diff --git a/doc/builders/images.xml b/doc/builders/images.xml
index 7d06130e3eca..a4661ab5a7af 100644
--- a/doc/builders/images.xml
+++ b/doc/builders/images.xml
@@ -11,4 +11,5 @@
+
diff --git a/doc/builders/images/binarycache.section.md b/doc/builders/images/binarycache.section.md
new file mode 100644
index 000000000000..fe2772f33b4b
--- /dev/null
+++ b/doc/builders/images/binarycache.section.md
@@ -0,0 +1,49 @@
+# pkgs.mkBinaryCache {#sec-pkgs-binary-cache}
+
+`pkgs.mkBinaryCache` is a function for creating Nix flat-file binary caches. Such a cache exists as a directory on disk, and can be used as a Nix substituter by passing `--substituter file:///path/to/cache` to Nix commands.
+
+Nix packages are most commonly shared between machines using [HTTP, SSH, or S3](https://nixos.org/manual/nix/stable/package-management/sharing-packages.html), but a flat-file binary cache can still be useful in some situations. For example, you can copy it directly to another machine, or make it available on a network file system. It can also be a convenient way to make some Nix packages available inside a container via bind-mounting.
+
+Note that this function is meant for advanced use-cases. The more idiomatic way to work with flat-file binary caches is via the [nix-copy-closure](https://nixos.org/manual/nix/stable/command-ref/nix-copy-closure.html) command. You may also want to consider [dockerTools](#sec-pkgs-dockerTools) for your containerization needs.
+
+## Example
+
+The following derivation will construct a flat-file binary cache containing the closure of `hello`.
+
+```nix
+mkBinaryCache {
+ rootPaths = [hello];
+}
+```
+
+- `rootPaths` specifies a list of root derivations. The transitive closure of these derivations' outputs will be copied into the cache.
+
+Here's an example of building and using the cache.
+
+Build the cache on one machine, `host1`:
+
+```shellSession
+nix-build -E 'with import {}; mkBinaryCache { rootPaths = [hello]; }'
+```
+
+```shellSession
+/nix/store/cc0562q828rnjqjyfj23d5q162gb424g-binary-cache
+```
+
+Copy the resulting directory to the other machine, `host2`:
+
+```shellSession
+scp result host2:/tmp/hello-cache
+```
+
+Substitute the derivation using the flat-file binary cache on the other machine, `host2`:
+```shellSession
+nix-build -A hello '' \
+ --option require-sigs false \
+ --option trusted-substituters file:///tmp/hello-cache \
+ --option substituters file:///tmp/hello-cache
+```
+
+```shellSession
+/nix/store/gl5a41azbpsadfkfmbilh9yk40dh5dl0-hello-2.12.1
+```
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 857679feb546..25f454596fdb 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -16108,6 +16108,12 @@
githubId = 2242427;
name = "Yoann Ono";
};
+ yajo = {
+ email = "yajo.sk8@gmail.com";
+ github = "yajo";
+ githubId = 973709;
+ name = "Jairo Llopis";
+ };
yana = {
email = "yana@riseup.net";
github = "yanalunaterra";
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 1af7456fad8b..d3f97da35a81 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -92,6 +92,7 @@ in {
bcachefs = handleTestOn ["x86_64-linux" "aarch64-linux"] ./bcachefs.nix {};
beanstalkd = handleTest ./beanstalkd.nix {};
bees = handleTest ./bees.nix {};
+ binary-cache = handleTest ./binary-cache.nix {};
bind = handleTest ./bind.nix {};
bird = handleTest ./bird.nix {};
bitcoind = handleTest ./bitcoind.nix {};
diff --git a/nixos/tests/binary-cache.nix b/nixos/tests/binary-cache.nix
new file mode 100644
index 000000000000..0809e59e5a11
--- /dev/null
+++ b/nixos/tests/binary-cache.nix
@@ -0,0 +1,62 @@
+import ./make-test-python.nix ({ lib, ... }:
+
+with lib;
+
+{
+ name = "binary-cache";
+ meta.maintainers = with maintainers; [ thomasjm ];
+
+ nodes.machine =
+ { pkgs, ... }: {
+ imports = [ ../modules/installer/cd-dvd/channel.nix ];
+ environment.systemPackages = with pkgs; [python3];
+ system.extraDependencies = with pkgs; [hello.inputDerivation];
+ nix.extraOptions = ''
+ experimental-features = nix-command
+ '';
+ };
+
+ testScript = ''
+ # Build the cache, then remove it from the store
+ cachePath = machine.succeed("nix-build --no-out-link -E 'with import {}; mkBinaryCache { rootPaths = [hello]; }'").strip()
+ machine.succeed("cp -r %s/. /tmp/cache" % cachePath)
+ machine.succeed("nix-store --delete " + cachePath)
+
+ # Sanity test of cache structure
+ status, stdout = machine.execute("ls /tmp/cache")
+ cache_files = stdout.split()
+ assert ("nix-cache-info" in cache_files)
+ assert ("nar" in cache_files)
+
+ # Nix store ping should work
+ machine.succeed("nix store ping --store file:///tmp/cache")
+
+ # Cache should contain a .narinfo referring to "hello"
+ grepLogs = machine.succeed("grep -l 'StorePath: /nix/store/[[:alnum:]]*-hello-.*' /tmp/cache/*.narinfo")
+
+ # Get the store path referenced by the .narinfo
+ narInfoFile = grepLogs.strip()
+ narInfoContents = machine.succeed("cat " + narInfoFile)
+ import re
+ match = re.match(r"^StorePath: (/nix/store/[a-z0-9]*-hello-.*)$", narInfoContents, re.MULTILINE)
+ if not match: raise Exception("Couldn't find hello store path in cache")
+ storePath = match[1]
+
+ # Delete the store path
+ machine.succeed("nix-store --delete " + storePath)
+ machine.succeed("[ ! -d %s ] || exit 1" % storePath)
+
+ # Should be able to build hello using the cache
+ logs = machine.succeed("nix-build -A hello '' --option require-sigs false --option trusted-substituters file:///tmp/cache --option substituters file:///tmp/cache 2>&1")
+ logLines = logs.split("\n")
+ if not "this path will be fetched" in logLines[0]: raise Exception("Unexpected first log line")
+ def shouldBe(got, desired):
+ if got != desired: raise Exception("Expected '%s' but got '%s'" % (desired, got))
+ shouldBe(logLines[1], " " + storePath)
+ shouldBe(logLines[2], "copying path '%s' from 'file:///tmp/cache'..." % storePath)
+ shouldBe(logLines[3], storePath)
+
+ # Store path should exist in the store now
+ machine.succeed("[ -d %s ] || exit 1" % storePath)
+ '';
+})
diff --git a/pkgs/applications/audio/praat/default.nix b/pkgs/applications/audio/praat/default.nix
index 10eede334c46..b8f92d553e67 100644
--- a/pkgs/applications/audio/praat/default.nix
+++ b/pkgs/applications/audio/praat/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "praat";
- version = "6.3.06";
+ version = "6.3.07";
src = fetchFromGitHub {
owner = "praat";
repo = "praat";
rev = "v${version}";
- sha256 = "sha256-KwJ8ia1yQmmG+N44ipvGCbuoR2cL03STSTKzUwlDqms=";
+ sha256 = "sha256-hWR6mYD0vBJbX07D/HtFE9qwdbxMliHLCsNDXVYcm1Y=";
};
configurePhase = ''
diff --git a/pkgs/applications/audio/reaper/default.nix b/pkgs/applications/audio/reaper/default.nix
index 542e47cd16b7..57a6bff6e2ae 100644
--- a/pkgs/applications/audio/reaper/default.nix
+++ b/pkgs/applications/audio/reaper/default.nix
@@ -23,13 +23,13 @@ let
in
stdenv.mkDerivation rec {
pname = "reaper";
- version = "6.73";
+ version = "6.75";
src = fetchurl {
url = url_for_platform version stdenv.hostPlatform.qemuArch;
hash = {
- x86_64-linux = "sha256-omQ2XdL4C78BQRuYKy90QlMko2XYHoVhd4X0C+Zyp8E=";
- aarch64-linux = "sha256-XHohznrfFMHHgif4iFrpXb0FNddYiBb0gB7ZznlU834=";
+ x86_64-linux = "sha256-wtXClHL+SeuLxMROaZKZOwYnLo6MXC7lAiwCj80X0Ck=";
+ aarch64-linux = "sha256-xCkAbKzXH7E1Ud6iGsnzgZT/2Sy6qpRItYUHFF6ggpQ=";
}.${stdenv.hostPlatform.system};
};
diff --git a/pkgs/applications/networking/browsers/ladybird/default.nix b/pkgs/applications/networking/browsers/ladybird/default.nix
index 1bba399997f4..0683b5210cbc 100644
--- a/pkgs/applications/networking/browsers/ladybird/default.nix
+++ b/pkgs/applications/networking/browsers/ladybird/default.nix
@@ -10,28 +10,25 @@
, nixosTests
}:
-let serenity = fetchFromGitHub {
- owner = "SerenityOS";
- repo = "serenity";
- rev = "a0f3e2c9a2b82117aa7c1a3444ad0d31baa070d5";
- hash = "sha256-8Xde59ZfdkTD39mYSv0lfFjBHFDWTUwfozE+Q9Yq6C8=";
-};
-in
stdenv.mkDerivation {
pname = "ladybird";
- version = "unstable-2022-09-29";
+ version = "unstable-2023-01-17";
- # Remember to update `serenity` too!
src = fetchFromGitHub {
owner = "SerenityOS";
- repo = "ladybird";
- rev = "d69ad7332477de33bfd1963026e057d55c6f222d";
- hash = "sha256-XQj2Bohk8F6dGCAManOmmDP5b/SqEeZXZbLDYPfvi2E=";
+ repo = "serenity";
+ rev = "45e85d20b64862df119f643f24e2d500c76c58f3";
+ hash = "sha256-n2mLg9wNfdMGsJuGj+ukjto9qYjGOIz4cZjgvMGQUrY=";
};
+ sourceRoot = "source/Ladybird";
+
postPatch = ''
substituteInPlace CMakeLists.txt \
--replace "MACOSX_BUNDLE TRUE" "MACOSX_BUNDLE FALSE"
+ # https://github.com/SerenityOS/serenity/issues/17062
+ substituteInPlace main.cpp \
+ --replace "./SQLServer/SQLServer" "$out/bin/SQLServer"
'';
nativeBuildInputs = [
@@ -47,17 +44,18 @@ stdenv.mkDerivation {
];
cmakeFlags = [
- "-DSERENITY_SOURCE_DIR=${serenity}"
# Disable network operations
"-DENABLE_TIME_ZONE_DATABASE_DOWNLOAD=false"
"-DENABLE_UNICODE_DATABASE_DOWNLOAD=false"
];
- # error: use of undeclared identifier 'aligned_alloc'
- NIX_CFLAGS_COMPILE = toString (lib.optionals (stdenv.isDarwin && lib.versionOlder stdenv.targetPlatform.darwinSdkVersion "11.0") [
+ NIX_CFLAGS_COMPILE = [
+ "-Wno-error"
+ ] ++ lib.optionals (stdenv.isDarwin && lib.versionOlder stdenv.targetPlatform.darwinSdkVersion "11.0") [
+ # error: use of undeclared identifier 'aligned_alloc'
"-include mm_malloc.h"
"-Daligned_alloc=_mm_malloc"
- ]);
+ ];
# https://github.com/NixOS/nixpkgs/issues/201254
NIX_LDFLAGS = lib.optionalString (stdenv.isLinux && stdenv.isAarch64 && stdenv.cc.isGNU) "-lgcc";
diff --git a/pkgs/applications/networking/cluster/glooctl/default.nix b/pkgs/applications/networking/cluster/glooctl/default.nix
index 2077549095ce..6c71c903bf37 100644
--- a/pkgs/applications/networking/cluster/glooctl/default.nix
+++ b/pkgs/applications/networking/cluster/glooctl/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "glooctl";
- version = "1.13.5";
+ version = "1.13.6";
src = fetchFromGitHub {
owner = "solo-io";
repo = "gloo";
rev = "v${version}";
- hash = "sha256-mBmjGP7O1uX+uVM4/us4RWeJcXB1lSEvZQWT/3Ygzik=";
+ hash = "sha256-CBWKKW5VIkRgl7wY63OCm/CowWHO389se3kEraqaDCI=";
};
subPackages = [ "projects/gloo/cli/cmd" ];
diff --git a/pkgs/applications/networking/cluster/k3s/1_23/0001-script-download-strip-downloading-just-package-CRD.patch b/pkgs/applications/networking/cluster/k3s/1_23/0001-script-download-strip-downloading-just-package-CRD.patch
deleted file mode 100644
index 115fd6824772..000000000000
--- a/pkgs/applications/networking/cluster/k3s/1_23/0001-script-download-strip-downloading-just-package-CRD.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 6f53bd36a40da4c71486e3b79f6e32d53d6eea5d Mon Sep 17 00:00:00 2001
-From: Euan Kemp
-Date: Thu, 3 Feb 2022 23:50:40 -0800
-Subject: [PATCH 2/2] scrips/download: strip downloading, just package CRD
-
-The CRD packaging is a complicated set of commands, so let's reuse it.
----
- scripts/download | 10 ++--------
- 1 file changed, 2 insertions(+), 8 deletions(-)
-
-diff --git a/scripts/download b/scripts/download
-index 5effc0562a..82361803ee 100755
---- a/scripts/download
-+++ b/scripts/download
-@@ -24,12 +24,6 @@ rm -rf ${CONTAINERD_DIR}
- mkdir -p ${CHARTS_DIR}
- mkdir -p ${DATA_DIR}
-
--curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
--
--git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
--
--git clone --single-branch --branch=${VERSION_CONTAINERD} --depth=1 https://github.com/k3s-io/containerd ${CONTAINERD_DIR}
--
- setup_tmp() {
- TMP_DIR=$(mktemp -d --tmpdir=${CHARTS_DIR})
- cleanup() {
-@@ -44,8 +38,8 @@ setup_tmp() {
-
- download_and_package_traefik () {
- echo "Downloading Traefik Helm chart from ${TRAEFIK_URL}"
-- curl -sfL ${TRAEFIK_URL} -o ${TMP_DIR}/${TRAEFIK_FILE}
-- code=$?
-+ # nixpkgs: copy in our known traefik chart instead
-+ cp $TRAEFIK_CHART_FILE ${TMP_DIR}/${TRAEFIK_FILE}
-
- if [ $code -ne 0 ]; then
- echo "Error: Failed to download Traefik Helm chart!"
---
-2.34.1
-
diff --git a/pkgs/applications/networking/cluster/k3s/1_23/chart-versions.nix b/pkgs/applications/networking/cluster/k3s/1_23/chart-versions.nix
new file mode 100644
index 000000000000..8c40604d0f1c
--- /dev/null
+++ b/pkgs/applications/networking/cluster/k3s/1_23/chart-versions.nix
@@ -0,0 +1,10 @@
+{
+ traefik-crd = {
+ url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-20.3.1+up20.3.0.tgz";
+ sha256 = "1775vjldvqvhzdbzanxhbaqbmkih09yb91im651q8bc7z5sb9ckn";
+ };
+ traefik = {
+ url = "https://k3s.io/k3s-charts/assets/traefik/traefik-20.3.1+up20.3.0.tgz";
+ sha256 = "1rj0f0n0vgjcbzfwzhqmsd501i2f6vw145w9plbp8gwdyzmg2nc6";
+ };
+}
diff --git a/pkgs/applications/networking/cluster/k3s/1_23/default.nix b/pkgs/applications/networking/cluster/k3s/1_23/default.nix
index 1fbe7687a006..3865cb0a06e1 100644
--- a/pkgs/applications/networking/cluster/k3s/1_23/default.nix
+++ b/pkgs/applications/networking/cluster/k3s/1_23/default.nix
@@ -48,30 +48,32 @@ with lib;
# Those pieces of software we entirely ignore upstream's handling of, and just
# make sure they're in the path if desired.
let
- k3sVersion = "1.23.6+k3s1"; # k3s git tag
- k3sCommit = "418c3fa858b69b12b9cefbcff0526f666a6236b9"; # k3s git commit at the above version
- k3sRepoSha256 = "0fmw491dn5mpi058mr7sij51i5m4qg2grx30cnl3h2v4s0sdkx2i";
- k3sVendorSha256 = "sha256-iHg5ySMaiSWXs98YGmxPwdZr4zdBIFma12dNEuf30Hs=";
+ k3sVersion = "1.23.16+k3s1"; # k3s git tag
+ k3sCommit = "64b0feeb36c2a26976a364a110f23ebcf971f976"; # k3s git commit at the above version
+ k3sRepoSha256 = "sha256-H6aaYa5OYAaD5hjSi8+RNXiP1zhRZCgKXQA6eU7AWBk=";
+ k3sVendorSha256 = "sha256-+xygljXp27NahsHSgoigMANBQCRwGFYwGHQEwlI9YsQ=";
- # taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
- # The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
- traefikChartVersion = "10.19.3";
- traefikChartSha256 = "04zg5li957svgscdmkzmzjkwljaljyav68rzxmhakkwgav6q9058";
+ # Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/download#L29-L32
+ # see also https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/manifests/traefik.yaml#L8-L16
+ # At the time of writing, there are two traefik charts, and that's it
+ charts = import ./chart-versions.nix;
- # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47
- k3sRootVersion = "0.11.0";
- k3sRootSha256 = "016n56vi09xkvjph7wgzb2m86mhd5x65fs4d11pmh20hl249r620";
+ # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/version.sh#L54
+ k3sRootVersion = "0.12.1";
+ k3sRootSha256 = "sha256-xCXbarWztnvW2xn3cGa84hie3OevVZeGEDWh+Uf3RBw=";
- # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45
- k3sCNIVersion = "1.0.1-k3s1";
- k3sCNISha256 = "11ihlzzdnqf9p21y0a4ckpbxac016nm7746dcykhj26ym9zxyv92";
+ # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/version.sh#L47
+ k3sCNIVersion = "1.1.1-k3s1";
+ k3sCNISha256 = "sha256-1Br7s+iMtfiPjM0EcNPuFdSlp9dVPjSG1UGuiPUfq5I=";
# taken from go.mod, the 'github.com/containerd/containerd' line
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
- containerdVersion = "1.5.11-k3s2";
- containerdSha256 = "16132snvrg8r0vwm6c0lz0q6fx686s2ix53nm3aka9a83xs75vf2";
+ # https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/go.mod#L9
+ containerdVersion = "1.5.16-k3s2-1-22";
+ containerdSha256 = "sha256-PRrp05Jgx368Ox4hTC66lbCInWuex0OtAuCY4l8geqA=";
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
+ # https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/go.mod#L19
criCtlVersion = "1.22.0-k3s1";
baseMeta = k3s.meta;
@@ -94,10 +96,9 @@ let
];
# bundled into the k3s binary
- traefikChart = fetchurl {
- url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
- sha256 = traefikChartSha256;
- };
+ traefikChart = fetchurl charts.traefik;
+ traefik-crdChart = fetchurl charts.traefik-crd;
+
# so, k3s is a complicated thing to package
# This derivation attempts to avoid including any random binaries from the
# internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which
@@ -181,12 +182,13 @@ let
postInstall = ''
mv $out/bin/server $out/bin/k3s
pushd $out
- # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113
+ # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.16%2Bk3s1/scripts/build#L123-L131
ln -s k3s ./bin/k3s-agent
ln -s k3s ./bin/k3s-server
ln -s k3s ./bin/k3s-etcd-snapshot
ln -s k3s ./bin/k3s-secrets-encrypt
ln -s k3s ./bin/k3s-certificate
+ ln -s k3s ./bin/k3s-completion
ln -s k3s ./bin/kubectl
ln -s k3s ./bin/crictl
ln -s k3s ./bin/ctr
@@ -219,10 +221,6 @@ buildGoModule rec {
src = k3sRepo;
vendorSha256 = k3sVendorSha256;
- patches = [
- ./0001-script-download-strip-downloading-just-package-CRD.patch
- ];
-
postPatch = ''
# Nix prefers dynamically linked binaries over static binary.
@@ -290,11 +288,9 @@ buildGoModule rec {
ln -vsf ${k3sContainerd}/bin/* ./bin/
rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/
mkdir -p ./build/static/charts
- # Note, upstream's chart has a 00 suffix. This seems to not matter though, so we're ignoring that naming detail.
- export TRAEFIK_CHART_FILE=${traefikChart}
- # place the traefik chart using their code since it's complicated
- # We trim the actual download, see patches
- ./scripts/download
+
+ cp ${traefikChart} ./build/static/charts
+ cp ${traefik-crdChart} ./build/static/charts
export ARCH=$GOARCH
export DRONE_TAG="v${k3sVersion}"
diff --git a/pkgs/applications/networking/cluster/k3s/1_26/default.nix b/pkgs/applications/networking/cluster/k3s/1_26/default.nix
index 74f54d28d594..144e1116bb15 100644
--- a/pkgs/applications/networking/cluster/k3s/1_26/default.nix
+++ b/pkgs/applications/networking/cluster/k3s/1_26/default.nix
@@ -75,7 +75,7 @@ let
description = "A lightweight Kubernetes distribution";
license = licenses.asl20;
homepage = "https://k3s.io";
- maintainers = with maintainers; [ euank mic92 superherointj ];
+ maintainers = with maintainers; [ euank mic92 superherointj yajo ];
platforms = platforms.linux;
};
diff --git a/pkgs/build-support/binary-cache/default.nix b/pkgs/build-support/binary-cache/default.nix
new file mode 100644
index 000000000000..577328cad920
--- /dev/null
+++ b/pkgs/build-support/binary-cache/default.nix
@@ -0,0 +1,40 @@
+{ stdenv, buildPackages }:
+
+# This function is for creating a flat-file binary cache, i.e. the kind created by
+# nix copy --to file:///some/path and usable as a substituter (with the file:// prefix).
+
+# For example, in the Nixpkgs repo:
+# nix-build -E 'with import ./. {}; mkBinaryCache { rootPaths = [hello]; }'
+
+{ name ? "binary-cache"
+, rootPaths
+}:
+
+stdenv.mkDerivation {
+ inherit name;
+
+ __structuredAttrs = true;
+
+ exportReferencesGraph.closure = rootPaths;
+
+ preferLocalBuild = true;
+
+ PATH = "${buildPackages.coreutils}/bin:${buildPackages.jq}/bin:${buildPackages.python3}/bin:${buildPackages.nix}/bin:${buildPackages.xz}/bin";
+
+ builder = builtins.toFile "builder" ''
+ . .attrs.sh
+
+ export out=''${outputs[out]}
+
+ mkdir $out
+ mkdir $out/nar
+
+ python ${./make-binary-cache.py}
+
+ # These directories must exist, or Nix might try to create them in LocalBinaryCacheStore::init(),
+ # which fails if mounted read-only
+ mkdir $out/realisations
+ mkdir $out/debuginfo
+ mkdir $out/log
+ '';
+}
diff --git a/pkgs/build-support/binary-cache/make-binary-cache.py b/pkgs/build-support/binary-cache/make-binary-cache.py
new file mode 100644
index 000000000000..16dd8a7e96bc
--- /dev/null
+++ b/pkgs/build-support/binary-cache/make-binary-cache.py
@@ -0,0 +1,43 @@
+
+import json
+import os
+import subprocess
+
+with open(".attrs.json", "r") as f:
+ closures = json.load(f)["closure"]
+
+os.chdir(os.environ["out"])
+
+nixPrefix = os.environ["NIX_STORE"] # Usually /nix/store
+
+with open("nix-cache-info", "w") as f:
+ f.write("StoreDir: " + nixPrefix + "\n")
+
+def dropPrefix(path):
+ return path[len(nixPrefix + "/"):]
+
+for item in closures:
+ narInfoHash = dropPrefix(item["path"]).split("-")[0]
+
+ xzFile = "nar/" + narInfoHash + ".nar.xz"
+ with open(xzFile, "w") as f:
+ subprocess.run("nix-store --dump %s | xz -c" % item["path"], stdout=f, shell=True)
+
+ fileHash = subprocess.run(["nix-hash", "--base32", "--type", "sha256", item["path"]], capture_output=True).stdout.decode().strip()
+ fileSize = os.path.getsize(xzFile)
+
+ # Rename the .nar.xz file to its own hash to match "nix copy" behavior
+ finalXzFile = "nar/" + fileHash + ".nar.xz"
+ os.rename(xzFile, finalXzFile)
+
+ with open(narInfoHash + ".narinfo", "w") as f:
+ f.writelines((x + "\n" for x in [
+ "StorePath: " + item["path"],
+ "URL: " + finalXzFile,
+ "Compression: xz",
+ "FileHash: sha256:" + fileHash,
+ "FileSize: " + str(fileSize),
+ "NarHash: " + item["narHash"],
+ "NarSize: " + str(item["narSize"]),
+ "References: " + " ".join(dropPrefix(ref) for ref in item["references"]),
+ ]))
diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix
index 0f0a3f5e6746..76dc12005f8e 100644
--- a/pkgs/development/interpreters/python/default.nix
+++ b/pkgs/development/interpreters/python/default.nix
@@ -196,9 +196,9 @@ in {
major = "3";
minor = "12";
patch = "0";
- suffix = "a3";
+ suffix = "a5";
};
- sha256 = "sha256-G2SzB14KkkGXTlgOCbCckRehxOK+aYA5IB7x2Kc0U9E=";
+ sha256 = "sha256-1m73o0L+OjVvnO47uXrcHl+0hA9rbP994P991JX4Mjs=";
inherit (darwin) configd;
inherit passthruFun;
};
diff --git a/pkgs/development/libraries/ldb/default.nix b/pkgs/development/libraries/ldb/default.nix
index d81e3eeabe6d..37856f5a0130 100644
--- a/pkgs/development/libraries/ldb/default.nix
+++ b/pkgs/development/libraries/ldb/default.nix
@@ -16,11 +16,11 @@
stdenv.mkDerivation rec {
pname = "ldb";
- version = "2.3.0";
+ version = "2.6.1";
src = fetchurl {
url = "mirror://samba/ldb/${pname}-${version}.tar.gz";
- sha256 = "0bcjj4gv48ddg44wyxpsvrs26xry6yy9x9k16qgz0bljs2rhilx4";
+ sha256 = "sha256-RnQD9334Z4LDlluxdUQLqi7XUan+uVYBlL2MBr8XNsk=";
};
outputs = [ "out" "dev" ];
@@ -44,6 +44,13 @@ stdenv.mkDerivation rec {
cmocka
];
+ # otherwise the configure script fails with
+ # PYTHONHASHSEED=1 missing! Don't use waf directly, use ./configure and make!
+ preConfigure = ''
+ export PKGCONFIG="$PKG_CONFIG"
+ export PYTHONHASHSEED=1
+ '';
+
wafPath = "buildtools/bin/waf";
wafConfigureFlags = [
diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix
index fb52f75f8c10..951a3f1d3382 100644
--- a/pkgs/development/libraries/talloc/default.nix
+++ b/pkgs/development/libraries/talloc/default.nix
@@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
pname = "talloc";
- version = "2.3.3";
+ version = "2.3.4";
src = fetchurl {
url = "mirror://samba/talloc/${pname}-${version}.tar.gz";
- sha256 = "sha256-a+lbI2i9CvHEzXqIFG62zuoY5Gw//JMwv2JitA0diqo=";
+ sha256 = "sha256-F5+eviZeZ+SrLCbK0rfeS2p3xsIS+WaQM4KGnwa+ZQU=";
};
nativeBuildInputs = [
@@ -37,6 +37,13 @@ stdenv.mkDerivation rec {
libxcrypt
];
+ # otherwise the configure script fails with
+ # PYTHONHASHSEED=1 missing! Don't use waf directly, use ./configure and make!
+ preConfigure = ''
+ export PKGCONFIG="$PKG_CONFIG"
+ export PYTHONHASHSEED=1
+ '';
+
wafPath = "buildtools/bin/waf";
wafConfigureFlags = [
diff --git a/pkgs/development/libraries/tdb/default.nix b/pkgs/development/libraries/tdb/default.nix
index 9a534c4c1465..774168847b94 100644
--- a/pkgs/development/libraries/tdb/default.nix
+++ b/pkgs/development/libraries/tdb/default.nix
@@ -12,11 +12,11 @@
stdenv.mkDerivation rec {
pname = "tdb";
- version = "1.4.6";
+ version = "1.4.7";
src = fetchurl {
url = "mirror://samba/tdb/${pname}-${version}.tar.gz";
- sha256 = "sha256-1okr2L7+BKd2QqHdVuSoeTSb8c9bLAv1+4QQYZON7ws=";
+ sha256 = "sha256-pPsWje9TPzH/LAf32YRLsxMeZ5nwlOvnfQOArcmHwg4=";
};
nativeBuildInputs = [
@@ -34,6 +34,13 @@ stdenv.mkDerivation rec {
libxcrypt
];
+ # otherwise the configure script fails with
+ # PYTHONHASHSEED=1 missing! Don't use waf directly, use ./configure and make!
+ preConfigure = ''
+ export PKGCONFIG="$PKG_CONFIG"
+ export PYTHONHASHSEED=1
+ '';
+
wafPath = "buildtools/bin/waf";
wafConfigureFlags = [
diff --git a/pkgs/development/libraries/tevent/default.nix b/pkgs/development/libraries/tevent/default.nix
index 568751f48aa3..f10235650c4a 100644
--- a/pkgs/development/libraries/tevent/default.nix
+++ b/pkgs/development/libraries/tevent/default.nix
@@ -2,6 +2,7 @@
, fetchurl
, python3
, pkg-config
+, cmocka
, readline
, talloc
, libxslt
@@ -13,11 +14,11 @@
stdenv.mkDerivation rec {
pname = "tevent";
- version = "0.10.2";
+ version = "0.13.0";
src = fetchurl {
url = "mirror://samba/tevent/${pname}-${version}.tar.gz";
- sha256 = "15k6i8ad5lpxfjsjyq9h64zlyws8d3cm0vwdnaw8z1xjwli7hhpq";
+ sha256 = "sha256-uUN6kX+lU0Q2G+tk7J4AQumcroh5iCpi3Tj2q+I3HQw=";
};
nativeBuildInputs = [
@@ -32,10 +33,18 @@ stdenv.mkDerivation rec {
buildInputs = [
python3
+ cmocka
readline # required to build python
talloc
];
+ # otherwise the configure script fails with
+ # PYTHONHASHSEED=1 missing! Don't use waf directly, use ./configure and make!
+ preConfigure = ''
+ export PKGCONFIG="$PKG_CONFIG"
+ export PYTHONHASHSEED=1
+ '';
+
wafPath = "buildtools/bin/waf";
wafConfigureFlags = [
diff --git a/pkgs/development/mobile/androidenv/ndk-bundle/default.nix b/pkgs/development/mobile/androidenv/ndk-bundle/default.nix
index f57a5c08422b..cc99dfb2971c 100644
--- a/pkgs/development/mobile/androidenv/ndk-bundle/default.nix
+++ b/pkgs/development/mobile/androidenv/ndk-bundle/default.nix
@@ -49,7 +49,7 @@ deployAndroidPackage {
done
# Patch executables
- if [ -d prebuild/linux-x86_64 ]; then
+ if [ -d prebuilt/linux-x86_64 ]; then
autoPatchelf prebuilt/linux-x86_64
fi
diff --git a/pkgs/development/python-modules/gbulb/default.nix b/pkgs/development/python-modules/gbulb/default.nix
index c6306da0ee63..f2a772d1ad66 100644
--- a/pkgs/development/python-modules/gbulb/default.nix
+++ b/pkgs/development/python-modules/gbulb/default.nix
@@ -10,13 +10,13 @@
buildPythonPackage rec {
pname = "gbulb";
- version = "0.6.3";
+ version = "0.6.4";
src = fetchFromGitHub {
owner = "beeware";
repo = "gbulb";
- rev = "v${version}";
- sha256 = "sha256-QNpZf1zfe6r6MtmYMWSrXPsXm5iX36oMx4GnXiTYPaQ=";
+ rev = "refs/tags/v${version}";
+ sha256 = "sha256-AdZSvxix0cpoFQSrslGl+hB/s6Nh0EsWMQmXZAJVJOg=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/google-cloud-error-reporting/default.nix b/pkgs/development/python-modules/google-cloud-error-reporting/default.nix
index 5a062f4a85c2..b9dfd63441ba 100644
--- a/pkgs/development/python-modules/google-cloud-error-reporting/default.nix
+++ b/pkgs/development/python-modules/google-cloud-error-reporting/default.nix
@@ -14,14 +14,14 @@
buildPythonPackage rec {
pname = "google-cloud-error-reporting";
- version = "1.8.1";
+ version = "1.8.2";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
- hash = "sha256-Xl+Jc05daQZPh4xggf/JYYlJ5Lx6LafqWhMcVdk/r6o=";
+ hash = "sha256-bwl1gWLux5LJMZIS/tJFMhHs1LcaDVCTgNrke6ASiBI=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/karton-asciimagic/default.nix b/pkgs/development/python-modules/karton-asciimagic/default.nix
index 465b865d662c..fee502989ba0 100644
--- a/pkgs/development/python-modules/karton-asciimagic/default.nix
+++ b/pkgs/development/python-modules/karton-asciimagic/default.nix
@@ -3,30 +3,39 @@
, fetchFromGitHub
, karton-core
, unittestCheckHook
+, pythonOlder
}:
buildPythonPackage rec {
pname = "karton-asciimagic";
version = "1.2.0";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "CERT-Polska";
repo = pname;
- rev = "v${version}";
- sha256 = "sha256-sY5ik9efzLBa6Fbh17Vh4q7PlwOGYjuodU9yvp/8E3k=";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-sY5ik9efzLBa6Fbh17Vh4q7PlwOGYjuodU9yvp/8E3k=";
};
propagatedBuildInputs = [
karton-core
];
- nativeCheckInputs = [ unittestCheckHook ];
+ nativeCheckInputs = [
+ unittestCheckHook
+ ];
- pythonImportsCheck = [ "karton.asciimagic" ];
+ pythonImportsCheck = [
+ "karton.asciimagic"
+ ];
meta = with lib; {
description = "Decoders for ascii-encoded executables for the Karton framework";
homepage = "https://github.com/CERT-Polska/karton-asciimagic";
+ changelog = "https://github.com/CERT-Polska/karton-asciimagic/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/karton-autoit-ripper/default.nix b/pkgs/development/python-modules/karton-autoit-ripper/default.nix
index a5d4f2c86a29..7bdac115385f 100644
--- a/pkgs/development/python-modules/karton-autoit-ripper/default.nix
+++ b/pkgs/development/python-modules/karton-autoit-ripper/default.nix
@@ -18,8 +18,8 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "CERT-Polska";
repo = pname;
- rev = "v${version}";
- sha256 = "sha256-D+M3JsIN8LUWg8GVweEzySHI7KaBb6cNHHn4pXoq55M=";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-D+M3JsIN8LUWg8GVweEzySHI7KaBb6cNHHn4pXoq55M=";
};
propagatedBuildInputs = [
@@ -46,6 +46,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "AutoIt script ripper for Karton framework";
homepage = "https://github.com/CERT-Polska/karton-autoit-ripper";
+ changelog = "https://github.com/CERT-Polska/karton-autoit-ripper/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/karton-classifier/default.nix b/pkgs/development/python-modules/karton-classifier/default.nix
index 6578dc70a6be..bb59fde71865 100644
--- a/pkgs/development/python-modules/karton-classifier/default.nix
+++ b/pkgs/development/python-modules/karton-classifier/default.nix
@@ -18,7 +18,7 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "CERT-Polska";
repo = pname;
- rev = "v${version}";
+ rev = "refs/tags/v${version}";
hash = "sha256-TRmAin0TAOIwR5EBMwTOJ9QaHO+mOx/eAjgqvyQZDj4=";
};
@@ -51,6 +51,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "File type classifier for the Karton framework";
homepage = "https://github.com/CERT-Polska/karton-classifier";
+ changelog = "https://github.com/CERT-Polska/karton-classifier/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/karton-config-extractor/default.nix b/pkgs/development/python-modules/karton-config-extractor/default.nix
index 673d7569463a..bce1025301e3 100644
--- a/pkgs/development/python-modules/karton-config-extractor/default.nix
+++ b/pkgs/development/python-modules/karton-config-extractor/default.nix
@@ -16,8 +16,8 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "CERT-Polska";
repo = pname;
- rev = "v${version}";
- sha256 = "sha256-ep69Rrm8Ek0lkgctz6vDAZ1MZ8kWKZSyIvMMAmzTngA=";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-ep69Rrm8Ek0lkgctz6vDAZ1MZ8kWKZSyIvMMAmzTngA=";
};
propagatedBuildInputs = [
@@ -40,6 +40,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Static configuration extractor for the Karton framework";
homepage = "https://github.com/CERT-Polska/karton-config-extractor";
+ changelog = "https://github.com/CERT-Polska/karton-config-extractor/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/karton-core/default.nix b/pkgs/development/python-modules/karton-core/default.nix
index e62b7cee010b..0c2a44aa3e6b 100644
--- a/pkgs/development/python-modules/karton-core/default.nix
+++ b/pkgs/development/python-modules/karton-core/default.nix
@@ -3,12 +3,16 @@
, buildPythonPackage
, fetchFromGitHub
, unittestCheckHook
+, pythonOlder
, redis
}:
buildPythonPackage rec {
pname = "karton-core";
version = "5.0.1";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "CERT-Polska";
@@ -22,7 +26,9 @@ buildPythonPackage rec {
redis
];
- nativeCheckInputs = [ unittestCheckHook ];
+ nativeCheckInputs = [
+ unittestCheckHook
+ ];
pythonImportsCheck = [
"karton.core"
@@ -31,6 +37,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Distributed malware processing framework";
homepage = "https://karton-core.readthedocs.io/";
+ changelog = "https://github.com/CERT-Polska/karton/releases/tag/v${version}";
license = licenses.bsd3;
maintainers = with maintainers; [ chivay fab ];
};
diff --git a/pkgs/development/python-modules/karton-dashboard/default.nix b/pkgs/development/python-modules/karton-dashboard/default.nix
index 621c5da5b6e1..986c7ec27b6a 100644
--- a/pkgs/development/python-modules/karton-dashboard/default.nix
+++ b/pkgs/development/python-modules/karton-dashboard/default.nix
@@ -53,6 +53,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Web application that allows for Karton task and queue introspection";
homepage = "https://github.com/CERT-Polska/karton-dashboard";
+ changelog = "https://github.com/CERT-Polska/karton-dashboard/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/karton-mwdb-reporter/default.nix b/pkgs/development/python-modules/karton-mwdb-reporter/default.nix
index 75523b67617f..abc6ab5030cc 100644
--- a/pkgs/development/python-modules/karton-mwdb-reporter/default.nix
+++ b/pkgs/development/python-modules/karton-mwdb-reporter/default.nix
@@ -16,7 +16,7 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "CERT-Polska";
repo = pname;
- rev = "v${version}";
+ rev = "refs/tags/v${version}";
hash = "sha256-QVxczXT74Xt0AtCSDm4nhIK4qtHQ6bqmVNb/CALZSE4=";
};
@@ -35,6 +35,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Karton service that uploads analyzed artifacts and metadata to MWDB Core";
homepage = "https://github.com/CERT-Polska/karton-mwdb-reporter";
+ changelog = "https://github.com/CERT-Polska/karton-mwdb-reporter/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/karton-yaramatcher/default.nix b/pkgs/development/python-modules/karton-yaramatcher/default.nix
index ac9c93ee1c4d..f85c756b811e 100644
--- a/pkgs/development/python-modules/karton-yaramatcher/default.nix
+++ b/pkgs/development/python-modules/karton-yaramatcher/default.nix
@@ -3,18 +3,22 @@
, fetchFromGitHub
, karton-core
, unittestCheckHook
+, pythonOlder
, yara-python
}:
buildPythonPackage rec {
pname = "karton-yaramatcher";
version = "1.2.0";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "CERT-Polska";
repo = pname;
- rev = "v${version}";
- sha256 = "sha256-ulWwPXbjqQXwSRi8MFdcx7vC7P19yu66Ll8jkuTesao=";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-ulWwPXbjqQXwSRi8MFdcx7vC7P19yu66Ll8jkuTesao=";
};
propagatedBuildInputs = [
@@ -22,13 +26,18 @@ buildPythonPackage rec {
yara-python
];
- nativeCheckInputs = [ unittestCheckHook ];
+ nativeCheckInputs = [
+ unittestCheckHook
+ ];
- pythonImportsCheck = [ "karton.yaramatcher" ];
+ pythonImportsCheck = [
+ "karton.yaramatcher"
+ ];
meta = with lib; {
description = "File and analysis artifacts yara matcher for the Karton framework";
homepage = "https://github.com/CERT-Polska/karton-yaramatcher";
+ changelog = "https://github.com/CERT-Polska/karton-yaramatcher/releases/tag/v${version}";
license = with licenses; [ bsd3 ];
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/development/python-modules/nomadnet/default.nix b/pkgs/development/python-modules/nomadnet/default.nix
index 4f1389a04ab9..e56e0957ca9a 100644
--- a/pkgs/development/python-modules/nomadnet/default.nix
+++ b/pkgs/development/python-modules/nomadnet/default.nix
@@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "nomadnet";
- version = "0.3.2";
+ version = "0.3.3";
format = "setuptools";
disabled = pythonOlder "3.7";
@@ -19,7 +19,7 @@ buildPythonPackage rec {
owner = "markqvist";
repo = "NomadNet";
rev = "refs/tags/${version}";
- hash = "sha256-QIme76Y7rhPCooazX+pr5ETbAmShVHZ9polJ964NLFg=";
+ hash = "sha256-7EiAvWYhYJ7S/quME6B4Iw5nw+xOnL7PMCWXLPx0O+4=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/tools/continuous-integration/dagger/default.nix b/pkgs/development/tools/continuous-integration/dagger/default.nix
index 9e5dc5628ba7..4524224cd69c 100644
--- a/pkgs/development/tools/continuous-integration/dagger/default.nix
+++ b/pkgs/development/tools/continuous-integration/dagger/default.nix
@@ -2,16 +2,16 @@
buildGoModule rec {
pname = "dagger";
- version = "0.3.10";
+ version = "0.3.12";
src = fetchFromGitHub {
owner = "dagger";
repo = "dagger";
rev = "v${version}";
- hash = "sha256-/JbKnDjC3C0mF4WHOmmvblrr/e1MhOws3Q/oXZCgdEM=";
+ hash = "sha256-70qN5cZb0EjBPE5xpeKUv46JD+B8rYaDejAfaqC0Y4M=";
};
- vendorHash = "sha256-wufztmiOwgY0Q6x9oMrJo28JGx8iprC1gr9zZjSWwuw=";
+ vendorHash = "sha256-9a5W8+tQ5rhtq4uul84AtxcKOc25lfe7bMpgbhRT9/Y=";
proxyVendor = true;
subPackages = [
diff --git a/pkgs/development/tools/gosec/default.nix b/pkgs/development/tools/gosec/default.nix
index 84f221f7afb9..2bb15698e065 100644
--- a/pkgs/development/tools/gosec/default.nix
+++ b/pkgs/development/tools/gosec/default.nix
@@ -5,16 +5,16 @@
buildGoModule rec {
pname = "gosec";
- version = "2.14.0";
+ version = "2.15.0";
src = fetchFromGitHub {
owner = "securego";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-OPMXU24INpdeQrNlRIPJBag6TtHFFIdxlBTfMgRZc2U=";
+ sha256 = "sha256-GB+BAGIVPtyY2Bsm/yDTYjJixLGvGwsIoOLCyy/0AJk=";
};
- vendorSha256 = "sha256-F/wtDYPF4qUujU+fJx2v9uwlkxQ1LMPECKxHR4EB1zk=";
+ vendorHash = "sha256-5LIIXf+8ZN7WcFSPzsJ5Tt+d40AgF5YI3O1oXms1WgI=";
subPackages = [
"cmd/gosec"
diff --git a/pkgs/development/tools/micronaut/default.nix b/pkgs/development/tools/micronaut/default.nix
index a7c8c1f8db30..9a4c95706f00 100644
--- a/pkgs/development/tools/micronaut/default.nix
+++ b/pkgs/development/tools/micronaut/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "micronaut";
- version = "3.8.3";
+ version = "3.8.4";
src = fetchzip {
url = "https://github.com/micronaut-projects/micronaut-starter/releases/download/v${version}/micronaut-cli-${version}.zip";
- sha256 = "sha256-IrgypySq5RUi9X3pVC0t+Ezw7aNu8mIKZYY4CEaKhU4=";
+ sha256 = "sha256-PbTuhJ+l3s+vwo5Y93GpQIah71zah5aFgV/pBSyJDKY=";
};
nativeBuildInputs = [ makeWrapper installShellFiles ];
diff --git a/pkgs/development/web/grails/default.nix b/pkgs/development/web/grails/default.nix
index 1a8b232c2808..6c76811d0c9f 100644
--- a/pkgs/development/web/grails/default.nix
+++ b/pkgs/development/web/grails/default.nix
@@ -11,11 +11,11 @@ let
in
stdenv.mkDerivation rec {
pname = "grails";
- version = "5.2.5";
+ version = "5.3.0";
src = fetchurl {
url = "https://github.com/grails/grails-core/releases/download/v${version}/grails-${version}.zip";
- sha256 = "sha256-RI1O10kObIaEjOuUFuAchjIgjrNDKmwRY0+Vep6UT54=";
+ sha256 = "sha256-0Ow3G0QbKXQSpjLf371CYNxC3XoO5sv1SQD4MlHeOQ4=";
};
nativeBuildInputs = [ unzip ];
diff --git a/pkgs/games/chessx/default.nix b/pkgs/games/chessx/default.nix
index fd8189386e73..8a316438a632 100644
--- a/pkgs/games/chessx/default.nix
+++ b/pkgs/games/chessx/default.nix
@@ -12,11 +12,11 @@
mkDerivation rec {
pname = "chessx";
- version = "1.5.7";
+ version = "1.5.8";
src = fetchurl {
url = "mirror://sourceforge/chessx/chessx-${version}.tgz";
- sha256 = "sha256-wadIO3iNvj8LgIzExHTmeXxXnWOI+ViLrdhAlzZ79Jw=";
+ sha256 = "sha256-ev+tK1CHLFt/RvmzyPVZ2c0nxfRwwb9ke7uTmm7REaM=";
};
nativeBuildInputs = [
diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix
index df9aca8e2461..40ac5eb65b57 100644
--- a/pkgs/os-specific/linux/nvidia-x11/default.nix
+++ b/pkgs/os-specific/linux/nvidia-x11/default.nix
@@ -25,11 +25,11 @@ rec {
stable = if stdenv.hostPlatform.system == "i686-linux" then legacy_390 else latest;
production = generic {
- version = "525.85.05";
- sha256_64bit = "sha256-6mO0JTQDsiS7cxOol3qSDf6dID1mHdX2/CZYWnAXkUA=";
- openSha256 = "sha256-iI41eex/pQhWdQwk9qc9AlnVYcO0HRA9ISoqNdVKN7g=";
- settingsSha256 = "sha256-ck6ra8y8nn5kA3L9/VcRR2W2RaWvfVbgBiOh2dRJr/8=";
- persistencedSha256 = "sha256-dt/Tqxp7ZfnbLel9BavjWDoEdLJvdJRwFjTFOBYYKLI=";
+ version = "525.89.02";
+ sha256_64bit = "sha256-DkEsiMW9mPhCqDmm9kYU8g5MCVDvfP+xKxWKcWM1k+k=";
+ openSha256 = "sha256-MP9ir0Fuodar239r3PbqVxIHd0vHvpDj8Rw55TeFtZM=";
+ settingsSha256 = "sha256-7rHaJWm0XHJXsKL8VnU9XT15t/DU8jdsCXQwQT+KaV0=";
+ persistencedSha256 = "sha256-4AmOL6b3GKCjGs6bRDpQAkEG4n41X395znyQF1x9VEs=";
};
latest = selectHighestVersion production (generic {
diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
index 8716de1f1d77..d96e60ba780f 100644
--- a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
+++ b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
@@ -9,16 +9,16 @@
buildNpmPackage rec {
pname = "matrix-appservice-irc";
- version = "0.36.0";
+ version = "0.37.0";
src = fetchFromGitHub {
owner = "matrix-org";
repo = "matrix-appservice-irc";
rev = "refs/tags/${version}";
- hash = "sha256-8/jLONqf+0JRAK/SLj3qlG6Dm0VRl4h6YWeZnz4pVXc=";
+ hash = "sha256-krF/eUyGHB4M3sQVaBh7+OaHnM/g9XVaBa8gizPkLKE=";
};
- npmDepsHash = "sha256-fGft7au5js9DRoXYccBPdJyaZ3zfsuCwUwWPOxwAodo=";
+ npmDepsHash = "sha256-VkVpFt3cwnBkN0AGDaE5Bd6xINGL6XugZ4TBsDONWCg=";
nativeBuildInputs = [
python3
diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix
index 3f657bbeceaf..4828e613595a 100644
--- a/pkgs/servers/samba/4.x.nix
+++ b/pkgs/servers/samba/4.x.nix
@@ -20,9 +20,12 @@
, gnutls
, systemd
, samba
+, talloc
, jansson
+, ldb
, libtasn1
, tdb
+, tevent
, libxcrypt
, cmocka
, rpcsvc-proto
@@ -100,8 +103,11 @@ stdenv.mkDerivation rec {
libarchive
zlib
gnutls
+ ldb
+ talloc
libtasn1
tdb
+ tevent
libxcrypt
] ++ optionals stdenv.isLinux [ liburing systemd ]
++ optionals stdenv.isDarwin [ libiconv ]
@@ -143,6 +149,7 @@ stdenv.mkDerivation rec {
++ optionals (!enableLDAP) [
"--without-ldap"
"--without-ads"
+ "--bundled-libraries=!ldb,!pyldb-util!talloc,!pytalloc-util,!tevent,!tdb,!pytdb"
] ++ optional enableLibunwind "--with-libunwind"
++ optional enableProfiling "--with-profiling-data"
++ optional (!enableAcl) "--without-acl-support"
diff --git a/pkgs/tools/misc/broot/default.nix b/pkgs/tools/misc/broot/default.nix
index 257e75628ed2..4daab1ef99c6 100644
--- a/pkgs/tools/misc/broot/default.nix
+++ b/pkgs/tools/misc/broot/default.nix
@@ -15,16 +15,16 @@
rustPlatform.buildRustPackage rec {
pname = "broot";
- version = "1.20.0";
+ version = "1.20.1";
src = fetchFromGitHub {
owner = "Canop";
repo = pname;
rev = "v${version}";
- hash = "sha256-+bOdUjBMxYT4qbZ8g5l0pDZJhXaeuYVygb13sx7mg28=";
+ hash = "sha256-W8B4e8x9IoINR4NSm8jVBqXZbe1T/4z3RVmNrLVzV1M=";
};
- cargoHash = "sha256-r/oj5ZgBjJXowFa95GKPACruH3bnPHjjyaSRewogXHQ=";
+ cargoHash = "sha256-XEvIqzSkusOv+boNZbTRxXVN566SduNDcZSkomJRMsk=";
nativeBuildInputs = [
installShellFiles
diff --git a/pkgs/tools/misc/nb/default.nix b/pkgs/tools/misc/nb/default.nix
index 207de747d2c5..84c71bd85d07 100644
--- a/pkgs/tools/misc/nb/default.nix
+++ b/pkgs/tools/misc/nb/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "nb";
- version = "7.3.0";
+ version = "7.4.1";
src = fetchFromGitHub {
owner = "xwmx";
repo = "nb";
rev = version;
- sha256 = "sha256-R5B49648X9UP2al4VRRAl/T9clgvCztYxpbDHwQmDM8=";
+ sha256 = "sha256-5QuNv6sRr/pfw0Vk+jfSjpowWfsD4kh7c2YoEEuUeKE=";
};
nativeBuildInputs = [ installShellFiles ];
diff --git a/pkgs/tools/networking/drill/default.nix b/pkgs/tools/networking/drill/default.nix
index 5fb8fc33997b..a0ca8453ec92 100644
--- a/pkgs/tools/networking/drill/default.nix
+++ b/pkgs/tools/networking/drill/default.nix
@@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "drill";
- version = "0.8.1";
+ version = "0.8.2";
src = fetchFromGitHub {
owner = "fcsonline";
repo = pname;
rev = version;
- sha256 = "sha256-J4zg5mAZ/xXKxBbEYYZRNjlbyUD/SDD/LSu43FrCbBE=";
+ sha256 = "sha256-x+ljh96RkmZQBPxUcXwcYQhRQAxMB8YOAsdg3aiht+U=";
};
- cargoSha256 = "sha256-N0Rj6n8mQHZR4/4m1FHcqCKDqG7GeVxUs2XN0oxQVqQ=";
+ cargoHash = "sha256-GPa3gfqY3fiBI75+hLlqnR1+vUUWCxkracOdR6SsJFk=";
nativeBuildInputs = lib.optionals stdenv.isLinux [
pkg-config
diff --git a/pkgs/tools/networking/tinyfecvpn/default.nix b/pkgs/tools/networking/tinyfecvpn/default.nix
index 4b283a5eccd8..71e5dea12be6 100644
--- a/pkgs/tools/networking/tinyfecvpn/default.nix
+++ b/pkgs/tools/networking/tinyfecvpn/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "tinyfecvpn";
- version = "20210116.0";
+ version = "20230206.0";
src = fetchFromGitHub {
owner = "wangyu-";
repo = pname;
rev = version;
- sha256 = "sha256-Ng5AZJfrnNXSSbhJKBc+giNp2yOWta0EozWHB7lFUmw=";
+ sha256 = "sha256-g4dduREH64TDK3Y2PKc5RZiISW4h2ALRh8vQK7jvCZU=";
fetchSubmodules = true;
};
diff --git a/pkgs/tools/networking/xrootd/default.nix b/pkgs/tools/networking/xrootd/default.nix
index 1320387a217e..586e726b3d4a 100644
--- a/pkgs/tools/networking/xrootd/default.nix
+++ b/pkgs/tools/networking/xrootd/default.nix
@@ -24,14 +24,14 @@
stdenv.mkDerivation rec {
pname = "xrootd";
- version = "5.5.1";
+ version = "5.5.2";
src = fetchFromGitHub {
owner = "xrootd";
repo = "xrootd";
rev = "v${version}";
fetchSubmodules = true;
- hash = "sha256-PaLT3+5FucPnWLStWxtBBqTKs8hvogKMrZteSNY+xXI=";
+ hash = "sha256-2zVCOcjL8TUbo38Dx7W8431ziouzuAdCfogsIMSOOmQ=";
};
outputs = [ "bin" "out" "dev" "man" ];
diff --git a/pkgs/tools/package-management/repro-get/default.nix b/pkgs/tools/package-management/repro-get/default.nix
new file mode 100644
index 000000000000..18eb021d3efb
--- /dev/null
+++ b/pkgs/tools/package-management/repro-get/default.nix
@@ -0,0 +1,73 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, installShellFiles
+, testers
+, repro-get
+, cacert
+}:
+
+buildGoModule rec {
+ pname = "repro-get";
+ version = "0.2.1";
+
+ src = fetchFromGitHub {
+ owner = "reproducible-containers";
+ repo = "repro-get";
+ rev = "v${version}";
+ sha256 = "sha256-3cvKHwAyPYwR5VlhpPJH+3BK9Kw7dTGOPN1q2RnwsG0=";
+ };
+
+ vendorSha256 = "sha256-ebvtPc0QiP7fNiWYjd7iLG/4iH4DqWV/eaDHvmV/H3Y=";
+
+ nativeBuildInputs = [ installShellFiles ];
+
+ # The pkg/version test requires internet access, so disable it here and run it
+ # in passthru.pkg-version
+ preCheck = ''
+ rm -rf pkg/version
+ '';
+
+ ldflags = [
+ "-s"
+ "-w"
+ "-X github.com/reproducible-containers/${pname}/pkg/version.Version=v${version}"
+ ];
+
+ postInstall = ''
+ installShellCompletion --cmd repro-get \
+ --bash <($out/bin/repro-get completion bash) \
+ --fish <($out/bin/repro-get completion fish) \
+ --zsh <($out/bin/repro-get completion zsh)
+ '';
+
+ passthru.tests = {
+ "pkg-version" = repro-get.overrideAttrs (old: {
+ # see invalidateFetcherByDrvHash
+ name = "${repro-get.pname}-${builtins.unsafeDiscardStringContext (lib.substring 0 12 (baseNameOf repro-get.drvPath))}";
+ subPackages = [ "pkg/version" ];
+ installPhase = ''
+ rm -rf $out
+ touch $out
+ '';
+ preCheck = "";
+ outputHash = "sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=";
+ outputHashAlgo = "sha256";
+ outputHashMode = "flat";
+ outputs = [ "out" ];
+ nativeBuildInputs = old.nativeBuildInputs ++ [ cacert ];
+ });
+ version = testers.testVersion {
+ package = repro-get;
+ command = "HOME=$(mktemp -d) repro-get -v";
+ inherit version;
+ };
+ };
+
+ meta = with lib; {
+ description = "Reproducible apt/dnf/apk/pacman, with content-addressing";
+ homepage = "https://github.com/reproducible-containers/repro-get";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ matthewcroughan ];
+ };
+}
diff --git a/pkgs/tools/package-management/reuse/default.nix b/pkgs/tools/package-management/reuse/default.nix
index 130c9a42558e..c350a1c0735e 100644
--- a/pkgs/tools/package-management/reuse/default.nix
+++ b/pkgs/tools/package-management/reuse/default.nix
@@ -2,14 +2,14 @@
python3Packages.buildPythonApplication rec {
pname = "reuse";
- version = "1.1.0";
+ version = "1.1.1";
format = "pyproject";
src = fetchFromGitHub {
owner = "fsfe";
repo = "reuse-tool";
- rev = "v${version}";
- hash = "sha256-bjUDImMFwMhRjCa7XzGlqR8h+KfTsyxonrQlRGgApwo=";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-4L5VQtjpJ1P95S3vkbgLYTO/lTFReGiSAVuWSwh14i4=";
};
nativeBuildInputs = with python3Packages; [
diff --git a/pkgs/tools/security/ffuf/default.nix b/pkgs/tools/security/ffuf/default.nix
index 658df4348a1c..3831ff4d8e22 100644
--- a/pkgs/tools/security/ffuf/default.nix
+++ b/pkgs/tools/security/ffuf/default.nix
@@ -10,8 +10,8 @@ buildGoModule rec {
src = fetchFromGitHub {
owner = pname;
repo = pname;
- rev = "v${version}";
- sha256 = "sha256-TfPglATKQ3RIGODcIpSRL6FjbLyCjDzbi70jTLKYlLk=";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-TfPglATKQ3RIGODcIpSRL6FjbLyCjDzbi70jTLKYlLk=";
};
vendorHash = "sha256-nqv45e1W7MA8ElsJ7b4XWs26OicJ7IXmh93+wkueZg4=";
@@ -24,6 +24,7 @@ buildGoModule rec {
or web servers.
'';
homepage = "https://github.com/ffuf/ffuf";
+ changelog = "https://github.com/ffuf/ffuf/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
diff --git a/pkgs/tools/system/htop/default.nix b/pkgs/tools/system/htop/default.nix
index 305761e0c3be..215818862cdb 100644
--- a/pkgs/tools/system/htop/default.nix
+++ b/pkgs/tools/system/htop/default.nix
@@ -11,13 +11,13 @@ assert systemdSupport -> stdenv.isLinux;
stdenv.mkDerivation rec {
pname = "htop";
- version = "3.2.1";
+ version = "3.2.2";
src = fetchFromGitHub {
owner = "htop-dev";
repo = pname;
rev = version;
- sha256 = "sha256-MwtsvdPHcUdegsYj9NGyded5XJQxXri1IM1j4gef1Xk=";
+ sha256 = "sha256-OrlNE1A71q4XAauYNfumV1Ev1wBpFIBxPiw7aF++yjM=";
};
nativeBuildInputs = [ autoreconfHook ]
diff --git a/pkgs/tools/text/mdbook-katex/default.nix b/pkgs/tools/text/mdbook-katex/default.nix
index c4fc19ef1a7f..ded440fb79c6 100644
--- a/pkgs/tools/text/mdbook-katex/default.nix
+++ b/pkgs/tools/text/mdbook-katex/default.nix
@@ -2,14 +2,14 @@
rustPlatform.buildRustPackage rec {
pname = "mdbook-katex";
- version = "0.3.4";
+ version = "0.3.7";
src = fetchCrate {
inherit pname version;
- hash = "sha256-Bc9nUY2XyNlgOI436omg885Qm0BtqcrFsJz6qr2Zhys=";
+ hash = "sha256-DZ+5rYRHS5m4Alw6/Ak98UH2FD3EPBGDtB+vD0v8EMk=";
};
- cargoHash = "sha256-pH5ZN6bTjstrSTv0hdOoyWAdRLRjALarML3ZVoYvGRI=";
+ cargoHash = "sha256-i6u7kriLFgMSJDfA6JRjTLc3Oi8GfHjE7wEJbTLnMN8=";
OPENSSL_DIR = "${lib.getDev openssl}";
OPENSSL_LIB_DIR = "${lib.getLib openssl}/lib";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5b063c1bf6fe..47fc71df5238 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1033,6 +1033,8 @@ with pkgs;
inherit kernel firmware rootModules allowMissing;
};
+ mkBinaryCache = callPackage ../build-support/binary-cache { };
+
mkShell = callPackage ../build-support/mkshell { };
mkShellNoCC = mkShell.override { stdenv = stdenvNoCC; };
@@ -25163,6 +25165,8 @@ with pkgs;
reproxy = callPackage ../servers/reproxy { };
+ repro-get = callPackage ../tools/package-management/repro-get { };
+
restic = callPackage ../tools/backup/restic { };
restic-rest-server = callPackage ../tools/backup/restic/rest-server.nix { };