nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 03:43:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge release-24.11 into staging-next-24.11

Browse Source
This commit is contained in:
github-actions[bot] 2024-11-16 00:18:19 +00:00 committed by GitHub
commit 95248251d0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
31 changed files with 209 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -103,6 +103,8 @@
- [Hatsu](https://github.com/importantimport/hatsu), a self-hosted bridge that interacts with Fediverse on behalf of your static site. Available as [services.hatsu](options.html#opt-services.hatsu.enable).
- [Soteria](https://github.com/ImVaskel/soteria), a polkit authentication agent to handle elevated prompts for any desktop environment. Normally this should only be used on DEs or WMs that do not provide a graphical polkit frontend on their own. Available as [`security.soteria`](#opt-security.soteria.enable).
- [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood.enable).
- [Niri](https://github.com/YaLTeR/niri), a scrollable-tiling Wayland compositor. Available as [programs.niri](options.html#opt-programs.niri.enable).
@ -316,8 +318,16 @@
- The nvidia driver no longer defaults to the proprietary driver starting with version 560. You will need to manually set `hardware.nvidia.open` to select the proprietary or open driver.
- `postgresql_12` has been removed since it reached its end of life.
- `postgresql` no longer accepts the `enableSystemd` override. Use `systemdSupport` instead.
- `postgresql` was split into default and -dev outputs. To make this work without circular dependencies, the output of the `pg_config` system view has been removed. The `pg_config` binary is provided in the -dev output and still works as expected.
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
- `postgresql` is now [hardened by default](#module-services-postgres-hardening) using the common `systemd` settings for that.
- The dhcpcd service (`networking.useDHCP`) has been hardened and now runs exclusively as the "dhcpcd" user.
Users that were relying on the root privileges in `networking.dhcpcd.runHook` will have to write specific [sudo](security.sudo.extraRules) or [polkit](security.polkit.extraConfig) rules to allow dhcpcd to perform privileged actions.
@ -583,8 +593,6 @@
- Docker now defaults to 27.x, as version 24.x stopped receiving security updates and bug fixes after [February 1, 2024](https://github.com/moby/moby/pull/46772#discussion_r1686464084).
- `postgresql` was split into default and -dev outputs. To make this work without circular dependencies, the output of the `pg_config` system view has been removed. The `pg_config` binary is provided in the -dev output and still works as expected.
- `keycloak` was updated to version 25, which introduces new hostname related options.
See [Upgrading Guide](https://www.keycloak.org/docs/25.0.1/upgrading/#migrating-to-25-0-0) for instructions.
@ -828,8 +836,6 @@
- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep). Available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).
- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.
- Mattermost has been updated from 9.5 to 9.11 ESR. See the [changelog](https://docs.mattermost.com/about/mattermost-v9-changelog.html#release-v9-11-extended-support-release) for more details.
- `cargo-tauri.hook` was introduced to help users build [Tauri](https://tauri.app/) projects. It is meant to be used alongside
@ -849,8 +855,6 @@
- `iproute2` now has libbpf support.
- `postgresql` is now [hardened by default](#module-services-postgres-hardening) using the common `systemd` settings for that.
If you use extensions that are not packaged in nixpkgs, please review whether it still works
with the current settings and adjust accordingly if needed.

1
nixos/modules/module-list.nix
View File

@ -362,6 +362,7 @@
./security/polkit.nix
./security/rngd.nix
./security/rtkit.nix
./security/soteria.nix
./security/sudo.nix
./security/sudo-rs.nix
./security/systemd-confinement.nix

50
nixos/modules/security/soteria.nix Normal file
View File

@ -0,0 +1,50 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.security.soteria;
in
{
options.security.soteria = {
enable = lib.mkEnableOption null // {
description = ''
Whether to enable Soteria, a Polkit authentication agent
for any desktop environment.
::: {.note}
You should only enable this if you are on a Desktop Environment that
does not provide a graphical polkit authentication agent, or you are on
a standalone window manager or Wayland compositor.
:::
'';
};
package = lib.mkPackageOption pkgs "soteria" { };
};
config = lib.mkIf cfg.enable {
security.polkit.enable = true;
environment.systemPackages = [ cfg.package ];
systemd.user.services.polkit-soteria = {
description = "Soteria, Polkit authentication agent for any desktop environment";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
script = lib.getExe cfg.package;
serviceConfig = {
Type = "simple";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
meta.maintainers = with lib.maintainers; [ johnrtitor ];
}

9
nixos/modules/services/databases/postgresql.md
View File

@ -261,8 +261,9 @@ Technically, we'd not want to have EOL'ed packages in a stable NixOS release, wh
Thus:
- In September/October the new major version will be released and added to nixos-unstable.
- In November the last minor version for the oldest major will be released.
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor.
- In November, before branch-off for the .11 release, the EOL-ed major will be removed from nixos-unstable.
- Both the current stable .05 release and nixos-unstable should be updated to the latest minor that will usually be released in November.
- This is relevant for people who need to use this major for as long as possible. In that case its desirable to be able to pin nixpkgs to a commit that still has it, at the latest minor available.
- In November, before branch-off for the .11 release and after the update to the latest minor, the EOL-ed major will be removed from nixos-unstable.
This leaves a small gap of a couple of weeks after the latest minor release and the end of our support window for the .05 release, in which there could be an emergency release to other major versions of PostgreSQL - but not the oldest major we have in that branch. In that case: If we can't trivially patch the issue, we will mark the package/version as insecure **immediately**.
@ -292,7 +293,7 @@ postgresql_15.pkgs.pg_partman postgresql_15.pkgs.pgroonga
To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
```nix
{
services.postgresql.package = pkgs.postgresql_12;
services.postgresql.package = pkgs.postgresql_17;
services.postgresql.extraPlugins = ps: with ps; [
pg_repack
postgis
@ -303,7 +304,7 @@ To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:
```nix
self: super: {
postgresql_custom = self.postgresql_12.withPackages (ps: [
postgresql_custom = self.postgresql_17.withPackages (ps: [
ps.pg_repack
ps.postgis
]);

11
nixos/modules/services/databases/postgresql.nix
View File

@ -26,6 +26,7 @@ let
optionalString
types
versionAtLeast
warn
;
cfg = config.services.postgresql;
@ -484,10 +485,18 @@ in
services.postgresql.package = let
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
mkWarn = ver: warn ''
The postgresql package is not pinned and selected automatically by
`systemd.stateVersion`. Right now this is `pkgs.postgresql_${ver}`, the
oldest postgresql version available and thus the next that will be
removed when EOL on the next stable cycle.
See also https://endoflife.date/postgresql
'';
base = if versionAtLeast config.system.stateVersion "24.11" then pkgs.postgresql_16
else if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "21.11" then mkWarn "13" pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"
else mkThrow "9_5";

31
nixos/modules/services/web-apps/outline.nix
View File

@ -586,37 +586,6 @@ in
ensureDatabases = [ "outline" ];
};
# Outline is unable to create the uuid-ossp extension when using postgresql 12, in later version this
# extension can be created without superuser permission. This services therefor this extension before
# outline starts and postgresql 12 is using on the host.
#
# Can be removed after postgresql 12 is dropped from nixos.
systemd.services.outline-postgresql =
let
pgsql = config.services.postgresql;
in
lib.mkIf (cfg.databaseUrl == "local" && pgsql.package == pkgs.postgresql_12) {
after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ];
wantedBy = [ "outline.service" ];
partOf = [ "outline.service" ];
path = [
pgsql.package
];
script = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
psql outline -tAc 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp"'
'';
serviceConfig = {
User = pgsql.superUser;
Type = "oneshot";
RemainAfterExit = true;
};
};
services.redis.servers.outline = lib.mkIf (cfg.redisUrl == "local") {
enable = true;
user = config.services.outline.user;

2
nixos/tests/pleroma.nix
View File

@ -205,7 +205,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
};
postgresql = {
enable = true;
package = pkgs.postgresql_12;
package = pkgs.postgresql_13;
};
nginx = {
enable = true;

2
pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
View File

@ -2310,4 +2310,4 @@ DEPENDENCIES
yajl-ruby (~> 1.4.3)
BUNDLED WITH
2.5.16
2.5.22

7
pkgs/applications/virtualization/lima/default.nix
View File

@ -39,10 +39,15 @@ buildGoModule rec {
buildPhase = ''
runHook preBuild
make "VERSION=v${version}" binaries
make "VERSION=v${version}" "CC=${stdenv.cc.targetPrefix}cc" binaries
runHook postBuild
'';
preCheck = ''
# Workaround for: could not create "/homeless-shelter/.lima/_config" directory: mkdir /homeless-shelter: permission denied
export LIMA_HOME="$(mktemp -d)"
'';
installPhase = ''
runHook preInstall
mkdir -p $out

28
pkgs/by-name/bu/buf-language-server/package.nix
View File

@ -1,28 +0,0 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "buf-language-server";
version = "unstable-2022-08-19";
src = fetchFromGitHub {
owner = "bufbuild";
repo = pname;
rev = "6f08a7eed22c5a178cb55613f454319e09be112c";
sha256 = "sha256-UHsWrWDOC/f3YS2g533CgUkuUmz4MUQRunClQiY/YPQ=";
};
vendorHash = "sha256-ORzCOmBx6k1GZj6pYLhqPsdneCc7Tt1yHpI5mw5ruFU=";
ldflags = [
"-s"
"-w"
];
meta = with lib; {
description = "Language server for protocol buffers";
mainProgram = "bufls";
homepage = "https://github.com/bufbuild/buf-language-server";
license = licenses.asl20;
maintainers = with maintainers; [ svrana ];
};
}

3
pkgs/by-name/bu/bun/package.nix
View File

@ -97,5 +97,8 @@ stdenvNoCC.mkDerivation rec {
# Broken for Musl at 2024-01-13, tracking issue:
# https://github.com/NixOS/nixpkgs/issues/280716
broken = stdenvNoCC.hostPlatform.isMusl;
# Hangs when run via Rosetta 2 on Apple Silicon
hydraPlatforms = lib.lists.remove "x86_64-darwin" lib.platforms.all;
};
}

1
pkgs/by-name/fi/firefly-iii/package.nix
View File

@ -88,5 +88,6 @@ stdenvNoCC.mkDerivation (finalAttrs: {
homepage = "https://github.com/firefly-iii/firefly-iii";
license = lib.licenses.agpl3Only;
maintainers = [ lib.maintainers.savyajha lib.maintainers.patrickdag ];
hydraPlatforms = lib.platforms.linux; # build hangs on both Darwin platforms, needs investigation
};
})

22
pkgs/by-name/fx/fx-cast-bridge/package.nix
View File

@ -1,4 +1,12 @@
{ lib, buildNpmPackage, fetchFromGitHub, avahi-compat, nodejs_18, python3 }:
{
lib,
buildNpmPackage,
fetchFromGitHub,
avahi-compat,
nodejs_18,
python3,
stdenv,
}:
buildNpmPackage rec {
pname = "fx-cast-bridge";
@ -48,11 +56,17 @@ buildNpmPackage rec {
runHook postInstall
'';
meta = with lib; {
meta = {
description = "Implementation of the Chrome Sender API (Chromecast) within Firefox";
homepage = "https://hensm.github.io/fx_cast/";
license = licenses.mit;
maintainers = [ ];
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ bot-wxt1221 ];
platforms = [
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
]; # aarch64-linux wasn't support in upstream according to README
broken = stdenv.hostPlatform.isDarwin;
mainProgram = "fx_cast_bridge";
};
}

1
pkgs/by-name/lb/lbreakout2/package.nix
View File

@ -49,5 +49,6 @@ stdenv.mkDerivation (finalAttrs: {
mainProgram = "lbreakout2";
maintainers = with lib.maintainers; [ AndersonTorres ciil ];
platforms = lib.platforms.unix;
hydraPlatforms = lib.platforms.linux; # build hangs on both Darwin platforms, needs investigation
};
})

15
pkgs/by-name/me/metadata/package.nix
View File

@ -1,5 +1,6 @@
{ lib
, fetchFromGitHub
, fetchpatch
, pkg-config
, ffmpeg
, rustPlatform
@ -14,11 +15,11 @@ rustPlatform.buildRustPackage rec {
src = fetchFromGitHub {
owner = "zmwangx";
repo = "metadata";
rev = "v${version}";
hash = "sha256-OFWdCV9Msy/mNaSubqoJi4tBiFqL7RuWWQluSnKe4fU=";
rev = "ec9614cfa64ffc95d74e4b19496ebd9b026e692b";
hash = "sha256-ugirYg3l+zIfKAqp2smLgG99mX9tsy9rmGe6lFAwx5o=";
};
cargoHash = "sha256-F5jXS/W600nbQtu1FD4+DawrFsO+5lJjvAvTiFKT840=";
cargoHash = "sha256-OMm39sgbq2wTRJTVoCf5imJe3hmf+Djq9w9tzKBrkIM=";
nativeBuildInputs = [
pkg-config
@ -27,6 +28,14 @@ rustPlatform.buildRustPackage rec {
rustPlatform.bindgenHook
];
cargoPatches = [
(fetchpatch {
name = "update-crate-ffmpeg-next-version.patch";
url = "https://github.com/myclevorname/metadata/commit/a1bc9f53d9aa0aeb17cbb530a1da1de4fdf85328.diff";
hash = "sha256-LEwOK1UFUwLZhqLnoUor5CSOwz4DDjNFMnMOGq1S1Sc=";
})
];
postBuild = ''
a2x --doctype manpage --format manpage man/metadata.1.adoc
'';

2
pkgs/by-name/po/poke/package.nix
View File

@ -86,6 +86,6 @@ stdenv.mkDerivation (finalAttrs: {
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ AndersonTorres kira-bruneau ];
platforms = lib.platforms.unix;
broken = stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64;
hydraPlatforms = lib.platforms.linux; # build hangs on Darwin platforms, needs investigation
};
})

28
pkgs/applications/graphics/texturepacker/default.nix → pkgs/by-name/te/texturepacker/package.nix
View File

@ -1,33 +1,31 @@
{ lib
, stdenv
, fetchurl
, dpkg
, autoPatchelfHook
, wrapQtAppsHook
, qtbase
, qtdeclarative
, qtsvg
{
lib,
stdenv,
fetchurl,
dpkg,
autoPatchelfHook,
qt6,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "texturepacker";
version = "7.4.0";
version = "7.5.0";
src = fetchurl {
url = "https://www.codeandweb.com/download/texturepacker/${finalAttrs.version}/TexturePacker-${finalAttrs.version}.deb";
hash = "sha256-v+azjIIscmp72WB3gki0CKb+z+FYsuJxIx9jvdfs+qM=";
hash = "sha256-zUT9NnBNtgFqNr7e9IAqWuK61MjrQuC+gCi1D2m1kGc=";
};
nativeBuildInputs = [
dpkg
autoPatchelfHook
wrapQtAppsHook
qt6.wrapQtAppsHook
];
buildInputs = [
qtbase
qtdeclarative
qtsvg
qt6.qtbase
qt6.qtdeclarative
qt6.qtsvg
];
installPhase = ''

1
pkgs/by-name/vp/vp/package.nix
View File

@ -44,5 +44,6 @@ stdenv.mkDerivation (finalAttrs: {
mainProgram = "vp";
maintainers = with lib.maintainers; [ AndersonTorres ];
inherit (SDL.meta) platforms;
hydraPlatforms = lib.platforms.linux; # build hangs on both Darwin platforms, needs investigation
};
})

1
pkgs/development/libraries/agg/default.nix
View File

@ -63,5 +63,6 @@ stdenv.mkDerivation rec {
license = lib.licenses.gpl2Plus;
homepage = "http://www.antigrain.com/";
platforms = lib.platforms.unix;
hydraPlatforms = lib.platforms.linux; # build hangs on both Darwin platforms, needs investigation
};
}

21
pkgs/development/python-modules/chainer/default.nix
View File

@ -7,18 +7,19 @@
fetchFromGitHub,
filelock,
mock,
numpy,
protobuf,
pytestCheckHook,
pythonOlder,
six,
setuptools,
numpy,
typing-extensions,
}:
buildPythonPackage rec {
pname = "chainer";
version = "7.8.1.post1";
format = "setuptools";
build-system = [ setuptools ];
disabled = pythonOlder "3.7";
@ -29,12 +30,18 @@ buildPythonPackage rec {
hash = "sha256-epwnExmyCWmwaOz+mJnAl1peEeHLBdQGC62BlLfSTQQ=";
};
propagatedBuildInputs = [
postPatch = ''
substituteInPlace chainer/_environment_check.py \
--replace-fail "import numpy.distutils.system_info" "import numpy" \
--replace-fail "numpy.distutils.system_info" "numpy.__config__.get_info"
'';
dependencies = [
filelock
numpy
protobuf
six
typing-extensions
numpy
] ++ lib.optionals cudaSupport [ cupy ];
nativeCheckInputs = [
@ -60,10 +67,10 @@ buildPythonPackage rec {
pythonImportsCheck = [ "chainer" ];
meta = with lib; {
meta = {
description = "Flexible framework of neural networks for deep learning";
homepage = "https://chainer.org/";
license = licenses.mit;
maintainers = with maintainers; [ hyphon81 ];
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ hyphon81 ];
};
}

16
pkgs/development/python-modules/cirq-google/default.nix
View File

@ -6,6 +6,8 @@
protobuf,
pytestCheckHook,
setuptools,
protobuf4,
fetchpatch,
}:
buildPythonPackage rec {
@ -17,6 +19,20 @@ buildPythonPackage rec {
build-system = [ setuptools ];
patches = [
# https://github.com/quantumlib/Cirq/pull/6683 Support for protobuf5
(fetchpatch {
url = "https://github.com/quantumlib/Cirq/commit/bae02e4d83aafa29f50aa52073d86eb913ccb2d3.patch";
hash = "sha256-MqHhKa38BTM6viQtWik0TQjN0OPdrwzCZkkqZsiyF5w=";
includes = [ "cirq_google/serialization/arg_func_langs_test.py" ];
stripLen = 1;
})
];
pythonRelaxDeps = [
"protobuf"
];
dependencies = [
cirq-core
google-api-core

10
pkgs/development/python-modules/clarifai-grpc/default.nix
View File

@ -33,16 +33,20 @@ buildPythonPackage rec {
requests
];
pythonRelaxDeps = [
"grpcio"
];
# almost all tests require network access
doCheck = false;
pythonImportsCheck = [ "clarifai_grpc" ];
meta = with lib; {
meta = {
description = "Clarifai gRPC API Client";
homepage = "https://github.com/Clarifai/clarifai-python-grpc";
changelog = "https://github.com/Clarifai/clarifai-python-grpc/releases/tag/${version}";
license = licenses.asl20;
maintainers = with maintainers; [ natsukium ];
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ natsukium ];
};
}

26
pkgs/development/python-modules/oddsprout/default.nix
View File

@ -3,24 +3,37 @@
buildPythonPackage,
fetchFromGitHub,
poetry-core,
pytestCheckHook,
pythonOlder,
dahlia,
ixia
ixia,
}:
buildPythonPackage rec {
pname = "oddsprout";
version = "0.1.0";
version = "0.1.1";
pyproject = true;
disabled = pythonOlder "3.9";
src = fetchFromGitHub {
owner = "trag1c";
repo = "oddsprout";
rev = "refs/tags/v${version}";
hash = "sha256-k5/mBoW4PxGUbkwaZyHgS3MGI4533V/nNoGqEg+VXpM=";
hash = "sha256-BOUYq4yny3ScgzCzx2cpeK4e7nxxwTj8mJ42nr59mFA=";
};
build-system = [ poetry-core ];
dependencies = [ dahlia ixia ];
dependencies = [
dahlia
ixia
];
# has one test `test_main_recursion_error`
# that has a very low (~1%) but nonzero chance to fail,
# this is known upstream (https://github.com/trag1c/oddsprout/issues/5)
nativeCheckInputs = [ pytestCheckHook ];
pythonImportsCheck = [ "oddsprout" ];
@ -29,6 +42,9 @@ buildPythonPackage rec {
description = "Generate random JSON with no schemas involved";
license = licenses.mit;
homepage = "https://trag1c.github.io/oddsprout";
maintainers = with maintainers; [ sigmanificient ];
maintainers = with maintainers; [
itepastra
sigmanificient
];
};
}

21
pkgs/development/python-modules/symspellpy/default.nix
View File

@ -25,21 +25,6 @@ buildPythonPackage rec {
disabled = pythonOlder "3.8";
patches = [
# patch for fix tests
# https://github.com/mammothb/symspellpy/pull/151
(fetchpatch {
name = "fix-pkg-resources-deprecation-warning.patch";
url = "https://github.com/mammothb/symspellpy/commit/b0298f4936f28a79612f5509612210868548793f.patch";
hash = "sha256-mdUJMrcPv5zczIRP+8u5vicz2IE1AUN3YP0+zg3jqZg=";
})
(fetchpatch {
name = "fix-error-message-checking-py312.patch";
url = "https://github.com/mammothb/symspellpy/commit/f6f91e18316bed717036306c33d2ee82a922563a.patch";
hash = "sha256-a5KsESIEIzlbcEPq8sTB2+XkuT/vP81U8StZhaL0MbA=";
})
];
src = fetchFromGitHub {
owner = "mammothb";
repo = "symspellpy";
@ -62,11 +47,11 @@ buildPythonPackage rec {
"symspellpy.symspellpy"
];
meta = with lib; {
meta = {
description = "Python port of SymSpell v6.7.1, which provides much higher speed and lower memory consumption";
homepage = "https://github.com/mammothb/symspellpy";
changelog = "https://github.com/mammothb/symspellpy/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ vizid ];
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ vizid ];
};
}

4
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -769,6 +769,10 @@ let
# Shadow stacks
X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes;
# Enable support for Intel Trust Domain Extensions (TDX)
INTEL_TDX_GUEST = whenAtLeast "5.19" yes;
TDX_GUEST_DRIVER = whenAtLeast "6.2" module;
# Mitigate straight line speculation at the cost of some file size
SLS = whenBetween "5.17" "6.9" yes;
MITIGATION_SLS = whenAtLeast "6.9" yes;

10
pkgs/servers/sql/postgresql/12.nix
View File

@ -1,10 +0,0 @@
import ./generic.nix {
version = "12.21";
hash = "sha256-bHEVUKwcx4KIZeWCPZ9Ffjva1vQyAXcWn5DkGb4MJ/I=";
muslPatches = {
dont-use-locale-a = {
url = "https://git.alpinelinux.org/aports/plain/testing/postgresql12/dont-use-locale-a-on-musl.patch?id=d5227c91adda59d4e7f55f13468f0314e8869174";
hash = "sha256-fk+y/SvyA4Tt8OIvDl7rje5dLs3Zw+Ln1oddyYzerOo=";
};
};
}

1
pkgs/servers/sql/postgresql/default.nix
View File

@ -9,7 +9,6 @@ let
# version. In other words: Do not remove the second-to-last minor version from nixpkgs,
# yet. Update first.
versions = {
postgresql_12 = ./12.nix;
postgresql_13 = ./13.nix;
postgresql_14 = ./14.nix;
postgresql_15 = ./15.nix;

14
pkgs/servers/sql/postgresql/generic.nix
View File

@ -29,10 +29,6 @@ let
# PL/Python
, pythonSupport ? false
, python3
# detection of crypt fails when using llvm stdenv, so we add it manually
# for <13 (where it got removed: https://github.com/postgres/postgres/commit/c45643d618e35ec2fe91438df15abd4f3c0d85ca)
, libxcrypt
} @args:
let
atLeast = lib.versionAtLeast version;
@ -100,7 +96,6 @@ let
icu
libuuid
]
++ lib.optionals (olderThan "13") [ libxcrypt ]
++ lib.optionals jitSupport [ llvmPackages.llvm ]
++ lib.optionals lz4Enabled [ lz4 ]
++ lib.optionals zstdEnabled [ zstd ]
@ -129,10 +124,7 @@ let
# those paths. This avoids a lot of circular dependency problems with different outputs,
# and allows splitting them cleanly.
env.CFLAGS = "-fdata-sections -ffunction-sections"
+ (if stdenv'.cc.isClang then " -flto" else " -fmerge-constants -Wl,--gc-sections")
# Makes cross-compiling work when xml2-config can't be executed on the host.
# Fixed upstream in https://github.com/postgres/postgres/commit/0bc8cebdb889368abdf224aeac8bc197fe4c9ae6
+ lib.optionalString (olderThan "13") " -I${libxml2.dev}/include/libxml2";
+ (if stdenv'.cc.isClang then " -flto" else " -fmerge-constants -Wl,--gc-sections");
configureFlags = [
"--with-openssl"
@ -175,8 +167,8 @@ let
] ++ lib.optionals stdenv'.hostPlatform.isMusl (
# Using fetchurl instead of fetchpatch on purpose: https://github.com/NixOS/nixpkgs/issues/240141
map fetchurl (lib.attrValues muslPatches)
) ++ lib.optionals stdenv'.hostPlatform.isLinux [
(if atLeast "13" then ./patches/socketdir-in-run-13+.patch else ./patches/socketdir-in-run.patch)
) ++ lib.optionals stdenv'.hostPlatform.isLinux [
./patches/socketdir-in-run-13+.patch
] ++ lib.optionals (stdenv'.hostPlatform.isDarwin && olderThan "16") [
./patches/export-dynamic-darwin-15-.patch
];

11
pkgs/servers/sql/postgresql/patches/socketdir-in-run.patch
View File

@ -1,11 +0,0 @@
--- a/src/include/pg_config_manual.h
+++ b/src/include/pg_config_manual.h
@@ -179,7 +179,7 @@
* here's where to twiddle it. You can also override this at runtime
* with the postmaster's -k switch.
*/
-#define DEFAULT_PGSOCKET_DIR "/tmp"
+#define DEFAULT_PGSOCKET_DIR "/run/postgresql"
/*
* This is the default event source for Windows event log.

6
pkgs/top-level/aliases.nix
View File

@ -156,6 +156,7 @@ mapAliases {
bpftool = throw "'bpftool' has been renamed to/replaced by 'bpftools'"; # Converted to throw 2024-10-17
brasero-original = lib.warn "Use 'brasero-unwrapped' instead of 'brasero-original'" brasero-unwrapped; # Added 2024-09-29
bs-platform = throw "'bs-platform' was removed as it was broken, development ended and 'melange' has superseded it"; # Added 2024-07-29
buf-language-server = throw "'buf-language-server' was removed as its development has moved to the 'buf' package"; # Added 2024-11-15
budgie = throw "The `budgie` scope has been removed and all packages moved to the top-level"; # Added 2024-07-14
budgiePlugins = throw "The `budgiePlugins` scope has been removed and all packages moved to the top-level"; # Added 2024-07-14
@ -971,6 +972,11 @@ mapAliases {
timescaledb = postgresqlPackages.timescaledb;
tsearch_extras = postgresqlPackages.tsearch_extras;
postgresql_12 = throw "postgresql_12 has been removed since it reached its EOL upstream"; # Added 2024-11-14
postgresql_12_jit = throw "postgresql_12 has been removed since it reached its EOL upstream"; # Added 2024-11-14
postgresql12Packages = throw "postgresql_12 has been removed since it reached its EOL upstream"; # Added 2024-11-14
postgresql12JitPackages = throw "postgresql_12 has been removed since it reached its EOL upstream"; # Added 2024-11-14
# pinentry was using multiple outputs, this emulates the old interface for i.e. home-manager
# soon: throw "'pinentry' has been removed. Pick an appropriate variant like 'pinentry-curses' or 'pinentry-gnome3'";
pinentry = pinentry-all // {

6
pkgs/top-level/all-packages.nix
View File

@ -12148,14 +12148,12 @@ with pkgs;
postgresqlVersions = import ../servers/sql/postgresql pkgs;
inherit (postgresqlVersions)
postgresql_12
postgresql_13
postgresql_14
postgresql_15
postgresql_16
postgresql_17
postgresql_12_jit
postgresql_13_jit
postgresql_14_jit
postgresql_15_jit
@ -12166,13 +12164,11 @@ with pkgs;
postgresql_jit = postgresql_16_jit;
postgresqlPackages = recurseIntoAttrs postgresql.pkgs;
postgresqlJitPackages = recurseIntoAttrs postgresql_jit.pkgs;
postgresql12Packages = recurseIntoAttrs postgresql_12.pkgs;
postgresql13Packages = recurseIntoAttrs postgresql_13.pkgs;
postgresql14Packages = recurseIntoAttrs postgresql_14.pkgs;
postgresql15Packages = recurseIntoAttrs postgresql_15.pkgs;
postgresql16Packages = recurseIntoAttrs postgresql_16.pkgs;
postgresql17Packages = recurseIntoAttrs postgresql_17.pkgs;
postgresql12JitPackages = recurseIntoAttrs postgresql_12_jit.pkgs;
postgresql13JitPackages = recurseIntoAttrs postgresql_13_jit.pkgs;
postgresql14JitPackages = recurseIntoAttrs postgresql_14_jit.pkgs;
postgresql15JitPackages = recurseIntoAttrs postgresql_15_jit.pkgs;
@ -16012,8 +16008,6 @@ with pkgs;
terminaltexteffects = with python3Packages; toPythonApplication terminaltexteffects ;
texturepacker = qt6.callPackage ../applications/graphics/texturepacker { };
inherit (callPackage ../applications/graphics/tesseract {
inherit (darwin.apple_sdk.frameworks) Accelerate CoreGraphics CoreVideo;
})