nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-13 16:34:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2024-12-02 12:06:22 +00:00 committed by GitHub
commit ac86a85402
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
54 changed files with 762 additions and 6222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
maintainers/maintainer-list.nix
View File

@ -22366,6 +22366,12 @@
githubId = 6118602;
name = "Viktor";
};
tne = {
email = "tne@garudalinux.org";
github = "JustTNE";
githubId = 38938720;
name = "TNE";
};
tnias = {
email = "phil@grmr.de";
matrix = "@tnias:stratum0.org";

2
nixos/doc/manual/release-notes/rl-2505.section.md
View File

@ -39,6 +39,8 @@
- `zammad` has had its support for MySQL removed, since it was never working correctly and is now deprecated upstream. Check the [migration guide](https://docs.zammad.org/en/latest/appendix/migrate-to-postgresql.html) for how to convert your database to PostgreSQL.
- The behavior of the `networking.nat.externalIP` and `networking.nat.externalIPv6` options has been changed. `networking.nat.forwardPorts` now only forwards packets destined for the specified IP addresses.
- `kanata` was updated to v1.7.0, which introduces several breaking changes.
See the release notes of
[v1.7.0](https://github.com/jtroo/kanata/releases/tag/v1.7.0)

57
nixos/modules/services/networking/nat-iptables.nix
View File

@ -32,16 +32,21 @@ let
ip46tables -w -t nat -D OUTPUT -j nixos-nat-out 2>/dev/null || true
ip46tables -w -t nat -F nixos-nat-out 2>/dev/null || true
ip46tables -w -t nat -X nixos-nat-out 2>/dev/null || true
ip46tables -w -t filter -D FORWARD -j nixos-filter-forward 2>/dev/null || true
ip46tables -w -t filter -F nixos-filter-forward 2>/dev/null || true
ip46tables -w -t filter -X nixos-filter-forward 2>/dev/null || true
${cfg.extraStopCommands}
'';
mkSetupNat = { iptables, dest, internalIPs, forwardPorts }: ''
mkSetupNat = { iptables, dest, internalIPs, forwardPorts, externalIp }: ''
# We can't match on incoming interface in POSTROUTING, so
# mark packets coming from the internal interfaces.
${concatMapStrings (iface: ''
${iptables} -w -t nat -A nixos-nat-pre \
-i '${iface}' -j MARK --set-mark 1
${iptables} -w -t filter -A nixos-filter-forward \
-i '${iface}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} -j ACCEPT
'') cfg.internalInterfaces}
# NAT the marked packets.
@ -54,14 +59,23 @@ let
${concatMapStrings (range: ''
${iptables} -w -t nat -A nixos-nat-post \
-s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest}
${iptables} -w -t filter -A nixos-filter-forward \
-s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} -j ACCEPT
'') internalIPs}
# Related connections are allowed
${iptables} -w -t filter -A nixos-filter-forward \
-m state --state ESTABLISHED,RELATED -j ACCEPT
# NAT from external ports to internal ports.
${concatMapStrings (fwd: ''
${iptables} -w -t nat -A nixos-nat-pre \
-i ${toString cfg.externalInterface} -p ${fwd.proto} \
--dport ${builtins.toString fwd.sourcePort} \
${optionalString (externalIp != null) "-d ${externalIp}"} --dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
${iptables} -w -t filter -A nixos-filter-forward \
-i ${toString cfg.externalInterface} -p ${fwd.proto} \
--dport ${builtins.toString fwd.sourcePort} -j ACCEPT
${concatMapStrings (loopbackip:
let
@ -77,15 +91,32 @@ let
-j DNAT --to-destination ${fwd.destination}
# Allow connections to ${loopbackip}:${toString fwd.sourcePort} from other hosts behind NAT
${iptables} -w -t nat -A nixos-nat-pre \
-d ${loopbackip} -p ${fwd.proto} \
--dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
${iptables} -w -t nat -A nixos-nat-post \
-d ${destinationIP} -p ${fwd.proto} \
--dport ${destinationPorts} \
-j SNAT --to-source ${loopbackip}
${concatMapStrings (range: ''
${iptables} -w -t nat -A nixos-nat-pre \
-d ${loopbackip} -p ${fwd.proto} -s '${range}' \
--dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
${iptables} -w -t nat -A nixos-nat-post \
-d ${destinationIP} -p ${fwd.proto} \
-s '${range}' --dport ${destinationPorts} \
-j SNAT --to-source ${loopbackip}
${iptables} -w -t filter -A nixos-filter-forward \
-d ${destinationIP} -p ${fwd.proto} \
-s '${range}' --dport ${destinationPorts} -j ACCEPT
'') internalIPs}
${concatMapStrings (iface: ''
${iptables} -w -t nat -A nixos-nat-pre \
-d ${loopbackip} -p ${fwd.proto} -i '${iface}' \
--dport ${builtins.toString fwd.sourcePort} \
-j DNAT --to-destination ${fwd.destination}
${iptables} -w -t nat -A nixos-nat-post \
-d ${destinationIP} -p ${fwd.proto} \
-i '${iface}' --dport ${destinationPorts} \
-j SNAT --to-source ${loopbackip}
${iptables} -w -t filter -A nixos-filter-forward \
-d ${destinationIP} -p ${fwd.proto} \
-i '${iface}' --dport ${destinationPorts} -j ACCEPT
'') cfg.internalInterfaces}
'') fwd.loopbackIPs}
'') forwardPorts}
'';
@ -96,12 +127,14 @@ let
ip46tables -w -t nat -N nixos-nat-pre
ip46tables -w -t nat -N nixos-nat-post
ip46tables -w -t nat -N nixos-nat-out
ip46tables -w -t filter -N nixos-filter-forward
${mkSetupNat {
iptables = "iptables";
inherit dest;
inherit (cfg) internalIPs;
forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts;
externalIp = cfg.externalIP;
}}
${optionalString cfg.enableIPv6 (mkSetupNat {
@ -109,6 +142,7 @@ let
dest = destIPv6;
internalIPs = cfg.internalIPv6s;
forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts;
externalIp = cfg.externalIPv6;
})}
${optionalString (cfg.dmzHost != null) ''
@ -123,6 +157,7 @@ let
ip46tables -w -t nat -A PREROUTING -j nixos-nat-pre
ip46tables -w -t nat -A POSTROUTING -j nixos-nat-post
ip46tables -w -t nat -A OUTPUT -j nixos-nat-out
ip46tables -w -t filter -A FORWARD -j nixos-filter-forward
'';
in

11
nixos/modules/services/networking/nat-nftables.nix
View File

@ -33,14 +33,14 @@ let
ports = if m == null then throw "bad ip:ports `${IPPorts}'" else elemAt m 1;
};
mkTable = { ipVer, dest, ipSet, forwardPorts, dmzHost }:
mkTable = { ipVer, dest, ipSet, forwardPorts, dmzHost, externalIP }:
let
# nftables maps for port forward
# l4proto . dport : addr . port
# [daddr .] l4proto . dport : addr . port
fwdMap = toNftSet (map
(fwd:
with (splitIPPorts fwd.destination);
"${fwd.proto} . ${toNftRange fwd.sourcePort} : ${IP} . ${ports}"
"${optionalString (externalIP != null) "${externalIP} . "}${fwd.proto} . ${toNftRange fwd.sourcePort} : ${IP} . ${ports}"
)
forwardPorts);
@ -69,7 +69,7 @@ let
type nat hook prerouting priority dstnat;
${optionalString (fwdMap != "") ''
iifname "${cfg.externalInterface}" meta l4proto { tcp, udp } dnat meta l4proto . th dport map { ${fwdMap} } comment "port forward"
iifname "${cfg.externalInterface}" meta l4proto { tcp, udp } dnat ${optionalString (externalIP != null) "${ipVer} daddr . "}meta l4proto . th dport map { ${fwdMap} } comment "port forward"
''}
${optionalString (fwdLoopDnatMap != "") ''
@ -133,7 +133,7 @@ in
ipVer = "ip";
inherit dest ipSet;
forwardPorts = filter (x: !(isIPv6 x.destination)) cfg.forwardPorts;
inherit (cfg) dmzHost;
inherit (cfg) dmzHost externalIP;
};
};
"nixos-nat6" = mkIf cfg.enableIPv6 {
@ -145,6 +145,7 @@ in
ipSet = ipv6Set;
forwardPorts = filter (x: isIPv6 x.destination) cfg.forwardPorts;
dmzHost = null;
externalIP = cfg.externalIPv6;
};
};
};

11
nixos/modules/services/networking/nat.nix
View File

@ -20,7 +20,10 @@ in
type = types.bool;
default = false;
description = ''
Whether to enable Network Address Translation (NAT).
Whether to enable Network Address Translation (NAT). A
properly configured firewall or a trusted L2 on all network
interfaces is required to prevent unauthorized access to
the internal network.
'';
};
@ -82,7 +85,8 @@ in
The public IP address to which packets from the local
network are to be rewritten. If this is left empty, the
IP address associated with the external interface will be
used.
used. Only connections made to this IP address will be
forwarded to the internal network when using forwardPorts.
'';
};
@ -94,7 +98,8 @@ in
The public IPv6 address to which packets from the local
network are to be rewritten. If this is left empty, the
IP address associated with the external interface will be
used.
used. Only connections made to this IP address will be
forwarded to the internal network when using forwardPorts.
'';
};

1
nixos/modules/services/networking/shairport-sync.nix
View File

@ -103,6 +103,7 @@ in
User = cfg.user;
Group = cfg.group;
ExecStart = "${lib.getExe cfg.package} ${cfg.arguments}";
Restart = "on-failure";
RuntimeDirectory = "shairport-sync";
};
};

314
nixos/tests/nat.nix
View File

@ -1,100 +1,278 @@
# This is a simple distributed test involving a topology with two
# separate virtual networks - the "inside" and the "outside" - with a
# client on the inside network, a server on the outside network, and a
# router connected to both that performs Network Address Translation
# for the client.
import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ... }:
# This is a distributed test of the Network Address Translation involving a topology
# with a router inbetween three separate virtual networks:
# - "external" -- i.e. the internet,
# - "internal" -- i.e. an office LAN,
#
# This test puts one server on each of those networks and its primary goal is to ensure that:
# - server (named client in the code) in internal network can reach server (named server in the code) on the external network,
# - server in external network can not reach server in internal network (skipped in some cases),
# - when using externalIP, only the specified IP is used for NAT,
# - port forwarding functionality behaves correctly
#
# The client is behind the nat (read: protected by the nat) and the server is on the external network, attempting to access services behind the NAT.
import ./make-test-python.nix ({ pkgs, lib, withFirewall ? false, nftables ? false, ... }:
let
unit = if nftables then "nftables" else (if withFirewall then "firewall" else "nat");
routerAlternativeExternalIp = "192.168.2.234";
makeNginxConfig = hostname: {
enable = true;
virtualHosts."${hostname}" = {
root = "/etc";
locations."/".index = "hostname";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8080;
}
];
};
};
makeCommonConfig = hostname: {
services.nginx = makeNginxConfig hostname;
services.vsftpd = {
enable = true;
anonymousUser = true;
localRoot = "/etc/";
extraConfig = ''
pasv_min_port=51000
pasv_max_port=51999
'';
};
# Disable eth0 autoconfiguration
networking.useDHCP = false;
environment.systemPackages = [
(pkgs.writeScriptBin "check-connection"
''
#!/usr/bin/env bash
set -e
if [[ "$2" == "" || "$3" == "" || "$1" == "--help" || "$1" == "-h" ]];
then
echo "check-connection <target-address> <target-hostname> <[expect-success|expect-failure]>"
exit 1
fi
ADDRESS="$1"
HOSTNAME="$2"
function test_icmp() { timeout 3 ping -c 1 $ADDRESS; }
function test_http() { [[ `timeout 3 curl $ADDRESS` == "$HOSTNAME" ]]; }
function test_ftp() { timeout 3 curl ftp://$ADDRESS; }
if [[ "$3" == "expect-success" ]];
then
test_icmp; test_http; test_ftp
else
! test_icmp; ! test_http; ! test_ftp
fi
''
)
(pkgs.writeScriptBin "check-last-clients-ip"
''
#!/usr/bin/env bash
set -e
[[ `cat /var/log/nginx/access.log | tail -n1 | awk '{print $1}'` == "$1" ]]
''
)
];
};
# VLANS:
# 1 -- simulates the internal network
# 2 -- simulates the external network
in
{
name = "nat" + (lib.optionalString nftables "Nftables")
+ (if withFirewall then "WithFirewall" else "Standalone");
meta = with pkgs.lib.maintainers; {
maintainers = [ rob ];
maintainers = [ tne rob ];
};
nodes =
{
client = { lib, nodes, ... }: {
virtualisation.vlans = [ 1 ];
networking.defaultGateway =
(lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
networking.nftables.enable = nftables;
};
{ client =
{ pkgs, nodes, ... }:
lib.mkMerge [
( makeCommonConfig "client" )
{ virtualisation.vlans = [ 1 ];
networking.defaultGateway =
(pkgs.lib.head nodes.router.networking.interfaces.eth1.ipv4.addresses).address;
networking.nftables.enable = nftables;
networking.firewall.enable = false;
}
];
router = { lib, ... }: {
virtualisation.vlans = [ 2 1 ];
networking.firewall.enable = withFirewall;
networking.firewall.filterForward = nftables;
networking.nftables.enable = nftables;
networking.nat.enable = true;
networking.nat.internalIPs = [ "192.168.1.0/24" ];
networking.nat.externalInterface = "eth1";
router =
{ nodes, ... }: lib.mkMerge [
( makeCommonConfig "router" )
{ virtualisation.vlans = [ 1 2 ];
networking.firewall = {
enable = withFirewall;
filterForward = nftables;
allowedTCPPorts = [ 21 80 8080 ];
# For FTP passive mode
allowedTCPPortRanges = [ { from = 51000; to = 51999; } ];
};
networking.nftables.enable = nftables;
networking.nat =
let
clientIp = (pkgs.lib.head nodes.client.networking.interfaces.eth1.ipv4.addresses).address;
serverIp = (pkgs.lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
in
{
enable = true;
internalIPs = [ "${clientIp}/24" ];
# internalInterfaces = [ "eth1" ];
externalInterface = "eth2";
externalIP = serverIp;
specialisation.no-nat.configuration = {
networking.nat.enable = lib.mkForce false;
};
};
forwardPorts = [
{
destination = "${clientIp}:8080";
proto = "tcp";
sourcePort = 8080;
loopbackIPs = [ serverIp ];
}
];
};
networking.interfaces.eth2.ipv4.addresses =
lib.mkOrder 10000 [ { address = routerAlternativeExternalIp; prefixLength = 24; } ];
services.nginx.virtualHosts.router.listen = lib.mkOrder (-1) [ {
addr = routerAlternativeExternalIp;
port = 8080;
} ];
specialisation.no-nat.configuration = {
networking.nat.enable = lib.mkForce false;
};
}
];
server =
{ ... }:
{ virtualisation.vlans = [ 2 ];
networking.firewall.enable = false;
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
services.vsftpd.enable = true;
services.vsftpd.anonymousUser = true;
};
{ nodes, ... }: lib.mkMerge [
( makeCommonConfig "server" )
{ virtualisation.vlans = [ 2 ];
networking.firewall.enable = false;
networking.defaultGateway =
(pkgs.lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
}
];
};
testScript = ''
testScript =
{ nodes, ... }: let
clientIp = (pkgs.lib.head nodes.client.networking.interfaces.eth1.ipv4.addresses).address;
serverIp = (pkgs.lib.head nodes.server.networking.interfaces.eth1.ipv4.addresses).address;
routerIp = (pkgs.lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address;
in ''
def wait_for_machine(m):
m.wait_for_unit("network.target")
m.wait_for_unit("nginx.service")
client.start()
router.start()
server.start()
# The router should have access to the server.
server.wait_for_unit("network.target")
server.wait_for_unit("httpd")
router.wait_for_unit("network.target")
router.succeed("curl -4 --fail http://server/ >&2")
wait_for_machine(router)
wait_for_machine(client)
wait_for_machine(server)
# The client should be also able to connect via the NAT router.
router.wait_for_unit("${unit}")
client.wait_for_unit("network.target")
client.succeed("curl --fail http://server/ >&2")
client.succeed("ping -4 -c 1 server >&2")
# We assume we are isolated from layer 2 attacks or are securely configured (like disabling forwarding by default)
# Relevant moby issue describing the problem allowing bypassing of NAT: https://github.com/moby/moby/issues/14041
${lib.optionalString (!nftables) ''
router.succeed("iptables -P FORWARD DROP")
''}
# Test whether passive FTP works.
server.wait_for_unit("vsftpd")
server.succeed("echo Hello World > /home/ftp/foo.txt")
client.succeed("curl -v ftp://server/foo.txt >&2")
# Sanity checks.
## The router should have direct access to the server
router.succeed("check-connection ${serverIp} server expect-success")
## The server should have direct access to the router
server.succeed("check-connection ${routerIp} router expect-success")
# Test whether active FTP works.
client.fail("curl -v -P - ftp://server/foo.txt >&2")
# The client should be also able to connect via the NAT router...
client.succeed("check-connection ${serverIp} server expect-success")
# ... but its IP should be rewritten to be that of the router.
server.succeed("check-last-clients-ip ${routerIp}")
# Test ICMP.
client.succeed("ping -4 -c 1 router >&2")
router.succeed("ping -4 -c 1 client >&2")
# Active FTP (where the FTP server connects back to us via a random port) should work directly...
router.succeed("timeout 3 curl -P eth2:51000-51999 ftp://${serverIp}")
# ... but not from behind NAT.
client.fail("timeout 3 curl -P eth1:51000-51999 ftp://${serverIp};")
# If we turn off NAT, the client shouldn't be able to reach the server.
# If using nftables without firewall, filterForward can't be used and L2 security can't easily be simulated like with iptables, skipping.
# See moby github issue mentioned above.
${lib.optionalString (nftables && withFirewall) ''
# The server should not be able to reach the client directly...
server.succeed("check-connection ${clientIp} client expect-failure")
''}
# ... but the server should be able to reach a port forwarded address of the client
server.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "client" ]]')
# The IP address the client sees should not be rewritten to be that of the router (#277016)
client.succeed("check-last-clients-ip ${serverIp}")
# But this forwarded port shouldn't intercept communication with
# other IPs than externalIp.
server.succeed('[[ `timeout 3 curl http://${routerAlternativeExternalIp}:8080` == "router" ]]')
# The loopback should allow the router itself to access the forwarded port
# Note: The reason we use routerIp here is because only routerIp is listed for reflection in networking.nat.forwardPorts.loopbackIPs
# The purpose of loopbackIPs is to allow things inside of the NAT to for example access their own public domain when a service has to make a request
# to itself/another service on the same NAT through a public address
router.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "client" ]]')
# The loopback should also allow the client to access its own forwarded port
client.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "client" ]]')
# If we turn off NAT, nothing should work
router.succeed(
"systemctl stop ${unit}.service"
)
# If using nftables and firewall, this makes no sense. We deactivated the firewall after all,
# so we are once again affected by the same issue as the moby github issue mentioned above.
# If using nftables without firewall, filterForward can't be used and L2 security can't easily be simulated like with iptables, skipping.
# See moby github issue mentioned above.
${lib.optionalString (!nftables) ''
client.succeed("check-connection ${serverIp} server expect-failure")
server.succeed("check-connection ${clientIp} client expect-failure")
''}
# These should revert to their pre-NATed versions
server.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "router" ]]')
router.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "router" ]]')
# Reverse the effect of nat stop
router.succeed(
"systemctl start ${unit}.service"
)
# Switch to a config without NAT at all, again nothing should work
router.succeed(
"/run/booted-system/specialisation/no-nat/bin/switch-to-configuration test 2>&1"
)
client.fail("curl -4 --fail --connect-timeout 5 http://server/ >&2")
client.fail("ping -4 -c 1 server >&2")
# And make sure that reloading the NAT job works.
router.succeed(
"/run/booted-system/bin/switch-to-configuration test 2>&1"
)
# FIXME: this should not be necessary, but nat.service is not started because
# network.target is not triggered
# (https://github.com/NixOS/nixpkgs/issues/16230#issuecomment-226408359)
${lib.optionalString (!withFirewall && !nftables) ''
router.succeed("systemctl start nat.service")
# If using nftables without firewall, filterForward can't be used and L2 security can't easily be simulated like with iptables, skipping.
# See moby github issue mentioned above.
${lib.optionalString (nftables && withFirewall) ''
client.succeed("check-connection ${serverIp} server expect-failure")
server.succeed("check-connection ${clientIp} client expect-failure")
''}
client.succeed("curl -4 --fail http://server/ >&2")
client.succeed("ping -4 -c 1 server >&2")
# These should revert to their pre-NATed versions
server.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "router" ]]')
router.succeed('[[ `timeout 3 curl http://${routerIp}:8080` == "router" ]]')
'';
})

6
pkgs/applications/editors/vim/plugins/generated.nix
View File

@ -11388,12 +11388,12 @@ final: prev:
snacks-nvim = buildVimPlugin {
pname = "snacks.nvim";
version = "2024-11-26";
version = "2024-12-01";
src = fetchFromGitHub {
owner = "folke";
repo = "snacks.nvim";
rev = "985be4a759f6fe83e569679da431eeb7d2db5286";
sha256 = "0s0mr8s47m99dj9adrrr73kjvb11v5q74dsd89wzmv8v4m1kvg2a";
rev = "5f768f8584e5247e3283201bfa068fa394ed0c4b";
sha256 = "05pf9ljs8xwnbqd6zdgfgv386pjmj8k4y0mjdb815fkik428sm3w";
};
meta.homepage = "https://github.com/folke/snacks.nvim/";
};

4
pkgs/applications/emulators/mame/default.nix
View File

@ -38,14 +38,14 @@ let
in
stdenv.mkDerivation rec {
pname = "mame";
version = "0.270";
version = "0.272";
srcVersion = builtins.replaceStrings [ "." ] [ "" ] version;
src = fetchFromGitHub {
owner = "mamedev";
repo = "mame";
rev = "mame${srcVersion}";
hash = "sha256-l1mgkPhYO/U/77veC0Mpyzr6hzz/FSkn+4GMAdLSfOk=";
hash = "sha256-qD9xWP4KtPJWqje9QVb5wozgLTc+hE84kkEFM6Re+Sk=";
};
outputs = [ "out" "tools" ];

1
pkgs/build-support/docker/default.nix
View File

@ -983,6 +983,7 @@ rec {
eval "$fakeRootCommands"
tar \
--sort name \
--exclude=./dev \
--exclude=./proc \
--exclude=./sys \
--exclude=.${builtins.storeDir} \

4
pkgs/by-name/au/autosuspend/package.nix
View File

@ -6,7 +6,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "autosuspend";
version = "7.0.2";
version = "7.0.3";
pyproject = true;
disabled = python3.pythonOlder "3.10";
@ -15,7 +15,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "languitar";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-QmZX5I1D1iYUQ6Ll0tkbpjzqaOIBaGAltKHwUqLB6uk=";
hash = "sha256-ePQiP7NeRBPVHkd8rvbxno/NBX95e9d97F8TIazCUH4=";
};
build-system = with python3.pkgs; [

4
pkgs/by-name/fn/fna3d/package.nix
View File

@ -7,14 +7,14 @@
}:
stdenv.mkDerivation rec {
pname = "fna3d";
version = "24.11";
version = "24.12";
src = fetchFromGitHub {
owner = "FNA-XNA";
repo = "FNA3D";
rev = version;
fetchSubmodules = true;
hash = "sha256-NTVaPY39acSRibGQjLuh5ZBGC1Zep/rybVcOU0WrNIw=";
hash = "sha256-ieodMkzBDPq8WCTEyPMENFxoGwrknWV6qsVCZmi0TwQ=";
};
buildInputs = [ SDL2 ];

31
pkgs/by-name/gi/git-pr/package.nix Normal file
View File

@ -0,0 +1,31 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "git-pr";
version = "0.0.2";
src = fetchFromGitHub {
owner = "picosh";
repo = "git-pr";
rev = "v${version}";
hash = "sha256-7Ka8p5X8nQBXKiT6QsWOWMQJL8rePKrHz/LZU1W+oQ8=";
};
vendorHash = "sha256-tu5C7hz6UTgn/jCCotXzZHlUmGVNERhA7Osxi31Domk=";
postInstall = ''
mv $out/bin/ssh $out/bin/git-ssh
'';
meta = {
homepage = "https://pr.pico.sh";
description = "Simple git collaboration tool";
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ sigmanificient ];
mainProgram = "git-pr";
};
}

4
pkgs/by-name/gi/gitxray/package.nix
View File

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "gitxray";
version = "1.0.16";
version = "1.0.16.4";
pyproject = true;
src = fetchFromGitHub {
owner = "kulkansecurity";
repo = "gitxray";
rev = "refs/tags/${version}";
hash = "sha256-sBDKRHNhRG0SUd9G0+iiKOB+lqzISi92itbZIT+j4ME=";
hash = "sha256-rxG/FXIvPPCmV8//Bq3Upu4kNjwVhPVTK4ADp9X3OL0=";
};
build-system = with python3.pkgs; [ setuptools ];

8
pkgs/by-name/gr/grafana-alloy/package.nix
View File

@ -16,17 +16,17 @@
buildGoModule rec {
pname = "grafana-alloy";
version = "1.4.3";
version = "1.5.0";
src = fetchFromGitHub {
rev = "v${version}";
owner = "grafana";
repo = "alloy";
hash = "sha256-ISSmTdX/LgbreoGJry33xdOO9J98nh8SZBJwEFsFyvY=";
hash = "sha256-uiJwzpWmViyVZRimnDP8XkTyT0v6dliyyh4rvIi0T9M=";
};
proxyVendor = true;
vendorHash = "sha256-O7x71Ghd8zI2Ns8Jj/Z5FWXKjyeHaPD8gyNmpwpIems=";
vendorHash = "sha256-mh51vVHWq14UgfB45/HTE8Z/9t41atgoSJRPUb4jZd4=";
nativeBuildInputs = [ fixup-yarn-lock yarn nodejs installShellFiles ];
@ -62,7 +62,7 @@ buildGoModule rec {
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${src}/internal/web/ui/yarn.lock";
hash = "sha256-Q4IrOfCUlXM/5577Wk8UCIs76+XbuoHz7sIEJJTMKc4=";
hash = "sha256-309e799oSBtESmsbxvBWhAC8I717U032Xe/h09xQecA=";
};
preBuild = ''

6
pkgs/by-name/la/labwc-tweaks-gtk/package.nix
View File

@ -13,13 +13,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "labwc-tweaks-gtk";
version = "0-unstable-2024-10-20";
version = "0-unstable-2024-11-25";
src = fetchFromGitHub {
owner = "labwc";
repo = "labwc-tweaks-gtk";
rev = "c3f83aabb6dca20fd3c2304db15da2e68d027d3e";
hash = "sha256-1gzo9KMDHg5ZFMo5CpP36A5tomr2DFoU8UEwx7ik5F8=";
rev = "2613cd87e148b74d57dcda590b6de534fd86f4ac";
hash = "sha256-IBHQ47gCkX2pRfq39PmAas+JThdjU/WDqY3G69o7Tc4=";
};
nativeBuildInputs = [

6021
pkgs/by-name/li/liana/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

13
pkgs/by-name/li/liana/package.nix
View File

@ -38,22 +38,17 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "liana";
version = "6.0"; # keep in sync with lianad
version = "8.0"; # keep in sync with lianad
src = fetchFromGitHub {
owner = "wizardsardine";
repo = "liana";
rev = "v${version}";
hash = "sha256-LLDgo4GoRTVYt72IT0II7O5wiMDrvJhe0f2yjzxQgsE=";
hash = "sha256-2aIaRZNIRgFdA+NVnzOkEE3kYA15CoNBrsNGBhIz0nU=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"liana-6.0.0" = "sha256-04jER209Q9xj9HJ6cLXuK3a2b6fIjAYI+X0+J8noP6A=";
"iced_futures-0.12.3" = "sha256-ztWEde3bJpT8lmk+pNhj/v2cpw/z3TNvzCSvEXwinKQ=";
};
};
useFetchCargoVendor = true;
cargoHash = "sha256-pjvJ+UNM/2g2BDLptjEs6XVukScBB5miDx55zwHJ/C4=";
nativeBuildInputs = [
pkg-config

4
pkgs/by-name/nc/nco/package.nix
View File

@ -15,13 +15,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "nco";
version = "5.2.8";
version = "5.2.9";
src = fetchFromGitHub {
owner = "nco";
repo = "nco";
rev = finalAttrs.version;
hash = "sha256-FTaXgBmDlQv75roeJo4dJyJCpzOj9ilJo2hdxDnyjno=";
hash = "sha256-EEBtHbaPS6LmtZL2xJPVvQmLsJaxMbxcOeFePRPxCws=";
};
nativeBuildInputs = [

22
pkgs/by-name/pi/pinact/package.nix
View File

@ -1,8 +1,10 @@
{ lib
, fetchFromGitHub
, buildGoModule
, testers
, pinact
{
lib,
fetchFromGitHub,
buildGoModule,
testers,
nix-update-script,
pinact,
}:
let
@ -22,10 +24,12 @@ buildGoModule {
doCheck = true;
passthru.tests.version = testers.testVersion {
package = pinact;
command = "pinact --version";
version = src.rev;
passthru = {
tests.version = testers.testVersion {
package = pinact;
};
updateScript = nix-update-script { };
};
ldflags = [

4
pkgs/by-name/po/podman-tui/package.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "podman-tui";
version = "1.2.3";
version = "1.3.0";
src = fetchFromGitHub {
owner = "containers";
repo = "podman-tui";
rev = "v${version}";
hash = "sha256-IINxDP0ajQdqbHTjeUeFqPbLTSCTl9gEhPxUWOe6zQs=";
hash = "sha256-3AgPt7dRZaHrM4/y35Z5elBFq1b2ZhvwBd4CKNBbgTk=";
};
vendorHash = null;

8
pkgs/by-name/pr/proton-ge-bin/package.nix
View File

@ -25,7 +25,13 @@ stdenvNoCC.mkDerivation (finalAttrs: {
# Also leave some breadcrumbs in the file.
echo "${finalAttrs.pname} should not be installed into environments. Please use programs.steam.extraCompatPackages instead." > $out
ln -s $src $steamcompattool
mkdir $steamcompattool
ln -s $src/* $steamcompattool
rm $steamcompattool/{compatibilitytool.vdf,proton,version}
cp $src/{compatibilitytool.vdf,proton,version} $steamcompattool
sed -i -r 's|GE-Proton[0-9]*-[0-9]*|GE-Proton|' $steamcompattool/compatibilitytool.vdf
sed -i -r 's|GE-Proton[0-9]*-[0-9]*|GE-Proton|' $steamcompattool/proton
runHook postBuild
'';

5
pkgs/by-name/pr/prowler/package.nix
View File

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "prowler";
version = "4.4.1";
version = "4.6.1";
pyproject = true;
src = fetchFromGitHub {
owner = "prowler-cloud";
repo = "prowler";
rev = "refs/tags/${version}";
hash = "sha256-9pqp9DJKvzOzApWuSXNn7uQ4bxdPmQ9QtOEAlbrT9Eg=";
hash = "sha256-lEoUZQh5wnfX6J5ZbpCM+ZwJyyw/Ex6LNTTT9ZXw2Z4=";
};
pythonRelaxDeps = true;
@ -37,6 +37,7 @@ python3.pkgs.buildPythonApplication rec {
azure-mgmt-rdbms
azure-mgmt-resource
azure-mgmt-security
azure-mgmt-search
azure-mgmt-sql
azure-mgmt-storage
azure-mgmt-subscription

3
pkgs/by-name/sh/shotcut/package.nix
View File

@ -15,6 +15,7 @@
cmake,
darwin,
gitUpdater,
ffmpeg,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "shotcut";
@ -52,7 +53,7 @@ stdenv.mkDerivation (finalAttrs: {
patches = [
(substituteAll {
inherit mlt;
inherit mlt ffmpeg;
src = ./fix-mlt-ffmpeg-path.patch;
})
];

1
pkgs/by-name/si/sigma-cli/package.nix
View File

@ -47,6 +47,7 @@ python3.pkgs.buildPythonApplication rec {
"test_plugin_install_notexisting"
"test_plugin_install"
"test_plugin_uninstall"
"test_backend_option_unknown_by_backend"
# Tests require network access
"test_check_with_issues"
"test_plugin_show_identifier"

4
pkgs/by-name/si/simplotask/package.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "simplotask";
version = "1.16.0";
version = "1.16.1";
src = fetchFromGitHub {
owner = "umputun";
repo = "spot";
rev = "v${version}";
hash = "sha256-VnQIg5HXZZwvYpaYDF1CIphLtE4S+1zADE1WnicXOSQ=";
hash = "sha256-SfHemtGomn1zxK4oQMYXfzAftmMd5yroY+mFaxtq6HE=";
};
vendorHash = null;

4
pkgs/by-name/te/terraform-compliance/package.nix
View File

@ -5,14 +5,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "terraform-compliance";
version = "1.3.48";
version = "1.3.49";
format = "setuptools";
src = fetchFromGitHub {
owner = "terraform-compliance";
repo = "cli";
rev = "refs/tags/${version}";
hash = "sha256-2nf/EJcC4KYTBItByX47UqTSs2EOgsUAgRbLEdB4Iyg=";
hash = "sha256-wg9n7x7KDqFecZZVmJwpE1kP0eKt1Gmld6XEcavcyU0=";
};
postPatch = ''

34
pkgs/by-name/tr/trojan-rs/package.nix Normal file
View File

@ -0,0 +1,34 @@
{
fetchFromGitHub,
rustPlatform,
lib,
ipset,
}:
rustPlatform.buildRustPackage {
pname = "trojan-rs";
version = "0.16.0-unstable-2024-11-21";
src = fetchFromGitHub {
owner = "lazytiger";
repo = "trojan-rs";
rev = "a996b83e3d57b571fa59f01034fcdd32a09ee8bc";
hash = "sha256-rtYvsFxxhkUuR/tLrRFvRBLG8C84Qs0kYmXkNP/Ai3c=";
};
cargoHash = "sha256-FJV4pMfaw4rHTYZekot5ZTBDChfS1gCPc5NqoLeGjws=";
nativeBuildInputs = [ rustPlatform.bindgenHook ];
buildInputs = [ ipset ];
env.RUSTC_BOOTSTRAP = true;
env.RUSTFLAGS = "--cfg tokio_unstable";
meta = {
homepage = "https://github.com/lazytiger/trojan-rs";
description = "Trojan server and proxy programs written in Rust";
license = lib.licenses.mit;
mainProgram = "trojan";
maintainers = with lib.maintainers; [ oluceps ];
};
}

6
pkgs/by-name/tu/turn-rs/package.nix
View File

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "turn-rs";
version = "3.1.0";
version = "3.2.0";
src = fetchFromGitHub {
owner = "mycrl";
repo = "turn-rs";
rev = "refs/tags/v${version}";
hash = "sha256-uXMRDgSHrwT6+kejWRSE1WjXO8LaOR+fnffIXcL3A4I=";
hash = "sha256-4I4mjG/euBL08v4xZdnrI8aTGVo5z2F2FDYtxKW1Qt8=";
};
cargoHash = "sha256-gO2vuOQMvl6KYp529k3CYDyma5ECzOr/lcSvP4OpUUo=";
cargoHash = "sha256-yRlfqG6WEtF9ebHm8Mh4FtzfoRoaQhBnOQotSpisLck=";
passthru = {
updateScript = nix-update-script { };

6
pkgs/by-name/ty/typos/package.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "typos";
version = "1.27.3";
version = "1.28.1";
src = fetchFromGitHub {
owner = "crate-ci";
repo = pname;
rev = "v${version}";
hash = "sha256-4vIRhhBvK2R0nAdG4zDTJ+6F3WOI9sAB/ongBMnzsWk=";
hash = "sha256-a3EInGYsVt5vmAovT+FSWtNIRY/5ckWvDOZi1EV0ZsU=";
};
cargoHash = "sha256-cn1jy8kQ6R+JU6w/sqcNP+uzSKKg3V4H97qnJAIESd0=";
cargoHash = "sha256-8Y7DZCQakP6gsXXA294gz8SlZROoKATJfxLY8ITlIf8=";
passthru = {
tests.version = testers.testVersion { package = typos; };

6
pkgs/by-name/xt/xtf/package.nix
View File

@ -10,7 +10,7 @@
stdenv.mkDerivation {
pname = "xtf";
version = "0-unstable-2024-09-13";
version = "0-unstable-2024-11-01";
outputs = [
"out" # xtf-runner and test suite.
@ -20,8 +20,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = "https://xenbits.xenproject.org/git-http/xtf.git";
rev = "c9a5e404e70c21c7621db4b8cabdf68261db7e1c";
hash = "sha256-FMFbAdgH5KCpocAzUXb7nM3wpn4xs/gk/0M8AUVxXv0=";
rev = "294532089d5251170abfd65a6620c8247cea729d";
hash = "sha256-CQK7300nepZ3bNiHEJ5jrS9wkipr5JUbvtL5DNrULGI=";
};
nativeBuildInputs =

4
pkgs/development/python-modules/aioacaia/default.nix
View File

@ -9,7 +9,7 @@
buildPythonPackage rec {
pname = "aioacaia";
version = "0.1.9";
version = "0.1.10";
pyproject = true;
disabled = pythonOlder "3.12";
@ -18,7 +18,7 @@ buildPythonPackage rec {
owner = "zweckj";
repo = "aioacaia";
rev = "refs/tags/v${version}";
hash = "sha256-cD9NGGRDsFalrcmaTGPOjkh0+KbPW/MyBq79RNQZQ64=";
hash = "sha256-Lp7sYnVzk1w7zgKDtoBMrzArTNAQ3jgt4Ch3uJ8ZDyY=";
};
build-system = [ setuptools ];

67
pkgs/development/python-modules/aiohomeconnect/default.nix Normal file
View File

@ -0,0 +1,67 @@
{
lib,
authlib,
buildPythonPackage,
fastapi,
fetchFromGitHub,
httpx,
mashumaro,
poetry-core,
pytest-asyncio,
pytest-cov-stub,
pytest-httpx,
pytestCheckHook,
pythonOlder,
typer,
uvicorn,
}:
buildPythonPackage rec {
pname = "aiohomeconnect";
version = "0.6.0";
pyproject = true;
disabled = pythonOlder "3.11";
src = fetchFromGitHub {
owner = "MartinHjelmare";
repo = "aiohomeconnect";
rev = "refs/tags/v${version}";
hash = "sha256-fPjr4LygYIfSOiVU1yD6ICKkEGJMWOTRrT6oh7DBGTI=";
};
pythonRelaxDeps = [ "httpx" ];
build-system = [ poetry-core ];
dependencies = [
httpx
mashumaro
];
optional-dependencies = {
cli = [
authlib
fastapi
typer
uvicorn
];
};
nativeCheckInputs = [
pytest-asyncio
pytest-cov-stub
pytest-httpx
pytestCheckHook
] ++ lib.flatten (builtins.attrValues optional-dependencies);
pythonImportsCheck = [ "aiohomeconnect" ];
meta = {
description = "An asyncio client for the Home Connect API";
homepage = "https://github.com/MartinHjelmare/aiohomeconnect";
changelog = "https://github.com/MartinHjelmare/aiohomeconnect/blob/${src.rev}/CHANGELOG.md";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ fab ];
};
}

12
pkgs/development/python-modules/aiohttp-fast-zlib/default.nix
View File

@ -1,24 +1,24 @@
{
lib,
aiohttp,
buildPythonPackage,
fetchFromGitHub,
poetry-core,
aiohttp,
isal,
zlib-ng,
poetry-core,
pytestCheckHook,
zlib-ng,
}:
buildPythonPackage rec {
pname = "aiohttp-fast-zlib";
version = "0.1.1";
version = "0.2.0";
pyproject = true;
src = fetchFromGitHub {
owner = "bdraco";
repo = "aiohttp-fast-zlib";
rev = "v${version}";
hash = "sha256-uPmttfEiWmEtQrBZYwiSjLTMmXhZ0MmaAQJMXTSQj+U=";
rev = "refs/tags/v${version}";
hash = "sha256-fvZVviKN/CL42Zmmm6k/JNdeAljRoqN63rlduNJVr98=";
};
postPatch = ''

18
pkgs/development/python-modules/crontab/default.nix
View File

@ -1,7 +1,7 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
fetchFromGitLab,
pytestCheckHook,
pythonOlder,
python-dateutil,
@ -11,19 +11,19 @@
buildPythonPackage rec {
pname = "crontab";
version = "0.23.0";
version = "3.2.0";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "josiahcarlson";
repo = "parse-crontab";
rev = "refs/tags/${version}";
hash = "sha256-8vMkgBU1jIluo9+hAvk2KNM+Wn0+PvJqFNwX+JLXD+w=";
src = fetchFromGitLab {
owner = "doctormo";
repo = "python-crontab";
rev = "refs/tags/v${version}";
hash = "sha256-OZalqh/A4pBM1Hat4t76Odk2cTmKLwaHGY7pndgIgss=";
};
nativeBuildInputs = [ setuptools ];
build-system = [ setuptools ];
nativeCheckInputs = [
pytestCheckHook
@ -35,7 +35,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Parse and use crontab schedules in Python";
homepage = "https://github.com/josiahcarlson/parse-crontab";
homepage = "https://gitlab.com/doctormo/python-crontab/";
license = licenses.lgpl21Only;
maintainers = with maintainers; [ fab ];
};

13
pkgs/development/python-modules/denonavr/default.nix
View File

@ -6,7 +6,6 @@
buildPythonPackage,
defusedxml,
fetchFromGitHub,
fetchpatch2,
ftfy,
httpx,
netifaces,
@ -20,7 +19,7 @@
buildPythonPackage rec {
pname = "denonavr";
version = "1.0.0";
version = "1.0.1";
pyproject = true;
disabled = pythonOlder "3.7";
@ -29,17 +28,9 @@ buildPythonPackage rec {
owner = "ol-iver";
repo = "denonavr";
rev = "refs/tags/${version}";
hash = "sha256-/K2pz3B4H205grDeuMWZmEeA4wJqKhP0XdpmbqFguTM=";
hash = "sha256-9nY1z6CX8uha/m3OOUyadrKmpbUsgL16CB2ySElOTck=";
};
patches = [
(fetchpatch2 {
name = "pytest-httpx-compat.patch";
url = "https://github.com/ol-iver/denonavr/commit/5320aadae91135a8c208c83d82688ddf26eb6498.patch";
hash = "sha256-F9R5GJ1XK3lHWLY+OgzKu3+xCosK3nX4EII9J1jhlys=";
})
];
pythonRelaxDeps = [ "defusedxml" ];
build-system = [ setuptools ];

4
pkgs/development/python-modules/jupyter-collaboration-ui/default.nix
View File

@ -9,13 +9,13 @@
buildPythonPackage rec {
pname = "jupyter-collaboration-ui";
version = "1.0.0";
version = "1.0.1";
pyproject = true;
src = fetchPypi {
pname = "jupyter_collaboration_ui";
inherit version;
hash = "sha256-hTyUmLzRvexNTZxTv4Mbflm+OTW9j0HReLpAJuk/WnY=";
hash = "sha256-mfQHypkQqdrK4tBwIbgQt+LpTpVLJrO7jxSiRD5J5c0=";
};
postPatch = ''

4
pkgs/development/python-modules/jupyter-server-ydoc/default.nix
View File

@ -15,13 +15,13 @@
buildPythonPackage rec {
pname = "jupyter-server-ydoc";
version = "1.0.0";
version = "1.0.1";
pyproject = true;
src = fetchPypi {
pname = "jupyter_server_ydoc";
inherit version;
hash = "sha256-MBdSTB2gaIFbdIyPHr5+wI7aBH/Fl85ywSWxgAmjkek=";
hash = "sha256-bJk3+T/H8Y1D3NToLlyLceQBPjlTJA7y+9c7PDN6KPc=";
};
build-system = [ hatchling ];

2
pkgs/development/python-modules/mdformat/default.nix
View File

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "mdformat";
version = "0.7.18";
version = "0.7.19";
pyproject = true;
disabled = pythonOlder "3.8";

43
pkgs/development/python-modules/medvol/default.nix Normal file
View File

@ -0,0 +1,43 @@
{
lib,
buildPythonPackage,
pythonOlder,
fetchFromGitHub,
setuptools,
numpy,
simpleitk,
}:
buildPythonPackage rec {
pname = "medvol";
version = "0.0.15";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "MIC-DKFZ";
repo = "medvol";
rev = "v${version}";
hash = "sha256-JOw0ODx5yuBY5FyXy9z5C/NE/iok5GwiInalgXW/1J8=";
};
build-system = [ setuptools ];
dependencies = [
numpy
simpleitk
];
doCheck = false; # no tests
pythonImportsCheck = [ "medvol" ];
meta = {
description = "Wrapper for loading medical 3D image volumes such as NIFTI or NRRD images";
homepage = "https://github.com/MIC-DKFZ/medvol";
changelog = "https://github.com/MIC-DKFZ/MedVol/releases/tag/v${version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ bcdarwin ];
};
}

39
pkgs/development/python-modules/napari-nifti/default.nix Normal file
View File

@ -0,0 +1,39 @@
{
lib,
buildPythonPackage,
pythonOlder,
fetchFromGitHub,
setuptools,
medvol,
}:
buildPythonPackage rec {
pname = "napari-nifti";
version = "0.0.17";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "MIC-DKFZ";
repo = "napari-nifti";
rev = "refs/tags/v${version}";
hash = "sha256-JDyJMg6rsGkfEHBwqKc2L6oRO5Y1MJJlEjUuuqp7URQ=";
};
build-system = [ setuptools ];
dependencies = [ medvol ];
pythonImportsCheck = [ "napari_nifti" ];
doCheck = false; # no tests
meta = {
description = "Napari plugin for reading and writing NIFTI files";
homepage = "https://github.com/MIC-DKFZ/napari-nifti";
changelog = "https://github.com/MIC-DKFZ/napari-nifti/releases/tag/v${version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ bcdarwin ];
};
}

6
pkgs/development/python-modules/notus-scanner/default.nix
View File

@ -14,16 +14,16 @@
buildPythonPackage rec {
pname = "notus-scanner";
version = "22.6.4";
version = "22.6.5";
pyproject = true;
disabled = pythonOlder "3.7";
disabled = pythonOlder "3.9";
src = fetchFromGitHub {
owner = "greenbone";
repo = "notus-scanner";
rev = "refs/tags/v${version}";
hash = "sha256-DcFIypfdrz8pM7qAMVpof6xKWYp/bSRUswngxa5EQFk=";
hash = "sha256-PPwQjZIKSQ1OmyYJ8ErkqdbHZfH4iHPMiDdKZ3imBwo=";
};
pythonRelaxDeps = [

4
pkgs/development/python-modules/pipenv-poetry-migrate/default.nix
View File

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "pipenv-poetry-migrate";
version = "0.5.11";
version = "0.5.12";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "yhino";
repo = "pipenv-poetry-migrate";
rev = "refs/tags/v${version}";
hash = "sha256-du2OJ9gevPr7LOv88aXuq+e3YfD2eNoBp/ppEs522ws=";
hash = "sha256-E93A3EfbCb+oOYB61CGhBLwB5m6pvZaSXt9wdnUBSFQ=";
};
nativeBuildInputs = [ poetry-core ];

64
pkgs/development/python-modules/powerapi/default.nix Normal file
View File

@ -0,0 +1,64 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
influxdb-client,
kubernetes,
mock,
prometheus-client,
pymongo,
pytest-cov-stub,
pytest-timeout,
pytestCheckHook,
pythonOlder,
pyzmq,
setproctitle,
setuptools,
}:
buildPythonPackage rec {
pname = "powerapi";
version = "2.9.1";
pyproject = true;
disabled = pythonOlder "3.10";
src = fetchFromGitHub {
owner = "powerapi-ng";
repo = "powerapi";
rev = "refs/tags/v${version}";
hash = "sha256-iFWCrO9frMK68kefmKQrXra1g5efDCj2ZOlVwxDNvXw=";
};
build-system = [ setuptools ];
dependencies = [
pyzmq
setproctitle
];
optional-dependencies = {
influxdb = [ influxdb-client ];
kubernetes = [ kubernetes ];
mongodb = [ pymongo ];
# opentsdb = [ opentsdb-py ];
prometheus = [ prometheus-client ];
};
nativeCheckInputs = [
mock
pytest-cov-stub
pytestCheckHook
pytest-timeout
] ++ lib.flatten (builtins.attrValues optional-dependencies);
pythonImportsCheck = [ "powerapi" ];
meta = {
description = "Python framework for building software-defined power meters";
homepage = "https://github.com/powerapi-ng/powerapi";
changelog = "https://github.com/powerapi-ng/powerapi/releases/tag/v${version}";
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ fab ];
};
}

4
pkgs/development/python-modules/publicsuffixlist/default.nix
View File

@ -11,14 +11,14 @@
buildPythonPackage rec {
pname = "publicsuffixlist";
version = "1.0.2.20241129";
version = "1.0.2.20241130";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-MPeNx0jW1RLO1HwJqvFKuR4oEjmELA/bGHGDKn93rag=";
hash = "sha256-ogQgadq8wVNlq8LI5FxWPdLiRVyzCD7D6cLRLGL5vsQ=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/pysigma-backend-elasticsearch/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "pysigma-backend-elasticsearch";
version = "1.1.3";
version = "1.1.5";
pyproject = true;
disabled = pythonOlder "3.8";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "SigmaHQ";
repo = "pySigma-backend-elasticsearch";
rev = "refs/tags/v${version}";
hash = "sha256-6T3OnT6Row2dUmQ3xOu/00vcjD75+rfBSP7WyM4sQqA=";
hash = "sha256-qIP+TP6lzviEAunYge/SIZQ6PI0EFnJo64FVpPmkdLY=";
};
postPatch = ''

4
pkgs/development/python-modules/pysigma/default.nix
View File

@ -14,7 +14,7 @@
buildPythonPackage rec {
pname = "pysigma";
version = "0.11.17";
version = "0.11.18";
pyproject = true;
disabled = pythonOlder "3.8";
@ -23,7 +23,7 @@ buildPythonPackage rec {
owner = "SigmaHQ";
repo = "pySigma";
rev = "refs/tags/v${version}";
hash = "sha256-2+iLUuGZV+6sdeLvRE6lORQYVKVn53n2NQaGamkxspU=";
hash = "sha256-AbGmDDJUBvGwZixNKY+iLTKUENSAXHOAdztmbIQIEKs=";
};
pythonRelaxDeps = [

40
pkgs/development/python-modules/pysuezv2/default.nix Normal file
View File

@ -0,0 +1,40 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
hatchling,
aiohttp,
pythonOlder,
}:
buildPythonPackage rec {
pname = "pysuezv2";
version = "1.3.2";
pyproject = true;
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "jb101010-2";
repo = "pySuez";
rev = "refs/tags/${version}";
hash = "sha256-aThZN5Ece9zzEICjLj2HmYoLwDhd7rft3Il3kM73h7M=";
};
build-system = [ hatchling ];
dependencies = [ aiohttp ];
# Module has no tests
doCheck = false;
pythonImportsCheck = [ "pysuez" ];
meta = {
description = "Module for dealing with water consumption data from Suez";
homepage = "https://github.com/jb101010-2/pySuez";
changelog = "https://github.com/jb101010-2/pySuez/releases/tag/${version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ ];
};
}

4
pkgs/development/python-modules/reolink-aio/default.nix
View File

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "reolink-aio";
version = "0.11.3";
version = "0.11.4";
pyproject = true;
disabled = pythonOlder "3.11";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "starkillerOG";
repo = "reolink_aio";
rev = "refs/tags/${version}";
hash = "sha256-N47+mjQNVaTsKUTm+RRVDVCA5onQFI5ISMOBYuUv34Y=";
hash = "sha256-h4mHRNmzrFAUQ0qQkzAMevO9hqV4Uueivr8wwor636Q=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/signxml/default.nix
View File

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "signxml";
version = "4.0.2";
version = "4.0.3";
pyproject = true;
disabled = pythonOlder "3.7";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "XML-Security";
repo = "signxml";
rev = "refs/tags/v${version}";
hash = "sha256-ZpboU0N8dD03yHSboMpC+TJvp16StM45Qhn0Hv9+6fg=";
hash = "sha256-TZqYNYVzGEhftP/RXiBtThK38AOPLi2DRAwnFh2Za5U=";
};
build-system = [ setuptools ];

5
pkgs/os-specific/linux/busybox/sandbox-shell.nix
View File

@ -1,9 +1,12 @@
{ busybox}:
{ lib, stdenv, busybox, musl }:
# Minimal shell for use as basic /bin/sh in sandbox builds
busybox.override {
enableStatic = true;
enableMinimal = true;
useMusl = stdenv.hostPlatform.isGnu && lib.meta.availableOn stdenv.hostPlatform musl;
extraConfig = ''
CONFIG_FEATURE_FANCY_ECHO y
CONFIG_FEATURE_SH_MATH y

9
pkgs/tools/networking/bitmask-vpn/default.nix
View File

@ -1,9 +1,11 @@
{ lib
, stdenv
, substituteAll
, git
, fetchFromGitLab
, buildGoModule
, wrapQtAppsHook
, python3
, python3Packages
, pkg-config
, openvpn
@ -30,7 +32,8 @@ let
owner = "leap";
repo = "bitmask-vpn";
rev = "8b3ac473f64b6de0262fbf945ff25af8029134f1";
sha256 = "sha256-nYMfO091w6H7LyY1+aYubFppg4/3GiZZm4e+0m9Gb3k=";
leaveDotGit = true;
sha256 = "sha256-XUgCVHnTLZXFU+r0s1yuYryWNBJRgQrFlf3g1iRrLWs=";
};
# bitmask-root is only used on GNU/Linux
@ -105,7 +108,9 @@ buildGoModule rec {
nativeBuildInputs = [
cmake
git
pkg-config
python3
python3Packages.wrapPython
which
wrapQtAppsHook
@ -131,6 +136,8 @@ buildGoModule rec {
buildPhase = ''
runHook preBuild
make vendor
# TODO: this is a hack that copies the qrc file that should by built by qmlcachegen
# qmlcachegen is in qtdeclarative/libexec, but qmake is in qtbase/bin
# but qmake searches for qmlcachegen in qtbase/libexec which leads to the error

9
pkgs/top-level/all-packages.nix
View File

@ -3006,7 +3006,7 @@ with pkgs;
bluetooth_battery = python3Packages.callPackage ../applications/misc/bluetooth_battery { };
calyx-vpn = libsForQt5.callPackage ../tools/networking/bitmask-vpn {
calyx-vpn = qt6Packages.callPackage ../tools/networking/bitmask-vpn {
provider = "calyx";
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
};
@ -12307,12 +12307,7 @@ with pkgs;
overrideCC stdenv buildPackages.llvmPackages.clangNoLibcxx
else stdenv;
};
busybox-sandbox-shell = callPackage ../os-specific/linux/busybox/sandbox-shell.nix {
# musl roadmap has RISC-V support projected for 1.1.20
busybox = if !stdenv.hostPlatform.isRiscV && !stdenv.hostPlatform.isLoongArch64 && stdenv.hostPlatform.libc != "bionic"
then pkgsStatic.busybox
else busybox;
};
busybox-sandbox-shell = callPackage ../os-specific/linux/busybox/sandbox-shell.nix { };
cm-rgb = python3Packages.callPackage ../tools/system/cm-rgb { };

10
pkgs/top-level/python-packages.nix
View File

@ -245,6 +245,8 @@ self: super: with self; {
aiohasupervisor = callPackage ../development/python-modules/aiohasupervisor { };
aiohomeconnect = callPackage ../development/python-modules/aiohomeconnect { };
aiohomekit = callPackage ../development/python-modules/aiohomekit { };
aiohttp = callPackage ../development/python-modules/aiohttp { };
@ -7977,6 +7979,8 @@ self: super: with self; {
medpy = callPackage ../development/python-modules/medpy { };
medvol = callPackage ../development/python-modules/medvol { };
meeko = callPackage ../development/python-modules/meeko { };
meep = callPackage ../development/python-modules/meep { };
@ -8966,6 +8970,8 @@ self: super: with self; {
napari-console = callPackage ../development/python-modules/napari-console { };
napari-nifti = callPackage ../development/python-modules/napari-nifti { };
napari-npe2 = callPackage ../development/python-modules/napari-npe2 { };
napari-plugin-engine = callPackage ../development/python-modules/napari-plugin-engine { };
@ -10572,6 +10578,8 @@ self: super: with self; {
pysuez = callPackage ../development/python-modules/pysuez { };
pysuezv2 = callPackage ../development/python-modules/pysuezv2 { };
pysqlitecipher = callPackage ../development/python-modules/pysqlitecipher { };
pysyncthru = callPackage ../development/python-modules/pysyncthru { };
@ -10860,6 +10868,8 @@ self: super: with self; {
power = callPackage ../development/python-modules/power { };
powerapi = callPackage ../development/python-modules/powerapi { };
powerline = callPackage ../development/python-modules/powerline { };
powerline-mem-segment = callPackage ../development/python-modules/powerline-mem-segment { };