OVMF.firmware";
default = cfg.efi.OVMF.firmware;
defaultText = literalExpression "cfg.efi.OVMF.firmware";
description =
lib.mdDoc ''
Firmware binary for EFI implementation, defaults to OVMF.
@ -761,8 +768,8 @@ in
variables = mkOption {
type = types.path;
default = pkgs.OVMF.variables;
defaultText = literalExpression "pkgs.OVMF.variables";
default = cfg.efi.OVMF.variables;
defaultText = literalExpression "cfg.efi.OVMF.variables";
description =
lib.mdDoc ''
Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware.
@ -786,18 +793,17 @@ in
'';
};
virtualisation.efiVars =
virtualisation.useSecureBoot =
mkOption {
type = types.str;
default = "./${config.system.name}-efi-vars.fd";
defaultText = literalExpression ''"./''${config.system.name}-efi-vars.fd"'';
type = types.bool;
default = false;
description =
lib.mdDoc ''
Path to nvram image containing UEFI variables. The will be created
on startup if it does not exist.
Enable Secure Boot support in the EFI firmware.
'';
};
virtualisation.bios =
mkOption {
type = types.nullOr types.package;
@ -853,33 +859,18 @@ in
${opt.writableStore} = false;
'';
# Note [Disk layout with `useBootLoader`]
#
# If `useBootLoader = true`, we configure 2 drives:
# `/dev/?da` for the root disk, and `/dev/?db` for the boot disk
# which has the `/boot` partition and the boot loader.
# Concretely:
#
# * The second drive's image `disk.img` is created in `bootDisk = ...`
# using a throwaway VM. Note that there the disk is always `/dev/vda`,
# even though in the final VM it will be at `/dev/*b`.
# * The disks are attached in `virtualisation.qemu.drives`.
# Their order makes them appear as devices `a`, `b`, etc.
# * `fileSystems."/boot"` is adjusted to be on device `b`.
# * The disk.img is recreated each time the VM is booted unless
# virtualisation.persistBootDevice is set.
# If `useBootLoader`, GRUB goes to the second disk, see
# note [Disk layout with `useBootLoader`].
boot.loader.grub.device = mkVMOverride (
if cfg.useBootLoader
then driveDeviceName 2 # second disk
else cfg.bootDevice
);
# In UEFI boot, we use a EFI-only partition table layout, thus GRUB will fail when trying to install
# legacy and UEFI. In order to avoid this, we have to put "nodev" to force UEFI-only installs.
# Otherwise, we set the proper bootloader device for this.
# FIXME: make a sense of this mess wrt to multiple ESP present in the system, probably use boot.efiSysMountpoint?
boot.loader.grub.device = mkVMOverride (if cfg.useEFIBoot then "nodev" else cfg.bootLoaderDevice);
boot.loader.grub.gfxmodeBios = with cfg.resolution; "${toString x}x${toString y}";
virtualisation.rootDevice = mkDefault suggestedRootDevice;
boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
boot.loader.supportsInitrdSecrets = mkIf (!cfg.useBootLoader) (mkVMOverride false);
boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
''
# We need mke2fs in the initrd.
@ -890,10 +881,10 @@ in
''
# If the disk image appears to be empty, run mke2fs to
# initialise.
FSTYPE=$(blkid -o value -s TYPE ${cfg.bootDevice} || true)
PARTTYPE=$(blkid -o value -s PTTYPE ${cfg.bootDevice} || true)
FSTYPE=$(blkid -o value -s TYPE ${cfg.rootDevice} || true)
PARTTYPE=$(blkid -o value -s PTTYPE ${cfg.rootDevice} || true)
if test -z "$FSTYPE" -a -z "$PARTTYPE"; then
mke2fs -t ext4 ${cfg.bootDevice}
mke2fs -t ext4 ${cfg.rootDevice}
fi
'';
@ -939,8 +930,6 @@ in
optional cfg.writableStore "overlay"
++ optional (cfg.qemu.diskInterface == "scsi") "sym53c8xx";
virtualisation.bootDevice = mkDefault (driveDeviceName 1);
virtualisation.additionalPaths = [ config.system.build.toplevel ];
virtualisation.sharedDirectories = {
@ -997,7 +986,7 @@ in
])
(mkIf cfg.useEFIBoot [
"-drive if=pflash,format=raw,unit=0,readonly=on,file=${cfg.efi.firmware}"
"-drive if=pflash,format=raw,unit=1,file=$NIX_EFI_VARS"
"-drive if=pflash,format=raw,unit=1,readonly=off,file=$NIX_EFI_VARS"
])
(mkIf (cfg.bios != null) [
"-bios ${cfg.bios}/bios.bin"
@ -1013,23 +1002,14 @@ in
file = ''"$NIX_DISK_IMAGE"'';
driveExtraOpts.cache = "writeback";
driveExtraOpts.werror = "report";
deviceExtraOpts.bootindex = "1";
}])
(mkIf cfg.useNixStoreImage [{
name = "nix-store";
file = ''"$TMPDIR"/store.img'';
deviceExtraOpts.bootindex = if cfg.useBootLoader then "3" else "2";
deviceExtraOpts.bootindex = "2";
driveExtraOpts.format = if cfg.writableStore then "qcow2" else "raw";
}])
(mkIf cfg.useBootLoader [
# The order of this list determines the device names, see
# note [Disk layout with `useBootLoader`].
{
name = "boot";
file = ''"$TMPDIR"/disk.img'';
driveExtraOpts.media = "disk";
deviceExtraOpts.bootindex = "1";
}
])
(imap0 (idx: _: {
file = "$(pwd)/empty${toString idx}.qcow2";
driveExtraOpts.werror = "report";
@ -1065,7 +1045,7 @@ in
device = "tmpfs";
fsType = "tmpfs";
} else {
device = cfg.bootDevice;
device = cfg.rootDevice;
fsType = "ext4";
autoFormat = true;
});
@ -1086,9 +1066,8 @@ in
options = [ "mode=0755" ];
neededForBoot = true;
};
# see note [Disk layout with `useBootLoader`]
"/boot" = lib.mkIf cfg.useBootLoader {
device = "${lookupDriveDeviceName "boot" cfg.qemu.drives}2"; # 2 for e.g. `vdb2`, as created in `bootDisk`
"/boot" = lib.mkIf (cfg.useBootLoader && cfg.bootPartition != null) {
device = cfg.bootPartition; # 1 for e.g. `vda1`, as created in `systemImage`
fsType = "vfat";
noCheck = true; # fsck fails on a r/o filesystem
};

3
nixos/tests/all-tests.nix
View File

@ -680,6 +680,9 @@ in {
systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {};
systemd-initrd-swraid = handleTest ./systemd-initrd-swraid.nix {};
systemd-initrd-vconsole = handleTest ./systemd-initrd-vconsole.nix {};
systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix {};
systemd-initrd-networkd-ssh = handleTest ./systemd-initrd-networkd-ssh.nix {};
systemd-initrd-networkd-openvpn = handleTest ./initrd-network-openvpn { systemdStage1 = true; };
systemd-journal = handleTest ./systemd-journal.nix {};
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
systemd-networkd = handleTest ./systemd-networkd.nix {};

4
nixos/tests/bootspec.nix
View File

@ -108,9 +108,9 @@ in
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /run/current-system/bootspec/boot.json")
machine.succeed("test -e /run/current-system/boot.json")
bootspec = json.loads(machine.succeed("jq -r '.v1' /run/current-system/bootspec/boot.json"))
bootspec = json.loads(machine.succeed("jq -r '.v1' /run/current-system/boot.json"))
assert all(key in bootspec for key in ('initrd', 'initrdSecrets')), "Bootspec should contain initrd or initrdSecrets field when initrd is enabled"
'';

4
nixos/tests/ft2-clone.nix
View File

@ -26,9 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.wait_for_window(r"Fasttracker")
machine.sleep(5)
# One of the few words that actually get recognized
if "Songlen" not in machine.get_screen_text():
raise Exception("Program did not start successfully")
machine.wait_for_text(r"(Songlen|Repstart|Time|About|Nibbles|Help)")
machine.screenshot("screen")
'';
})

2
nixos/tests/hibernate.nix
View File

@ -63,7 +63,7 @@ in makeTest {
# Small root disk for installer
512
];
virtualisation.bootDevice = "/dev/vdb";
virtualisation.rootDevice = "/dev/vdb";
};
};

10
nixos/tests/initrd-luks-empty-passphrase.nix
View File

@ -30,26 +30,26 @@ in {
specialisation.boot-luks-wrong-keyfile.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
keyFile = "/etc/cryptroot.key";
tryEmptyPassphrase = true;
fallbackToPassword = !systemdStage1;
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
boot.initrd.secrets."/etc/cryptroot.key" = keyfile;
};
specialisation.boot-luks-missing-keyfile.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
keyFile = "/etc/cryptroot.key";
tryEmptyPassphrase = true;
fallbackToPassword = !systemdStage1;
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
};
@ -76,7 +76,7 @@ in {
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo "" | cryptsetup luksFormat /dev/vdc --batch-mode")
machine.succeed("echo "" | cryptsetup luksFormat /dev/vdb --batch-mode")
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-wrong-keyfile.conf")
machine.succeed("sync")
machine.crash()

20
nixos/tests/initrd-network-openvpn/default.nix
View File

@ -1,3 +1,9 @@
{ system ? builtins.currentSystem
, config ? {}
, pkgs ? import ../.. { inherit system config; }
, systemdStage1 ? false
}:
import ../make-test-python.nix ({ lib, ...}:
{
@ -22,11 +28,12 @@ import ../make-test-python.nix ({ lib, ...}:
minimalboot =
{ ... }:
{
boot.initrd.systemd.enable = systemdStage1;
boot.initrd.network = {
enable = true;
openvpn = {
enable = true;
configuration = "/dev/null";
configuration = builtins.toFile "initrd.ovpn" "";
};
};
};
@ -39,6 +46,17 @@ import ../make-test-python.nix ({ lib, ...}:
virtualisation.vlans = [ 1 ];
boot.initrd = {
systemd.enable = systemdStage1;
systemd.extraBin.nc = "${pkgs.busybox}/bin/nc";
systemd.services.nc = {
requiredBy = ["initrd.target"];
after = ["network.target"];
serviceConfig = {
ExecStart = "/bin/nc -p 1234 -lke /bin/echo TESTVALUE";
Type = "oneshot";
};
};
# This command does not fork to keep the VM in the state where
# only the initramfs is loaded
preLVMCommands =

4
nixos/tests/initrd-network-ssh/default.nix
View File

@ -22,10 +22,6 @@ import ../make-test-python.nix ({ lib, ... }:
hostKeys = [ ./ssh_host_ed25519_key ];
};
};
boot.initrd.extraUtilsCommands = ''
mkdir -p $out/secrets/etc/ssh
cat "${./ssh_host_ed25519_key}" > $out/secrets/etc/ssh/sh_host_ed25519_key
'';
boot.initrd.preLVMCommands = ''
while true; do
if [ -f fnord ]; then

1
nixos/tests/initrd-secrets-changing.nix
View File

@ -15,7 +15,6 @@ testing.makeTest {
nodes.machine = { ... }: {
virtualisation.useBootLoader = true;
virtualisation.persistBootDevice = true;
boot.loader.grub.device = "/dev/vda";

3
nixos/tests/installer.nix
View File

@ -316,8 +316,9 @@ let
# installer. This ensures the target disk (/dev/vda) is
# the same during and after installation.
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.bootDevice =
virtualisation.rootDevice =
if grubVersion == 1 then "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive2" else "/dev/vdb";
virtualisation.bootLoaderDevice = "/dev/vda";
virtualisation.qemu.diskInterface =
if grubVersion == 1 then "scsi" else "virtio";

8
nixos/tests/luks.nix
View File

@ -18,10 +18,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
# We have two disks and only type one password - key reuse is in place
cryptroot.device = "/dev/vdc";
cryptroot2.device = "/dev/vdd";
cryptroot.device = "/dev/vdb";
cryptroot2.device = "/dev/vdc";
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
boot-luks-custom-keymap.configuration = lib.mkMerge [
boot-luks.configuration
@ -37,8 +37,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdd -")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

8
nixos/tests/lvm2/systemd-stage-1.nix
View File

@ -1,18 +1,18 @@
{ kernelPackages ? null, flavour }: let
preparationCode = {
raid = ''
machine.succeed("vgcreate test_vg /dev/vdc /dev/vdd")
machine.succeed("vgcreate test_vg /dev/vdb /dev/vdc")
machine.succeed("lvcreate -L 512M --type raid0 test_vg -n test_lv")
'';
thinpool = ''
machine.succeed("vgcreate test_vg /dev/vdc")
machine.succeed("vgcreate test_vg /dev/vdb")
machine.succeed("lvcreate -L 512M -T test_vg/test_thin_pool")
machine.succeed("lvcreate -n test_lv -V 16G --thinpool test_thin_pool test_vg")
'';
vdo = ''
machine.succeed("vgcreate test_vg /dev/vdc")
machine.succeed("vgcreate test_vg /dev/vdb")
machine.succeed("lvcreate --type vdo -n test_lv -L 6G -V 12G test_vg/vdo_pool_lv")
'';
}.${flavour};
@ -79,7 +79,7 @@ in import ../make-test-python.nix ({ pkgs, ... }: {
kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages;
};
specialisation.boot-lvm.configuration.virtualisation.bootDevice = "/dev/test_vg/test_lv";
specialisation.boot-lvm.configuration.virtualisation.rootDevice = "/dev/test_vg/test_lv";
};
testScript = ''

2
nixos/tests/nextcloud/default.nix
View File

@ -26,4 +26,4 @@ foldl
};
})
{ }
[ 24 25 26 ]
[ 25 26 ]

3
nixos/tests/non-default-filesystems.nix
View File

@ -5,9 +5,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
nodes.machine =
{ config, pkgs, lib, ... }:
let
disk = config.virtualisation.bootDevice;
disk = config.virtualisation.rootDevice;
in
{
virtualisation.rootDevice = "/dev/vda";
virtualisation.useDefaultFilesystems = false;
boot.initrd.availableKernelModules = [ "btrfs" ];

39
nixos/tests/predictable-interface-names.nix
View File

@ -8,25 +8,48 @@ let
testCombinations = pkgs.lib.cartesianProductOfSets {
predictable = [true false];
withNetworkd = [true false];
systemdStage1 = [true false];
};
in pkgs.lib.listToAttrs (builtins.map ({ predictable, withNetworkd }: {
in pkgs.lib.listToAttrs (builtins.map ({ predictable, withNetworkd, systemdStage1 }: {
name = pkgs.lib.optionalString (!predictable) "un" + "predictable"
+ pkgs.lib.optionalString withNetworkd "Networkd";
+ pkgs.lib.optionalString withNetworkd "Networkd"
+ pkgs.lib.optionalString systemdStage1 "SystemdStage1";
value = makeTest {
name = "${pkgs.lib.optionalString (!predictable) "un"}predictableInterfaceNames${pkgs.lib.optionalString withNetworkd "-with-networkd"}";
name = pkgs.lib.optionalString (!predictable) "un" + "predictableInterfaceNames"
+ pkgs.lib.optionalString withNetworkd "-with-networkd"
+ pkgs.lib.optionalString systemdStage1 "-systemd-stage-1";
meta = {};
nodes.machine = { lib, ... }: {
nodes.machine = { lib, ... }: let
script = ''
ip link
if ${lib.optionalString predictable "!"} ip link show eth0; then
echo Success
else
exit 1
fi
'';
in {
networking.usePredictableInterfaceNames = lib.mkForce predictable;
networking.useNetworkd = withNetworkd;
networking.dhcpcd.enable = !withNetworkd;
networking.useDHCP = !withNetworkd;
# Check if predictable interface names are working in stage-1
boot.initrd.postDeviceCommands = ''
ip link
ip link show eth0 ${if predictable then "&&" else "||"} exit 1
'';
boot.initrd.postDeviceCommands = script;
boot.initrd.systemd = lib.mkIf systemdStage1 {
enable = true;
initrdBin = [ pkgs.iproute2 ];
services.systemd-udev-settle.wantedBy = ["initrd.target"];
services.check-interfaces = {
requiredBy = ["initrd.target"];
after = ["systemd-udev-settle.service"];
serviceConfig.Type = "oneshot";
path = [ pkgs.iproute2 ];
inherit script;
};
};
};
testScript = ''

2
nixos/tests/swap-file-btrfs.nix
View File

@ -9,7 +9,7 @@ import ./make-test-python.nix ({ lib, ... }:
{
virtualisation.useDefaultFilesystems = false;
virtualisation.bootDevice = "/dev/vda";
virtualisation.rootDevice = "/dev/vda";
boot.initrd.postDeviceCommands = ''
${pkgs.btrfs-progs}/bin/mkfs.btrfs --label root /dev/vda

2
nixos/tests/swap-partition.nix
View File

@ -7,7 +7,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
{
virtualisation.useDefaultFilesystems = false;
virtualisation.bootDevice = "/dev/vda1";
virtualisation.rootDevice = "/dev/vda1";
boot.initrd.postDeviceCommands = ''
if ! test -b /dev/vda1; then

8
nixos/tests/systemd-initrd-btrfs-raid.nix
View File

@ -21,14 +21,14 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
fileSystems = lib.mkVMOverride {
"/".fsType = lib.mkForce "btrfs";
};
virtualisation.bootDevice = "/dev/vdc";
virtualisation.rootDevice = "/dev/vdb";
};
};
testScript = ''
# Create RAID
machine.succeed("mkfs.btrfs -d raid0 /dev/vdc /dev/vdd")
machine.succeed("mkdir -p /mnt && mount /dev/vdc /mnt && echo hello > /mnt/test && umount /mnt")
machine.succeed("mkfs.btrfs -d raid0 /dev/vdb /dev/vdc")
machine.succeed("mkdir -p /mnt && mount /dev/vdb /mnt && echo hello > /mnt/test && umount /mnt")
# Boot from the RAID
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-btrfs-raid.conf")
@ -38,7 +38,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
# Ensure we have successfully booted from the RAID
assert "(initrd)" in machine.succeed("systemd-analyze") # booted with systemd in stage 1
assert "/dev/vdc on / type btrfs" in machine.succeed("mount")
assert "/dev/vdb on / type btrfs" in machine.succeed("mount")
assert "hello" in machine.succeed("cat /test")
assert "Total devices 2" in machine.succeed("btrfs filesystem show")
'';

8
nixos/tests/systemd-initrd-luks-fido2.nix
View File

@ -19,19 +19,19 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
crypttabExtraOpts = [ "fido2-device=auto" ];
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
};
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdc |& systemd-cat")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdb |& systemd-cat")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

6
nixos/tests/systemd-initrd-luks-keyfile.nix
View File

@ -27,11 +27,11 @@ in {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
keyFile = "/etc/cryptroot.key";
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
boot.initrd.secrets."/etc/cryptroot.key" = keyfile;
};
};
@ -39,7 +39,7 @@ in {
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("cryptsetup luksFormat -q --iter-time=1 -d ${keyfile} /dev/vdc")
machine.succeed("cryptsetup luksFormat -q --iter-time=1 -d ${keyfile} /dev/vdb")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

12
nixos/tests/systemd-initrd-luks-password.nix
View File

@ -19,10 +19,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
# We have two disks and only type one password - key reuse is in place
cryptroot.device = "/dev/vdc";
cryptroot2.device = "/dev/vdd";
cryptroot.device = "/dev/vdb";
cryptroot2.device = "/dev/vdc";
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
# test mounting device unlocked in initrd after switching root
virtualisation.fileSystems."/cryptroot2".device = "/dev/mapper/cryptroot2";
};
@ -31,9 +31,9 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
testScript = ''
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdd -")
machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdd cryptroot2")
machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdc cryptroot2")
machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2")
# Boot from the encrypted disk
@ -47,7 +47,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
machine.send_console("supersecret\n")
machine.wait_for_unit("multi-user.target")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount")
assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list"
assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount")
'';
})

8
nixos/tests/systemd-initrd-luks-tpm2.nix
View File

@ -21,11 +21,11 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
specialisation.boot-luks.configuration = {
boot.initrd.luks.devices = lib.mkVMOverride {
cryptroot = {
device = "/dev/vdc";
device = "/dev/vdb";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
};
virtualisation.bootDevice = "/dev/mapper/cryptroot";
virtualisation.rootDevice = "/dev/mapper/cryptroot";
};
};
@ -55,8 +55,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
# Create encrypted volume
machine.wait_for_unit("multi-user.target")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdc |& systemd-cat")
machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -")
machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat")
# Boot from the encrypted disk
machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf")

82
nixos/tests/systemd-initrd-networkd-ssh.nix Normal file
View File

@ -0,0 +1,82 @@
import ./make-test-python.nix ({ lib, ... }: {
name = "systemd-initrd-network-ssh";
meta.maintainers = [ lib.maintainers.elvishjerricco ];
nodes = with lib; {
server = { config, pkgs, ... }: {
environment.systemPackages = [pkgs.cryptsetup];
boot.loader.systemd-boot.enable = true;
boot.loader.timeout = 0;
virtualisation = {
emptyDiskImages = [ 4096 ];
useBootLoader = true;
useEFIBoot = true;
};
specialisation.encrypted-root.configuration = {
virtualisation.bootDevice = "/dev/mapper/root";
boot.initrd.luks.devices = lib.mkVMOverride {
root.device = "/dev/vdc";
};
boot.initrd.systemd.enable = true;
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
authorizedKeys = [ (readFile ./initrd-network-ssh/id_ed25519.pub) ];
port = 22;
# Terrible hack so it works with useBootLoader
hostKeys = [ { outPath = "${./initrd-network-ssh/ssh_host_ed25519_key}"; } ];
};
};
};
};
client = { config, ... }: {
environment.etc = {
knownHosts = {
text = concatStrings [
"server,"
"${
toString (head (splitString " " (toString
(elemAt (splitString "\n" config.networking.extraHosts) 2))))
} "
"${readFile ./initrd-network-ssh/ssh_host_ed25519_key.pub}"
];
};
sshKey = {
source = ./initrd-network-ssh/id_ed25519;
mode = "0600";
};
};
};
};
testScript = ''
start_all()
def ssh_is_up(_) -> bool:
status, _ = client.execute("nc -z server 22")
return status == 0
server.wait_for_unit("multi-user.target")
server.succeed(
"echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdc",
"bootctl set-default nixos-generation-1-specialisation-encrypted-root.conf",
"sync",
)
server.shutdown()
server.start()
client.wait_for_unit("network.target")
with client.nested("waiting for SSH server to come up"):
retry(ssh_is_up)
client.succeed(
"echo somepass | ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'systemd-tty-ask-password-agent' & exit"
)
server.wait_for_unit("multi-user.target")
server.succeed("mount | grep '/dev/mapper/root on /'")
'';
})

74
nixos/tests/systemd-initrd-networkd.nix Normal file
View File

@ -0,0 +1,74 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "systemd-initrd-network";
meta.maintainers = [ lib.maintainers.elvishjerricco ];
nodes = let
mkFlushTest = flush: script: { ... }: {
boot.initrd.systemd.enable = true;
boot.initrd.network = {
enable = true;
flushBeforeStage2 = flush;
};
systemd.services.check-flush = {
requiredBy = ["multi-user.target"];
before = ["network-pre.target" "multi-user.target"];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
path = [ pkgs.iproute2 pkgs.iputils pkgs.gnugrep ];
inherit script;
};
};
in {
basic = { ... }: {
boot.initrd.network.enable = true;
boot.initrd.systemd = {
enable = true;
# Enable network-online to fail the test in case of timeout
network.wait-online.timeout = 10;
network.wait-online.anyInterface = true;
targets.network-online.requiredBy = [ "initrd.target" ];
services.systemd-networkd-wait-online.requiredBy =
[ "network-online.target" ];
initrdBin = [ pkgs.iproute2 pkgs.iputils pkgs.gnugrep ];
services.check = {
requiredBy = [ "initrd.target" ];
before = [ "initrd.target" ];
after = [ "network-online.target" ];
serviceConfig.Type = "oneshot";
path = [ pkgs.iproute2 pkgs.iputils pkgs.gnugrep ];
script = ''
ip addr | grep 10.0.2.15 || exit 1
ping -c1 10.0.2.2 || exit 1
'';
};
};
};
doFlush = mkFlushTest true ''
if ip addr | grep 10.0.2.15; then
echo "Network configuration survived switch-root; flushBeforeStage2 failed"
exit 1
fi
'';
dontFlush = mkFlushTest false ''
if ! (ip addr | grep 10.0.2.15); then
echo "Network configuration didn't survive switch-root"
exit 1
fi
'';
};
testScript = ''
start_all()
basic.wait_for_unit("multi-user.target")
doFlush.wait_for_unit("multi-user.target")
dontFlush.wait_for_unit("multi-user.target")
# Make sure the systemd-network user was set correctly in initrd
basic.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]")
basic.succeed("ip addr show >&2")
basic.succeed("ip route show >&2")
'';
})

2
nixos/tests/systemd-initrd-simple.nix
View File

@ -27,6 +27,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
machine.succeed("[ -e /dev/pts/ptmx ]") # /dev/pts
machine.succeed("[ -e /run/keys ]") # /run/keys
with subtest("groups work"):
machine.fail("journalctl -b 0 | grep 'systemd-udevd.*Unknown group.*ignoring'")
with subtest("growfs works"):
oldAvail = machine.succeed("df --output=avail / | sed 1d")

6
nixos/tests/systemd-initrd-swraid.nix
View File

@ -20,18 +20,18 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
services.swraid = {
enable = true;
mdadmConf = ''
ARRAY /dev/md0 devices=/dev/vdc,/dev/vdd
ARRAY /dev/md0 devices=/dev/vdb,/dev/vdc
'';
};
kernelModules = [ "raid0" ];
};
specialisation.boot-swraid.configuration.virtualisation.bootDevice = "/dev/disk/by-label/testraid";
specialisation.boot-swraid.configuration.virtualisation.rootDevice = "/dev/disk/by-label/testraid";
};
testScript = ''
# Create RAID
machine.succeed("mdadm --create --force /dev/md0 -n 2 --level=raid0 /dev/vdc /dev/vdd")
machine.succeed("mdadm --create --force /dev/md0 -n 2 --level=raid0 /dev/vdb /dev/vdc")
machine.succeed("mkfs.ext4 -L testraid /dev/md0")
machine.succeed("mkdir -p /mnt && mount /dev/md0 /mnt && echo hello > /mnt/test && umount /mnt")

38
nixos/tests/zfs.nix
View File

@ -80,6 +80,11 @@ let
fsType = "zfs";
options = [ "noauto" ];
};
virtualisation.fileSystems."/manual/httpkey" = {
device = "manual/httpkey";
fsType = "zfs";
options = [ "noauto" ];
};
};
specialisation.forcepool.configuration = {
@ -92,21 +97,34 @@ let
options = [ "noauto" ];
};
};
services.nginx = {
enable = true;
virtualHosts = {
localhost = {
locations = {
"/zfskey" = {
return = ''200 "httpkeyabc"'';
};
};
};
};
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.succeed(
"zpool status",
"parted --script /dev/vdb mklabel msdos",
"parted --script /dev/vdb -- mkpart primary 1024M -1s",
"parted --script /dev/vdc mklabel msdos",
"parted --script /dev/vdc -- mkpart primary 1024M -1s",
"parted --script /dev/vdd mklabel msdos",
"parted --script /dev/vdd -- mkpart primary 1024M -1s",
)
with subtest("sharesmb works"):
machine.succeed(
"zpool create rpool /dev/vdc1",
"zpool create rpool /dev/vdb1",
"zfs create -o mountpoint=legacy rpool/root",
# shared datasets cannot have legacy mountpoint
"zfs create rpool/shared_smb",
@ -126,10 +144,12 @@ let
with subtest("encryption works"):
machine.succeed(
'echo password | zpool create -O mountpoint=legacy '
+ "-O encryption=aes-256-gcm -O keyformat=passphrase automatic /dev/vdc1",
"zpool create -O mountpoint=legacy manual /dev/vdd1",
+ "-O encryption=aes-256-gcm -O keyformat=passphrase automatic /dev/vdb1",
"zpool create -O mountpoint=legacy manual /dev/vdc1",
"echo otherpass | zfs create "
+ "-o encryption=aes-256-gcm -o keyformat=passphrase manual/encrypted",
"zfs create -o encryption=aes-256-gcm -o keyformat=passphrase "
+ "-o keylocation=http://localhost/zfskey manual/httpkey",
"bootctl set-default nixos-generation-1-specialisation-encryption.conf",
"sync",
"zpool export automatic",
@ -141,10 +161,12 @@ let
machine.send_console("password\n")
machine.wait_for_unit("multi-user.target")
machine.succeed(
"zfs get keystatus manual/encrypted | grep unavailable",
"zfs get -Ho value keystatus manual/encrypted | grep -Fx unavailable",
"echo otherpass | zfs load-key manual/encrypted",
"systemctl start manual-encrypted.mount",
"umount /automatic /manual/encrypted /manual",
"zfs load-key manual/httpkey",
"systemctl start manual-httpkey.mount",
"umount /automatic /manual/encrypted /manual/httpkey /manual",
"zpool destroy automatic",
"zpool destroy manual",
)
@ -153,7 +175,7 @@ let
machine.succeed(
"rm /etc/hostid",
"zgenhostid deadcafe",
"zpool create forcepool /dev/vdc1 -O mountpoint=legacy",
"zpool create forcepool /dev/vdb1 -O mountpoint=legacy",
"bootctl set-default nixos-generation-1-specialisation-forcepool.conf",
"rm /etc/hostid",
"sync",

17
pkgs/applications/accessibility/contrast/default.nix
View File

@ -11,14 +11,13 @@
, ninja
, pango
, pkg-config
, python3
, rustPlatform
, wrapGAppsHook4
}:
stdenv.mkDerivation rec {
pname = "contrast";
version = "0.0.5";
version = "0.0.7";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
@ -26,13 +25,13 @@ stdenv.mkDerivation rec {
owner = "design";
repo = "contrast";
rev = version;
sha256 = "cypSbqLwSmauOoWOuppWpF3hvrxiqmkLspxAWzvlUC0=";
hash = "sha256-waoXv8dzqynkpfEPZSgZnS6fyo9+9+3Q2oy2fMtEsoE=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-W4FyqwJpimf0isQRCq9TegpTQPQfsumx40AFQCFG5VQ=";
hash = "sha256-94QwPSiGjjPuskg5w6QfM5FuChFno7f9dh0Xr2wWKCI=";
};
nativeBuildInputs = [
@ -41,12 +40,10 @@ stdenv.mkDerivation rec {
meson
ninja
pkg-config
python3
rustPlatform.rust.cargo
rustPlatform.cargoSetupHook
rustPlatform.rust.rustc
wrapGAppsHook4
glib # for glib-compile-resources
];
buildInputs = [
@ -57,13 +54,6 @@ stdenv.mkDerivation rec {
pango
];
postPatch = ''
patchShebangs build-aux/meson_post_install.py
# https://gitlab.gnome.org/World/design/contrast/-/merge_requests/23
substituteInPlace build-aux/meson_post_install.py \
--replace "gtk-update-icon-cache" "gtk4-update-icon-cache"
'';
meta = with lib; {
description = "Checks whether the contrast between two colors meet the WCAG requirements";
homepage = "https://gitlab.gnome.org/World/design/contrast";
@ -74,4 +64,3 @@ stdenv.mkDerivation rec {
broken = stdenv.isDarwin;
};
}

7
pkgs/applications/audio/artyFX/default.nix
View File

@ -2,14 +2,13 @@
stdenv.mkDerivation rec {
pname = "artyFX";
# Fix build with lv2 1.18: https://github.com/openAVproductions/openAV-ArtyFX/pull/41/commits/492587461b50d140455aa3c98d915eb8673bebf0
version = "unstable-2020-04-28";
version = "1.3.1";
src = fetchFromGitHub {
owner = "openAVproductions";
repo = "openAV-ArtyFX";
rev = "8c542627d936a01b1d97825e7f26a8e95633f7aa";
sha256 = "0wwg8ivnpyy0235bapjy4g0ij85zq355jwi6c1nkrac79p4z9ail";
rev = "release-${version}";
hash = "sha256-GD9nwXdXSJX5OvAMxEAnngkvRW+E1jrNfWXK122bsTM=";
};
nativeBuildInputs = [ cmake pkg-config ];

4
pkgs/applications/audio/ft2-clone/default.nix
View File

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.65";
version = "1.66";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "sha256-Jo1qs0d8/o9FWR7jboWCJ7ntawBGTlm7yPzxxUnZLsI=";
sha256 = "sha256-glLgjZFWvz/bJe9R8KTDu4+778dueC9tw3nVKF3xcps=";
};
# Adapt the linux-only CMakeLists to darwin (more reliable than make-macos.sh)

4
pkgs/applications/audio/go-musicfox/default.nix
View File

@ -10,13 +10,13 @@
# gcc only supports objc on darwin
buildGoModule.override { stdenv = clangStdenv; } rec {
pname = "go-musicfox";
version = "4.0.3";
version = "4.0.4";
src = fetchFromGitHub {
owner = "anhoder";
repo = pname;
rev = "v${version}";
hash = "sha256-6JOD0RsZY79jLYJqPrzc43jgR03XQEfa8B0mGvlIkF4=";
hash = "sha256-EPORD8jDmTnCm/ON1Vz2R7DpFVyAR8q7r2KZyKTiGr4=";
};
deleteVendor = true;

2
pkgs/applications/audio/tap-plugins/default.nix
View File

@ -4,7 +4,7 @@
, ladspa-sdk
}:
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "tap-plugins";
version = "unstable-2020-12-09";

8
pkgs/applications/editors/emacs/elisp-packages/elpa-packages.nix
View File

@ -106,7 +106,9 @@ self: let
};
});
jinx = super.jinx.overrideAttrs (old: {
jinx = super.jinx.overrideAttrs (old: let
libExt = pkgs.stdenv.targetPlatform.extensions.sharedLibrary;
in {
dontUnpack = false;
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
@ -117,12 +119,12 @@ self: let
postBuild = ''
NIX_CFLAGS_COMPILE="$($PKG_CONFIG --cflags enchant-2) $NIX_CFLAGS_COMPILE"
$CC -shared -o jinx-mod.so jinx-mod.c -lenchant-2
$CC -shared -o jinx-mod${libExt} jinx-mod.c -lenchant-2
'';
postInstall = (old.postInstall or "") + "\n" + ''
outd=$out/share/emacs/site-lisp/elpa/jinx-*
install -m444 -t $outd jinx-mod.so
install -m444 -t $outd jinx-mod${libExt}
rm $outd/jinx-mod.c $outd/emacs-module.h
'';

8
pkgs/applications/editors/emacs/elisp-packages/melpa-packages.nix
View File

@ -314,7 +314,9 @@ let
ivy-rtags = fix-rtags super.ivy-rtags;
jinx = super.jinx.overrideAttrs (old: {
jinx = super.jinx.overrideAttrs (old: let
libExt = pkgs.stdenv.targetPlatform.extensions.sharedLibrary;
in {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [
pkgs.pkg-config
];
@ -324,14 +326,14 @@ let
postBuild = ''
pushd working/jinx
NIX_CFLAGS_COMPILE="$($PKG_CONFIG --cflags enchant-2) $NIX_CFLAGS_COMPILE"
$CC -shared -o jinx-mod.so jinx-mod.c -lenchant-2
$CC -shared -o jinx-mod${libExt} jinx-mod.c -lenchant-2
popd
'';
postInstall = (old.postInstall or "") + "\n" + ''
pushd source
outd=$(echo $out/share/emacs/site-lisp/elpa/jinx-*)
install -m444 --target-directory=$outd jinx-mod.so
install -m444 --target-directory=$outd jinx-mod${libExt}
rm $outd/jinx-mod.c $outd/emacs-module.h
popd
'';

4
pkgs/applications/editors/moe/default.nix
View File

@ -5,12 +5,12 @@
, ncurses
}:
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "moe";
version = "1.13";
src = fetchurl {
url = "mirror://gnu/moe/moe-${self.version}.tar.lz";
url = "mirror://gnu/moe/moe-${finalAttrs.version}.tar.lz";
hash = "sha256-Q6VXvFEvidbHGOX0ECnP46BVaCYg642+zmMC80omFGs=";
};

4
pkgs/applications/editors/orbiton/default.nix
View File

@ -4,13 +4,13 @@
buildGoModule rec {
pname = "orbiton";
version = "2.60.5";
version = "2.60.6";
src = fetchFromGitHub {
owner = "xyproto";
repo = "orbiton";
rev = "v${version}";
hash = "sha256-gCE4mrZXLFteZKUPDsAc1hS1I/WTns9I9oZE5bAF7fU=";
hash = "sha256-uDxdv7HlswGsuM4UewZOO45/P9jIOo4bb0T1RrQqtpg=";
};
vendorHash = null;

10
pkgs/applications/editors/setzer/default.nix
View File

@ -11,20 +11,21 @@
, gobject-introspection
, gtksourceview4
, gspell
, libhandy
, poppler_gi
, webkitgtk
, webkitgtk_4_1
, librsvg
}:
python3.pkgs.buildPythonApplication rec {
pname = "setzer";
version = "0.4.8";
version = "55";
src = fetchFromGitHub {
owner = "cvfosammmm";
repo = "Setzer";
rev = "v${version}";
hash = "sha256-7NPyvAof0xObYZws3KFAbdue/GpIRthzdX00jc9GhYs=";
hash = "sha256-Mcl9kWeo4w/wW8crR58Yyqoh26w8/SmNrjmHps6DmRA=";
};
format = "other";
@ -43,8 +44,9 @@ python3.pkgs.buildPythonApplication rec {
buildInputs = [
gtksourceview4
gspell
libhandy
poppler_gi
webkitgtk
webkitgtk_4_1
librsvg
];

10
pkgs/applications/editors/texmaker/default.nix
View File

@ -1,4 +1,4 @@
{ lib, mkDerivation, fetchurl, qtbase, qtscript, qtwebengine, qmake, zlib, pkg-config, poppler }:
{ lib, mkDerivation, fetchurl, qtbase, qtscript, qtwebengine, qmake, zlib, pkg-config, poppler, wrapGAppsHook }:
mkDerivation rec {
pname = "texmaker";
@ -10,7 +10,7 @@ mkDerivation rec {
};
buildInputs = [ qtbase qtscript poppler zlib qtwebengine ];
nativeBuildInputs = [ pkg-config poppler qmake ];
nativeBuildInputs = [ pkg-config poppler qmake wrapGAppsHook ];
env.NIX_CFLAGS_COMPILE = "-I${poppler.dev}/include/poppler";
qmakeFlags = [
@ -19,6 +19,12 @@ mkDerivation rec {
"METAINFODIR=${placeholder "out"}/share/metainfo"
];
dontWrapGApps = true;
preFixup = ''
qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = with lib; {
description = "TeX and LaTeX editor";
longDescription=''

462
pkgs/applications/editors/vim/plugins/generated.nix
View File

File diff suppressed because it is too large Load Diff

11
pkgs/applications/editors/vim/plugins/overrides.nix
View File

@ -850,18 +850,18 @@ self: super: {
sniprun =
let
version = "1.3.0";
version = "1.3.1";
src = fetchFromGitHub {
owner = "michaelb";
repo = "sniprun";
rev = "v${version}";
hash = "sha256-6UDjrrEtOuB+lrCZVBO4BcZm78qwq8YbQcXAdjNbicY=";
hash = "sha256-grrrqvdqoYTBtlU+HLrSQJsAmMA/+OHbuoVvOwHYPnk=";
};
sniprun-bin = rustPlatform.buildRustPackage {
pname = "sniprun-bin";
inherit version src;
cargoSha256 = "sha256-ghXYUgXqXvK9RySG/hQR5zpLsyk6L9Htb/UYgMPyWUk=";
cargoSha256 = "sha256-hmZXYJFIeKgYyhT6mSrmX+7M9GQQHHzliYHjsBoHgOc=";
nativeBuildInputs = [ makeWrapper ];
@ -882,11 +882,6 @@ self: super: {
substituteInPlace lua/sniprun.lua --replace '@sniprun_bin@' ${sniprun-bin}
'';
postInstall = ''
mkdir $out/doc
ln -s $out/docs/sniprun.txt $out/doc/sniprun.txt
'';
propagatedBuildInputs = [ sniprun-bin ];
};

2
pkgs/applications/editors/vim/plugins/vim-plugin-names
View File

@ -77,6 +77,7 @@ https://github.com/jamespwilliams/bat.vim/,HEAD,
https://github.com/vim-scripts/bats.vim/,,
https://github.com/rbgrouleff/bclose.vim/,,
https://github.com/max397574/better-escape.nvim/,,
https://github.com/LunarVim/bigfile.nvim/,,
https://github.com/sblumentritt/bitbake.vim/,,
https://github.com/APZelos/blamer.nvim/,HEAD,
https://github.com/blueballs-theme/blueballs-neovim/,,
@ -237,6 +238,7 @@ https://github.com/Shougo/echodoc.vim/,,
https://github.com/sainnhe/edge/,,
https://github.com/editorconfig/editorconfig-vim/,,
https://github.com/gpanders/editorconfig.nvim/,,
https://github.com/elixir-tools/elixir-tools.nvim/,HEAD,
https://github.com/elmcast/elm-vim/,,
https://github.com/dmix/elvish.vim/,,
https://github.com/mattn/emmet-vim/,,

4
pkgs/applications/editors/vscode/extensions/default.nix
View File

@ -1079,8 +1079,8 @@ let
mktplcRef = {
name = "prettier-vscode";
publisher = "esbenp";
version = "9.10.4";
sha256 = "sha256-khtyB0Qbm+iuM1GsAaF32YRv1VBTIy7daeCKdgwCIC8=";
version = "9.12.0";
sha256 = "sha256-b7EaYYJNZQBqhyKJ04tytmD9DDRcvA68HTo5JHTr9Fo=";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/esbenp.prettier-vscode/changelog";

4
pkgs/applications/emulators/dosbox-staging/default.nix
View File

@ -29,14 +29,14 @@
, speexdsp
}:
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "dosbox-staging";
version = "0.80.1";
src = fetchFromGitHub {
owner = "dosbox-staging";
repo = "dosbox-staging";
rev = "v${self.version}";
rev = "v${finalAttrs.version}";
hash = "sha256-I90poBeLSq1c8PXyjrx7/UcbfqFNnnNiXfJdWhLPGMc=";
};

6
pkgs/applications/emulators/ppsspp/default.nix
View File

@ -29,7 +29,7 @@ let
in
# Only SDL frontend needs to specify whether to use Wayland
assert forceWayland -> !enableQt;
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "ppsspp"
+ lib.optionalString enableQt "-qt"
+ lib.optionalString (!enableQt) "-sdl"
@ -39,13 +39,13 @@ stdenv.mkDerivation (self: {
src = fetchFromGitHub {
owner = "hrydgard";
repo = "ppsspp";
rev = "v${self.version}";
rev = "v${finalAttrs.version}";
fetchSubmodules = true;
sha256 = "sha256-7xzhN8JIQD4LZg8sQ8rLNYZrW0nCNBfZFgzoKdoWbKc=";
};
postPatch = ''
substituteInPlace git-version.cmake --replace unknown ${self.src.rev}
substituteInPlace git-version.cmake --replace unknown ${finalAttrs.src.rev}
substituteInPlace UI/NativeApp.cpp --replace /usr/share $out/share
'';

4
pkgs/applications/emulators/rpcemu/default.nix
View File

@ -7,13 +7,13 @@
let
inherit (qt5) qtbase qtmultimedia wrapQtAppsHook;
in
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "rpcemu";
version = "0.9.4";
src = fetchhg {
url = "http://www.home.marutan.net/hg/rpcemu";
rev = "release_${self.version}";
rev = "release_${finalAttrs.version}";
sha256 = "sha256-UyjfTfUpSvJNFPkQWPKppxp/kO0hVGo5cE9RuCU8GJI=";
};

8
pkgs/applications/emulators/xemu/default.nix
View File

@ -25,14 +25,14 @@
, wrapGAppsHook
}:
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "xemu";
version = "0.7.85";
src = fetchFromGitHub {
owner = "xemu-project";
repo = "xemu";
rev = "v${self.version}";
rev = "v${finalAttrs.version}";
hash = "sha256-sVUkB2KegdKlHlqMvSwB1nLdJGun2x2x9HxtNHnpp1s=";
fetchSubmodules = true;
};
@ -94,7 +94,7 @@ stdenv.mkDerivation (self: {
# to run `XEMU_COMMIT=$(cat XEMU_COMMIT)` (and similar)
branch = "master";
commit = "d8fa50e524c22f85ecb2e43108fd6a5501744351";
inherit (self) version;
inherit (finalAttrs) version;
in ''
patchShebangs .
configureFlagsArray+=("--extra-cflags=-DXBOX=1 -Wno-error=redundant-decls")
@ -133,7 +133,7 @@ stdenv.mkDerivation (self: {
Xbox game console, enabling people to play their original Xbox games on
Windows, macOS, and Linux systems.
'';
changelog = "https://github.com/xemu-project/xemu/releases/tag/v${self.version}";
changelog = "https://github.com/xemu-project/xemu/releases/tag/v${finalAttrs.version}";
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [ AndersonTorres genericnerdyusername ];
platforms = with lib.platforms; linux;

4
pkgs/applications/emulators/yapesdl/default.nix
View File

@ -5,14 +5,14 @@
, SDL2
}:
stdenv.mkDerivation (self: {
stdenv.mkDerivation (finalAttrs: {
pname = "yapesdl";
version = "0.71.2";
src = fetchFromGitHub {
owner = "calmopyrin";
repo = "yapesdl";
rev = "v${self.version}";
rev = "v${finalAttrs.version}";
hash = "sha256-QGF3aS/YSzdGxHONKyA/iTewEVYsjBAsKARVMXkFV2k=";
};

6
pkgs/applications/graphics/gscan2pdf/default.nix
View File

@ -130,6 +130,12 @@ perlPackages.buildPerlPackage rec {
# Non-zero wait status: 139
rm t/0601_Dialog_Scan.t
# Disable a test which failed due to convert returning an exit value of 1
# convert: negative or zero image size `/build/KL5kTVnNCi/YfgegFM53e.pnm' @ error/resize.c/ResizeImage/3743.
# *** unhandled exception in callback:
# *** "convert" unexpectedly returned exit value 1 at t/357_unpaper_rtl.t line 63.
rm t/357_unpaper_rtl.t
xvfb-run -s '-screen 0 800x600x24' \
make test
'';

4
pkgs/applications/graphics/mangareader/default.nix
View File

@ -16,13 +16,13 @@
stdenv.mkDerivation rec {
pname = "mangareader";
version = "2.0.4";
version = "2.1.0";
src = fetchFromGitHub {
owner = "g-fb";
repo = pname;
rev = version;
hash = "sha256-j5b2O5OgDRaaxNssknTTgVscudk1+mFlGQN5KE6CwcU=";
hash = "sha256-YZZcp+HS/P/GxWYyOpO35nByJSzv4HahzzrZSVRcCRs=";
};
nativeBuildInputs = [

10
pkgs/applications/kde/spectacle.nix
View File

@ -5,11 +5,12 @@
, knotifications, kscreen, kwidgetsaddons, kwindowsystem, kxmlgui, libkipi
, qtx11extras, knewstuff, kwayland, qttools, kcolorpicker, kimageannotator
, qcoro, qtquickcontrols2, wayland, plasma-wayland-protocols, kpurpose, kpipewire
, wrapGAppsHook
}:
mkDerivation {
pname = "spectacle";
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook ];
buildInputs = [
kconfig kcoreaddons kdbusaddons kdeclarative ki18n kio knotifications
kscreen kwidgetsaddons kwindowsystem kxmlgui libkipi qtx11extras xcb-util-cursor
@ -20,6 +21,13 @@ mkDerivation {
substituteInPlace desktop/org.kde.spectacle.desktop.cmake \
--replace "Exec=@QtBinariesDir@/qdbus" "Exec=${lib.getBin qttools}/bin/qdbus"
'';
dontWrapGApps = true;
preFixup = ''
qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
propagatedUserEnvPkgs = [ kipi-plugins libkipi ];
meta = with lib; {
homepage = "https://apps.kde.org/spectacle/";

14
pkgs/applications/misc/authenticator/default.nix
View File

@ -22,20 +22,20 @@
stdenv.mkDerivation rec {
pname = "authenticator";
version = "4.2.0";
version = "4.3.0";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "Authenticator";
rev = version;
hash = "sha256-Nv4QE6gyh42Na/stAgTIapV8GQuUHCdL6IEO//J8dV8=";
hash = "sha256-WR5gXGry4wti2M4D/IQvwI7OSak1p+O+XAhr01hdv2Q=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-IS9jdr19VvgX6M1OqM6rjE8veujZcwBuOTuDm5mDXso=";
hash = "sha256-ZVDKTJojblVCbbdtnqcL+UVW1vkmu99AXCbgyCGNHCM=";
};
nativeBuildInputs = [
@ -67,19 +67,11 @@ stdenv.mkDerivation rec {
zbar
];
# https://gitlab.gnome.org/World/Authenticator/-/issues/362
preBuild = ''
export BINDGEN_EXTRA_CLANG_ARGS="$BINDGEN_EXTRA_CLANG_ARGS -DPW_ENABLE_DEPRECATED"
'';
meta = {
description = "Two-factor authentication code generator for GNOME";
homepage = "https://gitlab.gnome.org/World/Authenticator";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ austinbutler ];
platforms = lib.platforms.linux;
# Fails to build on aarch64 with error
# "a label can only be part of a statement and a declaration is not a statement"
broken = stdenv.isLinux && stdenv.isAarch64;
};
}

8
pkgs/applications/misc/calibre/default.nix
View File

@ -32,11 +32,11 @@
stdenv.mkDerivation rec {
pname = "calibre";
version = "6.15.1";
version = "6.16.0";
src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz";
hash = "sha256-t9fG1hBlQmDh0i5ezBoqk9C9oliNNF0peKDz1YH7RBo=";
hash = "sha256-2Lhp9PBZ19svq26PoldJ1H8tmt95MwY0l7+g6mPUvFI=";
};
# https://sources.debian.org/patches/calibre/${version}+dfsg-1
@ -48,8 +48,8 @@ stdenv.mkDerivation rec {
hash = "sha256-uL1mSjgCl5ZRLbSuKxJM6XTfvVwog70F7vgKtQzQNEQ=";
})
(fetchpatch {
name = "0006-Hardening-Qt-code.patch";
url = "https://raw.githubusercontent.com/debian-calibre/calibre/debian/${version}-1/debian/patches/0006-Hardening-Qt-code.patch";
name = "0007-Hardening-Qt-code.patch";
url = "https://raw.githubusercontent.com/debian-calibre/calibre/debian/${version}-1/debian/patches/0007-Hardening-Qt-code.patch";
hash = "sha256-9P1kGrQbWAWDzu5EUiQr7TiCPHRWUA8hxPpEvFpK20k=";
})
]

58
pkgs/applications/misc/elastic/default.nix Normal file
View File

@ -0,0 +1,58 @@
{ lib
, stdenv
, fetchFromGitLab
, meson
, ninja
, pkg-config
, vala
, gtk4
, libgee
, libadwaita
, gtksourceview5
, blueprint-compiler
, wrapGAppsHook4
, appstream-glib
, desktop-file-utils
, template-glib
}:
stdenv.mkDerivation rec {
pname = "elastic";
version = "0.1.3";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "elastic";
rev = version;
hash = "sha256-CZ+EeGbCzkeNx4GD+2+n3jYwz/cQStjMV2+wm/JNsYU=";
};
nativeBuildInputs = [
meson
ninja
vala
pkg-config
wrapGAppsHook4
appstream-glib
desktop-file-utils
blueprint-compiler
];
buildInputs = [
gtk4
libadwaita
libgee
gtksourceview5
template-glib
];
meta = with lib; {
description = "Design spring animations";
homepage = "https://gitlab.gnome.org/World/elastic/";
mainProgram = "app.drey.Elastic";
license = licenses.gpl3Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ _0xMRTT ];
};
}

34
pkgs/applications/networking/browsers/chromium/upstream-info.json
View File

@ -1,8 +1,8 @@
{
"stable": {
"version": "112.0.5615.121",
"sha256": "1qbsgcsw3jgy9b76i8ypiq91fkm9zy1hy77l52w2xbw53ghjfwlw",
"sha256bin64": "1zh674vpczs1nyzbijpcgs2j2r0hdgp7bkwyn5l8w1hcj6az6k3n",
"version": "112.0.5615.165",
"sha256": "1zbrgkzcb211y1mvi9g35421dnp5bskkczwnpygzja7lm7z6530n",
"sha256bin64": "16da3zi0qy2nc92jf90zvncss3xk9ggiys3ld9j0ghbsrs1jxbvm",
"deps": {
"gn": {
"version": "2023-02-17",
@ -19,9 +19,9 @@
}
},
"beta": {
"version": "113.0.5672.37",
"sha256": "0hmn7h5l8q161f6hwp5g7zbxfdsplwqh5j3yby56qgljgca8pj7f",
"sha256bin64": "0j4hl2sbh8cig00rpn4ssxi2087wr33749b5sdcrk93kfzqinrix",
"version": "113.0.5672.53",
"sha256": "0k91xx3fm0kywjn00s9b7p776882b1mfajf2ig0iz3jac6rprh56",
"sha256bin64": "1pzpigz8l6hsddb7v2g9m5d32hlq979l1cpj2yfnc6dixjs8x053",
"deps": {
"gn": {
"version": "2023-03-18",
@ -32,22 +32,22 @@
}
},
"dev": {
"version": "114.0.5696.0",
"sha256": "0hcf971azy3jjsl211qk53b6nk0f4pzf2dwfv3rjh4f6fa3nbwai",
"sha256bin64": "1ssj633vdg3ghd87az28q262ly1fk7rc3k70l1531xvj2030ijrl",
"version": "114.0.5720.4",
"sha256": "1q9r4m1gda1mq0nwi00yfpxsqdghd0qb3k7a0xa9py8l6jcv8ifa",
"sha256bin64": "15ss5xix773yn4g24ww9bw38g7wxgwhdqbgmwy44yvp0yl824czb",
"deps": {
"gn": {
"version": "2023-03-18",
"version": "2023-04-07",
"url": "https://gn.googlesource.com/gn",
"rev": "41fef642de70ecdcaaa26be96d56a0398f95abd4",
"sha256": "12w4g2dl58283allclpi1c4i6ih9v2xvdb9hpbmfda12v8lizmlq"
"rev": "ffeea1b1fd070cb6a8d47154a03f8523486b50a7",
"sha256": "0xpwh06a82nb4j9ifr878rij97dikfcjfbc08cnkmxrx7hs1sjdw"
}
}
},
"ungoogled-chromium": {
"version": "112.0.5615.121",
"sha256": "1qbsgcsw3jgy9b76i8ypiq91fkm9zy1hy77l52w2xbw53ghjfwlw",
"sha256bin64": "1zh674vpczs1nyzbijpcgs2j2r0hdgp7bkwyn5l8w1hcj6az6k3n",
"version": "112.0.5615.165",
"sha256": "1zbrgkzcb211y1mvi9g35421dnp5bskkczwnpygzja7lm7z6530n",
"sha256bin64": "16da3zi0qy2nc92jf90zvncss3xk9ggiys3ld9j0ghbsrs1jxbvm",
"deps": {
"gn": {
"version": "2023-02-17",
@ -56,8 +56,8 @@
"sha256": "075p4jwk1apvwmqmvhwfw5f669ci7nxwjq9mz5aa2g5lz4fkdm4c"
},
"ungoogled-patches": {
"rev": "112.0.5615.121-1",
"sha256": "1zdk0sn84sj5zwcjjxikm0sc8mfpw0gri6w1fmpcbwyqawwjmi4f"
"rev": "112.0.5615.165-1",
"sha256": "1q2870z4k2hkn3jh24xc0xiadd1sxc4apn1jz740yzlwsi6jmcgw"
}
}
}

1
pkgs/applications/networking/browsers/opera/default.nix
View File

@ -137,5 +137,6 @@ stdenv.mkDerivation rec {
platforms = [ "x86_64-linux" ];
license = licenses.unfree;
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
maintainers = with maintainers; [ kindrowboat ];
};
}

8
pkgs/applications/networking/cluster/k3s/1_26/default.nix
View File

@ -47,10 +47,10 @@
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
k3sVersion = "1.26.3+k3s1"; # k3s git tag
k3sCommit = "01ea3ff27be0b04f945179171cec5a8e11a14f7b"; # k3s git commit at the above version
k3sRepoSha256 = "1wpciikmr4l2nw92i3wlz301vxjiyz8rlzkn8jhzcaiifykc565s";
k3sVendorSha256 = "sha256-1HFLj3zSHV7RvA0fsQ/dPzwnkSRqE9TXXDA4m8OhwZE=";
k3sVersion = "1.26.4+k3s1"; # k3s git tag
k3sCommit = "8d0255af07e95b841952563253d27b0d10bd72f0"; # k3s git commit at the above version
k3sRepoSha256 = "0qlszdnlsvj3hzx2p0wl3zhaw908w8a62z6vlf2g69a3c75f55cs";
k3sVendorSha256 = "sha256-JXTsZYtTspu/pWMRSS2BcegktawBJ6BK7YEKbz1J/ao=";
# nix generated by update.sh
# Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/d71ab6317e22dd34673faa307a412a37a16767f6/scripts/download#L29-L32

38
pkgs/applications/networking/cluster/terraform-providers/providers.json
View File

@ -110,13 +110,13 @@
"vendorHash": null
},
"aws": {
"hash": "sha256-XCGMoa/x8hkf+7gL0qYBX7jMx4wnMXxpyx/wH9ff+m4=",
"hash": "sha256-gI53y6/cbgXnWmFqihVPOZEtq4ZbpLtv1dgLiSxnYo4=",
"homepage": "https://registry.terraform.io/providers/hashicorp/aws",
"owner": "hashicorp",
"repo": "terraform-provider-aws",
"rev": "v4.63.0",
"rev": "v4.64.0",
"spdx": "MPL-2.0",
"vendorHash": "sha256-t6Hg1FLCd4dh6d3J0uNsNKKnz5T8/yoIXFo7bRO+XHM="
"vendorHash": "sha256-1eIJCtcrod6MUragxcx2qoTJO9OVbD3n+VErL6xnvmw="
},
"azuread": {
"hash": "sha256-bCnCj2pEd29aQVePGeaTbVhH6sF/Y+lj94SEw1+tROc=",
@ -128,11 +128,11 @@
"vendorHash": null
},
"azurerm": {
"hash": "sha256-MSglw8EylPaAoMFz3S7pUeedNROeNAPTSXWN+NiIXN8=",
"hash": "sha256-tStlnMSlkkL+X/DP0SBmnm7xL6dH8HfyiaKY/McuMQE=",
"homepage": "https://registry.terraform.io/providers/hashicorp/azurerm",
"owner": "hashicorp",
"repo": "terraform-provider-azurerm",
"rev": "v3.52.0",
"rev": "v3.53.0",
"spdx": "MPL-2.0",
"vendorHash": null
},
@ -318,11 +318,11 @@
"vendorHash": null
},
"dns": {
"hash": "sha256-pTBPSiPO84L9vhBv4mJIMJP0UNVwrz/MX0YCZODwb7s=",
"hash": "sha256-Bzj1rLTzWJuqKEq5mz0UAbYMWMp4JoRhedfC2lORocE=",
"homepage": "https://registry.terraform.io/providers/hashicorp/dns",
"owner": "hashicorp",
"repo": "terraform-provider-dns",
"rev": "v3.3.0",
"rev": "v3.3.1",
"spdx": "MPL-2.0",
"vendorHash": "sha256-wx8BXlobu86Nk9D8o5loKhbO14ANI+shFQ2i7jswKgE="
},
@ -354,11 +354,11 @@
"vendorHash": "sha256-oVTanZpCWs05HwyIKW2ajiBPz1HXOFzBAt5Us+EtTRw="
},
"equinix": {
"hash": "sha256-GGJNfHizFc+wXNo7u/mqtonIs5D/S8RydBsIkftNcjc=",
"hash": "sha256-wuOgnliqwA8huZHmFuegbtuFbpTpe1VgQ53Z+XcgHjw=",
"homepage": "https://registry.terraform.io/providers/equinix/equinix",
"owner": "equinix",
"repo": "terraform-provider-equinix",
"rev": "v1.14.0",
"rev": "v1.14.1",
"spdx": "MIT",
"vendorHash": "sha256-rJev48aS0nd8DRWmUN4i0LgDYvfjdfoO67N6AiWeg+k="
},
@ -638,11 +638,11 @@
"vendorHash": "sha256-lXQHo66b9X0jZhoF+5Ix5qewQGyI82VPJ7gGzc2CHao="
},
"kubernetes": {
"hash": "sha256-FV5FoEd0zjXa8x77r/z8Tn/I1lZI1NZ4a8yisAuAhNQ=",
"hash": "sha256-B13jQTZqFb5o/GRTf4iQWUbOPhbb4uYKUy35nQrKGLI=",
"homepage": "https://registry.terraform.io/providers/hashicorp/kubernetes",
"owner": "hashicorp",
"repo": "terraform-provider-kubernetes",
"rev": "v2.19.0",
"rev": "v2.20.0",
"spdx": "MPL-2.0",
"vendorHash": null
},
@ -773,13 +773,13 @@
"vendorHash": "sha256-WF4AdTu6lxoNSCsFKLMeQbHgH6j+hM0VNBRsue+azJA="
},
"nomad": {
"hash": "sha256-oHY+jM4JQgLlE1wd+/H9H8H2g0e9ZuxI6OMlz3Izfjg=",
"hash": "sha256-1TmcFS+ul7xpSGqQohcCdeQ2zuDD429xGI0X2Add5HQ=",
"homepage": "https://registry.terraform.io/providers/hashicorp/nomad",
"owner": "hashicorp",
"repo": "terraform-provider-nomad",
"rev": "v1.4.19",
"rev": "v1.4.20",
"spdx": "MPL-2.0",
"vendorHash": "sha256-3t8pUAwuVeZN5cYGs72YsdRvJunudSmKSldFWEFVA/4="
"vendorHash": "sha256-jnZ7LzKgyPVCnYoWp+nDeQy2w91sBVX43KjInzqRWqc="
},
"ns1": {
"hash": "sha256-F7nKtDlVnW7jDPTeszYv9aYMAnHo2/k+MxsXdjghS88=",
@ -855,13 +855,13 @@
"vendorHash": "sha256-62q67aaOZA3fQmyL8bEHB+W497bcx9Xy7kKrbkjkbaI="
},
"opentelekomcloud": {
"hash": "sha256-QcpA7FreTgITmnt0fQHUmUK6FZMP0QCeQK2MN2Y9tFQ=",
"hash": "sha256-bRvs4IxnUObX/ChPdCn97VUQSxTjV2tfnmBmWmgAXUA=",
"homepage": "https://registry.terraform.io/providers/opentelekomcloud/opentelekomcloud",
"owner": "opentelekomcloud",
"repo": "terraform-provider-opentelekomcloud",
"rev": "v1.34.1",
"rev": "v1.34.2",
"spdx": "MPL-2.0",
"vendorHash": "sha256-4tJe8v31txzLBbruicOI6WUdDk38CqfLniFyc3hWVxg="
"vendorHash": "sha256-VEreMBvqvBGUZz5EY5+0jbNDOVbmhYerfLYGa1rl+aw="
},
"opsgenie": {
"hash": "sha256-Wbe+DyK5wKuZZX8yd3DJN+2wT8KZt+YsBwJYKnZnfcI=",
@ -882,11 +882,11 @@
"vendorHash": null
},
"pagerduty": {
"hash": "sha256-1OmHEWpilZH+wIY9d9J2JvTgTXw5AzKXbt0JLSVL9/I=",
"hash": "sha256-NWrE6DFyoI1RQnxLThenGeFNGj8AFiVWhXysk8U7RpI=",
"homepage": "https://registry.terraform.io/providers/PagerDuty/pagerduty",
"owner": "PagerDuty",
"repo": "terraform-provider-pagerduty",
"rev": "v2.14.2",
"rev": "v2.14.3",
"spdx": "MPL-2.0",
"vendorHash": null
},

4
pkgs/applications/networking/instant-messengers/discord/default.nix
View File

@ -3,7 +3,7 @@ let
versions = if stdenv.isLinux then {
stable = "0.0.26";
ptb = "0.0.41";
canary = "0.0.150";
canary = "0.0.151";
} else {
stable = "0.0.273";
ptb = "0.0.59";
@ -22,7 +22,7 @@ let
};
canary = fetchurl {
url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
sha256 = "sha256-8huDp1u0t9/kZbeB7bPqQUw8+HQ6rIyzKYUVN02gQfo=";
sha256 = "sha256-ZN+lEGtSajgYsyMoGRmyTZCpUGVmb9LKgVv89NA4m7U=";
};
};
x86_64-darwin = {

17
pkgs/applications/networking/instant-messengers/qq/default.nix
View File

@ -6,6 +6,7 @@
, glib
, gtk3
, lib
, libappindicator
, libdrm
, libgcrypt
, libkrb5
@ -14,6 +15,7 @@
, xorg
, systemd
, stdenv
, vips
, at-spi2-core
, autoPatchelfHook
, wrapGAppsHook
@ -49,18 +51,20 @@ stdenv.mkDerivation {
alsa-lib
at-spi2-core
cups
gtk3
glib
gtk3
libdrm
libgcrypt
libkrb5
mesa
nss
vips
xorg.libXdamage
];
runtimeDependencies = [
(lib.getLib systemd)
runtimeDependencies = map lib.getLib [
libappindicator
systemd
];
installPhase = ''
@ -74,9 +78,16 @@ stdenv.mkDerivation {
--replace "/usr/share" "$out/share"
ln -s $out/opt/QQ/qq $out/bin/qq
# Remove bundled libraries
rm -r $out/opt/QQ/resources/app/sharp-lib
runHook postInstall
'';
preFixup = ''
gappsWrapperArgs+=(--prefix PATH : "${lib.makeBinPath [ gjs ]}")
'';
meta = with lib; {
homepage = "https://im.qq.com/linuxqq/";
description = "Messaging app";

12
pkgs/applications/networking/instant-messengers/zoom-us/default.nix
View File

@ -48,23 +48,23 @@ let
# and often with different versions. We write them on three lines
# like this (rather than using {}) so that the updater script can
# find where to edit them.
versions.aarch64-darwin = "5.14.2.17213";
versions.x86_64-darwin = "5.14.2.17213";
versions.x86_64-linux = "5.14.2.2046";
versions.aarch64-darwin = "5.14.5.17687";
versions.x86_64-darwin = "5.14.5.17687";
versions.x86_64-linux = "5.14.5.2430";
srcs = {
aarch64-darwin = fetchurl {
url = "https://zoom.us/client/${versions.aarch64-darwin}/zoomusInstallerFull.pkg?archType=arm64";
name = "zoomusInstallerFull.pkg";
hash = "sha256-jXSjfPIQepSeG5B/CLBHiCbRP1ceczHt+Mu3KYLonkU=";
hash = "sha256-cklNvp6q/4yGWpLhDbruGiBHgaQrY5wHwhtsVapRxx4=";
};
x86_64-darwin = fetchurl {
url = "https://zoom.us/client/${versions.x86_64-darwin}/zoomusInstallerFull.pkg";
hash = "sha256-F/k9NE2GVzn5etkPWCMX80kkyRzVznsKo3rgtztcYn8=";
hash = "sha256-1w41TGBqUl8lnl08PglQImSV7JM71khlshacxh1oTJo=";
};
x86_64-linux = fetchurl {
url = "https://zoom.us/client/${versions.x86_64-linux}/zoom_x86_64.pkg.tar.xz";
hash = "sha256-k16JlqabzdNC/UXoPWM2yYzs66rOtJvhExHpjVka5M0=";
hash = "sha256-sf7w9P6Gajm8/D7DHo/u5d4kZwjxeJjAE96BUW/e4KE=";
};
};

4
pkgs/applications/networking/mailreaders/evolution/evolution-ews/default.nix
View File

@ -22,11 +22,11 @@
stdenv.mkDerivation rec {
pname = "evolution-ews";
version = "3.48.0";
version = "3.48.1";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "FmFlu+oUQbuS8qk0jZp97EiCoNMTGc0lZlcdpnd+8t4=";
sha256 = "vqakEdZAHXOqTh3oHUN5LwPAQ54DBZxVSn+YTEptmtg=";
};
patches = [

4
pkgs/applications/networking/mailreaders/evolution/evolution/default.nix
View File

@ -44,11 +44,11 @@
stdenv.mkDerivation rec {
pname = "evolution";
version = "3.48.0";
version = "3.48.1";
src = fetchurl {
url = "mirror://gnome/sources/evolution/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "LYRygZWJ6S78zk8tw70STpPTedMwCXj2mpZTxZKmDvY=";
sha256 = "tJpa3u3JGx0yVPAw9affjiYYLjNAzvd3Ecob9FU+5lA=";
};
nativeBuildInputs = [

4
pkgs/applications/networking/nextcloud-client/default.nix
View File

@ -26,7 +26,7 @@
mkDerivation rec {
pname = "nextcloud-client";
version = "3.8.0";
version = "3.8.1";
outputs = [ "out" "dev" ];
@ -34,7 +34,7 @@ mkDerivation rec {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
sha256 = "sha256-kwSETOz/0/LMypbTmwvMMrGzZdquBjkXfoSrLgTfPiQ=";
sha256 = "sha256-BTve1dq+OiUwh/Kiy20iSAyALolkdOX7FHwxvVAdS4U=";
};
patches = [

20
pkgs/applications/networking/p2p/torrential/default.nix
View File

@ -1,4 +1,5 @@
{ lib, stdenv
{ stdenv
, lib
, fetchFromGitHub
, nix-update-script
, desktop-file-utils
@ -7,11 +8,11 @@
, pkg-config
, python3
, vala
, wrapGAppsHook
, wrapGAppsHook4
, curl
, dht
, glib
, gtk3
, gtk4
, libb64
, libevent
, libgee
@ -25,13 +26,13 @@
stdenv.mkDerivation rec {
pname = "torrential";
version = "2.0.1";
version = "3.0.0";
src = fetchFromGitHub {
owner = "davidmhewitt";
repo = "torrential";
rev = version;
sha256 = "sha256-W9Is6l8y5XSlPER2BLlf+cyMPPdEQuaP4xM59VhfDE0=";
sha256 = "sha256-uHc/VNtbhetmGyuhynZH1TvxJscVX17eWO6dzX6Ft3A=";
};
nativeBuildInputs = [
@ -41,14 +42,14 @@ stdenv.mkDerivation rec {
pkg-config
python3
vala
wrapGAppsHook
wrapGAppsHook4
];
buildInputs = [
curl
dht
glib
gtk3
gtk4
libb64
libevent
libgee
@ -57,12 +58,15 @@ stdenv.mkDerivation rec {
libutp
miniupnpc
openssl
pantheon.granite
pantheon.granite7
];
postPatch = ''
chmod +x meson/post_install.py
patchShebangs meson/post_install.py
substituteInPlace meson/post_install.py \
--replace "gtk-update-icon-cache" "gtk4-update-icon-cache"
'';
passthru = {

10
pkgs/applications/networking/remote/vmware-horizon-client/default.nix
View File

@ -1,10 +1,11 @@
{ stdenv
, lib
, buildFHSEnv
, buildFHSEnvChroot
, fetchurl
, gsettings-desktop-schemas
, makeDesktopItem
, makeWrapper
, opensc
, writeTextDir
, configText ? ""
}:
@ -53,11 +54,16 @@ let
# This library causes the program to core-dump occasionally. Use ours instead.
rm -r $out/lib/vmware/view/crtbora
# This opensc library is required to support smartcard authentication during the
# initial connection to Horizon.
mkdir $out/lib/vmware/view/pkcs11
ln -s ${opensc}/lib/pkcs11/opensc-pkcs11.so $out/lib/vmware/view/pkcs11/libopenscpkcs11.so
${lib.concatMapStrings wrapBinCommands bins}
'';
};
vmwareFHSUserEnv = name: buildFHSEnv {
vmwareFHSUserEnv = name: buildFHSEnvChroot {
inherit name;
runScript = "${vmwareHorizonClientFiles}/bin/${name}_wrapper";

2
pkgs/applications/office/qownnotes/default.nix
View File

@ -60,7 +60,7 @@ stdenv.mkDerivation {
changelog = "https://www.qownnotes.org/changelog.html";
downloadPage = "https://github.com/pbek/QOwnNotes/releases/tag/v${version}";
license = licenses.gpl2Only;
maintainers = with maintainers; [ totoroot ];
maintainers = with maintainers; [ pbek totoroot ];
platforms = platforms.unix;
};
}

7
pkgs/applications/radio/gnss-sdr/default.nix
View File

@ -60,13 +60,10 @@ gnuradio.pkgs.mkDerivation rec {
pugixml
protobuf
gnuradio.unwrapped.boost
gnuradio.unwrapped.logLib
] ++ lib.optionals (gnuradio.hasFeature "gr-uhd") [
gnuradio.unwrapped.uhd
] ++ (if (lib.versionAtLeast gnuradio.unwrapped.versionAttr.major "3.10") then [
gnuradio.unwrapped.spdlog
] else [
gnuradio.unwrapped.log4cpp
]) ++ lib.optionals (enableRawUdp) [
] ++ lib.optionals (enableRawUdp) [
libpcap
] ++ lib.optionals (gnuradio.hasFeature "gr-ctrlport") [
thrift

6
pkgs/applications/radio/gnuradio/3.8.nix
View File

@ -225,7 +225,7 @@ let
inherit (shared) hasFeature; # function
in
stdenv.mkDerivation rec {
stdenv.mkDerivation {
inherit pname;
inherit (shared)
version
@ -253,8 +253,10 @@ stdenv.mkDerivation rec {
inherit
boost
volk
log4cpp
;
# Used by many gnuradio modules, the same attribute is present in
# gnuradio3.10 where there it's spdlog.
logLib = log4cpp;
} // lib.optionalAttrs (hasFeature "gr-uhd") {
inherit uhd;
} // lib.optionalAttrs (hasFeature "gr-qtgui") {

10
pkgs/applications/radio/gnuradio/3.9.nix
View File

@ -1,6 +1,5 @@
{ lib, stdenv
, fetchFromGitHub
, fetchpatch
, cmake
# Remove gcc and python references
, removeReferencesTo
@ -141,6 +140,9 @@ let
};
gr-blocks = {
cmakeEnableFlag = "GR_BLOCKS";
runtime = [
libsndfile
];
};
gr-fec = {
cmakeEnableFlag = "GR_FEC";
@ -259,7 +261,7 @@ let
inherit (shared) hasFeature; # function
in
stdenv.mkDerivation rec {
stdenv.mkDerivation {
inherit pname;
inherit (shared)
version
@ -283,8 +285,10 @@ stdenv.mkDerivation rec {
inherit
boost
volk
log4cpp
;
# Used by many gnuradio modules, the same attribute is present in
# gnuradio3.10 where there it's spdlog.
logLib = log4cpp;
} // lib.optionalAttrs (hasFeature "gr-uhd") {
inherit uhd;
} // lib.optionalAttrs (hasFeature "gr-qtgui") {

11
pkgs/applications/radio/gnuradio/default.nix
View File

@ -1,6 +1,5 @@
{ lib, stdenv
, fetchFromGitHub
, fetchpatch
, cmake
# Remove gcc and python references
, removeReferencesTo
@ -143,6 +142,10 @@ let
};
gr-blocks = {
cmakeEnableFlag = "GR_BLOCKS";
runtime = [
# Required to compile wavfile blocks.
libsndfile
];
};
gr-fec = {
cmakeEnableFlag = "GR_FEC";
@ -278,7 +281,7 @@ let
inherit (shared) hasFeature; # function
in
stdenv.mkDerivation rec {
stdenv.mkDerivation {
inherit pname;
inherit (shared)
version
@ -302,8 +305,10 @@ stdenv.mkDerivation rec {
inherit
boost
volk
spdlog
;
# Used by many gnuradio modules, the same attribute is present in
# previous gnuradio versions where there it's log4cpp.
logLib = spdlog;
} // lib.optionalAttrs (hasFeature "gr-uhd") {
inherit uhd;
} // lib.optionalAttrs (hasFeature "gr-pdu") {

14
pkgs/applications/radio/gqrx/default.nix
View File

@ -5,7 +5,7 @@
, qtbase
, qtsvg
, qtwayland
, gnuradio3_8Minimal
, gnuradioMinimal
, thrift
, mpir
, fftwFloat
@ -25,7 +25,7 @@ assert portaudioSupport -> portaudio != null;
# audio backends are mutually exclusive
assert !(pulseaudioSupport && portaudioSupport);
gnuradio3_8Minimal.pkgs.mkDerivation rec {
gnuradioMinimal.pkgs.mkDerivation rec {
pname = "gqrx";
version = "2.15.10";
@ -43,21 +43,21 @@ gnuradio3_8Minimal.pkgs.mkDerivation rec {
wrapGAppsHook
];
buildInputs = [
gnuradio3_8Minimal.unwrapped.log4cpp
gnuradioMinimal.unwrapped.logLib
mpir
fftwFloat
alsa-lib
libjack2
gnuradio3_8Minimal.unwrapped.boost
gnuradioMinimal.unwrapped.boost
qtbase
qtsvg
qtwayland
gnuradio3_8Minimal.pkgs.osmosdr
gnuradioMinimal.pkgs.osmosdr
rtl-sdr
hackrf
] ++ lib.optionals (gnuradio3_8Minimal.hasFeature "gr-ctrlport") [
] ++ lib.optionals (gnuradioMinimal.hasFeature "gr-ctrlport") [
thrift
gnuradio3_8Minimal.unwrapped.python.pkgs.thrift
gnuradioMinimal.unwrapped.python.pkgs.thrift
] ++ lib.optionals pulseaudioSupport [ libpulseaudio ]
++ lib.optionals portaudioSupport [ portaudio ];

2
pkgs/applications/radio/qradiolink/default.nix
View File

@ -49,7 +49,7 @@ gnuradio3_8.pkgs.mkDerivation rec {
buildInputs = [
gnuradio3_8.unwrapped.boost
codec2
gnuradio3_8.unwrapped.log4cpp
gnuradio3_8.unwrapped.logLib
gmp
libpulseaudio
libconfig

25
pkgs/applications/radio/uhd/default.nix
View File

@ -11,9 +11,9 @@
# requires numpy
, enablePythonApi ? false
, python3
, buildPackages
, enableExamples ? false
, enableUtils ? false
, enableSim ? false
, libusb1
, enableDpdk ? false
, dpdk
@ -34,6 +34,11 @@
let
onOffBool = b: if b then "ON" else "OFF";
inherit (lib) optionals;
# Later used in pythonEnv generation. Python + mako are always required for the build itself but not necessary for runtime.
pythonEnvArg = (ps: with ps; [ mako ]
++ optionals (enablePythonApi) [ numpy setuptools ]
++ optionals (enableUtils) [ requests six ]
);
in
stdenv.mkDerivation rec {
@ -84,22 +89,14 @@ stdenv.mkDerivation rec {
++ [ (lib.optionalString stdenv.isAarch32 "-DCMAKE_CXX_FLAGS=-Wno-psabi") ]
;
# Python + mako are always required for the build itself but not necessary for runtime.
pythonEnv = python3.withPackages (ps: with ps; [ mako ]
++ optionals (enablePythonApi) [ numpy setuptools ]
++ optionals (enableUtils) [ requests six ]
);
pythonEnv = python3.withPackages pythonEnvArg;
nativeBuildInputs = [
cmake
pkg-config
python3
]
# If both enableLibuhd_Python_api and enableUtils are off, we don't need
# pythonEnv in buildInputs as it's a 'build' dependency and not a runtime
# dependency
++ optionals (!enablePythonApi && !enableUtils) [ pythonEnv ]
;
# Present both here and in buildInputs for cross compilation.
(buildPackages.python3.withPackages pythonEnvArg)
];
buildInputs = [
boost
libusb1
@ -122,8 +119,6 @@ stdenv.mkDerivation rec {
patches = [
# Disable tests that fail in the sandbox
./no-adapter-tests.patch
] ++ lib.optionals stdenv.isAarch32 [
./neon.patch
];
postPhases = [ "installFirmware" "removeInstalledTests" ]

19
pkgs/applications/radio/uhd/neon.patch
View File

@ -1,19 +0,0 @@
Description: When building for armhf, enable NEON
NEON is part of the armhf baseline, so this will always be enabled on
armhf.
Author: Paul Tagliamonte <paultag@debian.org>
Bug-Debian: https://bugs.debian.org/873608
Origin: vendor
Last-Update: 2017-08-29
--- uhd-3.10.2.0.orig/host/lib/convert/CMakeLists.txt
+++ uhd-3.10.2.0/host/lib/convert/CMakeLists.txt
@@ -67,6 +67,8 @@ IF(HAVE_ARM_NEON_H AND (${CMAKE_SIZEOF_V
${CMAKE_CURRENT_SOURCE_DIR}/convert_with_neon.cpp
${CMAKE_CURRENT_SOURCE_DIR}/convert_neon.S
)
+
+ SET ( CMAKE_CXX_FLAGS "-mfpu=neon" )
ENDIF()
########################################################################

61
pkgs/applications/science/biology/truvari/default.nix
View File

@ -1,47 +1,76 @@
{ lib
, fetchFromGitHub
, python3Packages
, runtimeShell
, bcftools
, htslib
}:
python3Packages.buildPythonApplication rec {
let
ssshtest = fetchFromGitHub {
owner = "ryanlayer";
repo = "ssshtest";
rev = "d21f7f928a167fca6e2eb31616673444d15e6fd0";
hash = "sha256-zecZHEnfhDtT44VMbHLHOhRtNsIMWeaBASupVXtmrks=";
};
in python3Packages.buildPythonApplication rec {
pname = "truvari";
version = "2.1.1";
version = "4.0.0";
src = fetchFromGitHub {
owner = "spiralgenetics";
owner = "ACEnglish";
repo = "truvari";
rev = "v${version}";
sha256 = "14nsdbj063qm175xxixs34cihvsiskc9gym8pg7gbwsh13k5a00h";
hash = "sha256-UJNMKEV5m2jFqnWvkVAtymkcE2TjPIXp7JqRZpMSqsE=";
};
postPatch = ''
substituteInPlace setup.py \
--replace 'python-Levenshtein==0.12.1' 'python-Levenshtein>=0.12.1'
--replace "rich==" "rich>="
substituteInPlace truvari/utils.py \
--replace "/bin/bash" "${runtimeShell}"
patchShebangs repo_utils/test_files
'';
propagatedBuildInputs = with python3Packages; [
pyvcf
levenshtein
progressbar2
rich
edlib
pysam
pyfaidx
intervaltree
pytabix
acebinf
bwapy
joblib
numpy
pytabix
bwapy
pandas
];
# no tests
doCheck = false;
makeWrapperArgs = [
"--prefix" "PATH" ":" (lib.makeBinPath [ bcftools htslib ])
];
pythonImportsCheck = [ "truvari" ];
nativeCheckInputs = [
bcftools
htslib
] ++ (with python3Packages; [
coverage
]);
checkPhase = ''
runHook preCheck
ln -s ${ssshtest}/ssshtest .
bash repo_utils/truvari_ssshtests.sh
runHook postCheck
'';
meta = with lib; {
description = "Structural variant comparison tool for VCFs";
homepage = "https://github.com/spiralgenetics/truvari";
homepage = "https://github.com/ACEnglish/truvari";
license = licenses.mit;
maintainers = with maintainers; [ scalavision ];
maintainers = with maintainers; [ natsukium scalavision ];
longDescription = ''
Truvari is a benchmarking tool for comparison sets of SVs.
It can calculate the recall, precision, and f-measure of a

4
pkgs/applications/science/math/jags/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "JAGS";
version = "4.3.1";
version = "4.3.2";
src = fetchurl {
url = "mirror://sourceforge/mcmc-jags/JAGS-${version}.tar.gz";
sha256 = "sha256-+SWDVbXp6xO9M8X6cg8MvrrOp9CkpCtxsPsUUB7hQik=";
sha256 = "sha256-hx9VavQDp8LOag8C8Vz4WlcnY+CT0mZY66xVxKtHL8g=";
};
nativeBuildInputs = [ gfortran ];

40
pkgs/applications/terminal-emulators/kitty/default.nix
View File

@ -23,21 +23,22 @@
, nixosTests
, go
, buildGoModule
, nix-update-script
}:
with python3Packages;
buildPythonApplication rec {
pname = "kitty";
version = "0.27.1";
version = "0.28.1";
format = "other";
src = fetchFromGitHub {
owner = "kovidgoyal";
repo = "kitty";
rev = "refs/tags/v${version}";
hash = "sha256-/K/5T15kULTQP1FCLnyrKfhlQjIStayutaxLjmHjHes=";
hash = "sha256-pAo+bT10rdQOf9j3imKWCCMFGm8KntUeTQUrEE1wYZc=";
};
vendorHash = "sha256-JLPPNOsoq+ErLhELsX3z3YehYfgp7OGXEXlP3IVcM5k=";
vendorHash = "sha256-vq19exqsEtXhN20mgC5GCpYGm8s9AC6nlfCfG1lUiI8=";
buildInputs = [
harfbuzz
@ -99,16 +100,16 @@ buildPythonApplication rec {
CGO_ENABLED = 0;
GOFLAGS = "-trimpath";
configurePhase = let
goModules = (buildGoModule {
pname = "kitty-go-modules";
inherit src vendorHash version;
}).go-modules;
in ''
go-modules = (buildGoModule {
pname = "kitty-go-modules";
inherit src vendorHash version;
}).go-modules;
configurePhase = ''
export GOCACHE=$TMPDIR/go-cache
export GOPATH="$TMPDIR/go"
export GOPROXY=off
cp -r --reflink=auto ${goModules} vendor
cp -r --reflink=auto ${go-modules} vendor
'';
buildPhase = let
@ -161,6 +162,8 @@ buildPythonApplication rec {
--replace test_ssh_connection_data dont_test_ssh_connection_data
substituteInPlace kitty_tests/fonts.py \
--replace 'class Rendering(BaseTest)' 'class Rendering'
# theme collection test starts an http server
rm tools/themes/collection_test.go
'';
checkPhase = ''
@ -216,19 +219,10 @@ buildPythonApplication rec {
runHook postInstall
'';
# Patch shebangs that Nix can't automatically patch
preFixup =
let
pathComponent = if stdenv.isDarwin then "Applications/kitty.app/Contents/Resources" else "lib";
in
''
substituteInPlace $out/${pathComponent}/kitty/shell-integration/ssh/askpass.py \
--replace '/usr/bin/env -S ' $out/bin/
substituteInPlace $shell_integration/ssh/askpass.py \
--replace '/usr/bin/env -S ' $out/bin/
'';
passthru.tests.test = nixosTests.terminal-emulators.kitty;
passthru = {
updateScript = nix-update-script {};
tests.test = nixosTests.terminal-emulators.kitty;
};
meta = with lib; {
homepage = "https://github.com/kovidgoyal/kitty";

178
pkgs/applications/terminal-emulators/mlterm/default.nix
View File

@ -1,14 +1,98 @@
{ stdenv, lib, fetchFromGitHub, pkg-config, autoconf, makeDesktopItem, nixosTests
, libX11, gdk-pixbuf, cairo, libXft, gtk3, vte
, harfbuzz #substituting glyphs with opentype fonts
, fribidi, m17n_lib #bidi and encoding
{ stdenv
, lib
, fetchFromGitHub
, pkg-config
, autoconf
, makeDesktopItem
, nixosTests
, vte
, harfbuzz # can be replaced with libotf
, fribidi
, m17n_lib
, libssh2 #build-in ssh
, fcitx5, fcitx5-gtk, ibus, uim #IME
, fcitx5
, fcitx5-gtk
, ibus
, uim #IME
, wrapGAppsHook #color picker in mlconfig
, Cocoa #Darwin
, gdk-pixbuf
, gtk3
, gtk ? gtk3
# List of gui libraries to use. According to `./configure --help` ran on
# release 3.9.3, options are: (xlib|win32|fb|quartz|console|wayland|sdl2|beos)
, enableGuis ? {
xlib = enableX11;
fb = stdenv.isLinux;
quartz = stdenv.isDarwin;
wayland = stdenv.isLinux;
sdl2 = true;
}
, libxkbcommon
, wayland # for the "wayland" --with-gui option
, SDL2 # for the "sdl" --with-gui option
# List of typing engines, the default list enables compiling all of the
# available ones, as recorded on release 3.9.3
, enableTypeEngines ? {
xcore = false; # Considered legacy
xft = enableX11;
cairo = true;
}
, libX11
, libXft
, cairo
# List of external tools to create, this default list includes all default
# tools, as recorded on release 3.9.3.
, enableTools ? {
mlclient = true;
mlconfig = true;
mlcc = true;
mlterm-menu = true;
# Note that according to upstream's ./configure script, to disable
# mlimgloader you have to disable _all_ tools. See:
# https://github.com/arakiken/mlterm/issues/69
mlimgloader = true;
registobmp = true;
mlfc = true;
}
# Whether to enable the X window system
, enableX11 ? stdenv.isLinux
# Most of the input methods and other build features are enabled by default,
# the following attribute set can be used to disable some of them. It's parsed
# when we set `configureFlags`. If you find other configure Flags that require
# dependencies, it'd be nice to make that contribution here.
, enableFeatures ? {
uim = !stdenv.isDarwin;
ibus = !stdenv.isDarwin;
fcitx = !stdenv.isDarwin;
m17n = !stdenv.isDarwin;
ssh2 = true;
bidi = true;
# Open Type layout support, (substituting glyphs with opentype fonts)
otl = true;
}
# Configure the Exec directive in the generated .desktop file
, desktopBinary ? (
if enableGuis.xlib then
"mlterm"
else if enableGuis.wayland then
"mlterm-wl"
else if enableGuis.sdl2 then
"mlterm-sdl2"
else
throw "mlterm: couldn't figure out what desktopBinary to use."
)
}:
stdenv.mkDerivation rec {
let
# Returns a --with-feature=<comma separated string list of all `true`
# attributes>, or `--without-feature` if all attributes are false or don't
# exist. Used later in configureFlags
withFeaturesList = featureName: attrset: let
commaSepList = lib.concatStringsSep "," (builtins.attrNames (lib.filterAttrs (n: v: v) attrset));
in
lib.withFeatureAs (commaSepList != "") featureName commaSepList
;
in stdenv.mkDerivation rec {
pname = "mlterm";
version = "3.9.3";
@ -19,25 +103,41 @@ stdenv.mkDerivation rec {
sha256 = "sha256-gfs5cdwUUwSBWwJJSaxrQGWJvLkI27RMlk5QvDALEDg=";
};
nativeBuildInputs = [ pkg-config autoconf wrapGAppsHook ];
nativeBuildInputs = [
pkg-config
autoconf
] ++ lib.optionals enableTools.mlconfig [
wrapGAppsHook
];
buildInputs = [
libX11
gdk-pixbuf.dev
cairo
libXft
gtk3
harfbuzz
fribidi
gtk
vte
gdk-pixbuf
] ++ lib.optionals enableTypeEngines.xcore [
libX11
] ++ lib.optionals enableTypeEngines.xft [
libXft
] ++ lib.optionals enableTypeEngines.cairo [
cairo
] ++ lib.optionals enableGuis.wayland [
libxkbcommon
wayland
] ++ lib.optionals enableGuis.sdl2 [
SDL2
] ++ lib.optionals enableFeatures.otl [
harfbuzz
] ++ lib.optionals enableFeatures.bidi [
fribidi
] ++ lib.optionals enableFeatures.ssh2 [
libssh2
] ++ lib.optionals (!stdenv.isDarwin) [
# Not supported on Darwin
] ++ lib.optionals enableFeatures.m17n [
m17n_lib
] ++ lib.optionals enableFeatures.fcitx [
fcitx5
fcitx5-gtk
] ++ lib.optionals enableFeatures.ibus [
ibus
] ++ lib.optionals enableFeatures.uim [
uim
];
@ -62,20 +162,13 @@ stdenv.mkDerivation rec {
'';
configureFlags = [
"--with-imagelib=gdk-pixbuf" #or mlimgloader depending on your bugs of choice
"--with-type-engines=cairo,xft,xcore"
"--with-gtk=3.0"
"--enable-ind" #indic scripts
"--enable-fribidi" #bidi scripts
"--with-tools=mlclient,mlconfig,mlcc,mlterm-menu,mlimgloader,registobmp,mlfc"
#mlterm-menu and mlconfig depend on enabling gnome.at-spi2-core
#and configuring ~/.mlterm/key correctly.
] ++ lib.optionals (!stdenv.isDarwin) [
"--with-x=yes"
"--with-gui=xlib,fb"
"--enable-m17nlib" #character encodings
] ++ lib.optionals stdenv.isDarwin [
"--with-gui=quartz"
(withFeaturesList "type-engines" enableTypeEngines)
(withFeaturesList "tools" enableTools)
(withFeaturesList "gui" enableGuis)
(lib.withFeature enableX11 "x")
] ++ lib.optionals (gtk != null) [
"--with-gtk=${lib.versions.major gtk.version}.0"
] ++ (lib.mapAttrsToList (n: v: lib.enableFeature v n) enableFeatures) ++ [
];
enableParallelBuilding = true;
@ -92,23 +185,32 @@ stdenv.mkDerivation rec {
desktopItem = makeDesktopItem {
name = "mlterm";
exec = "mlterm %U";
exec = "${desktopBinary} %U";
icon = "mlterm";
type = "Application";
comment = "Terminal emulator";
comment = "Multi Lingual TERMinal emulator";
desktopName = "mlterm";
genericName = "Terminal emulator";
categories = [ "Application" "System" "TerminalEmulator" ];
categories = [ "System" "TerminalEmulator" ];
startupNotify = false;
};
passthru.tests.test = nixosTests.terminal-emulators.mlterm;
passthru = {
tests.test = nixosTests.terminal-emulators.mlterm;
inherit
enableTypeEngines
enableTools
enableGuis
enableFeatures
;
};
meta = with lib; {
description = "Multi Lingual TERMinal emulator";
homepage = "https://mlterm.sourceforge.net/";
license = licenses.bsd3;
maintainers = with maintainers; [ ramkromberg atemu ];
maintainers = with maintainers; [ ramkromberg atemu doronbehar ];
platforms = platforms.all;
mainProgram = desktopBinary;
};
}

4
pkgs/applications/version-management/scriv/default.nix
View File

@ -9,11 +9,11 @@
python3.pkgs.buildPythonApplication rec {
pname = "scriv";
version = "1.2.1";
version = "1.3.1";
src = fetchPypi {
inherit pname version;
hash = "sha256-le39dmQs965rXNQJdVRdivWPY5jKv+g/91Xo7tuN3U4=";
hash = "sha256-TfWX7gp7PcwNUxXXZJ3wke/LGz/wjwtRppg0ByfRcRg=";
};
propagatedBuildInputs = with python3.pkgs; [

6
pkgs/applications/version-management/srvc/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "srvc";
version = "0.17.0";
version = "0.17.1";
src = fetchFromGitHub {
owner = "insilica";
repo = "rs-srvc";
rev = "v${version}";
hash = "sha256-6cullXcSnFlGM5O/g/J5WwBBUPfg1cbvjyPcIZ6yjRE=";
hash = "sha256-WpzJzjGzYX1IxC9Vz//JhRYCPZyLchv+iv+kuKkw2Os=";
};
cargoHash = "sha256-xmHCm4kH4y0ph0ssMXZn+TvLAciYrsggyjmar85zF74=";
cargoHash = "sha256-WhmcJQRh2x6DZRXwzy/KtK81XXIDmNMnUtq7ylCpwTw=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.CoreServices

17
pkgs/applications/video/kodi/addons/certifi/default.nix
View File

@ -1,4 +1,4 @@
{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
{ lib, buildKodiAddon, fetchzip, addonUpdateScript, cacert }:
buildKodiAddon rec {
pname = "certifi";
namespace = "script.module.certifi";
@ -9,6 +9,21 @@ buildKodiAddon rec {
sha256 = "sha256-kIPGEjmnHlgVb11W2RKBlrMy3/+kUOcQZiLCcnHCcno=";
};
patches = [
# Add support for NIX_SSL_CERT_FILE
./env.patch
];
postPatch = ''
# Use our system-wide ca-bundle instead of the bundled one
ln -snvf "${cacert}/etc/ssl/certs/ca-bundle.crt" "lib/certifi/cacert.pem"
'';
propagatedNativeBuildInputs = [
# propagate cacerts setup-hook to set up `NIX_SSL_CERT_FILE`
cacert
];
passthru = {
pythonPath = "lib";
updateScript = addonUpdateScript {

Some files were not shown because too many files have changed in this diff Show More